MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity
4,012 Commits
6 Branches
47 Tags
73 MiB
Commit Graph

2736 Commits (8134dfdf921c72ca3d743b2f89c60a055d56c62d)

Author SHA1 Message Date
Alexandre Dulaunoy 84fc2b2749
chg: [threat-actor] version updated 2024-01-08 16:58:54 +01:00
Mathieu4141 1669da1661 [threat-actors] Add Cyber Toufan 2024-01-08 05:23:29 -08:00
Mathieu4141 09b90261ee [threat-actors] Add Threatsec 2024-01-08 05:23:29 -08:00
Mathieu4141 97ed1bda8b [threat-actors] Add Gray Sandstorm 2024-01-08 05:23:29 -08:00
Mathieu4141 273379e5fa [threat-actors] Add UAC-0099 2024-01-08 05:23:29 -08:00
Mathieu4141 fc8db1a4d2 [threat-actors] Add HomeLand Justice 2024-01-08 05:23:29 -08:00
Mathieu4141 2c7adf27a0 [threat-actors] Add Storm-1113 2024-01-08 05:23:29 -08:00
Mathieu4141 ce4be94d8b [threat-actors] Add KelvinSecurity 2024-01-08 05:23:28 -08:00
Mathieu4141 05f260c9d8 [threat-actors] Add Team-Xecuter 2024-01-08 05:23:28 -08:00
Mathieu4141 a6564bf61c [threat-actors] Add PhantomControl 2024-01-08 05:23:28 -08:00
Mathieu4141 f0229fbdd2 [threat-actors] Add GREF 2024-01-08 05:23:28 -08:00
Alexandre Dulaunoy c8e8a14b04
chg: [sigma] updated to the latest version 2024-01-04 15:21:48 +01:00
Alexandre Dulaunoy 7950022194
fix: [mitre-atlas] tactics links fixed 2024-01-02 10:37:45 +01:00
Alexandre Dulaunoy 901f6f0965
fix: [mitre-atlas] reference to Markdown link updated 2024-01-02 10:27:33 +01:00
Alexandre Dulaunoy 919bfbce8b
chg: [sigma] updated to the latest version 2023-12-31 17:18:10 +01:00
Christophe Vandeplas bbe7b95f84
fix: [disarm] drop duplicate values 2023-12-21 09:00:58 +01:00
Christophe Vandeplas e750b1a786
Merge remote-tracking branch 'MISP/main' into feature/disarm 2023-12-20 16:37:34 +01:00
Christophe Vandeplas ad9f4ee48d
chg: [disarm] relations 2023-12-20 16:15:51 +01:00
Mathieu4141 2cd9cf28a2 [threat-actors] Add GambleForce 2023-12-20 03:40:25 -08:00
Mathieu4141 b6ea7157b4 [threat-actors] Add Tortoiseshell aliases 2023-12-20 03:40:25 -08:00
Mathieu4141 38b67da12f [threat-actors] Add Taidoor aliases 2023-12-20 03:40:25 -08:00
Mathieu4141 8e53536147 [threat-actors] Add UNC4736 2023-12-20 03:40:25 -08:00
Mathieu4141 365bbbe24a [threat-actors] Add Solntsepek 2023-12-20 03:40:25 -08:00
Mathieu4141 a4c56efca8 [threat-actors] Add Storm-1283 2023-12-20 03:40:25 -08:00
Mathieu4141 8ed4377844 [threat-actors] Add BiBiGun 2023-12-20 03:40:24 -08:00
Christophe Vandeplas f89d886566
fix: [disarm] fix UUID 2023-12-20 12:16:40 +01:00
Christophe Vandeplas cd694fff6e
new: [disarm] add Actor Types 2023-12-20 11:26:33 +01:00
Christophe Vandeplas e62301f5ce
new: [disarm] add Detections 2023-12-20 11:26:19 +01:00
Christophe Vandeplas de62b43520
new: [disarm] add Countermeasures 2023-12-20 11:26:07 +01:00
Christophe Vandeplas 217e3eb171
fix: [disarm] fix UUIDs 
to be generated based on a disarm specific UUID
 2023-12-20 07:50:10 +01:00
Christophe Vandeplas 1c16ab3786
fix: [disarm] remove galaxy/cluster due to duplicates 
see https://github.com/DISARMFoundation/DISARMframeworks/issues/24 and the feature/disarm branch here
 2023-12-19 16:25:29 +01:00
Christophe Vandeplas c6b218793f
fix: [mitre-atlas] better sorting of data 2023-12-19 16:00:09 +01:00
Christophe Vandeplas bd3934697d
fix: [disarm] value without ID 2023-12-19 15:56:48 +01:00
Christophe Vandeplas ae3202be02
fix: [mitre-atlas] value without ID 2023-12-19 15:36:44 +01:00
Alexandre Dulaunoy 8c1b7507b3
Merge pull request #908 from MISP/feature/atlas 
new: [mitre] New MITRE ATLAS Galaxy
 2023-12-18 14:50:48 +01:00
Alexandre Dulaunoy c306125679
fix: [threat-actor] fix JSON 2023-12-18 14:43:21 +01:00
Christophe Vandeplas adb9c2a052
new: [mitre] New MITRE ATLAS Galaxy 2023-12-18 12:49:14 +01:00
jstnk9 0dd2f95a50 new threat actor - Sandman APT 
new threat actor - Sandman APT
 2023-12-15 12:28:38 +01:00
Mathieu Beligon 92f9ed1148 [threat-actors] Add Callisto aliases 2023-12-14 15:00:22 +01:00
Mathieu Beligon 81c2e4d7fe [threat-actors] Add Hagga aliases 2023-12-14 15:00:22 +01:00
Mathieu Beligon 540c71d33b [threat-actors] Add Sandworm aliases 2023-12-14 15:00:22 +01:00
Alexandre Dulaunoy e5b4209f3a
chg: [cluster] Sigma rules updated 2023-12-14 11:38:53 +01:00
Alexandre Dulaunoy 30f162675c
chg: [sigma] updated to the latest version 2023-12-08 13:59:08 +01:00
Alexandre Dulaunoy 9c230f3705
Merge pull request #905 from Mathieu4141/threat-actors/dd7fd198-7ead-48ee-b763-50f2f9faa1c5 
[threat-actors] Add 10 actors
 2023-12-07 06:40:05 +01:00
Mathieu Beligon 6f3b85399b [threat-actors] jq 2023-12-06 17:59:16 -08:00
Mathieu Beligon fdac01cd89 [threat-actors] Add UNC2630 2023-12-06 17:42:33 -08:00
Mathieu Beligon 47f0b31a32 [threat-actors] Add UAC-0050 2023-12-06 17:42:33 -08:00
Mathieu Beligon 228bbcc21d [threat-actors] Add UAC-0118 2023-12-06 17:42:33 -08:00
Mathieu Beligon cf7cdcbc2b [threat-actors] Add DEV-0569 2023-12-06 17:42:33 -08:00
Mathieu Beligon d155f1e05d [threat-actors] Add UNC215 2023-12-06 17:42:33 -08:00
Mathieu Beligon 79210345d0 [threat-actors] Add RomCom aliases 2023-12-06 17:42:33 -08:00
Mathieu Beligon ebd216e315 [threat-actors] Add UNC2447 2023-12-06 17:42:33 -08:00
Mathieu Beligon 668fb80aec [threat-actors] Add WIP19 2023-12-06 17:42:33 -08:00
Mathieu Beligon 3719022d91 [threat-actors] Add AeroBlade 2023-12-06 17:42:33 -08:00
Mathieu Beligon 69a94b6c1e [threat-actors] Add UNC2659 2023-12-06 17:42:33 -08:00
Mathieu Beligon b72868b6cd [threat-actors] Add UNC2717 2023-12-06 17:42:33 -08:00
Mathieu Beligon 7bb3c6ab5c [threat-actors] Update Scattered Spider 2023-12-06 14:00:32 -08:00
Mathieu Beligon 287a8d49cb [threat-actors] hormonize reference field 2023-12-05 14:32:26 -08:00
Christophe Vandeplas b0ebc02b19
new: [disarm] Initial DISARM galaxy #783 2023-12-02 17:59:57 +01:00
Mathieu4141 0391d3f3a5 [threat-actors] Add Daixin Team 2023-12-01 16:21:53 -08:00
Mathieu4141 44c270e9dc [threat-actors] Add ScamClub 2023-12-01 16:21:53 -08:00
Mathieu4141 6c2cb8979f [threat-actors] Add TunnelSnake 2023-12-01 16:21:53 -08:00
Alexandre Dulaunoy dbbb075b1c
fix: [botnet] duplicate UUID removed 2023-11-30 06:38:19 +01:00
Alexandre Dulaunoy d3f163e6ac
fix: [botnet] replace duplicate UUID 2023-11-30 06:32:39 +01:00
Mathieu Beligon 31562e4701 [threat-actors] Add WildPressure 2023-11-29 11:28:37 -08:00
Mathieu Beligon 9c02509a28 [threat-actors] Add WildCard 2023-11-29 11:28:37 -08:00
Mathieu Beligon 830ded98d3 [threat-actors] Add Red-Lili 2023-11-29 11:28:37 -08:00
Mathieu Beligon d4c2788b87 [threat-actors] Add LightBasin 2023-11-29 11:28:37 -08:00
Mathieu Beligon 313dd82bb9 [threat-actors] Add DragonForce 2023-11-29 11:28:37 -08:00
Mathieu Beligon 9c0f18e9b9 [threat-actors] Add MalKamak 2023-11-29 11:28:37 -08:00
Mathieu Beligon f066061f4b [threat-actors] Add Blacktail 2023-11-29 11:28:37 -08:00
Alexandre Dulaunoy c2a712d0d4
fix: [botnet] updated version 2023-11-28 08:59:33 +01:00
Alexandre Dulaunoy ded4162649
Merge pull request #900 from semelnyk/main 
Updated botnet.json with new entries
 2023-11-28 08:52:34 +01:00
semelnyk 5313f22343 Ran once again jq_all_the_things.sh to format JSON files 2023-11-27 23:18:38 +01:00
semelnyk ca67778eb0 Ran jq_all_the_things.sh to format JSON files 2023-11-27 23:13:26 +01:00
semelnyk 5403d70b69 Updated botnet.json with new entries 2023-11-27 22:49:36 +01:00
Delta-Sierra 0b44ea33f0 fix version 2023-11-21 15:20:21 +01:00
Delta-Sierra 019292a1c1 Merge https://github.com/MISP/misp-galaxy 2023-11-21 12:33:20 +01:00
Delta-Sierra 53ea633504 Kimsuky target 2023-11-21 11:45:05 +01:00
Delta-Sierra 70456bd8ac Kimsuky relations 2023-11-21 11:40:50 +01:00
Alexandre Dulaunoy d6feab1586
Merge branch 'main' of github.com:MISP/misp-galaxy into main 2023-11-21 10:03:37 +01:00
Alexandre Dulaunoy e88c316e2d
chg: [sigma] updated to the latest version 2023-11-21 09:04:04 +01:00
Mathieu4141 29baf77740 [threat-actors] Add SilverFish 2023-11-20 09:29:07 -08:00
Mathieu4141 ee2a8bec32 [threat-actors] Add TA402 2023-11-20 09:29:07 -08:00
Mathieu4141 00ca4c865f [threat-actors] Add CostaRicto 2023-11-20 09:29:07 -08:00
Mathieu4141 4c9063b772 [threat-actors] Add Storm Cloud 2023-11-20 09:29:06 -08:00
Mathieu4141 c4142b2ee7 [threat-actors] Add OldGremlin 2023-11-20 09:29:06 -08:00
Mathieu4141 a08311c5f1 [threat-actors] Add TiltedTemple 2023-11-20 09:29:06 -08:00
Mathieu4141 93d9db10a3 [threat-actors] Add Moshen Dragon 2023-11-20 09:29:05 -08:00
Mathieu4141 d477275a53 [threat-actors] Add N4ughtysecTU 2023-11-20 09:29:05 -08:00
Mathieu4141 2ac369ac61 [threat-actors] Add Webworm 2023-11-20 09:29:05 -08:00
Mathieu4141 32a78f3d26 [threat-actors] Add PerSwaysion 2023-11-20 09:29:05 -08:00
Mathieu4141 fc2cb9e253 [threat-actors] Add DefrayX 2023-11-17 02:59:57 -08:00
Mathieu4141 a81ac9687f [threat-actors] Add NewsPenguin 2023-11-17 02:59:56 -08:00
Mathieu4141 5b993d2517 [threat-actors] Add UAC-0006 2023-11-17 02:59:56 -08:00
Mathieu4141 d3c15e1652 [threat-actors] Add TA444 2023-11-17 02:59:56 -08:00
Mathieu4141 3c9f09edfc [threat-actors] Add WeedSec 2023-11-17 02:59:56 -08:00
Mathieu4141 e333b15063 [threat-actors] Add TEMP_Heretic 2023-11-17 02:59:55 -08:00
Mathieu4141 68f70a1831 [threat-actors] Add DEV-0928 2023-11-17 02:59:55 -08:00
Mathieu4141 ed0d3c6f57 [threat-actors] Add CL-STA-0043 2023-11-17 02:59:55 -08:00
Mathieu4141 d3836318a2 [threat-actors] Add UNC4841 2023-11-17 02:59:55 -08:00
Mathieu4141 c832066fa5 [threat-actors] Add AppMilad 2023-11-16 07:10:19 -08:00
Mathieu4141 6e7e5e60ce [threat-actors] Add Earth Kitsune 2023-11-16 07:10:19 -08:00
Mathieu4141 5d6bcf5e55 [threat-actors] Add FusionCore 2023-11-16 07:10:18 -08:00
Mathieu4141 d365624734 [threat-actors] Add DragonSpark 2023-11-16 07:10:18 -08:00
Mathieu4141 dc9d98ffe9 [threat-actors] Add UNC4191 2023-11-16 07:10:18 -08:00
Mathieu4141 941ef757bb [threat-actors] Add DriftingCloud 2023-11-16 07:10:18 -08:00
Mathieu4141 ce555828e1 [threat-actors] Add MurenShark 2023-11-16 07:10:18 -08:00
Mathieu4141 f759525c25 [threat-actors] Add Chernovite 2023-11-16 07:10:18 -08:00
Mathieu4141 03d16eba61 [threat-actors] Add VulzSecTeam 2023-11-16 07:10:18 -08:00
Mathieu4141 622d67eb38 [threat-actors] Add MirrorFace 2023-11-16 07:10:17 -08:00
Alexandre Dulaunoy 179afe9715
chg: [surveillance] version updated and duplicates removed 2023-11-16 15:38:35 +01:00
Alexandre Dulaunoy 6ab8f62cb8
Merge branch 'threat-actors/fe99d09c-e4e7-4842-bd26-3ed3f4350bed' of https://github.com/Mathieu4141/misp-galaxy into Mathieu4141-threat-actors/fe99d09c-e4e7-4842-bd26-3ed3f4350bed 2023-11-16 15:35:31 +01:00
Alexandre Dulaunoy b0a5801ae7
fix: [mitre-tool] fix following request the lead developer of flowintel-cm 2023-11-16 15:32:08 +01:00
Mathieu4141 3209c45b42 [threat-actors] Add KAX17 2023-11-15 08:19:01 -08:00
Mathieu4141 247dd86523 [threat-actors] Add Bohrium 2023-11-15 08:19:01 -08:00
semelnyk 293947d863 Updated surveillance-vendor.json with new entries 2023-11-14 15:23:09 +01:00
Daniel Plohmann 99b23e31a3
adding Prolific Puma 2023-11-13 14:43:08 +01:00
Mathieu4141 28e02d308f [threat-actors] Add DarkCasino 2023-11-13 04:36:57 -08:00
Mathieu4141 b3584d5f9c [threat-actors] Add Zarya 2023-11-13 04:36:57 -08:00
Mathieu4141 a3802487a4 [threat-actors] Add XakNet 2023-11-13 04:36:57 -08:00
Mathieu4141 cf895b3b20 [threat-actors] Add TA482 2023-11-13 04:36:57 -08:00
Mathieu4141 775451488d [threat-actors] Add TAG-56 2023-11-13 04:36:57 -08:00
Mathieu4141 91e5c37a40 [threat-actors] Add Water Labbu 2023-11-13 04:36:56 -08:00
Mathieu4141 dc054efb62 [threat-actors] Add Caracal Kitten 2023-11-13 04:36:56 -08:00
Mathieu4141 59930c1b0b [threat-actors] Add WIRTE 2023-11-13 04:36:56 -08:00
Mathieu4141 9ff1b1d2e3 [threat-actors] Add WeRedEvils 2023-11-13 04:36:56 -08:00
Mathieu4141 7b7ffa4532 [threat-actors] Add DEV-0950 2023-11-13 04:36:56 -08:00
Mathieu4141 f5b7ad5478 [threat-actors] Add DiceyF 2023-11-08 06:14:54 -08:00
Mathieu4141 23b95c50d5 [threat-actors] Add SCARLETEEL 2023-11-08 06:14:54 -08:00
Mathieu4141 b59b270500 [threat-actors] Add SingularityMD 2023-11-08 06:14:54 -08:00
Mathieu4141 f52382a29a [threat-actors] Add Dalbit 2023-11-07 10:37:08 -08:00
Mathieu4141 56f990d100 [threat-actors] Add BlueBottle 2023-11-07 10:37:08 -08:00
Mathieu4141 59bd2763bc [threat-actors] Add Xcatze 2023-11-07 10:37:08 -08:00
Mathieu4141 44617774b6 [threat-actors] Add TwoSail Junk 2023-11-07 10:37:08 -08:00
Mathieu4141 c0dda66200 [threat-actors] Add DEV-1028 2023-11-07 10:37:08 -08:00
Mathieu4141 5069f86555 [threat-actors] Add Kiss-a-Dog 2023-11-07 10:37:08 -08:00
Mathieu4141 c36ddd75db [threat-actors] Add Confucious 2023-11-07 10:37:08 -08:00
Mathieu4141 34e03e6b56 [threat-actors] Add Desorden Group 2023-11-07 10:37:08 -08:00
Mathieu4141 e1eec18aa3 [threat-actors] Add UNC2565 2023-11-07 10:37:07 -08:00
Mathieu4141 6da7b218fc [threat-actors] Add TheDarkOverlord 2023-11-07 10:37:07 -08:00
Alexandre Dulaunoy 32062206be
fix: [threat-actor] replace `aliases` -> `synonyms` + version updated 2023-11-07 16:08:19 +01:00
Mathieu Beligon a1f64c63de [threat-actors] Add TraderTraitor 2023-11-07 14:47:12 +01:00
Mathieu Beligon c0fd66e3cd [threat-actors] Add UAC-0094 2023-11-07 14:47:12 +01:00
Mathieu Beligon 7163ed2068 [threat-actors] Add UserSec 2023-11-07 14:47:12 +01:00
Mathieu Beligon c3b6878cf3 [threat-actors] Add IronHusky 2023-11-07 14:47:12 +01:00
Mathieu Beligon 1246088d76 [threat-actors] Add ShinyHunters 2023-11-07 14:47:12 +01:00
Mathieu Beligon 798cebc970 [threat-actors] Add ShroudedSnooper 2023-11-07 14:47:12 +01:00
Mathieu Beligon 2111f50968 [threat-actors] Add 1937CN 2023-11-07 14:47:12 +01:00
Mathieu Beligon 40fb100ff9 [threat-actors] Add Altahrea Team 2023-11-07 14:47:12 +01:00
Mathieu Beligon 4093632674 [threat-actors] Add Cyber Av3ngers 2023-11-07 14:47:12 +01:00
Mathieu Beligon 58fb9162b0 [threat-actors] Add KromSec 2023-11-07 14:47:12 +01:00
Mathieu Beligon d1f382602c [threat-actors] Add DustSquad 2023-11-07 14:47:11 +01:00
Mathieu Beligon bc8904110b [threat-actors] Add Guacamaya 2023-11-07 14:47:11 +01:00
Mathieu Beligon 10d27206a7 [threat-actors] Add SharpPanda 2023-11-07 14:47:11 +01:00
Mathieu Beligon ff9a8ddfe3 [threat-actors] Add BadRory 2023-11-07 14:47:11 +01:00
Alexandre Dulaunoy e24fecbd40
fix: [threat-actor] `synonyms` not `aliases` 2023-11-07 11:22:32 +01:00
Alexandre Dulaunoy b13eee558f
chg: [threat-actor] TA499 added 2023-11-07 11:12:35 +01:00
Alexandre Dulaunoy f2cc04fca8
chg: [threat-actor] version updated 2023-11-07 09:27:07 +01:00
Mathieu4141 5828ba1a9d [threat-actors] Add Storm-1133 2023-11-06 05:26:26 -08:00
Mathieu4141 4a3968e873 [threat-actors] Add REF2924 2023-11-06 05:26:26 -08:00
Mathieu4141 18811f8056 [threat-actors] Add REF5961 2023-11-06 05:26:26 -08:00
Mathieu4141 ee354d9d75 [threat-actors] Add HiddenArt 2023-11-06 05:26:26 -08:00
Mathieu4141 bfb03504a9 [threat-actors] Add OilAlpha 2023-11-06 05:26:26 -08:00
Mathieu4141 152ab38b10 [threat-actors] Add GhostSec 2023-11-06 05:26:26 -08:00
Mathieu4141 5a4a697e8c [threat-actors] Add IndigoZebra 2023-11-06 05:26:25 -08:00
Mathieu4141 971b17b79f [threat-actors] Add NB65 2023-11-06 05:26:25 -08:00
Mathieu4141 84fec96df9 [threat-actors] Add Witchetty 2023-11-06 05:26:25 -08:00
Mathieu4141 eb43d9faf2 [threat-actors] Add RedStinger 2023-11-06 05:26:25 -08:00
Mathieu Beligon 025345e1b6 [threat-actors] remove duplicate 2023-11-03 20:09:05 +01:00
Mathieu Beligon a65bb60d90 [threat-actors] Add UNC3890 2023-11-03 19:02:12 +01:00
Mathieu Beligon 84fda6ef72 [threat-actors] Add Carderbee 2023-11-03 19:02:12 +01:00
Mathieu Beligon 1343cdb35a [threat-actors] Add RansomVC 2023-11-03 19:02:12 +01:00
Mathieu Beligon ea227222ea [threat-actors] Add SiegedSec 2023-11-03 19:02:12 +01:00
Mathieu Beligon 44d7b3e88f [threat-actors] Add Metador 2023-11-03 19:02:12 +01:00
Mathieu Beligon 0133c023d2 [threat-actors] Add YoroTrooper 2023-11-03 19:02:12 +01:00
Mathieu Beligon 58e8dfef71 [threat-actors] Add Kasablanka 2023-11-03 19:02:12 +01:00
Mathieu Beligon 0f1777df92 [threat-actors] Add SparklingGoblin 2023-11-03 19:02:12 +01:00
Mathieu Beligon 419c62cea1 [threat-actors] Add Storm-0062 2023-11-03 19:02:12 +01:00
Mathieu Beligon 13c770f0a7 [threat-actors] Add LofyGang 2023-11-03 19:02:12 +01:00
Alexandre Dulaunoy 0b5b9ca5a3
chg: [threat-actor] version updated 2023-11-03 14:00:21 +01:00
Mathieu Beligon 9d6315346e [threat-actors] jq 2023-11-03 11:32:24 +01:00
Mathieu Beligon 9c502d0d1f [threat-actors] Add Lancefly 2023-11-03 11:13:11 +01:00
Mathieu Beligon 73c73606ff [threat-actors] Add GoldenJackal 2023-11-03 11:13:11 +01:00
Mathieu Beligon 64f0a87ed7 [threat-actors] Add Earth Estries 2023-11-03 11:13:11 +01:00
Mathieu Beligon 4a521eec3b [threat-actors] Add TetrisPhantom 2023-11-03 11:13:11 +01:00
Mathieu Beligon 78472ee3f5 [threat-actors] Add Redfly 2023-11-03 11:13:11 +01:00
Mathieu Beligon c9e85b4d16 [threat-actors] Add Earth Longzhi 2023-11-03 11:13:11 +01:00
Mathieu Beligon a91734af6c [threat-actors] Add UNC3886 2023-11-03 11:13:11 +01:00
Mathieu Beligon 7bb54037e8 [threat-actors] Add Winter Vivern 2023-11-03 11:13:11 +01:00
Mathieu Beligon 4bb6cce77d [threat-actors] Add Xiaoqiying 2023-11-03 11:13:11 +01:00
Mathieu Beligon f82b502df6 [threat-actors] Add Keksec 2023-11-03 11:13:11 +01:00
Mathieu4141 5b1af60db3 [threat-actors] Add Keksec 2023-11-02 06:29:30 -07:00
Mathieu Beligon be89fcd370 [threat-actors] jq 2023-11-02 13:25:13 +01:00
Mathieu Béligon 63b422c7d0
Merge branch 'main' into threat-actor/scarred-manticore-6a6965e2-0843-47b1-990d-d43016dd4dd1 2023-11-02 13:19:14 +01:00
Mathieu4141 9ced077269 [threat-actors] Add Scarred Manticore 2023-11-02 05:17:14 -07:00
Alexandre Dulaunoy 852f205c75
chg: [mitre-attack] updated to ATT&CK v14.0 Enterprise 2023-10-31 18:04:23 +01:00
Alexandre Dulaunoy 648261d423
fix: [malpedia] restore original MISP UUID for the cluster 2023-10-31 09:13:30 +01:00
Alexandre Dulaunoy c800ad0d1b
Merge branch 'main' of https://github.com/HiS3/misp-galaxy into HiS3-main 2023-10-31 09:11:24 +01:00
Alexandre Dulaunoy e7ca55277c
new: [threat-actor] Storm-0558 added + Fix #880 2023-10-31 09:05:19 +01:00
Delta-Sierra 2436c6f326 jq 2023-10-30 15:46:07 +01:00
Delta-Sierra b2a5700414 add authors 2023-10-30 15:43:34 +01:00
Delta-Sierra 25d62c8094 add categ 2023-10-30 15:31:24 +01:00
Delta-Sierra 04739a7e95 trim 2023-10-30 14:54:22 +01:00
Delta-Sierra 711032d2e3 Merge https://github.com/MISP/misp-galaxy 2023-10-30 14:23:14 +01:00
Delta-Sierra 0f9646f844 Add NAICS galaxy 2023-10-30 14:21:30 +01:00
Mathieu Beligon dcde706078 [threat-actors] Add Camaro Dragon 2023-10-26 13:20:54 +02:00
Alexandre Dulaunoy 416cd6706a
fix: [threat-actor] JQ all the things + version updated 2023-10-20 12:00:48 +02:00
jstnk9 ec9dc0f2e3 threat actors update 2023-10-20 11:51:13 +02:00
jstnk9 aa5a6eb062 threat actor updated 2023-10-19 12:39:37 +02:00
Sebastian Himmler 4b7f5c1e84 update malpedia galaxy 2023-10-19 11:13:53 +02:00
Christophe Vandeplas a4ae58afcb
chg: [threat-actor] increased version number 2023-10-17 11:29:52 +02:00
Christophe Vandeplas e9f884e3f3
Merge pull request #876 from Mathieu4141/threat-actors/cobalt-mirage 
[threat-actors] More aliases of Iranian apts
 2023-10-17 11:29:01 +02:00
Alexandre Dulaunoy 75d950f1cb
chg: [sigma] updated 2023-10-17 11:23:26 +02:00
Mathieu Beligon e086bee02e [threat-actors] More aliases of iranian apts 2023-10-17 11:21:48 +02:00
Mathieu Beligon 537ef08735 [threat-actors] Add Void Rabisu 2023-10-16 18:14:47 +02:00
Alexandre Dulaunoy 6328b996b2
chg: [firearms] remove duplicate firearms having similar SKU 2023-10-13 17:20:34 +02:00
Alexandre Dulaunoy a0744ab805
fix: [ammunition] too many ammunitions 2023-10-13 17:16:06 +02:00
Alexandre Dulaunoy 7e687c8c21
chg: [ammunitions] duplicate values replaced with the complete description 2023-10-13 17:02:03 +02:00
Alexandre Dulaunoy 1f3ff23d5b
Merge branch 'FirearmsAndAmmo' of https://github.com/o1mate/misp-galaxy into o1mate-FirearmsAndAmmo 2023-10-13 16:46:53 +02:00
Alexandre Dulaunoy 059b20e705
chg: [threat-actor] clean-up 2023-10-13 16:31:48 +02:00
jstnk9 faef21e15d Added information related to Wizard Spider 2023-10-13 12:02:20 +02:00
jstnk9 613e9feb12 added suspected victims to Gelsemium 2023-10-13 10:53:36 +02:00
Alexandre Dulaunoy f9d6386c35
Merge pull request #872 from Delta-Sierra/main 
add AtlasCross
 2023-10-11 14:51:06 +02:00
Alexandre Dulaunoy eed0dc7747
chg: [sigma] updated to the latest version 2023-10-10 22:30:50 +02:00
Delta-Sierra 1bb336fdbe add AtlasCross 2023-10-10 09:17:25 +02:00
Delta-Sierra fd6bccae8b Merge https://github.com/MISP/misp-galaxy 2023-10-09 09:18:51 +02:00
Delta-Sierra 73d7c038b2 adding targeted sectors 2023-10-09 09:18:43 +02:00
Daniel Plohmann 1b33cad11d
adding aliases to ProphetSpider 2023-10-04 16:39:01 +01:00
Alexandre Dulaunoy 8760ea0c52
Merge branch 'main' of github.com:MISP/misp-galaxy into main 2023-10-04 10:49:56 +02:00
Alexandre Dulaunoy 89a193d315
fix: [threat-actor] version updated + jq all the things 2023-10-04 10:48:44 +02:00
Paul Stark ce7d54c96a chg [misp-galaxy] update Nigeria from name to 2-digit code 2023-10-03 11:56:45 -04:00
jstnk9 89ab7728b0 updated TA505 countries and industries affected 
updated TA505 countries and industries affected
 2023-10-03 12:44:44 +02:00
Mathieu Beligon e6266e8e59 fixes 2023-10-02 19:25:10 +02:00
Mathieu Beligon 081b2e619b fixes 2023-10-02 19:18:00 +02:00
Mathieu Beligon b2599deaae fixes 2023-10-02 19:17:47 +02:00
Mathieu Beligon 0fba8d3f27 [threat-actors] bump version 2023-10-02 15:19:20 +02:00
Mathieu Beligon b8f8fce4b6 [threa-actors] Add Scattered Spider 2023-10-02 15:17:40 +02:00
Mathieu Beligon e393780af8 [threa-actors] Add Scattered Canary 2023-10-02 15:11:10 +02:00
Alexandre Dulaunoy 67543e2437
chg: [galaxy] duplicate UUIDs removed 2023-09-26 11:17:44 +02:00
Alexandre Dulaunoy b79b75dba4
chg: [malpedia] duplicate refs removed 2023-09-26 10:58:46 +02:00
Alexandre Dulaunoy 5d01afb537
chg: [malpedia] jq all the things 2023-09-26 10:48:49 +02:00
fl0x2208 a9a051ffaa
malpedia 2023 September update 
malpedia 2023 September update
 2023-09-26 12:27:10 +10:00
Alexandre Dulaunoy 5437fac633
chg: [sigma] updated 2023-09-24 12:05:54 +02:00
Alexandre Dulaunoy 5d78834520
Merge pull request #866 from Mathieu4141/actors/add-storm-0324 
[threat-actors] Add Storm-0324
 2023-09-16 11:02:33 +02:00
Mathieu Beligon e2fd005821 [threat-actors] Add Storm-0324 2023-09-15 16:29:45 +02:00
Delta-Sierra ac4d003c3e fix caps 2023-09-15 16:00:38 +02:00
Delta-Sierra 5efe483858 adding targeted sectors 2023-09-15 15:49:43 +02:00
Delta-Sierra 2aa0fb22ba finish fixing Botswana infos into Brazil cluster 2023-09-15 10:32:26 +02:00
Delta-Sierra 3e834ed49c Merge https://github.com/MISP/misp-galaxy 2023-09-15 10:27:29 +02:00
Delta-Sierra db23d6eb4c adding targeted sectors 2023-09-15 10:21:44 +02:00
Delta-Sierra 214ac5d329 fix caps 2023-09-15 10:07:19 +02:00
Fabio Nitto 8c195aee06
Update target-information.json 
Fixing information about Brazil.
 2023-09-12 11:51:50 -03:00
Delta-Sierra df0e103727 Add targeted sectors 2023-09-08 11:08:08 +02:00
Delta-Sierra dc498bd199 more targeted-sectors meta 2023-08-28 15:06:57 +02:00
Delta-Sierra 23b9105aee add Non-profit organisation sector 2023-08-25 15:20:17 +02:00
Delta-Sierra 639686be75 Merge https://github.com/MISP/misp-galaxy 2023-08-24 09:13:58 +02:00
Delta-Sierra 090b501c4c add targeted sectors meta 2023-08-24 09:03:57 +02:00
Daniel Plohmann d978998a5d
RecordedFuture: RedHotel == EarthLusca 2023-08-23 14:02:15 +02:00
Alexandre Dulaunoy 34b86e4abc
Merge pull request #859 from jloehel/darkgate 
chg [tool] Add DarkGate
 2023-08-23 13:52:53 +02:00
Alexandre Dulaunoy 12b935a31b
chg: [sigma] updated 2023-08-23 13:51:45 +02:00
Jürgen Löhel 37954a84f1
chg [tool] Add DarkGate 
Source: https://malpedia.caad.fkie.fraunhofer.de/details/win.darkgate

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2023-08-23 11:53:25 +02:00
Daniel Plohmann (Saturn) e207218534 version bump 2023-08-15 12:34:06 +02:00
Daniel Plohmann (Saturn) 4127ce9694 replaced various broken links with reachable equivalents 2023-08-15 12:32:51 +02:00
Daniel Plohmann b083ae12bc
jq fix 2023-08-10 15:57:58 +02:00
Daniel Plohmann c1d3164ef6
adding MoustachedBouncer 2023-08-10 15:49:11 +02:00
Daniel Plohmann e228ffc432
alias Callisto -> BlueCharlie 
not sure, if you also want to have the Microsoft names in here (I think they are tracked separately?), otherwise, that would be Star Blizzard according to the article.
 2023-08-03 09:53:10 +02:00
Alexandre Dulaunoy dc29d5875e
chg: [sigma] updated 2023-08-02 23:58:22 +02:00
Alexandre Dulaunoy f5729ac23a
chg: [sigma] updated to the latest version 2023-07-31 10:22:23 +02:00
Rony bce41d8cdb
Merge branch 'MISP:main' into Sea-Turtle 2023-07-28 16:38:03 +05:30
Rony 9b9ce4777a chg: [threat-actor] added references, origin country, aliases to `Sea Turtle` 2023-07-28 11:04:11 +00:00
Alexandre Dulaunoy 1568583acf
chg: [sigma] updated to the latest version 2023-07-28 11:30:15 +02:00
Thomas Dupuy 2dcd1d3544 upd: Add Worok TA and update APT-Q-12 to APT-C-60 as it was the first 
name mention in an article.
 2023-07-18 19:53:54 +00:00
Alexandre Dulaunoy caceb504fe
chg: [sigma] updated to the latest rules 2023-07-15 11:29:17 +02:00
Delta-Sierra c51d177abd add SmugX & RedDelta 2023-07-10 15:46:01 +02:00
Alexandre Dulaunoy 7028860c0a
chg: [sigma] updated 2023-06-19 15:00:23 +02:00
Delta-Sierra baf5bfe5cc add Parties/Observers to the Budapest Convention 2023-06-19 14:14:47 +02:00
Delta-Sierra 20d3b3780a merge 2023-06-19 08:35:48 +02:00
Alexandre Dulaunoy 734d57edf5
chg: [sigma] updated 2023-05-31 09:43:33 +02:00
iglocska 14301a9c4c
chg: [threat actors] added Volt Typhoon 2023-05-25 07:29:48 +02:00
Delta-Sierra e87b7bbf73 complete VENOM SPIDER threat actor 2023-05-23 11:43:20 +02:00
Delta-Sierra 18ee466ae4 add Hagga threat actor 2023-05-22 15:44:18 +02:00
Delta-Sierra 9c9561bce8 fix metasploit desc in value (ty cvandeplas) 2023-05-15 10:23:05 +02:00
Delta-Sierra d202ed9f3f Merge https://github.com/MISP/misp-galaxy 2023-05-15 09:54:25 +02:00
Delta-Sierra a3fffacab3 add APT43 + tools 2023-05-15 08:41:17 +02:00
Christophe Vandeplas 02c50184bf
chg: [attck4fraud] Full merge of E.A.S.T. data + updated script 2023-05-13 09:50:14 +02:00
Christophe Vandeplas 1d9f59eb2d
chg: [attck4fraud] more manual updates with E.A.S.T. data 2023-05-13 08:43:21 +02:00
marjatech 21266365da update malpedia 2023-05-11 14:34:41 +02:00
Alexandre Dulaunoy 810cbe5b49
chg: [sigma] updated to the latest version 2023-05-11 10:27:48 +02:00
Alexandre Dulaunoy a27fda701b
Merge pull request #849 from danielplohmann/patch-34 
adding APT43 (Mandiant) for Kimsuky.
 2023-05-09 18:29:34 +02:00
Daniel Plohmann 094d56057c
adding APT43 (Mandiant) for Kimsuky. 2023-05-09 14:35:41 +02:00
Thomas Dupuy bbbd006215 chg: [mitre] bump to v13. 2023-05-08 14:04:50 +00:00
Christophe Vandeplas 3c808921c3
chg: [attck4fraud] initial updates with E.A.S.T. data 
https://www.association-secure-transactions.eu/industry-information/fraud-definitions/
 2023-05-07 21:13:52 +02:00
Alexandre Dulaunoy c86c2a83ab
chg: [sigma] rules updated 2023-04-30 10:30:54 +02:00
Alexandre Dulaunoy 3dff8e65cb
Merge pull request #847 from Delta-Sierra/main 
add VEILEDSIGNAL and more
 2023-04-27 17:21:35 +02:00
Delta-Sierra 1649c3dfca Merge https://github.com/MISP/misp-galaxy 2023-04-27 10:04:30 +02:00
Delta-Sierra bd050668ef add VEILEDSIGNALand more 2023-04-27 09:53:49 +02:00
Sebastien Larinier ddc285581d Update threat-actor.json 2023-04-26 21:52:57 +02:00
Sebastien Larinier d60cca9302 Update threat-actor.json 
fix mistake
 2023-04-26 21:46:33 +02:00
Sebastien Larinier 142d4aeaef Update threat-actor.json 2023-04-26 14:26:48 +02:00
Alexandre Dulaunoy 095c44e2ac
chg: [attck4fraud] add ATM cash trapping in the matrix 2023-04-26 07:48:29 +02:00
Jürgen Löhel 15297c7b5f
chg [threat-actors] Add RedGolf 
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2023-04-24 16:59:18 -06:00
Christophe Vandeplas 79b80b0869
chg: [rels] more threat actor relations 2023-04-23 17:54:58 +02:00
Christophe Vandeplas 3c6c204f01
chg: [rels] more threat actor relations 2023-04-23 17:45:58 +02:00
Christophe Vandeplas 138c7c7ba8
chg: [rels] more relations on cluster "value" 2023-04-23 17:36:02 +02:00
Christophe Vandeplas bf7c5f1dd9
chg: [rels] threat-actor & MS activity group - on synonym 2023-04-23 11:56:41 +02:00
Christophe Vandeplas a5e7e0c95f
chg: [rels] threat-actor & MS activity group - on value 2023-04-23 11:55:57 +02:00
Christophe Vandeplas f070943ee9
chg: [atrm] updated to latest version 2023-04-23 07:45:16 +02:00
Alexandre Dulaunoy adc7a70cf9
chg: [microsoft-activity-group] country code added 2023-04-21 07:39:37 +02:00
Alexandre Dulaunoy 8688c41796
chg: [microsoft activity group] remove duplicate 2023-04-20 17:25:32 +02:00
Alexandre Dulaunoy 592361826a
fix: [microsoft activity group] duplicate in Microsoft source 2023-04-20 17:20:57 +02:00
Alexandre Dulaunoy 309f4f2ea5
chg: [microsoft-activity-group] updated following contribution from @botlabsDev script 2023-04-20 17:04:05 +02:00
Alexandre Dulaunoy 2cc6bdfbc1
chg: [sigma] rules updated 2023-04-20 12:17:46 +02:00
Sebastien Larinier 862badf2c9 Update threat-actor.json 2023-04-19 17:41:44 +02:00
Sebastien Larinier 1c751b1ea8 Update threat-actor.json 2023-04-19 17:34:50 +02:00
Sebastien Larinier 165ce70a28
Merge branch 'MISP:main' into main 2023-04-19 16:48:02 +02:00
Sebastien Larinier 87ef0a400e Update threat-actor.json 2023-04-19 15:42:14 +02:00
Sebastien Larinier a77dc82c0a Update threat-actor.json 
new apt30 group
 2023-04-19 15:35:36 +02:00
Delta-Sierra 063ac9fc71 jq? 2023-04-19 15:10:25 +02:00
Delta-Sierra ecb7e79a6e Merge https://github.com/MISP/misp-galaxy 2023-04-19 15:06:51 +02:00
Tobias Mainka 8d2b9537f1
replace "sector" tag with "country" for matching data. this allows to be confirm with existing clusters. 2023-04-19 12:38:37 +02:00
Sebastien Larinier 926035633f
Merge branch 'MISP:main' into main 2023-04-19 11:55:57 +02:00
Alexandre Dulaunoy ccc8f0f801
chg: [microsoft-activity-group] updated to map the new funky Microsoft "taxonomy" 
Script to generate the cluster is the following, UUIDv5 based on
standard misp-stix source UUIDv4.

~~~python
lcluster = []
for v in data:
    cluster = {}
    cluster['value'] = v['threat_actor']
    cluster['meta'] = {}
    cluster['meta']['sector'] = v['sector']
    cluster['meta']['synonyms'] = v['synonyms']
    cluster['meta']['refs'] = []
    cluster['meta']['refs'].append('https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide')
    _uuid = uuid.uuid5(uuid.UUID("76beed5f-7251-457e-8c2a-b45f7b589d3d"), "{}".format(cluster['value']))
    cluster['uuid'] = str(_uuid)
    lcluster.append(cluster)
~~~

Relationships might be added in a later stage to map with the MISP threat actor galaxy.
 2023-04-19 10:47:11 +02:00
Daniel Plohmann 41afab1c06
adding Trend Micro alias Earth Smilodon for APT27 2023-04-18 20:11:57 +02:00
Delta-Sierra 6b8994271e add relationships for HALFRIG & QUATTERRIG 2023-04-18 12:20:20 +02:00
Daniel Plohmann 02e23a9a47
adding Google alias HOODOO for APT41 2023-04-17 22:32:50 +02:00
Delta-Sierra 4a4fa6d16f fix versions 2023-04-17 11:32:51 +02:00
Delta-Sierra 6d5df91efa add relationship SNOWYAMBER & Notion 2023-04-17 11:31:48 +02:00
Delta-Sierra 233a066a03 Merge https://github.com/MISP/misp-galaxy 2023-04-17 11:16:23 +02:00
Delta-Sierra d4225c5469 add some SNOWYAMBER relationships 2023-04-17 11:16:21 +02:00
Alexandre Dulaunoy 91af071bae
new: [online-service] online service added 2023-04-17 10:59:18 +02:00
Alexandre Dulaunoy 5f9760923f
Merge pull request #838 from Delta-Sierra/main 
Adding SNOWYAMBER, HALFRIG, QUARTERRIG tools & PowerMagic backdoor
 2023-04-14 16:03:57 +02:00
Delta-Sierra 8e9880d932 Add SNOWYAMBER, HALFRIG, QUARTERRIG tools 2023-04-14 15:59:42 +02:00
Delta-Sierra c5590ff79a add PowerMagic backdoor 2023-04-13 14:11:36 +02:00
Daniel Plohmann a966b3ff88
adding Trend Micro alias Earth Preta for Mustang Panda 2023-04-12 16:59:36 +02:00
Alexandre Dulaunoy 2763cdd72b
chg:[sigma] Sigma rules updated 2023-04-12 11:44:43 +02:00
Delta-Sierra 8c831d70c8 jq 2023-04-11 15:06:59 +02:00
Delta-Sierra d30e7357fe merge 2023-04-11 13:57:30 +02:00
Delta-Sierra eb9254713a Add more ransomwares from ransomlook 2023-04-11 13:56:29 +02:00
Alexandre Dulaunoy 3cc7e03af6
new: [stealer] add Sordeal Stealer 2023-04-11 09:54:02 +02:00
Alexandre Dulaunoy cbf12d9289
Merge pull request #833 from jloehel/HinataBot 
chg[botnet]: Add HinataBot
 2023-04-04 10:17:07 +02:00
Jürgen Löhel 647fc025d7
chg[botnet]: Add HinataBot 
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2023-04-03 11:19:08 -06:00
Alexandre Dulaunoy 15a03e877e
chg: [sigma] updated 2023-03-29 10:33:57 +02:00
Sebdraven 8713618777 Update threat-actor.json 
add new ref for sidecopy
 2023-03-23 09:13:23 +01:00
Sebdraven f5d68aa08d Update threat-actor.json 
delete ref to APT30 for Naikon
 2023-03-23 08:49:17 +01:00
Sebdraven d5843d46e2 Update threat-actor.json 
add ref to Aoqin Dragon
 2023-03-21 18:40:10 +01:00
Alexandre Dulaunoy 122a0bd39b
fix: [ransomware] fix duplicate Value "Cuba" 2023-03-19 11:03:12 +01:00
Alexandre Dulaunoy f2305dc165
Merge pull request #829 from Delta-Sierra/main 
update based on ransomlook+1
 2023-03-16 19:18:54 +01:00
Delta-Sierra 12f69a6082 update based on ransomlook 2023-03-16 15:24:44 +01:00
Mathieu Beligon d82ff1ecfb [threat-actors] Add Anonymous Sudan 2023-03-15 17:38:03 -05:00
Daniel Plohmann c39b46e9d5
Update threat-actor.json 
when value "Sofacy" was changed to "APT28", it seems Sofacy was not added to aliases, so it's missing right now.
 2023-03-15 14:55:25 +01:00
Delta-Sierra 74390b27c5 Merge https://github.com/MISP/misp-galaxy 2023-03-13 09:59:04 +01:00
Delta-Sierra c4eca7dfe1 more from ransomlook 2023-03-13 09:59:00 +01:00
Jürgen Löhel 9f9a263394
chg [tool]: Add tools used by TA866 during the Screentime campaign 
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2023-03-08 21:46:11 -06:00
Jürgen Löhel 031a4c8030
chg [stealer]: Add Rhadamanthys 
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2023-03-08 21:45:39 -06:00
Jürgen Löhel 437d4a30e5
chg [tds]: Add 404 TDS 
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2023-03-08 21:45:13 -06:00
Jürgen Löhel 2d30785af5
chg [threat-actors] Add TA866 
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2023-03-08 21:44:16 -06:00
Alexandre Dulaunoy 57f3e46273
chg: [sigma] updated 2023-03-07 12:14:48 +01:00
Alexandre Dulaunoy e7b97edaa4
chg: [ransomware] fixing duplicate cluster element Avaddon 2023-03-07 12:06:56 +01:00
Alexandre Dulaunoy 6db5b0b0cb
Merge pull request #824 from Delta-Sierra/main 
update based on ransomlook
 2023-03-06 16:23:48 +01:00
Delta-Sierra bed6bf8dd6 fix stupid duplicate-bis 2023-03-06 16:10:23 +01:00
Delta-Sierra d561350f7b fix stupid duplicate 2023-03-06 16:04:28 +01:00
Delta-Sierra 96cb1e22ba update based on ransomlook 2023-03-06 15:55:46 +01:00
Mathieu Beligon 395ffda94f [threat-actors] bump version 2023-03-02 10:29:52 -08:00
Mathieu Beligon e1407c3c3f [threat-actors] Add SLIPPY SPIDER alias to LAPSUS 2023-03-02 10:29:29 -08:00
Mathieu Beligon 4bbee8c1e7 [threat-actors] Add PROPHET SPIDER 2023-03-02 10:19:24 -08:00
Mathieu Beligon 61cb24a3fc [threat-actors] Add Nemesis Kitten 2023-03-01 16:37:42 -08:00
Mathieu Beligon 84faa3c92b [threat-actors] Add Karakurt 2023-03-01 16:34:03 -08:00
Mathieu Beligon 7d371b4c80 [threat-actors] Add CYBORG SPIDER alias to GOCLD BURLAP 2023-03-01 15:45:41 -08:00
Mathieu Beligon fa57354471 [threat-actors] Add Chamelgang 2023-03-01 15:40:23 -08:00
Mathieu Beligon bff978e4d1 [threat-actors] Add TA453 2023-03-01 15:24:55 -08:00
Mathieu Beligon 3406ad3aa9 [threat-actors] Add APT42 2023-03-01 15:18:53 -08:00
Mathieu Beligon 2567d6f1f8 [threat-actors] Add TA406 2023-03-01 15:01:22 -08:00
Rony 50624af741 add DEV-0147 https://twitter.com/MsftSecIntel/status/1625181255754039318 2023-02-25 20:18:09 +00:00
Rony cf727f034c
add other actor synonyms from Google's report https://services.google.com/fh/files/blogs/google_fog_of_war_research_report.pdf 2023-02-26 01:05:50 +05:30
Delta-Sierra 27f4c9fcdc synonyms must be an array 2023-02-23 14:26:20 +01:00
Delta-Sierra 0ca7675a5f Merge https://github.com/MISP/misp-galaxy 2023-02-23 14:16:00 +01:00
Delta-Sierra 55725c771e add/update ransomware based on ransomlook 2023-02-23 14:15:09 +01:00
Tom King e52eefa0e7 chg: [mitre] updated with correct ID parsing 2023-02-21 10:36:37 +00:00
Christophe Vandeplas 9f73ff73ac fix: [first-dns] corrected typo 2023-02-21 10:54:30 +08:00
Christophe Vandeplas e2f2026fea chg: [first-dns] Adds FIRST DNS Abuse Techniques Matrix 2023-02-21 10:26:46 +08:00
Christophe Vandeplas a6a9a73ae5 chg: [360net] updated to latest online version 2023-02-20 20:03:36 +08:00
Alexandre Dulaunoy 6460fde2e4
chg: [threat-actor] version updated 2023-02-16 14:43:45 +01:00
Daniel Plohmann 91255413d8
adding Google names for RU threat actors 
https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/
 2023-02-16 14:30:05 +01:00
Alexandre Dulaunoy 73bd7d0983
Merge pull request #818 from Mathieu4141/threat-actors/proofpoint-aliases 
[threat actors] Adding some actors from ProofPoint
 2023-02-14 06:40:22 +01:00
Mathieu Beligon 9f09699047 [threat-actors] Fix: country was in the wrong place 2023-02-13 16:47:38 -08:00
Mathieu Beligon ac067a236e [threat-actors] fix: Add missing uuids 2023-02-13 16:36:41 -08:00
Mathieu Beligon a792115dd8 fix 2023-02-13 16:26:10 -08:00
Mathieu Beligon 8193b05e14 [threat-actors] bump version 2023-02-13 14:18:58 -08:00
Mathieu Beligon d34e894d2d [threat-actors] Add TA2536 2023-02-13 13:45:41 -08:00
Mathieu Beligon 20c31a5d10 [threat-actors] Add TA577 2023-02-13 13:32:24 -08:00
Mathieu Beligon e836a4a63c [threat-actors] Add TA575 2023-02-13 12:02:32 -08:00
Mathieu Beligon c52ac53765 [threat-actors] Add TA570 2023-02-13 11:54:47 -08:00
Mathieu Beligon 5f274f58c9 [threat-actors] Add Moskalvzapoe 2023-02-13 11:44:59 -08:00
Daniel Plohmann 62256854bc
adding Broadcom name for SaintBear. 2023-02-13 14:05:35 +01:00
Mathieu Beligon 33ff650327 [threat-actors] Add more information about NoName057(16) 2023-02-10 14:14:52 -08:00
Alexandre Dulaunoy 9645b9348b
chg: [tools] TgToxic added 2023-02-09 16:24:45 +01:00
o1mate 239883e2a9 Merging the handguns and shotguns clusters into a single firearm cluster. 2023-02-06 03:28:49 -05:00
Alexandre Dulaunoy 385826063b
chg: [sigma] updated to the latest version 2023-02-05 11:26:16 +01:00
Daniel Plohmann 9710e09e17
new APT29 name used by Recorded Future 
cf. https://go.recordedfuture.com/hubfs/reports/cta-2023-0127.pdf
 2023-02-02 11:46:50 +01:00
Alexandre Dulaunoy 3d6ec1b187
chg: [sigma] updated to the latest version 2023-02-02 11:25:19 +01:00
Jürgen Löhel cf492d9931
chg: [stealer] Adds Album Stealer 
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2023-02-01 17:30:56 -06:00
Alexandre Dulaunoy 033895b052
Merge pull request #812 from jloehel/boldmove 
chg: [backdoor] Adds BOLDMOVE
 2023-01-31 06:24:59 +01:00
Jürgen Löhel c7c2b8441a
chg: [stealer] Removes BluStealer 
The BluStealer is already in the malpedia cluster.

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2023-01-30 18:35:28 -06:00
Jürgen Löhel ca635cc3fc
chg: [stealer] Adds DarkCloud and BluStealer 
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2023-01-30 18:29:25 -06:00
Jürgen Löhel 33513241bd
chg: [backdoor] Adds BOLDMOVE 
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2023-01-30 16:39:11 -06:00
Alexandre Dulaunoy 150e3152cc
Merge pull request #809 from MISP/dev 
Updated the `region` cluster
 2023-01-27 15:08:16 +01:00
Alexandre Dulaunoy b7543c5012
Merge pull request #789 from Mathieu4141/threat-actors/fix-sectorj04 
[threat-actors] Remove SectorJ04 duplicate
 2023-01-27 15:05:37 +01:00
Mathieu Beligon a452263ace [threat-actors] pr.review: Add SectorJ04 as alias of TA505 2023-01-27 13:32:58 +01:00
o1mate 0b661d4f80 Added two new galaxies : An ammunition galaxy containing a list of known sold ammunitions ordered by brands, and a firearm galaxy containing two clusters (handguns, shotguns) scrapped from a famous vendor and ordered by model name (Format : Model name - SKU). 2023-01-26 08:34:38 -05:00
Delta-Sierra 89bb349184 Merge https://github.com/MISP/misp-galaxy 2023-01-26 11:46:14 +01:00
Delta-Sierra 0bb1f48ad6 fix missing brackets 2023-01-25 14:47:22 +01:00
Christian Studer e87d39e3f4
fix: [region] JQed all the things !! 2023-01-25 09:24:52 +01:00
Delta-Sierra 50ca40e408 add Anubis & Godfather android banking trojans 2023-01-25 09:05:19 +01:00
Christian Studer 51610df907
chg: [region] Updated the `region` Galaxy Cluster 
- Added missing entry (Antarctica)
- Ordered the `subregions` meta field
 2023-01-24 22:53:54 +01:00
ofenomeno cb8d700e62 adding uavs 2023-01-24 19:55:46 +01:00
Alexandre Dulaunoy 2f0dfc7656
chg: [sigma] updated 2023-01-23 10:10:46 +01:00
Alexandre Dulaunoy 4a342354f9
chg: [sigma] updated 2023-01-20 13:58:11 +01:00
Christian Studer 5c21588d7c
add: [country] Manually added the missing relations to some `country` cluster values 
- The previous commit (071ecb8) that added the
  mahority of relations between countries and
  regions were automatically added based on the
  country names specified in the `region` cluster.
  The relations added here are the remaining
  countries that are not litterally defined the
  same way they are in the `region` cluster
 2023-01-16 22:22:42 +01:00
Christian Studer 325f51479b
chg: [country] Clarified the US cluster value 2023-01-16 22:20:30 +01:00
Christian Studer 071ecb8a52
add: [country] Added references between `country` cluster values and the related region they're located in, from the `region` galaxy cluster 2023-01-16 21:35:22 +01:00
Alexandre Dulaunoy 323f9f47a1
chg: [sigma] version must be an integer 2023-01-12 16:45:21 +01:00
Alexandre Dulaunoy fd226d47a2
chg: [sigma] new version of the cluster 2023-01-12 14:10:22 +01:00
Alexandre Dulaunoy c0fdfb0e99
chg: [sigma] updated with latest version + new relationship script 2023-01-12 13:46:31 +01:00
Alexandre Dulaunoy e54366fb87
chg: [threat-actor] added the missing synonyms 2023-01-10 15:55:30 +01:00
Alexandre Dulaunoy 187701bacb
chg: [sigma] regenerated from the test script (also updated the script 
to ensure UUID consistency for the galaxy)
 2023-01-06 15:36:33 +01:00
Alexandre Dulaunoy 9955401791
chg: [sigma] jq all the things 2023-01-06 15:13:35 +01:00
Alexandre Dulaunoy 8539361df5
Merge branch 'main' of https://github.com/jstnk9/misp-galaxy into jstnk9-main 2023-01-06 15:11:27 +01:00
jstnk9 5bcec1d72f
Merge branch 'MISP:main' into main 2023-01-03 11:10:49 +01:00
Jürgen Löhel d4debd619b
chg: [ransomware] Extends the entry for JCrypt 
* Add the reference to MafiaWare666 based on the latest research from
  the Avast Threat Lab: https://decoded.avast.io/threatresearch/decrypted-mafiaware666-ransomware/
* Add more infos from Andrew Ivanovs the great blog post: https://id-ransomware.blogspot.com/2020/12/jcrypt-ransomware.html

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2022-12-23 01:44:20 -06:00
Delta-Sierra 3f4edb480b add Malteiro 2022-12-16 16:43:50 +01:00
jstnk9 cb19f6bda7 galaxy for sigma rules 2022-12-09 08:48:54 +01:00
Delta-Sierra 5931f51d7a add TAG-53 2022-12-08 11:31:02 +01:00
Delta-Sierra 3ea2d62a83 Version Update 2022-11-28 16:27:54 +01:00
Delta-Sierra 6016b1000c Merge https://github.com/MISP/misp-galaxy 2022-11-28 16:17:08 +01:00
Delta-Sierra 5d83563e0e Fix Duplicate 2022-11-28 16:15:40 +01:00
Delta-Sierra 6c36295318 Update several RAT & Ransomwares 2022-11-28 16:13:38 +01:00
Alexandre Dulaunoy de12f46ba6
chg: [mitre] updated 2022-11-28 12:48:29 +01:00
Alexandre Dulaunoy fda4160bed
chg: [target-information] fix the duplicate 2022-11-24 15:08:16 +01:00
Alexandre Dulaunoy f15e4ed3bc
chg: [target-information] duplicate removal 2022-11-24 15:05:47 +01:00
Alexandre Dulaunoy 1d9a73abdd
chg: [target] fix duplicate synonyms 2022-11-24 15:03:18 +01:00
Christian Studer e3126ef857
fix: [clusters] Fixed some other few `meta` field names 2022-11-24 09:17:28 +01:00
Christian Studer 823124d422
fix; [mitre-ics-assets] Fixed some `refs` meta field names 2022-11-23 20:44:46 +01:00
Christian Studer 493a5bf94e
fix: [target-information] Fixed `synonyms` meta field name 2022-11-23 20:40:35 +01:00
Alexandre Dulaunoy 5c979ae554
fix: [tool] Houdini relationship to something which exist (ok I know it's Houdini) 2022-11-22 15:19:40 +01:00
Alexandre Dulaunoy 0b6034d9be
Merge pull request #800 from Delta-Sierra/main 
Add ransomwares
 2022-11-22 15:11:42 +01:00
Alexandre Dulaunoy 8947d0035b
fix: [sigma rules] until new the PR and tool is done for sigma. The 
galaxy is removed.
 2022-11-22 15:08:17 +01:00
Delta-Sierra 5f0d7f6d68 add VJw0rm description 2022-11-22 14:55:10 +01:00
Delta-Sierra f4abf37b01 fix versions 2022-11-22 12:45:15 +01:00
Delta-Sierra c02b74f999 merge 2022-11-22 12:43:18 +01:00