mirror of https://github.com/MISP/misp-galaxy
Alexandre Dulaunoy
ba46bb6a0b
Based on https://github.com/MISP/misp-galaxy/issues/469 There is an old and persistence issue in attribution world and basically no-one really agrees on this. So we decided to start a specific metadata `threat-actor-classification` on the threat-actor to define the various types per cluster entry: - _operation_: - _A military operation is the coordinated military actions of a state, or a non-state actor, in response to a developing situation. These actions are designed as a military plan to resolve the situation in the state or actor's favor. Operations may be of a combat or non-combat nature and may be referred to by a code name for the purpose of national security. Military operations are often known for their more generally accepted common usage names than their actual operational objectives._ from Wikipedia - **In the context of MISP threat-actor name, it's a single specific operation.** - _campaign_: - _The term military campaign applies to large scale, long duration, significant military strategy plans incorporating a series of inter-related military operations or battles forming a distinct part of a larger conflict often called a war. The term derives from the plain of Campania, a place of annual wartime operations by the armies of the Roman Republic._ from Wikipedia - **In the context of MISP threat-actor-name, it's long-term activity which might be composed of one or more operations.** - threat-actor - **In the context of MISP threat-actor-name, it's an agreed name by a set of organisations.** - activity group - **In the context of MISP threat-actor-name, it's a group defined by its set of common techniques or activities.** - unknown - **In the context of MISP threat-actor-name, it's still not clear if it's an operation, campaign, threat-actor or activity group** The meta field is an array to allow specific cluster of threat-actor to show the current disagreement between different organisations about the type (threat actor, activity group, campaign and operation). |
||
|---|---|---|
| .. | ||
| android.json | ||
| attck4fraud.json | ||
| backdoor.json | ||
| banker.json | ||
| bhadra-framework.json | ||
| botnet.json | ||
| branded_vulnerability.json | ||
| cert-eu-govsector.json | ||
| country.json | ||
| election-guidelines.json | ||
| exploit-kit.json | ||
| malpedia.json | ||
| microsoft-activity-group.json | ||
| misinfosec-amitt-misinformation-pattern.json | ||
| mitre-attack-pattern.json | ||
| mitre-course-of-action.json | ||
| mitre-enterprise-attack-attack-pattern.json | ||
| mitre-enterprise-attack-course-of-action.json | ||
| mitre-enterprise-attack-intrusion-set.json | ||
| mitre-enterprise-attack-malware.json | ||
| mitre-enterprise-attack-tool.json | ||
| mitre-intrusion-set.json | ||
| mitre-malware.json | ||
| mitre-mobile-attack-attack-pattern.json | ||
| mitre-mobile-attack-course-of-action.json | ||
| mitre-mobile-attack-intrusion-set.json | ||
| mitre-mobile-attack-malware.json | ||
| mitre-mobile-attack-tool.json | ||
| mitre-pre-attack-attack-pattern.json | ||
| mitre-pre-attack-intrusion-set.json | ||
| mitre-tool.json | ||
| o365-exchange-techniques.json | ||
| preventive-measure.json | ||
| ransomware.json | ||
| rat.json | ||
| region.json | ||
| sector.json | ||
| social-dark-patterns.json | ||
| stealer.json | ||
| surveillance-vendor.json | ||
| target-information.json | ||
| tds.json | ||
| threat-actor.json | ||
| tool.json | ||