Commit graph

2444 commits

Author SHA1 Message Date
Christophe Vandeplas
39ff6b4bbc MITRE sorted
While dicts were sorted, lists were not yet sorted. This current sort algo is not yet the best, but is a good start. A good sort is needed for better comparison afterwards with automated tools. In a next stage tt will also be needed in the validate_all scripts.
2018-12-09 08:32:48 +01:00
Deborah Servili
bf77e1125a
add Operation Poison Needles 2018-12-07 16:32:09 +01:00
Deborah Servili
79828d7411
add clusters 2018-12-07 13:25:56 +01:00
Deborah Servili
5a725e71ef
add several clusters 2018-12-06 16:13:51 +01:00
ac2b5dbe05
fix: [ransomware] more duplicates removed 2018-12-02 12:00:17 +01:00
2e8f139daa
fix: [ransomware] removed duplicate values 2018-12-02 11:54:34 +01:00
Deborah Servili
be9b4ff40f
add DNSpionage cluster 2018-11-29 16:38:06 +01:00
Deborah Servili
ef54489ea9
add everbe rasomnotes 2018-11-29 15:33:39 +01:00
Deborah Servili
6382857ee3
add ransomwares 2018-11-29 15:23:57 +01:00
Deborah Servili
c81f128d98
add ransomwares 2018-11-27 15:59:26 +01:00
Deborah Servili
6f255c0999
add Aurora Ransomware metadata 2018-11-26 09:30:54 +01:00
Deborah Servili
e5487305f1
add Aurora Ransomware synonym 2018-11-26 08:33:11 +01:00
Deborah Servili
9f5e10abf6
fix version 2018-11-23 16:16:58 +01:00
Deborah Servili
b6b1c7171a
Add Rotexy 2018-11-23 16:15:48 +01:00
Deborah Servili
dac1c08491
update version 2018-11-23 12:42:41 +01:00
Deborah Servili
b50c8bd805
add PNG Dropper 2018-11-23 10:38:36 +01:00
Deborah Servili
1be4a1cedb
add reference for Emotet/Geodo 2018-11-22 09:00:43 +01:00
Deborah Servili
2bf5d46cc4 Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy 2018-11-22 08:59:53 +01:00
Deborah Servili
2f5031b845
add several references for Emotet and others 2018-11-22 08:37:45 +01:00
Deborah Servili
de38e7249c
Merge branch 'master' into master 2018-11-19 15:23:45 +01:00
Deborah Servili
ce61b2d2dd
update oilrig related clusters + others 2018-11-19 14:56:13 +01:00
eec7693081
chg: uuid fixed 2018-11-18 06:31:04 +01:00
d324a1c39b
Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master 2018-11-18 06:29:50 +01:00
Deborah Servili
eb6f6a3f49
fix rat galaxy version 2018-11-16 16:40:23 +01:00
Deborah Servili
77b556d702
jq and add ref in tool galaxy -hit version 100- 2018-11-16 13:11:55 +01:00
Deborah Servili
faa16879da
add TheOneSpy 2018-11-16 13:10:21 +01:00
c9fd60d14b
chg: [threat-actor] INDRIK SPIDER added 2018-11-14 20:46:06 +01:00
Deborah Servili
ca33f1c2ce Merge branch 'master' of https://github.com/MISP/misp-galaxy 2018-11-13 15:25:34 +01:00
Deborah Servili
f55277b682
add several rqansomware and HookAds campaign 2018-11-13 12:20:37 +01:00
a505995b79
fix: [ransomware] duplicate removed 2018-11-13 07:12:36 +01:00
51d3af11fc
chg: [ransomware] duplicate removed 2018-11-13 07:08:49 +01:00
a4c916c916
Merge branch 'master' of github.com:MISP/misp-galaxy 2018-11-13 07:01:56 +01:00
Benoit Sevens
8f8c69134e
Update threat-actor.json
Add LuckyMouse link
2018-11-12 13:12:14 +01:00
Deborah Servili
46dba06e40
add/update ransomawares 2018-11-09 16:34:00 +01:00
Deborah Servili
14444e4321
add several tools and refs 2018-11-08 10:39:32 +01:00
Daniel Plohmann
1f6b606f75
added APT38 as (FireEye) alias for Lazarus
cross-references in https://content.fireeye.com/apt/rpt-apt38 suggest the link to Lazarus.
2018-11-07 17:19:50 +01:00
Deborah Servili
954264c084
Merge pull request #296 from Delta-Sierra/master
update ransomware galaxy
2018-11-07 09:19:23 +01:00
Deborah Servili
d41a279c73
update ransomware galaxy 2018-11-05 16:23:10 +01:00
8ae3214cd1
Merge pull request #295 from Delta-Sierra/master
update Red Alert 2 Android Banking Trojan
2018-11-05 12:37:29 +01:00
Deborah Servili
050a94a2c0
jq fix 2018-11-05 11:01:57 +01:00
Deborah Servili
ae24b71f45
update version 2018-11-05 10:45:54 +01:00
Deborah Servili
5fd4cfa4ee
update Red Alert 2 Android Banking Trojan 2018-11-05 09:50:10 +01:00
Deborah Servili
7813a29460
Merge pull request #294 from Delta-Sierra/master
add ransomwares
2018-10-31 16:05:18 +01:00
Deborah Servili
ad07b70a03
add ransomwares 2018-10-31 14:52:40 +01:00
2465235817
Merge pull request #293 from Delta-Sierra/master
add Operation EvilTraffic
2018-10-30 21:02:59 +01:00
Deborah Servili
e6b1eec329
add Chalubo botnet (+ jqallthethings) 2018-10-30 14:39:13 +01:00
Deborah Servili
41942d0daf
add Operation EvilTraffic 2018-10-30 13:28:46 +01:00
Deborah Servili
74ff4b957a
add Operation EvilTraffic 2018-10-30 13:28:27 +01:00
Nils Kuhnert
bc0bf1ca9f
Corrected DarkHotel threat actor entry 2018-10-29 09:03:30 +01:00
Deborah Servili
6e8abc0712
fix duplicate ref 2018-10-23 15:37:51 +02:00
Deborah Servili
af6020077e
add August Stealer 2018-10-23 15:25:37 +02:00
Deborah Servili
4a54044de6
add NukeSped reference 2018-10-22 14:50:57 +02:00
Deborah Servili
32d90a27e1
add GhostMiner 2018-10-22 14:46:44 +02:00
Deborah Servili
bd68ee280e Merge branch 'master' of https://github.com/MISP/misp-galaxy 2018-10-22 11:09:37 +02:00
Deborah Servili
504570a298
add tools from https://github.com/misterch0c/shadowbroker 2018-10-22 11:06:25 +02:00
Deborah Servili
4564c5eb37
add DarkPulsar and affiliates + update some refs 2018-10-22 10:14:30 +02:00
Christophe Vandeplas
4232f0b737 chg: further categorization of galaxies 2018-10-19 14:15:20 +02:00
Christophe Vandeplas
9dddc4427c jq 2018-10-19 10:23:09 +02:00
Christophe Vandeplas
6a9a9b7e1b Merge remote-tracking branch 'MISP/master' 2018-10-19 10:18:45 +02:00
Christophe Vandeplas
ddccac58c8 chg: categorization of galaxies
This allows relationships to be created.
2018-10-19 10:18:14 +02:00
0ecf34f06e
fix: [malpedia] version 2018-10-18 11:23:48 +02:00
83c6e6bef1
fix: [malpedia] broken reference has been fixed 2018-10-18 11:17:19 +02:00
3771c21218
Merge pull request #287 from cvandeplas/master
fixes an important bug in the gen_relations
2018-10-18 11:15:17 +02:00
66ded6d935
Some minor fixes 2018-10-17 20:59:08 +02:00
Christophe Vandeplas
ccebd86eed fix: add missing relations from commit 78c1f07359 2018-10-17 19:18:16 +02:00
Christophe Vandeplas
2b24efb14a fix: add missing relations from commit b857be9cab 2018-10-17 19:15:57 +02:00
Christophe Vandeplas
76b1429f10 fix: add missing relations from commit a81bbe288f 2018-10-17 19:13:35 +02:00
Christophe Vandeplas
84af053761 fix: add missing relations from commit 29beb01dc3 2018-10-17 19:07:01 +02:00
Christophe Vandeplas
873bc873b4 Merge remote-tracking branch 'MISP/master' 2018-10-17 18:28:44 +02:00
Christophe Vandeplas
1e90cac717 fix: intrusion is an actor and not a tool 2018-10-17 18:17:33 +02:00
9129724343
Merge pull request #286 from Delta-Sierra/master
Several clusters, refs, others.
2018-10-17 17:32:45 +02:00
Deborah Servili
c8cbb609a2
add GreyEnergy 2018-10-17 16:05:51 +02:00
Christophe Vandeplas
ca6c1caa8f fix: jq all the things 2018-10-17 08:26:45 +02:00
Christophe Vandeplas
2bb4df134b chg: removal of older unused relationships 2018-10-17 08:20:12 +02:00
Christophe Vandeplas
c51ba2e868 chg: MITRE relationships included in the respective cluster. 2018-10-17 08:08:58 +02:00
Deborah Servili
2ea560f9a7
add refs & synonyms 2018-10-15 12:02:21 +02:00
Deborah Servili
c134035a6d
add several refs 2018-10-15 11:33:37 +02:00
Deborah Servili
8d0c87c830
add several refs 2018-10-15 11:28:01 +02:00
Deborah Servili
11a27df82d
add roaming mantis group 2018-10-12 15:50:52 +02:00
Deborah Servili
b3109f6aea Merge branch 'master' of https://github.com/MISP/misp-galaxy 2018-10-12 13:55:01 +02:00
Christophe Vandeplas
f26a4f2806 fix: minor newline difference after jq_all_the 2018-10-12 12:31:29 +02:00
Christophe Vandeplas
f14d616e22 chg: magical mapping with malpedia 2018-10-12 11:00:00 +02:00
Christophe Vandeplas
65eb66a739 fix: automatically fix missing uuids 2018-10-12 10:55:24 +02:00
Christophe Vandeplas
2fbd8ce485 jq sort keys
Allows automation to edit the files
2018-10-12 10:35:31 +02:00
4ff2a45cbb
chg: [malpedia] duplicate urls removed 2018-10-10 22:18:32 +02:00
2d2749ccea
jq all the things 2018-10-10 22:12:59 +02:00
Steffen Enders
125f676d17
Updated malpedia.json to the current state
Fetched the new malpedia galaxy cluster from https://malpedia.caad.fkie.fraunhofer.de/api/get/misp - this includes an additional ~120 new families.
2018-10-10 17:31:27 +02:00
Deborah Servili
4c367737ac
add magecart ref 2018-10-10 14:52:16 +02:00
Deborah Servili
ec6b04cf6a
add SAVEfiles ransomware 2018-10-10 14:05:24 +02:00
Deborah Servili
ed5aa150a7
update version 2018-10-09 11:35:17 +02:00
Deborah Servili
510a37084c
update matrix ransomware 2018-10-08 16:26:58 +02:00
Deborah Servili
5fb9db8282
add Triout Android Malware 2018-10-05 16:21:01 +02:00
Deborah Servili
655b1619e4 Merge branch 'master' of https://github.com/MISP/misp-galaxy 2018-10-05 16:06:25 +02:00
Deborah Servili
58a86e4e26
fix failed copy-paste 2018-10-05 15:53:03 +02:00
8149960aa3
Merge pull request #276 from Delta-Sierra/master
add CoalaBot + Kraken Cryptor Ransmware + refs
2018-10-05 15:52:04 +02:00
Davide Arcuri
253fbed356 Added Malpedia Galaxy
based on malpedia git repo

Co-Authored-By: garanews <garanews@users.noreply.github.com>
2018-10-05 14:30:31 +02:00
Deborah Servili
80bf2f5556
jq 2018-10-05 12:04:13 +02:00
Deborah Servili
06c4869125
add CoalaBot + Kraken Cryptor Ransmware + refs 2018-10-05 11:09:54 +02:00
Deborah Servili
9225666b92
add CoalaBot + Kraken Cryptor Ransmware + refs 2018-10-05 11:09:45 +02:00
ecba2dbdbf
Merge pull request #274 from Delta-Sierra/master
Refs updates
2018-10-04 17:24:57 +02:00
Deborah Servili
7cf37a57f1
add Persirai botnet 2018-10-04 14:17:16 +02:00
Deborah Servili
50fecccf39
update Torii botnet 2018-10-04 13:44:32 +02:00
Deborah Servili
138a4e6f9e
add ref for Torii botnet 2018-10-04 13:41:27 +02:00
Deborah Servili
b45b4ce0b1
add refs 2018-10-04 12:01:26 +02:00
276992f180
Merge pull request #273 from Delta-Sierra/master
update synonyms & attributions
2018-10-04 11:17:19 +02:00
Deborah Servili
2893d715d6
Add ZEBROCY tool 2018-10-04 10:52:40 +02:00
Deborah Servili
5bcf34a953
update regarding https://twitter.com/adulau/status/1047764090410737664 2018-10-04 10:28:22 +02:00
Deborah Servili
c78416eee1
update synonyms & attributions 2018-10-04 10:09:34 +02:00
Deborah Servili
123099cd6d
Merge pull request #272 from Delta-Sierra/master
New clusters based on CIG Circular 66 – FASTCash ATM Cash Out Campaign
2018-10-03 16:38:33 +02:00
Deborah Servili
4d68b1c205
add NukeSped 2018-10-03 16:28:50 +02:00
Deborah Servili
3dfe8a5a34 add FASTCash 2018-10-03 15:09:14 +02:00
63b777fc9e
Merge pull request #271 from Delta-Sierra/master
Several updates
2018-10-01 21:51:11 +02:00
Deborah Servili
403f162451
add ref for magecart 2018-10-01 11:54:07 +02:00
Deborah Servili
35582f7ed5
new threat actors & tools 2018-10-01 11:52:40 +02:00
2402c7d98f
chg: [tool] NOKKI added
ref: https://researchcenter.paloaltonetworks.com/2018/09/unit42-new-konni-malware-attacking-eurasia-southeast-asia/
2018-09-29 09:01:47 +02:00
Deborah Servili
3649e03ad5 Merge branch 'master' of https://github.com/MISP/misp-galaxy 2018-09-28 16:28:16 +02:00
Deborah Servili
f828c8f79e
add synonym 2018-09-28 16:18:54 +02:00
Deborah Servili
a27534cfa1
add refs 2018-09-28 15:40:00 +02:00
49fe210812
Merge pull request #270 from Delta-Sierra/master
new clusters, relations and information
2018-09-28 12:57:13 +02:00
Deborah Servili
97581d7185
jq 2018-09-28 11:20:38 +02:00
Deborah Servili
fbf21487cf
new clusters and informtion 2018-09-28 11:08:21 +02:00
46eddf1874
chg: [botnet] Torii added 2018-09-27 15:43:49 +02:00
Deborah Servili
78c1f07359
new ransomware and relations 2018-09-27 15:42:20 +02:00
Nex
014aa325b7 Added missing country values 2018-09-26 23:05:46 +02:00
Deborah Servili
29beb01dc3
add relationships on Mirai 2018-09-24 16:06:36 +02:00
Deborah Servili
f7e10cb38d
add references 2018-09-24 14:58:21 +02:00
Deborah Servili
77897be97e
add BusyGasper android spyware 2018-09-24 12:12:41 +02:00
Deborah Servili
2bc8e1e719
add Cobalt Dickensthreat actor 2018-09-24 11:51:09 +02:00
Deborah Servili
69c5fc30e5
add remcos ref 2018-09-24 11:07:17 +02:00
Deborah Servili
5a1734f170
update version 2018-09-21 11:16:36 +02:00
Deborah Servili
3c7e367cbf
fix field mistake 2018-09-21 11:14:19 +02:00
Deborah Servili
1cee9d71e0
update Lazarus group cluster 2018-09-20 15:38:32 +02:00
Deborah Servili
6d43d52731
new unnamedthreat actor 2018-09-20 13:24:11 +02:00
Deborah Servili
d0864a6531
new threat actors 2018-09-20 12:10:20 +02:00
Deborah Servili
0a724bee3d
merge 2018-09-19 16:01:46 +02:00
Deborah Servili
3f22dbd17d
add notpetya and update jadeRAT 2018-09-19 15:06:43 +02:00
Deborah Servili
058f778e61
add references 2018-09-19 09:04:04 +02:00
79146b9d10
fix: array in synonyms (MISP accepts it but not the schema ;-) 2018-09-19 07:35:35 +02:00
6105522453
chg: [threat-actor] Iron Group added
ref: https://www.intezer.com/iron-cybercrime-group-under-the-scope-2/
2018-09-19 07:08:16 +02:00
4ae0ccd192
chg: [tool] Xbash added
ref: https://researchcenter.paloaltonetworks.com/2018/09/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows/
2018-09-19 07:03:56 +02:00
8238bd5eb1
Merge pull request #263 from botherder/bahamut
Added Bahamut to threat actors list
2018-09-19 06:46:26 +02:00
Deborah Servili
fd960bfc1b
Add magentocore malware 2018-09-18 23:10:33 +02:00
Nex
f0383758fc Added Bahamut to threat actors list 2018-09-18 11:27:32 +02:00
fe60e58f5b
Merge pull request #262 from botherder/mythic-leopard
Added additional name to C-Major
2018-09-18 11:25:58 +02:00
Nex
1e502a494e Added additional name to C-Major 2018-09-18 11:18:42 +02:00
Nex
ee7f609397 Removed duplicates 2018-09-18 11:16:00 +02:00
88c9d8d9f6
Merge pull request #259 from botherder/country-sync
Synced country codes with suspected state sponsor
2018-09-17 18:18:00 +02:00
Nex
be0dd94c90 Synced country codes with suspected state sponsor 2018-09-17 16:26:14 +02:00
Nex
c2ea505459 Merged Transparent Tribe in C-Major 2018-09-17 16:11:18 +02:00
Deborah Servili
ff9409e164
add blacknurse logo 2018-09-13 12:42:01 +02:00
Deborah Servili
1dcf2e50a7
add blacknurse 2018-09-13 12:33:19 +02:00
Deborah Servili
17d3959445
add Crypt0saur ransomware 2018-09-13 11:34:57 +02:00
Deborah Servili
0843fdfb23
adding and updating clusters 2018-09-13 09:03:41 +02:00
Deborah Servili
039fc91bd6
add description for sigma ransomware 2018-09-12 14:27:09 +02:00
Deborah Servili
a73424139f
fix versions 2018-09-12 14:26:44 +02:00
Deborah Servili
f107563cad
add ref for operation Applejeus 2018-09-12 09:34:16 +02:00
Deborah Servili
cb5fa5e822
fix version 2018-09-10 14:21:14 +02:00
Deborah Servili
c92dc15937
add Operation AppleJeus 2018-09-10 14:13:09 +02:00
Deborah Servili
a81bbe288f
fix some relations 2018-09-10 12:27:40 +02:00
Deborah Servili
40d5cca20f
clusters 2018-09-07 16:03:40 +02:00
Deborah Servili
addda6c545
more clusters~ 2018-09-05 16:39:33 +02:00
Deborah Servili
14024efbf1
add CamuBot Banker Trojan 2018-09-05 09:19:35 +02:00
Deborah Servili
5866b660c8
jq~ 2018-09-05 08:29:08 +02:00
Deborah Servili
fb328b0ef4
add ransomwares 2018-09-05 08:20:24 +02:00
Deborah Servili
0a9e91766b Merge branch 'master' of https://github.com/MISP/misp-galaxy 2018-09-04 10:18:07 +02:00
Deborah Servili
912e91a5f5
add ransomware 2018-09-04 09:43:58 +02:00
0acc41131d
"jq all the thing (tm)" 2018-09-01 11:58:52 +02:00
e55f91b7ac
Merge branch 'master' of https://github.com/Kafeine/misp-galaxy into Kafeine-master 2018-09-01 11:56:10 +02:00
Kafeine
ac94f367b1
+ Fallout 2018-09-01 10:07:46 +02:00
Kafeine
21cf5ec957
Hunter EK > Active 2018-08-30 22:47:00 +02:00
Kafeine
85130f264d
Adding Underminer EK 2018-08-30 17:27:59 +02:00
Kafeine
afa3fb4cfd
Status from Terror, Bingo and Astrum 2018-08-30 17:08:37 +02:00
Kafeine
67e9ef2719
Adapting to modification from Misp repository 2018-08-30 17:04:08 +02:00
Deborah Servili
f14dd27315
add cfr data 2018-08-27 15:29:16 +02:00
Deborah Servili
d1940b6a69
Update microsoft-activity-group.json version 2018-08-27 08:38:22 +02:00
Deborah Servili
9efca2fd79 more clusters
Signed-off-by: Deborah Servili <deborah.servili@gmail.com>
2018-08-24 16:11:16 +02:00
Deborah Servili
c943d1c9d1
add APT28/STRONTIUM refs 2018-08-22 09:59:40 +02:00
Deborah Servili
afea4ca5e7 Merge branch 'master' of https://github.com/MISP/misp-galaxy 2018-08-22 09:03:26 +02:00
f8c5640613
chg: [tool] biscuit biscvt tool BISKVIT
ref: https://www.fortinet.com/blog/threat-research/russian-army-exhibition-decoy-leads-to-new-biskvit-malware.html
2018-08-21 10:48:47 +02:00
cd76f19f52
chg: [threat-actor] APT-C-35 actor added
ref: https://ti.360.net/blog/articles/latest-activity-of-apt-c-35/
2018-08-15 20:25:57 +02:00
Deborah Servili
3940964956
update Dharma Ransomware 2018-08-14 15:56:09 +02:00
Deborah Servili
d5f35d94dc
version update 2018-08-14 12:21:50 +02:00
Deborah Servili
f3c02ad195
merge black ruby duplicate (delete the newer) 2018-08-14 12:20:29 +02:00
Deborah Servili
31142b41ac
merge 2018-08-14 12:09:21 +02:00
Deborah Servili
a28c50203e
fix 2018-08-14 12:07:12 +02:00
Deborah Servili
2081dc1627
resolve merge confilct -I hope- 2018-08-14 12:06:42 +02:00
Deborah Servili
4e911b2c17
Merge branch 'master' into master 2018-08-14 11:43:59 +02:00
Deborah Servili
7829e0fab6
fix typo and missing uuid 2018-08-14 11:41:06 +02:00
Deborah Servili
a646a835fe
add Rosenbridge backdoor 2018-08-14 10:09:26 +02:00
Christophe Vandeplas
88162aa44e chg: [mapping] Generated automatic mapping between clusters 2018-08-14 09:35:22 +02:00
Christophe Vandeplas
5478f0aa45 no change: dump files with sort_keys=True
This is needed to keep better track of the changes when other tools load and save the json files.
2018-08-13 17:06:29 +02:00
Christophe Vandeplas
021107e597 fix: [threat-actor] added missing uuids 2018-08-13 17:00:40 +02:00
Deborah Servili
b100b0cedd
add KEYPASS ransomware 2018-08-13 15:50:09 +02:00
Deborah Servili
f1dcb05576
Merge pull request #246 from Delta-Sierra/master
add Skygofree android spyware
2018-08-13 12:28:30 +02:00
Deborah Servili
56fe9eb63c
add Skygofree android spyware 2018-08-13 12:20:16 +02:00
9059a85eed
chg: [tool] KEYMARBLE malware added
ref: https://www.us-cert.gov/ncas/analysis-reports/AR18-221A
2018-08-11 16:14:39 +02:00
Deborah Servili
27805ca768
add tools used by SamSam 2018-08-09 15:55:36 +02:00
Deborah Servili
597e7bacb9
add ransomwares 2018-08-09 13:53:04 +02:00
6620b5575a
fix: [threat-actor] related is an array of JSON objects 2018-08-09 07:53:42 +02:00
1429b60555
chg: [threat-actor] jq document 2018-08-08 16:38:39 +02:00
Deborah Servili
ebc7287e14
update schema 2018-08-08 16:12:29 +02:00
Deborah Servili
33a300b773
tags is an array 2018-08-08 15:59:44 +02:00
Deborah Servili
b857be9cab
relationship system - v2 2018-08-08 15:51:22 +02:00
Deborah Servili
050a864be0
update some clusters and try to add a relationship system 2018-08-08 14:20:38 +02:00
Deborah Servili
84adb50f0f
add RedAlpha campaigns 2018-08-07 13:55:05 +02:00
Deborah Servili
b7de06ffcc
delete forgotten conflict marker 2018-08-06 08:49:44 +02:00
Deborah Servili
010df0a2b6
resolve merge conflict 2018-08-06 08:48:21 +02:00
Deborah Servili
def23775e5
resolve merge conflict 2018-08-06 08:45:03 +02:00
Nils Kuhnert
ab49b58b02
Added DarkHydrus 2018-08-06 08:33:34 +02:00
Nils Kuhnert
4654f51889
Two small typos 2018-08-05 15:09:38 +02:00
Deborah Servili
e5b185deee
Merge branch 'master' into master 2018-08-03 16:11:16 +02:00
Deborah Servili
35aa8ba34e
delete duplicate gorgon group 2018-08-03 16:08:43 +02:00
Deborah Servili
a9a71ef84c
more clusters 2018-08-03 15:58:54 +02:00
b3701b6b34
chg: [threat-actor] The Gordon Group added
ref: https://researchcenter.paloaltonetworks.com/2018/08/unit42-gorgon-group-slithering-nation-state-cybercrime/
2018-08-03 10:26:52 +02:00
a0dfdd65ae
chg: [rat] Hallaj PRO Rat added
ref: https://securelist.com/attacks-on-industrial-enterprises-using-rms-and-teamviewer/87104/
misp-event: 5b63f5e4-bf24-4f46-8340-48fc02de0b81
2018-08-03 08:34:55 +02:00
3da005a3f3
fix: jq all the things(tm) 2018-08-02 15:15:47 +02:00
1fdf47d509
fix: [threat-actor] synonyms are always arraus 2018-08-02 15:13:18 +02:00
ece56dff38
chg: [threat-actor] leafminer - RASPITE added 2018-08-02 15:08:39 +02:00
c232b3dd5a
chg: [tool] added based on Carbanak tooling description from Crowdstrike
ref: https://www.crowdstrike.com/blog/arrests-put-new-focus-on-carbon-spider-adversary-group/
2018-08-02 10:30:47 +02:00
43fa95df7a
chg: [threat-actor] new reference to CARBON SPIDER/Carbanak 2018-08-02 10:03:18 +02:00
4cf84858e3
chg: [tool] Bisonal malware added (new variant with encryption capabilities) 2018-07-31 15:26:11 +02:00
Deborah Servili
e7d2541929 add Kronos Banking Trojan 2018-07-25 09:46:46 +02:00
Deborah Servili
381f7e4a19 Add CFR.org metadata into the galaxy - part 2 2018-07-25 09:08:16 +02:00
Deborah Servili
28456545be Merge https://github.com/MISP/misp-galaxy 2018-07-16 09:16:13 +02:00
98db303047
chg: [threat-actor] The Big Bang campaign/group added 2018-07-10 08:49:00 +02:00
43a2c7f0ef
chg: [botnet] Xor DDoS added 2018-07-09 14:25:19 +02:00
raw-data
77cfaa8221 [add] new backdoor galaxy and cluster 2018-07-06 20:09:52 +01:00
Raphaël Vinot
e5939e3248 Merge branch 'master' of github.com:MISP/misp-galaxy 2018-07-06 15:25:09 +02:00
Raphaël Vinot
6f7a7921ae new: Add entries from Bambenek Consulting 2018-07-06 15:25:05 +02:00
raw-data
fa8d0e35f6 [add] x1 new entry in stealer.json - AZORult 2018-07-06 11:00:11 +01:00
Deborah Servili
cae0f7e1ad merging attempt 2018-06-29 16:39:34 +02:00
Deborah Servili
8c51ef98b3 add cfr related informations -still in progress- 2018-06-29 16:36:58 +02:00
Deborah Servili
fb6b01cc95
Merge branch 'master' into master 2018-06-27 09:39:28 +02:00
Deborah Servili
b1aac6b35b cfr update -in progress + add clusters associated to RANCOR 2018-06-27 09:37:43 +02:00
1bd0fb34d7
Merge pull request #233 from Delta-Sierra/master
Add CFR.org metadata into the galaxy - Test
2018-06-26 14:26:18 +02:00
Deborah Servili
6f9e639981 add cfr prefix for cfr data - test 2018-06-26 10:07:14 +02:00
Deborah Servili
1cd6bddf0c Add CFR.org metadata into the galaxy - Test 2018-06-26 09:40:13 +02:00
Deborah Servili
3838efb0bb some updates 2018-06-26 09:26:32 +02:00
raw-data
f649af8ba5 [ADD] x1 new entry in tool.json - Koadic 2018-06-25 15:59:30 +01:00
raw-data
b3dffeb8d4 [ADD] x2 new rat - Sisfader, SocketPlayer 2018-06-25 15:46:42 +01:00
raw-data
0920d13c05 [ADD] banker.json version bump 2018-06-25 15:41:32 +01:00
raw-data
b382425d9c [ADD] x2 new banker - Backswap, Karius 2018-06-25 15:14:56 +01:00
Nils Kuhnert
ed26cfb042
Updated APT1 report link 2018-06-22 13:49:05 +02:00
Deborah Servili
8ebde0540a
Update cert-eu-govsector.json 2018-06-22 12:50:32 +02:00
Deborah Servili
e088194ea9
fix typo in type 2018-06-22 12:45:39 +02:00
8e014674af
Fixed typo 2018-06-20 09:45:16 +02:00
Deborah Servili
dcda058944 update verion 2018-06-20 09:36:36 +02:00
Deborah Servili
e18fdf42da add Thrip as threat actor 2018-06-20 09:30:15 +02:00
Deborah Servili
dcd159f8ed add olympic destroyer 2018-06-19 15:26:40 +02:00
Deborah Servili
92cbd29091 add severals ransomware 2018-06-19 13:04:32 +02:00
Deborah Servili
cee83f677e more clusters 2018-06-18 14:30:51 +02:00
Deborah Servili
d8c83cf2d6 add cluster in threat actor 2018-06-18 10:54:58 +02:00
Deborah Servili
ab577afacd add ClipboardWalletHijacker 2018-06-18 09:47:03 +02:00
Deborah Servili
333db20791 add MysteryBot in android galaxy 2018-06-18 08:41:52 +02:00
Deborah Servili
397b37dcc8 add some ransomwares 2018-06-15 15:14:42 +02:00
e6bae7165c
Merge pull request #224 from Delta-Sierra/master
add some clusters
2018-06-13 12:43:35 +02:00
Deborah Servili
4ac23483b9 add some tools 2018-06-13 11:54:50 +02:00
Deborah Servili
cef7d02622 update version 2018-06-13 11:06:31 +02:00
Deborah Servili
c17a2aa7cc add some clusters 2018-06-13 10:39:11 +02:00
Christophe Vandeplas
db81051154 minor layout corrections - validate_all 2018-06-12 11:03:09 +02:00
Christophe Vandeplas
d0d54b2751 merge pull request 222 2018-06-12 10:58:08 +02:00
Deborah Servili
508bb081c8 add BabaYaga Malware 2018-06-08 15:54:30 +02:00
Deborah Servili
2b447585b6 add PLEAD 2018-06-08 10:18:41 +02:00
Kafeine
25d21204fb
fix 2018-06-07 10:34:55 +01:00
Kafeine
52f0858ef5
+ Glazunov 2018-06-07 10:31:58 +01:00
Deborah Servili
a96a8a4a13 add sigrun ransomware's ransomnotes 2018-06-07 09:33:08 +02:00
Kafeine
178d5219c7
guuid & + VenomKit 2018-06-06 18:00:25 +01:00
Deborah Servili
e561e3e4f0 add Sigrun ransomwaremeta data 2018-06-06 16:29:24 +02:00
Deborah Servili
e2a25e165d add Sigrun ransomware 2018-06-06 16:12:31 +02:00
Deborah Servili
07f91bcca4 add another cryptomix variant 2018-06-06 15:44:32 +02:00
Deborah Servili
3e91466aea add Brambul worm 2018-06-06 15:07:30 +02:00
Deborah Servili
3e10d0957c add Joanap RAT 2018-06-06 14:34:42 +02:00
308774755c
add: Iron Backdoor 2018-06-03 18:39:37 +02:00
raw-data
388a2b25b3 [ADD] x2 new info/pwd stealers - Nocturnal Stealer, TeleGrab 2018-06-01 15:59:25 +01:00
raw-data
ba6892408b [ADD] NavRAT 2018-06-01 15:09:22 +01:00
raw-data
42bb2175e2 [ADD] DanaBot 2018-06-01 15:08:55 +01:00
6d5b8de216
Merge branch 'master' of github.com:MISP/misp-galaxy 2018-05-29 21:47:59 +02:00
c08c6af936
chg: Stalker Panda description added 2018-05-29 21:47:04 +02:00
raw-data
8726e0542d [ADD] VPNFilter in tool.json cluster 2018-05-26 23:49:59 +01:00
raw-data
b0396e5ea2 [ADD] Pontoeb, WICKED and Brain Food into botnet.json cluster 2018-05-24 16:39:24 +01:00
Raphaël Vinot
ca964d9d35 Merge branch 'master' of github.com:MISP/misp-galaxy 2018-05-19 17:58:23 -04:00
Raphaël Vinot
96f3bf1cb8 fix: Duplicate ELECTRUM entry
Fix #212
2018-05-19 17:57:51 -04:00
Deborah Servili
22cb1618a5
Merge pull request #214 from Delta-Sierra/master
update mitre galaxies - add external id and killchain
2018-05-19 13:21:18 +02:00
Deborah Servili
6c8edd3f61 jq 2018-05-19 13:09:50 +02:00
Deborah Servili
d82a76c08f fix scripts for nobile and pre attack attack pattern 2018-05-19 13:09:30 +02:00
Deborah Servili
f6d7291e7a jq 2018-05-19 12:57:20 +02:00
Deborah Servili
730353f63d update mitre galaxies - add external id and killchain 2018-05-19 12:56:20 +02:00
3a7c4e3c57
Merge pull request #211 from eCrimeLabs/master
Added links in relation to Threat-actor info from Dragos
2018-05-15 16:17:56 +02:00
9b888f238a
Merge pull request #209 from raw-data/master
[ADD] RadRAT, ARS VBS Loader and FlawedAmmyy into rat.json cluster
2018-05-15 16:17:18 +02:00
Dennis Rand
1ab4e4f4cf Added data related to Dragos Adverseries 2018-05-15 12:06:48 +00:00
Deborah Servili
3d5c697761 add Stalinlocker 2018-05-15 12:27:20 +02:00
Deborah Servili
5b22aa7225 add Mettle botnet 2018-05-14 12:00:22 +02:00
raw-data
0ba6233309 [ADD] RadRAT, ARS VBS Loader and FlawedAmmyy into rat.json cluster 2018-05-11 01:15:35 +01:00
Deborah Servili
5e0bd260d6 update some clusters 2018-05-09 16:12:02 +02:00
Deborah Servili
2b16c86687 add maikspy 2018-05-09 09:52:22 +02:00
Deborah Servili
d3f7f7b591 jq~ 2018-05-09 09:34:08 +02:00
Deborah Servili
360a4d4556 add reference for HNS botnet 2018-05-09 09:29:23 +02:00
Deborah Servili
0d745f6c93 add HNS bot net & HPE iLO 4 Ransomware/Wiper 2018-05-09 09:22:29 +02:00
Deborah Servili
394950379b add Kitty malware 2018-05-07 15:27:29 +02:00
Deborah Servili
1c783a1453 update version -oops- 2018-05-07 08:52:15 +02:00
Deborah Servili
9cf976b2c5 update - GandCrab v3 2018-05-07 08:46:31 +02:00
Deborah Servili
d6e4c166c5 add an unnamed ransomware 2018-05-04 15:59:37 +02:00
Deborah Servili
ba631f1b43 add spymaster pro as rat 2018-05-04 15:12:56 +02:00
Deborah Servili
58e3e5f5d6 add ZooPark campaign 2018-05-04 10:16:01 +02:00
6b1d7d2201
add: threat actors from Dragos Inc. (based on https://dragos.com/adversaries.html) 2018-05-03 21:22:09 +02:00
Deborah Servili
979c784640 jq 2018-05-03 16:08:27 +02:00
Deborah Servili
83581c62b0 add Rubella Macro Builder 2018-05-03 15:38:06 +02:00
Deborah Servili
434716df86 add GravityRAT 2018-05-03 14:35:20 +02:00
Deborah Servili
55504f93d6 add HOGFISH as APT10 synonym 2018-05-03 11:10:21 +02:00
Deborah Servili
9a800ebec1 add Henbox 2018-05-03 10:57:39 +02:00
Deborah Servili
11f0963468 add Orangeworm, Kwampirs, Iron ransomware and Ton ransomware 2018-04-24 10:20:11 +02:00
Deborah Servili
6bf2004bd5 add Muhstik botnet 2018-04-23 09:26:28 +02:00
Stefan Kelm
0b63cb683b NMCRYPT ransomware 2018-04-20 11:28:02 +02:00
Deborah Servili
f95f7b6057 Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy 2018-04-20 10:27:54 +02:00
Deborah Servili
338eb7ab61 jq 2018-04-20 10:26:11 +02:00
Deborah Servili
6e2c0ea809
Update Ransomware galaxy version 2018-04-20 10:18:33 +02:00
Deborah Servili
f87da7a3a6 add Xiaoba 2018-04-20 10:13:52 +02:00
Deborah Servili
0e0c806e9e Merge https://github.com/MISP/misp-galaxy 2018-04-19 16:04:18 +02:00
Deborah Servili
473bf61fc7 add some ransomwares 2018-04-19 15:00:30 +02:00
Daniel Roethlisberger
8c861848f8 Add Comnie RAT. 2018-04-17 15:49:05 +02:00
StefanKelm
74610731ee
Added 'Chtonic' synonym 2018-04-16 15:37:23 +02:00
StefanKelm
eff4ace398
Remove Chthonic since it's a duplicate (banker.json) 2018-04-16 15:34:59 +02:00
Deborah Servili
c785ee6384 add some ransomwares & threat actors 2018-04-16 09:24:11 +02:00
Deborah Servili
1a18ffb3eb add Rovnix 2018-04-11 16:30:58 +02:00
Deborah Servili
e4b95abce3 add IcedID reference 2018-04-11 11:59:35 +02:00
Deborah Servili
c773597155 add GoScanSSH tool 2018-04-10 15:56:27 +02:00
Deborah Servili
113599bb24 add LockCrypt ransomware 2018-04-10 15:15:08 +02:00
Deborah Servili
a11bd66cf3 jq 2018-04-10 10:54:58 +02:00
Deborah Servili
ef8b428838 add PUBG ransomware 2018-04-10 10:54:36 +02:00
Deborah Servili
6f3921076a update matrix ransomware 2018-04-09 15:49:11 +02:00
Deborah Servili
20b1508e4b update version 2018-04-09 14:59:12 +02:00
Deborah Servili
e67a7b015d update matrix ransomware 2018-04-09 14:52:07 +02:00
Deborah Servili
8596ff3e10 update threat actor galaxy based on https://www.fireeye.com/content/dam/collateral/en/mtrends-2018.pdf 2018-04-09 11:52:12 +02:00
Deborah Servili
386349c607 add BlackRuby& WhiteRose ransomwares (+some fix) 2018-04-06 12:00:57 +02:00
Deborah Servili
47a0fbed8c merge the two Igexin clusters - fix #183 2018-04-05 13:47:09 +02:00
Deborah Servili
2bd3344eb6 add 2 -supposed- wipers 2018-04-05 11:51:13 +02:00
Deborah Servili
a0e8e45321 update ransomware galaxy versionC 2018-04-05 10:46:48 +02:00
Deborah Servili
7584c5f2a1 update cryptomix 2018-04-05 10:45:26 +02:00
Deborah Servili
b31f2632fd update botnet version 2018-04-05 09:49:57 +02:00
Deborah Servili
73e14c53eb complete hajime botnet 2018-04-04 16:22:50 +02:00
Deborah Servili
572404dcc7 add hajime botnet 2018-04-04 14:41:57 +02:00
Deborah Servili
a78972e0ac
Merge pull request #181 from Delta-Sierra/master
add external_id to values (MITRE galaxies)
2018-04-04 14:09:49 +02:00
Deborah Servili
8d4053741b jq 2018-04-04 12:54:04 +02:00
Deborah Servili
804fcedb5c add external_id to values 2018-04-03 15:53:17 +02:00
f4d7fe0166
add: SHARPKNOT 2018-03-29 16:31:05 +02:00
Kafeine
6c7d0f8684
+ThreadKit 2018-03-26 18:05:14 +01:00
Raphaël Vinot
24fa5b8b1b Merge branch 'master' of github.com:MISP/misp-galaxy 2018-03-23 10:40:32 +01:00
Raphaël Vinot
f6695f5b56 fix: Duplicate UUID in tools 2018-03-23 10:40:21 +01:00
Deborah Servili
0f14c2e563 Merge https://github.com/MISP/misp-galaxy 2018-03-23 08:28:20 +01:00
Deborah Servili
3ae0e5f113 add several tools 2018-03-23 08:27:14 +01:00
StefanKelm
cdf5344719
Update mitre-enterprise-attack-intrusion-set.json 2018-03-22 14:32:59 +01:00
StefanKelm
9add19ae7f
Update and rename mitre-entreprise-attack-tool.json to mitre-enterprise-attack-tool.json 2018-03-22 14:03:31 +01:00
StefanKelm
a1daa975aa
Update and rename mitre-entreprise-attack-relationship.json to mitre-enterprise-attack-relationship.json 2018-03-22 14:02:30 +01:00
StefanKelm
9d612ba3d9
Update and rename mitre-entreprise-attack-malware.json to mitre-enterprise-attack-malware.json 2018-03-22 14:01:27 +01:00
StefanKelm
b9aef43c73
Update and rename mitre-entreprise-attack-intrusion-set.json to mitre-enterprise-attack-intrusion-set.json 2018-03-22 14:00:20 +01:00
StefanKelm
36204644f1
Update mitre-enterprise-attack-course-of-action.json 2018-03-22 13:59:42 +01:00
StefanKelm
b619c8fc32
Update and rename mitre-entreprise-attack-course-of-action.json to mitre-enterprise-attack-course-of-action.json 2018-03-22 13:58:39 +01:00
StefanKelm
24930772c5
Update and rename mitre-entreprise-attack-attack-pattern.json to mitre-enterprise-attack-attack-pattern.json 2018-03-22 13:57:45 +01:00
Deborah Servili
011e0e9574 update Android galaxy based on: https://source.android.com/security/reports/Google_Android_Security_2017_Report_Final.pdf - possible duplicates! 2018-03-21 16:17:33 +01:00
Deborah Servili
181d4604a5 add Zenis ransomware 2018-03-21 15:22:21 +01:00
Deborah Servili
8cfd258ee3
Merge branch 'master' into master 2018-03-21 08:31:56 +01:00
Deborah Servili
510347c730 add gamut botnet 2018-03-21 08:29:41 +01:00
Kafeine
9e30ff1345
+Glazunov 2018-03-19 09:23:27 +00:00
Daniel Plohmann (jupiter)
83fd4a9af9 added leviathan 2018-03-17 11:57:10 +01:00
Dennis Rand
080e68a30f Added RoyalCli and RoyalDNS related to APT15 based on information from NCC Group 2018-03-15 22:08:06 +00:00
468f9dcb9d
Merge pull request #171 from Delta-Sierra/master
add qwerty ransomware
2018-03-15 10:47:37 +01:00
Deborah Servili
2e9827d9a3 jq 2018-03-15 10:41:37 +01:00
Deborah Servili
37a0b96a7b add qwertyransomware 2018-03-15 10:40:34 +01:00
eCrimeLabs
bfeb9d772c
Malware Used by APT37
Malware Used by APT37
2018-03-14 22:11:43 +00:00
eCrimeLabs
84215d0003
Added tools from APT37
Malware Used by APT37
2018-03-14 21:53:35 +00:00
Deborah Servili
5fa09c0962 update version 2018-03-12 11:54:29 +01:00
Deborah Servili
e6a703e359 jq 2018-03-12 11:53:06 +01:00
Deborah Servili
e3c6e7e238 add missing uuid 2018-03-12 11:52:51 +01:00
Deborah Servili
4aa73942e7 add ref for BS2005 2018-03-12 11:46:04 +01:00
Deborah Servili
73eb11fedd update Mirage Threat actor 2018-03-12 10:44:57 +01:00
Deborah Servili
11daa2e1e0 add Nautilus, Neuron and update GandCrab 2018-03-12 10:23:57 +01:00
Deborah Servili
2fc9fb86d2 update GandCrab 2018-03-09 15:35:42 +01:00
Deborah Servili
ca7034a117 jq all the things 2018-03-09 14:53:31 +01:00
Deborah Servili
0c1e0b86b5 add missing uuid 2018-03-09 14:39:14 +01:00
Deborah Servili
ac8dc7122c add Shipup 2018-03-09 14:34:14 +01:00
Deborah Servili
1b19f99f87 add ghotex 2018-03-09 14:29:24 +01:00
Deborah Servili
d2ad0f1c09 add miniflame 2018-03-09 12:20:06 +01:00
Deborah Servili
6096c45da5 add Downloader-FGO 2018-03-09 11:32:31 +01:00
Deborah Servili
a415a48d71 add Cheshire Cat -hack.lu video as reference! 2018-03-09 10:47:17 +01:00
Deborah Servili
0ad7f06cf6 add Aurora/Hydraq 2018-03-09 10:18:47 +01:00
Deborah Servili
0cfc8907f3 add Rotinom 2018-03-09 09:25:40 +01:00
Deborah Servili
773d764445 add Exforel 2018-03-09 09:21:32 +01:00
Deborah Servili
58e10c9af4 add RSAUtil and Coldroot 2018-03-07 13:00:07 +01:00
Deborah Servili
ee3c858e4f Add TSCookie Malware and RAT 2018-03-06 13:28:28 +01:00
Deborah Servili
3f8b44bbe3 jq 2018-03-01 15:02:48 +01:00
Deborah Servili
227fa8b44f Merge https://github.com/MISP/misp-galaxy 2018-03-01 15:01:49 +01:00
Deborah Servili
b3574f880a jq ftw 2018-02-28 16:16:28 +01:00
Deborah Servili
d88a4a44dc add uuid to every cluster 2018-02-28 15:37:37 +01:00
22bf4f951f
fix #161 2018-02-27 19:32:07 +01:00
Deborah Servili
2eea951b71 add extension for Thanatos ransomware 2018-02-27 16:23:13 +01:00
Deborah Servili
63f77a81ec add botnets to galaxy 2018-02-27 16:04:23 +01:00
Deborah Servili
bfd74bb54d add Thanatos ransomware 2018-02-27 15:03:26 +01:00
Deborah Servili
8f0e6058b8 Removing duplicates refs - 2 2018-02-23 11:49:32 +01:00
Deborah Servili
dd62ea1844 manage duplicate refs - first try 2018-02-23 11:44:17 +01:00
Deborah Servili
fd9919e67a jq all the things 2018-02-23 08:38:32 +01:00
Deborah Servili
4ddb598de4 add MITRE Galaxies V2.0 2018-02-21 16:28:11 +01:00
Deborah Servili
384e26a1b4 create botnet galaxy 2018-02-20 15:33:24 +01:00
Deborah Servili
6147b89c4a add ShurL0ckr ransomware 2018-02-20 11:19:55 +01:00
Deborah Servili
42596842a8 add synonym and ref for Emissary Panda (Iron Tiger APT) 2018-02-20 10:37:47 +01:00
Deborah Servili
aa9fe74596 jq 2018-02-19 16:35:58 +01:00
Deborah Servili
d3d2db7e11 complete gandcrab 2018-02-19 16:27:28 +01:00
Deborah Servili
289e41a35b add gandcrap ransomware + update references 2018-02-19 15:58:47 +01:00
b7e8918193
fix: JSON format 2018-02-14 11:10:44 +01:00
db2b187bc6
Merge branch 'master' of https://github.com/Kafeine/misp-galaxy into Kafeine-master 2018-02-14 11:06:19 +01:00
Kafeine
bbb76373a5
~Sakura description 2018-02-13 11:48:13 +00:00
Kafeine
7155477764
+SPL Exploit Kit, ~Grandsoft 2018-02-13 11:46:24 +00:00
Deborah Servili
3ad7e412a4 add Smominru 2018-02-01 14:29:06 +01:00
Deborah Servili
7d29f57d5b add CrossRat 2018-01-31 11:14:20 +01:00
4664042400
fix: PureMasuta added to Masuta 2018-01-25 16:06:21 +01:00
3b61d2c84a
fix: typo in meta field 2018-01-25 15:56:16 +01:00
1831752530
add ref to Nexus Zeta 2018-01-25 15:43:33 +01:00
193b474ad2
add: Nexus Zeta is no stranger when it comes to implementing SOAP
relatedrelated exploit ;-)
2018-01-25 15:41:47 +01:00
5070314aae
add: Matsuta IoT botnet added 2018-01-25 15:39:44 +01:00
Daniel Plohmann
6de7c0176d adding dark caracal 2018-01-25 12:54:50 +01:00
Kafeine
df47e09457
BlackTDS added 2018-01-24 14:20:50 +00:00
Deborah Servili
ddffa49b42 add Digmine 2018-01-15 15:45:26 +01:00
Deborah Servili
8c5eb9e957 add downAndExec 2018-01-15 15:00:25 +01:00
Deborah Servili
8c1583b962 add travle/PYLOT 2018-01-15 14:44:36 +01:00
Deborah Servili
8240934eb5 fix forgotten value Microcin 2018-01-11 16:01:19 +01:00
Deborah Servili
130ad39d4c add macOS malwares 2018-01-11 15:19:18 +01:00
Deborah Servili
80d4fd0164 add monero miner 2018-01-10 15:30:47 +01:00
59a4fd52ad
fix: Updated description to clearly states that only branded vulnerabilities 2018-01-09 09:23:19 +01:00
Deborah Servili
9dd9810167 rename files + update README.md 2018-01-09 09:20:13 +01:00
Deborah Servili
225ce1f3ee New galaxy Branded Vulnerability 2018-01-09 09:02:29 +01:00
63b72cdade
add in preventive measures: blacklisting phone numbers 2017-12-28 13:28:49 +01:00
Deborah Servili
9b23956c37 jqallthethings 2017-12-22 10:47:06 +01:00
Deborah Servili
d6b16b2177 update Sofacy tools 2017-12-22 10:46:18 +01:00
Deborah Servili
f737b7fe0a modify SedKit description 2017-12-22 10:08:54 +01:00
Deborah Servili
e787efce72 add SedKit 2017-12-22 10:05:52 +01:00
Deborah Servili
51a4868a3f add "Power"tools 2017-12-21 11:18:32 +01:00
Deborah Servili
56d5ab9afa add satori (Mirai Variant) 2017-12-20 11:25:06 +01:00
Deborah Servili
9aa073a1c4 add PRILEX & CUTLET MAKER 2017-12-19 15:38:33 +01:00
Deborah Servili
eb9a49df81 add GratefulPOS 2017-12-19 12:17:42 +01:00
Deborah Servili
a9e5cff50f update Android galaxy 2017-12-19 08:56:39 +01:00
Deborah Servili
5f731a428d add source for NewCore RAT 2017-12-18 14:29:34 +01:00
Deborah Servili
db8ae5fbfe update OilRig threat actor 2017-12-18 09:26:15 +01:00
Deborah Servili
91e2d56d4d add file spider ransomware 2017-12-15 10:21:23 +01:00
Deborah Servili
cfaadb0c71 add OSX.Pirrit 2017-12-15 09:57:39 +01:00
d767e43669
TRISIS is the main name of TRITON as discussed in https://twitter.com/DragosInc/status/941355602512613381 2017-12-14 18:56:36 +01:00
90e37eb272
TRITON added 2017-12-14 17:13:18 +01:00
Deborah Servili
901d624a52 add SSHDoor 2017-12-14 11:37:05 +01:00
Deborah Servili
a2deaed935 add cryptomix variant 2017-12-14 10:58:29 +01:00
Deborah Servili
8836dfdc16 add Quant Loader 2017-12-13 15:51:24 +01:00
Deborah Servili
e891373ce8 Add MoneyTaker 2017-12-13 15:15:57 +01:00
Deborah Servili
5cac510818 update threat actor galaxy 2017-12-13 14:57:38 +01:00
Deborah Servili
e4d95b9ce8
Merge pull request #133 from Delta-Sierra/master
add source for BankBot
2017-12-11 10:39:31 +01:00
Deborah Servili
2c5a116ed5 add source for BankBot 2017-12-11 10:25:41 +01:00
c2e2093f29
Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master 2017-12-10 10:23:37 +01:00
2578daabf6
merge conflict solved - wp-vcd added 2017-12-10 10:19:17 +01:00
5f34b618f8
StrongPity2 added 2017-12-10 09:24:32 +01:00
Deborah Servili
16398ed750 jq 2017-12-08 15:48:59 +01:00
Deborah Servili
12e0af9fa2 add malware/ransomwares 2017-12-08 15:45:44 +01:00
Deborah Servili
8531d4e299 add SLocker 2017-12-07 14:26:41 +01:00
Deborah Servili
f1b4cab10b add HC7 ransomware 2017-12-07 11:25:08 +01:00
Deborah Servili
3023039956 add StorageCrypt Ransomware 2017-12-06 12:34:17 +01:00
Deborah Servili
d887659e51 add Halloware ransomware 2017-12-05 09:47:50 +01:00
Deborah Servili
c2b49e5ecd update cryptomix 2017-12-04 12:21:21 +01:00
57b7b5baff
add: Tizi malware added 2017-12-03 07:33:19 +01:00
Deborah Servili
695d580d3c add UBoatRAT 2017-11-29 10:09:39 +01:00
Deborah Servili
a46903b8dd update ROKRAT 2017-11-28 14:01:06 +01:00
Deborah Servili
1cb62212ca cryptomix - update 2017-11-22 13:46:50 +01:00
Deborah Servili
1bd8293901 add IcedID banker 2017-11-22 11:38:35 +01:00
Deborah Servili
a7d117781b cryptomix - add ransomnotes 2017-11-21 14:24:46 +01:00
Deborah Servili
bd940d45ad cryptomix - merge duplicates and update 2017-11-21 14:16:41 +01:00
Deborah Servili
6f79153169 add Ordinypt 2017-11-21 12:13:38 +01:00
Deborah Servili
ff3cb27a3b jq 2017-11-20 12:33:47 +01:00
Deborah Servili
632f030b28 update tool galaxy 2017-11-20 12:32:35 +01:00
steffenenders
96749fd350
Fixed mixed up description/value for MuddyWater 2017-11-19 19:23:10 +01:00
Deborah Servili
e2dbd5a9a3 add MuddyWater + Update HIDDEN COBRA and update its tools 2017-11-17 15:41:44 +01:00
Deborah Servili
24e4b15156 add Silence Trojan 2017-11-14 16:20:08 +01:00
Deborah Servili
09bab156c7 update version number 2017-11-09 12:30:32 +01:00
Deborah Servili
2ed39f3cee Fix typo - Spaaaace~ 2017-11-09 09:39:45 +01:00
Deborah Servili
880c74f469 add ALMA Communicator 2017-11-09 09:25:16 +01:00
Deborah Servili
3369270bdb add Sowbug group 2017-11-08 15:05:37 +01:00
Deborah Servili
5ee2001391 update Falismus RAT 2017-11-08 11:34:55 +01:00
Fredrik Borg
72d8bfc28a fix-iso-code-3 2017-11-07 14:15:40 +01:00
Fredrik Borg
afc4972e25 fix iso codes 2017-11-07 14:04:04 +01:00
Fredrik Borg
53a6a8d26f remove duplicate references 2017-11-07 13:34:44 +01:00
Siri Bromander
bf0d1d27ca Updated with data from APT Groups and Operations 2017-11-07 11:07:23 +01:00
Fredrik Borg
26192bf39a Bump version number 2017-11-01 18:14:20 +01:00
Fredrik Borg
51f86d5382 Use standard (2 digits) ISO codes for all countries 2017-11-01 12:38:21 +01:00
Raphaël Vinot
aa93b0e61d Update banker galaxy 2017-10-27 11:10:26 -04:00
Raphaël Vinot
756af14983 Merge branch 'master' of github.com:MISP/misp-galaxy 2017-10-27 10:50:58 -04:00
Raphaël Vinot
eef988e9ad Cosmetic updates 2017-10-27 10:50:47 -04:00
Deborah Servili
7246746bbe add htpRAT 2017-10-27 15:50:22 +02:00
Deborah Servili
2fefd3810d add dimnie 2017-10-27 11:42:01 +02:00
Deborah Servili
ad9fff6c3f Merge pull request #103 from Delta-Sierra/master
add Formbook
2017-10-27 10:40:00 +02:00
Deborah Servili
2533c1b54e fix typo 2017-10-27 10:33:58 +02:00
Deborah Servili
5597e5af1c add Formbook 2017-10-27 10:30:21 +02:00
Raphaël Vinot
24e7d89ac9 Deduplicate Android cluster 2017-10-26 19:00:57 -04:00
Raphaël Vinot
40e26a59f1 Merge branch 'master' of github.com:MISP/misp-galaxy 2017-10-26 18:54:56 -04:00
Raphaël Vinot
6d0952e4ed Add android and banker galaxies 2017-10-26 18:53:01 -04:00
aed963c52d Merge pull request #102 from Delta-Sierra/master
delete x_ prefix from mitre_attack_pattern
2017-10-26 10:36:02 +02:00
Deborah Servili
709b78c2de jq 2017-10-26 10:28:53 +02:00
Deborah Servili
3a41799542 add galaxy icon to mitre-cti tools & regenerate galaxies 2017-10-26 10:28:05 +02:00
Deborah Servili
fa8c4ec839 delete x_ prefix from mitre_attack_pattern 2017-10-26 09:44:23 +02:00
Raphaël Vinot
72dbbb28fa Remove the executable flag from the json files, again 2017-10-25 12:29:16 -04:00
Raphaël Vinot
c6f9c5261c Merge branch 'master' of github.com:MISP/misp-galaxy 2017-10-25 12:28:01 -04:00
Raphaël Vinot
196f0a7ac8 Remove the executable flag from the json files 2017-10-25 12:25:36 -04:00
Deborah Servili
6aee8e41fd add BadRabbit ransomware 2017-10-25 09:28:03 +02:00
Deborah Servili
5b7e2de87a add cert EU govsectors galaxy 2017-10-24 11:15:05 +02:00
ce0f4d5e4a
SOCKET23 RAT added 2017-10-21 15:14:42 +02:00
3860b1a78a
JadeRAT added 2017-10-21 13:53:40 +02:00
Deborah Servili
814c19841f jq 2017-10-20 15:32:01 +02:00
Deborah Servili
2fd3d3221d add IoT_reaper 2017-10-20 15:09:20 +02:00
Deborah Servili
a6d5383adf add synonym in tool galaxy 2017-10-18 15:43:12 +02:00
Deborah Servili
aa5e823801 add sectors galaxy 2017-10-11 09:52:33 +02:00
Deborah Servili
fa723b6e90 add lukitus ransomnote to Locky 2017-10-04 09:32:55 +02:00
Deborah Servili
671d7ea456 add lukitus extension to Locky 2017-10-04 09:22:53 +02:00
Deborah Servili
fa5cb66a84 fix typo 2017-10-04 08:38:12 +02:00
Deborah Servili
13f0b95654 add year of apparition for Rats + fixing some typos 2017-10-03 16:26:58 +02:00
Deborah Servili
4f73184818 jq 2017-09-29 17:02:12 +02:00
Deborah Servili
b33014e0dd add Remote Access/Administration Tools 2017-09-29 16:59:25 +02:00
Daniel Plohmann
02710714bd add APT33 as identified by FireEye 2017-09-29 11:43:38 +02:00
Deborah Servili
fecfdd39f3 add Adwind RAT synonyms 2017-09-25 15:18:51 +02:00
Deborah Servili
38f9d2cbfd Fix typo 2017-09-20 10:00:27 +02:00
Deborah Servili
c282899db7 add SyncCrypt Ransomwar 2017-09-06 15:23:27 +02:00
Deborah Servili
bba45c7fe6 add SynAck Ransomware ransomnote's name 2017-09-06 14:00:00 +02:00
Deborah Servili
5e11faaa92 add SynAck Ransomware 2017-09-06 13:45:24 +02:00
Deborah Servili
d07d4fbfa7 fix typo~ 2017-09-06 10:04:57 +02:00
Deborah Servili
da5b1d2ed3 add tools and rat 2017-09-06 09:51:52 +02:00
Raphaël Vinot
568557c1af JQ all the things. 2017-08-30 10:08:35 +02:00
381b608900
Fixed with jq ;-) 2017-08-30 10:04:19 +02:00
Kafeine
4b94d36d2e Merge branch 'master' into master 2017-08-29 12:41:33 +01:00
Kafeine
ee3e2b3a14 +WhiteHole +ref for Disdain 2017-08-29 10:36:38 +01:00
Deborah Servili
a2035e5840 add ransomwares 2017-08-28 11:14:27 +02:00
Deborah Servili
15ce9fb85d add fireball malware 2017-08-24 16:10:17 +02:00
Deborah Servili
63b7e62de5 add Joao malware 2017-08-24 08:49:42 +02:00
760f863f8a
EngineBox malware added 2017-08-19 09:38:45 +02:00
Deborah Servili
ad22bafdba jq 2017-08-17 15:54:44 +02:00
Deborah Servili
91cd3a6eec update mitre galaxies 2017-08-17 15:53:41 +02:00
iglocska
cf780290be Fixed some issues with a misnamed galaxy 2017-08-16 21:40:05 +02:00
Deborah Servili
7e391e8a39 version is integer 2017-08-16 15:23:58 +02:00
Deborah Servili
7cb372bdb5 put uuid as meta 2017-08-16 15:13:18 +02:00
Deborah Servili
447bfe93f3 new generation of mitre galaxies 2017-08-16 12:37:07 +02:00
Deborah Servili
fb5560f927 add mitre based galaxies 2017-08-16 12:17:00 +02:00
Deborah Servili
d29fb670c0 fix space typo 2017-08-16 10:50:12 +02:00
Kafeine
bde18d917f +disdain+captainblack-Neutrino 2017-08-15 20:53:41 +02:00
Deborah Servili
693ea7e58a type is array -shh I'm bad with the format, I know 2017-08-08 15:00:06 +02:00
Deborah Servili
6d7ec00907 type is meta 2017-08-08 12:44:37 +02:00
Deborah Servili
fa813f0f20 jq~ 2017-08-08 12:40:35 +02:00
Deborah Servili
d6a4e3a5a0 add/update tool galaxy 2017-08-08 12:37:14 +02:00
Deborah Servili
4482e198a0 add GlobeImposter synonym 2017-08-08 08:50:36 +02:00
Raphaël Vinot
3b7ad8ea8c Merge pull request #75 from Delta-Sierra/master
add svpeng tool
2017-08-02 11:21:24 +02:00
Deborah Servili
ca58a2f8b4 jq 2017-08-02 11:16:21 +02:00
Daniel Plohmann
355a230182 added FIN7 as alias for anunak 2017-08-01 13:29:57 +02:00
Daniel Plohmann
b4e49823dd merged barium into axiom (only one redundant reference given) 2017-08-01 13:13:56 +02:00
Deborah Servili
8573d28493 Merge branch 'master' into master 2017-08-01 10:18:18 +02:00
Deborah Servili
c8fa7a919f try to merge 'CowerSnail added' 2017-08-01 10:04:25 +02:00
Deborah Servili
52cd886ceb add svpeng tool 2017-08-01 09:44:38 +02:00
fda915f2f6
CowerSnail added 2017-07-30 18:46:20 +02:00
Raphaël Vinot
81d304345f Remove duplicates 2017-07-26 14:57:14 +02:00
Raphaël Vinot
282c3a8101 Merge pull request #74 from Delta-Sierra/master
adding clusters based on MISP data
2017-07-26 11:41:00 +02:00
Deborah Servili
497ecc396a clean tool.json 2017-07-26 09:41:08 +02:00
Deborah Servili
7e59f14dca update Spring Dragon threat actor 2017-07-26 09:21:36 +02:00
Raphaël Vinot
c971b8e935 Add missing name XtremeRAT 2017-07-25 20:24:00 +02:00
Raphaël Vinot
8598210895 Remove empty string. 2017-07-25 18:02:11 +02:00
Raphaël Vinot
a2567a9fc3 Remove duplicates 2017-07-25 13:12:48 +02:00
Deborah Servili
a6eb7338b3 adding clusters based on MISP data 2017-07-19 16:25:46 +02:00
Kafeine
a39dde6dba Update exploit-kit.json 2017-07-13 09:33:23 +01:00
3b13a9101c Merge branch 'master' of github.com:MISP/misp-galaxy 2017-07-08 10:16:29 +02:00
a295d40589 Cobalt gang added 2017-07-08 10:16:11 +02:00
4177bf150c Merge pull request #73 from Delta-Sierra/master
add cerber synonym
2017-06-30 10:45:06 +02:00
Deborah Servili
a2bc1e97de add cerber synonym 2017-06-30 10:03:57 +02:00
c0786dfb22 El Machete added 2017-06-26 11:44:46 +02:00
Deborah Servili
c12009921a add synonym for ammyyadmin 2017-06-21 11:02:57 +02:00
Deborah Servili
d01cfb8d1e Add SOREBRECT ransomware 2017-06-21 08:56:03 +02:00
dd2a51037a jq all ;-) 2017-06-20 20:34:04 +02:00
Jaime
f92b9cb710 Added FIN8 actor 2017-06-20 11:28:32 -07:00
Deborah Servili
aa25157403 alwaaays moooore RAT 2017-06-20 12:26:16 +02:00
Deborah Servili
5f5b71aa93 add rats from https://www.lifewire.com/free-remote-access-software-tools-2625161 2017-06-20 11:16:36 +02:00
Deborah Servili
57f6c2414d add rats 2017-06-20 09:19:19 +02:00
951ed3b9ed jq 2017-06-16 22:18:51 +02:00
3219d5de5c Merge pull request #67 from Delta-Sierra/master
add some rats and tools
2017-06-16 22:18:14 +02:00
Deborah Servili
91cf7b4cee add some rats sand tools 2017-06-16 15:34:20 +02:00
David André
3dfbb7e1d0 Added Symantec alias for sofacy 2017-06-16 11:22:17 +02:00
danielplohmann
5724f19873 Merge branch 'master' into hidden-cobra-lazarus 2017-06-15 14:13:50 +02:00
Daniel Plohmann (jupiter)
f7963c9a8c added Hidden Cobra as alias for Lazarus Group 2017-06-15 14:09:29 +02:00
Daniel Plohmann
ff4f428bc1 added ELECTRUM to threat-actor.json (afaik not confirmed as an alias atm) 2017-06-13 13:25:16 +02:00
Daniel Plohmann
9924a8875c added PLATINUM to threat-actor.json (afaik not confirmed as an alias atm) 2017-06-13 13:21:10 +02:00
Deborah Servili
e95b0fb6e1 Merge https://github.com/MISP/misp-galaxy 2017-06-09 09:06:23 +02:00
Deborah Servili
0755e11c02 update rat 2017-06-09 09:01:33 +02:00
91663c4793 Merge pull request #58 from danielplohmann/wildneutron
added WildNeutron (Morph, Butterfly, Sphinx Moth)
2017-06-06 10:02:56 +02:00
Deborah Servili
aa34718b13 edit threat actor - should fix #59 and #60 2017-06-06 08:40:29 +02:00
Daniel Plohmann (jupiter)
068dc40a78 added WildNeutron (Morph, Butterfly, Sphinx Moth) 2017-06-05 19:13:27 +02:00
8796017151 Merge pull request #56 from elhoim/patch-1
Added synonyms for APT10 and one for APT1
2017-06-02 16:41:20 +02:00
Deborah Servili
bf8c050b8b jq 2017-06-02 15:52:43 +02:00
Deborah Servili
17c0ffb255 add RAT listed in https://github.com/kevthehermit/RATDecoders 2017-06-02 15:40:06 +02:00
David André
83833f257c Added synonyms for APT10 and one for APT1 2017-06-02 10:26:45 +02:00
Deborah Servili
c9ede88868 add rat galaxy 2017-05-31 16:39:19 +02:00
fab863933e SilverTerrier added 2017-05-30 08:40:26 +02:00
dcfbfdfe47 jq all 2017-05-26 14:59:34 +02:00
d95351a72a Merge branch 'master' of github.com:MISP/misp-galaxy 2017-05-26 14:52:50 +02:00
b562e6b729 Emotet/Geodo added 2017-05-26 14:52:35 +02:00
Deborah Servili
14835361f7 jq 'n ##COMMA## 2017-05-18 14:01:49 +02:00
Deborah Servili
7fee4f3a1b add Uiwik ransomware 2017-05-18 13:59:47 +02:00
Deborah Servili
3b93a773e5 add synonym and cleaning 2017-05-18 11:18:32 +02:00
Deborah Servili
2c4256f42c merge hiddentear & cryptear data 2017-05-18 10:18:45 +02:00
Deborah Servili
bc4f1a93ab add synonym - half done 2017-05-18 09:19:48 +02:00
Deborah Servili
6859b2fb4e add synonym - step 1 2017-05-17 12:14:10 +02:00
Deborah Servili
c501517e9a add synonym to hancitor 2017-05-17 12:00:26 +02:00
Deborah Servili
66ca4c6f2a add jaff Ransomwarejq-ed 2017-05-17 10:10:27 +02:00
Deborah Servili
44857c2ac3 add jaff Ransomware 2017-05-17 10:08:53 +02:00
3e62608d3a Remove duplicate ref 2017-05-16 14:52:53 +02:00
e5faf4fba7 Input from Deborah incorporated 2017-05-16 14:47:16 +02:00
5da5df6384 APT32 added 2017-05-15 09:18:28 +02:00
bd18dc2f4b WannaCry added 2017-05-14 16:37:37 +02:00
Kafeine
2182a790a3 Fix 2017-05-11 11:31:22 +01:00
Kafeine
6d90c3e691 +Bingo -- Hunter > Retired 2017-05-11 11:30:50 +01:00
248eecaef0 Kazuar: Multiplatform Espionage Backdoor with API Access added 2017-05-04 17:22:28 +02:00
Kafeine
32b0e6f95d Update tds.json 2017-05-04 11:48:49 +01:00
f5d356523e Duplicate references removed 2017-05-03 15:59:24 +02:00
ea611bcded Merge pull request #49 from Delta-Sierra/master
reformat ransomware galaxy
2017-05-03 15:56:39 +02:00
Déborah Servili
9ff5f58978 add source to please the schema~ 2017-05-03 15:21:58 +02:00
Déborah Servili
0a9814d6eb change sources for authors 2017-05-03 15:15:34 +02:00
Déborah Servili
2dc6982fae jq on ransomware 2017-05-03 15:09:23 +02:00
Déborah Servili
fb5eb32a0e managing duplicate 2017-05-03 15:01:20 +02:00
Déborah Servili
8b10e3aaee managing duplicate 2017-05-03 14:24:53 +02:00
Déborah Servili
24c6c51e4d reformat ransomware galaxy - including http://pastebin.com/raw/GHgpWjar 2017-05-02 14:16:21 +02:00
Déborah Servili
82f4a633c0 reformat ransomware galaxy 2017-05-02 10:00:00 +02:00
35b94437e8 REDLEAVES malware added 2017-04-28 08:32:34 +02:00
Déborah Servili
c08cc781f5 update tools 2017-04-26 12:23:57 +02:00
3e4973f688 Feodo added 2017-04-25 19:56:06 +02:00
Déborah Servili
6267681362 add Cardinal RAT 2017-04-24 16:04:52 +02:00
07c82e15a5 FlexiSpy 2017-04-23 23:05:12 +02:00
52edcb1929 shadow broker leak of NSA tools from https://github.com/misterch0c/shadowbroker 2017-04-15 21:22:32 +02:00
6149740cd4 First batch of shadow broker leak (NSA name of exploit and tools) from
https://github.com/misterch0c/shadowbroker
2017-04-15 19:40:54 +02:00
3595d04b35 jq all 2017-04-14 16:28:43 +02:00
fa49ca127c Merge pull request #40 from Kafeine/master
Updated.
2017-04-14 16:27:15 +02:00
Déborah Servili
7163e8c58c add synonyms for Da Vinci RCS 2017-04-14 15:51:39 +02:00
Déborah Servili
531595c944 ##comma## 2017-04-14 14:52:23 +02:00
Déborah Servili
54512eb840 Add some tools/threat actor 2017-04-14 14:48:39 +02:00
Kafeine
9e5db0be8c fix 2017-04-14 13:47:16 +01:00
Kafeine
321044cdac Update Terror 2017-04-14 13:46:59 +01:00
Kafeine
777fc1cde3 Updated
Blaze <-> Terror - Updated Sundown and Nebula status
2017-04-14 13:44:03 +01:00
Déborah Servili
9412519502 correct copypasta mistake 2017-04-12 16:11:57 +02:00
Déborah Servili
bbc2b79a5e add tools from https://www.fireeye.com/blog/threat-research/2017/04/apt10_menupass_grou.html 2017-04-12 16:07:48 +02:00
Déborah Servili
8a645f42c9 update tool 2017-04-11 16:06:27 +02:00
Déborah Servili
7b5aaaeff2 json fix 2017-04-11 14:18:29 +02:00
Déborah Servili
eee2c6d6b5 update tool's galaxy using http://contagiodump.blogspot.lu/2013/03/mandiant-apt1-samples-categorized-by.html 2017-04-11 14:09:44 +02:00
bbf6716c73 Longhorn (CIA) added 2017-04-10 20:22:57 +02:00
ab5b73a3cd Sathurbot added 2017-04-06 20:49:53 +02:00
8c09223477 The product from NSO Group Technologies added to the list of tools.
The Pegasus name is used as synonym of Chrysaor ;-)
2017-04-04 20:42:08 +02:00
0578d7b7b1 The mysterious ZIRCONIUM activity group added 2017-04-03 19:44:36 +02:00
nyx0
78cdb10aae Add new Sednit name according to https://www.secureworks.com/research/iron-twilight-supports-active-measures 2017-03-31 09:28:50 -04:00
b3f1069686 Trochilus and MoonWind RATs added 2017-03-30 15:01:23 +02:00
f0e42a1818 KHRAT added 2017-03-29 16:37:31 +02:00
chrisdoman
dbf989c742 Added descriptions and reference to threat-actor json 2017-03-22 12:52:05 +00:00
Raphaël Vinot
1ed0558c07 Merge branch 'master' into master 2017-03-16 17:38:59 +01:00
Raphaël Vinot
e1b5701351 JQ all the things 2017-03-16 17:31:43 +01:00
Raphaël Vinot
0d8d265319 Fix typo. 2017-03-16 17:27:17 +01:00
CERT-Bund
4112a041f7 Added groups, joined groups, added synonyms (see extended description)
Added: HammerPanda, Barium, Infy, Sima, Groundbait
Joined: StrongPity and Promethium
Synonyms: Lead as Winnti, Moonlight as MoleRats, FalloutTeam as DarkHotel, DustStorm as StonePanda, Skipper and Popeye as Pacifier
2017-03-16 17:02:55 +01:00
71ad9099c4 IMEIJ added 2017-03-13 13:59:46 +01:00
Kafeine
73a82418df Empire status, Nebula, Blaze/Terror 2017-03-02 21:29:19 +00:00
e002e62204 missing \n at the end of the file 2017-03-01 14:55:45 +01:00
Chris Doman
9e5c983a65 Ran jq 2017-03-01 13:24:00 +00:00
Chris Doman
e934f88b3b Added references
Mostly added references to existing groups
Capitalised DarkHotel, put a space in APT30 default name (the others
had that)
2017-03-01 12:53:52 +00:00
a224c7ce5e add: Gamaredon Group added 2017-02-28 09:17:33 +01:00
Christophe Vandeplas
048b831f53 minor correction 2017-02-27 11:00:48 +01:00
Thanat0s
07cc13feb8 remove duplicate of ratdecode import 2017-02-27 00:38:39 +01:00
Thanat0s
9eb2d097f2 add a bunch of rat from ratdecoder list 2017-02-27 00:23:56 +01:00
Thanat0s
849ca3ebbc Pimp Epic turla 2017-02-26 23:38:50 +01:00
Thanat0s
f1ea577e95 pimp and agreggate turla 2017-02-26 23:24:51 +01:00
Thanat0s
3774f05237 Somes alias fetch from : https://attack.mitre.org/wiki/Groups 2017-02-26 23:07:42 +01:00
Thanat0s
2d658a6577 pimp comrat 2017-02-26 22:53:51 +01:00
Thanat0s
b865342f2e pimp xneteagle 2017-02-26 22:47:16 +01:00
Thanat0s
f4584f3900 pimp xscontrol 2017-02-26 22:41:51 +01:00
Thanat0s
b400edbe9b Update Xagent from aptnote Bitdefender-Whitepaper-APT-Mac-A4-en-EN-web(02-23-2017) 2017-02-26 20:40:44 +01:00
Thanat0s
51eee31c21 Pimp lecna/Backspace 2017-02-26 20:16:59 +01:00
Thanat0s
0d0ba42f15 Pimp lecna/Backspace 2017-02-26 20:16:46 +01:00
Thanat0s
cdc80e5596 Pimp RarStone 2017-02-26 20:02:34 +01:00
Thanat0s
ca68abc0e8 Pimp Pirpi. Hard to say:) 2017-02-26 19:56:17 +01:00
Thanat0s
6e78746a6c pimp webc2 2017-02-26 19:37:10 +01:00
Thanat0s
0775bfce62 pimp winnti 2017-02-26 19:26:21 +01:00
Thanat0s
8de827977c Pimp nettraveler 2017-02-26 19:21:41 +01:00
Thanat0s
7d62d8c3e7 cleanup zeus duplicate in alias and name 2017-02-26 17:08:43 +01:00
Thanat0s
93df12be35 update apt28 tools 2017-02-26 17:06:19 +01:00
Thanat0s
afe682cf3f Remove duplicate AlienSpy 2017-02-26 16:52:59 +01:00
Thanat0s
47903f8394 add info to the famous mimikatz 2017-02-25 02:28:43 +01:00
Thanat0s
d4e3a08995 add moudor info 2017-02-25 02:22:30 +01:00
Thanat0s
3d79a82bf5 Add Tinba banking 2017-02-25 02:08:51 +01:00
Thanat0s
7eb98609a3 udpate trojan.main 2017-02-25 01:42:33 +01:00
Thanat0s
59b5ed6c1b update evilgrab 2017-02-25 01:30:10 +01:00
Thanat0s
724e836ae9 remove coreshell duplicate 2017-02-25 01:18:03 +01:00
Thanat0s
e98de5cb5e add derusbi 2017-02-25 01:12:42 +01:00
Thanat0s
bce60b0318 merge IEchecker et sasfi 2017-02-25 01:06:19 +01:00
Thanat0s
50d2b1c871 go for caro, add hi-zor 2017-02-25 00:42:44 +01:00
Thanat0s
d502d5b5bf fix side victims of schemaupdate 2017-02-24 23:46:44 +01:00
Thanat0s
a29a5afbe8 update 2 array 2017-02-24 23:36:45 +01:00
Thanat0s
7265af6612 go 4 string 2017-02-24 16:24:59 +01:00
Thanat0s
b124d8a08d Follow the format 2017-02-24 15:52:08 +01:00
Thanat0s
8240e5f661 json typo 2017-02-24 14:05:57 +01:00
Thanat0s
8c2c47810e Locky removed > ransomware 2017-02-24 14:00:42 +01:00
Thanat0s
c1848b1a3a json issue 2017-02-24 13:59:14 +01:00
Thanat0s
f496c34fda generic plugx names 2017-02-24 13:57:33 +01:00
Thanat0s
bb088f97d1 Update 2017-02-24 13:56:33 +01:00
Thanat0s
0513668fcf Remove JOYRat -> team -> https://www.crowdstrike.com/blog/whois-numbered-panda/ 2017-02-24 13:46:12 +01:00
Thanat0s
796382d4ab Remove Lstudio (group using elise) , add info to PWOBOT 2017-02-24 13:39:53 +01:00
Thanat0s
c6ac4d847c Remove EK and Ransomwares 2017-02-24 13:25:38 +01:00
Thanat0s
b75e9cf59d Gutemberg on first 10 2017-02-23 10:14:18 +01:00
644e429110 PupyRAT added 2017-02-20 17:34:55 +01:00
Raphaël Vinot
7db66e05dd Strict schema, update clusters accordingly 2017-02-14 11:34:59 +01:00
Raphaël Vinot
910398fe76 Fix validation, remove duplicate. 2017-02-13 18:52:54 +01:00
6fb89a644f Merge branch 'master' of github.com:MISP/misp-galaxy 2017-02-10 10:10:00 +01:00
5442a262ab StreamEX added 2017-02-10 10:09:37 +01:00
87296fe95c Merge pull request #29 from Delta-Sierra/master
add Erebus ransomware
2017-02-09 09:20:58 +01:00
Déborah Servili
8817d4869d add Erebus ransomware 2017-02-09 08:46:21 +01:00
Kafeine
a9b9b6f6e1 +Pangimop, alias Microsoft for magnitude 2017-02-06 19:31:21 +00:00
Kafeine
286820f19a Fix 2017-02-06 19:29:55 +00:00
Kafeine
f557f9c0c0 +Derbit alias for Sundown 2017-02-06 19:28:06 +00:00
f3f5b3b3ac Merge pull request #28 from Kafeine/master
Added Microsoft Naming
2017-02-05 18:03:16 +01:00
Kafeine
645c2e527e Indent 2017-02-05 16:58:56 +00:00
root
06da6ce154 Added Microsoft Naming 2017-02-05 17:52:57 +01:00
30d9233db6 ZeroT added 2017-02-03 22:26:40 +01:00
762ee63bf7 Merge branch 'master' of github.com:MISP/misp-galaxy 2017-01-31 09:21:32 +01:00
92bb392653 Flokibot added 2017-01-31 09:21:19 +01:00
Déborah Servili
d6cab37977 change author name to 'Various' 2017-01-31 09:11:26 +01:00
Déborah Servili
da331d6ca6 add ransomware galaxy 2017-01-30 15:45:20 +01:00
cgi
af16b7c6a1 Adding Zeus to tools 2017-01-26 11:23:37 +01:00
d09b25f2a0 fix: BARIUM and LEAD added 2017-01-25 19:58:50 +01:00
abca7a02d0 Greenbug added 2017-01-23 16:20:09 +01:00
8ed7374028 Tavdig was missing 2017-01-20 15:31:25 +01:00
8987006c5d LuminosityLink RAT added 2017-01-19 14:16:55 +01:00
44cc53d956 EyePyramid added 2017-01-19 08:30:46 +01:00
7a97b1bcb2 Merge branch 'master' of github.com:MISP/misp-galaxy 2017-01-17 20:56:36 +01:00
18153f3151 GhostAdmin added 2017-01-17 20:55:27 +01:00
Déborah Servili
edea2d25ee add APT28's tools 2017-01-16 12:08:20 +01:00
19406277d4
Equation Group added 2017-01-13 08:23:03 +01:00
7ede54c76c "the shoemaker's son always goes barefoot" Regin added 2017-01-13 08:18:41 +01:00
233562ddc4 Merge pull request #17 from Delta-Sierra/master
begin preventive-measure galaxy
2017-01-12 14:32:11 +01:00
Déborah Servili
8c740065c0 complete preventive-measure 2017-01-12 11:48:10 +01:00
a42d4c4f4f Shamoon added 2017-01-11 22:46:04 +01:00
Déborah Servili
733f065851 begin preventive-measure galaxy 2017-01-11 16:14:45 +01:00
649c043ad2
Import manually cert-eu contribution
- Fix the meta attributes (like the motive field ) to be within meta and not
   outside
 - Remove some "null" values that seems to come from previous tests
 - Pretty-print the Javascript (better for diffing)
2017-01-09 23:07:57 +01:00
bb47f52d24
MM Core added 2017-01-08 11:23:01 +01:00
5e5a6119f5 Shiz Trojan + Shifu 2017-01-07 14:48:45 +01:00
fd030a4314 GeminiDuke added 2017-01-06 22:35:50 +01:00
a6cb478a3b Separate APT30 from Naikon group 2017-01-06 22:26:53 +01:00
ea9ebaf5d6 PassCV group added 2017-01-06 13:51:22 +01:00
c3364add3c Cadelle and Chafer groups added 2017-01-06 13:25:30 +01:00
root
45c7f28afd TDS Cluster: EOF 2017-01-05 16:03:04 +01:00
root
7094d30926 EK and TDS clusters : several minor fixes 2017-01-05 14:53:56 +01:00
root
9128289bc5 EK and TDS clusters : Removed empty entries 2017-01-05 14:41:57 +01:00
root
7df3b0b7b6 TDS Cluster: json fix 2017-01-05 14:34:27 +01:00
root
d2dc4e8182 EK Cluster : several fixes 2017-01-05 14:28:01 +01:00
root
9efa19fa47 EK Cluster typo fix 2017-01-05 14:20:42 +01:00
root
5dbcac9c30 EK Cluster update 2017-01-05 14:18:14 +01:00
root
9517f26120 Mwi added 2017-01-05 14:12:30 +01:00
root
8389a3e1f3 Init 2017-01-05 14:07:14 +01:00
8280512e5b Various updates including the addition of Chthonic Banking Trojan 2017-01-04 11:03:39 +01:00
c38f62ae12 Packrat added 2016-12-30 12:47:47 +01:00
120b2581cf DownRage added 2016-12-30 11:39:23 +01:00
0418340c21 Java RAT updated 2016-12-27 17:59:30 +01:00
86e2545b08 Merge branch 'master' of github.com:MISP/misp-galaxy 2016-12-23 13:47:16 +01:00
a368cda3bd Seaduke added 2016-12-23 13:46:53 +01:00
Déborah Servili
f03252a555 ##comma## 2016-12-22 14:13:46 +01:00
Déborah Servili
136ed05521 Add microsoft-activity-group cluster 2016-12-22 11:01:15 +01:00
d37db31a75 Operation Iron Tiger added as synonym 2016-12-17 09:51:13 +01:00
3deb47a9c8 Molerats, PROMETHIUM and NEODYMIUM added 2016-12-17 09:40:47 +01:00
55f21451cc BlackEnergy malware family added 2016-12-17 09:26:42 +01:00
ff17ac998e TeleBots group added 2016-12-13 19:37:30 +01:00
3a657ace36 TERBIUM added 2016-12-13 09:11:16 +01:00
d5c3312240 Mirai and BASHLITE added 2016-12-10 12:08:09 +01:00
Iglocska
65b83f7305 Added missing file 2016-12-07 07:53:24 +01:00
Iglocska
c890a48e15 fix: Naming normalisation 2016-12-07 07:51:27 +01:00
d834ec1f52 Singular everywhere 2016-12-04 17:37:29 +01:00
f044004924 Singular everywhere 2016-12-04 17:37:06 +01:00
211f03a1ab Structure ready for MISP 2.4.56 2016-11-30 14:46:31 +01:00
734eb1c51d Fixed to merge PR #11 2016-11-29 10:58:36 +01:00
7f02f62c57 meta added as required by MISP 2.4.56 2016-11-28 12:51:55 +01:00
e7cef8bf14 Add a source field for the clusters (required for MISP 2.4.56) 2016-11-27 16:41:45 +01:00
Christophe Vandeplas
b68f9fe17e Metushy, Uroburos, Pfinet synonyms added 2016-11-23 14:39:42 +01:00
f0678ac63a Yahoyah added 2016-11-23 10:19:17 +01:00
4c657eecac Tropic Trooper added 2016-11-23 10:13:07 +01:00
b38799044d KeyBoy malware added 2016-11-21 09:21:55 +01:00
Christophe Vandeplas
b97e73b7d3 added Callisto 2016-11-16 10:36:49 +01:00
Christophe Vandeplas
ea0f727aac removed duplicates 2016-11-16 10:36:36 +01:00
Christophe Vandeplas
002728de4c Added Rocket Kitten 2016-11-10 11:16:42 +01:00
cf6a8c5b2e Description added for Volatile Cedar 2016-11-07 16:18:02 +01:00
1b92f13c93 Explosive malware added 2016-11-07 16:17:09 +01:00
0363dc607b Volatile Cedar added 2016-11-07 16:15:21 +01:00
e885463592 OilRig added 2016-11-07 16:10:04 +01:00
Iglocska
dbed3ac17d Merge branch 'master' of https://github.com/MISP/misp-galaxy 2016-11-07 03:35:18 +01:00
Iglocska
556908bfd6 Some small fixes
- more uniform pluralisation
- Added display name fields
2016-11-07 03:34:40 +01:00
1e9e44c89d Empire post-exploitation tool added 2016-11-06 10:51:28 +01:00
48a62339e8 Threat actors simplified (no more groups) it's already in the value
field
2016-10-31 11:44:19 +01:00
Iglocska
b6e1c478a7 Some small fixes 2016-10-31 09:39:17 +01:00
Iglocska
90e19ecbac Some small changes 2016-10-31 09:33:41 +01:00
Iglocska
bd23721e0a Moving things around 2016-10-30 16:58:37 +01:00