The RH-ISAC intelligence team is publishing a catalog of the most prominent and prolific threat groups targeting our community as a resource for analysts. The catalog will be available via the RH-ISAC MISP instance and will include useful data on threat groups, including:
- Known aliases
- Background information and a brief history
- Prominent open-source incidents attributed to the group
- Known tactics, techniques, and procedures (TTPs) leveraged by the group
- Any available indicators of compromise (IOCs) attributed to the group
- Data Sources
Publishing Cadence
The threat actor profiles will be published to MISP on a rolling basis, with the first profile, focusing on FIN6, going live this week. Following the launch of the catalog and the first profile, new profiles will be rolled out regularly, to allow for time to focus on enriching the profile data of each group with input from the community in turn.
Member Input
RH-ISAC will be seeking input from the member analyst community, including any non-public incidents, IOCs, TTPs, or other data that member analysts may have. Member contributions to the threat actor profile catalog can be attributed to member analysts or anonymous. Members who wish to contribute data to threat actor profiles should contact the intel team.
Updates and Maintenance
Threat actor profiles will be updated by the RH-ISAC intel team as new data emerges on the groups. New groups will be added to the catalog as necessary, based on their prevalence and threat level to the RH-ISAC community. Members may contribute new data for profiles at any time for inclusion by the intel team.
The threat actor catalog is available on RH-ISAC’s Member Exchange for RH-ISAC members. Not a member? Learn how becoming a part of the RH-ISAC community could benefit you.
