MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-23 07:17:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

replace "sector" tag with "country" for matching data. this allows to be confirm with existing clusters.

Browse source
This commit is contained in:
Tobias Mainka 2023-04-19 12:38:37 +02:00 committed by GitHub
parent ccc8f0f801
commit 8d2b9537f1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 44 additions and 44 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

88
clusters/microsoft-activity-group.json
View file

@ -325,7 +325,7 @@
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"sector": "China", "country": "CN",
"synonyms": [ "synonyms": [
"APT41", "APT41",
"BARIUM" "BARIUM"
@ -339,7 +339,7 @@
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"sector": "China", "country": "CN",
"synonyms": [ "synonyms": [
"CHROMIUM", "CHROMIUM",
"ControlX" "ControlX"
@ -353,7 +353,7 @@
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"sector": "China", "country": "CN",
"synonyms": [ "synonyms": [
"DEV-0322" "DEV-0322"
] ]
@ -366,7 +366,7 @@
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"sector": "China", "country": "CN",
"synonyms": [ "synonyms": [
"APT40", "APT40",
"GADOLINIUM", "GADOLINIUM",
@ -383,7 +383,7 @@
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"sector": "China", "country": "CN",
"synonyms": [ "synonyms": [
"GALLIUM" "GALLIUM"
] ]
@ -396,7 +396,7 @@
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"sector": "China", "country": "CN",
"synonyms": [ "synonyms": [
"DEV-0234" "DEV-0234"
] ]
@ -409,7 +409,7 @@
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"sector": "China", "country": "CN",
"synonyms": [ "synonyms": [
"APT5", "APT5",
"Keyhole Panda", "Keyhole Panda",
@ -425,7 +425,7 @@
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"sector": "China", "country": "CN",
"synonyms": [ "synonyms": [
"APT15", "APT15",
"NICKEL", "NICKEL",
@ -441,7 +441,7 @@
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"sector": "China", "country": "CN",
"synonyms": [ "synonyms": [
"APT30", "APT30",
"LotusBlossom", "LotusBlossom",
@ -456,7 +456,7 @@
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"sector": "China", "country": "CN",
"synonyms": [ "synonyms": [
"HAFNIUM" "HAFNIUM"
] ]
@ -469,7 +469,7 @@
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"sector": "China", "country": "CN",
"synonyms": [ "synonyms": [
"APT31", "APT31",
"ZIRCONIUM" "ZIRCONIUM"
@ -669,7 +669,7 @@
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"sector": "Iran", "country": "IR",
"synonyms": [ "synonyms": [
"NEPTUNIUM", "NEPTUNIUM",
"Vice Leaker" "Vice Leaker"
@ -683,7 +683,7 @@
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"sector": "Iran", "country": "IR",
"synonyms": [ "synonyms": [
"CURIUM", "CURIUM",
"TA456", "TA456",
@ -698,7 +698,7 @@
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"sector": "Iran", "country": "IR",
"synonyms": [ "synonyms": [
"DEV-0228" "DEV-0228"
] ]
@ -711,7 +711,7 @@
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"sector": "Iran", "country": "IR",
"synonyms": [ "synonyms": [
"DEV-0343" "DEV-0343"
] ]
@ -724,7 +724,7 @@
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"sector": "Iran", "country": "IR",
"synonyms": [ "synonyms": [
"APT34", "APT34",
"Cobalt Gypsy", "Cobalt Gypsy",
@ -740,7 +740,7 @@
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"sector": "Iran", "country": "IR",
"synonyms": [ "synonyms": [
"Fox Kitten", "Fox Kitten",
"PioneerKitten", "PioneerKitten",
@ -756,7 +756,7 @@
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"sector": "Iran", "country": "IR",
"synonyms": [ "synonyms": [
"MERCURY", "MERCURY",
"MuddyWater", "MuddyWater",
@ -773,7 +773,7 @@
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"sector": "Iran", "country": "IR",
"synonyms": [ "synonyms": [
"DEV-0500", "DEV-0500",
"Moses Staff" "Moses Staff"
@ -787,7 +787,7 @@
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"sector": "Iran", "country": "IR",
"synonyms": [ "synonyms": [
"APT35", "APT35",
"Charming Kitten", "Charming Kitten",
@ -802,7 +802,7 @@
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"sector": "Iran", "country": "IR",
"synonyms": [ "synonyms": [
"APT33", "APT33",
"HOLMIUM", "HOLMIUM",
@ -817,7 +817,7 @@
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"sector": "Iran", "country": "IR",
"synonyms": [ "synonyms": [
"AMERICIUM", "AMERICIUM",
"Agrius", "Agrius",
@ -834,7 +834,7 @@
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"sector": "Iran", "country": "IR",
"synonyms": [ "synonyms": [
"DEV-0146", "DEV-0146",
"ZeroCleare" "ZeroCleare"
@ -848,7 +848,7 @@
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"sector": "Iran", "country": "IR",
"synonyms": [ "synonyms": [
"BOHRIUM" "BOHRIUM"
] ]
@ -861,7 +861,7 @@
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"sector": "Lebanon", "country": "LB",
"synonyms": [ "synonyms": [
"POLONIUM" "POLONIUM"
] ]
@ -874,7 +874,7 @@
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"sector": "North Korea", "country": "KP",
"synonyms": [ "synonyms": [
"Labyrinth Chollima", "Labyrinth Chollima",
"Lazarus", "Lazarus",
@ -889,7 +889,7 @@
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"sector": "North Korea", "country": "KP",
"synonyms": [ "synonyms": [
"Kimsuky", "Kimsuky",
"THALLIUM", "THALLIUM",
@ -904,7 +904,7 @@
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"sector": "North Korea", "country": "KP",
"synonyms": [ "synonyms": [
"Konni", "Konni",
"OSMIUM" "OSMIUM"
@ -918,7 +918,7 @@
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"sector": "North Korea", "country": "KP",
"synonyms": [ "synonyms": [
"LAWRENCIUM" "LAWRENCIUM"
] ]
@ -931,7 +931,7 @@
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"sector": "North Korea", "country": "KP",
"synonyms": [ "synonyms": [
"CERIUM" "CERIUM"
] ]
@ -944,7 +944,7 @@
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"sector": "North Korea", "country": "KP",
"synonyms": [ "synonyms": [
"BlueNoroff", "BlueNoroff",
"COPERNICIUM", "COPERNICIUM",
@ -959,7 +959,7 @@
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"sector": "North Korea", "country": "KP",
"synonyms": [ "synonyms": [
"DEV-0530", "DEV-0530",
"H0lyGh0st" "H0lyGh0st"
@ -1029,7 +1029,7 @@
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"sector": "Russia", "country": "RU",
"synonyms": [ "synonyms": [
"ACTINIUM", "ACTINIUM",
"Gamaredon", "Gamaredon",
@ -1045,7 +1045,7 @@
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"sector": "Russia", "country": "RU",
"synonyms": [ "synonyms": [
"DEV-0586" "DEV-0586"
] ]
@ -1058,7 +1058,7 @@
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"sector": "Russia", "country": "RU",
"synonyms": [ "synonyms": [
"APT28", "APT28",
"Fancy Bear", "Fancy Bear",
@ -1073,7 +1073,7 @@
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"sector": "Russia", "country": "RU",
"synonyms": [ "synonyms": [
"BROMINE", "BROMINE",
"Crouching Yeti", "Crouching Yeti",
@ -1088,7 +1088,7 @@
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"sector": "Russia", "country": "RU",
"synonyms": [ "synonyms": [
"APT29", "APT29",
"Cozy Bear", "Cozy Bear",
@ -1103,7 +1103,7 @@
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"sector": "Russia", "country": "RU",
"synonyms": [ "synonyms": [
"IRIDIUM", "IRIDIUM",
"Sandworm" "Sandworm"
@ -1117,7 +1117,7 @@
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"sector": "Russia", "country": "RU",
"synonyms": [ "synonyms": [
"Callisto", "Callisto",
"Reuse Team", "Reuse Team",
@ -1132,7 +1132,7 @@
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"sector": "Russia", "country": "RU",
"synonyms": [ "synonyms": [
"DEV-0665" "DEV-0665"
] ]
@ -1145,7 +1145,7 @@
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"sector": "South Korea", "country": "KR",
"synonyms": [ "synonyms": [
"DUBNIUM", "DUBNIUM",
"Dark Hotel", "Dark Hotel",
@ -1160,7 +1160,7 @@
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"sector": "Turkey", "country": "TR",
"synonyms": [ "synonyms": [
"SILICON", "SILICON",
"Sea Turtle" "Sea Turtle"
@ -1174,7 +1174,7 @@
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"sector": "Vietnam", "country": "VN",
"synonyms": [ "synonyms": [
"APT32", "APT32",
"BISMUTH", "BISMUTH",
@ -1185,5 +1185,5 @@
"value": "Canvas Cyclone" "value": "Canvas Cyclone"
} }
], ],
"version": 12 "version": 13
} }