well currently im off site (not at clients place) im planning to head over there, even checking the darknet (though barely even scratching the surface) nothing found.
my plan is to check the ransom note, looking for any indicators, then checking for the origin
currently my misp instance is not connected to other instances, im utilizing the feed system.
@rommelfs It already is: https://github.com/MISP/misp-taxonomies/blob/master/iep/machinetag.json
I just don't see anybody tagging events with it.