misp-galaxy

mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-23 07:17:17 +00:00

Author	SHA1	Message	Date
Alexandre Dulaunoy	1c8d82cfcc	new: [threat-actor] hezb added	2022-09-14 11:00:33 +02:00
Christophe Vandeplas	b011ddee5b	fix: [360net] fixes null entries in lists	2022-09-13 22:12:51 +02:00
Christophe Vandeplas	c5a5fa7cfa	chg: [360net] add 360.net APT list fixes #764	2022-09-13 21:48:16 +02:00
Mathieu Beligon	e1f5d3b5d8	[threat-actors] Keep meta from old Xenotime	2022-09-13 11:40:17 -07:00
Mathieu Beligon	4ff0bdfe8e	[threat-actors] Clean TA505 aliases	2022-09-13 11:34:02 -07:00
Delta-Sierra	e3d88f45c6	add Dark.IoT	2022-09-13 13:35:55 +02:00
Delta-Sierra	6dba3abe13	add hezb	2022-09-13 10:40:00 +02:00
Mathieu Beligon	273c7c9b97	[threat-actors] Remove Xenotime duplicate	2022-09-12 17:10:49 -07:00
Delta-Sierra	705d0d2e72	add BumbleBee backdoor	2022-09-12 10:51:43 +02:00
Delta-Sierra	0440db12e9	add DangerousSavanna campaign	2022-09-07 11:01:23 +02:00
Delta-Sierra	77db2370b1	Add Lockbit synonym	2022-09-07 11:00:41 +02:00
Delta-Sierra	775d3c183b	Add Lockbit synonym	2022-09-07 09:26:38 +02:00
Rony	aea413cebf	chg: [threat-actor] version bump	2022-09-01 10:32:01 +00:00
Rony	db913e5ab4	fix: [threat-actor] remove duplicate entries	2022-09-01 09:53:11 +00:00
Rony	6aea5ee05c	chg: [threat-actor] add Aoqin Dragon	2022-09-01 09:46:43 +00:00
Rony	fb0cf3c7e5	chg: [threat-actor] miscellaneous updates	2022-09-01 09:17:31 +00:00
Daniel Plohmann	d18f5bc8b6	mini-fix: adding https protocol to a reference in automated processing and display, this may otherwise lead to a malformed local / relative link.	2022-08-30 17:08:03 +02:00
Alexandre Dulaunoy	5175fb0364	Merge pull request #760 from Delta-Sierra/main Add GootLoader & MOUSEISLAND in tool	2022-08-29 12:02:55 +02:00
Rony	e7178a1e08	fix: [threat-actor] remove duplicate entries from APT9	2022-08-27 12:54:32 +00:00
Rony	27300c6381	chg: [threat-actor] add avast blog to APT40	2022-08-27 12:41:31 +00:00
Rony	7f526e230b	chg: [threat-actor] add Microsoft and PwC report to actors' references	2022-08-27 12:34:36 +00:00
Rony	6ad9699a38	chg: [threat-actor] add recorded future reference to RedAlpha	2022-08-27 12:10:51 +00:00
Rony	2dc138ae01	chg: [threat-actor] add Adam Kozy's testimony ro APT41 and APT26	2022-08-27 12:08:11 +00:00
Rony	0b140b7097	chg: [threat-actor] miscellaneous updates including merge of some actors and fix the error committed in `9cfcc0d9ac`	2022-08-27 11:58:03 +00:00
Alexandre Dulaunoy	8bea9f3b4b	Merge pull request #755 from Mathieu4141/threat-actors/fix-winnti [threat-actors] Fix Axiom/Winnti/Suckfly/APT41 conflicts	2022-08-27 08:25:20 +02:00
Mathieu Béligon	9cfcc0d9ac	Add aliases to APT41 Co-authored-by: Rony <rony_123@protonmail.ch>	2022-08-26 14:54:02 -07:00
Mathieu Beligon	6e00329ba6	[threat-actors] Fix aliases	2022-08-26 11:09:29 -07:00
Delta-Sierra	534dacb7fb	add GootLoader	2022-08-26 10:12:36 +02:00
Delta-Sierra	d5a9365aae	add MOUSEISLAND	2022-08-26 09:23:38 +02:00
Mathieu Beligon	9b714dcd76	[threat-actors] Merge Axiom into APT17	2022-08-25 13:49:07 -07:00
Delta-Sierra	5b3c395f10	jq	2022-08-24 14:27:33 +02:00
Delta-Sierra	cb422c2190	update Guildma	2022-08-24 14:07:01 +02:00
Yosirion95	cda80e5496	Add synonyms to sector.json	2022-08-21 11:09:50 +02:00
Alexandre Dulaunoy	9efca4c41b	fix: [threat-actor] UUID reused fixed (UUIDs cannot be reused across different cluster) Add the missing the relationship for the new UUID	2022-08-21 09:17:56 +02:00
Rony	5b42a09dc2	add PARINACOTA to threat-actor.json MSTIC names digital crime actors based on global volcanoes	2022-08-20 17:10:15 +00:00
Rony	6fd584fa88	remove APT36/ Transpert Tribe from microsoft-activity-group.json cause we don't know any MSTIC name yet.	2022-08-20 17:06:18 +00:00
Alexandre Dulaunoy	6b137ea12c	Merge pull request #749 from Mathieu4141/threat-actors/fix-naikon-cluster [threat actors] Fix threat actors related to Lotus Panda	2022-08-20 11:46:15 +02:00
Mathieu Beligon	7f82616c10	fix axiom related field	2022-08-19 12:48:40 -07:00
Mathieu Beligon	969f461709	merge into apt41	2022-08-19 12:45:47 -07:00
Christophe Vandeplas	1b69b654a8	chg: [atrm] bump to latest ATRM version	2022-08-19 21:19:23 +02:00
Mathieu Beligon	fd9201e9e0	Merge APT22 and suckfly	2022-08-19 12:16:30 -07:00
Mathieu Beligon	768c94671c	Fix hellsing ref	2022-08-19 11:34:16 -07:00
Alexandre Dulaunoy	a8b234d694	Merge pull request #753 from Mathieu4141/threat-actors/fix-bronze-president [threat-actors] Remove duplicated BRONZE PRESIDENT entity	2022-08-19 06:26:11 +02:00
Mathieu Béligon	fcd6faec78	Capitalize override panda alias Co-authored-by: Rony <rony_123@protonmail.ch>	2022-08-18 20:51:03 -07:00
Mathieu Béligon	54f3ef2831	capitalize lotus panda alias Co-authored-by: Rony <rony_123@protonmail.ch>	2022-08-18 20:50:32 -07:00
Mathieu Béligon	c9b11553eb	normalize APT30 alias Co-authored-by: Rony <rony_123@protonmail.ch>	2022-08-18 20:32:44 -07:00
Mathieu Beligon	c1abedb446	Move Lotus Panda alias to Lotus Blossom	2022-08-18 20:21:31 -07:00
Mathieu Beligon	a61ef2a88f	[threat-actors] Fix Axiom/Winnti/Suckfly/APT41 conflicts	2022-08-18 17:03:26 -07:00
Mathieu Beligon	84e69ad4be	Add DarkCommet as a tool of GoldenRAT	2022-08-18 15:47:04 -07:00
Mathieu Beligon	1acc51a7a6	[threat-actors] Add more data about APT-C-27	2022-08-18 15:44:18 -07:00
Mathieu Beligon	ec988c97d0	[threat-actors] Remove duplicated APT-C-27	2022-08-18 15:34:08 -07:00
Mathieu Beligon	d9046c8619	[threat-actors] Remove duplicated BRONZE PRESIDENT entity	2022-08-18 15:12:18 -07:00
Mathieu Beligon	a046e8094d	Merge APT30 and Naikon	2022-08-18 11:36:45 -07:00
Mathieu Beligon	5e4a4c3453	Merge branch 'main' into threat-actors/fix-naikon-cluster	2022-08-18 09:01:36 -07:00
Mathieu Beligon	264e764dfa	Remove ATK34 alias	2022-08-18 08:59:04 -07:00
Delta-Sierra	3f036db1e3	add TA558	2022-08-18 15:54:28 +02:00
Mathieu Beligon	71e3e1f3eb	Fix ATK aliases	2022-08-17 13:39:43 -07:00
Mathieu Beligon	a6242d4732	Merge branch 'main' into threat-actors/fix-naikon-cluster	2022-08-17 13:37:01 -07:00
Mathieu Beligon	0d6399aa2b	Add ATK78 alias for Thrip	2022-08-17 12:04:32 -07:00
Mathieu Beligon	53282255ce	Branch out Goblin Panda from Hellsing	2022-08-17 11:55:35 -07:00
Mathieu Beligon	3f50cf0175	Create a tool for Esile	2022-08-17 11:19:30 -07:00
Rony	f608312577	addresses https://github.com/MISP/misp-galaxy/pull/751#issuecomment-1217680586	2022-08-17 08:52:35 +00:00
Rony	ccd10b54f4	remove duplicate reference	2022-08-17 12:49:56 +05:30
Rony	0cec882cc5	merge microcin/sixlittlemonkeys to vicious panda	2022-08-17 07:06:51 +00:00
Alexandre Dulaunoy	a373909bb1	Merge pull request #748 from r0ny123/patch-2 Update threat-actor.json	2022-08-17 07:44:46 +02:00
Alexandre Dulaunoy	352998a84d	fix: [threat-actor] add missing refs for APT33 including CFR link	2022-08-17 07:40:23 +02:00
Mathieu Beligon	d05b29c1af	[threat-actors] Remove duplicate APT33	2022-08-16 17:15:30 -07:00
Mathieu Beligon	9c6f106928	[threat actor] Fix aliases related to Lotus Panda	2022-08-16 16:58:35 -07:00
Rony	5b25b574b3	add uac-0010 references from cert-ua	2022-08-16 10:19:53 +00:00
Rony	370045b01d	Merge "red october" and "cloud atlas" to inception framework"	2022-08-16 09:30:29 +00:00
Rony	62b168600f	fix duplicates	2022-08-16 12:15:30 +05:30
Rony	490bc6a05c	fix duplicate	2022-08-16 12:10:27 +05:30
Rony	bbe84c5985	updates to russian actors	2022-08-16 12:07:59 +05:30
Rony	de76aef023	Update threat-actor.json	2022-08-16 10:49:13 +05:30
Rony	f4b63d4514	updates to tianwu	2022-08-16 10:30:33 +05:30
Alexandre Dulaunoy	96d31aa8c7	chg: [threat-actor] jq all the things	2022-08-11 17:50:00 +02:00
Thomas Dupuy	ed24dcaf19	Add link for SLIME29.	2022-08-11 15:41:01 +00:00
Thomas Dupuy	912050b9b7	Update commit based on feeback.	2022-08-11 15:20:32 +00:00
Thomas Dupuy	6e0df72ef4	Add Threat Actors from BH Asia22 prez.	2022-08-10 18:53:38 +00:00
Christophe Vandeplas	1369756810	chg: [atrm] Add Azure Threat Research Matrix Galaxy and generation script	2022-08-06 21:19:31 +02:00
Daniel Plohmann	bdaadea58e	removing a leading double quote in a URL.	2022-08-02 18:17:58 +02:00
Daniel Plohmann	bc20a463c8	merging TG2003 / Elephant Beetle into FIN13 as indicated in the respective resources published by the organizations using these aliases.	2022-08-02 14:11:43 +02:00
Alexandre Dulaunoy	6427746ad8	Merge pull request #727 from Mathieu4141/threat-actors/merge-cutting-kitten-cleaver Fix Cleaver aliases	2022-07-27 23:17:42 +02:00
Alexandre Dulaunoy	63f5122ad4	Merge pull request #742 from r0ny123/patch-1 Update threat-actor.json	2022-07-27 18:56:47 +02:00
Mathieu Beligon	51aacd6b03	Reduce diff with old version	2022-07-26 23:53:22 -07:00
Mathieu Beligon	acc6ada575	r0ny123.review: Use Cutting Kitten as main value for ITSecTeam	2022-07-26 23:27:39 -07:00
Mathieu Beligon	d815bfa174	Merge remote-tracking branch 'upstream/main' into threat-actors/merge-cutting-kitten-cleaver	2022-07-26 23:22:03 -07:00
Daniel Plohmann	26f6a33695	more aliases from Unit 42	2022-07-26 11:09:33 +02:00
Rony	5a7f3a7207	fix	2022-07-25 17:17:52 +05:30
Rony	8ce0df6eb4	Update threat-actor.json Merge aquatic panda & earth lusca	2022-07-25 17:15:23 +05:30
Alexandre Dulaunoy	6b6398bf2d	fix: [threat-actor] incorrect merge fixed	2022-07-20 18:45:50 +02:00
Alexandre Dulaunoy	b4ce9a9453	Merge branch 'main' of https://github.com/r0ny123/misp-galaxy into r0ny123-main	2022-07-20 18:41:27 +02:00
Rony	add6b27466	update	2022-07-20 21:39:33 +05:30
Rony	2b54df56f9	update	2022-07-20 21:32:11 +05:30
Rony	2e045d9c8c	chg: [fix] resolve conflict	2022-07-20 21:28:15 +05:30
Daniel Plohmann	5825783a85	removed duplicate UUID for Kinsing my apologies, looks like I had not rolled a new UUID for one of the entries added...	2022-07-20 17:07:05 +02:00
Rony	932fcf1871	added Red Nue	2022-07-20 15:07:35 +05:30
Rony	082039b3b0	added CN actors from secureworks threat profile https://www.secureworks.com/research/threat-profiles?filter=item-china and fixed some AKAs	2022-07-20 14:52:58 +05:30
Daniel Plohmann	ed32c508b7	added more Unit 42 aliases / groups	2022-07-20 08:38:03 +02:00
Rony	000bfe92d9	add APT9/Red Pegasus & BRONZE EDGEWOOD/Red Hariasa	2022-07-20 10:04:58 +05:30
Rony	2e8a577b0c	add PwC naming to CN actors	2022-07-20 09:45:21 +05:30
Rony	3fabd58416	chg: [threat-actor] fixed	2022-07-19 23:36:30 +05:30
Rony	79c84d3768	add Earth Berberoka, Earth Lusca and Earth Wendigo	2022-07-19 22:42:50 +05:30
Daniel Plohmann	082d506b64	adding new Unit 42 names First PR: those are the directly mappable names. I will follow up after deconfliction and then with a few new entries.	2022-07-19 08:45:09 +02:00
Daniel Plohmann	240a757826	Update threat-actor.json adding Predatory Sparrow due to recent events.	2022-07-13 10:02:07 +02:00
Alexandre Dulaunoy	cf603e8160	Merge pull request #736 from Delta-Sierra/main add Qbot	2022-07-12 18:41:33 +02:00
Thomas Dupuy	90da0d798f	Set country to LB instead of IR based on operational activity.	2022-07-12 16:21:41 +00:00
Delta-Sierra	b1c853bf42	update version	2022-07-12 15:51:55 +02:00
Thomas Dupuy	1a8835bcae	Remove list from POLONIUM TA.	2022-07-12 13:11:11 +00:00
Thomas Dupuy	a86d866534	Add POLONIUM TA.	2022-07-12 12:14:27 +00:00
Delta-Sierra	d40017ae50	add Qbot	2022-07-12 14:03:43 +02:00
Delta-Sierra	6c6355f2ba	fix typo	2022-07-12 11:31:08 +02:00
Delta-Sierra	300d608770	jq	2022-07-12 10:54:37 +02:00
Delta-Sierra	71c93f5b24	fix caps typo	2022-07-12 10:53:14 +02:00
Delta-Sierra	4ea34fc5a4	Merge https://github.com/Delta-Sierra/misp-galaxy into main	2022-07-12 10:51:59 +02:00
Delta-Sierra	924eda26ca	Add EnemyBot +relationships	2022-07-12 10:49:11 +02:00
Deborah Servili	ca7d524d9c	Merge branch 'main' into main	2022-07-08 16:27:28 +02:00
Delta-Sierra	29aa7b3f69	add Maui ransomware	2022-07-08 14:49:12 +02:00
Delta-Sierra	56a53433f0	add HelloXD ransomware	2022-07-08 12:05:31 +02:00
Delta-Sierra	279b89f6d9	fix duplicate extension-2	2022-07-06 09:38:02 +02:00
Delta-Sierra	67d5f5c7c0	fix duplicate extension	2022-07-06 09:34:11 +02:00
Delta-Sierra	7e37fa0cdd	merge + update medusalocker	2022-07-06 09:28:46 +02:00
Delta-Sierra	c2e7ef4fab	Update Medusa Locker and others	2022-07-06 08:43:59 +02:00
marjatech	587dc8560b	add script to automate malpedia update	2022-07-04 14:24:34 +02:00
Mathieu Beligon	693eed8d78	[threat actor] Break Cleaver aliases into respective entries	2022-07-04 14:05:29 +02:00
marjatech	1212a75cc4	update malpedia	2022-07-04 11:02:02 +02:00
Mathieu Beligon	d63c990dad	[threat-actors] Separate ITSecTeam from Cleaver	2022-06-30 14:34:05 +02:00
Mathieu Beligon	b8d4ffdbde	Merge Cutting Kitten and Cleaver	2022-06-29 20:15:12 +02:00
Koen Van Impe	0c9aa68db6	Update surveillance-vendor.json	2022-06-22 13:30:55 +02:00
Koen Van Impe	22c2f7b999	Add RCS Lab S.p.A. to surveillance-vendor	2022-06-22 11:20:52 +02:00
Mathieu Beligon	d79c5bd1ab	Add ToddyCat Threat actor	2022-06-21 15:12:42 +02:00
Rony	c030fcdab6	chg: [threat-actor] added PwC naming for Indian actors https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf	2022-06-11 15:46:54 +05:30
Thanat0s	44a99d066a	Y en a un peut plus je vous le mets quand meme ?	2022-06-11 04:24:04 -04:00
Thanat0s	57befd7259	jq all the things	2022-06-10 19:12:12 -04:00
Thanat0s	51f98f4706	Attck link + typo on TA551	2022-06-10 18:40:16 -04:00
Thanat0s	f97fee7135	Typo on TA551	2022-06-10 18:38:25 -04:00
Thanat0s	297acc0f5e	Add Mitre vs Thales RosettaStone	2022-06-10 18:24:15 -04:00
Rony	e916267c7c	chg: [threat-actor] add reference to bitter & sidewinder group	2022-06-08 23:22:17 +05:30
Christophe Vandeplas	39073004c4	[mitre] bump to MITRE ATT&CK v11.2	2022-05-25 21:03:14 +02:00
Christophe Vandeplas	4a469299fd	[mitre] update sorting algo will make future ATT&CK updates less noisy in the git diff	2022-05-25 21:00:57 +02:00
Mathieu Beligon	dca70783bf	[threat-actors] validate file	2022-05-23 11:32:24 +02:00
Mathieu Beligon	c1cfc19871	[threat actors] Remove dead link for sandworm threat actor	2022-05-23 11:30:04 +02:00
Mathieu Beligon	36a1466661	[threat-actors] Add RansomHouse	2022-05-23 11:29:39 +02:00
Alexandre Dulaunoy	a838eaf9db	Merge pull request #717 from jloehel/krane chg: [cryptominers] Adds Krane	2022-05-18 08:17:16 +02:00
Jürgen Löhel	1be9a10ef9	chg: [cryptominers] Adds Krane Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>	2022-05-17 14:47:29 -05:00
Jürgen Löhel	9db5d18114	chg: [android] Adds Vulture Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>	2022-05-17 14:16:21 -05:00
Rony	2721522e82	chg: [threat-actor] add exotic lily, ta578, ta579	2022-05-14 20:52:15 +05:30
Jürgen Löhel	45da13ce5e	chg: [backdoors] Adds BPFDoor Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>	2022-05-11 19:06:19 -05:00
Alexandre Dulaunoy	fcdc6c86e6	chg: [threat-actor] add TG2003 synomym to Elephant Beetle	2022-05-09 14:24:28 +02:00
Alexandre Dulaunoy	9130365e2e	chg: [threat-actor] Elephant Beetle added Fix #708	2022-05-09 14:23:12 +02:00
Alexandre Dulaunoy	bb434b11cf	chg: [threat-actor] ModifiedElephant added Fix #709	2022-05-09 14:16:01 +02:00
Alexandre Dulaunoy	06550a7945	chg: [threat-actor] fix refs field -> it's always an array	2022-05-09 13:46:16 +02:00
Alexandre Dulaunoy	b67e3ed3f8	Merge branch 'threatactor-cosmiclynx-add' of https://github.com/adammchugh/MISP-Galaxy-Updates into adammchugh-threatactor-cosmiclynx-add	2022-05-09 13:43:44 +02:00
Rony	c0be6677c2	chg: [threat-actor] added actor Red Menshen https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf	2022-05-07 15:44:10 +05:30
Rony	11eca69ebc	chg: [threat-actor] added Curious Gorge	2022-05-07 12:40:35 +05:30
Daniel Plohmann	26c1850377	Update threat-actor.json adding Red Dev 4 as alias for GALLIUM as used by PwC.	2022-05-06 09:47:48 +02:00
Daniel Plohmann	06c293072c	Update threat-actor.json adding UNC3524 to the actor galaxy cluster.	2022-05-04 13:21:56 +02:00
3c7	0ad65fbe9f	Forgot to jq all the things	2022-04-28 09:42:25 +02:00
3c7	dfb6c0668e	Added SaintBear	2022-04-28 09:36:25 +02:00
Christophe Vandeplas	33476bec81	chg: [mitre] bump to MITRE ATT&CK v11.0	2022-04-25 18:29:57 +02:00
Alexandre Dulaunoy	664f6d80cc	chg: [threat-actor] Killnet description added	2022-04-21 15:05:50 +02:00
Alexandre Dulaunoy	1e383e2452	chg: [threat-actor] version updated	2022-04-21 14:53:14 +02:00
Mathieu Beligon	c8455a6c4d	[actors] Add killnet	2022-04-21 14:06:28 +02:00
Adam McHugh	53a0fc56d3	Added Cosmic Lynx Threat Actor from Agari Whitepaper advisory	2022-04-18 10:16:26 +09:30
Alexandre Dulaunoy	bca7381f33	fix: [ransomware] refs are within meta	2022-04-17 15:43:23 +02:00
Alexandre Dulaunoy	eb7c5ebaf1	fix: [ransom] remove empty ref	2022-04-17 15:39:02 +02:00
Alexandre Dulaunoy	bc696b43f4	chg: [ransomware] jq all the things	2022-04-17 15:35:50 +02:00
Alexandre Dulaunoy	00d33fd292	Merge pull request #701 from adammchugh/ransomware-conti-update Ammended Conti ransomware entry with ACSC 2021-010 advisory data	2022-04-17 15:35:25 +02:00
Alexandre Dulaunoy	66744a4cd0	Merge pull request #704 from adammchugh/cryptominers-bluemockingbird-add Added Cryptominer Blue Mockingbird from RedCanary advisory.	2022-04-17 14:43:59 +02:00
Alexandre Dulaunoy	14907e3eef	Merge pull request #703 from adammchugh/threatactor-copypaste-add Added Copy-Paste Threat Actor from ACSC Advisory 2020-008	2022-04-17 14:43:37 +02:00
Adam McHugh	84eac4b102	Added Cosmic Lynx Threat Actor from Agari Whitepaper advisory	2022-04-17 19:50:08 +09:30
Adam McHugh	f00e80ae7e	Added Cryptominer Blue Mockingbird from RedCanary advisory.	2022-04-17 19:44:42 +09:30
Adam McHugh	cff8a38c5f	Added Copy-Paste Threat Actor from ACSC Advisory 2020-008	2022-04-17 19:37:26 +09:30
Adam McHugh	622c0502aa	Ammended Conti ransomware entry with ACSC 2021-010 advisory data	2022-04-17 19:23:11 +09:30
Adam McHugh	99caab201f	Ammended Blackcat ransomware entry with ACSC 2022-004 advisory data	2022-04-17 18:05:24 +09:30
Thomas Dupuy	bd05eb0bba	upd: [cluster] add Threat Actor BladeHawk.	2022-04-11 17:03:19 +00:00
Thomas Dupuy	209391f110	upd: [cluster] add ref and synonyms for Energetic Bear.	2022-04-07 18:26:58 +00:00
Alexandre Dulaunoy	b649057a5a	chg: [handicap] fixed more fields	2022-04-04 11:09:30 +02:00
Alexandre Dulaunoy	aff4345074	chg: [handicap] more cleanup	2022-04-04 11:01:38 +02:00
Alexandre Dulaunoy	269f91ad75	chg: [handicap] more clean-up of uuid values	2022-04-04 10:56:29 +02:00
Alexandre Dulaunoy	d3d4e7186b	chg: [handicap] fix name of the clusters	2022-04-04 10:43:56 +02:00
Alexandre Dulaunoy	7e6390c336	Merge pull request #694 from AgatheMgt/main Handicap	2022-04-04 10:41:06 +02:00
Rony	a08ddaf548	Add Avivore & HAZY TIGER/Bitter	2022-04-02 01:14:18 +05:30
Rony	50f39edc10	Revert "update threat actors meta"	2022-04-02 00:55:38 +05:30
Delta-Sierra	73f71c8b15	dup	2022-04-01 16:51:27 +02:00
Delta-Sierra	fb557fd3a2	dup	2022-04-01 16:47:50 +02:00
Delta-Sierra	909fc09992	duplicate	2022-04-01 16:44:47 +02:00
Delta-Sierra	7c3e8ac068	fix duplicate	2022-04-01 16:40:40 +02:00
Delta-Sierra	dcc396108c	fix duplicate	2022-04-01 16:36:47 +02:00
Delta-Sierra	9257fb677b	merge	2022-04-01 16:32:10 +02:00
Delta-Sierra	0f7803b091	update threat actors meta	2022-04-01 16:00:27 +02:00
Sami Mokaddem	4242732af1	chg: jq all 2	2022-03-31 09:05:22 +02:00
Sami Mokaddem	a9a09d11c6	chg: jq all	2022-03-31 08:59:36 +02:00
Mathieu Beligon	c35fad3291	Add threat actor group Scarab	2022-03-28 12:11:34 +02:00
Alexandre Dulaunoy	94c3788089	Merge pull request #687 from Badis-dev/main Add galaxy and cluster cancer	2022-03-25 10:04:46 +01:00
AgatheMgt	aec779d1ee	poatate	2022-03-24 09:43:58 -04:00
AgatheMgt	3ce6d7a313	Update handicap.json	2022-03-24 07:48:49 -04:00
AgatheMgt	a6a16926f6	Create handicap.json	2022-03-24 07:08:08 -04:00
Daniel Plohmann	24a3f16ab4	adding threat actor group LAPSUS$ / DEV-0537.	2022-03-23 09:47:10 +01:00
Delta-Sierra	97690426bf	update threat actors meta	2022-03-18 16:41:10 +01:00
Alexandre Dulaunoy	6f0208dcaf	chg: [ransomware] UUID fixed	2022-03-18 16:03:27 +01:00
Alexandre Dulaunoy	ef5af37dbe	chg: [botnet] duplicate UUIDs replaced	2022-03-18 15:58:09 +01:00
Alexandre Dulaunoy	c0a07d2246	chg: [ransomware] replace duplicate UUIDs	2022-03-18 15:57:06 +01:00
botlabsDev	6416d0b2de	add Rook Ransomware, Pandora Ranomsware, Astro Locker, Mount Locker, Ripprbot, Abcbot Cyclops Blink and Elknot	2022-03-18 15:34:11 +01:00
Alexandre Dulaunoy	18069ce5f3	Merge pull request #688 from botlabsDev/patch-0 Add tool 'BadPotato' to clusters/tool.json	2022-03-15 12:30:47 +01:00
Alexandre Dulaunoy	7fd5715715	Merge pull request #691 from r0ny123/indian-adversaries Update to Indian Adversaries	2022-03-15 12:28:16 +01:00
Rony	eebda5f955	chg: [threat-actor] merging viceroy tiger and donot team & adding SectorE02 as an alias of Donot team	2022-03-15 15:02:57 +05:30
Rony	ac72e7b639	fix	2022-03-15 14:00:46 +05:30
Rony	3b67e745e5	Update threat-actor.json	2022-03-15 13:57:00 +05:30
botlabsDev	99ab2a13d6	Add tool 'BadPotato' to clusters/tool.json	2022-03-14 18:02:02 +01:00
Badis-dev	231915f9a4	add galaxy and cluster cancer	2022-03-11 14:20:09 +01:00
Badis-dev	27241135a2	Add cancer.json	2022-03-11 11:26:57 +01:00
Badis-dev	78f1c9f345	Delete cancer.json	2022-03-11 11:26:30 +01:00
Badis-dev	1c707f7c5e	Add cancer cluster	2022-03-11 11:13:57 +01:00
Delta-Sierra	957327383d	fix array	2022-03-07 16:10:53 +01:00
Delta-Sierra	a7f3df8a9a	merge	2022-03-07 16:04:38 +01:00
Delta-Sierra	8fd3c87b47	update threat actors meta	2022-03-07 15:54:29 +01:00
Alexandre Dulaunoy	8e09c9b30c	Merge pull request #685 from danielplohmann/patch-14 adding threat actor "Moses Staff"	2022-03-02 21:43:00 +01:00
Daniel Plohmann	896a451461	fixed with linted JSON.	2022-03-02 21:22:28 +01:00
Daniel Plohmann	a817324cd4	adding threat actor "Moses Staff"	2022-03-02 15:50:39 +01:00
Mathieu Beligon	0b456b8afa	version bump -> 213	2022-03-02 14:55:26 +01:00
Mathieu Beligon	d3d241ca54	Update Gamaredon target	2022-03-02 14:55:19 +01:00
Mathieu Beligon	27c05a118e	Update GhostWriter	2022-03-02 13:16:20 +01:00
Delta-Sierra	c909a35d65	Merge https://github.com/MISP/misp-galaxy into main	2022-02-18 10:57:10 +01:00
Delta-Sierra	a788c867a7	jq	2022-02-18 10:56:07 +01:00
Delta-Sierra	b0cd884afc	add TA2541	2022-02-18 10:54:25 +01:00
Daniel Plohmann	321e4b4a57	another Gamaredon ref and version bump	2022-02-18 08:26:01 +01:00
Daniel Plohmann	254dd47a61	adding ACTINIUM as MSFT name for Gamaredon	2022-02-18 08:24:35 +01:00
Delta-Sierra	33ef3317b7	fix duplicate	2022-02-14 10:02:36 +01:00
Delta-Sierra	9b76d71c43	Merge https://github.com/MISP/misp-galaxy into main	2022-02-14 08:47:21 +01:00
Delta-Sierra	3184819968	add DDG botnet and more	2022-02-11 16:13:36 +01:00
rwe	4700780d47	added antlion APT group	2022-02-05 04:52:33 -08:00
Alexandre Dulaunoy	f49b54281b	chg: [ransomware] set encryption only	2022-02-02 22:36:14 +01:00
Alexandre Dulaunoy	3328b73185	fix: [ransomware] array end missing	2022-02-02 22:32:39 +01:00
Kevin Holvoet	3d23f98d04	Forgot comma between JSON entries	2022-02-02 18:58:55 +01:00
Kevin Holvoet	389add7580	Update ransomware.json with URL fix Fixed URL for AlphaLocker	2022-02-02 18:54:31 +01:00
Kevin Holvoet	fa9829cec0	Update ransomware.json: add BlackCat (ALPHV)	2022-02-02 18:50:19 +01:00
Daniel Plohmann	833a6e0a8d	updated URLs for Gamaredon with Shuckworm alias reference	2022-02-02 09:40:10 +01:00
Daniel Plohmann	8f928d8eb3	adding Gamaredon alias Shuckworm used by Symantec	2022-02-02 09:35:53 +01:00
Delta-Sierra	5cf1eb01f4	Merge https://github.com/MISP/misp-galaxy into main	2022-01-31 10:04:07 +01:00
Alexandre Dulaunoy	1fda357a03	new: [surveillance] Cytrox added	2022-01-30 11:31:55 +01:00
Jürgen Löhel	22046a1eae	Adds WhisperGate Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>	2022-01-18 13:16:06 -06:00
Delta-Sierra	e523bdaf70	merge	2022-01-14 16:08:14 +01:00
Jürgen Löhel	3059c70ae6	Adds UPAS-Kit Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>	2022-01-13 11:53:32 -06:00
Thomas Dupuy	c792bdd1b7	Add AQUATIC PANDA threat actor.	2022-01-12 13:51:11 -05:00
Thomas Dupuy	afaf3a3110	Add Motnug tool.	2022-01-12 13:37:59 -05:00
Jürgen Löhel	5aa8a8a8b1	Adds Ragnatela RAT Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>	2022-01-10 15:57:10 -06:00
Sami Tainio	dcb87b0dc6	chg: [threat-actor] Add SideCopy	2022-01-07 17:45:41 +02:00
Daniel Plohmann	3094283252	adding Mandiant's FIN13.	2022-01-03 09:32:43 +01:00
Alexandre Dulaunoy	eba1b2839f	chg: [concordia] CMTMF killchain typo fixed	2021-12-20 10:41:00 +01:00
Raphaël Vinot	b4d518d4f0	fix: cmtmf-attack-pattern had multiple duplicate UUIDs	2021-12-17 17:58:29 +01:00
Alexandre Dulaunoy	12617ff627	chg: [concordia] fix name inconsistencies	2021-12-17 17:41:00 +01:00
Alexandre Dulaunoy	69b582f9ba	chg: [concordia] duplicate removed	2021-12-17 17:31:38 +01:00
Alexandre Dulaunoy	bc3ab62917	chg: [concordia] duplicate removed	2021-12-17 17:26:04 +01:00
Alexandre Dulaunoy	ee2a3c83f4	chg: [concordia] duplicate techniques removed	2021-12-17 17:21:00 +01:00
Alexandre Dulaunoy	01d23b61b7	chg: [concordia] typo fixed	2021-12-17 17:15:43 +01:00
Alexandre Dulaunoy	01f2ce68d4	chg: [misp-galaxy] duplicate modify trusted environment and also different technique ID?	2021-12-17 17:13:57 +01:00
Alexandre Dulaunoy	5becac98e4	chg: [concordia] duplicates removed	2021-12-17 16:51:11 +01:00
Alexandre Dulaunoy	ae7b7bd47d	chg: [cmtmf-attack-pattern] various fixes to make JSON ok	2021-12-17 16:08:07 +01:00
Alexandre Dulaunoy	7b587710b1	Merge branch 'concordia_mtmf' of https://github.com/BennSaturn/misp-galaxy into BennSaturn-concordia_mtmf	2021-12-17 15:55:03 +01:00
Jürgen Löhel	b81ac7f01d	Adds DarkWatchman RAT Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>	2021-12-17 07:20:58 -06:00
Delta-Sierra	b8960393a4	add Milan Rat, Shark tool and Lyceum synonyms	2021-11-29 16:00:40 +01:00
Delta-Sierra	bb92427b65	add Lyceum synonyms/sources	2021-11-29 12:05:51 +01:00
Delta-Sierra	78a8cf4ad2	add ESPecter Bootkit	2021-11-19 16:30:57 +01:00
Delta-Sierra	c89623e945	add ESPecter bootkit	2021-11-16 08:17:37 +01:00
Christophe Vandeplas	aeb5719448	chg: [att&ck] update to ATT&CK v10	2021-10-22 14:34:25 +02:00
Alexandre Dulaunoy	ab41df7282	chg: [malpedia] remove duplicate	2021-10-20 12:24:12 +02:00
Alexandre Dulaunoy	e517787e7c	chg: [malpedia] duplicates removed	2021-10-20 12:21:05 +02:00
Alexandre Dulaunoy	69f878c86f	fix: [malpedia] remove duplicate urls	2021-10-20 12:16:22 +02:00
Alexandre Dulaunoy	da91f2abc2	chg: [malpedia] updated	2021-10-20 10:21:03 +02:00
marjatech	d74fdb3e43	update malpedia	2021-10-19 16:21:19 +02:00
Bernardo Santos	e74fcfe268	Update cmtmf-attack-pattern.json - update version	2021-10-13 10:06:00 +02:00
Bernardo Santos	5f19983ba3	Update cmtmf-attack-pattern.json - Changes to cluster type - Fix typo for privilege escalation tactic	2021-10-13 09:57:03 +02:00
Bernardo Santos	49dfcca563	CONCORDIA MTMF - Initial version Initial version of the CONCORDIA Mobile Threat Modelling Framework for the CONCORDIA Project: https://www.concordia-h2020.eu/	2021-10-12 10:54:06 +02:00
Bernardo Santos	d09681b011	CONCORDIA MTMF - Initial version Initial version of the CONCORDIA Mobile Threat Modelling Framework for the CONCORDIA Project: https://www.concordia-h2020.eu/	2021-10-12 10:45:03 +02:00
Jeroen Pinoy	9ec76ae185	Add threat actor common raven	2021-10-03 23:30:20 +02:00
Thomas Patzke	26f0c344a1	Added O365 techniques Source: https://www.inversecos.com/2021/09/office365-attacks-bypassing-mfa.html	2021-09-18 23:27:38 +02:00
Thomas Dupuy	1985de4d44	Add BLUELIGHT tool.	2021-08-27 10:28:06 +02:00
Thomas Dupuy	89a3f986ba	Add InkySquid synonym.	2021-08-24 16:29:34 +02:00
Daniel Plohmann	3272960a14	fixed typo in actor name (CLOCKWORD -> CLOCKWORK SPIDER)	2021-08-19 06:02:40 +02:00
Rony	5dd0c7d8b3	chg: [threat-actor] add origin country to UNC2452 & HAFNIUM addressed https://github.com/MISP/misp-galaxy/pull/660#issuecomment-884475015	2021-08-02 22:30:05 +05:30
Rony	636ccdedcd	Update threat-actor.json	2021-07-21 18:47:56 +05:30
Rony	9ecfecc063	another fix	2021-07-21 18:41:18 +05:30
Rony	32ea60d721	fix	2021-07-21 18:31:05 +05:30
Rony	52e7d5a0a9	multiple updates to apt40, apt31 & hafnium	2021-07-21 18:28:40 +05:30
Rony	fb9a41f8e9	from Gov Canada & MFA Japan	2021-07-19 20:33:35 +05:30
Rony	c90c60cb13	adding references for APT40 & APT31	2021-07-19 20:14:36 +05:30
Alexandre Dulaunoy	6c8949caa9	Merge pull request #658 from jasperla/oilrig merge APT34 with OilRig	2021-07-03 08:56:39 +02:00
Deborah Servili	b6005bd53f	Merge branch 'main' into master	2021-07-02 13:30:51 +02:00
Delta-Sierra	913aff30c3	Add NOBELIUM and related	2021-07-02 13:18:03 +02:00
Jasper Lievisse Adriaanse	792490298e	merge APT34 with OilRig OilRig already has "APT 34" and "APT34" as synonyms. Additionally MITRE has since combined them due to overlap in activity: https://attack.mitre.org/groups/G0049/	2021-06-29 20:26:04 +02:00
Alexandre Dulaunoy	a5d7d85dc8	Merge pull request #657 from jloehel/add_matanbuchus [cluster][tool] Adds Matanbuchus	2021-06-22 07:23:20 +02:00
Jürgen Löhel	254c201601	[cluster][tool] Adds Matanbuchus + threat actor: BelialDemon Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>	2021-06-21 18:04:28 -05:00
Jürgen Löhel	381973f5de	[cluster][stealer] Adds HackBoss Fixes: #651 Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>	2021-06-21 16:35:20 -05:00
Thomas Dupuy	772c5145c1	Added BackdoorDiplomacy and Gelsemium.	2021-06-11 11:48:57 -04:00
Rony	9a723b6261	more ta544 references	2021-05-26 20:26:27 +05:30
Rony	db06e1fa4a	chg: [threat-actor] added cybercrime threat group profiles from Crowdstrike & Secureworks	2021-05-22 21:02:30 +05:30
Daniel Plohmann	433ea5cb45	Twisted Spider -> TWISTED SPIDER fair point	2021-05-19 17:04:58 +02:00
Daniel Plohmann	9719122d27	adding Twisted Spider as alias for TA2101 (Maze)	2021-05-19 16:47:41 +02:00
Alexandre Dulaunoy	a3cdbc1309	Merge pull request #650 from Still34/patches/alias-tick-1 Add alias for Tick	2021-05-07 23:23:38 +02:00
Still Hsu	eb671f1e6a	Add Nian alias Signed-off-by: Still Hsu <dev@stillu.cc>	2021-05-08 00:52:27 +08:00
Still Hsu	fe7c0dab07	Add country origin for BlackTech Signed-off-by: Still Hsu <dev@stillu.cc>	2021-05-08 00:32:39 +08:00
Daniel Plohmann	38b8bac51d	fixing broken/dead links	2021-05-04 20:15:17 +02:00
Alexandre Dulaunoy	6f7d3d5c2b	chg: [ransomware] COLT (Compromise to Leak Time) added on Darkside and Pysa "COLT – Compromise to Leak Time" - new meta colt-median/colt-average. For reference: https://vulnerability.ch/2021/05/colt-compromise-to-leak-time/	2021-05-03 07:41:43 +02:00
Alexandre Dulaunoy	7aaf25a424	new: [ransomware] Ragnarok added	2021-04-30 12:08:03 +02:00
Alexandre Dulaunoy	94ec98d544	Merge pull request #646 from r0ny123/update Updates to APT27 & Tick	2021-04-29 18:29:53 +02:00
Christophe Vandeplas	86ee7008b2	chg: [att&ck] bump to latest ATT&CK version from MITRE	2021-04-29 18:12:36 +02:00
mokaddem	211a4b5145	fix: [ransomware] Related key should be outside metas	2021-04-26 13:48:06 +02:00
Rony	4ba2db0f3a	FlatChestWare duplicate removed	2021-04-26 16:24:09 +05:30
Alexandre Dulaunoy	ef9989dbe8	chg: [ransomware] duplicate removed	2021-04-26 12:06:03 +02:00
Alexandre Dulaunoy	847d3e8fa7	chg: [ransomware] duplicate removed	2021-04-26 12:01:01 +02:00
Alexandre Dulaunoy	f3992ec5f1	chg: [ransomware] duplicates removed	2021-04-26 11:57:21 +02:00
Alexandre Dulaunoy	f2703bd03e	chg: [ransomware] Flyper removed	2021-04-26 11:52:28 +02:00
Delta-Sierra	3cae487e3d	fix duplicates and add relations	2021-04-26 11:25:39 +02:00
Rony	faed812fc9	Merged STALKER PANDA to Tick	2021-04-25 19:12:20 +05:30
Rony	89b9c0c32c	several updates to apt27	2021-04-25 16:53:36 +05:30
Delta-Sierra	0a05621f82	Merge https://github.com/MISP/misp-galaxy	2021-04-19 15:48:58 +02:00
Delta-Sierra	b138354fa5	Removing duplicate	2021-04-19 15:42:49 +02:00
Alexandre Dulaunoy	28f6475cc5	chg: [ransomware] first duplicate removed	2021-04-19 15:13:18 +02:00
Alexandre Dulaunoy	e7061f90d9	chg: [ransomware] remove duplicate "File-Locker"	2021-04-19 15:08:06 +02:00
Alexandre Dulaunoy	ab13dd00f8	Merge pull request #645 from Delta-Sierra/master Adding ransomware names [WIP 2/3]	2021-04-19 15:03:12 +02:00
Delta-Sierra	f5713a8d87	Removing unexpected line	2021-04-19 14:53:36 +02:00
Delta-Sierra	b7b4b356c3	Adding ransomware names [WIP 3]	2021-04-19 14:47:10 +02:00
Delta-Sierra	fdf1a6c112	Adding ransomware names [WIP 2]	2021-04-19 13:24:25 +02:00
Daniel Plohmann	6eb594a6b0	adding Yanbian Gang as threat actor	2021-04-16 15:12:45 +02:00
Delta-Sierra	f3456a89c5	fix version	2021-04-15 15:08:11 +02:00
Delta-Sierra	4bcd0492bd	Adding ransomwares WIP	2021-04-15 15:07:52 +02:00
Daniel Plohmann	2d8e9ea364	Symantec uses Palmerworm as alias for BlackTech Adding Palmerworm as Symantec alias for BlackTech (with reference).	2021-03-31 22:35:12 +02:00
Thomas Dupuy	a8c62ddeda	Add Ghostwriter.	2021-03-31 09:42:40 -04:00
Rony	50f5d2ae4a	reverted changes made into `52ae97718d`	2021-03-30 22:19:05 +05:30
sebdraven	ce8a9442eb	validation jsons	2021-03-30 13:12:21 +00:00
Sebdraven	52ae97718d	Update threat-actor.json add a synonym to Haffnium	2021-03-30 15:11:09 +02:00
sebdraven	b082977b9f	validation ok	2021-03-30 10:22:35 +00:00
Sebdraven	4ed4cebcee	Update threat-actor.json format json	2021-03-30 12:16:22 +02:00
Sebdraven	a62e3ba530	Update threat-actor.json add redecho threat actor	2021-03-30 12:10:50 +02:00
Jakub Onderka	ca9608da6d	fix: Cryptominers type	2021-03-27 22:07:33 +01:00
Alexandre Dulaunoy	26b9740e55	chg: [malpedia] jq all the file and removed ref duplicates	2021-03-13 11:00:39 +01:00
Jakob M	f02ce7e805	update to latest Ref: https://malpedia.caad.fkie.fraunhofer.de/api/get/misp	2021-03-12 10:35:12 +01:00
Delta-Sierra	eff327b4fd	fix progress	2021-03-11 14:42:55 +01:00
Delta-Sierra	7c843ac5c2	fix merge & jq	2021-03-11 14:08:29 +01:00
Delta-Sierra	c37befc8a9	merge	2021-03-11 10:35:05 +01:00
Alexandre Dulaunoy	855a12a408	chg: [clusters] fixing broken UUID fix #628	2021-03-11 09:54:50 +01:00
Alexandre Dulaunoy	f6ed00233e	chg: [ransomware] fix the broken UUID fix #628	2021-03-11 09:52:25 +01:00
Rony	57c7d0b9a0	From Nextron	2021-03-06 19:44:32 +05:30
Rony	6cabbfb091	more!	2021-03-06 14:22:29 +05:30
Rony	7b242555df	More references From Crowdstrike MSRC and kql hunting query from James Quinn	2021-03-06 13:28:14 +05:30
Rony	eaab88ef28	add HAFNIUM detection refs	2021-03-05 16:51:28 +05:30
Rony	4bc438a325	fix	2021-03-05 11:48:43 +05:30
Rony	d9b299aafc	add more HAFNIUM references	2021-03-05 11:42:04 +05:30
Rony	c9f7afef1c	Adding alias NOBELIUM	2021-03-04 22:39:33 +05:30

... 5 6 7 8 9 ...

2128 commits