Christophe Vandeplas
1b69b654a8
chg: [atrm] bump to latest ATRM version
2022-08-19 21:19:23 +02:00
Mathieu Beligon
fd9201e9e0
Merge APT22 and suckfly
2022-08-19 12:16:30 -07:00
Mathieu Beligon
768c94671c
Fix hellsing ref
2022-08-19 11:34:16 -07:00
a8b234d694
Merge pull request #753 from Mathieu4141/threat-actors/fix-bronze-president
...
[threat-actors] Remove duplicated BRONZE PRESIDENT entity
2022-08-19 06:26:11 +02:00
Mathieu Béligon
fcd6faec78
Capitalize override panda alias
...
Co-authored-by: Rony <rony_123@protonmail.ch>
2022-08-18 20:51:03 -07:00
Mathieu Béligon
54f3ef2831
capitalize lotus panda alias
...
Co-authored-by: Rony <rony_123@protonmail.ch>
2022-08-18 20:50:32 -07:00
Mathieu Béligon
c9b11553eb
normalize APT30 alias
...
Co-authored-by: Rony <rony_123@protonmail.ch>
2022-08-18 20:32:44 -07:00
Mathieu Beligon
c1abedb446
Move Lotus Panda alias to Lotus Blossom
2022-08-18 20:21:31 -07:00
Mathieu Beligon
a61ef2a88f
[threat-actors] Fix Axiom/Winnti/Suckfly/APT41 conflicts
2022-08-18 17:03:26 -07:00
Mathieu Beligon
84e69ad4be
Add DarkCommet as a tool of GoldenRAT
2022-08-18 15:47:04 -07:00
Mathieu Beligon
1acc51a7a6
[threat-actors] Add more data about APT-C-27
2022-08-18 15:44:18 -07:00
Mathieu Beligon
ec988c97d0
[threat-actors] Remove duplicated APT-C-27
2022-08-18 15:34:08 -07:00
Mathieu Beligon
d9046c8619
[threat-actors] Remove duplicated BRONZE PRESIDENT entity
2022-08-18 15:12:18 -07:00
Mathieu Beligon
a046e8094d
Merge APT30 and Naikon
2022-08-18 11:36:45 -07:00
Mathieu Beligon
5e4a4c3453
Merge branch 'main' into threat-actors/fix-naikon-cluster
2022-08-18 09:01:36 -07:00
Mathieu Beligon
264e764dfa
Remove ATK34 alias
2022-08-18 08:59:04 -07:00
Delta-Sierra
3f036db1e3
add TA558
2022-08-18 15:54:28 +02:00
Mathieu Beligon
71e3e1f3eb
Fix ATK aliases
2022-08-17 13:39:43 -07:00
Mathieu Beligon
a6242d4732
Merge branch 'main' into threat-actors/fix-naikon-cluster
2022-08-17 13:37:01 -07:00
Mathieu Beligon
0d6399aa2b
Add ATK78 alias for Thrip
2022-08-17 12:04:32 -07:00
Mathieu Beligon
53282255ce
Branch out Goblin Panda from Hellsing
2022-08-17 11:55:35 -07:00
Mathieu Beligon
3f50cf0175
Create a tool for Esile
2022-08-17 11:19:30 -07:00
Rony
f608312577
addresses https://github.com/MISP/misp-galaxy/pull/751#issuecomment-1217680586
2022-08-17 08:52:35 +00:00
Rony
ccd10b54f4
remove duplicate reference
2022-08-17 12:49:56 +05:30
Rony
0cec882cc5
merge microcin/sixlittlemonkeys to vicious panda
2022-08-17 07:06:51 +00:00
a373909bb1
Merge pull request #748 from r0ny123/patch-2
...
Update threat-actor.json
2022-08-17 07:44:46 +02:00
352998a84d
fix: [threat-actor] add missing refs for APT33 including CFR link
2022-08-17 07:40:23 +02:00
Mathieu Beligon
d05b29c1af
[threat-actors] Remove duplicate APT33
2022-08-16 17:15:30 -07:00
Mathieu Beligon
9c6f106928
[threat actor] Fix aliases related to Lotus Panda
2022-08-16 16:58:35 -07:00
Rony
5b25b574b3
add uac-0010 references from cert-ua
2022-08-16 10:19:53 +00:00
Rony
370045b01d
Merge "red october" and "cloud atlas" to inception framework"
2022-08-16 09:30:29 +00:00
Rony
62b168600f
fix duplicates
2022-08-16 12:15:30 +05:30
Rony
490bc6a05c
fix duplicate
2022-08-16 12:10:27 +05:30
Rony
bbe84c5985
updates to russian actors
2022-08-16 12:07:59 +05:30
Rony
de76aef023
Update threat-actor.json
2022-08-16 10:49:13 +05:30
Rony
f4b63d4514
updates to tianwu
2022-08-16 10:30:33 +05:30
96d31aa8c7
chg: [threat-actor] jq all the things
2022-08-11 17:50:00 +02:00
Thomas Dupuy
ed24dcaf19
Add link for SLIME29.
2022-08-11 15:41:01 +00:00
Thomas Dupuy
912050b9b7
Update commit based on feeback.
2022-08-11 15:20:32 +00:00
Thomas Dupuy
6e0df72ef4
Add Threat Actors from BH Asia22 prez.
2022-08-10 18:53:38 +00:00
Christophe Vandeplas
1369756810
chg: [atrm] Add Azure Threat Research Matrix Galaxy and generation script
2022-08-06 21:19:31 +02:00
Daniel Plohmann
bdaadea58e
removing a leading double quote in a URL.
2022-08-02 18:17:58 +02:00
Daniel Plohmann
bc20a463c8
merging TG2003 / Elephant Beetle into FIN13
...
as indicated in the respective resources published by the organizations using these aliases.
2022-08-02 14:11:43 +02:00
6427746ad8
Merge pull request #727 from Mathieu4141/threat-actors/merge-cutting-kitten-cleaver
...
Fix Cleaver aliases
2022-07-27 23:17:42 +02:00
63f5122ad4
Merge pull request #742 from r0ny123/patch-1
...
Update threat-actor.json
2022-07-27 18:56:47 +02:00
Mathieu Beligon
51aacd6b03
Reduce diff with old version
2022-07-26 23:53:22 -07:00
Mathieu Beligon
acc6ada575
r0ny123.review: Use Cutting Kitten as main value for ITSecTeam
2022-07-26 23:27:39 -07:00
Mathieu Beligon
d815bfa174
Merge remote-tracking branch 'upstream/main' into threat-actors/merge-cutting-kitten-cleaver
2022-07-26 23:22:03 -07:00
Daniel Plohmann
26f6a33695
more aliases from Unit 42
2022-07-26 11:09:33 +02:00
Rony
5a7f3a7207
fix
2022-07-25 17:17:52 +05:30
Rony
8ce0df6eb4
Update threat-actor.json
...
Merge aquatic panda & earth lusca
2022-07-25 17:15:23 +05:30
6b6398bf2d
fix: [threat-actor] incorrect merge fixed
2022-07-20 18:45:50 +02:00
b4ce9a9453
Merge branch 'main' of https://github.com/r0ny123/misp-galaxy into r0ny123-main
2022-07-20 18:41:27 +02:00
Rony
add6b27466
update
2022-07-20 21:39:33 +05:30
Rony
2b54df56f9
update
2022-07-20 21:32:11 +05:30
Rony
2e045d9c8c
chg: [fix] resolve conflict
2022-07-20 21:28:15 +05:30
Daniel Plohmann
5825783a85
removed duplicate UUID for Kinsing
...
my apologies, looks like I had not rolled a new UUID for one of the entries added...
2022-07-20 17:07:05 +02:00
Rony
932fcf1871
added Red Nue
2022-07-20 15:07:35 +05:30
Rony
082039b3b0
added CN actors from secureworks threat profile
...
https://www.secureworks.com/research/threat-profiles?filter=item-china and fixed some AKAs
2022-07-20 14:52:58 +05:30
Daniel Plohmann
ed32c508b7
added more Unit 42 aliases / groups
2022-07-20 08:38:03 +02:00
Rony
000bfe92d9
add APT9/Red Pegasus & BRONZE EDGEWOOD/Red Hariasa
2022-07-20 10:04:58 +05:30
Rony
2e8a577b0c
add PwC naming to CN actors
2022-07-20 09:45:21 +05:30
Rony
3fabd58416
chg: [threat-actor] fixed
2022-07-19 23:36:30 +05:30
Rony
79c84d3768
add Earth Berberoka, Earth Lusca and Earth Wendigo
2022-07-19 22:42:50 +05:30
Daniel Plohmann
082d506b64
adding new Unit 42 names
...
First PR: those are the directly mappable names. I will follow up after deconfliction and then with a few new entries.
2022-07-19 08:45:09 +02:00
Daniel Plohmann
240a757826
Update threat-actor.json
...
adding Predatory Sparrow due to recent events.
2022-07-13 10:02:07 +02:00
cf603e8160
Merge pull request #736 from Delta-Sierra/main
...
add Qbot
2022-07-12 18:41:33 +02:00
Thomas Dupuy
90da0d798f
Set country to LB instead of IR based on operational activity.
2022-07-12 16:21:41 +00:00
Delta-Sierra
b1c853bf42
update version
2022-07-12 15:51:55 +02:00
Thomas Dupuy
1a8835bcae
Remove list from POLONIUM TA.
2022-07-12 13:11:11 +00:00
Thomas Dupuy
a86d866534
Add POLONIUM TA.
2022-07-12 12:14:27 +00:00
Delta-Sierra
d40017ae50
add Qbot
2022-07-12 14:03:43 +02:00
Delta-Sierra
6c6355f2ba
fix typo
2022-07-12 11:31:08 +02:00
Delta-Sierra
300d608770
jq
2022-07-12 10:54:37 +02:00
Delta-Sierra
71c93f5b24
fix caps typo
2022-07-12 10:53:14 +02:00
Delta-Sierra
4ea34fc5a4
Merge https://github.com/Delta-Sierra/misp-galaxy into main
2022-07-12 10:51:59 +02:00
Delta-Sierra
924eda26ca
Add EnemyBot +relationships
2022-07-12 10:49:11 +02:00
Deborah Servili
ca7d524d9c
Merge branch 'main' into main
2022-07-08 16:27:28 +02:00
Delta-Sierra
29aa7b3f69
add Maui ransomware
2022-07-08 14:49:12 +02:00
Delta-Sierra
56a53433f0
add HelloXD ransomware
2022-07-08 12:05:31 +02:00
Delta-Sierra
279b89f6d9
fix duplicate extension-2
2022-07-06 09:38:02 +02:00
Delta-Sierra
67d5f5c7c0
fix duplicate extension
2022-07-06 09:34:11 +02:00
Delta-Sierra
7e37fa0cdd
merge + update medusalocker
2022-07-06 09:28:46 +02:00
Delta-Sierra
c2e7ef4fab
Update Medusa Locker and others
2022-07-06 08:43:59 +02:00
marjatech
587dc8560b
add script to automate malpedia update
2022-07-04 14:24:34 +02:00
Mathieu Beligon
693eed8d78
[threat actor] Break Cleaver aliases into respective entries
2022-07-04 14:05:29 +02:00
marjatech
1212a75cc4
update malpedia
2022-07-04 11:02:02 +02:00
Mathieu Beligon
d63c990dad
[threat-actors] Separate ITSecTeam from Cleaver
2022-06-30 14:34:05 +02:00
Mathieu Beligon
b8d4ffdbde
Merge Cutting Kitten and Cleaver
2022-06-29 20:15:12 +02:00
Koen Van Impe
0c9aa68db6
Update surveillance-vendor.json
2022-06-22 13:30:55 +02:00
Koen Van Impe
22c2f7b999
Add RCS Lab S.p.A. to surveillance-vendor
2022-06-22 11:20:52 +02:00
Mathieu Beligon
d79c5bd1ab
Add ToddyCat Threat actor
2022-06-21 15:12:42 +02:00
Rony
c030fcdab6
chg: [threat-actor] added PwC naming for Indian actors
...
https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf
2022-06-11 15:46:54 +05:30
Thanat0s
44a99d066a
Y en a un peut plus je vous le mets quand meme ?
2022-06-11 04:24:04 -04:00
Thanat0s
57befd7259
jq all the things
2022-06-10 19:12:12 -04:00
Thanat0s
51f98f4706
Attck link + typo on TA551
2022-06-10 18:40:16 -04:00
Thanat0s
f97fee7135
Typo on TA551
2022-06-10 18:38:25 -04:00
Thanat0s
297acc0f5e
Add Mitre vs Thales RosettaStone
2022-06-10 18:24:15 -04:00
Rony
e916267c7c
chg: [threat-actor] add reference to bitter & sidewinder group
2022-06-08 23:22:17 +05:30
Christophe Vandeplas
39073004c4
[mitre] bump to MITRE ATT&CK v11.2
2022-05-25 21:03:14 +02:00
Christophe Vandeplas
4a469299fd
[mitre] update sorting algo
...
will make future ATT&CK updates less noisy in the git diff
2022-05-25 21:00:57 +02:00
Mathieu Beligon
dca70783bf
[threat-actors] validate file
2022-05-23 11:32:24 +02:00
Mathieu Beligon
c1cfc19871
[threat actors] Remove dead link for sandworm threat actor
2022-05-23 11:30:04 +02:00
Mathieu Beligon
36a1466661
[threat-actors] Add RansomHouse
2022-05-23 11:29:39 +02:00
a838eaf9db
Merge pull request #717 from jloehel/krane
...
chg: [cryptominers] Adds Krane
2022-05-18 08:17:16 +02:00
Jürgen Löhel
1be9a10ef9
chg: [cryptominers] Adds Krane
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-05-17 14:47:29 -05:00
Jürgen Löhel
9db5d18114
chg: [android] Adds Vulture
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-05-17 14:16:21 -05:00
Rony
2721522e82
chg: [threat-actor] add exotic lily, ta578, ta579
2022-05-14 20:52:15 +05:30
Jürgen Löhel
45da13ce5e
chg: [backdoors] Adds BPFDoor
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-05-11 19:06:19 -05:00
fcdc6c86e6
chg: [threat-actor] add TG2003 synomym to Elephant Beetle
2022-05-09 14:24:28 +02:00
9130365e2e
chg: [threat-actor] Elephant Beetle added
...
Fix #708
2022-05-09 14:23:12 +02:00
bb434b11cf
chg: [threat-actor] ModifiedElephant added
...
Fix #709
2022-05-09 14:16:01 +02:00
06550a7945
chg: [threat-actor] fix refs field -> it's always an array
2022-05-09 13:46:16 +02:00
b67e3ed3f8
Merge branch 'threatactor-cosmiclynx-add' of https://github.com/adammchugh/MISP-Galaxy-Updates into adammchugh-threatactor-cosmiclynx-add
2022-05-09 13:43:44 +02:00
Rony
c0be6677c2
chg: [threat-actor] added actor Red Menshen
...
https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf
2022-05-07 15:44:10 +05:30
Rony
11eca69ebc
chg: [threat-actor] added Curious Gorge
2022-05-07 12:40:35 +05:30
Daniel Plohmann
26c1850377
Update threat-actor.json
...
adding Red Dev 4 as alias for GALLIUM as used by PwC.
2022-05-06 09:47:48 +02:00
Daniel Plohmann
06c293072c
Update threat-actor.json
...
adding UNC3524 to the actor galaxy cluster.
2022-05-04 13:21:56 +02:00
3c7
0ad65fbe9f
Forgot to jq all the things
2022-04-28 09:42:25 +02:00
3c7
dfb6c0668e
Added SaintBear
2022-04-28 09:36:25 +02:00
Christophe Vandeplas
33476bec81
chg: [mitre] bump to MITRE ATT&CK v11.0
2022-04-25 18:29:57 +02:00
664f6d80cc
chg: [threat-actor] Killnet description added
2022-04-21 15:05:50 +02:00
1e383e2452
chg: [threat-actor] version updated
2022-04-21 14:53:14 +02:00
Mathieu Beligon
c8455a6c4d
[actors] Add killnet
2022-04-21 14:06:28 +02:00
Adam McHugh
53a0fc56d3
Added Cosmic Lynx Threat Actor from Agari Whitepaper advisory
2022-04-18 10:16:26 +09:30
bca7381f33
fix: [ransomware] refs are within meta
2022-04-17 15:43:23 +02:00
eb7c5ebaf1
fix: [ransom] remove empty ref
2022-04-17 15:39:02 +02:00
bc696b43f4
chg: [ransomware] jq all the things
2022-04-17 15:35:50 +02:00
00d33fd292
Merge pull request #701 from adammchugh/ransomware-conti-update
...
Ammended Conti ransomware entry with ACSC 2021-010 advisory data
2022-04-17 15:35:25 +02:00
66744a4cd0
Merge pull request #704 from adammchugh/cryptominers-bluemockingbird-add
...
Added Cryptominer Blue Mockingbird from RedCanary advisory.
2022-04-17 14:43:59 +02:00
14907e3eef
Merge pull request #703 from adammchugh/threatactor-copypaste-add
...
Added Copy-Paste Threat Actor from ACSC Advisory 2020-008
2022-04-17 14:43:37 +02:00
Adam McHugh
84eac4b102
Added Cosmic Lynx Threat Actor from Agari Whitepaper advisory
2022-04-17 19:50:08 +09:30
Adam McHugh
f00e80ae7e
Added Cryptominer Blue Mockingbird from RedCanary advisory.
2022-04-17 19:44:42 +09:30
Adam McHugh
cff8a38c5f
Added Copy-Paste Threat Actor from ACSC Advisory 2020-008
2022-04-17 19:37:26 +09:30
Adam McHugh
622c0502aa
Ammended Conti ransomware entry with ACSC 2021-010 advisory data
2022-04-17 19:23:11 +09:30
Adam McHugh
99caab201f
Ammended Blackcat ransomware entry with ACSC 2022-004 advisory data
2022-04-17 18:05:24 +09:30
Thomas Dupuy
bd05eb0bba
upd: [cluster] add Threat Actor BladeHawk.
2022-04-11 17:03:19 +00:00
Thomas Dupuy
209391f110
upd: [cluster] add ref and synonyms for Energetic Bear.
2022-04-07 18:26:58 +00:00
b649057a5a
chg: [handicap] fixed more fields
2022-04-04 11:09:30 +02:00
aff4345074
chg: [handicap] more cleanup
2022-04-04 11:01:38 +02:00
269f91ad75
chg: [handicap] more clean-up of uuid values
2022-04-04 10:56:29 +02:00
d3d4e7186b
chg: [handicap] fix name of the clusters
2022-04-04 10:43:56 +02:00
7e6390c336
Merge pull request #694 from AgatheMgt/main
...
Handicap
2022-04-04 10:41:06 +02:00
Rony
a08ddaf548
Add Avivore & HAZY TIGER/Bitter
2022-04-02 01:14:18 +05:30
Rony
50f39edc10
Revert "update threat actors meta"
2022-04-02 00:55:38 +05:30
Delta-Sierra
73f71c8b15
dup
2022-04-01 16:51:27 +02:00
Delta-Sierra
fb557fd3a2
dup
2022-04-01 16:47:50 +02:00
Delta-Sierra
909fc09992
duplicate
2022-04-01 16:44:47 +02:00
Delta-Sierra
7c3e8ac068
fix duplicate
2022-04-01 16:40:40 +02:00
Delta-Sierra
dcc396108c
fix duplicate
2022-04-01 16:36:47 +02:00
Delta-Sierra
9257fb677b
merge
2022-04-01 16:32:10 +02:00
Delta-Sierra
0f7803b091
update threat actors meta
2022-04-01 16:00:27 +02:00
Sami Mokaddem
4242732af1
chg: jq all 2
2022-03-31 09:05:22 +02:00
Sami Mokaddem
a9a09d11c6
chg: jq all
2022-03-31 08:59:36 +02:00
Mathieu Beligon
c35fad3291
Add threat actor group Scarab
2022-03-28 12:11:34 +02:00
94c3788089
Merge pull request #687 from Badis-dev/main
...
Add galaxy and cluster cancer
2022-03-25 10:04:46 +01:00
AgatheMgt
aec779d1ee
poatate
2022-03-24 09:43:58 -04:00
AgatheMgt
3ce6d7a313
Update handicap.json
2022-03-24 07:48:49 -04:00
AgatheMgt
a6a16926f6
Create handicap.json
2022-03-24 07:08:08 -04:00
Daniel Plohmann
24a3f16ab4
adding threat actor group LAPSUS$ / DEV-0537.
2022-03-23 09:47:10 +01:00
Delta-Sierra
97690426bf
update threat actors meta
2022-03-18 16:41:10 +01:00
6f0208dcaf
chg: [ransomware] UUID fixed
2022-03-18 16:03:27 +01:00
ef5af37dbe
chg: [botnet] duplicate UUIDs replaced
2022-03-18 15:58:09 +01:00
c0a07d2246
chg: [ransomware] replace duplicate UUIDs
2022-03-18 15:57:06 +01:00
botlabsDev
6416d0b2de
add Rook Ransomware, Pandora Ranomsware, Astro Locker, Mount Locker, Ripprbot, Abcbot Cyclops Blink and Elknot
2022-03-18 15:34:11 +01:00
18069ce5f3
Merge pull request #688 from botlabsDev/patch-0
...
Add tool 'BadPotato' to clusters/tool.json
2022-03-15 12:30:47 +01:00
7fd5715715
Merge pull request #691 from r0ny123/indian-adversaries
...
Update to Indian Adversaries
2022-03-15 12:28:16 +01:00
Rony
eebda5f955
chg: [threat-actor] merging viceroy tiger and donot team & adding SectorE02 as an alias of Donot team
2022-03-15 15:02:57 +05:30
Rony
ac72e7b639
fix
2022-03-15 14:00:46 +05:30
Rony
3b67e745e5
Update threat-actor.json
2022-03-15 13:57:00 +05:30
botlabsDev
99ab2a13d6
Add tool 'BadPotato' to clusters/tool.json
2022-03-14 18:02:02 +01:00
Badis-dev
231915f9a4
add galaxy and cluster cancer
2022-03-11 14:20:09 +01:00
Badis-dev
27241135a2
Add cancer.json
2022-03-11 11:26:57 +01:00
Badis-dev
78f1c9f345
Delete cancer.json
2022-03-11 11:26:30 +01:00
Badis-dev
1c707f7c5e
Add cancer cluster
2022-03-11 11:13:57 +01:00
Delta-Sierra
957327383d
fix array
2022-03-07 16:10:53 +01:00
Delta-Sierra
a7f3df8a9a
merge
2022-03-07 16:04:38 +01:00
Delta-Sierra
8fd3c87b47
update threat actors meta
2022-03-07 15:54:29 +01:00
8e09c9b30c
Merge pull request #685 from danielplohmann/patch-14
...
adding threat actor "Moses Staff"
2022-03-02 21:43:00 +01:00
Daniel Plohmann
896a451461
fixed with linted JSON.
2022-03-02 21:22:28 +01:00
Daniel Plohmann
a817324cd4
adding threat actor "Moses Staff"
2022-03-02 15:50:39 +01:00
Mathieu Beligon
0b456b8afa
version bump -> 213
2022-03-02 14:55:26 +01:00
Mathieu Beligon
d3d241ca54
Update Gamaredon target
2022-03-02 14:55:19 +01:00
Mathieu Beligon
27c05a118e
Update GhostWriter
2022-03-02 13:16:20 +01:00
Delta-Sierra
c909a35d65
Merge https://github.com/MISP/misp-galaxy into main
2022-02-18 10:57:10 +01:00
Delta-Sierra
a788c867a7
jq
2022-02-18 10:56:07 +01:00
Delta-Sierra
b0cd884afc
add TA2541
2022-02-18 10:54:25 +01:00
Daniel Plohmann
321e4b4a57
another Gamaredon ref and version bump
2022-02-18 08:26:01 +01:00
Daniel Plohmann
254dd47a61
adding ACTINIUM as MSFT name for Gamaredon
2022-02-18 08:24:35 +01:00
Delta-Sierra
33ef3317b7
fix duplicate
2022-02-14 10:02:36 +01:00
Delta-Sierra
9b76d71c43
Merge https://github.com/MISP/misp-galaxy into main
2022-02-14 08:47:21 +01:00
Delta-Sierra
3184819968
add DDG botnet and more
2022-02-11 16:13:36 +01:00
rwe
4700780d47
added antlion APT group
2022-02-05 04:52:33 -08:00
f49b54281b
chg: [ransomware] set encryption only
2022-02-02 22:36:14 +01:00
3328b73185
fix: [ransomware] array end missing
2022-02-02 22:32:39 +01:00
Kevin Holvoet
3d23f98d04
Forgot comma between JSON entries
2022-02-02 18:58:55 +01:00
Kevin Holvoet
389add7580
Update ransomware.json with URL fix
...
Fixed URL for AlphaLocker
2022-02-02 18:54:31 +01:00
Kevin Holvoet
fa9829cec0
Update ransomware.json: add BlackCat (ALPHV)
2022-02-02 18:50:19 +01:00
Daniel Plohmann
833a6e0a8d
updated URLs for Gamaredon with Shuckworm alias reference
2022-02-02 09:40:10 +01:00
Daniel Plohmann
8f928d8eb3
adding Gamaredon alias Shuckworm used by Symantec
2022-02-02 09:35:53 +01:00
Delta-Sierra
5cf1eb01f4
Merge https://github.com/MISP/misp-galaxy into main
2022-01-31 10:04:07 +01:00
1fda357a03
new: [surveillance] Cytrox added
2022-01-30 11:31:55 +01:00
Jürgen Löhel
22046a1eae
Adds WhisperGate
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-01-18 13:16:06 -06:00
Delta-Sierra
e523bdaf70
merge
2022-01-14 16:08:14 +01:00
Jürgen Löhel
3059c70ae6
Adds UPAS-Kit
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-01-13 11:53:32 -06:00
Thomas Dupuy
c792bdd1b7
Add AQUATIC PANDA threat actor.
2022-01-12 13:51:11 -05:00
Thomas Dupuy
afaf3a3110
Add Motnug tool.
2022-01-12 13:37:59 -05:00
Jürgen Löhel
5aa8a8a8b1
Adds Ragnatela RAT
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-01-10 15:57:10 -06:00
Sami Tainio
dcb87b0dc6
chg: [threat-actor] Add SideCopy
2022-01-07 17:45:41 +02:00
Daniel Plohmann
3094283252
adding Mandiant's FIN13.
2022-01-03 09:32:43 +01:00
eba1b2839f
chg: [concordia] CMTMF killchain typo fixed
2021-12-20 10:41:00 +01:00
Raphaël Vinot
b4d518d4f0
fix: cmtmf-attack-pattern had multiple duplicate UUIDs
2021-12-17 17:58:29 +01:00
12617ff627
chg: [concordia] fix name inconsistencies
2021-12-17 17:41:00 +01:00
69b582f9ba
chg: [concordia] duplicate removed
2021-12-17 17:31:38 +01:00
bc3ab62917
chg: [concordia] duplicate removed
2021-12-17 17:26:04 +01:00
ee2a3c83f4
chg: [concordia] duplicate techniques removed
2021-12-17 17:21:00 +01:00
01d23b61b7
chg: [concordia] typo fixed
2021-12-17 17:15:43 +01:00
01f2ce68d4
chg: [misp-galaxy] duplicate modify trusted environment and also different technique ID?
2021-12-17 17:13:57 +01:00
5becac98e4
chg: [concordia] duplicates removed
2021-12-17 16:51:11 +01:00
ae7b7bd47d
chg: [cmtmf-attack-pattern] various fixes to make JSON ok
2021-12-17 16:08:07 +01:00
7b587710b1
Merge branch 'concordia_mtmf' of https://github.com/BennSaturn/misp-galaxy into BennSaturn-concordia_mtmf
2021-12-17 15:55:03 +01:00
Jürgen Löhel
b81ac7f01d
Adds DarkWatchman RAT
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-12-17 07:20:58 -06:00
Delta-Sierra
b8960393a4
add Milan Rat, Shark tool and Lyceum synonyms
2021-11-29 16:00:40 +01:00
Delta-Sierra
bb92427b65
add Lyceum synonyms/sources
2021-11-29 12:05:51 +01:00
Delta-Sierra
78a8cf4ad2
add ESPecter Bootkit
2021-11-19 16:30:57 +01:00
Delta-Sierra
c89623e945
add ESPecter bootkit
2021-11-16 08:17:37 +01:00
Christophe Vandeplas
aeb5719448
chg: [att&ck] update to ATT&CK v10
2021-10-22 14:34:25 +02:00
ab41df7282
chg: [malpedia] remove duplicate
2021-10-20 12:24:12 +02:00
e517787e7c
chg: [malpedia] duplicates removed
2021-10-20 12:21:05 +02:00
69f878c86f
fix: [malpedia] remove duplicate urls
2021-10-20 12:16:22 +02:00
da91f2abc2
chg: [malpedia] updated
2021-10-20 10:21:03 +02:00
marjatech
d74fdb3e43
update malpedia
2021-10-19 16:21:19 +02:00
Bernardo Santos
e74fcfe268
Update cmtmf-attack-pattern.json
...
- update version
2021-10-13 10:06:00 +02:00
Bernardo Santos
5f19983ba3
Update cmtmf-attack-pattern.json
...
- Changes to cluster type
- Fix typo for privilege escalation tactic
2021-10-13 09:57:03 +02:00
Bernardo Santos
49dfcca563
CONCORDIA MTMF - Initial version
...
Initial version of the CONCORDIA Mobile Threat Modelling Framework for the CONCORDIA Project: https://www.concordia-h2020.eu/
2021-10-12 10:54:06 +02:00
Bernardo Santos
d09681b011
CONCORDIA MTMF - Initial version
...
Initial version of the CONCORDIA Mobile Threat Modelling Framework for the CONCORDIA Project: https://www.concordia-h2020.eu/
2021-10-12 10:45:03 +02:00
Jeroen Pinoy
9ec76ae185
Add threat actor common raven
2021-10-03 23:30:20 +02:00
Thomas Patzke
26f0c344a1
Added O365 techniques
...
Source:
https://www.inversecos.com/2021/09/office365-attacks-bypassing-mfa.html
2021-09-18 23:27:38 +02:00
Thomas Dupuy
1985de4d44
Add BLUELIGHT tool.
2021-08-27 10:28:06 +02:00
Thomas Dupuy
89a3f986ba
Add InkySquid synonym.
2021-08-24 16:29:34 +02:00
Daniel Plohmann
3272960a14
fixed typo in actor name (CLOCKWORD -> CLOCKWORK SPIDER)
2021-08-19 06:02:40 +02:00
Rony
5dd0c7d8b3
chg: [threat-actor] add origin country to UNC2452 & HAFNIUM
...
addressed https://github.com/MISP/misp-galaxy/pull/660#issuecomment-884475015
2021-08-02 22:30:05 +05:30
Rony
636ccdedcd
Update threat-actor.json
2021-07-21 18:47:56 +05:30
Rony
9ecfecc063
another fix
2021-07-21 18:41:18 +05:30
Rony
32ea60d721
fix
2021-07-21 18:31:05 +05:30
Rony
52e7d5a0a9
multiple updates to apt40, apt31 & hafnium
2021-07-21 18:28:40 +05:30
Rony
fb9a41f8e9
from Gov Canada & MFA Japan
2021-07-19 20:33:35 +05:30
Rony
c90c60cb13
adding references for APT40 & APT31
2021-07-19 20:14:36 +05:30
6c8949caa9
Merge pull request #658 from jasperla/oilrig
...
merge APT34 with OilRig
2021-07-03 08:56:39 +02:00
Deborah Servili
b6005bd53f
Merge branch 'main' into master
2021-07-02 13:30:51 +02:00
Delta-Sierra
913aff30c3
Add NOBELIUM and related
2021-07-02 13:18:03 +02:00
Jasper Lievisse Adriaanse
792490298e
merge APT34 with OilRig
...
OilRig already has "APT 34" and "APT34" as synonyms. Additionally
MITRE has since combined them due to overlap in activity:
https://attack.mitre.org/groups/G0049/
2021-06-29 20:26:04 +02:00
a5d7d85dc8
Merge pull request #657 from jloehel/add_matanbuchus
...
[cluster][tool] Adds Matanbuchus
2021-06-22 07:23:20 +02:00
Jürgen Löhel
254c201601
[cluster][tool] Adds Matanbuchus
...
+ threat actor: BelialDemon
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-06-21 18:04:28 -05:00
Jürgen Löhel
381973f5de
[cluster][stealer] Adds HackBoss
...
Fixes : #651
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-06-21 16:35:20 -05:00
Thomas Dupuy
772c5145c1
Added BackdoorDiplomacy and Gelsemium.
2021-06-11 11:48:57 -04:00
Rony
9a723b6261
more ta544 references
2021-05-26 20:26:27 +05:30
Rony
db06e1fa4a
chg: [threat-actor] added cybercrime threat group profiles from Crowdstrike & Secureworks
2021-05-22 21:02:30 +05:30
Daniel Plohmann
433ea5cb45
Twisted Spider -> TWISTED SPIDER
...
fair point
2021-05-19 17:04:58 +02:00
Daniel Plohmann
9719122d27
adding Twisted Spider as alias for TA2101 (Maze)
2021-05-19 16:47:41 +02:00
a3cdbc1309
Merge pull request #650 from Still34/patches/alias-tick-1
...
Add alias for Tick
2021-05-07 23:23:38 +02:00
Still Hsu
eb671f1e6a
Add Nian alias
...
Signed-off-by: Still Hsu <dev@stillu.cc>
2021-05-08 00:52:27 +08:00
Still Hsu
fe7c0dab07
Add country origin for BlackTech
...
Signed-off-by: Still Hsu <dev@stillu.cc>
2021-05-08 00:32:39 +08:00
Daniel Plohmann
38b8bac51d
fixing broken/dead links
2021-05-04 20:15:17 +02:00
6f7d3d5c2b
chg: [ransomware] COLT (Compromise to Leak Time) added on Darkside and Pysa
...
"COLT – Compromise to Leak Time" - new meta colt-median/colt-average.
For reference: https://vulnerability.ch/2021/05/colt-compromise-to-leak-time/
2021-05-03 07:41:43 +02:00
7aaf25a424
new: [ransomware] Ragnarok added
2021-04-30 12:08:03 +02:00
94ec98d544
Merge pull request #646 from r0ny123/update
...
Updates to APT27 & Tick
2021-04-29 18:29:53 +02:00
Christophe Vandeplas
86ee7008b2
chg: [att&ck] bump to latest ATT&CK version from MITRE
2021-04-29 18:12:36 +02:00
211a4b5145
fix: [ransomware] Related key should be outside metas
2021-04-26 13:48:06 +02:00
Rony
4ba2db0f3a
FlatChestWare duplicate removed
2021-04-26 16:24:09 +05:30
ef9989dbe8
chg: [ransomware] duplicate removed
2021-04-26 12:06:03 +02:00
847d3e8fa7
chg: [ransomware] duplicate removed
2021-04-26 12:01:01 +02:00
f3992ec5f1
chg: [ransomware] duplicates removed
2021-04-26 11:57:21 +02:00
f2703bd03e
chg: [ransomware] Flyper removed
2021-04-26 11:52:28 +02:00
Delta-Sierra
3cae487e3d
fix duplicates and add relations
2021-04-26 11:25:39 +02:00
Rony
faed812fc9
Merged STALKER PANDA to Tick
2021-04-25 19:12:20 +05:30
Rony
89b9c0c32c
several updates to apt27
2021-04-25 16:53:36 +05:30
Delta-Sierra
0a05621f82
Merge https://github.com/MISP/misp-galaxy
2021-04-19 15:48:58 +02:00
Delta-Sierra
b138354fa5
Removing duplicate
2021-04-19 15:42:49 +02:00
28f6475cc5
chg: [ransomware] first duplicate removed
2021-04-19 15:13:18 +02:00
e7061f90d9
chg: [ransomware] remove duplicate "File-Locker"
2021-04-19 15:08:06 +02:00
ab13dd00f8
Merge pull request #645 from Delta-Sierra/master
...
Adding ransomware names [WIP 2/3]
2021-04-19 15:03:12 +02:00
Delta-Sierra
f5713a8d87
Removing unexpected line
2021-04-19 14:53:36 +02:00
Delta-Sierra
b7b4b356c3
Adding ransomware names [WIP 3]
2021-04-19 14:47:10 +02:00
Delta-Sierra
fdf1a6c112
Adding ransomware names [WIP 2]
2021-04-19 13:24:25 +02:00
Daniel Plohmann
6eb594a6b0
adding Yanbian Gang as threat actor
2021-04-16 15:12:45 +02:00
Delta-Sierra
f3456a89c5
fix version
2021-04-15 15:08:11 +02:00
Delta-Sierra
4bcd0492bd
Adding ransomwares WIP
2021-04-15 15:07:52 +02:00
Daniel Plohmann
2d8e9ea364
Symantec uses Palmerworm as alias for BlackTech
...
Adding Palmerworm as Symantec alias for BlackTech (with reference).
2021-03-31 22:35:12 +02:00
Thomas Dupuy
a8c62ddeda
Add Ghostwriter.
2021-03-31 09:42:40 -04:00
Rony
50f5d2ae4a
reverted changes made into 52ae97718d
2021-03-30 22:19:05 +05:30
sebdraven
ce8a9442eb
validation jsons
2021-03-30 13:12:21 +00:00
Sebdraven
52ae97718d
Update threat-actor.json
...
add a synonym to Haffnium
2021-03-30 15:11:09 +02:00
sebdraven
b082977b9f
validation ok
2021-03-30 10:22:35 +00:00
Sebdraven
4ed4cebcee
Update threat-actor.json
...
format json
2021-03-30 12:16:22 +02:00
Sebdraven
a62e3ba530
Update threat-actor.json
...
add redecho threat actor
2021-03-30 12:10:50 +02:00
Jakub Onderka
ca9608da6d
fix: Cryptominers type
2021-03-27 22:07:33 +01:00
26b9740e55
chg: [malpedia] jq all the file and removed ref duplicates
2021-03-13 11:00:39 +01:00
Jakob M
f02ce7e805
update to latest
...
Ref: https://malpedia.caad.fkie.fraunhofer.de/api/get/misp
2021-03-12 10:35:12 +01:00
Delta-Sierra
eff327b4fd
fix progress
2021-03-11 14:42:55 +01:00
Delta-Sierra
7c843ac5c2
fix merge & jq
2021-03-11 14:08:29 +01:00
Delta-Sierra
c37befc8a9
merge
2021-03-11 10:35:05 +01:00
855a12a408
chg: [clusters] fixing broken UUID fix #628
2021-03-11 09:54:50 +01:00
f6ed00233e
chg: [ransomware] fix the broken UUID fix #628
2021-03-11 09:52:25 +01:00
Rony
57c7d0b9a0
From Nextron
2021-03-06 19:44:32 +05:30
Rony
6cabbfb091
more!
2021-03-06 14:22:29 +05:30
Rony
7b242555df
More references
...
From
Crowdstrike
MSRC
and kql hunting query from James Quinn
2021-03-06 13:28:14 +05:30
Rony
eaab88ef28
add HAFNIUM detection refs
2021-03-05 16:51:28 +05:30
Rony
4bc438a325
fix
2021-03-05 11:48:43 +05:30
Rony
d9b299aafc
add more HAFNIUM references
2021-03-05 11:42:04 +05:30
Rony
c9f7afef1c
Adding alias NOBELIUM
2021-03-04 22:39:33 +05:30
47dade9d0e
Merge pull request #631 from r0ny123/Enhancement
...
Add HAFNIUM
2021-03-04 14:48:01 +01:00
a9a6b0253f
chg: [microsoft activity group] HAFNIUM added
2021-03-04 10:49:58 +01:00
Rony
ad795606cf
added HAFNIUM
...
Updates:
Tonto Team
UNC2452
2021-03-04 00:10:33 +05:30
Sebdraven
2666341afc
Update threat-actor.json
...
update Sidewinder card
2021-03-03 17:59:25 +01:00
Thomas Dupuy
f842694fda
Update Infy TA.
2021-03-02 14:37:01 -05:00
524676282e
Merge branch 'main' of github.com:MISP/misp-galaxy into main
2021-02-26 08:30:58 +01:00
4692ced8fa
chg: [tool] SUNSPOT added
2021-02-26 08:28:01 +01:00
Delta-Sierra
0e23d8b95f
add relationships between Maze, Rgnar, Egregor and Sekhmet
2021-02-25 10:21:28 +01:00
Delta-Sierra
406dfdb45b
add Sekhmet ransomware
2021-02-25 09:52:52 +01:00
Delta-Sierra
d273a5da7d
add TeamTNT ref
2021-02-25 09:52:24 +01:00
Rony
5c6f3a036b
removing DePrimon
...
DePrimon is not a TA, added malfamily (waiting for approval) to Malpedia to better reflect that.
2021-02-24 21:55:04 +05:30
Thomas Dupuy
eeafff9768
Add RDAT backdoor
2021-02-23 11:15:31 -05:00
Delta-Sierra
eb07fab69f
add Ragnar Locker and update accordingly
2021-02-23 16:21:07 +01:00
Delta-Sierra
06ae10965b
add Covidloc and tycoon ransomware + small updates on some ransomwares
2021-02-22 16:39:47 +01:00
Delta-Sierra
7c1ac58141
add TeamTNT
2021-02-22 16:38:18 +01:00
Thijsvanede
e9eb0c7a6c
Fix: rename "Innitial Access" to "Initial Access"
...
Renamed mitre-ics-tactics "Innitial Access" to "Initial Access".
Original was a minor spelling mistake.
The fixed naming corresponds to the original ATT&CK framework description https://collaborate.mitre.org/attackics/index.php/Initial_Access
2021-02-19 12:01:47 +01:00
Thomas Dupuy
178e16dc13
Remove empty values.
2021-02-16 10:32:37 -05:00
Thomas Dupuy
4a7560d191
Add Exaramel and P.A.S. webshell tool.
2021-02-15 12:52:53 -05:00
Thomas Dupuy
93396c524d
Add Caterpillar WebShell.
2021-02-12 12:00:17 -05:00
Delta-Sierra
96bf0d44ea
Merge https://github.com/MISP/misp-galaxy
2021-02-09 14:52:58 +01:00
Daniel Plohmann
d61e7d2fac
adding ClearSky alias for Volatile Cedar
...
adding ClearSky report as source and alias to the VolatileCedar entry. As proof from the report: "We attributed the operation to Lebanese Cedar (also known as Volatile Cedar), mainly based on the code overlaps between the 2015 variants of Explosive RAT and Caterpillar WebShell, to the 2020 variants of these malicious files."
2021-01-29 10:39:18 +01:00
Koen Van Impe
87b22f363c
Move cfr-type-of-incident to meta
2021-01-28 12:25:39 +01:00
Koen Van Impe
23778666ba
RSIT Galaxy/Cluster
2021-01-28 10:03:12 +01:00
StefanKelm
fb35646406
Update threat-actor.json
...
Lazarus
2021-01-26 14:38:37 +01:00
Thomas Dupuy
f964514ec5
Add HyperBro in tools
2021-01-20 13:44:28 -05:00
Thomas Dupuy
9df95031a7
Update ZxShell tool.
2021-01-20 13:27:51 -05:00
StefanKelm
a131a7ce98
Update threat-actor.json
...
Lazarus
2021-01-20 17:43:18 +01:00
3c19c7c1e5
Merge pull request #617 from danielplohmann/patch-4
...
merge COVELLITE into Lazarus Group
2021-01-17 16:05:13 +01:00
Daniel Plohmann
ca66fcd93a
merge COVELLITE into Lazarus Group
...
I would propose to move COVELLITE as tracked by Dragos as an alias into Lazarus Group and merge the references.
Dragos' own description states that it refers to the same group as "Lazarus" and "Hidden Cobra" in that infrastructure and tools are the same: https://www.dragos.com/threat-activity-groups/ - the entry in MISP's threat actor library also reflects that.
2021-01-17 15:07:26 +01:00
Rony
91e87cf82c
Update threat-actor.json
...
Don't know how StarCraft
2021-01-17 12:21:34 +05:30
Daniel Plohmann
edcc3c0bc1
merging ScarCruft->APT37
...
I would like to propose merging entry "ScarCruft" into "APT37". It really just seems like a redundancy, as both its aliases "Operation Daybreak" and "Operation Erebus" are already present for "APT37", along alias "StarCruft", which just seems to be a less popular variation of the name ("StarCruft" 3.2k google hits vs "ScarCruft" 31.5k google hits). The references of the entry can be fully merged as well - they do not overlap so far.
2021-01-15 18:52:49 +01:00
Delta-Sierra
a6f7795952
fix merge
2021-01-12 10:38:33 +01:00
2b356a9eb0
chg: [threat-actor] UNC2452/DarkHalo added - ref. #614
2021-01-12 07:01:36 +01:00
184d57f0a2
chg: [ransomware] Babuk Ransomware added
2021-01-05 19:11:28 +01:00
4454b58743
chg: [ransomware] RegretLocker added
2020-12-30 14:14:09 +01:00
Rony
3240aa819f
Update threat-actor.json
2020-12-14 11:54:41 +05:30
Rony
2ffb77b35b
BISMUTH
2020-12-14 10:41:15 +05:30
Delta-Sierra
31f96513b2
update sidewinder threat actor
2020-12-11 16:09:33 +01:00
ac86ebd5f6
Merge pull request #609 from StefanKelm/master
...
Update threat-actor.json
2020-12-09 22:16:49 +01:00