Mathieu Beligon
7163ed2068
[threat-actors] Add UserSec
2023-11-07 14:47:12 +01:00
Mathieu Beligon
c3b6878cf3
[threat-actors] Add IronHusky
2023-11-07 14:47:12 +01:00
Mathieu Beligon
1246088d76
[threat-actors] Add ShinyHunters
2023-11-07 14:47:12 +01:00
Mathieu Beligon
798cebc970
[threat-actors] Add ShroudedSnooper
2023-11-07 14:47:12 +01:00
Mathieu Beligon
2111f50968
[threat-actors] Add 1937CN
2023-11-07 14:47:12 +01:00
Mathieu Beligon
40fb100ff9
[threat-actors] Add Altahrea Team
2023-11-07 14:47:12 +01:00
Mathieu Beligon
4093632674
[threat-actors] Add Cyber Av3ngers
2023-11-07 14:47:12 +01:00
Mathieu Beligon
58fb9162b0
[threat-actors] Add KromSec
2023-11-07 14:47:12 +01:00
Mathieu Beligon
d1f382602c
[threat-actors] Add DustSquad
2023-11-07 14:47:11 +01:00
Mathieu Beligon
bc8904110b
[threat-actors] Add Guacamaya
2023-11-07 14:47:11 +01:00
Mathieu Beligon
10d27206a7
[threat-actors] Add SharpPanda
2023-11-07 14:47:11 +01:00
Mathieu Beligon
ff9a8ddfe3
[threat-actors] Add BadRory
2023-11-07 14:47:11 +01:00
e24fecbd40
fix: [threat-actor] synonyms
not aliases
2023-11-07 11:22:32 +01:00
b13eee558f
chg: [threat-actor] TA499 added
2023-11-07 11:12:35 +01:00
f2cc04fca8
chg: [threat-actor] version updated
2023-11-07 09:27:07 +01:00
Mathieu4141
5828ba1a9d
[threat-actors] Add Storm-1133
2023-11-06 05:26:26 -08:00
Mathieu4141
4a3968e873
[threat-actors] Add REF2924
2023-11-06 05:26:26 -08:00
Mathieu4141
18811f8056
[threat-actors] Add REF5961
2023-11-06 05:26:26 -08:00
Mathieu4141
ee354d9d75
[threat-actors] Add HiddenArt
2023-11-06 05:26:26 -08:00
Mathieu4141
bfb03504a9
[threat-actors] Add OilAlpha
2023-11-06 05:26:26 -08:00
Mathieu4141
152ab38b10
[threat-actors] Add GhostSec
2023-11-06 05:26:26 -08:00
Mathieu4141
5a4a697e8c
[threat-actors] Add IndigoZebra
2023-11-06 05:26:25 -08:00
Mathieu4141
971b17b79f
[threat-actors] Add NB65
2023-11-06 05:26:25 -08:00
Mathieu4141
84fec96df9
[threat-actors] Add Witchetty
2023-11-06 05:26:25 -08:00
Mathieu4141
eb43d9faf2
[threat-actors] Add RedStinger
2023-11-06 05:26:25 -08:00
Mathieu Beligon
025345e1b6
[threat-actors] remove duplicate
2023-11-03 20:09:05 +01:00
Mathieu Beligon
a65bb60d90
[threat-actors] Add UNC3890
2023-11-03 19:02:12 +01:00
Mathieu Beligon
84fda6ef72
[threat-actors] Add Carderbee
2023-11-03 19:02:12 +01:00
Mathieu Beligon
1343cdb35a
[threat-actors] Add RansomVC
2023-11-03 19:02:12 +01:00
Mathieu Beligon
ea227222ea
[threat-actors] Add SiegedSec
2023-11-03 19:02:12 +01:00
Mathieu Beligon
44d7b3e88f
[threat-actors] Add Metador
2023-11-03 19:02:12 +01:00
Mathieu Beligon
0133c023d2
[threat-actors] Add YoroTrooper
2023-11-03 19:02:12 +01:00
Mathieu Beligon
58e8dfef71
[threat-actors] Add Kasablanka
2023-11-03 19:02:12 +01:00
Mathieu Beligon
0f1777df92
[threat-actors] Add SparklingGoblin
2023-11-03 19:02:12 +01:00
Mathieu Beligon
419c62cea1
[threat-actors] Add Storm-0062
2023-11-03 19:02:12 +01:00
Mathieu Beligon
13c770f0a7
[threat-actors] Add LofyGang
2023-11-03 19:02:12 +01:00
0b5b9ca5a3
chg: [threat-actor] version updated
2023-11-03 14:00:21 +01:00
Mathieu Beligon
9d6315346e
[threat-actors] jq
2023-11-03 11:32:24 +01:00
Mathieu Beligon
9c502d0d1f
[threat-actors] Add Lancefly
2023-11-03 11:13:11 +01:00
Mathieu Beligon
73c73606ff
[threat-actors] Add GoldenJackal
2023-11-03 11:13:11 +01:00
Mathieu Beligon
64f0a87ed7
[threat-actors] Add Earth Estries
2023-11-03 11:13:11 +01:00
Mathieu Beligon
4a521eec3b
[threat-actors] Add TetrisPhantom
2023-11-03 11:13:11 +01:00
Mathieu Beligon
78472ee3f5
[threat-actors] Add Redfly
2023-11-03 11:13:11 +01:00
Mathieu Beligon
c9e85b4d16
[threat-actors] Add Earth Longzhi
2023-11-03 11:13:11 +01:00
Mathieu Beligon
a91734af6c
[threat-actors] Add UNC3886
2023-11-03 11:13:11 +01:00
Mathieu Beligon
7bb54037e8
[threat-actors] Add Winter Vivern
2023-11-03 11:13:11 +01:00
Mathieu Beligon
4bb6cce77d
[threat-actors] Add Xiaoqiying
2023-11-03 11:13:11 +01:00
Mathieu Beligon
f82b502df6
[threat-actors] Add Keksec
2023-11-03 11:13:11 +01:00
Mathieu4141
5b1af60db3
[threat-actors] Add Keksec
2023-11-02 06:29:30 -07:00
Mathieu Beligon
be89fcd370
[threat-actors] jq
2023-11-02 13:25:13 +01:00
Mathieu Béligon
63b422c7d0
Merge branch 'main' into threat-actor/scarred-manticore-6a6965e2-0843-47b1-990d-d43016dd4dd1
2023-11-02 13:19:14 +01:00
Mathieu4141
9ced077269
[threat-actors] Add Scarred Manticore
2023-11-02 05:17:14 -07:00
852f205c75
chg: [mitre-attack] updated to ATT&CK v14.0 Enterprise
2023-10-31 18:04:23 +01:00
648261d423
fix: [malpedia] restore original MISP UUID for the cluster
2023-10-31 09:13:30 +01:00
c800ad0d1b
Merge branch 'main' of https://github.com/HiS3/misp-galaxy into HiS3-main
2023-10-31 09:11:24 +01:00
e7ca55277c
new: [threat-actor] Storm-0558 added + Fix #880
2023-10-31 09:05:19 +01:00
Delta-Sierra
2436c6f326
jq
2023-10-30 15:46:07 +01:00
Delta-Sierra
b2a5700414
add authors
2023-10-30 15:43:34 +01:00
Delta-Sierra
25d62c8094
add categ
2023-10-30 15:31:24 +01:00
Delta-Sierra
04739a7e95
trim
2023-10-30 14:54:22 +01:00
Delta-Sierra
711032d2e3
Merge https://github.com/MISP/misp-galaxy
2023-10-30 14:23:14 +01:00
Delta-Sierra
0f9646f844
Add NAICS galaxy
2023-10-30 14:21:30 +01:00
Mathieu Beligon
dcde706078
[threat-actors] Add Camaro Dragon
2023-10-26 13:20:54 +02:00
416cd6706a
fix: [threat-actor] JQ all the things + version updated
2023-10-20 12:00:48 +02:00
jstnk9
ec9dc0f2e3
threat actors update
2023-10-20 11:51:13 +02:00
jstnk9
aa5a6eb062
threat actor updated
2023-10-19 12:39:37 +02:00
Sebastian Himmler
4b7f5c1e84
update malpedia galaxy
2023-10-19 11:13:53 +02:00
Christophe Vandeplas
a4ae58afcb
chg: [threat-actor] increased version number
2023-10-17 11:29:52 +02:00
Christophe Vandeplas
e9f884e3f3
Merge pull request #876 from Mathieu4141/threat-actors/cobalt-mirage
...
[threat-actors] More aliases of Iranian apts
2023-10-17 11:29:01 +02:00
75d950f1cb
chg: [sigma] updated
2023-10-17 11:23:26 +02:00
Mathieu Beligon
e086bee02e
[threat-actors] More aliases of iranian apts
2023-10-17 11:21:48 +02:00
Mathieu Beligon
537ef08735
[threat-actors] Add Void Rabisu
2023-10-16 18:14:47 +02:00
6328b996b2
chg: [firearms] remove duplicate firearms having similar SKU
2023-10-13 17:20:34 +02:00
a0744ab805
fix: [ammunition] too many ammunitions
2023-10-13 17:16:06 +02:00
7e687c8c21
chg: [ammunitions] duplicate values replaced with the complete description
2023-10-13 17:02:03 +02:00
1f3ff23d5b
Merge branch 'FirearmsAndAmmo' of https://github.com/o1mate/misp-galaxy into o1mate-FirearmsAndAmmo
2023-10-13 16:46:53 +02:00
059b20e705
chg: [threat-actor] clean-up
2023-10-13 16:31:48 +02:00
jstnk9
faef21e15d
Added information related to Wizard Spider
2023-10-13 12:02:20 +02:00
jstnk9
613e9feb12
added suspected victims to Gelsemium
2023-10-13 10:53:36 +02:00
f9d6386c35
Merge pull request #872 from Delta-Sierra/main
...
add AtlasCross
2023-10-11 14:51:06 +02:00
eed0dc7747
chg: [sigma] updated to the latest version
2023-10-10 22:30:50 +02:00
Delta-Sierra
1bb336fdbe
add AtlasCross
2023-10-10 09:17:25 +02:00
Delta-Sierra
fd6bccae8b
Merge https://github.com/MISP/misp-galaxy
2023-10-09 09:18:51 +02:00
Delta-Sierra
73d7c038b2
adding targeted sectors
2023-10-09 09:18:43 +02:00
Daniel Plohmann
1b33cad11d
adding aliases to ProphetSpider
2023-10-04 16:39:01 +01:00
8760ea0c52
Merge branch 'main' of github.com:MISP/misp-galaxy into main
2023-10-04 10:49:56 +02:00
89a193d315
fix: [threat-actor] version updated + jq all the things
2023-10-04 10:48:44 +02:00
Paul Stark
ce7d54c96a
chg [misp-galaxy] update Nigeria from name to 2-digit code
2023-10-03 11:56:45 -04:00
jstnk9
89ab7728b0
updated TA505 countries and industries affected
...
updated TA505 countries and industries affected
2023-10-03 12:44:44 +02:00
Mathieu Beligon
e6266e8e59
fixes
2023-10-02 19:25:10 +02:00
Mathieu Beligon
081b2e619b
fixes
2023-10-02 19:18:00 +02:00
Mathieu Beligon
b2599deaae
fixes
2023-10-02 19:17:47 +02:00
Mathieu Beligon
0fba8d3f27
[threat-actors] bump version
2023-10-02 15:19:20 +02:00
Mathieu Beligon
b8f8fce4b6
[threa-actors] Add Scattered Spider
2023-10-02 15:17:40 +02:00
Mathieu Beligon
e393780af8
[threa-actors] Add Scattered Canary
2023-10-02 15:11:10 +02:00
67543e2437
chg: [galaxy] duplicate UUIDs removed
2023-09-26 11:17:44 +02:00
b79b75dba4
chg: [malpedia] duplicate refs removed
2023-09-26 10:58:46 +02:00
5d01afb537
chg: [malpedia] jq all the things
2023-09-26 10:48:49 +02:00
fl0x2208
a9a051ffaa
malpedia 2023 September update
...
malpedia 2023 September update
2023-09-26 12:27:10 +10:00
5437fac633
chg: [sigma] updated
2023-09-24 12:05:54 +02:00
5d78834520
Merge pull request #866 from Mathieu4141/actors/add-storm-0324
...
[threat-actors] Add Storm-0324
2023-09-16 11:02:33 +02:00
Mathieu Beligon
e2fd005821
[threat-actors] Add Storm-0324
2023-09-15 16:29:45 +02:00
Delta-Sierra
ac4d003c3e
fix caps
2023-09-15 16:00:38 +02:00
Delta-Sierra
5efe483858
adding targeted sectors
2023-09-15 15:49:43 +02:00
Delta-Sierra
2aa0fb22ba
finish fixing Botswana infos into Brazil cluster
2023-09-15 10:32:26 +02:00
Delta-Sierra
3e834ed49c
Merge https://github.com/MISP/misp-galaxy
2023-09-15 10:27:29 +02:00
Delta-Sierra
db23d6eb4c
adding targeted sectors
2023-09-15 10:21:44 +02:00
Delta-Sierra
214ac5d329
fix caps
2023-09-15 10:07:19 +02:00
Fabio Nitto
8c195aee06
Update target-information.json
...
Fixing information about Brazil.
2023-09-12 11:51:50 -03:00
Delta-Sierra
df0e103727
Add targeted sectors
2023-09-08 11:08:08 +02:00
Delta-Sierra
dc498bd199
more targeted-sectors meta
2023-08-28 15:06:57 +02:00
Delta-Sierra
23b9105aee
add Non-profit organisation sector
2023-08-25 15:20:17 +02:00
Delta-Sierra
639686be75
Merge https://github.com/MISP/misp-galaxy
2023-08-24 09:13:58 +02:00
Delta-Sierra
090b501c4c
add targeted sectors meta
2023-08-24 09:03:57 +02:00
Daniel Plohmann
d978998a5d
RecordedFuture: RedHotel == EarthLusca
2023-08-23 14:02:15 +02:00
34b86e4abc
Merge pull request #859 from jloehel/darkgate
...
chg [tool] Add DarkGate
2023-08-23 13:52:53 +02:00
12b935a31b
chg: [sigma] updated
2023-08-23 13:51:45 +02:00
Jürgen Löhel
37954a84f1
chg [tool] Add DarkGate
...
Source: https://malpedia.caad.fkie.fraunhofer.de/details/win.darkgate
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-08-23 11:53:25 +02:00
Daniel Plohmann (Saturn)
e207218534
version bump
2023-08-15 12:34:06 +02:00
Daniel Plohmann (Saturn)
4127ce9694
replaced various broken links with reachable equivalents
2023-08-15 12:32:51 +02:00
Daniel Plohmann
b083ae12bc
jq fix
2023-08-10 15:57:58 +02:00
Daniel Plohmann
c1d3164ef6
adding MoustachedBouncer
2023-08-10 15:49:11 +02:00
Daniel Plohmann
e228ffc432
alias Callisto -> BlueCharlie
...
not sure, if you also want to have the Microsoft names in here (I think they are tracked separately?), otherwise, that would be Star Blizzard according to the article.
2023-08-03 09:53:10 +02:00
dc29d5875e
chg: [sigma] updated
2023-08-02 23:58:22 +02:00
f5729ac23a
chg: [sigma] updated to the latest version
2023-07-31 10:22:23 +02:00
Rony
bce41d8cdb
Merge branch 'MISP:main' into Sea-Turtle
2023-07-28 16:38:03 +05:30
Rony
9b9ce4777a
chg: [threat-actor] added references, origin country, aliases to Sea Turtle
2023-07-28 11:04:11 +00:00
1568583acf
chg: [sigma] updated to the latest version
2023-07-28 11:30:15 +02:00
Thomas Dupuy
2dcd1d3544
upd: Add Worok TA and update APT-Q-12 to APT-C-60 as it was the first
...
name mention in an article.
2023-07-18 19:53:54 +00:00
caceb504fe
chg: [sigma] updated to the latest rules
2023-07-15 11:29:17 +02:00
Delta-Sierra
c51d177abd
add SmugX & RedDelta
2023-07-10 15:46:01 +02:00
7028860c0a
chg: [sigma] updated
2023-06-19 15:00:23 +02:00
Delta-Sierra
baf5bfe5cc
add Parties/Observers to the Budapest Convention
2023-06-19 14:14:47 +02:00
Delta-Sierra
20d3b3780a
merge
2023-06-19 08:35:48 +02:00
734d57edf5
chg: [sigma] updated
2023-05-31 09:43:33 +02:00
iglocska
14301a9c4c
chg: [threat actors] added Volt Typhoon
2023-05-25 07:29:48 +02:00
Delta-Sierra
e87b7bbf73
complete VENOM SPIDER threat actor
2023-05-23 11:43:20 +02:00
Delta-Sierra
18ee466ae4
add Hagga threat actor
2023-05-22 15:44:18 +02:00
Delta-Sierra
9c9561bce8
fix metasploit desc in value (ty cvandeplas)
2023-05-15 10:23:05 +02:00
Delta-Sierra
d202ed9f3f
Merge https://github.com/MISP/misp-galaxy
2023-05-15 09:54:25 +02:00
Delta-Sierra
a3fffacab3
add APT43 + tools
2023-05-15 08:41:17 +02:00
Christophe Vandeplas
02c50184bf
chg: [attck4fraud] Full merge of E.A.S.T. data + updated script
2023-05-13 09:50:14 +02:00
Christophe Vandeplas
1d9f59eb2d
chg: [attck4fraud] more manual updates with E.A.S.T. data
2023-05-13 08:43:21 +02:00
marjatech
21266365da
update malpedia
2023-05-11 14:34:41 +02:00
810cbe5b49
chg: [sigma] updated to the latest version
2023-05-11 10:27:48 +02:00
a27fda701b
Merge pull request #849 from danielplohmann/patch-34
...
adding APT43 (Mandiant) for Kimsuky.
2023-05-09 18:29:34 +02:00
Daniel Plohmann
094d56057c
adding APT43 (Mandiant) for Kimsuky.
2023-05-09 14:35:41 +02:00
Thomas Dupuy
bbbd006215
chg: [mitre] bump to v13.
2023-05-08 14:04:50 +00:00
Christophe Vandeplas
3c808921c3
chg: [attck4fraud] initial updates with E.A.S.T. data
...
https://www.association-secure-transactions.eu/industry-information/fraud-definitions/
2023-05-07 21:13:52 +02:00
c86c2a83ab
chg: [sigma] rules updated
2023-04-30 10:30:54 +02:00
3dff8e65cb
Merge pull request #847 from Delta-Sierra/main
...
add VEILEDSIGNAL and more
2023-04-27 17:21:35 +02:00
Delta-Sierra
1649c3dfca
Merge https://github.com/MISP/misp-galaxy
2023-04-27 10:04:30 +02:00
Delta-Sierra
bd050668ef
add VEILEDSIGNALand more
2023-04-27 09:53:49 +02:00
Sebastien Larinier
ddc285581d
Update threat-actor.json
2023-04-26 21:52:57 +02:00
Sebastien Larinier
d60cca9302
Update threat-actor.json
...
fix mistake
2023-04-26 21:46:33 +02:00
Sebastien Larinier
142d4aeaef
Update threat-actor.json
2023-04-26 14:26:48 +02:00
095c44e2ac
chg: [attck4fraud] add ATM cash trapping in the matrix
2023-04-26 07:48:29 +02:00
Jürgen Löhel
15297c7b5f
chg [threat-actors] Add RedGolf
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-04-24 16:59:18 -06:00
Christophe Vandeplas
79b80b0869
chg: [rels] more threat actor relations
2023-04-23 17:54:58 +02:00
Christophe Vandeplas
3c6c204f01
chg: [rels] more threat actor relations
2023-04-23 17:45:58 +02:00
Christophe Vandeplas
138c7c7ba8
chg: [rels] more relations on cluster "value"
2023-04-23 17:36:02 +02:00
Christophe Vandeplas
bf7c5f1dd9
chg: [rels] threat-actor & MS activity group - on synonym
2023-04-23 11:56:41 +02:00
Christophe Vandeplas
a5e7e0c95f
chg: [rels] threat-actor & MS activity group - on value
2023-04-23 11:55:57 +02:00
Christophe Vandeplas
f070943ee9
chg: [atrm] updated to latest version
2023-04-23 07:45:16 +02:00
adc7a70cf9
chg: [microsoft-activity-group] country code added
2023-04-21 07:39:37 +02:00
8688c41796
chg: [microsoft activity group] remove duplicate
2023-04-20 17:25:32 +02:00
592361826a
fix: [microsoft activity group] duplicate in Microsoft source
2023-04-20 17:20:57 +02:00
309f4f2ea5
chg: [microsoft-activity-group] updated following contribution from @botlabsDev script
2023-04-20 17:04:05 +02:00
2cc6bdfbc1
chg: [sigma] rules updated
2023-04-20 12:17:46 +02:00
Sebastien Larinier
862badf2c9
Update threat-actor.json
2023-04-19 17:41:44 +02:00
Sebastien Larinier
1c751b1ea8
Update threat-actor.json
2023-04-19 17:34:50 +02:00
Sebastien Larinier
165ce70a28
Merge branch 'MISP:main' into main
2023-04-19 16:48:02 +02:00
Sebastien Larinier
87ef0a400e
Update threat-actor.json
2023-04-19 15:42:14 +02:00
Sebastien Larinier
a77dc82c0a
Update threat-actor.json
...
new apt30 group
2023-04-19 15:35:36 +02:00
Delta-Sierra
063ac9fc71
jq?
2023-04-19 15:10:25 +02:00
Delta-Sierra
ecb7e79a6e
Merge https://github.com/MISP/misp-galaxy
2023-04-19 15:06:51 +02:00
Tobias Mainka
8d2b9537f1
replace "sector" tag with "country" for matching data. this allows to be confirm with existing clusters.
2023-04-19 12:38:37 +02:00
Sebastien Larinier
926035633f
Merge branch 'MISP:main' into main
2023-04-19 11:55:57 +02:00
ccc8f0f801
chg: [microsoft-activity-group] updated to map the new funky Microsoft "taxonomy"
...
Script to generate the cluster is the following, UUIDv5 based on
standard misp-stix source UUIDv4.
~~~python
lcluster = []
for v in data:
cluster = {}
cluster['value'] = v['threat_actor']
cluster['meta'] = {}
cluster['meta']['sector'] = v['sector']
cluster['meta']['synonyms'] = v['synonyms']
cluster['meta']['refs'] = []
cluster['meta']['refs'].append('https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide ')
_uuid = uuid.uuid5(uuid.UUID("76beed5f-7251-457e-8c2a-b45f7b589d3d"), "{}".format(cluster['value']))
cluster['uuid'] = str(_uuid)
lcluster.append(cluster)
~~~
Relationships might be added in a later stage to map with the MISP threat actor galaxy.
2023-04-19 10:47:11 +02:00
Daniel Plohmann
41afab1c06
adding Trend Micro alias Earth Smilodon for APT27
2023-04-18 20:11:57 +02:00
Delta-Sierra
6b8994271e
add relationships for HALFRIG & QUATTERRIG
2023-04-18 12:20:20 +02:00
Daniel Plohmann
02e23a9a47
adding Google alias HOODOO for APT41
2023-04-17 22:32:50 +02:00
Delta-Sierra
4a4fa6d16f
fix versions
2023-04-17 11:32:51 +02:00
Delta-Sierra
6d5df91efa
add relationship SNOWYAMBER & Notion
2023-04-17 11:31:48 +02:00
Delta-Sierra
233a066a03
Merge https://github.com/MISP/misp-galaxy
2023-04-17 11:16:23 +02:00
Delta-Sierra
d4225c5469
add some SNOWYAMBER relationships
2023-04-17 11:16:21 +02:00
91af071bae
new: [online-service] online service added
2023-04-17 10:59:18 +02:00
5f9760923f
Merge pull request #838 from Delta-Sierra/main
...
Adding SNOWYAMBER, HALFRIG, QUARTERRIG tools & PowerMagic backdoor
2023-04-14 16:03:57 +02:00
Delta-Sierra
8e9880d932
Add SNOWYAMBER, HALFRIG, QUARTERRIG tools
2023-04-14 15:59:42 +02:00
Delta-Sierra
c5590ff79a
add PowerMagic backdoor
2023-04-13 14:11:36 +02:00
Daniel Plohmann
a966b3ff88
adding Trend Micro alias Earth Preta for Mustang Panda
2023-04-12 16:59:36 +02:00
2763cdd72b
chg:[sigma] Sigma rules updated
2023-04-12 11:44:43 +02:00
Delta-Sierra
8c831d70c8
jq
2023-04-11 15:06:59 +02:00
Delta-Sierra
d30e7357fe
merge
2023-04-11 13:57:30 +02:00
Delta-Sierra
eb9254713a
Add more ransomwares from ransomlook
2023-04-11 13:56:29 +02:00
3cc7e03af6
new: [stealer] add Sordeal Stealer
2023-04-11 09:54:02 +02:00
cbf12d9289
Merge pull request #833 from jloehel/HinataBot
...
chg[botnet]: Add HinataBot
2023-04-04 10:17:07 +02:00
Jürgen Löhel
647fc025d7
chg[botnet]: Add HinataBot
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-04-03 11:19:08 -06:00
15a03e877e
chg: [sigma] updated
2023-03-29 10:33:57 +02:00
Sebdraven
8713618777
Update threat-actor.json
...
add new ref for sidecopy
2023-03-23 09:13:23 +01:00
Sebdraven
f5d68aa08d
Update threat-actor.json
...
delete ref to APT30 for Naikon
2023-03-23 08:49:17 +01:00
Sebdraven
d5843d46e2
Update threat-actor.json
...
add ref to Aoqin Dragon
2023-03-21 18:40:10 +01:00
122a0bd39b
fix: [ransomware] fix duplicate Value "Cuba"
2023-03-19 11:03:12 +01:00
f2305dc165
Merge pull request #829 from Delta-Sierra/main
...
update based on ransomlook+1
2023-03-16 19:18:54 +01:00
Delta-Sierra
12f69a6082
update based on ransomlook
2023-03-16 15:24:44 +01:00
Mathieu Beligon
d82ff1ecfb
[threat-actors] Add Anonymous Sudan
2023-03-15 17:38:03 -05:00
Daniel Plohmann
c39b46e9d5
Update threat-actor.json
...
when value "Sofacy" was changed to "APT28", it seems Sofacy was not added to aliases, so it's missing right now.
2023-03-15 14:55:25 +01:00
Delta-Sierra
74390b27c5
Merge https://github.com/MISP/misp-galaxy
2023-03-13 09:59:04 +01:00
Delta-Sierra
c4eca7dfe1
more from ransomlook
2023-03-13 09:59:00 +01:00
Jürgen Löhel
9f9a263394
chg [tool]: Add tools used by TA866 during the Screentime campaign
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-03-08 21:46:11 -06:00
Jürgen Löhel
031a4c8030
chg [stealer]: Add Rhadamanthys
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-03-08 21:45:39 -06:00
Jürgen Löhel
437d4a30e5
chg [tds]: Add 404 TDS
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-03-08 21:45:13 -06:00
Jürgen Löhel
2d30785af5
chg [threat-actors] Add TA866
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-03-08 21:44:16 -06:00
57f3e46273
chg: [sigma] updated
2023-03-07 12:14:48 +01:00
e7b97edaa4
chg: [ransomware] fixing duplicate cluster element Avaddon
2023-03-07 12:06:56 +01:00
6db5b0b0cb
Merge pull request #824 from Delta-Sierra/main
...
update based on ransomlook
2023-03-06 16:23:48 +01:00
Delta-Sierra
bed6bf8dd6
fix stupid duplicate-bis
2023-03-06 16:10:23 +01:00
Delta-Sierra
d561350f7b
fix stupid duplicate
2023-03-06 16:04:28 +01:00
Delta-Sierra
96cb1e22ba
update based on ransomlook
2023-03-06 15:55:46 +01:00
Mathieu Beligon
395ffda94f
[threat-actors] bump version
2023-03-02 10:29:52 -08:00
Mathieu Beligon
e1407c3c3f
[threat-actors] Add SLIPPY SPIDER alias to LAPSUS
2023-03-02 10:29:29 -08:00
Mathieu Beligon
4bbee8c1e7
[threat-actors] Add PROPHET SPIDER
2023-03-02 10:19:24 -08:00
Mathieu Beligon
61cb24a3fc
[threat-actors] Add Nemesis Kitten
2023-03-01 16:37:42 -08:00
Mathieu Beligon
84faa3c92b
[threat-actors] Add Karakurt
2023-03-01 16:34:03 -08:00
Mathieu Beligon
7d371b4c80
[threat-actors] Add CYBORG SPIDER alias to GOCLD BURLAP
2023-03-01 15:45:41 -08:00
Mathieu Beligon
fa57354471
[threat-actors] Add Chamelgang
2023-03-01 15:40:23 -08:00
Mathieu Beligon
bff978e4d1
[threat-actors] Add TA453
2023-03-01 15:24:55 -08:00
Mathieu Beligon
3406ad3aa9
[threat-actors] Add APT42
2023-03-01 15:18:53 -08:00
Mathieu Beligon
2567d6f1f8
[threat-actors] Add TA406
2023-03-01 15:01:22 -08:00
Rony
50624af741
add DEV-0147 https://twitter.com/MsftSecIntel/status/1625181255754039318
2023-02-25 20:18:09 +00:00
Rony
cf727f034c
add other actor synonyms from Google's report https://services.google.com/fh/files/blogs/google_fog_of_war_research_report.pdf
2023-02-26 01:05:50 +05:30
Delta-Sierra
27f4c9fcdc
synonyms must be an array
2023-02-23 14:26:20 +01:00
Delta-Sierra
0ca7675a5f
Merge https://github.com/MISP/misp-galaxy
2023-02-23 14:16:00 +01:00
Delta-Sierra
55725c771e
add/update ransomware based on ransomlook
2023-02-23 14:15:09 +01:00
Tom King
e52eefa0e7
chg: [mitre] updated with correct ID parsing
2023-02-21 10:36:37 +00:00
Christophe Vandeplas
9f73ff73ac
fix: [first-dns] corrected typo
2023-02-21 10:54:30 +08:00
Christophe Vandeplas
e2f2026fea
chg: [first-dns] Adds FIRST DNS Abuse Techniques Matrix
2023-02-21 10:26:46 +08:00
Christophe Vandeplas
a6a9a73ae5
chg: [360net] updated to latest online version
2023-02-20 20:03:36 +08:00
6460fde2e4
chg: [threat-actor] version updated
2023-02-16 14:43:45 +01:00
Daniel Plohmann
91255413d8
adding Google names for RU threat actors
...
https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/
2023-02-16 14:30:05 +01:00
73bd7d0983
Merge pull request #818 from Mathieu4141/threat-actors/proofpoint-aliases
...
[threat actors] Adding some actors from ProofPoint
2023-02-14 06:40:22 +01:00
Mathieu Beligon
9f09699047
[threat-actors] Fix: country was in the wrong place
2023-02-13 16:47:38 -08:00
Mathieu Beligon
ac067a236e
[threat-actors] fix: Add missing uuids
2023-02-13 16:36:41 -08:00
Mathieu Beligon
a792115dd8
fix
2023-02-13 16:26:10 -08:00
Mathieu Beligon
8193b05e14
[threat-actors] bump version
2023-02-13 14:18:58 -08:00
Mathieu Beligon
d34e894d2d
[threat-actors] Add TA2536
2023-02-13 13:45:41 -08:00
Mathieu Beligon
20c31a5d10
[threat-actors] Add TA577
2023-02-13 13:32:24 -08:00
Mathieu Beligon
e836a4a63c
[threat-actors] Add TA575
2023-02-13 12:02:32 -08:00
Mathieu Beligon
c52ac53765
[threat-actors] Add TA570
2023-02-13 11:54:47 -08:00
Mathieu Beligon
5f274f58c9
[threat-actors] Add Moskalvzapoe
2023-02-13 11:44:59 -08:00
Daniel Plohmann
62256854bc
adding Broadcom name for SaintBear.
2023-02-13 14:05:35 +01:00
Mathieu Beligon
33ff650327
[threat-actors] Add more information about NoName057(16)
2023-02-10 14:14:52 -08:00
9645b9348b
chg: [tools] TgToxic added
2023-02-09 16:24:45 +01:00
o1mate
239883e2a9
Merging the handguns and shotguns clusters into a single firearm cluster.
2023-02-06 03:28:49 -05:00
385826063b
chg: [sigma] updated to the latest version
2023-02-05 11:26:16 +01:00
Daniel Plohmann
9710e09e17
new APT29 name used by Recorded Future
...
cf. https://go.recordedfuture.com/hubfs/reports/cta-2023-0127.pdf
2023-02-02 11:46:50 +01:00
3d6ec1b187
chg: [sigma] updated to the latest version
2023-02-02 11:25:19 +01:00
Jürgen Löhel
cf492d9931
chg: [stealer] Adds Album Stealer
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-02-01 17:30:56 -06:00
033895b052
Merge pull request #812 from jloehel/boldmove
...
chg: [backdoor] Adds BOLDMOVE
2023-01-31 06:24:59 +01:00
Jürgen Löhel
c7c2b8441a
chg: [stealer] Removes BluStealer
...
The BluStealer is already in the malpedia cluster.
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-01-30 18:35:28 -06:00
Jürgen Löhel
ca635cc3fc
chg: [stealer] Adds DarkCloud and BluStealer
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-01-30 18:29:25 -06:00
Jürgen Löhel
33513241bd
chg: [backdoor] Adds BOLDMOVE
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-01-30 16:39:11 -06:00
150e3152cc
Merge pull request #809 from MISP/dev
...
Updated the `region` cluster
2023-01-27 15:08:16 +01:00
b7543c5012
Merge pull request #789 from Mathieu4141/threat-actors/fix-sectorj04
...
[threat-actors] Remove SectorJ04 duplicate
2023-01-27 15:05:37 +01:00
Mathieu Beligon
a452263ace
[threat-actors] pr.review: Add SectorJ04 as alias of TA505
2023-01-27 13:32:58 +01:00
o1mate
0b661d4f80
Added two new galaxies : An ammunition galaxy containing a list of known sold ammunitions ordered by brands, and a firearm galaxy containing two clusters (handguns, shotguns) scrapped from a famous vendor and ordered by model name (Format : Model name - SKU).
2023-01-26 08:34:38 -05:00
Delta-Sierra
89bb349184
Merge https://github.com/MISP/misp-galaxy
2023-01-26 11:46:14 +01:00
Delta-Sierra
0bb1f48ad6
fix missing brackets
2023-01-25 14:47:22 +01:00
e87d39e3f4
fix: [region] JQed all the things !!
2023-01-25 09:24:52 +01:00
Delta-Sierra
50ca40e408
add Anubis & Godfather android banking trojans
2023-01-25 09:05:19 +01:00
51610df907
chg: [region] Updated the region
Galaxy Cluster
...
- Added missing entry (Antarctica)
- Ordered the `subregions` meta field
2023-01-24 22:53:54 +01:00
ofenomeno
cb8d700e62
adding uavs
2023-01-24 19:55:46 +01:00
2f0dfc7656
chg: [sigma] updated
2023-01-23 10:10:46 +01:00
4a342354f9
chg: [sigma] updated
2023-01-20 13:58:11 +01:00
5c21588d7c
add: [country] Manually added the missing relations to some country
cluster values
...
- The previous commit (071ecb8
) that added the
mahority of relations between countries and
regions were automatically added based on the
country names specified in the `region` cluster.
The relations added here are the remaining
countries that are not litterally defined the
same way they are in the `region` cluster
2023-01-16 22:22:42 +01:00
325f51479b
chg: [country] Clarified the US cluster value
2023-01-16 22:20:30 +01:00
071ecb8a52
add: [country] Added references between country
cluster values and the related region they're located in, from the region
galaxy cluster
2023-01-16 21:35:22 +01:00
323f9f47a1
chg: [sigma] version must be an integer
2023-01-12 16:45:21 +01:00
fd226d47a2
chg: [sigma] new version of the cluster
2023-01-12 14:10:22 +01:00
c0fdfb0e99
chg: [sigma] updated with latest version + new relationship script
2023-01-12 13:46:31 +01:00
e54366fb87
chg: [threat-actor] added the missing synonyms
2023-01-10 15:55:30 +01:00
187701bacb
chg: [sigma] regenerated from the test script (also updated the script
...
to ensure UUID consistency for the galaxy)
2023-01-06 15:36:33 +01:00
9955401791
chg: [sigma] jq all the things
2023-01-06 15:13:35 +01:00
8539361df5
Merge branch 'main' of https://github.com/jstnk9/misp-galaxy into jstnk9-main
2023-01-06 15:11:27 +01:00
jstnk9
5bcec1d72f
Merge branch 'MISP:main' into main
2023-01-03 11:10:49 +01:00
Jürgen Löhel
d4debd619b
chg: [ransomware] Extends the entry for JCrypt
...
* Add the reference to MafiaWare666 based on the latest research from
the Avast Threat Lab: https://decoded.avast.io/threatresearch/decrypted-mafiaware666-ransomware/
* Add more infos from Andrew Ivanovs the great blog post: https://id-ransomware.blogspot.com/2020/12/jcrypt-ransomware.html
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-12-23 01:44:20 -06:00
Delta-Sierra
3f4edb480b
add Malteiro
2022-12-16 16:43:50 +01:00
jstnk9
cb19f6bda7
galaxy for sigma rules
2022-12-09 08:48:54 +01:00
Delta-Sierra
5931f51d7a
add TAG-53
2022-12-08 11:31:02 +01:00
Delta-Sierra
3ea2d62a83
Version Update
2022-11-28 16:27:54 +01:00
Delta-Sierra
6016b1000c
Merge https://github.com/MISP/misp-galaxy
2022-11-28 16:17:08 +01:00
Delta-Sierra
5d83563e0e
Fix Duplicate
2022-11-28 16:15:40 +01:00
Delta-Sierra
6c36295318
Update several RAT & Ransomwares
2022-11-28 16:13:38 +01:00
de12f46ba6
chg: [mitre] updated
2022-11-28 12:48:29 +01:00
fda4160bed
chg: [target-information] fix the duplicate
2022-11-24 15:08:16 +01:00
f15e4ed3bc
chg: [target-information] duplicate removal
2022-11-24 15:05:47 +01:00
1d9a73abdd
chg: [target] fix duplicate synonyms
2022-11-24 15:03:18 +01:00
e3126ef857
fix: [clusters] Fixed some other few meta
field names
2022-11-24 09:17:28 +01:00
823124d422
fix; [mitre-ics-assets] Fixed some refs
meta field names
2022-11-23 20:44:46 +01:00
493a5bf94e
fix: [target-information] Fixed synonyms
meta field name
2022-11-23 20:40:35 +01:00
5c979ae554
fix: [tool] Houdini relationship to something which exist (ok I know it's Houdini)
2022-11-22 15:19:40 +01:00
0b6034d9be
Merge pull request #800 from Delta-Sierra/main
...
Add ransomwares
2022-11-22 15:11:42 +01:00
8947d0035b
fix: [sigma rules] until new the PR and tool is done for sigma. The
...
galaxy is removed.
2022-11-22 15:08:17 +01:00
Delta-Sierra
5f0d7f6d68
add VJw0rm description
2022-11-22 14:55:10 +01:00
Delta-Sierra
f4abf37b01
fix versions
2022-11-22 12:45:15 +01:00
Delta-Sierra
c02b74f999
merge
2022-11-22 12:43:18 +01:00
Delta-Sierra
ffc68b9b8f
add several ransomwares
2022-11-22 12:40:47 +01:00
Delta-Sierra
e316382b8a
add qakbot ref
2022-11-22 12:06:03 +01:00
Delta-Sierra
8bf6d73d66
add BazarCall campaign
2022-11-22 09:08:28 +01:00
Delta-Sierra
3c7230e38e
add Bazarbackdoor Synonyms
2022-11-22 09:00:04 +01:00
Thomas Dupuy
be7450494e
Add Evasive Panda Threat Actor
2022-11-18 16:38:11 +00:00
4844a7021c
chg: [sigma] duplicate value changed
2022-11-18 14:36:02 +01:00
c41b99d8b9
fix: [sigma] remove duplicate references
2022-11-18 14:21:27 +01:00
59f5fc5f76
Merge branch 'main' of github.com:MISP/misp-galaxy into main
2022-11-18 14:18:29 +01:00
7d4011a0a2
chg: [sigma] jq all the things
2022-11-18 14:17:52 +01:00
Terrtia
e3b6e9d229
fix: [handicap] fix galaxy icon + name + type
2022-11-17 15:16:05 +01:00
9b8619bbbe
Merge branch 'main' of https://github.com/jstnk9/misp-galaxy into jstnk9-main
2022-11-16 11:07:50 +01:00
Jürgen Löhel
f595195cd2
chg: [botnets] Adds KmsdBot
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-11-15 18:10:39 -06:00
Jstnk9
473f1a13aa
galaxy related to sigma rtules
...
galaxy related to sigma rtules
2022-11-15 22:56:18 +01:00
Delta-Sierra
2269f4decd
fix tool type
2022-11-15 13:56:53 +01:00
Delta-Sierra
9fc65c0e34
version fix
2022-11-15 13:37:02 +01:00
Delta-Sierra
91d535925f
version fix
2022-11-15 13:36:49 +01:00
Delta-Sierra
3837058ab1
merge
2022-11-15 12:54:03 +01:00
Delta-Sierra
d020efd276
add raspberry Robin worm & others
2022-11-15 11:57:10 +01:00
b787bbeb23
Merge pull request #792 from nyx0/main
...
Add RomCom TA.
2022-11-05 07:50:20 +01:00
3b196f8361
Merge pull request #791 from Mathieu4141/threat-actors/add-phosphorus-alias-to-apt-35
...
[threat-actors] Add Phosphorus in APT35 aliases
2022-11-05 07:49:55 +01:00
Thomas Dupuy
9ac53e5d5e
Add RomCom TA.
2022-11-04 02:34:10 +00:00
6c4da5dd55
Merge pull request #790 from Mathieu4141/threat-actors/fix-dust-storm
...
[threat-actors] Remove DustStorm alias from APT10
2022-11-03 11:35:20 +01:00
52a6fff6a2
Merge pull request #788 from Mathieu4141/threat-actors/fix-cobalt-dickens
...
[threat-actors] Remove cobalt dickens duplicate
2022-11-03 11:27:08 +01:00
3b4dcd6ad3
Merge pull request #787 from Mathieu4141/threat-actors/fix-subaat-duplicate
...
[threat-actors] Remove subaat duplicate
2022-11-03 11:26:21 +01:00
Mathieu Beligon
8a9dd47f8f
[threat-actors] Add Phosphorus in APT35 aliases
2022-11-02 23:49:22 -07:00
Mathieu Beligon
21d4292faf
[threat-actors] Remove DustStorm alias from APT10
2022-11-02 23:31:31 -07:00
Mathieu Beligon
e61733591f
[threat-actors] Remove SectorJ04 duplicate
2022-11-02 20:30:40 -07:00
Mathieu Beligon
9f0869097a
[threat-actors] Remove cobalt dickens duplicate
2022-11-02 18:09:42 -07:00
Mathieu Beligon
e3e5560e37
[threat-actors] Remove subaat duplicate
2022-11-02 17:57:47 -07:00
Mathieu Beligon
5801bbcfc1
[threat-actors] Remove Skeleton Spider duplicate
2022-11-02 17:38:07 -07:00
015650c6d7
chg: [mitre-attack] updated to version 12.0
2022-11-01 22:39:33 +01:00
Delta-Sierra
9952366667
add Prynt Stealer & variants
2022-10-14 16:03:45 +02:00
Delta-Sierra
355025eb5b
fix metadata in wrong slot
2022-10-04 13:28:42 +02:00
Delta-Sierra
e5b3062912
add Volatile Cedar synonym
2022-10-03 16:06:13 +02:00
Thomas Dupuy
4bcf80f01b
Add SharPyShell tool.
2022-10-02 22:00:54 +00:00
409c82f40c
Merge pull request #781 from Mathieu4141/threat-actors/fix-neodymium
...
[threat-actors] Fix G0055 (NEODYMIUM) alias
2022-09-30 06:39:31 +02:00
588184bacd
Merge pull request #780 from Mathieu4141/threat-actors/fix-svmondr
...
[threat-actors] Remove SVCMONDR duplicate
2022-09-30 06:38:56 +02:00
800006e6ab
Merge pull request #778 from Mathieu4141/threat-actors/fix-malware-reuser-duplicate
...
[threat-actors] Fix Volatile Cedar and Dancing Salome conflicts
2022-09-30 06:37:15 +02:00
Mathieu Beligon
74c6835d18
[threat-actors] Fix G0055 (NEODYMIUM) alias
2022-09-29 17:16:57 -07:00
Mathieu Beligon
a740e35687
[threat-actors] Remove SVCMONDR duplicate
2022-09-29 16:11:19 -07:00
Mathieu Beligon
5994fa4160
[threat-actors] Fix Volatile Cedar and Dancing Salome conflicts
2022-09-29 14:51:38 -07:00
Mathieu Beligon
4f47e6e2d3
[threat-actors] Equation group: separate from Lamberts and add tools
2022-09-29 11:28:54 -07:00
Thomas Dupuy
c66d6823a1
Add APT-Q-12 Threat Actor.
2022-09-29 02:30:41 +00:00
c3b65a2d15
chg: [threat-actor] JSON fix
2022-09-27 08:18:13 +02:00