- INDICATOR_TYPE_OV =
[
"anomalous-activity",
"anonymization",
"benign",
"compromised",
"malicious-activity",
"attribution",
"unknown"
].freeze
- PATTERN_TYPE_OV =
[
"stix",
"pcre",
"sigma",
"snort",
"suricata",
"yara"
].freeze
- GROUPING_CONTEXT_OV =
[
"suspicious-activity",
"malware-analysis",
"unspecified"
].freeze
- IDENTITY_CLASS_OV =
[
"individual",
"group",
"system",
"organization",
"class",
"unknown"
].freeze
- INDUSTRY_SECTOR_OV =
[
"agriculture",
"aerospace",
"automotive",
"chemical",
"commercial",
"communications",
"construction",
"defense",
"education",
"energy",
"entertainment",
"financial-services",
"government (emergency-services, government-local, government-national, government-public-services, government-regional)",
"healthcare",
"hospitality-leisure",
"infrastructure (dams, nuclear, water)",
"insurance",
"manufacturing",
"mining",
"non-profit",
"pharmaceuticals",
"retail",
"technology",
"telecommunications",
"transportation",
"utilities"
].freeze
- MALWARE_TYPE_OV =
[
"adware",
"backdoor",
"bot",
"bootkit",
"ddos",
"downloader",
"dropper",
"exploit-kit",
"keylogger",
"ransomware",
"remote-access-trojan",
"resource-exploitation",
"rogue-security-software",
"rootkit",
"screen-capture",
"spyware",
"trojan",
"unknown",
"virus",
"webshell",
"wiper",
"worm"
].freeze
- PROCESSOR_ARCHITECTURE_OV =
[
"alpha",
"arm",
"ia-64",
"mips",
"powerpc",
"sparc",
"x86",
"x86-64"
].freeze
- IMPLEMENTATION_LANGUAGE_OV =
[
"applescript",
"bash",
"c",
"c++",
"c#",
"go",
"java",
"javascript",
"lua",
"objective-c",
"perl",
"php",
"powershell",
"python",
"ruby",
"scala",
"swift",
"typescript",
"visual-basic",
"x86-32",
"x86-64"
].freeze
- IMPLEMENTATION_CAPABILITIES_OV =
[
"accesses-remote-machines",
"anti-debugging",
"anti-disassembly",
"anti-emulation",
"anti-memory-forensics",
"anti-sandbox",
"anti-vm",
"captures-input-peripherals",
"captures-output-peripherals",
"captures-system-state-data",
"cleans-traces-of-infection",
"commits-fraud",
"communicates-with-c2",
"compromises-data-availability",
"compromises-data-integrity",
"compromises-system-availability",
"controls-local-machine",
"degrades-security-software",
"degrades-system-updates",
"determines-c2-server",
"emails-spam",
"escalates-privileges",
"evades-av",
"exfiltrates-data",
"fingerprints-host",
"hides-artifacts",
"hides-executing-code",
"infects-files",
"infects-remote-machines",
"installs-other-components",
"persists-after-system-reboot",
"prevents-artifact-access",
"prevents-artifact-deletion",
"probes-network-environment",
"self-modifies",
"steals-authentication-credentials",
"violates-system-operational-integrity"
].freeze
- INFRASTRUCTURE_TYPE_OV =
[
"amplification",
"anonymization",
"botnet",
"command-and-control",
"exfiltration",
"hosting-malware",
"hosting-target-lists",
"phishing",
"reconnaissance",
"staging",
"undefined"
].freeze
- ATTACK_RESOURCE_LEVEL_OV =
[
"individual",
"club",
"contest",
"team",
"organization",
"government"
].freeze
- ATTACK_MOTIVATION_OV =
[
"accidental",
"coercion",
"dominance",
"ideology",
"notoriety",
"organizational-gain",
"personal-gain",
"personal-satisfaction",
"revenge",
"unpredictable"
].freeze
- REGION_OV =
[
"africa",
"eastern-africa",
"middle-africa",
"northern-africa",
"southern-africa",
"western-africa",
"caribbean",
"central-america",
"americas",
"latin-america-caribbean",
"northern-america",
"south-america",
"asia",
"central-asia",
"eastern-asia",
"southern-asia",
"south-eastern-asia",
"western-asia",
"europe",
"eastern-europe",
"northern-europe",
"southern-europe",
"western-europe",
"oceania",
"antarctica",
"australia-new-zealand",
"melanesia",
"micronesia",
"polynesia"
].freeze
- MALWARE_RESULT_OV =
[
"malicious",
"suspicious",
"benign",
"unknown"
].freeze
- REPORT_TYPE_OV =
[
"attack-pattern",
"campaign",
"identity",
"indicator",
"intrusion-set",
"malware",
"observed-data",
"threat-actor",
"threat-report",
"tool",
"vulnerability"
].freeze
- THREAT_ACTOR_TYPE_OV =
[
"activist",
"competitor",
"crime-syndicate",
"criminal",
"hacker",
"insider-accidental",
"insider-disgruntled",
"nation-state",
"sensationalist",
"spy",
"terrorist",
"unknown"
].freeze
- THREAT_ACTOR_ROLE_OV =
[
"agent",
"director",
"independent",
"infrastructure-architect",
"infrastructure-operator",
"malware-author",
"sponsor"
].freeze
- THREAT_ACTOR_SOPHISTICATION_OV =
[
"none",
"minimal",
"intermediate",
"advanced",
"expert",
"innovator",
"strategic"
].freeze
- TOOL_TYPES_OV =
[
"denial-of-service",
"exploitation",
"information-gathering",
"network-capture",
"credential-exploitation",
"remote-access",
"vulnerability-scanning",
"unknown"
].freeze
- HASH_ALGORITHM_OV =
[
"MD5",
"SHA-1",
"SHA-256",
"SHA-512",
"SHA3-256",
"SHA3-512",
"SSDEEP",
"TLSH"
].freeze
- ACCOUNT_TYPE_OV =
[
"facebook",
"ldap",
"nis",
"openid",
"radius",
"skype",
"tacacs",
"twitter",
"unix",
"windows-local",
"windows-domain"
].freeze
- WINDOWS_PEBINARY_TYPE_OV =
[
"dll",
"exe",
"sys"
].freeze
- OPINION_ENUM =
[
"strongly-disagree",
"disagree",
"neutral",
"agree",
"strongly-agree"
].freeze
- ENCRYPTION_ALGORITHM_ENUM =
[
"AES-256-GCM",
"ChaCha20-Poly1305",
"mime-type-indicated"
].freeze
- WINDOWS_REGISTRY_DATATYPE_ENUM =
[
"REG_NONE",
"REG_SZ",
"REG_EXPAND_SZ",
"REG_BINARY",
"REG_DWORD",
"REG_DWORD_BIG_ENDIAN",
"REG_DWORD_LITTLE_ENDIAN",
"REG_LINK",
"REG_MULTI_SZ",
"REG_RESOURCE_LIST",
"REG_FULL_RESOURCE_DESCRIPTION",
"REG_RESOURCE_REQUIREMENTS_LIST",
"REG_QWORD",
"REG_INVALID_TYPE"
].freeze
- EXTENSION_TYPE_ENUM =
[
"new-sdo",
"new-sco",
"new-sro",
"property-extension",
"toplevel-property-extension"
].freeze
- NETWORK_SOCKET_ADDRESS_FAMILY_ENUM =
[
"AF_UNSPEC",
"AF_INET",
"AF_IPX",
"AF_APPLETALK",
"AF_NETBIOS",
"AF_INET6",
"AF_IRDA",
"AF_BTH"
].freeze
- NETWORK_SOCKET_TYPE_ENUM =
[
"SOCK_STREAM",
"AF_ISOCK_DGRAMNET",
"SOCK_RAW",
"SOCK_RDM",
"SOCK_SEQPACKET"
].freeze
- WINDOWS_INTEGRITY_LEVEL_ENUM =
[
"low",
"medium",
"high",
"system"
].freeze
- WINDOWS_SERVICE_START_TYPE_ENUM =
[
"SERVICE_AUTO_START",
"SERVICE_BOOT_START",
"SERVICE_DEMAND_START",
"SERVICE_DISABLED",
"SERVICE_SYSTEM_ALERT"
].freeze
- WINDOWS_SERVICE_TYPE_ENUM =
[
"SERVICE_KERNEL_DRIVER",
"SERVICE_FILE_SYSTEM_DRIVER",
"SERVICE_WIN32_OWN_PROCESS",
"SERVICE_WIN32_SHARE_PROCESS"
].freeze
- WINDOWS_SERVICE_STATUS_ENUM =
[
"SERVICE_CONTINUE_PENDING",
"SERVICE_PAUSE_PENDING",
"SERVICE_PAUSED",
"SERVICE_RUNNING",
"SERVICE_START_PENDING",
"SERVICE_STOP_PENDING",
"SERVICE_STOPPED"
].freeze
- SPEC_VERSIONS =
["2.1"]
- UUID_NAMESPACE =
"00abedb4-aa42-466c-9c01-fed23315a9b7"
- VERSION =
"0.1.4"
- RFC5646_LANGUAGE_TAGS =
{
"af" => "Afrikaans",
"af-ZA" => "Afrikaans (South Africa)",
"ar" => "Arabic",
"ar-AE" => "Arabic (U.A.E.)",
"ar-BH" => "Arabic (Bahrain)",
"ar-DZ" => "Arabic (Algeria)",
"ar-EG" => "Arabic (Egypt)",
"ar-IQ" => "Arabic (Iraq)",
"ar-JO" => "Arabic (Jordan)",
"ar-KW" => "Arabic (Kuwait)",
"ar-LB" => "Arabic (Lebanon)",
"ar-LY" => "Arabic (Libya)",
"ar-MA" => "Arabic (Morocco)",
"ar-OM" => "Arabic (Oman)",
"ar-QA" => "Arabic (Qatar)",
"ar-SA" => "Arabic (Saudi Arabia)",
"ar-SY" => "Arabic (Syria)",
"ar-TN" => "Arabic (Tunisia)",
"ar-YE" => "Arabic (Yemen)",
"az" => "Azeri (Latin)",
"az-AZ" => "Azeri (Latin) (Azerbaijan)",
"az-Cyrl-AZ" => "Azeri (Cyrillic) (Azerbaijan)",
"be" => "Belarusian",
"be-BY" => "Belarusian (Belarus)",
"bg" => "Bulgarian",
"bg-BG" => "Bulgarian (Bulgaria)",
"bs-BA" => "Bosnian (Bosnia and Herzegovina)",
"ca" => "Catalan",
"ca-ES" => "Catalan (Spain)",
"cs" => "Czech",
"cs-CZ" => "Czech (Czech Republic)",
"cy" => "Welsh",
"cy-GB" => "Welsh (United Kingdom)",
"da" => "Danish",
"da-DK" => "Danish (Denmark)",
"de" => "German",
"de-AT" => "German (Austria)",
"de-CH" => "German (Switzerland)",
"de-DE" => "German (Germany)",
"de-LI" => "German (Liechtenstein)",
"de-LU" => "German (Luxembourg)",
"dv" => "Divehi",
"dv-MV" => "Divehi (Maldives)",
"el" => "Greek",
"el-GR" => "Greek (Greece)",
"en" => "English",
"en-AU" => "English (Australia)",
"en-BZ" => "English (Belize)",
"en-CA" => "English (Canada)",
"en-CB" => "English (Caribbean)",
"en-GB" => "English (United Kingdom)",
"en-IE" => "English (Ireland)",
"en-JM" => "English (Jamaica)",
"en-NZ" => "English (New Zealand)",
"en-PH" => "English (Republic of the Philippines)",
"en-TT" => "English (Trinidad and Tobago)",
"en-US" => "English (United States)",
"en-ZA" => "English (South Africa)",
"en-ZW" => "English (Zimbabwe)",
"eo" => "Esperanto",
"es" => "Spanish",
"es-AR" => "Spanish (Argentina)",
"es-BO" => "Spanish (Bolivia)",
"es-CL" => "Spanish (Chile)",
"es-CO" => "Spanish (Colombia)",
"es-CR" => "Spanish (Costa Rica)",
"es-DO" => "Spanish (Dominican Republic)",
"es-EC" => "Spanish (Ecuador)",
"es-ES" => "Spanish (Spain)",
"es-GT" => "Spanish (Guatemala)",
"es-HN" => "Spanish (Honduras)",
"es-MX" => "Spanish (Mexico)",
"es-NI" => "Spanish (Nicaragua)",
"es-PA" => "Spanish (Panama)",
"es-PE" => "Spanish (Peru)",
"es-PR" => "Spanish (Puerto Rico)",
"es-PY" => "Spanish (Paraguay)",
"es-SV" => "Spanish (El Salvador)",
"es-UY" => "Spanish (Uruguay)",
"es-VE" => "Spanish (Venezuela)",
"et" => "Estonian",
"et-EE" => "Estonian (Estonia)",
"eu" => "Basque",
"eu-ES" => "Basque (Spain)",
"fa" => "Farsi",
"fa-IR" => "Farsi (Iran)",
"fi" => "Finnish",
"fi-FI" => "Finnish (Finland)",
"fo" => "Faroese",
"fo-FO" => "Faroese (Faroe Islands)",
"fr" => "French",
"fr-BE" => "French (Belgium)",
"fr-CA" => "French (Canada)",
"fr-CH" => "French (Switzerland)",
"fr-FR" => "French (France)",
"fr-LU" => "French (Luxembourg)",
"fr-MC" => "French (Principality of Monaco)",
"gl" => "Galician",
"gl-ES" => "Galician (Spain)",
"gu" => "Gujarati",
"gu-IN" => "Gujarati (India)",
"he" => "Hebrew",
"he-IL" => "Hebrew (Israel)",
"hi" => "Hindi",
"hi-IN" => "Hindi (India)",
"hr" => "Croatian",
"hr-BA" => "Croatian (Bosnia and Herzegovina)",
"hr-HR" => "Croatian (Croatia)",
"hu" => "Hungarian",
"hu-HU" => "Hungarian (Hungary)",
"hy" => "Armenian",
"hy-AM" => "Armenian (Armenia)",
"id" => "Indonesian",
"id-ID" => "Indonesian (Indonesia)",
"is" => "Icelandic",
"is-IS" => "Icelandic (Iceland)",
"it" => "Italian",
"it-CH" => "Italian (Switzerland)",
"it-IT" => "Italian (Italy)",
"ja" => "Japanese",
"ja-JP" => "Japanese (Japan)",
"ka" => "Georgian",
"ka-GE" => "Georgian (Georgia)",
"kk" => "Kazakh",
"kk-KZ" => "Kazakh (Kazakhstan)",
"kn" => "Kannada",
"kn-IN" => "Kannada (India)",
"ko" => "Korean",
"ko-KR" => "Korean (Korea)",
"kok" => "Konkani",
"kok-IN" => "Konkani (India)",
"ky" => "Kyrgyz",
"ky-KG" => "Kyrgyz (Kyrgyzstan)",
"lt" => "Lithuanian",
"lt-LT" => "Lithuanian (Lithuania)",
"lv" => "Latvian",
"lv-LV" => "Latvian (Latvia)",
"mi" => "Maori",
"mi-NZ" => "Maori (New Zealand)",
"mk" => "FYRO Macedonian",
"mk-MK" => "FYRO Macedonian (Former Yugoslav Republic of Macedonia)",
"mn" => "Mongolian",
"mn-MN" => "Mongolian (Mongolia)",
"mr" => "Marathi",
"mr-IN" => "Marathi (India)",
"ms" => "Malay",
"ms-BN" => "Malay (Brunei Darussalam)",
"ms-MY" => "Malay (Malaysia)",
"mt" => "Maltese",
"mt-MT" => "Maltese (Malta)",
"nb" => "Norwegian (Bokm?l)",
"nb-NO" => "Norwegian (Bokm?l) (Norway)",
"nl" => "Dutch",
"nl-BE" => "Dutch (Belgium)",
"nl-NL" => "Dutch (Netherlands)",
"nn-NO" => "Norwegian (Nynorsk) (Norway)",
"ns" => "Northern Sotho",
"ns-ZA" => "Northern Sotho (South Africa)",
"pa" => "Punjabi",
"pa-IN" => "Punjabi (India)",
"pl" => "Polish",
"pl-PL" => "Polish (Poland)",
"ps" => "Pashto",
"ps-AR" => "Pashto (Afghanistan)",
"pt" => "Portuguese",
"pt-BR" => "Portuguese (Brazil)",
"pt-PT" => "Portuguese (Portugal)",
"qu" => "Quechua",
"qu-BO" => "Quechua (Bolivia)",
"qu-EC" => "Quechua (Ecuador)",
"qu-PE" => "Quechua (Peru)",
"ro" => "Romanian",
"ro-RO" => "Romanian (Romania)",
"ru" => "Russian",
"ru-RU" => "Russian (Russia)",
"sa" => "Sanskrit",
"sa-IN" => "Sanskrit (India)",
"se" => "Sami",
"se-FI" => "Sami (Finland)",
"se-NO" => "Sami (Norway)",
"se-SE" => "Sami (Sweden)",
"sk" => "Slovak",
"sk-SK" => "Slovak (Slovakia)",
"sl" => "Slovenian",
"sl-SI" => "Slovenian (Slovenia)",
"sq" => "Albanian",
"sq-AL" => "Albanian (Albania)",
"sr-BA" => "Serbian (Latin) (Bosnia and Herzegovina)",
"sr-Cyrl-BA" => "Serbian (Cyrillic) (Bosnia and Herzegovina)",
"sr-SP" => "Serbian (Latin) (Serbia and Montenegro)",
"sr-Cyrl-SP" => "Serbian (Cyrillic) (Serbia and Montenegro)",
"sv" => "Swedish",
"sv-FI" => "Swedish (Finland)",
"sv-SE" => "Swedish (Sweden)",
"sw" => "Swahili",
"sw-KE" => "Swahili (Kenya)",
"syr" => "Syriac",
"syr-SY" => "Syriac (Syria)",
"ta" => "Tamil",
"ta-IN" => "Tamil (India)",
"te" => "Telugu",
"te-IN" => "Telugu (India)",
"th" => "Thai",
"th-TH" => "Thai (Thailand)",
"tl" => "Tagalog",
"tl-PH" => "Tagalog (Philippines)",
"tn" => "Tswana",
"tn-ZA" => "Tswana (South Africa)",
"tr" => "Turkish",
"tr-TR" => "Turkish (Turkey)",
"tt" => "Tatar",
"tt-RU" => "Tatar (Russia)",
"ts" => "Tsonga",
"uk" => "Ukrainian",
"uk-UA" => "Ukrainian (Ukraine)",
"ur" => "Urdu",
"ur-PK" => "Urdu (Islamic Republic of Pakistan)",
"uz" => "Uzbek (Latin)",
"uz-UZ" => "Uzbek (Latin) (Uzbekistan)",
"uz-Cyrl-UZ" => "Uzbek (Cyrillic) (Uzbekistan)",
"vi" => "Vietnamese",
"vi-VN" => "Vietnamese (Viet Nam)",
"xh" => "Xhosa",
"xh-ZA" => "Xhosa (South Africa)",
"zh" => "Chinese",
"zh-CN" => "Chinese (S)",
"zh-HK" => "Chinese (Hong Kong)",
"zh-MO" => "Chinese (Macau)",
"zh-SG" => "Chinese (Singapore)",
"zh-TW" => "Chinese (T)",
"zu" => "Zulu",
"zu-ZA" => "Zulu (South Africa)"
}