34b86e4abc
Merge pull request #859 from jloehel/darkgate
...
chg [tool] Add DarkGate
2023-08-23 13:52:53 +02:00
12b935a31b
chg: [sigma] updated
2023-08-23 13:51:45 +02:00
Jürgen Löhel
37954a84f1
chg [tool] Add DarkGate
...
Source: https://malpedia.caad.fkie.fraunhofer.de/details/win.darkgate
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-08-23 11:53:25 +02:00
Daniel Plohmann (Saturn)
e207218534
version bump
2023-08-15 12:34:06 +02:00
Daniel Plohmann (Saturn)
4127ce9694
replaced various broken links with reachable equivalents
2023-08-15 12:32:51 +02:00
Daniel Plohmann
b083ae12bc
jq fix
2023-08-10 15:57:58 +02:00
Daniel Plohmann
c1d3164ef6
adding MoustachedBouncer
2023-08-10 15:49:11 +02:00
Daniel Plohmann
e228ffc432
alias Callisto -> BlueCharlie
...
not sure, if you also want to have the Microsoft names in here (I think they are tracked separately?), otherwise, that would be Star Blizzard according to the article.
2023-08-03 09:53:10 +02:00
dc29d5875e
chg: [sigma] updated
2023-08-02 23:58:22 +02:00
f5729ac23a
chg: [sigma] updated to the latest version
2023-07-31 10:22:23 +02:00
Rony
bce41d8cdb
Merge branch 'MISP:main' into Sea-Turtle
2023-07-28 16:38:03 +05:30
Rony
9b9ce4777a
chg: [threat-actor] added references, origin country, aliases to Sea Turtle
2023-07-28 11:04:11 +00:00
1568583acf
chg: [sigma] updated to the latest version
2023-07-28 11:30:15 +02:00
Thomas Dupuy
2dcd1d3544
upd: Add Worok TA and update APT-Q-12 to APT-C-60 as it was the first
...
name mention in an article.
2023-07-18 19:53:54 +00:00
caceb504fe
chg: [sigma] updated to the latest rules
2023-07-15 11:29:17 +02:00
Delta-Sierra
c51d177abd
add SmugX & RedDelta
2023-07-10 15:46:01 +02:00
7028860c0a
chg: [sigma] updated
2023-06-19 15:00:23 +02:00
Delta-Sierra
baf5bfe5cc
add Parties/Observers to the Budapest Convention
2023-06-19 14:14:47 +02:00
Delta-Sierra
20d3b3780a
merge
2023-06-19 08:35:48 +02:00
734d57edf5
chg: [sigma] updated
2023-05-31 09:43:33 +02:00
iglocska
14301a9c4c
chg: [threat actors] added Volt Typhoon
2023-05-25 07:29:48 +02:00
Delta-Sierra
e87b7bbf73
complete VENOM SPIDER threat actor
2023-05-23 11:43:20 +02:00
Delta-Sierra
18ee466ae4
add Hagga threat actor
2023-05-22 15:44:18 +02:00
Delta-Sierra
9c9561bce8
fix metasploit desc in value (ty cvandeplas)
2023-05-15 10:23:05 +02:00
Delta-Sierra
d202ed9f3f
Merge https://github.com/MISP/misp-galaxy
2023-05-15 09:54:25 +02:00
Delta-Sierra
a3fffacab3
add APT43 + tools
2023-05-15 08:41:17 +02:00
Christophe Vandeplas
02c50184bf
chg: [attck4fraud] Full merge of E.A.S.T. data + updated script
2023-05-13 09:50:14 +02:00
Christophe Vandeplas
1d9f59eb2d
chg: [attck4fraud] more manual updates with E.A.S.T. data
2023-05-13 08:43:21 +02:00
marjatech
21266365da
update malpedia
2023-05-11 14:34:41 +02:00
810cbe5b49
chg: [sigma] updated to the latest version
2023-05-11 10:27:48 +02:00
a27fda701b
Merge pull request #849 from danielplohmann/patch-34
...
adding APT43 (Mandiant) for Kimsuky.
2023-05-09 18:29:34 +02:00
Daniel Plohmann
094d56057c
adding APT43 (Mandiant) for Kimsuky.
2023-05-09 14:35:41 +02:00
Thomas Dupuy
bbbd006215
chg: [mitre] bump to v13.
2023-05-08 14:04:50 +00:00
Christophe Vandeplas
3c808921c3
chg: [attck4fraud] initial updates with E.A.S.T. data
...
https://www.association-secure-transactions.eu/industry-information/fraud-definitions/
2023-05-07 21:13:52 +02:00
c86c2a83ab
chg: [sigma] rules updated
2023-04-30 10:30:54 +02:00
3dff8e65cb
Merge pull request #847 from Delta-Sierra/main
...
add VEILEDSIGNAL and more
2023-04-27 17:21:35 +02:00
Delta-Sierra
1649c3dfca
Merge https://github.com/MISP/misp-galaxy
2023-04-27 10:04:30 +02:00
Delta-Sierra
bd050668ef
add VEILEDSIGNALand more
2023-04-27 09:53:49 +02:00
Sebastien Larinier
ddc285581d
Update threat-actor.json
2023-04-26 21:52:57 +02:00
Sebastien Larinier
d60cca9302
Update threat-actor.json
...
fix mistake
2023-04-26 21:46:33 +02:00
Sebastien Larinier
142d4aeaef
Update threat-actor.json
2023-04-26 14:26:48 +02:00
095c44e2ac
chg: [attck4fraud] add ATM cash trapping in the matrix
2023-04-26 07:48:29 +02:00
Jürgen Löhel
15297c7b5f
chg [threat-actors] Add RedGolf
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-04-24 16:59:18 -06:00
Christophe Vandeplas
79b80b0869
chg: [rels] more threat actor relations
2023-04-23 17:54:58 +02:00
Christophe Vandeplas
3c6c204f01
chg: [rels] more threat actor relations
2023-04-23 17:45:58 +02:00
Christophe Vandeplas
138c7c7ba8
chg: [rels] more relations on cluster "value"
2023-04-23 17:36:02 +02:00
Christophe Vandeplas
bf7c5f1dd9
chg: [rels] threat-actor & MS activity group - on synonym
2023-04-23 11:56:41 +02:00
Christophe Vandeplas
a5e7e0c95f
chg: [rels] threat-actor & MS activity group - on value
2023-04-23 11:55:57 +02:00
Christophe Vandeplas
f070943ee9
chg: [atrm] updated to latest version
2023-04-23 07:45:16 +02:00
adc7a70cf9
chg: [microsoft-activity-group] country code added
2023-04-21 07:39:37 +02:00
8688c41796
chg: [microsoft activity group] remove duplicate
2023-04-20 17:25:32 +02:00
592361826a
fix: [microsoft activity group] duplicate in Microsoft source
2023-04-20 17:20:57 +02:00
309f4f2ea5
chg: [microsoft-activity-group] updated following contribution from @botlabsDev script
2023-04-20 17:04:05 +02:00
2cc6bdfbc1
chg: [sigma] rules updated
2023-04-20 12:17:46 +02:00
Sebastien Larinier
862badf2c9
Update threat-actor.json
2023-04-19 17:41:44 +02:00
Sebastien Larinier
1c751b1ea8
Update threat-actor.json
2023-04-19 17:34:50 +02:00
Sebastien Larinier
165ce70a28
Merge branch 'MISP:main' into main
2023-04-19 16:48:02 +02:00
Sebastien Larinier
87ef0a400e
Update threat-actor.json
2023-04-19 15:42:14 +02:00
Sebastien Larinier
a77dc82c0a
Update threat-actor.json
...
new apt30 group
2023-04-19 15:35:36 +02:00
Delta-Sierra
063ac9fc71
jq?
2023-04-19 15:10:25 +02:00
Delta-Sierra
ecb7e79a6e
Merge https://github.com/MISP/misp-galaxy
2023-04-19 15:06:51 +02:00
Tobias Mainka
8d2b9537f1
replace "sector" tag with "country" for matching data. this allows to be confirm with existing clusters.
2023-04-19 12:38:37 +02:00
Sebastien Larinier
926035633f
Merge branch 'MISP:main' into main
2023-04-19 11:55:57 +02:00
ccc8f0f801
chg: [microsoft-activity-group] updated to map the new funky Microsoft "taxonomy"
...
Script to generate the cluster is the following, UUIDv5 based on
standard misp-stix source UUIDv4.
~~~python
lcluster = []
for v in data:
cluster = {}
cluster['value'] = v['threat_actor']
cluster['meta'] = {}
cluster['meta']['sector'] = v['sector']
cluster['meta']['synonyms'] = v['synonyms']
cluster['meta']['refs'] = []
cluster['meta']['refs'].append('https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide ')
_uuid = uuid.uuid5(uuid.UUID("76beed5f-7251-457e-8c2a-b45f7b589d3d"), "{}".format(cluster['value']))
cluster['uuid'] = str(_uuid)
lcluster.append(cluster)
~~~
Relationships might be added in a later stage to map with the MISP threat actor galaxy.
2023-04-19 10:47:11 +02:00
Daniel Plohmann
41afab1c06
adding Trend Micro alias Earth Smilodon for APT27
2023-04-18 20:11:57 +02:00
Delta-Sierra
6b8994271e
add relationships for HALFRIG & QUATTERRIG
2023-04-18 12:20:20 +02:00
Daniel Plohmann
02e23a9a47
adding Google alias HOODOO for APT41
2023-04-17 22:32:50 +02:00
Delta-Sierra
4a4fa6d16f
fix versions
2023-04-17 11:32:51 +02:00
Delta-Sierra
6d5df91efa
add relationship SNOWYAMBER & Notion
2023-04-17 11:31:48 +02:00
Delta-Sierra
233a066a03
Merge https://github.com/MISP/misp-galaxy
2023-04-17 11:16:23 +02:00
Delta-Sierra
d4225c5469
add some SNOWYAMBER relationships
2023-04-17 11:16:21 +02:00
91af071bae
new: [online-service] online service added
2023-04-17 10:59:18 +02:00
5f9760923f
Merge pull request #838 from Delta-Sierra/main
...
Adding SNOWYAMBER, HALFRIG, QUARTERRIG tools & PowerMagic backdoor
2023-04-14 16:03:57 +02:00
Delta-Sierra
8e9880d932
Add SNOWYAMBER, HALFRIG, QUARTERRIG tools
2023-04-14 15:59:42 +02:00
Delta-Sierra
c5590ff79a
add PowerMagic backdoor
2023-04-13 14:11:36 +02:00
Daniel Plohmann
a966b3ff88
adding Trend Micro alias Earth Preta for Mustang Panda
2023-04-12 16:59:36 +02:00
2763cdd72b
chg:[sigma] Sigma rules updated
2023-04-12 11:44:43 +02:00
Delta-Sierra
8c831d70c8
jq
2023-04-11 15:06:59 +02:00
Delta-Sierra
d30e7357fe
merge
2023-04-11 13:57:30 +02:00
Delta-Sierra
eb9254713a
Add more ransomwares from ransomlook
2023-04-11 13:56:29 +02:00
3cc7e03af6
new: [stealer] add Sordeal Stealer
2023-04-11 09:54:02 +02:00
cbf12d9289
Merge pull request #833 from jloehel/HinataBot
...
chg[botnet]: Add HinataBot
2023-04-04 10:17:07 +02:00
Jürgen Löhel
647fc025d7
chg[botnet]: Add HinataBot
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-04-03 11:19:08 -06:00
15a03e877e
chg: [sigma] updated
2023-03-29 10:33:57 +02:00
Sebdraven
8713618777
Update threat-actor.json
...
add new ref for sidecopy
2023-03-23 09:13:23 +01:00
Sebdraven
f5d68aa08d
Update threat-actor.json
...
delete ref to APT30 for Naikon
2023-03-23 08:49:17 +01:00
Sebdraven
d5843d46e2
Update threat-actor.json
...
add ref to Aoqin Dragon
2023-03-21 18:40:10 +01:00
122a0bd39b
fix: [ransomware] fix duplicate Value "Cuba"
2023-03-19 11:03:12 +01:00
f2305dc165
Merge pull request #829 from Delta-Sierra/main
...
update based on ransomlook+1
2023-03-16 19:18:54 +01:00
Delta-Sierra
12f69a6082
update based on ransomlook
2023-03-16 15:24:44 +01:00
Mathieu Beligon
d82ff1ecfb
[threat-actors] Add Anonymous Sudan
2023-03-15 17:38:03 -05:00
Daniel Plohmann
c39b46e9d5
Update threat-actor.json
...
when value "Sofacy" was changed to "APT28", it seems Sofacy was not added to aliases, so it's missing right now.
2023-03-15 14:55:25 +01:00
Delta-Sierra
74390b27c5
Merge https://github.com/MISP/misp-galaxy
2023-03-13 09:59:04 +01:00
Delta-Sierra
c4eca7dfe1
more from ransomlook
2023-03-13 09:59:00 +01:00
Jürgen Löhel
9f9a263394
chg [tool]: Add tools used by TA866 during the Screentime campaign
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-03-08 21:46:11 -06:00
Jürgen Löhel
031a4c8030
chg [stealer]: Add Rhadamanthys
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-03-08 21:45:39 -06:00
Jürgen Löhel
437d4a30e5
chg [tds]: Add 404 TDS
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-03-08 21:45:13 -06:00
Jürgen Löhel
2d30785af5
chg [threat-actors] Add TA866
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-03-08 21:44:16 -06:00
57f3e46273
chg: [sigma] updated
2023-03-07 12:14:48 +01:00
e7b97edaa4
chg: [ransomware] fixing duplicate cluster element Avaddon
2023-03-07 12:06:56 +01:00
6db5b0b0cb
Merge pull request #824 from Delta-Sierra/main
...
update based on ransomlook
2023-03-06 16:23:48 +01:00
Delta-Sierra
bed6bf8dd6
fix stupid duplicate-bis
2023-03-06 16:10:23 +01:00
Delta-Sierra
d561350f7b
fix stupid duplicate
2023-03-06 16:04:28 +01:00
Delta-Sierra
96cb1e22ba
update based on ransomlook
2023-03-06 15:55:46 +01:00
Mathieu Beligon
395ffda94f
[threat-actors] bump version
2023-03-02 10:29:52 -08:00
Mathieu Beligon
e1407c3c3f
[threat-actors] Add SLIPPY SPIDER alias to LAPSUS
2023-03-02 10:29:29 -08:00
Mathieu Beligon
4bbee8c1e7
[threat-actors] Add PROPHET SPIDER
2023-03-02 10:19:24 -08:00
Mathieu Beligon
61cb24a3fc
[threat-actors] Add Nemesis Kitten
2023-03-01 16:37:42 -08:00
Mathieu Beligon
84faa3c92b
[threat-actors] Add Karakurt
2023-03-01 16:34:03 -08:00
Mathieu Beligon
7d371b4c80
[threat-actors] Add CYBORG SPIDER alias to GOCLD BURLAP
2023-03-01 15:45:41 -08:00
Mathieu Beligon
fa57354471
[threat-actors] Add Chamelgang
2023-03-01 15:40:23 -08:00
Mathieu Beligon
bff978e4d1
[threat-actors] Add TA453
2023-03-01 15:24:55 -08:00
Mathieu Beligon
3406ad3aa9
[threat-actors] Add APT42
2023-03-01 15:18:53 -08:00
Mathieu Beligon
2567d6f1f8
[threat-actors] Add TA406
2023-03-01 15:01:22 -08:00
Rony
50624af741
add DEV-0147 https://twitter.com/MsftSecIntel/status/1625181255754039318
2023-02-25 20:18:09 +00:00
Rony
cf727f034c
add other actor synonyms from Google's report https://services.google.com/fh/files/blogs/google_fog_of_war_research_report.pdf
2023-02-26 01:05:50 +05:30
Delta-Sierra
27f4c9fcdc
synonyms must be an array
2023-02-23 14:26:20 +01:00
Delta-Sierra
0ca7675a5f
Merge https://github.com/MISP/misp-galaxy
2023-02-23 14:16:00 +01:00
Delta-Sierra
55725c771e
add/update ransomware based on ransomlook
2023-02-23 14:15:09 +01:00
Tom King
e52eefa0e7
chg: [mitre] updated with correct ID parsing
2023-02-21 10:36:37 +00:00
Christophe Vandeplas
9f73ff73ac
fix: [first-dns] corrected typo
2023-02-21 10:54:30 +08:00
Christophe Vandeplas
e2f2026fea
chg: [first-dns] Adds FIRST DNS Abuse Techniques Matrix
2023-02-21 10:26:46 +08:00
Christophe Vandeplas
a6a9a73ae5
chg: [360net] updated to latest online version
2023-02-20 20:03:36 +08:00
6460fde2e4
chg: [threat-actor] version updated
2023-02-16 14:43:45 +01:00
Daniel Plohmann
91255413d8
adding Google names for RU threat actors
...
https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/
2023-02-16 14:30:05 +01:00
73bd7d0983
Merge pull request #818 from Mathieu4141/threat-actors/proofpoint-aliases
...
[threat actors] Adding some actors from ProofPoint
2023-02-14 06:40:22 +01:00
Mathieu Beligon
9f09699047
[threat-actors] Fix: country was in the wrong place
2023-02-13 16:47:38 -08:00
Mathieu Beligon
ac067a236e
[threat-actors] fix: Add missing uuids
2023-02-13 16:36:41 -08:00
Mathieu Beligon
a792115dd8
fix
2023-02-13 16:26:10 -08:00
Mathieu Beligon
8193b05e14
[threat-actors] bump version
2023-02-13 14:18:58 -08:00
Mathieu Beligon
d34e894d2d
[threat-actors] Add TA2536
2023-02-13 13:45:41 -08:00
Mathieu Beligon
20c31a5d10
[threat-actors] Add TA577
2023-02-13 13:32:24 -08:00
Mathieu Beligon
e836a4a63c
[threat-actors] Add TA575
2023-02-13 12:02:32 -08:00
Mathieu Beligon
c52ac53765
[threat-actors] Add TA570
2023-02-13 11:54:47 -08:00
Mathieu Beligon
5f274f58c9
[threat-actors] Add Moskalvzapoe
2023-02-13 11:44:59 -08:00
Daniel Plohmann
62256854bc
adding Broadcom name for SaintBear.
2023-02-13 14:05:35 +01:00
Mathieu Beligon
33ff650327
[threat-actors] Add more information about NoName057(16)
2023-02-10 14:14:52 -08:00
9645b9348b
chg: [tools] TgToxic added
2023-02-09 16:24:45 +01:00
o1mate
239883e2a9
Merging the handguns and shotguns clusters into a single firearm cluster.
2023-02-06 03:28:49 -05:00
385826063b
chg: [sigma] updated to the latest version
2023-02-05 11:26:16 +01:00
Daniel Plohmann
9710e09e17
new APT29 name used by Recorded Future
...
cf. https://go.recordedfuture.com/hubfs/reports/cta-2023-0127.pdf
2023-02-02 11:46:50 +01:00
3d6ec1b187
chg: [sigma] updated to the latest version
2023-02-02 11:25:19 +01:00
Jürgen Löhel
cf492d9931
chg: [stealer] Adds Album Stealer
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-02-01 17:30:56 -06:00
033895b052
Merge pull request #812 from jloehel/boldmove
...
chg: [backdoor] Adds BOLDMOVE
2023-01-31 06:24:59 +01:00
Jürgen Löhel
c7c2b8441a
chg: [stealer] Removes BluStealer
...
The BluStealer is already in the malpedia cluster.
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-01-30 18:35:28 -06:00
Jürgen Löhel
ca635cc3fc
chg: [stealer] Adds DarkCloud and BluStealer
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-01-30 18:29:25 -06:00
Jürgen Löhel
33513241bd
chg: [backdoor] Adds BOLDMOVE
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-01-30 16:39:11 -06:00
150e3152cc
Merge pull request #809 from MISP/dev
...
Updated the `region` cluster
2023-01-27 15:08:16 +01:00
b7543c5012
Merge pull request #789 from Mathieu4141/threat-actors/fix-sectorj04
...
[threat-actors] Remove SectorJ04 duplicate
2023-01-27 15:05:37 +01:00
Mathieu Beligon
a452263ace
[threat-actors] pr.review: Add SectorJ04 as alias of TA505
2023-01-27 13:32:58 +01:00