MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity
misp-galaxy/clusters
History
Alexandre Dulaunoy ccc8f0f801
chg: [microsoft-activity-group] updated to map the new funky Microsoft "taxonomy" 
Script to generate the cluster is the following, UUIDv5 based on
standard misp-stix source UUIDv4.

~~~python
lcluster = []
for v in data:
    cluster = {}
    cluster['value'] = v['threat_actor']
    cluster['meta'] = {}
    cluster['meta']['sector'] = v['sector']
    cluster['meta']['synonyms'] = v['synonyms']
    cluster['meta']['refs'] = []
    cluster['meta']['refs'].append('https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide')
    _uuid = uuid.uuid5(uuid.UUID("76beed5f-7251-457e-8c2a-b45f7b589d3d"), "{}".format(cluster['value']))
    cluster['uuid'] = str(_uuid)
    lcluster.append(cluster)
~~~

Relationships might be added in a later stage to map with the MISP threat actor galaxy.
 		2023-04-19 10:47:11 +02:00
..
360net.json chg: [360net] updated to latest online version 2023-02-20 20:03:36 +08:00
android.json fix missing brackets 2023-01-25 14:47:22 +01:00
atrm.json chg: [atrm] bump to latest ATRM version 2022-08-19 21:19:23 +02:00
attck4fraud.json
backdoor.json add PowerMagic backdoor 2023-04-13 14:11:36 +02:00
banker.json add Malteiro 2022-12-16 16:43:50 +01:00
bhadra-framework.json
botnet.json chg[botnet]: Add HinataBot 2023-04-03 11:19:08 -06:00
branded_vulnerability.json
cancer.json add galaxy and cluster cancer 2022-03-11 14:20:09 +01:00
cert-eu-govsector.json
china-defence-universities.json
cmtmf-attack-pattern.json chg: [concordia] CMTMF killchain typo fixed 2021-12-20 10:41:00 +01:00
country.json add: [country] Manually added the missing relations to some `country` cluster values 2023-01-16 22:22:42 +01:00
cryptominers.json add hezb 2022-09-13 10:40:00 +02:00
election-guidelines.json
exploit-kit.json
first-dns.json fix: [first-dns] corrected typo 2023-02-21 10:54:30 +08:00
handicap.json fix: [handicap] fix galaxy icon + name + type 2022-11-17 15:16:05 +01:00
malpedia.json version fix 2022-11-15 13:36:49 +01:00
microsoft-activity-group.json chg: [microsoft-activity-group] updated to map the new funky Microsoft "taxonomy" 2023-04-19 10:47:11 +02:00
misinfosec-amitt-misinformation-pattern.json
mitre-attack-pattern.json chg: [mitre] updated with correct ID parsing 2023-02-21 10:36:37 +00:00
mitre-course-of-action.json chg: [mitre] updated 2022-11-28 12:48:29 +01:00
mitre-enterprise-attack-attack-pattern.json
mitre-enterprise-attack-course-of-action.json
mitre-enterprise-attack-intrusion-set.json Merge APT30 and Naikon 2022-08-18 11:36:45 -07:00
mitre-enterprise-attack-malware.json
mitre-enterprise-attack-tool.json
mitre-ics-assets.json fix; [mitre-ics-assets] Fixed some `refs` meta field names 2022-11-23 20:44:46 +01:00
mitre-ics-groups.json
mitre-ics-levels.json
mitre-ics-software.json
mitre-ics-tactics.json
mitre-ics-techniques.json fix: [clusters] Fixed some other few `meta` field names 2022-11-24 09:17:28 +01:00
mitre-intrusion-set.json chg: [mitre] updated 2022-11-28 12:48:29 +01:00
mitre-malware.json chg: [mitre] updated 2022-11-28 12:48:29 +01:00
mitre-mobile-attack-attack-pattern.json
mitre-mobile-attack-course-of-action.json
mitre-mobile-attack-intrusion-set.json
mitre-mobile-attack-malware.json
mitre-mobile-attack-tool.json
mitre-pre-attack-attack-pattern.json
mitre-pre-attack-intrusion-set.json
mitre-tool.json chg: [mitre] updated 2022-11-28 12:48:29 +01:00
o365-exchange-techniques.json Added O365 techniques 2021-09-18 23:27:38 +02:00
online-service.json new: [online-service] online service added 2023-04-17 10:59:18 +02:00
preventive-measure.json
ransomware.json jq 2023-04-11 15:06:59 +02:00
rat.json Version Update 2022-11-28 16:27:54 +01:00
region.json fix: [region] JQed all the things !! 2023-01-25 09:24:52 +01:00
rsit.json
sector.json Add synonyms to sector.json 2022-08-21 11:09:50 +02:00
sigma-rules.json chg:[sigma] Sigma rules updated 2023-04-12 11:44:43 +02:00
social-dark-patterns.json
sod-matrix.json
stealer.json new: [stealer] add Sordeal Stealer 2023-04-11 09:54:02 +02:00
surveillance-vendor.json Update surveillance-vendor.json 2022-06-22 13:30:55 +02:00
target-information.json chg: [target-information] fix the duplicate 2022-11-24 15:08:16 +01:00
tds.json chg [tds]: Add 404 TDS 2023-03-08 21:45:13 -06:00
tea-matrix.json
threat-actor.json adding Trend Micro alias Earth Smilodon for APT27 2023-04-18 20:11:57 +02:00
tool.json Add SNOWYAMBER, HALFRIG, QUARTERRIG tools 2023-04-14 15:59:42 +02:00
uavs.json adding uavs 2023-01-24 19:55:46 +01:00