Closed jloehel closed 1 year ago
Thank you for the contribution.
That's a good question. Maybe we should create a new galaxy/cluster adversary-organisation to map the business relationships between threat actor and some organisations. This could include already a series of meta which are used by other formats like STIX for identity
. We can extend it with any additional information like we did for the China Defence Universities Tracker
. We could populate it with the existing legal action/sanction regarding some orgs.
Source: https://go.recordedfuture.com/hubfs/reports/cta-2023-0330.pdf
@adulau How can I cluster unique infrastructure TTP? I would like to add also GhostWolf because not RedGolf overlaps with APT41. The GhostWolf infra overlaps with the infra of APT41. Furthermore what would be a good place to add more information about the company Chengdu 404 Network Technology?
p.s. Adds new Microsoft mapping for APT41: https://github.com/microsoft/mstic/blob/master/PublicFeeds/ThreatActorNaming/MicrosoftMapping.json#L14-L19