Hello,
By today, MISP propose three different galaxies to identify threats actors
Threat Actor Galaxy with UUID 698774c7-8022-42c4-917f-8d6e4f06ada3
Historic MISP galaxy having 303 entries and majority of linked events
Intrusion Set galaxy with UUID 1023f364-7831-11e7-8318-43b5531983ab
Name of ATT&CK Group having 93 entries and few events
Microsoft Activity Group actor with UUID 74c869e8-0b8e-4e5f-96e6-cd992e07a505
Activity groups as described by Microsoft having 10 entries and few events
Some threat actors are present present in all mentioned galaxies but have a different UUID leading
to dispersion of events and fragmentation.
E.g.
APT28 in "Microsoft Activity Group actor" has UUID 213cdde9-c11a-4ea9-8ce0-c868e9826fec
APT28 in "Threat Actor galaxy" has UUID 5b4ee3ea-eee3-4c8e-8323-85ae32658754
APT28 in "Intrusion Set galaxy" has UUID bef4c620-0787-42a8-a96d-b7eb6e85917c
Historically Galaxy "Threat Actor" is used by majority of the organizations,
leading to non usage of other galaxies like "Intrusion Set galaxy" from ATT&CK.
Threat actors shall be uniquely identified despite potentially referenced in different galaxies.
Hello,
By today, MISP propose three different galaxies to identify threats actors
Some threat actors are present present in all mentioned galaxies but have a different UUID leading
to dispersion of events and fragmentation.
E.g.
APT28 in "Microsoft Activity Group actor" has UUID 213cdde9-c11a-4ea9-8ce0-c868e9826fec
APT28 in "Threat Actor galaxy" has UUID 5b4ee3ea-eee3-4c8e-8323-85ae32658754
APT28 in "Intrusion Set galaxy" has UUID bef4c620-0787-42a8-a96d-b7eb6e85917c
Historically Galaxy "Threat Actor" is used by majority of the organizations,
leading to non usage of other galaxies like "Intrusion Set galaxy" from ATT&CK.
Threat actors shall be uniquely identified despite potentially referenced in different galaxies.