search

MISP / misp-galaxy

Clusters and elements to attach to MISP events or attributes (like threat actors)
https://misp-galaxy.org/
Other
513 stars 257 forks source link

attck4fraud to review #845

Closed adulau closed 1 year ago

adulau commented 1 year ago

https://www.association-secure-transactions.eu/atm-explosive-attacks-in-europe-rise-again/

cvandeplas commented 1 year ago

It's a though one. Having a diagonal look at the data there's lot of similarity with the attck4fraud Galaxy, There are also some important differences, different phrasing and way to group data. Merging both will be quite some work and decision on which wording to choose.

My first feeling was to add it as separate Galaxy, draft unfinished tool pushed in 2d7b7137bfd7c7547c2a57b6b512c341b56e4728.

However it would be suboptimal to have two separate Galaxies. So the second feeling was that we could try to merge into one with just some bit more manual effort. Initial commits in 3c808921c3b825bfa0fb7c773830d4a7686a14d3 (more will be coming)

adulau commented 1 year ago

Thanks a lot for looking into this.

Merging make sense, I have the feeling that the original work from ING NL is not maintained anymore and merging both would be beneficial for everyone.

cvandeplas commented 1 year ago

One more manual merge with already existing items was done with 1d9f59eb2d21c2e3c8927914e025257f65002bc1 and then 02c50184bf8ffd1227bdf90a6f7b3f6db270f2c8 that merges the new clusters. (categorized by myself, so improvement is probably possible). This second commit also contains a tool that will download the data from the E.A.S.T. website, and update the galaxy while asking the user which tactic is associated.