15a03e877e
chg: [sigma] updated
2023-03-29 10:33:57 +02:00
Sebdraven
8713618777
Update threat-actor.json
...
add new ref for sidecopy
2023-03-23 09:13:23 +01:00
Sebdraven
f5d68aa08d
Update threat-actor.json
...
delete ref to APT30 for Naikon
2023-03-23 08:49:17 +01:00
Sebdraven
d5843d46e2
Update threat-actor.json
...
add ref to Aoqin Dragon
2023-03-21 18:40:10 +01:00
122a0bd39b
fix: [ransomware] fix duplicate Value "Cuba"
2023-03-19 11:03:12 +01:00
f2305dc165
Merge pull request #829 from Delta-Sierra/main
...
update based on ransomlook+1
2023-03-16 19:18:54 +01:00
Delta-Sierra
12f69a6082
update based on ransomlook
2023-03-16 15:24:44 +01:00
Mathieu Beligon
d82ff1ecfb
[threat-actors] Add Anonymous Sudan
2023-03-15 17:38:03 -05:00
Daniel Plohmann
c39b46e9d5
Update threat-actor.json
...
when value "Sofacy" was changed to "APT28", it seems Sofacy was not added to aliases, so it's missing right now.
2023-03-15 14:55:25 +01:00
Delta-Sierra
74390b27c5
Merge https://github.com/MISP/misp-galaxy
2023-03-13 09:59:04 +01:00
Delta-Sierra
c4eca7dfe1
more from ransomlook
2023-03-13 09:59:00 +01:00
Jürgen Löhel
9f9a263394
chg [tool]: Add tools used by TA866 during the Screentime campaign
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-03-08 21:46:11 -06:00
Jürgen Löhel
031a4c8030
chg [stealer]: Add Rhadamanthys
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-03-08 21:45:39 -06:00
Jürgen Löhel
437d4a30e5
chg [tds]: Add 404 TDS
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-03-08 21:45:13 -06:00
Jürgen Löhel
2d30785af5
chg [threat-actors] Add TA866
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-03-08 21:44:16 -06:00
57f3e46273
chg: [sigma] updated
2023-03-07 12:14:48 +01:00
e7b97edaa4
chg: [ransomware] fixing duplicate cluster element Avaddon
2023-03-07 12:06:56 +01:00
6db5b0b0cb
Merge pull request #824 from Delta-Sierra/main
...
update based on ransomlook
2023-03-06 16:23:48 +01:00
Delta-Sierra
bed6bf8dd6
fix stupid duplicate-bis
2023-03-06 16:10:23 +01:00
Delta-Sierra
d561350f7b
fix stupid duplicate
2023-03-06 16:04:28 +01:00
Delta-Sierra
96cb1e22ba
update based on ransomlook
2023-03-06 15:55:46 +01:00
Mathieu Beligon
395ffda94f
[threat-actors] bump version
2023-03-02 10:29:52 -08:00
Mathieu Beligon
e1407c3c3f
[threat-actors] Add SLIPPY SPIDER alias to LAPSUS
2023-03-02 10:29:29 -08:00
Mathieu Beligon
4bbee8c1e7
[threat-actors] Add PROPHET SPIDER
2023-03-02 10:19:24 -08:00
Mathieu Beligon
61cb24a3fc
[threat-actors] Add Nemesis Kitten
2023-03-01 16:37:42 -08:00
Mathieu Beligon
84faa3c92b
[threat-actors] Add Karakurt
2023-03-01 16:34:03 -08:00
Mathieu Beligon
7d371b4c80
[threat-actors] Add CYBORG SPIDER alias to GOCLD BURLAP
2023-03-01 15:45:41 -08:00
Mathieu Beligon
fa57354471
[threat-actors] Add Chamelgang
2023-03-01 15:40:23 -08:00
Mathieu Beligon
bff978e4d1
[threat-actors] Add TA453
2023-03-01 15:24:55 -08:00
Mathieu Beligon
3406ad3aa9
[threat-actors] Add APT42
2023-03-01 15:18:53 -08:00
Mathieu Beligon
2567d6f1f8
[threat-actors] Add TA406
2023-03-01 15:01:22 -08:00
Rony
50624af741
add DEV-0147 https://twitter.com/MsftSecIntel/status/1625181255754039318
2023-02-25 20:18:09 +00:00
Rony
cf727f034c
add other actor synonyms from Google's report https://services.google.com/fh/files/blogs/google_fog_of_war_research_report.pdf
2023-02-26 01:05:50 +05:30
Delta-Sierra
27f4c9fcdc
synonyms must be an array
2023-02-23 14:26:20 +01:00
Delta-Sierra
0ca7675a5f
Merge https://github.com/MISP/misp-galaxy
2023-02-23 14:16:00 +01:00
Delta-Sierra
55725c771e
add/update ransomware based on ransomlook
2023-02-23 14:15:09 +01:00
Tom King
e52eefa0e7
chg: [mitre] updated with correct ID parsing
2023-02-21 10:36:37 +00:00
Christophe Vandeplas
9f73ff73ac
fix: [first-dns] corrected typo
2023-02-21 10:54:30 +08:00
Christophe Vandeplas
e2f2026fea
chg: [first-dns] Adds FIRST DNS Abuse Techniques Matrix
2023-02-21 10:26:46 +08:00
Christophe Vandeplas
a6a9a73ae5
chg: [360net] updated to latest online version
2023-02-20 20:03:36 +08:00
6460fde2e4
chg: [threat-actor] version updated
2023-02-16 14:43:45 +01:00
Daniel Plohmann
91255413d8
adding Google names for RU threat actors
...
https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/
2023-02-16 14:30:05 +01:00
73bd7d0983
Merge pull request #818 from Mathieu4141/threat-actors/proofpoint-aliases
...
[threat actors] Adding some actors from ProofPoint
2023-02-14 06:40:22 +01:00
Mathieu Beligon
9f09699047
[threat-actors] Fix: country was in the wrong place
2023-02-13 16:47:38 -08:00
Mathieu Beligon
ac067a236e
[threat-actors] fix: Add missing uuids
2023-02-13 16:36:41 -08:00
Mathieu Beligon
a792115dd8
fix
2023-02-13 16:26:10 -08:00
Mathieu Beligon
8193b05e14
[threat-actors] bump version
2023-02-13 14:18:58 -08:00
Mathieu Beligon
d34e894d2d
[threat-actors] Add TA2536
2023-02-13 13:45:41 -08:00
Mathieu Beligon
20c31a5d10
[threat-actors] Add TA577
2023-02-13 13:32:24 -08:00
Mathieu Beligon
e836a4a63c
[threat-actors] Add TA575
2023-02-13 12:02:32 -08:00
Mathieu Beligon
c52ac53765
[threat-actors] Add TA570
2023-02-13 11:54:47 -08:00
Mathieu Beligon
5f274f58c9
[threat-actors] Add Moskalvzapoe
2023-02-13 11:44:59 -08:00
Daniel Plohmann
62256854bc
adding Broadcom name for SaintBear.
2023-02-13 14:05:35 +01:00
Mathieu Beligon
33ff650327
[threat-actors] Add more information about NoName057(16)
2023-02-10 14:14:52 -08:00
9645b9348b
chg: [tools] TgToxic added
2023-02-09 16:24:45 +01:00
o1mate
239883e2a9
Merging the handguns and shotguns clusters into a single firearm cluster.
2023-02-06 03:28:49 -05:00
385826063b
chg: [sigma] updated to the latest version
2023-02-05 11:26:16 +01:00
Daniel Plohmann
9710e09e17
new APT29 name used by Recorded Future
...
cf. https://go.recordedfuture.com/hubfs/reports/cta-2023-0127.pdf
2023-02-02 11:46:50 +01:00
3d6ec1b187
chg: [sigma] updated to the latest version
2023-02-02 11:25:19 +01:00
Jürgen Löhel
cf492d9931
chg: [stealer] Adds Album Stealer
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-02-01 17:30:56 -06:00
033895b052
Merge pull request #812 from jloehel/boldmove
...
chg: [backdoor] Adds BOLDMOVE
2023-01-31 06:24:59 +01:00
Jürgen Löhel
c7c2b8441a
chg: [stealer] Removes BluStealer
...
The BluStealer is already in the malpedia cluster.
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-01-30 18:35:28 -06:00
Jürgen Löhel
ca635cc3fc
chg: [stealer] Adds DarkCloud and BluStealer
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-01-30 18:29:25 -06:00
Jürgen Löhel
33513241bd
chg: [backdoor] Adds BOLDMOVE
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-01-30 16:39:11 -06:00
150e3152cc
Merge pull request #809 from MISP/dev
...
Updated the `region` cluster
2023-01-27 15:08:16 +01:00
b7543c5012
Merge pull request #789 from Mathieu4141/threat-actors/fix-sectorj04
...
[threat-actors] Remove SectorJ04 duplicate
2023-01-27 15:05:37 +01:00
Mathieu Beligon
a452263ace
[threat-actors] pr.review: Add SectorJ04 as alias of TA505
2023-01-27 13:32:58 +01:00
o1mate
0b661d4f80
Added two new galaxies : An ammunition galaxy containing a list of known sold ammunitions ordered by brands, and a firearm galaxy containing two clusters (handguns, shotguns) scrapped from a famous vendor and ordered by model name (Format : Model name - SKU).
2023-01-26 08:34:38 -05:00
Delta-Sierra
89bb349184
Merge https://github.com/MISP/misp-galaxy
2023-01-26 11:46:14 +01:00
Delta-Sierra
0bb1f48ad6
fix missing brackets
2023-01-25 14:47:22 +01:00
e87d39e3f4
fix: [region] JQed all the things !!
2023-01-25 09:24:52 +01:00
Delta-Sierra
50ca40e408
add Anubis & Godfather android banking trojans
2023-01-25 09:05:19 +01:00
51610df907
chg: [region] Updated the region
Galaxy Cluster
...
- Added missing entry (Antarctica)
- Ordered the `subregions` meta field
2023-01-24 22:53:54 +01:00
ofenomeno
cb8d700e62
adding uavs
2023-01-24 19:55:46 +01:00
2f0dfc7656
chg: [sigma] updated
2023-01-23 10:10:46 +01:00
4a342354f9
chg: [sigma] updated
2023-01-20 13:58:11 +01:00
5c21588d7c
add: [country] Manually added the missing relations to some country
cluster values
...
- The previous commit (071ecb8
) that added the
mahority of relations between countries and
regions were automatically added based on the
country names specified in the `region` cluster.
The relations added here are the remaining
countries that are not litterally defined the
same way they are in the `region` cluster
2023-01-16 22:22:42 +01:00
325f51479b
chg: [country] Clarified the US cluster value
2023-01-16 22:20:30 +01:00
071ecb8a52
add: [country] Added references between country
cluster values and the related region they're located in, from the region
galaxy cluster
2023-01-16 21:35:22 +01:00
323f9f47a1
chg: [sigma] version must be an integer
2023-01-12 16:45:21 +01:00
fd226d47a2
chg: [sigma] new version of the cluster
2023-01-12 14:10:22 +01:00
c0fdfb0e99
chg: [sigma] updated with latest version + new relationship script
2023-01-12 13:46:31 +01:00
e54366fb87
chg: [threat-actor] added the missing synonyms
2023-01-10 15:55:30 +01:00
187701bacb
chg: [sigma] regenerated from the test script (also updated the script
...
to ensure UUID consistency for the galaxy)
2023-01-06 15:36:33 +01:00
9955401791
chg: [sigma] jq all the things
2023-01-06 15:13:35 +01:00
8539361df5
Merge branch 'main' of https://github.com/jstnk9/misp-galaxy into jstnk9-main
2023-01-06 15:11:27 +01:00
jstnk9
5bcec1d72f
Merge branch 'MISP:main' into main
2023-01-03 11:10:49 +01:00
Jürgen Löhel
d4debd619b
chg: [ransomware] Extends the entry for JCrypt
...
* Add the reference to MafiaWare666 based on the latest research from
the Avast Threat Lab: https://decoded.avast.io/threatresearch/decrypted-mafiaware666-ransomware/
* Add more infos from Andrew Ivanovs the great blog post: https://id-ransomware.blogspot.com/2020/12/jcrypt-ransomware.html
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-12-23 01:44:20 -06:00
Delta-Sierra
3f4edb480b
add Malteiro
2022-12-16 16:43:50 +01:00
jstnk9
cb19f6bda7
galaxy for sigma rules
2022-12-09 08:48:54 +01:00
Delta-Sierra
5931f51d7a
add TAG-53
2022-12-08 11:31:02 +01:00
Delta-Sierra
3ea2d62a83
Version Update
2022-11-28 16:27:54 +01:00
Delta-Sierra
6016b1000c
Merge https://github.com/MISP/misp-galaxy
2022-11-28 16:17:08 +01:00
Delta-Sierra
5d83563e0e
Fix Duplicate
2022-11-28 16:15:40 +01:00
Delta-Sierra
6c36295318
Update several RAT & Ransomwares
2022-11-28 16:13:38 +01:00
de12f46ba6
chg: [mitre] updated
2022-11-28 12:48:29 +01:00
fda4160bed
chg: [target-information] fix the duplicate
2022-11-24 15:08:16 +01:00
f15e4ed3bc
chg: [target-information] duplicate removal
2022-11-24 15:05:47 +01:00
1d9a73abdd
chg: [target] fix duplicate synonyms
2022-11-24 15:03:18 +01:00
e3126ef857
fix: [clusters] Fixed some other few meta
field names
2022-11-24 09:17:28 +01:00
823124d422
fix; [mitre-ics-assets] Fixed some refs
meta field names
2022-11-23 20:44:46 +01:00
493a5bf94e
fix: [target-information] Fixed synonyms
meta field name
2022-11-23 20:40:35 +01:00
5c979ae554
fix: [tool] Houdini relationship to something which exist (ok I know it's Houdini)
2022-11-22 15:19:40 +01:00
0b6034d9be
Merge pull request #800 from Delta-Sierra/main
...
Add ransomwares
2022-11-22 15:11:42 +01:00
8947d0035b
fix: [sigma rules] until new the PR and tool is done for sigma. The
...
galaxy is removed.
2022-11-22 15:08:17 +01:00
Delta-Sierra
5f0d7f6d68
add VJw0rm description
2022-11-22 14:55:10 +01:00
Delta-Sierra
f4abf37b01
fix versions
2022-11-22 12:45:15 +01:00
Delta-Sierra
c02b74f999
merge
2022-11-22 12:43:18 +01:00
Delta-Sierra
ffc68b9b8f
add several ransomwares
2022-11-22 12:40:47 +01:00
Delta-Sierra
e316382b8a
add qakbot ref
2022-11-22 12:06:03 +01:00
Delta-Sierra
8bf6d73d66
add BazarCall campaign
2022-11-22 09:08:28 +01:00
Delta-Sierra
3c7230e38e
add Bazarbackdoor Synonyms
2022-11-22 09:00:04 +01:00
Thomas Dupuy
be7450494e
Add Evasive Panda Threat Actor
2022-11-18 16:38:11 +00:00
4844a7021c
chg: [sigma] duplicate value changed
2022-11-18 14:36:02 +01:00
c41b99d8b9
fix: [sigma] remove duplicate references
2022-11-18 14:21:27 +01:00
59f5fc5f76
Merge branch 'main' of github.com:MISP/misp-galaxy into main
2022-11-18 14:18:29 +01:00
7d4011a0a2
chg: [sigma] jq all the things
2022-11-18 14:17:52 +01:00
Terrtia
e3b6e9d229
fix: [handicap] fix galaxy icon + name + type
2022-11-17 15:16:05 +01:00
9b8619bbbe
Merge branch 'main' of https://github.com/jstnk9/misp-galaxy into jstnk9-main
2022-11-16 11:07:50 +01:00
Jürgen Löhel
f595195cd2
chg: [botnets] Adds KmsdBot
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-11-15 18:10:39 -06:00
Jstnk9
473f1a13aa
galaxy related to sigma rtules
...
galaxy related to sigma rtules
2022-11-15 22:56:18 +01:00
Delta-Sierra
2269f4decd
fix tool type
2022-11-15 13:56:53 +01:00
Delta-Sierra
9fc65c0e34
version fix
2022-11-15 13:37:02 +01:00
Delta-Sierra
91d535925f
version fix
2022-11-15 13:36:49 +01:00
Delta-Sierra
3837058ab1
merge
2022-11-15 12:54:03 +01:00
Delta-Sierra
d020efd276
add raspberry Robin worm & others
2022-11-15 11:57:10 +01:00
b787bbeb23
Merge pull request #792 from nyx0/main
...
Add RomCom TA.
2022-11-05 07:50:20 +01:00
3b196f8361
Merge pull request #791 from Mathieu4141/threat-actors/add-phosphorus-alias-to-apt-35
...
[threat-actors] Add Phosphorus in APT35 aliases
2022-11-05 07:49:55 +01:00
Thomas Dupuy
9ac53e5d5e
Add RomCom TA.
2022-11-04 02:34:10 +00:00
6c4da5dd55
Merge pull request #790 from Mathieu4141/threat-actors/fix-dust-storm
...
[threat-actors] Remove DustStorm alias from APT10
2022-11-03 11:35:20 +01:00
52a6fff6a2
Merge pull request #788 from Mathieu4141/threat-actors/fix-cobalt-dickens
...
[threat-actors] Remove cobalt dickens duplicate
2022-11-03 11:27:08 +01:00
3b4dcd6ad3
Merge pull request #787 from Mathieu4141/threat-actors/fix-subaat-duplicate
...
[threat-actors] Remove subaat duplicate
2022-11-03 11:26:21 +01:00
Mathieu Beligon
8a9dd47f8f
[threat-actors] Add Phosphorus in APT35 aliases
2022-11-02 23:49:22 -07:00
Mathieu Beligon
21d4292faf
[threat-actors] Remove DustStorm alias from APT10
2022-11-02 23:31:31 -07:00
Mathieu Beligon
e61733591f
[threat-actors] Remove SectorJ04 duplicate
2022-11-02 20:30:40 -07:00
Mathieu Beligon
9f0869097a
[threat-actors] Remove cobalt dickens duplicate
2022-11-02 18:09:42 -07:00
Mathieu Beligon
e3e5560e37
[threat-actors] Remove subaat duplicate
2022-11-02 17:57:47 -07:00
Mathieu Beligon
5801bbcfc1
[threat-actors] Remove Skeleton Spider duplicate
2022-11-02 17:38:07 -07:00
015650c6d7
chg: [mitre-attack] updated to version 12.0
2022-11-01 22:39:33 +01:00
Delta-Sierra
9952366667
add Prynt Stealer & variants
2022-10-14 16:03:45 +02:00
Delta-Sierra
355025eb5b
fix metadata in wrong slot
2022-10-04 13:28:42 +02:00
Delta-Sierra
e5b3062912
add Volatile Cedar synonym
2022-10-03 16:06:13 +02:00
Thomas Dupuy
4bcf80f01b
Add SharPyShell tool.
2022-10-02 22:00:54 +00:00
409c82f40c
Merge pull request #781 from Mathieu4141/threat-actors/fix-neodymium
...
[threat-actors] Fix G0055 (NEODYMIUM) alias
2022-09-30 06:39:31 +02:00
588184bacd
Merge pull request #780 from Mathieu4141/threat-actors/fix-svmondr
...
[threat-actors] Remove SVCMONDR duplicate
2022-09-30 06:38:56 +02:00
800006e6ab
Merge pull request #778 from Mathieu4141/threat-actors/fix-malware-reuser-duplicate
...
[threat-actors] Fix Volatile Cedar and Dancing Salome conflicts
2022-09-30 06:37:15 +02:00
Mathieu Beligon
74c6835d18
[threat-actors] Fix G0055 (NEODYMIUM) alias
2022-09-29 17:16:57 -07:00
Mathieu Beligon
a740e35687
[threat-actors] Remove SVCMONDR duplicate
2022-09-29 16:11:19 -07:00
Mathieu Beligon
5994fa4160
[threat-actors] Fix Volatile Cedar and Dancing Salome conflicts
2022-09-29 14:51:38 -07:00
Mathieu Beligon
4f47e6e2d3
[threat-actors] Equation group: separate from Lamberts and add tools
2022-09-29 11:28:54 -07:00
Thomas Dupuy
c66d6823a1
Add APT-Q-12 Threat Actor.
2022-09-29 02:30:41 +00:00
c3b65a2d15
chg: [threat-actor] JSON fix
2022-09-27 08:18:13 +02:00
067e449a41
Merge branch 'main' of https://github.com/nyx0/misp-galaxy into nyx0-main
2022-09-27 08:17:41 +02:00
Christophe Vandeplas
e259458d5a
chg: [mitre] bump to v11.3
2022-09-27 07:30:13 +02:00
Thomas Dupuy
bfd1812cef
Add Void Balaur.
2022-09-27 00:11:20 +00:00
eacab6ca27
new: [malpedia] remove duplicate UUIDs objects (coming from Malpedia API)
2022-09-26 10:58:09 +02:00
7cd322640f
Merge pull request #771 from Delta-Sierra/main
...
fetch malpedia
2022-09-26 10:07:24 +02:00
Delta-Sierra
a611230bef
fetch malpedia
2022-09-26 09:23:07 +02:00
Mathieu Beligon
22a39f4fdc
[threat-actors] Add BITWISE SPIDER
2022-09-20 11:23:33 -07:00
9b8b51fe53
Merge pull request #769 from Mathieu4141/threat-actors-add/no-name-057-06
...
[threat-actors] Add NoName057(16)
2022-09-17 07:43:42 +02:00
2f169e4258
Merge pull request #766 from Mathieu4141/threat-actors/fix-ta505
...
[threat-actors] Clean TA505 aliases
2022-09-17 07:43:18 +02:00
Mathieu Beligon
580d2c6931
[threat-actors] Add NoName057(16)
2022-09-16 20:11:06 -06:00
30cb4e7e60
Merge pull request #768 from Delta-Sierra/main
...
New clusters
2022-09-16 06:40:43 +02:00
Delta-Sierra
8202a7f48f
Add PlugX ref
2022-09-15 15:39:47 +02:00
Delta-Sierra
0903300b75
Add Chisel
2022-09-15 13:24:49 +02:00
Delta-Sierra
021fcd2c91
add Lorenz ransomware
2022-09-15 10:29:46 +02:00
1c8d82cfcc
new: [threat-actor] hezb added
2022-09-14 11:00:33 +02:00
Christophe Vandeplas
b011ddee5b
fix: [360net] fixes null entries in lists
2022-09-13 22:12:51 +02:00
Christophe Vandeplas
c5a5fa7cfa
chg: [360net] add 360.net APT list fixes #764
2022-09-13 21:48:16 +02:00
Mathieu Beligon
e1f5d3b5d8
[threat-actors] Keep meta from old Xenotime
2022-09-13 11:40:17 -07:00
Mathieu Beligon
4ff0bdfe8e
[threat-actors] Clean TA505 aliases
2022-09-13 11:34:02 -07:00
Delta-Sierra
e3d88f45c6
add Dark.IoT
2022-09-13 13:35:55 +02:00
Delta-Sierra
6dba3abe13
add hezb
2022-09-13 10:40:00 +02:00
Mathieu Beligon
273c7c9b97
[threat-actors] Remove Xenotime duplicate
2022-09-12 17:10:49 -07:00
Delta-Sierra
705d0d2e72
add BumbleBee backdoor
2022-09-12 10:51:43 +02:00
Delta-Sierra
0440db12e9
add DangerousSavanna campaign
2022-09-07 11:01:23 +02:00
Delta-Sierra
77db2370b1
Add Lockbit synonym
2022-09-07 11:00:41 +02:00
Delta-Sierra
775d3c183b
Add Lockbit synonym
2022-09-07 09:26:38 +02:00
Rony
aea413cebf
chg: [threat-actor] version bump
2022-09-01 10:32:01 +00:00
Rony
db913e5ab4
fix: [threat-actor] remove duplicate entries
2022-09-01 09:53:11 +00:00
Rony
6aea5ee05c
chg: [threat-actor] add Aoqin Dragon
2022-09-01 09:46:43 +00:00
Rony
fb0cf3c7e5
chg: [threat-actor] miscellaneous updates
2022-09-01 09:17:31 +00:00
Daniel Plohmann
d18f5bc8b6
mini-fix: adding https protocol to a reference
...
in automated processing and display, this may otherwise lead to a malformed local / relative link.
2022-08-30 17:08:03 +02:00
5175fb0364
Merge pull request #760 from Delta-Sierra/main
...
Add GootLoader & MOUSEISLAND in tool
2022-08-29 12:02:55 +02:00
Rony
e7178a1e08
fix: [threat-actor] remove duplicate entries from APT9
2022-08-27 12:54:32 +00:00
Rony
27300c6381
chg: [threat-actor] add avast blog to APT40
2022-08-27 12:41:31 +00:00
Rony
7f526e230b
chg: [threat-actor] add Microsoft and PwC report to actors' references
2022-08-27 12:34:36 +00:00
Rony
6ad9699a38
chg: [threat-actor] add recorded future reference to RedAlpha
2022-08-27 12:10:51 +00:00
Rony
2dc138ae01
chg: [threat-actor] add Adam Kozy's testimony ro APT41 and APT26
2022-08-27 12:08:11 +00:00
Rony
0b140b7097
chg: [threat-actor] miscellaneous updates including merge of some actors and fix the error committed in 9cfcc0d9ac
2022-08-27 11:58:03 +00:00
8bea9f3b4b
Merge pull request #755 from Mathieu4141/threat-actors/fix-winnti
...
[threat-actors] Fix Axiom/Winnti/Suckfly/APT41 conflicts
2022-08-27 08:25:20 +02:00
Mathieu Béligon
9cfcc0d9ac
Add aliases to APT41
...
Co-authored-by: Rony <rony_123@protonmail.ch>
2022-08-26 14:54:02 -07:00
Mathieu Beligon
6e00329ba6
[threat-actors] Fix aliases
2022-08-26 11:09:29 -07:00
Delta-Sierra
534dacb7fb
add GootLoader
2022-08-26 10:12:36 +02:00
Delta-Sierra
d5a9365aae
add MOUSEISLAND
2022-08-26 09:23:38 +02:00
Mathieu Beligon
9b714dcd76
[threat-actors] Merge Axiom into APT17
2022-08-25 13:49:07 -07:00
Delta-Sierra
5b3c395f10
jq
2022-08-24 14:27:33 +02:00
Delta-Sierra
cb422c2190
update Guildma
2022-08-24 14:07:01 +02:00
Yosirion95
cda80e5496
Add synonyms to sector.json
2022-08-21 11:09:50 +02:00
9efca4c41b
fix: [threat-actor] UUID reused fixed (UUIDs cannot be reused across different cluster)
...
Add the missing the relationship for the new UUID
2022-08-21 09:17:56 +02:00
Rony
5b42a09dc2
add PARINACOTA to threat-actor.json
...
MSTIC names digital crime actors based on global volcanoes
2022-08-20 17:10:15 +00:00
Rony
6fd584fa88
remove APT36/ Transpert Tribe from microsoft-activity-group.json cause we don't know any MSTIC name yet.
2022-08-20 17:06:18 +00:00
6b137ea12c
Merge pull request #749 from Mathieu4141/threat-actors/fix-naikon-cluster
...
[threat actors] Fix threat actors related to Lotus Panda
2022-08-20 11:46:15 +02:00
Mathieu Beligon
7f82616c10
fix axiom related field
2022-08-19 12:48:40 -07:00
Mathieu Beligon
969f461709
merge into apt41
2022-08-19 12:45:47 -07:00
Christophe Vandeplas
1b69b654a8
chg: [atrm] bump to latest ATRM version
2022-08-19 21:19:23 +02:00
Mathieu Beligon
fd9201e9e0
Merge APT22 and suckfly
2022-08-19 12:16:30 -07:00
Mathieu Beligon
768c94671c
Fix hellsing ref
2022-08-19 11:34:16 -07:00
a8b234d694
Merge pull request #753 from Mathieu4141/threat-actors/fix-bronze-president
...
[threat-actors] Remove duplicated BRONZE PRESIDENT entity
2022-08-19 06:26:11 +02:00
Mathieu Béligon
fcd6faec78
Capitalize override panda alias
...
Co-authored-by: Rony <rony_123@protonmail.ch>
2022-08-18 20:51:03 -07:00
Mathieu Béligon
54f3ef2831
capitalize lotus panda alias
...
Co-authored-by: Rony <rony_123@protonmail.ch>
2022-08-18 20:50:32 -07:00
Mathieu Béligon
c9b11553eb
normalize APT30 alias
...
Co-authored-by: Rony <rony_123@protonmail.ch>
2022-08-18 20:32:44 -07:00
Mathieu Beligon
c1abedb446
Move Lotus Panda alias to Lotus Blossom
2022-08-18 20:21:31 -07:00
Mathieu Beligon
a61ef2a88f
[threat-actors] Fix Axiom/Winnti/Suckfly/APT41 conflicts
2022-08-18 17:03:26 -07:00
Mathieu Beligon
84e69ad4be
Add DarkCommet as a tool of GoldenRAT
2022-08-18 15:47:04 -07:00
Mathieu Beligon
1acc51a7a6
[threat-actors] Add more data about APT-C-27
2022-08-18 15:44:18 -07:00
Mathieu Beligon
ec988c97d0
[threat-actors] Remove duplicated APT-C-27
2022-08-18 15:34:08 -07:00
Mathieu Beligon
d9046c8619
[threat-actors] Remove duplicated BRONZE PRESIDENT entity
2022-08-18 15:12:18 -07:00
Mathieu Beligon
a046e8094d
Merge APT30 and Naikon
2022-08-18 11:36:45 -07:00
Mathieu Beligon
5e4a4c3453
Merge branch 'main' into threat-actors/fix-naikon-cluster
2022-08-18 09:01:36 -07:00
Mathieu Beligon
264e764dfa
Remove ATK34 alias
2022-08-18 08:59:04 -07:00
Delta-Sierra
3f036db1e3
add TA558
2022-08-18 15:54:28 +02:00
Mathieu Beligon
71e3e1f3eb
Fix ATK aliases
2022-08-17 13:39:43 -07:00
Mathieu Beligon
a6242d4732
Merge branch 'main' into threat-actors/fix-naikon-cluster
2022-08-17 13:37:01 -07:00
Mathieu Beligon
0d6399aa2b
Add ATK78 alias for Thrip
2022-08-17 12:04:32 -07:00
Mathieu Beligon
53282255ce
Branch out Goblin Panda from Hellsing
2022-08-17 11:55:35 -07:00
Mathieu Beligon
3f50cf0175
Create a tool for Esile
2022-08-17 11:19:30 -07:00
Rony
f608312577
addresses https://github.com/MISP/misp-galaxy/pull/751#issuecomment-1217680586
2022-08-17 08:52:35 +00:00
Rony
ccd10b54f4
remove duplicate reference
2022-08-17 12:49:56 +05:30
Rony
0cec882cc5
merge microcin/sixlittlemonkeys to vicious panda
2022-08-17 07:06:51 +00:00
a373909bb1
Merge pull request #748 from r0ny123/patch-2
...
Update threat-actor.json
2022-08-17 07:44:46 +02:00
352998a84d
fix: [threat-actor] add missing refs for APT33 including CFR link
2022-08-17 07:40:23 +02:00
Mathieu Beligon
d05b29c1af
[threat-actors] Remove duplicate APT33
2022-08-16 17:15:30 -07:00
Mathieu Beligon
9c6f106928
[threat actor] Fix aliases related to Lotus Panda
2022-08-16 16:58:35 -07:00
Rony
5b25b574b3
add uac-0010 references from cert-ua
2022-08-16 10:19:53 +00:00
Rony
370045b01d
Merge "red october" and "cloud atlas" to inception framework"
2022-08-16 09:30:29 +00:00
Rony
62b168600f
fix duplicates
2022-08-16 12:15:30 +05:30
Rony
490bc6a05c
fix duplicate
2022-08-16 12:10:27 +05:30
Rony
bbe84c5985
updates to russian actors
2022-08-16 12:07:59 +05:30
Rony
de76aef023
Update threat-actor.json
2022-08-16 10:49:13 +05:30
Rony
f4b63d4514
updates to tianwu
2022-08-16 10:30:33 +05:30
96d31aa8c7
chg: [threat-actor] jq all the things
2022-08-11 17:50:00 +02:00
Thomas Dupuy
ed24dcaf19
Add link for SLIME29.
2022-08-11 15:41:01 +00:00
Thomas Dupuy
912050b9b7
Update commit based on feeback.
2022-08-11 15:20:32 +00:00
Thomas Dupuy
6e0df72ef4
Add Threat Actors from BH Asia22 prez.
2022-08-10 18:53:38 +00:00
Christophe Vandeplas
1369756810
chg: [atrm] Add Azure Threat Research Matrix Galaxy and generation script
2022-08-06 21:19:31 +02:00
Daniel Plohmann
bdaadea58e
removing a leading double quote in a URL.
2022-08-02 18:17:58 +02:00
Daniel Plohmann
bc20a463c8
merging TG2003 / Elephant Beetle into FIN13
...
as indicated in the respective resources published by the organizations using these aliases.
2022-08-02 14:11:43 +02:00
6427746ad8
Merge pull request #727 from Mathieu4141/threat-actors/merge-cutting-kitten-cleaver
...
Fix Cleaver aliases
2022-07-27 23:17:42 +02:00
63f5122ad4
Merge pull request #742 from r0ny123/patch-1
...
Update threat-actor.json
2022-07-27 18:56:47 +02:00
Mathieu Beligon
51aacd6b03
Reduce diff with old version
2022-07-26 23:53:22 -07:00
Mathieu Beligon
acc6ada575
r0ny123.review: Use Cutting Kitten as main value for ITSecTeam
2022-07-26 23:27:39 -07:00
Mathieu Beligon
d815bfa174
Merge remote-tracking branch 'upstream/main' into threat-actors/merge-cutting-kitten-cleaver
2022-07-26 23:22:03 -07:00
Daniel Plohmann
26f6a33695
more aliases from Unit 42
2022-07-26 11:09:33 +02:00
Rony
5a7f3a7207
fix
2022-07-25 17:17:52 +05:30
Rony
8ce0df6eb4
Update threat-actor.json
...
Merge aquatic panda & earth lusca
2022-07-25 17:15:23 +05:30
6b6398bf2d
fix: [threat-actor] incorrect merge fixed
2022-07-20 18:45:50 +02:00
b4ce9a9453
Merge branch 'main' of https://github.com/r0ny123/misp-galaxy into r0ny123-main
2022-07-20 18:41:27 +02:00
Rony
add6b27466
update
2022-07-20 21:39:33 +05:30
Rony
2b54df56f9
update
2022-07-20 21:32:11 +05:30
Rony
2e045d9c8c
chg: [fix] resolve conflict
2022-07-20 21:28:15 +05:30
Daniel Plohmann
5825783a85
removed duplicate UUID for Kinsing
...
my apologies, looks like I had not rolled a new UUID for one of the entries added...
2022-07-20 17:07:05 +02:00
Rony
932fcf1871
added Red Nue
2022-07-20 15:07:35 +05:30
Rony
082039b3b0
added CN actors from secureworks threat profile
...
https://www.secureworks.com/research/threat-profiles?filter=item-china and fixed some AKAs
2022-07-20 14:52:58 +05:30
Daniel Plohmann
ed32c508b7
added more Unit 42 aliases / groups
2022-07-20 08:38:03 +02:00
Rony
000bfe92d9
add APT9/Red Pegasus & BRONZE EDGEWOOD/Red Hariasa
2022-07-20 10:04:58 +05:30
Rony
2e8a577b0c
add PwC naming to CN actors
2022-07-20 09:45:21 +05:30
Rony
3fabd58416
chg: [threat-actor] fixed
2022-07-19 23:36:30 +05:30
Rony
79c84d3768
add Earth Berberoka, Earth Lusca and Earth Wendigo
2022-07-19 22:42:50 +05:30
Daniel Plohmann
082d506b64
adding new Unit 42 names
...
First PR: those are the directly mappable names. I will follow up after deconfliction and then with a few new entries.
2022-07-19 08:45:09 +02:00
Daniel Plohmann
240a757826
Update threat-actor.json
...
adding Predatory Sparrow due to recent events.
2022-07-13 10:02:07 +02:00
cf603e8160
Merge pull request #736 from Delta-Sierra/main
...
add Qbot
2022-07-12 18:41:33 +02:00
Thomas Dupuy
90da0d798f
Set country to LB instead of IR based on operational activity.
2022-07-12 16:21:41 +00:00
Delta-Sierra
b1c853bf42
update version
2022-07-12 15:51:55 +02:00
Thomas Dupuy
1a8835bcae
Remove list from POLONIUM TA.
2022-07-12 13:11:11 +00:00
Thomas Dupuy
a86d866534
Add POLONIUM TA.
2022-07-12 12:14:27 +00:00
Delta-Sierra
d40017ae50
add Qbot
2022-07-12 14:03:43 +02:00
Delta-Sierra
6c6355f2ba
fix typo
2022-07-12 11:31:08 +02:00
Delta-Sierra
300d608770
jq
2022-07-12 10:54:37 +02:00
Delta-Sierra
71c93f5b24
fix caps typo
2022-07-12 10:53:14 +02:00
Delta-Sierra
4ea34fc5a4
Merge https://github.com/Delta-Sierra/misp-galaxy into main
2022-07-12 10:51:59 +02:00
Delta-Sierra
924eda26ca
Add EnemyBot +relationships
2022-07-12 10:49:11 +02:00
Deborah Servili
ca7d524d9c
Merge branch 'main' into main
2022-07-08 16:27:28 +02:00
Delta-Sierra
29aa7b3f69
add Maui ransomware
2022-07-08 14:49:12 +02:00
Delta-Sierra
56a53433f0
add HelloXD ransomware
2022-07-08 12:05:31 +02:00
Delta-Sierra
279b89f6d9
fix duplicate extension-2
2022-07-06 09:38:02 +02:00
Delta-Sierra
67d5f5c7c0
fix duplicate extension
2022-07-06 09:34:11 +02:00
Delta-Sierra
7e37fa0cdd
merge + update medusalocker
2022-07-06 09:28:46 +02:00
Delta-Sierra
c2e7ef4fab
Update Medusa Locker and others
2022-07-06 08:43:59 +02:00
marjatech
587dc8560b
add script to automate malpedia update
2022-07-04 14:24:34 +02:00
Mathieu Beligon
693eed8d78
[threat actor] Break Cleaver aliases into respective entries
2022-07-04 14:05:29 +02:00
marjatech
1212a75cc4
update malpedia
2022-07-04 11:02:02 +02:00
Mathieu Beligon
d63c990dad
[threat-actors] Separate ITSecTeam from Cleaver
2022-06-30 14:34:05 +02:00
Mathieu Beligon
b8d4ffdbde
Merge Cutting Kitten and Cleaver
2022-06-29 20:15:12 +02:00
Koen Van Impe
0c9aa68db6
Update surveillance-vendor.json
2022-06-22 13:30:55 +02:00
Koen Van Impe
22c2f7b999
Add RCS Lab S.p.A. to surveillance-vendor
2022-06-22 11:20:52 +02:00
Mathieu Beligon
d79c5bd1ab
Add ToddyCat Threat actor
2022-06-21 15:12:42 +02:00
Rony
c030fcdab6
chg: [threat-actor] added PwC naming for Indian actors
...
https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf
2022-06-11 15:46:54 +05:30
Thanat0s
44a99d066a
Y en a un peut plus je vous le mets quand meme ?
2022-06-11 04:24:04 -04:00
Thanat0s
57befd7259
jq all the things
2022-06-10 19:12:12 -04:00
Thanat0s
51f98f4706
Attck link + typo on TA551
2022-06-10 18:40:16 -04:00
Thanat0s
f97fee7135
Typo on TA551
2022-06-10 18:38:25 -04:00
Thanat0s
297acc0f5e
Add Mitre vs Thales RosettaStone
2022-06-10 18:24:15 -04:00
Rony
e916267c7c
chg: [threat-actor] add reference to bitter & sidewinder group
2022-06-08 23:22:17 +05:30
Christophe Vandeplas
39073004c4
[mitre] bump to MITRE ATT&CK v11.2
2022-05-25 21:03:14 +02:00
Christophe Vandeplas
4a469299fd
[mitre] update sorting algo
...
will make future ATT&CK updates less noisy in the git diff
2022-05-25 21:00:57 +02:00
Mathieu Beligon
dca70783bf
[threat-actors] validate file
2022-05-23 11:32:24 +02:00
Mathieu Beligon
c1cfc19871
[threat actors] Remove dead link for sandworm threat actor
2022-05-23 11:30:04 +02:00
Mathieu Beligon
36a1466661
[threat-actors] Add RansomHouse
2022-05-23 11:29:39 +02:00
a838eaf9db
Merge pull request #717 from jloehel/krane
...
chg: [cryptominers] Adds Krane
2022-05-18 08:17:16 +02:00
Jürgen Löhel
1be9a10ef9
chg: [cryptominers] Adds Krane
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-05-17 14:47:29 -05:00
Jürgen Löhel
9db5d18114
chg: [android] Adds Vulture
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-05-17 14:16:21 -05:00
Rony
2721522e82
chg: [threat-actor] add exotic lily, ta578, ta579
2022-05-14 20:52:15 +05:30
Jürgen Löhel
45da13ce5e
chg: [backdoors] Adds BPFDoor
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-05-11 19:06:19 -05:00
fcdc6c86e6
chg: [threat-actor] add TG2003 synomym to Elephant Beetle
2022-05-09 14:24:28 +02:00
9130365e2e
chg: [threat-actor] Elephant Beetle added
...
Fix #708
2022-05-09 14:23:12 +02:00
bb434b11cf
chg: [threat-actor] ModifiedElephant added
...
Fix #709
2022-05-09 14:16:01 +02:00
06550a7945
chg: [threat-actor] fix refs field -> it's always an array
2022-05-09 13:46:16 +02:00
b67e3ed3f8
Merge branch 'threatactor-cosmiclynx-add' of https://github.com/adammchugh/MISP-Galaxy-Updates into adammchugh-threatactor-cosmiclynx-add
2022-05-09 13:43:44 +02:00
Rony
c0be6677c2
chg: [threat-actor] added actor Red Menshen
...
https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf
2022-05-07 15:44:10 +05:30
Rony
11eca69ebc
chg: [threat-actor] added Curious Gorge
2022-05-07 12:40:35 +05:30
Daniel Plohmann
26c1850377
Update threat-actor.json
...
adding Red Dev 4 as alias for GALLIUM as used by PwC.
2022-05-06 09:47:48 +02:00
Daniel Plohmann
06c293072c
Update threat-actor.json
...
adding UNC3524 to the actor galaxy cluster.
2022-05-04 13:21:56 +02:00
3c7
0ad65fbe9f
Forgot to jq all the things
2022-04-28 09:42:25 +02:00
3c7
dfb6c0668e
Added SaintBear
2022-04-28 09:36:25 +02:00
Christophe Vandeplas
33476bec81
chg: [mitre] bump to MITRE ATT&CK v11.0
2022-04-25 18:29:57 +02:00
664f6d80cc
chg: [threat-actor] Killnet description added
2022-04-21 15:05:50 +02:00
1e383e2452
chg: [threat-actor] version updated
2022-04-21 14:53:14 +02:00
Mathieu Beligon
c8455a6c4d
[actors] Add killnet
2022-04-21 14:06:28 +02:00
Adam McHugh
53a0fc56d3
Added Cosmic Lynx Threat Actor from Agari Whitepaper advisory
2022-04-18 10:16:26 +09:30
bca7381f33
fix: [ransomware] refs are within meta
2022-04-17 15:43:23 +02:00
eb7c5ebaf1
fix: [ransom] remove empty ref
2022-04-17 15:39:02 +02:00
bc696b43f4
chg: [ransomware] jq all the things
2022-04-17 15:35:50 +02:00
00d33fd292
Merge pull request #701 from adammchugh/ransomware-conti-update
...
Ammended Conti ransomware entry with ACSC 2021-010 advisory data
2022-04-17 15:35:25 +02:00
66744a4cd0
Merge pull request #704 from adammchugh/cryptominers-bluemockingbird-add
...
Added Cryptominer Blue Mockingbird from RedCanary advisory.
2022-04-17 14:43:59 +02:00
14907e3eef
Merge pull request #703 from adammchugh/threatactor-copypaste-add
...
Added Copy-Paste Threat Actor from ACSC Advisory 2020-008
2022-04-17 14:43:37 +02:00
Adam McHugh
84eac4b102
Added Cosmic Lynx Threat Actor from Agari Whitepaper advisory
2022-04-17 19:50:08 +09:30
Adam McHugh
f00e80ae7e
Added Cryptominer Blue Mockingbird from RedCanary advisory.
2022-04-17 19:44:42 +09:30
Adam McHugh
cff8a38c5f
Added Copy-Paste Threat Actor from ACSC Advisory 2020-008
2022-04-17 19:37:26 +09:30
Adam McHugh
622c0502aa
Ammended Conti ransomware entry with ACSC 2021-010 advisory data
2022-04-17 19:23:11 +09:30
Adam McHugh
99caab201f
Ammended Blackcat ransomware entry with ACSC 2022-004 advisory data
2022-04-17 18:05:24 +09:30
Thomas Dupuy
bd05eb0bba
upd: [cluster] add Threat Actor BladeHawk.
2022-04-11 17:03:19 +00:00
Thomas Dupuy
209391f110
upd: [cluster] add ref and synonyms for Energetic Bear.
2022-04-07 18:26:58 +00:00
b649057a5a
chg: [handicap] fixed more fields
2022-04-04 11:09:30 +02:00
aff4345074
chg: [handicap] more cleanup
2022-04-04 11:01:38 +02:00
269f91ad75
chg: [handicap] more clean-up of uuid values
2022-04-04 10:56:29 +02:00
d3d4e7186b
chg: [handicap] fix name of the clusters
2022-04-04 10:43:56 +02:00
7e6390c336
Merge pull request #694 from AgatheMgt/main
...
Handicap
2022-04-04 10:41:06 +02:00
Rony
a08ddaf548
Add Avivore & HAZY TIGER/Bitter
2022-04-02 01:14:18 +05:30
Rony
50f39edc10
Revert "update threat actors meta"
2022-04-02 00:55:38 +05:30
Delta-Sierra
73f71c8b15
dup
2022-04-01 16:51:27 +02:00
Delta-Sierra
fb557fd3a2
dup
2022-04-01 16:47:50 +02:00
Delta-Sierra
909fc09992
duplicate
2022-04-01 16:44:47 +02:00
Delta-Sierra
7c3e8ac068
fix duplicate
2022-04-01 16:40:40 +02:00
Delta-Sierra
dcc396108c
fix duplicate
2022-04-01 16:36:47 +02:00
Delta-Sierra
9257fb677b
merge
2022-04-01 16:32:10 +02:00
Delta-Sierra
0f7803b091
update threat actors meta
2022-04-01 16:00:27 +02:00
Sami Mokaddem
4242732af1
chg: jq all 2
2022-03-31 09:05:22 +02:00
Sami Mokaddem
a9a09d11c6
chg: jq all
2022-03-31 08:59:36 +02:00
Mathieu Beligon
c35fad3291
Add threat actor group Scarab
2022-03-28 12:11:34 +02:00
94c3788089
Merge pull request #687 from Badis-dev/main
...
Add galaxy and cluster cancer
2022-03-25 10:04:46 +01:00
AgatheMgt
aec779d1ee
poatate
2022-03-24 09:43:58 -04:00
AgatheMgt
3ce6d7a313
Update handicap.json
2022-03-24 07:48:49 -04:00
AgatheMgt
a6a16926f6
Create handicap.json
2022-03-24 07:08:08 -04:00
Daniel Plohmann
24a3f16ab4
adding threat actor group LAPSUS$ / DEV-0537.
2022-03-23 09:47:10 +01:00
Delta-Sierra
97690426bf
update threat actors meta
2022-03-18 16:41:10 +01:00
6f0208dcaf
chg: [ransomware] UUID fixed
2022-03-18 16:03:27 +01:00
ef5af37dbe
chg: [botnet] duplicate UUIDs replaced
2022-03-18 15:58:09 +01:00
c0a07d2246
chg: [ransomware] replace duplicate UUIDs
2022-03-18 15:57:06 +01:00
botlabsDev
6416d0b2de
add Rook Ransomware, Pandora Ranomsware, Astro Locker, Mount Locker, Ripprbot, Abcbot Cyclops Blink and Elknot
2022-03-18 15:34:11 +01:00
18069ce5f3
Merge pull request #688 from botlabsDev/patch-0
...
Add tool 'BadPotato' to clusters/tool.json
2022-03-15 12:30:47 +01:00
7fd5715715
Merge pull request #691 from r0ny123/indian-adversaries
...
Update to Indian Adversaries
2022-03-15 12:28:16 +01:00
Rony
eebda5f955
chg: [threat-actor] merging viceroy tiger and donot team & adding SectorE02 as an alias of Donot team
2022-03-15 15:02:57 +05:30
Rony
ac72e7b639
fix
2022-03-15 14:00:46 +05:30
Rony
3b67e745e5
Update threat-actor.json
2022-03-15 13:57:00 +05:30
botlabsDev
99ab2a13d6
Add tool 'BadPotato' to clusters/tool.json
2022-03-14 18:02:02 +01:00
Badis-dev
231915f9a4
add galaxy and cluster cancer
2022-03-11 14:20:09 +01:00
Badis-dev
27241135a2
Add cancer.json
2022-03-11 11:26:57 +01:00
Badis-dev
78f1c9f345
Delete cancer.json
2022-03-11 11:26:30 +01:00
Badis-dev
1c707f7c5e
Add cancer cluster
2022-03-11 11:13:57 +01:00
Delta-Sierra
957327383d
fix array
2022-03-07 16:10:53 +01:00
Delta-Sierra
a7f3df8a9a
merge
2022-03-07 16:04:38 +01:00
Delta-Sierra
8fd3c87b47
update threat actors meta
2022-03-07 15:54:29 +01:00
8e09c9b30c
Merge pull request #685 from danielplohmann/patch-14
...
adding threat actor "Moses Staff"
2022-03-02 21:43:00 +01:00
Daniel Plohmann
896a451461
fixed with linted JSON.
2022-03-02 21:22:28 +01:00
Daniel Plohmann
a817324cd4
adding threat actor "Moses Staff"
2022-03-02 15:50:39 +01:00
Mathieu Beligon
0b456b8afa
version bump -> 213
2022-03-02 14:55:26 +01:00
Mathieu Beligon
d3d241ca54
Update Gamaredon target
2022-03-02 14:55:19 +01:00
Mathieu Beligon
27c05a118e
Update GhostWriter
2022-03-02 13:16:20 +01:00
Delta-Sierra
c909a35d65
Merge https://github.com/MISP/misp-galaxy into main
2022-02-18 10:57:10 +01:00
Delta-Sierra
a788c867a7
jq
2022-02-18 10:56:07 +01:00
Delta-Sierra
b0cd884afc
add TA2541
2022-02-18 10:54:25 +01:00
Daniel Plohmann
321e4b4a57
another Gamaredon ref and version bump
2022-02-18 08:26:01 +01:00
Daniel Plohmann
254dd47a61
adding ACTINIUM as MSFT name for Gamaredon
2022-02-18 08:24:35 +01:00
Delta-Sierra
33ef3317b7
fix duplicate
2022-02-14 10:02:36 +01:00
Delta-Sierra
9b76d71c43
Merge https://github.com/MISP/misp-galaxy into main
2022-02-14 08:47:21 +01:00
Delta-Sierra
3184819968
add DDG botnet and more
2022-02-11 16:13:36 +01:00
rwe
4700780d47
added antlion APT group
2022-02-05 04:52:33 -08:00
f49b54281b
chg: [ransomware] set encryption only
2022-02-02 22:36:14 +01:00
3328b73185
fix: [ransomware] array end missing
2022-02-02 22:32:39 +01:00
Kevin Holvoet
3d23f98d04
Forgot comma between JSON entries
2022-02-02 18:58:55 +01:00
Kevin Holvoet
389add7580
Update ransomware.json with URL fix
...
Fixed URL for AlphaLocker
2022-02-02 18:54:31 +01:00
Kevin Holvoet
fa9829cec0
Update ransomware.json: add BlackCat (ALPHV)
2022-02-02 18:50:19 +01:00
Daniel Plohmann
833a6e0a8d
updated URLs for Gamaredon with Shuckworm alias reference
2022-02-02 09:40:10 +01:00
Daniel Plohmann
8f928d8eb3
adding Gamaredon alias Shuckworm used by Symantec
2022-02-02 09:35:53 +01:00
Delta-Sierra
5cf1eb01f4
Merge https://github.com/MISP/misp-galaxy into main
2022-01-31 10:04:07 +01:00
1fda357a03
new: [surveillance] Cytrox added
2022-01-30 11:31:55 +01:00
Jürgen Löhel
22046a1eae
Adds WhisperGate
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-01-18 13:16:06 -06:00
Delta-Sierra
e523bdaf70
merge
2022-01-14 16:08:14 +01:00
Jürgen Löhel
3059c70ae6
Adds UPAS-Kit
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-01-13 11:53:32 -06:00
Thomas Dupuy
c792bdd1b7
Add AQUATIC PANDA threat actor.
2022-01-12 13:51:11 -05:00
Thomas Dupuy
afaf3a3110
Add Motnug tool.
2022-01-12 13:37:59 -05:00
Jürgen Löhel
5aa8a8a8b1
Adds Ragnatela RAT
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-01-10 15:57:10 -06:00
Sami Tainio
dcb87b0dc6
chg: [threat-actor] Add SideCopy
2022-01-07 17:45:41 +02:00
Daniel Plohmann
3094283252
adding Mandiant's FIN13.
2022-01-03 09:32:43 +01:00
eba1b2839f
chg: [concordia] CMTMF killchain typo fixed
2021-12-20 10:41:00 +01:00
Raphaël Vinot
b4d518d4f0
fix: cmtmf-attack-pattern had multiple duplicate UUIDs
2021-12-17 17:58:29 +01:00
12617ff627
chg: [concordia] fix name inconsistencies
2021-12-17 17:41:00 +01:00
69b582f9ba
chg: [concordia] duplicate removed
2021-12-17 17:31:38 +01:00
bc3ab62917
chg: [concordia] duplicate removed
2021-12-17 17:26:04 +01:00
ee2a3c83f4
chg: [concordia] duplicate techniques removed
2021-12-17 17:21:00 +01:00
01d23b61b7
chg: [concordia] typo fixed
2021-12-17 17:15:43 +01:00
01f2ce68d4
chg: [misp-galaxy] duplicate modify trusted environment and also different technique ID?
2021-12-17 17:13:57 +01:00
5becac98e4
chg: [concordia] duplicates removed
2021-12-17 16:51:11 +01:00
ae7b7bd47d
chg: [cmtmf-attack-pattern] various fixes to make JSON ok
2021-12-17 16:08:07 +01:00
7b587710b1
Merge branch 'concordia_mtmf' of https://github.com/BennSaturn/misp-galaxy into BennSaturn-concordia_mtmf
2021-12-17 15:55:03 +01:00
Jürgen Löhel
b81ac7f01d
Adds DarkWatchman RAT
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-12-17 07:20:58 -06:00
Delta-Sierra
b8960393a4
add Milan Rat, Shark tool and Lyceum synonyms
2021-11-29 16:00:40 +01:00
Delta-Sierra
bb92427b65
add Lyceum synonyms/sources
2021-11-29 12:05:51 +01:00
Delta-Sierra
78a8cf4ad2
add ESPecter Bootkit
2021-11-19 16:30:57 +01:00
Delta-Sierra
c89623e945
add ESPecter bootkit
2021-11-16 08:17:37 +01:00
Christophe Vandeplas
aeb5719448
chg: [att&ck] update to ATT&CK v10
2021-10-22 14:34:25 +02:00
ab41df7282
chg: [malpedia] remove duplicate
2021-10-20 12:24:12 +02:00
e517787e7c
chg: [malpedia] duplicates removed
2021-10-20 12:21:05 +02:00
69f878c86f
fix: [malpedia] remove duplicate urls
2021-10-20 12:16:22 +02:00
da91f2abc2
chg: [malpedia] updated
2021-10-20 10:21:03 +02:00
marjatech
d74fdb3e43
update malpedia
2021-10-19 16:21:19 +02:00
Bernardo Santos
e74fcfe268
Update cmtmf-attack-pattern.json
...
- update version
2021-10-13 10:06:00 +02:00
Bernardo Santos
5f19983ba3
Update cmtmf-attack-pattern.json
...
- Changes to cluster type
- Fix typo for privilege escalation tactic
2021-10-13 09:57:03 +02:00
Bernardo Santos
49dfcca563
CONCORDIA MTMF - Initial version
...
Initial version of the CONCORDIA Mobile Threat Modelling Framework for the CONCORDIA Project: https://www.concordia-h2020.eu/
2021-10-12 10:54:06 +02:00
Bernardo Santos
d09681b011
CONCORDIA MTMF - Initial version
...
Initial version of the CONCORDIA Mobile Threat Modelling Framework for the CONCORDIA Project: https://www.concordia-h2020.eu/
2021-10-12 10:45:03 +02:00
Jeroen Pinoy
9ec76ae185
Add threat actor common raven
2021-10-03 23:30:20 +02:00
Thomas Patzke
26f0c344a1
Added O365 techniques
...
Source:
https://www.inversecos.com/2021/09/office365-attacks-bypassing-mfa.html
2021-09-18 23:27:38 +02:00
Thomas Dupuy
1985de4d44
Add BLUELIGHT tool.
2021-08-27 10:28:06 +02:00
Thomas Dupuy
89a3f986ba
Add InkySquid synonym.
2021-08-24 16:29:34 +02:00
Daniel Plohmann
3272960a14
fixed typo in actor name (CLOCKWORD -> CLOCKWORK SPIDER)
2021-08-19 06:02:40 +02:00
Rony
5dd0c7d8b3
chg: [threat-actor] add origin country to UNC2452 & HAFNIUM
...
addressed https://github.com/MISP/misp-galaxy/pull/660#issuecomment-884475015
2021-08-02 22:30:05 +05:30
Rony
636ccdedcd
Update threat-actor.json
2021-07-21 18:47:56 +05:30
Rony
9ecfecc063
another fix
2021-07-21 18:41:18 +05:30
Rony
32ea60d721
fix
2021-07-21 18:31:05 +05:30
Rony
52e7d5a0a9
multiple updates to apt40, apt31 & hafnium
2021-07-21 18:28:40 +05:30
Rony
fb9a41f8e9
from Gov Canada & MFA Japan
2021-07-19 20:33:35 +05:30
Rony
c90c60cb13
adding references for APT40 & APT31
2021-07-19 20:14:36 +05:30
6c8949caa9
Merge pull request #658 from jasperla/oilrig
...
merge APT34 with OilRig
2021-07-03 08:56:39 +02:00
Deborah Servili
b6005bd53f
Merge branch 'main' into master
2021-07-02 13:30:51 +02:00
Delta-Sierra
913aff30c3
Add NOBELIUM and related
2021-07-02 13:18:03 +02:00
Jasper Lievisse Adriaanse
792490298e
merge APT34 with OilRig
...
OilRig already has "APT 34" and "APT34" as synonyms. Additionally
MITRE has since combined them due to overlap in activity:
https://attack.mitre.org/groups/G0049/
2021-06-29 20:26:04 +02:00
a5d7d85dc8
Merge pull request #657 from jloehel/add_matanbuchus
...
[cluster][tool] Adds Matanbuchus
2021-06-22 07:23:20 +02:00
Jürgen Löhel
254c201601
[cluster][tool] Adds Matanbuchus
...
+ threat actor: BelialDemon
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-06-21 18:04:28 -05:00
Jürgen Löhel
381973f5de
[cluster][stealer] Adds HackBoss
...
Fixes : #651
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-06-21 16:35:20 -05:00
Thomas Dupuy
772c5145c1
Added BackdoorDiplomacy and Gelsemium.
2021-06-11 11:48:57 -04:00
Rony
9a723b6261
more ta544 references
2021-05-26 20:26:27 +05:30
Rony
db06e1fa4a
chg: [threat-actor] added cybercrime threat group profiles from Crowdstrike & Secureworks
2021-05-22 21:02:30 +05:30
Daniel Plohmann
433ea5cb45
Twisted Spider -> TWISTED SPIDER
...
fair point
2021-05-19 17:04:58 +02:00
Daniel Plohmann
9719122d27
adding Twisted Spider as alias for TA2101 (Maze)
2021-05-19 16:47:41 +02:00
a3cdbc1309
Merge pull request #650 from Still34/patches/alias-tick-1
...
Add alias for Tick
2021-05-07 23:23:38 +02:00
Still Hsu
eb671f1e6a
Add Nian alias
...
Signed-off-by: Still Hsu <dev@stillu.cc>
2021-05-08 00:52:27 +08:00
Still Hsu
fe7c0dab07
Add country origin for BlackTech
...
Signed-off-by: Still Hsu <dev@stillu.cc>
2021-05-08 00:32:39 +08:00
Daniel Plohmann
38b8bac51d
fixing broken/dead links
2021-05-04 20:15:17 +02:00
6f7d3d5c2b
chg: [ransomware] COLT (Compromise to Leak Time) added on Darkside and Pysa
...
"COLT – Compromise to Leak Time" - new meta colt-median/colt-average.
For reference: https://vulnerability.ch/2021/05/colt-compromise-to-leak-time/
2021-05-03 07:41:43 +02:00
7aaf25a424
new: [ransomware] Ragnarok added
2021-04-30 12:08:03 +02:00
94ec98d544
Merge pull request #646 from r0ny123/update
...
Updates to APT27 & Tick
2021-04-29 18:29:53 +02:00
Christophe Vandeplas
86ee7008b2
chg: [att&ck] bump to latest ATT&CK version from MITRE
2021-04-29 18:12:36 +02:00
211a4b5145
fix: [ransomware] Related key should be outside metas
2021-04-26 13:48:06 +02:00
Rony
4ba2db0f3a
FlatChestWare duplicate removed
2021-04-26 16:24:09 +05:30
ef9989dbe8
chg: [ransomware] duplicate removed
2021-04-26 12:06:03 +02:00
847d3e8fa7
chg: [ransomware] duplicate removed
2021-04-26 12:01:01 +02:00
f3992ec5f1
chg: [ransomware] duplicates removed
2021-04-26 11:57:21 +02:00
f2703bd03e
chg: [ransomware] Flyper removed
2021-04-26 11:52:28 +02:00
Delta-Sierra
3cae487e3d
fix duplicates and add relations
2021-04-26 11:25:39 +02:00
Rony
faed812fc9
Merged STALKER PANDA to Tick
2021-04-25 19:12:20 +05:30
Rony
89b9c0c32c
several updates to apt27
2021-04-25 16:53:36 +05:30
Delta-Sierra
0a05621f82
Merge https://github.com/MISP/misp-galaxy
2021-04-19 15:48:58 +02:00
Delta-Sierra
b138354fa5
Removing duplicate
2021-04-19 15:42:49 +02:00
28f6475cc5
chg: [ransomware] first duplicate removed
2021-04-19 15:13:18 +02:00
e7061f90d9
chg: [ransomware] remove duplicate "File-Locker"
2021-04-19 15:08:06 +02:00
ab13dd00f8
Merge pull request #645 from Delta-Sierra/master
...
Adding ransomware names [WIP 2/3]
2021-04-19 15:03:12 +02:00
Delta-Sierra
f5713a8d87
Removing unexpected line
2021-04-19 14:53:36 +02:00
Delta-Sierra
b7b4b356c3
Adding ransomware names [WIP 3]
2021-04-19 14:47:10 +02:00
Delta-Sierra
fdf1a6c112
Adding ransomware names [WIP 2]
2021-04-19 13:24:25 +02:00
Daniel Plohmann
6eb594a6b0
adding Yanbian Gang as threat actor
2021-04-16 15:12:45 +02:00
Delta-Sierra
f3456a89c5
fix version
2021-04-15 15:08:11 +02:00
Delta-Sierra
4bcd0492bd
Adding ransomwares WIP
2021-04-15 15:07:52 +02:00
Daniel Plohmann
2d8e9ea364
Symantec uses Palmerworm as alias for BlackTech
...
Adding Palmerworm as Symantec alias for BlackTech (with reference).
2021-03-31 22:35:12 +02:00
Thomas Dupuy
a8c62ddeda
Add Ghostwriter.
2021-03-31 09:42:40 -04:00
Rony
50f5d2ae4a
reverted changes made into 52ae97718d
2021-03-30 22:19:05 +05:30
sebdraven
ce8a9442eb
validation jsons
2021-03-30 13:12:21 +00:00
Sebdraven
52ae97718d
Update threat-actor.json
...
add a synonym to Haffnium
2021-03-30 15:11:09 +02:00
sebdraven
b082977b9f
validation ok
2021-03-30 10:22:35 +00:00
Sebdraven
4ed4cebcee
Update threat-actor.json
...
format json
2021-03-30 12:16:22 +02:00