Delta-Sierra
d273a5da7d
add TeamTNT ref
2021-02-25 09:52:24 +01:00
Rony
5c6f3a036b
removing DePrimon
...
DePrimon is not a TA, added malfamily (waiting for approval) to Malpedia to better reflect that.
2021-02-24 21:55:04 +05:30
Thomas Dupuy
eeafff9768
Add RDAT backdoor
2021-02-23 11:15:31 -05:00
Delta-Sierra
eb07fab69f
add Ragnar Locker and update accordingly
2021-02-23 16:21:07 +01:00
Delta-Sierra
06ae10965b
add Covidloc and tycoon ransomware + small updates on some ransomwares
2021-02-22 16:39:47 +01:00
Delta-Sierra
7c1ac58141
add TeamTNT
2021-02-22 16:38:18 +01:00
Thijsvanede
e9eb0c7a6c
Fix: rename "Innitial Access" to "Initial Access"
...
Renamed mitre-ics-tactics "Innitial Access" to "Initial Access".
Original was a minor spelling mistake.
The fixed naming corresponds to the original ATT&CK framework description https://collaborate.mitre.org/attackics/index.php/Initial_Access
2021-02-19 12:01:47 +01:00
Thomas Dupuy
178e16dc13
Remove empty values.
2021-02-16 10:32:37 -05:00
Thomas Dupuy
4a7560d191
Add Exaramel and P.A.S. webshell tool.
2021-02-15 12:52:53 -05:00
Thomas Dupuy
93396c524d
Add Caterpillar WebShell.
2021-02-12 12:00:17 -05:00
Delta-Sierra
96bf0d44ea
Merge https://github.com/MISP/misp-galaxy
2021-02-09 14:52:58 +01:00
Daniel Plohmann
d61e7d2fac
adding ClearSky alias for Volatile Cedar
...
adding ClearSky report as source and alias to the VolatileCedar entry. As proof from the report: "We attributed the operation to Lebanese Cedar (also known as Volatile Cedar), mainly based on the code overlaps between the 2015 variants of Explosive RAT and Caterpillar WebShell, to the 2020 variants of these malicious files."
2021-01-29 10:39:18 +01:00
Koen Van Impe
87b22f363c
Move cfr-type-of-incident to meta
2021-01-28 12:25:39 +01:00
Koen Van Impe
23778666ba
RSIT Galaxy/Cluster
2021-01-28 10:03:12 +01:00
StefanKelm
fb35646406
Update threat-actor.json
...
Lazarus
2021-01-26 14:38:37 +01:00
Thomas Dupuy
f964514ec5
Add HyperBro in tools
2021-01-20 13:44:28 -05:00
Thomas Dupuy
9df95031a7
Update ZxShell tool.
2021-01-20 13:27:51 -05:00
StefanKelm
a131a7ce98
Update threat-actor.json
...
Lazarus
2021-01-20 17:43:18 +01:00
3c19c7c1e5
Merge pull request #617 from danielplohmann/patch-4
...
merge COVELLITE into Lazarus Group
2021-01-17 16:05:13 +01:00
Daniel Plohmann
ca66fcd93a
merge COVELLITE into Lazarus Group
...
I would propose to move COVELLITE as tracked by Dragos as an alias into Lazarus Group and merge the references.
Dragos' own description states that it refers to the same group as "Lazarus" and "Hidden Cobra" in that infrastructure and tools are the same: https://www.dragos.com/threat-activity-groups/ - the entry in MISP's threat actor library also reflects that.
2021-01-17 15:07:26 +01:00
Rony
91e87cf82c
Update threat-actor.json
...
Don't know how StarCraft
2021-01-17 12:21:34 +05:30
Daniel Plohmann
edcc3c0bc1
merging ScarCruft->APT37
...
I would like to propose merging entry "ScarCruft" into "APT37". It really just seems like a redundancy, as both its aliases "Operation Daybreak" and "Operation Erebus" are already present for "APT37", along alias "StarCruft", which just seems to be a less popular variation of the name ("StarCruft" 3.2k google hits vs "ScarCruft" 31.5k google hits). The references of the entry can be fully merged as well - they do not overlap so far.
2021-01-15 18:52:49 +01:00
Delta-Sierra
a6f7795952
fix merge
2021-01-12 10:38:33 +01:00
2b356a9eb0
chg: [threat-actor] UNC2452/DarkHalo added - ref. #614
2021-01-12 07:01:36 +01:00
184d57f0a2
chg: [ransomware] Babuk Ransomware added
2021-01-05 19:11:28 +01:00
4454b58743
chg: [ransomware] RegretLocker added
2020-12-30 14:14:09 +01:00
Rony
3240aa819f
Update threat-actor.json
2020-12-14 11:54:41 +05:30
Rony
2ffb77b35b
BISMUTH
2020-12-14 10:41:15 +05:30
Delta-Sierra
31f96513b2
update sidewinder threat actor
2020-12-11 16:09:33 +01:00
ac86ebd5f6
Merge pull request #609 from StefanKelm/master
...
Update threat-actor.json
2020-12-09 22:16:49 +01:00
Delta-Sierra
ebd31b7376
add BazarBackdoor
2020-12-09 16:42:32 +01:00
Delta-Sierra
d3a9cf742a
add RansomEXX
2020-12-09 16:32:02 +01:00
Delta-Sierra
3daaa30aed
Merge https://github.com/MISP/misp-galaxy
2020-12-07 16:20:36 +01:00
StefanKelm
5dc92995f6
Update threat-actor.json
...
DeathStalker, Mabna
2020-12-04 11:43:06 +01:00
StefanKelm
4fee985b5e
Update threat-actor.json
...
Turla
2020-12-03 13:05:14 +01:00
StefanKelm
72e085aba9
Update threat-actor.json
...
OceanLotus
2020-12-02 11:44:29 +01:00
StefanKelm
15b5f4c881
Update threat-actor.json
...
APT27
2020-11-30 11:49:23 +01:00
Delta-Sierra
e81d3c63d5
Merge https://github.com/MISP/misp-galaxy
2020-11-27 12:47:20 +01:00
Christophe Vandeplas
9a731470d3
chg: [att&ck] update to latest MITRE ATT&CK version
2020-11-25 07:45:48 +01:00
StefanKelm
da910c0c2e
Update threat-actor.json
2020-11-18 19:15:11 +01:00
Delta-Sierra
7af75bb222
add Darkside ransomware
2020-11-18 16:10:49 +01:00
StefanKelm
48ffaa8ce1
Update threat-actor.json
...
Lazarus
2020-11-18 12:10:23 +01:00
snurilov
44e9da1390
Add ConfuserEx and Beds Protector .NET packers to tools.json cluster
...
Add ConfuserEx and Beds Protector .NET packers to tools.json cluster
2020-11-11 23:09:03 -05:00
snurilov
3f4683d8a3
Update rat.json to include Iperius Remote
...
Add Iperius Remote to the rat.json cluster.
2020-11-09 23:45:16 -05:00
StefanKelm
bf5bdeacb0
Update threat-actor.json
...
OceanLotus
2020-11-09 14:39:55 +01:00
StefanKelm
41a7a36317
Update threat-actor.json
...
Kimsuky
2020-11-02 17:30:25 +01:00
Rony
333e55fbeb
remove duplicate!
2020-11-02 14:18:49 +05:30
Rony
000cfa68a8
Update threat-actor.json
...
Added TRACER KITTEN, FIN11, UNC1878, Operation Skeleton Key
2020-11-02 13:51:08 +05:30
Deborah Servili
28784683db
Merge branch 'main' into master
2020-10-30 16:17:27 +01:00
Delta-Sierra
88bbf8851c
jq
2020-10-30 16:14:02 +01:00
Delta-Sierra
be672b8d3a
update microsoft activity groups
2020-10-30 14:53:20 +01:00
5d31753e6a
chg: [cryptominer] updated
2020-10-30 09:48:08 +01:00
24f05749f0
Merge branch 'master' of https://github.com/enhanced/misp-galaxy into enhanced-master
2020-10-30 09:47:45 +01:00
JJ Cummings
c48a38c2f1
Added a new cryptominer galaxy and additional missing recent families to various clusters
2020-10-29 14:40:22 -06:00
StefanKelm
808c2c3828
Update threat-actor.json
...
Kimsuky
2020-10-28 12:52:06 +01:00
b41e3d4f50
chg: [rename] tea matrix
2020-10-23 15:57:13 +02:00
e5ea22a3b0
chg: [tea] matrix updated to include brewing time and the milk attack technique
2020-10-23 11:51:50 +02:00
0ccbdb862b
chg: [tea] first version
2020-10-23 11:16:50 +02:00
Christophe Vandeplas
2334676e64
chg: [att&ck] no tag for subtechnique
2020-10-18 20:14:05 +02:00
Christophe Vandeplas
d58dd1fca2
new: [att&ck] support for subtechniques
2020-10-18 20:00:48 +02:00
Daniel Plohmann
02bcf1f5a7
adding PowerPool alias IAmTheKing (Kaspersky)
...
after a quick search I haven't found a nice source except for costin's tweet.
2020-10-09 13:49:16 +02:00
StefanKelm
7bab41e367
Update threat-actor.json
...
TA505
2020-10-06 15:29:54 +02:00
StefanKelm
1d05f17507
Update threat-actor.json
...
XDSpy
2020-10-06 12:45:43 +02:00
Christophe Vandeplas
32b142c8e0
fixes issues in attack-ics
2020-10-02 16:54:21 +02:00
Christophe Vandeplas
f95e88b1f9
MITRE ATT&CK for ICS fixes #586
...
fixed issues in pull request #586
2020-10-01 20:42:40 +02:00
StefanKelm
18eebc01f6
Lazarus
2020-09-29 12:02:16 +02:00
Bart
2b51f7b6de
Update threat-actor.json
...
Add Machete alias
2020-09-27 18:37:24 +02:00
StefanKelm
e95fbb571d
Update threat-actor.json
...
GADOLINIUM
2020-09-25 11:52:34 +02:00
StefanKelm
3ad3d5f318
Update threat-actor.json
...
APT28
2020-09-22 18:07:33 +02:00
Deborah Servili
d48216031a
add Sepulcher RAT
2020-09-22 16:23:39 +02:00
Deborah Servili
4f3b6945c0
Merge https://github.com/MISP/misp-galaxy
2020-09-22 12:17:42 +02:00
Rony
d1c70b3d80
FBI FLASH AC-000133-TT
2020-09-17 11:05:00 +05:30
Rony
4d4a462d7a
Update threat-actor.json
...
Adding Fox-Kitten and cleaned (or improved) winnti
2020-09-17 00:07:40 +05:30
Deborah Servili
0fe525a9db
Merge https://github.com/MISP/misp-galaxy
2020-09-16 10:22:38 +02:00
Deborah Servili
00b5d0d116
add refs
2020-09-16 10:08:31 +02:00
Daniel Plohmann (jupiter)
7b00674c77
Adding TA413 and Evilnum
2020-09-15 14:19:22 +02:00
StefanKelm
63030f2cfe
Update threat-actor.json
...
APT33
2020-09-14 12:01:53 +02:00
StefanKelm
3cc3cc461a
Update threat-actor.json
...
STRONTIUM
2020-09-11 11:38:06 +02:00
Raphaël Vinot
405d5f1fe9
fix: Sort keys, fix tests
2020-09-08 10:51:24 +02:00
9e519962c6
chg: [botnet] Katura mess added
2020-09-07 12:41:39 +02:00
StefanKelm
57a31fd60c
Update threat-actor.json
...
Lazarus, FIN7
2020-09-03 14:44:10 +02:00
StefanKelm
503d421a56
Update threat-actor.json
...
TA542
2020-08-31 15:07:13 +02:00
VVX7
4635146b00
chg: [dev] jq
2020-08-22 13:06:42 -04:00
VVX7
1cddf4b7cd
new: [dev] fix empty strings, lists
2020-08-22 12:59:05 -04:00
VVX7
b4c3ffc8eb
new: [dev] add ASPI's China Defence University Tracker.
...
Thanks to Cormac Doherty for writing the web scraper! To update the galaxy run the included gen_defence_university.py script.
"The China Defence Universities Tracker is a database of Chinese institutions engaged in military or security-related science and technology research. It was created by ASPI’s International Cyber Policy Centre.
It includes entries on nearly 100 civilian universities, 50 People’s Liberation Army institutions, China’s nuclear weapons program, three Ministry of State Security institutions, four Ministry of Public Security universities, and 12 state-owned defence industry conglomerates.
The Tracker is a tool to inform universities, governments and scholars as they engage with the entities from the People’s Republic of China. It aims to build understanding of the expansion of military-civil fusion—the Chinese government’s policy of integrating military and civilian efforts—into the education sector.
The Tracker should be used to inform due diligence of Chinese institutions. However, the fact that an institution is not included here does not indicate that it should not raise risks or is not involved in defence research. Similarly, entries in the database may not reflect the full range and nature of an institution’s defence and security links." - ASPI (https://unitracker.aspi.org.au/about/ )
2020-08-21 11:24:22 -04:00
rmkml
e02ac52566
add Conti Ransomware
2020-08-15 22:10:49 +02:00
Thomas Dupuy
4009ef9997
Fix: remove comma
2020-08-14 13:01:37 -04:00
Thomas Dupuy
d0c6b7b46d
Update Tonto Team/CactusPete threat actor
2020-08-13 15:57:33 -04:00
Thomas Dupuy
72554ed71c
Add Drovorub tool
2020-08-13 15:08:32 -04:00
Thomas Dupuy
4130d7c6fc
Update TA APT40
2020-08-13 12:22:36 -04:00
Daniel Plohmann
8407b6fd28
Update threat-actor.json
...
adding Kaspersky's name for Microcin.
2020-08-12 12:03:28 +02:00
Thomas Dupuy
9cadabba7a
Add WellMess and WellMail
2020-08-11 12:37:28 -04:00
rmkml
6d10e3a37d
add Ragnarok Ransomware
2020-08-02 20:46:32 +02:00
Vasileios Mavroeidis
40d12b9dde
Motive correction based on the EU Cert motive taxonomy
...
Changed the motive in object 29af2812-f7fb-4edb-8cc4-86d0d9e3644b from Hactivism-Nationalist to Hacktivists-Nationalists
2020-07-28 11:43:46 +02:00
44afaf2523
chg: [threat-actor] remove duplicate references
2020-07-27 09:57:41 +02:00
StefanKelm
86c54cbd8c
Update threat-actor.json
...
OilRig
2020-07-23 11:07:22 +02:00
Raphaël Vinot
c174f613c5
fix: Name of SoD Matrix cluster to match galaxy.
...
Fix #566
2020-07-22 11:52:27 +02:00
Steve Clement
df6bed3d3a
Merge pull request #563 from r0ny123/patch-1
2020-07-22 09:14:13 +09:00
StefanKelm
17a1feb016
Update threat-actor.json
...
Turla
2020-07-15 11:20:18 +02:00
Rony
c33f4c7611
Update threat-actor.json
...
Moved the JUDGMENT PANDA references to APT31 following the previous commit.
Off note, Crowdstrike quietly removed the JUDGMENT PANDA section from its GTR-2019 report. However if anyone wants to grab the unchanged report, they can get it [here](https://b-ok.asia/book/3697424/2ab30a ).
2020-07-12 12:57:24 +05:30