diff options
| author | W. Kosior <koszko@koszko.org> | 2025-01-09 02:17:23 +0100 |
|---|---|---|
| committer | W. Kosior <koszko@koszko.org> | 2025-01-09 02:17:23 +0100 |
| commit | 640517a91c588e259357c739e30edb91f02e523a (patch) | |
| tree | 174af6d8fea699f96855e570226a2bb90643176c | |
| parent | 871fc15f7ffe06cb69a8168ac4e53baea81c2dfa (diff) | |
| download | AGH-threat-intel-course-640517a91c588e259357c739e30edb91f02e523a.tar.gz AGH-threat-intel-course-640517a91c588e259357c739e30edb91f02e523a.zip | |
also generate motives table
| -rw-r--r-- | Makefile | 19 | ||||
| -rwxr-xr-x | countries_motives_sectors_tables.py (renamed from sectors_countries_tables.py) | 29 | ||||
| -rw-r--r-- | motives_table_doc.tex | 30 |
3 files changed, 66 insertions, 12 deletions
@@ -17,8 +17,9 @@ DEFAULT_TARGETS = \ blackobird_scraped_profiles.yaml \ tables.pdf \ techniques_table_doc.pdf \ - sectors_table_doc.pdf \ countries_table_doc.pdf \ + motives_table_doc.pdf \ + sectors_table_doc.pdf all: $(DEFAULT_TARGETS) .PHONY: all @@ -61,15 +62,19 @@ techniques_table.tex: techniques_table.py profiles_with_scraped_info.yaml $(PYTHON) $^ > $@ # hack -sector country: +country motive sector: true -.PHONY: sector country +.PHONY: country motive sector -countries_table.tex: sectors_countries_tables.py country \ +countries_table.tex: countries_motives_sectors_tables.py country \ blackobird_scraped_profiles.yaml $(PYTHON) $^ > $@ -sectors_table.tex: sectors_countries_tables.py sector \ +sectors_table.tex: countries_motives_sectors_tables.py sector \ + blackobird_scraped_profiles.yaml + $(PYTHON) $^ > $@ + +motives_table.tex: countries_motives_sectors_tables.py motive \ blackobird_scraped_profiles.yaml $(PYTHON) $^ > $@ @@ -79,8 +84,8 @@ sectors_table.tex: sectors_countries_tables.py sector \ th-proj-archive.tar.gz: Makefile profiles.yaml scrape_mitre_groups_info.py \ tables.md techniques_table_doc.tex techniques_table.py \ sectors_table_doc.tex countries_table_doc.tex \ - sectors_countries_tables.py threats_by_sector_table.py tlp.tex \ - $(DEFAULT_TARGETS) + countries_motives_sectors_tables.py threats_by_sector_table.py \ + tlp.tex $(DEFAULT_TARGETS) tar --transform='s|^|th-proj-archive/|' \ --mtime=1970-01-01T00:00:00-00:00 --group=0 --owner=0 \ -czf $@ $^ diff --git a/sectors_countries_tables.py b/countries_motives_sectors_tables.py index 87b4d35..d90a57c 100755 --- a/sectors_countries_tables.py +++ b/countries_motives_sectors_tables.py @@ -16,7 +16,8 @@ origin_labels = { type_keys = { "country": "countries", - "sector": "sectors" + "sector": "sectors", + "motive": "motives" } trait_label_makers = { @@ -37,7 +38,13 @@ trait_label_makers = { "thinktanks": "think-tanks", "bitcoinexchanges": "cryptocurrency", "lawenforcement": "law enforcement" - }.get(sector, sector)) + }.get(sector, sector)), + "motive": (lambda motive: + { + "informationtheftandespionage": "information theft and espionage", + "sabotageanddestruction": "sabotage and destruction", + "financialcrime": "financial crime" + }[motive]) } trait_filters = { @@ -51,7 +58,8 @@ trait_filters = { "sejonginstitute", "ministryofunification", "koreainstitutefordefenseanalyses", "chineseinstitutionsabroad" - ]) + ]), + "motive": (lambda motive, score: True) } def read_APT_data(yaml_path): @@ -61,16 +69,27 @@ def read_APT_data(yaml_path): else: return yaml.safe_load(sys.stdin) -table_type = sys.argv[1] # "country" or "sector" +table_type = sys.argv[1] # "country", "sector" or "motive" groups_data = read_APT_data(None if len(sys.argv) < 3 else sys.argv[2]) groups_by_origin = {} groups_by_trait_by_origin = {} +# Hand-picked groups that appear not to be state-sponsored. +ignored_groups = [ + "Buhtrap", "Corkow", "FIN7", "Lurk", "MoneyTaker", "RTM", "Lunar Spider", + "Rocke", "Wizard Spider", "TA505", "DoppelSpider", "Dungeon Spider", + "GuruSpider", "Indrik Spider", "MontySpider", "OperationWindigo", + "PachaGroup", "PinchySpider", "Rocke", "SaltySpider", "Yingmob", + "ZombieSpider", "Avalanche", "Boss Spider", "CobaltGroup", + "Cron", "GCMAN", "RetefeGang", "SharkSpider", "VenomSpider" +] + for group in groups_data["groups"]: - if group["origin"] not in origin_labels: + if group["origin"] not in origin_labels or group["name"] in ignored_groups: continue + origin = group["origin"] groups_by_origin[origin] = groups_by_origin.get(origin, []) + [group] diff --git a/motives_table_doc.tex b/motives_table_doc.tex new file mode 100644 index 0000000..707f62d --- /dev/null +++ b/motives_table_doc.tex @@ -0,0 +1,30 @@ +%% SPDX-License-Identifier: CC0-1.0 +%% +%% This LaTeX source is copyright (C) 2024, 2025 W. Kosior <koszko@koszko.org> + +\documentclass{article} + +\usepackage[a4paper, total={6in, 8in}, margin=1in]{geometry} +\usepackage[skip=10pt plus1pt, indent=20pt]{parskip} +\usepackage{longtable} +\usepackage[table]{xcolor} +\usepackage{hyperref} +\hypersetup{ + colorlinks, + urlcolor={blue!80!black} +} +\usepackage{textcomp} + +\input{tlp.tex} + +\title{Statistics of groups with particular motivation} + +\author{Wojciech Kosior} + +\begin{document} + +\useTLPFancyHeader{CLEAR} + +\input{motives_table.tex} + +\end{document} |