1466 Commits (ad795606cfc5fdd7bcf2b201df2ace2f0b4d228e)

Author	SHA1	Message	Date
Rony	ad795606cf	added HAFNIUM ... Updates: Tonto Team UNC2452	2021-03-04 00:10:33 +05:30
Thomas Dupuy	f842694fda	Update Infy TA.	2021-03-02 14:37:01 -05:00
Alexandre Dulaunoy	524676282e	Merge branch 'main' of github.com:MISP/misp-galaxy into main	2021-02-26 08:30:58 +01:00
Alexandre Dulaunoy	4692ced8fa	chg: [tool] SUNSPOT added	2021-02-26 08:28:01 +01:00
Rony	5c6f3a036b	removing DePrimon ... DePrimon is not a TA, added malfamily (waiting for approval) to Malpedia to better reflect that.	2021-02-24 21:55:04 +05:30
Thomas Dupuy	eeafff9768	Add RDAT backdoor	2021-02-23 11:15:31 -05:00
Thijsvanede	e9eb0c7a6c	Fix: rename "Innitial Access" to "Initial Access" ... Renamed mitre-ics-tactics "Innitial Access" to "Initial Access". Original was a minor spelling mistake. The fixed naming corresponds to the original ATT&CK framework description https://collaborate.mitre.org/attackics/index.php/Initial_Access	2021-02-19 12:01:47 +01:00
Thomas Dupuy	178e16dc13	Remove empty values.	2021-02-16 10:32:37 -05:00
Thomas Dupuy	4a7560d191	Add Exaramel and P.A.S. webshell tool.	2021-02-15 12:52:53 -05:00
Thomas Dupuy	93396c524d	Add Caterpillar WebShell.	2021-02-12 12:00:17 -05:00
Daniel Plohmann	d61e7d2fac	adding ClearSky alias for Volatile Cedar ... adding ClearSky report as source and alias to the VolatileCedar entry. As proof from the report: "We attributed the operation to Lebanese Cedar (also known as Volatile Cedar), mainly based on the code overlaps between the 2015 variants of Explosive RAT and Caterpillar WebShell, to the 2020 variants of these malicious files."	2021-01-29 10:39:18 +01:00
Koen Van Impe	87b22f363c	Move cfr-type-of-incident to meta	2021-01-28 12:25:39 +01:00
Koen Van Impe	23778666ba	RSIT Galaxy/Cluster	2021-01-28 10:03:12 +01:00
StefanKelm	fb35646406	Update threat-actor.json ... Lazarus	2021-01-26 14:38:37 +01:00
Thomas Dupuy	f964514ec5	Add HyperBro in tools	2021-01-20 13:44:28 -05:00
Thomas Dupuy	9df95031a7	Update ZxShell tool.	2021-01-20 13:27:51 -05:00
StefanKelm	a131a7ce98	Update threat-actor.json ... Lazarus	2021-01-20 17:43:18 +01:00
Alexandre Dulaunoy	3c19c7c1e5	Merge pull request #617 from danielplohmann/patch-4 ... merge COVELLITE into Lazarus Group	2021-01-17 16:05:13 +01:00
Daniel Plohmann	ca66fcd93a	merge COVELLITE into Lazarus Group ... I would propose to move COVELLITE as tracked by Dragos as an alias into Lazarus Group and merge the references. Dragos' own description states that it refers to the same group as "Lazarus" and "Hidden Cobra" in that infrastructure and tools are the same: https://www.dragos.com/threat-activity-groups/ - the entry in MISP's threat actor library also reflects that.	2021-01-17 15:07:26 +01:00
Rony	91e87cf82c	Update threat-actor.json ... Don't know how StarCraft	2021-01-17 12:21:34 +05:30
Daniel Plohmann	edcc3c0bc1	merging ScarCruft->APT37 ... I would like to propose merging entry "ScarCruft" into "APT37". It really just seems like a redundancy, as both its aliases "Operation Daybreak" and "Operation Erebus" are already present for "APT37", along alias "StarCruft", which just seems to be a less popular variation of the name ("StarCruft" 3.2k google hits vs "ScarCruft" 31.5k google hits). The references of the entry can be fully merged as well - they do not overlap so far.	2021-01-15 18:52:49 +01:00
Alexandre Dulaunoy	2b356a9eb0	chg: [threat-actor] UNC2452/DarkHalo added - ref. #614	2021-01-12 07:01:36 +01:00
Alexandre Dulaunoy	184d57f0a2	chg: [ransomware] Babuk Ransomware added	2021-01-05 19:11:28 +01:00
Alexandre Dulaunoy	4454b58743	chg: [ransomware] RegretLocker added	2020-12-30 14:14:09 +01:00
Rony	3240aa819f	Update threat-actor.json	2020-12-14 11:54:41 +05:30
Rony	2ffb77b35b	BISMUTH	2020-12-14 10:41:15 +05:30
Alexandre Dulaunoy	ac86ebd5f6	Merge pull request #609 from StefanKelm/master ... Update threat-actor.json	2020-12-09 22:16:49 +01:00
Delta-Sierra	ebd31b7376	add BazarBackdoor	2020-12-09 16:42:32 +01:00
Delta-Sierra	d3a9cf742a	add RansomEXX	2020-12-09 16:32:02 +01:00
Delta-Sierra	3daaa30aed	Merge https://github.com/MISP/misp-galaxy	2020-12-07 16:20:36 +01:00
StefanKelm	5dc92995f6	Update threat-actor.json ... DeathStalker, Mabna	2020-12-04 11:43:06 +01:00
StefanKelm	4fee985b5e	Update threat-actor.json ... Turla	2020-12-03 13:05:14 +01:00
StefanKelm	72e085aba9	Update threat-actor.json ... OceanLotus	2020-12-02 11:44:29 +01:00
StefanKelm	15b5f4c881	Update threat-actor.json ... APT27	2020-11-30 11:49:23 +01:00
Delta-Sierra	e81d3c63d5	Merge https://github.com/MISP/misp-galaxy	2020-11-27 12:47:20 +01:00
Christophe Vandeplas	9a731470d3	chg: [att&ck] update to latest MITRE ATT&CK version	2020-11-25 07:45:48 +01:00
StefanKelm	da910c0c2e	Update threat-actor.json	2020-11-18 19:15:11 +01:00
Delta-Sierra	7af75bb222	add Darkside ransomware	2020-11-18 16:10:49 +01:00
StefanKelm	48ffaa8ce1	Update threat-actor.json ... Lazarus	2020-11-18 12:10:23 +01:00
snurilov	44e9da1390	Add ConfuserEx and Beds Protector .NET packers to tools.json cluster ... Add ConfuserEx and Beds Protector .NET packers to tools.json cluster	2020-11-11 23:09:03 -05:00
snurilov	3f4683d8a3	Update rat.json to include Iperius Remote ... Add Iperius Remote to the rat.json cluster.	2020-11-09 23:45:16 -05:00
StefanKelm	bf5bdeacb0	Update threat-actor.json ... OceanLotus	2020-11-09 14:39:55 +01:00
StefanKelm	41a7a36317	Update threat-actor.json ... Kimsuky	2020-11-02 17:30:25 +01:00
Rony	333e55fbeb	remove duplicate!	2020-11-02 14:18:49 +05:30
Rony	000cfa68a8	Update threat-actor.json ... Added TRACER KITTEN, FIN11, UNC1878, Operation Skeleton Key	2020-11-02 13:51:08 +05:30
Deborah Servili	28784683db	Merge branch 'main' into master	2020-10-30 16:17:27 +01:00
Delta-Sierra	88bbf8851c	jq	2020-10-30 16:14:02 +01:00
Delta-Sierra	be672b8d3a	update microsoft activity groups	2020-10-30 14:53:20 +01:00
Alexandre Dulaunoy	5d31753e6a	chg: [cryptominer] updated	2020-10-30 09:48:08 +01:00
Alexandre Dulaunoy	24f05749f0	Merge branch 'master' of https://github.com/enhanced/misp-galaxy into enhanced-master	2020-10-30 09:47:45 +01:00