Adam McHugh
cff8a38c5f
Added Copy-Paste Threat Actor from ACSC Advisory 2020-008
2022-04-17 19:37:26 +09:30
Adam McHugh
622c0502aa
Ammended Conti ransomware entry with ACSC 2021-010 advisory data
2022-04-17 19:23:11 +09:30
Adam McHugh
99caab201f
Ammended Blackcat ransomware entry with ACSC 2022-004 advisory data
2022-04-17 18:05:24 +09:30
Thomas Dupuy
bd05eb0bba
upd: [cluster] add Threat Actor BladeHawk.
2022-04-11 17:03:19 +00:00
Thomas Dupuy
209391f110
upd: [cluster] add ref and synonyms for Energetic Bear.
2022-04-07 18:26:58 +00:00
b649057a5a
chg: [handicap] fixed more fields
2022-04-04 11:09:30 +02:00
aff4345074
chg: [handicap] more cleanup
2022-04-04 11:01:38 +02:00
269f91ad75
chg: [handicap] more clean-up of uuid values
2022-04-04 10:56:29 +02:00
d3d4e7186b
chg: [handicap] fix name of the clusters
2022-04-04 10:43:56 +02:00
7e6390c336
Merge pull request #694 from AgatheMgt/main
...
Handicap
2022-04-04 10:41:06 +02:00
Rony
a08ddaf548
Add Avivore & HAZY TIGER/Bitter
2022-04-02 01:14:18 +05:30
Rony
50f39edc10
Revert "update threat actors meta"
2022-04-02 00:55:38 +05:30
Delta-Sierra
73f71c8b15
dup
2022-04-01 16:51:27 +02:00
Delta-Sierra
fb557fd3a2
dup
2022-04-01 16:47:50 +02:00
Delta-Sierra
909fc09992
duplicate
2022-04-01 16:44:47 +02:00
Delta-Sierra
7c3e8ac068
fix duplicate
2022-04-01 16:40:40 +02:00
Delta-Sierra
dcc396108c
fix duplicate
2022-04-01 16:36:47 +02:00
Delta-Sierra
9257fb677b
merge
2022-04-01 16:32:10 +02:00
Delta-Sierra
0f7803b091
update threat actors meta
2022-04-01 16:00:27 +02:00
Sami Mokaddem
4242732af1
chg: jq all 2
2022-03-31 09:05:22 +02:00
Sami Mokaddem
a9a09d11c6
chg: jq all
2022-03-31 08:59:36 +02:00
Mathieu Beligon
c35fad3291
Add threat actor group Scarab
2022-03-28 12:11:34 +02:00
94c3788089
Merge pull request #687 from Badis-dev/main
...
Add galaxy and cluster cancer
2022-03-25 10:04:46 +01:00
AgatheMgt
aec779d1ee
poatate
2022-03-24 09:43:58 -04:00
AgatheMgt
3ce6d7a313
Update handicap.json
2022-03-24 07:48:49 -04:00
AgatheMgt
a6a16926f6
Create handicap.json
2022-03-24 07:08:08 -04:00
Daniel Plohmann
24a3f16ab4
adding threat actor group LAPSUS$ / DEV-0537.
2022-03-23 09:47:10 +01:00
Delta-Sierra
97690426bf
update threat actors meta
2022-03-18 16:41:10 +01:00
6f0208dcaf
chg: [ransomware] UUID fixed
2022-03-18 16:03:27 +01:00
ef5af37dbe
chg: [botnet] duplicate UUIDs replaced
2022-03-18 15:58:09 +01:00
c0a07d2246
chg: [ransomware] replace duplicate UUIDs
2022-03-18 15:57:06 +01:00
botlabsDev
6416d0b2de
add Rook Ransomware, Pandora Ranomsware, Astro Locker, Mount Locker, Ripprbot, Abcbot Cyclops Blink and Elknot
2022-03-18 15:34:11 +01:00
18069ce5f3
Merge pull request #688 from botlabsDev/patch-0
...
Add tool 'BadPotato' to clusters/tool.json
2022-03-15 12:30:47 +01:00
7fd5715715
Merge pull request #691 from r0ny123/indian-adversaries
...
Update to Indian Adversaries
2022-03-15 12:28:16 +01:00
Rony
eebda5f955
chg: [threat-actor] merging viceroy tiger and donot team & adding SectorE02 as an alias of Donot team
2022-03-15 15:02:57 +05:30
Rony
ac72e7b639
fix
2022-03-15 14:00:46 +05:30
Rony
3b67e745e5
Update threat-actor.json
2022-03-15 13:57:00 +05:30
botlabsDev
99ab2a13d6
Add tool 'BadPotato' to clusters/tool.json
2022-03-14 18:02:02 +01:00
Badis-dev
231915f9a4
add galaxy and cluster cancer
2022-03-11 14:20:09 +01:00
Badis-dev
27241135a2
Add cancer.json
2022-03-11 11:26:57 +01:00
Badis-dev
78f1c9f345
Delete cancer.json
2022-03-11 11:26:30 +01:00
Badis-dev
1c707f7c5e
Add cancer cluster
2022-03-11 11:13:57 +01:00
Delta-Sierra
957327383d
fix array
2022-03-07 16:10:53 +01:00
Delta-Sierra
a7f3df8a9a
merge
2022-03-07 16:04:38 +01:00
Delta-Sierra
8fd3c87b47
update threat actors meta
2022-03-07 15:54:29 +01:00
8e09c9b30c
Merge pull request #685 from danielplohmann/patch-14
...
adding threat actor "Moses Staff"
2022-03-02 21:43:00 +01:00
Daniel Plohmann
896a451461
fixed with linted JSON.
2022-03-02 21:22:28 +01:00
Daniel Plohmann
a817324cd4
adding threat actor "Moses Staff"
2022-03-02 15:50:39 +01:00
Mathieu Beligon
0b456b8afa
version bump -> 213
2022-03-02 14:55:26 +01:00
Mathieu Beligon
d3d241ca54
Update Gamaredon target
2022-03-02 14:55:19 +01:00
Mathieu Beligon
27c05a118e
Update GhostWriter
2022-03-02 13:16:20 +01:00
Delta-Sierra
c909a35d65
Merge https://github.com/MISP/misp-galaxy into main
2022-02-18 10:57:10 +01:00
Delta-Sierra
a788c867a7
jq
2022-02-18 10:56:07 +01:00
Delta-Sierra
b0cd884afc
add TA2541
2022-02-18 10:54:25 +01:00
Daniel Plohmann
321e4b4a57
another Gamaredon ref and version bump
2022-02-18 08:26:01 +01:00
Daniel Plohmann
254dd47a61
adding ACTINIUM as MSFT name for Gamaredon
2022-02-18 08:24:35 +01:00
Delta-Sierra
33ef3317b7
fix duplicate
2022-02-14 10:02:36 +01:00
Delta-Sierra
9b76d71c43
Merge https://github.com/MISP/misp-galaxy into main
2022-02-14 08:47:21 +01:00
Delta-Sierra
3184819968
add DDG botnet and more
2022-02-11 16:13:36 +01:00
rwe
4700780d47
added antlion APT group
2022-02-05 04:52:33 -08:00
f49b54281b
chg: [ransomware] set encryption only
2022-02-02 22:36:14 +01:00
3328b73185
fix: [ransomware] array end missing
2022-02-02 22:32:39 +01:00
Kevin Holvoet
3d23f98d04
Forgot comma between JSON entries
2022-02-02 18:58:55 +01:00
Kevin Holvoet
389add7580
Update ransomware.json with URL fix
...
Fixed URL for AlphaLocker
2022-02-02 18:54:31 +01:00
Kevin Holvoet
fa9829cec0
Update ransomware.json: add BlackCat (ALPHV)
2022-02-02 18:50:19 +01:00
Daniel Plohmann
833a6e0a8d
updated URLs for Gamaredon with Shuckworm alias reference
2022-02-02 09:40:10 +01:00
Daniel Plohmann
8f928d8eb3
adding Gamaredon alias Shuckworm used by Symantec
2022-02-02 09:35:53 +01:00
Delta-Sierra
5cf1eb01f4
Merge https://github.com/MISP/misp-galaxy into main
2022-01-31 10:04:07 +01:00
1fda357a03
new: [surveillance] Cytrox added
2022-01-30 11:31:55 +01:00
Jürgen Löhel
22046a1eae
Adds WhisperGate
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-01-18 13:16:06 -06:00
Delta-Sierra
e523bdaf70
merge
2022-01-14 16:08:14 +01:00
Jürgen Löhel
3059c70ae6
Adds UPAS-Kit
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-01-13 11:53:32 -06:00
Thomas Dupuy
c792bdd1b7
Add AQUATIC PANDA threat actor.
2022-01-12 13:51:11 -05:00
Thomas Dupuy
afaf3a3110
Add Motnug tool.
2022-01-12 13:37:59 -05:00
Jürgen Löhel
5aa8a8a8b1
Adds Ragnatela RAT
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-01-10 15:57:10 -06:00
Sami Tainio
dcb87b0dc6
chg: [threat-actor] Add SideCopy
2022-01-07 17:45:41 +02:00
Daniel Plohmann
3094283252
adding Mandiant's FIN13.
2022-01-03 09:32:43 +01:00
eba1b2839f
chg: [concordia] CMTMF killchain typo fixed
2021-12-20 10:41:00 +01:00
Raphaël Vinot
b4d518d4f0
fix: cmtmf-attack-pattern had multiple duplicate UUIDs
2021-12-17 17:58:29 +01:00
12617ff627
chg: [concordia] fix name inconsistencies
2021-12-17 17:41:00 +01:00
69b582f9ba
chg: [concordia] duplicate removed
2021-12-17 17:31:38 +01:00
bc3ab62917
chg: [concordia] duplicate removed
2021-12-17 17:26:04 +01:00
ee2a3c83f4
chg: [concordia] duplicate techniques removed
2021-12-17 17:21:00 +01:00
01d23b61b7
chg: [concordia] typo fixed
2021-12-17 17:15:43 +01:00
01f2ce68d4
chg: [misp-galaxy] duplicate modify trusted environment and also different technique ID?
2021-12-17 17:13:57 +01:00
5becac98e4
chg: [concordia] duplicates removed
2021-12-17 16:51:11 +01:00
ae7b7bd47d
chg: [cmtmf-attack-pattern] various fixes to make JSON ok
2021-12-17 16:08:07 +01:00
7b587710b1
Merge branch 'concordia_mtmf' of https://github.com/BennSaturn/misp-galaxy into BennSaturn-concordia_mtmf
2021-12-17 15:55:03 +01:00
Jürgen Löhel
b81ac7f01d
Adds DarkWatchman RAT
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-12-17 07:20:58 -06:00
Delta-Sierra
b8960393a4
add Milan Rat, Shark tool and Lyceum synonyms
2021-11-29 16:00:40 +01:00
Delta-Sierra
bb92427b65
add Lyceum synonyms/sources
2021-11-29 12:05:51 +01:00
Delta-Sierra
78a8cf4ad2
add ESPecter Bootkit
2021-11-19 16:30:57 +01:00
Delta-Sierra
c89623e945
add ESPecter bootkit
2021-11-16 08:17:37 +01:00
Christophe Vandeplas
aeb5719448
chg: [att&ck] update to ATT&CK v10
2021-10-22 14:34:25 +02:00
ab41df7282
chg: [malpedia] remove duplicate
2021-10-20 12:24:12 +02:00
e517787e7c
chg: [malpedia] duplicates removed
2021-10-20 12:21:05 +02:00
69f878c86f
fix: [malpedia] remove duplicate urls
2021-10-20 12:16:22 +02:00
da91f2abc2
chg: [malpedia] updated
2021-10-20 10:21:03 +02:00
marjatech
d74fdb3e43
update malpedia
2021-10-19 16:21:19 +02:00
Bernardo Santos
e74fcfe268
Update cmtmf-attack-pattern.json
...
- update version
2021-10-13 10:06:00 +02:00
Bernardo Santos
5f19983ba3
Update cmtmf-attack-pattern.json
...
- Changes to cluster type
- Fix typo for privilege escalation tactic
2021-10-13 09:57:03 +02:00
Bernardo Santos
49dfcca563
CONCORDIA MTMF - Initial version
...
Initial version of the CONCORDIA Mobile Threat Modelling Framework for the CONCORDIA Project: https://www.concordia-h2020.eu/
2021-10-12 10:54:06 +02:00
Bernardo Santos
d09681b011
CONCORDIA MTMF - Initial version
...
Initial version of the CONCORDIA Mobile Threat Modelling Framework for the CONCORDIA Project: https://www.concordia-h2020.eu/
2021-10-12 10:45:03 +02:00
Jeroen Pinoy
9ec76ae185
Add threat actor common raven
2021-10-03 23:30:20 +02:00
Thomas Patzke
26f0c344a1
Added O365 techniques
...
Source:
https://www.inversecos.com/2021/09/office365-attacks-bypassing-mfa.html
2021-09-18 23:27:38 +02:00
Thomas Dupuy
1985de4d44
Add BLUELIGHT tool.
2021-08-27 10:28:06 +02:00
Thomas Dupuy
89a3f986ba
Add InkySquid synonym.
2021-08-24 16:29:34 +02:00
Daniel Plohmann
3272960a14
fixed typo in actor name (CLOCKWORD -> CLOCKWORK SPIDER)
2021-08-19 06:02:40 +02:00
Rony
5dd0c7d8b3
chg: [threat-actor] add origin country to UNC2452 & HAFNIUM
...
addressed https://github.com/MISP/misp-galaxy/pull/660#issuecomment-884475015
2021-08-02 22:30:05 +05:30
Rony
636ccdedcd
Update threat-actor.json
2021-07-21 18:47:56 +05:30
Rony
9ecfecc063
another fix
2021-07-21 18:41:18 +05:30
Rony
32ea60d721
fix
2021-07-21 18:31:05 +05:30
Rony
52e7d5a0a9
multiple updates to apt40, apt31 & hafnium
2021-07-21 18:28:40 +05:30
Rony
fb9a41f8e9
from Gov Canada & MFA Japan
2021-07-19 20:33:35 +05:30
Rony
c90c60cb13
adding references for APT40 & APT31
2021-07-19 20:14:36 +05:30
6c8949caa9
Merge pull request #658 from jasperla/oilrig
...
merge APT34 with OilRig
2021-07-03 08:56:39 +02:00
Deborah Servili
b6005bd53f
Merge branch 'main' into master
2021-07-02 13:30:51 +02:00
Delta-Sierra
913aff30c3
Add NOBELIUM and related
2021-07-02 13:18:03 +02:00
Jasper Lievisse Adriaanse
792490298e
merge APT34 with OilRig
...
OilRig already has "APT 34" and "APT34" as synonyms. Additionally
MITRE has since combined them due to overlap in activity:
https://attack.mitre.org/groups/G0049/
2021-06-29 20:26:04 +02:00
a5d7d85dc8
Merge pull request #657 from jloehel/add_matanbuchus
...
[cluster][tool] Adds Matanbuchus
2021-06-22 07:23:20 +02:00
Jürgen Löhel
254c201601
[cluster][tool] Adds Matanbuchus
...
+ threat actor: BelialDemon
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-06-21 18:04:28 -05:00
Jürgen Löhel
381973f5de
[cluster][stealer] Adds HackBoss
...
Fixes : #651
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-06-21 16:35:20 -05:00
Thomas Dupuy
772c5145c1
Added BackdoorDiplomacy and Gelsemium.
2021-06-11 11:48:57 -04:00
Rony
9a723b6261
more ta544 references
2021-05-26 20:26:27 +05:30
Rony
db06e1fa4a
chg: [threat-actor] added cybercrime threat group profiles from Crowdstrike & Secureworks
2021-05-22 21:02:30 +05:30
Daniel Plohmann
433ea5cb45
Twisted Spider -> TWISTED SPIDER
...
fair point
2021-05-19 17:04:58 +02:00
Daniel Plohmann
9719122d27
adding Twisted Spider as alias for TA2101 (Maze)
2021-05-19 16:47:41 +02:00
a3cdbc1309
Merge pull request #650 from Still34/patches/alias-tick-1
...
Add alias for Tick
2021-05-07 23:23:38 +02:00
Still Hsu
eb671f1e6a
Add Nian alias
...
Signed-off-by: Still Hsu <dev@stillu.cc>
2021-05-08 00:52:27 +08:00
Still Hsu
fe7c0dab07
Add country origin for BlackTech
...
Signed-off-by: Still Hsu <dev@stillu.cc>
2021-05-08 00:32:39 +08:00
Daniel Plohmann
38b8bac51d
fixing broken/dead links
2021-05-04 20:15:17 +02:00
6f7d3d5c2b
chg: [ransomware] COLT (Compromise to Leak Time) added on Darkside and Pysa
...
"COLT – Compromise to Leak Time" - new meta colt-median/colt-average.
For reference: https://vulnerability.ch/2021/05/colt-compromise-to-leak-time/
2021-05-03 07:41:43 +02:00
7aaf25a424
new: [ransomware] Ragnarok added
2021-04-30 12:08:03 +02:00
94ec98d544
Merge pull request #646 from r0ny123/update
...
Updates to APT27 & Tick
2021-04-29 18:29:53 +02:00
Christophe Vandeplas
86ee7008b2
chg: [att&ck] bump to latest ATT&CK version from MITRE
2021-04-29 18:12:36 +02:00
211a4b5145
fix: [ransomware] Related key should be outside metas
2021-04-26 13:48:06 +02:00
Rony
4ba2db0f3a
FlatChestWare duplicate removed
2021-04-26 16:24:09 +05:30
ef9989dbe8
chg: [ransomware] duplicate removed
2021-04-26 12:06:03 +02:00
847d3e8fa7
chg: [ransomware] duplicate removed
2021-04-26 12:01:01 +02:00
f3992ec5f1
chg: [ransomware] duplicates removed
2021-04-26 11:57:21 +02:00
f2703bd03e
chg: [ransomware] Flyper removed
2021-04-26 11:52:28 +02:00
Delta-Sierra
3cae487e3d
fix duplicates and add relations
2021-04-26 11:25:39 +02:00
Rony
faed812fc9
Merged STALKER PANDA to Tick
2021-04-25 19:12:20 +05:30
Rony
89b9c0c32c
several updates to apt27
2021-04-25 16:53:36 +05:30
Delta-Sierra
0a05621f82
Merge https://github.com/MISP/misp-galaxy
2021-04-19 15:48:58 +02:00
Delta-Sierra
b138354fa5
Removing duplicate
2021-04-19 15:42:49 +02:00
28f6475cc5
chg: [ransomware] first duplicate removed
2021-04-19 15:13:18 +02:00
e7061f90d9
chg: [ransomware] remove duplicate "File-Locker"
2021-04-19 15:08:06 +02:00
ab13dd00f8
Merge pull request #645 from Delta-Sierra/master
...
Adding ransomware names [WIP 2/3]
2021-04-19 15:03:12 +02:00
Delta-Sierra
f5713a8d87
Removing unexpected line
2021-04-19 14:53:36 +02:00
Delta-Sierra
b7b4b356c3
Adding ransomware names [WIP 3]
2021-04-19 14:47:10 +02:00
Delta-Sierra
fdf1a6c112
Adding ransomware names [WIP 2]
2021-04-19 13:24:25 +02:00
Daniel Plohmann
6eb594a6b0
adding Yanbian Gang as threat actor
2021-04-16 15:12:45 +02:00
Delta-Sierra
f3456a89c5
fix version
2021-04-15 15:08:11 +02:00
Delta-Sierra
4bcd0492bd
Adding ransomwares WIP
2021-04-15 15:07:52 +02:00
Daniel Plohmann
2d8e9ea364
Symantec uses Palmerworm as alias for BlackTech
...
Adding Palmerworm as Symantec alias for BlackTech (with reference).
2021-03-31 22:35:12 +02:00
Thomas Dupuy
a8c62ddeda
Add Ghostwriter.
2021-03-31 09:42:40 -04:00
Rony
50f5d2ae4a
reverted changes made into 52ae97718d
2021-03-30 22:19:05 +05:30
sebdraven
ce8a9442eb
validation jsons
2021-03-30 13:12:21 +00:00
Sebdraven
52ae97718d
Update threat-actor.json
...
add a synonym to Haffnium
2021-03-30 15:11:09 +02:00
sebdraven
b082977b9f
validation ok
2021-03-30 10:22:35 +00:00
Sebdraven
4ed4cebcee
Update threat-actor.json
...
format json
2021-03-30 12:16:22 +02:00
Sebdraven
a62e3ba530
Update threat-actor.json
...
add redecho threat actor
2021-03-30 12:10:50 +02:00
Jakub Onderka
ca9608da6d
fix: Cryptominers type
2021-03-27 22:07:33 +01:00
26b9740e55
chg: [malpedia] jq all the file and removed ref duplicates
2021-03-13 11:00:39 +01:00
Jakob M
f02ce7e805
update to latest
...
Ref: https://malpedia.caad.fkie.fraunhofer.de/api/get/misp
2021-03-12 10:35:12 +01:00
Delta-Sierra
eff327b4fd
fix progress
2021-03-11 14:42:55 +01:00
Delta-Sierra
7c843ac5c2
fix merge & jq
2021-03-11 14:08:29 +01:00
Delta-Sierra
c37befc8a9
merge
2021-03-11 10:35:05 +01:00
855a12a408
chg: [clusters] fixing broken UUID fix #628
2021-03-11 09:54:50 +01:00
f6ed00233e
chg: [ransomware] fix the broken UUID fix #628
2021-03-11 09:52:25 +01:00
Rony
57c7d0b9a0
From Nextron
2021-03-06 19:44:32 +05:30
Rony
6cabbfb091
more!
2021-03-06 14:22:29 +05:30
Rony
7b242555df
More references
...
From
Crowdstrike
MSRC
and kql hunting query from James Quinn
2021-03-06 13:28:14 +05:30
Rony
eaab88ef28
add HAFNIUM detection refs
2021-03-05 16:51:28 +05:30
Rony
4bc438a325
fix
2021-03-05 11:48:43 +05:30
Rony
d9b299aafc
add more HAFNIUM references
2021-03-05 11:42:04 +05:30
Rony
c9f7afef1c
Adding alias NOBELIUM
2021-03-04 22:39:33 +05:30
47dade9d0e
Merge pull request #631 from r0ny123/Enhancement
...
Add HAFNIUM
2021-03-04 14:48:01 +01:00
a9a6b0253f
chg: [microsoft activity group] HAFNIUM added
2021-03-04 10:49:58 +01:00
Rony
ad795606cf
added HAFNIUM
...
Updates:
Tonto Team
UNC2452
2021-03-04 00:10:33 +05:30
Sebdraven
2666341afc
Update threat-actor.json
...
update Sidewinder card
2021-03-03 17:59:25 +01:00
Thomas Dupuy
f842694fda
Update Infy TA.
2021-03-02 14:37:01 -05:00
524676282e
Merge branch 'main' of github.com:MISP/misp-galaxy into main
2021-02-26 08:30:58 +01:00
4692ced8fa
chg: [tool] SUNSPOT added
2021-02-26 08:28:01 +01:00
Delta-Sierra
0e23d8b95f
add relationships between Maze, Rgnar, Egregor and Sekhmet
2021-02-25 10:21:28 +01:00
Delta-Sierra
406dfdb45b
add Sekhmet ransomware
2021-02-25 09:52:52 +01:00
Delta-Sierra
d273a5da7d
add TeamTNT ref
2021-02-25 09:52:24 +01:00
Rony
5c6f3a036b
removing DePrimon
...
DePrimon is not a TA, added malfamily (waiting for approval) to Malpedia to better reflect that.
2021-02-24 21:55:04 +05:30
Thomas Dupuy
eeafff9768
Add RDAT backdoor
2021-02-23 11:15:31 -05:00
Delta-Sierra
eb07fab69f
add Ragnar Locker and update accordingly
2021-02-23 16:21:07 +01:00
Delta-Sierra
06ae10965b
add Covidloc and tycoon ransomware + small updates on some ransomwares
2021-02-22 16:39:47 +01:00
Delta-Sierra
7c1ac58141
add TeamTNT
2021-02-22 16:38:18 +01:00
Thijsvanede
e9eb0c7a6c
Fix: rename "Innitial Access" to "Initial Access"
...
Renamed mitre-ics-tactics "Innitial Access" to "Initial Access".
Original was a minor spelling mistake.
The fixed naming corresponds to the original ATT&CK framework description https://collaborate.mitre.org/attackics/index.php/Initial_Access
2021-02-19 12:01:47 +01:00
Thomas Dupuy
178e16dc13
Remove empty values.
2021-02-16 10:32:37 -05:00
Thomas Dupuy
4a7560d191
Add Exaramel and P.A.S. webshell tool.
2021-02-15 12:52:53 -05:00
Thomas Dupuy
93396c524d
Add Caterpillar WebShell.
2021-02-12 12:00:17 -05:00
Delta-Sierra
96bf0d44ea
Merge https://github.com/MISP/misp-galaxy
2021-02-09 14:52:58 +01:00
Daniel Plohmann
d61e7d2fac
adding ClearSky alias for Volatile Cedar
...
adding ClearSky report as source and alias to the VolatileCedar entry. As proof from the report: "We attributed the operation to Lebanese Cedar (also known as Volatile Cedar), mainly based on the code overlaps between the 2015 variants of Explosive RAT and Caterpillar WebShell, to the 2020 variants of these malicious files."
2021-01-29 10:39:18 +01:00
Koen Van Impe
87b22f363c
Move cfr-type-of-incident to meta
2021-01-28 12:25:39 +01:00
Koen Van Impe
23778666ba
RSIT Galaxy/Cluster
2021-01-28 10:03:12 +01:00
StefanKelm
fb35646406
Update threat-actor.json
...
Lazarus
2021-01-26 14:38:37 +01:00
Thomas Dupuy
f964514ec5
Add HyperBro in tools
2021-01-20 13:44:28 -05:00
Thomas Dupuy
9df95031a7
Update ZxShell tool.
2021-01-20 13:27:51 -05:00
StefanKelm
a131a7ce98
Update threat-actor.json
...
Lazarus
2021-01-20 17:43:18 +01:00
3c19c7c1e5
Merge pull request #617 from danielplohmann/patch-4
...
merge COVELLITE into Lazarus Group
2021-01-17 16:05:13 +01:00
Daniel Plohmann
ca66fcd93a
merge COVELLITE into Lazarus Group
...
I would propose to move COVELLITE as tracked by Dragos as an alias into Lazarus Group and merge the references.
Dragos' own description states that it refers to the same group as "Lazarus" and "Hidden Cobra" in that infrastructure and tools are the same: https://www.dragos.com/threat-activity-groups/ - the entry in MISP's threat actor library also reflects that.
2021-01-17 15:07:26 +01:00
Rony
91e87cf82c
Update threat-actor.json
...
Don't know how StarCraft
2021-01-17 12:21:34 +05:30
Daniel Plohmann
edcc3c0bc1
merging ScarCruft->APT37
...
I would like to propose merging entry "ScarCruft" into "APT37". It really just seems like a redundancy, as both its aliases "Operation Daybreak" and "Operation Erebus" are already present for "APT37", along alias "StarCruft", which just seems to be a less popular variation of the name ("StarCruft" 3.2k google hits vs "ScarCruft" 31.5k google hits). The references of the entry can be fully merged as well - they do not overlap so far.
2021-01-15 18:52:49 +01:00
Delta-Sierra
a6f7795952
fix merge
2021-01-12 10:38:33 +01:00
2b356a9eb0
chg: [threat-actor] UNC2452/DarkHalo added - ref. #614
2021-01-12 07:01:36 +01:00
184d57f0a2
chg: [ransomware] Babuk Ransomware added
2021-01-05 19:11:28 +01:00
4454b58743
chg: [ransomware] RegretLocker added
2020-12-30 14:14:09 +01:00
Rony
3240aa819f
Update threat-actor.json
2020-12-14 11:54:41 +05:30
Rony
2ffb77b35b
BISMUTH
2020-12-14 10:41:15 +05:30
Delta-Sierra
31f96513b2
update sidewinder threat actor
2020-12-11 16:09:33 +01:00
ac86ebd5f6
Merge pull request #609 from StefanKelm/master
...
Update threat-actor.json
2020-12-09 22:16:49 +01:00
Delta-Sierra
ebd31b7376
add BazarBackdoor
2020-12-09 16:42:32 +01:00
Delta-Sierra
d3a9cf742a
add RansomEXX
2020-12-09 16:32:02 +01:00
Delta-Sierra
3daaa30aed
Merge https://github.com/MISP/misp-galaxy
2020-12-07 16:20:36 +01:00
StefanKelm
5dc92995f6
Update threat-actor.json
...
DeathStalker, Mabna
2020-12-04 11:43:06 +01:00
StefanKelm
4fee985b5e
Update threat-actor.json
...
Turla
2020-12-03 13:05:14 +01:00
StefanKelm
72e085aba9
Update threat-actor.json
...
OceanLotus
2020-12-02 11:44:29 +01:00
StefanKelm
15b5f4c881
Update threat-actor.json
...
APT27
2020-11-30 11:49:23 +01:00
Delta-Sierra
e81d3c63d5
Merge https://github.com/MISP/misp-galaxy
2020-11-27 12:47:20 +01:00
Christophe Vandeplas
9a731470d3
chg: [att&ck] update to latest MITRE ATT&CK version
2020-11-25 07:45:48 +01:00
StefanKelm
da910c0c2e
Update threat-actor.json
2020-11-18 19:15:11 +01:00
Delta-Sierra
7af75bb222
add Darkside ransomware
2020-11-18 16:10:49 +01:00
StefanKelm
48ffaa8ce1
Update threat-actor.json
...
Lazarus
2020-11-18 12:10:23 +01:00
snurilov
44e9da1390
Add ConfuserEx and Beds Protector .NET packers to tools.json cluster
...
Add ConfuserEx and Beds Protector .NET packers to tools.json cluster
2020-11-11 23:09:03 -05:00
snurilov
3f4683d8a3
Update rat.json to include Iperius Remote
...
Add Iperius Remote to the rat.json cluster.
2020-11-09 23:45:16 -05:00
StefanKelm
bf5bdeacb0
Update threat-actor.json
...
OceanLotus
2020-11-09 14:39:55 +01:00
StefanKelm
41a7a36317
Update threat-actor.json
...
Kimsuky
2020-11-02 17:30:25 +01:00
Rony
333e55fbeb
remove duplicate!
2020-11-02 14:18:49 +05:30
Rony
000cfa68a8
Update threat-actor.json
...
Added TRACER KITTEN, FIN11, UNC1878, Operation Skeleton Key
2020-11-02 13:51:08 +05:30
Deborah Servili
28784683db
Merge branch 'main' into master
2020-10-30 16:17:27 +01:00
Delta-Sierra
88bbf8851c
jq
2020-10-30 16:14:02 +01:00
Delta-Sierra
be672b8d3a
update microsoft activity groups
2020-10-30 14:53:20 +01:00
5d31753e6a
chg: [cryptominer] updated
2020-10-30 09:48:08 +01:00
24f05749f0
Merge branch 'master' of https://github.com/enhanced/misp-galaxy into enhanced-master
2020-10-30 09:47:45 +01:00
JJ Cummings
c48a38c2f1
Added a new cryptominer galaxy and additional missing recent families to various clusters
2020-10-29 14:40:22 -06:00
StefanKelm
808c2c3828
Update threat-actor.json
...
Kimsuky
2020-10-28 12:52:06 +01:00
b41e3d4f50
chg: [rename] tea matrix
2020-10-23 15:57:13 +02:00
e5ea22a3b0
chg: [tea] matrix updated to include brewing time and the milk attack technique
2020-10-23 11:51:50 +02:00
0ccbdb862b
chg: [tea] first version
2020-10-23 11:16:50 +02:00
Christophe Vandeplas
2334676e64
chg: [att&ck] no tag for subtechnique
2020-10-18 20:14:05 +02:00
Christophe Vandeplas
d58dd1fca2
new: [att&ck] support for subtechniques
2020-10-18 20:00:48 +02:00
Daniel Plohmann
02bcf1f5a7
adding PowerPool alias IAmTheKing (Kaspersky)
...
after a quick search I haven't found a nice source except for costin's tweet.
2020-10-09 13:49:16 +02:00
StefanKelm
7bab41e367
Update threat-actor.json
...
TA505
2020-10-06 15:29:54 +02:00
StefanKelm
1d05f17507
Update threat-actor.json
...
XDSpy
2020-10-06 12:45:43 +02:00
Christophe Vandeplas
32b142c8e0
fixes issues in attack-ics
2020-10-02 16:54:21 +02:00
Christophe Vandeplas
f95e88b1f9
MITRE ATT&CK for ICS fixes #586
...
fixed issues in pull request #586
2020-10-01 20:42:40 +02:00
StefanKelm
18eebc01f6
Lazarus
2020-09-29 12:02:16 +02:00
Bart
2b51f7b6de
Update threat-actor.json
...
Add Machete alias
2020-09-27 18:37:24 +02:00
StefanKelm
e95fbb571d
Update threat-actor.json
...
GADOLINIUM
2020-09-25 11:52:34 +02:00
StefanKelm
3ad3d5f318
Update threat-actor.json
...
APT28
2020-09-22 18:07:33 +02:00
Deborah Servili
d48216031a
add Sepulcher RAT
2020-09-22 16:23:39 +02:00
Deborah Servili
4f3b6945c0
Merge https://github.com/MISP/misp-galaxy
2020-09-22 12:17:42 +02:00
Rony
d1c70b3d80
FBI FLASH AC-000133-TT
2020-09-17 11:05:00 +05:30
Rony
4d4a462d7a
Update threat-actor.json
...
Adding Fox-Kitten and cleaned (or improved) winnti
2020-09-17 00:07:40 +05:30
Deborah Servili
0fe525a9db
Merge https://github.com/MISP/misp-galaxy
2020-09-16 10:22:38 +02:00
Deborah Servili
00b5d0d116
add refs
2020-09-16 10:08:31 +02:00
Daniel Plohmann (jupiter)
7b00674c77
Adding TA413 and Evilnum
2020-09-15 14:19:22 +02:00
StefanKelm
63030f2cfe
Update threat-actor.json
...
APT33
2020-09-14 12:01:53 +02:00
StefanKelm
3cc3cc461a
Update threat-actor.json
...
STRONTIUM
2020-09-11 11:38:06 +02:00
Raphaël Vinot
405d5f1fe9
fix: Sort keys, fix tests
2020-09-08 10:51:24 +02:00
9e519962c6
chg: [botnet] Katura mess added
2020-09-07 12:41:39 +02:00
StefanKelm
57a31fd60c
Update threat-actor.json
...
Lazarus, FIN7
2020-09-03 14:44:10 +02:00
StefanKelm
503d421a56
Update threat-actor.json
...
TA542
2020-08-31 15:07:13 +02:00
VVX7
4635146b00
chg: [dev] jq
2020-08-22 13:06:42 -04:00
VVX7
1cddf4b7cd
new: [dev] fix empty strings, lists
2020-08-22 12:59:05 -04:00
VVX7
b4c3ffc8eb
new: [dev] add ASPI's China Defence University Tracker.
...
Thanks to Cormac Doherty for writing the web scraper! To update the galaxy run the included gen_defence_university.py script.
"The China Defence Universities Tracker is a database of Chinese institutions engaged in military or security-related science and technology research. It was created by ASPI’s International Cyber Policy Centre.
It includes entries on nearly 100 civilian universities, 50 People’s Liberation Army institutions, China’s nuclear weapons program, three Ministry of State Security institutions, four Ministry of Public Security universities, and 12 state-owned defence industry conglomerates.
The Tracker is a tool to inform universities, governments and scholars as they engage with the entities from the People’s Republic of China. It aims to build understanding of the expansion of military-civil fusion—the Chinese government’s policy of integrating military and civilian efforts—into the education sector.
The Tracker should be used to inform due diligence of Chinese institutions. However, the fact that an institution is not included here does not indicate that it should not raise risks or is not involved in defence research. Similarly, entries in the database may not reflect the full range and nature of an institution’s defence and security links." - ASPI (https://unitracker.aspi.org.au/about/ )
2020-08-21 11:24:22 -04:00
rmkml
e02ac52566
add Conti Ransomware
2020-08-15 22:10:49 +02:00
Thomas Dupuy
4009ef9997
Fix: remove comma
2020-08-14 13:01:37 -04:00
Thomas Dupuy
d0c6b7b46d
Update Tonto Team/CactusPete threat actor
2020-08-13 15:57:33 -04:00
Thomas Dupuy
72554ed71c
Add Drovorub tool
2020-08-13 15:08:32 -04:00
Thomas Dupuy
4130d7c6fc
Update TA APT40
2020-08-13 12:22:36 -04:00
Daniel Plohmann
8407b6fd28
Update threat-actor.json
...
adding Kaspersky's name for Microcin.
2020-08-12 12:03:28 +02:00
Thomas Dupuy
9cadabba7a
Add WellMess and WellMail
2020-08-11 12:37:28 -04:00
rmkml
6d10e3a37d
add Ragnarok Ransomware
2020-08-02 20:46:32 +02:00
Vasileios Mavroeidis
40d12b9dde
Motive correction based on the EU Cert motive taxonomy
...
Changed the motive in object 29af2812-f7fb-4edb-8cc4-86d0d9e3644b from Hactivism-Nationalist to Hacktivists-Nationalists
2020-07-28 11:43:46 +02:00
44afaf2523
chg: [threat-actor] remove duplicate references
2020-07-27 09:57:41 +02:00
StefanKelm
86c54cbd8c
Update threat-actor.json
...
OilRig
2020-07-23 11:07:22 +02:00
Raphaël Vinot
c174f613c5
fix: Name of SoD Matrix cluster to match galaxy.
...
Fix #566
2020-07-22 11:52:27 +02:00
Steve Clement
df6bed3d3a
Merge pull request #563 from r0ny123/patch-1
2020-07-22 09:14:13 +09:00
StefanKelm
17a1feb016
Update threat-actor.json
...
Turla
2020-07-15 11:20:18 +02:00
Rony
c33f4c7611
Update threat-actor.json
...
Moved the JUDGMENT PANDA references to APT31 following the previous commit.
Off note, Crowdstrike quietly removed the JUDGMENT PANDA section from its GTR-2019 report. However if anyone wants to grab the unchanged report, they can get it [here](https://b-ok.asia/book/3697424/2ab30a ).
2020-07-12 12:57:24 +05:30
Rony
b77b9d374c
Update threat-actor.json
2020-07-12 11:19:13 +05:30
Koen Van Impe
d3e22ef14c
SoD Matrix
...
Described at https://github.com/cudeso/SoD-Matrix
2020-07-10 14:08:45 +02:00
Deborah Servili
84474ddb29
merge
2020-07-09 16:31:04 +02:00
Deborah Servili
865e76beae
commit
2020-07-07 14:47:44 +02:00
ba46bb6a0b
chg: [threat-actor] fix #561 by using new meta to classify as a campaign only.
...
Based on https://github.com/MISP/misp-galaxy/issues/469
There is an old and persistence issue in attribution world and basically no-one really agrees on this. So we decided to start a specific metadata `threat-actor-classification` on the threat-actor to define the various types per cluster entry:
- _operation_:
- _A military operation is the coordinated military actions of a state, or a non-state actor, in response to a developing situation. These actions are designed as a military plan to resolve the situation in the state or actor's favor. Operations may be of a combat or non-combat nature and may be referred to by a code name for the purpose of national security. Military operations are often known for their more generally accepted common usage names than their actual operational objectives._ from Wikipedia
- **In the context of MISP threat-actor name, it's a single specific operation.**
- _campaign_:
- _The term military campaign applies to large scale, long duration, significant military strategy plans incorporating a series of inter-related military operations or battles forming a distinct part of a larger conflict often called a war. The term derives from the plain of Campania, a place of annual wartime operations by the armies of the Roman Republic._ from Wikipedia
- **In the context of MISP threat-actor-name, it's long-term activity which might be composed of one or more operations.**
- threat-actor
- **In the context of MISP threat-actor-name, it's an agreed name by a set of organisations.**
- activity group
- **In the context of MISP threat-actor-name, it's a group defined by its set of common techniques or activities.**
- unknown
- **In the context of MISP threat-actor-name, it's still not clear if it's an operation, campaign, threat-actor or activity group**
The meta field is an array to allow specific cluster of threat-actor to show the current disagreement between different organisations about the type (threat actor, activity group, campaign and operation).
2020-07-07 09:13:21 +02:00
164e54c3fe
Merge branch 'master' of github.com:MISP/misp-galaxy
2020-07-02 09:55:42 +02:00
StefanKelm
14665429d7
Update threat-actor.json
...
APT31
2020-06-25 16:23:00 +02:00
StefanKelm
92bc206879
Update threat-actor.json
...
APT30
2020-06-23 14:54:09 +02:00
Rony
bc97b07089
Update threat-actor.json
2020-06-21 19:19:17 +05:30
StefanKelm
583f1d2fc2
Update threat-actor.json
...
TA505
2020-06-17 11:56:29 +02:00
0cb36249a4
chg: [jq] all the things
2020-06-12 09:26:30 +02:00
Rony
29be5ac7e1
fixed typo!
2020-06-12 00:09:59 +05:30
Rony
9365bfb7cd
Adding GALLIUM Threat Actor
2020-06-11 23:42:35 +05:30