Skip to content

MISP galaxy v2.4.142 released (to be inline with MISP release)

Latest
Compare
Choose a tag to compare
@adulau adulau released this 26 Apr 10:23
· 1807 commits to main since this release
v2.4.142
ef9989d

v2.4.142 (2021-04-26)

New

  • [att&ck] support for subtechniques. [Christophe Vandeplas]

  • [dev] fix empty strings, lists. [VVX7]

  • [dev] add ASPI's China Defence University Tracker. [VVX7]

    Thanks to Cormac Doherty for writing the web scraper! To update the galaxy run the included gen_defence_university.py script.

    "The China Defence Universities Tracker is a database of Chinese institutions engaged in military or security-related science and technology research. It was created by ASPI’s International Cyber Policy Centre.

    It includes entries on nearly 100 civilian universities, 50 People’s Liberation Army institutions, China’s nuclear weapons program, three Ministry of State Security institutions, four Ministry of Public Security universities, and 12 state-owned defence industry conglomerates.

    The Tracker is a tool to inform universities, governments and scholars as they engage with the entities from the People’s Republic of China. It aims to build understanding of the expansion of military-civil fusion—the Chinese government’s policy of integrating military and civilian efforts—into the education sector.

    The Tracker should be used to inform due diligence of Chinese institutions. However, the fact that an institution is not included here does not indicate that it should not raise risks or is not involved in defence research. Similarly, entries in the database may not reflect the full range and nature of an institution’s defence and security links." - ASPI (https://unitracker.aspi.org.au/about/)

  • Added Bhadra framework for mobile attacks. [iglocska]

  • [country] galaxy added. [iglocska]

  • [galaxy] AMITT (Adversarial Misinformation and Influence Tactics and Techniques) framework for describing disinformation incidents. AMITT is part of misinfosec - work on adapting information security practices to help track and counter misinformation - and is designed as far as possible to fit existing infosec practices and tools. [VVX7]

  • Added draft of the election guildelines galaxy. [mokaddem]

  • Add entries from Bambenek Consulting. [Raphaël Vinot]

Changes

  • [ransomware] duplicate removed. [Alexandre Dulaunoy]

  • [ransomware] duplicate removed. [Alexandre Dulaunoy]

  • [ransomware] duplicates removed. [Alexandre Dulaunoy]

  • [ransomware] Flyper removed. [Alexandre Dulaunoy]

  • [ransomware] first duplicate removed. [Alexandre Dulaunoy]

  • [ransomware] remove duplicate "File-Locker" [Alexandre Dulaunoy]

  • [malpedia] jq all the file and removed ref duplicates. [Alexandre Dulaunoy]

  • [clusters] fixing broken UUID fix #628. [Alexandre Dulaunoy]

  • [ransomware] fix the broken UUID fix #628. [Alexandre Dulaunoy]

  • [microsoft activity group] HAFNIUM added. [Alexandre Dulaunoy]

  • [tool] SUNSPOT added. [Alexandre Dulaunoy]

  • [rsit] rsit as galaxy name. [Alexandre Dulaunoy]

  • [threat-actor] UNC2452/DarkHalo added - ref. #614. [Alexandre Dulaunoy]

  • [ransomware] Babuk Ransomware added. [Alexandre Dulaunoy]

  • [ransomware] RegretLocker added. [Alexandre Dulaunoy]

  • Fix gh actions. [Raphaël Vinot]

  • Add PR to GH actions. [Raphaël Vinot]

  • [doc] Travis is dead, GH Action is alive. [Alexandre Dulaunoy]

  • [att&ck] update to latest MITRE ATT&CK version. [Christophe Vandeplas]

  • [cryptominer] updated. [Alexandre Dulaunoy]

  • [rename] tea matrix. [Alexandre Dulaunoy]

  • [tea] matrix updated to include brewing time and the milk attack technique. [Alexandre Dulaunoy]

  • [tea] first version. [Alexandre Dulaunoy]

  • [att&ck] no tag for subtechnique. [Christophe Vandeplas]

  • [botnet] Katura mess added. [Alexandre Dulaunoy]

  • [galaxy] fix the name to China Defence Universities Tracker. [Alexandre Dulaunoy]

  • [dev] jq. [VVX7]

  • [dev] gen_defence_university.py no longer outputs empty strings, lists. [VVX7]

  • [threat-actor] remove duplicate references. [Alexandre Dulaunoy]

  • [threat-actor] fix #561 by using new meta to classify as a campaign only. [Alexandre Dulaunoy]

    Based on #469

    There is an old and persistence issue in attribution world and basically no-one really agrees on this. So we decided to start a specific metadata threat-actor-classification on the threat-actor to define the various types per cluster entry:

    • operation:
      • A military operation is the coordinated military actions of a state, or a non-state actor, in response to a developing situation. These actions are designed as a military plan to resolve the situation in the state or actor's favor. Operations may be of a combat or non-combat nature and may be referred to by a code name for the purpose of national security. Military operations are often known for their more generally accepted common usage names than their actual operational objectives. from Wikipedia
      • In the context of MISP threat-actor name, it's a single specific operation.
    • campaign:
      • The term military campaign applies to large scale, long duration, significant military strategy plans incorporating a series of inter-related military operations or battles forming a distinct part of a larger conflict often called a war. The term derives from the plain of Campania, a place of annual wartime operations by the armies of the Roman Republic. from Wikipedia
      • In the context of MISP threat-actor-name, it's long-term activity which might be composed of one or more operations.
    • threat-actor
      • In the context of MISP threat-actor-name, it's an agreed name by a set of organisations.
    • activity group
      • In the context of MISP threat-actor-name, it's a group defined by its set of common techniques or activities.
    • unknown
      • In the context of MISP threat-actor-name, it's still not clear if it's an operation, campaign, threat-actor or activity group

    The meta field is an array to allow specific cluster of threat-actor to show the current disagreement between different organisations about the type (threat actor, activity group, campaign and operation).

  • Bump travis. [Raphaël Vinot]

  • [jq] all the things. [Alexandre Dulaunoy]

  • [preventive-measure] packet filtering added. [Alexandre Dulaunoy]

  • [threat-actor] remove the non-unique elements. [Alexandre Dulaunoy]

  • [ta] fix the JSON. [Alexandre Dulaunoy]

  • [jq] JSON fixed. [Alexandre Dulaunoy]

  • [json] add missing comma. [Alexandre Dulaunoy]

  • [country] jq all. [Alexandre Dulaunoy]

  • [malpedia] fixes. [Alexandre Dulaunoy]

  • [threat-actor] JSON fixed. [Alexandre Dulaunoy]

  • [travis] pip3. [Alexandre Dulaunoy]

  • [ransomware] Nodera ransomware added. [Alexandre Dulaunoy]

  • [threat-actor] typo fixed. [Alexandre Dulaunoy]

  • [threat-actor] format fixed. [Alexandre Dulaunoy]

  • [threat-actor] fix order. [Alexandre Dulaunoy]

  • [threat-actor] Budminer APT added based on document from "Soesanto, Stefan" [Alexandre Dulaunoy]

  • [threat-actor] SideWinder APT group added. [Alexandre Dulaunoy]

  • [threat-actor] jq. [Alexandre Dulaunoy]

  • [dark-pattern] namespace: misp. [Jean-Louis Huynen]

  • [ransomware] jq ;-) [Alexandre Dulaunoy]

  • [clean-up] jq all the things. [Alexandre Dulaunoy]

  • [threat-actor] Lucky Mouse synonym added. [Alexandre Dulaunoy]

  • [threat-actor] Calypso group added. [Alexandre Dulaunoy]

    Ref: https://www.ptsecurity.com/upload/corporate/ru-ru/analytics/calypso-apt-2019-rus.pdf
    MISP UUID: 5ca4718b-7f38-4822-83b7-0a1a0a00b412

  • [threat-actor] threat-actor-classification updated. [Alexandre Dulaunoy]

  • [threat-actor] jq is jq. [Alexandre Dulaunoy]

  • [threat-actor] Operation WizardOpium added. [Alexandre Dulaunoy]

    ref: https://securelist.com/chrome-0-day-exploit-cve-2019-13720-used-in-operation-wizardopium/94866/

  • [attack] update to latest ATT&CK data. [Christophe Vandeplas]

  • [attck4fraud] jq all the things. [Alexandre Dulaunoy]

  • [attck4fraud] updates based on issue #466. [Alexandre Dulaunoy]

  • [galaxy] added AMITT galaxy/cluster generator script. [VVX7]

  • [galaxy] version number to int. [VVX7]

  • [misp-galaxy] jq all the things. [Alexandre Dulaunoy]

  • [tool] COMPfun - Reductor added. [Alexandre Dulaunoy]

  • [threat-actor] new LookBack (Malware?Campaign?TA?) [Alexandre Dulaunoy]

  • [threat-actor] Evil Eye and POISON CARP. [Alexandre Dulaunoy]

  • [threat-actor] add machete-apt synonyms as reported in #445. [Alexandre Dulaunoy]

  • [threat-actor] jq all. [Alexandre Dulaunoy]

  • [threat-actor] LYCEUM added - 443 #fixed. [Alexandre Dulaunoy]

  • [threat-actor] rollback as discussed by chat with Andras until version 2.0. [Alexandre Dulaunoy]

  • [att&ck] July ATT&CK release included in MISP galaxy. [Alexandre Dulaunoy]

  • [threat-actor] version updated. [Alexandre Dulaunoy]

  • [threat-actor] duplicated refs removed. [Alexandre Dulaunoy]

  • [threat-actor] synonyms fixed. [Alexandre Dulaunoy]

  • [threat-actor] jq everything. [Alexandre Dulaunoy]

  • [branded_vulnerability] version updated. [Alexandre Dulaunoy]

  • Add PyMISPGalaxies test. [Raphaël Vinot]

  • [attack-pattern] Sync kill-chain with data from MITRE. [mokaddem]

  • [o365-exchange-techniques] Actions on Intent added (finalized) [Alexandre Dulaunoy]

  • [o365-exchange-techniques] Expansion added (WiP) [Alexandre Dulaunoy]

  • [o365-exchange-techniques] Persistence kill-chain added (WiP) [Alexandre Dulaunoy]

  • [o365-exchange-techniques] Compromise row added (WiP) [Alexandre Dulaunoy]

  • [o365-exchange-techniques] [WiP] based on John Lambert matrix techniques. [Alexandre Dulaunoy]

  • [malpedia] duplicates fixed. [Alexandre Dulaunoy]

  • [malpedia] jq all the things. [Alexandre Dulaunoy]

  • [malpedia] updated to the latest version. [Rintaro KOIKE]

  • [threat-actor] FIN4 updates. [Alexandre Dulaunoy]

  • [ATT&CK] updated to the latest version. [Alexandre Dulaunoy]

  • [exploit-kit] jq all the things. [Alexandre Dulaunoy]

  • [tool] Cowboy and KimJongRAT (Sorry Paul, we forgot ;-) [Alexandre Dulaunoy]

    ref: https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/

  • [tool] jq all the things. [Alexandre Dulaunoy]

  • [tool] Karkoff tool added. [Alexandre Dulaunoy]

  • [ransomware] various fixes. [Alexandre Dulaunoy]

  • [ransomware] jq all the things(tm) [Alexandre Dulaunoy]

  • [ransomware] fix the meta to payment-method. [Alexandre Dulaunoy]

  • [mitre att&ck] updated with new version. [Alexandre Dulaunoy]

  • [threat-actor] change attribution confidence to be a string by default. [Alexandre Dulaunoy]

  • [tools] fix the attribution confidence level. [Alexandre Dulaunoy]

  • [attck4fraud] updated. [Alexandre Dulaunoy]

  • [attck4fraud] completed. [Alexandre Dulaunoy]

  • [attck4fraud] Assets Transfer added. [Alexandre Dulaunoy]

  • [attck4fraud] Obtain Fraudulent Assets added. [Alexandre Dulaunoy]

  • [attck4fraud] Perform fraud added. [Alexandre Dulaunoy]

  • [attck4fraud] Target compromise updated. [Alexandre Dulaunoy]

  • [attck4fraud] more techniques. [Alexandre Dulaunoy]

  • [threat-actor] BRONZE UNION is also uppercase. [Alexandre Dulaunoy]

  • [threat-actor] updated the version to avoid the past issue with 0 value for integer values. [Alexandre Dulaunoy]

  • [sector] typo fixed - reported in #364. [Alexandre Dulaunoy]

  • [attck4fraud] fix the type issue. [Alexandre Dulaunoy]

  • [attck4fraud] uuid fixed. [Alexandre Dulaunoy]

  • [attck4fraud] ATM Shimming added. [Alexandre Dulaunoy]

  • [attck4fraud] description fixed for FT1003. [Alexandre Dulaunoy]

  • [threat-actor] SandCat added. [Alexandre Dulaunoy]

  • [threat-actor] new attribution-confidence level introduced. [Alexandre Dulaunoy]

  • [threat-actor] jq all the things. [Alexandre Dulaunoy]

  • [threat-actor] IRIDIUM added. [Alexandre Dulaunoy]

  • [tools] jq all the things. [Alexandre Dulaunoy]

  • [tool] SLUB Backdoor added. [Alexandre Dulaunoy]

  • [tool] Xbash description updated. [Alexandre Dulaunoy]

  • [threat-actor] format fixed. [Alexandre Dulaunoy]

  • [threat-actor] jq all the things late in the night. [Alexandre Dulaunoy]

  • [threat-actor] uuid fixed. [Alexandre Dulaunoy]

  • [tool] BabyShark added. [Alexandre Dulaunoy]

  • [threat-actor] STOLEN PENCIL added. [Alexandre Dulaunoy]

  • [cert-eu-govsector] version fixed. [Alexandre Dulaunoy]

  • [threat-actor] version fixed. [Alexandre Dulaunoy]

  • [ransomware] no related object in meta. [Alexandre Dulaunoy]

  • [mitre-attack-pattern] jq. [Alexandre Dulaunoy]

  • [mitre-attack-pattern] bumped version number. [mokaddem]

  • [mitre-attack-pattern] Added kill_chain_order. [mokaddem]

  • [election-guidelines] sorting is important ;-) [Alexandre Dulaunoy]

  • [schema] optional kill_chain_order field added. [Alexandre Dulaunoy]

  • [election-guidelines] jq. [Alexandre Dulaunoy]

  • [mitre] Deprecated pre/enterprise/mobile separate galaxies. [Christophe Vandeplas]

  • [tool] jq jq jq jq jq jq jq jq. [Alexandre Dulaunoy]

  • [doc] new year copyright fun. [Alexandre Dulaunoy]

  • [mitre] bump to latest MITRE ATT&CK dataset. [Christophe Vandeplas]

  • [mitre] re-generated galaxies and values using the MITRE sources. [Christophe Vandeplas]

    and also using the MISP version to keep manually created relationships and such

  • [malpedia] updated to the latest version. [Alexandre Dulaunoy]

  • [licensing] 2-clause BSD added in addition to CC0. [Alexandre Dulaunoy]

    To remove ambiguity of licensing and allowing users to select
    the license they would like to use CC0 or 2-clause BSD.

    Related to: MISP/misp-taxonomies#126

  • [doc] move how to contribute to the CONTRIBUTE file. [Alexandre Dulaunoy]

  • [doc] Added some dependency pointers. [Steve Clement]

  • Uuid fixed. [Alexandre Dulaunoy]

  • [threat-actor] INDRIK SPIDER added. [Alexandre Dulaunoy]

  • [ransomware] duplicate removed. [Alexandre Dulaunoy]

  • Further categorization of galaxies. [Christophe Vandeplas]

  • Categorization of galaxies. [Christophe Vandeplas]

    This allows relationships to be created.

  • Removal of older unused relationships. [Christophe Vandeplas]

  • MITRE relationships included in the respective cluster. [Christophe Vandeplas]

  • Mappings are now in the generated adoc. [Christophe Vandeplas]

    plus massive performance improvement

  • Magical mapping with malpedia. [Christophe Vandeplas]

  • [malpedia] duplicate urls removed. [Alexandre Dulaunoy]

  • [tool] NOKKI added. [Alexandre Dulaunoy]

    ref: https://researchcenter.paloaltonetworks.com/2018/09/unit42-new-konni-malware-attacking-eurasia-southeast-asia/

  • [botnet] Torii added. [Alexandre Dulaunoy]

  • [threat-actor] Iron Group added. [Alexandre Dulaunoy]

    ref: https://www.intezer.com/iron-cybercrime-group-under-the-scope-2/

  • [tool] Xbash added. [Alexandre Dulaunoy]

    ref: https://researchcenter.paloaltonetworks.com/2018/09/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows/

  • [tool] biscuit biscvt tool BISKVIT. [Alexandre Dulaunoy]

    ref: https://www.fortinet.com/blog/threat-research/russian-army-exhibition-decoy-leads-to-new-biskvit-malware.html

  • [threat-actor] APT-C-35 actor added. [Alexandre Dulaunoy]

    ref: https://ti.360.net/blog/articles/latest-activity-of-apt-c-35/

  • [mapping] Generated automatic mapping between clusters. [Christophe Vandeplas]

  • [tool] KEYMARBLE malware added. [Alexandre Dulaunoy]

    ref: https://www.us-cert.gov/ncas/analysis-reports/AR18-221A

  • [threat-actor] jq document. [Alexandre Dulaunoy]

  • [schema clusters] fix the JSON indentation. [Alexandre Dulaunoy]

  • [threat-actor] The Gordon Group added. [Alexandre Dulaunoy]

    ref: https://researchcenter.paloaltonetworks.com/2018/08/unit42-gorgon-group-slithering-nation-state-cybercrime/

  • [rat] Hallaj PRO Rat added. [Alexandre Dulaunoy]

    ref: https://securelist.com/attacks-on-industrial-enterprises-using-rms-and-teamviewer/87104/
    misp-event: 5b63f5e4-bf24-4f46-8340-48fc02de0b81

  • [threat-actor] leafminer - RASPITE added. [Alexandre Dulaunoy]

  • [tool] added based on Carbanak tooling description from Crowdstrike. [Alexandre Dulaunoy]

    ref: https://www.crowdstrike.com/blog/arrests-put-new-focus-on-carbon-spider-adversary-group/

  • [threat-actor] new reference to CARBON SPIDER/Carbanak. [Alexandre Dulaunoy]

  • [tool] Bisonal malware added (new variant with encryption capabilities) [Alexandre Dulaunoy]

  • [threat-actor] The Big Bang campaign/group added. [Alexandre Dulaunoy]

  • [botnet] Xor DDoS added. [Alexandre Dulaunoy]

  • RANCOR group added. [Alexandre Dulaunoy]

  • Stalker Panda description added. [Alexandre Dulaunoy]

  • Old MITRE ATT&CK (2017) is moving to deprecated namespace. [Alexandre Dulaunoy]

  • Namespace mitre-attack added for version 2 of the MITRE ATT&CK after 2018. [Alexandre Dulaunoy]

  • [misp-galaxy] namespace misp added. [Alexandre Dulaunoy]

Fix

  • Cryptominers type. [Jakub Onderka]

  • Rename "Innitial Access" to "Initial Access" [Thijsvanede]

    Renamed mitre-ics-tactics "Innitial Access" to "Initial Access".
    Original was a minor spelling mistake.
    The fixed naming corresponds to the original ATT&CK framework description https://collaborate.mitre.org/attackics/index.php/Initial_Access

  • Reorganize GH actions. [Raphaël Vinot]

  • Sort keys, fix tests. [Raphaël Vinot]

  • Remove comma. [Thomas Dupuy]

  • Name of SoD Matrix cluster to match galaxy. [Raphaël Vinot]

    Fix #566

  • Small fixes to the bhadra framework. [iglocska]

  • JQ all the things. [Raphaël Vinot]

  • [attack] fixes old MITRE relationships not being removed. [Christophe Vandeplas]

  • [adoc] ignore deprecated galaxies. [Christophe Vandeplas]

  • [region] inconsistent type. [Christophe Vandeplas]

  • [misinfosec] fixes inconsistent filename. [Christophe Vandeplas]

  • [misinfosec] fixed kill_chain fields. [mokaddem]

  • Make tests happy. [Raphaël Vinot]

  • O365-exchange-techniques (duplicate values, duplicate UUIDs) [Raphaël Vinot]

  • UUID issues. [Raphaël Vinot]

  • Duplicate values, typos. [Raphaël Vinot]

  • Make validate all happy. [Raphaël Vinot]

  • Wrong (duplicate) value. [Raphaël Vinot]

  • [tool] MITRE conversion script. [Christophe Vandeplas]

  • [ransomware] more duplicates removed. [Alexandre Dulaunoy]

  • [ransomware] removed duplicate values. [Alexandre Dulaunoy]

  • [ransomware] duplicate removed. [Alexandre Dulaunoy]

  • [graph.py] small fix to make it work. [Alexandre Dulaunoy]

  • [malpedia] version. [Alexandre Dulaunoy]

  • [malpedia] broken reference has been fixed. [Alexandre Dulaunoy]

  • Add missing relations from commit 78c1f07. [Christophe Vandeplas]

  • Add missing relations from commit b857be9. [Christophe Vandeplas]

  • Add missing relations from commit a81bbe2. [Christophe Vandeplas]

  • Add missing relations from commit 29beb01. [Christophe Vandeplas]

  • Intrusion is an actor and not a tool. [Christophe Vandeplas]

  • Jq all the things. [Christophe Vandeplas]

  • Minor newline difference after jq_all_the. [Christophe Vandeplas]

  • Automatically fix missing uuids. [Christophe Vandeplas]

  • Array in synonyms (MISP accepts it but not the schema ;-) [Alexandre Dulaunoy]

  • [threat-actor] added missing uuids. [Christophe Vandeplas]

  • [threat-actor] related is an array of JSON objects. [Alexandre Dulaunoy]

  • [JSON schema] related element is an array of JSON objects. [Alexandre Dulaunoy]

  • Jq all the things(tm) [Alexandre Dulaunoy]

  • [threat-actor] synonyms are always arraus. [Alexandre Dulaunoy]

  • Cleanup the link generation based on type instead of title (Thanks to Juan Rocha for the report) [Alexandre Dulaunoy]

  • Duplicate ELECTRUM entry. [Raphaël Vinot]

    Fix #212

  • Duplicate UUID in tools. [Raphaël Vinot]

  • JSON format. [Alexandre Dulaunoy]

  • PureMasuta added to Masuta. [Alexandre Dulaunoy]

  • Typo in meta field. [Alexandre Dulaunoy]

  • Updated description to clearly states that only branded vulnerabilities. [Alexandre Dulaunoy]

  • Dedication page (CEF) and update overall structure of the document generated. [Alexandre Dulaunoy]

  • BARIUM and LEAD added. [Alexandre Dulaunoy]

  • Preventive measures added. [Alexandre Dulaunoy]

  • Naming normalisation. [Iglocska]

Other

  • Merge pull request #647 from Delta-Sierra/master. [Alexandre Dulaunoy]

    Remove duplicate

  • Fix duplicates and add relations. [Delta-Sierra]

  • Merge https://github.com/MISP/misp-galaxy. [Delta-Sierra]

  • Merge pull request #645 from Delta-Sierra/master. [Alexandre Dulaunoy]

    Adding ransomware names [WIP 2/3]

  • Merge pull request #644 from danielplohmann/patch-7. [Alexandre Dulaunoy]

    adding Yanbian Gang as threat actor

  • Adding Yanbian Gang as threat actor. [Daniel Plohmann]

  • Merge pull request #643 from Delta-Sierra/master. [Alexandre Dulaunoy]

    Adding ransomware names[WIP]

  • Removing duplicate. [Delta-Sierra]

  • Removing unexpected line. [Delta-Sierra]

  • Adding ransomware names [WIP 3] [Delta-Sierra]

  • Adding ransomware names [WIP 2] [Delta-Sierra]

  • Fix version. [Delta-Sierra]

  • Adding ransomwares WIP. [Delta-Sierra]

  • Merge pull request #642 from danielplohmann/patch-6. [Alexandre Dulaunoy]

    Symantec uses Palmerworm as alias for BlackTech

  • Symantec uses Palmerworm as alias for BlackTech. [Daniel Plohmann]

    Adding Palmerworm as Symantec alias for BlackTech (with reference).

  • Merge pull request #641 from nyx0/main. [Alexandre Dulaunoy]

    Add Ghostwriter.

  • Add Ghostwriter. [Thomas Dupuy]

  • Merge pull request #639 from r0ny123/patch-1. [Alexandre Dulaunoy]

    remove turbine panda synonyms from hafnium

  • Reverted changes made into 52ae977. [Rony]

  • Merge pull request #638 from sebdraven/main. [Alexandre Dulaunoy]

    add Turbinia Panda to Haffnium

  • Validation jsons. [sebdraven]

  • Update threat-actor.json. [Sebdraven]

    add a synonym to Haffnium

  • Merge pull request #637 from sebdraven/main. [Alexandre Dulaunoy]

    Add RedEcho Threat Actor

  • Validation ok. [sebdraven]

  • Update threat-actor.json. [Sebdraven]

    format json

  • Update threat-actor.json. [Sebdraven]

    add redecho threat actor

  • Merge pull request #2 from MISP/main. [sebdraven]

    Sync Forks

  • Merge pull request #636 from JakubOnderka/cryptominers-type. [Alexandre Dulaunoy]

    fix: Cryptominers type

  • Merge branch 'marjatech-main' into main. [Alexandre Dulaunoy]

  • Update to latest Ref: https://malpedia.caad.fkie.fraunhofer.de/api/get/misp. [Jakob M]

  • Merge pull request #634 from Delta-Sierra/master. [Alexandre Dulaunoy]

    Serveral updates and additions

  • Fix progress. [Delta-Sierra]

  • Fix merge & jq. [Delta-Sierra]

  • Merge. [Delta-Sierra]

  • Merge pull request #633 from r0ny123/patch-1. [Alexandre Dulaunoy]

    add more HAFNIUM references

  • From Nextron. [Rony]

  • More! [Rony]

  • More references. [Rony]

    From
    Crowdstrike
    MSRC
    and kql hunting query from James Quinn

  • Add HAFNIUM detection refs. [Rony]

  • Fix. [Rony]

  • Add more HAFNIUM references. [Rony]

  • Merge pull request #632 from r0ny123/patch-1. [Alexandre Dulaunoy]

    Adding alias NOBELIUM

  • Adding alias NOBELIUM. [Rony]

  • Merge pull request #631 from r0ny123/Enhancement. [Alexandre Dulaunoy]

    Add HAFNIUM

  • Added HAFNIUM. [Rony]

    Updates:
    Tonto Team
    UNC2452

  • Add relationships between Maze, Rgnar, Egregor and Sekhmet. [Delta-Sierra]

  • Add Sekhmet ransomware. [Delta-Sierra]

  • Add TeamTNT ref. [Delta-Sierra]

  • Add Ragnar Locker and update accordingly. [Delta-Sierra]

  • Add Covidloc and tycoon ransomware + small updates on some ransomwares. [Delta-Sierra]

  • Add TeamTNT. [Delta-Sierra]

  • Merge https://github.com/MISP/misp-galaxy. [Delta-Sierra]

  • Fix merge. [Delta-Sierra]

  • Update sidewinder threat actor. [Delta-Sierra]

  • Merge pull request #1 from MISP/main. [sebdraven]

    merge

  • Merge pull request #630 from sebdraven/main. [Alexandre Dulaunoy]

    Update threat-actor.json

  • Update threat-actor.json. [Sebdraven]

    update Sidewinder card

  • Merge pull request #629 from nyx0/main. [Alexandre Dulaunoy]

    Update Infy TA.

  • Update Infy TA. [Thomas Dupuy]

  • Merge branch 'main' of github.com:MISP/misp-galaxy into main. [Alexandre Dulaunoy]

  • Merge pull request #627 from r0ny123/patch-2. [Alexandre Dulaunoy]

    removing DePrimon

  • Removing DePrimon. [Rony]

    DePrimon is not a TA, added malfamily (waiting for approval) to Malpedia to better reflect that.

  • Merge pull request #626 from nyx0/main. [Alexandre Dulaunoy]

    Add RDAT backdoor

  • Add RDAT backdoor. [Thomas Dupuy]

  • Merge pull request #625 from Thijsvanede/patch-1. [Alexandre Dulaunoy]

  • Merge pull request #624 from nyx0/main. [Alexandre Dulaunoy]

    Add Exaramel and P.A.S. webshell tool.

  • Remove empty values. [Thomas Dupuy]

  • Add Exaramel and P.A.S. webshell tool. [Thomas Dupuy]

  • Merge pull request #623 from nyx0/main. [Alexandre Dulaunoy]

    Add Caterpillar WebShell.

  • Add Caterpillar WebShell. [Thomas Dupuy]

  • Merge branch 'main' of github.com:MISP/misp-galaxy into main. [Alexandre Dulaunoy]

  • Merge pull request #622 from danielplohmann/patch-5. [Alexandre Dulaunoy]

    adding ClearSky alias for Volatile Cedar

  • Adding ClearSky alias for Volatile Cedar. [Daniel Plohmann]

    adding ClearSky report as source and alias to the VolatileCedar entry. As proof from the report: "We attributed the operation to Lebanese Cedar (also known as Volatile Cedar), mainly based on the code overlaps between the 2015 variants of Explosive RAT and Caterpillar WebShell, to the 2020 variants of these malicious files."

  • Merge pull request #621 from cudeso/main. [Alexandre Dulaunoy]

    RSIT Galaxy/Cluster

  • Move cfr-type-of-incident to meta. [Koen Van Impe]

  • RSIT Galaxy/Cluster. [Koen Van Impe]

  • Merge pull request #620 from StefanKelm/main. [Alexandre Dulaunoy]

    Update threat-actor.json

  • Update threat-actor.json. [StefanKelm]

    Lazarus

  • Merge pull request #619 from nyx0/main. [Alexandre Dulaunoy]

    Update tool cluster

  • Add HyperBro in tools. [Thomas Dupuy]

  • Update ZxShell tool. [Thomas Dupuy]

  • Merge pull request #618 from StefanKelm/main. [Alexandre Dulaunoy]

    Update threat-actor.json

  • Update threat-actor.json. [StefanKelm]

    Lazarus

  • Merge pull request #617 from danielplohmann/patch-4. [Alexandre Dulaunoy]

    merge COVELLITE into Lazarus Group

  • Merge COVELLITE into Lazarus Group. [Daniel Plohmann]

    I would propose to move COVELLITE as tracked by Dragos as an alias into Lazarus Group and merge the references.
    Dragos' own description states that it refers to the same group as "Lazarus" and "Hidden Cobra" in that infrastructure and tools are the same: https://www.dragos.com/threat-activity-groups/ - the entry in MISP's threat actor library also reflects that.

  • Merge pull request #616 from r0ny123/patch-2. [Alexandre Dulaunoy]

    removing Starcruft

  • Update threat-actor.json. [Rony]

    Don't know how StarCraft

  • Merge pull request #615 from danielplohmann/patch-3. [Alexandre Dulaunoy]

    merging ScarCruft->APT37

  • Merging ScarCruft->APT37. [Daniel Plohmann]

    I would like to propose merging entry "ScarCruft" into "APT37". It really just seems like a redundancy, as both its aliases "Operation Daybreak" and "Operation Erebus" are already present for "APT37", along alias "StarCruft", which just seems to be a less popular variation of the name ("StarCruft" 3.2k google hits vs "ScarCruft" 31.5k google hits). The references of the entry can be fully merged as well - they do not overlap so far.

  • Merge pull request #612 from r0ny123/patch-1. [Alexandre Dulaunoy]

    BISMUTH

  • Update threat-actor.json. [Rony]

  • BISMUTH. [Rony]

  • Merge pull request #609 from StefanKelm/master. [Alexandre Dulaunoy]

    Update threat-actor.json

  • Update threat-actor.json. [StefanKelm]

    DeathStalker, Mabna

  • Merge pull request #610 from Delta-Sierra/master. [Alexandre Dulaunoy]

    Add new clusters

  • Add BazarBackdoor. [Delta-Sierra]

  • Add RansomEXX. [Delta-Sierra]

  • Merge https://github.com/MISP/misp-galaxy. [Delta-Sierra]

  • Merge pull request #608 from StefanKelm/master. [Alexandre Dulaunoy]

    Update threat-actor.json

  • Update threat-actor.json. [StefanKelm]

    Turla

  • Merge pull request #607 from StefanKelm/master. [Alexandre Dulaunoy]

    Update threat-actor.json

  • Update threat-actor.json. [StefanKelm]

    OceanLotus

  • Merge branch 'main' of github.com:MISP/misp-galaxy into main. [Alexandre Dulaunoy]

  • Merge pull request #606 from StefanKelm/master. [Alexandre Dulaunoy]

    Update threat-actor.json

  • Update threat-actor.json. [StefanKelm]

    APT27

  • Merge https://github.com/MISP/misp-galaxy. [Delta-Sierra]

  • Merge pull request #604 from StefanKelm/master. [Alexandre Dulaunoy]

    Update threat-actor.json

  • Update threat-actor.json. [StefanKelm]

  • Merge pull request #603 from StefanKelm/master. [Alexandre Dulaunoy]

    Update threat-actor.json

  • Update threat-actor.json. [StefanKelm]

    Lazarus

  • Add Darkside ransomware. [Delta-Sierra]

  • Merge pull request #602 from snurilov/patch-1. [Alexandre Dulaunoy]

    Add ConfuserEx and Beds Protector .NET packers to tools.json cluster

  • Add ConfuserEx and Beds Protector .NET packers to tools.json cluster. [snurilov]

    Add ConfuserEx and Beds Protector .NET packers to tools.json cluster

  • Merge pull request #601 from snurilov/patch-1. [Alexandre Dulaunoy]

    Update rat.json to include Iperius Remote

  • Update rat.json to include Iperius Remote. [snurilov]

    Add Iperius Remote to the rat.json cluster.

  • Merge pull request #600 from StefanKelm/master. [Christophe Vandeplas]

    Update threat-actor.json

  • Update threat-actor.json. [StefanKelm]

    OceanLotus

  • Merge pull request #598 from StefanKelm/master. [Alexandre Dulaunoy]

    Update threat-actor.json

  • Update threat-actor.json. [StefanKelm]

    Kimsuky

  • Merge pull request #596 from r0ny123/patch-1. [Alexandre Dulaunoy]

    Update threat-actor.json

  • Remove duplicate! [Rony]

  • Update threat-actor.json. [Rony]

    Added TRACER KITTEN, FIN11, UNC1878, Operation Skeleton Key

  • Merge pull request #594 from Delta-Sierra/master. [Alexandre Dulaunoy]

    update microsoft activity groups

  • Merge branch 'main' into master. [Deborah Servili]

  • Merge branch 'enhanced-master' into main. [Alexandre Dulaunoy]

  • Merge branch 'master' of https://github.com/enhanced/misp-galaxy into enhanced-master. [Alexandre Dulaunoy]

  • Added a new cryptominer galaxy and additional missing recent families to various clusters. [JJ Cummings]

  • Merge pull request #591 from StefanKelm/master. [Alexandre Dulaunoy]

    Update threat-actor.json

  • Update threat-actor.json. [StefanKelm]

    Kimsuky

  • Merge pull request #588 from danielplohmann/patch-2. [Alexandre Dulaunoy]

    adding PowerPool alias IAmTheKing (Kaspersky)

  • Adding PowerPool alias IAmTheKing (Kaspersky) [Daniel Plohmann]

    after a quick search I haven't found a nice source except for costin's tweet.

  • Merge pull request #587 from StefanKelm/master. [Christophe Vandeplas]

    Update threat-actor.json

  • Update threat-actor.json. [StefanKelm]

    TA505

  • Update threat-actor.json. [StefanKelm]

    XDSpy

  • Clarify error messages in validate_all.sh. [Christophe Vandeplas]

  • Fixes issues in attack-ics. [Christophe Vandeplas]

  • Added MITRE ICS to readme. [Christophe Vandeplas]

  • MITRE ATT&CK for ICS fixes #586. [Christophe Vandeplas]

    fixed issues in pull request #586

  • Merge pull request #586 from tw010101/main. [Christophe Vandeplas]

    Mitre ATT&CK for ICS Galaxies/Clusters

  • Revert "Merge pull request #586 from tw010101/main" [Christophe Vandeplas]

    This reverts commit a416987.

  • Merge pull request #586 from tw010101/main. [Christophe Vandeplas]

    Mitre ATT&CK for ICS Galaxies/Clusters

  • Add files via upload. [tw010101]

  • Add files via upload. [tw010101]

    Mitre ATT&CK for ICS
    Galaxy + Cluster files Mitre ATT&CK for ICS - Assets
    Galaxy + Cluster files Mitre ATT&CK for ICS - Groups
    Galaxy and Cluster files Mitre ATT&CK for ICS - Levels
    Galaxy + Cluster files for Mitre ATT&CK for ICS - Software
    Galaxy + Cluster files for Mitre ATT&CK for ICS - Tactics
    Galaxy + Cluster files for Mitre ATT&CK for ICS - Techniques
    Galaxy + Cluster files for Mitre ATT&CK for ICS - Technique Matrix

  • Merge pull request #585 from StefanKelm/master. [Alexandre Dulaunoy]

    Lazarus

  • Lazarus. [StefanKelm]

  • Merge pull request #584 from bartblaze/patch-1. [Alexandre Dulaunoy]

    Update threat-actor.json

  • Update threat-actor.json. [Bart]

    Add Machete alias

  • Merge pull request #583 from StefanKelm/master. [Alexandre Dulaunoy]

    Update threat-actor.json

  • Update threat-actor.json. [StefanKelm]

    GADOLINIUM

  • Merge pull request #582 from StefanKelm/master. [Alexandre Dulaunoy]

    Update threat-actor.json

  • Update threat-actor.json. [StefanKelm]

    APT28

  • Jq. [Delta-Sierra]

  • Update microsoft activity groups. [Delta-Sierra]

  • Add Sepulcher RAT. [Deborah Servili]

  • Merge https://github.com/MISP/misp-galaxy. [Deborah Servili]

  • Merge pull request #581 from r0ny123/patch-3. [Alexandre Dulaunoy]

    FBI FLASH AC-000133-TT

  • FBI FLASH AC-000133-TT. [Rony]

  • Merge pull request #580 from r0ny123/patch-2. [Alexandre Dulaunoy]

    Update threat-actor.json

  • Update threat-actor.json. [Rony]

    Adding Fox-Kitten and cleaned (or improved) winnti

  • Merge https://github.com/MISP/misp-galaxy. [Deborah Servili]

  • Merge pull request #579 from danielplohmann/ta413-evilnum. [Alexandre Dulaunoy]

    Adding TA413 and Evilnum

  • Adding TA413 and Evilnum. [Daniel Plohmann (jupiter)]

  • Merge pull request #578 from StefanKelm/master. [Alexandre Dulaunoy]

    Update threat-actor.json

  • Update threat-actor.json. [StefanKelm]

    APT33

  • Merge pull request #577 from StefanKelm/master. [Alexandre Dulaunoy]

    Update threat-actor.json

  • Update threat-actor.json. [StefanKelm]

    STRONTIUM

  • Merge pull request #576 from StefanKelm/master. [Alexandre Dulaunoy]

    Update threat-actor.json

  • Update threat-actor.json. [StefanKelm]

    Lazarus, FIN7

  • Merge pull request #575 from StefanKelm/master. [Alexandre Dulaunoy]

    Update threat-actor.json

  • Update threat-actor.json. [StefanKelm]

    TA542

  • Merge pull request #574 from VVX7/main. [Alexandre Dulaunoy]

    new: [dev] add ASPI's China Defence University Tracker.

  • Merge pull request #573 from rmkml/master. [Alexandre Dulaunoy]

    add Conti Ransomware

  • Add Conti Ransomware. [rmkml]

  • Merge pull request #572 from nyx0/main. [Alexandre Dulaunoy]

    Few updates

  • Update Tonto Team/CactusPete threat actor. [Thomas Dupuy]

  • Add Drovorub tool. [Thomas Dupuy]

  • Update TA APT40. [Thomas Dupuy]

  • Merge pull request #571 from danielplohmann/patch-30. [Alexandre Dulaunoy]

    adding Kaspersky's name for Microcin.

  • Update threat-actor.json. [Daniel Plohmann]

    adding Kaspersky's name for Microcin.

  • Merge pull request #570 from nyx0/master. [Alexandre Dulaunoy]

    Add WellMess and WellMail

  • Add WellMess and WellMail. [Thomas Dupuy]

  • Merge pull request #569 from rmkml/master. [Alexandre Dulaunoy]

    add Ragnarok Ransomware

  • Merge branch 'master' of https://github.com/rmkml/misp-galaxy. [rmkml]

  • Add Ragnarok Ransomware. [rmkml]

  • Add Ragnarok Ransomware. [rmkml]

  • Merge pull request #568 from Vasileios-Mavroeidis/patch-1. [Alexandre Dulaunoy]

    Motive correction based on the EU Cert motive taxonomy

  • Motive correction based on the EU Cert motive taxonomy. [Vasileios Mavroeidis]

    Changed the motive in object 29af2812-f7fb-4edb-8cc4-86d0d9e3644b from Hactivism-Nationalist to Hacktivists-Nationalists

  • Merge branch 'StefanKelm-master' into main. [Alexandre Dulaunoy]

  • Update threat-actor.json. [StefanKelm]

    OilRig

  • Merge pull request #563 from r0ny123/patch-1. [Steve Clement]

  • Update threat-actor.json. [Rony]

    Moved the JUDGMENT PANDA references to APT31 following the previous commit.
    Off note, Crowdstrike quietly removed the JUDGMENT PANDA section from its GTR-2019 report. However if anyone wants to grab the unchanged report, they can get it here.

  • Update threat-actor.json. [Rony]

  • Merge pull request #564 from StefanKelm/master. [Christophe Vandeplas]

    Update threat-actor.json

  • Update threat-actor.json. [StefanKelm]

    Turla

  • Merge pull request #562 from cudeso/main. [Alexandre Dulaunoy]

    SoD Matrix

  • SoD Matrix. [Koen Van Impe]

    Described at https://github.com/cudeso/SoD-Matrix

  • Add refs. [Deborah Servili]

  • Merge. [Deborah Servili]

  • Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]

  • Merge pull request #559 from StefanKelm/master. [Alexandre Dulaunoy]

    Update threat-actor.json

  • Update threat-actor.json. [StefanKelm]

    APT31

  • Merge pull request #558 from StefanKelm/master. [Alexandre Dulaunoy]

    Update threat-actor.json

  • Update threat-actor.json. [StefanKelm]

    APT30

  • Merge pull request #556 from StefanKelm/master. [Alexandre Dulaunoy]

    Update threat-actor.json

  • Update threat-actor.json. [StefanKelm]

    TA505

  • Merge pull request #557 from r0ny123/patch-1. [Alexandre Dulaunoy]

    Update threat-actor.json

  • Update threat-actor.json. [Rony]

  • Merge branch 'r0ny123-master' [Alexandre Dulaunoy]

  • Fixed typo! [Rony]

  • Adding GALLIUM Threat Actor. [Rony]

  • Merge pull request #1 from MISP/master. [Rony]

    update

  • Merge pull request #554 from StefanKelm/master. [Alexandre Dulaunoy]

    Update threat-actor.json

  • Update threat-actor.json. [StefanKelm]

    Higaisa

  • Commit. [Deborah Servili]

  • Merge pull request #553 from StefanKelm/master. [Alexandre Dulaunoy]

    Update threat-actor.json

  • Update threat-actor.json. [StefanKelm]

    Cycldek

  • Merge pull request #552 from danielplohmann/reference-fixes. [Alexandre Dulaunoy]

    Reference fixes

  • Fixing deadlinks where possible. [Daniel Plohmann (jupiter)]

  • Default to HTTPS to be consistent with other links to same page. [Daniel Plohmann (jupiter)]

  • Merge pull request #551 from nyx0/master. [Alexandre Dulaunoy]

    Add CrackMapExec, metasploit, Cobalt Strike and Covenant

  • Remove duplicate TA (Chafer), fix symantec link, add synonyme for DarkHotel. [Thomas Dupuy]

  • Add CrackMapExec, metasploit, Cobalt Strike and Covenant. [Thomas Dupuy]

  • Merge pull request #550 from r0ny123/patch-1. [Alexandre Dulaunoy]

    fix

  • Update threat-actor.json. [Rony]

  • Fix. [Rony]

  • Merge branch '3c7-secureworks_profiles' [Alexandre Dulaunoy]

  • Merged (most) SecureWorks threat actor profiles && jq. [Nils Kuhnert]

  • Merge pull request #547 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add Snake Ransomware

  • Fix missing description. [Deborah Servili]

  • Add Snake Ransomware. [Deborah Servili]

  • Merge pull request #546 from danielplohmann/patch-29. [Alexandre Dulaunoy]

    msft name: BORON for APT3

  • Msft name: BORON for APT3. [Daniel Plohmann]

    as per tweet: https://twitter.com/bkMSFT/status/1259578051962306562

  • Merge branch 'nyx0-master' [Alexandre Dulaunoy]

  • Add Sednit's Exploit-kit Sedkit. [Thomas Dupuy]

  • Add Higaisa Threat Actor. [Thomas Dupuy]

  • Merge pull request #542 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add speculoos bakdoor

  • Merge branch 'master' into master. [Deborah Servili]

  • Merge pull request #541 from nyx0/master. [Alexandre Dulaunoy]

    Add DenesRAT/METALJACK

  • Add DenesRAT/METALJACK. [Thomas Dupuy]

  • Merge branch 'intezer-fix/reports' [Alexandre Dulaunoy]

  • Added misp info. [de Rosen]

  • Merge pull request #539 from r0ny123/MergingTA. [Alexandre Dulaunoy]

    Adding alias Thallium and merging STOLEN PENCIL

  • Adding alias Thallium and merging STOLEN PENCIL. [Rony]

    Pretty much confirmed from the crowdstrike talk at ATT&CKon 2.0.
    And also Netscout named the campaign as STOLEN PENCIL.

  • Merge branch 'rvs1st-patch-1' [Alexandre Dulaunoy]

  • Update threat-actor.json. [rvs1st]

    Added on line 1403: Trident per campaign malicious RTF documents to exploit CVE-2017-11882 and CVE-2012-0158

  • Merge pull request #537 from danielplohmann/patch-28. [Alexandre Dulaunoy]

    Adding Nazar APT as described by JAGS in his OPCDE talk yesterday.

  • Adding Nazar APT as described by JAGS in his OPCDE talk yesterday. [Daniel Plohmann]

  • Merge pull request #536 from danielplohmann/patch-27. [Alexandre Dulaunoy]

    adding VOYEUR as alias (used by NSA) for MAGIC KITTEN (source referen…

  • Adding VOYEUR as alias (used by NSA) for MAGIC KITTEN (source reference included) [Daniel Plohmann]

  • Merge pull request #535 from ITAYC0HEN/feature/AddDarkUniverseActor. [Alexandre Dulaunoy]

    Add ItaDuke/DarkUniverse actor

  • Add ItaDuke/DarkUniverse actor. [itayc0hen]

  • Add speculoos bakdoor. [Deborah Servili]

  • Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]

  • Merge pull request #534 from danielplohmann/fin1. [Alexandre Dulaunoy]

    adding FIN1

  • Adding FIN1. [pnx@pyrite]

  • Merge pull request #533 from r0ny123/MergingTA. [Alexandre Dulaunoy]

    fix

  • Typo. [Rony]

    thanks to @patricksvgr

  • Update threat-actor.json. [Rony]

  • More fix. [Rony]

  • Fix broken links. [Rony]

  • Dead link. [Rony]

  • Add link. [Rony]

  • Merging APT23 & Tropic Trooper. [Rony]

  • Merge pull request #531 from r0ny123/patch-3. [Alexandre Dulaunoy]

    Update threat-actor.json

  • Update threat-actor.json. [Rony]

  • Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]

  • Merge pull request #529 from danielplohmann/patch-26. [Alexandre Dulaunoy]

    fixing/removing some more dead links

  • Removed duplicate entry. [Daniel Plohmann]

  • Fixing/removing some more dead links. [Daniel Plohmann]

  • Merge pull request #528 from Delta-Sierra/master. [Alexandre Dulaunoy]

    UPdate Ransomware Galaxy

  • Add Operation Shadow Forece. [Deborah Servili]

  • Add coronavirus ransomware. [Deborah Servili]

  • Add Pyta ransomnotes. [Deborah Servili]

  • Add pyza ransomware. [Deborah Servili]

  • Merge pull request #526 from Delta-Sierra/master. [Alexandre Dulaunoy]

    PARINACOTA group

  • PARINACOTA group. [Deborah Servili]

  • Merge pull request #523 from danielplohmann/patch-24. [Alexandre Dulaunoy]

    adding aliases MERCURY, HOLMIUM

  • Adding aliases MERCURY, HOLMIUM. [Daniel Plohmann]

    Muddywater->MERCURY: https://twitter.com/moranned/status/1234071210822184960
    APT33->HOLMIUM: https://www.zdnet.com/article/microsoft-notified-10000-victims-of-nation-state-attacks/

  • Merge pull request #524 from danielplohmann/patch-25. [Alexandre Dulaunoy]

    Kimsuki -> Black Banshee

  • Kimsuki -> Black Banshee. [Daniel Plohmann]

    PWC refers to Kimsuki as Black Banshee (https://www.pwc.co.uk/issues/cyber-security-data-privacy/research/tracking-kimsuky-north-korea-based-cyber-espionage-group-part-2.html)

  • Merge pull request #522 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add sdbbot

  • Add SdBbot. [Deborah Servili]

  • Add clop ransomware extension. [Deborah Servili]

  • Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]

  • Merge pull request #519 from danielplohmann/crowdstrike2020report. [Alexandre Dulaunoy]

    adding new/updated threat actor names from CrowdStrike 2020 report

  • While we are at it, we can also do Longhorn = APT-C-39. [Daniel Plohmann (jupiter)]

  • IMPERIAL KITTEN as alias for Tortoiseshell. [Daniel Plohmann (jupiter)]

  • Adding new/updated threat actor names from CrowdStrike 2020 report. [pnx@pyrite]

  • Merge branch 'cocaman-patch-1' [Alexandre Dulaunoy]

  • Fixing a comma error. [Corsin Camichel]

  • Adding Raccoon (win.raccoon) [Corsin Camichel]

  • Merge pull request #518 from danielplohmann/patch-21. [Alexandre Dulaunoy]

    Accenture calls APT32 - "POND LOACH"

  • Accenture calls APT32 - "POND LOACH" [Daniel Plohmann]

  • Merge branch 'nyx0-master' [Alexandre Dulaunoy]

  • Merge branch 'master' of https://github.com/nyx0/misp-galaxy into nyx0-master. [Alexandre Dulaunoy]

  • Add InvisiMole cluster. [Thomas Dupuy]

  • Merge pull request #517 from Delta-Sierra/master. [Alexandre Dulaunoy]

    update ransomware galaxy

  • Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]

  • Merge pull request #516 from rmkml/master. [Alexandre Dulaunoy]

    add MedusaLocker ransomware

  • Add MedusaLocker ransomware. [rmkml]

  • Add extension to clop ransomware. [Deborah Servili]

  • Add razor ransomware. [Deborah Servili]

  • Merge pull request #513 from danielplohmann/patch-20. [Alexandre Dulaunoy]

    adding APT-C-12

  • Adding APT-C-12. [Daniel Plohmann]

  • Merge pull request #512 from Delta-Sierra/master. [Alexandre Dulaunoy]

    Add several tools

  • Add tools used by TA505 + others. [Deborah Servili]

  • Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]

  • Add warzone RAT. [Deborah Servili]

  • Merge pull request #510 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add ransomwares

  • Add ransomwares. [Deborah Servili]

  • Merge pull request #509 from r0ny123/patch-3. [Alexandre Dulaunoy]

    Update threat-actor.json

  • Update threat-actor.json. [Rony]

    those are the name of aliases of the same malware family sykipot. so removing it.

  • Merge pull request #508 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add Operation Wocao

  • Merge branch 'master' into master. [Deborah Servili]

  • Merge pull request #507 from nyx0/master. [Alexandre Dulaunoy]

    Add Attor and DePriMon

  • Add Attor and DePriMon. [Thomas Dupuy]

  • Merge pull request #506 from danielplohmann/patch-19. [Alexandre Dulaunoy]

    removing and fixing deadlinks in the best possible way

  • Removing and fixing deadlinks in the best possible way. [Daniel Plohmann]

    Hi! While migrating Malpedia to our new reference data format, we noticed a few potentially dead/moved references in your cluster. This pull request should fix most of them, for some I was not able to find an appropriate replacement.

  • Merge pull request #505 from danielplohmann/patch-18. [Alexandre Dulaunoy]

    adding references and TEMP.MixMaster as alias for WIZARD SPIDER

  • Adding references and TEMP.MixMaster as alias for WIZARD SPIDER. [Daniel Plohmann]

    with kudos to @tbarabosch

  • Merge pull request #504 from Delta-Sierra/master. [Alexandre Dulaunoy]

    update target location galaxy

  • Merge pull request #503 from StefanKelm/master. [Alexandre Dulaunoy]

    Update ransomware.json

  • Update ransomware.json. [StefanKelm]

  • Update ransomware.json. [StefanKelm]

    5ss5c

  • Merge pull request #502 from Delta-Sierra/master. [Alexandre Dulaunoy]

    update tool galaxy

  • Jq. [Deborah Servili]

  • Add Operation Wocao. [Deborah Servili]

  • Complete Zimbabwe cluster. [Deborah Servili]

  • Update target location galaxy. [Deborah Servili]

  • Merge branch 'master' into master. [Deborah Servili]

  • Merge pull request #500 from Delta-Sierra/master. [Alexandre Dulaunoy]

    update target information

  • Merge pull request #501 from StefanKelm/master. [Alexandre Dulaunoy]

    Update tool.json

  • Update tool.json. [StefanKelm]

    LiquorBot

  • Merge pull request #499 from StefanKelm/master. [Alexandre Dulaunoy]

    Update tool.json

  • Update tool.json. [StefanKelm]

    Lampion

  • Add Autochk Rootkit as tool. [Deborah Servili]

  • Add two wipers to tools. [Deborah Servili]

  • Update target information. [Deborah Servili]

  • Merge pull request #498 from StefanKelm/master. [Alexandre Dulaunoy]

    Update threat-actor.json

  • Update threat-actor.json. [StefanKelm]

  • Update threat-actor.json. [StefanKelm]

    BRONZE PRESIDENT

  • Merge pull request #497 from r0ny123/patch-2. [Alexandre Dulaunoy]

    Update threat-actor.json

  • Update threat-actor.json. [Rony]

  • Merge pull request #496 from bartblaze/patch-1. [Alexandre Dulaunoy]

    Update threat-actor.json

  • Update threat-actor.json. [Bart]

    Adds Operation Wocao..

  • Merge pull request #495 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add clop ransomware

  • Add clop ransomware. [Deborah Servili]

  • Merge pull request #494 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add BitPaymer Synonyms

  • Jq. [Deborah Servili]

  • Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]

  • Merge pull request #493 from Delta-Sierra/master. [Deborah Servili]

    add tools used by GALLIUM

  • Merge pull request #492 from Delta-Sierra/master. [Alexandre Dulaunoy]

    Operation Soft Cell ralated Updates

  • Merge pull request #491 from wagner-certat/threat-actor-syn-sofacy. [Alexandre Dulaunoy]

    sofacy: add apt_sofacy as synonym

  • Sofacy: add apt_sofacy as synonym. [Sebastian Wagner]

  • Merge pull request #490 from Delta-Sierra/master. [Alexandre Dulaunoy]

    Update threat actor galaxy

  • Add BitPaymer Synonsyms. [Deborah Servili]

  • Add tools used by GALLIUM. [Deborah Servili]

  • Add GALLIUM as microsoft activities group and similar to Operation Soft Cell. [Deborah Servili]

  • Update threat actor version. [Deborah Servili]

  • Add relation suspected link between operation soft cell and apt10. [Deborah Servili]

  • ##COMMA## [Deborah Servili]

  • Merge branch 'master' into master. [Deborah Servili]

  • Merge pull request #489 from danielplohmann/patch-16. [Alexandre Dulaunoy]

    added APT-C-34 / Golden Falcon

  • Added APT-C-34 / Golden Falcon. [Daniel Plohmann]

  • Merge pull request #488 from Delta-Sierra/master. [Alexandre Dulaunoy]

    create new galaxy - surveillance-vendor

  • Merge pull request #487 from gallypette/patch-1. [Alexandre Dulaunoy]

    add: [dark-pattern] updates the README

  • Add: [dark-pattern] updates the README. [Jean-Louis Huynen]

  • Merge pull request #486 from gallypette/master. [Alexandre Dulaunoy]

    chg: [dark-pattern] namespace: misp

  • Merge pull request #485 from danielplohmann/patch-15. [Alexandre Dulaunoy]

    added TA2101

  • Added TA2101. [Daniel Plohmann]

  • Merge pull request #484 from gallypette/master. [Alexandre Dulaunoy]

    add: [dark-pattern] galaxy to tag dark patterns

  • Add: [dark-pattern] add a source. [Jean-Louis Huynen]

  • Add: [dark-pattern] galaxy to tag dark patterns. [Jean-Louis Huynen]

  • Add Axiom synonym. [Deborah Servili]

  • Add Sofacy ref. [Deborah Servili]

  • Add clusters to surveillance-vendor galaxy. [Deborah Servili]

  • Fix surveillance-vendor galaxy. [Deborah Servili]

  • Fix-tentative. [Deborah Servili]

  • Fix. [Deborah Servili]

  • Jq. [Deborah Servili]

  • Update schema_cluster. [Deborah Servili]

  • Add FlexiSPY + jq. [Deborah Servili]

  • Add new galaxy - surveillance-vendor. [Deborah Servili]

  • Add Private Internet Access as Tool. [Deborah Servili]

  • Merge branch 'rmkml-master' [Alexandre Dulaunoy]

  • Merge branch 'master' into master. [rmkml]

  • Merge pull request #482 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add DePriMon malicious downloader & Cyborg ransomware

  • Jq. [Deborah Servili]

  • Add cyborg ransomnote refs. [Deborah Servili]

  • Add cyborg ransomnote filename. [Deborah Servili]

  • Add cyborg ranspmware extension. [Deborah Servili]

  • Jq. [Deborah Servili]

  • Add DePriMon malicious downloader & Cyborg ransomware. [Deborah Servili]

  • Merge pull request #481 from Delta-Sierra/master. [Andras Iklody]

    add silence synonym & new meta field spoken-language

  • Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy. [Deborah Servili]

  • Merge branch 'master' into master. [Deborah Servili]

  • Merge. [Deborah Servili]

  • Merge pull request #480 from rmkml/master. [Alexandre Dulaunoy]

    Add Maze Ransomware

  • Merge pull request #477 from rmkml/master. [Alexandre Dulaunoy]

    Add Desync Ransomware

  • Merge pull request #476 from StefanKelm/master. [Alexandre Dulaunoy]

    new refs for APT33

  • New refs for APT33. [StefanKelm]

  • Merge pull request #475 from Delta-Sierra/master. [Alexandre Dulaunoy]

    target information update [WIP]

  • Merge pull request #473 from Delta-Sierra/master. [Alexandre Dulaunoy]

    update target location WIP

  • Merge. [Deborah Servili]

  • Add silence synonym & new meta field spoken-language. [Deborah Servili]

  • Traget information update [WIP] [Deborah Servili]

  • Jq. [Deborah Servili]

  • Traget information update [WIP] [Deborah Servili]

  • Add Palestine PPound. [Deborah Servili]

  • Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]

  • Merge pull request #472 from rmkml/master. [Alexandre Dulaunoy]

    Add DoppelPaymer Ransomware

  • Merge pull request #471 from rmkml/master. [Alexandre Dulaunoy]

    Add FreeMe Ransomware

  • Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]

  • Merge pull request #468 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add Turla Group Symonym variant

  • Merge pull request #467 from Delta-Sierra/master. [Deborah Servili]

    Few updates

  • Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]

  • Merge pull request #465 from r0ny123/patch-1. [Alexandre Dulaunoy]

    Update threat-actor.json

  • Update threat-actor.json. [Rony]

  • Jq. [Deborah Servili]

  • Update target location WIP. [Deborah Servili]

  • Add Turla Group Symonym variant. [Deborah Servili]

  • Jq. [Deborah Servili]

  • Add Winnti related tools etc. [Deborah Servili]

  • Add operation soft cell. [Deborah Servili]

  • Merge pull request #464 from MISP/fix-misinfosec. [Sami Mokaddem]

    fix: [misinfosec] fixed kill_chain fields

  • Merge pull request #463 from VVX7/master. [Alexandre Dulaunoy]

    new: [galaxy] AMITT (Adversarial Misinformation and Influence Tactics…

  • Merge pull request #462 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add synonyms

  • Jq. [Deborah Servili]

  • Add legitimate tools. [Deborah Servili]

  • Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]

  • Merge pull request #461 from Delta-Sierra/target-location-galaxy. [Alexandre Dulaunoy]

    Target location galaxy

  • Fix empty string. [Deborah Servili]

  • Jq. [Deborah Servili]

  • Add TVSPY tool. [Deborah Servili]

  • WIP update target info. [Deborah Servili]

  • Try to please CodeFactor. [Deborah Servili]

  • Add script used to create region galaxy (Not optimised or anything) [Deborah Servili]

  • New galaxy - Region based on UN M49. [Deborah Servili]

  • WIP update target info. [Deborah Servili]

  • Merge pull request #459 from Delta-Sierra/target-location-galaxy. [Alexandre Dulaunoy]

    Target location galaxy

  • Jq. [Deborah Servili]

  • Merge branch 'master' of https://github.com/MISP/misp-galaxy into target-location-galaxy. [Deborah Servili]

  • Merge pull request #458 from Delta-Sierra/master. [Alexandre Dulaunoy]

    Add Tortoiseshell thrat actor

  • WIP update target info - fix empty string. [Deborah Servili]

  • WIP update target info. [Deborah Servili]

  • WIP update target info. [Deborah Servili]

  • Moar clusters. [Deborah Servili]

  • Update target information [draft] [Deborah Servili]

  • Update target information. [Deborah Servili]

  • Update target information. [Deborah Servili]

  • Improve target-information. [Deborah Servili]

  • Update version. [Deborah Servili]

  • Add PlugX rat sysnonyms. [Deborah Servili]

  • Add Sodinokibi synonym. [Deborah Servili]

  • Version update. [Deborah Servili]

  • Add Tortoiseshell thrat actor. [Deborah Servili]

  • Merge pull request #457 from rmkml/master. [Alexandre Dulaunoy]

    Add Mr.Dec Ransomware

  • Merge pull request #456 from rmkml/master. [Alexandre Dulaunoy]

    Add Hildacrypt Ransomware

  • Merge pull request #455 from rmkml/master. [Alexandre Dulaunoy]

    Add InnfiRAT

  • Merge pull request #454 from StefanKelm/master. [Alexandre Dulaunoy]

    Update threat-actor.json

  • Update threat-actor.json. [StefanKelm]

    Silent Librarian

  • Merge pull request #453 from rmkml/master. [Alexandre Dulaunoy]

    Add AsyncRAT

  • Fix Add FTCode Ransomware. [rmkml]

  • Add FTCode Ransomware. [rmkml]

  • Add Maze Ransomware. [rmkml]

  • Revert "Add Maze Ransomware" [rmkml]

    This reverts commit cfc6e28.

  • Add Maze Ransomware. [rmkml]

  • Add Desync Ransomware. [rmkml]

  • Add DoppelPaymer Ransomware. [rmkml]

  • Add FreeMe Ransomware. [rmkml]

  • Add Mr.Dec Ransomware. [rmkml]

  • Add Hildacrypt Ransomware. [rmkml]

  • Add InnfiRAT. [rmkml]

  • Merge branch 'master' into master. [rmkml]

  • Merge pull request #452 from Delta-Sierra/master. [Deborah Servili]

    aff SectorJ04 group

  • Merge branch 'master' into master. [Deborah Servili]

  • Merge pull request #450 from rmkml/master. [Alexandre Dulaunoy]

    Add Buran Ransomware

  • Merge pull request #449 from danielplohmann/patch-14. [Alexandre Dulaunoy]

    'SectorJ04 Group' as alias introduced by NSHC for TA505

  • 'SectorJ04 Group' as alias introduced by NSHC for TA505. [Daniel Plohmann]

    Not explicitly mentioned in the blog post but it looks like we just got an alias for TA505... https://threatrecon.nshc.net/2019/08/29/sectorj04-groups-increased-activity-in-2019/

  • Merge pull request #448 from rmkml/master. [Alexandre Dulaunoy]

    Add Nemty Ransomware

  • Merge pull request #447 from Delta-Sierra/target-location-galaxy. [Alexandre Dulaunoy]

    improve more clusters

  • Improve more clusters. [Deborah Servili]

  • Merge pull request #446 from wagner-certat/tool-empty-strings. [Alexandre Dulaunoy]

    Add test for empty strings

  • Target-information: fix territory-type for China. [Sebastian Wagner]

  • Add test for empty strings. [Sebastian Wagner]

    Should prevent #438

  • Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]

  • Merge pull request #441 from Delta-Sierra/target-location-galaxy. [Deborah Servili]

    More clusters improved

  • More clusters improved. [Deborah Servili]

  • Merge pull request #444 from StefanKelm/master. [Alexandre Dulaunoy]

    Update threat-actor.json

  • Update threat-actor.json. [StefanKelm]

    Add ITG08 as synonym for FIN6

  • Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]

  • Merge branch 'Delta-Sierra-master' [Alexandre Dulaunoy]

  • Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master. [Alexandre Dulaunoy]

  • Aff SectorJ04 group. [Deborah Servili]

  • Add Asruex Backdoor. [Deborah Servili]

  • Add ref for Gamaredon. [Deborah Servili]

  • Merge pull request #440 from Delta-Sierra/target-location-galaxy. [Alexandre Dulaunoy]

    Target location galaxy

  • More clusters improved. [Deborah Servili]

  • More clusters improved. [Deborah Servili]

  • Merge pull request #439 from Delta-Sierra/target-location-galaxy. [Alexandre Dulaunoy]

    Target location galaxy

  • More clusters improved. [Deborah Servili]

  • More clusters improved. [Deborah Servili]

  • More countries. [Deborah Servili]

  • Merge pull request #438 from wagner-certat/empty-strings. [Alexandre Dulaunoy]

    Remove some empty strings

  • Remove empty strings. [Sebastian Wagner]

  • Merge pull request #437 from Delta-Sierra/target-location-galaxy. [Deborah Servili]

    Target location galaxy

  • Complete more cluster + country is now an array. [Deborah Servili]

  • Target-informatione - add membership member-of attribute - Example:member-of NATO. [Deborah Servili]

  • Merge pull request #436 from Delta-Sierra/target-location-galaxy. [Alexandre Dulaunoy]

    Target location galaxy

  • Jq. [Deborah Servili]

  • Change attribute name. [Deborah Servili]

  • Jq. [Deborah Servili]

  • Complete some clusters. [Deborah Servili]

  • Fix building mistakes. [Deborah Servili]

  • Add tld. [Deborah Servili]

  • Add target-information galaxy file. [Deborah Servili]

  • Rename galaxy target-location -> target-information. [Deborah Servili]

  • New galaxy target-location [DRAFT] [Deborah Servili]

  • Merge pull request #435 from hackunagi/master. [Alexandre Dulaunoy]

    Adding Amavaldo Banking Trojan

  • Adding Amavaldo Banking Trojan. [Carlos Borges]

  • Merge pull request #434 from r0ny123/patch-1. [Alexandre Dulaunoy]

    added microsoft naming for the groups

  • Added microsoft naming for the groups. [Rony]

  • Merge pull request #433 from nyx0/master. [Alexandre Dulaunoy]

    add APT41

  • Add synonyme for Turla. [Thomas Dupuy]

  • Update victims. [Thomas Dupuy]

  • Add APT41. [Thomas Dupuy]

  • Merge pull request #431 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add Amavaldo

  • Jq. [Deborah Servili]

  • Update version. [Deborah Servili]

  • Add Amavaldo. [Deborah Servili]

  • Merge pull request #430 from 3c7/patch-2. [Alexandre Dulaunoy]

    [threat-actor] Remove local file reference in threat actor galaxy

  • Remove local file link :) [Nils Kuhnert]

  • Lowercased value field for DarkHotel. [Andras Iklody]

  • Merge pull request #429 from danielplohmann/patch-13. [Alexandre Dulaunoy]

    adding secureworks actor names for energetic bear and teamspy

  • Merge branch 'master' into patch-13. [Alexandre Dulaunoy]

  • Merge pull request #428 from danielplohmann/patch-12. [Alexandre Dulaunoy]

    adding Proofpoint's TA428

  • Adding Proofpoint's TA428. [Daniel Plohmann]

  • Adding secureworks actor names for energetic bear and teamspy. [Daniel Plohmann]

  • Merge pull request #426 from mokaddem/patch-2. [Alexandre Dulaunoy]

    Update mitre-course-of-action.json

  • Update mitre-course-of-action.json. [Sami Mokaddem]

    Changed icon

  • Merge pull request #425 from mokaddem/patch-1. [Alexandre Dulaunoy]

    Update banker.json

  • Update banker.json. [Sami Mokaddem]

    Changed icon name

  • Merge pull request #424 from mokaddem/patch-3. [Alexandre Dulaunoy]

    Update mitre-enterprise-attack-course-of-action.json

  • Update mitre-enterprise-attack-course-of-action.json. [Sami Mokaddem]

    Changed icon

  • Merge pull request #423 from mokaddem/patch-4. [Alexandre Dulaunoy]

    Update mitre-mobile-attack-course-of-action.json

  • Update mitre-mobile-attack-course-of-action.json. [Sami Mokaddem]

    Changed icon

  • Merge pull request #422 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add SWEED threat actor

  • Jq. [Deborah Servili]

  • Add SWEED threat actor. [Deborah Servili]

  • Merge pull request #420 from Delta-Sierra/master. [Deborah Servili]

    add Felipe Trojan

  • Jq. [Deborah Servili]

  • Add Felipe Trojan. [Deborah Servili]

  • Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy. [Alexandre Dulaunoy]

  • Fix duplicate. [Deborah Servili]

  • Update threat actor galaxy. [Deborah Servili]

  • Update threat actor galaxy. [Deborah Servili]

  • Update threat actor galaxy. [Deborah Servili]

  • Update threat actor galaxy. [Deborah Servili]

  • ##COMMA## [Deborah Servili]

  • Fix duplicate. [Deborah Servili]

  • Update version. [Deborah Servili]

  • Update threat actor galaxy. [Deborah Servili]

  • Merge pull request #419 from r0ny123/patch-6. [Alexandre Dulaunoy]

    Update threat-actor.json

  • Update threat-actor.json. [Rony]

  • Merge pull request #415 from Delta-Sierra/master. [Alexandre Dulaunoy]

    update threat actor galaxy

  • Fix duplicate and links update (APT34) [Deborah Servili]

  • Fix duplicate. [Deborah Servili]

  • Update threat actor galaxy. [Deborah Servili]

  • Tryto fix duplicate. [Deborah Servili]

  • Update threat actor galaxy. [Deborah Servili]

  • Merge pull request #414 from Delta-Sierra/master. [Alexandre Dulaunoy]

    update threat actor galaxy

  • Fix duplicate. [Deborah Servili]

  • Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]

  • Merge pull request #413 from Delta-Sierra/master. [Alexandre Dulaunoy]

    update threat actor galaxy

  • Merge pull request #412 from Delta-Sierra/master. [Alexandre Dulaunoy]

    update threat actors and tools

  • Merge pull request #411 from Delta-Sierra/master. [Alexandre Dulaunoy]

    update threat-actor galaxy

  • Merge pull request #409 from rmkml/master. [Alexandre Dulaunoy]

    Add GetCrypt Ransomware

  • Merge pull request #408 from rmkml/master. [Alexandre Dulaunoy]

    Add Phobos Ransomware

  • Merge pull request #407 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add BlueKeep vulnerability

  • Update threat actor galaxy. [Deborah Servili]

  • Jq. [Deborah Servili]

  • Update threat actor galaxy. [Deborah Servili]

  • Update threat actor galaxy. [Deborah Servili]

  • Update Threat actor galaxy. [Deborah Servili]

  • Update threat actor. [Deborah Servili]

  • Update threat actor darkhotel (nemim might be a typo) [Deborah Servili]

  • Update threat actor. [Deborah Servili]

  • FlawedAmmy RAT. [Deborah Servili]

  • Fix multiple refs. [Deborah Servili]

  • Update threat actors. [Deborah Servili]

  • Update threat actors. [Deborah Servili]

  • Update threat actors and tools. [Deborah Servili]

  • Fix merge mistakes. [Deborah Servili]

  • Update threat actor. [Deborah Servili]

  • Update threat actor. [Deborah Servili]

  • Update threat-actor galaxy. [Deborah Servili]

  • Update Anchor Panda Threat Actor. [Deborah Servili]

  • Add BlueKeep. [Deborah Servili]

  • Add AsyncRAT. [rmkml]

  • Add Buran Ransomware. [rmkml]

  • Add Nemty Ransomware. [rmkml]

  • Add GetCrypt Ransomware. [rmkml]

  • Merge branch 'master' into master. [rmkml]

  • Merge pull request #406 from Delta-Sierra/master. [Alexandre Dulaunoy]

    Rework of ransomware galaxy

  • Fix ransomware ransomnotes. [Deborah Servili]

  • Jq. [Deborah Servili]

  • Rework of ransomware galaxy. [Deborah Servili]

  • Merge pull request #405 from danielplohmann/patch-11. [Alexandre Dulaunoy]

    adding TA542 to MUMMY SPIDER (emotet)

  • Adding TA542 to MUMMY SPIDER (emotet) [Daniel Plohmann]

  • Merge pull request #404 from r0ny123/patch-5. [Alexandre Dulaunoy]

    merging Pacifier & Turla

  • Merging Pacifier & Turla. [Rony]

  • Merge pull request #403 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add Reaver and probably related tools

  • Add Reaver and probably related tools. [Deborah Servili]

  • Merge pull request #402 from danielplohmann/patch-9. [Alexandre Dulaunoy]

    adding APT31/ZIRCONIUM

  • Adding APT31/ZIRCONIUM. [Daniel Plohmann]

  • Merge pull request #401 from mokaddem/bump-attack-pattern. [Alexandre Dulaunoy]

    chg: [attack-pattern] Sync kill-chain with data from MITRE.

  • Merge pull request #400 from Delta-Sierra/master. [Deborah Servili]

    add Sodinokibi

  • Add Sodinokibi. [Deborah Servili]

  • Merge pull request #399 from r0ny123/patch-4. [Alexandre Dulaunoy]

    Update threat-actor.json

  • Update threat-actor.json. [Rony]

  • Merge pull request #395 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add Scranos

  • Add Scarnos. [Deborah Servili]

  • Merge pull request #394 from StefanKelm/master. [Alexandre Dulaunoy]

    Update threat-actor.json

  • Update threat-actor.json. [StefanKelm]

    Silent Librarian / COBALT DICKENS

  • Merge pull request #393 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add AESDDoS Botnet and JasperLoader

  • Add JasperLoader. [Deborah Servili]

  • Add AESDDoS Botnet. [Deborah Servili]

  • Merge branch 'nao-sec-master' [Alexandre Dulaunoy]

  • Merge branch 'master' of https://github.com/nao-sec/misp-galaxy into nao-sec-master. [Alexandre Dulaunoy]

  • Merge branch 'r0ny123-patch-2' [Alexandre Dulaunoy]

  • Update threat-actor.json. [Rony]

  • Update threat-actor.json. [Rony]

  • Update threat-actor.json. [Rony]

  • Updated FIN4. [Rony]

  • Merge branch 'Kafeine-master' [Alexandre Dulaunoy]

  • Merge branch 'master' of https://github.com/Kafeine/misp-galaxy into Kafeine-master. [Alexandre Dulaunoy]

  • += Spelevo. [Kafeine]

  • ZTDS. [Kafeine]

  • Novidade,taurus. [Kafeine]

  • Merge pull request #387 from r0ny123/patch-1. [Alexandre Dulaunoy]

    more report on APT36

  • More report on APT36. [Rony]

  • Merge pull request #386 from Delta-Sierra/master. [Alexandre Dulaunoy]

    ad Sea Turtle Campaign

  • Add Sea Turtle campaign. [Deborah Servili]

  • Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]

  • Chg; [threat-actor] validate + version bump. [Christophe Vandeplas]

  • Merge pull request #385 from bartblaze/master. [Christophe Vandeplas]

    Add Whitefly

  • Add Whitefly. [Bart]

  • Merge. [Deborah Servili]

  • Merge pull request #384 from r0ny123/patch-3. [Deborah Servili]

    fixed the broken link

  • Fixed the broken link. [Rony]

  • Merge pull request #383 from rmkml/master. [Deborah Servili]

    Add BigBobRoss Ransomware

  • Merge pull request #382 from rmkml/master. [Alexandre Dulaunoy]

    Add Caesar RAT

  • Merge pull request #381 from rmkml/master. [Alexandre Dulaunoy]

    Add Tellyouthepass Ransomware

  • Merge pull request #380 from bartblaze/master. [Alexandre Dulaunoy]

    Add DoNot team references

  • Add DoNot team references. [Bart]

  • Merge pull request #379 from rmkml/master. [Alexandre Dulaunoy]

    Add BlackWorm Ransomware

  • Merge branch 'danielplohmann-patch-8' [Alexandre Dulaunoy]

  • Merge branch 'patch-8' of https://github.com/danielplohmann/misp-galaxy into danielplohmann-patch-8. [Alexandre Dulaunoy]

  • Based on additional research, APT36 can actually be merged into Mythic Leopard. [Daniel Plohmann]

  • Merge pull request #377 from r0ny123/patch-2. [Alexandre Dulaunoy]

    Update threat-actor.json

  • Update threat-actor.json. [Rony]

  • Merge pull request #376 from r0ny123/patch-1. [Alexandre Dulaunoy]

    adding additional resources for APT36

  • Update threat-actor.json. [Rony]

  • Adding additional resources for APT36. [Rony]

  • Merge pull request #375 from rmkml/master. [Alexandre Dulaunoy]

    Add Globe Imposter Ransomware

  • Merge pull request #374 from rmkml/master. [Alexandre Dulaunoy]

    Add Parasite HTTP RAT

  • Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]

  • Add ref for Ryuk and LockerGoga ransomwares. [Deborah Servili]

  • Add Phobos Ransomware. [rmkml]

  • Add Cr1ptt0r Ransomware. [rmkml]

  • Add SpelevoEK. [rmkml]

  • Add Planetary Ransomware. [rmkml]

  • Add BigBobRoss Ransomware. [rmkml]

  • Add Caesar RAT. [rmkml]

  • Add Ave Maria Stealer. [rmkml]

  • Add Tellyouthepass Ransomware. [rmkml]

  • Add Vidar Stealer. [rmkml]

  • Add Brushaloader Malware. [rmkml]

  • Add BlackWorm Ransomware. [rmkml]

  • Add Globe Imposter Ransomware. [rmkml]

  • Add Parasite HTTP RAT. [rmkml]

  • Merge pull request #373 from danielplohmann/patch-7. [Alexandre Dulaunoy]

    adding FireEye's TMP.Lapis / APT36

  • Adding FireEye's TMP.Lapis / APT36. [Daniel Plohmann]

  • Merge branch 'ismasma-master' [Alexandre Dulaunoy]

  • Merge branch 'master' of https://github.com/ismasma/misp-galaxy into ismasma-master. [Alexandre Dulaunoy]

  • Add payment method and price. [ismasma]

  • Merge pull request #371 from Delta-Sierra/master. [Alexandre Dulaunoy]

    Add Operation ShadowHammer

  • Add Operation ShadowHammer. [Deborah Servili]

  • Add relationship between Cardinal RAT and EVILNUM. [Deborah Servili]

  • Merge branch 'Delta-Sierra-master' [Alexandre Dulaunoy]

  • Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master. [Alexandre Dulaunoy]

  • Jq. [Deborah Servili]

  • Merge branch 'master' into master. [Deborah Servili]

  • Add Cardinal RAT ref. [Deborah Servili]

  • Add AOT-C-27 Goldmouse. [Deborah Servili]

  • Add SPOILER vulnerability + other minor changes. [Deborah Servili]

  • Remove mitre-relationships from readme. [Deborah Servili]

  • Merge pull request #370 from danielplohmann/patch-6. [Alexandre Dulaunoy]

    added APT-C-27 / GoldMouse

  • Added APT-C-27 / GoldMouse. [Daniel Plohmann]

  • Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]

  • Merge pull request #363 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add H-worm RAT

  • Add H-worm RAT. [Deborah Servili]

  • Add: [attck4fraud] initial attck-like matrix for fraud from https://github.com/burritoblue/attck4fraud (WiP) [Alexandre Dulaunoy]

  • Merge pull request #362 from bartblaze/master. [Alexandre Dulaunoy]

    Update preventive-measure.json

  • Update preventive-measure.json. [Bart]

    Add ACL

  • Merge pull request #361 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add Operation Comando - hit version 100

  • Add Operation Comando - hit version 100. [Deborah Servili]

  • Merge pull request #359 from nyx0/master. [Alexandre Dulaunoy]

    add synonym, no need for uppercase in the name :)

  • Add synonym, no need for uppercase in the name :) [Thomas Dupuy]

  • Merge pull request #358 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add attribution-confidence attribute to threat-actor

  • Add attribution-confidence attribute to threat-actor. [Deborah Servili]

  • Merge pull request #357 from Delta-Sierra/master. [Alexandre Dulaunoy]

    New clusters

  • Relations between SLUB Backdoor. [Deborah Servili]

  • Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy. [Deborah Servili]

  • Merge branch 'master' into master. [Deborah Servili]

  • Merge branch 'master' into master. [Deborah Servili]

  • Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]

  • Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]

  • Merge pull request #356 from danielplohmann/patch-5. [Alexandre Dulaunoy]

    another actor described by 360TIC.

  • Update threat-actor.json. [Daniel Plohmann]

    another actor described by 360TIC.

  • Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]

  • Merge pull request #355 from danielplohmann/patch-4. [Alexandre Dulaunoy]

    FireEye upgraded TEMP.Periscope to APT40

  • FireEye upgraded TEMP.Periscope to APT40. [Daniel Plohmann]

  • Add StealthWorker malware. [Deborah Servili]

  • Add SLUB backdoor. [Deborah Servili]

  • Add Jokeroo RaaS. [Deborah Servili]

  • Add operation Kabar Cobra. [Deborah Servili]

  • Add ref for garrantydecrypt. [Deborah Servili]

  • Add relation between Lazarus Group and Operation SharpShooter. [Deborah Servili]

  • Add Rising Sun Backdoor. [Deborah Servili]

  • Add Razdel. [Deborah Servili]

  • Merge pull request #350 from bartblaze/master. [Alexandre Dulaunoy]

    Add more info on Lotus Blossom

  • Add more info on Lotus Blossom. [Bart]

    Add 2 more references, fix typo - Trend calls it "Esile", not "Eslie" as mistakenly stated by CFR. The backdoor itself is commonly referred to as Elise.

  • Merge pull request #347 from bartblaze/master. [Alexandre Dulaunoy]

    Update cert-eu-motive.json

  • Update cert-eu-motive.json. [Bart]

    Fix typo

  • Merge pull request #346 from danielplohmann/patch-3. [Alexandre Dulaunoy]

    Two more actor names from GTR2019

  • Two more actor names from GTR2019. [Daniel Plohmann]

    I found two more actor names while going again over the crowdstrike's report and updating the cross-references to malpedia.

  • Merge pull request #345 from danielplohmann/patch-2. [Alexandre Dulaunoy]

    Added missing actors from CrowdStrike GTR2019

  • Added missing actors from CrowdStrike GTR2019. [Daniel Plohmann]

  • Merge pull request #344 from ITAYC0HEN/patch-1. [Alexandre Dulaunoy]

    Fix 404'd reference of BuhTrap

  • Fix 404'd reference of BuhTrap. [Itay Cohen]

  • Merge pull request #343 from mokaddem/newMitre. [Alexandre Dulaunoy]

    Added kill_chain_order in mitre-attack-pattern

  • Merge branch 'master' of https://github.com/MISP/misp-galaxy into newMitre. [mokaddem]

  • Merge pull request #342 from mokaddem/electionGuidelines. [Alexandre Dulaunoy]

    new: Added draft of the election guildelines galaxy

  • Merge pull request #320 from cvandeplas/mitre_attack. [Alexandre Dulaunoy]

    chg: [mitre] Deprecated pre/enterprise/mobile separate galaxies

  • Merge pull request #341 from Delta-Sierra/master. [Alexandre Dulaunoy]

    Add several clusters

  • Merge branch 'master' into master. [Deborah Servili]

  • Merge pull request #340 from nyx0/master. [Alexandre Dulaunoy]

    add ANEL/UPPERCUT in tool cluster

  • Add ANEL/UPPERCUT in tool cluster. [Thomas Dupuy]

  • Merge pull request #338 from netjinho/patch-1. [Alexandre Dulaunoy]

    Updated "Iran" name

  • Updated "Iran" name. [João Neto]

    This extra space leads to an unnecessary key error when parsing the json file

  • Merge pull request #337 from 3c7/synonym/velvet-chollima. [Alexandre Dulaunoy]

    Added Velvet Chollima as synonym to Kimsuki

  • Added Velvet Chollima as synonym to Kimsuki. [Nils Kuhnert]

  • Merge pull request #336 from 3c7/synonym/static-kitten. [Christophe Vandeplas]

    Added static kitten as synonym for MuddyWater

  • Added static kitten as synonym for MuddyWater. [Nils Kuhnert]

  • Merge pull request #334 from 3c7/synonym/cobalt-spider. [Alexandre Dulaunoy]

    Added Cobalt Spider as Synonym for Cobalt

  • Added Cobalt Spider reference. [Nils Kuhnert]

  • Added Cobalt Spider as Synonym for Cobalt. [Nils Kuhnert]

  • Merge pull request #335 from 3c7/synonym/turbine-panda. [Alexandre Dulaunoy]

    Added Turbine Panda as synonym for APT 26

  • Added Turbine Panda as synonym for APT 26. [Nils Kuhnert]

  • Merge pull request #333 from 3c7/synonym/oceanbuffalo. [Alexandre Dulaunoy]

    Added Ocean Buffalo synonym for Ocean Lotus

  • Added Ocean Buffalo synonym for Ocean Lotus. [Nils Kuhnert]

  • Merge pull request #332 from Delta-Sierra/master. [Alexandre Dulaunoy]

    Add APT39 & LockerGoga

  • Merge pull request #331 from 3c7/synonym/quilted_tiger. [Alexandre Dulaunoy]

    Added Quilted Tiger as Synonym for Patchwork/Dropping Elephant.

  • Added Quilted Tiger as Synonym for Patchwork/Dropping Elephant. [Nils Kuhnert]

  • Merge pull request #330 from 3c7/synonym/shadow_crane. [Alexandre Dulaunoy]

    Added Shadow Crane as synonym for Dark Hotel.

  • Added Shadow Crane as synonym for Dark Hotel. [Nils Kuhnert]

  • Add Gallmaker and other clusters. [Deborah Servili]

  • Add OSX/Shlayer and some refs. [Deborah Servili]

  • Add Siesta campaign. [Deborah Servili]

  • Add APT39. [Deborah Servili]

  • Add LockerGoga ransomware. [Deborah Servili]

  • Merge pull request #329 from 3c7/synonym/stardustchollima. [Alexandre Dulaunoy]

    Added "Stardust Chollima" as synonym for Lazarus.

  • Added "Stardust Chollima" as synonym for Lazarus. [Nils Kuhnert]

  • Merge pull request #328 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add Silence Group

  • Add Silence Group. [Deborah Servili]

  • Merge pull request #327 from nyx0/master. [Alexandre Dulaunoy]

    add alternative name for DarkHydrus

  • Add alternative name for DarkHydrus. [Thomas Dupuy]

  • Merge pull request #326 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add Cold River Threat actor

  • Add LoJax ref. [Deborah Servili]

  • Add Cold River Threat actor. [Deborah Servili]

  • Merge pull request #325 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add several ransomware and threat actors

  • Fix versions. [Deborah Servili]

  • Add several ransomware and threat actors. [Deborah Servili]

  • Merge pull request #324 from Delta-Sierra/master. [Alexandre Dulaunoy]

    TA505 threat actorand affiliates malwares

  • Add drakhydrus ref. [Deborah Servili]

  • TA505 threat actorand affiliates malwares. [Deborah Servili]

  • Merge pull request #322 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add Cryptomix variants refs

  • Add hidenad synonym. [Deborah Servili]

  • Add Cryptomix variants refs. [Deborah Servili]

  • Merge pull request #321 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add AndroidOS_HidenAd

  • Update version. [Deborah Servili]

  • Add AndroidOS_HidenAd. [Deborah Servili]

  • Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]

  • Merge pull request #319 from cvandeplas/master. [Christophe Vandeplas]

    chg: [mitre] bump to latest MITRE ATT&CK dataset

  • MITRE galaxy regeneration + updated migration script. [Christophe Vandeplas]

  • MITRE sorted. [Christophe Vandeplas]

    While dicts were sorted, lists were not yet sorted. This current sort algo is not yet the best, but is a good start. A good sort is needed for better comparison afterwards with automated tools. In a next stage tt will also be needed in the validate_all scripts.

  • MITRE galaxy - initial conversion and migration script. [Christophe Vandeplas]

    this is not fully working yet !

  • Merge pull request #318 from 3c7/feature/helixkitten. [Alexandre Dulaunoy]

    Added OilRig synonym "Helix Kitten".

  • Added OilRig synonym "Helix Kitten". [Nils Kuhnert]

  • Merge pull request #316 from danielplohmann/master. [Alexandre Dulaunoy]

    New name SNAKEMACKEREL for APT28 by Accenture

  • Microsoft alias for apt29 is YTTRIUM. [Daniel Plohmann]

  • New name SNAKEMACKEREL for APT28 by Accenture. [Daniel Plohmann]

  • Removed Puplishing industry. [Gerard Wagener]

  • Merge pull request #315 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add OSX malwares

  • Merge pull request #314 from Delta-Sierra/master. [Alexandre Dulaunoy]

    New clusters

  • Add ransomwares. [Deborah Servili]

  • Add OSX malwares. [Deborah Servili]

  • Add operation sharpshooter. [Deborah Servili]

  • Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]

  • Merge pull request #313 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add some clusters or info

  • Merge pull request #310 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add several clusters

  • Update toll version. [Deborah Servili]

  • Add shamoon synonym. [Deborah Servili]

  • Fix tool version. [Deborah Servili]

  • Fix exploit-kit version. [Deborah Servili]

  • Add some clusters or info. [Deborah Servili]

  • Add Goden Chickens and affiliates. [Deborah Servili]

  • Add ransomwares. [Deborah Servili]

  • Add Operation Poison Needles. [Deborah Servili]

  • Add clusters. [Deborah Servili]

  • Add several clusters. [Deborah Servili]

  • Merge branch 'Delta-Sierra-master' [Alexandre Dulaunoy]

  • Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master. [Alexandre Dulaunoy]

  • Add DNSpionage cluster. [Deborah Servili]

  • Add everbe rasomnotes. [Deborah Servili]

  • Add ransomwares. [Deborah Servili]

  • Add ransomwares. [Deborah Servili]

  • Merge pull request #309 from cvandeplas/master. [Alexandre Dulaunoy]

    pep8, include the misp-galaxy tag in the output

  • Pep8, include the misp-galaxy tag in the output. [Christophe Vandeplas]

  • Add: [doc] contribution doc added. [Alexandre Dulaunoy]

  • Merge pull request #306 from SteveClement/master. [Steve Clement]

    chg: [doc] Added some dependency pointers.

  • Merge pull request #305 from Delta-Sierra/master. [Alexandre Dulaunoy]

    Add Rotexy

  • Add Aurora Ransomware metadata. [Deborah Servili]

  • Add Aurora Ransomware synonym. [Deborah Servili]

  • Fix version. [Deborah Servili]

  • Add Rotexy. [Deborah Servili]

  • Merge pull request #304 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add PNG Dropper

  • Update version. [Deborah Servili]

  • Add PNG Dropper. [Deborah Servili]

  • Merge pull request #303 from Delta-Sierra/master. [Deborah Servili]

    add several references for Emotet and others

  • Add reference for Emotet/Geodo. [Deborah Servili]

  • Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy. [Deborah Servili]

  • Add several references for Emotet and others. [Deborah Servili]

  • Merge pull request #302 from Delta-Sierra/master. [Alexandre Dulaunoy]

    update oilrig related clusters + others

  • Merge branch 'master' into master. [Deborah Servili]

  • Merge branch 'Delta-Sierra-master' [Alexandre Dulaunoy]

  • Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master. [Alexandre Dulaunoy]

  • Merge pull request #300 from Delta-Sierra/master. [Deborah Servili]

    add several rqansomware and HookAds campaign

  • Update oilrig related clusters + others. [Deborah Servili]

  • Fix rat galaxy version. [Deborah Servili]

  • Jq and add ref in tool galaxy -hit version 100- [Deborah Servili]

  • Add TheOneSpy. [Deborah Servili]

  • Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]

  • Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]

  • Merge pull request #299 from b3n7s/patch-1. [Alexandre Dulaunoy]

    Update threat-actor.json

  • Update threat-actor.json. [Benoit Sevens]

    Add LuckyMouse link

  • Merge pull request #297 from danielplohmann/patch-1. [Alexandre Dulaunoy]

    added APT38 as (FireEye) alias for Lazarus

  • Added APT38 as (FireEye) alias for Lazarus. [Daniel Plohmann]

    cross-references in https://content.fireeye.com/apt/rpt-apt38 suggest the link to Lazarus.

  • Merge branch 'Delta-Sierra-master' [Alexandre Dulaunoy]

  • Add several rqansomware and HookAds campaign. [Deborah Servili]

  • Add/update ransomawares. [Deborah Servili]

  • Add several tools and refs. [Deborah Servili]

  • Merge pull request #296 from Delta-Sierra/master. [Deborah Servili]

    update ransomware galaxy

  • Update ransomware galaxy. [Deborah Servili]

  • Merge pull request #295 from Delta-Sierra/master. [Alexandre Dulaunoy]

    update Red Alert 2 Android Banking Trojan

  • Jq fix. [Deborah Servili]

  • Update version. [Deborah Servili]

  • Update Red Alert 2 Android Banking Trojan. [Deborah Servili]

  • Merge pull request #294 from Delta-Sierra/master. [Deborah Servili]

    add ransomwares

  • Add ransomwares. [Deborah Servili]

  • Merge pull request #293 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add Operation EvilTraffic

  • Add Chalubo botnet (+ jqallthethings) [Deborah Servili]

  • Add Operation EvilTraffic. [Deborah Servili]

  • Add Operation EvilTraffic. [Deborah Servili]

  • Merge pull request #292 from 3c7/master. [Alexandre Dulaunoy]

    Corrected DarkHotel threat actor entry

  • Corrected DarkHotel threat actor entry. [Nils Kuhnert]

  • Merge pull request #291 from Delta-Sierra/master. [Deborah Servili]

    Clusters & references

  • Fix duplicate ref. [Deborah Servili]

  • Add August Stealer. [Deborah Servili]

  • Add NukeSped reference. [Deborah Servili]

  • Add GhostMiner. [Deborah Servili]

  • Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]

  • Merge pull request #290 from cvandeplas/master. [Alexandre Dulaunoy]

    tool: experimental graphing tool

  • Tool: experimental graphing tool. [Christophe Vandeplas]

  • Merge pull request #289 from cvandeplas/master. [Alexandre Dulaunoy]

    chg: further categorization of galaxies

  • Merge pull request #288 from cvandeplas/master. [Alexandre Dulaunoy]

    categorization of galaxies

  • Jq. [Christophe Vandeplas]

  • Merge remote-tracking branch 'MISP/master' [Christophe Vandeplas]

  • Merge pull request #287 from cvandeplas/master. [Alexandre Dulaunoy]

    fixes an important bug in the gen_relations

  • Some minor fixes. [Andras Iklody]

  • Merge remote-tracking branch 'MISP/master' [Christophe Vandeplas]

  • Merge pull request #286 from Delta-Sierra/master. [Alexandre Dulaunoy]

    Several clusters, refs, others.

  • Merge pull request #285 from cvandeplas/master. [Alexandre Dulaunoy]

    MITRE relationships included in the respective cluster

  • Merge pull request #284 from cvandeplas/master. [Alexandre Dulaunoy]

    chg: mappings are now in the generated adoc

  • Add tools from https://github.com/misterch0c/shadowbroker. [Deborah Servili]

  • Add DarkPulsar and affiliates + update some refs. [Deborah Servili]

  • Add GreyEnergy. [Deborah Servili]

  • Add refs & synonyms. [Deborah Servili]

  • Add several refs. [Deborah Servili]

  • Add several refs. [Deborah Servili]

  • Add roaming mantis group. [Deborah Servili]

  • Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]

  • Merge pull request #283 from cvandeplas/master. [Alexandre Dulaunoy]

    fixes + relations with malpedia

  • Jq sort keys. [Christophe Vandeplas]

    Allows automation to edit the files

  • Merge branch 'steffenenders-patch-1' [Alexandre Dulaunoy]

  • Jq all the things. [Alexandre Dulaunoy]

  • Updated malpedia.json to the current state. [Steffen Enders]

    Fetched the new malpedia galaxy cluster from https://malpedia.caad.fkie.fraunhofer.de/api/get/misp - this includes an additional ~120 new families.

  • Merge pull request #281 from Delta-Sierra/master. [Deborah Servili]

    add SAVEfiles ransomware

  • Merge pull request #280 from Delta-Sierra/master. [Deborah Servili]

    update matrix ransomware

  • Add magecart ref. [Deborah Servili]

  • Add SAVEfiles ransomware. [Deborah Servili]

  • Update version. [Deborah Servili]

  • Update matrix ransomware. [Deborah Servili]

  • Merge pull request #279 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add Triout Android Malware

  • Add Triout Android Malware. [Deborah Servili]

  • Merge pull request #278 from Delta-Sierra/master. [Alexandre Dulaunoy]

    fix failed copy-paste

  • Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]

  • Merge pull request #276 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add CoalaBot + Kraken Cryptor Ransmware + refs

  • Merge pull request #277 from dadokkio/master. [Alexandre Dulaunoy]

    Added Malpedia Galaxy

  • Added Malpedia Galaxy. [Davide Arcuri]

    based on malpedia git repo

  • Merge pull request #274 from Delta-Sierra/master. [Alexandre Dulaunoy]

    Refs updates

  • Merge pull request #273 from Delta-Sierra/master. [Alexandre Dulaunoy]

    update synonyms & attributions

  • Merge pull request #272 from Delta-Sierra/master. [Deborah Servili]

    New clusters based on CIG Circular 66 – FASTCash ATM Cash Out Campaign

  • Merge pull request #271 from Delta-Sierra/master. [Alexandre Dulaunoy]

    Several updates

  • Fix failed copy-paste. [Deborah Servili]

  • Jq. [Deborah Servili]

  • Add CoalaBot + Kraken Cryptor Ransmware + refs. [Deborah Servili]

  • Add CoalaBot + Kraken Cryptor Ransmware + refs. [Deborah Servili]

  • Add Persirai botnet. [Deborah Servili]

  • Update Torii botnet. [Deborah Servili]

  • Add ref for Torii botnet. [Deborah Servili]

  • Add refs. [Deborah Servili]

  • Add ZEBROCY tool. [Deborah Servili]

  • Update regarding https://twitter.com/adulau/status/1047764090410737664. [Deborah Servili]

  • Update synonyms & attributions. [Deborah Servili]

  • Add NukeSped. [Deborah Servili]

  • Add FASTCash. [Deborah Servili]

  • Add ref for magecart. [Deborah Servili]

  • New threat actors & tools. [Deborah Servili]

  • Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]

  • Merge pull request #270 from Delta-Sierra/master. [Alexandre Dulaunoy]

    new clusters, relations and information

  • Merge pull request #268 from botherder/master. [Alexandre Dulaunoy]

    Added missing country values

  • Added missing country values. [Nex]

  • Merge pull request #267 from Delta-Sierra/master. [Alexandre Dulaunoy]

    New clusters

  • Merge pull request #266 from Delta-Sierra/master. [Alexandre Dulaunoy]

    small updates

  • Merge pull request #265 from Delta-Sierra/master. [Alexandre Dulaunoy]

    new threat actors

  • Merge pull request #264 from Delta-Sierra/master. [Alexandre Dulaunoy]

    more clusters~

  • Add synonym. [Deborah Servili]

  • Add refs. [Deborah Servili]

  • Jq. [Deborah Servili]

  • New clusters and informtion. [Deborah Servili]

  • New ransomware and relations. [Deborah Servili]

  • Add relationships on Mirai. [Deborah Servili]

  • Add references. [Deborah Servili]

  • Add BusyGasper android spyware. [Deborah Servili]

  • Add Cobalt Dickensthreat actor. [Deborah Servili]

  • Add remcos ref. [Deborah Servili]

  • Update version. [Deborah Servili]

  • Fix field mistake. [Deborah Servili]

  • Update Lazarus group cluster. [Deborah Servili]

  • New unnamedthreat actor. [Deborah Servili]

  • New threat actors. [Deborah Servili]

  • Merge. [Deborah Servili]

  • Merge pull request #263 from botherder/bahamut. [Alexandre Dulaunoy]

    Added Bahamut to threat actors list

  • Added Bahamut to threat actors list. [Nex]

  • Merge pull request #262 from botherder/mythic-leopard. [Alexandre Dulaunoy]

    Added additional name to C-Major

  • Added additional name to C-Major. [Nex]

  • Merge pull request #261 from botherder/dedup. [Alexandre Dulaunoy]

    Removed duplicates

  • Removed duplicates. [Nex]

  • Merge pull request #259 from botherder/country-sync. [Alexandre Dulaunoy]

    Synced country codes with suspected state sponsor

  • Synced country codes with suspected state sponsor. [Nex]

  • Merge pull request #258 from botherder/transparent-tribe. [Alexandre Dulaunoy]

    Merged Transparent Tribe in C-Major

  • Merged Transparent Tribe in C-Major. [Nex]

  • Merge pull request #257 from Delta-Sierra/master. [Alexandre Dulaunoy]

    adding and updating clusters

  • Merge pull request #256 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add ref for operation Applejeus

  • Merge pull request #255 from Delta-Sierra/master. [Alexandre Dulaunoy]

    Schema update

  • Merge pull request #254 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add ransomwares

  • Add notpetya and update jadeRAT. [Deborah Servili]

  • Add references. [Deborah Servili]

  • Add magentocore malware. [Deborah Servili]

  • Add blacknurse logo. [Deborah Servili]

  • Add blacknurse. [Deborah Servili]

  • Add Crypt0saur ransomware. [Deborah Servili]

  • Adding and updating clusters. [Deborah Servili]

  • Add description for sigma ransomware. [Deborah Servili]

  • Fix versions. [Deborah Servili]

  • Add ref for operation Applejeus. [Deborah Servili]

  • Fix version. [Deborah Servili]

  • Add Operation AppleJeus. [Deborah Servili]

  • Fix schema. [Deborah Servili]

  • Fix some relations. [Deborah Servili]

  • Clusters. [Deborah Servili]

  • More clusters~ [Deborah Servili]

  • Add CamuBot Banker Trojan. [Deborah Servili]

  • Jq~ [Deborah Servili]

  • Add ransomwares. [Deborah Servili]

  • Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]

  • "jq all the thing (tm)" [Alexandre Dulaunoy]

  • Merge branch 'Kafeine-master' [Alexandre Dulaunoy]

  • Merge branch 'master' of https://github.com/Kafeine/misp-galaxy into Kafeine-master. [Alexandre Dulaunoy]

    • Fallout. [Kafeine]
  • Hunter EK > Active. [Kafeine]

  • Adding Underminer EK. [Kafeine]

  • Status from Terror, Bingo and Astrum. [Kafeine]

  • Adapting to modification from Misp repository. [Kafeine]

  • Merge pull request #250 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add cfr data

  • Add ransomware. [Deborah Servili]

  • Add cfr data. [Deborah Servili]

  • Update microsoft-activity-group.json version. [Deborah Servili]

  • Merge pull request #249 from Delta-Sierra/master. [Alexandre Dulaunoy]

    Update and add threat actors

  • More clusters. [Deborah Servili]

  • Add APT28/STRONTIUM refs. [Deborah Servili]

  • Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]

  • Merge pull request #248 from Delta-Sierra/master. [Deborah Servili]

    merge black ruby duplicate (delete the newer)

  • Merge pull request #247 from Delta-Sierra/master. [Alexandre Dulaunoy]

    New clusters

  • Update Dharma Ransomware. [Deborah Servili]

  • Version update. [Deborah Servili]

  • Merge black ruby duplicate (delete the newer) [Deborah Servili]

  • Merge. [Deborah Servili]

  • Merge branch 'master' into master. [Deborah Servili]

  • Fix. [Deborah Servili]

  • Resolve merge confilct -I hope- [Deborah Servili]

  • Cosmetic change. [Christophe Vandeplas]

  • No change: dump files with sort_keys=True. [Christophe Vandeplas]

    This is needed to keep better track of the changes when other tools load and save the json files.

  • Merge pull request #246 from Delta-Sierra/master. [Deborah Servili]

    add Skygofree android spyware

  • Merge pull request #245 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add tools used by SamSam

  • Merge pull request #244 from Delta-Sierra/master. [Deborah Servili]

    add ransomwares

  • Fix typo and missing uuid. [Deborah Servili]

  • Add Rosenbridge backdoor. [Deborah Servili]

  • Add KEYPASS ransomware. [Deborah Servili]

  • Add Skygofree android spyware. [Deborah Servili]

  • Add tools used by SamSam. [Deborah Servili]

  • Add ransomwares. [Deborah Servili]

  • Merge branch 'Delta-Sierra-master' [Alexandre Dulaunoy]

  • Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master. [Alexandre Dulaunoy]

  • Update schema. [Deborah Servili]

  • Update schema. [Deborah Servili]

  • Tags is an array. [Deborah Servili]

  • Relationship system - v2. [Deborah Servili]

  • Update some clusters and try to add a relationship system. [Deborah Servili]

  • Merge pull request #242 from Delta-Sierra/master. [Deborah Servili]

    add RedAlpha campaigns

  • Add RedAlpha campaigns. [Deborah Servili]

  • Merge pull request #239 from Delta-Sierra/master. [Alexandre Dulaunoy]

    more clusters

  • Delete forgotten conflict marker. [Deborah Servili]

  • Resolve merge conflict. [Deborah Servili]

  • Merge branch 'master' into master. [Deborah Servili]

  • Resolve merge conflict. [Deborah Servili]

  • Merge pull request #241 from 3c7/threat-actor/darkhydrus. [Andras Iklody]

    Added DarkHydrus

  • Added DarkHydrus. [Nils Kuhnert]

  • Merge pull request #240 from 3c7/fix/typos. [Alexandre Dulaunoy]

    Two small typos

  • Two small typos. [Nils Kuhnert]

  • Merge pull request #238 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add Kronos Banking Trojan

  • Merge pull request #237 from Delta-Sierra/master. [Deborah Servili]

    Add CFR.org metadata into the galaxy - part 2

  • Delete duplicate gorgon group. [Deborah Servili]

  • More clusters. [Deborah Servili]

  • Add Kronos Banking Trojan. [Deborah Servili]

  • Add CFR.org metadata into the galaxy - part 2. [Deborah Servili]

  • Merge https://github.com/MISP/misp-galaxy. [Deborah Servili]

  • Merge pull request #236 from raw-data/master. [Alexandre Dulaunoy]

    [add] new cluster + galaxy

  • [add] new backdoor cluster. [raw-data]

  • [add] new backdoor galaxy and cluster. [raw-data]

  • Merge branch 'master' of github.com:MISP/misp-galaxy. [Raphaël Vinot]

  • Merge pull request #235 from raw-data/master. [Alexandre Dulaunoy]

    [add] x1 new entry in stealer.json - AZORult

  • [add] x1 new entry in stealer.json - AZORult. [raw-data]

  • Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]

  • Merge pull request #234 from Delta-Sierra/master. [Alexandre Dulaunoy]

    cfr update -in progress- + add clusters associated to RANCOR

  • Merging attempt. [Deborah Servili]

  • Merge branch 'master' into master. [Deborah Servili]

  • Merge pull request #233 from Delta-Sierra/master. [Alexandre Dulaunoy]

    Add CFR.org metadata into the galaxy - Test

  • Merge pull request #231 from raw-data/master. [Alexandre Dulaunoy]

    [ADD] new entries in banker, rat and tool

  • [ADD] x1 new entry in tool.json - Koadic. [raw-data]

  • [ADD] x2 new rat - Sisfader, SocketPlayer. [raw-data]

  • [ADD] banker.json version bump. [raw-data]

  • [ADD] x2 new banker - Backswap, Karius. [raw-data]

  • Merge pull request #230 from 3c7/patch-1. [Alexandre Dulaunoy]

    Updated APT1 report link

  • Updated APT1 report link. [Nils Kuhnert]

  • Update cert-eu-govsector.json. [Deborah Servili]

  • Update cert-eu-govsector.json. [Deborah Servili]

  • Fix typo in type. [Deborah Servili]

  • Merge pull request #229 from iglocska/patch-1. [Andras Iklody]

    Fixed typo

  • Fixed typo. [Andras Iklody]

  • Merge pull request #228 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add Thrip as threat actor

  • Merge pull request #227 from Delta-Sierra/master. [Andras Iklody]

    Ransomwares and Olympic Destroyer

  • Merge pull request #226 from Delta-Sierra/master. [Alexandre Dulaunoy]

    Even more clusters

  • Merge pull request #225 from Delta-Sierra/master. [Alexandre Dulaunoy]

    More ransomwares and other clusters

  • Add cfr related informations -still in progress- [Deborah Servili]

  • Cfr update -in progress + add clusters associated to RANCOR. [Deborah Servili]

  • Add cfr prefix for cfr data - test. [Deborah Servili]

  • Add CFR.org metadata into the galaxy - Test. [Deborah Servili]

  • Some updates. [Deborah Servili]

  • Update verion. [Deborah Servili]

  • Add Thrip as threat actor. [Deborah Servili]

  • Add olympic destroyer. [Deborah Servili]

  • Add severals ransomware. [Deborah Servili]

  • More clusters. [Deborah Servili]

  • Add cluster in threat actor. [Deborah Servili]

  • Add ClipboardWalletHijacker. [Deborah Servili]

  • Add MysteryBot in android galaxy. [Deborah Servili]

  • Add some ransomwares. [Deborah Servili]

  • Merge pull request #224 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add some clusters

  • Add some tools. [Deborah Servili]

  • Update version. [Deborah Servili]

  • Add some clusters. [Deborah Servili]

  • Minor layout corrections - validate_all. [Christophe Vandeplas]

  • Merge pull request #222 from Kafeine/master. [Christophe Vandeplas]

  • Merge pull request 222. [Christophe Vandeplas]

  • Fix. [Kafeine]

    • Glazunov. [Kafeine]
  • Guuid & + VenomKit. [Kafeine]

  • +ThreadKit. [Kafeine]

  • +Glazunov. [Kafeine]

  • Merge pull request #223 from Delta-Sierra/master. [Deborah Servili]

    Add tools

  • Add BabaYaga Malware. [Deborah Servili]

  • Add PLEAD. [Deborah Servili]

  • Merge pull request #221 from Delta-Sierra/master. [Alexandre Dulaunoy]

    New clusters

  • Add sigrun ransomware's ransomnotes. [Deborah Servili]

  • Add Sigrun ransomwaremeta data. [Deborah Servili]

  • Add Sigrun ransomware. [Deborah Servili]

  • Add another cryptomix variant. [Deborah Servili]

  • Add Brambul worm. [Deborah Servili]

  • Add Joanap RAT. [Deborah Servili]

  • Add: Iron Backdoor. [Alexandre Dulaunoy]

  • Merge pull request #220 from raw-data/master. [Alexandre Dulaunoy]

    [ADD] New Stealer galaxy and cluster

  • [FIX] botnet file link. [raw-data]

  • [ADD] Stealer galaxy definition. [raw-data]

  • [ADD] x2 new info/pwd stealers - Nocturnal Stealer, TeleGrab. [raw-data]

  • [ADD] Introduced stealer cluster. [raw-data]

  • Merge pull request #219 from raw-data/master. [Alexandre Dulaunoy]

    [ADD] x2 new entries for banker.json and rat.json

  • [ADD] NavRAT. [raw-data]

  • [ADD] DanaBot. [raw-data]

  • Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy]

  • Merge pull request #218 from Delta-Sierra/master. [Alexandre Dulaunoy]

    fix typo in pre-attack-relationship script - thanks @Terrtia

  • Fix typo in pre-attack-relationship script - thanks @Terrtia. [Deborah Servili]

  • Merge pull request #217 from Terrtia/master. [Alexandre Dulaunoy]

    fix typo mitre-pre-attack-relationship

  • Fix typo mitre-pre-attack-relationship. [Thirion Aurélien]

  • Merge pull request #216 from raw-data/master. [Alexandre Dulaunoy]

    [ADD] VPNFilter in tool.json cluster

  • [ADD] VPNFilter in tool.json cluster. [raw-data]

  • Merge pull request #215 from raw-data/master. [Alexandre Dulaunoy]

    [ADD] Pontoeb, WICKED and Brain Food into botnet.json cluster

  • [ADD] Pontoeb, WICKED and Brain Food into botnet.json cluster. [raw-data]

  • Add: mitre-attack namespace for all the ATT&CK galaxies. [Alexandre Dulaunoy]

  • Merge branch 'master' of github.com:MISP/misp-galaxy. [Raphaël Vinot]

  • Merge pull request #214 from Delta-Sierra/master. [Deborah Servili]

    update mitre galaxies - add external id and killchain

  • Jq. [Deborah Servili]

  • Fix scripts for nobile and pre attack attack pattern. [Deborah Servili]

  • Jq. [Deborah Servili]

  • Update mitre galaxies - add external id and killchain. [Deborah Servili]

  • Merge pull request #213 from Delta-Sierra/master. [Alexandre Dulaunoy]

    update mitre 2.0 scripts to add external_id in meta

  • Update mitre 2.0 scripts to add external_id in meta (still need to be tested) [Deborah Servili]

  • Schema updated to have namespace key at galaxy level. [Alexandre Dulaunoy]

  • Merge pull request #211 from eCrimeLabs/master. [Alexandre Dulaunoy]

    Added links in relation to Threat-actor info from Dragos

  • Added data related to Dragos Adverseries. [Dennis Rand]

  • Merge pull request #2 from MISP/master. [eCrimeLabs]

    Updated from Core

  • Merge pull request #209 from raw-data/master. [Alexandre Dulaunoy]

    [ADD] RadRAT, ARS VBS Loader and FlawedAmmyy into rat.json cluster

  • [ADD] RadRAT, ARS VBS Loader and FlawedAmmyy into rat.json cluster. [raw-data]

  • Merge pull request #210 from Delta-Sierra/master. [Deborah Servili]

    update/add some clusters

  • Add Stalinlocker. [Deborah Servili]

  • Add Mettle botnet. [Deborah Servili]

  • Update some clusters. [Deborah Servili]

  • Merge pull request #208 from Delta-Sierra/master. [Deborah Servili]

    add maikspy

  • Merge https://github.com/MISP/misp-galaxy. [Deborah Servili]

  • Merge pull request #207 from Delta-Sierra/master. [Deborah Servili]

    New clusters

  • Merge pull request #206 from Delta-Sierra/master. [Alexandre Dulaunoy]

    update ransomware version

  • Merge pull request #205 from Delta-Sierra/master. [Deborah Servili]

    update - GandCrab v3

  • Merge pull request #204 from Delta-Sierra/master. [Alexandre Dulaunoy]

    New clusters~

  • Merge pull request #203 from Delta-Sierra/master. [Deborah Servili]

    add ZooPark campaign

  • Add maikspy. [Deborah Servili]

  • Jq~ [Deborah Servili]

  • Add reference for HNS botnet. [Deborah Servili]

  • Add HNS bot net & HPE iLO 4 Ransomware/Wiper. [Deborah Servili]

  • Add Kitty malware. [Deborah Servili]

  • Update version -oops- [Deborah Servili]

  • Update - GandCrab v3. [Deborah Servili]

  • Add an unnamed ransomware. [Deborah Servili]

  • Add spymaster pro as rat. [Deborah Servili]

  • Add ZooPark campaign. [Deborah Servili]

  • Add: threat actors from Dragos Inc. (based on https://dragos.com/adversaries.html) [Alexandre Dulaunoy]

  • Merge pull request #202 from Delta-Sierra/master. [Alexandre Dulaunoy]

    MOAR & MOAR Clusters

  • Jq. [Deborah Servili]

  • Add Rubella Macro Builder. [Deborah Servili]

  • Add GravityRAT. [Deborah Servili]

  • Add HOGFISH as APT10 synonym. [Deborah Servili]

  • Merge pull request #201 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add Henbox

  • Add Henbox. [Deborah Servili]

  • Merge pull request #200 from Delta-Sierra/master. [Alexandre Dulaunoy]

    MOAR CLUSTERS

  • Add Orangeworm, Kwampirs, Iron ransomware and Ton ransomware. [Deborah Servili]

  • Add Muhstik botnet. [Deborah Servili]

  • Merge pull request #199 from StefanKelm/master. [Alexandre Dulaunoy]

    add NMCRYPT ransomware

  • NMCRYPT ransomware. [Stefan Kelm]

  • Merge pull request #198 from Delta-Sierra/master. [Deborah Servili]

    add Xiaoba

  • Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy. [Deborah Servili]

  • Update Ransomware galaxy version. [Deborah Servili]

  • Jq. [Deborah Servili]

  • Add Xiaoba. [Deborah Servili]

  • Merge pull request #197 from Delta-Sierra/master. [Deborah Servili]

    add some ransomwares

  • Merge https://github.com/MISP/misp-galaxy. [Deborah Servili]

  • Merge pull request #195 from droe/master. [Alexandre Dulaunoy]

    Add Comnie RAT

  • Add Comnie RAT. [Daniel Roethlisberger]

  • Merge pull request #194 from StefanKelm/master. [Alexandre Dulaunoy]

    Update to 'Chthonic' galaxy

  • Added 'Chtonic' synonym. [StefanKelm]

  • Remove Chthonic since it's a duplicate (banker.json) [StefanKelm]

  • Merge pull request #192 from Delta-Sierra/master. [Deborah Servili]

    add some ransomwares & threat actors

  • Merge pull request #191 from Delta-Sierra/master. [Deborah Servili]

    add Rovnix

  • Merge pull request #190 from Delta-Sierra/master. [Deborah Servili]

    add LockCrypt ransomware & GoScanSSH tool

  • Merge pull request #189 from Delta-Sierra/master. [Deborah Servili]

    add PUBG ransomware

  • Merge pull request #188 from Delta-Sierra/master. [Deborah Servili]

    update matrix ransomware

  • Merge pull request #187 from Delta-Sierra/master. [Deborah Servili]

    update threat actor galaxy based on https://www.fireeye.com/content/d…

  • Add some ransomwares. [Deborah Servili]

  • Add some ransomwares & threat actors. [Deborah Servili]

  • Add Rovnix. [Deborah Servili]

  • Add IcedID reference. [Deborah Servili]

  • Add GoScanSSH tool. [Deborah Servili]

  • Add LockCrypt ransomware. [Deborah Servili]

  • Jq. [Deborah Servili]

  • Add PUBG ransomware. [Deborah Servili]

  • Update matrix ransomware. [Deborah Servili]

  • Update version. [Deborah Servili]

  • Update matrix ransomware. [Deborah Servili]

  • Update threat actor galaxy based on https://www.fireeye.com/content/dam/collateral/en/mtrends-2018.pdf. [Deborah Servili]

  • Merge pull request #186 from Delta-Sierra/master. [Deborah Servili]

    add BlackRuby& WhiteRose ransomwares (+some fix)

  • Add BlackRuby& WhiteRose ransomwares (+some fix) [Deborah Servili]

  • Merge pull request #185 from Delta-Sierra/master. [Deborah Servili]

    merge the two Igexin clusters - fix #183

  • Merge the two Igexin clusters - fix #183. [Deborah Servili]

  • Merge pull request #184 from Delta-Sierra/master. [Deborah Servili]

    add 2 -supposed- wipers

  • Add 2 -supposed- wipers. [Deborah Servili]

  • Merge pull request #182 from Delta-Sierra/master. [Deborah Servili]

    Add hajime botnet + update cryptomix (new variant)

  • Update ransomware galaxy versionC. [Deborah Servili]

  • Update cryptomix. [Deborah Servili]

  • Update botnet version. [Deborah Servili]

  • Complete hajime botnet. [Deborah Servili]

  • Add hajime botnet. [Deborah Servili]

  • Merge pull request #181 from Delta-Sierra/master. [Deborah Servili]

    add external_id to values (MITRE galaxies)

  • Jq. [Deborah Servili]

  • Add external_id to values. [Deborah Servili]

  • Add: SHARPKNOT. [Alexandre Dulaunoy]

  • Merge branch 'master' of github.com:MISP/misp-galaxy. [Raphaël Vinot]

  • Merge pull request #179 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add several tools

  • Merge https://github.com/MISP/misp-galaxy. [Deborah Servili]

  • Add several tools. [Deborah Servili]

  • Merge pull request #176 from StefanKelm/master. [Alexandre Dulaunoy]

    Cosmetic changes only

  • Update mitre-enterprise-attack-intrusion-set.json. [StefanKelm]

  • Update create_mitre-enterprise-attack-tool_galaxy.py. [StefanKelm]

  • Update create_mitre-enterprise-attack-relationship_galaxy.py. [StefanKelm]

  • Update create_mitre-enterprise-attack-malware_galaxy.py. [StefanKelm]

  • Update create_mitre-enterprise-attack-intrusion-set_galaxy.py. [StefanKelm]

  • Update create_mitre-enterprise-attack-course-of-action_galaxy.py. [StefanKelm]

  • Update create_mitre-enterprise-attack-attack-pattern_galaxy.py. [StefanKelm]

  • Update mitre-enterprise-attack-intrusion-set.json. [StefanKelm]

  • Update README.md. [StefanKelm]

  • Update and rename mitre-entreprise-attack-tool.json to mitre-enterprise-attack-tool.json. [StefanKelm]

  • Rename mitre-entreprise-attack-relationship.json to mitre-enterprise-attack-relationship.json. [StefanKelm]

  • Update mitre-entreprise-attack-relationship.json. [StefanKelm]

  • Update and rename mitre-entreprise-attack-malware.json to mitre-enterprise-attack-malware.json. [StefanKelm]

  • Update and rename mitre-entreprise-attack-intrusion-set.json to mitre-enterprise-attack-intrusion-set.json. [StefanKelm]

  • Update and rename mitre-entreprise-attack-course-of-action.json to mitre-enterprise-attack-course-of-action.json. [StefanKelm]

  • Update and rename mitre-entreprise-attack-attack-pattern.json to mitre-enterprise-attack-attack-pattern.json. [StefanKelm]

  • Update and rename mitre-entreprise-attack-tool.json to mitre-enterprise-attack-tool.json. [StefanKelm]

  • Update and rename mitre-entreprise-attack-relationship.json to mitre-enterprise-attack-relationship.json. [StefanKelm]

  • Update and rename mitre-entreprise-attack-malware.json to mitre-enterprise-attack-malware.json. [StefanKelm]

  • Update and rename mitre-entreprise-attack-intrusion-set.json to mitre-enterprise-attack-intrusion-set.json. [StefanKelm]

  • Update mitre-enterprise-attack-course-of-action.json. [StefanKelm]

  • Update and rename mitre-entreprise-attack-course-of-action.json to mitre-enterprise-attack-course-of-action.json. [StefanKelm]

  • Update and rename mitre-entreprise-attack-attack-pattern.json to mitre-enterprise-attack-attack-pattern.json. [StefanKelm]

  • Merge pull request #175 from Delta-Sierra/master. [Deborah Servili]

    add Zenis ransomware

  • Update Android galaxy based on: https://source.android.com/security/reports/Google_Android_Security_2017_Report_Final.pdf - possible duplicates! [Deborah Servili]

  • Add Zenis ransomware. [Deborah Servili]

  • Merge pull request #174 from Delta-Sierra/master. [Deborah Servili]

    add gamut botnet

  • Merge branch 'master' into master. [Deborah Servili]

  • Merge pull request #173 from danielplohmann/leviathan. [Alexandre Dulaunoy]

    adding Leviathan / TEMP.Periscope

  • Added leviathan. [Daniel Plohmann (jupiter)]

  • Merge pull request #172 from eCrimeLabs/master. [Alexandre Dulaunoy]

    Added RoyalCli and RoyalDNS related to APT15 based on information from NCC Group

  • Added RoyalCli and RoyalDNS related to APT15 based on information from NCC Group. [Dennis Rand]

  • Merge pull request #1 from MISP/master. [eCrimeLabs]

    Syncing Fork

  • Merge pull request #171 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add qwerty ransomware

  • Merge pull request #170 from eCrimeLabs/master. [Alexandre Dulaunoy]

    Malware Used by APT37

  • Malware Used by APT37. [eCrimeLabs]

    Malware Used by APT37

  • Added tools from APT37. [eCrimeLabs]

    Malware Used by APT37

  • Merge pull request #167 from Delta-Sierra/master. [Alexandre Dulaunoy]

    update some clusters

  • Merge pull request #166 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add Nautilus, Neuron and update GandCrab

  • Merge pull request #165 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add some tools

  • Merge pull request #164 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add RSAUtil and Coldroot

  • Merge pull request #163 from Delta-Sierra/master. [Alexandre Dulaunoy]

    Add TSCookie Malware and RAT

  • Add gamut botnet. [Deborah Servili]

  • Jq. [Deborah Servili]

  • Add qwertyransomware. [Deborah Servili]

  • Update version. [Deborah Servili]

  • Jq. [Deborah Servili]

  • Add missing uuid. [Deborah Servili]

  • Add ref for BS2005. [Deborah Servili]

  • Update Mirage Threat actor. [Deborah Servili]

  • Add Nautilus, Neuron and update GandCrab. [Deborah Servili]

  • Update GandCrab. [Deborah Servili]

  • Jq all the things. [Deborah Servili]

  • Add missing uuid. [Deborah Servili]

  • Add Shipup. [Deborah Servili]

  • Add ghotex. [Deborah Servili]

  • Add miniflame. [Deborah Servili]

  • Add Downloader-FGO. [Deborah Servili]

  • Add Cheshire Cat -hack.lu video as reference! [Deborah Servili]

  • Add Aurora/Hydraq. [Deborah Servili]

  • Add Rotinom. [Deborah Servili]

  • Add Exforel. [Deborah Servili]

  • Add RSAUtil and Coldroot. [Deborah Servili]

  • Add TSCookie Malware and RAT. [Deborah Servili]

  • Merge pull request #162 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add uuid to every cluster

  • Jq. [Deborah Servili]

  • Merge https://github.com/MISP/misp-galaxy. [Deborah Servili]

  • Fix #161. [Alexandre Dulaunoy]

  • Merge pull request #160 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add botnets to galaxy

  • Merge pull request #159 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add MITRE Galaxies V2.0

  • Modify argument in add_missing_uuid script. [Deborah Servili]

  • Jq ftw. [Deborah Servili]

  • Add uuid to every cluster. [Deborah Servili]

  • Add extension for Thanatos ransomware. [Deborah Servili]

  • Add botnets to galaxy. [Deborah Servili]

  • Add Thanatos ransomware. [Deborah Servili]

  • Removing duplicates refs - 2. [Deborah Servili]

  • Manage duplicate refs - first try. [Deborah Servili]

  • Clean version. [Deborah Servili]

  • Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili]

  • Add: UUID also at value level. [Alexandre Dulaunoy]

  • Merge pull request #157 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add botnet galaxy and other stuffs

  • Merge pull request #156 from Delta-Sierra/master. [Alexandre Dulaunoy]

    complete gandcrab - add ransomnotes

  • Merge pull request #155 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add gandcrap ransomware + update references

  • Jq all the things. [Deborah Servili]

  • Add uuid as a field. [Deborah Servili]

  • Fix empty meta field. [Deborah Servili]

  • Add MITRE Galaxies V2.0. [Deborah Servili]

  • Add botnet galaxy to readme. [Deborah Servili]

  • Create botnet galaxy. [Deborah Servili]

  • Add ShurL0ckr ransomware. [Deborah Servili]

  • Add synonym and ref for Emissary Panda (Iron Tiger APT) [Deborah Servili]

  • Jq. [Deborah Servili]

  • Complete gandcrab. [Deborah Servili]

  • Add gandcrap ransomware + update references. [Deborah Servili]

  • Merge branch 'Kafeine-master' [Alexandre Dulaunoy]

  • Merge branch 'master' of https://github.com/Kafeine/misp-galaxy into Kafeine-master. [Alexandre Dulaunoy]

  • ~Sakura description. [Kafeine]

  • +SPL Exploit Kit, ~Grandsoft. [Kafeine]

  • BlackTDS added. [Kafeine]

  • Merge pull request #153 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add Smominru

  • Add Smominru. [Deborah Servili]

  • Merge pull request #152 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add CrossRat

  • Add CrossRat. [Deborah Servili]

  • Add ref to Nexus Zeta. [Alexandre Dulaunoy]

  • Add: Nexus Zeta is no stranger when it comes to implementing SOAP relatedrelated exploit ;-) [Alexandre Dulaunoy]

  • Add: Matsuta IoT botnet added. [Alexandre Dulaunoy]

  • Merge pull request #151 from danielplohmann/dark-caracal. [Alexandre Dulaunoy]

    adding dark caracal

  • Adding dark caracal. [Daniel Plohmann]

  • Merge pull request #150 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add Digmine

  • Add Digmine. [Deborah Servili]

  • Merge pull request #149 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add downAndExec

  • Add downAndExec. [Deborah Servili]

  • Merge pull request #148 from Delta-Sierra/master. [Deborah Servili]

    add travle/PYLOT

  • Add travle/PYLOT. [Deborah Servili]

  • Merge pull request #147 from Delta-Sierra/master. [Deborah Servili]

    fix forgotten value Microcin

  • Fix forgotten value Microcin. [Deborah Servili]

  • Merge pull request #146 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add macOS malwares

  • Add macOS malwares. [Deborah Servili]

  • Merge pull request #145 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add monero miner

  • Add monero miner. [Deborah Servili]

  • Merge pull request #144 from Delta-Sierra/master. [Alexandre Dulaunoy]

    rename files + update README.md

  • Rename files + update README.md. [Deborah Servili]

  • Merge pull request #143 from Delta-Sierra/master. [Alexandre Dulaunoy]

    New galaxy Branded Vulnerability

  • New galaxy Branded Vulnerability. [Deborah Servili]

  • Add in preventive measures: blacklisting phone numbers. [Alexandre Dulaunoy]

  • Merge pull request #142 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add SedKit

  • Jqallthethings. [Deborah Servili]

  • Update Sofacy tools. [Deborah Servili]

  • Modify SedKit description. [Deborah Servili]

  • Add SedKit. [Deborah Servili]

  • Merge pull request #141 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add "Power"tools

  • Add "Power"tools. [Deborah Servili]

  • Merge pull request #140 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add satori (Mirai Variant)

  • Add satori (Mirai Variant) [Deborah Servili]

  • Merge pull request #139 from Delta-Sierra/master. [Alexandre Dulaunoy]

    update Android galaxy

  • Merge https://github.com/MISP/misp-galaxy. [Deborah Servili]

  • Merge pull request #138 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add source for NewCore RAT

  • Merge pull request #137 from Delta-Sierra/master. [Alexandre Dulaunoy]

    update OilRig threat actor

  • Merge pull request #136 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add OSX.Pirrit

  • Add PRILEX & CUTLET MAKER. [Deborah Servili]

  • Add GratefulPOS. [Deborah Servili]

  • Update Android galaxy. [Deborah Servili]

  • Add source for NewCore RAT. [Deborah Servili]

  • Update OilRig threat actor. [Deborah Servili]

  • Add file spider ransomware. [Deborah Servili]

  • Add OSX.Pirrit. [Deborah Servili]

  • TRISIS is the main name of TRITON as discussed in https://twitter.com/DragosInc/status/941355602512613381. [Alexandre Dulaunoy]

  • TRITON added. [Alexandre Dulaunoy]

  • Merge pull request #135 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add Quant Loader

  • Add SSHDoor. [Deborah Servili]

  • Add cryptomix variant. [Deborah Servili]

  • Add Quant Loader. [Deborah Servili]

  • Merge pull request #134 from Delta-Sierra/master. [Deborah Servili]

    Add MoneyTaker

  • Add MoneyTaker. [Deborah Servili]

  • Update threat actor galaxy. [Deborah Servili]

  • Merge pull request #133 from Delta-Sierra/master. [Deborah Servili]

    add source for BankBot

  • Add source for BankBot. [Deborah Servili]

  • Merge branch 'Delta-Sierra-master' [Alexandre Dulaunoy]

  • Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master. [Alexandre Dulaunoy]

  • Jq. [Deborah Servili]

  • Add malware/ransomwares. [Deborah Servili]

  • Merge conflict solved - wp-vcd added. [Alexandre Dulaunoy]

  • StrongPity2 added. [Alexandre Dulaunoy]

  • Merge pull request #131 from Delta-Sierra/master. [Deborah Servili]

    add SLocker

  • Add SLocker. [Deborah Servili]

  • Merge pull request #130 from Delta-Sierra/master. [Deborah Servili]

    add HC7 ransomware

  • Add HC7 ransomware. [Deborah Servili]

  • Merge pull request #129 from Delta-Sierra/master. [Deborah Servili]

    add StorageCrypt Ransomware

  • Add StorageCrypt Ransomware. [Deborah Servili]

  • Merge pull request #128 from Delta-Sierra/master. [Deborah Servili]

    add Halloware ransomware

  • Add Halloware ransomware. [Deborah Servili]

  • Merge pull request #127 from Delta-Sierra/master. [Deborah Servili]

    update cryptomix

  • Update cryptomix. [Deborah Servili]

  • Add: Tizi malware added. [Alexandre Dulaunoy]

  • Merge pull request #126 from Delta-Sierra/master. [Alexandre Dulaunoy]

    add UBoatRAT

  • Add UBoatRAT. [Deborah Servili]

  • Merge pull reque...

Read more