Merge pull request #968 from Delta-Sierra/main

add Cisco Talos and more producers

clusters/entity.json

@@ -0,0 +1,34 @@
+{
+  "authors": [
+    "Various"
+  ],
+  "category": "actor",
+  "description": "Description of entities that can be involved in events.",
+  "name": "Entity",
+  "source": "MISP Project",
+  "type": "entity",
+  "uuid": "cd80fe0d-b905-449c-89f5-9a6b0ea09fc3",
+  "values": [
+    {
+      "description": "An individual involved in an event.",
+      "uuid": "e3983732-c670-4ea1-a28e-1f60bb3d74b7",
+      "value": "Individual"
+    },
+    {
+      "description": "A group involved in an event.",
+      "uuid": "d32a81f3-ed96-4bb0-a6b2-37efbeaa8cc0",
+      "value": "Group"
+    },
+    {
+      "description": "A employee involved in an event.",
+      "uuid": "35afacc1-8b9d-41b2-b90e-d2e2b2602aa9",
+      "value": "Employee"
+    },
+    {
+      "description": "A structure involved in an event.",
+      "uuid": "019a12dc-5325-4672-82b2-56558b661fe8",
+      "value": "Structure"
+    }
+  ],
+  "version": 1
+}

clusters/producer.json

@@ -306,7 +306,162 @@
       },
       "uuid": "8a22c0b2-d05f-4142-ab74-ffdf38fe4758",
       "value": "Team Cymru"
+    },
+    {
+      "description": "G Data CyberDefense AG (until September 2019 G Data Software AG) is a German software company that focuses on computer security.",
+      "meta": {
+        "company-type": [
+          "Computer software"
+        ],
+        "country": "DE",
+        "official-refs": [
+          "https://www.gdata-software.com",
+          "https://www.gdatasoftware.co.uk"
+        ],
+        "product-type": [
+          "Antivirus software",
+          "Mobile Device Management"
+        ],
+        "products": [
+          "AntiVirus",
+          "InternetSecurity",
+          "TotalSecurity",
+          "AntiVirus for Mac",
+          "AntiVirus Business",
+          "AntiVirus Enterprise",
+          "ClientSecurity Business",
+          "ClientSecurity Enterprise",
+          "EndpointProtection Business",
+          "EndpointProtection Enterprise",
+          "MailSecurity",
+          "PatchManagement",
+          "Mobile Security",
+          "VPN"
+        ],
+        "refs": [
+          "https://en.wikipedia.org/wiki/G_Data_CyberDefense"
+        ],
+        "synonyms": [
+          "GDATA",
+          "G Data CyberDefense AG",
+          "G Data Software AG"
+        ]
+      },
+      "uuid": "2b69f676-c875-4000-8350-5f162e69d908",
+      "value": "G DATA"
+    },
+    {
+      "description": "Sekoia.io is a European cybersecurity SAAS company, whose mission is to develop the best protection capabilities against cyber attacks.",
+      "meta": {
+        "company-type": [
+          "Cyber Security Vendor"
+        ],
+        "country": "FR",
+        "official-refs": [
+          "https://www.sekoia.io"
+        ],
+        "product-type": [
+          "eXtended Detection and Response SaaS platform"
+        ],
+        "products": [
+          "SIEM RELOADED | Sekoia Defend",
+          "CTI RELOADED"
+        ]
+      },
+      "uuid": "6c9ef130-7cf6-4eeb-9e65-46228fc5e30c",
+      "value": "Sekoia"
+    },
+    {
+      "description": "Excellium Services Group is a cyber-security consulting and technology Integration Company established since 2012 in Luxemburg and Belgium, with activities and in France and Africa.",
+      "meta": {
+        "company-type": [
+          "Cyber-security consulting and technology Integration Company",
+          "CSIRT"
+        ],
+        "country": "LU",
+        "official-refs": [
+          "https://excellium-services.com"
+        ],
+        "product-type": [
+          "CERT-XLM",
+          "SOC",
+          "GDPR Services",
+          "Information Security Governance",
+          "Intrusion Tests – Red Team (Application Security Team)",
+          "Network & Security Infrastructure",
+          "Training"
+        ],
+        "products": [
+          "EyeGuard",
+          "EyeTools",
+          "EyeDeep",
+          "EyeTLD",
+          "EyeNotify"
+        ]
+      },
+      "uuid": "73ae2776-3700-4120-84ae-7e9785e6071b",
+      "value": "Excellium"
+    },
+    {
+      "description": "Telindus is a brand of Proximus Luxembourg SA. Founded in 1979, Telindus Luxembourg accompanies all organizations in their digital transformation, by providing holistic ICT & Telecommunication solutions, as well as tailored support services. Our areas of expertise include Telecommunication Services, ICT Infrastructure, Multi-Cloud, Digital Trust Solutions, Cybersecurity, Business Applications, Managed Services and Training.",
+      "meta": {
+        "company-type": [
+          "Service Provider"
+        ],
+        "country": "LU",
+        "official-refs": [
+          "https://www.telindus.lu/en"
+        ],
+        "product-type": [
+          "Ethical Hacking",
+          "Infrastructure Security",
+          "Managed Security Services",
+          "Protection, Detection and Orchestration",
+          "Security Operations Center",
+          "Strategy, risk, management and advice",
+          "ICT solutions",
+          "Telecoms",
+          "Cloud"
+        ]
+      },
+      "uuid": "4155eec3-fae2-4e80-a9a6-89b0f976851a",
+      "value": "Telindus"
+    },
+    {
+      "description": "Bleeping Computer is a website covering technology news and offering free computer help via its forums that was created by Lawrence Abrams in 2004. It publishes news focusing heavily on cybersecurity, but also covers other topics including computer software, computer hardware, operating system and general technology.",
+      "meta": {
+        "company-type": [
+          "Technology news and computer help"
+        ],
+        "country": "US",
+        "official-refs": [
+          "https://www.bleepingcomputer.com/"
+        ],
+        "product-type": [
+          "Security and Technology Blog Posts"
+        ],
+        "refs": [
+          "https://en.wikipedia.org/wiki/Bleeping_Computer"
+        ]
+      },
+      "uuid": "ec3fb9b0-4f24-4099-ad48-3e8f68e88275",
+      "value": "BleepingComputer"
+    },
+    {
+      "description": "",
+      "meta": {
+        "country": "US",
+        "refs": [
+          "https://talosintelligence.com/",
+          "https://blog.talosintelligence.com/"
+        ],
+        "synonyms": [
+          "Cisco Talos"
+        ]
+      },
+      "uuid": "0adf6f0f-3795-4de1-9763-1bdd1c31a5d7",
+      "value": "Cisco Talos Intelligence Group"
     }
   ],
-  "version": 4
+  "version": 6
 }

clusters/threat-actor.json

@@ -15907,7 +15907,17 @@
       },
       "uuid": "f5f6d4eb-1ec3-494e-807d-5b767122f9b2",
       "value": "UAC-0149"
+    },
+    {
+      "description": "ArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting perimeter network devices from multiple vendors. Coveted by these actors, perimeter network devices are the perfect intrusion point for espionage-focused campaigns. As a critical path for data into and out of the network, these devices need to be routinely and promptly patched; using up-to-date hardware and software versions and configurations; and be closely monitored from a security perspective. Gaining a foothold on these devices allows an actor to directly pivot into an organization, reroute or modify traffic and monitor network communications. In the past two years, we have seen a dramatic and sustained increase in the targeting of these devices in areas such as telecommunications providers and energy sector organizations — critical infrastructure entities that are likely strategic targets of interest for many foreign governments.",
+      "meta": {
+        "refs": [
+          "https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/"
+        ]
+      },
+      "uuid": "97a10d3b-5cb5-4df9-856c-515994f3e953",
+      "value": "ArcaneDoor"
     }
   ],
-  "version": 307
+  "version": 308
 }

galaxies/entity.json

@@ -0,0 +1,9 @@
+{
+  "description": "Description of entities that can be involved in events.",
+  "icon": "user",
+  "name": "Entity",
+  "namespace": "misp",
+  "type": "entity",
+  "uuid": "f1b42b47-778f-4e50-bda5-969ee7f9029f",
+  "version": 1
+}