访问官网
Githubmisp-galaxy
MISP galaxy is a simple method to express a large object called cluster that can be attached to MISP events or attributes. A cluster can be composed of one or more elements. Elements are expressed as key-values. There are default knowledge base (such as Threat Actors, Tools, Ransomware, ATT&CK matrixes) available in MISP galaxy but those can be overwritten, replaced, updated, forked and shared as you wish.
Existing clusters and vocabularies can be used as-is or as a common knowledge base. MISP distribution can be applied to each cluster to permit a limited or broader distribution scheme.
Galaxies can be also used to expressed existing matrix-like standards such as MITRE ATT&CK(tm) or custom ones.
The objective is to have a comment set of clusters for organizations starting analysis but that can be expanded to localized information (which is not shared) or additional information (that can be shared).
Available Galaxy - clusters
360.net Threat Actors
360.net Threat Actors - Known or estimated adversary groups as identified by 360.net.
Category: actor - source: https://apt.360.net/aptlist - total: 42 elements
Ammunitions
Ammunitions - Common ammunitions galaxy
Category: firearm - source: https://ammo.com/ - total: 409 elements
Android
Android - Android malware galaxy based on multiple open sources.
Category: tool - source: Open Sources - total: 433 elements
Azure Threat Research Matrix
Azure Threat Research Matrix - The purpose of the Azure Threat Research Matrix (ATRM) is to educate readers on the potential of Azure-based tactics, techniques, and procedures (TTPs). It is not to teach how to weaponize or specifically abuse them. For this reason, some specific commands will be obfuscated or parts will be omitted to prevent abuse.
Category: atrm - source: https://github.com/microsoft/Azure-Threat-Research-Matrix - total: 90 elements
attck4fraud
attck4fraud - attck4fraud - Principles of MITRE ATT&CK in the fraud domain
Category: guidelines - source: Open Sources - total: 71 elements
Backdoor
Backdoor - A list of backdoor malware.
Category: tool - source: Open Sources - total: 28 elements
Banker
Banker - A list of banker malware.
Category: tool - source: Open Sources - total: 53 elements
Bhadra Framework
Bhadra Framework - Bhadra Threat Modeling Framework
Category: mobile - source: https://arxiv.org/pdf/2005.05110.pdf - total: 47 elements
Botnet
Botnet - botnet galaxy
Category: tool - source: MISP Project - total: 130 elements
Branded Vulnerability
Branded Vulnerability - List of known vulnerabilities and attacks with a branding
Category: vulnerability - source: Open Sources - total: 14 elements
Cert EU GovSector
Cert EU GovSector - Cert EU GovSector
Category: sector - source: CERT-EU - total: 6 elements
China Defence Universities Tracker
China Defence Universities Tracker - The China Defence Universities Tracker is a database of Chinese institutions engaged in military or security-related science and technology research. It was created by ASPI’s International Cyber Policy Centre.
Category: academic-institution - source: ASPI International Cyber Policy Centre - total: 159 elements
CONCORDIA Mobile Modelling Framework - Attack Pattern
CONCORDIA Mobile Modelling Framework - Attack Pattern - A list of Techniques in CONCORDIA Mobile Modelling Framework.
Category: cmtmf-attack-pattern - source: https://5g4iot.vlab.cs.hioa.no/ - total: 93 elements
Country
Country - Country meta information based on the database provided by geonames.org.
Category: country - source: MISP Project - total: 252 elements
Cryptominers
Cryptominers - A list of cryptominer and cryptojacker malware.
Category: Cryptominers - source: Open Source Intelligence - total: 5 elements
Actor Types
Actor Types - DISARM is a framework designed for describing and understanding disinformation incidents.
Category: disarm - source: https://github.com/DISARMFoundation/DISARMframeworks - total: 33 elements
Countermeasures
Countermeasures - DISARM is a framework designed for describing and understanding disinformation incidents.
Category: disarm - source: https://github.com/DISARMFoundation/DISARMframeworks - total: 139 elements
Detections
Detections - DISARM is a framework designed for describing and understanding disinformation incidents.
Category: disarm - source: https://github.com/DISARMFoundation/DISARMframeworks - total: 94 elements
Techniques
Techniques - DISARM is a framework designed for describing and understanding disinformation incidents.
Category: disarm - source: https://github.com/DISARMFoundation/DISARMframeworks - total: 298 elements
Election guidelines
Election guidelines - Universal Development and Security Guidelines as Applicable to Election Technology.
Category: guidelines - source: Open Sources - total: 23 elements
Entity
Entity - Description of entities that can be involved in events.
Category: actor - source: MISP Project - total: 4 elements
Exploit-Kit
Exploit-Kit - Exploit-Kit is an enumeration of some exploitation kits used by adversaries. The list includes document, browser and router exploit kits.It's not meant to be totally exhaustive but aim at covering the most seen in the past 5 years
Category: tool - source: MISP Project - total: 52 elements
Firearms
Firearms - Common firearms galaxy
Category: firearm - source: https://www.impactguns.com - total: 5953 elements
FIRST DNS Abuse Techniques Matrix
FIRST DNS Abuse Techniques Matrix - The Domain Name System (DNS) is a critical part of the Internet, including mapping domain names to IP addresses. Malicious threat actors use domain names, their corresponding technical resources, and other parts of the DNS infrastructure, including its protocols, for their malicious cyber operations. CERTs are confronted with reported DNS abuse on a continuous basis, and rely heavily on DNS analysis and infrastructure to protect their constituencies. Understanding the international customary norms applicable for detecting and mitigating DNS abuse from the perspective of the global incident response community is critical for the open Internet’s stability, security and resiliency. See also https://www.first.org/global/sigs/dns/ for more information.
Category: first-dns - source: https://www.first.org/global/sigs/dns/ - total: 21 elements
GSMA MoTIF
GSMA MoTIF - Mobile Threat Intelligence Framework (MoTIF) Principles.
Category: attack-pattern - source: https://www.gsma.com/solutions-and-impact/technologies/security/latest-news/establishing-motif-the-mobile-threat-intelligence-framework/ - total: 50 elements
Intelligence Agencies
Intelligence Agencies - List of intelligence agencies
Category: Intelligence Agencies - source: https://en.wikipedia.org/wiki/List_of_intelligence_agencies - total: 436 elements
INTERPOL DWVA Taxonomy
INTERPOL DWVA Taxonomy - This taxonomy defines common forms of abuses and entities that represent real-world actors and service that are part of a larger Darknet- and Cryptoasset Ecosystems.
Category: dwva - source: https://interpol-innovation-centre.github.io/DW-VA-Taxonomy/ - total: 94 elements
Malpedia
Malpedia - Malware galaxy cluster based on Malpedia.
Category: tool - source: Malpedia - total: 3038 elements
Microsoft Activity Group actor
Microsoft Activity Group actor - Activity groups as described by Microsoft
Category: actor - source: MISP Project - total: 79 elements
Misinformation Pattern
Misinformation Pattern - AM!TT Technique
Category: misinformation-pattern - source: https://github.com/misinfosecproject/amitt_framework - total: 61 elements
MITRE ATLAS Attack Pattern
MITRE ATLAS Attack Pattern - MITRE ATLAS Attack Pattern - Adversarial Threat Landscape for Artificial-Intelligence Systems
Category: attack-pattern - source: https://github.com/mitre-atlas/atlas-navigator-data - total: 82 elements
MITRE ATLAS Course of Action
MITRE ATLAS Course of Action - MITRE ATLAS Mitigation - Adversarial Threat Landscape for Artificial-Intelligence Systems
Category: course-of-action - source: https://github.com/mitre-atlas/atlas-navigator-data - total: 20 elements
Attack Pattern
Attack Pattern - ATT&CK tactic
Category: attack-pattern - source:
