MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity
3,126 Commits
6 Branches
46 Tags
42 MiB
Commit Graph

2120 Commits (fe77114b84b3c40620215fdaf971d825800bb382)

Author SHA1 Message Date
Daniel Plohmann e228ffc432
alias Callisto -> BlueCharlie 
not sure, if you also want to have the Microsoft names in here (I think they are tracked separately?), otherwise, that would be Star Blizzard according to the article.
 2023-08-03 09:53:10 +02:00
Alexandre Dulaunoy dc29d5875e
chg: [sigma] updated 2023-08-02 23:58:22 +02:00
Alexandre Dulaunoy f5729ac23a
chg: [sigma] updated to the latest version 2023-07-31 10:22:23 +02:00
Rony bce41d8cdb
Merge branch 'MISP:main' into Sea-Turtle 2023-07-28 16:38:03 +05:30
Rony 9b9ce4777a chg: [threat-actor] added references, origin country, aliases to `Sea Turtle` 2023-07-28 11:04:11 +00:00
Alexandre Dulaunoy 1568583acf
chg: [sigma] updated to the latest version 2023-07-28 11:30:15 +02:00
Thomas Dupuy 2dcd1d3544 upd: Add Worok TA and update APT-Q-12 to APT-C-60 as it was the first 
name mention in an article.
 2023-07-18 19:53:54 +00:00
Alexandre Dulaunoy caceb504fe
chg: [sigma] updated to the latest rules 2023-07-15 11:29:17 +02:00
Delta-Sierra c51d177abd add SmugX & RedDelta 2023-07-10 15:46:01 +02:00
Alexandre Dulaunoy 7028860c0a
chg: [sigma] updated 2023-06-19 15:00:23 +02:00
Delta-Sierra baf5bfe5cc add Parties/Observers to the Budapest Convention 2023-06-19 14:14:47 +02:00
Delta-Sierra 20d3b3780a merge 2023-06-19 08:35:48 +02:00
Alexandre Dulaunoy 734d57edf5
chg: [sigma] updated 2023-05-31 09:43:33 +02:00
iglocska 14301a9c4c
chg: [threat actors] added Volt Typhoon 2023-05-25 07:29:48 +02:00
Delta-Sierra e87b7bbf73 complete VENOM SPIDER threat actor 2023-05-23 11:43:20 +02:00
Delta-Sierra 18ee466ae4 add Hagga threat actor 2023-05-22 15:44:18 +02:00
Delta-Sierra 9c9561bce8 fix metasploit desc in value (ty cvandeplas) 2023-05-15 10:23:05 +02:00
Delta-Sierra d202ed9f3f Merge https://github.com/MISP/misp-galaxy 2023-05-15 09:54:25 +02:00
Delta-Sierra a3fffacab3 add APT43 + tools 2023-05-15 08:41:17 +02:00
Christophe Vandeplas 02c50184bf
chg: [attck4fraud] Full merge of E.A.S.T. data + updated script 2023-05-13 09:50:14 +02:00
Christophe Vandeplas 1d9f59eb2d
chg: [attck4fraud] more manual updates with E.A.S.T. data 2023-05-13 08:43:21 +02:00
marjatech 21266365da update malpedia 2023-05-11 14:34:41 +02:00
Alexandre Dulaunoy 810cbe5b49
chg: [sigma] updated to the latest version 2023-05-11 10:27:48 +02:00
Alexandre Dulaunoy a27fda701b
Merge pull request #849 from danielplohmann/patch-34 
adding APT43 (Mandiant) for Kimsuky.
 2023-05-09 18:29:34 +02:00
Daniel Plohmann 094d56057c
adding APT43 (Mandiant) for Kimsuky. 2023-05-09 14:35:41 +02:00
Thomas Dupuy bbbd006215 chg: [mitre] bump to v13. 2023-05-08 14:04:50 +00:00
Christophe Vandeplas 3c808921c3
chg: [attck4fraud] initial updates with E.A.S.T. data 
https://www.association-secure-transactions.eu/industry-information/fraud-definitions/
 2023-05-07 21:13:52 +02:00
Alexandre Dulaunoy c86c2a83ab
chg: [sigma] rules updated 2023-04-30 10:30:54 +02:00
Alexandre Dulaunoy 3dff8e65cb
Merge pull request #847 from Delta-Sierra/main 
add VEILEDSIGNAL and more
 2023-04-27 17:21:35 +02:00
Delta-Sierra 1649c3dfca Merge https://github.com/MISP/misp-galaxy 2023-04-27 10:04:30 +02:00
Delta-Sierra bd050668ef add VEILEDSIGNALand more 2023-04-27 09:53:49 +02:00
Sebastien Larinier ddc285581d Update threat-actor.json 2023-04-26 21:52:57 +02:00
Sebastien Larinier d60cca9302 Update threat-actor.json 
fix mistake
 2023-04-26 21:46:33 +02:00
Sebastien Larinier 142d4aeaef Update threat-actor.json 2023-04-26 14:26:48 +02:00
Alexandre Dulaunoy 095c44e2ac
chg: [attck4fraud] add ATM cash trapping in the matrix 2023-04-26 07:48:29 +02:00
Jürgen Löhel 15297c7b5f
chg [threat-actors] Add RedGolf 
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2023-04-24 16:59:18 -06:00
Christophe Vandeplas 79b80b0869
chg: [rels] more threat actor relations 2023-04-23 17:54:58 +02:00
Christophe Vandeplas 3c6c204f01
chg: [rels] more threat actor relations 2023-04-23 17:45:58 +02:00
Christophe Vandeplas 138c7c7ba8
chg: [rels] more relations on cluster "value" 2023-04-23 17:36:02 +02:00
Christophe Vandeplas bf7c5f1dd9
chg: [rels] threat-actor & MS activity group - on synonym 2023-04-23 11:56:41 +02:00
Christophe Vandeplas a5e7e0c95f
chg: [rels] threat-actor & MS activity group - on value 2023-04-23 11:55:57 +02:00
Christophe Vandeplas f070943ee9
chg: [atrm] updated to latest version 2023-04-23 07:45:16 +02:00
Alexandre Dulaunoy adc7a70cf9
chg: [microsoft-activity-group] country code added 2023-04-21 07:39:37 +02:00
Alexandre Dulaunoy 8688c41796
chg: [microsoft activity group] remove duplicate 2023-04-20 17:25:32 +02:00
Alexandre Dulaunoy 592361826a
fix: [microsoft activity group] duplicate in Microsoft source 2023-04-20 17:20:57 +02:00
Alexandre Dulaunoy 309f4f2ea5
chg: [microsoft-activity-group] updated following contribution from @botlabsDev script 2023-04-20 17:04:05 +02:00
Alexandre Dulaunoy 2cc6bdfbc1
chg: [sigma] rules updated 2023-04-20 12:17:46 +02:00
Sebastien Larinier 862badf2c9 Update threat-actor.json 2023-04-19 17:41:44 +02:00
Sebastien Larinier 1c751b1ea8 Update threat-actor.json 2023-04-19 17:34:50 +02:00
Sebastien Larinier 165ce70a28
Merge branch 'MISP:main' into main 2023-04-19 16:48:02 +02:00
Sebastien Larinier 87ef0a400e Update threat-actor.json 2023-04-19 15:42:14 +02:00
Sebastien Larinier a77dc82c0a Update threat-actor.json 
new apt30 group
 2023-04-19 15:35:36 +02:00
Delta-Sierra 063ac9fc71 jq? 2023-04-19 15:10:25 +02:00
Delta-Sierra ecb7e79a6e Merge https://github.com/MISP/misp-galaxy 2023-04-19 15:06:51 +02:00
Tobias Mainka 8d2b9537f1
replace "sector" tag with "country" for matching data. this allows to be confirm with existing clusters. 2023-04-19 12:38:37 +02:00
Sebastien Larinier 926035633f
Merge branch 'MISP:main' into main 2023-04-19 11:55:57 +02:00
Alexandre Dulaunoy ccc8f0f801
chg: [microsoft-activity-group] updated to map the new funky Microsoft "taxonomy" 
Script to generate the cluster is the following, UUIDv5 based on
standard misp-stix source UUIDv4.

~~~python
lcluster = []
for v in data:
    cluster = {}
    cluster['value'] = v['threat_actor']
    cluster['meta'] = {}
    cluster['meta']['sector'] = v['sector']
    cluster['meta']['synonyms'] = v['synonyms']
    cluster['meta']['refs'] = []
    cluster['meta']['refs'].append('https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide')
    _uuid = uuid.uuid5(uuid.UUID("76beed5f-7251-457e-8c2a-b45f7b589d3d"), "{}".format(cluster['value']))
    cluster['uuid'] = str(_uuid)
    lcluster.append(cluster)
~~~

Relationships might be added in a later stage to map with the MISP threat actor galaxy.
 2023-04-19 10:47:11 +02:00
Daniel Plohmann 41afab1c06
adding Trend Micro alias Earth Smilodon for APT27 2023-04-18 20:11:57 +02:00
Delta-Sierra 6b8994271e add relationships for HALFRIG & QUATTERRIG 2023-04-18 12:20:20 +02:00
Daniel Plohmann 02e23a9a47
adding Google alias HOODOO for APT41 2023-04-17 22:32:50 +02:00
Delta-Sierra 4a4fa6d16f fix versions 2023-04-17 11:32:51 +02:00
Delta-Sierra 6d5df91efa add relationship SNOWYAMBER & Notion 2023-04-17 11:31:48 +02:00
Delta-Sierra 233a066a03 Merge https://github.com/MISP/misp-galaxy 2023-04-17 11:16:23 +02:00
Delta-Sierra d4225c5469 add some SNOWYAMBER relationships 2023-04-17 11:16:21 +02:00
Alexandre Dulaunoy 91af071bae
new: [online-service] online service added 2023-04-17 10:59:18 +02:00
Alexandre Dulaunoy 5f9760923f
Merge pull request #838 from Delta-Sierra/main 
Adding SNOWYAMBER, HALFRIG, QUARTERRIG tools & PowerMagic backdoor
 2023-04-14 16:03:57 +02:00
Delta-Sierra 8e9880d932 Add SNOWYAMBER, HALFRIG, QUARTERRIG tools 2023-04-14 15:59:42 +02:00
Delta-Sierra c5590ff79a add PowerMagic backdoor 2023-04-13 14:11:36 +02:00
Daniel Plohmann a966b3ff88
adding Trend Micro alias Earth Preta for Mustang Panda 2023-04-12 16:59:36 +02:00
Alexandre Dulaunoy 2763cdd72b
chg:[sigma] Sigma rules updated 2023-04-12 11:44:43 +02:00
Delta-Sierra 8c831d70c8 jq 2023-04-11 15:06:59 +02:00
Delta-Sierra d30e7357fe merge 2023-04-11 13:57:30 +02:00
Delta-Sierra eb9254713a Add more ransomwares from ransomlook 2023-04-11 13:56:29 +02:00
Alexandre Dulaunoy 3cc7e03af6
new: [stealer] add Sordeal Stealer 2023-04-11 09:54:02 +02:00
Alexandre Dulaunoy cbf12d9289
Merge pull request #833 from jloehel/HinataBot 
chg[botnet]: Add HinataBot
 2023-04-04 10:17:07 +02:00
Jürgen Löhel 647fc025d7
chg[botnet]: Add HinataBot 
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2023-04-03 11:19:08 -06:00
Alexandre Dulaunoy 15a03e877e
chg: [sigma] updated 2023-03-29 10:33:57 +02:00
Sebdraven 8713618777 Update threat-actor.json 
add new ref for sidecopy
 2023-03-23 09:13:23 +01:00
Sebdraven f5d68aa08d Update threat-actor.json 
delete ref to APT30 for Naikon
 2023-03-23 08:49:17 +01:00
Sebdraven d5843d46e2 Update threat-actor.json 
add ref to Aoqin Dragon
 2023-03-21 18:40:10 +01:00
Alexandre Dulaunoy 122a0bd39b
fix: [ransomware] fix duplicate Value "Cuba" 2023-03-19 11:03:12 +01:00
Alexandre Dulaunoy f2305dc165
Merge pull request #829 from Delta-Sierra/main 
update based on ransomlook+1
 2023-03-16 19:18:54 +01:00
Delta-Sierra 12f69a6082 update based on ransomlook 2023-03-16 15:24:44 +01:00
Mathieu Beligon d82ff1ecfb [threat-actors] Add Anonymous Sudan 2023-03-15 17:38:03 -05:00
Daniel Plohmann c39b46e9d5
Update threat-actor.json 
when value "Sofacy" was changed to "APT28", it seems Sofacy was not added to aliases, so it's missing right now.
 2023-03-15 14:55:25 +01:00
Delta-Sierra 74390b27c5 Merge https://github.com/MISP/misp-galaxy 2023-03-13 09:59:04 +01:00
Delta-Sierra c4eca7dfe1 more from ransomlook 2023-03-13 09:59:00 +01:00
Jürgen Löhel 9f9a263394
chg [tool]: Add tools used by TA866 during the Screentime campaign 
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2023-03-08 21:46:11 -06:00
Jürgen Löhel 031a4c8030
chg [stealer]: Add Rhadamanthys 
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2023-03-08 21:45:39 -06:00
Jürgen Löhel 437d4a30e5
chg [tds]: Add 404 TDS 
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2023-03-08 21:45:13 -06:00
Jürgen Löhel 2d30785af5
chg [threat-actors] Add TA866 
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
 2023-03-08 21:44:16 -06:00
Alexandre Dulaunoy 57f3e46273
chg: [sigma] updated 2023-03-07 12:14:48 +01:00
Alexandre Dulaunoy e7b97edaa4
chg: [ransomware] fixing duplicate cluster element Avaddon 2023-03-07 12:06:56 +01:00
Alexandre Dulaunoy 6db5b0b0cb
Merge pull request #824 from Delta-Sierra/main 
update based on ransomlook
 2023-03-06 16:23:48 +01:00
Delta-Sierra bed6bf8dd6 fix stupid duplicate-bis 2023-03-06 16:10:23 +01:00
Delta-Sierra d561350f7b fix stupid duplicate 2023-03-06 16:04:28 +01:00
Delta-Sierra 96cb1e22ba update based on ransomlook 2023-03-06 15:55:46 +01:00
Mathieu Beligon 395ffda94f [threat-actors] bump version 2023-03-02 10:29:52 -08:00
Mathieu Beligon e1407c3c3f [threat-actors] Add SLIPPY SPIDER alias to LAPSUS 2023-03-02 10:29:29 -08:00
Mathieu Beligon 4bbee8c1e7 [threat-actors] Add PROPHET SPIDER 2023-03-02 10:19:24 -08:00