MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity
2,649 Commits
6 Branches
46 Tags
32 MiB
Commit Graph

674 Commits (65c9490b775ba95a505bdb7a94582dc9fb84ba70)

Author SHA1 Message Date
Rony d9b299aafc
add more HAFNIUM references 2021-03-05 11:42:04 +05:30
Rony c9f7afef1c
Adding alias NOBELIUM 2021-03-04 22:39:33 +05:30
Alexandre Dulaunoy 47dade9d0e
Merge pull request #631 from r0ny123/Enhancement 
Add HAFNIUM
 2021-03-04 14:48:01 +01:00
Rony ad795606cf
added HAFNIUM 
Updates:
Tonto Team
UNC2452
 2021-03-04 00:10:33 +05:30
Sebdraven 2666341afc Update threat-actor.json 
update Sidewinder card
 2021-03-03 17:59:25 +01:00
Thomas Dupuy f842694fda Update Infy TA. 2021-03-02 14:37:01 -05:00
Delta-Sierra d273a5da7d add TeamTNT ref 2021-02-25 09:52:24 +01:00
Rony 5c6f3a036b
removing DePrimon 
DePrimon is not a TA, added malfamily (waiting for approval) to Malpedia to better reflect that.
 2021-02-24 21:55:04 +05:30
Delta-Sierra 7c1ac58141 add TeamTNT 2021-02-22 16:38:18 +01:00
Delta-Sierra 96bf0d44ea Merge https://github.com/MISP/misp-galaxy 2021-02-09 14:52:58 +01:00
Daniel Plohmann d61e7d2fac
adding ClearSky alias for Volatile Cedar 
adding ClearSky report as source and alias to the VolatileCedar entry. As proof from the report: "We attributed the operation to Lebanese Cedar (also known as Volatile Cedar), mainly based on the code overlaps between the 2015 variants of Explosive RAT and Caterpillar WebShell, to the 2020 variants of these malicious  files."
 2021-01-29 10:39:18 +01:00
StefanKelm fb35646406
Update threat-actor.json 
Lazarus
 2021-01-26 14:38:37 +01:00
StefanKelm a131a7ce98
Update threat-actor.json 
Lazarus
 2021-01-20 17:43:18 +01:00
Alexandre Dulaunoy 3c19c7c1e5
Merge pull request #617 from danielplohmann/patch-4 
merge COVELLITE into Lazarus Group
 2021-01-17 16:05:13 +01:00
Daniel Plohmann ca66fcd93a
merge COVELLITE into Lazarus Group 
I would propose to move COVELLITE as tracked by Dragos as an alias into Lazarus Group and merge the references. 
Dragos' own description states that it refers to the same group as "Lazarus" and "Hidden Cobra" in that infrastructure and tools are the same: https://www.dragos.com/threat-activity-groups/ - the entry in MISP's threat actor library also reflects that.
 2021-01-17 15:07:26 +01:00
Rony 91e87cf82c
Update threat-actor.json 
Don't know how StarCraft
 2021-01-17 12:21:34 +05:30
Daniel Plohmann edcc3c0bc1
merging ScarCruft->APT37 
I would like to propose merging entry "ScarCruft" into "APT37". It really just seems like a redundancy, as both its aliases "Operation Daybreak" and "Operation Erebus" are already present for "APT37", along alias "StarCruft", which just seems to be a less popular variation of the name ("StarCruft" 3.2k google hits vs "ScarCruft" 31.5k google hits). The references of the entry can be fully merged as well - they do not overlap so far.
 2021-01-15 18:52:49 +01:00
Delta-Sierra a6f7795952 fix merge 2021-01-12 10:38:33 +01:00
Alexandre Dulaunoy 2b356a9eb0
chg: [threat-actor] UNC2452/DarkHalo added - ref. #614 2021-01-12 07:01:36 +01:00
Rony 3240aa819f
Update threat-actor.json 2020-12-14 11:54:41 +05:30
Rony 2ffb77b35b
BISMUTH 2020-12-14 10:41:15 +05:30
Delta-Sierra 31f96513b2 update sidewinder threat actor 2020-12-11 16:09:33 +01:00
StefanKelm 5dc92995f6
Update threat-actor.json 
DeathStalker, Mabna
 2020-12-04 11:43:06 +01:00
StefanKelm 4fee985b5e
Update threat-actor.json 
Turla
 2020-12-03 13:05:14 +01:00
StefanKelm 72e085aba9
Update threat-actor.json 
OceanLotus
 2020-12-02 11:44:29 +01:00
StefanKelm 15b5f4c881
Update threat-actor.json 
APT27
 2020-11-30 11:49:23 +01:00
StefanKelm da910c0c2e
Update threat-actor.json 2020-11-18 19:15:11 +01:00
StefanKelm 48ffaa8ce1
Update threat-actor.json 
Lazarus
 2020-11-18 12:10:23 +01:00
StefanKelm bf5bdeacb0
Update threat-actor.json 
OceanLotus
 2020-11-09 14:39:55 +01:00
StefanKelm 41a7a36317
Update threat-actor.json 
Kimsuky
 2020-11-02 17:30:25 +01:00
Rony 333e55fbeb
remove duplicate! 2020-11-02 14:18:49 +05:30
Rony 000cfa68a8
Update threat-actor.json 
Added TRACER KITTEN, FIN11, UNC1878, Operation Skeleton Key
 2020-11-02 13:51:08 +05:30
Deborah Servili 28784683db
Merge branch 'main' into master 2020-10-30 16:17:27 +01:00
Alexandre Dulaunoy 24f05749f0
Merge branch 'master' of https://github.com/enhanced/misp-galaxy into enhanced-master 2020-10-30 09:47:45 +01:00
JJ Cummings c48a38c2f1
Added a new cryptominer galaxy and additional missing recent families to various clusters 2020-10-29 14:40:22 -06:00
StefanKelm 808c2c3828
Update threat-actor.json 
Kimsuky
 2020-10-28 12:52:06 +01:00
Daniel Plohmann 02bcf1f5a7
adding PowerPool alias IAmTheKing (Kaspersky) 
after a quick search I haven't found a nice source except for costin's tweet.
 2020-10-09 13:49:16 +02:00
StefanKelm 7bab41e367
Update threat-actor.json 
TA505
 2020-10-06 15:29:54 +02:00
StefanKelm 1d05f17507
Update threat-actor.json 
XDSpy
 2020-10-06 12:45:43 +02:00
StefanKelm 18eebc01f6
Lazarus 2020-09-29 12:02:16 +02:00
Bart 2b51f7b6de
Update threat-actor.json 
Add Machete alias
 2020-09-27 18:37:24 +02:00
StefanKelm e95fbb571d
Update threat-actor.json 
GADOLINIUM
 2020-09-25 11:52:34 +02:00
StefanKelm 3ad3d5f318
Update threat-actor.json 
APT28
 2020-09-22 18:07:33 +02:00
Deborah Servili 4f3b6945c0 Merge https://github.com/MISP/misp-galaxy 2020-09-22 12:17:42 +02:00
Rony d1c70b3d80
FBI FLASH AC-000133-TT 2020-09-17 11:05:00 +05:30
Rony 4d4a462d7a
Update threat-actor.json 
Adding Fox-Kitten and cleaned (or improved) winnti
 2020-09-17 00:07:40 +05:30
Deborah Servili 0fe525a9db Merge https://github.com/MISP/misp-galaxy 2020-09-16 10:22:38 +02:00
Deborah Servili 00b5d0d116 add refs 2020-09-16 10:08:31 +02:00
Daniel Plohmann (jupiter) 7b00674c77 Adding TA413 and Evilnum 2020-09-15 14:19:22 +02:00
StefanKelm 63030f2cfe
Update threat-actor.json 
APT33
 2020-09-14 12:01:53 +02:00
StefanKelm 3cc3cc461a
Update threat-actor.json 
STRONTIUM
 2020-09-11 11:38:06 +02:00
StefanKelm 57a31fd60c
Update threat-actor.json 
Lazarus, FIN7
 2020-09-03 14:44:10 +02:00
StefanKelm 503d421a56
Update threat-actor.json 
TA542
 2020-08-31 15:07:13 +02:00
Thomas Dupuy d0c6b7b46d Update Tonto Team/CactusPete threat actor 2020-08-13 15:57:33 -04:00
Thomas Dupuy 4130d7c6fc Update TA APT40 2020-08-13 12:22:36 -04:00
Daniel Plohmann 8407b6fd28
Update threat-actor.json 
adding Kaspersky's name for Microcin.
 2020-08-12 12:03:28 +02:00
Vasileios Mavroeidis 40d12b9dde
Motive correction based on the EU Cert motive taxonomy 
Changed the motive in object 29af2812-f7fb-4edb-8cc4-86d0d9e3644b from Hactivism-Nationalist to Hacktivists-Nationalists
 2020-07-28 11:43:46 +02:00
Alexandre Dulaunoy 44afaf2523
chg: [threat-actor] remove duplicate references 2020-07-27 09:57:41 +02:00
StefanKelm 86c54cbd8c
Update threat-actor.json 
OilRig
 2020-07-23 11:07:22 +02:00
Steve Clement df6bed3d3a
Merge pull request #563 from r0ny123/patch-1 2020-07-22 09:14:13 +09:00
StefanKelm 17a1feb016
Update threat-actor.json 
Turla
 2020-07-15 11:20:18 +02:00
Rony c33f4c7611
Update threat-actor.json 
Moved the JUDGMENT PANDA references to APT31 following the previous commit.
Off note, Crowdstrike quietly removed the JUDGMENT PANDA section from its GTR-2019 report. However if anyone wants to grab the unchanged report, they can get it [here](https://b-ok.asia/book/3697424/2ab30a).
 2020-07-12 12:57:24 +05:30
Rony b77b9d374c
Update threat-actor.json 2020-07-12 11:19:13 +05:30
Deborah Servili 84474ddb29 merge 2020-07-09 16:31:04 +02:00
Deborah Servili 865e76beae commit 2020-07-07 14:47:44 +02:00
Alexandre Dulaunoy ba46bb6a0b
chg: [threat-actor] fix #561 by using new meta to classify as a campaign only. 
Based on https://github.com/MISP/misp-galaxy/issues/469

There is an old and persistence issue in attribution world and basically no-one really agrees on this. So we decided to start a specific metadata `threat-actor-classification` on the threat-actor to define the various types per cluster entry:

- _operation_:
  - _A military operation is the coordinated military actions of a state, or a non-state actor, in response to a developing situation. These actions are designed as a military plan to resolve the situation in the state or actor's favor. Operations may be of a combat or non-combat nature and may be referred to by a code name for the purpose of national security. Military operations are often known for their more generally accepted common usage names than their actual operational objectives._ from Wikipedia
  - **In the context of MISP threat-actor name, it's a single specific operation.**
- _campaign_:
  - _The term military campaign applies to large scale, long duration, significant military strategy plans incorporating a series of inter-related military operations or battles forming a distinct part of a larger conflict often called a war. The term derives from the plain of Campania, a place of annual wartime operations by the armies of the Roman Republic._ from Wikipedia
  - **In the context of MISP threat-actor-name, it's long-term activity which might be composed of one or more operations.**
- threat-actor
  - **In the context of MISP threat-actor-name, it's an agreed name by a set of organisations.**
- activity group
  - **In the context of MISP threat-actor-name, it's a group defined by its set of common techniques or activities.**
- unknown
  - **In the context of MISP threat-actor-name, it's still not clear if it's an operation, campaign, threat-actor or activity group**

The meta field is an array to allow specific cluster of threat-actor to show the current disagreement between different organisations about the type (threat actor, activity group, campaign and operation).
 2020-07-07 09:13:21 +02:00
Alexandre Dulaunoy 164e54c3fe
Merge branch 'master' of github.com:MISP/misp-galaxy 2020-07-02 09:55:42 +02:00
StefanKelm 14665429d7
Update threat-actor.json 
APT31
 2020-06-25 16:23:00 +02:00
StefanKelm 92bc206879
Update threat-actor.json 
APT30
 2020-06-23 14:54:09 +02:00
Rony bc97b07089
Update threat-actor.json 2020-06-21 19:19:17 +05:30
StefanKelm 583f1d2fc2
Update threat-actor.json 
TA505
 2020-06-17 11:56:29 +02:00
Alexandre Dulaunoy 0cb36249a4
chg: [jq] all the things 2020-06-12 09:26:30 +02:00
Rony 29be5ac7e1
fixed typo! 2020-06-12 00:09:59 +05:30
Rony 9365bfb7cd
Adding GALLIUM Threat Actor 2020-06-11 23:42:35 +05:30
StefanKelm f042f98247
Update threat-actor.json 
Higaisa
 2020-06-08 14:09:39 +02:00
StefanKelm 9c25d5e8c5
Update threat-actor.json 
Cycldek
 2020-06-04 17:18:45 +02:00
Daniel Plohmann (jupiter) a705d1402f fixing deadlinks where possible 2020-05-27 09:49:58 +02:00
Daniel Plohmann (jupiter) 171f272a1e default to HTTPS to be consistent with other links to same page 2020-05-27 09:27:52 +02:00
Alexandre Dulaunoy 8a0a4cb02d
Merge pull request #551 from nyx0/master 
Add CrackMapExec, metasploit, Cobalt Strike and Covenant
 2020-05-27 09:10:08 +02:00
Thomas Dupuy 291fb41502 Remove duplicate TA (Chafer), fix symantec link, add synonyme for DarkHotel 2020-05-26 09:50:43 -04:00
Rony fbd351590a
Update threat-actor.json 2020-05-24 23:18:54 +05:30
Rony 5f8094d16f
fix 2020-05-24 23:14:43 +05:30
Alexandre Dulaunoy b5bbc34f5d
chg: [threat-actor] remove the non-unique elements 2020-05-22 14:01:32 +02:00
Nils Kuhnert fbfe9d23c3
Merged (most) SecureWorks threat actor profiles && jq 2020-05-22 13:45:29 +02:00
Daniel Plohmann 5101c5a828
msft name: BORON for APT3 
as per tweet: https://twitter.com/bkMSFT/status/1259578051962306562
 2020-05-11 15:37:38 +02:00
Alexandre Dulaunoy 09429eda5a
chg: [ta] fix the JSON 2020-05-11 10:20:10 +02:00
Thomas Dupuy 69fe870803 Add Higaisa Threat Actor 2020-05-08 13:01:48 -04:00
Deborah Servili 1d331a9ab1
Merge branch 'master' into master 2020-04-28 15:19:38 +02:00
Alexandre Dulaunoy 2a70893352
chg: [jq] JSON fixed 2020-04-27 15:03:25 +02:00
de Rosen a428ad565e Added misp info 2020-04-27 15:16:33 +03:00
Deborah Servili f6fd07fbc9
add speculoos bakdoor 2020-04-27 09:36:23 +02:00
Alexandre Dulaunoy 86157a6b96
Merge pull request #539 from r0ny123/MergingTA 
Adding alias Thallium and merging STOLEN PENCIL
 2020-04-26 21:16:56 +02:00
Rony 112f9e4a08
Adding alias Thallium and merging STOLEN PENCIL 
Pretty much confirmed from the crowdstrike talk at ATT&CKon 2.0.
And also Netscout named the campaign as STOLEN PENCIL.
 2020-04-26 23:47:37 +05:30
Alexandre Dulaunoy de71a444f8
chg: [json] add missing comma 2020-04-26 14:23:59 +02:00
rvs1st d449eb94fc
Update threat-actor.json 
Added on line 1403: Trident per campaign malicious RTF documents to exploit CVE-2017-11882 and CVE-2012-0158
 2020-04-24 09:03:58 -05:00
Alexandre Dulaunoy 4234d44052
Merge pull request #537 from danielplohmann/patch-28 
Adding Nazar APT as described by JAGS in his OPCDE talk yesterday.
 2020-04-24 15:33:47 +02:00
Daniel Plohmann 858621ebdc
Adding Nazar APT as described by JAGS in his OPCDE talk yesterday. 2020-04-23 15:47:35 +02:00
Daniel Plohmann b0f0bbae33
adding VOYEUR as alias (used by NSA) for MAGIC KITTEN (source reference included) 2020-04-23 14:52:08 +02:00
Deborah Servili 6b49d81b13 Merge branch 'master' of https://github.com/MISP/misp-galaxy 2020-04-23 10:06:04 +02:00
itayc0hen 667d5b8850 Add ItaDuke/DarkUniverse actor 2020-04-22 19:44:38 +03:00
pnx@pyrite 974ece3a7c adding FIN1 2020-04-20 14:20:22 +02:00
Rony aa34775390
typo 
thanks to @patricksvgr
 2020-04-19 23:17:44 +05:30
Rony ddfa280672
Update threat-actor.json 2020-04-19 23:06:57 +05:30
Rony 7ac2648dbc
more fix 2020-04-19 23:00:42 +05:30
Rony 573b4807ee
fix broken links 2020-04-19 16:03:21 +05:30
Rony 42a4820823
dead link 2020-04-19 11:45:45 +05:30
Rony 0aa34187e9
add link 2020-04-19 11:29:36 +05:30
Rony d6bf42254f
Merging APT23 & Tropic Trooper 2020-04-18 13:22:25 +05:30
Rony c161080175
Update threat-actor.json 2020-04-15 21:36:48 +05:30
Deborah Servili e8edc9cafc Merge branch 'master' of https://github.com/MISP/misp-galaxy 2020-04-15 11:27:01 +02:00
Deborah Servili b01e64eb1f
add Operation Shadow Forece 2020-04-08 14:53:19 +02:00
Daniel Plohmann aba625dee5
removed duplicate entry 2020-04-07 08:49:33 +02:00
Daniel Plohmann e15a4a6525
fixing/removing some more dead links 2020-04-06 15:25:22 +02:00
Alexandre Dulaunoy e37f320df5
Merge pull request #523 from danielplohmann/patch-24 
adding aliases MERCURY, HOLMIUM
 2020-03-09 21:56:27 +01:00
Daniel Plohmann ab49ef3c1a
Kimsuki -> Black Banshee 
PWC refers to Kimsuki as Black Banshee (https://www.pwc.co.uk/issues/cyber-security-data-privacy/research/tracking-kimsuky-north-korea-based-cyber-espionage-group-part-2.html)
 2020-03-09 18:20:56 +01:00
Daniel Plohmann 1260ab156a
adding aliases MERCURY, HOLMIUM 
Muddywater->MERCURY: https://twitter.com/moranned/status/1234071210822184960
APT33->HOLMIUM: https://www.zdnet.com/article/microsoft-notified-10000-victims-of-nation-state-attacks/
 2020-03-09 08:50:08 +01:00
Alexandre Dulaunoy 4a64d0a4ad
Merge pull request #519 from danielplohmann/crowdstrike2020report 
adding new/updated threat actor names from CrowdStrike 2020 report
 2020-03-05 09:07:16 +01:00
Daniel Plohmann (jupiter) 0c2b0b76eb while we are at it, we can also do Longhorn = APT-C-39 2020-03-04 21:09:06 +01:00
Daniel Plohmann (jupiter) 184f193342 IMPERIAL KITTEN as alias for Tortoiseshell 2020-03-04 19:39:14 +01:00
pnx@pyrite 3dc460e795 adding new/updated threat actor names from CrowdStrike 2020 report 2020-03-04 13:36:34 +01:00
Daniel Plohmann dc059d1f4d
Accenture calls APT32 - "POND LOACH" 2020-03-03 19:40:50 +01:00
Alexandre Dulaunoy b4b91b1e5d
chg: [threat-actor] JSON fixed 2020-02-28 16:37:24 +01:00
Thomas Dupuy 0daeb675f5 Add InvisiMole cluster 2020-02-18 13:28:32 -05:00
Daniel Plohmann e481e9bb50
adding APT-C-12 2020-02-13 17:44:45 +01:00
Rony 22c9badee0
Update threat-actor.json 
those are the name of aliases of the same malware family sykipot. so removing it.
 2020-02-05 18:00:31 +05:30
Deborah Servili 5da17d51aa
Merge branch 'master' into master 2020-01-24 09:33:33 +01:00
Deborah Servili 606e3ec90f
jq 2020-01-24 09:32:09 +01:00
Deborah Servili 58415324c5
add Operation Wocao 2020-01-24 08:27:20 +01:00
Thomas Dupuy edc5196373 Add Attor and DePriMon 2020-01-23 11:27:00 -05:00
Daniel Plohmann ccfe5ee130
removing and fixing deadlinks in the best possible way 
Hi! While migrating Malpedia to our new reference data format, we noticed a few potentially dead/moved references in your cluster. This pull request should fix most of them, for some I was not able to find an appropriate replacement.
 2020-01-23 11:14:20 +01:00
Daniel Plohmann 29a128da6f
adding references and TEMP.MixMaster as alias for WIZARD SPIDER 
with kudos to @tbarabosch
 2020-01-22 15:42:01 +01:00
Alexandre Dulaunoy dbaab413b6
chg: [threat-actor] typo fixed 2020-01-18 17:30:27 +01:00
Alexandre Dulaunoy 564f27c5ca
chg: [threat-actor] format fixed 2020-01-18 17:26:45 +01:00
Alexandre Dulaunoy 34c5c66279
chg: [threat-actor] fix order 2020-01-18 17:08:32 +01:00
Alexandre Dulaunoy 8eeceafc51
chg: [threat-actor] Budminer APT added based on document from "Soesanto, Stefan" 
Ref: https://www.research-collection.ethz.ch/bitstream/handle/20.500.11850/389371/1/Cyber-Reports-2020-01-A-one-sided-Affair.pdf
Ref: https://www.symantec.com/connect/blogs/taiwan-targeted-new-cyberespionage-back-door-trojan
 2020-01-18 17:02:44 +01:00
Alexandre Dulaunoy 5da0c7bd54
chg: [threat-actor] SideWinder APT group added 2020-01-07 10:42:07 +01:00
StefanKelm 9b6f9136f9
Update threat-actor.json 2020-01-03 12:50:49 +01:00
StefanKelm 9373cfcb53
Update threat-actor.json 
BRONZE PRESIDENT
 2020-01-03 12:42:57 +01:00
Rony 6b1142abac
Update threat-actor.json 2019-12-23 22:05:28 +05:30
Bart 8ebb2e2d16
Update threat-actor.json 
Adds Operation Wocao..
 2019-12-19 21:42:02 +01:00
Alexandre Dulaunoy 9f56a91013
Merge pull request #492 from Delta-Sierra/master 
Operation Soft Cell ralated Updates
 2019-12-13 13:35:52 +01:00
Deborah Servili 03c54a3e05
add GALLIUM as microsoft activities group and similar to Operation Soft Cell 2019-12-13 11:47:31 +01:00
Deborah Servili 3be47af325
update threat actor version 2019-12-13 11:04:51 +01:00
Deborah Servili 9b153913be
add relation suspected link between operation soft cell and apt10 2019-12-13 10:59:06 +01:00
Sebastian Wagner c3b5b39dd3
sofacy: add apt_sofacy as synonym 2019-12-12 15:57:13 +01:00
Deborah Servili 170f964e8c
##COMMA## 2019-12-11 14:22:09 +01:00
Deborah Servili 7e18f2e509
Merge branch 'master' into master 2019-12-11 13:51:52 +01:00
Deborah Servili 391b5a674d
add Axiom synonym 2019-12-11 13:50:35 +01:00
Alexandre Dulaunoy 8da36c09e1
chg: [threat-actor] jq 2019-12-08 09:03:14 +01:00
Daniel Plohmann 94b3c1ec07
added APT-C-34 / Golden Falcon 2019-12-07 12:44:30 +01:00
Deborah Servili 31f3a61d5f
add Sofacy ref 2019-12-05 15:42:42 +01:00
Daniel Plohmann bd3cc6d8ee
added TA2101 2019-12-03 18:13:44 +01:00
Alexandre Dulaunoy 8cc5e02f22
chg: [clean-up] jq all the things 2019-11-21 17:19:39 +01:00
Deborah Servili 38641aae36
merge 2019-11-21 16:24:11 +01:00
Deborah Servili f21dd95b28
merge 2019-11-21 16:23:29 +01:00
Deborah Servili 1a0dd2292b
add silence synonym & new meta field spoken-language 2019-11-21 11:50:02 +01:00
StefanKelm aa132ca58f
new refs for APT33 2019-11-14 14:57:05 +01:00
Alexandre Dulaunoy eea0f528fa
chg: [threat-actor] Lucky Mouse synonym added 
Ref: https://www.bleepingcomputer.com/news/security/cyber-espionage-group-customizes-old-public-tools/
Ref: https://www.cybersecurity-insiders.com/apt-lucky-mouse-group-targets-canada-icao-via-cyber-attack/
 2019-11-12 12:51:44 +01:00
Raphaël Vinot 1486890f86 fix: JQ all the things. 2019-11-12 10:25:00 +01:00
Alexandre Dulaunoy 871d90cfc2
chg: [threat-actor] Calypso group added 
Ref: https://www.ptsecurity.com/upload/corporate/ru-ru/analytics/calypso-apt-2019-rus.pdf
MISP UUID: 5ca4718b-7f38-4822-83b7-0a1a0a00b412
 2019-11-11 13:34:54 +01:00
Alexandre Dulaunoy d9a64c18ff
chg: [threat-actor] threat-actor-classification updated 2019-11-04 09:37:52 +01:00
Alexandre Dulaunoy 6f463325b9
chg: [threat-actor] jq is jq 2019-11-03 16:01:09 +01:00
Alexandre Dulaunoy 64a3569803
Merge branch 'master' of github.com:MISP/misp-galaxy 2019-11-03 08:52:37 +01:00
Alexandre Dulaunoy 8d01e77574
chg: [threat-actor] Operation WizardOpium added 
ref: https://securelist.com/chrome-0-day-exploit-cve-2019-13720-used-in-operation-wizardopium/94866/
 2019-11-03 08:51:37 +01:00
Alexandre Dulaunoy 346e54a321
Merge pull request #468 from Delta-Sierra/master 
add Turla Group Symonym variant
 2019-11-02 13:40:21 +01:00
Deborah Servili 1da2dc8af1
add Turla Group Symonym variant 2019-10-31 16:33:32 +01:00
Deborah Servili efa2f43c0f
Merge pull request #467 from Delta-Sierra/master 
Few updates
 2019-10-31 14:31:16 +01:00
Deborah Servili bee9b80898
jq 2019-10-31 10:37:36 +01:00
Deborah Servili 0a8f989e1c
add Winnti related tools etc. 2019-10-31 10:36:15 +01:00
Rony 1fc0f5e2e7
Update threat-actor.json 2019-10-17 09:46:56 +05:30
Deborah Servili 88025a541f
add operation soft cell 2019-10-14 16:07:35 +02:00
Deborah Servili a4b59f647c
jq 2019-09-25 13:41:55 +02:00
Alexandre Dulaunoy 309109eb27
chg: [threat-actor] new LookBack (Malware?Campaign?TA?) 
Signed-off: During MISP training
 2019-09-25 12:12:34 +02:00
Alexandre Dulaunoy a5ae130916
chg: [threat-actor] Evil Eye and POISON CARP 
Ref: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/
Signed-off: Jean-Louis during training session
 2019-09-25 11:27:03 +02:00
Deborah Servili 638cdd4198
version update 2019-09-20 14:54:56 +02:00
Deborah Servili b9b4b9c651
Add Tortoiseshell thrat actor 2019-09-20 14:53:25 +02:00
StefanKelm db2b5a13ef
Update threat-actor.json 
Silent Librarian
 2019-09-12 11:57:03 +02:00
Deborah Servili 718ea55dd7
Merge branch 'master' into master 2019-09-04 14:42:47 +02:00
Deborah Servili 9e3a998dfc
aff SectorJ04 group 2019-09-03 15:51:21 +02:00
Daniel Plohmann f40b7dd132
'SectorJ04 Group' as alias introduced by NSHC for TA505 
Not explicitly mentioned in the blog post but it looks like we just got an alias for TA505... https://threatrecon.nshc.net/2019/08/29/sectorj04-groups-increased-activity-in-2019/
 2019-09-01 15:46:36 +02:00
Alexandre Dulaunoy 0966e58da6
Merge branch 'master' of github.com:MISP/misp-galaxy 2019-08-30 11:06:29 +02:00
Alexandre Dulaunoy f5056ff02e
chg: [threat-actor] add machete-apt synonyms as reported in #445 2019-08-30 11:03:30 +02:00
StefanKelm 49f8f60a85
Update threat-actor.json 
Add ITG08 as synonym for FIN6
 2019-08-29 13:13:00 +02:00
Alexandre Dulaunoy 8d78a2a108
chg: [threat-actor] jq all 2019-08-29 08:31:10 +02:00
Alexandre Dulaunoy 791c88f2eb
Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master 2019-08-29 08:30:41 +02:00
Deborah Servili 395dd93e0f
add Asruex Backdoor 2019-08-28 15:40:03 +02:00
Alexandre Dulaunoy 9926ea8826
chg: [threat-actor] LYCEUM added - 443 #fixed 2019-08-28 14:35:12 +02:00
Deborah Servili ea68336b96
add ref for Gamaredon 2019-08-27 08:28:58 +02:00
Sebastian Wagner 38aebbf42a
remove empty strings 2019-08-19 17:04:07 +02:00
Alexandre Dulaunoy 3841447e16
Merge pull request #434 from r0ny123/patch-1 
added microsoft naming for the groups
 2019-08-10 18:52:26 +02:00
Thomas Dupuy df5c9057a1 add synonyme for Turla 2019-08-09 17:34:22 -04:00
Rony feac39db6b
added microsoft naming for the groups 2019-08-09 22:19:09 +05:30
Thomas Dupuy 320e298549 update victims 2019-08-09 10:45:10 -04:00
Thomas Dupuy 1988662ee5 add APT41 2019-08-09 10:24:06 -04:00
Nils Kuhnert 17925f3e10
Remove local file link :) 2019-08-03 18:55:00 +02:00
Alexandre Dulaunoy 7913adad61
chg: [threat-actor] rollback as discussed by chat with Andras until version 2.0 2019-08-02 16:08:40 +02:00
Andras Iklody 984be50396
lowercased value field for DarkHotel 2019-08-02 15:40:31 +02:00
Alexandre Dulaunoy a401ff7405
Merge branch 'master' into patch-13 2019-08-01 08:52:27 +02:00
Daniel Plohmann 0367e16ce0
adding secureworks actor names for energetic bear and teamspy 2019-07-31 14:35:09 +02:00
Daniel Plohmann a4a72d0698
adding Proofpoint's TA428 2019-07-31 14:08:50 +02:00