misp-galaxy

mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-23 15:27:18 +00:00

Author	SHA1	Message	Date
jstnk9	faef21e15d	Added information related to Wizard Spider	2023-10-13 12:02:20 +02:00
jstnk9	613e9feb12	added suspected victims to Gelsemium	2023-10-13 10:53:36 +02:00
Alexandre Dulaunoy	f9d6386c35	Merge pull request #872 from Delta-Sierra/main add AtlasCross	2023-10-11 14:51:06 +02:00
Alexandre Dulaunoy	eed0dc7747	chg: [sigma] updated to the latest version	2023-10-10 22:30:50 +02:00
Delta-Sierra	1bb336fdbe	add AtlasCross	2023-10-10 09:17:25 +02:00
Delta-Sierra	fd6bccae8b	Merge https://github.com/MISP/misp-galaxy	2023-10-09 09:18:51 +02:00
Delta-Sierra	73d7c038b2	adding targeted sectors	2023-10-09 09:18:43 +02:00
Daniel Plohmann	1b33cad11d	adding aliases to ProphetSpider	2023-10-04 16:39:01 +01:00
Alexandre Dulaunoy	8760ea0c52	Merge branch 'main' of github.com:MISP/misp-galaxy into main	2023-10-04 10:49:56 +02:00
Alexandre Dulaunoy	89a193d315	fix: [threat-actor] version updated + jq all the things	2023-10-04 10:48:44 +02:00
Paul Stark	ce7d54c96a	chg [misp-galaxy] update Nigeria from name to 2-digit code	2023-10-03 11:56:45 -04:00
jstnk9	89ab7728b0	updated TA505 countries and industries affected updated TA505 countries and industries affected	2023-10-03 12:44:44 +02:00
Mathieu Beligon	e6266e8e59	fixes	2023-10-02 19:25:10 +02:00
Mathieu Beligon	081b2e619b	fixes	2023-10-02 19:18:00 +02:00
Mathieu Beligon	b2599deaae	fixes	2023-10-02 19:17:47 +02:00
Mathieu Beligon	0fba8d3f27	[threat-actors] bump version	2023-10-02 15:19:20 +02:00
Mathieu Beligon	b8f8fce4b6	[threa-actors] Add Scattered Spider	2023-10-02 15:17:40 +02:00
Mathieu Beligon	e393780af8	[threa-actors] Add Scattered Canary	2023-10-02 15:11:10 +02:00
Alexandre Dulaunoy	67543e2437	chg: [galaxy] duplicate UUIDs removed	2023-09-26 11:17:44 +02:00
Alexandre Dulaunoy	b79b75dba4	chg: [malpedia] duplicate refs removed	2023-09-26 10:58:46 +02:00
Alexandre Dulaunoy	5d01afb537	chg: [malpedia] jq all the things	2023-09-26 10:48:49 +02:00
fl0x2208	a9a051ffaa	malpedia 2023 September update malpedia 2023 September update	2023-09-26 12:27:10 +10:00
Alexandre Dulaunoy	5437fac633	chg: [sigma] updated	2023-09-24 12:05:54 +02:00
Alexandre Dulaunoy	5d78834520	Merge pull request #866 from Mathieu4141/actors/add-storm-0324 [threat-actors] Add Storm-0324	2023-09-16 11:02:33 +02:00
Mathieu Beligon	e2fd005821	[threat-actors] Add Storm-0324	2023-09-15 16:29:45 +02:00
Delta-Sierra	ac4d003c3e	fix caps	2023-09-15 16:00:38 +02:00
Delta-Sierra	5efe483858	adding targeted sectors	2023-09-15 15:49:43 +02:00
Delta-Sierra	2aa0fb22ba	finish fixing Botswana infos into Brazil cluster	2023-09-15 10:32:26 +02:00
Delta-Sierra	3e834ed49c	Merge https://github.com/MISP/misp-galaxy	2023-09-15 10:27:29 +02:00
Delta-Sierra	db23d6eb4c	adding targeted sectors	2023-09-15 10:21:44 +02:00
Delta-Sierra	214ac5d329	fix caps	2023-09-15 10:07:19 +02:00
Fabio Nitto	8c195aee06	Update target-information.json Fixing information about Brazil.	2023-09-12 11:51:50 -03:00
Delta-Sierra	df0e103727	Add targeted sectors	2023-09-08 11:08:08 +02:00
Delta-Sierra	dc498bd199	more targeted-sectors meta	2023-08-28 15:06:57 +02:00
Delta-Sierra	23b9105aee	add Non-profit organisation sector	2023-08-25 15:20:17 +02:00
Delta-Sierra	639686be75	Merge https://github.com/MISP/misp-galaxy	2023-08-24 09:13:58 +02:00
Delta-Sierra	090b501c4c	add targeted sectors meta	2023-08-24 09:03:57 +02:00
Daniel Plohmann	d978998a5d	RecordedFuture: RedHotel == EarthLusca	2023-08-23 14:02:15 +02:00
Alexandre Dulaunoy	34b86e4abc	Merge pull request #859 from jloehel/darkgate chg [tool] Add DarkGate	2023-08-23 13:52:53 +02:00
Alexandre Dulaunoy	12b935a31b	chg: [sigma] updated	2023-08-23 13:51:45 +02:00
Jürgen Löhel	37954a84f1	chg [tool] Add DarkGate Source: https://malpedia.caad.fkie.fraunhofer.de/details/win.darkgate Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>	2023-08-23 11:53:25 +02:00
Daniel Plohmann (Saturn)	e207218534	version bump	2023-08-15 12:34:06 +02:00
Daniel Plohmann (Saturn)	4127ce9694	replaced various broken links with reachable equivalents	2023-08-15 12:32:51 +02:00
Daniel Plohmann	b083ae12bc	jq fix	2023-08-10 15:57:58 +02:00
Daniel Plohmann	c1d3164ef6	adding MoustachedBouncer	2023-08-10 15:49:11 +02:00
Daniel Plohmann	e228ffc432	alias Callisto -> BlueCharlie not sure, if you also want to have the Microsoft names in here (I think they are tracked separately?), otherwise, that would be Star Blizzard according to the article.	2023-08-03 09:53:10 +02:00
Alexandre Dulaunoy	dc29d5875e	chg: [sigma] updated	2023-08-02 23:58:22 +02:00
Alexandre Dulaunoy	f5729ac23a	chg: [sigma] updated to the latest version	2023-07-31 10:22:23 +02:00
Rony	bce41d8cdb	Merge branch 'MISP:main' into Sea-Turtle	2023-07-28 16:38:03 +05:30
Rony	9b9ce4777a	chg: [threat-actor] added references, origin country, aliases to `Sea Turtle`	2023-07-28 11:04:11 +00:00
Alexandre Dulaunoy	1568583acf	chg: [sigma] updated to the latest version	2023-07-28 11:30:15 +02:00
Thomas Dupuy	2dcd1d3544	upd: Add Worok TA and update APT-Q-12 to APT-C-60 as it was the first name mention in an article.	2023-07-18 19:53:54 +00:00
Alexandre Dulaunoy	caceb504fe	chg: [sigma] updated to the latest rules	2023-07-15 11:29:17 +02:00
Delta-Sierra	c51d177abd	add SmugX & RedDelta	2023-07-10 15:46:01 +02:00
Alexandre Dulaunoy	7028860c0a	chg: [sigma] updated	2023-06-19 15:00:23 +02:00
Delta-Sierra	baf5bfe5cc	add Parties/Observers to the Budapest Convention	2023-06-19 14:14:47 +02:00
Delta-Sierra	20d3b3780a	merge	2023-06-19 08:35:48 +02:00
Alexandre Dulaunoy	734d57edf5	chg: [sigma] updated	2023-05-31 09:43:33 +02:00
iglocska	14301a9c4c	chg: [threat actors] added Volt Typhoon	2023-05-25 07:29:48 +02:00
Delta-Sierra	e87b7bbf73	complete VENOM SPIDER threat actor	2023-05-23 11:43:20 +02:00
Delta-Sierra	18ee466ae4	add Hagga threat actor	2023-05-22 15:44:18 +02:00
Delta-Sierra	9c9561bce8	fix metasploit desc in value (ty cvandeplas)	2023-05-15 10:23:05 +02:00
Delta-Sierra	d202ed9f3f	Merge https://github.com/MISP/misp-galaxy	2023-05-15 09:54:25 +02:00
Delta-Sierra	a3fffacab3	add APT43 + tools	2023-05-15 08:41:17 +02:00
Christophe Vandeplas	02c50184bf	chg: [attck4fraud] Full merge of E.A.S.T. data + updated script	2023-05-13 09:50:14 +02:00
Christophe Vandeplas	1d9f59eb2d	chg: [attck4fraud] more manual updates with E.A.S.T. data	2023-05-13 08:43:21 +02:00
marjatech	21266365da	update malpedia	2023-05-11 14:34:41 +02:00
Alexandre Dulaunoy	810cbe5b49	chg: [sigma] updated to the latest version	2023-05-11 10:27:48 +02:00
Alexandre Dulaunoy	a27fda701b	Merge pull request #849 from danielplohmann/patch-34 adding APT43 (Mandiant) for Kimsuky.	2023-05-09 18:29:34 +02:00
Daniel Plohmann	094d56057c	adding APT43 (Mandiant) for Kimsuky.	2023-05-09 14:35:41 +02:00
Thomas Dupuy	bbbd006215	chg: [mitre] bump to v13.	2023-05-08 14:04:50 +00:00
Christophe Vandeplas	3c808921c3	chg: [attck4fraud] initial updates with E.A.S.T. data https://www.association-secure-transactions.eu/industry-information/fraud-definitions/	2023-05-07 21:13:52 +02:00
Alexandre Dulaunoy	c86c2a83ab	chg: [sigma] rules updated	2023-04-30 10:30:54 +02:00
Alexandre Dulaunoy	3dff8e65cb	Merge pull request #847 from Delta-Sierra/main add VEILEDSIGNAL and more	2023-04-27 17:21:35 +02:00
Delta-Sierra	1649c3dfca	Merge https://github.com/MISP/misp-galaxy	2023-04-27 10:04:30 +02:00
Delta-Sierra	bd050668ef	add VEILEDSIGNALand more	2023-04-27 09:53:49 +02:00
Sebastien Larinier	ddc285581d	Update threat-actor.json	2023-04-26 21:52:57 +02:00
Sebastien Larinier	d60cca9302	Update threat-actor.json fix mistake	2023-04-26 21:46:33 +02:00
Sebastien Larinier	142d4aeaef	Update threat-actor.json	2023-04-26 14:26:48 +02:00
Alexandre Dulaunoy	095c44e2ac	chg: [attck4fraud] add ATM cash trapping in the matrix	2023-04-26 07:48:29 +02:00
Jürgen Löhel	15297c7b5f	chg [threat-actors] Add RedGolf Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>	2023-04-24 16:59:18 -06:00
Christophe Vandeplas	79b80b0869	chg: [rels] more threat actor relations	2023-04-23 17:54:58 +02:00
Christophe Vandeplas	3c6c204f01	chg: [rels] more threat actor relations	2023-04-23 17:45:58 +02:00
Christophe Vandeplas	138c7c7ba8	chg: [rels] more relations on cluster "value"	2023-04-23 17:36:02 +02:00
Christophe Vandeplas	bf7c5f1dd9	chg: [rels] threat-actor & MS activity group - on synonym	2023-04-23 11:56:41 +02:00
Christophe Vandeplas	a5e7e0c95f	chg: [rels] threat-actor & MS activity group - on value	2023-04-23 11:55:57 +02:00
Christophe Vandeplas	f070943ee9	chg: [atrm] updated to latest version	2023-04-23 07:45:16 +02:00
Alexandre Dulaunoy	adc7a70cf9	chg: [microsoft-activity-group] country code added	2023-04-21 07:39:37 +02:00
Alexandre Dulaunoy	8688c41796	chg: [microsoft activity group] remove duplicate	2023-04-20 17:25:32 +02:00
Alexandre Dulaunoy	592361826a	fix: [microsoft activity group] duplicate in Microsoft source	2023-04-20 17:20:57 +02:00
Alexandre Dulaunoy	309f4f2ea5	chg: [microsoft-activity-group] updated following contribution from @botlabsDev script	2023-04-20 17:04:05 +02:00
Alexandre Dulaunoy	2cc6bdfbc1	chg: [sigma] rules updated	2023-04-20 12:17:46 +02:00
Sebastien Larinier	862badf2c9	Update threat-actor.json	2023-04-19 17:41:44 +02:00
Sebastien Larinier	1c751b1ea8	Update threat-actor.json	2023-04-19 17:34:50 +02:00
Sebastien Larinier	165ce70a28	Merge branch 'MISP:main' into main	2023-04-19 16:48:02 +02:00
Sebastien Larinier	87ef0a400e	Update threat-actor.json	2023-04-19 15:42:14 +02:00
Sebastien Larinier	a77dc82c0a	Update threat-actor.json new apt30 group	2023-04-19 15:35:36 +02:00
Delta-Sierra	063ac9fc71	jq?	2023-04-19 15:10:25 +02:00
Delta-Sierra	ecb7e79a6e	Merge https://github.com/MISP/misp-galaxy	2023-04-19 15:06:51 +02:00
Tobias Mainka	8d2b9537f1	replace "sector" tag with "country" for matching data. this allows to be confirm with existing clusters.	2023-04-19 12:38:37 +02:00
Sebastien Larinier	926035633f	Merge branch 'MISP:main' into main	2023-04-19 11:55:57 +02:00
Alexandre Dulaunoy	ccc8f0f801	chg: [microsoft-activity-group] updated to map the new funky Microsoft "taxonomy" Script to generate the cluster is the following, UUIDv5 based on standard misp-stix source UUIDv4. ~~~python lcluster = [] for v in data: cluster = {} cluster['value'] = v['threat_actor'] cluster['meta'] = {} cluster['meta']['sector'] = v['sector'] cluster['meta']['synonyms'] = v['synonyms'] cluster['meta']['refs'] = [] cluster['meta']['refs'].append('https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide') _uuid = uuid.uuid5(uuid.UUID("76beed5f-7251-457e-8c2a-b45f7b589d3d"), "{}".format(cluster['value'])) cluster['uuid'] = str(_uuid) lcluster.append(cluster) ~~~ Relationships might be added in a later stage to map with the MISP threat actor galaxy.	2023-04-19 10:47:11 +02:00
Daniel Plohmann	41afab1c06	adding Trend Micro alias Earth Smilodon for APT27	2023-04-18 20:11:57 +02:00
Delta-Sierra	6b8994271e	add relationships for HALFRIG & QUATTERRIG	2023-04-18 12:20:20 +02:00
Daniel Plohmann	02e23a9a47	adding Google alias HOODOO for APT41	2023-04-17 22:32:50 +02:00
Delta-Sierra	4a4fa6d16f	fix versions	2023-04-17 11:32:51 +02:00
Delta-Sierra	6d5df91efa	add relationship SNOWYAMBER & Notion	2023-04-17 11:31:48 +02:00
Delta-Sierra	233a066a03	Merge https://github.com/MISP/misp-galaxy	2023-04-17 11:16:23 +02:00
Delta-Sierra	d4225c5469	add some SNOWYAMBER relationships	2023-04-17 11:16:21 +02:00
Alexandre Dulaunoy	91af071bae	new: [online-service] online service added	2023-04-17 10:59:18 +02:00
Alexandre Dulaunoy	5f9760923f	Merge pull request #838 from Delta-Sierra/main Adding SNOWYAMBER, HALFRIG, QUARTERRIG tools & PowerMagic backdoor	2023-04-14 16:03:57 +02:00
Delta-Sierra	8e9880d932	Add SNOWYAMBER, HALFRIG, QUARTERRIG tools	2023-04-14 15:59:42 +02:00
Delta-Sierra	c5590ff79a	add PowerMagic backdoor	2023-04-13 14:11:36 +02:00
Daniel Plohmann	a966b3ff88	adding Trend Micro alias Earth Preta for Mustang Panda	2023-04-12 16:59:36 +02:00
Alexandre Dulaunoy	2763cdd72b	chg:[sigma] Sigma rules updated	2023-04-12 11:44:43 +02:00
Delta-Sierra	8c831d70c8	jq	2023-04-11 15:06:59 +02:00
Delta-Sierra	d30e7357fe	merge	2023-04-11 13:57:30 +02:00
Delta-Sierra	eb9254713a	Add more ransomwares from ransomlook	2023-04-11 13:56:29 +02:00
Alexandre Dulaunoy	3cc7e03af6	new: [stealer] add Sordeal Stealer	2023-04-11 09:54:02 +02:00
Alexandre Dulaunoy	cbf12d9289	Merge pull request #833 from jloehel/HinataBot chg[botnet]: Add HinataBot	2023-04-04 10:17:07 +02:00
Jürgen Löhel	647fc025d7	chg[botnet]: Add HinataBot Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>	2023-04-03 11:19:08 -06:00
Alexandre Dulaunoy	15a03e877e	chg: [sigma] updated	2023-03-29 10:33:57 +02:00
Sebdraven	8713618777	Update threat-actor.json add new ref for sidecopy	2023-03-23 09:13:23 +01:00
Sebdraven	f5d68aa08d	Update threat-actor.json delete ref to APT30 for Naikon	2023-03-23 08:49:17 +01:00
Sebdraven	d5843d46e2	Update threat-actor.json add ref to Aoqin Dragon	2023-03-21 18:40:10 +01:00
Alexandre Dulaunoy	122a0bd39b	fix: [ransomware] fix duplicate Value "Cuba"	2023-03-19 11:03:12 +01:00
Alexandre Dulaunoy	f2305dc165	Merge pull request #829 from Delta-Sierra/main update based on ransomlook+1	2023-03-16 19:18:54 +01:00
Delta-Sierra	12f69a6082	update based on ransomlook	2023-03-16 15:24:44 +01:00
Mathieu Beligon	d82ff1ecfb	[threat-actors] Add Anonymous Sudan	2023-03-15 17:38:03 -05:00
Daniel Plohmann	c39b46e9d5	Update threat-actor.json when value "Sofacy" was changed to "APT28", it seems Sofacy was not added to aliases, so it's missing right now.	2023-03-15 14:55:25 +01:00
Delta-Sierra	74390b27c5	Merge https://github.com/MISP/misp-galaxy	2023-03-13 09:59:04 +01:00
Delta-Sierra	c4eca7dfe1	more from ransomlook	2023-03-13 09:59:00 +01:00
Jürgen Löhel	9f9a263394	chg [tool]: Add tools used by TA866 during the Screentime campaign Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>	2023-03-08 21:46:11 -06:00
Jürgen Löhel	031a4c8030	chg [stealer]: Add Rhadamanthys Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>	2023-03-08 21:45:39 -06:00
Jürgen Löhel	437d4a30e5	chg [tds]: Add 404 TDS Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>	2023-03-08 21:45:13 -06:00
Jürgen Löhel	2d30785af5	chg [threat-actors] Add TA866 Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>	2023-03-08 21:44:16 -06:00
Alexandre Dulaunoy	57f3e46273	chg: [sigma] updated	2023-03-07 12:14:48 +01:00
Alexandre Dulaunoy	e7b97edaa4	chg: [ransomware] fixing duplicate cluster element Avaddon	2023-03-07 12:06:56 +01:00
Alexandre Dulaunoy	6db5b0b0cb	Merge pull request #824 from Delta-Sierra/main update based on ransomlook	2023-03-06 16:23:48 +01:00
Delta-Sierra	bed6bf8dd6	fix stupid duplicate-bis	2023-03-06 16:10:23 +01:00
Delta-Sierra	d561350f7b	fix stupid duplicate	2023-03-06 16:04:28 +01:00
Delta-Sierra	96cb1e22ba	update based on ransomlook	2023-03-06 15:55:46 +01:00
Mathieu Beligon	395ffda94f	[threat-actors] bump version	2023-03-02 10:29:52 -08:00
Mathieu Beligon	e1407c3c3f	[threat-actors] Add SLIPPY SPIDER alias to LAPSUS	2023-03-02 10:29:29 -08:00
Mathieu Beligon	4bbee8c1e7	[threat-actors] Add PROPHET SPIDER	2023-03-02 10:19:24 -08:00
Mathieu Beligon	61cb24a3fc	[threat-actors] Add Nemesis Kitten	2023-03-01 16:37:42 -08:00
Mathieu Beligon	84faa3c92b	[threat-actors] Add Karakurt	2023-03-01 16:34:03 -08:00
Mathieu Beligon	7d371b4c80	[threat-actors] Add CYBORG SPIDER alias to GOCLD BURLAP	2023-03-01 15:45:41 -08:00
Mathieu Beligon	fa57354471	[threat-actors] Add Chamelgang	2023-03-01 15:40:23 -08:00
Mathieu Beligon	bff978e4d1	[threat-actors] Add TA453	2023-03-01 15:24:55 -08:00
Mathieu Beligon	3406ad3aa9	[threat-actors] Add APT42	2023-03-01 15:18:53 -08:00
Mathieu Beligon	2567d6f1f8	[threat-actors] Add TA406	2023-03-01 15:01:22 -08:00
Rony	50624af741	add DEV-0147 https://twitter.com/MsftSecIntel/status/1625181255754039318	2023-02-25 20:18:09 +00:00
Rony	cf727f034c	add other actor synonyms from Google's report https://services.google.com/fh/files/blogs/google_fog_of_war_research_report.pdf	2023-02-26 01:05:50 +05:30
Delta-Sierra	27f4c9fcdc	synonyms must be an array	2023-02-23 14:26:20 +01:00
Delta-Sierra	0ca7675a5f	Merge https://github.com/MISP/misp-galaxy	2023-02-23 14:16:00 +01:00
Delta-Sierra	55725c771e	add/update ransomware based on ransomlook	2023-02-23 14:15:09 +01:00
Tom King	e52eefa0e7	chg: [mitre] updated with correct ID parsing	2023-02-21 10:36:37 +00:00
Christophe Vandeplas	9f73ff73ac	fix: [first-dns] corrected typo	2023-02-21 10:54:30 +08:00
Christophe Vandeplas	e2f2026fea	chg: [first-dns] Adds FIRST DNS Abuse Techniques Matrix	2023-02-21 10:26:46 +08:00
Christophe Vandeplas	a6a9a73ae5	chg: [360net] updated to latest online version	2023-02-20 20:03:36 +08:00
Alexandre Dulaunoy	6460fde2e4	chg: [threat-actor] version updated	2023-02-16 14:43:45 +01:00
Daniel Plohmann	91255413d8	adding Google names for RU threat actors https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/	2023-02-16 14:30:05 +01:00
Alexandre Dulaunoy	73bd7d0983	Merge pull request #818 from Mathieu4141/threat-actors/proofpoint-aliases [threat actors] Adding some actors from ProofPoint	2023-02-14 06:40:22 +01:00
Mathieu Beligon	9f09699047	[threat-actors] Fix: country was in the wrong place	2023-02-13 16:47:38 -08:00
Mathieu Beligon	ac067a236e	[threat-actors] fix: Add missing uuids	2023-02-13 16:36:41 -08:00
Mathieu Beligon	a792115dd8	fix	2023-02-13 16:26:10 -08:00
Mathieu Beligon	8193b05e14	[threat-actors] bump version	2023-02-13 14:18:58 -08:00
Mathieu Beligon	d34e894d2d	[threat-actors] Add TA2536	2023-02-13 13:45:41 -08:00
Mathieu Beligon	20c31a5d10	[threat-actors] Add TA577	2023-02-13 13:32:24 -08:00
Mathieu Beligon	e836a4a63c	[threat-actors] Add TA575	2023-02-13 12:02:32 -08:00
Mathieu Beligon	c52ac53765	[threat-actors] Add TA570	2023-02-13 11:54:47 -08:00
Mathieu Beligon	5f274f58c9	[threat-actors] Add Moskalvzapoe	2023-02-13 11:44:59 -08:00
Daniel Plohmann	62256854bc	adding Broadcom name for SaintBear.	2023-02-13 14:05:35 +01:00
Mathieu Beligon	33ff650327	[threat-actors] Add more information about NoName057(16)	2023-02-10 14:14:52 -08:00
Alexandre Dulaunoy	9645b9348b	chg: [tools] TgToxic added	2023-02-09 16:24:45 +01:00
o1mate	239883e2a9	Merging the handguns and shotguns clusters into a single firearm cluster.	2023-02-06 03:28:49 -05:00
Alexandre Dulaunoy	385826063b	chg: [sigma] updated to the latest version	2023-02-05 11:26:16 +01:00
Daniel Plohmann	9710e09e17	new APT29 name used by Recorded Future cf. https://go.recordedfuture.com/hubfs/reports/cta-2023-0127.pdf	2023-02-02 11:46:50 +01:00
Alexandre Dulaunoy	3d6ec1b187	chg: [sigma] updated to the latest version	2023-02-02 11:25:19 +01:00
Jürgen Löhel	cf492d9931	chg: [stealer] Adds Album Stealer Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>	2023-02-01 17:30:56 -06:00
Alexandre Dulaunoy	033895b052	Merge pull request #812 from jloehel/boldmove chg: [backdoor] Adds BOLDMOVE	2023-01-31 06:24:59 +01:00
Jürgen Löhel	c7c2b8441a	chg: [stealer] Removes BluStealer The BluStealer is already in the malpedia cluster. Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>	2023-01-30 18:35:28 -06:00
Jürgen Löhel	ca635cc3fc	chg: [stealer] Adds DarkCloud and BluStealer Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>	2023-01-30 18:29:25 -06:00
Jürgen Löhel	33513241bd	chg: [backdoor] Adds BOLDMOVE Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>	2023-01-30 16:39:11 -06:00
Alexandre Dulaunoy	150e3152cc	Merge pull request #809 from MISP/dev Updated the `region` cluster	2023-01-27 15:08:16 +01:00
Alexandre Dulaunoy	b7543c5012	Merge pull request #789 from Mathieu4141/threat-actors/fix-sectorj04 [threat-actors] Remove SectorJ04 duplicate	2023-01-27 15:05:37 +01:00
Mathieu Beligon	a452263ace	[threat-actors] pr.review: Add SectorJ04 as alias of TA505	2023-01-27 13:32:58 +01:00
o1mate	0b661d4f80	Added two new galaxies : An ammunition galaxy containing a list of known sold ammunitions ordered by brands, and a firearm galaxy containing two clusters (handguns, shotguns) scrapped from a famous vendor and ordered by model name (Format : Model name - SKU).	2023-01-26 08:34:38 -05:00
Delta-Sierra	89bb349184	Merge https://github.com/MISP/misp-galaxy	2023-01-26 11:46:14 +01:00
Delta-Sierra	0bb1f48ad6	fix missing brackets	2023-01-25 14:47:22 +01:00
Christian Studer	e87d39e3f4	fix: [region] JQed all the things !!	2023-01-25 09:24:52 +01:00
Delta-Sierra	50ca40e408	add Anubis & Godfather android banking trojans	2023-01-25 09:05:19 +01:00
Christian Studer	51610df907	chg: [region] Updated the `region` Galaxy Cluster - Added missing entry (Antarctica) - Ordered the `subregions` meta field	2023-01-24 22:53:54 +01:00
ofenomeno	cb8d700e62	adding uavs	2023-01-24 19:55:46 +01:00
Alexandre Dulaunoy	2f0dfc7656	chg: [sigma] updated	2023-01-23 10:10:46 +01:00
Alexandre Dulaunoy	4a342354f9	chg: [sigma] updated	2023-01-20 13:58:11 +01:00
Christian Studer	5c21588d7c	add: [country] Manually added the missing relations to some `country` cluster values - The previous commit (`071ecb8`) that added the mahority of relations between countries and regions were automatically added based on the country names specified in the `region` cluster. The relations added here are the remaining countries that are not litterally defined the same way they are in the `region` cluster	2023-01-16 22:22:42 +01:00
Christian Studer	325f51479b	chg: [country] Clarified the US cluster value	2023-01-16 22:20:30 +01:00
Christian Studer	071ecb8a52	add: [country] Added references between `country` cluster values and the related region they're located in, from the `region` galaxy cluster	2023-01-16 21:35:22 +01:00
Alexandre Dulaunoy	323f9f47a1	chg: [sigma] version must be an integer	2023-01-12 16:45:21 +01:00
Alexandre Dulaunoy	fd226d47a2	chg: [sigma] new version of the cluster	2023-01-12 14:10:22 +01:00
Alexandre Dulaunoy	c0fdfb0e99	chg: [sigma] updated with latest version + new relationship script	2023-01-12 13:46:31 +01:00
Alexandre Dulaunoy	e54366fb87	chg: [threat-actor] added the missing synonyms	2023-01-10 15:55:30 +01:00
Alexandre Dulaunoy	187701bacb	chg: [sigma] regenerated from the test script (also updated the script to ensure UUID consistency for the galaxy)	2023-01-06 15:36:33 +01:00
Alexandre Dulaunoy	9955401791	chg: [sigma] jq all the things	2023-01-06 15:13:35 +01:00
Alexandre Dulaunoy	8539361df5	Merge branch 'main' of https://github.com/jstnk9/misp-galaxy into jstnk9-main	2023-01-06 15:11:27 +01:00
jstnk9	5bcec1d72f	Merge branch 'MISP:main' into main	2023-01-03 11:10:49 +01:00
Jürgen Löhel	d4debd619b	chg: [ransomware] Extends the entry for JCrypt * Add the reference to MafiaWare666 based on the latest research from the Avast Threat Lab: https://decoded.avast.io/threatresearch/decrypted-mafiaware666-ransomware/ * Add more infos from Andrew Ivanovs the great blog post: https://id-ransomware.blogspot.com/2020/12/jcrypt-ransomware.html Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>	2022-12-23 01:44:20 -06:00
Delta-Sierra	3f4edb480b	add Malteiro	2022-12-16 16:43:50 +01:00
jstnk9	cb19f6bda7	galaxy for sigma rules	2022-12-09 08:48:54 +01:00
Delta-Sierra	5931f51d7a	add TAG-53	2022-12-08 11:31:02 +01:00
Delta-Sierra	3ea2d62a83	Version Update	2022-11-28 16:27:54 +01:00
Delta-Sierra	6016b1000c	Merge https://github.com/MISP/misp-galaxy	2022-11-28 16:17:08 +01:00
Delta-Sierra	5d83563e0e	Fix Duplicate	2022-11-28 16:15:40 +01:00
Delta-Sierra	6c36295318	Update several RAT & Ransomwares	2022-11-28 16:13:38 +01:00
Alexandre Dulaunoy	de12f46ba6	chg: [mitre] updated	2022-11-28 12:48:29 +01:00
Alexandre Dulaunoy	fda4160bed	chg: [target-information] fix the duplicate	2022-11-24 15:08:16 +01:00
Alexandre Dulaunoy	f15e4ed3bc	chg: [target-information] duplicate removal	2022-11-24 15:05:47 +01:00
Alexandre Dulaunoy	1d9a73abdd	chg: [target] fix duplicate synonyms	2022-11-24 15:03:18 +01:00
Christian Studer	e3126ef857	fix: [clusters] Fixed some other few `meta` field names	2022-11-24 09:17:28 +01:00
Christian Studer	823124d422	fix; [mitre-ics-assets] Fixed some `refs` meta field names	2022-11-23 20:44:46 +01:00
Christian Studer	493a5bf94e	fix: [target-information] Fixed `synonyms` meta field name	2022-11-23 20:40:35 +01:00
Alexandre Dulaunoy	5c979ae554	fix: [tool] Houdini relationship to something which exist (ok I know it's Houdini)	2022-11-22 15:19:40 +01:00
Alexandre Dulaunoy	0b6034d9be	Merge pull request #800 from Delta-Sierra/main Add ransomwares	2022-11-22 15:11:42 +01:00
Alexandre Dulaunoy	8947d0035b	fix: [sigma rules] until new the PR and tool is done for sigma. The galaxy is removed.	2022-11-22 15:08:17 +01:00
Delta-Sierra	5f0d7f6d68	add VJw0rm description	2022-11-22 14:55:10 +01:00
Delta-Sierra	f4abf37b01	fix versions	2022-11-22 12:45:15 +01:00
Delta-Sierra	c02b74f999	merge	2022-11-22 12:43:18 +01:00
Delta-Sierra	ffc68b9b8f	add several ransomwares	2022-11-22 12:40:47 +01:00
Delta-Sierra	e316382b8a	add qakbot ref	2022-11-22 12:06:03 +01:00
Delta-Sierra	8bf6d73d66	add BazarCall campaign	2022-11-22 09:08:28 +01:00
Delta-Sierra	3c7230e38e	add Bazarbackdoor Synonyms	2022-11-22 09:00:04 +01:00
Thomas Dupuy	be7450494e	Add Evasive Panda Threat Actor	2022-11-18 16:38:11 +00:00
Alexandre Dulaunoy	4844a7021c	chg: [sigma] duplicate value changed	2022-11-18 14:36:02 +01:00
Alexandre Dulaunoy	c41b99d8b9	fix: [sigma] remove duplicate references	2022-11-18 14:21:27 +01:00
Alexandre Dulaunoy	59f5fc5f76	Merge branch 'main' of github.com:MISP/misp-galaxy into main	2022-11-18 14:18:29 +01:00
Alexandre Dulaunoy	7d4011a0a2	chg: [sigma] jq all the things	2022-11-18 14:17:52 +01:00
Terrtia	e3b6e9d229	fix: [handicap] fix galaxy icon + name + type	2022-11-17 15:16:05 +01:00
Alexandre Dulaunoy	9b8619bbbe	Merge branch 'main' of https://github.com/jstnk9/misp-galaxy into jstnk9-main	2022-11-16 11:07:50 +01:00
Jürgen Löhel	f595195cd2	chg: [botnets] Adds KmsdBot Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>	2022-11-15 18:10:39 -06:00
Jstnk9	473f1a13aa	galaxy related to sigma rtules galaxy related to sigma rtules	2022-11-15 22:56:18 +01:00
Delta-Sierra	2269f4decd	fix tool type	2022-11-15 13:56:53 +01:00
Delta-Sierra	9fc65c0e34	version fix	2022-11-15 13:37:02 +01:00
Delta-Sierra	91d535925f	version fix	2022-11-15 13:36:49 +01:00
Delta-Sierra	3837058ab1	merge	2022-11-15 12:54:03 +01:00
Delta-Sierra	d020efd276	add raspberry Robin worm & others	2022-11-15 11:57:10 +01:00
Alexandre Dulaunoy	b787bbeb23	Merge pull request #792 from nyx0/main Add RomCom TA.	2022-11-05 07:50:20 +01:00
Alexandre Dulaunoy	3b196f8361	Merge pull request #791 from Mathieu4141/threat-actors/add-phosphorus-alias-to-apt-35 [threat-actors] Add Phosphorus in APT35 aliases	2022-11-05 07:49:55 +01:00
Thomas Dupuy	9ac53e5d5e	Add RomCom TA.	2022-11-04 02:34:10 +00:00
Alexandre Dulaunoy	6c4da5dd55	Merge pull request #790 from Mathieu4141/threat-actors/fix-dust-storm [threat-actors] Remove DustStorm alias from APT10	2022-11-03 11:35:20 +01:00
Alexandre Dulaunoy	52a6fff6a2	Merge pull request #788 from Mathieu4141/threat-actors/fix-cobalt-dickens [threat-actors] Remove cobalt dickens duplicate	2022-11-03 11:27:08 +01:00
Alexandre Dulaunoy	3b4dcd6ad3	Merge pull request #787 from Mathieu4141/threat-actors/fix-subaat-duplicate [threat-actors] Remove subaat duplicate	2022-11-03 11:26:21 +01:00
Mathieu Beligon	8a9dd47f8f	[threat-actors] Add Phosphorus in APT35 aliases	2022-11-02 23:49:22 -07:00
Mathieu Beligon	21d4292faf	[threat-actors] Remove DustStorm alias from APT10	2022-11-02 23:31:31 -07:00
Mathieu Beligon	e61733591f	[threat-actors] Remove SectorJ04 duplicate	2022-11-02 20:30:40 -07:00
Mathieu Beligon	9f0869097a	[threat-actors] Remove cobalt dickens duplicate	2022-11-02 18:09:42 -07:00
Mathieu Beligon	e3e5560e37	[threat-actors] Remove subaat duplicate	2022-11-02 17:57:47 -07:00
Mathieu Beligon	5801bbcfc1	[threat-actors] Remove Skeleton Spider duplicate	2022-11-02 17:38:07 -07:00
Alexandre Dulaunoy	015650c6d7	chg: [mitre-attack] updated to version 12.0	2022-11-01 22:39:33 +01:00
Delta-Sierra	9952366667	add Prynt Stealer & variants	2022-10-14 16:03:45 +02:00
Delta-Sierra	355025eb5b	fix metadata in wrong slot	2022-10-04 13:28:42 +02:00
Delta-Sierra	e5b3062912	add Volatile Cedar synonym	2022-10-03 16:06:13 +02:00
Thomas Dupuy	4bcf80f01b	Add SharPyShell tool.	2022-10-02 22:00:54 +00:00
Alexandre Dulaunoy	409c82f40c	Merge pull request #781 from Mathieu4141/threat-actors/fix-neodymium [threat-actors] Fix G0055 (NEODYMIUM) alias	2022-09-30 06:39:31 +02:00
Alexandre Dulaunoy	588184bacd	Merge pull request #780 from Mathieu4141/threat-actors/fix-svmondr [threat-actors] Remove SVCMONDR duplicate	2022-09-30 06:38:56 +02:00
Alexandre Dulaunoy	800006e6ab	Merge pull request #778 from Mathieu4141/threat-actors/fix-malware-reuser-duplicate [threat-actors] Fix Volatile Cedar and Dancing Salome conflicts	2022-09-30 06:37:15 +02:00
Mathieu Beligon	74c6835d18	[threat-actors] Fix G0055 (NEODYMIUM) alias	2022-09-29 17:16:57 -07:00
Mathieu Beligon	a740e35687	[threat-actors] Remove SVCMONDR duplicate	2022-09-29 16:11:19 -07:00
Mathieu Beligon	5994fa4160	[threat-actors] Fix Volatile Cedar and Dancing Salome conflicts	2022-09-29 14:51:38 -07:00
Mathieu Beligon	4f47e6e2d3	[threat-actors] Equation group: separate from Lamberts and add tools	2022-09-29 11:28:54 -07:00
Thomas Dupuy	c66d6823a1	Add APT-Q-12 Threat Actor.	2022-09-29 02:30:41 +00:00
Alexandre Dulaunoy	c3b65a2d15	chg: [threat-actor] JSON fix	2022-09-27 08:18:13 +02:00
Alexandre Dulaunoy	067e449a41	Merge branch 'main' of https://github.com/nyx0/misp-galaxy into nyx0-main	2022-09-27 08:17:41 +02:00
Christophe Vandeplas	e259458d5a	chg: [mitre] bump to v11.3	2022-09-27 07:30:13 +02:00
Thomas Dupuy	bfd1812cef	Add Void Balaur.	2022-09-27 00:11:20 +00:00
Alexandre Dulaunoy	eacab6ca27	new: [malpedia] remove duplicate UUIDs objects (coming from Malpedia API)	2022-09-26 10:58:09 +02:00
Alexandre Dulaunoy	7cd322640f	Merge pull request #771 from Delta-Sierra/main fetch malpedia	2022-09-26 10:07:24 +02:00
Delta-Sierra	a611230bef	fetch malpedia	2022-09-26 09:23:07 +02:00
Mathieu Beligon	22a39f4fdc	[threat-actors] Add BITWISE SPIDER	2022-09-20 11:23:33 -07:00
Alexandre Dulaunoy	9b8b51fe53	Merge pull request #769 from Mathieu4141/threat-actors-add/no-name-057-06 [threat-actors] Add NoName057(16)	2022-09-17 07:43:42 +02:00
Alexandre Dulaunoy	2f169e4258	Merge pull request #766 from Mathieu4141/threat-actors/fix-ta505 [threat-actors] Clean TA505 aliases	2022-09-17 07:43:18 +02:00
Mathieu Beligon	580d2c6931	[threat-actors] Add NoName057(16)	2022-09-16 20:11:06 -06:00
Alexandre Dulaunoy	30cb4e7e60	Merge pull request #768 from Delta-Sierra/main New clusters	2022-09-16 06:40:43 +02:00
Delta-Sierra	8202a7f48f	Add PlugX ref	2022-09-15 15:39:47 +02:00
Delta-Sierra	0903300b75	Add Chisel	2022-09-15 13:24:49 +02:00
Delta-Sierra	021fcd2c91	add Lorenz ransomware	2022-09-15 10:29:46 +02:00
Alexandre Dulaunoy	1c8d82cfcc	new: [threat-actor] hezb added	2022-09-14 11:00:33 +02:00
Christophe Vandeplas	b011ddee5b	fix: [360net] fixes null entries in lists	2022-09-13 22:12:51 +02:00
Christophe Vandeplas	c5a5fa7cfa	chg: [360net] add 360.net APT list fixes #764	2022-09-13 21:48:16 +02:00
Mathieu Beligon	e1f5d3b5d8	[threat-actors] Keep meta from old Xenotime	2022-09-13 11:40:17 -07:00
Mathieu Beligon	4ff0bdfe8e	[threat-actors] Clean TA505 aliases	2022-09-13 11:34:02 -07:00
Delta-Sierra	e3d88f45c6	add Dark.IoT	2022-09-13 13:35:55 +02:00
Delta-Sierra	6dba3abe13	add hezb	2022-09-13 10:40:00 +02:00
Mathieu Beligon	273c7c9b97	[threat-actors] Remove Xenotime duplicate	2022-09-12 17:10:49 -07:00
Delta-Sierra	705d0d2e72	add BumbleBee backdoor	2022-09-12 10:51:43 +02:00
Delta-Sierra	0440db12e9	add DangerousSavanna campaign	2022-09-07 11:01:23 +02:00
Delta-Sierra	77db2370b1	Add Lockbit synonym	2022-09-07 11:00:41 +02:00
Delta-Sierra	775d3c183b	Add Lockbit synonym	2022-09-07 09:26:38 +02:00
Rony	aea413cebf	chg: [threat-actor] version bump	2022-09-01 10:32:01 +00:00
Rony	db913e5ab4	fix: [threat-actor] remove duplicate entries	2022-09-01 09:53:11 +00:00
Rony	6aea5ee05c	chg: [threat-actor] add Aoqin Dragon	2022-09-01 09:46:43 +00:00
Rony	fb0cf3c7e5	chg: [threat-actor] miscellaneous updates	2022-09-01 09:17:31 +00:00
Daniel Plohmann	d18f5bc8b6	mini-fix: adding https protocol to a reference in automated processing and display, this may otherwise lead to a malformed local / relative link.	2022-08-30 17:08:03 +02:00
Alexandre Dulaunoy	5175fb0364	Merge pull request #760 from Delta-Sierra/main Add GootLoader & MOUSEISLAND in tool	2022-08-29 12:02:55 +02:00
Rony	e7178a1e08	fix: [threat-actor] remove duplicate entries from APT9	2022-08-27 12:54:32 +00:00
Rony	27300c6381	chg: [threat-actor] add avast blog to APT40	2022-08-27 12:41:31 +00:00
Rony	7f526e230b	chg: [threat-actor] add Microsoft and PwC report to actors' references	2022-08-27 12:34:36 +00:00
Rony	6ad9699a38	chg: [threat-actor] add recorded future reference to RedAlpha	2022-08-27 12:10:51 +00:00
Rony	2dc138ae01	chg: [threat-actor] add Adam Kozy's testimony ro APT41 and APT26	2022-08-27 12:08:11 +00:00
Rony	0b140b7097	chg: [threat-actor] miscellaneous updates including merge of some actors and fix the error committed in `9cfcc0d9ac`	2022-08-27 11:58:03 +00:00
Alexandre Dulaunoy	8bea9f3b4b	Merge pull request #755 from Mathieu4141/threat-actors/fix-winnti [threat-actors] Fix Axiom/Winnti/Suckfly/APT41 conflicts	2022-08-27 08:25:20 +02:00
Mathieu Béligon	9cfcc0d9ac	Add aliases to APT41 Co-authored-by: Rony <rony_123@protonmail.ch>	2022-08-26 14:54:02 -07:00
Mathieu Beligon	6e00329ba6	[threat-actors] Fix aliases	2022-08-26 11:09:29 -07:00
Delta-Sierra	534dacb7fb	add GootLoader	2022-08-26 10:12:36 +02:00
Delta-Sierra	d5a9365aae	add MOUSEISLAND	2022-08-26 09:23:38 +02:00
Mathieu Beligon	9b714dcd76	[threat-actors] Merge Axiom into APT17	2022-08-25 13:49:07 -07:00
Delta-Sierra	5b3c395f10	jq	2022-08-24 14:27:33 +02:00
Delta-Sierra	cb422c2190	update Guildma	2022-08-24 14:07:01 +02:00
Yosirion95	cda80e5496	Add synonyms to sector.json	2022-08-21 11:09:50 +02:00
Alexandre Dulaunoy	9efca4c41b	fix: [threat-actor] UUID reused fixed (UUIDs cannot be reused across different cluster) Add the missing the relationship for the new UUID	2022-08-21 09:17:56 +02:00
Rony	5b42a09dc2	add PARINACOTA to threat-actor.json MSTIC names digital crime actors based on global volcanoes	2022-08-20 17:10:15 +00:00
Rony	6fd584fa88	remove APT36/ Transpert Tribe from microsoft-activity-group.json cause we don't know any MSTIC name yet.	2022-08-20 17:06:18 +00:00
Alexandre Dulaunoy	6b137ea12c	Merge pull request #749 from Mathieu4141/threat-actors/fix-naikon-cluster [threat actors] Fix threat actors related to Lotus Panda	2022-08-20 11:46:15 +02:00
Mathieu Beligon	7f82616c10	fix axiom related field	2022-08-19 12:48:40 -07:00
Mathieu Beligon	969f461709	merge into apt41	2022-08-19 12:45:47 -07:00
Christophe Vandeplas	1b69b654a8	chg: [atrm] bump to latest ATRM version	2022-08-19 21:19:23 +02:00
Mathieu Beligon	fd9201e9e0	Merge APT22 and suckfly	2022-08-19 12:16:30 -07:00
Mathieu Beligon	768c94671c	Fix hellsing ref	2022-08-19 11:34:16 -07:00
Alexandre Dulaunoy	a8b234d694	Merge pull request #753 from Mathieu4141/threat-actors/fix-bronze-president [threat-actors] Remove duplicated BRONZE PRESIDENT entity	2022-08-19 06:26:11 +02:00
Mathieu Béligon	fcd6faec78	Capitalize override panda alias Co-authored-by: Rony <rony_123@protonmail.ch>	2022-08-18 20:51:03 -07:00
Mathieu Béligon	54f3ef2831	capitalize lotus panda alias Co-authored-by: Rony <rony_123@protonmail.ch>	2022-08-18 20:50:32 -07:00
Mathieu Béligon	c9b11553eb	normalize APT30 alias Co-authored-by: Rony <rony_123@protonmail.ch>	2022-08-18 20:32:44 -07:00
Mathieu Beligon	c1abedb446	Move Lotus Panda alias to Lotus Blossom	2022-08-18 20:21:31 -07:00
Mathieu Beligon	a61ef2a88f	[threat-actors] Fix Axiom/Winnti/Suckfly/APT41 conflicts	2022-08-18 17:03:26 -07:00
Mathieu Beligon	84e69ad4be	Add DarkCommet as a tool of GoldenRAT	2022-08-18 15:47:04 -07:00
Mathieu Beligon	1acc51a7a6	[threat-actors] Add more data about APT-C-27	2022-08-18 15:44:18 -07:00
Mathieu Beligon	ec988c97d0	[threat-actors] Remove duplicated APT-C-27	2022-08-18 15:34:08 -07:00
Mathieu Beligon	d9046c8619	[threat-actors] Remove duplicated BRONZE PRESIDENT entity	2022-08-18 15:12:18 -07:00
Mathieu Beligon	a046e8094d	Merge APT30 and Naikon	2022-08-18 11:36:45 -07:00
Mathieu Beligon	5e4a4c3453	Merge branch 'main' into threat-actors/fix-naikon-cluster	2022-08-18 09:01:36 -07:00
Mathieu Beligon	264e764dfa	Remove ATK34 alias	2022-08-18 08:59:04 -07:00
Delta-Sierra	3f036db1e3	add TA558	2022-08-18 15:54:28 +02:00
Mathieu Beligon	71e3e1f3eb	Fix ATK aliases	2022-08-17 13:39:43 -07:00
Mathieu Beligon	a6242d4732	Merge branch 'main' into threat-actors/fix-naikon-cluster	2022-08-17 13:37:01 -07:00
Mathieu Beligon	0d6399aa2b	Add ATK78 alias for Thrip	2022-08-17 12:04:32 -07:00
Mathieu Beligon	53282255ce	Branch out Goblin Panda from Hellsing	2022-08-17 11:55:35 -07:00
Mathieu Beligon	3f50cf0175	Create a tool for Esile	2022-08-17 11:19:30 -07:00
Rony	f608312577	addresses https://github.com/MISP/misp-galaxy/pull/751#issuecomment-1217680586	2022-08-17 08:52:35 +00:00
Rony	ccd10b54f4	remove duplicate reference	2022-08-17 12:49:56 +05:30
Rony	0cec882cc5	merge microcin/sixlittlemonkeys to vicious panda	2022-08-17 07:06:51 +00:00
Alexandre Dulaunoy	a373909bb1	Merge pull request #748 from r0ny123/patch-2 Update threat-actor.json	2022-08-17 07:44:46 +02:00
Alexandre Dulaunoy	352998a84d	fix: [threat-actor] add missing refs for APT33 including CFR link	2022-08-17 07:40:23 +02:00
Mathieu Beligon	d05b29c1af	[threat-actors] Remove duplicate APT33	2022-08-16 17:15:30 -07:00
Mathieu Beligon	9c6f106928	[threat actor] Fix aliases related to Lotus Panda	2022-08-16 16:58:35 -07:00
Rony	5b25b574b3	add uac-0010 references from cert-ua	2022-08-16 10:19:53 +00:00
Rony	370045b01d	Merge "red october" and "cloud atlas" to inception framework"	2022-08-16 09:30:29 +00:00
Rony	62b168600f	fix duplicates	2022-08-16 12:15:30 +05:30
Rony	490bc6a05c	fix duplicate	2022-08-16 12:10:27 +05:30
Rony	bbe84c5985	updates to russian actors	2022-08-16 12:07:59 +05:30
Rony	de76aef023	Update threat-actor.json	2022-08-16 10:49:13 +05:30
Rony	f4b63d4514	updates to tianwu	2022-08-16 10:30:33 +05:30
Alexandre Dulaunoy	96d31aa8c7	chg: [threat-actor] jq all the things	2022-08-11 17:50:00 +02:00
Thomas Dupuy	ed24dcaf19	Add link for SLIME29.	2022-08-11 15:41:01 +00:00
Thomas Dupuy	912050b9b7	Update commit based on feeback.	2022-08-11 15:20:32 +00:00
Thomas Dupuy	6e0df72ef4	Add Threat Actors from BH Asia22 prez.	2022-08-10 18:53:38 +00:00
Christophe Vandeplas	1369756810	chg: [atrm] Add Azure Threat Research Matrix Galaxy and generation script	2022-08-06 21:19:31 +02:00
Daniel Plohmann	bdaadea58e	removing a leading double quote in a URL.	2022-08-02 18:17:58 +02:00
Daniel Plohmann	bc20a463c8	merging TG2003 / Elephant Beetle into FIN13 as indicated in the respective resources published by the organizations using these aliases.	2022-08-02 14:11:43 +02:00
Alexandre Dulaunoy	6427746ad8	Merge pull request #727 from Mathieu4141/threat-actors/merge-cutting-kitten-cleaver Fix Cleaver aliases	2022-07-27 23:17:42 +02:00
Alexandre Dulaunoy	63f5122ad4	Merge pull request #742 from r0ny123/patch-1 Update threat-actor.json	2022-07-27 18:56:47 +02:00
Mathieu Beligon	51aacd6b03	Reduce diff with old version	2022-07-26 23:53:22 -07:00
Mathieu Beligon	acc6ada575	r0ny123.review: Use Cutting Kitten as main value for ITSecTeam	2022-07-26 23:27:39 -07:00
Mathieu Beligon	d815bfa174	Merge remote-tracking branch 'upstream/main' into threat-actors/merge-cutting-kitten-cleaver	2022-07-26 23:22:03 -07:00
Daniel Plohmann	26f6a33695	more aliases from Unit 42	2022-07-26 11:09:33 +02:00
Rony	5a7f3a7207	fix	2022-07-25 17:17:52 +05:30
Rony	8ce0df6eb4	Update threat-actor.json Merge aquatic panda & earth lusca	2022-07-25 17:15:23 +05:30
Alexandre Dulaunoy	6b6398bf2d	fix: [threat-actor] incorrect merge fixed	2022-07-20 18:45:50 +02:00
Alexandre Dulaunoy	b4ce9a9453	Merge branch 'main' of https://github.com/r0ny123/misp-galaxy into r0ny123-main	2022-07-20 18:41:27 +02:00
Rony	add6b27466	update	2022-07-20 21:39:33 +05:30
Rony	2b54df56f9	update	2022-07-20 21:32:11 +05:30
Rony	2e045d9c8c	chg: [fix] resolve conflict	2022-07-20 21:28:15 +05:30
Daniel Plohmann	5825783a85	removed duplicate UUID for Kinsing my apologies, looks like I had not rolled a new UUID for one of the entries added...	2022-07-20 17:07:05 +02:00
Rony	932fcf1871	added Red Nue	2022-07-20 15:07:35 +05:30
Rony	082039b3b0	added CN actors from secureworks threat profile https://www.secureworks.com/research/threat-profiles?filter=item-china and fixed some AKAs	2022-07-20 14:52:58 +05:30
Daniel Plohmann	ed32c508b7	added more Unit 42 aliases / groups	2022-07-20 08:38:03 +02:00
Rony	000bfe92d9	add APT9/Red Pegasus & BRONZE EDGEWOOD/Red Hariasa	2022-07-20 10:04:58 +05:30
Rony	2e8a577b0c	add PwC naming to CN actors	2022-07-20 09:45:21 +05:30
Rony	3fabd58416	chg: [threat-actor] fixed	2022-07-19 23:36:30 +05:30
Rony	79c84d3768	add Earth Berberoka, Earth Lusca and Earth Wendigo	2022-07-19 22:42:50 +05:30
Daniel Plohmann	082d506b64	adding new Unit 42 names First PR: those are the directly mappable names. I will follow up after deconfliction and then with a few new entries.	2022-07-19 08:45:09 +02:00
Daniel Plohmann	240a757826	Update threat-actor.json adding Predatory Sparrow due to recent events.	2022-07-13 10:02:07 +02:00
Alexandre Dulaunoy	cf603e8160	Merge pull request #736 from Delta-Sierra/main add Qbot	2022-07-12 18:41:33 +02:00
Thomas Dupuy	90da0d798f	Set country to LB instead of IR based on operational activity.	2022-07-12 16:21:41 +00:00
Delta-Sierra	b1c853bf42	update version	2022-07-12 15:51:55 +02:00
Thomas Dupuy	1a8835bcae	Remove list from POLONIUM TA.	2022-07-12 13:11:11 +00:00
Thomas Dupuy	a86d866534	Add POLONIUM TA.	2022-07-12 12:14:27 +00:00
Delta-Sierra	d40017ae50	add Qbot	2022-07-12 14:03:43 +02:00
Delta-Sierra	6c6355f2ba	fix typo	2022-07-12 11:31:08 +02:00
Delta-Sierra	300d608770	jq	2022-07-12 10:54:37 +02:00
Delta-Sierra	71c93f5b24	fix caps typo	2022-07-12 10:53:14 +02:00
Delta-Sierra	4ea34fc5a4	Merge https://github.com/Delta-Sierra/misp-galaxy into main	2022-07-12 10:51:59 +02:00
Delta-Sierra	924eda26ca	Add EnemyBot +relationships	2022-07-12 10:49:11 +02:00
Deborah Servili	ca7d524d9c	Merge branch 'main' into main	2022-07-08 16:27:28 +02:00
Delta-Sierra	29aa7b3f69	add Maui ransomware	2022-07-08 14:49:12 +02:00
Delta-Sierra	56a53433f0	add HelloXD ransomware	2022-07-08 12:05:31 +02:00
Delta-Sierra	279b89f6d9	fix duplicate extension-2	2022-07-06 09:38:02 +02:00
Delta-Sierra	67d5f5c7c0	fix duplicate extension	2022-07-06 09:34:11 +02:00
Delta-Sierra	7e37fa0cdd	merge + update medusalocker	2022-07-06 09:28:46 +02:00
Delta-Sierra	c2e7ef4fab	Update Medusa Locker and others	2022-07-06 08:43:59 +02:00
marjatech	587dc8560b	add script to automate malpedia update	2022-07-04 14:24:34 +02:00
Mathieu Beligon	693eed8d78	[threat actor] Break Cleaver aliases into respective entries	2022-07-04 14:05:29 +02:00
marjatech	1212a75cc4	update malpedia	2022-07-04 11:02:02 +02:00
Mathieu Beligon	d63c990dad	[threat-actors] Separate ITSecTeam from Cleaver	2022-06-30 14:34:05 +02:00
Mathieu Beligon	b8d4ffdbde	Merge Cutting Kitten and Cleaver	2022-06-29 20:15:12 +02:00
Koen Van Impe	0c9aa68db6	Update surveillance-vendor.json	2022-06-22 13:30:55 +02:00
Koen Van Impe	22c2f7b999	Add RCS Lab S.p.A. to surveillance-vendor	2022-06-22 11:20:52 +02:00
Mathieu Beligon	d79c5bd1ab	Add ToddyCat Threat actor	2022-06-21 15:12:42 +02:00
Rony	c030fcdab6	chg: [threat-actor] added PwC naming for Indian actors https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf	2022-06-11 15:46:54 +05:30
Thanat0s	44a99d066a	Y en a un peut plus je vous le mets quand meme ?	2022-06-11 04:24:04 -04:00
Thanat0s	57befd7259	jq all the things	2022-06-10 19:12:12 -04:00
Thanat0s	51f98f4706	Attck link + typo on TA551	2022-06-10 18:40:16 -04:00
Thanat0s	f97fee7135	Typo on TA551	2022-06-10 18:38:25 -04:00
Thanat0s	297acc0f5e	Add Mitre vs Thales RosettaStone	2022-06-10 18:24:15 -04:00
Rony	e916267c7c	chg: [threat-actor] add reference to bitter & sidewinder group	2022-06-08 23:22:17 +05:30
Christophe Vandeplas	39073004c4	[mitre] bump to MITRE ATT&CK v11.2	2022-05-25 21:03:14 +02:00
Christophe Vandeplas	4a469299fd	[mitre] update sorting algo will make future ATT&CK updates less noisy in the git diff	2022-05-25 21:00:57 +02:00
Mathieu Beligon	dca70783bf	[threat-actors] validate file	2022-05-23 11:32:24 +02:00
Mathieu Beligon	c1cfc19871	[threat actors] Remove dead link for sandworm threat actor	2022-05-23 11:30:04 +02:00
Mathieu Beligon	36a1466661	[threat-actors] Add RansomHouse	2022-05-23 11:29:39 +02:00
Alexandre Dulaunoy	a838eaf9db	Merge pull request #717 from jloehel/krane chg: [cryptominers] Adds Krane	2022-05-18 08:17:16 +02:00
Jürgen Löhel	1be9a10ef9	chg: [cryptominers] Adds Krane Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>	2022-05-17 14:47:29 -05:00
Jürgen Löhel	9db5d18114	chg: [android] Adds Vulture Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>	2022-05-17 14:16:21 -05:00
Rony	2721522e82	chg: [threat-actor] add exotic lily, ta578, ta579	2022-05-14 20:52:15 +05:30
Jürgen Löhel	45da13ce5e	chg: [backdoors] Adds BPFDoor Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>	2022-05-11 19:06:19 -05:00
Alexandre Dulaunoy	fcdc6c86e6	chg: [threat-actor] add TG2003 synomym to Elephant Beetle	2022-05-09 14:24:28 +02:00
Alexandre Dulaunoy	9130365e2e	chg: [threat-actor] Elephant Beetle added Fix #708	2022-05-09 14:23:12 +02:00
Alexandre Dulaunoy	bb434b11cf	chg: [threat-actor] ModifiedElephant added Fix #709	2022-05-09 14:16:01 +02:00
Alexandre Dulaunoy	06550a7945	chg: [threat-actor] fix refs field -> it's always an array	2022-05-09 13:46:16 +02:00
Alexandre Dulaunoy	b67e3ed3f8	Merge branch 'threatactor-cosmiclynx-add' of https://github.com/adammchugh/MISP-Galaxy-Updates into adammchugh-threatactor-cosmiclynx-add	2022-05-09 13:43:44 +02:00
Rony	c0be6677c2	chg: [threat-actor] added actor Red Menshen https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf	2022-05-07 15:44:10 +05:30
Rony	11eca69ebc	chg: [threat-actor] added Curious Gorge	2022-05-07 12:40:35 +05:30
Daniel Plohmann	26c1850377	Update threat-actor.json adding Red Dev 4 as alias for GALLIUM as used by PwC.	2022-05-06 09:47:48 +02:00
Daniel Plohmann	06c293072c	Update threat-actor.json adding UNC3524 to the actor galaxy cluster.	2022-05-04 13:21:56 +02:00
3c7	0ad65fbe9f	Forgot to jq all the things	2022-04-28 09:42:25 +02:00
3c7	dfb6c0668e	Added SaintBear	2022-04-28 09:36:25 +02:00
Christophe Vandeplas	33476bec81	chg: [mitre] bump to MITRE ATT&CK v11.0	2022-04-25 18:29:57 +02:00
Alexandre Dulaunoy	664f6d80cc	chg: [threat-actor] Killnet description added	2022-04-21 15:05:50 +02:00
Alexandre Dulaunoy	1e383e2452	chg: [threat-actor] version updated	2022-04-21 14:53:14 +02:00
Mathieu Beligon	c8455a6c4d	[actors] Add killnet	2022-04-21 14:06:28 +02:00
Adam McHugh	53a0fc56d3	Added Cosmic Lynx Threat Actor from Agari Whitepaper advisory	2022-04-18 10:16:26 +09:30
Alexandre Dulaunoy	bca7381f33	fix: [ransomware] refs are within meta	2022-04-17 15:43:23 +02:00
Alexandre Dulaunoy	eb7c5ebaf1	fix: [ransom] remove empty ref	2022-04-17 15:39:02 +02:00
Alexandre Dulaunoy	bc696b43f4	chg: [ransomware] jq all the things	2022-04-17 15:35:50 +02:00
Alexandre Dulaunoy	00d33fd292	Merge pull request #701 from adammchugh/ransomware-conti-update Ammended Conti ransomware entry with ACSC 2021-010 advisory data	2022-04-17 15:35:25 +02:00
Alexandre Dulaunoy	66744a4cd0	Merge pull request #704 from adammchugh/cryptominers-bluemockingbird-add Added Cryptominer Blue Mockingbird from RedCanary advisory.	2022-04-17 14:43:59 +02:00
Alexandre Dulaunoy	14907e3eef	Merge pull request #703 from adammchugh/threatactor-copypaste-add Added Copy-Paste Threat Actor from ACSC Advisory 2020-008	2022-04-17 14:43:37 +02:00
Adam McHugh	84eac4b102	Added Cosmic Lynx Threat Actor from Agari Whitepaper advisory	2022-04-17 19:50:08 +09:30
Adam McHugh	f00e80ae7e	Added Cryptominer Blue Mockingbird from RedCanary advisory.	2022-04-17 19:44:42 +09:30
Adam McHugh	cff8a38c5f	Added Copy-Paste Threat Actor from ACSC Advisory 2020-008	2022-04-17 19:37:26 +09:30
Adam McHugh	622c0502aa	Ammended Conti ransomware entry with ACSC 2021-010 advisory data	2022-04-17 19:23:11 +09:30
Adam McHugh	99caab201f	Ammended Blackcat ransomware entry with ACSC 2022-004 advisory data	2022-04-17 18:05:24 +09:30
Thomas Dupuy	bd05eb0bba	upd: [cluster] add Threat Actor BladeHawk.	2022-04-11 17:03:19 +00:00
Thomas Dupuy	209391f110	upd: [cluster] add ref and synonyms for Energetic Bear.	2022-04-07 18:26:58 +00:00
Alexandre Dulaunoy	b649057a5a	chg: [handicap] fixed more fields	2022-04-04 11:09:30 +02:00
Alexandre Dulaunoy	aff4345074	chg: [handicap] more cleanup	2022-04-04 11:01:38 +02:00
Alexandre Dulaunoy	269f91ad75	chg: [handicap] more clean-up of uuid values	2022-04-04 10:56:29 +02:00
Alexandre Dulaunoy	d3d4e7186b	chg: [handicap] fix name of the clusters	2022-04-04 10:43:56 +02:00
Alexandre Dulaunoy	7e6390c336	Merge pull request #694 from AgatheMgt/main Handicap	2022-04-04 10:41:06 +02:00
Rony	a08ddaf548	Add Avivore & HAZY TIGER/Bitter	2022-04-02 01:14:18 +05:30
Rony	50f39edc10	Revert "update threat actors meta"	2022-04-02 00:55:38 +05:30
Delta-Sierra	73f71c8b15	dup	2022-04-01 16:51:27 +02:00
Delta-Sierra	fb557fd3a2	dup	2022-04-01 16:47:50 +02:00
Delta-Sierra	909fc09992	duplicate	2022-04-01 16:44:47 +02:00
Delta-Sierra	7c3e8ac068	fix duplicate	2022-04-01 16:40:40 +02:00
Delta-Sierra	dcc396108c	fix duplicate	2022-04-01 16:36:47 +02:00
Delta-Sierra	9257fb677b	merge	2022-04-01 16:32:10 +02:00
Delta-Sierra	0f7803b091	update threat actors meta	2022-04-01 16:00:27 +02:00
Sami Mokaddem	4242732af1	chg: jq all 2	2022-03-31 09:05:22 +02:00
Sami Mokaddem	a9a09d11c6	chg: jq all	2022-03-31 08:59:36 +02:00
Mathieu Beligon	c35fad3291	Add threat actor group Scarab	2022-03-28 12:11:34 +02:00
Alexandre Dulaunoy	94c3788089	Merge pull request #687 from Badis-dev/main Add galaxy and cluster cancer	2022-03-25 10:04:46 +01:00
AgatheMgt	aec779d1ee	poatate	2022-03-24 09:43:58 -04:00
AgatheMgt	3ce6d7a313	Update handicap.json	2022-03-24 07:48:49 -04:00
AgatheMgt	a6a16926f6	Create handicap.json	2022-03-24 07:08:08 -04:00
Daniel Plohmann	24a3f16ab4	adding threat actor group LAPSUS$ / DEV-0537.	2022-03-23 09:47:10 +01:00
Delta-Sierra	97690426bf	update threat actors meta	2022-03-18 16:41:10 +01:00
Alexandre Dulaunoy	6f0208dcaf	chg: [ransomware] UUID fixed	2022-03-18 16:03:27 +01:00
Alexandre Dulaunoy	ef5af37dbe	chg: [botnet] duplicate UUIDs replaced	2022-03-18 15:58:09 +01:00
Alexandre Dulaunoy	c0a07d2246	chg: [ransomware] replace duplicate UUIDs	2022-03-18 15:57:06 +01:00
botlabsDev	6416d0b2de	add Rook Ransomware, Pandora Ranomsware, Astro Locker, Mount Locker, Ripprbot, Abcbot Cyclops Blink and Elknot	2022-03-18 15:34:11 +01:00
Alexandre Dulaunoy	18069ce5f3	Merge pull request #688 from botlabsDev/patch-0 Add tool 'BadPotato' to clusters/tool.json	2022-03-15 12:30:47 +01:00
Alexandre Dulaunoy	7fd5715715	Merge pull request #691 from r0ny123/indian-adversaries Update to Indian Adversaries	2022-03-15 12:28:16 +01:00
Rony	eebda5f955	chg: [threat-actor] merging viceroy tiger and donot team & adding SectorE02 as an alias of Donot team	2022-03-15 15:02:57 +05:30
Rony	ac72e7b639	fix	2022-03-15 14:00:46 +05:30
Rony	3b67e745e5	Update threat-actor.json	2022-03-15 13:57:00 +05:30
botlabsDev	99ab2a13d6	Add tool 'BadPotato' to clusters/tool.json	2022-03-14 18:02:02 +01:00
Badis-dev	231915f9a4	add galaxy and cluster cancer	2022-03-11 14:20:09 +01:00
Badis-dev	27241135a2	Add cancer.json	2022-03-11 11:26:57 +01:00
Badis-dev	78f1c9f345	Delete cancer.json	2022-03-11 11:26:30 +01:00
Badis-dev	1c707f7c5e	Add cancer cluster	2022-03-11 11:13:57 +01:00
Delta-Sierra	957327383d	fix array	2022-03-07 16:10:53 +01:00
Delta-Sierra	a7f3df8a9a	merge	2022-03-07 16:04:38 +01:00
Delta-Sierra	8fd3c87b47	update threat actors meta	2022-03-07 15:54:29 +01:00
Alexandre Dulaunoy	8e09c9b30c	Merge pull request #685 from danielplohmann/patch-14 adding threat actor "Moses Staff"	2022-03-02 21:43:00 +01:00
Daniel Plohmann	896a451461	fixed with linted JSON.	2022-03-02 21:22:28 +01:00
Daniel Plohmann	a817324cd4	adding threat actor "Moses Staff"	2022-03-02 15:50:39 +01:00
Mathieu Beligon	0b456b8afa	version bump -> 213	2022-03-02 14:55:26 +01:00
Mathieu Beligon	d3d241ca54	Update Gamaredon target	2022-03-02 14:55:19 +01:00
Mathieu Beligon	27c05a118e	Update GhostWriter	2022-03-02 13:16:20 +01:00
Delta-Sierra	c909a35d65	Merge https://github.com/MISP/misp-galaxy into main	2022-02-18 10:57:10 +01:00
Delta-Sierra	a788c867a7	jq	2022-02-18 10:56:07 +01:00
Delta-Sierra	b0cd884afc	add TA2541	2022-02-18 10:54:25 +01:00
Daniel Plohmann	321e4b4a57	another Gamaredon ref and version bump	2022-02-18 08:26:01 +01:00
Daniel Plohmann	254dd47a61	adding ACTINIUM as MSFT name for Gamaredon	2022-02-18 08:24:35 +01:00
Delta-Sierra	33ef3317b7	fix duplicate	2022-02-14 10:02:36 +01:00
Delta-Sierra	9b76d71c43	Merge https://github.com/MISP/misp-galaxy into main	2022-02-14 08:47:21 +01:00
Delta-Sierra	3184819968	add DDG botnet and more	2022-02-11 16:13:36 +01:00
rwe	4700780d47	added antlion APT group	2022-02-05 04:52:33 -08:00
Alexandre Dulaunoy	f49b54281b	chg: [ransomware] set encryption only	2022-02-02 22:36:14 +01:00
Alexandre Dulaunoy	3328b73185	fix: [ransomware] array end missing	2022-02-02 22:32:39 +01:00
Kevin Holvoet	3d23f98d04	Forgot comma between JSON entries	2022-02-02 18:58:55 +01:00
Kevin Holvoet	389add7580	Update ransomware.json with URL fix Fixed URL for AlphaLocker	2022-02-02 18:54:31 +01:00
Kevin Holvoet	fa9829cec0	Update ransomware.json: add BlackCat (ALPHV)	2022-02-02 18:50:19 +01:00
Daniel Plohmann	833a6e0a8d	updated URLs for Gamaredon with Shuckworm alias reference	2022-02-02 09:40:10 +01:00
Daniel Plohmann	8f928d8eb3	adding Gamaredon alias Shuckworm used by Symantec	2022-02-02 09:35:53 +01:00
Delta-Sierra	5cf1eb01f4	Merge https://github.com/MISP/misp-galaxy into main	2022-01-31 10:04:07 +01:00
Alexandre Dulaunoy	1fda357a03	new: [surveillance] Cytrox added	2022-01-30 11:31:55 +01:00
Jürgen Löhel	22046a1eae	Adds WhisperGate Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>	2022-01-18 13:16:06 -06:00
Delta-Sierra	e523bdaf70	merge	2022-01-14 16:08:14 +01:00
Jürgen Löhel	3059c70ae6	Adds UPAS-Kit Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>	2022-01-13 11:53:32 -06:00
Thomas Dupuy	c792bdd1b7	Add AQUATIC PANDA threat actor.	2022-01-12 13:51:11 -05:00
Thomas Dupuy	afaf3a3110	Add Motnug tool.	2022-01-12 13:37:59 -05:00
Jürgen Löhel	5aa8a8a8b1	Adds Ragnatela RAT Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>	2022-01-10 15:57:10 -06:00
Sami Tainio	dcb87b0dc6	chg: [threat-actor] Add SideCopy	2022-01-07 17:45:41 +02:00
Daniel Plohmann	3094283252	adding Mandiant's FIN13.	2022-01-03 09:32:43 +01:00
Alexandre Dulaunoy	eba1b2839f	chg: [concordia] CMTMF killchain typo fixed	2021-12-20 10:41:00 +01:00
Raphaël Vinot	b4d518d4f0	fix: cmtmf-attack-pattern had multiple duplicate UUIDs	2021-12-17 17:58:29 +01:00
Alexandre Dulaunoy	12617ff627	chg: [concordia] fix name inconsistencies	2021-12-17 17:41:00 +01:00
Alexandre Dulaunoy	69b582f9ba	chg: [concordia] duplicate removed	2021-12-17 17:31:38 +01:00
Alexandre Dulaunoy	bc3ab62917	chg: [concordia] duplicate removed	2021-12-17 17:26:04 +01:00
Alexandre Dulaunoy	ee2a3c83f4	chg: [concordia] duplicate techniques removed	2021-12-17 17:21:00 +01:00
Alexandre Dulaunoy	01d23b61b7	chg: [concordia] typo fixed	2021-12-17 17:15:43 +01:00
Alexandre Dulaunoy	01f2ce68d4	chg: [misp-galaxy] duplicate modify trusted environment and also different technique ID?	2021-12-17 17:13:57 +01:00
Alexandre Dulaunoy	5becac98e4	chg: [concordia] duplicates removed	2021-12-17 16:51:11 +01:00
Alexandre Dulaunoy	ae7b7bd47d	chg: [cmtmf-attack-pattern] various fixes to make JSON ok	2021-12-17 16:08:07 +01:00
Alexandre Dulaunoy	7b587710b1	Merge branch 'concordia_mtmf' of https://github.com/BennSaturn/misp-galaxy into BennSaturn-concordia_mtmf	2021-12-17 15:55:03 +01:00
Jürgen Löhel	b81ac7f01d	Adds DarkWatchman RAT Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>	2021-12-17 07:20:58 -06:00
Delta-Sierra	b8960393a4	add Milan Rat, Shark tool and Lyceum synonyms	2021-11-29 16:00:40 +01:00
Delta-Sierra	bb92427b65	add Lyceum synonyms/sources	2021-11-29 12:05:51 +01:00
Delta-Sierra	78a8cf4ad2	add ESPecter Bootkit	2021-11-19 16:30:57 +01:00
Delta-Sierra	c89623e945	add ESPecter bootkit	2021-11-16 08:17:37 +01:00
Christophe Vandeplas	aeb5719448	chg: [att&ck] update to ATT&CK v10	2021-10-22 14:34:25 +02:00
Alexandre Dulaunoy	ab41df7282	chg: [malpedia] remove duplicate	2021-10-20 12:24:12 +02:00
Alexandre Dulaunoy	e517787e7c	chg: [malpedia] duplicates removed	2021-10-20 12:21:05 +02:00
Alexandre Dulaunoy	69f878c86f	fix: [malpedia] remove duplicate urls	2021-10-20 12:16:22 +02:00
Alexandre Dulaunoy	da91f2abc2	chg: [malpedia] updated	2021-10-20 10:21:03 +02:00
marjatech	d74fdb3e43	update malpedia	2021-10-19 16:21:19 +02:00
Bernardo Santos	e74fcfe268	Update cmtmf-attack-pattern.json - update version	2021-10-13 10:06:00 +02:00
Bernardo Santos	5f19983ba3	Update cmtmf-attack-pattern.json - Changes to cluster type - Fix typo for privilege escalation tactic	2021-10-13 09:57:03 +02:00
Bernardo Santos	49dfcca563	CONCORDIA MTMF - Initial version Initial version of the CONCORDIA Mobile Threat Modelling Framework for the CONCORDIA Project: https://www.concordia-h2020.eu/	2021-10-12 10:54:06 +02:00
Bernardo Santos	d09681b011	CONCORDIA MTMF - Initial version Initial version of the CONCORDIA Mobile Threat Modelling Framework for the CONCORDIA Project: https://www.concordia-h2020.eu/	2021-10-12 10:45:03 +02:00
Jeroen Pinoy	9ec76ae185	Add threat actor common raven	2021-10-03 23:30:20 +02:00
Thomas Patzke	26f0c344a1	Added O365 techniques Source: https://www.inversecos.com/2021/09/office365-attacks-bypassing-mfa.html	2021-09-18 23:27:38 +02:00
Thomas Dupuy	1985de4d44	Add BLUELIGHT tool.	2021-08-27 10:28:06 +02:00
Thomas Dupuy	89a3f986ba	Add InkySquid synonym.	2021-08-24 16:29:34 +02:00
Daniel Plohmann	3272960a14	fixed typo in actor name (CLOCKWORD -> CLOCKWORK SPIDER)	2021-08-19 06:02:40 +02:00
Rony	5dd0c7d8b3	chg: [threat-actor] add origin country to UNC2452 & HAFNIUM addressed https://github.com/MISP/misp-galaxy/pull/660#issuecomment-884475015	2021-08-02 22:30:05 +05:30
Rony	636ccdedcd	Update threat-actor.json	2021-07-21 18:47:56 +05:30
Rony	9ecfecc063	another fix	2021-07-21 18:41:18 +05:30
Rony	32ea60d721	fix	2021-07-21 18:31:05 +05:30
Rony	52e7d5a0a9	multiple updates to apt40, apt31 & hafnium	2021-07-21 18:28:40 +05:30
Rony	fb9a41f8e9	from Gov Canada & MFA Japan	2021-07-19 20:33:35 +05:30
Rony	c90c60cb13	adding references for APT40 & APT31	2021-07-19 20:14:36 +05:30
Alexandre Dulaunoy	6c8949caa9	Merge pull request #658 from jasperla/oilrig merge APT34 with OilRig	2021-07-03 08:56:39 +02:00
Deborah Servili	b6005bd53f	Merge branch 'main' into master	2021-07-02 13:30:51 +02:00
Delta-Sierra	913aff30c3	Add NOBELIUM and related	2021-07-02 13:18:03 +02:00
Jasper Lievisse Adriaanse	792490298e	merge APT34 with OilRig OilRig already has "APT 34" and "APT34" as synonyms. Additionally MITRE has since combined them due to overlap in activity: https://attack.mitre.org/groups/G0049/	2021-06-29 20:26:04 +02:00
Alexandre Dulaunoy	a5d7d85dc8	Merge pull request #657 from jloehel/add_matanbuchus [cluster][tool] Adds Matanbuchus	2021-06-22 07:23:20 +02:00
Jürgen Löhel	254c201601	[cluster][tool] Adds Matanbuchus + threat actor: BelialDemon Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>	2021-06-21 18:04:28 -05:00
Jürgen Löhel	381973f5de	[cluster][stealer] Adds HackBoss Fixes: #651 Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>	2021-06-21 16:35:20 -05:00
Thomas Dupuy	772c5145c1	Added BackdoorDiplomacy and Gelsemium.	2021-06-11 11:48:57 -04:00
Rony	9a723b6261	more ta544 references	2021-05-26 20:26:27 +05:30
Rony	db06e1fa4a	chg: [threat-actor] added cybercrime threat group profiles from Crowdstrike & Secureworks	2021-05-22 21:02:30 +05:30
Daniel Plohmann	433ea5cb45	Twisted Spider -> TWISTED SPIDER fair point	2021-05-19 17:04:58 +02:00
Daniel Plohmann	9719122d27	adding Twisted Spider as alias for TA2101 (Maze)	2021-05-19 16:47:41 +02:00
Alexandre Dulaunoy	a3cdbc1309	Merge pull request #650 from Still34/patches/alias-tick-1 Add alias for Tick	2021-05-07 23:23:38 +02:00
Still Hsu	eb671f1e6a	Add Nian alias Signed-off-by: Still Hsu <dev@stillu.cc>	2021-05-08 00:52:27 +08:00
Still Hsu	fe7c0dab07	Add country origin for BlackTech Signed-off-by: Still Hsu <dev@stillu.cc>	2021-05-08 00:32:39 +08:00
Daniel Plohmann	38b8bac51d	fixing broken/dead links	2021-05-04 20:15:17 +02:00
Alexandre Dulaunoy	6f7d3d5c2b	chg: [ransomware] COLT (Compromise to Leak Time) added on Darkside and Pysa "COLT – Compromise to Leak Time" - new meta colt-median/colt-average. For reference: https://vulnerability.ch/2021/05/colt-compromise-to-leak-time/	2021-05-03 07:41:43 +02:00
Alexandre Dulaunoy	7aaf25a424	new: [ransomware] Ragnarok added	2021-04-30 12:08:03 +02:00
Alexandre Dulaunoy	94ec98d544	Merge pull request #646 from r0ny123/update Updates to APT27 & Tick	2021-04-29 18:29:53 +02:00
Christophe Vandeplas	86ee7008b2	chg: [att&ck] bump to latest ATT&CK version from MITRE	2021-04-29 18:12:36 +02:00
mokaddem	211a4b5145	fix: [ransomware] Related key should be outside metas	2021-04-26 13:48:06 +02:00
Rony	4ba2db0f3a	FlatChestWare duplicate removed	2021-04-26 16:24:09 +05:30
Alexandre Dulaunoy	ef9989dbe8	chg: [ransomware] duplicate removed	2021-04-26 12:06:03 +02:00
Alexandre Dulaunoy	847d3e8fa7	chg: [ransomware] duplicate removed	2021-04-26 12:01:01 +02:00
Alexandre Dulaunoy	f3992ec5f1	chg: [ransomware] duplicates removed	2021-04-26 11:57:21 +02:00
Alexandre Dulaunoy	f2703bd03e	chg: [ransomware] Flyper removed	2021-04-26 11:52:28 +02:00
Delta-Sierra	3cae487e3d	fix duplicates and add relations	2021-04-26 11:25:39 +02:00
Rony	faed812fc9	Merged STALKER PANDA to Tick	2021-04-25 19:12:20 +05:30
Rony	89b9c0c32c	several updates to apt27	2021-04-25 16:53:36 +05:30
Delta-Sierra	0a05621f82	Merge https://github.com/MISP/misp-galaxy	2021-04-19 15:48:58 +02:00
Delta-Sierra	b138354fa5	Removing duplicate	2021-04-19 15:42:49 +02:00
Alexandre Dulaunoy	28f6475cc5	chg: [ransomware] first duplicate removed	2021-04-19 15:13:18 +02:00
Alexandre Dulaunoy	e7061f90d9	chg: [ransomware] remove duplicate "File-Locker"	2021-04-19 15:08:06 +02:00
Alexandre Dulaunoy	ab13dd00f8	Merge pull request #645 from Delta-Sierra/master Adding ransomware names [WIP 2/3]	2021-04-19 15:03:12 +02:00
Delta-Sierra	f5713a8d87	Removing unexpected line	2021-04-19 14:53:36 +02:00
Delta-Sierra	b7b4b356c3	Adding ransomware names [WIP 3]	2021-04-19 14:47:10 +02:00
Delta-Sierra	fdf1a6c112	Adding ransomware names [WIP 2]	2021-04-19 13:24:25 +02:00
Daniel Plohmann	6eb594a6b0	adding Yanbian Gang as threat actor	2021-04-16 15:12:45 +02:00
Delta-Sierra	f3456a89c5	fix version	2021-04-15 15:08:11 +02:00
Delta-Sierra	4bcd0492bd	Adding ransomwares WIP	2021-04-15 15:07:52 +02:00
Daniel Plohmann	2d8e9ea364	Symantec uses Palmerworm as alias for BlackTech Adding Palmerworm as Symantec alias for BlackTech (with reference).	2021-03-31 22:35:12 +02:00
Thomas Dupuy	a8c62ddeda	Add Ghostwriter.	2021-03-31 09:42:40 -04:00
Rony	50f5d2ae4a	reverted changes made into `52ae97718d`	2021-03-30 22:19:05 +05:30
sebdraven	ce8a9442eb	validation jsons	2021-03-30 13:12:21 +00:00
Sebdraven	52ae97718d	Update threat-actor.json add a synonym to Haffnium	2021-03-30 15:11:09 +02:00
sebdraven	b082977b9f	validation ok	2021-03-30 10:22:35 +00:00
Sebdraven	4ed4cebcee	Update threat-actor.json format json	2021-03-30 12:16:22 +02:00
Sebdraven	a62e3ba530	Update threat-actor.json add redecho threat actor	2021-03-30 12:10:50 +02:00
Jakub Onderka	ca9608da6d	fix: Cryptominers type	2021-03-27 22:07:33 +01:00
Alexandre Dulaunoy	26b9740e55	chg: [malpedia] jq all the file and removed ref duplicates	2021-03-13 11:00:39 +01:00
Jakob M	f02ce7e805	update to latest Ref: https://malpedia.caad.fkie.fraunhofer.de/api/get/misp	2021-03-12 10:35:12 +01:00
Delta-Sierra	eff327b4fd	fix progress	2021-03-11 14:42:55 +01:00
Delta-Sierra	7c843ac5c2	fix merge & jq	2021-03-11 14:08:29 +01:00
Delta-Sierra	c37befc8a9	merge	2021-03-11 10:35:05 +01:00
Alexandre Dulaunoy	855a12a408	chg: [clusters] fixing broken UUID fix #628	2021-03-11 09:54:50 +01:00
Alexandre Dulaunoy	f6ed00233e	chg: [ransomware] fix the broken UUID fix #628	2021-03-11 09:52:25 +01:00
Rony	57c7d0b9a0	From Nextron	2021-03-06 19:44:32 +05:30
Rony	6cabbfb091	more!	2021-03-06 14:22:29 +05:30
Rony	7b242555df	More references From Crowdstrike MSRC and kql hunting query from James Quinn	2021-03-06 13:28:14 +05:30
Rony	eaab88ef28	add HAFNIUM detection refs	2021-03-05 16:51:28 +05:30
Rony	4bc438a325	fix	2021-03-05 11:48:43 +05:30
Rony	d9b299aafc	add more HAFNIUM references	2021-03-05 11:42:04 +05:30
Rony	c9f7afef1c	Adding alias NOBELIUM	2021-03-04 22:39:33 +05:30
Alexandre Dulaunoy	47dade9d0e	Merge pull request #631 from r0ny123/Enhancement Add HAFNIUM	2021-03-04 14:48:01 +01:00
Alexandre Dulaunoy	a9a6b0253f	chg: [microsoft activity group] HAFNIUM added	2021-03-04 10:49:58 +01:00
Rony	ad795606cf	added HAFNIUM Updates: Tonto Team UNC2452	2021-03-04 00:10:33 +05:30
Sebdraven	2666341afc	Update threat-actor.json update Sidewinder card	2021-03-03 17:59:25 +01:00
Thomas Dupuy	f842694fda	Update Infy TA.	2021-03-02 14:37:01 -05:00
Alexandre Dulaunoy	524676282e	Merge branch 'main' of github.com:MISP/misp-galaxy into main	2021-02-26 08:30:58 +01:00
Alexandre Dulaunoy	4692ced8fa	chg: [tool] SUNSPOT added	2021-02-26 08:28:01 +01:00
Delta-Sierra	0e23d8b95f	add relationships between Maze, Rgnar, Egregor and Sekhmet	2021-02-25 10:21:28 +01:00
Delta-Sierra	406dfdb45b	add Sekhmet ransomware	2021-02-25 09:52:52 +01:00
Delta-Sierra	d273a5da7d	add TeamTNT ref	2021-02-25 09:52:24 +01:00
Rony	5c6f3a036b	removing DePrimon DePrimon is not a TA, added malfamily (waiting for approval) to Malpedia to better reflect that.	2021-02-24 21:55:04 +05:30
Thomas Dupuy	eeafff9768	Add RDAT backdoor	2021-02-23 11:15:31 -05:00
Delta-Sierra	eb07fab69f	add Ragnar Locker and update accordingly	2021-02-23 16:21:07 +01:00

... 11 12 13 14 15 ...

2715 commits