mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-23 07:17:17 +00:00
Alexandre Dulaunoy
ba46bb6a0b
Based on https://github.com/MISP/misp-galaxy/issues/469 There is an old and persistence issue in attribution world and basically no-one really agrees on this. So we decided to start a specific metadata `threat-actor-classification` on the threat-actor to define the various types per cluster entry: - _operation_: - _A military operation is the coordinated military actions of a state, or a non-state actor, in response to a developing situation. These actions are designed as a military plan to resolve the situation in the state or actor's favor. Operations may be of a combat or non-combat nature and may be referred to by a code name for the purpose of national security. Military operations are often known for their more generally accepted common usage names than their actual operational objectives._ from Wikipedia - **In the context of MISP threat-actor name, it's a single specific operation.** - _campaign_: - _The term military campaign applies to large scale, long duration, significant military strategy plans incorporating a series of inter-related military operations or battles forming a distinct part of a larger conflict often called a war. The term derives from the plain of Campania, a place of annual wartime operations by the armies of the Roman Republic._ from Wikipedia - **In the context of MISP threat-actor-name, it's long-term activity which might be composed of one or more operations.** - threat-actor - **In the context of MISP threat-actor-name, it's an agreed name by a set of organisations.** - activity group - **In the context of MISP threat-actor-name, it's a group defined by its set of common techniques or activities.** - unknown - **In the context of MISP threat-actor-name, it's still not clear if it's an operation, campaign, threat-actor or activity group** The meta field is an array to allow specific cluster of threat-actor to show the current disagreement between different organisations about the type (threat actor, activity group, campaign and operation). |
||
---|---|---|
.. | ||
android.json | ||
attck4fraud.json | ||
backdoor.json | ||
banker.json | ||
bhadra-framework.json | ||
botnet.json | ||
branded_vulnerability.json | ||
cert-eu-govsector.json | ||
country.json | ||
election-guidelines.json | ||
exploit-kit.json | ||
malpedia.json | ||
microsoft-activity-group.json | ||
misinfosec-amitt-misinformation-pattern.json | ||
mitre-attack-pattern.json | ||
mitre-course-of-action.json | ||
mitre-enterprise-attack-attack-pattern.json | ||
mitre-enterprise-attack-course-of-action.json | ||
mitre-enterprise-attack-intrusion-set.json | ||
mitre-enterprise-attack-malware.json | ||
mitre-enterprise-attack-tool.json | ||
mitre-intrusion-set.json | ||
mitre-malware.json | ||
mitre-mobile-attack-attack-pattern.json | ||
mitre-mobile-attack-course-of-action.json | ||
mitre-mobile-attack-intrusion-set.json | ||
mitre-mobile-attack-malware.json | ||
mitre-mobile-attack-tool.json | ||
mitre-pre-attack-attack-pattern.json | ||
mitre-pre-attack-intrusion-set.json | ||
mitre-tool.json | ||
o365-exchange-techniques.json | ||
preventive-measure.json | ||
ransomware.json | ||
rat.json | ||
region.json | ||
sector.json | ||
social-dark-patterns.json | ||
stealer.json | ||
surveillance-vendor.json | ||
target-information.json | ||
tds.json | ||
threat-actor.json | ||
tool.json |