Commit Graph

43 Commits (4bb665f4ee57ffdd4a018c98dd45b46e1f309499)

Author SHA1 Message Date
Alexandre Dulaunoy 4bb665f4ee
chg: [misp-galaxy] updated to the latest version 2021-03-13 14:43:27 +01:00
Alexandre Dulaunoy c3cabafe45
chg: [misp-galaxy] updated to the latest version 2021-01-23 16:55:36 +01:00
Alexandre Dulaunoy cdfca0dab1 Set theme jekyll-theme-slate 2020-11-06 10:55:14 +01:00
Alexandre Dulaunoy 0fe4fb361b
chg: [doc] master->main (logo) 2020-11-06 10:51:38 +01:00
Alexandre Dulaunoy 56f785f734
chg: [misp-galaxy] updated to the latest version 2020-11-06 10:50:08 +01:00
Alexandre Dulaunoy d914e1898d
Merge pull request #3 from DocArmoryTech/DocArmoryTech-systemd
Systemd and nginx production setup and instructions
2020-11-06 10:49:11 +01:00
DocArmoryTech 772e02f425
Update README.md 2020-11-03 14:03:28 +00:00
DocArmoryTech 987b685321
Update README.md 2020-11-03 13:56:57 +00:00
DocArmoryTech a616df19d4
Update nginx-tai.conf 2020-11-03 13:46:03 +00:00
DocArmoryTech 93b1b6ddd7
Create nginx-tai.conf
A sample nginx configuration file for reverse-proxying to a the _four_ tai servers started by the systemd `target` file
2020-11-03 12:57:19 +00:00
DocArmoryTech bff0996948
Add instructions for alt/production install
Added an instructions for installing TAI server as an unprivileged user and running it using systemd
2020-11-03 12:53:15 +00:00
DocArmoryTech 82964b544c
Update README.md 2020-11-03 12:46:02 +00:00
DocArmoryTech 09d1691032
Create tai@.service 2020-11-03 12:26:01 +00:00
Alexandre Dulaunoy a1c96ff1a5
Merge pull request #2 from DocArmoryTech/DocArmoryTech-options
Parameterise listening port and address
2020-11-03 13:19:35 +01:00
DocArmoryTech 09a93ca1cd
Create tai.target
A systemd `target` file that serves to group and manage `systemctl` control of a number of tai-servers
2020-11-03 12:19:32 +00:00
DocArmoryTech 795c232244
Merge pull request #1 from DocArmoryTech/DocArmoryTech-options
Parameterise listening port and address
2020-11-03 11:54:15 +00:00
DocArmoryTech 14376c39c7
Parameterise listening port and address
Uses tornado.options to `define` the port and ip address on which tai-server listens.

Default options maintain current functionality (i.e. listen on 0.0.0.0:8889)
2020-11-03 11:51:01 +00:00
Alexandre Dulaunoy af9764bee1
chg: [misp-galaxy] updated to the latest version 2020-09-24 14:26:34 +02:00
Alexandre Dulaunoy 2c6572f7ca
chg: [misp-galaxy] updated to the latest version 2020-07-27 13:32:09 +02:00
Alexandre Dulaunoy 1153d5cd17
chg: [tai-server] proper handling for non-existing threat-actor in queried country 2020-05-29 11:44:20 +02:00
Alexandre Dulaunoy 9fa0047294
Update README.md
url fixed
2020-05-28 14:52:41 +02:00
Alexandre Dulaunoy 93208eca90
chg: [doc] country search example 2020-05-28 10:37:56 +02:00
Alexandre Dulaunoy d883cea43a
new: [query] country search added against the threat actor db
curl --silent -d '{"country":"IR"}' -H "Content-Type: application/json" -X POST http://127.0.0.1:8889/query | jq .
2020-05-28 10:13:04 +02:00
Alexandre Dulaunoy 21388db009
chg: [misp-galaxy] updated to the latest version 2020-05-26 13:16:13 +02:00
Alexandre Dulaunoy 9a18c9247f
chg: [misp-galaxy] updated to the latest version 2020-04-01 09:18:41 +02:00
Alexandre Dulaunoy 5c15c90d77 chg: updated to the latest version of the misp galaxy 2020-03-01 08:18:15 +01:00
Alexandre Dulaunoy 6a4b36a1ba
chg: [misp-galaxy] updated to the latest version 2020-01-27 13:04:57 +01:00
Alexandre Dulaunoy 771dc189f4
chg: [misp-galaxy] updated to the latest version 2020-01-15 18:57:29 +01:00
Alexandre Dulaunoy d6d6984a20
Merge pull request #1 from fraduction/master
chg: [logo] cleanup of logo
2020-01-15 18:44:01 +01:00
Françoise Penninckx 34d24bb73a chg: [logo] cleanup of logo 2020-01-14 22:12:57 +01:00
Alexandre Dulaunoy 42349d5e0f chg: [logo] updated 2020-01-08 15:11:07 +01:00
Alexandre Dulaunoy 7eaa8231e9 chg: [logo] because bigger is better 2020-01-08 15:06:29 +01:00
Alexandre Dulaunoy e9319271d7 chg: [doc] because every project needs a logo 2020-01-08 15:04:48 +01:00
Alexandre Dulaunoy 641bd46e1f new: [doc] the logo done in the WC 2020-01-08 15:02:04 +01:00
Alexandre Dulaunoy 9e41395073 chg: [api] add /info entrypoint to give details about the version of threat actor galaxy loaded 2020-01-08 13:32:33 +01:00
Alexandre Dulaunoy a8de744ca1
chg: [server] query logging added 2020-01-07 11:00:18 +01:00
Alexandre Dulaunoy ef4660a92d
chg: [api] return proper error if the query format is incorrect 2020-01-07 10:52:24 +01:00
Alexandre Dulaunoy f559c93c08
chg: [misp-galaxy] updated to the latest version 2020-01-07 10:46:02 +01:00
Alexandre Dulaunoy c938d94dd0 chg: [doc] include the GET entry point to get threat-actor by UUID 2020-01-06 16:15:56 +01:00
Alexandre Dulaunoy ce71307801 chg: [api] default content-type is set to JSON 2020-01-06 16:01:33 +01:00
Alexandre Dulaunoy d9897caf61 chg: [api] a simple GET has been added to get a threat-actor per UUID in a single get request
curl --silent http://localhost:8889/get/0286e80e-b0ed-464f-ad62-beec8536d0cb  | jq .
{
  "description": "We have investigated their intrusions since 2013 and have been battling them nonstop over the last year at several large telecommunications and technology companies. The determination of this China-based adversary is truly impressive: they are like a dog with a bone.\nHURRICANE PANDA’s preferred initial vector of compromise and persistence is a China Chopper webshell – a tiny and easily obfuscated 70 byte text file that consists of an ‘eval()’ command, which is then used to provide full command execution and file upload/download capabilities to the attackers. This script is typically uploaded to a web server via a SQL injection or WebDAV vulnerability, which is often trivial to uncover in a company with a large external web presence.\nOnce inside, the adversary immediately moves on to execution of a credential theft tool such as Mimikatz (repacked to avoid AV detection). If they are lucky to have caught an administrator who might be logged into that web server at the time, they will have gained domain administrator credentials and can now roam your network at will via ‘net use’ and ‘wmic’ commands executed through the webshell terminal.",
  "meta": {
    "attribution-confidence": "50",
    "country": "CN",
    "refs": [
      "http://www.crowdstrike.com/blog/cyber-deterrence-in-action-a-story-of-one-long-hurricane-panda-campaign/",
      "https://blog.confiant.com/uncovering-2017s-largest-malvertising-operation-b84cd38d6b85",
      "https://blog.confiant.com/zirconium-was-one-step-ahead-of-chromes-redirect-blocker-with-0-day-2d61802efd0d"
    ],
    "synonyms": [
      "Black Vine",
      "TEMP.Avengers",
      "Zirconium",
      "APT 31",
      "APT31"
    ]
  },
  "related": [
    {
      "dest-uuid": "a653431d-6a5e-4600-8ad3-609b5af57064",
      "tags": [
        "estimative-language:likelihood-probability=\"likely\""
      ],
      "type": "similar"
    },
    {
      "dest-uuid": "066d25c1-71bd-4bd4-8ca7-edbba00063f4",
      "tags": [
        "estimative-language:likelihood-probability=\"likely\""
      ],
      "type": "similar"
    },
    {
      "dest-uuid": "103ebfd8-4280-4027-b61a-69bd9967ad6c",
      "tags": [
        "estimative-language:likelihood-probability=\"likely\""
      ],
      "type": "similar"
    }
  ],
  "uuid": "0286e80e-b0ed-464f-ad62-beec8536d0cb",
  "value": "Hurricane Panda"
}
2020-01-06 15:45:14 +01:00
Alexandre Dulaunoy fb6781ef6f chg: [doc] public API url added https://www.misp-project.org/tai/ 2020-01-06 15:22:32 +01:00
Alexandre Dulaunoy cbacc92ba9 new: [initial] A simple ReST server to lookup threat actors (by name, synonym or UUID) and returning the corresponding MISP galaxy information about the known threat actors. 2020-01-06 14:29:31 +01:00