Rony
9ecfecc063
another fix
2021-07-21 18:41:18 +05:30
Rony
32ea60d721
fix
2021-07-21 18:31:05 +05:30
Rony
52e7d5a0a9
multiple updates to apt40, apt31 & hafnium
2021-07-21 18:28:40 +05:30
Rony
fb9a41f8e9
from Gov Canada & MFA Japan
2021-07-19 20:33:35 +05:30
Rony
c90c60cb13
adding references for APT40 & APT31
2021-07-19 20:14:36 +05:30
6c8949caa9
Merge pull request #658 from jasperla/oilrig
...
merge APT34 with OilRig
2021-07-03 08:56:39 +02:00
Deborah Servili
b6005bd53f
Merge branch 'main' into master
2021-07-02 13:30:51 +02:00
Delta-Sierra
913aff30c3
Add NOBELIUM and related
2021-07-02 13:18:03 +02:00
Jasper Lievisse Adriaanse
792490298e
merge APT34 with OilRig
...
OilRig already has "APT 34" and "APT34" as synonyms. Additionally
MITRE has since combined them due to overlap in activity:
https://attack.mitre.org/groups/G0049/
2021-06-29 20:26:04 +02:00
a5d7d85dc8
Merge pull request #657 from jloehel/add_matanbuchus
...
[cluster][tool] Adds Matanbuchus
2021-06-22 07:23:20 +02:00
Jürgen Löhel
254c201601
[cluster][tool] Adds Matanbuchus
...
+ threat actor: BelialDemon
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-06-21 18:04:28 -05:00
Jürgen Löhel
381973f5de
[cluster][stealer] Adds HackBoss
...
Fixes : #651
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-06-21 16:35:20 -05:00
Thomas Dupuy
772c5145c1
Added BackdoorDiplomacy and Gelsemium.
2021-06-11 11:48:57 -04:00
Rony
9a723b6261
more ta544 references
2021-05-26 20:26:27 +05:30
Rony
db06e1fa4a
chg: [threat-actor] added cybercrime threat group profiles from Crowdstrike & Secureworks
2021-05-22 21:02:30 +05:30
Daniel Plohmann
433ea5cb45
Twisted Spider -> TWISTED SPIDER
...
fair point
2021-05-19 17:04:58 +02:00
Daniel Plohmann
9719122d27
adding Twisted Spider as alias for TA2101 (Maze)
2021-05-19 16:47:41 +02:00
a3cdbc1309
Merge pull request #650 from Still34/patches/alias-tick-1
...
Add alias for Tick
2021-05-07 23:23:38 +02:00
Still Hsu
eb671f1e6a
Add Nian alias
...
Signed-off-by: Still Hsu <dev@stillu.cc>
2021-05-08 00:52:27 +08:00
Still Hsu
fe7c0dab07
Add country origin for BlackTech
...
Signed-off-by: Still Hsu <dev@stillu.cc>
2021-05-08 00:32:39 +08:00
Daniel Plohmann
38b8bac51d
fixing broken/dead links
2021-05-04 20:15:17 +02:00
6f7d3d5c2b
chg: [ransomware] COLT (Compromise to Leak Time) added on Darkside and Pysa
...
"COLT – Compromise to Leak Time" - new meta colt-median/colt-average.
For reference: https://vulnerability.ch/2021/05/colt-compromise-to-leak-time/
2021-05-03 07:41:43 +02:00
7aaf25a424
new: [ransomware] Ragnarok added
2021-04-30 12:08:03 +02:00
94ec98d544
Merge pull request #646 from r0ny123/update
...
Updates to APT27 & Tick
2021-04-29 18:29:53 +02:00
Christophe Vandeplas
86ee7008b2
chg: [att&ck] bump to latest ATT&CK version from MITRE
2021-04-29 18:12:36 +02:00
211a4b5145
fix: [ransomware] Related key should be outside metas
2021-04-26 13:48:06 +02:00
Rony
4ba2db0f3a
FlatChestWare duplicate removed
2021-04-26 16:24:09 +05:30
ef9989dbe8
chg: [ransomware] duplicate removed
2021-04-26 12:06:03 +02:00
847d3e8fa7
chg: [ransomware] duplicate removed
2021-04-26 12:01:01 +02:00
f3992ec5f1
chg: [ransomware] duplicates removed
2021-04-26 11:57:21 +02:00
f2703bd03e
chg: [ransomware] Flyper removed
2021-04-26 11:52:28 +02:00
Delta-Sierra
3cae487e3d
fix duplicates and add relations
2021-04-26 11:25:39 +02:00
Rony
faed812fc9
Merged STALKER PANDA to Tick
2021-04-25 19:12:20 +05:30
Rony
89b9c0c32c
several updates to apt27
2021-04-25 16:53:36 +05:30
Delta-Sierra
0a05621f82
Merge https://github.com/MISP/misp-galaxy
2021-04-19 15:48:58 +02:00
Delta-Sierra
b138354fa5
Removing duplicate
2021-04-19 15:42:49 +02:00
28f6475cc5
chg: [ransomware] first duplicate removed
2021-04-19 15:13:18 +02:00
e7061f90d9
chg: [ransomware] remove duplicate "File-Locker"
2021-04-19 15:08:06 +02:00
ab13dd00f8
Merge pull request #645 from Delta-Sierra/master
...
Adding ransomware names [WIP 2/3]
2021-04-19 15:03:12 +02:00
Delta-Sierra
f5713a8d87
Removing unexpected line
2021-04-19 14:53:36 +02:00
Delta-Sierra
b7b4b356c3
Adding ransomware names [WIP 3]
2021-04-19 14:47:10 +02:00
Delta-Sierra
fdf1a6c112
Adding ransomware names [WIP 2]
2021-04-19 13:24:25 +02:00
Daniel Plohmann
6eb594a6b0
adding Yanbian Gang as threat actor
2021-04-16 15:12:45 +02:00
Delta-Sierra
f3456a89c5
fix version
2021-04-15 15:08:11 +02:00
Delta-Sierra
4bcd0492bd
Adding ransomwares WIP
2021-04-15 15:07:52 +02:00
Daniel Plohmann
2d8e9ea364
Symantec uses Palmerworm as alias for BlackTech
...
Adding Palmerworm as Symantec alias for BlackTech (with reference).
2021-03-31 22:35:12 +02:00
Thomas Dupuy
a8c62ddeda
Add Ghostwriter.
2021-03-31 09:42:40 -04:00
Rony
50f5d2ae4a
reverted changes made into 52ae97718d
2021-03-30 22:19:05 +05:30
sebdraven
ce8a9442eb
validation jsons
2021-03-30 13:12:21 +00:00
Sebdraven
52ae97718d
Update threat-actor.json
...
add a synonym to Haffnium
2021-03-30 15:11:09 +02:00
sebdraven
b082977b9f
validation ok
2021-03-30 10:22:35 +00:00
Sebdraven
4ed4cebcee
Update threat-actor.json
...
format json
2021-03-30 12:16:22 +02:00
Sebdraven
a62e3ba530
Update threat-actor.json
...
add redecho threat actor
2021-03-30 12:10:50 +02:00
Jakub Onderka
ca9608da6d
fix: Cryptominers type
2021-03-27 22:07:33 +01:00
26b9740e55
chg: [malpedia] jq all the file and removed ref duplicates
2021-03-13 11:00:39 +01:00
Jakob M
f02ce7e805
update to latest
...
Ref: https://malpedia.caad.fkie.fraunhofer.de/api/get/misp
2021-03-12 10:35:12 +01:00
Delta-Sierra
eff327b4fd
fix progress
2021-03-11 14:42:55 +01:00
Delta-Sierra
7c843ac5c2
fix merge & jq
2021-03-11 14:08:29 +01:00
Delta-Sierra
c37befc8a9
merge
2021-03-11 10:35:05 +01:00
855a12a408
chg: [clusters] fixing broken UUID fix #628
2021-03-11 09:54:50 +01:00
f6ed00233e
chg: [ransomware] fix the broken UUID fix #628
2021-03-11 09:52:25 +01:00
Rony
57c7d0b9a0
From Nextron
2021-03-06 19:44:32 +05:30
Rony
6cabbfb091
more!
2021-03-06 14:22:29 +05:30
Rony
7b242555df
More references
...
From
Crowdstrike
MSRC
and kql hunting query from James Quinn
2021-03-06 13:28:14 +05:30
Rony
eaab88ef28
add HAFNIUM detection refs
2021-03-05 16:51:28 +05:30
Rony
4bc438a325
fix
2021-03-05 11:48:43 +05:30
Rony
d9b299aafc
add more HAFNIUM references
2021-03-05 11:42:04 +05:30
Rony
c9f7afef1c
Adding alias NOBELIUM
2021-03-04 22:39:33 +05:30
47dade9d0e
Merge pull request #631 from r0ny123/Enhancement
...
Add HAFNIUM
2021-03-04 14:48:01 +01:00
a9a6b0253f
chg: [microsoft activity group] HAFNIUM added
2021-03-04 10:49:58 +01:00
Rony
ad795606cf
added HAFNIUM
...
Updates:
Tonto Team
UNC2452
2021-03-04 00:10:33 +05:30
Sebdraven
2666341afc
Update threat-actor.json
...
update Sidewinder card
2021-03-03 17:59:25 +01:00
Thomas Dupuy
f842694fda
Update Infy TA.
2021-03-02 14:37:01 -05:00
524676282e
Merge branch 'main' of github.com:MISP/misp-galaxy into main
2021-02-26 08:30:58 +01:00
4692ced8fa
chg: [tool] SUNSPOT added
2021-02-26 08:28:01 +01:00
Delta-Sierra
0e23d8b95f
add relationships between Maze, Rgnar, Egregor and Sekhmet
2021-02-25 10:21:28 +01:00
Delta-Sierra
406dfdb45b
add Sekhmet ransomware
2021-02-25 09:52:52 +01:00
Delta-Sierra
d273a5da7d
add TeamTNT ref
2021-02-25 09:52:24 +01:00
Rony
5c6f3a036b
removing DePrimon
...
DePrimon is not a TA, added malfamily (waiting for approval) to Malpedia to better reflect that.
2021-02-24 21:55:04 +05:30
Thomas Dupuy
eeafff9768
Add RDAT backdoor
2021-02-23 11:15:31 -05:00
Delta-Sierra
eb07fab69f
add Ragnar Locker and update accordingly
2021-02-23 16:21:07 +01:00
Delta-Sierra
06ae10965b
add Covidloc and tycoon ransomware + small updates on some ransomwares
2021-02-22 16:39:47 +01:00
Delta-Sierra
7c1ac58141
add TeamTNT
2021-02-22 16:38:18 +01:00
Thijsvanede
e9eb0c7a6c
Fix: rename "Innitial Access" to "Initial Access"
...
Renamed mitre-ics-tactics "Innitial Access" to "Initial Access".
Original was a minor spelling mistake.
The fixed naming corresponds to the original ATT&CK framework description https://collaborate.mitre.org/attackics/index.php/Initial_Access
2021-02-19 12:01:47 +01:00
Thomas Dupuy
178e16dc13
Remove empty values.
2021-02-16 10:32:37 -05:00
Thomas Dupuy
4a7560d191
Add Exaramel and P.A.S. webshell tool.
2021-02-15 12:52:53 -05:00
Thomas Dupuy
93396c524d
Add Caterpillar WebShell.
2021-02-12 12:00:17 -05:00
Delta-Sierra
96bf0d44ea
Merge https://github.com/MISP/misp-galaxy
2021-02-09 14:52:58 +01:00
Daniel Plohmann
d61e7d2fac
adding ClearSky alias for Volatile Cedar
...
adding ClearSky report as source and alias to the VolatileCedar entry. As proof from the report: "We attributed the operation to Lebanese Cedar (also known as Volatile Cedar), mainly based on the code overlaps between the 2015 variants of Explosive RAT and Caterpillar WebShell, to the 2020 variants of these malicious files."
2021-01-29 10:39:18 +01:00
Koen Van Impe
87b22f363c
Move cfr-type-of-incident to meta
2021-01-28 12:25:39 +01:00
Koen Van Impe
23778666ba
RSIT Galaxy/Cluster
2021-01-28 10:03:12 +01:00
StefanKelm
fb35646406
Update threat-actor.json
...
Lazarus
2021-01-26 14:38:37 +01:00
Thomas Dupuy
f964514ec5
Add HyperBro in tools
2021-01-20 13:44:28 -05:00
Thomas Dupuy
9df95031a7
Update ZxShell tool.
2021-01-20 13:27:51 -05:00
StefanKelm
a131a7ce98
Update threat-actor.json
...
Lazarus
2021-01-20 17:43:18 +01:00
3c19c7c1e5
Merge pull request #617 from danielplohmann/patch-4
...
merge COVELLITE into Lazarus Group
2021-01-17 16:05:13 +01:00
Daniel Plohmann
ca66fcd93a
merge COVELLITE into Lazarus Group
...
I would propose to move COVELLITE as tracked by Dragos as an alias into Lazarus Group and merge the references.
Dragos' own description states that it refers to the same group as "Lazarus" and "Hidden Cobra" in that infrastructure and tools are the same: https://www.dragos.com/threat-activity-groups/ - the entry in MISP's threat actor library also reflects that.
2021-01-17 15:07:26 +01:00
Rony
91e87cf82c
Update threat-actor.json
...
Don't know how StarCraft
2021-01-17 12:21:34 +05:30
Daniel Plohmann
edcc3c0bc1
merging ScarCruft->APT37
...
I would like to propose merging entry "ScarCruft" into "APT37". It really just seems like a redundancy, as both its aliases "Operation Daybreak" and "Operation Erebus" are already present for "APT37", along alias "StarCruft", which just seems to be a less popular variation of the name ("StarCruft" 3.2k google hits vs "ScarCruft" 31.5k google hits). The references of the entry can be fully merged as well - they do not overlap so far.
2021-01-15 18:52:49 +01:00
Delta-Sierra
a6f7795952
fix merge
2021-01-12 10:38:33 +01:00
2b356a9eb0
chg: [threat-actor] UNC2452/DarkHalo added - ref. #614
2021-01-12 07:01:36 +01:00
184d57f0a2
chg: [ransomware] Babuk Ransomware added
2021-01-05 19:11:28 +01:00
4454b58743
chg: [ransomware] RegretLocker added
2020-12-30 14:14:09 +01:00
Rony
3240aa819f
Update threat-actor.json
2020-12-14 11:54:41 +05:30
Rony
2ffb77b35b
BISMUTH
2020-12-14 10:41:15 +05:30
Delta-Sierra
31f96513b2
update sidewinder threat actor
2020-12-11 16:09:33 +01:00
ac86ebd5f6
Merge pull request #609 from StefanKelm/master
...
Update threat-actor.json
2020-12-09 22:16:49 +01:00
Delta-Sierra
ebd31b7376
add BazarBackdoor
2020-12-09 16:42:32 +01:00
Delta-Sierra
d3a9cf742a
add RansomEXX
2020-12-09 16:32:02 +01:00
Delta-Sierra
3daaa30aed
Merge https://github.com/MISP/misp-galaxy
2020-12-07 16:20:36 +01:00
StefanKelm
5dc92995f6
Update threat-actor.json
...
DeathStalker, Mabna
2020-12-04 11:43:06 +01:00
StefanKelm
4fee985b5e
Update threat-actor.json
...
Turla
2020-12-03 13:05:14 +01:00
StefanKelm
72e085aba9
Update threat-actor.json
...
OceanLotus
2020-12-02 11:44:29 +01:00
StefanKelm
15b5f4c881
Update threat-actor.json
...
APT27
2020-11-30 11:49:23 +01:00
Delta-Sierra
e81d3c63d5
Merge https://github.com/MISP/misp-galaxy
2020-11-27 12:47:20 +01:00
Christophe Vandeplas
9a731470d3
chg: [att&ck] update to latest MITRE ATT&CK version
2020-11-25 07:45:48 +01:00
StefanKelm
da910c0c2e
Update threat-actor.json
2020-11-18 19:15:11 +01:00
Delta-Sierra
7af75bb222
add Darkside ransomware
2020-11-18 16:10:49 +01:00
StefanKelm
48ffaa8ce1
Update threat-actor.json
...
Lazarus
2020-11-18 12:10:23 +01:00
snurilov
44e9da1390
Add ConfuserEx and Beds Protector .NET packers to tools.json cluster
...
Add ConfuserEx and Beds Protector .NET packers to tools.json cluster
2020-11-11 23:09:03 -05:00
snurilov
3f4683d8a3
Update rat.json to include Iperius Remote
...
Add Iperius Remote to the rat.json cluster.
2020-11-09 23:45:16 -05:00
StefanKelm
bf5bdeacb0
Update threat-actor.json
...
OceanLotus
2020-11-09 14:39:55 +01:00
StefanKelm
41a7a36317
Update threat-actor.json
...
Kimsuky
2020-11-02 17:30:25 +01:00
Rony
333e55fbeb
remove duplicate!
2020-11-02 14:18:49 +05:30
Rony
000cfa68a8
Update threat-actor.json
...
Added TRACER KITTEN, FIN11, UNC1878, Operation Skeleton Key
2020-11-02 13:51:08 +05:30
Deborah Servili
28784683db
Merge branch 'main' into master
2020-10-30 16:17:27 +01:00
Delta-Sierra
88bbf8851c
jq
2020-10-30 16:14:02 +01:00
Delta-Sierra
be672b8d3a
update microsoft activity groups
2020-10-30 14:53:20 +01:00
5d31753e6a
chg: [cryptominer] updated
2020-10-30 09:48:08 +01:00
24f05749f0
Merge branch 'master' of https://github.com/enhanced/misp-galaxy into enhanced-master
2020-10-30 09:47:45 +01:00
JJ Cummings
c48a38c2f1
Added a new cryptominer galaxy and additional missing recent families to various clusters
2020-10-29 14:40:22 -06:00
StefanKelm
808c2c3828
Update threat-actor.json
...
Kimsuky
2020-10-28 12:52:06 +01:00
b41e3d4f50
chg: [rename] tea matrix
2020-10-23 15:57:13 +02:00
e5ea22a3b0
chg: [tea] matrix updated to include brewing time and the milk attack technique
2020-10-23 11:51:50 +02:00
0ccbdb862b
chg: [tea] first version
2020-10-23 11:16:50 +02:00
Christophe Vandeplas
2334676e64
chg: [att&ck] no tag for subtechnique
2020-10-18 20:14:05 +02:00
Christophe Vandeplas
d58dd1fca2
new: [att&ck] support for subtechniques
2020-10-18 20:00:48 +02:00
Daniel Plohmann
02bcf1f5a7
adding PowerPool alias IAmTheKing (Kaspersky)
...
after a quick search I haven't found a nice source except for costin's tweet.
2020-10-09 13:49:16 +02:00
StefanKelm
7bab41e367
Update threat-actor.json
...
TA505
2020-10-06 15:29:54 +02:00
StefanKelm
1d05f17507
Update threat-actor.json
...
XDSpy
2020-10-06 12:45:43 +02:00
Christophe Vandeplas
32b142c8e0
fixes issues in attack-ics
2020-10-02 16:54:21 +02:00
Christophe Vandeplas
f95e88b1f9
MITRE ATT&CK for ICS fixes #586
...
fixed issues in pull request #586
2020-10-01 20:42:40 +02:00
StefanKelm
18eebc01f6
Lazarus
2020-09-29 12:02:16 +02:00
Bart
2b51f7b6de
Update threat-actor.json
...
Add Machete alias
2020-09-27 18:37:24 +02:00
StefanKelm
e95fbb571d
Update threat-actor.json
...
GADOLINIUM
2020-09-25 11:52:34 +02:00
StefanKelm
3ad3d5f318
Update threat-actor.json
...
APT28
2020-09-22 18:07:33 +02:00
Deborah Servili
d48216031a
add Sepulcher RAT
2020-09-22 16:23:39 +02:00
Deborah Servili
4f3b6945c0
Merge https://github.com/MISP/misp-galaxy
2020-09-22 12:17:42 +02:00
Rony
d1c70b3d80
FBI FLASH AC-000133-TT
2020-09-17 11:05:00 +05:30
Rony
4d4a462d7a
Update threat-actor.json
...
Adding Fox-Kitten and cleaned (or improved) winnti
2020-09-17 00:07:40 +05:30
Deborah Servili
0fe525a9db
Merge https://github.com/MISP/misp-galaxy
2020-09-16 10:22:38 +02:00
Deborah Servili
00b5d0d116
add refs
2020-09-16 10:08:31 +02:00
Daniel Plohmann (jupiter)
7b00674c77
Adding TA413 and Evilnum
2020-09-15 14:19:22 +02:00
StefanKelm
63030f2cfe
Update threat-actor.json
...
APT33
2020-09-14 12:01:53 +02:00
StefanKelm
3cc3cc461a
Update threat-actor.json
...
STRONTIUM
2020-09-11 11:38:06 +02:00
Raphaël Vinot
405d5f1fe9
fix: Sort keys, fix tests
2020-09-08 10:51:24 +02:00
9e519962c6
chg: [botnet] Katura mess added
2020-09-07 12:41:39 +02:00
StefanKelm
57a31fd60c
Update threat-actor.json
...
Lazarus, FIN7
2020-09-03 14:44:10 +02:00
StefanKelm
503d421a56
Update threat-actor.json
...
TA542
2020-08-31 15:07:13 +02:00
VVX7
4635146b00
chg: [dev] jq
2020-08-22 13:06:42 -04:00
VVX7
1cddf4b7cd
new: [dev] fix empty strings, lists
2020-08-22 12:59:05 -04:00
VVX7
b4c3ffc8eb
new: [dev] add ASPI's China Defence University Tracker.
...
Thanks to Cormac Doherty for writing the web scraper! To update the galaxy run the included gen_defence_university.py script.
"The China Defence Universities Tracker is a database of Chinese institutions engaged in military or security-related science and technology research. It was created by ASPI’s International Cyber Policy Centre.
It includes entries on nearly 100 civilian universities, 50 People’s Liberation Army institutions, China’s nuclear weapons program, three Ministry of State Security institutions, four Ministry of Public Security universities, and 12 state-owned defence industry conglomerates.
The Tracker is a tool to inform universities, governments and scholars as they engage with the entities from the People’s Republic of China. It aims to build understanding of the expansion of military-civil fusion—the Chinese government’s policy of integrating military and civilian efforts—into the education sector.
The Tracker should be used to inform due diligence of Chinese institutions. However, the fact that an institution is not included here does not indicate that it should not raise risks or is not involved in defence research. Similarly, entries in the database may not reflect the full range and nature of an institution’s defence and security links." - ASPI (https://unitracker.aspi.org.au/about/ )
2020-08-21 11:24:22 -04:00
rmkml
e02ac52566
add Conti Ransomware
2020-08-15 22:10:49 +02:00
Thomas Dupuy
4009ef9997
Fix: remove comma
2020-08-14 13:01:37 -04:00
Thomas Dupuy
d0c6b7b46d
Update Tonto Team/CactusPete threat actor
2020-08-13 15:57:33 -04:00
Thomas Dupuy
72554ed71c
Add Drovorub tool
2020-08-13 15:08:32 -04:00
Thomas Dupuy
4130d7c6fc
Update TA APT40
2020-08-13 12:22:36 -04:00
Daniel Plohmann
8407b6fd28
Update threat-actor.json
...
adding Kaspersky's name for Microcin.
2020-08-12 12:03:28 +02:00
Thomas Dupuy
9cadabba7a
Add WellMess and WellMail
2020-08-11 12:37:28 -04:00
rmkml
6d10e3a37d
add Ragnarok Ransomware
2020-08-02 20:46:32 +02:00
Vasileios Mavroeidis
40d12b9dde
Motive correction based on the EU Cert motive taxonomy
...
Changed the motive in object 29af2812-f7fb-4edb-8cc4-86d0d9e3644b from Hactivism-Nationalist to Hacktivists-Nationalists
2020-07-28 11:43:46 +02:00
44afaf2523
chg: [threat-actor] remove duplicate references
2020-07-27 09:57:41 +02:00
StefanKelm
86c54cbd8c
Update threat-actor.json
...
OilRig
2020-07-23 11:07:22 +02:00
Raphaël Vinot
c174f613c5
fix: Name of SoD Matrix cluster to match galaxy.
...
Fix #566
2020-07-22 11:52:27 +02:00
Steve Clement
df6bed3d3a
Merge pull request #563 from r0ny123/patch-1
2020-07-22 09:14:13 +09:00
StefanKelm
17a1feb016
Update threat-actor.json
...
Turla
2020-07-15 11:20:18 +02:00
Rony
c33f4c7611
Update threat-actor.json
...
Moved the JUDGMENT PANDA references to APT31 following the previous commit.
Off note, Crowdstrike quietly removed the JUDGMENT PANDA section from its GTR-2019 report. However if anyone wants to grab the unchanged report, they can get it [here](https://b-ok.asia/book/3697424/2ab30a ).
2020-07-12 12:57:24 +05:30
Rony
b77b9d374c
Update threat-actor.json
2020-07-12 11:19:13 +05:30
Koen Van Impe
d3e22ef14c
SoD Matrix
...
Described at https://github.com/cudeso/SoD-Matrix
2020-07-10 14:08:45 +02:00
Deborah Servili
84474ddb29
merge
2020-07-09 16:31:04 +02:00
Deborah Servili
865e76beae
commit
2020-07-07 14:47:44 +02:00
ba46bb6a0b
chg: [threat-actor] fix #561 by using new meta to classify as a campaign only.
...
Based on https://github.com/MISP/misp-galaxy/issues/469
There is an old and persistence issue in attribution world and basically no-one really agrees on this. So we decided to start a specific metadata `threat-actor-classification` on the threat-actor to define the various types per cluster entry:
- _operation_:
- _A military operation is the coordinated military actions of a state, or a non-state actor, in response to a developing situation. These actions are designed as a military plan to resolve the situation in the state or actor's favor. Operations may be of a combat or non-combat nature and may be referred to by a code name for the purpose of national security. Military operations are often known for their more generally accepted common usage names than their actual operational objectives._ from Wikipedia
- **In the context of MISP threat-actor name, it's a single specific operation.**
- _campaign_:
- _The term military campaign applies to large scale, long duration, significant military strategy plans incorporating a series of inter-related military operations or battles forming a distinct part of a larger conflict often called a war. The term derives from the plain of Campania, a place of annual wartime operations by the armies of the Roman Republic._ from Wikipedia
- **In the context of MISP threat-actor-name, it's long-term activity which might be composed of one or more operations.**
- threat-actor
- **In the context of MISP threat-actor-name, it's an agreed name by a set of organisations.**
- activity group
- **In the context of MISP threat-actor-name, it's a group defined by its set of common techniques or activities.**
- unknown
- **In the context of MISP threat-actor-name, it's still not clear if it's an operation, campaign, threat-actor or activity group**
The meta field is an array to allow specific cluster of threat-actor to show the current disagreement between different organisations about the type (threat actor, activity group, campaign and operation).
2020-07-07 09:13:21 +02:00
164e54c3fe
Merge branch 'master' of github.com:MISP/misp-galaxy
2020-07-02 09:55:42 +02:00
StefanKelm
14665429d7
Update threat-actor.json
...
APT31
2020-06-25 16:23:00 +02:00
StefanKelm
92bc206879
Update threat-actor.json
...
APT30
2020-06-23 14:54:09 +02:00
Rony
bc97b07089
Update threat-actor.json
2020-06-21 19:19:17 +05:30
StefanKelm
583f1d2fc2
Update threat-actor.json
...
TA505
2020-06-17 11:56:29 +02:00
0cb36249a4
chg: [jq] all the things
2020-06-12 09:26:30 +02:00
Rony
29be5ac7e1
fixed typo!
2020-06-12 00:09:59 +05:30
Rony
9365bfb7cd
Adding GALLIUM Threat Actor
2020-06-11 23:42:35 +05:30
StefanKelm
f042f98247
Update threat-actor.json
...
Higaisa
2020-06-08 14:09:39 +02:00
StefanKelm
9c25d5e8c5
Update threat-actor.json
...
Cycldek
2020-06-04 17:18:45 +02:00
3867b1f602
Merge pull request #552 from danielplohmann/reference-fixes
...
Reference fixes
2020-05-29 09:26:05 +02:00
2a074f23fd
chg: [preventive-measure] packet filtering added
2020-05-27 10:02:16 +02:00
Daniel Plohmann (jupiter)
a705d1402f
fixing deadlinks where possible
2020-05-27 09:49:58 +02:00
Daniel Plohmann (jupiter)
171f272a1e
default to HTTPS to be consistent with other links to same page
2020-05-27 09:27:52 +02:00
8a0a4cb02d
Merge pull request #551 from nyx0/master
...
Add CrackMapExec, metasploit, Cobalt Strike and Covenant
2020-05-27 09:10:08 +02:00
Thomas Dupuy
291fb41502
Remove duplicate TA (Chafer), fix symantec link, add synonyme for DarkHotel
2020-05-26 09:50:43 -04:00
Thomas Dupuy
143bd521be
Add CrackMapExec, metasploit, Cobalt Strike and Covenant
2020-05-26 09:35:01 -04:00
Rony
fbd351590a
Update threat-actor.json
2020-05-24 23:18:54 +05:30
Rony
5f8094d16f
fix
2020-05-24 23:14:43 +05:30
b5bbc34f5d
chg: [threat-actor] remove the non-unique elements
2020-05-22 14:01:32 +02:00
Nils Kuhnert
fbfe9d23c3
Merged (most) SecureWorks threat actor profiles && jq
2020-05-22 13:45:29 +02:00
iglocska
dee9a56460
fix: small fixes to the bhadra framework
2020-05-19 16:45:40 +02:00
iglocska
43703f1a96
new: added Bhadra framework for mobile attacks
...
- based on the paper published here: https://arxiv.org/pdf/2005.05110.pdf
- thanks to the ATT&CK EU community conference speakers highlighting this framework!
2020-05-19 16:34:59 +02:00
006b61bc44
Merge pull request #547 from Delta-Sierra/master
...
add Snake Ransomware
2020-05-15 17:55:47 +02:00
Deborah Servili
b943a7daca
fix missing description
2020-05-15 09:00:34 +02:00
Deborah Servili
6d6da39da4
add Snake Ransomware
2020-05-13 11:58:33 +02:00
Daniel Plohmann
5101c5a828
msft name: BORON for APT3
...
as per tweet: https://twitter.com/bkMSFT/status/1259578051962306562
2020-05-11 15:37:38 +02:00
09429eda5a
chg: [ta] fix the JSON
2020-05-11 10:20:10 +02:00
Thomas Dupuy
fc9505cadf
Add Sednit's Exploit-kit Sedkit
2020-05-08 13:29:14 -04:00
Thomas Dupuy
69fe870803
Add Higaisa Threat Actor
2020-05-08 13:01:48 -04:00
Deborah Servili
1d331a9ab1
Merge branch 'master' into master
2020-04-28 15:19:38 +02:00
Thomas Dupuy
46a6d9fcb1
Add DenesRAT/METALJACK
2020-04-28 01:08:50 -04:00
2a70893352
chg: [jq] JSON fixed
2020-04-27 15:03:25 +02:00
de Rosen
a428ad565e
Added misp info
2020-04-27 15:16:33 +03:00
Deborah Servili
f6fd07fbc9
add speculoos bakdoor
2020-04-27 09:36:23 +02:00
86157a6b96
Merge pull request #539 from r0ny123/MergingTA
...
Adding alias Thallium and merging STOLEN PENCIL
2020-04-26 21:16:56 +02:00
Rony
112f9e4a08
Adding alias Thallium and merging STOLEN PENCIL
...
Pretty much confirmed from the crowdstrike talk at ATT&CKon 2.0.
And also Netscout named the campaign as STOLEN PENCIL.
2020-04-26 23:47:37 +05:30
de71a444f8
chg: [json] add missing comma
2020-04-26 14:23:59 +02:00
rvs1st
d449eb94fc
Update threat-actor.json
...
Added on line 1403: Trident per campaign malicious RTF documents to exploit CVE-2017-11882 and CVE-2012-0158
2020-04-24 09:03:58 -05:00
4234d44052
Merge pull request #537 from danielplohmann/patch-28
...
Adding Nazar APT as described by JAGS in his OPCDE talk yesterday.
2020-04-24 15:33:47 +02:00
Daniel Plohmann
858621ebdc
Adding Nazar APT as described by JAGS in his OPCDE talk yesterday.
2020-04-23 15:47:35 +02:00
Daniel Plohmann
b0f0bbae33
adding VOYEUR as alias (used by NSA) for MAGIC KITTEN (source reference included)
2020-04-23 14:52:08 +02:00
Deborah Servili
6b49d81b13
Merge branch 'master' of https://github.com/MISP/misp-galaxy
2020-04-23 10:06:04 +02:00
itayc0hen
667d5b8850
Add ItaDuke/DarkUniverse actor
2020-04-22 19:44:38 +03:00
pnx@pyrite
974ece3a7c
adding FIN1
2020-04-20 14:20:22 +02:00
Rony
aa34775390
typo
...
thanks to @patricksvgr
2020-04-19 23:17:44 +05:30
Rony
ddfa280672
Update threat-actor.json
2020-04-19 23:06:57 +05:30
Rony
7ac2648dbc
more fix
2020-04-19 23:00:42 +05:30
Rony
573b4807ee
fix broken links
2020-04-19 16:03:21 +05:30
Rony
42a4820823
dead link
2020-04-19 11:45:45 +05:30
Rony
0aa34187e9
add link
2020-04-19 11:29:36 +05:30
Rony
d6bf42254f
Merging APT23 & Tropic Trooper
2020-04-18 13:22:25 +05:30
Rony
c161080175
Update threat-actor.json
2020-04-15 21:36:48 +05:30
Deborah Servili
e8edc9cafc
Merge branch 'master' of https://github.com/MISP/misp-galaxy
2020-04-15 11:27:01 +02:00
Deborah Servili
b01e64eb1f
add Operation Shadow Forece
2020-04-08 14:53:19 +02:00
Daniel Plohmann
aba625dee5
removed duplicate entry
2020-04-07 08:49:33 +02:00
Daniel Plohmann
e15a4a6525
fixing/removing some more dead links
2020-04-06 15:25:22 +02:00
Deborah Servili
7859c8dbd7
Add coronavirus ransomware
2020-04-03 16:19:45 +02:00
Deborah Servili
8a3422acb4
add Pyta ransomnotes
2020-04-03 11:58:02 +02:00
Deborah Servili
c566c89f2a
add pyza ransomware
2020-03-27 14:22:34 +01:00
c7104e8819
chg: [country] jq all
2020-03-23 13:09:14 +01:00
iglocska
777c3188db
new: [country] galaxy added
2020-03-23 12:10:16 +01:00
35a57c36bf
Merge pull request #526 from Delta-Sierra/master
...
PARINACOTA group
2020-03-12 23:23:05 +01:00
Deborah Servili
a706b8ef2e
PARINACOTA group
2020-03-12 13:11:46 +01:00
e37f320df5
Merge pull request #523 from danielplohmann/patch-24
...
adding aliases MERCURY, HOLMIUM
2020-03-09 21:56:27 +01:00
Daniel Plohmann
ab49ef3c1a
Kimsuki -> Black Banshee
...
PWC refers to Kimsuki as Black Banshee (https://www.pwc.co.uk/issues/cyber-security-data-privacy/research/tracking-kimsuky-north-korea-based-cyber-espionage-group-part-2.html )
2020-03-09 18:20:56 +01:00
Daniel Plohmann
1260ab156a
adding aliases MERCURY, HOLMIUM
...
Muddywater->MERCURY: https://twitter.com/moranned/status/1234071210822184960
APT33->HOLMIUM: https://www.zdnet.com/article/microsoft-notified-10000-victims-of-nation-state-attacks/
2020-03-09 08:50:08 +01:00
e81c91e3e9
Merge pull request #522 from Delta-Sierra/master
...
add sdbbot
2020-03-06 15:24:14 +01:00
Deborah Servili
b007d5d3ce
add SdBbot
2020-03-06 14:33:19 +01:00
a407ddcc5b
Merge branch 'master' of github.com:MISP/misp-galaxy
2020-03-05 10:49:15 +01:00
375db26505
chg: [malpedia] fixes
2020-03-05 10:48:28 +01:00
4a64d0a4ad
Merge pull request #519 from danielplohmann/crowdstrike2020report
...
adding new/updated threat actor names from CrowdStrike 2020 report
2020-03-05 09:07:16 +01:00
Corsin Camichel
66aa5c3b13
fixing a comma error
2020-03-04 21:13:01 +01:00
Daniel Plohmann (jupiter)
0c2b0b76eb
while we are at it, we can also do Longhorn = APT-C-39
2020-03-04 21:09:06 +01:00
Corsin Camichel
a5a7c21c79
adding Raccoon (win.raccoon)
2020-03-04 21:02:51 +01:00
Daniel Plohmann (jupiter)
184f193342
IMPERIAL KITTEN as alias for Tortoiseshell
2020-03-04 19:39:14 +01:00
pnx@pyrite
3dc460e795
adding new/updated threat actor names from CrowdStrike 2020 report
2020-03-04 13:36:34 +01:00
Daniel Plohmann
dc059d1f4d
Accenture calls APT32 - "POND LOACH"
2020-03-03 19:40:50 +01:00
Deborah Servili
d8ea0f865c
add clop ransomware extension
2020-03-02 13:33:38 +01:00
b4b91b1e5d
chg: [threat-actor] JSON fixed
2020-02-28 16:37:24 +01:00
4c7532984a
Merge branch 'master' of https://github.com/nyx0/misp-galaxy into nyx0-master
2020-02-28 16:36:56 +01:00
Deborah Servili
0d4745d55f
Merge branch 'master' of https://github.com/MISP/misp-galaxy
2020-02-28 11:38:20 +01:00
Deborah Servili
a61f8d7049
add extension to clop ransomware
2020-02-28 11:37:54 +01:00
ee63756cc5
Merge pull request #516 from rmkml/master
...
add MedusaLocker ransomware
2020-02-23 16:06:45 +01:00
rmkml
590e292b68
add MedusaLocker ransomware
2020-02-23 16:01:45 +01:00
Deborah Servili
29bf20e89b
add razor ransomware
2020-02-19 15:55:29 +01:00
Thomas Dupuy
0daeb675f5
Add InvisiMole cluster
2020-02-18 13:28:32 -05:00
c98093e6fe
Merge pull request #513 from danielplohmann/patch-20
...
adding APT-C-12
2020-02-13 21:56:34 +01:00
Daniel Plohmann
e481e9bb50
adding APT-C-12
2020-02-13 17:44:45 +01:00
Deborah Servili
f196bad4a1
add tools used by TA505 + others
2020-02-12 15:39:16 +01:00
Deborah Servili
66a721fcd3
Merge branch 'master' of https://github.com/MISP/misp-galaxy
2020-02-12 15:00:30 +01:00
Deborah Servili
b46f9b68fe
add warzone RAT
2020-02-06 13:39:58 +01:00
33aa1c8f3f
Merge pull request #510 from Delta-Sierra/master
...
add ransomwares
2020-02-06 09:53:19 +01:00
Deborah Servili
46fe9cb82b
add ransomwares
2020-02-06 09:29:33 +01:00
Rony
22c9badee0
Update threat-actor.json
...
those are the name of aliases of the same malware family sykipot. so removing it.
2020-02-05 18:00:31 +05:30
Deborah Servili
5da17d51aa
Merge branch 'master' into master
2020-01-24 09:33:33 +01:00
Deborah Servili
606e3ec90f
jq
2020-01-24 09:32:09 +01:00
6d078a88dd
chg: [ransomware] Nodera ransomware added
2020-01-24 09:04:38 +01:00
Deborah Servili
58415324c5
add Operation Wocao
2020-01-24 08:27:20 +01:00
Thomas Dupuy
edc5196373
Add Attor and DePriMon
2020-01-23 11:27:00 -05:00
Daniel Plohmann
ccfe5ee130
removing and fixing deadlinks in the best possible way
...
Hi! While migrating Malpedia to our new reference data format, we noticed a few potentially dead/moved references in your cluster. This pull request should fix most of them, for some I was not able to find an appropriate replacement.
2020-01-23 11:14:20 +01:00
Daniel Plohmann
29a128da6f
adding references and TEMP.MixMaster as alias for WIZARD SPIDER
...
with kudos to @tbarabosch
2020-01-22 15:42:01 +01:00
911c2bf0bf
Merge pull request #504 from Delta-Sierra/master
...
update target location galaxy
2020-01-21 11:06:56 +01:00
Deborah Servili
8421bde291
complete Zimbabwe cluster
2020-01-21 10:51:07 +01:00
Deborah Servili
f364e51d24
update target location galaxy
2020-01-20 14:46:03 +01:00
dbaab413b6
chg: [threat-actor] typo fixed
2020-01-18 17:30:27 +01:00
564f27c5ca
chg: [threat-actor] format fixed
2020-01-18 17:26:45 +01:00
34c5c66279
chg: [threat-actor] fix order
2020-01-18 17:08:32 +01:00
8eeceafc51
chg: [threat-actor] Budminer APT added based on document from "Soesanto, Stefan"
...
Ref: https://www.research-collection.ethz.ch/bitstream/handle/20.500.11850/389371/1/Cyber-Reports-2020-01-A-one-sided-Affair.pdf
Ref: https://www.symantec.com/connect/blogs/taiwan-targeted-new-cyberespionage-back-door-trojan
2020-01-18 17:02:44 +01:00
StefanKelm
027d94e68a
Update ransomware.json
2020-01-16 16:59:22 +01:00
StefanKelm
f53a92065c
Update ransomware.json
...
5ss5c
2020-01-16 16:46:38 +01:00
Deborah Servili
5ec817b499
Merge branch 'master' into master
2020-01-15 14:36:01 +01:00
Deborah Servili
32961527aa
add Autochk Rootkit as tool
2020-01-15 13:41:53 +01:00
Deborah Servili
bfcc867ee6
add two wipers to tools
2020-01-14 15:54:06 +01:00
3c90322fd8
Merge pull request #500 from Delta-Sierra/master
...
update target information
2020-01-08 16:22:24 +01:00
StefanKelm
5832893d4f
Update tool.json
...
LiquorBot
2020-01-08 16:04:22 +01:00
Deborah Servili
53df69a1eb
update target information
2020-01-08 15:50:47 +01:00
StefanKelm
bf4fc92066
Update tool.json
...
Lampion
2020-01-07 13:14:08 +01:00