Commit graph

761 commits

Author SHA1 Message Date
Rony
8ce0df6eb4
Update threat-actor.json
Merge aquatic panda & earth lusca
2022-07-25 17:15:23 +05:30
6b6398bf2d
fix: [threat-actor] incorrect merge fixed 2022-07-20 18:45:50 +02:00
b4ce9a9453
Merge branch 'main' of https://github.com/r0ny123/misp-galaxy into r0ny123-main 2022-07-20 18:41:27 +02:00
Rony
add6b27466 update 2022-07-20 21:39:33 +05:30
Rony
2b54df56f9 update 2022-07-20 21:32:11 +05:30
Rony
2e045d9c8c chg: [fix] resolve conflict 2022-07-20 21:28:15 +05:30
Daniel Plohmann
5825783a85
removed duplicate UUID for Kinsing
my apologies, looks like I had not rolled a new UUID for one of the entries added...
2022-07-20 17:07:05 +02:00
Rony
932fcf1871 added Red Nue 2022-07-20 15:07:35 +05:30
Rony
082039b3b0 added CN actors from secureworks threat profile
https://www.secureworks.com/research/threat-profiles?filter=item-china and fixed some AKAs
2022-07-20 14:52:58 +05:30
Daniel Plohmann
ed32c508b7
added more Unit 42 aliases / groups 2022-07-20 08:38:03 +02:00
Rony
000bfe92d9 add APT9/Red Pegasus & BRONZE EDGEWOOD/Red Hariasa 2022-07-20 10:04:58 +05:30
Rony
2e8a577b0c add PwC naming to CN actors 2022-07-20 09:45:21 +05:30
Rony
3fabd58416 chg: [threat-actor] fixed 2022-07-19 23:36:30 +05:30
Rony
79c84d3768 add Earth Berberoka, Earth Lusca and Earth Wendigo 2022-07-19 22:42:50 +05:30
Daniel Plohmann
082d506b64
adding new Unit 42 names
First PR: those are the directly mappable names. I will follow up after deconfliction and then with a few new entries.
2022-07-19 08:45:09 +02:00
Daniel Plohmann
240a757826
Update threat-actor.json
adding Predatory Sparrow due to recent events.
2022-07-13 10:02:07 +02:00
Thomas Dupuy
90da0d798f Set country to LB instead of IR based on operational activity. 2022-07-12 16:21:41 +00:00
Thomas Dupuy
1a8835bcae Remove list from POLONIUM TA. 2022-07-12 13:11:11 +00:00
Thomas Dupuy
a86d866534 Add POLONIUM TA. 2022-07-12 12:14:27 +00:00
Delta-Sierra
7e37fa0cdd merge + update medusalocker 2022-07-06 09:28:46 +02:00
Delta-Sierra
c2e7ef4fab Update Medusa Locker and others 2022-07-06 08:43:59 +02:00
Mathieu Beligon
693eed8d78 [threat actor] Break Cleaver aliases into respective entries 2022-07-04 14:05:29 +02:00
Mathieu Beligon
d63c990dad [threat-actors] Separate ITSecTeam from Cleaver 2022-06-30 14:34:05 +02:00
Mathieu Beligon
b8d4ffdbde Merge Cutting Kitten and Cleaver 2022-06-29 20:15:12 +02:00
Mathieu Beligon
d79c5bd1ab Add ToddyCat Threat actor 2022-06-21 15:12:42 +02:00
Rony
c030fcdab6
chg: [threat-actor] added PwC naming for Indian actors
https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf
2022-06-11 15:46:54 +05:30
Thanat0s
44a99d066a Y en a un peut plus je vous le mets quand meme ? 2022-06-11 04:24:04 -04:00
Thanat0s
57befd7259 jq all the things 2022-06-10 19:12:12 -04:00
Thanat0s
51f98f4706 Attck link + typo on TA551 2022-06-10 18:40:16 -04:00
Thanat0s
f97fee7135 Typo on TA551 2022-06-10 18:38:25 -04:00
Thanat0s
297acc0f5e Add Mitre vs Thales RosettaStone 2022-06-10 18:24:15 -04:00
Rony
e916267c7c
chg: [threat-actor] add reference to bitter & sidewinder group 2022-06-08 23:22:17 +05:30
Mathieu Beligon
dca70783bf [threat-actors] validate file 2022-05-23 11:32:24 +02:00
Mathieu Beligon
c1cfc19871 [threat actors] Remove dead link for sandworm threat actor 2022-05-23 11:30:04 +02:00
Mathieu Beligon
36a1466661 [threat-actors] Add RansomHouse 2022-05-23 11:29:39 +02:00
Rony
2721522e82
chg: [threat-actor] add exotic lily, ta578, ta579 2022-05-14 20:52:15 +05:30
fcdc6c86e6
chg: [threat-actor] add TG2003 synomym to Elephant Beetle 2022-05-09 14:24:28 +02:00
9130365e2e
chg: [threat-actor] Elephant Beetle added
Fix #708
2022-05-09 14:23:12 +02:00
bb434b11cf
chg: [threat-actor] ModifiedElephant added
Fix #709
2022-05-09 14:16:01 +02:00
06550a7945
chg: [threat-actor] fix refs field -> it's always an array 2022-05-09 13:46:16 +02:00
b67e3ed3f8
Merge branch 'threatactor-cosmiclynx-add' of https://github.com/adammchugh/MISP-Galaxy-Updates into adammchugh-threatactor-cosmiclynx-add 2022-05-09 13:43:44 +02:00
Rony
c0be6677c2
chg: [threat-actor] added actor Red Menshen
https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf
2022-05-07 15:44:10 +05:30
Rony
11eca69ebc
chg: [threat-actor] added Curious Gorge 2022-05-07 12:40:35 +05:30
Daniel Plohmann
26c1850377
Update threat-actor.json
adding Red Dev 4 as alias for GALLIUM as used by PwC.
2022-05-06 09:47:48 +02:00
Daniel Plohmann
06c293072c
Update threat-actor.json
adding UNC3524 to the actor galaxy cluster.
2022-05-04 13:21:56 +02:00
3c7
0ad65fbe9f
Forgot to jq all the things 2022-04-28 09:42:25 +02:00
3c7
dfb6c0668e
Added SaintBear 2022-04-28 09:36:25 +02:00
664f6d80cc
chg: [threat-actor] Killnet description added 2022-04-21 15:05:50 +02:00
1e383e2452
chg: [threat-actor] version updated 2022-04-21 14:53:14 +02:00
Mathieu Beligon
c8455a6c4d [actors] Add killnet 2022-04-21 14:06:28 +02:00
Adam McHugh
53a0fc56d3 Added Cosmic Lynx Threat Actor from Agari Whitepaper advisory 2022-04-18 10:16:26 +09:30
Adam McHugh
84eac4b102 Added Cosmic Lynx Threat Actor from Agari Whitepaper advisory 2022-04-17 19:50:08 +09:30
Adam McHugh
cff8a38c5f Added Copy-Paste Threat Actor from ACSC Advisory 2020-008 2022-04-17 19:37:26 +09:30
Thomas Dupuy
bd05eb0bba upd: [cluster] add Threat Actor BladeHawk. 2022-04-11 17:03:19 +00:00
Thomas Dupuy
209391f110 upd: [cluster] add ref and synonyms for Energetic Bear. 2022-04-07 18:26:58 +00:00
Rony
a08ddaf548
Add Avivore & HAZY TIGER/Bitter 2022-04-02 01:14:18 +05:30
Rony
50f39edc10
Revert "update threat actors meta" 2022-04-02 00:55:38 +05:30
Delta-Sierra
73f71c8b15 dup 2022-04-01 16:51:27 +02:00
Delta-Sierra
fb557fd3a2 dup 2022-04-01 16:47:50 +02:00
Delta-Sierra
909fc09992 duplicate 2022-04-01 16:44:47 +02:00
Delta-Sierra
7c3e8ac068 fix duplicate 2022-04-01 16:40:40 +02:00
Delta-Sierra
dcc396108c fix duplicate 2022-04-01 16:36:47 +02:00
Delta-Sierra
9257fb677b merge 2022-04-01 16:32:10 +02:00
Delta-Sierra
0f7803b091 update threat actors meta 2022-04-01 16:00:27 +02:00
Mathieu Beligon
c35fad3291 Add threat actor group Scarab 2022-03-28 12:11:34 +02:00
Daniel Plohmann
24a3f16ab4
adding threat actor group LAPSUS$ / DEV-0537. 2022-03-23 09:47:10 +01:00
Delta-Sierra
97690426bf update threat actors meta 2022-03-18 16:41:10 +01:00
7fd5715715
Merge pull request #691 from r0ny123/indian-adversaries
Update to Indian Adversaries
2022-03-15 12:28:16 +01:00
Rony
eebda5f955
chg: [threat-actor] merging viceroy tiger and donot team & adding SectorE02 as an alias of Donot team 2022-03-15 15:02:57 +05:30
Rony
ac72e7b639
fix 2022-03-15 14:00:46 +05:30
Rony
3b67e745e5
Update threat-actor.json 2022-03-15 13:57:00 +05:30
Delta-Sierra
957327383d fix array 2022-03-07 16:10:53 +01:00
Delta-Sierra
a7f3df8a9a merge 2022-03-07 16:04:38 +01:00
Delta-Sierra
8fd3c87b47 update threat actors meta 2022-03-07 15:54:29 +01:00
8e09c9b30c
Merge pull request #685 from danielplohmann/patch-14
adding threat actor "Moses Staff"
2022-03-02 21:43:00 +01:00
Daniel Plohmann
896a451461
fixed with linted JSON. 2022-03-02 21:22:28 +01:00
Daniel Plohmann
a817324cd4
adding threat actor "Moses Staff" 2022-03-02 15:50:39 +01:00
Mathieu Beligon
0b456b8afa version bump -> 213 2022-03-02 14:55:26 +01:00
Mathieu Beligon
d3d241ca54 Update Gamaredon target 2022-03-02 14:55:19 +01:00
Mathieu Beligon
27c05a118e Update GhostWriter 2022-03-02 13:16:20 +01:00
Delta-Sierra
c909a35d65 Merge https://github.com/MISP/misp-galaxy into main 2022-02-18 10:57:10 +01:00
Delta-Sierra
a788c867a7 jq 2022-02-18 10:56:07 +01:00
Delta-Sierra
b0cd884afc add TA2541 2022-02-18 10:54:25 +01:00
Daniel Plohmann
321e4b4a57
another Gamaredon ref and version bump 2022-02-18 08:26:01 +01:00
Daniel Plohmann
254dd47a61
adding ACTINIUM as MSFT name for Gamaredon 2022-02-18 08:24:35 +01:00
Delta-Sierra
9b76d71c43 Merge https://github.com/MISP/misp-galaxy into main 2022-02-14 08:47:21 +01:00
Delta-Sierra
3184819968 add DDG botnet and more 2022-02-11 16:13:36 +01:00
rwe
4700780d47 added antlion APT group 2022-02-05 04:52:33 -08:00
Daniel Plohmann
833a6e0a8d
updated URLs for Gamaredon with Shuckworm alias reference 2022-02-02 09:40:10 +01:00
Daniel Plohmann
8f928d8eb3
adding Gamaredon alias Shuckworm used by Symantec 2022-02-02 09:35:53 +01:00
Delta-Sierra
e523bdaf70 merge 2022-01-14 16:08:14 +01:00
Thomas Dupuy
c792bdd1b7 Add AQUATIC PANDA threat actor. 2022-01-12 13:51:11 -05:00
Sami Tainio
dcb87b0dc6 chg: [threat-actor] Add SideCopy 2022-01-07 17:45:41 +02:00
Daniel Plohmann
3094283252
adding Mandiant's FIN13. 2022-01-03 09:32:43 +01:00
Delta-Sierra
bb92427b65 add Lyceum synonyms/sources 2021-11-29 12:05:51 +01:00
Jeroen Pinoy
9ec76ae185
Add threat actor common raven 2021-10-03 23:30:20 +02:00
Thomas Dupuy
89a3f986ba Add InkySquid synonym. 2021-08-24 16:29:34 +02:00
Daniel Plohmann
3272960a14
fixed typo in actor name (CLOCKWORD -> CLOCKWORK SPIDER) 2021-08-19 06:02:40 +02:00
Rony
5dd0c7d8b3
chg: [threat-actor] add origin country to UNC2452 & HAFNIUM
addressed https://github.com/MISP/misp-galaxy/pull/660#issuecomment-884475015
2021-08-02 22:30:05 +05:30
Rony
636ccdedcd
Update threat-actor.json 2021-07-21 18:47:56 +05:30
Rony
9ecfecc063
another fix 2021-07-21 18:41:18 +05:30
Rony
32ea60d721
fix 2021-07-21 18:31:05 +05:30
Rony
52e7d5a0a9
multiple updates to apt40, apt31 & hafnium 2021-07-21 18:28:40 +05:30
Rony
fb9a41f8e9
from Gov Canada & MFA Japan 2021-07-19 20:33:35 +05:30
Rony
c90c60cb13
adding references for APT40 & APT31 2021-07-19 20:14:36 +05:30
6c8949caa9
Merge pull request #658 from jasperla/oilrig
merge APT34 with OilRig
2021-07-03 08:56:39 +02:00
Deborah Servili
b6005bd53f
Merge branch 'main' into master 2021-07-02 13:30:51 +02:00
Delta-Sierra
913aff30c3 Add NOBELIUM and related 2021-07-02 13:18:03 +02:00
Jasper Lievisse Adriaanse
792490298e merge APT34 with OilRig
OilRig already has "APT 34" and "APT34" as synonyms. Additionally
MITRE has since combined them due to overlap in activity:
https://attack.mitre.org/groups/G0049/
2021-06-29 20:26:04 +02:00
Jürgen Löhel
254c201601
[cluster][tool] Adds Matanbuchus
+ threat actor: BelialDemon

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-06-21 18:04:28 -05:00
Thomas Dupuy
772c5145c1 Added BackdoorDiplomacy and Gelsemium. 2021-06-11 11:48:57 -04:00
Rony
9a723b6261
more ta544 references 2021-05-26 20:26:27 +05:30
Rony
db06e1fa4a
chg: [threat-actor] added cybercrime threat group profiles from Crowdstrike & Secureworks 2021-05-22 21:02:30 +05:30
Daniel Plohmann
433ea5cb45
Twisted Spider -> TWISTED SPIDER
fair point
2021-05-19 17:04:58 +02:00
Daniel Plohmann
9719122d27
adding Twisted Spider as alias for TA2101 (Maze) 2021-05-19 16:47:41 +02:00
a3cdbc1309
Merge pull request #650 from Still34/patches/alias-tick-1
Add alias for Tick
2021-05-07 23:23:38 +02:00
Still Hsu
eb671f1e6a
Add Nian alias
Signed-off-by: Still Hsu <dev@stillu.cc>
2021-05-08 00:52:27 +08:00
Still Hsu
fe7c0dab07
Add country origin for BlackTech
Signed-off-by: Still Hsu <dev@stillu.cc>
2021-05-08 00:32:39 +08:00
Daniel Plohmann
38b8bac51d
fixing broken/dead links 2021-05-04 20:15:17 +02:00
Rony
faed812fc9 Merged STALKER PANDA to Tick 2021-04-25 19:12:20 +05:30
Rony
89b9c0c32c several updates to apt27 2021-04-25 16:53:36 +05:30
Daniel Plohmann
6eb594a6b0
adding Yanbian Gang as threat actor 2021-04-16 15:12:45 +02:00
Daniel Plohmann
2d8e9ea364
Symantec uses Palmerworm as alias for BlackTech
Adding Palmerworm as Symantec alias for BlackTech (with reference).
2021-03-31 22:35:12 +02:00
Thomas Dupuy
a8c62ddeda Add Ghostwriter. 2021-03-31 09:42:40 -04:00
Rony
50f5d2ae4a
reverted changes made into 52ae97718d 2021-03-30 22:19:05 +05:30
sebdraven
ce8a9442eb validation jsons 2021-03-30 13:12:21 +00:00
Sebdraven
52ae97718d Update threat-actor.json
add a synonym to Haffnium
2021-03-30 15:11:09 +02:00
sebdraven
b082977b9f validation ok 2021-03-30 10:22:35 +00:00
Sebdraven
4ed4cebcee Update threat-actor.json
format json
2021-03-30 12:16:22 +02:00
Sebdraven
a62e3ba530 Update threat-actor.json
add redecho threat actor
2021-03-30 12:10:50 +02:00
Delta-Sierra
7c843ac5c2 fix merge & jq 2021-03-11 14:08:29 +01:00
Delta-Sierra
c37befc8a9 merge 2021-03-11 10:35:05 +01:00
Rony
57c7d0b9a0
From Nextron 2021-03-06 19:44:32 +05:30
Rony
6cabbfb091
more! 2021-03-06 14:22:29 +05:30
Rony
7b242555df
More references
From 
Crowdstrike
MSRC
and kql hunting query from James Quinn
2021-03-06 13:28:14 +05:30
Rony
eaab88ef28
add HAFNIUM detection refs 2021-03-05 16:51:28 +05:30
Rony
4bc438a325
fix 2021-03-05 11:48:43 +05:30
Rony
d9b299aafc
add more HAFNIUM references 2021-03-05 11:42:04 +05:30
Rony
c9f7afef1c
Adding alias NOBELIUM 2021-03-04 22:39:33 +05:30
47dade9d0e
Merge pull request #631 from r0ny123/Enhancement
Add HAFNIUM
2021-03-04 14:48:01 +01:00
Rony
ad795606cf
added HAFNIUM
Updates:
Tonto Team
UNC2452
2021-03-04 00:10:33 +05:30
Sebdraven
2666341afc Update threat-actor.json
update Sidewinder card
2021-03-03 17:59:25 +01:00
Thomas Dupuy
f842694fda Update Infy TA. 2021-03-02 14:37:01 -05:00
Delta-Sierra
d273a5da7d add TeamTNT ref 2021-02-25 09:52:24 +01:00
Rony
5c6f3a036b
removing DePrimon
DePrimon is not a TA, added malfamily (waiting for approval) to Malpedia to better reflect that.
2021-02-24 21:55:04 +05:30
Delta-Sierra
7c1ac58141 add TeamTNT 2021-02-22 16:38:18 +01:00
Delta-Sierra
96bf0d44ea Merge https://github.com/MISP/misp-galaxy 2021-02-09 14:52:58 +01:00
Daniel Plohmann
d61e7d2fac
adding ClearSky alias for Volatile Cedar
adding ClearSky report as source and alias to the VolatileCedar entry. As proof from the report: "We attributed the operation to Lebanese Cedar (also known as Volatile Cedar), mainly based on the code overlaps between the 2015 variants of Explosive RAT and Caterpillar WebShell, to the 2020 variants of these malicious  files."
2021-01-29 10:39:18 +01:00
StefanKelm
fb35646406
Update threat-actor.json
Lazarus
2021-01-26 14:38:37 +01:00
StefanKelm
a131a7ce98
Update threat-actor.json
Lazarus
2021-01-20 17:43:18 +01:00