Hide Navigation Hide TOC

MISP Galaxy

The MISP galaxy offers a streamlined approach for representing large entities, known as clusters, which can be linked to MISP events or attributes. Each cluster consists of one or more elements, represented as key-value pairs. MISP galaxy comes with a default knowledge base, encompassing areas like Threat Actors, Tools, Ransomware, and ATT&CK matrices. However, users have the flexibility to modify, update, replace, or share these elements according to their needs.

Clusters and vocabularies within MISP galaxy can be utilized in their original form or as a foundational knowledge base. The distribution settings for each cluster can be adjusted, allowing for either restricted or wide dissemination.

Additionally, MISP galaxies enable the representation of existing standards like the MITRE ATT&CK™ framework, as well as custom matrices.

The aim is to provide a core set of clusters for organizations embarking on analysis, which can be further tailored to include localized, private information or additional, shareable data.

Clusters serve as an open and freely accessible knowledge base, which can be utilized and expanded within MISP or other threat intelligence platforms.

Publicly available clusters

• 360.net Threat Actors

• Ammunitions

• Android

• Azure Threat Research Matrix

• attck4fraud

• Backdoor

• Banker

• Bhadra Framework

• Botnet

• Branded Vulnerability

• Cancer

• Cert EU GovSector

• China Defence Universities Tracker

• CONCORDIA Mobile Modelling Framework - Attack Pattern

• Country

• Cryptominers

• Actor Types

• Countermeasures

• Detections

• Techniques

• Election guidelines

• Exploit-Kit

• Firearms

• FIRST DNS Abuse Techniques Matrix

• Handicap

• Intelligence Agencies

• INTERPOL DWVA Taxonomy

• Malpedia

• Microsoft Activity Group actor

• Misinformation Pattern

• MITRE ATLAS Attack Pattern

• MITRE ATLAS Course of Action

• Attack Pattern

• Course of Action

• mitre-data-component

• mitre-data-source

• Assets

• Groups

• Levels

• Software

• Tactics

• Intrusion Set

• Malware

• mitre-tool

• NAICS

• o365-exchange-techniques

• online-service

• Preventive Measure

• Producer

• Ransomware

• RAT

• Regions UN M49

• rsit

• Sector

• Sigma-Rules

• Dark Patterns

• SoD Matrix

• Stealer

• Surveillance Vendor

• Target Information

• TDS

• Tea Matrix

• Threat Actor

• Tidal Campaigns

• Tidal Groups

• Tidal References

• Tidal Software

• Tidal Tactic

• Tidal Technique

• Threat Matrix for storage services

• Tool

• UAVs/UCAVs

• UKHSA Culture Collections

Statistics

You can find some statistics about MISP galaxies here.

Contributing

In the dynamic realm of threat intelligence, a variety of models and approaches exist to systematically organize, categorize, and delineate threat actors, hazards, or activity groups. We embrace innovative methodologies for articulating threat intelligence. The galaxy model is particularly versatile, enabling you to leverage and integrate methodologies that you trust and are already utilizing within your organization or community.

We encourage collaboration and contributions to the MISP Galaxy JSON files. Feel free to fork the project, enhance existing elements or clusters, or introduce new ones. Your insights are valuable - share them with us through a pull-request.