MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity
2,187 Commits
4 Branches
41 Tags
267 MiB
Commit Graph

500 Commits (15b27f949710ede4fd4f5316017b05c401375f8d)

Author SHA1 Message Date
StefanKelm f042f98247
Update threat-actor.json 
Higaisa
 2020-06-08 14:09:39 +02:00
StefanKelm 9c25d5e8c5
Update threat-actor.json 
Cycldek
 2020-06-04 17:18:45 +02:00
Daniel Plohmann (jupiter) a705d1402f fixing deadlinks where possible 2020-05-27 09:49:58 +02:00
Daniel Plohmann (jupiter) 171f272a1e default to HTTPS to be consistent with other links to same page 2020-05-27 09:27:52 +02:00
Alexandre Dulaunoy 8a0a4cb02d
Merge pull request #551 from nyx0/master 
Add CrackMapExec, metasploit, Cobalt Strike and Covenant
 2020-05-27 09:10:08 +02:00
Thomas Dupuy 291fb41502 Remove duplicate TA (Chafer), fix symantec link, add synonyme for DarkHotel 2020-05-26 09:50:43 -04:00
Rony fbd351590a
Update threat-actor.json 2020-05-24 23:18:54 +05:30
Rony 5f8094d16f
fix 2020-05-24 23:14:43 +05:30
Alexandre Dulaunoy b5bbc34f5d
chg: [threat-actor] remove the non-unique elements 2020-05-22 14:01:32 +02:00
Nils Kuhnert fbfe9d23c3
Merged (most) SecureWorks threat actor profiles && jq 2020-05-22 13:45:29 +02:00
Daniel Plohmann 5101c5a828
msft name: BORON for APT3 
as per tweet: https://twitter.com/bkMSFT/status/1259578051962306562
 2020-05-11 15:37:38 +02:00
Alexandre Dulaunoy 09429eda5a
chg: [ta] fix the JSON 2020-05-11 10:20:10 +02:00
Thomas Dupuy 69fe870803 Add Higaisa Threat Actor 2020-05-08 13:01:48 -04:00
Deborah Servili 1d331a9ab1
Merge branch 'master' into master 2020-04-28 15:19:38 +02:00
Alexandre Dulaunoy 2a70893352
chg: [jq] JSON fixed 2020-04-27 15:03:25 +02:00
de Rosen a428ad565e Added misp info 2020-04-27 15:16:33 +03:00
Deborah Servili f6fd07fbc9
add speculoos bakdoor 2020-04-27 09:36:23 +02:00
Alexandre Dulaunoy 86157a6b96
Merge pull request #539 from r0ny123/MergingTA 
Adding alias Thallium and merging STOLEN PENCIL
 2020-04-26 21:16:56 +02:00
Rony 112f9e4a08
Adding alias Thallium and merging STOLEN PENCIL 
Pretty much confirmed from the crowdstrike talk at ATT&CKon 2.0.
And also Netscout named the campaign as STOLEN PENCIL.
 2020-04-26 23:47:37 +05:30
Alexandre Dulaunoy de71a444f8
chg: [json] add missing comma 2020-04-26 14:23:59 +02:00
rvs1st d449eb94fc
Update threat-actor.json 
Added on line 1403: Trident per campaign malicious RTF documents to exploit CVE-2017-11882 and CVE-2012-0158
 2020-04-24 09:03:58 -05:00
Alexandre Dulaunoy 4234d44052
Merge pull request #537 from danielplohmann/patch-28 
Adding Nazar APT as described by JAGS in his OPCDE talk yesterday.
 2020-04-24 15:33:47 +02:00
Daniel Plohmann 858621ebdc
Adding Nazar APT as described by JAGS in his OPCDE talk yesterday. 2020-04-23 15:47:35 +02:00
Daniel Plohmann b0f0bbae33
adding VOYEUR as alias (used by NSA) for MAGIC KITTEN (source reference included) 2020-04-23 14:52:08 +02:00
Deborah Servili 6b49d81b13 Merge branch 'master' of https://github.com/MISP/misp-galaxy 2020-04-23 10:06:04 +02:00
itayc0hen 667d5b8850 Add ItaDuke/DarkUniverse actor 2020-04-22 19:44:38 +03:00
pnx@pyrite 974ece3a7c adding FIN1 2020-04-20 14:20:22 +02:00
Rony aa34775390
typo 
thanks to @patricksvgr
 2020-04-19 23:17:44 +05:30
Rony ddfa280672
Update threat-actor.json 2020-04-19 23:06:57 +05:30
Rony 7ac2648dbc
more fix 2020-04-19 23:00:42 +05:30
Rony 573b4807ee
fix broken links 2020-04-19 16:03:21 +05:30
Rony 42a4820823
dead link 2020-04-19 11:45:45 +05:30
Rony 0aa34187e9
add link 2020-04-19 11:29:36 +05:30
Rony d6bf42254f
Merging APT23 & Tropic Trooper 2020-04-18 13:22:25 +05:30
Rony c161080175
Update threat-actor.json 2020-04-15 21:36:48 +05:30
Deborah Servili e8edc9cafc Merge branch 'master' of https://github.com/MISP/misp-galaxy 2020-04-15 11:27:01 +02:00
Deborah Servili b01e64eb1f
add Operation Shadow Forece 2020-04-08 14:53:19 +02:00
Daniel Plohmann aba625dee5
removed duplicate entry 2020-04-07 08:49:33 +02:00
Daniel Plohmann e15a4a6525
fixing/removing some more dead links 2020-04-06 15:25:22 +02:00
Alexandre Dulaunoy e37f320df5
Merge pull request #523 from danielplohmann/patch-24 
adding aliases MERCURY, HOLMIUM
 2020-03-09 21:56:27 +01:00
Daniel Plohmann ab49ef3c1a
Kimsuki -> Black Banshee 
PWC refers to Kimsuki as Black Banshee (https://www.pwc.co.uk/issues/cyber-security-data-privacy/research/tracking-kimsuky-north-korea-based-cyber-espionage-group-part-2.html)
 2020-03-09 18:20:56 +01:00
Daniel Plohmann 1260ab156a
adding aliases MERCURY, HOLMIUM 
Muddywater->MERCURY: https://twitter.com/moranned/status/1234071210822184960
APT33->HOLMIUM: https://www.zdnet.com/article/microsoft-notified-10000-victims-of-nation-state-attacks/
 2020-03-09 08:50:08 +01:00
Alexandre Dulaunoy 4a64d0a4ad
Merge pull request #519 from danielplohmann/crowdstrike2020report 
adding new/updated threat actor names from CrowdStrike 2020 report
 2020-03-05 09:07:16 +01:00
Daniel Plohmann (jupiter) 0c2b0b76eb while we are at it, we can also do Longhorn = APT-C-39 2020-03-04 21:09:06 +01:00
Daniel Plohmann (jupiter) 184f193342 IMPERIAL KITTEN as alias for Tortoiseshell 2020-03-04 19:39:14 +01:00
pnx@pyrite 3dc460e795 adding new/updated threat actor names from CrowdStrike 2020 report 2020-03-04 13:36:34 +01:00
Daniel Plohmann dc059d1f4d
Accenture calls APT32 - "POND LOACH" 2020-03-03 19:40:50 +01:00
Alexandre Dulaunoy b4b91b1e5d
chg: [threat-actor] JSON fixed 2020-02-28 16:37:24 +01:00
Thomas Dupuy 0daeb675f5 Add InvisiMole cluster 2020-02-18 13:28:32 -05:00
Daniel Plohmann e481e9bb50
adding APT-C-12 2020-02-13 17:44:45 +01:00
Rony 22c9badee0
Update threat-actor.json 
those are the name of aliases of the same malware family sykipot. so removing it.
 2020-02-05 18:00:31 +05:30
Deborah Servili 5da17d51aa
Merge branch 'master' into master 2020-01-24 09:33:33 +01:00
Deborah Servili 606e3ec90f
jq 2020-01-24 09:32:09 +01:00
Deborah Servili 58415324c5
add Operation Wocao 2020-01-24 08:27:20 +01:00
Thomas Dupuy edc5196373 Add Attor and DePriMon 2020-01-23 11:27:00 -05:00
Daniel Plohmann ccfe5ee130
removing and fixing deadlinks in the best possible way 
Hi! While migrating Malpedia to our new reference data format, we noticed a few potentially dead/moved references in your cluster. This pull request should fix most of them, for some I was not able to find an appropriate replacement.
 2020-01-23 11:14:20 +01:00
Daniel Plohmann 29a128da6f
adding references and TEMP.MixMaster as alias for WIZARD SPIDER 
with kudos to @tbarabosch
 2020-01-22 15:42:01 +01:00
Alexandre Dulaunoy dbaab413b6
chg: [threat-actor] typo fixed 2020-01-18 17:30:27 +01:00
Alexandre Dulaunoy 564f27c5ca
chg: [threat-actor] format fixed 2020-01-18 17:26:45 +01:00
Alexandre Dulaunoy 34c5c66279
chg: [threat-actor] fix order 2020-01-18 17:08:32 +01:00
Alexandre Dulaunoy 8eeceafc51
chg: [threat-actor] Budminer APT added based on document from "Soesanto, Stefan" 
Ref: https://www.research-collection.ethz.ch/bitstream/handle/20.500.11850/389371/1/Cyber-Reports-2020-01-A-one-sided-Affair.pdf
Ref: https://www.symantec.com/connect/blogs/taiwan-targeted-new-cyberespionage-back-door-trojan
 2020-01-18 17:02:44 +01:00
Alexandre Dulaunoy 5da0c7bd54
chg: [threat-actor] SideWinder APT group added 2020-01-07 10:42:07 +01:00
StefanKelm 9b6f9136f9
Update threat-actor.json 2020-01-03 12:50:49 +01:00
StefanKelm 9373cfcb53
Update threat-actor.json 
BRONZE PRESIDENT
 2020-01-03 12:42:57 +01:00
Rony 6b1142abac
Update threat-actor.json 2019-12-23 22:05:28 +05:30
Bart 8ebb2e2d16
Update threat-actor.json 
Adds Operation Wocao..
 2019-12-19 21:42:02 +01:00
Alexandre Dulaunoy 9f56a91013
Merge pull request #492 from Delta-Sierra/master 
Operation Soft Cell ralated Updates
 2019-12-13 13:35:52 +01:00
Deborah Servili 03c54a3e05
add GALLIUM as microsoft activities group and similar to Operation Soft Cell 2019-12-13 11:47:31 +01:00
Deborah Servili 3be47af325
update threat actor version 2019-12-13 11:04:51 +01:00
Deborah Servili 9b153913be
add relation suspected link between operation soft cell and apt10 2019-12-13 10:59:06 +01:00
Sebastian Wagner c3b5b39dd3
sofacy: add apt_sofacy as synonym 2019-12-12 15:57:13 +01:00
Deborah Servili 170f964e8c
##COMMA## 2019-12-11 14:22:09 +01:00
Deborah Servili 7e18f2e509
Merge branch 'master' into master 2019-12-11 13:51:52 +01:00
Deborah Servili 391b5a674d
add Axiom synonym 2019-12-11 13:50:35 +01:00
Alexandre Dulaunoy 8da36c09e1
chg: [threat-actor] jq 2019-12-08 09:03:14 +01:00
Daniel Plohmann 94b3c1ec07
added APT-C-34 / Golden Falcon 2019-12-07 12:44:30 +01:00
Deborah Servili 31f3a61d5f
add Sofacy ref 2019-12-05 15:42:42 +01:00
Daniel Plohmann bd3cc6d8ee
added TA2101 2019-12-03 18:13:44 +01:00
Alexandre Dulaunoy 8cc5e02f22
chg: [clean-up] jq all the things 2019-11-21 17:19:39 +01:00
Deborah Servili 38641aae36
merge 2019-11-21 16:24:11 +01:00
Deborah Servili f21dd95b28
merge 2019-11-21 16:23:29 +01:00
Deborah Servili 1a0dd2292b
add silence synonym & new meta field spoken-language 2019-11-21 11:50:02 +01:00
StefanKelm aa132ca58f
new refs for APT33 2019-11-14 14:57:05 +01:00
Alexandre Dulaunoy eea0f528fa
chg: [threat-actor] Lucky Mouse synonym added 
Ref: https://www.bleepingcomputer.com/news/security/cyber-espionage-group-customizes-old-public-tools/
Ref: https://www.cybersecurity-insiders.com/apt-lucky-mouse-group-targets-canada-icao-via-cyber-attack/
 2019-11-12 12:51:44 +01:00
Raphaël Vinot 1486890f86 fix: JQ all the things. 2019-11-12 10:25:00 +01:00
Alexandre Dulaunoy 871d90cfc2
chg: [threat-actor] Calypso group added 
Ref: https://www.ptsecurity.com/upload/corporate/ru-ru/analytics/calypso-apt-2019-rus.pdf
MISP UUID: 5ca4718b-7f38-4822-83b7-0a1a0a00b412
 2019-11-11 13:34:54 +01:00
Alexandre Dulaunoy d9a64c18ff
chg: [threat-actor] threat-actor-classification updated 2019-11-04 09:37:52 +01:00
Alexandre Dulaunoy 6f463325b9
chg: [threat-actor] jq is jq 2019-11-03 16:01:09 +01:00
Alexandre Dulaunoy 64a3569803
Merge branch 'master' of github.com:MISP/misp-galaxy 2019-11-03 08:52:37 +01:00
Alexandre Dulaunoy 8d01e77574
chg: [threat-actor] Operation WizardOpium added 
ref: https://securelist.com/chrome-0-day-exploit-cve-2019-13720-used-in-operation-wizardopium/94866/
 2019-11-03 08:51:37 +01:00
Alexandre Dulaunoy 346e54a321
Merge pull request #468 from Delta-Sierra/master 
add Turla Group Symonym variant
 2019-11-02 13:40:21 +01:00
Deborah Servili 1da2dc8af1
add Turla Group Symonym variant 2019-10-31 16:33:32 +01:00
Deborah Servili efa2f43c0f
Merge pull request #467 from Delta-Sierra/master 
Few updates
 2019-10-31 14:31:16 +01:00
Deborah Servili bee9b80898
jq 2019-10-31 10:37:36 +01:00
Deborah Servili 0a8f989e1c
add Winnti related tools etc. 2019-10-31 10:36:15 +01:00
Rony 1fc0f5e2e7
Update threat-actor.json 2019-10-17 09:46:56 +05:30
Deborah Servili 88025a541f
add operation soft cell 2019-10-14 16:07:35 +02:00
Deborah Servili a4b59f647c
jq 2019-09-25 13:41:55 +02:00
Alexandre Dulaunoy 309109eb27
chg: [threat-actor] new LookBack (Malware?Campaign?TA?) 
Signed-off: During MISP training
 2019-09-25 12:12:34 +02:00
Alexandre Dulaunoy a5ae130916
chg: [threat-actor] Evil Eye and POISON CARP 
Ref: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/
Signed-off: Jean-Louis during training session
 2019-09-25 11:27:03 +02:00