Commit Graph

2366 Commits (ab41df728239536ae169e31171ae8185139b5bf1)

Author SHA1 Message Date
Daniel Plohmann (jupiter) 7b00674c77 Adding TA413 and Evilnum 2020-09-15 14:19:22 +02:00
Alexandre Dulaunoy ee968d7715
Merge pull request #578 from StefanKelm/master
Update threat-actor.json
2020-09-14 14:11:08 +02:00
StefanKelm 63030f2cfe
Update threat-actor.json
APT33
2020-09-14 12:01:53 +02:00
Alexandre Dulaunoy d760f3b2d1
Merge pull request #577 from StefanKelm/master
Update threat-actor.json
2020-09-11 13:17:08 +02:00
StefanKelm 3cc3cc461a
Update threat-actor.json
STRONTIUM
2020-09-11 11:38:06 +02:00
Raphaël Vinot 405d5f1fe9 fix: Sort keys, fix tests 2020-09-08 10:51:24 +02:00
Alexandre Dulaunoy 9e519962c6
chg: [botnet] Katura mess added 2020-09-07 12:41:39 +02:00
Alexandre Dulaunoy 131e19935f
Merge pull request #576 from StefanKelm/master
Update threat-actor.json
2020-09-03 16:45:37 +02:00
StefanKelm 57a31fd60c
Update threat-actor.json
Lazarus, FIN7
2020-09-03 14:44:10 +02:00
Alexandre Dulaunoy 4d35ede23c
Merge pull request #575 from StefanKelm/master
Update threat-actor.json
2020-08-31 15:36:08 +02:00
StefanKelm 503d421a56
Update threat-actor.json
TA542
2020-08-31 15:07:13 +02:00
Alexandre Dulaunoy 6bb0f74b97
chg: [galaxy] fix the name to China Defence Universities Tracker 2020-08-24 09:57:28 +02:00
Alexandre Dulaunoy a0fd1a2bc5
Merge pull request #574 from VVX7/main
new: [dev] add ASPI's China Defence University Tracker.
2020-08-23 10:12:02 +02:00
VVX7 4635146b00 chg: [dev] jq 2020-08-22 13:06:42 -04:00
VVX7 5e54fc2022 chg: [dev] gen_defence_university.py no longer outputs empty strings, lists 2020-08-22 13:01:20 -04:00
VVX7 1cddf4b7cd new: [dev] fix empty strings, lists 2020-08-22 12:59:05 -04:00
VVX7 b4c3ffc8eb new: [dev] add ASPI's China Defence University Tracker.
Thanks to Cormac Doherty for writing the web scraper! To update the galaxy run the included gen_defence_university.py script.

"The China Defence Universities Tracker is a database of Chinese institutions engaged in military or security-related science and technology research. It was created by ASPI’s International Cyber Policy Centre.

It includes entries on nearly 100 civilian universities, 50 People’s Liberation Army institutions, China’s nuclear weapons program, three Ministry of State Security institutions, four Ministry of Public Security universities, and 12 state-owned defence industry conglomerates.

The Tracker is a tool to inform universities, governments and scholars as they engage with the entities from the People’s Republic of China. It aims to build understanding of the expansion of military-civil fusion—the Chinese government’s policy of integrating military and civilian efforts—into the education sector.

The Tracker should be used to inform due diligence of Chinese institutions. However, the fact that an institution is not included here does not indicate that it should not raise risks or is not involved in defence research. Similarly, entries in the database may not reflect the full range and nature of an institution’s defence and security links." - ASPI (https://unitracker.aspi.org.au/about/)
2020-08-21 11:24:22 -04:00
Alexandre Dulaunoy 6d546eb025
Merge pull request #573 from rmkml/master
add Conti Ransomware
2020-08-17 15:46:06 +02:00
rmkml e02ac52566 add Conti Ransomware 2020-08-15 22:10:49 +02:00
Alexandre Dulaunoy d95000eca3
Merge pull request #572 from nyx0/main
Few updates
2020-08-15 11:37:43 +02:00
Thomas Dupuy 4009ef9997 Fix: remove comma 2020-08-14 13:01:37 -04:00
Thomas Dupuy d0c6b7b46d Update Tonto Team/CactusPete threat actor 2020-08-13 15:57:33 -04:00
Thomas Dupuy 72554ed71c Add Drovorub tool 2020-08-13 15:08:32 -04:00
Thomas Dupuy 4130d7c6fc Update TA APT40 2020-08-13 12:22:36 -04:00
Alexandre Dulaunoy cd6f019910
Merge pull request #571 from danielplohmann/patch-30
adding Kaspersky's name for Microcin.
2020-08-12 14:03:50 +02:00
Daniel Plohmann 8407b6fd28
Update threat-actor.json
adding Kaspersky's name for Microcin.
2020-08-12 12:03:28 +02:00
Alexandre Dulaunoy 552e86be4e
Merge pull request #570 from nyx0/master
Add WellMess and WellMail
2020-08-11 21:27:59 +02:00
Thomas Dupuy 9cadabba7a Add WellMess and WellMail 2020-08-11 12:37:28 -04:00
Alexandre Dulaunoy fef7cf4b4f
Merge pull request #569 from rmkml/master
add Ragnarok Ransomware
2020-08-05 10:39:52 +02:00
rmkml 3809b27b00 Merge branch 'master' of https://github.com/rmkml/misp-galaxy 2020-08-02 20:46:57 +02:00
rmkml 6d10e3a37d add Ragnarok Ransomware 2020-08-02 20:46:32 +02:00
rmkml eab9eaca8d add Ragnarok Ransomware 2020-08-02 20:13:30 +02:00
Alexandre Dulaunoy 8018417d97
Merge pull request #568 from Vasileios-Mavroeidis/patch-1
Motive correction based on the EU Cert motive taxonomy
2020-07-29 09:33:12 +02:00
Vasileios Mavroeidis 40d12b9dde
Motive correction based on the EU Cert motive taxonomy
Changed the motive in object 29af2812-f7fb-4edb-8cc4-86d0d9e3644b from Hactivism-Nationalist to Hacktivists-Nationalists
2020-07-28 11:43:46 +02:00
Alexandre Dulaunoy 44afaf2523
chg: [threat-actor] remove duplicate references 2020-07-27 09:57:41 +02:00
Alexandre Dulaunoy 9b3bbcde8d
Merge branch 'StefanKelm-master' into main 2020-07-27 09:46:57 +02:00
StefanKelm 86c54cbd8c
Update threat-actor.json
OilRig
2020-07-23 11:07:22 +02:00
Raphaël Vinot c174f613c5 fix: Name of SoD Matrix cluster to match galaxy.
Fix #566
2020-07-22 11:52:27 +02:00
Steve Clement df6bed3d3a
Merge pull request #563 from r0ny123/patch-1 2020-07-22 09:14:13 +09:00
Christophe Vandeplas e414569a0d
Merge pull request #564 from StefanKelm/master
Update threat-actor.json
2020-07-15 13:01:37 +02:00
StefanKelm 17a1feb016
Update threat-actor.json
Turla
2020-07-15 11:20:18 +02:00
Rony c33f4c7611
Update threat-actor.json
Moved the JUDGMENT PANDA references to APT31 following the previous commit.
Off note, Crowdstrike quietly removed the JUDGMENT PANDA section from its GTR-2019 report. However if anyone wants to grab the unchanged report, they can get it [here](https://b-ok.asia/book/3697424/2ab30a).
2020-07-12 12:57:24 +05:30
Rony b77b9d374c
Update threat-actor.json 2020-07-12 11:19:13 +05:30
Alexandre Dulaunoy 439993200d
Merge pull request #562 from cudeso/main
SoD Matrix
2020-07-11 08:42:19 +02:00
Koen Van Impe d3e22ef14c SoD Matrix
Described at https://github.com/cudeso/SoD-Matrix
2020-07-10 14:08:45 +02:00
Deborah Servili 84474ddb29 merge 2020-07-09 16:31:04 +02:00
Deborah Servili 865e76beae commit 2020-07-07 14:47:44 +02:00
Alexandre Dulaunoy ba46bb6a0b
chg: [threat-actor] fix #561 by using new meta to classify as a campaign only.
Based on https://github.com/MISP/misp-galaxy/issues/469

There is an old and persistence issue in attribution world and basically no-one really agrees on this. So we decided to start a specific metadata `threat-actor-classification` on the threat-actor to define the various types per cluster entry:

- _operation_:
  - _A military operation is the coordinated military actions of a state, or a non-state actor, in response to a developing situation. These actions are designed as a military plan to resolve the situation in the state or actor's favor. Operations may be of a combat or non-combat nature and may be referred to by a code name for the purpose of national security. Military operations are often known for their more generally accepted common usage names than their actual operational objectives._ from Wikipedia
  - **In the context of MISP threat-actor name, it's a single specific operation.**
- _campaign_:
  - _The term military campaign applies to large scale, long duration, significant military strategy plans incorporating a series of inter-related military operations or battles forming a distinct part of a larger conflict often called a war. The term derives from the plain of Campania, a place of annual wartime operations by the armies of the Roman Republic._ from Wikipedia
  - **In the context of MISP threat-actor-name, it's long-term activity which might be composed of one or more operations.**
- threat-actor
  - **In the context of MISP threat-actor-name, it's an agreed name by a set of organisations.**
- activity group
  - **In the context of MISP threat-actor-name, it's a group defined by its set of common techniques or activities.**
- unknown
  - **In the context of MISP threat-actor-name, it's still not clear if it's an operation, campaign, threat-actor or activity group**

The meta field is an array to allow specific cluster of threat-actor to show the current disagreement between different organisations about the type (threat actor, activity group, campaign and operation).
2020-07-07 09:13:21 +02:00
Raphaël Vinot 86a8f04be3 chg: Bump travis 2020-07-02 11:27:08 +02:00
Alexandre Dulaunoy 164e54c3fe
Merge branch 'master' of github.com:MISP/misp-galaxy 2020-07-02 09:55:42 +02:00