MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-26 16:57:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

chg: [microsoft-activity-group] jq all the things

Browse source
This commit is contained in:
Alexandre Dulaunoy 2023-04-19 16:23:02 +02:00
parent 4277fd393e
commit bf7005c1c3
Signed by: adulau
GPG key ID: 09E2CD4944E6CBCD
1 changed files with 43 additions and 43 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

86
clusters/microsoft-activity-group.json
View file

@ -322,10 +322,10 @@
}, },
{ {
"meta": { "meta": {
"country": "CN",
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"country": "CN",
"synonyms": [ "synonyms": [
"APT41", "APT41",
"BARIUM" "BARIUM"
@ -336,10 +336,10 @@
}, },
{ {
"meta": { "meta": {
"country": "CN",
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"country": "CN",
"synonyms": [ "synonyms": [
"CHROMIUM", "CHROMIUM",
"ControlX" "ControlX"
@ -350,10 +350,10 @@
}, },
{ {
"meta": { "meta": {
"country": "CN",
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"country": "CN",
"synonyms": [ "synonyms": [
"DEV-0322" "DEV-0322"
] ]
@ -363,10 +363,10 @@
}, },
{ {
"meta": { "meta": {
"country": "CN",
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"country": "CN",
"synonyms": [ "synonyms": [
"APT40", "APT40",
"GADOLINIUM", "GADOLINIUM",
@ -380,10 +380,10 @@
}, },
{ {
"meta": { "meta": {
"country": "CN",
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"country": "CN",
"synonyms": [ "synonyms": [
"GALLIUM" "GALLIUM"
] ]
@ -393,10 +393,10 @@
}, },
{ {
"meta": { "meta": {
"country": "CN",
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"country": "CN",
"synonyms": [ "synonyms": [
"DEV-0234" "DEV-0234"
] ]
@ -406,10 +406,10 @@
}, },
{ {
"meta": { "meta": {
"country": "CN",
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"country": "CN",
"synonyms": [ "synonyms": [
"APT5", "APT5",
"Keyhole Panda", "Keyhole Panda",
@ -422,10 +422,10 @@
}, },
{ {
"meta": { "meta": {
"country": "CN",
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"country": "CN",
"synonyms": [ "synonyms": [
"APT15", "APT15",
"NICKEL", "NICKEL",
@ -438,10 +438,10 @@
}, },
{ {
"meta": { "meta": {
"country": "CN",
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"country": "CN",
"synonyms": [ "synonyms": [
"APT30", "APT30",
"LotusBlossom", "LotusBlossom",
@ -453,10 +453,10 @@
}, },
{ {
"meta": { "meta": {
"country": "CN",
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"country": "CN",
"synonyms": [ "synonyms": [
"HAFNIUM" "HAFNIUM"
] ]
@ -466,10 +466,10 @@
}, },
{ {
"meta": { "meta": {
"country": "CN",
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"country": "CN",
"synonyms": [ "synonyms": [
"APT31", "APT31",
"ZIRCONIUM" "ZIRCONIUM"
@ -666,10 +666,10 @@
}, },
{ {
"meta": { "meta": {
"country": "IR",
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"country": "IR",
"synonyms": [ "synonyms": [
"NEPTUNIUM", "NEPTUNIUM",
"Vice Leaker" "Vice Leaker"
@ -680,10 +680,10 @@
}, },
{ {
"meta": { "meta": {
"country": "IR",
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"country": "IR",
"synonyms": [ "synonyms": [
"CURIUM", "CURIUM",
"TA456", "TA456",
@ -695,10 +695,10 @@
}, },
{ {
"meta": { "meta": {
"country": "IR",
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"country": "IR",
"synonyms": [ "synonyms": [
"DEV-0228" "DEV-0228"
] ]
@ -708,10 +708,10 @@
}, },
{ {
"meta": { "meta": {
"country": "IR",
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"country": "IR",
"synonyms": [ "synonyms": [
"DEV-0343" "DEV-0343"
] ]
@ -721,10 +721,10 @@
}, },
{ {
"meta": { "meta": {
"country": "IR",
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"country": "IR",
"synonyms": [ "synonyms": [
"APT34", "APT34",
"Cobalt Gypsy", "Cobalt Gypsy",
@ -737,10 +737,10 @@
}, },
{ {
"meta": { "meta": {
"country": "IR",
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"country": "IR",
"synonyms": [ "synonyms": [
"Fox Kitten", "Fox Kitten",
"PioneerKitten", "PioneerKitten",
@ -753,10 +753,10 @@
}, },
{ {
"meta": { "meta": {
"country": "IR",
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"country": "IR",
"synonyms": [ "synonyms": [
"MERCURY", "MERCURY",
"MuddyWater", "MuddyWater",
@ -770,10 +770,10 @@
}, },
{ {
"meta": { "meta": {
"country": "IR",
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"country": "IR",
"synonyms": [ "synonyms": [
"DEV-0500", "DEV-0500",
"Moses Staff" "Moses Staff"
@ -784,10 +784,10 @@
}, },
{ {
"meta": { "meta": {
"country": "IR",
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"country": "IR",
"synonyms": [ "synonyms": [
"APT35", "APT35",
"Charming Kitten", "Charming Kitten",
@ -799,10 +799,10 @@
}, },
{ {
"meta": { "meta": {
"country": "IR",
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"country": "IR",
"synonyms": [ "synonyms": [
"APT33", "APT33",
"HOLMIUM", "HOLMIUM",
@ -814,10 +814,10 @@
}, },
{ {
"meta": { "meta": {
"country": "IR",
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"country": "IR",
"synonyms": [ "synonyms": [
"AMERICIUM", "AMERICIUM",
"Agrius", "Agrius",
@ -831,10 +831,10 @@
}, },
{ {
"meta": { "meta": {
"country": "IR",
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"country": "IR",
"synonyms": [ "synonyms": [
"DEV-0146", "DEV-0146",
"ZeroCleare" "ZeroCleare"
@ -845,10 +845,10 @@
}, },
{ {
"meta": { "meta": {
"country": "IR",
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"country": "IR",
"synonyms": [ "synonyms": [
"BOHRIUM" "BOHRIUM"
] ]
@ -858,10 +858,10 @@
}, },
{ {
"meta": { "meta": {
"country": "LB",
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"country": "LB",
"synonyms": [ "synonyms": [
"POLONIUM" "POLONIUM"
] ]
@ -871,10 +871,10 @@
}, },
{ {
"meta": { "meta": {
"country": "KP",
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"country": "KP",
"synonyms": [ "synonyms": [
"Labyrinth Chollima", "Labyrinth Chollima",
"Lazarus", "Lazarus",
@ -886,10 +886,10 @@
}, },
{ {
"meta": { "meta": {
"country": "KP",
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"country": "KP",
"synonyms": [ "synonyms": [
"Kimsuky", "Kimsuky",
"THALLIUM", "THALLIUM",
@ -901,10 +901,10 @@
}, },
{ {
"meta": { "meta": {
"country": "KP",
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"country": "KP",
"synonyms": [ "synonyms": [
"Konni", "Konni",
"OSMIUM" "OSMIUM"
@ -915,10 +915,10 @@
}, },
{ {
"meta": { "meta": {
"country": "KP",
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"country": "KP",
"synonyms": [ "synonyms": [
"LAWRENCIUM" "LAWRENCIUM"
] ]
@ -928,10 +928,10 @@
}, },
{ {
"meta": { "meta": {
"country": "KP",
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"country": "KP",
"synonyms": [ "synonyms": [
"CERIUM" "CERIUM"
] ]
@ -941,10 +941,10 @@
}, },
{ {
"meta": { "meta": {
"country": "KP",
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"country": "KP",
"synonyms": [ "synonyms": [
"BlueNoroff", "BlueNoroff",
"COPERNICIUM", "COPERNICIUM",
@ -956,10 +956,10 @@
}, },
{ {
"meta": { "meta": {
"country": "KP",
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"country": "KP",
"synonyms": [ "synonyms": [
"DEV-0530", "DEV-0530",
"H0lyGh0st" "H0lyGh0st"
@ -1026,10 +1026,10 @@
}, },
{ {
"meta": { "meta": {
"country": "RU",
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"country": "RU",
"synonyms": [ "synonyms": [
"ACTINIUM", "ACTINIUM",
"Gamaredon", "Gamaredon",
@ -1042,10 +1042,10 @@
}, },
{ {
"meta": { "meta": {
"country": "RU",
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"country": "RU",
"synonyms": [ "synonyms": [
"DEV-0586" "DEV-0586"
] ]
@ -1055,10 +1055,10 @@
}, },
{ {
"meta": { "meta": {
"country": "RU",
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"country": "RU",
"synonyms": [ "synonyms": [
"APT28", "APT28",
"Fancy Bear", "Fancy Bear",
@ -1070,10 +1070,10 @@
}, },
{ {
"meta": { "meta": {
"country": "RU",
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"country": "RU",
"synonyms": [ "synonyms": [
"BROMINE", "BROMINE",
"Crouching Yeti", "Crouching Yeti",
@ -1085,10 +1085,10 @@
}, },
{ {
"meta": { "meta": {
"country": "RU",
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"country": "RU",
"synonyms": [ "synonyms": [
"APT29", "APT29",
"Cozy Bear", "Cozy Bear",
@ -1100,10 +1100,10 @@
}, },
{ {
"meta": { "meta": {
"country": "RU",
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"country": "RU",
"synonyms": [ "synonyms": [
"IRIDIUM", "IRIDIUM",
"Sandworm" "Sandworm"
@ -1114,10 +1114,10 @@
}, },
{ {
"meta": { "meta": {
"country": "RU",
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"country": "RU",
"synonyms": [ "synonyms": [
"Callisto", "Callisto",
"Reuse Team", "Reuse Team",
@ -1129,10 +1129,10 @@
}, },
{ {
"meta": { "meta": {
"country": "RU",
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"country": "RU",
"synonyms": [ "synonyms": [
"DEV-0665" "DEV-0665"
] ]
@ -1142,10 +1142,10 @@
}, },
{ {
"meta": { "meta": {
"country": "KR",
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"country": "KR",
"synonyms": [ "synonyms": [
"DUBNIUM", "DUBNIUM",
"Dark Hotel", "Dark Hotel",
@ -1157,10 +1157,10 @@
}, },
{ {
"meta": { "meta": {
"country": "TR",
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"country": "TR",
"synonyms": [ "synonyms": [
"SILICON", "SILICON",
"Sea Turtle" "Sea Turtle"
@ -1171,10 +1171,10 @@
}, },
{ {
"meta": { "meta": {
"country": "VN",
"refs": [ "refs": [
"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide" "https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide"
], ],
"country": "VN",
"synonyms": [ "synonyms": [
"APT32", "APT32",
"BISMUTH", "BISMUTH",