Daniel Plohmann
a817324cd4
adding threat actor "Moses Staff"
2022-03-02 15:50:39 +01:00
Mathieu Beligon
0b456b8afa
version bump -> 213
2022-03-02 14:55:26 +01:00
Mathieu Beligon
d3d241ca54
Update Gamaredon target
2022-03-02 14:55:19 +01:00
Mathieu Beligon
27c05a118e
Update GhostWriter
2022-03-02 13:16:20 +01:00
Delta-Sierra
c909a35d65
Merge https://github.com/MISP/misp-galaxy into main
2022-02-18 10:57:10 +01:00
Delta-Sierra
a788c867a7
jq
2022-02-18 10:56:07 +01:00
Delta-Sierra
b0cd884afc
add TA2541
2022-02-18 10:54:25 +01:00
Daniel Plohmann
321e4b4a57
another Gamaredon ref and version bump
2022-02-18 08:26:01 +01:00
Daniel Plohmann
254dd47a61
adding ACTINIUM as MSFT name for Gamaredon
2022-02-18 08:24:35 +01:00
Delta-Sierra
9b76d71c43
Merge https://github.com/MISP/misp-galaxy into main
2022-02-14 08:47:21 +01:00
Delta-Sierra
3184819968
add DDG botnet and more
2022-02-11 16:13:36 +01:00
rwe
4700780d47
added antlion APT group
2022-02-05 04:52:33 -08:00
Daniel Plohmann
833a6e0a8d
updated URLs for Gamaredon with Shuckworm alias reference
2022-02-02 09:40:10 +01:00
Daniel Plohmann
8f928d8eb3
adding Gamaredon alias Shuckworm used by Symantec
2022-02-02 09:35:53 +01:00
Delta-Sierra
e523bdaf70
merge
2022-01-14 16:08:14 +01:00
Thomas Dupuy
c792bdd1b7
Add AQUATIC PANDA threat actor.
2022-01-12 13:51:11 -05:00
Sami Tainio
dcb87b0dc6
chg: [threat-actor] Add SideCopy
2022-01-07 17:45:41 +02:00
Daniel Plohmann
3094283252
adding Mandiant's FIN13.
2022-01-03 09:32:43 +01:00
Delta-Sierra
bb92427b65
add Lyceum synonyms/sources
2021-11-29 12:05:51 +01:00
Jeroen Pinoy
9ec76ae185
Add threat actor common raven
2021-10-03 23:30:20 +02:00
Thomas Dupuy
89a3f986ba
Add InkySquid synonym.
2021-08-24 16:29:34 +02:00
Daniel Plohmann
3272960a14
fixed typo in actor name (CLOCKWORD -> CLOCKWORK SPIDER)
2021-08-19 06:02:40 +02:00
Rony
5dd0c7d8b3
chg: [threat-actor] add origin country to UNC2452 & HAFNIUM
...
addressed https://github.com/MISP/misp-galaxy/pull/660#issuecomment-884475015
2021-08-02 22:30:05 +05:30
Rony
636ccdedcd
Update threat-actor.json
2021-07-21 18:47:56 +05:30
Rony
9ecfecc063
another fix
2021-07-21 18:41:18 +05:30
Rony
32ea60d721
fix
2021-07-21 18:31:05 +05:30
Rony
52e7d5a0a9
multiple updates to apt40, apt31 & hafnium
2021-07-21 18:28:40 +05:30
Rony
fb9a41f8e9
from Gov Canada & MFA Japan
2021-07-19 20:33:35 +05:30
Rony
c90c60cb13
adding references for APT40 & APT31
2021-07-19 20:14:36 +05:30
6c8949caa9
Merge pull request #658 from jasperla/oilrig
...
merge APT34 with OilRig
2021-07-03 08:56:39 +02:00
Deborah Servili
b6005bd53f
Merge branch 'main' into master
2021-07-02 13:30:51 +02:00
Delta-Sierra
913aff30c3
Add NOBELIUM and related
2021-07-02 13:18:03 +02:00
Jasper Lievisse Adriaanse
792490298e
merge APT34 with OilRig
...
OilRig already has "APT 34" and "APT34" as synonyms. Additionally
MITRE has since combined them due to overlap in activity:
https://attack.mitre.org/groups/G0049/
2021-06-29 20:26:04 +02:00
Jürgen Löhel
254c201601
[cluster][tool] Adds Matanbuchus
...
+ threat actor: BelialDemon
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-06-21 18:04:28 -05:00
Thomas Dupuy
772c5145c1
Added BackdoorDiplomacy and Gelsemium.
2021-06-11 11:48:57 -04:00
Rony
9a723b6261
more ta544 references
2021-05-26 20:26:27 +05:30
Rony
db06e1fa4a
chg: [threat-actor] added cybercrime threat group profiles from Crowdstrike & Secureworks
2021-05-22 21:02:30 +05:30
Daniel Plohmann
433ea5cb45
Twisted Spider -> TWISTED SPIDER
...
fair point
2021-05-19 17:04:58 +02:00
Daniel Plohmann
9719122d27
adding Twisted Spider as alias for TA2101 (Maze)
2021-05-19 16:47:41 +02:00
a3cdbc1309
Merge pull request #650 from Still34/patches/alias-tick-1
...
Add alias for Tick
2021-05-07 23:23:38 +02:00
Still Hsu
eb671f1e6a
Add Nian alias
...
Signed-off-by: Still Hsu <dev@stillu.cc>
2021-05-08 00:52:27 +08:00
Still Hsu
fe7c0dab07
Add country origin for BlackTech
...
Signed-off-by: Still Hsu <dev@stillu.cc>
2021-05-08 00:32:39 +08:00
Daniel Plohmann
38b8bac51d
fixing broken/dead links
2021-05-04 20:15:17 +02:00
Rony
faed812fc9
Merged STALKER PANDA to Tick
2021-04-25 19:12:20 +05:30
Rony
89b9c0c32c
several updates to apt27
2021-04-25 16:53:36 +05:30
Daniel Plohmann
6eb594a6b0
adding Yanbian Gang as threat actor
2021-04-16 15:12:45 +02:00
Daniel Plohmann
2d8e9ea364
Symantec uses Palmerworm as alias for BlackTech
...
Adding Palmerworm as Symantec alias for BlackTech (with reference).
2021-03-31 22:35:12 +02:00
Thomas Dupuy
a8c62ddeda
Add Ghostwriter.
2021-03-31 09:42:40 -04:00
Rony
50f5d2ae4a
reverted changes made into 52ae97718d
2021-03-30 22:19:05 +05:30
sebdraven
ce8a9442eb
validation jsons
2021-03-30 13:12:21 +00:00
Sebdraven
52ae97718d
Update threat-actor.json
...
add a synonym to Haffnium
2021-03-30 15:11:09 +02:00
sebdraven
b082977b9f
validation ok
2021-03-30 10:22:35 +00:00
Sebdraven
4ed4cebcee
Update threat-actor.json
...
format json
2021-03-30 12:16:22 +02:00
Sebdraven
a62e3ba530
Update threat-actor.json
...
add redecho threat actor
2021-03-30 12:10:50 +02:00
Delta-Sierra
7c843ac5c2
fix merge & jq
2021-03-11 14:08:29 +01:00
Delta-Sierra
c37befc8a9
merge
2021-03-11 10:35:05 +01:00
Rony
57c7d0b9a0
From Nextron
2021-03-06 19:44:32 +05:30
Rony
6cabbfb091
more!
2021-03-06 14:22:29 +05:30
Rony
7b242555df
More references
...
From
Crowdstrike
MSRC
and kql hunting query from James Quinn
2021-03-06 13:28:14 +05:30
Rony
eaab88ef28
add HAFNIUM detection refs
2021-03-05 16:51:28 +05:30
Rony
4bc438a325
fix
2021-03-05 11:48:43 +05:30
Rony
d9b299aafc
add more HAFNIUM references
2021-03-05 11:42:04 +05:30
Rony
c9f7afef1c
Adding alias NOBELIUM
2021-03-04 22:39:33 +05:30
47dade9d0e
Merge pull request #631 from r0ny123/Enhancement
...
Add HAFNIUM
2021-03-04 14:48:01 +01:00
Rony
ad795606cf
added HAFNIUM
...
Updates:
Tonto Team
UNC2452
2021-03-04 00:10:33 +05:30
Sebdraven
2666341afc
Update threat-actor.json
...
update Sidewinder card
2021-03-03 17:59:25 +01:00
Thomas Dupuy
f842694fda
Update Infy TA.
2021-03-02 14:37:01 -05:00
Delta-Sierra
d273a5da7d
add TeamTNT ref
2021-02-25 09:52:24 +01:00
Rony
5c6f3a036b
removing DePrimon
...
DePrimon is not a TA, added malfamily (waiting for approval) to Malpedia to better reflect that.
2021-02-24 21:55:04 +05:30
Delta-Sierra
7c1ac58141
add TeamTNT
2021-02-22 16:38:18 +01:00
Delta-Sierra
96bf0d44ea
Merge https://github.com/MISP/misp-galaxy
2021-02-09 14:52:58 +01:00
Daniel Plohmann
d61e7d2fac
adding ClearSky alias for Volatile Cedar
...
adding ClearSky report as source and alias to the VolatileCedar entry. As proof from the report: "We attributed the operation to Lebanese Cedar (also known as Volatile Cedar), mainly based on the code overlaps between the 2015 variants of Explosive RAT and Caterpillar WebShell, to the 2020 variants of these malicious files."
2021-01-29 10:39:18 +01:00
StefanKelm
fb35646406
Update threat-actor.json
...
Lazarus
2021-01-26 14:38:37 +01:00
StefanKelm
a131a7ce98
Update threat-actor.json
...
Lazarus
2021-01-20 17:43:18 +01:00
3c19c7c1e5
Merge pull request #617 from danielplohmann/patch-4
...
merge COVELLITE into Lazarus Group
2021-01-17 16:05:13 +01:00
Daniel Plohmann
ca66fcd93a
merge COVELLITE into Lazarus Group
...
I would propose to move COVELLITE as tracked by Dragos as an alias into Lazarus Group and merge the references.
Dragos' own description states that it refers to the same group as "Lazarus" and "Hidden Cobra" in that infrastructure and tools are the same: https://www.dragos.com/threat-activity-groups/ - the entry in MISP's threat actor library also reflects that.
2021-01-17 15:07:26 +01:00
Rony
91e87cf82c
Update threat-actor.json
...
Don't know how StarCraft
2021-01-17 12:21:34 +05:30
Daniel Plohmann
edcc3c0bc1
merging ScarCruft->APT37
...
I would like to propose merging entry "ScarCruft" into "APT37". It really just seems like a redundancy, as both its aliases "Operation Daybreak" and "Operation Erebus" are already present for "APT37", along alias "StarCruft", which just seems to be a less popular variation of the name ("StarCruft" 3.2k google hits vs "ScarCruft" 31.5k google hits). The references of the entry can be fully merged as well - they do not overlap so far.
2021-01-15 18:52:49 +01:00
Delta-Sierra
a6f7795952
fix merge
2021-01-12 10:38:33 +01:00
2b356a9eb0
chg: [threat-actor] UNC2452/DarkHalo added - ref. #614
2021-01-12 07:01:36 +01:00
Rony
3240aa819f
Update threat-actor.json
2020-12-14 11:54:41 +05:30
Rony
2ffb77b35b
BISMUTH
2020-12-14 10:41:15 +05:30
Delta-Sierra
31f96513b2
update sidewinder threat actor
2020-12-11 16:09:33 +01:00
StefanKelm
5dc92995f6
Update threat-actor.json
...
DeathStalker, Mabna
2020-12-04 11:43:06 +01:00
StefanKelm
4fee985b5e
Update threat-actor.json
...
Turla
2020-12-03 13:05:14 +01:00
StefanKelm
72e085aba9
Update threat-actor.json
...
OceanLotus
2020-12-02 11:44:29 +01:00
StefanKelm
15b5f4c881
Update threat-actor.json
...
APT27
2020-11-30 11:49:23 +01:00
StefanKelm
da910c0c2e
Update threat-actor.json
2020-11-18 19:15:11 +01:00
StefanKelm
48ffaa8ce1
Update threat-actor.json
...
Lazarus
2020-11-18 12:10:23 +01:00
StefanKelm
bf5bdeacb0
Update threat-actor.json
...
OceanLotus
2020-11-09 14:39:55 +01:00
StefanKelm
41a7a36317
Update threat-actor.json
...
Kimsuky
2020-11-02 17:30:25 +01:00
Rony
333e55fbeb
remove duplicate!
2020-11-02 14:18:49 +05:30
Rony
000cfa68a8
Update threat-actor.json
...
Added TRACER KITTEN, FIN11, UNC1878, Operation Skeleton Key
2020-11-02 13:51:08 +05:30
Deborah Servili
28784683db
Merge branch 'main' into master
2020-10-30 16:17:27 +01:00
24f05749f0
Merge branch 'master' of https://github.com/enhanced/misp-galaxy into enhanced-master
2020-10-30 09:47:45 +01:00
JJ Cummings
c48a38c2f1
Added a new cryptominer galaxy and additional missing recent families to various clusters
2020-10-29 14:40:22 -06:00
StefanKelm
808c2c3828
Update threat-actor.json
...
Kimsuky
2020-10-28 12:52:06 +01:00
Daniel Plohmann
02bcf1f5a7
adding PowerPool alias IAmTheKing (Kaspersky)
...
after a quick search I haven't found a nice source except for costin's tweet.
2020-10-09 13:49:16 +02:00
StefanKelm
7bab41e367
Update threat-actor.json
...
TA505
2020-10-06 15:29:54 +02:00
StefanKelm
1d05f17507
Update threat-actor.json
...
XDSpy
2020-10-06 12:45:43 +02:00