MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity
3,526 Commits
6 Branches
47 Tags
73 MiB
Commit Graph

2463 Commits (f58c20fc20f92cfda8de9e43d8071d95a34c67a9)

Author SHA1 Message Date
Rony 50624af741 add DEV-0147 https://twitter.com/MsftSecIntel/status/1625181255754039318 2023-02-25 20:18:09 +00:00
Rony cf727f034c
add other actor synonyms from Google's report https://services.google.com/fh/files/blogs/google_fog_of_war_research_report.pdf 2023-02-26 01:05:50 +05:30
Delta-Sierra 27f4c9fcdc synonyms must be an array 2023-02-23 14:26:20 +01:00
Delta-Sierra 0ca7675a5f Merge https://github.com/MISP/misp-galaxy 2023-02-23 14:16:00 +01:00
Delta-Sierra 55725c771e add/update ransomware based on ransomlook 2023-02-23 14:15:09 +01:00
Tom King e52eefa0e7 chg: [mitre] updated with correct ID parsing 2023-02-21 10:36:37 +00:00
Christophe Vandeplas 9f73ff73ac fix: [first-dns] corrected typo 2023-02-21 10:54:30 +08:00
Christophe Vandeplas e2f2026fea chg: [first-dns] Adds FIRST DNS Abuse Techniques Matrix 2023-02-21 10:26:46 +08:00
Christophe Vandeplas a6a9a73ae5 chg: [360net] updated to latest online version 2023-02-20 20:03:36 +08:00
Alexandre Dulaunoy 6460fde2e4
chg: [threat-actor] version updated 2023-02-16 14:43:45 +01:00
Daniel Plohmann 91255413d8
adding Google names for RU threat actors 
https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/
 2023-02-16 14:30:05 +01:00
Alexandre Dulaunoy 73bd7d0983
Merge pull request #818 from Mathieu4141/threat-actors/proofpoint-aliases 
[threat actors] Adding some actors from ProofPoint
 2023-02-14 06:40:22 +01:00
Mathieu Beligon 9f09699047 [threat-actors] Fix: country was in the wrong place 2023-02-13 16:47:38 -08:00
Mathieu Beligon ac067a236e [threat-actors] fix: Add missing uuids 2023-02-13 16:36:41 -08:00
Mathieu Beligon a792115dd8 fix 2023-02-13 16:26:10 -08:00
Mathieu Beligon 8193b05e14 [threat-actors] bump version 2023-02-13 14:18:58 -08:00
Mathieu Beligon d34e894d2d [threat-actors] Add TA2536 2023-02-13 13:45:41 -08:00
Mathieu Beligon 20c31a5d10 [threat-actors] Add TA577 2023-02-13 13:32:24 -08:00
Mathieu Beligon e836a4a63c [threat-actors] Add TA575 2023-02-13 12:02:32 -08:00
Mathieu Beligon c52ac53765 [threat-actors] Add TA570 2023-02-13 11:54:47 -08:00
Mathieu Beligon 5f274f58c9 [threat-actors] Add Moskalvzapoe 2023-02-13 11:44:59 -08:00
Daniel Plohmann 62256854bc
adding Broadcom name for SaintBear. 2023-02-13 14:05:35 +01:00
Mathieu Beligon 33ff650327 [threat-actors] Add more information about NoName057(16) 2023-02-10 14:14:52 -08:00
Alexandre Dulaunoy 9645b9348b
chg: [tools] TgToxic added 2023-02-09 16:24:45 +01:00
o1mate 239883e2a9 Merging the handguns and shotguns clusters into a single firearm cluster. 2023-02-06 03:28:49 -05:00
Alexandre Dulaunoy 385826063b
chg: [sigma] updated to the latest version 2023-02-05 11:26:16 +01:00
Daniel Plohmann 9710e09e17
new APT29 name used by Recorded Future 
cf. https://go.recordedfuture.com/hubfs/reports/cta-2023-0127.pdf
 2023-02-02 11:46:50 +01:00
Alexandre Dulaunoy 3d6ec1b187
chg: [sigma] updated to the latest version 2023-02-02 11:25:19 +01:00
Jürgen Löhel cf492d9931
chg: [stealer] Adds Album Stealer 
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2023-02-01 17:30:56 -06:00
Alexandre Dulaunoy 033895b052
Merge pull request #812 from jloehel/boldmove 
chg: [backdoor] Adds BOLDMOVE
 2023-01-31 06:24:59 +01:00
Jürgen Löhel c7c2b8441a
chg: [stealer] Removes BluStealer 
The BluStealer is already in the malpedia cluster.

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2023-01-30 18:35:28 -06:00
Jürgen Löhel ca635cc3fc
chg: [stealer] Adds DarkCloud and BluStealer 
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2023-01-30 18:29:25 -06:00
Jürgen Löhel 33513241bd
chg: [backdoor] Adds BOLDMOVE 
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2023-01-30 16:39:11 -06:00
Alexandre Dulaunoy 150e3152cc
Merge pull request #809 from MISP/dev 
Updated the `region` cluster
 2023-01-27 15:08:16 +01:00
Alexandre Dulaunoy b7543c5012
Merge pull request #789 from Mathieu4141/threat-actors/fix-sectorj04 
[threat-actors] Remove SectorJ04 duplicate
 2023-01-27 15:05:37 +01:00
Mathieu Beligon a452263ace [threat-actors] pr.review: Add SectorJ04 as alias of TA505 2023-01-27 13:32:58 +01:00
o1mate 0b661d4f80 Added two new galaxies : An ammunition galaxy containing a list of known sold ammunitions ordered by brands, and a firearm galaxy containing two clusters (handguns, shotguns) scrapped from a famous vendor and ordered by model name (Format : Model name - SKU). 2023-01-26 08:34:38 -05:00
Delta-Sierra 89bb349184 Merge https://github.com/MISP/misp-galaxy 2023-01-26 11:46:14 +01:00
Delta-Sierra 0bb1f48ad6 fix missing brackets 2023-01-25 14:47:22 +01:00
Christian Studer e87d39e3f4
fix: [region] JQed all the things !! 2023-01-25 09:24:52 +01:00
Delta-Sierra 50ca40e408 add Anubis & Godfather android banking trojans 2023-01-25 09:05:19 +01:00
Christian Studer 51610df907
chg: [region] Updated the `region` Galaxy Cluster 
- Added missing entry (Antarctica)
- Ordered the `subregions` meta field
 2023-01-24 22:53:54 +01:00
ofenomeno cb8d700e62 adding uavs 2023-01-24 19:55:46 +01:00
Alexandre Dulaunoy 2f0dfc7656
chg: [sigma] updated 2023-01-23 10:10:46 +01:00
Alexandre Dulaunoy 4a342354f9
chg: [sigma] updated 2023-01-20 13:58:11 +01:00
Christian Studer 5c21588d7c
add: [country] Manually added the missing relations to some `country` cluster values 
- The previous commit (071ecb8) that added the
  mahority of relations between countries and
  regions were automatically added based on the
  country names specified in the `region` cluster.
  The relations added here are the remaining
  countries that are not litterally defined the
  same way they are in the `region` cluster
 2023-01-16 22:22:42 +01:00
Christian Studer 325f51479b
chg: [country] Clarified the US cluster value 2023-01-16 22:20:30 +01:00
Christian Studer 071ecb8a52
add: [country] Added references between `country` cluster values and the related region they're located in, from the `region` galaxy cluster 2023-01-16 21:35:22 +01:00
Alexandre Dulaunoy 323f9f47a1
chg: [sigma] version must be an integer 2023-01-12 16:45:21 +01:00
Alexandre Dulaunoy fd226d47a2
chg: [sigma] new version of the cluster 2023-01-12 14:10:22 +01:00
Alexandre Dulaunoy c0fdfb0e99
chg: [sigma] updated with latest version + new relationship script 2023-01-12 13:46:31 +01:00
Alexandre Dulaunoy e54366fb87
chg: [threat-actor] added the missing synonyms 2023-01-10 15:55:30 +01:00
Alexandre Dulaunoy 187701bacb
chg: [sigma] regenerated from the test script (also updated the script 
to ensure UUID consistency for the galaxy)
 2023-01-06 15:36:33 +01:00
Alexandre Dulaunoy 9955401791
chg: [sigma] jq all the things 2023-01-06 15:13:35 +01:00
Alexandre Dulaunoy 8539361df5
Merge branch 'main' of https://github.com/jstnk9/misp-galaxy into jstnk9-main 2023-01-06 15:11:27 +01:00
jstnk9 5bcec1d72f
Merge branch 'MISP:main' into main 2023-01-03 11:10:49 +01:00
Jürgen Löhel d4debd619b
chg: [ransomware] Extends the entry for JCrypt 
* Add the reference to MafiaWare666 based on the latest research from
  the Avast Threat Lab: https://decoded.avast.io/threatresearch/decrypted-mafiaware666-ransomware/
* Add more infos from Andrew Ivanovs the great blog post: https://id-ransomware.blogspot.com/2020/12/jcrypt-ransomware.html

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2022-12-23 01:44:20 -06:00
Delta-Sierra 3f4edb480b add Malteiro 2022-12-16 16:43:50 +01:00
jstnk9 cb19f6bda7 galaxy for sigma rules 2022-12-09 08:48:54 +01:00
Delta-Sierra 5931f51d7a add TAG-53 2022-12-08 11:31:02 +01:00
Delta-Sierra 3ea2d62a83 Version Update 2022-11-28 16:27:54 +01:00
Delta-Sierra 6016b1000c Merge https://github.com/MISP/misp-galaxy 2022-11-28 16:17:08 +01:00
Delta-Sierra 5d83563e0e Fix Duplicate 2022-11-28 16:15:40 +01:00
Delta-Sierra 6c36295318 Update several RAT & Ransomwares 2022-11-28 16:13:38 +01:00
Alexandre Dulaunoy de12f46ba6
chg: [mitre] updated 2022-11-28 12:48:29 +01:00
Alexandre Dulaunoy fda4160bed
chg: [target-information] fix the duplicate 2022-11-24 15:08:16 +01:00
Alexandre Dulaunoy f15e4ed3bc
chg: [target-information] duplicate removal 2022-11-24 15:05:47 +01:00
Alexandre Dulaunoy 1d9a73abdd
chg: [target] fix duplicate synonyms 2022-11-24 15:03:18 +01:00
Christian Studer e3126ef857
fix: [clusters] Fixed some other few `meta` field names 2022-11-24 09:17:28 +01:00
Christian Studer 823124d422
fix; [mitre-ics-assets] Fixed some `refs` meta field names 2022-11-23 20:44:46 +01:00
Christian Studer 493a5bf94e
fix: [target-information] Fixed `synonyms` meta field name 2022-11-23 20:40:35 +01:00
Alexandre Dulaunoy 5c979ae554
fix: [tool] Houdini relationship to something which exist (ok I know it's Houdini) 2022-11-22 15:19:40 +01:00
Alexandre Dulaunoy 0b6034d9be
Merge pull request #800 from Delta-Sierra/main 
Add ransomwares
 2022-11-22 15:11:42 +01:00
Alexandre Dulaunoy 8947d0035b
fix: [sigma rules] until new the PR and tool is done for sigma. The 
galaxy is removed.
 2022-11-22 15:08:17 +01:00
Delta-Sierra 5f0d7f6d68 add VJw0rm description 2022-11-22 14:55:10 +01:00
Delta-Sierra f4abf37b01 fix versions 2022-11-22 12:45:15 +01:00
Delta-Sierra c02b74f999 merge 2022-11-22 12:43:18 +01:00
Delta-Sierra ffc68b9b8f add several ransomwares 2022-11-22 12:40:47 +01:00
Delta-Sierra e316382b8a add qakbot ref 2022-11-22 12:06:03 +01:00
Delta-Sierra 8bf6d73d66 add BazarCall campaign 2022-11-22 09:08:28 +01:00
Delta-Sierra 3c7230e38e add Bazarbackdoor Synonyms 2022-11-22 09:00:04 +01:00
Thomas Dupuy be7450494e Add Evasive Panda Threat Actor 2022-11-18 16:38:11 +00:00
Alexandre Dulaunoy 4844a7021c
chg: [sigma] duplicate value changed 2022-11-18 14:36:02 +01:00
Alexandre Dulaunoy c41b99d8b9
fix: [sigma] remove duplicate references 2022-11-18 14:21:27 +01:00
Alexandre Dulaunoy 59f5fc5f76
Merge branch 'main' of github.com:MISP/misp-galaxy into main 2022-11-18 14:18:29 +01:00
Alexandre Dulaunoy 7d4011a0a2
chg: [sigma] jq all the things 2022-11-18 14:17:52 +01:00
Terrtia e3b6e9d229
fix: [handicap] fix galaxy icon + name + type 2022-11-17 15:16:05 +01:00
Alexandre Dulaunoy 9b8619bbbe
Merge branch 'main' of https://github.com/jstnk9/misp-galaxy into jstnk9-main 2022-11-16 11:07:50 +01:00
Jürgen Löhel f595195cd2
chg: [botnets] Adds KmsdBot 
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2022-11-15 18:10:39 -06:00
Jstnk9 473f1a13aa galaxy related to sigma rtules 
galaxy related to sigma rtules
 2022-11-15 22:56:18 +01:00
Delta-Sierra 2269f4decd fix tool type 2022-11-15 13:56:53 +01:00
Delta-Sierra 9fc65c0e34 version fix 2022-11-15 13:37:02 +01:00
Delta-Sierra 91d535925f version fix 2022-11-15 13:36:49 +01:00
Delta-Sierra 3837058ab1 merge 2022-11-15 12:54:03 +01:00
Delta-Sierra d020efd276 add raspberry Robin worm & others 2022-11-15 11:57:10 +01:00
Alexandre Dulaunoy b787bbeb23
Merge pull request #792 from nyx0/main 
Add RomCom TA.
 2022-11-05 07:50:20 +01:00
Alexandre Dulaunoy 3b196f8361
Merge pull request #791 from Mathieu4141/threat-actors/add-phosphorus-alias-to-apt-35 
[threat-actors] Add Phosphorus in APT35 aliases
 2022-11-05 07:49:55 +01:00
Thomas Dupuy 9ac53e5d5e Add RomCom TA. 2022-11-04 02:34:10 +00:00
Alexandre Dulaunoy 6c4da5dd55
Merge pull request #790 from Mathieu4141/threat-actors/fix-dust-storm 
[threat-actors] Remove DustStorm alias from APT10
 2022-11-03 11:35:20 +01:00
Alexandre Dulaunoy 52a6fff6a2
Merge pull request #788 from Mathieu4141/threat-actors/fix-cobalt-dickens 
[threat-actors] Remove cobalt dickens duplicate
 2022-11-03 11:27:08 +01:00
Alexandre Dulaunoy 3b4dcd6ad3
Merge pull request #787 from Mathieu4141/threat-actors/fix-subaat-duplicate 
[threat-actors] Remove subaat duplicate
 2022-11-03 11:26:21 +01:00
Mathieu Beligon 8a9dd47f8f [threat-actors] Add Phosphorus in APT35 aliases 2022-11-02 23:49:22 -07:00
Mathieu Beligon 21d4292faf [threat-actors] Remove DustStorm alias from APT10 2022-11-02 23:31:31 -07:00
Mathieu Beligon e61733591f [threat-actors] Remove SectorJ04 duplicate 2022-11-02 20:30:40 -07:00
Mathieu Beligon 9f0869097a [threat-actors] Remove cobalt dickens duplicate 2022-11-02 18:09:42 -07:00
Mathieu Beligon e3e5560e37 [threat-actors] Remove subaat duplicate 2022-11-02 17:57:47 -07:00
Mathieu Beligon 5801bbcfc1 [threat-actors] Remove Skeleton Spider duplicate 2022-11-02 17:38:07 -07:00
Alexandre Dulaunoy 015650c6d7
chg: [mitre-attack] updated to version 12.0 2022-11-01 22:39:33 +01:00
Delta-Sierra 9952366667 add Prynt Stealer & variants 2022-10-14 16:03:45 +02:00
Delta-Sierra 355025eb5b fix metadata in wrong slot 2022-10-04 13:28:42 +02:00
Delta-Sierra e5b3062912 add Volatile Cedar synonym 2022-10-03 16:06:13 +02:00
Thomas Dupuy 4bcf80f01b Add SharPyShell tool. 2022-10-02 22:00:54 +00:00
Alexandre Dulaunoy 409c82f40c
Merge pull request #781 from Mathieu4141/threat-actors/fix-neodymium 
[threat-actors] Fix G0055 (NEODYMIUM) alias
 2022-09-30 06:39:31 +02:00
Alexandre Dulaunoy 588184bacd
Merge pull request #780 from Mathieu4141/threat-actors/fix-svmondr 
[threat-actors] Remove SVCMONDR duplicate
 2022-09-30 06:38:56 +02:00
Alexandre Dulaunoy 800006e6ab
Merge pull request #778 from Mathieu4141/threat-actors/fix-malware-reuser-duplicate 
[threat-actors] Fix Volatile Cedar and Dancing Salome conflicts
 2022-09-30 06:37:15 +02:00
Mathieu Beligon 74c6835d18 [threat-actors] Fix G0055 (NEODYMIUM) alias 2022-09-29 17:16:57 -07:00
Mathieu Beligon a740e35687 [threat-actors] Remove SVCMONDR duplicate 2022-09-29 16:11:19 -07:00
Mathieu Beligon 5994fa4160 [threat-actors] Fix Volatile Cedar and Dancing Salome conflicts 2022-09-29 14:51:38 -07:00
Mathieu Beligon 4f47e6e2d3 [threat-actors] Equation group: separate from Lamberts and add tools 2022-09-29 11:28:54 -07:00
Thomas Dupuy c66d6823a1 Add APT-Q-12 Threat Actor. 2022-09-29 02:30:41 +00:00
Alexandre Dulaunoy c3b65a2d15
chg: [threat-actor] JSON fix 2022-09-27 08:18:13 +02:00
Alexandre Dulaunoy 067e449a41
Merge branch 'main' of https://github.com/nyx0/misp-galaxy into nyx0-main 2022-09-27 08:17:41 +02:00
Christophe Vandeplas e259458d5a chg: [mitre] bump to v11.3 2022-09-27 07:30:13 +02:00
Thomas Dupuy bfd1812cef Add Void Balaur. 2022-09-27 00:11:20 +00:00
Alexandre Dulaunoy eacab6ca27
new: [malpedia] remove duplicate UUIDs objects (coming from Malpedia API) 2022-09-26 10:58:09 +02:00
Alexandre Dulaunoy 7cd322640f
Merge pull request #771 from Delta-Sierra/main 
fetch malpedia
 2022-09-26 10:07:24 +02:00
Delta-Sierra a611230bef fetch malpedia 2022-09-26 09:23:07 +02:00
Mathieu Beligon 22a39f4fdc [threat-actors] Add BITWISE SPIDER 2022-09-20 11:23:33 -07:00
Alexandre Dulaunoy 9b8b51fe53
Merge pull request #769 from Mathieu4141/threat-actors-add/no-name-057-06 
[threat-actors] Add NoName057(16)
 2022-09-17 07:43:42 +02:00
Alexandre Dulaunoy 2f169e4258
Merge pull request #766 from Mathieu4141/threat-actors/fix-ta505 
[threat-actors] Clean TA505 aliases
 2022-09-17 07:43:18 +02:00
Mathieu Beligon 580d2c6931 [threat-actors] Add NoName057(16) 2022-09-16 20:11:06 -06:00
Alexandre Dulaunoy 30cb4e7e60
Merge pull request #768 from Delta-Sierra/main 
New clusters
 2022-09-16 06:40:43 +02:00
Delta-Sierra 8202a7f48f Add PlugX ref 2022-09-15 15:39:47 +02:00
Delta-Sierra 0903300b75 Add Chisel 2022-09-15 13:24:49 +02:00
Delta-Sierra 021fcd2c91 add Lorenz ransomware 2022-09-15 10:29:46 +02:00
Alexandre Dulaunoy 1c8d82cfcc
new: [threat-actor] hezb added 2022-09-14 11:00:33 +02:00
Christophe Vandeplas b011ddee5b fix: [360net] fixes null entries in lists 2022-09-13 22:12:51 +02:00
Christophe Vandeplas c5a5fa7cfa chg: [360net] add 360.net APT list fixes #764 2022-09-13 21:48:16 +02:00
Mathieu Beligon e1f5d3b5d8 [threat-actors] Keep meta from old Xenotime 2022-09-13 11:40:17 -07:00
Mathieu Beligon 4ff0bdfe8e [threat-actors] Clean TA505 aliases 2022-09-13 11:34:02 -07:00
Delta-Sierra e3d88f45c6 add Dark.IoT 2022-09-13 13:35:55 +02:00
Delta-Sierra 6dba3abe13 add hezb 2022-09-13 10:40:00 +02:00
Mathieu Beligon 273c7c9b97 [threat-actors] Remove Xenotime duplicate 2022-09-12 17:10:49 -07:00
Delta-Sierra 705d0d2e72 add BumbleBee backdoor 2022-09-12 10:51:43 +02:00
Delta-Sierra 0440db12e9 add DangerousSavanna campaign 2022-09-07 11:01:23 +02:00
Delta-Sierra 77db2370b1 Add Lockbit synonym 2022-09-07 11:00:41 +02:00
Delta-Sierra 775d3c183b Add Lockbit synonym 2022-09-07 09:26:38 +02:00
Rony aea413cebf chg: [threat-actor] version bump 2022-09-01 10:32:01 +00:00
Rony db913e5ab4 fix: [threat-actor] remove duplicate entries 2022-09-01 09:53:11 +00:00
Rony 6aea5ee05c chg: [threat-actor] add Aoqin Dragon 2022-09-01 09:46:43 +00:00
Rony fb0cf3c7e5 chg: [threat-actor] miscellaneous updates 2022-09-01 09:17:31 +00:00
Daniel Plohmann d18f5bc8b6
mini-fix: adding https protocol to a reference 
in automated processing and display, this may otherwise lead to a malformed local / relative link.
 2022-08-30 17:08:03 +02:00
Alexandre Dulaunoy 5175fb0364
Merge pull request #760 from Delta-Sierra/main 
Add GootLoader & MOUSEISLAND in tool
 2022-08-29 12:02:55 +02:00
Rony e7178a1e08 fix: [threat-actor] remove duplicate entries from APT9 2022-08-27 12:54:32 +00:00
Rony 27300c6381 chg: [threat-actor] add avast blog to APT40 2022-08-27 12:41:31 +00:00
Rony 7f526e230b chg: [threat-actor] add Microsoft and PwC report to actors' references 2022-08-27 12:34:36 +00:00
Rony 6ad9699a38 chg: [threat-actor] add recorded future reference to RedAlpha 2022-08-27 12:10:51 +00:00
Rony 2dc138ae01 chg: [threat-actor] add Adam Kozy's testimony ro APT41 and APT26 2022-08-27 12:08:11 +00:00
Rony 0b140b7097 chg: [threat-actor] miscellaneous updates including merge of some actors and fix the error committed in 9cfcc0d9ac 2022-08-27 11:58:03 +00:00
Alexandre Dulaunoy 8bea9f3b4b
Merge pull request #755 from Mathieu4141/threat-actors/fix-winnti 
[threat-actors] Fix Axiom/Winnti/Suckfly/APT41 conflicts
 2022-08-27 08:25:20 +02:00
Mathieu Béligon 9cfcc0d9ac
Add aliases to APT41 
Co-authored-by: Rony <rony_123@protonmail.ch>
 2022-08-26 14:54:02 -07:00
Mathieu Beligon 6e00329ba6 [threat-actors] Fix aliases 2022-08-26 11:09:29 -07:00
Delta-Sierra 534dacb7fb add GootLoader 2022-08-26 10:12:36 +02:00
Delta-Sierra d5a9365aae add MOUSEISLAND 2022-08-26 09:23:38 +02:00
Mathieu Beligon 9b714dcd76 [threat-actors] Merge Axiom into APT17 2022-08-25 13:49:07 -07:00
Delta-Sierra 5b3c395f10 jq 2022-08-24 14:27:33 +02:00
Delta-Sierra cb422c2190 update Guildma 2022-08-24 14:07:01 +02:00
Yosirion95 cda80e5496 Add synonyms to sector.json 2022-08-21 11:09:50 +02:00
Alexandre Dulaunoy 9efca4c41b
fix: [threat-actor] UUID reused fixed (UUIDs cannot be reused across different cluster) 
Add the missing the relationship for the new UUID
 2022-08-21 09:17:56 +02:00
Rony 5b42a09dc2 add PARINACOTA to threat-actor.json 
MSTIC names digital crime actors based on global volcanoes
 2022-08-20 17:10:15 +00:00
Rony 6fd584fa88 remove APT36/ Transpert Tribe from microsoft-activity-group.json cause we don't know any MSTIC name yet. 2022-08-20 17:06:18 +00:00
Alexandre Dulaunoy 6b137ea12c
Merge pull request #749 from Mathieu4141/threat-actors/fix-naikon-cluster 
[threat actors] Fix threat actors related to Lotus Panda
 2022-08-20 11:46:15 +02:00
Mathieu Beligon 7f82616c10 fix axiom related field 2022-08-19 12:48:40 -07:00
Mathieu Beligon 969f461709 merge into apt41 2022-08-19 12:45:47 -07:00
Christophe Vandeplas 1b69b654a8 chg: [atrm] bump to latest ATRM version 2022-08-19 21:19:23 +02:00
Mathieu Beligon fd9201e9e0 Merge APT22 and suckfly 2022-08-19 12:16:30 -07:00
Mathieu Beligon 768c94671c Fix hellsing ref 2022-08-19 11:34:16 -07:00
Alexandre Dulaunoy a8b234d694
Merge pull request #753 from Mathieu4141/threat-actors/fix-bronze-president 
[threat-actors] Remove duplicated BRONZE PRESIDENT entity
 2022-08-19 06:26:11 +02:00
Mathieu Béligon fcd6faec78
Capitalize override panda alias 
Co-authored-by: Rony <rony_123@protonmail.ch>
 2022-08-18 20:51:03 -07:00
Mathieu Béligon 54f3ef2831
capitalize lotus panda alias 
Co-authored-by: Rony <rony_123@protonmail.ch>
 2022-08-18 20:50:32 -07:00
Mathieu Béligon c9b11553eb
normalize APT30 alias 
Co-authored-by: Rony <rony_123@protonmail.ch>
 2022-08-18 20:32:44 -07:00
Mathieu Beligon c1abedb446 Move Lotus Panda alias to Lotus Blossom 2022-08-18 20:21:31 -07:00
Mathieu Beligon a61ef2a88f [threat-actors] Fix Axiom/Winnti/Suckfly/APT41 conflicts 2022-08-18 17:03:26 -07:00
Mathieu Beligon 84e69ad4be Add DarkCommet as a tool of GoldenRAT 2022-08-18 15:47:04 -07:00
Mathieu Beligon 1acc51a7a6 [threat-actors] Add more data about APT-C-27 2022-08-18 15:44:18 -07:00
Mathieu Beligon ec988c97d0 [threat-actors] Remove duplicated APT-C-27 2022-08-18 15:34:08 -07:00
Mathieu Beligon d9046c8619 [threat-actors] Remove duplicated BRONZE PRESIDENT entity 2022-08-18 15:12:18 -07:00
Mathieu Beligon a046e8094d Merge APT30 and Naikon 2022-08-18 11:36:45 -07:00
Mathieu Beligon 5e4a4c3453 Merge branch 'main' into threat-actors/fix-naikon-cluster 2022-08-18 09:01:36 -07:00
Mathieu Beligon 264e764dfa Remove ATK34 alias 2022-08-18 08:59:04 -07:00
Delta-Sierra 3f036db1e3 add TA558 2022-08-18 15:54:28 +02:00
Mathieu Beligon 71e3e1f3eb Fix ATK aliases 2022-08-17 13:39:43 -07:00
Mathieu Beligon a6242d4732 Merge branch 'main' into threat-actors/fix-naikon-cluster 2022-08-17 13:37:01 -07:00
Mathieu Beligon 0d6399aa2b Add ATK78 alias for Thrip 2022-08-17 12:04:32 -07:00
Mathieu Beligon 53282255ce Branch out Goblin Panda from Hellsing 2022-08-17 11:55:35 -07:00
Mathieu Beligon 3f50cf0175 Create a tool for Esile 2022-08-17 11:19:30 -07:00
Rony f608312577 addresses https://github.com/MISP/misp-galaxy/pull/751#issuecomment-1217680586 2022-08-17 08:52:35 +00:00
Rony ccd10b54f4
remove duplicate reference 2022-08-17 12:49:56 +05:30
Rony 0cec882cc5 merge microcin/sixlittlemonkeys to vicious panda 2022-08-17 07:06:51 +00:00
Alexandre Dulaunoy a373909bb1
Merge pull request #748 from r0ny123/patch-2 
Update threat-actor.json
 2022-08-17 07:44:46 +02:00
Alexandre Dulaunoy 352998a84d
fix: [threat-actor] add missing refs for APT33 including CFR link 2022-08-17 07:40:23 +02:00
Mathieu Beligon d05b29c1af [threat-actors] Remove duplicate APT33 2022-08-16 17:15:30 -07:00
Mathieu Beligon 9c6f106928 [threat actor] Fix aliases related to Lotus Panda 2022-08-16 16:58:35 -07:00
Rony 5b25b574b3 add uac-0010 references from cert-ua 2022-08-16 10:19:53 +00:00
Rony 370045b01d Merge "red october" and "cloud atlas" to inception framework" 2022-08-16 09:30:29 +00:00
Rony 62b168600f
fix duplicates 2022-08-16 12:15:30 +05:30
Rony 490bc6a05c
fix duplicate 2022-08-16 12:10:27 +05:30
Rony bbe84c5985
updates to russian actors 2022-08-16 12:07:59 +05:30
Rony de76aef023
Update threat-actor.json 2022-08-16 10:49:13 +05:30
Rony f4b63d4514
updates to tianwu 2022-08-16 10:30:33 +05:30
Alexandre Dulaunoy 96d31aa8c7
chg: [threat-actor] jq all the things 2022-08-11 17:50:00 +02:00
Thomas Dupuy ed24dcaf19 Add link for SLIME29. 2022-08-11 15:41:01 +00:00
Thomas Dupuy 912050b9b7 Update commit based on feeback. 2022-08-11 15:20:32 +00:00
Thomas Dupuy 6e0df72ef4 Add Threat Actors from BH Asia22 prez. 2022-08-10 18:53:38 +00:00
Christophe Vandeplas 1369756810 chg: [atrm] Add Azure Threat Research Matrix Galaxy and generation script 2022-08-06 21:19:31 +02:00
Daniel Plohmann bdaadea58e
removing a leading double quote in a URL. 2022-08-02 18:17:58 +02:00
Daniel Plohmann bc20a463c8
merging TG2003 / Elephant Beetle into FIN13 
as indicated in the respective resources published by the organizations using these aliases.
 2022-08-02 14:11:43 +02:00
Alexandre Dulaunoy 6427746ad8
Merge pull request #727 from Mathieu4141/threat-actors/merge-cutting-kitten-cleaver 
Fix Cleaver aliases
 2022-07-27 23:17:42 +02:00
Alexandre Dulaunoy 63f5122ad4
Merge pull request #742 from r0ny123/patch-1 
Update threat-actor.json
 2022-07-27 18:56:47 +02:00
Mathieu Beligon 51aacd6b03 Reduce diff with old version 2022-07-26 23:53:22 -07:00
Mathieu Beligon acc6ada575 r0ny123.review: Use Cutting Kitten as main value for ITSecTeam 2022-07-26 23:27:39 -07:00
Mathieu Beligon d815bfa174 Merge remote-tracking branch 'upstream/main' into threat-actors/merge-cutting-kitten-cleaver 2022-07-26 23:22:03 -07:00
Daniel Plohmann 26f6a33695
more aliases from Unit 42 2022-07-26 11:09:33 +02:00
Rony 5a7f3a7207
fix 2022-07-25 17:17:52 +05:30
Rony 8ce0df6eb4
Update threat-actor.json 
Merge aquatic panda & earth lusca
 2022-07-25 17:15:23 +05:30
Alexandre Dulaunoy 6b6398bf2d
fix: [threat-actor] incorrect merge fixed 2022-07-20 18:45:50 +02:00
Alexandre Dulaunoy b4ce9a9453
Merge branch 'main' of https://github.com/r0ny123/misp-galaxy into r0ny123-main 2022-07-20 18:41:27 +02:00
Rony add6b27466 update 2022-07-20 21:39:33 +05:30
Rony 2b54df56f9 update 2022-07-20 21:32:11 +05:30
Rony 2e045d9c8c chg: [fix] resolve conflict 2022-07-20 21:28:15 +05:30
Daniel Plohmann 5825783a85
removed duplicate UUID for Kinsing 
my apologies, looks like I had not rolled a new UUID for one of the entries added...
 2022-07-20 17:07:05 +02:00
Rony 932fcf1871 added Red Nue 2022-07-20 15:07:35 +05:30
Rony 082039b3b0 added CN actors from secureworks threat profile 
https://www.secureworks.com/research/threat-profiles?filter=item-china and fixed some AKAs
 2022-07-20 14:52:58 +05:30
Daniel Plohmann ed32c508b7
added more Unit 42 aliases / groups 2022-07-20 08:38:03 +02:00
Rony 000bfe92d9 add APT9/Red Pegasus & BRONZE EDGEWOOD/Red Hariasa 2022-07-20 10:04:58 +05:30
Rony 2e8a577b0c add PwC naming to CN actors 2022-07-20 09:45:21 +05:30
Rony 3fabd58416 chg: [threat-actor] fixed 2022-07-19 23:36:30 +05:30
Rony 79c84d3768 add Earth Berberoka, Earth Lusca and Earth Wendigo 2022-07-19 22:42:50 +05:30
Daniel Plohmann 082d506b64
adding new Unit 42 names 
First PR: those are the directly mappable names. I will follow up after deconfliction and then with a few new entries.
 2022-07-19 08:45:09 +02:00
Daniel Plohmann 240a757826
Update threat-actor.json 
adding Predatory Sparrow due to recent events.
 2022-07-13 10:02:07 +02:00
Alexandre Dulaunoy cf603e8160
Merge pull request #736 from Delta-Sierra/main 
add Qbot
 2022-07-12 18:41:33 +02:00
Thomas Dupuy 90da0d798f Set country to LB instead of IR based on operational activity. 2022-07-12 16:21:41 +00:00
Delta-Sierra b1c853bf42 update version 2022-07-12 15:51:55 +02:00
Thomas Dupuy 1a8835bcae Remove list from POLONIUM TA. 2022-07-12 13:11:11 +00:00
Thomas Dupuy a86d866534 Add POLONIUM TA. 2022-07-12 12:14:27 +00:00
Delta-Sierra d40017ae50 add Qbot 2022-07-12 14:03:43 +02:00
Delta-Sierra 6c6355f2ba fix typo 2022-07-12 11:31:08 +02:00
Delta-Sierra 300d608770 jq 2022-07-12 10:54:37 +02:00
Delta-Sierra 71c93f5b24 fix caps typo 2022-07-12 10:53:14 +02:00
Delta-Sierra 4ea34fc5a4 Merge https://github.com/Delta-Sierra/misp-galaxy into main 2022-07-12 10:51:59 +02:00
Delta-Sierra 924eda26ca Add EnemyBot +relationships 2022-07-12 10:49:11 +02:00
Deborah Servili ca7d524d9c
Merge branch 'main' into main 2022-07-08 16:27:28 +02:00
Delta-Sierra 29aa7b3f69 add Maui ransomware 2022-07-08 14:49:12 +02:00
Delta-Sierra 56a53433f0 add HelloXD ransomware 2022-07-08 12:05:31 +02:00
Delta-Sierra 279b89f6d9 fix duplicate extension-2 2022-07-06 09:38:02 +02:00
Delta-Sierra 67d5f5c7c0 fix duplicate extension 2022-07-06 09:34:11 +02:00
Delta-Sierra 7e37fa0cdd merge + update medusalocker 2022-07-06 09:28:46 +02:00
Delta-Sierra c2e7ef4fab Update Medusa Locker and others 2022-07-06 08:43:59 +02:00
marjatech 587dc8560b add script to automate malpedia update 2022-07-04 14:24:34 +02:00
Mathieu Beligon 693eed8d78 [threat actor] Break Cleaver aliases into respective entries 2022-07-04 14:05:29 +02:00
marjatech 1212a75cc4 update malpedia 2022-07-04 11:02:02 +02:00
Mathieu Beligon d63c990dad [threat-actors] Separate ITSecTeam from Cleaver 2022-06-30 14:34:05 +02:00
Mathieu Beligon b8d4ffdbde Merge Cutting Kitten and Cleaver 2022-06-29 20:15:12 +02:00
Koen Van Impe 0c9aa68db6 Update surveillance-vendor.json 2022-06-22 13:30:55 +02:00
Koen Van Impe 22c2f7b999 Add RCS Lab S.p.A. to surveillance-vendor 2022-06-22 11:20:52 +02:00
Mathieu Beligon d79c5bd1ab Add ToddyCat Threat actor 2022-06-21 15:12:42 +02:00
Rony c030fcdab6
chg: [threat-actor] added PwC naming for Indian actors 
https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf
 2022-06-11 15:46:54 +05:30
Thanat0s 44a99d066a Y en a un peut plus je vous le mets quand meme ? 2022-06-11 04:24:04 -04:00
Thanat0s 57befd7259 jq all the things 2022-06-10 19:12:12 -04:00
Thanat0s 51f98f4706 Attck link + typo on TA551 2022-06-10 18:40:16 -04:00
Thanat0s f97fee7135 Typo on TA551 2022-06-10 18:38:25 -04:00
Thanat0s 297acc0f5e Add Mitre vs Thales RosettaStone 2022-06-10 18:24:15 -04:00
Rony e916267c7c
chg: [threat-actor] add reference to bitter & sidewinder group 2022-06-08 23:22:17 +05:30
Christophe Vandeplas 39073004c4 [mitre] bump to MITRE ATT&CK v11.2 2022-05-25 21:03:14 +02:00
Christophe Vandeplas 4a469299fd [mitre] update sorting algo 
will make future ATT&CK updates less noisy in the git diff
 2022-05-25 21:00:57 +02:00
Mathieu Beligon dca70783bf [threat-actors] validate file 2022-05-23 11:32:24 +02:00
Mathieu Beligon c1cfc19871 [threat actors] Remove dead link for sandworm threat actor 2022-05-23 11:30:04 +02:00
Mathieu Beligon 36a1466661 [threat-actors] Add RansomHouse 2022-05-23 11:29:39 +02:00
Alexandre Dulaunoy a838eaf9db
Merge pull request #717 from jloehel/krane 
chg: [cryptominers] Adds Krane
 2022-05-18 08:17:16 +02:00
Jürgen Löhel 1be9a10ef9
chg: [cryptominers] Adds Krane 
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2022-05-17 14:47:29 -05:00
Jürgen Löhel 9db5d18114
chg: [android] Adds Vulture 
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2022-05-17 14:16:21 -05:00
Rony 2721522e82
chg: [threat-actor] add exotic lily, ta578, ta579 2022-05-14 20:52:15 +05:30
Jürgen Löhel 45da13ce5e chg: [backdoors] Adds BPFDoor 
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2022-05-11 19:06:19 -05:00
Alexandre Dulaunoy fcdc6c86e6
chg: [threat-actor] add TG2003 synomym to Elephant Beetle 2022-05-09 14:24:28 +02:00
Alexandre Dulaunoy 9130365e2e
chg: [threat-actor] Elephant Beetle added 
Fix #708
 2022-05-09 14:23:12 +02:00
Alexandre Dulaunoy bb434b11cf
chg: [threat-actor] ModifiedElephant added 
Fix #709
 2022-05-09 14:16:01 +02:00
Alexandre Dulaunoy 06550a7945
chg: [threat-actor] fix refs field -> it's always an array 2022-05-09 13:46:16 +02:00
Alexandre Dulaunoy b67e3ed3f8
Merge branch 'threatactor-cosmiclynx-add' of https://github.com/adammchugh/MISP-Galaxy-Updates into adammchugh-threatactor-cosmiclynx-add 2022-05-09 13:43:44 +02:00
Rony c0be6677c2
chg: [threat-actor] added actor Red Menshen 
https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf
 2022-05-07 15:44:10 +05:30
Rony 11eca69ebc
chg: [threat-actor] added Curious Gorge 2022-05-07 12:40:35 +05:30
Daniel Plohmann 26c1850377
Update threat-actor.json 
adding Red Dev 4 as alias for GALLIUM as used by PwC.
 2022-05-06 09:47:48 +02:00
Daniel Plohmann 06c293072c
Update threat-actor.json 
adding UNC3524 to the actor galaxy cluster.
 2022-05-04 13:21:56 +02:00
3c7 0ad65fbe9f
Forgot to jq all the things 2022-04-28 09:42:25 +02:00
3c7 dfb6c0668e
Added SaintBear 2022-04-28 09:36:25 +02:00
Christophe Vandeplas 33476bec81 chg: [mitre] bump to MITRE ATT&CK v11.0 2022-04-25 18:29:57 +02:00
Alexandre Dulaunoy 664f6d80cc
chg: [threat-actor] Killnet description added 2022-04-21 15:05:50 +02:00
Alexandre Dulaunoy 1e383e2452
chg: [threat-actor] version updated 2022-04-21 14:53:14 +02:00
Mathieu Beligon c8455a6c4d [actors] Add killnet 2022-04-21 14:06:28 +02:00
Adam McHugh 53a0fc56d3 Added Cosmic Lynx Threat Actor from Agari Whitepaper advisory 2022-04-18 10:16:26 +09:30
Alexandre Dulaunoy bca7381f33
fix: [ransomware] refs are within meta 2022-04-17 15:43:23 +02:00
Alexandre Dulaunoy eb7c5ebaf1
fix: [ransom] remove empty ref 2022-04-17 15:39:02 +02:00
Alexandre Dulaunoy bc696b43f4
chg: [ransomware] jq all the things 2022-04-17 15:35:50 +02:00
Alexandre Dulaunoy 00d33fd292
Merge pull request #701 from adammchugh/ransomware-conti-update 
Ammended Conti ransomware entry with ACSC 2021-010 advisory data
 2022-04-17 15:35:25 +02:00
Alexandre Dulaunoy 66744a4cd0
Merge pull request #704 from adammchugh/cryptominers-bluemockingbird-add 
Added Cryptominer Blue Mockingbird from RedCanary advisory.
 2022-04-17 14:43:59 +02:00
Alexandre Dulaunoy 14907e3eef
Merge pull request #703 from adammchugh/threatactor-copypaste-add 
Added Copy-Paste Threat Actor from ACSC Advisory 2020-008
 2022-04-17 14:43:37 +02:00
Adam McHugh 84eac4b102 Added Cosmic Lynx Threat Actor from Agari Whitepaper advisory 2022-04-17 19:50:08 +09:30
Adam McHugh f00e80ae7e Added Cryptominer Blue Mockingbird from RedCanary advisory. 2022-04-17 19:44:42 +09:30
Adam McHugh cff8a38c5f Added Copy-Paste Threat Actor from ACSC Advisory 2020-008 2022-04-17 19:37:26 +09:30
Adam McHugh 622c0502aa Ammended Conti ransomware entry with ACSC 2021-010 advisory data 2022-04-17 19:23:11 +09:30
Adam McHugh 99caab201f Ammended Blackcat ransomware entry with ACSC 2022-004 advisory data 2022-04-17 18:05:24 +09:30
Thomas Dupuy bd05eb0bba upd: [cluster] add Threat Actor BladeHawk. 2022-04-11 17:03:19 +00:00
Thomas Dupuy 209391f110 upd: [cluster] add ref and synonyms for Energetic Bear. 2022-04-07 18:26:58 +00:00
Alexandre Dulaunoy b649057a5a
chg: [handicap] fixed more fields 2022-04-04 11:09:30 +02:00
Alexandre Dulaunoy aff4345074
chg: [handicap] more cleanup 2022-04-04 11:01:38 +02:00
Alexandre Dulaunoy 269f91ad75
chg: [handicap] more clean-up of uuid values 2022-04-04 10:56:29 +02:00
Alexandre Dulaunoy d3d4e7186b
chg: [handicap] fix name of the clusters 2022-04-04 10:43:56 +02:00
Alexandre Dulaunoy 7e6390c336
Merge pull request #694 from AgatheMgt/main 
Handicap
 2022-04-04 10:41:06 +02:00
Rony a08ddaf548
Add Avivore & HAZY TIGER/Bitter 2022-04-02 01:14:18 +05:30
Rony 50f39edc10
Revert "update threat actors meta" 2022-04-02 00:55:38 +05:30
Delta-Sierra 73f71c8b15 dup 2022-04-01 16:51:27 +02:00
Delta-Sierra fb557fd3a2 dup 2022-04-01 16:47:50 +02:00
Delta-Sierra 909fc09992 duplicate 2022-04-01 16:44:47 +02:00
Delta-Sierra 7c3e8ac068 fix duplicate 2022-04-01 16:40:40 +02:00
Delta-Sierra dcc396108c fix duplicate 2022-04-01 16:36:47 +02:00
Delta-Sierra 9257fb677b merge 2022-04-01 16:32:10 +02:00
Delta-Sierra 0f7803b091 update threat actors meta 2022-04-01 16:00:27 +02:00
Sami Mokaddem 4242732af1
chg: jq all 2 2022-03-31 09:05:22 +02:00
Sami Mokaddem a9a09d11c6
chg: jq all 2022-03-31 08:59:36 +02:00
Mathieu Beligon c35fad3291 Add threat actor group Scarab 2022-03-28 12:11:34 +02:00
Alexandre Dulaunoy 94c3788089
Merge pull request #687 from Badis-dev/main 
Add galaxy and cluster cancer
 2022-03-25 10:04:46 +01:00
AgatheMgt aec779d1ee poatate 2022-03-24 09:43:58 -04:00
AgatheMgt 3ce6d7a313
Update handicap.json 2022-03-24 07:48:49 -04:00
AgatheMgt a6a16926f6
Create handicap.json 2022-03-24 07:08:08 -04:00
Daniel Plohmann 24a3f16ab4
adding threat actor group LAPSUS$ / DEV-0537. 2022-03-23 09:47:10 +01:00
Delta-Sierra 97690426bf update threat actors meta 2022-03-18 16:41:10 +01:00
Alexandre Dulaunoy 6f0208dcaf
chg: [ransomware] UUID fixed 2022-03-18 16:03:27 +01:00
Alexandre Dulaunoy ef5af37dbe
chg: [botnet] duplicate UUIDs replaced 2022-03-18 15:58:09 +01:00
Alexandre Dulaunoy c0a07d2246
chg: [ransomware] replace duplicate UUIDs 2022-03-18 15:57:06 +01:00
botlabsDev 6416d0b2de add Rook Ransomware, Pandora Ranomsware, Astro Locker, Mount Locker, Ripprbot, Abcbot Cyclops Blink and Elknot 2022-03-18 15:34:11 +01:00
Alexandre Dulaunoy 18069ce5f3
Merge pull request #688 from botlabsDev/patch-0 
Add tool 'BadPotato' to clusters/tool.json
 2022-03-15 12:30:47 +01:00
Alexandre Dulaunoy 7fd5715715
Merge pull request #691 from r0ny123/indian-adversaries 
Update to Indian Adversaries
 2022-03-15 12:28:16 +01:00
Rony eebda5f955
chg: [threat-actor] merging viceroy tiger and donot team & adding SectorE02 as an alias of Donot team 2022-03-15 15:02:57 +05:30
Rony ac72e7b639
fix 2022-03-15 14:00:46 +05:30
Rony 3b67e745e5
Update threat-actor.json 2022-03-15 13:57:00 +05:30
botlabsDev 99ab2a13d6 Add tool 'BadPotato' to clusters/tool.json 2022-03-14 18:02:02 +01:00
Badis-dev 231915f9a4 add galaxy and cluster cancer 2022-03-11 14:20:09 +01:00
Badis-dev 27241135a2
Add cancer.json 2022-03-11 11:26:57 +01:00
Badis-dev 78f1c9f345
Delete cancer.json 2022-03-11 11:26:30 +01:00
Badis-dev 1c707f7c5e
Add cancer cluster 2022-03-11 11:13:57 +01:00
Delta-Sierra 957327383d fix array 2022-03-07 16:10:53 +01:00
Delta-Sierra a7f3df8a9a merge 2022-03-07 16:04:38 +01:00
Delta-Sierra 8fd3c87b47 update threat actors meta 2022-03-07 15:54:29 +01:00
Alexandre Dulaunoy 8e09c9b30c
Merge pull request #685 from danielplohmann/patch-14 
adding threat actor "Moses Staff"
 2022-03-02 21:43:00 +01:00
Daniel Plohmann 896a451461
fixed with linted JSON. 2022-03-02 21:22:28 +01:00
Daniel Plohmann a817324cd4
adding threat actor "Moses Staff" 2022-03-02 15:50:39 +01:00
Mathieu Beligon 0b456b8afa version bump -> 213 2022-03-02 14:55:26 +01:00
Mathieu Beligon d3d241ca54 Update Gamaredon target 2022-03-02 14:55:19 +01:00
Mathieu Beligon 27c05a118e Update GhostWriter 2022-03-02 13:16:20 +01:00
Delta-Sierra c909a35d65 Merge https://github.com/MISP/misp-galaxy into main 2022-02-18 10:57:10 +01:00
Delta-Sierra a788c867a7 jq 2022-02-18 10:56:07 +01:00
Delta-Sierra b0cd884afc add TA2541 2022-02-18 10:54:25 +01:00
Daniel Plohmann 321e4b4a57
another Gamaredon ref and version bump 2022-02-18 08:26:01 +01:00
Daniel Plohmann 254dd47a61
adding ACTINIUM as MSFT name for Gamaredon 2022-02-18 08:24:35 +01:00
Delta-Sierra 33ef3317b7 fix duplicate 2022-02-14 10:02:36 +01:00
Delta-Sierra 9b76d71c43 Merge https://github.com/MISP/misp-galaxy into main 2022-02-14 08:47:21 +01:00
Delta-Sierra 3184819968 add DDG botnet and more 2022-02-11 16:13:36 +01:00
rwe 4700780d47 added antlion APT group 2022-02-05 04:52:33 -08:00
Alexandre Dulaunoy f49b54281b
chg: [ransomware] set encryption only 2022-02-02 22:36:14 +01:00
Alexandre Dulaunoy 3328b73185
fix: [ransomware] array end missing 2022-02-02 22:32:39 +01:00
Kevin Holvoet 3d23f98d04
Forgot comma between JSON entries 2022-02-02 18:58:55 +01:00
Kevin Holvoet 389add7580
Update ransomware.json with URL fix 
Fixed URL for AlphaLocker
 2022-02-02 18:54:31 +01:00
Kevin Holvoet fa9829cec0
Update ransomware.json: add BlackCat (ALPHV) 2022-02-02 18:50:19 +01:00
Daniel Plohmann 833a6e0a8d
updated URLs for Gamaredon with Shuckworm alias reference 2022-02-02 09:40:10 +01:00
Daniel Plohmann 8f928d8eb3
adding Gamaredon alias Shuckworm used by Symantec 2022-02-02 09:35:53 +01:00
Delta-Sierra 5cf1eb01f4 Merge https://github.com/MISP/misp-galaxy into main 2022-01-31 10:04:07 +01:00
Alexandre Dulaunoy 1fda357a03
new: [surveillance] Cytrox added 2022-01-30 11:31:55 +01:00
Jürgen Löhel 22046a1eae
Adds WhisperGate 
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2022-01-18 13:16:06 -06:00
Delta-Sierra e523bdaf70 merge 2022-01-14 16:08:14 +01:00
Jürgen Löhel 3059c70ae6
Adds UPAS-Kit 
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2022-01-13 11:53:32 -06:00
Thomas Dupuy c792bdd1b7 Add AQUATIC PANDA threat actor. 2022-01-12 13:51:11 -05:00
Thomas Dupuy afaf3a3110 Add Motnug tool. 2022-01-12 13:37:59 -05:00
Jürgen Löhel 5aa8a8a8b1
Adds Ragnatela RAT 
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2022-01-10 15:57:10 -06:00
Sami Tainio dcb87b0dc6 chg: [threat-actor] Add SideCopy 2022-01-07 17:45:41 +02:00
Daniel Plohmann 3094283252
adding Mandiant's FIN13. 2022-01-03 09:32:43 +01:00
Alexandre Dulaunoy eba1b2839f
chg: [concordia] CMTMF killchain typo fixed 2021-12-20 10:41:00 +01:00
Raphaël Vinot b4d518d4f0 fix: cmtmf-attack-pattern had multiple duplicate UUIDs 2021-12-17 17:58:29 +01:00
Alexandre Dulaunoy 12617ff627
chg: [concordia] fix name inconsistencies 2021-12-17 17:41:00 +01:00
Alexandre Dulaunoy 69b582f9ba
chg: [concordia] duplicate removed 2021-12-17 17:31:38 +01:00
Alexandre Dulaunoy bc3ab62917
chg: [concordia] duplicate removed 2021-12-17 17:26:04 +01:00
Alexandre Dulaunoy ee2a3c83f4
chg: [concordia] duplicate techniques removed 2021-12-17 17:21:00 +01:00
Alexandre Dulaunoy 01d23b61b7
chg: [concordia] typo fixed 2021-12-17 17:15:43 +01:00
Alexandre Dulaunoy 01f2ce68d4
chg: [misp-galaxy] duplicate modify trusted environment and also different technique ID? 2021-12-17 17:13:57 +01:00
Alexandre Dulaunoy 5becac98e4
chg: [concordia] duplicates removed 2021-12-17 16:51:11 +01:00
Alexandre Dulaunoy ae7b7bd47d
chg: [cmtmf-attack-pattern] various fixes to make JSON ok 2021-12-17 16:08:07 +01:00
Alexandre Dulaunoy 7b587710b1
Merge branch 'concordia_mtmf' of https://github.com/BennSaturn/misp-galaxy into BennSaturn-concordia_mtmf 2021-12-17 15:55:03 +01:00
Jürgen Löhel b81ac7f01d Adds DarkWatchman RAT 
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2021-12-17 07:20:58 -06:00
Delta-Sierra b8960393a4 add Milan Rat, Shark tool and Lyceum synonyms 2021-11-29 16:00:40 +01:00
Delta-Sierra bb92427b65 add Lyceum synonyms/sources 2021-11-29 12:05:51 +01:00
Delta-Sierra 78a8cf4ad2 add ESPecter Bootkit 2021-11-19 16:30:57 +01:00
Delta-Sierra c89623e945 add ESPecter bootkit 2021-11-16 08:17:37 +01:00
Christophe Vandeplas aeb5719448 chg: [att&ck] update to ATT&CK v10 2021-10-22 14:34:25 +02:00
Alexandre Dulaunoy ab41df7282
chg: [malpedia] remove duplicate 2021-10-20 12:24:12 +02:00
Alexandre Dulaunoy e517787e7c
chg: [malpedia] duplicates removed 2021-10-20 12:21:05 +02:00
Alexandre Dulaunoy 69f878c86f
fix: [malpedia] remove duplicate urls 2021-10-20 12:16:22 +02:00
Alexandre Dulaunoy da91f2abc2
chg: [malpedia] updated 2021-10-20 10:21:03 +02:00
marjatech d74fdb3e43
update malpedia 2021-10-19 16:21:19 +02:00
Bernardo Santos e74fcfe268 Update cmtmf-attack-pattern.json 
- update version
 2021-10-13 10:06:00 +02:00
Bernardo Santos 5f19983ba3 Update cmtmf-attack-pattern.json 
- Changes to cluster type
- Fix typo for privilege escalation tactic
 2021-10-13 09:57:03 +02:00
Bernardo Santos 49dfcca563 CONCORDIA MTMF - Initial version 
Initial version of the CONCORDIA Mobile Threat Modelling Framework for the CONCORDIA Project: https://www.concordia-h2020.eu/
 2021-10-12 10:54:06 +02:00
Bernardo Santos d09681b011 CONCORDIA MTMF - Initial version 
Initial version of the CONCORDIA Mobile Threat Modelling Framework for the CONCORDIA Project: https://www.concordia-h2020.eu/
 2021-10-12 10:45:03 +02:00
Jeroen Pinoy 9ec76ae185
Add threat actor common raven 2021-10-03 23:30:20 +02:00
Thomas Patzke 26f0c344a1 Added O365 techniques 
Source:
https://www.inversecos.com/2021/09/office365-attacks-bypassing-mfa.html
 2021-09-18 23:27:38 +02:00
Thomas Dupuy 1985de4d44 Add BLUELIGHT tool. 2021-08-27 10:28:06 +02:00
Thomas Dupuy 89a3f986ba Add InkySquid synonym. 2021-08-24 16:29:34 +02:00
Daniel Plohmann 3272960a14
fixed typo in actor name (CLOCKWORD -> CLOCKWORK SPIDER) 2021-08-19 06:02:40 +02:00
Rony 5dd0c7d8b3
chg: [threat-actor] add origin country to UNC2452 & HAFNIUM 
addressed https://github.com/MISP/misp-galaxy/pull/660#issuecomment-884475015
 2021-08-02 22:30:05 +05:30
Rony 636ccdedcd
Update threat-actor.json 2021-07-21 18:47:56 +05:30
Rony 9ecfecc063
another fix 2021-07-21 18:41:18 +05:30
Rony 32ea60d721
fix 2021-07-21 18:31:05 +05:30
Rony 52e7d5a0a9
multiple updates to apt40, apt31 & hafnium 2021-07-21 18:28:40 +05:30
Rony fb9a41f8e9
from Gov Canada & MFA Japan 2021-07-19 20:33:35 +05:30
Rony c90c60cb13
adding references for APT40 & APT31 2021-07-19 20:14:36 +05:30
Alexandre Dulaunoy 6c8949caa9
Merge pull request #658 from jasperla/oilrig 
merge APT34 with OilRig
 2021-07-03 08:56:39 +02:00
Deborah Servili b6005bd53f
Merge branch 'main' into master 2021-07-02 13:30:51 +02:00
Delta-Sierra 913aff30c3 Add NOBELIUM and related 2021-07-02 13:18:03 +02:00
Jasper Lievisse Adriaanse 792490298e merge APT34 with OilRig 
OilRig already has "APT 34" and "APT34" as synonyms. Additionally
MITRE has since combined them due to overlap in activity:
https://attack.mitre.org/groups/G0049/
 2021-06-29 20:26:04 +02:00
Alexandre Dulaunoy a5d7d85dc8
Merge pull request #657 from jloehel/add_matanbuchus 
[cluster][tool] Adds Matanbuchus
 2021-06-22 07:23:20 +02:00
Jürgen Löhel 254c201601
[cluster][tool] Adds Matanbuchus 
+ threat actor: BelialDemon

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2021-06-21 18:04:28 -05:00
Jürgen Löhel 381973f5de
[cluster][stealer] Adds HackBoss 
Fixes: #651

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2021-06-21 16:35:20 -05:00
Thomas Dupuy 772c5145c1 Added BackdoorDiplomacy and Gelsemium. 2021-06-11 11:48:57 -04:00
Rony 9a723b6261
more ta544 references 2021-05-26 20:26:27 +05:30
Rony db06e1fa4a
chg: [threat-actor] added cybercrime threat group profiles from Crowdstrike & Secureworks 2021-05-22 21:02:30 +05:30
Daniel Plohmann 433ea5cb45
Twisted Spider -> TWISTED SPIDER 
fair point
 2021-05-19 17:04:58 +02:00
Daniel Plohmann 9719122d27
adding Twisted Spider as alias for TA2101 (Maze) 2021-05-19 16:47:41 +02:00
Alexandre Dulaunoy a3cdbc1309
Merge pull request #650 from Still34/patches/alias-tick-1 
Add alias for Tick
 2021-05-07 23:23:38 +02:00
Still Hsu eb671f1e6a
Add Nian alias 
Signed-off-by: Still Hsu <dev@stillu.cc>
 2021-05-08 00:52:27 +08:00
Still Hsu fe7c0dab07
Add country origin for BlackTech 
Signed-off-by: Still Hsu <dev@stillu.cc>
 2021-05-08 00:32:39 +08:00
Daniel Plohmann 38b8bac51d
fixing broken/dead links 2021-05-04 20:15:17 +02:00
Alexandre Dulaunoy 6f7d3d5c2b
chg: [ransomware] COLT (Compromise to Leak Time) added on Darkside and Pysa 
"COLT – Compromise to Leak Time" - new meta colt-median/colt-average.

For reference: https://vulnerability.ch/2021/05/colt-compromise-to-leak-time/
 2021-05-03 07:41:43 +02:00
Alexandre Dulaunoy 7aaf25a424
new: [ransomware] Ragnarok added 2021-04-30 12:08:03 +02:00
Alexandre Dulaunoy 94ec98d544
Merge pull request #646 from r0ny123/update 
Updates to APT27 & Tick
 2021-04-29 18:29:53 +02:00
Christophe Vandeplas 86ee7008b2 chg: [att&ck] bump to latest ATT&CK version from MITRE 2021-04-29 18:12:36 +02:00
mokaddem 211a4b5145 fix: [ransomware] Related key should be outside metas 2021-04-26 13:48:06 +02:00
Rony 4ba2db0f3a FlatChestWare duplicate removed 2021-04-26 16:24:09 +05:30
Alexandre Dulaunoy ef9989dbe8
chg: [ransomware] duplicate removed 2021-04-26 12:06:03 +02:00
Alexandre Dulaunoy 847d3e8fa7
chg: [ransomware] duplicate removed 2021-04-26 12:01:01 +02:00
Alexandre Dulaunoy f3992ec5f1
chg: [ransomware] duplicates removed 2021-04-26 11:57:21 +02:00
Alexandre Dulaunoy f2703bd03e
chg: [ransomware] Flyper removed 2021-04-26 11:52:28 +02:00
Delta-Sierra 3cae487e3d fix duplicates and add relations 2021-04-26 11:25:39 +02:00
Rony faed812fc9 Merged STALKER PANDA to Tick 2021-04-25 19:12:20 +05:30
Rony 89b9c0c32c several updates to apt27 2021-04-25 16:53:36 +05:30
Delta-Sierra 0a05621f82 Merge https://github.com/MISP/misp-galaxy 2021-04-19 15:48:58 +02:00
Delta-Sierra b138354fa5 Removing duplicate 2021-04-19 15:42:49 +02:00
Alexandre Dulaunoy 28f6475cc5
chg: [ransomware] first duplicate removed 2021-04-19 15:13:18 +02:00
Alexandre Dulaunoy e7061f90d9
chg: [ransomware] remove duplicate "File-Locker" 2021-04-19 15:08:06 +02:00
Alexandre Dulaunoy ab13dd00f8
Merge pull request #645 from Delta-Sierra/master 
Adding ransomware names [WIP 2/3]
 2021-04-19 15:03:12 +02:00
Delta-Sierra f5713a8d87 Removing unexpected line 2021-04-19 14:53:36 +02:00
Delta-Sierra b7b4b356c3 Adding ransomware names [WIP 3] 2021-04-19 14:47:10 +02:00
Delta-Sierra fdf1a6c112 Adding ransomware names [WIP 2] 2021-04-19 13:24:25 +02:00
Daniel Plohmann 6eb594a6b0
adding Yanbian Gang as threat actor 2021-04-16 15:12:45 +02:00
Delta-Sierra f3456a89c5 fix version 2021-04-15 15:08:11 +02:00
Delta-Sierra 4bcd0492bd Adding ransomwares WIP 2021-04-15 15:07:52 +02:00
Daniel Plohmann 2d8e9ea364
Symantec uses Palmerworm as alias for BlackTech 
Adding Palmerworm as Symantec alias for BlackTech (with reference).
 2021-03-31 22:35:12 +02:00
Thomas Dupuy a8c62ddeda Add Ghostwriter. 2021-03-31 09:42:40 -04:00
Rony 50f5d2ae4a
reverted changes made into 52ae97718d 2021-03-30 22:19:05 +05:30
sebdraven ce8a9442eb validation jsons 2021-03-30 13:12:21 +00:00
Sebdraven 52ae97718d Update threat-actor.json 
add a synonym to Haffnium
 2021-03-30 15:11:09 +02:00
sebdraven b082977b9f validation ok 2021-03-30 10:22:35 +00:00
Sebdraven 4ed4cebcee Update threat-actor.json 
format json
 2021-03-30 12:16:22 +02:00
Sebdraven a62e3ba530 Update threat-actor.json 
add redecho threat actor
 2021-03-30 12:10:50 +02:00
Jakub Onderka ca9608da6d fix: Cryptominers type 2021-03-27 22:07:33 +01:00
Alexandre Dulaunoy 26b9740e55
chg: [malpedia] jq all the file and removed ref duplicates 2021-03-13 11:00:39 +01:00
Jakob M f02ce7e805 update to latest 
Ref: https://malpedia.caad.fkie.fraunhofer.de/api/get/misp
 2021-03-12 10:35:12 +01:00
Delta-Sierra eff327b4fd fix progress 2021-03-11 14:42:55 +01:00
Delta-Sierra 7c843ac5c2 fix merge & jq 2021-03-11 14:08:29 +01:00
Delta-Sierra c37befc8a9 merge 2021-03-11 10:35:05 +01:00
Alexandre Dulaunoy 855a12a408
chg: [clusters] fixing broken UUID fix #628 2021-03-11 09:54:50 +01:00
Alexandre Dulaunoy f6ed00233e
chg: [ransomware] fix the broken UUID fix #628 2021-03-11 09:52:25 +01:00
Rony 57c7d0b9a0
From Nextron 2021-03-06 19:44:32 +05:30
Rony 6cabbfb091
more! 2021-03-06 14:22:29 +05:30
Rony 7b242555df
More references 
From 
Crowdstrike
MSRC
and kql hunting query from James Quinn
 2021-03-06 13:28:14 +05:30
Rony eaab88ef28
add HAFNIUM detection refs 2021-03-05 16:51:28 +05:30
Rony 4bc438a325
fix 2021-03-05 11:48:43 +05:30
Rony d9b299aafc
add more HAFNIUM references 2021-03-05 11:42:04 +05:30
Rony c9f7afef1c
Adding alias NOBELIUM 2021-03-04 22:39:33 +05:30
Alexandre Dulaunoy 47dade9d0e
Merge pull request #631 from r0ny123/Enhancement 
Add HAFNIUM
 2021-03-04 14:48:01 +01:00
Alexandre Dulaunoy a9a6b0253f
chg: [microsoft activity group] HAFNIUM added 2021-03-04 10:49:58 +01:00
Rony ad795606cf
added HAFNIUM 
Updates:
Tonto Team
UNC2452
 2021-03-04 00:10:33 +05:30
Sebdraven 2666341afc Update threat-actor.json 
update Sidewinder card
 2021-03-03 17:59:25 +01:00
Thomas Dupuy f842694fda Update Infy TA. 2021-03-02 14:37:01 -05:00
Alexandre Dulaunoy 524676282e
Merge branch 'main' of github.com:MISP/misp-galaxy into main 2021-02-26 08:30:58 +01:00
Alexandre Dulaunoy 4692ced8fa
chg: [tool] SUNSPOT added 2021-02-26 08:28:01 +01:00
Delta-Sierra 0e23d8b95f add relationships between Maze, Rgnar, Egregor and Sekhmet 2021-02-25 10:21:28 +01:00
Delta-Sierra 406dfdb45b add Sekhmet ransomware 2021-02-25 09:52:52 +01:00
Delta-Sierra d273a5da7d add TeamTNT ref 2021-02-25 09:52:24 +01:00
Rony 5c6f3a036b
removing DePrimon 
DePrimon is not a TA, added malfamily (waiting for approval) to Malpedia to better reflect that.
 2021-02-24 21:55:04 +05:30
Thomas Dupuy eeafff9768 Add RDAT backdoor 2021-02-23 11:15:31 -05:00
Delta-Sierra eb07fab69f add Ragnar Locker and update accordingly 2021-02-23 16:21:07 +01:00
Delta-Sierra 06ae10965b add Covidloc and tycoon ransomware + small updates on some ransomwares 2021-02-22 16:39:47 +01:00
Delta-Sierra 7c1ac58141 add TeamTNT 2021-02-22 16:38:18 +01:00
Thijsvanede e9eb0c7a6c
Fix: rename "Innitial Access" to "Initial Access" 
Renamed mitre-ics-tactics "Innitial Access" to "Initial Access".
Original was a minor spelling mistake.
The fixed naming corresponds to the original ATT&CK framework description https://collaborate.mitre.org/attackics/index.php/Initial_Access
 2021-02-19 12:01:47 +01:00
Thomas Dupuy 178e16dc13 Remove empty values. 2021-02-16 10:32:37 -05:00
Thomas Dupuy 4a7560d191 Add Exaramel and P.A.S. webshell tool. 2021-02-15 12:52:53 -05:00
Thomas Dupuy 93396c524d Add Caterpillar WebShell. 2021-02-12 12:00:17 -05:00
Delta-Sierra 96bf0d44ea Merge https://github.com/MISP/misp-galaxy 2021-02-09 14:52:58 +01:00
Daniel Plohmann d61e7d2fac
adding ClearSky alias for Volatile Cedar 
adding ClearSky report as source and alias to the VolatileCedar entry. As proof from the report: "We attributed the operation to Lebanese Cedar (also known as Volatile Cedar), mainly based on the code overlaps between the 2015 variants of Explosive RAT and Caterpillar WebShell, to the 2020 variants of these malicious  files."
 2021-01-29 10:39:18 +01:00
Koen Van Impe 87b22f363c Move cfr-type-of-incident to meta 2021-01-28 12:25:39 +01:00
Koen Van Impe 23778666ba RSIT Galaxy/Cluster 2021-01-28 10:03:12 +01:00
StefanKelm fb35646406
Update threat-actor.json 
Lazarus
 2021-01-26 14:38:37 +01:00
Thomas Dupuy f964514ec5 Add HyperBro in tools 2021-01-20 13:44:28 -05:00
Thomas Dupuy 9df95031a7 Update ZxShell tool. 2021-01-20 13:27:51 -05:00
StefanKelm a131a7ce98
Update threat-actor.json 
Lazarus
 2021-01-20 17:43:18 +01:00
Alexandre Dulaunoy 3c19c7c1e5
Merge pull request #617 from danielplohmann/patch-4 
merge COVELLITE into Lazarus Group
 2021-01-17 16:05:13 +01:00
Daniel Plohmann ca66fcd93a
merge COVELLITE into Lazarus Group 
I would propose to move COVELLITE as tracked by Dragos as an alias into Lazarus Group and merge the references. 
Dragos' own description states that it refers to the same group as "Lazarus" and "Hidden Cobra" in that infrastructure and tools are the same: https://www.dragos.com/threat-activity-groups/ - the entry in MISP's threat actor library also reflects that.
 2021-01-17 15:07:26 +01:00
Rony 91e87cf82c
Update threat-actor.json 
Don't know how StarCraft
 2021-01-17 12:21:34 +05:30
Daniel Plohmann edcc3c0bc1
merging ScarCruft->APT37 
I would like to propose merging entry "ScarCruft" into "APT37". It really just seems like a redundancy, as both its aliases "Operation Daybreak" and "Operation Erebus" are already present for "APT37", along alias "StarCruft", which just seems to be a less popular variation of the name ("StarCruft" 3.2k google hits vs "ScarCruft" 31.5k google hits). The references of the entry can be fully merged as well - they do not overlap so far.
 2021-01-15 18:52:49 +01:00
Delta-Sierra a6f7795952 fix merge 2021-01-12 10:38:33 +01:00
Alexandre Dulaunoy 2b356a9eb0
chg: [threat-actor] UNC2452/DarkHalo added - ref. #614 2021-01-12 07:01:36 +01:00
Alexandre Dulaunoy 184d57f0a2
chg: [ransomware] Babuk Ransomware added 2021-01-05 19:11:28 +01:00
Alexandre Dulaunoy 4454b58743
chg: [ransomware] RegretLocker added 2020-12-30 14:14:09 +01:00
Rony 3240aa819f
Update threat-actor.json 2020-12-14 11:54:41 +05:30
Rony 2ffb77b35b
BISMUTH 2020-12-14 10:41:15 +05:30
Delta-Sierra 31f96513b2 update sidewinder threat actor 2020-12-11 16:09:33 +01:00
Alexandre Dulaunoy ac86ebd5f6
Merge pull request #609 from StefanKelm/master 
Update threat-actor.json
 2020-12-09 22:16:49 +01:00
Delta-Sierra ebd31b7376 add BazarBackdoor 2020-12-09 16:42:32 +01:00
Delta-Sierra d3a9cf742a add RansomEXX 2020-12-09 16:32:02 +01:00
Delta-Sierra 3daaa30aed Merge https://github.com/MISP/misp-galaxy 2020-12-07 16:20:36 +01:00
StefanKelm 5dc92995f6
Update threat-actor.json 
DeathStalker, Mabna
 2020-12-04 11:43:06 +01:00
StefanKelm 4fee985b5e
Update threat-actor.json 
Turla
 2020-12-03 13:05:14 +01:00
StefanKelm 72e085aba9
Update threat-actor.json 
OceanLotus
 2020-12-02 11:44:29 +01:00
StefanKelm 15b5f4c881
Update threat-actor.json 
APT27
 2020-11-30 11:49:23 +01:00
Delta-Sierra e81d3c63d5 Merge https://github.com/MISP/misp-galaxy 2020-11-27 12:47:20 +01:00
Christophe Vandeplas 9a731470d3 chg: [att&ck] update to latest MITRE ATT&CK version 2020-11-25 07:45:48 +01:00
StefanKelm da910c0c2e
Update threat-actor.json 2020-11-18 19:15:11 +01:00
Delta-Sierra 7af75bb222 add Darkside ransomware 2020-11-18 16:10:49 +01:00
StefanKelm 48ffaa8ce1
Update threat-actor.json 
Lazarus
 2020-11-18 12:10:23 +01:00
snurilov 44e9da1390
Add ConfuserEx and Beds Protector .NET packers to tools.json cluster 
Add ConfuserEx and Beds Protector .NET packers to tools.json cluster
 2020-11-11 23:09:03 -05:00
snurilov 3f4683d8a3
Update rat.json to include Iperius Remote 
Add Iperius Remote to the rat.json cluster.
 2020-11-09 23:45:16 -05:00
StefanKelm bf5bdeacb0
Update threat-actor.json 
OceanLotus
 2020-11-09 14:39:55 +01:00
StefanKelm 41a7a36317
Update threat-actor.json 
Kimsuky
 2020-11-02 17:30:25 +01:00
Rony 333e55fbeb
remove duplicate! 2020-11-02 14:18:49 +05:30
Rony 000cfa68a8
Update threat-actor.json 
Added TRACER KITTEN, FIN11, UNC1878, Operation Skeleton Key
 2020-11-02 13:51:08 +05:30
Deborah Servili 28784683db
Merge branch 'main' into master 2020-10-30 16:17:27 +01:00
Delta-Sierra 88bbf8851c jq 2020-10-30 16:14:02 +01:00
Delta-Sierra be672b8d3a update microsoft activity groups 2020-10-30 14:53:20 +01:00
Alexandre Dulaunoy 5d31753e6a
chg: [cryptominer] updated 2020-10-30 09:48:08 +01:00
Alexandre Dulaunoy 24f05749f0
Merge branch 'master' of https://github.com/enhanced/misp-galaxy into enhanced-master 2020-10-30 09:47:45 +01:00
JJ Cummings c48a38c2f1
Added a new cryptominer galaxy and additional missing recent families to various clusters 2020-10-29 14:40:22 -06:00
StefanKelm 808c2c3828
Update threat-actor.json 
Kimsuky
 2020-10-28 12:52:06 +01:00
Alexandre Dulaunoy b41e3d4f50
chg: [rename] tea matrix 2020-10-23 15:57:13 +02:00