Commit graph

1134 commits

Author SHA1 Message Date
9f56a91013
Merge pull request #492 from Delta-Sierra/master
Operation Soft Cell ralated Updates
2019-12-13 13:35:52 +01:00
Deborah Servili
03c54a3e05
add GALLIUM as microsoft activities group and similar to Operation Soft Cell 2019-12-13 11:47:31 +01:00
Deborah Servili
3be47af325
update threat actor version 2019-12-13 11:04:51 +01:00
Deborah Servili
9b153913be
add relation suspected link between operation soft cell and apt10 2019-12-13 10:59:06 +01:00
Sebastian Wagner
c3b5b39dd3
sofacy: add apt_sofacy as synonym 2019-12-12 15:57:13 +01:00
Deborah Servili
170f964e8c
##COMMA## 2019-12-11 14:22:09 +01:00
Deborah Servili
7e18f2e509
Merge branch 'master' into master 2019-12-11 13:51:52 +01:00
Deborah Servili
391b5a674d
add Axiom synonym 2019-12-11 13:50:35 +01:00
8da36c09e1
chg: [threat-actor] jq 2019-12-08 09:03:14 +01:00
Daniel Plohmann
94b3c1ec07
added APT-C-34 / Golden Falcon 2019-12-07 12:44:30 +01:00
Deborah Servili
31f3a61d5f
add Sofacy ref 2019-12-05 15:42:42 +01:00
Daniel Plohmann
bd3cc6d8ee
added TA2101 2019-12-03 18:13:44 +01:00
8cc5e02f22
chg: [clean-up] jq all the things 2019-11-21 17:19:39 +01:00
Deborah Servili
38641aae36
merge 2019-11-21 16:24:11 +01:00
Deborah Servili
f21dd95b28
merge 2019-11-21 16:23:29 +01:00
Deborah Servili
1a0dd2292b
add silence synonym & new meta field spoken-language 2019-11-21 11:50:02 +01:00
StefanKelm
aa132ca58f
new refs for APT33 2019-11-14 14:57:05 +01:00
eea0f528fa
chg: [threat-actor] Lucky Mouse synonym added
Ref: https://www.bleepingcomputer.com/news/security/cyber-espionage-group-customizes-old-public-tools/
Ref: https://www.cybersecurity-insiders.com/apt-lucky-mouse-group-targets-canada-icao-via-cyber-attack/
2019-11-12 12:51:44 +01:00
Raphaël Vinot
1486890f86 fix: JQ all the things. 2019-11-12 10:25:00 +01:00
871d90cfc2
chg: [threat-actor] Calypso group added
Ref: https://www.ptsecurity.com/upload/corporate/ru-ru/analytics/calypso-apt-2019-rus.pdf
MISP UUID: 5ca4718b-7f38-4822-83b7-0a1a0a00b412
2019-11-11 13:34:54 +01:00
d9a64c18ff
chg: [threat-actor] threat-actor-classification updated 2019-11-04 09:37:52 +01:00
6f463325b9
chg: [threat-actor] jq is jq 2019-11-03 16:01:09 +01:00
64a3569803
Merge branch 'master' of github.com:MISP/misp-galaxy 2019-11-03 08:52:37 +01:00
8d01e77574
chg: [threat-actor] Operation WizardOpium added
ref: https://securelist.com/chrome-0-day-exploit-cve-2019-13720-used-in-operation-wizardopium/94866/
2019-11-03 08:51:37 +01:00
346e54a321
Merge pull request #468 from Delta-Sierra/master
add Turla Group Symonym variant
2019-11-02 13:40:21 +01:00
Deborah Servili
1da2dc8af1
add Turla Group Symonym variant 2019-10-31 16:33:32 +01:00
Deborah Servili
efa2f43c0f
Merge pull request #467 from Delta-Sierra/master
Few updates
2019-10-31 14:31:16 +01:00
Deborah Servili
bee9b80898
jq 2019-10-31 10:37:36 +01:00
Deborah Servili
0a8f989e1c
add Winnti related tools etc. 2019-10-31 10:36:15 +01:00
Rony
1fc0f5e2e7
Update threat-actor.json 2019-10-17 09:46:56 +05:30
Deborah Servili
88025a541f
add operation soft cell 2019-10-14 16:07:35 +02:00
Deborah Servili
a4b59f647c
jq 2019-09-25 13:41:55 +02:00
309109eb27
chg: [threat-actor] new LookBack (Malware?Campaign?TA?)
Signed-off: During MISP training
2019-09-25 12:12:34 +02:00
a5ae130916
chg: [threat-actor] Evil Eye and POISON CARP
Ref: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/
Signed-off: Jean-Louis during training session
2019-09-25 11:27:03 +02:00
Deborah Servili
638cdd4198
version update 2019-09-20 14:54:56 +02:00
Deborah Servili
b9b4b9c651
Add Tortoiseshell thrat actor 2019-09-20 14:53:25 +02:00
StefanKelm
db2b5a13ef
Update threat-actor.json
Silent Librarian
2019-09-12 11:57:03 +02:00
Deborah Servili
718ea55dd7
Merge branch 'master' into master 2019-09-04 14:42:47 +02:00
Deborah Servili
9e3a998dfc
aff SectorJ04 group 2019-09-03 15:51:21 +02:00
Daniel Plohmann
f40b7dd132
'SectorJ04 Group' as alias introduced by NSHC for TA505
Not explicitly mentioned in the blog post but it looks like we just got an alias for TA505... https://threatrecon.nshc.net/2019/08/29/sectorj04-groups-increased-activity-in-2019/
2019-09-01 15:46:36 +02:00
0966e58da6
Merge branch 'master' of github.com:MISP/misp-galaxy 2019-08-30 11:06:29 +02:00
f5056ff02e
chg: [threat-actor] add machete-apt synonyms as reported in #445 2019-08-30 11:03:30 +02:00
StefanKelm
49f8f60a85
Update threat-actor.json
Add ITG08 as synonym for FIN6
2019-08-29 13:13:00 +02:00
8d78a2a108
chg: [threat-actor] jq all 2019-08-29 08:31:10 +02:00
791c88f2eb
Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master 2019-08-29 08:30:41 +02:00
Deborah Servili
395dd93e0f
add Asruex Backdoor 2019-08-28 15:40:03 +02:00
9926ea8826
chg: [threat-actor] LYCEUM added - 443 #fixed 2019-08-28 14:35:12 +02:00
Deborah Servili
ea68336b96
add ref for Gamaredon 2019-08-27 08:28:58 +02:00
Sebastian Wagner
38aebbf42a
remove empty strings 2019-08-19 17:04:07 +02:00
3841447e16
Merge pull request #434 from r0ny123/patch-1
added microsoft naming for the groups
2019-08-10 18:52:26 +02:00
Thomas Dupuy
df5c9057a1 add synonyme for Turla 2019-08-09 17:34:22 -04:00
Rony
feac39db6b
added microsoft naming for the groups 2019-08-09 22:19:09 +05:30
Thomas Dupuy
320e298549 update victims 2019-08-09 10:45:10 -04:00
Thomas Dupuy
1988662ee5 add APT41 2019-08-09 10:24:06 -04:00
Nils Kuhnert
17925f3e10
Remove local file link :) 2019-08-03 18:55:00 +02:00
7913adad61
chg: [threat-actor] rollback as discussed by chat with Andras until version 2.0 2019-08-02 16:08:40 +02:00
Andras Iklody
984be50396
lowercased value field for DarkHotel 2019-08-02 15:40:31 +02:00
a401ff7405
Merge branch 'master' into patch-13 2019-08-01 08:52:27 +02:00
Daniel Plohmann
0367e16ce0
adding secureworks actor names for energetic bear and teamspy 2019-07-31 14:35:09 +02:00
Daniel Plohmann
a4a72d0698
adding Proofpoint's TA428 2019-07-31 14:08:50 +02:00
Deborah Servili
2861d2d78c
jq 2019-07-16 10:13:10 +02:00
Deborah Servili
ea4d8a2d42
add SWEED threat actor 2019-07-16 10:03:07 +02:00
9517c8b878
chg: [threat-actor] version updated 2019-06-20 17:58:35 +02:00
8c90f7231c
chg: [threat-actor] duplicated refs removed 2019-06-20 17:35:35 +02:00
5e9d075ae5
chg: [threat-actor] synonyms fixed 2019-06-20 17:30:01 +02:00
195406cc6b
chg: [threat-actor] jq everything 2019-06-20 17:27:55 +02:00
d018519700
Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy 2019-06-20 17:23:04 +02:00
Deborah Servili
30f042211b
fix duplicate 2019-06-20 16:35:49 +02:00
Deborah Servili
a984786c8b
update threat actor galaxy 2019-06-20 16:25:23 +02:00
Rony
7afb9083b2
Update threat-actor.json 2019-06-19 23:29:35 +05:30
Deborah Servili
4bd37e2b2d
update threat actor galaxy 2019-06-19 16:38:04 +02:00
Deborah Servili
52e51833de
update threat actor galaxy 2019-06-18 16:05:49 +02:00
Deborah Servili
431e7a36c1
update threat actor galaxy 2019-06-17 16:36:42 +02:00
Deborah Servili
b966369933
##COMMA## 2019-06-14 16:35:55 +02:00
Deborah Servili
1e5292d999
fix duplicate 2019-06-14 16:21:33 +02:00
Deborah Servili
ead217eb28
Update version 2019-06-14 16:11:02 +02:00
Deborah Servili
98f0572d51
update threat actor galaxy 2019-06-14 16:06:09 +02:00
Deborah Servili
b040f9f57b
fix duplicate and links update (APT34) 2019-06-14 08:41:38 +02:00
Deborah Servili
2001652dae
fix duplicate 2019-06-14 08:28:44 +02:00
Deborah Servili
20e77afcc3
update threat actor galaxy 2019-06-13 16:19:21 +02:00
Deborah Servili
11c2f43c9f
tryto fix duplicate 2019-06-13 11:26:42 +02:00
Deborah Servili
e4245ee991
update threat actor galaxy 2019-06-12 16:25:24 +02:00
Deborah Servili
5a3d7e816f
fix duplicate 2019-06-12 09:24:05 +02:00
Deborah Servili
1ba7f19ca2
update threat actor galaxy 2019-06-11 16:14:58 +02:00
Deborah Servili
347ed5d529
jq 2019-06-11 15:57:21 +02:00
Deborah Servili
79f11de6db
update threat actor galaxy 2019-06-11 15:54:39 +02:00
Deborah Servili
d6b458520b
update threat actor galaxy 2019-06-11 11:57:04 +02:00
Deborah Servili
1f2e59addb
update Threat actor galaxy 2019-06-07 16:34:43 +02:00
Deborah Servili
185763a63a
update threat actor 2019-06-06 16:34:09 +02:00
Deborah Servili
b809b9cfbb
update threat actor darkhotel (nemim might be a typo) 2019-06-06 11:58:19 +02:00
Deborah Servili
189c3066a5
update threat actor 2019-06-04 16:32:39 +02:00
Deborah Servili
a6c9d335ee
fix multiple refs 2019-06-04 08:52:34 +02:00
Deborah Servili
b47863f1c1
update threat actors 2019-05-29 16:18:50 +02:00
Deborah Servili
f48167ce77
update threat actors 2019-05-29 15:34:20 +02:00
Deborah Servili
f4cf3464ce
update threat actors and tools 2019-05-28 16:05:54 +02:00
Deborah Servili
940762e0c5
update threat actor 2019-05-28 09:22:26 +02:00
Deborah Servili
0bb1420ab7
update threat-actor galaxy 2019-05-27 16:38:01 +02:00
Deborah Servili
af6241fd20
update Anchor Panda Threat Actor 2019-05-27 11:47:05 +02:00
Daniel Plohmann
1cc0137c38
adding TA542 to MUMMY SPIDER (emotet) 2019-05-17 17:36:57 +02:00
Rony
380006ecbb
merging Pacifier & Turla 2019-05-16 23:57:49 +05:30
Daniel Plohmann
a20f7fbe91
adding APT31/ZIRCONIUM 2019-05-15 22:43:33 +02:00
Rony
7c0ea4949a
Update threat-actor.json 2019-05-12 11:11:09 +05:30
Raphaël Vinot
988586fde0 fix: Duplicate values, typos. 2019-05-06 17:17:16 +02:00
StefanKelm
7e329855b2
Update threat-actor.json
Silent Librarian / COBALT DICKENS
2019-05-02 15:34:19 +02:00
37da9bebdf
chg: [threat-actor] FIN4 updates 2019-05-01 17:41:03 +02:00
Rony
0afaf81438
Update threat-actor.json 2019-05-01 15:54:38 +05:30
Rony
c565f61761
Update threat-actor.json 2019-05-01 15:51:56 +05:30
Rony
3b185d8435
Update threat-actor.json 2019-05-01 15:40:10 +05:30
Rony
ed351b4eae
updated FIN4 2019-05-01 15:24:59 +05:30
Rony
292df2360a
more report on APT36 2019-04-22 11:05:21 +05:30
Deborah Servili
8ac7aec85c
add Sea Turtle campaign 2019-04-19 13:21:11 +02:00
Christophe Vandeplas
ecc63cf166 chg; [threat-actor] validate + version bump 2019-04-17 21:01:55 +02:00
Christophe Vandeplas
d5fd896bb0
Merge pull request #385 from bartblaze/master
Add Whitefly
2019-04-17 20:53:15 +02:00
Bart
e1cab68683
Add Whitefly 2019-04-17 12:27:18 +01:00
Rony
d98aefa186
fixed the broken link 2019-04-17 09:17:23 +05:30
Bart
3256cca9e0
Add DoNot team references 2019-04-12 21:12:16 +01:00
d7b4908aa3
Merge branch 'patch-8' of https://github.com/danielplohmann/misp-galaxy into danielplohmann-patch-8 2019-04-12 05:58:47 +02:00
Daniel Plohmann
159225b6cf
Based on additional research, APT36 can actually be merged into Mythic Leopard 2019-04-11 22:29:49 +02:00
Rony
7987c8f023
Update threat-actor.json 2019-04-12 01:56:12 +05:30
Rony
2fc914b2f9
Update threat-actor.json 2019-04-12 01:06:50 +05:30
Rony
60e4a486a7
adding additional resources for APT36 2019-04-11 23:55:51 +05:30
Daniel Plohmann
df5301eab5
adding FireEye's TMP.Lapis / APT36 2019-04-09 08:38:44 +02:00
ac6276a906
Merge pull request #371 from Delta-Sierra/master
Add Operation ShadowHammer
2019-03-26 22:25:22 +01:00
Deborah Servili
6027d546f2
Add Operation ShadowHammer 2019-03-26 10:40:29 +01:00
52f088efc9
Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master 2019-03-21 20:51:59 +01:00
Daniel Plohmann
e0bb3d76a6
added APT-C-27 / GoldMouse 2019-03-21 18:06:03 +01:00
Deborah Servili
d0383b460f
jq 2019-03-21 09:15:16 +01:00
Deborah Servili
0fd04fa619
Merge branch 'master' into master 2019-03-21 08:42:30 +01:00
Deborah Servili
f86c748b8c
add AOT-C-27 Goldmouse 2019-03-20 15:45:20 +01:00
b2538a1f8a
chg: [threat-actor] change attribution confidence to be a string by default 2019-03-19 16:51:41 +01:00
4f454493b7
chg: [threat-actor] BRONZE UNION is also uppercase 2019-03-19 14:47:03 +01:00
9a6b597387
chg: [threat-actor] updated the version to avoid the past issue with 0 value for integer values 2019-03-19 14:44:49 +01:00
Deborah Servili
5ce8aae89e
add Operation Comando - hit version 100 2019-03-15 15:04:29 +01:00
5db30ba974
chg: [threat-actor] SandCat added 2019-03-14 06:18:10 +01:00
Deborah Servili
ecf76178e7
add attribution-confidence attribute to threat-actor 2019-03-11 11:18:12 +01:00
Deborah Servili
a65688ec02 Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy 2019-03-11 08:51:47 +01:00
Deborah Servili
33dbda1e1e Merge branch 'master' of https://github.com/MISP/misp-galaxy 2019-03-11 08:51:16 +01:00
Deborah Servili
59ee8a9f13
Merge branch 'master' into master 2019-03-11 08:40:38 +01:00
Deborah Servili
ddab5f7006
Merge branch 'master' into master 2019-03-11 08:40:11 +01:00
139e6c32ed
chg: [threat-actor] new attribution-confidence level introduced 2019-03-11 08:37:49 +01:00
eb665e2883
chg: [threat-actor] jq all the things 2019-03-10 11:15:13 +01:00
6fb1303570
chg: [threat-actor] IRIDIUM added
Ref: https://resecurity.com/blog/parliament_races/
2019-03-10 10:47:34 +01:00
Daniel Plohmann
1d8ada33a0
Update threat-actor.json
another actor described by 360TIC.
2019-03-07 17:50:46 +01:00
Daniel Plohmann
cfb807861a
FireEye upgraded TEMP.Periscope to APT40 2019-03-07 14:34:14 +01:00
Deborah Servili
eb0a33eab6
add operation Kabar Cobra 2019-03-06 15:52:49 +01:00
Deborah Servili
6ffb8dd437
add relation between Lazarus Group and Operation SharpShooter 2019-03-04 12:03:05 +01:00
Deborah Servili
bd3fce00e1
add Razdel 2019-02-25 16:35:06 +01:00
f2159bfaa3
chg: [threat-actor] format fixed 2019-02-22 22:50:42 +01:00
d5df0d1064
chg: [threat-actor] uuid fixed 2019-02-22 22:45:28 +01:00
38283f0f86
chg: [threat-actor] STOLEN PENCIL added 2019-02-22 22:41:06 +01:00
243a6280e0
Merge pull request #350 from bartblaze/master
Add more info on Lotus Blossom
2019-02-21 23:39:33 +01:00
Bart
06553bbec2
Add more info on Lotus Blossom
Add 2 more references, fix typo - Trend calls it "Esile", not "Eslie" as mistakenly stated by CFR. The backdoor itself is commonly referred to as Elise.
2019-02-21 22:31:14 +00:00
ed132cb1b8
chg: [threat-actor] version fixed 2019-02-21 07:18:16 +01:00
Daniel Plohmann
0cd79994cc
Two more actor names from GTR2019
I found two more actor names while going again over the crowdstrike's report and updating the cross-references to malpedia.
2019-02-19 22:38:11 +01:00
Daniel Plohmann
85ec27b4c4
Added missing actors from CrowdStrike GTR2019 2019-02-19 18:26:01 +01:00
Itay Cohen
7d9dc1ec9d
Fix 404'd reference of BuhTrap 2019-02-17 11:33:11 +02:00
Deborah Servili
5bf18ffd23
Merge branch 'master' into master 2019-02-14 16:29:04 +01:00
Deborah Servili
9c450a80d4
add Gallmaker and other clusters 2019-02-14 16:04:54 +01:00
Deborah Servili
2794a20589
add OSX/Shlayer and some refs 2019-02-14 12:42:28 +01:00
Deborah Servili
8aeed60a24
Add Siesta campaign 2019-02-11 16:30:46 +01:00
João Neto
662cc5a012
Updated "Iran" name
This extra space leads to an unnecessary key error when parsing the json file
2019-02-08 16:50:22 +01:00
Nils Kuhnert
fc16f4f69c
Added Velvet Chollima as synonym to Kimsuki 2019-02-08 08:50:05 +01:00
Christophe Vandeplas
e5f74c8fdc
Merge pull request #336 from 3c7/synonym/static-kitten
Added static kitten as synonym for MuddyWater
2019-02-07 08:54:49 +01:00
2bbb8a6a43
Merge pull request #334 from 3c7/synonym/cobalt-spider
Added Cobalt Spider as Synonym for Cobalt
2019-02-07 08:53:19 +01:00
Nils Kuhnert
9778bea81e
Added Cobalt Spider reference 2019-02-07 08:41:00 +01:00
Nils Kuhnert
523a52c4db
Added static kitten as synonym for MuddyWater 2019-02-07 08:38:52 +01:00
Nils Kuhnert
0049acd81c
Added Turbine Panda as synonym for APT 26 2019-02-07 08:28:48 +01:00
Nils Kuhnert
5a077cf838
Added Cobalt Spider as Synonym for Cobalt 2019-02-07 08:26:10 +01:00
Nils Kuhnert
a171d5aa9d
Added Ocean Buffalo synonym for Ocean Lotus 2019-02-03 21:36:21 +01:00
b9f1317941
Merge pull request #332 from Delta-Sierra/master
Add APT39 & LockerGoga
2019-02-01 18:36:12 +01:00
Nils Kuhnert
0b04046d91
Added Quilted Tiger as Synonym for Patchwork/Dropping Elephant. 2019-02-01 13:17:43 +01:00
Deborah Servili
233b7f3aff
add APT39 2019-01-31 18:48:19 +01:00
Nils Kuhnert
d45a32e9e2
Added Shadow Crane as synonym for Dark Hotel. 2019-01-30 08:22:46 +01:00
Nils Kuhnert
42ecbd801c
Added "Stardust Chollima" as synonym for Lazarus. 2019-01-29 08:36:12 +01:00
898bdaf7f8
Merge pull request #328 from Delta-Sierra/master
add Silence Group
2019-01-25 16:43:08 +01:00
Deborah Servili
c11a31b12a
add Silence Group 2019-01-25 16:19:51 +01:00
Thomas Dupuy
d38fb407ec add alternative name for DarkHydrus 2019-01-21 23:14:34 -05:00
Deborah Servili
3bdbd6646b
add Cold River Threat actor 2019-01-17 09:44:09 +01:00
Deborah Servili
5d61a75886
fix versions 2019-01-14 16:34:28 +01:00
Deborah Servili
61093f6f07
add several ransomware and threat actors 2019-01-14 16:28:15 +01:00
Deborah Servili
90d2bf7bc1
add drakhydrus ref 2019-01-11 10:17:07 +01:00
Deborah Servili
cddfd5fcd1
TA505 threat actorand affiliates malwares 2019-01-11 09:53:08 +01:00
Nils Kuhnert
1e4ebdd560
Added OilRig synonym "Helix Kitten". 2018-12-27 09:10:21 +01:00
Daniel Plohmann
cc22da1200 Microsoft alias for apt29 is YTTRIUM 2018-12-19 11:28:44 +01:00
Daniel Plohmann
c9e15b0c08 new name SNAKEMACKEREL for APT28 by Accenture 2018-12-19 10:46:58 +01:00
Deborah Servili
cb4345adf9
add operation sharpshooter 2018-12-13 13:47:54 +01:00
Deborah Servili
70d68a312c
add some clusters or info 2018-12-12 15:26:54 +01:00
Deborah Servili
169d69871a
add Goden Chickens and affiliates 2018-12-12 13:52:55 +01:00
Deborah Servili
bf77e1125a
add Operation Poison Needles 2018-12-07 16:32:09 +01:00
Deborah Servili
79828d7411
add clusters 2018-12-07 13:25:56 +01:00
Deborah Servili
5a725e71ef
add several clusters 2018-12-06 16:13:51 +01:00
Deborah Servili
be9b4ff40f
add DNSpionage cluster 2018-11-29 16:38:06 +01:00
Deborah Servili
b50c8bd805
add PNG Dropper 2018-11-23 10:38:36 +01:00
Deborah Servili
2bf5d46cc4 Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy 2018-11-22 08:59:53 +01:00
Deborah Servili
2f5031b845
add several references for Emotet and others 2018-11-22 08:37:45 +01:00
Deborah Servili
de38e7249c
Merge branch 'master' into master 2018-11-19 15:23:45 +01:00
Deborah Servili
ce61b2d2dd
update oilrig related clusters + others 2018-11-19 14:56:13 +01:00
c9fd60d14b
chg: [threat-actor] INDRIK SPIDER added 2018-11-14 20:46:06 +01:00
Deborah Servili
ca33f1c2ce Merge branch 'master' of https://github.com/MISP/misp-galaxy 2018-11-13 15:25:34 +01:00
Deborah Servili
f55277b682
add several rqansomware and HookAds campaign 2018-11-13 12:20:37 +01:00
a4c916c916
Merge branch 'master' of github.com:MISP/misp-galaxy 2018-11-13 07:01:56 +01:00
Benoit Sevens
8f8c69134e
Update threat-actor.json
Add LuckyMouse link
2018-11-12 13:12:14 +01:00
Deborah Servili
14444e4321
add several tools and refs 2018-11-08 10:39:32 +01:00
Daniel Plohmann
1f6b606f75
added APT38 as (FireEye) alias for Lazarus
cross-references in https://content.fireeye.com/apt/rpt-apt38 suggest the link to Lazarus.
2018-11-07 17:19:50 +01:00
2465235817
Merge pull request #293 from Delta-Sierra/master
add Operation EvilTraffic
2018-10-30 21:02:59 +01:00
Deborah Servili
e6b1eec329
add Chalubo botnet (+ jqallthethings) 2018-10-30 14:39:13 +01:00
Deborah Servili
41942d0daf
add Operation EvilTraffic 2018-10-30 13:28:46 +01:00
Deborah Servili
74ff4b957a
add Operation EvilTraffic 2018-10-30 13:28:27 +01:00
Nils Kuhnert
bc0bf1ca9f
Corrected DarkHotel threat actor entry 2018-10-29 09:03:30 +01:00
Deborah Servili
af6020077e
add August Stealer 2018-10-23 15:25:37 +02:00
Deborah Servili
bd68ee280e Merge branch 'master' of https://github.com/MISP/misp-galaxy 2018-10-22 11:09:37 +02:00
Deborah Servili
4564c5eb37
add DarkPulsar and affiliates + update some refs 2018-10-22 10:14:30 +02:00
Christophe Vandeplas
9dddc4427c jq 2018-10-19 10:23:09 +02:00
Christophe Vandeplas
ddccac58c8 chg: categorization of galaxies
This allows relationships to be created.
2018-10-19 10:18:14 +02:00
Christophe Vandeplas
2b24efb14a fix: add missing relations from commit b857be9cab 2018-10-17 19:15:57 +02:00
Christophe Vandeplas
873bc873b4 Merge remote-tracking branch 'MISP/master' 2018-10-17 18:28:44 +02:00
Christophe Vandeplas
1e90cac717 fix: intrusion is an actor and not a tool 2018-10-17 18:17:33 +02:00
Deborah Servili
c8cbb609a2
add GreyEnergy 2018-10-17 16:05:51 +02:00
Deborah Servili
2ea560f9a7
add refs & synonyms 2018-10-15 12:02:21 +02:00
Deborah Servili
11a27df82d
add roaming mantis group 2018-10-12 15:50:52 +02:00
Deborah Servili
b3109f6aea Merge branch 'master' of https://github.com/MISP/misp-galaxy 2018-10-12 13:55:01 +02:00
Christophe Vandeplas
f26a4f2806 fix: minor newline difference after jq_all_the 2018-10-12 12:31:29 +02:00
Christophe Vandeplas
f14d616e22 chg: magical mapping with malpedia 2018-10-12 11:00:00 +02:00
Christophe Vandeplas
2fbd8ce485 jq sort keys
Allows automation to edit the files
2018-10-12 10:35:31 +02:00
Deborah Servili
4c367737ac
add magecart ref 2018-10-10 14:52:16 +02:00
Deborah Servili
5bcf34a953
update regarding https://twitter.com/adulau/status/1047764090410737664 2018-10-04 10:28:22 +02:00
Deborah Servili
c78416eee1
update synonyms & attributions 2018-10-04 10:09:34 +02:00
Deborah Servili
3dfe8a5a34 add FASTCash 2018-10-03 15:09:14 +02:00
Deborah Servili
403f162451
add ref for magecart 2018-10-01 11:54:07 +02:00
Deborah Servili
35582f7ed5
new threat actors & tools 2018-10-01 11:52:40 +02:00
49fe210812
Merge pull request #270 from Delta-Sierra/master
new clusters, relations and information
2018-09-28 12:57:13 +02:00
Deborah Servili
fbf21487cf
new clusters and informtion 2018-09-28 11:08:21 +02:00
Nex
014aa325b7 Added missing country values 2018-09-26 23:05:46 +02:00
Deborah Servili
f7e10cb38d
add references 2018-09-24 14:58:21 +02:00
Deborah Servili
2bc8e1e719
add Cobalt Dickensthreat actor 2018-09-24 11:51:09 +02:00
Deborah Servili
5a1734f170
update version 2018-09-21 11:16:36 +02:00
Deborah Servili
3c7e367cbf
fix field mistake 2018-09-21 11:14:19 +02:00
Deborah Servili
1cee9d71e0
update Lazarus group cluster 2018-09-20 15:38:32 +02:00
Deborah Servili
6d43d52731
new unnamedthreat actor 2018-09-20 13:24:11 +02:00
Deborah Servili
d0864a6531
new threat actors 2018-09-20 12:10:20 +02:00
Deborah Servili
0a724bee3d
merge 2018-09-19 16:01:46 +02:00
Deborah Servili
058f778e61
add references 2018-09-19 09:04:04 +02:00
79146b9d10
fix: array in synonyms (MISP accepts it but not the schema ;-) 2018-09-19 07:35:35 +02:00
6105522453
chg: [threat-actor] Iron Group added
ref: https://www.intezer.com/iron-cybercrime-group-under-the-scope-2/
2018-09-19 07:08:16 +02:00
8238bd5eb1
Merge pull request #263 from botherder/bahamut
Added Bahamut to threat actors list
2018-09-19 06:46:26 +02:00
Nex
f0383758fc Added Bahamut to threat actors list 2018-09-18 11:27:32 +02:00
fe60e58f5b
Merge pull request #262 from botherder/mythic-leopard
Added additional name to C-Major
2018-09-18 11:25:58 +02:00
Nex
1e502a494e Added additional name to C-Major 2018-09-18 11:18:42 +02:00
Nex
ee7f609397 Removed duplicates 2018-09-18 11:16:00 +02:00
88c9d8d9f6
Merge pull request #259 from botherder/country-sync
Synced country codes with suspected state sponsor
2018-09-17 18:18:00 +02:00
Nex
be0dd94c90 Synced country codes with suspected state sponsor 2018-09-17 16:26:14 +02:00
Nex
c2ea505459 Merged Transparent Tribe in C-Major 2018-09-17 16:11:18 +02:00
Deborah Servili
a73424139f
fix versions 2018-09-12 14:26:44 +02:00
Deborah Servili
f107563cad
add ref for operation Applejeus 2018-09-12 09:34:16 +02:00
Deborah Servili
c92dc15937
add Operation AppleJeus 2018-09-10 14:13:09 +02:00
Deborah Servili
40d5cca20f
clusters 2018-09-07 16:03:40 +02:00
Deborah Servili
f14dd27315
add cfr data 2018-08-27 15:29:16 +02:00
Deborah Servili
9efca2fd79 more clusters
Signed-off-by: Deborah Servili <deborah.servili@gmail.com>
2018-08-24 16:11:16 +02:00
Deborah Servili
c943d1c9d1
add APT28/STRONTIUM refs 2018-08-22 09:59:40 +02:00
cd76f19f52
chg: [threat-actor] APT-C-35 actor added
ref: https://ti.360.net/blog/articles/latest-activity-of-apt-c-35/
2018-08-15 20:25:57 +02:00
Christophe Vandeplas
88162aa44e chg: [mapping] Generated automatic mapping between clusters 2018-08-14 09:35:22 +02:00
Christophe Vandeplas
5478f0aa45 no change: dump files with sort_keys=True
This is needed to keep better track of the changes when other tools load and save the json files.
2018-08-13 17:06:29 +02:00
Christophe Vandeplas
021107e597 fix: [threat-actor] added missing uuids 2018-08-13 17:00:40 +02:00
6620b5575a
fix: [threat-actor] related is an array of JSON objects 2018-08-09 07:53:42 +02:00
1429b60555
chg: [threat-actor] jq document 2018-08-08 16:38:39 +02:00
Deborah Servili
ebc7287e14
update schema 2018-08-08 16:12:29 +02:00
Deborah Servili
33a300b773
tags is an array 2018-08-08 15:59:44 +02:00
Deborah Servili
b857be9cab
relationship system - v2 2018-08-08 15:51:22 +02:00
Deborah Servili
050a864be0
update some clusters and try to add a relationship system 2018-08-08 14:20:38 +02:00
Deborah Servili
84adb50f0f
add RedAlpha campaigns 2018-08-07 13:55:05 +02:00
Deborah Servili
b7de06ffcc
delete forgotten conflict marker 2018-08-06 08:49:44 +02:00
Deborah Servili
010df0a2b6
resolve merge conflict 2018-08-06 08:48:21 +02:00
Deborah Servili
def23775e5
resolve merge conflict 2018-08-06 08:45:03 +02:00
Nils Kuhnert
ab49b58b02
Added DarkHydrus 2018-08-06 08:33:34 +02:00
Nils Kuhnert
4654f51889
Two small typos 2018-08-05 15:09:38 +02:00
Deborah Servili
e5b185deee
Merge branch 'master' into master 2018-08-03 16:11:16 +02:00
Deborah Servili
35aa8ba34e
delete duplicate gorgon group 2018-08-03 16:08:43 +02:00
Deborah Servili
a9a71ef84c
more clusters 2018-08-03 15:58:54 +02:00
b3701b6b34
chg: [threat-actor] The Gordon Group added
ref: https://researchcenter.paloaltonetworks.com/2018/08/unit42-gorgon-group-slithering-nation-state-cybercrime/
2018-08-03 10:26:52 +02:00
3da005a3f3
fix: jq all the things(tm) 2018-08-02 15:15:47 +02:00
1fdf47d509
fix: [threat-actor] synonyms are always arraus 2018-08-02 15:13:18 +02:00
ece56dff38
chg: [threat-actor] leafminer - RASPITE added 2018-08-02 15:08:39 +02:00
43fa95df7a
chg: [threat-actor] new reference to CARBON SPIDER/Carbanak 2018-08-02 10:03:18 +02:00
Deborah Servili
381f7e4a19 Add CFR.org metadata into the galaxy - part 2 2018-07-25 09:08:16 +02:00
Deborah Servili
28456545be Merge https://github.com/MISP/misp-galaxy 2018-07-16 09:16:13 +02:00
98db303047
chg: [threat-actor] The Big Bang campaign/group added 2018-07-10 08:49:00 +02:00
Deborah Servili
cae0f7e1ad merging attempt 2018-06-29 16:39:34 +02:00
Deborah Servili
8c51ef98b3 add cfr related informations -still in progress- 2018-06-29 16:36:58 +02:00
Deborah Servili
fb6b01cc95
Merge branch 'master' into master 2018-06-27 09:39:28 +02:00
Deborah Servili
b1aac6b35b cfr update -in progress + add clusters associated to RANCOR 2018-06-27 09:37:43 +02:00
1bd0fb34d7
Merge pull request #233 from Delta-Sierra/master
Add CFR.org metadata into the galaxy - Test
2018-06-26 14:26:18 +02:00
Deborah Servili
6f9e639981 add cfr prefix for cfr data - test 2018-06-26 10:07:14 +02:00
Deborah Servili
1cd6bddf0c Add CFR.org metadata into the galaxy - Test 2018-06-26 09:40:13 +02:00
Nils Kuhnert
ed26cfb042
Updated APT1 report link 2018-06-22 13:49:05 +02:00
8e014674af
Fixed typo 2018-06-20 09:45:16 +02:00
Deborah Servili
dcda058944 update verion 2018-06-20 09:36:36 +02:00
Deborah Servili
e18fdf42da add Thrip as threat actor 2018-06-20 09:30:15 +02:00
Deborah Servili
d8c83cf2d6 add cluster in threat actor 2018-06-18 10:54:58 +02:00
c08c6af936
chg: Stalker Panda description added 2018-05-29 21:47:04 +02:00
Raphaël Vinot
96f3bf1cb8 fix: Duplicate ELECTRUM entry
Fix #212
2018-05-19 17:57:51 -04:00
3a7c4e3c57
Merge pull request #211 from eCrimeLabs/master
Added links in relation to Threat-actor info from Dragos
2018-05-15 16:17:56 +02:00
Dennis Rand
1ab4e4f4cf Added data related to Dragos Adverseries 2018-05-15 12:06:48 +00:00
Deborah Servili
5e0bd260d6 update some clusters 2018-05-09 16:12:02 +02:00
Deborah Servili
58e3e5f5d6 add ZooPark campaign 2018-05-04 10:16:01 +02:00
6b1d7d2201
add: threat actors from Dragos Inc. (based on https://dragos.com/adversaries.html) 2018-05-03 21:22:09 +02:00
Deborah Servili
55504f93d6 add HOGFISH as APT10 synonym 2018-05-03 11:10:21 +02:00
Deborah Servili
11f0963468 add Orangeworm, Kwampirs, Iron ransomware and Ton ransomware 2018-04-24 10:20:11 +02:00
Deborah Servili
c785ee6384 add some ransomwares & threat actors 2018-04-16 09:24:11 +02:00
Deborah Servili
8596ff3e10 update threat actor galaxy based on https://www.fireeye.com/content/dam/collateral/en/mtrends-2018.pdf 2018-04-09 11:52:12 +02:00
Daniel Plohmann (jupiter)
83fd4a9af9 added leviathan 2018-03-17 11:57:10 +01:00
Deborah Servili
5fa09c0962 update version 2018-03-12 11:54:29 +01:00
Deborah Servili
73eb11fedd update Mirage Threat actor 2018-03-12 10:44:57 +01:00
Deborah Servili
3f8b44bbe3 jq 2018-03-01 15:02:48 +01:00
Deborah Servili
227fa8b44f Merge https://github.com/MISP/misp-galaxy 2018-03-01 15:01:49 +01:00
Deborah Servili
b3574f880a jq ftw 2018-02-28 16:16:28 +01:00
Deborah Servili
d88a4a44dc add uuid to every cluster 2018-02-28 15:37:37 +01:00
22bf4f951f
fix #161 2018-02-27 19:32:07 +01:00
Deborah Servili
42596842a8 add synonym and ref for Emissary Panda (Iron Tiger APT) 2018-02-20 10:37:47 +01:00
1831752530
add ref to Nexus Zeta 2018-01-25 15:43:33 +01:00
193b474ad2
add: Nexus Zeta is no stranger when it comes to implementing SOAP
relatedrelated exploit ;-)
2018-01-25 15:41:47 +01:00
Daniel Plohmann
6de7c0176d adding dark caracal 2018-01-25 12:54:50 +01:00
Deborah Servili
8240934eb5 fix forgotten value Microcin 2018-01-11 16:01:19 +01:00
Deborah Servili
130ad39d4c add macOS malwares 2018-01-11 15:19:18 +01:00
Deborah Servili
db8ae5fbfe update OilRig threat actor 2017-12-18 09:26:15 +01:00
Deborah Servili
5cac510818 update threat actor galaxy 2017-12-13 14:57:38 +01:00
steffenenders
96749fd350
Fixed mixed up description/value for MuddyWater 2017-11-19 19:23:10 +01:00
Deborah Servili
e2dbd5a9a3 add MuddyWater + Update HIDDEN COBRA and update its tools 2017-11-17 15:41:44 +01:00
Deborah Servili
09bab156c7 update version number 2017-11-09 12:30:32 +01:00
Deborah Servili
3369270bdb add Sowbug group 2017-11-08 15:05:37 +01:00
Fredrik Borg
72d8bfc28a fix-iso-code-3 2017-11-07 14:15:40 +01:00
Fredrik Borg
afc4972e25 fix iso codes 2017-11-07 14:04:04 +01:00
Fredrik Borg
53a6a8d26f remove duplicate references 2017-11-07 13:34:44 +01:00
Siri Bromander
bf0d1d27ca Updated with data from APT Groups and Operations 2017-11-07 11:07:23 +01:00
Fredrik Borg
26192bf39a Bump version number 2017-11-01 18:14:20 +01:00
Fredrik Borg
51f86d5382 Use standard (2 digits) ISO codes for all countries 2017-11-01 12:38:21 +01:00
Daniel Plohmann
02710714bd add APT33 as identified by FireEye 2017-09-29 11:43:38 +02:00
Daniel Plohmann
355a230182 added FIN7 as alias for anunak 2017-08-01 13:29:57 +02:00
Daniel Plohmann
b4e49823dd merged barium into axiom (only one redundant reference given) 2017-08-01 13:13:56 +02:00
Raphaël Vinot
282c3a8101 Merge pull request #74 from Delta-Sierra/master
adding clusters based on MISP data
2017-07-26 11:41:00 +02:00
Deborah Servili
7e59f14dca update Spring Dragon threat actor 2017-07-26 09:21:36 +02:00
Raphaël Vinot
8598210895 Remove empty string. 2017-07-25 18:02:11 +02:00
a295d40589 Cobalt gang added 2017-07-08 10:16:11 +02:00
c0786dfb22 El Machete added 2017-06-26 11:44:46 +02:00
dd2a51037a jq all ;-) 2017-06-20 20:34:04 +02:00
Jaime
f92b9cb710 Added FIN8 actor 2017-06-20 11:28:32 -07:00
David André
3dfbb7e1d0 Added Symantec alias for sofacy 2017-06-16 11:22:17 +02:00
danielplohmann
5724f19873 Merge branch 'master' into hidden-cobra-lazarus 2017-06-15 14:13:50 +02:00
Daniel Plohmann (jupiter)
f7963c9a8c added Hidden Cobra as alias for Lazarus Group 2017-06-15 14:09:29 +02:00
Daniel Plohmann
ff4f428bc1 added ELECTRUM to threat-actor.json (afaik not confirmed as an alias atm) 2017-06-13 13:25:16 +02:00
Daniel Plohmann
9924a8875c added PLATINUM to threat-actor.json (afaik not confirmed as an alias atm) 2017-06-13 13:21:10 +02:00
91663c4793 Merge pull request #58 from danielplohmann/wildneutron
added WildNeutron (Morph, Butterfly, Sphinx Moth)
2017-06-06 10:02:56 +02:00
Deborah Servili
aa34718b13 edit threat actor - should fix #59 and #60 2017-06-06 08:40:29 +02:00
Daniel Plohmann (jupiter)
068dc40a78 added WildNeutron (Morph, Butterfly, Sphinx Moth) 2017-06-05 19:13:27 +02:00
David André
83833f257c Added synonyms for APT10 and one for APT1 2017-06-02 10:26:45 +02:00
fab863933e SilverTerrier added 2017-05-30 08:40:26 +02:00
5da5df6384 APT32 added 2017-05-15 09:18:28 +02:00
Déborah Servili
531595c944 ##comma## 2017-04-14 14:52:23 +02:00
Déborah Servili
54512eb840 Add some tools/threat actor 2017-04-14 14:48:39 +02:00
bbf6716c73 Longhorn (CIA) added 2017-04-10 20:22:57 +02:00
nyx0
78cdb10aae Add new Sednit name according to https://www.secureworks.com/research/iron-twilight-supports-active-measures 2017-03-31 09:28:50 -04:00
chrisdoman
dbf989c742 Added descriptions and reference to threat-actor json 2017-03-22 12:52:05 +00:00
Raphaël Vinot
e1b5701351 JQ all the things 2017-03-16 17:31:43 +01:00
Raphaël Vinot
0d8d265319 Fix typo. 2017-03-16 17:27:17 +01:00
CERT-Bund
4112a041f7 Added groups, joined groups, added synonyms (see extended description)
Added: HammerPanda, Barium, Infy, Sima, Groundbait
Joined: StrongPity and Promethium
Synonyms: Lead as Winnti, Moonlight as MoleRats, FalloutTeam as DarkHotel, DustStorm as StonePanda, Skipper and Popeye as Pacifier
2017-03-16 17:02:55 +01:00
e002e62204 missing \n at the end of the file 2017-03-01 14:55:45 +01:00
Chris Doman
9e5c983a65 Ran jq 2017-03-01 13:24:00 +00:00
Chris Doman
e934f88b3b Added references
Mostly added references to existing groups
Capitalised DarkHotel, put a space in APT30 default name (the others
had that)
2017-03-01 12:53:52 +00:00
a224c7ce5e add: Gamaredon Group added 2017-02-28 09:17:33 +01:00
Christophe Vandeplas
048b831f53 minor correction 2017-02-27 11:00:48 +01:00
Thanat0s
3774f05237 Somes alias fetch from : https://attack.mitre.org/wiki/Groups 2017-02-26 23:07:42 +01:00
Raphaël Vinot
7db66e05dd Strict schema, update clusters accordingly 2017-02-14 11:34:59 +01:00
Raphaël Vinot
910398fe76 Fix validation, remove duplicate. 2017-02-13 18:52:54 +01:00
abca7a02d0 Greenbug added 2017-01-23 16:20:09 +01:00
19406277d4
Equation Group added 2017-01-13 08:23:03 +01:00
649c043ad2
Import manually cert-eu contribution
- Fix the meta attributes (like the motive field ) to be within meta and not
   outside
 - Remove some "null" values that seems to come from previous tests
 - Pretty-print the Javascript (better for diffing)
2017-01-09 23:07:57 +01:00
a6cb478a3b Separate APT30 from Naikon group 2017-01-06 22:26:53 +01:00
ea9ebaf5d6 PassCV group added 2017-01-06 13:51:22 +01:00
c3364add3c Cadelle and Chafer groups added 2017-01-06 13:25:30 +01:00
c38f62ae12 Packrat added 2016-12-30 12:47:47 +01:00
d37db31a75 Operation Iron Tiger added as synonym 2016-12-17 09:51:13 +01:00
3deb47a9c8 Molerats, PROMETHIUM and NEODYMIUM added 2016-12-17 09:40:47 +01:00
ff17ac998e TeleBots group added 2016-12-13 19:37:30 +01:00
3a657ace36 TERBIUM added 2016-12-13 09:11:16 +01:00
d834ec1f52 Singular everywhere 2016-12-04 17:37:29 +01:00
Renamed from clusters/threat-actors.json (Browse further)