Commit graph

1324 commits

Author SHA1 Message Date
Deborah Servili
31f3a61d5f
add Sofacy ref 2019-12-05 15:42:42 +01:00
8e73612b09
Merge pull request #488 from Delta-Sierra/master
create new galaxy - surveillance-vendor
2019-12-05 14:48:44 +01:00
Deborah Servili
df1cbf8dce
add clusters to surveillance-vendor galaxy 2019-12-05 12:06:10 +01:00
Deborah Servili
ad5b915175
Fix surveillance-vendor galaxy 2019-12-05 11:09:38 +01:00
Deborah Servili
12530db5a8
Add FlexiSPY + jq 2019-12-05 10:05:21 +01:00
Deborah Servili
a049009453
add new galaxy - surveillance-vendor 2019-12-04 16:22:58 +01:00
Deborah Servili
2e82cd4fd7
add Private Internet Access as Tool 2019-12-04 16:22:22 +01:00
5f020307f3
Merge pull request #485 from danielplohmann/patch-15
added TA2101
2019-12-03 22:36:49 +01:00
Daniel Plohmann
bd3cc6d8ee
added TA2101 2019-12-03 18:13:44 +01:00
Jean-Louis Huynen
100299f3fd
add: [dark-pattern] add a source 2019-12-03 17:09:57 +01:00
Jean-Louis Huynen
44a9897f2a
add: [dark-pattern] galaxy to tag dark patterns 2019-12-03 16:26:29 +01:00
2659d864d6
chg: [ransomware] jq ;-) 2019-11-22 22:41:01 +01:00
rmkml
64f100e578
Merge branch 'master' into master 2019-11-22 22:32:24 +01:00
rmkml
81cef767aa Fix Add FTCode Ransomware 2019-11-22 22:27:20 +01:00
rmkml
eee9beca0f Add FTCode Ransomware 2019-11-22 21:16:40 +01:00
Deborah Servili
34faa63070
jq 2019-11-22 15:41:51 +01:00
Deborah Servili
ba830c905d
add cyborg ransomnote refs 2019-11-22 15:36:49 +01:00
Deborah Servili
757c3d6480
add cyborg ransomnote filename 2019-11-22 15:35:58 +01:00
Deborah Servili
2009a9c45c
add cyborg ranspmware extension 2019-11-22 15:30:17 +01:00
Deborah Servili
cab60a02e2
jq 2019-11-22 14:15:29 +01:00
Deborah Servili
08a4897cbe
add DePriMon malicious downloader & Cyborg ransomware 2019-11-22 14:05:36 +01:00
8cc5e02f22
chg: [clean-up] jq all the things 2019-11-21 17:19:39 +01:00
Deborah Servili
38641aae36
merge 2019-11-21 16:24:11 +01:00
Deborah Servili
f21dd95b28
merge 2019-11-21 16:23:29 +01:00
8240fe1722
Merge pull request #480 from rmkml/master
Add Maze Ransomware
2019-11-21 14:13:17 +01:00
Deborah Servili
1a0dd2292b
add silence synonym & new meta field spoken-language 2019-11-21 11:50:02 +01:00
rmkml
90bc667988 Add Maze Ransomware 2019-11-21 00:57:50 +01:00
rmkml
9410326ea2 Revert "Add Maze Ransomware"
This reverts commit cfc6e2802c.
2019-11-21 00:55:55 +01:00
rmkml
cfc6e2802c Add Maze Ransomware 2019-11-19 23:15:02 +01:00
5dc55fbbfb
Merge pull request #477 from rmkml/master
Add Desync Ransomware
2019-11-19 06:40:31 +01:00
rmkml
ac4099ed0e Add Desync Ransomware 2019-11-18 23:37:21 +01:00
Deborah Servili
5f65e8d208
traget information update [WIP] 2019-11-14 15:07:08 +01:00
StefanKelm
aa132ca58f
new refs for APT33 2019-11-14 14:57:05 +01:00
ea18f6e920
Merge pull request #475 from Delta-Sierra/master
target information update [WIP]
2019-11-13 20:43:03 +01:00
Deborah Servili
08cdc4cac3
jq 2019-11-13 15:56:23 +01:00
Deborah Servili
985c4b2459
traget information update [WIP] 2019-11-13 15:55:32 +01:00
eea0f528fa
chg: [threat-actor] Lucky Mouse synonym added
Ref: https://www.bleepingcomputer.com/news/security/cyber-espionage-group-customizes-old-public-tools/
Ref: https://www.cybersecurity-insiders.com/apt-lucky-mouse-group-targets-canada-icao-via-cyber-attack/
2019-11-12 12:51:44 +01:00
Raphaël Vinot
1486890f86 fix: JQ all the things. 2019-11-12 10:25:00 +01:00
871d90cfc2
chg: [threat-actor] Calypso group added
Ref: https://www.ptsecurity.com/upload/corporate/ru-ru/analytics/calypso-apt-2019-rus.pdf
MISP UUID: 5ca4718b-7f38-4822-83b7-0a1a0a00b412
2019-11-11 13:34:54 +01:00
Deborah Servili
e310b98bc0
add Palestine PPound 2019-11-07 08:44:49 +01:00
Deborah Servili
50022d3905 Merge branch 'master' of https://github.com/MISP/misp-galaxy 2019-11-07 08:34:05 +01:00
ea8c1dd764
Merge pull request #472 from rmkml/master
Add DoppelPaymer Ransomware
2019-11-06 20:48:33 +01:00
rmkml
9707a5eb0e Add DoppelPaymer Ransomware 2019-11-06 20:41:43 +01:00
Deborah Servili
1a62f7c2cd
jq 2019-11-06 16:23:34 +01:00
Deborah Servili
5b6aae5d1c
update target location WIP 2019-11-06 16:21:10 +01:00
2d1406b4d6
Merge pull request #471 from rmkml/master
Add FreeMe Ransomware
2019-11-06 06:36:53 +01:00
rmkml
656d90fd7c Add FreeMe Ransomware 2019-11-05 23:09:48 +01:00
d9a64c18ff
chg: [threat-actor] threat-actor-classification updated 2019-11-04 09:37:52 +01:00
6f463325b9
chg: [threat-actor] jq is jq 2019-11-03 16:01:09 +01:00
64a3569803
Merge branch 'master' of github.com:MISP/misp-galaxy 2019-11-03 08:52:37 +01:00
8d01e77574
chg: [threat-actor] Operation WizardOpium added
ref: https://securelist.com/chrome-0-day-exploit-cve-2019-13720-used-in-operation-wizardopium/94866/
2019-11-03 08:51:37 +01:00
346e54a321
Merge pull request #468 from Delta-Sierra/master
add Turla Group Symonym variant
2019-11-02 13:40:21 +01:00
Deborah Servili
1da2dc8af1
add Turla Group Symonym variant 2019-10-31 16:33:32 +01:00
Deborah Servili
efa2f43c0f
Merge pull request #467 from Delta-Sierra/master
Few updates
2019-10-31 14:31:16 +01:00
Deborah Servili
bee9b80898
jq 2019-10-31 10:37:36 +01:00
Deborah Servili
0a8f989e1c
add Winnti related tools etc. 2019-10-31 10:36:15 +01:00
Christophe Vandeplas
d32022b241 fix: [attack] fixes old MITRE relationships not being removed 2019-10-27 21:06:26 +01:00
Christophe Vandeplas
4ab9bbbfa3 chg: [attack] update to latest ATT&CK data 2019-10-25 10:12:41 +02:00
1581827875
chg: [attck4fraud] jq all the things 2019-10-20 20:07:29 +02:00
Christophe Vandeplas
eb594cba0f fix: [misinfosec] fixes inconsistent filename 2019-10-20 18:53:02 +02:00
2b84592ff5
Merge branch 'master' of github.com:MISP/misp-galaxy 2019-10-18 14:28:41 +02:00
77605f8d43
chg: [attck4fraud] updates based on issue #466 2019-10-18 14:27:36 +02:00
Rony
1fc0f5e2e7
Update threat-actor.json 2019-10-17 09:46:56 +05:30
Deborah Servili
88025a541f
add operation soft cell 2019-10-14 16:07:35 +02:00
4d4bd3a70c fix: [misinfosec] fixed kill_chain fields 2019-10-09 09:45:52 +02:00
VVX7
e4998efec9 chg: [galaxy] added AMITT galaxy/cluster generator script 2019-10-08 13:52:08 -04:00
VVX7
a0357c735e chg: [galaxy] version number to int 2019-10-07 19:19:45 -04:00
VVX7
0a29445b44 new: [galaxy] AMITT (Adversarial Misinformation and Influence Tactics and Techniques) framework for describing disinformation incidents. AMITT is part of misinfosec - work on adapting information security practices to help track and counter misinformation - and is designed as far as possible to fit existing infosec practices and tools. 2019-10-07 19:07:25 -04:00
Deborah Servili
c27385cfa4
jq 2019-10-07 14:38:16 +02:00
Deborah Servili
5355910a8f
add legitimate tools 2019-10-07 13:38:40 +02:00
Deborah Servili
19452d8c1f Merge branch 'master' of https://github.com/MISP/misp-galaxy 2019-10-07 11:07:00 +02:00
Deborah Servili
569d453ff2
update version 2019-10-07 11:06:27 +02:00
Deborah Servili
0795eecd01
add PlugX rat sysnonyms 2019-10-07 11:04:33 +02:00
ac8236d16d
chg: [misp-galaxy] jq all the things 2019-10-03 14:46:07 +02:00
9e82b025b5
chg: [tool] COMPfun - Reductor added
Ref: https://securelist.com/compfun-successor-reductor/93633/
2019-10-03 14:25:44 +02:00
Deborah Servili
cb774002c9
add Sodinokibi synonym 2019-10-02 11:44:54 +02:00
Deborah Servili
82824be700
fix empty string 2019-09-30 12:55:31 +02:00
Deborah Servili
b7c9d3e034
jq 2019-09-30 11:56:28 +02:00
Deborah Servili
fca032ea73
add TVSPY tool 2019-09-30 10:45:53 +02:00
Deborah Servili
f6c075c3df
WIP update target info 2019-09-27 16:22:01 +02:00
Deborah Servili
c305640290
new galaxy - Region based on UN M49 2019-09-26 13:01:41 +02:00
Deborah Servili
d0068b0ce0
WIP update target info 2019-09-25 15:39:02 +02:00
Deborah Servili
a4b59f647c
jq 2019-09-25 13:41:55 +02:00
Deborah Servili
335402c886 Merge branch 'master' of https://github.com/MISP/misp-galaxy into target-location-galaxy 2019-09-25 13:39:33 +02:00
Deborah Servili
bb3f9dc183
WIP update target info - fix empty string 2019-09-25 13:31:46 +02:00
309109eb27
chg: [threat-actor] new LookBack (Malware?Campaign?TA?)
Signed-off: During MISP training
2019-09-25 12:12:34 +02:00
Deborah Servili
9068e3c742
WIP update target info 2019-09-25 11:46:10 +02:00
a5ae130916
chg: [threat-actor] Evil Eye and POISON CARP
Ref: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/
Signed-off: Jean-Louis during training session
2019-09-25 11:27:03 +02:00
Deborah Servili
83ee520dd5
WIP update target info 2019-09-25 09:44:34 +02:00
Deborah Servili
638cdd4198
version update 2019-09-20 14:54:56 +02:00
Deborah Servili
b9b4b9c651
Add Tortoiseshell thrat actor 2019-09-20 14:53:25 +02:00
Deborah Servili
6d88367497
moar clusters 2019-09-20 09:50:37 +02:00
42f457fc22
Merge pull request #457 from rmkml/master
Add Mr.Dec Ransomware
2019-09-17 10:17:11 +02:00
rmkml
5631d210a0 Add Mr.Dec Ransomware 2019-09-17 00:44:56 +02:00
cc134d7dff
Merge pull request #456 from rmkml/master
Add Hildacrypt Ransomware
2019-09-15 18:24:03 +02:00
rmkml
dff982be20 Add Hildacrypt Ransomware 2019-09-14 21:49:16 +02:00
55da11f8ba
Merge pull request #455 from rmkml/master
Add InnfiRAT
2019-09-14 08:16:35 +02:00
rmkml
f907797d41 Add InnfiRAT 2019-09-14 00:08:54 +02:00
Deborah Servili
7e892eaa7d
update target information [draft] 2019-09-13 16:35:20 +02:00
Deborah Servili
2588df01cc
update target information 2019-09-12 16:22:11 +02:00
StefanKelm
db2b5a13ef
Update threat-actor.json
Silent Librarian
2019-09-12 11:57:03 +02:00
Deborah Servili
1eb23bc55b
update target information 2019-09-12 11:10:41 +02:00
Deborah Servili
6c430ad21e
improve target-information 2019-09-11 16:32:29 +02:00
rmkml
7c89cb308c
Merge branch 'master' into master 2019-09-07 19:52:05 +02:00
rmkml
dfc6321e0c Add AsyncRAT 2019-09-07 19:43:08 +02:00
Deborah Servili
718ea55dd7
Merge branch 'master' into master 2019-09-04 14:42:47 +02:00
Deborah Servili
9e3a998dfc
aff SectorJ04 group 2019-09-03 15:51:21 +02:00
9690d070ab
Merge pull request #450 from rmkml/master
Add Buran Ransomware
2019-09-02 07:39:19 +02:00
rmkml
28ec696272 Add Buran Ransomware 2019-09-01 21:20:28 +02:00
Daniel Plohmann
f40b7dd132
'SectorJ04 Group' as alias introduced by NSHC for TA505
Not explicitly mentioned in the blog post but it looks like we just got an alias for TA505... https://threatrecon.nshc.net/2019/08/29/sectorj04-groups-increased-activity-in-2019/
2019-09-01 15:46:36 +02:00
9920461294
Merge pull request #448 from rmkml/master
Add Nemty Ransomware
2019-08-31 21:27:50 +02:00
rmkml
e79310c861 Add Nemty Ransomware 2019-08-31 21:08:50 +02:00
c7e6a17a31
Merge pull request #447 from Delta-Sierra/target-location-galaxy
improve more clusters
2019-08-30 16:37:39 +02:00
Deborah Servili
5504c10e3d
improve more clusters 2019-08-30 16:32:02 +02:00
b986f06cb4
Merge pull request #446 from wagner-certat/tool-empty-strings
Add test for empty strings
2019-08-30 11:10:16 +02:00
0966e58da6
Merge branch 'master' of github.com:MISP/misp-galaxy 2019-08-30 11:06:29 +02:00
f5056ff02e
chg: [threat-actor] add machete-apt synonyms as reported in #445 2019-08-30 11:03:30 +02:00
Deborah Servili
2c248db419
Merge pull request #441 from Delta-Sierra/target-location-galaxy
More clusters improved
2019-08-30 10:15:56 +02:00
Sebastian Wagner
e13087a9c4
target-information: fix territory-type for China 2019-08-30 10:08:19 +02:00
StefanKelm
49f8f60a85
Update threat-actor.json
Add ITG08 as synonym for FIN6
2019-08-29 13:13:00 +02:00
8d78a2a108
chg: [threat-actor] jq all 2019-08-29 08:31:10 +02:00
791c88f2eb
Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master 2019-08-29 08:30:41 +02:00
Deborah Servili
395dd93e0f
add Asruex Backdoor 2019-08-28 15:40:03 +02:00
9926ea8826
chg: [threat-actor] LYCEUM added - 443 #fixed 2019-08-28 14:35:12 +02:00
Deborah Servili
ea68336b96
add ref for Gamaredon 2019-08-27 08:28:58 +02:00
Deborah Servili
300e3c2bfb
More clusters improved 2019-08-26 17:50:20 +02:00
775b6d1a09
Merge pull request #440 from Delta-Sierra/target-location-galaxy
Target location galaxy
2019-08-23 16:29:23 +02:00
Deborah Servili
fcded146c2
More clusters improved 2019-08-23 16:01:12 +02:00
Deborah Servili
bae47241f0
More clusters improved 2019-08-23 11:14:14 +02:00
a68577a967
Merge pull request #439 from Delta-Sierra/target-location-galaxy
Target location galaxy
2019-08-22 16:24:57 +02:00
Deborah Servili
a579c041d2
More clusters improved 2019-08-22 15:59:11 +02:00
Deborah Servili
b7a97d1baf
More clusters improved 2019-08-22 11:49:09 +02:00
Deborah Servili
6944236943
more countries 2019-08-20 15:24:16 +02:00
Sebastian Wagner
38aebbf42a
remove empty strings 2019-08-19 17:04:07 +02:00
Deborah Servili
93ca9a3123
Merge pull request #437 from Delta-Sierra/target-location-galaxy
Target location galaxy
2019-08-19 08:57:48 +02:00
Deborah Servili
754f8f2a48
complete more cluster + country is now an array 2019-08-14 16:30:28 +02:00
Deborah Servili
3e651e2d74
target-informatione - add membership member-of attribute - Example:member-of NATO 2019-08-13 15:36:10 +02:00
6ca4e4cb17
Merge pull request #436 from Delta-Sierra/target-location-galaxy
Target location galaxy
2019-08-13 15:17:41 +02:00
Deborah Servili
e00f139fa2
jq 2019-08-13 13:01:36 +02:00
Deborah Servili
9accc832e3
change attribute name 2019-08-13 12:08:03 +02:00
Deborah Servili
389a82701a
jq 2019-08-13 11:57:28 +02:00
Deborah Servili
e946ce66db
complete some clusters 2019-08-13 11:55:18 +02:00
d48d2ccd3e
Merge pull request #435 from hackunagi/master
Adding Amavaldo Banking Trojan
2019-08-10 18:53:05 +02:00
3841447e16
Merge pull request #434 from r0ny123/patch-1
added microsoft naming for the groups
2019-08-10 18:52:26 +02:00
Thomas Dupuy
df5c9057a1 add synonyme for Turla 2019-08-09 17:34:22 -04:00
Carlos Borges
d96dc39c5a
Adding Amavaldo Banking Trojan 2019-08-09 18:00:37 -03:00
Rony
feac39db6b
added microsoft naming for the groups 2019-08-09 22:19:09 +05:30
Thomas Dupuy
320e298549 update victims 2019-08-09 10:45:10 -04:00
Thomas Dupuy
1988662ee5 add APT41 2019-08-09 10:24:06 -04:00
Deborah Servili
e239619d15
jq 2019-08-06 15:42:20 +02:00