misp-website/Changelog-misp-galaxy.txt

6261 lines
164 KiB
Plaintext
Raw Permalink Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

# Changelog
## v2.4.152 (2021-12-22)
### New
* [CMTMF] fix the galaxy definition. [Alexandre Dulaunoy]
### Changes
* Use pytest instead of nose. [Raphaël Vinot]
* [concordia] CMTMF killchain typo fixed. [Alexandre Dulaunoy]
* [concordia] fix name inconsistencies. [Alexandre Dulaunoy]
* [concordia] set a mobile icon. [Alexandre Dulaunoy]
* [concordia] duplicate removed. [Alexandre Dulaunoy]
* [concordia] duplicate removed. [Alexandre Dulaunoy]
* [concordia] duplicate techniques removed. [Alexandre Dulaunoy]
* [concordia] typo fixed. [Alexandre Dulaunoy]
* [misp-galaxy] duplicate modify trusted environment and also different technique ID? [Alexandre Dulaunoy]
* [concordia] duplicates removed. [Alexandre Dulaunoy]
* [cmtmf-attack-pattern] update. [Alexandre Dulaunoy]
* [cmtmf-attack-pattern] various fixes to make JSON ok. [Alexandre Dulaunoy]
### Fix
* Cmtmf-attack-pattern had multiple duplicate UUIDs. [Raphaël Vinot]
### Other
* Merge pull request #671 from MISP/BennSaturn-concordia_mtmf. [Alexandre Dulaunoy]
Benn saturn concordia mtmf
* Merge branch 'concordia_mtmf' of https://github.com/BennSaturn/misp-galaxy into BennSaturn-concordia_mtmf. [Alexandre Dulaunoy]
* Update cmtmf-attack-pattern.json. [Bernardo Santos]
- update version
* Update cmtmf-attack-pattern.json. [Bernardo Santos]
- Changes to cluster type
- Fix typo for privilege escalation tactic
* CONCORDIA MTMF - Initial version. [Bernardo Santos]
Initial version of the CONCORDIA Mobile Threat Modelling Framework for the CONCORDIA Project: https://www.concordia-h2020.eu/
* CONCORDIA MTMF - Initial version. [Bernardo Santos]
Initial version of the CONCORDIA Mobile Threat Modelling Framework for the CONCORDIA Project: https://www.concordia-h2020.eu/
* Merge pull request #670 from jloehel/darkwatchman. [Alexandre Dulaunoy]
Adds DarkWatchman RAT
* Adds DarkWatchman RAT. [Jürgen Löhel]
* Merge pull request #669 from Delta-Sierra/main. [Alexandre Dulaunoy]
add ESPecter Bootkit
* Add ESPecter Bootkit. [Delta-Sierra]
* Add ESPecter bootkit. [Delta-Sierra]
## v2.4.151 (2021-11-19)
### Changes
* [att&ck] update to ATT&CK v10. [Christophe Vandeplas]
* [malpedia] remove duplicate. [Alexandre Dulaunoy]
* [malpedia] duplicates removed. [Alexandre Dulaunoy]
* [malpedia] updated. [Alexandre Dulaunoy]
* [threat-actor] add origin country to UNC2452 & HAFNIUM. [Rony]
addressed https://github.com/MISP/misp-galaxy/pull/660#issuecomment-884475015
### Fix
* [malpedia] remove duplicate urls. [Alexandre Dulaunoy]
### Other
* Merge branch 'marjatech-main' into main. [Alexandre Dulaunoy]
* Update malpedia. [marjatech]
* Merge pull request #666 from Wachizungu/add-common-raven. [Alexandre Dulaunoy]
Add threat actor common raven
* Add threat actor common raven. [Jeroen Pinoy]
* Merge pull request #665 from thomaspatzke/main. [Alexandre Dulaunoy]
Added O365 techniques
* Added O365 techniques. [Thomas Patzke]
Source:
https://www.inversecos.com/2021/09/office365-attacks-bypassing-mfa.html
* Merge pull request #664 from nyx0/main. [Alexandre Dulaunoy]
Adding TA and Tool
* Add BLUELIGHT tool. [Thomas Dupuy]
* Add InkySquid synonym. [Thomas Dupuy]
* Merge pull request #663 from danielplohmann/patch-10. [Alexandre Dulaunoy]
fixed typo in actor name (CLOCKWORD -> CLOCKWORK SPIDER)
* Fixed typo in actor name (CLOCKWORD -> CLOCKWORK SPIDER) [Daniel Plohmann]
* Merge pull request #662 from r0ny123/patch-1. [Alexandre Dulaunoy]
Add origin country to UNC2452 & HAFNIUM
## v2.4.147 (2021-07-27)
### Other
* Merge pull request #660 from r0ny123/patch-1. [Alexandre Dulaunoy]
References for APT40, APT31 & HAFNIUM
* Update threat-actor.json. [Rony]
* Another fix. [Rony]
* Fix. [Rony]
* Multiple updates to apt40, apt31 & hafnium. [Rony]
* From Gov Canada & MFA Japan. [Rony]
* Adding references for APT40 & APT31. [Rony]
* Merge pull request #658 from jasperla/oilrig. [Alexandre Dulaunoy]
merge APT34 with OilRig
* Merge APT34 with OilRig. [Jasper Lievisse Adriaanse]
OilRig already has "APT 34" and "APT34" as synonyms. Additionally
MITRE has since combined them due to overlap in activity:
https://attack.mitre.org/groups/G0049/
* Merge pull request #659 from Delta-Sierra/master. [Alexandre Dulaunoy]
Add NOBELIUM and related
* Merge branch 'main' into master. [Deborah Servili]
* Add NOBELIUM and related. [Delta-Sierra]
* Merge https://github.com/MISP/misp-galaxy. [Delta-Sierra]
* Remove more duplicates. [Delta-Sierra]
* Version fix. [Delta-Sierra]
## v2.4.145 (2021-06-28)
### Other
* Merge pull request #657 from jloehel/add_matanbuchus. [Alexandre Dulaunoy]
[cluster][tool] Adds Matanbuchus
* [cluster][tool] Adds Matanbuchus. [Jürgen Löhel]
+ threat actor: BelialDemon
* Merge pull request #656 from jloehel/add_hackboss. [Alexandre Dulaunoy]
[cluster][stealer] Adds HackBoss
* [cluster][stealer] Adds HackBoss. [Jürgen Löhel]
* Merge pull request #654 from nyx0/main. [Alexandre Dulaunoy]
Added BackdoorDiplomacy and Gelsemium.
* Added BackdoorDiplomacy and Gelsemium. [Thomas Dupuy]
## v2.4.144 (2021-06-07)
### Changes
* [threat-actor] added cybercrime threat group profiles from Crowdstrike & Secureworks. [Rony]
### Other
* Merge pull request #653 from r0ny123/cybercrime. [Alexandre Dulaunoy]
Adding CyberCrime actor profiles from Crowdstrike & Secureworks
* More ta544 references. [Rony]
* Merge pull request #652 from danielplohmann/patch-9. [Alexandre Dulaunoy]
adding Twisted Spider as alias for TA2101 (Maze)
* Twisted Spider -> TWISTED SPIDER. [Daniel Plohmann]
fair point
* Adding Twisted Spider as alias for TA2101 (Maze) [Daniel Plohmann]
* Merge pull request #650 from Still34/patches/alias-tick-1. [Alexandre Dulaunoy]
Add alias for Tick
* Add Nian alias. [Still Hsu]
* Merge pull request #649 from Still34/patches/country-blacktech-1. [Alexandre Dulaunoy]
Add country origin for BlackTech
* Add country origin for BlackTech. [Still Hsu]
* Merge pull request #648 from danielplohmann/patch-8. [Andras Iklody]
fixing broken/dead links
* Fixing broken/dead links. [Daniel Plohmann]
## v2.4.143 (2021-05-14)
### New
* [ransomware] Ragnarok added. [Alexandre Dulaunoy]
### Changes
* [ransomware] COLT (Compromise to Leak Time) added on Darkside and Pysa. [Alexandre Dulaunoy]
"COLT Compromise to Leak Time" - new meta colt-median/colt-average.
For reference: https://vulnerability.ch/2021/05/colt-compromise-to-leak-time/
* [att&ck] bump to latest ATT&CK version from MITRE. [Christophe Vandeplas]
### Fix
* [ransomware] Related key should be outside metas. [mokaddem]
### Other
* Merge pull request #646 from r0ny123/update. [Alexandre Dulaunoy]
Updates to APT27 & Tick
* Merge branch 'update' of https://github.com/r0ny123/misp-galaxy into update. [Rony]
* FlatChestWare duplicate removed. [Rony]
* FlatChestWare duplicate removed. [Rony]
* Merged STALKER PANDA to Tick. [Rony]
* Several updates to apt27. [Rony]
## v2.4.142 (2021-04-26)
### New
* [att&ck] support for subtechniques. [Christophe Vandeplas]
* [dev] fix empty strings, lists. [VVX7]
* [dev] add ASPI's China Defence University Tracker. [VVX7]
Thanks to Cormac Doherty for writing the web scraper! To update the galaxy run the included gen_defence_university.py script.
"The China Defence Universities Tracker is a database of Chinese institutions engaged in military or security-related science and technology research. It was created by ASPIs International Cyber Policy Centre.
It includes entries on nearly 100 civilian universities, 50 Peoples Liberation Army institutions, Chinas nuclear weapons program, three Ministry of State Security institutions, four Ministry of Public Security universities, and 12 state-owned defence industry conglomerates.
The Tracker is a tool to inform universities, governments and scholars as they engage with the entities from the Peoples Republic of China. It aims to build understanding of the expansion of military-civil fusion—the Chinese governments policy of integrating military and civilian efforts—into the education sector.
The Tracker should be used to inform due diligence of Chinese institutions. However, the fact that an institution is not included here does not indicate that it should not raise risks or is not involved in defence research. Similarly, entries in the database may not reflect the full range and nature of an institutions defence and security links." - ASPI (https://unitracker.aspi.org.au/about/)
* Added Bhadra framework for mobile attacks. [iglocska]
- based on the paper published here: https://arxiv.org/pdf/2005.05110.pdf
- thanks to the ATT&CK EU community conference speakers highlighting this framework!
* [country] galaxy added. [iglocska]
* [galaxy] AMITT (Adversarial Misinformation and Influence Tactics and Techniques) framework for describing disinformation incidents. AMITT is part of misinfosec - work on adapting information security practices to help track and counter misinformation - and is designed as far as possible to fit existing infosec practices and tools. [VVX7]
* Added draft of the election guildelines galaxy. [mokaddem]
* Add entries from Bambenek Consulting. [Raphaël Vinot]
### Changes
* [ransomware] duplicate removed. [Alexandre Dulaunoy]
* [ransomware] duplicate removed. [Alexandre Dulaunoy]
* [ransomware] duplicates removed. [Alexandre Dulaunoy]
* [ransomware] Flyper removed. [Alexandre Dulaunoy]
* [ransomware] first duplicate removed. [Alexandre Dulaunoy]
* [ransomware] remove duplicate "File-Locker" [Alexandre Dulaunoy]
* [malpedia] jq all the file and removed ref duplicates. [Alexandre Dulaunoy]
* [clusters] fixing broken UUID fix #628. [Alexandre Dulaunoy]
* [ransomware] fix the broken UUID fix #628. [Alexandre Dulaunoy]
* [microsoft activity group] HAFNIUM added. [Alexandre Dulaunoy]
* [tool] SUNSPOT added. [Alexandre Dulaunoy]
* [rsit] rsit as galaxy name. [Alexandre Dulaunoy]
* [threat-actor] UNC2452/DarkHalo added - ref. #614. [Alexandre Dulaunoy]
* [ransomware] Babuk Ransomware added. [Alexandre Dulaunoy]
* [ransomware] RegretLocker added. [Alexandre Dulaunoy]
* Fix gh actions. [Raphaël Vinot]
* Add PR to GH actions. [Raphaël Vinot]
* [doc] Travis is dead, GH Action is alive. [Alexandre Dulaunoy]
* [att&ck] update to latest MITRE ATT&CK version. [Christophe Vandeplas]
* [cryptominer] updated. [Alexandre Dulaunoy]
* [rename] tea matrix. [Alexandre Dulaunoy]
* [tea] matrix updated to include brewing time and the milk attack technique. [Alexandre Dulaunoy]
* [tea] first version. [Alexandre Dulaunoy]
* [att&ck] no tag for subtechnique. [Christophe Vandeplas]
* [botnet] Katura mess added. [Alexandre Dulaunoy]
* [galaxy] fix the name to China Defence Universities Tracker. [Alexandre Dulaunoy]
* [dev] jq. [VVX7]
* [dev] gen_defence_university.py no longer outputs empty strings, lists. [VVX7]
* [threat-actor] remove duplicate references. [Alexandre Dulaunoy]
* [threat-actor] fix #561 by using new meta to classify as a campaign only. [Alexandre Dulaunoy]
Based on https://github.com/MISP/misp-galaxy/issues/469
There is an old and persistence issue in attribution world and basically no-one really agrees on this. So we decided to start a specific metadata `threat-actor-classification` on the threat-actor to define the various types per cluster entry:
- _operation_:
- _A military operation is the coordinated military actions of a state, or a non-state actor, in response to a developing situation. These actions are designed as a military plan to resolve the situation in the state or actor's favor. Operations may be of a combat or non-combat nature and may be referred to by a code name for the purpose of national security. Military operations are often known for their more generally accepted common usage names than their actual operational objectives._ from Wikipedia
- **In the context of MISP threat-actor name, it's a single specific operation.**
- _campaign_:
- _The term military campaign applies to large scale, long duration, significant military strategy plans incorporating a series of inter-related military operations or battles forming a distinct part of a larger conflict often called a war. The term derives from the plain of Campania, a place of annual wartime operations by the armies of the Roman Republic._ from Wikipedia
- **In the context of MISP threat-actor-name, it's long-term activity which might be composed of one or more operations.**
- threat-actor
- **In the context of MISP threat-actor-name, it's an agreed name by a set of organisations.**
- activity group
- **In the context of MISP threat-actor-name, it's a group defined by its set of common techniques or activities.**
- unknown
- **In the context of MISP threat-actor-name, it's still not clear if it's an operation, campaign, threat-actor or activity group**
The meta field is an array to allow specific cluster of threat-actor to show the current disagreement between different organisations about the type (threat actor, activity group, campaign and operation).
* Bump travis. [Raphaël Vinot]
* [jq] all the things. [Alexandre Dulaunoy]
* [preventive-measure] packet filtering added. [Alexandre Dulaunoy]
* [threat-actor] remove the non-unique elements. [Alexandre Dulaunoy]
* [ta] fix the JSON. [Alexandre Dulaunoy]
* [jq] JSON fixed. [Alexandre Dulaunoy]
* [json] add missing comma. [Alexandre Dulaunoy]
* [country] jq all. [Alexandre Dulaunoy]
* [malpedia] fixes. [Alexandre Dulaunoy]
* [threat-actor] JSON fixed. [Alexandre Dulaunoy]
* [travis] pip3. [Alexandre Dulaunoy]
* [ransomware] Nodera ransomware added. [Alexandre Dulaunoy]
* [threat-actor] typo fixed. [Alexandre Dulaunoy]
* [threat-actor] format fixed. [Alexandre Dulaunoy]
* [threat-actor] fix order. [Alexandre Dulaunoy]
* [threat-actor] Budminer APT added based on document from "Soesanto, Stefan" [Alexandre Dulaunoy]
* [threat-actor] SideWinder APT group added. [Alexandre Dulaunoy]
* [threat-actor] jq. [Alexandre Dulaunoy]
* [dark-pattern] namespace: misp. [Jean-Louis Huynen]
* [ransomware] jq ;-) [Alexandre Dulaunoy]
* [clean-up] jq all the things. [Alexandre Dulaunoy]
* [threat-actor] Lucky Mouse synonym added. [Alexandre Dulaunoy]
* [threat-actor] Calypso group added. [Alexandre Dulaunoy]
Ref: https://www.ptsecurity.com/upload/corporate/ru-ru/analytics/calypso-apt-2019-rus.pdf
MISP UUID: 5ca4718b-7f38-4822-83b7-0a1a0a00b412
* [threat-actor] threat-actor-classification updated. [Alexandre Dulaunoy]
* [threat-actor] jq is jq. [Alexandre Dulaunoy]
* [threat-actor] Operation WizardOpium added. [Alexandre Dulaunoy]
ref: https://securelist.com/chrome-0-day-exploit-cve-2019-13720-used-in-operation-wizardopium/94866/
* [attack] update to latest ATT&CK data. [Christophe Vandeplas]
* [attck4fraud] jq all the things. [Alexandre Dulaunoy]
* [attck4fraud] updates based on issue #466. [Alexandre Dulaunoy]
* [galaxy] added AMITT galaxy/cluster generator script. [VVX7]
* [galaxy] version number to int. [VVX7]
* [misp-galaxy] jq all the things. [Alexandre Dulaunoy]
* [tool] COMPfun - Reductor added. [Alexandre Dulaunoy]
* [threat-actor] new LookBack (Malware?Campaign?TA?) [Alexandre Dulaunoy]
* [threat-actor] Evil Eye and POISON CARP. [Alexandre Dulaunoy]
* [threat-actor] add machete-apt synonyms as reported in #445. [Alexandre Dulaunoy]
* [threat-actor] jq all. [Alexandre Dulaunoy]
* [threat-actor] LYCEUM added - 443 #fixed. [Alexandre Dulaunoy]
* [threat-actor] rollback as discussed by chat with Andras until version 2.0. [Alexandre Dulaunoy]
* [att&ck] July ATT&CK release included in MISP galaxy. [Alexandre Dulaunoy]
* [threat-actor] version updated. [Alexandre Dulaunoy]
* [threat-actor] duplicated refs removed. [Alexandre Dulaunoy]
* [threat-actor] synonyms fixed. [Alexandre Dulaunoy]
* [threat-actor] jq everything. [Alexandre Dulaunoy]
* [branded_vulnerability] version updated. [Alexandre Dulaunoy]
* Add PyMISPGalaxies test. [Raphaël Vinot]
* [attack-pattern] Sync kill-chain with data from MITRE. [mokaddem]
* [o365-exchange-techniques] Actions on Intent added (finalized) [Alexandre Dulaunoy]
* [o365-exchange-techniques] Expansion added (WiP) [Alexandre Dulaunoy]
* [o365-exchange-techniques] Persistence kill-chain added (WiP) [Alexandre Dulaunoy]
* [o365-exchange-techniques] Compromise row added (WiP) [Alexandre Dulaunoy]
* [o365-exchange-techniques] [WiP] based on John Lambert matrix techniques. [Alexandre Dulaunoy]
* [malpedia] duplicates fixed. [Alexandre Dulaunoy]
* [malpedia] jq all the things. [Alexandre Dulaunoy]
* [malpedia] updated to the latest version. [Rintaro KOIKE]
* [threat-actor] FIN4 updates. [Alexandre Dulaunoy]
* [ATT&CK] updated to the latest version. [Alexandre Dulaunoy]
* [exploit-kit] jq all the things. [Alexandre Dulaunoy]
* [tool] Cowboy and KimJongRAT (Sorry Paul, we forgot ;-) [Alexandre Dulaunoy]
ref: https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/
* [tool] jq all the things. [Alexandre Dulaunoy]
* [tool] Karkoff tool added. [Alexandre Dulaunoy]
* [ransomware] various fixes. [Alexandre Dulaunoy]
* [ransomware] jq all the things(tm) [Alexandre Dulaunoy]
* [ransomware] fix the meta to payment-method. [Alexandre Dulaunoy]
* [mitre att&ck] updated with new version. [Alexandre Dulaunoy]
* [threat-actor] change attribution confidence to be a string by default. [Alexandre Dulaunoy]
* [tools] fix the attribution confidence level. [Alexandre Dulaunoy]
* [attck4fraud] updated. [Alexandre Dulaunoy]
* [attck4fraud] completed. [Alexandre Dulaunoy]
* [attck4fraud] Assets Transfer added. [Alexandre Dulaunoy]
* [attck4fraud] Obtain Fraudulent Assets added. [Alexandre Dulaunoy]
* [attck4fraud] Perform fraud added. [Alexandre Dulaunoy]
* [attck4fraud] Target compromise updated. [Alexandre Dulaunoy]
* [attck4fraud] more techniques. [Alexandre Dulaunoy]
* [threat-actor] BRONZE UNION is also uppercase. [Alexandre Dulaunoy]
* [threat-actor] updated the version to avoid the past issue with 0 value for integer values. [Alexandre Dulaunoy]
* [sector] typo fixed - reported in #364. [Alexandre Dulaunoy]
* [attck4fraud] fix the type issue. [Alexandre Dulaunoy]
* [attck4fraud] uuid fixed. [Alexandre Dulaunoy]
* [attck4fraud] ATM Shimming added. [Alexandre Dulaunoy]
* [attck4fraud] description fixed for FT1003. [Alexandre Dulaunoy]
* [threat-actor] SandCat added. [Alexandre Dulaunoy]
* [threat-actor] new attribution-confidence level introduced. [Alexandre Dulaunoy]
* [threat-actor] jq all the things. [Alexandre Dulaunoy]
* [threat-actor] IRIDIUM added. [Alexandre Dulaunoy]
* [tools] jq all the things. [Alexandre Dulaunoy]
* [tool] SLUB Backdoor added. [Alexandre Dulaunoy]
* [tool] Xbash description updated. [Alexandre Dulaunoy]
* [threat-actor] format fixed. [Alexandre Dulaunoy]
* [threat-actor] jq all the things late in the night. [Alexandre Dulaunoy]
* [threat-actor] uuid fixed. [Alexandre Dulaunoy]
* [tool] BabyShark added. [Alexandre Dulaunoy]
* [threat-actor] STOLEN PENCIL added. [Alexandre Dulaunoy]
* [cert-eu-govsector] version fixed. [Alexandre Dulaunoy]
* [threat-actor] version fixed. [Alexandre Dulaunoy]
* [ransomware] no related object in meta. [Alexandre Dulaunoy]
* [mitre-attack-pattern] jq. [Alexandre Dulaunoy]
* [mitre-attack-pattern] bumped version number. [mokaddem]
* [mitre-attack-pattern] Added kill_chain_order. [mokaddem]
* [election-guidelines] sorting is important ;-) [Alexandre Dulaunoy]
* [schema] optional kill_chain_order field added. [Alexandre Dulaunoy]
* [election-guidelines] jq. [Alexandre Dulaunoy]
* [mitre] Deprecated pre/enterprise/mobile separate galaxies. [Christophe Vandeplas]
* [tool] jq jq jq jq jq jq jq jq. [Alexandre Dulaunoy]
* [doc] new year copyright fun. [Alexandre Dulaunoy]
* [mitre] bump to latest MITRE ATT&CK dataset. [Christophe Vandeplas]
* [mitre] re-generated galaxies and values using the MITRE sources. [Christophe Vandeplas]
and also using the MISP version to keep manually created relationships and such
* [malpedia] updated to the latest version. [Alexandre Dulaunoy]
* [licensing] 2-clause BSD added in addition to CC0. [Alexandre Dulaunoy]
To remove ambiguity of licensing and allowing users to select
the license they would like to use CC0 or 2-clause BSD.
Related to: https://github.com/MISP/misp-taxonomies/issues/126
* [doc] move how to contribute to the CONTRIBUTE file. [Alexandre Dulaunoy]
* [doc] Added some dependency pointers. [Steve Clement]
* Uuid fixed. [Alexandre Dulaunoy]
* [threat-actor] INDRIK SPIDER added. [Alexandre Dulaunoy]
* [ransomware] duplicate removed. [Alexandre Dulaunoy]
* Further categorization of galaxies. [Christophe Vandeplas]
* Categorization of galaxies. [Christophe Vandeplas]
This allows relationships to be created.
* Removal of older unused relationships. [Christophe Vandeplas]
* MITRE relationships included in the respective cluster. [Christophe Vandeplas]
* Mappings are now in the generated adoc. [Christophe Vandeplas]
plus massive performance improvement
* Magical mapping with malpedia. [Christophe Vandeplas]
* [malpedia] duplicate urls removed. [Alexandre Dulaunoy]
* [tool] NOKKI added. [Alexandre Dulaunoy]
ref: https://researchcenter.paloaltonetworks.com/2018/09/unit42-new-konni-malware-attacking-eurasia-southeast-asia/
* [botnet] Torii added. [Alexandre Dulaunoy]
* [threat-actor] Iron Group added. [Alexandre Dulaunoy]
ref: https://www.intezer.com/iron-cybercrime-group-under-the-scope-2/
* [tool] Xbash added. [Alexandre Dulaunoy]
ref: https://researchcenter.paloaltonetworks.com/2018/09/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows/
* [tool] biscuit biscvt tool BISKVIT. [Alexandre Dulaunoy]
ref: https://www.fortinet.com/blog/threat-research/russian-army-exhibition-decoy-leads-to-new-biskvit-malware.html
* [threat-actor] APT-C-35 actor added. [Alexandre Dulaunoy]
ref: https://ti.360.net/blog/articles/latest-activity-of-apt-c-35/
* [mapping] Generated automatic mapping between clusters. [Christophe Vandeplas]
* [tool] KEYMARBLE malware added. [Alexandre Dulaunoy]
ref: https://www.us-cert.gov/ncas/analysis-reports/AR18-221A
* [threat-actor] jq document. [Alexandre Dulaunoy]
* [schema clusters] fix the JSON indentation. [Alexandre Dulaunoy]
* [threat-actor] The Gordon Group added. [Alexandre Dulaunoy]
ref: https://researchcenter.paloaltonetworks.com/2018/08/unit42-gorgon-group-slithering-nation-state-cybercrime/
* [rat] Hallaj PRO Rat added. [Alexandre Dulaunoy]
ref: https://securelist.com/attacks-on-industrial-enterprises-using-rms-and-teamviewer/87104/
misp-event: 5b63f5e4-bf24-4f46-8340-48fc02de0b81
* [threat-actor] leafminer - RASPITE added. [Alexandre Dulaunoy]
* [tool] added based on Carbanak tooling description from Crowdstrike. [Alexandre Dulaunoy]
ref: https://www.crowdstrike.com/blog/arrests-put-new-focus-on-carbon-spider-adversary-group/
* [threat-actor] new reference to CARBON SPIDER/Carbanak. [Alexandre Dulaunoy]
* [tool] Bisonal malware added (new variant with encryption capabilities) [Alexandre Dulaunoy]
* [threat-actor] The Big Bang campaign/group added. [Alexandre Dulaunoy]
* [botnet] Xor DDoS added. [Alexandre Dulaunoy]
* RANCOR group added. [Alexandre Dulaunoy]
* Stalker Panda description added. [Alexandre Dulaunoy]
* Old MITRE ATT&CK (2017) is moving to deprecated namespace. [Alexandre Dulaunoy]
* Namespace mitre-attack added for version 2 of the MITRE ATT&CK after 2018. [Alexandre Dulaunoy]
* [misp-galaxy] namespace misp added. [Alexandre Dulaunoy]
### Fix
* Cryptominers type. [Jakub Onderka]
* Rename "Innitial Access" to "Initial Access" [Thijsvanede]
Renamed mitre-ics-tactics "Innitial Access" to "Initial Access".
Original was a minor spelling mistake.
The fixed naming corresponds to the original ATT&CK framework description https://collaborate.mitre.org/attackics/index.php/Initial_Access
* Reorganize GH actions. [Raphaël Vinot]
* Sort keys, fix tests. [Raphaël Vinot]
* Remove comma. [Thomas Dupuy]
* Name of SoD Matrix cluster to match galaxy. [Raphaël Vinot]
Fix #566
* Small fixes to the bhadra framework. [iglocska]
* JQ all the things. [Raphaël Vinot]
* [attack] fixes old MITRE relationships not being removed. [Christophe Vandeplas]
* [adoc] ignore deprecated galaxies. [Christophe Vandeplas]
* [region] inconsistent type. [Christophe Vandeplas]
* [misinfosec] fixes inconsistent filename. [Christophe Vandeplas]
* [misinfosec] fixed kill_chain fields. [mokaddem]
* Make tests happy. [Raphaël Vinot]
* O365-exchange-techniques (duplicate values, duplicate UUIDs) [Raphaël Vinot]
* UUID issues. [Raphaël Vinot]
* Duplicate values, typos. [Raphaël Vinot]
* Make validate all happy. [Raphaël Vinot]
* Wrong (duplicate) value. [Raphaël Vinot]
* [tool] MITRE conversion script. [Christophe Vandeplas]
* [ransomware] more duplicates removed. [Alexandre Dulaunoy]
* [ransomware] removed duplicate values. [Alexandre Dulaunoy]
* [ransomware] duplicate removed. [Alexandre Dulaunoy]
* [graph.py] small fix to make it work. [Alexandre Dulaunoy]
* [malpedia] version. [Alexandre Dulaunoy]
* [malpedia] broken reference has been fixed. [Alexandre Dulaunoy]
* Add missing relations from commit 78c1f073590c4ae1822c8508f62934ffb215fab2. [Christophe Vandeplas]
* Add missing relations from commit b857be9cabb02fb24aa5ef7db8e0c209a630189b. [Christophe Vandeplas]
* Add missing relations from commit a81bbe288f91298fad0028e0f3c940c41c8d27fa. [Christophe Vandeplas]
* Add missing relations from commit 29beb01dc3ed0067db6ccc33f41456147d38d2d7. [Christophe Vandeplas]
* Intrusion is an actor and not a tool. [Christophe Vandeplas]
* Jq all the things. [Christophe Vandeplas]
* Minor newline difference after jq_all_the. [Christophe Vandeplas]
* Automatically fix missing uuids. [Christophe Vandeplas]
* Array in synonyms (MISP accepts it but not the schema ;-) [Alexandre Dulaunoy]
* [threat-actor] added missing uuids. [Christophe Vandeplas]
* [threat-actor] related is an array of JSON objects. [Alexandre Dulaunoy]
* [JSON schema] related element is an array of JSON objects. [Alexandre Dulaunoy]
* Jq all the things(tm) [Alexandre Dulaunoy]
* [threat-actor] synonyms are always arraus. [Alexandre Dulaunoy]
* Cleanup the link generation based on type instead of title (Thanks to Juan Rocha for the report) [Alexandre Dulaunoy]
* Duplicate ELECTRUM entry. [Raphaël Vinot]
Fix #212
* Duplicate UUID in tools. [Raphaël Vinot]
* JSON format. [Alexandre Dulaunoy]
* PureMasuta added to Masuta. [Alexandre Dulaunoy]
* Typo in meta field. [Alexandre Dulaunoy]
* Updated description to clearly states that only branded vulnerabilities. [Alexandre Dulaunoy]
* Dedication page (CEF) and update overall structure of the document generated. [Alexandre Dulaunoy]
* BARIUM and LEAD added. [Alexandre Dulaunoy]
* Preventive measures added. [Alexandre Dulaunoy]
* Naming normalisation. [Iglocska]
### Other
* Merge pull request #647 from Delta-Sierra/master. [Alexandre Dulaunoy]
Remove duplicate
* Fix duplicates and add relations. [Delta-Sierra]
* Merge https://github.com/MISP/misp-galaxy. [Delta-Sierra]
* Merge pull request #645 from Delta-Sierra/master. [Alexandre Dulaunoy]
Adding ransomware names [WIP 2/3]
* Merge pull request #644 from danielplohmann/patch-7. [Alexandre Dulaunoy]
adding Yanbian Gang as threat actor
* Adding Yanbian Gang as threat actor. [Daniel Plohmann]
* Merge pull request #643 from Delta-Sierra/master. [Alexandre Dulaunoy]
Adding ransomware names[WIP]
* Removing duplicate. [Delta-Sierra]
* Removing unexpected line. [Delta-Sierra]
* Adding ransomware names [WIP 3] [Delta-Sierra]
* Adding ransomware names [WIP 2] [Delta-Sierra]
* Fix version. [Delta-Sierra]
* Adding ransomwares WIP. [Delta-Sierra]
* Merge pull request #642 from danielplohmann/patch-6. [Alexandre Dulaunoy]
Symantec uses Palmerworm as alias for BlackTech
* Symantec uses Palmerworm as alias for BlackTech. [Daniel Plohmann]
Adding Palmerworm as Symantec alias for BlackTech (with reference).
* Merge pull request #641 from nyx0/main. [Alexandre Dulaunoy]
Add Ghostwriter.
* Add Ghostwriter. [Thomas Dupuy]
* Merge pull request #639 from r0ny123/patch-1. [Alexandre Dulaunoy]
remove turbine panda synonyms from hafnium
* Reverted changes made into 52ae97718d520ad800cc2fa8631e44cfbf44dab5. [Rony]
* Merge pull request #638 from sebdraven/main. [Alexandre Dulaunoy]
add Turbinia Panda to Haffnium
* Validation jsons. [sebdraven]
* Update threat-actor.json. [Sebdraven]
add a synonym to Haffnium
* Merge pull request #637 from sebdraven/main. [Alexandre Dulaunoy]
Add RedEcho Threat Actor
* Validation ok. [sebdraven]
* Update threat-actor.json. [Sebdraven]
format json
* Update threat-actor.json. [Sebdraven]
add redecho threat actor
* Merge pull request #2 from MISP/main. [sebdraven]
Sync Forks
* Merge pull request #636 from JakubOnderka/cryptominers-type. [Alexandre Dulaunoy]
fix: Cryptominers type
* Merge branch 'marjatech-main' into main. [Alexandre Dulaunoy]
* Update to latest Ref: https://malpedia.caad.fkie.fraunhofer.de/api/get/misp. [Jakob M]
* Merge pull request #634 from Delta-Sierra/master. [Alexandre Dulaunoy]
Serveral updates and additions
* Fix progress. [Delta-Sierra]
* Fix merge & jq. [Delta-Sierra]
* Merge. [Delta-Sierra]
* Merge pull request #633 from r0ny123/patch-1. [Alexandre Dulaunoy]
add more HAFNIUM references
* From Nextron. [Rony]
* More! [Rony]
* More references. [Rony]
From
Crowdstrike
MSRC
and kql hunting query from James Quinn
* Add HAFNIUM detection refs. [Rony]
* Fix. [Rony]
* Add more HAFNIUM references. [Rony]
* Merge pull request #632 from r0ny123/patch-1. [Alexandre Dulaunoy]
Adding alias NOBELIUM
* Adding alias NOBELIUM. [Rony]
* Merge pull request #631 from r0ny123/Enhancement. [Alexandre Dulaunoy]
Add HAFNIUM
* Added HAFNIUM. [Rony]
Updates:
Tonto Team
UNC2452
* Add relationships between Maze, Rgnar, Egregor and Sekhmet. [Delta-Sierra]
* Add Sekhmet ransomware. [Delta-Sierra]
* Add TeamTNT ref. [Delta-Sierra]
* Add Ragnar Locker and update accordingly. [Delta-Sierra]
* Add Covidloc and tycoon ransomware + small updates on some ransomwares. [Delta-Sierra]
* Add TeamTNT. [Delta-Sierra]
* Merge https://github.com/MISP/misp-galaxy. [Delta-Sierra]
* Fix merge. [Delta-Sierra]
* Update sidewinder threat actor. [Delta-Sierra]
* Merge pull request #1 from MISP/main. [sebdraven]
merge
* Merge pull request #630 from sebdraven/main. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [Sebdraven]
update Sidewinder card
* Merge pull request #629 from nyx0/main. [Alexandre Dulaunoy]
Update Infy TA.
* Update Infy TA. [Thomas Dupuy]
* Merge branch 'main' of github.com:MISP/misp-galaxy into main. [Alexandre Dulaunoy]
* Merge pull request #627 from r0ny123/patch-2. [Alexandre Dulaunoy]
removing DePrimon
* Removing DePrimon. [Rony]
DePrimon is not a TA, added malfamily (waiting for approval) to Malpedia to better reflect that.
* Merge pull request #626 from nyx0/main. [Alexandre Dulaunoy]
Add RDAT backdoor
* Add RDAT backdoor. [Thomas Dupuy]
* Merge pull request #625 from Thijsvanede/patch-1. [Alexandre Dulaunoy]
* Merge pull request #624 from nyx0/main. [Alexandre Dulaunoy]
Add Exaramel and P.A.S. webshell tool.
* Remove empty values. [Thomas Dupuy]
* Add Exaramel and P.A.S. webshell tool. [Thomas Dupuy]
* Merge pull request #623 from nyx0/main. [Alexandre Dulaunoy]
Add Caterpillar WebShell.
* Add Caterpillar WebShell. [Thomas Dupuy]
* Merge branch 'main' of github.com:MISP/misp-galaxy into main. [Alexandre Dulaunoy]
* Merge pull request #622 from danielplohmann/patch-5. [Alexandre Dulaunoy]
adding ClearSky alias for Volatile Cedar
* Adding ClearSky alias for Volatile Cedar. [Daniel Plohmann]
adding ClearSky report as source and alias to the VolatileCedar entry. As proof from the report: "We attributed the operation to Lebanese Cedar (also known as Volatile Cedar), mainly based on the code overlaps between the 2015 variants of Explosive RAT and Caterpillar WebShell, to the 2020 variants of these malicious files."
* Merge pull request #621 from cudeso/main. [Alexandre Dulaunoy]
RSIT Galaxy/Cluster
* Move cfr-type-of-incident to meta. [Koen Van Impe]
* RSIT Galaxy/Cluster. [Koen Van Impe]
* Merge pull request #620 from StefanKelm/main. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
Lazarus
* Merge pull request #619 from nyx0/main. [Alexandre Dulaunoy]
Update tool cluster
* Add HyperBro in tools. [Thomas Dupuy]
* Update ZxShell tool. [Thomas Dupuy]
* Merge pull request #618 from StefanKelm/main. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
Lazarus
* Merge pull request #617 from danielplohmann/patch-4. [Alexandre Dulaunoy]
merge COVELLITE into Lazarus Group
* Merge COVELLITE into Lazarus Group. [Daniel Plohmann]
I would propose to move COVELLITE as tracked by Dragos as an alias into Lazarus Group and merge the references.
Dragos' own description states that it refers to the same group as "Lazarus" and "Hidden Cobra" in that infrastructure and tools are the same: https://www.dragos.com/threat-activity-groups/ - the entry in MISP's threat actor library also reflects that.
* Merge pull request #616 from r0ny123/patch-2. [Alexandre Dulaunoy]
removing Starcruft
* Update threat-actor.json. [Rony]
Don't know how StarCraft
* Merge pull request #615 from danielplohmann/patch-3. [Alexandre Dulaunoy]
merging ScarCruft->APT37
* Merging ScarCruft->APT37. [Daniel Plohmann]
I would like to propose merging entry "ScarCruft" into "APT37". It really just seems like a redundancy, as both its aliases "Operation Daybreak" and "Operation Erebus" are already present for "APT37", along alias "StarCruft", which just seems to be a less popular variation of the name ("StarCruft" 3.2k google hits vs "ScarCruft" 31.5k google hits). The references of the entry can be fully merged as well - they do not overlap so far.
* Merge pull request #612 from r0ny123/patch-1. [Alexandre Dulaunoy]
BISMUTH
* Update threat-actor.json. [Rony]
* BISMUTH. [Rony]
* Merge pull request #609 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
DeathStalker, Mabna
* Merge pull request #610 from Delta-Sierra/master. [Alexandre Dulaunoy]
Add new clusters
* Add BazarBackdoor. [Delta-Sierra]
* Add RansomEXX. [Delta-Sierra]
* Merge https://github.com/MISP/misp-galaxy. [Delta-Sierra]
* Merge pull request #608 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
Turla
* Merge pull request #607 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
OceanLotus
* Merge branch 'main' of github.com:MISP/misp-galaxy into main. [Alexandre Dulaunoy]
* Merge pull request #606 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
APT27
* Merge https://github.com/MISP/misp-galaxy. [Delta-Sierra]
* Merge pull request #604 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
* Merge pull request #603 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
Lazarus
* Add Darkside ransomware. [Delta-Sierra]
* Merge pull request #602 from snurilov/patch-1. [Alexandre Dulaunoy]
Add ConfuserEx and Beds Protector .NET packers to tools.json cluster
* Add ConfuserEx and Beds Protector .NET packers to tools.json cluster. [snurilov]
Add ConfuserEx and Beds Protector .NET packers to tools.json cluster
* Merge pull request #601 from snurilov/patch-1. [Alexandre Dulaunoy]
Update rat.json to include Iperius Remote
* Update rat.json to include Iperius Remote. [snurilov]
Add Iperius Remote to the rat.json cluster.
* Merge pull request #600 from StefanKelm/master. [Christophe Vandeplas]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
OceanLotus
* Merge pull request #598 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
Kimsuky
* Merge pull request #596 from r0ny123/patch-1. [Alexandre Dulaunoy]
Update threat-actor.json
* Remove duplicate! [Rony]
* Update threat-actor.json. [Rony]
Added TRACER KITTEN, FIN11, UNC1878, Operation Skeleton Key
* Merge pull request #594 from Delta-Sierra/master. [Alexandre Dulaunoy]
update microsoft activity groups
* Merge branch 'main' into master. [Deborah Servili]
* Merge branch 'enhanced-master' into main. [Alexandre Dulaunoy]
* Merge branch 'master' of https://github.com/enhanced/misp-galaxy into enhanced-master. [Alexandre Dulaunoy]
* Added a new cryptominer galaxy and additional missing recent families to various clusters. [JJ Cummings]
* Merge pull request #591 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
Kimsuky
* Merge pull request #588 from danielplohmann/patch-2. [Alexandre Dulaunoy]
adding PowerPool alias IAmTheKing (Kaspersky)
* Adding PowerPool alias IAmTheKing (Kaspersky) [Daniel Plohmann]
after a quick search I haven't found a nice source except for costin's tweet.
* Merge pull request #587 from StefanKelm/master. [Christophe Vandeplas]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
TA505
* Update threat-actor.json. [StefanKelm]
XDSpy
* Clarify error messages in validate_all.sh. [Christophe Vandeplas]
* Fixes issues in attack-ics. [Christophe Vandeplas]
* Added MITRE ICS to readme. [Christophe Vandeplas]
* MITRE ATT&CK for ICS fixes #586. [Christophe Vandeplas]
fixed issues in pull request #586
* Merge pull request #586 from tw010101/main. [Christophe Vandeplas]
Mitre ATT&CK for ICS Galaxies/Clusters
* Revert "Merge pull request #586 from tw010101/main" [Christophe Vandeplas]
This reverts commit a416987d4052221eb80a92169616a5af86f54bd8.
* Merge pull request #586 from tw010101/main. [Christophe Vandeplas]
Mitre ATT&CK for ICS Galaxies/Clusters
* Add files via upload. [tw010101]
* Add files via upload. [tw010101]
Mitre ATT&CK for ICS
Galaxy + Cluster files Mitre ATT&CK for ICS - Assets
Galaxy + Cluster files Mitre ATT&CK for ICS - Groups
Galaxy and Cluster files Mitre ATT&CK for ICS - Levels
Galaxy + Cluster files for Mitre ATT&CK for ICS - Software
Galaxy + Cluster files for Mitre ATT&CK for ICS - Tactics
Galaxy + Cluster files for Mitre ATT&CK for ICS - Techniques
Galaxy + Cluster files for Mitre ATT&CK for ICS - Technique Matrix
* Merge pull request #585 from StefanKelm/master. [Alexandre Dulaunoy]
Lazarus
* Lazarus. [StefanKelm]
* Merge pull request #584 from bartblaze/patch-1. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [Bart]
Add Machete alias
* Merge pull request #583 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
GADOLINIUM
* Merge pull request #582 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
APT28
* Jq. [Delta-Sierra]
* Update microsoft activity groups. [Delta-Sierra]
* Add Sepulcher RAT. [Deborah Servili]
* Merge https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Merge pull request #581 from r0ny123/patch-3. [Alexandre Dulaunoy]
FBI FLASH AC-000133-TT
* FBI FLASH AC-000133-TT. [Rony]
* Merge pull request #580 from r0ny123/patch-2. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [Rony]
Adding Fox-Kitten and cleaned (or improved) winnti
* Merge https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Merge pull request #579 from danielplohmann/ta413-evilnum. [Alexandre Dulaunoy]
Adding TA413 and Evilnum
* Adding TA413 and Evilnum. [Daniel Plohmann (jupiter)]
* Merge pull request #578 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
APT33
* Merge pull request #577 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
STRONTIUM
* Merge pull request #576 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
Lazarus, FIN7
* Merge pull request #575 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
TA542
* Merge pull request #574 from VVX7/main. [Alexandre Dulaunoy]
new: [dev] add ASPI's China Defence University Tracker.
* Merge pull request #573 from rmkml/master. [Alexandre Dulaunoy]
add Conti Ransomware
* Add Conti Ransomware. [rmkml]
* Merge pull request #572 from nyx0/main. [Alexandre Dulaunoy]
Few updates
* Update Tonto Team/CactusPete threat actor. [Thomas Dupuy]
* Add Drovorub tool. [Thomas Dupuy]
* Update TA APT40. [Thomas Dupuy]
* Merge pull request #571 from danielplohmann/patch-30. [Alexandre Dulaunoy]
adding Kaspersky's name for Microcin.
* Update threat-actor.json. [Daniel Plohmann]
adding Kaspersky's name for Microcin.
* Merge pull request #570 from nyx0/master. [Alexandre Dulaunoy]
Add WellMess and WellMail
* Add WellMess and WellMail. [Thomas Dupuy]
* Merge pull request #569 from rmkml/master. [Alexandre Dulaunoy]
add Ragnarok Ransomware
* Merge branch 'master' of https://github.com/rmkml/misp-galaxy. [rmkml]
* Add Ragnarok Ransomware. [rmkml]
* Add Ragnarok Ransomware. [rmkml]
* Merge pull request #568 from Vasileios-Mavroeidis/patch-1. [Alexandre Dulaunoy]
Motive correction based on the EU Cert motive taxonomy
* Motive correction based on the EU Cert motive taxonomy. [Vasileios Mavroeidis]
Changed the motive in object 29af2812-f7fb-4edb-8cc4-86d0d9e3644b from Hactivism-Nationalist to Hacktivists-Nationalists
* Merge branch 'StefanKelm-master' into main. [Alexandre Dulaunoy]
* Update threat-actor.json. [StefanKelm]
OilRig
* Merge pull request #563 from r0ny123/patch-1. [Steve Clement]
* Update threat-actor.json. [Rony]
Moved the JUDGMENT PANDA references to APT31 following the previous commit.
Off note, Crowdstrike quietly removed the JUDGMENT PANDA section from its GTR-2019 report. However if anyone wants to grab the unchanged report, they can get it [here](https://b-ok.asia/book/3697424/2ab30a).
* Update threat-actor.json. [Rony]
* Merge pull request #564 from StefanKelm/master. [Christophe Vandeplas]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
Turla
* Merge pull request #562 from cudeso/main. [Alexandre Dulaunoy]
SoD Matrix
* SoD Matrix. [Koen Van Impe]
Described at https://github.com/cudeso/SoD-Matrix
* Add refs. [Deborah Servili]
* Merge. [Deborah Servili]
* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]
* Merge pull request #559 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
APT31
* Merge pull request #558 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
APT30
* Merge pull request #556 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
TA505
* Merge pull request #557 from r0ny123/patch-1. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [Rony]
* Merge branch 'r0ny123-master' [Alexandre Dulaunoy]
* Fixed typo! [Rony]
* Adding GALLIUM Threat Actor. [Rony]
* Merge pull request #1 from MISP/master. [Rony]
update
* Merge pull request #554 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
Higaisa
* Commit. [Deborah Servili]
* Merge pull request #553 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
Cycldek
* Merge pull request #552 from danielplohmann/reference-fixes. [Alexandre Dulaunoy]
Reference fixes
* Fixing deadlinks where possible. [Daniel Plohmann (jupiter)]
* Default to HTTPS to be consistent with other links to same page. [Daniel Plohmann (jupiter)]
* Merge pull request #551 from nyx0/master. [Alexandre Dulaunoy]
Add CrackMapExec, metasploit, Cobalt Strike and Covenant
* Remove duplicate TA (Chafer), fix symantec link, add synonyme for DarkHotel. [Thomas Dupuy]
* Add CrackMapExec, metasploit, Cobalt Strike and Covenant. [Thomas Dupuy]
* Merge pull request #550 from r0ny123/patch-1. [Alexandre Dulaunoy]
fix
* Update threat-actor.json. [Rony]
* Fix. [Rony]
* Merge branch '3c7-secureworks_profiles' [Alexandre Dulaunoy]
* Merged (most) SecureWorks threat actor profiles && jq. [Nils Kuhnert]
* Merge pull request #547 from Delta-Sierra/master. [Alexandre Dulaunoy]
add Snake Ransomware
* Fix missing description. [Deborah Servili]
* Add Snake Ransomware. [Deborah Servili]
* Merge pull request #546 from danielplohmann/patch-29. [Alexandre Dulaunoy]
msft name: BORON for APT3
* Msft name: BORON for APT3. [Daniel Plohmann]
as per tweet: https://twitter.com/bkMSFT/status/1259578051962306562
* Merge branch 'nyx0-master' [Alexandre Dulaunoy]
* Add Sednit's Exploit-kit Sedkit. [Thomas Dupuy]
* Add Higaisa Threat Actor. [Thomas Dupuy]
* Merge pull request #542 from Delta-Sierra/master. [Alexandre Dulaunoy]
add speculoos bakdoor
* Merge branch 'master' into master. [Deborah Servili]
* Merge pull request #541 from nyx0/master. [Alexandre Dulaunoy]
Add DenesRAT/METALJACK
* Add DenesRAT/METALJACK. [Thomas Dupuy]
* Merge branch 'intezer-fix/reports' [Alexandre Dulaunoy]
* Added misp info. [de Rosen]
* Merge pull request #539 from r0ny123/MergingTA. [Alexandre Dulaunoy]
Adding alias Thallium and merging STOLEN PENCIL
* Adding alias Thallium and merging STOLEN PENCIL. [Rony]
Pretty much confirmed from the crowdstrike talk at ATT&CKon 2.0.
And also Netscout named the campaign as STOLEN PENCIL.
* Merge branch 'rvs1st-patch-1' [Alexandre Dulaunoy]
* Update threat-actor.json. [rvs1st]
Added on line 1403: Trident per campaign malicious RTF documents to exploit CVE-2017-11882 and CVE-2012-0158
* Merge pull request #537 from danielplohmann/patch-28. [Alexandre Dulaunoy]
Adding Nazar APT as described by JAGS in his OPCDE talk yesterday.
* Adding Nazar APT as described by JAGS in his OPCDE talk yesterday. [Daniel Plohmann]
* Merge pull request #536 from danielplohmann/patch-27. [Alexandre Dulaunoy]
adding VOYEUR as alias (used by NSA) for MAGIC KITTEN (source referen…
* Adding VOYEUR as alias (used by NSA) for MAGIC KITTEN (source reference included) [Daniel Plohmann]
* Merge pull request #535 from ITAYC0HEN/feature/AddDarkUniverseActor. [Alexandre Dulaunoy]
Add ItaDuke/DarkUniverse actor
* Add ItaDuke/DarkUniverse actor. [itayc0hen]
* Add speculoos bakdoor. [Deborah Servili]
* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Merge pull request #534 from danielplohmann/fin1. [Alexandre Dulaunoy]
adding FIN1
* Adding FIN1. [pnx@pyrite]
* Merge pull request #533 from r0ny123/MergingTA. [Alexandre Dulaunoy]
fix
* Typo. [Rony]
thanks to @patricksvgr
* Update threat-actor.json. [Rony]
* More fix. [Rony]
* Fix broken links. [Rony]
* Dead link. [Rony]
* Add link. [Rony]
* Merging APT23 & Tropic Trooper. [Rony]
* Merge pull request #531 from r0ny123/patch-3. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [Rony]
* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Merge pull request #529 from danielplohmann/patch-26. [Alexandre Dulaunoy]
fixing/removing some more dead links
* Removed duplicate entry. [Daniel Plohmann]
* Fixing/removing some more dead links. [Daniel Plohmann]
* Merge pull request #528 from Delta-Sierra/master. [Alexandre Dulaunoy]
UPdate Ransomware Galaxy
* Add Operation Shadow Forece. [Deborah Servili]
* Add coronavirus ransomware. [Deborah Servili]
* Add Pyta ransomnotes. [Deborah Servili]
* Add pyza ransomware. [Deborah Servili]
* Merge pull request #526 from Delta-Sierra/master. [Alexandre Dulaunoy]
PARINACOTA group
* PARINACOTA group. [Deborah Servili]
* Merge pull request #523 from danielplohmann/patch-24. [Alexandre Dulaunoy]
adding aliases MERCURY, HOLMIUM
* Adding aliases MERCURY, HOLMIUM. [Daniel Plohmann]
Muddywater->MERCURY: https://twitter.com/moranned/status/1234071210822184960
APT33->HOLMIUM: https://www.zdnet.com/article/microsoft-notified-10000-victims-of-nation-state-attacks/
* Merge pull request #524 from danielplohmann/patch-25. [Alexandre Dulaunoy]
Kimsuki -> Black Banshee
* Kimsuki -> Black Banshee. [Daniel Plohmann]
PWC refers to Kimsuki as Black Banshee (https://www.pwc.co.uk/issues/cyber-security-data-privacy/research/tracking-kimsuky-north-korea-based-cyber-espionage-group-part-2.html)
* Merge pull request #522 from Delta-Sierra/master. [Alexandre Dulaunoy]
add sdbbot
* Add SdBbot. [Deborah Servili]
* Add clop ransomware extension. [Deborah Servili]
* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]
* Merge pull request #519 from danielplohmann/crowdstrike2020report. [Alexandre Dulaunoy]
adding new/updated threat actor names from CrowdStrike 2020 report
* While we are at it, we can also do Longhorn = APT-C-39. [Daniel Plohmann (jupiter)]
* IMPERIAL KITTEN as alias for Tortoiseshell. [Daniel Plohmann (jupiter)]
* Adding new/updated threat actor names from CrowdStrike 2020 report. [pnx@pyrite]
* Merge branch 'cocaman-patch-1' [Alexandre Dulaunoy]
* Fixing a comma error. [Corsin Camichel]
* Adding Raccoon (win.raccoon) [Corsin Camichel]
* Merge pull request #518 from danielplohmann/patch-21. [Alexandre Dulaunoy]
Accenture calls APT32 - "POND LOACH"
* Accenture calls APT32 - "POND LOACH" [Daniel Plohmann]
* Merge branch 'nyx0-master' [Alexandre Dulaunoy]
* Merge branch 'master' of https://github.com/nyx0/misp-galaxy into nyx0-master. [Alexandre Dulaunoy]
* Add InvisiMole cluster. [Thomas Dupuy]
* Merge pull request #517 from Delta-Sierra/master. [Alexandre Dulaunoy]
update ransomware galaxy
* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Merge pull request #516 from rmkml/master. [Alexandre Dulaunoy]
add MedusaLocker ransomware
* Add MedusaLocker ransomware. [rmkml]
* Add extension to clop ransomware. [Deborah Servili]
* Add razor ransomware. [Deborah Servili]
* Merge pull request #513 from danielplohmann/patch-20. [Alexandre Dulaunoy]
adding APT-C-12
* Adding APT-C-12. [Daniel Plohmann]
* Merge pull request #512 from Delta-Sierra/master. [Alexandre Dulaunoy]
Add several tools
* Add tools used by TA505 + others. [Deborah Servili]
* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Add warzone RAT. [Deborah Servili]
* Merge pull request #510 from Delta-Sierra/master. [Alexandre Dulaunoy]
add ransomwares
* Add ransomwares. [Deborah Servili]
* Merge pull request #509 from r0ny123/patch-3. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [Rony]
those are the name of aliases of the same malware family sykipot. so removing it.
* Merge pull request #508 from Delta-Sierra/master. [Alexandre Dulaunoy]
add Operation Wocao
* Merge branch 'master' into master. [Deborah Servili]
* Merge pull request #507 from nyx0/master. [Alexandre Dulaunoy]
Add Attor and DePriMon
* Add Attor and DePriMon. [Thomas Dupuy]
* Merge pull request #506 from danielplohmann/patch-19. [Alexandre Dulaunoy]
removing and fixing deadlinks in the best possible way
* Removing and fixing deadlinks in the best possible way. [Daniel Plohmann]
Hi! While migrating Malpedia to our new reference data format, we noticed a few potentially dead/moved references in your cluster. This pull request should fix most of them, for some I was not able to find an appropriate replacement.
* Merge pull request #505 from danielplohmann/patch-18. [Alexandre Dulaunoy]
adding references and TEMP.MixMaster as alias for WIZARD SPIDER
* Adding references and TEMP.MixMaster as alias for WIZARD SPIDER. [Daniel Plohmann]
with kudos to @tbarabosch
* Merge pull request #504 from Delta-Sierra/master. [Alexandre Dulaunoy]
update target location galaxy
* Merge pull request #503 from StefanKelm/master. [Alexandre Dulaunoy]
Update ransomware.json
* Update ransomware.json. [StefanKelm]
* Update ransomware.json. [StefanKelm]
5ss5c
* Merge pull request #502 from Delta-Sierra/master. [Alexandre Dulaunoy]
update tool galaxy
* Jq. [Deborah Servili]
* Add Operation Wocao. [Deborah Servili]
* Complete Zimbabwe cluster. [Deborah Servili]
* Update target location galaxy. [Deborah Servili]
* Merge branch 'master' into master. [Deborah Servili]
* Merge pull request #500 from Delta-Sierra/master. [Alexandre Dulaunoy]
update target information
* Merge pull request #501 from StefanKelm/master. [Alexandre Dulaunoy]
Update tool.json
* Update tool.json. [StefanKelm]
LiquorBot
* Merge pull request #499 from StefanKelm/master. [Alexandre Dulaunoy]
Update tool.json
* Update tool.json. [StefanKelm]
Lampion
* Add Autochk Rootkit as tool. [Deborah Servili]
* Add two wipers to tools. [Deborah Servili]
* Update target information. [Deborah Servili]
* Merge pull request #498 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
* Update threat-actor.json. [StefanKelm]
BRONZE PRESIDENT
* Merge pull request #497 from r0ny123/patch-2. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [Rony]
* Merge pull request #496 from bartblaze/patch-1. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [Bart]
Adds Operation Wocao..
* Merge pull request #495 from Delta-Sierra/master. [Alexandre Dulaunoy]
add clop ransomware
* Add clop ransomware. [Deborah Servili]
* Merge pull request #494 from Delta-Sierra/master. [Alexandre Dulaunoy]
add BitPaymer Synonyms
* Jq. [Deborah Servili]
* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Merge pull request #493 from Delta-Sierra/master. [Deborah Servili]
add tools used by GALLIUM
* Merge pull request #492 from Delta-Sierra/master. [Alexandre Dulaunoy]
Operation Soft Cell ralated Updates
* Merge pull request #491 from wagner-certat/threat-actor-syn-sofacy. [Alexandre Dulaunoy]
sofacy: add apt_sofacy as synonym
* Sofacy: add apt_sofacy as synonym. [Sebastian Wagner]
* Merge pull request #490 from Delta-Sierra/master. [Alexandre Dulaunoy]
Update threat actor galaxy
* Add BitPaymer Synonsyms. [Deborah Servili]
* Add tools used by GALLIUM. [Deborah Servili]
* Add GALLIUM as microsoft activities group and similar to Operation Soft Cell. [Deborah Servili]
* Update threat actor version. [Deborah Servili]
* Add relation suspected link between operation soft cell and apt10. [Deborah Servili]
* ##COMMA## [Deborah Servili]
* Merge branch 'master' into master. [Deborah Servili]
* Merge pull request #489 from danielplohmann/patch-16. [Alexandre Dulaunoy]
added APT-C-34 / Golden Falcon
* Added APT-C-34 / Golden Falcon. [Daniel Plohmann]
* Merge pull request #488 from Delta-Sierra/master. [Alexandre Dulaunoy]
create new galaxy - surveillance-vendor
* Merge pull request #487 from gallypette/patch-1. [Alexandre Dulaunoy]
add: [dark-pattern] updates the README
* Add: [dark-pattern] updates the README. [Jean-Louis Huynen]
* Merge pull request #486 from gallypette/master. [Alexandre Dulaunoy]
chg: [dark-pattern] namespace: misp
* Merge pull request #485 from danielplohmann/patch-15. [Alexandre Dulaunoy]
added TA2101
* Added TA2101. [Daniel Plohmann]
* Merge pull request #484 from gallypette/master. [Alexandre Dulaunoy]
add: [dark-pattern] galaxy to tag dark patterns
* Add: [dark-pattern] add a source. [Jean-Louis Huynen]
* Add: [dark-pattern] galaxy to tag dark patterns. [Jean-Louis Huynen]
* Add Axiom synonym. [Deborah Servili]
* Add Sofacy ref. [Deborah Servili]
* Add clusters to surveillance-vendor galaxy. [Deborah Servili]
* Fix surveillance-vendor galaxy. [Deborah Servili]
* Fix-tentative. [Deborah Servili]
* Fix. [Deborah Servili]
* Jq. [Deborah Servili]
* Update schema_cluster. [Deborah Servili]
* Add FlexiSPY + jq. [Deborah Servili]
* Add new galaxy - surveillance-vendor. [Deborah Servili]
* Add Private Internet Access as Tool. [Deborah Servili]
* Merge branch 'rmkml-master' [Alexandre Dulaunoy]
* Merge branch 'master' into master. [rmkml]
* Merge pull request #482 from Delta-Sierra/master. [Alexandre Dulaunoy]
add DePriMon malicious downloader & Cyborg ransomware
* Jq. [Deborah Servili]
* Add cyborg ransomnote refs. [Deborah Servili]
* Add cyborg ransomnote filename. [Deborah Servili]
* Add cyborg ranspmware extension. [Deborah Servili]
* Jq. [Deborah Servili]
* Add DePriMon malicious downloader & Cyborg ransomware. [Deborah Servili]
* Merge pull request #481 from Delta-Sierra/master. [Andras Iklody]
add silence synonym & new meta field spoken-language
* Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy. [Deborah Servili]
* Merge branch 'master' into master. [Deborah Servili]
* Merge. [Deborah Servili]
* Merge pull request #480 from rmkml/master. [Alexandre Dulaunoy]
Add Maze Ransomware
* Merge pull request #477 from rmkml/master. [Alexandre Dulaunoy]
Add Desync Ransomware
* Merge pull request #476 from StefanKelm/master. [Alexandre Dulaunoy]
new refs for APT33
* New refs for APT33. [StefanKelm]
* Merge pull request #475 from Delta-Sierra/master. [Alexandre Dulaunoy]
target information update [WIP]
* Merge pull request #473 from Delta-Sierra/master. [Alexandre Dulaunoy]
update target location WIP
* Merge. [Deborah Servili]
* Add silence synonym & new meta field spoken-language. [Deborah Servili]
* Traget information update [WIP] [Deborah Servili]
* Jq. [Deborah Servili]
* Traget information update [WIP] [Deborah Servili]
* Add Palestine PPound. [Deborah Servili]
* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Merge pull request #472 from rmkml/master. [Alexandre Dulaunoy]
Add DoppelPaymer Ransomware
* Merge pull request #471 from rmkml/master. [Alexandre Dulaunoy]
Add FreeMe Ransomware
* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]
* Merge pull request #468 from Delta-Sierra/master. [Alexandre Dulaunoy]
add Turla Group Symonym variant
* Merge pull request #467 from Delta-Sierra/master. [Deborah Servili]
Few updates
* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]
* Merge pull request #465 from r0ny123/patch-1. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [Rony]
* Jq. [Deborah Servili]
* Update target location WIP. [Deborah Servili]
* Add Turla Group Symonym variant. [Deborah Servili]
* Jq. [Deborah Servili]
* Add Winnti related tools etc. [Deborah Servili]
* Add operation soft cell. [Deborah Servili]
* Merge pull request #464 from MISP/fix-misinfosec. [Sami Mokaddem]
fix: [misinfosec] fixed kill_chain fields
* Merge pull request #463 from VVX7/master. [Alexandre Dulaunoy]
new: [galaxy] AMITT (Adversarial Misinformation and Influence Tactics…
* Merge pull request #462 from Delta-Sierra/master. [Alexandre Dulaunoy]
add synonyms
* Jq. [Deborah Servili]
* Add legitimate tools. [Deborah Servili]
* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Merge pull request #461 from Delta-Sierra/target-location-galaxy. [Alexandre Dulaunoy]
Target location galaxy
* Fix empty string. [Deborah Servili]
* Jq. [Deborah Servili]
* Add TVSPY tool. [Deborah Servili]
* WIP update target info. [Deborah Servili]
* Try to please CodeFactor. [Deborah Servili]
* Add script used to create region galaxy (Not optimised or anything) [Deborah Servili]
* New galaxy - Region based on UN M49. [Deborah Servili]
* WIP update target info. [Deborah Servili]
* Merge pull request #459 from Delta-Sierra/target-location-galaxy. [Alexandre Dulaunoy]
Target location galaxy
* Jq. [Deborah Servili]
* Merge branch 'master' of https://github.com/MISP/misp-galaxy into target-location-galaxy. [Deborah Servili]
* Merge pull request #458 from Delta-Sierra/master. [Alexandre Dulaunoy]
Add Tortoiseshell thrat actor
* WIP update target info - fix empty string. [Deborah Servili]
* WIP update target info. [Deborah Servili]
* WIP update target info. [Deborah Servili]
* Moar clusters. [Deborah Servili]
* Update target information [draft] [Deborah Servili]
* Update target information. [Deborah Servili]
* Update target information. [Deborah Servili]
* Improve target-information. [Deborah Servili]
* Update version. [Deborah Servili]
* Add PlugX rat sysnonyms. [Deborah Servili]
* Add Sodinokibi synonym. [Deborah Servili]
* Version update. [Deborah Servili]
* Add Tortoiseshell thrat actor. [Deborah Servili]
* Merge pull request #457 from rmkml/master. [Alexandre Dulaunoy]
Add Mr.Dec Ransomware
* Merge pull request #456 from rmkml/master. [Alexandre Dulaunoy]
Add Hildacrypt Ransomware
* Merge pull request #455 from rmkml/master. [Alexandre Dulaunoy]
Add InnfiRAT
* Merge pull request #454 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
Silent Librarian
* Merge pull request #453 from rmkml/master. [Alexandre Dulaunoy]
Add AsyncRAT
* Fix Add FTCode Ransomware. [rmkml]
* Add FTCode Ransomware. [rmkml]
* Add Maze Ransomware. [rmkml]
* Revert "Add Maze Ransomware" [rmkml]
This reverts commit cfc6e2802cf8760e1389e77d3f1452f3eda7fb8f.
* Add Maze Ransomware. [rmkml]
* Add Desync Ransomware. [rmkml]
* Add DoppelPaymer Ransomware. [rmkml]
* Add FreeMe Ransomware. [rmkml]
* Add Mr.Dec Ransomware. [rmkml]
* Add Hildacrypt Ransomware. [rmkml]
* Add InnfiRAT. [rmkml]
* Merge branch 'master' into master. [rmkml]
* Merge pull request #452 from Delta-Sierra/master. [Deborah Servili]
aff SectorJ04 group
* Merge branch 'master' into master. [Deborah Servili]
* Merge pull request #450 from rmkml/master. [Alexandre Dulaunoy]
Add Buran Ransomware
* Merge pull request #449 from danielplohmann/patch-14. [Alexandre Dulaunoy]
'SectorJ04 Group' as alias introduced by NSHC for TA505
* 'SectorJ04 Group' as alias introduced by NSHC for TA505. [Daniel Plohmann]
Not explicitly mentioned in the blog post but it looks like we just got an alias for TA505... https://threatrecon.nshc.net/2019/08/29/sectorj04-groups-increased-activity-in-2019/
* Merge pull request #448 from rmkml/master. [Alexandre Dulaunoy]
Add Nemty Ransomware
* Merge pull request #447 from Delta-Sierra/target-location-galaxy. [Alexandre Dulaunoy]
improve more clusters
* Improve more clusters. [Deborah Servili]
* Merge pull request #446 from wagner-certat/tool-empty-strings. [Alexandre Dulaunoy]
Add test for empty strings
* Target-information: fix territory-type for China. [Sebastian Wagner]
* Add test for empty strings. [Sebastian Wagner]
Should prevent MISP/misp-galaxy#438
* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]
* Merge pull request #441 from Delta-Sierra/target-location-galaxy. [Deborah Servili]
More clusters improved
* More clusters improved. [Deborah Servili]
* Merge pull request #444 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
Add ITG08 as synonym for FIN6
* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]
* Merge branch 'Delta-Sierra-master' [Alexandre Dulaunoy]
* Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master. [Alexandre Dulaunoy]
* Aff SectorJ04 group. [Deborah Servili]
* Add Asruex Backdoor. [Deborah Servili]
* Add ref for Gamaredon. [Deborah Servili]
* Merge pull request #440 from Delta-Sierra/target-location-galaxy. [Alexandre Dulaunoy]
Target location galaxy
* More clusters improved. [Deborah Servili]
* More clusters improved. [Deborah Servili]
* Merge pull request #439 from Delta-Sierra/target-location-galaxy. [Alexandre Dulaunoy]
Target location galaxy
* More clusters improved. [Deborah Servili]
* More clusters improved. [Deborah Servili]
* More countries. [Deborah Servili]
* Merge pull request #438 from wagner-certat/empty-strings. [Alexandre Dulaunoy]
Remove some empty strings
* Remove empty strings. [Sebastian Wagner]
* Merge pull request #437 from Delta-Sierra/target-location-galaxy. [Deborah Servili]
Target location galaxy
* Complete more cluster + country is now an array. [Deborah Servili]
* Target-informatione - add membership member-of attribute - Example:member-of NATO. [Deborah Servili]
* Merge pull request #436 from Delta-Sierra/target-location-galaxy. [Alexandre Dulaunoy]
Target location galaxy
* Jq. [Deborah Servili]
* Change attribute name. [Deborah Servili]
* Jq. [Deborah Servili]
* Complete some clusters. [Deborah Servili]
* Fix building mistakes. [Deborah Servili]
* Add tld. [Deborah Servili]
* Add target-information galaxy file. [Deborah Servili]
* Rename galaxy target-location -> target-information. [Deborah Servili]
* New galaxy target-location [DRAFT] [Deborah Servili]
* Merge pull request #435 from hackunagi/master. [Alexandre Dulaunoy]
Adding Amavaldo Banking Trojan
* Adding Amavaldo Banking Trojan. [Carlos Borges]
* Merge pull request #434 from r0ny123/patch-1. [Alexandre Dulaunoy]
added microsoft naming for the groups
* Added microsoft naming for the groups. [Rony]
* Merge pull request #433 from nyx0/master. [Alexandre Dulaunoy]
add APT41
* Add synonyme for Turla. [Thomas Dupuy]
* Update victims. [Thomas Dupuy]
* Add APT41. [Thomas Dupuy]
* Merge pull request #431 from Delta-Sierra/master. [Alexandre Dulaunoy]
add Amavaldo
* Jq. [Deborah Servili]
* Update version. [Deborah Servili]
* Add Amavaldo. [Deborah Servili]
* Merge pull request #430 from 3c7/patch-2. [Alexandre Dulaunoy]
[threat-actor] Remove local file reference in threat actor galaxy
* Remove local file link :) [Nils Kuhnert]
* Lowercased value field for DarkHotel. [Andras Iklody]
* Merge pull request #429 from danielplohmann/patch-13. [Alexandre Dulaunoy]
adding secureworks actor names for energetic bear and teamspy
* Merge branch 'master' into patch-13. [Alexandre Dulaunoy]
* Merge pull request #428 from danielplohmann/patch-12. [Alexandre Dulaunoy]
adding Proofpoint's TA428
* Adding Proofpoint's TA428. [Daniel Plohmann]
* Adding secureworks actor names for energetic bear and teamspy. [Daniel Plohmann]
* Merge pull request #426 from mokaddem/patch-2. [Alexandre Dulaunoy]
Update mitre-course-of-action.json
* Update mitre-course-of-action.json. [Sami Mokaddem]
Changed icon
* Merge pull request #425 from mokaddem/patch-1. [Alexandre Dulaunoy]
Update banker.json
* Update banker.json. [Sami Mokaddem]
Changed icon name
* Merge pull request #424 from mokaddem/patch-3. [Alexandre Dulaunoy]
Update mitre-enterprise-attack-course-of-action.json
* Update mitre-enterprise-attack-course-of-action.json. [Sami Mokaddem]
Changed icon
* Merge pull request #423 from mokaddem/patch-4. [Alexandre Dulaunoy]
Update mitre-mobile-attack-course-of-action.json
* Update mitre-mobile-attack-course-of-action.json. [Sami Mokaddem]
Changed icon
* Merge pull request #422 from Delta-Sierra/master. [Alexandre Dulaunoy]
add SWEED threat actor
* Jq. [Deborah Servili]
* Add SWEED threat actor. [Deborah Servili]
* Merge pull request #420 from Delta-Sierra/master. [Deborah Servili]
add Felipe Trojan
* Jq. [Deborah Servili]
* Add Felipe Trojan. [Deborah Servili]
* Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy. [Alexandre Dulaunoy]
* Fix duplicate. [Deborah Servili]
* Update threat actor galaxy. [Deborah Servili]
* Update threat actor galaxy. [Deborah Servili]
* Update threat actor galaxy. [Deborah Servili]
* Update threat actor galaxy. [Deborah Servili]
* ##COMMA## [Deborah Servili]
* Fix duplicate. [Deborah Servili]
* Update version. [Deborah Servili]
* Update threat actor galaxy. [Deborah Servili]
* Merge pull request #419 from r0ny123/patch-6. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [Rony]
* Merge pull request #415 from Delta-Sierra/master. [Alexandre Dulaunoy]
update threat actor galaxy
* Fix duplicate and links update (APT34) [Deborah Servili]
* Fix duplicate. [Deborah Servili]
* Update threat actor galaxy. [Deborah Servili]
* Tryto fix duplicate. [Deborah Servili]
* Update threat actor galaxy. [Deborah Servili]
* Merge pull request #414 from Delta-Sierra/master. [Alexandre Dulaunoy]
update threat actor galaxy
* Fix duplicate. [Deborah Servili]
* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Merge pull request #413 from Delta-Sierra/master. [Alexandre Dulaunoy]
update threat actor galaxy
* Merge pull request #412 from Delta-Sierra/master. [Alexandre Dulaunoy]
update threat actors and tools
* Merge pull request #411 from Delta-Sierra/master. [Alexandre Dulaunoy]
update threat-actor galaxy
* Merge pull request #409 from rmkml/master. [Alexandre Dulaunoy]
Add GetCrypt Ransomware
* Merge pull request #408 from rmkml/master. [Alexandre Dulaunoy]
Add Phobos Ransomware
* Merge pull request #407 from Delta-Sierra/master. [Alexandre Dulaunoy]
add BlueKeep vulnerability
* Update threat actor galaxy. [Deborah Servili]
* Jq. [Deborah Servili]
* Update threat actor galaxy. [Deborah Servili]
* Update threat actor galaxy. [Deborah Servili]
* Update Threat actor galaxy. [Deborah Servili]
* Update threat actor. [Deborah Servili]
* Update threat actor darkhotel (nemim might be a typo) [Deborah Servili]
* Update threat actor. [Deborah Servili]
* FlawedAmmy RAT. [Deborah Servili]
* Fix multiple refs. [Deborah Servili]
* Update threat actors. [Deborah Servili]
* Update threat actors. [Deborah Servili]
* Update threat actors and tools. [Deborah Servili]
* Fix merge mistakes. [Deborah Servili]
* Update threat actor. [Deborah Servili]
* Update threat actor. [Deborah Servili]
* Update threat-actor galaxy. [Deborah Servili]
* Update Anchor Panda Threat Actor. [Deborah Servili]
* Add BlueKeep. [Deborah Servili]
* Add AsyncRAT. [rmkml]
* Add Buran Ransomware. [rmkml]
* Add Nemty Ransomware. [rmkml]
* Add GetCrypt Ransomware. [rmkml]
* Merge branch 'master' into master. [rmkml]
* Merge pull request #406 from Delta-Sierra/master. [Alexandre Dulaunoy]
Rework of ransomware galaxy
* Fix ransomware ransomnotes. [Deborah Servili]
* Jq. [Deborah Servili]
* Rework of ransomware galaxy. [Deborah Servili]
* Merge pull request #405 from danielplohmann/patch-11. [Alexandre Dulaunoy]
adding TA542 to MUMMY SPIDER (emotet)
* Adding TA542 to MUMMY SPIDER (emotet) [Daniel Plohmann]
* Merge pull request #404 from r0ny123/patch-5. [Alexandre Dulaunoy]
merging Pacifier & Turla
* Merging Pacifier & Turla. [Rony]
* Merge pull request #403 from Delta-Sierra/master. [Alexandre Dulaunoy]
add Reaver and probably related tools
* Add Reaver and probably related tools. [Deborah Servili]
* Merge pull request #402 from danielplohmann/patch-9. [Alexandre Dulaunoy]
adding APT31/ZIRCONIUM
* Adding APT31/ZIRCONIUM. [Daniel Plohmann]
* Merge pull request #401 from mokaddem/bump-attack-pattern. [Alexandre Dulaunoy]
chg: [attack-pattern] Sync kill-chain with data from MITRE.
* Merge pull request #400 from Delta-Sierra/master. [Deborah Servili]
add Sodinokibi
* Add Sodinokibi. [Deborah Servili]
* Merge pull request #399 from r0ny123/patch-4. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [Rony]
* Merge pull request #395 from Delta-Sierra/master. [Alexandre Dulaunoy]
add Scranos
* Add Scarnos. [Deborah Servili]
* Merge pull request #394 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
Silent Librarian / COBALT DICKENS
* Merge pull request #393 from Delta-Sierra/master. [Alexandre Dulaunoy]
add AESDDoS Botnet and JasperLoader
* Add JasperLoader. [Deborah Servili]
* Add AESDDoS Botnet. [Deborah Servili]
* Merge branch 'nao-sec-master' [Alexandre Dulaunoy]
* Merge branch 'master' of https://github.com/nao-sec/misp-galaxy into nao-sec-master. [Alexandre Dulaunoy]
* Merge branch 'r0ny123-patch-2' [Alexandre Dulaunoy]
* Update threat-actor.json. [Rony]
* Update threat-actor.json. [Rony]
* Update threat-actor.json. [Rony]
* Updated FIN4. [Rony]
* Merge branch 'Kafeine-master' [Alexandre Dulaunoy]
* Merge branch 'master' of https://github.com/Kafeine/misp-galaxy into Kafeine-master. [Alexandre Dulaunoy]
* += Spelevo. [Kafeine]
* ZTDS. [Kafeine]
* Novidade,taurus. [Kafeine]
* Merge pull request #387 from r0ny123/patch-1. [Alexandre Dulaunoy]
more report on APT36
* More report on APT36. [Rony]
* Merge pull request #386 from Delta-Sierra/master. [Alexandre Dulaunoy]
ad Sea Turtle Campaign
* Add Sea Turtle campaign. [Deborah Servili]
* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Chg; [threat-actor] validate + version bump. [Christophe Vandeplas]
* Merge pull request #385 from bartblaze/master. [Christophe Vandeplas]
Add Whitefly
* Add Whitefly. [Bart]
* Merge. [Deborah Servili]
* Merge pull request #384 from r0ny123/patch-3. [Deborah Servili]
fixed the broken link
* Fixed the broken link. [Rony]
* Merge pull request #383 from rmkml/master. [Deborah Servili]
Add BigBobRoss Ransomware
* Merge pull request #382 from rmkml/master. [Alexandre Dulaunoy]
Add Caesar RAT
* Merge pull request #381 from rmkml/master. [Alexandre Dulaunoy]
Add Tellyouthepass Ransomware
* Merge pull request #380 from bartblaze/master. [Alexandre Dulaunoy]
Add DoNot team references
* Add DoNot team references. [Bart]
* Merge pull request #379 from rmkml/master. [Alexandre Dulaunoy]
Add BlackWorm Ransomware
* Merge branch 'danielplohmann-patch-8' [Alexandre Dulaunoy]
* Merge branch 'patch-8' of https://github.com/danielplohmann/misp-galaxy into danielplohmann-patch-8. [Alexandre Dulaunoy]
* Based on additional research, APT36 can actually be merged into Mythic Leopard. [Daniel Plohmann]
* Merge pull request #377 from r0ny123/patch-2. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [Rony]
* Merge pull request #376 from r0ny123/patch-1. [Alexandre Dulaunoy]
adding additional resources for APT36
* Update threat-actor.json. [Rony]
* Adding additional resources for APT36. [Rony]
* Merge pull request #375 from rmkml/master. [Alexandre Dulaunoy]
Add Globe Imposter Ransomware
* Merge pull request #374 from rmkml/master. [Alexandre Dulaunoy]
Add Parasite HTTP RAT
* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Add ref for Ryuk and LockerGoga ransomwares. [Deborah Servili]
* Add Phobos Ransomware. [rmkml]
* Add Cr1ptt0r Ransomware. [rmkml]
* Add SpelevoEK. [rmkml]
* Add Planetary Ransomware. [rmkml]
* Add BigBobRoss Ransomware. [rmkml]
* Add Caesar RAT. [rmkml]
* Add Ave Maria Stealer. [rmkml]
* Add Tellyouthepass Ransomware. [rmkml]
* Add Vidar Stealer. [rmkml]
* Add Brushaloader Malware. [rmkml]
* Add BlackWorm Ransomware. [rmkml]
* Add Globe Imposter Ransomware. [rmkml]
* Add Parasite HTTP RAT. [rmkml]
* Merge pull request #373 from danielplohmann/patch-7. [Alexandre Dulaunoy]
adding FireEye's TMP.Lapis / APT36
* Adding FireEye's TMP.Lapis / APT36. [Daniel Plohmann]
* Merge branch 'ismasma-master' [Alexandre Dulaunoy]
* Merge branch 'master' of https://github.com/ismasma/misp-galaxy into ismasma-master. [Alexandre Dulaunoy]
* Add payment method and price. [ismasma]
* Merge pull request #371 from Delta-Sierra/master. [Alexandre Dulaunoy]
Add Operation ShadowHammer
* Add Operation ShadowHammer. [Deborah Servili]
* Add relationship between Cardinal RAT and EVILNUM. [Deborah Servili]
* Merge branch 'Delta-Sierra-master' [Alexandre Dulaunoy]
* Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master. [Alexandre Dulaunoy]
* Jq. [Deborah Servili]
* Merge branch 'master' into master. [Deborah Servili]
* Add Cardinal RAT ref. [Deborah Servili]
* Add AOT-C-27 Goldmouse. [Deborah Servili]
* Add SPOILER vulnerability + other minor changes. [Deborah Servili]
* Remove mitre-relationships from readme. [Deborah Servili]
* Merge pull request #370 from danielplohmann/patch-6. [Alexandre Dulaunoy]
added APT-C-27 / GoldMouse
* Added APT-C-27 / GoldMouse. [Daniel Plohmann]
* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]
* Merge pull request #363 from Delta-Sierra/master. [Alexandre Dulaunoy]
add H-worm RAT
* Add H-worm RAT. [Deborah Servili]
* Add: [attck4fraud] initial attck-like matrix for fraud from https://github.com/burritoblue/attck4fraud (WiP) [Alexandre Dulaunoy]
* Merge pull request #362 from bartblaze/master. [Alexandre Dulaunoy]
Update preventive-measure.json
* Update preventive-measure.json. [Bart]
Add ACL
* Merge pull request #361 from Delta-Sierra/master. [Alexandre Dulaunoy]
add Operation Comando - hit version 100
* Add Operation Comando - hit version 100. [Deborah Servili]
* Merge pull request #359 from nyx0/master. [Alexandre Dulaunoy]
add synonym, no need for uppercase in the name :)
* Add synonym, no need for uppercase in the name :) [Thomas Dupuy]
* Merge pull request #358 from Delta-Sierra/master. [Alexandre Dulaunoy]
add attribution-confidence attribute to threat-actor
* Add attribution-confidence attribute to threat-actor. [Deborah Servili]
* Merge pull request #357 from Delta-Sierra/master. [Alexandre Dulaunoy]
New clusters
* Relations between SLUB Backdoor. [Deborah Servili]
* Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy. [Deborah Servili]
* Merge branch 'master' into master. [Deborah Servili]
* Merge branch 'master' into master. [Deborah Servili]
* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]
* Merge pull request #356 from danielplohmann/patch-5. [Alexandre Dulaunoy]
another actor described by 360TIC.
* Update threat-actor.json. [Daniel Plohmann]
another actor described by 360TIC.
* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]
* Merge pull request #355 from danielplohmann/patch-4. [Alexandre Dulaunoy]
FireEye upgraded TEMP.Periscope to APT40
* FireEye upgraded TEMP.Periscope to APT40. [Daniel Plohmann]
* Add StealthWorker malware. [Deborah Servili]
* Add SLUB backdoor. [Deborah Servili]
* Add Jokeroo RaaS. [Deborah Servili]
* Add operation Kabar Cobra. [Deborah Servili]
* Add ref for garrantydecrypt. [Deborah Servili]
* Add relation between Lazarus Group and Operation SharpShooter. [Deborah Servili]
* Add Rising Sun Backdoor. [Deborah Servili]
* Add Razdel. [Deborah Servili]
* Merge pull request #350 from bartblaze/master. [Alexandre Dulaunoy]
Add more info on Lotus Blossom
* Add more info on Lotus Blossom. [Bart]
Add 2 more references, fix typo - Trend calls it "Esile", not "Eslie" as mistakenly stated by CFR. The backdoor itself is commonly referred to as Elise.
* Merge pull request #347 from bartblaze/master. [Alexandre Dulaunoy]
Update cert-eu-motive.json
* Update cert-eu-motive.json. [Bart]
Fix typo
* Merge pull request #346 from danielplohmann/patch-3. [Alexandre Dulaunoy]
Two more actor names from GTR2019
* Two more actor names from GTR2019. [Daniel Plohmann]
I found two more actor names while going again over the crowdstrike's report and updating the cross-references to malpedia.
* Merge pull request #345 from danielplohmann/patch-2. [Alexandre Dulaunoy]
Added missing actors from CrowdStrike GTR2019
* Added missing actors from CrowdStrike GTR2019. [Daniel Plohmann]
* Merge pull request #344 from ITAYC0HEN/patch-1. [Alexandre Dulaunoy]
Fix 404'd reference of BuhTrap
* Fix 404'd reference of BuhTrap. [Itay Cohen]
* Merge pull request #343 from mokaddem/newMitre. [Alexandre Dulaunoy]
Added kill_chain_order in mitre-attack-pattern
* Merge branch 'master' of https://github.com/MISP/misp-galaxy into newMitre. [mokaddem]
* Merge pull request #342 from mokaddem/electionGuidelines. [Alexandre Dulaunoy]
new: Added draft of the election guildelines galaxy
* Merge pull request #320 from cvandeplas/mitre_attack. [Alexandre Dulaunoy]
chg: [mitre] Deprecated pre/enterprise/mobile separate galaxies
* Merge pull request #341 from Delta-Sierra/master. [Alexandre Dulaunoy]
Add several clusters
* Merge branch 'master' into master. [Deborah Servili]
* Merge pull request #340 from nyx0/master. [Alexandre Dulaunoy]
add ANEL/UPPERCUT in tool cluster
* Add ANEL/UPPERCUT in tool cluster. [Thomas Dupuy]
* Merge pull request #338 from netjinho/patch-1. [Alexandre Dulaunoy]
Updated "Iran" name
* Updated "Iran" name. [João Neto]
This extra space leads to an unnecessary key error when parsing the json file
* Merge pull request #337 from 3c7/synonym/velvet-chollima. [Alexandre Dulaunoy]
Added Velvet Chollima as synonym to Kimsuki
* Added Velvet Chollima as synonym to Kimsuki. [Nils Kuhnert]
* Merge pull request #336 from 3c7/synonym/static-kitten. [Christophe Vandeplas]
Added static kitten as synonym for MuddyWater
* Added static kitten as synonym for MuddyWater. [Nils Kuhnert]
* Merge pull request #334 from 3c7/synonym/cobalt-spider. [Alexandre Dulaunoy]
Added Cobalt Spider as Synonym for Cobalt
* Added Cobalt Spider reference. [Nils Kuhnert]
* Added Cobalt Spider as Synonym for Cobalt. [Nils Kuhnert]
* Merge pull request #335 from 3c7/synonym/turbine-panda. [Alexandre Dulaunoy]
Added Turbine Panda as synonym for APT 26
* Added Turbine Panda as synonym for APT 26. [Nils Kuhnert]
* Merge pull request #333 from 3c7/synonym/oceanbuffalo. [Alexandre Dulaunoy]
Added Ocean Buffalo synonym for Ocean Lotus
* Added Ocean Buffalo synonym for Ocean Lotus. [Nils Kuhnert]
* Merge pull request #332 from Delta-Sierra/master. [Alexandre Dulaunoy]
Add APT39 & LockerGoga
* Merge pull request #331 from 3c7/synonym/quilted_tiger. [Alexandre Dulaunoy]
Added Quilted Tiger as Synonym for Patchwork/Dropping Elephant.
* Added Quilted Tiger as Synonym for Patchwork/Dropping Elephant. [Nils Kuhnert]
* Merge pull request #330 from 3c7/synonym/shadow_crane. [Alexandre Dulaunoy]
Added Shadow Crane as synonym for Dark Hotel.
* Added Shadow Crane as synonym for Dark Hotel. [Nils Kuhnert]
* Add Gallmaker and other clusters. [Deborah Servili]
* Add OSX/Shlayer and some refs. [Deborah Servili]
* Add Siesta campaign. [Deborah Servili]
* Add APT39. [Deborah Servili]
* Add LockerGoga ransomware. [Deborah Servili]
* Merge pull request #329 from 3c7/synonym/stardustchollima. [Alexandre Dulaunoy]
Added "Stardust Chollima" as synonym for Lazarus.
* Added "Stardust Chollima" as synonym for Lazarus. [Nils Kuhnert]
* Merge pull request #328 from Delta-Sierra/master. [Alexandre Dulaunoy]
add Silence Group
* Add Silence Group. [Deborah Servili]
* Merge pull request #327 from nyx0/master. [Alexandre Dulaunoy]
add alternative name for DarkHydrus
* Add alternative name for DarkHydrus. [Thomas Dupuy]
* Merge pull request #326 from Delta-Sierra/master. [Alexandre Dulaunoy]
add Cold River Threat actor
* Add LoJax ref. [Deborah Servili]
* Add Cold River Threat actor. [Deborah Servili]
* Merge pull request #325 from Delta-Sierra/master. [Alexandre Dulaunoy]
add several ransomware and threat actors
* Fix versions. [Deborah Servili]
* Add several ransomware and threat actors. [Deborah Servili]
* Merge pull request #324 from Delta-Sierra/master. [Alexandre Dulaunoy]
TA505 threat actorand affiliates malwares
* Add drakhydrus ref. [Deborah Servili]
* TA505 threat actorand affiliates malwares. [Deborah Servili]
* Merge pull request #322 from Delta-Sierra/master. [Alexandre Dulaunoy]
add Cryptomix variants refs
* Add hidenad synonym. [Deborah Servili]
* Add Cryptomix variants refs. [Deborah Servili]
* Merge pull request #321 from Delta-Sierra/master. [Alexandre Dulaunoy]
add AndroidOS_HidenAd
* Update version. [Deborah Servili]
* Add AndroidOS_HidenAd. [Deborah Servili]
* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Merge pull request #319 from cvandeplas/master. [Christophe Vandeplas]
chg: [mitre] bump to latest MITRE ATT&CK dataset
* MITRE galaxy regeneration + updated migration script. [Christophe Vandeplas]
* MITRE sorted. [Christophe Vandeplas]
While dicts were sorted, lists were not yet sorted. This current sort algo is not yet the best, but is a good start. A good sort is needed for better comparison afterwards with automated tools. In a next stage tt will also be needed in the validate_all scripts.
* MITRE galaxy - initial conversion and migration script. [Christophe Vandeplas]
this is not fully working yet !
* Merge pull request #318 from 3c7/feature/helixkitten. [Alexandre Dulaunoy]
Added OilRig synonym "Helix Kitten".
* Added OilRig synonym "Helix Kitten". [Nils Kuhnert]
* Merge pull request #316 from danielplohmann/master. [Alexandre Dulaunoy]
New name SNAKEMACKEREL for APT28 by Accenture
* Microsoft alias for apt29 is YTTRIUM. [Daniel Plohmann]
* New name SNAKEMACKEREL for APT28 by Accenture. [Daniel Plohmann]
* Removed Puplishing industry. [Gerard Wagener]
* Merge pull request #315 from Delta-Sierra/master. [Alexandre Dulaunoy]
add OSX malwares
* Merge pull request #314 from Delta-Sierra/master. [Alexandre Dulaunoy]
New clusters
* Add ransomwares. [Deborah Servili]
* Add OSX malwares. [Deborah Servili]
* Add operation sharpshooter. [Deborah Servili]
* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Merge pull request #313 from Delta-Sierra/master. [Alexandre Dulaunoy]
add some clusters or info
* Merge pull request #310 from Delta-Sierra/master. [Alexandre Dulaunoy]
add several clusters
* Update toll version. [Deborah Servili]
* Add shamoon synonym. [Deborah Servili]
* Fix tool version. [Deborah Servili]
* Fix exploit-kit version. [Deborah Servili]
* Add some clusters or info. [Deborah Servili]
* Add Goden Chickens and affiliates. [Deborah Servili]
* Add ransomwares. [Deborah Servili]
* Add Operation Poison Needles. [Deborah Servili]
* Add clusters. [Deborah Servili]
* Add several clusters. [Deborah Servili]
* Merge branch 'Delta-Sierra-master' [Alexandre Dulaunoy]
* Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master. [Alexandre Dulaunoy]
* Add DNSpionage cluster. [Deborah Servili]
* Add everbe rasomnotes. [Deborah Servili]
* Add ransomwares. [Deborah Servili]
* Add ransomwares. [Deborah Servili]
* Merge pull request #309 from cvandeplas/master. [Alexandre Dulaunoy]
pep8, include the misp-galaxy tag in the output
* Pep8, include the misp-galaxy tag in the output. [Christophe Vandeplas]
* Add: [doc] contribution doc added. [Alexandre Dulaunoy]
* Merge pull request #306 from SteveClement/master. [Steve Clement]
chg: [doc] Added some dependency pointers.
* Merge pull request #305 from Delta-Sierra/master. [Alexandre Dulaunoy]
Add Rotexy
* Add Aurora Ransomware metadata. [Deborah Servili]
* Add Aurora Ransomware synonym. [Deborah Servili]
* Fix version. [Deborah Servili]
* Add Rotexy. [Deborah Servili]
* Merge pull request #304 from Delta-Sierra/master. [Alexandre Dulaunoy]
add PNG Dropper
* Update version. [Deborah Servili]
* Add PNG Dropper. [Deborah Servili]
* Merge pull request #303 from Delta-Sierra/master. [Deborah Servili]
add several references for Emotet and others
* Add reference for Emotet/Geodo. [Deborah Servili]
* Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy. [Deborah Servili]
* Add several references for Emotet and others. [Deborah Servili]
* Merge pull request #302 from Delta-Sierra/master. [Alexandre Dulaunoy]
update oilrig related clusters + others
* Merge branch 'master' into master. [Deborah Servili]
* Merge branch 'Delta-Sierra-master' [Alexandre Dulaunoy]
* Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master. [Alexandre Dulaunoy]
* Merge pull request #300 from Delta-Sierra/master. [Deborah Servili]
add several rqansomware and HookAds campaign
* Update oilrig related clusters + others. [Deborah Servili]
* Fix rat galaxy version. [Deborah Servili]
* Jq and add ref in tool galaxy -hit version 100- [Deborah Servili]
* Add TheOneSpy. [Deborah Servili]
* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]
* Merge pull request #299 from b3n7s/patch-1. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [Benoit Sevens]
Add LuckyMouse link
* Merge pull request #297 from danielplohmann/patch-1. [Alexandre Dulaunoy]
added APT38 as (FireEye) alias for Lazarus
* Added APT38 as (FireEye) alias for Lazarus. [Daniel Plohmann]
cross-references in https://content.fireeye.com/apt/rpt-apt38 suggest the link to Lazarus.
* Merge branch 'Delta-Sierra-master' [Alexandre Dulaunoy]
* Add several rqansomware and HookAds campaign. [Deborah Servili]
* Add/update ransomawares. [Deborah Servili]
* Add several tools and refs. [Deborah Servili]
* Merge pull request #296 from Delta-Sierra/master. [Deborah Servili]
update ransomware galaxy
* Update ransomware galaxy. [Deborah Servili]
* Merge pull request #295 from Delta-Sierra/master. [Alexandre Dulaunoy]
update Red Alert 2 Android Banking Trojan
* Jq fix. [Deborah Servili]
* Update version. [Deborah Servili]
* Update Red Alert 2 Android Banking Trojan. [Deborah Servili]
* Merge pull request #294 from Delta-Sierra/master. [Deborah Servili]
add ransomwares
* Add ransomwares. [Deborah Servili]
* Merge pull request #293 from Delta-Sierra/master. [Alexandre Dulaunoy]
add Operation EvilTraffic
* Add Chalubo botnet (+ jqallthethings) [Deborah Servili]
* Add Operation EvilTraffic. [Deborah Servili]
* Add Operation EvilTraffic. [Deborah Servili]
* Merge pull request #292 from 3c7/master. [Alexandre Dulaunoy]
Corrected DarkHotel threat actor entry
* Corrected DarkHotel threat actor entry. [Nils Kuhnert]
* Merge pull request #291 from Delta-Sierra/master. [Deborah Servili]
Clusters & references
* Fix duplicate ref. [Deborah Servili]
* Add August Stealer. [Deborah Servili]
* Add NukeSped reference. [Deborah Servili]
* Add GhostMiner. [Deborah Servili]
* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Merge pull request #290 from cvandeplas/master. [Alexandre Dulaunoy]
tool: experimental graphing tool
* Tool: experimental graphing tool. [Christophe Vandeplas]
* Merge pull request #289 from cvandeplas/master. [Alexandre Dulaunoy]
chg: further categorization of galaxies
* Merge pull request #288 from cvandeplas/master. [Alexandre Dulaunoy]
categorization of galaxies
* Jq. [Christophe Vandeplas]
* Merge remote-tracking branch 'MISP/master' [Christophe Vandeplas]
* Merge pull request #287 from cvandeplas/master. [Alexandre Dulaunoy]
fixes an important bug in the gen_relations
* Some minor fixes. [Andras Iklody]
* Merge remote-tracking branch 'MISP/master' [Christophe Vandeplas]
* Merge pull request #286 from Delta-Sierra/master. [Alexandre Dulaunoy]
Several clusters, refs, others.
* Merge pull request #285 from cvandeplas/master. [Alexandre Dulaunoy]
MITRE relationships included in the respective cluster
* Merge pull request #284 from cvandeplas/master. [Alexandre Dulaunoy]
chg: mappings are now in the generated adoc
* Add tools from https://github.com/misterch0c/shadowbroker. [Deborah Servili]
* Add DarkPulsar and affiliates + update some refs. [Deborah Servili]
* Add GreyEnergy. [Deborah Servili]
* Add refs & synonyms. [Deborah Servili]
* Add several refs. [Deborah Servili]
* Add several refs. [Deborah Servili]
* Add roaming mantis group. [Deborah Servili]
* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Merge pull request #283 from cvandeplas/master. [Alexandre Dulaunoy]
fixes + relations with malpedia
* Jq sort keys. [Christophe Vandeplas]
Allows automation to edit the files
* Merge branch 'steffenenders-patch-1' [Alexandre Dulaunoy]
* Jq all the things. [Alexandre Dulaunoy]
* Updated malpedia.json to the current state. [Steffen Enders]
Fetched the new malpedia galaxy cluster from https://malpedia.caad.fkie.fraunhofer.de/api/get/misp - this includes an additional ~120 new families.
* Merge pull request #281 from Delta-Sierra/master. [Deborah Servili]
add SAVEfiles ransomware
* Merge pull request #280 from Delta-Sierra/master. [Deborah Servili]
update matrix ransomware
* Add magecart ref. [Deborah Servili]
* Add SAVEfiles ransomware. [Deborah Servili]
* Update version. [Deborah Servili]
* Update matrix ransomware. [Deborah Servili]
* Merge pull request #279 from Delta-Sierra/master. [Alexandre Dulaunoy]
add Triout Android Malware