misp-website/Changelog-misp-galaxy.txt

6261 lines
164 KiB
Plaintext
Raw Permalink Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

# Changelog
## v2.4.152 (2021-12-22)
### New
* [CMTMF] fix the galaxy definition. [Alexandre Dulaunoy]
### Changes
* Use pytest instead of nose. [Raphaël Vinot]
* [concordia] CMTMF killchain typo fixed. [Alexandre Dulaunoy]
* [concordia] fix name inconsistencies. [Alexandre Dulaunoy]
* [concordia] set a mobile icon. [Alexandre Dulaunoy]
* [concordia] duplicate removed. [Alexandre Dulaunoy]
* [concordia] duplicate removed. [Alexandre Dulaunoy]
* [concordia] duplicate techniques removed. [Alexandre Dulaunoy]
* [concordia] typo fixed. [Alexandre Dulaunoy]
* [misp-galaxy] duplicate modify trusted environment and also different technique ID? [Alexandre Dulaunoy]
* [concordia] duplicates removed. [Alexandre Dulaunoy]
* [cmtmf-attack-pattern] update. [Alexandre Dulaunoy]
* [cmtmf-attack-pattern] various fixes to make JSON ok. [Alexandre Dulaunoy]
### Fix
* Cmtmf-attack-pattern had multiple duplicate UUIDs. [Raphaël Vinot]
### Other
* Merge pull request #671 from MISP/BennSaturn-concordia_mtmf. [Alexandre Dulaunoy]
Benn saturn concordia mtmf
* Merge branch 'concordia_mtmf' of https://github.com/BennSaturn/misp-galaxy into BennSaturn-concordia_mtmf. [Alexandre Dulaunoy]
* Update cmtmf-attack-pattern.json. [Bernardo Santos]
- update version
* Update cmtmf-attack-pattern.json. [Bernardo Santos]
- Changes to cluster type
- Fix typo for privilege escalation tactic
* CONCORDIA MTMF - Initial version. [Bernardo Santos]
Initial version of the CONCORDIA Mobile Threat Modelling Framework for the CONCORDIA Project: https://www.concordia-h2020.eu/
* CONCORDIA MTMF - Initial version. [Bernardo Santos]
Initial version of the CONCORDIA Mobile Threat Modelling Framework for the CONCORDIA Project: https://www.concordia-h2020.eu/
* Merge pull request #670 from jloehel/darkwatchman. [Alexandre Dulaunoy]
Adds DarkWatchman RAT
* Adds DarkWatchman RAT. [Jürgen Löhel]
* Merge pull request #669 from Delta-Sierra/main. [Alexandre Dulaunoy]
add ESPecter Bootkit
* Add ESPecter Bootkit. [Delta-Sierra]
* Add ESPecter bootkit. [Delta-Sierra]
## v2.4.151 (2021-11-19)
### Changes
* [att&ck] update to ATT&CK v10. [Christophe Vandeplas]
* [malpedia] remove duplicate. [Alexandre Dulaunoy]
* [malpedia] duplicates removed. [Alexandre Dulaunoy]
* [malpedia] updated. [Alexandre Dulaunoy]
* [threat-actor] add origin country to UNC2452 & HAFNIUM. [Rony]
addressed https://github.com/MISP/misp-galaxy/pull/660#issuecomment-884475015
### Fix
* [malpedia] remove duplicate urls. [Alexandre Dulaunoy]
### Other
* Merge branch 'marjatech-main' into main. [Alexandre Dulaunoy]
* Update malpedia. [marjatech]
* Merge pull request #666 from Wachizungu/add-common-raven. [Alexandre Dulaunoy]
Add threat actor common raven
* Add threat actor common raven. [Jeroen Pinoy]
* Merge pull request #665 from thomaspatzke/main. [Alexandre Dulaunoy]
Added O365 techniques
* Added O365 techniques. [Thomas Patzke]
Source:
https://www.inversecos.com/2021/09/office365-attacks-bypassing-mfa.html
* Merge pull request #664 from nyx0/main. [Alexandre Dulaunoy]
Adding TA and Tool
* Add BLUELIGHT tool. [Thomas Dupuy]
* Add InkySquid synonym. [Thomas Dupuy]
* Merge pull request #663 from danielplohmann/patch-10. [Alexandre Dulaunoy]
fixed typo in actor name (CLOCKWORD -> CLOCKWORK SPIDER)
* Fixed typo in actor name (CLOCKWORD -> CLOCKWORK SPIDER) [Daniel Plohmann]
* Merge pull request #662 from r0ny123/patch-1. [Alexandre Dulaunoy]
Add origin country to UNC2452 & HAFNIUM
## v2.4.147 (2021-07-27)
### Other
* Merge pull request #660 from r0ny123/patch-1. [Alexandre Dulaunoy]
References for APT40, APT31 & HAFNIUM
* Update threat-actor.json. [Rony]
* Another fix. [Rony]
* Fix. [Rony]
* Multiple updates to apt40, apt31 & hafnium. [Rony]
* From Gov Canada & MFA Japan. [Rony]
* Adding references for APT40 & APT31. [Rony]
* Merge pull request #658 from jasperla/oilrig. [Alexandre Dulaunoy]
merge APT34 with OilRig
* Merge APT34 with OilRig. [Jasper Lievisse Adriaanse]
OilRig already has "APT 34" and "APT34" as synonyms. Additionally
MITRE has since combined them due to overlap in activity:
https://attack.mitre.org/groups/G0049/
* Merge pull request #659 from Delta-Sierra/master. [Alexandre Dulaunoy]
Add NOBELIUM and related
* Merge branch 'main' into master. [Deborah Servili]
* Add NOBELIUM and related. [Delta-Sierra]
* Merge https://github.com/MISP/misp-galaxy. [Delta-Sierra]
* Remove more duplicates. [Delta-Sierra]
* Version fix. [Delta-Sierra]
## v2.4.145 (2021-06-28)
### Other
* Merge pull request #657 from jloehel/add_matanbuchus. [Alexandre Dulaunoy]
[cluster][tool] Adds Matanbuchus
* [cluster][tool] Adds Matanbuchus. [Jürgen Löhel]
+ threat actor: BelialDemon
* Merge pull request #656 from jloehel/add_hackboss. [Alexandre Dulaunoy]
[cluster][stealer] Adds HackBoss
* [cluster][stealer] Adds HackBoss. [Jürgen Löhel]
* Merge pull request #654 from nyx0/main. [Alexandre Dulaunoy]
Added BackdoorDiplomacy and Gelsemium.
* Added BackdoorDiplomacy and Gelsemium. [Thomas Dupuy]
## v2.4.144 (2021-06-07)
### Changes
* [threat-actor] added cybercrime threat group profiles from Crowdstrike & Secureworks. [Rony]
### Other
* Merge pull request #653 from r0ny123/cybercrime. [Alexandre Dulaunoy]
Adding CyberCrime actor profiles from Crowdstrike & Secureworks
* More ta544 references. [Rony]
* Merge pull request #652 from danielplohmann/patch-9. [Alexandre Dulaunoy]
adding Twisted Spider as alias for TA2101 (Maze)
* Twisted Spider -> TWISTED SPIDER. [Daniel Plohmann]
fair point
* Adding Twisted Spider as alias for TA2101 (Maze) [Daniel Plohmann]
* Merge pull request #650 from Still34/patches/alias-tick-1. [Alexandre Dulaunoy]
Add alias for Tick
* Add Nian alias. [Still Hsu]
* Merge pull request #649 from Still34/patches/country-blacktech-1. [Alexandre Dulaunoy]
Add country origin for BlackTech
* Add country origin for BlackTech. [Still Hsu]
* Merge pull request #648 from danielplohmann/patch-8. [Andras Iklody]
fixing broken/dead links
* Fixing broken/dead links. [Daniel Plohmann]
## v2.4.143 (2021-05-14)
### New
* [ransomware] Ragnarok added. [Alexandre Dulaunoy]
### Changes
* [ransomware] COLT (Compromise to Leak Time) added on Darkside and Pysa. [Alexandre Dulaunoy]
"COLT Compromise to Leak Time" - new meta colt-median/colt-average.
For reference: https://vulnerability.ch/2021/05/colt-compromise-to-leak-time/
* [att&ck] bump to latest ATT&CK version from MITRE. [Christophe Vandeplas]
### Fix
* [ransomware] Related key should be outside metas. [mokaddem]
### Other
* Merge pull request #646 from r0ny123/update. [Alexandre Dulaunoy]
Updates to APT27 & Tick
* Merge branch 'update' of https://github.com/r0ny123/misp-galaxy into update. [Rony]
* FlatChestWare duplicate removed. [Rony]
* FlatChestWare duplicate removed. [Rony]
* Merged STALKER PANDA to Tick. [Rony]
* Several updates to apt27. [Rony]
## v2.4.142 (2021-04-26)
### New
* [att&ck] support for subtechniques. [Christophe Vandeplas]
* [dev] fix empty strings, lists. [VVX7]
* [dev] add ASPI's China Defence University Tracker. [VVX7]
Thanks to Cormac Doherty for writing the web scraper! To update the galaxy run the included gen_defence_university.py script.
"The China Defence Universities Tracker is a database of Chinese institutions engaged in military or security-related science and technology research. It was created by ASPIs International Cyber Policy Centre.
It includes entries on nearly 100 civilian universities, 50 Peoples Liberation Army institutions, Chinas nuclear weapons program, three Ministry of State Security institutions, four Ministry of Public Security universities, and 12 state-owned defence industry conglomerates.
The Tracker is a tool to inform universities, governments and scholars as they engage with the entities from the Peoples Republic of China. It aims to build understanding of the expansion of military-civil fusion—the Chinese governments policy of integrating military and civilian efforts—into the education sector.
The Tracker should be used to inform due diligence of Chinese institutions. However, the fact that an institution is not included here does not indicate that it should not raise risks or is not involved in defence research. Similarly, entries in the database may not reflect the full range and nature of an institutions defence and security links." - ASPI (https://unitracker.aspi.org.au/about/)
* Added Bhadra framework for mobile attacks. [iglocska]
- based on the paper published here: https://arxiv.org/pdf/2005.05110.pdf
- thanks to the ATT&CK EU community conference speakers highlighting this framework!
* [country] galaxy added. [iglocska]
* [galaxy] AMITT (Adversarial Misinformation and Influence Tactics and Techniques) framework for describing disinformation incidents. AMITT is part of misinfosec - work on adapting information security practices to help track and counter misinformation - and is designed as far as possible to fit existing infosec practices and tools. [VVX7]
* Added draft of the election guildelines galaxy. [mokaddem]
* Add entries from Bambenek Consulting. [Raphaël Vinot]
### Changes
* [ransomware] duplicate removed. [Alexandre Dulaunoy]
* [ransomware] duplicate removed. [Alexandre Dulaunoy]
* [ransomware] duplicates removed. [Alexandre Dulaunoy]
* [ransomware] Flyper removed. [Alexandre Dulaunoy]
* [ransomware] first duplicate removed. [Alexandre Dulaunoy]
* [ransomware] remove duplicate "File-Locker" [Alexandre Dulaunoy]
* [malpedia] jq all the file and removed ref duplicates. [Alexandre Dulaunoy]
* [clusters] fixing broken UUID fix #628. [Alexandre Dulaunoy]
* [ransomware] fix the broken UUID fix #628. [Alexandre Dulaunoy]
* [microsoft activity group] HAFNIUM added. [Alexandre Dulaunoy]
* [tool] SUNSPOT added. [Alexandre Dulaunoy]
* [rsit] rsit as galaxy name. [Alexandre Dulaunoy]
* [threat-actor] UNC2452/DarkHalo added - ref. #614. [Alexandre Dulaunoy]
* [ransomware] Babuk Ransomware added. [Alexandre Dulaunoy]
* [ransomware] RegretLocker added. [Alexandre Dulaunoy]
* Fix gh actions. [Raphaël Vinot]
* Add PR to GH actions. [Raphaël Vinot]
* [doc] Travis is dead, GH Action is alive. [Alexandre Dulaunoy]
* [att&ck] update to latest MITRE ATT&CK version. [Christophe Vandeplas]
* [cryptominer] updated. [Alexandre Dulaunoy]
* [rename] tea matrix. [Alexandre Dulaunoy]
* [tea] matrix updated to include brewing time and the milk attack technique. [Alexandre Dulaunoy]
* [tea] first version. [Alexandre Dulaunoy]
* [att&ck] no tag for subtechnique. [Christophe Vandeplas]
* [botnet] Katura mess added. [Alexandre Dulaunoy]
* [galaxy] fix the name to China Defence Universities Tracker. [Alexandre Dulaunoy]
* [dev] jq. [VVX7]
* [dev] gen_defence_university.py no longer outputs empty strings, lists. [VVX7]
* [threat-actor] remove duplicate references. [Alexandre Dulaunoy]
* [threat-actor] fix #561 by using new meta to classify as a campaign only. [Alexandre Dulaunoy]
Based on https://github.com/MISP/misp-galaxy/issues/469
There is an old and persistence issue in attribution world and basically no-one really agrees on this. So we decided to start a specific metadata `threat-actor-classification` on the threat-actor to define the various types per cluster entry:
- _operation_:
- _A military operation is the coordinated military actions of a state, or a non-state actor, in response to a developing situation. These actions are designed as a military plan to resolve the situation in the state or actor's favor. Operations may be of a combat or non-combat nature and may be referred to by a code name for the purpose of national security. Military operations are often known for their more generally accepted common usage names than their actual operational objectives._ from Wikipedia
- **In the context of MISP threat-actor name, it's a single specific operation.**
- _campaign_:
- _The term military campaign applies to large scale, long duration, significant military strategy plans incorporating a series of inter-related military operations or battles forming a distinct part of a larger conflict often called a war. The term derives from the plain of Campania, a place of annual wartime operations by the armies of the Roman Republic._ from Wikipedia
- **In the context of MISP threat-actor-name, it's long-term activity which might be composed of one or more operations.**
- threat-actor
- **In the context of MISP threat-actor-name, it's an agreed name by a set of organisations.**
- activity group
- **In the context of MISP threat-actor-name, it's a group defined by its set of common techniques or activities.**
- unknown
- **In the context of MISP threat-actor-name, it's still not clear if it's an operation, campaign, threat-actor or activity group**
The meta field is an array to allow specific cluster of threat-actor to show the current disagreement between different organisations about the type (threat actor, activity group, campaign and operation).
* Bump travis. [Raphaël Vinot]
* [jq] all the things. [Alexandre Dulaunoy]
* [preventive-measure] packet filtering added. [Alexandre Dulaunoy]
* [threat-actor] remove the non-unique elements. [Alexandre Dulaunoy]
* [ta] fix the JSON. [Alexandre Dulaunoy]
* [jq] JSON fixed. [Alexandre Dulaunoy]
* [json] add missing comma. [Alexandre Dulaunoy]
* [country] jq all. [Alexandre Dulaunoy]
* [malpedia] fixes. [Alexandre Dulaunoy]
* [threat-actor] JSON fixed. [Alexandre Dulaunoy]
* [travis] pip3. [Alexandre Dulaunoy]
* [ransomware] Nodera ransomware added. [Alexandre Dulaunoy]
* [threat-actor] typo fixed. [Alexandre Dulaunoy]
* [threat-actor] format fixed. [Alexandre Dulaunoy]
* [threat-actor] fix order. [Alexandre Dulaunoy]
* [threat-actor] Budminer APT added based on document from "Soesanto, Stefan" [Alexandre Dulaunoy]
* [threat-actor] SideWinder APT group added. [Alexandre Dulaunoy]
* [threat-actor] jq. [Alexandre Dulaunoy]
* [dark-pattern] namespace: misp. [Jean-Louis Huynen]
* [ransomware] jq ;-) [Alexandre Dulaunoy]
* [clean-up] jq all the things. [Alexandre Dulaunoy]
* [threat-actor] Lucky Mouse synonym added. [Alexandre Dulaunoy]
* [threat-actor] Calypso group added. [Alexandre Dulaunoy]
Ref: https://www.ptsecurity.com/upload/corporate/ru-ru/analytics/calypso-apt-2019-rus.pdf
MISP UUID: 5ca4718b-7f38-4822-83b7-0a1a0a00b412
* [threat-actor] threat-actor-classification updated. [Alexandre Dulaunoy]
* [threat-actor] jq is jq. [Alexandre Dulaunoy]
* [threat-actor] Operation WizardOpium added. [Alexandre Dulaunoy]
ref: https://securelist.com/chrome-0-day-exploit-cve-2019-13720-used-in-operation-wizardopium/94866/
* [attack] update to latest ATT&CK data. [Christophe Vandeplas]
* [attck4fraud] jq all the things. [Alexandre Dulaunoy]
* [attck4fraud] updates based on issue #466. [Alexandre Dulaunoy]
* [galaxy] added AMITT galaxy/cluster generator script. [VVX7]
* [galaxy] version number to int. [VVX7]
* [misp-galaxy] jq all the things. [Alexandre Dulaunoy]
* [tool] COMPfun - Reductor added. [Alexandre Dulaunoy]
* [threat-actor] new LookBack (Malware?Campaign?TA?) [Alexandre Dulaunoy]
* [threat-actor] Evil Eye and POISON CARP. [Alexandre Dulaunoy]
* [threat-actor] add machete-apt synonyms as reported in #445. [Alexandre Dulaunoy]
* [threat-actor] jq all. [Alexandre Dulaunoy]
* [threat-actor] LYCEUM added - 443 #fixed. [Alexandre Dulaunoy]
* [threat-actor] rollback as discussed by chat with Andras until version 2.0. [Alexandre Dulaunoy]
* [att&ck] July ATT&CK release included in MISP galaxy. [Alexandre Dulaunoy]
* [threat-actor] version updated. [Alexandre Dulaunoy]
* [threat-actor] duplicated refs removed. [Alexandre Dulaunoy]
* [threat-actor] synonyms fixed. [Alexandre Dulaunoy]
* [threat-actor] jq everything. [Alexandre Dulaunoy]
* [branded_vulnerability] version updated. [Alexandre Dulaunoy]
* Add PyMISPGalaxies test. [Raphaël Vinot]
* [attack-pattern] Sync kill-chain with data from MITRE. [mokaddem]
* [o365-exchange-techniques] Actions on Intent added (finalized) [Alexandre Dulaunoy]
* [o365-exchange-techniques] Expansion added (WiP) [Alexandre Dulaunoy]
* [o365-exchange-techniques] Persistence kill-chain added (WiP) [Alexandre Dulaunoy]
* [o365-exchange-techniques] Compromise row added (WiP) [Alexandre Dulaunoy]
* [o365-exchange-techniques] [WiP] based on John Lambert matrix techniques. [Alexandre Dulaunoy]
* [malpedia] duplicates fixed. [Alexandre Dulaunoy]
* [malpedia] jq all the things. [Alexandre Dulaunoy]
* [malpedia] updated to the latest version. [Rintaro KOIKE]
* [threat-actor] FIN4 updates. [Alexandre Dulaunoy]
* [ATT&CK] updated to the latest version. [Alexandre Dulaunoy]
* [exploit-kit] jq all the things. [Alexandre Dulaunoy]
* [tool] Cowboy and KimJongRAT (Sorry Paul, we forgot ;-) [Alexandre Dulaunoy]
ref: https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/
* [tool] jq all the things. [Alexandre Dulaunoy]
* [tool] Karkoff tool added. [Alexandre Dulaunoy]
* [ransomware] various fixes. [Alexandre Dulaunoy]
* [ransomware] jq all the things(tm) [Alexandre Dulaunoy]
* [ransomware] fix the meta to payment-method. [Alexandre Dulaunoy]
* [mitre att&ck] updated with new version. [Alexandre Dulaunoy]
* [threat-actor] change attribution confidence to be a string by default. [Alexandre Dulaunoy]
* [tools] fix the attribution confidence level. [Alexandre Dulaunoy]
* [attck4fraud] updated. [Alexandre Dulaunoy]
* [attck4fraud] completed. [Alexandre Dulaunoy]
* [attck4fraud] Assets Transfer added. [Alexandre Dulaunoy]
* [attck4fraud] Obtain Fraudulent Assets added. [Alexandre Dulaunoy]
* [attck4fraud] Perform fraud added. [Alexandre Dulaunoy]
* [attck4fraud] Target compromise updated. [Alexandre Dulaunoy]
* [attck4fraud] more techniques. [Alexandre Dulaunoy]
* [threat-actor] BRONZE UNION is also uppercase. [Alexandre Dulaunoy]
* [threat-actor] updated the version to avoid the past issue with 0 value for integer values. [Alexandre Dulaunoy]
* [sector] typo fixed - reported in #364. [Alexandre Dulaunoy]
* [attck4fraud] fix the type issue. [Alexandre Dulaunoy]
* [attck4fraud] uuid fixed. [Alexandre Dulaunoy]
* [attck4fraud] ATM Shimming added. [Alexandre Dulaunoy]
* [attck4fraud] description fixed for FT1003. [Alexandre Dulaunoy]
* [threat-actor] SandCat added. [Alexandre Dulaunoy]
* [threat-actor] new attribution-confidence level introduced. [Alexandre Dulaunoy]
* [threat-actor] jq all the things. [Alexandre Dulaunoy]
* [threat-actor] IRIDIUM added. [Alexandre Dulaunoy]
* [tools] jq all the things. [Alexandre Dulaunoy]
* [tool] SLUB Backdoor added. [Alexandre Dulaunoy]
* [tool] Xbash description updated. [Alexandre Dulaunoy]
* [threat-actor] format fixed. [Alexandre Dulaunoy]
* [threat-actor] jq all the things late in the night. [Alexandre Dulaunoy]
* [threat-actor] uuid fixed. [Alexandre Dulaunoy]
* [tool] BabyShark added. [Alexandre Dulaunoy]
* [threat-actor] STOLEN PENCIL added. [Alexandre Dulaunoy]
* [cert-eu-govsector] version fixed. [Alexandre Dulaunoy]
* [threat-actor] version fixed. [Alexandre Dulaunoy]
* [ransomware] no related object in meta. [Alexandre Dulaunoy]
* [mitre-attack-pattern] jq. [Alexandre Dulaunoy]
* [mitre-attack-pattern] bumped version number. [mokaddem]
* [mitre-attack-pattern] Added kill_chain_order. [mokaddem]
* [election-guidelines] sorting is important ;-) [Alexandre Dulaunoy]
* [schema] optional kill_chain_order field added. [Alexandre Dulaunoy]
* [election-guidelines] jq. [Alexandre Dulaunoy]
* [mitre] Deprecated pre/enterprise/mobile separate galaxies. [Christophe Vandeplas]
* [tool] jq jq jq jq jq jq jq jq. [Alexandre Dulaunoy]
* [doc] new year copyright fun. [Alexandre Dulaunoy]
* [mitre] bump to latest MITRE ATT&CK dataset. [Christophe Vandeplas]
* [mitre] re-generated galaxies and values using the MITRE sources. [Christophe Vandeplas]
and also using the MISP version to keep manually created relationships and such
* [malpedia] updated to the latest version. [Alexandre Dulaunoy]
* [licensing] 2-clause BSD added in addition to CC0. [Alexandre Dulaunoy]
To remove ambiguity of licensing and allowing users to select
the license they would like to use CC0 or 2-clause BSD.
Related to: https://github.com/MISP/misp-taxonomies/issues/126
* [doc] move how to contribute to the CONTRIBUTE file. [Alexandre Dulaunoy]
* [doc] Added some dependency pointers. [Steve Clement]
* Uuid fixed. [Alexandre Dulaunoy]
* [threat-actor] INDRIK SPIDER added. [Alexandre Dulaunoy]
* [ransomware] duplicate removed. [Alexandre Dulaunoy]
* Further categorization of galaxies. [Christophe Vandeplas]
* Categorization of galaxies. [Christophe Vandeplas]
This allows relationships to be created.
* Removal of older unused relationships. [Christophe Vandeplas]
* MITRE relationships included in the respective cluster. [Christophe Vandeplas]
* Mappings are now in the generated adoc. [Christophe Vandeplas]
plus massive performance improvement
* Magical mapping with malpedia. [Christophe Vandeplas]
* [malpedia] duplicate urls removed. [Alexandre Dulaunoy]
* [tool] NOKKI added. [Alexandre Dulaunoy]
ref: https://researchcenter.paloaltonetworks.com/2018/09/unit42-new-konni-malware-attacking-eurasia-southeast-asia/
* [botnet] Torii added. [Alexandre Dulaunoy]
* [threat-actor] Iron Group added. [Alexandre Dulaunoy]
ref: https://www.intezer.com/iron-cybercrime-group-under-the-scope-2/
* [tool] Xbash added. [Alexandre Dulaunoy]
ref: https://researchcenter.paloaltonetworks.com/2018/09/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows/
* [tool] biscuit biscvt tool BISKVIT. [Alexandre Dulaunoy]
ref: https://www.fortinet.com/blog/threat-research/russian-army-exhibition-decoy-leads-to-new-biskvit-malware.html
* [threat-actor] APT-C-35 actor added. [Alexandre Dulaunoy]
ref: https://ti.360.net/blog/articles/latest-activity-of-apt-c-35/
* [mapping] Generated automatic mapping between clusters. [Christophe Vandeplas]
* [tool] KEYMARBLE malware added. [Alexandre Dulaunoy]
ref: https://www.us-cert.gov/ncas/analysis-reports/AR18-221A
* [threat-actor] jq document. [Alexandre Dulaunoy]
* [schema clusters] fix the JSON indentation. [Alexandre Dulaunoy]
* [threat-actor] The Gordon Group added. [Alexandre Dulaunoy]
ref: https://researchcenter.paloaltonetworks.com/2018/08/unit42-gorgon-group-slithering-nation-state-cybercrime/
* [rat] Hallaj PRO Rat added. [Alexandre Dulaunoy]
ref: https://securelist.com/attacks-on-industrial-enterprises-using-rms-and-teamviewer/87104/
misp-event: 5b63f5e4-bf24-4f46-8340-48fc02de0b81
* [threat-actor] leafminer - RASPITE added. [Alexandre Dulaunoy]
* [tool] added based on Carbanak tooling description from Crowdstrike. [Alexandre Dulaunoy]
ref: https://www.crowdstrike.com/blog/arrests-put-new-focus-on-carbon-spider-adversary-group/
* [threat-actor] new reference to CARBON SPIDER/Carbanak. [Alexandre Dulaunoy]
* [tool] Bisonal malware added (new variant with encryption capabilities) [Alexandre Dulaunoy]
* [threat-actor] The Big Bang campaign/group added. [Alexandre Dulaunoy]
* [botnet] Xor DDoS added. [Alexandre Dulaunoy]
* RANCOR group added. [Alexandre Dulaunoy]
* Stalker Panda description added. [Alexandre Dulaunoy]
* Old MITRE ATT&CK (2017) is moving to deprecated namespace. [Alexandre Dulaunoy]
* Namespace mitre-attack added for version 2 of the MITRE ATT&CK after 2018. [Alexandre Dulaunoy]
* [misp-galaxy] namespace misp added. [Alexandre Dulaunoy]
### Fix
* Cryptominers type. [Jakub Onderka]
* Rename "Innitial Access" to "Initial Access" [Thijsvanede]
Renamed mitre-ics-tactics "Innitial Access" to "Initial Access".
Original was a minor spelling mistake.
The fixed naming corresponds to the original ATT&CK framework description https://collaborate.mitre.org/attackics/index.php/Initial_Access
* Reorganize GH actions. [Raphaël Vinot]
* Sort keys, fix tests. [Raphaël Vinot]
* Remove comma. [Thomas Dupuy]
* Name of SoD Matrix cluster to match galaxy. [Raphaël Vinot]
Fix #566
* Small fixes to the bhadra framework. [iglocska]
* JQ all the things. [Raphaël Vinot]
* [attack] fixes old MITRE relationships not being removed. [Christophe Vandeplas]
* [adoc] ignore deprecated galaxies. [Christophe Vandeplas]
* [region] inconsistent type. [Christophe Vandeplas]
* [misinfosec] fixes inconsistent filename. [Christophe Vandeplas]
* [misinfosec] fixed kill_chain fields. [mokaddem]
* Make tests happy. [Raphaël Vinot]
* O365-exchange-techniques (duplicate values, duplicate UUIDs) [Raphaël Vinot]
* UUID issues. [Raphaël Vinot]
* Duplicate values, typos. [Raphaël Vinot]
* Make validate all happy. [Raphaël Vinot]
* Wrong (duplicate) value. [Raphaël Vinot]
* [tool] MITRE conversion script. [Christophe Vandeplas]
* [ransomware] more duplicates removed. [Alexandre Dulaunoy]
* [ransomware] removed duplicate values. [Alexandre Dulaunoy]
* [ransomware] duplicate removed. [Alexandre Dulaunoy]
* [graph.py] small fix to make it work. [Alexandre Dulaunoy]
* [malpedia] version. [Alexandre Dulaunoy]
* [malpedia] broken reference has been fixed. [Alexandre Dulaunoy]
* Add missing relations from commit 78c1f073590c4ae1822c8508f62934ffb215fab2. [Christophe Vandeplas]
* Add missing relations from commit b857be9cabb02fb24aa5ef7db8e0c209a630189b. [Christophe Vandeplas]
* Add missing relations from commit a81bbe288f91298fad0028e0f3c940c41c8d27fa. [Christophe Vandeplas]
* Add missing relations from commit 29beb01dc3ed0067db6ccc33f41456147d38d2d7. [Christophe Vandeplas]
* Intrusion is an actor and not a tool. [Christophe Vandeplas]
* Jq all the things. [Christophe Vandeplas]
* Minor newline difference after jq_all_the. [Christophe Vandeplas]
* Automatically fix missing uuids. [Christophe Vandeplas]
* Array in synonyms (MISP accepts it but not the schema ;-) [Alexandre Dulaunoy]
* [threat-actor] added missing uuids. [Christophe Vandeplas]
* [threat-actor] related is an array of JSON objects. [Alexandre Dulaunoy]
* [JSON schema] related element is an array of JSON objects. [Alexandre Dulaunoy]
* Jq all the things(tm) [Alexandre Dulaunoy]
* [threat-actor] synonyms are always arraus. [Alexandre Dulaunoy]
* Cleanup the link generation based on type instead of title (Thanks to Juan Rocha for the report) [Alexandre Dulaunoy]
* Duplicate ELECTRUM entry. [Raphaël Vinot]
Fix #212
* Duplicate UUID in tools. [Raphaël Vinot]
* JSON format. [Alexandre Dulaunoy]
* PureMasuta added to Masuta. [Alexandre Dulaunoy]
* Typo in meta field. [Alexandre Dulaunoy]
* Updated description to clearly states that only branded vulnerabilities. [Alexandre Dulaunoy]
* Dedication page (CEF) and update overall structure of the document generated. [Alexandre Dulaunoy]
* BARIUM and LEAD added. [Alexandre Dulaunoy]
* Preventive measures added. [Alexandre Dulaunoy]
* Naming normalisation. [Iglocska]
### Other
* Merge pull request #647 from Delta-Sierra/master. [Alexandre Dulaunoy]
Remove duplicate
* Fix duplicates and add relations. [Delta-Sierra]
* Merge https://github.com/MISP/misp-galaxy. [Delta-Sierra]
* Merge pull request #645 from Delta-Sierra/master. [Alexandre Dulaunoy]
Adding ransomware names [WIP 2/3]
* Merge pull request #644 from danielplohmann/patch-7. [Alexandre Dulaunoy]
adding Yanbian Gang as threat actor
* Adding Yanbian Gang as threat actor. [Daniel Plohmann]
* Merge pull request #643 from Delta-Sierra/master. [Alexandre Dulaunoy]
Adding ransomware names[WIP]
* Removing duplicate. [Delta-Sierra]
* Removing unexpected line. [Delta-Sierra]
* Adding ransomware names [WIP 3] [Delta-Sierra]
* Adding ransomware names [WIP 2] [Delta-Sierra]
* Fix version. [Delta-Sierra]
* Adding ransomwares WIP. [Delta-Sierra]
* Merge pull request #642 from danielplohmann/patch-6. [Alexandre Dulaunoy]
Symantec uses Palmerworm as alias for BlackTech
* Symantec uses Palmerworm as alias for BlackTech. [Daniel Plohmann]
Adding Palmerworm as Symantec alias for BlackTech (with reference).
* Merge pull request #641 from nyx0/main. [Alexandre Dulaunoy]
Add Ghostwriter.
* Add Ghostwriter. [Thomas Dupuy]
* Merge pull request #639 from r0ny123/patch-1. [Alexandre Dulaunoy]
remove turbine panda synonyms from hafnium
* Reverted changes made into 52ae97718d520ad800cc2fa8631e44cfbf44dab5. [Rony]
* Merge pull request #638 from sebdraven/main. [Alexandre Dulaunoy]
add Turbinia Panda to Haffnium
* Validation jsons. [sebdraven]
* Update threat-actor.json. [Sebdraven]
add a synonym to Haffnium
* Merge pull request #637 from sebdraven/main. [Alexandre Dulaunoy]
Add RedEcho Threat Actor
* Validation ok. [sebdraven]
* Update threat-actor.json. [Sebdraven]
format json
* Update threat-actor.json. [Sebdraven]
add redecho threat actor
* Merge pull request #2 from MISP/main. [sebdraven]
Sync Forks
* Merge pull request #636 from JakubOnderka/cryptominers-type. [Alexandre Dulaunoy]
fix: Cryptominers type
* Merge branch 'marjatech-main' into main. [Alexandre Dulaunoy]
* Update to latest Ref: https://malpedia.caad.fkie.fraunhofer.de/api/get/misp. [Jakob M]
* Merge pull request #634 from Delta-Sierra/master. [Alexandre Dulaunoy]
Serveral updates and additions
* Fix progress. [Delta-Sierra]
* Fix merge & jq. [Delta-Sierra]
* Merge. [Delta-Sierra]
* Merge pull request #633 from r0ny123/patch-1. [Alexandre Dulaunoy]
add more HAFNIUM references
* From Nextron. [Rony]
* More! [Rony]
* More references. [Rony]
From
Crowdstrike
MSRC
and kql hunting query from James Quinn
* Add HAFNIUM detection refs. [Rony]
* Fix. [Rony]
* Add more HAFNIUM references. [Rony]
* Merge pull request #632 from r0ny123/patch-1. [Alexandre Dulaunoy]
Adding alias NOBELIUM
* Adding alias NOBELIUM. [Rony]
* Merge pull request #631 from r0ny123/Enhancement. [Alexandre Dulaunoy]
Add HAFNIUM
* Added HAFNIUM. [Rony]
Updates:
Tonto Team
UNC2452
* Add relationships between Maze, Rgnar, Egregor and Sekhmet. [Delta-Sierra]
* Add Sekhmet ransomware. [Delta-Sierra]
* Add TeamTNT ref. [Delta-Sierra]
* Add Ragnar Locker and update accordingly. [Delta-Sierra]
* Add Covidloc and tycoon ransomware + small updates on some ransomwares. [Delta-Sierra]
* Add TeamTNT. [Delta-Sierra]
* Merge https://github.com/MISP/misp-galaxy. [Delta-Sierra]
* Fix merge. [Delta-Sierra]
* Update sidewinder threat actor. [Delta-Sierra]
* Merge pull request #1 from MISP/main. [sebdraven]
merge
* Merge pull request #630 from sebdraven/main. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [Sebdraven]
update Sidewinder card
* Merge pull request #629 from nyx0/main. [Alexandre Dulaunoy]
Update Infy TA.
* Update Infy TA. [Thomas Dupuy]
* Merge branch 'main' of github.com:MISP/misp-galaxy into main. [Alexandre Dulaunoy]
* Merge pull request #627 from r0ny123/patch-2. [Alexandre Dulaunoy]
removing DePrimon
* Removing DePrimon. [Rony]
DePrimon is not a TA, added malfamily (waiting for approval) to Malpedia to better reflect that.
* Merge pull request #626 from nyx0/main. [Alexandre Dulaunoy]
Add RDAT backdoor
* Add RDAT backdoor. [Thomas Dupuy]
* Merge pull request #625 from Thijsvanede/patch-1. [Alexandre Dulaunoy]
* Merge pull request #624 from nyx0/main. [Alexandre Dulaunoy]
Add Exaramel and P.A.S. webshell tool.
* Remove empty values. [Thomas Dupuy]
* Add Exaramel and P.A.S. webshell tool. [Thomas Dupuy]
* Merge pull request #623 from nyx0/main. [Alexandre Dulaunoy]
Add Caterpillar WebShell.
* Add Caterpillar WebShell. [Thomas Dupuy]
* Merge branch 'main' of github.com:MISP/misp-galaxy into main. [Alexandre Dulaunoy]
* Merge pull request #622 from danielplohmann/patch-5. [Alexandre Dulaunoy]
adding ClearSky alias for Volatile Cedar
* Adding ClearSky alias for Volatile Cedar. [Daniel Plohmann]
adding ClearSky report as source and alias to the VolatileCedar entry. As proof from the report: "We attributed the operation to Lebanese Cedar (also known as Volatile Cedar), mainly based on the code overlaps between the 2015 variants of Explosive RAT and Caterpillar WebShell, to the 2020 variants of these malicious files."
* Merge pull request #621 from cudeso/main. [Alexandre Dulaunoy]
RSIT Galaxy/Cluster
* Move cfr-type-of-incident to meta. [Koen Van Impe]
* RSIT Galaxy/Cluster. [Koen Van Impe]
* Merge pull request #620 from StefanKelm/main. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
Lazarus
* Merge pull request #619 from nyx0/main. [Alexandre Dulaunoy]
Update tool cluster
* Add HyperBro in tools. [Thomas Dupuy]
* Update ZxShell tool. [Thomas Dupuy]
* Merge pull request #618 from StefanKelm/main. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
Lazarus
* Merge pull request #617 from danielplohmann/patch-4. [Alexandre Dulaunoy]
merge COVELLITE into Lazarus Group
* Merge COVELLITE into Lazarus Group. [Daniel Plohmann]
I would propose to move COVELLITE as tracked by Dragos as an alias into Lazarus Group and merge the references.
Dragos' own description states that it refers to the same group as "Lazarus" and "Hidden Cobra" in that infrastructure and tools are the same: https://www.dragos.com/threat-activity-groups/ - the entry in MISP's threat actor library also reflects that.
* Merge pull request #616 from r0ny123/patch-2. [Alexandre Dulaunoy]
removing Starcruft
* Update threat-actor.json. [Rony]
Don't know how StarCraft
* Merge pull request #615 from danielplohmann/patch-3. [Alexandre Dulaunoy]
merging ScarCruft->APT37
* Merging ScarCruft->APT37. [Daniel Plohmann]
I would like to propose merging entry "ScarCruft" into "APT37". It really just seems like a redundancy, as both its aliases "Operation Daybreak" and "Operation Erebus" are already present for "APT37", along alias "StarCruft", which just seems to be a less popular variation of the name ("StarCruft" 3.2k google hits vs "ScarCruft" 31.5k google hits). The references of the entry can be fully merged as well - they do not overlap so far.
* Merge pull request #612 from r0ny123/patch-1. [Alexandre Dulaunoy]
BISMUTH
* Update threat-actor.json. [Rony]
* BISMUTH. [Rony]
* Merge pull request #609 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
DeathStalker, Mabna
* Merge pull request #610 from Delta-Sierra/master. [Alexandre Dulaunoy]
Add new clusters
* Add BazarBackdoor. [Delta-Sierra]
* Add RansomEXX. [Delta-Sierra]
* Merge https://github.com/MISP/misp-galaxy. [Delta-Sierra]
* Merge pull request #608 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
Turla
* Merge pull request #607 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
OceanLotus
* Merge branch 'main' of github.com:MISP/misp-galaxy into main. [Alexandre Dulaunoy]
* Merge pull request #606 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
APT27
* Merge https://github.com/MISP/misp-galaxy. [Delta-Sierra]
* Merge pull request #604 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
* Merge pull request #603 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
Lazarus
* Add Darkside ransomware. [Delta-Sierra]
* Merge pull request #602 from snurilov/patch-1. [Alexandre Dulaunoy]
Add ConfuserEx and Beds Protector .NET packers to tools.json cluster
* Add ConfuserEx and Beds Protector .NET packers to tools.json cluster. [snurilov]
Add ConfuserEx and Beds Protector .NET packers to tools.json cluster
* Merge pull request #601 from snurilov/patch-1. [Alexandre Dulaunoy]
Update rat.json to include Iperius Remote
* Update rat.json to include Iperius Remote. [snurilov]
Add Iperius Remote to the rat.json cluster.
* Merge pull request #600 from StefanKelm/master. [Christophe Vandeplas]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
OceanLotus
* Merge pull request #598 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
Kimsuky
* Merge pull request #596 from r0ny123/patch-1. [Alexandre Dulaunoy]
Update threat-actor.json
* Remove duplicate! [Rony]
* Update threat-actor.json. [Rony]
Added TRACER KITTEN, FIN11, UNC1878, Operation Skeleton Key
* Merge pull request #594 from Delta-Sierra/master. [Alexandre Dulaunoy]
update microsoft activity groups
* Merge branch 'main' into master. [Deborah Servili]
* Merge branch 'enhanced-master' into main. [Alexandre Dulaunoy]
* Merge branch 'master' of https://github.com/enhanced/misp-galaxy into enhanced-master. [Alexandre Dulaunoy]
* Added a new cryptominer galaxy and additional missing recent families to various clusters. [JJ Cummings]
* Merge pull request #591 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
Kimsuky
* Merge pull request #588 from danielplohmann/patch-2. [Alexandre Dulaunoy]
adding PowerPool alias IAmTheKing (Kaspersky)
* Adding PowerPool alias IAmTheKing (Kaspersky) [Daniel Plohmann]
after a quick search I haven't found a nice source except for costin's tweet.
* Merge pull request #587 from StefanKelm/master. [Christophe Vandeplas]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
TA505
* Update threat-actor.json. [StefanKelm]
XDSpy
* Clarify error messages in validate_all.sh. [Christophe Vandeplas]
* Fixes issues in attack-ics. [Christophe Vandeplas]
* Added MITRE ICS to readme. [Christophe Vandeplas]
* MITRE ATT&CK for ICS fixes #586. [Christophe Vandeplas]
fixed issues in pull request #586
* Merge pull request #586 from tw010101/main. [Christophe Vandeplas]
Mitre ATT&CK for ICS Galaxies/Clusters
* Revert "Merge pull request #586 from tw010101/main" [Christophe Vandeplas]
This reverts commit a416987d4052221eb80a92169616a5af86f54bd8.
* Merge pull request #586 from tw010101/main. [Christophe Vandeplas]
Mitre ATT&CK for ICS Galaxies/Clusters
* Add files via upload. [tw010101]
* Add files via upload. [tw010101]
Mitre ATT&CK for ICS
Galaxy + Cluster files Mitre ATT&CK for ICS - Assets
Galaxy + Cluster files Mitre ATT&CK for ICS - Groups
Galaxy and Cluster files Mitre ATT&CK for ICS - Levels
Galaxy + Cluster files for Mitre ATT&CK for ICS - Software
Galaxy + Cluster files for Mitre ATT&CK for ICS - Tactics
Galaxy + Cluster files for Mitre ATT&CK for ICS - Techniques
Galaxy + Cluster files for Mitre ATT&CK for ICS - Technique Matrix
* Merge pull request #585 from StefanKelm/master. [Alexandre Dulaunoy]
Lazarus
* Lazarus. [StefanKelm]
* Merge pull request #584 from bartblaze/patch-1. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [Bart]
Add Machete alias
* Merge pull request #583 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
GADOLINIUM
* Merge pull request #582 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
APT28
* Jq. [Delta-Sierra]
* Update microsoft activity groups. [Delta-Sierra]
* Add Sepulcher RAT. [Deborah Servili]
* Merge https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Merge pull request #581 from r0ny123/patch-3. [Alexandre Dulaunoy]
FBI FLASH AC-000133-TT
* FBI FLASH AC-000133-TT. [Rony]
* Merge pull request #580 from r0ny123/patch-2. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [Rony]
Adding Fox-Kitten and cleaned (or improved) winnti
* Merge https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Merge pull request #579 from danielplohmann/ta413-evilnum. [Alexandre Dulaunoy]
Adding TA413 and Evilnum
* Adding TA413 and Evilnum. [Daniel Plohmann (jupiter)]
* Merge pull request #578 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
APT33
* Merge pull request #577 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
STRONTIUM
* Merge pull request #576 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
Lazarus, FIN7
* Merge pull request #575 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
TA542
* Merge pull request #574 from VVX7/main. [Alexandre Dulaunoy]
new: [dev] add ASPI's China Defence University Tracker.
* Merge pull request #573 from rmkml/master. [Alexandre Dulaunoy]
add Conti Ransomware
* Add Conti Ransomware. [rmkml]
* Merge pull request #572 from nyx0/main. [Alexandre Dulaunoy]
Few updates
* Update Tonto Team/CactusPete threat actor. [Thomas Dupuy]
* Add Drovorub tool. [Thomas Dupuy]
* Update TA APT40. [Thomas Dupuy]
* Merge pull request #571 from danielplohmann/patch-30. [Alexandre Dulaunoy]
adding Kaspersky's name for Microcin.
* Update threat-actor.json. [Daniel Plohmann]
adding Kaspersky's name for Microcin.
* Merge pull request #570 from nyx0/master. [Alexandre Dulaunoy]
Add WellMess and WellMail
* Add WellMess and WellMail. [Thomas Dupuy]
* Merge pull request #569 from rmkml/master. [Alexandre Dulaunoy]
add Ragnarok Ransomware
* Merge branch 'master' of https://github.com/rmkml/misp-galaxy. [rmkml]
* Add Ragnarok Ransomware. [rmkml]
* Add Ragnarok Ransomware. [rmkml]
* Merge pull request #568 from Vasileios-Mavroeidis/patch-1. [Alexandre Dulaunoy]
Motive correction based on the EU Cert motive taxonomy
* Motive correction based on the EU Cert motive taxonomy. [Vasileios Mavroeidis]
Changed the motive in object 29af2812-f7fb-4edb-8cc4-86d0d9e3644b from Hactivism-Nationalist to Hacktivists-Nationalists
* Merge branch 'StefanKelm-master' into main. [Alexandre Dulaunoy]
* Update threat-actor.json. [StefanKelm]
OilRig
* Merge pull request #563 from r0ny123/patch-1. [Steve Clement]
* Update threat-actor.json. [Rony]
Moved the JUDGMENT PANDA references to APT31 following the previous commit.
Off note, Crowdstrike quietly removed the JUDGMENT PANDA section from its GTR-2019 report. However if anyone wants to grab the unchanged report, they can get it [here](https://b-ok.asia/book/3697424/2ab30a).
* Update threat-actor.json. [Rony]
* Merge pull request #564 from StefanKelm/master. [Christophe Vandeplas]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
Turla
* Merge pull request #562 from cudeso/main. [Alexandre Dulaunoy]
SoD Matrix
* SoD Matrix. [Koen Van Impe]
Described at https://github.com/cudeso/SoD-Matrix
* Add refs. [Deborah Servili]
* Merge. [Deborah Servili]
* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]
* Merge pull request #559 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
APT31
* Merge pull request #558 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
APT30
* Merge pull request #556 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
TA505
* Merge pull request #557 from r0ny123/patch-1. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [Rony]
* Merge branch 'r0ny123-master' [Alexandre Dulaunoy]
* Fixed typo! [Rony]
* Adding GALLIUM Threat Actor. [Rony]
* Merge pull request #1 from MISP/master. [Rony]
update
* Merge pull request #554 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
Higaisa
* Commit. [Deborah Servili]
* Merge pull request #553 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
Cycldek
* Merge pull request #552 from danielplohmann/reference-fixes. [Alexandre Dulaunoy]
Reference fixes
* Fixing deadlinks where possible. [Daniel Plohmann (jupiter)]
* Default to HTTPS to be consistent with other links to same page. [Daniel Plohmann (jupiter)]
* Merge pull request #551 from nyx0/master. [Alexandre Dulaunoy]
Add CrackMapExec, metasploit, Cobalt Strike and Covenant
* Remove duplicate TA (Chafer), fix symantec link, add synonyme for DarkHotel. [Thomas Dupuy]
* Add CrackMapExec, metasploit, Cobalt Strike and Covenant. [Thomas Dupuy]
* Merge pull request #550 from r0ny123/patch-1. [Alexandre Dulaunoy]
fix
* Update threat-actor.json. [Rony]
* Fix. [Rony]
* Merge branch '3c7-secureworks_profiles' [Alexandre Dulaunoy]
* Merged (most) SecureWorks threat actor profiles && jq. [Nils Kuhnert]
* Merge pull request #547 from Delta-Sierra/master. [Alexandre Dulaunoy]
add Snake Ransomware
* Fix missing description. [Deborah Servili]
* Add Snake Ransomware. [Deborah Servili]
* Merge pull request #546 from danielplohmann/patch-29. [Alexandre Dulaunoy]
msft name: BORON for APT3
* Msft name: BORON for APT3. [Daniel Plohmann]
as per tweet: https://twitter.com/bkMSFT/status/1259578051962306562
* Merge branch 'nyx0-master' [Alexandre Dulaunoy]
* Add Sednit's Exploit-kit Sedkit. [Thomas Dupuy]
* Add Higaisa Threat Actor. [Thomas Dupuy]
* Merge pull request #542 from Delta-Sierra/master. [Alexandre Dulaunoy]
add speculoos bakdoor
* Merge branch 'master' into master. [Deborah Servili]
* Merge pull request #541 from nyx0/master. [Alexandre Dulaunoy]
Add DenesRAT/METALJACK
* Add DenesRAT/METALJACK. [Thomas Dupuy]
* Merge branch 'intezer-fix/reports' [Alexandre Dulaunoy]
* Added misp info. [de Rosen]
* Merge pull request #539 from r0ny123/MergingTA. [Alexandre Dulaunoy]
Adding alias Thallium and merging STOLEN PENCIL
* Adding alias Thallium and merging STOLEN PENCIL. [Rony]
Pretty much confirmed from the crowdstrike talk at ATT&CKon 2.0.
And also Netscout named the campaign as STOLEN PENCIL.
* Merge branch 'rvs1st-patch-1' [Alexandre Dulaunoy]
* Update threat-actor.json. [rvs1st]
Added on line 1403: Trident per campaign malicious RTF documents to exploit CVE-2017-11882 and CVE-2012-0158
* Merge pull request #537 from danielplohmann/patch-28. [Alexandre Dulaunoy]
Adding Nazar APT as described by JAGS in his OPCDE talk yesterday.
* Adding Nazar APT as described by JAGS in his OPCDE talk yesterday. [Daniel Plohmann]
* Merge pull request #536 from danielplohmann/patch-27. [Alexandre Dulaunoy]
adding VOYEUR as alias (used by NSA) for MAGIC KITTEN (source referen…
* Adding VOYEUR as alias (used by NSA) for MAGIC KITTEN (source reference included) [Daniel Plohmann]
* Merge pull request #535 from ITAYC0HEN/feature/AddDarkUniverseActor. [Alexandre Dulaunoy]
Add ItaDuke/DarkUniverse actor
* Add ItaDuke/DarkUniverse actor. [itayc0hen]
* Add speculoos bakdoor. [Deborah Servili]
* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Merge pull request #534 from danielplohmann/fin1. [Alexandre Dulaunoy]
adding FIN1
* Adding FIN1. [pnx@pyrite]
* Merge pull request #533 from r0ny123/MergingTA. [Alexandre Dulaunoy]
fix
* Typo. [Rony]
thanks to @patricksvgr
* Update threat-actor.json. [Rony]
* More fix. [Rony]
* Fix broken links. [Rony]
* Dead link. [Rony]
* Add link. [Rony]
* Merging APT23 & Tropic Trooper. [Rony]
* Merge pull request #531 from r0ny123/patch-3. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [Rony]
* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Merge pull request #529 from danielplohmann/patch-26. [Alexandre Dulaunoy]
fixing/removing some more dead links
* Removed duplicate entry. [Daniel Plohmann]
* Fixing/removing some more dead links. [Daniel Plohmann]
* Merge pull request #528 from Delta-Sierra/master. [Alexandre Dulaunoy]
UPdate Ransomware Galaxy
* Add Operation Shadow Forece. [Deborah Servili]
* Add coronavirus ransomware. [Deborah Servili]
* Add Pyta ransomnotes. [Deborah Servili]
* Add pyza ransomware. [Deborah Servili]
* Merge pull request #526 from Delta-Sierra/master. [Alexandre Dulaunoy]
PARINACOTA group
* PARINACOTA group. [Deborah Servili]
* Merge pull request #523 from danielplohmann/patch-24. [Alexandre Dulaunoy]
adding aliases MERCURY, HOLMIUM
* Adding aliases MERCURY, HOLMIUM. [Daniel Plohmann]
Muddywater->MERCURY: https://twitter.com/moranned/status/1234071210822184960
APT33->HOLMIUM: https://www.zdnet.com/article/microsoft-notified-10000-victims-of-nation-state-attacks/
* Merge pull request #524 from danielplohmann/patch-25. [Alexandre Dulaunoy]
Kimsuki -> Black Banshee
* Kimsuki -> Black Banshee. [Daniel Plohmann]
PWC refers to Kimsuki as Black Banshee (https://www.pwc.co.uk/issues/cyber-security-data-privacy/research/tracking-kimsuky-north-korea-based-cyber-espionage-group-part-2.html)
* Merge pull request #522 from Delta-Sierra/master. [Alexandre Dulaunoy]
add sdbbot
* Add SdBbot. [Deborah Servili]
* Add clop ransomware extension. [Deborah Servili]
* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]
* Merge pull request #519 from danielplohmann/crowdstrike2020report. [Alexandre Dulaunoy]
adding new/updated threat actor names from CrowdStrike 2020 report
* While we are at it, we can also do Longhorn = APT-C-39. [Daniel Plohmann (jupiter)]
* IMPERIAL KITTEN as alias for Tortoiseshell. [Daniel Plohmann (jupiter)]
* Adding new/updated threat actor names from CrowdStrike 2020 report. [pnx@pyrite]
* Merge branch 'cocaman-patch-1' [Alexandre Dulaunoy]
* Fixing a comma error. [Corsin Camichel]
* Adding Raccoon (win.raccoon) [Corsin Camichel]
* Merge pull request #518 from danielplohmann/patch-21. [Alexandre Dulaunoy]
Accenture calls APT32 - "POND LOACH"
* Accenture calls APT32 - "POND LOACH" [Daniel Plohmann]
* Merge branch 'nyx0-master' [Alexandre Dulaunoy]
* Merge branch 'master' of https://github.com/nyx0/misp-galaxy into nyx0-master. [Alexandre Dulaunoy]
* Add InvisiMole cluster. [Thomas Dupuy]
* Merge pull request #517 from Delta-Sierra/master. [Alexandre Dulaunoy]
update ransomware galaxy
* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Merge pull request #516 from rmkml/master. [Alexandre Dulaunoy]
add MedusaLocker ransomware
* Add MedusaLocker ransomware. [rmkml]
* Add extension to clop ransomware. [Deborah Servili]
* Add razor ransomware. [Deborah Servili]
* Merge pull request #513 from danielplohmann/patch-20. [Alexandre Dulaunoy]
adding APT-C-12
* Adding APT-C-12. [Daniel Plohmann]
* Merge pull request #512 from Delta-Sierra/master. [Alexandre Dulaunoy]
Add several tools
* Add tools used by TA505 + others. [Deborah Servili]
* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Add warzone RAT. [Deborah Servili]
* Merge pull request #510 from Delta-Sierra/master. [Alexandre Dulaunoy]
add ransomwares
* Add ransomwares. [Deborah Servili]
* Merge pull request #509 from r0ny123/patch-3. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [Rony]
those are the name of aliases of the same malware family sykipot. so removing it.
* Merge pull request #508 from Delta-Sierra/master. [Alexandre Dulaunoy]
add Operation Wocao
* Merge branch 'master' into master. [Deborah Servili]
* Merge pull request #507 from nyx0/master. [Alexandre Dulaunoy]
Add Attor and DePriMon
* Add Attor and DePriMon. [Thomas Dupuy]
* Merge pull request #506 from danielplohmann/patch-19. [Alexandre Dulaunoy]
removing and fixing deadlinks in the best possible way
* Removing and fixing deadlinks in the best possible way. [Daniel Plohmann]
Hi! While migrating Malpedia to our new reference data format, we noticed a few potentially dead/moved references in your cluster. This pull request should fix most of them, for some I was not able to find an appropriate replacement.
* Merge pull request #505 from danielplohmann/patch-18. [Alexandre Dulaunoy]
adding references and TEMP.MixMaster as alias for WIZARD SPIDER
* Adding references and TEMP.MixMaster as alias for WIZARD SPIDER. [Daniel Plohmann]
with kudos to @tbarabosch
* Merge pull request #504 from Delta-Sierra/master. [Alexandre Dulaunoy]
update target location galaxy
* Merge pull request #503 from StefanKelm/master. [Alexandre Dulaunoy]
Update ransomware.json
* Update ransomware.json. [StefanKelm]
* Update ransomware.json. [StefanKelm]
5ss5c
* Merge pull request #502 from Delta-Sierra/master. [Alexandre Dulaunoy]
update tool galaxy
* Jq. [Deborah Servili]
* Add Operation Wocao. [Deborah Servili]
* Complete Zimbabwe cluster. [Deborah Servili]
* Update target location galaxy. [Deborah Servili]
* Merge branch 'master' into master. [Deborah Servili]
* Merge pull request #500 from Delta-Sierra/master. [Alexandre Dulaunoy]
update target information
* Merge pull request #501 from StefanKelm/master. [Alexandre Dulaunoy]
Update tool.json
* Update tool.json. [StefanKelm]
LiquorBot
* Merge pull request #499 from StefanKelm/master. [Alexandre Dulaunoy]
Update tool.json
* Update tool.json. [StefanKelm]
Lampion
* Add Autochk Rootkit as tool. [Deborah Servili]
* Add two wipers to tools. [Deborah Servili]
* Update target information. [Deborah Servili]
* Merge pull request #498 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
* Update threat-actor.json. [StefanKelm]
BRONZE PRESIDENT
* Merge pull request #497 from r0ny123/patch-2. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [Rony]
* Merge pull request #496 from bartblaze/patch-1. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [Bart]
Adds Operation Wocao..
* Merge pull request #495 from Delta-Sierra/master. [Alexandre Dulaunoy]
add clop ransomware
* Add clop ransomware. [Deborah Servili]
* Merge pull request #494 from Delta-Sierra/master. [Alexandre Dulaunoy]
add BitPaymer Synonyms
* Jq. [Deborah Servili]
* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Merge pull request #493 from Delta-Sierra/master. [Deborah Servili]
add tools used by GALLIUM
* Merge pull request #492 from Delta-Sierra/master. [Alexandre Dulaunoy]
Operation Soft Cell ralated Updates
* Merge pull request #491 from wagner-certat/threat-actor-syn-sofacy. [Alexandre Dulaunoy]
sofacy: add apt_sofacy as synonym
* Sofacy: add apt_sofacy as synonym. [Sebastian Wagner]
* Merge pull request #490 from Delta-Sierra/master. [Alexandre Dulaunoy]
Update threat actor galaxy
* Add BitPaymer Synonsyms. [Deborah Servili]
* Add tools used by GALLIUM. [Deborah Servili]
* Add GALLIUM as microsoft activities group and similar to Operation Soft Cell. [Deborah Servili]
* Update threat actor version. [Deborah Servili]
* Add relation suspected link between operation soft cell and apt10. [Deborah Servili]
* ##COMMA## [Deborah Servili]
* Merge branch 'master' into master. [Deborah Servili]
* Merge pull request #489 from danielplohmann/patch-16. [Alexandre Dulaunoy]
added APT-C-34 / Golden Falcon
* Added APT-C-34 / Golden Falcon. [Daniel Plohmann]
* Merge pull request #488 from Delta-Sierra/master. [Alexandre Dulaunoy]
create new galaxy - surveillance-vendor
* Merge pull request #487 from gallypette/patch-1. [Alexandre Dulaunoy]
add: [dark-pattern] updates the README
* Add: [dark-pattern] updates the README. [Jean-Louis Huynen]
* Merge pull request #486 from gallypette/master. [Alexandre Dulaunoy]
chg: [dark-pattern] namespace: misp
* Merge pull request #485 from danielplohmann/patch-15. [Alexandre Dulaunoy]
added TA2101
* Added TA2101. [Daniel Plohmann]
* Merge pull request #484 from gallypette/master. [Alexandre Dulaunoy]
add: [dark-pattern] galaxy to tag dark patterns
* Add: [dark-pattern] add a source. [Jean-Louis Huynen]
* Add: [dark-pattern] galaxy to tag dark patterns. [Jean-Louis Huynen]
* Add Axiom synonym. [Deborah Servili]
* Add Sofacy ref. [Deborah Servili]
* Add clusters to surveillance-vendor galaxy. [Deborah Servili]
* Fix surveillance-vendor galaxy. [Deborah Servili]
* Fix-tentative. [Deborah Servili]
* Fix. [Deborah Servili]
* Jq. [Deborah Servili]
* Update schema_cluster. [Deborah Servili]
* Add FlexiSPY + jq. [Deborah Servili]
* Add new galaxy - surveillance-vendor. [Deborah Servili]
* Add Private Internet Access as Tool. [Deborah Servili]
* Merge branch 'rmkml-master' [Alexandre Dulaunoy]
* Merge branch 'master' into master. [rmkml]
* Merge pull request #482 from Delta-Sierra/master. [Alexandre Dulaunoy]
add DePriMon malicious downloader & Cyborg ransomware
* Jq. [Deborah Servili]
* Add cyborg ransomnote refs. [Deborah Servili]
* Add cyborg ransomnote filename. [Deborah Servili]
* Add cyborg ranspmware extension. [Deborah Servili]
* Jq. [Deborah Servili]
* Add DePriMon malicious downloader & Cyborg ransomware. [Deborah Servili]
* Merge pull request #481 from Delta-Sierra/master. [Andras Iklody]
add silence synonym & new meta field spoken-language
* Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy. [Deborah Servili]
* Merge branch 'master' into master. [Deborah Servili]
* Merge. [Deborah Servili]
* Merge pull request #480 from rmkml/master. [Alexandre Dulaunoy]
Add Maze Ransomware
* Merge pull request #477 from rmkml/master. [Alexandre Dulaunoy]
Add Desync Ransomware
* Merge pull request #476 from StefanKelm/master. [Alexandre Dulaunoy]
new refs for APT33
* New refs for APT33. [StefanKelm]
* Merge pull request #475 from Delta-Sierra/master. [Alexandre Dulaunoy]
target information update [WIP]
* Merge pull request #473 from Delta-Sierra/master. [Alexandre Dulaunoy]
update target location WIP
* Merge. [Deborah Servili]
* Add silence synonym & new meta field spoken-language. [Deborah Servili]
* Traget information update [WIP] [Deborah Servili]
* Jq. [Deborah Servili]
* Traget information update [WIP] [Deborah Servili]
* Add Palestine PPound. [Deborah Servili]
* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Merge pull request #472 from rmkml/master. [Alexandre Dulaunoy]
Add DoppelPaymer Ransomware
* Merge pull request #471 from rmkml/master. [Alexandre Dulaunoy]
Add FreeMe Ransomware
* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]
* Merge pull request #468 from Delta-Sierra/master. [Alexandre Dulaunoy]
add Turla Group Symonym variant
* Merge pull request #467 from Delta-Sierra/master. [Deborah Servili]
Few updates
* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]
* Merge pull request #465 from r0ny123/patch-1. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [Rony]
* Jq. [Deborah Servili]
* Update target location WIP. [Deborah Servili]
* Add Turla Group Symonym variant. [Deborah Servili]
* Jq. [Deborah Servili]
* Add Winnti related tools etc. [Deborah Servili]
* Add operation soft cell. [Deborah Servili]
* Merge pull request #464 from MISP/fix-misinfosec. [Sami Mokaddem]
fix: [misinfosec] fixed kill_chain fields
* Merge pull request #463 from VVX7/master. [Alexandre Dulaunoy]
new: [galaxy] AMITT (Adversarial Misinformation and Influence Tactics…
* Merge pull request #462 from Delta-Sierra/master. [Alexandre Dulaunoy]
add synonyms
* Jq. [Deborah Servili]
* Add legitimate tools. [Deborah Servili]
* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Merge pull request #461 from Delta-Sierra/target-location-galaxy. [Alexandre Dulaunoy]
Target location galaxy
* Fix empty string. [Deborah Servili]
* Jq. [Deborah Servili]
* Add TVSPY tool. [Deborah Servili]
* WIP update target info. [Deborah Servili]
* Try to please CodeFactor. [Deborah Servili]
* Add script used to create region galaxy (Not optimised or anything) [Deborah Servili]
* New galaxy - Region based on UN M49. [Deborah Servili]
* WIP update target info. [Deborah Servili]
* Merge pull request #459 from Delta-Sierra/target-location-galaxy. [Alexandre Dulaunoy]
Target location galaxy
* Jq. [Deborah Servili]
* Merge branch 'master' of https://github.com/MISP/misp-galaxy into target-location-galaxy. [Deborah Servili]
* Merge pull request #458 from Delta-Sierra/master. [Alexandre Dulaunoy]
Add Tortoiseshell thrat actor
* WIP update target info - fix empty string. [Deborah Servili]
* WIP update target info. [Deborah Servili]
* WIP update target info. [Deborah Servili]
* Moar clusters. [Deborah Servili]
* Update target information [draft] [Deborah Servili]
* Update target information. [Deborah Servili]
* Update target information. [Deborah Servili]
* Improve target-information. [Deborah Servili]
* Update version. [Deborah Servili]
* Add PlugX rat sysnonyms. [Deborah Servili]
* Add Sodinokibi synonym. [Deborah Servili]
* Version update. [Deborah Servili]
* Add Tortoiseshell thrat actor. [Deborah Servili]
* Merge pull request #457 from rmkml/master. [Alexandre Dulaunoy]
Add Mr.Dec Ransomware
* Merge pull request #456 from rmkml/master. [Alexandre Dulaunoy]
Add Hildacrypt Ransomware
* Merge pull request #455 from rmkml/master. [Alexandre Dulaunoy]
Add InnfiRAT
* Merge pull request #454 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
Silent Librarian
* Merge pull request #453 from rmkml/master. [Alexandre Dulaunoy]
Add AsyncRAT
* Fix Add FTCode Ransomware. [rmkml]
* Add FTCode Ransomware. [rmkml]
* Add Maze Ransomware. [rmkml]
* Revert "Add Maze Ransomware" [rmkml]
This reverts commit cfc6e2802cf8760e1389e77d3f1452f3eda7fb8f.
* Add Maze Ransomware. [rmkml]
* Add Desync Ransomware. [rmkml]
* Add DoppelPaymer Ransomware. [rmkml]
* Add FreeMe Ransomware. [rmkml]
* Add Mr.Dec Ransomware. [rmkml]
* Add Hildacrypt Ransomware. [rmkml]
* Add InnfiRAT. [rmkml]
* Merge branch 'master' into master. [rmkml]
* Merge pull request #452 from Delta-Sierra/master. [Deborah Servili]
aff SectorJ04 group
* Merge branch 'master' into master. [Deborah Servili]
* Merge pull request #450 from rmkml/master. [Alexandre Dulaunoy]
Add Buran Ransomware
* Merge pull request #449 from danielplohmann/patch-14. [Alexandre Dulaunoy]
'SectorJ04 Group' as alias introduced by NSHC for TA505
* 'SectorJ04 Group' as alias introduced by NSHC for TA505. [Daniel Plohmann]
Not explicitly mentioned in the blog post but it looks like we just got an alias for TA505... https://threatrecon.nshc.net/2019/08/29/sectorj04-groups-increased-activity-in-2019/
* Merge pull request #448 from rmkml/master. [Alexandre Dulaunoy]
Add Nemty Ransomware
* Merge pull request #447 from Delta-Sierra/target-location-galaxy. [Alexandre Dulaunoy]
improve more clusters
* Improve more clusters. [Deborah Servili]
* Merge pull request #446 from wagner-certat/tool-empty-strings. [Alexandre Dulaunoy]
Add test for empty strings
* Target-information: fix territory-type for China. [Sebastian Wagner]
* Add test for empty strings. [Sebastian Wagner]
Should prevent MISP/misp-galaxy#438
* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]
* Merge pull request #441 from Delta-Sierra/target-location-galaxy. [Deborah Servili]
More clusters improved
* More clusters improved. [Deborah Servili]
* Merge pull request #444 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
Add ITG08 as synonym for FIN6
* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]
* Merge branch 'Delta-Sierra-master' [Alexandre Dulaunoy]
* Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master. [Alexandre Dulaunoy]
* Aff SectorJ04 group. [Deborah Servili]
* Add Asruex Backdoor. [Deborah Servili]
* Add ref for Gamaredon. [Deborah Servili]
* Merge pull request #440 from Delta-Sierra/target-location-galaxy. [Alexandre Dulaunoy]
Target location galaxy
* More clusters improved. [Deborah Servili]
* More clusters improved. [Deborah Servili]
* Merge pull request #439 from Delta-Sierra/target-location-galaxy. [Alexandre Dulaunoy]
Target location galaxy
* More clusters improved. [Deborah Servili]
* More clusters improved. [Deborah Servili]
* More countries. [Deborah Servili]
* Merge pull request #438 from wagner-certat/empty-strings. [Alexandre Dulaunoy]
Remove some empty strings
* Remove empty strings. [Sebastian Wagner]
* Merge pull request #437 from Delta-Sierra/target-location-galaxy. [Deborah Servili]
Target location galaxy
* Complete more cluster + country is now an array. [Deborah Servili]
* Target-informatione - add membership member-of attribute - Example:member-of NATO. [Deborah Servili]
* Merge pull request #436 from Delta-Sierra/target-location-galaxy. [Alexandre Dulaunoy]
Target location galaxy
* Jq. [Deborah Servili]
* Change attribute name. [Deborah Servili]
* Jq. [Deborah Servili]
* Complete some clusters. [Deborah Servili]
* Fix building mistakes. [Deborah Servili]
* Add tld. [Deborah Servili]
* Add target-information galaxy file. [Deborah Servili]
* Rename galaxy target-location -> target-information. [Deborah Servili]
* New galaxy target-location [DRAFT] [Deborah Servili]
* Merge pull request #435 from hackunagi/master. [Alexandre Dulaunoy]
Adding Amavaldo Banking Trojan
* Adding Amavaldo Banking Trojan. [Carlos Borges]
* Merge pull request #434 from r0ny123/patch-1. [Alexandre Dulaunoy]
added microsoft naming for the groups
* Added microsoft naming for the groups. [Rony]
* Merge pull request #433 from nyx0/master. [Alexandre Dulaunoy]
add APT41
* Add synonyme for Turla. [Thomas Dupuy]
* Update victims. [Thomas Dupuy]
* Add APT41. [Thomas Dupuy]
* Merge pull request #431 from Delta-Sierra/master. [Alexandre Dulaunoy]
add Amavaldo
* Jq. [Deborah Servili]
* Update version. [Deborah Servili]
* Add Amavaldo. [Deborah Servili]
* Merge pull request #430 from 3c7/patch-2. [Alexandre Dulaunoy]
[threat-actor] Remove local file reference in threat actor galaxy
* Remove local file link :) [Nils Kuhnert]
* Lowercased value field for DarkHotel. [Andras Iklody]
* Merge pull request #429 from danielplohmann/patch-13. [Alexandre Dulaunoy]
adding secureworks actor names for energetic bear and teamspy
* Merge branch 'master' into patch-13. [Alexandre Dulaunoy]
* Merge pull request #428 from danielplohmann/patch-12. [Alexandre Dulaunoy]
adding Proofpoint's TA428
* Adding Proofpoint's TA428. [Daniel Plohmann]
* Adding secureworks actor names for energetic bear and teamspy. [Daniel Plohmann]
* Merge pull request #426 from mokaddem/patch-2. [Alexandre Dulaunoy]
Update mitre-course-of-action.json
* Update mitre-course-of-action.json. [Sami Mokaddem]
Changed icon
* Merge pull request #425 from mokaddem/patch-1. [Alexandre Dulaunoy]
Update banker.json
* Update banker.json. [Sami Mokaddem]
Changed icon name
* Merge pull request #424 from mokaddem/patch-3. [Alexandre Dulaunoy]
Update mitre-enterprise-attack-course-of-action.json
* Update mitre-enterprise-attack-course-of-action.json. [Sami Mokaddem]
Changed icon
* Merge pull request #423 from mokaddem/patch-4. [Alexandre Dulaunoy]
Update mitre-mobile-attack-course-of-action.json
* Update mitre-mobile-attack-course-of-action.json. [Sami Mokaddem]
Changed icon
* Merge pull request #422 from Delta-Sierra/master. [Alexandre Dulaunoy]
add SWEED threat actor
* Jq. [Deborah Servili]
* Add SWEED threat actor. [Deborah Servili]
* Merge pull request #420 from Delta-Sierra/master. [Deborah Servili]
add Felipe Trojan
* Jq. [Deborah Servili]
* Add Felipe Trojan. [Deborah Servili]
* Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy. [Alexandre Dulaunoy]
* Fix duplicate. [Deborah Servili]
* Update threat actor galaxy. [Deborah Servili]
* Update threat actor galaxy. [Deborah Servili]
* Update threat actor galaxy. [Deborah Servili]
* Update threat actor galaxy. [Deborah Servili]
* ##COMMA## [Deborah Servili]
* Fix duplicate. [Deborah Servili]
* Update version. [Deborah Servili]
* Update threat actor galaxy. [Deborah Servili]
* Merge pull request #419 from r0ny123/patch-6. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [Rony]
* Merge pull request #415 from Delta-Sierra/master. [Alexandre Dulaunoy]
update threat actor galaxy
* Fix duplicate and links update (APT34) [Deborah Servili]
* Fix duplicate. [Deborah Servili]
* Update threat actor galaxy. [Deborah Servili]
* Tryto fix duplicate. [Deborah Servili]
* Update threat actor galaxy. [Deborah Servili]
* Merge pull request #414 from Delta-Sierra/master. [Alexandre Dulaunoy]
update threat actor galaxy
* Fix duplicate. [Deborah Servili]
* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Merge pull request #413 from Delta-Sierra/master. [Alexandre Dulaunoy]
update threat actor galaxy
* Merge pull request #412 from Delta-Sierra/master. [Alexandre Dulaunoy]
update threat actors and tools
* Merge pull request #411 from Delta-Sierra/master. [Alexandre Dulaunoy]
update threat-actor galaxy
* Merge pull request #409 from rmkml/master. [Alexandre Dulaunoy]
Add GetCrypt Ransomware
* Merge pull request #408 from rmkml/master. [Alexandre Dulaunoy]
Add Phobos Ransomware
* Merge pull request #407 from Delta-Sierra/master. [Alexandre Dulaunoy]
add BlueKeep vulnerability
* Update threat actor galaxy. [Deborah Servili]
* Jq. [Deborah Servili]
* Update threat actor galaxy. [Deborah Servili]
* Update threat actor galaxy. [Deborah Servili]
* Update Threat actor galaxy. [Deborah Servili]
* Update threat actor. [Deborah Servili]
* Update threat actor darkhotel (nemim might be a typo) [Deborah Servili]
* Update threat actor. [Deborah Servili]
* FlawedAmmy RAT. [Deborah Servili]
* Fix multiple refs. [Deborah Servili]
* Update threat actors. [Deborah Servili]
* Update threat actors. [Deborah Servili]
* Update threat actors and tools. [Deborah Servili]
* Fix merge mistakes. [Deborah Servili]
* Update threat actor. [Deborah Servili]
* Update threat actor. [Deborah Servili]
* Update threat-actor galaxy. [Deborah Servili]
* Update Anchor Panda Threat Actor. [Deborah Servili]
* Add BlueKeep. [Deborah Servili]
* Add AsyncRAT. [rmkml]
* Add Buran Ransomware. [rmkml]
* Add Nemty Ransomware. [rmkml]
* Add GetCrypt Ransomware. [rmkml]
* Merge branch 'master' into master. [rmkml]
* Merge pull request #406 from Delta-Sierra/master. [Alexandre Dulaunoy]
Rework of ransomware galaxy
* Fix ransomware ransomnotes. [Deborah Servili]
* Jq. [Deborah Servili]
* Rework of ransomware galaxy. [Deborah Servili]
* Merge pull request #405 from danielplohmann/patch-11. [Alexandre Dulaunoy]
adding TA542 to MUMMY SPIDER (emotet)
* Adding TA542 to MUMMY SPIDER (emotet) [Daniel Plohmann]
* Merge pull request #404 from r0ny123/patch-5. [Alexandre Dulaunoy]
merging Pacifier & Turla
* Merging Pacifier & Turla. [Rony]
* Merge pull request #403 from Delta-Sierra/master. [Alexandre Dulaunoy]
add Reaver and probably related tools
* Add Reaver and probably related tools. [Deborah Servili]
* Merge pull request #402 from danielplohmann/patch-9. [Alexandre Dulaunoy]
adding APT31/ZIRCONIUM
* Adding APT31/ZIRCONIUM. [Daniel Plohmann]
* Merge pull request #401 from mokaddem/bump-attack-pattern. [Alexandre Dulaunoy]
chg: [attack-pattern] Sync kill-chain with data from MITRE.
* Merge pull request #400 from Delta-Sierra/master. [Deborah Servili]
add Sodinokibi
* Add Sodinokibi. [Deborah Servili]
* Merge pull request #399 from r0ny123/patch-4. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [Rony]
* Merge pull request #395 from Delta-Sierra/master. [Alexandre Dulaunoy]
add Scranos
* Add Scarnos. [Deborah Servili]
* Merge pull request #394 from StefanKelm/master. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [StefanKelm]
Silent Librarian / COBALT DICKENS
* Merge pull request #393 from Delta-Sierra/master. [Alexandre Dulaunoy]
add AESDDoS Botnet and JasperLoader
* Add JasperLoader. [Deborah Servili]
* Add AESDDoS Botnet. [Deborah Servili]
* Merge branch 'nao-sec-master' [Alexandre Dulaunoy]
* Merge branch 'master' of https://github.com/nao-sec/misp-galaxy into nao-sec-master. [Alexandre Dulaunoy]
* Merge branch 'r0ny123-patch-2' [Alexandre Dulaunoy]
* Update threat-actor.json. [Rony]
* Update threat-actor.json. [Rony]
* Update threat-actor.json. [Rony]
* Updated FIN4. [Rony]
* Merge branch 'Kafeine-master' [Alexandre Dulaunoy]
* Merge branch 'master' of https://github.com/Kafeine/misp-galaxy into Kafeine-master. [Alexandre Dulaunoy]
* += Spelevo. [Kafeine]
* ZTDS. [Kafeine]
* Novidade,taurus. [Kafeine]
* Merge pull request #387 from r0ny123/patch-1. [Alexandre Dulaunoy]
more report on APT36
* More report on APT36. [Rony]
* Merge pull request #386 from Delta-Sierra/master. [Alexandre Dulaunoy]
ad Sea Turtle Campaign
* Add Sea Turtle campaign. [Deborah Servili]
* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Chg; [threat-actor] validate + version bump. [Christophe Vandeplas]
* Merge pull request #385 from bartblaze/master. [Christophe Vandeplas]
Add Whitefly
* Add Whitefly. [Bart]
* Merge. [Deborah Servili]
* Merge pull request #384 from r0ny123/patch-3. [Deborah Servili]
fixed the broken link
* Fixed the broken link. [Rony]
* Merge pull request #383 from rmkml/master. [Deborah Servili]
Add BigBobRoss Ransomware
* Merge pull request #382 from rmkml/master. [Alexandre Dulaunoy]
Add Caesar RAT
* Merge pull request #381 from rmkml/master. [Alexandre Dulaunoy]
Add Tellyouthepass Ransomware
* Merge pull request #380 from bartblaze/master. [Alexandre Dulaunoy]
Add DoNot team references
* Add DoNot team references. [Bart]
* Merge pull request #379 from rmkml/master. [Alexandre Dulaunoy]
Add BlackWorm Ransomware
* Merge branch 'danielplohmann-patch-8' [Alexandre Dulaunoy]
* Merge branch 'patch-8' of https://github.com/danielplohmann/misp-galaxy into danielplohmann-patch-8. [Alexandre Dulaunoy]
* Based on additional research, APT36 can actually be merged into Mythic Leopard. [Daniel Plohmann]
* Merge pull request #377 from r0ny123/patch-2. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [Rony]
* Merge pull request #376 from r0ny123/patch-1. [Alexandre Dulaunoy]
adding additional resources for APT36
* Update threat-actor.json. [Rony]
* Adding additional resources for APT36. [Rony]
* Merge pull request #375 from rmkml/master. [Alexandre Dulaunoy]
Add Globe Imposter Ransomware
* Merge pull request #374 from rmkml/master. [Alexandre Dulaunoy]
Add Parasite HTTP RAT
* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Add ref for Ryuk and LockerGoga ransomwares. [Deborah Servili]
* Add Phobos Ransomware. [rmkml]
* Add Cr1ptt0r Ransomware. [rmkml]
* Add SpelevoEK. [rmkml]
* Add Planetary Ransomware. [rmkml]
* Add BigBobRoss Ransomware. [rmkml]
* Add Caesar RAT. [rmkml]
* Add Ave Maria Stealer. [rmkml]
* Add Tellyouthepass Ransomware. [rmkml]
* Add Vidar Stealer. [rmkml]
* Add Brushaloader Malware. [rmkml]
* Add BlackWorm Ransomware. [rmkml]
* Add Globe Imposter Ransomware. [rmkml]
* Add Parasite HTTP RAT. [rmkml]
* Merge pull request #373 from danielplohmann/patch-7. [Alexandre Dulaunoy]
adding FireEye's TMP.Lapis / APT36
* Adding FireEye's TMP.Lapis / APT36. [Daniel Plohmann]
* Merge branch 'ismasma-master' [Alexandre Dulaunoy]
* Merge branch 'master' of https://github.com/ismasma/misp-galaxy into ismasma-master. [Alexandre Dulaunoy]
* Add payment method and price. [ismasma]
* Merge pull request #371 from Delta-Sierra/master. [Alexandre Dulaunoy]
Add Operation ShadowHammer
* Add Operation ShadowHammer. [Deborah Servili]
* Add relationship between Cardinal RAT and EVILNUM. [Deborah Servili]
* Merge branch 'Delta-Sierra-master' [Alexandre Dulaunoy]
* Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master. [Alexandre Dulaunoy]
* Jq. [Deborah Servili]
* Merge branch 'master' into master. [Deborah Servili]
* Add Cardinal RAT ref. [Deborah Servili]
* Add AOT-C-27 Goldmouse. [Deborah Servili]
* Add SPOILER vulnerability + other minor changes. [Deborah Servili]
* Remove mitre-relationships from readme. [Deborah Servili]
* Merge pull request #370 from danielplohmann/patch-6. [Alexandre Dulaunoy]
added APT-C-27 / GoldMouse
* Added APT-C-27 / GoldMouse. [Daniel Plohmann]
* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]
* Merge pull request #363 from Delta-Sierra/master. [Alexandre Dulaunoy]
add H-worm RAT
* Add H-worm RAT. [Deborah Servili]
* Add: [attck4fraud] initial attck-like matrix for fraud from https://github.com/burritoblue/attck4fraud (WiP) [Alexandre Dulaunoy]
* Merge pull request #362 from bartblaze/master. [Alexandre Dulaunoy]
Update preventive-measure.json
* Update preventive-measure.json. [Bart]
Add ACL
* Merge pull request #361 from Delta-Sierra/master. [Alexandre Dulaunoy]
add Operation Comando - hit version 100
* Add Operation Comando - hit version 100. [Deborah Servili]
* Merge pull request #359 from nyx0/master. [Alexandre Dulaunoy]
add synonym, no need for uppercase in the name :)
* Add synonym, no need for uppercase in the name :) [Thomas Dupuy]
* Merge pull request #358 from Delta-Sierra/master. [Alexandre Dulaunoy]
add attribution-confidence attribute to threat-actor
* Add attribution-confidence attribute to threat-actor. [Deborah Servili]
* Merge pull request #357 from Delta-Sierra/master. [Alexandre Dulaunoy]
New clusters
* Relations between SLUB Backdoor. [Deborah Servili]
* Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy. [Deborah Servili]
* Merge branch 'master' into master. [Deborah Servili]
* Merge branch 'master' into master. [Deborah Servili]
* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]
* Merge pull request #356 from danielplohmann/patch-5. [Alexandre Dulaunoy]
another actor described by 360TIC.
* Update threat-actor.json. [Daniel Plohmann]
another actor described by 360TIC.
* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]
* Merge pull request #355 from danielplohmann/patch-4. [Alexandre Dulaunoy]
FireEye upgraded TEMP.Periscope to APT40
* FireEye upgraded TEMP.Periscope to APT40. [Daniel Plohmann]
* Add StealthWorker malware. [Deborah Servili]
* Add SLUB backdoor. [Deborah Servili]
* Add Jokeroo RaaS. [Deborah Servili]
* Add operation Kabar Cobra. [Deborah Servili]
* Add ref for garrantydecrypt. [Deborah Servili]
* Add relation between Lazarus Group and Operation SharpShooter. [Deborah Servili]
* Add Rising Sun Backdoor. [Deborah Servili]
* Add Razdel. [Deborah Servili]
* Merge pull request #350 from bartblaze/master. [Alexandre Dulaunoy]
Add more info on Lotus Blossom
* Add more info on Lotus Blossom. [Bart]
Add 2 more references, fix typo - Trend calls it "Esile", not "Eslie" as mistakenly stated by CFR. The backdoor itself is commonly referred to as Elise.
* Merge pull request #347 from bartblaze/master. [Alexandre Dulaunoy]
Update cert-eu-motive.json
* Update cert-eu-motive.json. [Bart]
Fix typo
* Merge pull request #346 from danielplohmann/patch-3. [Alexandre Dulaunoy]
Two more actor names from GTR2019
* Two more actor names from GTR2019. [Daniel Plohmann]
I found two more actor names while going again over the crowdstrike's report and updating the cross-references to malpedia.
* Merge pull request #345 from danielplohmann/patch-2. [Alexandre Dulaunoy]
Added missing actors from CrowdStrike GTR2019
* Added missing actors from CrowdStrike GTR2019. [Daniel Plohmann]
* Merge pull request #344 from ITAYC0HEN/patch-1. [Alexandre Dulaunoy]
Fix 404'd reference of BuhTrap
* Fix 404'd reference of BuhTrap. [Itay Cohen]
* Merge pull request #343 from mokaddem/newMitre. [Alexandre Dulaunoy]
Added kill_chain_order in mitre-attack-pattern
* Merge branch 'master' of https://github.com/MISP/misp-galaxy into newMitre. [mokaddem]
* Merge pull request #342 from mokaddem/electionGuidelines. [Alexandre Dulaunoy]
new: Added draft of the election guildelines galaxy
* Merge pull request #320 from cvandeplas/mitre_attack. [Alexandre Dulaunoy]
chg: [mitre] Deprecated pre/enterprise/mobile separate galaxies
* Merge pull request #341 from Delta-Sierra/master. [Alexandre Dulaunoy]
Add several clusters
* Merge branch 'master' into master. [Deborah Servili]
* Merge pull request #340 from nyx0/master. [Alexandre Dulaunoy]
add ANEL/UPPERCUT in tool cluster
* Add ANEL/UPPERCUT in tool cluster. [Thomas Dupuy]
* Merge pull request #338 from netjinho/patch-1. [Alexandre Dulaunoy]
Updated "Iran" name
* Updated "Iran" name. [João Neto]
This extra space leads to an unnecessary key error when parsing the json file
* Merge pull request #337 from 3c7/synonym/velvet-chollima. [Alexandre Dulaunoy]
Added Velvet Chollima as synonym to Kimsuki
* Added Velvet Chollima as synonym to Kimsuki. [Nils Kuhnert]
* Merge pull request #336 from 3c7/synonym/static-kitten. [Christophe Vandeplas]
Added static kitten as synonym for MuddyWater
* Added static kitten as synonym for MuddyWater. [Nils Kuhnert]
* Merge pull request #334 from 3c7/synonym/cobalt-spider. [Alexandre Dulaunoy]
Added Cobalt Spider as Synonym for Cobalt
* Added Cobalt Spider reference. [Nils Kuhnert]
* Added Cobalt Spider as Synonym for Cobalt. [Nils Kuhnert]
* Merge pull request #335 from 3c7/synonym/turbine-panda. [Alexandre Dulaunoy]
Added Turbine Panda as synonym for APT 26
* Added Turbine Panda as synonym for APT 26. [Nils Kuhnert]
* Merge pull request #333 from 3c7/synonym/oceanbuffalo. [Alexandre Dulaunoy]
Added Ocean Buffalo synonym for Ocean Lotus
* Added Ocean Buffalo synonym for Ocean Lotus. [Nils Kuhnert]
* Merge pull request #332 from Delta-Sierra/master. [Alexandre Dulaunoy]
Add APT39 & LockerGoga
* Merge pull request #331 from 3c7/synonym/quilted_tiger. [Alexandre Dulaunoy]
Added Quilted Tiger as Synonym for Patchwork/Dropping Elephant.
* Added Quilted Tiger as Synonym for Patchwork/Dropping Elephant. [Nils Kuhnert]
* Merge pull request #330 from 3c7/synonym/shadow_crane. [Alexandre Dulaunoy]
Added Shadow Crane as synonym for Dark Hotel.
* Added Shadow Crane as synonym for Dark Hotel. [Nils Kuhnert]
* Add Gallmaker and other clusters. [Deborah Servili]
* Add OSX/Shlayer and some refs. [Deborah Servili]
* Add Siesta campaign. [Deborah Servili]
* Add APT39. [Deborah Servili]
* Add LockerGoga ransomware. [Deborah Servili]
* Merge pull request #329 from 3c7/synonym/stardustchollima. [Alexandre Dulaunoy]
Added "Stardust Chollima" as synonym for Lazarus.
* Added "Stardust Chollima" as synonym for Lazarus. [Nils Kuhnert]
* Merge pull request #328 from Delta-Sierra/master. [Alexandre Dulaunoy]
add Silence Group
* Add Silence Group. [Deborah Servili]
* Merge pull request #327 from nyx0/master. [Alexandre Dulaunoy]
add alternative name for DarkHydrus
* Add alternative name for DarkHydrus. [Thomas Dupuy]
* Merge pull request #326 from Delta-Sierra/master. [Alexandre Dulaunoy]
add Cold River Threat actor
* Add LoJax ref. [Deborah Servili]
* Add Cold River Threat actor. [Deborah Servili]
* Merge pull request #325 from Delta-Sierra/master. [Alexandre Dulaunoy]
add several ransomware and threat actors
* Fix versions. [Deborah Servili]
* Add several ransomware and threat actors. [Deborah Servili]
* Merge pull request #324 from Delta-Sierra/master. [Alexandre Dulaunoy]
TA505 threat actorand affiliates malwares
* Add drakhydrus ref. [Deborah Servili]
* TA505 threat actorand affiliates malwares. [Deborah Servili]
* Merge pull request #322 from Delta-Sierra/master. [Alexandre Dulaunoy]
add Cryptomix variants refs
* Add hidenad synonym. [Deborah Servili]
* Add Cryptomix variants refs. [Deborah Servili]
* Merge pull request #321 from Delta-Sierra/master. [Alexandre Dulaunoy]
add AndroidOS_HidenAd
* Update version. [Deborah Servili]
* Add AndroidOS_HidenAd. [Deborah Servili]
* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Merge pull request #319 from cvandeplas/master. [Christophe Vandeplas]
chg: [mitre] bump to latest MITRE ATT&CK dataset
* MITRE galaxy regeneration + updated migration script. [Christophe Vandeplas]
* MITRE sorted. [Christophe Vandeplas]
While dicts were sorted, lists were not yet sorted. This current sort algo is not yet the best, but is a good start. A good sort is needed for better comparison afterwards with automated tools. In a next stage tt will also be needed in the validate_all scripts.
* MITRE galaxy - initial conversion and migration script. [Christophe Vandeplas]
this is not fully working yet !
* Merge pull request #318 from 3c7/feature/helixkitten. [Alexandre Dulaunoy]
Added OilRig synonym "Helix Kitten".
* Added OilRig synonym "Helix Kitten". [Nils Kuhnert]
* Merge pull request #316 from danielplohmann/master. [Alexandre Dulaunoy]
New name SNAKEMACKEREL for APT28 by Accenture
* Microsoft alias for apt29 is YTTRIUM. [Daniel Plohmann]
* New name SNAKEMACKEREL for APT28 by Accenture. [Daniel Plohmann]
* Removed Puplishing industry. [Gerard Wagener]
* Merge pull request #315 from Delta-Sierra/master. [Alexandre Dulaunoy]
add OSX malwares
* Merge pull request #314 from Delta-Sierra/master. [Alexandre Dulaunoy]
New clusters
* Add ransomwares. [Deborah Servili]
* Add OSX malwares. [Deborah Servili]
* Add operation sharpshooter. [Deborah Servili]
* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Merge pull request #313 from Delta-Sierra/master. [Alexandre Dulaunoy]
add some clusters or info
* Merge pull request #310 from Delta-Sierra/master. [Alexandre Dulaunoy]
add several clusters
* Update toll version. [Deborah Servili]
* Add shamoon synonym. [Deborah Servili]
* Fix tool version. [Deborah Servili]
* Fix exploit-kit version. [Deborah Servili]
* Add some clusters or info. [Deborah Servili]
* Add Goden Chickens and affiliates. [Deborah Servili]
* Add ransomwares. [Deborah Servili]
* Add Operation Poison Needles. [Deborah Servili]
* Add clusters. [Deborah Servili]
* Add several clusters. [Deborah Servili]
* Merge branch 'Delta-Sierra-master' [Alexandre Dulaunoy]
* Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master. [Alexandre Dulaunoy]
* Add DNSpionage cluster. [Deborah Servili]
* Add everbe rasomnotes. [Deborah Servili]
* Add ransomwares. [Deborah Servili]
* Add ransomwares. [Deborah Servili]
* Merge pull request #309 from cvandeplas/master. [Alexandre Dulaunoy]
pep8, include the misp-galaxy tag in the output
* Pep8, include the misp-galaxy tag in the output. [Christophe Vandeplas]
* Add: [doc] contribution doc added. [Alexandre Dulaunoy]
* Merge pull request #306 from SteveClement/master. [Steve Clement]
chg: [doc] Added some dependency pointers.
* Merge pull request #305 from Delta-Sierra/master. [Alexandre Dulaunoy]
Add Rotexy
* Add Aurora Ransomware metadata. [Deborah Servili]
* Add Aurora Ransomware synonym. [Deborah Servili]
* Fix version. [Deborah Servili]
* Add Rotexy. [Deborah Servili]
* Merge pull request #304 from Delta-Sierra/master. [Alexandre Dulaunoy]
add PNG Dropper
* Update version. [Deborah Servili]
* Add PNG Dropper. [Deborah Servili]
* Merge pull request #303 from Delta-Sierra/master. [Deborah Servili]
add several references for Emotet and others
* Add reference for Emotet/Geodo. [Deborah Servili]
* Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy. [Deborah Servili]
* Add several references for Emotet and others. [Deborah Servili]
* Merge pull request #302 from Delta-Sierra/master. [Alexandre Dulaunoy]
update oilrig related clusters + others
* Merge branch 'master' into master. [Deborah Servili]
* Merge branch 'Delta-Sierra-master' [Alexandre Dulaunoy]
* Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master. [Alexandre Dulaunoy]
* Merge pull request #300 from Delta-Sierra/master. [Deborah Servili]
add several rqansomware and HookAds campaign
* Update oilrig related clusters + others. [Deborah Servili]
* Fix rat galaxy version. [Deborah Servili]
* Jq and add ref in tool galaxy -hit version 100- [Deborah Servili]
* Add TheOneSpy. [Deborah Servili]
* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]
* Merge pull request #299 from b3n7s/patch-1. [Alexandre Dulaunoy]
Update threat-actor.json
* Update threat-actor.json. [Benoit Sevens]
Add LuckyMouse link
* Merge pull request #297 from danielplohmann/patch-1. [Alexandre Dulaunoy]
added APT38 as (FireEye) alias for Lazarus
* Added APT38 as (FireEye) alias for Lazarus. [Daniel Plohmann]
cross-references in https://content.fireeye.com/apt/rpt-apt38 suggest the link to Lazarus.
* Merge branch 'Delta-Sierra-master' [Alexandre Dulaunoy]
* Add several rqansomware and HookAds campaign. [Deborah Servili]
* Add/update ransomawares. [Deborah Servili]
* Add several tools and refs. [Deborah Servili]
* Merge pull request #296 from Delta-Sierra/master. [Deborah Servili]
update ransomware galaxy
* Update ransomware galaxy. [Deborah Servili]
* Merge pull request #295 from Delta-Sierra/master. [Alexandre Dulaunoy]
update Red Alert 2 Android Banking Trojan
* Jq fix. [Deborah Servili]
* Update version. [Deborah Servili]
* Update Red Alert 2 Android Banking Trojan. [Deborah Servili]
* Merge pull request #294 from Delta-Sierra/master. [Deborah Servili]
add ransomwares
* Add ransomwares. [Deborah Servili]
* Merge pull request #293 from Delta-Sierra/master. [Alexandre Dulaunoy]
add Operation EvilTraffic
* Add Chalubo botnet (+ jqallthethings) [Deborah Servili]
* Add Operation EvilTraffic. [Deborah Servili]
* Add Operation EvilTraffic. [Deborah Servili]
* Merge pull request #292 from 3c7/master. [Alexandre Dulaunoy]
Corrected DarkHotel threat actor entry
* Corrected DarkHotel threat actor entry. [Nils Kuhnert]
* Merge pull request #291 from Delta-Sierra/master. [Deborah Servili]
Clusters & references
* Fix duplicate ref. [Deborah Servili]
* Add August Stealer. [Deborah Servili]
* Add NukeSped reference. [Deborah Servili]
* Add GhostMiner. [Deborah Servili]
* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Merge pull request #290 from cvandeplas/master. [Alexandre Dulaunoy]
tool: experimental graphing tool
* Tool: experimental graphing tool. [Christophe Vandeplas]
* Merge pull request #289 from cvandeplas/master. [Alexandre Dulaunoy]
chg: further categorization of galaxies
* Merge pull request #288 from cvandeplas/master. [Alexandre Dulaunoy]
categorization of galaxies
* Jq. [Christophe Vandeplas]
* Merge remote-tracking branch 'MISP/master' [Christophe Vandeplas]
* Merge pull request #287 from cvandeplas/master. [Alexandre Dulaunoy]
fixes an important bug in the gen_relations
* Some minor fixes. [Andras Iklody]
* Merge remote-tracking branch 'MISP/master' [Christophe Vandeplas]
* Merge pull request #286 from Delta-Sierra/master. [Alexandre Dulaunoy]
Several clusters, refs, others.
* Merge pull request #285 from cvandeplas/master. [Alexandre Dulaunoy]
MITRE relationships included in the respective cluster
* Merge pull request #284 from cvandeplas/master. [Alexandre Dulaunoy]
chg: mappings are now in the generated adoc
* Add tools from https://github.com/misterch0c/shadowbroker. [Deborah Servili]
* Add DarkPulsar and affiliates + update some refs. [Deborah Servili]
* Add GreyEnergy. [Deborah Servili]
* Add refs & synonyms. [Deborah Servili]
* Add several refs. [Deborah Servili]
* Add several refs. [Deborah Servili]
* Add roaming mantis group. [Deborah Servili]
* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Merge pull request #283 from cvandeplas/master. [Alexandre Dulaunoy]
fixes + relations with malpedia
* Jq sort keys. [Christophe Vandeplas]
Allows automation to edit the files
* Merge branch 'steffenenders-patch-1' [Alexandre Dulaunoy]
* Jq all the things. [Alexandre Dulaunoy]
* Updated malpedia.json to the current state. [Steffen Enders]
Fetched the new malpedia galaxy cluster from https://malpedia.caad.fkie.fraunhofer.de/api/get/misp - this includes an additional ~120 new families.
* Merge pull request #281 from Delta-Sierra/master. [Deborah Servili]
add SAVEfiles ransomware
* Merge pull request #280 from Delta-Sierra/master. [Deborah Servili]
update matrix ransomware
* Add magecart ref. [Deborah Servili]
* Add SAVEfiles ransomware. [Deborah Servili]
* Update version. [Deborah Servili]
* Update matrix ransomware. [Deborah Servili]
* Merge pull request #279 from Delta-Sierra/master. [Alexandre Dulaunoy]
add Triout Android Malware
* Add Triout Android Malware. [Deborah Servili]
* Merge pull request #278 from Delta-Sierra/master. [Alexandre Dulaunoy]
fix failed copy-paste
* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Merge pull request #276 from Delta-Sierra/master. [Alexandre Dulaunoy]
add CoalaBot + Kraken Cryptor Ransmware + refs
* Merge pull request #277 from dadokkio/master. [Alexandre Dulaunoy]
Added Malpedia Galaxy
* Added Malpedia Galaxy. [Davide Arcuri]
based on malpedia git repo
* Merge pull request #274 from Delta-Sierra/master. [Alexandre Dulaunoy]
Refs updates
* Merge pull request #273 from Delta-Sierra/master. [Alexandre Dulaunoy]
update synonyms & attributions
* Merge pull request #272 from Delta-Sierra/master. [Deborah Servili]
New clusters based on CIG Circular 66 FASTCash ATM Cash Out Campaign
* Merge pull request #271 from Delta-Sierra/master. [Alexandre Dulaunoy]
Several updates
* Fix failed copy-paste. [Deborah Servili]
* Jq. [Deborah Servili]
* Add CoalaBot + Kraken Cryptor Ransmware + refs. [Deborah Servili]
* Add CoalaBot + Kraken Cryptor Ransmware + refs. [Deborah Servili]
* Add Persirai botnet. [Deborah Servili]
* Update Torii botnet. [Deborah Servili]
* Add ref for Torii botnet. [Deborah Servili]
* Add refs. [Deborah Servili]
* Add ZEBROCY tool. [Deborah Servili]
* Update regarding https://twitter.com/adulau/status/1047764090410737664. [Deborah Servili]
* Update synonyms & attributions. [Deborah Servili]
* Add NukeSped. [Deborah Servili]
* Add FASTCash. [Deborah Servili]
* Add ref for magecart. [Deborah Servili]
* New threat actors & tools. [Deborah Servili]
* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Merge pull request #270 from Delta-Sierra/master. [Alexandre Dulaunoy]
new clusters, relations and information
* Merge pull request #268 from botherder/master. [Alexandre Dulaunoy]
Added missing country values
* Added missing country values. [Nex]
* Merge pull request #267 from Delta-Sierra/master. [Alexandre Dulaunoy]
New clusters
* Merge pull request #266 from Delta-Sierra/master. [Alexandre Dulaunoy]
small updates
* Merge pull request #265 from Delta-Sierra/master. [Alexandre Dulaunoy]
new threat actors
* Merge pull request #264 from Delta-Sierra/master. [Alexandre Dulaunoy]
more clusters~
* Add synonym. [Deborah Servili]
* Add refs. [Deborah Servili]
* Jq. [Deborah Servili]
* New clusters and informtion. [Deborah Servili]
* New ransomware and relations. [Deborah Servili]
* Add relationships on Mirai. [Deborah Servili]
* Add references. [Deborah Servili]
* Add BusyGasper android spyware. [Deborah Servili]
* Add Cobalt Dickensthreat actor. [Deborah Servili]
* Add remcos ref. [Deborah Servili]
* Update version. [Deborah Servili]
* Fix field mistake. [Deborah Servili]
* Update Lazarus group cluster. [Deborah Servili]
* New unnamedthreat actor. [Deborah Servili]
* New threat actors. [Deborah Servili]
* Merge. [Deborah Servili]
* Merge pull request #263 from botherder/bahamut. [Alexandre Dulaunoy]
Added Bahamut to threat actors list
* Added Bahamut to threat actors list. [Nex]
* Merge pull request #262 from botherder/mythic-leopard. [Alexandre Dulaunoy]
Added additional name to C-Major
* Added additional name to C-Major. [Nex]
* Merge pull request #261 from botherder/dedup. [Alexandre Dulaunoy]
Removed duplicates
* Removed duplicates. [Nex]
* Merge pull request #259 from botherder/country-sync. [Alexandre Dulaunoy]
Synced country codes with suspected state sponsor
* Synced country codes with suspected state sponsor. [Nex]
* Merge pull request #258 from botherder/transparent-tribe. [Alexandre Dulaunoy]
Merged Transparent Tribe in C-Major
* Merged Transparent Tribe in C-Major. [Nex]
* Merge pull request #257 from Delta-Sierra/master. [Alexandre Dulaunoy]
adding and updating clusters
* Merge pull request #256 from Delta-Sierra/master. [Alexandre Dulaunoy]
add ref for operation Applejeus
* Merge pull request #255 from Delta-Sierra/master. [Alexandre Dulaunoy]
Schema update
* Merge pull request #254 from Delta-Sierra/master. [Alexandre Dulaunoy]
add ransomwares
* Add notpetya and update jadeRAT. [Deborah Servili]
* Add references. [Deborah Servili]
* Add magentocore malware. [Deborah Servili]
* Add blacknurse logo. [Deborah Servili]
* Add blacknurse. [Deborah Servili]
* Add Crypt0saur ransomware. [Deborah Servili]
* Adding and updating clusters. [Deborah Servili]
* Add description for sigma ransomware. [Deborah Servili]
* Fix versions. [Deborah Servili]
* Add ref for operation Applejeus. [Deborah Servili]
* Fix version. [Deborah Servili]
* Add Operation AppleJeus. [Deborah Servili]
* Fix schema. [Deborah Servili]
* Fix some relations. [Deborah Servili]
* Clusters. [Deborah Servili]
* More clusters~ [Deborah Servili]
* Add CamuBot Banker Trojan. [Deborah Servili]
* Jq~ [Deborah Servili]
* Add ransomwares. [Deborah Servili]
* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]
* "jq all the thing (tm)" [Alexandre Dulaunoy]
* Merge branch 'Kafeine-master' [Alexandre Dulaunoy]
* Merge branch 'master' of https://github.com/Kafeine/misp-galaxy into Kafeine-master. [Alexandre Dulaunoy]
* + Fallout. [Kafeine]
* Hunter EK > Active. [Kafeine]
* Adding Underminer EK. [Kafeine]
* Status from Terror, Bingo and Astrum. [Kafeine]
* Adapting to modification from Misp repository. [Kafeine]
* Merge pull request #250 from Delta-Sierra/master. [Alexandre Dulaunoy]
add cfr data
* Add ransomware. [Deborah Servili]
* Add cfr data. [Deborah Servili]
* Update microsoft-activity-group.json version. [Deborah Servili]
* Merge pull request #249 from Delta-Sierra/master. [Alexandre Dulaunoy]
Update and add threat actors
* More clusters. [Deborah Servili]
* Add APT28/STRONTIUM refs. [Deborah Servili]
* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Merge pull request #248 from Delta-Sierra/master. [Deborah Servili]
merge black ruby duplicate (delete the newer)
* Merge pull request #247 from Delta-Sierra/master. [Alexandre Dulaunoy]
New clusters
* Update Dharma Ransomware. [Deborah Servili]
* Version update. [Deborah Servili]
* Merge black ruby duplicate (delete the newer) [Deborah Servili]
* Merge. [Deborah Servili]
* Merge branch 'master' into master. [Deborah Servili]
* Fix. [Deborah Servili]
* Resolve merge confilct -I hope- [Deborah Servili]
* Cosmetic change. [Christophe Vandeplas]
* No change: dump files with sort_keys=True. [Christophe Vandeplas]
This is needed to keep better track of the changes when other tools load and save the json files.
* Merge pull request #246 from Delta-Sierra/master. [Deborah Servili]
add Skygofree android spyware
* Merge pull request #245 from Delta-Sierra/master. [Alexandre Dulaunoy]
add tools used by SamSam
* Merge pull request #244 from Delta-Sierra/master. [Deborah Servili]
add ransomwares
* Fix typo and missing uuid. [Deborah Servili]
* Add Rosenbridge backdoor. [Deborah Servili]
* Add KEYPASS ransomware. [Deborah Servili]
* Add Skygofree android spyware. [Deborah Servili]
* Add tools used by SamSam. [Deborah Servili]
* Add ransomwares. [Deborah Servili]
* Merge branch 'Delta-Sierra-master' [Alexandre Dulaunoy]
* Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master. [Alexandre Dulaunoy]
* Update schema. [Deborah Servili]
* Update schema. [Deborah Servili]
* Tags is an array. [Deborah Servili]
* Relationship system - v2. [Deborah Servili]
* Update some clusters and try to add a relationship system. [Deborah Servili]
* Merge pull request #242 from Delta-Sierra/master. [Deborah Servili]
add RedAlpha campaigns
* Add RedAlpha campaigns. [Deborah Servili]
* Merge pull request #239 from Delta-Sierra/master. [Alexandre Dulaunoy]
more clusters
* Delete forgotten conflict marker. [Deborah Servili]
* Resolve merge conflict. [Deborah Servili]
* Merge branch 'master' into master. [Deborah Servili]
* Resolve merge conflict. [Deborah Servili]
* Merge pull request #241 from 3c7/threat-actor/darkhydrus. [Andras Iklody]
Added DarkHydrus
* Added DarkHydrus. [Nils Kuhnert]
* Merge pull request #240 from 3c7/fix/typos. [Alexandre Dulaunoy]
Two small typos
* Two small typos. [Nils Kuhnert]
* Merge pull request #238 from Delta-Sierra/master. [Alexandre Dulaunoy]
add Kronos Banking Trojan
* Merge pull request #237 from Delta-Sierra/master. [Deborah Servili]
Add CFR.org metadata into the galaxy - part 2
* Delete duplicate gorgon group. [Deborah Servili]
* More clusters. [Deborah Servili]
* Add Kronos Banking Trojan. [Deborah Servili]
* Add CFR.org metadata into the galaxy - part 2. [Deborah Servili]
* Merge https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Merge pull request #236 from raw-data/master. [Alexandre Dulaunoy]
[add] new cluster + galaxy
* [add] new backdoor cluster. [raw-data]
* [add] new backdoor galaxy and cluster. [raw-data]
* Merge branch 'master' of github.com:MISP/misp-galaxy. [Raphaël Vinot]
* Merge pull request #235 from raw-data/master. [Alexandre Dulaunoy]
[add] x1 new entry in stealer.json - AZORult
* [add] x1 new entry in stealer.json - AZORult. [raw-data]
* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]
* Merge pull request #234 from Delta-Sierra/master. [Alexandre Dulaunoy]
cfr update -in progress- + add clusters associated to RANCOR
* Merging attempt. [Deborah Servili]
* Merge branch 'master' into master. [Deborah Servili]
* Merge pull request #233 from Delta-Sierra/master. [Alexandre Dulaunoy]
Add CFR.org metadata into the galaxy - Test
* Merge pull request #231 from raw-data/master. [Alexandre Dulaunoy]
[ADD] new entries in banker, rat and tool
* [ADD] x1 new entry in tool.json - Koadic. [raw-data]
* [ADD] x2 new rat - Sisfader, SocketPlayer. [raw-data]
* [ADD] banker.json version bump. [raw-data]
* [ADD] x2 new banker - Backswap, Karius. [raw-data]
* Merge pull request #230 from 3c7/patch-1. [Alexandre Dulaunoy]
Updated APT1 report link
* Updated APT1 report link. [Nils Kuhnert]
* Update cert-eu-govsector.json. [Deborah Servili]
* Update cert-eu-govsector.json. [Deborah Servili]
* Fix typo in type. [Deborah Servili]
* Merge pull request #229 from iglocska/patch-1. [Andras Iklody]
Fixed typo
* Fixed typo. [Andras Iklody]
* Merge pull request #228 from Delta-Sierra/master. [Alexandre Dulaunoy]
add Thrip as threat actor
* Merge pull request #227 from Delta-Sierra/master. [Andras Iklody]
Ransomwares and Olympic Destroyer
* Merge pull request #226 from Delta-Sierra/master. [Alexandre Dulaunoy]
Even more clusters
* Merge pull request #225 from Delta-Sierra/master. [Alexandre Dulaunoy]
More ransomwares and other clusters
* Add cfr related informations -still in progress- [Deborah Servili]
* Cfr update -in progress + add clusters associated to RANCOR. [Deborah Servili]
* Add cfr prefix for cfr data - test. [Deborah Servili]
* Add CFR.org metadata into the galaxy - Test. [Deborah Servili]
* Some updates. [Deborah Servili]
* Update verion. [Deborah Servili]
* Add Thrip as threat actor. [Deborah Servili]
* Add olympic destroyer. [Deborah Servili]
* Add severals ransomware. [Deborah Servili]
* More clusters. [Deborah Servili]
* Add cluster in threat actor. [Deborah Servili]
* Add ClipboardWalletHijacker. [Deborah Servili]
* Add MysteryBot in android galaxy. [Deborah Servili]
* Add some ransomwares. [Deborah Servili]
* Merge pull request #224 from Delta-Sierra/master. [Alexandre Dulaunoy]
add some clusters
* Add some tools. [Deborah Servili]
* Update version. [Deborah Servili]
* Add some clusters. [Deborah Servili]
* Minor layout corrections - validate_all. [Christophe Vandeplas]
* Merge pull request #222 from Kafeine/master. [Christophe Vandeplas]
* Merge pull request 222. [Christophe Vandeplas]
* Fix. [Kafeine]
* + Glazunov. [Kafeine]
* Guuid & + VenomKit. [Kafeine]
* +ThreadKit. [Kafeine]
* +Glazunov. [Kafeine]
* Merge pull request #223 from Delta-Sierra/master. [Deborah Servili]
Add tools
* Add BabaYaga Malware. [Deborah Servili]
* Add PLEAD. [Deborah Servili]
* Merge pull request #221 from Delta-Sierra/master. [Alexandre Dulaunoy]
New clusters
* Add sigrun ransomware's ransomnotes. [Deborah Servili]
* Add Sigrun ransomwaremeta data. [Deborah Servili]
* Add Sigrun ransomware. [Deborah Servili]
* Add another cryptomix variant. [Deborah Servili]
* Add Brambul worm. [Deborah Servili]
* Add Joanap RAT. [Deborah Servili]
* Add: Iron Backdoor. [Alexandre Dulaunoy]
* Merge pull request #220 from raw-data/master. [Alexandre Dulaunoy]
[ADD] New Stealer galaxy and cluster
* [FIX] botnet file link. [raw-data]
* [ADD] Stealer galaxy definition. [raw-data]
* [ADD] x2 new info/pwd stealers - Nocturnal Stealer, TeleGrab. [raw-data]
* [ADD] Introduced stealer cluster. [raw-data]
* Merge pull request #219 from raw-data/master. [Alexandre Dulaunoy]
[ADD] x2 new entries for banker.json and rat.json
* [ADD] NavRAT. [raw-data]
* [ADD] DanaBot. [raw-data]
* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]
* Merge pull request #218 from Delta-Sierra/master. [Alexandre Dulaunoy]
fix typo in pre-attack-relationship script - thanks @Terrtia
* Fix typo in pre-attack-relationship script - thanks @Terrtia. [Deborah Servili]
* Merge pull request #217 from Terrtia/master. [Alexandre Dulaunoy]
fix typo mitre-pre-attack-relationship
* Fix typo mitre-pre-attack-relationship. [Thirion Aurélien]
* Merge pull request #216 from raw-data/master. [Alexandre Dulaunoy]
[ADD] VPNFilter in tool.json cluster
* [ADD] VPNFilter in tool.json cluster. [raw-data]
* Merge pull request #215 from raw-data/master. [Alexandre Dulaunoy]
[ADD] Pontoeb, WICKED and Brain Food into botnet.json cluster
* [ADD] Pontoeb, WICKED and Brain Food into botnet.json cluster. [raw-data]
* Add: mitre-attack namespace for all the ATT&CK galaxies. [Alexandre Dulaunoy]
* Merge branch 'master' of github.com:MISP/misp-galaxy. [Raphaël Vinot]
* Merge pull request #214 from Delta-Sierra/master. [Deborah Servili]
update mitre galaxies - add external id and killchain
* Jq. [Deborah Servili]
* Fix scripts for nobile and pre attack attack pattern. [Deborah Servili]
* Jq. [Deborah Servili]
* Update mitre galaxies - add external id and killchain. [Deborah Servili]
* Merge pull request #213 from Delta-Sierra/master. [Alexandre Dulaunoy]
update mitre 2.0 scripts to add external_id in meta
* Update mitre 2.0 scripts to add external_id in meta (still need to be tested) [Deborah Servili]
* Schema updated to have namespace key at galaxy level. [Alexandre Dulaunoy]
* Merge pull request #211 from eCrimeLabs/master. [Alexandre Dulaunoy]
Added links in relation to Threat-actor info from Dragos
* Added data related to Dragos Adverseries. [Dennis Rand]
* Merge pull request #2 from MISP/master. [eCrimeLabs]
Updated from Core
* Merge pull request #209 from raw-data/master. [Alexandre Dulaunoy]
[ADD] RadRAT, ARS VBS Loader and FlawedAmmyy into rat.json cluster
* [ADD] RadRAT, ARS VBS Loader and FlawedAmmyy into rat.json cluster. [raw-data]
* Merge pull request #210 from Delta-Sierra/master. [Deborah Servili]
update/add some clusters
* Add Stalinlocker. [Deborah Servili]
* Add Mettle botnet. [Deborah Servili]
* Update some clusters. [Deborah Servili]
* Merge pull request #208 from Delta-Sierra/master. [Deborah Servili]
add maikspy
* Merge https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Merge pull request #207 from Delta-Sierra/master. [Deborah Servili]
New clusters
* Merge pull request #206 from Delta-Sierra/master. [Alexandre Dulaunoy]
update ransomware version
* Merge pull request #205 from Delta-Sierra/master. [Deborah Servili]
update - GandCrab v3
* Merge pull request #204 from Delta-Sierra/master. [Alexandre Dulaunoy]
New clusters~
* Merge pull request #203 from Delta-Sierra/master. [Deborah Servili]
add ZooPark campaign
* Add maikspy. [Deborah Servili]
* Jq~ [Deborah Servili]
* Add reference for HNS botnet. [Deborah Servili]
* Add HNS bot net & HPE iLO 4 Ransomware/Wiper. [Deborah Servili]
* Add Kitty malware. [Deborah Servili]
* Update version -oops- [Deborah Servili]
* Update - GandCrab v3. [Deborah Servili]
* Add an unnamed ransomware. [Deborah Servili]
* Add spymaster pro as rat. [Deborah Servili]
* Add ZooPark campaign. [Deborah Servili]
* Add: threat actors from Dragos Inc. (based on https://dragos.com/adversaries.html) [Alexandre Dulaunoy]
* Merge pull request #202 from Delta-Sierra/master. [Alexandre Dulaunoy]
MOAR & MOAR Clusters
* Jq. [Deborah Servili]
* Add Rubella Macro Builder. [Deborah Servili]
* Add GravityRAT. [Deborah Servili]
* Add HOGFISH as APT10 synonym. [Deborah Servili]
* Merge pull request #201 from Delta-Sierra/master. [Alexandre Dulaunoy]
add Henbox
* Add Henbox. [Deborah Servili]
* Merge pull request #200 from Delta-Sierra/master. [Alexandre Dulaunoy]
MOAR CLUSTERS
* Add Orangeworm, Kwampirs, Iron ransomware and Ton ransomware. [Deborah Servili]
* Add Muhstik botnet. [Deborah Servili]
* Merge pull request #199 from StefanKelm/master. [Alexandre Dulaunoy]
add NMCRYPT ransomware
* NMCRYPT ransomware. [Stefan Kelm]
* Merge pull request #198 from Delta-Sierra/master. [Deborah Servili]
add Xiaoba
* Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy. [Deborah Servili]
* Update Ransomware galaxy version. [Deborah Servili]
* Jq. [Deborah Servili]
* Add Xiaoba. [Deborah Servili]
* Merge pull request #197 from Delta-Sierra/master. [Deborah Servili]
add some ransomwares
* Merge https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Merge pull request #195 from droe/master. [Alexandre Dulaunoy]
Add Comnie RAT
* Add Comnie RAT. [Daniel Roethlisberger]
* Merge pull request #194 from StefanKelm/master. [Alexandre Dulaunoy]
Update to 'Chthonic' galaxy
* Added 'Chtonic' synonym. [StefanKelm]
* Remove Chthonic since it's a duplicate (banker.json) [StefanKelm]
* Merge pull request #192 from Delta-Sierra/master. [Deborah Servili]
add some ransomwares & threat actors
* Merge pull request #191 from Delta-Sierra/master. [Deborah Servili]
add Rovnix
* Merge pull request #190 from Delta-Sierra/master. [Deborah Servili]
add LockCrypt ransomware & GoScanSSH tool
* Merge pull request #189 from Delta-Sierra/master. [Deborah Servili]
add PUBG ransomware
* Merge pull request #188 from Delta-Sierra/master. [Deborah Servili]
update matrix ransomware
* Merge pull request #187 from Delta-Sierra/master. [Deborah Servili]
update threat actor galaxy based on https://www.fireeye.com/content/d…
* Add some ransomwares. [Deborah Servili]
* Add some ransomwares & threat actors. [Deborah Servili]
* Add Rovnix. [Deborah Servili]
* Add IcedID reference. [Deborah Servili]
* Add GoScanSSH tool. [Deborah Servili]
* Add LockCrypt ransomware. [Deborah Servili]
* Jq. [Deborah Servili]
* Add PUBG ransomware. [Deborah Servili]
* Update matrix ransomware. [Deborah Servili]
* Update version. [Deborah Servili]
* Update matrix ransomware. [Deborah Servili]
* Update threat actor galaxy based on https://www.fireeye.com/content/dam/collateral/en/mtrends-2018.pdf. [Deborah Servili]
* Merge pull request #186 from Delta-Sierra/master. [Deborah Servili]
add BlackRuby& WhiteRose ransomwares (+some fix)
* Add BlackRuby& WhiteRose ransomwares (+some fix) [Deborah Servili]
* Merge pull request #185 from Delta-Sierra/master. [Deborah Servili]
merge the two Igexin clusters - fix #183
* Merge the two Igexin clusters - fix #183. [Deborah Servili]
* Merge pull request #184 from Delta-Sierra/master. [Deborah Servili]
add 2 -supposed- wipers
* Add 2 -supposed- wipers. [Deborah Servili]
* Merge pull request #182 from Delta-Sierra/master. [Deborah Servili]
Add hajime botnet + update cryptomix (new variant)
* Update ransomware galaxy versionC. [Deborah Servili]
* Update cryptomix. [Deborah Servili]
* Update botnet version. [Deborah Servili]
* Complete hajime botnet. [Deborah Servili]
* Add hajime botnet. [Deborah Servili]
* Merge pull request #181 from Delta-Sierra/master. [Deborah Servili]
add external_id to values (MITRE galaxies)
* Jq. [Deborah Servili]
* Add external_id to values. [Deborah Servili]
* Add: SHARPKNOT. [Alexandre Dulaunoy]
* Merge branch 'master' of github.com:MISP/misp-galaxy. [Raphaël Vinot]
* Merge pull request #179 from Delta-Sierra/master. [Alexandre Dulaunoy]
add several tools
* Merge https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Add several tools. [Deborah Servili]
* Merge pull request #176 from StefanKelm/master. [Alexandre Dulaunoy]
Cosmetic changes only
* Update mitre-enterprise-attack-intrusion-set.json. [StefanKelm]
* Update create_mitre-enterprise-attack-tool_galaxy.py. [StefanKelm]
* Update create_mitre-enterprise-attack-relationship_galaxy.py. [StefanKelm]
* Update create_mitre-enterprise-attack-malware_galaxy.py. [StefanKelm]
* Update create_mitre-enterprise-attack-intrusion-set_galaxy.py. [StefanKelm]
* Update create_mitre-enterprise-attack-course-of-action_galaxy.py. [StefanKelm]
* Update create_mitre-enterprise-attack-attack-pattern_galaxy.py. [StefanKelm]
* Update mitre-enterprise-attack-intrusion-set.json. [StefanKelm]
* Update README.md. [StefanKelm]
* Update and rename mitre-entreprise-attack-tool.json to mitre-enterprise-attack-tool.json. [StefanKelm]
* Rename mitre-entreprise-attack-relationship.json to mitre-enterprise-attack-relationship.json. [StefanKelm]
* Update mitre-entreprise-attack-relationship.json. [StefanKelm]
* Update and rename mitre-entreprise-attack-malware.json to mitre-enterprise-attack-malware.json. [StefanKelm]
* Update and rename mitre-entreprise-attack-intrusion-set.json to mitre-enterprise-attack-intrusion-set.json. [StefanKelm]
* Update and rename mitre-entreprise-attack-course-of-action.json to mitre-enterprise-attack-course-of-action.json. [StefanKelm]
* Update and rename mitre-entreprise-attack-attack-pattern.json to mitre-enterprise-attack-attack-pattern.json. [StefanKelm]
* Update and rename mitre-entreprise-attack-tool.json to mitre-enterprise-attack-tool.json. [StefanKelm]
* Update and rename mitre-entreprise-attack-relationship.json to mitre-enterprise-attack-relationship.json. [StefanKelm]
* Update and rename mitre-entreprise-attack-malware.json to mitre-enterprise-attack-malware.json. [StefanKelm]
* Update and rename mitre-entreprise-attack-intrusion-set.json to mitre-enterprise-attack-intrusion-set.json. [StefanKelm]
* Update mitre-enterprise-attack-course-of-action.json. [StefanKelm]
* Update and rename mitre-entreprise-attack-course-of-action.json to mitre-enterprise-attack-course-of-action.json. [StefanKelm]
* Update and rename mitre-entreprise-attack-attack-pattern.json to mitre-enterprise-attack-attack-pattern.json. [StefanKelm]
* Merge pull request #175 from Delta-Sierra/master. [Deborah Servili]
add Zenis ransomware
* Update Android galaxy based on: https://source.android.com/security/reports/Google_Android_Security_2017_Report_Final.pdf - possible duplicates! [Deborah Servili]
* Add Zenis ransomware. [Deborah Servili]
* Merge pull request #174 from Delta-Sierra/master. [Deborah Servili]
add gamut botnet
* Merge branch 'master' into master. [Deborah Servili]
* Merge pull request #173 from danielplohmann/leviathan. [Alexandre Dulaunoy]
adding Leviathan / TEMP.Periscope
* Added leviathan. [Daniel Plohmann (jupiter)]
* Merge pull request #172 from eCrimeLabs/master. [Alexandre Dulaunoy]
Added RoyalCli and RoyalDNS related to APT15 based on information from NCC Group
* Added RoyalCli and RoyalDNS related to APT15 based on information from NCC Group. [Dennis Rand]
* Merge pull request #1 from MISP/master. [eCrimeLabs]
Syncing Fork
* Merge pull request #171 from Delta-Sierra/master. [Alexandre Dulaunoy]
add qwerty ransomware
* Merge pull request #170 from eCrimeLabs/master. [Alexandre Dulaunoy]
Malware Used by APT37
* Malware Used by APT37. [eCrimeLabs]
Malware Used by APT37
* Added tools from APT37. [eCrimeLabs]
Malware Used by APT37
* Merge pull request #167 from Delta-Sierra/master. [Alexandre Dulaunoy]
update some clusters
* Merge pull request #166 from Delta-Sierra/master. [Alexandre Dulaunoy]
add Nautilus, Neuron and update GandCrab
* Merge pull request #165 from Delta-Sierra/master. [Alexandre Dulaunoy]
add some tools
* Merge pull request #164 from Delta-Sierra/master. [Alexandre Dulaunoy]
add RSAUtil and Coldroot
* Merge pull request #163 from Delta-Sierra/master. [Alexandre Dulaunoy]
Add TSCookie Malware and RAT
* Add gamut botnet. [Deborah Servili]
* Jq. [Deborah Servili]
* Add qwertyransomware. [Deborah Servili]
* Update version. [Deborah Servili]
* Jq. [Deborah Servili]
* Add missing uuid. [Deborah Servili]
* Add ref for BS2005. [Deborah Servili]
* Update Mirage Threat actor. [Deborah Servili]
* Add Nautilus, Neuron and update GandCrab. [Deborah Servili]
* Update GandCrab. [Deborah Servili]
* Jq all the things. [Deborah Servili]
* Add missing uuid. [Deborah Servili]
* Add Shipup. [Deborah Servili]
* Add ghotex. [Deborah Servili]
* Add miniflame. [Deborah Servili]
* Add Downloader-FGO. [Deborah Servili]
* Add Cheshire Cat -hack.lu video as reference! [Deborah Servili]
* Add Aurora/Hydraq. [Deborah Servili]
* Add Rotinom. [Deborah Servili]
* Add Exforel. [Deborah Servili]
* Add RSAUtil and Coldroot. [Deborah Servili]
* Add TSCookie Malware and RAT. [Deborah Servili]
* Merge pull request #162 from Delta-Sierra/master. [Alexandre Dulaunoy]
add uuid to every cluster
* Jq. [Deborah Servili]
* Merge https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Fix #161. [Alexandre Dulaunoy]
* Merge pull request #160 from Delta-Sierra/master. [Alexandre Dulaunoy]
add botnets to galaxy
* Merge pull request #159 from Delta-Sierra/master. [Alexandre Dulaunoy]
add MITRE Galaxies V2.0
* Modify argument in add_missing_uuid script. [Deborah Servili]
* Jq ftw. [Deborah Servili]
* Add uuid to every cluster. [Deborah Servili]
* Add extension for Thanatos ransomware. [Deborah Servili]
* Add botnets to galaxy. [Deborah Servili]
* Add Thanatos ransomware. [Deborah Servili]
* Removing duplicates refs - 2. [Deborah Servili]
* Manage duplicate refs - first try. [Deborah Servili]
* Clean version. [Deborah Servili]
* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Add: UUID also at value level. [Alexandre Dulaunoy]
* Merge pull request #157 from Delta-Sierra/master. [Alexandre Dulaunoy]
add botnet galaxy and other stuffs
* Merge pull request #156 from Delta-Sierra/master. [Alexandre Dulaunoy]
complete gandcrab - add ransomnotes
* Merge pull request #155 from Delta-Sierra/master. [Alexandre Dulaunoy]
add gandcrap ransomware + update references
* Jq all the things. [Deborah Servili]
* Add uuid as a field. [Deborah Servili]
* Fix empty meta field. [Deborah Servili]
* Add MITRE Galaxies V2.0. [Deborah Servili]
* Add botnet galaxy to readme. [Deborah Servili]
* Create botnet galaxy. [Deborah Servili]
* Add ShurL0ckr ransomware. [Deborah Servili]
* Add synonym and ref for Emissary Panda (Iron Tiger APT) [Deborah Servili]
* Jq. [Deborah Servili]
* Complete gandcrab. [Deborah Servili]
* Add gandcrap ransomware + update references. [Deborah Servili]
* Merge branch 'Kafeine-master' [Alexandre Dulaunoy]
* Merge branch 'master' of https://github.com/Kafeine/misp-galaxy into Kafeine-master. [Alexandre Dulaunoy]
* ~Sakura description. [Kafeine]
* +SPL Exploit Kit, ~Grandsoft. [Kafeine]
* BlackTDS added. [Kafeine]
* Merge pull request #153 from Delta-Sierra/master. [Alexandre Dulaunoy]
add Smominru
* Add Smominru. [Deborah Servili]
* Merge pull request #152 from Delta-Sierra/master. [Alexandre Dulaunoy]
add CrossRat
* Add CrossRat. [Deborah Servili]
* Add ref to Nexus Zeta. [Alexandre Dulaunoy]
* Add: Nexus Zeta is no stranger when it comes to implementing SOAP relatedrelated exploit ;-) [Alexandre Dulaunoy]
* Add: Matsuta IoT botnet added. [Alexandre Dulaunoy]
* Merge pull request #151 from danielplohmann/dark-caracal. [Alexandre Dulaunoy]
adding dark caracal
* Adding dark caracal. [Daniel Plohmann]
* Merge pull request #150 from Delta-Sierra/master. [Alexandre Dulaunoy]
add Digmine
* Add Digmine. [Deborah Servili]
* Merge pull request #149 from Delta-Sierra/master. [Alexandre Dulaunoy]
add downAndExec
* Add downAndExec. [Deborah Servili]
* Merge pull request #148 from Delta-Sierra/master. [Deborah Servili]
add travle/PYLOT
* Add travle/PYLOT. [Deborah Servili]
* Merge pull request #147 from Delta-Sierra/master. [Deborah Servili]
fix forgotten value Microcin
* Fix forgotten value Microcin. [Deborah Servili]
* Merge pull request #146 from Delta-Sierra/master. [Alexandre Dulaunoy]
add macOS malwares
* Add macOS malwares. [Deborah Servili]
* Merge pull request #145 from Delta-Sierra/master. [Alexandre Dulaunoy]
add monero miner
* Add monero miner. [Deborah Servili]
* Merge pull request #144 from Delta-Sierra/master. [Alexandre Dulaunoy]
rename files + update README.md
* Rename files + update README.md. [Deborah Servili]
* Merge pull request #143 from Delta-Sierra/master. [Alexandre Dulaunoy]
New galaxy Branded Vulnerability
* New galaxy Branded Vulnerability. [Deborah Servili]
* Add in preventive measures: blacklisting phone numbers. [Alexandre Dulaunoy]
* Merge pull request #142 from Delta-Sierra/master. [Alexandre Dulaunoy]
add SedKit
* Jqallthethings. [Deborah Servili]
* Update Sofacy tools. [Deborah Servili]
* Modify SedKit description. [Deborah Servili]
* Add SedKit. [Deborah Servili]
* Merge pull request #141 from Delta-Sierra/master. [Alexandre Dulaunoy]
add "Power"tools
* Add "Power"tools. [Deborah Servili]
* Merge pull request #140 from Delta-Sierra/master. [Alexandre Dulaunoy]
add satori (Mirai Variant)
* Add satori (Mirai Variant) [Deborah Servili]
* Merge pull request #139 from Delta-Sierra/master. [Alexandre Dulaunoy]
update Android galaxy
* Merge https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Merge pull request #138 from Delta-Sierra/master. [Alexandre Dulaunoy]
add source for NewCore RAT
* Merge pull request #137 from Delta-Sierra/master. [Alexandre Dulaunoy]
update OilRig threat actor
* Merge pull request #136 from Delta-Sierra/master. [Alexandre Dulaunoy]
add OSX.Pirrit
* Add PRILEX & CUTLET MAKER. [Deborah Servili]
* Add GratefulPOS. [Deborah Servili]
* Update Android galaxy. [Deborah Servili]
* Add source for NewCore RAT. [Deborah Servili]
* Update OilRig threat actor. [Deborah Servili]
* Add file spider ransomware. [Deborah Servili]
* Add OSX.Pirrit. [Deborah Servili]
* TRISIS is the main name of TRITON as discussed in https://twitter.com/DragosInc/status/941355602512613381. [Alexandre Dulaunoy]
* TRITON added. [Alexandre Dulaunoy]
* Merge pull request #135 from Delta-Sierra/master. [Alexandre Dulaunoy]
add Quant Loader
* Add SSHDoor. [Deborah Servili]
* Add cryptomix variant. [Deborah Servili]
* Add Quant Loader. [Deborah Servili]
* Merge pull request #134 from Delta-Sierra/master. [Deborah Servili]
Add MoneyTaker
* Add MoneyTaker. [Deborah Servili]
* Update threat actor galaxy. [Deborah Servili]
* Merge pull request #133 from Delta-Sierra/master. [Deborah Servili]
add source for BankBot
* Add source for BankBot. [Deborah Servili]
* Merge branch 'Delta-Sierra-master' [Alexandre Dulaunoy]
* Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master. [Alexandre Dulaunoy]
* Jq. [Deborah Servili]
* Add malware/ransomwares. [Deborah Servili]
* Merge conflict solved - wp-vcd added. [Alexandre Dulaunoy]
* StrongPity2 added. [Alexandre Dulaunoy]
* Merge pull request #131 from Delta-Sierra/master. [Deborah Servili]
add SLocker
* Add SLocker. [Deborah Servili]
* Merge pull request #130 from Delta-Sierra/master. [Deborah Servili]
add HC7 ransomware
* Add HC7 ransomware. [Deborah Servili]
* Merge pull request #129 from Delta-Sierra/master. [Deborah Servili]
add StorageCrypt Ransomware
* Add StorageCrypt Ransomware. [Deborah Servili]
* Merge pull request #128 from Delta-Sierra/master. [Deborah Servili]
add Halloware ransomware
* Add Halloware ransomware. [Deborah Servili]
* Merge pull request #127 from Delta-Sierra/master. [Deborah Servili]
update cryptomix
* Update cryptomix. [Deborah Servili]
* Add: Tizi malware added. [Alexandre Dulaunoy]
* Merge pull request #126 from Delta-Sierra/master. [Alexandre Dulaunoy]
add UBoatRAT
* Add UBoatRAT. [Deborah Servili]
* Merge pull request #125 from Delta-Sierra/master. [Raphaël Vinot]
update ROKRAT
* Update ROKRAT. [Deborah Servili]
* Merge pull request #124 from Delta-Sierra/master. [Deborah Servili]
cryptomix - update
* Cryptomix - update. [Deborah Servili]
* Merge pull request #123 from Delta-Sierra/master. [Alexandre Dulaunoy]
add IcedID banker
* Add IcedID banker. [Deborah Servili]
* Merge pull request #122 from Delta-Sierra/master. [Deborah Servili]
cryptomix - merge duplicates and update
* Cryptomix - add ransomnotes. [Deborah Servili]
* Cryptomix - merge duplicates and update. [Deborah Servili]
* Merge pull request #121 from Delta-Sierra/master. [Alexandre Dulaunoy]
add Ordinypt
* Add Ordinypt. [Deborah Servili]
* Merge pull request #120 from Delta-Sierra/master. [Alexandre Dulaunoy]
update tool galaxy
* Jq. [Deborah Servili]
* Update tool galaxy. [Deborah Servili]
* Merge pull request #119 from steffenenders/patch-1. [Alexandre Dulaunoy]
Fixed mixed up description/value for MuddyWater
* Fixed mixed up description/value for MuddyWater. [steffenenders]
* Merge pull request #118 from Delta-Sierra/master. [Alexandre Dulaunoy]
add MuddyWater + Update HIDDEN COBRA and update its tools
* Add MuddyWater + Update HIDDEN COBRA and update its tools. [Deborah Servili]
* Merge pull request #117 from Delta-Sierra/master. [Alexandre Dulaunoy]
add Silence Trojan
* Add Silence Trojan. [Deborah Servili]
* Merge pull request #116 from Delta-Sierra/master. [Alexandre Dulaunoy]
Fix typo
* Update version number. [Deborah Servili]
* Merge https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Merge pull request #115 from Delta-Sierra/master. [Alexandre Dulaunoy]
add ALMA Communicator
* Merge pull request #114 from Delta-Sierra/master. [Alexandre Dulaunoy]
add Sowbug group
* Merge pull request #113 from Delta-Sierra/master. [Alexandre Dulaunoy]
add sector vocabulary
* Merge pull request #112 from Delta-Sierra/master. [Deborah Servili]
update Felismus RAT
* Merge pull request #111 from Delta-Sierra/master. [Alexandre Dulaunoy]
Fix README.md AGAIN
* Fix typo - Spaaaace~ [Deborah Servili]
* Add ALMA Communicator. [Deborah Servili]
* Add Sowbug group. [Deborah Servili]
* Add sector vocabulary. [Deborah Servili]
* Update Falismus RAT. [Deborah Servili]
* Merge https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Merge pull request #110 from Delta-Sierra/master. [Alexandre Dulaunoy]
Fix README.md
* ##comma## AGAIN. [Deborah Servili]
* Merge https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Merge pull request #108 from sbrom/master. [Alexandre Dulaunoy]
Updated with data from APT Groups and Operations
* Merge pull request #4 from frbor/fix-iso-code-3. [sbrom]
Fix iso codes
* Fix-iso-code-3. [Fredrik Borg]
* Fix iso codes. [Fredrik Borg]
* Merge pull request #2 from frbor/master. [sbrom]
Remove duplicate references
* Merge branch 'fix-duplicates' [Fredrik Borg]
* Remove duplicate references. [Fredrik Borg]
* Merge pull request #1 from frbor/master. [sbrom]
Replace tab with space and add newline at end of file
* Replace tab with space and add newline at end of file. [Fredrik Borg]
* Updated with data from APT Groups and Operations. [Siri Bromander]
* Merge pull request #109 from Delta-Sierra/master. [Alexandre Dulaunoy]
update README
* ##comma## [Deborah Servili]
* Update README. [Deborah Servili]
* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]
* Merge pull request #107 from frbor/iso-codes. [Raphaël Vinot]
Use standard (2 digits) ISO codes for all countries
* Bump version number. [Fredrik Borg]
* Use standard (2 digits) ISO codes for all countries. [Fredrik Borg]
* Update banker galaxy. [Raphaël Vinot]
* Merge branch 'master' of github.com:MISP/misp-galaxy. [Raphaël Vinot]
* Merge pull request #106 from Delta-Sierra/master. [Deborah Servili]
add htpRAT
* Add htpRAT. [Deborah Servili]
* Merge pull request #105 from Delta-Sierra/master. [Alexandre Dulaunoy]
add dimnie
* Add dimnie. [Deborah Servili]
* Merge pull request #104 from Delta-Sierra/master. [Alexandre Dulaunoy]
add ttp-categories descriptions
* Add ttp-categories descripiions. [Deborah Servili]
* Merge pull request #103 from Delta-Sierra/master. [Deborah Servili]
add Formbook
* Fix typo. [Deborah Servili]
* Add Formbook. [Deborah Servili]
* Cosmetic updates. [Raphaël Vinot]
* Deduplicate Android cluster. [Raphaël Vinot]
* Merge branch 'master' of github.com:MISP/misp-galaxy. [Raphaël Vinot]
* Merge pull request #102 from Delta-Sierra/master. [Alexandre Dulaunoy]
delete x_ prefix from mitre_attack_pattern
* Jq. [Deborah Servili]
* Add galaxy icon to mitre-cti tools & regenerate galaxies. [Deborah Servili]
* Delete x_ prefix from mitre_attack_pattern. [Deborah Servili]
* Add android and banker galaxies. [Raphaël Vinot]
* Remove the executable flag from the json files, again. [Raphaël Vinot]
* Merge branch 'master' of github.com:MISP/misp-galaxy. [Raphaël Vinot]
* Merge pull request #101 from Delta-Sierra/master. [Deborah Servili]
add BadRabbit ransomware
* Add BadRabbit ransomware. [Deborah Servili]
* Merge pull request #100 from Delta-Sierra/master. [Alexandre Dulaunoy]
add cert EU govsectors galaxy
* Update README.md. [Deborah Servili]
* Add cert EU govsectors galaxy. [Deborah Servili]
* Merge pull request #99 from Delta-Sierra/master. [Deborah Servili]
typo
* Typo. [Deborah Servili]
* SOCKET23 RAT added. [Alexandre Dulaunoy]
* JadeRAT added. [Alexandre Dulaunoy]
* Merge pull request #98 from Delta-Sierra/master. [Alexandre Dulaunoy]
add cert-eu based vocabularies
* Jq. [Deborah Servili]
* Add IoT_reaper. [Deborah Servili]
* Delete duplicate. [Deborah Servili]
* Add cert-eu based vocabularies. [Deborah Servili]
* Jq all the things. [Alexandre Dulaunoy]
* Merge pull request #97 from Delta-Sierra/master. [Alexandre Dulaunoy]
add synonym in tool galaxy
* Add synonym in tool galaxy. [Deborah Servili]
* Merge pull request #96 from Delta-Sierra/master. [Alexandre Dulaunoy]
add cert EU's motive vocabulary
* ##comma## [Deborah Servili]
* Add cert EU's motive vocabulary. [Deborah Servili]
* Merge pull request #95 from Delta-Sierra/master. [Alexandre Dulaunoy]
add sectors galaxy
* Add sectors galaxy. [Deborah Servili]
* Merge pull request #94 from Delta-Sierra/master. [Alexandre Dulaunoy]
add lukitus extension to Locky
* Add lukitus ransomnote to Locky. [Deborah Servili]
* Add lukitus extension to Locky. [Deborah Servili]
* Merge pull request #93 from Delta-Sierra/master. [Alexandre Dulaunoy]
add year of apparition for Rats + fixing some typos
* Fix typo. [Deborah Servili]
* Add year of apparition for Rats + fixing some typos. [Deborah Servili]
* Merge pull request #92 from Delta-Sierra/master. [Alexandre Dulaunoy]
add Remote Access/Administration Tools
* Jq. [Deborah Servili]
* Add Remote Access/Administration Tools. [Deborah Servili]
* Merge pull request #91 from danielplohmann/apt33. [Alexandre Dulaunoy]
add APT33 as identified by FireEye
* Add APT33 as identified by FireEye. [Daniel Plohmann]
* Schema updated to include icon field. [Alexandre Dulaunoy]
* As now everything is in the Blockchain, ransomware are too. [Alexandre Dulaunoy]
* Icons for the grand Master who is redesigning the overall graphical view. [Alexandre Dulaunoy]
* Merge pull request #90 from Delta-Sierra/master. [Deborah Servili]
add Adwind RAT synonyms
* Add Adwind RAT synonyms. [Deborah Servili]
* Fix typo. [Deborah Servili]
* Merge pull request #89 from Delta-Sierra/master. [Deborah Servili]
add SyncCrypt Ransomwar
* Add SyncCrypt Ransomwar. [Deborah Servili]
* Merge pull request #88 from Delta-Sierra/master. [Deborah Servili]
add SynAck Ransomware
* Add SynAck Ransomware ransomnote's name. [Deborah Servili]
* Add SynAck Ransomware. [Deborah Servili]
* Merge pull request #87 from Delta-Sierra/master. [Alexandre Dulaunoy]
add tools and rat
* Fix typo~ [Deborah Servili]
* Add tools and rat. [Deborah Servili]
* Remove the executable flag from the json files. [Raphaël Vinot]
* JQ all the things. [Raphaël Vinot]
* Fixed with jq ;-) [Alexandre Dulaunoy]
* Merge pull request #86 from Kafeine/master. [Alexandre Dulaunoy]
Up EK and TDS
* Merge branch 'master' into master. [Kafeine]
* Merge pull request #85 from Delta-Sierra/master. [Deborah Servili]
add ransomwares
* Add ransomwares. [Deborah Servili]
* Merge pull request #84 from Delta-Sierra/master. [Alexandre Dulaunoy]
add fireball malware
* Add fireball malware. [Deborah Servili]
* Merge pull request #83 from Delta-Sierra/master. [Alexandre Dulaunoy]
add Joao malware
* Add Joao malware. [Deborah Servili]
* EngineBox malware added. [Alexandre Dulaunoy]
* Adversarial Tactics, Techniques & Common Knowledge from MITRE ATT&CK added. [Alexandre Dulaunoy]
* Merge pull request #82 from Delta-Sierra/master. [Alexandre Dulaunoy]
update mitre galaxies and scripts
* Jq. [Deborah Servili]
* Update mitre galaxies. [Deborah Servili]
* Script mitre - version given as an input + renaming. [Deborah Servili]
* Merge pull request #81 from Delta-Sierra/master. [Alexandre Dulaunoy]
Fixed some issues with a misnamed galaxy - script
* Fixed some issues with a misnamed galaxy - script. [Deborah Servili]
* Fixed some issues with a misnamed galaxy. [iglocska]
* Merge pull request #80 from Delta-Sierra/master. [Alexandre Dulaunoy]
add mitre based galaxies
* Version is integer. [Deborah Servili]
* Put uuid as meta. [Deborah Servili]
* New generation of mitre galaxies. [Deborah Servili]
* Fix mitre-cti script - replace 'name' by 'value' [Deborah Servili]
* Add mitre based galaxies. [Deborah Servili]
* Asciidoctor-pdf is now stable. [Alexandre Dulaunoy]
* Documentation generator added. [Alexandre Dulaunoy]
* Merge pull request #79 from Delta-Sierra/master. [Alexandre Dulaunoy]
add scripts to create galaxy from https://github.com/mitre/cti/tree/master/ATTACK
* Add scripts to create galaxy from https://github.com/mitre/cti/tree/master/ATTACK - still under testing. [Deborah Servili]
* Fix space typo. [Deborah Servili]
* Merge pull request #78 from Delta-Sierra/master. [Alexandre Dulaunoy]
add GlobeImposter synonym
* Type is array -shh I'm bad with the format, I know. [Deborah Servili]
* Type is meta. [Deborah Servili]
* Jq~ [Deborah Servili]
* Add/update tool galaxy. [Deborah Servili]
* Add GlobeImposter synonym. [Deborah Servili]
* Merge pull request #75 from Delta-Sierra/master. [Raphaël Vinot]
add svpeng tool
* Jq. [Deborah Servili]
* Merge branch 'master' into master. [Deborah Servili]
* Try to merge 'CowerSnail added' [Deborah Servili]
* Add svpeng tool. [Deborah Servili]
* Merge pull request #77 from danielplohmann/fin7. [Raphaël Vinot]
added FIN7 as alias for anunak
* Added FIN7 as alias for anunak. [Daniel Plohmann]
* Merge pull request #76 from danielplohmann/axiom-merge. [Raphaël Vinot]
merged barium into axiom (only one redundant reference given)
* Merged barium into axiom (only one redundant reference given) [Daniel Plohmann]
* CowerSnail added. [Alexandre Dulaunoy]
* Remove duplicates. [Raphaël Vinot]
* Merge pull request #74 from Delta-Sierra/master. [Raphaël Vinot]
adding clusters based on MISP data
* Clean tool.json. [Deborah Servili]
* Update Spring Dragon threat actor. [Deborah Servili]
* Adding clusters based on MISP data. [Deborah Servili]
* Add missing name XtremeRAT. [Raphaël Vinot]
* Merge branch 'master' of github.com:MISP/misp-galaxy. [Raphaël Vinot]
* Add validators for vocabularies and misp. [Raphaël Vinot]
* Remove empty string. [Raphaël Vinot]
* Add new entries in meta key. [Raphaël Vinot]
* Remove duplicates. [Raphaël Vinot]
* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]
* Merge pull request #73 from Delta-Sierra/master. [Alexandre Dulaunoy]
add cerber synonym
* Add cerber synonym. [Deborah Servili]
* Cobalt gang added. [Alexandre Dulaunoy]
* El Machete added. [Alexandre Dulaunoy]
* Merge pull request #72 from Delta-Sierra/master. [Alexandre Dulaunoy]
add synonym for ammyyadmin
* Merge https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Merge pull request #71 from Delta-Sierra/master. [Alexandre Dulaunoy]
Add SOREBRECT ransomware
* Add synonym for ammyyadmin. [Deborah Servili]
* Add SOREBRECT ransomware. [Deborah Servili]
* Jq all ;-) [Alexandre Dulaunoy]
* Merge pull request #70 from jaimeblasco/master. [Alexandre Dulaunoy]
Added FIN8 actor
* Added FIN8 actor. [Jaime]
* Merge pull request #69 from Delta-Sierra/master. [Alexandre Dulaunoy]
alwaaays moooore RAT
* Merge https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Merge pull request #68 from Delta-Sierra/master. [Alexandre Dulaunoy]
add rats
* Alwaaays moooore RAT. [Deborah Servili]
* Add rats from https://www.lifewire.com/free-remote-access-software-tools-2625161. [Deborah Servili]
* Add rats. [Deborah Servili]
* Validation added. [Alexandre Dulaunoy]
* Jq. [Alexandre Dulaunoy]
* Merge pull request #67 from Delta-Sierra/master. [Alexandre Dulaunoy]
add some rats and tools
* Add some rats sand tools. [Deborah Servili]
* Merge pull request #66 from elhoim/patch-2. [Alexandre Dulaunoy]
Added Symantec alias for sofacy
* Added Symantec alias for sofacy. [David André]
* Merge pull request #65 from danielplohmann/hidden-cobra-lazarus. [Alexandre Dulaunoy]
added Hidden Cobra as alias for Lazarus Group
* Merge branch 'master' into hidden-cobra-lazarus. [danielplohmann]
* Merge pull request #64 from danielplohmann/threat-actor-electrum. [Alexandre Dulaunoy]
Threat actor electrum
* Added ELECTRUM to threat-actor.json (afaik not confirmed as an alias atm) [Daniel Plohmann]
* Added PLATINUM to threat-actor.json (afaik not confirmed as an alias atm) [Daniel Plohmann]
* Added Hidden Cobra as alias for Lazarus Group. [Daniel Plohmann (jupiter)]
* Merge pull request #62 from Delta-Sierra/master. [Raphaël Vinot]
update rat galaxy
* Merge https://github.com/MISP/misp-galaxy. [Deborah Servili]
* Merge pull request #58 from danielplohmann/wildneutron. [Alexandre Dulaunoy]
added WildNeutron (Morph, Butterfly, Sphinx Moth)
* Added WildNeutron (Morph, Butterfly, Sphinx Moth) [Daniel Plohmann (jupiter)]
* Merge pull request #61 from Delta-Sierra/master. [Alexandre Dulaunoy]
edit threat actor - should fix #59 and #60
* Update rat. [Deborah Servili]
* Edit threat actor - should fix #59 and #60. [Deborah Servili]
* Merge pull request #56 from elhoim/patch-1. [Alexandre Dulaunoy]
Added synonyms for APT10 and one for APT1
* Added synonyms for APT10 and one for APT1. [David André]
* RAT added. [Alexandre Dulaunoy]
* Merge pull request #57 from Delta-Sierra/master. [Alexandre Dulaunoy]
add rat galaxy
* Jq. [Deborah Servili]
* Add RAT listed in https://github.com/kevthehermit/RATDecoders. [Deborah Servili]
* Add rat galaxy. [Deborah Servili]
* SilverTerrier added. [Alexandre Dulaunoy]
* Jq all. [Alexandre Dulaunoy]
* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]
* Merge pull request #54 from Delta-Sierra/master. [Alexandre Dulaunoy]
add Uiwik ransomware
* Jq 'n ##COMMA## [Deborah Servili]
* Add Uiwik ransomware. [Deborah Servili]
* Merge pull request #53 from Delta-Sierra/master. [Alexandre Dulaunoy]
add synonym - half done
* Add synonym and cleaning. [Deborah Servili]
* Merge hiddentear & cryptear data. [Deborah Servili]
* Add synonym - half done. [Deborah Servili]
* Add synonym - step 1. [Deborah Servili]
* Merge pull request #52 from Delta-Sierra/master. [Alexandre Dulaunoy]
add synonym to hancitor
* Add synonym to hancitor. [Deborah Servili]
* Merge pull request #51 from Delta-Sierra/master. [Alexandre Dulaunoy]
add jaff Ransomware
* Add jaff Ransomwarejq-ed. [Deborah Servili]
* Add jaff Ransomware. [Deborah Servili]
* Emotet/Geodo added. [Alexandre Dulaunoy]
* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]
* Merge pull request #50 from Delta-Sierra/master. [Alexandre Dulaunoy]
Update ransomware galaxy - possible duplicate
* Property requirement updated. [Deborah Servili]
* Update Wannacry ransomware. [Deborah Servili]
* Make it mergable (try to) [Deborah Servili]
* Update ransomware galaxy - possible duplicate. [Déborah Servili]
* Remove duplicate ref. [Alexandre Dulaunoy]
* Input from Deborah incorporated. [Alexandre Dulaunoy]
* APT32 added. [Alexandre Dulaunoy]
* WannaCry added. [Alexandre Dulaunoy]
* PDF added. [Alexandre Dulaunoy]
* Fixed the double trailing dot. [Alexandre Dulaunoy]
* Add meaningful infobox. [Alexandre Dulaunoy]
* A tool to convert MISP Galaxy Cluster into an asciidoctor document. [Alexandre Dulaunoy]
* Kazuar: Multiplatform Espionage Backdoor with API Access added. [Alexandre Dulaunoy]
* Duplicate references removed. [Alexandre Dulaunoy]
* Merge pull request #49 from Delta-Sierra/master. [Alexandre Dulaunoy]
reformat ransomware galaxy
* Add source to please the schema~ [Déborah Servili]
* Change sources for authors. [Déborah Servili]
* Jq on ransomware. [Déborah Servili]
* Managing duplicate. [Déborah Servili]
* Managing duplicate. [Déborah Servili]
* Reformat ransomware galaxy - including http://pastebin.com/raw/GHgpWjar. [Déborah Servili]
* Reformat ransomware galaxy. [Déborah Servili]
* Additional properties allowed on the meta part. [Alexandre Dulaunoy]
* REDLEAVES malware added. [Alexandre Dulaunoy]
* Merge pull request #48 from Delta-Sierra/master. [Raphaël Vinot]
add Cardinal RAT
* Update tools. [Déborah Servili]
* Feodo added. [Alexandre Dulaunoy]
* FlexiSpy. [Alexandre Dulaunoy]
* Shadow broker leak of NSA tools from https://github.com/misterch0c/shadowbroker. [Alexandre Dulaunoy]
* First batch of shadow broker leak (NSA name of exploit and tools) from https://github.com/misterch0c/shadowbroker. [Alexandre Dulaunoy]
* Jq all. [Alexandre Dulaunoy]
* Merge pull request #40 from Kafeine/master. [Alexandre Dulaunoy]
Updated.
* Merge pull request #47 from Delta-Sierra/master. [Alexandre Dulaunoy]
add synonyms for Da Vinci RCS
* Merge pull request #46 from Delta-Sierra/master. [Alexandre Dulaunoy]
Add some tools/threat actor
* Add Cardinal RAT. [Déborah Servili]
* Add synonyms for Da Vinci RCS. [Déborah Servili]
* Merge https://github.com/MISP/misp-galaxy. [Déborah Servili]
* Merge pull request #45 from Delta-Sierra/master. [Alexandre Dulaunoy]
add tools from https://www.fireeye.com/blog/threat-research/2017/04/apt10_menupass_grou.html
* ##comma## [Déborah Servili]
* Add some tools/threat actor. [Déborah Servili]
* Correct copypasta mistake. [Déborah Servili]
* Merge https://github.com/MISP/misp-galaxy. [Déborah Servili]
* Merge pull request #44 from Delta-Sierra/master. [Alexandre Dulaunoy]
Update tool's galaxy
* Add tools from https://www.fireeye.com/blog/threat-research/2017/04/apt10_menupass_grou.html. [Déborah Servili]
* Update tool. [Déborah Servili]
* Json fix. [Déborah Servili]
* Update tool's galaxy using http://contagiodump.blogspot.lu/2013/03/mandiant-apt1-samples-categorized-by.html. [Déborah Servili]
* Merge https://github.com/MISP/misp-galaxy. [Déborah Servili]
* Longhorn (CIA) added. [Alexandre Dulaunoy]
* Sathurbot added. [Alexandre Dulaunoy]
* The product from NSO Group Technologies added to the list of tools. [Alexandre Dulaunoy]
The Pegasus name is used as synonym of Chrysaor ;-)
* The mysterious ZIRCONIUM activity group added. [Alexandre Dulaunoy]
* Merge pull request #43 from nyx0/master. [Alexandre Dulaunoy]
Add new Sednit name
* Add new Sednit name according to https://www.secureworks.com/research/iron-twilight-supports-active-measures. [nyx0]
* Trochilus and MoonWind RATs added. [Alexandre Dulaunoy]
* KHRAT added. [Alexandre Dulaunoy]
* Merge pull request #42 from chrisdoman/master. [Alexandre Dulaunoy]
Added descriptions and reference to threat-actor json
* Added descriptions and reference to threat-actor json. [chrisdoman]
* JQ all. [Alexandre Dulaunoy]
* Merge https://github.com/MISP/misp-galaxy. [Déborah Servili]
* +WhiteHole +ref for Disdain. [Kafeine]
* +disdain+captainblack-Neutrino. [Kafeine]
* Update exploit-kit.json. [Kafeine]
* Fix. [Kafeine]
* +Bingo -- Hunter > Retired. [Kafeine]
* Update tds.json. [Kafeine]
* Fix. [Kafeine]
* Update Terror. [Kafeine]
* Updated. [Kafeine]
Blaze <-> Terror - Updated Sundown and Nebula status
* Merge branch 'master' into master. [Raphaël Vinot]
* JQ all the things. [Raphaël Vinot]
* Merge pull request #41 from CERT-Bund/patch-1. [Raphaël Vinot]
Added groups, joined groups, added synonyms (see extended description)
* Fix typo. [Raphaël Vinot]
* Added groups, joined groups, added synonyms (see extended description) [CERT-Bund]
* IMEIJ added. [Alexandre Dulaunoy]
* Missing \n at the end of the file. [Alexandre Dulaunoy]
* Merge pull request #38 from chrisdoman/master. [Alexandre Dulaunoy]
Added references
* Ran jq. [Chris Doman]
* Added references. [Chris Doman]
Mostly added references to existing groups
Capitalised DarkHotel, put a space in APT30 default name (the others
had that)
* Add: Gamaredon Group added. [Alexandre Dulaunoy]
* Merge pull request #37 from cvandeplas/master. [Christophe Vandeplas]
minor correction
* Minor correction. [Christophe Vandeplas]
* Merge pull request #36 from Th4nat0s/gutembergII. [Alexandre Dulaunoy]
Gutemberg II
* Remove duplicate of ratdecode import. [Thanat0s]
* Add a bunch of rat from ratdecoder list. [Thanat0s]
* Pimp Epic turla. [Thanat0s]
* Pimp and agreggate turla. [Thanat0s]
* Somes alias fetch from : https://attack.mitre.org/wiki/Groups. [Thanat0s]
* Pimp comrat. [Thanat0s]
* Pimp xneteagle. [Thanat0s]
* Pimp xscontrol. [Thanat0s]
* Update Xagent from aptnote Bitdefender-Whitepaper-APT-Mac-A4-en-EN-web(02-23-2017) [Thanat0s]
* Pimp lecna/Backspace. [Thanat0s]
* Pimp lecna/Backspace. [Thanat0s]
* Pimp RarStone. [Thanat0s]
* Pimp Pirpi. Hard to say:) [Thanat0s]
* Pimp webc2. [Thanat0s]
* Pimp winnti. [Thanat0s]
* Pimp nettraveler. [Thanat0s]
* Cleanup zeus duplicate in alias and name. [Thanat0s]
* Update apt28 tools. [Thanat0s]
* Remove duplicate AlienSpy. [Thanat0s]
* Merge pull request #32 from Th4nat0s/donokilljson. [Alexandre Dulaunoy]
modify validators to check json an format, stop on any error
* Block by default, but usable anyway with param. [Thanat0s]
* Modify validators to check json an format, stop on any error. [Thanat0s]
* Merge pull request #30 from Th4nat0s/gutemberg. [Alexandre Dulaunoy]
Gutemberg work..
* Add info to the famous mimikatz. [Thanat0s]
* Add moudor info. [Thanat0s]
* Add Tinba banking. [Thanat0s]
* Udpate trojan.main. [Thanat0s]
* Update evilgrab. [Thanat0s]
* Remove coreshell duplicate. [Thanat0s]
* Add derusbi. [Thanat0s]
* Merge IEchecker et sasfi. [Thanat0s]
* Go for caro, add hi-zor. [Thanat0s]
* Fix side victims of schemaupdate. [Thanat0s]
* Update 2 array. [Thanat0s]
* Go 4 string. [Thanat0s]
* Follow the format. [Thanat0s]
* Json typo. [Thanat0s]
* Locky removed > ransomware. [Thanat0s]
* Json issue. [Thanat0s]
* Generic plugx names. [Thanat0s]
* Update. [Thanat0s]
* Remove JOYRat -> team -> https://www.crowdstrike.com/blog/whois-numbered-panda/ [Thanat0s]
* Remove Lstudio (group using elise) , add info to PWOBOT. [Thanat0s]
* Remove EK and Ransomwares. [Thanat0s]
* Gutemberg on first 10. [Thanat0s]
* Merge pull request #33 from Th4nat0s/checkdup. [Alexandre Dulaunoy]
Tool to find duplicate
* Add tool to find duplicate. [Thanat0s]
* PupyRAT added. [Alexandre Dulaunoy]
* Strict schema, update clusters accordingly. [Raphaël Vinot]
* Add validator for galaxies. [Raphaël Vinot]
* Fix validation, remove duplicate. [Raphaël Vinot]
* Initial Json schema. [Raphaël Vinot]
* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]
* Merge pull request #29 from Delta-Sierra/master. [Alexandre Dulaunoy]
add Erebus ransomware
* Add Erebus ransomware. [Déborah Servili]
* Merge pull request #28 from Kafeine/master. [Alexandre Dulaunoy]
Added Microsoft Naming
* StreamEX added. [Alexandre Dulaunoy]
* ZeroT added. [Alexandre Dulaunoy]
* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]
* Merge pull request #26 from Delta-Sierra/master. [Alexandre Dulaunoy]
Change author name to 'Various'
* Merge https://github.com/MISP/misp-galaxy. [Déborah Servili]
* Change author name to 'Various' [Déborah Servili]
* Flokibot added. [Alexandre Dulaunoy]
* Merge pull request #25 from Delta-Sierra/master. [Alexandre Dulaunoy]
ransomware galaxy
* Fix galaxy ##comma## [Déborah Servili]
* Ransomware galaxy. [Déborah Servili]
* Merge pull request #24 from Delta-Sierra/master. [Alexandre Dulaunoy]
add ransomware galaxy
* Merge https://github.com/MISP/misp-galaxy. [Déborah Servili]
* Merge pull request #23 from Delta-Sierra/master. [Alexandre Dulaunoy]
improve csv_to_galaxy
* Merge pull request #22 from Delta-Sierra/master. [Alexandre Dulaunoy]
add csv to galaxy converter
* Add ransomware galaxy. [Déborah Servili]
* Improve csv_to_galaxy 2. [Déborah Servili]
* Improve csv_to_galaxy. [Déborah Servili]
* Merge https://github.com/MISP/misp-galaxy. [Déborah Servili]
* Merge pull request #20 from cgi1/master. [Alexandre Dulaunoy]
Adding Zeus to tools
* Adding Zeus to tools. [cgi]
* Greenbug added. [Alexandre Dulaunoy]
* Tavdig was missing. [Alexandre Dulaunoy]
* LuminosityLink RAT added. [Alexandre Dulaunoy]
* EyePyramid added. [Alexandre Dulaunoy]
* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]
* Merge pull request #18 from Delta-Sierra/master. [Alexandre Dulaunoy]
add APT28's tools
* GhostAdmin added. [Alexandre Dulaunoy]
* Add csv to galaxy converter. [Déborah Servili]
* Add APT28's tools. [Déborah Servili]
* Equation Group added. [Alexandre Dulaunoy]
* "the shoemaker's son always goes barefoot" Regin added. [Alexandre Dulaunoy]
* Merge pull request #17 from Delta-Sierra/master. [Alexandre Dulaunoy]
begin preventive-measure galaxy
* Complete preventive-measure. [Déborah Servili]
* Begin preventive-measure galaxy. [Déborah Servili]
* Shamoon added. [Alexandre Dulaunoy]
* Import manually cert-eu contribution. [Alexandre Dulaunoy]
- Fix the meta attributes (like the motive field ) to be within meta and not
outside
- Remove some "null" values that seems to come from previous tests
- Pretty-print the Javascript (better for diffing)
* MM Core added. [Alexandre Dulaunoy]
* Shiz Trojan + Shifu. [Alexandre Dulaunoy]
* GeminiDuke added. [Alexandre Dulaunoy]
* Separate APT30 from Naikon group. [Alexandre Dulaunoy]
* PassCV group added. [Alexandre Dulaunoy]
* Cadelle and Chafer groups added. [Alexandre Dulaunoy]
* Exploit-kit and TDS added. [Alexandre Dulaunoy]
* Merge pull request #15 from Kafeine/master. [Alexandre Dulaunoy]
Exploit Kit and TDS Galaxies
* Empire status, Nebula, Blaze/Terror. [Kafeine]
* +Pangimop, alias Microsoft for magnitude. [Kafeine]
* Fix. [Kafeine]
* +Derbit alias for Sundown. [Kafeine]
* Indent. [Kafeine]
* Added Microsoft Naming. [root]
* TDS Cluster: EOF. [root]
* EK and TDS clusters : several minor fixes. [root]
* EK and TDS clusters : Removed empty entries. [root]
* TDS Cluster: json fix. [root]
* EK Cluster : several fixes. [root]
* EK Cluster typo fix. [root]
* EK Cluster update. [root]
* EK galaxie. [root]
* Mwi added. [root]
* Init. [root]
* Clarification regarding the contribution and the different models. [Alexandre Dulaunoy]
* Various updates including the addition of Chthonic Banking Trojan. [Alexandre Dulaunoy]
* Packrat added. [Alexandre Dulaunoy]
* DownRage added. [Alexandre Dulaunoy]
* Java RAT updated. [Alexandre Dulaunoy]
* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]
* Merge pull request #14 from Delta-Sierra/master. [Alexandre Dulaunoy]
update readme
* Update readme. [Déborah Servili]
* Merge pull request #13 from Delta-Sierra/master. [Alexandre Dulaunoy]
Add microsoft-activity-group cluster
* ##comma## [Déborah Servili]
* Add microsoft-activity-group cluster. [Déborah Servili]
* Seaduke added. [Alexandre Dulaunoy]
* MISP integration added. [Alexandre Dulaunoy]
* MISP galaxy screenshot. [Alexandre Dulaunoy]
* Operation Iron Tiger added as synonym. [Alexandre Dulaunoy]
* Molerats, PROMETHIUM and NEODYMIUM added. [Alexandre Dulaunoy]
* BlackEnergy malware family added. [Alexandre Dulaunoy]
* TeleBots group added. [Alexandre Dulaunoy]
* TERBIUM added. [Alexandre Dulaunoy]
* Mirai and BASHLITE added. [Alexandre Dulaunoy]
* Links fixed. [Alexandre Dulaunoy]
* Added missing file. [Iglocska]
* Threat-actor fixed. [Alexandre Dulaunoy]
* Singular everywhere. [Alexandre Dulaunoy]
* Singular everywhere. [Alexandre Dulaunoy]
* Singular everywhere. [Alexandre Dulaunoy]
* Singular everywhere. [Alexandre Dulaunoy]
* Structure ready for MISP 2.4.56. [Alexandre Dulaunoy]
* Fixed to merge PR #11. [Alexandre Dulaunoy]
* Meta added as required by MISP 2.4.56. [Alexandre Dulaunoy]
* Source added as required by MISP 2.4.56. [Alexandre Dulaunoy]
* Source field added as required to MISP 2.4.56. [Alexandre Dulaunoy]
* Add a source field for the clusters (required for MISP 2.4.56) [Alexandre Dulaunoy]
* Merge pull request #10 from cvandeplas/master. [Alexandre Dulaunoy]
Metushy, Uroburos, Pfinet synonyms added
* Metushy, Uroburos, Pfinet synonyms added. [Christophe Vandeplas]
* Yahoyah added. [Alexandre Dulaunoy]
* Tropic Trooper added. [Alexandre Dulaunoy]
* KeyBoy malware added. [Alexandre Dulaunoy]
* Merge pull request #9 from cvandeplas/master. [Alexandre Dulaunoy]
added Callisto threat actor, and removed duplicates
* Added Callisto. [Christophe Vandeplas]
* Removed duplicates. [Christophe Vandeplas]
* Merge pull request #7 from cvandeplas/master. [Alexandre Dulaunoy]
Added Rocket Kitten
* Added Rocket Kitten. [Christophe Vandeplas]
* Description added for Volatile Cedar. [Alexandre Dulaunoy]
* Explosive malware added. [Alexandre Dulaunoy]
* Volatile Cedar added. [Alexandre Dulaunoy]
* OilRig added. [Alexandre Dulaunoy]
* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Iglocska]
* Empire post-exploitation tool added. [Alexandre Dulaunoy]
* Some small fixes. [Iglocska]
- more uniform pluralisation
- Added display name fields
* Plural it's plural (tm) [Alexandre Dulaunoy]
* README updated to reflect the new structure. [Alexandre Dulaunoy]
* Threat actors simplified (no more groups) it's already in the value field. [Alexandre Dulaunoy]
* Tools added. [Alexandre Dulaunoy]
* Merge pull request #6 from MISP/restructure. [Alexandre Dulaunoy]
Restructure
* Typo fixed. [Alexandre Dulaunoy]
* Typo fixed. [Alexandre Dulaunoy]
* Some small fixes. [Iglocska]
* Some small changes. [Iglocska]
* Moving things around. [Iglocska]
* Merge pull request #5 from cvandeplas/master. [Alexandre Dulaunoy]
adding additional threat-actor-tools
* Minor correction. [Christophe Vandeplas]
* Added additional threat-actor-tools. [Christophe Vandeplas]
* Merged branch master into master. [Christophe Vandeplas]
* Houdini added. [Alexandre Dulaunoy]
* Corrected typo in njRAT synonym. [Christophe Vandeplas]
* Removed empty synonym. [Christophe Vandeplas]
* Odinaff added. [Alexandre Dulaunoy]
* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]
* Merge pull request #4 from cvandeplas/master. [Alexandre Dulaunoy]
additional adversary groups
* Additional adversary groups. [Christophe Vandeplas]
Using as a source https://docs.google.com/spreadsheets/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/edit
* TeamXRat added. [Alexandre Dulaunoy]
* StrongPity added (more refs required) [Alexandre Dulaunoy]
* Libyan Scorpions added. [Alexandre Dulaunoy]
* FIN6 added. [Alexandre Dulaunoy]
* Suckfly added. [Alexandre Dulaunoy]
* GCMAN added. [Alexandre Dulaunoy]
* More synonyms. [Alexandre Dulaunoy]
* TA530 added. [Alexandre Dulaunoy]
* Dust storm added. [Alexandre Dulaunoy]
* More synonyms added. [Alexandre Dulaunoy]
* Lazagne tools added. [Alexandre Dulaunoy]
* Pirpi reference added. [Alexandre Dulaunoy]
* Buckeye added. [Alexandre Dulaunoy]
* Gothic Panda updated. [Alexandre Dulaunoy]
* Sauron versus Project Sauron (Kasperksy used both) [Alexandre Dulaunoy]
* License (PD) added. [Alexandre Dulaunoy]
* Umbreon added. [Alexandre Dulaunoy]
* Turla synonym added. [Alexandre Dulaunoy]
* Ozone RAT added. [Alexandre Dulaunoy]
* Typo fixed. [Alexandre Dulaunoy]
* UUID added. [Alexandre Dulaunoy]
* UUID added. [Alexandre Dulaunoy]
* Mapping triples/machine tags with galaxy, clusters and so on. [Alexandre Dulaunoy]
* Revert "Machine tags/triple tags mapping" [Alexandre Dulaunoy]
This reverts commit 06e2372d6674f86e32c10216fcbf5e4ea3ee03f1.
* Machine tags/triple tags mapping. [Alexandre Dulaunoy]
* Make JSON key values inline with the other elements. [Alexandre Dulaunoy]
* ProjectSauron added. [Alexandre Dulaunoy]
* Badnews added. [Alexandre Dulaunoy]
* Moonsoon added. [Alexandre Dulaunoy]
* NANHAISHU added. [Alexandre Dulaunoy]
* Threat Group-3390 added. [Alexandre Dulaunoy]
* Moafee added. [Alexandre Dulaunoy]
* DragonOK added. [Alexandre Dulaunoy]
* Quedagh added. [Alexandre Dulaunoy]
* Poseidon Group added. [Alexandre Dulaunoy]
* Scarlet Mimic added. [Alexandre Dulaunoy]
* Admin338 updated. [Alexandre Dulaunoy]
* Turla is also known as Waterbug. [Alexandre Dulaunoy]
* Prikormka malware added. [Alexandre Dulaunoy]
* Operation Transparent Tribe added. [Alexandre Dulaunoy]
* Crimson malwre added. [Alexandre Dulaunoy]
* Mad Max malware added. [Alexandre Dulaunoy]
* More references. [Alexandre Dulaunoy]
* Chinastrats added. [Alexandre Dulaunoy]
* HummingBad added. [Alexandre Dulaunoy]
* Pacifier APT added. [Alexandre Dulaunoy]
* More RU tools. [Alexandre Dulaunoy]
* ScarCruft added. [Alexandre Dulaunoy]
* ShimRAT added. [Alexandre Dulaunoy]
* Darkhotel added. [Alexandre Dulaunoy]
* IRONGATE added. [Alexandre Dulaunoy]
* HDRoot added. [Alexandre Dulaunoy]
* WINNTI reference updated. [Alexandre Dulaunoy]
* Typo fixed. [Alexandre Dulaunoy]
* HerHer Trojan and Helminth Backdoor added. [Alexandre Dulaunoy]
* Stealth Falcon added. [Alexandre Dulaunoy]
* Hancitor and Ruckguv added. [Alexandre Dulaunoy]
* Pretty-print of the adversary groups. [Alexandre Dulaunoy]
* Lazarus group (KP) added. [Alexandre Dulaunoy]
* NanoCore RAT added. [Alexandre Dulaunoy]
* Lost Door RAT added. [Alexandre Dulaunoy]
* SPIVY added. [Alexandre Dulaunoy]
* Laziok added. [Alexandre Dulaunoy]
* PWOBot added. [Alexandre Dulaunoy]
* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]
* Add Travis file (validate json files) [Raphaël Vinot]
* Slempo added. [Alexandre Dulaunoy]
* Timo Steffens contributed various refs, tools and actors. [Alexandre Dulaunoy]
* PK actor added Operation C-Major. [Alexandre Dulaunoy]
* Recommendation regarding the pull-request. [Alexandre Dulaunoy]
* Backdoor.Dripion added. [Alexandre Dulaunoy]
* Missing comma. [Christophe Vandeplas]
* APT 4 synonyms added. [Alexandre Dulaunoy]
* Snifula added. [Alexandre Dulaunoy]
* More adversary tools. [Alexandre Dulaunoy]
* More adversary tools added. [Alexandre Dulaunoy]
* New synonyms and potential adversary groups. [Alexandre Dulaunoy]
* More RATs added. [Alexandre Dulaunoy]
* More RATs and description added. [Alexandre Dulaunoy]
* Adversary tools added + some clarification. [Alexandre Dulaunoy]
* Threat-actor tools added. [Alexandre Dulaunoy]
* More adversaries tools. [Alexandre Dulaunoy]
* First version of adversary tools. [Alexandre Dulaunoy]
* Fix #3 - as black energy is sometimes mentioned as group (even if it seems to be more a campaign). [Alexandre Dulaunoy]
* Nitro/CN added. [Alexandre Dulaunoy]
* Codoso/CN added. [Alexandre Dulaunoy]
* More IR. [Alexandre Dulaunoy]
* More IR added. [Alexandre Dulaunoy]
* Additional IR operation added. [Alexandre Dulaunoy]
* SNOWGLOBE added. [Alexandre Dulaunoy]
* New elements added. [Alexandre Dulaunoy]
* Threat-actor-sophistication-vocabulary added. [Alexandre Dulaunoy]
* The ThreatActorSophisticationVocab enumeration is used to define the default STIX vocabulary for expressing the subjective level of sophistication of a threat actor. [Alexandre Dulaunoy]
* Threat actor type added. [Alexandre Dulaunoy]
* Threat actor type vocabulary added. [Alexandre Dulaunoy]
* Foxy Panda added. [Alexandre Dulaunoy]
* Karma panda added. [Alexandre Dulaunoy]
* New actors + refs added. [Alexandre Dulaunoy]
* Planning-and-operational-support-vocabulary added. [Alexandre Dulaunoy]
* The PlanningAndOperationalSupportVocab is the default STIX vocabulary for expressing the planning and operational support functions available to a threat actor. added. [Alexandre Dulaunoy]
* Planning-and-operational-support-vocabulary added. [Alexandre Dulaunoy]
* JSON beautified. [Alexandre Dulaunoy]
* Description added. [Alexandre Dulaunoy]
* More descriptions added. [Alexandre Dulaunoy]
* Typo fixed. [Alexandre Dulaunoy]
* More adversaries... [Alexandre Dulaunoy]
* Thomas added. [Alexandre Dulaunoy]
* More groups. [Alexandre Dulaunoy]
* Synonyms updates. [Alexandre Dulaunoy]
* RU and CN updates. [Alexandre Dulaunoy]
* More actors CN,TN and RU + synonyms. [Alexandre Dulaunoy]
* CN group updated. [Alexandre Dulaunoy]
* IR group added. [Alexandre Dulaunoy]
* RU synonym of TeamSpy. [Alexandre Dulaunoy]
* AE group added. [Alexandre Dulaunoy]
* CN synonyms added + IR group. [Alexandre Dulaunoy]
* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]
* Merge pull request #1 from rotanid/patch-1. [Andras Iklody]
fix small grammatical errors in README.md
* Fix small grammatical errors in README.md. [Andreas Ziegler]
* Certainty level added. [Alexandre Dulaunoy]
* Certainty-level added. [Alexandre Dulaunoy]
* Certainty level of an associated element or cluster added. [Alexandre Dulaunoy]
* Adversary groups added. [Alexandre Dulaunoy]
* APT groups renamed to adversary groups. [Alexandre Dulaunoy]
* Deleted old APT groups. [Alexandre Dulaunoy]
* Adversary groups instead of APT. [Alexandre Dulaunoy]
* Adversary groups instead of APT. [Alexandre Dulaunoy]
* Motivation vocabulary added. [Alexandre Dulaunoy]
* Motivation vocabulary added. [Alexandre Dulaunoy]
* The MotivationVocab is the default STIX vocabulary for expressing the motivation of a threat actor. [Alexandre Dulaunoy]
* More CN-based groups. [Alexandre Dulaunoy]
* More CN-based groups. [Alexandre Dulaunoy]
* Some more CN actors. [Alexandre Dulaunoy]
* More CN groups. [Alexandre Dulaunoy]
* MISP distribution to be applied on cluster objects. [Alexandre Dulaunoy]
* First explanation. [Alexandre Dulaunoy]
* Some more CN groups. [Alexandre Dulaunoy]
* More CN groups. [Alexandre Dulaunoy]
* Groups array updated. [Alexandre Dulaunoy]
* Description added + stix version reference. [Alexandre Dulaunoy]
* More groups from RU. [Alexandre Dulaunoy]
* Example of galaxy including a cluster which is default type where you can add as much element as you want. [Alexandre Dulaunoy]
The elements are the default values known by MISP but a local
instance can add more or overwrite some elements.