Skip to main content

Intelligence Update Queue

This page summarizes the latest no-key public CTI feed pull. It is a review queue, not an automatic source of truth.

Feed candidates must be reviewed before they are promoted into data/sources.csv, actor profiles, evidence records, TTP mappings, hunts, or detections.

Generated: 2026-05-16

Connected Feeds

  • MITRE ATT&CK Enterprise STIX: actor taxonomy and modified-date drift checks.
  • CISA Known Exploited Vulnerabilities: exposure-prioritization leads.
  • CISA Cybersecurity Advisories RSS: new government advisory leads.
  • Optional: OTX subscribed pulses when OTX_API_KEY is configured.
  • Optional: MISP and OpenCTI connector targets when trusted instance secrets are configured.

Summary

MetricValue
Total candidates32
FEED-CISA-ADVISORIES candidates13
FEED-CISA-KEV candidates1
FEED-MISP-OPTIONAL candidates1
FEED-MITRE-ATTACK-ENTERPRISE candidates15
FEED-OPENCTI-OPTIONAL candidates1
FEED-OTX-OPTIONAL candidates1
Needs analyst review28
Needs exposure review1
Not configured3

Candidate Review Rules

  • Treat feed items as collection leads until a human analyst reviews source relevance.
  • Do not create actor attribution from KEV or surface matches alone.
  • Use CISA KEV matches for exposure review and asset-owner routing first.
  • Use MITRE matches to check alias, description, and technique drift.
  • Add a normal source/evidence record before changing an actor page or detection mapping.

Actor Update Candidates

ActorCandidatesFeedsLatest candidate date
G00491FEED-MITRE-ATTACK-ENTERPRISE2026-05-12
G00591FEED-MITRE-ATTACK-ENTERPRISE2026-05-12
G00691FEED-MITRE-ATTACK-ENTERPRISE2026-05-12
G00871FEED-MITRE-ATTACK-ENTERPRISE2024-04-11
G10011FEED-MITRE-ATTACK-ENTERPRISE2026-05-12
G10281FEED-MITRE-ATTACK-ENTERPRISE2024-11-17
G10301FEED-MITRE-ATTACK-ENTERPRISE2024-08-29
G10441FEED-MITRE-ATTACK-ENTERPRISE2026-05-12
HANDALA1FEED-MITRE-ATTACK-ENTERPRISE2026-05-12
IMPERIALKITTEN1FEED-MITRE-ATTACK-ENTERPRISE2024-10-02
LEBANESECEDAR1FEED-MITRE-ATTACK-ENTERPRISE2025-04-16
PIONEERKITTEN1FEED-MITRE-ATTACK-ENTERPRISE2026-05-12
TA4022FEED-MITRE-ATTACK-ENTERPRISE2025-04-18
WIRTE1FEED-MITRE-ATTACK-ENTERPRISE2026-04-23

Surface And Exposure Candidates

Candidate TypeCandidatesFeedsMatched terms
Government advisory13FEED-CISA-ADVISORIESf5, hmi, ivanti, microsoft exchange, palo alto, plc
Known exploited vulnerability1FEED-CISA-KEVmicrosoft exchange
Optional connector status3FEED-MISP-OPTIONAL, FEED-OPENCTI-OPTIONAL, FEED-OTX-OPTIONALNone

Current Candidates

CandidateFeedActorTypeTitleDateStatus
UPD-CISA-ADV-SURFACE-55b87a3084FEED-CISA-ADVISORIESSurfaceGovernment advisoryABB AC500 V3 Multiple VulnerabilitiesTue, 12 May 26 12:00:00 +0000Needs analyst review
UPD-CISA-ADV-SURFACE-9ca9b26be0FEED-CISA-ADVISORIESSurfaceGovernment advisoryABB AC500 V3 Stack Buffer Overflow in Cryptographic Message SyntaxTue, 12 May 26 12:00:00 +0000Needs analyst review
UPD-CISA-ADV-SURFACE-43e003f77fFEED-CISA-ADVISORIESSurfaceGovernment advisoryABB Automation Builder Gateway for WindowsTue, 12 May 26 12:00:00 +0000Needs analyst review
UPD-CISA-ADV-SURFACE-ea26b4b278FEED-CISA-ADVISORIESSurfaceGovernment advisoryABB WebPro SNMP Card PowerValue Multiple VulnerabilitiesTue, 12 May 26 12:00:00 +0000Needs analyst review
UPD-CISA-ADV-SURFACE-8f5dc67818FEED-CISA-ADVISORIESSurfaceGovernment advisoryCISA Adds One Known Exploited Vulnerability to CatalogFri, 15 May 26 12:00:00 +0000Needs analyst review
UPD-CISA-ADV-SURFACE-acf8a28800FEED-CISA-ADVISORIESSurfaceGovernment advisoryCISA Adds One Known Exploited Vulnerability to CatalogThu, 07 May 26 12:00:00 +0000Needs analyst review
UPD-CISA-ADV-SURFACE-c2651eadf6FEED-CISA-ADVISORIESSurfaceGovernment advisoryCISA Adds One Known Exploited Vulnerability to CatalogWed, 06 May 26 12:00:00 +0000Needs analyst review
UPD-CISA-ADV-SURFACE-51f61e1dc4FEED-CISA-ADVISORIESSurfaceGovernment advisorySiemens Ruggedcom RoxThu, 14 May 26 12:00:00 +0000Needs analyst review
UPD-CISA-ADV-SURFACE-2fb9ad63bbFEED-CISA-ADVISORIESSurfaceGovernment advisorySiemens Ruggedcom RoxThu, 14 May 26 12:00:00 +0000Needs analyst review
UPD-CISA-ADV-SURFACE-c2c9316d00FEED-CISA-ADVISORIESSurfaceGovernment advisorySiemens Ruggedcom RoxThu, 14 May 26 12:00:00 +0000Needs analyst review
UPD-CISA-ADV-SURFACE-5bb347d672FEED-CISA-ADVISORIESSurfaceGovernment advisorySiemens SIMATICThu, 14 May 26 12:00:00 +0000Needs analyst review
UPD-CISA-ADV-SURFACE-5860784a6eFEED-CISA-ADVISORIESSurfaceGovernment advisorySiemens SIMATICThu, 14 May 26 12:00:00 +0000Needs analyst review
UPD-CISA-ADV-SURFACE-ff7824dc56FEED-CISA-ADVISORIESSurfaceGovernment advisorySiemens SIMATIC S7 PLC Web ServerThu, 14 May 26 12:00:00 +0000Needs analyst review
UPD-KEV-CVE-2026-42897FEED-CISA-KEVSurfaceKnown exploited vulnerabilityCVE-2026-42897 - Microsoft Exchange Server Cross-Site Scripting Vulnerability2026-05-15Needs exposure review
UPD-CONNECTOR-FEED-MISP-OPTIONALFEED-MISP-OPTIONALSurfaceOptional connector statusMISP events2026-05-16Not configured
UPD-MITRE-G0049-60c08f71f0FEED-MITRE-ATTACK-ENTERPRISEG0049ATT&CK intrusion-set taxonomy updateOilRig2026-05-12Needs analyst review
UPD-MITRE-G0059-2eecb5256cFEED-MITRE-ATTACK-ENTERPRISEG0059ATT&CK intrusion-set taxonomy updateMagic Hound2026-05-12Needs analyst review
UPD-MITRE-G0069-03689cb0daFEED-MITRE-ATTACK-ENTERPRISEG0069ATT&CK intrusion-set taxonomy updateMuddyWater2026-05-12Needs analyst review
UPD-MITRE-G0087-01a9c7eebfFEED-MITRE-ATTACK-ENTERPRISEG0087ATT&CK intrusion-set taxonomy updateAPT392024-04-11Needs analyst review
UPD-MITRE-G1001-14a09dbf66FEED-MITRE-ATTACK-ENTERPRISEG1001ATT&CK intrusion-set taxonomy updateHEXANE2026-05-12Needs analyst review
UPD-MITRE-G1028-581b0024c5FEED-MITRE-ATTACK-ENTERPRISEG1028ATT&CK intrusion-set taxonomy updateAPT-C-232024-11-17Needs analyst review
UPD-MITRE-G1030-e96f8e578dFEED-MITRE-ATTACK-ENTERPRISEG1030ATT&CK intrusion-set taxonomy updateAgrius2024-08-29Needs analyst review
UPD-MITRE-G1044-e3ed64de89FEED-MITRE-ATTACK-ENTERPRISEG1044ATT&CK intrusion-set taxonomy updateAPT422026-05-12Needs analyst review
UPD-MITRE-HANDALA-72d63c6f04FEED-MITRE-ATTACK-ENTERPRISEHANDALAATT&CK intrusion-set taxonomy updateVOID MANTICORE2026-05-12Needs analyst review
UPD-MITRE-IMPERIALKITTEN-bbb6cea576FEED-MITRE-ATTACK-ENTERPRISEIMPERIALKITTENATT&CK intrusion-set taxonomy updateCURIUM2024-10-02Needs analyst review
UPD-MITRE-LEBANESECEDAR-872e0d8dcfFEED-MITRE-ATTACK-ENTERPRISELEBANESECEDARATT&CK intrusion-set taxonomy updateVolatile Cedar2025-04-16Needs analyst review
UPD-MITRE-PIONEERKITTEN-03d5c9032eFEED-MITRE-ATTACK-ENTERPRISEPIONEERKITTENATT&CK intrusion-set taxonomy updateFox Kitten2026-05-12Needs analyst review
UPD-MITRE-TA402-976749cc0aFEED-MITRE-ATTACK-ENTERPRISETA402ATT&CK intrusion-set taxonomy updateFrankenstein2025-04-18Needs analyst review
UPD-MITRE-TA402-65b917d7e7FEED-MITRE-ATTACK-ENTERPRISETA402ATT&CK intrusion-set taxonomy updateMolerats2024-11-17Needs analyst review
UPD-MITRE-WIRTE-7cc1aa86dbFEED-MITRE-ATTACK-ENTERPRISEWIRTEATT&CK intrusion-set taxonomy updateWIRTE2026-04-23Needs analyst review
UPD-CONNECTOR-FEED-OPENCTI-OPTIONALFEED-OPENCTI-OPTIONALSurfaceOptional connector statusOpenCTI indicators and reports2026-05-16Not configured
UPD-CONNECTOR-FEED-OTX-OPTIONALFEED-OTX-OPTIONALSurfaceOptional connector statusAlienVault OTX pulses2026-05-16Not configured

Machine-readable queue: data/intel-update-candidates.csv.

Feed definitions: data/intel-feeds.csv.