txt2stix 0.0.4__py3-none-any.whl

txt2stix/includes/lookups/mitre_attack_ics_aliases_v16_0.txt

@@ -0,0 +1,141 @@
+Triton Safety Instrumented System Attack
+2015 Ukraine Electric Power Attack
+Maroochy Water Breach
+Unitronics Defacement Campaign
+2016 Ukraine Electric Power Attack
+2022 Ukraine Electric Power Attack
+APT38
+NICKEL GLADSTONE
+BeagleBoyz
+Bluenoroff
+Stardust Chollima
+Sapphire Sleet
+COPERNICIUM
+ALLANITE
+Palmetto Fusion
+Dragonfly
+TEMP.Isotope
+DYMALLOY
+Berserk Bear
+TG-4192
+Crouching Yeti
+IRON LIBERTY
+Energetic Bear
+Ghost Blizzard
+BROMINE
+FIN6
+Magecart Group 6
+ITG08
+Skeleton Spider
+TAAL
+Camouflage Tempest
+FIN7
+GOLD NIAGARA
+ITG14
+Carbon Spider
+ELBRUS
+Sangria Tempest
+Sandworm Team
+ELECTRUM
+Telebots
+IRON VIKING
+BlackEnergy (Group)
+Quedagh
+Voodoo Bear
+IRIDIUM
+Seashell Blizzard
+FROZENBARENTS
+APT44
+OilRig
+COBALT GYPSY
+IRN2
+APT34
+Helix Kitten
+Evasive Serpens
+Hazel Sandstorm
+EUROPIUM
+ITG13
+TEMP.Veles
+XENOTIME
+CyberAv3ngers
+Soldiers of Soloman
+GOLD SOUTHFIELD
+Pinchy Spider
+Lazarus Group
+Labyrinth Chollima
+HIDDEN COBRA
+Guardians of Peace
+ZINC
+NICKEL ACADEMY
+Diamond Sleet
+Wizard Spider
+UNC1878
+TEMP.MixMaster
+Grim Spider
+FIN12
+GOLD BLACKBURN
+ITG23
+Periwinkle Tempest
+DEV-0193
+HEXANE
+Lyceum
+Siamesekitten
+Spirlin
+APT33
+HOLMIUM
+Elfin
+Peach Sandstorm
+EKANS
+SNAKEHOSE
+Backdoor.Oldrea
+Havex
+Stuxnet
+W32.Stuxnet
+Bad Rabbit
+Win32/Diskcoder.D
+PLC-Blaster
+BlackEnergy
+Black Energy
+NotPetya
+ExPetr
+Diskcoder.C
+GoldenEye
+Petrwrap
+Nyetya
+Conficker
+Kido
+Downadup
+LockerGoga
+VPNFilter
+Duqu
+Industroyer2
+WannaCry
+WanaCry
+WanaCrypt
+WanaCrypt0r
+WCry
+Triton
+TRISIS
+HatMan
+Fuxnet
+Ryuk
+ACAD/Medre.A
+REvil
+Sodin
+Sodinokibi
+INCONTROLLER
+PIPEDREAM
+KillDisk
+Win32/KillDisk.NBI
+Win32/KillDisk.NBH
+Win32/KillDisk.NBD
+Win32/KillDisk.NBC
+Win32/KillDisk.NBB
+Industroyer
+CRASHOVERRIDE
+Win32/Industroyer
+Flame
+Flamer
+sKyWIper
+Leafminer
+Raspite

txt2stix/includes/lookups/mitre_attack_ics_id_v16_0.txt

@@ -0,0 +1,254 @@
+A0001
+A0002
+A0003
+A0004
+A0005
+A0006
+A0007
+A0008
+A0009
+A0010
+A0011
+A0012
+A0013
+A0014
+C0020
+C0025
+C0028
+C0030
+C0031
+C0034
+DS0001
+DS0002
+DS0003
+DS0009
+DS0011
+DS0012
+DS0015
+DS0016
+DS0017
+DS0019
+DS0022
+DS0024
+DS0028
+DS0029
+DS0033
+DS0039
+DS0040
+G0032
+G0034
+G0035
+G0037
+G0046
+G0049
+G0064
+G0077
+G0082
+G0088
+G0102
+G0115
+G1000
+G1001
+G1027
+M0800
+M0801
+M0802
+M0803
+M0804
+M0805
+M0806
+M0807
+M0808
+M0809
+M0810
+M0811
+M0812
+M0813
+M0814
+M0815
+M0816
+M0817
+M0818
+M0913
+M0915
+M0916
+M0917
+M0918
+M0919
+M0920
+M0921
+M0922
+M0924
+M0926
+M0927
+M0928
+M0930
+M0931
+M0932
+M0934
+M0935
+M0936
+M0937
+M0938
+M0941
+M0942
+M0944
+M0945
+M0946
+M0947
+M0948
+M0949
+M0950
+M0951
+M0953
+M0954
+M1013
+M1015
+M1016
+M1017
+M1018
+M1019
+M1020
+M1021
+M1022
+M1024
+M1026
+M1027
+M1028
+M1030
+M1031
+M1032
+M1034
+M1035
+M1036
+M1037
+M1038
+M1041
+M1042
+M1044
+M1045
+M1046
+M1047
+M1048
+M1049
+M1050
+M1051
+M1053
+M1054
+S0038
+S0089
+S0093
+S0143
+S0366
+S0368
+S0372
+S0446
+S0496
+S0603
+S0604
+S0605
+S0606
+S0607
+S0608
+S1000
+S1006
+S1009
+S1010
+S1045
+S1072
+S1157
+T0800
+T0801
+T0802
+T0803
+T0804
+T0805
+T0806
+T0807
+T0809
+T0811
+T0812
+T0813
+T0814
+T0815
+T0816
+T0817
+T0819
+T0820
+T0821
+T0822
+T0823
+T0826
+T0827
+T0828
+T0829
+T0830
+T0831
+T0832
+T0834
+T0835
+T0836
+T0837
+T0838
+T0839
+T0840
+T0842
+T0843
+T0845
+T0846
+T0847
+T0848
+T0849
+T0851
+T0852
+T0853
+T0855
+T0856
+T0857
+T0858
+T0859
+T0860
+T0861
+T0862
+T0863
+T0864
+T0865
+T0866
+T0867
+T0868
+T0869
+T0871
+T0872
+T0873
+T0874
+T0877
+T0878
+T0879
+T0880
+T0881
+T0882
+T0883
+T0884
+T0885
+T0886
+T0887
+T0888
+T0889
+T0890
+T0891
+T0892
+T0893
+T0894
+T0895
+TA0100
+TA0101
+TA0102
+TA0103
+TA0104
+TA0105
+TA0106
+TA0107
+TA0108
+TA0109
+TA0110
+TA0111

txt2stix/includes/lookups/mitre_attack_ics_name_v16_0.txt

@@ -0,0 +1,293 @@
+ICS ATT&CK
+Block Command Message
+Service Stop
+Modify Parameter
+Modify Controller Tasking
+Wireless Sniffing
+Loss of View
+Activate Firmware Update Mode
+Manipulation of Control
+Denial of Service
+Block Serial COM
+System Binary Proxy Execution
+Command-Line Interface
+Point & Tag Identification
+Device Restart/Shutdown
+User Execution
+Wireless Compromise
+Change Operating Mode
+Alarm Suppression
+Detect Operating Mode
+Loss of Protection
+Monitor Process State
+Scripting
+Remote System Information Discovery
+Program Upload
+Exploit Public-Facing Application
+Data from Information Repositories
+Transient Cyber Asset
+Manipulate I/O Image
+Network Sniffing
+Rootkit
+Automated Collection
+Block Reporting Message
+Unauthorized Command Message
+Data Destruction
+Manipulation of View
+Indicator Removal on Host
+I/O Image
+Denial of View
+Execution through API
+Supply Chain Compromise
+Loss of Safety
+Loss of Productivity and Revenue
+Spearphishing Attachment
+Autorun Image
+Drive-by Compromise
+Damage to Property
+Spoof Reporting Message
+Exploitation of Remote Services
+Default Credentials
+External Remote Services
+Brute Force I/O
+Adversary-in-the-Middle
+Exploitation for Evasion
+Loss of Control
+Hooking
+Graphical User Interface
+Rogue Master
+Native API
+Loss of Availability
+Theft of Operational Information
+System Firmware
+Masquerading
+Program Download
+Replication Through Removable Media
+Screen Capture
+Hardcoded Credentials
+Valid Accounts
+Exploitation for Privilege Escalation
+Remote System Discovery
+Connection Proxy
+Standard Application Layer Protocol
+Remote Services
+Denial of Control
+Modify Alarm Settings
+Commonly Used Port
+Project File Infection
+Network Connection Enumeration
+Lateral Tool Transfer
+Module Firmware
+Internet Accessible Device
+Data from Local System
+Change Credential
+Modify Program
+Triton Safety Instrumented System Attack
+2015 Ukraine Electric Power Attack
+Maroochy Water Breach
+Unitronics Defacement Campaign
+2016 Ukraine Electric Power Attack
+2022 Ukraine Electric Power Attack
+Application Isolation and Sandboxing
+Filter Network Traffic
+Restrict Web-Based Content
+Validate Program Inputs
+Network Segmentation
+Restrict Library Loading
+Active Directory Configuration
+Network Intrusion Prevention
+Restrict Registry Permissions
+Data Loss Prevention
+Access Management
+Mitigation Limited or Not Effective
+Exploit Protection
+Limit Access to Resource Over Network
+Execution Prevention
+Static Network Configuration
+Password Policies
+Privileged Account Management
+Human User Authentication
+SSL/TLS Inspection
+Code Signing
+Software Process and Device Authentication
+Encrypt Network Traffic
+Account Use Policies
+Application Developer Guidance
+Boot Integrity
+Mechanical Protection Layers
+Update Software
+Watchdog Timers
+Operational Information Confidentiality
+Operating System Configuration
+Limit Hardware Installation
+Encrypt Sensitive Information
+Network Allowlists
+Supply Chain Management
+Data Backup
+Out-of-Band Communications Channel
+Audit
+Communication Authenticity
+Disable or Remove Feature or Program
+Threat Intelligence Program
+Safety Instrumented Systems
+User Training
+Multi-factor Authentication
+Vulnerability Scanning
+Authorization Enforcement
+User Account Management
+Redundancy of Service
+Restrict File and Directory Permissions
+Software Configuration
+Antivirus/Antimalware
+Minimize Wireless Signal Propagation
+The MITRE Corporation
+APT38
+ALLANITE
+Dragonfly
+FIN6
+FIN7
+Sandworm Team
+OilRig
+TEMP.Veles
+CyberAv3ngers
+GOLD SOUTHFIELD
+Lazarus Group
+Wizard Spider
+HEXANE
+APT33
+EKANS
+Backdoor.Oldrea
+Stuxnet
+Bad Rabbit
+PLC-Blaster
+BlackEnergy
+NotPetya
+Conficker
+LockerGoga
+VPNFilter
+Duqu
+Industroyer2
+WannaCry
+Triton
+Fuxnet
+Ryuk
+ACAD/Medre.A
+REvil
+INCONTROLLER
+KillDisk
+Industroyer
+Flame
+None
+Virtual Private Network (VPN) Server
+Jump Host
+Remote Terminal Unit (RTU)
+Field I/O
+Human-Machine Interface (HMI)
+Data Gateway
+Safety Controller
+Intelligent Electronic Device (IED)
+Application Server
+Programmable Logic Controller (PLC)
+Routers
+Data Historian
+Control Server
+Workstation
+Windows Registry Key Deletion
+Network Connection Creation
+File Access
+File Creation
+Network Traffic Content
+Logon Session Metadata
+Process Creation
+Drive Creation
+Process/Event Alarm
+Drive Modification
+Service Creation
+Process Termination
+File Metadata
+Service Modification
+Command Execution
+Service Metadata
+Scheduled Job Metadata
+File Modification
+Software
+Process History/Live Data
+OS API Execution
+Application Log Content
+Logon Session Creation
+Device Alarm
+Script Execution
+Network Traffic Flow
+User Account Authentication
+Asset Inventory
+Firmware Modification
+Module Load
+Windows Registry Key Modification
+File Deletion
+Process Metadata
+Scheduled Job Creation
+Network Share Access
+Scheduled Job Modification
+User Account
+Windows Registry
+Script
+Operational Databases
+Application Log
+Logon Session
+File
+Drive
+Command
+Asset
+Network Share
+Network Traffic
+Scheduled Job
+Firmware
+Service
+Process
+Module
+Inhibit Response Function
+Privilege Escalation
+Lateral Movement
+Discovery
+Initial Access
+Impact
+Persistence
+Execution
+Command and Control
+Collection
+Evasion
+Impair Process Control
+Network Intrusion Prevention
+Vulnerability Scanning
+Limit Access to Resource Over Network
+Filter Network Traffic
+Restrict Web-Based Content
+Application Developer Guidance
+Limit Hardware Installation
+User Training
+Operating System Configuration
+Data Backup
+Execution Prevention
+Code Signing
+SSL/TLS Inspection
+Boot Integrity
+Network Segmentation
+Threat Intelligence Program
+Password Policies
+User Account Management
+Restrict File and Directory Permissions
+Privileged Account Management
+Restrict Registry Permissions
+Antivirus/Antimalware
+Multi-factor Authentication
+Software Configuration
+Application Isolation and Sandboxing
+Audit
+Exploit Protection
+Active Directory Configuration
+Update Software
+Restrict Library Loading
+Disable or Remove Feature or Program
+Account Use Policies
+Encrypt Sensitive Information
+Leafminer