malpedia / feedback

Public Issue tracker to gather feedback for and allow discussions around Malpedia
31 stars 3 forks source link

Microsoft's new group names are missing #51

Closed gnyman closed 11 months ago

gnyman commented 1 year ago

Is your feature request related to a problem? Please describe. The database does not seem to include Microsoft's new threat group naming when listing the various names groups are tracked by.

Microsoft has documented the change here and provide a json with the mapping here

I noticed this when trying to search for "Diamond Sleet" and found no matches.

Describe the solution you'd like Add the aliases.

Additional context Your project is a great resource, thanks everyone for their work.

danielplohmann commented 1 year ago

Hey! Thanks a lot for the pointer!

As we are using the MISP ThreatActor Galaxy as source for this kind of information, we are a bit dependent on this information being present over there. Originally, Microsoft names were directly integrated in the main threat-actor collection, which made it easy. After the latest "refactoring" of the MS naming scheme, the decision for MISP was made to keep that information in its own collection and instead link the information via UUIDs. Because we still only process the single galaxy cluster, we haven't reflected for this change on our side yet. It should not even be that much effort and I guess we will address it as one of the first things when we free up a bit of time to work on the backend again.