Added metadata related to sidewinder and cfr-type-of-incident values

MISP / misp-galaxy

Clusters and elements to attach to MISP events or attributes (like threat actors)

https://misp-galaxy.org/

Other

509 stars 256 forks source link

Added metadata related to sidewinder and cfr-type-of-incident values #974

Closed jstnk9 closed 1 month ago

jstnk9 commented 1 month ago

I have added in this PR new information about SideWinder and also values related to the key cfr-type-of-incident for those objects that had motive as well.

I've followed the values of https://www.cfr.org/cyber-operations/#Glossary

motive and cfr-type-of-incident are the same? Should be motive key deprecated?

adulau commented 1 month ago

Thanks for the PR. motive is the official key, cfr is one for the Council on Foreign Relations. They might be different but it’s often similar if we all agree on the motives of the TA.

jstnk9 commented 1 month ago

Thanks for the PR. motive is the official key, cfr is one for the Council on Foreign Relations. They might be different but it’s often similar if we all agree on the motives of the TA.

Great to know, thank you @adulau.

Do you have a list of possible values for motive or it's a free text field?

adulau commented 1 month ago

The current ones are:

Espionage
Hacktivists-Nationalists
Cybercrime

I know there are some others like financially motivated but maybe I should update the Internet-Draft to add default values for the known meta.

adulau commented 1 month ago

Can you rebase to the current main branch ? I'll merge it. Thank you very much.