misp-galaxy/clusters
Alexandre Dulaunoy ba46bb6a0b
chg: [threat-actor] fix #561 by using new meta to classify as a campaign only.
Based on https://github.com/MISP/misp-galaxy/issues/469

There is an old and persistence issue in attribution world and basically no-one really agrees on this. So we decided to start a specific metadata `threat-actor-classification` on the threat-actor to define the various types per cluster entry:

- _operation_:
  - _A military operation is the coordinated military actions of a state, or a non-state actor, in response to a developing situation. These actions are designed as a military plan to resolve the situation in the state or actor's favor. Operations may be of a combat or non-combat nature and may be referred to by a code name for the purpose of national security. Military operations are often known for their more generally accepted common usage names than their actual operational objectives._ from Wikipedia
  - **In the context of MISP threat-actor name, it's a single specific operation.**
- _campaign_:
  - _The term military campaign applies to large scale, long duration, significant military strategy plans incorporating a series of inter-related military operations or battles forming a distinct part of a larger conflict often called a war. The term derives from the plain of Campania, a place of annual wartime operations by the armies of the Roman Republic._ from Wikipedia
  - **In the context of MISP threat-actor-name, it's long-term activity which might be composed of one or more operations.**
- threat-actor
  - **In the context of MISP threat-actor-name, it's an agreed name by a set of organisations.**
- activity group
  - **In the context of MISP threat-actor-name, it's a group defined by its set of common techniques or activities.**
- unknown
  - **In the context of MISP threat-actor-name, it's still not clear if it's an operation, campaign, threat-actor or activity group**

The meta field is an array to allow specific cluster of threat-actor to show the current disagreement between different organisations about the type (threat actor, activity group, campaign and operation).
2020-07-07 09:13:21 +02:00
..
android.json fix: UUID issues 2019-05-07 12:09:39 +02:00
attck4fraud.json chg: [attck4fraud] jq all the things 2019-10-20 20:07:29 +02:00
backdoor.json add speculoos bakdoor 2020-04-27 09:36:23 +02:00
banker.json chg: [jq] JSON fixed 2020-04-27 15:03:25 +02:00
bhadra-framework.json fix: small fixes to the bhadra framework 2020-05-19 16:45:40 +02:00
botnet.json add AESDDoS Botnet 2019-05-02 10:15:26 +02:00
branded_vulnerability.json chg: [branded_vulnerability] version updated 2019-05-25 08:41:33 +02:00
cert-eu-govsector.json chg: [cert-eu-govsector] version fixed 2019-02-21 07:19:04 +01:00
country.json chg: [country] jq all 2020-03-23 13:09:14 +01:00
election-guidelines.json fix: Wrong (duplicate) value. 2019-03-09 06:29:26 +01:00
exploit-kit.json Added misp info 2020-04-27 15:16:33 +03:00
malpedia.json chg: [malpedia] fixes 2020-03-05 10:48:28 +01:00
microsoft-activity-group.json PARINACOTA group 2020-03-12 13:11:46 +01:00
misinfosec-amitt-misinformation-pattern.json fix: [misinfosec] fixes inconsistent filename 2019-10-20 18:53:02 +02:00
mitre-attack-pattern.json fix: [attack] fixes old MITRE relationships not being removed 2019-10-27 21:06:26 +01:00
mitre-course-of-action.json fix: [attack] fixes old MITRE relationships not being removed 2019-10-27 21:06:26 +01:00
mitre-enterprise-attack-attack-pattern.json chg: further categorization of galaxies 2018-10-19 14:15:20 +02:00
mitre-enterprise-attack-course-of-action.json chg: [att&ck] July ATT&CK release included in MISP galaxy 2019-08-01 15:51:03 +02:00
mitre-enterprise-attack-intrusion-set.json fix: Duplicate values, typos. 2019-05-06 17:17:16 +02:00
mitre-enterprise-attack-malware.json jq 2018-10-19 10:23:09 +02:00
mitre-enterprise-attack-tool.json Added misp info 2020-04-27 15:16:33 +03:00
mitre-intrusion-set.json fix: [attack] fixes old MITRE relationships not being removed 2019-10-27 21:06:26 +01:00
mitre-malware.json fix: [attack] fixes old MITRE relationships not being removed 2019-10-27 21:06:26 +01:00
mitre-mobile-attack-attack-pattern.json chg: [att&ck] July ATT&CK release included in MISP galaxy 2019-08-01 15:51:03 +02:00
mitre-mobile-attack-course-of-action.json chg: [att&ck] July ATT&CK release included in MISP galaxy 2019-08-01 15:51:03 +02:00
mitre-mobile-attack-intrusion-set.json fix: Duplicate values, typos. 2019-05-06 17:17:16 +02:00
mitre-mobile-attack-malware.json chg: [att&ck] July ATT&CK release included in MISP galaxy 2019-08-01 15:51:03 +02:00
mitre-mobile-attack-tool.json jq 2018-10-19 10:23:09 +02:00
mitre-pre-attack-attack-pattern.json chg: [att&ck] July ATT&CK release included in MISP galaxy 2019-08-01 15:51:03 +02:00
mitre-pre-attack-intrusion-set.json chg: [att&ck] July ATT&CK release included in MISP galaxy 2019-08-01 15:51:03 +02:00
mitre-tool.json fix: [attack] fixes old MITRE relationships not being removed 2019-10-27 21:06:26 +01:00
o365-exchange-techniques.json fix: o365-exchange-techniques (duplicate values, duplicate UUIDs) 2019-05-13 11:15:38 +02:00
preventive-measure.json chg: [preventive-measure] packet filtering added 2020-05-27 10:02:16 +02:00
ransomware.json fix missing description 2020-05-15 09:00:34 +02:00
rat.json chg: [jq] JSON fixed 2020-04-27 15:03:25 +02:00
region.json new galaxy - Region based on UN M49 2019-09-26 13:01:41 +02:00
sector.json fix: UUID issues 2019-05-07 12:09:39 +02:00
social-dark-patterns.json add: [dark-pattern] add a source 2019-12-03 17:09:57 +01:00
stealer.json Add Ave Maria Stealer 2019-04-13 17:01:31 +02:00
surveillance-vendor.json add clusters to surveillance-vendor galaxy 2019-12-05 12:06:10 +01:00
target-information.json complete Zimbabwe cluster 2020-01-21 10:51:07 +01:00
tds.json zTDS 2018-12-22 11:51:40 +01:00
threat-actor.json chg: [threat-actor] fix #561 by using new meta to classify as a campaign only. 2020-07-07 09:13:21 +02:00
tool.json Add CrackMapExec, metasploit, Cobalt Strike and Covenant 2020-05-26 09:35:01 -04:00