MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity
2,249 Commits
6 Branches
46 Tags
42 MiB
Commit Graph

2249 Commits (7b242555dfbd0ee23ebfb91d93c295696bd19c1b)

Author SHA1 Message Date
Alexandre Dulaunoy 6d546eb025
Merge pull request #573 from rmkml/master 
add Conti Ransomware
 2020-08-17 15:46:06 +02:00
rmkml e02ac52566 add Conti Ransomware 2020-08-15 22:10:49 +02:00
Alexandre Dulaunoy d95000eca3
Merge pull request #572 from nyx0/main 
Few updates
 2020-08-15 11:37:43 +02:00
Thomas Dupuy 4009ef9997 Fix: remove comma 2020-08-14 13:01:37 -04:00
Thomas Dupuy d0c6b7b46d Update Tonto Team/CactusPete threat actor 2020-08-13 15:57:33 -04:00
Thomas Dupuy 72554ed71c Add Drovorub tool 2020-08-13 15:08:32 -04:00
Thomas Dupuy 4130d7c6fc Update TA APT40 2020-08-13 12:22:36 -04:00
Alexandre Dulaunoy cd6f019910
Merge pull request #571 from danielplohmann/patch-30 
adding Kaspersky's name for Microcin.
 2020-08-12 14:03:50 +02:00
Daniel Plohmann 8407b6fd28
Update threat-actor.json 
adding Kaspersky's name for Microcin.
 2020-08-12 12:03:28 +02:00
Alexandre Dulaunoy 552e86be4e
Merge pull request #570 from nyx0/master 
Add WellMess and WellMail
 2020-08-11 21:27:59 +02:00
Thomas Dupuy 9cadabba7a Add WellMess and WellMail 2020-08-11 12:37:28 -04:00
Alexandre Dulaunoy fef7cf4b4f
Merge pull request #569 from rmkml/master 
add Ragnarok Ransomware
 2020-08-05 10:39:52 +02:00
rmkml 3809b27b00 Merge branch 'master' of https://github.com/rmkml/misp-galaxy 2020-08-02 20:46:57 +02:00
rmkml 6d10e3a37d add Ragnarok Ransomware 2020-08-02 20:46:32 +02:00
rmkml eab9eaca8d add Ragnarok Ransomware 2020-08-02 20:13:30 +02:00
Alexandre Dulaunoy 8018417d97
Merge pull request #568 from Vasileios-Mavroeidis/patch-1 
Motive correction based on the EU Cert motive taxonomy
 2020-07-29 09:33:12 +02:00
Vasileios Mavroeidis 40d12b9dde
Motive correction based on the EU Cert motive taxonomy 
Changed the motive in object 29af2812-f7fb-4edb-8cc4-86d0d9e3644b from Hactivism-Nationalist to Hacktivists-Nationalists
 2020-07-28 11:43:46 +02:00
Alexandre Dulaunoy 44afaf2523
chg: [threat-actor] remove duplicate references 2020-07-27 09:57:41 +02:00
Alexandre Dulaunoy 9b3bbcde8d
Merge branch 'StefanKelm-master' into main 2020-07-27 09:46:57 +02:00
StefanKelm 86c54cbd8c
Update threat-actor.json 
OilRig
 2020-07-23 11:07:22 +02:00
Raphaël Vinot c174f613c5 fix: Name of SoD Matrix cluster to match galaxy. 
Fix #566
 2020-07-22 11:52:27 +02:00
Steve Clement df6bed3d3a
Merge pull request #563 from r0ny123/patch-1 2020-07-22 09:14:13 +09:00
Christophe Vandeplas e414569a0d
Merge pull request #564 from StefanKelm/master 
Update threat-actor.json
 2020-07-15 13:01:37 +02:00
StefanKelm 17a1feb016
Update threat-actor.json 
Turla
 2020-07-15 11:20:18 +02:00
Rony c33f4c7611
Update threat-actor.json 
Moved the JUDGMENT PANDA references to APT31 following the previous commit.
Off note, Crowdstrike quietly removed the JUDGMENT PANDA section from its GTR-2019 report. However if anyone wants to grab the unchanged report, they can get it [here](https://b-ok.asia/book/3697424/2ab30a).
 2020-07-12 12:57:24 +05:30
Rony b77b9d374c
Update threat-actor.json 2020-07-12 11:19:13 +05:30
Alexandre Dulaunoy 439993200d
Merge pull request #562 from cudeso/main 
SoD Matrix
 2020-07-11 08:42:19 +02:00
Koen Van Impe d3e22ef14c SoD Matrix 
Described at https://github.com/cudeso/SoD-Matrix
 2020-07-10 14:08:45 +02:00
Deborah Servili 84474ddb29 merge 2020-07-09 16:31:04 +02:00
Deborah Servili 865e76beae commit 2020-07-07 14:47:44 +02:00
Alexandre Dulaunoy ba46bb6a0b
chg: [threat-actor] fix #561 by using new meta to classify as a campaign only. 
Based on https://github.com/MISP/misp-galaxy/issues/469

There is an old and persistence issue in attribution world and basically no-one really agrees on this. So we decided to start a specific metadata `threat-actor-classification` on the threat-actor to define the various types per cluster entry:

- _operation_:
  - _A military operation is the coordinated military actions of a state, or a non-state actor, in response to a developing situation. These actions are designed as a military plan to resolve the situation in the state or actor's favor. Operations may be of a combat or non-combat nature and may be referred to by a code name for the purpose of national security. Military operations are often known for their more generally accepted common usage names than their actual operational objectives._ from Wikipedia
  - **In the context of MISP threat-actor name, it's a single specific operation.**
- _campaign_:
  - _The term military campaign applies to large scale, long duration, significant military strategy plans incorporating a series of inter-related military operations or battles forming a distinct part of a larger conflict often called a war. The term derives from the plain of Campania, a place of annual wartime operations by the armies of the Roman Republic._ from Wikipedia
  - **In the context of MISP threat-actor-name, it's long-term activity which might be composed of one or more operations.**
- threat-actor
  - **In the context of MISP threat-actor-name, it's an agreed name by a set of organisations.**
- activity group
  - **In the context of MISP threat-actor-name, it's a group defined by its set of common techniques or activities.**
- unknown
  - **In the context of MISP threat-actor-name, it's still not clear if it's an operation, campaign, threat-actor or activity group**

The meta field is an array to allow specific cluster of threat-actor to show the current disagreement between different organisations about the type (threat actor, activity group, campaign and operation).
 2020-07-07 09:13:21 +02:00
Raphaël Vinot 86a8f04be3 chg: Bump travis 2020-07-02 11:27:08 +02:00
Alexandre Dulaunoy 164e54c3fe
Merge branch 'master' of github.com:MISP/misp-galaxy 2020-07-02 09:55:42 +02:00
Alexandre Dulaunoy f59d831c91
Merge pull request #557 from r0ny123/patch-1 
Update threat-actor.json
 2020-06-27 00:06:02 +02:00
Alexandre Dulaunoy 312cba12f7
Merge pull request #559 from StefanKelm/master 
Update threat-actor.json
 2020-06-25 16:33:38 +02:00
StefanKelm 14665429d7
Update threat-actor.json 
APT31
 2020-06-25 16:23:00 +02:00
Alexandre Dulaunoy 5363e63cae
Merge pull request #558 from StefanKelm/master 
Update threat-actor.json
 2020-06-23 18:49:49 +02:00
StefanKelm 92bc206879
Update threat-actor.json 
APT30
 2020-06-23 14:54:09 +02:00
Rony bc97b07089
Update threat-actor.json 2020-06-21 19:19:17 +05:30
Alexandre Dulaunoy 2d1b05bcf9
Merge pull request #556 from StefanKelm/master 
Update threat-actor.json
 2020-06-17 12:28:13 +02:00
StefanKelm 583f1d2fc2
Update threat-actor.json 
TA505
 2020-06-17 11:56:29 +02:00
Alexandre Dulaunoy 8c3c224e6a
Merge branch 'r0ny123-master' 2020-06-12 09:26:51 +02:00
Alexandre Dulaunoy 0cb36249a4
chg: [jq] all the things 2020-06-12 09:26:30 +02:00
Rony 29be5ac7e1
fixed typo! 2020-06-12 00:09:59 +05:30
Rony 9365bfb7cd
Adding GALLIUM Threat Actor 2020-06-11 23:42:35 +05:30
Rony 01b03ca5b0
Merge pull request #1 from MISP/master 
update
 2020-06-11 21:48:52 +05:30
Alexandre Dulaunoy 7ade356d5b
Merge pull request #554 from StefanKelm/master 
Update threat-actor.json
 2020-06-08 15:09:09 +02:00
StefanKelm f042f98247
Update threat-actor.json 
Higaisa
 2020-06-08 14:09:39 +02:00
Alexandre Dulaunoy 1dd764160d
Merge pull request #553 from StefanKelm/master 
Update threat-actor.json
 2020-06-04 17:22:53 +02:00
StefanKelm 9c25d5e8c5
Update threat-actor.json 
Cycldek
 2020-06-04 17:18:45 +02:00