Commit Graph

2471 Commits (2d8eff9de97e99f63c3e7fb1cf889b34a075ae58)

Author SHA1 Message Date
Deborah Servili 84474ddb29 merge 2020-07-09 16:31:04 +02:00
Deborah Servili 865e76beae commit 2020-07-07 14:47:44 +02:00
Alexandre Dulaunoy ba46bb6a0b
chg: [threat-actor] fix #561 by using new meta to classify as a campaign only.
Based on https://github.com/MISP/misp-galaxy/issues/469

There is an old and persistence issue in attribution world and basically no-one really agrees on this. So we decided to start a specific metadata `threat-actor-classification` on the threat-actor to define the various types per cluster entry:

- _operation_:
  - _A military operation is the coordinated military actions of a state, or a non-state actor, in response to a developing situation. These actions are designed as a military plan to resolve the situation in the state or actor's favor. Operations may be of a combat or non-combat nature and may be referred to by a code name for the purpose of national security. Military operations are often known for their more generally accepted common usage names than their actual operational objectives._ from Wikipedia
  - **In the context of MISP threat-actor name, it's a single specific operation.**
- _campaign_:
  - _The term military campaign applies to large scale, long duration, significant military strategy plans incorporating a series of inter-related military operations or battles forming a distinct part of a larger conflict often called a war. The term derives from the plain of Campania, a place of annual wartime operations by the armies of the Roman Republic._ from Wikipedia
  - **In the context of MISP threat-actor-name, it's long-term activity which might be composed of one or more operations.**
- threat-actor
  - **In the context of MISP threat-actor-name, it's an agreed name by a set of organisations.**
- activity group
  - **In the context of MISP threat-actor-name, it's a group defined by its set of common techniques or activities.**
- unknown
  - **In the context of MISP threat-actor-name, it's still not clear if it's an operation, campaign, threat-actor or activity group**

The meta field is an array to allow specific cluster of threat-actor to show the current disagreement between different organisations about the type (threat actor, activity group, campaign and operation).
2020-07-07 09:13:21 +02:00
Raphaël Vinot 86a8f04be3 chg: Bump travis 2020-07-02 11:27:08 +02:00
Alexandre Dulaunoy 164e54c3fe
Merge branch 'master' of github.com:MISP/misp-galaxy 2020-07-02 09:55:42 +02:00
Alexandre Dulaunoy f59d831c91
Merge pull request #557 from r0ny123/patch-1
Update threat-actor.json
2020-06-27 00:06:02 +02:00
Alexandre Dulaunoy 312cba12f7
Merge pull request #559 from StefanKelm/master
Update threat-actor.json
2020-06-25 16:33:38 +02:00
StefanKelm 14665429d7
Update threat-actor.json
APT31
2020-06-25 16:23:00 +02:00
Alexandre Dulaunoy 5363e63cae
Merge pull request #558 from StefanKelm/master
Update threat-actor.json
2020-06-23 18:49:49 +02:00
StefanKelm 92bc206879
Update threat-actor.json
APT30
2020-06-23 14:54:09 +02:00
Rony bc97b07089
Update threat-actor.json 2020-06-21 19:19:17 +05:30
Alexandre Dulaunoy 2d1b05bcf9
Merge pull request #556 from StefanKelm/master
Update threat-actor.json
2020-06-17 12:28:13 +02:00
StefanKelm 583f1d2fc2
Update threat-actor.json
TA505
2020-06-17 11:56:29 +02:00
Alexandre Dulaunoy 8c3c224e6a
Merge branch 'r0ny123-master' 2020-06-12 09:26:51 +02:00
Alexandre Dulaunoy 0cb36249a4
chg: [jq] all the things 2020-06-12 09:26:30 +02:00
Rony 29be5ac7e1
fixed typo! 2020-06-12 00:09:59 +05:30
Rony 9365bfb7cd
Adding GALLIUM Threat Actor 2020-06-11 23:42:35 +05:30
Rony 01b03ca5b0
Merge pull request #1 from MISP/master
update
2020-06-11 21:48:52 +05:30
Alexandre Dulaunoy 7ade356d5b
Merge pull request #554 from StefanKelm/master
Update threat-actor.json
2020-06-08 15:09:09 +02:00
StefanKelm f042f98247
Update threat-actor.json
Higaisa
2020-06-08 14:09:39 +02:00
Alexandre Dulaunoy 1dd764160d
Merge pull request #553 from StefanKelm/master
Update threat-actor.json
2020-06-04 17:22:53 +02:00
StefanKelm 9c25d5e8c5
Update threat-actor.json
Cycldek
2020-06-04 17:18:45 +02:00
Alexandre Dulaunoy 3867b1f602
Merge pull request #552 from danielplohmann/reference-fixes
Reference fixes
2020-05-29 09:26:05 +02:00
Alexandre Dulaunoy 2a074f23fd
chg: [preventive-measure] packet filtering added 2020-05-27 10:02:16 +02:00
Daniel Plohmann (jupiter) a705d1402f fixing deadlinks where possible 2020-05-27 09:49:58 +02:00
Daniel Plohmann (jupiter) 171f272a1e default to HTTPS to be consistent with other links to same page 2020-05-27 09:27:52 +02:00
Alexandre Dulaunoy 8a0a4cb02d
Merge pull request #551 from nyx0/master
Add CrackMapExec, metasploit, Cobalt Strike and Covenant
2020-05-27 09:10:08 +02:00
Alexandre Dulaunoy e8a82ebf8e Merge pull request #550 from r0ny123/patch-1
fix
2020-05-27 09:09:21 +02:00
Thomas Dupuy 291fb41502 Remove duplicate TA (Chafer), fix symantec link, add synonyme for DarkHotel 2020-05-26 09:50:43 -04:00
Thomas Dupuy 143bd521be Add CrackMapExec, metasploit, Cobalt Strike and Covenant 2020-05-26 09:35:01 -04:00
Rony fbd351590a
Update threat-actor.json 2020-05-24 23:18:54 +05:30
Rony 5f8094d16f
fix 2020-05-24 23:14:43 +05:30
Alexandre Dulaunoy 313003ed65
Merge branch '3c7-secureworks_profiles' 2020-05-22 14:02:12 +02:00
Alexandre Dulaunoy b5bbc34f5d
chg: [threat-actor] remove the non-unique elements 2020-05-22 14:01:32 +02:00
Nils Kuhnert fbfe9d23c3
Merged (most) SecureWorks threat actor profiles && jq 2020-05-22 13:45:29 +02:00
iglocska dee9a56460
fix: small fixes to the bhadra framework 2020-05-19 16:45:40 +02:00
iglocska 43703f1a96
new: added Bhadra framework for mobile attacks
- based on the paper published here: https://arxiv.org/pdf/2005.05110.pdf
- thanks to the ATT&CK EU community conference speakers highlighting this framework!
2020-05-19 16:34:59 +02:00
Alexandre Dulaunoy 006b61bc44
Merge pull request #547 from Delta-Sierra/master
add Snake Ransomware
2020-05-15 17:55:47 +02:00
Deborah Servili b943a7daca
fix missing description 2020-05-15 09:00:34 +02:00
Deborah Servili 6d6da39da4
add Snake Ransomware 2020-05-13 11:58:33 +02:00
Alexandre Dulaunoy 82ae5cde81
Merge pull request #546 from danielplohmann/patch-29
msft name: BORON for APT3
2020-05-12 11:24:26 +02:00
Daniel Plohmann 5101c5a828
msft name: BORON for APT3
as per tweet: https://twitter.com/bkMSFT/status/1259578051962306562
2020-05-11 15:37:38 +02:00
Alexandre Dulaunoy 881a5664ac
Merge branch 'nyx0-master' 2020-05-11 10:20:35 +02:00
Alexandre Dulaunoy 09429eda5a
chg: [ta] fix the JSON 2020-05-11 10:20:10 +02:00
Thomas Dupuy fc9505cadf Add Sednit's Exploit-kit Sedkit 2020-05-08 13:29:14 -04:00
Thomas Dupuy 69fe870803 Add Higaisa Threat Actor 2020-05-08 13:01:48 -04:00
Alexandre Dulaunoy cb9bff18e8
Merge pull request #542 from Delta-Sierra/master
add speculoos bakdoor
2020-04-28 16:01:24 +02:00
Deborah Servili 1d331a9ab1
Merge branch 'master' into master 2020-04-28 15:19:38 +02:00
Alexandre Dulaunoy 3c2d863cbc
Merge pull request #541 from nyx0/master
Add DenesRAT/METALJACK
2020-04-28 09:20:48 +02:00
Thomas Dupuy 46a6d9fcb1 Add DenesRAT/METALJACK 2020-04-28 01:08:50 -04:00