MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity
2,268 Commits
6 Branches
47 Tags
51 MiB
Commit Graph

1491 Commits (f02ce7e8056262c92830520ef3b9fe783a20557d)

Author SHA1 Message Date
Delta-Sierra 31f96513b2 update sidewinder threat actor 2020-12-11 16:09:33 +01:00
Alexandre Dulaunoy ac86ebd5f6
Merge pull request #609 from StefanKelm/master 
Update threat-actor.json
 2020-12-09 22:16:49 +01:00
Delta-Sierra ebd31b7376 add BazarBackdoor 2020-12-09 16:42:32 +01:00
Delta-Sierra d3a9cf742a add RansomEXX 2020-12-09 16:32:02 +01:00
Delta-Sierra 3daaa30aed Merge https://github.com/MISP/misp-galaxy 2020-12-07 16:20:36 +01:00
StefanKelm 5dc92995f6
Update threat-actor.json 
DeathStalker, Mabna
 2020-12-04 11:43:06 +01:00
StefanKelm 4fee985b5e
Update threat-actor.json 
Turla
 2020-12-03 13:05:14 +01:00
StefanKelm 72e085aba9
Update threat-actor.json 
OceanLotus
 2020-12-02 11:44:29 +01:00
StefanKelm 15b5f4c881
Update threat-actor.json 
APT27
 2020-11-30 11:49:23 +01:00
Delta-Sierra e81d3c63d5 Merge https://github.com/MISP/misp-galaxy 2020-11-27 12:47:20 +01:00
Christophe Vandeplas 9a731470d3 chg: [att&ck] update to latest MITRE ATT&CK version 2020-11-25 07:45:48 +01:00
StefanKelm da910c0c2e
Update threat-actor.json 2020-11-18 19:15:11 +01:00
Delta-Sierra 7af75bb222 add Darkside ransomware 2020-11-18 16:10:49 +01:00
StefanKelm 48ffaa8ce1
Update threat-actor.json 
Lazarus
 2020-11-18 12:10:23 +01:00
snurilov 44e9da1390
Add ConfuserEx and Beds Protector .NET packers to tools.json cluster 
Add ConfuserEx and Beds Protector .NET packers to tools.json cluster
 2020-11-11 23:09:03 -05:00
snurilov 3f4683d8a3
Update rat.json to include Iperius Remote 
Add Iperius Remote to the rat.json cluster.
 2020-11-09 23:45:16 -05:00
StefanKelm bf5bdeacb0
Update threat-actor.json 
OceanLotus
 2020-11-09 14:39:55 +01:00
StefanKelm 41a7a36317
Update threat-actor.json 
Kimsuky
 2020-11-02 17:30:25 +01:00
Rony 333e55fbeb
remove duplicate! 2020-11-02 14:18:49 +05:30
Rony 000cfa68a8
Update threat-actor.json 
Added TRACER KITTEN, FIN11, UNC1878, Operation Skeleton Key
 2020-11-02 13:51:08 +05:30
Deborah Servili 28784683db
Merge branch 'main' into master 2020-10-30 16:17:27 +01:00
Delta-Sierra 88bbf8851c jq 2020-10-30 16:14:02 +01:00
Delta-Sierra be672b8d3a update microsoft activity groups 2020-10-30 14:53:20 +01:00
Alexandre Dulaunoy 5d31753e6a
chg: [cryptominer] updated 2020-10-30 09:48:08 +01:00
Alexandre Dulaunoy 24f05749f0
Merge branch 'master' of https://github.com/enhanced/misp-galaxy into enhanced-master 2020-10-30 09:47:45 +01:00
JJ Cummings c48a38c2f1
Added a new cryptominer galaxy and additional missing recent families to various clusters 2020-10-29 14:40:22 -06:00
StefanKelm 808c2c3828
Update threat-actor.json 
Kimsuky
 2020-10-28 12:52:06 +01:00
Alexandre Dulaunoy b41e3d4f50
chg: [rename] tea matrix 2020-10-23 15:57:13 +02:00
Alexandre Dulaunoy e5ea22a3b0
chg: [tea] matrix updated to include brewing time and the milk attack technique 2020-10-23 11:51:50 +02:00
Alexandre Dulaunoy 0ccbdb862b
chg: [tea] first version 2020-10-23 11:16:50 +02:00
Christophe Vandeplas 2334676e64 chg: [att&ck] no tag for subtechnique 2020-10-18 20:14:05 +02:00
Christophe Vandeplas d58dd1fca2 new: [att&ck] support for subtechniques 2020-10-18 20:00:48 +02:00
Daniel Plohmann 02bcf1f5a7
adding PowerPool alias IAmTheKing (Kaspersky) 
after a quick search I haven't found a nice source except for costin's tweet.
 2020-10-09 13:49:16 +02:00
StefanKelm 7bab41e367
Update threat-actor.json 
TA505
 2020-10-06 15:29:54 +02:00
StefanKelm 1d05f17507
Update threat-actor.json 
XDSpy
 2020-10-06 12:45:43 +02:00
Christophe Vandeplas 32b142c8e0 fixes issues in attack-ics 2020-10-02 16:54:21 +02:00
Christophe Vandeplas f95e88b1f9 MITRE ATT&CK for ICS fixes #586 
fixed issues in pull request #586
 2020-10-01 20:42:40 +02:00
StefanKelm 18eebc01f6
Lazarus 2020-09-29 12:02:16 +02:00
Bart 2b51f7b6de
Update threat-actor.json 
Add Machete alias
 2020-09-27 18:37:24 +02:00
StefanKelm e95fbb571d
Update threat-actor.json 
GADOLINIUM
 2020-09-25 11:52:34 +02:00
StefanKelm 3ad3d5f318
Update threat-actor.json 
APT28
 2020-09-22 18:07:33 +02:00
Deborah Servili d48216031a
add Sepulcher RAT 2020-09-22 16:23:39 +02:00
Deborah Servili 4f3b6945c0 Merge https://github.com/MISP/misp-galaxy 2020-09-22 12:17:42 +02:00
Rony d1c70b3d80
FBI FLASH AC-000133-TT 2020-09-17 11:05:00 +05:30
Rony 4d4a462d7a
Update threat-actor.json 
Adding Fox-Kitten and cleaned (or improved) winnti
 2020-09-17 00:07:40 +05:30
Deborah Servili 0fe525a9db Merge https://github.com/MISP/misp-galaxy 2020-09-16 10:22:38 +02:00
Deborah Servili 00b5d0d116 add refs 2020-09-16 10:08:31 +02:00
Daniel Plohmann (jupiter) 7b00674c77 Adding TA413 and Evilnum 2020-09-15 14:19:22 +02:00
StefanKelm 63030f2cfe
Update threat-actor.json 
APT33
 2020-09-14 12:01:53 +02:00
StefanKelm 3cc3cc461a
Update threat-actor.json 
STRONTIUM
 2020-09-11 11:38:06 +02:00
Raphaël Vinot 405d5f1fe9 fix: Sort keys, fix tests 2020-09-08 10:51:24 +02:00
Alexandre Dulaunoy 9e519962c6
chg: [botnet] Katura mess added 2020-09-07 12:41:39 +02:00
StefanKelm 57a31fd60c
Update threat-actor.json 
Lazarus, FIN7
 2020-09-03 14:44:10 +02:00
StefanKelm 503d421a56
Update threat-actor.json 
TA542
 2020-08-31 15:07:13 +02:00
VVX7 4635146b00 chg: [dev] jq 2020-08-22 13:06:42 -04:00
VVX7 1cddf4b7cd new: [dev] fix empty strings, lists 2020-08-22 12:59:05 -04:00
VVX7 b4c3ffc8eb new: [dev] add ASPI's China Defence University Tracker. 
Thanks to Cormac Doherty for writing the web scraper! To update the galaxy run the included gen_defence_university.py script.

"The China Defence Universities Tracker is a database of Chinese institutions engaged in military or security-related science and technology research. It was created by ASPI’s International Cyber Policy Centre.

It includes entries on nearly 100 civilian universities, 50 People’s Liberation Army institutions, China’s nuclear weapons program, three Ministry of State Security institutions, four Ministry of Public Security universities, and 12 state-owned defence industry conglomerates.

The Tracker is a tool to inform universities, governments and scholars as they engage with the entities from the People’s Republic of China. It aims to build understanding of the expansion of military-civil fusion—the Chinese government’s policy of integrating military and civilian efforts—into the education sector.

The Tracker should be used to inform due diligence of Chinese institutions. However, the fact that an institution is not included here does not indicate that it should not raise risks or is not involved in defence research. Similarly, entries in the database may not reflect the full range and nature of an institution’s defence and security links." - ASPI (https://unitracker.aspi.org.au/about/)
 2020-08-21 11:24:22 -04:00
rmkml e02ac52566 add Conti Ransomware 2020-08-15 22:10:49 +02:00
Thomas Dupuy 4009ef9997 Fix: remove comma 2020-08-14 13:01:37 -04:00
Thomas Dupuy d0c6b7b46d Update Tonto Team/CactusPete threat actor 2020-08-13 15:57:33 -04:00
Thomas Dupuy 72554ed71c Add Drovorub tool 2020-08-13 15:08:32 -04:00
Thomas Dupuy 4130d7c6fc Update TA APT40 2020-08-13 12:22:36 -04:00
Daniel Plohmann 8407b6fd28
Update threat-actor.json 
adding Kaspersky's name for Microcin.
 2020-08-12 12:03:28 +02:00
Thomas Dupuy 9cadabba7a Add WellMess and WellMail 2020-08-11 12:37:28 -04:00
rmkml 6d10e3a37d add Ragnarok Ransomware 2020-08-02 20:46:32 +02:00
Vasileios Mavroeidis 40d12b9dde
Motive correction based on the EU Cert motive taxonomy 
Changed the motive in object 29af2812-f7fb-4edb-8cc4-86d0d9e3644b from Hactivism-Nationalist to Hacktivists-Nationalists
 2020-07-28 11:43:46 +02:00
Alexandre Dulaunoy 44afaf2523
chg: [threat-actor] remove duplicate references 2020-07-27 09:57:41 +02:00
StefanKelm 86c54cbd8c
Update threat-actor.json 
OilRig
 2020-07-23 11:07:22 +02:00
Raphaël Vinot c174f613c5 fix: Name of SoD Matrix cluster to match galaxy. 
Fix #566
 2020-07-22 11:52:27 +02:00
Steve Clement df6bed3d3a
Merge pull request #563 from r0ny123/patch-1 2020-07-22 09:14:13 +09:00
StefanKelm 17a1feb016
Update threat-actor.json 
Turla
 2020-07-15 11:20:18 +02:00
Rony c33f4c7611
Update threat-actor.json 
Moved the JUDGMENT PANDA references to APT31 following the previous commit.
Off note, Crowdstrike quietly removed the JUDGMENT PANDA section from its GTR-2019 report. However if anyone wants to grab the unchanged report, they can get it [here](https://b-ok.asia/book/3697424/2ab30a).
 2020-07-12 12:57:24 +05:30
Rony b77b9d374c
Update threat-actor.json 2020-07-12 11:19:13 +05:30
Koen Van Impe d3e22ef14c SoD Matrix 
Described at https://github.com/cudeso/SoD-Matrix
 2020-07-10 14:08:45 +02:00
Deborah Servili 84474ddb29 merge 2020-07-09 16:31:04 +02:00
Deborah Servili 865e76beae commit 2020-07-07 14:47:44 +02:00
Alexandre Dulaunoy ba46bb6a0b
chg: [threat-actor] fix #561 by using new meta to classify as a campaign only. 
Based on https://github.com/MISP/misp-galaxy/issues/469

There is an old and persistence issue in attribution world and basically no-one really agrees on this. So we decided to start a specific metadata `threat-actor-classification` on the threat-actor to define the various types per cluster entry:

- _operation_:
  - _A military operation is the coordinated military actions of a state, or a non-state actor, in response to a developing situation. These actions are designed as a military plan to resolve the situation in the state or actor's favor. Operations may be of a combat or non-combat nature and may be referred to by a code name for the purpose of national security. Military operations are often known for their more generally accepted common usage names than their actual operational objectives._ from Wikipedia
  - **In the context of MISP threat-actor name, it's a single specific operation.**
- _campaign_:
  - _The term military campaign applies to large scale, long duration, significant military strategy plans incorporating a series of inter-related military operations or battles forming a distinct part of a larger conflict often called a war. The term derives from the plain of Campania, a place of annual wartime operations by the armies of the Roman Republic._ from Wikipedia
  - **In the context of MISP threat-actor-name, it's long-term activity which might be composed of one or more operations.**
- threat-actor
  - **In the context of MISP threat-actor-name, it's an agreed name by a set of organisations.**
- activity group
  - **In the context of MISP threat-actor-name, it's a group defined by its set of common techniques or activities.**
- unknown
  - **In the context of MISP threat-actor-name, it's still not clear if it's an operation, campaign, threat-actor or activity group**

The meta field is an array to allow specific cluster of threat-actor to show the current disagreement between different organisations about the type (threat actor, activity group, campaign and operation).
 2020-07-07 09:13:21 +02:00
Alexandre Dulaunoy 164e54c3fe
Merge branch 'master' of github.com:MISP/misp-galaxy 2020-07-02 09:55:42 +02:00
StefanKelm 14665429d7
Update threat-actor.json 
APT31
 2020-06-25 16:23:00 +02:00
StefanKelm 92bc206879
Update threat-actor.json 
APT30
 2020-06-23 14:54:09 +02:00
Rony bc97b07089
Update threat-actor.json 2020-06-21 19:19:17 +05:30
StefanKelm 583f1d2fc2
Update threat-actor.json 
TA505
 2020-06-17 11:56:29 +02:00
Alexandre Dulaunoy 0cb36249a4
chg: [jq] all the things 2020-06-12 09:26:30 +02:00
Rony 29be5ac7e1
fixed typo! 2020-06-12 00:09:59 +05:30
Rony 9365bfb7cd
Adding GALLIUM Threat Actor 2020-06-11 23:42:35 +05:30
StefanKelm f042f98247
Update threat-actor.json 
Higaisa
 2020-06-08 14:09:39 +02:00
StefanKelm 9c25d5e8c5
Update threat-actor.json 
Cycldek
 2020-06-04 17:18:45 +02:00
Alexandre Dulaunoy 3867b1f602
Merge pull request #552 from danielplohmann/reference-fixes 
Reference fixes
 2020-05-29 09:26:05 +02:00
Alexandre Dulaunoy 2a074f23fd
chg: [preventive-measure] packet filtering added 2020-05-27 10:02:16 +02:00
Daniel Plohmann (jupiter) a705d1402f fixing deadlinks where possible 2020-05-27 09:49:58 +02:00
Daniel Plohmann (jupiter) 171f272a1e default to HTTPS to be consistent with other links to same page 2020-05-27 09:27:52 +02:00
Alexandre Dulaunoy 8a0a4cb02d
Merge pull request #551 from nyx0/master 
Add CrackMapExec, metasploit, Cobalt Strike and Covenant
 2020-05-27 09:10:08 +02:00
Thomas Dupuy 291fb41502 Remove duplicate TA (Chafer), fix symantec link, add synonyme for DarkHotel 2020-05-26 09:50:43 -04:00
Thomas Dupuy 143bd521be Add CrackMapExec, metasploit, Cobalt Strike and Covenant 2020-05-26 09:35:01 -04:00
Rony fbd351590a
Update threat-actor.json 2020-05-24 23:18:54 +05:30
Rony 5f8094d16f
fix 2020-05-24 23:14:43 +05:30
Alexandre Dulaunoy b5bbc34f5d
chg: [threat-actor] remove the non-unique elements 2020-05-22 14:01:32 +02:00
Nils Kuhnert fbfe9d23c3
Merged (most) SecureWorks threat actor profiles && jq 2020-05-22 13:45:29 +02:00
iglocska dee9a56460
fix: small fixes to the bhadra framework 2020-05-19 16:45:40 +02:00
iglocska 43703f1a96
new: added Bhadra framework for mobile attacks 
- based on the paper published here: https://arxiv.org/pdf/2005.05110.pdf
- thanks to the ATT&CK EU community conference speakers highlighting this framework!
 2020-05-19 16:34:59 +02:00