Commit graph

1577 commits

Author SHA1 Message Date
rmkml
6d10e3a37d add Ragnarok Ransomware 2020-08-02 20:46:32 +02:00
Vasileios Mavroeidis
40d12b9dde
Motive correction based on the EU Cert motive taxonomy
Changed the motive in object 29af2812-f7fb-4edb-8cc4-86d0d9e3644b from Hactivism-Nationalist to Hacktivists-Nationalists
2020-07-28 11:43:46 +02:00
44afaf2523
chg: [threat-actor] remove duplicate references 2020-07-27 09:57:41 +02:00
StefanKelm
86c54cbd8c
Update threat-actor.json
OilRig
2020-07-23 11:07:22 +02:00
Raphaël Vinot
c174f613c5 fix: Name of SoD Matrix cluster to match galaxy.
Fix #566
2020-07-22 11:52:27 +02:00
Steve Clement
df6bed3d3a
Merge pull request #563 from r0ny123/patch-1 2020-07-22 09:14:13 +09:00
StefanKelm
17a1feb016
Update threat-actor.json
Turla
2020-07-15 11:20:18 +02:00
Rony
c33f4c7611
Update threat-actor.json
Moved the JUDGMENT PANDA references to APT31 following the previous commit.
Off note, Crowdstrike quietly removed the JUDGMENT PANDA section from its GTR-2019 report. However if anyone wants to grab the unchanged report, they can get it [here](https://b-ok.asia/book/3697424/2ab30a).
2020-07-12 12:57:24 +05:30
Rony
b77b9d374c
Update threat-actor.json 2020-07-12 11:19:13 +05:30
Koen Van Impe
d3e22ef14c SoD Matrix
Described at https://github.com/cudeso/SoD-Matrix
2020-07-10 14:08:45 +02:00
Deborah Servili
84474ddb29 merge 2020-07-09 16:31:04 +02:00
Deborah Servili
865e76beae commit 2020-07-07 14:47:44 +02:00
ba46bb6a0b
chg: [threat-actor] fix #561 by using new meta to classify as a campaign only.
Based on https://github.com/MISP/misp-galaxy/issues/469

There is an old and persistence issue in attribution world and basically no-one really agrees on this. So we decided to start a specific metadata `threat-actor-classification` on the threat-actor to define the various types per cluster entry:

- _operation_:
  - _A military operation is the coordinated military actions of a state, or a non-state actor, in response to a developing situation. These actions are designed as a military plan to resolve the situation in the state or actor's favor. Operations may be of a combat or non-combat nature and may be referred to by a code name for the purpose of national security. Military operations are often known for their more generally accepted common usage names than their actual operational objectives._ from Wikipedia
  - **In the context of MISP threat-actor name, it's a single specific operation.**
- _campaign_:
  - _The term military campaign applies to large scale, long duration, significant military strategy plans incorporating a series of inter-related military operations or battles forming a distinct part of a larger conflict often called a war. The term derives from the plain of Campania, a place of annual wartime operations by the armies of the Roman Republic._ from Wikipedia
  - **In the context of MISP threat-actor-name, it's long-term activity which might be composed of one or more operations.**
- threat-actor
  - **In the context of MISP threat-actor-name, it's an agreed name by a set of organisations.**
- activity group
  - **In the context of MISP threat-actor-name, it's a group defined by its set of common techniques or activities.**
- unknown
  - **In the context of MISP threat-actor-name, it's still not clear if it's an operation, campaign, threat-actor or activity group**

The meta field is an array to allow specific cluster of threat-actor to show the current disagreement between different organisations about the type (threat actor, activity group, campaign and operation).
2020-07-07 09:13:21 +02:00
164e54c3fe
Merge branch 'master' of github.com:MISP/misp-galaxy 2020-07-02 09:55:42 +02:00
StefanKelm
14665429d7
Update threat-actor.json
APT31
2020-06-25 16:23:00 +02:00
StefanKelm
92bc206879
Update threat-actor.json
APT30
2020-06-23 14:54:09 +02:00
Rony
bc97b07089
Update threat-actor.json 2020-06-21 19:19:17 +05:30
StefanKelm
583f1d2fc2
Update threat-actor.json
TA505
2020-06-17 11:56:29 +02:00
0cb36249a4
chg: [jq] all the things 2020-06-12 09:26:30 +02:00
Rony
29be5ac7e1
fixed typo! 2020-06-12 00:09:59 +05:30
Rony
9365bfb7cd
Adding GALLIUM Threat Actor 2020-06-11 23:42:35 +05:30
StefanKelm
f042f98247
Update threat-actor.json
Higaisa
2020-06-08 14:09:39 +02:00
StefanKelm
9c25d5e8c5
Update threat-actor.json
Cycldek
2020-06-04 17:18:45 +02:00
3867b1f602
Merge pull request #552 from danielplohmann/reference-fixes
Reference fixes
2020-05-29 09:26:05 +02:00
2a074f23fd
chg: [preventive-measure] packet filtering added 2020-05-27 10:02:16 +02:00
Daniel Plohmann (jupiter)
a705d1402f fixing deadlinks where possible 2020-05-27 09:49:58 +02:00
Daniel Plohmann (jupiter)
171f272a1e default to HTTPS to be consistent with other links to same page 2020-05-27 09:27:52 +02:00
8a0a4cb02d
Merge pull request #551 from nyx0/master
Add CrackMapExec, metasploit, Cobalt Strike and Covenant
2020-05-27 09:10:08 +02:00
Thomas Dupuy
291fb41502 Remove duplicate TA (Chafer), fix symantec link, add synonyme for DarkHotel 2020-05-26 09:50:43 -04:00
Thomas Dupuy
143bd521be Add CrackMapExec, metasploit, Cobalt Strike and Covenant 2020-05-26 09:35:01 -04:00
Rony
fbd351590a
Update threat-actor.json 2020-05-24 23:18:54 +05:30
Rony
5f8094d16f
fix 2020-05-24 23:14:43 +05:30
b5bbc34f5d
chg: [threat-actor] remove the non-unique elements 2020-05-22 14:01:32 +02:00
Nils Kuhnert
fbfe9d23c3
Merged (most) SecureWorks threat actor profiles && jq 2020-05-22 13:45:29 +02:00
iglocska
dee9a56460
fix: small fixes to the bhadra framework 2020-05-19 16:45:40 +02:00
iglocska
43703f1a96
new: added Bhadra framework for mobile attacks
- based on the paper published here: https://arxiv.org/pdf/2005.05110.pdf
- thanks to the ATT&CK EU community conference speakers highlighting this framework!
2020-05-19 16:34:59 +02:00
006b61bc44
Merge pull request #547 from Delta-Sierra/master
add Snake Ransomware
2020-05-15 17:55:47 +02:00
Deborah Servili
b943a7daca
fix missing description 2020-05-15 09:00:34 +02:00
Deborah Servili
6d6da39da4
add Snake Ransomware 2020-05-13 11:58:33 +02:00
Daniel Plohmann
5101c5a828
msft name: BORON for APT3
as per tweet: https://twitter.com/bkMSFT/status/1259578051962306562
2020-05-11 15:37:38 +02:00
09429eda5a
chg: [ta] fix the JSON 2020-05-11 10:20:10 +02:00
Thomas Dupuy
fc9505cadf Add Sednit's Exploit-kit Sedkit 2020-05-08 13:29:14 -04:00
Thomas Dupuy
69fe870803 Add Higaisa Threat Actor 2020-05-08 13:01:48 -04:00
Deborah Servili
1d331a9ab1
Merge branch 'master' into master 2020-04-28 15:19:38 +02:00
Thomas Dupuy
46a6d9fcb1 Add DenesRAT/METALJACK 2020-04-28 01:08:50 -04:00
2a70893352
chg: [jq] JSON fixed 2020-04-27 15:03:25 +02:00
de Rosen
a428ad565e Added misp info 2020-04-27 15:16:33 +03:00
Deborah Servili
f6fd07fbc9
add speculoos bakdoor 2020-04-27 09:36:23 +02:00
86157a6b96
Merge pull request #539 from r0ny123/MergingTA
Adding alias Thallium and merging STOLEN PENCIL
2020-04-26 21:16:56 +02:00
Rony
112f9e4a08
Adding alias Thallium and merging STOLEN PENCIL
Pretty much confirmed from the crowdstrike talk at ATT&CKon 2.0.
And also Netscout named the campaign as STOLEN PENCIL.
2020-04-26 23:47:37 +05:30
de71a444f8
chg: [json] add missing comma 2020-04-26 14:23:59 +02:00
rvs1st
d449eb94fc
Update threat-actor.json
Added on line 1403: Trident per campaign malicious RTF documents to exploit CVE-2017-11882 and CVE-2012-0158
2020-04-24 09:03:58 -05:00
4234d44052
Merge pull request #537 from danielplohmann/patch-28
Adding Nazar APT as described by JAGS in his OPCDE talk yesterday.
2020-04-24 15:33:47 +02:00
Daniel Plohmann
858621ebdc
Adding Nazar APT as described by JAGS in his OPCDE talk yesterday. 2020-04-23 15:47:35 +02:00
Daniel Plohmann
b0f0bbae33
adding VOYEUR as alias (used by NSA) for MAGIC KITTEN (source reference included) 2020-04-23 14:52:08 +02:00
Deborah Servili
6b49d81b13 Merge branch 'master' of https://github.com/MISP/misp-galaxy 2020-04-23 10:06:04 +02:00
itayc0hen
667d5b8850 Add ItaDuke/DarkUniverse actor 2020-04-22 19:44:38 +03:00
pnx@pyrite
974ece3a7c adding FIN1 2020-04-20 14:20:22 +02:00
Rony
aa34775390
typo
thanks to @patricksvgr
2020-04-19 23:17:44 +05:30
Rony
ddfa280672
Update threat-actor.json 2020-04-19 23:06:57 +05:30
Rony
7ac2648dbc
more fix 2020-04-19 23:00:42 +05:30
Rony
573b4807ee
fix broken links 2020-04-19 16:03:21 +05:30
Rony
42a4820823
dead link 2020-04-19 11:45:45 +05:30
Rony
0aa34187e9
add link 2020-04-19 11:29:36 +05:30
Rony
d6bf42254f
Merging APT23 & Tropic Trooper 2020-04-18 13:22:25 +05:30
Rony
c161080175
Update threat-actor.json 2020-04-15 21:36:48 +05:30
Deborah Servili
e8edc9cafc Merge branch 'master' of https://github.com/MISP/misp-galaxy 2020-04-15 11:27:01 +02:00
Deborah Servili
b01e64eb1f
add Operation Shadow Forece 2020-04-08 14:53:19 +02:00
Daniel Plohmann
aba625dee5
removed duplicate entry 2020-04-07 08:49:33 +02:00
Daniel Plohmann
e15a4a6525
fixing/removing some more dead links 2020-04-06 15:25:22 +02:00
Deborah Servili
7859c8dbd7
Add coronavirus ransomware 2020-04-03 16:19:45 +02:00
Deborah Servili
8a3422acb4
add Pyta ransomnotes 2020-04-03 11:58:02 +02:00
Deborah Servili
c566c89f2a
add pyza ransomware 2020-03-27 14:22:34 +01:00
c7104e8819
chg: [country] jq all 2020-03-23 13:09:14 +01:00
iglocska
777c3188db
new: [country] galaxy added 2020-03-23 12:10:16 +01:00
35a57c36bf
Merge pull request #526 from Delta-Sierra/master
PARINACOTA group
2020-03-12 23:23:05 +01:00
Deborah Servili
a706b8ef2e
PARINACOTA group 2020-03-12 13:11:46 +01:00
e37f320df5
Merge pull request #523 from danielplohmann/patch-24
adding aliases MERCURY, HOLMIUM
2020-03-09 21:56:27 +01:00
Daniel Plohmann
ab49ef3c1a
Kimsuki -> Black Banshee
PWC refers to Kimsuki as Black Banshee (https://www.pwc.co.uk/issues/cyber-security-data-privacy/research/tracking-kimsuky-north-korea-based-cyber-espionage-group-part-2.html)
2020-03-09 18:20:56 +01:00
Daniel Plohmann
1260ab156a
adding aliases MERCURY, HOLMIUM
Muddywater->MERCURY: https://twitter.com/moranned/status/1234071210822184960
APT33->HOLMIUM: https://www.zdnet.com/article/microsoft-notified-10000-victims-of-nation-state-attacks/
2020-03-09 08:50:08 +01:00
e81c91e3e9
Merge pull request #522 from Delta-Sierra/master
add sdbbot
2020-03-06 15:24:14 +01:00
Deborah Servili
b007d5d3ce
add SdBbot 2020-03-06 14:33:19 +01:00
a407ddcc5b
Merge branch 'master' of github.com:MISP/misp-galaxy 2020-03-05 10:49:15 +01:00
375db26505
chg: [malpedia] fixes 2020-03-05 10:48:28 +01:00
4a64d0a4ad
Merge pull request #519 from danielplohmann/crowdstrike2020report
adding new/updated threat actor names from CrowdStrike 2020 report
2020-03-05 09:07:16 +01:00
Corsin Camichel
66aa5c3b13
fixing a comma error 2020-03-04 21:13:01 +01:00
Daniel Plohmann (jupiter)
0c2b0b76eb while we are at it, we can also do Longhorn = APT-C-39 2020-03-04 21:09:06 +01:00
Corsin Camichel
a5a7c21c79
adding Raccoon (win.raccoon) 2020-03-04 21:02:51 +01:00
Daniel Plohmann (jupiter)
184f193342 IMPERIAL KITTEN as alias for Tortoiseshell 2020-03-04 19:39:14 +01:00
pnx@pyrite
3dc460e795 adding new/updated threat actor names from CrowdStrike 2020 report 2020-03-04 13:36:34 +01:00
Daniel Plohmann
dc059d1f4d
Accenture calls APT32 - "POND LOACH" 2020-03-03 19:40:50 +01:00
Deborah Servili
d8ea0f865c
add clop ransomware extension 2020-03-02 13:33:38 +01:00
b4b91b1e5d
chg: [threat-actor] JSON fixed 2020-02-28 16:37:24 +01:00
4c7532984a
Merge branch 'master' of https://github.com/nyx0/misp-galaxy into nyx0-master 2020-02-28 16:36:56 +01:00
Deborah Servili
0d4745d55f Merge branch 'master' of https://github.com/MISP/misp-galaxy 2020-02-28 11:38:20 +01:00
Deborah Servili
a61f8d7049
add extension to clop ransomware 2020-02-28 11:37:54 +01:00
ee63756cc5
Merge pull request #516 from rmkml/master
add MedusaLocker ransomware
2020-02-23 16:06:45 +01:00
rmkml
590e292b68 add MedusaLocker ransomware 2020-02-23 16:01:45 +01:00
Deborah Servili
29bf20e89b
add razor ransomware 2020-02-19 15:55:29 +01:00
Thomas Dupuy
0daeb675f5 Add InvisiMole cluster 2020-02-18 13:28:32 -05:00
c98093e6fe
Merge pull request #513 from danielplohmann/patch-20
adding APT-C-12
2020-02-13 21:56:34 +01:00
Daniel Plohmann
e481e9bb50
adding APT-C-12 2020-02-13 17:44:45 +01:00
Deborah Servili
f196bad4a1
add tools used by TA505 + others 2020-02-12 15:39:16 +01:00
Deborah Servili
66a721fcd3 Merge branch 'master' of https://github.com/MISP/misp-galaxy 2020-02-12 15:00:30 +01:00
Deborah Servili
b46f9b68fe
add warzone RAT 2020-02-06 13:39:58 +01:00
33aa1c8f3f
Merge pull request #510 from Delta-Sierra/master
add ransomwares
2020-02-06 09:53:19 +01:00
Deborah Servili
46fe9cb82b
add ransomwares 2020-02-06 09:29:33 +01:00
Rony
22c9badee0
Update threat-actor.json
those are the name of aliases of the same malware family sykipot. so removing it.
2020-02-05 18:00:31 +05:30
Deborah Servili
5da17d51aa
Merge branch 'master' into master 2020-01-24 09:33:33 +01:00
Deborah Servili
606e3ec90f
jq 2020-01-24 09:32:09 +01:00
6d078a88dd
chg: [ransomware] Nodera ransomware added 2020-01-24 09:04:38 +01:00
Deborah Servili
58415324c5
add Operation Wocao 2020-01-24 08:27:20 +01:00
Thomas Dupuy
edc5196373 Add Attor and DePriMon 2020-01-23 11:27:00 -05:00
Daniel Plohmann
ccfe5ee130
removing and fixing deadlinks in the best possible way
Hi! While migrating Malpedia to our new reference data format, we noticed a few potentially dead/moved references in your cluster. This pull request should fix most of them, for some I was not able to find an appropriate replacement.
2020-01-23 11:14:20 +01:00
Daniel Plohmann
29a128da6f
adding references and TEMP.MixMaster as alias for WIZARD SPIDER
with kudos to @tbarabosch
2020-01-22 15:42:01 +01:00
911c2bf0bf
Merge pull request #504 from Delta-Sierra/master
update target location galaxy
2020-01-21 11:06:56 +01:00
Deborah Servili
8421bde291
complete Zimbabwe cluster 2020-01-21 10:51:07 +01:00
Deborah Servili
f364e51d24
update target location galaxy 2020-01-20 14:46:03 +01:00
dbaab413b6
chg: [threat-actor] typo fixed 2020-01-18 17:30:27 +01:00
564f27c5ca
chg: [threat-actor] format fixed 2020-01-18 17:26:45 +01:00
34c5c66279
chg: [threat-actor] fix order 2020-01-18 17:08:32 +01:00
8eeceafc51
chg: [threat-actor] Budminer APT added based on document from "Soesanto, Stefan"
Ref: https://www.research-collection.ethz.ch/bitstream/handle/20.500.11850/389371/1/Cyber-Reports-2020-01-A-one-sided-Affair.pdf
Ref: https://www.symantec.com/connect/blogs/taiwan-targeted-new-cyberespionage-back-door-trojan
2020-01-18 17:02:44 +01:00
StefanKelm
027d94e68a
Update ransomware.json 2020-01-16 16:59:22 +01:00
StefanKelm
f53a92065c
Update ransomware.json
5ss5c
2020-01-16 16:46:38 +01:00
Deborah Servili
5ec817b499
Merge branch 'master' into master 2020-01-15 14:36:01 +01:00
Deborah Servili
32961527aa
add Autochk Rootkit as tool 2020-01-15 13:41:53 +01:00
Deborah Servili
bfcc867ee6
add two wipers to tools 2020-01-14 15:54:06 +01:00
3c90322fd8
Merge pull request #500 from Delta-Sierra/master
update target information
2020-01-08 16:22:24 +01:00
StefanKelm
5832893d4f
Update tool.json
LiquorBot
2020-01-08 16:04:22 +01:00
Deborah Servili
53df69a1eb
update target information 2020-01-08 15:50:47 +01:00
StefanKelm
bf4fc92066
Update tool.json
Lampion
2020-01-07 13:14:08 +01:00
5da0c7bd54
chg: [threat-actor] SideWinder APT group added 2020-01-07 10:42:07 +01:00
StefanKelm
9b6f9136f9
Update threat-actor.json 2020-01-03 12:50:49 +01:00
StefanKelm
9373cfcb53
Update threat-actor.json
BRONZE PRESIDENT
2020-01-03 12:42:57 +01:00
Rony
6b1142abac
Update threat-actor.json 2019-12-23 22:05:28 +05:30
be4f9e01a0
Merge pull request #496 from bartblaze/patch-1
Update threat-actor.json
2019-12-20 08:23:30 +01:00
Bart
8ebb2e2d16
Update threat-actor.json
Adds Operation Wocao..
2019-12-19 21:42:02 +01:00
Deborah Servili
34340372b3
add clop ransomware 2019-12-19 17:19:18 +01:00
Deborah Servili
b8c332a055
jq 2019-12-16 14:08:34 +01:00
Deborah Servili
c876928abd Merge branch 'master' of https://github.com/MISP/misp-galaxy 2019-12-16 13:36:56 +01:00
Deborah Servili
ee38ec7220
add BitPaymer Synonsyms 2019-12-16 13:36:00 +01:00
Deborah Servili
47e0d00555
Merge pull request #493 from Delta-Sierra/master
add tools used by GALLIUM
2019-12-13 15:35:29 +01:00
Deborah Servili
0fc9045ef2
add tools used by GALLIUM 2019-12-13 15:06:00 +01:00
9f56a91013
Merge pull request #492 from Delta-Sierra/master
Operation Soft Cell ralated Updates
2019-12-13 13:35:52 +01:00
Deborah Servili
03c54a3e05
add GALLIUM as microsoft activities group and similar to Operation Soft Cell 2019-12-13 11:47:31 +01:00
Deborah Servili
3be47af325
update threat actor version 2019-12-13 11:04:51 +01:00
Deborah Servili
9b153913be
add relation suspected link between operation soft cell and apt10 2019-12-13 10:59:06 +01:00
Sebastian Wagner
c3b5b39dd3
sofacy: add apt_sofacy as synonym 2019-12-12 15:57:13 +01:00
Deborah Servili
170f964e8c
##COMMA## 2019-12-11 14:22:09 +01:00
Deborah Servili
7e18f2e509
Merge branch 'master' into master 2019-12-11 13:51:52 +01:00
Deborah Servili
391b5a674d
add Axiom synonym 2019-12-11 13:50:35 +01:00
8da36c09e1
chg: [threat-actor] jq 2019-12-08 09:03:14 +01:00
Daniel Plohmann
94b3c1ec07
added APT-C-34 / Golden Falcon 2019-12-07 12:44:30 +01:00
Deborah Servili
31f3a61d5f
add Sofacy ref 2019-12-05 15:42:42 +01:00
8e73612b09
Merge pull request #488 from Delta-Sierra/master
create new galaxy - surveillance-vendor
2019-12-05 14:48:44 +01:00
Deborah Servili
df1cbf8dce
add clusters to surveillance-vendor galaxy 2019-12-05 12:06:10 +01:00
Deborah Servili
ad5b915175
Fix surveillance-vendor galaxy 2019-12-05 11:09:38 +01:00
Deborah Servili
12530db5a8
Add FlexiSPY + jq 2019-12-05 10:05:21 +01:00
Deborah Servili
a049009453
add new galaxy - surveillance-vendor 2019-12-04 16:22:58 +01:00
Deborah Servili
2e82cd4fd7
add Private Internet Access as Tool 2019-12-04 16:22:22 +01:00
5f020307f3
Merge pull request #485 from danielplohmann/patch-15
added TA2101
2019-12-03 22:36:49 +01:00
Daniel Plohmann
bd3cc6d8ee
added TA2101 2019-12-03 18:13:44 +01:00
Jean-Louis Huynen
100299f3fd
add: [dark-pattern] add a source 2019-12-03 17:09:57 +01:00
Jean-Louis Huynen
44a9897f2a
add: [dark-pattern] galaxy to tag dark patterns 2019-12-03 16:26:29 +01:00
2659d864d6
chg: [ransomware] jq ;-) 2019-11-22 22:41:01 +01:00
rmkml
64f100e578
Merge branch 'master' into master 2019-11-22 22:32:24 +01:00
rmkml
81cef767aa Fix Add FTCode Ransomware 2019-11-22 22:27:20 +01:00
rmkml
eee9beca0f Add FTCode Ransomware 2019-11-22 21:16:40 +01:00
Deborah Servili
34faa63070
jq 2019-11-22 15:41:51 +01:00
Deborah Servili
ba830c905d
add cyborg ransomnote refs 2019-11-22 15:36:49 +01:00
Deborah Servili
757c3d6480
add cyborg ransomnote filename 2019-11-22 15:35:58 +01:00
Deborah Servili
2009a9c45c
add cyborg ranspmware extension 2019-11-22 15:30:17 +01:00
Deborah Servili
cab60a02e2
jq 2019-11-22 14:15:29 +01:00
Deborah Servili
08a4897cbe
add DePriMon malicious downloader & Cyborg ransomware 2019-11-22 14:05:36 +01:00
8cc5e02f22
chg: [clean-up] jq all the things 2019-11-21 17:19:39 +01:00
Deborah Servili
38641aae36
merge 2019-11-21 16:24:11 +01:00
Deborah Servili
f21dd95b28
merge 2019-11-21 16:23:29 +01:00
8240fe1722
Merge pull request #480 from rmkml/master
Add Maze Ransomware
2019-11-21 14:13:17 +01:00
Deborah Servili
1a0dd2292b
add silence synonym & new meta field spoken-language 2019-11-21 11:50:02 +01:00
rmkml
90bc667988 Add Maze Ransomware 2019-11-21 00:57:50 +01:00
rmkml
9410326ea2 Revert "Add Maze Ransomware"
This reverts commit cfc6e2802c.
2019-11-21 00:55:55 +01:00
rmkml
cfc6e2802c Add Maze Ransomware 2019-11-19 23:15:02 +01:00
5dc55fbbfb
Merge pull request #477 from rmkml/master
Add Desync Ransomware
2019-11-19 06:40:31 +01:00
rmkml
ac4099ed0e Add Desync Ransomware 2019-11-18 23:37:21 +01:00
Deborah Servili
5f65e8d208
traget information update [WIP] 2019-11-14 15:07:08 +01:00
StefanKelm
aa132ca58f
new refs for APT33 2019-11-14 14:57:05 +01:00
ea18f6e920
Merge pull request #475 from Delta-Sierra/master
target information update [WIP]
2019-11-13 20:43:03 +01:00
Deborah Servili
08cdc4cac3
jq 2019-11-13 15:56:23 +01:00
Deborah Servili
985c4b2459
traget information update [WIP] 2019-11-13 15:55:32 +01:00
eea0f528fa
chg: [threat-actor] Lucky Mouse synonym added
Ref: https://www.bleepingcomputer.com/news/security/cyber-espionage-group-customizes-old-public-tools/
Ref: https://www.cybersecurity-insiders.com/apt-lucky-mouse-group-targets-canada-icao-via-cyber-attack/
2019-11-12 12:51:44 +01:00
Raphaël Vinot
1486890f86 fix: JQ all the things. 2019-11-12 10:25:00 +01:00
871d90cfc2
chg: [threat-actor] Calypso group added
Ref: https://www.ptsecurity.com/upload/corporate/ru-ru/analytics/calypso-apt-2019-rus.pdf
MISP UUID: 5ca4718b-7f38-4822-83b7-0a1a0a00b412
2019-11-11 13:34:54 +01:00
Deborah Servili
e310b98bc0
add Palestine PPound 2019-11-07 08:44:49 +01:00
Deborah Servili
50022d3905 Merge branch 'master' of https://github.com/MISP/misp-galaxy 2019-11-07 08:34:05 +01:00
ea8c1dd764
Merge pull request #472 from rmkml/master
Add DoppelPaymer Ransomware
2019-11-06 20:48:33 +01:00
rmkml
9707a5eb0e Add DoppelPaymer Ransomware 2019-11-06 20:41:43 +01:00
Deborah Servili
1a62f7c2cd
jq 2019-11-06 16:23:34 +01:00
Deborah Servili
5b6aae5d1c
update target location WIP 2019-11-06 16:21:10 +01:00
2d1406b4d6
Merge pull request #471 from rmkml/master
Add FreeMe Ransomware
2019-11-06 06:36:53 +01:00
rmkml
656d90fd7c Add FreeMe Ransomware 2019-11-05 23:09:48 +01:00
d9a64c18ff
chg: [threat-actor] threat-actor-classification updated 2019-11-04 09:37:52 +01:00
6f463325b9
chg: [threat-actor] jq is jq 2019-11-03 16:01:09 +01:00
64a3569803
Merge branch 'master' of github.com:MISP/misp-galaxy 2019-11-03 08:52:37 +01:00
8d01e77574
chg: [threat-actor] Operation WizardOpium added
ref: https://securelist.com/chrome-0-day-exploit-cve-2019-13720-used-in-operation-wizardopium/94866/
2019-11-03 08:51:37 +01:00
346e54a321
Merge pull request #468 from Delta-Sierra/master
add Turla Group Symonym variant
2019-11-02 13:40:21 +01:00
Deborah Servili
1da2dc8af1
add Turla Group Symonym variant 2019-10-31 16:33:32 +01:00
Deborah Servili
efa2f43c0f
Merge pull request #467 from Delta-Sierra/master
Few updates
2019-10-31 14:31:16 +01:00
Deborah Servili
bee9b80898
jq 2019-10-31 10:37:36 +01:00
Deborah Servili
0a8f989e1c
add Winnti related tools etc. 2019-10-31 10:36:15 +01:00
Christophe Vandeplas
d32022b241 fix: [attack] fixes old MITRE relationships not being removed 2019-10-27 21:06:26 +01:00
Christophe Vandeplas
4ab9bbbfa3 chg: [attack] update to latest ATT&CK data 2019-10-25 10:12:41 +02:00
1581827875
chg: [attck4fraud] jq all the things 2019-10-20 20:07:29 +02:00
Christophe Vandeplas
eb594cba0f fix: [misinfosec] fixes inconsistent filename 2019-10-20 18:53:02 +02:00
2b84592ff5
Merge branch 'master' of github.com:MISP/misp-galaxy 2019-10-18 14:28:41 +02:00
77605f8d43
chg: [attck4fraud] updates based on issue #466 2019-10-18 14:27:36 +02:00
Rony
1fc0f5e2e7
Update threat-actor.json 2019-10-17 09:46:56 +05:30
Deborah Servili
88025a541f
add operation soft cell 2019-10-14 16:07:35 +02:00
4d4bd3a70c fix: [misinfosec] fixed kill_chain fields 2019-10-09 09:45:52 +02:00
VVX7
e4998efec9 chg: [galaxy] added AMITT galaxy/cluster generator script 2019-10-08 13:52:08 -04:00
VVX7
a0357c735e chg: [galaxy] version number to int 2019-10-07 19:19:45 -04:00
VVX7
0a29445b44 new: [galaxy] AMITT (Adversarial Misinformation and Influence Tactics and Techniques) framework for describing disinformation incidents. AMITT is part of misinfosec - work on adapting information security practices to help track and counter misinformation - and is designed as far as possible to fit existing infosec practices and tools. 2019-10-07 19:07:25 -04:00
Deborah Servili
c27385cfa4
jq 2019-10-07 14:38:16 +02:00
Deborah Servili
5355910a8f
add legitimate tools 2019-10-07 13:38:40 +02:00
Deborah Servili
19452d8c1f Merge branch 'master' of https://github.com/MISP/misp-galaxy 2019-10-07 11:07:00 +02:00
Deborah Servili
569d453ff2
update version 2019-10-07 11:06:27 +02:00
Deborah Servili
0795eecd01
add PlugX rat sysnonyms 2019-10-07 11:04:33 +02:00
ac8236d16d
chg: [misp-galaxy] jq all the things 2019-10-03 14:46:07 +02:00
9e82b025b5
chg: [tool] COMPfun - Reductor added
Ref: https://securelist.com/compfun-successor-reductor/93633/
2019-10-03 14:25:44 +02:00
Deborah Servili
cb774002c9
add Sodinokibi synonym 2019-10-02 11:44:54 +02:00
Deborah Servili
82824be700
fix empty string 2019-09-30 12:55:31 +02:00
Deborah Servili
b7c9d3e034
jq 2019-09-30 11:56:28 +02:00
Deborah Servili
fca032ea73
add TVSPY tool 2019-09-30 10:45:53 +02:00
Deborah Servili
f6c075c3df
WIP update target info 2019-09-27 16:22:01 +02:00
Deborah Servili
c305640290
new galaxy - Region based on UN M49 2019-09-26 13:01:41 +02:00
Deborah Servili
d0068b0ce0
WIP update target info 2019-09-25 15:39:02 +02:00
Deborah Servili
a4b59f647c
jq 2019-09-25 13:41:55 +02:00
Deborah Servili
335402c886 Merge branch 'master' of https://github.com/MISP/misp-galaxy into target-location-galaxy 2019-09-25 13:39:33 +02:00
Deborah Servili
bb3f9dc183
WIP update target info - fix empty string 2019-09-25 13:31:46 +02:00
309109eb27
chg: [threat-actor] new LookBack (Malware?Campaign?TA?)
Signed-off: During MISP training
2019-09-25 12:12:34 +02:00
Deborah Servili
9068e3c742
WIP update target info 2019-09-25 11:46:10 +02:00
a5ae130916
chg: [threat-actor] Evil Eye and POISON CARP
Ref: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/
Signed-off: Jean-Louis during training session
2019-09-25 11:27:03 +02:00
Deborah Servili
83ee520dd5
WIP update target info 2019-09-25 09:44:34 +02:00
Deborah Servili
638cdd4198
version update 2019-09-20 14:54:56 +02:00
Deborah Servili
b9b4b9c651
Add Tortoiseshell thrat actor 2019-09-20 14:53:25 +02:00
Deborah Servili
6d88367497
moar clusters 2019-09-20 09:50:37 +02:00
42f457fc22
Merge pull request #457 from rmkml/master
Add Mr.Dec Ransomware
2019-09-17 10:17:11 +02:00
rmkml
5631d210a0 Add Mr.Dec Ransomware 2019-09-17 00:44:56 +02:00
cc134d7dff
Merge pull request #456 from rmkml/master
Add Hildacrypt Ransomware
2019-09-15 18:24:03 +02:00
rmkml
dff982be20 Add Hildacrypt Ransomware 2019-09-14 21:49:16 +02:00
55da11f8ba
Merge pull request #455 from rmkml/master
Add InnfiRAT
2019-09-14 08:16:35 +02:00