47dade9d0e
Merge pull request #631 from r0ny123/Enhancement
...
Add HAFNIUM
2021-03-04 14:48:01 +01:00
sebdraven
c2a4bb1f8a
Merge pull request #1 from MISP/main
...
merge
2021-03-04 13:56:09 +01:00
a9a6b0253f
chg: [microsoft activity group] HAFNIUM added
2021-03-04 10:49:58 +01:00
Rony
ad795606cf
added HAFNIUM
...
Updates:
Tonto Team
UNC2452
2021-03-04 00:10:33 +05:30
bdad7762db
Merge pull request #630 from sebdraven/main
...
Update threat-actor.json
2021-03-03 18:39:23 +01:00
Sebdraven
2666341afc
Update threat-actor.json
...
update Sidewinder card
2021-03-03 17:59:25 +01:00
fee4cbc123
Merge pull request #629 from nyx0/main
...
Update Infy TA.
2021-03-02 22:14:02 +01:00
Thomas Dupuy
f842694fda
Update Infy TA.
2021-03-02 14:37:01 -05:00
524676282e
Merge branch 'main' of github.com:MISP/misp-galaxy into main
2021-02-26 08:30:58 +01:00
4692ced8fa
chg: [tool] SUNSPOT added
2021-02-26 08:28:01 +01:00
Delta-Sierra
0e23d8b95f
add relationships between Maze, Rgnar, Egregor and Sekhmet
2021-02-25 10:21:28 +01:00
Delta-Sierra
406dfdb45b
add Sekhmet ransomware
2021-02-25 09:52:52 +01:00
Delta-Sierra
d273a5da7d
add TeamTNT ref
2021-02-25 09:52:24 +01:00
fc0dc0050c
Merge pull request #627 from r0ny123/patch-2
...
removing DePrimon
2021-02-24 23:06:57 +01:00
Rony
5c6f3a036b
removing DePrimon
...
DePrimon is not a TA, added malfamily (waiting for approval) to Malpedia to better reflect that.
2021-02-24 21:55:04 +05:30
cf5c95b762
Merge pull request #626 from nyx0/main
...
Add RDAT backdoor
2021-02-23 21:40:23 +01:00
Thomas Dupuy
eeafff9768
Add RDAT backdoor
2021-02-23 11:15:31 -05:00
Delta-Sierra
eb07fab69f
add Ragnar Locker and update accordingly
2021-02-23 16:21:07 +01:00
Delta-Sierra
06ae10965b
add Covidloc and tycoon ransomware + small updates on some ransomwares
2021-02-22 16:39:47 +01:00
Delta-Sierra
7c1ac58141
add TeamTNT
2021-02-22 16:38:18 +01:00
d0ae9c20f9
Merge pull request #625 from Thijsvanede/patch-1
...
Fix: rename "Innitial Access" to "Initial Access"
2021-02-21 16:51:17 +01:00
Thijsvanede
e9eb0c7a6c
Fix: rename "Innitial Access" to "Initial Access"
...
Renamed mitre-ics-tactics "Innitial Access" to "Initial Access".
Original was a minor spelling mistake.
The fixed naming corresponds to the original ATT&CK framework description https://collaborate.mitre.org/attackics/index.php/Initial_Access
2021-02-19 12:01:47 +01:00
5d83ed1a70
Merge pull request #624 from nyx0/main
...
Add Exaramel and P.A.S. webshell tool.
2021-02-16 16:54:32 +01:00
Thomas Dupuy
178e16dc13
Remove empty values.
2021-02-16 10:32:37 -05:00
Thomas Dupuy
4a7560d191
Add Exaramel and P.A.S. webshell tool.
2021-02-15 12:52:53 -05:00
9f1fcbd1c5
Merge pull request #623 from nyx0/main
...
Add Caterpillar WebShell.
2021-02-12 23:13:59 +01:00
Thomas Dupuy
93396c524d
Add Caterpillar WebShell.
2021-02-12 12:00:17 -05:00
Delta-Sierra
96bf0d44ea
Merge https://github.com/MISP/misp-galaxy
2021-02-09 14:52:58 +01:00
fa05eb04e3
Merge branch 'main' of github.com:MISP/misp-galaxy into main
2021-01-29 16:43:52 +01:00
38a0d2d32d
chg: [rsit] rsit as galaxy name
2021-01-29 16:43:26 +01:00
48fddce7d1
Merge pull request #622 from danielplohmann/patch-5
...
adding ClearSky alias for Volatile Cedar
2021-01-29 16:39:03 +01:00
Daniel Plohmann
d61e7d2fac
adding ClearSky alias for Volatile Cedar
...
adding ClearSky report as source and alias to the VolatileCedar entry. As proof from the report: "We attributed the operation to Lebanese Cedar (also known as Volatile Cedar), mainly based on the code overlaps between the 2015 variants of Explosive RAT and Caterpillar WebShell, to the 2020 variants of these malicious files."
2021-01-29 10:39:18 +01:00
815e5c4fe4
Merge pull request #621 from cudeso/main
...
RSIT Galaxy/Cluster
2021-01-28 12:55:46 +01:00
Koen Van Impe
87b22f363c
Move cfr-type-of-incident to meta
2021-01-28 12:25:39 +01:00
Koen Van Impe
23778666ba
RSIT Galaxy/Cluster
2021-01-28 10:03:12 +01:00
06c038e884
Merge pull request #620 from StefanKelm/main
...
Update threat-actor.json
2021-01-26 15:00:34 +01:00
StefanKelm
fb35646406
Update threat-actor.json
...
Lazarus
2021-01-26 14:38:37 +01:00
763d67d2a4
Merge pull request #619 from nyx0/main
...
Update tool cluster
2021-01-20 19:57:43 +01:00
Thomas Dupuy
f964514ec5
Add HyperBro in tools
2021-01-20 13:44:28 -05:00
Thomas Dupuy
9df95031a7
Update ZxShell tool.
2021-01-20 13:27:51 -05:00
402837d033
Merge pull request #618 from StefanKelm/main
...
Update threat-actor.json
2021-01-20 17:49:53 +01:00
StefanKelm
a131a7ce98
Update threat-actor.json
...
Lazarus
2021-01-20 17:43:18 +01:00
3c19c7c1e5
Merge pull request #617 from danielplohmann/patch-4
...
merge COVELLITE into Lazarus Group
2021-01-17 16:05:13 +01:00
dc7de80b98
Merge pull request #616 from r0ny123/patch-2
...
removing Starcruft
2021-01-17 16:04:24 +01:00
Daniel Plohmann
ca66fcd93a
merge COVELLITE into Lazarus Group
...
I would propose to move COVELLITE as tracked by Dragos as an alias into Lazarus Group and merge the references.
Dragos' own description states that it refers to the same group as "Lazarus" and "Hidden Cobra" in that infrastructure and tools are the same: https://www.dragos.com/threat-activity-groups/ - the entry in MISP's threat actor library also reflects that.
2021-01-17 15:07:26 +01:00
Rony
91e87cf82c
Update threat-actor.json
...
Don't know how StarCraft
2021-01-17 12:21:34 +05:30
830f82f710
Merge pull request #615 from danielplohmann/patch-3
...
merging ScarCruft->APT37
2021-01-16 00:08:26 +01:00
Daniel Plohmann
edcc3c0bc1
merging ScarCruft->APT37
...
I would like to propose merging entry "ScarCruft" into "APT37". It really just seems like a redundancy, as both its aliases "Operation Daybreak" and "Operation Erebus" are already present for "APT37", along alias "StarCruft", which just seems to be a less popular variation of the name ("StarCruft" 3.2k google hits vs "ScarCruft" 31.5k google hits). The references of the entry can be fully merged as well - they do not overlap so far.
2021-01-15 18:52:49 +01:00
Delta-Sierra
a6f7795952
fix merge
2021-01-12 10:38:33 +01:00
2b356a9eb0
chg: [threat-actor] UNC2452/DarkHalo added - ref. #614
2021-01-12 07:01:36 +01:00