Delta-Sierra
fd6bccae8b
Merge https://github.com/MISP/misp-galaxy
2023-10-09 09:18:51 +02:00
Delta-Sierra
73d7c038b2
adding targeted sectors
2023-10-09 09:18:43 +02:00
Daniel Plohmann
1b33cad11d
adding aliases to ProphetSpider
2023-10-04 16:39:01 +01:00
8760ea0c52
Merge branch 'main' of github.com:MISP/misp-galaxy into main
2023-10-04 10:49:56 +02:00
89a193d315
fix: [threat-actor] version updated + jq all the things
2023-10-04 10:48:44 +02:00
Paul Stark
ce7d54c96a
chg [misp-galaxy] update Nigeria from name to 2-digit code
2023-10-03 11:56:45 -04:00
jstnk9
89ab7728b0
updated TA505 countries and industries affected
...
updated TA505 countries and industries affected
2023-10-03 12:44:44 +02:00
Mathieu Beligon
e6266e8e59
fixes
2023-10-02 19:25:10 +02:00
Mathieu Beligon
081b2e619b
fixes
2023-10-02 19:18:00 +02:00
Mathieu Beligon
b2599deaae
fixes
2023-10-02 19:17:47 +02:00
Mathieu Beligon
0fba8d3f27
[threat-actors] bump version
2023-10-02 15:19:20 +02:00
Mathieu Beligon
b8f8fce4b6
[threa-actors] Add Scattered Spider
2023-10-02 15:17:40 +02:00
Mathieu Beligon
e393780af8
[threa-actors] Add Scattered Canary
2023-10-02 15:11:10 +02:00
67543e2437
chg: [galaxy] duplicate UUIDs removed
2023-09-26 11:17:44 +02:00
b79b75dba4
chg: [malpedia] duplicate refs removed
2023-09-26 10:58:46 +02:00
5d01afb537
chg: [malpedia] jq all the things
2023-09-26 10:48:49 +02:00
fl0x2208
a9a051ffaa
malpedia 2023 September update
...
malpedia 2023 September update
2023-09-26 12:27:10 +10:00
5437fac633
chg: [sigma] updated
2023-09-24 12:05:54 +02:00
5d78834520
Merge pull request #866 from Mathieu4141/actors/add-storm-0324
...
[threat-actors] Add Storm-0324
2023-09-16 11:02:33 +02:00
Mathieu Beligon
e2fd005821
[threat-actors] Add Storm-0324
2023-09-15 16:29:45 +02:00
Delta-Sierra
ac4d003c3e
fix caps
2023-09-15 16:00:38 +02:00
Delta-Sierra
5efe483858
adding targeted sectors
2023-09-15 15:49:43 +02:00
Delta-Sierra
2aa0fb22ba
finish fixing Botswana infos into Brazil cluster
2023-09-15 10:32:26 +02:00
Delta-Sierra
3e834ed49c
Merge https://github.com/MISP/misp-galaxy
2023-09-15 10:27:29 +02:00
Delta-Sierra
db23d6eb4c
adding targeted sectors
2023-09-15 10:21:44 +02:00
Delta-Sierra
214ac5d329
fix caps
2023-09-15 10:07:19 +02:00
Fabio Nitto
8c195aee06
Update target-information.json
...
Fixing information about Brazil.
2023-09-12 11:51:50 -03:00
Delta-Sierra
df0e103727
Add targeted sectors
2023-09-08 11:08:08 +02:00
Delta-Sierra
dc498bd199
more targeted-sectors meta
2023-08-28 15:06:57 +02:00
Delta-Sierra
23b9105aee
add Non-profit organisation sector
2023-08-25 15:20:17 +02:00
Delta-Sierra
639686be75
Merge https://github.com/MISP/misp-galaxy
2023-08-24 09:13:58 +02:00
Delta-Sierra
090b501c4c
add targeted sectors meta
2023-08-24 09:03:57 +02:00
Daniel Plohmann
d978998a5d
RecordedFuture: RedHotel == EarthLusca
2023-08-23 14:02:15 +02:00
34b86e4abc
Merge pull request #859 from jloehel/darkgate
...
chg [tool] Add DarkGate
2023-08-23 13:52:53 +02:00
12b935a31b
chg: [sigma] updated
2023-08-23 13:51:45 +02:00
Jürgen Löhel
37954a84f1
chg [tool] Add DarkGate
...
Source: https://malpedia.caad.fkie.fraunhofer.de/details/win.darkgate
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-08-23 11:53:25 +02:00
Daniel Plohmann (Saturn)
e207218534
version bump
2023-08-15 12:34:06 +02:00
Daniel Plohmann (Saturn)
4127ce9694
replaced various broken links with reachable equivalents
2023-08-15 12:32:51 +02:00
Daniel Plohmann
b083ae12bc
jq fix
2023-08-10 15:57:58 +02:00
Daniel Plohmann
c1d3164ef6
adding MoustachedBouncer
2023-08-10 15:49:11 +02:00
Daniel Plohmann
e228ffc432
alias Callisto -> BlueCharlie
...
not sure, if you also want to have the Microsoft names in here (I think they are tracked separately?), otherwise, that would be Star Blizzard according to the article.
2023-08-03 09:53:10 +02:00
dc29d5875e
chg: [sigma] updated
2023-08-02 23:58:22 +02:00
f5729ac23a
chg: [sigma] updated to the latest version
2023-07-31 10:22:23 +02:00
Rony
bce41d8cdb
Merge branch 'MISP:main' into Sea-Turtle
2023-07-28 16:38:03 +05:30
Rony
9b9ce4777a
chg: [threat-actor] added references, origin country, aliases to Sea Turtle
2023-07-28 11:04:11 +00:00
1568583acf
chg: [sigma] updated to the latest version
2023-07-28 11:30:15 +02:00
Thomas Dupuy
2dcd1d3544
upd: Add Worok TA and update APT-Q-12 to APT-C-60 as it was the first
...
name mention in an article.
2023-07-18 19:53:54 +00:00
caceb504fe
chg: [sigma] updated to the latest rules
2023-07-15 11:29:17 +02:00
Delta-Sierra
c51d177abd
add SmugX & RedDelta
2023-07-10 15:46:01 +02:00
7028860c0a
chg: [sigma] updated
2023-06-19 15:00:23 +02:00
Delta-Sierra
baf5bfe5cc
add Parties/Observers to the Budapest Convention
2023-06-19 14:14:47 +02:00
Delta-Sierra
20d3b3780a
merge
2023-06-19 08:35:48 +02:00
734d57edf5
chg: [sigma] updated
2023-05-31 09:43:33 +02:00
iglocska
14301a9c4c
chg: [threat actors] added Volt Typhoon
2023-05-25 07:29:48 +02:00
Delta-Sierra
e87b7bbf73
complete VENOM SPIDER threat actor
2023-05-23 11:43:20 +02:00
Delta-Sierra
18ee466ae4
add Hagga threat actor
2023-05-22 15:44:18 +02:00
Delta-Sierra
9c9561bce8
fix metasploit desc in value (ty cvandeplas)
2023-05-15 10:23:05 +02:00
Delta-Sierra
d202ed9f3f
Merge https://github.com/MISP/misp-galaxy
2023-05-15 09:54:25 +02:00
Delta-Sierra
a3fffacab3
add APT43 + tools
2023-05-15 08:41:17 +02:00
Christophe Vandeplas
02c50184bf
chg: [attck4fraud] Full merge of E.A.S.T. data + updated script
2023-05-13 09:50:14 +02:00
Christophe Vandeplas
1d9f59eb2d
chg: [attck4fraud] more manual updates with E.A.S.T. data
2023-05-13 08:43:21 +02:00
marjatech
21266365da
update malpedia
2023-05-11 14:34:41 +02:00
810cbe5b49
chg: [sigma] updated to the latest version
2023-05-11 10:27:48 +02:00
a27fda701b
Merge pull request #849 from danielplohmann/patch-34
...
adding APT43 (Mandiant) for Kimsuky.
2023-05-09 18:29:34 +02:00
Daniel Plohmann
094d56057c
adding APT43 (Mandiant) for Kimsuky.
2023-05-09 14:35:41 +02:00
Thomas Dupuy
bbbd006215
chg: [mitre] bump to v13.
2023-05-08 14:04:50 +00:00
Christophe Vandeplas
3c808921c3
chg: [attck4fraud] initial updates with E.A.S.T. data
...
https://www.association-secure-transactions.eu/industry-information/fraud-definitions/
2023-05-07 21:13:52 +02:00
c86c2a83ab
chg: [sigma] rules updated
2023-04-30 10:30:54 +02:00
3dff8e65cb
Merge pull request #847 from Delta-Sierra/main
...
add VEILEDSIGNAL and more
2023-04-27 17:21:35 +02:00
Delta-Sierra
1649c3dfca
Merge https://github.com/MISP/misp-galaxy
2023-04-27 10:04:30 +02:00
Delta-Sierra
bd050668ef
add VEILEDSIGNALand more
2023-04-27 09:53:49 +02:00
Sebastien Larinier
ddc285581d
Update threat-actor.json
2023-04-26 21:52:57 +02:00
Sebastien Larinier
d60cca9302
Update threat-actor.json
...
fix mistake
2023-04-26 21:46:33 +02:00
Sebastien Larinier
142d4aeaef
Update threat-actor.json
2023-04-26 14:26:48 +02:00
095c44e2ac
chg: [attck4fraud] add ATM cash trapping in the matrix
2023-04-26 07:48:29 +02:00
Jürgen Löhel
15297c7b5f
chg [threat-actors] Add RedGolf
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-04-24 16:59:18 -06:00
Christophe Vandeplas
79b80b0869
chg: [rels] more threat actor relations
2023-04-23 17:54:58 +02:00
Christophe Vandeplas
3c6c204f01
chg: [rels] more threat actor relations
2023-04-23 17:45:58 +02:00
Christophe Vandeplas
138c7c7ba8
chg: [rels] more relations on cluster "value"
2023-04-23 17:36:02 +02:00
Christophe Vandeplas
bf7c5f1dd9
chg: [rels] threat-actor & MS activity group - on synonym
2023-04-23 11:56:41 +02:00
Christophe Vandeplas
a5e7e0c95f
chg: [rels] threat-actor & MS activity group - on value
2023-04-23 11:55:57 +02:00
Christophe Vandeplas
f070943ee9
chg: [atrm] updated to latest version
2023-04-23 07:45:16 +02:00
adc7a70cf9
chg: [microsoft-activity-group] country code added
2023-04-21 07:39:37 +02:00
8688c41796
chg: [microsoft activity group] remove duplicate
2023-04-20 17:25:32 +02:00
592361826a
fix: [microsoft activity group] duplicate in Microsoft source
2023-04-20 17:20:57 +02:00
309f4f2ea5
chg: [microsoft-activity-group] updated following contribution from @botlabsDev script
2023-04-20 17:04:05 +02:00
2cc6bdfbc1
chg: [sigma] rules updated
2023-04-20 12:17:46 +02:00
Sebastien Larinier
862badf2c9
Update threat-actor.json
2023-04-19 17:41:44 +02:00
Sebastien Larinier
1c751b1ea8
Update threat-actor.json
2023-04-19 17:34:50 +02:00
Sebastien Larinier
165ce70a28
Merge branch 'MISP:main' into main
2023-04-19 16:48:02 +02:00
Sebastien Larinier
87ef0a400e
Update threat-actor.json
2023-04-19 15:42:14 +02:00
Sebastien Larinier
a77dc82c0a
Update threat-actor.json
...
new apt30 group
2023-04-19 15:35:36 +02:00
Delta-Sierra
063ac9fc71
jq?
2023-04-19 15:10:25 +02:00
Delta-Sierra
ecb7e79a6e
Merge https://github.com/MISP/misp-galaxy
2023-04-19 15:06:51 +02:00
Tobias Mainka
8d2b9537f1
replace "sector" tag with "country" for matching data. this allows to be confirm with existing clusters.
2023-04-19 12:38:37 +02:00
Sebastien Larinier
926035633f
Merge branch 'MISP:main' into main
2023-04-19 11:55:57 +02:00
ccc8f0f801
chg: [microsoft-activity-group] updated to map the new funky Microsoft "taxonomy"
...
Script to generate the cluster is the following, UUIDv5 based on
standard misp-stix source UUIDv4.
~~~python
lcluster = []
for v in data:
cluster = {}
cluster['value'] = v['threat_actor']
cluster['meta'] = {}
cluster['meta']['sector'] = v['sector']
cluster['meta']['synonyms'] = v['synonyms']
cluster['meta']['refs'] = []
cluster['meta']['refs'].append('https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide ')
_uuid = uuid.uuid5(uuid.UUID("76beed5f-7251-457e-8c2a-b45f7b589d3d"), "{}".format(cluster['value']))
cluster['uuid'] = str(_uuid)
lcluster.append(cluster)
~~~
Relationships might be added in a later stage to map with the MISP threat actor galaxy.
2023-04-19 10:47:11 +02:00
Daniel Plohmann
41afab1c06
adding Trend Micro alias Earth Smilodon for APT27
2023-04-18 20:11:57 +02:00
Delta-Sierra
6b8994271e
add relationships for HALFRIG & QUATTERRIG
2023-04-18 12:20:20 +02:00
Daniel Plohmann
02e23a9a47
adding Google alias HOODOO for APT41
2023-04-17 22:32:50 +02:00