|
eacab6ca27
|
new: [malpedia] remove duplicate UUIDs objects (coming from Malpedia API)
|
2022-09-26 10:58:09 +02:00 |
|
|
7cd322640f
|
Merge pull request #771 from Delta-Sierra/main
fetch malpedia
|
2022-09-26 10:07:24 +02:00 |
|
Delta-Sierra
|
a611230bef
|
fetch malpedia
|
2022-09-26 09:23:07 +02:00 |
|
Mathieu Beligon
|
22a39f4fdc
|
[threat-actors] Add BITWISE SPIDER
|
2022-09-20 11:23:33 -07:00 |
|
|
9b8b51fe53
|
Merge pull request #769 from Mathieu4141/threat-actors-add/no-name-057-06
[threat-actors] Add NoName057(16)
|
2022-09-17 07:43:42 +02:00 |
|
|
2f169e4258
|
Merge pull request #766 from Mathieu4141/threat-actors/fix-ta505
[threat-actors] Clean TA505 aliases
|
2022-09-17 07:43:18 +02:00 |
|
Mathieu Beligon
|
580d2c6931
|
[threat-actors] Add NoName057(16)
|
2022-09-16 20:11:06 -06:00 |
|
|
30cb4e7e60
|
Merge pull request #768 from Delta-Sierra/main
New clusters
|
2022-09-16 06:40:43 +02:00 |
|
Delta-Sierra
|
8202a7f48f
|
Add PlugX ref
|
2022-09-15 15:39:47 +02:00 |
|
Delta-Sierra
|
0903300b75
|
Add Chisel
|
2022-09-15 13:24:49 +02:00 |
|
Delta-Sierra
|
021fcd2c91
|
add Lorenz ransomware
|
2022-09-15 10:29:46 +02:00 |
|
|
1c8d82cfcc
|
new: [threat-actor] hezb added
|
2022-09-14 11:00:33 +02:00 |
|
Christophe Vandeplas
|
b011ddee5b
|
fix: [360net] fixes null entries in lists
|
2022-09-13 22:12:51 +02:00 |
|
Christophe Vandeplas
|
c5a5fa7cfa
|
chg: [360net] add 360.net APT list fixes #764
|
2022-09-13 21:48:16 +02:00 |
|
Mathieu Beligon
|
e1f5d3b5d8
|
[threat-actors] Keep meta from old Xenotime
|
2022-09-13 11:40:17 -07:00 |
|
Mathieu Beligon
|
4ff0bdfe8e
|
[threat-actors] Clean TA505 aliases
|
2022-09-13 11:34:02 -07:00 |
|
Delta-Sierra
|
e3d88f45c6
|
add Dark.IoT
|
2022-09-13 13:35:55 +02:00 |
|
Delta-Sierra
|
6dba3abe13
|
add hezb
|
2022-09-13 10:40:00 +02:00 |
|
Mathieu Beligon
|
273c7c9b97
|
[threat-actors] Remove Xenotime duplicate
|
2022-09-12 17:10:49 -07:00 |
|
Delta-Sierra
|
705d0d2e72
|
add BumbleBee backdoor
|
2022-09-12 10:51:43 +02:00 |
|
Delta-Sierra
|
0440db12e9
|
add DangerousSavanna campaign
|
2022-09-07 11:01:23 +02:00 |
|
Delta-Sierra
|
77db2370b1
|
Add Lockbit synonym
|
2022-09-07 11:00:41 +02:00 |
|
Delta-Sierra
|
775d3c183b
|
Add Lockbit synonym
|
2022-09-07 09:26:38 +02:00 |
|
Rony
|
aea413cebf
|
chg: [threat-actor] version bump
|
2022-09-01 10:32:01 +00:00 |
|
Rony
|
db913e5ab4
|
fix: [threat-actor] remove duplicate entries
|
2022-09-01 09:53:11 +00:00 |
|
Rony
|
6aea5ee05c
|
chg: [threat-actor] add Aoqin Dragon
|
2022-09-01 09:46:43 +00:00 |
|
Rony
|
fb0cf3c7e5
|
chg: [threat-actor] miscellaneous updates
|
2022-09-01 09:17:31 +00:00 |
|
Daniel Plohmann
|
d18f5bc8b6
|
mini-fix: adding https protocol to a reference
in automated processing and display, this may otherwise lead to a malformed local / relative link.
|
2022-08-30 17:08:03 +02:00 |
|
|
5175fb0364
|
Merge pull request #760 from Delta-Sierra/main
Add GootLoader & MOUSEISLAND in tool
|
2022-08-29 12:02:55 +02:00 |
|
Rony
|
e7178a1e08
|
fix: [threat-actor] remove duplicate entries from APT9
|
2022-08-27 12:54:32 +00:00 |
|
Rony
|
27300c6381
|
chg: [threat-actor] add avast blog to APT40
|
2022-08-27 12:41:31 +00:00 |
|
Rony
|
7f526e230b
|
chg: [threat-actor] add Microsoft and PwC report to actors' references
|
2022-08-27 12:34:36 +00:00 |
|
Rony
|
6ad9699a38
|
chg: [threat-actor] add recorded future reference to RedAlpha
|
2022-08-27 12:10:51 +00:00 |
|
Rony
|
2dc138ae01
|
chg: [threat-actor] add Adam Kozy's testimony ro APT41 and APT26
|
2022-08-27 12:08:11 +00:00 |
|
Rony
|
0b140b7097
|
chg: [threat-actor] miscellaneous updates including merge of some actors and fix the error committed in 9cfcc0d9ac
|
2022-08-27 11:58:03 +00:00 |
|
|
8bea9f3b4b
|
Merge pull request #755 from Mathieu4141/threat-actors/fix-winnti
[threat-actors] Fix Axiom/Winnti/Suckfly/APT41 conflicts
|
2022-08-27 08:25:20 +02:00 |
|
Mathieu Béligon
|
9cfcc0d9ac
|
Add aliases to APT41
Co-authored-by: Rony <rony_123@protonmail.ch>
|
2022-08-26 14:54:02 -07:00 |
|
Mathieu Beligon
|
6e00329ba6
|
[threat-actors] Fix aliases
|
2022-08-26 11:09:29 -07:00 |
|
Delta-Sierra
|
534dacb7fb
|
add GootLoader
|
2022-08-26 10:12:36 +02:00 |
|
Delta-Sierra
|
d5a9365aae
|
add MOUSEISLAND
|
2022-08-26 09:23:38 +02:00 |
|
Mathieu Beligon
|
9b714dcd76
|
[threat-actors] Merge Axiom into APT17
|
2022-08-25 13:49:07 -07:00 |
|
Delta-Sierra
|
5b3c395f10
|
jq
|
2022-08-24 14:27:33 +02:00 |
|
Delta-Sierra
|
cb422c2190
|
update Guildma
|
2022-08-24 14:07:01 +02:00 |
|
Yosirion95
|
cda80e5496
|
Add synonyms to sector.json
|
2022-08-21 11:09:50 +02:00 |
|
|
9efca4c41b
|
fix: [threat-actor] UUID reused fixed (UUIDs cannot be reused across different cluster)
Add the missing the relationship for the new UUID
|
2022-08-21 09:17:56 +02:00 |
|
Rony
|
5b42a09dc2
|
add PARINACOTA to threat-actor.json
MSTIC names digital crime actors based on global volcanoes
|
2022-08-20 17:10:15 +00:00 |
|
Rony
|
6fd584fa88
|
remove APT36/ Transpert Tribe from microsoft-activity-group.json cause we don't know any MSTIC name yet.
|
2022-08-20 17:06:18 +00:00 |
|
|
6b137ea12c
|
Merge pull request #749 from Mathieu4141/threat-actors/fix-naikon-cluster
[threat actors] Fix threat actors related to Lotus Panda
|
2022-08-20 11:46:15 +02:00 |
|
Mathieu Beligon
|
7f82616c10
|
fix axiom related field
|
2022-08-19 12:48:40 -07:00 |
|
Mathieu Beligon
|
969f461709
|
merge into apt41
|
2022-08-19 12:45:47 -07:00 |
|
Christophe Vandeplas
|
1b69b654a8
|
chg: [atrm] bump to latest ATRM version
|
2022-08-19 21:19:23 +02:00 |
|
Mathieu Beligon
|
fd9201e9e0
|
Merge APT22 and suckfly
|
2022-08-19 12:16:30 -07:00 |
|
Mathieu Beligon
|
768c94671c
|
Fix hellsing ref
|
2022-08-19 11:34:16 -07:00 |
|
|
a8b234d694
|
Merge pull request #753 from Mathieu4141/threat-actors/fix-bronze-president
[threat-actors] Remove duplicated BRONZE PRESIDENT entity
|
2022-08-19 06:26:11 +02:00 |
|
Mathieu Béligon
|
fcd6faec78
|
Capitalize override panda alias
Co-authored-by: Rony <rony_123@protonmail.ch>
|
2022-08-18 20:51:03 -07:00 |
|
Mathieu Béligon
|
54f3ef2831
|
capitalize lotus panda alias
Co-authored-by: Rony <rony_123@protonmail.ch>
|
2022-08-18 20:50:32 -07:00 |
|
Mathieu Béligon
|
c9b11553eb
|
normalize APT30 alias
Co-authored-by: Rony <rony_123@protonmail.ch>
|
2022-08-18 20:32:44 -07:00 |
|
Mathieu Beligon
|
c1abedb446
|
Move Lotus Panda alias to Lotus Blossom
|
2022-08-18 20:21:31 -07:00 |
|
Mathieu Beligon
|
a61ef2a88f
|
[threat-actors] Fix Axiom/Winnti/Suckfly/APT41 conflicts
|
2022-08-18 17:03:26 -07:00 |
|
Mathieu Beligon
|
84e69ad4be
|
Add DarkCommet as a tool of GoldenRAT
|
2022-08-18 15:47:04 -07:00 |
|
Mathieu Beligon
|
1acc51a7a6
|
[threat-actors] Add more data about APT-C-27
|
2022-08-18 15:44:18 -07:00 |
|
Mathieu Beligon
|
ec988c97d0
|
[threat-actors] Remove duplicated APT-C-27
|
2022-08-18 15:34:08 -07:00 |
|
Mathieu Beligon
|
d9046c8619
|
[threat-actors] Remove duplicated BRONZE PRESIDENT entity
|
2022-08-18 15:12:18 -07:00 |
|
Mathieu Beligon
|
a046e8094d
|
Merge APT30 and Naikon
|
2022-08-18 11:36:45 -07:00 |
|
Mathieu Beligon
|
5e4a4c3453
|
Merge branch 'main' into threat-actors/fix-naikon-cluster
|
2022-08-18 09:01:36 -07:00 |
|
Mathieu Beligon
|
264e764dfa
|
Remove ATK34 alias
|
2022-08-18 08:59:04 -07:00 |
|
Delta-Sierra
|
3f036db1e3
|
add TA558
|
2022-08-18 15:54:28 +02:00 |
|
Mathieu Beligon
|
71e3e1f3eb
|
Fix ATK aliases
|
2022-08-17 13:39:43 -07:00 |
|
Mathieu Beligon
|
a6242d4732
|
Merge branch 'main' into threat-actors/fix-naikon-cluster
|
2022-08-17 13:37:01 -07:00 |
|
Mathieu Beligon
|
0d6399aa2b
|
Add ATK78 alias for Thrip
|
2022-08-17 12:04:32 -07:00 |
|
Mathieu Beligon
|
53282255ce
|
Branch out Goblin Panda from Hellsing
|
2022-08-17 11:55:35 -07:00 |
|
Mathieu Beligon
|
3f50cf0175
|
Create a tool for Esile
|
2022-08-17 11:19:30 -07:00 |
|
Rony
|
f608312577
|
addresses https://github.com/MISP/misp-galaxy/pull/751#issuecomment-1217680586
|
2022-08-17 08:52:35 +00:00 |
|
Rony
|
ccd10b54f4
|
remove duplicate reference
|
2022-08-17 12:49:56 +05:30 |
|
Rony
|
0cec882cc5
|
merge microcin/sixlittlemonkeys to vicious panda
|
2022-08-17 07:06:51 +00:00 |
|
|
a373909bb1
|
Merge pull request #748 from r0ny123/patch-2
Update threat-actor.json
|
2022-08-17 07:44:46 +02:00 |
|
|
352998a84d
|
fix: [threat-actor] add missing refs for APT33 including CFR link
|
2022-08-17 07:40:23 +02:00 |
|
Mathieu Beligon
|
d05b29c1af
|
[threat-actors] Remove duplicate APT33
|
2022-08-16 17:15:30 -07:00 |
|
Mathieu Beligon
|
9c6f106928
|
[threat actor] Fix aliases related to Lotus Panda
|
2022-08-16 16:58:35 -07:00 |
|
Rony
|
5b25b574b3
|
add uac-0010 references from cert-ua
|
2022-08-16 10:19:53 +00:00 |
|
Rony
|
370045b01d
|
Merge "red october" and "cloud atlas" to inception framework"
|
2022-08-16 09:30:29 +00:00 |
|
Rony
|
62b168600f
|
fix duplicates
|
2022-08-16 12:15:30 +05:30 |
|
Rony
|
490bc6a05c
|
fix duplicate
|
2022-08-16 12:10:27 +05:30 |
|
Rony
|
bbe84c5985
|
updates to russian actors
|
2022-08-16 12:07:59 +05:30 |
|
Rony
|
de76aef023
|
Update threat-actor.json
|
2022-08-16 10:49:13 +05:30 |
|
Rony
|
f4b63d4514
|
updates to tianwu
|
2022-08-16 10:30:33 +05:30 |
|
|
96d31aa8c7
|
chg: [threat-actor] jq all the things
|
2022-08-11 17:50:00 +02:00 |
|
Thomas Dupuy
|
ed24dcaf19
|
Add link for SLIME29.
|
2022-08-11 15:41:01 +00:00 |
|
Thomas Dupuy
|
912050b9b7
|
Update commit based on feeback.
|
2022-08-11 15:20:32 +00:00 |
|
Thomas Dupuy
|
6e0df72ef4
|
Add Threat Actors from BH Asia22 prez.
|
2022-08-10 18:53:38 +00:00 |
|
Christophe Vandeplas
|
1369756810
|
chg: [atrm] Add Azure Threat Research Matrix Galaxy and generation script
|
2022-08-06 21:19:31 +02:00 |
|
Daniel Plohmann
|
bdaadea58e
|
removing a leading double quote in a URL.
|
2022-08-02 18:17:58 +02:00 |
|
Daniel Plohmann
|
bc20a463c8
|
merging TG2003 / Elephant Beetle into FIN13
as indicated in the respective resources published by the organizations using these aliases.
|
2022-08-02 14:11:43 +02:00 |
|
|
6427746ad8
|
Merge pull request #727 from Mathieu4141/threat-actors/merge-cutting-kitten-cleaver
Fix Cleaver aliases
|
2022-07-27 23:17:42 +02:00 |
|
|
63f5122ad4
|
Merge pull request #742 from r0ny123/patch-1
Update threat-actor.json
|
2022-07-27 18:56:47 +02:00 |
|
Mathieu Beligon
|
51aacd6b03
|
Reduce diff with old version
|
2022-07-26 23:53:22 -07:00 |
|
Mathieu Beligon
|
acc6ada575
|
r0ny123.review: Use Cutting Kitten as main value for ITSecTeam
|
2022-07-26 23:27:39 -07:00 |
|
Mathieu Beligon
|
d815bfa174
|
Merge remote-tracking branch 'upstream/main' into threat-actors/merge-cutting-kitten-cleaver
|
2022-07-26 23:22:03 -07:00 |
|
Daniel Plohmann
|
26f6a33695
|
more aliases from Unit 42
|
2022-07-26 11:09:33 +02:00 |
|
Rony
|
5a7f3a7207
|
fix
|
2022-07-25 17:17:52 +05:30 |
|
Rony
|
8ce0df6eb4
|
Update threat-actor.json
Merge aquatic panda & earth lusca
|
2022-07-25 17:15:23 +05:30 |
|
|
6b6398bf2d
|
fix: [threat-actor] incorrect merge fixed
|
2022-07-20 18:45:50 +02:00 |
|
|
b4ce9a9453
|
Merge branch 'main' of https://github.com/r0ny123/misp-galaxy into r0ny123-main
|
2022-07-20 18:41:27 +02:00 |
|
Rony
|
add6b27466
|
update
|
2022-07-20 21:39:33 +05:30 |
|
Rony
|
2b54df56f9
|
update
|
2022-07-20 21:32:11 +05:30 |
|
Rony
|
2e045d9c8c
|
chg: [fix] resolve conflict
|
2022-07-20 21:28:15 +05:30 |
|
Daniel Plohmann
|
5825783a85
|
removed duplicate UUID for Kinsing
my apologies, looks like I had not rolled a new UUID for one of the entries added...
|
2022-07-20 17:07:05 +02:00 |
|
Rony
|
932fcf1871
|
added Red Nue
|
2022-07-20 15:07:35 +05:30 |
|
Rony
|
082039b3b0
|
added CN actors from secureworks threat profile
https://www.secureworks.com/research/threat-profiles?filter=item-china and fixed some AKAs
|
2022-07-20 14:52:58 +05:30 |
|
Daniel Plohmann
|
ed32c508b7
|
added more Unit 42 aliases / groups
|
2022-07-20 08:38:03 +02:00 |
|
Rony
|
000bfe92d9
|
add APT9/Red Pegasus & BRONZE EDGEWOOD/Red Hariasa
|
2022-07-20 10:04:58 +05:30 |
|
Rony
|
2e8a577b0c
|
add PwC naming to CN actors
|
2022-07-20 09:45:21 +05:30 |
|
Rony
|
3fabd58416
|
chg: [threat-actor] fixed
|
2022-07-19 23:36:30 +05:30 |
|
Rony
|
79c84d3768
|
add Earth Berberoka, Earth Lusca and Earth Wendigo
|
2022-07-19 22:42:50 +05:30 |
|
Daniel Plohmann
|
082d506b64
|
adding new Unit 42 names
First PR: those are the directly mappable names. I will follow up after deconfliction and then with a few new entries.
|
2022-07-19 08:45:09 +02:00 |
|
Daniel Plohmann
|
240a757826
|
Update threat-actor.json
adding Predatory Sparrow due to recent events.
|
2022-07-13 10:02:07 +02:00 |
|
|
cf603e8160
|
Merge pull request #736 from Delta-Sierra/main
add Qbot
|
2022-07-12 18:41:33 +02:00 |
|
Thomas Dupuy
|
90da0d798f
|
Set country to LB instead of IR based on operational activity.
|
2022-07-12 16:21:41 +00:00 |
|
Delta-Sierra
|
b1c853bf42
|
update version
|
2022-07-12 15:51:55 +02:00 |
|
Thomas Dupuy
|
1a8835bcae
|
Remove list from POLONIUM TA.
|
2022-07-12 13:11:11 +00:00 |
|
Thomas Dupuy
|
a86d866534
|
Add POLONIUM TA.
|
2022-07-12 12:14:27 +00:00 |
|
Delta-Sierra
|
d40017ae50
|
add Qbot
|
2022-07-12 14:03:43 +02:00 |
|
Delta-Sierra
|
6c6355f2ba
|
fix typo
|
2022-07-12 11:31:08 +02:00 |
|
Delta-Sierra
|
300d608770
|
jq
|
2022-07-12 10:54:37 +02:00 |
|
Delta-Sierra
|
71c93f5b24
|
fix caps typo
|
2022-07-12 10:53:14 +02:00 |
|
Delta-Sierra
|
4ea34fc5a4
|
Merge https://github.com/Delta-Sierra/misp-galaxy into main
|
2022-07-12 10:51:59 +02:00 |
|
Delta-Sierra
|
924eda26ca
|
Add EnemyBot +relationships
|
2022-07-12 10:49:11 +02:00 |
|
Deborah Servili
|
ca7d524d9c
|
Merge branch 'main' into main
|
2022-07-08 16:27:28 +02:00 |
|
Delta-Sierra
|
29aa7b3f69
|
add Maui ransomware
|
2022-07-08 14:49:12 +02:00 |
|
Delta-Sierra
|
56a53433f0
|
add HelloXD ransomware
|
2022-07-08 12:05:31 +02:00 |
|
Delta-Sierra
|
279b89f6d9
|
fix duplicate extension-2
|
2022-07-06 09:38:02 +02:00 |
|
Delta-Sierra
|
67d5f5c7c0
|
fix duplicate extension
|
2022-07-06 09:34:11 +02:00 |
|
Delta-Sierra
|
7e37fa0cdd
|
merge + update medusalocker
|
2022-07-06 09:28:46 +02:00 |
|
Delta-Sierra
|
c2e7ef4fab
|
Update Medusa Locker and others
|
2022-07-06 08:43:59 +02:00 |
|
marjatech
|
587dc8560b
|
add script to automate malpedia update
|
2022-07-04 14:24:34 +02:00 |
|
Mathieu Beligon
|
693eed8d78
|
[threat actor] Break Cleaver aliases into respective entries
|
2022-07-04 14:05:29 +02:00 |
|
marjatech
|
1212a75cc4
|
update malpedia
|
2022-07-04 11:02:02 +02:00 |
|
Mathieu Beligon
|
d63c990dad
|
[threat-actors] Separate ITSecTeam from Cleaver
|
2022-06-30 14:34:05 +02:00 |
|
Mathieu Beligon
|
b8d4ffdbde
|
Merge Cutting Kitten and Cleaver
|
2022-06-29 20:15:12 +02:00 |
|
Koen Van Impe
|
0c9aa68db6
|
Update surveillance-vendor.json
|
2022-06-22 13:30:55 +02:00 |
|
Koen Van Impe
|
22c2f7b999
|
Add RCS Lab S.p.A. to surveillance-vendor
|
2022-06-22 11:20:52 +02:00 |
|
Mathieu Beligon
|
d79c5bd1ab
|
Add ToddyCat Threat actor
|
2022-06-21 15:12:42 +02:00 |
|
Rony
|
c030fcdab6
|
chg: [threat-actor] added PwC naming for Indian actors
https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf
|
2022-06-11 15:46:54 +05:30 |
|
Thanat0s
|
44a99d066a
|
Y en a un peut plus je vous le mets quand meme ?
|
2022-06-11 04:24:04 -04:00 |
|
Thanat0s
|
57befd7259
|
jq all the things
|
2022-06-10 19:12:12 -04:00 |
|
Thanat0s
|
51f98f4706
|
Attck link + typo on TA551
|
2022-06-10 18:40:16 -04:00 |
|
Thanat0s
|
f97fee7135
|
Typo on TA551
|
2022-06-10 18:38:25 -04:00 |
|
Thanat0s
|
297acc0f5e
|
Add Mitre vs Thales RosettaStone
|
2022-06-10 18:24:15 -04:00 |
|
Rony
|
e916267c7c
|
chg: [threat-actor] add reference to bitter & sidewinder group
|
2022-06-08 23:22:17 +05:30 |
|
Christophe Vandeplas
|
39073004c4
|
[mitre] bump to MITRE ATT&CK v11.2
|
2022-05-25 21:03:14 +02:00 |
|
Christophe Vandeplas
|
4a469299fd
|
[mitre] update sorting algo
will make future ATT&CK updates less noisy in the git diff
|
2022-05-25 21:00:57 +02:00 |
|
Mathieu Beligon
|
dca70783bf
|
[threat-actors] validate file
|
2022-05-23 11:32:24 +02:00 |
|
Mathieu Beligon
|
c1cfc19871
|
[threat actors] Remove dead link for sandworm threat actor
|
2022-05-23 11:30:04 +02:00 |
|
Mathieu Beligon
|
36a1466661
|
[threat-actors] Add RansomHouse
|
2022-05-23 11:29:39 +02:00 |
|
|
a838eaf9db
|
Merge pull request #717 from jloehel/krane
chg: [cryptominers] Adds Krane
|
2022-05-18 08:17:16 +02:00 |
|
Jürgen Löhel
|
1be9a10ef9
|
chg: [cryptominers] Adds Krane
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
|
2022-05-17 14:47:29 -05:00 |
|
Jürgen Löhel
|
9db5d18114
|
chg: [android] Adds Vulture
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
|
2022-05-17 14:16:21 -05:00 |
|
Rony
|
2721522e82
|
chg: [threat-actor] add exotic lily, ta578, ta579
|
2022-05-14 20:52:15 +05:30 |
|
Jürgen Löhel
|
45da13ce5e
|
chg: [backdoors] Adds BPFDoor
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
|
2022-05-11 19:06:19 -05:00 |
|
|
fcdc6c86e6
|
chg: [threat-actor] add TG2003 synomym to Elephant Beetle
|
2022-05-09 14:24:28 +02:00 |
|
|
9130365e2e
|
chg: [threat-actor] Elephant Beetle added
Fix #708
|
2022-05-09 14:23:12 +02:00 |
|
|
bb434b11cf
|
chg: [threat-actor] ModifiedElephant added
Fix #709
|
2022-05-09 14:16:01 +02:00 |
|
|
06550a7945
|
chg: [threat-actor] fix refs field -> it's always an array
|
2022-05-09 13:46:16 +02:00 |
|
|
b67e3ed3f8
|
Merge branch 'threatactor-cosmiclynx-add' of https://github.com/adammchugh/MISP-Galaxy-Updates into adammchugh-threatactor-cosmiclynx-add
|
2022-05-09 13:43:44 +02:00 |
|
Rony
|
c0be6677c2
|
chg: [threat-actor] added actor Red Menshen
https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf
|
2022-05-07 15:44:10 +05:30 |
|
Rony
|
11eca69ebc
|
chg: [threat-actor] added Curious Gorge
|
2022-05-07 12:40:35 +05:30 |
|
Daniel Plohmann
|
26c1850377
|
Update threat-actor.json
adding Red Dev 4 as alias for GALLIUM as used by PwC.
|
2022-05-06 09:47:48 +02:00 |
|
Daniel Plohmann
|
06c293072c
|
Update threat-actor.json
adding UNC3524 to the actor galaxy cluster.
|
2022-05-04 13:21:56 +02:00 |
|
3c7
|
0ad65fbe9f
|
Forgot to jq all the things
|
2022-04-28 09:42:25 +02:00 |
|
3c7
|
dfb6c0668e
|
Added SaintBear
|
2022-04-28 09:36:25 +02:00 |
|
Christophe Vandeplas
|
33476bec81
|
chg: [mitre] bump to MITRE ATT&CK v11.0
|
2022-04-25 18:29:57 +02:00 |
|
|
664f6d80cc
|
chg: [threat-actor] Killnet description added
|
2022-04-21 15:05:50 +02:00 |
|
|
1e383e2452
|
chg: [threat-actor] version updated
|
2022-04-21 14:53:14 +02:00 |
|
Mathieu Beligon
|
c8455a6c4d
|
[actors] Add killnet
|
2022-04-21 14:06:28 +02:00 |
|
Adam McHugh
|
53a0fc56d3
|
Added Cosmic Lynx Threat Actor from Agari Whitepaper advisory
|
2022-04-18 10:16:26 +09:30 |
|
|
bca7381f33
|
fix: [ransomware] refs are within meta
|
2022-04-17 15:43:23 +02:00 |
|
|
eb7c5ebaf1
|
fix: [ransom] remove empty ref
|
2022-04-17 15:39:02 +02:00 |
|
|
bc696b43f4
|
chg: [ransomware] jq all the things
|
2022-04-17 15:35:50 +02:00 |
|
|
00d33fd292
|
Merge pull request #701 from adammchugh/ransomware-conti-update
Ammended Conti ransomware entry with ACSC 2021-010 advisory data
|
2022-04-17 15:35:25 +02:00 |
|
|
66744a4cd0
|
Merge pull request #704 from adammchugh/cryptominers-bluemockingbird-add
Added Cryptominer Blue Mockingbird from RedCanary advisory.
|
2022-04-17 14:43:59 +02:00 |
|
|
14907e3eef
|
Merge pull request #703 from adammchugh/threatactor-copypaste-add
Added Copy-Paste Threat Actor from ACSC Advisory 2020-008
|
2022-04-17 14:43:37 +02:00 |
|
Adam McHugh
|
84eac4b102
|
Added Cosmic Lynx Threat Actor from Agari Whitepaper advisory
|
2022-04-17 19:50:08 +09:30 |
|
Adam McHugh
|
f00e80ae7e
|
Added Cryptominer Blue Mockingbird from RedCanary advisory.
|
2022-04-17 19:44:42 +09:30 |
|
Adam McHugh
|
cff8a38c5f
|
Added Copy-Paste Threat Actor from ACSC Advisory 2020-008
|
2022-04-17 19:37:26 +09:30 |
|
Adam McHugh
|
622c0502aa
|
Ammended Conti ransomware entry with ACSC 2021-010 advisory data
|
2022-04-17 19:23:11 +09:30 |
|
Adam McHugh
|
99caab201f
|
Ammended Blackcat ransomware entry with ACSC 2022-004 advisory data
|
2022-04-17 18:05:24 +09:30 |
|
Thomas Dupuy
|
bd05eb0bba
|
upd: [cluster] add Threat Actor BladeHawk.
|
2022-04-11 17:03:19 +00:00 |
|
Thomas Dupuy
|
209391f110
|
upd: [cluster] add ref and synonyms for Energetic Bear.
|
2022-04-07 18:26:58 +00:00 |
|
|
b649057a5a
|
chg: [handicap] fixed more fields
|
2022-04-04 11:09:30 +02:00 |
|
|
aff4345074
|
chg: [handicap] more cleanup
|
2022-04-04 11:01:38 +02:00 |
|
|
269f91ad75
|
chg: [handicap] more clean-up of uuid values
|
2022-04-04 10:56:29 +02:00 |
|
|
d3d4e7186b
|
chg: [handicap] fix name of the clusters
|
2022-04-04 10:43:56 +02:00 |
|
|
7e6390c336
|
Merge pull request #694 from AgatheMgt/main
Handicap
|
2022-04-04 10:41:06 +02:00 |
|
Rony
|
a08ddaf548
|
Add Avivore & HAZY TIGER/Bitter
|
2022-04-02 01:14:18 +05:30 |
|
Rony
|
50f39edc10
|
Revert "update threat actors meta"
|
2022-04-02 00:55:38 +05:30 |
|
Delta-Sierra
|
73f71c8b15
|
dup
|
2022-04-01 16:51:27 +02:00 |
|
Delta-Sierra
|
fb557fd3a2
|
dup
|
2022-04-01 16:47:50 +02:00 |
|
Delta-Sierra
|
909fc09992
|
duplicate
|
2022-04-01 16:44:47 +02:00 |
|
Delta-Sierra
|
7c3e8ac068
|
fix duplicate
|
2022-04-01 16:40:40 +02:00 |
|
Delta-Sierra
|
dcc396108c
|
fix duplicate
|
2022-04-01 16:36:47 +02:00 |
|
Delta-Sierra
|
9257fb677b
|
merge
|
2022-04-01 16:32:10 +02:00 |
|
Delta-Sierra
|
0f7803b091
|
update threat actors meta
|
2022-04-01 16:00:27 +02:00 |
|
Sami Mokaddem
|
4242732af1
|
chg: jq all 2
|
2022-03-31 09:05:22 +02:00 |
|
Sami Mokaddem
|
a9a09d11c6
|
chg: jq all
|
2022-03-31 08:59:36 +02:00 |
|
Mathieu Beligon
|
c35fad3291
|
Add threat actor group Scarab
|
2022-03-28 12:11:34 +02:00 |
|
|
94c3788089
|
Merge pull request #687 from Badis-dev/main
Add galaxy and cluster cancer
|
2022-03-25 10:04:46 +01:00 |
|
AgatheMgt
|
aec779d1ee
|
poatate
|
2022-03-24 09:43:58 -04:00 |
|
AgatheMgt
|
3ce6d7a313
|
Update handicap.json
|
2022-03-24 07:48:49 -04:00 |
|
AgatheMgt
|
a6a16926f6
|
Create handicap.json
|
2022-03-24 07:08:08 -04:00 |
|
Daniel Plohmann
|
24a3f16ab4
|
adding threat actor group LAPSUS$ / DEV-0537.
|
2022-03-23 09:47:10 +01:00 |
|
Delta-Sierra
|
97690426bf
|
update threat actors meta
|
2022-03-18 16:41:10 +01:00 |
|
|
6f0208dcaf
|
chg: [ransomware] UUID fixed
|
2022-03-18 16:03:27 +01:00 |
|
|
ef5af37dbe
|
chg: [botnet] duplicate UUIDs replaced
|
2022-03-18 15:58:09 +01:00 |
|
|
c0a07d2246
|
chg: [ransomware] replace duplicate UUIDs
|
2022-03-18 15:57:06 +01:00 |
|
botlabsDev
|
6416d0b2de
|
add Rook Ransomware, Pandora Ranomsware, Astro Locker, Mount Locker, Ripprbot, Abcbot Cyclops Blink and Elknot
|
2022-03-18 15:34:11 +01:00 |
|
|
18069ce5f3
|
Merge pull request #688 from botlabsDev/patch-0
Add tool 'BadPotato' to clusters/tool.json
|
2022-03-15 12:30:47 +01:00 |
|
|
7fd5715715
|
Merge pull request #691 from r0ny123/indian-adversaries
Update to Indian Adversaries
|
2022-03-15 12:28:16 +01:00 |
|
Rony
|
eebda5f955
|
chg: [threat-actor] merging viceroy tiger and donot team & adding SectorE02 as an alias of Donot team
|
2022-03-15 15:02:57 +05:30 |
|
Rony
|
ac72e7b639
|
fix
|
2022-03-15 14:00:46 +05:30 |
|
Rony
|
3b67e745e5
|
Update threat-actor.json
|
2022-03-15 13:57:00 +05:30 |
|
botlabsDev
|
99ab2a13d6
|
Add tool 'BadPotato' to clusters/tool.json
|
2022-03-14 18:02:02 +01:00 |
|
Badis-dev
|
231915f9a4
|
add galaxy and cluster cancer
|
2022-03-11 14:20:09 +01:00 |
|
Badis-dev
|
27241135a2
|
Add cancer.json
|
2022-03-11 11:26:57 +01:00 |
|
Badis-dev
|
78f1c9f345
|
Delete cancer.json
|
2022-03-11 11:26:30 +01:00 |
|
Badis-dev
|
1c707f7c5e
|
Add cancer cluster
|
2022-03-11 11:13:57 +01:00 |
|
Delta-Sierra
|
957327383d
|
fix array
|
2022-03-07 16:10:53 +01:00 |
|
Delta-Sierra
|
a7f3df8a9a
|
merge
|
2022-03-07 16:04:38 +01:00 |
|
Delta-Sierra
|
8fd3c87b47
|
update threat actors meta
|
2022-03-07 15:54:29 +01:00 |
|
|
8e09c9b30c
|
Merge pull request #685 from danielplohmann/patch-14
adding threat actor "Moses Staff"
|
2022-03-02 21:43:00 +01:00 |
|
Daniel Plohmann
|
896a451461
|
fixed with linted JSON.
|
2022-03-02 21:22:28 +01:00 |
|
Daniel Plohmann
|
a817324cd4
|
adding threat actor "Moses Staff"
|
2022-03-02 15:50:39 +01:00 |
|
Mathieu Beligon
|
0b456b8afa
|
version bump -> 213
|
2022-03-02 14:55:26 +01:00 |
|
Mathieu Beligon
|
d3d241ca54
|
Update Gamaredon target
|
2022-03-02 14:55:19 +01:00 |
|
Mathieu Beligon
|
27c05a118e
|
Update GhostWriter
|
2022-03-02 13:16:20 +01:00 |
|
Delta-Sierra
|
c909a35d65
|
Merge https://github.com/MISP/misp-galaxy into main
|
2022-02-18 10:57:10 +01:00 |
|
Delta-Sierra
|
a788c867a7
|
jq
|
2022-02-18 10:56:07 +01:00 |
|
Delta-Sierra
|
b0cd884afc
|
add TA2541
|
2022-02-18 10:54:25 +01:00 |
|
Daniel Plohmann
|
321e4b4a57
|
another Gamaredon ref and version bump
|
2022-02-18 08:26:01 +01:00 |
|
Daniel Plohmann
|
254dd47a61
|
adding ACTINIUM as MSFT name for Gamaredon
|
2022-02-18 08:24:35 +01:00 |
|
Delta-Sierra
|
33ef3317b7
|
fix duplicate
|
2022-02-14 10:02:36 +01:00 |
|
Delta-Sierra
|
9b76d71c43
|
Merge https://github.com/MISP/misp-galaxy into main
|
2022-02-14 08:47:21 +01:00 |
|
Delta-Sierra
|
3184819968
|
add DDG botnet and more
|
2022-02-11 16:13:36 +01:00 |
|
rwe
|
4700780d47
|
added antlion APT group
|
2022-02-05 04:52:33 -08:00 |
|
|
f49b54281b
|
chg: [ransomware] set encryption only
|
2022-02-02 22:36:14 +01:00 |
|
|
3328b73185
|
fix: [ransomware] array end missing
|
2022-02-02 22:32:39 +01:00 |
|
Kevin Holvoet
|
3d23f98d04
|
Forgot comma between JSON entries
|
2022-02-02 18:58:55 +01:00 |
|
Kevin Holvoet
|
389add7580
|
Update ransomware.json with URL fix
Fixed URL for AlphaLocker
|
2022-02-02 18:54:31 +01:00 |
|
Kevin Holvoet
|
fa9829cec0
|
Update ransomware.json: add BlackCat (ALPHV)
|
2022-02-02 18:50:19 +01:00 |
|
Daniel Plohmann
|
833a6e0a8d
|
updated URLs for Gamaredon with Shuckworm alias reference
|
2022-02-02 09:40:10 +01:00 |
|
Daniel Plohmann
|
8f928d8eb3
|
adding Gamaredon alias Shuckworm used by Symantec
|
2022-02-02 09:35:53 +01:00 |
|
Delta-Sierra
|
5cf1eb01f4
|
Merge https://github.com/MISP/misp-galaxy into main
|
2022-01-31 10:04:07 +01:00 |
|
|
1fda357a03
|
new: [surveillance] Cytrox added
|
2022-01-30 11:31:55 +01:00 |
|
Jürgen Löhel
|
22046a1eae
|
Adds WhisperGate
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
|
2022-01-18 13:16:06 -06:00 |
|
Delta-Sierra
|
e523bdaf70
|
merge
|
2022-01-14 16:08:14 +01:00 |
|
Jürgen Löhel
|
3059c70ae6
|
Adds UPAS-Kit
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
|
2022-01-13 11:53:32 -06:00 |
|
Thomas Dupuy
|
c792bdd1b7
|
Add AQUATIC PANDA threat actor.
|
2022-01-12 13:51:11 -05:00 |
|
Thomas Dupuy
|
afaf3a3110
|
Add Motnug tool.
|
2022-01-12 13:37:59 -05:00 |
|
Jürgen Löhel
|
5aa8a8a8b1
|
Adds Ragnatela RAT
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
|
2022-01-10 15:57:10 -06:00 |
|
Sami Tainio
|
dcb87b0dc6
|
chg: [threat-actor] Add SideCopy
|
2022-01-07 17:45:41 +02:00 |
|
Daniel Plohmann
|
3094283252
|
adding Mandiant's FIN13.
|
2022-01-03 09:32:43 +01:00 |
|
|
eba1b2839f
|
chg: [concordia] CMTMF killchain typo fixed
|
2021-12-20 10:41:00 +01:00 |
|
Raphaël Vinot
|
b4d518d4f0
|
fix: cmtmf-attack-pattern had multiple duplicate UUIDs
|
2021-12-17 17:58:29 +01:00 |
|
|
12617ff627
|
chg: [concordia] fix name inconsistencies
|
2021-12-17 17:41:00 +01:00 |
|
|
69b582f9ba
|
chg: [concordia] duplicate removed
|
2021-12-17 17:31:38 +01:00 |
|
|
bc3ab62917
|
chg: [concordia] duplicate removed
|
2021-12-17 17:26:04 +01:00 |
|
|
ee2a3c83f4
|
chg: [concordia] duplicate techniques removed
|
2021-12-17 17:21:00 +01:00 |
|
|
01d23b61b7
|
chg: [concordia] typo fixed
|
2021-12-17 17:15:43 +01:00 |
|
|
01f2ce68d4
|
chg: [misp-galaxy] duplicate modify trusted environment and also different technique ID?
|
2021-12-17 17:13:57 +01:00 |
|
|
5becac98e4
|
chg: [concordia] duplicates removed
|
2021-12-17 16:51:11 +01:00 |
|
|
ae7b7bd47d
|
chg: [cmtmf-attack-pattern] various fixes to make JSON ok
|
2021-12-17 16:08:07 +01:00 |
|
|
7b587710b1
|
Merge branch 'concordia_mtmf' of https://github.com/BennSaturn/misp-galaxy into BennSaturn-concordia_mtmf
|
2021-12-17 15:55:03 +01:00 |
|
Jürgen Löhel
|
b81ac7f01d
|
Adds DarkWatchman RAT
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
|
2021-12-17 07:20:58 -06:00 |
|
Delta-Sierra
|
b8960393a4
|
add Milan Rat, Shark tool and Lyceum synonyms
|
2021-11-29 16:00:40 +01:00 |
|
Delta-Sierra
|
bb92427b65
|
add Lyceum synonyms/sources
|
2021-11-29 12:05:51 +01:00 |
|
Delta-Sierra
|
78a8cf4ad2
|
add ESPecter Bootkit
|
2021-11-19 16:30:57 +01:00 |
|
Delta-Sierra
|
c89623e945
|
add ESPecter bootkit
|
2021-11-16 08:17:37 +01:00 |
|
Christophe Vandeplas
|
aeb5719448
|
chg: [att&ck] update to ATT&CK v10
|
2021-10-22 14:34:25 +02:00 |
|
|
ab41df7282
|
chg: [malpedia] remove duplicate
|
2021-10-20 12:24:12 +02:00 |
|
|
e517787e7c
|
chg: [malpedia] duplicates removed
|
2021-10-20 12:21:05 +02:00 |
|
|
69f878c86f
|
fix: [malpedia] remove duplicate urls
|
2021-10-20 12:16:22 +02:00 |
|
|
da91f2abc2
|
chg: [malpedia] updated
|
2021-10-20 10:21:03 +02:00 |
|
marjatech
|
d74fdb3e43
|
update malpedia
|
2021-10-19 16:21:19 +02:00 |
|
Bernardo Santos
|
e74fcfe268
|
Update cmtmf-attack-pattern.json
- update version
|
2021-10-13 10:06:00 +02:00 |
|
Bernardo Santos
|
5f19983ba3
|
Update cmtmf-attack-pattern.json
- Changes to cluster type
- Fix typo for privilege escalation tactic
|
2021-10-13 09:57:03 +02:00 |
|
Bernardo Santos
|
49dfcca563
|
CONCORDIA MTMF - Initial version
Initial version of the CONCORDIA Mobile Threat Modelling Framework for the CONCORDIA Project: https://www.concordia-h2020.eu/
|
2021-10-12 10:54:06 +02:00 |
|
Bernardo Santos
|
d09681b011
|
CONCORDIA MTMF - Initial version
Initial version of the CONCORDIA Mobile Threat Modelling Framework for the CONCORDIA Project: https://www.concordia-h2020.eu/
|
2021-10-12 10:45:03 +02:00 |
|
Jeroen Pinoy
|
9ec76ae185
|
Add threat actor common raven
|
2021-10-03 23:30:20 +02:00 |
|
Thomas Patzke
|
26f0c344a1
|
Added O365 techniques
Source:
https://www.inversecos.com/2021/09/office365-attacks-bypassing-mfa.html
|
2021-09-18 23:27:38 +02:00 |
|
Thomas Dupuy
|
1985de4d44
|
Add BLUELIGHT tool.
|
2021-08-27 10:28:06 +02:00 |
|
Thomas Dupuy
|
89a3f986ba
|
Add InkySquid synonym.
|
2021-08-24 16:29:34 +02:00 |
|
Daniel Plohmann
|
3272960a14
|
fixed typo in actor name (CLOCKWORD -> CLOCKWORK SPIDER)
|
2021-08-19 06:02:40 +02:00 |
|
Rony
|
5dd0c7d8b3
|
chg: [threat-actor] add origin country to UNC2452 & HAFNIUM
addressed https://github.com/MISP/misp-galaxy/pull/660#issuecomment-884475015
|
2021-08-02 22:30:05 +05:30 |
|
Rony
|
636ccdedcd
|
Update threat-actor.json
|
2021-07-21 18:47:56 +05:30 |
|
Rony
|
9ecfecc063
|
another fix
|
2021-07-21 18:41:18 +05:30 |
|
Rony
|
32ea60d721
|
fix
|
2021-07-21 18:31:05 +05:30 |
|
Rony
|
52e7d5a0a9
|
multiple updates to apt40, apt31 & hafnium
|
2021-07-21 18:28:40 +05:30 |
|
Rony
|
fb9a41f8e9
|
from Gov Canada & MFA Japan
|
2021-07-19 20:33:35 +05:30 |
|
Rony
|
c90c60cb13
|
adding references for APT40 & APT31
|
2021-07-19 20:14:36 +05:30 |
|
|
6c8949caa9
|
Merge pull request #658 from jasperla/oilrig
merge APT34 with OilRig
|
2021-07-03 08:56:39 +02:00 |
|
Deborah Servili
|
b6005bd53f
|
Merge branch 'main' into master
|
2021-07-02 13:30:51 +02:00 |
|