This commit is contained in:
Delta-Sierra 2024-05-31 15:32:40 +02:00
commit 2a51fc0341
10 changed files with 36347 additions and 1739 deletions

9
.vscode/launch.json vendored
View file

@ -1,6 +1,15 @@
{ {
"version": "0.2.0", "version": "0.2.0",
"configurations": [ "configurations": [
{
"name": "gen_mitre_d3fend",
"type": "debugpy",
"request": "launch",
"program": "${file}",
"console": "integratedTerminal",
"args": "",
"cwd": "${fileDirname}"
},
{ {
"name": "gen_mitre", "name": "gen_mitre",
"type": "debugpy", "type": "debugpy",

401
README.md
View file

@ -21,683 +21,596 @@ to localized information (which is not shared) or additional information (that c
## 360.net Threat Actors ## 360.net Threat Actors
[360.net Threat Actors](https://www.misp-project.org/galaxy.html#_360.net_threat_actors) - Known or estimated adversary groups as identified by 360.net. [360.net Threat Actors](https://www.misp-galaxy.org/360net) - Known or estimated adversary groups as identified by 360.net.
Category: *actor* - source: *https://apt.360.net/aptlist* - total: *42* elements Category: *actor* - source: *https://apt.360.net/aptlist* - total: *42* elements
[[HTML](https://www.misp-project.org/galaxy.html#_360.net_threat_actors)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/360net.json)] [[HTML](https://www.misp-galaxy.org/360net)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/360net.json)]
## Ammunitions ## Ammunitions
[Ammunitions](https://www.misp-project.org/galaxy.html#_ammunitions) - Common ammunitions galaxy [Ammunitions](https://www.misp-galaxy.org/ammunitions) - Common ammunitions galaxy
Category: *firearm* - source: *https://ammo.com/* - total: *410* elements Category: *firearm* - source: *https://ammo.com/* - total: *410* elements
[[HTML](https://www.misp-project.org/galaxy.html#_ammunitions)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/ammunitions.json)] [[HTML](https://www.misp-galaxy.org/ammunitions)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/ammunitions.json)]
## Android ## Android
[Android](https://www.misp-project.org/galaxy.html#_android) - Android malware galaxy based on multiple open sources. [Android](https://www.misp-galaxy.org/android) - Android malware galaxy based on multiple open sources.
Category: *tool* - source: *Open Sources* - total: *433* elements Category: *tool* - source: *Open Sources* - total: *433* elements
[[HTML](https://www.misp-project.org/galaxy.html#_android)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/android.json)] [[HTML](https://www.misp-galaxy.org/android)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/android.json)]
## Azure Threat Research Matrix ## Azure Threat Research Matrix
[Azure Threat Research Matrix](https://www.misp-project.org/galaxy.html#_azure_threat_research_matrix) - The purpose of the Azure Threat Research Matrix (ATRM) is to educate readers on the potential of Azure-based tactics, techniques, and procedures (TTPs). It is not to teach how to weaponize or specifically abuse them. For this reason, some specific commands will be obfuscated or parts will be omitted to prevent abuse. [Azure Threat Research Matrix](https://www.misp-galaxy.org/atrm) - The purpose of the Azure Threat Research Matrix (ATRM) is to educate readers on the potential of Azure-based tactics, techniques, and procedures (TTPs). It is not to teach how to weaponize or specifically abuse them. For this reason, some specific commands will be obfuscated or parts will be omitted to prevent abuse.
Category: *atrm* - source: *https://github.com/microsoft/Azure-Threat-Research-Matrix* - total: *90* elements Category: *atrm* - source: *https://github.com/microsoft/Azure-Threat-Research-Matrix* - total: *90* elements
[[HTML](https://www.misp-project.org/galaxy.html#_azure_threat_research_matrix)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/atrm.json)] [[HTML](https://www.misp-galaxy.org/atrm)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/atrm.json)]
## attck4fraud ## attck4fraud
[attck4fraud](https://www.misp-project.org/galaxy.html#_attck4fraud) - attck4fraud - Principles of MITRE ATT&CK in the fraud domain [attck4fraud](https://www.misp-galaxy.org/attck4fraud) - attck4fraud - Principles of MITRE ATT&CK in the fraud domain
Category: *guidelines* - source: *Open Sources* - total: *71* elements Category: *guidelines* - source: *Open Sources* - total: *71* elements
[[HTML](https://www.misp-project.org/galaxy.html#_attck4fraud)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/attck4fraud.json)] [[HTML](https://www.misp-galaxy.org/attck4fraud)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/attck4fraud.json)]
## Backdoor ## Backdoor
[Backdoor](https://www.misp-project.org/galaxy.html#_backdoor) - A list of backdoor malware. [Backdoor](https://www.misp-galaxy.org/backdoor) - A list of backdoor malware.
Category: *tool* - source: *Open Sources* - total: *28* elements Category: *tool* - source: *Open Sources* - total: *28* elements
[[HTML](https://www.misp-project.org/galaxy.html#_backdoor)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/backdoor.json)] [[HTML](https://www.misp-galaxy.org/backdoor)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/backdoor.json)]
## Banker ## Banker
[Banker](https://www.misp-project.org/galaxy.html#_banker) - A list of banker malware. [Banker](https://www.misp-galaxy.org/banker) - A list of banker malware.
Category: *tool* - source: *Open Sources* - total: *53* elements Category: *tool* - source: *Open Sources* - total: *53* elements
[[HTML](https://www.misp-project.org/galaxy.html#_banker)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/banker.json)] [[HTML](https://www.misp-galaxy.org/banker)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/banker.json)]
## Bhadra Framework ## Bhadra Framework
[Bhadra Framework](https://www.misp-project.org/galaxy.html#_bhadra_framework) - Bhadra Threat Modeling Framework [Bhadra Framework](https://www.misp-galaxy.org/bhadra-framework) - Bhadra Threat Modeling Framework
Category: *mobile* - source: *https://arxiv.org/pdf/2005.05110.pdf* - total: *47* elements Category: *mobile* - source: *https://arxiv.org/pdf/2005.05110.pdf* - total: *47* elements
[[HTML](https://www.misp-project.org/galaxy.html#_bhadra_framework)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/bhadra-framework.json)] [[HTML](https://www.misp-galaxy.org/bhadra-framework)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/bhadra-framework.json)]
## Botnet ## Botnet
[Botnet](https://www.misp-project.org/galaxy.html#_botnet) - botnet galaxy [Botnet](https://www.misp-galaxy.org/botnet) - botnet galaxy
Category: *tool* - source: *MISP Project* - total: *130* elements Category: *tool* - source: *MISP Project* - total: *130* elements
[[HTML](https://www.misp-project.org/galaxy.html#_botnet)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/botnet.json)] [[HTML](https://www.misp-galaxy.org/botnet)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/botnet.json)]
## Branded Vulnerability ## Branded Vulnerability
[Branded Vulnerability](https://www.misp-project.org/galaxy.html#_branded_vulnerability) - List of known vulnerabilities and attacks with a branding [Branded Vulnerability](https://www.misp-galaxy.org/branded_vulnerability) - List of known vulnerabilities and attacks with a branding
Category: *vulnerability* - source: *Open Sources* - total: *14* elements Category: *vulnerability* - source: *Open Sources* - total: *14* elements
[[HTML](https://www.misp-project.org/galaxy.html#_branded_vulnerability)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/branded_vulnerability.json)] [[HTML](https://www.misp-galaxy.org/branded_vulnerability)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/branded_vulnerability.json)]
## Cert EU GovSector ## Cert EU GovSector
[Cert EU GovSector](https://www.misp-project.org/galaxy.html#_cert_eu_govsector) - Cert EU GovSector [Cert EU GovSector](https://www.misp-galaxy.org/cert-eu-govsector) - Cert EU GovSector
Category: *sector* - source: *CERT-EU* - total: *6* elements Category: *sector* - source: *CERT-EU* - total: *6* elements
[[HTML](https://www.misp-project.org/galaxy.html#_cert_eu_govsector)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/cert-eu-govsector.json)] [[HTML](https://www.misp-galaxy.org/cert-eu-govsector)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/cert-eu-govsector.json)]
## China Defence Universities Tracker ## China Defence Universities Tracker
[China Defence Universities Tracker](https://www.misp-project.org/galaxy.html#_china_defence_universities_tracker) - The China Defence Universities Tracker is a database of Chinese institutions engaged in military or security-related science and technology research. It was created by ASPIs International Cyber Policy Centre. [China Defence Universities Tracker](https://www.misp-galaxy.org/china-defence-universities) - The China Defence Universities Tracker is a database of Chinese institutions engaged in military or security-related science and technology research. It was created by ASPIs International Cyber Policy Centre.
Category: *academic-institution* - source: *ASPI International Cyber Policy Centre* - total: *159* elements Category: *academic-institution* - source: *ASPI International Cyber Policy Centre* - total: *159* elements
[[HTML](https://www.misp-project.org/galaxy.html#_china_defence_universities_tracker)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/china-defence-universities.json)] [[HTML](https://www.misp-galaxy.org/china-defence-universities)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/china-defence-universities.json)]
## CONCORDIA Mobile Modelling Framework - Attack Pattern ## CONCORDIA Mobile Modelling Framework - Attack Pattern
[CONCORDIA Mobile Modelling Framework - Attack Pattern](https://www.misp-project.org/galaxy.html#_concordia_mobile_modelling_framework_-_attack_pattern) - A list of Techniques in CONCORDIA Mobile Modelling Framework. [CONCORDIA Mobile Modelling Framework - Attack Pattern](https://www.misp-galaxy.org/cmtmf-attack-pattern) - A list of Techniques in CONCORDIA Mobile Modelling Framework.
Category: *cmtmf-attack-pattern* - source: *https://5g4iot.vlab.cs.hioa.no/* - total: *93* elements Category: *cmtmf-attack-pattern* - source: *https://5g4iot.vlab.cs.hioa.no/* - total: *93* elements
[[HTML](https://www.misp-project.org/galaxy.html#_concordia_mobile_modelling_framework_-_attack_pattern)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/cmtmf-attack-pattern.json)] [[HTML](https://www.misp-galaxy.org/cmtmf-attack-pattern)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/cmtmf-attack-pattern.json)]
## Country ## Country
[Country](https://www.misp-project.org/galaxy.html#_country) - Country meta information based on the database provided by geonames.org. [Country](https://www.misp-galaxy.org/country) - Country meta information based on the database provided by geonames.org.
Category: *country* - source: *MISP Project* - total: *252* elements Category: *country* - source: *MISP Project* - total: *252* elements
[[HTML](https://www.misp-project.org/galaxy.html#_country)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/country.json)] [[HTML](https://www.misp-galaxy.org/country)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/country.json)]
## Cryptominers ## Cryptominers
[Cryptominers](https://www.misp-project.org/galaxy.html#_cryptominers) - A list of cryptominer and cryptojacker malware. [Cryptominers](https://www.misp-galaxy.org/cryptominers) - A list of cryptominer and cryptojacker malware.
Category: *Cryptominers* - source: *Open Source Intelligence* - total: *5* elements Category: *Cryptominers* - source: *Open Source Intelligence* - total: *5* elements
[[HTML](https://www.misp-project.org/galaxy.html#_cryptominers)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/cryptominers.json)] [[HTML](https://www.misp-galaxy.org/cryptominers)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/cryptominers.json)]
## Actor Types ## Actor Types
[Actor Types](https://www.misp-project.org/galaxy.html#_actor_types) - DISARM is a framework designed for describing and understanding disinformation incidents. [Actor Types](https://www.misp-galaxy.org/disarm-actortypes) - DISARM is a framework designed for describing and understanding disinformation incidents.
Category: *disarm* - source: *https://github.com/DISARMFoundation/DISARMframeworks* - total: *33* elements Category: *disarm* - source: *https://github.com/DISARMFoundation/DISARMframeworks* - total: *33* elements
[[HTML](https://www.misp-project.org/galaxy.html#_actor_types)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/disarm-actortypes.json)] [[HTML](https://www.misp-galaxy.org/disarm-actortypes)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/disarm-actortypes.json)]
## Countermeasures ## Countermeasures
[Countermeasures](https://www.misp-project.org/galaxy.html#_countermeasures) - DISARM is a framework designed for describing and understanding disinformation incidents. [Countermeasures](https://www.misp-galaxy.org/disarm-countermeasures) - DISARM is a framework designed for describing and understanding disinformation incidents.
Category: *disarm* - source: *https://github.com/DISARMFoundation/DISARMframeworks* - total: *139* elements Category: *disarm* - source: *https://github.com/DISARMFoundation/DISARMframeworks* - total: *139* elements
[[HTML](https://www.misp-project.org/galaxy.html#_countermeasures)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/disarm-countermeasures.json)] [[HTML](https://www.misp-galaxy.org/disarm-countermeasures)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/disarm-countermeasures.json)]
## Detections ## Detections
[Detections](https://www.misp-project.org/galaxy.html#_detections) - DISARM is a framework designed for describing and understanding disinformation incidents. [Detections](https://www.misp-galaxy.org/disarm-detections) - DISARM is a framework designed for describing and understanding disinformation incidents.
Category: *disarm* - source: *https://github.com/DISARMFoundation/DISARMframeworks* - total: *94* elements Category: *disarm* - source: *https://github.com/DISARMFoundation/DISARMframeworks* - total: *94* elements
[[HTML](https://www.misp-project.org/galaxy.html#_detections)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/disarm-detections.json)] [[HTML](https://www.misp-galaxy.org/disarm-detections)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/disarm-detections.json)]
## Techniques ## Techniques
[Techniques](https://www.misp-project.org/galaxy.html#_techniques) - DISARM is a framework designed for describing and understanding disinformation incidents. [Techniques](https://www.misp-galaxy.org/disarm-techniques) - DISARM is a framework designed for describing and understanding disinformation incidents.
Category: *disarm* - source: *https://github.com/DISARMFoundation/DISARMframeworks* - total: *298* elements Category: *disarm* - source: *https://github.com/DISARMFoundation/DISARMframeworks* - total: *298* elements
[[HTML](https://www.misp-project.org/galaxy.html#_techniques)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/disarm-techniques.json)] [[HTML](https://www.misp-galaxy.org/disarm-techniques)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/disarm-techniques.json)]
## Election guidelines ## Election guidelines
[Election guidelines](https://www.misp-project.org/galaxy.html#_election_guidelines) - Universal Development and Security Guidelines as Applicable to Election Technology. [Election guidelines](https://www.misp-galaxy.org/election-guidelines) - Universal Development and Security Guidelines as Applicable to Election Technology.
Category: *guidelines* - source: *Open Sources* - total: *23* elements Category: *guidelines* - source: *Open Sources* - total: *23* elements
[[HTML](https://www.misp-project.org/galaxy.html#_election_guidelines)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/election-guidelines.json)] [[HTML](https://www.misp-galaxy.org/election-guidelines)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/election-guidelines.json)]
## Entity ## Entity
[Entity](https://www.misp-project.org/galaxy.html#_entity) - Description of entities that can be involved in events. [Entity](https://www.misp-galaxy.org/entity) - Description of entities that can be involved in events.
Category: *actor* - source: *MISP Project* - total: *4* elements Category: *actor* - source: *MISP Project* - total: *4* elements
[[HTML](https://www.misp-project.org/galaxy.html#_entity)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/entity.json)] [[HTML](https://www.misp-galaxy.org/entity)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/entity.json)]
## Exploit-Kit ## Exploit-Kit
[Exploit-Kit](https://www.misp-project.org/galaxy.html#_exploit-kit) - Exploit-Kit is an enumeration of some exploitation kits used by adversaries. The list includes document, browser and router exploit kits.It's not meant to be totally exhaustive but aim at covering the most seen in the past 5 years [Exploit-Kit](https://www.misp-galaxy.org/exploit-kit) - Exploit-Kit is an enumeration of some exploitation kits used by adversaries. The list includes document, browser and router exploit kits.It's not meant to be totally exhaustive but aim at covering the most seen in the past 5 years
Category: *tool* - source: *MISP Project* - total: *52* elements Category: *tool* - source: *MISP Project* - total: *52* elements
[[HTML](https://www.misp-project.org/galaxy.html#_exploit-kit)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/exploit-kit.json)] [[HTML](https://www.misp-galaxy.org/exploit-kit)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/exploit-kit.json)]
## Firearms ## Firearms
[Firearms](https://www.misp-project.org/galaxy.html#_firearms) - Common firearms galaxy [Firearms](https://www.misp-galaxy.org/firearms) - Common firearms galaxy
Category: *firearm* - source: *https://www.impactguns.com* - total: *5953* elements Category: *firearm* - source: *https://www.impactguns.com* - total: *5953* elements
[[HTML](https://www.misp-project.org/galaxy.html#_firearms)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/firearms.json)] [[HTML](https://www.misp-galaxy.org/firearms)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/firearms.json)]
## FIRST DNS Abuse Techniques Matrix ## FIRST DNS Abuse Techniques Matrix
[FIRST DNS Abuse Techniques Matrix](https://www.misp-project.org/galaxy.html#_first_dns_abuse_techniques_matrix) - The Domain Name System (DNS) is a critical part of the Internet, including mapping domain names to IP addresses. Malicious threat actors use domain names, their corresponding technical resources, and other parts of the DNS infrastructure, including its protocols, for their malicious cyber operations. CERTs are confronted with reported DNS abuse on a continuous basis, and rely heavily on DNS analysis and infrastructure to protect their constituencies. Understanding the international customary norms applicable for detecting and mitigating DNS abuse from the perspective of the global incident response community is critical for the open Internets stability, security and resiliency. See also https://www.first.org/global/sigs/dns/ for more information. [FIRST DNS Abuse Techniques Matrix](https://www.misp-galaxy.org/first-dns) - The Domain Name System (DNS) is a critical part of the Internet, including mapping domain names to IP addresses. Malicious threat actors use domain names, their corresponding technical resources, and other parts of the DNS infrastructure, including its protocols, for their malicious cyber operations. CERTs are confronted with reported DNS abuse on a continuous basis, and rely heavily on DNS analysis and infrastructure to protect their constituencies. Understanding the international customary norms applicable for detecting and mitigating DNS abuse from the perspective of the global incident response community is critical for the open Internets stability, security and resiliency. See also https://www.first.org/global/sigs/dns/ for more information.
Category: *first-dns* - source: *https://www.first.org/global/sigs/dns/* - total: *21* elements Category: *first-dns* - source: *https://www.first.org/global/sigs/dns/* - total: *21* elements
[[HTML](https://www.misp-project.org/galaxy.html#_first_dns_abuse_techniques_matrix)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/first-dns.json)] [[HTML](https://www.misp-galaxy.org/first-dns)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/first-dns.json)]
## Intelligence Agencies ## Intelligence Agencies
[Intelligence Agencies](https://www.misp-project.org/galaxy.html#_intelligence_agencies) - List of intelligence agencies [Intelligence Agencies](https://www.misp-galaxy.org/intelligence-agencies) - List of intelligence agencies
Category: *Intelligence Agencies* - source: *https://en.wikipedia.org/wiki/List_of_intelligence_agencies* - total: *436* elements Category: *Intelligence Agencies* - source: *https://en.wikipedia.org/wiki/List_of_intelligence_agencies* - total: *436* elements
[[HTML](https://www.misp-project.org/galaxy.html#_intelligence_agencies)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/intelligence-agencies.json)] [[HTML](https://www.misp-galaxy.org/intelligence-agencies)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/intelligence-agencies.json)]
## INTERPOL DWVA Taxonomy ## INTERPOL DWVA Taxonomy
[INTERPOL DWVA Taxonomy](https://www.misp-project.org/galaxy.html#_interpol_dwva_taxonomy) - This taxonomy defines common forms of abuses and entities that represent real-world actors and service that are part of a larger Darknet- and Cryptoasset Ecosystems. [INTERPOL DWVA Taxonomy](https://www.misp-galaxy.org/interpol-dwva) - This taxonomy defines common forms of abuses and entities that represent real-world actors and service that are part of a larger Darknet- and Cryptoasset Ecosystems.
Category: *dwva* - source: *https://interpol-innovation-centre.github.io/DW-VA-Taxonomy/* - total: *94* elements Category: *dwva* - source: *https://interpol-innovation-centre.github.io/DW-VA-Taxonomy/* - total: *94* elements
[[HTML](https://www.misp-project.org/galaxy.html#_interpol_dwva_taxonomy)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/interpol-dwva.json)] [[HTML](https://www.misp-galaxy.org/interpol-dwva)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/interpol-dwva.json)]
## Malpedia ## Malpedia
[Malpedia](https://www.misp-project.org/galaxy.html#_malpedia) - Malware galaxy cluster based on Malpedia. [Malpedia](https://www.misp-galaxy.org/malpedia) - Malware galaxy cluster based on Malpedia.
Category: *tool* - source: *Malpedia* - total: *3039* elements Category: *tool* - source: *Malpedia* - total: *3039* elements
[[HTML](https://www.misp-project.org/galaxy.html#_malpedia)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/malpedia.json)] [[HTML](https://www.misp-galaxy.org/malpedia)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/malpedia.json)]
## Microsoft Activity Group actor ## Microsoft Activity Group actor
[Microsoft Activity Group actor](https://www.misp-project.org/galaxy.html#_microsoft_activity_group_actor) - Activity groups as described by Microsoft [Microsoft Activity Group actor](https://www.misp-galaxy.org/microsoft-activity-group) - Activity groups as described by Microsoft
Category: *actor* - source: *MISP Project* - total: *79* elements Category: *actor* - source: *MISP Project* - total: *79* elements
[[HTML](https://www.misp-project.org/galaxy.html#_microsoft_activity_group_actor)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/microsoft-activity-group.json)] [[HTML](https://www.misp-galaxy.org/microsoft-activity-group)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/microsoft-activity-group.json)]
## Misinformation Pattern ## Misinformation Pattern
[Misinformation Pattern](https://www.misp-project.org/galaxy.html#_misinformation_pattern) - AM!TT Technique [Misinformation Pattern](https://www.misp-galaxy.org/misinfosec-amitt-misinformation-pattern) - AM!TT Technique
Category: *misinformation-pattern* - source: *https://github.com/misinfosecproject/amitt_framework* - total: *61* elements Category: *misinformation-pattern* - source: *https://github.com/misinfosecproject/amitt_framework* - total: *61* elements
[[HTML](https://www.misp-project.org/galaxy.html#_misinformation_pattern)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/misinfosec-amitt-misinformation-pattern.json)] [[HTML](https://www.misp-galaxy.org/misinfosec-amitt-misinformation-pattern)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/misinfosec-amitt-misinformation-pattern.json)]
## MITRE ATLAS Attack Pattern ## MITRE ATLAS Attack Pattern
[MITRE ATLAS Attack Pattern](https://www.misp-project.org/galaxy.html#_mitre_atlas_attack_pattern) - MITRE ATLAS Attack Pattern - Adversarial Threat Landscape for Artificial-Intelligence Systems [MITRE ATLAS Attack Pattern](https://www.misp-galaxy.org/mitre-atlas-attack-pattern) - MITRE ATLAS Attack Pattern - Adversarial Threat Landscape for Artificial-Intelligence Systems
Category: *attack-pattern* - source: *https://github.com/mitre-atlas/atlas-navigator-data* - total: *82* elements Category: *attack-pattern* - source: *https://github.com/mitre-atlas/atlas-navigator-data* - total: *82* elements
[[HTML](https://www.misp-project.org/galaxy.html#_mitre_atlas_attack_pattern)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-atlas-attack-pattern.json)] [[HTML](https://www.misp-galaxy.org/mitre-atlas-attack-pattern)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-atlas-attack-pattern.json)]
## MITRE ATLAS Course of Action ## MITRE ATLAS Course of Action
[MITRE ATLAS Course of Action](https://www.misp-project.org/galaxy.html#_mitre_atlas_course_of_action) - MITRE ATLAS Mitigation - Adversarial Threat Landscape for Artificial-Intelligence Systems [MITRE ATLAS Course of Action](https://www.misp-galaxy.org/mitre-atlas-course-of-action) - MITRE ATLAS Mitigation - Adversarial Threat Landscape for Artificial-Intelligence Systems
Category: *course-of-action* - source: *https://github.com/mitre-atlas/atlas-navigator-data* - total: *20* elements Category: *course-of-action* - source: *https://github.com/mitre-atlas/atlas-navigator-data* - total: *20* elements
[[HTML](https://www.misp-project.org/galaxy.html#_mitre_atlas_course_of_action)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-atlas-course-of-action.json)] [[HTML](https://www.misp-galaxy.org/mitre-atlas-course-of-action)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-atlas-course-of-action.json)]
## Attack Pattern ## Attack Pattern
[Attack Pattern](https://www.misp-project.org/galaxy.html#_attack_pattern) - ATT&CK tactic [Attack Pattern](https://www.misp-galaxy.org/mitre-attack-pattern) - ATT&CK tactic
Category: *attack-pattern* - source: *https://github.com/mitre/cti* - total: *1141* elements Category: *attack-pattern* - source: *https://github.com/mitre/cti* - total: *1141* elements
[[HTML](https://www.misp-project.org/galaxy.html#_attack_pattern)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-attack-pattern.json)] [[HTML](https://www.misp-galaxy.org/mitre-attack-pattern)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-attack-pattern.json)]
## Course of Action ## Course of Action
[Course of Action](https://www.misp-project.org/galaxy.html#_course_of_action) - ATT&CK Mitigation [Course of Action](https://www.misp-galaxy.org/mitre-course-of-action) - ATT&CK Mitigation
Category: *course-of-action* - source: *https://github.com/mitre/cti* - total: *281* elements Category: *course-of-action* - source: *https://github.com/mitre/cti* - total: *281* elements
[[HTML](https://www.misp-project.org/galaxy.html#_course_of_action)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-course-of-action.json)] [[HTML](https://www.misp-galaxy.org/mitre-course-of-action)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-course-of-action.json)]
## MITRE D3FEND
[MITRE D3FEND](https://www.misp-galaxy.org/mitre-d3fend) - A knowledge graph of cybersecurity countermeasures.
Category: *d3fend* - source: *https://d3fend.mitre.org/* - total: *171* elements
[[HTML](https://www.misp-galaxy.org/mitre-d3fend)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-d3fend.json)]
## mitre-data-component ## mitre-data-component
[mitre-data-component](https://www.misp-project.org/galaxy.html#_mitre-data-component) - Data components are parts of data sources. [mitre-data-component](https://www.misp-galaxy.org/mitre-data-component) - Data components are parts of data sources.
Category: *data-component* - source: *https://github.com/mitre/cti* - total: *117* elements Category: *data-component* - source: *https://github.com/mitre/cti* - total: *117* elements
[[HTML](https://www.misp-project.org/galaxy.html#_mitre-data-component)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-data-component.json)] [[HTML](https://www.misp-galaxy.org/mitre-data-component)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-data-component.json)]
## mitre-data-source ## mitre-data-source
[mitre-data-source](https://www.misp-project.org/galaxy.html#_mitre-data-source) - Data sources represent the various subjects/topics of information that can be collected by sensors/logs. [mitre-data-source](https://www.misp-galaxy.org/mitre-data-source) - Data sources represent the various subjects/topics of information that can be collected by sensors/logs.
Category: *data-source* - source: *https://github.com/mitre/cti* - total: *40* elements Category: *data-source* - source: *https://github.com/mitre/cti* - total: *40* elements
[[HTML](https://www.misp-project.org/galaxy.html#_mitre-data-source)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-data-source.json)] [[HTML](https://www.misp-galaxy.org/mitre-data-source)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-data-source.json)]
## Enterprise Attack - Attack Pattern
[Enterprise Attack - Attack Pattern](https://www.misp-project.org/galaxy.html#_enterprise_attack_-_attack_pattern) - ATT&CK tactic
Category: *attack-pattern* - source: *https://github.com/mitre/cti* - total: *219* elements
[[HTML](https://www.misp-project.org/galaxy.html#_enterprise_attack_-_attack_pattern)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-enterprise-attack-attack-pattern.json)]
## Enterprise Attack - Course of Action
[Enterprise Attack - Course of Action](https://www.misp-project.org/galaxy.html#_enterprise_attack_-_course_of_action) - ATT&CK Mitigation
Category: *course-of-action* - source: *https://github.com/mitre/cti* - total: *215* elements
[[HTML](https://www.misp-project.org/galaxy.html#_enterprise_attack_-_course_of_action)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-enterprise-attack-course-of-action.json)]
## Enterprise Attack - Intrusion Set
[Enterprise Attack - Intrusion Set](https://www.misp-project.org/galaxy.html#_enterprise_attack_-_intrusion_set) - Name of ATT&CK Group
Category: *actor* - source: *https://github.com/mitre/cti* - total: *69* elements
[[HTML](https://www.misp-project.org/galaxy.html#_enterprise_attack_-_intrusion_set)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-enterprise-attack-intrusion-set.json)]
## Enterprise Attack - Malware
[Enterprise Attack - Malware](https://www.misp-project.org/galaxy.html#_enterprise_attack_-_malware) - Name of ATT&CK software
Category: *tool* - source: *https://github.com/mitre/cti* - total: *188* elements
[[HTML](https://www.misp-project.org/galaxy.html#_enterprise_attack_-_malware)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-enterprise-attack-malware.json)]
## Enterprise Attack - Tool
[Enterprise Attack - Tool](https://www.misp-project.org/galaxy.html#_enterprise_attack_-_tool) - Name of ATT&CK software
Category: *tool* - source: *https://github.com/mitre/cti* - total: *45* elements
[[HTML](https://www.misp-project.org/galaxy.html#_enterprise_attack_-_tool)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-enterprise-attack-tool.json)]
## Assets ## Assets
[Assets](https://www.misp-project.org/galaxy.html#_assets) - A list of asset categories that are commonly found in industrial control systems. [Assets](https://www.misp-galaxy.org/mitre-ics-assets) - A list of asset categories that are commonly found in industrial control systems.
Category: *asset* - source: *https://collaborate.mitre.org/attackics/index.php/All_Assets* - total: *7* elements Category: *asset* - source: *https://collaborate.mitre.org/attackics/index.php/All_Assets* - total: *7* elements
[[HTML](https://www.misp-project.org/galaxy.html#_assets)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-ics-assets.json)] [[HTML](https://www.misp-galaxy.org/mitre-ics-assets)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-ics-assets.json)]
## Groups ## Groups
[Groups](https://www.misp-project.org/galaxy.html#_groups) - Groups are sets of related intrusion activity that are tracked by a common name in the security community. Groups are also sometimes referred to as campaigns or intrusion sets. Some groups have multiple names associated with the same set of activities due to various organizations tracking the same set of activities by different names. Groups are mapped to publicly reported technique use and referenced in the ATT&CK for ICS knowledge base. Groups are also mapped to reported software used during intrusions. [Groups](https://www.misp-galaxy.org/mitre-ics-groups) - Groups are sets of related intrusion activity that are tracked by a common name in the security community. Groups are also sometimes referred to as campaigns or intrusion sets. Some groups have multiple names associated with the same set of activities due to various organizations tracking the same set of activities by different names. Groups are mapped to publicly reported technique use and referenced in the ATT&CK for ICS knowledge base. Groups are also mapped to reported software used during intrusions.
Category: *actor* - source: *https://collaborate.mitre.org/attackics/index.php/Groups* - total: *10* elements Category: *actor* - source: *https://collaborate.mitre.org/attackics/index.php/Groups* - total: *10* elements
[[HTML](https://www.misp-project.org/galaxy.html#_groups)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-ics-groups.json)] [[HTML](https://www.misp-galaxy.org/mitre-ics-groups)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-ics-groups.json)]
## Levels ## Levels
[Levels](https://www.misp-project.org/galaxy.html#_levels) - Based on the Purdue Model to aid ATT&CK for ICS users to understand which techniques are applicable to their environment. [Levels](https://www.misp-galaxy.org/mitre-ics-levels) - Based on the Purdue Model to aid ATT&CK for ICS users to understand which techniques are applicable to their environment.
Category: *level* - source: *https://collaborate.mitre.org/attackics/index.php/All_Levels* - total: *3* elements Category: *level* - source: *https://collaborate.mitre.org/attackics/index.php/All_Levels* - total: *3* elements
[[HTML](https://www.misp-project.org/galaxy.html#_levels)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-ics-levels.json)] [[HTML](https://www.misp-galaxy.org/mitre-ics-levels)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-ics-levels.json)]
## Software ## Software
[Software](https://www.misp-project.org/galaxy.html#_software) - Software is a generic term for custom or commercial code, operating system utilities, open-source software, or other tools used to conduct behavior modeled in ATT&CK for ICS. [Software](https://www.misp-galaxy.org/mitre-ics-software) - Software is a generic term for custom or commercial code, operating system utilities, open-source software, or other tools used to conduct behavior modeled in ATT&CK for ICS.
Category: *tool* - source: *https://collaborate.mitre.org/attackics/index.php/Software* - total: *17* elements Category: *tool* - source: *https://collaborate.mitre.org/attackics/index.php/Software* - total: *17* elements
[[HTML](https://www.misp-project.org/galaxy.html#_software)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-ics-software.json)] [[HTML](https://www.misp-galaxy.org/mitre-ics-software)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-ics-software.json)]
## Tactics ## Tactics
[Tactics](https://www.misp-project.org/galaxy.html#_tactics) - A list of all 11 tactics in ATT&CK for ICS [Tactics](https://www.misp-galaxy.org/mitre-ics-tactics) - A list of all 11 tactics in ATT&CK for ICS
Category: *tactic* - source: *https://collaborate.mitre.org/attackics/index.php/All_Tactics* - total: *9* elements Category: *tactic* - source: *https://collaborate.mitre.org/attackics/index.php/All_Tactics* - total: *9* elements
[[HTML](https://www.misp-project.org/galaxy.html#_tactics)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-ics-tactics.json)] [[HTML](https://www.misp-galaxy.org/mitre-ics-tactics)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-ics-tactics.json)]
## Techniques ## Techniques
[Techniques](https://www.misp-project.org/galaxy.html#_techniques) - A list of Techniques in ATT&CK for ICS. [Techniques](https://www.misp-galaxy.org/mitre-ics-techniques) - A list of Techniques in ATT&CK for ICS.
Category: *attack-pattern* - source: *https://collaborate.mitre.org/attackics/index.php/All_Techniques* - total: *78* elements Category: *attack-pattern* - source: *https://collaborate.mitre.org/attackics/index.php/All_Techniques* - total: *78* elements
[[HTML](https://www.misp-project.org/galaxy.html#_techniques)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-ics-techniques.json)] [[HTML](https://www.misp-galaxy.org/mitre-ics-techniques)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-ics-techniques.json)]
## Intrusion Set ## Intrusion Set
[Intrusion Set](https://www.misp-project.org/galaxy.html#_intrusion_set) - Name of ATT&CK Group [Intrusion Set](https://www.misp-galaxy.org/mitre-intrusion-set) - Name of ATT&CK Group
Category: *actor* - source: *https://github.com/mitre/cti* - total: *165* elements Category: *actor* - source: *https://github.com/mitre/cti* - total: *165* elements
[[HTML](https://www.misp-project.org/galaxy.html#_intrusion_set)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-intrusion-set.json)] [[HTML](https://www.misp-galaxy.org/mitre-intrusion-set)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-intrusion-set.json)]
## Malware ## Malware
[Malware](https://www.misp-project.org/galaxy.html#_malware) - Name of ATT&CK software [Malware](https://www.misp-galaxy.org/mitre-malware) - Name of ATT&CK software
Category: *tool* - source: *https://github.com/mitre/cti* - total: *705* elements Category: *tool* - source: *https://github.com/mitre/cti* - total: *705* elements
[[HTML](https://www.misp-project.org/galaxy.html#_malware)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-malware.json)] [[HTML](https://www.misp-galaxy.org/mitre-malware)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-malware.json)]
## Mobile Attack - Attack Pattern
[Mobile Attack - Attack Pattern](https://www.misp-project.org/galaxy.html#_mobile_attack_-_attack_pattern) - ATT&CK tactic
Category: *attack-pattern* - source: *https://github.com/mitre/cti* - total: *76* elements
[[HTML](https://www.misp-project.org/galaxy.html#_mobile_attack_-_attack_pattern)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-mobile-attack-attack-pattern.json)]
## Mobile Attack - Course of Action
[Mobile Attack - Course of Action](https://www.misp-project.org/galaxy.html#_mobile_attack_-_course_of_action) - ATT&CK Mitigation
Category: *course-of-action* - source: *https://github.com/mitre/cti* - total: *14* elements
[[HTML](https://www.misp-project.org/galaxy.html#_mobile_attack_-_course_of_action)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-mobile-attack-course-of-action.json)]
## Mobile Attack - Intrusion Set
[Mobile Attack - Intrusion Set](https://www.misp-project.org/galaxy.html#_mobile_attack_-_intrusion_set) - Name of ATT&CK Group
Category: *actor* - source: *https://github.com/mitre/cti* - total: *1* elements
[[HTML](https://www.misp-project.org/galaxy.html#_mobile_attack_-_intrusion_set)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-mobile-attack-intrusion-set.json)]
## Mobile Attack - Malware
[Mobile Attack - Malware](https://www.misp-project.org/galaxy.html#_mobile_attack_-_malware) - Name of ATT&CK software
Category: *tool* - source: *https://github.com/mitre/cti* - total: *35* elements
[[HTML](https://www.misp-project.org/galaxy.html#_mobile_attack_-_malware)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-mobile-attack-malware.json)]
## Mobile Attack - Tool
[Mobile Attack - Tool](https://www.misp-project.org/galaxy.html#_mobile_attack_-_tool) - Name of ATT&CK software
Category: *tool* - source: *https://github.com/mitre/cti* - total: *1* elements
[[HTML](https://www.misp-project.org/galaxy.html#_mobile_attack_-_tool)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-mobile-attack-tool.json)]
## Pre Attack - Attack Pattern
[Pre Attack - Attack Pattern](https://www.misp-project.org/galaxy.html#_pre_attack_-_attack_pattern) - ATT&CK tactic
Category: *attack-pattern* - source: *https://github.com/mitre/cti* - total: *174* elements
[[HTML](https://www.misp-project.org/galaxy.html#_pre_attack_-_attack_pattern)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-pre-attack-attack-pattern.json)]
## Pre Attack - Intrusion Set
[Pre Attack - Intrusion Set](https://www.misp-project.org/galaxy.html#_pre_attack_-_intrusion_set) - Name of ATT&CK Group
Category: *actor* - source: *https://github.com/mitre/cti* - total: *7* elements
[[HTML](https://www.misp-project.org/galaxy.html#_pre_attack_-_intrusion_set)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-pre-attack-intrusion-set.json)]
## mitre-tool ## mitre-tool
[mitre-tool](https://www.misp-project.org/galaxy.html#_mitre-tool) - Name of ATT&CK software [mitre-tool](https://www.misp-galaxy.org/mitre-tool) - Name of ATT&CK software
Category: *tool* - source: *https://github.com/mitre/cti* - total: *87* elements Category: *tool* - source: *https://github.com/mitre/cti* - total: *87* elements
[[HTML](https://www.misp-project.org/galaxy.html#_mitre-tool)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-tool.json)] [[HTML](https://www.misp-galaxy.org/mitre-tool)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-tool.json)]
## NAICS ## NAICS
[NAICS](https://www.misp-project.org/galaxy.html#_naics) - The North American Industry Classification System or NAICS is a classification of business establishments by type of economic activity (the process of production). [NAICS](https://www.misp-galaxy.org/naics) - The North American Industry Classification System or NAICS is a classification of business establishments by type of economic activity (the process of production).
Category: *sector* - source: *North American Industry Classification System - NAICS* - total: *2125* elements Category: *sector* - source: *North American Industry Classification System - NAICS* - total: *2125* elements
[[HTML](https://www.misp-project.org/galaxy.html#_naics)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/naics.json)] [[HTML](https://www.misp-galaxy.org/naics)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/naics.json)]
## o365-exchange-techniques ## o365-exchange-techniques
[o365-exchange-techniques](https://www.misp-project.org/galaxy.html#_o365-exchange-techniques) - o365-exchange-techniques - Office365/Exchange related techniques by @johnLaTwC and @inversecos [o365-exchange-techniques](https://www.misp-galaxy.org/o365-exchange-techniques) - o365-exchange-techniques - Office365/Exchange related techniques by @johnLaTwC and @inversecos
Category: *guidelines* - source: *Open Sources, https://www.inversecos.com/2021/09/office365-attacks-bypassing-mfa.html* - total: *62* elements Category: *guidelines* - source: *Open Sources, https://www.inversecos.com/2021/09/office365-attacks-bypassing-mfa.html* - total: *62* elements
[[HTML](https://www.misp-project.org/galaxy.html#_o365-exchange-techniques)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/o365-exchange-techniques.json)] [[HTML](https://www.misp-galaxy.org/o365-exchange-techniques)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/o365-exchange-techniques.json)]
## online-service ## online-service
[online-service](https://www.misp-project.org/galaxy.html#_online-service) - Known public online services. [online-service](https://www.misp-galaxy.org/online-service) - Known public online services.
Category: *tool* - source: *Open Sources* - total: *1* elements Category: *tool* - source: *Open Sources* - total: *1* elements
[[HTML](https://www.misp-project.org/galaxy.html#_online-service)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/online-service.json)] [[HTML](https://www.misp-galaxy.org/online-service)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/online-service.json)]
## Preventive Measure ## Preventive Measure
[Preventive Measure](https://www.misp-project.org/galaxy.html#_preventive_measure) - Preventive measures based on the ransomware document overview as published in https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml# . The preventive measures are quite generic and can fit any standard Windows infrastructure and their security measures. [Preventive Measure](https://www.misp-galaxy.org/preventive-measure) - Preventive measures based on the ransomware document overview as published in https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml# . The preventive measures are quite generic and can fit any standard Windows infrastructure and their security measures.
Category: *measure* - source: *MISP Project* - total: *20* elements Category: *measure* - source: *MISP Project* - total: *20* elements
[[HTML](https://www.misp-project.org/galaxy.html#_preventive_measure)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/preventive-measure.json)] [[HTML](https://www.misp-galaxy.org/preventive-measure)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/preventive-measure.json)]
## Producer ## Producer
[Producer](https://www.misp-project.org/galaxy.html#_producer) - List of threat intelligence producer from security vendors to CERTs including any producer of intelligence at large. [Producer](https://www.misp-galaxy.org/producer) - List of threat intelligence producer from security vendors to CERTs including any producer of intelligence at large.
Category: *actor* - source: *MISP Project* - total: *21* elements Category: *actor* - source: *MISP Project* - total: *21* elements
[[HTML](https://www.misp-project.org/galaxy.html#_producer)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/producer.json)] [[HTML](https://www.misp-galaxy.org/producer)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/producer.json)]
## Ransomware ## Ransomware
[Ransomware](https://www.misp-project.org/galaxy.html#_ransomware) - Ransomware galaxy based on https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml and http://pastebin.com/raw/GHgpWjar [Ransomware](https://www.misp-galaxy.org/ransomware) - Ransomware galaxy based on https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml and http://pastebin.com/raw/GHgpWjar
Category: *tool* - source: *Various* - total: *1706* elements Category: *tool* - source: *Various* - total: *1706* elements
[[HTML](https://www.misp-project.org/galaxy.html#_ransomware)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/ransomware.json)] [[HTML](https://www.misp-galaxy.org/ransomware)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/ransomware.json)]
## RAT ## RAT
[RAT](https://www.misp-project.org/galaxy.html#_rat) - remote administration tool or remote access tool (RAT), also called sometimes remote access trojan, is a piece of software or programming that allows a remote "operator" to control a system as if they have physical access to that system. [RAT](https://www.misp-galaxy.org/rat) - remote administration tool or remote access tool (RAT), also called sometimes remote access trojan, is a piece of software or programming that allows a remote "operator" to control a system as if they have physical access to that system.
Category: *tool* - source: *MISP Project* - total: *266* elements Category: *tool* - source: *MISP Project* - total: *266* elements
[[HTML](https://www.misp-project.org/galaxy.html#_rat)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/rat.json)] [[HTML](https://www.misp-galaxy.org/rat)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/rat.json)]
## Regions UN M49 ## Regions UN M49
[Regions UN M49](https://www.misp-project.org/galaxy.html#_regions_un_m49) - Regions based on UN M49. [Regions UN M49](https://www.misp-galaxy.org/region) - Regions based on UN M49.
Category: *location* - source: *https://unstats.un.org/unsd/methodology/m49/overview/* - total: *32* elements Category: *location* - source: *https://unstats.un.org/unsd/methodology/m49/overview/* - total: *32* elements
[[HTML](https://www.misp-project.org/galaxy.html#_regions_un_m49)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/region.json)] [[HTML](https://www.misp-galaxy.org/region)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/region.json)]
## rsit ## rsit
[rsit](https://www.misp-project.org/galaxy.html#_rsit) - rsit [rsit](https://www.misp-galaxy.org/rsit) - rsit
Category: *rsit* - source: *https://github.com/enisaeu/Reference-Security-Incident-Taxonomy-Task-Force* - total: *39* elements Category: *rsit* - source: *https://github.com/enisaeu/Reference-Security-Incident-Taxonomy-Task-Force* - total: *39* elements
[[HTML](https://www.misp-project.org/galaxy.html#_rsit)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/rsit.json)] [[HTML](https://www.misp-galaxy.org/rsit)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/rsit.json)]
## Sector ## Sector
[Sector](https://www.misp-project.org/galaxy.html#_sector) - Activity sectors [Sector](https://www.misp-galaxy.org/sector) - Activity sectors
Category: *sector* - source: *CERT-EU* - total: *118* elements Category: *sector* - source: *CERT-EU* - total: *118* elements
[[HTML](https://www.misp-project.org/galaxy.html#_sector)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/sector.json)] [[HTML](https://www.misp-galaxy.org/sector)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/sector.json)]
## Sigma-Rules ## Sigma-Rules
[Sigma-Rules](https://www.misp-project.org/galaxy.html#_sigma-rules) - MISP galaxy cluster based on Sigma Rules. [Sigma-Rules](https://www.misp-galaxy.org/sigma-rules) - MISP galaxy cluster based on Sigma Rules.
Category: *rules* - source: *https://github.com/jstnk9/MISP/tree/main/misp-galaxy/sigma* - total: *2888* elements Category: *rules* - source: *https://github.com/jstnk9/MISP/tree/main/misp-galaxy/sigma* - total: *2888* elements
[[HTML](https://www.misp-project.org/galaxy.html#_sigma-rules)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/sigma-rules.json)] [[HTML](https://www.misp-galaxy.org/sigma-rules)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/sigma-rules.json)]
## Dark Patterns ## Dark Patterns
[Dark Patterns](https://www.misp-project.org/galaxy.html#_dark_patterns) - Dark Patterns are user interface that tricks users into making decisions that benefit the interface's holder to the expense of the user. [Dark Patterns](https://www.misp-galaxy.org/social-dark-patterns) - Dark Patterns are user interface that tricks users into making decisions that benefit the interface's holder to the expense of the user.
Category: *dark-patterns* - source: *CIRCL* - total: *19* elements Category: *dark-patterns* - source: *CIRCL* - total: *19* elements
[[HTML](https://www.misp-project.org/galaxy.html#_dark_patterns)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/social-dark-patterns.json)] [[HTML](https://www.misp-galaxy.org/social-dark-patterns)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/social-dark-patterns.json)]
## SoD Matrix ## SoD Matrix
[SoD Matrix](https://www.misp-project.org/galaxy.html#_sod_matrix) - SOD Matrix [SoD Matrix](https://www.misp-galaxy.org/sod-matrix) - SOD Matrix
Category: *sod-matrix* - source: *https://github.com/cudeso/SoD-Matrix* - total: *276* elements Category: *sod-matrix* - source: *https://github.com/cudeso/SoD-Matrix* - total: *276* elements
[[HTML](https://www.misp-project.org/galaxy.html#_sod_matrix)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/sod-matrix.json)] [[HTML](https://www.misp-galaxy.org/sod-matrix)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/sod-matrix.json)]
## Stealer ## Stealer
[Stealer](https://www.misp-project.org/galaxy.html#_stealer) - A list of malware stealer. [Stealer](https://www.misp-galaxy.org/stealer) - A list of malware stealer.
Category: *tool* - source: *Open Sources* - total: *16* elements Category: *tool* - source: *Open Sources* - total: *16* elements
[[HTML](https://www.misp-project.org/galaxy.html#_stealer)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/stealer.json)] [[HTML](https://www.misp-galaxy.org/stealer)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/stealer.json)]
## Surveillance Vendor ## Surveillance Vendor
[Surveillance Vendor](https://www.misp-project.org/galaxy.html#_surveillance_vendor) - List of vendors selling surveillance technologies including malware, interception devices or computer exploitation services. [Surveillance Vendor](https://www.misp-galaxy.org/surveillance-vendor) - List of vendors selling surveillance technologies including malware, interception devices or computer exploitation services.
Category: *actor* - source: *MISP Project* - total: *50* elements Category: *actor* - source: *MISP Project* - total: *50* elements
[[HTML](https://www.misp-project.org/galaxy.html#_surveillance_vendor)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/surveillance-vendor.json)] [[HTML](https://www.misp-galaxy.org/surveillance-vendor)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/surveillance-vendor.json)]
## Target Information ## Target Information
[Target Information](https://www.misp-project.org/galaxy.html#_target_information) - Description of targets of threat actors. [Target Information](https://www.misp-galaxy.org/target-information) - Description of targets of threat actors.
Category: *target* - source: *Various* - total: *241* elements Category: *target* - source: *Various* - total: *241* elements
[[HTML](https://www.misp-project.org/galaxy.html#_target_information)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/target-information.json)] [[HTML](https://www.misp-galaxy.org/target-information)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/target-information.json)]
## TDS ## TDS
[TDS](https://www.misp-project.org/galaxy.html#_tds) - TDS is a list of Traffic Direction System used by adversaries [TDS](https://www.misp-galaxy.org/tds) - TDS is a list of Traffic Direction System used by adversaries
Category: *tool* - source: *MISP Project* - total: *11* elements Category: *tool* - source: *MISP Project* - total: *11* elements
[[HTML](https://www.misp-project.org/galaxy.html#_tds)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tds.json)] [[HTML](https://www.misp-galaxy.org/tds)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tds.json)]
## Tea Matrix ## Tea Matrix
[Tea Matrix](https://www.misp-project.org/galaxy.html#_tea_matrix) - Tea Matrix [Tea Matrix](https://www.misp-galaxy.org/tea-matrix) - Tea Matrix
Category: *tea-matrix* - source: ** - total: *7* elements Category: *tea-matrix* - source: ** - total: *7* elements
[[HTML](https://www.misp-project.org/galaxy.html#_tea_matrix)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tea-matrix.json)] [[HTML](https://www.misp-galaxy.org/tea-matrix)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tea-matrix.json)]
## Threat Actor ## Threat Actor
[Threat Actor](https://www.misp-project.org/galaxy.html#_threat_actor) - Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign. threat-actor-classification meta can be used to clarify the understanding of the threat-actor if also considered as operation, campaign or activity group. [Threat Actor](https://www.misp-galaxy.org/threat-actor) - Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign. threat-actor-classification meta can be used to clarify the understanding of the threat-actor if also considered as operation, campaign or activity group.
Category: *actor* - source: *MISP Project* - total: *675* elements Category: *actor* - source: *MISP Project* - total: *678* elements
[[HTML](https://www.misp-project.org/galaxy.html#_threat_actor)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/threat-actor.json)] [[HTML](https://www.misp-galaxy.org/threat-actor)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/threat-actor.json)]
## Tidal Campaigns ## Tidal Campaigns
[Tidal Campaigns](https://www.misp-project.org/galaxy.html#_tidal_campaigns) - Tidal Campaigns Cluster [Tidal Campaigns](https://www.misp-galaxy.org/tidal-campaigns) - Tidal Campaigns Cluster
Category: *Campaigns* - source: *https://app-api.tidalcyber.com/api/v1/campaigns/* - total: *48* elements Category: *Campaigns* - source: *https://app-api.tidalcyber.com/api/v1/campaigns/* - total: *48* elements
[[HTML](https://www.misp-project.org/galaxy.html#_tidal_campaigns)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tidal-campaigns.json)] [[HTML](https://www.misp-galaxy.org/tidal-campaigns)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tidal-campaigns.json)]
## Tidal Groups ## Tidal Groups
[Tidal Groups](https://www.misp-project.org/galaxy.html#_tidal_groups) - Tidal Groups Galaxy [Tidal Groups](https://www.misp-galaxy.org/tidal-groups) - Tidal Groups Galaxy
Category: *Threat Groups* - source: *https://app-api.tidalcyber.com/api/v1/groups/* - total: *172* elements Category: *Threat Groups* - source: *https://app-api.tidalcyber.com/api/v1/groups/* - total: *172* elements
[[HTML](https://www.misp-project.org/galaxy.html#_tidal_groups)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tidal-groups.json)] [[HTML](https://www.misp-galaxy.org/tidal-groups)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tidal-groups.json)]
## Tidal References ## Tidal References
[Tidal References](https://www.misp-project.org/galaxy.html#_tidal_references) - Tidal References Cluster [Tidal References](https://www.misp-galaxy.org/tidal-references) - Tidal References Cluster
Category: *References* - source: *https://app-api.tidalcyber.com/api/v1/references/* - total: *4104* elements Category: *References* - source: *https://app-api.tidalcyber.com/api/v1/references/* - total: *4104* elements
[[HTML](https://www.misp-project.org/galaxy.html#_tidal_references)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tidal-references.json)] [[HTML](https://www.misp-galaxy.org/tidal-references)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tidal-references.json)]
## Tidal Software ## Tidal Software
[Tidal Software](https://www.misp-project.org/galaxy.html#_tidal_software) - Tidal Software Cluster [Tidal Software](https://www.misp-galaxy.org/tidal-software) - Tidal Software Cluster
Category: *Software* - source: *https://app-api.tidalcyber.com/api/v1/software/* - total: *962* elements Category: *Software* - source: *https://app-api.tidalcyber.com/api/v1/software/* - total: *961* elements
[[HTML](https://www.misp-project.org/galaxy.html#_tidal_software)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tidal-software.json)] [[HTML](https://www.misp-galaxy.org/tidal-software)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tidal-software.json)]
## Tidal Tactic ## Tidal Tactic
[Tidal Tactic](https://www.misp-project.org/galaxy.html#_tidal_tactic) - Tidal Tactic Cluster [Tidal Tactic](https://www.misp-galaxy.org/tidal-tactic) - Tidal Tactic Cluster
Category: *Tactic* - source: *https://app-api.tidalcyber.com/api/v1/tactic/* - total: *14* elements Category: *Tactic* - source: *https://app-api.tidalcyber.com/api/v1/tactic/* - total: *14* elements
[[HTML](https://www.misp-project.org/galaxy.html#_tidal_tactic)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tidal-tactic.json)] [[HTML](https://www.misp-galaxy.org/tidal-tactic)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tidal-tactic.json)]
## Tidal Technique ## Tidal Technique
[Tidal Technique](https://www.misp-project.org/galaxy.html#_tidal_technique) - Tidal Technique Cluster [Tidal Technique](https://www.misp-galaxy.org/tidal-technique) - Tidal Technique Cluster
Category: *Technique* - source: *https://app-api.tidalcyber.com/api/v1/technique/* - total: *202* elements Category: *Technique* - source: *https://app-api.tidalcyber.com/api/v1/technique/* - total: *202* elements
[[HTML](https://www.misp-project.org/galaxy.html#_tidal_technique)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tidal-technique.json)] [[HTML](https://www.misp-galaxy.org/tidal-technique)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tidal-technique.json)]
## Threat Matrix for storage services ## Threat Matrix for storage services
[Threat Matrix for storage services](https://www.misp-project.org/galaxy.html#_threat_matrix_for_storage_services) - Microsoft Defender for Cloud threat matrix for storage services contains attack tactics, techniques and mitigations relevant storage services delivered by cloud providers. [Threat Matrix for storage services](https://www.misp-galaxy.org/tmss) - Microsoft Defender for Cloud threat matrix for storage services contains attack tactics, techniques and mitigations relevant storage services delivered by cloud providers.
Category: *tmss* - source: *https://github.com/microsoft/Threat-matrix-for-storage-services* - total: *40* elements Category: *tmss* - source: *https://github.com/microsoft/Threat-matrix-for-storage-services* - total: *40* elements
[[HTML](https://www.misp-project.org/galaxy.html#_threat_matrix_for_storage_services)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tmss.json)] [[HTML](https://www.misp-galaxy.org/tmss)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tmss.json)]
## Tool ## Tool
[Tool](https://www.misp-project.org/galaxy.html#_tool) - threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries. [Tool](https://www.misp-galaxy.org/tool) - threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.
Category: *tool* - source: *MISP Project* - total: *603* elements Category: *tool* - source: *MISP Project* - total: *603* elements
[[HTML](https://www.misp-project.org/galaxy.html#_tool)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tool.json)] [[HTML](https://www.misp-galaxy.org/tool)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tool.json)]
## UAVs/UCAVs ## UAVs/UCAVs
[UAVs/UCAVs](https://www.misp-project.org/galaxy.html#_uavs/ucavs) - Unmanned Aerial Vehicles / Unmanned Combat Aerial Vehicles [UAVs/UCAVs](https://www.misp-galaxy.org/uavs) - Unmanned Aerial Vehicles / Unmanned Combat Aerial Vehicles
Category: *military equipment* - source: *Popular Mechanics* - total: *36* elements Category: *military equipment* - source: *Popular Mechanics* - total: *36* elements
[[HTML](https://www.misp-project.org/galaxy.html#_uavs/ucavs)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/uavs.json)] [[HTML](https://www.misp-galaxy.org/uavs)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/uavs.json)]
## UKHSA Culture Collections ## UKHSA Culture Collections
[UKHSA Culture Collections](https://www.misp-project.org/galaxy.html#_ukhsa_culture_collections) - UK Health Security Agency Culture Collections represent deposits of cultures that consist of expertly preserved, authenticated cell lines and microbial strains of known provenance. [UKHSA Culture Collections](https://www.misp-galaxy.org/ukhsa-culture-collections) - UK Health Security Agency Culture Collections represent deposits of cultures that consist of expertly preserved, authenticated cell lines and microbial strains of known provenance.
Category: *virus* - source: *https://www.culturecollections.org.uk* - total: *6667* elements Category: *virus* - source: *https://www.culturecollections.org.uk* - total: *6667* elements
[[HTML](https://www.misp-project.org/galaxy.html#_ukhsa_culture_collections)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/ukhsa-culture-collections.json)] [[HTML](https://www.misp-galaxy.org/ukhsa-culture-collections)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/ukhsa-culture-collections.json)]
# Online documentation # Online documentation

34192
clusters/mitre-d3fend.json Normal file

File diff suppressed because it is too large Load diff

View file

@ -1044,5 +1044,5 @@
"value": "Non-profit organisation" "value": "Non-profit organisation"
} }
], ],
"version": 5 "version": 6
} }

File diff suppressed because it is too large Load diff

View file

@ -15981,7 +15981,20 @@
}, },
"uuid": "53ac2695-35ba-4ab2-a5cd-48ca533f1b72", "uuid": "53ac2695-35ba-4ab2-a5cd-48ca533f1b72",
"value": "Void Manticore" "value": "Void Manticore"
},
{
"description": "ALPHA SPIDER is a threat actor known for developing and operating the Alphv ransomware as a service. They have been observed using novel offensive techniques, such as exploiting software vulnerabilities and leveraging legitimate administration tools for malicious activities. ALPHA SPIDER affiliates have demonstrated persistence in exfiltrating data and have shown the ability to bypass security measures like DNS-based filtering and multifactor authentication. Despite lacking specific operational security measures, defenders have opportunities to detect and respond to ALPHA SPIDER's operations effectively.",
"meta": {
"refs": [
"https://www.crowdstrike.com/blog/anatomy-of-alpha-spider-ransomware/"
],
"synonyms": [
"ALPHV Ransomware Group"
]
},
"uuid": "6149f3b6-510d-4e45-bf88-cd25c7193702",
"value": "Alpha Spider"
} }
], ],
"version": 309 "version": 310
} }

View file

@ -0,0 +1,49 @@
{
"description": "A knowledge graph of cybersecurity countermeasures.",
"icon": "user-shield",
"kill_chain_order": {
"Deceive": [
"Decoy-Environment",
"Decoy-Object"
],
"Detect": [
"File-Analysis",
"Identifier-Analysis",
"Message-Analysis",
"Network-Traffic-Analysis",
"Platform-Monitoring",
"Process-Analysis",
"User-Behavior-Analysis"
],
"Evict": [
"Credential-Eviction",
"File-Eviction",
"Process-Eviction"
],
"Harden": [
"Application-Hardening",
"Credential-Hardening",
"Message-Hardening",
"Platform-Hardening"
],
"Isolate": [
"Execution-Isolation",
"Network-Isolation"
],
"Model": [
"Asset-Inventory",
"Network-Mapping",
"Operational-Activity-Mapping",
"System-Mapping"
],
"Restore": [
"Restore-Access",
"Restore-Object"
]
},
"name": "MITRE D3FEND",
"namespace": "mitre",
"type": "mitre-d3fend",
"uuid": "77d1bbfa-2982-4e0a-9238-1dae4a48c5b4",
"version": 1
}

259
tools/gen_mitre_d3fend.py Executable file
View file

@ -0,0 +1,259 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
#
# A simple convertor of the MITRE D3FEND to a MISP Galaxy datastructure.
# Copyright (C) 2024 Christophe Vandeplas
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import json
import os
import requests
import uuid
d3fend_url = 'https://d3fend.mitre.org/ontologies/d3fend.json'
d3fend_full_mappings_url = 'https://d3fend.mitre.org/api/ontology/inference/d3fend-full-mappings.json'
# we love eating lots of memory
r = requests.get(d3fend_url)
d3fend_json = r.json()
r = requests.get(d3fend_full_mappings_url)
d3fend_mappings_json = r.json()
with open('../clusters/mitre-attack-pattern.json', 'r') as mitre_f:
mitre = json.load(mitre_f)
uuid_seed = '35527064-12b4-4b73-952b-6d76b9f1b1e3'
tactics = {} # key = tactic, value = phases
phases_ids = []
techniques_ids = []
techniques = []
relations = {}
def get_as_list(item):
if isinstance(item, dict):
return item.values()
elif isinstance(item, list):
result = []
for i in item:
if isinstance(i, dict):
result += i.values()
if isinstance(i, str):
result.append(i)
return result
elif isinstance(item, str):
return [item]
else:
raise ValueError(f'Unexpected type: {type(item)}')
def is_val_in_element(val, element):
result = False
if isinstance(element, dict): # only one entry
if val == element['@id']:
return True
elif isinstance(element, list): # multiple entries
for e in element:
if val == e['@id']:
return True
elif not element:
pass
else:
raise ValueError(f'Unexpected type: {type(element)}')
return result
def is_element_in_list(element, lst):
if isinstance(element, dict): # only one entry
if element['@id'] in lst:
return True
elif isinstance(element, list): # multiple entries
for e in element:
if e['@id'] in lst:
return True
else:
raise ValueError(f'Unexpected type: {type(element)}')
def id_to_label(id):
return data[id]['rdfs:label']
def get_parent(item):
# value of subClassOf starts with d3f
if 'rdfs:subClassOf' in item:
# if 'd3f:enables' in item:
# parent_classes = get_as_list(item['d3f:enables'])
# else:
parent_classes = get_as_list(item['rdfs:subClassOf'])
for parent_class in parent_classes:
if parent_class.startswith('d3f'):
return parent_class
return None
def find_kill_chain_of(original_item):
# find if back in the kill chain_tactics list we built before
parent_classes = get_as_list(original_item['rdfs:subClassOf'])
for parent_class in parent_classes:
if parent_class.startswith('d3f'):
parent_class_name = id_to_label(parent_class).replace(' ', '-')
for tactic, phases in kill_chain_tactics.items():
if parent_class_name in phases:
return f"{tactic}:{parent_class_name}"
# child with one more parent in between
for parent_class in parent_classes:
if parent_class.startswith('d3f'):
return find_kill_chain_of(data[parent_class])
def find_mitre_uuid_from_technique_id(technique_id):
for item in mitre['values']:
if item['meta']['external_id'] == technique_id:
return item['uuid']
print("No MITRE UUID found for technique_id: ", technique_id)
return None
# relationships
for item in d3fend_mappings_json['results']['bindings']:
d3fend_technique = item['def_tech_label']['value']
attack_technique = item['off_tech_label']['value']
attack_technique_id = item['off_tech']['value'].split('#')[-1]
# print(f"Mapping: {d3fend_technique} -> {attack_technique} ({attack_technique_id})")
dest_uuid = find_mitre_uuid_from_technique_id(attack_technique_id)
if dest_uuid:
rel_type = item['def_artifact_rel_label']['value']
if d3fend_technique not in relations:
relations[d3fend_technique] = []
relations[d3fend_technique].append(
{
'dest-uuid': dest_uuid,
'type': rel_type
}
)
# first convert as dict with key = @id
data = {}
for item in d3fend_json['@graph']:
data[item['@id']] = item
# tactic
for item in d3fend_json['@graph']:
if is_val_in_element('d3f:DefensiveTactic', item.get('rdfs:subClassOf')):
tactics[item['rdfs:label']] = {
'order': item['d3f:display-order'],
'phases': []
}
print(f"Tactic: {item['rdfs:label']}")
# phases
for item in d3fend_json['@graph']:
if 'rdfs:subClassOf' in item:
if is_val_in_element('d3f:DefensiveTechnique', item['rdfs:subClassOf']):
phases_ids.append(item['@id'])
parent = id_to_label(item['d3f:enables']['@id'])
tactics[parent]['phases'].append(item['rdfs:label'].replace(' ', '-'))
# print(f"Tactic: {parent} \tPhase: {item['rdfs:label']}")
# sort the tactics based on the order
tactics = dict(sorted(tactics.items(), key=lambda item: item[1]['order']))
# sort the values
kill_chain_tactics = {}
for tactic, value in tactics.items():
kill_chain_tactics[tactic] = sorted(value['phases'])
# extract all parent, child and ... techniques
seen_new = True
while seen_new:
seen_new = False
for item in d3fend_json['@graph']:
if 'rdfs:subClassOf' in item:
element = item['rdfs:subClassOf']
if is_element_in_list(element, phases_ids) or is_element_in_list(element, techniques_ids):
if item['@id'] in techniques_ids:
continue
seen_new = True
techniques_ids.append(item['@id'])
if 'Memory Boundary Tracking' in item['rdfs:label']:
print(f"Technique: {item['rdfs:label']}")
kill_chain = find_kill_chain_of(item)
technique = {
'value': item['rdfs:label'],
'description': item['d3f:definition'],
'uuid': str(uuid.uuid5(uuid.UUID(uuid_seed), item['d3f:d3fend-id'])),
'meta': {
'kill_chain': [kill_chain],
'refs': [f"https://d3fend.mitre.org/technique/{item['@id']}"],
'external_id': item['d3f:d3fend-id']
}
}
# synonyms
if 'd3f:synonym' in item:
technique['meta']['synonyms'] = get_as_list(item['d3f:synonym'])
# relations
if item['rdfs:label'] in relations:
technique['related'] = relations[item['rdfs:label']]
techniques.append(technique)
print(f"Technique: {item['rdfs:label']} - {item['d3f:d3fend-id']}")
galaxy_fname = 'mitre-d3fend.json'
galaxy_type = "mitre-d3fend"
galaxy_name = "MITRE D3FEND"
galaxy_description = 'A knowledge graph of cybersecurity countermeasures.'
galaxy_source = 'https://d3fend.mitre.org/'
json_galaxy = {
'description': galaxy_description,
'icon': "user-shield",
'kill_chain_order': kill_chain_tactics,
'name': galaxy_name,
'namespace': "mitre",
'type': galaxy_type,
'uuid': "77d1bbfa-2982-4e0a-9238-1dae4a48c5b4",
'version': 1
}
json_cluster = {
'authors': ["MITRE"],
'category': 'd3fend',
'name': galaxy_name,
'description': galaxy_description,
'source': galaxy_source,
'type': galaxy_type,
'uuid': "b8bd7e45-63bf-4c44-8ab1-c81c82547380",
'values': list(techniques),
'version': 1
}
# save the Galaxy and Cluster file
with open(os.path.join('..', 'galaxies', galaxy_fname), 'w') as f:
# sort_keys, even if it breaks the kill_chain_order , but jq_all_the_things requires sorted keys
json.dump(json_galaxy, f, indent=2, sort_keys=True, ensure_ascii=False)
f.write('\n') # only needed for the beauty and to be compliant with jq_all_the_things
with open(os.path.join('..', 'clusters', galaxy_fname), 'w') as f:
json.dump(json_cluster, f, indent=2, sort_keys=True, ensure_ascii=False)
f.write('\n') # only needed for the beauty and to be compliant with jq_all_the_things
print("All done, please don't forget to ./jq_all_the_things.sh, commit, and then ./validate_all.sh.")

View file

@ -1,37 +0,0 @@
#!/usr/bin/env python3
import json
import os
import argparse
parser = argparse.ArgumentParser(description='Generate a markdown index with all the galaxy available')
parser.add_argument("-v", "--verbose", action='store_true', help='Verbose output')
args = parser.parse_args()
def gen_galaxy_tag(galaxy_name, cluster_name):
# return 'misp-galaxy:{}="{}"'.format(galaxy_name, cluster_name)
return '{}={}'.format(galaxy_name, cluster_name)
galaxies_fnames = []
files_to_ignore = ["cancer.json", "handicap.json"]
pathClusters = '../clusters'
for f in os.listdir(pathClusters):
if '.json' in f and f not in files_to_ignore:
galaxies_fnames.append(f)
galaxies_fnames.sort()
output = ""
for f in galaxies_fnames:
with open(os.path.join(pathClusters, f)) as fr:
cluster = json.load(fr)
output = f'{output}\n## {cluster["name"]}\n\n'
link = cluster["name"].replace(" ", "_").lower()
total = len(cluster["values"])
output = f'{output}[{cluster["name"]}](https://www.misp-project.org/galaxy.html#_{link}) - {cluster["description"]}\n'
output = f'{output}\nCategory: *{cluster["category"]}* - source: *{cluster["source"]}* - total: *{total}* elements\n'
output = f'{output}\n[[HTML](https://www.misp-project.org/galaxy.html#_{link})] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/{f})]\n'
print(output)

View file

@ -0,0 +1,68 @@
#!/usr/bin/env python3
import json
import os
import argparse
parser = argparse.ArgumentParser(description='Generate a markdown index with all the galaxy available')
parser.add_argument("-v", "--verbose", action='store_true', help='Verbose output')
args = parser.parse_args()
def gen_galaxy_tag(galaxy_name, cluster_name):
# return 'misp-galaxy:{}="{}"'.format(galaxy_name, cluster_name)
return '{}={}'.format(galaxy_name, cluster_name)
galaxies_fnames = []
files_to_ignore = ["cancer.json", "handicap.json"]
pathClusters = '../clusters'
pathGalaxies = '../galaxies'
for f in os.listdir(pathClusters):
if '.json' in f and f not in files_to_ignore:
galaxies_fnames.append(f)
galaxies_fnames.sort()
output = []
# generate the index
for f in galaxies_fnames:
with open(os.path.join(pathClusters, f)) as fr:
cluster = json.load(fr)
with open(os.path.join(pathGalaxies, f)) as fr:
galaxy = json.load(fr)
if galaxy.get('namespace') == 'deprecated':
continue
output.append(f"## {cluster['name']}\n\n")
link = f.split('.')[0]
total = len(cluster['values'])
output.append(f"[{cluster['name']}](https://www.misp-galaxy.org/{link}) - {cluster['description']}\n")
output.append(f"\nCategory: *{cluster['category']}* - source: *{cluster['source']}* - total: *{total}* elements\n")
output.append(f"\n[[HTML](https://www.misp-galaxy.org/{link})] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/{f})]\n\n")
# update the README.md
readme_out = []
readme_marker_start = '# Available Galaxy - clusters'
readme_marker_end = '# Online documentation'
with open('../README.md', 'r') as f:
skip = False
for line in f:
if not skip:
readme_out.append(line)
if line.strip() == readme_marker_start:
skip = True
if line.strip() == readme_marker_end:
# append the index
readme_out.append("\n")
readme_out += output
readme_out.append("\n")
readme_out.append(line)
# stop skipping
skip = False
with open('../README.md', 'w') as f:
f.write(''.join(readme_out))
print("README.md updated with the index of the galaxies.")