PRISM is a comprehensive psychological profiling system for Advanced Persistent Threat (APT) groups that combines psychological assessment frameworks with cybersecurity threat intelligence. The system provides detailed behavioral analysis, defense recommendations, and operational profiles for major APT groups based on psychological traits and attack patterns.
PRISM/
├── aptGroups/ # APT group profiles and cluster analysis
│ ├── aptGroupsEN.json # English APT group profiles
│ ├── aptGroupsES.json # Spanish APT group profiles
│ ├── aptGroupsSources.json # APT group sources and references
│ ├── ClusterProfileEN.json # English cluster profiles
│ └── ClusterProfileES.json # Spanish cluster profiles
└── base/ # Base psychological framework
├── baseAdviceEN.json # English psychological advice framework
└── baseAdviceES.json # Spanish psychological advice framework
Each APT group profile contains:
- Basic Information: ID, name, last update date, version
- Summary: Detailed description of the group's activities and characteristics
- Target Profile Tags: Sectors and organizations typically targeted
- Psychological Assessment:
- Big Five Personality Traits: Openness, Conscientiousness, Extraversion, Agreeableness, Neuroticism
- Dark Tetrad Traits: Machiavellianism, Narcissism, Psychopathy, Sadism
- Recommendations: Defense strategies and mitigation techniques
- Reference Cases: Notable incidents and campaigns
Groups APT organizations into psychological clusters:
- Silent Manipulative Innovators: Stealth-focused groups (APT29, APT38)
- Noisy/Narcissistic Manipulative Innovators: High-visibility groups (APT28, APT44)
- Balanced Manipulative Innovators: Hybrid groups (APT41)
Each cluster includes:
- Macro psychological profile
- Central personality traits
- Operational characteristics
- Specific defense strategies
Provides the foundational psychological assessment system:
- Trait Indicators: Behavioral manifestations of each personality trait
- Defense Recommendations: Specific mitigation strategies for each trait level
- Scoring System: 1-5 scale for each psychological dimension
- Openness (1-5): Innovation and adaptability in TTPs
- Conscientiousness (1-5): Planning and operational discipline
- Extraversion (1-5): Communication and visibility patterns
- Agreeableness (1-5): Target selection and attack methodology
- Neuroticism (1-5): Response to detection and operational stress
- Machiavellianism (1-5): Manipulation and deception capabilities
- Narcissism (1-5): Need for recognition and visibility
- Psychopathy (1-5): Risk tolerance and operational aggression
- Sadism (1-5): Destructive behavior and collateral damage
- Threat Intelligence: Understanding APT group motivations and behaviors
- Defense Planning: Tailoring security strategies to specific threat profiles
- Incident Response: Predicting attacker behavior during active incidents
- Risk Assessment: Evaluating organizational risk based on threat actor profiles
- Security Training: Educating teams on psychological aspects of cyber threats
The system currently profiles major APT groups including:
- APT29 (Cozy Bear / The Dukes)
- APT28 (Fancy Bear / Sofacy / Pawn Storm)
- APT38 (Lazarus subgroup)
- APT41 (Barium / Winnti)
- APT44 (Sandworm Team)
The repository provides content in both English and Spanish versions for all major files, enabling international use and collaboration.
This system is designed to be extensible. New APT groups can be added following the established JSON schema, and psychological assessments can be updated based on new intelligence and behavioral analysis.
[Add appropriate license information]
[Add contact information for maintainers]