Commit Graph

1979 Commits (437d4a30e5a3cd2f918e8f2004c90f44743d1f30)

Author SHA1 Message Date
Mathieu Beligon 1acc51a7a6 [threat-actors] Add more data about APT-C-27 2022-08-18 15:44:18 -07:00
Mathieu Beligon ec988c97d0 [threat-actors] Remove duplicated APT-C-27 2022-08-18 15:34:08 -07:00
Mathieu Beligon d9046c8619 [threat-actors] Remove duplicated BRONZE PRESIDENT entity 2022-08-18 15:12:18 -07:00
Mathieu Beligon a046e8094d Merge APT30 and Naikon 2022-08-18 11:36:45 -07:00
Mathieu Beligon 5e4a4c3453 Merge branch 'main' into threat-actors/fix-naikon-cluster 2022-08-18 09:01:36 -07:00
Mathieu Beligon 264e764dfa Remove ATK34 alias 2022-08-18 08:59:04 -07:00
Delta-Sierra 3f036db1e3 add TA558 2022-08-18 15:54:28 +02:00
Mathieu Beligon 71e3e1f3eb Fix ATK aliases 2022-08-17 13:39:43 -07:00
Mathieu Beligon a6242d4732 Merge branch 'main' into threat-actors/fix-naikon-cluster 2022-08-17 13:37:01 -07:00
Mathieu Beligon 0d6399aa2b Add ATK78 alias for Thrip 2022-08-17 12:04:32 -07:00
Mathieu Beligon 53282255ce Branch out Goblin Panda from Hellsing 2022-08-17 11:55:35 -07:00
Mathieu Beligon 3f50cf0175 Create a tool for Esile 2022-08-17 11:19:30 -07:00
Rony f608312577 addresses https://github.com/MISP/misp-galaxy/pull/751#issuecomment-1217680586 2022-08-17 08:52:35 +00:00
Rony ccd10b54f4
remove duplicate reference 2022-08-17 12:49:56 +05:30
Rony 0cec882cc5 merge microcin/sixlittlemonkeys to vicious panda 2022-08-17 07:06:51 +00:00
Alexandre Dulaunoy a373909bb1
Merge pull request #748 from r0ny123/patch-2
Update threat-actor.json
2022-08-17 07:44:46 +02:00
Alexandre Dulaunoy 352998a84d
fix: [threat-actor] add missing refs for APT33 including CFR link 2022-08-17 07:40:23 +02:00
Mathieu Beligon d05b29c1af [threat-actors] Remove duplicate APT33 2022-08-16 17:15:30 -07:00
Mathieu Beligon 9c6f106928 [threat actor] Fix aliases related to Lotus Panda 2022-08-16 16:58:35 -07:00
Rony 5b25b574b3 add uac-0010 references from cert-ua 2022-08-16 10:19:53 +00:00
Rony 370045b01d Merge "red october" and "cloud atlas" to inception framework" 2022-08-16 09:30:29 +00:00
Rony 62b168600f
fix duplicates 2022-08-16 12:15:30 +05:30
Rony 490bc6a05c
fix duplicate 2022-08-16 12:10:27 +05:30
Rony bbe84c5985
updates to russian actors 2022-08-16 12:07:59 +05:30
Rony de76aef023
Update threat-actor.json 2022-08-16 10:49:13 +05:30
Rony f4b63d4514
updates to tianwu 2022-08-16 10:30:33 +05:30
Alexandre Dulaunoy 96d31aa8c7
chg: [threat-actor] jq all the things 2022-08-11 17:50:00 +02:00
Thomas Dupuy ed24dcaf19 Add link for SLIME29. 2022-08-11 15:41:01 +00:00
Thomas Dupuy 912050b9b7 Update commit based on feeback. 2022-08-11 15:20:32 +00:00
Thomas Dupuy 6e0df72ef4 Add Threat Actors from BH Asia22 prez. 2022-08-10 18:53:38 +00:00
Christophe Vandeplas 1369756810 chg: [atrm] Add Azure Threat Research Matrix Galaxy and generation script 2022-08-06 21:19:31 +02:00
Daniel Plohmann bdaadea58e
removing a leading double quote in a URL. 2022-08-02 18:17:58 +02:00
Daniel Plohmann bc20a463c8
merging TG2003 / Elephant Beetle into FIN13
as indicated in the respective resources published by the organizations using these aliases.
2022-08-02 14:11:43 +02:00
Alexandre Dulaunoy 6427746ad8
Merge pull request #727 from Mathieu4141/threat-actors/merge-cutting-kitten-cleaver
Fix Cleaver aliases
2022-07-27 23:17:42 +02:00
Alexandre Dulaunoy 63f5122ad4
Merge pull request #742 from r0ny123/patch-1
Update threat-actor.json
2022-07-27 18:56:47 +02:00
Mathieu Beligon 51aacd6b03 Reduce diff with old version 2022-07-26 23:53:22 -07:00
Mathieu Beligon acc6ada575 r0ny123.review: Use Cutting Kitten as main value for ITSecTeam 2022-07-26 23:27:39 -07:00
Mathieu Beligon d815bfa174 Merge remote-tracking branch 'upstream/main' into threat-actors/merge-cutting-kitten-cleaver 2022-07-26 23:22:03 -07:00
Daniel Plohmann 26f6a33695
more aliases from Unit 42 2022-07-26 11:09:33 +02:00
Rony 5a7f3a7207
fix 2022-07-25 17:17:52 +05:30
Rony 8ce0df6eb4
Update threat-actor.json
Merge aquatic panda & earth lusca
2022-07-25 17:15:23 +05:30
Alexandre Dulaunoy 6b6398bf2d
fix: [threat-actor] incorrect merge fixed 2022-07-20 18:45:50 +02:00
Alexandre Dulaunoy b4ce9a9453
Merge branch 'main' of https://github.com/r0ny123/misp-galaxy into r0ny123-main 2022-07-20 18:41:27 +02:00
Rony add6b27466 update 2022-07-20 21:39:33 +05:30
Rony 2b54df56f9 update 2022-07-20 21:32:11 +05:30
Rony 2e045d9c8c chg: [fix] resolve conflict 2022-07-20 21:28:15 +05:30
Daniel Plohmann 5825783a85
removed duplicate UUID for Kinsing
my apologies, looks like I had not rolled a new UUID for one of the entries added...
2022-07-20 17:07:05 +02:00
Rony 932fcf1871 added Red Nue 2022-07-20 15:07:35 +05:30
Rony 082039b3b0 added CN actors from secureworks threat profile
https://www.secureworks.com/research/threat-profiles?filter=item-china and fixed some AKAs
2022-07-20 14:52:58 +05:30
Daniel Plohmann ed32c508b7
added more Unit 42 aliases / groups 2022-07-20 08:38:03 +02:00
Rony 000bfe92d9 add APT9/Red Pegasus & BRONZE EDGEWOOD/Red Hariasa 2022-07-20 10:04:58 +05:30
Rony 2e8a577b0c add PwC naming to CN actors 2022-07-20 09:45:21 +05:30
Rony 3fabd58416 chg: [threat-actor] fixed 2022-07-19 23:36:30 +05:30
Rony 79c84d3768 add Earth Berberoka, Earth Lusca and Earth Wendigo 2022-07-19 22:42:50 +05:30
Daniel Plohmann 082d506b64
adding new Unit 42 names
First PR: those are the directly mappable names. I will follow up after deconfliction and then with a few new entries.
2022-07-19 08:45:09 +02:00
Daniel Plohmann 240a757826
Update threat-actor.json
adding Predatory Sparrow due to recent events.
2022-07-13 10:02:07 +02:00
Alexandre Dulaunoy cf603e8160
Merge pull request #736 from Delta-Sierra/main
add Qbot
2022-07-12 18:41:33 +02:00
Thomas Dupuy 90da0d798f Set country to LB instead of IR based on operational activity. 2022-07-12 16:21:41 +00:00
Delta-Sierra b1c853bf42 update version 2022-07-12 15:51:55 +02:00
Thomas Dupuy 1a8835bcae Remove list from POLONIUM TA. 2022-07-12 13:11:11 +00:00
Thomas Dupuy a86d866534 Add POLONIUM TA. 2022-07-12 12:14:27 +00:00
Delta-Sierra d40017ae50 add Qbot 2022-07-12 14:03:43 +02:00
Delta-Sierra 6c6355f2ba fix typo 2022-07-12 11:31:08 +02:00
Delta-Sierra 300d608770 jq 2022-07-12 10:54:37 +02:00
Delta-Sierra 71c93f5b24 fix caps typo 2022-07-12 10:53:14 +02:00
Delta-Sierra 4ea34fc5a4 Merge https://github.com/Delta-Sierra/misp-galaxy into main 2022-07-12 10:51:59 +02:00
Delta-Sierra 924eda26ca Add EnemyBot +relationships 2022-07-12 10:49:11 +02:00
Deborah Servili ca7d524d9c
Merge branch 'main' into main 2022-07-08 16:27:28 +02:00
Delta-Sierra 29aa7b3f69 add Maui ransomware 2022-07-08 14:49:12 +02:00
Delta-Sierra 56a53433f0 add HelloXD ransomware 2022-07-08 12:05:31 +02:00
Delta-Sierra 279b89f6d9 fix duplicate extension-2 2022-07-06 09:38:02 +02:00
Delta-Sierra 67d5f5c7c0 fix duplicate extension 2022-07-06 09:34:11 +02:00
Delta-Sierra 7e37fa0cdd merge + update medusalocker 2022-07-06 09:28:46 +02:00
Delta-Sierra c2e7ef4fab Update Medusa Locker and others 2022-07-06 08:43:59 +02:00
marjatech 587dc8560b add script to automate malpedia update 2022-07-04 14:24:34 +02:00
Mathieu Beligon 693eed8d78 [threat actor] Break Cleaver aliases into respective entries 2022-07-04 14:05:29 +02:00
marjatech 1212a75cc4 update malpedia 2022-07-04 11:02:02 +02:00
Mathieu Beligon d63c990dad [threat-actors] Separate ITSecTeam from Cleaver 2022-06-30 14:34:05 +02:00
Mathieu Beligon b8d4ffdbde Merge Cutting Kitten and Cleaver 2022-06-29 20:15:12 +02:00
Koen Van Impe 0c9aa68db6 Update surveillance-vendor.json 2022-06-22 13:30:55 +02:00
Koen Van Impe 22c2f7b999 Add RCS Lab S.p.A. to surveillance-vendor 2022-06-22 11:20:52 +02:00
Mathieu Beligon d79c5bd1ab Add ToddyCat Threat actor 2022-06-21 15:12:42 +02:00
Rony c030fcdab6
chg: [threat-actor] added PwC naming for Indian actors
https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf
2022-06-11 15:46:54 +05:30
Thanat0s 44a99d066a Y en a un peut plus je vous le mets quand meme ? 2022-06-11 04:24:04 -04:00
Thanat0s 57befd7259 jq all the things 2022-06-10 19:12:12 -04:00
Thanat0s 51f98f4706 Attck link + typo on TA551 2022-06-10 18:40:16 -04:00
Thanat0s f97fee7135 Typo on TA551 2022-06-10 18:38:25 -04:00
Thanat0s 297acc0f5e Add Mitre vs Thales RosettaStone 2022-06-10 18:24:15 -04:00
Rony e916267c7c
chg: [threat-actor] add reference to bitter & sidewinder group 2022-06-08 23:22:17 +05:30
Christophe Vandeplas 39073004c4 [mitre] bump to MITRE ATT&CK v11.2 2022-05-25 21:03:14 +02:00
Christophe Vandeplas 4a469299fd [mitre] update sorting algo
will make future ATT&CK updates less noisy in the git diff
2022-05-25 21:00:57 +02:00
Mathieu Beligon dca70783bf [threat-actors] validate file 2022-05-23 11:32:24 +02:00
Mathieu Beligon c1cfc19871 [threat actors] Remove dead link for sandworm threat actor 2022-05-23 11:30:04 +02:00
Mathieu Beligon 36a1466661 [threat-actors] Add RansomHouse 2022-05-23 11:29:39 +02:00
Alexandre Dulaunoy a838eaf9db
Merge pull request #717 from jloehel/krane
chg: [cryptominers] Adds Krane
2022-05-18 08:17:16 +02:00
Jürgen Löhel 1be9a10ef9
chg: [cryptominers] Adds Krane
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-05-17 14:47:29 -05:00
Jürgen Löhel 9db5d18114
chg: [android] Adds Vulture
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-05-17 14:16:21 -05:00
Rony 2721522e82
chg: [threat-actor] add exotic lily, ta578, ta579 2022-05-14 20:52:15 +05:30
Jürgen Löhel 45da13ce5e chg: [backdoors] Adds BPFDoor
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-05-11 19:06:19 -05:00
Alexandre Dulaunoy fcdc6c86e6
chg: [threat-actor] add TG2003 synomym to Elephant Beetle 2022-05-09 14:24:28 +02:00
Alexandre Dulaunoy 9130365e2e
chg: [threat-actor] Elephant Beetle added
Fix #708
2022-05-09 14:23:12 +02:00
Alexandre Dulaunoy bb434b11cf
chg: [threat-actor] ModifiedElephant added
Fix #709
2022-05-09 14:16:01 +02:00
Alexandre Dulaunoy 06550a7945
chg: [threat-actor] fix refs field -> it's always an array 2022-05-09 13:46:16 +02:00
Alexandre Dulaunoy b67e3ed3f8
Merge branch 'threatactor-cosmiclynx-add' of https://github.com/adammchugh/MISP-Galaxy-Updates into adammchugh-threatactor-cosmiclynx-add 2022-05-09 13:43:44 +02:00
Rony c0be6677c2
chg: [threat-actor] added actor Red Menshen
https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf
2022-05-07 15:44:10 +05:30
Rony 11eca69ebc
chg: [threat-actor] added Curious Gorge 2022-05-07 12:40:35 +05:30
Daniel Plohmann 26c1850377
Update threat-actor.json
adding Red Dev 4 as alias for GALLIUM as used by PwC.
2022-05-06 09:47:48 +02:00
Daniel Plohmann 06c293072c
Update threat-actor.json
adding UNC3524 to the actor galaxy cluster.
2022-05-04 13:21:56 +02:00
3c7 0ad65fbe9f
Forgot to jq all the things 2022-04-28 09:42:25 +02:00
3c7 dfb6c0668e
Added SaintBear 2022-04-28 09:36:25 +02:00
Christophe Vandeplas 33476bec81 chg: [mitre] bump to MITRE ATT&CK v11.0 2022-04-25 18:29:57 +02:00
Alexandre Dulaunoy 664f6d80cc
chg: [threat-actor] Killnet description added 2022-04-21 15:05:50 +02:00
Alexandre Dulaunoy 1e383e2452
chg: [threat-actor] version updated 2022-04-21 14:53:14 +02:00
Mathieu Beligon c8455a6c4d [actors] Add killnet 2022-04-21 14:06:28 +02:00
Adam McHugh 53a0fc56d3 Added Cosmic Lynx Threat Actor from Agari Whitepaper advisory 2022-04-18 10:16:26 +09:30
Alexandre Dulaunoy bca7381f33
fix: [ransomware] refs are within meta 2022-04-17 15:43:23 +02:00
Alexandre Dulaunoy eb7c5ebaf1
fix: [ransom] remove empty ref 2022-04-17 15:39:02 +02:00
Alexandre Dulaunoy bc696b43f4
chg: [ransomware] jq all the things 2022-04-17 15:35:50 +02:00
Alexandre Dulaunoy 00d33fd292
Merge pull request #701 from adammchugh/ransomware-conti-update
Ammended Conti ransomware entry with ACSC 2021-010 advisory data
2022-04-17 15:35:25 +02:00
Alexandre Dulaunoy 66744a4cd0
Merge pull request #704 from adammchugh/cryptominers-bluemockingbird-add
Added Cryptominer Blue Mockingbird from RedCanary advisory.
2022-04-17 14:43:59 +02:00
Alexandre Dulaunoy 14907e3eef
Merge pull request #703 from adammchugh/threatactor-copypaste-add
Added Copy-Paste Threat Actor from ACSC Advisory 2020-008
2022-04-17 14:43:37 +02:00
Adam McHugh 84eac4b102 Added Cosmic Lynx Threat Actor from Agari Whitepaper advisory 2022-04-17 19:50:08 +09:30
Adam McHugh f00e80ae7e Added Cryptominer Blue Mockingbird from RedCanary advisory. 2022-04-17 19:44:42 +09:30
Adam McHugh cff8a38c5f Added Copy-Paste Threat Actor from ACSC Advisory 2020-008 2022-04-17 19:37:26 +09:30
Adam McHugh 622c0502aa Ammended Conti ransomware entry with ACSC 2021-010 advisory data 2022-04-17 19:23:11 +09:30
Adam McHugh 99caab201f Ammended Blackcat ransomware entry with ACSC 2022-004 advisory data 2022-04-17 18:05:24 +09:30
Thomas Dupuy bd05eb0bba upd: [cluster] add Threat Actor BladeHawk. 2022-04-11 17:03:19 +00:00
Thomas Dupuy 209391f110 upd: [cluster] add ref and synonyms for Energetic Bear. 2022-04-07 18:26:58 +00:00
Alexandre Dulaunoy b649057a5a
chg: [handicap] fixed more fields 2022-04-04 11:09:30 +02:00
Alexandre Dulaunoy aff4345074
chg: [handicap] more cleanup 2022-04-04 11:01:38 +02:00
Alexandre Dulaunoy 269f91ad75
chg: [handicap] more clean-up of uuid values 2022-04-04 10:56:29 +02:00
Alexandre Dulaunoy d3d4e7186b
chg: [handicap] fix name of the clusters 2022-04-04 10:43:56 +02:00
Alexandre Dulaunoy 7e6390c336
Merge pull request #694 from AgatheMgt/main
Handicap
2022-04-04 10:41:06 +02:00
Rony a08ddaf548
Add Avivore & HAZY TIGER/Bitter 2022-04-02 01:14:18 +05:30
Rony 50f39edc10
Revert "update threat actors meta" 2022-04-02 00:55:38 +05:30
Delta-Sierra 73f71c8b15 dup 2022-04-01 16:51:27 +02:00
Delta-Sierra fb557fd3a2 dup 2022-04-01 16:47:50 +02:00
Delta-Sierra 909fc09992 duplicate 2022-04-01 16:44:47 +02:00
Delta-Sierra 7c3e8ac068 fix duplicate 2022-04-01 16:40:40 +02:00
Delta-Sierra dcc396108c fix duplicate 2022-04-01 16:36:47 +02:00
Delta-Sierra 9257fb677b merge 2022-04-01 16:32:10 +02:00
Delta-Sierra 0f7803b091 update threat actors meta 2022-04-01 16:00:27 +02:00
Sami Mokaddem 4242732af1
chg: jq all 2 2022-03-31 09:05:22 +02:00
Sami Mokaddem a9a09d11c6
chg: jq all 2022-03-31 08:59:36 +02:00
Mathieu Beligon c35fad3291 Add threat actor group Scarab 2022-03-28 12:11:34 +02:00
Alexandre Dulaunoy 94c3788089
Merge pull request #687 from Badis-dev/main
Add galaxy and cluster cancer
2022-03-25 10:04:46 +01:00
AgatheMgt aec779d1ee poatate 2022-03-24 09:43:58 -04:00
AgatheMgt 3ce6d7a313
Update handicap.json 2022-03-24 07:48:49 -04:00
AgatheMgt a6a16926f6
Create handicap.json 2022-03-24 07:08:08 -04:00
Daniel Plohmann 24a3f16ab4
adding threat actor group LAPSUS$ / DEV-0537. 2022-03-23 09:47:10 +01:00
Delta-Sierra 97690426bf update threat actors meta 2022-03-18 16:41:10 +01:00
Alexandre Dulaunoy 6f0208dcaf
chg: [ransomware] UUID fixed 2022-03-18 16:03:27 +01:00
Alexandre Dulaunoy ef5af37dbe
chg: [botnet] duplicate UUIDs replaced 2022-03-18 15:58:09 +01:00
Alexandre Dulaunoy c0a07d2246
chg: [ransomware] replace duplicate UUIDs 2022-03-18 15:57:06 +01:00
botlabsDev 6416d0b2de add Rook Ransomware, Pandora Ranomsware, Astro Locker, Mount Locker, Ripprbot, Abcbot Cyclops Blink and Elknot 2022-03-18 15:34:11 +01:00
Alexandre Dulaunoy 18069ce5f3
Merge pull request #688 from botlabsDev/patch-0
Add tool 'BadPotato' to clusters/tool.json
2022-03-15 12:30:47 +01:00
Alexandre Dulaunoy 7fd5715715
Merge pull request #691 from r0ny123/indian-adversaries
Update to Indian Adversaries
2022-03-15 12:28:16 +01:00
Rony eebda5f955
chg: [threat-actor] merging viceroy tiger and donot team & adding SectorE02 as an alias of Donot team 2022-03-15 15:02:57 +05:30
Rony ac72e7b639
fix 2022-03-15 14:00:46 +05:30
Rony 3b67e745e5
Update threat-actor.json 2022-03-15 13:57:00 +05:30
botlabsDev 99ab2a13d6 Add tool 'BadPotato' to clusters/tool.json 2022-03-14 18:02:02 +01:00
Badis-dev 231915f9a4 add galaxy and cluster cancer 2022-03-11 14:20:09 +01:00
Badis-dev 27241135a2
Add cancer.json 2022-03-11 11:26:57 +01:00
Badis-dev 78f1c9f345
Delete cancer.json 2022-03-11 11:26:30 +01:00
Badis-dev 1c707f7c5e
Add cancer cluster 2022-03-11 11:13:57 +01:00
Delta-Sierra 957327383d fix array 2022-03-07 16:10:53 +01:00
Delta-Sierra a7f3df8a9a merge 2022-03-07 16:04:38 +01:00
Delta-Sierra 8fd3c87b47 update threat actors meta 2022-03-07 15:54:29 +01:00
Alexandre Dulaunoy 8e09c9b30c
Merge pull request #685 from danielplohmann/patch-14
adding threat actor "Moses Staff"
2022-03-02 21:43:00 +01:00
Daniel Plohmann 896a451461
fixed with linted JSON. 2022-03-02 21:22:28 +01:00
Daniel Plohmann a817324cd4
adding threat actor "Moses Staff" 2022-03-02 15:50:39 +01:00
Mathieu Beligon 0b456b8afa version bump -> 213 2022-03-02 14:55:26 +01:00
Mathieu Beligon d3d241ca54 Update Gamaredon target 2022-03-02 14:55:19 +01:00
Mathieu Beligon 27c05a118e Update GhostWriter 2022-03-02 13:16:20 +01:00
Delta-Sierra c909a35d65 Merge https://github.com/MISP/misp-galaxy into main 2022-02-18 10:57:10 +01:00
Delta-Sierra a788c867a7 jq 2022-02-18 10:56:07 +01:00
Delta-Sierra b0cd884afc add TA2541 2022-02-18 10:54:25 +01:00
Daniel Plohmann 321e4b4a57
another Gamaredon ref and version bump 2022-02-18 08:26:01 +01:00
Daniel Plohmann 254dd47a61
adding ACTINIUM as MSFT name for Gamaredon 2022-02-18 08:24:35 +01:00
Delta-Sierra 33ef3317b7 fix duplicate 2022-02-14 10:02:36 +01:00
Delta-Sierra 9b76d71c43 Merge https://github.com/MISP/misp-galaxy into main 2022-02-14 08:47:21 +01:00
Delta-Sierra 3184819968 add DDG botnet and more 2022-02-11 16:13:36 +01:00
rwe 4700780d47 added antlion APT group 2022-02-05 04:52:33 -08:00
Alexandre Dulaunoy f49b54281b
chg: [ransomware] set encryption only 2022-02-02 22:36:14 +01:00
Alexandre Dulaunoy 3328b73185
fix: [ransomware] array end missing 2022-02-02 22:32:39 +01:00
Kevin Holvoet 3d23f98d04
Forgot comma between JSON entries 2022-02-02 18:58:55 +01:00
Kevin Holvoet 389add7580
Update ransomware.json with URL fix
Fixed URL for AlphaLocker
2022-02-02 18:54:31 +01:00
Kevin Holvoet fa9829cec0
Update ransomware.json: add BlackCat (ALPHV) 2022-02-02 18:50:19 +01:00
Daniel Plohmann 833a6e0a8d
updated URLs for Gamaredon with Shuckworm alias reference 2022-02-02 09:40:10 +01:00
Daniel Plohmann 8f928d8eb3
adding Gamaredon alias Shuckworm used by Symantec 2022-02-02 09:35:53 +01:00
Delta-Sierra 5cf1eb01f4 Merge https://github.com/MISP/misp-galaxy into main 2022-01-31 10:04:07 +01:00
Alexandre Dulaunoy 1fda357a03
new: [surveillance] Cytrox added 2022-01-30 11:31:55 +01:00
Jürgen Löhel 22046a1eae
Adds WhisperGate
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-01-18 13:16:06 -06:00
Delta-Sierra e523bdaf70 merge 2022-01-14 16:08:14 +01:00
Jürgen Löhel 3059c70ae6
Adds UPAS-Kit
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-01-13 11:53:32 -06:00
Thomas Dupuy c792bdd1b7 Add AQUATIC PANDA threat actor. 2022-01-12 13:51:11 -05:00
Thomas Dupuy afaf3a3110 Add Motnug tool. 2022-01-12 13:37:59 -05:00
Jürgen Löhel 5aa8a8a8b1
Adds Ragnatela RAT
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-01-10 15:57:10 -06:00
Sami Tainio dcb87b0dc6 chg: [threat-actor] Add SideCopy 2022-01-07 17:45:41 +02:00
Daniel Plohmann 3094283252
adding Mandiant's FIN13. 2022-01-03 09:32:43 +01:00
Alexandre Dulaunoy eba1b2839f
chg: [concordia] CMTMF killchain typo fixed 2021-12-20 10:41:00 +01:00
Raphaël Vinot b4d518d4f0 fix: cmtmf-attack-pattern had multiple duplicate UUIDs 2021-12-17 17:58:29 +01:00
Alexandre Dulaunoy 12617ff627
chg: [concordia] fix name inconsistencies 2021-12-17 17:41:00 +01:00
Alexandre Dulaunoy 69b582f9ba
chg: [concordia] duplicate removed 2021-12-17 17:31:38 +01:00
Alexandre Dulaunoy bc3ab62917
chg: [concordia] duplicate removed 2021-12-17 17:26:04 +01:00
Alexandre Dulaunoy ee2a3c83f4
chg: [concordia] duplicate techniques removed 2021-12-17 17:21:00 +01:00
Alexandre Dulaunoy 01d23b61b7
chg: [concordia] typo fixed 2021-12-17 17:15:43 +01:00
Alexandre Dulaunoy 01f2ce68d4
chg: [misp-galaxy] duplicate modify trusted environment and also different technique ID? 2021-12-17 17:13:57 +01:00
Alexandre Dulaunoy 5becac98e4
chg: [concordia] duplicates removed 2021-12-17 16:51:11 +01:00
Alexandre Dulaunoy ae7b7bd47d
chg: [cmtmf-attack-pattern] various fixes to make JSON ok 2021-12-17 16:08:07 +01:00
Alexandre Dulaunoy 7b587710b1
Merge branch 'concordia_mtmf' of https://github.com/BennSaturn/misp-galaxy into BennSaturn-concordia_mtmf 2021-12-17 15:55:03 +01:00
Jürgen Löhel b81ac7f01d Adds DarkWatchman RAT
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-12-17 07:20:58 -06:00
Delta-Sierra b8960393a4 add Milan Rat, Shark tool and Lyceum synonyms 2021-11-29 16:00:40 +01:00
Delta-Sierra bb92427b65 add Lyceum synonyms/sources 2021-11-29 12:05:51 +01:00
Delta-Sierra 78a8cf4ad2 add ESPecter Bootkit 2021-11-19 16:30:57 +01:00
Delta-Sierra c89623e945 add ESPecter bootkit 2021-11-16 08:17:37 +01:00
Christophe Vandeplas aeb5719448 chg: [att&ck] update to ATT&CK v10 2021-10-22 14:34:25 +02:00
Alexandre Dulaunoy ab41df7282
chg: [malpedia] remove duplicate 2021-10-20 12:24:12 +02:00
Alexandre Dulaunoy e517787e7c
chg: [malpedia] duplicates removed 2021-10-20 12:21:05 +02:00
Alexandre Dulaunoy 69f878c86f
fix: [malpedia] remove duplicate urls 2021-10-20 12:16:22 +02:00
Alexandre Dulaunoy da91f2abc2
chg: [malpedia] updated 2021-10-20 10:21:03 +02:00
marjatech d74fdb3e43
update malpedia 2021-10-19 16:21:19 +02:00
Bernardo Santos e74fcfe268 Update cmtmf-attack-pattern.json
- update version
2021-10-13 10:06:00 +02:00
Bernardo Santos 5f19983ba3 Update cmtmf-attack-pattern.json
- Changes to cluster type
- Fix typo for privilege escalation tactic
2021-10-13 09:57:03 +02:00
Bernardo Santos 49dfcca563 CONCORDIA MTMF - Initial version
Initial version of the CONCORDIA Mobile Threat Modelling Framework for the CONCORDIA Project: https://www.concordia-h2020.eu/
2021-10-12 10:54:06 +02:00
Bernardo Santos d09681b011 CONCORDIA MTMF - Initial version
Initial version of the CONCORDIA Mobile Threat Modelling Framework for the CONCORDIA Project: https://www.concordia-h2020.eu/
2021-10-12 10:45:03 +02:00
Jeroen Pinoy 9ec76ae185
Add threat actor common raven 2021-10-03 23:30:20 +02:00
Thomas Patzke 26f0c344a1 Added O365 techniques
Source:
https://www.inversecos.com/2021/09/office365-attacks-bypassing-mfa.html
2021-09-18 23:27:38 +02:00
Thomas Dupuy 1985de4d44 Add BLUELIGHT tool. 2021-08-27 10:28:06 +02:00
Thomas Dupuy 89a3f986ba Add InkySquid synonym. 2021-08-24 16:29:34 +02:00
Daniel Plohmann 3272960a14
fixed typo in actor name (CLOCKWORD -> CLOCKWORK SPIDER) 2021-08-19 06:02:40 +02:00
Rony 5dd0c7d8b3
chg: [threat-actor] add origin country to UNC2452 & HAFNIUM
addressed https://github.com/MISP/misp-galaxy/pull/660#issuecomment-884475015
2021-08-02 22:30:05 +05:30
Rony 636ccdedcd
Update threat-actor.json 2021-07-21 18:47:56 +05:30
Rony 9ecfecc063
another fix 2021-07-21 18:41:18 +05:30
Rony 32ea60d721
fix 2021-07-21 18:31:05 +05:30
Rony 52e7d5a0a9
multiple updates to apt40, apt31 & hafnium 2021-07-21 18:28:40 +05:30
Rony fb9a41f8e9
from Gov Canada & MFA Japan 2021-07-19 20:33:35 +05:30
Rony c90c60cb13
adding references for APT40 & APT31 2021-07-19 20:14:36 +05:30
Alexandre Dulaunoy 6c8949caa9
Merge pull request #658 from jasperla/oilrig
merge APT34 with OilRig
2021-07-03 08:56:39 +02:00
Deborah Servili b6005bd53f
Merge branch 'main' into master 2021-07-02 13:30:51 +02:00
Delta-Sierra 913aff30c3 Add NOBELIUM and related 2021-07-02 13:18:03 +02:00
Jasper Lievisse Adriaanse 792490298e merge APT34 with OilRig
OilRig already has "APT 34" and "APT34" as synonyms. Additionally
MITRE has since combined them due to overlap in activity:
https://attack.mitre.org/groups/G0049/
2021-06-29 20:26:04 +02:00
Alexandre Dulaunoy a5d7d85dc8
Merge pull request #657 from jloehel/add_matanbuchus
[cluster][tool] Adds Matanbuchus
2021-06-22 07:23:20 +02:00
Jürgen Löhel 254c201601
[cluster][tool] Adds Matanbuchus
+ threat actor: BelialDemon

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-06-21 18:04:28 -05:00
Jürgen Löhel 381973f5de
[cluster][stealer] Adds HackBoss
Fixes: #651

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2021-06-21 16:35:20 -05:00
Thomas Dupuy 772c5145c1 Added BackdoorDiplomacy and Gelsemium. 2021-06-11 11:48:57 -04:00
Rony 9a723b6261
more ta544 references 2021-05-26 20:26:27 +05:30
Rony db06e1fa4a
chg: [threat-actor] added cybercrime threat group profiles from Crowdstrike & Secureworks 2021-05-22 21:02:30 +05:30
Daniel Plohmann 433ea5cb45
Twisted Spider -> TWISTED SPIDER
fair point
2021-05-19 17:04:58 +02:00
Daniel Plohmann 9719122d27
adding Twisted Spider as alias for TA2101 (Maze) 2021-05-19 16:47:41 +02:00