MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity
2,187 Commits
4 Branches
40 Tags
265 MiB
Commit Graph

500 Commits (15b27f949710ede4fd4f5316017b05c401375f8d)

Author SHA1 Message Date
StefanKelm 72e085aba9
Update threat-actor.json 
OceanLotus
 2020-12-02 11:44:29 +01:00
StefanKelm 15b5f4c881
Update threat-actor.json 
APT27
 2020-11-30 11:49:23 +01:00
StefanKelm da910c0c2e
Update threat-actor.json 2020-11-18 19:15:11 +01:00
StefanKelm 48ffaa8ce1
Update threat-actor.json 
Lazarus
 2020-11-18 12:10:23 +01:00
StefanKelm bf5bdeacb0
Update threat-actor.json 
OceanLotus
 2020-11-09 14:39:55 +01:00
StefanKelm 41a7a36317
Update threat-actor.json 
Kimsuky
 2020-11-02 17:30:25 +01:00
Rony 333e55fbeb
remove duplicate! 2020-11-02 14:18:49 +05:30
Rony 000cfa68a8
Update threat-actor.json 
Added TRACER KITTEN, FIN11, UNC1878, Operation Skeleton Key
 2020-11-02 13:51:08 +05:30
Deborah Servili 28784683db
Merge branch 'main' into master 2020-10-30 16:17:27 +01:00
Alexandre Dulaunoy 24f05749f0
Merge branch 'master' of https://github.com/enhanced/misp-galaxy into enhanced-master 2020-10-30 09:47:45 +01:00
JJ Cummings c48a38c2f1
Added a new cryptominer galaxy and additional missing recent families to various clusters 2020-10-29 14:40:22 -06:00
StefanKelm 808c2c3828
Update threat-actor.json 
Kimsuky
 2020-10-28 12:52:06 +01:00
Daniel Plohmann 02bcf1f5a7
adding PowerPool alias IAmTheKing (Kaspersky) 
after a quick search I haven't found a nice source except for costin's tweet.
 2020-10-09 13:49:16 +02:00
StefanKelm 7bab41e367
Update threat-actor.json 
TA505
 2020-10-06 15:29:54 +02:00
StefanKelm 1d05f17507
Update threat-actor.json 
XDSpy
 2020-10-06 12:45:43 +02:00
StefanKelm 18eebc01f6
Lazarus 2020-09-29 12:02:16 +02:00
Bart 2b51f7b6de
Update threat-actor.json 
Add Machete alias
 2020-09-27 18:37:24 +02:00
StefanKelm e95fbb571d
Update threat-actor.json 
GADOLINIUM
 2020-09-25 11:52:34 +02:00
StefanKelm 3ad3d5f318
Update threat-actor.json 
APT28
 2020-09-22 18:07:33 +02:00
Deborah Servili 4f3b6945c0 Merge https://github.com/MISP/misp-galaxy 2020-09-22 12:17:42 +02:00
Rony d1c70b3d80
FBI FLASH AC-000133-TT 2020-09-17 11:05:00 +05:30
Rony 4d4a462d7a
Update threat-actor.json 
Adding Fox-Kitten and cleaned (or improved) winnti
 2020-09-17 00:07:40 +05:30
Deborah Servili 0fe525a9db Merge https://github.com/MISP/misp-galaxy 2020-09-16 10:22:38 +02:00
Deborah Servili 00b5d0d116 add refs 2020-09-16 10:08:31 +02:00
Daniel Plohmann (jupiter) 7b00674c77 Adding TA413 and Evilnum 2020-09-15 14:19:22 +02:00
StefanKelm 63030f2cfe
Update threat-actor.json 
APT33
 2020-09-14 12:01:53 +02:00
StefanKelm 3cc3cc461a
Update threat-actor.json 
STRONTIUM
 2020-09-11 11:38:06 +02:00
StefanKelm 57a31fd60c
Update threat-actor.json 
Lazarus, FIN7
 2020-09-03 14:44:10 +02:00
StefanKelm 503d421a56
Update threat-actor.json 
TA542
 2020-08-31 15:07:13 +02:00
Thomas Dupuy d0c6b7b46d Update Tonto Team/CactusPete threat actor 2020-08-13 15:57:33 -04:00
Thomas Dupuy 4130d7c6fc Update TA APT40 2020-08-13 12:22:36 -04:00
Daniel Plohmann 8407b6fd28
Update threat-actor.json 
adding Kaspersky's name for Microcin.
 2020-08-12 12:03:28 +02:00
Vasileios Mavroeidis 40d12b9dde
Motive correction based on the EU Cert motive taxonomy 
Changed the motive in object 29af2812-f7fb-4edb-8cc4-86d0d9e3644b from Hactivism-Nationalist to Hacktivists-Nationalists
 2020-07-28 11:43:46 +02:00
Alexandre Dulaunoy 44afaf2523
chg: [threat-actor] remove duplicate references 2020-07-27 09:57:41 +02:00
StefanKelm 86c54cbd8c
Update threat-actor.json 
OilRig
 2020-07-23 11:07:22 +02:00
Steve Clement df6bed3d3a
Merge pull request #563 from r0ny123/patch-1 2020-07-22 09:14:13 +09:00
StefanKelm 17a1feb016
Update threat-actor.json 
Turla
 2020-07-15 11:20:18 +02:00
Rony c33f4c7611
Update threat-actor.json 
Moved the JUDGMENT PANDA references to APT31 following the previous commit.
Off note, Crowdstrike quietly removed the JUDGMENT PANDA section from its GTR-2019 report. However if anyone wants to grab the unchanged report, they can get it [here](https://b-ok.asia/book/3697424/2ab30a).
 2020-07-12 12:57:24 +05:30
Rony b77b9d374c
Update threat-actor.json 2020-07-12 11:19:13 +05:30
Deborah Servili 84474ddb29 merge 2020-07-09 16:31:04 +02:00
Deborah Servili 865e76beae commit 2020-07-07 14:47:44 +02:00
Alexandre Dulaunoy ba46bb6a0b
chg: [threat-actor] fix #561 by using new meta to classify as a campaign only. 
Based on https://github.com/MISP/misp-galaxy/issues/469

There is an old and persistence issue in attribution world and basically no-one really agrees on this. So we decided to start a specific metadata `threat-actor-classification` on the threat-actor to define the various types per cluster entry:

- _operation_:
  - _A military operation is the coordinated military actions of a state, or a non-state actor, in response to a developing situation. These actions are designed as a military plan to resolve the situation in the state or actor's favor. Operations may be of a combat or non-combat nature and may be referred to by a code name for the purpose of national security. Military operations are often known for their more generally accepted common usage names than their actual operational objectives._ from Wikipedia
  - **In the context of MISP threat-actor name, it's a single specific operation.**
- _campaign_:
  - _The term military campaign applies to large scale, long duration, significant military strategy plans incorporating a series of inter-related military operations or battles forming a distinct part of a larger conflict often called a war. The term derives from the plain of Campania, a place of annual wartime operations by the armies of the Roman Republic._ from Wikipedia
  - **In the context of MISP threat-actor-name, it's long-term activity which might be composed of one or more operations.**
- threat-actor
  - **In the context of MISP threat-actor-name, it's an agreed name by a set of organisations.**
- activity group
  - **In the context of MISP threat-actor-name, it's a group defined by its set of common techniques or activities.**
- unknown
  - **In the context of MISP threat-actor-name, it's still not clear if it's an operation, campaign, threat-actor or activity group**

The meta field is an array to allow specific cluster of threat-actor to show the current disagreement between different organisations about the type (threat actor, activity group, campaign and operation).
 2020-07-07 09:13:21 +02:00
Alexandre Dulaunoy 164e54c3fe
Merge branch 'master' of github.com:MISP/misp-galaxy 2020-07-02 09:55:42 +02:00
StefanKelm 14665429d7
Update threat-actor.json 
APT31
 2020-06-25 16:23:00 +02:00
StefanKelm 92bc206879
Update threat-actor.json 
APT30
 2020-06-23 14:54:09 +02:00
Rony bc97b07089
Update threat-actor.json 2020-06-21 19:19:17 +05:30
StefanKelm 583f1d2fc2
Update threat-actor.json 
TA505
 2020-06-17 11:56:29 +02:00
Alexandre Dulaunoy 0cb36249a4
chg: [jq] all the things 2020-06-12 09:26:30 +02:00
Rony 29be5ac7e1
fixed typo! 2020-06-12 00:09:59 +05:30
Rony 9365bfb7cd
Adding GALLIUM Threat Actor 2020-06-11 23:42:35 +05:30