Commit graph

2736 commits

Author SHA1 Message Date
Sami Mokaddem
a9a09d11c6
chg: jq all 2022-03-31 08:59:36 +02:00
Mathieu Beligon
c35fad3291 Add threat actor group Scarab 2022-03-28 12:11:34 +02:00
94c3788089
Merge pull request #687 from Badis-dev/main
Add galaxy and cluster cancer
2022-03-25 10:04:46 +01:00
AgatheMgt
aec779d1ee poatate 2022-03-24 09:43:58 -04:00
AgatheMgt
3ce6d7a313
Update handicap.json 2022-03-24 07:48:49 -04:00
AgatheMgt
a6a16926f6
Create handicap.json 2022-03-24 07:08:08 -04:00
Daniel Plohmann
24a3f16ab4
adding threat actor group LAPSUS$ / DEV-0537. 2022-03-23 09:47:10 +01:00
Delta-Sierra
97690426bf update threat actors meta 2022-03-18 16:41:10 +01:00
6f0208dcaf
chg: [ransomware] UUID fixed 2022-03-18 16:03:27 +01:00
ef5af37dbe
chg: [botnet] duplicate UUIDs replaced 2022-03-18 15:58:09 +01:00
c0a07d2246
chg: [ransomware] replace duplicate UUIDs 2022-03-18 15:57:06 +01:00
botlabsDev
6416d0b2de add Rook Ransomware, Pandora Ranomsware, Astro Locker, Mount Locker, Ripprbot, Abcbot Cyclops Blink and Elknot 2022-03-18 15:34:11 +01:00
18069ce5f3
Merge pull request #688 from botlabsDev/patch-0
Add tool 'BadPotato' to clusters/tool.json
2022-03-15 12:30:47 +01:00
7fd5715715
Merge pull request #691 from r0ny123/indian-adversaries
Update to Indian Adversaries
2022-03-15 12:28:16 +01:00
Rony
eebda5f955
chg: [threat-actor] merging viceroy tiger and donot team & adding SectorE02 as an alias of Donot team 2022-03-15 15:02:57 +05:30
Rony
ac72e7b639
fix 2022-03-15 14:00:46 +05:30
Rony
3b67e745e5
Update threat-actor.json 2022-03-15 13:57:00 +05:30
botlabsDev
99ab2a13d6 Add tool 'BadPotato' to clusters/tool.json 2022-03-14 18:02:02 +01:00
Badis-dev
231915f9a4 add galaxy and cluster cancer 2022-03-11 14:20:09 +01:00
Badis-dev
27241135a2
Add cancer.json 2022-03-11 11:26:57 +01:00
Badis-dev
78f1c9f345
Delete cancer.json 2022-03-11 11:26:30 +01:00
Badis-dev
1c707f7c5e
Add cancer cluster 2022-03-11 11:13:57 +01:00
Delta-Sierra
957327383d fix array 2022-03-07 16:10:53 +01:00
Delta-Sierra
a7f3df8a9a merge 2022-03-07 16:04:38 +01:00
Delta-Sierra
8fd3c87b47 update threat actors meta 2022-03-07 15:54:29 +01:00
8e09c9b30c
Merge pull request #685 from danielplohmann/patch-14
adding threat actor "Moses Staff"
2022-03-02 21:43:00 +01:00
Daniel Plohmann
896a451461
fixed with linted JSON. 2022-03-02 21:22:28 +01:00
Daniel Plohmann
a817324cd4
adding threat actor "Moses Staff" 2022-03-02 15:50:39 +01:00
Mathieu Beligon
0b456b8afa version bump -> 213 2022-03-02 14:55:26 +01:00
Mathieu Beligon
d3d241ca54 Update Gamaredon target 2022-03-02 14:55:19 +01:00
Mathieu Beligon
27c05a118e Update GhostWriter 2022-03-02 13:16:20 +01:00
Delta-Sierra
c909a35d65 Merge https://github.com/MISP/misp-galaxy into main 2022-02-18 10:57:10 +01:00
Delta-Sierra
a788c867a7 jq 2022-02-18 10:56:07 +01:00
Delta-Sierra
b0cd884afc add TA2541 2022-02-18 10:54:25 +01:00
Daniel Plohmann
321e4b4a57
another Gamaredon ref and version bump 2022-02-18 08:26:01 +01:00
Daniel Plohmann
254dd47a61
adding ACTINIUM as MSFT name for Gamaredon 2022-02-18 08:24:35 +01:00
Delta-Sierra
33ef3317b7 fix duplicate 2022-02-14 10:02:36 +01:00
Delta-Sierra
9b76d71c43 Merge https://github.com/MISP/misp-galaxy into main 2022-02-14 08:47:21 +01:00
Delta-Sierra
3184819968 add DDG botnet and more 2022-02-11 16:13:36 +01:00
rwe
4700780d47 added antlion APT group 2022-02-05 04:52:33 -08:00
f49b54281b
chg: [ransomware] set encryption only 2022-02-02 22:36:14 +01:00
3328b73185
fix: [ransomware] array end missing 2022-02-02 22:32:39 +01:00
Kevin Holvoet
3d23f98d04
Forgot comma between JSON entries 2022-02-02 18:58:55 +01:00
Kevin Holvoet
389add7580
Update ransomware.json with URL fix
Fixed URL for AlphaLocker
2022-02-02 18:54:31 +01:00
Kevin Holvoet
fa9829cec0
Update ransomware.json: add BlackCat (ALPHV) 2022-02-02 18:50:19 +01:00
Daniel Plohmann
833a6e0a8d
updated URLs for Gamaredon with Shuckworm alias reference 2022-02-02 09:40:10 +01:00
Daniel Plohmann
8f928d8eb3
adding Gamaredon alias Shuckworm used by Symantec 2022-02-02 09:35:53 +01:00
Delta-Sierra
5cf1eb01f4 Merge https://github.com/MISP/misp-galaxy into main 2022-01-31 10:04:07 +01:00
1fda357a03
new: [surveillance] Cytrox added 2022-01-30 11:31:55 +01:00
Jürgen Löhel
22046a1eae
Adds WhisperGate
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-01-18 13:16:06 -06:00
Delta-Sierra
e523bdaf70 merge 2022-01-14 16:08:14 +01:00
Jürgen Löhel
3059c70ae6
Adds UPAS-Kit
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-01-13 11:53:32 -06:00
Thomas Dupuy
c792bdd1b7 Add AQUATIC PANDA threat actor. 2022-01-12 13:51:11 -05:00
Thomas Dupuy
afaf3a3110 Add Motnug tool. 2022-01-12 13:37:59 -05:00
Jürgen Löhel
5aa8a8a8b1
Adds Ragnatela RAT
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-01-10 15:57:10 -06:00
Sami Tainio
dcb87b0dc6 chg: [threat-actor] Add SideCopy 2022-01-07 17:45:41 +02:00
Daniel Plohmann
3094283252
adding Mandiant's FIN13. 2022-01-03 09:32:43 +01:00
eba1b2839f
chg: [concordia] CMTMF killchain typo fixed 2021-12-20 10:41:00 +01:00
Raphaël Vinot
b4d518d4f0 fix: cmtmf-attack-pattern had multiple duplicate UUIDs 2021-12-17 17:58:29 +01:00
12617ff627
chg: [concordia] fix name inconsistencies 2021-12-17 17:41:00 +01:00
69b582f9ba
chg: [concordia] duplicate removed 2021-12-17 17:31:38 +01:00
bc3ab62917
chg: [concordia] duplicate removed 2021-12-17 17:26:04 +01:00
ee2a3c83f4
chg: [concordia] duplicate techniques removed 2021-12-17 17:21:00 +01:00
01d23b61b7
chg: [concordia] typo fixed 2021-12-17 17:15:43 +01:00
01f2ce68d4
chg: [misp-galaxy] duplicate modify trusted environment and also different technique ID? 2021-12-17 17:13:57 +01:00
5becac98e4
chg: [concordia] duplicates removed 2021-12-17 16:51:11 +01:00
ae7b7bd47d
chg: [cmtmf-attack-pattern] various fixes to make JSON ok 2021-12-17 16:08:07 +01:00
7b587710b1
Merge branch 'concordia_mtmf' of https://github.com/BennSaturn/misp-galaxy into BennSaturn-concordia_mtmf 2021-12-17 15:55:03 +01:00
Jürgen Löhel
b81ac7f01d Adds DarkWatchman RAT
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-12-17 07:20:58 -06:00
Delta-Sierra
b8960393a4 add Milan Rat, Shark tool and Lyceum synonyms 2021-11-29 16:00:40 +01:00
Delta-Sierra
bb92427b65 add Lyceum synonyms/sources 2021-11-29 12:05:51 +01:00
Delta-Sierra
78a8cf4ad2 add ESPecter Bootkit 2021-11-19 16:30:57 +01:00
Delta-Sierra
c89623e945 add ESPecter bootkit 2021-11-16 08:17:37 +01:00
Christophe Vandeplas
aeb5719448 chg: [att&ck] update to ATT&CK v10 2021-10-22 14:34:25 +02:00
ab41df7282
chg: [malpedia] remove duplicate 2021-10-20 12:24:12 +02:00
e517787e7c
chg: [malpedia] duplicates removed 2021-10-20 12:21:05 +02:00
69f878c86f
fix: [malpedia] remove duplicate urls 2021-10-20 12:16:22 +02:00
da91f2abc2
chg: [malpedia] updated 2021-10-20 10:21:03 +02:00
marjatech
d74fdb3e43
update malpedia 2021-10-19 16:21:19 +02:00
Bernardo Santos
e74fcfe268 Update cmtmf-attack-pattern.json
- update version
2021-10-13 10:06:00 +02:00
Bernardo Santos
5f19983ba3 Update cmtmf-attack-pattern.json
- Changes to cluster type
- Fix typo for privilege escalation tactic
2021-10-13 09:57:03 +02:00
Bernardo Santos
49dfcca563 CONCORDIA MTMF - Initial version
Initial version of the CONCORDIA Mobile Threat Modelling Framework for the CONCORDIA Project: https://www.concordia-h2020.eu/
2021-10-12 10:54:06 +02:00
Bernardo Santos
d09681b011 CONCORDIA MTMF - Initial version
Initial version of the CONCORDIA Mobile Threat Modelling Framework for the CONCORDIA Project: https://www.concordia-h2020.eu/
2021-10-12 10:45:03 +02:00
Jeroen Pinoy
9ec76ae185
Add threat actor common raven 2021-10-03 23:30:20 +02:00
Thomas Patzke
26f0c344a1 Added O365 techniques
Source:
https://www.inversecos.com/2021/09/office365-attacks-bypassing-mfa.html
2021-09-18 23:27:38 +02:00
Thomas Dupuy
1985de4d44 Add BLUELIGHT tool. 2021-08-27 10:28:06 +02:00
Thomas Dupuy
89a3f986ba Add InkySquid synonym. 2021-08-24 16:29:34 +02:00
Daniel Plohmann
3272960a14
fixed typo in actor name (CLOCKWORD -> CLOCKWORK SPIDER) 2021-08-19 06:02:40 +02:00
Rony
5dd0c7d8b3
chg: [threat-actor] add origin country to UNC2452 & HAFNIUM
addressed https://github.com/MISP/misp-galaxy/pull/660#issuecomment-884475015
2021-08-02 22:30:05 +05:30
Rony
636ccdedcd
Update threat-actor.json 2021-07-21 18:47:56 +05:30
Rony
9ecfecc063
another fix 2021-07-21 18:41:18 +05:30
Rony
32ea60d721
fix 2021-07-21 18:31:05 +05:30
Rony
52e7d5a0a9
multiple updates to apt40, apt31 & hafnium 2021-07-21 18:28:40 +05:30
Rony
fb9a41f8e9
from Gov Canada & MFA Japan 2021-07-19 20:33:35 +05:30
Rony
c90c60cb13
adding references for APT40 & APT31 2021-07-19 20:14:36 +05:30
6c8949caa9
Merge pull request #658 from jasperla/oilrig
merge APT34 with OilRig
2021-07-03 08:56:39 +02:00
Deborah Servili
b6005bd53f
Merge branch 'main' into master 2021-07-02 13:30:51 +02:00
Delta-Sierra
913aff30c3 Add NOBELIUM and related 2021-07-02 13:18:03 +02:00
Jasper Lievisse Adriaanse
792490298e merge APT34 with OilRig
OilRig already has "APT 34" and "APT34" as synonyms. Additionally
MITRE has since combined them due to overlap in activity:
https://attack.mitre.org/groups/G0049/
2021-06-29 20:26:04 +02:00
a5d7d85dc8
Merge pull request #657 from jloehel/add_matanbuchus
[cluster][tool] Adds Matanbuchus
2021-06-22 07:23:20 +02:00
Jürgen Löhel
254c201601
[cluster][tool] Adds Matanbuchus
+ threat actor: BelialDemon

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-06-21 18:04:28 -05:00
Jürgen Löhel
381973f5de
[cluster][stealer] Adds HackBoss
Fixes: #651

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-06-21 16:35:20 -05:00
Thomas Dupuy
772c5145c1 Added BackdoorDiplomacy and Gelsemium. 2021-06-11 11:48:57 -04:00
Rony
9a723b6261
more ta544 references 2021-05-26 20:26:27 +05:30
Rony
db06e1fa4a
chg: [threat-actor] added cybercrime threat group profiles from Crowdstrike & Secureworks 2021-05-22 21:02:30 +05:30
Daniel Plohmann
433ea5cb45
Twisted Spider -> TWISTED SPIDER
fair point
2021-05-19 17:04:58 +02:00
Daniel Plohmann
9719122d27
adding Twisted Spider as alias for TA2101 (Maze) 2021-05-19 16:47:41 +02:00
a3cdbc1309
Merge pull request #650 from Still34/patches/alias-tick-1
Add alias for Tick
2021-05-07 23:23:38 +02:00
Still Hsu
eb671f1e6a
Add Nian alias
Signed-off-by: Still Hsu <dev@stillu.cc>
2021-05-08 00:52:27 +08:00
Still Hsu
fe7c0dab07
Add country origin for BlackTech
Signed-off-by: Still Hsu <dev@stillu.cc>
2021-05-08 00:32:39 +08:00
Daniel Plohmann
38b8bac51d
fixing broken/dead links 2021-05-04 20:15:17 +02:00
6f7d3d5c2b
chg: [ransomware] COLT (Compromise to Leak Time) added on Darkside and Pysa
"COLT – Compromise to Leak Time" - new meta colt-median/colt-average.

For reference: https://vulnerability.ch/2021/05/colt-compromise-to-leak-time/
2021-05-03 07:41:43 +02:00
7aaf25a424
new: [ransomware] Ragnarok added 2021-04-30 12:08:03 +02:00
94ec98d544
Merge pull request #646 from r0ny123/update
Updates to APT27 & Tick
2021-04-29 18:29:53 +02:00
Christophe Vandeplas
86ee7008b2 chg: [att&ck] bump to latest ATT&CK version from MITRE 2021-04-29 18:12:36 +02:00
211a4b5145 fix: [ransomware] Related key should be outside metas 2021-04-26 13:48:06 +02:00
Rony
4ba2db0f3a FlatChestWare duplicate removed 2021-04-26 16:24:09 +05:30
ef9989dbe8
chg: [ransomware] duplicate removed 2021-04-26 12:06:03 +02:00
847d3e8fa7
chg: [ransomware] duplicate removed 2021-04-26 12:01:01 +02:00
f3992ec5f1
chg: [ransomware] duplicates removed 2021-04-26 11:57:21 +02:00
f2703bd03e
chg: [ransomware] Flyper removed 2021-04-26 11:52:28 +02:00
Delta-Sierra
3cae487e3d fix duplicates and add relations 2021-04-26 11:25:39 +02:00
Rony
faed812fc9 Merged STALKER PANDA to Tick 2021-04-25 19:12:20 +05:30
Rony
89b9c0c32c several updates to apt27 2021-04-25 16:53:36 +05:30
Delta-Sierra
0a05621f82 Merge https://github.com/MISP/misp-galaxy 2021-04-19 15:48:58 +02:00
Delta-Sierra
b138354fa5 Removing duplicate 2021-04-19 15:42:49 +02:00
28f6475cc5
chg: [ransomware] first duplicate removed 2021-04-19 15:13:18 +02:00
e7061f90d9
chg: [ransomware] remove duplicate "File-Locker" 2021-04-19 15:08:06 +02:00
ab13dd00f8
Merge pull request #645 from Delta-Sierra/master
Adding ransomware names [WIP 2/3]
2021-04-19 15:03:12 +02:00
Delta-Sierra
f5713a8d87 Removing unexpected line 2021-04-19 14:53:36 +02:00
Delta-Sierra
b7b4b356c3 Adding ransomware names [WIP 3] 2021-04-19 14:47:10 +02:00
Delta-Sierra
fdf1a6c112 Adding ransomware names [WIP 2] 2021-04-19 13:24:25 +02:00
Daniel Plohmann
6eb594a6b0
adding Yanbian Gang as threat actor 2021-04-16 15:12:45 +02:00
Delta-Sierra
f3456a89c5 fix version 2021-04-15 15:08:11 +02:00
Delta-Sierra
4bcd0492bd Adding ransomwares WIP 2021-04-15 15:07:52 +02:00
Daniel Plohmann
2d8e9ea364
Symantec uses Palmerworm as alias for BlackTech
Adding Palmerworm as Symantec alias for BlackTech (with reference).
2021-03-31 22:35:12 +02:00
Thomas Dupuy
a8c62ddeda Add Ghostwriter. 2021-03-31 09:42:40 -04:00
Rony
50f5d2ae4a
reverted changes made into 52ae97718d 2021-03-30 22:19:05 +05:30
sebdraven
ce8a9442eb validation jsons 2021-03-30 13:12:21 +00:00
Sebdraven
52ae97718d Update threat-actor.json
add a synonym to Haffnium
2021-03-30 15:11:09 +02:00
sebdraven
b082977b9f validation ok 2021-03-30 10:22:35 +00:00
Sebdraven
4ed4cebcee Update threat-actor.json
format json
2021-03-30 12:16:22 +02:00
Sebdraven
a62e3ba530 Update threat-actor.json
add redecho threat actor
2021-03-30 12:10:50 +02:00
Jakub Onderka
ca9608da6d fix: Cryptominers type 2021-03-27 22:07:33 +01:00
26b9740e55
chg: [malpedia] jq all the file and removed ref duplicates 2021-03-13 11:00:39 +01:00
Jakob M
f02ce7e805 update to latest
Ref: https://malpedia.caad.fkie.fraunhofer.de/api/get/misp
2021-03-12 10:35:12 +01:00
Delta-Sierra
eff327b4fd fix progress 2021-03-11 14:42:55 +01:00
Delta-Sierra
7c843ac5c2 fix merge & jq 2021-03-11 14:08:29 +01:00
Delta-Sierra
c37befc8a9 merge 2021-03-11 10:35:05 +01:00
855a12a408
chg: [clusters] fixing broken UUID fix #628 2021-03-11 09:54:50 +01:00
f6ed00233e
chg: [ransomware] fix the broken UUID fix #628 2021-03-11 09:52:25 +01:00
Rony
57c7d0b9a0
From Nextron 2021-03-06 19:44:32 +05:30
Rony
6cabbfb091
more! 2021-03-06 14:22:29 +05:30
Rony
7b242555df
More references
From 
Crowdstrike
MSRC
and kql hunting query from James Quinn
2021-03-06 13:28:14 +05:30
Rony
eaab88ef28
add HAFNIUM detection refs 2021-03-05 16:51:28 +05:30
Rony
4bc438a325
fix 2021-03-05 11:48:43 +05:30
Rony
d9b299aafc
add more HAFNIUM references 2021-03-05 11:42:04 +05:30
Rony
c9f7afef1c
Adding alias NOBELIUM 2021-03-04 22:39:33 +05:30
47dade9d0e
Merge pull request #631 from r0ny123/Enhancement
Add HAFNIUM
2021-03-04 14:48:01 +01:00
a9a6b0253f
chg: [microsoft activity group] HAFNIUM added 2021-03-04 10:49:58 +01:00
Rony
ad795606cf
added HAFNIUM
Updates:
Tonto Team
UNC2452
2021-03-04 00:10:33 +05:30
Sebdraven
2666341afc Update threat-actor.json
update Sidewinder card
2021-03-03 17:59:25 +01:00
Thomas Dupuy
f842694fda Update Infy TA. 2021-03-02 14:37:01 -05:00
524676282e
Merge branch 'main' of github.com:MISP/misp-galaxy into main 2021-02-26 08:30:58 +01:00
4692ced8fa
chg: [tool] SUNSPOT added 2021-02-26 08:28:01 +01:00
Delta-Sierra
0e23d8b95f add relationships between Maze, Rgnar, Egregor and Sekhmet 2021-02-25 10:21:28 +01:00
Delta-Sierra
406dfdb45b add Sekhmet ransomware 2021-02-25 09:52:52 +01:00
Delta-Sierra
d273a5da7d add TeamTNT ref 2021-02-25 09:52:24 +01:00
Rony
5c6f3a036b
removing DePrimon
DePrimon is not a TA, added malfamily (waiting for approval) to Malpedia to better reflect that.
2021-02-24 21:55:04 +05:30
Thomas Dupuy
eeafff9768 Add RDAT backdoor 2021-02-23 11:15:31 -05:00
Delta-Sierra
eb07fab69f add Ragnar Locker and update accordingly 2021-02-23 16:21:07 +01:00
Delta-Sierra
06ae10965b add Covidloc and tycoon ransomware + small updates on some ransomwares 2021-02-22 16:39:47 +01:00
Delta-Sierra
7c1ac58141 add TeamTNT 2021-02-22 16:38:18 +01:00
Thijsvanede
e9eb0c7a6c
Fix: rename "Innitial Access" to "Initial Access"
Renamed mitre-ics-tactics "Innitial Access" to "Initial Access".
Original was a minor spelling mistake.
The fixed naming corresponds to the original ATT&CK framework description https://collaborate.mitre.org/attackics/index.php/Initial_Access
2021-02-19 12:01:47 +01:00
Thomas Dupuy
178e16dc13 Remove empty values. 2021-02-16 10:32:37 -05:00
Thomas Dupuy
4a7560d191 Add Exaramel and P.A.S. webshell tool. 2021-02-15 12:52:53 -05:00
Thomas Dupuy
93396c524d Add Caterpillar WebShell. 2021-02-12 12:00:17 -05:00
Delta-Sierra
96bf0d44ea Merge https://github.com/MISP/misp-galaxy 2021-02-09 14:52:58 +01:00
Daniel Plohmann
d61e7d2fac
adding ClearSky alias for Volatile Cedar
adding ClearSky report as source and alias to the VolatileCedar entry. As proof from the report: "We attributed the operation to Lebanese Cedar (also known as Volatile Cedar), mainly based on the code overlaps between the 2015 variants of Explosive RAT and Caterpillar WebShell, to the 2020 variants of these malicious  files."
2021-01-29 10:39:18 +01:00
Koen Van Impe
87b22f363c Move cfr-type-of-incident to meta 2021-01-28 12:25:39 +01:00
Koen Van Impe
23778666ba RSIT Galaxy/Cluster 2021-01-28 10:03:12 +01:00
StefanKelm
fb35646406
Update threat-actor.json
Lazarus
2021-01-26 14:38:37 +01:00
Thomas Dupuy
f964514ec5 Add HyperBro in tools 2021-01-20 13:44:28 -05:00
Thomas Dupuy
9df95031a7 Update ZxShell tool. 2021-01-20 13:27:51 -05:00
StefanKelm
a131a7ce98
Update threat-actor.json
Lazarus
2021-01-20 17:43:18 +01:00
3c19c7c1e5
Merge pull request #617 from danielplohmann/patch-4
merge COVELLITE into Lazarus Group
2021-01-17 16:05:13 +01:00
Daniel Plohmann
ca66fcd93a
merge COVELLITE into Lazarus Group
I would propose to move COVELLITE as tracked by Dragos as an alias into Lazarus Group and merge the references. 
Dragos' own description states that it refers to the same group as "Lazarus" and "Hidden Cobra" in that infrastructure and tools are the same: https://www.dragos.com/threat-activity-groups/ - the entry in MISP's threat actor library also reflects that.
2021-01-17 15:07:26 +01:00
Rony
91e87cf82c
Update threat-actor.json
Don't know how StarCraft
2021-01-17 12:21:34 +05:30
Daniel Plohmann
edcc3c0bc1
merging ScarCruft->APT37
I would like to propose merging entry "ScarCruft" into "APT37". It really just seems like a redundancy, as both its aliases "Operation Daybreak" and "Operation Erebus" are already present for "APT37", along alias "StarCruft", which just seems to be a less popular variation of the name ("StarCruft" 3.2k google hits vs "ScarCruft" 31.5k google hits). The references of the entry can be fully merged as well - they do not overlap so far.
2021-01-15 18:52:49 +01:00
Delta-Sierra
a6f7795952 fix merge 2021-01-12 10:38:33 +01:00
2b356a9eb0
chg: [threat-actor] UNC2452/DarkHalo added - ref. #614 2021-01-12 07:01:36 +01:00
184d57f0a2
chg: [ransomware] Babuk Ransomware added 2021-01-05 19:11:28 +01:00
4454b58743
chg: [ransomware] RegretLocker added 2020-12-30 14:14:09 +01:00
Rony
3240aa819f
Update threat-actor.json 2020-12-14 11:54:41 +05:30
Rony
2ffb77b35b
BISMUTH 2020-12-14 10:41:15 +05:30
Delta-Sierra
31f96513b2 update sidewinder threat actor 2020-12-11 16:09:33 +01:00
ac86ebd5f6
Merge pull request #609 from StefanKelm/master
Update threat-actor.json
2020-12-09 22:16:49 +01:00
Delta-Sierra
ebd31b7376 add BazarBackdoor 2020-12-09 16:42:32 +01:00
Delta-Sierra
d3a9cf742a add RansomEXX 2020-12-09 16:32:02 +01:00
Delta-Sierra
3daaa30aed Merge https://github.com/MISP/misp-galaxy 2020-12-07 16:20:36 +01:00
StefanKelm
5dc92995f6
Update threat-actor.json
DeathStalker, Mabna
2020-12-04 11:43:06 +01:00
StefanKelm
4fee985b5e
Update threat-actor.json
Turla
2020-12-03 13:05:14 +01:00
StefanKelm
72e085aba9
Update threat-actor.json
OceanLotus
2020-12-02 11:44:29 +01:00
StefanKelm
15b5f4c881
Update threat-actor.json
APT27
2020-11-30 11:49:23 +01:00
Delta-Sierra
e81d3c63d5 Merge https://github.com/MISP/misp-galaxy 2020-11-27 12:47:20 +01:00
Christophe Vandeplas
9a731470d3 chg: [att&ck] update to latest MITRE ATT&CK version 2020-11-25 07:45:48 +01:00
StefanKelm
da910c0c2e
Update threat-actor.json 2020-11-18 19:15:11 +01:00
Delta-Sierra
7af75bb222 add Darkside ransomware 2020-11-18 16:10:49 +01:00
StefanKelm
48ffaa8ce1
Update threat-actor.json
Lazarus
2020-11-18 12:10:23 +01:00
snurilov
44e9da1390
Add ConfuserEx and Beds Protector .NET packers to tools.json cluster
Add ConfuserEx and Beds Protector .NET packers to tools.json cluster
2020-11-11 23:09:03 -05:00
snurilov
3f4683d8a3
Update rat.json to include Iperius Remote
Add Iperius Remote to the rat.json cluster.
2020-11-09 23:45:16 -05:00
StefanKelm
bf5bdeacb0
Update threat-actor.json
OceanLotus
2020-11-09 14:39:55 +01:00
StefanKelm
41a7a36317
Update threat-actor.json
Kimsuky
2020-11-02 17:30:25 +01:00
Rony
333e55fbeb
remove duplicate! 2020-11-02 14:18:49 +05:30
Rony
000cfa68a8
Update threat-actor.json
Added TRACER KITTEN, FIN11, UNC1878, Operation Skeleton Key
2020-11-02 13:51:08 +05:30
Deborah Servili
28784683db
Merge branch 'main' into master 2020-10-30 16:17:27 +01:00
Delta-Sierra
88bbf8851c jq 2020-10-30 16:14:02 +01:00
Delta-Sierra
be672b8d3a update microsoft activity groups 2020-10-30 14:53:20 +01:00
5d31753e6a
chg: [cryptominer] updated 2020-10-30 09:48:08 +01:00
24f05749f0
Merge branch 'master' of https://github.com/enhanced/misp-galaxy into enhanced-master 2020-10-30 09:47:45 +01:00
JJ Cummings
c48a38c2f1
Added a new cryptominer galaxy and additional missing recent families to various clusters 2020-10-29 14:40:22 -06:00
StefanKelm
808c2c3828
Update threat-actor.json
Kimsuky
2020-10-28 12:52:06 +01:00
b41e3d4f50
chg: [rename] tea matrix 2020-10-23 15:57:13 +02:00
e5ea22a3b0
chg: [tea] matrix updated to include brewing time and the milk attack technique 2020-10-23 11:51:50 +02:00
0ccbdb862b
chg: [tea] first version 2020-10-23 11:16:50 +02:00
Christophe Vandeplas
2334676e64 chg: [att&ck] no tag for subtechnique 2020-10-18 20:14:05 +02:00
Christophe Vandeplas
d58dd1fca2 new: [att&ck] support for subtechniques 2020-10-18 20:00:48 +02:00
Daniel Plohmann
02bcf1f5a7
adding PowerPool alias IAmTheKing (Kaspersky)
after a quick search I haven't found a nice source except for costin's tweet.
2020-10-09 13:49:16 +02:00
StefanKelm
7bab41e367
Update threat-actor.json
TA505
2020-10-06 15:29:54 +02:00
StefanKelm
1d05f17507
Update threat-actor.json
XDSpy
2020-10-06 12:45:43 +02:00
Christophe Vandeplas
32b142c8e0 fixes issues in attack-ics 2020-10-02 16:54:21 +02:00
Christophe Vandeplas
f95e88b1f9 MITRE ATT&CK for ICS fixes #586
fixed issues in pull request #586
2020-10-01 20:42:40 +02:00
StefanKelm
18eebc01f6
Lazarus 2020-09-29 12:02:16 +02:00
Bart
2b51f7b6de
Update threat-actor.json
Add Machete alias
2020-09-27 18:37:24 +02:00
StefanKelm
e95fbb571d
Update threat-actor.json
GADOLINIUM
2020-09-25 11:52:34 +02:00
StefanKelm
3ad3d5f318
Update threat-actor.json
APT28
2020-09-22 18:07:33 +02:00
Deborah Servili
d48216031a
add Sepulcher RAT 2020-09-22 16:23:39 +02:00
Deborah Servili
4f3b6945c0 Merge https://github.com/MISP/misp-galaxy 2020-09-22 12:17:42 +02:00
Rony
d1c70b3d80
FBI FLASH AC-000133-TT 2020-09-17 11:05:00 +05:30
Rony
4d4a462d7a
Update threat-actor.json
Adding Fox-Kitten and cleaned (or improved) winnti
2020-09-17 00:07:40 +05:30
Deborah Servili
0fe525a9db Merge https://github.com/MISP/misp-galaxy 2020-09-16 10:22:38 +02:00
Deborah Servili
00b5d0d116 add refs 2020-09-16 10:08:31 +02:00
Daniel Plohmann (jupiter)
7b00674c77 Adding TA413 and Evilnum 2020-09-15 14:19:22 +02:00
StefanKelm
63030f2cfe
Update threat-actor.json
APT33
2020-09-14 12:01:53 +02:00
StefanKelm
3cc3cc461a
Update threat-actor.json
STRONTIUM
2020-09-11 11:38:06 +02:00
Raphaël Vinot
405d5f1fe9 fix: Sort keys, fix tests 2020-09-08 10:51:24 +02:00
9e519962c6
chg: [botnet] Katura mess added 2020-09-07 12:41:39 +02:00
StefanKelm
57a31fd60c
Update threat-actor.json
Lazarus, FIN7
2020-09-03 14:44:10 +02:00
StefanKelm
503d421a56
Update threat-actor.json
TA542
2020-08-31 15:07:13 +02:00
VVX7
4635146b00 chg: [dev] jq 2020-08-22 13:06:42 -04:00
VVX7
1cddf4b7cd new: [dev] fix empty strings, lists 2020-08-22 12:59:05 -04:00
VVX7
b4c3ffc8eb new: [dev] add ASPI's China Defence University Tracker.
Thanks to Cormac Doherty for writing the web scraper! To update the galaxy run the included gen_defence_university.py script.

"The China Defence Universities Tracker is a database of Chinese institutions engaged in military or security-related science and technology research. It was created by ASPI’s International Cyber Policy Centre.

It includes entries on nearly 100 civilian universities, 50 People’s Liberation Army institutions, China’s nuclear weapons program, three Ministry of State Security institutions, four Ministry of Public Security universities, and 12 state-owned defence industry conglomerates.

The Tracker is a tool to inform universities, governments and scholars as they engage with the entities from the People’s Republic of China. It aims to build understanding of the expansion of military-civil fusion—the Chinese government’s policy of integrating military and civilian efforts—into the education sector.

The Tracker should be used to inform due diligence of Chinese institutions. However, the fact that an institution is not included here does not indicate that it should not raise risks or is not involved in defence research. Similarly, entries in the database may not reflect the full range and nature of an institution’s defence and security links." - ASPI (https://unitracker.aspi.org.au/about/)
2020-08-21 11:24:22 -04:00
rmkml
e02ac52566 add Conti Ransomware 2020-08-15 22:10:49 +02:00
Thomas Dupuy
4009ef9997 Fix: remove comma 2020-08-14 13:01:37 -04:00
Thomas Dupuy
d0c6b7b46d Update Tonto Team/CactusPete threat actor 2020-08-13 15:57:33 -04:00
Thomas Dupuy
72554ed71c Add Drovorub tool 2020-08-13 15:08:32 -04:00
Thomas Dupuy
4130d7c6fc Update TA APT40 2020-08-13 12:22:36 -04:00
Daniel Plohmann
8407b6fd28
Update threat-actor.json
adding Kaspersky's name for Microcin.
2020-08-12 12:03:28 +02:00
Thomas Dupuy
9cadabba7a Add WellMess and WellMail 2020-08-11 12:37:28 -04:00
rmkml
6d10e3a37d add Ragnarok Ransomware 2020-08-02 20:46:32 +02:00
Vasileios Mavroeidis
40d12b9dde
Motive correction based on the EU Cert motive taxonomy
Changed the motive in object 29af2812-f7fb-4edb-8cc4-86d0d9e3644b from Hactivism-Nationalist to Hacktivists-Nationalists
2020-07-28 11:43:46 +02:00
44afaf2523
chg: [threat-actor] remove duplicate references 2020-07-27 09:57:41 +02:00
StefanKelm
86c54cbd8c
Update threat-actor.json
OilRig
2020-07-23 11:07:22 +02:00
Raphaël Vinot
c174f613c5 fix: Name of SoD Matrix cluster to match galaxy.
Fix #566
2020-07-22 11:52:27 +02:00
Steve Clement
df6bed3d3a
Merge pull request #563 from r0ny123/patch-1 2020-07-22 09:14:13 +09:00
StefanKelm
17a1feb016
Update threat-actor.json
Turla
2020-07-15 11:20:18 +02:00
Rony
c33f4c7611
Update threat-actor.json
Moved the JUDGMENT PANDA references to APT31 following the previous commit.
Off note, Crowdstrike quietly removed the JUDGMENT PANDA section from its GTR-2019 report. However if anyone wants to grab the unchanged report, they can get it [here](https://b-ok.asia/book/3697424/2ab30a).
2020-07-12 12:57:24 +05:30
Rony
b77b9d374c
Update threat-actor.json 2020-07-12 11:19:13 +05:30
Koen Van Impe
d3e22ef14c SoD Matrix
Described at https://github.com/cudeso/SoD-Matrix
2020-07-10 14:08:45 +02:00
Deborah Servili
84474ddb29 merge 2020-07-09 16:31:04 +02:00
Deborah Servili
865e76beae commit 2020-07-07 14:47:44 +02:00
ba46bb6a0b
chg: [threat-actor] fix #561 by using new meta to classify as a campaign only.
Based on https://github.com/MISP/misp-galaxy/issues/469

There is an old and persistence issue in attribution world and basically no-one really agrees on this. So we decided to start a specific metadata `threat-actor-classification` on the threat-actor to define the various types per cluster entry:

- _operation_:
  - _A military operation is the coordinated military actions of a state, or a non-state actor, in response to a developing situation. These actions are designed as a military plan to resolve the situation in the state or actor's favor. Operations may be of a combat or non-combat nature and may be referred to by a code name for the purpose of national security. Military operations are often known for their more generally accepted common usage names than their actual operational objectives._ from Wikipedia
  - **In the context of MISP threat-actor name, it's a single specific operation.**
- _campaign_:
  - _The term military campaign applies to large scale, long duration, significant military strategy plans incorporating a series of inter-related military operations or battles forming a distinct part of a larger conflict often called a war. The term derives from the plain of Campania, a place of annual wartime operations by the armies of the Roman Republic._ from Wikipedia
  - **In the context of MISP threat-actor-name, it's long-term activity which might be composed of one or more operations.**
- threat-actor
  - **In the context of MISP threat-actor-name, it's an agreed name by a set of organisations.**
- activity group
  - **In the context of MISP threat-actor-name, it's a group defined by its set of common techniques or activities.**
- unknown
  - **In the context of MISP threat-actor-name, it's still not clear if it's an operation, campaign, threat-actor or activity group**

The meta field is an array to allow specific cluster of threat-actor to show the current disagreement between different organisations about the type (threat actor, activity group, campaign and operation).
2020-07-07 09:13:21 +02:00
164e54c3fe
Merge branch 'master' of github.com:MISP/misp-galaxy 2020-07-02 09:55:42 +02:00
StefanKelm
14665429d7
Update threat-actor.json
APT31
2020-06-25 16:23:00 +02:00
StefanKelm
92bc206879
Update threat-actor.json
APT30
2020-06-23 14:54:09 +02:00
Rony
bc97b07089
Update threat-actor.json 2020-06-21 19:19:17 +05:30
StefanKelm
583f1d2fc2
Update threat-actor.json
TA505
2020-06-17 11:56:29 +02:00
0cb36249a4
chg: [jq] all the things 2020-06-12 09:26:30 +02:00
Rony
29be5ac7e1
fixed typo! 2020-06-12 00:09:59 +05:30
Rony
9365bfb7cd
Adding GALLIUM Threat Actor 2020-06-11 23:42:35 +05:30
StefanKelm
f042f98247
Update threat-actor.json
Higaisa
2020-06-08 14:09:39 +02:00
StefanKelm
9c25d5e8c5
Update threat-actor.json
Cycldek
2020-06-04 17:18:45 +02:00
3867b1f602
Merge pull request #552 from danielplohmann/reference-fixes
Reference fixes
2020-05-29 09:26:05 +02:00
2a074f23fd
chg: [preventive-measure] packet filtering added 2020-05-27 10:02:16 +02:00
Daniel Plohmann (jupiter)
a705d1402f fixing deadlinks where possible 2020-05-27 09:49:58 +02:00
Daniel Plohmann (jupiter)
171f272a1e default to HTTPS to be consistent with other links to same page 2020-05-27 09:27:52 +02:00
8a0a4cb02d
Merge pull request #551 from nyx0/master
Add CrackMapExec, metasploit, Cobalt Strike and Covenant
2020-05-27 09:10:08 +02:00
Thomas Dupuy
291fb41502 Remove duplicate TA (Chafer), fix symantec link, add synonyme for DarkHotel 2020-05-26 09:50:43 -04:00
Thomas Dupuy
143bd521be Add CrackMapExec, metasploit, Cobalt Strike and Covenant 2020-05-26 09:35:01 -04:00
Rony
fbd351590a
Update threat-actor.json 2020-05-24 23:18:54 +05:30
Rony
5f8094d16f
fix 2020-05-24 23:14:43 +05:30
b5bbc34f5d
chg: [threat-actor] remove the non-unique elements 2020-05-22 14:01:32 +02:00
Nils Kuhnert
fbfe9d23c3
Merged (most) SecureWorks threat actor profiles && jq 2020-05-22 13:45:29 +02:00
iglocska
dee9a56460
fix: small fixes to the bhadra framework 2020-05-19 16:45:40 +02:00
iglocska
43703f1a96
new: added Bhadra framework for mobile attacks
- based on the paper published here: https://arxiv.org/pdf/2005.05110.pdf
- thanks to the ATT&CK EU community conference speakers highlighting this framework!
2020-05-19 16:34:59 +02:00
006b61bc44
Merge pull request #547 from Delta-Sierra/master
add Snake Ransomware
2020-05-15 17:55:47 +02:00
Deborah Servili
b943a7daca
fix missing description 2020-05-15 09:00:34 +02:00
Deborah Servili
6d6da39da4
add Snake Ransomware 2020-05-13 11:58:33 +02:00
Daniel Plohmann
5101c5a828
msft name: BORON for APT3
as per tweet: https://twitter.com/bkMSFT/status/1259578051962306562
2020-05-11 15:37:38 +02:00
09429eda5a
chg: [ta] fix the JSON 2020-05-11 10:20:10 +02:00
Thomas Dupuy
fc9505cadf Add Sednit's Exploit-kit Sedkit 2020-05-08 13:29:14 -04:00
Thomas Dupuy
69fe870803 Add Higaisa Threat Actor 2020-05-08 13:01:48 -04:00
Deborah Servili
1d331a9ab1
Merge branch 'master' into master 2020-04-28 15:19:38 +02:00
Thomas Dupuy
46a6d9fcb1 Add DenesRAT/METALJACK 2020-04-28 01:08:50 -04:00
2a70893352
chg: [jq] JSON fixed 2020-04-27 15:03:25 +02:00
de Rosen
a428ad565e Added misp info 2020-04-27 15:16:33 +03:00
Deborah Servili
f6fd07fbc9
add speculoos bakdoor 2020-04-27 09:36:23 +02:00
86157a6b96
Merge pull request #539 from r0ny123/MergingTA
Adding alias Thallium and merging STOLEN PENCIL
2020-04-26 21:16:56 +02:00
Rony
112f9e4a08
Adding alias Thallium and merging STOLEN PENCIL
Pretty much confirmed from the crowdstrike talk at ATT&CKon 2.0.
And also Netscout named the campaign as STOLEN PENCIL.
2020-04-26 23:47:37 +05:30
de71a444f8
chg: [json] add missing comma 2020-04-26 14:23:59 +02:00
rvs1st
d449eb94fc
Update threat-actor.json
Added on line 1403: Trident per campaign malicious RTF documents to exploit CVE-2017-11882 and CVE-2012-0158
2020-04-24 09:03:58 -05:00
4234d44052
Merge pull request #537 from danielplohmann/patch-28
Adding Nazar APT as described by JAGS in his OPCDE talk yesterday.
2020-04-24 15:33:47 +02:00
Daniel Plohmann
858621ebdc
Adding Nazar APT as described by JAGS in his OPCDE talk yesterday. 2020-04-23 15:47:35 +02:00
Daniel Plohmann
b0f0bbae33
adding VOYEUR as alias (used by NSA) for MAGIC KITTEN (source reference included) 2020-04-23 14:52:08 +02:00
Deborah Servili
6b49d81b13 Merge branch 'master' of https://github.com/MISP/misp-galaxy 2020-04-23 10:06:04 +02:00
itayc0hen
667d5b8850 Add ItaDuke/DarkUniverse actor 2020-04-22 19:44:38 +03:00
pnx@pyrite
974ece3a7c adding FIN1 2020-04-20 14:20:22 +02:00
Rony
aa34775390
typo
thanks to @patricksvgr
2020-04-19 23:17:44 +05:30
Rony
ddfa280672
Update threat-actor.json 2020-04-19 23:06:57 +05:30
Rony
7ac2648dbc
more fix 2020-04-19 23:00:42 +05:30
Rony
573b4807ee
fix broken links 2020-04-19 16:03:21 +05:30
Rony
42a4820823
dead link 2020-04-19 11:45:45 +05:30
Rony
0aa34187e9
add link 2020-04-19 11:29:36 +05:30
Rony
d6bf42254f
Merging APT23 & Tropic Trooper 2020-04-18 13:22:25 +05:30
Rony
c161080175
Update threat-actor.json 2020-04-15 21:36:48 +05:30
Deborah Servili
e8edc9cafc Merge branch 'master' of https://github.com/MISP/misp-galaxy 2020-04-15 11:27:01 +02:00
Deborah Servili
b01e64eb1f
add Operation Shadow Forece 2020-04-08 14:53:19 +02:00
Daniel Plohmann
aba625dee5
removed duplicate entry 2020-04-07 08:49:33 +02:00
Daniel Plohmann
e15a4a6525
fixing/removing some more dead links 2020-04-06 15:25:22 +02:00
Deborah Servili
7859c8dbd7
Add coronavirus ransomware 2020-04-03 16:19:45 +02:00
Deborah Servili
8a3422acb4
add Pyta ransomnotes 2020-04-03 11:58:02 +02:00
Deborah Servili
c566c89f2a
add pyza ransomware 2020-03-27 14:22:34 +01:00
c7104e8819
chg: [country] jq all 2020-03-23 13:09:14 +01:00
iglocska
777c3188db
new: [country] galaxy added 2020-03-23 12:10:16 +01:00
35a57c36bf
Merge pull request #526 from Delta-Sierra/master
PARINACOTA group
2020-03-12 23:23:05 +01:00
Deborah Servili
a706b8ef2e
PARINACOTA group 2020-03-12 13:11:46 +01:00
e37f320df5
Merge pull request #523 from danielplohmann/patch-24
adding aliases MERCURY, HOLMIUM
2020-03-09 21:56:27 +01:00
Daniel Plohmann
ab49ef3c1a
Kimsuki -> Black Banshee
PWC refers to Kimsuki as Black Banshee (https://www.pwc.co.uk/issues/cyber-security-data-privacy/research/tracking-kimsuky-north-korea-based-cyber-espionage-group-part-2.html)
2020-03-09 18:20:56 +01:00
Daniel Plohmann
1260ab156a
adding aliases MERCURY, HOLMIUM
Muddywater->MERCURY: https://twitter.com/moranned/status/1234071210822184960
APT33->HOLMIUM: https://www.zdnet.com/article/microsoft-notified-10000-victims-of-nation-state-attacks/
2020-03-09 08:50:08 +01:00
e81c91e3e9
Merge pull request #522 from Delta-Sierra/master
add sdbbot
2020-03-06 15:24:14 +01:00
Deborah Servili
b007d5d3ce
add SdBbot 2020-03-06 14:33:19 +01:00
a407ddcc5b
Merge branch 'master' of github.com:MISP/misp-galaxy 2020-03-05 10:49:15 +01:00
375db26505
chg: [malpedia] fixes 2020-03-05 10:48:28 +01:00
4a64d0a4ad
Merge pull request #519 from danielplohmann/crowdstrike2020report
adding new/updated threat actor names from CrowdStrike 2020 report
2020-03-05 09:07:16 +01:00
Corsin Camichel
66aa5c3b13
fixing a comma error 2020-03-04 21:13:01 +01:00
Daniel Plohmann (jupiter)
0c2b0b76eb while we are at it, we can also do Longhorn = APT-C-39 2020-03-04 21:09:06 +01:00
Corsin Camichel
a5a7c21c79
adding Raccoon (win.raccoon) 2020-03-04 21:02:51 +01:00
Daniel Plohmann (jupiter)
184f193342 IMPERIAL KITTEN as alias for Tortoiseshell 2020-03-04 19:39:14 +01:00
pnx@pyrite
3dc460e795 adding new/updated threat actor names from CrowdStrike 2020 report 2020-03-04 13:36:34 +01:00
Daniel Plohmann
dc059d1f4d
Accenture calls APT32 - "POND LOACH" 2020-03-03 19:40:50 +01:00
Deborah Servili
d8ea0f865c
add clop ransomware extension 2020-03-02 13:33:38 +01:00
b4b91b1e5d
chg: [threat-actor] JSON fixed 2020-02-28 16:37:24 +01:00
4c7532984a
Merge branch 'master' of https://github.com/nyx0/misp-galaxy into nyx0-master 2020-02-28 16:36:56 +01:00
Deborah Servili
0d4745d55f Merge branch 'master' of https://github.com/MISP/misp-galaxy 2020-02-28 11:38:20 +01:00
Deborah Servili
a61f8d7049
add extension to clop ransomware 2020-02-28 11:37:54 +01:00
ee63756cc5
Merge pull request #516 from rmkml/master
add MedusaLocker ransomware
2020-02-23 16:06:45 +01:00
rmkml
590e292b68 add MedusaLocker ransomware 2020-02-23 16:01:45 +01:00
Deborah Servili
29bf20e89b
add razor ransomware 2020-02-19 15:55:29 +01:00
Thomas Dupuy
0daeb675f5 Add InvisiMole cluster 2020-02-18 13:28:32 -05:00
c98093e6fe
Merge pull request #513 from danielplohmann/patch-20
adding APT-C-12
2020-02-13 21:56:34 +01:00
Daniel Plohmann
e481e9bb50
adding APT-C-12 2020-02-13 17:44:45 +01:00
Deborah Servili
f196bad4a1
add tools used by TA505 + others 2020-02-12 15:39:16 +01:00
Deborah Servili
66a721fcd3 Merge branch 'master' of https://github.com/MISP/misp-galaxy 2020-02-12 15:00:30 +01:00
Deborah Servili
b46f9b68fe
add warzone RAT 2020-02-06 13:39:58 +01:00
33aa1c8f3f
Merge pull request #510 from Delta-Sierra/master
add ransomwares
2020-02-06 09:53:19 +01:00
Deborah Servili
46fe9cb82b
add ransomwares 2020-02-06 09:29:33 +01:00
Rony
22c9badee0
Update threat-actor.json
those are the name of aliases of the same malware family sykipot. so removing it.
2020-02-05 18:00:31 +05:30
Deborah Servili
5da17d51aa
Merge branch 'master' into master 2020-01-24 09:33:33 +01:00
Deborah Servili
606e3ec90f
jq 2020-01-24 09:32:09 +01:00
6d078a88dd
chg: [ransomware] Nodera ransomware added 2020-01-24 09:04:38 +01:00
Deborah Servili
58415324c5
add Operation Wocao 2020-01-24 08:27:20 +01:00
Thomas Dupuy
edc5196373 Add Attor and DePriMon 2020-01-23 11:27:00 -05:00
Daniel Plohmann
ccfe5ee130
removing and fixing deadlinks in the best possible way
Hi! While migrating Malpedia to our new reference data format, we noticed a few potentially dead/moved references in your cluster. This pull request should fix most of them, for some I was not able to find an appropriate replacement.
2020-01-23 11:14:20 +01:00
Daniel Plohmann
29a128da6f
adding references and TEMP.MixMaster as alias for WIZARD SPIDER
with kudos to @tbarabosch
2020-01-22 15:42:01 +01:00
911c2bf0bf
Merge pull request #504 from Delta-Sierra/master
update target location galaxy
2020-01-21 11:06:56 +01:00
Deborah Servili
8421bde291
complete Zimbabwe cluster 2020-01-21 10:51:07 +01:00
Deborah Servili
f364e51d24
update target location galaxy 2020-01-20 14:46:03 +01:00
dbaab413b6
chg: [threat-actor] typo fixed 2020-01-18 17:30:27 +01:00
564f27c5ca
chg: [threat-actor] format fixed 2020-01-18 17:26:45 +01:00
34c5c66279
chg: [threat-actor] fix order 2020-01-18 17:08:32 +01:00
8eeceafc51
chg: [threat-actor] Budminer APT added based on document from "Soesanto, Stefan"
Ref: https://www.research-collection.ethz.ch/bitstream/handle/20.500.11850/389371/1/Cyber-Reports-2020-01-A-one-sided-Affair.pdf
Ref: https://www.symantec.com/connect/blogs/taiwan-targeted-new-cyberespionage-back-door-trojan
2020-01-18 17:02:44 +01:00
StefanKelm
027d94e68a
Update ransomware.json 2020-01-16 16:59:22 +01:00
StefanKelm
f53a92065c
Update ransomware.json
5ss5c
2020-01-16 16:46:38 +01:00
Deborah Servili
5ec817b499
Merge branch 'master' into master 2020-01-15 14:36:01 +01:00
Deborah Servili
32961527aa
add Autochk Rootkit as tool 2020-01-15 13:41:53 +01:00
Deborah Servili
bfcc867ee6
add two wipers to tools 2020-01-14 15:54:06 +01:00
3c90322fd8
Merge pull request #500 from Delta-Sierra/master
update target information
2020-01-08 16:22:24 +01:00
StefanKelm
5832893d4f
Update tool.json
LiquorBot
2020-01-08 16:04:22 +01:00
Deborah Servili
53df69a1eb
update target information 2020-01-08 15:50:47 +01:00
StefanKelm
bf4fc92066
Update tool.json
Lampion
2020-01-07 13:14:08 +01:00
5da0c7bd54
chg: [threat-actor] SideWinder APT group added 2020-01-07 10:42:07 +01:00
StefanKelm
9b6f9136f9
Update threat-actor.json 2020-01-03 12:50:49 +01:00
StefanKelm
9373cfcb53
Update threat-actor.json
BRONZE PRESIDENT
2020-01-03 12:42:57 +01:00
Rony
6b1142abac
Update threat-actor.json 2019-12-23 22:05:28 +05:30
be4f9e01a0
Merge pull request #496 from bartblaze/patch-1
Update threat-actor.json
2019-12-20 08:23:30 +01:00
Bart
8ebb2e2d16
Update threat-actor.json
Adds Operation Wocao..
2019-12-19 21:42:02 +01:00
Deborah Servili
34340372b3
add clop ransomware 2019-12-19 17:19:18 +01:00
Deborah Servili
b8c332a055
jq 2019-12-16 14:08:34 +01:00
Deborah Servili
c876928abd Merge branch 'master' of https://github.com/MISP/misp-galaxy 2019-12-16 13:36:56 +01:00
Deborah Servili
ee38ec7220
add BitPaymer Synonsyms 2019-12-16 13:36:00 +01:00
Deborah Servili
47e0d00555
Merge pull request #493 from Delta-Sierra/master
add tools used by GALLIUM
2019-12-13 15:35:29 +01:00
Deborah Servili
0fc9045ef2
add tools used by GALLIUM 2019-12-13 15:06:00 +01:00
9f56a91013
Merge pull request #492 from Delta-Sierra/master
Operation Soft Cell ralated Updates
2019-12-13 13:35:52 +01:00
Deborah Servili
03c54a3e05
add GALLIUM as microsoft activities group and similar to Operation Soft Cell 2019-12-13 11:47:31 +01:00
Deborah Servili
3be47af325
update threat actor version 2019-12-13 11:04:51 +01:00
Deborah Servili
9b153913be
add relation suspected link between operation soft cell and apt10 2019-12-13 10:59:06 +01:00
Sebastian Wagner
c3b5b39dd3
sofacy: add apt_sofacy as synonym 2019-12-12 15:57:13 +01:00
Deborah Servili
170f964e8c
##COMMA## 2019-12-11 14:22:09 +01:00
Deborah Servili
7e18f2e509
Merge branch 'master' into master 2019-12-11 13:51:52 +01:00
Deborah Servili
391b5a674d
add Axiom synonym 2019-12-11 13:50:35 +01:00
8da36c09e1
chg: [threat-actor] jq 2019-12-08 09:03:14 +01:00
Daniel Plohmann
94b3c1ec07
added APT-C-34 / Golden Falcon 2019-12-07 12:44:30 +01:00
Deborah Servili
31f3a61d5f
add Sofacy ref 2019-12-05 15:42:42 +01:00
8e73612b09
Merge pull request #488 from Delta-Sierra/master
create new galaxy - surveillance-vendor
2019-12-05 14:48:44 +01:00
Deborah Servili
df1cbf8dce
add clusters to surveillance-vendor galaxy 2019-12-05 12:06:10 +01:00
Deborah Servili
ad5b915175
Fix surveillance-vendor galaxy 2019-12-05 11:09:38 +01:00
Deborah Servili
12530db5a8
Add FlexiSPY + jq 2019-12-05 10:05:21 +01:00
Deborah Servili
a049009453
add new galaxy - surveillance-vendor 2019-12-04 16:22:58 +01:00
Deborah Servili
2e82cd4fd7
add Private Internet Access as Tool 2019-12-04 16:22:22 +01:00
5f020307f3
Merge pull request #485 from danielplohmann/patch-15
added TA2101
2019-12-03 22:36:49 +01:00
Daniel Plohmann
bd3cc6d8ee
added TA2101 2019-12-03 18:13:44 +01:00
Jean-Louis Huynen
100299f3fd
add: [dark-pattern] add a source 2019-12-03 17:09:57 +01:00
Jean-Louis Huynen
44a9897f2a
add: [dark-pattern] galaxy to tag dark patterns 2019-12-03 16:26:29 +01:00
2659d864d6
chg: [ransomware] jq ;-) 2019-11-22 22:41:01 +01:00
rmkml
64f100e578
Merge branch 'master' into master 2019-11-22 22:32:24 +01:00
rmkml
81cef767aa Fix Add FTCode Ransomware 2019-11-22 22:27:20 +01:00
rmkml
eee9beca0f Add FTCode Ransomware 2019-11-22 21:16:40 +01:00
Deborah Servili
34faa63070
jq 2019-11-22 15:41:51 +01:00
Deborah Servili
ba830c905d
add cyborg ransomnote refs 2019-11-22 15:36:49 +01:00
Deborah Servili
757c3d6480
add cyborg ransomnote filename 2019-11-22 15:35:58 +01:00
Deborah Servili
2009a9c45c
add cyborg ranspmware extension 2019-11-22 15:30:17 +01:00
Deborah Servili
cab60a02e2
jq 2019-11-22 14:15:29 +01:00
Deborah Servili
08a4897cbe
add DePriMon malicious downloader & Cyborg ransomware 2019-11-22 14:05:36 +01:00
8cc5e02f22
chg: [clean-up] jq all the things 2019-11-21 17:19:39 +01:00
Deborah Servili
38641aae36
merge 2019-11-21 16:24:11 +01:00
Deborah Servili
f21dd95b28
merge 2019-11-21 16:23:29 +01:00
8240fe1722
Merge pull request #480 from rmkml/master
Add Maze Ransomware
2019-11-21 14:13:17 +01:00
Deborah Servili
1a0dd2292b
add silence synonym & new meta field spoken-language 2019-11-21 11:50:02 +01:00
rmkml
90bc667988 Add Maze Ransomware 2019-11-21 00:57:50 +01:00
rmkml
9410326ea2 Revert "Add Maze Ransomware"
This reverts commit cfc6e2802c.
2019-11-21 00:55:55 +01:00
rmkml
cfc6e2802c Add Maze Ransomware 2019-11-19 23:15:02 +01:00
5dc55fbbfb
Merge pull request #477 from rmkml/master
Add Desync Ransomware
2019-11-19 06:40:31 +01:00
rmkml
ac4099ed0e Add Desync Ransomware 2019-11-18 23:37:21 +01:00
Deborah Servili
5f65e8d208
traget information update [WIP] 2019-11-14 15:07:08 +01:00
StefanKelm
aa132ca58f
new refs for APT33 2019-11-14 14:57:05 +01:00
ea18f6e920
Merge pull request #475 from Delta-Sierra/master
target information update [WIP]
2019-11-13 20:43:03 +01:00
Deborah Servili
08cdc4cac3
jq 2019-11-13 15:56:23 +01:00
Deborah Servili
985c4b2459
traget information update [WIP] 2019-11-13 15:55:32 +01:00
eea0f528fa
chg: [threat-actor] Lucky Mouse synonym added
Ref: https://www.bleepingcomputer.com/news/security/cyber-espionage-group-customizes-old-public-tools/
Ref: https://www.cybersecurity-insiders.com/apt-lucky-mouse-group-targets-canada-icao-via-cyber-attack/
2019-11-12 12:51:44 +01:00
Raphaël Vinot
1486890f86 fix: JQ all the things. 2019-11-12 10:25:00 +01:00
871d90cfc2
chg: [threat-actor] Calypso group added
Ref: https://www.ptsecurity.com/upload/corporate/ru-ru/analytics/calypso-apt-2019-rus.pdf
MISP UUID: 5ca4718b-7f38-4822-83b7-0a1a0a00b412
2019-11-11 13:34:54 +01:00
Deborah Servili
e310b98bc0
add Palestine PPound 2019-11-07 08:44:49 +01:00
Deborah Servili
50022d3905 Merge branch 'master' of https://github.com/MISP/misp-galaxy 2019-11-07 08:34:05 +01:00
ea8c1dd764
Merge pull request #472 from rmkml/master
Add DoppelPaymer Ransomware
2019-11-06 20:48:33 +01:00
rmkml
9707a5eb0e Add DoppelPaymer Ransomware 2019-11-06 20:41:43 +01:00
Deborah Servili
1a62f7c2cd
jq 2019-11-06 16:23:34 +01:00
Deborah Servili
5b6aae5d1c
update target location WIP 2019-11-06 16:21:10 +01:00
2d1406b4d6
Merge pull request #471 from rmkml/master
Add FreeMe Ransomware
2019-11-06 06:36:53 +01:00
rmkml
656d90fd7c Add FreeMe Ransomware 2019-11-05 23:09:48 +01:00
d9a64c18ff
chg: [threat-actor] threat-actor-classification updated 2019-11-04 09:37:52 +01:00
6f463325b9
chg: [threat-actor] jq is jq 2019-11-03 16:01:09 +01:00
64a3569803
Merge branch 'master' of github.com:MISP/misp-galaxy 2019-11-03 08:52:37 +01:00
8d01e77574
chg: [threat-actor] Operation WizardOpium added
ref: https://securelist.com/chrome-0-day-exploit-cve-2019-13720-used-in-operation-wizardopium/94866/
2019-11-03 08:51:37 +01:00
346e54a321
Merge pull request #468 from Delta-Sierra/master
add Turla Group Symonym variant
2019-11-02 13:40:21 +01:00
Deborah Servili
1da2dc8af1
add Turla Group Symonym variant 2019-10-31 16:33:32 +01:00
Deborah Servili
efa2f43c0f
Merge pull request #467 from Delta-Sierra/master
Few updates
2019-10-31 14:31:16 +01:00
Deborah Servili
bee9b80898
jq 2019-10-31 10:37:36 +01:00
Deborah Servili
0a8f989e1c
add Winnti related tools etc. 2019-10-31 10:36:15 +01:00
Christophe Vandeplas
d32022b241 fix: [attack] fixes old MITRE relationships not being removed 2019-10-27 21:06:26 +01:00
Christophe Vandeplas
4ab9bbbfa3 chg: [attack] update to latest ATT&CK data 2019-10-25 10:12:41 +02:00
1581827875
chg: [attck4fraud] jq all the things 2019-10-20 20:07:29 +02:00
Christophe Vandeplas
eb594cba0f fix: [misinfosec] fixes inconsistent filename 2019-10-20 18:53:02 +02:00
2b84592ff5
Merge branch 'master' of github.com:MISP/misp-galaxy 2019-10-18 14:28:41 +02:00
77605f8d43
chg: [attck4fraud] updates based on issue #466 2019-10-18 14:27:36 +02:00
Rony
1fc0f5e2e7
Update threat-actor.json 2019-10-17 09:46:56 +05:30
Deborah Servili
88025a541f
add operation soft cell 2019-10-14 16:07:35 +02:00
4d4bd3a70c fix: [misinfosec] fixed kill_chain fields 2019-10-09 09:45:52 +02:00
VVX7
e4998efec9 chg: [galaxy] added AMITT galaxy/cluster generator script 2019-10-08 13:52:08 -04:00
VVX7
a0357c735e chg: [galaxy] version number to int 2019-10-07 19:19:45 -04:00
VVX7
0a29445b44 new: [galaxy] AMITT (Adversarial Misinformation and Influence Tactics and Techniques) framework for describing disinformation incidents. AMITT is part of misinfosec - work on adapting information security practices to help track and counter misinformation - and is designed as far as possible to fit existing infosec practices and tools. 2019-10-07 19:07:25 -04:00
Deborah Servili
c27385cfa4
jq 2019-10-07 14:38:16 +02:00
Deborah Servili
5355910a8f
add legitimate tools 2019-10-07 13:38:40 +02:00
Deborah Servili
19452d8c1f Merge branch 'master' of https://github.com/MISP/misp-galaxy 2019-10-07 11:07:00 +02:00
Deborah Servili
569d453ff2
update version 2019-10-07 11:06:27 +02:00
Deborah Servili
0795eecd01
add PlugX rat sysnonyms 2019-10-07 11:04:33 +02:00
ac8236d16d
chg: [misp-galaxy] jq all the things 2019-10-03 14:46:07 +02:00
9e82b025b5
chg: [tool] COMPfun - Reductor added
Ref: https://securelist.com/compfun-successor-reductor/93633/
2019-10-03 14:25:44 +02:00
Deborah Servili
cb774002c9
add Sodinokibi synonym 2019-10-02 11:44:54 +02:00
Deborah Servili
82824be700
fix empty string 2019-09-30 12:55:31 +02:00
Deborah Servili
b7c9d3e034
jq 2019-09-30 11:56:28 +02:00
Deborah Servili
fca032ea73
add TVSPY tool 2019-09-30 10:45:53 +02:00
Deborah Servili
f6c075c3df
WIP update target info 2019-09-27 16:22:01 +02:00
Deborah Servili
c305640290
new galaxy - Region based on UN M49 2019-09-26 13:01:41 +02:00
Deborah Servili
d0068b0ce0
WIP update target info 2019-09-25 15:39:02 +02:00
Deborah Servili
a4b59f647c
jq 2019-09-25 13:41:55 +02:00
Deborah Servili
335402c886 Merge branch 'master' of https://github.com/MISP/misp-galaxy into target-location-galaxy 2019-09-25 13:39:33 +02:00
Deborah Servili
bb3f9dc183
WIP update target info - fix empty string 2019-09-25 13:31:46 +02:00
309109eb27
chg: [threat-actor] new LookBack (Malware?Campaign?TA?)
Signed-off: During MISP training
2019-09-25 12:12:34 +02:00
Deborah Servili
9068e3c742
WIP update target info 2019-09-25 11:46:10 +02:00
a5ae130916
chg: [threat-actor] Evil Eye and POISON CARP
Ref: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/
Signed-off: Jean-Louis during training session
2019-09-25 11:27:03 +02:00
Deborah Servili
83ee520dd5
WIP update target info 2019-09-25 09:44:34 +02:00
Deborah Servili
638cdd4198
version update 2019-09-20 14:54:56 +02:00
Deborah Servili
b9b4b9c651
Add Tortoiseshell thrat actor 2019-09-20 14:53:25 +02:00
Deborah Servili
6d88367497
moar clusters 2019-09-20 09:50:37 +02:00
42f457fc22
Merge pull request #457 from rmkml/master
Add Mr.Dec Ransomware
2019-09-17 10:17:11 +02:00
rmkml
5631d210a0 Add Mr.Dec Ransomware 2019-09-17 00:44:56 +02:00
cc134d7dff
Merge pull request #456 from rmkml/master
Add Hildacrypt Ransomware
2019-09-15 18:24:03 +02:00
rmkml
dff982be20 Add Hildacrypt Ransomware 2019-09-14 21:49:16 +02:00
55da11f8ba
Merge pull request #455 from rmkml/master
Add InnfiRAT
2019-09-14 08:16:35 +02:00
rmkml
f907797d41 Add InnfiRAT 2019-09-14 00:08:54 +02:00
Deborah Servili
7e892eaa7d
update target information [draft] 2019-09-13 16:35:20 +02:00
Deborah Servili
2588df01cc
update target information 2019-09-12 16:22:11 +02:00
StefanKelm
db2b5a13ef
Update threat-actor.json
Silent Librarian
2019-09-12 11:57:03 +02:00
Deborah Servili
1eb23bc55b
update target information 2019-09-12 11:10:41 +02:00
Deborah Servili
6c430ad21e
improve target-information 2019-09-11 16:32:29 +02:00
rmkml
7c89cb308c
Merge branch 'master' into master 2019-09-07 19:52:05 +02:00
rmkml
dfc6321e0c Add AsyncRAT 2019-09-07 19:43:08 +02:00
Deborah Servili
718ea55dd7
Merge branch 'master' into master 2019-09-04 14:42:47 +02:00
Deborah Servili
9e3a998dfc
aff SectorJ04 group 2019-09-03 15:51:21 +02:00
9690d070ab
Merge pull request #450 from rmkml/master
Add Buran Ransomware
2019-09-02 07:39:19 +02:00
rmkml
28ec696272 Add Buran Ransomware 2019-09-01 21:20:28 +02:00
Daniel Plohmann
f40b7dd132
'SectorJ04 Group' as alias introduced by NSHC for TA505
Not explicitly mentioned in the blog post but it looks like we just got an alias for TA505... https://threatrecon.nshc.net/2019/08/29/sectorj04-groups-increased-activity-in-2019/
2019-09-01 15:46:36 +02:00
9920461294
Merge pull request #448 from rmkml/master
Add Nemty Ransomware
2019-08-31 21:27:50 +02:00
rmkml
e79310c861 Add Nemty Ransomware 2019-08-31 21:08:50 +02:00
c7e6a17a31
Merge pull request #447 from Delta-Sierra/target-location-galaxy
improve more clusters
2019-08-30 16:37:39 +02:00
Deborah Servili
5504c10e3d
improve more clusters 2019-08-30 16:32:02 +02:00
b986f06cb4
Merge pull request #446 from wagner-certat/tool-empty-strings
Add test for empty strings
2019-08-30 11:10:16 +02:00
0966e58da6
Merge branch 'master' of github.com:MISP/misp-galaxy 2019-08-30 11:06:29 +02:00
f5056ff02e
chg: [threat-actor] add machete-apt synonyms as reported in #445 2019-08-30 11:03:30 +02:00
Deborah Servili
2c248db419
Merge pull request #441 from Delta-Sierra/target-location-galaxy
More clusters improved
2019-08-30 10:15:56 +02:00
Sebastian Wagner
e13087a9c4
target-information: fix territory-type for China 2019-08-30 10:08:19 +02:00
StefanKelm
49f8f60a85
Update threat-actor.json
Add ITG08 as synonym for FIN6
2019-08-29 13:13:00 +02:00
8d78a2a108
chg: [threat-actor] jq all 2019-08-29 08:31:10 +02:00
791c88f2eb
Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master 2019-08-29 08:30:41 +02:00
Deborah Servili
395dd93e0f
add Asruex Backdoor 2019-08-28 15:40:03 +02:00
9926ea8826
chg: [threat-actor] LYCEUM added - 443 #fixed 2019-08-28 14:35:12 +02:00
Deborah Servili
ea68336b96
add ref for Gamaredon 2019-08-27 08:28:58 +02:00
Deborah Servili
300e3c2bfb
More clusters improved 2019-08-26 17:50:20 +02:00
775b6d1a09
Merge pull request #440 from Delta-Sierra/target-location-galaxy
Target location galaxy
2019-08-23 16:29:23 +02:00
Deborah Servili
fcded146c2
More clusters improved 2019-08-23 16:01:12 +02:00
Deborah Servili
bae47241f0
More clusters improved 2019-08-23 11:14:14 +02:00
a68577a967
Merge pull request #439 from Delta-Sierra/target-location-galaxy
Target location galaxy
2019-08-22 16:24:57 +02:00
Deborah Servili
a579c041d2
More clusters improved 2019-08-22 15:59:11 +02:00
Deborah Servili
b7a97d1baf
More clusters improved 2019-08-22 11:49:09 +02:00
Deborah Servili
6944236943
more countries 2019-08-20 15:24:16 +02:00
Sebastian Wagner
38aebbf42a
remove empty strings 2019-08-19 17:04:07 +02:00
Deborah Servili
93ca9a3123
Merge pull request #437 from Delta-Sierra/target-location-galaxy
Target location galaxy
2019-08-19 08:57:48 +02:00
Deborah Servili
754f8f2a48
complete more cluster + country is now an array 2019-08-14 16:30:28 +02:00
Deborah Servili
3e651e2d74
target-informatione - add membership member-of attribute - Example:member-of NATO 2019-08-13 15:36:10 +02:00
6ca4e4cb17
Merge pull request #436 from Delta-Sierra/target-location-galaxy
Target location galaxy
2019-08-13 15:17:41 +02:00
Deborah Servili
e00f139fa2
jq 2019-08-13 13:01:36 +02:00
Deborah Servili
9accc832e3
change attribute name 2019-08-13 12:08:03 +02:00
Deborah Servili
389a82701a
jq 2019-08-13 11:57:28 +02:00
Deborah Servili
e946ce66db
complete some clusters 2019-08-13 11:55:18 +02:00
d48d2ccd3e
Merge pull request #435 from hackunagi/master
Adding Amavaldo Banking Trojan
2019-08-10 18:53:05 +02:00
3841447e16
Merge pull request #434 from r0ny123/patch-1
added microsoft naming for the groups
2019-08-10 18:52:26 +02:00
Thomas Dupuy
df5c9057a1 add synonyme for Turla 2019-08-09 17:34:22 -04:00
Carlos Borges
d96dc39c5a
Adding Amavaldo Banking Trojan 2019-08-09 18:00:37 -03:00
Rony
feac39db6b
added microsoft naming for the groups 2019-08-09 22:19:09 +05:30
Thomas Dupuy
320e298549 update victims 2019-08-09 10:45:10 -04:00
Thomas Dupuy
1988662ee5 add APT41 2019-08-09 10:24:06 -04:00
Deborah Servili
e239619d15
jq 2019-08-06 15:42:20 +02:00
Deborah Servili
53df0908c7
update version 2019-08-06 15:34:23 +02:00
Deborah Servili
4bef48b33e
add Amavaldo 2019-08-06 13:28:32 +02:00
Nils Kuhnert
17925f3e10
Remove local file link :) 2019-08-03 18:55:00 +02:00
Deborah Servili
21318cdf3d
fix building mistakes 2019-08-02 16:28:32 +02:00
7913adad61
chg: [threat-actor] rollback as discussed by chat with Andras until version 2.0 2019-08-02 16:08:40 +02:00
Andras Iklody
984be50396
lowercased value field for DarkHotel 2019-08-02 15:40:31 +02:00
17452d31a7
chg: [att&ck] July ATT&CK release included in MISP galaxy 2019-08-01 15:51:03 +02:00
a401ff7405
Merge branch 'master' into patch-13 2019-08-01 08:52:27 +02:00
Daniel Plohmann
0367e16ce0
adding secureworks actor names for energetic bear and teamspy 2019-07-31 14:35:09 +02:00
Daniel Plohmann
a4a72d0698
adding Proofpoint's TA428 2019-07-31 14:08:50 +02:00
Deborah Servili
08f713cb7d add tld
Signed-off-by: Deborah Servili <deborah.servili@gmail.com>
2019-07-26 16:22:45 +02:00
Deborah Servili
427b424cf7
rename galaxy target-location -> target-information 2019-07-19 13:49:43 +02:00
Deborah Servili
294a8bf6a2
new galaxy target-location [DRAFT] 2019-07-19 10:30:47 +02:00
Deborah Servili
2861d2d78c
jq 2019-07-16 10:13:10 +02:00
Deborah Servili
ea4d8a2d42
add SWEED threat actor 2019-07-16 10:03:07 +02:00
Deborah Servili
ca45f0deec
jq 2019-06-24 10:22:38 +02:00
Deborah Servili
32ffc98e5d
add Felipe Trojan 2019-06-24 10:20:29 +02:00
9517c8b878
chg: [threat-actor] version updated 2019-06-20 17:58:35 +02:00
8c90f7231c
chg: [threat-actor] duplicated refs removed 2019-06-20 17:35:35 +02:00
5e9d075ae5
chg: [threat-actor] synonyms fixed 2019-06-20 17:30:01 +02:00
195406cc6b
chg: [threat-actor] jq everything 2019-06-20 17:27:55 +02:00
d018519700
Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy 2019-06-20 17:23:04 +02:00
Deborah Servili
30f042211b
fix duplicate 2019-06-20 16:35:49 +02:00
Deborah Servili
a984786c8b
update threat actor galaxy 2019-06-20 16:25:23 +02:00
Rony
7afb9083b2
Update threat-actor.json 2019-06-19 23:29:35 +05:30
Deborah Servili
4bd37e2b2d
update threat actor galaxy 2019-06-19 16:38:04 +02:00
Deborah Servili
52e51833de
update threat actor galaxy 2019-06-18 16:05:49 +02:00
Deborah Servili
431e7a36c1
update threat actor galaxy 2019-06-17 16:36:42 +02:00
Deborah Servili
b966369933
##COMMA## 2019-06-14 16:35:55 +02:00
Deborah Servili
1e5292d999
fix duplicate 2019-06-14 16:21:33 +02:00
Deborah Servili
ead217eb28
Update version 2019-06-14 16:11:02 +02:00
Deborah Servili
98f0572d51
update threat actor galaxy 2019-06-14 16:06:09 +02:00
Deborah Servili
b040f9f57b
fix duplicate and links update (APT34) 2019-06-14 08:41:38 +02:00
Deborah Servili
2001652dae
fix duplicate 2019-06-14 08:28:44 +02:00
Deborah Servili
20e77afcc3
update threat actor galaxy 2019-06-13 16:19:21 +02:00
Deborah Servili
11c2f43c9f
tryto fix duplicate 2019-06-13 11:26:42 +02:00
Deborah Servili
e4245ee991
update threat actor galaxy 2019-06-12 16:25:24 +02:00
Deborah Servili
5a3d7e816f
fix duplicate 2019-06-12 09:24:05 +02:00
Deborah Servili
01fade422f Merge branch 'master' of https://github.com/MISP/misp-galaxy 2019-06-12 09:20:38 +02:00
Deborah Servili
1ba7f19ca2
update threat actor galaxy 2019-06-11 16:14:58 +02:00
Deborah Servili
347ed5d529
jq 2019-06-11 15:57:21 +02:00
Deborah Servili
79f11de6db
update threat actor galaxy 2019-06-11 15:54:39 +02:00
Deborah Servili
d6b458520b
update threat actor galaxy 2019-06-11 11:57:04 +02:00
8c69da1fd9
Merge pull request #413 from Delta-Sierra/master
update threat actor galaxy
2019-06-07 20:14:49 +02:00
Deborah Servili
1f2e59addb
update Threat actor galaxy 2019-06-07 16:34:43 +02:00
Deborah Servili
185763a63a
update threat actor 2019-06-06 16:34:09 +02:00
Deborah Servili
b809b9cfbb
update threat actor darkhotel (nemim might be a typo) 2019-06-06 11:58:19 +02:00
Deborah Servili
189c3066a5
update threat actor 2019-06-04 16:32:39 +02:00
3948cc24c1
Merge pull request #412 from Delta-Sierra/master
update threat actors and tools
2019-06-04 09:56:47 +02:00
Deborah Servili
468800ed59
FlawedAmmy RAT 2019-06-04 09:10:44 +02:00
Deborah Servili
a6c9d335ee
fix multiple refs 2019-06-04 08:52:34 +02:00
Deborah Servili
b47863f1c1
update threat actors 2019-05-29 16:18:50 +02:00
Deborah Servili
f48167ce77
update threat actors 2019-05-29 15:34:20 +02:00
Deborah Servili
f4cf3464ce
update threat actors and tools 2019-05-28 16:05:54 +02:00
9eac2a3923
Merge pull request #411 from Delta-Sierra/master
update threat-actor galaxy
2019-05-28 09:37:14 +02:00
Deborah Servili
bf19ed9d8d
fix merge mistakes 2019-05-28 09:26:24 +02:00
Deborah Servili
77d20739db
update threat actor 2019-05-28 09:24:29 +02:00
Deborah Servili
940762e0c5
update threat actor 2019-05-28 09:22:26 +02:00
Deborah Servili
0bb1420ab7
update threat-actor galaxy 2019-05-27 16:38:01 +02:00
Deborah Servili
af6241fd20
update Anchor Panda Threat Actor 2019-05-27 11:47:05 +02:00
555a87275f
Merge pull request #409 from rmkml/master
Add GetCrypt Ransomware
2019-05-25 13:56:30 +02:00
rmkml
de9cc6898a Add GetCrypt Ransomware 2019-05-25 13:30:15 +02:00
3420e50bfd
Merge pull request #408 from rmkml/master
Add Phobos Ransomware
2019-05-25 08:42:26 +02:00
1ece51ed48
chg: [branded_vulnerability] version updated 2019-05-25 08:41:33 +02:00
rmkml
6f140ce358
Merge branch 'master' into master 2019-05-25 00:03:34 +02:00
Deborah Servili
0d97013022
add BlueKeep 2019-05-24 15:55:58 +02:00
Deborah Servili
9d8d5ce1c8
fix ransomware ransomnotes 2019-05-23 16:23:09 +02:00
Deborah Servili
f5a7efaadc
jq 2019-05-23 12:39:53 +02:00
Deborah Servili
b4e4d2e539
rework of ransomware galaxy 2019-05-23 12:39:33 +02:00
Daniel Plohmann
1cc0137c38
adding TA542 to MUMMY SPIDER (emotet) 2019-05-17 17:36:57 +02:00
Rony
380006ecbb
merging Pacifier & Turla 2019-05-16 23:57:49 +05:30
32af463dd1
Merge pull request #403 from Delta-Sierra/master
add Reaver and probably related tools
2019-05-16 17:04:14 +02:00
Deborah Servili
9f801122da
add Reaver and probably related tools 2019-05-16 15:45:03 +02:00
Daniel Plohmann
a20f7fbe91
adding APT31/ZIRCONIUM 2019-05-15 22:43:33 +02:00
rmkml
cd58833770 Add Phobos Ransomware 2019-05-15 21:02:32 +02:00
Raphaël Vinot
59869bf145 fix: o365-exchange-techniques (duplicate values, duplicate UUIDs) 2019-05-13 11:15:38 +02:00
Deborah Servili
f8e356e042
Merge pull request #400 from Delta-Sierra/master
add Sodinokibi
2019-05-13 08:50:26 +02:00
678b2a5621
chg: [o365-exchange-techniques] Actions on Intent added (finalized) 2019-05-12 18:25:01 +02:00
5d1565152c
chg: [o365-exchange-techniques] Expansion added (WiP) 2019-05-12 18:19:00 +02:00
ee0f793e49
chg: [o365-exchange-techniques] Persistence kill-chain added (WiP) 2019-05-12 17:54:53 +02:00
3a75c6a3df
chg: [o365-exchange-techniques] Compromise row added (WiP) 2019-05-12 12:07:30 +02:00
a2df5c46d8
chg: [o365-exchange-techniques] [WiP] based on John Lambert matrix techniques 2019-05-12 09:51:41 +02:00
Rony
7c0ea4949a
Update threat-actor.json 2019-05-12 11:11:09 +05:30
Deborah Servili
5bbb0ab53d
add Sodinokibi 2019-05-08 15:54:37 +02:00
Raphaël Vinot
82ebbc6612 fix: UUID issues 2019-05-07 12:09:39 +02:00
Raphaël Vinot
988586fde0 fix: Duplicate values, typos. 2019-05-06 17:17:16 +02:00
36f317b4a8
Merge pull request #395 from Delta-Sierra/master
add Scranos
2019-05-03 16:22:20 +02:00
Deborah Servili
ad00477c87
add Scarnos 2019-05-03 15:55:19 +02:00
6aa7c39714
Merge pull request #394 from StefanKelm/master
Update threat-actor.json
2019-05-02 16:50:25 +02:00
20007e7b7c
Merge pull request #393 from Delta-Sierra/master
add AESDDoS Botnet and JasperLoader
2019-05-02 16:48:55 +02:00
StefanKelm
7e329855b2
Update threat-actor.json
Silent Librarian / COBALT DICKENS
2019-05-02 15:34:19 +02:00
b77087d59e
chg: [malpedia] duplicates fixed 2019-05-02 14:48:17 +02:00
b706738d46
chg: [malpedia] jq all the things 2019-05-02 14:47:00 +02:00
1ddb38341b
Merge branch 'master' of https://github.com/nao-sec/misp-galaxy into nao-sec-master 2019-05-02 14:46:34 +02:00
Deborah Servili
dda2ede5f2
add JasperLoader 2019-05-02 13:02:00 +02:00
Deborah Servili
f51f13e84b
add AESDDoS Botnet 2019-05-02 10:15:26 +02:00
37da9bebdf
chg: [threat-actor] FIN4 updates 2019-05-01 17:41:03 +02:00
Rony
0afaf81438
Update threat-actor.json 2019-05-01 15:54:38 +05:30
Rony
c565f61761
Update threat-actor.json 2019-05-01 15:51:56 +05:30
Rony
3b185d8435
Update threat-actor.json 2019-05-01 15:40:10 +05:30
Rony
ed351b4eae
updated FIN4 2019-05-01 15:24:59 +05:30
94466d8196
chg: [ATT&CK] updated to the latest version 2019-04-30 19:07:57 +02:00
Rintaro KOIKE
57735a5b5c
chg: [malpedia] updated to the latest version
Ref: https://malpedia.caad.fkie.fraunhofer.de/api/get/misp
2019-04-30 20:41:12 +09:00
f9a030ce54
chg: [exploit-kit] jq all the things 2019-04-28 19:12:06 +02:00
82a85d1651
Merge branch 'master' of https://github.com/Kafeine/misp-galaxy into Kafeine-master 2019-04-28 19:11:20 +02:00
Kafeine
915b673b7a
+= Spelevo 2019-04-28 12:24:48 +02:00
2405f1c59e
chg: [tool] Cowboy and KimJongRAT (Sorry Paul, we forgot ;-)
ref: https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/
2019-04-27 09:33:55 +02:00
094f0e0684
chg: [tool] jq all the things 2019-04-24 12:58:49 +02:00
088e7477a6
chg: [tool] Karkoff tool added 2019-04-24 11:40:06 +02:00
Rony
292df2360a
more report on APT36 2019-04-22 11:05:21 +05:30
Deborah Servili
8ac7aec85c
add Sea Turtle campaign 2019-04-19 13:21:11 +02:00
Deborah Servili
39a416e9e7 Merge branch 'master' of https://github.com/MISP/misp-galaxy 2019-04-19 11:54:26 +02:00
Christophe Vandeplas
ecc63cf166 chg; [threat-actor] validate + version bump 2019-04-17 21:01:55 +02:00
Christophe Vandeplas
d5fd896bb0
Merge pull request #385 from bartblaze/master
Add Whitefly
2019-04-17 20:53:15 +02:00
Deborah Servili
3abfe9fa48
merge 2019-04-17 16:06:50 +02:00
Bart
e1cab68683
Add Whitefly 2019-04-17 12:27:18 +01:00
Deborah Servili
83b900ecc2
Merge pull request #384 from r0ny123/patch-3
fixed the broken link
2019-04-17 08:27:09 +02:00
Deborah Servili
d72ea0d83a
Merge pull request #383 from rmkml/master
Add BigBobRoss Ransomware
2019-04-17 08:26:42 +02:00
Rony
d98aefa186
fixed the broken link 2019-04-17 09:17:23 +05:30
rmkml
d16cc2e184 Add Cr1ptt0r Ransomware 2019-04-14 20:49:36 +02:00
rmkml
271143519d Add SpelevoEK 2019-04-13 23:04:25 +02:00
rmkml
55f6d28388 Add Planetary Ransomware 2019-04-13 22:41:37 +02:00
rmkml
356c485459 Add BigBobRoss Ransomware 2019-04-13 22:06:53 +02:00
9f20c7aac1
Merge pull request #382 from rmkml/master
Add Caesar RAT
2019-04-13 22:02:40 +02:00
rmkml
747dd3f90d Add Caesar RAT 2019-04-13 21:47:24 +02:00
30baec12e9
Merge pull request #381 from rmkml/master
Add Tellyouthepass Ransomware
2019-04-13 20:01:30 +02:00
rmkml
9aa6244ed9 Add Ave Maria Stealer 2019-04-13 17:01:31 +02:00
rmkml
86323ca948 Add Tellyouthepass Ransomware 2019-04-13 16:38:46 +02:00
bc0949c357
Merge pull request #380 from bartblaze/master
Add DoNot team references
2019-04-13 09:29:35 +02:00
903612178f
Merge pull request #379 from rmkml/master
Add BlackWorm Ransomware
2019-04-13 09:29:02 +02:00
rmkml
f94e138b27 Add Vidar Stealer 2019-04-12 23:31:30 +02:00
rmkml
54cd80ee2d Add Brushaloader Malware 2019-04-12 22:42:57 +02:00
Bart
3256cca9e0
Add DoNot team references 2019-04-12 21:12:16 +01:00
rmkml
25597c24f7 Add BlackWorm Ransomware 2019-04-12 21:29:13 +02:00
d7b4908aa3
Merge branch 'patch-8' of https://github.com/danielplohmann/misp-galaxy into danielplohmann-patch-8 2019-04-12 05:58:47 +02:00
Daniel Plohmann
159225b6cf
Based on additional research, APT36 can actually be merged into Mythic Leopard 2019-04-11 22:29:49 +02:00
Rony
7987c8f023
Update threat-actor.json 2019-04-12 01:56:12 +05:30
Rony
2fc914b2f9
Update threat-actor.json 2019-04-12 01:06:50 +05:30
Rony
60e4a486a7
adding additional resources for APT36 2019-04-11 23:55:51 +05:30
rmkml
eb90e99daf Add Globe Imposter Ransomware 2019-04-10 22:37:54 +02:00
rmkml
6467fe5849 Add Parasite HTTP RAT 2019-04-09 22:27:28 +02:00
Daniel Plohmann
df5301eab5
adding FireEye's TMP.Lapis / APT36 2019-04-09 08:38:44 +02:00
Deborah Servili
c69a18c723 Merge branch 'master' of https://github.com/MISP/misp-galaxy 2019-04-02 08:21:41 +02:00
a0234020bc
chg: [ransomware] various fixes 2019-04-01 19:49:00 +02:00
d23e533cdb
chg: [ransomware] jq all the things(tm) 2019-04-01 19:44:05 +02:00
36895a2163
chg: [ransomware] fix the meta to payment-method 2019-04-01 19:40:30 +02:00
0fa6cf25ba
Merge branch 'master' of https://github.com/ismasma/misp-galaxy into ismasma-master 2019-04-01 19:38:23 +02:00
Deborah Servili
272ea3ba4a
add ref for Ryuk and LockerGoga ransomwares 2019-03-28 15:58:00 +01:00
ac6276a906
Merge pull request #371 from Delta-Sierra/master
Add Operation ShadowHammer
2019-03-26 22:25:22 +01:00
Deborah Servili
6027d546f2
Add Operation ShadowHammer 2019-03-26 10:40:29 +01:00
Deborah Servili
575dd64582
add relationship between Cardinal RAT and EVILNUM 2019-03-26 08:41:11 +01:00
52f088efc9
Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master 2019-03-21 20:51:59 +01:00
Daniel Plohmann
e0bb3d76a6
added APT-C-27 / GoldMouse 2019-03-21 18:06:03 +01:00
Deborah Servili
d0383b460f
jq 2019-03-21 09:15:16 +01:00
Deborah Servili
0fd04fa619
Merge branch 'master' into master 2019-03-21 08:42:30 +01:00
Deborah Servili
3c207f69be
add Cardinal RAT ref 2019-03-20 16:11:50 +01:00
Deborah Servili
f86c748b8c
add AOT-C-27 Goldmouse 2019-03-20 15:45:20 +01:00
Raphaël Vinot
6be42e6a1a fix: Make validate all happy 2019-03-20 12:58:18 +01:00
04accabaab
chg: [mitre att&ck] updated with new version 2019-03-20 12:37:38 +01:00
Deborah Servili
b2e1d5551f
add SPOILER vulnerability + other minor changes 2019-03-20 11:47:58 +01:00
b2538a1f8a
chg: [threat-actor] change attribution confidence to be a string by default 2019-03-19 16:51:41 +01:00
095b0a4d81
chg: [attck4fraud] updated 2019-03-19 16:33:27 +01:00
3cf53b670e
chg: [attck4fraud] completed 2019-03-19 16:02:08 +01:00
2b619dd9b7
chg: [attck4fraud] Assets Transfer added 2019-03-19 15:52:33 +01:00
75b4a3a951
chg: [attck4fraud] Obtain Fraudulent Assets added 2019-03-19 15:44:16 +01:00
bf6a605f6d
chg: [attck4fraud] Perform fraud added 2019-03-19 15:33:46 +01:00
e398cc3ef2
chg: [attck4fraud] Target compromise updated 2019-03-19 15:17:25 +01:00
e26918d749
chg: [attck4fraud] more techniques 2019-03-19 15:08:44 +01:00
4f454493b7
chg: [threat-actor] BRONZE UNION is also uppercase 2019-03-19 14:47:03 +01:00
9a6b597387
chg: [threat-actor] updated the version to avoid the past issue with 0 value for integer values 2019-03-19 14:44:49 +01:00
c2f10410f5
chg: [sector] typo fixed - reported in #364 2019-03-19 12:36:19 +01:00
e56cb33097
chg: [attck4fraud] fix the type issue 2019-03-19 10:03:33 +01:00
a80283672c
chg: [attck4fraud] uuid fixed 2019-03-19 08:39:08 +01:00
2419a33807
chg: [attck4fraud] ATM Shimming added 2019-03-19 08:33:08 +01:00
779bc4a6a0
chg: [attck4fraud] description fixed for FT1003 2019-03-19 08:11:33 +01:00
3c067c42a8
Merge branch 'master' of github.com:MISP/misp-galaxy 2019-03-19 08:10:36 +01:00
824465d879
add: [attck4fraud] initial attck-like matrix for fraud from https://github.com/burritoblue/attck4fraud (WiP) 2019-03-19 08:09:23 +01:00
78b886b2f0
Merge pull request #363 from Delta-Sierra/master
add H-worm RAT
2019-03-19 07:31:04 +01:00
Deborah Servili
3294091600
add H-worm RAT 2019-03-18 16:24:55 +01:00
Bart
dff2a827d6
Update preventive-measure.json
Add ACL
2019-03-17 21:47:54 +00:00
Deborah Servili
5ce8aae89e
add Operation Comando - hit version 100 2019-03-15 15:04:29 +01:00
ismasma
379ed61c34
Add payment method and price 2019-03-14 17:12:42 +01:00
5db30ba974
chg: [threat-actor] SandCat added 2019-03-14 06:18:10 +01:00
Thomas Dupuy
60d79b0153 add synonym, no need for uppercase in the name :) 2019-03-13 23:07:10 +01:00
Deborah Servili
ecf76178e7
add attribution-confidence attribute to threat-actor 2019-03-11 11:18:12 +01:00
Deborah Servili
7576d0db02
relations between SLUB Backdoor 2019-03-11 09:01:12 +01:00
Deborah Servili
a65688ec02 Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy 2019-03-11 08:51:47 +01:00
Deborah Servili
33dbda1e1e Merge branch 'master' of https://github.com/MISP/misp-galaxy 2019-03-11 08:51:16 +01:00
Deborah Servili
59ee8a9f13
Merge branch 'master' into master 2019-03-11 08:40:38 +01:00
Deborah Servili
ddab5f7006
Merge branch 'master' into master 2019-03-11 08:40:11 +01:00
139e6c32ed
chg: [threat-actor] new attribution-confidence level introduced 2019-03-11 08:37:49 +01:00
eb665e2883
chg: [threat-actor] jq all the things 2019-03-10 11:15:13 +01:00
bebcc0eb5a
Merge branch 'master' of github.com:MISP/misp-galaxy 2019-03-10 10:48:31 +01:00
6fb1303570
chg: [threat-actor] IRIDIUM added
Ref: https://resecurity.com/blog/parliament_races/
2019-03-10 10:47:34 +01:00
Raphaël Vinot
4f3e6335b5 fix: Wrong (duplicate) value. 2019-03-09 06:29:26 +01:00
Deborah Servili
2815e48610
add StealthWorker malware 2019-03-08 15:57:30 +01:00
Deborah Servili
ee034babba
add SLUB backdoor 2019-03-08 14:39:34 +01:00
769e0002ef
chg: [tools] jq all the things 2019-03-08 08:10:42 +01:00
Daniel Plohmann
1d8ada33a0
Update threat-actor.json
another actor described by 360TIC.
2019-03-07 17:50:46 +01:00
63419046d4
Merge branch 'master' of github.com:MISP/misp-galaxy 2019-03-07 15:51:44 +01:00
31ba566c18
chg: [tool] SLUB Backdoor added 2019-03-07 15:51:16 +01:00
Deborah Servili
7afd311abc
add Jokeroo RaaS 2019-03-07 15:23:30 +01:00
Daniel Plohmann
cfb807861a
FireEye upgraded TEMP.Periscope to APT40 2019-03-07 14:34:14 +01:00
Deborah Servili
eb0a33eab6
add operation Kabar Cobra 2019-03-06 15:52:49 +01:00
Deborah Servili
ae49090845
add ref for garrantydecrypt 2019-03-04 16:34:52 +01:00
Deborah Servili
6ffb8dd437
add relation between Lazarus Group and Operation SharpShooter 2019-03-04 12:03:05 +01:00
Deborah Servili
19c4fe4d11
add Rising Sun Backdoor 2019-03-04 10:11:26 +01:00
Deborah Servili
bd3fce00e1
add Razdel 2019-02-25 16:35:06 +01:00
f7367ef887
chg: [tool] Xbash description updated 2019-02-23 09:25:14 +01:00
f2159bfaa3
chg: [threat-actor] format fixed 2019-02-22 22:50:42 +01:00
f621b40263
chg: [threat-actor] jq all the things late in the night 2019-02-22 22:47:25 +01:00
d5df0d1064
chg: [threat-actor] uuid fixed 2019-02-22 22:45:28 +01:00
f2c80cbcdd
chg: [tool] BabyShark added 2019-02-22 22:44:44 +01:00
38283f0f86
chg: [threat-actor] STOLEN PENCIL added 2019-02-22 22:41:06 +01:00
243a6280e0
Merge pull request #350 from bartblaze/master
Add more info on Lotus Blossom
2019-02-21 23:39:33 +01:00
Bart
06553bbec2
Add more info on Lotus Blossom
Add 2 more references, fix typo - Trend calls it "Esile", not "Eslie" as mistakenly stated by CFR. The backdoor itself is commonly referred to as Elise.
2019-02-21 22:31:14 +00:00
08e8aafcf7
chg: [cert-eu-govsector] version fixed 2019-02-21 07:19:04 +01:00
ed132cb1b8
chg: [threat-actor] version fixed 2019-02-21 07:18:16 +01:00
Daniel Plohmann
0cd79994cc
Two more actor names from GTR2019
I found two more actor names while going again over the crowdstrike's report and updating the cross-references to malpedia.
2019-02-19 22:38:11 +01:00
Daniel Plohmann
85ec27b4c4
Added missing actors from CrowdStrike GTR2019 2019-02-19 18:26:01 +01:00
Itay Cohen
7d9dc1ec9d
Fix 404'd reference of BuhTrap 2019-02-17 11:33:11 +02:00
9ad8a76a38
chg: [ransomware] no related object in meta 2019-02-15 10:30:20 +01:00
34042abe23 new: Added draft of the election guildelines galaxy 2019-02-15 08:44:33 +01:00
Deborah Servili
5bf18ffd23
Merge branch 'master' into master 2019-02-14 16:29:04 +01:00
Deborah Servili
9c450a80d4
add Gallmaker and other clusters 2019-02-14 16:04:54 +01:00
Deborah Servili
2794a20589
add OSX/Shlayer and some refs 2019-02-14 12:42:28 +01:00
ad0ef66b0a
chg: [tool] jq jq jq jq jq jq jq jq 2019-02-12 21:41:33 +01:00
Thomas Dupuy
95a70d09a5 add ANEL/UPPERCUT in tool cluster 2019-02-12 12:19:23 -05:00
Deborah Servili
8aeed60a24
Add Siesta campaign 2019-02-11 16:30:46 +01:00
João Neto
662cc5a012
Updated "Iran" name
This extra space leads to an unnecessary key error when parsing the json file
2019-02-08 16:50:22 +01:00
Nils Kuhnert
fc16f4f69c
Added Velvet Chollima as synonym to Kimsuki 2019-02-08 08:50:05 +01:00
Christophe Vandeplas
e5f74c8fdc
Merge pull request #336 from 3c7/synonym/static-kitten
Added static kitten as synonym for MuddyWater
2019-02-07 08:54:49 +01:00
2bbb8a6a43
Merge pull request #334 from 3c7/synonym/cobalt-spider
Added Cobalt Spider as Synonym for Cobalt
2019-02-07 08:53:19 +01:00
Nils Kuhnert
9778bea81e
Added Cobalt Spider reference 2019-02-07 08:41:00 +01:00
Nils Kuhnert
523a52c4db
Added static kitten as synonym for MuddyWater 2019-02-07 08:38:52 +01:00
Nils Kuhnert
0049acd81c
Added Turbine Panda as synonym for APT 26 2019-02-07 08:28:48 +01:00
Nils Kuhnert
5a077cf838
Added Cobalt Spider as Synonym for Cobalt 2019-02-07 08:26:10 +01:00
Nils Kuhnert
a171d5aa9d
Added Ocean Buffalo synonym for Ocean Lotus 2019-02-03 21:36:21 +01:00
b9f1317941
Merge pull request #332 from Delta-Sierra/master
Add APT39 & LockerGoga
2019-02-01 18:36:12 +01:00
Nils Kuhnert
0b04046d91
Added Quilted Tiger as Synonym for Patchwork/Dropping Elephant. 2019-02-01 13:17:43 +01:00
Deborah Servili
233b7f3aff
add APT39 2019-01-31 18:48:19 +01:00
Deborah Servili
b4751d396a
add LockerGoga ransomware 2019-01-30 12:07:19 +01:00
Nils Kuhnert
d45a32e9e2
Added Shadow Crane as synonym for Dark Hotel. 2019-01-30 08:22:46 +01:00
Nils Kuhnert
42ecbd801c
Added "Stardust Chollima" as synonym for Lazarus. 2019-01-29 08:36:12 +01:00
898bdaf7f8
Merge pull request #328 from Delta-Sierra/master
add Silence Group
2019-01-25 16:43:08 +01:00
Deborah Servili
c11a31b12a
add Silence Group 2019-01-25 16:19:51 +01:00
Thomas Dupuy
d38fb407ec add alternative name for DarkHydrus 2019-01-21 23:14:34 -05:00
Deborah Servili
45ed56cd61
add LoJax ref 2019-01-17 10:49:23 +01:00
Deborah Servili
3bdbd6646b
add Cold River Threat actor 2019-01-17 09:44:09 +01:00
Deborah Servili
5d61a75886
fix versions 2019-01-14 16:34:28 +01:00
Deborah Servili
61093f6f07
add several ransomware and threat actors 2019-01-14 16:28:15 +01:00
Deborah Servili
90d2bf7bc1
add drakhydrus ref 2019-01-11 10:17:07 +01:00
Deborah Servili
cddfd5fcd1
TA505 threat actorand affiliates malwares 2019-01-11 09:53:08 +01:00
Deborah Servili
4547b09f49
add hidenad synonym 2019-01-10 11:53:30 +01:00
Deborah Servili
a10a417b0a
add Cryptomix variants refs 2019-01-10 10:03:22 +01:00
Deborah Servili
d3ae9e1e14
update version 2019-01-09 15:54:09 +01:00
Deborah Servili
90e3602db6
add AndroidOS_HidenAd 2019-01-09 15:33:34 +01:00
Deborah Servili
cc0bd96527 Merge branch 'master' of https://github.com/MISP/misp-galaxy 2019-01-09 14:54:33 +01:00
Christophe Vandeplas
0ba220987d chg: [mitre] bump to latest MITRE ATT&CK dataset 2018-12-29 18:40:21 +01:00
Christophe Vandeplas
50c817a1fd
MITRE galaxy regeneration + updated migration script 2018-12-29 18:14:47 +01:00
Nils Kuhnert
1e4ebdd560
Added OilRig synonym "Helix Kitten". 2018-12-27 09:10:21 +01:00
Kafeine
5766cd68f8 zTDS 2018-12-22 11:51:40 +01:00
Kafeine
ce94cb8458 novidade,taurus 2018-12-22 10:19:52 +01:00
Deborah Servili
91b8da1e9e
add ransomwares 2018-12-20 00:37:49 +01:00
de66295539
Merge pull request #316 from danielplohmann/master
New name SNAKEMACKEREL for APT28 by Accenture
2018-12-19 14:06:38 +01:00
Gerard Wagener
7b347017e2
Removed Puplishing industry 2018-12-19 11:45:31 +01:00
Daniel Plohmann
cc22da1200 Microsoft alias for apt29 is YTTRIUM 2018-12-19 11:28:44 +01:00
Daniel Plohmann
c9e15b0c08 new name SNAKEMACKEREL for APT28 by Accenture 2018-12-19 10:46:58 +01:00
27f6b19570
Merge pull request #315 from Delta-Sierra/master
add OSX malwares
2018-12-18 17:43:34 +01:00
Deborah Servili
e6fa06f178
add OSX malwares 2018-12-18 16:26:49 +01:00
a04790ac41
chg: [malpedia] updated to the latest version
Ref: https://malpedia.caad.fkie.fraunhofer.de/api/get/misp
2018-12-14 19:00:18 +01:00
Deborah Servili
cb4345adf9
add operation sharpshooter 2018-12-13 13:47:54 +01:00
Deborah Servili
a9265d9858
update toll version 2018-12-13 09:44:09 +01:00
Deborah Servili
9f29f297d2
add shamoon synonym 2018-12-13 09:43:20 +01:00
Deborah Servili
3a2ac48faa
fix tool version 2018-12-12 15:39:34 +01:00
Deborah Servili
3ef58f7b21
fix exploit-kit version 2018-12-12 15:38:39 +01:00
Deborah Servili
70d68a312c
add some clusters or info 2018-12-12 15:26:54 +01:00
Deborah Servili
169d69871a
add Goden Chickens and affiliates 2018-12-12 13:52:55 +01:00
Deborah Servili
3183a4d1ff
add ransomwares 2018-12-12 09:27:27 +01:00
Christophe Vandeplas
1a65dfb9f4 chg: [mitre] re-generated galaxies and values using the MITRE sources
and also using the MISP version to keep manually created relationships and such
2018-12-09 09:16:03 +01:00
Christophe Vandeplas
39ff6b4bbc MITRE sorted
While dicts were sorted, lists were not yet sorted. This current sort algo is not yet the best, but is a good start. A good sort is needed for better comparison afterwards with automated tools. In a next stage tt will also be needed in the validate_all scripts.
2018-12-09 08:32:48 +01:00
Deborah Servili
bf77e1125a
add Operation Poison Needles 2018-12-07 16:32:09 +01:00
Deborah Servili
79828d7411
add clusters 2018-12-07 13:25:56 +01:00
Deborah Servili
5a725e71ef
add several clusters 2018-12-06 16:13:51 +01:00
ac2b5dbe05
fix: [ransomware] more duplicates removed 2018-12-02 12:00:17 +01:00
2e8f139daa
fix: [ransomware] removed duplicate values 2018-12-02 11:54:34 +01:00
Deborah Servili
be9b4ff40f
add DNSpionage cluster 2018-11-29 16:38:06 +01:00
Deborah Servili
ef54489ea9
add everbe rasomnotes 2018-11-29 15:33:39 +01:00
Deborah Servili
6382857ee3
add ransomwares 2018-11-29 15:23:57 +01:00
Deborah Servili
c81f128d98
add ransomwares 2018-11-27 15:59:26 +01:00
Deborah Servili
6f255c0999
add Aurora Ransomware metadata 2018-11-26 09:30:54 +01:00
Deborah Servili
e5487305f1
add Aurora Ransomware synonym 2018-11-26 08:33:11 +01:00
Deborah Servili
9f5e10abf6
fix version 2018-11-23 16:16:58 +01:00
Deborah Servili
b6b1c7171a
Add Rotexy 2018-11-23 16:15:48 +01:00
Deborah Servili
dac1c08491
update version 2018-11-23 12:42:41 +01:00
Deborah Servili
b50c8bd805
add PNG Dropper 2018-11-23 10:38:36 +01:00
Deborah Servili
1be4a1cedb
add reference for Emotet/Geodo 2018-11-22 09:00:43 +01:00
Deborah Servili
2bf5d46cc4 Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy 2018-11-22 08:59:53 +01:00
Deborah Servili
2f5031b845
add several references for Emotet and others 2018-11-22 08:37:45 +01:00
Deborah Servili
de38e7249c
Merge branch 'master' into master 2018-11-19 15:23:45 +01:00
Deborah Servili
ce61b2d2dd
update oilrig related clusters + others 2018-11-19 14:56:13 +01:00
eec7693081
chg: uuid fixed 2018-11-18 06:31:04 +01:00
d324a1c39b
Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master 2018-11-18 06:29:50 +01:00
Deborah Servili
eb6f6a3f49
fix rat galaxy version 2018-11-16 16:40:23 +01:00
Deborah Servili
77b556d702
jq and add ref in tool galaxy -hit version 100- 2018-11-16 13:11:55 +01:00
Deborah Servili
faa16879da
add TheOneSpy 2018-11-16 13:10:21 +01:00
c9fd60d14b
chg: [threat-actor] INDRIK SPIDER added 2018-11-14 20:46:06 +01:00
Deborah Servili
ca33f1c2ce Merge branch 'master' of https://github.com/MISP/misp-galaxy 2018-11-13 15:25:34 +01:00
Deborah Servili
f55277b682
add several rqansomware and HookAds campaign 2018-11-13 12:20:37 +01:00
a505995b79
fix: [ransomware] duplicate removed 2018-11-13 07:12:36 +01:00
51d3af11fc
chg: [ransomware] duplicate removed 2018-11-13 07:08:49 +01:00
a4c916c916
Merge branch 'master' of github.com:MISP/misp-galaxy 2018-11-13 07:01:56 +01:00
Benoit Sevens
8f8c69134e
Update threat-actor.json
Add LuckyMouse link
2018-11-12 13:12:14 +01:00
Deborah Servili
46dba06e40
add/update ransomawares 2018-11-09 16:34:00 +01:00
Deborah Servili
14444e4321
add several tools and refs 2018-11-08 10:39:32 +01:00
Daniel Plohmann
1f6b606f75
added APT38 as (FireEye) alias for Lazarus
cross-references in https://content.fireeye.com/apt/rpt-apt38 suggest the link to Lazarus.
2018-11-07 17:19:50 +01:00
Deborah Servili
954264c084
Merge pull request #296 from Delta-Sierra/master
update ransomware galaxy
2018-11-07 09:19:23 +01:00
Deborah Servili
d41a279c73
update ransomware galaxy 2018-11-05 16:23:10 +01:00
8ae3214cd1
Merge pull request #295 from Delta-Sierra/master
update Red Alert 2 Android Banking Trojan
2018-11-05 12:37:29 +01:00
Deborah Servili
050a94a2c0
jq fix 2018-11-05 11:01:57 +01:00
Deborah Servili
ae24b71f45
update version 2018-11-05 10:45:54 +01:00
Deborah Servili
5fd4cfa4ee
update Red Alert 2 Android Banking Trojan 2018-11-05 09:50:10 +01:00
Deborah Servili
7813a29460
Merge pull request #294 from Delta-Sierra/master
add ransomwares
2018-10-31 16:05:18 +01:00
Deborah Servili
ad07b70a03
add ransomwares 2018-10-31 14:52:40 +01:00
2465235817
Merge pull request #293 from Delta-Sierra/master
add Operation EvilTraffic
2018-10-30 21:02:59 +01:00
Deborah Servili
e6b1eec329
add Chalubo botnet (+ jqallthethings) 2018-10-30 14:39:13 +01:00
Deborah Servili
41942d0daf
add Operation EvilTraffic 2018-10-30 13:28:46 +01:00
Deborah Servili
74ff4b957a
add Operation EvilTraffic 2018-10-30 13:28:27 +01:00
Nils Kuhnert
bc0bf1ca9f
Corrected DarkHotel threat actor entry 2018-10-29 09:03:30 +01:00
Deborah Servili
6e8abc0712
fix duplicate ref 2018-10-23 15:37:51 +02:00
Deborah Servili
af6020077e
add August Stealer 2018-10-23 15:25:37 +02:00
Deborah Servili
4a54044de6
add NukeSped reference 2018-10-22 14:50:57 +02:00
Deborah Servili
32d90a27e1
add GhostMiner 2018-10-22 14:46:44 +02:00
Deborah Servili
bd68ee280e Merge branch 'master' of https://github.com/MISP/misp-galaxy 2018-10-22 11:09:37 +02:00
Deborah Servili
504570a298
add tools from https://github.com/misterch0c/shadowbroker 2018-10-22 11:06:25 +02:00
Deborah Servili
4564c5eb37
add DarkPulsar and affiliates + update some refs 2018-10-22 10:14:30 +02:00
Christophe Vandeplas
4232f0b737 chg: further categorization of galaxies 2018-10-19 14:15:20 +02:00
Christophe Vandeplas
9dddc4427c jq 2018-10-19 10:23:09 +02:00
Christophe Vandeplas
6a9a9b7e1b Merge remote-tracking branch 'MISP/master' 2018-10-19 10:18:45 +02:00
Christophe Vandeplas
ddccac58c8 chg: categorization of galaxies
This allows relationships to be created.
2018-10-19 10:18:14 +02:00
0ecf34f06e
fix: [malpedia] version 2018-10-18 11:23:48 +02:00
83c6e6bef1
fix: [malpedia] broken reference has been fixed 2018-10-18 11:17:19 +02:00
3771c21218
Merge pull request #287 from cvandeplas/master
fixes an important bug in the gen_relations
2018-10-18 11:15:17 +02:00
66ded6d935
Some minor fixes 2018-10-17 20:59:08 +02:00
Christophe Vandeplas
ccebd86eed fix: add missing relations from commit 78c1f07359 2018-10-17 19:18:16 +02:00
Christophe Vandeplas
2b24efb14a fix: add missing relations from commit b857be9cab 2018-10-17 19:15:57 +02:00
Christophe Vandeplas
76b1429f10 fix: add missing relations from commit a81bbe288f 2018-10-17 19:13:35 +02:00
Christophe Vandeplas
84af053761 fix: add missing relations from commit 29beb01dc3 2018-10-17 19:07:01 +02:00
Christophe Vandeplas
873bc873b4 Merge remote-tracking branch 'MISP/master' 2018-10-17 18:28:44 +02:00
Christophe Vandeplas
1e90cac717 fix: intrusion is an actor and not a tool 2018-10-17 18:17:33 +02:00
9129724343
Merge pull request #286 from Delta-Sierra/master
Several clusters, refs, others.
2018-10-17 17:32:45 +02:00
Deborah Servili
c8cbb609a2
add GreyEnergy 2018-10-17 16:05:51 +02:00
Christophe Vandeplas
ca6c1caa8f fix: jq all the things 2018-10-17 08:26:45 +02:00
Christophe Vandeplas
2bb4df134b chg: removal of older unused relationships 2018-10-17 08:20:12 +02:00
Christophe Vandeplas
c51ba2e868 chg: MITRE relationships included in the respective cluster. 2018-10-17 08:08:58 +02:00
Deborah Servili
2ea560f9a7
add refs & synonyms 2018-10-15 12:02:21 +02:00
Deborah Servili
c134035a6d
add several refs 2018-10-15 11:33:37 +02:00
Deborah Servili
8d0c87c830
add several refs 2018-10-15 11:28:01 +02:00
Deborah Servili
11a27df82d
add roaming mantis group 2018-10-12 15:50:52 +02:00
Deborah Servili
b3109f6aea Merge branch 'master' of https://github.com/MISP/misp-galaxy 2018-10-12 13:55:01 +02:00
Christophe Vandeplas
f26a4f2806 fix: minor newline difference after jq_all_the 2018-10-12 12:31:29 +02:00
Christophe Vandeplas
f14d616e22 chg: magical mapping with malpedia 2018-10-12 11:00:00 +02:00
Christophe Vandeplas
65eb66a739 fix: automatically fix missing uuids 2018-10-12 10:55:24 +02:00
Christophe Vandeplas
2fbd8ce485 jq sort keys
Allows automation to edit the files
2018-10-12 10:35:31 +02:00
4ff2a45cbb
chg: [malpedia] duplicate urls removed 2018-10-10 22:18:32 +02:00
2d2749ccea
jq all the things 2018-10-10 22:12:59 +02:00
Steffen Enders
125f676d17
Updated malpedia.json to the current state
Fetched the new malpedia galaxy cluster from https://malpedia.caad.fkie.fraunhofer.de/api/get/misp - this includes an additional ~120 new families.
2018-10-10 17:31:27 +02:00
Deborah Servili
4c367737ac
add magecart ref 2018-10-10 14:52:16 +02:00
Deborah Servili
ec6b04cf6a
add SAVEfiles ransomware 2018-10-10 14:05:24 +02:00
Deborah Servili
ed5aa150a7
update version 2018-10-09 11:35:17 +02:00
Deborah Servili
510a37084c
update matrix ransomware 2018-10-08 16:26:58 +02:00
Deborah Servili
5fb9db8282
add Triout Android Malware 2018-10-05 16:21:01 +02:00
Deborah Servili
655b1619e4 Merge branch 'master' of https://github.com/MISP/misp-galaxy 2018-10-05 16:06:25 +02:00
Deborah Servili
58a86e4e26
fix failed copy-paste 2018-10-05 15:53:03 +02:00
8149960aa3
Merge pull request #276 from Delta-Sierra/master
add CoalaBot + Kraken Cryptor Ransmware + refs
2018-10-05 15:52:04 +02:00
Davide Arcuri
253fbed356 Added Malpedia Galaxy
based on malpedia git repo

Co-Authored-By: garanews <garanews@users.noreply.github.com>
2018-10-05 14:30:31 +02:00
Deborah Servili
80bf2f5556
jq 2018-10-05 12:04:13 +02:00
Deborah Servili
06c4869125
add CoalaBot + Kraken Cryptor Ransmware + refs 2018-10-05 11:09:54 +02:00
Deborah Servili
9225666b92
add CoalaBot + Kraken Cryptor Ransmware + refs 2018-10-05 11:09:45 +02:00
ecba2dbdbf
Merge pull request #274 from Delta-Sierra/master
Refs updates
2018-10-04 17:24:57 +02:00
Deborah Servili
7cf37a57f1
add Persirai botnet 2018-10-04 14:17:16 +02:00
Deborah Servili
50fecccf39
update Torii botnet 2018-10-04 13:44:32 +02:00
Deborah Servili
138a4e6f9e
add ref for Torii botnet 2018-10-04 13:41:27 +02:00
Deborah Servili
b45b4ce0b1
add refs 2018-10-04 12:01:26 +02:00
276992f180
Merge pull request #273 from Delta-Sierra/master
update synonyms & attributions
2018-10-04 11:17:19 +02:00
Deborah Servili
2893d715d6
Add ZEBROCY tool 2018-10-04 10:52:40 +02:00
Deborah Servili
5bcf34a953
update regarding https://twitter.com/adulau/status/1047764090410737664 2018-10-04 10:28:22 +02:00
Deborah Servili
c78416eee1
update synonyms & attributions 2018-10-04 10:09:34 +02:00
Deborah Servili
123099cd6d
Merge pull request #272 from Delta-Sierra/master
New clusters based on CIG Circular 66 – FASTCash ATM Cash Out Campaign
2018-10-03 16:38:33 +02:00
Deborah Servili
4d68b1c205
add NukeSped 2018-10-03 16:28:50 +02:00
Deborah Servili
3dfe8a5a34 add FASTCash 2018-10-03 15:09:14 +02:00
63b777fc9e
Merge pull request #271 from Delta-Sierra/master
Several updates
2018-10-01 21:51:11 +02:00
Deborah Servili
403f162451
add ref for magecart 2018-10-01 11:54:07 +02:00
Deborah Servili
35582f7ed5
new threat actors & tools 2018-10-01 11:52:40 +02:00
2402c7d98f
chg: [tool] NOKKI added
ref: https://researchcenter.paloaltonetworks.com/2018/09/unit42-new-konni-malware-attacking-eurasia-southeast-asia/
2018-09-29 09:01:47 +02:00
Deborah Servili
3649e03ad5 Merge branch 'master' of https://github.com/MISP/misp-galaxy 2018-09-28 16:28:16 +02:00
Deborah Servili
f828c8f79e
add synonym 2018-09-28 16:18:54 +02:00
Deborah Servili
a27534cfa1
add refs 2018-09-28 15:40:00 +02:00
49fe210812
Merge pull request #270 from Delta-Sierra/master
new clusters, relations and information
2018-09-28 12:57:13 +02:00
Deborah Servili
97581d7185
jq 2018-09-28 11:20:38 +02:00
Deborah Servili
fbf21487cf
new clusters and informtion 2018-09-28 11:08:21 +02:00
46eddf1874
chg: [botnet] Torii added 2018-09-27 15:43:49 +02:00
Deborah Servili
78c1f07359
new ransomware and relations 2018-09-27 15:42:20 +02:00
Nex
014aa325b7 Added missing country values 2018-09-26 23:05:46 +02:00
Deborah Servili
29beb01dc3
add relationships on Mirai 2018-09-24 16:06:36 +02:00
Deborah Servili
f7e10cb38d
add references 2018-09-24 14:58:21 +02:00
Deborah Servili
77897be97e
add BusyGasper android spyware 2018-09-24 12:12:41 +02:00
Deborah Servili
2bc8e1e719
add Cobalt Dickensthreat actor 2018-09-24 11:51:09 +02:00
Deborah Servili
69c5fc30e5
add remcos ref 2018-09-24 11:07:17 +02:00
Deborah Servili
5a1734f170
update version 2018-09-21 11:16:36 +02:00
Deborah Servili
3c7e367cbf
fix field mistake 2018-09-21 11:14:19 +02:00
Deborah Servili
1cee9d71e0
update Lazarus group cluster 2018-09-20 15:38:32 +02:00
Deborah Servili
6d43d52731
new unnamedthreat actor 2018-09-20 13:24:11 +02:00
Deborah Servili
d0864a6531
new threat actors 2018-09-20 12:10:20 +02:00
Deborah Servili
0a724bee3d
merge 2018-09-19 16:01:46 +02:00
Deborah Servili
3f22dbd17d
add notpetya and update jadeRAT 2018-09-19 15:06:43 +02:00
Deborah Servili
058f778e61
add references 2018-09-19 09:04:04 +02:00
79146b9d10
fix: array in synonyms (MISP accepts it but not the schema ;-) 2018-09-19 07:35:35 +02:00
6105522453
chg: [threat-actor] Iron Group added
ref: https://www.intezer.com/iron-cybercrime-group-under-the-scope-2/
2018-09-19 07:08:16 +02:00
4ae0ccd192
chg: [tool] Xbash added
ref: https://researchcenter.paloaltonetworks.com/2018/09/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows/
2018-09-19 07:03:56 +02:00
8238bd5eb1
Merge pull request #263 from botherder/bahamut
Added Bahamut to threat actors list
2018-09-19 06:46:26 +02:00
Deborah Servili
fd960bfc1b
Add magentocore malware 2018-09-18 23:10:33 +02:00
Nex
f0383758fc Added Bahamut to threat actors list 2018-09-18 11:27:32 +02:00
fe60e58f5b
Merge pull request #262 from botherder/mythic-leopard
Added additional name to C-Major
2018-09-18 11:25:58 +02:00
Nex
1e502a494e Added additional name to C-Major 2018-09-18 11:18:42 +02:00
Nex
ee7f609397 Removed duplicates 2018-09-18 11:16:00 +02:00
88c9d8d9f6
Merge pull request #259 from botherder/country-sync
Synced country codes with suspected state sponsor
2018-09-17 18:18:00 +02:00
Nex
be0dd94c90 Synced country codes with suspected state sponsor 2018-09-17 16:26:14 +02:00
Nex
c2ea505459 Merged Transparent Tribe in C-Major 2018-09-17 16:11:18 +02:00
Deborah Servili
ff9409e164
add blacknurse logo 2018-09-13 12:42:01 +02:00
Deborah Servili
1dcf2e50a7
add blacknurse 2018-09-13 12:33:19 +02:00
Deborah Servili
17d3959445
add Crypt0saur ransomware 2018-09-13 11:34:57 +02:00
Deborah Servili
0843fdfb23
adding and updating clusters 2018-09-13 09:03:41 +02:00
Deborah Servili
039fc91bd6
add description for sigma ransomware 2018-09-12 14:27:09 +02:00
Deborah Servili
a73424139f
fix versions 2018-09-12 14:26:44 +02:00
Deborah Servili
f107563cad
add ref for operation Applejeus 2018-09-12 09:34:16 +02:00
Deborah Servili
cb5fa5e822
fix version 2018-09-10 14:21:14 +02:00
Deborah Servili
c92dc15937
add Operation AppleJeus 2018-09-10 14:13:09 +02:00
Deborah Servili
a81bbe288f
fix some relations 2018-09-10 12:27:40 +02:00
Deborah Servili
40d5cca20f
clusters 2018-09-07 16:03:40 +02:00
Deborah Servili
addda6c545
more clusters~ 2018-09-05 16:39:33 +02:00
Deborah Servili
14024efbf1
add CamuBot Banker Trojan 2018-09-05 09:19:35 +02:00
Deborah Servili
5866b660c8
jq~ 2018-09-05 08:29:08 +02:00
Deborah Servili
fb328b0ef4
add ransomwares 2018-09-05 08:20:24 +02:00
Deborah Servili
0a9e91766b Merge branch 'master' of https://github.com/MISP/misp-galaxy 2018-09-04 10:18:07 +02:00
Deborah Servili
912e91a5f5
add ransomware 2018-09-04 09:43:58 +02:00
0acc41131d
"jq all the thing (tm)" 2018-09-01 11:58:52 +02:00
e55f91b7ac
Merge branch 'master' of https://github.com/Kafeine/misp-galaxy into Kafeine-master 2018-09-01 11:56:10 +02:00
Kafeine
ac94f367b1
+ Fallout 2018-09-01 10:07:46 +02:00
Kafeine
21cf5ec957
Hunter EK > Active 2018-08-30 22:47:00 +02:00
Kafeine
85130f264d
Adding Underminer EK 2018-08-30 17:27:59 +02:00
Kafeine
afa3fb4cfd
Status from Terror, Bingo and Astrum 2018-08-30 17:08:37 +02:00
Kafeine
67e9ef2719
Adapting to modification from Misp repository 2018-08-30 17:04:08 +02:00
Deborah Servili
f14dd27315
add cfr data 2018-08-27 15:29:16 +02:00
Deborah Servili
d1940b6a69
Update microsoft-activity-group.json version 2018-08-27 08:38:22 +02:00
Deborah Servili
9efca2fd79 more clusters
Signed-off-by: Deborah Servili <deborah.servili@gmail.com>
2018-08-24 16:11:16 +02:00
Deborah Servili
c943d1c9d1
add APT28/STRONTIUM refs 2018-08-22 09:59:40 +02:00
Deborah Servili
afea4ca5e7 Merge branch 'master' of https://github.com/MISP/misp-galaxy 2018-08-22 09:03:26 +02:00
f8c5640613
chg: [tool] biscuit biscvt tool BISKVIT
ref: https://www.fortinet.com/blog/threat-research/russian-army-exhibition-decoy-leads-to-new-biskvit-malware.html
2018-08-21 10:48:47 +02:00
cd76f19f52
chg: [threat-actor] APT-C-35 actor added
ref: https://ti.360.net/blog/articles/latest-activity-of-apt-c-35/
2018-08-15 20:25:57 +02:00
Deborah Servili
3940964956
update Dharma Ransomware 2018-08-14 15:56:09 +02:00
Deborah Servili
d5f35d94dc
version update 2018-08-14 12:21:50 +02:00
Deborah Servili
f3c02ad195
merge black ruby duplicate (delete the newer) 2018-08-14 12:20:29 +02:00
Deborah Servili
31142b41ac
merge 2018-08-14 12:09:21 +02:00
Deborah Servili
a28c50203e
fix 2018-08-14 12:07:12 +02:00
Deborah Servili
2081dc1627
resolve merge confilct -I hope- 2018-08-14 12:06:42 +02:00
Deborah Servili
4e911b2c17
Merge branch 'master' into master 2018-08-14 11:43:59 +02:00
Deborah Servili
7829e0fab6
fix typo and missing uuid 2018-08-14 11:41:06 +02:00
Deborah Servili
a646a835fe
add Rosenbridge backdoor 2018-08-14 10:09:26 +02:00
Christophe Vandeplas
88162aa44e chg: [mapping] Generated automatic mapping between clusters 2018-08-14 09:35:22 +02:00
Christophe Vandeplas
5478f0aa45 no change: dump files with sort_keys=True
This is needed to keep better track of the changes when other tools load and save the json files.
2018-08-13 17:06:29 +02:00
Christophe Vandeplas
021107e597 fix: [threat-actor] added missing uuids 2018-08-13 17:00:40 +02:00
Deborah Servili
b100b0cedd
add KEYPASS ransomware 2018-08-13 15:50:09 +02:00
Deborah Servili
f1dcb05576
Merge pull request #246 from Delta-Sierra/master
add Skygofree android spyware
2018-08-13 12:28:30 +02:00
Deborah Servili
56fe9eb63c
add Skygofree android spyware 2018-08-13 12:20:16 +02:00
9059a85eed
chg: [tool] KEYMARBLE malware added
ref: https://www.us-cert.gov/ncas/analysis-reports/AR18-221A
2018-08-11 16:14:39 +02:00
Deborah Servili
27805ca768
add tools used by SamSam 2018-08-09 15:55:36 +02:00
Deborah Servili
597e7bacb9
add ransomwares 2018-08-09 13:53:04 +02:00
6620b5575a
fix: [threat-actor] related is an array of JSON objects 2018-08-09 07:53:42 +02:00
1429b60555
chg: [threat-actor] jq document 2018-08-08 16:38:39 +02:00
Deborah Servili
ebc7287e14
update schema 2018-08-08 16:12:29 +02:00
Deborah Servili
33a300b773
tags is an array 2018-08-08 15:59:44 +02:00
Deborah Servili
b857be9cab
relationship system - v2 2018-08-08 15:51:22 +02:00
Deborah Servili
050a864be0
update some clusters and try to add a relationship system 2018-08-08 14:20:38 +02:00
Deborah Servili
84adb50f0f
add RedAlpha campaigns 2018-08-07 13:55:05 +02:00
Deborah Servili
b7de06ffcc
delete forgotten conflict marker 2018-08-06 08:49:44 +02:00
Deborah Servili
010df0a2b6
resolve merge conflict 2018-08-06 08:48:21 +02:00
Deborah Servili
def23775e5
resolve merge conflict 2018-08-06 08:45:03 +02:00
Nils Kuhnert
ab49b58b02
Added DarkHydrus 2018-08-06 08:33:34 +02:00
Nils Kuhnert
4654f51889
Two small typos 2018-08-05 15:09:38 +02:00
Deborah Servili
e5b185deee
Merge branch 'master' into master 2018-08-03 16:11:16 +02:00
Deborah Servili
35aa8ba34e
delete duplicate gorgon group 2018-08-03 16:08:43 +02:00
Deborah Servili
a9a71ef84c
more clusters 2018-08-03 15:58:54 +02:00
b3701b6b34
chg: [threat-actor] The Gordon Group added
ref: https://researchcenter.paloaltonetworks.com/2018/08/unit42-gorgon-group-slithering-nation-state-cybercrime/
2018-08-03 10:26:52 +02:00
a0dfdd65ae
chg: [rat] Hallaj PRO Rat added
ref: https://securelist.com/attacks-on-industrial-enterprises-using-rms-and-teamviewer/87104/
misp-event: 5b63f5e4-bf24-4f46-8340-48fc02de0b81
2018-08-03 08:34:55 +02:00
3da005a3f3
fix: jq all the things(tm) 2018-08-02 15:15:47 +02:00
1fdf47d509
fix: [threat-actor] synonyms are always arraus 2018-08-02 15:13:18 +02:00
ece56dff38
chg: [threat-actor] leafminer - RASPITE added 2018-08-02 15:08:39 +02:00
c232b3dd5a
chg: [tool] added based on Carbanak tooling description from Crowdstrike
ref: https://www.crowdstrike.com/blog/arrests-put-new-focus-on-carbon-spider-adversary-group/
2018-08-02 10:30:47 +02:00
43fa95df7a
chg: [threat-actor] new reference to CARBON SPIDER/Carbanak 2018-08-02 10:03:18 +02:00
4cf84858e3
chg: [tool] Bisonal malware added (new variant with encryption capabilities) 2018-07-31 15:26:11 +02:00
Deborah Servili
e7d2541929 add Kronos Banking Trojan 2018-07-25 09:46:46 +02:00
Deborah Servili
381f7e4a19 Add CFR.org metadata into the galaxy - part 2 2018-07-25 09:08:16 +02:00
Deborah Servili
28456545be Merge https://github.com/MISP/misp-galaxy 2018-07-16 09:16:13 +02:00
98db303047
chg: [threat-actor] The Big Bang campaign/group added 2018-07-10 08:49:00 +02:00
43a2c7f0ef
chg: [botnet] Xor DDoS added 2018-07-09 14:25:19 +02:00
raw-data
77cfaa8221 [add] new backdoor galaxy and cluster 2018-07-06 20:09:52 +01:00
Raphaël Vinot
e5939e3248 Merge branch 'master' of github.com:MISP/misp-galaxy 2018-07-06 15:25:09 +02:00
Raphaël Vinot
6f7a7921ae new: Add entries from Bambenek Consulting 2018-07-06 15:25:05 +02:00
raw-data
fa8d0e35f6 [add] x1 new entry in stealer.json - AZORult 2018-07-06 11:00:11 +01:00
Deborah Servili
cae0f7e1ad merging attempt 2018-06-29 16:39:34 +02:00
Deborah Servili
8c51ef98b3 add cfr related informations -still in progress- 2018-06-29 16:36:58 +02:00
Deborah Servili
fb6b01cc95
Merge branch 'master' into master 2018-06-27 09:39:28 +02:00
Deborah Servili
b1aac6b35b cfr update -in progress + add clusters associated to RANCOR 2018-06-27 09:37:43 +02:00
1bd0fb34d7
Merge pull request #233 from Delta-Sierra/master
Add CFR.org metadata into the galaxy - Test
2018-06-26 14:26:18 +02:00
Deborah Servili
6f9e639981 add cfr prefix for cfr data - test 2018-06-26 10:07:14 +02:00
Deborah Servili
1cd6bddf0c Add CFR.org metadata into the galaxy - Test 2018-06-26 09:40:13 +02:00
Deborah Servili
3838efb0bb some updates 2018-06-26 09:26:32 +02:00
raw-data
f649af8ba5 [ADD] x1 new entry in tool.json - Koadic 2018-06-25 15:59:30 +01:00
raw-data
b3dffeb8d4 [ADD] x2 new rat - Sisfader, SocketPlayer 2018-06-25 15:46:42 +01:00
raw-data
0920d13c05 [ADD] banker.json version bump 2018-06-25 15:41:32 +01:00
raw-data
b382425d9c [ADD] x2 new banker - Backswap, Karius 2018-06-25 15:14:56 +01:00
Nils Kuhnert
ed26cfb042
Updated APT1 report link 2018-06-22 13:49:05 +02:00
Deborah Servili
8ebde0540a
Update cert-eu-govsector.json 2018-06-22 12:50:32 +02:00
Deborah Servili
e088194ea9
fix typo in type 2018-06-22 12:45:39 +02:00
8e014674af
Fixed typo 2018-06-20 09:45:16 +02:00
Deborah Servili
dcda058944 update verion 2018-06-20 09:36:36 +02:00
Deborah Servili
e18fdf42da add Thrip as threat actor 2018-06-20 09:30:15 +02:00
Deborah Servili
dcd159f8ed add olympic destroyer 2018-06-19 15:26:40 +02:00
Deborah Servili
92cbd29091 add severals ransomware 2018-06-19 13:04:32 +02:00
Deborah Servili
cee83f677e more clusters 2018-06-18 14:30:51 +02:00
Deborah Servili
d8c83cf2d6 add cluster in threat actor 2018-06-18 10:54:58 +02:00
Deborah Servili
ab577afacd add ClipboardWalletHijacker 2018-06-18 09:47:03 +02:00
Deborah Servili
333db20791 add MysteryBot in android galaxy 2018-06-18 08:41:52 +02:00
Deborah Servili
397b37dcc8 add some ransomwares 2018-06-15 15:14:42 +02:00
e6bae7165c
Merge pull request #224 from Delta-Sierra/master
add some clusters
2018-06-13 12:43:35 +02:00
Deborah Servili
4ac23483b9 add some tools 2018-06-13 11:54:50 +02:00
Deborah Servili
cef7d02622 update version 2018-06-13 11:06:31 +02:00
Deborah Servili
c17a2aa7cc add some clusters 2018-06-13 10:39:11 +02:00
Christophe Vandeplas
db81051154 minor layout corrections - validate_all 2018-06-12 11:03:09 +02:00
Christophe Vandeplas
d0d54b2751 merge pull request 222 2018-06-12 10:58:08 +02:00
Deborah Servili
508bb081c8 add BabaYaga Malware 2018-06-08 15:54:30 +02:00
Deborah Servili
2b447585b6 add PLEAD 2018-06-08 10:18:41 +02:00
Kafeine
25d21204fb
fix 2018-06-07 10:34:55 +01:00
Kafeine
52f0858ef5
+ Glazunov 2018-06-07 10:31:58 +01:00
Deborah Servili
a96a8a4a13 add sigrun ransomware's ransomnotes 2018-06-07 09:33:08 +02:00
Kafeine
178d5219c7
guuid & + VenomKit 2018-06-06 18:00:25 +01:00
Deborah Servili
e561e3e4f0 add Sigrun ransomwaremeta data 2018-06-06 16:29:24 +02:00
Deborah Servili
e2a25e165d add Sigrun ransomware 2018-06-06 16:12:31 +02:00
Deborah Servili
07f91bcca4 add another cryptomix variant 2018-06-06 15:44:32 +02:00
Deborah Servili
3e91466aea add Brambul worm 2018-06-06 15:07:30 +02:00
Deborah Servili
3e10d0957c add Joanap RAT 2018-06-06 14:34:42 +02:00
308774755c
add: Iron Backdoor 2018-06-03 18:39:37 +02:00
raw-data
388a2b25b3 [ADD] x2 new info/pwd stealers - Nocturnal Stealer, TeleGrab 2018-06-01 15:59:25 +01:00
raw-data
ba6892408b [ADD] NavRAT 2018-06-01 15:09:22 +01:00
raw-data
42bb2175e2 [ADD] DanaBot 2018-06-01 15:08:55 +01:00
6d5b8de216
Merge branch 'master' of github.com:MISP/misp-galaxy 2018-05-29 21:47:59 +02:00
c08c6af936
chg: Stalker Panda description added 2018-05-29 21:47:04 +02:00
raw-data
8726e0542d [ADD] VPNFilter in tool.json cluster 2018-05-26 23:49:59 +01:00
raw-data
b0396e5ea2 [ADD] Pontoeb, WICKED and Brain Food into botnet.json cluster 2018-05-24 16:39:24 +01:00
Raphaël Vinot
ca964d9d35 Merge branch 'master' of github.com:MISP/misp-galaxy 2018-05-19 17:58:23 -04:00
Raphaël Vinot
96f3bf1cb8 fix: Duplicate ELECTRUM entry
Fix #212
2018-05-19 17:57:51 -04:00
Deborah Servili
22cb1618a5
Merge pull request #214 from Delta-Sierra/master
update mitre galaxies - add external id and killchain
2018-05-19 13:21:18 +02:00
Deborah Servili
6c8edd3f61 jq 2018-05-19 13:09:50 +02:00
Deborah Servili
d82a76c08f fix scripts for nobile and pre attack attack pattern 2018-05-19 13:09:30 +02:00
Deborah Servili
f6d7291e7a jq 2018-05-19 12:57:20 +02:00
Deborah Servili
730353f63d update mitre galaxies - add external id and killchain 2018-05-19 12:56:20 +02:00
3a7c4e3c57
Merge pull request #211 from eCrimeLabs/master
Added links in relation to Threat-actor info from Dragos
2018-05-15 16:17:56 +02:00
9b888f238a
Merge pull request #209 from raw-data/master
[ADD] RadRAT, ARS VBS Loader and FlawedAmmyy into rat.json cluster
2018-05-15 16:17:18 +02:00
Dennis Rand
1ab4e4f4cf Added data related to Dragos Adverseries 2018-05-15 12:06:48 +00:00
Deborah Servili
3d5c697761 add Stalinlocker 2018-05-15 12:27:20 +02:00
Deborah Servili
5b22aa7225 add Mettle botnet 2018-05-14 12:00:22 +02:00
raw-data
0ba6233309 [ADD] RadRAT, ARS VBS Loader and FlawedAmmyy into rat.json cluster 2018-05-11 01:15:35 +01:00
Deborah Servili
5e0bd260d6 update some clusters 2018-05-09 16:12:02 +02:00
Deborah Servili
2b16c86687 add maikspy 2018-05-09 09:52:22 +02:00
Deborah Servili
d3f7f7b591 jq~ 2018-05-09 09:34:08 +02:00
Deborah Servili
360a4d4556 add reference for HNS botnet 2018-05-09 09:29:23 +02:00
Deborah Servili
0d745f6c93 add HNS bot net & HPE iLO 4 Ransomware/Wiper 2018-05-09 09:22:29 +02:00
Deborah Servili
394950379b add Kitty malware 2018-05-07 15:27:29 +02:00
Deborah Servili
1c783a1453 update version -oops- 2018-05-07 08:52:15 +02:00
Deborah Servili
9cf976b2c5 update - GandCrab v3 2018-05-07 08:46:31 +02:00
Deborah Servili
d6e4c166c5 add an unnamed ransomware 2018-05-04 15:59:37 +02:00
Deborah Servili
ba631f1b43 add spymaster pro as rat 2018-05-04 15:12:56 +02:00
Deborah Servili
58e3e5f5d6 add ZooPark campaign 2018-05-04 10:16:01 +02:00
6b1d7d2201
add: threat actors from Dragos Inc. (based on https://dragos.com/adversaries.html) 2018-05-03 21:22:09 +02:00
Deborah Servili
979c784640 jq 2018-05-03 16:08:27 +02:00
Deborah Servili
83581c62b0 add Rubella Macro Builder 2018-05-03 15:38:06 +02:00
Deborah Servili
434716df86 add GravityRAT 2018-05-03 14:35:20 +02:00