Commit graph

2523 commits

Author SHA1 Message Date
Sebastien Larinier
862badf2c9 Update threat-actor.json 2023-04-19 17:41:44 +02:00
Sebastien Larinier
1c751b1ea8 Update threat-actor.json 2023-04-19 17:34:50 +02:00
Sebastien Larinier
165ce70a28
Merge branch 'MISP:main' into main 2023-04-19 16:48:02 +02:00
Sebastien Larinier
87ef0a400e Update threat-actor.json 2023-04-19 15:42:14 +02:00
Sebastien Larinier
a77dc82c0a Update threat-actor.json
new apt30 group
2023-04-19 15:35:36 +02:00
Delta-Sierra
063ac9fc71 jq? 2023-04-19 15:10:25 +02:00
Delta-Sierra
ecb7e79a6e Merge https://github.com/MISP/misp-galaxy 2023-04-19 15:06:51 +02:00
Tobias Mainka
8d2b9537f1
replace "sector" tag with "country" for matching data. this allows to be confirm with existing clusters. 2023-04-19 12:38:37 +02:00
Sebastien Larinier
926035633f
Merge branch 'MISP:main' into main 2023-04-19 11:55:57 +02:00
ccc8f0f801
chg: [microsoft-activity-group] updated to map the new funky Microsoft "taxonomy"
Script to generate the cluster is the following, UUIDv5 based on
standard misp-stix source UUIDv4.

~~~python
lcluster = []
for v in data:
    cluster = {}
    cluster['value'] = v['threat_actor']
    cluster['meta'] = {}
    cluster['meta']['sector'] = v['sector']
    cluster['meta']['synonyms'] = v['synonyms']
    cluster['meta']['refs'] = []
    cluster['meta']['refs'].append('https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide')
    _uuid = uuid.uuid5(uuid.UUID("76beed5f-7251-457e-8c2a-b45f7b589d3d"), "{}".format(cluster['value']))
    cluster['uuid'] = str(_uuid)
    lcluster.append(cluster)
~~~

Relationships might be added in a later stage to map with the MISP threat actor galaxy.
2023-04-19 10:47:11 +02:00
Daniel Plohmann
41afab1c06
adding Trend Micro alias Earth Smilodon for APT27 2023-04-18 20:11:57 +02:00
Delta-Sierra
6b8994271e add relationships for HALFRIG & QUATTERRIG 2023-04-18 12:20:20 +02:00
Daniel Plohmann
02e23a9a47
adding Google alias HOODOO for APT41 2023-04-17 22:32:50 +02:00
Delta-Sierra
4a4fa6d16f fix versions 2023-04-17 11:32:51 +02:00
Delta-Sierra
6d5df91efa add relationship SNOWYAMBER & Notion 2023-04-17 11:31:48 +02:00
Delta-Sierra
233a066a03 Merge https://github.com/MISP/misp-galaxy 2023-04-17 11:16:23 +02:00
Delta-Sierra
d4225c5469 add some SNOWYAMBER relationships 2023-04-17 11:16:21 +02:00
91af071bae
new: [online-service] online service added 2023-04-17 10:59:18 +02:00
5f9760923f
Merge pull request #838 from Delta-Sierra/main
Adding SNOWYAMBER, HALFRIG, QUARTERRIG tools & PowerMagic backdoor
2023-04-14 16:03:57 +02:00
Delta-Sierra
8e9880d932 Add SNOWYAMBER, HALFRIG, QUARTERRIG tools 2023-04-14 15:59:42 +02:00
Delta-Sierra
c5590ff79a add PowerMagic backdoor 2023-04-13 14:11:36 +02:00
Daniel Plohmann
a966b3ff88
adding Trend Micro alias Earth Preta for Mustang Panda 2023-04-12 16:59:36 +02:00
2763cdd72b
chg:[sigma] Sigma rules updated 2023-04-12 11:44:43 +02:00
Delta-Sierra
8c831d70c8 jq 2023-04-11 15:06:59 +02:00
Delta-Sierra
d30e7357fe merge 2023-04-11 13:57:30 +02:00
Delta-Sierra
eb9254713a Add more ransomwares from ransomlook 2023-04-11 13:56:29 +02:00
3cc7e03af6
new: [stealer] add Sordeal Stealer 2023-04-11 09:54:02 +02:00
cbf12d9289
Merge pull request #833 from jloehel/HinataBot
chg[botnet]: Add HinataBot
2023-04-04 10:17:07 +02:00
Jürgen Löhel
647fc025d7
chg[botnet]: Add HinataBot
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-04-03 11:19:08 -06:00
15a03e877e
chg: [sigma] updated 2023-03-29 10:33:57 +02:00
Sebdraven
8713618777 Update threat-actor.json
add new ref for sidecopy
2023-03-23 09:13:23 +01:00
Sebdraven
f5d68aa08d Update threat-actor.json
delete ref to APT30 for Naikon
2023-03-23 08:49:17 +01:00
Sebdraven
d5843d46e2 Update threat-actor.json
add ref to Aoqin Dragon
2023-03-21 18:40:10 +01:00
122a0bd39b
fix: [ransomware] fix duplicate Value "Cuba" 2023-03-19 11:03:12 +01:00
f2305dc165
Merge pull request #829 from Delta-Sierra/main
update based on ransomlook+1
2023-03-16 19:18:54 +01:00
Delta-Sierra
12f69a6082 update based on ransomlook 2023-03-16 15:24:44 +01:00
Mathieu Beligon
d82ff1ecfb [threat-actors] Add Anonymous Sudan 2023-03-15 17:38:03 -05:00
Daniel Plohmann
c39b46e9d5
Update threat-actor.json
when value "Sofacy" was changed to "APT28", it seems Sofacy was not added to aliases, so it's missing right now.
2023-03-15 14:55:25 +01:00
Delta-Sierra
74390b27c5 Merge https://github.com/MISP/misp-galaxy 2023-03-13 09:59:04 +01:00
Delta-Sierra
c4eca7dfe1 more from ransomlook 2023-03-13 09:59:00 +01:00
Jürgen Löhel
9f9a263394
chg [tool]: Add tools used by TA866 during the Screentime campaign
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-03-08 21:46:11 -06:00
Jürgen Löhel
031a4c8030
chg [stealer]: Add Rhadamanthys
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-03-08 21:45:39 -06:00
Jürgen Löhel
437d4a30e5
chg [tds]: Add 404 TDS
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-03-08 21:45:13 -06:00
Jürgen Löhel
2d30785af5
chg [threat-actors] Add TA866
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-03-08 21:44:16 -06:00
57f3e46273
chg: [sigma] updated 2023-03-07 12:14:48 +01:00
e7b97edaa4
chg: [ransomware] fixing duplicate cluster element Avaddon 2023-03-07 12:06:56 +01:00
6db5b0b0cb
Merge pull request #824 from Delta-Sierra/main
update based on ransomlook
2023-03-06 16:23:48 +01:00
Delta-Sierra
bed6bf8dd6 fix stupid duplicate-bis 2023-03-06 16:10:23 +01:00
Delta-Sierra
d561350f7b fix stupid duplicate 2023-03-06 16:04:28 +01:00
Delta-Sierra
96cb1e22ba update based on ransomlook 2023-03-06 15:55:46 +01:00
Mathieu Beligon
395ffda94f [threat-actors] bump version 2023-03-02 10:29:52 -08:00
Mathieu Beligon
e1407c3c3f [threat-actors] Add SLIPPY SPIDER alias to LAPSUS 2023-03-02 10:29:29 -08:00
Mathieu Beligon
4bbee8c1e7 [threat-actors] Add PROPHET SPIDER 2023-03-02 10:19:24 -08:00
Mathieu Beligon
61cb24a3fc [threat-actors] Add Nemesis Kitten 2023-03-01 16:37:42 -08:00
Mathieu Beligon
84faa3c92b [threat-actors] Add Karakurt 2023-03-01 16:34:03 -08:00
Mathieu Beligon
7d371b4c80 [threat-actors] Add CYBORG SPIDER alias to GOCLD BURLAP 2023-03-01 15:45:41 -08:00
Mathieu Beligon
fa57354471 [threat-actors] Add Chamelgang 2023-03-01 15:40:23 -08:00
Mathieu Beligon
bff978e4d1 [threat-actors] Add TA453 2023-03-01 15:24:55 -08:00
Mathieu Beligon
3406ad3aa9 [threat-actors] Add APT42 2023-03-01 15:18:53 -08:00
Mathieu Beligon
2567d6f1f8 [threat-actors] Add TA406 2023-03-01 15:01:22 -08:00
Rony
50624af741 add DEV-0147 https://twitter.com/MsftSecIntel/status/1625181255754039318 2023-02-25 20:18:09 +00:00
Rony
cf727f034c
add other actor synonyms from Google's report https://services.google.com/fh/files/blogs/google_fog_of_war_research_report.pdf 2023-02-26 01:05:50 +05:30
Delta-Sierra
27f4c9fcdc synonyms must be an array 2023-02-23 14:26:20 +01:00
Delta-Sierra
0ca7675a5f Merge https://github.com/MISP/misp-galaxy 2023-02-23 14:16:00 +01:00
Delta-Sierra
55725c771e add/update ransomware based on ransomlook 2023-02-23 14:15:09 +01:00
Tom King
e52eefa0e7 chg: [mitre] updated with correct ID parsing 2023-02-21 10:36:37 +00:00
Christophe Vandeplas
9f73ff73ac fix: [first-dns] corrected typo 2023-02-21 10:54:30 +08:00
Christophe Vandeplas
e2f2026fea chg: [first-dns] Adds FIRST DNS Abuse Techniques Matrix 2023-02-21 10:26:46 +08:00
Christophe Vandeplas
a6a9a73ae5 chg: [360net] updated to latest online version 2023-02-20 20:03:36 +08:00
6460fde2e4
chg: [threat-actor] version updated 2023-02-16 14:43:45 +01:00
Daniel Plohmann
91255413d8
adding Google names for RU threat actors
https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/
2023-02-16 14:30:05 +01:00
73bd7d0983
Merge pull request #818 from Mathieu4141/threat-actors/proofpoint-aliases
[threat actors] Adding some actors from ProofPoint
2023-02-14 06:40:22 +01:00
Mathieu Beligon
9f09699047 [threat-actors] Fix: country was in the wrong place 2023-02-13 16:47:38 -08:00
Mathieu Beligon
ac067a236e [threat-actors] fix: Add missing uuids 2023-02-13 16:36:41 -08:00
Mathieu Beligon
a792115dd8 fix 2023-02-13 16:26:10 -08:00
Mathieu Beligon
8193b05e14 [threat-actors] bump version 2023-02-13 14:18:58 -08:00
Mathieu Beligon
d34e894d2d [threat-actors] Add TA2536 2023-02-13 13:45:41 -08:00
Mathieu Beligon
20c31a5d10 [threat-actors] Add TA577 2023-02-13 13:32:24 -08:00
Mathieu Beligon
e836a4a63c [threat-actors] Add TA575 2023-02-13 12:02:32 -08:00
Mathieu Beligon
c52ac53765 [threat-actors] Add TA570 2023-02-13 11:54:47 -08:00
Mathieu Beligon
5f274f58c9 [threat-actors] Add Moskalvzapoe 2023-02-13 11:44:59 -08:00
Daniel Plohmann
62256854bc
adding Broadcom name for SaintBear. 2023-02-13 14:05:35 +01:00
Mathieu Beligon
33ff650327 [threat-actors] Add more information about NoName057(16) 2023-02-10 14:14:52 -08:00
9645b9348b
chg: [tools] TgToxic added 2023-02-09 16:24:45 +01:00
o1mate
239883e2a9 Merging the handguns and shotguns clusters into a single firearm cluster. 2023-02-06 03:28:49 -05:00
385826063b
chg: [sigma] updated to the latest version 2023-02-05 11:26:16 +01:00
Daniel Plohmann
9710e09e17
new APT29 name used by Recorded Future
cf. https://go.recordedfuture.com/hubfs/reports/cta-2023-0127.pdf
2023-02-02 11:46:50 +01:00
3d6ec1b187
chg: [sigma] updated to the latest version 2023-02-02 11:25:19 +01:00
Jürgen Löhel
cf492d9931
chg: [stealer] Adds Album Stealer
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-02-01 17:30:56 -06:00
033895b052
Merge pull request #812 from jloehel/boldmove
chg: [backdoor] Adds BOLDMOVE
2023-01-31 06:24:59 +01:00
Jürgen Löhel
c7c2b8441a
chg: [stealer] Removes BluStealer
The BluStealer is already in the malpedia cluster.

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-01-30 18:35:28 -06:00
Jürgen Löhel
ca635cc3fc
chg: [stealer] Adds DarkCloud and BluStealer
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-01-30 18:29:25 -06:00
Jürgen Löhel
33513241bd
chg: [backdoor] Adds BOLDMOVE
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-01-30 16:39:11 -06:00
150e3152cc
Merge pull request #809 from MISP/dev
Updated the `region` cluster
2023-01-27 15:08:16 +01:00
b7543c5012
Merge pull request #789 from Mathieu4141/threat-actors/fix-sectorj04
[threat-actors] Remove SectorJ04 duplicate
2023-01-27 15:05:37 +01:00
Mathieu Beligon
a452263ace [threat-actors] pr.review: Add SectorJ04 as alias of TA505 2023-01-27 13:32:58 +01:00
o1mate
0b661d4f80 Added two new galaxies : An ammunition galaxy containing a list of known sold ammunitions ordered by brands, and a firearm galaxy containing two clusters (handguns, shotguns) scrapped from a famous vendor and ordered by model name (Format : Model name - SKU). 2023-01-26 08:34:38 -05:00
Delta-Sierra
89bb349184 Merge https://github.com/MISP/misp-galaxy 2023-01-26 11:46:14 +01:00
Delta-Sierra
0bb1f48ad6 fix missing brackets 2023-01-25 14:47:22 +01:00
e87d39e3f4
fix: [region] JQed all the things !! 2023-01-25 09:24:52 +01:00
Delta-Sierra
50ca40e408 add Anubis & Godfather android banking trojans 2023-01-25 09:05:19 +01:00
51610df907
chg: [region] Updated the region Galaxy Cluster
- Added missing entry (Antarctica)
- Ordered the `subregions` meta field
2023-01-24 22:53:54 +01:00
ofenomeno
cb8d700e62 adding uavs 2023-01-24 19:55:46 +01:00
2f0dfc7656
chg: [sigma] updated 2023-01-23 10:10:46 +01:00
4a342354f9
chg: [sigma] updated 2023-01-20 13:58:11 +01:00
5c21588d7c
add: [country] Manually added the missing relations to some country cluster values
- The previous commit (071ecb8) that added the
  mahority of relations between countries and
  regions were automatically added based on the
  country names specified in the `region` cluster.
  The relations added here are the remaining
  countries that are not litterally defined the
  same way they are in the `region` cluster
2023-01-16 22:22:42 +01:00
325f51479b
chg: [country] Clarified the US cluster value 2023-01-16 22:20:30 +01:00
071ecb8a52
add: [country] Added references between country cluster values and the related region they're located in, from the region galaxy cluster 2023-01-16 21:35:22 +01:00
323f9f47a1
chg: [sigma] version must be an integer 2023-01-12 16:45:21 +01:00
fd226d47a2
chg: [sigma] new version of the cluster 2023-01-12 14:10:22 +01:00
c0fdfb0e99
chg: [sigma] updated with latest version + new relationship script 2023-01-12 13:46:31 +01:00
e54366fb87
chg: [threat-actor] added the missing synonyms 2023-01-10 15:55:30 +01:00
187701bacb
chg: [sigma] regenerated from the test script (also updated the script
to ensure UUID consistency for the galaxy)
2023-01-06 15:36:33 +01:00
9955401791
chg: [sigma] jq all the things 2023-01-06 15:13:35 +01:00
8539361df5
Merge branch 'main' of https://github.com/jstnk9/misp-galaxy into jstnk9-main 2023-01-06 15:11:27 +01:00
jstnk9
5bcec1d72f
Merge branch 'MISP:main' into main 2023-01-03 11:10:49 +01:00
Jürgen Löhel
d4debd619b
chg: [ransomware] Extends the entry for JCrypt
* Add the reference to MafiaWare666 based on the latest research from
  the Avast Threat Lab: https://decoded.avast.io/threatresearch/decrypted-mafiaware666-ransomware/
* Add more infos from Andrew Ivanovs the great blog post: https://id-ransomware.blogspot.com/2020/12/jcrypt-ransomware.html

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-12-23 01:44:20 -06:00
Delta-Sierra
3f4edb480b add Malteiro 2022-12-16 16:43:50 +01:00
jstnk9
cb19f6bda7 galaxy for sigma rules 2022-12-09 08:48:54 +01:00
Delta-Sierra
5931f51d7a add TAG-53 2022-12-08 11:31:02 +01:00
Delta-Sierra
3ea2d62a83 Version Update 2022-11-28 16:27:54 +01:00
Delta-Sierra
6016b1000c Merge https://github.com/MISP/misp-galaxy 2022-11-28 16:17:08 +01:00
Delta-Sierra
5d83563e0e Fix Duplicate 2022-11-28 16:15:40 +01:00
Delta-Sierra
6c36295318 Update several RAT & Ransomwares 2022-11-28 16:13:38 +01:00
de12f46ba6
chg: [mitre] updated 2022-11-28 12:48:29 +01:00
fda4160bed
chg: [target-information] fix the duplicate 2022-11-24 15:08:16 +01:00
f15e4ed3bc
chg: [target-information] duplicate removal 2022-11-24 15:05:47 +01:00
1d9a73abdd
chg: [target] fix duplicate synonyms 2022-11-24 15:03:18 +01:00
e3126ef857
fix: [clusters] Fixed some other few meta field names 2022-11-24 09:17:28 +01:00
823124d422
fix; [mitre-ics-assets] Fixed some refs meta field names 2022-11-23 20:44:46 +01:00
493a5bf94e
fix: [target-information] Fixed synonyms meta field name 2022-11-23 20:40:35 +01:00
5c979ae554
fix: [tool] Houdini relationship to something which exist (ok I know it's Houdini) 2022-11-22 15:19:40 +01:00
0b6034d9be
Merge pull request #800 from Delta-Sierra/main
Add ransomwares
2022-11-22 15:11:42 +01:00
8947d0035b
fix: [sigma rules] until new the PR and tool is done for sigma. The
galaxy is removed.
2022-11-22 15:08:17 +01:00
Delta-Sierra
5f0d7f6d68 add VJw0rm description 2022-11-22 14:55:10 +01:00
Delta-Sierra
f4abf37b01 fix versions 2022-11-22 12:45:15 +01:00
Delta-Sierra
c02b74f999 merge 2022-11-22 12:43:18 +01:00
Delta-Sierra
ffc68b9b8f add several ransomwares 2022-11-22 12:40:47 +01:00
Delta-Sierra
e316382b8a add qakbot ref 2022-11-22 12:06:03 +01:00
Delta-Sierra
8bf6d73d66 add BazarCall campaign 2022-11-22 09:08:28 +01:00
Delta-Sierra
3c7230e38e add Bazarbackdoor Synonyms 2022-11-22 09:00:04 +01:00
Thomas Dupuy
be7450494e Add Evasive Panda Threat Actor 2022-11-18 16:38:11 +00:00
4844a7021c
chg: [sigma] duplicate value changed 2022-11-18 14:36:02 +01:00
c41b99d8b9
fix: [sigma] remove duplicate references 2022-11-18 14:21:27 +01:00
59f5fc5f76
Merge branch 'main' of github.com:MISP/misp-galaxy into main 2022-11-18 14:18:29 +01:00
7d4011a0a2
chg: [sigma] jq all the things 2022-11-18 14:17:52 +01:00
Terrtia
e3b6e9d229
fix: [handicap] fix galaxy icon + name + type 2022-11-17 15:16:05 +01:00
9b8619bbbe
Merge branch 'main' of https://github.com/jstnk9/misp-galaxy into jstnk9-main 2022-11-16 11:07:50 +01:00
Jürgen Löhel
f595195cd2
chg: [botnets] Adds KmsdBot
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-11-15 18:10:39 -06:00
Jstnk9
473f1a13aa galaxy related to sigma rtules
galaxy related to sigma rtules
2022-11-15 22:56:18 +01:00
Delta-Sierra
2269f4decd fix tool type 2022-11-15 13:56:53 +01:00
Delta-Sierra
9fc65c0e34 version fix 2022-11-15 13:37:02 +01:00
Delta-Sierra
91d535925f version fix 2022-11-15 13:36:49 +01:00
Delta-Sierra
3837058ab1 merge 2022-11-15 12:54:03 +01:00
Delta-Sierra
d020efd276 add raspberry Robin worm & others 2022-11-15 11:57:10 +01:00
b787bbeb23
Merge pull request #792 from nyx0/main
Add RomCom TA.
2022-11-05 07:50:20 +01:00
3b196f8361
Merge pull request #791 from Mathieu4141/threat-actors/add-phosphorus-alias-to-apt-35
[threat-actors] Add Phosphorus in APT35 aliases
2022-11-05 07:49:55 +01:00
Thomas Dupuy
9ac53e5d5e Add RomCom TA. 2022-11-04 02:34:10 +00:00
6c4da5dd55
Merge pull request #790 from Mathieu4141/threat-actors/fix-dust-storm
[threat-actors] Remove DustStorm alias from APT10
2022-11-03 11:35:20 +01:00
52a6fff6a2
Merge pull request #788 from Mathieu4141/threat-actors/fix-cobalt-dickens
[threat-actors] Remove cobalt dickens duplicate
2022-11-03 11:27:08 +01:00
3b4dcd6ad3
Merge pull request #787 from Mathieu4141/threat-actors/fix-subaat-duplicate
[threat-actors] Remove subaat duplicate
2022-11-03 11:26:21 +01:00
Mathieu Beligon
8a9dd47f8f [threat-actors] Add Phosphorus in APT35 aliases 2022-11-02 23:49:22 -07:00
Mathieu Beligon
21d4292faf [threat-actors] Remove DustStorm alias from APT10 2022-11-02 23:31:31 -07:00
Mathieu Beligon
e61733591f [threat-actors] Remove SectorJ04 duplicate 2022-11-02 20:30:40 -07:00
Mathieu Beligon
9f0869097a [threat-actors] Remove cobalt dickens duplicate 2022-11-02 18:09:42 -07:00
Mathieu Beligon
e3e5560e37 [threat-actors] Remove subaat duplicate 2022-11-02 17:57:47 -07:00
Mathieu Beligon
5801bbcfc1 [threat-actors] Remove Skeleton Spider duplicate 2022-11-02 17:38:07 -07:00
015650c6d7
chg: [mitre-attack] updated to version 12.0 2022-11-01 22:39:33 +01:00
Delta-Sierra
9952366667 add Prynt Stealer & variants 2022-10-14 16:03:45 +02:00
Delta-Sierra
355025eb5b fix metadata in wrong slot 2022-10-04 13:28:42 +02:00
Delta-Sierra
e5b3062912 add Volatile Cedar synonym 2022-10-03 16:06:13 +02:00
Thomas Dupuy
4bcf80f01b Add SharPyShell tool. 2022-10-02 22:00:54 +00:00
409c82f40c
Merge pull request #781 from Mathieu4141/threat-actors/fix-neodymium
[threat-actors] Fix G0055 (NEODYMIUM) alias
2022-09-30 06:39:31 +02:00
588184bacd
Merge pull request #780 from Mathieu4141/threat-actors/fix-svmondr
[threat-actors] Remove SVCMONDR duplicate
2022-09-30 06:38:56 +02:00
800006e6ab
Merge pull request #778 from Mathieu4141/threat-actors/fix-malware-reuser-duplicate
[threat-actors] Fix Volatile Cedar and Dancing Salome conflicts
2022-09-30 06:37:15 +02:00
Mathieu Beligon
74c6835d18 [threat-actors] Fix G0055 (NEODYMIUM) alias 2022-09-29 17:16:57 -07:00
Mathieu Beligon
a740e35687 [threat-actors] Remove SVCMONDR duplicate 2022-09-29 16:11:19 -07:00
Mathieu Beligon
5994fa4160 [threat-actors] Fix Volatile Cedar and Dancing Salome conflicts 2022-09-29 14:51:38 -07:00
Mathieu Beligon
4f47e6e2d3 [threat-actors] Equation group: separate from Lamberts and add tools 2022-09-29 11:28:54 -07:00
Thomas Dupuy
c66d6823a1 Add APT-Q-12 Threat Actor. 2022-09-29 02:30:41 +00:00
c3b65a2d15
chg: [threat-actor] JSON fix 2022-09-27 08:18:13 +02:00
067e449a41
Merge branch 'main' of https://github.com/nyx0/misp-galaxy into nyx0-main 2022-09-27 08:17:41 +02:00
Christophe Vandeplas
e259458d5a chg: [mitre] bump to v11.3 2022-09-27 07:30:13 +02:00
Thomas Dupuy
bfd1812cef Add Void Balaur. 2022-09-27 00:11:20 +00:00
eacab6ca27
new: [malpedia] remove duplicate UUIDs objects (coming from Malpedia API) 2022-09-26 10:58:09 +02:00
7cd322640f
Merge pull request #771 from Delta-Sierra/main
fetch malpedia
2022-09-26 10:07:24 +02:00
Delta-Sierra
a611230bef fetch malpedia 2022-09-26 09:23:07 +02:00
Mathieu Beligon
22a39f4fdc [threat-actors] Add BITWISE SPIDER 2022-09-20 11:23:33 -07:00
9b8b51fe53
Merge pull request #769 from Mathieu4141/threat-actors-add/no-name-057-06
[threat-actors] Add NoName057(16)
2022-09-17 07:43:42 +02:00
2f169e4258
Merge pull request #766 from Mathieu4141/threat-actors/fix-ta505
[threat-actors] Clean TA505 aliases
2022-09-17 07:43:18 +02:00
Mathieu Beligon
580d2c6931 [threat-actors] Add NoName057(16) 2022-09-16 20:11:06 -06:00
30cb4e7e60
Merge pull request #768 from Delta-Sierra/main
New clusters
2022-09-16 06:40:43 +02:00
Delta-Sierra
8202a7f48f Add PlugX ref 2022-09-15 15:39:47 +02:00
Delta-Sierra
0903300b75 Add Chisel 2022-09-15 13:24:49 +02:00
Delta-Sierra
021fcd2c91 add Lorenz ransomware 2022-09-15 10:29:46 +02:00
1c8d82cfcc
new: [threat-actor] hezb added 2022-09-14 11:00:33 +02:00
Christophe Vandeplas
b011ddee5b fix: [360net] fixes null entries in lists 2022-09-13 22:12:51 +02:00
Christophe Vandeplas
c5a5fa7cfa chg: [360net] add 360.net APT list fixes #764 2022-09-13 21:48:16 +02:00
Mathieu Beligon
e1f5d3b5d8 [threat-actors] Keep meta from old Xenotime 2022-09-13 11:40:17 -07:00
Mathieu Beligon
4ff0bdfe8e [threat-actors] Clean TA505 aliases 2022-09-13 11:34:02 -07:00
Delta-Sierra
e3d88f45c6 add Dark.IoT 2022-09-13 13:35:55 +02:00
Delta-Sierra
6dba3abe13 add hezb 2022-09-13 10:40:00 +02:00
Mathieu Beligon
273c7c9b97 [threat-actors] Remove Xenotime duplicate 2022-09-12 17:10:49 -07:00
Delta-Sierra
705d0d2e72 add BumbleBee backdoor 2022-09-12 10:51:43 +02:00
Delta-Sierra
0440db12e9 add DangerousSavanna campaign 2022-09-07 11:01:23 +02:00
Delta-Sierra
77db2370b1 Add Lockbit synonym 2022-09-07 11:00:41 +02:00
Delta-Sierra
775d3c183b Add Lockbit synonym 2022-09-07 09:26:38 +02:00
Rony
aea413cebf chg: [threat-actor] version bump 2022-09-01 10:32:01 +00:00
Rony
db913e5ab4 fix: [threat-actor] remove duplicate entries 2022-09-01 09:53:11 +00:00
Rony
6aea5ee05c chg: [threat-actor] add Aoqin Dragon 2022-09-01 09:46:43 +00:00
Rony
fb0cf3c7e5 chg: [threat-actor] miscellaneous updates 2022-09-01 09:17:31 +00:00
Daniel Plohmann
d18f5bc8b6
mini-fix: adding https protocol to a reference
in automated processing and display, this may otherwise lead to a malformed local / relative link.
2022-08-30 17:08:03 +02:00
5175fb0364
Merge pull request #760 from Delta-Sierra/main
Add GootLoader & MOUSEISLAND in tool
2022-08-29 12:02:55 +02:00
Rony
e7178a1e08 fix: [threat-actor] remove duplicate entries from APT9 2022-08-27 12:54:32 +00:00
Rony
27300c6381 chg: [threat-actor] add avast blog to APT40 2022-08-27 12:41:31 +00:00
Rony
7f526e230b chg: [threat-actor] add Microsoft and PwC report to actors' references 2022-08-27 12:34:36 +00:00
Rony
6ad9699a38 chg: [threat-actor] add recorded future reference to RedAlpha 2022-08-27 12:10:51 +00:00
Rony
2dc138ae01 chg: [threat-actor] add Adam Kozy's testimony ro APT41 and APT26 2022-08-27 12:08:11 +00:00
Rony
0b140b7097 chg: [threat-actor] miscellaneous updates including merge of some actors and fix the error committed in 9cfcc0d9ac 2022-08-27 11:58:03 +00:00
8bea9f3b4b
Merge pull request #755 from Mathieu4141/threat-actors/fix-winnti
[threat-actors] Fix Axiom/Winnti/Suckfly/APT41 conflicts
2022-08-27 08:25:20 +02:00
Mathieu Béligon
9cfcc0d9ac
Add aliases to APT41
Co-authored-by: Rony <rony_123@protonmail.ch>
2022-08-26 14:54:02 -07:00
Mathieu Beligon
6e00329ba6 [threat-actors] Fix aliases 2022-08-26 11:09:29 -07:00
Delta-Sierra
534dacb7fb add GootLoader 2022-08-26 10:12:36 +02:00
Delta-Sierra
d5a9365aae add MOUSEISLAND 2022-08-26 09:23:38 +02:00
Mathieu Beligon
9b714dcd76 [threat-actors] Merge Axiom into APT17 2022-08-25 13:49:07 -07:00
Delta-Sierra
5b3c395f10 jq 2022-08-24 14:27:33 +02:00
Delta-Sierra
cb422c2190 update Guildma 2022-08-24 14:07:01 +02:00
Yosirion95
cda80e5496 Add synonyms to sector.json 2022-08-21 11:09:50 +02:00
9efca4c41b
fix: [threat-actor] UUID reused fixed (UUIDs cannot be reused across different cluster)
Add the missing the relationship for the new UUID
2022-08-21 09:17:56 +02:00
Rony
5b42a09dc2 add PARINACOTA to threat-actor.json
MSTIC names digital crime actors based on global volcanoes
2022-08-20 17:10:15 +00:00
Rony
6fd584fa88 remove APT36/ Transpert Tribe from microsoft-activity-group.json cause we don't know any MSTIC name yet. 2022-08-20 17:06:18 +00:00
6b137ea12c
Merge pull request #749 from Mathieu4141/threat-actors/fix-naikon-cluster
[threat actors] Fix threat actors related to Lotus Panda
2022-08-20 11:46:15 +02:00
Mathieu Beligon
7f82616c10 fix axiom related field 2022-08-19 12:48:40 -07:00
Mathieu Beligon
969f461709 merge into apt41 2022-08-19 12:45:47 -07:00
Christophe Vandeplas
1b69b654a8 chg: [atrm] bump to latest ATRM version 2022-08-19 21:19:23 +02:00
Mathieu Beligon
fd9201e9e0 Merge APT22 and suckfly 2022-08-19 12:16:30 -07:00
Mathieu Beligon
768c94671c Fix hellsing ref 2022-08-19 11:34:16 -07:00
a8b234d694
Merge pull request #753 from Mathieu4141/threat-actors/fix-bronze-president
[threat-actors] Remove duplicated BRONZE PRESIDENT entity
2022-08-19 06:26:11 +02:00
Mathieu Béligon
fcd6faec78
Capitalize override panda alias
Co-authored-by: Rony <rony_123@protonmail.ch>
2022-08-18 20:51:03 -07:00
Mathieu Béligon
54f3ef2831
capitalize lotus panda alias
Co-authored-by: Rony <rony_123@protonmail.ch>
2022-08-18 20:50:32 -07:00
Mathieu Béligon
c9b11553eb
normalize APT30 alias
Co-authored-by: Rony <rony_123@protonmail.ch>
2022-08-18 20:32:44 -07:00
Mathieu Beligon
c1abedb446 Move Lotus Panda alias to Lotus Blossom 2022-08-18 20:21:31 -07:00
Mathieu Beligon
a61ef2a88f [threat-actors] Fix Axiom/Winnti/Suckfly/APT41 conflicts 2022-08-18 17:03:26 -07:00
Mathieu Beligon
84e69ad4be Add DarkCommet as a tool of GoldenRAT 2022-08-18 15:47:04 -07:00
Mathieu Beligon
1acc51a7a6 [threat-actors] Add more data about APT-C-27 2022-08-18 15:44:18 -07:00
Mathieu Beligon
ec988c97d0 [threat-actors] Remove duplicated APT-C-27 2022-08-18 15:34:08 -07:00
Mathieu Beligon
d9046c8619 [threat-actors] Remove duplicated BRONZE PRESIDENT entity 2022-08-18 15:12:18 -07:00
Mathieu Beligon
a046e8094d Merge APT30 and Naikon 2022-08-18 11:36:45 -07:00
Mathieu Beligon
5e4a4c3453 Merge branch 'main' into threat-actors/fix-naikon-cluster 2022-08-18 09:01:36 -07:00
Mathieu Beligon
264e764dfa Remove ATK34 alias 2022-08-18 08:59:04 -07:00
Delta-Sierra
3f036db1e3 add TA558 2022-08-18 15:54:28 +02:00
Mathieu Beligon
71e3e1f3eb Fix ATK aliases 2022-08-17 13:39:43 -07:00
Mathieu Beligon
a6242d4732 Merge branch 'main' into threat-actors/fix-naikon-cluster 2022-08-17 13:37:01 -07:00
Mathieu Beligon
0d6399aa2b Add ATK78 alias for Thrip 2022-08-17 12:04:32 -07:00
Mathieu Beligon
53282255ce Branch out Goblin Panda from Hellsing 2022-08-17 11:55:35 -07:00
Mathieu Beligon
3f50cf0175 Create a tool for Esile 2022-08-17 11:19:30 -07:00
Rony
f608312577 addresses https://github.com/MISP/misp-galaxy/pull/751#issuecomment-1217680586 2022-08-17 08:52:35 +00:00
Rony
ccd10b54f4
remove duplicate reference 2022-08-17 12:49:56 +05:30
Rony
0cec882cc5 merge microcin/sixlittlemonkeys to vicious panda 2022-08-17 07:06:51 +00:00
a373909bb1
Merge pull request #748 from r0ny123/patch-2
Update threat-actor.json
2022-08-17 07:44:46 +02:00
352998a84d
fix: [threat-actor] add missing refs for APT33 including CFR link 2022-08-17 07:40:23 +02:00
Mathieu Beligon
d05b29c1af [threat-actors] Remove duplicate APT33 2022-08-16 17:15:30 -07:00
Mathieu Beligon
9c6f106928 [threat actor] Fix aliases related to Lotus Panda 2022-08-16 16:58:35 -07:00
Rony
5b25b574b3 add uac-0010 references from cert-ua 2022-08-16 10:19:53 +00:00
Rony
370045b01d Merge "red october" and "cloud atlas" to inception framework" 2022-08-16 09:30:29 +00:00
Rony
62b168600f
fix duplicates 2022-08-16 12:15:30 +05:30
Rony
490bc6a05c
fix duplicate 2022-08-16 12:10:27 +05:30
Rony
bbe84c5985
updates to russian actors 2022-08-16 12:07:59 +05:30
Rony
de76aef023
Update threat-actor.json 2022-08-16 10:49:13 +05:30
Rony
f4b63d4514
updates to tianwu 2022-08-16 10:30:33 +05:30
96d31aa8c7
chg: [threat-actor] jq all the things 2022-08-11 17:50:00 +02:00
Thomas Dupuy
ed24dcaf19 Add link for SLIME29. 2022-08-11 15:41:01 +00:00
Thomas Dupuy
912050b9b7 Update commit based on feeback. 2022-08-11 15:20:32 +00:00
Thomas Dupuy
6e0df72ef4 Add Threat Actors from BH Asia22 prez. 2022-08-10 18:53:38 +00:00
Christophe Vandeplas
1369756810 chg: [atrm] Add Azure Threat Research Matrix Galaxy and generation script 2022-08-06 21:19:31 +02:00
Daniel Plohmann
bdaadea58e
removing a leading double quote in a URL. 2022-08-02 18:17:58 +02:00
Daniel Plohmann
bc20a463c8
merging TG2003 / Elephant Beetle into FIN13
as indicated in the respective resources published by the organizations using these aliases.
2022-08-02 14:11:43 +02:00
6427746ad8
Merge pull request #727 from Mathieu4141/threat-actors/merge-cutting-kitten-cleaver
Fix Cleaver aliases
2022-07-27 23:17:42 +02:00
63f5122ad4
Merge pull request #742 from r0ny123/patch-1
Update threat-actor.json
2022-07-27 18:56:47 +02:00
Mathieu Beligon
51aacd6b03 Reduce diff with old version 2022-07-26 23:53:22 -07:00
Mathieu Beligon
acc6ada575 r0ny123.review: Use Cutting Kitten as main value for ITSecTeam 2022-07-26 23:27:39 -07:00
Mathieu Beligon
d815bfa174 Merge remote-tracking branch 'upstream/main' into threat-actors/merge-cutting-kitten-cleaver 2022-07-26 23:22:03 -07:00
Daniel Plohmann
26f6a33695
more aliases from Unit 42 2022-07-26 11:09:33 +02:00
Rony
5a7f3a7207
fix 2022-07-25 17:17:52 +05:30
Rony
8ce0df6eb4
Update threat-actor.json
Merge aquatic panda & earth lusca
2022-07-25 17:15:23 +05:30
6b6398bf2d
fix: [threat-actor] incorrect merge fixed 2022-07-20 18:45:50 +02:00
b4ce9a9453
Merge branch 'main' of https://github.com/r0ny123/misp-galaxy into r0ny123-main 2022-07-20 18:41:27 +02:00
Rony
add6b27466 update 2022-07-20 21:39:33 +05:30
Rony
2b54df56f9 update 2022-07-20 21:32:11 +05:30
Rony
2e045d9c8c chg: [fix] resolve conflict 2022-07-20 21:28:15 +05:30
Daniel Plohmann
5825783a85
removed duplicate UUID for Kinsing
my apologies, looks like I had not rolled a new UUID for one of the entries added...
2022-07-20 17:07:05 +02:00
Rony
932fcf1871 added Red Nue 2022-07-20 15:07:35 +05:30
Rony
082039b3b0 added CN actors from secureworks threat profile
https://www.secureworks.com/research/threat-profiles?filter=item-china and fixed some AKAs
2022-07-20 14:52:58 +05:30
Daniel Plohmann
ed32c508b7
added more Unit 42 aliases / groups 2022-07-20 08:38:03 +02:00
Rony
000bfe92d9 add APT9/Red Pegasus & BRONZE EDGEWOOD/Red Hariasa 2022-07-20 10:04:58 +05:30
Rony
2e8a577b0c add PwC naming to CN actors 2022-07-20 09:45:21 +05:30
Rony
3fabd58416 chg: [threat-actor] fixed 2022-07-19 23:36:30 +05:30
Rony
79c84d3768 add Earth Berberoka, Earth Lusca and Earth Wendigo 2022-07-19 22:42:50 +05:30
Daniel Plohmann
082d506b64
adding new Unit 42 names
First PR: those are the directly mappable names. I will follow up after deconfliction and then with a few new entries.
2022-07-19 08:45:09 +02:00
Daniel Plohmann
240a757826
Update threat-actor.json
adding Predatory Sparrow due to recent events.
2022-07-13 10:02:07 +02:00
cf603e8160
Merge pull request #736 from Delta-Sierra/main
add Qbot
2022-07-12 18:41:33 +02:00
Thomas Dupuy
90da0d798f Set country to LB instead of IR based on operational activity. 2022-07-12 16:21:41 +00:00
Delta-Sierra
b1c853bf42 update version 2022-07-12 15:51:55 +02:00
Thomas Dupuy
1a8835bcae Remove list from POLONIUM TA. 2022-07-12 13:11:11 +00:00
Thomas Dupuy
a86d866534 Add POLONIUM TA. 2022-07-12 12:14:27 +00:00
Delta-Sierra
d40017ae50 add Qbot 2022-07-12 14:03:43 +02:00
Delta-Sierra
6c6355f2ba fix typo 2022-07-12 11:31:08 +02:00
Delta-Sierra
300d608770 jq 2022-07-12 10:54:37 +02:00
Delta-Sierra
71c93f5b24 fix caps typo 2022-07-12 10:53:14 +02:00
Delta-Sierra
4ea34fc5a4 Merge https://github.com/Delta-Sierra/misp-galaxy into main 2022-07-12 10:51:59 +02:00
Delta-Sierra
924eda26ca Add EnemyBot +relationships 2022-07-12 10:49:11 +02:00
Deborah Servili
ca7d524d9c
Merge branch 'main' into main 2022-07-08 16:27:28 +02:00
Delta-Sierra
29aa7b3f69 add Maui ransomware 2022-07-08 14:49:12 +02:00
Delta-Sierra
56a53433f0 add HelloXD ransomware 2022-07-08 12:05:31 +02:00
Delta-Sierra
279b89f6d9 fix duplicate extension-2 2022-07-06 09:38:02 +02:00
Delta-Sierra
67d5f5c7c0 fix duplicate extension 2022-07-06 09:34:11 +02:00
Delta-Sierra
7e37fa0cdd merge + update medusalocker 2022-07-06 09:28:46 +02:00
Delta-Sierra
c2e7ef4fab Update Medusa Locker and others 2022-07-06 08:43:59 +02:00
marjatech
587dc8560b add script to automate malpedia update 2022-07-04 14:24:34 +02:00
Mathieu Beligon
693eed8d78 [threat actor] Break Cleaver aliases into respective entries 2022-07-04 14:05:29 +02:00
marjatech
1212a75cc4 update malpedia 2022-07-04 11:02:02 +02:00
Mathieu Beligon
d63c990dad [threat-actors] Separate ITSecTeam from Cleaver 2022-06-30 14:34:05 +02:00
Mathieu Beligon
b8d4ffdbde Merge Cutting Kitten and Cleaver 2022-06-29 20:15:12 +02:00
Koen Van Impe
0c9aa68db6 Update surveillance-vendor.json 2022-06-22 13:30:55 +02:00
Koen Van Impe
22c2f7b999 Add RCS Lab S.p.A. to surveillance-vendor 2022-06-22 11:20:52 +02:00
Mathieu Beligon
d79c5bd1ab Add ToddyCat Threat actor 2022-06-21 15:12:42 +02:00
Rony
c030fcdab6
chg: [threat-actor] added PwC naming for Indian actors
https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf
2022-06-11 15:46:54 +05:30
Thanat0s
44a99d066a Y en a un peut plus je vous le mets quand meme ? 2022-06-11 04:24:04 -04:00
Thanat0s
57befd7259 jq all the things 2022-06-10 19:12:12 -04:00
Thanat0s
51f98f4706 Attck link + typo on TA551 2022-06-10 18:40:16 -04:00
Thanat0s
f97fee7135 Typo on TA551 2022-06-10 18:38:25 -04:00
Thanat0s
297acc0f5e Add Mitre vs Thales RosettaStone 2022-06-10 18:24:15 -04:00
Rony
e916267c7c
chg: [threat-actor] add reference to bitter & sidewinder group 2022-06-08 23:22:17 +05:30
Christophe Vandeplas
39073004c4 [mitre] bump to MITRE ATT&CK v11.2 2022-05-25 21:03:14 +02:00
Christophe Vandeplas
4a469299fd [mitre] update sorting algo
will make future ATT&CK updates less noisy in the git diff
2022-05-25 21:00:57 +02:00
Mathieu Beligon
dca70783bf [threat-actors] validate file 2022-05-23 11:32:24 +02:00
Mathieu Beligon
c1cfc19871 [threat actors] Remove dead link for sandworm threat actor 2022-05-23 11:30:04 +02:00
Mathieu Beligon
36a1466661 [threat-actors] Add RansomHouse 2022-05-23 11:29:39 +02:00
a838eaf9db
Merge pull request #717 from jloehel/krane
chg: [cryptominers] Adds Krane
2022-05-18 08:17:16 +02:00
Jürgen Löhel
1be9a10ef9
chg: [cryptominers] Adds Krane
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-05-17 14:47:29 -05:00
Jürgen Löhel
9db5d18114
chg: [android] Adds Vulture
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-05-17 14:16:21 -05:00
Rony
2721522e82
chg: [threat-actor] add exotic lily, ta578, ta579 2022-05-14 20:52:15 +05:30
Jürgen Löhel
45da13ce5e chg: [backdoors] Adds BPFDoor
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-05-11 19:06:19 -05:00
fcdc6c86e6
chg: [threat-actor] add TG2003 synomym to Elephant Beetle 2022-05-09 14:24:28 +02:00
9130365e2e
chg: [threat-actor] Elephant Beetle added
Fix #708
2022-05-09 14:23:12 +02:00
bb434b11cf
chg: [threat-actor] ModifiedElephant added
Fix #709
2022-05-09 14:16:01 +02:00
06550a7945
chg: [threat-actor] fix refs field -> it's always an array 2022-05-09 13:46:16 +02:00
b67e3ed3f8
Merge branch 'threatactor-cosmiclynx-add' of https://github.com/adammchugh/MISP-Galaxy-Updates into adammchugh-threatactor-cosmiclynx-add 2022-05-09 13:43:44 +02:00
Rony
c0be6677c2
chg: [threat-actor] added actor Red Menshen
https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf
2022-05-07 15:44:10 +05:30
Rony
11eca69ebc
chg: [threat-actor] added Curious Gorge 2022-05-07 12:40:35 +05:30
Daniel Plohmann
26c1850377
Update threat-actor.json
adding Red Dev 4 as alias for GALLIUM as used by PwC.
2022-05-06 09:47:48 +02:00
Daniel Plohmann
06c293072c
Update threat-actor.json
adding UNC3524 to the actor galaxy cluster.
2022-05-04 13:21:56 +02:00
3c7
0ad65fbe9f
Forgot to jq all the things 2022-04-28 09:42:25 +02:00
3c7
dfb6c0668e
Added SaintBear 2022-04-28 09:36:25 +02:00
Christophe Vandeplas
33476bec81 chg: [mitre] bump to MITRE ATT&CK v11.0 2022-04-25 18:29:57 +02:00
664f6d80cc
chg: [threat-actor] Killnet description added 2022-04-21 15:05:50 +02:00
1e383e2452
chg: [threat-actor] version updated 2022-04-21 14:53:14 +02:00
Mathieu Beligon
c8455a6c4d [actors] Add killnet 2022-04-21 14:06:28 +02:00
Adam McHugh
53a0fc56d3 Added Cosmic Lynx Threat Actor from Agari Whitepaper advisory 2022-04-18 10:16:26 +09:30
bca7381f33
fix: [ransomware] refs are within meta 2022-04-17 15:43:23 +02:00
eb7c5ebaf1
fix: [ransom] remove empty ref 2022-04-17 15:39:02 +02:00
bc696b43f4
chg: [ransomware] jq all the things 2022-04-17 15:35:50 +02:00
00d33fd292
Merge pull request #701 from adammchugh/ransomware-conti-update
Ammended Conti ransomware entry with ACSC 2021-010 advisory data
2022-04-17 15:35:25 +02:00
66744a4cd0
Merge pull request #704 from adammchugh/cryptominers-bluemockingbird-add
Added Cryptominer Blue Mockingbird from RedCanary advisory.
2022-04-17 14:43:59 +02:00
14907e3eef
Merge pull request #703 from adammchugh/threatactor-copypaste-add
Added Copy-Paste Threat Actor from ACSC Advisory 2020-008
2022-04-17 14:43:37 +02:00
Adam McHugh
84eac4b102 Added Cosmic Lynx Threat Actor from Agari Whitepaper advisory 2022-04-17 19:50:08 +09:30
Adam McHugh
f00e80ae7e Added Cryptominer Blue Mockingbird from RedCanary advisory. 2022-04-17 19:44:42 +09:30
Adam McHugh
cff8a38c5f Added Copy-Paste Threat Actor from ACSC Advisory 2020-008 2022-04-17 19:37:26 +09:30
Adam McHugh
622c0502aa Ammended Conti ransomware entry with ACSC 2021-010 advisory data 2022-04-17 19:23:11 +09:30
Adam McHugh
99caab201f Ammended Blackcat ransomware entry with ACSC 2022-004 advisory data 2022-04-17 18:05:24 +09:30
Thomas Dupuy
bd05eb0bba upd: [cluster] add Threat Actor BladeHawk. 2022-04-11 17:03:19 +00:00
Thomas Dupuy
209391f110 upd: [cluster] add ref and synonyms for Energetic Bear. 2022-04-07 18:26:58 +00:00
b649057a5a
chg: [handicap] fixed more fields 2022-04-04 11:09:30 +02:00
aff4345074
chg: [handicap] more cleanup 2022-04-04 11:01:38 +02:00
269f91ad75
chg: [handicap] more clean-up of uuid values 2022-04-04 10:56:29 +02:00
d3d4e7186b
chg: [handicap] fix name of the clusters 2022-04-04 10:43:56 +02:00
7e6390c336
Merge pull request #694 from AgatheMgt/main
Handicap
2022-04-04 10:41:06 +02:00
Rony
a08ddaf548
Add Avivore & HAZY TIGER/Bitter 2022-04-02 01:14:18 +05:30
Rony
50f39edc10
Revert "update threat actors meta" 2022-04-02 00:55:38 +05:30
Delta-Sierra
73f71c8b15 dup 2022-04-01 16:51:27 +02:00
Delta-Sierra
fb557fd3a2 dup 2022-04-01 16:47:50 +02:00
Delta-Sierra
909fc09992 duplicate 2022-04-01 16:44:47 +02:00
Delta-Sierra
7c3e8ac068 fix duplicate 2022-04-01 16:40:40 +02:00
Delta-Sierra
dcc396108c fix duplicate 2022-04-01 16:36:47 +02:00
Delta-Sierra
9257fb677b merge 2022-04-01 16:32:10 +02:00
Delta-Sierra
0f7803b091 update threat actors meta 2022-04-01 16:00:27 +02:00
Sami Mokaddem
4242732af1
chg: jq all 2 2022-03-31 09:05:22 +02:00
Sami Mokaddem
a9a09d11c6
chg: jq all 2022-03-31 08:59:36 +02:00
Mathieu Beligon
c35fad3291 Add threat actor group Scarab 2022-03-28 12:11:34 +02:00
94c3788089
Merge pull request #687 from Badis-dev/main
Add galaxy and cluster cancer
2022-03-25 10:04:46 +01:00
AgatheMgt
aec779d1ee poatate 2022-03-24 09:43:58 -04:00
AgatheMgt
3ce6d7a313
Update handicap.json 2022-03-24 07:48:49 -04:00
AgatheMgt
a6a16926f6
Create handicap.json 2022-03-24 07:08:08 -04:00
Daniel Plohmann
24a3f16ab4
adding threat actor group LAPSUS$ / DEV-0537. 2022-03-23 09:47:10 +01:00
Delta-Sierra
97690426bf update threat actors meta 2022-03-18 16:41:10 +01:00
6f0208dcaf
chg: [ransomware] UUID fixed 2022-03-18 16:03:27 +01:00
ef5af37dbe
chg: [botnet] duplicate UUIDs replaced 2022-03-18 15:58:09 +01:00
c0a07d2246
chg: [ransomware] replace duplicate UUIDs 2022-03-18 15:57:06 +01:00
botlabsDev
6416d0b2de add Rook Ransomware, Pandora Ranomsware, Astro Locker, Mount Locker, Ripprbot, Abcbot Cyclops Blink and Elknot 2022-03-18 15:34:11 +01:00
18069ce5f3
Merge pull request #688 from botlabsDev/patch-0
Add tool 'BadPotato' to clusters/tool.json
2022-03-15 12:30:47 +01:00
7fd5715715
Merge pull request #691 from r0ny123/indian-adversaries
Update to Indian Adversaries
2022-03-15 12:28:16 +01:00
Rony
eebda5f955
chg: [threat-actor] merging viceroy tiger and donot team & adding SectorE02 as an alias of Donot team 2022-03-15 15:02:57 +05:30
Rony
ac72e7b639
fix 2022-03-15 14:00:46 +05:30
Rony
3b67e745e5
Update threat-actor.json 2022-03-15 13:57:00 +05:30
botlabsDev
99ab2a13d6 Add tool 'BadPotato' to clusters/tool.json 2022-03-14 18:02:02 +01:00
Badis-dev
231915f9a4 add galaxy and cluster cancer 2022-03-11 14:20:09 +01:00
Badis-dev
27241135a2
Add cancer.json 2022-03-11 11:26:57 +01:00
Badis-dev
78f1c9f345
Delete cancer.json 2022-03-11 11:26:30 +01:00
Badis-dev
1c707f7c5e
Add cancer cluster 2022-03-11 11:13:57 +01:00
Delta-Sierra
957327383d fix array 2022-03-07 16:10:53 +01:00
Delta-Sierra
a7f3df8a9a merge 2022-03-07 16:04:38 +01:00
Delta-Sierra
8fd3c87b47 update threat actors meta 2022-03-07 15:54:29 +01:00
8e09c9b30c
Merge pull request #685 from danielplohmann/patch-14
adding threat actor "Moses Staff"
2022-03-02 21:43:00 +01:00
Daniel Plohmann
896a451461
fixed with linted JSON. 2022-03-02 21:22:28 +01:00
Daniel Plohmann
a817324cd4
adding threat actor "Moses Staff" 2022-03-02 15:50:39 +01:00
Mathieu Beligon
0b456b8afa version bump -> 213 2022-03-02 14:55:26 +01:00
Mathieu Beligon
d3d241ca54 Update Gamaredon target 2022-03-02 14:55:19 +01:00
Mathieu Beligon
27c05a118e Update GhostWriter 2022-03-02 13:16:20 +01:00
Delta-Sierra
c909a35d65 Merge https://github.com/MISP/misp-galaxy into main 2022-02-18 10:57:10 +01:00
Delta-Sierra
a788c867a7 jq 2022-02-18 10:56:07 +01:00
Delta-Sierra
b0cd884afc add TA2541 2022-02-18 10:54:25 +01:00
Daniel Plohmann
321e4b4a57
another Gamaredon ref and version bump 2022-02-18 08:26:01 +01:00
Daniel Plohmann
254dd47a61
adding ACTINIUM as MSFT name for Gamaredon 2022-02-18 08:24:35 +01:00
Delta-Sierra
33ef3317b7 fix duplicate 2022-02-14 10:02:36 +01:00
Delta-Sierra
9b76d71c43 Merge https://github.com/MISP/misp-galaxy into main 2022-02-14 08:47:21 +01:00
Delta-Sierra
3184819968 add DDG botnet and more 2022-02-11 16:13:36 +01:00
rwe
4700780d47 added antlion APT group 2022-02-05 04:52:33 -08:00
f49b54281b
chg: [ransomware] set encryption only 2022-02-02 22:36:14 +01:00
3328b73185
fix: [ransomware] array end missing 2022-02-02 22:32:39 +01:00
Kevin Holvoet
3d23f98d04
Forgot comma between JSON entries 2022-02-02 18:58:55 +01:00
Kevin Holvoet
389add7580
Update ransomware.json with URL fix
Fixed URL for AlphaLocker
2022-02-02 18:54:31 +01:00
Kevin Holvoet
fa9829cec0
Update ransomware.json: add BlackCat (ALPHV) 2022-02-02 18:50:19 +01:00
Daniel Plohmann
833a6e0a8d
updated URLs for Gamaredon with Shuckworm alias reference 2022-02-02 09:40:10 +01:00
Daniel Plohmann
8f928d8eb3
adding Gamaredon alias Shuckworm used by Symantec 2022-02-02 09:35:53 +01:00
Delta-Sierra
5cf1eb01f4 Merge https://github.com/MISP/misp-galaxy into main 2022-01-31 10:04:07 +01:00
1fda357a03
new: [surveillance] Cytrox added 2022-01-30 11:31:55 +01:00
Jürgen Löhel
22046a1eae
Adds WhisperGate
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-01-18 13:16:06 -06:00
Delta-Sierra
e523bdaf70 merge 2022-01-14 16:08:14 +01:00
Jürgen Löhel
3059c70ae6
Adds UPAS-Kit
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-01-13 11:53:32 -06:00
Thomas Dupuy
c792bdd1b7 Add AQUATIC PANDA threat actor. 2022-01-12 13:51:11 -05:00
Thomas Dupuy
afaf3a3110 Add Motnug tool. 2022-01-12 13:37:59 -05:00
Jürgen Löhel
5aa8a8a8b1
Adds Ragnatela RAT
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-01-10 15:57:10 -06:00
Sami Tainio
dcb87b0dc6 chg: [threat-actor] Add SideCopy 2022-01-07 17:45:41 +02:00
Daniel Plohmann
3094283252
adding Mandiant's FIN13. 2022-01-03 09:32:43 +01:00
eba1b2839f
chg: [concordia] CMTMF killchain typo fixed 2021-12-20 10:41:00 +01:00
Raphaël Vinot
b4d518d4f0 fix: cmtmf-attack-pattern had multiple duplicate UUIDs 2021-12-17 17:58:29 +01:00
12617ff627
chg: [concordia] fix name inconsistencies 2021-12-17 17:41:00 +01:00
69b582f9ba
chg: [concordia] duplicate removed 2021-12-17 17:31:38 +01:00
bc3ab62917
chg: [concordia] duplicate removed 2021-12-17 17:26:04 +01:00
ee2a3c83f4
chg: [concordia] duplicate techniques removed 2021-12-17 17:21:00 +01:00
01d23b61b7
chg: [concordia] typo fixed 2021-12-17 17:15:43 +01:00
01f2ce68d4
chg: [misp-galaxy] duplicate modify trusted environment and also different technique ID? 2021-12-17 17:13:57 +01:00
5becac98e4
chg: [concordia] duplicates removed 2021-12-17 16:51:11 +01:00
ae7b7bd47d
chg: [cmtmf-attack-pattern] various fixes to make JSON ok 2021-12-17 16:08:07 +01:00
7b587710b1
Merge branch 'concordia_mtmf' of https://github.com/BennSaturn/misp-galaxy into BennSaturn-concordia_mtmf 2021-12-17 15:55:03 +01:00
Jürgen Löhel
b81ac7f01d Adds DarkWatchman RAT
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-12-17 07:20:58 -06:00
Delta-Sierra
b8960393a4 add Milan Rat, Shark tool and Lyceum synonyms 2021-11-29 16:00:40 +01:00
Delta-Sierra
bb92427b65 add Lyceum synonyms/sources 2021-11-29 12:05:51 +01:00
Delta-Sierra
78a8cf4ad2 add ESPecter Bootkit 2021-11-19 16:30:57 +01:00
Delta-Sierra
c89623e945 add ESPecter bootkit 2021-11-16 08:17:37 +01:00
Christophe Vandeplas
aeb5719448 chg: [att&ck] update to ATT&CK v10 2021-10-22 14:34:25 +02:00
ab41df7282
chg: [malpedia] remove duplicate 2021-10-20 12:24:12 +02:00
e517787e7c
chg: [malpedia] duplicates removed 2021-10-20 12:21:05 +02:00
69f878c86f
fix: [malpedia] remove duplicate urls 2021-10-20 12:16:22 +02:00
da91f2abc2
chg: [malpedia] updated 2021-10-20 10:21:03 +02:00
marjatech
d74fdb3e43
update malpedia 2021-10-19 16:21:19 +02:00
Bernardo Santos
e74fcfe268 Update cmtmf-attack-pattern.json
- update version
2021-10-13 10:06:00 +02:00
Bernardo Santos
5f19983ba3 Update cmtmf-attack-pattern.json
- Changes to cluster type
- Fix typo for privilege escalation tactic
2021-10-13 09:57:03 +02:00
Bernardo Santos
49dfcca563 CONCORDIA MTMF - Initial version
Initial version of the CONCORDIA Mobile Threat Modelling Framework for the CONCORDIA Project: https://www.concordia-h2020.eu/
2021-10-12 10:54:06 +02:00
Bernardo Santos
d09681b011 CONCORDIA MTMF - Initial version
Initial version of the CONCORDIA Mobile Threat Modelling Framework for the CONCORDIA Project: https://www.concordia-h2020.eu/
2021-10-12 10:45:03 +02:00
Jeroen Pinoy
9ec76ae185
Add threat actor common raven 2021-10-03 23:30:20 +02:00
Thomas Patzke
26f0c344a1 Added O365 techniques
Source:
https://www.inversecos.com/2021/09/office365-attacks-bypassing-mfa.html
2021-09-18 23:27:38 +02:00
Thomas Dupuy
1985de4d44 Add BLUELIGHT tool. 2021-08-27 10:28:06 +02:00
Thomas Dupuy
89a3f986ba Add InkySquid synonym. 2021-08-24 16:29:34 +02:00
Daniel Plohmann
3272960a14
fixed typo in actor name (CLOCKWORD -> CLOCKWORK SPIDER) 2021-08-19 06:02:40 +02:00
Rony
5dd0c7d8b3
chg: [threat-actor] add origin country to UNC2452 & HAFNIUM
addressed https://github.com/MISP/misp-galaxy/pull/660#issuecomment-884475015
2021-08-02 22:30:05 +05:30
Rony
636ccdedcd
Update threat-actor.json 2021-07-21 18:47:56 +05:30
Rony
9ecfecc063
another fix 2021-07-21 18:41:18 +05:30
Rony
32ea60d721
fix 2021-07-21 18:31:05 +05:30
Rony
52e7d5a0a9
multiple updates to apt40, apt31 & hafnium 2021-07-21 18:28:40 +05:30
Rony
fb9a41f8e9
from Gov Canada & MFA Japan 2021-07-19 20:33:35 +05:30
Rony
c90c60cb13
adding references for APT40 & APT31 2021-07-19 20:14:36 +05:30
6c8949caa9
Merge pull request #658 from jasperla/oilrig
merge APT34 with OilRig
2021-07-03 08:56:39 +02:00
Deborah Servili
b6005bd53f
Merge branch 'main' into master 2021-07-02 13:30:51 +02:00
Delta-Sierra
913aff30c3 Add NOBELIUM and related 2021-07-02 13:18:03 +02:00
Jasper Lievisse Adriaanse
792490298e merge APT34 with OilRig
OilRig already has "APT 34" and "APT34" as synonyms. Additionally
MITRE has since combined them due to overlap in activity:
https://attack.mitre.org/groups/G0049/
2021-06-29 20:26:04 +02:00
a5d7d85dc8
Merge pull request #657 from jloehel/add_matanbuchus
[cluster][tool] Adds Matanbuchus
2021-06-22 07:23:20 +02:00
Jürgen Löhel
254c201601
[cluster][tool] Adds Matanbuchus
+ threat actor: BelialDemon

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-06-21 18:04:28 -05:00
Jürgen Löhel
381973f5de
[cluster][stealer] Adds HackBoss
Fixes: #651

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-06-21 16:35:20 -05:00
Thomas Dupuy
772c5145c1 Added BackdoorDiplomacy and Gelsemium. 2021-06-11 11:48:57 -04:00
Rony
9a723b6261
more ta544 references 2021-05-26 20:26:27 +05:30
Rony
db06e1fa4a
chg: [threat-actor] added cybercrime threat group profiles from Crowdstrike & Secureworks 2021-05-22 21:02:30 +05:30
Daniel Plohmann
433ea5cb45
Twisted Spider -> TWISTED SPIDER
fair point
2021-05-19 17:04:58 +02:00
Daniel Plohmann
9719122d27
adding Twisted Spider as alias for TA2101 (Maze) 2021-05-19 16:47:41 +02:00
a3cdbc1309
Merge pull request #650 from Still34/patches/alias-tick-1
Add alias for Tick
2021-05-07 23:23:38 +02:00
Still Hsu
eb671f1e6a
Add Nian alias
Signed-off-by: Still Hsu <dev@stillu.cc>
2021-05-08 00:52:27 +08:00
Still Hsu
fe7c0dab07
Add country origin for BlackTech
Signed-off-by: Still Hsu <dev@stillu.cc>
2021-05-08 00:32:39 +08:00
Daniel Plohmann
38b8bac51d
fixing broken/dead links 2021-05-04 20:15:17 +02:00
6f7d3d5c2b
chg: [ransomware] COLT (Compromise to Leak Time) added on Darkside and Pysa
"COLT – Compromise to Leak Time" - new meta colt-median/colt-average.

For reference: https://vulnerability.ch/2021/05/colt-compromise-to-leak-time/
2021-05-03 07:41:43 +02:00
7aaf25a424
new: [ransomware] Ragnarok added 2021-04-30 12:08:03 +02:00
94ec98d544
Merge pull request #646 from r0ny123/update
Updates to APT27 & Tick
2021-04-29 18:29:53 +02:00
Christophe Vandeplas
86ee7008b2 chg: [att&ck] bump to latest ATT&CK version from MITRE 2021-04-29 18:12:36 +02:00
211a4b5145 fix: [ransomware] Related key should be outside metas 2021-04-26 13:48:06 +02:00
Rony
4ba2db0f3a FlatChestWare duplicate removed 2021-04-26 16:24:09 +05:30
ef9989dbe8
chg: [ransomware] duplicate removed 2021-04-26 12:06:03 +02:00
847d3e8fa7
chg: [ransomware] duplicate removed 2021-04-26 12:01:01 +02:00
f3992ec5f1
chg: [ransomware] duplicates removed 2021-04-26 11:57:21 +02:00
f2703bd03e
chg: [ransomware] Flyper removed 2021-04-26 11:52:28 +02:00
Delta-Sierra
3cae487e3d fix duplicates and add relations 2021-04-26 11:25:39 +02:00
Rony
faed812fc9 Merged STALKER PANDA to Tick 2021-04-25 19:12:20 +05:30
Rony
89b9c0c32c several updates to apt27 2021-04-25 16:53:36 +05:30
Delta-Sierra
0a05621f82 Merge https://github.com/MISP/misp-galaxy 2021-04-19 15:48:58 +02:00
Delta-Sierra
b138354fa5 Removing duplicate 2021-04-19 15:42:49 +02:00
28f6475cc5
chg: [ransomware] first duplicate removed 2021-04-19 15:13:18 +02:00
e7061f90d9
chg: [ransomware] remove duplicate "File-Locker" 2021-04-19 15:08:06 +02:00
ab13dd00f8
Merge pull request #645 from Delta-Sierra/master
Adding ransomware names [WIP 2/3]
2021-04-19 15:03:12 +02:00
Delta-Sierra
f5713a8d87 Removing unexpected line 2021-04-19 14:53:36 +02:00
Delta-Sierra
b7b4b356c3 Adding ransomware names [WIP 3] 2021-04-19 14:47:10 +02:00
Delta-Sierra
fdf1a6c112 Adding ransomware names [WIP 2] 2021-04-19 13:24:25 +02:00
Daniel Plohmann
6eb594a6b0
adding Yanbian Gang as threat actor 2021-04-16 15:12:45 +02:00
Delta-Sierra
f3456a89c5 fix version 2021-04-15 15:08:11 +02:00
Delta-Sierra
4bcd0492bd Adding ransomwares WIP 2021-04-15 15:07:52 +02:00
Daniel Plohmann
2d8e9ea364
Symantec uses Palmerworm as alias for BlackTech
Adding Palmerworm as Symantec alias for BlackTech (with reference).
2021-03-31 22:35:12 +02:00
Thomas Dupuy
a8c62ddeda Add Ghostwriter. 2021-03-31 09:42:40 -04:00
Rony
50f5d2ae4a
reverted changes made into 52ae97718d 2021-03-30 22:19:05 +05:30
sebdraven
ce8a9442eb validation jsons 2021-03-30 13:12:21 +00:00
Sebdraven
52ae97718d Update threat-actor.json
add a synonym to Haffnium
2021-03-30 15:11:09 +02:00
sebdraven
b082977b9f validation ok 2021-03-30 10:22:35 +00:00
Sebdraven
4ed4cebcee Update threat-actor.json
format json
2021-03-30 12:16:22 +02:00
Sebdraven
a62e3ba530 Update threat-actor.json
add redecho threat actor
2021-03-30 12:10:50 +02:00
Jakub Onderka
ca9608da6d fix: Cryptominers type 2021-03-27 22:07:33 +01:00
26b9740e55
chg: [malpedia] jq all the file and removed ref duplicates 2021-03-13 11:00:39 +01:00
Jakob M
f02ce7e805 update to latest
Ref: https://malpedia.caad.fkie.fraunhofer.de/api/get/misp
2021-03-12 10:35:12 +01:00
Delta-Sierra
eff327b4fd fix progress 2021-03-11 14:42:55 +01:00
Delta-Sierra
7c843ac5c2 fix merge & jq 2021-03-11 14:08:29 +01:00
Delta-Sierra
c37befc8a9 merge 2021-03-11 10:35:05 +01:00
855a12a408
chg: [clusters] fixing broken UUID fix #628 2021-03-11 09:54:50 +01:00
f6ed00233e
chg: [ransomware] fix the broken UUID fix #628 2021-03-11 09:52:25 +01:00
Rony
57c7d0b9a0
From Nextron 2021-03-06 19:44:32 +05:30
Rony
6cabbfb091
more! 2021-03-06 14:22:29 +05:30
Rony
7b242555df
More references
From 
Crowdstrike
MSRC
and kql hunting query from James Quinn
2021-03-06 13:28:14 +05:30
Rony
eaab88ef28
add HAFNIUM detection refs 2021-03-05 16:51:28 +05:30
Rony
4bc438a325
fix 2021-03-05 11:48:43 +05:30
Rony
d9b299aafc
add more HAFNIUM references 2021-03-05 11:42:04 +05:30
Rony
c9f7afef1c
Adding alias NOBELIUM 2021-03-04 22:39:33 +05:30
47dade9d0e
Merge pull request #631 from r0ny123/Enhancement
Add HAFNIUM
2021-03-04 14:48:01 +01:00
a9a6b0253f
chg: [microsoft activity group] HAFNIUM added 2021-03-04 10:49:58 +01:00
Rony
ad795606cf
added HAFNIUM
Updates:
Tonto Team
UNC2452
2021-03-04 00:10:33 +05:30
Sebdraven
2666341afc Update threat-actor.json
update Sidewinder card
2021-03-03 17:59:25 +01:00
Thomas Dupuy
f842694fda Update Infy TA. 2021-03-02 14:37:01 -05:00