forked from sulaimanzai/TCENet
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdata_structure.py
More file actions
86 lines (80 loc) · 1.7 KB
/
data_structure.py
File metadata and controls
86 lines (80 loc) · 1.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
ioc_type_mapping_dict = {
"ipv4addr": "ip",
"ipv6addr": "ip",
"ipv4range": "ip",
"ipv6range": "ip",
"ipv4cidr": "ip",
"ipv6cidr": "ip",
"fqdn": "fqdn",
"email": "email",
"filename": "filename",
"url": "url",
"md5": "hash",
"sha1": "hash",
"sha256": "hash",
"filepath": "filepath",
"regkey": "regkey",
"cve": "cve"
}
BTR_ioc_type_dict = {
"ip": 0,
"fqdn": 1,
"email": 2,
"filename": 3,
"url": 4,
"hash": 5,
"filepath": 6,
"regkey": 7,
"cve": 8,
"codemethod": 9,
"protocol": 10,
"dataobject": 11
}
encode_decode_method_list = [" aes ", " aes", "aes-", " xor", "xor-", " ror", " base64", " rc4", " des ", " des-",
" lznt1", " cast-", " 3des", " lzo"]
protocol = ["http", "https", "http/https", "ftp", "smtp", "pop3", "dns"]
collection_data_object = ["desktop", "clipboard", "directory", "exchange", "gmail", "outlook", "mailbox", "keystroke",
"keylogger", "password"]
Technique_key_verb = {
"T1027.txt": [
"obfuscate",
"encrypt",
"encode",
"include",
"compress"
],
"TA0009": [
"capture",
"steal",
"collect",
"watch"
],
"T1071": [
"communicate",
"compromise",
"tunnel"
],
"T1140": [
"decode",
"decrypt",
"encode",
"store"
],
"T1053.005": [
"schedule",
"establish",
"create",
"execute",
"run",
"launch"
],
"T1566.txt": [
"send",
"phish",
"contain",
"deliver",
"attach",
"target",
"compromise"
]
}