Rony
aa34775390
typo
...
thanks to @patricksvgr
2020-04-19 23:17:44 +05:30
Rony
ddfa280672
Update threat-actor.json
2020-04-19 23:06:57 +05:30
Rony
7ac2648dbc
more fix
2020-04-19 23:00:42 +05:30
Rony
573b4807ee
fix broken links
2020-04-19 16:03:21 +05:30
Rony
42a4820823
dead link
2020-04-19 11:45:45 +05:30
Rony
0aa34187e9
add link
2020-04-19 11:29:36 +05:30
Rony
d6bf42254f
Merging APT23 & Tropic Trooper
2020-04-18 13:22:25 +05:30
Rony
c161080175
Update threat-actor.json
2020-04-15 21:36:48 +05:30
Deborah Servili
e8edc9cafc
Merge branch 'master' of https://github.com/MISP/misp-galaxy
2020-04-15 11:27:01 +02:00
Deborah Servili
b01e64eb1f
add Operation Shadow Forece
2020-04-08 14:53:19 +02:00
Daniel Plohmann
aba625dee5
removed duplicate entry
2020-04-07 08:49:33 +02:00
Daniel Plohmann
e15a4a6525
fixing/removing some more dead links
2020-04-06 15:25:22 +02:00
e37f320df5
Merge pull request #523 from danielplohmann/patch-24
...
adding aliases MERCURY, HOLMIUM
2020-03-09 21:56:27 +01:00
Daniel Plohmann
ab49ef3c1a
Kimsuki -> Black Banshee
...
PWC refers to Kimsuki as Black Banshee (https://www.pwc.co.uk/issues/cyber-security-data-privacy/research/tracking-kimsuky-north-korea-based-cyber-espionage-group-part-2.html )
2020-03-09 18:20:56 +01:00
Daniel Plohmann
1260ab156a
adding aliases MERCURY, HOLMIUM
...
Muddywater->MERCURY: https://twitter.com/moranned/status/1234071210822184960
APT33->HOLMIUM: https://www.zdnet.com/article/microsoft-notified-10000-victims-of-nation-state-attacks/
2020-03-09 08:50:08 +01:00
4a64d0a4ad
Merge pull request #519 from danielplohmann/crowdstrike2020report
...
adding new/updated threat actor names from CrowdStrike 2020 report
2020-03-05 09:07:16 +01:00
Daniel Plohmann (jupiter)
0c2b0b76eb
while we are at it, we can also do Longhorn = APT-C-39
2020-03-04 21:09:06 +01:00
Daniel Plohmann (jupiter)
184f193342
IMPERIAL KITTEN as alias for Tortoiseshell
2020-03-04 19:39:14 +01:00
pnx@pyrite
3dc460e795
adding new/updated threat actor names from CrowdStrike 2020 report
2020-03-04 13:36:34 +01:00
Daniel Plohmann
dc059d1f4d
Accenture calls APT32 - "POND LOACH"
2020-03-03 19:40:50 +01:00
b4b91b1e5d
chg: [threat-actor] JSON fixed
2020-02-28 16:37:24 +01:00
Thomas Dupuy
0daeb675f5
Add InvisiMole cluster
2020-02-18 13:28:32 -05:00
Daniel Plohmann
e481e9bb50
adding APT-C-12
2020-02-13 17:44:45 +01:00
Rony
22c9badee0
Update threat-actor.json
...
those are the name of aliases of the same malware family sykipot. so removing it.
2020-02-05 18:00:31 +05:30
Deborah Servili
5da17d51aa
Merge branch 'master' into master
2020-01-24 09:33:33 +01:00
Deborah Servili
606e3ec90f
jq
2020-01-24 09:32:09 +01:00
Deborah Servili
58415324c5
add Operation Wocao
2020-01-24 08:27:20 +01:00
Thomas Dupuy
edc5196373
Add Attor and DePriMon
2020-01-23 11:27:00 -05:00
Daniel Plohmann
ccfe5ee130
removing and fixing deadlinks in the best possible way
...
Hi! While migrating Malpedia to our new reference data format, we noticed a few potentially dead/moved references in your cluster. This pull request should fix most of them, for some I was not able to find an appropriate replacement.
2020-01-23 11:14:20 +01:00
Daniel Plohmann
29a128da6f
adding references and TEMP.MixMaster as alias for WIZARD SPIDER
...
with kudos to @tbarabosch
2020-01-22 15:42:01 +01:00
dbaab413b6
chg: [threat-actor] typo fixed
2020-01-18 17:30:27 +01:00
564f27c5ca
chg: [threat-actor] format fixed
2020-01-18 17:26:45 +01:00
34c5c66279
chg: [threat-actor] fix order
2020-01-18 17:08:32 +01:00
8eeceafc51
chg: [threat-actor] Budminer APT added based on document from "Soesanto, Stefan"
...
Ref: https://www.research-collection.ethz.ch/bitstream/handle/20.500.11850/389371/1/Cyber-Reports-2020-01-A-one-sided-Affair.pdf
Ref: https://www.symantec.com/connect/blogs/taiwan-targeted-new-cyberespionage-back-door-trojan
2020-01-18 17:02:44 +01:00
5da0c7bd54
chg: [threat-actor] SideWinder APT group added
2020-01-07 10:42:07 +01:00
StefanKelm
9b6f9136f9
Update threat-actor.json
2020-01-03 12:50:49 +01:00
StefanKelm
9373cfcb53
Update threat-actor.json
...
BRONZE PRESIDENT
2020-01-03 12:42:57 +01:00
Rony
6b1142abac
Update threat-actor.json
2019-12-23 22:05:28 +05:30
Bart
8ebb2e2d16
Update threat-actor.json
...
Adds Operation Wocao..
2019-12-19 21:42:02 +01:00
9f56a91013
Merge pull request #492 from Delta-Sierra/master
...
Operation Soft Cell ralated Updates
2019-12-13 13:35:52 +01:00
Deborah Servili
03c54a3e05
add GALLIUM as microsoft activities group and similar to Operation Soft Cell
2019-12-13 11:47:31 +01:00
Deborah Servili
3be47af325
update threat actor version
2019-12-13 11:04:51 +01:00
Deborah Servili
9b153913be
add relation suspected link between operation soft cell and apt10
2019-12-13 10:59:06 +01:00
Sebastian Wagner
c3b5b39dd3
sofacy: add apt_sofacy as synonym
2019-12-12 15:57:13 +01:00
Deborah Servili
170f964e8c
##COMMA##
2019-12-11 14:22:09 +01:00
Deborah Servili
7e18f2e509
Merge branch 'master' into master
2019-12-11 13:51:52 +01:00
Deborah Servili
391b5a674d
add Axiom synonym
2019-12-11 13:50:35 +01:00
8da36c09e1
chg: [threat-actor] jq
2019-12-08 09:03:14 +01:00
Daniel Plohmann
94b3c1ec07
added APT-C-34 / Golden Falcon
2019-12-07 12:44:30 +01:00
Deborah Servili
31f3a61d5f
add Sofacy ref
2019-12-05 15:42:42 +01:00
Daniel Plohmann
bd3cc6d8ee
added TA2101
2019-12-03 18:13:44 +01:00
8cc5e02f22
chg: [clean-up] jq all the things
2019-11-21 17:19:39 +01:00
Deborah Servili
38641aae36
merge
2019-11-21 16:24:11 +01:00
Deborah Servili
f21dd95b28
merge
2019-11-21 16:23:29 +01:00
Deborah Servili
1a0dd2292b
add silence synonym & new meta field spoken-language
2019-11-21 11:50:02 +01:00
StefanKelm
aa132ca58f
new refs for APT33
2019-11-14 14:57:05 +01:00
eea0f528fa
chg: [threat-actor] Lucky Mouse synonym added
...
Ref: https://www.bleepingcomputer.com/news/security/cyber-espionage-group-customizes-old-public-tools/
Ref: https://www.cybersecurity-insiders.com/apt-lucky-mouse-group-targets-canada-icao-via-cyber-attack/
2019-11-12 12:51:44 +01:00
Raphaël Vinot
1486890f86
fix: JQ all the things.
2019-11-12 10:25:00 +01:00
871d90cfc2
chg: [threat-actor] Calypso group added
...
Ref: https://www.ptsecurity.com/upload/corporate/ru-ru/analytics/calypso-apt-2019-rus.pdf
MISP UUID: 5ca4718b-7f38-4822-83b7-0a1a0a00b412
2019-11-11 13:34:54 +01:00
d9a64c18ff
chg: [threat-actor] threat-actor-classification updated
2019-11-04 09:37:52 +01:00
6f463325b9
chg: [threat-actor] jq is jq
2019-11-03 16:01:09 +01:00
64a3569803
Merge branch 'master' of github.com:MISP/misp-galaxy
2019-11-03 08:52:37 +01:00
8d01e77574
chg: [threat-actor] Operation WizardOpium added
...
ref: https://securelist.com/chrome-0-day-exploit-cve-2019-13720-used-in-operation-wizardopium/94866/
2019-11-03 08:51:37 +01:00
346e54a321
Merge pull request #468 from Delta-Sierra/master
...
add Turla Group Symonym variant
2019-11-02 13:40:21 +01:00
Deborah Servili
1da2dc8af1
add Turla Group Symonym variant
2019-10-31 16:33:32 +01:00
Deborah Servili
efa2f43c0f
Merge pull request #467 from Delta-Sierra/master
...
Few updates
2019-10-31 14:31:16 +01:00
Deborah Servili
bee9b80898
jq
2019-10-31 10:37:36 +01:00
Deborah Servili
0a8f989e1c
add Winnti related tools etc.
2019-10-31 10:36:15 +01:00
Rony
1fc0f5e2e7
Update threat-actor.json
2019-10-17 09:46:56 +05:30
Deborah Servili
88025a541f
add operation soft cell
2019-10-14 16:07:35 +02:00
Deborah Servili
a4b59f647c
jq
2019-09-25 13:41:55 +02:00
309109eb27
chg: [threat-actor] new LookBack (Malware?Campaign?TA?)
...
Signed-off: During MISP training
2019-09-25 12:12:34 +02:00
a5ae130916
chg: [threat-actor] Evil Eye and POISON CARP
...
Ref: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/
Signed-off: Jean-Louis during training session
2019-09-25 11:27:03 +02:00
Deborah Servili
638cdd4198
version update
2019-09-20 14:54:56 +02:00
Deborah Servili
b9b4b9c651
Add Tortoiseshell thrat actor
2019-09-20 14:53:25 +02:00
StefanKelm
db2b5a13ef
Update threat-actor.json
...
Silent Librarian
2019-09-12 11:57:03 +02:00
Deborah Servili
718ea55dd7
Merge branch 'master' into master
2019-09-04 14:42:47 +02:00
Deborah Servili
9e3a998dfc
aff SectorJ04 group
2019-09-03 15:51:21 +02:00
Daniel Plohmann
f40b7dd132
'SectorJ04 Group' as alias introduced by NSHC for TA505
...
Not explicitly mentioned in the blog post but it looks like we just got an alias for TA505... https://threatrecon.nshc.net/2019/08/29/sectorj04-groups-increased-activity-in-2019/
2019-09-01 15:46:36 +02:00
0966e58da6
Merge branch 'master' of github.com:MISP/misp-galaxy
2019-08-30 11:06:29 +02:00
f5056ff02e
chg: [threat-actor] add machete-apt synonyms as reported in #445
2019-08-30 11:03:30 +02:00
StefanKelm
49f8f60a85
Update threat-actor.json
...
Add ITG08 as synonym for FIN6
2019-08-29 13:13:00 +02:00
8d78a2a108
chg: [threat-actor] jq all
2019-08-29 08:31:10 +02:00
791c88f2eb
Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master
2019-08-29 08:30:41 +02:00
Deborah Servili
395dd93e0f
add Asruex Backdoor
2019-08-28 15:40:03 +02:00
9926ea8826
chg: [threat-actor] LYCEUM added - 443 #fixed
2019-08-28 14:35:12 +02:00
Deborah Servili
ea68336b96
add ref for Gamaredon
2019-08-27 08:28:58 +02:00
Sebastian Wagner
38aebbf42a
remove empty strings
2019-08-19 17:04:07 +02:00
3841447e16
Merge pull request #434 from r0ny123/patch-1
...
added microsoft naming for the groups
2019-08-10 18:52:26 +02:00
Thomas Dupuy
df5c9057a1
add synonyme for Turla
2019-08-09 17:34:22 -04:00
Rony
feac39db6b
added microsoft naming for the groups
2019-08-09 22:19:09 +05:30
Thomas Dupuy
320e298549
update victims
2019-08-09 10:45:10 -04:00
Thomas Dupuy
1988662ee5
add APT41
2019-08-09 10:24:06 -04:00
Nils Kuhnert
17925f3e10
Remove local file link :)
2019-08-03 18:55:00 +02:00
7913adad61
chg: [threat-actor] rollback as discussed by chat with Andras until version 2.0
2019-08-02 16:08:40 +02:00
Andras Iklody
984be50396
lowercased value field for DarkHotel
2019-08-02 15:40:31 +02:00
a401ff7405
Merge branch 'master' into patch-13
2019-08-01 08:52:27 +02:00
Daniel Plohmann
0367e16ce0
adding secureworks actor names for energetic bear and teamspy
2019-07-31 14:35:09 +02:00
Daniel Plohmann
a4a72d0698
adding Proofpoint's TA428
2019-07-31 14:08:50 +02:00
Deborah Servili
2861d2d78c
jq
2019-07-16 10:13:10 +02:00