Skip to content

MISP Galaxy 2024110700 has been released with many updates and improvements

Latest
Latest
Compare
Choose a tag to compare
@adulau adulau released this 07 Nov 08:15
· 49 commits to main since this release
2024110700
This tag was signed with the committer’s verified signature.
adulau Alexandre Dulaunoy
GPG key ID: 09E2CD4944E6CBCD
Learn about vigilant mode.
a2bfccf
This commit was signed with the committer’s verified signature.
adulau Alexandre Dulaunoy
GPG key ID: 09E2CD4944E6CBCD
Learn about vigilant mode.

MISP Galaxy Release Notes

Release Date: November 7, 2024

Overview:

This release introduces a variety of updates and enhancements to the MISP galaxy and clusters. Highlights include updates to threat actor clusters, the addition of new ransomware groups, and improvements to documentation.

🔗 GitHub repository - https://github.com/MISP/misp-galaxy
🔗 Public website - https://www.misp-galaxy.org/

Screenshot from 2024-11-07 09-14-41

Key Updates:

  1. New Threat Actor Additions and Updates:

    • Added new threat actors such as Blackmeta, DarkRaaS, TaskMasters, SongXY, CeranaKeeper, Awaken Likho, SkidSec, and others.
    • Alias additions for notable actors like APT10, AridViper, and others.
    • Relations and cross-references were established between actors, enhancing the intelligence structure (e.g., Earth Estries and GhostEmperor).

  2. Ransomware Cluster Updates:

    • Comprehensive updates were made to ransomware clusters, reflecting the latest developments and threat intelligence. This cluster is inline with ransomlook.io group information.

  3. Documentation Improvements:

    • README files updated for clarity and improved user guidance.

  4. Cluster Enhancements:

    • "Operation Cobalt Whisper" was added, expanding the range of documented operations.

  5. Producer and Sigma Updates:

    • Added producers such as Recorded Future, Cyble, Cyfirma, and others.
    • Updated Sigma rules and related documentation.

Main contributors for this release:

  • Alexandre Dulaunoy
  • Mathieu4141
  • Delta-Sierra
  • Rony
  • Jean-Louis Huynen

Conclusion:

This release solidifies MISP’s capacity for handling current threat intelligence needs by adding valuable new actors, refining existing documentation, and improving the overall user experience with comprehensive updates.

Notes about tagging

Starting with this release, misp-galaxy will be tagged using the %Y%m%d00 format for each new version. This change enables users to easily verify whether they are using the latest release. The versioning is now independent of the MISP core software, as the project is also utilized as a standalone tool in various other applications.

Assets 2
Loading