MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity
2,378 Commits
4 Branches
41 Tags
278 MiB
Commit Graph

1568 Commits (ae7b7bd47de30db94a3742859cb4aceb9e05d653)

Author SHA1 Message Date
Alexandre Dulaunoy ae7b7bd47d
chg: [cmtmf-attack-pattern] various fixes to make JSON ok 2021-12-17 16:08:07 +01:00
Alexandre Dulaunoy 7b587710b1
Merge branch 'concordia_mtmf' of https://github.com/BennSaturn/misp-galaxy into BennSaturn-concordia_mtmf 2021-12-17 15:55:03 +01:00
Jürgen Löhel b81ac7f01d Adds DarkWatchman RAT 
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2021-12-17 07:20:58 -06:00
Delta-Sierra 78a8cf4ad2 add ESPecter Bootkit 2021-11-19 16:30:57 +01:00
Delta-Sierra c89623e945 add ESPecter bootkit 2021-11-16 08:17:37 +01:00
Christophe Vandeplas aeb5719448 chg: [att&ck] update to ATT&CK v10 2021-10-22 14:34:25 +02:00
Alexandre Dulaunoy ab41df7282
chg: [malpedia] remove duplicate 2021-10-20 12:24:12 +02:00
Alexandre Dulaunoy e517787e7c
chg: [malpedia] duplicates removed 2021-10-20 12:21:05 +02:00
Alexandre Dulaunoy 69f878c86f
fix: [malpedia] remove duplicate urls 2021-10-20 12:16:22 +02:00
Alexandre Dulaunoy da91f2abc2
chg: [malpedia] updated 2021-10-20 10:21:03 +02:00
marjatech d74fdb3e43
update malpedia 2021-10-19 16:21:19 +02:00
Bernardo Santos e74fcfe268 Update cmtmf-attack-pattern.json 
- update version
 2021-10-13 10:06:00 +02:00
Bernardo Santos 5f19983ba3 Update cmtmf-attack-pattern.json 
- Changes to cluster type
- Fix typo for privilege escalation tactic
 2021-10-13 09:57:03 +02:00
Bernardo Santos 49dfcca563 CONCORDIA MTMF - Initial version 
Initial version of the CONCORDIA Mobile Threat Modelling Framework for the CONCORDIA Project: https://www.concordia-h2020.eu/
 2021-10-12 10:54:06 +02:00
Bernardo Santos d09681b011 CONCORDIA MTMF - Initial version 
Initial version of the CONCORDIA Mobile Threat Modelling Framework for the CONCORDIA Project: https://www.concordia-h2020.eu/
 2021-10-12 10:45:03 +02:00
Jeroen Pinoy 9ec76ae185
Add threat actor common raven 2021-10-03 23:30:20 +02:00
Thomas Patzke 26f0c344a1 Added O365 techniques 
Source:
https://www.inversecos.com/2021/09/office365-attacks-bypassing-mfa.html
 2021-09-18 23:27:38 +02:00
Thomas Dupuy 1985de4d44 Add BLUELIGHT tool. 2021-08-27 10:28:06 +02:00
Thomas Dupuy 89a3f986ba Add InkySquid synonym. 2021-08-24 16:29:34 +02:00
Daniel Plohmann 3272960a14
fixed typo in actor name (CLOCKWORD -> CLOCKWORK SPIDER) 2021-08-19 06:02:40 +02:00
Rony 5dd0c7d8b3
chg: [threat-actor] add origin country to UNC2452 & HAFNIUM 
addressed https://github.com/MISP/misp-galaxy/pull/660#issuecomment-884475015
 2021-08-02 22:30:05 +05:30
Rony 636ccdedcd
Update threat-actor.json 2021-07-21 18:47:56 +05:30
Rony 9ecfecc063
another fix 2021-07-21 18:41:18 +05:30
Rony 32ea60d721
fix 2021-07-21 18:31:05 +05:30
Rony 52e7d5a0a9
multiple updates to apt40, apt31 & hafnium 2021-07-21 18:28:40 +05:30
Rony fb9a41f8e9
from Gov Canada & MFA Japan 2021-07-19 20:33:35 +05:30
Rony c90c60cb13
adding references for APT40 & APT31 2021-07-19 20:14:36 +05:30
Alexandre Dulaunoy 6c8949caa9
Merge pull request #658 from jasperla/oilrig 
merge APT34 with OilRig
 2021-07-03 08:56:39 +02:00
Deborah Servili b6005bd53f
Merge branch 'main' into master 2021-07-02 13:30:51 +02:00
Delta-Sierra 913aff30c3 Add NOBELIUM and related 2021-07-02 13:18:03 +02:00
Jasper Lievisse Adriaanse 792490298e merge APT34 with OilRig 
OilRig already has "APT 34" and "APT34" as synonyms. Additionally
MITRE has since combined them due to overlap in activity:
https://attack.mitre.org/groups/G0049/
 2021-06-29 20:26:04 +02:00
Alexandre Dulaunoy a5d7d85dc8
Merge pull request #657 from jloehel/add_matanbuchus 
[cluster][tool] Adds Matanbuchus
 2021-06-22 07:23:20 +02:00
Jürgen Löhel 254c201601
[cluster][tool] Adds Matanbuchus 
+ threat actor: BelialDemon

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2021-06-21 18:04:28 -05:00
Jürgen Löhel 381973f5de
[cluster][stealer] Adds HackBoss 
Fixes: #651

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2021-06-21 16:35:20 -05:00
Thomas Dupuy 772c5145c1 Added BackdoorDiplomacy and Gelsemium. 2021-06-11 11:48:57 -04:00
Rony 9a723b6261
more ta544 references 2021-05-26 20:26:27 +05:30
Rony db06e1fa4a
chg: [threat-actor] added cybercrime threat group profiles from Crowdstrike & Secureworks 2021-05-22 21:02:30 +05:30
Daniel Plohmann 433ea5cb45
Twisted Spider -> TWISTED SPIDER 
fair point
 2021-05-19 17:04:58 +02:00
Daniel Plohmann 9719122d27
adding Twisted Spider as alias for TA2101 (Maze) 2021-05-19 16:47:41 +02:00
Alexandre Dulaunoy a3cdbc1309
Merge pull request #650 from Still34/patches/alias-tick-1 
Add alias for Tick
 2021-05-07 23:23:38 +02:00
Still Hsu eb671f1e6a
Add Nian alias 
Signed-off-by: Still Hsu <dev@stillu.cc>
 2021-05-08 00:52:27 +08:00
Still Hsu fe7c0dab07
Add country origin for BlackTech 
Signed-off-by: Still Hsu <dev@stillu.cc>
 2021-05-08 00:32:39 +08:00
Daniel Plohmann 38b8bac51d
fixing broken/dead links 2021-05-04 20:15:17 +02:00
Alexandre Dulaunoy 6f7d3d5c2b
chg: [ransomware] COLT (Compromise to Leak Time) added on Darkside and Pysa 
"COLT – Compromise to Leak Time" - new meta colt-median/colt-average.

For reference: https://vulnerability.ch/2021/05/colt-compromise-to-leak-time/
 2021-05-03 07:41:43 +02:00
Alexandre Dulaunoy 7aaf25a424
new: [ransomware] Ragnarok added 2021-04-30 12:08:03 +02:00
Alexandre Dulaunoy 94ec98d544
Merge pull request #646 from r0ny123/update 
Updates to APT27 & Tick
 2021-04-29 18:29:53 +02:00
Christophe Vandeplas 86ee7008b2 chg: [att&ck] bump to latest ATT&CK version from MITRE 2021-04-29 18:12:36 +02:00
mokaddem 211a4b5145 fix: [ransomware] Related key should be outside metas 2021-04-26 13:48:06 +02:00
Rony 4ba2db0f3a FlatChestWare duplicate removed 2021-04-26 16:24:09 +05:30
Alexandre Dulaunoy ef9989dbe8
chg: [ransomware] duplicate removed 2021-04-26 12:06:03 +02:00