MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity
2,625 Commits
3 Branches
43 Tags
294 MiB
Commit Graph

1736 Commits (61348532197cf07de83e43a7aa0da6f337ee034b)

Author SHA1 Message Date
Delta-Sierra e523bdaf70 merge 2022-01-14 16:08:14 +01:00
Jürgen Löhel 3059c70ae6
Adds UPAS-Kit 
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2022-01-13 11:53:32 -06:00
Thomas Dupuy c792bdd1b7 Add AQUATIC PANDA threat actor. 2022-01-12 13:51:11 -05:00
Thomas Dupuy afaf3a3110 Add Motnug tool. 2022-01-12 13:37:59 -05:00
Jürgen Löhel 5aa8a8a8b1
Adds Ragnatela RAT 
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2022-01-10 15:57:10 -06:00
Sami Tainio dcb87b0dc6 chg: [threat-actor] Add SideCopy 2022-01-07 17:45:41 +02:00
Daniel Plohmann 3094283252
adding Mandiant's FIN13. 2022-01-03 09:32:43 +01:00
Alexandre Dulaunoy eba1b2839f
chg: [concordia] CMTMF killchain typo fixed 2021-12-20 10:41:00 +01:00
Raphaël Vinot b4d518d4f0 fix: cmtmf-attack-pattern had multiple duplicate UUIDs 2021-12-17 17:58:29 +01:00
Alexandre Dulaunoy 12617ff627
chg: [concordia] fix name inconsistencies 2021-12-17 17:41:00 +01:00
Alexandre Dulaunoy 69b582f9ba
chg: [concordia] duplicate removed 2021-12-17 17:31:38 +01:00
Alexandre Dulaunoy bc3ab62917
chg: [concordia] duplicate removed 2021-12-17 17:26:04 +01:00
Alexandre Dulaunoy ee2a3c83f4
chg: [concordia] duplicate techniques removed 2021-12-17 17:21:00 +01:00
Alexandre Dulaunoy 01d23b61b7
chg: [concordia] typo fixed 2021-12-17 17:15:43 +01:00
Alexandre Dulaunoy 01f2ce68d4
chg: [misp-galaxy] duplicate modify trusted environment and also different technique ID? 2021-12-17 17:13:57 +01:00
Alexandre Dulaunoy 5becac98e4
chg: [concordia] duplicates removed 2021-12-17 16:51:11 +01:00
Alexandre Dulaunoy ae7b7bd47d
chg: [cmtmf-attack-pattern] various fixes to make JSON ok 2021-12-17 16:08:07 +01:00
Alexandre Dulaunoy 7b587710b1
Merge branch 'concordia_mtmf' of https://github.com/BennSaturn/misp-galaxy into BennSaturn-concordia_mtmf 2021-12-17 15:55:03 +01:00
Jürgen Löhel b81ac7f01d Adds DarkWatchman RAT 
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2021-12-17 07:20:58 -06:00
Delta-Sierra b8960393a4 add Milan Rat, Shark tool and Lyceum synonyms 2021-11-29 16:00:40 +01:00
Delta-Sierra bb92427b65 add Lyceum synonyms/sources 2021-11-29 12:05:51 +01:00
Delta-Sierra 78a8cf4ad2 add ESPecter Bootkit 2021-11-19 16:30:57 +01:00
Delta-Sierra c89623e945 add ESPecter bootkit 2021-11-16 08:17:37 +01:00
Christophe Vandeplas aeb5719448 chg: [att&ck] update to ATT&CK v10 2021-10-22 14:34:25 +02:00
Alexandre Dulaunoy ab41df7282
chg: [malpedia] remove duplicate 2021-10-20 12:24:12 +02:00
Alexandre Dulaunoy e517787e7c
chg: [malpedia] duplicates removed 2021-10-20 12:21:05 +02:00
Alexandre Dulaunoy 69f878c86f
fix: [malpedia] remove duplicate urls 2021-10-20 12:16:22 +02:00
Alexandre Dulaunoy da91f2abc2
chg: [malpedia] updated 2021-10-20 10:21:03 +02:00
marjatech d74fdb3e43
update malpedia 2021-10-19 16:21:19 +02:00
Bernardo Santos e74fcfe268 Update cmtmf-attack-pattern.json 
- update version
 2021-10-13 10:06:00 +02:00
Bernardo Santos 5f19983ba3 Update cmtmf-attack-pattern.json 
- Changes to cluster type
- Fix typo for privilege escalation tactic
 2021-10-13 09:57:03 +02:00
Bernardo Santos 49dfcca563 CONCORDIA MTMF - Initial version 
Initial version of the CONCORDIA Mobile Threat Modelling Framework for the CONCORDIA Project: https://www.concordia-h2020.eu/
 2021-10-12 10:54:06 +02:00
Bernardo Santos d09681b011 CONCORDIA MTMF - Initial version 
Initial version of the CONCORDIA Mobile Threat Modelling Framework for the CONCORDIA Project: https://www.concordia-h2020.eu/
 2021-10-12 10:45:03 +02:00
Jeroen Pinoy 9ec76ae185
Add threat actor common raven 2021-10-03 23:30:20 +02:00
Thomas Patzke 26f0c344a1 Added O365 techniques 
Source:
https://www.inversecos.com/2021/09/office365-attacks-bypassing-mfa.html
 2021-09-18 23:27:38 +02:00
Thomas Dupuy 1985de4d44 Add BLUELIGHT tool. 2021-08-27 10:28:06 +02:00
Thomas Dupuy 89a3f986ba Add InkySquid synonym. 2021-08-24 16:29:34 +02:00
Daniel Plohmann 3272960a14
fixed typo in actor name (CLOCKWORD -> CLOCKWORK SPIDER) 2021-08-19 06:02:40 +02:00
Rony 5dd0c7d8b3
chg: [threat-actor] add origin country to UNC2452 & HAFNIUM 
addressed https://github.com/MISP/misp-galaxy/pull/660#issuecomment-884475015
 2021-08-02 22:30:05 +05:30
Rony 636ccdedcd
Update threat-actor.json 2021-07-21 18:47:56 +05:30
Rony 9ecfecc063
another fix 2021-07-21 18:41:18 +05:30
Rony 32ea60d721
fix 2021-07-21 18:31:05 +05:30
Rony 52e7d5a0a9
multiple updates to apt40, apt31 & hafnium 2021-07-21 18:28:40 +05:30
Rony fb9a41f8e9
from Gov Canada & MFA Japan 2021-07-19 20:33:35 +05:30
Rony c90c60cb13
adding references for APT40 & APT31 2021-07-19 20:14:36 +05:30
Alexandre Dulaunoy 6c8949caa9
Merge pull request #658 from jasperla/oilrig 
merge APT34 with OilRig
 2021-07-03 08:56:39 +02:00
Deborah Servili b6005bd53f
Merge branch 'main' into master 2021-07-02 13:30:51 +02:00
Delta-Sierra 913aff30c3 Add NOBELIUM and related 2021-07-02 13:18:03 +02:00
Jasper Lievisse Adriaanse 792490298e merge APT34 with OilRig 
OilRig already has "APT 34" and "APT34" as synonyms. Additionally
MITRE has since combined them due to overlap in activity:
https://attack.mitre.org/groups/G0049/
 2021-06-29 20:26:04 +02:00
Alexandre Dulaunoy a5d7d85dc8
Merge pull request #657 from jloehel/add_matanbuchus 
[cluster][tool] Adds Matanbuchus
 2021-06-22 07:23:20 +02:00
Jürgen Löhel 254c201601
[cluster][tool] Adds Matanbuchus 
+ threat actor: BelialDemon

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2021-06-21 18:04:28 -05:00
Jürgen Löhel 381973f5de
[cluster][stealer] Adds HackBoss 
Fixes: #651

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2021-06-21 16:35:20 -05:00
Thomas Dupuy 772c5145c1 Added BackdoorDiplomacy and Gelsemium. 2021-06-11 11:48:57 -04:00
Rony 9a723b6261
more ta544 references 2021-05-26 20:26:27 +05:30
Rony db06e1fa4a
chg: [threat-actor] added cybercrime threat group profiles from Crowdstrike & Secureworks 2021-05-22 21:02:30 +05:30
Daniel Plohmann 433ea5cb45
Twisted Spider -> TWISTED SPIDER 
fair point
 2021-05-19 17:04:58 +02:00
Daniel Plohmann 9719122d27
adding Twisted Spider as alias for TA2101 (Maze) 2021-05-19 16:47:41 +02:00
Alexandre Dulaunoy a3cdbc1309
Merge pull request #650 from Still34/patches/alias-tick-1 
Add alias for Tick
 2021-05-07 23:23:38 +02:00
Still Hsu eb671f1e6a
Add Nian alias 
Signed-off-by: Still Hsu <dev@stillu.cc>
 2021-05-08 00:52:27 +08:00
Still Hsu fe7c0dab07
Add country origin for BlackTech 
Signed-off-by: Still Hsu <dev@stillu.cc>
 2021-05-08 00:32:39 +08:00
Daniel Plohmann 38b8bac51d
fixing broken/dead links 2021-05-04 20:15:17 +02:00
Alexandre Dulaunoy 6f7d3d5c2b
chg: [ransomware] COLT (Compromise to Leak Time) added on Darkside and Pysa 
"COLT – Compromise to Leak Time" - new meta colt-median/colt-average.

For reference: https://vulnerability.ch/2021/05/colt-compromise-to-leak-time/
 2021-05-03 07:41:43 +02:00
Alexandre Dulaunoy 7aaf25a424
new: [ransomware] Ragnarok added 2021-04-30 12:08:03 +02:00
Alexandre Dulaunoy 94ec98d544
Merge pull request #646 from r0ny123/update 
Updates to APT27 & Tick
 2021-04-29 18:29:53 +02:00
Christophe Vandeplas 86ee7008b2 chg: [att&ck] bump to latest ATT&CK version from MITRE 2021-04-29 18:12:36 +02:00
mokaddem 211a4b5145 fix: [ransomware] Related key should be outside metas 2021-04-26 13:48:06 +02:00
Rony 4ba2db0f3a FlatChestWare duplicate removed 2021-04-26 16:24:09 +05:30
Alexandre Dulaunoy ef9989dbe8
chg: [ransomware] duplicate removed 2021-04-26 12:06:03 +02:00
Alexandre Dulaunoy 847d3e8fa7
chg: [ransomware] duplicate removed 2021-04-26 12:01:01 +02:00
Alexandre Dulaunoy f3992ec5f1
chg: [ransomware] duplicates removed 2021-04-26 11:57:21 +02:00
Alexandre Dulaunoy f2703bd03e
chg: [ransomware] Flyper removed 2021-04-26 11:52:28 +02:00
Delta-Sierra 3cae487e3d fix duplicates and add relations 2021-04-26 11:25:39 +02:00
Rony faed812fc9 Merged STALKER PANDA to Tick 2021-04-25 19:12:20 +05:30
Rony 89b9c0c32c several updates to apt27 2021-04-25 16:53:36 +05:30
Delta-Sierra 0a05621f82 Merge https://github.com/MISP/misp-galaxy 2021-04-19 15:48:58 +02:00
Delta-Sierra b138354fa5 Removing duplicate 2021-04-19 15:42:49 +02:00
Alexandre Dulaunoy 28f6475cc5
chg: [ransomware] first duplicate removed 2021-04-19 15:13:18 +02:00
Alexandre Dulaunoy e7061f90d9
chg: [ransomware] remove duplicate "File-Locker" 2021-04-19 15:08:06 +02:00
Alexandre Dulaunoy ab13dd00f8
Merge pull request #645 from Delta-Sierra/master 
Adding ransomware names [WIP 2/3]
 2021-04-19 15:03:12 +02:00
Delta-Sierra f5713a8d87 Removing unexpected line 2021-04-19 14:53:36 +02:00
Delta-Sierra b7b4b356c3 Adding ransomware names [WIP 3] 2021-04-19 14:47:10 +02:00
Delta-Sierra fdf1a6c112 Adding ransomware names [WIP 2] 2021-04-19 13:24:25 +02:00
Daniel Plohmann 6eb594a6b0
adding Yanbian Gang as threat actor 2021-04-16 15:12:45 +02:00
Delta-Sierra f3456a89c5 fix version 2021-04-15 15:08:11 +02:00
Delta-Sierra 4bcd0492bd Adding ransomwares WIP 2021-04-15 15:07:52 +02:00
Daniel Plohmann 2d8e9ea364
Symantec uses Palmerworm as alias for BlackTech 
Adding Palmerworm as Symantec alias for BlackTech (with reference).
 2021-03-31 22:35:12 +02:00
Thomas Dupuy a8c62ddeda Add Ghostwriter. 2021-03-31 09:42:40 -04:00
Rony 50f5d2ae4a
reverted changes made into 52ae97718d 2021-03-30 22:19:05 +05:30
sebdraven ce8a9442eb validation jsons 2021-03-30 13:12:21 +00:00
Sebdraven 52ae97718d Update threat-actor.json 
add a synonym to Haffnium
 2021-03-30 15:11:09 +02:00
sebdraven b082977b9f validation ok 2021-03-30 10:22:35 +00:00
Sebdraven 4ed4cebcee Update threat-actor.json 
format json
 2021-03-30 12:16:22 +02:00
Sebdraven a62e3ba530 Update threat-actor.json 
add redecho threat actor
 2021-03-30 12:10:50 +02:00
Jakub Onderka ca9608da6d fix: Cryptominers type 2021-03-27 22:07:33 +01:00
Alexandre Dulaunoy 26b9740e55
chg: [malpedia] jq all the file and removed ref duplicates 2021-03-13 11:00:39 +01:00
Jakob M f02ce7e805 update to latest 
Ref: https://malpedia.caad.fkie.fraunhofer.de/api/get/misp
 2021-03-12 10:35:12 +01:00
Delta-Sierra eff327b4fd fix progress 2021-03-11 14:42:55 +01:00
Delta-Sierra 7c843ac5c2 fix merge & jq 2021-03-11 14:08:29 +01:00
Delta-Sierra c37befc8a9 merge 2021-03-11 10:35:05 +01:00
Alexandre Dulaunoy 855a12a408
chg: [clusters] fixing broken UUID fix #628 2021-03-11 09:54:50 +01:00
Alexandre Dulaunoy f6ed00233e
chg: [ransomware] fix the broken UUID fix #628 2021-03-11 09:52:25 +01:00
Rony 57c7d0b9a0
From Nextron 2021-03-06 19:44:32 +05:30
Rony 6cabbfb091
more! 2021-03-06 14:22:29 +05:30
Rony 7b242555df
More references 
From 
Crowdstrike
MSRC
and kql hunting query from James Quinn
 2021-03-06 13:28:14 +05:30
Rony eaab88ef28
add HAFNIUM detection refs 2021-03-05 16:51:28 +05:30
Rony 4bc438a325
fix 2021-03-05 11:48:43 +05:30
Rony d9b299aafc
add more HAFNIUM references 2021-03-05 11:42:04 +05:30
Rony c9f7afef1c
Adding alias NOBELIUM 2021-03-04 22:39:33 +05:30
Alexandre Dulaunoy 47dade9d0e
Merge pull request #631 from r0ny123/Enhancement 
Add HAFNIUM
 2021-03-04 14:48:01 +01:00
Alexandre Dulaunoy a9a6b0253f
chg: [microsoft activity group] HAFNIUM added 2021-03-04 10:49:58 +01:00
Rony ad795606cf
added HAFNIUM 
Updates:
Tonto Team
UNC2452
 2021-03-04 00:10:33 +05:30
Sebdraven 2666341afc Update threat-actor.json 
update Sidewinder card
 2021-03-03 17:59:25 +01:00
Thomas Dupuy f842694fda Update Infy TA. 2021-03-02 14:37:01 -05:00
Alexandre Dulaunoy 524676282e
Merge branch 'main' of github.com:MISP/misp-galaxy into main 2021-02-26 08:30:58 +01:00
Alexandre Dulaunoy 4692ced8fa
chg: [tool] SUNSPOT added 2021-02-26 08:28:01 +01:00
Delta-Sierra 0e23d8b95f add relationships between Maze, Rgnar, Egregor and Sekhmet 2021-02-25 10:21:28 +01:00
Delta-Sierra 406dfdb45b add Sekhmet ransomware 2021-02-25 09:52:52 +01:00
Delta-Sierra d273a5da7d add TeamTNT ref 2021-02-25 09:52:24 +01:00
Rony 5c6f3a036b
removing DePrimon 
DePrimon is not a TA, added malfamily (waiting for approval) to Malpedia to better reflect that.
 2021-02-24 21:55:04 +05:30
Thomas Dupuy eeafff9768 Add RDAT backdoor 2021-02-23 11:15:31 -05:00
Delta-Sierra eb07fab69f add Ragnar Locker and update accordingly 2021-02-23 16:21:07 +01:00
Delta-Sierra 06ae10965b add Covidloc and tycoon ransomware + small updates on some ransomwares 2021-02-22 16:39:47 +01:00
Delta-Sierra 7c1ac58141 add TeamTNT 2021-02-22 16:38:18 +01:00
Thijsvanede e9eb0c7a6c
Fix: rename "Innitial Access" to "Initial Access" 
Renamed mitre-ics-tactics "Innitial Access" to "Initial Access".
Original was a minor spelling mistake.
The fixed naming corresponds to the original ATT&CK framework description https://collaborate.mitre.org/attackics/index.php/Initial_Access
 2021-02-19 12:01:47 +01:00
Thomas Dupuy 178e16dc13 Remove empty values. 2021-02-16 10:32:37 -05:00
Thomas Dupuy 4a7560d191 Add Exaramel and P.A.S. webshell tool. 2021-02-15 12:52:53 -05:00
Thomas Dupuy 93396c524d Add Caterpillar WebShell. 2021-02-12 12:00:17 -05:00
Delta-Sierra 96bf0d44ea Merge https://github.com/MISP/misp-galaxy 2021-02-09 14:52:58 +01:00
Daniel Plohmann d61e7d2fac
adding ClearSky alias for Volatile Cedar 
adding ClearSky report as source and alias to the VolatileCedar entry. As proof from the report: "We attributed the operation to Lebanese Cedar (also known as Volatile Cedar), mainly based on the code overlaps between the 2015 variants of Explosive RAT and Caterpillar WebShell, to the 2020 variants of these malicious  files."
 2021-01-29 10:39:18 +01:00
Koen Van Impe 87b22f363c Move cfr-type-of-incident to meta 2021-01-28 12:25:39 +01:00
Koen Van Impe 23778666ba RSIT Galaxy/Cluster 2021-01-28 10:03:12 +01:00
StefanKelm fb35646406
Update threat-actor.json 
Lazarus
 2021-01-26 14:38:37 +01:00
Thomas Dupuy f964514ec5 Add HyperBro in tools 2021-01-20 13:44:28 -05:00
Thomas Dupuy 9df95031a7 Update ZxShell tool. 2021-01-20 13:27:51 -05:00
StefanKelm a131a7ce98
Update threat-actor.json 
Lazarus
 2021-01-20 17:43:18 +01:00
Alexandre Dulaunoy 3c19c7c1e5
Merge pull request #617 from danielplohmann/patch-4 
merge COVELLITE into Lazarus Group
 2021-01-17 16:05:13 +01:00
Daniel Plohmann ca66fcd93a
merge COVELLITE into Lazarus Group 
I would propose to move COVELLITE as tracked by Dragos as an alias into Lazarus Group and merge the references. 
Dragos' own description states that it refers to the same group as "Lazarus" and "Hidden Cobra" in that infrastructure and tools are the same: https://www.dragos.com/threat-activity-groups/ - the entry in MISP's threat actor library also reflects that.
 2021-01-17 15:07:26 +01:00
Rony 91e87cf82c
Update threat-actor.json 
Don't know how StarCraft
 2021-01-17 12:21:34 +05:30
Daniel Plohmann edcc3c0bc1
merging ScarCruft->APT37 
I would like to propose merging entry "ScarCruft" into "APT37". It really just seems like a redundancy, as both its aliases "Operation Daybreak" and "Operation Erebus" are already present for "APT37", along alias "StarCruft", which just seems to be a less popular variation of the name ("StarCruft" 3.2k google hits vs "ScarCruft" 31.5k google hits). The references of the entry can be fully merged as well - they do not overlap so far.
 2021-01-15 18:52:49 +01:00
Delta-Sierra a6f7795952 fix merge 2021-01-12 10:38:33 +01:00
Alexandre Dulaunoy 2b356a9eb0
chg: [threat-actor] UNC2452/DarkHalo added - ref. #614 2021-01-12 07:01:36 +01:00
Alexandre Dulaunoy 184d57f0a2
chg: [ransomware] Babuk Ransomware added 2021-01-05 19:11:28 +01:00
Alexandre Dulaunoy 4454b58743
chg: [ransomware] RegretLocker added 2020-12-30 14:14:09 +01:00
Rony 3240aa819f
Update threat-actor.json 2020-12-14 11:54:41 +05:30
Rony 2ffb77b35b
BISMUTH 2020-12-14 10:41:15 +05:30
Delta-Sierra 31f96513b2 update sidewinder threat actor 2020-12-11 16:09:33 +01:00
Alexandre Dulaunoy ac86ebd5f6
Merge pull request #609 from StefanKelm/master 
Update threat-actor.json
 2020-12-09 22:16:49 +01:00
Delta-Sierra ebd31b7376 add BazarBackdoor 2020-12-09 16:42:32 +01:00
Delta-Sierra d3a9cf742a add RansomEXX 2020-12-09 16:32:02 +01:00
Delta-Sierra 3daaa30aed Merge https://github.com/MISP/misp-galaxy 2020-12-07 16:20:36 +01:00
StefanKelm 5dc92995f6
Update threat-actor.json 
DeathStalker, Mabna
 2020-12-04 11:43:06 +01:00
StefanKelm 4fee985b5e
Update threat-actor.json 
Turla
 2020-12-03 13:05:14 +01:00
StefanKelm 72e085aba9
Update threat-actor.json 
OceanLotus
 2020-12-02 11:44:29 +01:00
StefanKelm 15b5f4c881
Update threat-actor.json 
APT27
 2020-11-30 11:49:23 +01:00
Delta-Sierra e81d3c63d5 Merge https://github.com/MISP/misp-galaxy 2020-11-27 12:47:20 +01:00
Christophe Vandeplas 9a731470d3 chg: [att&ck] update to latest MITRE ATT&CK version 2020-11-25 07:45:48 +01:00
StefanKelm da910c0c2e
Update threat-actor.json 2020-11-18 19:15:11 +01:00
Delta-Sierra 7af75bb222 add Darkside ransomware 2020-11-18 16:10:49 +01:00
StefanKelm 48ffaa8ce1
Update threat-actor.json 
Lazarus
 2020-11-18 12:10:23 +01:00
snurilov 44e9da1390
Add ConfuserEx and Beds Protector .NET packers to tools.json cluster 
Add ConfuserEx and Beds Protector .NET packers to tools.json cluster
 2020-11-11 23:09:03 -05:00
snurilov 3f4683d8a3
Update rat.json to include Iperius Remote 
Add Iperius Remote to the rat.json cluster.
 2020-11-09 23:45:16 -05:00
StefanKelm bf5bdeacb0
Update threat-actor.json 
OceanLotus
 2020-11-09 14:39:55 +01:00
StefanKelm 41a7a36317
Update threat-actor.json 
Kimsuky
 2020-11-02 17:30:25 +01:00
Rony 333e55fbeb
remove duplicate! 2020-11-02 14:18:49 +05:30
Rony 000cfa68a8
Update threat-actor.json 
Added TRACER KITTEN, FIN11, UNC1878, Operation Skeleton Key
 2020-11-02 13:51:08 +05:30
Deborah Servili 28784683db
Merge branch 'main' into master 2020-10-30 16:17:27 +01:00
Delta-Sierra 88bbf8851c jq 2020-10-30 16:14:02 +01:00
Delta-Sierra be672b8d3a update microsoft activity groups 2020-10-30 14:53:20 +01:00
Alexandre Dulaunoy 5d31753e6a
chg: [cryptominer] updated 2020-10-30 09:48:08 +01:00
Alexandre Dulaunoy 24f05749f0
Merge branch 'master' of https://github.com/enhanced/misp-galaxy into enhanced-master 2020-10-30 09:47:45 +01:00
JJ Cummings c48a38c2f1
Added a new cryptominer galaxy and additional missing recent families to various clusters 2020-10-29 14:40:22 -06:00
StefanKelm 808c2c3828
Update threat-actor.json 
Kimsuky
 2020-10-28 12:52:06 +01:00
Alexandre Dulaunoy b41e3d4f50
chg: [rename] tea matrix 2020-10-23 15:57:13 +02:00
Alexandre Dulaunoy e5ea22a3b0
chg: [tea] matrix updated to include brewing time and the milk attack technique 2020-10-23 11:51:50 +02:00
Alexandre Dulaunoy 0ccbdb862b
chg: [tea] first version 2020-10-23 11:16:50 +02:00
Christophe Vandeplas 2334676e64 chg: [att&ck] no tag for subtechnique 2020-10-18 20:14:05 +02:00
Christophe Vandeplas d58dd1fca2 new: [att&ck] support for subtechniques 2020-10-18 20:00:48 +02:00
Daniel Plohmann 02bcf1f5a7
adding PowerPool alias IAmTheKing (Kaspersky) 
after a quick search I haven't found a nice source except for costin's tweet.
 2020-10-09 13:49:16 +02:00
StefanKelm 7bab41e367
Update threat-actor.json 
TA505
 2020-10-06 15:29:54 +02:00
StefanKelm 1d05f17507
Update threat-actor.json 
XDSpy
 2020-10-06 12:45:43 +02:00
Christophe Vandeplas 32b142c8e0 fixes issues in attack-ics 2020-10-02 16:54:21 +02:00
Christophe Vandeplas f95e88b1f9 MITRE ATT&CK for ICS fixes #586 
fixed issues in pull request #586
 2020-10-01 20:42:40 +02:00
StefanKelm 18eebc01f6
Lazarus 2020-09-29 12:02:16 +02:00
Bart 2b51f7b6de
Update threat-actor.json 
Add Machete alias
 2020-09-27 18:37:24 +02:00
StefanKelm e95fbb571d
Update threat-actor.json 
GADOLINIUM
 2020-09-25 11:52:34 +02:00
StefanKelm 3ad3d5f318
Update threat-actor.json 
APT28
 2020-09-22 18:07:33 +02:00
Deborah Servili d48216031a
add Sepulcher RAT 2020-09-22 16:23:39 +02:00
Deborah Servili 4f3b6945c0 Merge https://github.com/MISP/misp-galaxy 2020-09-22 12:17:42 +02:00
Rony d1c70b3d80
FBI FLASH AC-000133-TT 2020-09-17 11:05:00 +05:30
Rony 4d4a462d7a
Update threat-actor.json 
Adding Fox-Kitten and cleaned (or improved) winnti
 2020-09-17 00:07:40 +05:30
Deborah Servili 0fe525a9db Merge https://github.com/MISP/misp-galaxy 2020-09-16 10:22:38 +02:00
Deborah Servili 00b5d0d116 add refs 2020-09-16 10:08:31 +02:00
Daniel Plohmann (jupiter) 7b00674c77 Adding TA413 and Evilnum 2020-09-15 14:19:22 +02:00
StefanKelm 63030f2cfe
Update threat-actor.json 
APT33
 2020-09-14 12:01:53 +02:00
StefanKelm 3cc3cc461a
Update threat-actor.json 
STRONTIUM
 2020-09-11 11:38:06 +02:00
Raphaël Vinot 405d5f1fe9 fix: Sort keys, fix tests 2020-09-08 10:51:24 +02:00
Alexandre Dulaunoy 9e519962c6
chg: [botnet] Katura mess added 2020-09-07 12:41:39 +02:00
StefanKelm 57a31fd60c
Update threat-actor.json 
Lazarus, FIN7
 2020-09-03 14:44:10 +02:00
StefanKelm 503d421a56
Update threat-actor.json 
TA542
 2020-08-31 15:07:13 +02:00
VVX7 4635146b00 chg: [dev] jq 2020-08-22 13:06:42 -04:00