Commit graph

2832 commits

Author SHA1 Message Date
Delta-Sierra
dc498bd199 more targeted-sectors meta 2023-08-28 15:06:57 +02:00
Delta-Sierra
23b9105aee add Non-profit organisation sector 2023-08-25 15:20:17 +02:00
Delta-Sierra
639686be75 Merge https://github.com/MISP/misp-galaxy 2023-08-24 09:13:58 +02:00
Delta-Sierra
090b501c4c add targeted sectors meta 2023-08-24 09:03:57 +02:00
Daniel Plohmann
d978998a5d
RecordedFuture: RedHotel == EarthLusca 2023-08-23 14:02:15 +02:00
34b86e4abc
Merge pull request #859 from jloehel/darkgate
chg [tool] Add DarkGate
2023-08-23 13:52:53 +02:00
12b935a31b
chg: [sigma] updated 2023-08-23 13:51:45 +02:00
Jürgen Löhel
37954a84f1
chg [tool] Add DarkGate
Source: https://malpedia.caad.fkie.fraunhofer.de/details/win.darkgate

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-08-23 11:53:25 +02:00
Daniel Plohmann (Saturn)
e207218534 version bump 2023-08-15 12:34:06 +02:00
Daniel Plohmann (Saturn)
4127ce9694 replaced various broken links with reachable equivalents 2023-08-15 12:32:51 +02:00
Daniel Plohmann
b083ae12bc
jq fix 2023-08-10 15:57:58 +02:00
Daniel Plohmann
c1d3164ef6
adding MoustachedBouncer 2023-08-10 15:49:11 +02:00
Daniel Plohmann
e228ffc432
alias Callisto -> BlueCharlie
not sure, if you also want to have the Microsoft names in here (I think they are tracked separately?), otherwise, that would be Star Blizzard according to the article.
2023-08-03 09:53:10 +02:00
dc29d5875e
chg: [sigma] updated 2023-08-02 23:58:22 +02:00
f5729ac23a
chg: [sigma] updated to the latest version 2023-07-31 10:22:23 +02:00
Rony
bce41d8cdb
Merge branch 'MISP:main' into Sea-Turtle 2023-07-28 16:38:03 +05:30
Rony
9b9ce4777a chg: [threat-actor] added references, origin country, aliases to Sea Turtle 2023-07-28 11:04:11 +00:00
1568583acf
chg: [sigma] updated to the latest version 2023-07-28 11:30:15 +02:00
Thomas Dupuy
2dcd1d3544 upd: Add Worok TA and update APT-Q-12 to APT-C-60 as it was the first
name mention in an article.
2023-07-18 19:53:54 +00:00
caceb504fe
chg: [sigma] updated to the latest rules 2023-07-15 11:29:17 +02:00
Delta-Sierra
c51d177abd add SmugX & RedDelta 2023-07-10 15:46:01 +02:00
7028860c0a
chg: [sigma] updated 2023-06-19 15:00:23 +02:00
Delta-Sierra
baf5bfe5cc add Parties/Observers to the Budapest Convention 2023-06-19 14:14:47 +02:00
Delta-Sierra
20d3b3780a merge 2023-06-19 08:35:48 +02:00
734d57edf5
chg: [sigma] updated 2023-05-31 09:43:33 +02:00
iglocska
14301a9c4c
chg: [threat actors] added Volt Typhoon 2023-05-25 07:29:48 +02:00
Delta-Sierra
e87b7bbf73 complete VENOM SPIDER threat actor 2023-05-23 11:43:20 +02:00
Delta-Sierra
18ee466ae4 add Hagga threat actor 2023-05-22 15:44:18 +02:00
Delta-Sierra
9c9561bce8 fix metasploit desc in value (ty cvandeplas) 2023-05-15 10:23:05 +02:00
Delta-Sierra
d202ed9f3f Merge https://github.com/MISP/misp-galaxy 2023-05-15 09:54:25 +02:00
Delta-Sierra
a3fffacab3 add APT43 + tools 2023-05-15 08:41:17 +02:00
Christophe Vandeplas
02c50184bf
chg: [attck4fraud] Full merge of E.A.S.T. data + updated script 2023-05-13 09:50:14 +02:00
Christophe Vandeplas
1d9f59eb2d
chg: [attck4fraud] more manual updates with E.A.S.T. data 2023-05-13 08:43:21 +02:00
marjatech
21266365da update malpedia 2023-05-11 14:34:41 +02:00
810cbe5b49
chg: [sigma] updated to the latest version 2023-05-11 10:27:48 +02:00
a27fda701b
Merge pull request #849 from danielplohmann/patch-34
adding APT43 (Mandiant) for Kimsuky.
2023-05-09 18:29:34 +02:00
Daniel Plohmann
094d56057c
adding APT43 (Mandiant) for Kimsuky. 2023-05-09 14:35:41 +02:00
Thomas Dupuy
bbbd006215 chg: [mitre] bump to v13. 2023-05-08 14:04:50 +00:00
Christophe Vandeplas
3c808921c3
chg: [attck4fraud] initial updates with E.A.S.T. data
https://www.association-secure-transactions.eu/industry-information/fraud-definitions/
2023-05-07 21:13:52 +02:00
c86c2a83ab
chg: [sigma] rules updated 2023-04-30 10:30:54 +02:00
3dff8e65cb
Merge pull request #847 from Delta-Sierra/main
add VEILEDSIGNAL and more
2023-04-27 17:21:35 +02:00
Delta-Sierra
1649c3dfca Merge https://github.com/MISP/misp-galaxy 2023-04-27 10:04:30 +02:00
Delta-Sierra
bd050668ef add VEILEDSIGNALand more 2023-04-27 09:53:49 +02:00
Sebastien Larinier
ddc285581d Update threat-actor.json 2023-04-26 21:52:57 +02:00
Sebastien Larinier
d60cca9302 Update threat-actor.json
fix mistake
2023-04-26 21:46:33 +02:00
Sebastien Larinier
142d4aeaef Update threat-actor.json 2023-04-26 14:26:48 +02:00
095c44e2ac
chg: [attck4fraud] add ATM cash trapping in the matrix 2023-04-26 07:48:29 +02:00
Jürgen Löhel
15297c7b5f
chg [threat-actors] Add RedGolf
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-04-24 16:59:18 -06:00
Christophe Vandeplas
79b80b0869
chg: [rels] more threat actor relations 2023-04-23 17:54:58 +02:00
Christophe Vandeplas
3c6c204f01
chg: [rels] more threat actor relations 2023-04-23 17:45:58 +02:00
Christophe Vandeplas
138c7c7ba8
chg: [rels] more relations on cluster "value" 2023-04-23 17:36:02 +02:00
Christophe Vandeplas
bf7c5f1dd9
chg: [rels] threat-actor & MS activity group - on synonym 2023-04-23 11:56:41 +02:00
Christophe Vandeplas
a5e7e0c95f
chg: [rels] threat-actor & MS activity group - on value 2023-04-23 11:55:57 +02:00
Christophe Vandeplas
f070943ee9
chg: [atrm] updated to latest version 2023-04-23 07:45:16 +02:00
adc7a70cf9
chg: [microsoft-activity-group] country code added 2023-04-21 07:39:37 +02:00
8688c41796
chg: [microsoft activity group] remove duplicate 2023-04-20 17:25:32 +02:00
592361826a
fix: [microsoft activity group] duplicate in Microsoft source 2023-04-20 17:20:57 +02:00
309f4f2ea5
chg: [microsoft-activity-group] updated following contribution from @botlabsDev script 2023-04-20 17:04:05 +02:00
2cc6bdfbc1
chg: [sigma] rules updated 2023-04-20 12:17:46 +02:00
Sebastien Larinier
862badf2c9 Update threat-actor.json 2023-04-19 17:41:44 +02:00
Sebastien Larinier
1c751b1ea8 Update threat-actor.json 2023-04-19 17:34:50 +02:00
Sebastien Larinier
165ce70a28
Merge branch 'MISP:main' into main 2023-04-19 16:48:02 +02:00
Sebastien Larinier
87ef0a400e Update threat-actor.json 2023-04-19 15:42:14 +02:00
Sebastien Larinier
a77dc82c0a Update threat-actor.json
new apt30 group
2023-04-19 15:35:36 +02:00
Delta-Sierra
063ac9fc71 jq? 2023-04-19 15:10:25 +02:00
Delta-Sierra
ecb7e79a6e Merge https://github.com/MISP/misp-galaxy 2023-04-19 15:06:51 +02:00
Tobias Mainka
8d2b9537f1
replace "sector" tag with "country" for matching data. this allows to be confirm with existing clusters. 2023-04-19 12:38:37 +02:00
Sebastien Larinier
926035633f
Merge branch 'MISP:main' into main 2023-04-19 11:55:57 +02:00
ccc8f0f801
chg: [microsoft-activity-group] updated to map the new funky Microsoft "taxonomy"
Script to generate the cluster is the following, UUIDv5 based on
standard misp-stix source UUIDv4.

~~~python
lcluster = []
for v in data:
    cluster = {}
    cluster['value'] = v['threat_actor']
    cluster['meta'] = {}
    cluster['meta']['sector'] = v['sector']
    cluster['meta']['synonyms'] = v['synonyms']
    cluster['meta']['refs'] = []
    cluster['meta']['refs'].append('https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide')
    _uuid = uuid.uuid5(uuid.UUID("76beed5f-7251-457e-8c2a-b45f7b589d3d"), "{}".format(cluster['value']))
    cluster['uuid'] = str(_uuid)
    lcluster.append(cluster)
~~~

Relationships might be added in a later stage to map with the MISP threat actor galaxy.
2023-04-19 10:47:11 +02:00
Daniel Plohmann
41afab1c06
adding Trend Micro alias Earth Smilodon for APT27 2023-04-18 20:11:57 +02:00
Delta-Sierra
6b8994271e add relationships for HALFRIG & QUATTERRIG 2023-04-18 12:20:20 +02:00
Daniel Plohmann
02e23a9a47
adding Google alias HOODOO for APT41 2023-04-17 22:32:50 +02:00
Delta-Sierra
4a4fa6d16f fix versions 2023-04-17 11:32:51 +02:00
Delta-Sierra
6d5df91efa add relationship SNOWYAMBER & Notion 2023-04-17 11:31:48 +02:00
Delta-Sierra
233a066a03 Merge https://github.com/MISP/misp-galaxy 2023-04-17 11:16:23 +02:00
Delta-Sierra
d4225c5469 add some SNOWYAMBER relationships 2023-04-17 11:16:21 +02:00
91af071bae
new: [online-service] online service added 2023-04-17 10:59:18 +02:00
5f9760923f
Merge pull request #838 from Delta-Sierra/main
Adding SNOWYAMBER, HALFRIG, QUARTERRIG tools & PowerMagic backdoor
2023-04-14 16:03:57 +02:00
Delta-Sierra
8e9880d932 Add SNOWYAMBER, HALFRIG, QUARTERRIG tools 2023-04-14 15:59:42 +02:00
Delta-Sierra
c5590ff79a add PowerMagic backdoor 2023-04-13 14:11:36 +02:00
Daniel Plohmann
a966b3ff88
adding Trend Micro alias Earth Preta for Mustang Panda 2023-04-12 16:59:36 +02:00
2763cdd72b
chg:[sigma] Sigma rules updated 2023-04-12 11:44:43 +02:00
Delta-Sierra
8c831d70c8 jq 2023-04-11 15:06:59 +02:00
Delta-Sierra
d30e7357fe merge 2023-04-11 13:57:30 +02:00
Delta-Sierra
eb9254713a Add more ransomwares from ransomlook 2023-04-11 13:56:29 +02:00
3cc7e03af6
new: [stealer] add Sordeal Stealer 2023-04-11 09:54:02 +02:00
cbf12d9289
Merge pull request #833 from jloehel/HinataBot
chg[botnet]: Add HinataBot
2023-04-04 10:17:07 +02:00
Jürgen Löhel
647fc025d7
chg[botnet]: Add HinataBot
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-04-03 11:19:08 -06:00
15a03e877e
chg: [sigma] updated 2023-03-29 10:33:57 +02:00
Sebdraven
8713618777 Update threat-actor.json
add new ref for sidecopy
2023-03-23 09:13:23 +01:00
Sebdraven
f5d68aa08d Update threat-actor.json
delete ref to APT30 for Naikon
2023-03-23 08:49:17 +01:00
Sebdraven
d5843d46e2 Update threat-actor.json
add ref to Aoqin Dragon
2023-03-21 18:40:10 +01:00
122a0bd39b
fix: [ransomware] fix duplicate Value "Cuba" 2023-03-19 11:03:12 +01:00
f2305dc165
Merge pull request #829 from Delta-Sierra/main
update based on ransomlook+1
2023-03-16 19:18:54 +01:00
Delta-Sierra
12f69a6082 update based on ransomlook 2023-03-16 15:24:44 +01:00
Mathieu Beligon
d82ff1ecfb [threat-actors] Add Anonymous Sudan 2023-03-15 17:38:03 -05:00
Daniel Plohmann
c39b46e9d5
Update threat-actor.json
when value "Sofacy" was changed to "APT28", it seems Sofacy was not added to aliases, so it's missing right now.
2023-03-15 14:55:25 +01:00
Delta-Sierra
74390b27c5 Merge https://github.com/MISP/misp-galaxy 2023-03-13 09:59:04 +01:00
Delta-Sierra
c4eca7dfe1 more from ransomlook 2023-03-13 09:59:00 +01:00
Jürgen Löhel
9f9a263394
chg [tool]: Add tools used by TA866 during the Screentime campaign
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-03-08 21:46:11 -06:00
Jürgen Löhel
031a4c8030
chg [stealer]: Add Rhadamanthys
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-03-08 21:45:39 -06:00
Jürgen Löhel
437d4a30e5
chg [tds]: Add 404 TDS
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-03-08 21:45:13 -06:00
Jürgen Löhel
2d30785af5
chg [threat-actors] Add TA866
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-03-08 21:44:16 -06:00
57f3e46273
chg: [sigma] updated 2023-03-07 12:14:48 +01:00
e7b97edaa4
chg: [ransomware] fixing duplicate cluster element Avaddon 2023-03-07 12:06:56 +01:00
6db5b0b0cb
Merge pull request #824 from Delta-Sierra/main
update based on ransomlook
2023-03-06 16:23:48 +01:00
Delta-Sierra
bed6bf8dd6 fix stupid duplicate-bis 2023-03-06 16:10:23 +01:00
Delta-Sierra
d561350f7b fix stupid duplicate 2023-03-06 16:04:28 +01:00
Delta-Sierra
96cb1e22ba update based on ransomlook 2023-03-06 15:55:46 +01:00
Mathieu Beligon
395ffda94f [threat-actors] bump version 2023-03-02 10:29:52 -08:00
Mathieu Beligon
e1407c3c3f [threat-actors] Add SLIPPY SPIDER alias to LAPSUS 2023-03-02 10:29:29 -08:00
Mathieu Beligon
4bbee8c1e7 [threat-actors] Add PROPHET SPIDER 2023-03-02 10:19:24 -08:00
Mathieu Beligon
61cb24a3fc [threat-actors] Add Nemesis Kitten 2023-03-01 16:37:42 -08:00
Mathieu Beligon
84faa3c92b [threat-actors] Add Karakurt 2023-03-01 16:34:03 -08:00
Mathieu Beligon
7d371b4c80 [threat-actors] Add CYBORG SPIDER alias to GOCLD BURLAP 2023-03-01 15:45:41 -08:00
Mathieu Beligon
fa57354471 [threat-actors] Add Chamelgang 2023-03-01 15:40:23 -08:00
Mathieu Beligon
bff978e4d1 [threat-actors] Add TA453 2023-03-01 15:24:55 -08:00
Mathieu Beligon
3406ad3aa9 [threat-actors] Add APT42 2023-03-01 15:18:53 -08:00
Mathieu Beligon
2567d6f1f8 [threat-actors] Add TA406 2023-03-01 15:01:22 -08:00
Rony
50624af741 add DEV-0147 https://twitter.com/MsftSecIntel/status/1625181255754039318 2023-02-25 20:18:09 +00:00
Rony
cf727f034c
add other actor synonyms from Google's report https://services.google.com/fh/files/blogs/google_fog_of_war_research_report.pdf 2023-02-26 01:05:50 +05:30
Delta-Sierra
27f4c9fcdc synonyms must be an array 2023-02-23 14:26:20 +01:00
Delta-Sierra
0ca7675a5f Merge https://github.com/MISP/misp-galaxy 2023-02-23 14:16:00 +01:00
Delta-Sierra
55725c771e add/update ransomware based on ransomlook 2023-02-23 14:15:09 +01:00
Tom King
e52eefa0e7 chg: [mitre] updated with correct ID parsing 2023-02-21 10:36:37 +00:00
Christophe Vandeplas
9f73ff73ac fix: [first-dns] corrected typo 2023-02-21 10:54:30 +08:00
Christophe Vandeplas
e2f2026fea chg: [first-dns] Adds FIRST DNS Abuse Techniques Matrix 2023-02-21 10:26:46 +08:00
Christophe Vandeplas
a6a9a73ae5 chg: [360net] updated to latest online version 2023-02-20 20:03:36 +08:00
6460fde2e4
chg: [threat-actor] version updated 2023-02-16 14:43:45 +01:00
Daniel Plohmann
91255413d8
adding Google names for RU threat actors
https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/
2023-02-16 14:30:05 +01:00
73bd7d0983
Merge pull request #818 from Mathieu4141/threat-actors/proofpoint-aliases
[threat actors] Adding some actors from ProofPoint
2023-02-14 06:40:22 +01:00
Mathieu Beligon
9f09699047 [threat-actors] Fix: country was in the wrong place 2023-02-13 16:47:38 -08:00
Mathieu Beligon
ac067a236e [threat-actors] fix: Add missing uuids 2023-02-13 16:36:41 -08:00
Mathieu Beligon
a792115dd8 fix 2023-02-13 16:26:10 -08:00
Mathieu Beligon
8193b05e14 [threat-actors] bump version 2023-02-13 14:18:58 -08:00
Mathieu Beligon
d34e894d2d [threat-actors] Add TA2536 2023-02-13 13:45:41 -08:00
Mathieu Beligon
20c31a5d10 [threat-actors] Add TA577 2023-02-13 13:32:24 -08:00
Mathieu Beligon
e836a4a63c [threat-actors] Add TA575 2023-02-13 12:02:32 -08:00
Mathieu Beligon
c52ac53765 [threat-actors] Add TA570 2023-02-13 11:54:47 -08:00
Mathieu Beligon
5f274f58c9 [threat-actors] Add Moskalvzapoe 2023-02-13 11:44:59 -08:00
Daniel Plohmann
62256854bc
adding Broadcom name for SaintBear. 2023-02-13 14:05:35 +01:00
Mathieu Beligon
33ff650327 [threat-actors] Add more information about NoName057(16) 2023-02-10 14:14:52 -08:00
9645b9348b
chg: [tools] TgToxic added 2023-02-09 16:24:45 +01:00
o1mate
239883e2a9 Merging the handguns and shotguns clusters into a single firearm cluster. 2023-02-06 03:28:49 -05:00
385826063b
chg: [sigma] updated to the latest version 2023-02-05 11:26:16 +01:00
Daniel Plohmann
9710e09e17
new APT29 name used by Recorded Future
cf. https://go.recordedfuture.com/hubfs/reports/cta-2023-0127.pdf
2023-02-02 11:46:50 +01:00
3d6ec1b187
chg: [sigma] updated to the latest version 2023-02-02 11:25:19 +01:00
Jürgen Löhel
cf492d9931
chg: [stealer] Adds Album Stealer
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-02-01 17:30:56 -06:00
033895b052
Merge pull request #812 from jloehel/boldmove
chg: [backdoor] Adds BOLDMOVE
2023-01-31 06:24:59 +01:00
Jürgen Löhel
c7c2b8441a
chg: [stealer] Removes BluStealer
The BluStealer is already in the malpedia cluster.

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-01-30 18:35:28 -06:00
Jürgen Löhel
ca635cc3fc
chg: [stealer] Adds DarkCloud and BluStealer
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-01-30 18:29:25 -06:00
Jürgen Löhel
33513241bd
chg: [backdoor] Adds BOLDMOVE
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-01-30 16:39:11 -06:00
150e3152cc
Merge pull request #809 from MISP/dev
Updated the `region` cluster
2023-01-27 15:08:16 +01:00
b7543c5012
Merge pull request #789 from Mathieu4141/threat-actors/fix-sectorj04
[threat-actors] Remove SectorJ04 duplicate
2023-01-27 15:05:37 +01:00
Mathieu Beligon
a452263ace [threat-actors] pr.review: Add SectorJ04 as alias of TA505 2023-01-27 13:32:58 +01:00
o1mate
0b661d4f80 Added two new galaxies : An ammunition galaxy containing a list of known sold ammunitions ordered by brands, and a firearm galaxy containing two clusters (handguns, shotguns) scrapped from a famous vendor and ordered by model name (Format : Model name - SKU). 2023-01-26 08:34:38 -05:00
Delta-Sierra
89bb349184 Merge https://github.com/MISP/misp-galaxy 2023-01-26 11:46:14 +01:00
Delta-Sierra
0bb1f48ad6 fix missing brackets 2023-01-25 14:47:22 +01:00
e87d39e3f4
fix: [region] JQed all the things !! 2023-01-25 09:24:52 +01:00
Delta-Sierra
50ca40e408 add Anubis & Godfather android banking trojans 2023-01-25 09:05:19 +01:00
51610df907
chg: [region] Updated the region Galaxy Cluster
- Added missing entry (Antarctica)
- Ordered the `subregions` meta field
2023-01-24 22:53:54 +01:00
ofenomeno
cb8d700e62 adding uavs 2023-01-24 19:55:46 +01:00
2f0dfc7656
chg: [sigma] updated 2023-01-23 10:10:46 +01:00
4a342354f9
chg: [sigma] updated 2023-01-20 13:58:11 +01:00
5c21588d7c
add: [country] Manually added the missing relations to some country cluster values
- The previous commit (071ecb8) that added the
  mahority of relations between countries and
  regions were automatically added based on the
  country names specified in the `region` cluster.
  The relations added here are the remaining
  countries that are not litterally defined the
  same way they are in the `region` cluster
2023-01-16 22:22:42 +01:00
325f51479b
chg: [country] Clarified the US cluster value 2023-01-16 22:20:30 +01:00
071ecb8a52
add: [country] Added references between country cluster values and the related region they're located in, from the region galaxy cluster 2023-01-16 21:35:22 +01:00
323f9f47a1
chg: [sigma] version must be an integer 2023-01-12 16:45:21 +01:00
fd226d47a2
chg: [sigma] new version of the cluster 2023-01-12 14:10:22 +01:00
c0fdfb0e99
chg: [sigma] updated with latest version + new relationship script 2023-01-12 13:46:31 +01:00
e54366fb87
chg: [threat-actor] added the missing synonyms 2023-01-10 15:55:30 +01:00
187701bacb
chg: [sigma] regenerated from the test script (also updated the script
to ensure UUID consistency for the galaxy)
2023-01-06 15:36:33 +01:00
9955401791
chg: [sigma] jq all the things 2023-01-06 15:13:35 +01:00
8539361df5
Merge branch 'main' of https://github.com/jstnk9/misp-galaxy into jstnk9-main 2023-01-06 15:11:27 +01:00
jstnk9
5bcec1d72f
Merge branch 'MISP:main' into main 2023-01-03 11:10:49 +01:00
Jürgen Löhel
d4debd619b
chg: [ransomware] Extends the entry for JCrypt
* Add the reference to MafiaWare666 based on the latest research from
  the Avast Threat Lab: https://decoded.avast.io/threatresearch/decrypted-mafiaware666-ransomware/
* Add more infos from Andrew Ivanovs the great blog post: https://id-ransomware.blogspot.com/2020/12/jcrypt-ransomware.html

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-12-23 01:44:20 -06:00
Delta-Sierra
3f4edb480b add Malteiro 2022-12-16 16:43:50 +01:00
jstnk9
cb19f6bda7 galaxy for sigma rules 2022-12-09 08:48:54 +01:00
Delta-Sierra
5931f51d7a add TAG-53 2022-12-08 11:31:02 +01:00
Delta-Sierra
3ea2d62a83 Version Update 2022-11-28 16:27:54 +01:00
Delta-Sierra
6016b1000c Merge https://github.com/MISP/misp-galaxy 2022-11-28 16:17:08 +01:00
Delta-Sierra
5d83563e0e Fix Duplicate 2022-11-28 16:15:40 +01:00
Delta-Sierra
6c36295318 Update several RAT & Ransomwares 2022-11-28 16:13:38 +01:00
de12f46ba6
chg: [mitre] updated 2022-11-28 12:48:29 +01:00
fda4160bed
chg: [target-information] fix the duplicate 2022-11-24 15:08:16 +01:00
f15e4ed3bc
chg: [target-information] duplicate removal 2022-11-24 15:05:47 +01:00
1d9a73abdd
chg: [target] fix duplicate synonyms 2022-11-24 15:03:18 +01:00
e3126ef857
fix: [clusters] Fixed some other few meta field names 2022-11-24 09:17:28 +01:00
823124d422
fix; [mitre-ics-assets] Fixed some refs meta field names 2022-11-23 20:44:46 +01:00
493a5bf94e
fix: [target-information] Fixed synonyms meta field name 2022-11-23 20:40:35 +01:00
5c979ae554
fix: [tool] Houdini relationship to something which exist (ok I know it's Houdini) 2022-11-22 15:19:40 +01:00
0b6034d9be
Merge pull request #800 from Delta-Sierra/main
Add ransomwares
2022-11-22 15:11:42 +01:00
8947d0035b
fix: [sigma rules] until new the PR and tool is done for sigma. The
galaxy is removed.
2022-11-22 15:08:17 +01:00
Delta-Sierra
5f0d7f6d68 add VJw0rm description 2022-11-22 14:55:10 +01:00
Delta-Sierra
f4abf37b01 fix versions 2022-11-22 12:45:15 +01:00
Delta-Sierra
c02b74f999 merge 2022-11-22 12:43:18 +01:00
Delta-Sierra
ffc68b9b8f add several ransomwares 2022-11-22 12:40:47 +01:00
Delta-Sierra
e316382b8a add qakbot ref 2022-11-22 12:06:03 +01:00
Delta-Sierra
8bf6d73d66 add BazarCall campaign 2022-11-22 09:08:28 +01:00
Delta-Sierra
3c7230e38e add Bazarbackdoor Synonyms 2022-11-22 09:00:04 +01:00
Thomas Dupuy
be7450494e Add Evasive Panda Threat Actor 2022-11-18 16:38:11 +00:00
4844a7021c
chg: [sigma] duplicate value changed 2022-11-18 14:36:02 +01:00
c41b99d8b9
fix: [sigma] remove duplicate references 2022-11-18 14:21:27 +01:00
59f5fc5f76
Merge branch 'main' of github.com:MISP/misp-galaxy into main 2022-11-18 14:18:29 +01:00
7d4011a0a2
chg: [sigma] jq all the things 2022-11-18 14:17:52 +01:00
Terrtia
e3b6e9d229
fix: [handicap] fix galaxy icon + name + type 2022-11-17 15:16:05 +01:00
9b8619bbbe
Merge branch 'main' of https://github.com/jstnk9/misp-galaxy into jstnk9-main 2022-11-16 11:07:50 +01:00
Jürgen Löhel
f595195cd2
chg: [botnets] Adds KmsdBot
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-11-15 18:10:39 -06:00
Jstnk9
473f1a13aa galaxy related to sigma rtules
galaxy related to sigma rtules
2022-11-15 22:56:18 +01:00
Delta-Sierra
2269f4decd fix tool type 2022-11-15 13:56:53 +01:00
Delta-Sierra
9fc65c0e34 version fix 2022-11-15 13:37:02 +01:00
Delta-Sierra
91d535925f version fix 2022-11-15 13:36:49 +01:00
Delta-Sierra
3837058ab1 merge 2022-11-15 12:54:03 +01:00
Delta-Sierra
d020efd276 add raspberry Robin worm & others 2022-11-15 11:57:10 +01:00
b787bbeb23
Merge pull request #792 from nyx0/main
Add RomCom TA.
2022-11-05 07:50:20 +01:00
3b196f8361
Merge pull request #791 from Mathieu4141/threat-actors/add-phosphorus-alias-to-apt-35
[threat-actors] Add Phosphorus in APT35 aliases
2022-11-05 07:49:55 +01:00
Thomas Dupuy
9ac53e5d5e Add RomCom TA. 2022-11-04 02:34:10 +00:00
6c4da5dd55
Merge pull request #790 from Mathieu4141/threat-actors/fix-dust-storm
[threat-actors] Remove DustStorm alias from APT10
2022-11-03 11:35:20 +01:00
52a6fff6a2
Merge pull request #788 from Mathieu4141/threat-actors/fix-cobalt-dickens
[threat-actors] Remove cobalt dickens duplicate
2022-11-03 11:27:08 +01:00
3b4dcd6ad3
Merge pull request #787 from Mathieu4141/threat-actors/fix-subaat-duplicate
[threat-actors] Remove subaat duplicate
2022-11-03 11:26:21 +01:00
Mathieu Beligon
8a9dd47f8f [threat-actors] Add Phosphorus in APT35 aliases 2022-11-02 23:49:22 -07:00
Mathieu Beligon
21d4292faf [threat-actors] Remove DustStorm alias from APT10 2022-11-02 23:31:31 -07:00
Mathieu Beligon
e61733591f [threat-actors] Remove SectorJ04 duplicate 2022-11-02 20:30:40 -07:00
Mathieu Beligon
9f0869097a [threat-actors] Remove cobalt dickens duplicate 2022-11-02 18:09:42 -07:00
Mathieu Beligon
e3e5560e37 [threat-actors] Remove subaat duplicate 2022-11-02 17:57:47 -07:00
Mathieu Beligon
5801bbcfc1 [threat-actors] Remove Skeleton Spider duplicate 2022-11-02 17:38:07 -07:00
015650c6d7
chg: [mitre-attack] updated to version 12.0 2022-11-01 22:39:33 +01:00
Delta-Sierra
9952366667 add Prynt Stealer & variants 2022-10-14 16:03:45 +02:00
Delta-Sierra
355025eb5b fix metadata in wrong slot 2022-10-04 13:28:42 +02:00
Delta-Sierra
e5b3062912 add Volatile Cedar synonym 2022-10-03 16:06:13 +02:00
Thomas Dupuy
4bcf80f01b Add SharPyShell tool. 2022-10-02 22:00:54 +00:00
409c82f40c
Merge pull request #781 from Mathieu4141/threat-actors/fix-neodymium
[threat-actors] Fix G0055 (NEODYMIUM) alias
2022-09-30 06:39:31 +02:00
588184bacd
Merge pull request #780 from Mathieu4141/threat-actors/fix-svmondr
[threat-actors] Remove SVCMONDR duplicate
2022-09-30 06:38:56 +02:00
800006e6ab
Merge pull request #778 from Mathieu4141/threat-actors/fix-malware-reuser-duplicate
[threat-actors] Fix Volatile Cedar and Dancing Salome conflicts
2022-09-30 06:37:15 +02:00
Mathieu Beligon
74c6835d18 [threat-actors] Fix G0055 (NEODYMIUM) alias 2022-09-29 17:16:57 -07:00
Mathieu Beligon
a740e35687 [threat-actors] Remove SVCMONDR duplicate 2022-09-29 16:11:19 -07:00
Mathieu Beligon
5994fa4160 [threat-actors] Fix Volatile Cedar and Dancing Salome conflicts 2022-09-29 14:51:38 -07:00
Mathieu Beligon
4f47e6e2d3 [threat-actors] Equation group: separate from Lamberts and add tools 2022-09-29 11:28:54 -07:00
Thomas Dupuy
c66d6823a1 Add APT-Q-12 Threat Actor. 2022-09-29 02:30:41 +00:00
c3b65a2d15
chg: [threat-actor] JSON fix 2022-09-27 08:18:13 +02:00
067e449a41
Merge branch 'main' of https://github.com/nyx0/misp-galaxy into nyx0-main 2022-09-27 08:17:41 +02:00
Christophe Vandeplas
e259458d5a chg: [mitre] bump to v11.3 2022-09-27 07:30:13 +02:00
Thomas Dupuy
bfd1812cef Add Void Balaur. 2022-09-27 00:11:20 +00:00
eacab6ca27
new: [malpedia] remove duplicate UUIDs objects (coming from Malpedia API) 2022-09-26 10:58:09 +02:00
7cd322640f
Merge pull request #771 from Delta-Sierra/main
fetch malpedia
2022-09-26 10:07:24 +02:00
Delta-Sierra
a611230bef fetch malpedia 2022-09-26 09:23:07 +02:00
Mathieu Beligon
22a39f4fdc [threat-actors] Add BITWISE SPIDER 2022-09-20 11:23:33 -07:00
9b8b51fe53
Merge pull request #769 from Mathieu4141/threat-actors-add/no-name-057-06
[threat-actors] Add NoName057(16)
2022-09-17 07:43:42 +02:00
2f169e4258
Merge pull request #766 from Mathieu4141/threat-actors/fix-ta505
[threat-actors] Clean TA505 aliases
2022-09-17 07:43:18 +02:00
Mathieu Beligon
580d2c6931 [threat-actors] Add NoName057(16) 2022-09-16 20:11:06 -06:00
30cb4e7e60
Merge pull request #768 from Delta-Sierra/main
New clusters
2022-09-16 06:40:43 +02:00
Delta-Sierra
8202a7f48f Add PlugX ref 2022-09-15 15:39:47 +02:00
Delta-Sierra
0903300b75 Add Chisel 2022-09-15 13:24:49 +02:00
Delta-Sierra
021fcd2c91 add Lorenz ransomware 2022-09-15 10:29:46 +02:00
1c8d82cfcc
new: [threat-actor] hezb added 2022-09-14 11:00:33 +02:00
Christophe Vandeplas
b011ddee5b fix: [360net] fixes null entries in lists 2022-09-13 22:12:51 +02:00
Christophe Vandeplas
c5a5fa7cfa chg: [360net] add 360.net APT list fixes #764 2022-09-13 21:48:16 +02:00
Mathieu Beligon
e1f5d3b5d8 [threat-actors] Keep meta from old Xenotime 2022-09-13 11:40:17 -07:00
Mathieu Beligon
4ff0bdfe8e [threat-actors] Clean TA505 aliases 2022-09-13 11:34:02 -07:00
Delta-Sierra
e3d88f45c6 add Dark.IoT 2022-09-13 13:35:55 +02:00
Delta-Sierra
6dba3abe13 add hezb 2022-09-13 10:40:00 +02:00
Mathieu Beligon
273c7c9b97 [threat-actors] Remove Xenotime duplicate 2022-09-12 17:10:49 -07:00
Delta-Sierra
705d0d2e72 add BumbleBee backdoor 2022-09-12 10:51:43 +02:00
Delta-Sierra
0440db12e9 add DangerousSavanna campaign 2022-09-07 11:01:23 +02:00
Delta-Sierra
77db2370b1 Add Lockbit synonym 2022-09-07 11:00:41 +02:00
Delta-Sierra
775d3c183b Add Lockbit synonym 2022-09-07 09:26:38 +02:00
Rony
aea413cebf chg: [threat-actor] version bump 2022-09-01 10:32:01 +00:00
Rony
db913e5ab4 fix: [threat-actor] remove duplicate entries 2022-09-01 09:53:11 +00:00
Rony
6aea5ee05c chg: [threat-actor] add Aoqin Dragon 2022-09-01 09:46:43 +00:00
Rony
fb0cf3c7e5 chg: [threat-actor] miscellaneous updates 2022-09-01 09:17:31 +00:00
Daniel Plohmann
d18f5bc8b6
mini-fix: adding https protocol to a reference
in automated processing and display, this may otherwise lead to a malformed local / relative link.
2022-08-30 17:08:03 +02:00
5175fb0364
Merge pull request #760 from Delta-Sierra/main
Add GootLoader & MOUSEISLAND in tool
2022-08-29 12:02:55 +02:00
Rony
e7178a1e08 fix: [threat-actor] remove duplicate entries from APT9 2022-08-27 12:54:32 +00:00
Rony
27300c6381 chg: [threat-actor] add avast blog to APT40 2022-08-27 12:41:31 +00:00
Rony
7f526e230b chg: [threat-actor] add Microsoft and PwC report to actors' references 2022-08-27 12:34:36 +00:00
Rony
6ad9699a38 chg: [threat-actor] add recorded future reference to RedAlpha 2022-08-27 12:10:51 +00:00
Rony
2dc138ae01 chg: [threat-actor] add Adam Kozy's testimony ro APT41 and APT26 2022-08-27 12:08:11 +00:00
Rony
0b140b7097 chg: [threat-actor] miscellaneous updates including merge of some actors and fix the error committed in 9cfcc0d9ac 2022-08-27 11:58:03 +00:00
8bea9f3b4b
Merge pull request #755 from Mathieu4141/threat-actors/fix-winnti
[threat-actors] Fix Axiom/Winnti/Suckfly/APT41 conflicts
2022-08-27 08:25:20 +02:00
Mathieu Béligon
9cfcc0d9ac
Add aliases to APT41
Co-authored-by: Rony <rony_123@protonmail.ch>
2022-08-26 14:54:02 -07:00
Mathieu Beligon
6e00329ba6 [threat-actors] Fix aliases 2022-08-26 11:09:29 -07:00
Delta-Sierra
534dacb7fb add GootLoader 2022-08-26 10:12:36 +02:00
Delta-Sierra
d5a9365aae add MOUSEISLAND 2022-08-26 09:23:38 +02:00
Mathieu Beligon
9b714dcd76 [threat-actors] Merge Axiom into APT17 2022-08-25 13:49:07 -07:00
Delta-Sierra
5b3c395f10 jq 2022-08-24 14:27:33 +02:00
Delta-Sierra
cb422c2190 update Guildma 2022-08-24 14:07:01 +02:00
Yosirion95
cda80e5496 Add synonyms to sector.json 2022-08-21 11:09:50 +02:00
9efca4c41b
fix: [threat-actor] UUID reused fixed (UUIDs cannot be reused across different cluster)
Add the missing the relationship for the new UUID
2022-08-21 09:17:56 +02:00
Rony
5b42a09dc2 add PARINACOTA to threat-actor.json
MSTIC names digital crime actors based on global volcanoes
2022-08-20 17:10:15 +00:00
Rony
6fd584fa88 remove APT36/ Transpert Tribe from microsoft-activity-group.json cause we don't know any MSTIC name yet. 2022-08-20 17:06:18 +00:00
6b137ea12c
Merge pull request #749 from Mathieu4141/threat-actors/fix-naikon-cluster
[threat actors] Fix threat actors related to Lotus Panda
2022-08-20 11:46:15 +02:00
Mathieu Beligon
7f82616c10 fix axiom related field 2022-08-19 12:48:40 -07:00
Mathieu Beligon
969f461709 merge into apt41 2022-08-19 12:45:47 -07:00
Christophe Vandeplas
1b69b654a8 chg: [atrm] bump to latest ATRM version 2022-08-19 21:19:23 +02:00
Mathieu Beligon
fd9201e9e0 Merge APT22 and suckfly 2022-08-19 12:16:30 -07:00
Mathieu Beligon
768c94671c Fix hellsing ref 2022-08-19 11:34:16 -07:00
a8b234d694
Merge pull request #753 from Mathieu4141/threat-actors/fix-bronze-president
[threat-actors] Remove duplicated BRONZE PRESIDENT entity
2022-08-19 06:26:11 +02:00
Mathieu Béligon
fcd6faec78
Capitalize override panda alias
Co-authored-by: Rony <rony_123@protonmail.ch>
2022-08-18 20:51:03 -07:00
Mathieu Béligon
54f3ef2831
capitalize lotus panda alias
Co-authored-by: Rony <rony_123@protonmail.ch>
2022-08-18 20:50:32 -07:00
Mathieu Béligon
c9b11553eb
normalize APT30 alias
Co-authored-by: Rony <rony_123@protonmail.ch>
2022-08-18 20:32:44 -07:00
Mathieu Beligon
c1abedb446 Move Lotus Panda alias to Lotus Blossom 2022-08-18 20:21:31 -07:00
Mathieu Beligon
a61ef2a88f [threat-actors] Fix Axiom/Winnti/Suckfly/APT41 conflicts 2022-08-18 17:03:26 -07:00
Mathieu Beligon
84e69ad4be Add DarkCommet as a tool of GoldenRAT 2022-08-18 15:47:04 -07:00
Mathieu Beligon
1acc51a7a6 [threat-actors] Add more data about APT-C-27 2022-08-18 15:44:18 -07:00
Mathieu Beligon
ec988c97d0 [threat-actors] Remove duplicated APT-C-27 2022-08-18 15:34:08 -07:00
Mathieu Beligon
d9046c8619 [threat-actors] Remove duplicated BRONZE PRESIDENT entity 2022-08-18 15:12:18 -07:00
Mathieu Beligon
a046e8094d Merge APT30 and Naikon 2022-08-18 11:36:45 -07:00
Mathieu Beligon
5e4a4c3453 Merge branch 'main' into threat-actors/fix-naikon-cluster 2022-08-18 09:01:36 -07:00
Mathieu Beligon
264e764dfa Remove ATK34 alias 2022-08-18 08:59:04 -07:00
Delta-Sierra
3f036db1e3 add TA558 2022-08-18 15:54:28 +02:00
Mathieu Beligon
71e3e1f3eb Fix ATK aliases 2022-08-17 13:39:43 -07:00
Mathieu Beligon
a6242d4732 Merge branch 'main' into threat-actors/fix-naikon-cluster 2022-08-17 13:37:01 -07:00
Mathieu Beligon
0d6399aa2b Add ATK78 alias for Thrip 2022-08-17 12:04:32 -07:00
Mathieu Beligon
53282255ce Branch out Goblin Panda from Hellsing 2022-08-17 11:55:35 -07:00
Mathieu Beligon
3f50cf0175 Create a tool for Esile 2022-08-17 11:19:30 -07:00
Rony
f608312577 addresses https://github.com/MISP/misp-galaxy/pull/751#issuecomment-1217680586 2022-08-17 08:52:35 +00:00
Rony
ccd10b54f4
remove duplicate reference 2022-08-17 12:49:56 +05:30
Rony
0cec882cc5 merge microcin/sixlittlemonkeys to vicious panda 2022-08-17 07:06:51 +00:00
a373909bb1
Merge pull request #748 from r0ny123/patch-2
Update threat-actor.json
2022-08-17 07:44:46 +02:00
352998a84d
fix: [threat-actor] add missing refs for APT33 including CFR link 2022-08-17 07:40:23 +02:00
Mathieu Beligon
d05b29c1af [threat-actors] Remove duplicate APT33 2022-08-16 17:15:30 -07:00
Mathieu Beligon
9c6f106928 [threat actor] Fix aliases related to Lotus Panda 2022-08-16 16:58:35 -07:00
Rony
5b25b574b3 add uac-0010 references from cert-ua 2022-08-16 10:19:53 +00:00
Rony
370045b01d Merge "red october" and "cloud atlas" to inception framework" 2022-08-16 09:30:29 +00:00
Rony
62b168600f
fix duplicates 2022-08-16 12:15:30 +05:30
Rony
490bc6a05c
fix duplicate 2022-08-16 12:10:27 +05:30
Rony
bbe84c5985
updates to russian actors 2022-08-16 12:07:59 +05:30
Rony
de76aef023
Update threat-actor.json 2022-08-16 10:49:13 +05:30
Rony
f4b63d4514
updates to tianwu 2022-08-16 10:30:33 +05:30
96d31aa8c7
chg: [threat-actor] jq all the things 2022-08-11 17:50:00 +02:00
Thomas Dupuy
ed24dcaf19 Add link for SLIME29. 2022-08-11 15:41:01 +00:00
Thomas Dupuy
912050b9b7 Update commit based on feeback. 2022-08-11 15:20:32 +00:00
Thomas Dupuy
6e0df72ef4 Add Threat Actors from BH Asia22 prez. 2022-08-10 18:53:38 +00:00
Christophe Vandeplas
1369756810 chg: [atrm] Add Azure Threat Research Matrix Galaxy and generation script 2022-08-06 21:19:31 +02:00
Daniel Plohmann
bdaadea58e
removing a leading double quote in a URL. 2022-08-02 18:17:58 +02:00
Daniel Plohmann
bc20a463c8
merging TG2003 / Elephant Beetle into FIN13
as indicated in the respective resources published by the organizations using these aliases.
2022-08-02 14:11:43 +02:00
6427746ad8
Merge pull request #727 from Mathieu4141/threat-actors/merge-cutting-kitten-cleaver
Fix Cleaver aliases
2022-07-27 23:17:42 +02:00
63f5122ad4
Merge pull request #742 from r0ny123/patch-1
Update threat-actor.json
2022-07-27 18:56:47 +02:00
Mathieu Beligon
51aacd6b03 Reduce diff with old version 2022-07-26 23:53:22 -07:00
Mathieu Beligon
acc6ada575 r0ny123.review: Use Cutting Kitten as main value for ITSecTeam 2022-07-26 23:27:39 -07:00
Mathieu Beligon
d815bfa174 Merge remote-tracking branch 'upstream/main' into threat-actors/merge-cutting-kitten-cleaver 2022-07-26 23:22:03 -07:00
Daniel Plohmann
26f6a33695
more aliases from Unit 42 2022-07-26 11:09:33 +02:00
Rony
5a7f3a7207
fix 2022-07-25 17:17:52 +05:30
Rony
8ce0df6eb4
Update threat-actor.json
Merge aquatic panda & earth lusca
2022-07-25 17:15:23 +05:30
6b6398bf2d
fix: [threat-actor] incorrect merge fixed 2022-07-20 18:45:50 +02:00
b4ce9a9453
Merge branch 'main' of https://github.com/r0ny123/misp-galaxy into r0ny123-main 2022-07-20 18:41:27 +02:00
Rony
add6b27466 update 2022-07-20 21:39:33 +05:30
Rony
2b54df56f9 update 2022-07-20 21:32:11 +05:30
Rony
2e045d9c8c chg: [fix] resolve conflict 2022-07-20 21:28:15 +05:30
Daniel Plohmann
5825783a85
removed duplicate UUID for Kinsing
my apologies, looks like I had not rolled a new UUID for one of the entries added...
2022-07-20 17:07:05 +02:00
Rony
932fcf1871 added Red Nue 2022-07-20 15:07:35 +05:30
Rony
082039b3b0 added CN actors from secureworks threat profile
https://www.secureworks.com/research/threat-profiles?filter=item-china and fixed some AKAs
2022-07-20 14:52:58 +05:30
Daniel Plohmann
ed32c508b7
added more Unit 42 aliases / groups 2022-07-20 08:38:03 +02:00
Rony
000bfe92d9 add APT9/Red Pegasus & BRONZE EDGEWOOD/Red Hariasa 2022-07-20 10:04:58 +05:30
Rony
2e8a577b0c add PwC naming to CN actors 2022-07-20 09:45:21 +05:30
Rony
3fabd58416 chg: [threat-actor] fixed 2022-07-19 23:36:30 +05:30
Rony
79c84d3768 add Earth Berberoka, Earth Lusca and Earth Wendigo 2022-07-19 22:42:50 +05:30
Daniel Plohmann
082d506b64
adding new Unit 42 names
First PR: those are the directly mappable names. I will follow up after deconfliction and then with a few new entries.
2022-07-19 08:45:09 +02:00
Daniel Plohmann
240a757826
Update threat-actor.json
adding Predatory Sparrow due to recent events.
2022-07-13 10:02:07 +02:00
cf603e8160
Merge pull request #736 from Delta-Sierra/main
add Qbot
2022-07-12 18:41:33 +02:00
Thomas Dupuy
90da0d798f Set country to LB instead of IR based on operational activity. 2022-07-12 16:21:41 +00:00
Delta-Sierra
b1c853bf42 update version 2022-07-12 15:51:55 +02:00
Thomas Dupuy
1a8835bcae Remove list from POLONIUM TA. 2022-07-12 13:11:11 +00:00
Thomas Dupuy
a86d866534 Add POLONIUM TA. 2022-07-12 12:14:27 +00:00
Delta-Sierra
d40017ae50 add Qbot 2022-07-12 14:03:43 +02:00
Delta-Sierra
6c6355f2ba fix typo 2022-07-12 11:31:08 +02:00
Delta-Sierra
300d608770 jq 2022-07-12 10:54:37 +02:00
Delta-Sierra
71c93f5b24 fix caps typo 2022-07-12 10:53:14 +02:00
Delta-Sierra
4ea34fc5a4 Merge https://github.com/Delta-Sierra/misp-galaxy into main 2022-07-12 10:51:59 +02:00
Delta-Sierra
924eda26ca Add EnemyBot +relationships 2022-07-12 10:49:11 +02:00
Deborah Servili
ca7d524d9c
Merge branch 'main' into main 2022-07-08 16:27:28 +02:00
Delta-Sierra
29aa7b3f69 add Maui ransomware 2022-07-08 14:49:12 +02:00
Delta-Sierra
56a53433f0 add HelloXD ransomware 2022-07-08 12:05:31 +02:00
Delta-Sierra
279b89f6d9 fix duplicate extension-2 2022-07-06 09:38:02 +02:00
Delta-Sierra
67d5f5c7c0 fix duplicate extension 2022-07-06 09:34:11 +02:00
Delta-Sierra
7e37fa0cdd merge + update medusalocker 2022-07-06 09:28:46 +02:00
Delta-Sierra
c2e7ef4fab Update Medusa Locker and others 2022-07-06 08:43:59 +02:00
marjatech
587dc8560b add script to automate malpedia update 2022-07-04 14:24:34 +02:00
Mathieu Beligon
693eed8d78 [threat actor] Break Cleaver aliases into respective entries 2022-07-04 14:05:29 +02:00
marjatech
1212a75cc4 update malpedia 2022-07-04 11:02:02 +02:00
Mathieu Beligon
d63c990dad [threat-actors] Separate ITSecTeam from Cleaver 2022-06-30 14:34:05 +02:00
Mathieu Beligon
b8d4ffdbde Merge Cutting Kitten and Cleaver 2022-06-29 20:15:12 +02:00
Koen Van Impe
0c9aa68db6 Update surveillance-vendor.json 2022-06-22 13:30:55 +02:00
Koen Van Impe
22c2f7b999 Add RCS Lab S.p.A. to surveillance-vendor 2022-06-22 11:20:52 +02:00
Mathieu Beligon
d79c5bd1ab Add ToddyCat Threat actor 2022-06-21 15:12:42 +02:00
Rony
c030fcdab6
chg: [threat-actor] added PwC naming for Indian actors
https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf
2022-06-11 15:46:54 +05:30
Thanat0s
44a99d066a Y en a un peut plus je vous le mets quand meme ? 2022-06-11 04:24:04 -04:00
Thanat0s
57befd7259 jq all the things 2022-06-10 19:12:12 -04:00
Thanat0s
51f98f4706 Attck link + typo on TA551 2022-06-10 18:40:16 -04:00
Thanat0s
f97fee7135 Typo on TA551 2022-06-10 18:38:25 -04:00
Thanat0s
297acc0f5e Add Mitre vs Thales RosettaStone 2022-06-10 18:24:15 -04:00
Rony
e916267c7c
chg: [threat-actor] add reference to bitter & sidewinder group 2022-06-08 23:22:17 +05:30
Christophe Vandeplas
39073004c4 [mitre] bump to MITRE ATT&CK v11.2 2022-05-25 21:03:14 +02:00
Christophe Vandeplas
4a469299fd [mitre] update sorting algo
will make future ATT&CK updates less noisy in the git diff
2022-05-25 21:00:57 +02:00
Mathieu Beligon
dca70783bf [threat-actors] validate file 2022-05-23 11:32:24 +02:00
Mathieu Beligon
c1cfc19871 [threat actors] Remove dead link for sandworm threat actor 2022-05-23 11:30:04 +02:00
Mathieu Beligon
36a1466661 [threat-actors] Add RansomHouse 2022-05-23 11:29:39 +02:00
a838eaf9db
Merge pull request #717 from jloehel/krane
chg: [cryptominers] Adds Krane
2022-05-18 08:17:16 +02:00
Jürgen Löhel
1be9a10ef9
chg: [cryptominers] Adds Krane
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-05-17 14:47:29 -05:00
Jürgen Löhel
9db5d18114
chg: [android] Adds Vulture
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-05-17 14:16:21 -05:00
Rony
2721522e82
chg: [threat-actor] add exotic lily, ta578, ta579 2022-05-14 20:52:15 +05:30
Jürgen Löhel
45da13ce5e chg: [backdoors] Adds BPFDoor
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-05-11 19:06:19 -05:00
fcdc6c86e6
chg: [threat-actor] add TG2003 synomym to Elephant Beetle 2022-05-09 14:24:28 +02:00
9130365e2e
chg: [threat-actor] Elephant Beetle added
Fix #708
2022-05-09 14:23:12 +02:00
bb434b11cf
chg: [threat-actor] ModifiedElephant added
Fix #709
2022-05-09 14:16:01 +02:00
06550a7945
chg: [threat-actor] fix refs field -> it's always an array 2022-05-09 13:46:16 +02:00
b67e3ed3f8
Merge branch 'threatactor-cosmiclynx-add' of https://github.com/adammchugh/MISP-Galaxy-Updates into adammchugh-threatactor-cosmiclynx-add 2022-05-09 13:43:44 +02:00
Rony
c0be6677c2
chg: [threat-actor] added actor Red Menshen
https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf
2022-05-07 15:44:10 +05:30
Rony
11eca69ebc
chg: [threat-actor] added Curious Gorge 2022-05-07 12:40:35 +05:30
Daniel Plohmann
26c1850377
Update threat-actor.json
adding Red Dev 4 as alias for GALLIUM as used by PwC.
2022-05-06 09:47:48 +02:00
Daniel Plohmann
06c293072c
Update threat-actor.json
adding UNC3524 to the actor galaxy cluster.
2022-05-04 13:21:56 +02:00
3c7
0ad65fbe9f
Forgot to jq all the things 2022-04-28 09:42:25 +02:00
3c7
dfb6c0668e
Added SaintBear 2022-04-28 09:36:25 +02:00
Christophe Vandeplas
33476bec81 chg: [mitre] bump to MITRE ATT&CK v11.0 2022-04-25 18:29:57 +02:00
664f6d80cc
chg: [threat-actor] Killnet description added 2022-04-21 15:05:50 +02:00
1e383e2452
chg: [threat-actor] version updated 2022-04-21 14:53:14 +02:00
Mathieu Beligon
c8455a6c4d [actors] Add killnet 2022-04-21 14:06:28 +02:00
Adam McHugh
53a0fc56d3 Added Cosmic Lynx Threat Actor from Agari Whitepaper advisory 2022-04-18 10:16:26 +09:30
bca7381f33
fix: [ransomware] refs are within meta 2022-04-17 15:43:23 +02:00
eb7c5ebaf1
fix: [ransom] remove empty ref 2022-04-17 15:39:02 +02:00
bc696b43f4
chg: [ransomware] jq all the things 2022-04-17 15:35:50 +02:00
00d33fd292
Merge pull request #701 from adammchugh/ransomware-conti-update
Ammended Conti ransomware entry with ACSC 2021-010 advisory data
2022-04-17 15:35:25 +02:00
66744a4cd0
Merge pull request #704 from adammchugh/cryptominers-bluemockingbird-add
Added Cryptominer Blue Mockingbird from RedCanary advisory.
2022-04-17 14:43:59 +02:00
14907e3eef
Merge pull request #703 from adammchugh/threatactor-copypaste-add
Added Copy-Paste Threat Actor from ACSC Advisory 2020-008
2022-04-17 14:43:37 +02:00
Adam McHugh
84eac4b102 Added Cosmic Lynx Threat Actor from Agari Whitepaper advisory 2022-04-17 19:50:08 +09:30
Adam McHugh
f00e80ae7e Added Cryptominer Blue Mockingbird from RedCanary advisory. 2022-04-17 19:44:42 +09:30
Adam McHugh
cff8a38c5f Added Copy-Paste Threat Actor from ACSC Advisory 2020-008 2022-04-17 19:37:26 +09:30
Adam McHugh
622c0502aa Ammended Conti ransomware entry with ACSC 2021-010 advisory data 2022-04-17 19:23:11 +09:30
Adam McHugh
99caab201f Ammended Blackcat ransomware entry with ACSC 2022-004 advisory data 2022-04-17 18:05:24 +09:30
Thomas Dupuy
bd05eb0bba upd: [cluster] add Threat Actor BladeHawk. 2022-04-11 17:03:19 +00:00
Thomas Dupuy
209391f110 upd: [cluster] add ref and synonyms for Energetic Bear. 2022-04-07 18:26:58 +00:00
b649057a5a
chg: [handicap] fixed more fields 2022-04-04 11:09:30 +02:00
aff4345074
chg: [handicap] more cleanup 2022-04-04 11:01:38 +02:00
269f91ad75
chg: [handicap] more clean-up of uuid values 2022-04-04 10:56:29 +02:00
d3d4e7186b
chg: [handicap] fix name of the clusters 2022-04-04 10:43:56 +02:00
7e6390c336
Merge pull request #694 from AgatheMgt/main
Handicap
2022-04-04 10:41:06 +02:00
Rony
a08ddaf548
Add Avivore & HAZY TIGER/Bitter 2022-04-02 01:14:18 +05:30
Rony
50f39edc10
Revert "update threat actors meta" 2022-04-02 00:55:38 +05:30
Delta-Sierra
73f71c8b15 dup 2022-04-01 16:51:27 +02:00
Delta-Sierra
fb557fd3a2 dup 2022-04-01 16:47:50 +02:00
Delta-Sierra
909fc09992 duplicate 2022-04-01 16:44:47 +02:00
Delta-Sierra
7c3e8ac068 fix duplicate 2022-04-01 16:40:40 +02:00
Delta-Sierra
dcc396108c fix duplicate 2022-04-01 16:36:47 +02:00
Delta-Sierra
9257fb677b merge 2022-04-01 16:32:10 +02:00
Delta-Sierra
0f7803b091 update threat actors meta 2022-04-01 16:00:27 +02:00
Sami Mokaddem
4242732af1
chg: jq all 2 2022-03-31 09:05:22 +02:00
Sami Mokaddem
a9a09d11c6
chg: jq all 2022-03-31 08:59:36 +02:00
Mathieu Beligon
c35fad3291 Add threat actor group Scarab 2022-03-28 12:11:34 +02:00
94c3788089
Merge pull request #687 from Badis-dev/main
Add galaxy and cluster cancer
2022-03-25 10:04:46 +01:00
AgatheMgt
aec779d1ee poatate 2022-03-24 09:43:58 -04:00
AgatheMgt
3ce6d7a313
Update handicap.json 2022-03-24 07:48:49 -04:00
AgatheMgt
a6a16926f6
Create handicap.json 2022-03-24 07:08:08 -04:00
Daniel Plohmann
24a3f16ab4
adding threat actor group LAPSUS$ / DEV-0537. 2022-03-23 09:47:10 +01:00
Delta-Sierra
97690426bf update threat actors meta 2022-03-18 16:41:10 +01:00
6f0208dcaf
chg: [ransomware] UUID fixed 2022-03-18 16:03:27 +01:00
ef5af37dbe
chg: [botnet] duplicate UUIDs replaced 2022-03-18 15:58:09 +01:00
c0a07d2246
chg: [ransomware] replace duplicate UUIDs 2022-03-18 15:57:06 +01:00
botlabsDev
6416d0b2de add Rook Ransomware, Pandora Ranomsware, Astro Locker, Mount Locker, Ripprbot, Abcbot Cyclops Blink and Elknot 2022-03-18 15:34:11 +01:00
18069ce5f3
Merge pull request #688 from botlabsDev/patch-0
Add tool 'BadPotato' to clusters/tool.json
2022-03-15 12:30:47 +01:00
7fd5715715
Merge pull request #691 from r0ny123/indian-adversaries
Update to Indian Adversaries
2022-03-15 12:28:16 +01:00
Rony
eebda5f955
chg: [threat-actor] merging viceroy tiger and donot team & adding SectorE02 as an alias of Donot team 2022-03-15 15:02:57 +05:30
Rony
ac72e7b639
fix 2022-03-15 14:00:46 +05:30
Rony
3b67e745e5
Update threat-actor.json 2022-03-15 13:57:00 +05:30
botlabsDev
99ab2a13d6 Add tool 'BadPotato' to clusters/tool.json 2022-03-14 18:02:02 +01:00
Badis-dev
231915f9a4 add galaxy and cluster cancer 2022-03-11 14:20:09 +01:00
Badis-dev
27241135a2
Add cancer.json 2022-03-11 11:26:57 +01:00
Badis-dev
78f1c9f345
Delete cancer.json 2022-03-11 11:26:30 +01:00
Badis-dev
1c707f7c5e
Add cancer cluster 2022-03-11 11:13:57 +01:00
Delta-Sierra
957327383d fix array 2022-03-07 16:10:53 +01:00
Delta-Sierra
a7f3df8a9a merge 2022-03-07 16:04:38 +01:00
Delta-Sierra
8fd3c87b47 update threat actors meta 2022-03-07 15:54:29 +01:00
8e09c9b30c
Merge pull request #685 from danielplohmann/patch-14
adding threat actor "Moses Staff"
2022-03-02 21:43:00 +01:00
Daniel Plohmann
896a451461
fixed with linted JSON. 2022-03-02 21:22:28 +01:00
Daniel Plohmann
a817324cd4
adding threat actor "Moses Staff" 2022-03-02 15:50:39 +01:00
Mathieu Beligon
0b456b8afa version bump -> 213 2022-03-02 14:55:26 +01:00
Mathieu Beligon
d3d241ca54 Update Gamaredon target 2022-03-02 14:55:19 +01:00
Mathieu Beligon
27c05a118e Update GhostWriter 2022-03-02 13:16:20 +01:00
Delta-Sierra
c909a35d65 Merge https://github.com/MISP/misp-galaxy into main 2022-02-18 10:57:10 +01:00
Delta-Sierra
a788c867a7 jq 2022-02-18 10:56:07 +01:00
Delta-Sierra
b0cd884afc add TA2541 2022-02-18 10:54:25 +01:00
Daniel Plohmann
321e4b4a57
another Gamaredon ref and version bump 2022-02-18 08:26:01 +01:00
Daniel Plohmann
254dd47a61
adding ACTINIUM as MSFT name for Gamaredon 2022-02-18 08:24:35 +01:00
Delta-Sierra
33ef3317b7 fix duplicate 2022-02-14 10:02:36 +01:00
Delta-Sierra
9b76d71c43 Merge https://github.com/MISP/misp-galaxy into main 2022-02-14 08:47:21 +01:00
Delta-Sierra
3184819968 add DDG botnet and more 2022-02-11 16:13:36 +01:00
rwe
4700780d47 added antlion APT group 2022-02-05 04:52:33 -08:00
f49b54281b
chg: [ransomware] set encryption only 2022-02-02 22:36:14 +01:00
3328b73185
fix: [ransomware] array end missing 2022-02-02 22:32:39 +01:00
Kevin Holvoet
3d23f98d04
Forgot comma between JSON entries 2022-02-02 18:58:55 +01:00
Kevin Holvoet
389add7580
Update ransomware.json with URL fix
Fixed URL for AlphaLocker
2022-02-02 18:54:31 +01:00
Kevin Holvoet
fa9829cec0
Update ransomware.json: add BlackCat (ALPHV) 2022-02-02 18:50:19 +01:00
Daniel Plohmann
833a6e0a8d
updated URLs for Gamaredon with Shuckworm alias reference 2022-02-02 09:40:10 +01:00
Daniel Plohmann
8f928d8eb3
adding Gamaredon alias Shuckworm used by Symantec 2022-02-02 09:35:53 +01:00
Delta-Sierra
5cf1eb01f4 Merge https://github.com/MISP/misp-galaxy into main 2022-01-31 10:04:07 +01:00
1fda357a03
new: [surveillance] Cytrox added 2022-01-30 11:31:55 +01:00
Jürgen Löhel
22046a1eae
Adds WhisperGate
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-01-18 13:16:06 -06:00
Delta-Sierra
e523bdaf70 merge 2022-01-14 16:08:14 +01:00
Jürgen Löhel
3059c70ae6
Adds UPAS-Kit
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-01-13 11:53:32 -06:00
Thomas Dupuy
c792bdd1b7 Add AQUATIC PANDA threat actor. 2022-01-12 13:51:11 -05:00
Thomas Dupuy
afaf3a3110 Add Motnug tool. 2022-01-12 13:37:59 -05:00
Jürgen Löhel
5aa8a8a8b1
Adds Ragnatela RAT
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-01-10 15:57:10 -06:00
Sami Tainio
dcb87b0dc6 chg: [threat-actor] Add SideCopy 2022-01-07 17:45:41 +02:00
Daniel Plohmann
3094283252
adding Mandiant's FIN13. 2022-01-03 09:32:43 +01:00
eba1b2839f
chg: [concordia] CMTMF killchain typo fixed 2021-12-20 10:41:00 +01:00
Raphaël Vinot
b4d518d4f0 fix: cmtmf-attack-pattern had multiple duplicate UUIDs 2021-12-17 17:58:29 +01:00
12617ff627
chg: [concordia] fix name inconsistencies 2021-12-17 17:41:00 +01:00
69b582f9ba
chg: [concordia] duplicate removed 2021-12-17 17:31:38 +01:00
bc3ab62917
chg: [concordia] duplicate removed 2021-12-17 17:26:04 +01:00
ee2a3c83f4
chg: [concordia] duplicate techniques removed 2021-12-17 17:21:00 +01:00
01d23b61b7
chg: [concordia] typo fixed 2021-12-17 17:15:43 +01:00
01f2ce68d4
chg: [misp-galaxy] duplicate modify trusted environment and also different technique ID? 2021-12-17 17:13:57 +01:00
5becac98e4
chg: [concordia] duplicates removed 2021-12-17 16:51:11 +01:00
ae7b7bd47d
chg: [cmtmf-attack-pattern] various fixes to make JSON ok 2021-12-17 16:08:07 +01:00
7b587710b1
Merge branch 'concordia_mtmf' of https://github.com/BennSaturn/misp-galaxy into BennSaturn-concordia_mtmf 2021-12-17 15:55:03 +01:00
Jürgen Löhel
b81ac7f01d Adds DarkWatchman RAT
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-12-17 07:20:58 -06:00
Delta-Sierra
b8960393a4 add Milan Rat, Shark tool and Lyceum synonyms 2021-11-29 16:00:40 +01:00
Delta-Sierra
bb92427b65 add Lyceum synonyms/sources 2021-11-29 12:05:51 +01:00
Delta-Sierra
78a8cf4ad2 add ESPecter Bootkit 2021-11-19 16:30:57 +01:00
Delta-Sierra
c89623e945 add ESPecter bootkit 2021-11-16 08:17:37 +01:00
Christophe Vandeplas
aeb5719448 chg: [att&ck] update to ATT&CK v10 2021-10-22 14:34:25 +02:00
ab41df7282
chg: [malpedia] remove duplicate 2021-10-20 12:24:12 +02:00
e517787e7c
chg: [malpedia] duplicates removed 2021-10-20 12:21:05 +02:00
69f878c86f
fix: [malpedia] remove duplicate urls 2021-10-20 12:16:22 +02:00
da91f2abc2
chg: [malpedia] updated 2021-10-20 10:21:03 +02:00
marjatech
d74fdb3e43
update malpedia 2021-10-19 16:21:19 +02:00
Bernardo Santos
e74fcfe268 Update cmtmf-attack-pattern.json
- update version
2021-10-13 10:06:00 +02:00
Bernardo Santos
5f19983ba3 Update cmtmf-attack-pattern.json
- Changes to cluster type
- Fix typo for privilege escalation tactic
2021-10-13 09:57:03 +02:00
Bernardo Santos
49dfcca563 CONCORDIA MTMF - Initial version
Initial version of the CONCORDIA Mobile Threat Modelling Framework for the CONCORDIA Project: https://www.concordia-h2020.eu/
2021-10-12 10:54:06 +02:00
Bernardo Santos
d09681b011 CONCORDIA MTMF - Initial version
Initial version of the CONCORDIA Mobile Threat Modelling Framework for the CONCORDIA Project: https://www.concordia-h2020.eu/
2021-10-12 10:45:03 +02:00
Jeroen Pinoy
9ec76ae185
Add threat actor common raven 2021-10-03 23:30:20 +02:00
Thomas Patzke
26f0c344a1 Added O365 techniques
Source:
https://www.inversecos.com/2021/09/office365-attacks-bypassing-mfa.html
2021-09-18 23:27:38 +02:00
Thomas Dupuy
1985de4d44 Add BLUELIGHT tool. 2021-08-27 10:28:06 +02:00
Thomas Dupuy
89a3f986ba Add InkySquid synonym. 2021-08-24 16:29:34 +02:00
Daniel Plohmann
3272960a14
fixed typo in actor name (CLOCKWORD -> CLOCKWORK SPIDER) 2021-08-19 06:02:40 +02:00
Rony
5dd0c7d8b3
chg: [threat-actor] add origin country to UNC2452 & HAFNIUM
addressed https://github.com/MISP/misp-galaxy/pull/660#issuecomment-884475015
2021-08-02 22:30:05 +05:30
Rony
636ccdedcd
Update threat-actor.json 2021-07-21 18:47:56 +05:30
Rony
9ecfecc063
another fix 2021-07-21 18:41:18 +05:30
Rony
32ea60d721
fix 2021-07-21 18:31:05 +05:30
Rony
52e7d5a0a9
multiple updates to apt40, apt31 & hafnium 2021-07-21 18:28:40 +05:30
Rony
fb9a41f8e9
from Gov Canada & MFA Japan 2021-07-19 20:33:35 +05:30
Rony
c90c60cb13
adding references for APT40 & APT31 2021-07-19 20:14:36 +05:30
6c8949caa9
Merge pull request #658 from jasperla/oilrig
merge APT34 with OilRig
2021-07-03 08:56:39 +02:00
Deborah Servili
b6005bd53f
Merge branch 'main' into master 2021-07-02 13:30:51 +02:00
Delta-Sierra
913aff30c3 Add NOBELIUM and related 2021-07-02 13:18:03 +02:00
Jasper Lievisse Adriaanse
792490298e merge APT34 with OilRig
OilRig already has "APT 34" and "APT34" as synonyms. Additionally
MITRE has since combined them due to overlap in activity:
https://attack.mitre.org/groups/G0049/
2021-06-29 20:26:04 +02:00
a5d7d85dc8
Merge pull request #657 from jloehel/add_matanbuchus
[cluster][tool] Adds Matanbuchus
2021-06-22 07:23:20 +02:00
Jürgen Löhel
254c201601
[cluster][tool] Adds Matanbuchus
+ threat actor: BelialDemon

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-06-21 18:04:28 -05:00
Jürgen Löhel
381973f5de
[cluster][stealer] Adds HackBoss
Fixes: #651

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-06-21 16:35:20 -05:00
Thomas Dupuy
772c5145c1 Added BackdoorDiplomacy and Gelsemium. 2021-06-11 11:48:57 -04:00
Rony
9a723b6261
more ta544 references 2021-05-26 20:26:27 +05:30
Rony
db06e1fa4a
chg: [threat-actor] added cybercrime threat group profiles from Crowdstrike & Secureworks 2021-05-22 21:02:30 +05:30
Daniel Plohmann
433ea5cb45
Twisted Spider -> TWISTED SPIDER
fair point
2021-05-19 17:04:58 +02:00
Daniel Plohmann
9719122d27
adding Twisted Spider as alias for TA2101 (Maze) 2021-05-19 16:47:41 +02:00
a3cdbc1309
Merge pull request #650 from Still34/patches/alias-tick-1
Add alias for Tick
2021-05-07 23:23:38 +02:00
Still Hsu
eb671f1e6a
Add Nian alias
Signed-off-by: Still Hsu <dev@stillu.cc>
2021-05-08 00:52:27 +08:00
Still Hsu
fe7c0dab07
Add country origin for BlackTech
Signed-off-by: Still Hsu <dev@stillu.cc>
2021-05-08 00:32:39 +08:00
Daniel Plohmann
38b8bac51d
fixing broken/dead links 2021-05-04 20:15:17 +02:00
6f7d3d5c2b
chg: [ransomware] COLT (Compromise to Leak Time) added on Darkside and Pysa
"COLT – Compromise to Leak Time" - new meta colt-median/colt-average.

For reference: https://vulnerability.ch/2021/05/colt-compromise-to-leak-time/
2021-05-03 07:41:43 +02:00
7aaf25a424
new: [ransomware] Ragnarok added 2021-04-30 12:08:03 +02:00
94ec98d544
Merge pull request #646 from r0ny123/update
Updates to APT27 & Tick
2021-04-29 18:29:53 +02:00
Christophe Vandeplas
86ee7008b2 chg: [att&ck] bump to latest ATT&CK version from MITRE 2021-04-29 18:12:36 +02:00
211a4b5145 fix: [ransomware] Related key should be outside metas 2021-04-26 13:48:06 +02:00
Rony
4ba2db0f3a FlatChestWare duplicate removed 2021-04-26 16:24:09 +05:30
ef9989dbe8
chg: [ransomware] duplicate removed 2021-04-26 12:06:03 +02:00
847d3e8fa7
chg: [ransomware] duplicate removed 2021-04-26 12:01:01 +02:00
f3992ec5f1
chg: [ransomware] duplicates removed 2021-04-26 11:57:21 +02:00
f2703bd03e
chg: [ransomware] Flyper removed 2021-04-26 11:52:28 +02:00
Delta-Sierra
3cae487e3d fix duplicates and add relations 2021-04-26 11:25:39 +02:00
Rony
faed812fc9 Merged STALKER PANDA to Tick 2021-04-25 19:12:20 +05:30
Rony
89b9c0c32c several updates to apt27 2021-04-25 16:53:36 +05:30
Delta-Sierra
0a05621f82 Merge https://github.com/MISP/misp-galaxy 2021-04-19 15:48:58 +02:00
Delta-Sierra
b138354fa5 Removing duplicate 2021-04-19 15:42:49 +02:00
28f6475cc5
chg: [ransomware] first duplicate removed 2021-04-19 15:13:18 +02:00
e7061f90d9
chg: [ransomware] remove duplicate "File-Locker" 2021-04-19 15:08:06 +02:00
ab13dd00f8
Merge pull request #645 from Delta-Sierra/master
Adding ransomware names [WIP 2/3]
2021-04-19 15:03:12 +02:00
Delta-Sierra
f5713a8d87 Removing unexpected line 2021-04-19 14:53:36 +02:00
Delta-Sierra
b7b4b356c3 Adding ransomware names [WIP 3] 2021-04-19 14:47:10 +02:00
Delta-Sierra
fdf1a6c112 Adding ransomware names [WIP 2] 2021-04-19 13:24:25 +02:00
Daniel Plohmann
6eb594a6b0
adding Yanbian Gang as threat actor 2021-04-16 15:12:45 +02:00
Delta-Sierra
f3456a89c5 fix version 2021-04-15 15:08:11 +02:00
Delta-Sierra
4bcd0492bd Adding ransomwares WIP 2021-04-15 15:07:52 +02:00
Daniel Plohmann
2d8e9ea364
Symantec uses Palmerworm as alias for BlackTech
Adding Palmerworm as Symantec alias for BlackTech (with reference).
2021-03-31 22:35:12 +02:00
Thomas Dupuy
a8c62ddeda Add Ghostwriter. 2021-03-31 09:42:40 -04:00
Rony
50f5d2ae4a
reverted changes made into 52ae97718d 2021-03-30 22:19:05 +05:30
sebdraven
ce8a9442eb validation jsons 2021-03-30 13:12:21 +00:00
Sebdraven
52ae97718d Update threat-actor.json
add a synonym to Haffnium
2021-03-30 15:11:09 +02:00
sebdraven
b082977b9f validation ok 2021-03-30 10:22:35 +00:00
Sebdraven
4ed4cebcee Update threat-actor.json
format json
2021-03-30 12:16:22 +02:00
Sebdraven
a62e3ba530 Update threat-actor.json
add redecho threat actor
2021-03-30 12:10:50 +02:00
Jakub Onderka
ca9608da6d fix: Cryptominers type 2021-03-27 22:07:33 +01:00
26b9740e55
chg: [malpedia] jq all the file and removed ref duplicates 2021-03-13 11:00:39 +01:00
Jakob M
f02ce7e805 update to latest
Ref: https://malpedia.caad.fkie.fraunhofer.de/api/get/misp
2021-03-12 10:35:12 +01:00
Delta-Sierra
eff327b4fd fix progress 2021-03-11 14:42:55 +01:00
Delta-Sierra
7c843ac5c2 fix merge & jq 2021-03-11 14:08:29 +01:00
Delta-Sierra
c37befc8a9 merge 2021-03-11 10:35:05 +01:00
855a12a408
chg: [clusters] fixing broken UUID fix #628 2021-03-11 09:54:50 +01:00
f6ed00233e
chg: [ransomware] fix the broken UUID fix #628 2021-03-11 09:52:25 +01:00
Rony
57c7d0b9a0
From Nextron 2021-03-06 19:44:32 +05:30
Rony
6cabbfb091
more! 2021-03-06 14:22:29 +05:30
Rony
7b242555df
More references
From 
Crowdstrike
MSRC
and kql hunting query from James Quinn
2021-03-06 13:28:14 +05:30
Rony
eaab88ef28
add HAFNIUM detection refs 2021-03-05 16:51:28 +05:30
Rony
4bc438a325
fix 2021-03-05 11:48:43 +05:30
Rony
d9b299aafc
add more HAFNIUM references 2021-03-05 11:42:04 +05:30
Rony
c9f7afef1c
Adding alias NOBELIUM 2021-03-04 22:39:33 +05:30
47dade9d0e
Merge pull request #631 from r0ny123/Enhancement
Add HAFNIUM
2021-03-04 14:48:01 +01:00
a9a6b0253f
chg: [microsoft activity group] HAFNIUM added 2021-03-04 10:49:58 +01:00
Rony
ad795606cf
added HAFNIUM
Updates:
Tonto Team
UNC2452
2021-03-04 00:10:33 +05:30
Sebdraven
2666341afc Update threat-actor.json
update Sidewinder card
2021-03-03 17:59:25 +01:00
Thomas Dupuy
f842694fda Update Infy TA. 2021-03-02 14:37:01 -05:00
524676282e
Merge branch 'main' of github.com:MISP/misp-galaxy into main 2021-02-26 08:30:58 +01:00
4692ced8fa
chg: [tool] SUNSPOT added 2021-02-26 08:28:01 +01:00
Delta-Sierra
0e23d8b95f add relationships between Maze, Rgnar, Egregor and Sekhmet 2021-02-25 10:21:28 +01:00
Delta-Sierra
406dfdb45b add Sekhmet ransomware 2021-02-25 09:52:52 +01:00
Delta-Sierra
d273a5da7d add TeamTNT ref 2021-02-25 09:52:24 +01:00
Rony
5c6f3a036b
removing DePrimon
DePrimon is not a TA, added malfamily (waiting for approval) to Malpedia to better reflect that.
2021-02-24 21:55:04 +05:30
Thomas Dupuy
eeafff9768 Add RDAT backdoor 2021-02-23 11:15:31 -05:00
Delta-Sierra
eb07fab69f add Ragnar Locker and update accordingly 2021-02-23 16:21:07 +01:00
Delta-Sierra
06ae10965b add Covidloc and tycoon ransomware + small updates on some ransomwares 2021-02-22 16:39:47 +01:00
Delta-Sierra
7c1ac58141 add TeamTNT 2021-02-22 16:38:18 +01:00
Thijsvanede
e9eb0c7a6c
Fix: rename "Innitial Access" to "Initial Access"
Renamed mitre-ics-tactics "Innitial Access" to "Initial Access".
Original was a minor spelling mistake.
The fixed naming corresponds to the original ATT&CK framework description https://collaborate.mitre.org/attackics/index.php/Initial_Access
2021-02-19 12:01:47 +01:00
Thomas Dupuy
178e16dc13 Remove empty values. 2021-02-16 10:32:37 -05:00
Thomas Dupuy
4a7560d191 Add Exaramel and P.A.S. webshell tool. 2021-02-15 12:52:53 -05:00
Thomas Dupuy
93396c524d Add Caterpillar WebShell. 2021-02-12 12:00:17 -05:00
Delta-Sierra
96bf0d44ea Merge https://github.com/MISP/misp-galaxy 2021-02-09 14:52:58 +01:00
Daniel Plohmann
d61e7d2fac
adding ClearSky alias for Volatile Cedar
adding ClearSky report as source and alias to the VolatileCedar entry. As proof from the report: "We attributed the operation to Lebanese Cedar (also known as Volatile Cedar), mainly based on the code overlaps between the 2015 variants of Explosive RAT and Caterpillar WebShell, to the 2020 variants of these malicious  files."
2021-01-29 10:39:18 +01:00
Koen Van Impe
87b22f363c Move cfr-type-of-incident to meta 2021-01-28 12:25:39 +01:00
Koen Van Impe
23778666ba RSIT Galaxy/Cluster 2021-01-28 10:03:12 +01:00
StefanKelm
fb35646406
Update threat-actor.json
Lazarus
2021-01-26 14:38:37 +01:00
Thomas Dupuy
f964514ec5 Add HyperBro in tools 2021-01-20 13:44:28 -05:00
Thomas Dupuy
9df95031a7 Update ZxShell tool. 2021-01-20 13:27:51 -05:00
StefanKelm
a131a7ce98
Update threat-actor.json
Lazarus
2021-01-20 17:43:18 +01:00
3c19c7c1e5
Merge pull request #617 from danielplohmann/patch-4
merge COVELLITE into Lazarus Group
2021-01-17 16:05:13 +01:00
Daniel Plohmann
ca66fcd93a
merge COVELLITE into Lazarus Group
I would propose to move COVELLITE as tracked by Dragos as an alias into Lazarus Group and merge the references. 
Dragos' own description states that it refers to the same group as "Lazarus" and "Hidden Cobra" in that infrastructure and tools are the same: https://www.dragos.com/threat-activity-groups/ - the entry in MISP's threat actor library also reflects that.
2021-01-17 15:07:26 +01:00
Rony
91e87cf82c
Update threat-actor.json
Don't know how StarCraft
2021-01-17 12:21:34 +05:30
Daniel Plohmann
edcc3c0bc1
merging ScarCruft->APT37
I would like to propose merging entry "ScarCruft" into "APT37". It really just seems like a redundancy, as both its aliases "Operation Daybreak" and "Operation Erebus" are already present for "APT37", along alias "StarCruft", which just seems to be a less popular variation of the name ("StarCruft" 3.2k google hits vs "ScarCruft" 31.5k google hits). The references of the entry can be fully merged as well - they do not overlap so far.
2021-01-15 18:52:49 +01:00
Delta-Sierra
a6f7795952 fix merge 2021-01-12 10:38:33 +01:00
2b356a9eb0
chg: [threat-actor] UNC2452/DarkHalo added - ref. #614 2021-01-12 07:01:36 +01:00
184d57f0a2
chg: [ransomware] Babuk Ransomware added 2021-01-05 19:11:28 +01:00
4454b58743
chg: [ransomware] RegretLocker added 2020-12-30 14:14:09 +01:00
Rony
3240aa819f
Update threat-actor.json 2020-12-14 11:54:41 +05:30
Rony
2ffb77b35b
BISMUTH 2020-12-14 10:41:15 +05:30
Delta-Sierra
31f96513b2 update sidewinder threat actor 2020-12-11 16:09:33 +01:00
ac86ebd5f6
Merge pull request #609 from StefanKelm/master
Update threat-actor.json
2020-12-09 22:16:49 +01:00
Delta-Sierra
ebd31b7376 add BazarBackdoor 2020-12-09 16:42:32 +01:00
Delta-Sierra
d3a9cf742a add RansomEXX 2020-12-09 16:32:02 +01:00
Delta-Sierra
3daaa30aed Merge https://github.com/MISP/misp-galaxy 2020-12-07 16:20:36 +01:00
StefanKelm
5dc92995f6
Update threat-actor.json
DeathStalker, Mabna
2020-12-04 11:43:06 +01:00
StefanKelm
4fee985b5e
Update threat-actor.json
Turla
2020-12-03 13:05:14 +01:00
StefanKelm
72e085aba9
Update threat-actor.json
OceanLotus
2020-12-02 11:44:29 +01:00
StefanKelm
15b5f4c881
Update threat-actor.json
APT27
2020-11-30 11:49:23 +01:00
Delta-Sierra
e81d3c63d5 Merge https://github.com/MISP/misp-galaxy 2020-11-27 12:47:20 +01:00
Christophe Vandeplas
9a731470d3 chg: [att&ck] update to latest MITRE ATT&CK version 2020-11-25 07:45:48 +01:00
StefanKelm
da910c0c2e
Update threat-actor.json 2020-11-18 19:15:11 +01:00
Delta-Sierra
7af75bb222 add Darkside ransomware 2020-11-18 16:10:49 +01:00
StefanKelm
48ffaa8ce1
Update threat-actor.json
Lazarus
2020-11-18 12:10:23 +01:00
snurilov
44e9da1390
Add ConfuserEx and Beds Protector .NET packers to tools.json cluster
Add ConfuserEx and Beds Protector .NET packers to tools.json cluster
2020-11-11 23:09:03 -05:00
snurilov
3f4683d8a3
Update rat.json to include Iperius Remote
Add Iperius Remote to the rat.json cluster.
2020-11-09 23:45:16 -05:00
StefanKelm
bf5bdeacb0
Update threat-actor.json
OceanLotus
2020-11-09 14:39:55 +01:00
StefanKelm
41a7a36317
Update threat-actor.json
Kimsuky
2020-11-02 17:30:25 +01:00
Rony
333e55fbeb
remove duplicate! 2020-11-02 14:18:49 +05:30
Rony
000cfa68a8
Update threat-actor.json
Added TRACER KITTEN, FIN11, UNC1878, Operation Skeleton Key
2020-11-02 13:51:08 +05:30
Deborah Servili
28784683db
Merge branch 'main' into master 2020-10-30 16:17:27 +01:00
Delta-Sierra
88bbf8851c jq 2020-10-30 16:14:02 +01:00
Delta-Sierra
be672b8d3a update microsoft activity groups 2020-10-30 14:53:20 +01:00
5d31753e6a
chg: [cryptominer] updated 2020-10-30 09:48:08 +01:00
24f05749f0
Merge branch 'master' of https://github.com/enhanced/misp-galaxy into enhanced-master 2020-10-30 09:47:45 +01:00
JJ Cummings
c48a38c2f1
Added a new cryptominer galaxy and additional missing recent families to various clusters 2020-10-29 14:40:22 -06:00
StefanKelm
808c2c3828
Update threat-actor.json
Kimsuky
2020-10-28 12:52:06 +01:00
b41e3d4f50
chg: [rename] tea matrix 2020-10-23 15:57:13 +02:00
e5ea22a3b0
chg: [tea] matrix updated to include brewing time and the milk attack technique 2020-10-23 11:51:50 +02:00
0ccbdb862b
chg: [tea] first version 2020-10-23 11:16:50 +02:00
Christophe Vandeplas
2334676e64 chg: [att&ck] no tag for subtechnique 2020-10-18 20:14:05 +02:00
Christophe Vandeplas
d58dd1fca2 new: [att&ck] support for subtechniques 2020-10-18 20:00:48 +02:00
Daniel Plohmann
02bcf1f5a7
adding PowerPool alias IAmTheKing (Kaspersky)
after a quick search I haven't found a nice source except for costin's tweet.
2020-10-09 13:49:16 +02:00
StefanKelm
7bab41e367
Update threat-actor.json
TA505
2020-10-06 15:29:54 +02:00
StefanKelm
1d05f17507
Update threat-actor.json
XDSpy
2020-10-06 12:45:43 +02:00
Christophe Vandeplas
32b142c8e0 fixes issues in attack-ics 2020-10-02 16:54:21 +02:00
Christophe Vandeplas
f95e88b1f9 MITRE ATT&CK for ICS fixes #586
fixed issues in pull request #586
2020-10-01 20:42:40 +02:00
StefanKelm
18eebc01f6
Lazarus 2020-09-29 12:02:16 +02:00
Bart
2b51f7b6de
Update threat-actor.json
Add Machete alias
2020-09-27 18:37:24 +02:00
StefanKelm
e95fbb571d
Update threat-actor.json
GADOLINIUM
2020-09-25 11:52:34 +02:00
StefanKelm
3ad3d5f318
Update threat-actor.json
APT28
2020-09-22 18:07:33 +02:00
Deborah Servili
d48216031a
add Sepulcher RAT 2020-09-22 16:23:39 +02:00
Deborah Servili
4f3b6945c0 Merge https://github.com/MISP/misp-galaxy 2020-09-22 12:17:42 +02:00
Rony
d1c70b3d80
FBI FLASH AC-000133-TT 2020-09-17 11:05:00 +05:30
Rony
4d4a462d7a
Update threat-actor.json
Adding Fox-Kitten and cleaned (or improved) winnti
2020-09-17 00:07:40 +05:30
Deborah Servili
0fe525a9db Merge https://github.com/MISP/misp-galaxy 2020-09-16 10:22:38 +02:00
Deborah Servili
00b5d0d116 add refs 2020-09-16 10:08:31 +02:00
Daniel Plohmann (jupiter)
7b00674c77 Adding TA413 and Evilnum 2020-09-15 14:19:22 +02:00
StefanKelm
63030f2cfe
Update threat-actor.json
APT33
2020-09-14 12:01:53 +02:00
StefanKelm
3cc3cc461a
Update threat-actor.json
STRONTIUM
2020-09-11 11:38:06 +02:00
Raphaël Vinot
405d5f1fe9 fix: Sort keys, fix tests 2020-09-08 10:51:24 +02:00
9e519962c6
chg: [botnet] Katura mess added 2020-09-07 12:41:39 +02:00
StefanKelm
57a31fd60c
Update threat-actor.json
Lazarus, FIN7
2020-09-03 14:44:10 +02:00
StefanKelm
503d421a56
Update threat-actor.json
TA542
2020-08-31 15:07:13 +02:00
VVX7
4635146b00 chg: [dev] jq 2020-08-22 13:06:42 -04:00
VVX7
1cddf4b7cd new: [dev] fix empty strings, lists 2020-08-22 12:59:05 -04:00
VVX7
b4c3ffc8eb new: [dev] add ASPI's China Defence University Tracker.
Thanks to Cormac Doherty for writing the web scraper! To update the galaxy run the included gen_defence_university.py script.

"The China Defence Universities Tracker is a database of Chinese institutions engaged in military or security-related science and technology research. It was created by ASPI’s International Cyber Policy Centre.

It includes entries on nearly 100 civilian universities, 50 People’s Liberation Army institutions, China’s nuclear weapons program, three Ministry of State Security institutions, four Ministry of Public Security universities, and 12 state-owned defence industry conglomerates.

The Tracker is a tool to inform universities, governments and scholars as they engage with the entities from the People’s Republic of China. It aims to build understanding of the expansion of military-civil fusion—the Chinese government’s policy of integrating military and civilian efforts—into the education sector.

The Tracker should be used to inform due diligence of Chinese institutions. However, the fact that an institution is not included here does not indicate that it should not raise risks or is not involved in defence research. Similarly, entries in the database may not reflect the full range and nature of an institution’s defence and security links." - ASPI (https://unitracker.aspi.org.au/about/)
2020-08-21 11:24:22 -04:00
rmkml
e02ac52566 add Conti Ransomware 2020-08-15 22:10:49 +02:00
Thomas Dupuy
4009ef9997 Fix: remove comma 2020-08-14 13:01:37 -04:00
Thomas Dupuy
d0c6b7b46d Update Tonto Team/CactusPete threat actor 2020-08-13 15:57:33 -04:00
Thomas Dupuy
72554ed71c Add Drovorub tool 2020-08-13 15:08:32 -04:00
Thomas Dupuy
4130d7c6fc Update TA APT40 2020-08-13 12:22:36 -04:00
Daniel Plohmann
8407b6fd28
Update threat-actor.json
adding Kaspersky's name for Microcin.
2020-08-12 12:03:28 +02:00
Thomas Dupuy
9cadabba7a Add WellMess and WellMail 2020-08-11 12:37:28 -04:00
rmkml
6d10e3a37d add Ragnarok Ransomware 2020-08-02 20:46:32 +02:00
Vasileios Mavroeidis
40d12b9dde
Motive correction based on the EU Cert motive taxonomy
Changed the motive in object 29af2812-f7fb-4edb-8cc4-86d0d9e3644b from Hactivism-Nationalist to Hacktivists-Nationalists
2020-07-28 11:43:46 +02:00
44afaf2523
chg: [threat-actor] remove duplicate references 2020-07-27 09:57:41 +02:00
StefanKelm
86c54cbd8c
Update threat-actor.json
OilRig
2020-07-23 11:07:22 +02:00
Raphaël Vinot
c174f613c5 fix: Name of SoD Matrix cluster to match galaxy.
Fix #566
2020-07-22 11:52:27 +02:00
Steve Clement
df6bed3d3a
Merge pull request #563 from r0ny123/patch-1 2020-07-22 09:14:13 +09:00
StefanKelm
17a1feb016
Update threat-actor.json
Turla
2020-07-15 11:20:18 +02:00
Rony
c33f4c7611
Update threat-actor.json
Moved the JUDGMENT PANDA references to APT31 following the previous commit.
Off note, Crowdstrike quietly removed the JUDGMENT PANDA section from its GTR-2019 report. However if anyone wants to grab the unchanged report, they can get it [here](https://b-ok.asia/book/3697424/2ab30a).
2020-07-12 12:57:24 +05:30
Rony
b77b9d374c
Update threat-actor.json 2020-07-12 11:19:13 +05:30
Koen Van Impe
d3e22ef14c SoD Matrix
Described at https://github.com/cudeso/SoD-Matrix
2020-07-10 14:08:45 +02:00
Deborah Servili
84474ddb29 merge 2020-07-09 16:31:04 +02:00
Deborah Servili
865e76beae commit 2020-07-07 14:47:44 +02:00
ba46bb6a0b
chg: [threat-actor] fix #561 by using new meta to classify as a campaign only.
Based on https://github.com/MISP/misp-galaxy/issues/469

There is an old and persistence issue in attribution world and basically no-one really agrees on this. So we decided to start a specific metadata `threat-actor-classification` on the threat-actor to define the various types per cluster entry:

- _operation_:
  - _A military operation is the coordinated military actions of a state, or a non-state actor, in response to a developing situation. These actions are designed as a military plan to resolve the situation in the state or actor's favor. Operations may be of a combat or non-combat nature and may be referred to by a code name for the purpose of national security. Military operations are often known for their more generally accepted common usage names than their actual operational objectives._ from Wikipedia
  - **In the context of MISP threat-actor name, it's a single specific operation.**
- _campaign_:
  - _The term military campaign applies to large scale, long duration, significant military strategy plans incorporating a series of inter-related military operations or battles forming a distinct part of a larger conflict often called a war. The term derives from the plain of Campania, a place of annual wartime operations by the armies of the Roman Republic._ from Wikipedia
  - **In the context of MISP threat-actor-name, it's long-term activity which might be composed of one or more operations.**
- threat-actor
  - **In the context of MISP threat-actor-name, it's an agreed name by a set of organisations.**
- activity group
  - **In the context of MISP threat-actor-name, it's a group defined by its set of common techniques or activities.**
- unknown
  - **In the context of MISP threat-actor-name, it's still not clear if it's an operation, campaign, threat-actor or activity group**

The meta field is an array to allow specific cluster of threat-actor to show the current disagreement between different organisations about the type (threat actor, activity group, campaign and operation).
2020-07-07 09:13:21 +02:00
164e54c3fe
Merge branch 'master' of github.com:MISP/misp-galaxy 2020-07-02 09:55:42 +02:00
StefanKelm
14665429d7
Update threat-actor.json
APT31
2020-06-25 16:23:00 +02:00
StefanKelm
92bc206879
Update threat-actor.json
APT30
2020-06-23 14:54:09 +02:00
Rony
bc97b07089
Update threat-actor.json 2020-06-21 19:19:17 +05:30
StefanKelm
583f1d2fc2
Update threat-actor.json
TA505
2020-06-17 11:56:29 +02:00
0cb36249a4
chg: [jq] all the things 2020-06-12 09:26:30 +02:00
Rony
29be5ac7e1
fixed typo! 2020-06-12 00:09:59 +05:30
Rony
9365bfb7cd
Adding GALLIUM Threat Actor 2020-06-11 23:42:35 +05:30
StefanKelm
f042f98247
Update threat-actor.json
Higaisa
2020-06-08 14:09:39 +02:00
StefanKelm
9c25d5e8c5
Update threat-actor.json
Cycldek
2020-06-04 17:18:45 +02:00
3867b1f602
Merge pull request #552 from danielplohmann/reference-fixes
Reference fixes
2020-05-29 09:26:05 +02:00
2a074f23fd
chg: [preventive-measure] packet filtering added 2020-05-27 10:02:16 +02:00
Daniel Plohmann (jupiter)
a705d1402f fixing deadlinks where possible 2020-05-27 09:49:58 +02:00
Daniel Plohmann (jupiter)
171f272a1e default to HTTPS to be consistent with other links to same page 2020-05-27 09:27:52 +02:00
8a0a4cb02d
Merge pull request #551 from nyx0/master
Add CrackMapExec, metasploit, Cobalt Strike and Covenant
2020-05-27 09:10:08 +02:00
Thomas Dupuy
291fb41502 Remove duplicate TA (Chafer), fix symantec link, add synonyme for DarkHotel 2020-05-26 09:50:43 -04:00
Thomas Dupuy
143bd521be Add CrackMapExec, metasploit, Cobalt Strike and Covenant 2020-05-26 09:35:01 -04:00
Rony
fbd351590a
Update threat-actor.json 2020-05-24 23:18:54 +05:30
Rony
5f8094d16f
fix 2020-05-24 23:14:43 +05:30
b5bbc34f5d
chg: [threat-actor] remove the non-unique elements 2020-05-22 14:01:32 +02:00
Nils Kuhnert
fbfe9d23c3
Merged (most) SecureWorks threat actor profiles && jq 2020-05-22 13:45:29 +02:00
iglocska
dee9a56460
fix: small fixes to the bhadra framework 2020-05-19 16:45:40 +02:00
iglocska
43703f1a96
new: added Bhadra framework for mobile attacks
- based on the paper published here: https://arxiv.org/pdf/2005.05110.pdf
- thanks to the ATT&CK EU community conference speakers highlighting this framework!
2020-05-19 16:34:59 +02:00
006b61bc44
Merge pull request #547 from Delta-Sierra/master
add Snake Ransomware
2020-05-15 17:55:47 +02:00
Deborah Servili
b943a7daca
fix missing description 2020-05-15 09:00:34 +02:00
Deborah Servili
6d6da39da4
add Snake Ransomware 2020-05-13 11:58:33 +02:00
Daniel Plohmann
5101c5a828
msft name: BORON for APT3
as per tweet: https://twitter.com/bkMSFT/status/1259578051962306562
2020-05-11 15:37:38 +02:00
09429eda5a
chg: [ta] fix the JSON 2020-05-11 10:20:10 +02:00
Thomas Dupuy
fc9505cadf Add Sednit's Exploit-kit Sedkit 2020-05-08 13:29:14 -04:00
Thomas Dupuy
69fe870803 Add Higaisa Threat Actor 2020-05-08 13:01:48 -04:00
Deborah Servili
1d331a9ab1
Merge branch 'master' into master 2020-04-28 15:19:38 +02:00
Thomas Dupuy
46a6d9fcb1 Add DenesRAT/METALJACK 2020-04-28 01:08:50 -04:00
2a70893352
chg: [jq] JSON fixed 2020-04-27 15:03:25 +02:00
de Rosen
a428ad565e Added misp info 2020-04-27 15:16:33 +03:00
Deborah Servili
f6fd07fbc9
add speculoos bakdoor 2020-04-27 09:36:23 +02:00
86157a6b96
Merge pull request #539 from r0ny123/MergingTA
Adding alias Thallium and merging STOLEN PENCIL
2020-04-26 21:16:56 +02:00
Rony
112f9e4a08
Adding alias Thallium and merging STOLEN PENCIL
Pretty much confirmed from the crowdstrike talk at ATT&CKon 2.0.
And also Netscout named the campaign as STOLEN PENCIL.
2020-04-26 23:47:37 +05:30
de71a444f8
chg: [json] add missing comma 2020-04-26 14:23:59 +02:00
rvs1st
d449eb94fc
Update threat-actor.json
Added on line 1403: Trident per campaign malicious RTF documents to exploit CVE-2017-11882 and CVE-2012-0158
2020-04-24 09:03:58 -05:00
4234d44052
Merge pull request #537 from danielplohmann/patch-28
Adding Nazar APT as described by JAGS in his OPCDE talk yesterday.
2020-04-24 15:33:47 +02:00
Daniel Plohmann
858621ebdc
Adding Nazar APT as described by JAGS in his OPCDE talk yesterday. 2020-04-23 15:47:35 +02:00
Daniel Plohmann
b0f0bbae33
adding VOYEUR as alias (used by NSA) for MAGIC KITTEN (source reference included) 2020-04-23 14:52:08 +02:00
Deborah Servili
6b49d81b13 Merge branch 'master' of https://github.com/MISP/misp-galaxy 2020-04-23 10:06:04 +02:00
itayc0hen
667d5b8850 Add ItaDuke/DarkUniverse actor 2020-04-22 19:44:38 +03:00
pnx@pyrite
974ece3a7c adding FIN1 2020-04-20 14:20:22 +02:00
Rony
aa34775390
typo
thanks to @patricksvgr
2020-04-19 23:17:44 +05:30
Rony
ddfa280672
Update threat-actor.json 2020-04-19 23:06:57 +05:30
Rony
7ac2648dbc
more fix 2020-04-19 23:00:42 +05:30
Rony
573b4807ee
fix broken links 2020-04-19 16:03:21 +05:30
Rony
42a4820823
dead link 2020-04-19 11:45:45 +05:30
Rony
0aa34187e9
add link 2020-04-19 11:29:36 +05:30
Rony
d6bf42254f
Merging APT23 & Tropic Trooper 2020-04-18 13:22:25 +05:30
Rony
c161080175
Update threat-actor.json 2020-04-15 21:36:48 +05:30
Deborah Servili
e8edc9cafc Merge branch 'master' of https://github.com/MISP/misp-galaxy 2020-04-15 11:27:01 +02:00
Deborah Servili
b01e64eb1f
add Operation Shadow Forece 2020-04-08 14:53:19 +02:00
Daniel Plohmann
aba625dee5
removed duplicate entry 2020-04-07 08:49:33 +02:00
Daniel Plohmann
e15a4a6525
fixing/removing some more dead links 2020-04-06 15:25:22 +02:00
Deborah Servili
7859c8dbd7
Add coronavirus ransomware 2020-04-03 16:19:45 +02:00
Deborah Servili
8a3422acb4
add Pyta ransomnotes 2020-04-03 11:58:02 +02:00
Deborah Servili
c566c89f2a
add pyza ransomware 2020-03-27 14:22:34 +01:00
c7104e8819
chg: [country] jq all 2020-03-23 13:09:14 +01:00
iglocska
777c3188db
new: [country] galaxy added 2020-03-23 12:10:16 +01:00
35a57c36bf
Merge pull request #526 from Delta-Sierra/master
PARINACOTA group
2020-03-12 23:23:05 +01:00
Deborah Servili
a706b8ef2e
PARINACOTA group 2020-03-12 13:11:46 +01:00
e37f320df5
Merge pull request #523 from danielplohmann/patch-24
adding aliases MERCURY, HOLMIUM
2020-03-09 21:56:27 +01:00
Daniel Plohmann
ab49ef3c1a
Kimsuki -> Black Banshee
PWC refers to Kimsuki as Black Banshee (https://www.pwc.co.uk/issues/cyber-security-data-privacy/research/tracking-kimsuky-north-korea-based-cyber-espionage-group-part-2.html)
2020-03-09 18:20:56 +01:00
Daniel Plohmann
1260ab156a
adding aliases MERCURY, HOLMIUM
Muddywater->MERCURY: https://twitter.com/moranned/status/1234071210822184960
APT33->HOLMIUM: https://www.zdnet.com/article/microsoft-notified-10000-victims-of-nation-state-attacks/
2020-03-09 08:50:08 +01:00
e81c91e3e9
Merge pull request #522 from Delta-Sierra/master
add sdbbot
2020-03-06 15:24:14 +01:00
Deborah Servili
b007d5d3ce
add SdBbot 2020-03-06 14:33:19 +01:00
a407ddcc5b
Merge branch 'master' of github.com:MISP/misp-galaxy 2020-03-05 10:49:15 +01:00
375db26505
chg: [malpedia] fixes 2020-03-05 10:48:28 +01:00
4a64d0a4ad
Merge pull request #519 from danielplohmann/crowdstrike2020report
adding new/updated threat actor names from CrowdStrike 2020 report
2020-03-05 09:07:16 +01:00
Corsin Camichel
66aa5c3b13
fixing a comma error 2020-03-04 21:13:01 +01:00
Daniel Plohmann (jupiter)
0c2b0b76eb while we are at it, we can also do Longhorn = APT-C-39 2020-03-04 21:09:06 +01:00
Corsin Camichel
a5a7c21c79
adding Raccoon (win.raccoon) 2020-03-04 21:02:51 +01:00
Daniel Plohmann (jupiter)
184f193342 IMPERIAL KITTEN as alias for Tortoiseshell 2020-03-04 19:39:14 +01:00
pnx@pyrite
3dc460e795 adding new/updated threat actor names from CrowdStrike 2020 report 2020-03-04 13:36:34 +01:00
Daniel Plohmann
dc059d1f4d
Accenture calls APT32 - "POND LOACH" 2020-03-03 19:40:50 +01:00
Deborah Servili
d8ea0f865c
add clop ransomware extension 2020-03-02 13:33:38 +01:00
b4b91b1e5d
chg: [threat-actor] JSON fixed 2020-02-28 16:37:24 +01:00
4c7532984a
Merge branch 'master' of https://github.com/nyx0/misp-galaxy into nyx0-master 2020-02-28 16:36:56 +01:00
Deborah Servili
0d4745d55f Merge branch 'master' of https://github.com/MISP/misp-galaxy 2020-02-28 11:38:20 +01:00