Commit Graph

1214 Commits (eab9eaca8d60c68d297f6638aeaaa86fd56ad3ad)

Author SHA1 Message Date
Alexandre Dulaunoy 2b84592ff5
Merge branch 'master' of github.com:MISP/misp-galaxy 2019-10-18 14:28:41 +02:00
Alexandre Dulaunoy 77605f8d43
chg: [attck4fraud] updates based on issue #466 2019-10-18 14:27:36 +02:00
Rony 1fc0f5e2e7
Update threat-actor.json 2019-10-17 09:46:56 +05:30
Deborah Servili 88025a541f
add operation soft cell 2019-10-14 16:07:35 +02:00
mokaddem 4d4bd3a70c fix: [misinfosec] fixed kill_chain fields 2019-10-09 09:45:52 +02:00
VVX7 e4998efec9 chg: [galaxy] added AMITT galaxy/cluster generator script 2019-10-08 13:52:08 -04:00
VVX7 a0357c735e chg: [galaxy] version number to int 2019-10-07 19:19:45 -04:00
VVX7 0a29445b44 new: [galaxy] AMITT (Adversarial Misinformation and Influence Tactics and Techniques) framework for describing disinformation incidents. AMITT is part of misinfosec - work on adapting information security practices to help track and counter misinformation - and is designed as far as possible to fit existing infosec practices and tools. 2019-10-07 19:07:25 -04:00
Deborah Servili c27385cfa4
jq 2019-10-07 14:38:16 +02:00
Deborah Servili 5355910a8f
add legitimate tools 2019-10-07 13:38:40 +02:00
Deborah Servili 19452d8c1f Merge branch 'master' of https://github.com/MISP/misp-galaxy 2019-10-07 11:07:00 +02:00
Deborah Servili 569d453ff2
update version 2019-10-07 11:06:27 +02:00
Deborah Servili 0795eecd01
add PlugX rat sysnonyms 2019-10-07 11:04:33 +02:00
Alexandre Dulaunoy ac8236d16d
chg: [misp-galaxy] jq all the things 2019-10-03 14:46:07 +02:00
Alexandre Dulaunoy 9e82b025b5
chg: [tool] COMPfun - Reductor added
Ref: https://securelist.com/compfun-successor-reductor/93633/
2019-10-03 14:25:44 +02:00
Deborah Servili cb774002c9
add Sodinokibi synonym 2019-10-02 11:44:54 +02:00
Deborah Servili 82824be700
fix empty string 2019-09-30 12:55:31 +02:00
Deborah Servili b7c9d3e034
jq 2019-09-30 11:56:28 +02:00
Deborah Servili fca032ea73
add TVSPY tool 2019-09-30 10:45:53 +02:00
Deborah Servili f6c075c3df
WIP update target info 2019-09-27 16:22:01 +02:00
Deborah Servili c305640290
new galaxy - Region based on UN M49 2019-09-26 13:01:41 +02:00
Deborah Servili d0068b0ce0
WIP update target info 2019-09-25 15:39:02 +02:00
Deborah Servili a4b59f647c
jq 2019-09-25 13:41:55 +02:00
Deborah Servili 335402c886 Merge branch 'master' of https://github.com/MISP/misp-galaxy into target-location-galaxy 2019-09-25 13:39:33 +02:00
Deborah Servili bb3f9dc183
WIP update target info - fix empty string 2019-09-25 13:31:46 +02:00
Alexandre Dulaunoy 309109eb27
chg: [threat-actor] new LookBack (Malware?Campaign?TA?)
Signed-off: During MISP training
2019-09-25 12:12:34 +02:00
Deborah Servili 9068e3c742
WIP update target info 2019-09-25 11:46:10 +02:00
Alexandre Dulaunoy a5ae130916
chg: [threat-actor] Evil Eye and POISON CARP
Ref: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/
Signed-off: Jean-Louis during training session
2019-09-25 11:27:03 +02:00
Deborah Servili 83ee520dd5
WIP update target info 2019-09-25 09:44:34 +02:00
Deborah Servili 638cdd4198
version update 2019-09-20 14:54:56 +02:00
Deborah Servili b9b4b9c651
Add Tortoiseshell thrat actor 2019-09-20 14:53:25 +02:00
Deborah Servili 6d88367497
moar clusters 2019-09-20 09:50:37 +02:00
Alexandre Dulaunoy 42f457fc22
Merge pull request #457 from rmkml/master
Add Mr.Dec Ransomware
2019-09-17 10:17:11 +02:00
rmkml 5631d210a0 Add Mr.Dec Ransomware 2019-09-17 00:44:56 +02:00
Alexandre Dulaunoy cc134d7dff
Merge pull request #456 from rmkml/master
Add Hildacrypt Ransomware
2019-09-15 18:24:03 +02:00
rmkml dff982be20 Add Hildacrypt Ransomware 2019-09-14 21:49:16 +02:00
Alexandre Dulaunoy 55da11f8ba
Merge pull request #455 from rmkml/master
Add InnfiRAT
2019-09-14 08:16:35 +02:00
rmkml f907797d41 Add InnfiRAT 2019-09-14 00:08:54 +02:00
Deborah Servili 7e892eaa7d
update target information [draft] 2019-09-13 16:35:20 +02:00
Deborah Servili 2588df01cc
update target information 2019-09-12 16:22:11 +02:00
StefanKelm db2b5a13ef
Update threat-actor.json
Silent Librarian
2019-09-12 11:57:03 +02:00
Deborah Servili 1eb23bc55b
update target information 2019-09-12 11:10:41 +02:00
Deborah Servili 6c430ad21e
improve target-information 2019-09-11 16:32:29 +02:00
rmkml 7c89cb308c
Merge branch 'master' into master 2019-09-07 19:52:05 +02:00
rmkml dfc6321e0c Add AsyncRAT 2019-09-07 19:43:08 +02:00
Deborah Servili 718ea55dd7
Merge branch 'master' into master 2019-09-04 14:42:47 +02:00
Deborah Servili 9e3a998dfc
aff SectorJ04 group 2019-09-03 15:51:21 +02:00
Alexandre Dulaunoy 9690d070ab
Merge pull request #450 from rmkml/master
Add Buran Ransomware
2019-09-02 07:39:19 +02:00
rmkml 28ec696272 Add Buran Ransomware 2019-09-01 21:20:28 +02:00
Daniel Plohmann f40b7dd132
'SectorJ04 Group' as alias introduced by NSHC for TA505
Not explicitly mentioned in the blog post but it looks like we just got an alias for TA505... https://threatrecon.nshc.net/2019/08/29/sectorj04-groups-increased-activity-in-2019/
2019-09-01 15:46:36 +02:00
Alexandre Dulaunoy 9920461294
Merge pull request #448 from rmkml/master
Add Nemty Ransomware
2019-08-31 21:27:50 +02:00
rmkml e79310c861 Add Nemty Ransomware 2019-08-31 21:08:50 +02:00
Alexandre Dulaunoy c7e6a17a31
Merge pull request #447 from Delta-Sierra/target-location-galaxy
improve more clusters
2019-08-30 16:37:39 +02:00
Deborah Servili 5504c10e3d
improve more clusters 2019-08-30 16:32:02 +02:00
Alexandre Dulaunoy b986f06cb4
Merge pull request #446 from wagner-certat/tool-empty-strings
Add test for empty strings
2019-08-30 11:10:16 +02:00
Alexandre Dulaunoy 0966e58da6
Merge branch 'master' of github.com:MISP/misp-galaxy 2019-08-30 11:06:29 +02:00
Alexandre Dulaunoy f5056ff02e
chg: [threat-actor] add machete-apt synonyms as reported in #445 2019-08-30 11:03:30 +02:00
Deborah Servili 2c248db419
Merge pull request #441 from Delta-Sierra/target-location-galaxy
More clusters improved
2019-08-30 10:15:56 +02:00
Sebastian Wagner e13087a9c4
target-information: fix territory-type for China 2019-08-30 10:08:19 +02:00
StefanKelm 49f8f60a85
Update threat-actor.json
Add ITG08 as synonym for FIN6
2019-08-29 13:13:00 +02:00
Alexandre Dulaunoy 8d78a2a108
chg: [threat-actor] jq all 2019-08-29 08:31:10 +02:00
Alexandre Dulaunoy 791c88f2eb
Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master 2019-08-29 08:30:41 +02:00
Deborah Servili 395dd93e0f
add Asruex Backdoor 2019-08-28 15:40:03 +02:00
Alexandre Dulaunoy 9926ea8826
chg: [threat-actor] LYCEUM added - 443 #fixed 2019-08-28 14:35:12 +02:00
Deborah Servili ea68336b96
add ref for Gamaredon 2019-08-27 08:28:58 +02:00
Deborah Servili 300e3c2bfb
More clusters improved 2019-08-26 17:50:20 +02:00
Alexandre Dulaunoy 775b6d1a09
Merge pull request #440 from Delta-Sierra/target-location-galaxy
Target location galaxy
2019-08-23 16:29:23 +02:00
Deborah Servili fcded146c2
More clusters improved 2019-08-23 16:01:12 +02:00
Deborah Servili bae47241f0
More clusters improved 2019-08-23 11:14:14 +02:00
Alexandre Dulaunoy a68577a967
Merge pull request #439 from Delta-Sierra/target-location-galaxy
Target location galaxy
2019-08-22 16:24:57 +02:00
Deborah Servili a579c041d2
More clusters improved 2019-08-22 15:59:11 +02:00
Deborah Servili b7a97d1baf
More clusters improved 2019-08-22 11:49:09 +02:00
Deborah Servili 6944236943
more countries 2019-08-20 15:24:16 +02:00
Sebastian Wagner 38aebbf42a
remove empty strings 2019-08-19 17:04:07 +02:00
Deborah Servili 93ca9a3123
Merge pull request #437 from Delta-Sierra/target-location-galaxy
Target location galaxy
2019-08-19 08:57:48 +02:00
Deborah Servili 754f8f2a48
complete more cluster + country is now an array 2019-08-14 16:30:28 +02:00
Deborah Servili 3e651e2d74
target-informatione - add membership member-of attribute - Example:member-of NATO 2019-08-13 15:36:10 +02:00
Alexandre Dulaunoy 6ca4e4cb17
Merge pull request #436 from Delta-Sierra/target-location-galaxy
Target location galaxy
2019-08-13 15:17:41 +02:00
Deborah Servili e00f139fa2
jq 2019-08-13 13:01:36 +02:00
Deborah Servili 9accc832e3
change attribute name 2019-08-13 12:08:03 +02:00
Deborah Servili 389a82701a
jq 2019-08-13 11:57:28 +02:00
Deborah Servili e946ce66db
complete some clusters 2019-08-13 11:55:18 +02:00
Alexandre Dulaunoy d48d2ccd3e
Merge pull request #435 from hackunagi/master
Adding Amavaldo Banking Trojan
2019-08-10 18:53:05 +02:00
Alexandre Dulaunoy 3841447e16
Merge pull request #434 from r0ny123/patch-1
added microsoft naming for the groups
2019-08-10 18:52:26 +02:00
Thomas Dupuy df5c9057a1 add synonyme for Turla 2019-08-09 17:34:22 -04:00
Carlos Borges d96dc39c5a
Adding Amavaldo Banking Trojan 2019-08-09 18:00:37 -03:00
Rony feac39db6b
added microsoft naming for the groups 2019-08-09 22:19:09 +05:30
Thomas Dupuy 320e298549 update victims 2019-08-09 10:45:10 -04:00
Thomas Dupuy 1988662ee5 add APT41 2019-08-09 10:24:06 -04:00
Deborah Servili e239619d15
jq 2019-08-06 15:42:20 +02:00
Deborah Servili 53df0908c7
update version 2019-08-06 15:34:23 +02:00
Deborah Servili 4bef48b33e
add Amavaldo 2019-08-06 13:28:32 +02:00
Nils Kuhnert 17925f3e10
Remove local file link :) 2019-08-03 18:55:00 +02:00
Deborah Servili 21318cdf3d
fix building mistakes 2019-08-02 16:28:32 +02:00
Alexandre Dulaunoy 7913adad61
chg: [threat-actor] rollback as discussed by chat with Andras until version 2.0 2019-08-02 16:08:40 +02:00
Andras Iklody 984be50396
lowercased value field for DarkHotel 2019-08-02 15:40:31 +02:00
Alexandre Dulaunoy 17452d31a7
chg: [att&ck] July ATT&CK release included in MISP galaxy 2019-08-01 15:51:03 +02:00
Alexandre Dulaunoy a401ff7405
Merge branch 'master' into patch-13 2019-08-01 08:52:27 +02:00
Daniel Plohmann 0367e16ce0
adding secureworks actor names for energetic bear and teamspy 2019-07-31 14:35:09 +02:00
Daniel Plohmann a4a72d0698
adding Proofpoint's TA428 2019-07-31 14:08:50 +02:00