MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity
2,233 Commits
6 Branches
47 Tags
51 MiB
Commit Graph

2233 Commits (5c6f3a036bf1e3decb541bca0f6df5b66fa04b80)

Author SHA1 Message Date
Rony 5c6f3a036b
removing DePrimon 
DePrimon is not a TA, added malfamily (waiting for approval) to Malpedia to better reflect that.
 2021-02-24 21:55:04 +05:30
Alexandre Dulaunoy cf5c95b762
Merge pull request #626 from nyx0/main 
Add RDAT backdoor
 2021-02-23 21:40:23 +01:00
Thomas Dupuy eeafff9768 Add RDAT backdoor 2021-02-23 11:15:31 -05:00
Alexandre Dulaunoy d0ae9c20f9
Merge pull request #625 from Thijsvanede/patch-1 
Fix: rename "Innitial Access" to "Initial Access"
 2021-02-21 16:51:17 +01:00
Thijsvanede e9eb0c7a6c
Fix: rename "Innitial Access" to "Initial Access" 
Renamed mitre-ics-tactics "Innitial Access" to "Initial Access".
Original was a minor spelling mistake.
The fixed naming corresponds to the original ATT&CK framework description https://collaborate.mitre.org/attackics/index.php/Initial_Access
 2021-02-19 12:01:47 +01:00
Alexandre Dulaunoy 5d83ed1a70
Merge pull request #624 from nyx0/main 
Add Exaramel and P.A.S. webshell tool.
 2021-02-16 16:54:32 +01:00
Thomas Dupuy 178e16dc13 Remove empty values. 2021-02-16 10:32:37 -05:00
Thomas Dupuy 4a7560d191 Add Exaramel and P.A.S. webshell tool. 2021-02-15 12:52:53 -05:00
Alexandre Dulaunoy 9f1fcbd1c5
Merge pull request #623 from nyx0/main 
Add Caterpillar WebShell.
 2021-02-12 23:13:59 +01:00
Thomas Dupuy 93396c524d Add Caterpillar WebShell. 2021-02-12 12:00:17 -05:00
Alexandre Dulaunoy fa05eb04e3
Merge branch 'main' of github.com:MISP/misp-galaxy into main 2021-01-29 16:43:52 +01:00
Alexandre Dulaunoy 38a0d2d32d
chg: [rsit] rsit as galaxy name 2021-01-29 16:43:26 +01:00
Alexandre Dulaunoy 48fddce7d1
Merge pull request #622 from danielplohmann/patch-5 
adding ClearSky alias for Volatile Cedar
 2021-01-29 16:39:03 +01:00
Daniel Plohmann d61e7d2fac
adding ClearSky alias for Volatile Cedar 
adding ClearSky report as source and alias to the VolatileCedar entry. As proof from the report: "We attributed the operation to Lebanese Cedar (also known as Volatile Cedar), mainly based on the code overlaps between the 2015 variants of Explosive RAT and Caterpillar WebShell, to the 2020 variants of these malicious  files."
 2021-01-29 10:39:18 +01:00
Alexandre Dulaunoy 815e5c4fe4
Merge pull request #621 from cudeso/main 
RSIT Galaxy/Cluster
 2021-01-28 12:55:46 +01:00
Koen Van Impe 87b22f363c Move cfr-type-of-incident to meta 2021-01-28 12:25:39 +01:00
Koen Van Impe 23778666ba RSIT Galaxy/Cluster 2021-01-28 10:03:12 +01:00
Alexandre Dulaunoy 06c038e884
Merge pull request #620 from StefanKelm/main 
Update threat-actor.json
 2021-01-26 15:00:34 +01:00
StefanKelm fb35646406
Update threat-actor.json 
Lazarus
 2021-01-26 14:38:37 +01:00
Alexandre Dulaunoy 763d67d2a4
Merge pull request #619 from nyx0/main 
Update tool cluster
 2021-01-20 19:57:43 +01:00
Thomas Dupuy f964514ec5 Add HyperBro in tools 2021-01-20 13:44:28 -05:00
Thomas Dupuy 9df95031a7 Update ZxShell tool. 2021-01-20 13:27:51 -05:00
Alexandre Dulaunoy 402837d033
Merge pull request #618 from StefanKelm/main 
Update threat-actor.json
 2021-01-20 17:49:53 +01:00
StefanKelm a131a7ce98
Update threat-actor.json 
Lazarus
 2021-01-20 17:43:18 +01:00
Alexandre Dulaunoy 3c19c7c1e5
Merge pull request #617 from danielplohmann/patch-4 
merge COVELLITE into Lazarus Group
 2021-01-17 16:05:13 +01:00
Alexandre Dulaunoy dc7de80b98
Merge pull request #616 from r0ny123/patch-2 
removing Starcruft
 2021-01-17 16:04:24 +01:00
Daniel Plohmann ca66fcd93a
merge COVELLITE into Lazarus Group 
I would propose to move COVELLITE as tracked by Dragos as an alias into Lazarus Group and merge the references. 
Dragos' own description states that it refers to the same group as "Lazarus" and "Hidden Cobra" in that infrastructure and tools are the same: https://www.dragos.com/threat-activity-groups/ - the entry in MISP's threat actor library also reflects that.
 2021-01-17 15:07:26 +01:00
Rony 91e87cf82c
Update threat-actor.json 
Don't know how StarCraft
 2021-01-17 12:21:34 +05:30
Alexandre Dulaunoy 830f82f710
Merge pull request #615 from danielplohmann/patch-3 
merging ScarCruft->APT37
 2021-01-16 00:08:26 +01:00
Daniel Plohmann edcc3c0bc1
merging ScarCruft->APT37 
I would like to propose merging entry "ScarCruft" into "APT37". It really just seems like a redundancy, as both its aliases "Operation Daybreak" and "Operation Erebus" are already present for "APT37", along alias "StarCruft", which just seems to be a less popular variation of the name ("StarCruft" 3.2k google hits vs "ScarCruft" 31.5k google hits). The references of the entry can be fully merged as well - they do not overlap so far.
 2021-01-15 18:52:49 +01:00
Alexandre Dulaunoy 2b356a9eb0
chg: [threat-actor] UNC2452/DarkHalo added - ref. #614 2021-01-12 07:01:36 +01:00
Alexandre Dulaunoy 184d57f0a2
chg: [ransomware] Babuk Ransomware added 2021-01-05 19:11:28 +01:00
Alexandre Dulaunoy 4454b58743
chg: [ransomware] RegretLocker added 2020-12-30 14:14:09 +01:00
Alexandre Dulaunoy d408b81606
Merge pull request #612 from r0ny123/patch-1 
BISMUTH
 2020-12-14 13:29:23 +01:00
Rony 3240aa819f
Update threat-actor.json 2020-12-14 11:54:41 +05:30
Rony 2ffb77b35b
BISMUTH 2020-12-14 10:41:15 +05:30
Alexandre Dulaunoy ac86ebd5f6
Merge pull request #609 from StefanKelm/master 
Update threat-actor.json
 2020-12-09 22:16:49 +01:00
Alexandre Dulaunoy 691532a2b4
Merge pull request #610 from Delta-Sierra/master 
Add new clusters
 2020-12-09 22:16:07 +01:00
Delta-Sierra ebd31b7376 add BazarBackdoor 2020-12-09 16:42:32 +01:00
Delta-Sierra d3a9cf742a add RansomEXX 2020-12-09 16:32:02 +01:00
Delta-Sierra 3daaa30aed Merge https://github.com/MISP/misp-galaxy 2020-12-07 16:20:36 +01:00
StefanKelm 5dc92995f6
Update threat-actor.json 
DeathStalker, Mabna
 2020-12-04 11:43:06 +01:00
Alexandre Dulaunoy e563ebc6ed
Merge pull request #608 from StefanKelm/master 
Update threat-actor.json
 2020-12-04 10:38:11 +01:00
StefanKelm 4fee985b5e
Update threat-actor.json 
Turla
 2020-12-03 13:05:14 +01:00
Alexandre Dulaunoy 15b27f9497
Merge pull request #607 from StefanKelm/master 
Update threat-actor.json
 2020-12-02 12:23:49 +01:00
StefanKelm 72e085aba9
Update threat-actor.json 
OceanLotus
 2020-12-02 11:44:29 +01:00
Alexandre Dulaunoy 790053b5b0
Merge branch 'main' of github.com:MISP/misp-galaxy into main 2020-11-30 15:50:42 +01:00
Alexandre Dulaunoy b00ea12677
chg: [doc] Travis is dead, GH Action is alive. 2020-11-30 15:50:17 +01:00
Raphaël Vinot 9be4a53f77 fix: reorganize GH actions 2020-11-30 14:33:19 +01:00
Raphaël Vinot 47830ca058 chg: Fix gh actions 2020-11-30 14:22:14 +01:00