Commit graph

3263 commits

Author SHA1 Message Date
f6ed00233e
chg: [ransomware] fix the broken UUID fix #628 2021-03-11 09:52:25 +01:00
2e9f0fcf53
Merge pull request #633 from r0ny123/patch-1
add more HAFNIUM references
2021-03-06 23:16:51 +01:00
Rony
57c7d0b9a0
From Nextron 2021-03-06 19:44:32 +05:30
Rony
6cabbfb091
more! 2021-03-06 14:22:29 +05:30
Rony
7b242555df
More references
From 
Crowdstrike
MSRC
and kql hunting query from James Quinn
2021-03-06 13:28:14 +05:30
Rony
eaab88ef28
add HAFNIUM detection refs 2021-03-05 16:51:28 +05:30
Rony
4bc438a325
fix 2021-03-05 11:48:43 +05:30
Rony
d9b299aafc
add more HAFNIUM references 2021-03-05 11:42:04 +05:30
aee6eac078
Merge pull request #632 from r0ny123/patch-1
Adding alias NOBELIUM
2021-03-04 18:16:17 +01:00
Rony
c9f7afef1c
Adding alias NOBELIUM 2021-03-04 22:39:33 +05:30
47dade9d0e
Merge pull request #631 from r0ny123/Enhancement
Add HAFNIUM
2021-03-04 14:48:01 +01:00
sebdraven
c2a4bb1f8a
Merge pull request #1 from MISP/main
merge
2021-03-04 13:56:09 +01:00
a9a6b0253f
chg: [microsoft activity group] HAFNIUM added 2021-03-04 10:49:58 +01:00
Rony
ad795606cf
added HAFNIUM
Updates:
Tonto Team
UNC2452
2021-03-04 00:10:33 +05:30
bdad7762db
Merge pull request #630 from sebdraven/main
Update threat-actor.json
2021-03-03 18:39:23 +01:00
Sebdraven
2666341afc Update threat-actor.json
update Sidewinder card
2021-03-03 17:59:25 +01:00
fee4cbc123
Merge pull request #629 from nyx0/main
Update Infy TA.
2021-03-02 22:14:02 +01:00
Thomas Dupuy
f842694fda Update Infy TA. 2021-03-02 14:37:01 -05:00
524676282e
Merge branch 'main' of github.com:MISP/misp-galaxy into main 2021-02-26 08:30:58 +01:00
4692ced8fa
chg: [tool] SUNSPOT added 2021-02-26 08:28:01 +01:00
Delta-Sierra
0e23d8b95f add relationships between Maze, Rgnar, Egregor and Sekhmet 2021-02-25 10:21:28 +01:00
Delta-Sierra
406dfdb45b add Sekhmet ransomware 2021-02-25 09:52:52 +01:00
Delta-Sierra
d273a5da7d add TeamTNT ref 2021-02-25 09:52:24 +01:00
fc0dc0050c
Merge pull request #627 from r0ny123/patch-2
removing DePrimon
2021-02-24 23:06:57 +01:00
Rony
5c6f3a036b
removing DePrimon
DePrimon is not a TA, added malfamily (waiting for approval) to Malpedia to better reflect that.
2021-02-24 21:55:04 +05:30
cf5c95b762
Merge pull request #626 from nyx0/main
Add RDAT backdoor
2021-02-23 21:40:23 +01:00
Thomas Dupuy
eeafff9768 Add RDAT backdoor 2021-02-23 11:15:31 -05:00
Delta-Sierra
eb07fab69f add Ragnar Locker and update accordingly 2021-02-23 16:21:07 +01:00
Delta-Sierra
06ae10965b add Covidloc and tycoon ransomware + small updates on some ransomwares 2021-02-22 16:39:47 +01:00
Delta-Sierra
7c1ac58141 add TeamTNT 2021-02-22 16:38:18 +01:00
d0ae9c20f9
Merge pull request #625 from Thijsvanede/patch-1
Fix: rename "Innitial Access" to "Initial Access"
2021-02-21 16:51:17 +01:00
Thijsvanede
e9eb0c7a6c
Fix: rename "Innitial Access" to "Initial Access"
Renamed mitre-ics-tactics "Innitial Access" to "Initial Access".
Original was a minor spelling mistake.
The fixed naming corresponds to the original ATT&CK framework description https://collaborate.mitre.org/attackics/index.php/Initial_Access
2021-02-19 12:01:47 +01:00
5d83ed1a70
Merge pull request #624 from nyx0/main
Add Exaramel and P.A.S. webshell tool.
2021-02-16 16:54:32 +01:00
Thomas Dupuy
178e16dc13 Remove empty values. 2021-02-16 10:32:37 -05:00
Thomas Dupuy
4a7560d191 Add Exaramel and P.A.S. webshell tool. 2021-02-15 12:52:53 -05:00
9f1fcbd1c5
Merge pull request #623 from nyx0/main
Add Caterpillar WebShell.
2021-02-12 23:13:59 +01:00
Thomas Dupuy
93396c524d Add Caterpillar WebShell. 2021-02-12 12:00:17 -05:00
Delta-Sierra
96bf0d44ea Merge https://github.com/MISP/misp-galaxy 2021-02-09 14:52:58 +01:00
fa05eb04e3
Merge branch 'main' of github.com:MISP/misp-galaxy into main 2021-01-29 16:43:52 +01:00
38a0d2d32d
chg: [rsit] rsit as galaxy name 2021-01-29 16:43:26 +01:00
48fddce7d1
Merge pull request #622 from danielplohmann/patch-5
adding ClearSky alias for Volatile Cedar
2021-01-29 16:39:03 +01:00
Daniel Plohmann
d61e7d2fac
adding ClearSky alias for Volatile Cedar
adding ClearSky report as source and alias to the VolatileCedar entry. As proof from the report: "We attributed the operation to Lebanese Cedar (also known as Volatile Cedar), mainly based on the code overlaps between the 2015 variants of Explosive RAT and Caterpillar WebShell, to the 2020 variants of these malicious  files."
2021-01-29 10:39:18 +01:00
815e5c4fe4
Merge pull request #621 from cudeso/main
RSIT Galaxy/Cluster
2021-01-28 12:55:46 +01:00
Koen Van Impe
87b22f363c Move cfr-type-of-incident to meta 2021-01-28 12:25:39 +01:00
Koen Van Impe
23778666ba RSIT Galaxy/Cluster 2021-01-28 10:03:12 +01:00
06c038e884
Merge pull request #620 from StefanKelm/main
Update threat-actor.json
2021-01-26 15:00:34 +01:00
StefanKelm
fb35646406
Update threat-actor.json
Lazarus
2021-01-26 14:38:37 +01:00
763d67d2a4
Merge pull request #619 from nyx0/main
Update tool cluster
2021-01-20 19:57:43 +01:00
Thomas Dupuy
f964514ec5 Add HyperBro in tools 2021-01-20 13:44:28 -05:00
Thomas Dupuy
9df95031a7 Update ZxShell tool. 2021-01-20 13:27:51 -05:00