6b137ea12c
Merge pull request #749 from Mathieu4141/threat-actors/fix-naikon-cluster
...
[threat actors] Fix threat actors related to Lotus Panda
2022-08-20 11:46:15 +02:00
Mathieu Beligon
7f82616c10
fix axiom related field
2022-08-19 12:48:40 -07:00
Mathieu Beligon
969f461709
merge into apt41
2022-08-19 12:45:47 -07:00
Christophe Vandeplas
1b69b654a8
chg: [atrm] bump to latest ATRM version
2022-08-19 21:19:23 +02:00
Mathieu Beligon
fd9201e9e0
Merge APT22 and suckfly
2022-08-19 12:16:30 -07:00
Mathieu Beligon
768c94671c
Fix hellsing ref
2022-08-19 11:34:16 -07:00
a8b234d694
Merge pull request #753 from Mathieu4141/threat-actors/fix-bronze-president
...
[threat-actors] Remove duplicated BRONZE PRESIDENT entity
2022-08-19 06:26:11 +02:00
Mathieu Béligon
fcd6faec78
Capitalize override panda alias
...
Co-authored-by: Rony <rony_123@protonmail.ch>
2022-08-18 20:51:03 -07:00
Mathieu Béligon
54f3ef2831
capitalize lotus panda alias
...
Co-authored-by: Rony <rony_123@protonmail.ch>
2022-08-18 20:50:32 -07:00
Mathieu Béligon
c9b11553eb
normalize APT30 alias
...
Co-authored-by: Rony <rony_123@protonmail.ch>
2022-08-18 20:32:44 -07:00
Mathieu Beligon
c1abedb446
Move Lotus Panda alias to Lotus Blossom
2022-08-18 20:21:31 -07:00
Mathieu Beligon
a61ef2a88f
[threat-actors] Fix Axiom/Winnti/Suckfly/APT41 conflicts
2022-08-18 17:03:26 -07:00
Mathieu Beligon
84e69ad4be
Add DarkCommet as a tool of GoldenRAT
2022-08-18 15:47:04 -07:00
Mathieu Beligon
1acc51a7a6
[threat-actors] Add more data about APT-C-27
2022-08-18 15:44:18 -07:00
Mathieu Beligon
ec988c97d0
[threat-actors] Remove duplicated APT-C-27
2022-08-18 15:34:08 -07:00
Mathieu Beligon
d9046c8619
[threat-actors] Remove duplicated BRONZE PRESIDENT entity
2022-08-18 15:12:18 -07:00
Mathieu Beligon
a046e8094d
Merge APT30 and Naikon
2022-08-18 11:36:45 -07:00
Mathieu Beligon
5e4a4c3453
Merge branch 'main' into threat-actors/fix-naikon-cluster
2022-08-18 09:01:36 -07:00
Mathieu Beligon
264e764dfa
Remove ATK34 alias
2022-08-18 08:59:04 -07:00
Delta-Sierra
3f036db1e3
add TA558
2022-08-18 15:54:28 +02:00
Mathieu Beligon
71e3e1f3eb
Fix ATK aliases
2022-08-17 13:39:43 -07:00
Mathieu Beligon
a6242d4732
Merge branch 'main' into threat-actors/fix-naikon-cluster
2022-08-17 13:37:01 -07:00
Mathieu Beligon
0d6399aa2b
Add ATK78 alias for Thrip
2022-08-17 12:04:32 -07:00
Mathieu Beligon
53282255ce
Branch out Goblin Panda from Hellsing
2022-08-17 11:55:35 -07:00
Mathieu Beligon
3f50cf0175
Create a tool for Esile
2022-08-17 11:19:30 -07:00
Rony
f608312577
addresses https://github.com/MISP/misp-galaxy/pull/751#issuecomment-1217680586
2022-08-17 08:52:35 +00:00
Rony
ccd10b54f4
remove duplicate reference
2022-08-17 12:49:56 +05:30
Rony
0cec882cc5
merge microcin/sixlittlemonkeys to vicious panda
2022-08-17 07:06:51 +00:00
a373909bb1
Merge pull request #748 from r0ny123/patch-2
...
Update threat-actor.json
2022-08-17 07:44:46 +02:00
352998a84d
fix: [threat-actor] add missing refs for APT33 including CFR link
2022-08-17 07:40:23 +02:00
Mathieu Beligon
d05b29c1af
[threat-actors] Remove duplicate APT33
2022-08-16 17:15:30 -07:00
Mathieu Beligon
9c6f106928
[threat actor] Fix aliases related to Lotus Panda
2022-08-16 16:58:35 -07:00
Rony
5b25b574b3
add uac-0010 references from cert-ua
2022-08-16 10:19:53 +00:00
Rony
370045b01d
Merge "red october" and "cloud atlas" to inception framework"
2022-08-16 09:30:29 +00:00
Rony
62b168600f
fix duplicates
2022-08-16 12:15:30 +05:30
Rony
490bc6a05c
fix duplicate
2022-08-16 12:10:27 +05:30
Rony
bbe84c5985
updates to russian actors
2022-08-16 12:07:59 +05:30
Rony
de76aef023
Update threat-actor.json
2022-08-16 10:49:13 +05:30
Rony
f4b63d4514
updates to tianwu
2022-08-16 10:30:33 +05:30
96d31aa8c7
chg: [threat-actor] jq all the things
2022-08-11 17:50:00 +02:00
Thomas Dupuy
ed24dcaf19
Add link for SLIME29.
2022-08-11 15:41:01 +00:00
Thomas Dupuy
912050b9b7
Update commit based on feeback.
2022-08-11 15:20:32 +00:00
Thomas Dupuy
6e0df72ef4
Add Threat Actors from BH Asia22 prez.
2022-08-10 18:53:38 +00:00
Christophe Vandeplas
1369756810
chg: [atrm] Add Azure Threat Research Matrix Galaxy and generation script
2022-08-06 21:19:31 +02:00
Daniel Plohmann
bdaadea58e
removing a leading double quote in a URL.
2022-08-02 18:17:58 +02:00
Daniel Plohmann
bc20a463c8
merging TG2003 / Elephant Beetle into FIN13
...
as indicated in the respective resources published by the organizations using these aliases.
2022-08-02 14:11:43 +02:00
6427746ad8
Merge pull request #727 from Mathieu4141/threat-actors/merge-cutting-kitten-cleaver
...
Fix Cleaver aliases
2022-07-27 23:17:42 +02:00
63f5122ad4
Merge pull request #742 from r0ny123/patch-1
...
Update threat-actor.json
2022-07-27 18:56:47 +02:00
Mathieu Beligon
51aacd6b03
Reduce diff with old version
2022-07-26 23:53:22 -07:00
Mathieu Beligon
acc6ada575
r0ny123.review: Use Cutting Kitten as main value for ITSecTeam
2022-07-26 23:27:39 -07:00
Mathieu Beligon
d815bfa174
Merge remote-tracking branch 'upstream/main' into threat-actors/merge-cutting-kitten-cleaver
2022-07-26 23:22:03 -07:00
Daniel Plohmann
26f6a33695
more aliases from Unit 42
2022-07-26 11:09:33 +02:00
Rony
5a7f3a7207
fix
2022-07-25 17:17:52 +05:30
Rony
8ce0df6eb4
Update threat-actor.json
...
Merge aquatic panda & earth lusca
2022-07-25 17:15:23 +05:30
6b6398bf2d
fix: [threat-actor] incorrect merge fixed
2022-07-20 18:45:50 +02:00
b4ce9a9453
Merge branch 'main' of https://github.com/r0ny123/misp-galaxy into r0ny123-main
2022-07-20 18:41:27 +02:00
Rony
add6b27466
update
2022-07-20 21:39:33 +05:30
Rony
2b54df56f9
update
2022-07-20 21:32:11 +05:30
Rony
2e045d9c8c
chg: [fix] resolve conflict
2022-07-20 21:28:15 +05:30
Daniel Plohmann
5825783a85
removed duplicate UUID for Kinsing
...
my apologies, looks like I had not rolled a new UUID for one of the entries added...
2022-07-20 17:07:05 +02:00
Rony
932fcf1871
added Red Nue
2022-07-20 15:07:35 +05:30
Rony
082039b3b0
added CN actors from secureworks threat profile
...
https://www.secureworks.com/research/threat-profiles?filter=item-china and fixed some AKAs
2022-07-20 14:52:58 +05:30
Daniel Plohmann
ed32c508b7
added more Unit 42 aliases / groups
2022-07-20 08:38:03 +02:00
Rony
000bfe92d9
add APT9/Red Pegasus & BRONZE EDGEWOOD/Red Hariasa
2022-07-20 10:04:58 +05:30
Rony
2e8a577b0c
add PwC naming to CN actors
2022-07-20 09:45:21 +05:30
Rony
3fabd58416
chg: [threat-actor] fixed
2022-07-19 23:36:30 +05:30
Rony
79c84d3768
add Earth Berberoka, Earth Lusca and Earth Wendigo
2022-07-19 22:42:50 +05:30
Daniel Plohmann
082d506b64
adding new Unit 42 names
...
First PR: those are the directly mappable names. I will follow up after deconfliction and then with a few new entries.
2022-07-19 08:45:09 +02:00
Daniel Plohmann
240a757826
Update threat-actor.json
...
adding Predatory Sparrow due to recent events.
2022-07-13 10:02:07 +02:00
cf603e8160
Merge pull request #736 from Delta-Sierra/main
...
add Qbot
2022-07-12 18:41:33 +02:00
Thomas Dupuy
90da0d798f
Set country to LB instead of IR based on operational activity.
2022-07-12 16:21:41 +00:00
Delta-Sierra
b1c853bf42
update version
2022-07-12 15:51:55 +02:00
Thomas Dupuy
1a8835bcae
Remove list from POLONIUM TA.
2022-07-12 13:11:11 +00:00
Thomas Dupuy
a86d866534
Add POLONIUM TA.
2022-07-12 12:14:27 +00:00
Delta-Sierra
d40017ae50
add Qbot
2022-07-12 14:03:43 +02:00
Delta-Sierra
6c6355f2ba
fix typo
2022-07-12 11:31:08 +02:00
Delta-Sierra
300d608770
jq
2022-07-12 10:54:37 +02:00
Delta-Sierra
71c93f5b24
fix caps typo
2022-07-12 10:53:14 +02:00
Delta-Sierra
4ea34fc5a4
Merge https://github.com/Delta-Sierra/misp-galaxy into main
2022-07-12 10:51:59 +02:00
Delta-Sierra
924eda26ca
Add EnemyBot +relationships
2022-07-12 10:49:11 +02:00
Deborah Servili
ca7d524d9c
Merge branch 'main' into main
2022-07-08 16:27:28 +02:00
Delta-Sierra
29aa7b3f69
add Maui ransomware
2022-07-08 14:49:12 +02:00
Delta-Sierra
56a53433f0
add HelloXD ransomware
2022-07-08 12:05:31 +02:00
Delta-Sierra
279b89f6d9
fix duplicate extension-2
2022-07-06 09:38:02 +02:00
Delta-Sierra
67d5f5c7c0
fix duplicate extension
2022-07-06 09:34:11 +02:00
Delta-Sierra
7e37fa0cdd
merge + update medusalocker
2022-07-06 09:28:46 +02:00
Delta-Sierra
c2e7ef4fab
Update Medusa Locker and others
2022-07-06 08:43:59 +02:00
marjatech
587dc8560b
add script to automate malpedia update
2022-07-04 14:24:34 +02:00
Mathieu Beligon
693eed8d78
[threat actor] Break Cleaver aliases into respective entries
2022-07-04 14:05:29 +02:00
marjatech
1212a75cc4
update malpedia
2022-07-04 11:02:02 +02:00
Mathieu Beligon
d63c990dad
[threat-actors] Separate ITSecTeam from Cleaver
2022-06-30 14:34:05 +02:00
Mathieu Beligon
b8d4ffdbde
Merge Cutting Kitten and Cleaver
2022-06-29 20:15:12 +02:00
Koen Van Impe
0c9aa68db6
Update surveillance-vendor.json
2022-06-22 13:30:55 +02:00
Koen Van Impe
22c2f7b999
Add RCS Lab S.p.A. to surveillance-vendor
2022-06-22 11:20:52 +02:00
Mathieu Beligon
d79c5bd1ab
Add ToddyCat Threat actor
2022-06-21 15:12:42 +02:00
Rony
c030fcdab6
chg: [threat-actor] added PwC naming for Indian actors
...
https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf
2022-06-11 15:46:54 +05:30
Thanat0s
44a99d066a
Y en a un peut plus je vous le mets quand meme ?
2022-06-11 04:24:04 -04:00
Thanat0s
57befd7259
jq all the things
2022-06-10 19:12:12 -04:00
Thanat0s
51f98f4706
Attck link + typo on TA551
2022-06-10 18:40:16 -04:00
Thanat0s
f97fee7135
Typo on TA551
2022-06-10 18:38:25 -04:00
Thanat0s
297acc0f5e
Add Mitre vs Thales RosettaStone
2022-06-10 18:24:15 -04:00
Rony
e916267c7c
chg: [threat-actor] add reference to bitter & sidewinder group
2022-06-08 23:22:17 +05:30
Christophe Vandeplas
39073004c4
[mitre] bump to MITRE ATT&CK v11.2
2022-05-25 21:03:14 +02:00
Christophe Vandeplas
4a469299fd
[mitre] update sorting algo
...
will make future ATT&CK updates less noisy in the git diff
2022-05-25 21:00:57 +02:00
Mathieu Beligon
dca70783bf
[threat-actors] validate file
2022-05-23 11:32:24 +02:00
Mathieu Beligon
c1cfc19871
[threat actors] Remove dead link for sandworm threat actor
2022-05-23 11:30:04 +02:00
Mathieu Beligon
36a1466661
[threat-actors] Add RansomHouse
2022-05-23 11:29:39 +02:00
a838eaf9db
Merge pull request #717 from jloehel/krane
...
chg: [cryptominers] Adds Krane
2022-05-18 08:17:16 +02:00
Jürgen Löhel
1be9a10ef9
chg: [cryptominers] Adds Krane
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-05-17 14:47:29 -05:00
Jürgen Löhel
9db5d18114
chg: [android] Adds Vulture
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-05-17 14:16:21 -05:00
Rony
2721522e82
chg: [threat-actor] add exotic lily, ta578, ta579
2022-05-14 20:52:15 +05:30
Jürgen Löhel
45da13ce5e
chg: [backdoors] Adds BPFDoor
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-05-11 19:06:19 -05:00
fcdc6c86e6
chg: [threat-actor] add TG2003 synomym to Elephant Beetle
2022-05-09 14:24:28 +02:00
9130365e2e
chg: [threat-actor] Elephant Beetle added
...
Fix #708
2022-05-09 14:23:12 +02:00
bb434b11cf
chg: [threat-actor] ModifiedElephant added
...
Fix #709
2022-05-09 14:16:01 +02:00
06550a7945
chg: [threat-actor] fix refs field -> it's always an array
2022-05-09 13:46:16 +02:00
b67e3ed3f8
Merge branch 'threatactor-cosmiclynx-add' of https://github.com/adammchugh/MISP-Galaxy-Updates into adammchugh-threatactor-cosmiclynx-add
2022-05-09 13:43:44 +02:00
Rony
c0be6677c2
chg: [threat-actor] added actor Red Menshen
...
https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf
2022-05-07 15:44:10 +05:30
Rony
11eca69ebc
chg: [threat-actor] added Curious Gorge
2022-05-07 12:40:35 +05:30
Daniel Plohmann
26c1850377
Update threat-actor.json
...
adding Red Dev 4 as alias for GALLIUM as used by PwC.
2022-05-06 09:47:48 +02:00
Daniel Plohmann
06c293072c
Update threat-actor.json
...
adding UNC3524 to the actor galaxy cluster.
2022-05-04 13:21:56 +02:00
3c7
0ad65fbe9f
Forgot to jq all the things
2022-04-28 09:42:25 +02:00
3c7
dfb6c0668e
Added SaintBear
2022-04-28 09:36:25 +02:00
Christophe Vandeplas
33476bec81
chg: [mitre] bump to MITRE ATT&CK v11.0
2022-04-25 18:29:57 +02:00
664f6d80cc
chg: [threat-actor] Killnet description added
2022-04-21 15:05:50 +02:00
1e383e2452
chg: [threat-actor] version updated
2022-04-21 14:53:14 +02:00
Mathieu Beligon
c8455a6c4d
[actors] Add killnet
2022-04-21 14:06:28 +02:00
Adam McHugh
53a0fc56d3
Added Cosmic Lynx Threat Actor from Agari Whitepaper advisory
2022-04-18 10:16:26 +09:30
bca7381f33
fix: [ransomware] refs are within meta
2022-04-17 15:43:23 +02:00
eb7c5ebaf1
fix: [ransom] remove empty ref
2022-04-17 15:39:02 +02:00
bc696b43f4
chg: [ransomware] jq all the things
2022-04-17 15:35:50 +02:00
00d33fd292
Merge pull request #701 from adammchugh/ransomware-conti-update
...
Ammended Conti ransomware entry with ACSC 2021-010 advisory data
2022-04-17 15:35:25 +02:00
66744a4cd0
Merge pull request #704 from adammchugh/cryptominers-bluemockingbird-add
...
Added Cryptominer Blue Mockingbird from RedCanary advisory.
2022-04-17 14:43:59 +02:00
14907e3eef
Merge pull request #703 from adammchugh/threatactor-copypaste-add
...
Added Copy-Paste Threat Actor from ACSC Advisory 2020-008
2022-04-17 14:43:37 +02:00
Adam McHugh
84eac4b102
Added Cosmic Lynx Threat Actor from Agari Whitepaper advisory
2022-04-17 19:50:08 +09:30
Adam McHugh
f00e80ae7e
Added Cryptominer Blue Mockingbird from RedCanary advisory.
2022-04-17 19:44:42 +09:30
Adam McHugh
cff8a38c5f
Added Copy-Paste Threat Actor from ACSC Advisory 2020-008
2022-04-17 19:37:26 +09:30
Adam McHugh
622c0502aa
Ammended Conti ransomware entry with ACSC 2021-010 advisory data
2022-04-17 19:23:11 +09:30
Adam McHugh
99caab201f
Ammended Blackcat ransomware entry with ACSC 2022-004 advisory data
2022-04-17 18:05:24 +09:30
Thomas Dupuy
bd05eb0bba
upd: [cluster] add Threat Actor BladeHawk.
2022-04-11 17:03:19 +00:00
Thomas Dupuy
209391f110
upd: [cluster] add ref and synonyms for Energetic Bear.
2022-04-07 18:26:58 +00:00
b649057a5a
chg: [handicap] fixed more fields
2022-04-04 11:09:30 +02:00
aff4345074
chg: [handicap] more cleanup
2022-04-04 11:01:38 +02:00
269f91ad75
chg: [handicap] more clean-up of uuid values
2022-04-04 10:56:29 +02:00
d3d4e7186b
chg: [handicap] fix name of the clusters
2022-04-04 10:43:56 +02:00
7e6390c336
Merge pull request #694 from AgatheMgt/main
...
Handicap
2022-04-04 10:41:06 +02:00
Rony
a08ddaf548
Add Avivore & HAZY TIGER/Bitter
2022-04-02 01:14:18 +05:30
Rony
50f39edc10
Revert "update threat actors meta"
2022-04-02 00:55:38 +05:30
Delta-Sierra
73f71c8b15
dup
2022-04-01 16:51:27 +02:00
Delta-Sierra
fb557fd3a2
dup
2022-04-01 16:47:50 +02:00
Delta-Sierra
909fc09992
duplicate
2022-04-01 16:44:47 +02:00
Delta-Sierra
7c3e8ac068
fix duplicate
2022-04-01 16:40:40 +02:00
Delta-Sierra
dcc396108c
fix duplicate
2022-04-01 16:36:47 +02:00
Delta-Sierra
9257fb677b
merge
2022-04-01 16:32:10 +02:00
Delta-Sierra
0f7803b091
update threat actors meta
2022-04-01 16:00:27 +02:00
Sami Mokaddem
4242732af1
chg: jq all 2
2022-03-31 09:05:22 +02:00
Sami Mokaddem
a9a09d11c6
chg: jq all
2022-03-31 08:59:36 +02:00
Mathieu Beligon
c35fad3291
Add threat actor group Scarab
2022-03-28 12:11:34 +02:00
94c3788089
Merge pull request #687 from Badis-dev/main
...
Add galaxy and cluster cancer
2022-03-25 10:04:46 +01:00
AgatheMgt
aec779d1ee
poatate
2022-03-24 09:43:58 -04:00
AgatheMgt
3ce6d7a313
Update handicap.json
2022-03-24 07:48:49 -04:00
AgatheMgt
a6a16926f6
Create handicap.json
2022-03-24 07:08:08 -04:00
Daniel Plohmann
24a3f16ab4
adding threat actor group LAPSUS$ / DEV-0537.
2022-03-23 09:47:10 +01:00
Delta-Sierra
97690426bf
update threat actors meta
2022-03-18 16:41:10 +01:00
6f0208dcaf
chg: [ransomware] UUID fixed
2022-03-18 16:03:27 +01:00
ef5af37dbe
chg: [botnet] duplicate UUIDs replaced
2022-03-18 15:58:09 +01:00
c0a07d2246
chg: [ransomware] replace duplicate UUIDs
2022-03-18 15:57:06 +01:00
botlabsDev
6416d0b2de
add Rook Ransomware, Pandora Ranomsware, Astro Locker, Mount Locker, Ripprbot, Abcbot Cyclops Blink and Elknot
2022-03-18 15:34:11 +01:00
18069ce5f3
Merge pull request #688 from botlabsDev/patch-0
...
Add tool 'BadPotato' to clusters/tool.json
2022-03-15 12:30:47 +01:00
7fd5715715
Merge pull request #691 from r0ny123/indian-adversaries
...
Update to Indian Adversaries
2022-03-15 12:28:16 +01:00
Rony
eebda5f955
chg: [threat-actor] merging viceroy tiger and donot team & adding SectorE02 as an alias of Donot team
2022-03-15 15:02:57 +05:30
Rony
ac72e7b639
fix
2022-03-15 14:00:46 +05:30
Rony
3b67e745e5
Update threat-actor.json
2022-03-15 13:57:00 +05:30
botlabsDev
99ab2a13d6
Add tool 'BadPotato' to clusters/tool.json
2022-03-14 18:02:02 +01:00
Badis-dev
231915f9a4
add galaxy and cluster cancer
2022-03-11 14:20:09 +01:00
Badis-dev
27241135a2
Add cancer.json
2022-03-11 11:26:57 +01:00
Badis-dev
78f1c9f345
Delete cancer.json
2022-03-11 11:26:30 +01:00
Badis-dev
1c707f7c5e
Add cancer cluster
2022-03-11 11:13:57 +01:00
Delta-Sierra
957327383d
fix array
2022-03-07 16:10:53 +01:00
Delta-Sierra
a7f3df8a9a
merge
2022-03-07 16:04:38 +01:00
Delta-Sierra
8fd3c87b47
update threat actors meta
2022-03-07 15:54:29 +01:00
8e09c9b30c
Merge pull request #685 from danielplohmann/patch-14
...
adding threat actor "Moses Staff"
2022-03-02 21:43:00 +01:00
Daniel Plohmann
896a451461
fixed with linted JSON.
2022-03-02 21:22:28 +01:00
Daniel Plohmann
a817324cd4
adding threat actor "Moses Staff"
2022-03-02 15:50:39 +01:00
Mathieu Beligon
0b456b8afa
version bump -> 213
2022-03-02 14:55:26 +01:00
Mathieu Beligon
d3d241ca54
Update Gamaredon target
2022-03-02 14:55:19 +01:00
Mathieu Beligon
27c05a118e
Update GhostWriter
2022-03-02 13:16:20 +01:00
Delta-Sierra
c909a35d65
Merge https://github.com/MISP/misp-galaxy into main
2022-02-18 10:57:10 +01:00
Delta-Sierra
a788c867a7
jq
2022-02-18 10:56:07 +01:00
Delta-Sierra
b0cd884afc
add TA2541
2022-02-18 10:54:25 +01:00
Daniel Plohmann
321e4b4a57
another Gamaredon ref and version bump
2022-02-18 08:26:01 +01:00
Daniel Plohmann
254dd47a61
adding ACTINIUM as MSFT name for Gamaredon
2022-02-18 08:24:35 +01:00
Delta-Sierra
33ef3317b7
fix duplicate
2022-02-14 10:02:36 +01:00
Delta-Sierra
9b76d71c43
Merge https://github.com/MISP/misp-galaxy into main
2022-02-14 08:47:21 +01:00
Delta-Sierra
3184819968
add DDG botnet and more
2022-02-11 16:13:36 +01:00
rwe
4700780d47
added antlion APT group
2022-02-05 04:52:33 -08:00
f49b54281b
chg: [ransomware] set encryption only
2022-02-02 22:36:14 +01:00
3328b73185
fix: [ransomware] array end missing
2022-02-02 22:32:39 +01:00
Kevin Holvoet
3d23f98d04
Forgot comma between JSON entries
2022-02-02 18:58:55 +01:00
Kevin Holvoet
389add7580
Update ransomware.json with URL fix
...
Fixed URL for AlphaLocker
2022-02-02 18:54:31 +01:00
Kevin Holvoet
fa9829cec0
Update ransomware.json: add BlackCat (ALPHV)
2022-02-02 18:50:19 +01:00
Daniel Plohmann
833a6e0a8d
updated URLs for Gamaredon with Shuckworm alias reference
2022-02-02 09:40:10 +01:00
Daniel Plohmann
8f928d8eb3
adding Gamaredon alias Shuckworm used by Symantec
2022-02-02 09:35:53 +01:00
Delta-Sierra
5cf1eb01f4
Merge https://github.com/MISP/misp-galaxy into main
2022-01-31 10:04:07 +01:00
1fda357a03
new: [surveillance] Cytrox added
2022-01-30 11:31:55 +01:00
Jürgen Löhel
22046a1eae
Adds WhisperGate
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-01-18 13:16:06 -06:00
Delta-Sierra
e523bdaf70
merge
2022-01-14 16:08:14 +01:00
Jürgen Löhel
3059c70ae6
Adds UPAS-Kit
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-01-13 11:53:32 -06:00
Thomas Dupuy
c792bdd1b7
Add AQUATIC PANDA threat actor.
2022-01-12 13:51:11 -05:00
Thomas Dupuy
afaf3a3110
Add Motnug tool.
2022-01-12 13:37:59 -05:00
Jürgen Löhel
5aa8a8a8b1
Adds Ragnatela RAT
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-01-10 15:57:10 -06:00
Sami Tainio
dcb87b0dc6
chg: [threat-actor] Add SideCopy
2022-01-07 17:45:41 +02:00
Daniel Plohmann
3094283252
adding Mandiant's FIN13.
2022-01-03 09:32:43 +01:00
eba1b2839f
chg: [concordia] CMTMF killchain typo fixed
2021-12-20 10:41:00 +01:00
Raphaël Vinot
b4d518d4f0
fix: cmtmf-attack-pattern had multiple duplicate UUIDs
2021-12-17 17:58:29 +01:00
12617ff627
chg: [concordia] fix name inconsistencies
2021-12-17 17:41:00 +01:00
69b582f9ba
chg: [concordia] duplicate removed
2021-12-17 17:31:38 +01:00
bc3ab62917
chg: [concordia] duplicate removed
2021-12-17 17:26:04 +01:00
ee2a3c83f4
chg: [concordia] duplicate techniques removed
2021-12-17 17:21:00 +01:00
01d23b61b7
chg: [concordia] typo fixed
2021-12-17 17:15:43 +01:00
01f2ce68d4
chg: [misp-galaxy] duplicate modify trusted environment and also different technique ID?
2021-12-17 17:13:57 +01:00
5becac98e4
chg: [concordia] duplicates removed
2021-12-17 16:51:11 +01:00
ae7b7bd47d
chg: [cmtmf-attack-pattern] various fixes to make JSON ok
2021-12-17 16:08:07 +01:00
7b587710b1
Merge branch 'concordia_mtmf' of https://github.com/BennSaturn/misp-galaxy into BennSaturn-concordia_mtmf
2021-12-17 15:55:03 +01:00
Jürgen Löhel
b81ac7f01d
Adds DarkWatchman RAT
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-12-17 07:20:58 -06:00
Delta-Sierra
b8960393a4
add Milan Rat, Shark tool and Lyceum synonyms
2021-11-29 16:00:40 +01:00
Delta-Sierra
bb92427b65
add Lyceum synonyms/sources
2021-11-29 12:05:51 +01:00
Delta-Sierra
78a8cf4ad2
add ESPecter Bootkit
2021-11-19 16:30:57 +01:00
Delta-Sierra
c89623e945
add ESPecter bootkit
2021-11-16 08:17:37 +01:00
Christophe Vandeplas
aeb5719448
chg: [att&ck] update to ATT&CK v10
2021-10-22 14:34:25 +02:00
ab41df7282
chg: [malpedia] remove duplicate
2021-10-20 12:24:12 +02:00
e517787e7c
chg: [malpedia] duplicates removed
2021-10-20 12:21:05 +02:00
69f878c86f
fix: [malpedia] remove duplicate urls
2021-10-20 12:16:22 +02:00
da91f2abc2
chg: [malpedia] updated
2021-10-20 10:21:03 +02:00
marjatech
d74fdb3e43
update malpedia
2021-10-19 16:21:19 +02:00
Bernardo Santos
e74fcfe268
Update cmtmf-attack-pattern.json
...
- update version
2021-10-13 10:06:00 +02:00
Bernardo Santos
5f19983ba3
Update cmtmf-attack-pattern.json
...
- Changes to cluster type
- Fix typo for privilege escalation tactic
2021-10-13 09:57:03 +02:00
Bernardo Santos
49dfcca563
CONCORDIA MTMF - Initial version
...
Initial version of the CONCORDIA Mobile Threat Modelling Framework for the CONCORDIA Project: https://www.concordia-h2020.eu/
2021-10-12 10:54:06 +02:00
Bernardo Santos
d09681b011
CONCORDIA MTMF - Initial version
...
Initial version of the CONCORDIA Mobile Threat Modelling Framework for the CONCORDIA Project: https://www.concordia-h2020.eu/
2021-10-12 10:45:03 +02:00
Jeroen Pinoy
9ec76ae185
Add threat actor common raven
2021-10-03 23:30:20 +02:00
Thomas Patzke
26f0c344a1
Added O365 techniques
...
Source:
https://www.inversecos.com/2021/09/office365-attacks-bypassing-mfa.html
2021-09-18 23:27:38 +02:00
Thomas Dupuy
1985de4d44
Add BLUELIGHT tool.
2021-08-27 10:28:06 +02:00
Thomas Dupuy
89a3f986ba
Add InkySquid synonym.
2021-08-24 16:29:34 +02:00
Daniel Plohmann
3272960a14
fixed typo in actor name (CLOCKWORD -> CLOCKWORK SPIDER)
2021-08-19 06:02:40 +02:00
Rony
5dd0c7d8b3
chg: [threat-actor] add origin country to UNC2452 & HAFNIUM
...
addressed https://github.com/MISP/misp-galaxy/pull/660#issuecomment-884475015
2021-08-02 22:30:05 +05:30
Rony
636ccdedcd
Update threat-actor.json
2021-07-21 18:47:56 +05:30
Rony
9ecfecc063
another fix
2021-07-21 18:41:18 +05:30
Rony
32ea60d721
fix
2021-07-21 18:31:05 +05:30
Rony
52e7d5a0a9
multiple updates to apt40, apt31 & hafnium
2021-07-21 18:28:40 +05:30
Rony
fb9a41f8e9
from Gov Canada & MFA Japan
2021-07-19 20:33:35 +05:30
Rony
c90c60cb13
adding references for APT40 & APT31
2021-07-19 20:14:36 +05:30
6c8949caa9
Merge pull request #658 from jasperla/oilrig
...
merge APT34 with OilRig
2021-07-03 08:56:39 +02:00
Deborah Servili
b6005bd53f
Merge branch 'main' into master
2021-07-02 13:30:51 +02:00
Delta-Sierra
913aff30c3
Add NOBELIUM and related
2021-07-02 13:18:03 +02:00
Jasper Lievisse Adriaanse
792490298e
merge APT34 with OilRig
...
OilRig already has "APT 34" and "APT34" as synonyms. Additionally
MITRE has since combined them due to overlap in activity:
https://attack.mitre.org/groups/G0049/
2021-06-29 20:26:04 +02:00
a5d7d85dc8
Merge pull request #657 from jloehel/add_matanbuchus
...
[cluster][tool] Adds Matanbuchus
2021-06-22 07:23:20 +02:00
Jürgen Löhel
254c201601
[cluster][tool] Adds Matanbuchus
...
+ threat actor: BelialDemon
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-06-21 18:04:28 -05:00
Jürgen Löhel
381973f5de
[cluster][stealer] Adds HackBoss
...
Fixes : #651
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-06-21 16:35:20 -05:00
Thomas Dupuy
772c5145c1
Added BackdoorDiplomacy and Gelsemium.
2021-06-11 11:48:57 -04:00
Rony
9a723b6261
more ta544 references
2021-05-26 20:26:27 +05:30
Rony
db06e1fa4a
chg: [threat-actor] added cybercrime threat group profiles from Crowdstrike & Secureworks
2021-05-22 21:02:30 +05:30
Daniel Plohmann
433ea5cb45
Twisted Spider -> TWISTED SPIDER
...
fair point
2021-05-19 17:04:58 +02:00
Daniel Plohmann
9719122d27
adding Twisted Spider as alias for TA2101 (Maze)
2021-05-19 16:47:41 +02:00
a3cdbc1309
Merge pull request #650 from Still34/patches/alias-tick-1
...
Add alias for Tick
2021-05-07 23:23:38 +02:00
Still Hsu
eb671f1e6a
Add Nian alias
...
Signed-off-by: Still Hsu <dev@stillu.cc>
2021-05-08 00:52:27 +08:00
Still Hsu
fe7c0dab07
Add country origin for BlackTech
...
Signed-off-by: Still Hsu <dev@stillu.cc>
2021-05-08 00:32:39 +08:00
Daniel Plohmann
38b8bac51d
fixing broken/dead links
2021-05-04 20:15:17 +02:00
6f7d3d5c2b
chg: [ransomware] COLT (Compromise to Leak Time) added on Darkside and Pysa
...
"COLT – Compromise to Leak Time" - new meta colt-median/colt-average.
For reference: https://vulnerability.ch/2021/05/colt-compromise-to-leak-time/
2021-05-03 07:41:43 +02:00
7aaf25a424
new: [ransomware] Ragnarok added
2021-04-30 12:08:03 +02:00
94ec98d544
Merge pull request #646 from r0ny123/update
...
Updates to APT27 & Tick
2021-04-29 18:29:53 +02:00
Christophe Vandeplas
86ee7008b2
chg: [att&ck] bump to latest ATT&CK version from MITRE
2021-04-29 18:12:36 +02:00
211a4b5145
fix: [ransomware] Related key should be outside metas
2021-04-26 13:48:06 +02:00
Rony
4ba2db0f3a
FlatChestWare duplicate removed
2021-04-26 16:24:09 +05:30
ef9989dbe8
chg: [ransomware] duplicate removed
2021-04-26 12:06:03 +02:00
847d3e8fa7
chg: [ransomware] duplicate removed
2021-04-26 12:01:01 +02:00
f3992ec5f1
chg: [ransomware] duplicates removed
2021-04-26 11:57:21 +02:00
f2703bd03e
chg: [ransomware] Flyper removed
2021-04-26 11:52:28 +02:00
Delta-Sierra
3cae487e3d
fix duplicates and add relations
2021-04-26 11:25:39 +02:00
Rony
faed812fc9
Merged STALKER PANDA to Tick
2021-04-25 19:12:20 +05:30
Rony
89b9c0c32c
several updates to apt27
2021-04-25 16:53:36 +05:30
Delta-Sierra
0a05621f82
Merge https://github.com/MISP/misp-galaxy
2021-04-19 15:48:58 +02:00
Delta-Sierra
b138354fa5
Removing duplicate
2021-04-19 15:42:49 +02:00
28f6475cc5
chg: [ransomware] first duplicate removed
2021-04-19 15:13:18 +02:00
e7061f90d9
chg: [ransomware] remove duplicate "File-Locker"
2021-04-19 15:08:06 +02:00
ab13dd00f8
Merge pull request #645 from Delta-Sierra/master
...
Adding ransomware names [WIP 2/3]
2021-04-19 15:03:12 +02:00
Delta-Sierra
f5713a8d87
Removing unexpected line
2021-04-19 14:53:36 +02:00
Delta-Sierra
b7b4b356c3
Adding ransomware names [WIP 3]
2021-04-19 14:47:10 +02:00
Delta-Sierra
fdf1a6c112
Adding ransomware names [WIP 2]
2021-04-19 13:24:25 +02:00
Daniel Plohmann
6eb594a6b0
adding Yanbian Gang as threat actor
2021-04-16 15:12:45 +02:00
Delta-Sierra
f3456a89c5
fix version
2021-04-15 15:08:11 +02:00
Delta-Sierra
4bcd0492bd
Adding ransomwares WIP
2021-04-15 15:07:52 +02:00
Daniel Plohmann
2d8e9ea364
Symantec uses Palmerworm as alias for BlackTech
...
Adding Palmerworm as Symantec alias for BlackTech (with reference).
2021-03-31 22:35:12 +02:00
Thomas Dupuy
a8c62ddeda
Add Ghostwriter.
2021-03-31 09:42:40 -04:00
Rony
50f5d2ae4a
reverted changes made into 52ae97718d
2021-03-30 22:19:05 +05:30
sebdraven
ce8a9442eb
validation jsons
2021-03-30 13:12:21 +00:00
Sebdraven
52ae97718d
Update threat-actor.json
...
add a synonym to Haffnium
2021-03-30 15:11:09 +02:00
sebdraven
b082977b9f
validation ok
2021-03-30 10:22:35 +00:00
Sebdraven
4ed4cebcee
Update threat-actor.json
...
format json
2021-03-30 12:16:22 +02:00
Sebdraven
a62e3ba530
Update threat-actor.json
...
add redecho threat actor
2021-03-30 12:10:50 +02:00
Jakub Onderka
ca9608da6d
fix: Cryptominers type
2021-03-27 22:07:33 +01:00