misp-galaxy

mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-23 15:27:18 +00:00

Author	SHA1	Message	Date
Daniel Plohmann	06c293072c	Update threat-actor.json adding UNC3524 to the actor galaxy cluster.	2022-05-04 13:21:56 +02:00
3c7	0ad65fbe9f	Forgot to jq all the things	2022-04-28 09:42:25 +02:00
3c7	dfb6c0668e	Added SaintBear	2022-04-28 09:36:25 +02:00
Christophe Vandeplas	33476bec81	chg: [mitre] bump to MITRE ATT&CK v11.0	2022-04-25 18:29:57 +02:00
Alexandre Dulaunoy	664f6d80cc	chg: [threat-actor] Killnet description added	2022-04-21 15:05:50 +02:00
Alexandre Dulaunoy	1e383e2452	chg: [threat-actor] version updated	2022-04-21 14:53:14 +02:00
Mathieu Beligon	c8455a6c4d	[actors] Add killnet	2022-04-21 14:06:28 +02:00
Adam McHugh	53a0fc56d3	Added Cosmic Lynx Threat Actor from Agari Whitepaper advisory	2022-04-18 10:16:26 +09:30
Alexandre Dulaunoy	bca7381f33	fix: [ransomware] refs are within meta	2022-04-17 15:43:23 +02:00
Alexandre Dulaunoy	eb7c5ebaf1	fix: [ransom] remove empty ref	2022-04-17 15:39:02 +02:00
Alexandre Dulaunoy	bc696b43f4	chg: [ransomware] jq all the things	2022-04-17 15:35:50 +02:00
Alexandre Dulaunoy	00d33fd292	Merge pull request #701 from adammchugh/ransomware-conti-update Ammended Conti ransomware entry with ACSC 2021-010 advisory data	2022-04-17 15:35:25 +02:00
Alexandre Dulaunoy	66744a4cd0	Merge pull request #704 from adammchugh/cryptominers-bluemockingbird-add Added Cryptominer Blue Mockingbird from RedCanary advisory.	2022-04-17 14:43:59 +02:00
Alexandre Dulaunoy	14907e3eef	Merge pull request #703 from adammchugh/threatactor-copypaste-add Added Copy-Paste Threat Actor from ACSC Advisory 2020-008	2022-04-17 14:43:37 +02:00
Adam McHugh	84eac4b102	Added Cosmic Lynx Threat Actor from Agari Whitepaper advisory	2022-04-17 19:50:08 +09:30
Adam McHugh	f00e80ae7e	Added Cryptominer Blue Mockingbird from RedCanary advisory.	2022-04-17 19:44:42 +09:30
Adam McHugh	cff8a38c5f	Added Copy-Paste Threat Actor from ACSC Advisory 2020-008	2022-04-17 19:37:26 +09:30
Adam McHugh	622c0502aa	Ammended Conti ransomware entry with ACSC 2021-010 advisory data	2022-04-17 19:23:11 +09:30
Adam McHugh	99caab201f	Ammended Blackcat ransomware entry with ACSC 2022-004 advisory data	2022-04-17 18:05:24 +09:30
Thomas Dupuy	bd05eb0bba	upd: [cluster] add Threat Actor BladeHawk.	2022-04-11 17:03:19 +00:00
Thomas Dupuy	209391f110	upd: [cluster] add ref and synonyms for Energetic Bear.	2022-04-07 18:26:58 +00:00
Alexandre Dulaunoy	b649057a5a	chg: [handicap] fixed more fields	2022-04-04 11:09:30 +02:00
Alexandre Dulaunoy	aff4345074	chg: [handicap] more cleanup	2022-04-04 11:01:38 +02:00
Alexandre Dulaunoy	269f91ad75	chg: [handicap] more clean-up of uuid values	2022-04-04 10:56:29 +02:00
Alexandre Dulaunoy	d3d4e7186b	chg: [handicap] fix name of the clusters	2022-04-04 10:43:56 +02:00
Alexandre Dulaunoy	7e6390c336	Merge pull request #694 from AgatheMgt/main Handicap	2022-04-04 10:41:06 +02:00
Rony	a08ddaf548	Add Avivore & HAZY TIGER/Bitter	2022-04-02 01:14:18 +05:30
Rony	50f39edc10	Revert "update threat actors meta"	2022-04-02 00:55:38 +05:30
Delta-Sierra	73f71c8b15	dup	2022-04-01 16:51:27 +02:00
Delta-Sierra	fb557fd3a2	dup	2022-04-01 16:47:50 +02:00
Delta-Sierra	909fc09992	duplicate	2022-04-01 16:44:47 +02:00
Delta-Sierra	7c3e8ac068	fix duplicate	2022-04-01 16:40:40 +02:00
Delta-Sierra	dcc396108c	fix duplicate	2022-04-01 16:36:47 +02:00
Delta-Sierra	9257fb677b	merge	2022-04-01 16:32:10 +02:00
Delta-Sierra	0f7803b091	update threat actors meta	2022-04-01 16:00:27 +02:00
Sami Mokaddem	4242732af1	chg: jq all 2	2022-03-31 09:05:22 +02:00
Sami Mokaddem	a9a09d11c6	chg: jq all	2022-03-31 08:59:36 +02:00
Mathieu Beligon	c35fad3291	Add threat actor group Scarab	2022-03-28 12:11:34 +02:00
Alexandre Dulaunoy	94c3788089	Merge pull request #687 from Badis-dev/main Add galaxy and cluster cancer	2022-03-25 10:04:46 +01:00
AgatheMgt	aec779d1ee	poatate	2022-03-24 09:43:58 -04:00
AgatheMgt	3ce6d7a313	Update handicap.json	2022-03-24 07:48:49 -04:00
AgatheMgt	a6a16926f6	Create handicap.json	2022-03-24 07:08:08 -04:00
Daniel Plohmann	24a3f16ab4	adding threat actor group LAPSUS$ / DEV-0537.	2022-03-23 09:47:10 +01:00
Delta-Sierra	97690426bf	update threat actors meta	2022-03-18 16:41:10 +01:00
Alexandre Dulaunoy	6f0208dcaf	chg: [ransomware] UUID fixed	2022-03-18 16:03:27 +01:00
Alexandre Dulaunoy	ef5af37dbe	chg: [botnet] duplicate UUIDs replaced	2022-03-18 15:58:09 +01:00
Alexandre Dulaunoy	c0a07d2246	chg: [ransomware] replace duplicate UUIDs	2022-03-18 15:57:06 +01:00
botlabsDev	6416d0b2de	add Rook Ransomware, Pandora Ranomsware, Astro Locker, Mount Locker, Ripprbot, Abcbot Cyclops Blink and Elknot	2022-03-18 15:34:11 +01:00
Alexandre Dulaunoy	18069ce5f3	Merge pull request #688 from botlabsDev/patch-0 Add tool 'BadPotato' to clusters/tool.json	2022-03-15 12:30:47 +01:00
Alexandre Dulaunoy	7fd5715715	Merge pull request #691 from r0ny123/indian-adversaries Update to Indian Adversaries	2022-03-15 12:28:16 +01:00
Rony	eebda5f955	chg: [threat-actor] merging viceroy tiger and donot team & adding SectorE02 as an alias of Donot team	2022-03-15 15:02:57 +05:30
Rony	ac72e7b639	fix	2022-03-15 14:00:46 +05:30
Rony	3b67e745e5	Update threat-actor.json	2022-03-15 13:57:00 +05:30
botlabsDev	99ab2a13d6	Add tool 'BadPotato' to clusters/tool.json	2022-03-14 18:02:02 +01:00
Badis-dev	231915f9a4	add galaxy and cluster cancer	2022-03-11 14:20:09 +01:00
Badis-dev	27241135a2	Add cancer.json	2022-03-11 11:26:57 +01:00
Badis-dev	78f1c9f345	Delete cancer.json	2022-03-11 11:26:30 +01:00
Badis-dev	1c707f7c5e	Add cancer cluster	2022-03-11 11:13:57 +01:00
Delta-Sierra	957327383d	fix array	2022-03-07 16:10:53 +01:00
Delta-Sierra	a7f3df8a9a	merge	2022-03-07 16:04:38 +01:00
Delta-Sierra	8fd3c87b47	update threat actors meta	2022-03-07 15:54:29 +01:00
Alexandre Dulaunoy	8e09c9b30c	Merge pull request #685 from danielplohmann/patch-14 adding threat actor "Moses Staff"	2022-03-02 21:43:00 +01:00
Daniel Plohmann	896a451461	fixed with linted JSON.	2022-03-02 21:22:28 +01:00
Daniel Plohmann	a817324cd4	adding threat actor "Moses Staff"	2022-03-02 15:50:39 +01:00
Mathieu Beligon	0b456b8afa	version bump -> 213	2022-03-02 14:55:26 +01:00
Mathieu Beligon	d3d241ca54	Update Gamaredon target	2022-03-02 14:55:19 +01:00
Mathieu Beligon	27c05a118e	Update GhostWriter	2022-03-02 13:16:20 +01:00
Delta-Sierra	c909a35d65	Merge https://github.com/MISP/misp-galaxy into main	2022-02-18 10:57:10 +01:00
Delta-Sierra	a788c867a7	jq	2022-02-18 10:56:07 +01:00
Delta-Sierra	b0cd884afc	add TA2541	2022-02-18 10:54:25 +01:00
Daniel Plohmann	321e4b4a57	another Gamaredon ref and version bump	2022-02-18 08:26:01 +01:00
Daniel Plohmann	254dd47a61	adding ACTINIUM as MSFT name for Gamaredon	2022-02-18 08:24:35 +01:00
Delta-Sierra	33ef3317b7	fix duplicate	2022-02-14 10:02:36 +01:00
Delta-Sierra	9b76d71c43	Merge https://github.com/MISP/misp-galaxy into main	2022-02-14 08:47:21 +01:00
Delta-Sierra	3184819968	add DDG botnet and more	2022-02-11 16:13:36 +01:00
rwe	4700780d47	added antlion APT group	2022-02-05 04:52:33 -08:00
Alexandre Dulaunoy	f49b54281b	chg: [ransomware] set encryption only	2022-02-02 22:36:14 +01:00
Alexandre Dulaunoy	3328b73185	fix: [ransomware] array end missing	2022-02-02 22:32:39 +01:00
Kevin Holvoet	3d23f98d04	Forgot comma between JSON entries	2022-02-02 18:58:55 +01:00
Kevin Holvoet	389add7580	Update ransomware.json with URL fix Fixed URL for AlphaLocker	2022-02-02 18:54:31 +01:00
Kevin Holvoet	fa9829cec0	Update ransomware.json: add BlackCat (ALPHV)	2022-02-02 18:50:19 +01:00
Daniel Plohmann	833a6e0a8d	updated URLs for Gamaredon with Shuckworm alias reference	2022-02-02 09:40:10 +01:00
Daniel Plohmann	8f928d8eb3	adding Gamaredon alias Shuckworm used by Symantec	2022-02-02 09:35:53 +01:00
Delta-Sierra	5cf1eb01f4	Merge https://github.com/MISP/misp-galaxy into main	2022-01-31 10:04:07 +01:00
Alexandre Dulaunoy	1fda357a03	new: [surveillance] Cytrox added	2022-01-30 11:31:55 +01:00
Jürgen Löhel	22046a1eae	Adds WhisperGate Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>	2022-01-18 13:16:06 -06:00
Delta-Sierra	e523bdaf70	merge	2022-01-14 16:08:14 +01:00
Jürgen Löhel	3059c70ae6	Adds UPAS-Kit Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>	2022-01-13 11:53:32 -06:00
Thomas Dupuy	c792bdd1b7	Add AQUATIC PANDA threat actor.	2022-01-12 13:51:11 -05:00
Thomas Dupuy	afaf3a3110	Add Motnug tool.	2022-01-12 13:37:59 -05:00
Jürgen Löhel	5aa8a8a8b1	Adds Ragnatela RAT Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>	2022-01-10 15:57:10 -06:00
Sami Tainio	dcb87b0dc6	chg: [threat-actor] Add SideCopy	2022-01-07 17:45:41 +02:00
Daniel Plohmann	3094283252	adding Mandiant's FIN13.	2022-01-03 09:32:43 +01:00
Alexandre Dulaunoy	eba1b2839f	chg: [concordia] CMTMF killchain typo fixed	2021-12-20 10:41:00 +01:00
Raphaël Vinot	b4d518d4f0	fix: cmtmf-attack-pattern had multiple duplicate UUIDs	2021-12-17 17:58:29 +01:00
Alexandre Dulaunoy	12617ff627	chg: [concordia] fix name inconsistencies	2021-12-17 17:41:00 +01:00
Alexandre Dulaunoy	69b582f9ba	chg: [concordia] duplicate removed	2021-12-17 17:31:38 +01:00
Alexandre Dulaunoy	bc3ab62917	chg: [concordia] duplicate removed	2021-12-17 17:26:04 +01:00
Alexandre Dulaunoy	ee2a3c83f4	chg: [concordia] duplicate techniques removed	2021-12-17 17:21:00 +01:00
Alexandre Dulaunoy	01d23b61b7	chg: [concordia] typo fixed	2021-12-17 17:15:43 +01:00
Alexandre Dulaunoy	01f2ce68d4	chg: [misp-galaxy] duplicate modify trusted environment and also different technique ID?	2021-12-17 17:13:57 +01:00
Alexandre Dulaunoy	5becac98e4	chg: [concordia] duplicates removed	2021-12-17 16:51:11 +01:00
Alexandre Dulaunoy	ae7b7bd47d	chg: [cmtmf-attack-pattern] various fixes to make JSON ok	2021-12-17 16:08:07 +01:00
Alexandre Dulaunoy	7b587710b1	Merge branch 'concordia_mtmf' of https://github.com/BennSaturn/misp-galaxy into BennSaturn-concordia_mtmf	2021-12-17 15:55:03 +01:00
Jürgen Löhel	b81ac7f01d	Adds DarkWatchman RAT Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>	2021-12-17 07:20:58 -06:00
Delta-Sierra	b8960393a4	add Milan Rat, Shark tool and Lyceum synonyms	2021-11-29 16:00:40 +01:00
Delta-Sierra	bb92427b65	add Lyceum synonyms/sources	2021-11-29 12:05:51 +01:00
Delta-Sierra	78a8cf4ad2	add ESPecter Bootkit	2021-11-19 16:30:57 +01:00
Delta-Sierra	c89623e945	add ESPecter bootkit	2021-11-16 08:17:37 +01:00
Christophe Vandeplas	aeb5719448	chg: [att&ck] update to ATT&CK v10	2021-10-22 14:34:25 +02:00
Alexandre Dulaunoy	ab41df7282	chg: [malpedia] remove duplicate	2021-10-20 12:24:12 +02:00
Alexandre Dulaunoy	e517787e7c	chg: [malpedia] duplicates removed	2021-10-20 12:21:05 +02:00
Alexandre Dulaunoy	69f878c86f	fix: [malpedia] remove duplicate urls	2021-10-20 12:16:22 +02:00
Alexandre Dulaunoy	da91f2abc2	chg: [malpedia] updated	2021-10-20 10:21:03 +02:00
marjatech	d74fdb3e43	update malpedia	2021-10-19 16:21:19 +02:00
Bernardo Santos	e74fcfe268	Update cmtmf-attack-pattern.json - update version	2021-10-13 10:06:00 +02:00
Bernardo Santos	5f19983ba3	Update cmtmf-attack-pattern.json - Changes to cluster type - Fix typo for privilege escalation tactic	2021-10-13 09:57:03 +02:00
Bernardo Santos	49dfcca563	CONCORDIA MTMF - Initial version Initial version of the CONCORDIA Mobile Threat Modelling Framework for the CONCORDIA Project: https://www.concordia-h2020.eu/	2021-10-12 10:54:06 +02:00
Bernardo Santos	d09681b011	CONCORDIA MTMF - Initial version Initial version of the CONCORDIA Mobile Threat Modelling Framework for the CONCORDIA Project: https://www.concordia-h2020.eu/	2021-10-12 10:45:03 +02:00
Jeroen Pinoy	9ec76ae185	Add threat actor common raven	2021-10-03 23:30:20 +02:00
Thomas Patzke	26f0c344a1	Added O365 techniques Source: https://www.inversecos.com/2021/09/office365-attacks-bypassing-mfa.html	2021-09-18 23:27:38 +02:00
Thomas Dupuy	1985de4d44	Add BLUELIGHT tool.	2021-08-27 10:28:06 +02:00
Thomas Dupuy	89a3f986ba	Add InkySquid synonym.	2021-08-24 16:29:34 +02:00
Daniel Plohmann	3272960a14	fixed typo in actor name (CLOCKWORD -> CLOCKWORK SPIDER)	2021-08-19 06:02:40 +02:00
Rony	5dd0c7d8b3	chg: [threat-actor] add origin country to UNC2452 & HAFNIUM addressed https://github.com/MISP/misp-galaxy/pull/660#issuecomment-884475015	2021-08-02 22:30:05 +05:30
Rony	636ccdedcd	Update threat-actor.json	2021-07-21 18:47:56 +05:30
Rony	9ecfecc063	another fix	2021-07-21 18:41:18 +05:30
Rony	32ea60d721	fix	2021-07-21 18:31:05 +05:30
Rony	52e7d5a0a9	multiple updates to apt40, apt31 & hafnium	2021-07-21 18:28:40 +05:30
Rony	fb9a41f8e9	from Gov Canada & MFA Japan	2021-07-19 20:33:35 +05:30
Rony	c90c60cb13	adding references for APT40 & APT31	2021-07-19 20:14:36 +05:30
Alexandre Dulaunoy	6c8949caa9	Merge pull request #658 from jasperla/oilrig merge APT34 with OilRig	2021-07-03 08:56:39 +02:00
Deborah Servili	b6005bd53f	Merge branch 'main' into master	2021-07-02 13:30:51 +02:00
Delta-Sierra	913aff30c3	Add NOBELIUM and related	2021-07-02 13:18:03 +02:00
Jasper Lievisse Adriaanse	792490298e	merge APT34 with OilRig OilRig already has "APT 34" and "APT34" as synonyms. Additionally MITRE has since combined them due to overlap in activity: https://attack.mitre.org/groups/G0049/	2021-06-29 20:26:04 +02:00
Alexandre Dulaunoy	a5d7d85dc8	Merge pull request #657 from jloehel/add_matanbuchus [cluster][tool] Adds Matanbuchus	2021-06-22 07:23:20 +02:00
Jürgen Löhel	254c201601	[cluster][tool] Adds Matanbuchus + threat actor: BelialDemon Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>	2021-06-21 18:04:28 -05:00
Jürgen Löhel	381973f5de	[cluster][stealer] Adds HackBoss Fixes: #651 Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>	2021-06-21 16:35:20 -05:00
Thomas Dupuy	772c5145c1	Added BackdoorDiplomacy and Gelsemium.	2021-06-11 11:48:57 -04:00
Rony	9a723b6261	more ta544 references	2021-05-26 20:26:27 +05:30
Rony	db06e1fa4a	chg: [threat-actor] added cybercrime threat group profiles from Crowdstrike & Secureworks	2021-05-22 21:02:30 +05:30
Daniel Plohmann	433ea5cb45	Twisted Spider -> TWISTED SPIDER fair point	2021-05-19 17:04:58 +02:00
Daniel Plohmann	9719122d27	adding Twisted Spider as alias for TA2101 (Maze)	2021-05-19 16:47:41 +02:00
Alexandre Dulaunoy	a3cdbc1309	Merge pull request #650 from Still34/patches/alias-tick-1 Add alias for Tick	2021-05-07 23:23:38 +02:00
Still Hsu	eb671f1e6a	Add Nian alias Signed-off-by: Still Hsu <dev@stillu.cc>	2021-05-08 00:52:27 +08:00
Still Hsu	fe7c0dab07	Add country origin for BlackTech Signed-off-by: Still Hsu <dev@stillu.cc>	2021-05-08 00:32:39 +08:00
Daniel Plohmann	38b8bac51d	fixing broken/dead links	2021-05-04 20:15:17 +02:00
Alexandre Dulaunoy	6f7d3d5c2b	chg: [ransomware] COLT (Compromise to Leak Time) added on Darkside and Pysa "COLT – Compromise to Leak Time" - new meta colt-median/colt-average. For reference: https://vulnerability.ch/2021/05/colt-compromise-to-leak-time/	2021-05-03 07:41:43 +02:00
Alexandre Dulaunoy	7aaf25a424	new: [ransomware] Ragnarok added	2021-04-30 12:08:03 +02:00
Alexandre Dulaunoy	94ec98d544	Merge pull request #646 from r0ny123/update Updates to APT27 & Tick	2021-04-29 18:29:53 +02:00
Christophe Vandeplas	86ee7008b2	chg: [att&ck] bump to latest ATT&CK version from MITRE	2021-04-29 18:12:36 +02:00
mokaddem	211a4b5145	fix: [ransomware] Related key should be outside metas	2021-04-26 13:48:06 +02:00
Rony	4ba2db0f3a	FlatChestWare duplicate removed	2021-04-26 16:24:09 +05:30
Alexandre Dulaunoy	ef9989dbe8	chg: [ransomware] duplicate removed	2021-04-26 12:06:03 +02:00
Alexandre Dulaunoy	847d3e8fa7	chg: [ransomware] duplicate removed	2021-04-26 12:01:01 +02:00
Alexandre Dulaunoy	f3992ec5f1	chg: [ransomware] duplicates removed	2021-04-26 11:57:21 +02:00
Alexandre Dulaunoy	f2703bd03e	chg: [ransomware] Flyper removed	2021-04-26 11:52:28 +02:00
Delta-Sierra	3cae487e3d	fix duplicates and add relations	2021-04-26 11:25:39 +02:00
Rony	faed812fc9	Merged STALKER PANDA to Tick	2021-04-25 19:12:20 +05:30
Rony	89b9c0c32c	several updates to apt27	2021-04-25 16:53:36 +05:30
Delta-Sierra	0a05621f82	Merge https://github.com/MISP/misp-galaxy	2021-04-19 15:48:58 +02:00
Delta-Sierra	b138354fa5	Removing duplicate	2021-04-19 15:42:49 +02:00
Alexandre Dulaunoy	28f6475cc5	chg: [ransomware] first duplicate removed	2021-04-19 15:13:18 +02:00
Alexandre Dulaunoy	e7061f90d9	chg: [ransomware] remove duplicate "File-Locker"	2021-04-19 15:08:06 +02:00
Alexandre Dulaunoy	ab13dd00f8	Merge pull request #645 from Delta-Sierra/master Adding ransomware names [WIP 2/3]	2021-04-19 15:03:12 +02:00
Delta-Sierra	f5713a8d87	Removing unexpected line	2021-04-19 14:53:36 +02:00
Delta-Sierra	b7b4b356c3	Adding ransomware names [WIP 3]	2021-04-19 14:47:10 +02:00
Delta-Sierra	fdf1a6c112	Adding ransomware names [WIP 2]	2021-04-19 13:24:25 +02:00
Daniel Plohmann	6eb594a6b0	adding Yanbian Gang as threat actor	2021-04-16 15:12:45 +02:00
Delta-Sierra	f3456a89c5	fix version	2021-04-15 15:08:11 +02:00
Delta-Sierra	4bcd0492bd	Adding ransomwares WIP	2021-04-15 15:07:52 +02:00
Daniel Plohmann	2d8e9ea364	Symantec uses Palmerworm as alias for BlackTech Adding Palmerworm as Symantec alias for BlackTech (with reference).	2021-03-31 22:35:12 +02:00
Thomas Dupuy	a8c62ddeda	Add Ghostwriter.	2021-03-31 09:42:40 -04:00
Rony	50f5d2ae4a	reverted changes made into `52ae97718d`	2021-03-30 22:19:05 +05:30
sebdraven	ce8a9442eb	validation jsons	2021-03-30 13:12:21 +00:00
Sebdraven	52ae97718d	Update threat-actor.json add a synonym to Haffnium	2021-03-30 15:11:09 +02:00
sebdraven	b082977b9f	validation ok	2021-03-30 10:22:35 +00:00
Sebdraven	4ed4cebcee	Update threat-actor.json format json	2021-03-30 12:16:22 +02:00
Sebdraven	a62e3ba530	Update threat-actor.json add redecho threat actor	2021-03-30 12:10:50 +02:00
Jakub Onderka	ca9608da6d	fix: Cryptominers type	2021-03-27 22:07:33 +01:00
Alexandre Dulaunoy	26b9740e55	chg: [malpedia] jq all the file and removed ref duplicates	2021-03-13 11:00:39 +01:00
Jakob M	f02ce7e805	update to latest Ref: https://malpedia.caad.fkie.fraunhofer.de/api/get/misp	2021-03-12 10:35:12 +01:00
Delta-Sierra	eff327b4fd	fix progress	2021-03-11 14:42:55 +01:00
Delta-Sierra	7c843ac5c2	fix merge & jq	2021-03-11 14:08:29 +01:00
Delta-Sierra	c37befc8a9	merge	2021-03-11 10:35:05 +01:00
Alexandre Dulaunoy	855a12a408	chg: [clusters] fixing broken UUID fix #628	2021-03-11 09:54:50 +01:00
Alexandre Dulaunoy	f6ed00233e	chg: [ransomware] fix the broken UUID fix #628	2021-03-11 09:52:25 +01:00
Rony	57c7d0b9a0	From Nextron	2021-03-06 19:44:32 +05:30
Rony	6cabbfb091	more!	2021-03-06 14:22:29 +05:30
Rony	7b242555df	More references From Crowdstrike MSRC and kql hunting query from James Quinn	2021-03-06 13:28:14 +05:30
Rony	eaab88ef28	add HAFNIUM detection refs	2021-03-05 16:51:28 +05:30
Rony	4bc438a325	fix	2021-03-05 11:48:43 +05:30
Rony	d9b299aafc	add more HAFNIUM references	2021-03-05 11:42:04 +05:30
Rony	c9f7afef1c	Adding alias NOBELIUM	2021-03-04 22:39:33 +05:30
Alexandre Dulaunoy	47dade9d0e	Merge pull request #631 from r0ny123/Enhancement Add HAFNIUM	2021-03-04 14:48:01 +01:00
Alexandre Dulaunoy	a9a6b0253f	chg: [microsoft activity group] HAFNIUM added	2021-03-04 10:49:58 +01:00
Rony	ad795606cf	added HAFNIUM Updates: Tonto Team UNC2452	2021-03-04 00:10:33 +05:30
Sebdraven	2666341afc	Update threat-actor.json update Sidewinder card	2021-03-03 17:59:25 +01:00
Thomas Dupuy	f842694fda	Update Infy TA.	2021-03-02 14:37:01 -05:00
Alexandre Dulaunoy	524676282e	Merge branch 'main' of github.com:MISP/misp-galaxy into main	2021-02-26 08:30:58 +01:00
Alexandre Dulaunoy	4692ced8fa	chg: [tool] SUNSPOT added	2021-02-26 08:28:01 +01:00
Delta-Sierra	0e23d8b95f	add relationships between Maze, Rgnar, Egregor and Sekhmet	2021-02-25 10:21:28 +01:00
Delta-Sierra	406dfdb45b	add Sekhmet ransomware	2021-02-25 09:52:52 +01:00
Delta-Sierra	d273a5da7d	add TeamTNT ref	2021-02-25 09:52:24 +01:00
Rony	5c6f3a036b	removing DePrimon DePrimon is not a TA, added malfamily (waiting for approval) to Malpedia to better reflect that.	2021-02-24 21:55:04 +05:30
Thomas Dupuy	eeafff9768	Add RDAT backdoor	2021-02-23 11:15:31 -05:00
Delta-Sierra	eb07fab69f	add Ragnar Locker and update accordingly	2021-02-23 16:21:07 +01:00
Delta-Sierra	06ae10965b	add Covidloc and tycoon ransomware + small updates on some ransomwares	2021-02-22 16:39:47 +01:00
Delta-Sierra	7c1ac58141	add TeamTNT	2021-02-22 16:38:18 +01:00
Thijsvanede	e9eb0c7a6c	Fix: rename "Innitial Access" to "Initial Access" Renamed mitre-ics-tactics "Innitial Access" to "Initial Access". Original was a minor spelling mistake. The fixed naming corresponds to the original ATT&CK framework description https://collaborate.mitre.org/attackics/index.php/Initial_Access	2021-02-19 12:01:47 +01:00
Thomas Dupuy	178e16dc13	Remove empty values.	2021-02-16 10:32:37 -05:00
Thomas Dupuy	4a7560d191	Add Exaramel and P.A.S. webshell tool.	2021-02-15 12:52:53 -05:00
Thomas Dupuy	93396c524d	Add Caterpillar WebShell.	2021-02-12 12:00:17 -05:00
Delta-Sierra	96bf0d44ea	Merge https://github.com/MISP/misp-galaxy	2021-02-09 14:52:58 +01:00
Daniel Plohmann	d61e7d2fac	adding ClearSky alias for Volatile Cedar adding ClearSky report as source and alias to the VolatileCedar entry. As proof from the report: "We attributed the operation to Lebanese Cedar (also known as Volatile Cedar), mainly based on the code overlaps between the 2015 variants of Explosive RAT and Caterpillar WebShell, to the 2020 variants of these malicious files."	2021-01-29 10:39:18 +01:00
Koen Van Impe	87b22f363c	Move cfr-type-of-incident to meta	2021-01-28 12:25:39 +01:00
Koen Van Impe	23778666ba	RSIT Galaxy/Cluster	2021-01-28 10:03:12 +01:00
StefanKelm	fb35646406	Update threat-actor.json Lazarus	2021-01-26 14:38:37 +01:00
Thomas Dupuy	f964514ec5	Add HyperBro in tools	2021-01-20 13:44:28 -05:00
Thomas Dupuy	9df95031a7	Update ZxShell tool.	2021-01-20 13:27:51 -05:00
StefanKelm	a131a7ce98	Update threat-actor.json Lazarus	2021-01-20 17:43:18 +01:00
Alexandre Dulaunoy	3c19c7c1e5	Merge pull request #617 from danielplohmann/patch-4 merge COVELLITE into Lazarus Group	2021-01-17 16:05:13 +01:00
Daniel Plohmann	ca66fcd93a	merge COVELLITE into Lazarus Group I would propose to move COVELLITE as tracked by Dragos as an alias into Lazarus Group and merge the references. Dragos' own description states that it refers to the same group as "Lazarus" and "Hidden Cobra" in that infrastructure and tools are the same: https://www.dragos.com/threat-activity-groups/ - the entry in MISP's threat actor library also reflects that.	2021-01-17 15:07:26 +01:00
Rony	91e87cf82c	Update threat-actor.json Don't know how StarCraft	2021-01-17 12:21:34 +05:30
Daniel Plohmann	edcc3c0bc1	merging ScarCruft->APT37 I would like to propose merging entry "ScarCruft" into "APT37". It really just seems like a redundancy, as both its aliases "Operation Daybreak" and "Operation Erebus" are already present for "APT37", along alias "StarCruft", which just seems to be a less popular variation of the name ("StarCruft" 3.2k google hits vs "ScarCruft" 31.5k google hits). The references of the entry can be fully merged as well - they do not overlap so far.	2021-01-15 18:52:49 +01:00
Delta-Sierra	a6f7795952	fix merge	2021-01-12 10:38:33 +01:00
Alexandre Dulaunoy	2b356a9eb0	chg: [threat-actor] UNC2452/DarkHalo added - ref. #614	2021-01-12 07:01:36 +01:00
Alexandre Dulaunoy	184d57f0a2	chg: [ransomware] Babuk Ransomware added	2021-01-05 19:11:28 +01:00
Alexandre Dulaunoy	4454b58743	chg: [ransomware] RegretLocker added	2020-12-30 14:14:09 +01:00
Rony	3240aa819f	Update threat-actor.json	2020-12-14 11:54:41 +05:30
Rony	2ffb77b35b	BISMUTH	2020-12-14 10:41:15 +05:30
Delta-Sierra	31f96513b2	update sidewinder threat actor	2020-12-11 16:09:33 +01:00
Alexandre Dulaunoy	ac86ebd5f6	Merge pull request #609 from StefanKelm/master Update threat-actor.json	2020-12-09 22:16:49 +01:00
Delta-Sierra	ebd31b7376	add BazarBackdoor	2020-12-09 16:42:32 +01:00
Delta-Sierra	d3a9cf742a	add RansomEXX	2020-12-09 16:32:02 +01:00
Delta-Sierra	3daaa30aed	Merge https://github.com/MISP/misp-galaxy	2020-12-07 16:20:36 +01:00
StefanKelm	5dc92995f6	Update threat-actor.json DeathStalker, Mabna	2020-12-04 11:43:06 +01:00
StefanKelm	4fee985b5e	Update threat-actor.json Turla	2020-12-03 13:05:14 +01:00
StefanKelm	72e085aba9	Update threat-actor.json OceanLotus	2020-12-02 11:44:29 +01:00
StefanKelm	15b5f4c881	Update threat-actor.json APT27	2020-11-30 11:49:23 +01:00
Delta-Sierra	e81d3c63d5	Merge https://github.com/MISP/misp-galaxy	2020-11-27 12:47:20 +01:00
Christophe Vandeplas	9a731470d3	chg: [att&ck] update to latest MITRE ATT&CK version	2020-11-25 07:45:48 +01:00
StefanKelm	da910c0c2e	Update threat-actor.json	2020-11-18 19:15:11 +01:00
Delta-Sierra	7af75bb222	add Darkside ransomware	2020-11-18 16:10:49 +01:00
StefanKelm	48ffaa8ce1	Update threat-actor.json Lazarus	2020-11-18 12:10:23 +01:00
snurilov	44e9da1390	Add ConfuserEx and Beds Protector .NET packers to tools.json cluster Add ConfuserEx and Beds Protector .NET packers to tools.json cluster	2020-11-11 23:09:03 -05:00
snurilov	3f4683d8a3	Update rat.json to include Iperius Remote Add Iperius Remote to the rat.json cluster.	2020-11-09 23:45:16 -05:00
StefanKelm	bf5bdeacb0	Update threat-actor.json OceanLotus	2020-11-09 14:39:55 +01:00
StefanKelm	41a7a36317	Update threat-actor.json Kimsuky	2020-11-02 17:30:25 +01:00
Rony	333e55fbeb	remove duplicate!	2020-11-02 14:18:49 +05:30
Rony	000cfa68a8	Update threat-actor.json Added TRACER KITTEN, FIN11, UNC1878, Operation Skeleton Key	2020-11-02 13:51:08 +05:30
Deborah Servili	28784683db	Merge branch 'main' into master	2020-10-30 16:17:27 +01:00
Delta-Sierra	88bbf8851c	jq	2020-10-30 16:14:02 +01:00
Delta-Sierra	be672b8d3a	update microsoft activity groups	2020-10-30 14:53:20 +01:00
Alexandre Dulaunoy	5d31753e6a	chg: [cryptominer] updated	2020-10-30 09:48:08 +01:00
Alexandre Dulaunoy	24f05749f0	Merge branch 'master' of https://github.com/enhanced/misp-galaxy into enhanced-master	2020-10-30 09:47:45 +01:00
JJ Cummings	c48a38c2f1	Added a new cryptominer galaxy and additional missing recent families to various clusters	2020-10-29 14:40:22 -06:00
StefanKelm	808c2c3828	Update threat-actor.json Kimsuky	2020-10-28 12:52:06 +01:00
Alexandre Dulaunoy	b41e3d4f50	chg: [rename] tea matrix	2020-10-23 15:57:13 +02:00
Alexandre Dulaunoy	e5ea22a3b0	chg: [tea] matrix updated to include brewing time and the milk attack technique	2020-10-23 11:51:50 +02:00
Alexandre Dulaunoy	0ccbdb862b	chg: [tea] first version	2020-10-23 11:16:50 +02:00
Christophe Vandeplas	2334676e64	chg: [att&ck] no tag for subtechnique	2020-10-18 20:14:05 +02:00
Christophe Vandeplas	d58dd1fca2	new: [att&ck] support for subtechniques	2020-10-18 20:00:48 +02:00
Daniel Plohmann	02bcf1f5a7	adding PowerPool alias IAmTheKing (Kaspersky) after a quick search I haven't found a nice source except for costin's tweet.	2020-10-09 13:49:16 +02:00
StefanKelm	7bab41e367	Update threat-actor.json TA505	2020-10-06 15:29:54 +02:00
StefanKelm	1d05f17507	Update threat-actor.json XDSpy	2020-10-06 12:45:43 +02:00
Christophe Vandeplas	32b142c8e0	fixes issues in attack-ics	2020-10-02 16:54:21 +02:00
Christophe Vandeplas	f95e88b1f9	MITRE ATT&CK for ICS fixes #586 fixed issues in pull request #586	2020-10-01 20:42:40 +02:00
StefanKelm	18eebc01f6	Lazarus	2020-09-29 12:02:16 +02:00
Bart	2b51f7b6de	Update threat-actor.json Add Machete alias	2020-09-27 18:37:24 +02:00
StefanKelm	e95fbb571d	Update threat-actor.json GADOLINIUM	2020-09-25 11:52:34 +02:00
StefanKelm	3ad3d5f318	Update threat-actor.json APT28	2020-09-22 18:07:33 +02:00
Deborah Servili	d48216031a	add Sepulcher RAT	2020-09-22 16:23:39 +02:00
Deborah Servili	4f3b6945c0	Merge https://github.com/MISP/misp-galaxy	2020-09-22 12:17:42 +02:00
Rony	d1c70b3d80	FBI FLASH AC-000133-TT	2020-09-17 11:05:00 +05:30
Rony	4d4a462d7a	Update threat-actor.json Adding Fox-Kitten and cleaned (or improved) winnti	2020-09-17 00:07:40 +05:30
Deborah Servili	0fe525a9db	Merge https://github.com/MISP/misp-galaxy	2020-09-16 10:22:38 +02:00
Deborah Servili	00b5d0d116	add refs	2020-09-16 10:08:31 +02:00
Daniel Plohmann (jupiter)	7b00674c77	Adding TA413 and Evilnum	2020-09-15 14:19:22 +02:00
StefanKelm	63030f2cfe	Update threat-actor.json APT33	2020-09-14 12:01:53 +02:00
StefanKelm	3cc3cc461a	Update threat-actor.json STRONTIUM	2020-09-11 11:38:06 +02:00
Raphaël Vinot	405d5f1fe9	fix: Sort keys, fix tests	2020-09-08 10:51:24 +02:00
Alexandre Dulaunoy	9e519962c6	chg: [botnet] Katura mess added	2020-09-07 12:41:39 +02:00
StefanKelm	57a31fd60c	Update threat-actor.json Lazarus, FIN7	2020-09-03 14:44:10 +02:00
StefanKelm	503d421a56	Update threat-actor.json TA542	2020-08-31 15:07:13 +02:00
VVX7	4635146b00	chg: [dev] jq	2020-08-22 13:06:42 -04:00
VVX7	1cddf4b7cd	new: [dev] fix empty strings, lists	2020-08-22 12:59:05 -04:00
VVX7	b4c3ffc8eb	new: [dev] add ASPI's China Defence University Tracker. Thanks to Cormac Doherty for writing the web scraper! To update the galaxy run the included gen_defence_university.py script. "The China Defence Universities Tracker is a database of Chinese institutions engaged in military or security-related science and technology research. It was created by ASPI’s International Cyber Policy Centre. It includes entries on nearly 100 civilian universities, 50 People’s Liberation Army institutions, China’s nuclear weapons program, three Ministry of State Security institutions, four Ministry of Public Security universities, and 12 state-owned defence industry conglomerates. The Tracker is a tool to inform universities, governments and scholars as they engage with the entities from the People’s Republic of China. It aims to build understanding of the expansion of military-civil fusion—the Chinese government’s policy of integrating military and civilian efforts—into the education sector. The Tracker should be used to inform due diligence of Chinese institutions. However, the fact that an institution is not included here does not indicate that it should not raise risks or is not involved in defence research. Similarly, entries in the database may not reflect the full range and nature of an institution’s defence and security links." - ASPI (https://unitracker.aspi.org.au/about/)	2020-08-21 11:24:22 -04:00
rmkml	e02ac52566	add Conti Ransomware	2020-08-15 22:10:49 +02:00
Thomas Dupuy	4009ef9997	Fix: remove comma	2020-08-14 13:01:37 -04:00
Thomas Dupuy	d0c6b7b46d	Update Tonto Team/CactusPete threat actor	2020-08-13 15:57:33 -04:00
Thomas Dupuy	72554ed71c	Add Drovorub tool	2020-08-13 15:08:32 -04:00
Thomas Dupuy	4130d7c6fc	Update TA APT40	2020-08-13 12:22:36 -04:00
Daniel Plohmann	8407b6fd28	Update threat-actor.json adding Kaspersky's name for Microcin.	2020-08-12 12:03:28 +02:00
Thomas Dupuy	9cadabba7a	Add WellMess and WellMail	2020-08-11 12:37:28 -04:00
rmkml	6d10e3a37d	add Ragnarok Ransomware	2020-08-02 20:46:32 +02:00
Vasileios Mavroeidis	40d12b9dde	Motive correction based on the EU Cert motive taxonomy Changed the motive in object 29af2812-f7fb-4edb-8cc4-86d0d9e3644b from Hactivism-Nationalist to Hacktivists-Nationalists	2020-07-28 11:43:46 +02:00
Alexandre Dulaunoy	44afaf2523	chg: [threat-actor] remove duplicate references	2020-07-27 09:57:41 +02:00
StefanKelm	86c54cbd8c	Update threat-actor.json OilRig	2020-07-23 11:07:22 +02:00
Raphaël Vinot	c174f613c5	fix: Name of SoD Matrix cluster to match galaxy. Fix #566	2020-07-22 11:52:27 +02:00
Steve Clement	df6bed3d3a	Merge pull request #563 from r0ny123/patch-1	2020-07-22 09:14:13 +09:00
StefanKelm	17a1feb016	Update threat-actor.json Turla	2020-07-15 11:20:18 +02:00
Rony	c33f4c7611	Update threat-actor.json Moved the JUDGMENT PANDA references to APT31 following the previous commit. Off note, Crowdstrike quietly removed the JUDGMENT PANDA section from its GTR-2019 report. However if anyone wants to grab the unchanged report, they can get it [here](https://b-ok.asia/book/3697424/2ab30a).	2020-07-12 12:57:24 +05:30
Rony	b77b9d374c	Update threat-actor.json	2020-07-12 11:19:13 +05:30
Koen Van Impe	d3e22ef14c	SoD Matrix Described at https://github.com/cudeso/SoD-Matrix	2020-07-10 14:08:45 +02:00
Deborah Servili	84474ddb29	merge	2020-07-09 16:31:04 +02:00
Deborah Servili	865e76beae	commit	2020-07-07 14:47:44 +02:00
Alexandre Dulaunoy	ba46bb6a0b	chg: [threat-actor] fix #561 by using new meta to classify as a campaign only. Based on https://github.com/MISP/misp-galaxy/issues/469 There is an old and persistence issue in attribution world and basically no-one really agrees on this. So we decided to start a specific metadata `threat-actor-classification` on the threat-actor to define the various types per cluster entry: - _operation_: - _A military operation is the coordinated military actions of a state, or a non-state actor, in response to a developing situation. These actions are designed as a military plan to resolve the situation in the state or actor's favor. Operations may be of a combat or non-combat nature and may be referred to by a code name for the purpose of national security. Military operations are often known for their more generally accepted common usage names than their actual operational objectives._ from Wikipedia - In the context of MISP threat-actor name, it's a single specific operation. - _campaign_: - _The term military campaign applies to large scale, long duration, significant military strategy plans incorporating a series of inter-related military operations or battles forming a distinct part of a larger conflict often called a war. The term derives from the plain of Campania, a place of annual wartime operations by the armies of the Roman Republic._ from Wikipedia - In the context of MISP threat-actor-name, it's long-term activity which might be composed of one or more operations. - threat-actor - In the context of MISP threat-actor-name, it's an agreed name by a set of organisations. - activity group - In the context of MISP threat-actor-name, it's a group defined by its set of common techniques or activities. - unknown - In the context of MISP threat-actor-name, it's still not clear if it's an operation, campaign, threat-actor or activity group The meta field is an array to allow specific cluster of threat-actor to show the current disagreement between different organisations about the type (threat actor, activity group, campaign and operation).	2020-07-07 09:13:21 +02:00
Alexandre Dulaunoy	164e54c3fe	Merge branch 'master' of github.com:MISP/misp-galaxy	2020-07-02 09:55:42 +02:00
StefanKelm	14665429d7	Update threat-actor.json APT31	2020-06-25 16:23:00 +02:00
StefanKelm	92bc206879	Update threat-actor.json APT30	2020-06-23 14:54:09 +02:00
Rony	bc97b07089	Update threat-actor.json	2020-06-21 19:19:17 +05:30
StefanKelm	583f1d2fc2	Update threat-actor.json TA505	2020-06-17 11:56:29 +02:00
Alexandre Dulaunoy	0cb36249a4	chg: [jq] all the things	2020-06-12 09:26:30 +02:00
Rony	29be5ac7e1	fixed typo!	2020-06-12 00:09:59 +05:30
Rony	9365bfb7cd	Adding GALLIUM Threat Actor	2020-06-11 23:42:35 +05:30
StefanKelm	f042f98247	Update threat-actor.json Higaisa	2020-06-08 14:09:39 +02:00
StefanKelm	9c25d5e8c5	Update threat-actor.json Cycldek	2020-06-04 17:18:45 +02:00
Alexandre Dulaunoy	3867b1f602	Merge pull request #552 from danielplohmann/reference-fixes Reference fixes	2020-05-29 09:26:05 +02:00
Alexandre Dulaunoy	2a074f23fd	chg: [preventive-measure] packet filtering added	2020-05-27 10:02:16 +02:00
Daniel Plohmann (jupiter)	a705d1402f	fixing deadlinks where possible	2020-05-27 09:49:58 +02:00
Daniel Plohmann (jupiter)	171f272a1e	default to HTTPS to be consistent with other links to same page	2020-05-27 09:27:52 +02:00
Alexandre Dulaunoy	8a0a4cb02d	Merge pull request #551 from nyx0/master Add CrackMapExec, metasploit, Cobalt Strike and Covenant	2020-05-27 09:10:08 +02:00
Thomas Dupuy	291fb41502	Remove duplicate TA (Chafer), fix symantec link, add synonyme for DarkHotel	2020-05-26 09:50:43 -04:00
Thomas Dupuy	143bd521be	Add CrackMapExec, metasploit, Cobalt Strike and Covenant	2020-05-26 09:35:01 -04:00
Rony	fbd351590a	Update threat-actor.json	2020-05-24 23:18:54 +05:30
Rony	5f8094d16f	fix	2020-05-24 23:14:43 +05:30
Alexandre Dulaunoy	b5bbc34f5d	chg: [threat-actor] remove the non-unique elements	2020-05-22 14:01:32 +02:00
Nils Kuhnert	fbfe9d23c3	Merged (most) SecureWorks threat actor profiles && jq	2020-05-22 13:45:29 +02:00
iglocska	dee9a56460	fix: small fixes to the bhadra framework	2020-05-19 16:45:40 +02:00
iglocska	43703f1a96	new: added Bhadra framework for mobile attacks - based on the paper published here: https://arxiv.org/pdf/2005.05110.pdf - thanks to the ATT&CK EU community conference speakers highlighting this framework!	2020-05-19 16:34:59 +02:00
Alexandre Dulaunoy	006b61bc44	Merge pull request #547 from Delta-Sierra/master add Snake Ransomware	2020-05-15 17:55:47 +02:00
Deborah Servili	b943a7daca	fix missing description	2020-05-15 09:00:34 +02:00
Deborah Servili	6d6da39da4	add Snake Ransomware	2020-05-13 11:58:33 +02:00
Daniel Plohmann	5101c5a828	msft name: BORON for APT3 as per tweet: https://twitter.com/bkMSFT/status/1259578051962306562	2020-05-11 15:37:38 +02:00
Alexandre Dulaunoy	09429eda5a	chg: [ta] fix the JSON	2020-05-11 10:20:10 +02:00
Thomas Dupuy	fc9505cadf	Add Sednit's Exploit-kit Sedkit	2020-05-08 13:29:14 -04:00
Thomas Dupuy	69fe870803	Add Higaisa Threat Actor	2020-05-08 13:01:48 -04:00
Deborah Servili	1d331a9ab1	Merge branch 'master' into master	2020-04-28 15:19:38 +02:00
Thomas Dupuy	46a6d9fcb1	Add DenesRAT/METALJACK	2020-04-28 01:08:50 -04:00
Alexandre Dulaunoy	2a70893352	chg: [jq] JSON fixed	2020-04-27 15:03:25 +02:00
de Rosen	a428ad565e	Added misp info	2020-04-27 15:16:33 +03:00
Deborah Servili	f6fd07fbc9	add speculoos bakdoor	2020-04-27 09:36:23 +02:00
Alexandre Dulaunoy	86157a6b96	Merge pull request #539 from r0ny123/MergingTA Adding alias Thallium and merging STOLEN PENCIL	2020-04-26 21:16:56 +02:00
Rony	112f9e4a08	Adding alias Thallium and merging STOLEN PENCIL Pretty much confirmed from the crowdstrike talk at ATT&CKon 2.0. And also Netscout named the campaign as STOLEN PENCIL.	2020-04-26 23:47:37 +05:30
Alexandre Dulaunoy	de71a444f8	chg: [json] add missing comma	2020-04-26 14:23:59 +02:00
rvs1st	d449eb94fc	Update threat-actor.json Added on line 1403: Trident per campaign malicious RTF documents to exploit CVE-2017-11882 and CVE-2012-0158	2020-04-24 09:03:58 -05:00
Alexandre Dulaunoy	4234d44052	Merge pull request #537 from danielplohmann/patch-28 Adding Nazar APT as described by JAGS in his OPCDE talk yesterday.	2020-04-24 15:33:47 +02:00
Daniel Plohmann	858621ebdc	Adding Nazar APT as described by JAGS in his OPCDE talk yesterday.	2020-04-23 15:47:35 +02:00
Daniel Plohmann	b0f0bbae33	adding VOYEUR as alias (used by NSA) for MAGIC KITTEN (source reference included)	2020-04-23 14:52:08 +02:00
Deborah Servili	6b49d81b13	Merge branch 'master' of https://github.com/MISP/misp-galaxy	2020-04-23 10:06:04 +02:00
itayc0hen	667d5b8850	Add ItaDuke/DarkUniverse actor	2020-04-22 19:44:38 +03:00
pnx@pyrite	974ece3a7c	adding FIN1	2020-04-20 14:20:22 +02:00
Rony	aa34775390	typo thanks to @patricksvgr	2020-04-19 23:17:44 +05:30
Rony	ddfa280672	Update threat-actor.json	2020-04-19 23:06:57 +05:30
Rony	7ac2648dbc	more fix	2020-04-19 23:00:42 +05:30
Rony	573b4807ee	fix broken links	2020-04-19 16:03:21 +05:30
Rony	42a4820823	dead link	2020-04-19 11:45:45 +05:30
Rony	0aa34187e9	add link	2020-04-19 11:29:36 +05:30
Rony	d6bf42254f	Merging APT23 & Tropic Trooper	2020-04-18 13:22:25 +05:30
Rony	c161080175	Update threat-actor.json	2020-04-15 21:36:48 +05:30
Deborah Servili	e8edc9cafc	Merge branch 'master' of https://github.com/MISP/misp-galaxy	2020-04-15 11:27:01 +02:00
Deborah Servili	b01e64eb1f	add Operation Shadow Forece	2020-04-08 14:53:19 +02:00
Daniel Plohmann	aba625dee5	removed duplicate entry	2020-04-07 08:49:33 +02:00
Daniel Plohmann	e15a4a6525	fixing/removing some more dead links	2020-04-06 15:25:22 +02:00
Deborah Servili	7859c8dbd7	Add coronavirus ransomware	2020-04-03 16:19:45 +02:00
Deborah Servili	8a3422acb4	add Pyta ransomnotes	2020-04-03 11:58:02 +02:00
Deborah Servili	c566c89f2a	add pyza ransomware	2020-03-27 14:22:34 +01:00
Alexandre Dulaunoy	c7104e8819	chg: [country] jq all	2020-03-23 13:09:14 +01:00
iglocska	777c3188db	new: [country] galaxy added	2020-03-23 12:10:16 +01:00
Alexandre Dulaunoy	35a57c36bf	Merge pull request #526 from Delta-Sierra/master PARINACOTA group	2020-03-12 23:23:05 +01:00
Deborah Servili	a706b8ef2e	PARINACOTA group	2020-03-12 13:11:46 +01:00
Alexandre Dulaunoy	e37f320df5	Merge pull request #523 from danielplohmann/patch-24 adding aliases MERCURY, HOLMIUM	2020-03-09 21:56:27 +01:00
Daniel Plohmann	ab49ef3c1a	Kimsuki -> Black Banshee PWC refers to Kimsuki as Black Banshee (https://www.pwc.co.uk/issues/cyber-security-data-privacy/research/tracking-kimsuky-north-korea-based-cyber-espionage-group-part-2.html)	2020-03-09 18:20:56 +01:00
Daniel Plohmann	1260ab156a	adding aliases MERCURY, HOLMIUM Muddywater->MERCURY: https://twitter.com/moranned/status/1234071210822184960 APT33->HOLMIUM: https://www.zdnet.com/article/microsoft-notified-10000-victims-of-nation-state-attacks/	2020-03-09 08:50:08 +01:00
Alexandre Dulaunoy	e81c91e3e9	Merge pull request #522 from Delta-Sierra/master add sdbbot	2020-03-06 15:24:14 +01:00
Deborah Servili	b007d5d3ce	add SdBbot	2020-03-06 14:33:19 +01:00
Alexandre Dulaunoy	a407ddcc5b	Merge branch 'master' of github.com:MISP/misp-galaxy	2020-03-05 10:49:15 +01:00
Alexandre Dulaunoy	375db26505	chg: [malpedia] fixes	2020-03-05 10:48:28 +01:00
Alexandre Dulaunoy	4a64d0a4ad	Merge pull request #519 from danielplohmann/crowdstrike2020report adding new/updated threat actor names from CrowdStrike 2020 report	2020-03-05 09:07:16 +01:00
Corsin Camichel	66aa5c3b13	fixing a comma error	2020-03-04 21:13:01 +01:00
Daniel Plohmann (jupiter)	0c2b0b76eb	while we are at it, we can also do Longhorn = APT-C-39	2020-03-04 21:09:06 +01:00
Corsin Camichel	a5a7c21c79	adding Raccoon (win.raccoon)	2020-03-04 21:02:51 +01:00
Daniel Plohmann (jupiter)	184f193342	IMPERIAL KITTEN as alias for Tortoiseshell	2020-03-04 19:39:14 +01:00
pnx@pyrite	3dc460e795	adding new/updated threat actor names from CrowdStrike 2020 report	2020-03-04 13:36:34 +01:00
Daniel Plohmann	dc059d1f4d	Accenture calls APT32 - "POND LOACH"	2020-03-03 19:40:50 +01:00
Deborah Servili	d8ea0f865c	add clop ransomware extension	2020-03-02 13:33:38 +01:00
Alexandre Dulaunoy	b4b91b1e5d	chg: [threat-actor] JSON fixed	2020-02-28 16:37:24 +01:00
Alexandre Dulaunoy	4c7532984a	Merge branch 'master' of https://github.com/nyx0/misp-galaxy into nyx0-master	2020-02-28 16:36:56 +01:00
Deborah Servili	0d4745d55f	Merge branch 'master' of https://github.com/MISP/misp-galaxy	2020-02-28 11:38:20 +01:00
Deborah Servili	a61f8d7049	add extension to clop ransomware	2020-02-28 11:37:54 +01:00
Alexandre Dulaunoy	ee63756cc5	Merge pull request #516 from rmkml/master add MedusaLocker ransomware	2020-02-23 16:06:45 +01:00
rmkml	590e292b68	add MedusaLocker ransomware	2020-02-23 16:01:45 +01:00
Deborah Servili	29bf20e89b	add razor ransomware	2020-02-19 15:55:29 +01:00
Thomas Dupuy	0daeb675f5	Add InvisiMole cluster	2020-02-18 13:28:32 -05:00
Alexandre Dulaunoy	c98093e6fe	Merge pull request #513 from danielplohmann/patch-20 adding APT-C-12	2020-02-13 21:56:34 +01:00
Daniel Plohmann	e481e9bb50	adding APT-C-12	2020-02-13 17:44:45 +01:00
Deborah Servili	f196bad4a1	add tools used by TA505 + others	2020-02-12 15:39:16 +01:00
Deborah Servili	66a721fcd3	Merge branch 'master' of https://github.com/MISP/misp-galaxy	2020-02-12 15:00:30 +01:00
Deborah Servili	b46f9b68fe	add warzone RAT	2020-02-06 13:39:58 +01:00
Alexandre Dulaunoy	33aa1c8f3f	Merge pull request #510 from Delta-Sierra/master add ransomwares	2020-02-06 09:53:19 +01:00
Deborah Servili	46fe9cb82b	add ransomwares	2020-02-06 09:29:33 +01:00
Rony	22c9badee0	Update threat-actor.json those are the name of aliases of the same malware family sykipot. so removing it.	2020-02-05 18:00:31 +05:30
Deborah Servili	5da17d51aa	Merge branch 'master' into master	2020-01-24 09:33:33 +01:00
Deborah Servili	606e3ec90f	jq	2020-01-24 09:32:09 +01:00
Alexandre Dulaunoy	6d078a88dd	chg: [ransomware] Nodera ransomware added	2020-01-24 09:04:38 +01:00
Deborah Servili	58415324c5	add Operation Wocao	2020-01-24 08:27:20 +01:00
Thomas Dupuy	edc5196373	Add Attor and DePriMon	2020-01-23 11:27:00 -05:00
Daniel Plohmann	ccfe5ee130	removing and fixing deadlinks in the best possible way Hi! While migrating Malpedia to our new reference data format, we noticed a few potentially dead/moved references in your cluster. This pull request should fix most of them, for some I was not able to find an appropriate replacement.	2020-01-23 11:14:20 +01:00
Daniel Plohmann	29a128da6f	adding references and TEMP.MixMaster as alias for WIZARD SPIDER with kudos to @tbarabosch	2020-01-22 15:42:01 +01:00
Alexandre Dulaunoy	911c2bf0bf	Merge pull request #504 from Delta-Sierra/master update target location galaxy	2020-01-21 11:06:56 +01:00
Deborah Servili	8421bde291	complete Zimbabwe cluster	2020-01-21 10:51:07 +01:00
Deborah Servili	f364e51d24	update target location galaxy	2020-01-20 14:46:03 +01:00
Alexandre Dulaunoy	dbaab413b6	chg: [threat-actor] typo fixed	2020-01-18 17:30:27 +01:00
Alexandre Dulaunoy	564f27c5ca	chg: [threat-actor] format fixed	2020-01-18 17:26:45 +01:00
Alexandre Dulaunoy	34c5c66279	chg: [threat-actor] fix order	2020-01-18 17:08:32 +01:00
Alexandre Dulaunoy	8eeceafc51	chg: [threat-actor] Budminer APT added based on document from "Soesanto, Stefan" Ref: https://www.research-collection.ethz.ch/bitstream/handle/20.500.11850/389371/1/Cyber-Reports-2020-01-A-one-sided-Affair.pdf Ref: https://www.symantec.com/connect/blogs/taiwan-targeted-new-cyberespionage-back-door-trojan	2020-01-18 17:02:44 +01:00
StefanKelm	027d94e68a	Update ransomware.json	2020-01-16 16:59:22 +01:00
StefanKelm	f53a92065c	Update ransomware.json 5ss5c	2020-01-16 16:46:38 +01:00
Deborah Servili	5ec817b499	Merge branch 'master' into master	2020-01-15 14:36:01 +01:00
Deborah Servili	32961527aa	add Autochk Rootkit as tool	2020-01-15 13:41:53 +01:00
Deborah Servili	bfcc867ee6	add two wipers to tools	2020-01-14 15:54:06 +01:00
Alexandre Dulaunoy	3c90322fd8	Merge pull request #500 from Delta-Sierra/master update target information	2020-01-08 16:22:24 +01:00
StefanKelm	5832893d4f	Update tool.json LiquorBot	2020-01-08 16:04:22 +01:00
Deborah Servili	53df69a1eb	update target information	2020-01-08 15:50:47 +01:00
StefanKelm	bf4fc92066	Update tool.json Lampion	2020-01-07 13:14:08 +01:00
Alexandre Dulaunoy	5da0c7bd54	chg: [threat-actor] SideWinder APT group added	2020-01-07 10:42:07 +01:00
StefanKelm	9b6f9136f9	Update threat-actor.json	2020-01-03 12:50:49 +01:00
StefanKelm	9373cfcb53	Update threat-actor.json BRONZE PRESIDENT	2020-01-03 12:42:57 +01:00
Rony	6b1142abac	Update threat-actor.json	2019-12-23 22:05:28 +05:30
Alexandre Dulaunoy	be4f9e01a0	Merge pull request #496 from bartblaze/patch-1 Update threat-actor.json	2019-12-20 08:23:30 +01:00
Bart	8ebb2e2d16	Update threat-actor.json Adds Operation Wocao..	2019-12-19 21:42:02 +01:00
Deborah Servili	34340372b3	add clop ransomware	2019-12-19 17:19:18 +01:00
Deborah Servili	b8c332a055	jq	2019-12-16 14:08:34 +01:00
Deborah Servili	c876928abd	Merge branch 'master' of https://github.com/MISP/misp-galaxy	2019-12-16 13:36:56 +01:00
Deborah Servili	ee38ec7220	add BitPaymer Synonsyms	2019-12-16 13:36:00 +01:00
Deborah Servili	47e0d00555	Merge pull request #493 from Delta-Sierra/master add tools used by GALLIUM	2019-12-13 15:35:29 +01:00
Deborah Servili	0fc9045ef2	add tools used by GALLIUM	2019-12-13 15:06:00 +01:00
Alexandre Dulaunoy	9f56a91013	Merge pull request #492 from Delta-Sierra/master Operation Soft Cell ralated Updates	2019-12-13 13:35:52 +01:00
Deborah Servili	03c54a3e05	add GALLIUM as microsoft activities group and similar to Operation Soft Cell	2019-12-13 11:47:31 +01:00
Deborah Servili	3be47af325	update threat actor version	2019-12-13 11:04:51 +01:00
Deborah Servili	9b153913be	add relation suspected link between operation soft cell and apt10	2019-12-13 10:59:06 +01:00
Sebastian Wagner	c3b5b39dd3	sofacy: add apt_sofacy as synonym	2019-12-12 15:57:13 +01:00
Deborah Servili	170f964e8c	##COMMA##	2019-12-11 14:22:09 +01:00
Deborah Servili	7e18f2e509	Merge branch 'master' into master	2019-12-11 13:51:52 +01:00
Deborah Servili	391b5a674d	add Axiom synonym	2019-12-11 13:50:35 +01:00
Alexandre Dulaunoy	8da36c09e1	chg: [threat-actor] jq	2019-12-08 09:03:14 +01:00
Daniel Plohmann	94b3c1ec07	added APT-C-34 / Golden Falcon	2019-12-07 12:44:30 +01:00
Deborah Servili	31f3a61d5f	add Sofacy ref	2019-12-05 15:42:42 +01:00
Alexandre Dulaunoy	8e73612b09	Merge pull request #488 from Delta-Sierra/master create new galaxy - surveillance-vendor	2019-12-05 14:48:44 +01:00
Deborah Servili	df1cbf8dce	add clusters to surveillance-vendor galaxy	2019-12-05 12:06:10 +01:00
Deborah Servili	ad5b915175	Fix surveillance-vendor galaxy	2019-12-05 11:09:38 +01:00
Deborah Servili	12530db5a8	Add FlexiSPY + jq	2019-12-05 10:05:21 +01:00
Deborah Servili	a049009453	add new galaxy - surveillance-vendor	2019-12-04 16:22:58 +01:00
Deborah Servili	2e82cd4fd7	add Private Internet Access as Tool	2019-12-04 16:22:22 +01:00
Alexandre Dulaunoy	5f020307f3	Merge pull request #485 from danielplohmann/patch-15 added TA2101	2019-12-03 22:36:49 +01:00
Daniel Plohmann	bd3cc6d8ee	added TA2101	2019-12-03 18:13:44 +01:00
Jean-Louis Huynen	100299f3fd	add: [dark-pattern] add a source	2019-12-03 17:09:57 +01:00
Jean-Louis Huynen	44a9897f2a	add: [dark-pattern] galaxy to tag dark patterns	2019-12-03 16:26:29 +01:00
Alexandre Dulaunoy	2659d864d6	chg: [ransomware] jq ;-)	2019-11-22 22:41:01 +01:00
rmkml	64f100e578	Merge branch 'master' into master	2019-11-22 22:32:24 +01:00
rmkml	81cef767aa	Fix Add FTCode Ransomware	2019-11-22 22:27:20 +01:00
rmkml	eee9beca0f	Add FTCode Ransomware	2019-11-22 21:16:40 +01:00
Deborah Servili	34faa63070	jq	2019-11-22 15:41:51 +01:00
Deborah Servili	ba830c905d	add cyborg ransomnote refs	2019-11-22 15:36:49 +01:00
Deborah Servili	757c3d6480	add cyborg ransomnote filename	2019-11-22 15:35:58 +01:00
Deborah Servili	2009a9c45c	add cyborg ranspmware extension	2019-11-22 15:30:17 +01:00
Deborah Servili	cab60a02e2	jq	2019-11-22 14:15:29 +01:00
Deborah Servili	08a4897cbe	add DePriMon malicious downloader & Cyborg ransomware	2019-11-22 14:05:36 +01:00
Alexandre Dulaunoy	8cc5e02f22	chg: [clean-up] jq all the things	2019-11-21 17:19:39 +01:00
Deborah Servili	38641aae36	merge	2019-11-21 16:24:11 +01:00
Deborah Servili	f21dd95b28	merge	2019-11-21 16:23:29 +01:00
Alexandre Dulaunoy	8240fe1722	Merge pull request #480 from rmkml/master Add Maze Ransomware	2019-11-21 14:13:17 +01:00
Deborah Servili	1a0dd2292b	add silence synonym & new meta field spoken-language	2019-11-21 11:50:02 +01:00
rmkml	90bc667988	Add Maze Ransomware	2019-11-21 00:57:50 +01:00
rmkml	9410326ea2	Revert "Add Maze Ransomware" This reverts commit `cfc6e2802c`.	2019-11-21 00:55:55 +01:00
rmkml	cfc6e2802c	Add Maze Ransomware	2019-11-19 23:15:02 +01:00
Alexandre Dulaunoy	5dc55fbbfb	Merge pull request #477 from rmkml/master Add Desync Ransomware	2019-11-19 06:40:31 +01:00
rmkml	ac4099ed0e	Add Desync Ransomware	2019-11-18 23:37:21 +01:00
Deborah Servili	5f65e8d208	traget information update [WIP]	2019-11-14 15:07:08 +01:00
StefanKelm	aa132ca58f	new refs for APT33	2019-11-14 14:57:05 +01:00
Alexandre Dulaunoy	ea18f6e920	Merge pull request #475 from Delta-Sierra/master target information update [WIP]	2019-11-13 20:43:03 +01:00
Deborah Servili	08cdc4cac3	jq	2019-11-13 15:56:23 +01:00
Deborah Servili	985c4b2459	traget information update [WIP]	2019-11-13 15:55:32 +01:00
Alexandre Dulaunoy	eea0f528fa	chg: [threat-actor] Lucky Mouse synonym added Ref: https://www.bleepingcomputer.com/news/security/cyber-espionage-group-customizes-old-public-tools/ Ref: https://www.cybersecurity-insiders.com/apt-lucky-mouse-group-targets-canada-icao-via-cyber-attack/	2019-11-12 12:51:44 +01:00
Raphaël Vinot	1486890f86	fix: JQ all the things.	2019-11-12 10:25:00 +01:00
Alexandre Dulaunoy	871d90cfc2	chg: [threat-actor] Calypso group added Ref: https://www.ptsecurity.com/upload/corporate/ru-ru/analytics/calypso-apt-2019-rus.pdf MISP UUID: 5ca4718b-7f38-4822-83b7-0a1a0a00b412	2019-11-11 13:34:54 +01:00
Deborah Servili	e310b98bc0	add Palestine PPound	2019-11-07 08:44:49 +01:00
Deborah Servili	50022d3905	Merge branch 'master' of https://github.com/MISP/misp-galaxy	2019-11-07 08:34:05 +01:00
Alexandre Dulaunoy	ea8c1dd764	Merge pull request #472 from rmkml/master Add DoppelPaymer Ransomware	2019-11-06 20:48:33 +01:00
rmkml	9707a5eb0e	Add DoppelPaymer Ransomware	2019-11-06 20:41:43 +01:00
Deborah Servili	1a62f7c2cd	jq	2019-11-06 16:23:34 +01:00
Deborah Servili	5b6aae5d1c	update target location WIP	2019-11-06 16:21:10 +01:00
Alexandre Dulaunoy	2d1406b4d6	Merge pull request #471 from rmkml/master Add FreeMe Ransomware	2019-11-06 06:36:53 +01:00
rmkml	656d90fd7c	Add FreeMe Ransomware	2019-11-05 23:09:48 +01:00
Alexandre Dulaunoy	d9a64c18ff	chg: [threat-actor] threat-actor-classification updated	2019-11-04 09:37:52 +01:00
Alexandre Dulaunoy	6f463325b9	chg: [threat-actor] jq is jq	2019-11-03 16:01:09 +01:00
Alexandre Dulaunoy	64a3569803	Merge branch 'master' of github.com:MISP/misp-galaxy	2019-11-03 08:52:37 +01:00
Alexandre Dulaunoy	8d01e77574	chg: [threat-actor] Operation WizardOpium added ref: https://securelist.com/chrome-0-day-exploit-cve-2019-13720-used-in-operation-wizardopium/94866/	2019-11-03 08:51:37 +01:00
Alexandre Dulaunoy	346e54a321	Merge pull request #468 from Delta-Sierra/master add Turla Group Symonym variant	2019-11-02 13:40:21 +01:00

... 8 9 10 11 12 ...

2122 commits