Rony
aa34775390
typo
...
thanks to @patricksvgr
2020-04-19 23:17:44 +05:30
Rony
ddfa280672
Update threat-actor.json
2020-04-19 23:06:57 +05:30
Rony
7ac2648dbc
more fix
2020-04-19 23:00:42 +05:30
Rony
573b4807ee
fix broken links
2020-04-19 16:03:21 +05:30
Rony
42a4820823
dead link
2020-04-19 11:45:45 +05:30
Rony
0aa34187e9
add link
2020-04-19 11:29:36 +05:30
Rony
d6bf42254f
Merging APT23 & Tropic Trooper
2020-04-18 13:22:25 +05:30
Rony
c161080175
Update threat-actor.json
2020-04-15 21:36:48 +05:30
Deborah Servili
e8edc9cafc
Merge branch 'master' of https://github.com/MISP/misp-galaxy
2020-04-15 11:27:01 +02:00
Deborah Servili
b01e64eb1f
add Operation Shadow Forece
2020-04-08 14:53:19 +02:00
Daniel Plohmann
aba625dee5
removed duplicate entry
2020-04-07 08:49:33 +02:00
Daniel Plohmann
e15a4a6525
fixing/removing some more dead links
2020-04-06 15:25:22 +02:00
e37f320df5
Merge pull request #523 from danielplohmann/patch-24
...
adding aliases MERCURY, HOLMIUM
2020-03-09 21:56:27 +01:00
Daniel Plohmann
ab49ef3c1a
Kimsuki -> Black Banshee
...
PWC refers to Kimsuki as Black Banshee (https://www.pwc.co.uk/issues/cyber-security-data-privacy/research/tracking-kimsuky-north-korea-based-cyber-espionage-group-part-2.html )
2020-03-09 18:20:56 +01:00
Daniel Plohmann
1260ab156a
adding aliases MERCURY, HOLMIUM
...
Muddywater->MERCURY: https://twitter.com/moranned/status/1234071210822184960
APT33->HOLMIUM: https://www.zdnet.com/article/microsoft-notified-10000-victims-of-nation-state-attacks/
2020-03-09 08:50:08 +01:00
4a64d0a4ad
Merge pull request #519 from danielplohmann/crowdstrike2020report
...
adding new/updated threat actor names from CrowdStrike 2020 report
2020-03-05 09:07:16 +01:00
Daniel Plohmann (jupiter)
0c2b0b76eb
while we are at it, we can also do Longhorn = APT-C-39
2020-03-04 21:09:06 +01:00
Daniel Plohmann (jupiter)
184f193342
IMPERIAL KITTEN as alias for Tortoiseshell
2020-03-04 19:39:14 +01:00
pnx@pyrite
3dc460e795
adding new/updated threat actor names from CrowdStrike 2020 report
2020-03-04 13:36:34 +01:00
Daniel Plohmann
dc059d1f4d
Accenture calls APT32 - "POND LOACH"
2020-03-03 19:40:50 +01:00
b4b91b1e5d
chg: [threat-actor] JSON fixed
2020-02-28 16:37:24 +01:00
Thomas Dupuy
0daeb675f5
Add InvisiMole cluster
2020-02-18 13:28:32 -05:00
Daniel Plohmann
e481e9bb50
adding APT-C-12
2020-02-13 17:44:45 +01:00
Rony
22c9badee0
Update threat-actor.json
...
those are the name of aliases of the same malware family sykipot. so removing it.
2020-02-05 18:00:31 +05:30
Deborah Servili
5da17d51aa
Merge branch 'master' into master
2020-01-24 09:33:33 +01:00
Deborah Servili
606e3ec90f
jq
2020-01-24 09:32:09 +01:00
Deborah Servili
58415324c5
add Operation Wocao
2020-01-24 08:27:20 +01:00
Thomas Dupuy
edc5196373
Add Attor and DePriMon
2020-01-23 11:27:00 -05:00
Daniel Plohmann
ccfe5ee130
removing and fixing deadlinks in the best possible way
...
Hi! While migrating Malpedia to our new reference data format, we noticed a few potentially dead/moved references in your cluster. This pull request should fix most of them, for some I was not able to find an appropriate replacement.
2020-01-23 11:14:20 +01:00
Daniel Plohmann
29a128da6f
adding references and TEMP.MixMaster as alias for WIZARD SPIDER
...
with kudos to @tbarabosch
2020-01-22 15:42:01 +01:00
dbaab413b6
chg: [threat-actor] typo fixed
2020-01-18 17:30:27 +01:00
564f27c5ca
chg: [threat-actor] format fixed
2020-01-18 17:26:45 +01:00
34c5c66279
chg: [threat-actor] fix order
2020-01-18 17:08:32 +01:00
8eeceafc51
chg: [threat-actor] Budminer APT added based on document from "Soesanto, Stefan"
...
Ref: https://www.research-collection.ethz.ch/bitstream/handle/20.500.11850/389371/1/Cyber-Reports-2020-01-A-one-sided-Affair.pdf
Ref: https://www.symantec.com/connect/blogs/taiwan-targeted-new-cyberespionage-back-door-trojan
2020-01-18 17:02:44 +01:00
5da0c7bd54
chg: [threat-actor] SideWinder APT group added
2020-01-07 10:42:07 +01:00
StefanKelm
9b6f9136f9
Update threat-actor.json
2020-01-03 12:50:49 +01:00
StefanKelm
9373cfcb53
Update threat-actor.json
...
BRONZE PRESIDENT
2020-01-03 12:42:57 +01:00
Rony
6b1142abac
Update threat-actor.json
2019-12-23 22:05:28 +05:30
Bart
8ebb2e2d16
Update threat-actor.json
...
Adds Operation Wocao..
2019-12-19 21:42:02 +01:00
9f56a91013
Merge pull request #492 from Delta-Sierra/master
...
Operation Soft Cell ralated Updates
2019-12-13 13:35:52 +01:00
Deborah Servili
03c54a3e05
add GALLIUM as microsoft activities group and similar to Operation Soft Cell
2019-12-13 11:47:31 +01:00
Deborah Servili
3be47af325
update threat actor version
2019-12-13 11:04:51 +01:00
Deborah Servili
9b153913be
add relation suspected link between operation soft cell and apt10
2019-12-13 10:59:06 +01:00
Sebastian Wagner
c3b5b39dd3
sofacy: add apt_sofacy as synonym
2019-12-12 15:57:13 +01:00
Deborah Servili
170f964e8c
##COMMA##
2019-12-11 14:22:09 +01:00
Deborah Servili
7e18f2e509
Merge branch 'master' into master
2019-12-11 13:51:52 +01:00
Deborah Servili
391b5a674d
add Axiom synonym
2019-12-11 13:50:35 +01:00
8da36c09e1
chg: [threat-actor] jq
2019-12-08 09:03:14 +01:00
Daniel Plohmann
94b3c1ec07
added APT-C-34 / Golden Falcon
2019-12-07 12:44:30 +01:00
Deborah Servili
31f3a61d5f
add Sofacy ref
2019-12-05 15:42:42 +01:00
Daniel Plohmann
bd3cc6d8ee
added TA2101
2019-12-03 18:13:44 +01:00
8cc5e02f22
chg: [clean-up] jq all the things
2019-11-21 17:19:39 +01:00
Deborah Servili
38641aae36
merge
2019-11-21 16:24:11 +01:00
Deborah Servili
f21dd95b28
merge
2019-11-21 16:23:29 +01:00
Deborah Servili
1a0dd2292b
add silence synonym & new meta field spoken-language
2019-11-21 11:50:02 +01:00
StefanKelm
aa132ca58f
new refs for APT33
2019-11-14 14:57:05 +01:00
eea0f528fa
chg: [threat-actor] Lucky Mouse synonym added
...
Ref: https://www.bleepingcomputer.com/news/security/cyber-espionage-group-customizes-old-public-tools/
Ref: https://www.cybersecurity-insiders.com/apt-lucky-mouse-group-targets-canada-icao-via-cyber-attack/
2019-11-12 12:51:44 +01:00
Raphaël Vinot
1486890f86
fix: JQ all the things.
2019-11-12 10:25:00 +01:00
871d90cfc2
chg: [threat-actor] Calypso group added
...
Ref: https://www.ptsecurity.com/upload/corporate/ru-ru/analytics/calypso-apt-2019-rus.pdf
MISP UUID: 5ca4718b-7f38-4822-83b7-0a1a0a00b412
2019-11-11 13:34:54 +01:00
d9a64c18ff
chg: [threat-actor] threat-actor-classification updated
2019-11-04 09:37:52 +01:00
6f463325b9
chg: [threat-actor] jq is jq
2019-11-03 16:01:09 +01:00
64a3569803
Merge branch 'master' of github.com:MISP/misp-galaxy
2019-11-03 08:52:37 +01:00
8d01e77574
chg: [threat-actor] Operation WizardOpium added
...
ref: https://securelist.com/chrome-0-day-exploit-cve-2019-13720-used-in-operation-wizardopium/94866/
2019-11-03 08:51:37 +01:00
346e54a321
Merge pull request #468 from Delta-Sierra/master
...
add Turla Group Symonym variant
2019-11-02 13:40:21 +01:00
Deborah Servili
1da2dc8af1
add Turla Group Symonym variant
2019-10-31 16:33:32 +01:00
Deborah Servili
efa2f43c0f
Merge pull request #467 from Delta-Sierra/master
...
Few updates
2019-10-31 14:31:16 +01:00
Deborah Servili
bee9b80898
jq
2019-10-31 10:37:36 +01:00
Deborah Servili
0a8f989e1c
add Winnti related tools etc.
2019-10-31 10:36:15 +01:00
Rony
1fc0f5e2e7
Update threat-actor.json
2019-10-17 09:46:56 +05:30
Deborah Servili
88025a541f
add operation soft cell
2019-10-14 16:07:35 +02:00
Deborah Servili
a4b59f647c
jq
2019-09-25 13:41:55 +02:00
309109eb27
chg: [threat-actor] new LookBack (Malware?Campaign?TA?)
...
Signed-off: During MISP training
2019-09-25 12:12:34 +02:00
a5ae130916
chg: [threat-actor] Evil Eye and POISON CARP
...
Ref: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/
Signed-off: Jean-Louis during training session
2019-09-25 11:27:03 +02:00
Deborah Servili
638cdd4198
version update
2019-09-20 14:54:56 +02:00
Deborah Servili
b9b4b9c651
Add Tortoiseshell thrat actor
2019-09-20 14:53:25 +02:00
StefanKelm
db2b5a13ef
Update threat-actor.json
...
Silent Librarian
2019-09-12 11:57:03 +02:00
Deborah Servili
718ea55dd7
Merge branch 'master' into master
2019-09-04 14:42:47 +02:00
Deborah Servili
9e3a998dfc
aff SectorJ04 group
2019-09-03 15:51:21 +02:00
Daniel Plohmann
f40b7dd132
'SectorJ04 Group' as alias introduced by NSHC for TA505
...
Not explicitly mentioned in the blog post but it looks like we just got an alias for TA505... https://threatrecon.nshc.net/2019/08/29/sectorj04-groups-increased-activity-in-2019/
2019-09-01 15:46:36 +02:00
0966e58da6
Merge branch 'master' of github.com:MISP/misp-galaxy
2019-08-30 11:06:29 +02:00
f5056ff02e
chg: [threat-actor] add machete-apt synonyms as reported in #445
2019-08-30 11:03:30 +02:00
StefanKelm
49f8f60a85
Update threat-actor.json
...
Add ITG08 as synonym for FIN6
2019-08-29 13:13:00 +02:00
8d78a2a108
chg: [threat-actor] jq all
2019-08-29 08:31:10 +02:00
791c88f2eb
Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master
2019-08-29 08:30:41 +02:00
Deborah Servili
395dd93e0f
add Asruex Backdoor
2019-08-28 15:40:03 +02:00
9926ea8826
chg: [threat-actor] LYCEUM added - 443 #fixed
2019-08-28 14:35:12 +02:00
Deborah Servili
ea68336b96
add ref for Gamaredon
2019-08-27 08:28:58 +02:00
Sebastian Wagner
38aebbf42a
remove empty strings
2019-08-19 17:04:07 +02:00
3841447e16
Merge pull request #434 from r0ny123/patch-1
...
added microsoft naming for the groups
2019-08-10 18:52:26 +02:00
Thomas Dupuy
df5c9057a1
add synonyme for Turla
2019-08-09 17:34:22 -04:00
Rony
feac39db6b
added microsoft naming for the groups
2019-08-09 22:19:09 +05:30
Thomas Dupuy
320e298549
update victims
2019-08-09 10:45:10 -04:00
Thomas Dupuy
1988662ee5
add APT41
2019-08-09 10:24:06 -04:00
Nils Kuhnert
17925f3e10
Remove local file link :)
2019-08-03 18:55:00 +02:00
7913adad61
chg: [threat-actor] rollback as discussed by chat with Andras until version 2.0
2019-08-02 16:08:40 +02:00
Andras Iklody
984be50396
lowercased value field for DarkHotel
2019-08-02 15:40:31 +02:00
a401ff7405
Merge branch 'master' into patch-13
2019-08-01 08:52:27 +02:00
Daniel Plohmann
0367e16ce0
adding secureworks actor names for energetic bear and teamspy
2019-07-31 14:35:09 +02:00
Daniel Plohmann
a4a72d0698
adding Proofpoint's TA428
2019-07-31 14:08:50 +02:00
Deborah Servili
2861d2d78c
jq
2019-07-16 10:13:10 +02:00
Deborah Servili
ea4d8a2d42
add SWEED threat actor
2019-07-16 10:03:07 +02:00
9517c8b878
chg: [threat-actor] version updated
2019-06-20 17:58:35 +02:00
8c90f7231c
chg: [threat-actor] duplicated refs removed
2019-06-20 17:35:35 +02:00
5e9d075ae5
chg: [threat-actor] synonyms fixed
2019-06-20 17:30:01 +02:00
195406cc6b
chg: [threat-actor] jq everything
2019-06-20 17:27:55 +02:00
d018519700
Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy
2019-06-20 17:23:04 +02:00
Deborah Servili
30f042211b
fix duplicate
2019-06-20 16:35:49 +02:00
Deborah Servili
a984786c8b
update threat actor galaxy
2019-06-20 16:25:23 +02:00
Rony
7afb9083b2
Update threat-actor.json
2019-06-19 23:29:35 +05:30
Deborah Servili
4bd37e2b2d
update threat actor galaxy
2019-06-19 16:38:04 +02:00
Deborah Servili
52e51833de
update threat actor galaxy
2019-06-18 16:05:49 +02:00
Deborah Servili
431e7a36c1
update threat actor galaxy
2019-06-17 16:36:42 +02:00
Deborah Servili
b966369933
##COMMA##
2019-06-14 16:35:55 +02:00
Deborah Servili
1e5292d999
fix duplicate
2019-06-14 16:21:33 +02:00
Deborah Servili
ead217eb28
Update version
2019-06-14 16:11:02 +02:00
Deborah Servili
98f0572d51
update threat actor galaxy
2019-06-14 16:06:09 +02:00
Deborah Servili
b040f9f57b
fix duplicate and links update (APT34)
2019-06-14 08:41:38 +02:00
Deborah Servili
2001652dae
fix duplicate
2019-06-14 08:28:44 +02:00
Deborah Servili
20e77afcc3
update threat actor galaxy
2019-06-13 16:19:21 +02:00
Deborah Servili
11c2f43c9f
tryto fix duplicate
2019-06-13 11:26:42 +02:00
Deborah Servili
e4245ee991
update threat actor galaxy
2019-06-12 16:25:24 +02:00
Deborah Servili
5a3d7e816f
fix duplicate
2019-06-12 09:24:05 +02:00
Deborah Servili
1ba7f19ca2
update threat actor galaxy
2019-06-11 16:14:58 +02:00
Deborah Servili
347ed5d529
jq
2019-06-11 15:57:21 +02:00
Deborah Servili
79f11de6db
update threat actor galaxy
2019-06-11 15:54:39 +02:00
Deborah Servili
d6b458520b
update threat actor galaxy
2019-06-11 11:57:04 +02:00
Deborah Servili
1f2e59addb
update Threat actor galaxy
2019-06-07 16:34:43 +02:00
Deborah Servili
185763a63a
update threat actor
2019-06-06 16:34:09 +02:00
Deborah Servili
b809b9cfbb
update threat actor darkhotel (nemim might be a typo)
2019-06-06 11:58:19 +02:00
Deborah Servili
189c3066a5
update threat actor
2019-06-04 16:32:39 +02:00
Deborah Servili
a6c9d335ee
fix multiple refs
2019-06-04 08:52:34 +02:00
Deborah Servili
b47863f1c1
update threat actors
2019-05-29 16:18:50 +02:00
Deborah Servili
f48167ce77
update threat actors
2019-05-29 15:34:20 +02:00
Deborah Servili
f4cf3464ce
update threat actors and tools
2019-05-28 16:05:54 +02:00
Deborah Servili
940762e0c5
update threat actor
2019-05-28 09:22:26 +02:00
Deborah Servili
0bb1420ab7
update threat-actor galaxy
2019-05-27 16:38:01 +02:00
Deborah Servili
af6241fd20
update Anchor Panda Threat Actor
2019-05-27 11:47:05 +02:00
Daniel Plohmann
1cc0137c38
adding TA542 to MUMMY SPIDER (emotet)
2019-05-17 17:36:57 +02:00
Rony
380006ecbb
merging Pacifier & Turla
2019-05-16 23:57:49 +05:30
Daniel Plohmann
a20f7fbe91
adding APT31/ZIRCONIUM
2019-05-15 22:43:33 +02:00
Rony
7c0ea4949a
Update threat-actor.json
2019-05-12 11:11:09 +05:30
Raphaël Vinot
988586fde0
fix: Duplicate values, typos.
2019-05-06 17:17:16 +02:00
StefanKelm
7e329855b2
Update threat-actor.json
...
Silent Librarian / COBALT DICKENS
2019-05-02 15:34:19 +02:00
37da9bebdf
chg: [threat-actor] FIN4 updates
2019-05-01 17:41:03 +02:00
Rony
0afaf81438
Update threat-actor.json
2019-05-01 15:54:38 +05:30
Rony
c565f61761
Update threat-actor.json
2019-05-01 15:51:56 +05:30
Rony
3b185d8435
Update threat-actor.json
2019-05-01 15:40:10 +05:30
Rony
ed351b4eae
updated FIN4
2019-05-01 15:24:59 +05:30
Rony
292df2360a
more report on APT36
2019-04-22 11:05:21 +05:30
Deborah Servili
8ac7aec85c
add Sea Turtle campaign
2019-04-19 13:21:11 +02:00
Christophe Vandeplas
ecc63cf166
chg; [threat-actor] validate + version bump
2019-04-17 21:01:55 +02:00
Christophe Vandeplas
d5fd896bb0
Merge pull request #385 from bartblaze/master
...
Add Whitefly
2019-04-17 20:53:15 +02:00
Bart
e1cab68683
Add Whitefly
2019-04-17 12:27:18 +01:00
Rony
d98aefa186
fixed the broken link
2019-04-17 09:17:23 +05:30
Bart
3256cca9e0
Add DoNot team references
2019-04-12 21:12:16 +01:00
d7b4908aa3
Merge branch 'patch-8' of https://github.com/danielplohmann/misp-galaxy into danielplohmann-patch-8
2019-04-12 05:58:47 +02:00
Daniel Plohmann
159225b6cf
Based on additional research, APT36 can actually be merged into Mythic Leopard
2019-04-11 22:29:49 +02:00
Rony
7987c8f023
Update threat-actor.json
2019-04-12 01:56:12 +05:30
Rony
2fc914b2f9
Update threat-actor.json
2019-04-12 01:06:50 +05:30
Rony
60e4a486a7
adding additional resources for APT36
2019-04-11 23:55:51 +05:30
Daniel Plohmann
df5301eab5
adding FireEye's TMP.Lapis / APT36
2019-04-09 08:38:44 +02:00
ac6276a906
Merge pull request #371 from Delta-Sierra/master
...
Add Operation ShadowHammer
2019-03-26 22:25:22 +01:00
Deborah Servili
6027d546f2
Add Operation ShadowHammer
2019-03-26 10:40:29 +01:00
52f088efc9
Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master
2019-03-21 20:51:59 +01:00
Daniel Plohmann
e0bb3d76a6
added APT-C-27 / GoldMouse
2019-03-21 18:06:03 +01:00
Deborah Servili
d0383b460f
jq
2019-03-21 09:15:16 +01:00
Deborah Servili
0fd04fa619
Merge branch 'master' into master
2019-03-21 08:42:30 +01:00
Deborah Servili
f86c748b8c
add AOT-C-27 Goldmouse
2019-03-20 15:45:20 +01:00
b2538a1f8a
chg: [threat-actor] change attribution confidence to be a string by default
2019-03-19 16:51:41 +01:00
4f454493b7
chg: [threat-actor] BRONZE UNION is also uppercase
2019-03-19 14:47:03 +01:00
9a6b597387
chg: [threat-actor] updated the version to avoid the past issue with 0 value for integer values
2019-03-19 14:44:49 +01:00
Deborah Servili
5ce8aae89e
add Operation Comando - hit version 100
2019-03-15 15:04:29 +01:00
5db30ba974
chg: [threat-actor] SandCat added
2019-03-14 06:18:10 +01:00
Deborah Servili
ecf76178e7
add attribution-confidence attribute to threat-actor
2019-03-11 11:18:12 +01:00
Deborah Servili
a65688ec02
Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy
2019-03-11 08:51:47 +01:00
Deborah Servili
33dbda1e1e
Merge branch 'master' of https://github.com/MISP/misp-galaxy
2019-03-11 08:51:16 +01:00
Deborah Servili
59ee8a9f13
Merge branch 'master' into master
2019-03-11 08:40:38 +01:00
Deborah Servili
ddab5f7006
Merge branch 'master' into master
2019-03-11 08:40:11 +01:00
139e6c32ed
chg: [threat-actor] new attribution-confidence level introduced
2019-03-11 08:37:49 +01:00
eb665e2883
chg: [threat-actor] jq all the things
2019-03-10 11:15:13 +01:00
6fb1303570
chg: [threat-actor] IRIDIUM added
...
Ref: https://resecurity.com/blog/parliament_races/
2019-03-10 10:47:34 +01:00
Daniel Plohmann
1d8ada33a0
Update threat-actor.json
...
another actor described by 360TIC.
2019-03-07 17:50:46 +01:00
Daniel Plohmann
cfb807861a
FireEye upgraded TEMP.Periscope to APT40
2019-03-07 14:34:14 +01:00
Deborah Servili
eb0a33eab6
add operation Kabar Cobra
2019-03-06 15:52:49 +01:00
Deborah Servili
6ffb8dd437
add relation between Lazarus Group and Operation SharpShooter
2019-03-04 12:03:05 +01:00
Deborah Servili
bd3fce00e1
add Razdel
2019-02-25 16:35:06 +01:00
f2159bfaa3
chg: [threat-actor] format fixed
2019-02-22 22:50:42 +01:00
d5df0d1064
chg: [threat-actor] uuid fixed
2019-02-22 22:45:28 +01:00
38283f0f86
chg: [threat-actor] STOLEN PENCIL added
2019-02-22 22:41:06 +01:00
243a6280e0
Merge pull request #350 from bartblaze/master
...
Add more info on Lotus Blossom
2019-02-21 23:39:33 +01:00
Bart
06553bbec2
Add more info on Lotus Blossom
...
Add 2 more references, fix typo - Trend calls it "Esile", not "Eslie" as mistakenly stated by CFR. The backdoor itself is commonly referred to as Elise.
2019-02-21 22:31:14 +00:00
ed132cb1b8
chg: [threat-actor] version fixed
2019-02-21 07:18:16 +01:00
Daniel Plohmann
0cd79994cc
Two more actor names from GTR2019
...
I found two more actor names while going again over the crowdstrike's report and updating the cross-references to malpedia.
2019-02-19 22:38:11 +01:00
Daniel Plohmann
85ec27b4c4
Added missing actors from CrowdStrike GTR2019
2019-02-19 18:26:01 +01:00
Itay Cohen
7d9dc1ec9d
Fix 404'd reference of BuhTrap
2019-02-17 11:33:11 +02:00
Deborah Servili
5bf18ffd23
Merge branch 'master' into master
2019-02-14 16:29:04 +01:00
Deborah Servili
9c450a80d4
add Gallmaker and other clusters
2019-02-14 16:04:54 +01:00
Deborah Servili
2794a20589
add OSX/Shlayer and some refs
2019-02-14 12:42:28 +01:00
Deborah Servili
8aeed60a24
Add Siesta campaign
2019-02-11 16:30:46 +01:00
João Neto
662cc5a012
Updated "Iran" name
...
This extra space leads to an unnecessary key error when parsing the json file
2019-02-08 16:50:22 +01:00
Nils Kuhnert
fc16f4f69c
Added Velvet Chollima as synonym to Kimsuki
2019-02-08 08:50:05 +01:00
Christophe Vandeplas
e5f74c8fdc
Merge pull request #336 from 3c7/synonym/static-kitten
...
Added static kitten as synonym for MuddyWater
2019-02-07 08:54:49 +01:00
2bbb8a6a43
Merge pull request #334 from 3c7/synonym/cobalt-spider
...
Added Cobalt Spider as Synonym for Cobalt
2019-02-07 08:53:19 +01:00
Nils Kuhnert
9778bea81e
Added Cobalt Spider reference
2019-02-07 08:41:00 +01:00
Nils Kuhnert
523a52c4db
Added static kitten as synonym for MuddyWater
2019-02-07 08:38:52 +01:00
Nils Kuhnert
0049acd81c
Added Turbine Panda as synonym for APT 26
2019-02-07 08:28:48 +01:00
Nils Kuhnert
5a077cf838
Added Cobalt Spider as Synonym for Cobalt
2019-02-07 08:26:10 +01:00
Nils Kuhnert
a171d5aa9d
Added Ocean Buffalo synonym for Ocean Lotus
2019-02-03 21:36:21 +01:00
b9f1317941
Merge pull request #332 from Delta-Sierra/master
...
Add APT39 & LockerGoga
2019-02-01 18:36:12 +01:00
Nils Kuhnert
0b04046d91
Added Quilted Tiger as Synonym for Patchwork/Dropping Elephant.
2019-02-01 13:17:43 +01:00
Deborah Servili
233b7f3aff
add APT39
2019-01-31 18:48:19 +01:00
Nils Kuhnert
d45a32e9e2
Added Shadow Crane as synonym for Dark Hotel.
2019-01-30 08:22:46 +01:00
Nils Kuhnert
42ecbd801c
Added "Stardust Chollima" as synonym for Lazarus.
2019-01-29 08:36:12 +01:00
898bdaf7f8
Merge pull request #328 from Delta-Sierra/master
...
add Silence Group
2019-01-25 16:43:08 +01:00
Deborah Servili
c11a31b12a
add Silence Group
2019-01-25 16:19:51 +01:00
Thomas Dupuy
d38fb407ec
add alternative name for DarkHydrus
2019-01-21 23:14:34 -05:00
Deborah Servili
3bdbd6646b
add Cold River Threat actor
2019-01-17 09:44:09 +01:00
Deborah Servili
5d61a75886
fix versions
2019-01-14 16:34:28 +01:00
Deborah Servili
61093f6f07
add several ransomware and threat actors
2019-01-14 16:28:15 +01:00
Deborah Servili
90d2bf7bc1
add drakhydrus ref
2019-01-11 10:17:07 +01:00
Deborah Servili
cddfd5fcd1
TA505 threat actorand affiliates malwares
2019-01-11 09:53:08 +01:00
Nils Kuhnert
1e4ebdd560
Added OilRig synonym "Helix Kitten".
2018-12-27 09:10:21 +01:00
Daniel Plohmann
cc22da1200
Microsoft alias for apt29 is YTTRIUM
2018-12-19 11:28:44 +01:00
Daniel Plohmann
c9e15b0c08
new name SNAKEMACKEREL for APT28 by Accenture
2018-12-19 10:46:58 +01:00
Deborah Servili
cb4345adf9
add operation sharpshooter
2018-12-13 13:47:54 +01:00
Deborah Servili
70d68a312c
add some clusters or info
2018-12-12 15:26:54 +01:00
Deborah Servili
169d69871a
add Goden Chickens and affiliates
2018-12-12 13:52:55 +01:00
Deborah Servili
bf77e1125a
add Operation Poison Needles
2018-12-07 16:32:09 +01:00
Deborah Servili
79828d7411
add clusters
2018-12-07 13:25:56 +01:00
Deborah Servili
5a725e71ef
add several clusters
2018-12-06 16:13:51 +01:00
Deborah Servili
be9b4ff40f
add DNSpionage cluster
2018-11-29 16:38:06 +01:00
Deborah Servili
b50c8bd805
add PNG Dropper
2018-11-23 10:38:36 +01:00
Deborah Servili
2bf5d46cc4
Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy
2018-11-22 08:59:53 +01:00
Deborah Servili
2f5031b845
add several references for Emotet and others
2018-11-22 08:37:45 +01:00
Deborah Servili
de38e7249c
Merge branch 'master' into master
2018-11-19 15:23:45 +01:00
Deborah Servili
ce61b2d2dd
update oilrig related clusters + others
2018-11-19 14:56:13 +01:00
c9fd60d14b
chg: [threat-actor] INDRIK SPIDER added
2018-11-14 20:46:06 +01:00
Deborah Servili
ca33f1c2ce
Merge branch 'master' of https://github.com/MISP/misp-galaxy
2018-11-13 15:25:34 +01:00
Deborah Servili
f55277b682
add several rqansomware and HookAds campaign
2018-11-13 12:20:37 +01:00
a4c916c916
Merge branch 'master' of github.com:MISP/misp-galaxy
2018-11-13 07:01:56 +01:00
Benoit Sevens
8f8c69134e
Update threat-actor.json
...
Add LuckyMouse link
2018-11-12 13:12:14 +01:00
Deborah Servili
14444e4321
add several tools and refs
2018-11-08 10:39:32 +01:00
Daniel Plohmann
1f6b606f75
added APT38 as (FireEye) alias for Lazarus
...
cross-references in https://content.fireeye.com/apt/rpt-apt38 suggest the link to Lazarus.
2018-11-07 17:19:50 +01:00
2465235817
Merge pull request #293 from Delta-Sierra/master
...
add Operation EvilTraffic
2018-10-30 21:02:59 +01:00
Deborah Servili
e6b1eec329
add Chalubo botnet (+ jqallthethings)
2018-10-30 14:39:13 +01:00
Deborah Servili
41942d0daf
add Operation EvilTraffic
2018-10-30 13:28:46 +01:00
Deborah Servili
74ff4b957a
add Operation EvilTraffic
2018-10-30 13:28:27 +01:00
Nils Kuhnert
bc0bf1ca9f
Corrected DarkHotel threat actor entry
2018-10-29 09:03:30 +01:00
Deborah Servili
af6020077e
add August Stealer
2018-10-23 15:25:37 +02:00
Deborah Servili
bd68ee280e
Merge branch 'master' of https://github.com/MISP/misp-galaxy
2018-10-22 11:09:37 +02:00
Deborah Servili
4564c5eb37
add DarkPulsar and affiliates + update some refs
2018-10-22 10:14:30 +02:00
Christophe Vandeplas
9dddc4427c
jq
2018-10-19 10:23:09 +02:00
Christophe Vandeplas
ddccac58c8
chg: categorization of galaxies
...
This allows relationships to be created.
2018-10-19 10:18:14 +02:00
Christophe Vandeplas
2b24efb14a
fix: add missing relations from commit b857be9cab
2018-10-17 19:15:57 +02:00
Christophe Vandeplas
873bc873b4
Merge remote-tracking branch 'MISP/master'
2018-10-17 18:28:44 +02:00
Christophe Vandeplas
1e90cac717
fix: intrusion is an actor and not a tool
2018-10-17 18:17:33 +02:00
Deborah Servili
c8cbb609a2
add GreyEnergy
2018-10-17 16:05:51 +02:00
Deborah Servili
2ea560f9a7
add refs & synonyms
2018-10-15 12:02:21 +02:00
Deborah Servili
11a27df82d
add roaming mantis group
2018-10-12 15:50:52 +02:00
Deborah Servili
b3109f6aea
Merge branch 'master' of https://github.com/MISP/misp-galaxy
2018-10-12 13:55:01 +02:00
Christophe Vandeplas
f26a4f2806
fix: minor newline difference after jq_all_the
2018-10-12 12:31:29 +02:00
Christophe Vandeplas
f14d616e22
chg: magical mapping with malpedia
2018-10-12 11:00:00 +02:00
Christophe Vandeplas
2fbd8ce485
jq sort keys
...
Allows automation to edit the files
2018-10-12 10:35:31 +02:00
Deborah Servili
4c367737ac
add magecart ref
2018-10-10 14:52:16 +02:00
Deborah Servili
5bcf34a953
update regarding https://twitter.com/adulau/status/1047764090410737664
2018-10-04 10:28:22 +02:00
Deborah Servili
c78416eee1
update synonyms & attributions
2018-10-04 10:09:34 +02:00
Deborah Servili
3dfe8a5a34
add FASTCash
2018-10-03 15:09:14 +02:00
Deborah Servili
403f162451
add ref for magecart
2018-10-01 11:54:07 +02:00
Deborah Servili
35582f7ed5
new threat actors & tools
2018-10-01 11:52:40 +02:00
49fe210812
Merge pull request #270 from Delta-Sierra/master
...
new clusters, relations and information
2018-09-28 12:57:13 +02:00
Deborah Servili
fbf21487cf
new clusters and informtion
2018-09-28 11:08:21 +02:00
Nex
014aa325b7
Added missing country values
2018-09-26 23:05:46 +02:00
Deborah Servili
f7e10cb38d
add references
2018-09-24 14:58:21 +02:00
Deborah Servili
2bc8e1e719
add Cobalt Dickensthreat actor
2018-09-24 11:51:09 +02:00
Deborah Servili
5a1734f170
update version
2018-09-21 11:16:36 +02:00
Deborah Servili
3c7e367cbf
fix field mistake
2018-09-21 11:14:19 +02:00
Deborah Servili
1cee9d71e0
update Lazarus group cluster
2018-09-20 15:38:32 +02:00
Deborah Servili
6d43d52731
new unnamedthreat actor
2018-09-20 13:24:11 +02:00
Deborah Servili
d0864a6531
new threat actors
2018-09-20 12:10:20 +02:00
Deborah Servili
0a724bee3d
merge
2018-09-19 16:01:46 +02:00
Deborah Servili
058f778e61
add references
2018-09-19 09:04:04 +02:00
79146b9d10
fix: array in synonyms (MISP accepts it but not the schema ;-)
2018-09-19 07:35:35 +02:00
6105522453
chg: [threat-actor] Iron Group added
...
ref: https://www.intezer.com/iron-cybercrime-group-under-the-scope-2/
2018-09-19 07:08:16 +02:00
8238bd5eb1
Merge pull request #263 from botherder/bahamut
...
Added Bahamut to threat actors list
2018-09-19 06:46:26 +02:00
Nex
f0383758fc
Added Bahamut to threat actors list
2018-09-18 11:27:32 +02:00
fe60e58f5b
Merge pull request #262 from botherder/mythic-leopard
...
Added additional name to C-Major
2018-09-18 11:25:58 +02:00
Nex
1e502a494e
Added additional name to C-Major
2018-09-18 11:18:42 +02:00
Nex
ee7f609397
Removed duplicates
2018-09-18 11:16:00 +02:00
88c9d8d9f6
Merge pull request #259 from botherder/country-sync
...
Synced country codes with suspected state sponsor
2018-09-17 18:18:00 +02:00
Nex
be0dd94c90
Synced country codes with suspected state sponsor
2018-09-17 16:26:14 +02:00
Nex
c2ea505459
Merged Transparent Tribe in C-Major
2018-09-17 16:11:18 +02:00
Deborah Servili
a73424139f
fix versions
2018-09-12 14:26:44 +02:00
Deborah Servili
f107563cad
add ref for operation Applejeus
2018-09-12 09:34:16 +02:00
Deborah Servili
c92dc15937
add Operation AppleJeus
2018-09-10 14:13:09 +02:00
Deborah Servili
40d5cca20f
clusters
2018-09-07 16:03:40 +02:00
Deborah Servili
f14dd27315
add cfr data
2018-08-27 15:29:16 +02:00
Deborah Servili
9efca2fd79
more clusters
...
Signed-off-by: Deborah Servili <deborah.servili@gmail.com>
2018-08-24 16:11:16 +02:00
Deborah Servili
c943d1c9d1
add APT28/STRONTIUM refs
2018-08-22 09:59:40 +02:00
cd76f19f52
chg: [threat-actor] APT-C-35 actor added
...
ref: https://ti.360.net/blog/articles/latest-activity-of-apt-c-35/
2018-08-15 20:25:57 +02:00
Christophe Vandeplas
88162aa44e
chg: [mapping] Generated automatic mapping between clusters
2018-08-14 09:35:22 +02:00
Christophe Vandeplas
5478f0aa45
no change: dump files with sort_keys=True
...
This is needed to keep better track of the changes when other tools load and save the json files.
2018-08-13 17:06:29 +02:00
Christophe Vandeplas
021107e597
fix: [threat-actor] added missing uuids
2018-08-13 17:00:40 +02:00
6620b5575a
fix: [threat-actor] related is an array of JSON objects
2018-08-09 07:53:42 +02:00
1429b60555
chg: [threat-actor] jq document
2018-08-08 16:38:39 +02:00
Deborah Servili
ebc7287e14
update schema
2018-08-08 16:12:29 +02:00
Deborah Servili
33a300b773
tags is an array
2018-08-08 15:59:44 +02:00
Deborah Servili
b857be9cab
relationship system - v2
2018-08-08 15:51:22 +02:00
Deborah Servili
050a864be0
update some clusters and try to add a relationship system
2018-08-08 14:20:38 +02:00
Deborah Servili
84adb50f0f
add RedAlpha campaigns
2018-08-07 13:55:05 +02:00
Deborah Servili
b7de06ffcc
delete forgotten conflict marker
2018-08-06 08:49:44 +02:00
Deborah Servili
010df0a2b6
resolve merge conflict
2018-08-06 08:48:21 +02:00
Deborah Servili
def23775e5
resolve merge conflict
2018-08-06 08:45:03 +02:00
Nils Kuhnert
ab49b58b02
Added DarkHydrus
2018-08-06 08:33:34 +02:00
Nils Kuhnert
4654f51889
Two small typos
2018-08-05 15:09:38 +02:00
Deborah Servili
e5b185deee
Merge branch 'master' into master
2018-08-03 16:11:16 +02:00
Deborah Servili
35aa8ba34e
delete duplicate gorgon group
2018-08-03 16:08:43 +02:00
Deborah Servili
a9a71ef84c
more clusters
2018-08-03 15:58:54 +02:00
b3701b6b34
chg: [threat-actor] The Gordon Group added
...
ref: https://researchcenter.paloaltonetworks.com/2018/08/unit42-gorgon-group-slithering-nation-state-cybercrime/
2018-08-03 10:26:52 +02:00
3da005a3f3
fix: jq all the things(tm)
2018-08-02 15:15:47 +02:00
1fdf47d509
fix: [threat-actor] synonyms are always arraus
2018-08-02 15:13:18 +02:00
ece56dff38
chg: [threat-actor] leafminer - RASPITE added
2018-08-02 15:08:39 +02:00
43fa95df7a
chg: [threat-actor] new reference to CARBON SPIDER/Carbanak
2018-08-02 10:03:18 +02:00
Deborah Servili
381f7e4a19
Add CFR.org metadata into the galaxy - part 2
2018-07-25 09:08:16 +02:00
Deborah Servili
28456545be
Merge https://github.com/MISP/misp-galaxy
2018-07-16 09:16:13 +02:00
98db303047
chg: [threat-actor] The Big Bang campaign/group added
2018-07-10 08:49:00 +02:00
Deborah Servili
cae0f7e1ad
merging attempt
2018-06-29 16:39:34 +02:00
Deborah Servili
8c51ef98b3
add cfr related informations -still in progress-
2018-06-29 16:36:58 +02:00
Deborah Servili
fb6b01cc95
Merge branch 'master' into master
2018-06-27 09:39:28 +02:00
Deborah Servili
b1aac6b35b
cfr update -in progress + add clusters associated to RANCOR
2018-06-27 09:37:43 +02:00
1bd0fb34d7
Merge pull request #233 from Delta-Sierra/master
...
Add CFR.org metadata into the galaxy - Test
2018-06-26 14:26:18 +02:00
Deborah Servili
6f9e639981
add cfr prefix for cfr data - test
2018-06-26 10:07:14 +02:00
Deborah Servili
1cd6bddf0c
Add CFR.org metadata into the galaxy - Test
2018-06-26 09:40:13 +02:00
Nils Kuhnert
ed26cfb042
Updated APT1 report link
2018-06-22 13:49:05 +02:00
8e014674af
Fixed typo
2018-06-20 09:45:16 +02:00
Deborah Servili
dcda058944
update verion
2018-06-20 09:36:36 +02:00
Deborah Servili
e18fdf42da
add Thrip as threat actor
2018-06-20 09:30:15 +02:00
Deborah Servili
d8c83cf2d6
add cluster in threat actor
2018-06-18 10:54:58 +02:00
c08c6af936
chg: Stalker Panda description added
2018-05-29 21:47:04 +02:00
Raphaël Vinot
96f3bf1cb8
fix: Duplicate ELECTRUM entry
...
Fix #212
2018-05-19 17:57:51 -04:00
3a7c4e3c57
Merge pull request #211 from eCrimeLabs/master
...
Added links in relation to Threat-actor info from Dragos
2018-05-15 16:17:56 +02:00
Dennis Rand
1ab4e4f4cf
Added data related to Dragos Adverseries
2018-05-15 12:06:48 +00:00
Deborah Servili
5e0bd260d6
update some clusters
2018-05-09 16:12:02 +02:00
Deborah Servili
58e3e5f5d6
add ZooPark campaign
2018-05-04 10:16:01 +02:00
6b1d7d2201
add: threat actors from Dragos Inc. (based on https://dragos.com/adversaries.html )
2018-05-03 21:22:09 +02:00
Deborah Servili
55504f93d6
add HOGFISH as APT10 synonym
2018-05-03 11:10:21 +02:00
Deborah Servili
11f0963468
add Orangeworm, Kwampirs, Iron ransomware and Ton ransomware
2018-04-24 10:20:11 +02:00
Deborah Servili
c785ee6384
add some ransomwares & threat actors
2018-04-16 09:24:11 +02:00
Deborah Servili
8596ff3e10
update threat actor galaxy based on https://www.fireeye.com/content/dam/collateral/en/mtrends-2018.pdf
2018-04-09 11:52:12 +02:00
Daniel Plohmann (jupiter)
83fd4a9af9
added leviathan
2018-03-17 11:57:10 +01:00
Deborah Servili
5fa09c0962
update version
2018-03-12 11:54:29 +01:00
Deborah Servili
73eb11fedd
update Mirage Threat actor
2018-03-12 10:44:57 +01:00
Deborah Servili
3f8b44bbe3
jq
2018-03-01 15:02:48 +01:00
Deborah Servili
227fa8b44f
Merge https://github.com/MISP/misp-galaxy
2018-03-01 15:01:49 +01:00
Deborah Servili
b3574f880a
jq ftw
2018-02-28 16:16:28 +01:00
Deborah Servili
d88a4a44dc
add uuid to every cluster
2018-02-28 15:37:37 +01:00
22bf4f951f
fix #161
2018-02-27 19:32:07 +01:00
Deborah Servili
42596842a8
add synonym and ref for Emissary Panda (Iron Tiger APT)
2018-02-20 10:37:47 +01:00
1831752530
add ref to Nexus Zeta
2018-01-25 15:43:33 +01:00
193b474ad2
add: Nexus Zeta is no stranger when it comes to implementing SOAP
...
relatedrelated exploit ;-)
2018-01-25 15:41:47 +01:00
Daniel Plohmann
6de7c0176d
adding dark caracal
2018-01-25 12:54:50 +01:00
Deborah Servili
8240934eb5
fix forgotten value Microcin
2018-01-11 16:01:19 +01:00
Deborah Servili
130ad39d4c
add macOS malwares
2018-01-11 15:19:18 +01:00
Deborah Servili
db8ae5fbfe
update OilRig threat actor
2017-12-18 09:26:15 +01:00
Deborah Servili
5cac510818
update threat actor galaxy
2017-12-13 14:57:38 +01:00
steffenenders
96749fd350
Fixed mixed up description/value for MuddyWater
2017-11-19 19:23:10 +01:00
Deborah Servili
e2dbd5a9a3
add MuddyWater + Update HIDDEN COBRA and update its tools
2017-11-17 15:41:44 +01:00
Deborah Servili
09bab156c7
update version number
2017-11-09 12:30:32 +01:00
Deborah Servili
3369270bdb
add Sowbug group
2017-11-08 15:05:37 +01:00
Fredrik Borg
72d8bfc28a
fix-iso-code-3
2017-11-07 14:15:40 +01:00
Fredrik Borg
afc4972e25
fix iso codes
2017-11-07 14:04:04 +01:00
Fredrik Borg
53a6a8d26f
remove duplicate references
2017-11-07 13:34:44 +01:00
Siri Bromander
bf0d1d27ca
Updated with data from APT Groups and Operations
2017-11-07 11:07:23 +01:00
Fredrik Borg
26192bf39a
Bump version number
2017-11-01 18:14:20 +01:00
Fredrik Borg
51f86d5382
Use standard (2 digits) ISO codes for all countries
2017-11-01 12:38:21 +01:00
Daniel Plohmann
02710714bd
add APT33 as identified by FireEye
2017-09-29 11:43:38 +02:00
Daniel Plohmann
355a230182
added FIN7 as alias for anunak
2017-08-01 13:29:57 +02:00
Daniel Plohmann
b4e49823dd
merged barium into axiom (only one redundant reference given)
2017-08-01 13:13:56 +02:00
Raphaël Vinot
282c3a8101
Merge pull request #74 from Delta-Sierra/master
...
adding clusters based on MISP data
2017-07-26 11:41:00 +02:00
Deborah Servili
7e59f14dca
update Spring Dragon threat actor
2017-07-26 09:21:36 +02:00
Raphaël Vinot
8598210895
Remove empty string.
2017-07-25 18:02:11 +02:00
a295d40589
Cobalt gang added
2017-07-08 10:16:11 +02:00
c0786dfb22
El Machete added
2017-06-26 11:44:46 +02:00
dd2a51037a
jq all ;-)
2017-06-20 20:34:04 +02:00
Jaime
f92b9cb710
Added FIN8 actor
2017-06-20 11:28:32 -07:00
David André
3dfbb7e1d0
Added Symantec alias for sofacy
2017-06-16 11:22:17 +02:00
danielplohmann
5724f19873
Merge branch 'master' into hidden-cobra-lazarus
2017-06-15 14:13:50 +02:00
Daniel Plohmann (jupiter)
f7963c9a8c
added Hidden Cobra as alias for Lazarus Group
2017-06-15 14:09:29 +02:00
Daniel Plohmann
ff4f428bc1
added ELECTRUM to threat-actor.json (afaik not confirmed as an alias atm)
2017-06-13 13:25:16 +02:00
Daniel Plohmann
9924a8875c
added PLATINUM to threat-actor.json (afaik not confirmed as an alias atm)
2017-06-13 13:21:10 +02:00
91663c4793
Merge pull request #58 from danielplohmann/wildneutron
...
added WildNeutron (Morph, Butterfly, Sphinx Moth)
2017-06-06 10:02:56 +02:00
Deborah Servili
aa34718b13
edit threat actor - should fix #59 and #60
2017-06-06 08:40:29 +02:00
Daniel Plohmann (jupiter)
068dc40a78
added WildNeutron (Morph, Butterfly, Sphinx Moth)
2017-06-05 19:13:27 +02:00
David André
83833f257c
Added synonyms for APT10 and one for APT1
2017-06-02 10:26:45 +02:00
fab863933e
SilverTerrier added
2017-05-30 08:40:26 +02:00
5da5df6384
APT32 added
2017-05-15 09:18:28 +02:00
Déborah Servili
531595c944
##comma##
2017-04-14 14:52:23 +02:00
Déborah Servili
54512eb840
Add some tools/threat actor
2017-04-14 14:48:39 +02:00
bbf6716c73
Longhorn (CIA) added
2017-04-10 20:22:57 +02:00
nyx0
78cdb10aae
Add new Sednit name according to https://www.secureworks.com/research/iron-twilight-supports-active-measures
2017-03-31 09:28:50 -04:00
chrisdoman
dbf989c742
Added descriptions and reference to threat-actor json
2017-03-22 12:52:05 +00:00