- INDICATOR_TYPE_OV =
[
'anomalous-activity',
'anonymization',
'benign',
'compromised',
'malicious-activity',
'attribution',
'unknown'
].freeze
- PATTERN_TYPE_OV =
[
'stix',
'pcre',
'sigma',
'snort',
'suricata',
'yara'
].freeze
- GROUPING_CONTEXT_OV =
[
'suspicious-activity',
'malware-analysis',
'unspecified'
].freeze
- IDENTITY_CLASS_OV =
[
'individual',
'group',
'system',
'organization',
'class',
'unspecified'
].freeze
- INDUSTRY_SECTOR_OV =
[
'agriculture',
'aerospace',
'automotive',
'chemical',
'commercial',
'communications',
'construction',
'defense',
'education',
'energy',
'entertainment',
'financial-services',
'government (emergency-services, government-local, government-national, government-public-services, government-regional)',
'healthcare',
'hospitality-leisure',
'infrastructure (dams, nuclear, water)',
'insurance',
'manufacturing',
'mining',
'non-profit',
'pharmaceuticals',
'retail',
'technology',
'telecommunications',
'transportation',
'utilities'
].freeze
- MALWARE_TYPE_OV =
[
'adware',
'backdoor',
'bot',
'bootkit',
'ddos',
'downloader',
'dropper',
'exploit-kit',
'keylogger',
'ransomware',
'remote-access-trojan',
'resource-exploitation',
'rogue-security-software',
'rootkit',
'screen-capture',
'spyware',
'trojan',
'unknown',
'virus',
'webshell',
'wiper',
'worm'
].freeze
- PROCESSOR_ARCHITECTURE_OV =
[
'alpha',
'arm',
'ia-64',
'mips',
'powerpc',
'sparc',
'x86',
'x86-64'
].freeze
- IMPLEMENTATION_LANGUAGE_OV =
[
'applescript',
'bash',
'c',
'c++',
'c#',
'go',
'java',
'javascript',
'lua',
'objective-c',
'perl',
'php',
'powershell',
'python',
'ruby',
'scala',
'swift',
'typescript',
'visual-basic',
'x86-32',
'x86-64'
].freeze
- IMPLEMENTATION_CAPABILITIES_OV =
[
'accesses-remote-machines',
'anti-debugging',
'anti-disassembly',
'anti-emulation',
'anti-memory-forensics',
'anti-sandbox',
'anti-vm',
'captures-input-peripherals',
'captures-output-peripherals',
'captures-system-state-data',
'cleans-traces-of-infection',
'commits-fraud',
'communicates-with-c2',
'compromises-data-availability',
'compromises-data-integrity',
'compromises-system-availability',
'controls-local-machine',
'degrades-security-software',
'degrades-system-updates',
'determines-c2-server',
'emails-spam',
'escalates-privileges',
'evades-av',
'exfiltrates-data',
'fingerprints-host',
'hides-artifacts',
'hides-executing-code',
'infects-files',
'infects-remote-machines',
'installs-other-components',
'persists-after-system-reboot',
'prevents-artifact-access',
'prevents-artifact-deletion',
'probes-network-environment',
'self-modifies',
'steals-authentication-credentials',
'violates-system-operational-integrity'
].freeze
- INFRASTRUCTURE_TYPE_OV =
[
'amplification',
'anonymization',
'botnet',
'command-and-control',
'exfiltration',
'hosting-malware',
'hosting-target-lists',
'phishing',
'reconnaissance',
'staging',
'undefined'
].freeze
- ATTACK_RESOURCE_LEVEL_OV =
[
'individual',
'club',
'contest',
'team',
'organization',
'government'
].freeze
- ATTACK_MOTIVATION_OV =
[
'accidental',
'coercion',
'dominance',
'ideology',
'notoriety',
'organizational-gain',
'personal-gain',
'personal-satisfaction',
'revenge',
'unpredictable'
].freeze
- REGION_OV =
[
'eastern-africa',
'middle-africa',
'northern-africa',
'southern-africa',
'western-africa',
'caribbean',
'central-america',
'latin-america-caribbean',
'northern-america',
'south-america',
'central-asia',
'eastern-asia',
'southern-asia',
'south-eastern-asia',
'western-asia',
'eastern-europe',
'northern-europe',
'southern-europe',
'western-europe',
'antarctica',
'australia-new-zealand',
'melanesia',
'micronesia',
'polynesia'
].freeze
- MALWARE_RESULT_OV =
[
'malicious',
'suspicious',
'benign',
'unknown'
].freeze
- REPORT_TYPE_OV =
[
'attack-pattern',
'campaign',
'identity',
'indicator',
'intrusion-set',
'malware',
'observed-data',
'threat-actor',
'threat-report',
'tool',
'vulnerability'
].freeze
- THREAT_ACTOR_TYPE_OV =
[
'activist',
'competitor',
'crime-syndicate',
'criminal',
'hacker',
'insider-accidental',
'insider-disgruntled',
'nation-state',
'sensationalist',
'spy',
'terrorist',
'unknown'
].freeze
- THREAT_ACTOR_ROLE_OV =
[
'agent',
'director',
'independent',
'infrastructure-architect',
'infrastructure-operator',
'malware-author',
'sponsor'
].freeze
- THREAT_ACTOR_SOPHISTICATION_OV =
[
'none',
'minimal',
'intermediate',
'advanced',
'expert',
'innovator',
'strategic'
].freeze
- TOOL_TYPES_OV =
[
'denial-of-service',
'exploitation',
'information-gathering',
'network-capture',
'credential-exploitation',
'remote-access',
'vulnerability-scanning',
'unknown'
].freeze
- HASH_ALGORITHM_OV =
[
'MD5',
'SHA-1',
'SHA-256',
'SHA-512',
'SHA3-256',
'SHA3-512',
'SSDEEP',
'TLSH'
].freeze
- ACCOUNT_TYPE_OV =
[
'facebook',
'ldap',
'nis',
'openid',
'radius',
'skype',
'tacacs',
'twitter',
'unix',
'windows-local',
'windows-domain'
].freeze
- WINDOWS_PEBINARY_TYPE_OV =
[
'dll',
'exe',
'sys'
].freeze
- OPINION_ENUM =
[
'strongly-disagree',
'disagree',
'neutral',
'agree',
'strongly-agree'
].freeze
- ENCRYPTION_ALGORITHM_ENUM =
[
'AES-256-GCM',
'ChaCha20-Poly1305',
'mime-type-indicated'
].freeze
- WINDOWS_REGISTRY_DATATYPE_ENUM =
[
'REG_NONE',
'REG_SZ',
'REG_EXPAND_SZ',
'REG_BINARY',
'REG_DWORD',
'REG_DWORD_BIG_ENDIAN',
'REG_DWORD_LITTLE_ENDIAN',
'REG_LINK',
'REG_MULTI_SZ',
'REG_RESOURCE_LIST',
'REG_FULL_RESOURCE_DESCRIPTION',
'REG_RESOURCE_REQUIREMENTS_LIST',
'REG_QWORD',
'REG_INVALID_TYPE'
].freeze
- EXTENSION_TYPE_ENUM =
[
'new-sdo',
'new-sco',
'new-sro',
'property-extension',
'toplevel-property-extension'
].freeze
- NETWORK_SOCKET_ADDRESS_FAMILY_ENUM =
[
'AF_UNSPEC',
'AF_INET',
'AF_IPX',
'AF_APPLETALK',
'AF_NETBIOS',
'AF_INET6',
'AF_IRDA',
'AF_BTH'
].freeze
- NETWORK_SOCKET_TYPE_ENUM =
[
'SOCK_STREAM',
'AF_ISOCK_DGRAMNET',
'SOCK_RAW',
'SOCK_RDM',
'SOCK_SEQPACKET'
].freeze
- WINDOWS_INTEGRITY_LEVEL_ENUM =
[
'low',
'medium',
'high',
'system'
].freeze
- WINDOWS_SERVICE_START_TYPE_ENUM =
[
'SERVICE_AUTO_START',
'SERVICE_BOOT_START',
'SERVICE_DEMAND_START',
'SERVICE_DISABLED',
'SERVICE_SYSTEM_ALERT'
].freeze
- WINDOWS_SERVICE_TYPE_ENUM =
[
'SERVICE_KERNEL_DRIVER',
'SERVICE_FILE_SYSTEM_DRIVER',
'SERVICE_WIN32_OWN_PROCESS',
'SERVICE_WIN32_SHARE_PROCESS'
].freeze
- WINDOWS_SERVICE_STATUS_ENUM =
[
'SERVICE_CONTINUE_PENDING',
'SERVICE_PAUSE_PENDING',
'SERVICE_PAUSED',
'SERVICE_RUNNING',
'SERVICE_START_PENDING',
'SERVICE_STOP_PENDING',
'SERVICE_STOPPED'
].freeze
- SPEC_VERSIONS =
['2.1']
- VERSION =
'0.1.1'
- RFC5646_LANGUAGE_TAGS =
{
'af' => 'Afrikaans',
'af-ZA' => 'Afrikaans (South Africa)',
'ar' => 'Arabic',
'ar-AE' => 'Arabic (U.A.E.)',
'ar-BH' => 'Arabic (Bahrain)',
'ar-DZ' => 'Arabic (Algeria)',
'ar-EG' => 'Arabic (Egypt)',
'ar-IQ' => 'Arabic (Iraq)',
'ar-JO' => 'Arabic (Jordan)',
'ar-KW' => 'Arabic (Kuwait)',
'ar-LB' => 'Arabic (Lebanon)',
'ar-LY' => 'Arabic (Libya)',
'ar-MA' => 'Arabic (Morocco)',
'ar-OM' => 'Arabic (Oman)',
'ar-QA' => 'Arabic (Qatar)',
'ar-SA' => 'Arabic (Saudi Arabia)',
'ar-SY' => 'Arabic (Syria)',
'ar-TN' => 'Arabic (Tunisia)',
'ar-YE' => 'Arabic (Yemen)',
'az' => 'Azeri (Latin)',
'az-AZ' => 'Azeri (Latin) (Azerbaijan)',
'az-Cyrl-AZ' => 'Azeri (Cyrillic) (Azerbaijan)',
'be' => 'Belarusian',
'be-BY' => 'Belarusian (Belarus)',
'bg' => 'Bulgarian',
'bg-BG' => 'Bulgarian (Bulgaria)',
'bs-BA' => 'Bosnian (Bosnia and Herzegovina)',
'ca' => 'Catalan',
'ca-ES' => 'Catalan (Spain)',
'cs' => 'Czech',
'cs-CZ' => 'Czech (Czech Republic)',
'cy' => 'Welsh',
'cy-GB' => 'Welsh (United Kingdom)',
'da' => 'Danish',
'da-DK' => 'Danish (Denmark)',
'de' => 'German',
'de-AT' => 'German (Austria)',
'de-CH' => 'German (Switzerland)',
'de-DE' => 'German (Germany)',
'de-LI' => 'German (Liechtenstein)',
'de-LU' => 'German (Luxembourg)',
'dv' => 'Divehi',
'dv-MV' => 'Divehi (Maldives)',
'el' => 'Greek',
'el-GR' => 'Greek (Greece)',
'en' => 'English',
'en-AU' => 'English (Australia)',
'en-BZ' => 'English (Belize)',
'en-CA' => 'English (Canada)',
'en-CB' => 'English (Caribbean)',
'en-GB' => 'English (United Kingdom)',
'en-IE' => 'English (Ireland)',
'en-JM' => 'English (Jamaica)',
'en-NZ' => 'English (New Zealand)',
'en-PH' => 'English (Republic of the Philippines)',
'en-TT' => 'English (Trinidad and Tobago)',
'en-US' => 'English (United States)',
'en-ZA' => 'English (South Africa)',
'en-ZW' => 'English (Zimbabwe)',
'eo' => 'Esperanto',
'es' => 'Spanish',
'es-AR' => 'Spanish (Argentina)',
'es-BO' => 'Spanish (Bolivia)',
'es-CL' => 'Spanish (Chile)',
'es-CO' => 'Spanish (Colombia)',
'es-CR' => 'Spanish (Costa Rica)',
'es-DO' => 'Spanish (Dominican Republic)',
'es-EC' => 'Spanish (Ecuador)',
'es-ES' => 'Spanish (Spain)',
'es-GT' => 'Spanish (Guatemala)',
'es-HN' => 'Spanish (Honduras)',
'es-MX' => 'Spanish (Mexico)',
'es-NI' => 'Spanish (Nicaragua)',
'es-PA' => 'Spanish (Panama)',
'es-PE' => 'Spanish (Peru)',
'es-PR' => 'Spanish (Puerto Rico)',
'es-PY' => 'Spanish (Paraguay)',
'es-SV' => 'Spanish (El Salvador)',
'es-UY' => 'Spanish (Uruguay)',
'es-VE' => 'Spanish (Venezuela)',
'et' => 'Estonian',
'et-EE' => 'Estonian (Estonia)',
'eu' => 'Basque',
'eu-ES' => 'Basque (Spain)',
'fa' => 'Farsi',
'fa-IR' => 'Farsi (Iran)',
'fi' => 'Finnish',
'fi-FI' => 'Finnish (Finland)',
'fo' => 'Faroese',
'fo-FO' => 'Faroese (Faroe Islands)',
'fr' => 'French',
'fr-BE' => 'French (Belgium)',
'fr-CA' => 'French (Canada)',
'fr-CH' => 'French (Switzerland)',
'fr-FR' => 'French (France)',
'fr-LU' => 'French (Luxembourg)',
'fr-MC' => 'French (Principality of Monaco)',
'gl' => 'Galician',
'gl-ES' => 'Galician (Spain)',
'gu' => 'Gujarati',
'gu-IN' => 'Gujarati (India)',
'he' => 'Hebrew',
'he-IL' => 'Hebrew (Israel)',
'hi' => 'Hindi',
'hi-IN' => 'Hindi (India)',
'hr' => 'Croatian',
'hr-BA' => 'Croatian (Bosnia and Herzegovina)',
'hr-HR' => 'Croatian (Croatia)',
'hu' => 'Hungarian',
'hu-HU' => 'Hungarian (Hungary)',
'hy' => 'Armenian',
'hy-AM' => 'Armenian (Armenia)',
'id' => 'Indonesian',
'id-ID' => 'Indonesian (Indonesia)',
'is' => 'Icelandic',
'is-IS' => 'Icelandic (Iceland)',
'it' => 'Italian',
'it-CH' => 'Italian (Switzerland)',
'it-IT' => 'Italian (Italy)',
'ja' => 'Japanese',
'ja-JP' => 'Japanese (Japan)',
'ka' => 'Georgian',
'ka-GE' => 'Georgian (Georgia)',
'kk' => 'Kazakh',
'kk-KZ' => 'Kazakh (Kazakhstan)',
'kn' => 'Kannada',
'kn-IN' => 'Kannada (India)',
'ko' => 'Korean',
'ko-KR' => 'Korean (Korea)',
'kok' => 'Konkani',
'kok-IN' => 'Konkani (India)',
'ky' => 'Kyrgyz',
'ky-KG' => 'Kyrgyz (Kyrgyzstan)',
'lt' => 'Lithuanian',
'lt-LT' => 'Lithuanian (Lithuania)',
'lv' => 'Latvian',
'lv-LV' => 'Latvian (Latvia)',
'mi' => 'Maori',
'mi-NZ' => 'Maori (New Zealand)',
'mk' => 'FYRO Macedonian',
'mk-MK' => 'FYRO Macedonian (Former Yugoslav Republic of Macedonia)',
'mn' => 'Mongolian',
'mn-MN' => 'Mongolian (Mongolia)',
'mr' => 'Marathi',
'mr-IN' => 'Marathi (India)',
'ms' => 'Malay',
'ms-BN' => 'Malay (Brunei Darussalam)',
'ms-MY' => 'Malay (Malaysia)',
'mt' => 'Maltese',
'mt-MT' => 'Maltese (Malta)',
'nb' => 'Norwegian (Bokm?l)',
'nb-NO' => 'Norwegian (Bokm?l) (Norway)',
'nl' => 'Dutch',
'nl-BE' => 'Dutch (Belgium)',
'nl-NL' => 'Dutch (Netherlands)',
'nn-NO' => 'Norwegian (Nynorsk) (Norway)',
'ns' => 'Northern Sotho',
'ns-ZA' => 'Northern Sotho (South Africa)',
'pa' => 'Punjabi',
'pa-IN' => 'Punjabi (India)',
'pl' => 'Polish',
'pl-PL' => 'Polish (Poland)',
'ps' => 'Pashto',
'ps-AR' => 'Pashto (Afghanistan)',
'pt' => 'Portuguese',
'pt-BR' => 'Portuguese (Brazil)',
'pt-PT' => 'Portuguese (Portugal)',
'qu' => 'Quechua',
'qu-BO' => 'Quechua (Bolivia)',
'qu-EC' => 'Quechua (Ecuador)',
'qu-PE' => 'Quechua (Peru)',
'ro' => 'Romanian',
'ro-RO' => 'Romanian (Romania)',
'ru' => 'Russian',
'ru-RU' => 'Russian (Russia)',
'sa' => 'Sanskrit',
'sa-IN' => 'Sanskrit (India)',
'se' => 'Sami',
'se-FI' => 'Sami (Finland)',
'se-NO' => 'Sami (Norway)',
'se-SE' => 'Sami (Sweden)',
'sk' => 'Slovak',
'sk-SK' => 'Slovak (Slovakia)',
'sl' => 'Slovenian',
'sl-SI' => 'Slovenian (Slovenia)',
'sq' => 'Albanian',
'sq-AL' => 'Albanian (Albania)',
'sr-BA' => 'Serbian (Latin) (Bosnia and Herzegovina)',
'sr-Cyrl-BA' => 'Serbian (Cyrillic) (Bosnia and Herzegovina)',
'sr-SP' => 'Serbian (Latin) (Serbia and Montenegro)',
'sr-Cyrl-SP' => 'Serbian (Cyrillic) (Serbia and Montenegro)',
'sv' => 'Swedish',
'sv-FI' => 'Swedish (Finland)',
'sv-SE' => 'Swedish (Sweden)',
'sw' => 'Swahili',
'sw-KE' => 'Swahili (Kenya)',
'syr' => 'Syriac',
'syr-SY' => 'Syriac (Syria)',
'ta' => 'Tamil',
'ta-IN' => 'Tamil (India)',
'te' => 'Telugu',
'te-IN' => 'Telugu (India)',
'th' => 'Thai',
'th-TH' => 'Thai (Thailand)',
'tl' => 'Tagalog',
'tl-PH' => 'Tagalog (Philippines)',
'tn' => 'Tswana',
'tn-ZA' => 'Tswana (South Africa)',
'tr' => 'Turkish',
'tr-TR' => 'Turkish (Turkey)',
'tt' => 'Tatar',
'tt-RU' => 'Tatar (Russia)',
'ts' => 'Tsonga',
'uk' => 'Ukrainian',
'uk-UA' => 'Ukrainian (Ukraine)',
'ur' => 'Urdu',
'ur-PK' => 'Urdu (Islamic Republic of Pakistan)',
'uz' => 'Uzbek (Latin)',
'uz-UZ' => 'Uzbek (Latin) (Uzbekistan)',
'uz-Cyrl-UZ' => 'Uzbek (Cyrillic) (Uzbekistan)',
'vi' => 'Vietnamese',
'vi-VN' => 'Vietnamese (Viet Nam)',
'xh' => 'Xhosa',
'xh-ZA' => 'Xhosa (South Africa)',
'zh' => 'Chinese',
'zh-CN' => 'Chinese (S)',
'zh-HK' => 'Chinese (Hong Kong)',
'zh-MO' => 'Chinese (Macau)',
'zh-SG' => 'Chinese (Singapore)',
'zh-TW' => 'Chinese (T)',
'zu' => 'Zulu',
'zu-ZA' => 'Zulu (South Africa)'
}