StefanKelm
63030f2cfe
Update threat-actor.json
...
APT33
2020-09-14 12:01:53 +02:00
StefanKelm
3cc3cc461a
Update threat-actor.json
...
STRONTIUM
2020-09-11 11:38:06 +02:00
StefanKelm
57a31fd60c
Update threat-actor.json
...
Lazarus, FIN7
2020-09-03 14:44:10 +02:00
StefanKelm
503d421a56
Update threat-actor.json
...
TA542
2020-08-31 15:07:13 +02:00
Thomas Dupuy
d0c6b7b46d
Update Tonto Team/CactusPete threat actor
2020-08-13 15:57:33 -04:00
Thomas Dupuy
4130d7c6fc
Update TA APT40
2020-08-13 12:22:36 -04:00
Daniel Plohmann
8407b6fd28
Update threat-actor.json
...
adding Kaspersky's name for Microcin.
2020-08-12 12:03:28 +02:00
Vasileios Mavroeidis
40d12b9dde
Motive correction based on the EU Cert motive taxonomy
...
Changed the motive in object 29af2812-f7fb-4edb-8cc4-86d0d9e3644b from Hactivism-Nationalist to Hacktivists-Nationalists
2020-07-28 11:43:46 +02:00
44afaf2523
chg: [threat-actor] remove duplicate references
2020-07-27 09:57:41 +02:00
StefanKelm
86c54cbd8c
Update threat-actor.json
...
OilRig
2020-07-23 11:07:22 +02:00
Steve Clement
df6bed3d3a
Merge pull request #563 from r0ny123/patch-1
2020-07-22 09:14:13 +09:00
StefanKelm
17a1feb016
Update threat-actor.json
...
Turla
2020-07-15 11:20:18 +02:00
Rony
c33f4c7611
Update threat-actor.json
...
Moved the JUDGMENT PANDA references to APT31 following the previous commit.
Off note, Crowdstrike quietly removed the JUDGMENT PANDA section from its GTR-2019 report. However if anyone wants to grab the unchanged report, they can get it [here](https://b-ok.asia/book/3697424/2ab30a ).
2020-07-12 12:57:24 +05:30
Rony
b77b9d374c
Update threat-actor.json
2020-07-12 11:19:13 +05:30
Deborah Servili
84474ddb29
merge
2020-07-09 16:31:04 +02:00
Deborah Servili
865e76beae
commit
2020-07-07 14:47:44 +02:00
ba46bb6a0b
chg: [threat-actor] fix #561 by using new meta to classify as a campaign only.
...
Based on https://github.com/MISP/misp-galaxy/issues/469
There is an old and persistence issue in attribution world and basically no-one really agrees on this. So we decided to start a specific metadata `threat-actor-classification` on the threat-actor to define the various types per cluster entry:
- _operation_:
- _A military operation is the coordinated military actions of a state, or a non-state actor, in response to a developing situation. These actions are designed as a military plan to resolve the situation in the state or actor's favor. Operations may be of a combat or non-combat nature and may be referred to by a code name for the purpose of national security. Military operations are often known for their more generally accepted common usage names than their actual operational objectives._ from Wikipedia
- **In the context of MISP threat-actor name, it's a single specific operation.**
- _campaign_:
- _The term military campaign applies to large scale, long duration, significant military strategy plans incorporating a series of inter-related military operations or battles forming a distinct part of a larger conflict often called a war. The term derives from the plain of Campania, a place of annual wartime operations by the armies of the Roman Republic._ from Wikipedia
- **In the context of MISP threat-actor-name, it's long-term activity which might be composed of one or more operations.**
- threat-actor
- **In the context of MISP threat-actor-name, it's an agreed name by a set of organisations.**
- activity group
- **In the context of MISP threat-actor-name, it's a group defined by its set of common techniques or activities.**
- unknown
- **In the context of MISP threat-actor-name, it's still not clear if it's an operation, campaign, threat-actor or activity group**
The meta field is an array to allow specific cluster of threat-actor to show the current disagreement between different organisations about the type (threat actor, activity group, campaign and operation).
2020-07-07 09:13:21 +02:00
164e54c3fe
Merge branch 'master' of github.com:MISP/misp-galaxy
2020-07-02 09:55:42 +02:00
StefanKelm
14665429d7
Update threat-actor.json
...
APT31
2020-06-25 16:23:00 +02:00
StefanKelm
92bc206879
Update threat-actor.json
...
APT30
2020-06-23 14:54:09 +02:00
Rony
bc97b07089
Update threat-actor.json
2020-06-21 19:19:17 +05:30
StefanKelm
583f1d2fc2
Update threat-actor.json
...
TA505
2020-06-17 11:56:29 +02:00
0cb36249a4
chg: [jq] all the things
2020-06-12 09:26:30 +02:00
Rony
29be5ac7e1
fixed typo!
2020-06-12 00:09:59 +05:30
Rony
9365bfb7cd
Adding GALLIUM Threat Actor
2020-06-11 23:42:35 +05:30
StefanKelm
f042f98247
Update threat-actor.json
...
Higaisa
2020-06-08 14:09:39 +02:00
StefanKelm
9c25d5e8c5
Update threat-actor.json
...
Cycldek
2020-06-04 17:18:45 +02:00
Daniel Plohmann (jupiter)
a705d1402f
fixing deadlinks where possible
2020-05-27 09:49:58 +02:00
Daniel Plohmann (jupiter)
171f272a1e
default to HTTPS to be consistent with other links to same page
2020-05-27 09:27:52 +02:00
8a0a4cb02d
Merge pull request #551 from nyx0/master
...
Add CrackMapExec, metasploit, Cobalt Strike and Covenant
2020-05-27 09:10:08 +02:00
Thomas Dupuy
291fb41502
Remove duplicate TA (Chafer), fix symantec link, add synonyme for DarkHotel
2020-05-26 09:50:43 -04:00
Rony
fbd351590a
Update threat-actor.json
2020-05-24 23:18:54 +05:30
Rony
5f8094d16f
fix
2020-05-24 23:14:43 +05:30
b5bbc34f5d
chg: [threat-actor] remove the non-unique elements
2020-05-22 14:01:32 +02:00
Nils Kuhnert
fbfe9d23c3
Merged (most) SecureWorks threat actor profiles && jq
2020-05-22 13:45:29 +02:00
Daniel Plohmann
5101c5a828
msft name: BORON for APT3
...
as per tweet: https://twitter.com/bkMSFT/status/1259578051962306562
2020-05-11 15:37:38 +02:00
09429eda5a
chg: [ta] fix the JSON
2020-05-11 10:20:10 +02:00
Thomas Dupuy
69fe870803
Add Higaisa Threat Actor
2020-05-08 13:01:48 -04:00
Deborah Servili
1d331a9ab1
Merge branch 'master' into master
2020-04-28 15:19:38 +02:00
2a70893352
chg: [jq] JSON fixed
2020-04-27 15:03:25 +02:00
de Rosen
a428ad565e
Added misp info
2020-04-27 15:16:33 +03:00
Deborah Servili
f6fd07fbc9
add speculoos bakdoor
2020-04-27 09:36:23 +02:00
86157a6b96
Merge pull request #539 from r0ny123/MergingTA
...
Adding alias Thallium and merging STOLEN PENCIL
2020-04-26 21:16:56 +02:00
Rony
112f9e4a08
Adding alias Thallium and merging STOLEN PENCIL
...
Pretty much confirmed from the crowdstrike talk at ATT&CKon 2.0.
And also Netscout named the campaign as STOLEN PENCIL.
2020-04-26 23:47:37 +05:30
de71a444f8
chg: [json] add missing comma
2020-04-26 14:23:59 +02:00
rvs1st
d449eb94fc
Update threat-actor.json
...
Added on line 1403: Trident per campaign malicious RTF documents to exploit CVE-2017-11882 and CVE-2012-0158
2020-04-24 09:03:58 -05:00
4234d44052
Merge pull request #537 from danielplohmann/patch-28
...
Adding Nazar APT as described by JAGS in his OPCDE talk yesterday.
2020-04-24 15:33:47 +02:00
Daniel Plohmann
858621ebdc
Adding Nazar APT as described by JAGS in his OPCDE talk yesterday.
2020-04-23 15:47:35 +02:00
Daniel Plohmann
b0f0bbae33
adding VOYEUR as alias (used by NSA) for MAGIC KITTEN (source reference included)
2020-04-23 14:52:08 +02:00
Deborah Servili
6b49d81b13
Merge branch 'master' of https://github.com/MISP/misp-galaxy
2020-04-23 10:06:04 +02:00
itayc0hen
667d5b8850
Add ItaDuke/DarkUniverse actor
2020-04-22 19:44:38 +03:00
pnx@pyrite
974ece3a7c
adding FIN1
2020-04-20 14:20:22 +02:00
Rony
aa34775390
typo
...
thanks to @patricksvgr
2020-04-19 23:17:44 +05:30
Rony
ddfa280672
Update threat-actor.json
2020-04-19 23:06:57 +05:30
Rony
7ac2648dbc
more fix
2020-04-19 23:00:42 +05:30
Rony
573b4807ee
fix broken links
2020-04-19 16:03:21 +05:30
Rony
42a4820823
dead link
2020-04-19 11:45:45 +05:30
Rony
0aa34187e9
add link
2020-04-19 11:29:36 +05:30
Rony
d6bf42254f
Merging APT23 & Tropic Trooper
2020-04-18 13:22:25 +05:30
Rony
c161080175
Update threat-actor.json
2020-04-15 21:36:48 +05:30
Deborah Servili
e8edc9cafc
Merge branch 'master' of https://github.com/MISP/misp-galaxy
2020-04-15 11:27:01 +02:00
Deborah Servili
b01e64eb1f
add Operation Shadow Forece
2020-04-08 14:53:19 +02:00
Daniel Plohmann
aba625dee5
removed duplicate entry
2020-04-07 08:49:33 +02:00
Daniel Plohmann
e15a4a6525
fixing/removing some more dead links
2020-04-06 15:25:22 +02:00
e37f320df5
Merge pull request #523 from danielplohmann/patch-24
...
adding aliases MERCURY, HOLMIUM
2020-03-09 21:56:27 +01:00
Daniel Plohmann
ab49ef3c1a
Kimsuki -> Black Banshee
...
PWC refers to Kimsuki as Black Banshee (https://www.pwc.co.uk/issues/cyber-security-data-privacy/research/tracking-kimsuky-north-korea-based-cyber-espionage-group-part-2.html )
2020-03-09 18:20:56 +01:00
Daniel Plohmann
1260ab156a
adding aliases MERCURY, HOLMIUM
...
Muddywater->MERCURY: https://twitter.com/moranned/status/1234071210822184960
APT33->HOLMIUM: https://www.zdnet.com/article/microsoft-notified-10000-victims-of-nation-state-attacks/
2020-03-09 08:50:08 +01:00
4a64d0a4ad
Merge pull request #519 from danielplohmann/crowdstrike2020report
...
adding new/updated threat actor names from CrowdStrike 2020 report
2020-03-05 09:07:16 +01:00
Daniel Plohmann (jupiter)
0c2b0b76eb
while we are at it, we can also do Longhorn = APT-C-39
2020-03-04 21:09:06 +01:00
Daniel Plohmann (jupiter)
184f193342
IMPERIAL KITTEN as alias for Tortoiseshell
2020-03-04 19:39:14 +01:00
pnx@pyrite
3dc460e795
adding new/updated threat actor names from CrowdStrike 2020 report
2020-03-04 13:36:34 +01:00
Daniel Plohmann
dc059d1f4d
Accenture calls APT32 - "POND LOACH"
2020-03-03 19:40:50 +01:00
b4b91b1e5d
chg: [threat-actor] JSON fixed
2020-02-28 16:37:24 +01:00
Thomas Dupuy
0daeb675f5
Add InvisiMole cluster
2020-02-18 13:28:32 -05:00
Daniel Plohmann
e481e9bb50
adding APT-C-12
2020-02-13 17:44:45 +01:00
Rony
22c9badee0
Update threat-actor.json
...
those are the name of aliases of the same malware family sykipot. so removing it.
2020-02-05 18:00:31 +05:30
Deborah Servili
5da17d51aa
Merge branch 'master' into master
2020-01-24 09:33:33 +01:00
Deborah Servili
606e3ec90f
jq
2020-01-24 09:32:09 +01:00
Deborah Servili
58415324c5
add Operation Wocao
2020-01-24 08:27:20 +01:00
Thomas Dupuy
edc5196373
Add Attor and DePriMon
2020-01-23 11:27:00 -05:00
Daniel Plohmann
ccfe5ee130
removing and fixing deadlinks in the best possible way
...
Hi! While migrating Malpedia to our new reference data format, we noticed a few potentially dead/moved references in your cluster. This pull request should fix most of them, for some I was not able to find an appropriate replacement.
2020-01-23 11:14:20 +01:00
Daniel Plohmann
29a128da6f
adding references and TEMP.MixMaster as alias for WIZARD SPIDER
...
with kudos to @tbarabosch
2020-01-22 15:42:01 +01:00
dbaab413b6
chg: [threat-actor] typo fixed
2020-01-18 17:30:27 +01:00
564f27c5ca
chg: [threat-actor] format fixed
2020-01-18 17:26:45 +01:00
34c5c66279
chg: [threat-actor] fix order
2020-01-18 17:08:32 +01:00
8eeceafc51
chg: [threat-actor] Budminer APT added based on document from "Soesanto, Stefan"
...
Ref: https://www.research-collection.ethz.ch/bitstream/handle/20.500.11850/389371/1/Cyber-Reports-2020-01-A-one-sided-Affair.pdf
Ref: https://www.symantec.com/connect/blogs/taiwan-targeted-new-cyberespionage-back-door-trojan
2020-01-18 17:02:44 +01:00
5da0c7bd54
chg: [threat-actor] SideWinder APT group added
2020-01-07 10:42:07 +01:00
StefanKelm
9b6f9136f9
Update threat-actor.json
2020-01-03 12:50:49 +01:00
StefanKelm
9373cfcb53
Update threat-actor.json
...
BRONZE PRESIDENT
2020-01-03 12:42:57 +01:00
Rony
6b1142abac
Update threat-actor.json
2019-12-23 22:05:28 +05:30
Bart
8ebb2e2d16
Update threat-actor.json
...
Adds Operation Wocao..
2019-12-19 21:42:02 +01:00
9f56a91013
Merge pull request #492 from Delta-Sierra/master
...
Operation Soft Cell ralated Updates
2019-12-13 13:35:52 +01:00
Deborah Servili
03c54a3e05
add GALLIUM as microsoft activities group and similar to Operation Soft Cell
2019-12-13 11:47:31 +01:00
Deborah Servili
3be47af325
update threat actor version
2019-12-13 11:04:51 +01:00
Deborah Servili
9b153913be
add relation suspected link between operation soft cell and apt10
2019-12-13 10:59:06 +01:00
Sebastian Wagner
c3b5b39dd3
sofacy: add apt_sofacy as synonym
2019-12-12 15:57:13 +01:00
Deborah Servili
170f964e8c
##COMMA##
2019-12-11 14:22:09 +01:00
Deborah Servili
7e18f2e509
Merge branch 'master' into master
2019-12-11 13:51:52 +01:00
Deborah Servili
391b5a674d
add Axiom synonym
2019-12-11 13:50:35 +01:00
8da36c09e1
chg: [threat-actor] jq
2019-12-08 09:03:14 +01:00
Daniel Plohmann
94b3c1ec07
added APT-C-34 / Golden Falcon
2019-12-07 12:44:30 +01:00
Deborah Servili
31f3a61d5f
add Sofacy ref
2019-12-05 15:42:42 +01:00
Daniel Plohmann
bd3cc6d8ee
added TA2101
2019-12-03 18:13:44 +01:00
8cc5e02f22
chg: [clean-up] jq all the things
2019-11-21 17:19:39 +01:00
Deborah Servili
38641aae36
merge
2019-11-21 16:24:11 +01:00
Deborah Servili
f21dd95b28
merge
2019-11-21 16:23:29 +01:00
Deborah Servili
1a0dd2292b
add silence synonym & new meta field spoken-language
2019-11-21 11:50:02 +01:00
StefanKelm
aa132ca58f
new refs for APT33
2019-11-14 14:57:05 +01:00
eea0f528fa
chg: [threat-actor] Lucky Mouse synonym added
...
Ref: https://www.bleepingcomputer.com/news/security/cyber-espionage-group-customizes-old-public-tools/
Ref: https://www.cybersecurity-insiders.com/apt-lucky-mouse-group-targets-canada-icao-via-cyber-attack/
2019-11-12 12:51:44 +01:00
Raphaël Vinot
1486890f86
fix: JQ all the things.
2019-11-12 10:25:00 +01:00
871d90cfc2
chg: [threat-actor] Calypso group added
...
Ref: https://www.ptsecurity.com/upload/corporate/ru-ru/analytics/calypso-apt-2019-rus.pdf
MISP UUID: 5ca4718b-7f38-4822-83b7-0a1a0a00b412
2019-11-11 13:34:54 +01:00
d9a64c18ff
chg: [threat-actor] threat-actor-classification updated
2019-11-04 09:37:52 +01:00
6f463325b9
chg: [threat-actor] jq is jq
2019-11-03 16:01:09 +01:00
64a3569803
Merge branch 'master' of github.com:MISP/misp-galaxy
2019-11-03 08:52:37 +01:00
8d01e77574
chg: [threat-actor] Operation WizardOpium added
...
ref: https://securelist.com/chrome-0-day-exploit-cve-2019-13720-used-in-operation-wizardopium/94866/
2019-11-03 08:51:37 +01:00
346e54a321
Merge pull request #468 from Delta-Sierra/master
...
add Turla Group Symonym variant
2019-11-02 13:40:21 +01:00
Deborah Servili
1da2dc8af1
add Turla Group Symonym variant
2019-10-31 16:33:32 +01:00
Deborah Servili
efa2f43c0f
Merge pull request #467 from Delta-Sierra/master
...
Few updates
2019-10-31 14:31:16 +01:00
Deborah Servili
bee9b80898
jq
2019-10-31 10:37:36 +01:00
Deborah Servili
0a8f989e1c
add Winnti related tools etc.
2019-10-31 10:36:15 +01:00
Rony
1fc0f5e2e7
Update threat-actor.json
2019-10-17 09:46:56 +05:30
Deborah Servili
88025a541f
add operation soft cell
2019-10-14 16:07:35 +02:00
Deborah Servili
a4b59f647c
jq
2019-09-25 13:41:55 +02:00
309109eb27
chg: [threat-actor] new LookBack (Malware?Campaign?TA?)
...
Signed-off: During MISP training
2019-09-25 12:12:34 +02:00
a5ae130916
chg: [threat-actor] Evil Eye and POISON CARP
...
Ref: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/
Signed-off: Jean-Louis during training session
2019-09-25 11:27:03 +02:00
Deborah Servili
638cdd4198
version update
2019-09-20 14:54:56 +02:00
Deborah Servili
b9b4b9c651
Add Tortoiseshell thrat actor
2019-09-20 14:53:25 +02:00
StefanKelm
db2b5a13ef
Update threat-actor.json
...
Silent Librarian
2019-09-12 11:57:03 +02:00
Deborah Servili
718ea55dd7
Merge branch 'master' into master
2019-09-04 14:42:47 +02:00
Deborah Servili
9e3a998dfc
aff SectorJ04 group
2019-09-03 15:51:21 +02:00
Daniel Plohmann
f40b7dd132
'SectorJ04 Group' as alias introduced by NSHC for TA505
...
Not explicitly mentioned in the blog post but it looks like we just got an alias for TA505... https://threatrecon.nshc.net/2019/08/29/sectorj04-groups-increased-activity-in-2019/
2019-09-01 15:46:36 +02:00
0966e58da6
Merge branch 'master' of github.com:MISP/misp-galaxy
2019-08-30 11:06:29 +02:00
f5056ff02e
chg: [threat-actor] add machete-apt synonyms as reported in #445
2019-08-30 11:03:30 +02:00
StefanKelm
49f8f60a85
Update threat-actor.json
...
Add ITG08 as synonym for FIN6
2019-08-29 13:13:00 +02:00
8d78a2a108
chg: [threat-actor] jq all
2019-08-29 08:31:10 +02:00
791c88f2eb
Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master
2019-08-29 08:30:41 +02:00
Deborah Servili
395dd93e0f
add Asruex Backdoor
2019-08-28 15:40:03 +02:00
9926ea8826
chg: [threat-actor] LYCEUM added - 443 #fixed
2019-08-28 14:35:12 +02:00
Deborah Servili
ea68336b96
add ref for Gamaredon
2019-08-27 08:28:58 +02:00
Sebastian Wagner
38aebbf42a
remove empty strings
2019-08-19 17:04:07 +02:00
3841447e16
Merge pull request #434 from r0ny123/patch-1
...
added microsoft naming for the groups
2019-08-10 18:52:26 +02:00
Thomas Dupuy
df5c9057a1
add synonyme for Turla
2019-08-09 17:34:22 -04:00
Rony
feac39db6b
added microsoft naming for the groups
2019-08-09 22:19:09 +05:30
Thomas Dupuy
320e298549
update victims
2019-08-09 10:45:10 -04:00
Thomas Dupuy
1988662ee5
add APT41
2019-08-09 10:24:06 -04:00
Nils Kuhnert
17925f3e10
Remove local file link :)
2019-08-03 18:55:00 +02:00
7913adad61
chg: [threat-actor] rollback as discussed by chat with Andras until version 2.0
2019-08-02 16:08:40 +02:00
Andras Iklody
984be50396
lowercased value field for DarkHotel
2019-08-02 15:40:31 +02:00
a401ff7405
Merge branch 'master' into patch-13
2019-08-01 08:52:27 +02:00
Daniel Plohmann
0367e16ce0
adding secureworks actor names for energetic bear and teamspy
2019-07-31 14:35:09 +02:00
Daniel Plohmann
a4a72d0698
adding Proofpoint's TA428
2019-07-31 14:08:50 +02:00
Deborah Servili
2861d2d78c
jq
2019-07-16 10:13:10 +02:00
Deborah Servili
ea4d8a2d42
add SWEED threat actor
2019-07-16 10:03:07 +02:00
9517c8b878
chg: [threat-actor] version updated
2019-06-20 17:58:35 +02:00
8c90f7231c
chg: [threat-actor] duplicated refs removed
2019-06-20 17:35:35 +02:00
5e9d075ae5
chg: [threat-actor] synonyms fixed
2019-06-20 17:30:01 +02:00
195406cc6b
chg: [threat-actor] jq everything
2019-06-20 17:27:55 +02:00
d018519700
Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy
2019-06-20 17:23:04 +02:00
Deborah Servili
30f042211b
fix duplicate
2019-06-20 16:35:49 +02:00
Deborah Servili
a984786c8b
update threat actor galaxy
2019-06-20 16:25:23 +02:00
Rony
7afb9083b2
Update threat-actor.json
2019-06-19 23:29:35 +05:30
Deborah Servili
4bd37e2b2d
update threat actor galaxy
2019-06-19 16:38:04 +02:00
Deborah Servili
52e51833de
update threat actor galaxy
2019-06-18 16:05:49 +02:00
Deborah Servili
431e7a36c1
update threat actor galaxy
2019-06-17 16:36:42 +02:00
Deborah Servili
b966369933
##COMMA##
2019-06-14 16:35:55 +02:00
Deborah Servili
1e5292d999
fix duplicate
2019-06-14 16:21:33 +02:00
Deborah Servili
ead217eb28
Update version
2019-06-14 16:11:02 +02:00
Deborah Servili
98f0572d51
update threat actor galaxy
2019-06-14 16:06:09 +02:00
Deborah Servili
b040f9f57b
fix duplicate and links update (APT34)
2019-06-14 08:41:38 +02:00
Deborah Servili
2001652dae
fix duplicate
2019-06-14 08:28:44 +02:00
Deborah Servili
20e77afcc3
update threat actor galaxy
2019-06-13 16:19:21 +02:00
Deborah Servili
11c2f43c9f
tryto fix duplicate
2019-06-13 11:26:42 +02:00
Deborah Servili
e4245ee991
update threat actor galaxy
2019-06-12 16:25:24 +02:00
Deborah Servili
5a3d7e816f
fix duplicate
2019-06-12 09:24:05 +02:00
Deborah Servili
1ba7f19ca2
update threat actor galaxy
2019-06-11 16:14:58 +02:00
Deborah Servili
347ed5d529
jq
2019-06-11 15:57:21 +02:00
Deborah Servili
79f11de6db
update threat actor galaxy
2019-06-11 15:54:39 +02:00
Deborah Servili
d6b458520b
update threat actor galaxy
2019-06-11 11:57:04 +02:00
Deborah Servili
1f2e59addb
update Threat actor galaxy
2019-06-07 16:34:43 +02:00
Deborah Servili
185763a63a
update threat actor
2019-06-06 16:34:09 +02:00
Deborah Servili
b809b9cfbb
update threat actor darkhotel (nemim might be a typo)
2019-06-06 11:58:19 +02:00
Deborah Servili
189c3066a5
update threat actor
2019-06-04 16:32:39 +02:00
Deborah Servili
a6c9d335ee
fix multiple refs
2019-06-04 08:52:34 +02:00
Deborah Servili
b47863f1c1
update threat actors
2019-05-29 16:18:50 +02:00
Deborah Servili
f48167ce77
update threat actors
2019-05-29 15:34:20 +02:00
Deborah Servili
f4cf3464ce
update threat actors and tools
2019-05-28 16:05:54 +02:00
Deborah Servili
940762e0c5
update threat actor
2019-05-28 09:22:26 +02:00
Deborah Servili
0bb1420ab7
update threat-actor galaxy
2019-05-27 16:38:01 +02:00
Deborah Servili
af6241fd20
update Anchor Panda Threat Actor
2019-05-27 11:47:05 +02:00
Daniel Plohmann
1cc0137c38
adding TA542 to MUMMY SPIDER (emotet)
2019-05-17 17:36:57 +02:00
Rony
380006ecbb
merging Pacifier & Turla
2019-05-16 23:57:49 +05:30
Daniel Plohmann
a20f7fbe91
adding APT31/ZIRCONIUM
2019-05-15 22:43:33 +02:00
Rony
7c0ea4949a
Update threat-actor.json
2019-05-12 11:11:09 +05:30
Raphaël Vinot
988586fde0
fix: Duplicate values, typos.
2019-05-06 17:17:16 +02:00
StefanKelm
7e329855b2
Update threat-actor.json
...
Silent Librarian / COBALT DICKENS
2019-05-02 15:34:19 +02:00
37da9bebdf
chg: [threat-actor] FIN4 updates
2019-05-01 17:41:03 +02:00
Rony
0afaf81438
Update threat-actor.json
2019-05-01 15:54:38 +05:30
Rony
c565f61761
Update threat-actor.json
2019-05-01 15:51:56 +05:30
Rony
3b185d8435
Update threat-actor.json
2019-05-01 15:40:10 +05:30
Rony
ed351b4eae
updated FIN4
2019-05-01 15:24:59 +05:30
Rony
292df2360a
more report on APT36
2019-04-22 11:05:21 +05:30
Deborah Servili
8ac7aec85c
add Sea Turtle campaign
2019-04-19 13:21:11 +02:00
Christophe Vandeplas
ecc63cf166
chg; [threat-actor] validate + version bump
2019-04-17 21:01:55 +02:00
Christophe Vandeplas
d5fd896bb0
Merge pull request #385 from bartblaze/master
...
Add Whitefly
2019-04-17 20:53:15 +02:00
Bart
e1cab68683
Add Whitefly
2019-04-17 12:27:18 +01:00
Rony
d98aefa186
fixed the broken link
2019-04-17 09:17:23 +05:30
Bart
3256cca9e0
Add DoNot team references
2019-04-12 21:12:16 +01:00
d7b4908aa3
Merge branch 'patch-8' of https://github.com/danielplohmann/misp-galaxy into danielplohmann-patch-8
2019-04-12 05:58:47 +02:00
Daniel Plohmann
159225b6cf
Based on additional research, APT36 can actually be merged into Mythic Leopard
2019-04-11 22:29:49 +02:00
Rony
7987c8f023
Update threat-actor.json
2019-04-12 01:56:12 +05:30
Rony
2fc914b2f9
Update threat-actor.json
2019-04-12 01:06:50 +05:30
Rony
60e4a486a7
adding additional resources for APT36
2019-04-11 23:55:51 +05:30
Daniel Plohmann
df5301eab5
adding FireEye's TMP.Lapis / APT36
2019-04-09 08:38:44 +02:00
ac6276a906
Merge pull request #371 from Delta-Sierra/master
...
Add Operation ShadowHammer
2019-03-26 22:25:22 +01:00
Deborah Servili
6027d546f2
Add Operation ShadowHammer
2019-03-26 10:40:29 +01:00
52f088efc9
Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master
2019-03-21 20:51:59 +01:00
Daniel Plohmann
e0bb3d76a6
added APT-C-27 / GoldMouse
2019-03-21 18:06:03 +01:00
Deborah Servili
d0383b460f
jq
2019-03-21 09:15:16 +01:00
Deborah Servili
0fd04fa619
Merge branch 'master' into master
2019-03-21 08:42:30 +01:00
Deborah Servili
f86c748b8c
add AOT-C-27 Goldmouse
2019-03-20 15:45:20 +01:00
b2538a1f8a
chg: [threat-actor] change attribution confidence to be a string by default
2019-03-19 16:51:41 +01:00
4f454493b7
chg: [threat-actor] BRONZE UNION is also uppercase
2019-03-19 14:47:03 +01:00
9a6b597387
chg: [threat-actor] updated the version to avoid the past issue with 0 value for integer values
2019-03-19 14:44:49 +01:00
Deborah Servili
5ce8aae89e
add Operation Comando - hit version 100
2019-03-15 15:04:29 +01:00
5db30ba974
chg: [threat-actor] SandCat added
2019-03-14 06:18:10 +01:00
Deborah Servili
ecf76178e7
add attribution-confidence attribute to threat-actor
2019-03-11 11:18:12 +01:00
Deborah Servili
a65688ec02
Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy
2019-03-11 08:51:47 +01:00
Deborah Servili
33dbda1e1e
Merge branch 'master' of https://github.com/MISP/misp-galaxy
2019-03-11 08:51:16 +01:00
Deborah Servili
59ee8a9f13
Merge branch 'master' into master
2019-03-11 08:40:38 +01:00
Deborah Servili
ddab5f7006
Merge branch 'master' into master
2019-03-11 08:40:11 +01:00
139e6c32ed
chg: [threat-actor] new attribution-confidence level introduced
2019-03-11 08:37:49 +01:00
eb665e2883
chg: [threat-actor] jq all the things
2019-03-10 11:15:13 +01:00
6fb1303570
chg: [threat-actor] IRIDIUM added
...
Ref: https://resecurity.com/blog/parliament_races/
2019-03-10 10:47:34 +01:00
Daniel Plohmann
1d8ada33a0
Update threat-actor.json
...
another actor described by 360TIC.
2019-03-07 17:50:46 +01:00
Daniel Plohmann
cfb807861a
FireEye upgraded TEMP.Periscope to APT40
2019-03-07 14:34:14 +01:00
Deborah Servili
eb0a33eab6
add operation Kabar Cobra
2019-03-06 15:52:49 +01:00
Deborah Servili
6ffb8dd437
add relation between Lazarus Group and Operation SharpShooter
2019-03-04 12:03:05 +01:00
Deborah Servili
bd3fce00e1
add Razdel
2019-02-25 16:35:06 +01:00
f2159bfaa3
chg: [threat-actor] format fixed
2019-02-22 22:50:42 +01:00
d5df0d1064
chg: [threat-actor] uuid fixed
2019-02-22 22:45:28 +01:00
38283f0f86
chg: [threat-actor] STOLEN PENCIL added
2019-02-22 22:41:06 +01:00
243a6280e0
Merge pull request #350 from bartblaze/master
...
Add more info on Lotus Blossom
2019-02-21 23:39:33 +01:00
Bart
06553bbec2
Add more info on Lotus Blossom
...
Add 2 more references, fix typo - Trend calls it "Esile", not "Eslie" as mistakenly stated by CFR. The backdoor itself is commonly referred to as Elise.
2019-02-21 22:31:14 +00:00
ed132cb1b8
chg: [threat-actor] version fixed
2019-02-21 07:18:16 +01:00
Daniel Plohmann
0cd79994cc
Two more actor names from GTR2019
...
I found two more actor names while going again over the crowdstrike's report and updating the cross-references to malpedia.
2019-02-19 22:38:11 +01:00
Daniel Plohmann
85ec27b4c4
Added missing actors from CrowdStrike GTR2019
2019-02-19 18:26:01 +01:00
Itay Cohen
7d9dc1ec9d
Fix 404'd reference of BuhTrap
2019-02-17 11:33:11 +02:00
Deborah Servili
5bf18ffd23
Merge branch 'master' into master
2019-02-14 16:29:04 +01:00
Deborah Servili
9c450a80d4
add Gallmaker and other clusters
2019-02-14 16:04:54 +01:00
Deborah Servili
2794a20589
add OSX/Shlayer and some refs
2019-02-14 12:42:28 +01:00