MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity
846 Commits
6 Branches
46 Tags
319 MiB
Commit Graph

447 Commits (8d4053741b10e57f21f43eaa7abc3c3e89bf5d00)

Author SHA1 Message Date
Alexandre Dulaunoy 8c09223477 The product from NSO Group Technologies added to the list of tools. 
The Pegasus name is used as synonym of Chrysaor ;-)
 2017-04-04 20:42:08 +02:00
Alexandre Dulaunoy 0578d7b7b1 The mysterious ZIRCONIUM activity group added 2017-04-03 19:44:36 +02:00
nyx0 78cdb10aae Add new Sednit name according to https://www.secureworks.com/research/iron-twilight-supports-active-measures 2017-03-31 09:28:50 -04:00
Alexandre Dulaunoy b3f1069686 Trochilus and MoonWind RATs added 2017-03-30 15:01:23 +02:00
Alexandre Dulaunoy f0e42a1818 KHRAT added 2017-03-29 16:37:31 +02:00
chrisdoman dbf989c742 Added descriptions and reference to threat-actor json 2017-03-22 12:52:05 +00:00
Raphaël Vinot 1ed0558c07 Merge branch 'master' into master 2017-03-16 17:38:59 +01:00
Raphaël Vinot e1b5701351 JQ all the things 2017-03-16 17:31:43 +01:00
Raphaël Vinot 0d8d265319 Fix typo. 2017-03-16 17:27:17 +01:00
CERT-Bund 4112a041f7 Added groups, joined groups, added synonyms (see extended description) 
Added: HammerPanda, Barium, Infy, Sima, Groundbait
Joined: StrongPity and Promethium
Synonyms: Lead as Winnti, Moonlight as MoleRats, FalloutTeam as DarkHotel, DustStorm as StonePanda, Skipper and Popeye as Pacifier
 2017-03-16 17:02:55 +01:00
Alexandre Dulaunoy 71ad9099c4 IMEIJ added 2017-03-13 13:59:46 +01:00
Kafeine 73a82418df Empire status, Nebula, Blaze/Terror 2017-03-02 21:29:19 +00:00
Alexandre Dulaunoy e002e62204 missing \n at the end of the file 2017-03-01 14:55:45 +01:00
Chris Doman 9e5c983a65 Ran jq 2017-03-01 13:24:00 +00:00
Chris Doman e934f88b3b Added references 
Mostly added references to existing groups
Capitalised DarkHotel, put a space in APT30 default name (the others
had that)
 2017-03-01 12:53:52 +00:00
Alexandre Dulaunoy a224c7ce5e add: Gamaredon Group added 2017-02-28 09:17:33 +01:00
Christophe Vandeplas 048b831f53 minor correction 2017-02-27 11:00:48 +01:00
Thanat0s 07cc13feb8 remove duplicate of ratdecode import 2017-02-27 00:38:39 +01:00
Thanat0s 9eb2d097f2 add a bunch of rat from ratdecoder list 2017-02-27 00:23:56 +01:00
Thanat0s 849ca3ebbc Pimp Epic turla 2017-02-26 23:38:50 +01:00
Thanat0s f1ea577e95 pimp and agreggate turla 2017-02-26 23:24:51 +01:00
Thanat0s 3774f05237 Somes alias fetch from : https://attack.mitre.org/wiki/Groups 2017-02-26 23:07:42 +01:00
Thanat0s 2d658a6577 pimp comrat 2017-02-26 22:53:51 +01:00
Thanat0s b865342f2e pimp xneteagle 2017-02-26 22:47:16 +01:00
Thanat0s f4584f3900 pimp xscontrol 2017-02-26 22:41:51 +01:00
Thanat0s b400edbe9b Update Xagent from aptnote Bitdefender-Whitepaper-APT-Mac-A4-en-EN-web(02-23-2017) 2017-02-26 20:40:44 +01:00
Thanat0s 51eee31c21 Pimp lecna/Backspace 2017-02-26 20:16:59 +01:00
Thanat0s 0d0ba42f15 Pimp lecna/Backspace 2017-02-26 20:16:46 +01:00
Thanat0s cdc80e5596 Pimp RarStone 2017-02-26 20:02:34 +01:00
Thanat0s ca68abc0e8 Pimp Pirpi. Hard to say:) 2017-02-26 19:56:17 +01:00
Thanat0s 6e78746a6c pimp webc2 2017-02-26 19:37:10 +01:00
Thanat0s 0775bfce62 pimp winnti 2017-02-26 19:26:21 +01:00
Thanat0s 8de827977c Pimp nettraveler 2017-02-26 19:21:41 +01:00
Thanat0s 7d62d8c3e7 cleanup zeus duplicate in alias and name 2017-02-26 17:08:43 +01:00
Thanat0s 93df12be35 update apt28 tools 2017-02-26 17:06:19 +01:00
Thanat0s afe682cf3f Remove duplicate AlienSpy 2017-02-26 16:52:59 +01:00
Thanat0s 47903f8394 add info to the famous mimikatz 2017-02-25 02:28:43 +01:00
Thanat0s d4e3a08995 add moudor info 2017-02-25 02:22:30 +01:00
Thanat0s 3d79a82bf5 Add Tinba banking 2017-02-25 02:08:51 +01:00
Thanat0s 7eb98609a3 udpate trojan.main 2017-02-25 01:42:33 +01:00
Thanat0s 59b5ed6c1b update evilgrab 2017-02-25 01:30:10 +01:00
Thanat0s 724e836ae9 remove coreshell duplicate 2017-02-25 01:18:03 +01:00
Thanat0s e98de5cb5e add derusbi 2017-02-25 01:12:42 +01:00
Thanat0s bce60b0318 merge IEchecker et sasfi 2017-02-25 01:06:19 +01:00
Thanat0s 50d2b1c871 go for caro, add hi-zor 2017-02-25 00:42:44 +01:00
Thanat0s d502d5b5bf fix side victims of schemaupdate 2017-02-24 23:46:44 +01:00
Thanat0s a29a5afbe8 update 2 array 2017-02-24 23:36:45 +01:00
Thanat0s 7265af6612 go 4 string 2017-02-24 16:24:59 +01:00
Thanat0s b124d8a08d Follow the format 2017-02-24 15:52:08 +01:00
Thanat0s 8240e5f661 json typo 2017-02-24 14:05:57 +01:00
Thanat0s 8c2c47810e Locky removed > ransomware 2017-02-24 14:00:42 +01:00
Thanat0s c1848b1a3a json issue 2017-02-24 13:59:14 +01:00
Thanat0s f496c34fda generic plugx names 2017-02-24 13:57:33 +01:00
Thanat0s bb088f97d1 Update 2017-02-24 13:56:33 +01:00
Thanat0s 0513668fcf Remove JOYRat -> team -> https://www.crowdstrike.com/blog/whois-numbered-panda/ 2017-02-24 13:46:12 +01:00
Thanat0s 796382d4ab Remove Lstudio (group using elise) , add info to PWOBOT 2017-02-24 13:39:53 +01:00
Thanat0s c6ac4d847c Remove EK and Ransomwares 2017-02-24 13:25:38 +01:00
Thanat0s b75e9cf59d Gutemberg on first 10 2017-02-23 10:14:18 +01:00
Alexandre Dulaunoy 644e429110 PupyRAT added 2017-02-20 17:34:55 +01:00
Raphaël Vinot 7db66e05dd Strict schema, update clusters accordingly 2017-02-14 11:34:59 +01:00
Raphaël Vinot 910398fe76 Fix validation, remove duplicate. 2017-02-13 18:52:54 +01:00
Alexandre Dulaunoy 6fb89a644f Merge branch 'master' of github.com:MISP/misp-galaxy 2017-02-10 10:10:00 +01:00
Alexandre Dulaunoy 5442a262ab StreamEX added 2017-02-10 10:09:37 +01:00
Alexandre Dulaunoy 87296fe95c Merge pull request #29 from Delta-Sierra/master 
add Erebus ransomware
 2017-02-09 09:20:58 +01:00
Déborah Servili 8817d4869d add Erebus ransomware 2017-02-09 08:46:21 +01:00
Kafeine a9b9b6f6e1 +Pangimop, alias Microsoft for magnitude 2017-02-06 19:31:21 +00:00
Kafeine 286820f19a Fix 2017-02-06 19:29:55 +00:00
Kafeine f557f9c0c0 +Derbit alias for Sundown 2017-02-06 19:28:06 +00:00
Alexandre Dulaunoy f3f5b3b3ac Merge pull request #28 from Kafeine/master 
Added Microsoft Naming
 2017-02-05 18:03:16 +01:00
Kafeine 645c2e527e Indent 2017-02-05 16:58:56 +00:00
root 06da6ce154 Added Microsoft Naming 2017-02-05 17:52:57 +01:00
Alexandre Dulaunoy 30d9233db6 ZeroT added 2017-02-03 22:26:40 +01:00
Alexandre Dulaunoy 762ee63bf7 Merge branch 'master' of github.com:MISP/misp-galaxy 2017-01-31 09:21:32 +01:00
Alexandre Dulaunoy 92bb392653 Flokibot added 2017-01-31 09:21:19 +01:00
Déborah Servili d6cab37977 change author name to 'Various' 2017-01-31 09:11:26 +01:00
Déborah Servili da331d6ca6 add ransomware galaxy 2017-01-30 15:45:20 +01:00
cgi af16b7c6a1 Adding Zeus to tools 2017-01-26 11:23:37 +01:00
Alexandre Dulaunoy d09b25f2a0 fix: BARIUM and LEAD added 2017-01-25 19:58:50 +01:00
Alexandre Dulaunoy abca7a02d0 Greenbug added 2017-01-23 16:20:09 +01:00
Alexandre Dulaunoy 8ed7374028 Tavdig was missing 2017-01-20 15:31:25 +01:00
Alexandre Dulaunoy 8987006c5d LuminosityLink RAT added 2017-01-19 14:16:55 +01:00
Alexandre Dulaunoy 44cc53d956 EyePyramid added 2017-01-19 08:30:46 +01:00
Alexandre Dulaunoy 7a97b1bcb2 Merge branch 'master' of github.com:MISP/misp-galaxy 2017-01-17 20:56:36 +01:00
Alexandre Dulaunoy 18153f3151 GhostAdmin added 2017-01-17 20:55:27 +01:00
Déborah Servili edea2d25ee add APT28's tools 2017-01-16 12:08:20 +01:00
Alexandre Dulaunoy 19406277d4
Equation Group added 2017-01-13 08:23:03 +01:00
Alexandre Dulaunoy 7ede54c76c "the shoemaker's son always goes barefoot" Regin added 2017-01-13 08:18:41 +01:00
Alexandre Dulaunoy 233562ddc4 Merge pull request #17 from Delta-Sierra/master 
begin preventive-measure galaxy
 2017-01-12 14:32:11 +01:00
Déborah Servili 8c740065c0 complete preventive-measure 2017-01-12 11:48:10 +01:00
Alexandre Dulaunoy a42d4c4f4f Shamoon added 2017-01-11 22:46:04 +01:00
Déborah Servili 733f065851 begin preventive-measure galaxy 2017-01-11 16:14:45 +01:00
Alexandre Dulaunoy 649c043ad2
Import manually cert-eu contribution 
- Fix the meta attributes (like the motive field ) to be within meta and not
   outside
 - Remove some "null" values that seems to come from previous tests
 - Pretty-print the Javascript (better for diffing)
 2017-01-09 23:07:57 +01:00
Alexandre Dulaunoy bb47f52d24
MM Core added 2017-01-08 11:23:01 +01:00
Alexandre Dulaunoy 5e5a6119f5 Shiz Trojan + Shifu 2017-01-07 14:48:45 +01:00
Alexandre Dulaunoy fd030a4314 GeminiDuke added 2017-01-06 22:35:50 +01:00
Alexandre Dulaunoy a6cb478a3b Separate APT30 from Naikon group 2017-01-06 22:26:53 +01:00
Alexandre Dulaunoy ea9ebaf5d6 PassCV group added 2017-01-06 13:51:22 +01:00
Alexandre Dulaunoy c3364add3c Cadelle and Chafer groups added 2017-01-06 13:25:30 +01:00
root 45c7f28afd TDS Cluster: EOF 2017-01-05 16:03:04 +01:00
root 7094d30926 EK and TDS clusters : several minor fixes 2017-01-05 14:53:56 +01:00
root 9128289bc5 EK and TDS clusters : Removed empty entries 2017-01-05 14:41:57 +01:00
root 7df3b0b7b6 TDS Cluster: json fix 2017-01-05 14:34:27 +01:00
root d2dc4e8182 EK Cluster : several fixes 2017-01-05 14:28:01 +01:00
root 9efa19fa47 EK Cluster typo fix 2017-01-05 14:20:42 +01:00
root 5dbcac9c30 EK Cluster update 2017-01-05 14:18:14 +01:00
root 9517f26120 Mwi added 2017-01-05 14:12:30 +01:00
root 8389a3e1f3 Init 2017-01-05 14:07:14 +01:00
Alexandre Dulaunoy 8280512e5b Various updates including the addition of Chthonic Banking Trojan 2017-01-04 11:03:39 +01:00
Alexandre Dulaunoy c38f62ae12 Packrat added 2016-12-30 12:47:47 +01:00
Alexandre Dulaunoy 120b2581cf DownRage added 2016-12-30 11:39:23 +01:00
Alexandre Dulaunoy 0418340c21 Java RAT updated 2016-12-27 17:59:30 +01:00
Alexandre Dulaunoy 86e2545b08 Merge branch 'master' of github.com:MISP/misp-galaxy 2016-12-23 13:47:16 +01:00
Alexandre Dulaunoy a368cda3bd Seaduke added 2016-12-23 13:46:53 +01:00
Déborah Servili f03252a555 ##comma## 2016-12-22 14:13:46 +01:00
Déborah Servili 136ed05521 Add microsoft-activity-group cluster 2016-12-22 11:01:15 +01:00
Alexandre Dulaunoy d37db31a75 Operation Iron Tiger added as synonym 2016-12-17 09:51:13 +01:00
Alexandre Dulaunoy 3deb47a9c8 Molerats, PROMETHIUM and NEODYMIUM added 2016-12-17 09:40:47 +01:00
Alexandre Dulaunoy 55f21451cc BlackEnergy malware family added 2016-12-17 09:26:42 +01:00
Alexandre Dulaunoy ff17ac998e TeleBots group added 2016-12-13 19:37:30 +01:00
Alexandre Dulaunoy 3a657ace36 TERBIUM added 2016-12-13 09:11:16 +01:00
Alexandre Dulaunoy d5c3312240 Mirai and BASHLITE added 2016-12-10 12:08:09 +01:00
Iglocska 65b83f7305 Added missing file 2016-12-07 07:53:24 +01:00
Iglocska c890a48e15 fix: Naming normalisation 2016-12-07 07:51:27 +01:00
Alexandre Dulaunoy d834ec1f52 Singular everywhere 2016-12-04 17:37:29 +01:00
Alexandre Dulaunoy f044004924 Singular everywhere 2016-12-04 17:37:06 +01:00
Alexandre Dulaunoy 211f03a1ab Structure ready for MISP 2.4.56 2016-11-30 14:46:31 +01:00
Alexandre Dulaunoy 734eb1c51d Fixed to merge PR #11 2016-11-29 10:58:36 +01:00
Alexandre Dulaunoy 7f02f62c57 meta added as required by MISP 2.4.56 2016-11-28 12:51:55 +01:00
Alexandre Dulaunoy e7cef8bf14 Add a source field for the clusters (required for MISP 2.4.56) 2016-11-27 16:41:45 +01:00
Christophe Vandeplas b68f9fe17e Metushy, Uroburos, Pfinet synonyms added 2016-11-23 14:39:42 +01:00
Alexandre Dulaunoy f0678ac63a Yahoyah added 2016-11-23 10:19:17 +01:00
Alexandre Dulaunoy 4c657eecac Tropic Trooper added 2016-11-23 10:13:07 +01:00
Alexandre Dulaunoy b38799044d KeyBoy malware added 2016-11-21 09:21:55 +01:00
Christophe Vandeplas b97e73b7d3 added Callisto 2016-11-16 10:36:49 +01:00
Christophe Vandeplas ea0f727aac removed duplicates 2016-11-16 10:36:36 +01:00
Christophe Vandeplas 002728de4c Added Rocket Kitten 2016-11-10 11:16:42 +01:00
Alexandre Dulaunoy cf6a8c5b2e Description added for Volatile Cedar 2016-11-07 16:18:02 +01:00
Alexandre Dulaunoy 1b92f13c93 Explosive malware added 2016-11-07 16:17:09 +01:00
Alexandre Dulaunoy 0363dc607b Volatile Cedar added 2016-11-07 16:15:21 +01:00
Alexandre Dulaunoy e885463592 OilRig added 2016-11-07 16:10:04 +01:00
Iglocska dbed3ac17d Merge branch 'master' of https://github.com/MISP/misp-galaxy 2016-11-07 03:35:18 +01:00
Iglocska 556908bfd6 Some small fixes 
- more uniform pluralisation
- Added display name fields
 2016-11-07 03:34:40 +01:00
Alexandre Dulaunoy 1e9e44c89d Empire post-exploitation tool added 2016-11-06 10:51:28 +01:00
Alexandre Dulaunoy 48a62339e8 Threat actors simplified (no more groups) it's already in the value 
field
 2016-10-31 11:44:19 +01:00
Iglocska b6e1c478a7 Some small fixes 2016-10-31 09:39:17 +01:00
Iglocska 90e19ecbac Some small changes 2016-10-31 09:33:41 +01:00
Iglocska bd23721e0a Moving things around 2016-10-30 16:58:37 +01:00