MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity
2,367 Commits
6 Branches
46 Tags
42 MiB
Commit Graph

1559 Commits (aeb57194485cb9fa8483b6bc21308d44e921ff75)

Author SHA1 Message Date
Alexandre Dulaunoy 0cb36249a4
chg: [jq] all the things 2020-06-12 09:26:30 +02:00
Rony 29be5ac7e1
fixed typo! 2020-06-12 00:09:59 +05:30
Rony 9365bfb7cd
Adding GALLIUM Threat Actor 2020-06-11 23:42:35 +05:30
StefanKelm f042f98247
Update threat-actor.json 
Higaisa
 2020-06-08 14:09:39 +02:00
StefanKelm 9c25d5e8c5
Update threat-actor.json 
Cycldek
 2020-06-04 17:18:45 +02:00
Alexandre Dulaunoy 3867b1f602
Merge pull request #552 from danielplohmann/reference-fixes 
Reference fixes
 2020-05-29 09:26:05 +02:00
Alexandre Dulaunoy 2a074f23fd
chg: [preventive-measure] packet filtering added 2020-05-27 10:02:16 +02:00
Daniel Plohmann (jupiter) a705d1402f fixing deadlinks where possible 2020-05-27 09:49:58 +02:00
Daniel Plohmann (jupiter) 171f272a1e default to HTTPS to be consistent with other links to same page 2020-05-27 09:27:52 +02:00
Alexandre Dulaunoy 8a0a4cb02d
Merge pull request #551 from nyx0/master 
Add CrackMapExec, metasploit, Cobalt Strike and Covenant
 2020-05-27 09:10:08 +02:00
Thomas Dupuy 291fb41502 Remove duplicate TA (Chafer), fix symantec link, add synonyme for DarkHotel 2020-05-26 09:50:43 -04:00
Thomas Dupuy 143bd521be Add CrackMapExec, metasploit, Cobalt Strike and Covenant 2020-05-26 09:35:01 -04:00
Rony fbd351590a
Update threat-actor.json 2020-05-24 23:18:54 +05:30
Rony 5f8094d16f
fix 2020-05-24 23:14:43 +05:30
Alexandre Dulaunoy b5bbc34f5d
chg: [threat-actor] remove the non-unique elements 2020-05-22 14:01:32 +02:00
Nils Kuhnert fbfe9d23c3
Merged (most) SecureWorks threat actor profiles && jq 2020-05-22 13:45:29 +02:00
iglocska dee9a56460
fix: small fixes to the bhadra framework 2020-05-19 16:45:40 +02:00
iglocska 43703f1a96
new: added Bhadra framework for mobile attacks 
- based on the paper published here: https://arxiv.org/pdf/2005.05110.pdf
- thanks to the ATT&CK EU community conference speakers highlighting this framework!
 2020-05-19 16:34:59 +02:00
Alexandre Dulaunoy 006b61bc44
Merge pull request #547 from Delta-Sierra/master 
add Snake Ransomware
 2020-05-15 17:55:47 +02:00
Deborah Servili b943a7daca
fix missing description 2020-05-15 09:00:34 +02:00
Deborah Servili 6d6da39da4
add Snake Ransomware 2020-05-13 11:58:33 +02:00
Daniel Plohmann 5101c5a828
msft name: BORON for APT3 
as per tweet: https://twitter.com/bkMSFT/status/1259578051962306562
 2020-05-11 15:37:38 +02:00
Alexandre Dulaunoy 09429eda5a
chg: [ta] fix the JSON 2020-05-11 10:20:10 +02:00
Thomas Dupuy fc9505cadf Add Sednit's Exploit-kit Sedkit 2020-05-08 13:29:14 -04:00
Thomas Dupuy 69fe870803 Add Higaisa Threat Actor 2020-05-08 13:01:48 -04:00
Deborah Servili 1d331a9ab1
Merge branch 'master' into master 2020-04-28 15:19:38 +02:00
Thomas Dupuy 46a6d9fcb1 Add DenesRAT/METALJACK 2020-04-28 01:08:50 -04:00
Alexandre Dulaunoy 2a70893352
chg: [jq] JSON fixed 2020-04-27 15:03:25 +02:00
de Rosen a428ad565e Added misp info 2020-04-27 15:16:33 +03:00
Deborah Servili f6fd07fbc9
add speculoos bakdoor 2020-04-27 09:36:23 +02:00
Alexandre Dulaunoy 86157a6b96
Merge pull request #539 from r0ny123/MergingTA 
Adding alias Thallium and merging STOLEN PENCIL
 2020-04-26 21:16:56 +02:00
Rony 112f9e4a08
Adding alias Thallium and merging STOLEN PENCIL 
Pretty much confirmed from the crowdstrike talk at ATT&CKon 2.0.
And also Netscout named the campaign as STOLEN PENCIL.
 2020-04-26 23:47:37 +05:30
Alexandre Dulaunoy de71a444f8
chg: [json] add missing comma 2020-04-26 14:23:59 +02:00
rvs1st d449eb94fc
Update threat-actor.json 
Added on line 1403: Trident per campaign malicious RTF documents to exploit CVE-2017-11882 and CVE-2012-0158
 2020-04-24 09:03:58 -05:00
Alexandre Dulaunoy 4234d44052
Merge pull request #537 from danielplohmann/patch-28 
Adding Nazar APT as described by JAGS in his OPCDE talk yesterday.
 2020-04-24 15:33:47 +02:00
Daniel Plohmann 858621ebdc
Adding Nazar APT as described by JAGS in his OPCDE talk yesterday. 2020-04-23 15:47:35 +02:00
Daniel Plohmann b0f0bbae33
adding VOYEUR as alias (used by NSA) for MAGIC KITTEN (source reference included) 2020-04-23 14:52:08 +02:00
Deborah Servili 6b49d81b13 Merge branch 'master' of https://github.com/MISP/misp-galaxy 2020-04-23 10:06:04 +02:00
itayc0hen 667d5b8850 Add ItaDuke/DarkUniverse actor 2020-04-22 19:44:38 +03:00
pnx@pyrite 974ece3a7c adding FIN1 2020-04-20 14:20:22 +02:00
Rony aa34775390
typo 
thanks to @patricksvgr
 2020-04-19 23:17:44 +05:30
Rony ddfa280672
Update threat-actor.json 2020-04-19 23:06:57 +05:30
Rony 7ac2648dbc
more fix 2020-04-19 23:00:42 +05:30
Rony 573b4807ee
fix broken links 2020-04-19 16:03:21 +05:30
Rony 42a4820823
dead link 2020-04-19 11:45:45 +05:30
Rony 0aa34187e9
add link 2020-04-19 11:29:36 +05:30
Rony d6bf42254f
Merging APT23 & Tropic Trooper 2020-04-18 13:22:25 +05:30
Rony c161080175
Update threat-actor.json 2020-04-15 21:36:48 +05:30
Deborah Servili e8edc9cafc Merge branch 'master' of https://github.com/MISP/misp-galaxy 2020-04-15 11:27:01 +02:00
Deborah Servili b01e64eb1f
add Operation Shadow Forece 2020-04-08 14:53:19 +02:00
Daniel Plohmann aba625dee5
removed duplicate entry 2020-04-07 08:49:33 +02:00
Daniel Plohmann e15a4a6525
fixing/removing some more dead links 2020-04-06 15:25:22 +02:00
Deborah Servili 7859c8dbd7
Add coronavirus ransomware 2020-04-03 16:19:45 +02:00
Deborah Servili 8a3422acb4
add Pyta ransomnotes 2020-04-03 11:58:02 +02:00
Deborah Servili c566c89f2a
add pyza ransomware 2020-03-27 14:22:34 +01:00
Alexandre Dulaunoy c7104e8819
chg: [country] jq all 2020-03-23 13:09:14 +01:00
iglocska 777c3188db
new: [country] galaxy added 2020-03-23 12:10:16 +01:00
Alexandre Dulaunoy 35a57c36bf
Merge pull request #526 from Delta-Sierra/master 
PARINACOTA group
 2020-03-12 23:23:05 +01:00
Deborah Servili a706b8ef2e
PARINACOTA group 2020-03-12 13:11:46 +01:00
Alexandre Dulaunoy e37f320df5
Merge pull request #523 from danielplohmann/patch-24 
adding aliases MERCURY, HOLMIUM
 2020-03-09 21:56:27 +01:00
Daniel Plohmann ab49ef3c1a
Kimsuki -> Black Banshee 
PWC refers to Kimsuki as Black Banshee (https://www.pwc.co.uk/issues/cyber-security-data-privacy/research/tracking-kimsuky-north-korea-based-cyber-espionage-group-part-2.html)
 2020-03-09 18:20:56 +01:00
Daniel Plohmann 1260ab156a
adding aliases MERCURY, HOLMIUM 
Muddywater->MERCURY: https://twitter.com/moranned/status/1234071210822184960
APT33->HOLMIUM: https://www.zdnet.com/article/microsoft-notified-10000-victims-of-nation-state-attacks/
 2020-03-09 08:50:08 +01:00
Alexandre Dulaunoy e81c91e3e9
Merge pull request #522 from Delta-Sierra/master 
add sdbbot
 2020-03-06 15:24:14 +01:00
Deborah Servili b007d5d3ce
add SdBbot 2020-03-06 14:33:19 +01:00
Alexandre Dulaunoy a407ddcc5b
Merge branch 'master' of github.com:MISP/misp-galaxy 2020-03-05 10:49:15 +01:00
Alexandre Dulaunoy 375db26505
chg: [malpedia] fixes 2020-03-05 10:48:28 +01:00
Alexandre Dulaunoy 4a64d0a4ad
Merge pull request #519 from danielplohmann/crowdstrike2020report 
adding new/updated threat actor names from CrowdStrike 2020 report
 2020-03-05 09:07:16 +01:00
Corsin Camichel 66aa5c3b13
fixing a comma error 2020-03-04 21:13:01 +01:00
Daniel Plohmann (jupiter) 0c2b0b76eb while we are at it, we can also do Longhorn = APT-C-39 2020-03-04 21:09:06 +01:00
Corsin Camichel a5a7c21c79
adding Raccoon (win.raccoon) 2020-03-04 21:02:51 +01:00
Daniel Plohmann (jupiter) 184f193342 IMPERIAL KITTEN as alias for Tortoiseshell 2020-03-04 19:39:14 +01:00
pnx@pyrite 3dc460e795 adding new/updated threat actor names from CrowdStrike 2020 report 2020-03-04 13:36:34 +01:00
Daniel Plohmann dc059d1f4d
Accenture calls APT32 - "POND LOACH" 2020-03-03 19:40:50 +01:00
Deborah Servili d8ea0f865c
add clop ransomware extension 2020-03-02 13:33:38 +01:00
Alexandre Dulaunoy b4b91b1e5d
chg: [threat-actor] JSON fixed 2020-02-28 16:37:24 +01:00
Alexandre Dulaunoy 4c7532984a
Merge branch 'master' of https://github.com/nyx0/misp-galaxy into nyx0-master 2020-02-28 16:36:56 +01:00
Deborah Servili 0d4745d55f Merge branch 'master' of https://github.com/MISP/misp-galaxy 2020-02-28 11:38:20 +01:00
Deborah Servili a61f8d7049
add extension to clop ransomware 2020-02-28 11:37:54 +01:00
Alexandre Dulaunoy ee63756cc5
Merge pull request #516 from rmkml/master 
add MedusaLocker ransomware
 2020-02-23 16:06:45 +01:00
rmkml 590e292b68 add MedusaLocker ransomware 2020-02-23 16:01:45 +01:00
Deborah Servili 29bf20e89b
add razor ransomware 2020-02-19 15:55:29 +01:00
Thomas Dupuy 0daeb675f5 Add InvisiMole cluster 2020-02-18 13:28:32 -05:00
Alexandre Dulaunoy c98093e6fe
Merge pull request #513 from danielplohmann/patch-20 
adding APT-C-12
 2020-02-13 21:56:34 +01:00
Daniel Plohmann e481e9bb50
adding APT-C-12 2020-02-13 17:44:45 +01:00
Deborah Servili f196bad4a1
add tools used by TA505 + others 2020-02-12 15:39:16 +01:00
Deborah Servili 66a721fcd3 Merge branch 'master' of https://github.com/MISP/misp-galaxy 2020-02-12 15:00:30 +01:00
Deborah Servili b46f9b68fe
add warzone RAT 2020-02-06 13:39:58 +01:00
Alexandre Dulaunoy 33aa1c8f3f
Merge pull request #510 from Delta-Sierra/master 
add ransomwares
 2020-02-06 09:53:19 +01:00
Deborah Servili 46fe9cb82b
add ransomwares 2020-02-06 09:29:33 +01:00
Rony 22c9badee0
Update threat-actor.json 
those are the name of aliases of the same malware family sykipot. so removing it.
 2020-02-05 18:00:31 +05:30
Deborah Servili 5da17d51aa
Merge branch 'master' into master 2020-01-24 09:33:33 +01:00
Deborah Servili 606e3ec90f
jq 2020-01-24 09:32:09 +01:00
Alexandre Dulaunoy 6d078a88dd
chg: [ransomware] Nodera ransomware added 2020-01-24 09:04:38 +01:00
Deborah Servili 58415324c5
add Operation Wocao 2020-01-24 08:27:20 +01:00
Thomas Dupuy edc5196373 Add Attor and DePriMon 2020-01-23 11:27:00 -05:00
Daniel Plohmann ccfe5ee130
removing and fixing deadlinks in the best possible way 
Hi! While migrating Malpedia to our new reference data format, we noticed a few potentially dead/moved references in your cluster. This pull request should fix most of them, for some I was not able to find an appropriate replacement.
 2020-01-23 11:14:20 +01:00
Daniel Plohmann 29a128da6f
adding references and TEMP.MixMaster as alias for WIZARD SPIDER 
with kudos to @tbarabosch
 2020-01-22 15:42:01 +01:00
Alexandre Dulaunoy 911c2bf0bf
Merge pull request #504 from Delta-Sierra/master 
update target location galaxy
 2020-01-21 11:06:56 +01:00
Deborah Servili 8421bde291
complete Zimbabwe cluster 2020-01-21 10:51:07 +01:00
Deborah Servili f364e51d24
update target location galaxy 2020-01-20 14:46:03 +01:00
Alexandre Dulaunoy dbaab413b6
chg: [threat-actor] typo fixed 2020-01-18 17:30:27 +01:00
Alexandre Dulaunoy 564f27c5ca
chg: [threat-actor] format fixed 2020-01-18 17:26:45 +01:00
Alexandre Dulaunoy 34c5c66279
chg: [threat-actor] fix order 2020-01-18 17:08:32 +01:00
Alexandre Dulaunoy 8eeceafc51
chg: [threat-actor] Budminer APT added based on document from "Soesanto, Stefan" 
Ref: https://www.research-collection.ethz.ch/bitstream/handle/20.500.11850/389371/1/Cyber-Reports-2020-01-A-one-sided-Affair.pdf
Ref: https://www.symantec.com/connect/blogs/taiwan-targeted-new-cyberespionage-back-door-trojan
 2020-01-18 17:02:44 +01:00
StefanKelm 027d94e68a
Update ransomware.json 2020-01-16 16:59:22 +01:00
StefanKelm f53a92065c
Update ransomware.json 
5ss5c
 2020-01-16 16:46:38 +01:00
Deborah Servili 5ec817b499
Merge branch 'master' into master 2020-01-15 14:36:01 +01:00
Deborah Servili 32961527aa
add Autochk Rootkit as tool 2020-01-15 13:41:53 +01:00
Deborah Servili bfcc867ee6
add two wipers to tools 2020-01-14 15:54:06 +01:00
Alexandre Dulaunoy 3c90322fd8
Merge pull request #500 from Delta-Sierra/master 
update target information
 2020-01-08 16:22:24 +01:00
StefanKelm 5832893d4f
Update tool.json 
LiquorBot
 2020-01-08 16:04:22 +01:00
Deborah Servili 53df69a1eb
update target information 2020-01-08 15:50:47 +01:00
StefanKelm bf4fc92066
Update tool.json 
Lampion
 2020-01-07 13:14:08 +01:00
Alexandre Dulaunoy 5da0c7bd54
chg: [threat-actor] SideWinder APT group added 2020-01-07 10:42:07 +01:00
StefanKelm 9b6f9136f9
Update threat-actor.json 2020-01-03 12:50:49 +01:00
StefanKelm 9373cfcb53
Update threat-actor.json 
BRONZE PRESIDENT
 2020-01-03 12:42:57 +01:00
Rony 6b1142abac
Update threat-actor.json 2019-12-23 22:05:28 +05:30
Alexandre Dulaunoy be4f9e01a0
Merge pull request #496 from bartblaze/patch-1 
Update threat-actor.json
 2019-12-20 08:23:30 +01:00
Bart 8ebb2e2d16
Update threat-actor.json 
Adds Operation Wocao..
 2019-12-19 21:42:02 +01:00
Deborah Servili 34340372b3
add clop ransomware 2019-12-19 17:19:18 +01:00
Deborah Servili b8c332a055
jq 2019-12-16 14:08:34 +01:00
Deborah Servili c876928abd Merge branch 'master' of https://github.com/MISP/misp-galaxy 2019-12-16 13:36:56 +01:00
Deborah Servili ee38ec7220
add BitPaymer Synonsyms 2019-12-16 13:36:00 +01:00
Deborah Servili 47e0d00555
Merge pull request #493 from Delta-Sierra/master 
add tools used by GALLIUM
 2019-12-13 15:35:29 +01:00
Deborah Servili 0fc9045ef2
add tools used by GALLIUM 2019-12-13 15:06:00 +01:00
Alexandre Dulaunoy 9f56a91013
Merge pull request #492 from Delta-Sierra/master 
Operation Soft Cell ralated Updates
 2019-12-13 13:35:52 +01:00
Deborah Servili 03c54a3e05
add GALLIUM as microsoft activities group and similar to Operation Soft Cell 2019-12-13 11:47:31 +01:00
Deborah Servili 3be47af325
update threat actor version 2019-12-13 11:04:51 +01:00
Deborah Servili 9b153913be
add relation suspected link between operation soft cell and apt10 2019-12-13 10:59:06 +01:00
Sebastian Wagner c3b5b39dd3
sofacy: add apt_sofacy as synonym 2019-12-12 15:57:13 +01:00
Deborah Servili 170f964e8c
##COMMA## 2019-12-11 14:22:09 +01:00
Deborah Servili 7e18f2e509
Merge branch 'master' into master 2019-12-11 13:51:52 +01:00
Deborah Servili 391b5a674d
add Axiom synonym 2019-12-11 13:50:35 +01:00
Alexandre Dulaunoy 8da36c09e1
chg: [threat-actor] jq 2019-12-08 09:03:14 +01:00
Daniel Plohmann 94b3c1ec07
added APT-C-34 / Golden Falcon 2019-12-07 12:44:30 +01:00
Deborah Servili 31f3a61d5f
add Sofacy ref 2019-12-05 15:42:42 +01:00
Alexandre Dulaunoy 8e73612b09
Merge pull request #488 from Delta-Sierra/master 
create new galaxy - surveillance-vendor
 2019-12-05 14:48:44 +01:00
Deborah Servili df1cbf8dce
add clusters to surveillance-vendor galaxy 2019-12-05 12:06:10 +01:00
Deborah Servili ad5b915175
Fix surveillance-vendor galaxy 2019-12-05 11:09:38 +01:00
Deborah Servili 12530db5a8
Add FlexiSPY + jq 2019-12-05 10:05:21 +01:00
Deborah Servili a049009453
add new galaxy - surveillance-vendor 2019-12-04 16:22:58 +01:00
Deborah Servili 2e82cd4fd7
add Private Internet Access as Tool 2019-12-04 16:22:22 +01:00
Alexandre Dulaunoy 5f020307f3
Merge pull request #485 from danielplohmann/patch-15 
added TA2101
 2019-12-03 22:36:49 +01:00
Daniel Plohmann bd3cc6d8ee
added TA2101 2019-12-03 18:13:44 +01:00
Jean-Louis Huynen 100299f3fd
add: [dark-pattern] add a source 2019-12-03 17:09:57 +01:00
Jean-Louis Huynen 44a9897f2a
add: [dark-pattern] galaxy to tag dark patterns 2019-12-03 16:26:29 +01:00
Alexandre Dulaunoy 2659d864d6
chg: [ransomware] jq ;-) 2019-11-22 22:41:01 +01:00
rmkml 64f100e578
Merge branch 'master' into master 2019-11-22 22:32:24 +01:00
rmkml 81cef767aa Fix Add FTCode Ransomware 2019-11-22 22:27:20 +01:00
rmkml eee9beca0f Add FTCode Ransomware 2019-11-22 21:16:40 +01:00
Deborah Servili 34faa63070
jq 2019-11-22 15:41:51 +01:00
Deborah Servili ba830c905d
add cyborg ransomnote refs 2019-11-22 15:36:49 +01:00
Deborah Servili 757c3d6480
add cyborg ransomnote filename 2019-11-22 15:35:58 +01:00
Deborah Servili 2009a9c45c
add cyborg ranspmware extension 2019-11-22 15:30:17 +01:00
Deborah Servili cab60a02e2
jq 2019-11-22 14:15:29 +01:00
Deborah Servili 08a4897cbe
add DePriMon malicious downloader & Cyborg ransomware 2019-11-22 14:05:36 +01:00
Alexandre Dulaunoy 8cc5e02f22
chg: [clean-up] jq all the things 2019-11-21 17:19:39 +01:00
Deborah Servili 38641aae36
merge 2019-11-21 16:24:11 +01:00
Deborah Servili f21dd95b28
merge 2019-11-21 16:23:29 +01:00
Alexandre Dulaunoy 8240fe1722
Merge pull request #480 from rmkml/master 
Add Maze Ransomware
 2019-11-21 14:13:17 +01:00
Deborah Servili 1a0dd2292b
add silence synonym & new meta field spoken-language 2019-11-21 11:50:02 +01:00
rmkml 90bc667988 Add Maze Ransomware 2019-11-21 00:57:50 +01:00
rmkml 9410326ea2 Revert "Add Maze Ransomware" 
This reverts commit cfc6e2802c.
 2019-11-21 00:55:55 +01:00
rmkml cfc6e2802c Add Maze Ransomware 2019-11-19 23:15:02 +01:00
Alexandre Dulaunoy 5dc55fbbfb
Merge pull request #477 from rmkml/master 
Add Desync Ransomware
 2019-11-19 06:40:31 +01:00
rmkml ac4099ed0e Add Desync Ransomware 2019-11-18 23:37:21 +01:00
Deborah Servili 5f65e8d208
traget information update [WIP] 2019-11-14 15:07:08 +01:00
StefanKelm aa132ca58f
new refs for APT33 2019-11-14 14:57:05 +01:00
Alexandre Dulaunoy ea18f6e920
Merge pull request #475 from Delta-Sierra/master 
target information update [WIP]
 2019-11-13 20:43:03 +01:00
Deborah Servili 08cdc4cac3
jq 2019-11-13 15:56:23 +01:00
Deborah Servili 985c4b2459
traget information update [WIP] 2019-11-13 15:55:32 +01:00
Alexandre Dulaunoy eea0f528fa
chg: [threat-actor] Lucky Mouse synonym added 
Ref: https://www.bleepingcomputer.com/news/security/cyber-espionage-group-customizes-old-public-tools/
Ref: https://www.cybersecurity-insiders.com/apt-lucky-mouse-group-targets-canada-icao-via-cyber-attack/
 2019-11-12 12:51:44 +01:00
Raphaël Vinot 1486890f86 fix: JQ all the things. 2019-11-12 10:25:00 +01:00
Alexandre Dulaunoy 871d90cfc2
chg: [threat-actor] Calypso group added 
Ref: https://www.ptsecurity.com/upload/corporate/ru-ru/analytics/calypso-apt-2019-rus.pdf
MISP UUID: 5ca4718b-7f38-4822-83b7-0a1a0a00b412
 2019-11-11 13:34:54 +01:00
Deborah Servili e310b98bc0
add Palestine PPound 2019-11-07 08:44:49 +01:00
Deborah Servili 50022d3905 Merge branch 'master' of https://github.com/MISP/misp-galaxy 2019-11-07 08:34:05 +01:00
Alexandre Dulaunoy ea8c1dd764
Merge pull request #472 from rmkml/master 
Add DoppelPaymer Ransomware
 2019-11-06 20:48:33 +01:00
rmkml 9707a5eb0e Add DoppelPaymer Ransomware 2019-11-06 20:41:43 +01:00
Deborah Servili 1a62f7c2cd
jq 2019-11-06 16:23:34 +01:00
Deborah Servili 5b6aae5d1c
update target location WIP 2019-11-06 16:21:10 +01:00
Alexandre Dulaunoy 2d1406b4d6
Merge pull request #471 from rmkml/master 
Add FreeMe Ransomware
 2019-11-06 06:36:53 +01:00
rmkml 656d90fd7c Add FreeMe Ransomware 2019-11-05 23:09:48 +01:00
Alexandre Dulaunoy d9a64c18ff
chg: [threat-actor] threat-actor-classification updated 2019-11-04 09:37:52 +01:00
Alexandre Dulaunoy 6f463325b9
chg: [threat-actor] jq is jq 2019-11-03 16:01:09 +01:00
Alexandre Dulaunoy 64a3569803
Merge branch 'master' of github.com:MISP/misp-galaxy 2019-11-03 08:52:37 +01:00
Alexandre Dulaunoy 8d01e77574
chg: [threat-actor] Operation WizardOpium added 
ref: https://securelist.com/chrome-0-day-exploit-cve-2019-13720-used-in-operation-wizardopium/94866/
 2019-11-03 08:51:37 +01:00
Alexandre Dulaunoy 346e54a321
Merge pull request #468 from Delta-Sierra/master 
add Turla Group Symonym variant
 2019-11-02 13:40:21 +01:00
Deborah Servili 1da2dc8af1
add Turla Group Symonym variant 2019-10-31 16:33:32 +01:00
Deborah Servili efa2f43c0f
Merge pull request #467 from Delta-Sierra/master 
Few updates
 2019-10-31 14:31:16 +01:00
Deborah Servili bee9b80898
jq 2019-10-31 10:37:36 +01:00
Deborah Servili 0a8f989e1c
add Winnti related tools etc. 2019-10-31 10:36:15 +01:00
Christophe Vandeplas d32022b241 fix: [attack] fixes old MITRE relationships not being removed 2019-10-27 21:06:26 +01:00
Christophe Vandeplas 4ab9bbbfa3 chg: [attack] update to latest ATT&CK data 2019-10-25 10:12:41 +02:00
Alexandre Dulaunoy 1581827875
chg: [attck4fraud] jq all the things 2019-10-20 20:07:29 +02:00
Christophe Vandeplas eb594cba0f fix: [misinfosec] fixes inconsistent filename 2019-10-20 18:53:02 +02:00
Alexandre Dulaunoy 2b84592ff5
Merge branch 'master' of github.com:MISP/misp-galaxy 2019-10-18 14:28:41 +02:00
Alexandre Dulaunoy 77605f8d43
chg: [attck4fraud] updates based on issue #466 2019-10-18 14:27:36 +02:00
Rony 1fc0f5e2e7
Update threat-actor.json 2019-10-17 09:46:56 +05:30
Deborah Servili 88025a541f
add operation soft cell 2019-10-14 16:07:35 +02:00
mokaddem 4d4bd3a70c fix: [misinfosec] fixed kill_chain fields 2019-10-09 09:45:52 +02:00
VVX7 e4998efec9 chg: [galaxy] added AMITT galaxy/cluster generator script 2019-10-08 13:52:08 -04:00
VVX7 a0357c735e chg: [galaxy] version number to int 2019-10-07 19:19:45 -04:00
VVX7 0a29445b44 new: [galaxy] AMITT (Adversarial Misinformation and Influence Tactics and Techniques) framework for describing disinformation incidents. AMITT is part of misinfosec - work on adapting information security practices to help track and counter misinformation - and is designed as far as possible to fit existing infosec practices and tools. 2019-10-07 19:07:25 -04:00
Deborah Servili c27385cfa4
jq 2019-10-07 14:38:16 +02:00
Deborah Servili 5355910a8f
add legitimate tools 2019-10-07 13:38:40 +02:00
Deborah Servili 19452d8c1f Merge branch 'master' of https://github.com/MISP/misp-galaxy 2019-10-07 11:07:00 +02:00
Deborah Servili 569d453ff2
update version 2019-10-07 11:06:27 +02:00
Deborah Servili 0795eecd01
add PlugX rat sysnonyms 2019-10-07 11:04:33 +02:00
Alexandre Dulaunoy ac8236d16d
chg: [misp-galaxy] jq all the things 2019-10-03 14:46:07 +02:00
Alexandre Dulaunoy 9e82b025b5
chg: [tool] COMPfun - Reductor added 
Ref: https://securelist.com/compfun-successor-reductor/93633/
 2019-10-03 14:25:44 +02:00
Deborah Servili cb774002c9
add Sodinokibi synonym 2019-10-02 11:44:54 +02:00
Deborah Servili 82824be700
fix empty string 2019-09-30 12:55:31 +02:00
Deborah Servili b7c9d3e034
jq 2019-09-30 11:56:28 +02:00
Deborah Servili fca032ea73
add TVSPY tool 2019-09-30 10:45:53 +02:00
Deborah Servili f6c075c3df
WIP update target info 2019-09-27 16:22:01 +02:00
Deborah Servili c305640290
new galaxy - Region based on UN M49 2019-09-26 13:01:41 +02:00
Deborah Servili d0068b0ce0
WIP update target info 2019-09-25 15:39:02 +02:00
Deborah Servili a4b59f647c
jq 2019-09-25 13:41:55 +02:00
Deborah Servili 335402c886 Merge branch 'master' of https://github.com/MISP/misp-galaxy into target-location-galaxy 2019-09-25 13:39:33 +02:00
Deborah Servili bb3f9dc183
WIP update target info - fix empty string 2019-09-25 13:31:46 +02:00
Alexandre Dulaunoy 309109eb27
chg: [threat-actor] new LookBack (Malware?Campaign?TA?) 
Signed-off: During MISP training
 2019-09-25 12:12:34 +02:00
Deborah Servili 9068e3c742
WIP update target info 2019-09-25 11:46:10 +02:00
Alexandre Dulaunoy a5ae130916
chg: [threat-actor] Evil Eye and POISON CARP 
Ref: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/
Signed-off: Jean-Louis during training session
 2019-09-25 11:27:03 +02:00
Deborah Servili 83ee520dd5
WIP update target info 2019-09-25 09:44:34 +02:00
Deborah Servili 638cdd4198
version update 2019-09-20 14:54:56 +02:00
Deborah Servili b9b4b9c651
Add Tortoiseshell thrat actor 2019-09-20 14:53:25 +02:00
Deborah Servili 6d88367497
moar clusters 2019-09-20 09:50:37 +02:00
Alexandre Dulaunoy 42f457fc22
Merge pull request #457 from rmkml/master 
Add Mr.Dec Ransomware
 2019-09-17 10:17:11 +02:00
rmkml 5631d210a0 Add Mr.Dec Ransomware 2019-09-17 00:44:56 +02:00
Alexandre Dulaunoy cc134d7dff
Merge pull request #456 from rmkml/master 
Add Hildacrypt Ransomware
 2019-09-15 18:24:03 +02:00
rmkml dff982be20 Add Hildacrypt Ransomware 2019-09-14 21:49:16 +02:00
Alexandre Dulaunoy 55da11f8ba
Merge pull request #455 from rmkml/master 
Add InnfiRAT
 2019-09-14 08:16:35 +02:00
rmkml f907797d41 Add InnfiRAT 2019-09-14 00:08:54 +02:00
Deborah Servili 7e892eaa7d
update target information [draft] 2019-09-13 16:35:20 +02:00
Deborah Servili 2588df01cc
update target information 2019-09-12 16:22:11 +02:00
StefanKelm db2b5a13ef
Update threat-actor.json 
Silent Librarian
 2019-09-12 11:57:03 +02:00
Deborah Servili 1eb23bc55b
update target information 2019-09-12 11:10:41 +02:00
Deborah Servili 6c430ad21e
improve target-information 2019-09-11 16:32:29 +02:00
rmkml 7c89cb308c
Merge branch 'master' into master 2019-09-07 19:52:05 +02:00
rmkml dfc6321e0c Add AsyncRAT 2019-09-07 19:43:08 +02:00
Deborah Servili 718ea55dd7
Merge branch 'master' into master 2019-09-04 14:42:47 +02:00
Deborah Servili 9e3a998dfc
aff SectorJ04 group 2019-09-03 15:51:21 +02:00
Alexandre Dulaunoy 9690d070ab
Merge pull request #450 from rmkml/master 
Add Buran Ransomware
 2019-09-02 07:39:19 +02:00
rmkml 28ec696272 Add Buran Ransomware 2019-09-01 21:20:28 +02:00
Daniel Plohmann f40b7dd132
'SectorJ04 Group' as alias introduced by NSHC for TA505 
Not explicitly mentioned in the blog post but it looks like we just got an alias for TA505... https://threatrecon.nshc.net/2019/08/29/sectorj04-groups-increased-activity-in-2019/
 2019-09-01 15:46:36 +02:00
Alexandre Dulaunoy 9920461294
Merge pull request #448 from rmkml/master 
Add Nemty Ransomware
 2019-08-31 21:27:50 +02:00
rmkml e79310c861 Add Nemty Ransomware 2019-08-31 21:08:50 +02:00
Alexandre Dulaunoy c7e6a17a31
Merge pull request #447 from Delta-Sierra/target-location-galaxy 
improve more clusters
 2019-08-30 16:37:39 +02:00
Deborah Servili 5504c10e3d
improve more clusters 2019-08-30 16:32:02 +02:00
Alexandre Dulaunoy b986f06cb4
Merge pull request #446 from wagner-certat/tool-empty-strings 
Add test for empty strings
 2019-08-30 11:10:16 +02:00