MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity
3,369 Commits
4 Branches
41 Tags
267 MiB
Commit Graph

38 Commits (master)

Author SHA1 Message Date
Christophe Vandeplas 79b80b0869
chg: [rels] more threat actor relations 2023-04-23 17:54:58 +02:00
Christophe Vandeplas bf7c5f1dd9
chg: [rels] threat-actor & MS activity group - on synonym 2023-04-23 11:56:41 +02:00
Christophe Vandeplas a5e7e0c95f
chg: [rels] threat-actor & MS activity group - on value 2023-04-23 11:55:57 +02:00
Alexandre Dulaunoy adc7a70cf9
chg: [microsoft-activity-group] country code added 2023-04-21 07:39:37 +02:00
Alexandre Dulaunoy 8688c41796
chg: [microsoft activity group] remove duplicate 2023-04-20 17:25:32 +02:00
Alexandre Dulaunoy 592361826a
fix: [microsoft activity group] duplicate in Microsoft source 2023-04-20 17:20:57 +02:00
Alexandre Dulaunoy 309f4f2ea5
chg: [microsoft-activity-group] updated following contribution from @botlabsDev script 2023-04-20 17:04:05 +02:00
Delta-Sierra 063ac9fc71 jq? 2023-04-19 15:10:25 +02:00
Delta-Sierra ecb7e79a6e Merge https://github.com/MISP/misp-galaxy 2023-04-19 15:06:51 +02:00
Tobias Mainka 8d2b9537f1
replace "sector" tag with "country" for matching data. this allows to be confirm with existing clusters. 2023-04-19 12:38:37 +02:00
Alexandre Dulaunoy ccc8f0f801
chg: [microsoft-activity-group] updated to map the new funky Microsoft "taxonomy" 
Script to generate the cluster is the following, UUIDv5 based on
standard misp-stix source UUIDv4.

~~~python
lcluster = []
for v in data:
    cluster = {}
    cluster['value'] = v['threat_actor']
    cluster['meta'] = {}
    cluster['meta']['sector'] = v['sector']
    cluster['meta']['synonyms'] = v['synonyms']
    cluster['meta']['refs'] = []
    cluster['meta']['refs'].append('https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide')
    _uuid = uuid.uuid5(uuid.UUID("76beed5f-7251-457e-8c2a-b45f7b589d3d"), "{}".format(cluster['value']))
    cluster['uuid'] = str(_uuid)
    lcluster.append(cluster)
~~~

Relationships might be added in a later stage to map with the MISP threat actor galaxy.
 2023-04-19 10:47:11 +02:00
Delta-Sierra 6b8994271e add relationships for HALFRIG & QUATTERRIG 2023-04-18 12:20:20 +02:00
Delta-Sierra 4a4fa6d16f fix versions 2023-04-17 11:32:51 +02:00
Delta-Sierra d4225c5469 add some SNOWYAMBER relationships 2023-04-17 11:16:21 +02:00
Rony 6fd584fa88 remove APT36/ Transpert Tribe from microsoft-activity-group.json cause we don't know any MSTIC name yet. 2022-08-20 17:06:18 +00:00
Delta-Sierra 913aff30c3 Add NOBELIUM and related 2021-07-02 13:18:03 +02:00
Alexandre Dulaunoy a9a6b0253f
chg: [microsoft activity group] HAFNIUM added 2021-03-04 10:49:58 +01:00
Delta-Sierra 88bbf8851c jq 2020-10-30 16:14:02 +01:00
Delta-Sierra be672b8d3a update microsoft activity groups 2020-10-30 14:53:20 +01:00
Deborah Servili a706b8ef2e
PARINACOTA group 2020-03-12 13:11:46 +01:00
Deborah Servili 03c54a3e05
add GALLIUM as microsoft activities group and similar to Operation Soft Cell 2019-12-13 11:47:31 +01:00
Christophe Vandeplas 9dddc4427c jq 2018-10-19 10:23:09 +02:00
Christophe Vandeplas ddccac58c8 chg: categorization of galaxies 
This allows relationships to be created.
 2018-10-19 10:18:14 +02:00
Christophe Vandeplas f26a4f2806 fix: minor newline difference after jq_all_the 2018-10-12 12:31:29 +02:00
Christophe Vandeplas f14d616e22 chg: magical mapping with malpedia 2018-10-12 11:00:00 +02:00
Christophe Vandeplas 2fbd8ce485 jq sort keys 
Allows automation to edit the files
 2018-10-12 10:35:31 +02:00
Deborah Servili f14dd27315
add cfr data 2018-08-27 15:29:16 +02:00
Deborah Servili d1940b6a69
Update microsoft-activity-group.json version 2018-08-27 08:38:22 +02:00
Deborah Servili c943d1c9d1
add APT28/STRONTIUM refs 2018-08-22 09:59:40 +02:00
Christophe Vandeplas 88162aa44e chg: [mapping] Generated automatic mapping between clusters 2018-08-14 09:35:22 +02:00
Christophe Vandeplas 5478f0aa45 no change: dump files with sort_keys=True 
This is needed to keep better track of the changes when other tools load and save the json files.
 2018-08-13 17:06:29 +02:00
Deborah Servili b3574f880a jq ftw 2018-02-28 16:16:28 +01:00
Deborah Servili d88a4a44dc add uuid to every cluster 2018-02-28 15:37:37 +01:00
Alexandre Dulaunoy 0578d7b7b1 The mysterious ZIRCONIUM activity group added 2017-04-03 19:44:36 +02:00
Raphaël Vinot 910398fe76 Fix validation, remove duplicate. 2017-02-13 18:52:54 +01:00
Alexandre Dulaunoy d09b25f2a0 fix: BARIUM and LEAD added 2017-01-25 19:58:50 +01:00
Déborah Servili f03252a555 ##comma## 2016-12-22 14:13:46 +01:00
Déborah Servili 136ed05521 Add microsoft-activity-group cluster 2016-12-22 11:01:15 +01:00