Rony
8ce0df6eb4
Update threat-actor.json
...
Merge aquatic panda & earth lusca
2022-07-25 17:15:23 +05:30
6b6398bf2d
fix: [threat-actor] incorrect merge fixed
2022-07-20 18:45:50 +02:00
b4ce9a9453
Merge branch 'main' of https://github.com/r0ny123/misp-galaxy into r0ny123-main
2022-07-20 18:41:27 +02:00
Rony
add6b27466
update
2022-07-20 21:39:33 +05:30
Rony
2b54df56f9
update
2022-07-20 21:32:11 +05:30
Rony
2e045d9c8c
chg: [fix] resolve conflict
2022-07-20 21:28:15 +05:30
Daniel Plohmann
5825783a85
removed duplicate UUID for Kinsing
...
my apologies, looks like I had not rolled a new UUID for one of the entries added...
2022-07-20 17:07:05 +02:00
Rony
932fcf1871
added Red Nue
2022-07-20 15:07:35 +05:30
Rony
082039b3b0
added CN actors from secureworks threat profile
...
https://www.secureworks.com/research/threat-profiles?filter=item-china and fixed some AKAs
2022-07-20 14:52:58 +05:30
Daniel Plohmann
ed32c508b7
added more Unit 42 aliases / groups
2022-07-20 08:38:03 +02:00
Rony
000bfe92d9
add APT9/Red Pegasus & BRONZE EDGEWOOD/Red Hariasa
2022-07-20 10:04:58 +05:30
Rony
2e8a577b0c
add PwC naming to CN actors
2022-07-20 09:45:21 +05:30
Rony
3fabd58416
chg: [threat-actor] fixed
2022-07-19 23:36:30 +05:30
Rony
79c84d3768
add Earth Berberoka, Earth Lusca and Earth Wendigo
2022-07-19 22:42:50 +05:30
Daniel Plohmann
082d506b64
adding new Unit 42 names
...
First PR: those are the directly mappable names. I will follow up after deconfliction and then with a few new entries.
2022-07-19 08:45:09 +02:00
Daniel Plohmann
240a757826
Update threat-actor.json
...
adding Predatory Sparrow due to recent events.
2022-07-13 10:02:07 +02:00
Thomas Dupuy
90da0d798f
Set country to LB instead of IR based on operational activity.
2022-07-12 16:21:41 +00:00
Thomas Dupuy
1a8835bcae
Remove list from POLONIUM TA.
2022-07-12 13:11:11 +00:00
Thomas Dupuy
a86d866534
Add POLONIUM TA.
2022-07-12 12:14:27 +00:00
Delta-Sierra
7e37fa0cdd
merge + update medusalocker
2022-07-06 09:28:46 +02:00
Delta-Sierra
c2e7ef4fab
Update Medusa Locker and others
2022-07-06 08:43:59 +02:00
Mathieu Beligon
693eed8d78
[threat actor] Break Cleaver aliases into respective entries
2022-07-04 14:05:29 +02:00
Mathieu Beligon
d63c990dad
[threat-actors] Separate ITSecTeam from Cleaver
2022-06-30 14:34:05 +02:00
Mathieu Beligon
b8d4ffdbde
Merge Cutting Kitten and Cleaver
2022-06-29 20:15:12 +02:00
Mathieu Beligon
d79c5bd1ab
Add ToddyCat Threat actor
2022-06-21 15:12:42 +02:00
Rony
c030fcdab6
chg: [threat-actor] added PwC naming for Indian actors
...
https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf
2022-06-11 15:46:54 +05:30
Thanat0s
44a99d066a
Y en a un peut plus je vous le mets quand meme ?
2022-06-11 04:24:04 -04:00
Thanat0s
57befd7259
jq all the things
2022-06-10 19:12:12 -04:00
Thanat0s
51f98f4706
Attck link + typo on TA551
2022-06-10 18:40:16 -04:00
Thanat0s
f97fee7135
Typo on TA551
2022-06-10 18:38:25 -04:00
Thanat0s
297acc0f5e
Add Mitre vs Thales RosettaStone
2022-06-10 18:24:15 -04:00
Rony
e916267c7c
chg: [threat-actor] add reference to bitter & sidewinder group
2022-06-08 23:22:17 +05:30
Mathieu Beligon
dca70783bf
[threat-actors] validate file
2022-05-23 11:32:24 +02:00
Mathieu Beligon
c1cfc19871
[threat actors] Remove dead link for sandworm threat actor
2022-05-23 11:30:04 +02:00
Mathieu Beligon
36a1466661
[threat-actors] Add RansomHouse
2022-05-23 11:29:39 +02:00
Rony
2721522e82
chg: [threat-actor] add exotic lily, ta578, ta579
2022-05-14 20:52:15 +05:30
fcdc6c86e6
chg: [threat-actor] add TG2003 synomym to Elephant Beetle
2022-05-09 14:24:28 +02:00
9130365e2e
chg: [threat-actor] Elephant Beetle added
...
Fix #708
2022-05-09 14:23:12 +02:00
bb434b11cf
chg: [threat-actor] ModifiedElephant added
...
Fix #709
2022-05-09 14:16:01 +02:00
06550a7945
chg: [threat-actor] fix refs field -> it's always an array
2022-05-09 13:46:16 +02:00
b67e3ed3f8
Merge branch 'threatactor-cosmiclynx-add' of https://github.com/adammchugh/MISP-Galaxy-Updates into adammchugh-threatactor-cosmiclynx-add
2022-05-09 13:43:44 +02:00
Rony
c0be6677c2
chg: [threat-actor] added actor Red Menshen
...
https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf
2022-05-07 15:44:10 +05:30
Rony
11eca69ebc
chg: [threat-actor] added Curious Gorge
2022-05-07 12:40:35 +05:30
Daniel Plohmann
26c1850377
Update threat-actor.json
...
adding Red Dev 4 as alias for GALLIUM as used by PwC.
2022-05-06 09:47:48 +02:00
Daniel Plohmann
06c293072c
Update threat-actor.json
...
adding UNC3524 to the actor galaxy cluster.
2022-05-04 13:21:56 +02:00
3c7
0ad65fbe9f
Forgot to jq all the things
2022-04-28 09:42:25 +02:00
3c7
dfb6c0668e
Added SaintBear
2022-04-28 09:36:25 +02:00
664f6d80cc
chg: [threat-actor] Killnet description added
2022-04-21 15:05:50 +02:00
1e383e2452
chg: [threat-actor] version updated
2022-04-21 14:53:14 +02:00
Mathieu Beligon
c8455a6c4d
[actors] Add killnet
2022-04-21 14:06:28 +02:00
Adam McHugh
53a0fc56d3
Added Cosmic Lynx Threat Actor from Agari Whitepaper advisory
2022-04-18 10:16:26 +09:30
Adam McHugh
84eac4b102
Added Cosmic Lynx Threat Actor from Agari Whitepaper advisory
2022-04-17 19:50:08 +09:30
Adam McHugh
cff8a38c5f
Added Copy-Paste Threat Actor from ACSC Advisory 2020-008
2022-04-17 19:37:26 +09:30
Thomas Dupuy
bd05eb0bba
upd: [cluster] add Threat Actor BladeHawk.
2022-04-11 17:03:19 +00:00
Thomas Dupuy
209391f110
upd: [cluster] add ref and synonyms for Energetic Bear.
2022-04-07 18:26:58 +00:00
Rony
a08ddaf548
Add Avivore & HAZY TIGER/Bitter
2022-04-02 01:14:18 +05:30
Rony
50f39edc10
Revert "update threat actors meta"
2022-04-02 00:55:38 +05:30
Delta-Sierra
73f71c8b15
dup
2022-04-01 16:51:27 +02:00
Delta-Sierra
fb557fd3a2
dup
2022-04-01 16:47:50 +02:00
Delta-Sierra
909fc09992
duplicate
2022-04-01 16:44:47 +02:00
Delta-Sierra
7c3e8ac068
fix duplicate
2022-04-01 16:40:40 +02:00
Delta-Sierra
dcc396108c
fix duplicate
2022-04-01 16:36:47 +02:00
Delta-Sierra
9257fb677b
merge
2022-04-01 16:32:10 +02:00
Delta-Sierra
0f7803b091
update threat actors meta
2022-04-01 16:00:27 +02:00
Mathieu Beligon
c35fad3291
Add threat actor group Scarab
2022-03-28 12:11:34 +02:00
Daniel Plohmann
24a3f16ab4
adding threat actor group LAPSUS$ / DEV-0537.
2022-03-23 09:47:10 +01:00
Delta-Sierra
97690426bf
update threat actors meta
2022-03-18 16:41:10 +01:00
7fd5715715
Merge pull request #691 from r0ny123/indian-adversaries
...
Update to Indian Adversaries
2022-03-15 12:28:16 +01:00
Rony
eebda5f955
chg: [threat-actor] merging viceroy tiger and donot team & adding SectorE02 as an alias of Donot team
2022-03-15 15:02:57 +05:30
Rony
ac72e7b639
fix
2022-03-15 14:00:46 +05:30
Rony
3b67e745e5
Update threat-actor.json
2022-03-15 13:57:00 +05:30
Delta-Sierra
957327383d
fix array
2022-03-07 16:10:53 +01:00
Delta-Sierra
a7f3df8a9a
merge
2022-03-07 16:04:38 +01:00
Delta-Sierra
8fd3c87b47
update threat actors meta
2022-03-07 15:54:29 +01:00
8e09c9b30c
Merge pull request #685 from danielplohmann/patch-14
...
adding threat actor "Moses Staff"
2022-03-02 21:43:00 +01:00
Daniel Plohmann
896a451461
fixed with linted JSON.
2022-03-02 21:22:28 +01:00
Daniel Plohmann
a817324cd4
adding threat actor "Moses Staff"
2022-03-02 15:50:39 +01:00
Mathieu Beligon
0b456b8afa
version bump -> 213
2022-03-02 14:55:26 +01:00
Mathieu Beligon
d3d241ca54
Update Gamaredon target
2022-03-02 14:55:19 +01:00
Mathieu Beligon
27c05a118e
Update GhostWriter
2022-03-02 13:16:20 +01:00
Delta-Sierra
c909a35d65
Merge https://github.com/MISP/misp-galaxy into main
2022-02-18 10:57:10 +01:00
Delta-Sierra
a788c867a7
jq
2022-02-18 10:56:07 +01:00
Delta-Sierra
b0cd884afc
add TA2541
2022-02-18 10:54:25 +01:00
Daniel Plohmann
321e4b4a57
another Gamaredon ref and version bump
2022-02-18 08:26:01 +01:00
Daniel Plohmann
254dd47a61
adding ACTINIUM as MSFT name for Gamaredon
2022-02-18 08:24:35 +01:00
Delta-Sierra
9b76d71c43
Merge https://github.com/MISP/misp-galaxy into main
2022-02-14 08:47:21 +01:00
Delta-Sierra
3184819968
add DDG botnet and more
2022-02-11 16:13:36 +01:00
rwe
4700780d47
added antlion APT group
2022-02-05 04:52:33 -08:00
Daniel Plohmann
833a6e0a8d
updated URLs for Gamaredon with Shuckworm alias reference
2022-02-02 09:40:10 +01:00
Daniel Plohmann
8f928d8eb3
adding Gamaredon alias Shuckworm used by Symantec
2022-02-02 09:35:53 +01:00
Delta-Sierra
e523bdaf70
merge
2022-01-14 16:08:14 +01:00
Thomas Dupuy
c792bdd1b7
Add AQUATIC PANDA threat actor.
2022-01-12 13:51:11 -05:00
Sami Tainio
dcb87b0dc6
chg: [threat-actor] Add SideCopy
2022-01-07 17:45:41 +02:00
Daniel Plohmann
3094283252
adding Mandiant's FIN13.
2022-01-03 09:32:43 +01:00
Delta-Sierra
bb92427b65
add Lyceum synonyms/sources
2021-11-29 12:05:51 +01:00
Jeroen Pinoy
9ec76ae185
Add threat actor common raven
2021-10-03 23:30:20 +02:00
Thomas Dupuy
89a3f986ba
Add InkySquid synonym.
2021-08-24 16:29:34 +02:00
Daniel Plohmann
3272960a14
fixed typo in actor name (CLOCKWORD -> CLOCKWORK SPIDER)
2021-08-19 06:02:40 +02:00
Rony
5dd0c7d8b3
chg: [threat-actor] add origin country to UNC2452 & HAFNIUM
...
addressed https://github.com/MISP/misp-galaxy/pull/660#issuecomment-884475015
2021-08-02 22:30:05 +05:30
Rony
636ccdedcd
Update threat-actor.json
2021-07-21 18:47:56 +05:30
Rony
9ecfecc063
another fix
2021-07-21 18:41:18 +05:30
Rony
32ea60d721
fix
2021-07-21 18:31:05 +05:30
Rony
52e7d5a0a9
multiple updates to apt40, apt31 & hafnium
2021-07-21 18:28:40 +05:30
Rony
fb9a41f8e9
from Gov Canada & MFA Japan
2021-07-19 20:33:35 +05:30
Rony
c90c60cb13
adding references for APT40 & APT31
2021-07-19 20:14:36 +05:30
6c8949caa9
Merge pull request #658 from jasperla/oilrig
...
merge APT34 with OilRig
2021-07-03 08:56:39 +02:00
Deborah Servili
b6005bd53f
Merge branch 'main' into master
2021-07-02 13:30:51 +02:00
Delta-Sierra
913aff30c3
Add NOBELIUM and related
2021-07-02 13:18:03 +02:00
Jasper Lievisse Adriaanse
792490298e
merge APT34 with OilRig
...
OilRig already has "APT 34" and "APT34" as synonyms. Additionally
MITRE has since combined them due to overlap in activity:
https://attack.mitre.org/groups/G0049/
2021-06-29 20:26:04 +02:00
Jürgen Löhel
254c201601
[cluster][tool] Adds Matanbuchus
...
+ threat actor: BelialDemon
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-06-21 18:04:28 -05:00
Thomas Dupuy
772c5145c1
Added BackdoorDiplomacy and Gelsemium.
2021-06-11 11:48:57 -04:00
Rony
9a723b6261
more ta544 references
2021-05-26 20:26:27 +05:30
Rony
db06e1fa4a
chg: [threat-actor] added cybercrime threat group profiles from Crowdstrike & Secureworks
2021-05-22 21:02:30 +05:30
Daniel Plohmann
433ea5cb45
Twisted Spider -> TWISTED SPIDER
...
fair point
2021-05-19 17:04:58 +02:00
Daniel Plohmann
9719122d27
adding Twisted Spider as alias for TA2101 (Maze)
2021-05-19 16:47:41 +02:00
a3cdbc1309
Merge pull request #650 from Still34/patches/alias-tick-1
...
Add alias for Tick
2021-05-07 23:23:38 +02:00
Still Hsu
eb671f1e6a
Add Nian alias
...
Signed-off-by: Still Hsu <dev@stillu.cc>
2021-05-08 00:52:27 +08:00
Still Hsu
fe7c0dab07
Add country origin for BlackTech
...
Signed-off-by: Still Hsu <dev@stillu.cc>
2021-05-08 00:32:39 +08:00
Daniel Plohmann
38b8bac51d
fixing broken/dead links
2021-05-04 20:15:17 +02:00
Rony
faed812fc9
Merged STALKER PANDA to Tick
2021-04-25 19:12:20 +05:30
Rony
89b9c0c32c
several updates to apt27
2021-04-25 16:53:36 +05:30
Daniel Plohmann
6eb594a6b0
adding Yanbian Gang as threat actor
2021-04-16 15:12:45 +02:00
Daniel Plohmann
2d8e9ea364
Symantec uses Palmerworm as alias for BlackTech
...
Adding Palmerworm as Symantec alias for BlackTech (with reference).
2021-03-31 22:35:12 +02:00
Thomas Dupuy
a8c62ddeda
Add Ghostwriter.
2021-03-31 09:42:40 -04:00
Rony
50f5d2ae4a
reverted changes made into 52ae97718d
2021-03-30 22:19:05 +05:30
sebdraven
ce8a9442eb
validation jsons
2021-03-30 13:12:21 +00:00
Sebdraven
52ae97718d
Update threat-actor.json
...
add a synonym to Haffnium
2021-03-30 15:11:09 +02:00
sebdraven
b082977b9f
validation ok
2021-03-30 10:22:35 +00:00
Sebdraven
4ed4cebcee
Update threat-actor.json
...
format json
2021-03-30 12:16:22 +02:00
Sebdraven
a62e3ba530
Update threat-actor.json
...
add redecho threat actor
2021-03-30 12:10:50 +02:00
Delta-Sierra
7c843ac5c2
fix merge & jq
2021-03-11 14:08:29 +01:00
Delta-Sierra
c37befc8a9
merge
2021-03-11 10:35:05 +01:00
Rony
57c7d0b9a0
From Nextron
2021-03-06 19:44:32 +05:30
Rony
6cabbfb091
more!
2021-03-06 14:22:29 +05:30
Rony
7b242555df
More references
...
From
Crowdstrike
MSRC
and kql hunting query from James Quinn
2021-03-06 13:28:14 +05:30
Rony
eaab88ef28
add HAFNIUM detection refs
2021-03-05 16:51:28 +05:30
Rony
4bc438a325
fix
2021-03-05 11:48:43 +05:30
Rony
d9b299aafc
add more HAFNIUM references
2021-03-05 11:42:04 +05:30
Rony
c9f7afef1c
Adding alias NOBELIUM
2021-03-04 22:39:33 +05:30
47dade9d0e
Merge pull request #631 from r0ny123/Enhancement
...
Add HAFNIUM
2021-03-04 14:48:01 +01:00
Rony
ad795606cf
added HAFNIUM
...
Updates:
Tonto Team
UNC2452
2021-03-04 00:10:33 +05:30
Sebdraven
2666341afc
Update threat-actor.json
...
update Sidewinder card
2021-03-03 17:59:25 +01:00
Thomas Dupuy
f842694fda
Update Infy TA.
2021-03-02 14:37:01 -05:00
Delta-Sierra
d273a5da7d
add TeamTNT ref
2021-02-25 09:52:24 +01:00
Rony
5c6f3a036b
removing DePrimon
...
DePrimon is not a TA, added malfamily (waiting for approval) to Malpedia to better reflect that.
2021-02-24 21:55:04 +05:30
Delta-Sierra
7c1ac58141
add TeamTNT
2021-02-22 16:38:18 +01:00
Delta-Sierra
96bf0d44ea
Merge https://github.com/MISP/misp-galaxy
2021-02-09 14:52:58 +01:00
Daniel Plohmann
d61e7d2fac
adding ClearSky alias for Volatile Cedar
...
adding ClearSky report as source and alias to the VolatileCedar entry. As proof from the report: "We attributed the operation to Lebanese Cedar (also known as Volatile Cedar), mainly based on the code overlaps between the 2015 variants of Explosive RAT and Caterpillar WebShell, to the 2020 variants of these malicious files."
2021-01-29 10:39:18 +01:00
StefanKelm
fb35646406
Update threat-actor.json
...
Lazarus
2021-01-26 14:38:37 +01:00
StefanKelm
a131a7ce98
Update threat-actor.json
...
Lazarus
2021-01-20 17:43:18 +01:00