MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity
2,187 Commits
4 Branches
41 Tags
267 MiB
Commit Graph

500 Commits (15b27f949710ede4fd4f5316017b05c401375f8d)

Author SHA1 Message Date
Rony 22c9badee0
Update threat-actor.json 
those are the name of aliases of the same malware family sykipot. so removing it.
 2020-02-05 18:00:31 +05:30
Deborah Servili 5da17d51aa
Merge branch 'master' into master 2020-01-24 09:33:33 +01:00
Deborah Servili 606e3ec90f
jq 2020-01-24 09:32:09 +01:00
Deborah Servili 58415324c5
add Operation Wocao 2020-01-24 08:27:20 +01:00
Thomas Dupuy edc5196373 Add Attor and DePriMon 2020-01-23 11:27:00 -05:00
Daniel Plohmann ccfe5ee130
removing and fixing deadlinks in the best possible way 
Hi! While migrating Malpedia to our new reference data format, we noticed a few potentially dead/moved references in your cluster. This pull request should fix most of them, for some I was not able to find an appropriate replacement.
 2020-01-23 11:14:20 +01:00
Daniel Plohmann 29a128da6f
adding references and TEMP.MixMaster as alias for WIZARD SPIDER 
with kudos to @tbarabosch
 2020-01-22 15:42:01 +01:00
Alexandre Dulaunoy dbaab413b6
chg: [threat-actor] typo fixed 2020-01-18 17:30:27 +01:00
Alexandre Dulaunoy 564f27c5ca
chg: [threat-actor] format fixed 2020-01-18 17:26:45 +01:00
Alexandre Dulaunoy 34c5c66279
chg: [threat-actor] fix order 2020-01-18 17:08:32 +01:00
Alexandre Dulaunoy 8eeceafc51
chg: [threat-actor] Budminer APT added based on document from "Soesanto, Stefan" 
Ref: https://www.research-collection.ethz.ch/bitstream/handle/20.500.11850/389371/1/Cyber-Reports-2020-01-A-one-sided-Affair.pdf
Ref: https://www.symantec.com/connect/blogs/taiwan-targeted-new-cyberespionage-back-door-trojan
 2020-01-18 17:02:44 +01:00
Alexandre Dulaunoy 5da0c7bd54
chg: [threat-actor] SideWinder APT group added 2020-01-07 10:42:07 +01:00
StefanKelm 9b6f9136f9
Update threat-actor.json 2020-01-03 12:50:49 +01:00
StefanKelm 9373cfcb53
Update threat-actor.json 
BRONZE PRESIDENT
 2020-01-03 12:42:57 +01:00
Rony 6b1142abac
Update threat-actor.json 2019-12-23 22:05:28 +05:30
Bart 8ebb2e2d16
Update threat-actor.json 
Adds Operation Wocao..
 2019-12-19 21:42:02 +01:00
Alexandre Dulaunoy 9f56a91013
Merge pull request #492 from Delta-Sierra/master 
Operation Soft Cell ralated Updates
 2019-12-13 13:35:52 +01:00
Deborah Servili 03c54a3e05
add GALLIUM as microsoft activities group and similar to Operation Soft Cell 2019-12-13 11:47:31 +01:00
Deborah Servili 3be47af325
update threat actor version 2019-12-13 11:04:51 +01:00
Deborah Servili 9b153913be
add relation suspected link between operation soft cell and apt10 2019-12-13 10:59:06 +01:00
Sebastian Wagner c3b5b39dd3
sofacy: add apt_sofacy as synonym 2019-12-12 15:57:13 +01:00
Deborah Servili 170f964e8c
##COMMA## 2019-12-11 14:22:09 +01:00
Deborah Servili 7e18f2e509
Merge branch 'master' into master 2019-12-11 13:51:52 +01:00
Deborah Servili 391b5a674d
add Axiom synonym 2019-12-11 13:50:35 +01:00
Alexandre Dulaunoy 8da36c09e1
chg: [threat-actor] jq 2019-12-08 09:03:14 +01:00
Daniel Plohmann 94b3c1ec07
added APT-C-34 / Golden Falcon 2019-12-07 12:44:30 +01:00
Deborah Servili 31f3a61d5f
add Sofacy ref 2019-12-05 15:42:42 +01:00
Daniel Plohmann bd3cc6d8ee
added TA2101 2019-12-03 18:13:44 +01:00
Alexandre Dulaunoy 8cc5e02f22
chg: [clean-up] jq all the things 2019-11-21 17:19:39 +01:00
Deborah Servili 38641aae36
merge 2019-11-21 16:24:11 +01:00
Deborah Servili f21dd95b28
merge 2019-11-21 16:23:29 +01:00
Deborah Servili 1a0dd2292b
add silence synonym & new meta field spoken-language 2019-11-21 11:50:02 +01:00
StefanKelm aa132ca58f
new refs for APT33 2019-11-14 14:57:05 +01:00
Alexandre Dulaunoy eea0f528fa
chg: [threat-actor] Lucky Mouse synonym added 
Ref: https://www.bleepingcomputer.com/news/security/cyber-espionage-group-customizes-old-public-tools/
Ref: https://www.cybersecurity-insiders.com/apt-lucky-mouse-group-targets-canada-icao-via-cyber-attack/
 2019-11-12 12:51:44 +01:00
Raphaël Vinot 1486890f86 fix: JQ all the things. 2019-11-12 10:25:00 +01:00
Alexandre Dulaunoy 871d90cfc2
chg: [threat-actor] Calypso group added 
Ref: https://www.ptsecurity.com/upload/corporate/ru-ru/analytics/calypso-apt-2019-rus.pdf
MISP UUID: 5ca4718b-7f38-4822-83b7-0a1a0a00b412
 2019-11-11 13:34:54 +01:00
Alexandre Dulaunoy d9a64c18ff
chg: [threat-actor] threat-actor-classification updated 2019-11-04 09:37:52 +01:00
Alexandre Dulaunoy 6f463325b9
chg: [threat-actor] jq is jq 2019-11-03 16:01:09 +01:00
Alexandre Dulaunoy 64a3569803
Merge branch 'master' of github.com:MISP/misp-galaxy 2019-11-03 08:52:37 +01:00
Alexandre Dulaunoy 8d01e77574
chg: [threat-actor] Operation WizardOpium added 
ref: https://securelist.com/chrome-0-day-exploit-cve-2019-13720-used-in-operation-wizardopium/94866/
 2019-11-03 08:51:37 +01:00
Alexandre Dulaunoy 346e54a321
Merge pull request #468 from Delta-Sierra/master 
add Turla Group Symonym variant
 2019-11-02 13:40:21 +01:00
Deborah Servili 1da2dc8af1
add Turla Group Symonym variant 2019-10-31 16:33:32 +01:00
Deborah Servili efa2f43c0f
Merge pull request #467 from Delta-Sierra/master 
Few updates
 2019-10-31 14:31:16 +01:00
Deborah Servili bee9b80898
jq 2019-10-31 10:37:36 +01:00
Deborah Servili 0a8f989e1c
add Winnti related tools etc. 2019-10-31 10:36:15 +01:00
Rony 1fc0f5e2e7
Update threat-actor.json 2019-10-17 09:46:56 +05:30
Deborah Servili 88025a541f
add operation soft cell 2019-10-14 16:07:35 +02:00
Deborah Servili a4b59f647c
jq 2019-09-25 13:41:55 +02:00
Alexandre Dulaunoy 309109eb27
chg: [threat-actor] new LookBack (Malware?Campaign?TA?) 
Signed-off: During MISP training
 2019-09-25 12:12:34 +02:00
Alexandre Dulaunoy a5ae130916
chg: [threat-actor] Evil Eye and POISON CARP 
Ref: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/
Signed-off: Jean-Louis during training session
 2019-09-25 11:27:03 +02:00
Deborah Servili 638cdd4198
version update 2019-09-20 14:54:56 +02:00
Deborah Servili b9b4b9c651
Add Tortoiseshell thrat actor 2019-09-20 14:53:25 +02:00
StefanKelm db2b5a13ef
Update threat-actor.json 
Silent Librarian
 2019-09-12 11:57:03 +02:00
Deborah Servili 718ea55dd7
Merge branch 'master' into master 2019-09-04 14:42:47 +02:00
Deborah Servili 9e3a998dfc
aff SectorJ04 group 2019-09-03 15:51:21 +02:00
Daniel Plohmann f40b7dd132
'SectorJ04 Group' as alias introduced by NSHC for TA505 
Not explicitly mentioned in the blog post but it looks like we just got an alias for TA505... https://threatrecon.nshc.net/2019/08/29/sectorj04-groups-increased-activity-in-2019/
 2019-09-01 15:46:36 +02:00
Alexandre Dulaunoy 0966e58da6
Merge branch 'master' of github.com:MISP/misp-galaxy 2019-08-30 11:06:29 +02:00
Alexandre Dulaunoy f5056ff02e
chg: [threat-actor] add machete-apt synonyms as reported in #445 2019-08-30 11:03:30 +02:00
StefanKelm 49f8f60a85
Update threat-actor.json 
Add ITG08 as synonym for FIN6
 2019-08-29 13:13:00 +02:00
Alexandre Dulaunoy 8d78a2a108
chg: [threat-actor] jq all 2019-08-29 08:31:10 +02:00
Alexandre Dulaunoy 791c88f2eb
Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master 2019-08-29 08:30:41 +02:00
Deborah Servili 395dd93e0f
add Asruex Backdoor 2019-08-28 15:40:03 +02:00
Alexandre Dulaunoy 9926ea8826
chg: [threat-actor] LYCEUM added - 443 #fixed 2019-08-28 14:35:12 +02:00
Deborah Servili ea68336b96
add ref for Gamaredon 2019-08-27 08:28:58 +02:00
Sebastian Wagner 38aebbf42a
remove empty strings 2019-08-19 17:04:07 +02:00
Alexandre Dulaunoy 3841447e16
Merge pull request #434 from r0ny123/patch-1 
added microsoft naming for the groups
 2019-08-10 18:52:26 +02:00
Thomas Dupuy df5c9057a1 add synonyme for Turla 2019-08-09 17:34:22 -04:00
Rony feac39db6b
added microsoft naming for the groups 2019-08-09 22:19:09 +05:30
Thomas Dupuy 320e298549 update victims 2019-08-09 10:45:10 -04:00
Thomas Dupuy 1988662ee5 add APT41 2019-08-09 10:24:06 -04:00
Nils Kuhnert 17925f3e10
Remove local file link :) 2019-08-03 18:55:00 +02:00
Alexandre Dulaunoy 7913adad61
chg: [threat-actor] rollback as discussed by chat with Andras until version 2.0 2019-08-02 16:08:40 +02:00
Andras Iklody 984be50396
lowercased value field for DarkHotel 2019-08-02 15:40:31 +02:00
Alexandre Dulaunoy a401ff7405
Merge branch 'master' into patch-13 2019-08-01 08:52:27 +02:00
Daniel Plohmann 0367e16ce0
adding secureworks actor names for energetic bear and teamspy 2019-07-31 14:35:09 +02:00
Daniel Plohmann a4a72d0698
adding Proofpoint's TA428 2019-07-31 14:08:50 +02:00
Deborah Servili 2861d2d78c
jq 2019-07-16 10:13:10 +02:00
Deborah Servili ea4d8a2d42
add SWEED threat actor 2019-07-16 10:03:07 +02:00
Alexandre Dulaunoy 9517c8b878
chg: [threat-actor] version updated 2019-06-20 17:58:35 +02:00
Alexandre Dulaunoy 8c90f7231c
chg: [threat-actor] duplicated refs removed 2019-06-20 17:35:35 +02:00
Alexandre Dulaunoy 5e9d075ae5
chg: [threat-actor] synonyms fixed 2019-06-20 17:30:01 +02:00
Alexandre Dulaunoy 195406cc6b
chg: [threat-actor] jq everything 2019-06-20 17:27:55 +02:00
Alexandre Dulaunoy d018519700
Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy 2019-06-20 17:23:04 +02:00
Deborah Servili 30f042211b
fix duplicate 2019-06-20 16:35:49 +02:00
Deborah Servili a984786c8b
update threat actor galaxy 2019-06-20 16:25:23 +02:00
Rony 7afb9083b2
Update threat-actor.json 2019-06-19 23:29:35 +05:30
Deborah Servili 4bd37e2b2d
update threat actor galaxy 2019-06-19 16:38:04 +02:00
Deborah Servili 52e51833de
update threat actor galaxy 2019-06-18 16:05:49 +02:00
Deborah Servili 431e7a36c1
update threat actor galaxy 2019-06-17 16:36:42 +02:00
Deborah Servili b966369933
##COMMA## 2019-06-14 16:35:55 +02:00
Deborah Servili 1e5292d999
fix duplicate 2019-06-14 16:21:33 +02:00
Deborah Servili ead217eb28
Update version 2019-06-14 16:11:02 +02:00
Deborah Servili 98f0572d51
update threat actor galaxy 2019-06-14 16:06:09 +02:00
Deborah Servili b040f9f57b
fix duplicate and links update (APT34) 2019-06-14 08:41:38 +02:00
Deborah Servili 2001652dae
fix duplicate 2019-06-14 08:28:44 +02:00
Deborah Servili 20e77afcc3
update threat actor galaxy 2019-06-13 16:19:21 +02:00
Deborah Servili 11c2f43c9f
tryto fix duplicate 2019-06-13 11:26:42 +02:00
Deborah Servili e4245ee991
update threat actor galaxy 2019-06-12 16:25:24 +02:00
Deborah Servili 5a3d7e816f
fix duplicate 2019-06-12 09:24:05 +02:00
Deborah Servili 1ba7f19ca2
update threat actor galaxy 2019-06-11 16:14:58 +02:00
Deborah Servili 347ed5d529
jq 2019-06-11 15:57:21 +02:00
Deborah Servili 79f11de6db
update threat actor galaxy 2019-06-11 15:54:39 +02:00
Deborah Servili d6b458520b
update threat actor galaxy 2019-06-11 11:57:04 +02:00
Deborah Servili 1f2e59addb
update Threat actor galaxy 2019-06-07 16:34:43 +02:00
Deborah Servili 185763a63a
update threat actor 2019-06-06 16:34:09 +02:00
Deborah Servili b809b9cfbb
update threat actor darkhotel (nemim might be a typo) 2019-06-06 11:58:19 +02:00
Deborah Servili 189c3066a5
update threat actor 2019-06-04 16:32:39 +02:00
Deborah Servili a6c9d335ee
fix multiple refs 2019-06-04 08:52:34 +02:00
Deborah Servili b47863f1c1
update threat actors 2019-05-29 16:18:50 +02:00
Deborah Servili f48167ce77
update threat actors 2019-05-29 15:34:20 +02:00
Deborah Servili f4cf3464ce
update threat actors and tools 2019-05-28 16:05:54 +02:00
Deborah Servili 940762e0c5
update threat actor 2019-05-28 09:22:26 +02:00
Deborah Servili 0bb1420ab7
update threat-actor galaxy 2019-05-27 16:38:01 +02:00
Deborah Servili af6241fd20
update Anchor Panda Threat Actor 2019-05-27 11:47:05 +02:00
Daniel Plohmann 1cc0137c38
adding TA542 to MUMMY SPIDER (emotet) 2019-05-17 17:36:57 +02:00
Rony 380006ecbb
merging Pacifier & Turla 2019-05-16 23:57:49 +05:30
Daniel Plohmann a20f7fbe91
adding APT31/ZIRCONIUM 2019-05-15 22:43:33 +02:00
Rony 7c0ea4949a
Update threat-actor.json 2019-05-12 11:11:09 +05:30
Raphaël Vinot 988586fde0 fix: Duplicate values, typos. 2019-05-06 17:17:16 +02:00
StefanKelm 7e329855b2
Update threat-actor.json 
Silent Librarian / COBALT DICKENS
 2019-05-02 15:34:19 +02:00
Alexandre Dulaunoy 37da9bebdf
chg: [threat-actor] FIN4 updates 2019-05-01 17:41:03 +02:00
Rony 0afaf81438
Update threat-actor.json 2019-05-01 15:54:38 +05:30
Rony c565f61761
Update threat-actor.json 2019-05-01 15:51:56 +05:30
Rony 3b185d8435
Update threat-actor.json 2019-05-01 15:40:10 +05:30
Rony ed351b4eae
updated FIN4 2019-05-01 15:24:59 +05:30
Rony 292df2360a
more report on APT36 2019-04-22 11:05:21 +05:30
Deborah Servili 8ac7aec85c
add Sea Turtle campaign 2019-04-19 13:21:11 +02:00
Christophe Vandeplas ecc63cf166 chg; [threat-actor] validate + version bump 2019-04-17 21:01:55 +02:00
Christophe Vandeplas d5fd896bb0
Merge pull request #385 from bartblaze/master 
Add Whitefly
 2019-04-17 20:53:15 +02:00
Bart e1cab68683
Add Whitefly 2019-04-17 12:27:18 +01:00
Rony d98aefa186
fixed the broken link 2019-04-17 09:17:23 +05:30
Bart 3256cca9e0
Add DoNot team references 2019-04-12 21:12:16 +01:00
Alexandre Dulaunoy d7b4908aa3
Merge branch 'patch-8' of https://github.com/danielplohmann/misp-galaxy into danielplohmann-patch-8 2019-04-12 05:58:47 +02:00
Daniel Plohmann 159225b6cf
Based on additional research, APT36 can actually be merged into Mythic Leopard 2019-04-11 22:29:49 +02:00
Rony 7987c8f023
Update threat-actor.json 2019-04-12 01:56:12 +05:30
Rony 2fc914b2f9
Update threat-actor.json 2019-04-12 01:06:50 +05:30
Rony 60e4a486a7
adding additional resources for APT36 2019-04-11 23:55:51 +05:30
Daniel Plohmann df5301eab5
adding FireEye's TMP.Lapis / APT36 2019-04-09 08:38:44 +02:00
Alexandre Dulaunoy ac6276a906
Merge pull request #371 from Delta-Sierra/master 
Add Operation ShadowHammer
 2019-03-26 22:25:22 +01:00
Deborah Servili 6027d546f2
Add Operation ShadowHammer 2019-03-26 10:40:29 +01:00
Alexandre Dulaunoy 52f088efc9
Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master 2019-03-21 20:51:59 +01:00
Daniel Plohmann e0bb3d76a6
added APT-C-27 / GoldMouse 2019-03-21 18:06:03 +01:00
Deborah Servili d0383b460f
jq 2019-03-21 09:15:16 +01:00
Deborah Servili 0fd04fa619
Merge branch 'master' into master 2019-03-21 08:42:30 +01:00
Deborah Servili f86c748b8c
add AOT-C-27 Goldmouse 2019-03-20 15:45:20 +01:00
Alexandre Dulaunoy b2538a1f8a
chg: [threat-actor] change attribution confidence to be a string by default 2019-03-19 16:51:41 +01:00
Alexandre Dulaunoy 4f454493b7
chg: [threat-actor] BRONZE UNION is also uppercase 2019-03-19 14:47:03 +01:00
Alexandre Dulaunoy 9a6b597387
chg: [threat-actor] updated the version to avoid the past issue with 0 value for integer values 2019-03-19 14:44:49 +01:00
Deborah Servili 5ce8aae89e
add Operation Comando - hit version 100 2019-03-15 15:04:29 +01:00
Alexandre Dulaunoy 5db30ba974
chg: [threat-actor] SandCat added 2019-03-14 06:18:10 +01:00