Commit graph

432 commits

Author SHA1 Message Date
2a70893352
chg: [jq] JSON fixed 2020-04-27 15:03:25 +02:00
de Rosen
a428ad565e Added misp info 2020-04-27 15:16:33 +03:00
86157a6b96
Merge pull request #539 from r0ny123/MergingTA
Adding alias Thallium and merging STOLEN PENCIL
2020-04-26 21:16:56 +02:00
Rony
112f9e4a08
Adding alias Thallium and merging STOLEN PENCIL
Pretty much confirmed from the crowdstrike talk at ATT&CKon 2.0.
And also Netscout named the campaign as STOLEN PENCIL.
2020-04-26 23:47:37 +05:30
de71a444f8
chg: [json] add missing comma 2020-04-26 14:23:59 +02:00
rvs1st
d449eb94fc
Update threat-actor.json
Added on line 1403: Trident per campaign malicious RTF documents to exploit CVE-2017-11882 and CVE-2012-0158
2020-04-24 09:03:58 -05:00
4234d44052
Merge pull request #537 from danielplohmann/patch-28
Adding Nazar APT as described by JAGS in his OPCDE talk yesterday.
2020-04-24 15:33:47 +02:00
Daniel Plohmann
858621ebdc
Adding Nazar APT as described by JAGS in his OPCDE talk yesterday. 2020-04-23 15:47:35 +02:00
Daniel Plohmann
b0f0bbae33
adding VOYEUR as alias (used by NSA) for MAGIC KITTEN (source reference included) 2020-04-23 14:52:08 +02:00
itayc0hen
667d5b8850 Add ItaDuke/DarkUniverse actor 2020-04-22 19:44:38 +03:00
pnx@pyrite
974ece3a7c adding FIN1 2020-04-20 14:20:22 +02:00
Rony
aa34775390
typo
thanks to @patricksvgr
2020-04-19 23:17:44 +05:30
Rony
ddfa280672
Update threat-actor.json 2020-04-19 23:06:57 +05:30
Rony
7ac2648dbc
more fix 2020-04-19 23:00:42 +05:30
Rony
573b4807ee
fix broken links 2020-04-19 16:03:21 +05:30
Rony
42a4820823
dead link 2020-04-19 11:45:45 +05:30
Rony
0aa34187e9
add link 2020-04-19 11:29:36 +05:30
Rony
d6bf42254f
Merging APT23 & Tropic Trooper 2020-04-18 13:22:25 +05:30
Rony
c161080175
Update threat-actor.json 2020-04-15 21:36:48 +05:30
Daniel Plohmann
aba625dee5
removed duplicate entry 2020-04-07 08:49:33 +02:00
Daniel Plohmann
e15a4a6525
fixing/removing some more dead links 2020-04-06 15:25:22 +02:00
e37f320df5
Merge pull request #523 from danielplohmann/patch-24
adding aliases MERCURY, HOLMIUM
2020-03-09 21:56:27 +01:00
Daniel Plohmann
ab49ef3c1a
Kimsuki -> Black Banshee
PWC refers to Kimsuki as Black Banshee (https://www.pwc.co.uk/issues/cyber-security-data-privacy/research/tracking-kimsuky-north-korea-based-cyber-espionage-group-part-2.html)
2020-03-09 18:20:56 +01:00
Daniel Plohmann
1260ab156a
adding aliases MERCURY, HOLMIUM
Muddywater->MERCURY: https://twitter.com/moranned/status/1234071210822184960
APT33->HOLMIUM: https://www.zdnet.com/article/microsoft-notified-10000-victims-of-nation-state-attacks/
2020-03-09 08:50:08 +01:00
4a64d0a4ad
Merge pull request #519 from danielplohmann/crowdstrike2020report
adding new/updated threat actor names from CrowdStrike 2020 report
2020-03-05 09:07:16 +01:00
Daniel Plohmann (jupiter)
0c2b0b76eb while we are at it, we can also do Longhorn = APT-C-39 2020-03-04 21:09:06 +01:00
Daniel Plohmann (jupiter)
184f193342 IMPERIAL KITTEN as alias for Tortoiseshell 2020-03-04 19:39:14 +01:00
pnx@pyrite
3dc460e795 adding new/updated threat actor names from CrowdStrike 2020 report 2020-03-04 13:36:34 +01:00
Daniel Plohmann
dc059d1f4d
Accenture calls APT32 - "POND LOACH" 2020-03-03 19:40:50 +01:00
b4b91b1e5d
chg: [threat-actor] JSON fixed 2020-02-28 16:37:24 +01:00
Thomas Dupuy
0daeb675f5 Add InvisiMole cluster 2020-02-18 13:28:32 -05:00
Daniel Plohmann
e481e9bb50
adding APT-C-12 2020-02-13 17:44:45 +01:00
Rony
22c9badee0
Update threat-actor.json
those are the name of aliases of the same malware family sykipot. so removing it.
2020-02-05 18:00:31 +05:30
Deborah Servili
5da17d51aa
Merge branch 'master' into master 2020-01-24 09:33:33 +01:00
Deborah Servili
606e3ec90f
jq 2020-01-24 09:32:09 +01:00
Deborah Servili
58415324c5
add Operation Wocao 2020-01-24 08:27:20 +01:00
Thomas Dupuy
edc5196373 Add Attor and DePriMon 2020-01-23 11:27:00 -05:00
Daniel Plohmann
ccfe5ee130
removing and fixing deadlinks in the best possible way
Hi! While migrating Malpedia to our new reference data format, we noticed a few potentially dead/moved references in your cluster. This pull request should fix most of them, for some I was not able to find an appropriate replacement.
2020-01-23 11:14:20 +01:00
Daniel Plohmann
29a128da6f
adding references and TEMP.MixMaster as alias for WIZARD SPIDER
with kudos to @tbarabosch
2020-01-22 15:42:01 +01:00
dbaab413b6
chg: [threat-actor] typo fixed 2020-01-18 17:30:27 +01:00
564f27c5ca
chg: [threat-actor] format fixed 2020-01-18 17:26:45 +01:00
34c5c66279
chg: [threat-actor] fix order 2020-01-18 17:08:32 +01:00
8eeceafc51
chg: [threat-actor] Budminer APT added based on document from "Soesanto, Stefan"
Ref: https://www.research-collection.ethz.ch/bitstream/handle/20.500.11850/389371/1/Cyber-Reports-2020-01-A-one-sided-Affair.pdf
Ref: https://www.symantec.com/connect/blogs/taiwan-targeted-new-cyberespionage-back-door-trojan
2020-01-18 17:02:44 +01:00
5da0c7bd54
chg: [threat-actor] SideWinder APT group added 2020-01-07 10:42:07 +01:00
StefanKelm
9b6f9136f9
Update threat-actor.json 2020-01-03 12:50:49 +01:00
StefanKelm
9373cfcb53
Update threat-actor.json
BRONZE PRESIDENT
2020-01-03 12:42:57 +01:00
Rony
6b1142abac
Update threat-actor.json 2019-12-23 22:05:28 +05:30
Bart
8ebb2e2d16
Update threat-actor.json
Adds Operation Wocao..
2019-12-19 21:42:02 +01:00
9f56a91013
Merge pull request #492 from Delta-Sierra/master
Operation Soft Cell ralated Updates
2019-12-13 13:35:52 +01:00
Deborah Servili
03c54a3e05
add GALLIUM as microsoft activities group and similar to Operation Soft Cell 2019-12-13 11:47:31 +01:00