rsit
rsit
Authors
| Authors and/or Contributors |
|---|
| Koen Van Impe |
Abusive Content:Spam
Or 'Unsolicited Bulk Email', this means that the recipient has not granted verifiable permission for the message to be sent and that the message is sent as part of a larger collection of messages, all having a functionally comparable content. This IOC refers to resources, which make up a SPAM infrastructure, be it a harvesters like address verification, URLs in spam e-mails etc.
Internal MISP references
UUID bae9e253-9515-4f1f-b34f-e8fc6747c2e0 which can be used as unique global reference for Abusive Content:Spam in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| cfr-type-of-incident | Spam |
| kill_chain | ['RSIT:Abusive Content'] |
Related clusters
To see the related clusters, click here.
Abusive Content:Harmful Speech
Discretization or discrimination of somebody, e.g. cyber stalking, racism or threats against one or more individuals.
Internal MISP references
UUID a54e52f9-0335-43da-8878-bb60a710d56c which can be used as unique global reference for Abusive Content:Harmful Speech in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| cfr-type-of-incident | Harmful Speech |
| kill_chain | ['RSIT:Abusive Content'] |
Abusive Content:(Child) Sexual Exploitation/Sexual/Violent Content
Child Sexual Exploitation (CSE), Sexual content, glorification of violence, etc.
Internal MISP references
UUID 15bd72f9-5ebc-4fef-8fbf-32c2d848f076 which can be used as unique global reference for Abusive Content:(Child) Sexual Exploitation/Sexual/Violent Content in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| cfr-type-of-incident | (Child) Sexual Exploitation/Sexual/Violent Content |
| kill_chain | ['RSIT:Abusive Content'] |
Related clusters
To see the related clusters, click here.
Malicious Code:Infected System
System infected with malware, e.g. PC, smartphone or server infected with a rootkit. Most often this refers to a connection to a sinkholed C2 server
Internal MISP references
UUID aa3e1167-566c-43c2-afc0-f62f557689c6 which can be used as unique global reference for Malicious Code:Infected System in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| cfr-type-of-incident | Infected System |
| kill_chain | ['RSIT:Malicious Code'] |
Malicious Code:C2 Server
Command-and-control server contacted by malware on infected systems.
Internal MISP references
UUID 85b1f79e-49e7-4501-9b5c-a39ffce47428 which can be used as unique global reference for Malicious Code:C2 Server in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| cfr-type-of-incident | C2 Server |
| kill_chain | ['RSIT:Malicious Code'] |
Related clusters
To see the related clusters, click here.
Malicious Code:Malware Distribution
URI used for malware distribution, e.g. a download URL included in fake invoice malware spam or exploit-kits (on websites).
Internal MISP references
UUID dd1b8e11-cec5-48d0-aaf2-a3d099a96c42 which can be used as unique global reference for Malicious Code:Malware Distribution in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| cfr-type-of-incident | Malware Distribution |
| kill_chain | ['RSIT:Malicious Code'] |
Malicious Code:Malware Configuration
URI hosting a malware configuration file, e.g. web-injects for a banking trojan.
Internal MISP references
UUID 0a6d604c-e78a-417e-b557-808c2ce260c3 which can be used as unique global reference for Malicious Code:Malware Configuration in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| cfr-type-of-incident | Malware Configuration |
| kill_chain | ['RSIT:Malicious Code'] |
Information Gathering:Scanning
Attacks that send requests to a system to discover weaknesses. This also includes testing processes to gather information on hosts, services and accounts. Examples: fingerd, DNS querying, ICMP, SMTP (EXPN, RCPT, ...), port scanning.
Internal MISP references
UUID 5c96ebd0-d77f-479c-bc8f-247038f901f0 which can be used as unique global reference for Information Gathering:Scanning in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| cfr-type-of-incident | Scanning |
| kill_chain | ['RSIT:Information Gathering'] |
Related clusters
To see the related clusters, click here.
Information Gathering:Sniffing
Observing and recording of network traffic (wiretapping).
Internal MISP references
UUID 8fda8ab1-077e-43b4-9284-880921ea0b86 which can be used as unique global reference for Information Gathering:Sniffing in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| cfr-type-of-incident | Sniffing |
| kill_chain | ['RSIT:Information Gathering'] |
Related clusters
To see the related clusters, click here.
Information Gathering:Social Engineering
Gathering information from a human being in a non-technical way (e.g. lies, tricks, bribes, or threats).
Internal MISP references
UUID 33a950d3-cc97-4589-b8cf-db8ca6140ea2 which can be used as unique global reference for Information Gathering:Social Engineering in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| cfr-type-of-incident | Social Engineering |
| kill_chain | ['RSIT:Information Gathering'] |
Intrusion Attempts:Exploitation of known Vulnerabilities
An attempt to compromise a system or to disrupt any service by exploiting vulnerabilities with a standardised identifier such as CVE name (e.g. buffer overflow, backdoor, cross site scripting, etc.)
Internal MISP references
UUID ae99314d-0810-4b46-8ee8-4af7cdb146d0 which can be used as unique global reference for Intrusion Attempts:Exploitation of known Vulnerabilities in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| cfr-type-of-incident | Exploitation of known Vulnerabilities |
| kill_chain | ['RSIT:Intrusion Attempts'] |
Related clusters
To see the related clusters, click here.
Intrusion Attempts:Login attempts
Multiple login attempts (Guessing / cracking of passwords, brute force). This IOC refers to a resource, which has been observed to perform brute-force attacks over a given application protocol.
Internal MISP references
UUID 0cc1cf66-a838-4bdd-ace1-2da34a93520c which can be used as unique global reference for Intrusion Attempts:Login attempts in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| cfr-type-of-incident | Login attempts |
| kill_chain | ['RSIT:Intrusion Attempts'] |
Related clusters
To see the related clusters, click here.
Intrusion Attempts:New attack signature
An attack using an unknown exploit.
Internal MISP references
UUID 8ae29dc9-a208-4d7e-b79b-2573790df212 which can be used as unique global reference for Intrusion Attempts:New attack signature in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| cfr-type-of-incident | New attack signature |
| kill_chain | ['RSIT:Intrusion Attempts'] |
Intrusions:Privileged Account Compromise
Compromise of a system where the attacker gained administrative privileges.
Internal MISP references
UUID dea60439-7e04-4af8-aeab-2840893195f7 which can be used as unique global reference for Intrusions:Privileged Account Compromise in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| cfr-type-of-incident | Privileged Account Compromise |
| kill_chain | ['RSIT:Intrusions'] |
Related clusters
To see the related clusters, click here.
Intrusions:Unprivileged Account Compromise
Compromise of a system using an unprivileged (user/service) account.
Internal MISP references
UUID f1b691cb-2824-4e3a-9d5b-76aea4a087db which can be used as unique global reference for Intrusions:Unprivileged Account Compromise in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| cfr-type-of-incident | Unprivileged Account Compromise |
| kill_chain | ['RSIT:Intrusions'] |
Related clusters
To see the related clusters, click here.
Intrusions:Application Compromise
Compromise of an application by exploiting (un-)known software vulnerabilities, e.g. SQL injection.
Internal MISP references
UUID b0980068-8827-4bde-83c4-9ad70bc675e9 which can be used as unique global reference for Intrusions:Application Compromise in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| cfr-type-of-incident | Application Compromise |
| kill_chain | ['RSIT:Intrusions'] |
Related clusters
To see the related clusters, click here.
Intrusions:System Compromise
Compromise of a system, e.g. unauthorised logins or commands. This includes compromising attempts on honeypot systems.
Internal MISP references
UUID f380a50f-3cdf-4ceb-ab75-bb046f0c03cc which can be used as unique global reference for Intrusions:System Compromise in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| cfr-type-of-incident | System Compromise |
| kill_chain | ['RSIT:Intrusions'] |
Intrusions:Burglary
Physical intrusion, e.g. into corporate building or data-centre.
Internal MISP references
UUID 17c92ab0-831f-4fec-944d-1faeb8c55e7b which can be used as unique global reference for Intrusions:Burglary in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| cfr-type-of-incident | Burglary |
| kill_chain | ['RSIT:Intrusions'] |
Availability:Denial of Service
Denial of Service attack, e.g. sending specially crafted requests to a web application which causes the application to crash or slow down.
Internal MISP references
UUID ccec8e6a-c316-485c-99f1-84e2ab0162e7 which can be used as unique global reference for Availability:Denial of Service in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| cfr-type-of-incident | Denial of Service |
| kill_chain | ['RSIT:Availability'] |
Related clusters
To see the related clusters, click here.
Availability:Distributed Denial of Service
Distributed Denial of Service attack, e.g. SYN-Flood or UDP-based reflection/amplification attacks.
Internal MISP references
UUID bef4187f-1176-4551-83d8-8a1ba9987379 which can be used as unique global reference for Availability:Distributed Denial of Service in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| cfr-type-of-incident | Distributed Denial of Service |
| kill_chain | ['RSIT:Availability'] |
Related clusters
To see the related clusters, click here.
Availability:Misconfiguration
Software misconfiguration resulting in service availability issues, e.g. DNS server with outdated DNSSEC Root Zone KSK.
Internal MISP references
UUID 6e004e50-54b0-4ad0-aced-b790226a7de9 which can be used as unique global reference for Availability:Misconfiguration in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| cfr-type-of-incident | Misconfiguration |
| kill_chain | ['RSIT:Availability'] |
Availability:Sabotage
Physical sabotage, e.g cutting wires or malicious arson.
Internal MISP references
UUID bd3d6608-0693-420f-a476-af460e3d0bf1 which can be used as unique global reference for Availability:Sabotage in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| cfr-type-of-incident | Sabotage |
| kill_chain | ['RSIT:Availability'] |
Availability:Outage
Outage caused e.g. by air condition failure or natural disaster.
Internal MISP references
UUID 599dd157-848b-4020-ba96-fa2b053be448 which can be used as unique global reference for Availability:Outage in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| cfr-type-of-incident | Outage |
| kill_chain | ['RSIT:Availability'] |
Information Content Security:Unauthorised access to information
Unauthorised access to information, e.g. by abusing stolen login credentials for a system or application, intercepting traffic or gaining access to physical documents.
Internal MISP references
UUID 3c938a8d-0d0c-4b42-81dd-9c11011596c3 which can be used as unique global reference for Information Content Security:Unauthorised access to information in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| cfr-type-of-incident | Unauthorised access to information |
| kill_chain | ['RSIT:Information Content Security'] |
Information Content Security:Unauthorised modification of information
Unauthorised modification of information, e.g. by an attacker abusing stolen login credentials for a system or application or a ransomware encrypting data. Also includes defacements.
Internal MISP references
UUID 02fb1edd-59a5-4a2f-a48c-5f1d66b2c6cf which can be used as unique global reference for Information Content Security:Unauthorised modification of information in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| cfr-type-of-incident | Unauthorised modification of information |
| kill_chain | ['RSIT:Information Content Security'] |
Related clusters
To see the related clusters, click here.
Information Content Security:Data Loss
Loss of data, e.g. caused by harddisk failure or physical theft.
Internal MISP references
UUID b0d64016-8546-45a7-8853-6716a2f1f811 which can be used as unique global reference for Information Content Security:Data Loss in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| cfr-type-of-incident | Data Loss |
| kill_chain | ['RSIT:Information Content Security'] |
Information Content Security:Leak of confidential information
Leaked confidential information like credentials or personal data.
Internal MISP references
UUID d3b4c23d-3c4d-4d0a-bf9b-3b4d3b005c66 which can be used as unique global reference for Information Content Security:Leak of confidential information in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| cfr-type-of-incident | Leak of confidential information |
| kill_chain | ['RSIT:Information Content Security'] |
Fraud:Unauthorised use of resources
Using resources for unauthorised purposes including profit-making ventures, e.g. the use of e-mail to participate in illegal profit chain letters or pyramid schemes.
Internal MISP references
UUID 6614e73f-dff9-49fb-9a9b-586862bd648f which can be used as unique global reference for Fraud:Unauthorised use of resources in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| cfr-type-of-incident | Unauthorised use of resources |
| kill_chain | ['RSIT:Fraud'] |
Fraud:Copyright
Offering or Installing copies of unlicensed commercial software or other copyright protected materials (Warez).
Internal MISP references
UUID 0f297d48-b06d-47fe-8ab0-3652581c6ade which can be used as unique global reference for Fraud:Copyright in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| cfr-type-of-incident | Copyright |
| kill_chain | ['RSIT:Fraud'] |
Fraud:Masquerade
Type of attack in which one entity illegitimately impersonates the identity of another in order to benefit from it.
Internal MISP references
UUID 06f24b83-7a24-448c-9114-f1b3afcd0b3f which can be used as unique global reference for Fraud:Masquerade in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| cfr-type-of-incident | Masquerade |
| kill_chain | ['RSIT:Fraud'] |
Fraud:Phishing
Masquerading as another entity in order to persuade the user to reveal private credentials. This IOC most often refers to a URL, which is used to phish user credentials.
Internal MISP references
UUID d6ceeb8e-a17b-43b1-bad6-5a81192e2ebd which can be used as unique global reference for Fraud:Phishing in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| cfr-type-of-incident | Phishing |
| kill_chain | ['RSIT:Fraud'] |
Related clusters
To see the related clusters, click here.
Vulnerable:Weak crypto
Publicly accessible services offering weak crypto, e.g. web servers susceptible to POODLE/FREAK attacks.
Internal MISP references
UUID 13fad3df-5134-49d3-8a1a-efc693f3599c which can be used as unique global reference for Vulnerable:Weak crypto in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| cfr-type-of-incident | Weak crypto |
| kill_chain | ['RSIT:Vulnerable'] |
Vulnerable:DDoS amplifier
Publicly accessible services that can be abused for conducting DDoS reflection/amplification attacks, e.g. DNS open-resolvers or NTP servers with monlist enabled.
Internal MISP references
UUID e476bbab-662a-4318-9b71-9d1862baf727 which can be used as unique global reference for Vulnerable:DDoS amplifier in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| cfr-type-of-incident | DDoS amplifier |
| kill_chain | ['RSIT:Vulnerable'] |
Related clusters
To see the related clusters, click here.
Vulnerable:Potentially unwanted accessible services
Potentially unwanted publicly accessible services, e.g. Telnet, RDP or VNC.
Internal MISP references
UUID 7934ae88-0a0a-4e1c-91b4-6d95182b4dbc which can be used as unique global reference for Vulnerable:Potentially unwanted accessible services in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| cfr-type-of-incident | Potentially unwanted accessible services |
| kill_chain | ['RSIT:Vulnerable'] |
Vulnerable:Information disclosure
Publicly accessible services potentially disclosing sensitive information, e.g. SNMP or Redis.
Internal MISP references
UUID 67686969-ad06-400b-bed3-1b0126599bd1 which can be used as unique global reference for Vulnerable:Information disclosure in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| cfr-type-of-incident | Information disclosure |
| kill_chain | ['RSIT:Vulnerable'] |
Vulnerable:Vulnerable system
A system which is vulnerable to certain attacks. Example: misconfigured client proxy settings (example: WPAD), outdated operating system version, XSS vulnerabilities, etc.
Internal MISP references
UUID 1a27c5d3-1920-4d49-89e2-644f8b130380 which can be used as unique global reference for Vulnerable:Vulnerable system in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| cfr-type-of-incident | Vulnerable system |
| kill_chain | ['RSIT:Vulnerable'] |
Other:Uncategorised
All incidents which don't fit in one of the given categories should be put into this class or the incident is not categorised.
Internal MISP references
UUID fc39b7d5-575c-4a16-8507-d8a1c1e1589c which can be used as unique global reference for Other:Uncategorised in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| cfr-type-of-incident | Uncategorised |
| kill_chain | ['RSIT:Other'] |
Other:Undetermined
The categorisation of the incident is unknown/undetermined.
Internal MISP references
UUID cf73ef8a-5c48-4341-811c-611c7ff1ec8c which can be used as unique global reference for Other:Undetermined in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| cfr-type-of-incident | Undetermined |
| kill_chain | ['RSIT:Other'] |
Test:Test
Meant for testing.
Internal MISP references
UUID 10f3f13f-52df-4f38-9940-c879d332261b which can be used as unique global reference for Test:Test in MISP communities and other software using the MISP galaxy
Associated metadata
| Metadata key | Value |
|---|---|
| cfr-type-of-incident | Test |
| kill_chain | ['RSIT:Test'] |