Merge pull request #965 from Delta-Sierra/main

Creation new galaxy "entity"
2024-04-26 11:47:39 +02:00 · 2024-04-26 11:47:39 +02:00 · 5559aeee47
parent b4f90c7490 0e3bab72d9
commit 5559aeee47
3 changed files with 54 additions and 1 deletions
--- a/clusters/entity.json
+++ b/clusters/entity.json
@ -0,0 +1,34 @@
+{
+  "authors": [
+    "Various"
+  ],
+  "category": "actor",
+  "description": "Description of entities that can be involved in events.",
+  "name": "Entity",
+  "source": "MISP Project",
+  "type": "entity",
+  "uuid": "cd80fe0d-b905-449c-89f5-9a6b0ea09fc3",
+  "values": [
+    {
+      "description": "An individual involved in an event.",
+      "uuid": "e3983732-c670-4ea1-a28e-1f60bb3d74b7",
+      "value": "Individual"
+    },
+    {
+      "description": "A group involved in an event.",
+      "uuid": "d32a81f3-ed96-4bb0-a6b2-37efbeaa8cc0",
+      "value": "Group"
+    },
+    {
+      "description": "A employee involved in an event.",
+      "uuid": "35afacc1-8b9d-41b2-b90e-d2e2b2602aa9",
+      "value": "Employee"
+    },
+    {
+      "description": "A structure involved in an event.",
+      "uuid": "019a12dc-5325-4672-82b2-56558b661fe8",
+      "value": "Structure"
+    }
+  ],
+  "version": 1
+}
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -15907,7 +15907,17 @@
      },
      "uuid": "f5f6d4eb-1ec3-494e-807d-5b767122f9b2",
      "value": "UAC-0149"
+    },
+    {
+      "description": "ArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting perimeter network devices from multiple vendors. Coveted by these actors, perimeter network devices are the perfect intrusion point for espionage-focused campaigns. As a critical path for data into and out of the network, these devices need to be routinely and promptly patched; using up-to-date hardware and software versions and configurations; and be closely monitored from a security perspective. Gaining a foothold on these devices allows an actor to directly pivot into an organization, reroute or modify traffic and monitor network communications. In the past two years, we have seen a dramatic and sustained increase in the targeting of these devices in areas such as telecommunications providers and energy sector organizations — critical infrastructure entities that are likely strategic targets of interest for many foreign governments.",
+      "meta": {
+        "refs": [
+          "https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/"
+        ]
+      },
+      "uuid": "97a10d3b-5cb5-4df9-856c-515994f3e953",
+      "value": "ArcaneDoor"
    }
  ],
-  "version": 307
+  "version": 308
 }
--- a/galaxies/entity.json
+++ b/galaxies/entity.json
@ -0,0 +1,9 @@
+{
+  "description": "Description of entities that can be involved in events.",
+  "icon": "user",
+  "name": "Entity",
+  "namespace": "misp",
+  "type": "entity",
+  "uuid": "f1b42b47-778f-4e50-bda5-969ee7f9029f",
+  "version": 1
+}