Delta-Sierra
9c9561bce8
fix metasploit desc in value (ty cvandeplas)
2023-05-15 10:23:05 +02:00
Delta-Sierra
d202ed9f3f
Merge https://github.com/MISP/misp-galaxy
2023-05-15 09:54:25 +02:00
Delta-Sierra
a3fffacab3
add APT43 + tools
2023-05-15 08:41:17 +02:00
Christophe Vandeplas
02c50184bf
chg: [attck4fraud] Full merge of E.A.S.T. data + updated script
2023-05-13 09:50:14 +02:00
Christophe Vandeplas
1d9f59eb2d
chg: [attck4fraud] more manual updates with E.A.S.T. data
2023-05-13 08:43:21 +02:00
marjatech
21266365da
update malpedia
2023-05-11 14:34:41 +02:00
810cbe5b49
chg: [sigma] updated to the latest version
2023-05-11 10:27:48 +02:00
a27fda701b
Merge pull request #849 from danielplohmann/patch-34
...
adding APT43 (Mandiant) for Kimsuky.
2023-05-09 18:29:34 +02:00
Daniel Plohmann
094d56057c
adding APT43 (Mandiant) for Kimsuky.
2023-05-09 14:35:41 +02:00
Thomas Dupuy
bbbd006215
chg: [mitre] bump to v13.
2023-05-08 14:04:50 +00:00
Christophe Vandeplas
3c808921c3
chg: [attck4fraud] initial updates with E.A.S.T. data
...
https://www.association-secure-transactions.eu/industry-information/fraud-definitions/
2023-05-07 21:13:52 +02:00
c86c2a83ab
chg: [sigma] rules updated
2023-04-30 10:30:54 +02:00
3dff8e65cb
Merge pull request #847 from Delta-Sierra/main
...
add VEILEDSIGNAL and more
2023-04-27 17:21:35 +02:00
Delta-Sierra
1649c3dfca
Merge https://github.com/MISP/misp-galaxy
2023-04-27 10:04:30 +02:00
Delta-Sierra
bd050668ef
add VEILEDSIGNALand more
2023-04-27 09:53:49 +02:00
Sebastien Larinier
ddc285581d
Update threat-actor.json
2023-04-26 21:52:57 +02:00
Sebastien Larinier
d60cca9302
Update threat-actor.json
...
fix mistake
2023-04-26 21:46:33 +02:00
Sebastien Larinier
142d4aeaef
Update threat-actor.json
2023-04-26 14:26:48 +02:00
095c44e2ac
chg: [attck4fraud] add ATM cash trapping in the matrix
2023-04-26 07:48:29 +02:00
Jürgen Löhel
15297c7b5f
chg [threat-actors] Add RedGolf
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-04-24 16:59:18 -06:00
Christophe Vandeplas
79b80b0869
chg: [rels] more threat actor relations
2023-04-23 17:54:58 +02:00
Christophe Vandeplas
3c6c204f01
chg: [rels] more threat actor relations
2023-04-23 17:45:58 +02:00
Christophe Vandeplas
138c7c7ba8
chg: [rels] more relations on cluster "value"
2023-04-23 17:36:02 +02:00
Christophe Vandeplas
bf7c5f1dd9
chg: [rels] threat-actor & MS activity group - on synonym
2023-04-23 11:56:41 +02:00
Christophe Vandeplas
a5e7e0c95f
chg: [rels] threat-actor & MS activity group - on value
2023-04-23 11:55:57 +02:00
Christophe Vandeplas
f070943ee9
chg: [atrm] updated to latest version
2023-04-23 07:45:16 +02:00
adc7a70cf9
chg: [microsoft-activity-group] country code added
2023-04-21 07:39:37 +02:00
8688c41796
chg: [microsoft activity group] remove duplicate
2023-04-20 17:25:32 +02:00
592361826a
fix: [microsoft activity group] duplicate in Microsoft source
2023-04-20 17:20:57 +02:00
309f4f2ea5
chg: [microsoft-activity-group] updated following contribution from @botlabsDev script
2023-04-20 17:04:05 +02:00
2cc6bdfbc1
chg: [sigma] rules updated
2023-04-20 12:17:46 +02:00
Sebastien Larinier
862badf2c9
Update threat-actor.json
2023-04-19 17:41:44 +02:00
Sebastien Larinier
1c751b1ea8
Update threat-actor.json
2023-04-19 17:34:50 +02:00
Sebastien Larinier
165ce70a28
Merge branch 'MISP:main' into main
2023-04-19 16:48:02 +02:00
Sebastien Larinier
87ef0a400e
Update threat-actor.json
2023-04-19 15:42:14 +02:00
Sebastien Larinier
a77dc82c0a
Update threat-actor.json
...
new apt30 group
2023-04-19 15:35:36 +02:00
Delta-Sierra
063ac9fc71
jq?
2023-04-19 15:10:25 +02:00
Delta-Sierra
ecb7e79a6e
Merge https://github.com/MISP/misp-galaxy
2023-04-19 15:06:51 +02:00
Tobias Mainka
8d2b9537f1
replace "sector" tag with "country" for matching data. this allows to be confirm with existing clusters.
2023-04-19 12:38:37 +02:00
Sebastien Larinier
926035633f
Merge branch 'MISP:main' into main
2023-04-19 11:55:57 +02:00
ccc8f0f801
chg: [microsoft-activity-group] updated to map the new funky Microsoft "taxonomy"
...
Script to generate the cluster is the following, UUIDv5 based on
standard misp-stix source UUIDv4.
~~~python
lcluster = []
for v in data:
cluster = {}
cluster['value'] = v['threat_actor']
cluster['meta'] = {}
cluster['meta']['sector'] = v['sector']
cluster['meta']['synonyms'] = v['synonyms']
cluster['meta']['refs'] = []
cluster['meta']['refs'].append('https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide ')
_uuid = uuid.uuid5(uuid.UUID("76beed5f-7251-457e-8c2a-b45f7b589d3d"), "{}".format(cluster['value']))
cluster['uuid'] = str(_uuid)
lcluster.append(cluster)
~~~
Relationships might be added in a later stage to map with the MISP threat actor galaxy.
2023-04-19 10:47:11 +02:00
Daniel Plohmann
41afab1c06
adding Trend Micro alias Earth Smilodon for APT27
2023-04-18 20:11:57 +02:00
Delta-Sierra
6b8994271e
add relationships for HALFRIG & QUATTERRIG
2023-04-18 12:20:20 +02:00
Daniel Plohmann
02e23a9a47
adding Google alias HOODOO for APT41
2023-04-17 22:32:50 +02:00
Delta-Sierra
4a4fa6d16f
fix versions
2023-04-17 11:32:51 +02:00
Delta-Sierra
6d5df91efa
add relationship SNOWYAMBER & Notion
2023-04-17 11:31:48 +02:00
Delta-Sierra
233a066a03
Merge https://github.com/MISP/misp-galaxy
2023-04-17 11:16:23 +02:00
Delta-Sierra
d4225c5469
add some SNOWYAMBER relationships
2023-04-17 11:16:21 +02:00
91af071bae
new: [online-service] online service added
2023-04-17 10:59:18 +02:00
5f9760923f
Merge pull request #838 from Delta-Sierra/main
...
Adding SNOWYAMBER, HALFRIG, QUARTERRIG tools & PowerMagic backdoor
2023-04-14 16:03:57 +02:00
Delta-Sierra
8e9880d932
Add SNOWYAMBER, HALFRIG, QUARTERRIG tools
2023-04-14 15:59:42 +02:00
Delta-Sierra
c5590ff79a
add PowerMagic backdoor
2023-04-13 14:11:36 +02:00
Daniel Plohmann
a966b3ff88
adding Trend Micro alias Earth Preta for Mustang Panda
2023-04-12 16:59:36 +02:00
2763cdd72b
chg:[sigma] Sigma rules updated
2023-04-12 11:44:43 +02:00
Delta-Sierra
8c831d70c8
jq
2023-04-11 15:06:59 +02:00
Delta-Sierra
d30e7357fe
merge
2023-04-11 13:57:30 +02:00
Delta-Sierra
eb9254713a
Add more ransomwares from ransomlook
2023-04-11 13:56:29 +02:00
3cc7e03af6
new: [stealer] add Sordeal Stealer
2023-04-11 09:54:02 +02:00
cbf12d9289
Merge pull request #833 from jloehel/HinataBot
...
chg[botnet]: Add HinataBot
2023-04-04 10:17:07 +02:00
Jürgen Löhel
647fc025d7
chg[botnet]: Add HinataBot
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-04-03 11:19:08 -06:00
15a03e877e
chg: [sigma] updated
2023-03-29 10:33:57 +02:00
Sebdraven
8713618777
Update threat-actor.json
...
add new ref for sidecopy
2023-03-23 09:13:23 +01:00
Sebdraven
f5d68aa08d
Update threat-actor.json
...
delete ref to APT30 for Naikon
2023-03-23 08:49:17 +01:00
Sebdraven
d5843d46e2
Update threat-actor.json
...
add ref to Aoqin Dragon
2023-03-21 18:40:10 +01:00
122a0bd39b
fix: [ransomware] fix duplicate Value "Cuba"
2023-03-19 11:03:12 +01:00
f2305dc165
Merge pull request #829 from Delta-Sierra/main
...
update based on ransomlook+1
2023-03-16 19:18:54 +01:00
Delta-Sierra
12f69a6082
update based on ransomlook
2023-03-16 15:24:44 +01:00
Mathieu Beligon
d82ff1ecfb
[threat-actors] Add Anonymous Sudan
2023-03-15 17:38:03 -05:00
Daniel Plohmann
c39b46e9d5
Update threat-actor.json
...
when value "Sofacy" was changed to "APT28", it seems Sofacy was not added to aliases, so it's missing right now.
2023-03-15 14:55:25 +01:00
Delta-Sierra
74390b27c5
Merge https://github.com/MISP/misp-galaxy
2023-03-13 09:59:04 +01:00
Delta-Sierra
c4eca7dfe1
more from ransomlook
2023-03-13 09:59:00 +01:00
Jürgen Löhel
9f9a263394
chg [tool]: Add tools used by TA866 during the Screentime campaign
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-03-08 21:46:11 -06:00
Jürgen Löhel
031a4c8030
chg [stealer]: Add Rhadamanthys
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-03-08 21:45:39 -06:00
Jürgen Löhel
437d4a30e5
chg [tds]: Add 404 TDS
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-03-08 21:45:13 -06:00
Jürgen Löhel
2d30785af5
chg [threat-actors] Add TA866
...
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2023-03-08 21:44:16 -06:00
57f3e46273
chg: [sigma] updated
2023-03-07 12:14:48 +01:00
e7b97edaa4
chg: [ransomware] fixing duplicate cluster element Avaddon
2023-03-07 12:06:56 +01:00
6db5b0b0cb
Merge pull request #824 from Delta-Sierra/main
...
update based on ransomlook
2023-03-06 16:23:48 +01:00
Delta-Sierra
bed6bf8dd6
fix stupid duplicate-bis
2023-03-06 16:10:23 +01:00
Delta-Sierra
d561350f7b
fix stupid duplicate
2023-03-06 16:04:28 +01:00
Delta-Sierra
96cb1e22ba
update based on ransomlook
2023-03-06 15:55:46 +01:00
Mathieu Beligon
395ffda94f
[threat-actors] bump version
2023-03-02 10:29:52 -08:00
Mathieu Beligon
e1407c3c3f
[threat-actors] Add SLIPPY SPIDER alias to LAPSUS
2023-03-02 10:29:29 -08:00
Mathieu Beligon
4bbee8c1e7
[threat-actors] Add PROPHET SPIDER
2023-03-02 10:19:24 -08:00
Mathieu Beligon
61cb24a3fc
[threat-actors] Add Nemesis Kitten
2023-03-01 16:37:42 -08:00
Mathieu Beligon
84faa3c92b
[threat-actors] Add Karakurt
2023-03-01 16:34:03 -08:00
Mathieu Beligon
7d371b4c80
[threat-actors] Add CYBORG SPIDER alias to GOCLD BURLAP
2023-03-01 15:45:41 -08:00
Mathieu Beligon
fa57354471
[threat-actors] Add Chamelgang
2023-03-01 15:40:23 -08:00
Mathieu Beligon
bff978e4d1
[threat-actors] Add TA453
2023-03-01 15:24:55 -08:00
Mathieu Beligon
3406ad3aa9
[threat-actors] Add APT42
2023-03-01 15:18:53 -08:00
Mathieu Beligon
2567d6f1f8
[threat-actors] Add TA406
2023-03-01 15:01:22 -08:00
Rony
50624af741
add DEV-0147 https://twitter.com/MsftSecIntel/status/1625181255754039318
2023-02-25 20:18:09 +00:00
Rony
cf727f034c
add other actor synonyms from Google's report https://services.google.com/fh/files/blogs/google_fog_of_war_research_report.pdf
2023-02-26 01:05:50 +05:30
Delta-Sierra
27f4c9fcdc
synonyms must be an array
2023-02-23 14:26:20 +01:00
Delta-Sierra
0ca7675a5f
Merge https://github.com/MISP/misp-galaxy
2023-02-23 14:16:00 +01:00
Delta-Sierra
55725c771e
add/update ransomware based on ransomlook
2023-02-23 14:15:09 +01:00
Tom King
e52eefa0e7
chg: [mitre] updated with correct ID parsing
2023-02-21 10:36:37 +00:00
Christophe Vandeplas
9f73ff73ac
fix: [first-dns] corrected typo
2023-02-21 10:54:30 +08:00
Christophe Vandeplas
e2f2026fea
chg: [first-dns] Adds FIRST DNS Abuse Techniques Matrix
2023-02-21 10:26:46 +08:00
Christophe Vandeplas
a6a9a73ae5
chg: [360net] updated to latest online version
2023-02-20 20:03:36 +08:00