Commit graph

3445 commits

Author SHA1 Message Date
Thomas Dupuy
d0c6b7b46d Update Tonto Team/CactusPete threat actor 2020-08-13 15:57:33 -04:00
Thomas Dupuy
72554ed71c Add Drovorub tool 2020-08-13 15:08:32 -04:00
Thomas Dupuy
4130d7c6fc Update TA APT40 2020-08-13 12:22:36 -04:00
cd6f019910
Merge pull request #571 from danielplohmann/patch-30
adding Kaspersky's name for Microcin.
2020-08-12 14:03:50 +02:00
Daniel Plohmann
8407b6fd28
Update threat-actor.json
adding Kaspersky's name for Microcin.
2020-08-12 12:03:28 +02:00
552e86be4e
Merge pull request #570 from nyx0/master
Add WellMess and WellMail
2020-08-11 21:27:59 +02:00
Thomas Dupuy
9cadabba7a Add WellMess and WellMail 2020-08-11 12:37:28 -04:00
fef7cf4b4f
Merge pull request #569 from rmkml/master
add Ragnarok Ransomware
2020-08-05 10:39:52 +02:00
rmkml
3809b27b00 Merge branch 'master' of https://github.com/rmkml/misp-galaxy 2020-08-02 20:46:57 +02:00
rmkml
6d10e3a37d add Ragnarok Ransomware 2020-08-02 20:46:32 +02:00
rmkml
eab9eaca8d add Ragnarok Ransomware 2020-08-02 20:13:30 +02:00
8018417d97
Merge pull request #568 from Vasileios-Mavroeidis/patch-1
Motive correction based on the EU Cert motive taxonomy
2020-07-29 09:33:12 +02:00
Vasileios Mavroeidis
40d12b9dde
Motive correction based on the EU Cert motive taxonomy
Changed the motive in object 29af2812-f7fb-4edb-8cc4-86d0d9e3644b from Hactivism-Nationalist to Hacktivists-Nationalists
2020-07-28 11:43:46 +02:00
44afaf2523
chg: [threat-actor] remove duplicate references 2020-07-27 09:57:41 +02:00
9b3bbcde8d
Merge branch 'StefanKelm-master' into main 2020-07-27 09:46:57 +02:00
StefanKelm
86c54cbd8c
Update threat-actor.json
OilRig
2020-07-23 11:07:22 +02:00
Raphaël Vinot
c174f613c5 fix: Name of SoD Matrix cluster to match galaxy.
Fix #566
2020-07-22 11:52:27 +02:00
Steve Clement
df6bed3d3a
Merge pull request #563 from r0ny123/patch-1 2020-07-22 09:14:13 +09:00
Christophe Vandeplas
e414569a0d
Merge pull request #564 from StefanKelm/master
Update threat-actor.json
2020-07-15 13:01:37 +02:00
StefanKelm
17a1feb016
Update threat-actor.json
Turla
2020-07-15 11:20:18 +02:00
Rony
c33f4c7611
Update threat-actor.json
Moved the JUDGMENT PANDA references to APT31 following the previous commit.
Off note, Crowdstrike quietly removed the JUDGMENT PANDA section from its GTR-2019 report. However if anyone wants to grab the unchanged report, they can get it [here](https://b-ok.asia/book/3697424/2ab30a).
2020-07-12 12:57:24 +05:30
Rony
b77b9d374c
Update threat-actor.json 2020-07-12 11:19:13 +05:30
439993200d
Merge pull request #562 from cudeso/main
SoD Matrix
2020-07-11 08:42:19 +02:00
Koen Van Impe
d3e22ef14c SoD Matrix
Described at https://github.com/cudeso/SoD-Matrix
2020-07-10 14:08:45 +02:00
Deborah Servili
84474ddb29 merge 2020-07-09 16:31:04 +02:00
Deborah Servili
865e76beae commit 2020-07-07 14:47:44 +02:00
ba46bb6a0b
chg: [threat-actor] fix #561 by using new meta to classify as a campaign only.
Based on https://github.com/MISP/misp-galaxy/issues/469

There is an old and persistence issue in attribution world and basically no-one really agrees on this. So we decided to start a specific metadata `threat-actor-classification` on the threat-actor to define the various types per cluster entry:

- _operation_:
  - _A military operation is the coordinated military actions of a state, or a non-state actor, in response to a developing situation. These actions are designed as a military plan to resolve the situation in the state or actor's favor. Operations may be of a combat or non-combat nature and may be referred to by a code name for the purpose of national security. Military operations are often known for their more generally accepted common usage names than their actual operational objectives._ from Wikipedia
  - **In the context of MISP threat-actor name, it's a single specific operation.**
- _campaign_:
  - _The term military campaign applies to large scale, long duration, significant military strategy plans incorporating a series of inter-related military operations or battles forming a distinct part of a larger conflict often called a war. The term derives from the plain of Campania, a place of annual wartime operations by the armies of the Roman Republic._ from Wikipedia
  - **In the context of MISP threat-actor-name, it's long-term activity which might be composed of one or more operations.**
- threat-actor
  - **In the context of MISP threat-actor-name, it's an agreed name by a set of organisations.**
- activity group
  - **In the context of MISP threat-actor-name, it's a group defined by its set of common techniques or activities.**
- unknown
  - **In the context of MISP threat-actor-name, it's still not clear if it's an operation, campaign, threat-actor or activity group**

The meta field is an array to allow specific cluster of threat-actor to show the current disagreement between different organisations about the type (threat actor, activity group, campaign and operation).
2020-07-07 09:13:21 +02:00
Raphaël Vinot
86a8f04be3 chg: Bump travis 2020-07-02 11:27:08 +02:00
164e54c3fe
Merge branch 'master' of github.com:MISP/misp-galaxy 2020-07-02 09:55:42 +02:00
f59d831c91
Merge pull request #557 from r0ny123/patch-1
Update threat-actor.json
2020-06-27 00:06:02 +02:00
312cba12f7
Merge pull request #559 from StefanKelm/master
Update threat-actor.json
2020-06-25 16:33:38 +02:00
StefanKelm
14665429d7
Update threat-actor.json
APT31
2020-06-25 16:23:00 +02:00
5363e63cae
Merge pull request #558 from StefanKelm/master
Update threat-actor.json
2020-06-23 18:49:49 +02:00
StefanKelm
92bc206879
Update threat-actor.json
APT30
2020-06-23 14:54:09 +02:00
Rony
bc97b07089
Update threat-actor.json 2020-06-21 19:19:17 +05:30
2d1b05bcf9
Merge pull request #556 from StefanKelm/master
Update threat-actor.json
2020-06-17 12:28:13 +02:00
StefanKelm
583f1d2fc2
Update threat-actor.json
TA505
2020-06-17 11:56:29 +02:00
8c3c224e6a
Merge branch 'r0ny123-master' 2020-06-12 09:26:51 +02:00
0cb36249a4
chg: [jq] all the things 2020-06-12 09:26:30 +02:00
Rony
29be5ac7e1
fixed typo! 2020-06-12 00:09:59 +05:30
Rony
9365bfb7cd
Adding GALLIUM Threat Actor 2020-06-11 23:42:35 +05:30
Rony
01b03ca5b0
Merge pull request #1 from MISP/master
update
2020-06-11 21:48:52 +05:30
7ade356d5b
Merge pull request #554 from StefanKelm/master
Update threat-actor.json
2020-06-08 15:09:09 +02:00
StefanKelm
f042f98247
Update threat-actor.json
Higaisa
2020-06-08 14:09:39 +02:00
1dd764160d
Merge pull request #553 from StefanKelm/master
Update threat-actor.json
2020-06-04 17:22:53 +02:00
StefanKelm
9c25d5e8c5
Update threat-actor.json
Cycldek
2020-06-04 17:18:45 +02:00
3867b1f602
Merge pull request #552 from danielplohmann/reference-fixes
Reference fixes
2020-05-29 09:26:05 +02:00
2a074f23fd
chg: [preventive-measure] packet filtering added 2020-05-27 10:02:16 +02:00
Daniel Plohmann (jupiter)
a705d1402f fixing deadlinks where possible 2020-05-27 09:49:58 +02:00
Daniel Plohmann (jupiter)
171f272a1e default to HTTPS to be consistent with other links to same page 2020-05-27 09:27:52 +02:00