MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-23 15:27:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
2857 commits 6 branches 47 tags 93 MiB
Commit graph

1918 commits

Author SHA1 Message Date
Alexandre Dulaunoy
847d3e8fa7
chg: [ransomware] duplicate removed 2021-04-26 12:01:01 +02:00
Alexandre Dulaunoy
f3992ec5f1
chg: [ransomware] duplicates removed 2021-04-26 11:57:21 +02:00
Alexandre Dulaunoy
f2703bd03e
chg: [ransomware] Flyper removed 2021-04-26 11:52:28 +02:00
Delta-Sierra
3cae487e3d fix duplicates and add relations 2021-04-26 11:25:39 +02:00
Rony
faed812fc9 Merged STALKER PANDA to Tick 2021-04-25 19:12:20 +05:30
Rony
89b9c0c32c several updates to apt27 2021-04-25 16:53:36 +05:30
Delta-Sierra
0a05621f82 Merge https://github.com/MISP/misp-galaxy 2021-04-19 15:48:58 +02:00
Delta-Sierra
b138354fa5 Removing duplicate 2021-04-19 15:42:49 +02:00
Alexandre Dulaunoy
28f6475cc5
chg: [ransomware] first duplicate removed 2021-04-19 15:13:18 +02:00
Alexandre Dulaunoy
e7061f90d9
chg: [ransomware] remove duplicate "File-Locker" 2021-04-19 15:08:06 +02:00
Alexandre Dulaunoy
ab13dd00f8
Merge pull request #645 from Delta-Sierra/master 
Adding ransomware names [WIP 2/3]
 2021-04-19 15:03:12 +02:00
Delta-Sierra
f5713a8d87 Removing unexpected line 2021-04-19 14:53:36 +02:00
Delta-Sierra
b7b4b356c3 Adding ransomware names [WIP 3] 2021-04-19 14:47:10 +02:00
Delta-Sierra
fdf1a6c112 Adding ransomware names [WIP 2] 2021-04-19 13:24:25 +02:00
Daniel Plohmann
6eb594a6b0
adding Yanbian Gang as threat actor 2021-04-16 15:12:45 +02:00
Delta-Sierra
f3456a89c5 fix version 2021-04-15 15:08:11 +02:00
Delta-Sierra
4bcd0492bd Adding ransomwares WIP 2021-04-15 15:07:52 +02:00
Daniel Plohmann
2d8e9ea364
Symantec uses Palmerworm as alias for BlackTech 
Adding Palmerworm as Symantec alias for BlackTech (with reference).
 2021-03-31 22:35:12 +02:00
Thomas Dupuy
a8c62ddeda Add Ghostwriter. 2021-03-31 09:42:40 -04:00
Rony
50f5d2ae4a
reverted changes made into 52ae97718d 2021-03-30 22:19:05 +05:30
sebdraven
ce8a9442eb validation jsons 2021-03-30 13:12:21 +00:00
Sebdraven
52ae97718d Update threat-actor.json 
add a synonym to Haffnium
 2021-03-30 15:11:09 +02:00
sebdraven
b082977b9f validation ok 2021-03-30 10:22:35 +00:00
Sebdraven
4ed4cebcee Update threat-actor.json 
format json
 2021-03-30 12:16:22 +02:00
Sebdraven
a62e3ba530 Update threat-actor.json 
add redecho threat actor
 2021-03-30 12:10:50 +02:00
Jakub Onderka
ca9608da6d fix: Cryptominers type 2021-03-27 22:07:33 +01:00
Alexandre Dulaunoy
26b9740e55
chg: [malpedia] jq all the file and removed ref duplicates 2021-03-13 11:00:39 +01:00
Jakob M
f02ce7e805 update to latest 
Ref: https://malpedia.caad.fkie.fraunhofer.de/api/get/misp
 2021-03-12 10:35:12 +01:00
Delta-Sierra
eff327b4fd fix progress 2021-03-11 14:42:55 +01:00
Delta-Sierra
7c843ac5c2 fix merge & jq 2021-03-11 14:08:29 +01:00
Delta-Sierra
c37befc8a9 merge 2021-03-11 10:35:05 +01:00
Alexandre Dulaunoy
855a12a408
chg: [clusters] fixing broken UUID fix #628 2021-03-11 09:54:50 +01:00
Alexandre Dulaunoy
f6ed00233e
chg: [ransomware] fix the broken UUID fix #628 2021-03-11 09:52:25 +01:00
Rony
57c7d0b9a0
From Nextron 2021-03-06 19:44:32 +05:30
Rony
6cabbfb091
more! 2021-03-06 14:22:29 +05:30
Rony
7b242555df
More references 
From 
Crowdstrike
MSRC
and kql hunting query from James Quinn
 2021-03-06 13:28:14 +05:30
Rony
eaab88ef28
add HAFNIUM detection refs 2021-03-05 16:51:28 +05:30
Rony
4bc438a325
fix 2021-03-05 11:48:43 +05:30
Rony
d9b299aafc
add more HAFNIUM references 2021-03-05 11:42:04 +05:30
Rony
c9f7afef1c
Adding alias NOBELIUM 2021-03-04 22:39:33 +05:30
Alexandre Dulaunoy
47dade9d0e
Merge pull request #631 from r0ny123/Enhancement 
Add HAFNIUM
 2021-03-04 14:48:01 +01:00
Alexandre Dulaunoy
a9a6b0253f
chg: [microsoft activity group] HAFNIUM added 2021-03-04 10:49:58 +01:00
Rony
ad795606cf
added HAFNIUM 
Updates:
Tonto Team
UNC2452
 2021-03-04 00:10:33 +05:30
Sebdraven
2666341afc Update threat-actor.json 
update Sidewinder card
 2021-03-03 17:59:25 +01:00
Thomas Dupuy
f842694fda Update Infy TA. 2021-03-02 14:37:01 -05:00
Alexandre Dulaunoy
524676282e
Merge branch 'main' of github.com:MISP/misp-galaxy into main 2021-02-26 08:30:58 +01:00
Alexandre Dulaunoy
4692ced8fa
chg: [tool] SUNSPOT added 2021-02-26 08:28:01 +01:00
Delta-Sierra
0e23d8b95f add relationships between Maze, Rgnar, Egregor and Sekhmet 2021-02-25 10:21:28 +01:00
Delta-Sierra
406dfdb45b add Sekhmet ransomware 2021-02-25 09:52:52 +01:00
Delta-Sierra
d273a5da7d add TeamTNT ref 2021-02-25 09:52:24 +01:00
Rony
5c6f3a036b
removing DePrimon 
DePrimon is not a TA, added malfamily (waiting for approval) to Malpedia to better reflect that.
 2021-02-24 21:55:04 +05:30
Thomas Dupuy
eeafff9768 Add RDAT backdoor 2021-02-23 11:15:31 -05:00
Delta-Sierra
eb07fab69f add Ragnar Locker and update accordingly 2021-02-23 16:21:07 +01:00
Delta-Sierra
06ae10965b add Covidloc and tycoon ransomware + small updates on some ransomwares 2021-02-22 16:39:47 +01:00
Delta-Sierra
7c1ac58141 add TeamTNT 2021-02-22 16:38:18 +01:00
Thijsvanede
e9eb0c7a6c
Fix: rename "Innitial Access" to "Initial Access" 
Renamed mitre-ics-tactics "Innitial Access" to "Initial Access".
Original was a minor spelling mistake.
The fixed naming corresponds to the original ATT&CK framework description https://collaborate.mitre.org/attackics/index.php/Initial_Access
 2021-02-19 12:01:47 +01:00
Thomas Dupuy
178e16dc13 Remove empty values. 2021-02-16 10:32:37 -05:00
Thomas Dupuy
4a7560d191 Add Exaramel and P.A.S. webshell tool. 2021-02-15 12:52:53 -05:00
Thomas Dupuy
93396c524d Add Caterpillar WebShell. 2021-02-12 12:00:17 -05:00
Delta-Sierra
96bf0d44ea Merge https://github.com/MISP/misp-galaxy 2021-02-09 14:52:58 +01:00
Daniel Plohmann
d61e7d2fac
adding ClearSky alias for Volatile Cedar 
adding ClearSky report as source and alias to the VolatileCedar entry. As proof from the report: "We attributed the operation to Lebanese Cedar (also known as Volatile Cedar), mainly based on the code overlaps between the 2015 variants of Explosive RAT and Caterpillar WebShell, to the 2020 variants of these malicious  files."
 2021-01-29 10:39:18 +01:00
Koen Van Impe
87b22f363c Move cfr-type-of-incident to meta 2021-01-28 12:25:39 +01:00
Koen Van Impe
23778666ba RSIT Galaxy/Cluster 2021-01-28 10:03:12 +01:00
StefanKelm
fb35646406
Update threat-actor.json 
Lazarus
 2021-01-26 14:38:37 +01:00
Thomas Dupuy
f964514ec5 Add HyperBro in tools 2021-01-20 13:44:28 -05:00
Thomas Dupuy
9df95031a7 Update ZxShell tool. 2021-01-20 13:27:51 -05:00
StefanKelm
a131a7ce98
Update threat-actor.json 
Lazarus
 2021-01-20 17:43:18 +01:00
Alexandre Dulaunoy
3c19c7c1e5
Merge pull request #617 from danielplohmann/patch-4 
merge COVELLITE into Lazarus Group
 2021-01-17 16:05:13 +01:00
Daniel Plohmann
ca66fcd93a
merge COVELLITE into Lazarus Group 
I would propose to move COVELLITE as tracked by Dragos as an alias into Lazarus Group and merge the references. 
Dragos' own description states that it refers to the same group as "Lazarus" and "Hidden Cobra" in that infrastructure and tools are the same: https://www.dragos.com/threat-activity-groups/ - the entry in MISP's threat actor library also reflects that.
 2021-01-17 15:07:26 +01:00
Rony
91e87cf82c
Update threat-actor.json 
Don't know how StarCraft
 2021-01-17 12:21:34 +05:30
Daniel Plohmann
edcc3c0bc1
merging ScarCruft->APT37 
I would like to propose merging entry "ScarCruft" into "APT37". It really just seems like a redundancy, as both its aliases "Operation Daybreak" and "Operation Erebus" are already present for "APT37", along alias "StarCruft", which just seems to be a less popular variation of the name ("StarCruft" 3.2k google hits vs "ScarCruft" 31.5k google hits). The references of the entry can be fully merged as well - they do not overlap so far.
 2021-01-15 18:52:49 +01:00
Delta-Sierra
a6f7795952 fix merge 2021-01-12 10:38:33 +01:00
Alexandre Dulaunoy
2b356a9eb0
chg: [threat-actor] UNC2452/DarkHalo added - ref. #614 2021-01-12 07:01:36 +01:00
Alexandre Dulaunoy
184d57f0a2
chg: [ransomware] Babuk Ransomware added 2021-01-05 19:11:28 +01:00
Alexandre Dulaunoy
4454b58743
chg: [ransomware] RegretLocker added 2020-12-30 14:14:09 +01:00
Rony
3240aa819f
Update threat-actor.json 2020-12-14 11:54:41 +05:30
Rony
2ffb77b35b
BISMUTH 2020-12-14 10:41:15 +05:30
Delta-Sierra
31f96513b2 update sidewinder threat actor 2020-12-11 16:09:33 +01:00
Alexandre Dulaunoy
ac86ebd5f6
Merge pull request #609 from StefanKelm/master 
Update threat-actor.json
 2020-12-09 22:16:49 +01:00
Delta-Sierra
ebd31b7376 add BazarBackdoor 2020-12-09 16:42:32 +01:00
Delta-Sierra
d3a9cf742a add RansomEXX 2020-12-09 16:32:02 +01:00
Delta-Sierra
3daaa30aed Merge https://github.com/MISP/misp-galaxy 2020-12-07 16:20:36 +01:00
StefanKelm
5dc92995f6
Update threat-actor.json 
DeathStalker, Mabna
 2020-12-04 11:43:06 +01:00
StefanKelm
4fee985b5e
Update threat-actor.json 
Turla
 2020-12-03 13:05:14 +01:00
StefanKelm
72e085aba9
Update threat-actor.json 
OceanLotus
 2020-12-02 11:44:29 +01:00
StefanKelm
15b5f4c881
Update threat-actor.json 
APT27
 2020-11-30 11:49:23 +01:00
Delta-Sierra
e81d3c63d5 Merge https://github.com/MISP/misp-galaxy 2020-11-27 12:47:20 +01:00
Christophe Vandeplas
9a731470d3 chg: [att&ck] update to latest MITRE ATT&CK version 2020-11-25 07:45:48 +01:00
StefanKelm
da910c0c2e
Update threat-actor.json 2020-11-18 19:15:11 +01:00
Delta-Sierra
7af75bb222 add Darkside ransomware 2020-11-18 16:10:49 +01:00
StefanKelm
48ffaa8ce1
Update threat-actor.json 
Lazarus
 2020-11-18 12:10:23 +01:00
snurilov
44e9da1390
Add ConfuserEx and Beds Protector .NET packers to tools.json cluster 
Add ConfuserEx and Beds Protector .NET packers to tools.json cluster
 2020-11-11 23:09:03 -05:00
snurilov
3f4683d8a3
Update rat.json to include Iperius Remote 
Add Iperius Remote to the rat.json cluster.
 2020-11-09 23:45:16 -05:00
StefanKelm
bf5bdeacb0
Update threat-actor.json 
OceanLotus
 2020-11-09 14:39:55 +01:00
StefanKelm
41a7a36317
Update threat-actor.json 
Kimsuky
 2020-11-02 17:30:25 +01:00
Rony
333e55fbeb
remove duplicate! 2020-11-02 14:18:49 +05:30
Rony
000cfa68a8
Update threat-actor.json 
Added TRACER KITTEN, FIN11, UNC1878, Operation Skeleton Key
 2020-11-02 13:51:08 +05:30
Deborah Servili
28784683db
Merge branch 'main' into master 2020-10-30 16:17:27 +01:00
Delta-Sierra
88bbf8851c jq 2020-10-30 16:14:02 +01:00
Delta-Sierra
be672b8d3a update microsoft activity groups 2020-10-30 14:53:20 +01:00
Alexandre Dulaunoy
5d31753e6a
chg: [cryptominer] updated 2020-10-30 09:48:08 +01:00
Alexandre Dulaunoy
24f05749f0
Merge branch 'master' of https://github.com/enhanced/misp-galaxy into enhanced-master 2020-10-30 09:47:45 +01:00
JJ Cummings
c48a38c2f1
Added a new cryptominer galaxy and additional missing recent families to various clusters 2020-10-29 14:40:22 -06:00
StefanKelm
808c2c3828
Update threat-actor.json 
Kimsuky
 2020-10-28 12:52:06 +01:00
Alexandre Dulaunoy
b41e3d4f50
chg: [rename] tea matrix 2020-10-23 15:57:13 +02:00
Alexandre Dulaunoy
e5ea22a3b0
chg: [tea] matrix updated to include brewing time and the milk attack technique 2020-10-23 11:51:50 +02:00
Alexandre Dulaunoy
0ccbdb862b
chg: [tea] first version 2020-10-23 11:16:50 +02:00
Christophe Vandeplas
2334676e64 chg: [att&ck] no tag for subtechnique 2020-10-18 20:14:05 +02:00
Christophe Vandeplas
d58dd1fca2 new: [att&ck] support for subtechniques 2020-10-18 20:00:48 +02:00
Daniel Plohmann
02bcf1f5a7
adding PowerPool alias IAmTheKing (Kaspersky) 
after a quick search I haven't found a nice source except for costin's tweet.
 2020-10-09 13:49:16 +02:00
StefanKelm
7bab41e367
Update threat-actor.json 
TA505
 2020-10-06 15:29:54 +02:00
StefanKelm
1d05f17507
Update threat-actor.json 
XDSpy
 2020-10-06 12:45:43 +02:00
Christophe Vandeplas
32b142c8e0 fixes issues in attack-ics 2020-10-02 16:54:21 +02:00
Christophe Vandeplas
f95e88b1f9 MITRE ATT&CK for ICS fixes #586 
fixed issues in pull request #586
 2020-10-01 20:42:40 +02:00
StefanKelm
18eebc01f6
Lazarus 2020-09-29 12:02:16 +02:00
Bart
2b51f7b6de
Update threat-actor.json 
Add Machete alias
 2020-09-27 18:37:24 +02:00
StefanKelm
e95fbb571d
Update threat-actor.json 
GADOLINIUM
 2020-09-25 11:52:34 +02:00
StefanKelm
3ad3d5f318
Update threat-actor.json 
APT28
 2020-09-22 18:07:33 +02:00
Deborah Servili
d48216031a
add Sepulcher RAT 2020-09-22 16:23:39 +02:00
Deborah Servili
4f3b6945c0 Merge https://github.com/MISP/misp-galaxy 2020-09-22 12:17:42 +02:00
Rony
d1c70b3d80
FBI FLASH AC-000133-TT 2020-09-17 11:05:00 +05:30
Rony
4d4a462d7a
Update threat-actor.json 
Adding Fox-Kitten and cleaned (or improved) winnti
 2020-09-17 00:07:40 +05:30
Deborah Servili
0fe525a9db Merge https://github.com/MISP/misp-galaxy 2020-09-16 10:22:38 +02:00
Deborah Servili
00b5d0d116 add refs 2020-09-16 10:08:31 +02:00
Daniel Plohmann (jupiter)
7b00674c77 Adding TA413 and Evilnum 2020-09-15 14:19:22 +02:00
StefanKelm
63030f2cfe
Update threat-actor.json 
APT33
 2020-09-14 12:01:53 +02:00
StefanKelm
3cc3cc461a
Update threat-actor.json 
STRONTIUM
 2020-09-11 11:38:06 +02:00
Raphaël Vinot
405d5f1fe9 fix: Sort keys, fix tests 2020-09-08 10:51:24 +02:00
Alexandre Dulaunoy
9e519962c6
chg: [botnet] Katura mess added 2020-09-07 12:41:39 +02:00
StefanKelm
57a31fd60c
Update threat-actor.json 
Lazarus, FIN7
 2020-09-03 14:44:10 +02:00
StefanKelm
503d421a56
Update threat-actor.json 
TA542
 2020-08-31 15:07:13 +02:00
VVX7
4635146b00 chg: [dev] jq 2020-08-22 13:06:42 -04:00
VVX7
1cddf4b7cd new: [dev] fix empty strings, lists 2020-08-22 12:59:05 -04:00
VVX7
b4c3ffc8eb new: [dev] add ASPI's China Defence University Tracker. 
Thanks to Cormac Doherty for writing the web scraper! To update the galaxy run the included gen_defence_university.py script.

"The China Defence Universities Tracker is a database of Chinese institutions engaged in military or security-related science and technology research. It was created by ASPI’s International Cyber Policy Centre.

It includes entries on nearly 100 civilian universities, 50 People’s Liberation Army institutions, China’s nuclear weapons program, three Ministry of State Security institutions, four Ministry of Public Security universities, and 12 state-owned defence industry conglomerates.

The Tracker is a tool to inform universities, governments and scholars as they engage with the entities from the People’s Republic of China. It aims to build understanding of the expansion of military-civil fusion—the Chinese government’s policy of integrating military and civilian efforts—into the education sector.

The Tracker should be used to inform due diligence of Chinese institutions. However, the fact that an institution is not included here does not indicate that it should not raise risks or is not involved in defence research. Similarly, entries in the database may not reflect the full range and nature of an institution’s defence and security links." - ASPI (https://unitracker.aspi.org.au/about/)
 2020-08-21 11:24:22 -04:00
rmkml
e02ac52566 add Conti Ransomware 2020-08-15 22:10:49 +02:00
Thomas Dupuy
4009ef9997 Fix: remove comma 2020-08-14 13:01:37 -04:00
Thomas Dupuy
d0c6b7b46d Update Tonto Team/CactusPete threat actor 2020-08-13 15:57:33 -04:00
Thomas Dupuy
72554ed71c Add Drovorub tool 2020-08-13 15:08:32 -04:00
Thomas Dupuy
4130d7c6fc Update TA APT40 2020-08-13 12:22:36 -04:00
Daniel Plohmann
8407b6fd28
Update threat-actor.json 
adding Kaspersky's name for Microcin.
 2020-08-12 12:03:28 +02:00
Thomas Dupuy
9cadabba7a Add WellMess and WellMail 2020-08-11 12:37:28 -04:00
rmkml
6d10e3a37d add Ragnarok Ransomware 2020-08-02 20:46:32 +02:00
Vasileios Mavroeidis
40d12b9dde
Motive correction based on the EU Cert motive taxonomy 
Changed the motive in object 29af2812-f7fb-4edb-8cc4-86d0d9e3644b from Hactivism-Nationalist to Hacktivists-Nationalists
 2020-07-28 11:43:46 +02:00
Alexandre Dulaunoy
44afaf2523
chg: [threat-actor] remove duplicate references 2020-07-27 09:57:41 +02:00
StefanKelm
86c54cbd8c
Update threat-actor.json 
OilRig
 2020-07-23 11:07:22 +02:00
Raphaël Vinot
c174f613c5 fix: Name of SoD Matrix cluster to match galaxy. 
Fix #566
 2020-07-22 11:52:27 +02:00
Steve Clement
df6bed3d3a
Merge pull request #563 from r0ny123/patch-1 2020-07-22 09:14:13 +09:00
StefanKelm
17a1feb016
Update threat-actor.json 
Turla
 2020-07-15 11:20:18 +02:00
Rony
c33f4c7611
Update threat-actor.json 
Moved the JUDGMENT PANDA references to APT31 following the previous commit.
Off note, Crowdstrike quietly removed the JUDGMENT PANDA section from its GTR-2019 report. However if anyone wants to grab the unchanged report, they can get it [here](https://b-ok.asia/book/3697424/2ab30a).
 2020-07-12 12:57:24 +05:30
Rony
b77b9d374c
Update threat-actor.json 2020-07-12 11:19:13 +05:30
Koen Van Impe
d3e22ef14c SoD Matrix 
Described at https://github.com/cudeso/SoD-Matrix
 2020-07-10 14:08:45 +02:00
Deborah Servili
84474ddb29 merge 2020-07-09 16:31:04 +02:00
Deborah Servili
865e76beae commit 2020-07-07 14:47:44 +02:00
Alexandre Dulaunoy
ba46bb6a0b
chg: [threat-actor] fix #561 by using new meta to classify as a campaign only. 
Based on https://github.com/MISP/misp-galaxy/issues/469

There is an old and persistence issue in attribution world and basically no-one really agrees on this. So we decided to start a specific metadata `threat-actor-classification` on the threat-actor to define the various types per cluster entry:

- _operation_:
  - _A military operation is the coordinated military actions of a state, or a non-state actor, in response to a developing situation. These actions are designed as a military plan to resolve the situation in the state or actor's favor. Operations may be of a combat or non-combat nature and may be referred to by a code name for the purpose of national security. Military operations are often known for their more generally accepted common usage names than their actual operational objectives._ from Wikipedia
  - **In the context of MISP threat-actor name, it's a single specific operation.**
- _campaign_:
  - _The term military campaign applies to large scale, long duration, significant military strategy plans incorporating a series of inter-related military operations or battles forming a distinct part of a larger conflict often called a war. The term derives from the plain of Campania, a place of annual wartime operations by the armies of the Roman Republic._ from Wikipedia
  - **In the context of MISP threat-actor-name, it's long-term activity which might be composed of one or more operations.**
- threat-actor
  - **In the context of MISP threat-actor-name, it's an agreed name by a set of organisations.**
- activity group
  - **In the context of MISP threat-actor-name, it's a group defined by its set of common techniques or activities.**
- unknown
  - **In the context of MISP threat-actor-name, it's still not clear if it's an operation, campaign, threat-actor or activity group**

The meta field is an array to allow specific cluster of threat-actor to show the current disagreement between different organisations about the type (threat actor, activity group, campaign and operation).
 2020-07-07 09:13:21 +02:00
Alexandre Dulaunoy
164e54c3fe
Merge branch 'master' of github.com:MISP/misp-galaxy 2020-07-02 09:55:42 +02:00
StefanKelm
14665429d7
Update threat-actor.json 
APT31
 2020-06-25 16:23:00 +02:00
StefanKelm
92bc206879
Update threat-actor.json 
APT30
 2020-06-23 14:54:09 +02:00
Rony
bc97b07089
Update threat-actor.json 2020-06-21 19:19:17 +05:30
StefanKelm
583f1d2fc2
Update threat-actor.json 
TA505
 2020-06-17 11:56:29 +02:00
Alexandre Dulaunoy
0cb36249a4
chg: [jq] all the things 2020-06-12 09:26:30 +02:00
Rony
29be5ac7e1
fixed typo! 2020-06-12 00:09:59 +05:30
Rony
9365bfb7cd
Adding GALLIUM Threat Actor 2020-06-11 23:42:35 +05:30
StefanKelm
f042f98247
Update threat-actor.json 
Higaisa
 2020-06-08 14:09:39 +02:00
StefanKelm
9c25d5e8c5
Update threat-actor.json 
Cycldek
 2020-06-04 17:18:45 +02:00
Alexandre Dulaunoy
3867b1f602
Merge pull request #552 from danielplohmann/reference-fixes 
Reference fixes
 2020-05-29 09:26:05 +02:00
Alexandre Dulaunoy
2a074f23fd
chg: [preventive-measure] packet filtering added 2020-05-27 10:02:16 +02:00
Daniel Plohmann (jupiter)
a705d1402f fixing deadlinks where possible 2020-05-27 09:49:58 +02:00
Daniel Plohmann (jupiter)
171f272a1e default to HTTPS to be consistent with other links to same page 2020-05-27 09:27:52 +02:00
Alexandre Dulaunoy
8a0a4cb02d
Merge pull request #551 from nyx0/master 
Add CrackMapExec, metasploit, Cobalt Strike and Covenant
 2020-05-27 09:10:08 +02:00
Thomas Dupuy
291fb41502 Remove duplicate TA (Chafer), fix symantec link, add synonyme for DarkHotel 2020-05-26 09:50:43 -04:00
Thomas Dupuy
143bd521be Add CrackMapExec, metasploit, Cobalt Strike and Covenant 2020-05-26 09:35:01 -04:00
Rony
fbd351590a
Update threat-actor.json 2020-05-24 23:18:54 +05:30
Rony
5f8094d16f
fix 2020-05-24 23:14:43 +05:30
Alexandre Dulaunoy
b5bbc34f5d
chg: [threat-actor] remove the non-unique elements 2020-05-22 14:01:32 +02:00
Nils Kuhnert
fbfe9d23c3
Merged (most) SecureWorks threat actor profiles && jq 2020-05-22 13:45:29 +02:00
iglocska
dee9a56460
fix: small fixes to the bhadra framework 2020-05-19 16:45:40 +02:00
iglocska
43703f1a96
new: added Bhadra framework for mobile attacks 
- based on the paper published here: https://arxiv.org/pdf/2005.05110.pdf
- thanks to the ATT&CK EU community conference speakers highlighting this framework!
 2020-05-19 16:34:59 +02:00
Alexandre Dulaunoy
006b61bc44
Merge pull request #547 from Delta-Sierra/master 
add Snake Ransomware
 2020-05-15 17:55:47 +02:00
Deborah Servili
b943a7daca
fix missing description 2020-05-15 09:00:34 +02:00
Deborah Servili
6d6da39da4
add Snake Ransomware 2020-05-13 11:58:33 +02:00
Daniel Plohmann
5101c5a828
msft name: BORON for APT3 
as per tweet: https://twitter.com/bkMSFT/status/1259578051962306562
 2020-05-11 15:37:38 +02:00
Alexandre Dulaunoy
09429eda5a
chg: [ta] fix the JSON 2020-05-11 10:20:10 +02:00
Thomas Dupuy
fc9505cadf Add Sednit's Exploit-kit Sedkit 2020-05-08 13:29:14 -04:00
Thomas Dupuy
69fe870803 Add Higaisa Threat Actor 2020-05-08 13:01:48 -04:00
Deborah Servili
1d331a9ab1
Merge branch 'master' into master 2020-04-28 15:19:38 +02:00
Thomas Dupuy
46a6d9fcb1 Add DenesRAT/METALJACK 2020-04-28 01:08:50 -04:00
Alexandre Dulaunoy
2a70893352
chg: [jq] JSON fixed 2020-04-27 15:03:25 +02:00
de Rosen
a428ad565e Added misp info 2020-04-27 15:16:33 +03:00
Deborah Servili
f6fd07fbc9
add speculoos bakdoor 2020-04-27 09:36:23 +02:00
Alexandre Dulaunoy
86157a6b96
Merge pull request #539 from r0ny123/MergingTA 
Adding alias Thallium and merging STOLEN PENCIL
 2020-04-26 21:16:56 +02:00
Rony
112f9e4a08
Adding alias Thallium and merging STOLEN PENCIL 
Pretty much confirmed from the crowdstrike talk at ATT&CKon 2.0.
And also Netscout named the campaign as STOLEN PENCIL.
 2020-04-26 23:47:37 +05:30
Alexandre Dulaunoy
de71a444f8
chg: [json] add missing comma 2020-04-26 14:23:59 +02:00
rvs1st
d449eb94fc
Update threat-actor.json 
Added on line 1403: Trident per campaign malicious RTF documents to exploit CVE-2017-11882 and CVE-2012-0158
 2020-04-24 09:03:58 -05:00
Alexandre Dulaunoy
4234d44052
Merge pull request #537 from danielplohmann/patch-28 
Adding Nazar APT as described by JAGS in his OPCDE talk yesterday.
 2020-04-24 15:33:47 +02:00
Daniel Plohmann
858621ebdc
Adding Nazar APT as described by JAGS in his OPCDE talk yesterday. 2020-04-23 15:47:35 +02:00
Daniel Plohmann
b0f0bbae33
adding VOYEUR as alias (used by NSA) for MAGIC KITTEN (source reference included) 2020-04-23 14:52:08 +02:00
Deborah Servili
6b49d81b13 Merge branch 'master' of https://github.com/MISP/misp-galaxy 2020-04-23 10:06:04 +02:00
itayc0hen
667d5b8850 Add ItaDuke/DarkUniverse actor 2020-04-22 19:44:38 +03:00
pnx@pyrite
974ece3a7c adding FIN1 2020-04-20 14:20:22 +02:00
Rony
aa34775390
typo 
thanks to @patricksvgr
 2020-04-19 23:17:44 +05:30
Rony
ddfa280672
Update threat-actor.json 2020-04-19 23:06:57 +05:30
Rony
7ac2648dbc
more fix 2020-04-19 23:00:42 +05:30
Rony
573b4807ee
fix broken links 2020-04-19 16:03:21 +05:30
Rony
42a4820823
dead link 2020-04-19 11:45:45 +05:30
Rony
0aa34187e9
add link 2020-04-19 11:29:36 +05:30
Rony
d6bf42254f
Merging APT23 & Tropic Trooper 2020-04-18 13:22:25 +05:30
Rony
c161080175
Update threat-actor.json 2020-04-15 21:36:48 +05:30
Deborah Servili
e8edc9cafc Merge branch 'master' of https://github.com/MISP/misp-galaxy 2020-04-15 11:27:01 +02:00
Deborah Servili
b01e64eb1f
add Operation Shadow Forece 2020-04-08 14:53:19 +02:00
Daniel Plohmann
aba625dee5
removed duplicate entry 2020-04-07 08:49:33 +02:00
Daniel Plohmann
e15a4a6525
fixing/removing some more dead links 2020-04-06 15:25:22 +02:00
Deborah Servili
7859c8dbd7
Add coronavirus ransomware 2020-04-03 16:19:45 +02:00
Deborah Servili
8a3422acb4
add Pyta ransomnotes 2020-04-03 11:58:02 +02:00
Deborah Servili
c566c89f2a
add pyza ransomware 2020-03-27 14:22:34 +01:00
Alexandre Dulaunoy
c7104e8819
chg: [country] jq all 2020-03-23 13:09:14 +01:00
iglocska
777c3188db
new: [country] galaxy added 2020-03-23 12:10:16 +01:00
Alexandre Dulaunoy
35a57c36bf
Merge pull request #526 from Delta-Sierra/master 
PARINACOTA group
 2020-03-12 23:23:05 +01:00
Deborah Servili
a706b8ef2e
PARINACOTA group 2020-03-12 13:11:46 +01:00
Alexandre Dulaunoy
e37f320df5
Merge pull request #523 from danielplohmann/patch-24 
adding aliases MERCURY, HOLMIUM
 2020-03-09 21:56:27 +01:00
Daniel Plohmann
ab49ef3c1a
Kimsuki -> Black Banshee 
PWC refers to Kimsuki as Black Banshee (https://www.pwc.co.uk/issues/cyber-security-data-privacy/research/tracking-kimsuky-north-korea-based-cyber-espionage-group-part-2.html)
 2020-03-09 18:20:56 +01:00
Daniel Plohmann
1260ab156a
adding aliases MERCURY, HOLMIUM 
Muddywater->MERCURY: https://twitter.com/moranned/status/1234071210822184960
APT33->HOLMIUM: https://www.zdnet.com/article/microsoft-notified-10000-victims-of-nation-state-attacks/
 2020-03-09 08:50:08 +01:00
Alexandre Dulaunoy
e81c91e3e9
Merge pull request #522 from Delta-Sierra/master 
add sdbbot
 2020-03-06 15:24:14 +01:00
Deborah Servili
b007d5d3ce
add SdBbot 2020-03-06 14:33:19 +01:00
Alexandre Dulaunoy
a407ddcc5b
Merge branch 'master' of github.com:MISP/misp-galaxy 2020-03-05 10:49:15 +01:00
Alexandre Dulaunoy
375db26505
chg: [malpedia] fixes 2020-03-05 10:48:28 +01:00
Alexandre Dulaunoy
4a64d0a4ad
Merge pull request #519 from danielplohmann/crowdstrike2020report 
adding new/updated threat actor names from CrowdStrike 2020 report
 2020-03-05 09:07:16 +01:00
Corsin Camichel
66aa5c3b13
fixing a comma error 2020-03-04 21:13:01 +01:00
Daniel Plohmann (jupiter)
0c2b0b76eb while we are at it, we can also do Longhorn = APT-C-39 2020-03-04 21:09:06 +01:00
Corsin Camichel
a5a7c21c79
adding Raccoon (win.raccoon) 2020-03-04 21:02:51 +01:00
Daniel Plohmann (jupiter)
184f193342 IMPERIAL KITTEN as alias for Tortoiseshell 2020-03-04 19:39:14 +01:00
pnx@pyrite
3dc460e795 adding new/updated threat actor names from CrowdStrike 2020 report 2020-03-04 13:36:34 +01:00
Daniel Plohmann
dc059d1f4d
Accenture calls APT32 - "POND LOACH" 2020-03-03 19:40:50 +01:00
Deborah Servili
d8ea0f865c
add clop ransomware extension 2020-03-02 13:33:38 +01:00
Alexandre Dulaunoy
b4b91b1e5d
chg: [threat-actor] JSON fixed 2020-02-28 16:37:24 +01:00
Alexandre Dulaunoy
4c7532984a
Merge branch 'master' of https://github.com/nyx0/misp-galaxy into nyx0-master 2020-02-28 16:36:56 +01:00
Deborah Servili
0d4745d55f Merge branch 'master' of https://github.com/MISP/misp-galaxy 2020-02-28 11:38:20 +01:00
Deborah Servili
a61f8d7049
add extension to clop ransomware 2020-02-28 11:37:54 +01:00
Alexandre Dulaunoy
ee63756cc5
Merge pull request #516 from rmkml/master 
add MedusaLocker ransomware
 2020-02-23 16:06:45 +01:00
rmkml
590e292b68 add MedusaLocker ransomware 2020-02-23 16:01:45 +01:00
Deborah Servili
29bf20e89b
add razor ransomware 2020-02-19 15:55:29 +01:00
Thomas Dupuy
0daeb675f5 Add InvisiMole cluster 2020-02-18 13:28:32 -05:00
Alexandre Dulaunoy
c98093e6fe
Merge pull request #513 from danielplohmann/patch-20 
adding APT-C-12
 2020-02-13 21:56:34 +01:00
Daniel Plohmann
e481e9bb50
adding APT-C-12 2020-02-13 17:44:45 +01:00
Deborah Servili
f196bad4a1
add tools used by TA505 + others 2020-02-12 15:39:16 +01:00
Deborah Servili
66a721fcd3 Merge branch 'master' of https://github.com/MISP/misp-galaxy 2020-02-12 15:00:30 +01:00
Deborah Servili
b46f9b68fe
add warzone RAT 2020-02-06 13:39:58 +01:00
Alexandre Dulaunoy
33aa1c8f3f
Merge pull request #510 from Delta-Sierra/master 
add ransomwares
 2020-02-06 09:53:19 +01:00
Deborah Servili
46fe9cb82b
add ransomwares 2020-02-06 09:29:33 +01:00
Rony
22c9badee0
Update threat-actor.json 
those are the name of aliases of the same malware family sykipot. so removing it.
 2020-02-05 18:00:31 +05:30
Deborah Servili
5da17d51aa
Merge branch 'master' into master 2020-01-24 09:33:33 +01:00
Deborah Servili
606e3ec90f
jq 2020-01-24 09:32:09 +01:00
Alexandre Dulaunoy
6d078a88dd
chg: [ransomware] Nodera ransomware added 2020-01-24 09:04:38 +01:00
Deborah Servili
58415324c5
add Operation Wocao 2020-01-24 08:27:20 +01:00
Thomas Dupuy
edc5196373 Add Attor and DePriMon 2020-01-23 11:27:00 -05:00
Daniel Plohmann
ccfe5ee130
removing and fixing deadlinks in the best possible way 
Hi! While migrating Malpedia to our new reference data format, we noticed a few potentially dead/moved references in your cluster. This pull request should fix most of them, for some I was not able to find an appropriate replacement.
 2020-01-23 11:14:20 +01:00
Daniel Plohmann
29a128da6f
adding references and TEMP.MixMaster as alias for WIZARD SPIDER 
with kudos to @tbarabosch
 2020-01-22 15:42:01 +01:00
Alexandre Dulaunoy
911c2bf0bf
Merge pull request #504 from Delta-Sierra/master 
update target location galaxy
 2020-01-21 11:06:56 +01:00
Deborah Servili
8421bde291
complete Zimbabwe cluster 2020-01-21 10:51:07 +01:00
Deborah Servili
f364e51d24
update target location galaxy 2020-01-20 14:46:03 +01:00
Alexandre Dulaunoy
dbaab413b6
chg: [threat-actor] typo fixed 2020-01-18 17:30:27 +01:00
Alexandre Dulaunoy
564f27c5ca
chg: [threat-actor] format fixed 2020-01-18 17:26:45 +01:00
Alexandre Dulaunoy
34c5c66279
chg: [threat-actor] fix order 2020-01-18 17:08:32 +01:00
Alexandre Dulaunoy
8eeceafc51
chg: [threat-actor] Budminer APT added based on document from "Soesanto, Stefan" 
Ref: https://www.research-collection.ethz.ch/bitstream/handle/20.500.11850/389371/1/Cyber-Reports-2020-01-A-one-sided-Affair.pdf
Ref: https://www.symantec.com/connect/blogs/taiwan-targeted-new-cyberespionage-back-door-trojan
 2020-01-18 17:02:44 +01:00
StefanKelm
027d94e68a
Update ransomware.json 2020-01-16 16:59:22 +01:00
StefanKelm
f53a92065c
Update ransomware.json 
5ss5c
 2020-01-16 16:46:38 +01:00
Deborah Servili
5ec817b499
Merge branch 'master' into master 2020-01-15 14:36:01 +01:00
Deborah Servili
32961527aa
add Autochk Rootkit as tool 2020-01-15 13:41:53 +01:00
Deborah Servili
bfcc867ee6
add two wipers to tools 2020-01-14 15:54:06 +01:00
Alexandre Dulaunoy
3c90322fd8
Merge pull request #500 from Delta-Sierra/master 
update target information
 2020-01-08 16:22:24 +01:00
StefanKelm
5832893d4f
Update tool.json 
LiquorBot
 2020-01-08 16:04:22 +01:00
Deborah Servili
53df69a1eb
update target information 2020-01-08 15:50:47 +01:00
StefanKelm
bf4fc92066
Update tool.json 
Lampion
 2020-01-07 13:14:08 +01:00
Alexandre Dulaunoy
5da0c7bd54
chg: [threat-actor] SideWinder APT group added 2020-01-07 10:42:07 +01:00
StefanKelm
9b6f9136f9
Update threat-actor.json 2020-01-03 12:50:49 +01:00
StefanKelm
9373cfcb53
Update threat-actor.json 
BRONZE PRESIDENT
 2020-01-03 12:42:57 +01:00
Rony
6b1142abac
Update threat-actor.json 2019-12-23 22:05:28 +05:30
Alexandre Dulaunoy
be4f9e01a0
Merge pull request #496 from bartblaze/patch-1 
Update threat-actor.json
 2019-12-20 08:23:30 +01:00
Bart
8ebb2e2d16
Update threat-actor.json 
Adds Operation Wocao..
 2019-12-19 21:42:02 +01:00
Deborah Servili
34340372b3
add clop ransomware 2019-12-19 17:19:18 +01:00
Deborah Servili
b8c332a055
jq 2019-12-16 14:08:34 +01:00
Deborah Servili
c876928abd Merge branch 'master' of https://github.com/MISP/misp-galaxy 2019-12-16 13:36:56 +01:00
Deborah Servili
ee38ec7220
add BitPaymer Synonsyms 2019-12-16 13:36:00 +01:00
Deborah Servili
47e0d00555
Merge pull request #493 from Delta-Sierra/master 
add tools used by GALLIUM
 2019-12-13 15:35:29 +01:00
Deborah Servili
0fc9045ef2
add tools used by GALLIUM 2019-12-13 15:06:00 +01:00
Alexandre Dulaunoy
9f56a91013
Merge pull request #492 from Delta-Sierra/master 
Operation Soft Cell ralated Updates
 2019-12-13 13:35:52 +01:00
Deborah Servili
03c54a3e05
add GALLIUM as microsoft activities group and similar to Operation Soft Cell 2019-12-13 11:47:31 +01:00
Deborah Servili
3be47af325
update threat actor version 2019-12-13 11:04:51 +01:00
Deborah Servili
9b153913be
add relation suspected link between operation soft cell and apt10 2019-12-13 10:59:06 +01:00
Sebastian Wagner
c3b5b39dd3
sofacy: add apt_sofacy as synonym 2019-12-12 15:57:13 +01:00
Deborah Servili
170f964e8c
##COMMA## 2019-12-11 14:22:09 +01:00
Deborah Servili
7e18f2e509
Merge branch 'master' into master 2019-12-11 13:51:52 +01:00
Deborah Servili
391b5a674d
add Axiom synonym 2019-12-11 13:50:35 +01:00
Alexandre Dulaunoy
8da36c09e1
chg: [threat-actor] jq 2019-12-08 09:03:14 +01:00
Daniel Plohmann
94b3c1ec07
added APT-C-34 / Golden Falcon 2019-12-07 12:44:30 +01:00
Deborah Servili
31f3a61d5f
add Sofacy ref 2019-12-05 15:42:42 +01:00
Alexandre Dulaunoy
8e73612b09
Merge pull request #488 from Delta-Sierra/master 
create new galaxy - surveillance-vendor
 2019-12-05 14:48:44 +01:00
Deborah Servili
df1cbf8dce
add clusters to surveillance-vendor galaxy 2019-12-05 12:06:10 +01:00
Deborah Servili
ad5b915175
Fix surveillance-vendor galaxy 2019-12-05 11:09:38 +01:00
Deborah Servili
12530db5a8
Add FlexiSPY + jq 2019-12-05 10:05:21 +01:00
Deborah Servili
a049009453
add new galaxy - surveillance-vendor 2019-12-04 16:22:58 +01:00
Deborah Servili
2e82cd4fd7
add Private Internet Access as Tool 2019-12-04 16:22:22 +01:00
Alexandre Dulaunoy
5f020307f3
Merge pull request #485 from danielplohmann/patch-15 
added TA2101
 2019-12-03 22:36:49 +01:00
Daniel Plohmann
bd3cc6d8ee
added TA2101 2019-12-03 18:13:44 +01:00
Jean-Louis Huynen
100299f3fd
add: [dark-pattern] add a source 2019-12-03 17:09:57 +01:00
Jean-Louis Huynen
44a9897f2a
add: [dark-pattern] galaxy to tag dark patterns 2019-12-03 16:26:29 +01:00
Alexandre Dulaunoy
2659d864d6
chg: [ransomware] jq ;-) 2019-11-22 22:41:01 +01:00
rmkml
64f100e578
Merge branch 'master' into master 2019-11-22 22:32:24 +01:00
rmkml
81cef767aa Fix Add FTCode Ransomware 2019-11-22 22:27:20 +01:00
rmkml
eee9beca0f Add FTCode Ransomware 2019-11-22 21:16:40 +01:00
Deborah Servili
34faa63070
jq 2019-11-22 15:41:51 +01:00
Deborah Servili
ba830c905d
add cyborg ransomnote refs 2019-11-22 15:36:49 +01:00
Deborah Servili
757c3d6480
add cyborg ransomnote filename 2019-11-22 15:35:58 +01:00
Deborah Servili
2009a9c45c
add cyborg ranspmware extension 2019-11-22 15:30:17 +01:00
Deborah Servili
cab60a02e2
jq 2019-11-22 14:15:29 +01:00
Deborah Servili
08a4897cbe
add DePriMon malicious downloader & Cyborg ransomware 2019-11-22 14:05:36 +01:00
Alexandre Dulaunoy
8cc5e02f22
chg: [clean-up] jq all the things 2019-11-21 17:19:39 +01:00
Deborah Servili
38641aae36
merge 2019-11-21 16:24:11 +01:00
Deborah Servili
f21dd95b28
merge 2019-11-21 16:23:29 +01:00
Alexandre Dulaunoy
8240fe1722
Merge pull request #480 from rmkml/master 
Add Maze Ransomware
 2019-11-21 14:13:17 +01:00
Deborah Servili
1a0dd2292b
add silence synonym & new meta field spoken-language 2019-11-21 11:50:02 +01:00
rmkml
90bc667988 Add Maze Ransomware 2019-11-21 00:57:50 +01:00
rmkml
9410326ea2 Revert "Add Maze Ransomware" 
This reverts commit cfc6e2802c.
 2019-11-21 00:55:55 +01:00
rmkml
cfc6e2802c Add Maze Ransomware 2019-11-19 23:15:02 +01:00
Alexandre Dulaunoy
5dc55fbbfb
Merge pull request #477 from rmkml/master 
Add Desync Ransomware
 2019-11-19 06:40:31 +01:00
rmkml
ac4099ed0e Add Desync Ransomware 2019-11-18 23:37:21 +01:00
Deborah Servili
5f65e8d208
traget information update [WIP] 2019-11-14 15:07:08 +01:00
StefanKelm
aa132ca58f
new refs for APT33 2019-11-14 14:57:05 +01:00
Alexandre Dulaunoy
ea18f6e920
Merge pull request #475 from Delta-Sierra/master 
target information update [WIP]
 2019-11-13 20:43:03 +01:00
Deborah Servili
08cdc4cac3
jq 2019-11-13 15:56:23 +01:00
Deborah Servili
985c4b2459
traget information update [WIP] 2019-11-13 15:55:32 +01:00
Alexandre Dulaunoy
eea0f528fa
chg: [threat-actor] Lucky Mouse synonym added 
Ref: https://www.bleepingcomputer.com/news/security/cyber-espionage-group-customizes-old-public-tools/
Ref: https://www.cybersecurity-insiders.com/apt-lucky-mouse-group-targets-canada-icao-via-cyber-attack/
 2019-11-12 12:51:44 +01:00
Raphaël Vinot
1486890f86 fix: JQ all the things. 2019-11-12 10:25:00 +01:00
Alexandre Dulaunoy
871d90cfc2
chg: [threat-actor] Calypso group added 
Ref: https://www.ptsecurity.com/upload/corporate/ru-ru/analytics/calypso-apt-2019-rus.pdf
MISP UUID: 5ca4718b-7f38-4822-83b7-0a1a0a00b412
 2019-11-11 13:34:54 +01:00
Deborah Servili
e310b98bc0
add Palestine PPound 2019-11-07 08:44:49 +01:00
Deborah Servili
50022d3905 Merge branch 'master' of https://github.com/MISP/misp-galaxy 2019-11-07 08:34:05 +01:00
Alexandre Dulaunoy
ea8c1dd764
Merge pull request #472 from rmkml/master 
Add DoppelPaymer Ransomware
 2019-11-06 20:48:33 +01:00
rmkml
9707a5eb0e Add DoppelPaymer Ransomware 2019-11-06 20:41:43 +01:00
Deborah Servili
1a62f7c2cd
jq 2019-11-06 16:23:34 +01:00
Deborah Servili
5b6aae5d1c
update target location WIP 2019-11-06 16:21:10 +01:00
Alexandre Dulaunoy
2d1406b4d6
Merge pull request #471 from rmkml/master 
Add FreeMe Ransomware
 2019-11-06 06:36:53 +01:00
rmkml
656d90fd7c Add FreeMe Ransomware 2019-11-05 23:09:48 +01:00
Alexandre Dulaunoy
d9a64c18ff
chg: [threat-actor] threat-actor-classification updated 2019-11-04 09:37:52 +01:00
Alexandre Dulaunoy
6f463325b9
chg: [threat-actor] jq is jq 2019-11-03 16:01:09 +01:00
Alexandre Dulaunoy
64a3569803
Merge branch 'master' of github.com:MISP/misp-galaxy 2019-11-03 08:52:37 +01:00
Alexandre Dulaunoy
8d01e77574
chg: [threat-actor] Operation WizardOpium added 
ref: https://securelist.com/chrome-0-day-exploit-cve-2019-13720-used-in-operation-wizardopium/94866/
 2019-11-03 08:51:37 +01:00
Alexandre Dulaunoy
346e54a321
Merge pull request #468 from Delta-Sierra/master 
add Turla Group Symonym variant
 2019-11-02 13:40:21 +01:00
Deborah Servili
1da2dc8af1
add Turla Group Symonym variant 2019-10-31 16:33:32 +01:00
Deborah Servili
efa2f43c0f
Merge pull request #467 from Delta-Sierra/master 
Few updates
 2019-10-31 14:31:16 +01:00
Deborah Servili
bee9b80898
jq 2019-10-31 10:37:36 +01:00
Deborah Servili
0a8f989e1c
add Winnti related tools etc. 2019-10-31 10:36:15 +01:00
Christophe Vandeplas
d32022b241 fix: [attack] fixes old MITRE relationships not being removed 2019-10-27 21:06:26 +01:00
Christophe Vandeplas
4ab9bbbfa3 chg: [attack] update to latest ATT&CK data 2019-10-25 10:12:41 +02:00
Alexandre Dulaunoy
1581827875
chg: [attck4fraud] jq all the things 2019-10-20 20:07:29 +02:00
Christophe Vandeplas
eb594cba0f fix: [misinfosec] fixes inconsistent filename 2019-10-20 18:53:02 +02:00
Alexandre Dulaunoy
2b84592ff5
Merge branch 'master' of github.com:MISP/misp-galaxy 2019-10-18 14:28:41 +02:00
Alexandre Dulaunoy
77605f8d43
chg: [attck4fraud] updates based on issue #466 2019-10-18 14:27:36 +02:00
Rony
1fc0f5e2e7
Update threat-actor.json 2019-10-17 09:46:56 +05:30
Deborah Servili
88025a541f
add operation soft cell 2019-10-14 16:07:35 +02:00
mokaddem
4d4bd3a70c fix: [misinfosec] fixed kill_chain fields 2019-10-09 09:45:52 +02:00
VVX7
e4998efec9 chg: [galaxy] added AMITT galaxy/cluster generator script 2019-10-08 13:52:08 -04:00
VVX7
a0357c735e chg: [galaxy] version number to int 2019-10-07 19:19:45 -04:00
VVX7
0a29445b44 new: [galaxy] AMITT (Adversarial Misinformation and Influence Tactics and Techniques) framework for describing disinformation incidents. AMITT is part of misinfosec - work on adapting information security practices to help track and counter misinformation - and is designed as far as possible to fit existing infosec practices and tools. 2019-10-07 19:07:25 -04:00
Deborah Servili
c27385cfa4
jq 2019-10-07 14:38:16 +02:00
Deborah Servili
5355910a8f
add legitimate tools 2019-10-07 13:38:40 +02:00
Deborah Servili
19452d8c1f Merge branch 'master' of https://github.com/MISP/misp-galaxy 2019-10-07 11:07:00 +02:00
Deborah Servili
569d453ff2
update version 2019-10-07 11:06:27 +02:00
Deborah Servili
0795eecd01
add PlugX rat sysnonyms 2019-10-07 11:04:33 +02:00
Alexandre Dulaunoy
ac8236d16d
chg: [misp-galaxy] jq all the things 2019-10-03 14:46:07 +02:00
Alexandre Dulaunoy
9e82b025b5
chg: [tool] COMPfun - Reductor added 
Ref: https://securelist.com/compfun-successor-reductor/93633/
 2019-10-03 14:25:44 +02:00
Deborah Servili
cb774002c9
add Sodinokibi synonym 2019-10-02 11:44:54 +02:00
Deborah Servili
82824be700
fix empty string 2019-09-30 12:55:31 +02:00
Deborah Servili
b7c9d3e034
jq 2019-09-30 11:56:28 +02:00
Deborah Servili
fca032ea73
add TVSPY tool 2019-09-30 10:45:53 +02:00
Deborah Servili
f6c075c3df
WIP update target info 2019-09-27 16:22:01 +02:00
Deborah Servili
c305640290
new galaxy - Region based on UN M49 2019-09-26 13:01:41 +02:00
Deborah Servili
d0068b0ce0
WIP update target info 2019-09-25 15:39:02 +02:00
Deborah Servili
a4b59f647c
jq 2019-09-25 13:41:55 +02:00
Deborah Servili
335402c886 Merge branch 'master' of https://github.com/MISP/misp-galaxy into target-location-galaxy 2019-09-25 13:39:33 +02:00
Deborah Servili
bb3f9dc183
WIP update target info - fix empty string 2019-09-25 13:31:46 +02:00
Alexandre Dulaunoy
309109eb27
chg: [threat-actor] new LookBack (Malware?Campaign?TA?) 
Signed-off: During MISP training
 2019-09-25 12:12:34 +02:00
Deborah Servili
9068e3c742
WIP update target info 2019-09-25 11:46:10 +02:00
Alexandre Dulaunoy
a5ae130916
chg: [threat-actor] Evil Eye and POISON CARP 
Ref: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/
Signed-off: Jean-Louis during training session
 2019-09-25 11:27:03 +02:00
Deborah Servili
83ee520dd5
WIP update target info 2019-09-25 09:44:34 +02:00
Deborah Servili
638cdd4198
version update 2019-09-20 14:54:56 +02:00
Deborah Servili
b9b4b9c651
Add Tortoiseshell thrat actor 2019-09-20 14:53:25 +02:00
Deborah Servili
6d88367497
moar clusters 2019-09-20 09:50:37 +02:00
Alexandre Dulaunoy
42f457fc22
Merge pull request #457 from rmkml/master 
Add Mr.Dec Ransomware
 2019-09-17 10:17:11 +02:00
rmkml
5631d210a0 Add Mr.Dec Ransomware 2019-09-17 00:44:56 +02:00
Alexandre Dulaunoy
cc134d7dff
Merge pull request #456 from rmkml/master 
Add Hildacrypt Ransomware
 2019-09-15 18:24:03 +02:00
rmkml
dff982be20 Add Hildacrypt Ransomware 2019-09-14 21:49:16 +02:00
Alexandre Dulaunoy
55da11f8ba
Merge pull request #455 from rmkml/master 
Add InnfiRAT
 2019-09-14 08:16:35 +02:00
rmkml
f907797d41 Add InnfiRAT 2019-09-14 00:08:54 +02:00
Deborah Servili
7e892eaa7d
update target information [draft] 2019-09-13 16:35:20 +02:00
Deborah Servili
2588df01cc
update target information 2019-09-12 16:22:11 +02:00
StefanKelm
db2b5a13ef
Update threat-actor.json 
Silent Librarian
 2019-09-12 11:57:03 +02:00
Deborah Servili
1eb23bc55b
update target information 2019-09-12 11:10:41 +02:00
Deborah Servili
6c430ad21e
improve target-information 2019-09-11 16:32:29 +02:00
rmkml
7c89cb308c
Merge branch 'master' into master 2019-09-07 19:52:05 +02:00
rmkml
dfc6321e0c Add AsyncRAT 2019-09-07 19:43:08 +02:00
Deborah Servili
718ea55dd7
Merge branch 'master' into master 2019-09-04 14:42:47 +02:00
Deborah Servili
9e3a998dfc
aff SectorJ04 group 2019-09-03 15:51:21 +02:00
Alexandre Dulaunoy
9690d070ab
Merge pull request #450 from rmkml/master 
Add Buran Ransomware
 2019-09-02 07:39:19 +02:00
rmkml
28ec696272 Add Buran Ransomware 2019-09-01 21:20:28 +02:00
Daniel Plohmann
f40b7dd132
'SectorJ04 Group' as alias introduced by NSHC for TA505 
Not explicitly mentioned in the blog post but it looks like we just got an alias for TA505... https://threatrecon.nshc.net/2019/08/29/sectorj04-groups-increased-activity-in-2019/
 2019-09-01 15:46:36 +02:00
Alexandre Dulaunoy
9920461294
Merge pull request #448 from rmkml/master 
Add Nemty Ransomware
 2019-08-31 21:27:50 +02:00
rmkml
e79310c861 Add Nemty Ransomware 2019-08-31 21:08:50 +02:00
Alexandre Dulaunoy
c7e6a17a31
Merge pull request #447 from Delta-Sierra/target-location-galaxy 
improve more clusters
 2019-08-30 16:37:39 +02:00
Deborah Servili
5504c10e3d
improve more clusters 2019-08-30 16:32:02 +02:00
Alexandre Dulaunoy
b986f06cb4
Merge pull request #446 from wagner-certat/tool-empty-strings 
Add test for empty strings
 2019-08-30 11:10:16 +02:00
Alexandre Dulaunoy
0966e58da6
Merge branch 'master' of github.com:MISP/misp-galaxy 2019-08-30 11:06:29 +02:00
Alexandre Dulaunoy
f5056ff02e
chg: [threat-actor] add machete-apt synonyms as reported in #445 2019-08-30 11:03:30 +02:00
Deborah Servili
2c248db419
Merge pull request #441 from Delta-Sierra/target-location-galaxy 
More clusters improved
 2019-08-30 10:15:56 +02:00
Sebastian Wagner
e13087a9c4
target-information: fix territory-type for China 2019-08-30 10:08:19 +02:00
StefanKelm
49f8f60a85
Update threat-actor.json 
Add ITG08 as synonym for FIN6
 2019-08-29 13:13:00 +02:00
Alexandre Dulaunoy
8d78a2a108
chg: [threat-actor] jq all 2019-08-29 08:31:10 +02:00
Alexandre Dulaunoy
791c88f2eb
Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master 2019-08-29 08:30:41 +02:00
Deborah Servili
395dd93e0f
add Asruex Backdoor 2019-08-28 15:40:03 +02:00
Alexandre Dulaunoy
9926ea8826
chg: [threat-actor] LYCEUM added - 443 #fixed 2019-08-28 14:35:12 +02:00
Deborah Servili
ea68336b96
add ref for Gamaredon 2019-08-27 08:28:58 +02:00
Deborah Servili
300e3c2bfb
More clusters improved 2019-08-26 17:50:20 +02:00
Alexandre Dulaunoy
775b6d1a09
Merge pull request #440 from Delta-Sierra/target-location-galaxy 
Target location galaxy
 2019-08-23 16:29:23 +02:00
Deborah Servili
fcded146c2
More clusters improved 2019-08-23 16:01:12 +02:00
Deborah Servili
bae47241f0
More clusters improved 2019-08-23 11:14:14 +02:00
Alexandre Dulaunoy
a68577a967
Merge pull request #439 from Delta-Sierra/target-location-galaxy 
Target location galaxy
 2019-08-22 16:24:57 +02:00
Deborah Servili
a579c041d2
More clusters improved 2019-08-22 15:59:11 +02:00
Deborah Servili
b7a97d1baf
More clusters improved 2019-08-22 11:49:09 +02:00
Deborah Servili
6944236943
more countries 2019-08-20 15:24:16 +02:00
Sebastian Wagner
38aebbf42a
remove empty strings 2019-08-19 17:04:07 +02:00
Deborah Servili
93ca9a3123
Merge pull request #437 from Delta-Sierra/target-location-galaxy 
Target location galaxy
 2019-08-19 08:57:48 +02:00
Deborah Servili
754f8f2a48
complete more cluster + country is now an array 2019-08-14 16:30:28 +02:00
Deborah Servili
3e651e2d74
target-informatione - add membership member-of attribute - Example:member-of NATO 2019-08-13 15:36:10 +02:00
Alexandre Dulaunoy
6ca4e4cb17
Merge pull request #436 from Delta-Sierra/target-location-galaxy 
Target location galaxy
 2019-08-13 15:17:41 +02:00
Deborah Servili
e00f139fa2
jq 2019-08-13 13:01:36 +02:00
Deborah Servili
9accc832e3
change attribute name 2019-08-13 12:08:03 +02:00
Deborah Servili
389a82701a
jq 2019-08-13 11:57:28 +02:00
Deborah Servili
e946ce66db
complete some clusters 2019-08-13 11:55:18 +02:00
Alexandre Dulaunoy
d48d2ccd3e
Merge pull request #435 from hackunagi/master 
Adding Amavaldo Banking Trojan
 2019-08-10 18:53:05 +02:00
Alexandre Dulaunoy
3841447e16
Merge pull request #434 from r0ny123/patch-1 
added microsoft naming for the groups
 2019-08-10 18:52:26 +02:00
Thomas Dupuy
df5c9057a1 add synonyme for Turla 2019-08-09 17:34:22 -04:00
Carlos Borges
d96dc39c5a
Adding Amavaldo Banking Trojan 2019-08-09 18:00:37 -03:00
Rony
feac39db6b
added microsoft naming for the groups 2019-08-09 22:19:09 +05:30
Thomas Dupuy
320e298549 update victims 2019-08-09 10:45:10 -04:00
Thomas Dupuy
1988662ee5 add APT41 2019-08-09 10:24:06 -04:00
Deborah Servili
e239619d15
jq 2019-08-06 15:42:20 +02:00
Deborah Servili
53df0908c7
update version 2019-08-06 15:34:23 +02:00
Deborah Servili
4bef48b33e
add Amavaldo 2019-08-06 13:28:32 +02:00
Nils Kuhnert
17925f3e10
Remove local file link :) 2019-08-03 18:55:00 +02:00
Deborah Servili
21318cdf3d
fix building mistakes 2019-08-02 16:28:32 +02:00
Alexandre Dulaunoy
7913adad61
chg: [threat-actor] rollback as discussed by chat with Andras until version 2.0 2019-08-02 16:08:40 +02:00
Andras Iklody
984be50396
lowercased value field for DarkHotel 2019-08-02 15:40:31 +02:00