MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity
2,552 Commits
3 Branches
43 Tags
294 MiB
Commit Graph

1687 Commits (c1cfc19871ffa6a4a367ec21cd3b1572276ee3ea)

Author SHA1 Message Date
Sami Mokaddem 4242732af1
chg: jq all 2 2022-03-31 09:05:22 +02:00
Sami Mokaddem a9a09d11c6
chg: jq all 2022-03-31 08:59:36 +02:00
Mathieu Beligon c35fad3291 Add threat actor group Scarab 2022-03-28 12:11:34 +02:00
Alexandre Dulaunoy 94c3788089
Merge pull request #687 from Badis-dev/main 
Add galaxy and cluster cancer
 2022-03-25 10:04:46 +01:00
AgatheMgt aec779d1ee poatate 2022-03-24 09:43:58 -04:00
AgatheMgt 3ce6d7a313
Update handicap.json 2022-03-24 07:48:49 -04:00
AgatheMgt a6a16926f6
Create handicap.json 2022-03-24 07:08:08 -04:00
Daniel Plohmann 24a3f16ab4
adding threat actor group LAPSUS$ / DEV-0537. 2022-03-23 09:47:10 +01:00
Delta-Sierra 97690426bf update threat actors meta 2022-03-18 16:41:10 +01:00
Alexandre Dulaunoy 6f0208dcaf
chg: [ransomware] UUID fixed 2022-03-18 16:03:27 +01:00
Alexandre Dulaunoy ef5af37dbe
chg: [botnet] duplicate UUIDs replaced 2022-03-18 15:58:09 +01:00
Alexandre Dulaunoy c0a07d2246
chg: [ransomware] replace duplicate UUIDs 2022-03-18 15:57:06 +01:00
botlabsDev 6416d0b2de add Rook Ransomware, Pandora Ranomsware, Astro Locker, Mount Locker, Ripprbot, Abcbot Cyclops Blink and Elknot 2022-03-18 15:34:11 +01:00
Alexandre Dulaunoy 18069ce5f3
Merge pull request #688 from botlabsDev/patch-0 
Add tool 'BadPotato' to clusters/tool.json
 2022-03-15 12:30:47 +01:00
Alexandre Dulaunoy 7fd5715715
Merge pull request #691 from r0ny123/indian-adversaries 
Update to Indian Adversaries
 2022-03-15 12:28:16 +01:00
Rony eebda5f955
chg: [threat-actor] merging viceroy tiger and donot team & adding SectorE02 as an alias of Donot team 2022-03-15 15:02:57 +05:30
Rony ac72e7b639
fix 2022-03-15 14:00:46 +05:30
Rony 3b67e745e5
Update threat-actor.json 2022-03-15 13:57:00 +05:30
botlabsDev 99ab2a13d6 Add tool 'BadPotato' to clusters/tool.json 2022-03-14 18:02:02 +01:00
Badis-dev 231915f9a4 add galaxy and cluster cancer 2022-03-11 14:20:09 +01:00
Badis-dev 27241135a2
Add cancer.json 2022-03-11 11:26:57 +01:00
Badis-dev 78f1c9f345
Delete cancer.json 2022-03-11 11:26:30 +01:00
Badis-dev 1c707f7c5e
Add cancer cluster 2022-03-11 11:13:57 +01:00
Delta-Sierra 957327383d fix array 2022-03-07 16:10:53 +01:00
Delta-Sierra a7f3df8a9a merge 2022-03-07 16:04:38 +01:00
Delta-Sierra 8fd3c87b47 update threat actors meta 2022-03-07 15:54:29 +01:00
Alexandre Dulaunoy 8e09c9b30c
Merge pull request #685 from danielplohmann/patch-14 
adding threat actor "Moses Staff"
 2022-03-02 21:43:00 +01:00
Daniel Plohmann 896a451461
fixed with linted JSON. 2022-03-02 21:22:28 +01:00
Daniel Plohmann a817324cd4
adding threat actor "Moses Staff" 2022-03-02 15:50:39 +01:00
Mathieu Beligon 0b456b8afa version bump -> 213 2022-03-02 14:55:26 +01:00
Mathieu Beligon d3d241ca54 Update Gamaredon target 2022-03-02 14:55:19 +01:00
Mathieu Beligon 27c05a118e Update GhostWriter 2022-03-02 13:16:20 +01:00
Delta-Sierra c909a35d65 Merge https://github.com/MISP/misp-galaxy into main 2022-02-18 10:57:10 +01:00
Delta-Sierra a788c867a7 jq 2022-02-18 10:56:07 +01:00
Delta-Sierra b0cd884afc add TA2541 2022-02-18 10:54:25 +01:00
Daniel Plohmann 321e4b4a57
another Gamaredon ref and version bump 2022-02-18 08:26:01 +01:00
Daniel Plohmann 254dd47a61
adding ACTINIUM as MSFT name for Gamaredon 2022-02-18 08:24:35 +01:00
Delta-Sierra 33ef3317b7 fix duplicate 2022-02-14 10:02:36 +01:00
Delta-Sierra 9b76d71c43 Merge https://github.com/MISP/misp-galaxy into main 2022-02-14 08:47:21 +01:00
Delta-Sierra 3184819968 add DDG botnet and more 2022-02-11 16:13:36 +01:00
rwe 4700780d47 added antlion APT group 2022-02-05 04:52:33 -08:00
Alexandre Dulaunoy f49b54281b
chg: [ransomware] set encryption only 2022-02-02 22:36:14 +01:00
Alexandre Dulaunoy 3328b73185
fix: [ransomware] array end missing 2022-02-02 22:32:39 +01:00
Kevin Holvoet 3d23f98d04
Forgot comma between JSON entries 2022-02-02 18:58:55 +01:00
Kevin Holvoet 389add7580
Update ransomware.json with URL fix 
Fixed URL for AlphaLocker
 2022-02-02 18:54:31 +01:00
Kevin Holvoet fa9829cec0
Update ransomware.json: add BlackCat (ALPHV) 2022-02-02 18:50:19 +01:00
Daniel Plohmann 833a6e0a8d
updated URLs for Gamaredon with Shuckworm alias reference 2022-02-02 09:40:10 +01:00
Daniel Plohmann 8f928d8eb3
adding Gamaredon alias Shuckworm used by Symantec 2022-02-02 09:35:53 +01:00
Delta-Sierra 5cf1eb01f4 Merge https://github.com/MISP/misp-galaxy into main 2022-01-31 10:04:07 +01:00
Alexandre Dulaunoy 1fda357a03
new: [surveillance] Cytrox added 2022-01-30 11:31:55 +01:00
Jürgen Löhel 22046a1eae
Adds WhisperGate 
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2022-01-18 13:16:06 -06:00
Delta-Sierra e523bdaf70 merge 2022-01-14 16:08:14 +01:00
Jürgen Löhel 3059c70ae6
Adds UPAS-Kit 
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2022-01-13 11:53:32 -06:00
Thomas Dupuy c792bdd1b7 Add AQUATIC PANDA threat actor. 2022-01-12 13:51:11 -05:00
Thomas Dupuy afaf3a3110 Add Motnug tool. 2022-01-12 13:37:59 -05:00
Jürgen Löhel 5aa8a8a8b1
Adds Ragnatela RAT 
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2022-01-10 15:57:10 -06:00
Sami Tainio dcb87b0dc6 chg: [threat-actor] Add SideCopy 2022-01-07 17:45:41 +02:00
Daniel Plohmann 3094283252
adding Mandiant's FIN13. 2022-01-03 09:32:43 +01:00
Alexandre Dulaunoy eba1b2839f
chg: [concordia] CMTMF killchain typo fixed 2021-12-20 10:41:00 +01:00
Raphaël Vinot b4d518d4f0 fix: cmtmf-attack-pattern had multiple duplicate UUIDs 2021-12-17 17:58:29 +01:00
Alexandre Dulaunoy 12617ff627
chg: [concordia] fix name inconsistencies 2021-12-17 17:41:00 +01:00
Alexandre Dulaunoy 69b582f9ba
chg: [concordia] duplicate removed 2021-12-17 17:31:38 +01:00
Alexandre Dulaunoy bc3ab62917
chg: [concordia] duplicate removed 2021-12-17 17:26:04 +01:00
Alexandre Dulaunoy ee2a3c83f4
chg: [concordia] duplicate techniques removed 2021-12-17 17:21:00 +01:00
Alexandre Dulaunoy 01d23b61b7
chg: [concordia] typo fixed 2021-12-17 17:15:43 +01:00
Alexandre Dulaunoy 01f2ce68d4
chg: [misp-galaxy] duplicate modify trusted environment and also different technique ID? 2021-12-17 17:13:57 +01:00
Alexandre Dulaunoy 5becac98e4
chg: [concordia] duplicates removed 2021-12-17 16:51:11 +01:00
Alexandre Dulaunoy ae7b7bd47d
chg: [cmtmf-attack-pattern] various fixes to make JSON ok 2021-12-17 16:08:07 +01:00
Alexandre Dulaunoy 7b587710b1
Merge branch 'concordia_mtmf' of https://github.com/BennSaturn/misp-galaxy into BennSaturn-concordia_mtmf 2021-12-17 15:55:03 +01:00
Jürgen Löhel b81ac7f01d Adds DarkWatchman RAT 
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2021-12-17 07:20:58 -06:00
Delta-Sierra b8960393a4 add Milan Rat, Shark tool and Lyceum synonyms 2021-11-29 16:00:40 +01:00
Delta-Sierra bb92427b65 add Lyceum synonyms/sources 2021-11-29 12:05:51 +01:00
Delta-Sierra 78a8cf4ad2 add ESPecter Bootkit 2021-11-19 16:30:57 +01:00
Delta-Sierra c89623e945 add ESPecter bootkit 2021-11-16 08:17:37 +01:00
Christophe Vandeplas aeb5719448 chg: [att&ck] update to ATT&CK v10 2021-10-22 14:34:25 +02:00
Alexandre Dulaunoy ab41df7282
chg: [malpedia] remove duplicate 2021-10-20 12:24:12 +02:00
Alexandre Dulaunoy e517787e7c
chg: [malpedia] duplicates removed 2021-10-20 12:21:05 +02:00
Alexandre Dulaunoy 69f878c86f
fix: [malpedia] remove duplicate urls 2021-10-20 12:16:22 +02:00
Alexandre Dulaunoy da91f2abc2
chg: [malpedia] updated 2021-10-20 10:21:03 +02:00
marjatech d74fdb3e43
update malpedia 2021-10-19 16:21:19 +02:00
Bernardo Santos e74fcfe268 Update cmtmf-attack-pattern.json 
- update version
 2021-10-13 10:06:00 +02:00
Bernardo Santos 5f19983ba3 Update cmtmf-attack-pattern.json 
- Changes to cluster type
- Fix typo for privilege escalation tactic
 2021-10-13 09:57:03 +02:00
Bernardo Santos 49dfcca563 CONCORDIA MTMF - Initial version 
Initial version of the CONCORDIA Mobile Threat Modelling Framework for the CONCORDIA Project: https://www.concordia-h2020.eu/
 2021-10-12 10:54:06 +02:00
Bernardo Santos d09681b011 CONCORDIA MTMF - Initial version 
Initial version of the CONCORDIA Mobile Threat Modelling Framework for the CONCORDIA Project: https://www.concordia-h2020.eu/
 2021-10-12 10:45:03 +02:00
Jeroen Pinoy 9ec76ae185
Add threat actor common raven 2021-10-03 23:30:20 +02:00
Thomas Patzke 26f0c344a1 Added O365 techniques 
Source:
https://www.inversecos.com/2021/09/office365-attacks-bypassing-mfa.html
 2021-09-18 23:27:38 +02:00
Thomas Dupuy 1985de4d44 Add BLUELIGHT tool. 2021-08-27 10:28:06 +02:00
Thomas Dupuy 89a3f986ba Add InkySquid synonym. 2021-08-24 16:29:34 +02:00
Daniel Plohmann 3272960a14
fixed typo in actor name (CLOCKWORD -> CLOCKWORK SPIDER) 2021-08-19 06:02:40 +02:00
Rony 5dd0c7d8b3
chg: [threat-actor] add origin country to UNC2452 & HAFNIUM 
addressed https://github.com/MISP/misp-galaxy/pull/660#issuecomment-884475015
 2021-08-02 22:30:05 +05:30
Rony 636ccdedcd
Update threat-actor.json 2021-07-21 18:47:56 +05:30
Rony 9ecfecc063
another fix 2021-07-21 18:41:18 +05:30
Rony 32ea60d721
fix 2021-07-21 18:31:05 +05:30
Rony 52e7d5a0a9
multiple updates to apt40, apt31 & hafnium 2021-07-21 18:28:40 +05:30
Rony fb9a41f8e9
from Gov Canada & MFA Japan 2021-07-19 20:33:35 +05:30
Rony c90c60cb13
adding references for APT40 & APT31 2021-07-19 20:14:36 +05:30
Alexandre Dulaunoy 6c8949caa9
Merge pull request #658 from jasperla/oilrig 
merge APT34 with OilRig
 2021-07-03 08:56:39 +02:00
Deborah Servili b6005bd53f
Merge branch 'main' into master 2021-07-02 13:30:51 +02:00
Delta-Sierra 913aff30c3 Add NOBELIUM and related 2021-07-02 13:18:03 +02:00
Jasper Lievisse Adriaanse 792490298e merge APT34 with OilRig 
OilRig already has "APT 34" and "APT34" as synonyms. Additionally
MITRE has since combined them due to overlap in activity:
https://attack.mitre.org/groups/G0049/
 2021-06-29 20:26:04 +02:00