Daniel Plohmann (jupiter)
a705d1402f
fixing deadlinks where possible
2020-05-27 09:49:58 +02:00
Daniel Plohmann (jupiter)
171f272a1e
default to HTTPS to be consistent with other links to same page
2020-05-27 09:27:52 +02:00
8a0a4cb02d
Merge pull request #551 from nyx0/master
...
Add CrackMapExec, metasploit, Cobalt Strike and Covenant
2020-05-27 09:10:08 +02:00
Thomas Dupuy
291fb41502
Remove duplicate TA (Chafer), fix symantec link, add synonyme for DarkHotel
2020-05-26 09:50:43 -04:00
Thomas Dupuy
143bd521be
Add CrackMapExec, metasploit, Cobalt Strike and Covenant
2020-05-26 09:35:01 -04:00
Rony
fbd351590a
Update threat-actor.json
2020-05-24 23:18:54 +05:30
Rony
5f8094d16f
fix
2020-05-24 23:14:43 +05:30
b5bbc34f5d
chg: [threat-actor] remove the non-unique elements
2020-05-22 14:01:32 +02:00
Nils Kuhnert
fbfe9d23c3
Merged (most) SecureWorks threat actor profiles && jq
2020-05-22 13:45:29 +02:00
iglocska
dee9a56460
fix: small fixes to the bhadra framework
2020-05-19 16:45:40 +02:00
iglocska
43703f1a96
new: added Bhadra framework for mobile attacks
...
- based on the paper published here: https://arxiv.org/pdf/2005.05110.pdf
- thanks to the ATT&CK EU community conference speakers highlighting this framework!
2020-05-19 16:34:59 +02:00
006b61bc44
Merge pull request #547 from Delta-Sierra/master
...
add Snake Ransomware
2020-05-15 17:55:47 +02:00
Deborah Servili
b943a7daca
fix missing description
2020-05-15 09:00:34 +02:00
Deborah Servili
6d6da39da4
add Snake Ransomware
2020-05-13 11:58:33 +02:00
Daniel Plohmann
5101c5a828
msft name: BORON for APT3
...
as per tweet: https://twitter.com/bkMSFT/status/1259578051962306562
2020-05-11 15:37:38 +02:00
09429eda5a
chg: [ta] fix the JSON
2020-05-11 10:20:10 +02:00
Thomas Dupuy
fc9505cadf
Add Sednit's Exploit-kit Sedkit
2020-05-08 13:29:14 -04:00
Thomas Dupuy
69fe870803
Add Higaisa Threat Actor
2020-05-08 13:01:48 -04:00
Deborah Servili
1d331a9ab1
Merge branch 'master' into master
2020-04-28 15:19:38 +02:00
Thomas Dupuy
46a6d9fcb1
Add DenesRAT/METALJACK
2020-04-28 01:08:50 -04:00
2a70893352
chg: [jq] JSON fixed
2020-04-27 15:03:25 +02:00
de Rosen
a428ad565e
Added misp info
2020-04-27 15:16:33 +03:00
Deborah Servili
f6fd07fbc9
add speculoos bakdoor
2020-04-27 09:36:23 +02:00
86157a6b96
Merge pull request #539 from r0ny123/MergingTA
...
Adding alias Thallium and merging STOLEN PENCIL
2020-04-26 21:16:56 +02:00
Rony
112f9e4a08
Adding alias Thallium and merging STOLEN PENCIL
...
Pretty much confirmed from the crowdstrike talk at ATT&CKon 2.0.
And also Netscout named the campaign as STOLEN PENCIL.
2020-04-26 23:47:37 +05:30
de71a444f8
chg: [json] add missing comma
2020-04-26 14:23:59 +02:00
rvs1st
d449eb94fc
Update threat-actor.json
...
Added on line 1403: Trident per campaign malicious RTF documents to exploit CVE-2017-11882 and CVE-2012-0158
2020-04-24 09:03:58 -05:00
4234d44052
Merge pull request #537 from danielplohmann/patch-28
...
Adding Nazar APT as described by JAGS in his OPCDE talk yesterday.
2020-04-24 15:33:47 +02:00
Daniel Plohmann
858621ebdc
Adding Nazar APT as described by JAGS in his OPCDE talk yesterday.
2020-04-23 15:47:35 +02:00
Daniel Plohmann
b0f0bbae33
adding VOYEUR as alias (used by NSA) for MAGIC KITTEN (source reference included)
2020-04-23 14:52:08 +02:00
Deborah Servili
6b49d81b13
Merge branch 'master' of https://github.com/MISP/misp-galaxy
2020-04-23 10:06:04 +02:00
itayc0hen
667d5b8850
Add ItaDuke/DarkUniverse actor
2020-04-22 19:44:38 +03:00
pnx@pyrite
974ece3a7c
adding FIN1
2020-04-20 14:20:22 +02:00
Rony
aa34775390
typo
...
thanks to @patricksvgr
2020-04-19 23:17:44 +05:30
Rony
ddfa280672
Update threat-actor.json
2020-04-19 23:06:57 +05:30
Rony
7ac2648dbc
more fix
2020-04-19 23:00:42 +05:30
Rony
573b4807ee
fix broken links
2020-04-19 16:03:21 +05:30
Rony
42a4820823
dead link
2020-04-19 11:45:45 +05:30
Rony
0aa34187e9
add link
2020-04-19 11:29:36 +05:30
Rony
d6bf42254f
Merging APT23 & Tropic Trooper
2020-04-18 13:22:25 +05:30
Rony
c161080175
Update threat-actor.json
2020-04-15 21:36:48 +05:30
Deborah Servili
e8edc9cafc
Merge branch 'master' of https://github.com/MISP/misp-galaxy
2020-04-15 11:27:01 +02:00
Deborah Servili
b01e64eb1f
add Operation Shadow Forece
2020-04-08 14:53:19 +02:00
Daniel Plohmann
aba625dee5
removed duplicate entry
2020-04-07 08:49:33 +02:00
Daniel Plohmann
e15a4a6525
fixing/removing some more dead links
2020-04-06 15:25:22 +02:00
Deborah Servili
7859c8dbd7
Add coronavirus ransomware
2020-04-03 16:19:45 +02:00
Deborah Servili
8a3422acb4
add Pyta ransomnotes
2020-04-03 11:58:02 +02:00
Deborah Servili
c566c89f2a
add pyza ransomware
2020-03-27 14:22:34 +01:00
c7104e8819
chg: [country] jq all
2020-03-23 13:09:14 +01:00
iglocska
777c3188db
new: [country] galaxy added
2020-03-23 12:10:16 +01:00
35a57c36bf
Merge pull request #526 from Delta-Sierra/master
...
PARINACOTA group
2020-03-12 23:23:05 +01:00
Deborah Servili
a706b8ef2e
PARINACOTA group
2020-03-12 13:11:46 +01:00
e37f320df5
Merge pull request #523 from danielplohmann/patch-24
...
adding aliases MERCURY, HOLMIUM
2020-03-09 21:56:27 +01:00
Daniel Plohmann
ab49ef3c1a
Kimsuki -> Black Banshee
...
PWC refers to Kimsuki as Black Banshee (https://www.pwc.co.uk/issues/cyber-security-data-privacy/research/tracking-kimsuky-north-korea-based-cyber-espionage-group-part-2.html )
2020-03-09 18:20:56 +01:00
Daniel Plohmann
1260ab156a
adding aliases MERCURY, HOLMIUM
...
Muddywater->MERCURY: https://twitter.com/moranned/status/1234071210822184960
APT33->HOLMIUM: https://www.zdnet.com/article/microsoft-notified-10000-victims-of-nation-state-attacks/
2020-03-09 08:50:08 +01:00
e81c91e3e9
Merge pull request #522 from Delta-Sierra/master
...
add sdbbot
2020-03-06 15:24:14 +01:00
Deborah Servili
b007d5d3ce
add SdBbot
2020-03-06 14:33:19 +01:00
a407ddcc5b
Merge branch 'master' of github.com:MISP/misp-galaxy
2020-03-05 10:49:15 +01:00
375db26505
chg: [malpedia] fixes
2020-03-05 10:48:28 +01:00
4a64d0a4ad
Merge pull request #519 from danielplohmann/crowdstrike2020report
...
adding new/updated threat actor names from CrowdStrike 2020 report
2020-03-05 09:07:16 +01:00
Corsin Camichel
66aa5c3b13
fixing a comma error
2020-03-04 21:13:01 +01:00
Daniel Plohmann (jupiter)
0c2b0b76eb
while we are at it, we can also do Longhorn = APT-C-39
2020-03-04 21:09:06 +01:00
Corsin Camichel
a5a7c21c79
adding Raccoon (win.raccoon)
2020-03-04 21:02:51 +01:00
Daniel Plohmann (jupiter)
184f193342
IMPERIAL KITTEN as alias for Tortoiseshell
2020-03-04 19:39:14 +01:00
pnx@pyrite
3dc460e795
adding new/updated threat actor names from CrowdStrike 2020 report
2020-03-04 13:36:34 +01:00
Daniel Plohmann
dc059d1f4d
Accenture calls APT32 - "POND LOACH"
2020-03-03 19:40:50 +01:00
Deborah Servili
d8ea0f865c
add clop ransomware extension
2020-03-02 13:33:38 +01:00
b4b91b1e5d
chg: [threat-actor] JSON fixed
2020-02-28 16:37:24 +01:00
4c7532984a
Merge branch 'master' of https://github.com/nyx0/misp-galaxy into nyx0-master
2020-02-28 16:36:56 +01:00
Deborah Servili
0d4745d55f
Merge branch 'master' of https://github.com/MISP/misp-galaxy
2020-02-28 11:38:20 +01:00
Deborah Servili
a61f8d7049
add extension to clop ransomware
2020-02-28 11:37:54 +01:00
ee63756cc5
Merge pull request #516 from rmkml/master
...
add MedusaLocker ransomware
2020-02-23 16:06:45 +01:00
rmkml
590e292b68
add MedusaLocker ransomware
2020-02-23 16:01:45 +01:00
Deborah Servili
29bf20e89b
add razor ransomware
2020-02-19 15:55:29 +01:00
Thomas Dupuy
0daeb675f5
Add InvisiMole cluster
2020-02-18 13:28:32 -05:00
c98093e6fe
Merge pull request #513 from danielplohmann/patch-20
...
adding APT-C-12
2020-02-13 21:56:34 +01:00
Daniel Plohmann
e481e9bb50
adding APT-C-12
2020-02-13 17:44:45 +01:00
Deborah Servili
f196bad4a1
add tools used by TA505 + others
2020-02-12 15:39:16 +01:00
Deborah Servili
66a721fcd3
Merge branch 'master' of https://github.com/MISP/misp-galaxy
2020-02-12 15:00:30 +01:00
Deborah Servili
b46f9b68fe
add warzone RAT
2020-02-06 13:39:58 +01:00
33aa1c8f3f
Merge pull request #510 from Delta-Sierra/master
...
add ransomwares
2020-02-06 09:53:19 +01:00
Deborah Servili
46fe9cb82b
add ransomwares
2020-02-06 09:29:33 +01:00
Rony
22c9badee0
Update threat-actor.json
...
those are the name of aliases of the same malware family sykipot. so removing it.
2020-02-05 18:00:31 +05:30
Deborah Servili
5da17d51aa
Merge branch 'master' into master
2020-01-24 09:33:33 +01:00
Deborah Servili
606e3ec90f
jq
2020-01-24 09:32:09 +01:00
6d078a88dd
chg: [ransomware] Nodera ransomware added
2020-01-24 09:04:38 +01:00
Deborah Servili
58415324c5
add Operation Wocao
2020-01-24 08:27:20 +01:00
Thomas Dupuy
edc5196373
Add Attor and DePriMon
2020-01-23 11:27:00 -05:00
Daniel Plohmann
ccfe5ee130
removing and fixing deadlinks in the best possible way
...
Hi! While migrating Malpedia to our new reference data format, we noticed a few potentially dead/moved references in your cluster. This pull request should fix most of them, for some I was not able to find an appropriate replacement.
2020-01-23 11:14:20 +01:00
Daniel Plohmann
29a128da6f
adding references and TEMP.MixMaster as alias for WIZARD SPIDER
...
with kudos to @tbarabosch
2020-01-22 15:42:01 +01:00
911c2bf0bf
Merge pull request #504 from Delta-Sierra/master
...
update target location galaxy
2020-01-21 11:06:56 +01:00
Deborah Servili
8421bde291
complete Zimbabwe cluster
2020-01-21 10:51:07 +01:00
Deborah Servili
f364e51d24
update target location galaxy
2020-01-20 14:46:03 +01:00
dbaab413b6
chg: [threat-actor] typo fixed
2020-01-18 17:30:27 +01:00
564f27c5ca
chg: [threat-actor] format fixed
2020-01-18 17:26:45 +01:00
34c5c66279
chg: [threat-actor] fix order
2020-01-18 17:08:32 +01:00
8eeceafc51
chg: [threat-actor] Budminer APT added based on document from "Soesanto, Stefan"
...
Ref: https://www.research-collection.ethz.ch/bitstream/handle/20.500.11850/389371/1/Cyber-Reports-2020-01-A-one-sided-Affair.pdf
Ref: https://www.symantec.com/connect/blogs/taiwan-targeted-new-cyberespionage-back-door-trojan
2020-01-18 17:02:44 +01:00
StefanKelm
027d94e68a
Update ransomware.json
2020-01-16 16:59:22 +01:00
StefanKelm
f53a92065c
Update ransomware.json
...
5ss5c
2020-01-16 16:46:38 +01:00
Deborah Servili
5ec817b499
Merge branch 'master' into master
2020-01-15 14:36:01 +01:00