misp-galaxy

mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-23 15:27:18 +00:00

Author	SHA1	Message	Date
Rony	9b9ce4777a	chg: [threat-actor] added references, origin country, aliases to `Sea Turtle`	2023-07-28 11:04:11 +00:00
Thomas Dupuy	2dcd1d3544	upd: Add Worok TA and update APT-Q-12 to APT-C-60 as it was the first name mention in an article.	2023-07-18 19:53:54 +00:00
Delta-Sierra	c51d177abd	add SmugX & RedDelta	2023-07-10 15:46:01 +02:00
Delta-Sierra	20d3b3780a	merge	2023-06-19 08:35:48 +02:00
iglocska	14301a9c4c	chg: [threat actors] added Volt Typhoon	2023-05-25 07:29:48 +02:00
Delta-Sierra	e87b7bbf73	complete VENOM SPIDER threat actor	2023-05-23 11:43:20 +02:00
Delta-Sierra	18ee466ae4	add Hagga threat actor	2023-05-22 15:44:18 +02:00
Delta-Sierra	d202ed9f3f	Merge https://github.com/MISP/misp-galaxy	2023-05-15 09:54:25 +02:00
Delta-Sierra	a3fffacab3	add APT43 + tools	2023-05-15 08:41:17 +02:00
Daniel Plohmann	094d56057c	adding APT43 (Mandiant) for Kimsuky.	2023-05-09 14:35:41 +02:00
Sebastien Larinier	ddc285581d	Update threat-actor.json	2023-04-26 21:52:57 +02:00
Sebastien Larinier	d60cca9302	Update threat-actor.json fix mistake	2023-04-26 21:46:33 +02:00
Sebastien Larinier	142d4aeaef	Update threat-actor.json	2023-04-26 14:26:48 +02:00
Jürgen Löhel	15297c7b5f	chg [threat-actors] Add RedGolf Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>	2023-04-24 16:59:18 -06:00
Christophe Vandeplas	79b80b0869	chg: [rels] more threat actor relations	2023-04-23 17:54:58 +02:00
Christophe Vandeplas	3c6c204f01	chg: [rels] more threat actor relations	2023-04-23 17:45:58 +02:00
Christophe Vandeplas	138c7c7ba8	chg: [rels] more relations on cluster "value"	2023-04-23 17:36:02 +02:00
Christophe Vandeplas	bf7c5f1dd9	chg: [rels] threat-actor & MS activity group - on synonym	2023-04-23 11:56:41 +02:00
Christophe Vandeplas	a5e7e0c95f	chg: [rels] threat-actor & MS activity group - on value	2023-04-23 11:55:57 +02:00
Sebastien Larinier	862badf2c9	Update threat-actor.json	2023-04-19 17:41:44 +02:00
Sebastien Larinier	1c751b1ea8	Update threat-actor.json	2023-04-19 17:34:50 +02:00
Sebastien Larinier	165ce70a28	Merge branch 'MISP:main' into main	2023-04-19 16:48:02 +02:00
Sebastien Larinier	87ef0a400e	Update threat-actor.json	2023-04-19 15:42:14 +02:00
Sebastien Larinier	a77dc82c0a	Update threat-actor.json new apt30 group	2023-04-19 15:35:36 +02:00
Delta-Sierra	ecb7e79a6e	Merge https://github.com/MISP/misp-galaxy	2023-04-19 15:06:51 +02:00
Sebastien Larinier	926035633f	Merge branch 'MISP:main' into main	2023-04-19 11:55:57 +02:00
Daniel Plohmann	41afab1c06	adding Trend Micro alias Earth Smilodon for APT27	2023-04-18 20:11:57 +02:00
Delta-Sierra	6b8994271e	add relationships for HALFRIG & QUATTERRIG	2023-04-18 12:20:20 +02:00
Daniel Plohmann	02e23a9a47	adding Google alias HOODOO for APT41	2023-04-17 22:32:50 +02:00
Delta-Sierra	4a4fa6d16f	fix versions	2023-04-17 11:32:51 +02:00
Delta-Sierra	233a066a03	Merge https://github.com/MISP/misp-galaxy	2023-04-17 11:16:23 +02:00
Delta-Sierra	d4225c5469	add some SNOWYAMBER relationships	2023-04-17 11:16:21 +02:00
Daniel Plohmann	a966b3ff88	adding Trend Micro alias Earth Preta for Mustang Panda	2023-04-12 16:59:36 +02:00
Sebdraven	8713618777	Update threat-actor.json add new ref for sidecopy	2023-03-23 09:13:23 +01:00
Sebdraven	f5d68aa08d	Update threat-actor.json delete ref to APT30 for Naikon	2023-03-23 08:49:17 +01:00
Sebdraven	d5843d46e2	Update threat-actor.json add ref to Aoqin Dragon	2023-03-21 18:40:10 +01:00
Mathieu Beligon	d82ff1ecfb	[threat-actors] Add Anonymous Sudan	2023-03-15 17:38:03 -05:00
Daniel Plohmann	c39b46e9d5	Update threat-actor.json when value "Sofacy" was changed to "APT28", it seems Sofacy was not added to aliases, so it's missing right now.	2023-03-15 14:55:25 +01:00
Jürgen Löhel	2d30785af5	chg [threat-actors] Add TA866 Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>	2023-03-08 21:44:16 -06:00
Mathieu Beligon	395ffda94f	[threat-actors] bump version	2023-03-02 10:29:52 -08:00
Mathieu Beligon	e1407c3c3f	[threat-actors] Add SLIPPY SPIDER alias to LAPSUS	2023-03-02 10:29:29 -08:00
Mathieu Beligon	4bbee8c1e7	[threat-actors] Add PROPHET SPIDER	2023-03-02 10:19:24 -08:00
Mathieu Beligon	61cb24a3fc	[threat-actors] Add Nemesis Kitten	2023-03-01 16:37:42 -08:00
Mathieu Beligon	84faa3c92b	[threat-actors] Add Karakurt	2023-03-01 16:34:03 -08:00
Mathieu Beligon	7d371b4c80	[threat-actors] Add CYBORG SPIDER alias to GOCLD BURLAP	2023-03-01 15:45:41 -08:00
Mathieu Beligon	fa57354471	[threat-actors] Add Chamelgang	2023-03-01 15:40:23 -08:00
Mathieu Beligon	bff978e4d1	[threat-actors] Add TA453	2023-03-01 15:24:55 -08:00
Mathieu Beligon	3406ad3aa9	[threat-actors] Add APT42	2023-03-01 15:18:53 -08:00
Mathieu Beligon	2567d6f1f8	[threat-actors] Add TA406	2023-03-01 15:01:22 -08:00
Rony	50624af741	add DEV-0147 https://twitter.com/MsftSecIntel/status/1625181255754039318	2023-02-25 20:18:09 +00:00
Rony	cf727f034c	add other actor synonyms from Google's report https://services.google.com/fh/files/blogs/google_fog_of_war_research_report.pdf	2023-02-26 01:05:50 +05:30
Alexandre Dulaunoy	6460fde2e4	chg: [threat-actor] version updated	2023-02-16 14:43:45 +01:00
Daniel Plohmann	91255413d8	adding Google names for RU threat actors https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/	2023-02-16 14:30:05 +01:00
Alexandre Dulaunoy	73bd7d0983	Merge pull request #818 from Mathieu4141/threat-actors/proofpoint-aliases [threat actors] Adding some actors from ProofPoint	2023-02-14 06:40:22 +01:00
Mathieu Beligon	9f09699047	[threat-actors] Fix: country was in the wrong place	2023-02-13 16:47:38 -08:00
Mathieu Beligon	ac067a236e	[threat-actors] fix: Add missing uuids	2023-02-13 16:36:41 -08:00
Mathieu Beligon	a792115dd8	fix	2023-02-13 16:26:10 -08:00
Mathieu Beligon	8193b05e14	[threat-actors] bump version	2023-02-13 14:18:58 -08:00
Mathieu Beligon	d34e894d2d	[threat-actors] Add TA2536	2023-02-13 13:45:41 -08:00
Mathieu Beligon	20c31a5d10	[threat-actors] Add TA577	2023-02-13 13:32:24 -08:00
Mathieu Beligon	e836a4a63c	[threat-actors] Add TA575	2023-02-13 12:02:32 -08:00
Mathieu Beligon	c52ac53765	[threat-actors] Add TA570	2023-02-13 11:54:47 -08:00
Mathieu Beligon	5f274f58c9	[threat-actors] Add Moskalvzapoe	2023-02-13 11:44:59 -08:00
Daniel Plohmann	62256854bc	adding Broadcom name for SaintBear.	2023-02-13 14:05:35 +01:00
Mathieu Beligon	33ff650327	[threat-actors] Add more information about NoName057(16)	2023-02-10 14:14:52 -08:00
Daniel Plohmann	9710e09e17	new APT29 name used by Recorded Future cf. https://go.recordedfuture.com/hubfs/reports/cta-2023-0127.pdf	2023-02-02 11:46:50 +01:00
Alexandre Dulaunoy	b7543c5012	Merge pull request #789 from Mathieu4141/threat-actors/fix-sectorj04 [threat-actors] Remove SectorJ04 duplicate	2023-01-27 15:05:37 +01:00
Mathieu Beligon	a452263ace	[threat-actors] pr.review: Add SectorJ04 as alias of TA505	2023-01-27 13:32:58 +01:00
Alexandre Dulaunoy	e54366fb87	chg: [threat-actor] added the missing synonyms	2023-01-10 15:55:30 +01:00
Delta-Sierra	3f4edb480b	add Malteiro	2022-12-16 16:43:50 +01:00
Delta-Sierra	5931f51d7a	add TAG-53	2022-12-08 11:31:02 +01:00
Delta-Sierra	3ea2d62a83	Version Update	2022-11-28 16:27:54 +01:00
Delta-Sierra	6016b1000c	Merge https://github.com/MISP/misp-galaxy	2022-11-28 16:17:08 +01:00
Delta-Sierra	6c36295318	Update several RAT & Ransomwares	2022-11-28 16:13:38 +01:00
Christian Studer	e3126ef857	fix: [clusters] Fixed some other few `meta` field names	2022-11-24 09:17:28 +01:00
Delta-Sierra	f4abf37b01	fix versions	2022-11-22 12:45:15 +01:00
Delta-Sierra	c02b74f999	merge	2022-11-22 12:43:18 +01:00
Delta-Sierra	8bf6d73d66	add BazarCall campaign	2022-11-22 09:08:28 +01:00
Thomas Dupuy	be7450494e	Add Evasive Panda Threat Actor	2022-11-18 16:38:11 +00:00
Delta-Sierra	91d535925f	version fix	2022-11-15 13:36:49 +01:00
Delta-Sierra	3837058ab1	merge	2022-11-15 12:54:03 +01:00
Delta-Sierra	d020efd276	add raspberry Robin worm & others	2022-11-15 11:57:10 +01:00
Alexandre Dulaunoy	b787bbeb23	Merge pull request #792 from nyx0/main Add RomCom TA.	2022-11-05 07:50:20 +01:00
Alexandre Dulaunoy	3b196f8361	Merge pull request #791 from Mathieu4141/threat-actors/add-phosphorus-alias-to-apt-35 [threat-actors] Add Phosphorus in APT35 aliases	2022-11-05 07:49:55 +01:00
Thomas Dupuy	9ac53e5d5e	Add RomCom TA.	2022-11-04 02:34:10 +00:00
Alexandre Dulaunoy	6c4da5dd55	Merge pull request #790 from Mathieu4141/threat-actors/fix-dust-storm [threat-actors] Remove DustStorm alias from APT10	2022-11-03 11:35:20 +01:00
Alexandre Dulaunoy	52a6fff6a2	Merge pull request #788 from Mathieu4141/threat-actors/fix-cobalt-dickens [threat-actors] Remove cobalt dickens duplicate	2022-11-03 11:27:08 +01:00
Alexandre Dulaunoy	3b4dcd6ad3	Merge pull request #787 from Mathieu4141/threat-actors/fix-subaat-duplicate [threat-actors] Remove subaat duplicate	2022-11-03 11:26:21 +01:00
Mathieu Beligon	8a9dd47f8f	[threat-actors] Add Phosphorus in APT35 aliases	2022-11-02 23:49:22 -07:00
Mathieu Beligon	21d4292faf	[threat-actors] Remove DustStorm alias from APT10	2022-11-02 23:31:31 -07:00
Mathieu Beligon	e61733591f	[threat-actors] Remove SectorJ04 duplicate	2022-11-02 20:30:40 -07:00
Mathieu Beligon	9f0869097a	[threat-actors] Remove cobalt dickens duplicate	2022-11-02 18:09:42 -07:00
Mathieu Beligon	e3e5560e37	[threat-actors] Remove subaat duplicate	2022-11-02 17:57:47 -07:00
Mathieu Beligon	5801bbcfc1	[threat-actors] Remove Skeleton Spider duplicate	2022-11-02 17:38:07 -07:00
Delta-Sierra	355025eb5b	fix metadata in wrong slot	2022-10-04 13:28:42 +02:00
Delta-Sierra	e5b3062912	add Volatile Cedar synonym	2022-10-03 16:06:13 +02:00
Alexandre Dulaunoy	409c82f40c	Merge pull request #781 from Mathieu4141/threat-actors/fix-neodymium [threat-actors] Fix G0055 (NEODYMIUM) alias	2022-09-30 06:39:31 +02:00
Alexandre Dulaunoy	588184bacd	Merge pull request #780 from Mathieu4141/threat-actors/fix-svmondr [threat-actors] Remove SVCMONDR duplicate	2022-09-30 06:38:56 +02:00
Alexandre Dulaunoy	800006e6ab	Merge pull request #778 from Mathieu4141/threat-actors/fix-malware-reuser-duplicate [threat-actors] Fix Volatile Cedar and Dancing Salome conflicts	2022-09-30 06:37:15 +02:00
Mathieu Beligon	74c6835d18	[threat-actors] Fix G0055 (NEODYMIUM) alias	2022-09-29 17:16:57 -07:00
Mathieu Beligon	a740e35687	[threat-actors] Remove SVCMONDR duplicate	2022-09-29 16:11:19 -07:00
Mathieu Beligon	5994fa4160	[threat-actors] Fix Volatile Cedar and Dancing Salome conflicts	2022-09-29 14:51:38 -07:00
Mathieu Beligon	4f47e6e2d3	[threat-actors] Equation group: separate from Lamberts and add tools	2022-09-29 11:28:54 -07:00
Thomas Dupuy	c66d6823a1	Add APT-Q-12 Threat Actor.	2022-09-29 02:30:41 +00:00
Alexandre Dulaunoy	c3b65a2d15	chg: [threat-actor] JSON fix	2022-09-27 08:18:13 +02:00
Thomas Dupuy	bfd1812cef	Add Void Balaur.	2022-09-27 00:11:20 +00:00
Mathieu Beligon	22a39f4fdc	[threat-actors] Add BITWISE SPIDER	2022-09-20 11:23:33 -07:00
Alexandre Dulaunoy	9b8b51fe53	Merge pull request #769 from Mathieu4141/threat-actors-add/no-name-057-06 [threat-actors] Add NoName057(16)	2022-09-17 07:43:42 +02:00
Alexandre Dulaunoy	2f169e4258	Merge pull request #766 from Mathieu4141/threat-actors/fix-ta505 [threat-actors] Clean TA505 aliases	2022-09-17 07:43:18 +02:00
Mathieu Beligon	580d2c6931	[threat-actors] Add NoName057(16)	2022-09-16 20:11:06 -06:00
Alexandre Dulaunoy	1c8d82cfcc	new: [threat-actor] hezb added	2022-09-14 11:00:33 +02:00
Mathieu Beligon	e1f5d3b5d8	[threat-actors] Keep meta from old Xenotime	2022-09-13 11:40:17 -07:00
Mathieu Beligon	4ff0bdfe8e	[threat-actors] Clean TA505 aliases	2022-09-13 11:34:02 -07:00
Mathieu Beligon	273c7c9b97	[threat-actors] Remove Xenotime duplicate	2022-09-12 17:10:49 -07:00
Delta-Sierra	0440db12e9	add DangerousSavanna campaign	2022-09-07 11:01:23 +02:00
Rony	aea413cebf	chg: [threat-actor] version bump	2022-09-01 10:32:01 +00:00
Rony	db913e5ab4	fix: [threat-actor] remove duplicate entries	2022-09-01 09:53:11 +00:00
Rony	6aea5ee05c	chg: [threat-actor] add Aoqin Dragon	2022-09-01 09:46:43 +00:00
Rony	fb0cf3c7e5	chg: [threat-actor] miscellaneous updates	2022-09-01 09:17:31 +00:00
Daniel Plohmann	d18f5bc8b6	mini-fix: adding https protocol to a reference in automated processing and display, this may otherwise lead to a malformed local / relative link.	2022-08-30 17:08:03 +02:00
Rony	e7178a1e08	fix: [threat-actor] remove duplicate entries from APT9	2022-08-27 12:54:32 +00:00
Rony	27300c6381	chg: [threat-actor] add avast blog to APT40	2022-08-27 12:41:31 +00:00
Rony	7f526e230b	chg: [threat-actor] add Microsoft and PwC report to actors' references	2022-08-27 12:34:36 +00:00
Rony	6ad9699a38	chg: [threat-actor] add recorded future reference to RedAlpha	2022-08-27 12:10:51 +00:00
Rony	2dc138ae01	chg: [threat-actor] add Adam Kozy's testimony ro APT41 and APT26	2022-08-27 12:08:11 +00:00
Rony	0b140b7097	chg: [threat-actor] miscellaneous updates including merge of some actors and fix the error committed in `9cfcc0d9ac`	2022-08-27 11:58:03 +00:00
Alexandre Dulaunoy	8bea9f3b4b	Merge pull request #755 from Mathieu4141/threat-actors/fix-winnti [threat-actors] Fix Axiom/Winnti/Suckfly/APT41 conflicts	2022-08-27 08:25:20 +02:00
Mathieu Béligon	9cfcc0d9ac	Add aliases to APT41 Co-authored-by: Rony <rony_123@protonmail.ch>	2022-08-26 14:54:02 -07:00
Mathieu Beligon	6e00329ba6	[threat-actors] Fix aliases	2022-08-26 11:09:29 -07:00
Mathieu Beligon	9b714dcd76	[threat-actors] Merge Axiom into APT17	2022-08-25 13:49:07 -07:00
Alexandre Dulaunoy	9efca4c41b	fix: [threat-actor] UUID reused fixed (UUIDs cannot be reused across different cluster) Add the missing the relationship for the new UUID	2022-08-21 09:17:56 +02:00
Rony	5b42a09dc2	add PARINACOTA to threat-actor.json MSTIC names digital crime actors based on global volcanoes	2022-08-20 17:10:15 +00:00
Alexandre Dulaunoy	6b137ea12c	Merge pull request #749 from Mathieu4141/threat-actors/fix-naikon-cluster [threat actors] Fix threat actors related to Lotus Panda	2022-08-20 11:46:15 +02:00
Mathieu Beligon	7f82616c10	fix axiom related field	2022-08-19 12:48:40 -07:00
Mathieu Beligon	969f461709	merge into apt41	2022-08-19 12:45:47 -07:00
Mathieu Beligon	fd9201e9e0	Merge APT22 and suckfly	2022-08-19 12:16:30 -07:00
Mathieu Beligon	768c94671c	Fix hellsing ref	2022-08-19 11:34:16 -07:00
Alexandre Dulaunoy	a8b234d694	Merge pull request #753 from Mathieu4141/threat-actors/fix-bronze-president [threat-actors] Remove duplicated BRONZE PRESIDENT entity	2022-08-19 06:26:11 +02:00
Mathieu Béligon	fcd6faec78	Capitalize override panda alias Co-authored-by: Rony <rony_123@protonmail.ch>	2022-08-18 20:51:03 -07:00
Mathieu Béligon	54f3ef2831	capitalize lotus panda alias Co-authored-by: Rony <rony_123@protonmail.ch>	2022-08-18 20:50:32 -07:00
Mathieu Béligon	c9b11553eb	normalize APT30 alias Co-authored-by: Rony <rony_123@protonmail.ch>	2022-08-18 20:32:44 -07:00
Mathieu Beligon	c1abedb446	Move Lotus Panda alias to Lotus Blossom	2022-08-18 20:21:31 -07:00
Mathieu Beligon	a61ef2a88f	[threat-actors] Fix Axiom/Winnti/Suckfly/APT41 conflicts	2022-08-18 17:03:26 -07:00
Mathieu Beligon	1acc51a7a6	[threat-actors] Add more data about APT-C-27	2022-08-18 15:44:18 -07:00
Mathieu Beligon	ec988c97d0	[threat-actors] Remove duplicated APT-C-27	2022-08-18 15:34:08 -07:00
Mathieu Beligon	d9046c8619	[threat-actors] Remove duplicated BRONZE PRESIDENT entity	2022-08-18 15:12:18 -07:00
Mathieu Beligon	a046e8094d	Merge APT30 and Naikon	2022-08-18 11:36:45 -07:00
Mathieu Beligon	5e4a4c3453	Merge branch 'main' into threat-actors/fix-naikon-cluster	2022-08-18 09:01:36 -07:00
Mathieu Beligon	264e764dfa	Remove ATK34 alias	2022-08-18 08:59:04 -07:00
Delta-Sierra	3f036db1e3	add TA558	2022-08-18 15:54:28 +02:00
Mathieu Beligon	71e3e1f3eb	Fix ATK aliases	2022-08-17 13:39:43 -07:00
Mathieu Beligon	a6242d4732	Merge branch 'main' into threat-actors/fix-naikon-cluster	2022-08-17 13:37:01 -07:00
Mathieu Beligon	0d6399aa2b	Add ATK78 alias for Thrip	2022-08-17 12:04:32 -07:00
Mathieu Beligon	53282255ce	Branch out Goblin Panda from Hellsing	2022-08-17 11:55:35 -07:00
Mathieu Beligon	3f50cf0175	Create a tool for Esile	2022-08-17 11:19:30 -07:00
Rony	ccd10b54f4	remove duplicate reference	2022-08-17 12:49:56 +05:30
Rony	0cec882cc5	merge microcin/sixlittlemonkeys to vicious panda	2022-08-17 07:06:51 +00:00
Alexandre Dulaunoy	a373909bb1	Merge pull request #748 from r0ny123/patch-2 Update threat-actor.json	2022-08-17 07:44:46 +02:00
Alexandre Dulaunoy	352998a84d	fix: [threat-actor] add missing refs for APT33 including CFR link	2022-08-17 07:40:23 +02:00
Mathieu Beligon	d05b29c1af	[threat-actors] Remove duplicate APT33	2022-08-16 17:15:30 -07:00
Mathieu Beligon	9c6f106928	[threat actor] Fix aliases related to Lotus Panda	2022-08-16 16:58:35 -07:00
Rony	5b25b574b3	add uac-0010 references from cert-ua	2022-08-16 10:19:53 +00:00
Rony	370045b01d	Merge "red october" and "cloud atlas" to inception framework"	2022-08-16 09:30:29 +00:00
Rony	62b168600f	fix duplicates	2022-08-16 12:15:30 +05:30
Rony	490bc6a05c	fix duplicate	2022-08-16 12:10:27 +05:30
Rony	bbe84c5985	updates to russian actors	2022-08-16 12:07:59 +05:30
Rony	de76aef023	Update threat-actor.json	2022-08-16 10:49:13 +05:30
Rony	f4b63d4514	updates to tianwu	2022-08-16 10:30:33 +05:30
Alexandre Dulaunoy	96d31aa8c7	chg: [threat-actor] jq all the things	2022-08-11 17:50:00 +02:00
Thomas Dupuy	ed24dcaf19	Add link for SLIME29.	2022-08-11 15:41:01 +00:00
Thomas Dupuy	912050b9b7	Update commit based on feeback.	2022-08-11 15:20:32 +00:00
Thomas Dupuy	6e0df72ef4	Add Threat Actors from BH Asia22 prez.	2022-08-10 18:53:38 +00:00
Daniel Plohmann	bdaadea58e	removing a leading double quote in a URL.	2022-08-02 18:17:58 +02:00
Daniel Plohmann	bc20a463c8	merging TG2003 / Elephant Beetle into FIN13 as indicated in the respective resources published by the organizations using these aliases.	2022-08-02 14:11:43 +02:00
Alexandre Dulaunoy	6427746ad8	Merge pull request #727 from Mathieu4141/threat-actors/merge-cutting-kitten-cleaver Fix Cleaver aliases	2022-07-27 23:17:42 +02:00
Alexandre Dulaunoy	63f5122ad4	Merge pull request #742 from r0ny123/patch-1 Update threat-actor.json	2022-07-27 18:56:47 +02:00
Mathieu Beligon	51aacd6b03	Reduce diff with old version	2022-07-26 23:53:22 -07:00
Mathieu Beligon	acc6ada575	r0ny123.review: Use Cutting Kitten as main value for ITSecTeam	2022-07-26 23:27:39 -07:00
Mathieu Beligon	d815bfa174	Merge remote-tracking branch 'upstream/main' into threat-actors/merge-cutting-kitten-cleaver	2022-07-26 23:22:03 -07:00
Daniel Plohmann	26f6a33695	more aliases from Unit 42	2022-07-26 11:09:33 +02:00
Rony	5a7f3a7207	fix	2022-07-25 17:17:52 +05:30
Rony	8ce0df6eb4	Update threat-actor.json Merge aquatic panda & earth lusca	2022-07-25 17:15:23 +05:30
Alexandre Dulaunoy	6b6398bf2d	fix: [threat-actor] incorrect merge fixed	2022-07-20 18:45:50 +02:00
Alexandre Dulaunoy	b4ce9a9453	Merge branch 'main' of https://github.com/r0ny123/misp-galaxy into r0ny123-main	2022-07-20 18:41:27 +02:00
Rony	add6b27466	update	2022-07-20 21:39:33 +05:30
Rony	2b54df56f9	update	2022-07-20 21:32:11 +05:30
Rony	2e045d9c8c	chg: [fix] resolve conflict	2022-07-20 21:28:15 +05:30
Daniel Plohmann	5825783a85	removed duplicate UUID for Kinsing my apologies, looks like I had not rolled a new UUID for one of the entries added...	2022-07-20 17:07:05 +02:00
Rony	932fcf1871	added Red Nue	2022-07-20 15:07:35 +05:30
Rony	082039b3b0	added CN actors from secureworks threat profile https://www.secureworks.com/research/threat-profiles?filter=item-china and fixed some AKAs	2022-07-20 14:52:58 +05:30
Daniel Plohmann	ed32c508b7	added more Unit 42 aliases / groups	2022-07-20 08:38:03 +02:00
Rony	000bfe92d9	add APT9/Red Pegasus & BRONZE EDGEWOOD/Red Hariasa	2022-07-20 10:04:58 +05:30
Rony	2e8a577b0c	add PwC naming to CN actors	2022-07-20 09:45:21 +05:30
Rony	3fabd58416	chg: [threat-actor] fixed	2022-07-19 23:36:30 +05:30
Rony	79c84d3768	add Earth Berberoka, Earth Lusca and Earth Wendigo	2022-07-19 22:42:50 +05:30
Daniel Plohmann	082d506b64	adding new Unit 42 names First PR: those are the directly mappable names. I will follow up after deconfliction and then with a few new entries.	2022-07-19 08:45:09 +02:00
Daniel Plohmann	240a757826	Update threat-actor.json adding Predatory Sparrow due to recent events.	2022-07-13 10:02:07 +02:00
Thomas Dupuy	90da0d798f	Set country to LB instead of IR based on operational activity.	2022-07-12 16:21:41 +00:00
Thomas Dupuy	1a8835bcae	Remove list from POLONIUM TA.	2022-07-12 13:11:11 +00:00
Thomas Dupuy	a86d866534	Add POLONIUM TA.	2022-07-12 12:14:27 +00:00
Delta-Sierra	7e37fa0cdd	merge + update medusalocker	2022-07-06 09:28:46 +02:00
Delta-Sierra	c2e7ef4fab	Update Medusa Locker and others	2022-07-06 08:43:59 +02:00
Mathieu Beligon	693eed8d78	[threat actor] Break Cleaver aliases into respective entries	2022-07-04 14:05:29 +02:00
Mathieu Beligon	d63c990dad	[threat-actors] Separate ITSecTeam from Cleaver	2022-06-30 14:34:05 +02:00
Mathieu Beligon	b8d4ffdbde	Merge Cutting Kitten and Cleaver	2022-06-29 20:15:12 +02:00
Mathieu Beligon	d79c5bd1ab	Add ToddyCat Threat actor	2022-06-21 15:12:42 +02:00
Rony	c030fcdab6	chg: [threat-actor] added PwC naming for Indian actors https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf	2022-06-11 15:46:54 +05:30
Thanat0s	44a99d066a	Y en a un peut plus je vous le mets quand meme ?	2022-06-11 04:24:04 -04:00
Thanat0s	57befd7259	jq all the things	2022-06-10 19:12:12 -04:00
Thanat0s	51f98f4706	Attck link + typo on TA551	2022-06-10 18:40:16 -04:00
Thanat0s	f97fee7135	Typo on TA551	2022-06-10 18:38:25 -04:00
Thanat0s	297acc0f5e	Add Mitre vs Thales RosettaStone	2022-06-10 18:24:15 -04:00
Rony	e916267c7c	chg: [threat-actor] add reference to bitter & sidewinder group	2022-06-08 23:22:17 +05:30
Mathieu Beligon	dca70783bf	[threat-actors] validate file	2022-05-23 11:32:24 +02:00
Mathieu Beligon	c1cfc19871	[threat actors] Remove dead link for sandworm threat actor	2022-05-23 11:30:04 +02:00
Mathieu Beligon	36a1466661	[threat-actors] Add RansomHouse	2022-05-23 11:29:39 +02:00
Rony	2721522e82	chg: [threat-actor] add exotic lily, ta578, ta579	2022-05-14 20:52:15 +05:30
Alexandre Dulaunoy	fcdc6c86e6	chg: [threat-actor] add TG2003 synomym to Elephant Beetle	2022-05-09 14:24:28 +02:00
Alexandre Dulaunoy	9130365e2e	chg: [threat-actor] Elephant Beetle added Fix #708	2022-05-09 14:23:12 +02:00
Alexandre Dulaunoy	bb434b11cf	chg: [threat-actor] ModifiedElephant added Fix #709	2022-05-09 14:16:01 +02:00
Alexandre Dulaunoy	06550a7945	chg: [threat-actor] fix refs field -> it's always an array	2022-05-09 13:46:16 +02:00
Alexandre Dulaunoy	b67e3ed3f8	Merge branch 'threatactor-cosmiclynx-add' of https://github.com/adammchugh/MISP-Galaxy-Updates into adammchugh-threatactor-cosmiclynx-add	2022-05-09 13:43:44 +02:00
Rony	c0be6677c2	chg: [threat-actor] added actor Red Menshen https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf	2022-05-07 15:44:10 +05:30
Rony	11eca69ebc	chg: [threat-actor] added Curious Gorge	2022-05-07 12:40:35 +05:30
Daniel Plohmann	26c1850377	Update threat-actor.json adding Red Dev 4 as alias for GALLIUM as used by PwC.	2022-05-06 09:47:48 +02:00
Daniel Plohmann	06c293072c	Update threat-actor.json adding UNC3524 to the actor galaxy cluster.	2022-05-04 13:21:56 +02:00
3c7	0ad65fbe9f	Forgot to jq all the things	2022-04-28 09:42:25 +02:00
3c7	dfb6c0668e	Added SaintBear	2022-04-28 09:36:25 +02:00
Alexandre Dulaunoy	664f6d80cc	chg: [threat-actor] Killnet description added	2022-04-21 15:05:50 +02:00
Alexandre Dulaunoy	1e383e2452	chg: [threat-actor] version updated	2022-04-21 14:53:14 +02:00
Mathieu Beligon	c8455a6c4d	[actors] Add killnet	2022-04-21 14:06:28 +02:00
Adam McHugh	53a0fc56d3	Added Cosmic Lynx Threat Actor from Agari Whitepaper advisory	2022-04-18 10:16:26 +09:30
Adam McHugh	84eac4b102	Added Cosmic Lynx Threat Actor from Agari Whitepaper advisory	2022-04-17 19:50:08 +09:30
Adam McHugh	cff8a38c5f	Added Copy-Paste Threat Actor from ACSC Advisory 2020-008	2022-04-17 19:37:26 +09:30
Thomas Dupuy	bd05eb0bba	upd: [cluster] add Threat Actor BladeHawk.	2022-04-11 17:03:19 +00:00
Thomas Dupuy	209391f110	upd: [cluster] add ref and synonyms for Energetic Bear.	2022-04-07 18:26:58 +00:00
Rony	a08ddaf548	Add Avivore & HAZY TIGER/Bitter	2022-04-02 01:14:18 +05:30
Rony	50f39edc10	Revert "update threat actors meta"	2022-04-02 00:55:38 +05:30
Delta-Sierra	73f71c8b15	dup	2022-04-01 16:51:27 +02:00
Delta-Sierra	fb557fd3a2	dup	2022-04-01 16:47:50 +02:00
Delta-Sierra	909fc09992	duplicate	2022-04-01 16:44:47 +02:00
Delta-Sierra	7c3e8ac068	fix duplicate	2022-04-01 16:40:40 +02:00
Delta-Sierra	dcc396108c	fix duplicate	2022-04-01 16:36:47 +02:00
Delta-Sierra	9257fb677b	merge	2022-04-01 16:32:10 +02:00
Delta-Sierra	0f7803b091	update threat actors meta	2022-04-01 16:00:27 +02:00
Mathieu Beligon	c35fad3291	Add threat actor group Scarab	2022-03-28 12:11:34 +02:00
Daniel Plohmann	24a3f16ab4	adding threat actor group LAPSUS$ / DEV-0537.	2022-03-23 09:47:10 +01:00
Delta-Sierra	97690426bf	update threat actors meta	2022-03-18 16:41:10 +01:00
Alexandre Dulaunoy	7fd5715715	Merge pull request #691 from r0ny123/indian-adversaries Update to Indian Adversaries	2022-03-15 12:28:16 +01:00
Rony	eebda5f955	chg: [threat-actor] merging viceroy tiger and donot team & adding SectorE02 as an alias of Donot team	2022-03-15 15:02:57 +05:30
Rony	ac72e7b639	fix	2022-03-15 14:00:46 +05:30
Rony	3b67e745e5	Update threat-actor.json	2022-03-15 13:57:00 +05:30
Delta-Sierra	957327383d	fix array	2022-03-07 16:10:53 +01:00
Delta-Sierra	a7f3df8a9a	merge	2022-03-07 16:04:38 +01:00
Delta-Sierra	8fd3c87b47	update threat actors meta	2022-03-07 15:54:29 +01:00
Alexandre Dulaunoy	8e09c9b30c	Merge pull request #685 from danielplohmann/patch-14 adding threat actor "Moses Staff"	2022-03-02 21:43:00 +01:00
Daniel Plohmann	896a451461	fixed with linted JSON.	2022-03-02 21:22:28 +01:00
Daniel Plohmann	a817324cd4	adding threat actor "Moses Staff"	2022-03-02 15:50:39 +01:00
Mathieu Beligon	0b456b8afa	version bump -> 213	2022-03-02 14:55:26 +01:00
Mathieu Beligon	d3d241ca54	Update Gamaredon target	2022-03-02 14:55:19 +01:00
Mathieu Beligon	27c05a118e	Update GhostWriter	2022-03-02 13:16:20 +01:00
Delta-Sierra	c909a35d65	Merge https://github.com/MISP/misp-galaxy into main	2022-02-18 10:57:10 +01:00
Delta-Sierra	a788c867a7	jq	2022-02-18 10:56:07 +01:00
Delta-Sierra	b0cd884afc	add TA2541	2022-02-18 10:54:25 +01:00
Daniel Plohmann	321e4b4a57	another Gamaredon ref and version bump	2022-02-18 08:26:01 +01:00
Daniel Plohmann	254dd47a61	adding ACTINIUM as MSFT name for Gamaredon	2022-02-18 08:24:35 +01:00
Delta-Sierra	9b76d71c43	Merge https://github.com/MISP/misp-galaxy into main	2022-02-14 08:47:21 +01:00
Delta-Sierra	3184819968	add DDG botnet and more	2022-02-11 16:13:36 +01:00
rwe	4700780d47	added antlion APT group	2022-02-05 04:52:33 -08:00
Daniel Plohmann	833a6e0a8d	updated URLs for Gamaredon with Shuckworm alias reference	2022-02-02 09:40:10 +01:00
Daniel Plohmann	8f928d8eb3	adding Gamaredon alias Shuckworm used by Symantec	2022-02-02 09:35:53 +01:00
Delta-Sierra	e523bdaf70	merge	2022-01-14 16:08:14 +01:00
Thomas Dupuy	c792bdd1b7	Add AQUATIC PANDA threat actor.	2022-01-12 13:51:11 -05:00
Sami Tainio	dcb87b0dc6	chg: [threat-actor] Add SideCopy	2022-01-07 17:45:41 +02:00
Daniel Plohmann	3094283252	adding Mandiant's FIN13.	2022-01-03 09:32:43 +01:00
Delta-Sierra	bb92427b65	add Lyceum synonyms/sources	2021-11-29 12:05:51 +01:00
Jeroen Pinoy	9ec76ae185	Add threat actor common raven	2021-10-03 23:30:20 +02:00
Thomas Dupuy	89a3f986ba	Add InkySquid synonym.	2021-08-24 16:29:34 +02:00
Daniel Plohmann	3272960a14	fixed typo in actor name (CLOCKWORD -> CLOCKWORK SPIDER)	2021-08-19 06:02:40 +02:00
Rony	5dd0c7d8b3	chg: [threat-actor] add origin country to UNC2452 & HAFNIUM addressed https://github.com/MISP/misp-galaxy/pull/660#issuecomment-884475015	2021-08-02 22:30:05 +05:30
Rony	636ccdedcd	Update threat-actor.json	2021-07-21 18:47:56 +05:30
Rony	9ecfecc063	another fix	2021-07-21 18:41:18 +05:30
Rony	32ea60d721	fix	2021-07-21 18:31:05 +05:30
Rony	52e7d5a0a9	multiple updates to apt40, apt31 & hafnium	2021-07-21 18:28:40 +05:30
Rony	fb9a41f8e9	from Gov Canada & MFA Japan	2021-07-19 20:33:35 +05:30
Rony	c90c60cb13	adding references for APT40 & APT31	2021-07-19 20:14:36 +05:30
Alexandre Dulaunoy	6c8949caa9	Merge pull request #658 from jasperla/oilrig merge APT34 with OilRig	2021-07-03 08:56:39 +02:00
Deborah Servili	b6005bd53f	Merge branch 'main' into master	2021-07-02 13:30:51 +02:00
Delta-Sierra	913aff30c3	Add NOBELIUM and related	2021-07-02 13:18:03 +02:00
Jasper Lievisse Adriaanse	792490298e	merge APT34 with OilRig OilRig already has "APT 34" and "APT34" as synonyms. Additionally MITRE has since combined them due to overlap in activity: https://attack.mitre.org/groups/G0049/	2021-06-29 20:26:04 +02:00
Jürgen Löhel	254c201601	[cluster][tool] Adds Matanbuchus + threat actor: BelialDemon Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>	2021-06-21 18:04:28 -05:00
Thomas Dupuy	772c5145c1	Added BackdoorDiplomacy and Gelsemium.	2021-06-11 11:48:57 -04:00
Rony	9a723b6261	more ta544 references	2021-05-26 20:26:27 +05:30
Rony	db06e1fa4a	chg: [threat-actor] added cybercrime threat group profiles from Crowdstrike & Secureworks	2021-05-22 21:02:30 +05:30
Daniel Plohmann	433ea5cb45	Twisted Spider -> TWISTED SPIDER fair point	2021-05-19 17:04:58 +02:00
Daniel Plohmann	9719122d27	adding Twisted Spider as alias for TA2101 (Maze)	2021-05-19 16:47:41 +02:00
Alexandre Dulaunoy	a3cdbc1309	Merge pull request #650 from Still34/patches/alias-tick-1 Add alias for Tick	2021-05-07 23:23:38 +02:00
Still Hsu	eb671f1e6a	Add Nian alias Signed-off-by: Still Hsu <dev@stillu.cc>	2021-05-08 00:52:27 +08:00
Still Hsu	fe7c0dab07	Add country origin for BlackTech Signed-off-by: Still Hsu <dev@stillu.cc>	2021-05-08 00:32:39 +08:00
Daniel Plohmann	38b8bac51d	fixing broken/dead links	2021-05-04 20:15:17 +02:00
Rony	faed812fc9	Merged STALKER PANDA to Tick	2021-04-25 19:12:20 +05:30
Rony	89b9c0c32c	several updates to apt27	2021-04-25 16:53:36 +05:30
Daniel Plohmann	6eb594a6b0	adding Yanbian Gang as threat actor	2021-04-16 15:12:45 +02:00
Daniel Plohmann	2d8e9ea364	Symantec uses Palmerworm as alias for BlackTech Adding Palmerworm as Symantec alias for BlackTech (with reference).	2021-03-31 22:35:12 +02:00
Thomas Dupuy	a8c62ddeda	Add Ghostwriter.	2021-03-31 09:42:40 -04:00
Rony	50f5d2ae4a	reverted changes made into `52ae97718d`	2021-03-30 22:19:05 +05:30
sebdraven	ce8a9442eb	validation jsons	2021-03-30 13:12:21 +00:00
Sebdraven	52ae97718d	Update threat-actor.json add a synonym to Haffnium	2021-03-30 15:11:09 +02:00
sebdraven	b082977b9f	validation ok	2021-03-30 10:22:35 +00:00
Sebdraven	4ed4cebcee	Update threat-actor.json format json	2021-03-30 12:16:22 +02:00
Sebdraven	a62e3ba530	Update threat-actor.json add redecho threat actor	2021-03-30 12:10:50 +02:00
Delta-Sierra	7c843ac5c2	fix merge & jq	2021-03-11 14:08:29 +01:00
Delta-Sierra	c37befc8a9	merge	2021-03-11 10:35:05 +01:00
Rony	57c7d0b9a0	From Nextron	2021-03-06 19:44:32 +05:30
Rony	6cabbfb091	more!	2021-03-06 14:22:29 +05:30
Rony	7b242555df	More references From Crowdstrike MSRC and kql hunting query from James Quinn	2021-03-06 13:28:14 +05:30
Rony	eaab88ef28	add HAFNIUM detection refs	2021-03-05 16:51:28 +05:30
Rony	4bc438a325	fix	2021-03-05 11:48:43 +05:30
Rony	d9b299aafc	add more HAFNIUM references	2021-03-05 11:42:04 +05:30
Rony	c9f7afef1c	Adding alias NOBELIUM	2021-03-04 22:39:33 +05:30
Alexandre Dulaunoy	47dade9d0e	Merge pull request #631 from r0ny123/Enhancement Add HAFNIUM	2021-03-04 14:48:01 +01:00
Rony	ad795606cf	added HAFNIUM Updates: Tonto Team UNC2452	2021-03-04 00:10:33 +05:30
Sebdraven	2666341afc	Update threat-actor.json update Sidewinder card	2021-03-03 17:59:25 +01:00
Thomas Dupuy	f842694fda	Update Infy TA.	2021-03-02 14:37:01 -05:00
Delta-Sierra	d273a5da7d	add TeamTNT ref	2021-02-25 09:52:24 +01:00
Rony	5c6f3a036b	removing DePrimon DePrimon is not a TA, added malfamily (waiting for approval) to Malpedia to better reflect that.	2021-02-24 21:55:04 +05:30
Delta-Sierra	7c1ac58141	add TeamTNT	2021-02-22 16:38:18 +01:00
Delta-Sierra	96bf0d44ea	Merge https://github.com/MISP/misp-galaxy	2021-02-09 14:52:58 +01:00
Daniel Plohmann	d61e7d2fac	adding ClearSky alias for Volatile Cedar adding ClearSky report as source and alias to the VolatileCedar entry. As proof from the report: "We attributed the operation to Lebanese Cedar (also known as Volatile Cedar), mainly based on the code overlaps between the 2015 variants of Explosive RAT and Caterpillar WebShell, to the 2020 variants of these malicious files."	2021-01-29 10:39:18 +01:00
StefanKelm	fb35646406	Update threat-actor.json Lazarus	2021-01-26 14:38:37 +01:00
StefanKelm	a131a7ce98	Update threat-actor.json Lazarus	2021-01-20 17:43:18 +01:00
Alexandre Dulaunoy	3c19c7c1e5	Merge pull request #617 from danielplohmann/patch-4 merge COVELLITE into Lazarus Group	2021-01-17 16:05:13 +01:00
Daniel Plohmann	ca66fcd93a	merge COVELLITE into Lazarus Group I would propose to move COVELLITE as tracked by Dragos as an alias into Lazarus Group and merge the references. Dragos' own description states that it refers to the same group as "Lazarus" and "Hidden Cobra" in that infrastructure and tools are the same: https://www.dragos.com/threat-activity-groups/ - the entry in MISP's threat actor library also reflects that.	2021-01-17 15:07:26 +01:00
Rony	91e87cf82c	Update threat-actor.json Don't know how StarCraft	2021-01-17 12:21:34 +05:30
Daniel Plohmann	edcc3c0bc1	merging ScarCruft->APT37 I would like to propose merging entry "ScarCruft" into "APT37". It really just seems like a redundancy, as both its aliases "Operation Daybreak" and "Operation Erebus" are already present for "APT37", along alias "StarCruft", which just seems to be a less popular variation of the name ("StarCruft" 3.2k google hits vs "ScarCruft" 31.5k google hits). The references of the entry can be fully merged as well - they do not overlap so far.	2021-01-15 18:52:49 +01:00
Delta-Sierra	a6f7795952	fix merge	2021-01-12 10:38:33 +01:00
Alexandre Dulaunoy	2b356a9eb0	chg: [threat-actor] UNC2452/DarkHalo added - ref. #614	2021-01-12 07:01:36 +01:00
Rony	3240aa819f	Update threat-actor.json	2020-12-14 11:54:41 +05:30
Rony	2ffb77b35b	BISMUTH	2020-12-14 10:41:15 +05:30
Delta-Sierra	31f96513b2	update sidewinder threat actor	2020-12-11 16:09:33 +01:00
StefanKelm	5dc92995f6	Update threat-actor.json DeathStalker, Mabna	2020-12-04 11:43:06 +01:00
StefanKelm	4fee985b5e	Update threat-actor.json Turla	2020-12-03 13:05:14 +01:00
StefanKelm	72e085aba9	Update threat-actor.json OceanLotus	2020-12-02 11:44:29 +01:00
StefanKelm	15b5f4c881	Update threat-actor.json APT27	2020-11-30 11:49:23 +01:00
StefanKelm	da910c0c2e	Update threat-actor.json	2020-11-18 19:15:11 +01:00
StefanKelm	48ffaa8ce1	Update threat-actor.json Lazarus	2020-11-18 12:10:23 +01:00
StefanKelm	bf5bdeacb0	Update threat-actor.json OceanLotus	2020-11-09 14:39:55 +01:00
StefanKelm	41a7a36317	Update threat-actor.json Kimsuky	2020-11-02 17:30:25 +01:00
Rony	333e55fbeb	remove duplicate!	2020-11-02 14:18:49 +05:30
Rony	000cfa68a8	Update threat-actor.json Added TRACER KITTEN, FIN11, UNC1878, Operation Skeleton Key	2020-11-02 13:51:08 +05:30
Deborah Servili	28784683db	Merge branch 'main' into master	2020-10-30 16:17:27 +01:00
Alexandre Dulaunoy	24f05749f0	Merge branch 'master' of https://github.com/enhanced/misp-galaxy into enhanced-master	2020-10-30 09:47:45 +01:00
JJ Cummings	c48a38c2f1	Added a new cryptominer galaxy and additional missing recent families to various clusters	2020-10-29 14:40:22 -06:00
StefanKelm	808c2c3828	Update threat-actor.json Kimsuky	2020-10-28 12:52:06 +01:00
Daniel Plohmann	02bcf1f5a7	adding PowerPool alias IAmTheKing (Kaspersky) after a quick search I haven't found a nice source except for costin's tweet.	2020-10-09 13:49:16 +02:00
StefanKelm	7bab41e367	Update threat-actor.json TA505	2020-10-06 15:29:54 +02:00
StefanKelm	1d05f17507	Update threat-actor.json XDSpy	2020-10-06 12:45:43 +02:00
StefanKelm	18eebc01f6	Lazarus	2020-09-29 12:02:16 +02:00
Bart	2b51f7b6de	Update threat-actor.json Add Machete alias	2020-09-27 18:37:24 +02:00
StefanKelm	e95fbb571d	Update threat-actor.json GADOLINIUM	2020-09-25 11:52:34 +02:00
StefanKelm	3ad3d5f318	Update threat-actor.json APT28	2020-09-22 18:07:33 +02:00
Deborah Servili	4f3b6945c0	Merge https://github.com/MISP/misp-galaxy	2020-09-22 12:17:42 +02:00
Rony	d1c70b3d80	FBI FLASH AC-000133-TT	2020-09-17 11:05:00 +05:30
Rony	4d4a462d7a	Update threat-actor.json Adding Fox-Kitten and cleaned (or improved) winnti	2020-09-17 00:07:40 +05:30
Deborah Servili	0fe525a9db	Merge https://github.com/MISP/misp-galaxy	2020-09-16 10:22:38 +02:00
Deborah Servili	00b5d0d116	add refs	2020-09-16 10:08:31 +02:00
Daniel Plohmann (jupiter)	7b00674c77	Adding TA413 and Evilnum	2020-09-15 14:19:22 +02:00
StefanKelm	63030f2cfe	Update threat-actor.json APT33	2020-09-14 12:01:53 +02:00
StefanKelm	3cc3cc461a	Update threat-actor.json STRONTIUM	2020-09-11 11:38:06 +02:00
StefanKelm	57a31fd60c	Update threat-actor.json Lazarus, FIN7	2020-09-03 14:44:10 +02:00
StefanKelm	503d421a56	Update threat-actor.json TA542	2020-08-31 15:07:13 +02:00
Thomas Dupuy	d0c6b7b46d	Update Tonto Team/CactusPete threat actor	2020-08-13 15:57:33 -04:00
Thomas Dupuy	4130d7c6fc	Update TA APT40	2020-08-13 12:22:36 -04:00
Daniel Plohmann	8407b6fd28	Update threat-actor.json adding Kaspersky's name for Microcin.	2020-08-12 12:03:28 +02:00
Vasileios Mavroeidis	40d12b9dde	Motive correction based on the EU Cert motive taxonomy Changed the motive in object 29af2812-f7fb-4edb-8cc4-86d0d9e3644b from Hactivism-Nationalist to Hacktivists-Nationalists	2020-07-28 11:43:46 +02:00
Alexandre Dulaunoy	44afaf2523	chg: [threat-actor] remove duplicate references	2020-07-27 09:57:41 +02:00
StefanKelm	86c54cbd8c	Update threat-actor.json OilRig	2020-07-23 11:07:22 +02:00
Steve Clement	df6bed3d3a	Merge pull request #563 from r0ny123/patch-1	2020-07-22 09:14:13 +09:00
StefanKelm	17a1feb016	Update threat-actor.json Turla	2020-07-15 11:20:18 +02:00
Rony	c33f4c7611	Update threat-actor.json Moved the JUDGMENT PANDA references to APT31 following the previous commit. Off note, Crowdstrike quietly removed the JUDGMENT PANDA section from its GTR-2019 report. However if anyone wants to grab the unchanged report, they can get it [here](https://b-ok.asia/book/3697424/2ab30a).	2020-07-12 12:57:24 +05:30
Rony	b77b9d374c	Update threat-actor.json	2020-07-12 11:19:13 +05:30
Deborah Servili	84474ddb29	merge	2020-07-09 16:31:04 +02:00
Deborah Servili	865e76beae	commit	2020-07-07 14:47:44 +02:00
Alexandre Dulaunoy	ba46bb6a0b	chg: [threat-actor] fix #561 by using new meta to classify as a campaign only. Based on https://github.com/MISP/misp-galaxy/issues/469 There is an old and persistence issue in attribution world and basically no-one really agrees on this. So we decided to start a specific metadata `threat-actor-classification` on the threat-actor to define the various types per cluster entry: - _operation_: - _A military operation is the coordinated military actions of a state, or a non-state actor, in response to a developing situation. These actions are designed as a military plan to resolve the situation in the state or actor's favor. Operations may be of a combat or non-combat nature and may be referred to by a code name for the purpose of national security. Military operations are often known for their more generally accepted common usage names than their actual operational objectives._ from Wikipedia - In the context of MISP threat-actor name, it's a single specific operation. - _campaign_: - _The term military campaign applies to large scale, long duration, significant military strategy plans incorporating a series of inter-related military operations or battles forming a distinct part of a larger conflict often called a war. The term derives from the plain of Campania, a place of annual wartime operations by the armies of the Roman Republic._ from Wikipedia - In the context of MISP threat-actor-name, it's long-term activity which might be composed of one or more operations. - threat-actor - In the context of MISP threat-actor-name, it's an agreed name by a set of organisations. - activity group - In the context of MISP threat-actor-name, it's a group defined by its set of common techniques or activities. - unknown - In the context of MISP threat-actor-name, it's still not clear if it's an operation, campaign, threat-actor or activity group The meta field is an array to allow specific cluster of threat-actor to show the current disagreement between different organisations about the type (threat actor, activity group, campaign and operation).	2020-07-07 09:13:21 +02:00
Alexandre Dulaunoy	164e54c3fe	Merge branch 'master' of github.com:MISP/misp-galaxy	2020-07-02 09:55:42 +02:00
StefanKelm	14665429d7	Update threat-actor.json APT31	2020-06-25 16:23:00 +02:00
StefanKelm	92bc206879	Update threat-actor.json APT30	2020-06-23 14:54:09 +02:00
Rony	bc97b07089	Update threat-actor.json	2020-06-21 19:19:17 +05:30
StefanKelm	583f1d2fc2	Update threat-actor.json TA505	2020-06-17 11:56:29 +02:00
Alexandre Dulaunoy	0cb36249a4	chg: [jq] all the things	2020-06-12 09:26:30 +02:00
Rony	29be5ac7e1	fixed typo!	2020-06-12 00:09:59 +05:30
Rony	9365bfb7cd	Adding GALLIUM Threat Actor	2020-06-11 23:42:35 +05:30
StefanKelm	f042f98247	Update threat-actor.json Higaisa	2020-06-08 14:09:39 +02:00
StefanKelm	9c25d5e8c5	Update threat-actor.json Cycldek	2020-06-04 17:18:45 +02:00
Daniel Plohmann (jupiter)	a705d1402f	fixing deadlinks where possible	2020-05-27 09:49:58 +02:00
Daniel Plohmann (jupiter)	171f272a1e	default to HTTPS to be consistent with other links to same page	2020-05-27 09:27:52 +02:00
Alexandre Dulaunoy	8a0a4cb02d	Merge pull request #551 from nyx0/master Add CrackMapExec, metasploit, Cobalt Strike and Covenant	2020-05-27 09:10:08 +02:00
Thomas Dupuy	291fb41502	Remove duplicate TA (Chafer), fix symantec link, add synonyme for DarkHotel	2020-05-26 09:50:43 -04:00
Rony	fbd351590a	Update threat-actor.json	2020-05-24 23:18:54 +05:30
Rony	5f8094d16f	fix	2020-05-24 23:14:43 +05:30
Alexandre Dulaunoy	b5bbc34f5d	chg: [threat-actor] remove the non-unique elements	2020-05-22 14:01:32 +02:00
Nils Kuhnert	fbfe9d23c3	Merged (most) SecureWorks threat actor profiles && jq	2020-05-22 13:45:29 +02:00
Daniel Plohmann	5101c5a828	msft name: BORON for APT3 as per tweet: https://twitter.com/bkMSFT/status/1259578051962306562	2020-05-11 15:37:38 +02:00
Alexandre Dulaunoy	09429eda5a	chg: [ta] fix the JSON	2020-05-11 10:20:10 +02:00
Thomas Dupuy	69fe870803	Add Higaisa Threat Actor	2020-05-08 13:01:48 -04:00
Deborah Servili	1d331a9ab1	Merge branch 'master' into master	2020-04-28 15:19:38 +02:00
Alexandre Dulaunoy	2a70893352	chg: [jq] JSON fixed	2020-04-27 15:03:25 +02:00
de Rosen	a428ad565e	Added misp info	2020-04-27 15:16:33 +03:00
Deborah Servili	f6fd07fbc9	add speculoos bakdoor	2020-04-27 09:36:23 +02:00
Alexandre Dulaunoy	86157a6b96	Merge pull request #539 from r0ny123/MergingTA Adding alias Thallium and merging STOLEN PENCIL	2020-04-26 21:16:56 +02:00
Rony	112f9e4a08	Adding alias Thallium and merging STOLEN PENCIL Pretty much confirmed from the crowdstrike talk at ATT&CKon 2.0. And also Netscout named the campaign as STOLEN PENCIL.	2020-04-26 23:47:37 +05:30
Alexandre Dulaunoy	de71a444f8	chg: [json] add missing comma	2020-04-26 14:23:59 +02:00
rvs1st	d449eb94fc	Update threat-actor.json Added on line 1403: Trident per campaign malicious RTF documents to exploit CVE-2017-11882 and CVE-2012-0158	2020-04-24 09:03:58 -05:00
Alexandre Dulaunoy	4234d44052	Merge pull request #537 from danielplohmann/patch-28 Adding Nazar APT as described by JAGS in his OPCDE talk yesterday.	2020-04-24 15:33:47 +02:00
Daniel Plohmann	858621ebdc	Adding Nazar APT as described by JAGS in his OPCDE talk yesterday.	2020-04-23 15:47:35 +02:00
Daniel Plohmann	b0f0bbae33	adding VOYEUR as alias (used by NSA) for MAGIC KITTEN (source reference included)	2020-04-23 14:52:08 +02:00
Deborah Servili	6b49d81b13	Merge branch 'master' of https://github.com/MISP/misp-galaxy	2020-04-23 10:06:04 +02:00
itayc0hen	667d5b8850	Add ItaDuke/DarkUniverse actor	2020-04-22 19:44:38 +03:00
pnx@pyrite	974ece3a7c	adding FIN1	2020-04-20 14:20:22 +02:00
Rony	aa34775390	typo thanks to @patricksvgr	2020-04-19 23:17:44 +05:30
Rony	ddfa280672	Update threat-actor.json	2020-04-19 23:06:57 +05:30
Rony	7ac2648dbc	more fix	2020-04-19 23:00:42 +05:30
Rony	573b4807ee	fix broken links	2020-04-19 16:03:21 +05:30
Rony	42a4820823	dead link	2020-04-19 11:45:45 +05:30
Rony	0aa34187e9	add link	2020-04-19 11:29:36 +05:30
Rony	d6bf42254f	Merging APT23 & Tropic Trooper	2020-04-18 13:22:25 +05:30
Rony	c161080175	Update threat-actor.json	2020-04-15 21:36:48 +05:30
Deborah Servili	e8edc9cafc	Merge branch 'master' of https://github.com/MISP/misp-galaxy	2020-04-15 11:27:01 +02:00
Deborah Servili	b01e64eb1f	add Operation Shadow Forece	2020-04-08 14:53:19 +02:00
Daniel Plohmann	aba625dee5	removed duplicate entry	2020-04-07 08:49:33 +02:00
Daniel Plohmann	e15a4a6525	fixing/removing some more dead links	2020-04-06 15:25:22 +02:00
Alexandre Dulaunoy	e37f320df5	Merge pull request #523 from danielplohmann/patch-24 adding aliases MERCURY, HOLMIUM	2020-03-09 21:56:27 +01:00
Daniel Plohmann	ab49ef3c1a	Kimsuki -> Black Banshee PWC refers to Kimsuki as Black Banshee (https://www.pwc.co.uk/issues/cyber-security-data-privacy/research/tracking-kimsuky-north-korea-based-cyber-espionage-group-part-2.html)	2020-03-09 18:20:56 +01:00
Daniel Plohmann	1260ab156a	adding aliases MERCURY, HOLMIUM Muddywater->MERCURY: https://twitter.com/moranned/status/1234071210822184960 APT33->HOLMIUM: https://www.zdnet.com/article/microsoft-notified-10000-victims-of-nation-state-attacks/	2020-03-09 08:50:08 +01:00
Alexandre Dulaunoy	4a64d0a4ad	Merge pull request #519 from danielplohmann/crowdstrike2020report adding new/updated threat actor names from CrowdStrike 2020 report	2020-03-05 09:07:16 +01:00
Daniel Plohmann (jupiter)	0c2b0b76eb	while we are at it, we can also do Longhorn = APT-C-39	2020-03-04 21:09:06 +01:00
Daniel Plohmann (jupiter)	184f193342	IMPERIAL KITTEN as alias for Tortoiseshell	2020-03-04 19:39:14 +01:00
pnx@pyrite	3dc460e795	adding new/updated threat actor names from CrowdStrike 2020 report	2020-03-04 13:36:34 +01:00
Daniel Plohmann	dc059d1f4d	Accenture calls APT32 - "POND LOACH"	2020-03-03 19:40:50 +01:00
Alexandre Dulaunoy	b4b91b1e5d	chg: [threat-actor] JSON fixed	2020-02-28 16:37:24 +01:00
Thomas Dupuy	0daeb675f5	Add InvisiMole cluster	2020-02-18 13:28:32 -05:00
Daniel Plohmann	e481e9bb50	adding APT-C-12	2020-02-13 17:44:45 +01:00
Rony	22c9badee0	Update threat-actor.json those are the name of aliases of the same malware family sykipot. so removing it.	2020-02-05 18:00:31 +05:30
Deborah Servili	5da17d51aa	Merge branch 'master' into master	2020-01-24 09:33:33 +01:00
Deborah Servili	606e3ec90f	jq	2020-01-24 09:32:09 +01:00
Deborah Servili	58415324c5	add Operation Wocao	2020-01-24 08:27:20 +01:00
Thomas Dupuy	edc5196373	Add Attor and DePriMon	2020-01-23 11:27:00 -05:00
Daniel Plohmann	ccfe5ee130	removing and fixing deadlinks in the best possible way Hi! While migrating Malpedia to our new reference data format, we noticed a few potentially dead/moved references in your cluster. This pull request should fix most of them, for some I was not able to find an appropriate replacement.	2020-01-23 11:14:20 +01:00
Daniel Plohmann	29a128da6f	adding references and TEMP.MixMaster as alias for WIZARD SPIDER with kudos to @tbarabosch	2020-01-22 15:42:01 +01:00
Alexandre Dulaunoy	dbaab413b6	chg: [threat-actor] typo fixed	2020-01-18 17:30:27 +01:00
Alexandre Dulaunoy	564f27c5ca	chg: [threat-actor] format fixed	2020-01-18 17:26:45 +01:00
Alexandre Dulaunoy	34c5c66279	chg: [threat-actor] fix order	2020-01-18 17:08:32 +01:00
Alexandre Dulaunoy	8eeceafc51	chg: [threat-actor] Budminer APT added based on document from "Soesanto, Stefan" Ref: https://www.research-collection.ethz.ch/bitstream/handle/20.500.11850/389371/1/Cyber-Reports-2020-01-A-one-sided-Affair.pdf Ref: https://www.symantec.com/connect/blogs/taiwan-targeted-new-cyberespionage-back-door-trojan	2020-01-18 17:02:44 +01:00
Alexandre Dulaunoy	5da0c7bd54	chg: [threat-actor] SideWinder APT group added	2020-01-07 10:42:07 +01:00
StefanKelm	9b6f9136f9	Update threat-actor.json	2020-01-03 12:50:49 +01:00
StefanKelm	9373cfcb53	Update threat-actor.json BRONZE PRESIDENT	2020-01-03 12:42:57 +01:00
Rony	6b1142abac	Update threat-actor.json	2019-12-23 22:05:28 +05:30
Bart	8ebb2e2d16	Update threat-actor.json Adds Operation Wocao..	2019-12-19 21:42:02 +01:00
Alexandre Dulaunoy	9f56a91013	Merge pull request #492 from Delta-Sierra/master Operation Soft Cell ralated Updates	2019-12-13 13:35:52 +01:00
Deborah Servili	03c54a3e05	add GALLIUM as microsoft activities group and similar to Operation Soft Cell	2019-12-13 11:47:31 +01:00
Deborah Servili	3be47af325	update threat actor version	2019-12-13 11:04:51 +01:00
Deborah Servili	9b153913be	add relation suspected link between operation soft cell and apt10	2019-12-13 10:59:06 +01:00
Sebastian Wagner	c3b5b39dd3	sofacy: add apt_sofacy as synonym	2019-12-12 15:57:13 +01:00
Deborah Servili	170f964e8c	##COMMA##	2019-12-11 14:22:09 +01:00
Deborah Servili	7e18f2e509	Merge branch 'master' into master	2019-12-11 13:51:52 +01:00
Deborah Servili	391b5a674d	add Axiom synonym	2019-12-11 13:50:35 +01:00
Alexandre Dulaunoy	8da36c09e1	chg: [threat-actor] jq	2019-12-08 09:03:14 +01:00
Daniel Plohmann	94b3c1ec07	added APT-C-34 / Golden Falcon	2019-12-07 12:44:30 +01:00
Deborah Servili	31f3a61d5f	add Sofacy ref	2019-12-05 15:42:42 +01:00
Daniel Plohmann	bd3cc6d8ee	added TA2101	2019-12-03 18:13:44 +01:00
Alexandre Dulaunoy	8cc5e02f22	chg: [clean-up] jq all the things	2019-11-21 17:19:39 +01:00
Deborah Servili	38641aae36	merge	2019-11-21 16:24:11 +01:00
Deborah Servili	f21dd95b28	merge	2019-11-21 16:23:29 +01:00
Deborah Servili	1a0dd2292b	add silence synonym & new meta field spoken-language	2019-11-21 11:50:02 +01:00
StefanKelm	aa132ca58f	new refs for APT33	2019-11-14 14:57:05 +01:00
Alexandre Dulaunoy	eea0f528fa	chg: [threat-actor] Lucky Mouse synonym added Ref: https://www.bleepingcomputer.com/news/security/cyber-espionage-group-customizes-old-public-tools/ Ref: https://www.cybersecurity-insiders.com/apt-lucky-mouse-group-targets-canada-icao-via-cyber-attack/	2019-11-12 12:51:44 +01:00
Raphaël Vinot	1486890f86	fix: JQ all the things.	2019-11-12 10:25:00 +01:00
Alexandre Dulaunoy	871d90cfc2	chg: [threat-actor] Calypso group added Ref: https://www.ptsecurity.com/upload/corporate/ru-ru/analytics/calypso-apt-2019-rus.pdf MISP UUID: 5ca4718b-7f38-4822-83b7-0a1a0a00b412	2019-11-11 13:34:54 +01:00
Alexandre Dulaunoy	d9a64c18ff	chg: [threat-actor] threat-actor-classification updated	2019-11-04 09:37:52 +01:00
Alexandre Dulaunoy	6f463325b9	chg: [threat-actor] jq is jq	2019-11-03 16:01:09 +01:00
Alexandre Dulaunoy	64a3569803	Merge branch 'master' of github.com:MISP/misp-galaxy	2019-11-03 08:52:37 +01:00
Alexandre Dulaunoy	8d01e77574	chg: [threat-actor] Operation WizardOpium added ref: https://securelist.com/chrome-0-day-exploit-cve-2019-13720-used-in-operation-wizardopium/94866/	2019-11-03 08:51:37 +01:00
Alexandre Dulaunoy	346e54a321	Merge pull request #468 from Delta-Sierra/master add Turla Group Symonym variant	2019-11-02 13:40:21 +01:00
Deborah Servili	1da2dc8af1	add Turla Group Symonym variant	2019-10-31 16:33:32 +01:00
Deborah Servili	efa2f43c0f	Merge pull request #467 from Delta-Sierra/master Few updates	2019-10-31 14:31:16 +01:00
Deborah Servili	bee9b80898	jq	2019-10-31 10:37:36 +01:00
Deborah Servili	0a8f989e1c	add Winnti related tools etc.	2019-10-31 10:36:15 +01:00
Rony	1fc0f5e2e7	Update threat-actor.json	2019-10-17 09:46:56 +05:30
Deborah Servili	88025a541f	add operation soft cell	2019-10-14 16:07:35 +02:00
Deborah Servili	a4b59f647c	jq	2019-09-25 13:41:55 +02:00
Alexandre Dulaunoy	309109eb27	chg: [threat-actor] new LookBack (Malware?Campaign?TA?) Signed-off: During MISP training	2019-09-25 12:12:34 +02:00
Alexandre Dulaunoy	a5ae130916	chg: [threat-actor] Evil Eye and POISON CARP Ref: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/ Signed-off: Jean-Louis during training session	2019-09-25 11:27:03 +02:00
Deborah Servili	638cdd4198	version update	2019-09-20 14:54:56 +02:00
Deborah Servili	b9b4b9c651	Add Tortoiseshell thrat actor	2019-09-20 14:53:25 +02:00
StefanKelm	db2b5a13ef	Update threat-actor.json Silent Librarian	2019-09-12 11:57:03 +02:00
Deborah Servili	718ea55dd7	Merge branch 'master' into master	2019-09-04 14:42:47 +02:00
Deborah Servili	9e3a998dfc	aff SectorJ04 group	2019-09-03 15:51:21 +02:00
Daniel Plohmann	f40b7dd132	'SectorJ04 Group' as alias introduced by NSHC for TA505 Not explicitly mentioned in the blog post but it looks like we just got an alias for TA505... https://threatrecon.nshc.net/2019/08/29/sectorj04-groups-increased-activity-in-2019/	2019-09-01 15:46:36 +02:00
Alexandre Dulaunoy	0966e58da6	Merge branch 'master' of github.com:MISP/misp-galaxy	2019-08-30 11:06:29 +02:00
Alexandre Dulaunoy	f5056ff02e	chg: [threat-actor] add machete-apt synonyms as reported in #445	2019-08-30 11:03:30 +02:00

... 8 9 10 11 12 ...

1292 commits