409c82f40c
Merge pull request #781 from Mathieu4141/threat-actors/fix-neodymium
...
[threat-actors] Fix G0055 (NEODYMIUM) alias
2022-09-30 06:39:31 +02:00
588184bacd
Merge pull request #780 from Mathieu4141/threat-actors/fix-svmondr
...
[threat-actors] Remove SVCMONDR duplicate
2022-09-30 06:38:56 +02:00
800006e6ab
Merge pull request #778 from Mathieu4141/threat-actors/fix-malware-reuser-duplicate
...
[threat-actors] Fix Volatile Cedar and Dancing Salome conflicts
2022-09-30 06:37:15 +02:00
Mathieu Beligon
74c6835d18
[threat-actors] Fix G0055 (NEODYMIUM) alias
2022-09-29 17:16:57 -07:00
Mathieu Beligon
a740e35687
[threat-actors] Remove SVCMONDR duplicate
2022-09-29 16:11:19 -07:00
Mathieu Beligon
5994fa4160
[threat-actors] Fix Volatile Cedar and Dancing Salome conflicts
2022-09-29 14:51:38 -07:00
Mathieu Beligon
4f47e6e2d3
[threat-actors] Equation group: separate from Lamberts and add tools
2022-09-29 11:28:54 -07:00
Thomas Dupuy
c66d6823a1
Add APT-Q-12 Threat Actor.
2022-09-29 02:30:41 +00:00
c3b65a2d15
chg: [threat-actor] JSON fix
2022-09-27 08:18:13 +02:00
Thomas Dupuy
bfd1812cef
Add Void Balaur.
2022-09-27 00:11:20 +00:00
Mathieu Beligon
22a39f4fdc
[threat-actors] Add BITWISE SPIDER
2022-09-20 11:23:33 -07:00
9b8b51fe53
Merge pull request #769 from Mathieu4141/threat-actors-add/no-name-057-06
...
[threat-actors] Add NoName057(16)
2022-09-17 07:43:42 +02:00
2f169e4258
Merge pull request #766 from Mathieu4141/threat-actors/fix-ta505
...
[threat-actors] Clean TA505 aliases
2022-09-17 07:43:18 +02:00
Mathieu Beligon
580d2c6931
[threat-actors] Add NoName057(16)
2022-09-16 20:11:06 -06:00
1c8d82cfcc
new: [threat-actor] hezb added
2022-09-14 11:00:33 +02:00
Mathieu Beligon
e1f5d3b5d8
[threat-actors] Keep meta from old Xenotime
2022-09-13 11:40:17 -07:00
Mathieu Beligon
4ff0bdfe8e
[threat-actors] Clean TA505 aliases
2022-09-13 11:34:02 -07:00
Mathieu Beligon
273c7c9b97
[threat-actors] Remove Xenotime duplicate
2022-09-12 17:10:49 -07:00
Delta-Sierra
0440db12e9
add DangerousSavanna campaign
2022-09-07 11:01:23 +02:00
Rony
aea413cebf
chg: [threat-actor] version bump
2022-09-01 10:32:01 +00:00
Rony
db913e5ab4
fix: [threat-actor] remove duplicate entries
2022-09-01 09:53:11 +00:00
Rony
6aea5ee05c
chg: [threat-actor] add Aoqin Dragon
2022-09-01 09:46:43 +00:00
Rony
fb0cf3c7e5
chg: [threat-actor] miscellaneous updates
2022-09-01 09:17:31 +00:00
Daniel Plohmann
d18f5bc8b6
mini-fix: adding https protocol to a reference
...
in automated processing and display, this may otherwise lead to a malformed local / relative link.
2022-08-30 17:08:03 +02:00
Rony
e7178a1e08
fix: [threat-actor] remove duplicate entries from APT9
2022-08-27 12:54:32 +00:00
Rony
27300c6381
chg: [threat-actor] add avast blog to APT40
2022-08-27 12:41:31 +00:00
Rony
7f526e230b
chg: [threat-actor] add Microsoft and PwC report to actors' references
2022-08-27 12:34:36 +00:00
Rony
6ad9699a38
chg: [threat-actor] add recorded future reference to RedAlpha
2022-08-27 12:10:51 +00:00
Rony
2dc138ae01
chg: [threat-actor] add Adam Kozy's testimony ro APT41 and APT26
2022-08-27 12:08:11 +00:00
Rony
0b140b7097
chg: [threat-actor] miscellaneous updates including merge of some actors and fix the error committed in 9cfcc0d9ac
2022-08-27 11:58:03 +00:00
8bea9f3b4b
Merge pull request #755 from Mathieu4141/threat-actors/fix-winnti
...
[threat-actors] Fix Axiom/Winnti/Suckfly/APT41 conflicts
2022-08-27 08:25:20 +02:00
Mathieu Béligon
9cfcc0d9ac
Add aliases to APT41
...
Co-authored-by: Rony <rony_123@protonmail.ch>
2022-08-26 14:54:02 -07:00
Mathieu Beligon
6e00329ba6
[threat-actors] Fix aliases
2022-08-26 11:09:29 -07:00
Mathieu Beligon
9b714dcd76
[threat-actors] Merge Axiom into APT17
2022-08-25 13:49:07 -07:00
9efca4c41b
fix: [threat-actor] UUID reused fixed (UUIDs cannot be reused across different cluster)
...
Add the missing the relationship for the new UUID
2022-08-21 09:17:56 +02:00
Rony
5b42a09dc2
add PARINACOTA to threat-actor.json
...
MSTIC names digital crime actors based on global volcanoes
2022-08-20 17:10:15 +00:00
6b137ea12c
Merge pull request #749 from Mathieu4141/threat-actors/fix-naikon-cluster
...
[threat actors] Fix threat actors related to Lotus Panda
2022-08-20 11:46:15 +02:00
Mathieu Beligon
7f82616c10
fix axiom related field
2022-08-19 12:48:40 -07:00
Mathieu Beligon
969f461709
merge into apt41
2022-08-19 12:45:47 -07:00
Mathieu Beligon
fd9201e9e0
Merge APT22 and suckfly
2022-08-19 12:16:30 -07:00
Mathieu Beligon
768c94671c
Fix hellsing ref
2022-08-19 11:34:16 -07:00
a8b234d694
Merge pull request #753 from Mathieu4141/threat-actors/fix-bronze-president
...
[threat-actors] Remove duplicated BRONZE PRESIDENT entity
2022-08-19 06:26:11 +02:00
Mathieu Béligon
fcd6faec78
Capitalize override panda alias
...
Co-authored-by: Rony <rony_123@protonmail.ch>
2022-08-18 20:51:03 -07:00
Mathieu Béligon
54f3ef2831
capitalize lotus panda alias
...
Co-authored-by: Rony <rony_123@protonmail.ch>
2022-08-18 20:50:32 -07:00
Mathieu Béligon
c9b11553eb
normalize APT30 alias
...
Co-authored-by: Rony <rony_123@protonmail.ch>
2022-08-18 20:32:44 -07:00
Mathieu Beligon
c1abedb446
Move Lotus Panda alias to Lotus Blossom
2022-08-18 20:21:31 -07:00
Mathieu Beligon
a61ef2a88f
[threat-actors] Fix Axiom/Winnti/Suckfly/APT41 conflicts
2022-08-18 17:03:26 -07:00
Mathieu Beligon
1acc51a7a6
[threat-actors] Add more data about APT-C-27
2022-08-18 15:44:18 -07:00
Mathieu Beligon
ec988c97d0
[threat-actors] Remove duplicated APT-C-27
2022-08-18 15:34:08 -07:00
Mathieu Beligon
d9046c8619
[threat-actors] Remove duplicated BRONZE PRESIDENT entity
2022-08-18 15:12:18 -07:00
Mathieu Beligon
a046e8094d
Merge APT30 and Naikon
2022-08-18 11:36:45 -07:00
Mathieu Beligon
5e4a4c3453
Merge branch 'main' into threat-actors/fix-naikon-cluster
2022-08-18 09:01:36 -07:00
Mathieu Beligon
264e764dfa
Remove ATK34 alias
2022-08-18 08:59:04 -07:00
Delta-Sierra
3f036db1e3
add TA558
2022-08-18 15:54:28 +02:00
Mathieu Beligon
71e3e1f3eb
Fix ATK aliases
2022-08-17 13:39:43 -07:00
Mathieu Beligon
a6242d4732
Merge branch 'main' into threat-actors/fix-naikon-cluster
2022-08-17 13:37:01 -07:00
Mathieu Beligon
0d6399aa2b
Add ATK78 alias for Thrip
2022-08-17 12:04:32 -07:00
Mathieu Beligon
53282255ce
Branch out Goblin Panda from Hellsing
2022-08-17 11:55:35 -07:00
Mathieu Beligon
3f50cf0175
Create a tool for Esile
2022-08-17 11:19:30 -07:00
Rony
ccd10b54f4
remove duplicate reference
2022-08-17 12:49:56 +05:30
Rony
0cec882cc5
merge microcin/sixlittlemonkeys to vicious panda
2022-08-17 07:06:51 +00:00
a373909bb1
Merge pull request #748 from r0ny123/patch-2
...
Update threat-actor.json
2022-08-17 07:44:46 +02:00
352998a84d
fix: [threat-actor] add missing refs for APT33 including CFR link
2022-08-17 07:40:23 +02:00
Mathieu Beligon
d05b29c1af
[threat-actors] Remove duplicate APT33
2022-08-16 17:15:30 -07:00
Mathieu Beligon
9c6f106928
[threat actor] Fix aliases related to Lotus Panda
2022-08-16 16:58:35 -07:00
Rony
5b25b574b3
add uac-0010 references from cert-ua
2022-08-16 10:19:53 +00:00
Rony
370045b01d
Merge "red october" and "cloud atlas" to inception framework"
2022-08-16 09:30:29 +00:00
Rony
62b168600f
fix duplicates
2022-08-16 12:15:30 +05:30
Rony
490bc6a05c
fix duplicate
2022-08-16 12:10:27 +05:30
Rony
bbe84c5985
updates to russian actors
2022-08-16 12:07:59 +05:30
Rony
de76aef023
Update threat-actor.json
2022-08-16 10:49:13 +05:30
Rony
f4b63d4514
updates to tianwu
2022-08-16 10:30:33 +05:30
96d31aa8c7
chg: [threat-actor] jq all the things
2022-08-11 17:50:00 +02:00
Thomas Dupuy
ed24dcaf19
Add link for SLIME29.
2022-08-11 15:41:01 +00:00
Thomas Dupuy
912050b9b7
Update commit based on feeback.
2022-08-11 15:20:32 +00:00
Thomas Dupuy
6e0df72ef4
Add Threat Actors from BH Asia22 prez.
2022-08-10 18:53:38 +00:00
Daniel Plohmann
bdaadea58e
removing a leading double quote in a URL.
2022-08-02 18:17:58 +02:00
Daniel Plohmann
bc20a463c8
merging TG2003 / Elephant Beetle into FIN13
...
as indicated in the respective resources published by the organizations using these aliases.
2022-08-02 14:11:43 +02:00
6427746ad8
Merge pull request #727 from Mathieu4141/threat-actors/merge-cutting-kitten-cleaver
...
Fix Cleaver aliases
2022-07-27 23:17:42 +02:00
63f5122ad4
Merge pull request #742 from r0ny123/patch-1
...
Update threat-actor.json
2022-07-27 18:56:47 +02:00
Mathieu Beligon
51aacd6b03
Reduce diff with old version
2022-07-26 23:53:22 -07:00
Mathieu Beligon
acc6ada575
r0ny123.review: Use Cutting Kitten as main value for ITSecTeam
2022-07-26 23:27:39 -07:00
Mathieu Beligon
d815bfa174
Merge remote-tracking branch 'upstream/main' into threat-actors/merge-cutting-kitten-cleaver
2022-07-26 23:22:03 -07:00
Daniel Plohmann
26f6a33695
more aliases from Unit 42
2022-07-26 11:09:33 +02:00
Rony
5a7f3a7207
fix
2022-07-25 17:17:52 +05:30
Rony
8ce0df6eb4
Update threat-actor.json
...
Merge aquatic panda & earth lusca
2022-07-25 17:15:23 +05:30
6b6398bf2d
fix: [threat-actor] incorrect merge fixed
2022-07-20 18:45:50 +02:00
b4ce9a9453
Merge branch 'main' of https://github.com/r0ny123/misp-galaxy into r0ny123-main
2022-07-20 18:41:27 +02:00
Rony
add6b27466
update
2022-07-20 21:39:33 +05:30
Rony
2b54df56f9
update
2022-07-20 21:32:11 +05:30
Rony
2e045d9c8c
chg: [fix] resolve conflict
2022-07-20 21:28:15 +05:30
Daniel Plohmann
5825783a85
removed duplicate UUID for Kinsing
...
my apologies, looks like I had not rolled a new UUID for one of the entries added...
2022-07-20 17:07:05 +02:00
Rony
932fcf1871
added Red Nue
2022-07-20 15:07:35 +05:30
Rony
082039b3b0
added CN actors from secureworks threat profile
...
https://www.secureworks.com/research/threat-profiles?filter=item-china and fixed some AKAs
2022-07-20 14:52:58 +05:30
Daniel Plohmann
ed32c508b7
added more Unit 42 aliases / groups
2022-07-20 08:38:03 +02:00
Rony
000bfe92d9
add APT9/Red Pegasus & BRONZE EDGEWOOD/Red Hariasa
2022-07-20 10:04:58 +05:30
Rony
2e8a577b0c
add PwC naming to CN actors
2022-07-20 09:45:21 +05:30
Rony
3fabd58416
chg: [threat-actor] fixed
2022-07-19 23:36:30 +05:30
Rony
79c84d3768
add Earth Berberoka, Earth Lusca and Earth Wendigo
2022-07-19 22:42:50 +05:30
Daniel Plohmann
082d506b64
adding new Unit 42 names
...
First PR: those are the directly mappable names. I will follow up after deconfliction and then with a few new entries.
2022-07-19 08:45:09 +02:00
Daniel Plohmann
240a757826
Update threat-actor.json
...
adding Predatory Sparrow due to recent events.
2022-07-13 10:02:07 +02:00
Thomas Dupuy
90da0d798f
Set country to LB instead of IR based on operational activity.
2022-07-12 16:21:41 +00:00
Thomas Dupuy
1a8835bcae
Remove list from POLONIUM TA.
2022-07-12 13:11:11 +00:00
Thomas Dupuy
a86d866534
Add POLONIUM TA.
2022-07-12 12:14:27 +00:00
Delta-Sierra
7e37fa0cdd
merge + update medusalocker
2022-07-06 09:28:46 +02:00
Delta-Sierra
c2e7ef4fab
Update Medusa Locker and others
2022-07-06 08:43:59 +02:00
Mathieu Beligon
693eed8d78
[threat actor] Break Cleaver aliases into respective entries
2022-07-04 14:05:29 +02:00
Mathieu Beligon
d63c990dad
[threat-actors] Separate ITSecTeam from Cleaver
2022-06-30 14:34:05 +02:00
Mathieu Beligon
b8d4ffdbde
Merge Cutting Kitten and Cleaver
2022-06-29 20:15:12 +02:00
Mathieu Beligon
d79c5bd1ab
Add ToddyCat Threat actor
2022-06-21 15:12:42 +02:00
Rony
c030fcdab6
chg: [threat-actor] added PwC naming for Indian actors
...
https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf
2022-06-11 15:46:54 +05:30
Thanat0s
44a99d066a
Y en a un peut plus je vous le mets quand meme ?
2022-06-11 04:24:04 -04:00
Thanat0s
57befd7259
jq all the things
2022-06-10 19:12:12 -04:00
Thanat0s
51f98f4706
Attck link + typo on TA551
2022-06-10 18:40:16 -04:00
Thanat0s
f97fee7135
Typo on TA551
2022-06-10 18:38:25 -04:00
Thanat0s
297acc0f5e
Add Mitre vs Thales RosettaStone
2022-06-10 18:24:15 -04:00
Rony
e916267c7c
chg: [threat-actor] add reference to bitter & sidewinder group
2022-06-08 23:22:17 +05:30
Mathieu Beligon
dca70783bf
[threat-actors] validate file
2022-05-23 11:32:24 +02:00
Mathieu Beligon
c1cfc19871
[threat actors] Remove dead link for sandworm threat actor
2022-05-23 11:30:04 +02:00
Mathieu Beligon
36a1466661
[threat-actors] Add RansomHouse
2022-05-23 11:29:39 +02:00
Rony
2721522e82
chg: [threat-actor] add exotic lily, ta578, ta579
2022-05-14 20:52:15 +05:30
fcdc6c86e6
chg: [threat-actor] add TG2003 synomym to Elephant Beetle
2022-05-09 14:24:28 +02:00
9130365e2e
chg: [threat-actor] Elephant Beetle added
...
Fix #708
2022-05-09 14:23:12 +02:00
bb434b11cf
chg: [threat-actor] ModifiedElephant added
...
Fix #709
2022-05-09 14:16:01 +02:00
06550a7945
chg: [threat-actor] fix refs field -> it's always an array
2022-05-09 13:46:16 +02:00
b67e3ed3f8
Merge branch 'threatactor-cosmiclynx-add' of https://github.com/adammchugh/MISP-Galaxy-Updates into adammchugh-threatactor-cosmiclynx-add
2022-05-09 13:43:44 +02:00
Rony
c0be6677c2
chg: [threat-actor] added actor Red Menshen
...
https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf
2022-05-07 15:44:10 +05:30
Rony
11eca69ebc
chg: [threat-actor] added Curious Gorge
2022-05-07 12:40:35 +05:30
Daniel Plohmann
26c1850377
Update threat-actor.json
...
adding Red Dev 4 as alias for GALLIUM as used by PwC.
2022-05-06 09:47:48 +02:00
Daniel Plohmann
06c293072c
Update threat-actor.json
...
adding UNC3524 to the actor galaxy cluster.
2022-05-04 13:21:56 +02:00
3c7
0ad65fbe9f
Forgot to jq all the things
2022-04-28 09:42:25 +02:00
3c7
dfb6c0668e
Added SaintBear
2022-04-28 09:36:25 +02:00
664f6d80cc
chg: [threat-actor] Killnet description added
2022-04-21 15:05:50 +02:00
1e383e2452
chg: [threat-actor] version updated
2022-04-21 14:53:14 +02:00
Mathieu Beligon
c8455a6c4d
[actors] Add killnet
2022-04-21 14:06:28 +02:00
Adam McHugh
53a0fc56d3
Added Cosmic Lynx Threat Actor from Agari Whitepaper advisory
2022-04-18 10:16:26 +09:30
Adam McHugh
84eac4b102
Added Cosmic Lynx Threat Actor from Agari Whitepaper advisory
2022-04-17 19:50:08 +09:30
Adam McHugh
cff8a38c5f
Added Copy-Paste Threat Actor from ACSC Advisory 2020-008
2022-04-17 19:37:26 +09:30
Thomas Dupuy
bd05eb0bba
upd: [cluster] add Threat Actor BladeHawk.
2022-04-11 17:03:19 +00:00
Thomas Dupuy
209391f110
upd: [cluster] add ref and synonyms for Energetic Bear.
2022-04-07 18:26:58 +00:00
Rony
a08ddaf548
Add Avivore & HAZY TIGER/Bitter
2022-04-02 01:14:18 +05:30
Rony
50f39edc10
Revert "update threat actors meta"
2022-04-02 00:55:38 +05:30
Delta-Sierra
73f71c8b15
dup
2022-04-01 16:51:27 +02:00
Delta-Sierra
fb557fd3a2
dup
2022-04-01 16:47:50 +02:00
Delta-Sierra
909fc09992
duplicate
2022-04-01 16:44:47 +02:00
Delta-Sierra
7c3e8ac068
fix duplicate
2022-04-01 16:40:40 +02:00
Delta-Sierra
dcc396108c
fix duplicate
2022-04-01 16:36:47 +02:00
Delta-Sierra
9257fb677b
merge
2022-04-01 16:32:10 +02:00
Delta-Sierra
0f7803b091
update threat actors meta
2022-04-01 16:00:27 +02:00
Mathieu Beligon
c35fad3291
Add threat actor group Scarab
2022-03-28 12:11:34 +02:00
Daniel Plohmann
24a3f16ab4
adding threat actor group LAPSUS$ / DEV-0537.
2022-03-23 09:47:10 +01:00
Delta-Sierra
97690426bf
update threat actors meta
2022-03-18 16:41:10 +01:00
7fd5715715
Merge pull request #691 from r0ny123/indian-adversaries
...
Update to Indian Adversaries
2022-03-15 12:28:16 +01:00
Rony
eebda5f955
chg: [threat-actor] merging viceroy tiger and donot team & adding SectorE02 as an alias of Donot team
2022-03-15 15:02:57 +05:30
Rony
ac72e7b639
fix
2022-03-15 14:00:46 +05:30
Rony
3b67e745e5
Update threat-actor.json
2022-03-15 13:57:00 +05:30
Delta-Sierra
957327383d
fix array
2022-03-07 16:10:53 +01:00
Delta-Sierra
a7f3df8a9a
merge
2022-03-07 16:04:38 +01:00
Delta-Sierra
8fd3c87b47
update threat actors meta
2022-03-07 15:54:29 +01:00
8e09c9b30c
Merge pull request #685 from danielplohmann/patch-14
...
adding threat actor "Moses Staff"
2022-03-02 21:43:00 +01:00
Daniel Plohmann
896a451461
fixed with linted JSON.
2022-03-02 21:22:28 +01:00
Daniel Plohmann
a817324cd4
adding threat actor "Moses Staff"
2022-03-02 15:50:39 +01:00
Mathieu Beligon
0b456b8afa
version bump -> 213
2022-03-02 14:55:26 +01:00
Mathieu Beligon
d3d241ca54
Update Gamaredon target
2022-03-02 14:55:19 +01:00
Mathieu Beligon
27c05a118e
Update GhostWriter
2022-03-02 13:16:20 +01:00
Delta-Sierra
c909a35d65
Merge https://github.com/MISP/misp-galaxy into main
2022-02-18 10:57:10 +01:00
Delta-Sierra
a788c867a7
jq
2022-02-18 10:56:07 +01:00
Delta-Sierra
b0cd884afc
add TA2541
2022-02-18 10:54:25 +01:00
Daniel Plohmann
321e4b4a57
another Gamaredon ref and version bump
2022-02-18 08:26:01 +01:00
Daniel Plohmann
254dd47a61
adding ACTINIUM as MSFT name for Gamaredon
2022-02-18 08:24:35 +01:00
Delta-Sierra
9b76d71c43
Merge https://github.com/MISP/misp-galaxy into main
2022-02-14 08:47:21 +01:00
Delta-Sierra
3184819968
add DDG botnet and more
2022-02-11 16:13:36 +01:00
rwe
4700780d47
added antlion APT group
2022-02-05 04:52:33 -08:00
Daniel Plohmann
833a6e0a8d
updated URLs for Gamaredon with Shuckworm alias reference
2022-02-02 09:40:10 +01:00
Daniel Plohmann
8f928d8eb3
adding Gamaredon alias Shuckworm used by Symantec
2022-02-02 09:35:53 +01:00
Delta-Sierra
e523bdaf70
merge
2022-01-14 16:08:14 +01:00
Thomas Dupuy
c792bdd1b7
Add AQUATIC PANDA threat actor.
2022-01-12 13:51:11 -05:00
Sami Tainio
dcb87b0dc6
chg: [threat-actor] Add SideCopy
2022-01-07 17:45:41 +02:00
Daniel Plohmann
3094283252
adding Mandiant's FIN13.
2022-01-03 09:32:43 +01:00
Delta-Sierra
bb92427b65
add Lyceum synonyms/sources
2021-11-29 12:05:51 +01:00
Jeroen Pinoy
9ec76ae185
Add threat actor common raven
2021-10-03 23:30:20 +02:00
Thomas Dupuy
89a3f986ba
Add InkySquid synonym.
2021-08-24 16:29:34 +02:00
Daniel Plohmann
3272960a14
fixed typo in actor name (CLOCKWORD -> CLOCKWORK SPIDER)
2021-08-19 06:02:40 +02:00
Rony
5dd0c7d8b3
chg: [threat-actor] add origin country to UNC2452 & HAFNIUM
...
addressed https://github.com/MISP/misp-galaxy/pull/660#issuecomment-884475015
2021-08-02 22:30:05 +05:30
Rony
636ccdedcd
Update threat-actor.json
2021-07-21 18:47:56 +05:30
Rony
9ecfecc063
another fix
2021-07-21 18:41:18 +05:30
Rony
32ea60d721
fix
2021-07-21 18:31:05 +05:30
Rony
52e7d5a0a9
multiple updates to apt40, apt31 & hafnium
2021-07-21 18:28:40 +05:30
Rony
fb9a41f8e9
from Gov Canada & MFA Japan
2021-07-19 20:33:35 +05:30
Rony
c90c60cb13
adding references for APT40 & APT31
2021-07-19 20:14:36 +05:30
6c8949caa9
Merge pull request #658 from jasperla/oilrig
...
merge APT34 with OilRig
2021-07-03 08:56:39 +02:00
Deborah Servili
b6005bd53f
Merge branch 'main' into master
2021-07-02 13:30:51 +02:00
Delta-Sierra
913aff30c3
Add NOBELIUM and related
2021-07-02 13:18:03 +02:00
Jasper Lievisse Adriaanse
792490298e
merge APT34 with OilRig
...
OilRig already has "APT 34" and "APT34" as synonyms. Additionally
MITRE has since combined them due to overlap in activity:
https://attack.mitre.org/groups/G0049/
2021-06-29 20:26:04 +02:00
Jürgen Löhel
254c201601
[cluster][tool] Adds Matanbuchus
...
+ threat actor: BelialDemon
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-06-21 18:04:28 -05:00
Thomas Dupuy
772c5145c1
Added BackdoorDiplomacy and Gelsemium.
2021-06-11 11:48:57 -04:00
Rony
9a723b6261
more ta544 references
2021-05-26 20:26:27 +05:30
Rony
db06e1fa4a
chg: [threat-actor] added cybercrime threat group profiles from Crowdstrike & Secureworks
2021-05-22 21:02:30 +05:30
Daniel Plohmann
433ea5cb45
Twisted Spider -> TWISTED SPIDER
...
fair point
2021-05-19 17:04:58 +02:00
Daniel Plohmann
9719122d27
adding Twisted Spider as alias for TA2101 (Maze)
2021-05-19 16:47:41 +02:00
a3cdbc1309
Merge pull request #650 from Still34/patches/alias-tick-1
...
Add alias for Tick
2021-05-07 23:23:38 +02:00
Still Hsu
eb671f1e6a
Add Nian alias
...
Signed-off-by: Still Hsu <dev@stillu.cc>
2021-05-08 00:52:27 +08:00
Still Hsu
fe7c0dab07
Add country origin for BlackTech
...
Signed-off-by: Still Hsu <dev@stillu.cc>
2021-05-08 00:32:39 +08:00
Daniel Plohmann
38b8bac51d
fixing broken/dead links
2021-05-04 20:15:17 +02:00
Rony
faed812fc9
Merged STALKER PANDA to Tick
2021-04-25 19:12:20 +05:30
Rony
89b9c0c32c
several updates to apt27
2021-04-25 16:53:36 +05:30
Daniel Plohmann
6eb594a6b0
adding Yanbian Gang as threat actor
2021-04-16 15:12:45 +02:00
Daniel Plohmann
2d8e9ea364
Symantec uses Palmerworm as alias for BlackTech
...
Adding Palmerworm as Symantec alias for BlackTech (with reference).
2021-03-31 22:35:12 +02:00
Thomas Dupuy
a8c62ddeda
Add Ghostwriter.
2021-03-31 09:42:40 -04:00
Rony
50f5d2ae4a
reverted changes made into 52ae97718d
2021-03-30 22:19:05 +05:30
sebdraven
ce8a9442eb
validation jsons
2021-03-30 13:12:21 +00:00
Sebdraven
52ae97718d
Update threat-actor.json
...
add a synonym to Haffnium
2021-03-30 15:11:09 +02:00
sebdraven
b082977b9f
validation ok
2021-03-30 10:22:35 +00:00
Sebdraven
4ed4cebcee
Update threat-actor.json
...
format json
2021-03-30 12:16:22 +02:00
Sebdraven
a62e3ba530
Update threat-actor.json
...
add redecho threat actor
2021-03-30 12:10:50 +02:00
Delta-Sierra
7c843ac5c2
fix merge & jq
2021-03-11 14:08:29 +01:00
Delta-Sierra
c37befc8a9
merge
2021-03-11 10:35:05 +01:00
Rony
57c7d0b9a0
From Nextron
2021-03-06 19:44:32 +05:30
Rony
6cabbfb091
more!
2021-03-06 14:22:29 +05:30
Rony
7b242555df
More references
...
From
Crowdstrike
MSRC
and kql hunting query from James Quinn
2021-03-06 13:28:14 +05:30
Rony
eaab88ef28
add HAFNIUM detection refs
2021-03-05 16:51:28 +05:30
Rony
4bc438a325
fix
2021-03-05 11:48:43 +05:30
Rony
d9b299aafc
add more HAFNIUM references
2021-03-05 11:42:04 +05:30
Rony
c9f7afef1c
Adding alias NOBELIUM
2021-03-04 22:39:33 +05:30
47dade9d0e
Merge pull request #631 from r0ny123/Enhancement
...
Add HAFNIUM
2021-03-04 14:48:01 +01:00
Rony
ad795606cf
added HAFNIUM
...
Updates:
Tonto Team
UNC2452
2021-03-04 00:10:33 +05:30
Sebdraven
2666341afc
Update threat-actor.json
...
update Sidewinder card
2021-03-03 17:59:25 +01:00
Thomas Dupuy
f842694fda
Update Infy TA.
2021-03-02 14:37:01 -05:00
Delta-Sierra
d273a5da7d
add TeamTNT ref
2021-02-25 09:52:24 +01:00
Rony
5c6f3a036b
removing DePrimon
...
DePrimon is not a TA, added malfamily (waiting for approval) to Malpedia to better reflect that.
2021-02-24 21:55:04 +05:30
Delta-Sierra
7c1ac58141
add TeamTNT
2021-02-22 16:38:18 +01:00
Delta-Sierra
96bf0d44ea
Merge https://github.com/MISP/misp-galaxy
2021-02-09 14:52:58 +01:00
Daniel Plohmann
d61e7d2fac
adding ClearSky alias for Volatile Cedar
...
adding ClearSky report as source and alias to the VolatileCedar entry. As proof from the report: "We attributed the operation to Lebanese Cedar (also known as Volatile Cedar), mainly based on the code overlaps between the 2015 variants of Explosive RAT and Caterpillar WebShell, to the 2020 variants of these malicious files."
2021-01-29 10:39:18 +01:00
StefanKelm
fb35646406
Update threat-actor.json
...
Lazarus
2021-01-26 14:38:37 +01:00
StefanKelm
a131a7ce98
Update threat-actor.json
...
Lazarus
2021-01-20 17:43:18 +01:00
3c19c7c1e5
Merge pull request #617 from danielplohmann/patch-4
...
merge COVELLITE into Lazarus Group
2021-01-17 16:05:13 +01:00
Daniel Plohmann
ca66fcd93a
merge COVELLITE into Lazarus Group
...
I would propose to move COVELLITE as tracked by Dragos as an alias into Lazarus Group and merge the references.
Dragos' own description states that it refers to the same group as "Lazarus" and "Hidden Cobra" in that infrastructure and tools are the same: https://www.dragos.com/threat-activity-groups/ - the entry in MISP's threat actor library also reflects that.
2021-01-17 15:07:26 +01:00
Rony
91e87cf82c
Update threat-actor.json
...
Don't know how StarCraft
2021-01-17 12:21:34 +05:30
Daniel Plohmann
edcc3c0bc1
merging ScarCruft->APT37
...
I would like to propose merging entry "ScarCruft" into "APT37". It really just seems like a redundancy, as both its aliases "Operation Daybreak" and "Operation Erebus" are already present for "APT37", along alias "StarCruft", which just seems to be a less popular variation of the name ("StarCruft" 3.2k google hits vs "ScarCruft" 31.5k google hits). The references of the entry can be fully merged as well - they do not overlap so far.
2021-01-15 18:52:49 +01:00
Delta-Sierra
a6f7795952
fix merge
2021-01-12 10:38:33 +01:00
2b356a9eb0
chg: [threat-actor] UNC2452/DarkHalo added - ref. #614
2021-01-12 07:01:36 +01:00
Rony
3240aa819f
Update threat-actor.json
2020-12-14 11:54:41 +05:30
Rony
2ffb77b35b
BISMUTH
2020-12-14 10:41:15 +05:30
Delta-Sierra
31f96513b2
update sidewinder threat actor
2020-12-11 16:09:33 +01:00
StefanKelm
5dc92995f6
Update threat-actor.json
...
DeathStalker, Mabna
2020-12-04 11:43:06 +01:00
StefanKelm
4fee985b5e
Update threat-actor.json
...
Turla
2020-12-03 13:05:14 +01:00
StefanKelm
72e085aba9
Update threat-actor.json
...
OceanLotus
2020-12-02 11:44:29 +01:00
StefanKelm
15b5f4c881
Update threat-actor.json
...
APT27
2020-11-30 11:49:23 +01:00
StefanKelm
da910c0c2e
Update threat-actor.json
2020-11-18 19:15:11 +01:00
StefanKelm
48ffaa8ce1
Update threat-actor.json
...
Lazarus
2020-11-18 12:10:23 +01:00
StefanKelm
bf5bdeacb0
Update threat-actor.json
...
OceanLotus
2020-11-09 14:39:55 +01:00
StefanKelm
41a7a36317
Update threat-actor.json
...
Kimsuky
2020-11-02 17:30:25 +01:00
Rony
333e55fbeb
remove duplicate!
2020-11-02 14:18:49 +05:30
Rony
000cfa68a8
Update threat-actor.json
...
Added TRACER KITTEN, FIN11, UNC1878, Operation Skeleton Key
2020-11-02 13:51:08 +05:30
Deborah Servili
28784683db
Merge branch 'main' into master
2020-10-30 16:17:27 +01:00
24f05749f0
Merge branch 'master' of https://github.com/enhanced/misp-galaxy into enhanced-master
2020-10-30 09:47:45 +01:00
JJ Cummings
c48a38c2f1
Added a new cryptominer galaxy and additional missing recent families to various clusters
2020-10-29 14:40:22 -06:00
StefanKelm
808c2c3828
Update threat-actor.json
...
Kimsuky
2020-10-28 12:52:06 +01:00
Daniel Plohmann
02bcf1f5a7
adding PowerPool alias IAmTheKing (Kaspersky)
...
after a quick search I haven't found a nice source except for costin's tweet.
2020-10-09 13:49:16 +02:00
StefanKelm
7bab41e367
Update threat-actor.json
...
TA505
2020-10-06 15:29:54 +02:00
StefanKelm
1d05f17507
Update threat-actor.json
...
XDSpy
2020-10-06 12:45:43 +02:00
StefanKelm
18eebc01f6
Lazarus
2020-09-29 12:02:16 +02:00
Bart
2b51f7b6de
Update threat-actor.json
...
Add Machete alias
2020-09-27 18:37:24 +02:00
StefanKelm
e95fbb571d
Update threat-actor.json
...
GADOLINIUM
2020-09-25 11:52:34 +02:00
StefanKelm
3ad3d5f318
Update threat-actor.json
...
APT28
2020-09-22 18:07:33 +02:00
Deborah Servili
4f3b6945c0
Merge https://github.com/MISP/misp-galaxy
2020-09-22 12:17:42 +02:00
Rony
d1c70b3d80
FBI FLASH AC-000133-TT
2020-09-17 11:05:00 +05:30
Rony
4d4a462d7a
Update threat-actor.json
...
Adding Fox-Kitten and cleaned (or improved) winnti
2020-09-17 00:07:40 +05:30
Deborah Servili
0fe525a9db
Merge https://github.com/MISP/misp-galaxy
2020-09-16 10:22:38 +02:00
Deborah Servili
00b5d0d116
add refs
2020-09-16 10:08:31 +02:00
Daniel Plohmann (jupiter)
7b00674c77
Adding TA413 and Evilnum
2020-09-15 14:19:22 +02:00
StefanKelm
63030f2cfe
Update threat-actor.json
...
APT33
2020-09-14 12:01:53 +02:00
StefanKelm
3cc3cc461a
Update threat-actor.json
...
STRONTIUM
2020-09-11 11:38:06 +02:00
StefanKelm
57a31fd60c
Update threat-actor.json
...
Lazarus, FIN7
2020-09-03 14:44:10 +02:00
StefanKelm
503d421a56
Update threat-actor.json
...
TA542
2020-08-31 15:07:13 +02:00
Thomas Dupuy
d0c6b7b46d
Update Tonto Team/CactusPete threat actor
2020-08-13 15:57:33 -04:00
Thomas Dupuy
4130d7c6fc
Update TA APT40
2020-08-13 12:22:36 -04:00
Daniel Plohmann
8407b6fd28
Update threat-actor.json
...
adding Kaspersky's name for Microcin.
2020-08-12 12:03:28 +02:00
Vasileios Mavroeidis
40d12b9dde
Motive correction based on the EU Cert motive taxonomy
...
Changed the motive in object 29af2812-f7fb-4edb-8cc4-86d0d9e3644b from Hactivism-Nationalist to Hacktivists-Nationalists
2020-07-28 11:43:46 +02:00
44afaf2523
chg: [threat-actor] remove duplicate references
2020-07-27 09:57:41 +02:00
StefanKelm
86c54cbd8c
Update threat-actor.json
...
OilRig
2020-07-23 11:07:22 +02:00
Steve Clement
df6bed3d3a
Merge pull request #563 from r0ny123/patch-1
2020-07-22 09:14:13 +09:00
StefanKelm
17a1feb016
Update threat-actor.json
...
Turla
2020-07-15 11:20:18 +02:00
Rony
c33f4c7611
Update threat-actor.json
...
Moved the JUDGMENT PANDA references to APT31 following the previous commit.
Off note, Crowdstrike quietly removed the JUDGMENT PANDA section from its GTR-2019 report. However if anyone wants to grab the unchanged report, they can get it [here](https://b-ok.asia/book/3697424/2ab30a ).
2020-07-12 12:57:24 +05:30
Rony
b77b9d374c
Update threat-actor.json
2020-07-12 11:19:13 +05:30
Deborah Servili
84474ddb29
merge
2020-07-09 16:31:04 +02:00
Deborah Servili
865e76beae
commit
2020-07-07 14:47:44 +02:00
ba46bb6a0b
chg: [threat-actor] fix #561 by using new meta to classify as a campaign only.
...
Based on https://github.com/MISP/misp-galaxy/issues/469
There is an old and persistence issue in attribution world and basically no-one really agrees on this. So we decided to start a specific metadata `threat-actor-classification` on the threat-actor to define the various types per cluster entry:
- _operation_:
- _A military operation is the coordinated military actions of a state, or a non-state actor, in response to a developing situation. These actions are designed as a military plan to resolve the situation in the state or actor's favor. Operations may be of a combat or non-combat nature and may be referred to by a code name for the purpose of national security. Military operations are often known for their more generally accepted common usage names than their actual operational objectives._ from Wikipedia
- **In the context of MISP threat-actor name, it's a single specific operation.**
- _campaign_:
- _The term military campaign applies to large scale, long duration, significant military strategy plans incorporating a series of inter-related military operations or battles forming a distinct part of a larger conflict often called a war. The term derives from the plain of Campania, a place of annual wartime operations by the armies of the Roman Republic._ from Wikipedia
- **In the context of MISP threat-actor-name, it's long-term activity which might be composed of one or more operations.**
- threat-actor
- **In the context of MISP threat-actor-name, it's an agreed name by a set of organisations.**
- activity group
- **In the context of MISP threat-actor-name, it's a group defined by its set of common techniques or activities.**
- unknown
- **In the context of MISP threat-actor-name, it's still not clear if it's an operation, campaign, threat-actor or activity group**
The meta field is an array to allow specific cluster of threat-actor to show the current disagreement between different organisations about the type (threat actor, activity group, campaign and operation).
2020-07-07 09:13:21 +02:00
164e54c3fe
Merge branch 'master' of github.com:MISP/misp-galaxy
2020-07-02 09:55:42 +02:00
StefanKelm
14665429d7
Update threat-actor.json
...
APT31
2020-06-25 16:23:00 +02:00
StefanKelm
92bc206879
Update threat-actor.json
...
APT30
2020-06-23 14:54:09 +02:00
Rony
bc97b07089
Update threat-actor.json
2020-06-21 19:19:17 +05:30
StefanKelm
583f1d2fc2
Update threat-actor.json
...
TA505
2020-06-17 11:56:29 +02:00
0cb36249a4
chg: [jq] all the things
2020-06-12 09:26:30 +02:00
Rony
29be5ac7e1
fixed typo!
2020-06-12 00:09:59 +05:30
Rony
9365bfb7cd
Adding GALLIUM Threat Actor
2020-06-11 23:42:35 +05:30
StefanKelm
f042f98247
Update threat-actor.json
...
Higaisa
2020-06-08 14:09:39 +02:00
StefanKelm
9c25d5e8c5
Update threat-actor.json
...
Cycldek
2020-06-04 17:18:45 +02:00
Daniel Plohmann (jupiter)
a705d1402f
fixing deadlinks where possible
2020-05-27 09:49:58 +02:00
Daniel Plohmann (jupiter)
171f272a1e
default to HTTPS to be consistent with other links to same page
2020-05-27 09:27:52 +02:00
8a0a4cb02d
Merge pull request #551 from nyx0/master
...
Add CrackMapExec, metasploit, Cobalt Strike and Covenant
2020-05-27 09:10:08 +02:00
Thomas Dupuy
291fb41502
Remove duplicate TA (Chafer), fix symantec link, add synonyme for DarkHotel
2020-05-26 09:50:43 -04:00
Rony
fbd351590a
Update threat-actor.json
2020-05-24 23:18:54 +05:30
Rony
5f8094d16f
fix
2020-05-24 23:14:43 +05:30
b5bbc34f5d
chg: [threat-actor] remove the non-unique elements
2020-05-22 14:01:32 +02:00
Nils Kuhnert
fbfe9d23c3
Merged (most) SecureWorks threat actor profiles && jq
2020-05-22 13:45:29 +02:00
Daniel Plohmann
5101c5a828
msft name: BORON for APT3
...
as per tweet: https://twitter.com/bkMSFT/status/1259578051962306562
2020-05-11 15:37:38 +02:00
09429eda5a
chg: [ta] fix the JSON
2020-05-11 10:20:10 +02:00
Thomas Dupuy
69fe870803
Add Higaisa Threat Actor
2020-05-08 13:01:48 -04:00
Deborah Servili
1d331a9ab1
Merge branch 'master' into master
2020-04-28 15:19:38 +02:00
2a70893352
chg: [jq] JSON fixed
2020-04-27 15:03:25 +02:00
de Rosen
a428ad565e
Added misp info
2020-04-27 15:16:33 +03:00
Deborah Servili
f6fd07fbc9
add speculoos bakdoor
2020-04-27 09:36:23 +02:00
86157a6b96
Merge pull request #539 from r0ny123/MergingTA
...
Adding alias Thallium and merging STOLEN PENCIL
2020-04-26 21:16:56 +02:00
Rony
112f9e4a08
Adding alias Thallium and merging STOLEN PENCIL
...
Pretty much confirmed from the crowdstrike talk at ATT&CKon 2.0.
And also Netscout named the campaign as STOLEN PENCIL.
2020-04-26 23:47:37 +05:30
de71a444f8
chg: [json] add missing comma
2020-04-26 14:23:59 +02:00
rvs1st
d449eb94fc
Update threat-actor.json
...
Added on line 1403: Trident per campaign malicious RTF documents to exploit CVE-2017-11882 and CVE-2012-0158
2020-04-24 09:03:58 -05:00
4234d44052
Merge pull request #537 from danielplohmann/patch-28
...
Adding Nazar APT as described by JAGS in his OPCDE talk yesterday.
2020-04-24 15:33:47 +02:00
Daniel Plohmann
858621ebdc
Adding Nazar APT as described by JAGS in his OPCDE talk yesterday.
2020-04-23 15:47:35 +02:00
Daniel Plohmann
b0f0bbae33
adding VOYEUR as alias (used by NSA) for MAGIC KITTEN (source reference included)
2020-04-23 14:52:08 +02:00
Deborah Servili
6b49d81b13
Merge branch 'master' of https://github.com/MISP/misp-galaxy
2020-04-23 10:06:04 +02:00
itayc0hen
667d5b8850
Add ItaDuke/DarkUniverse actor
2020-04-22 19:44:38 +03:00
pnx@pyrite
974ece3a7c
adding FIN1
2020-04-20 14:20:22 +02:00
Rony
aa34775390
typo
...
thanks to @patricksvgr
2020-04-19 23:17:44 +05:30
Rony
ddfa280672
Update threat-actor.json
2020-04-19 23:06:57 +05:30
Rony
7ac2648dbc
more fix
2020-04-19 23:00:42 +05:30
Rony
573b4807ee
fix broken links
2020-04-19 16:03:21 +05:30
Rony
42a4820823
dead link
2020-04-19 11:45:45 +05:30
Rony
0aa34187e9
add link
2020-04-19 11:29:36 +05:30
Rony
d6bf42254f
Merging APT23 & Tropic Trooper
2020-04-18 13:22:25 +05:30
Rony
c161080175
Update threat-actor.json
2020-04-15 21:36:48 +05:30
Deborah Servili
e8edc9cafc
Merge branch 'master' of https://github.com/MISP/misp-galaxy
2020-04-15 11:27:01 +02:00
Deborah Servili
b01e64eb1f
add Operation Shadow Forece
2020-04-08 14:53:19 +02:00
Daniel Plohmann
aba625dee5
removed duplicate entry
2020-04-07 08:49:33 +02:00
Daniel Plohmann
e15a4a6525
fixing/removing some more dead links
2020-04-06 15:25:22 +02:00
e37f320df5
Merge pull request #523 from danielplohmann/patch-24
...
adding aliases MERCURY, HOLMIUM
2020-03-09 21:56:27 +01:00
Daniel Plohmann
ab49ef3c1a
Kimsuki -> Black Banshee
...
PWC refers to Kimsuki as Black Banshee (https://www.pwc.co.uk/issues/cyber-security-data-privacy/research/tracking-kimsuky-north-korea-based-cyber-espionage-group-part-2.html )
2020-03-09 18:20:56 +01:00
Daniel Plohmann
1260ab156a
adding aliases MERCURY, HOLMIUM
...
Muddywater->MERCURY: https://twitter.com/moranned/status/1234071210822184960
APT33->HOLMIUM: https://www.zdnet.com/article/microsoft-notified-10000-victims-of-nation-state-attacks/
2020-03-09 08:50:08 +01:00
4a64d0a4ad
Merge pull request #519 from danielplohmann/crowdstrike2020report
...
adding new/updated threat actor names from CrowdStrike 2020 report
2020-03-05 09:07:16 +01:00
Daniel Plohmann (jupiter)
0c2b0b76eb
while we are at it, we can also do Longhorn = APT-C-39
2020-03-04 21:09:06 +01:00
Daniel Plohmann (jupiter)
184f193342
IMPERIAL KITTEN as alias for Tortoiseshell
2020-03-04 19:39:14 +01:00
pnx@pyrite
3dc460e795
adding new/updated threat actor names from CrowdStrike 2020 report
2020-03-04 13:36:34 +01:00
Daniel Plohmann
dc059d1f4d
Accenture calls APT32 - "POND LOACH"
2020-03-03 19:40:50 +01:00
b4b91b1e5d
chg: [threat-actor] JSON fixed
2020-02-28 16:37:24 +01:00
Thomas Dupuy
0daeb675f5
Add InvisiMole cluster
2020-02-18 13:28:32 -05:00
Daniel Plohmann
e481e9bb50
adding APT-C-12
2020-02-13 17:44:45 +01:00
Rony
22c9badee0
Update threat-actor.json
...
those are the name of aliases of the same malware family sykipot. so removing it.
2020-02-05 18:00:31 +05:30
Deborah Servili
5da17d51aa
Merge branch 'master' into master
2020-01-24 09:33:33 +01:00
Deborah Servili
606e3ec90f
jq
2020-01-24 09:32:09 +01:00
Deborah Servili
58415324c5
add Operation Wocao
2020-01-24 08:27:20 +01:00
Thomas Dupuy
edc5196373
Add Attor and DePriMon
2020-01-23 11:27:00 -05:00
Daniel Plohmann
ccfe5ee130
removing and fixing deadlinks in the best possible way
...
Hi! While migrating Malpedia to our new reference data format, we noticed a few potentially dead/moved references in your cluster. This pull request should fix most of them, for some I was not able to find an appropriate replacement.
2020-01-23 11:14:20 +01:00
Daniel Plohmann
29a128da6f
adding references and TEMP.MixMaster as alias for WIZARD SPIDER
...
with kudos to @tbarabosch
2020-01-22 15:42:01 +01:00
dbaab413b6
chg: [threat-actor] typo fixed
2020-01-18 17:30:27 +01:00
564f27c5ca
chg: [threat-actor] format fixed
2020-01-18 17:26:45 +01:00
34c5c66279
chg: [threat-actor] fix order
2020-01-18 17:08:32 +01:00
8eeceafc51
chg: [threat-actor] Budminer APT added based on document from "Soesanto, Stefan"
...
Ref: https://www.research-collection.ethz.ch/bitstream/handle/20.500.11850/389371/1/Cyber-Reports-2020-01-A-one-sided-Affair.pdf
Ref: https://www.symantec.com/connect/blogs/taiwan-targeted-new-cyberespionage-back-door-trojan
2020-01-18 17:02:44 +01:00
5da0c7bd54
chg: [threat-actor] SideWinder APT group added
2020-01-07 10:42:07 +01:00
StefanKelm
9b6f9136f9
Update threat-actor.json
2020-01-03 12:50:49 +01:00
StefanKelm
9373cfcb53
Update threat-actor.json
...
BRONZE PRESIDENT
2020-01-03 12:42:57 +01:00
Rony
6b1142abac
Update threat-actor.json
2019-12-23 22:05:28 +05:30
Bart
8ebb2e2d16
Update threat-actor.json
...
Adds Operation Wocao..
2019-12-19 21:42:02 +01:00
9f56a91013
Merge pull request #492 from Delta-Sierra/master
...
Operation Soft Cell ralated Updates
2019-12-13 13:35:52 +01:00
Deborah Servili
03c54a3e05
add GALLIUM as microsoft activities group and similar to Operation Soft Cell
2019-12-13 11:47:31 +01:00
Deborah Servili
3be47af325
update threat actor version
2019-12-13 11:04:51 +01:00
Deborah Servili
9b153913be
add relation suspected link between operation soft cell and apt10
2019-12-13 10:59:06 +01:00
Sebastian Wagner
c3b5b39dd3
sofacy: add apt_sofacy as synonym
2019-12-12 15:57:13 +01:00
Deborah Servili
170f964e8c
##COMMA##
2019-12-11 14:22:09 +01:00
Deborah Servili
7e18f2e509
Merge branch 'master' into master
2019-12-11 13:51:52 +01:00
Deborah Servili
391b5a674d
add Axiom synonym
2019-12-11 13:50:35 +01:00
8da36c09e1
chg: [threat-actor] jq
2019-12-08 09:03:14 +01:00
Daniel Plohmann
94b3c1ec07
added APT-C-34 / Golden Falcon
2019-12-07 12:44:30 +01:00
Deborah Servili
31f3a61d5f
add Sofacy ref
2019-12-05 15:42:42 +01:00
Daniel Plohmann
bd3cc6d8ee
added TA2101
2019-12-03 18:13:44 +01:00
8cc5e02f22
chg: [clean-up] jq all the things
2019-11-21 17:19:39 +01:00
Deborah Servili
38641aae36
merge
2019-11-21 16:24:11 +01:00
Deborah Servili
f21dd95b28
merge
2019-11-21 16:23:29 +01:00
Deborah Servili
1a0dd2292b
add silence synonym & new meta field spoken-language
2019-11-21 11:50:02 +01:00
StefanKelm
aa132ca58f
new refs for APT33
2019-11-14 14:57:05 +01:00
eea0f528fa
chg: [threat-actor] Lucky Mouse synonym added
...
Ref: https://www.bleepingcomputer.com/news/security/cyber-espionage-group-customizes-old-public-tools/
Ref: https://www.cybersecurity-insiders.com/apt-lucky-mouse-group-targets-canada-icao-via-cyber-attack/
2019-11-12 12:51:44 +01:00
Raphaël Vinot
1486890f86
fix: JQ all the things.
2019-11-12 10:25:00 +01:00
871d90cfc2
chg: [threat-actor] Calypso group added
...
Ref: https://www.ptsecurity.com/upload/corporate/ru-ru/analytics/calypso-apt-2019-rus.pdf
MISP UUID: 5ca4718b-7f38-4822-83b7-0a1a0a00b412
2019-11-11 13:34:54 +01:00
d9a64c18ff
chg: [threat-actor] threat-actor-classification updated
2019-11-04 09:37:52 +01:00
6f463325b9
chg: [threat-actor] jq is jq
2019-11-03 16:01:09 +01:00
64a3569803
Merge branch 'master' of github.com:MISP/misp-galaxy
2019-11-03 08:52:37 +01:00
8d01e77574
chg: [threat-actor] Operation WizardOpium added
...
ref: https://securelist.com/chrome-0-day-exploit-cve-2019-13720-used-in-operation-wizardopium/94866/
2019-11-03 08:51:37 +01:00
346e54a321
Merge pull request #468 from Delta-Sierra/master
...
add Turla Group Symonym variant
2019-11-02 13:40:21 +01:00
Deborah Servili
1da2dc8af1
add Turla Group Symonym variant
2019-10-31 16:33:32 +01:00
Deborah Servili
efa2f43c0f
Merge pull request #467 from Delta-Sierra/master
...
Few updates
2019-10-31 14:31:16 +01:00
Deborah Servili
bee9b80898
jq
2019-10-31 10:37:36 +01:00
Deborah Servili
0a8f989e1c
add Winnti related tools etc.
2019-10-31 10:36:15 +01:00
Rony
1fc0f5e2e7
Update threat-actor.json
2019-10-17 09:46:56 +05:30
Deborah Servili
88025a541f
add operation soft cell
2019-10-14 16:07:35 +02:00
Deborah Servili
a4b59f647c
jq
2019-09-25 13:41:55 +02:00
309109eb27
chg: [threat-actor] new LookBack (Malware?Campaign?TA?)
...
Signed-off: During MISP training
2019-09-25 12:12:34 +02:00
a5ae130916
chg: [threat-actor] Evil Eye and POISON CARP
...
Ref: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/
Signed-off: Jean-Louis during training session
2019-09-25 11:27:03 +02:00
Deborah Servili
638cdd4198
version update
2019-09-20 14:54:56 +02:00
Deborah Servili
b9b4b9c651
Add Tortoiseshell thrat actor
2019-09-20 14:53:25 +02:00
StefanKelm
db2b5a13ef
Update threat-actor.json
...
Silent Librarian
2019-09-12 11:57:03 +02:00
Deborah Servili
718ea55dd7
Merge branch 'master' into master
2019-09-04 14:42:47 +02:00
Deborah Servili
9e3a998dfc
aff SectorJ04 group
2019-09-03 15:51:21 +02:00
Daniel Plohmann
f40b7dd132
'SectorJ04 Group' as alias introduced by NSHC for TA505
...
Not explicitly mentioned in the blog post but it looks like we just got an alias for TA505... https://threatrecon.nshc.net/2019/08/29/sectorj04-groups-increased-activity-in-2019/
2019-09-01 15:46:36 +02:00
0966e58da6
Merge branch 'master' of github.com:MISP/misp-galaxy
2019-08-30 11:06:29 +02:00
f5056ff02e
chg: [threat-actor] add machete-apt synonyms as reported in #445
2019-08-30 11:03:30 +02:00
StefanKelm
49f8f60a85
Update threat-actor.json
...
Add ITG08 as synonym for FIN6
2019-08-29 13:13:00 +02:00
8d78a2a108
chg: [threat-actor] jq all
2019-08-29 08:31:10 +02:00
791c88f2eb
Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master
2019-08-29 08:30:41 +02:00
Deborah Servili
395dd93e0f
add Asruex Backdoor
2019-08-28 15:40:03 +02:00
9926ea8826
chg: [threat-actor] LYCEUM added - 443 #fixed
2019-08-28 14:35:12 +02:00
Deborah Servili
ea68336b96
add ref for Gamaredon
2019-08-27 08:28:58 +02:00
Sebastian Wagner
38aebbf42a
remove empty strings
2019-08-19 17:04:07 +02:00
3841447e16
Merge pull request #434 from r0ny123/patch-1
...
added microsoft naming for the groups
2019-08-10 18:52:26 +02:00
Thomas Dupuy
df5c9057a1
add synonyme for Turla
2019-08-09 17:34:22 -04:00
Rony
feac39db6b
added microsoft naming for the groups
2019-08-09 22:19:09 +05:30
Thomas Dupuy
320e298549
update victims
2019-08-09 10:45:10 -04:00
Thomas Dupuy
1988662ee5
add APT41
2019-08-09 10:24:06 -04:00
Nils Kuhnert
17925f3e10
Remove local file link :)
2019-08-03 18:55:00 +02:00
7913adad61
chg: [threat-actor] rollback as discussed by chat with Andras until version 2.0
2019-08-02 16:08:40 +02:00
Andras Iklody
984be50396
lowercased value field for DarkHotel
2019-08-02 15:40:31 +02:00
a401ff7405
Merge branch 'master' into patch-13
2019-08-01 08:52:27 +02:00
Daniel Plohmann
0367e16ce0
adding secureworks actor names for energetic bear and teamspy
2019-07-31 14:35:09 +02:00
Daniel Plohmann
a4a72d0698
adding Proofpoint's TA428
2019-07-31 14:08:50 +02:00
Deborah Servili
2861d2d78c
jq
2019-07-16 10:13:10 +02:00
Deborah Servili
ea4d8a2d42
add SWEED threat actor
2019-07-16 10:03:07 +02:00
9517c8b878
chg: [threat-actor] version updated
2019-06-20 17:58:35 +02:00
8c90f7231c
chg: [threat-actor] duplicated refs removed
2019-06-20 17:35:35 +02:00
5e9d075ae5
chg: [threat-actor] synonyms fixed
2019-06-20 17:30:01 +02:00
195406cc6b
chg: [threat-actor] jq everything
2019-06-20 17:27:55 +02:00
d018519700
Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy
2019-06-20 17:23:04 +02:00
Deborah Servili
30f042211b
fix duplicate
2019-06-20 16:35:49 +02:00
Deborah Servili
a984786c8b
update threat actor galaxy
2019-06-20 16:25:23 +02:00
Rony
7afb9083b2
Update threat-actor.json
2019-06-19 23:29:35 +05:30
Deborah Servili
4bd37e2b2d
update threat actor galaxy
2019-06-19 16:38:04 +02:00
Deborah Servili
52e51833de
update threat actor galaxy
2019-06-18 16:05:49 +02:00
Deborah Servili
431e7a36c1
update threat actor galaxy
2019-06-17 16:36:42 +02:00
Deborah Servili
b966369933
##COMMA##
2019-06-14 16:35:55 +02:00
Deborah Servili
1e5292d999
fix duplicate
2019-06-14 16:21:33 +02:00
Deborah Servili
ead217eb28
Update version
2019-06-14 16:11:02 +02:00
Deborah Servili
98f0572d51
update threat actor galaxy
2019-06-14 16:06:09 +02:00
Deborah Servili
b040f9f57b
fix duplicate and links update (APT34)
2019-06-14 08:41:38 +02:00
Deborah Servili
2001652dae
fix duplicate
2019-06-14 08:28:44 +02:00
Deborah Servili
20e77afcc3
update threat actor galaxy
2019-06-13 16:19:21 +02:00
Deborah Servili
11c2f43c9f
tryto fix duplicate
2019-06-13 11:26:42 +02:00
Deborah Servili
e4245ee991
update threat actor galaxy
2019-06-12 16:25:24 +02:00
Deborah Servili
5a3d7e816f
fix duplicate
2019-06-12 09:24:05 +02:00
Deborah Servili
1ba7f19ca2
update threat actor galaxy
2019-06-11 16:14:58 +02:00
Deborah Servili
347ed5d529
jq
2019-06-11 15:57:21 +02:00
Deborah Servili
79f11de6db
update threat actor galaxy
2019-06-11 15:54:39 +02:00
Deborah Servili
d6b458520b
update threat actor galaxy
2019-06-11 11:57:04 +02:00
Deborah Servili
1f2e59addb
update Threat actor galaxy
2019-06-07 16:34:43 +02:00