Commit Graph

1921 Commits (dev)

Author SHA1 Message Date
Delta-Sierra b1c853bf42 update version 2022-07-12 15:51:55 +02:00
Thomas Dupuy 1a8835bcae Remove list from POLONIUM TA. 2022-07-12 13:11:11 +00:00
Thomas Dupuy a86d866534 Add POLONIUM TA. 2022-07-12 12:14:27 +00:00
Delta-Sierra d40017ae50 add Qbot 2022-07-12 14:03:43 +02:00
Delta-Sierra 6c6355f2ba fix typo 2022-07-12 11:31:08 +02:00
Delta-Sierra 300d608770 jq 2022-07-12 10:54:37 +02:00
Delta-Sierra 71c93f5b24 fix caps typo 2022-07-12 10:53:14 +02:00
Delta-Sierra 4ea34fc5a4 Merge https://github.com/Delta-Sierra/misp-galaxy into main 2022-07-12 10:51:59 +02:00
Delta-Sierra 924eda26ca Add EnemyBot +relationships 2022-07-12 10:49:11 +02:00
Deborah Servili ca7d524d9c
Merge branch 'main' into main 2022-07-08 16:27:28 +02:00
Delta-Sierra 29aa7b3f69 add Maui ransomware 2022-07-08 14:49:12 +02:00
Delta-Sierra 56a53433f0 add HelloXD ransomware 2022-07-08 12:05:31 +02:00
Delta-Sierra 279b89f6d9 fix duplicate extension-2 2022-07-06 09:38:02 +02:00
Delta-Sierra 67d5f5c7c0 fix duplicate extension 2022-07-06 09:34:11 +02:00
Delta-Sierra 7e37fa0cdd merge + update medusalocker 2022-07-06 09:28:46 +02:00
Delta-Sierra c2e7ef4fab Update Medusa Locker and others 2022-07-06 08:43:59 +02:00
marjatech 587dc8560b add script to automate malpedia update 2022-07-04 14:24:34 +02:00
Mathieu Beligon 693eed8d78 [threat actor] Break Cleaver aliases into respective entries 2022-07-04 14:05:29 +02:00
marjatech 1212a75cc4 update malpedia 2022-07-04 11:02:02 +02:00
Mathieu Beligon d63c990dad [threat-actors] Separate ITSecTeam from Cleaver 2022-06-30 14:34:05 +02:00
Mathieu Beligon b8d4ffdbde Merge Cutting Kitten and Cleaver 2022-06-29 20:15:12 +02:00
Koen Van Impe 0c9aa68db6 Update surveillance-vendor.json 2022-06-22 13:30:55 +02:00
Koen Van Impe 22c2f7b999 Add RCS Lab S.p.A. to surveillance-vendor 2022-06-22 11:20:52 +02:00
Mathieu Beligon d79c5bd1ab Add ToddyCat Threat actor 2022-06-21 15:12:42 +02:00
Rony c030fcdab6
chg: [threat-actor] added PwC naming for Indian actors
https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf
2022-06-11 15:46:54 +05:30
Thanat0s 44a99d066a Y en a un peut plus je vous le mets quand meme ? 2022-06-11 04:24:04 -04:00
Thanat0s 57befd7259 jq all the things 2022-06-10 19:12:12 -04:00
Thanat0s 51f98f4706 Attck link + typo on TA551 2022-06-10 18:40:16 -04:00
Thanat0s f97fee7135 Typo on TA551 2022-06-10 18:38:25 -04:00
Thanat0s 297acc0f5e Add Mitre vs Thales RosettaStone 2022-06-10 18:24:15 -04:00
Rony e916267c7c
chg: [threat-actor] add reference to bitter & sidewinder group 2022-06-08 23:22:17 +05:30
Christophe Vandeplas 39073004c4 [mitre] bump to MITRE ATT&CK v11.2 2022-05-25 21:03:14 +02:00
Christophe Vandeplas 4a469299fd [mitre] update sorting algo
will make future ATT&CK updates less noisy in the git diff
2022-05-25 21:00:57 +02:00
Mathieu Beligon dca70783bf [threat-actors] validate file 2022-05-23 11:32:24 +02:00
Mathieu Beligon c1cfc19871 [threat actors] Remove dead link for sandworm threat actor 2022-05-23 11:30:04 +02:00
Mathieu Beligon 36a1466661 [threat-actors] Add RansomHouse 2022-05-23 11:29:39 +02:00
Alexandre Dulaunoy a838eaf9db
Merge pull request #717 from jloehel/krane
chg: [cryptominers] Adds Krane
2022-05-18 08:17:16 +02:00
Jürgen Löhel 1be9a10ef9
chg: [cryptominers] Adds Krane
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-05-17 14:47:29 -05:00
Jürgen Löhel 9db5d18114
chg: [android] Adds Vulture
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-05-17 14:16:21 -05:00
Rony 2721522e82
chg: [threat-actor] add exotic lily, ta578, ta579 2022-05-14 20:52:15 +05:30
Jürgen Löhel 45da13ce5e chg: [backdoors] Adds BPFDoor
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-05-11 19:06:19 -05:00
Alexandre Dulaunoy fcdc6c86e6
chg: [threat-actor] add TG2003 synomym to Elephant Beetle 2022-05-09 14:24:28 +02:00
Alexandre Dulaunoy 9130365e2e
chg: [threat-actor] Elephant Beetle added
Fix #708
2022-05-09 14:23:12 +02:00
Alexandre Dulaunoy bb434b11cf
chg: [threat-actor] ModifiedElephant added
Fix #709
2022-05-09 14:16:01 +02:00
Alexandre Dulaunoy 06550a7945
chg: [threat-actor] fix refs field -> it's always an array 2022-05-09 13:46:16 +02:00
Alexandre Dulaunoy b67e3ed3f8
Merge branch 'threatactor-cosmiclynx-add' of https://github.com/adammchugh/MISP-Galaxy-Updates into adammchugh-threatactor-cosmiclynx-add 2022-05-09 13:43:44 +02:00
Rony c0be6677c2
chg: [threat-actor] added actor Red Menshen
https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf
2022-05-07 15:44:10 +05:30
Rony 11eca69ebc
chg: [threat-actor] added Curious Gorge 2022-05-07 12:40:35 +05:30
Daniel Plohmann 26c1850377
Update threat-actor.json
adding Red Dev 4 as alias for GALLIUM as used by PwC.
2022-05-06 09:47:48 +02:00
Daniel Plohmann 06c293072c
Update threat-actor.json
adding UNC3524 to the actor galaxy cluster.
2022-05-04 13:21:56 +02:00
3c7 0ad65fbe9f
Forgot to jq all the things 2022-04-28 09:42:25 +02:00
3c7 dfb6c0668e
Added SaintBear 2022-04-28 09:36:25 +02:00
Christophe Vandeplas 33476bec81 chg: [mitre] bump to MITRE ATT&CK v11.0 2022-04-25 18:29:57 +02:00
Alexandre Dulaunoy 664f6d80cc
chg: [threat-actor] Killnet description added 2022-04-21 15:05:50 +02:00
Alexandre Dulaunoy 1e383e2452
chg: [threat-actor] version updated 2022-04-21 14:53:14 +02:00
Mathieu Beligon c8455a6c4d [actors] Add killnet 2022-04-21 14:06:28 +02:00
Adam McHugh 53a0fc56d3 Added Cosmic Lynx Threat Actor from Agari Whitepaper advisory 2022-04-18 10:16:26 +09:30
Alexandre Dulaunoy bca7381f33
fix: [ransomware] refs are within meta 2022-04-17 15:43:23 +02:00
Alexandre Dulaunoy eb7c5ebaf1
fix: [ransom] remove empty ref 2022-04-17 15:39:02 +02:00
Alexandre Dulaunoy bc696b43f4
chg: [ransomware] jq all the things 2022-04-17 15:35:50 +02:00
Alexandre Dulaunoy 00d33fd292
Merge pull request #701 from adammchugh/ransomware-conti-update
Ammended Conti ransomware entry with ACSC 2021-010 advisory data
2022-04-17 15:35:25 +02:00
Alexandre Dulaunoy 66744a4cd0
Merge pull request #704 from adammchugh/cryptominers-bluemockingbird-add
Added Cryptominer Blue Mockingbird from RedCanary advisory.
2022-04-17 14:43:59 +02:00
Alexandre Dulaunoy 14907e3eef
Merge pull request #703 from adammchugh/threatactor-copypaste-add
Added Copy-Paste Threat Actor from ACSC Advisory 2020-008
2022-04-17 14:43:37 +02:00
Adam McHugh 84eac4b102 Added Cosmic Lynx Threat Actor from Agari Whitepaper advisory 2022-04-17 19:50:08 +09:30
Adam McHugh f00e80ae7e Added Cryptominer Blue Mockingbird from RedCanary advisory. 2022-04-17 19:44:42 +09:30
Adam McHugh cff8a38c5f Added Copy-Paste Threat Actor from ACSC Advisory 2020-008 2022-04-17 19:37:26 +09:30
Adam McHugh 622c0502aa Ammended Conti ransomware entry with ACSC 2021-010 advisory data 2022-04-17 19:23:11 +09:30
Adam McHugh 99caab201f Ammended Blackcat ransomware entry with ACSC 2022-004 advisory data 2022-04-17 18:05:24 +09:30
Thomas Dupuy bd05eb0bba upd: [cluster] add Threat Actor BladeHawk. 2022-04-11 17:03:19 +00:00
Thomas Dupuy 209391f110 upd: [cluster] add ref and synonyms for Energetic Bear. 2022-04-07 18:26:58 +00:00
Alexandre Dulaunoy b649057a5a
chg: [handicap] fixed more fields 2022-04-04 11:09:30 +02:00
Alexandre Dulaunoy aff4345074
chg: [handicap] more cleanup 2022-04-04 11:01:38 +02:00
Alexandre Dulaunoy 269f91ad75
chg: [handicap] more clean-up of uuid values 2022-04-04 10:56:29 +02:00
Alexandre Dulaunoy d3d4e7186b
chg: [handicap] fix name of the clusters 2022-04-04 10:43:56 +02:00
Alexandre Dulaunoy 7e6390c336
Merge pull request #694 from AgatheMgt/main
Handicap
2022-04-04 10:41:06 +02:00
Rony a08ddaf548
Add Avivore & HAZY TIGER/Bitter 2022-04-02 01:14:18 +05:30
Rony 50f39edc10
Revert "update threat actors meta" 2022-04-02 00:55:38 +05:30
Delta-Sierra 73f71c8b15 dup 2022-04-01 16:51:27 +02:00
Delta-Sierra fb557fd3a2 dup 2022-04-01 16:47:50 +02:00
Delta-Sierra 909fc09992 duplicate 2022-04-01 16:44:47 +02:00
Delta-Sierra 7c3e8ac068 fix duplicate 2022-04-01 16:40:40 +02:00
Delta-Sierra dcc396108c fix duplicate 2022-04-01 16:36:47 +02:00
Delta-Sierra 9257fb677b merge 2022-04-01 16:32:10 +02:00
Delta-Sierra 0f7803b091 update threat actors meta 2022-04-01 16:00:27 +02:00
Sami Mokaddem 4242732af1
chg: jq all 2 2022-03-31 09:05:22 +02:00
Sami Mokaddem a9a09d11c6
chg: jq all 2022-03-31 08:59:36 +02:00
Mathieu Beligon c35fad3291 Add threat actor group Scarab 2022-03-28 12:11:34 +02:00
Alexandre Dulaunoy 94c3788089
Merge pull request #687 from Badis-dev/main
Add galaxy and cluster cancer
2022-03-25 10:04:46 +01:00
AgatheMgt aec779d1ee poatate 2022-03-24 09:43:58 -04:00
AgatheMgt 3ce6d7a313
Update handicap.json 2022-03-24 07:48:49 -04:00
AgatheMgt a6a16926f6
Create handicap.json 2022-03-24 07:08:08 -04:00
Daniel Plohmann 24a3f16ab4
adding threat actor group LAPSUS$ / DEV-0537. 2022-03-23 09:47:10 +01:00
Delta-Sierra 97690426bf update threat actors meta 2022-03-18 16:41:10 +01:00
Alexandre Dulaunoy 6f0208dcaf
chg: [ransomware] UUID fixed 2022-03-18 16:03:27 +01:00
Alexandre Dulaunoy ef5af37dbe
chg: [botnet] duplicate UUIDs replaced 2022-03-18 15:58:09 +01:00
Alexandre Dulaunoy c0a07d2246
chg: [ransomware] replace duplicate UUIDs 2022-03-18 15:57:06 +01:00
botlabsDev 6416d0b2de add Rook Ransomware, Pandora Ranomsware, Astro Locker, Mount Locker, Ripprbot, Abcbot Cyclops Blink and Elknot 2022-03-18 15:34:11 +01:00
Alexandre Dulaunoy 18069ce5f3
Merge pull request #688 from botlabsDev/patch-0
Add tool 'BadPotato' to clusters/tool.json
2022-03-15 12:30:47 +01:00
Alexandre Dulaunoy 7fd5715715
Merge pull request #691 from r0ny123/indian-adversaries
Update to Indian Adversaries
2022-03-15 12:28:16 +01:00
Rony eebda5f955
chg: [threat-actor] merging viceroy tiger and donot team & adding SectorE02 as an alias of Donot team 2022-03-15 15:02:57 +05:30
Rony ac72e7b639
fix 2022-03-15 14:00:46 +05:30
Rony 3b67e745e5
Update threat-actor.json 2022-03-15 13:57:00 +05:30
botlabsDev 99ab2a13d6 Add tool 'BadPotato' to clusters/tool.json 2022-03-14 18:02:02 +01:00
Badis-dev 231915f9a4 add galaxy and cluster cancer 2022-03-11 14:20:09 +01:00
Badis-dev 27241135a2
Add cancer.json 2022-03-11 11:26:57 +01:00
Badis-dev 78f1c9f345
Delete cancer.json 2022-03-11 11:26:30 +01:00
Badis-dev 1c707f7c5e
Add cancer cluster 2022-03-11 11:13:57 +01:00
Delta-Sierra 957327383d fix array 2022-03-07 16:10:53 +01:00
Delta-Sierra a7f3df8a9a merge 2022-03-07 16:04:38 +01:00
Delta-Sierra 8fd3c87b47 update threat actors meta 2022-03-07 15:54:29 +01:00
Alexandre Dulaunoy 8e09c9b30c
Merge pull request #685 from danielplohmann/patch-14
adding threat actor "Moses Staff"
2022-03-02 21:43:00 +01:00
Daniel Plohmann 896a451461
fixed with linted JSON. 2022-03-02 21:22:28 +01:00
Daniel Plohmann a817324cd4
adding threat actor "Moses Staff" 2022-03-02 15:50:39 +01:00
Mathieu Beligon 0b456b8afa version bump -> 213 2022-03-02 14:55:26 +01:00
Mathieu Beligon d3d241ca54 Update Gamaredon target 2022-03-02 14:55:19 +01:00
Mathieu Beligon 27c05a118e Update GhostWriter 2022-03-02 13:16:20 +01:00
Delta-Sierra c909a35d65 Merge https://github.com/MISP/misp-galaxy into main 2022-02-18 10:57:10 +01:00
Delta-Sierra a788c867a7 jq 2022-02-18 10:56:07 +01:00
Delta-Sierra b0cd884afc add TA2541 2022-02-18 10:54:25 +01:00
Daniel Plohmann 321e4b4a57
another Gamaredon ref and version bump 2022-02-18 08:26:01 +01:00
Daniel Plohmann 254dd47a61
adding ACTINIUM as MSFT name for Gamaredon 2022-02-18 08:24:35 +01:00
Delta-Sierra 33ef3317b7 fix duplicate 2022-02-14 10:02:36 +01:00
Delta-Sierra 9b76d71c43 Merge https://github.com/MISP/misp-galaxy into main 2022-02-14 08:47:21 +01:00
Delta-Sierra 3184819968 add DDG botnet and more 2022-02-11 16:13:36 +01:00
rwe 4700780d47 added antlion APT group 2022-02-05 04:52:33 -08:00
Alexandre Dulaunoy f49b54281b
chg: [ransomware] set encryption only 2022-02-02 22:36:14 +01:00
Alexandre Dulaunoy 3328b73185
fix: [ransomware] array end missing 2022-02-02 22:32:39 +01:00
Kevin Holvoet 3d23f98d04
Forgot comma between JSON entries 2022-02-02 18:58:55 +01:00
Kevin Holvoet 389add7580
Update ransomware.json with URL fix
Fixed URL for AlphaLocker
2022-02-02 18:54:31 +01:00
Kevin Holvoet fa9829cec0
Update ransomware.json: add BlackCat (ALPHV) 2022-02-02 18:50:19 +01:00
Daniel Plohmann 833a6e0a8d
updated URLs for Gamaredon with Shuckworm alias reference 2022-02-02 09:40:10 +01:00
Daniel Plohmann 8f928d8eb3
adding Gamaredon alias Shuckworm used by Symantec 2022-02-02 09:35:53 +01:00
Delta-Sierra 5cf1eb01f4 Merge https://github.com/MISP/misp-galaxy into main 2022-01-31 10:04:07 +01:00
Alexandre Dulaunoy 1fda357a03
new: [surveillance] Cytrox added 2022-01-30 11:31:55 +01:00
Jürgen Löhel 22046a1eae
Adds WhisperGate
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-01-18 13:16:06 -06:00
Delta-Sierra e523bdaf70 merge 2022-01-14 16:08:14 +01:00
Jürgen Löhel 3059c70ae6
Adds UPAS-Kit
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-01-13 11:53:32 -06:00
Thomas Dupuy c792bdd1b7 Add AQUATIC PANDA threat actor. 2022-01-12 13:51:11 -05:00
Thomas Dupuy afaf3a3110 Add Motnug tool. 2022-01-12 13:37:59 -05:00
Jürgen Löhel 5aa8a8a8b1
Adds Ragnatela RAT
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-01-10 15:57:10 -06:00
Sami Tainio dcb87b0dc6 chg: [threat-actor] Add SideCopy 2022-01-07 17:45:41 +02:00
Daniel Plohmann 3094283252
adding Mandiant's FIN13. 2022-01-03 09:32:43 +01:00
Alexandre Dulaunoy eba1b2839f
chg: [concordia] CMTMF killchain typo fixed 2021-12-20 10:41:00 +01:00
Raphaël Vinot b4d518d4f0 fix: cmtmf-attack-pattern had multiple duplicate UUIDs 2021-12-17 17:58:29 +01:00
Alexandre Dulaunoy 12617ff627
chg: [concordia] fix name inconsistencies 2021-12-17 17:41:00 +01:00
Alexandre Dulaunoy 69b582f9ba
chg: [concordia] duplicate removed 2021-12-17 17:31:38 +01:00
Alexandre Dulaunoy bc3ab62917
chg: [concordia] duplicate removed 2021-12-17 17:26:04 +01:00
Alexandre Dulaunoy ee2a3c83f4
chg: [concordia] duplicate techniques removed 2021-12-17 17:21:00 +01:00
Alexandre Dulaunoy 01d23b61b7
chg: [concordia] typo fixed 2021-12-17 17:15:43 +01:00
Alexandre Dulaunoy 01f2ce68d4
chg: [misp-galaxy] duplicate modify trusted environment and also different technique ID? 2021-12-17 17:13:57 +01:00
Alexandre Dulaunoy 5becac98e4
chg: [concordia] duplicates removed 2021-12-17 16:51:11 +01:00
Alexandre Dulaunoy ae7b7bd47d
chg: [cmtmf-attack-pattern] various fixes to make JSON ok 2021-12-17 16:08:07 +01:00
Alexandre Dulaunoy 7b587710b1
Merge branch 'concordia_mtmf' of https://github.com/BennSaturn/misp-galaxy into BennSaturn-concordia_mtmf 2021-12-17 15:55:03 +01:00
Jürgen Löhel b81ac7f01d Adds DarkWatchman RAT
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-12-17 07:20:58 -06:00
Delta-Sierra b8960393a4 add Milan Rat, Shark tool and Lyceum synonyms 2021-11-29 16:00:40 +01:00
Delta-Sierra bb92427b65 add Lyceum synonyms/sources 2021-11-29 12:05:51 +01:00
Delta-Sierra 78a8cf4ad2 add ESPecter Bootkit 2021-11-19 16:30:57 +01:00
Delta-Sierra c89623e945 add ESPecter bootkit 2021-11-16 08:17:37 +01:00
Christophe Vandeplas aeb5719448 chg: [att&ck] update to ATT&CK v10 2021-10-22 14:34:25 +02:00
Alexandre Dulaunoy ab41df7282
chg: [malpedia] remove duplicate 2021-10-20 12:24:12 +02:00
Alexandre Dulaunoy e517787e7c
chg: [malpedia] duplicates removed 2021-10-20 12:21:05 +02:00
Alexandre Dulaunoy 69f878c86f
fix: [malpedia] remove duplicate urls 2021-10-20 12:16:22 +02:00
Alexandre Dulaunoy da91f2abc2
chg: [malpedia] updated 2021-10-20 10:21:03 +02:00
marjatech d74fdb3e43
update malpedia 2021-10-19 16:21:19 +02:00
Bernardo Santos e74fcfe268 Update cmtmf-attack-pattern.json
- update version
2021-10-13 10:06:00 +02:00
Bernardo Santos 5f19983ba3 Update cmtmf-attack-pattern.json
- Changes to cluster type
- Fix typo for privilege escalation tactic
2021-10-13 09:57:03 +02:00
Bernardo Santos 49dfcca563 CONCORDIA MTMF - Initial version
Initial version of the CONCORDIA Mobile Threat Modelling Framework for the CONCORDIA Project: https://www.concordia-h2020.eu/
2021-10-12 10:54:06 +02:00
Bernardo Santos d09681b011 CONCORDIA MTMF - Initial version
Initial version of the CONCORDIA Mobile Threat Modelling Framework for the CONCORDIA Project: https://www.concordia-h2020.eu/
2021-10-12 10:45:03 +02:00
Jeroen Pinoy 9ec76ae185
Add threat actor common raven 2021-10-03 23:30:20 +02:00
Thomas Patzke 26f0c344a1 Added O365 techniques
Source:
https://www.inversecos.com/2021/09/office365-attacks-bypassing-mfa.html
2021-09-18 23:27:38 +02:00
Thomas Dupuy 1985de4d44 Add BLUELIGHT tool. 2021-08-27 10:28:06 +02:00
Thomas Dupuy 89a3f986ba Add InkySquid synonym. 2021-08-24 16:29:34 +02:00
Daniel Plohmann 3272960a14
fixed typo in actor name (CLOCKWORD -> CLOCKWORK SPIDER) 2021-08-19 06:02:40 +02:00
Rony 5dd0c7d8b3
chg: [threat-actor] add origin country to UNC2452 & HAFNIUM
addressed https://github.com/MISP/misp-galaxy/pull/660#issuecomment-884475015
2021-08-02 22:30:05 +05:30
Rony 636ccdedcd
Update threat-actor.json 2021-07-21 18:47:56 +05:30
Rony 9ecfecc063
another fix 2021-07-21 18:41:18 +05:30
Rony 32ea60d721
fix 2021-07-21 18:31:05 +05:30
Rony 52e7d5a0a9
multiple updates to apt40, apt31 & hafnium 2021-07-21 18:28:40 +05:30
Rony fb9a41f8e9
from Gov Canada & MFA Japan 2021-07-19 20:33:35 +05:30
Rony c90c60cb13
adding references for APT40 & APT31 2021-07-19 20:14:36 +05:30
Alexandre Dulaunoy 6c8949caa9
Merge pull request #658 from jasperla/oilrig
merge APT34 with OilRig
2021-07-03 08:56:39 +02:00
Deborah Servili b6005bd53f
Merge branch 'main' into master 2021-07-02 13:30:51 +02:00
Delta-Sierra 913aff30c3 Add NOBELIUM and related 2021-07-02 13:18:03 +02:00
Jasper Lievisse Adriaanse 792490298e merge APT34 with OilRig
OilRig already has "APT 34" and "APT34" as synonyms. Additionally
MITRE has since combined them due to overlap in activity:
https://attack.mitre.org/groups/G0049/
2021-06-29 20:26:04 +02:00
Alexandre Dulaunoy a5d7d85dc8
Merge pull request #657 from jloehel/add_matanbuchus
[cluster][tool] Adds Matanbuchus
2021-06-22 07:23:20 +02:00
Jürgen Löhel 254c201601
[cluster][tool] Adds Matanbuchus
+ threat actor: BelialDemon

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-06-21 18:04:28 -05:00
Jürgen Löhel 381973f5de
[cluster][stealer] Adds HackBoss
Fixes: #651

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-06-21 16:35:20 -05:00
Thomas Dupuy 772c5145c1 Added BackdoorDiplomacy and Gelsemium. 2021-06-11 11:48:57 -04:00
Rony 9a723b6261
more ta544 references 2021-05-26 20:26:27 +05:30
Rony db06e1fa4a
chg: [threat-actor] added cybercrime threat group profiles from Crowdstrike & Secureworks 2021-05-22 21:02:30 +05:30
Daniel Plohmann 433ea5cb45
Twisted Spider -> TWISTED SPIDER
fair point
2021-05-19 17:04:58 +02:00
Daniel Plohmann 9719122d27
adding Twisted Spider as alias for TA2101 (Maze) 2021-05-19 16:47:41 +02:00
Alexandre Dulaunoy a3cdbc1309
Merge pull request #650 from Still34/patches/alias-tick-1
Add alias for Tick
2021-05-07 23:23:38 +02:00
Still Hsu eb671f1e6a
Add Nian alias
Signed-off-by: Still Hsu <dev@stillu.cc>
2021-05-08 00:52:27 +08:00
Still Hsu fe7c0dab07
Add country origin for BlackTech
Signed-off-by: Still Hsu <dev@stillu.cc>
2021-05-08 00:32:39 +08:00
Daniel Plohmann 38b8bac51d
fixing broken/dead links 2021-05-04 20:15:17 +02:00
Alexandre Dulaunoy 6f7d3d5c2b
chg: [ransomware] COLT (Compromise to Leak Time) added on Darkside and Pysa
"COLT – Compromise to Leak Time" - new meta colt-median/colt-average.

For reference: https://vulnerability.ch/2021/05/colt-compromise-to-leak-time/
2021-05-03 07:41:43 +02:00
Alexandre Dulaunoy 7aaf25a424
new: [ransomware] Ragnarok added 2021-04-30 12:08:03 +02:00
Alexandre Dulaunoy 94ec98d544
Merge pull request #646 from r0ny123/update
Updates to APT27 & Tick
2021-04-29 18:29:53 +02:00
Christophe Vandeplas 86ee7008b2 chg: [att&ck] bump to latest ATT&CK version from MITRE 2021-04-29 18:12:36 +02:00
mokaddem 211a4b5145 fix: [ransomware] Related key should be outside metas 2021-04-26 13:48:06 +02:00
Rony 4ba2db0f3a FlatChestWare duplicate removed 2021-04-26 16:24:09 +05:30
Alexandre Dulaunoy ef9989dbe8
chg: [ransomware] duplicate removed 2021-04-26 12:06:03 +02:00
Alexandre Dulaunoy 847d3e8fa7
chg: [ransomware] duplicate removed 2021-04-26 12:01:01 +02:00
Alexandre Dulaunoy f3992ec5f1
chg: [ransomware] duplicates removed 2021-04-26 11:57:21 +02:00
Alexandre Dulaunoy f2703bd03e
chg: [ransomware] Flyper removed 2021-04-26 11:52:28 +02:00
Delta-Sierra 3cae487e3d fix duplicates and add relations 2021-04-26 11:25:39 +02:00
Rony faed812fc9 Merged STALKER PANDA to Tick 2021-04-25 19:12:20 +05:30
Rony 89b9c0c32c several updates to apt27 2021-04-25 16:53:36 +05:30
Delta-Sierra 0a05621f82 Merge https://github.com/MISP/misp-galaxy 2021-04-19 15:48:58 +02:00
Delta-Sierra b138354fa5 Removing duplicate 2021-04-19 15:42:49 +02:00
Alexandre Dulaunoy 28f6475cc5
chg: [ransomware] first duplicate removed 2021-04-19 15:13:18 +02:00
Alexandre Dulaunoy e7061f90d9
chg: [ransomware] remove duplicate "File-Locker" 2021-04-19 15:08:06 +02:00
Alexandre Dulaunoy ab13dd00f8
Merge pull request #645 from Delta-Sierra/master
Adding ransomware names [WIP 2/3]
2021-04-19 15:03:12 +02:00
Delta-Sierra f5713a8d87 Removing unexpected line 2021-04-19 14:53:36 +02:00
Delta-Sierra b7b4b356c3 Adding ransomware names [WIP 3] 2021-04-19 14:47:10 +02:00
Delta-Sierra fdf1a6c112 Adding ransomware names [WIP 2] 2021-04-19 13:24:25 +02:00
Daniel Plohmann 6eb594a6b0
adding Yanbian Gang as threat actor 2021-04-16 15:12:45 +02:00
Delta-Sierra f3456a89c5 fix version 2021-04-15 15:08:11 +02:00
Delta-Sierra 4bcd0492bd Adding ransomwares WIP 2021-04-15 15:07:52 +02:00
Daniel Plohmann 2d8e9ea364
Symantec uses Palmerworm as alias for BlackTech
Adding Palmerworm as Symantec alias for BlackTech (with reference).
2021-03-31 22:35:12 +02:00
Thomas Dupuy a8c62ddeda Add Ghostwriter. 2021-03-31 09:42:40 -04:00
Rony 50f5d2ae4a
reverted changes made into 52ae97718d 2021-03-30 22:19:05 +05:30
sebdraven ce8a9442eb validation jsons 2021-03-30 13:12:21 +00:00
Sebdraven 52ae97718d Update threat-actor.json
add a synonym to Haffnium
2021-03-30 15:11:09 +02:00
sebdraven b082977b9f validation ok 2021-03-30 10:22:35 +00:00
Sebdraven 4ed4cebcee Update threat-actor.json
format json
2021-03-30 12:16:22 +02:00
Sebdraven a62e3ba530 Update threat-actor.json
add redecho threat actor
2021-03-30 12:10:50 +02:00
Jakub Onderka ca9608da6d fix: Cryptominers type 2021-03-27 22:07:33 +01:00
Alexandre Dulaunoy 26b9740e55
chg: [malpedia] jq all the file and removed ref duplicates 2021-03-13 11:00:39 +01:00
Jakob M f02ce7e805 update to latest
Ref: https://malpedia.caad.fkie.fraunhofer.de/api/get/misp
2021-03-12 10:35:12 +01:00
Delta-Sierra eff327b4fd fix progress 2021-03-11 14:42:55 +01:00
Delta-Sierra 7c843ac5c2 fix merge & jq 2021-03-11 14:08:29 +01:00
Delta-Sierra c37befc8a9 merge 2021-03-11 10:35:05 +01:00
Alexandre Dulaunoy 855a12a408
chg: [clusters] fixing broken UUID fix #628 2021-03-11 09:54:50 +01:00
Alexandre Dulaunoy f6ed00233e
chg: [ransomware] fix the broken UUID fix #628 2021-03-11 09:52:25 +01:00
Rony 57c7d0b9a0
From Nextron 2021-03-06 19:44:32 +05:30
Rony 6cabbfb091
more! 2021-03-06 14:22:29 +05:30
Rony 7b242555df
More references
From 
Crowdstrike
MSRC
and kql hunting query from James Quinn
2021-03-06 13:28:14 +05:30
Rony eaab88ef28
add HAFNIUM detection refs 2021-03-05 16:51:28 +05:30
Rony 4bc438a325
fix 2021-03-05 11:48:43 +05:30
Rony d9b299aafc
add more HAFNIUM references 2021-03-05 11:42:04 +05:30
Rony c9f7afef1c
Adding alias NOBELIUM 2021-03-04 22:39:33 +05:30
Alexandre Dulaunoy 47dade9d0e
Merge pull request #631 from r0ny123/Enhancement
Add HAFNIUM
2021-03-04 14:48:01 +01:00
Alexandre Dulaunoy a9a6b0253f
chg: [microsoft activity group] HAFNIUM added 2021-03-04 10:49:58 +01:00
Rony ad795606cf
added HAFNIUM
Updates:
Tonto Team
UNC2452
2021-03-04 00:10:33 +05:30
Sebdraven 2666341afc Update threat-actor.json
update Sidewinder card
2021-03-03 17:59:25 +01:00
Thomas Dupuy f842694fda Update Infy TA. 2021-03-02 14:37:01 -05:00
Alexandre Dulaunoy 524676282e
Merge branch 'main' of github.com:MISP/misp-galaxy into main 2021-02-26 08:30:58 +01:00
Alexandre Dulaunoy 4692ced8fa
chg: [tool] SUNSPOT added 2021-02-26 08:28:01 +01:00