{"id":33245393,"url":"https://github.com/MISP/misp-galaxy","last_synced_at":"2026-03-29T21:00:45.096Z","repository":{"id":4952015,"uuid":"52686509","full_name":"MISP/misp-galaxy","owner":"MISP","description":"Clusters and elements to attach to MISP events or attributes (like threat actors)","archived":false,"fork":false,"pushed_at":"2026-03-23T21:51:28.000Z","size":52739,"stargazers_count":612,"open_issues_count":39,"forks_count":294,"subscribers_count":48,"default_branch":"main","last_synced_at":"2026-03-24T20:20:28.642Z","etag":null,"topics":["adversaries","adversary-groups","attack-patternon","classification","information-exchange","malware","misp","misp-galaxy","mitre-adversarial-tactics","stix","threat-actors","threat-hunting","threat-intelligence"],"latest_commit_sha":null,"homepage":"https://misp-galaxy.org/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/MISP.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2016-02-27T20:11:06.000Z","updated_at":"2026-03-23T21:51:37.000Z","dependencies_parsed_at":"2025-12-13T11:07:43.275Z","dependency_job_id":null,"html_url":"https://github.com/MISP/misp-galaxy","commit_stats":{"total_commits":2048,"total_committers":96,"mean_commits":"21.333333333333332","dds":0.67138671875,"last_synced_commit":"1cadb52866e74c0abcff7e7376f39e8fd31beb3e"},"previous_names":[],"tags_count":51,"template":false,"template_full_name":null,"purl":"pkg:github/MISP/misp-galaxy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MISP%2Fmisp-galaxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MISP%2Fmisp-galaxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MISP%2Fmisp-galaxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MISP%2Fmisp-galaxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/MISP","download_url":"https://codeload.github.com/MISP/misp-galaxy/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MISP%2Fmisp-galaxy/sbom","scorecard":{"id":87655,"data":{"date":"2025-08-11","repo":{"name":"github.com/MISP/misp-galaxy","commit":"cec058dd3772839ef5b36f56a564e78744deb4b0"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.5,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":2,"reason":"Found 5/25 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/pytest.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE.md:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pytest.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/MISP/misp-galaxy/pytest.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pytest.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/MISP/misp-galaxy/pytest.yml/main?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/pytest.yml:38","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 10 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-15T07:16:19.519Z","repository_id":4952015,"created_at":"2025-08-15T07:16:19.519Z","updated_at":"2025-08-15T07:16:19.519Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31164979,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-29T18:55:37.765Z","status":"ssl_error","status_checked_at":"2026-03-29T18:55:04.089Z","response_time":89,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["adversaries","adversary-groups","attack-patternon","classification","information-exchange","malware","misp","misp-galaxy","mitre-adversarial-tactics","stix","threat-actors","threat-hunting","threat-intelligence"],"created_at":"2025-11-16T21:00:32.225Z","updated_at":"2026-03-29T21:00:45.089Z","avatar_url":"https://github.com/MISP.png","language":"Python","readme":"# misp-galaxy\n\n![misp galaxy logo](https://raw.githubusercontent.com/MISP/misp-galaxy/refs/heads/main/doc/images/misp-galaxy-logo.png)\n![Python application](https://github.com/MISP/misp-galaxy/workflows/Python%20application/badge.svg)\n\n![Screenshot - MISP galaxy integeration in MISP threat intelligence platform](https://raw.githubusercontent.com/MISP/misp-galaxy/aa41337fd78946a60aef3783f58f337d2342430a/doc/images/galaxy.png)\n\nMISP galaxy is a simple method to express a large object called cluster that can be attached to MISP events or\nattributes. A cluster can be composed of one or more elements. Elements are expressed as key-values. There\nare default knowledge base (such as Threat Actors, Tools, Ransomware, ATT\u0026CK matrixes) available in MISP galaxy\nbut those can be overwritten, replaced, updated, forked and shared as you wish.\n\nExisting clusters and vocabularies can be used as-is or as a common knowledge base. MISP distribution can be applied\nto each cluster to permit a limited or broader distribution scheme.\n\nGalaxies can be also used to expressed existing matrix-like standards such as MITRE ATT\u0026CK(tm) or custom ones.\n\nThe objective is to have a comment set of clusters for organizations starting analysis but that can be expanded\nto localized information (which is not shared) or additional information (that can be shared).\n\n# Available Galaxy - clusters\n\n## 360.net Threat Actors\n\n[360.net Threat Actors](https://www.misp-galaxy.org/360net) - Known or estimated adversary groups as identified by 360.net.\n\nCategory: *actor* - source: *https://apt.360.net/aptlist* - total: *42* elements\n\n[[HTML](https://www.misp-galaxy.org/360net)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/360net.json)]\n\n## Ammunitions\n\n[Ammunitions](https://www.misp-galaxy.org/ammunitions) - Common ammunitions galaxy\n\nCategory: *firearm* - source: *https://ammo.com/* - total: *409* elements\n\n[[HTML](https://www.misp-galaxy.org/ammunitions)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/ammunitions.json)]\n\n## Android\n\n[Android](https://www.misp-galaxy.org/android) - Android malware galaxy based on multiple open sources.\n\nCategory: *tool* - source: *Open Sources* - total: *435* elements\n\n[[HTML](https://www.misp-galaxy.org/android)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/android.json)]\n\n## Azure Threat Research Matrix\n\n[Azure Threat Research Matrix](https://www.misp-galaxy.org/atrm) - The purpose of the Azure Threat Research Matrix (ATRM) is to educate readers on the potential of Azure-based tactics, techniques, and procedures (TTPs). It is not to teach how to weaponize or specifically abuse them. For this reason, some specific commands will be obfuscated or parts will be omitted to prevent abuse.\n\nCategory: *atrm* - source: *https://github.com/microsoft/Azure-Threat-Research-Matrix* - total: *90* elements\n\n[[HTML](https://www.misp-galaxy.org/atrm)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/atrm.json)]\n\n## attck4fraud\n\n[attck4fraud](https://www.misp-galaxy.org/attck4fraud) - attck4fraud - Principles of MITRE ATT\u0026CK in the fraud domain\n\nCategory: *guidelines* - source: *Open Sources* - total: *71* elements\n\n[[HTML](https://www.misp-galaxy.org/attck4fraud)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/attck4fraud.json)]\n\n## Backdoor\n\n[Backdoor](https://www.misp-galaxy.org/backdoor) - A list of backdoor malware.\n\nCategory: *tool* - source: *Open Sources* - total: *29* elements\n\n[[HTML](https://www.misp-galaxy.org/backdoor)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/backdoor.json)]\n\n## Banker\n\n[Banker](https://www.misp-galaxy.org/banker) - A list of banker malware.\n\nCategory: *tool* - source: *Open Sources* - total: *53* elements\n\n[[HTML](https://www.misp-galaxy.org/banker)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/banker.json)]\n\n## Bhadra Framework\n\n[Bhadra Framework](https://www.misp-galaxy.org/bhadra-framework) - Bhadra Threat Modeling Framework\n\nCategory: *mobile* - source: *https://arxiv.org/pdf/2005.05110.pdf* - total: *47* elements\n\n[[HTML](https://www.misp-galaxy.org/bhadra-framework)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/bhadra-framework.json)]\n\n## Busy is the New Stupid framework\n\n[Busy is the New Stupid framework](https://www.misp-galaxy.org/bitns) - Busy is the New Stupid framework - A tactical framework, examining how busyness compromises cognitive function, strategic thinking, and effectiveness. Created by Ross Young.\n\nCategory: *user-tie* - source: *https://www.cisotradecraft.com/bitns* - total: *40* elements\n\n[[HTML](https://www.misp-galaxy.org/bitns)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/bitns.json)]\n\n## Botnet\n\n[Botnet](https://www.misp-galaxy.org/botnet) - botnet galaxy\n\nCategory: *tool* - source: *MISP Project* - total: *134* elements\n\n[[HTML](https://www.misp-galaxy.org/botnet)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/botnet.json)]\n\n## Branded Vulnerability\n\n[Branded Vulnerability](https://www.misp-galaxy.org/branded_vulnerability) - List of known vulnerabilities and attacks with a branding\n\nCategory: *vulnerability* - source: *Open Sources* - total: *14* elements\n\n[[HTML](https://www.misp-galaxy.org/branded_vulnerability)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/branded_vulnerability.json)]\n\n## Cert EU GovSector\n\n[Cert EU GovSector](https://www.misp-galaxy.org/cert-eu-govsector) - Cert EU GovSector\n\nCategory: *sector* - source: *CERT-EU* - total: *6* elements\n\n[[HTML](https://www.misp-galaxy.org/cert-eu-govsector)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/cert-eu-govsector.json)]\n\n## China Defence Universities Tracker\n\n[China Defence Universities Tracker](https://www.misp-galaxy.org/china-defence-universities) - The China Defence Universities Tracker is a database of Chinese institutions engaged in military or security-related science and technology research. It was created by ASPI’s International Cyber Policy Centre.\n\nCategory: *academic-institution* - source: *ASPI International Cyber Policy Centre* - total: *159* elements\n\n[[HTML](https://www.misp-galaxy.org/china-defence-universities)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/china-defence-universities.json)]\n\n## CONCORDIA Mobile Modelling Framework - Attack Pattern\n\n[CONCORDIA Mobile Modelling Framework - Attack Pattern](https://www.misp-galaxy.org/cmtmf-attack-pattern) - A list of Techniques in CONCORDIA Mobile Modelling Framework.\n\nCategory: *cmtmf-attack-pattern* - source: *https://5g4iot.vlab.cs.hioa.no/* - total: *93* elements\n\n[[HTML](https://www.misp-galaxy.org/cmtmf-attack-pattern)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/cmtmf-attack-pattern.json)]\n\n## Country\n\n[Country](https://www.misp-galaxy.org/country) - Country meta information based on the database provided by geonames.org.\n\nCategory: *country* - source: *MISP Project* - total: *252* elements\n\n[[HTML](https://www.misp-galaxy.org/country)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/country.json)]\n\n## Cryptominers\n\n[Cryptominers](https://www.misp-galaxy.org/cryptominers) - A list of cryptominer and cryptojacker malware.\n\nCategory: *Cryptominers* - source: *Open Source Intelligence* - total: *5* elements\n\n[[HTML](https://www.misp-galaxy.org/cryptominers)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/cryptominers.json)]\n\n## Actor Types\n\n[Actor Types](https://www.misp-galaxy.org/disarm-actortypes) - DISARM is a framework designed for describing and understanding disinformation incidents.\n\nCategory: *disarm* - source: *https://github.com/DISARMFoundation/DISARMframeworks* - total: *33* elements\n\n[[HTML](https://www.misp-galaxy.org/disarm-actortypes)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/disarm-actortypes.json)]\n\n## Countermeasures\n\n[Countermeasures](https://www.misp-galaxy.org/disarm-countermeasures) - DISARM is a framework designed for describing and understanding disinformation incidents.\n\nCategory: *disarm* - source: *https://github.com/DISARMFoundation/DISARMframeworks* - total: *139* elements\n\n[[HTML](https://www.misp-galaxy.org/disarm-countermeasures)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/disarm-countermeasures.json)]\n\n## Detections\n\n[Detections](https://www.misp-galaxy.org/disarm-detections) - DISARM is a framework designed for describing and understanding disinformation incidents.\n\nCategory: *disarm* - source: *https://github.com/DISARMFoundation/DISARMframeworks* - total: *94* elements\n\n[[HTML](https://www.misp-galaxy.org/disarm-detections)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/disarm-detections.json)]\n\n## Techniques\n\n[Techniques](https://www.misp-galaxy.org/disarm-techniques) - DISARM is a framework designed for describing and understanding disinformation incidents.\n\nCategory: *disarm* - source: *https://github.com/DISARMFoundation/DISARMframeworks* - total: *298* elements\n\n[[HTML](https://www.misp-galaxy.org/disarm-techniques)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/disarm-techniques.json)]\n\n## Election guidelines\n\n[Election guidelines](https://www.misp-galaxy.org/election-guidelines) - Universal Development and Security Guidelines as Applicable to Election Technology.\n\nCategory: *guidelines* - source: *Open Sources* - total: *23* elements\n\n[[HTML](https://www.misp-galaxy.org/election-guidelines)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/election-guidelines.json)]\n\n## Entity\n\n[Entity](https://www.misp-galaxy.org/entity) - Description of entities that can be involved in events.\n\nCategory: *actor* - source: *MISP Project* - total: *4* elements\n\n[[HTML](https://www.misp-galaxy.org/entity)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/entity.json)]\n\n## Exploit-Kit\n\n[Exploit-Kit](https://www.misp-galaxy.org/exploit-kit) - Exploit-Kit is an enumeration of some exploitation kits used by adversaries. The list includes document, browser and router exploit kits.It's not meant to be totally exhaustive but aim at covering the most seen in the past 5 years\n\nCategory: *tool* - source: *MISP Project* - total: *53* elements\n\n[[HTML](https://www.misp-galaxy.org/exploit-kit)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/exploit-kit.json)]\n\n## Firearms\n\n[Firearms](https://www.misp-galaxy.org/firearms) - Common firearms galaxy\n\nCategory: *firearm* - source: *https://www.impactguns.com* - total: *5953* elements\n\n[[HTML](https://www.misp-galaxy.org/firearms)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/firearms.json)]\n\n## FIRST CSIRT Services Framework\n\n[FIRST CSIRT Services Framework](https://www.misp-galaxy.org/first-csirt-services-framework) - The Computer Security Incident Response Team (CSIRT) Services Framework is a high-level document describing in a structured way a collection of cyber security services and associated functions that Computer Security Incident Response Teams and other teams providing incident management related services may provide\n\nCategory: *csirt* - source: *https://www.first.org/standards/frameworks/csirts/csirt_services_framework_v2.1* - total: *97* elements\n\n[[HTML](https://www.misp-galaxy.org/first-csirt-services-framework)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/first-csirt-services-framework.json)]\n\n## FIRST DNS Abuse Techniques Matrix\n\n[FIRST DNS Abuse Techniques Matrix](https://www.misp-galaxy.org/first-dns) - The Domain Name System (DNS) is a critical part of the Internet, including mapping domain names to IP addresses. Malicious threat actors use domain names, their corresponding technical resources, and other parts of the DNS infrastructure, including its protocols, for their malicious cyber operations. CERTs are confronted with reported DNS abuse on a continuous basis, and rely heavily on DNS analysis and infrastructure to protect their constituencies. Understanding the international customary norms applicable for detecting and mitigating DNS abuse from the perspective of the global incident response community is critical for the open Internet’s stability, security and resiliency. See also https://www.first.org/global/sigs/dns/ for more information.\n\nCategory: *first-dns* - source: *https://www.first.org/global/sigs/dns/* - total: *21* elements\n\n[[HTML](https://www.misp-galaxy.org/first-dns)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/first-dns.json)]\n\n## GSMA MoTIF\n\n[GSMA MoTIF](https://www.misp-galaxy.org/gsma-motif) - Mobile Threat Intelligence Framework (MoTIF) Principles. \n\nCategory: *attack-pattern* - source: *https://www.gsma.com/solutions-and-impact/technologies/security/latest-news/establishing-motif-the-mobile-threat-intelligence-framework/* - total: *50* elements\n\n[[HTML](https://www.misp-galaxy.org/gsma-motif)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/gsma-motif.json)]\n\n## Human Layer Kill Chain\n\n[Human Layer Kill Chain](https://www.misp-galaxy.org/human-kill-chain) - Human Layer Kill Chain (HKC) framework\n\nCategory: *humint* - source: *https://arxiv.org/pdf/2505.24685* - total: *17* elements\n\n[[HTML](https://www.misp-galaxy.org/human-kill-chain)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/human-kill-chain.json)]\n\n## Intelligence Agencies\n\n[Intelligence Agencies](https://www.misp-galaxy.org/intelligence-agencies) - List of intelligence agencies\n\nCategory: *Intelligence Agencies* - source: *https://en.wikipedia.org/wiki/List_of_intelligence_agencies* - total: *436* elements\n\n[[HTML](https://www.misp-galaxy.org/intelligence-agencies)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/intelligence-agencies.json)]\n\n## INTERPOL DWVA Taxonomy\n\n[INTERPOL DWVA Taxonomy](https://www.misp-galaxy.org/interpol-dwva) - This taxonomy defines common forms of abuses and entities that represent real-world actors and service that are part of a larger Darknet- and Cryptoasset Ecosystems.\n\nCategory: *dwva* - source: *https://interpol-innovation-centre.github.io/DW-VA-Taxonomy/* - total: *94* elements\n\n[[HTML](https://www.misp-galaxy.org/interpol-dwva)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/interpol-dwva.json)]\n\n## Malpedia\n\n[Malpedia](https://www.misp-galaxy.org/malpedia) - Malware galaxy cluster based on Malpedia.\n\nCategory: *tool* - source: *Malpedia* - total: *3596* elements\n\n[[HTML](https://www.misp-galaxy.org/malpedia)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/malpedia.json)]\n\n## Microsoft Activity Group actor\n\n[Microsoft Activity Group actor](https://www.misp-galaxy.org/microsoft-activity-group) - Activity groups as described by Microsoft\n\nCategory: *actor* - source: *MISP Project* - total: *79* elements\n\n[[HTML](https://www.misp-galaxy.org/microsoft-activity-group)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/microsoft-activity-group.json)]\n\n## Misinformation Pattern\n\n[Misinformation Pattern](https://www.misp-galaxy.org/misinfosec-amitt-misinformation-pattern) - AM!TT Technique\n\nCategory: *misinformation-pattern* - source: *https://github.com/misinfosecproject/amitt_framework* - total: *61* elements\n\n[[HTML](https://www.misp-galaxy.org/misinfosec-amitt-misinformation-pattern)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/misinfosec-amitt-misinformation-pattern.json)]\n\n## Analytics\n\n[Analytics](https://www.misp-galaxy.org/mitre-analytic) - ATT\u0026CK Analytics\n\nCategory: *attack-pattern* - source: *https://attack.mitre.org/analytics/* - total: *1950* elements\n\n[[HTML](https://www.misp-galaxy.org/mitre-analytic)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-analytic.json)]\n\n## MITRE ATLAS Attack Pattern\n\n[MITRE ATLAS Attack Pattern](https://www.misp-galaxy.org/mitre-atlas-attack-pattern) - MITRE ATLAS Attack Pattern - Adversarial Threat Landscape for Artificial-Intelligence Systems\n\nCategory: *attack-pattern* - source: *https://github.com/mitre-atlas/atlas-navigator-data* - total: *91* elements\n\n[[HTML](https://www.misp-galaxy.org/mitre-atlas-attack-pattern)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-atlas-attack-pattern.json)]\n\n## MITRE ATLAS Course of Action\n\n[MITRE ATLAS Course of Action](https://www.misp-galaxy.org/mitre-atlas-course-of-action) - MITRE ATLAS Mitigation - Adversarial Threat Landscape for Artificial-Intelligence Systems\n\nCategory: *course-of-action* - source: *https://github.com/mitre-atlas/atlas-navigator-data* - total: *26* elements\n\n[[HTML](https://www.misp-galaxy.org/mitre-atlas-course-of-action)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-atlas-course-of-action.json)]\n\n## Attack Pattern\n\n[Attack Pattern](https://www.misp-galaxy.org/mitre-attack-pattern) - ATT\u0026CK tactic\n\nCategory: *attack-pattern* - source: *https://github.com/mitre/cti* - total: *1242* elements\n\n[[HTML](https://www.misp-galaxy.org/mitre-attack-pattern)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-attack-pattern.json)]\n\n## Course of Action\n\n[Course of Action](https://www.misp-galaxy.org/mitre-course-of-action) - ATT\u0026CK Mitigation\n\nCategory: *course-of-action* - source: *https://github.com/mitre/cti* - total: *282* elements\n\n[[HTML](https://www.misp-galaxy.org/mitre-course-of-action)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-course-of-action.json)]\n\n## MITRE D3FEND\n\n[MITRE D3FEND](https://www.misp-galaxy.org/mitre-d3fend) - A knowledge graph of cybersecurity countermeasures.\n\nCategory: *d3fend* - source: *https://d3fend.mitre.org/* - total: *171* elements\n\n[[HTML](https://www.misp-galaxy.org/mitre-d3fend)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-d3fend.json)]\n\n## mitre-data-component\n\n[mitre-data-component](https://www.misp-galaxy.org/mitre-data-component) - Data components are parts of data sources. \n\nCategory: *data-component* - source: *https://github.com/mitre/cti* - total: *117* elements\n\n[[HTML](https://www.misp-galaxy.org/mitre-data-component)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-data-component.json)]\n\n## mitre-data-source\n\n[mitre-data-source](https://www.misp-galaxy.org/mitre-data-source) - Data sources represent the various subjects/topics of information that can be collected by sensors/logs. \n\nCategory: *data-source* - source: *https://github.com/mitre/cti* - total: *40* elements\n\n[[HTML](https://www.misp-galaxy.org/mitre-data-source)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-data-source.json)]\n\n## Detection Strategies\n\n[Detection Strategies](https://www.misp-galaxy.org/mitre-detection-strategy) - ATT\u0026CK Detection Strategies\n\nCategory: *attack-pattern* - source: *https://attack.mitre.org/detectionstrategies/* - total: *815* elements\n\n[[HTML](https://www.misp-galaxy.org/mitre-detection-strategy)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-detection-strategy.json)]\n\n## MITRE Engage Framework\n\n[MITRE Engage Framework](https://www.misp-galaxy.org/mitre-engage-framework) - This galaxy contains all parts of the MITRE Engage framework, including Activities, Approaches, Goals, and Vulnerabilities.\n\nCategory: *engage* - source: *https://engage.mitre.org* - total: *77* elements\n\n[[HTML](https://www.misp-galaxy.org/mitre-engage-framework)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-engage-framework.json)]\n\n## Assets\n\n[Assets](https://www.misp-galaxy.org/mitre-ics-assets) - A list of asset categories that are commonly found in industrial control systems.\n\nCategory: *asset* - source: *https://collaborate.mitre.org/attackics/index.php/All_Assets* - total: *7* elements\n\n[[HTML](https://www.misp-galaxy.org/mitre-ics-assets)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-ics-assets.json)]\n\n## Groups\n\n[Groups](https://www.misp-galaxy.org/mitre-ics-groups) - Groups are sets of related intrusion activity that are tracked by a common name in the security community. Groups are also sometimes referred to as campaigns or intrusion sets. Some groups have multiple names associated with the same set of activities due to various organizations tracking the same set of activities by different names. Groups are mapped to publicly reported technique use and referenced in the ATT\u0026CK for ICS knowledge base. Groups are also mapped to reported software used during intrusions.\n\nCategory: *actor* - source: *https://collaborate.mitre.org/attackics/index.php/Groups* - total: *10* elements\n\n[[HTML](https://www.misp-galaxy.org/mitre-ics-groups)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-ics-groups.json)]\n\n## Levels\n\n[Levels](https://www.misp-galaxy.org/mitre-ics-levels) - Based on the Purdue Model to aid ATT\u0026CK for ICS users to understand which techniques are applicable to their environment.\n\nCategory: *level* - source: *https://collaborate.mitre.org/attackics/index.php/All_Levels* - total: *3* elements\n\n[[HTML](https://www.misp-galaxy.org/mitre-ics-levels)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-ics-levels.json)]\n\n## Software\n\n[Software](https://www.misp-galaxy.org/mitre-ics-software) - Software is a generic term for custom or commercial code, operating system utilities, open-source software, or other tools used to conduct behavior modeled in ATT\u0026CK for ICS.\n\nCategory: *tool* - source: *https://collaborate.mitre.org/attackics/index.php/Software* - total: *17* elements\n\n[[HTML](https://www.misp-galaxy.org/mitre-ics-software)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-ics-software.json)]\n\n## Tactics\n\n[Tactics](https://www.misp-galaxy.org/mitre-ics-tactics) - A list of all 11 tactics in ATT\u0026CK for ICS\n\nCategory: *tactic* - source: *https://collaborate.mitre.org/attackics/index.php/All_Tactics* - total: *9* elements\n\n[[HTML](https://www.misp-galaxy.org/mitre-ics-tactics)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-ics-tactics.json)]\n\n## Techniques\n\n[Techniques](https://www.misp-galaxy.org/mitre-ics-techniques) - A list of Techniques in ATT\u0026CK for ICS.\n\nCategory: *attack-pattern* - source: *https://collaborate.mitre.org/attackics/index.php/All_Techniques* - total: *78* elements\n\n[[HTML](https://www.misp-galaxy.org/mitre-ics-techniques)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-ics-techniques.json)]\n\n## Intrusion Set\n\n[Intrusion Set](https://www.misp-galaxy.org/mitre-intrusion-set) - Name of ATT\u0026CK Group\n\nCategory: *actor* - source: *https://github.com/mitre/cti* - total: *189* elements\n\n[[HTML](https://www.misp-galaxy.org/mitre-intrusion-set)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-intrusion-set.json)]\n\n## Malware\n\n[Malware](https://www.misp-galaxy.org/mitre-malware) - Name of ATT\u0026CK software\n\nCategory: *tool* - source: *https://github.com/mitre/cti* - total: *815* elements\n\n[[HTML](https://www.misp-galaxy.org/mitre-malware)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-malware.json)]\n\n## mitre-tool\n\n[mitre-tool](https://www.misp-galaxy.org/mitre-tool) - Name of ATT\u0026CK software\n\nCategory: *tool* - source: *https://github.com/mitre/cti* - total: *93* elements\n\n[[HTML](https://www.misp-galaxy.org/mitre-tool)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/mitre-tool.json)]\n\n## NACE\n\n[NACE](https://www.misp-galaxy.org/nace) - version 2.1 - The Statistical Classification of Economic Activities in the European Community, commonly referred to as NACE (for the French term \"nomenclature statistique des activités économiques dans la Communauté européenne\"), is the industry standard classification system used in the European Union.\n\nCategory: *sector* - source: *https://ec.europa.eu/eurostat/web/metadata/classifications* - total: *1047* elements\n\n[[HTML](https://www.misp-galaxy.org/nace)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/nace.json)]\n\n## NAICS\n\n[NAICS](https://www.misp-galaxy.org/naics) - The North American Industry Classification System or NAICS is a classification of business establishments by type of economic activity (the process of production).\n\nCategory: *sector* - source: *North American Industry Classification System - NAICS* - total: *2125* elements\n\n[[HTML](https://www.misp-galaxy.org/naics)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/naics.json)]\n\n## NATO\n\n[NATO](https://www.misp-galaxy.org/nato) - The North Atlantic Treaty Organization, also called the North Atlantic Alliance, is an intergovernmental transnational military alliance of 32 member states—30 European and 2 North American. Established in the aftermath of World War II, the organization implements the North Atlantic Treaty, signed in Washington, D.C., on 4 April 1949. NATO is a collective security system: its independent member states agree to defend each other against attacks by third parties. \n\nCategory: *actor* - source: *North Atlantic Treaty Organization - NATO* - total: *7* elements\n\n[[HTML](https://www.misp-galaxy.org/nato)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/nato.json)]\n\n## NICE Competency areas\n\n[NICE Competency areas](https://www.misp-galaxy.org/nice-framework-competency_areas) - Competency areas based on the NIST NICE framework\n\nCategory: *workforce* - source: *https://csrc.nist.gov/pubs/sp/800/181/r1/final* - total: *11* elements\n\n[[HTML](https://www.misp-galaxy.org/nice-framework-competency_areas)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/nice-framework-competency_areas.json)]\n\n## NICE Knowledges\n\n[NICE Knowledges](https://www.misp-galaxy.org/nice-framework-knowledges) - Knowledge based on the NIST NICE framework\n\nCategory: *workforce* - source: *https://csrc.nist.gov/pubs/sp/800/181/r1/final* - total: *640* elements\n\n[[HTML](https://www.misp-galaxy.org/nice-framework-knowledges)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/nice-framework-knowledges.json)]\n\n## OPM codes in cybersecurity\n\n[OPM codes in cybersecurity](https://www.misp-galaxy.org/nice-framework-opm_codes) - Office of Personnel Management codes in cybersecurity\n\nCategory: *workforce* - source: *https://dw.opm.gov/datastandards/referenceData/2273/current* - total: *52* elements\n\n[[HTML](https://www.misp-galaxy.org/nice-framework-opm_codes)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/nice-framework-opm_codes.json)]\n\n## NICE Skills\n\n[NICE Skills](https://www.misp-galaxy.org/nice-framework-skills) - Skills based on the NIST NICE framework\n\nCategory: *workforce* - source: *https://csrc.nist.gov/pubs/sp/800/181/r1/final* - total: *556* elements\n\n[[HTML](https://www.misp-galaxy.org/nice-framework-skills)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/nice-framework-skills.json)]\n\n## NICE Tasks\n\n[NICE Tasks](https://www.misp-galaxy.org/nice-framework-tasks) - Tasks based on the NIST NICE framework\n\nCategory: *workforce* - source: *https://csrc.nist.gov/pubs/sp/800/181/r1/final* - total: *1084* elements\n\n[[HTML](https://www.misp-galaxy.org/nice-framework-tasks)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/nice-framework-tasks.json)]\n\n## NICE Work Roles\n\n[NICE Work Roles](https://www.misp-galaxy.org/nice-framework-work_roles) - Work roles based on the NIST NICE framework\n\nCategory: *workforce* - source: *https://csrc.nist.gov/pubs/sp/800/181/r1/final* - total: *52* elements\n\n[[HTML](https://www.misp-galaxy.org/nice-framework-work_roles)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/nice-framework-work_roles.json)]\n\n## o365-exchange-techniques\n\n[o365-exchange-techniques](https://www.misp-galaxy.org/o365-exchange-techniques) - o365-exchange-techniques - Office365/Exchange related techniques by @johnLaTwC and @inversecos\n\nCategory: *guidelines* - source: *Open Sources, https://www.inversecos.com/2021/09/office365-attacks-bypassing-mfa.html* - total: *62* elements\n\n[[HTML](https://www.misp-galaxy.org/o365-exchange-techniques)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/o365-exchange-techniques.json)]\n\n## online-service\n\n[online-service](https://www.misp-galaxy.org/online-service) - Known public online services.\n\nCategory: *tool* - source: *Open Sources* - total: *1* elements\n\n[[HTML](https://www.misp-galaxy.org/online-service)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/online-service.json)]\n\n## Preventive Measure\n\n[Preventive Measure](https://www.misp-galaxy.org/preventive-measure) - Preventive measures based on the ransomware document overview as published in https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml# . The preventive measures are quite generic and can fit any standard Windows infrastructure and their security measures.\n\nCategory: *measure* - source: *MISP Project* - total: *20* elements\n\n[[HTML](https://www.misp-galaxy.org/preventive-measure)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/preventive-measure.json)]\n\n## Producer\n\n[Producer](https://www.misp-galaxy.org/producer) - List of threat intelligence producer from security vendors to CERTs including any producer of intelligence at large.\n\nCategory: *actor* - source: *MISP Project* - total: *126* elements\n\n[[HTML](https://www.misp-galaxy.org/producer)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/producer.json)]\n\n## Ransomware\n\n[Ransomware](https://www.misp-galaxy.org/ransomware) - Ransomware galaxy based on different sources and maintained by the MISP Project.\n\nCategory: *tool* - source: *Various* - total: *2100* elements\n\n[[HTML](https://www.misp-galaxy.org/ransomware)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/ransomware.json)]\n\n## RAT\n\n[RAT](https://www.misp-galaxy.org/rat) - remote administration tool or remote access tool (RAT), also called sometimes remote access trojan, is a piece of software or programming that allows a remote \"operator\" to control a system as if they have physical access to that system.\n\nCategory: *tool* - source: *MISP Project* - total: *267* elements\n\n[[HTML](https://www.misp-galaxy.org/rat)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/rat.json)]\n\n## Regions UN M49\n\n[Regions UN M49](https://www.misp-galaxy.org/region) - Regions based on UN M49.\n\nCategory: *location* - source: *https://unstats.un.org/unsd/methodology/m49/overview/* - total: *32* elements\n\n[[HTML](https://www.misp-galaxy.org/region)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/region.json)]\n\n## rsit\n\n[rsit](https://www.misp-galaxy.org/rsit) - rsit\n\nCategory: *rsit* - source: *https://github.com/enisaeu/Reference-Security-Incident-Taxonomy-Task-Force* - total: *39* elements\n\n[[HTML](https://www.misp-galaxy.org/rsit)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/rsit.json)]\n\n## SCOR - About\n\n[SCOR - About](https://www.misp-galaxy.org/scor-about) - Overview entries to explain the SCOR namespace inside MISP.\n\nCategory: *meta* - source: *Project documentation* - total: *4* elements\n\n[[HTML](https://www.misp-galaxy.org/scor-about)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/scor-about.json)]\n\n## SCOR SPACE-SHIELD Mitigations\n\n[SCOR SPACE-SHIELD Mitigations](https://www.misp-galaxy.org/scor-space-shield-mitigations) - ESA SPACE-SHIELD Mitigations adapted to the SCOR namespace for operational and technical countermeasures.\n\nCategory: *mitigation* - source: *ESA SPACE-SHIELD Matrix* - total: *38* elements\n\n[[HTML](https://www.misp-galaxy.org/scor-space-shield-mitigations)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/scor-space-shield-mitigations.json)]\n\n## SCOR SPACE-SHIELD Tactics\n\n[SCOR SPACE-SHIELD Tactics](https://www.misp-galaxy.org/scor-space-shield-tactics) - ESA SPACE-SHIELD Tactics adapted to SCOR namespace for matrix rendering in MISP.\n\nCategory: *tactic* - source: *ESA SPACE-SHIELD Matrix* - total: *14* elements\n\n[[HTML](https://www.misp-galaxy.org/scor-space-shield-tactics)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/scor-space-shield-tactics.json)]\n\n## SCOR SPACE-SHIELD Techniques\n\n[SCOR SPACE-SHIELD Techniques](https://www.misp-galaxy.org/scor-space-shield-techniques) - ESA SPACE-SHIELD Techniques adapted to SCOR namespace. Each technique is mapped to one or more tactics, aligning with the ESA matrix structure.\n\nCategory: *technique* - source: *ESA SPACE-SHIELD Matrix* - total: *27* elements\n\n[[HTML](https://www.misp-galaxy.org/scor-space-shield-techniques)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/scor-space-shield-techniques.json)]\n\n## SCOR SPARTA Mitigations\n\n[SCOR SPARTA Mitigations](https://www.misp-galaxy.org/scor-sparta-mitigations) - SPARTA Mitigations cluster derived from The Aerospace Corporation’s SPARTA framework. Provides structured defensive measures against tactics and techniques used in space operations.\n\nCategory: *SCOR* - source: *https://sparta.aerospace.org/* - total: *12* elements\n\n[[HTML](https://www.misp-galaxy.org/scor-sparta-mitigations)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/scor-sparta-mitigations.json)]\n\n## SCOR SPARTA Tactics\n\n[SCOR SPARTA Tactics](https://www.misp-galaxy.org/scor-sparta-tactics) - SPARTA Tactics cluster derived from Aerospace Corporation’s SPARTA framework. These represent the adversary's tactical objectives in space attack campaigns.\n\nCategory: *SCOR* - source: *https://sparta.aerospace.org/* - total: *14* elements\n\n[[HTML](https://www.misp-galaxy.org/scor-sparta-tactics)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/scor-sparta-tactics.json)]\n\n## SCOR SPARTA Techniques\n\n[SCOR SPARTA Techniques](https://www.misp-galaxy.org/scor-sparta-techniques) - SPARTA Techniques cluster derived from Aerospace Corporation’s SPARTA STIX feed. Provides structured space threat technique taxonomy mapped to SPARTA tactics.\n\nCategory: *SCOR* - source: *https://sparta.aerospace.org/* - total: *11* elements\n\n[[HTML](https://www.misp-galaxy.org/scor-sparta-techniques)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/scor-sparta-techniques.json)]\n\n## Sector\n\n[Sector](https://www.misp-galaxy.org/sector) - Activity sectors\n\nCategory: *sector* - source: *CERT-EU* - total: *118* elements\n\n[[HTML](https://www.misp-galaxy.org/sector)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/sector.json)]\n\n## Sigma-Rules\n\n[Sigma-Rules](https://www.misp-galaxy.org/sigma-rules) - MISP galaxy cluster based on Sigma Rules.\n\nCategory: *rules* - source: *https://github.com/jstnk9/MISP/tree/main/misp-galaxy/sigma* - total: *3104* elements\n\n[[HTML](https://www.misp-galaxy.org/sigma-rules)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/sigma-rules.json)]\n\n## Dark Patterns\n\n[Dark Patterns](https://www.misp-galaxy.org/social-dark-patterns) - Dark Patterns are user interface that tricks users into making decisions that benefit the interface's holder to the expense of the user.\n\nCategory: *dark-patterns* - source: *CIRCL* - total: *19* elements\n\n[[HTML](https://www.misp-galaxy.org/social-dark-patterns)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/social-dark-patterns.json)]\n\n## SoD Matrix\n\n[SoD Matrix](https://www.misp-galaxy.org/sod-matrix) - SOD Matrix\n\nCategory: *sod-matrix* - source: *https://github.com/cudeso/SoD-Matrix* - total: *276* elements\n\n[[HTML](https://www.misp-galaxy.org/sod-matrix)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/sod-matrix.json)]\n\n## Stalkerware\n\n[Stalkerware](https://www.misp-galaxy.org/stalkerware) - A list of stalkerware and watchware.\n\nCategory: *tool* - source: *https://github.com/AssoEchap/stalkerware-indicators* - total: *170* elements\n\n[[HTML](https://www.misp-galaxy.org/stalkerware)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/stalkerware.json)]\n\n## Stealer\n\n[Stealer](https://www.misp-galaxy.org/stealer) - A list of malware stealer.\n\nCategory: *tool* - source: *Open Sources* - total: *18* elements\n\n[[HTML](https://www.misp-galaxy.org/stealer)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/stealer.json)]\n\n## Surveillance Vendor\n\n[Surveillance Vendor](https://www.misp-galaxy.org/surveillance-vendor) - List of vendors selling surveillance technologies including malware, interception devices or computer exploitation services.\n\nCategory: *actor* - source: *MISP Project* - total: *615* elements\n\n[[HTML](https://www.misp-galaxy.org/surveillance-vendor)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/surveillance-vendor.json)]\n\n## Target Information\n\n[Target Information](https://www.misp-galaxy.org/target-information) - Description of targets of threat actors.\n\nCategory: *target* - source: *Various* - total: *241* elements\n\n[[HTML](https://www.misp-galaxy.org/target-information)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/target-information.json)]\n\n## TDS\n\n[TDS](https://www.misp-galaxy.org/tds) - TDS is a list of Traffic Direction System used by adversaries\n\nCategory: *tool* - source: *MISP Project* - total: *11* elements\n\n[[HTML](https://www.misp-galaxy.org/tds)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tds.json)]\n\n## Tea Matrix\n\n[Tea Matrix](https://www.misp-galaxy.org/tea-matrix) - Tea Matrix\n\nCategory: *tea-matrix* - source: ** - total: *7* elements\n\n[[HTML](https://www.misp-galaxy.org/tea-matrix)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tea-matrix.json)]\n\n## Canada Listed Terrorist Entities\n\n[Canada Listed Terrorist Entities](https://www.misp-galaxy.org/terrorist-groups) - Entities listed under Canada's Criminal Code as terrorist entities.\n\nCategory: *threat-actor* - source: *https://www.publicsafety.gc.ca/cnt/_xml/lstd-ntts-eng.xml* - total: *90* elements\n\n[[HTML](https://www.misp-galaxy.org/terrorist-groups)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/terrorist-groups.json)]\n\n## Threat Actor\n\n[Threat Actor](https://www.misp-galaxy.org/threat-actor) - Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign. threat-actor-classification meta can be used to clarify the understanding of the threat-actor if also considered as operation, campaign or activity group.\n\nCategory: *actor* - source: *MISP Project* - total: *963* elements\n\n[[HTML](https://www.misp-galaxy.org/threat-actor)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/threat-actor.json)]\n\n## Tidal Campaigns\n\n[Tidal Campaigns](https://www.misp-galaxy.org/tidal-campaigns) - Tidal Campaigns Cluster\n\nCategory: *Campaigns* - source: *https://app-api.tidalcyber.com/api/v1/campaigns/* - total: *157* elements\n\n[[HTML](https://www.misp-galaxy.org/tidal-campaigns)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tidal-campaigns.json)]\n\n## Tidal Groups\n\n[Tidal Groups](https://www.misp-galaxy.org/tidal-groups) - Tidal Groups Galaxy\n\nCategory: *Threat Groups* - source: *https://app-api.tidalcyber.com/api/v1/groups/* - total: *281* elements\n\n[[HTML](https://www.misp-galaxy.org/tidal-groups)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tidal-groups.json)]\n\n## Tidal References\n\n[Tidal References](https://www.misp-galaxy.org/tidal-references) - Tidal References Cluster\n\nCategory: *References* - source: *https://app-api.tidalcyber.com/api/v1/references/* - total: *5219* elements\n\n[[HTML](https://www.misp-galaxy.org/tidal-references)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tidal-references.json)]\n\n## Tidal Software\n\n[Tidal Software](https://www.misp-galaxy.org/tidal-software) - Tidal Software Cluster\n\nCategory: *Software* - source: *https://app-api.tidalcyber.com/api/v1/software/* - total: *1321* elements\n\n[[HTML](https://www.misp-galaxy.org/tidal-software)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tidal-software.json)]\n\n## Tidal Tactic\n\n[Tidal Tactic](https://www.misp-galaxy.org/tidal-tactic) - Tidal Tactic Cluster\n\nCategory: *Tactic* - source: *https://app-api.tidalcyber.com/api/v1/tactic/* - total: *14* elements\n\n[[HTML](https://www.misp-galaxy.org/tidal-tactic)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tidal-tactic.json)]\n\n## Tidal Technique\n\n[Tidal Technique](https://www.misp-galaxy.org/tidal-technique) - Tidal Technique Cluster\n\nCategory: *Technique* - source: *https://app-api.tidalcyber.com/api/v1/technique/* - total: *211* elements\n\n[[HTML](https://www.misp-galaxy.org/tidal-technique)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tidal-technique.json)]\n\n## Threat Matrix for storage services\n\n[Threat Matrix for storage services](https://www.misp-galaxy.org/tmss) - Microsoft Defender for Cloud threat matrix for storage services contains attack tactics, techniques and mitigations relevant storage services delivered by cloud providers.\n\nCategory: *tmss* - source: *https://github.com/microsoft/Threat-matrix-for-storage-services* - total: *40* elements\n\n[[HTML](https://www.misp-galaxy.org/tmss)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tmss.json)]\n\n## Tool\n\n[Tool](https://www.misp-galaxy.org/tool) - threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.\n\nCategory: *tool* - source: *MISP Project* - total: *606* elements\n\n[[HTML](https://www.misp-galaxy.org/tool)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/tool.json)]\n\n## UAVs/UCAVs\n\n[UAVs/UCAVs](https://www.misp-galaxy.org/uavs) - OSINT Database of Unmanned Combat Aerial Vehicle\n\nCategory: *Military equipment* - source: *OSINT* - total: *735* elements\n\n[[HTML](https://www.misp-galaxy.org/uavs)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/uavs.json)]\n\n## UKHSA Culture Collections\n\n[UKHSA Culture Collections](https://www.misp-galaxy.org/ukhsa-culture-collections) - UK Health Security Agency Culture Collections represent deposits of cultures that consist of expertly preserved, authenticated cell lines and microbial strains of known provenance.\n\nCategory: *virus* - source: *https://www.culturecollections.org.uk* - total: *6638* elements\n\n[[HTML](https://www.misp-galaxy.org/ukhsa-culture-collections)] - [[JSON](https://github.com/MISP/misp-galaxy/blob/main/clusters/ukhsa-culture-collections.json)]\n\n\n# Online documentation\n\nThe [misp-galaxy.org](https://misp-galaxy.org) website provides an easily navigable resource for all MISP galaxy clusters.\n\nA [readable PDF overview of the MISP galaxy is available](https://www.misp.software/galaxy.pdf) or [HTML](https://www.misp.software/galaxy.html) and generated from the JSON.\n\n## How to contribute?\n\n- [Read the contribution document](CONTRIBUTE.md)\n\n## License\n\nThe MISP galaxy (JSON files) are dual-licensed under:\n\n- [CC0 1.0 Universal](https://creativecommons.org/publicdomain/zero/1.0/legalcode) (CC0 1.0) - Public Domain Dedication.\n\nor\n\n~~~~\n Copyright (c) 2015-2025 Alexandre Dulaunoy - a@foo.be\n Copyright (c) 2015-2025 CIRCL - Computer Incident Response Center Luxembourg\n Copyright (c) 2015-2025 Andras Iklody\n Copyright (c) 2015-2025 Raphael Vinot\n Copyright (c) 2015-2025 Deborah Servili\n Copyright (c) 2016-2025 Various contributors to MISP Project\n\n Redistribution and use in source and binary forms, with or without modification,\n are permitted provided that the following conditions are met:\n\n    1. Redistributions of source code must retain the above copyright notice,\n       this list of conditions and the following disclaimer.\n    2. Redistributions in binary form must reproduce the above copyright notice,\n       this list of conditions and the following disclaimer in the documentation\n       and/or other materials provided with the distribution.\n\n THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS IS\" AND\n ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED\n WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.\n IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,\n INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,\n BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF\n LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED\n OF THE POSSIBILITY OF SUCH DAMAGE.\n~~~~~\n","funding_links":[],"categories":["Blue Team"],"sub_categories":["Threat Hunting"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FMISP%2Fmisp-galaxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FMISP%2Fmisp-galaxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FMISP%2Fmisp-galaxy/lists"}