MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-27 09:17:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
2441 commits 6 branches 47 tags 96 MiB
Commit graph

1607 commits

Author SHA1 Message Date
Bernardo Santos
e74fcfe268 Update cmtmf-attack-pattern.json 
- update version
 2021-10-13 10:06:00 +02:00
Bernardo Santos
5f19983ba3 Update cmtmf-attack-pattern.json 
- Changes to cluster type
- Fix typo for privilege escalation tactic
 2021-10-13 09:57:03 +02:00
Bernardo Santos
49dfcca563 CONCORDIA MTMF - Initial version 
Initial version of the CONCORDIA Mobile Threat Modelling Framework for the CONCORDIA Project: https://www.concordia-h2020.eu/
 2021-10-12 10:54:06 +02:00
Bernardo Santos
d09681b011 CONCORDIA MTMF - Initial version 
Initial version of the CONCORDIA Mobile Threat Modelling Framework for the CONCORDIA Project: https://www.concordia-h2020.eu/
 2021-10-12 10:45:03 +02:00
Jeroen Pinoy
9ec76ae185
Add threat actor common raven 2021-10-03 23:30:20 +02:00
Thomas Patzke
26f0c344a1 Added O365 techniques 
Source:
https://www.inversecos.com/2021/09/office365-attacks-bypassing-mfa.html
 2021-09-18 23:27:38 +02:00
Thomas Dupuy
1985de4d44 Add BLUELIGHT tool. 2021-08-27 10:28:06 +02:00
Thomas Dupuy
89a3f986ba Add InkySquid synonym. 2021-08-24 16:29:34 +02:00
Daniel Plohmann
3272960a14
fixed typo in actor name (CLOCKWORD -> CLOCKWORK SPIDER) 2021-08-19 06:02:40 +02:00
Rony
5dd0c7d8b3
chg: [threat-actor] add origin country to UNC2452 & HAFNIUM 
addressed https://github.com/MISP/misp-galaxy/pull/660#issuecomment-884475015
 2021-08-02 22:30:05 +05:30
Rony
636ccdedcd
Update threat-actor.json 2021-07-21 18:47:56 +05:30
Rony
9ecfecc063
another fix 2021-07-21 18:41:18 +05:30
Rony
32ea60d721
fix 2021-07-21 18:31:05 +05:30
Rony
52e7d5a0a9
multiple updates to apt40, apt31 & hafnium 2021-07-21 18:28:40 +05:30
Rony
fb9a41f8e9
from Gov Canada & MFA Japan 2021-07-19 20:33:35 +05:30
Rony
c90c60cb13
adding references for APT40 & APT31 2021-07-19 20:14:36 +05:30
Alexandre Dulaunoy
6c8949caa9
Merge pull request #658 from jasperla/oilrig 
merge APT34 with OilRig
 2021-07-03 08:56:39 +02:00
Deborah Servili
b6005bd53f
Merge branch 'main' into master 2021-07-02 13:30:51 +02:00
Delta-Sierra
913aff30c3 Add NOBELIUM and related 2021-07-02 13:18:03 +02:00
Jasper Lievisse Adriaanse
792490298e merge APT34 with OilRig 
OilRig already has "APT 34" and "APT34" as synonyms. Additionally
MITRE has since combined them due to overlap in activity:
https://attack.mitre.org/groups/G0049/
 2021-06-29 20:26:04 +02:00
Alexandre Dulaunoy
a5d7d85dc8
Merge pull request #657 from jloehel/add_matanbuchus 
[cluster][tool] Adds Matanbuchus
 2021-06-22 07:23:20 +02:00
Jürgen Löhel
254c201601
[cluster][tool] Adds Matanbuchus 
+ threat actor: BelialDemon

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2021-06-21 18:04:28 -05:00
Jürgen Löhel
381973f5de
[cluster][stealer] Adds HackBoss 
Fixes: #651

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2021-06-21 16:35:20 -05:00
Thomas Dupuy
772c5145c1 Added BackdoorDiplomacy and Gelsemium. 2021-06-11 11:48:57 -04:00
Rony
9a723b6261
more ta544 references 2021-05-26 20:26:27 +05:30
Rony
db06e1fa4a
chg: [threat-actor] added cybercrime threat group profiles from Crowdstrike & Secureworks 2021-05-22 21:02:30 +05:30
Daniel Plohmann
433ea5cb45
Twisted Spider -> TWISTED SPIDER 
fair point
 2021-05-19 17:04:58 +02:00
Daniel Plohmann
9719122d27
adding Twisted Spider as alias for TA2101 (Maze) 2021-05-19 16:47:41 +02:00
Alexandre Dulaunoy
a3cdbc1309
Merge pull request #650 from Still34/patches/alias-tick-1 
Add alias for Tick
 2021-05-07 23:23:38 +02:00
Still Hsu
eb671f1e6a
Add Nian alias 
Signed-off-by: Still Hsu <dev@stillu.cc>
 2021-05-08 00:52:27 +08:00
Still Hsu
fe7c0dab07
Add country origin for BlackTech 
Signed-off-by: Still Hsu <dev@stillu.cc>
 2021-05-08 00:32:39 +08:00
Daniel Plohmann
38b8bac51d
fixing broken/dead links 2021-05-04 20:15:17 +02:00
Alexandre Dulaunoy
6f7d3d5c2b
chg: [ransomware] COLT (Compromise to Leak Time) added on Darkside and Pysa 
"COLT – Compromise to Leak Time" - new meta colt-median/colt-average.

For reference: https://vulnerability.ch/2021/05/colt-compromise-to-leak-time/
 2021-05-03 07:41:43 +02:00
Alexandre Dulaunoy
7aaf25a424
new: [ransomware] Ragnarok added 2021-04-30 12:08:03 +02:00
Alexandre Dulaunoy
94ec98d544
Merge pull request #646 from r0ny123/update 
Updates to APT27 & Tick
 2021-04-29 18:29:53 +02:00
Christophe Vandeplas
86ee7008b2 chg: [att&ck] bump to latest ATT&CK version from MITRE 2021-04-29 18:12:36 +02:00
mokaddem
211a4b5145 fix: [ransomware] Related key should be outside metas 2021-04-26 13:48:06 +02:00
Rony
4ba2db0f3a FlatChestWare duplicate removed 2021-04-26 16:24:09 +05:30
Alexandre Dulaunoy
ef9989dbe8
chg: [ransomware] duplicate removed 2021-04-26 12:06:03 +02:00
Alexandre Dulaunoy
847d3e8fa7
chg: [ransomware] duplicate removed 2021-04-26 12:01:01 +02:00
Alexandre Dulaunoy
f3992ec5f1
chg: [ransomware] duplicates removed 2021-04-26 11:57:21 +02:00
Alexandre Dulaunoy
f2703bd03e
chg: [ransomware] Flyper removed 2021-04-26 11:52:28 +02:00
Delta-Sierra
3cae487e3d fix duplicates and add relations 2021-04-26 11:25:39 +02:00
Rony
faed812fc9 Merged STALKER PANDA to Tick 2021-04-25 19:12:20 +05:30
Rony
89b9c0c32c several updates to apt27 2021-04-25 16:53:36 +05:30
Delta-Sierra
0a05621f82 Merge https://github.com/MISP/misp-galaxy 2021-04-19 15:48:58 +02:00
Delta-Sierra
b138354fa5 Removing duplicate 2021-04-19 15:42:49 +02:00
Alexandre Dulaunoy
28f6475cc5
chg: [ransomware] first duplicate removed 2021-04-19 15:13:18 +02:00
Alexandre Dulaunoy
e7061f90d9
chg: [ransomware] remove duplicate "File-Locker" 2021-04-19 15:08:06 +02:00
Alexandre Dulaunoy
ab13dd00f8
Merge pull request #645 from Delta-Sierra/master 
Adding ransomware names [WIP 2/3]
 2021-04-19 15:03:12 +02:00
Delta-Sierra
f5713a8d87 Removing unexpected line 2021-04-19 14:53:36 +02:00
Delta-Sierra
b7b4b356c3 Adding ransomware names [WIP 3] 2021-04-19 14:47:10 +02:00
Delta-Sierra
fdf1a6c112 Adding ransomware names [WIP 2] 2021-04-19 13:24:25 +02:00
Daniel Plohmann
6eb594a6b0
adding Yanbian Gang as threat actor 2021-04-16 15:12:45 +02:00
Delta-Sierra
f3456a89c5 fix version 2021-04-15 15:08:11 +02:00
Delta-Sierra
4bcd0492bd Adding ransomwares WIP 2021-04-15 15:07:52 +02:00
Daniel Plohmann
2d8e9ea364
Symantec uses Palmerworm as alias for BlackTech 
Adding Palmerworm as Symantec alias for BlackTech (with reference).
 2021-03-31 22:35:12 +02:00
Thomas Dupuy
a8c62ddeda Add Ghostwriter. 2021-03-31 09:42:40 -04:00
Rony
50f5d2ae4a
reverted changes made into 52ae97718d 2021-03-30 22:19:05 +05:30
sebdraven
ce8a9442eb validation jsons 2021-03-30 13:12:21 +00:00
Sebdraven
52ae97718d Update threat-actor.json 
add a synonym to Haffnium
 2021-03-30 15:11:09 +02:00
sebdraven
b082977b9f validation ok 2021-03-30 10:22:35 +00:00
Sebdraven
4ed4cebcee Update threat-actor.json 
format json
 2021-03-30 12:16:22 +02:00
Sebdraven
a62e3ba530 Update threat-actor.json 
add redecho threat actor
 2021-03-30 12:10:50 +02:00
Jakub Onderka
ca9608da6d fix: Cryptominers type 2021-03-27 22:07:33 +01:00
Alexandre Dulaunoy
26b9740e55
chg: [malpedia] jq all the file and removed ref duplicates 2021-03-13 11:00:39 +01:00
Jakob M
f02ce7e805 update to latest 
Ref: https://malpedia.caad.fkie.fraunhofer.de/api/get/misp
 2021-03-12 10:35:12 +01:00
Delta-Sierra
eff327b4fd fix progress 2021-03-11 14:42:55 +01:00
Delta-Sierra
7c843ac5c2 fix merge & jq 2021-03-11 14:08:29 +01:00
Delta-Sierra
c37befc8a9 merge 2021-03-11 10:35:05 +01:00
Alexandre Dulaunoy
855a12a408
chg: [clusters] fixing broken UUID fix #628 2021-03-11 09:54:50 +01:00
Alexandre Dulaunoy
f6ed00233e
chg: [ransomware] fix the broken UUID fix #628 2021-03-11 09:52:25 +01:00
Rony
57c7d0b9a0
From Nextron 2021-03-06 19:44:32 +05:30
Rony
6cabbfb091
more! 2021-03-06 14:22:29 +05:30
Rony
7b242555df
More references 
From 
Crowdstrike
MSRC
and kql hunting query from James Quinn
 2021-03-06 13:28:14 +05:30
Rony
eaab88ef28
add HAFNIUM detection refs 2021-03-05 16:51:28 +05:30
Rony
4bc438a325
fix 2021-03-05 11:48:43 +05:30
Rony
d9b299aafc
add more HAFNIUM references 2021-03-05 11:42:04 +05:30
Rony
c9f7afef1c
Adding alias NOBELIUM 2021-03-04 22:39:33 +05:30
Alexandre Dulaunoy
47dade9d0e
Merge pull request #631 from r0ny123/Enhancement 
Add HAFNIUM
 2021-03-04 14:48:01 +01:00
Alexandre Dulaunoy
a9a6b0253f
chg: [microsoft activity group] HAFNIUM added 2021-03-04 10:49:58 +01:00
Rony
ad795606cf
added HAFNIUM 
Updates:
Tonto Team
UNC2452
 2021-03-04 00:10:33 +05:30
Sebdraven
2666341afc Update threat-actor.json 
update Sidewinder card
 2021-03-03 17:59:25 +01:00
Thomas Dupuy
f842694fda Update Infy TA. 2021-03-02 14:37:01 -05:00
Alexandre Dulaunoy
524676282e
Merge branch 'main' of github.com:MISP/misp-galaxy into main 2021-02-26 08:30:58 +01:00
Alexandre Dulaunoy
4692ced8fa
chg: [tool] SUNSPOT added 2021-02-26 08:28:01 +01:00
Delta-Sierra
0e23d8b95f add relationships between Maze, Rgnar, Egregor and Sekhmet 2021-02-25 10:21:28 +01:00
Delta-Sierra
406dfdb45b add Sekhmet ransomware 2021-02-25 09:52:52 +01:00
Delta-Sierra
d273a5da7d add TeamTNT ref 2021-02-25 09:52:24 +01:00
Rony
5c6f3a036b
removing DePrimon 
DePrimon is not a TA, added malfamily (waiting for approval) to Malpedia to better reflect that.
 2021-02-24 21:55:04 +05:30
Thomas Dupuy
eeafff9768 Add RDAT backdoor 2021-02-23 11:15:31 -05:00
Delta-Sierra
eb07fab69f add Ragnar Locker and update accordingly 2021-02-23 16:21:07 +01:00
Delta-Sierra
06ae10965b add Covidloc and tycoon ransomware + small updates on some ransomwares 2021-02-22 16:39:47 +01:00
Delta-Sierra
7c1ac58141 add TeamTNT 2021-02-22 16:38:18 +01:00
Thijsvanede
e9eb0c7a6c
Fix: rename "Innitial Access" to "Initial Access" 
Renamed mitre-ics-tactics "Innitial Access" to "Initial Access".
Original was a minor spelling mistake.
The fixed naming corresponds to the original ATT&CK framework description https://collaborate.mitre.org/attackics/index.php/Initial_Access
 2021-02-19 12:01:47 +01:00
Thomas Dupuy
178e16dc13 Remove empty values. 2021-02-16 10:32:37 -05:00
Thomas Dupuy
4a7560d191 Add Exaramel and P.A.S. webshell tool. 2021-02-15 12:52:53 -05:00
Thomas Dupuy
93396c524d Add Caterpillar WebShell. 2021-02-12 12:00:17 -05:00
Delta-Sierra
96bf0d44ea Merge https://github.com/MISP/misp-galaxy 2021-02-09 14:52:58 +01:00
Daniel Plohmann
d61e7d2fac
adding ClearSky alias for Volatile Cedar 
adding ClearSky report as source and alias to the VolatileCedar entry. As proof from the report: "We attributed the operation to Lebanese Cedar (also known as Volatile Cedar), mainly based on the code overlaps between the 2015 variants of Explosive RAT and Caterpillar WebShell, to the 2020 variants of these malicious  files."
 2021-01-29 10:39:18 +01:00