http://open-source-security-software.net/releases.atom Recent releases 2021-05-16T00:40:08.803777+00:00 python-feedgen wazuh v4.1.5 wazuh v4.1.5 2021-04-22T16:14:05+00:00 ## Fixed - **Core:** - Fixed a bug in Vulnerability Detector that made Modulesd crash while updating the NVD feed due to a missing CPE entry. ([4cbd1e8](https://github.com/wazuh/wazuh/commit/4cbd1e85eeee0eb0d8247fa7228f590a9dd24153)) 2021-04-22T16:14:05+00:00 TLSH 4.6.0 TLSH 4.6.0 2021-04-23T02:59:22+00:00 Merged in fixes for - issue 79 - divide by zero (very rare edge case) - fixing python extension on PyPi - fixes Java version on large files and T1 issue in Java version 2021-04-23T02:59:22+00:00 tidb v5.0.1 tidb v5.0.1 2021-04-23T07:25:46+00:00 ## Bug Fixes * Fix the issue that the execution result of project elimination might be wrong when the projection result is empty [#24093](https://github.com/pingcap/tidb/pull/24093) * Fix the issue of wrong query results when a column contains `NULL` values in some cases [#24063](https://github.com/pingcap/tidb/pull/24063) * Forbid generating MPP plans when the scan contains virtual columns [#24058](https://github.com/pingcap/tidb/pull/24058) * Fix the wrong reuse of `PointGet` and `TableDual` in Plan Cache [#24043](https://github.com/pingcap/tidb/pull/24043) * Fix the error that occurs when the optimizer builds the `IndexMerge` plan for clustered indexes [#24042](https://github.com/pingcap/tidb/pull/24042) * Fix the type inference of the BIT-type errors [#24027](https://github.com/pingcap/tidb/pull/24027) * Fix the issue that some optimizer hints do not take effect when the `PointGet` operator exists [#23685](https://github.com/pingcap/tidb/pull/23685) * Fix the issue that DDL operations might fail when rolling back due to an error [#24080](https://github.com/pingcap/tidb/pull/24080) * Fix the issue that the index range of the binary literal constant is incorrectly built [#24041](https://github.com/pingcap/tidb/pull/24041) * Fix the potential wrong results of the `IN` clause in some cases [#24023](https://github.com/pingcap/tidb/pull/24023) * Fix the wrong results of some string functions [#23879](https://github.com/pingcap/tidb/pull/23879) * Users now need both `INSERT` and `DELETE` privileges on a table to perform `REPLACE` operations [#23939](https://github.com/pingcap/tidb/pull/23939) * Fix the performance regression when executing the point query [#24070](https://github.com/pingcap/tidb/pull/24070) * Fix the wrong `TableDual` plans caused by incorrectly comparing binaries and bytes [#23918](https://github.com/pingcap/tidb/pull/23918) 2021-04-23T07:25:46+00:00 mattermost-server v5.31.4 mattermost-server v5.31.4 2021-04-23T18:09:47+00:00 Mattermost Platform Release v5.31.4 2021-04-23T18:09:47+00:00 julia v1.6.1 julia v1.6.1 2021-04-23T21:02:13+00:00 This is the first patch release in the 1.6 series of releases. 2021-04-23T21:02:13+00:00 cve-search v4.1.0 cve-search v4.1.0 2021-04-24T08:01:13+00:00 [cve-search](https://github.com/cve-search/cve-search) v4.1.0 (2021-04-24) released including many improvements and bug fixes. Thanks to all the contributors including bugs reporters who helped us to improve cve-search. ## v4.1.0 (2021-04-24) ### Changes * [version] v4.1.0 released. [Alexandre Dulaunoy] ### Fix * [doc] fix the default link of the public cvepremium.circl.lu. [Alexandre Dulaunoy] * [view/capec] Non existing CAPEC value was not properly handled. [Alexandre Dulaunoy] Fix #648 * [json import] ASSIGNER not always present (required) in NVD json feed. [Alexandre Dulaunoy] Fix #650 ### Other * Merge pull request #664 from P-T-I/cve-search-659. [PT] fix #cve-search-659; wrong date format disables effective sorting on … * Fix #cve-search-659; wrong date format disables effective sorting on table + inserted cvss3 score to vendor search table. [Paul Tikken Laptop] * Merge pull request #663 from P-T-I/cve-search-660. [PT] fix #cve-search-660; fixed the back to top button covering the datata… * Fix #cve-search-660; fixed the back to top button covering the datatables buttons. [Paul Tikken Laptop] * Merge pull request #662 from P-T-I/master. [PT] Proxies fix * Proxies fix. [Paul Tikken Laptop] * Proxies fix. [Paul Tikken Laptop] * Merge pull request #661 from P-T-I/master. [PT] proxies fix * Proxies fix. [Paul Tikken Laptop] * Merge pull request #657 from P-T-I/cve-search-586. [PT] Fix #cve-search-586; created possibility to set download worker size … * Merge branch 'master' into cve-search-586. [Paul Tikken Laptop] * Merge pull request #615 from EXXETA/downloadHandlerProxy. [PT] Use http proxy in download handler * Move proxy setting to a more central place (get_session) [Justin Kromlinger] * Move configuration to a class variable and import statement to the top of the file. [Justin Kromlinger] * Use http proxy in download handler. [Justin Kromlinger] * Fix #cve-search-586; created possibility to set download worker size via environment variable. [Paul Tikken Laptop] * Merge pull request #656 from FafnerKeyZee/patch-2. [Alexandre Dulaunoy] dirty patch for #651 * Update Sources_process.py. [Fafner [_KeyZee_]] * Update Sources_process.py. [Fafner [_KeyZee_]] * Update Sources_process.py. [Fafner [_KeyZee_]] Yeah it's a dirty fix, but it does the job for the moment. * Merge pull request #644 from EXXETA/vendor-search. [Alexandre Dulaunoy] Added endpoints to search for the CPE fields vendor, product and version * Added endpoints to search for the CPE fields vendor, product and version. [weigeltj] * Merge pull request #647 from cve-search/dependabot/pip/nltk-3.6.2. [PT] * Bump nltk from 3.6.1 to 3.6.2. [dependabot[bot]] Bumps [nltk](https://github.com/nltk/nltk) from 3.6.1 to 3.6.2. - [Release notes](https://github.com/nltk/nltk/releases) - [Changelog](https://github.com/nltk/nltk/blob/develop/ChangeLog) - [Commits](https://github.com/nltk/nltk/compare/3.6.1...3.6.2) * Merge pull request #643 from cve-search/dependabot/pip/sphinx-3.5.4. [PT] * Bump sphinx from 3.5.3 to 3.5.4. [dependabot[bot]] Bumps [sphinx](https://github.com/sphinx-doc/sphinx) from 3.5.3 to 3.5.4. - [Release notes](https://github.com/sphinx-doc/sphinx/releases) - [Changelog](https://github.com/sphinx-doc/sphinx/blob/4.x/CHANGES) - [Commits](https://github.com/sphinx-doc/sphinx/commits/v3.5.4) * Merge pull request #642 from cve-search/dependabot/pip/nltk-3.6.1. [PT] Bump nltk from 3.5 to 3.6.1 * Bump nltk from 3.5 to 3.6.1. [dependabot[bot]] Bumps [nltk](https://github.com/nltk/nltk) from 3.5 to 3.6.1. - [Release notes](https://github.com/nltk/nltk/releases) - [Changelog](https://github.com/nltk/nltk/blob/develop/ChangeLog) - [Commits](https://github.com/nltk/nltk/compare/3.5...3.6.1) * Merge pull request #641 from P-T-I/cve-search-625. [PT] update to cwe4.4 * Update to cwe4.4. [Paul Tikken Laptop] * Merge pull request #640 from P-T-I/new_redoc. [PT] New redoc version added * New redoc version added. [Paul Tikken Laptop] * Merge pull request #639 from P-T-I/cve-search-612. [PT] Cve search 612 * Version bump. [Paul Tikken Laptop] * Merge branch 'master' into cve-search-612. [Paul Tikken Laptop] * Merge pull request #635 from cve-search/dependabot/pip/tqdm-4.60.0. [PT] Bump tqdm from 4.59.0 to 4.60.0 * Bump tqdm from 4.59.0 to 4.60.0. [dependabot[bot]] Bumps [tqdm](https://github.com/tqdm/tqdm) from 4.59.0 to 4.60.0. - [Release notes](https://github.com/tqdm/tqdm/releases) - [Commits](https://github.com/tqdm/tqdm/compare/v4.59.0...v4.60.0) * Merge pull request #634 from cve-search/dependabot/pip/sphinx-rtd-theme-0.5.2. [PT] Bump sphinx-rtd-theme from 0.5.1 to 0.5.2 * Bump sphinx-rtd-theme from 0.5.1 to 0.5.2. [dependabot[bot]] Bumps [sphinx-rtd-theme](https://github.com/readthedocs/sphinx_rtd_theme) from 0.5.1 to 0.5.2. - [Release notes](https://github.com/readthedocs/sphinx_rtd_theme/releases) - [Changelog](https://github.com/readthedocs/sphinx_rtd_theme/blob/master/docs/changelog.rst) - [Commits](https://github.com/readthedocs/sphinx_rtd_theme/compare/0.5.1...0.5.2) * Merge pull request #632 from cve-search/dependabot/pip/pytest-6.2.3. [PT] * Bump pytest from 6.2.2 to 6.2.3. [dependabot[bot]] Bumps [pytest](https://github.com/pytest-dev/pytest) from 6.2.2 to 6.2.3. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest/compare/6.2.2...6.2.3) * Merge pull request #631 from cve-search/dependabot/pip/flask-restx-0.3.0. [PT] Bump flask-restx from 0.2.0 to 0.3.0 * Bump flask-restx from 0.2.0 to 0.3.0. [dependabot[bot]] Bumps [flask-restx](https://github.com/python-restx/flask-restx) from 0.2.0 to 0.3.0. - [Release notes](https://github.com/python-restx/flask-restx/releases) - [Changelog](https://github.com/python-restx/flask-restx/blob/master/CHANGELOG.rst) - [Commits](https://github.com/python-restx/flask-restx/compare/0.2.0...0.3.0) * Create codeql-analysis.yml. [PT] * Merge pull request #630 from oh2fih/patch-1. [PT] Correct installation order * Correct installation order. [oh2fih] Because `python3` & `python3-pip` are part of `requirements.system`, the system requirements must be installed before installing CVE-Search and its Python dependencies. * Merge pull request #629 from jorgectf/fix-regex-injection. [PT] * Fix Regular Expression injection. [jorgectf] * Merge pull request #628 from cve-search/dependabot/pip/sphinx-3.5.3. [PT] * Bump sphinx from 3.5.2 to 3.5.3. [dependabot[bot]] Bumps [sphinx](https://github.com/sphinx-doc/sphinx) from 3.5.2 to 3.5.3. - [Release notes](https://github.com/sphinx-doc/sphinx/releases) - [Changelog](https://github.com/sphinx-doc/sphinx/blob/3.x/CHANGES) - [Commits](https://github.com/sphinx-doc/sphinx/commits) * Merge pull request #627 from cve-search/dependabot/pip/docs/source/jinja2-2.11.3. [PT] Bump jinja2 from 2.11.2 to 2.11.3 in /docs/source * Bump jinja2 from 2.11.2 to 2.11.3 in /docs/source. [dependabot[bot]] Bumps [jinja2](https://github.com/pallets/jinja) from 2.11.2 to 2.11.3. - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/master/CHANGES.rst) - [Commits](https://github.com/pallets/jinja/compare/2.11.2...2.11.3) * Fix #612; add min-length attribute to search input box. [Paul Tikken Laptop] * Merge pull request #624 from P-T-I/cve-search-622. [PT] fix #622; skip processing files when file failes to download... * Fix #622; skip processing files when file failes to download... [Paul Tikken Laptop] * Merge pull request #621 from cve-search/dependabot/pip/flask-jwt-extended-4.1.0. [PT] * Bump flask-jwt-extended from 4.0.2 to 4.1.0. [dependabot[bot]] Bumps [flask-jwt-extended](https://github.com/vimalloc/flask-jwt-extended) from 4.0.2 to 4.1.0. - [Release notes](https://github.com/vimalloc/flask-jwt-extended/releases) - [Commits](https://github.com/vimalloc/flask-jwt-extended/compare/4.0.2...4.1.0) * Merge pull request #619 from cve-search/dependabot/pip/tqdm-4.59.0. [PT] * Bump tqdm from 4.58.0 to 4.59.0. [dependabot[bot]] Bumps [tqdm](https://github.com/tqdm/tqdm) from 4.58.0 to 4.59.0. - [Release notes](https://github.com/tqdm/tqdm/releases) - [Commits](https://github.com/tqdm/tqdm/compare/v4.58.0...v4.59.0) * Merge pull request #620 from cve-search/dependabot/pip/sphinx-3.5.2. [PT] * Bump sphinx from 3.5.1 to 3.5.2. [dependabot[bot]] Bumps [sphinx](https://github.com/sphinx-doc/sphinx) from 3.5.1 to 3.5.2. - [Release notes](https://github.com/sphinx-doc/sphinx/releases) - [Changelog](https://github.com/sphinx-doc/sphinx/blob/3.x/CHANGES) - [Commits](https://github.com/sphinx-doc/sphinx/compare/v3.5.1...v3.5.2) * Merge pull request #618 from EXXETA/cpeBrowseAPI. [PT] Provide /browse endpoint to list product CPEs * Fix field description. [Justin Kromlinger] * Provide /browse endpoint to list product CPEs. [Justin Kromlinger] The vendor isn't really required here, but it fits the current API style and represents the same functionality as the webinterface. * Merge pull request #616 from cve-search/dependabot/pip/ijson-3.1.4. [PT] Bump ijson from 3.1.3 to 3.1.4 * Bump ijson from 3.1.3 to 3.1.4. [dependabot[bot]] Bumps [ijson](https://github.com/ICRAR/ijson) from 3.1.3 to 3.1.4. - [Release notes](https://github.com/ICRAR/ijson/releases) - [Changelog](https://github.com/ICRAR/ijson/blob/master/CHANGELOG.md) - [Commits](https://github.com/ICRAR/ijson/compare/v3.1.3...v3.1.4) * Merge pull request #614 from cve-search/dependabot/pip/tqdm-4.58.0. [PT] * Bump tqdm from 4.57.0 to 4.58.0. [dependabot[bot]] Bumps [tqdm](https://github.com/tqdm/tqdm) from 4.57.0 to 4.58.0. - [Release notes](https://github.com/tqdm/tqdm/releases) - [Commits](https://github.com/tqdm/tqdm/compare/v4.57.0...v4.58.0) * Merge pull request #613 from RoccovanAsselt/display_help. [PT] * Print_help if no parameters. [Rocco van Asselt] * Merge pull request #610 from cve-search/dependabot/pip/tqdm-4.57.0. [PT] Bump tqdm from 4.56.2 to 4.57.0 * Bump tqdm from 4.56.2 to 4.57.0. [dependabot[bot]] Bumps [tqdm](https://github.com/tqdm/tqdm) from 4.56.2 to 4.57.0. - [Release notes](https://github.com/tqdm/tqdm/releases) - [Commits](https://github.com/tqdm/tqdm/compare/v4.56.2...v4.57.0) * Merge pull request #609 from cve-search/dependabot/pip/sphinx-3.5.1. [PT] * Bump sphinx from 3.5.0 to 3.5.1. [dependabot[bot]] Bumps [sphinx](https://github.com/sphinx-doc/sphinx) from 3.5.0 to 3.5.1. - [Release notes](https://github.com/sphinx-doc/sphinx/releases) - [Changelog](https://github.com/sphinx-doc/sphinx/blob/3.x/CHANGES) - [Commits](https://github.com/sphinx-doc/sphinx/compare/v3.5.0...v3.5.1) * Merge pull request #608 from P-T-I/cve-search-607. [PT] fix #607; updated the renamed jwt functions * Fix #607; updated the renamed jwt functions. [Paul Tikken Laptop] * Merge pull request #606 from cve-search/dependabot/pip/sphinx-3.5.0. [PT] * Bump sphinx from 3.4.3 to 3.5.0. [dependabot[bot]] Bumps [sphinx](https://github.com/sphinx-doc/sphinx) from 3.4.3 to 3.5.0. - [Release notes](https://github.com/sphinx-doc/sphinx/releases) - [Changelog](https://github.com/sphinx-doc/sphinx/blob/3.x/CHANGES) - [Commits](https://github.com/sphinx-doc/sphinx/compare/v3.4.3...v3.5.0) * Merge pull request #605 from cve-search/dependabot/pip/flask-jwt-extended-4.0.2. [PT] * Bump flask-jwt-extended from 3.25.0 to 4.0.2. [dependabot[bot]] Bumps [flask-jwt-extended](https://github.com/vimalloc/flask-jwt-extended) from 3.25.0 to 4.0.2. - [Release notes](https://github.com/vimalloc/flask-jwt-extended/releases) - [Commits](https://github.com/vimalloc/flask-jwt-extended/compare/3.25.0...4.0.2) * Merge pull request #603 from cve-search/dependabot/pip/tqdm-4.56.2. [PT] * Bump tqdm from 4.56.1 to 4.56.2. [dependabot[bot]] Bumps [tqdm](https://github.com/tqdm/tqdm) from 4.56.1 to 4.56.2. - [Release notes](https://github.com/tqdm/tqdm/releases) - [Commits](https://github.com/tqdm/tqdm/compare/v4.56.1...v4.56.2) * Merge pull request #602 from cve-search/dependabot/pip/tqdm-4.56.1. [PT] * Bump tqdm from 4.56.0 to 4.56.1. [dependabot[bot]] Bumps [tqdm](https://github.com/tqdm/tqdm) from 4.56.0 to 4.56.1. - [Release notes](https://github.com/tqdm/tqdm/releases) - [Commits](https://github.com/tqdm/tqdm/compare/v4.56.0...v4.56.1) * Merge pull request #601 from cve-search/dependabot/pip/jsonpickle-2.0.0. [PT] * Bump jsonpickle from 1.5.1 to 2.0.0. [dependabot[bot]] Bumps [jsonpickle](https://github.com/jsonpickle/jsonpickle) from 1.5.1 to 2.0.0. - [Release notes](https://github.com/jsonpickle/jsonpickle/releases) - [Changelog](https://github.com/jsonpickle/jsonpickle/blob/master/CHANGES.rst) - [Commits](https://github.com/jsonpickle/jsonpickle/compare/v1.5.1...v2.0.0) * Merge pull request #600 from cve-search/dependabot/pip/pymongo-3.11.3. [PT] * Bump pymongo from 3.11.2 to 3.11.3. [dependabot[bot]] Bumps [pymongo](https://github.com/mongodb/mongo-python-driver) from 3.11.2 to 3.11.3. - [Release notes](https://github.com/mongodb/mongo-python-driver/releases) - [Changelog](https://github.com/mongodb/mongo-python-driver/blob/3.11.3/doc/changelog.rst) - [Commits](https://github.com/mongodb/mongo-python-driver/compare/3.11.2...3.11.3) * Merge pull request #599 from cve-search/dependabot/pip/jsonpickle-1.5.1. [PT] Bump jsonpickle from 1.5.0 to 1.5.1 * Bump jsonpickle from 1.5.0 to 1.5.1. [dependabot[bot]] Bumps [jsonpickle](https://github.com/jsonpickle/jsonpickle) from 1.5.0 to 1.5.1. - [Release notes](https://github.com/jsonpickle/jsonpickle/releases) - [Changelog](https://github.com/jsonpickle/jsonpickle/blob/master/CHANGES.rst) - [Commits](https://github.com/jsonpickle/jsonpickle/compare/v1.5.0...v1.5.1) * Merge pull request #598 from cve-search/dependabot/pip/jinja2-2.11.3. [PT] Bump jinja2 from 2.11.2 to 2.11.3 * Bump jinja2 from 2.11.2 to 2.11.3. [dependabot[bot]] Bumps [jinja2](https://github.com/pallets/jinja) from 2.11.2 to 2.11.3. - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/master/CHANGES.rst) - [Commits](https://github.com/pallets/jinja/compare/2.11.2...2.11.3) * Merge pull request #596 from cve-search/dependabot/pip/pytest-6.2.2. [PT] Bump pytest from 6.2.1 to 6.2.2 * Bump pytest from 6.2.1 to 6.2.2. [dependabot[bot]] Bumps [pytest](https://github.com/pytest-dev/pytest) from 6.2.1 to 6.2.2. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/master/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest/compare/6.2.1...6.2.2) * Merge pull request #593 from cve-search/dependabot/pip/gevent-21.1.2. [PT] Bump gevent from 21.1.1 to 21.1.2 * Bump gevent from 21.1.1 to 21.1.2. [dependabot[bot]] Bumps [gevent](https://github.com/gevent/gevent) from 21.1.1 to 21.1.2. - [Release notes](https://github.com/gevent/gevent/releases) - [Changelog](https://github.com/gevent/gevent/blob/master/docs/changelog_pre.rst) - [Commits](https://github.com/gevent/gevent/compare/21.1.1...21.1.2) * Merge pull request #594 from cve-search/dependabot/pip/pytest-cov-2.11.1. [PT] Bump pytest-cov from 2.11.0 to 2.11.1 * Bump pytest-cov from 2.11.0 to 2.11.1. [dependabot[bot]] Bumps [pytest-cov](https://github.com/pytest-dev/pytest-cov) from 2.11.0 to 2.11.1. - [Release notes](https://github.com/pytest-dev/pytest-cov/releases) - [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest-cov/compare/v2.11.0...v2.11.1) * Merge pull request #592 from cve-search/dependabot/pip/gevent-21.1.1. [PT] Bump gevent from 21.1.0 to 21.1.1 * Bump gevent from 21.1.0 to 21.1.1. [dependabot[bot]] Bumps [gevent](https://github.com/gevent/gevent) from 21.1.0 to 21.1.1. - [Release notes](https://github.com/gevent/gevent/releases) - [Changelog](https://github.com/gevent/gevent/blob/master/docs/changelog_pre.rst) - [Commits](https://github.com/gevent/gevent/compare/21.1.0...21.1.1) * Merge pull request #591 from P-T-I/cve-search-587. [PT] fix #587; allowing local files to be set in the sources.ini file via … * Fix #587; allowing local files to be set in the sources.ini file via a file:///PATH/TO/FILE.json; this is applicable for all different sources; which creates the possibility to update cve-search completely off line. [Paul Tikken Laptop] * Merge pull request #590 from cve-search/dependabot/pip/gevent-21.1.0. [PT] Bump gevent from 20.12.1 to 21.1.0 * Bump gevent from 20.12.1 to 21.1.0. [dependabot[bot]] Bumps [gevent](https://github.com/gevent/gevent) from 20.12.1 to 21.1.0. - [Release notes](https://github.com/gevent/gevent/releases) - [Changelog](https://github.com/gevent/gevent/blob/master/docs/changelog_pre.rst) - [Commits](https://github.com/gevent/gevent/compare/20.12.1...21.1.0) * Merge pull request #589 from cve-search/dependabot/pip/jsonpickle-1.5.0. [PT] Bump jsonpickle from 1.4.2 to 1.5.0 * Bump jsonpickle from 1.4.2 to 1.5.0. [dependabot[bot]] Bumps [jsonpickle](https://github.com/jsonpickle/jsonpickle) from 1.4.2 to 1.5.0. - [Release notes](https://github.com/jsonpickle/jsonpickle/releases) - [Changelog](https://github.com/jsonpickle/jsonpickle/blob/master/CHANGES.rst) - [Commits](https://github.com/jsonpickle/jsonpickle/compare/v1.4.2...v1.5.0) * Merge pull request #588 from cve-search/dependabot/pip/pytest-cov-2.11.0. [PT] Bump pytest-cov from 2.10.1 to 2.11.0 * Bump pytest-cov from 2.10.1 to 2.11.0. [dependabot[bot]] Bumps [pytest-cov](https://github.com/pytest-dev/pytest-cov) from 2.10.1 to 2.11.0. - [Release notes](https://github.com/pytest-dev/pytest-cov/releases) - [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest-cov/compare/v2.10.1...v2.11.0) * Merge pull request #584 from cve-search/dependabot/pip/tqdm-4.56.0. [PT] Bump tqdm from 4.55.1 to 4.56.0 * Bump tqdm from 4.55.1 to 4.56.0. [dependabot[bot]] Bumps [tqdm](https://github.com/tqdm/tqdm) from 4.55.1 to 4.56.0. - [Release notes](https://github.com/tqdm/tqdm/releases) - [Commits](https://github.com/tqdm/tqdm/compare/v4.55.1...v4.56.0) * Merge pull request #583 from cve-search/dependabot/pip/sphinx-3.4.3. [PT] Bump sphinx from 3.4.2 to 3.4.3 * Bump sphinx from 3.4.2 to 3.4.3. [dependabot[bot]] Bumps [sphinx](https://github.com/sphinx-doc/sphinx) from 3.4.2 to 3.4.3. - [Release notes](https://github.com/sphinx-doc/sphinx/releases) - [Changelog](https://github.com/sphinx-doc/sphinx/blob/3.x/CHANGES) - [Commits](https://github.com/sphinx-doc/sphinx/compare/v3.4.2...v3.4.3) * Merge pull request #582 from P-T-I/cve-search-579. [PT] added retry policy to request.session() and removed the sys.exit(1) o… * Added retry policy to request.session() and removed the sys.exit(1) on error. [Paul Tikken Laptop] * Merge pull request #580 from cve-search/dependabot/pip/sphinx-rtd-theme-0.5.1. [PT] Bump sphinx-rtd-theme from 0.5.0 to 0.5.1 * Bump sphinx-rtd-theme from 0.5.0 to 0.5.1. [dependabot[bot]] Bumps [sphinx-rtd-theme](https://github.com/readthedocs/sphinx_rtd_theme) from 0.5.0 to 0.5.1. - [Release notes](https://github.com/readthedocs/sphinx_rtd_theme/releases) - [Changelog](https://github.com/readthedocs/sphinx_rtd_theme/blob/master/docs/changelog.rst) - [Commits](https://github.com/readthedocs/sphinx_rtd_theme/compare/0.5.0...0.5.1) * Merge pull request #581 from cve-search/dependabot/pip/sphinx-3.4.2. [PT] Bump sphinx from 3.4.1 to 3.4.2 * Bump sphinx from 3.4.1 to 3.4.2. [dependabot[bot]] Bumps [sphinx](https://github.com/sphinx-doc/sphinx) from 3.4.1 to 3.4.2. - [Release notes](https://github.com/sphinx-doc/sphinx/releases) - [Changelog](https://github.com/sphinx-doc/sphinx/blob/3.x/CHANGES) - [Commits](https://github.com/sphinx-doc/sphinx/compare/v3.4.1...v3.4.2) * Merge pull request #578 from cve-search/dependabot/pip/tqdm-4.55.1. [PT] Bump tqdm from 4.55.0 to 4.55.1 * Bump tqdm from 4.55.0 to 4.55.1. [dependabot[bot]] Bumps [tqdm](https://github.com/tqdm/tqdm) from 4.55.0 to 4.55.1. - [Release notes](https://github.com/tqdm/tqdm/releases) - [Commits](https://github.com/tqdm/tqdm/compare/v4.55.0...v4.55.1) * Merge pull request #577 from cve-search/dependabot/pip/gevent-20.12.1. [PT] Bump gevent from 20.12.0 to 20.12.1 * Bump gevent from 20.12.0 to 20.12.1. [dependabot[bot]] Bumps [gevent](https://github.com/gevent/gevent) from 20.12.0 to 20.12.1. - [Release notes](https://github.com/gevent/gevent/releases) - [Changelog](https://github.com/gevent/gevent/blob/master/docs/changelog_pre.rst) - [Commits](https://github.com/gevent/gevent/compare/20.12.0...20.12.1) * Merge pull request #576 from cve-search/dependabot/pip/tqdm-4.55.0. [PT] Bump tqdm from 4.54.1 to 4.55.0 * Bump tqdm from 4.54.1 to 4.55.0. [dependabot[bot]] Bumps [tqdm](https://github.com/tqdm/tqdm) from 4.54.1 to 4.55.0. - [Release notes](https://github.com/tqdm/tqdm/releases) - [Commits](https://github.com/tqdm/tqdm/compare/v4.54.1...v4.55.0) * Merge pull request #575 from cve-search/dependabot/pip/sphinx-3.4.1. [PT] Bump sphinx from 3.4.0 to 3.4.1 * Bump sphinx from 3.4.0 to 3.4.1. [dependabot[bot]] Bumps [sphinx](https://github.com/sphinx-doc/sphinx) from 3.4.0 to 3.4.1. - [Release notes](https://github.com/sphinx-doc/sphinx/releases) - [Changelog](https://github.com/sphinx-doc/sphinx/blob/3.x/CHANGES) - [Commits](https://github.com/sphinx-doc/sphinx/compare/v3.4.0...v3.4.1) * Update .schema_version. [PT] Update schema for new capec version * Merge pull request #574 from P-T-I/new_capec_version. [PT] fix #572: parsing new capec version * Fix #572: parsing new capec version. [Paul Tikken Laptop] * Merge pull request #573 from cve-search/dependabot/pip/gevent-20.12.0. [PT] Bump gevent from 20.9.0 to 20.12.0 * Bump gevent from 20.9.0 to 20.12.0. [dependabot[bot]] Bumps [gevent](https://github.com/gevent/gevent) from 20.9.0 to 20.12.0. - [Release notes](https://github.com/gevent/gevent/releases) - [Changelog](https://github.com/gevent/gevent/blob/master/docs/changelog_pre.rst) - [Commits](https://github.com/gevent/gevent/compare/20.9.0...20.12.0) * Merge pull request #570 from P-T-I/schema_checker. [PT] fix #564; database schema version checker added * Fix #564; database schema version checker added. [Paul Tikken Laptop] * Merge pull request #569 from P-T-I/cvss_impact_exploit. [PT] added exploit and impact scores to api endpoints; cleanup code and re… * Added exploit and impact scores to api endpoints; cleanup code and removal of unused functions. [Paul Tikken Laptop] * Merge pull request #565 from AZobec/cvssV3. [PT] add impactScore and exploitabilityScore for CVSS v3.1 * Rebase. [AZobec] * Add impactScore and exploitabilityScore for CVSS v3.1. [AZobec] * Merge pull request #568 from cve-search/dependabot/pip/sphinx-3.4.0. [PT] Bump sphinx from 3.3.1 to 3.4.0 * Bump sphinx from 3.3.1 to 3.4.0. [dependabot[bot]] Bumps [sphinx](https://github.com/sphinx-doc/sphinx) from 3.3.1 to 3.4.0. - [Release notes](https://github.com/sphinx-doc/sphinx/releases) - [Changelog](https://github.com/sphinx-doc/sphinx/blob/3.x/CHANGES) - [Commits](https://github.com/sphinx-doc/sphinx/compare/v3.3.1...v3.4.0) * Merge pull request #567 from cve-search/dependabot/pip/flask-socketio-5.0.1. [PT] Bump flask-socketio from 5.0.0 to 5.0.1 * Bump flask-socketio from 5.0.0 to 5.0.1. [dependabot[bot]] Bumps [flask-socketio](https://github.com/miguelgrinberg/Flask-SocketIO) from 5.0.0 to 5.0.1. - [Release notes](https://github.com/miguelgrinberg/Flask-SocketIO/releases) - [Changelog](https://github.com/miguelgrinberg/Flask-SocketIO/blob/master/CHANGES.md) - [Commits](https://github.com/miguelgrinberg/Flask-SocketIO/compare/v5.0.0...v5.0.1) * Merge pull request #566 from cve-search/dependabot/pip/codecov-2.1.11. [PT] Bump codecov from 2.1.10 to 2.1.11 * Bump codecov from 2.1.10 to 2.1.11. [dependabot[bot]] Bumps [codecov](https://github.com/codecov/codecov-python) from 2.1.10 to 2.1.11. - [Release notes](https://github.com/codecov/codecov-python/releases) - [Changelog](https://github.com/codecov/codecov-python/blob/master/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-python/compare/v2.1.10...v2.1.11) * Merge pull request #563 from cve-search/dependabot/pip/requests-2.25.1. [PT] Bump requests from 2.25.0 to 2.25.1 * Bump requests from 2.25.0 to 2.25.1. [dependabot[bot]] Bumps [requests](https://github.com/psf/requests) from 2.25.0 to 2.25.1. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/master/HISTORY.md) - [Commits](https://github.com/psf/requests/compare/v2.25.0...v2.25.1) * Update VERSION. [PT] 2021-04-24T08:01:13+00:00 seaweedfs 2.41 seaweedfs 2.41 2021-04-24T23:55:47+00:00 * FUSE mount * delay new file creation until file is closed, unless file is opened exclusively * Volume Server * Erasure Code: transient errors may cause thundering herd effect #2012 * Do not add new volumes when below minFreeSpacePercent #2017 * Filer * Mysql/Postgres may have some leftover entries in database when deleting folders #2006 * Minor * filer directory listing adds `namePatternExclude` #2023 * filer directory listing ensures case sensitive when checking name patterns * `weed shell` lock shows which server holds the lock #1983 * `weed filer.copy` includes empty folders #2016 * volume server report errors properly #2012 2021-04-24T23:55:47+00:00 Mobile-Security-Framework-MobSF v3.4.3 Mobile-Security-Framework-MobSF v3.4.3 2021-04-25T07:26:49+00:00 ### v3.4.3 Beta Changelog - Features or Enhancements - Android Dynamic Analysis TLS/SSL Security Tester - Dynamic Analysis without Static Analysis - Support Dynamic Analysis of third party apps in VM/AVD - Download and perform static analysis of third party apps from VM/AVD - Dynamic Analysis enhancement to preserve app config/data - Improved SSL Pinning Bypass script - Added Intent dumper auxiliary Frida script - Added an auxiliary method bypass template script - Security Hardening - Addressing LGTM issues and QA - Android Permissions Mapping update and Typo fix - VirusTotal Code QA - Refactored Logcat log viewer to show only app specific logs - Xposed Improvements and updates of agents - Updated frontend libraries for CodeMirror and EnligherJS - New REST API exposed for TLS/SSL tests - General Code QA - Bug Fixes - Fixed Windows Setup script - Fixed typo and incomplete description in Android permission mapping 2021-04-25T07:26:49+00:00 cutter v2.0.2 cutter v2.0.2 2021-04-25T15:44:40+00:00 ## Bug Fixes * Rizin updated to [0.2.1](https://github.com/rizinorg/rizin/releases/tag/v0.2.1) * Fix incorrect packaging causing "Most likely, Rizin is not properly installed." on Windows #2667 * Crash on Linux distros using Qt 5.15.2 with KDE patches #2662 2021-04-25T15:44:40+00:00 libvshadow 20210425 libvshadow 20210425 2021-04-25T16:02:13+00:00 Release of version 20210425 2021-04-25T16:02:13+00:00 misp-modules v2.4.142 misp-modules v2.4.142 2021-04-26T09:07:17+00:00 ## v2.4.142 (2021-04-26) ### New * [logo] yeti logo added. [Alexandre Dulaunoy] * [ChangeLog] added. [Alexandre Dulaunoy] ### Changes * [doc] yeti logo added. [Alexandre Dulaunoy] * [doc] Makefile fixed. [Alexandre Dulaunoy] * [doc] README cleanup and historical stuff removed. [Alexandre Dulaunoy] * [doc] fix path of mkdocs output. [Alexandre Dulaunoy] ### Fix * [tests] Back to the former ip address in the threatcrowd module test. [chrisr3d] * [doc] Travis button was on the old master branch. [Alexandre Dulaunoy] fix: [doc] Travis button was on the old master branch * [doc] build script. [Alexandre Dulaunoy] ### Other * Merge branch 'main' of github.com:MISP/misp-modules into main. [Alexandre Dulaunoy] * Merge pull request #488 from sebdraven/master. [Alexandre Dulaunoy] Module Yeti * Add pyeti package. [Sebdraven] * Merge branch 'main' [Sebdraven] * Merge branch 'main' of github.com:MISP/misp-modules into main. [chrisr3d] * Fix typo. [Sebdraven] * Remove variable unused. [Sebdraven] * Remove import unused and add package in requirements. [Sebdraven] * Create yeti.json. [Sebdraven] add doc * Update yeti.py. [Sebdraven] pep 8 compliant * Update yeti.py. [Sebdraven] remove tags and entity * Update yeti.py. [Sebdraven] add input * Merge pull request #2 from MISP/master. [sebdraven] Master * Update yeti.py. [Sebdraven] add tests * Update yeti.py. [Sebdraven] add ns record dst and src link * Update yeti.py. [Sebdraven] add test to create result * Update yeti.py. [Sebdraven] fix edges * Update yeti.py. [Sebdraven] fix typo * Update yeti.py. [Sebdraven] change params * Update yeti.py. [Sebdraven] add ns_record object * Update yeti.py. [Sebdraven] change loop * Update yeti.py. [Sebdraven] fix bug * Update yeti.py. [Sebdraven] remove tests * Update yeti.py. [Sebdraven] filter by id * Update yeti.py. [Sebdraven] add src * Update yeti.py. [Sebdraven] fix keyerror * Update yeti.py. [Sebdraven] fix bug about id * Update yeti.py. [Sebdraven] add logs * Update yeti.py. [Sebdraven] add logs * Update yeti.py. [Sebdraven] add test of id * Update yeti.py. [Sebdraven] add log * Update yeti.py. [Sebdraven] add descripton * Update yeti.py. [Sebdraven] add file to add in attribute * Update yeti.py. [Sebdraven] add tags for attribute * Update yeti.py. [Sebdraven] remove tag * Update yeti.py. [Sebdraven] test tags * Update yeti.py. [Sebdraven] change tags method * Update yeti.py. [Sebdraven] add related observable and AS * Update yeti.py. [Sebdraven] remove print debug * Update yeti.py. [Sebdraven] fix bugs key error * Update yeti.py. [Sebdraven] add param * Update yeti.py. [Sebdraven] try typo * Update yeti.py. [Sebdraven] remove print * Update yeti.py. [Sebdraven] remove tests * Update yeti.py. [Sebdraven] test * Update yeti.py. [Sebdraven] add logs * Update yeti.py. [Sebdraven] try test * Update yeti.py. [Sebdraven] add check * Update yeti.py. [Sebdraven] correct bug * Update yeti.py. [Sebdraven] add log * Update yeti.py. [Sebdraven] add log * Update yeti.py. [Sebdraven] correct typo * Update yeti.py. [Sebdraven] add relation * Update yeti.py. [Sebdraven] refactoring and add Url neighboors * Update yeti.py. [Sebdraven] add key results * Update yeti.py. [Sebdraven] delete attr * Update yeti.py. [Sebdraven] correction format strings * Update yeti.py. [Sebdraven] change logs * Update yeti.py. [Sebdraven] value attribute * Update yeti.py. [Sebdraven] change logs * Update yeti.py. [Sebdraven] add logs * Update yeti.py. [Sebdraven] add relation * Update yeti.py. [Sebdraven] remove add * Update yeti.py. [Sebdraven] add logs * Update yeti.py. [Sebdraven] change relations * Update yeti.py. [Sebdraven] change modification * Update yeti.py. [Sebdraven] update relation * Update yeti.py. [Sebdraven] change relation type * Update yeti.py. [Sebdraven] add relationship * Update yeti.py. [Sebdraven] add ref * Update yeti.py. [Sebdraven] add test * Update yeti.py. [Sebdraven] change attribute add * Update yeti.py. [Sebdraven] change relationship * Update yeti.py. [Sebdraven] log json * Update yeti.py. [Sebdraven] log object * Update yeti.py. [Sebdraven] add logs * Update yeti.py. [Sebdraven] change type attr and relation * Update yeti.py. [Sebdraven] add logs * Update yeti.py. [Sebdraven] add logs * Update yeti.py. [Sebdraven] add logs * Update yeti.py. [Sebdraven] change relation type and misp event init * Update yeti.py. [Sebdraven] add relation object * Update yeti.py. [Sebdraven] add object * Update yeti.py. [Sebdraven] refactoring * Update yeti.py. [Sebdraven] using attribute * Update yeti.py. [Sebdraven] use format misp * Update yeti.py. [Sebdraven] modify acess dict * Update yeti.py. [Sebdraven] add logs * Update yeti.py. [Sebdraven] add logs * Update yeti.py. [Sebdraven] add neighboors iocs to add the event * Update yeti.py. [Sebdraven] modify call yeti * Update yeti.py. [Sebdraven] Correct bugs * Update yeti.py. [Sebdraven] change inherit * Update yeti.py. [Sebdraven] change path to access config settings * Update yeti.py. [Sebdraven] add log * Update yeti.py. [Sebdraven] add ip-dst to enrich * Update yeti.py. [Sebdraven] add logs * Yeti pluggin. [Sebdraven] get_entities and get_neighboors * Update yeti.py. [Sebdraven] add introspection method * Update yeti.py. [Sebdraven] add method version * Update yeti.py. [Sebdraven] correct import * Update REQUIREMENTS. [Sebdraven] correct conflic * Update yeti.py. [Sebdraven] add config and struct * Add new module. [Sebdraven] new module yeti * Update .gitignore. [Sebdraven] update .gitignore to env pycharm * Merge pull request #1 from MISP/master. [sebdraven] Master * Merge branch 'main' of github.com:MISP/misp-modules into main. [Alexandre Dulaunoy] 2021-04-26T09:07:17+00:00 misp-warninglists v2.4.142 misp-warninglists v2.4.142 2021-04-26T09:18:18+00:00 ## v2.4.142 (2021-04-26) ### New * GH workflow. [Raphaël Vinot] * Added covid generators / lists. [iglocska] * Added covid warninglist. [iglocska] * Added common warninglists. [iglocska] * [list] The Moz Top 500 Domains and Pages (#104) [Steve Clement] new: [list] The Moz Top 500 Domains and Pages * [list] Added Mozilla Top 500 domains. [Steve Clement] * [tool] Generate The Moz top 500 Domain list from https://moz.com/top500. [Steve Clement] * [disposal-email] added. [Alexandre Dulaunoy] * [disposal-email] a list of disposable and temporary email address domains. [Alexandre Dulaunoy] From https://github.com/martenson/disposable-email-domains Fix https://github.com/MISP/misp-taxonomies/issues/136 * [VPN] lists of common VPN IPv4 and IPv6 addresses added. [Alexandre Dulaunoy] Source of the IPv4/IPv6 is https://github.com/ejrv/VPNs ### Changes * [warning-lists] updated. [Alexandre Dulaunoy] * [lists] updated. [Alexandre Dulaunoy] * [stackpath] host IPv6 addresses are without subnet. [Alexandre Dulaunoy] * [warning-lists] updated. [Alexandre Dulaunoy] * [update] run on all. [Alexandre Dulaunoy] * [public-resolver] revert to previous one as the source is dropping many known public resolver such as quad9. [Alexandre Dulaunoy] * [updates] updated warning-lists. [Alexandre Dulaunoy] * [warning-lists] updated. [Alexandre Dulaunoy] * [updated] warning-lists updated. [Alexandre Dulaunoy] * [warning-lists] updated. [Alexandre Dulaunoy] * [update] automatic update. [Alexandre Dulaunoy] * Add PR to GH actions. [Raphaël Vinot] * [doc] Travis removed. [Alexandre Dulaunoy] * [updates] updated warning lists. [Alexandre Dulaunoy] * [warning-list] updated. [Alexandre Dulaunoy] * Bump moz-top500. [Raphaël Vinot] * [update] misp-warninglists updated. [Alexandre Dulaunoy] * [schema] wildmask type added to prepare the merge into MISP. [Alexandre Dulaunoy] * [warning-lists] updated to the latest version. [Alexandre Dulaunoy] * Changed name to be displayed as warning and description. [chrisr3d] * Turned the regexes for audiovisual works into a single one. [chrisr3d] * [warning-lists] updated. [Alexandre Dulaunoy] * [warning-lists] updated. [Alexandre Dulaunoy] * [update] following changes + regular update. [Alexandre Dulaunoy] * [automatic updates] all warning-lists. [Alexandre Dulaunoy] * [automatic] updated. [Alexandre Dulaunoy] * [automatic] updated. [Alexandre Dulaunoy] * [tranco] updated. [Alexandre Dulaunoy] * [public-dns] updated. [Alexandre Dulaunoy] * [microsoft-azure] updated. [Alexandre Dulaunoy] * [tld] updated to the latest version. [Alexandre Dulaunoy] * [aws] updated. [Alexandre Dulaunoy] * [office 365] updated. [Alexandre Dulaunoy] * [office 365] updated. [Alexandre Dulaunoy] * [mozilla-intermediate-CA] updated to the latest version. [Alexandre Dulaunoy] * Chmod +x for new scripts in tools folder. [Kevin Holvoet] * [whats-my-ip] fix 152. [Alexandre Dulaunoy] * [jq] all. [Alexandre Dulaunoy] * [tranco10k] jq all the things. [Alexandre Dulaunoy] * [amazon-aws] updated to the latest version. [Alexandre Dulaunoy] * [microsoft-office365] updated to the latest version. [Alexandre Dulaunoy] * [covid] added covidmemory.lu. [Andras Iklody] * Update validate all. [Raphaël Vinot] * Add script to make lists unique, and sort the keys. [Raphaël Vinot] Update covid lists. * Covid lists bumped. [iglocska] * [covid] lists updated. [iglocska] * [whats-my-ip] Fix #139. [Alexandre Dulaunoy] * [covid] aatishb.com added due to https://aatishb.com/covidtrends/ [Alexandre Dulaunoy] (thanks to @doegox) * [covid] added Heliox_lab domain. [Alexandre Dulaunoy] * [covid] adding luxemburg's covid domains. [Jean-Louis Huynen] * [doc] updated readme with covid list. [Christophe Vandeplas] * [covid] added Portugal and Belgium. [Christophe Vandeplas] * [tranco] updated to the latest version. [Alexandre Dulaunoy] * [office365] updated to the latest version. [Alexandre Dulaunoy] * [cloudflare] updated to the latest version. [Alexandre Dulaunoy] * [aws] updated. [Alexandre Dulaunoy] * [cloudflare] updated. [Alexandre Dulaunoy] * [office365] IP addresses and domains updated. [Alexandre Dulaunoy] * [doc] wikimedia warning-list added. [Alexandre Dulaunoy] * [wikimedia] jq all the things. [Jean-Louis Huynen] * [university_domains] updated to the latest version. [Alexandre Dulaunoy] * [disposable] updated to the latest version. [Alexandre Dulaunoy] * [vpn] IP addresses updated. [Alexandre Dulaunoy] * [mozilla] CA list updated. [Alexandre Dulaunoy] * [empty-hashes] empty ssdeep hashes added. [Alexandre Dulaunoy] * [dax30] updated and fixed. [Alexandre Dulaunoy] * [alexa] Updated with the script in tools. [Steve Clement] * [moz500] Fix actual list. [Steve Clement] * [moz500] Added Pages too. Updated list. [Steve Clement] * [moz500] Added info how to regenerate, added provisional urls/files to topPages. [Steve Clement] * [security-provider-blogpost] version updated. [Alexandre Dulaunoy] * [doc] list of warning-lists updated. [Alexandre Dulaunoy] * [o365 ip] title of the warning list changed. [Alexandre Dulaunoy] * [o365 tools] fix title of the IP address warning list. [Alexandre Dulaunoy] * [o365] separate Microsoft Office 365 lists (hostname and IP addresses) [Alexandre Dulaunoy] * [o365] jq all the things. [Alexandre Dulaunoy] * [tools] alexa script fixed. [Alexandre Dulaunoy] * [alexa] updated to the latest version (seems to be back) [Alexandre Dulaunoy] * [tools] fix cisco script. [Alexandre Dulaunoy] * [cisco/umbrella top list] updated to the latest version. [Alexandre Dulaunoy] * [amazon-aws] updated to the latest version available. [Alexandre Dulaunoy] * [README] added university domains. [Alexandre Dulaunoy] * [doc] akamai network added. [Alexandre Dulaunoy] * [akamai] jq everything. [Alexandre Dulaunoy] * [doc] CRL list added. [Alexandre Dulaunoy] * [public-dns-v6] cloudflare dns added. [Alexandre Dulaunoy] * [public-dns-v4] cloudflare recursive dns added. [Alexandre Dulaunoy] * [amazon-aws] updated to the recent version. [Alexandre Dulaunoy] * [sinkholes] duplicate entry removed. [Alexandre Dulaunoy] * [sinkholes] added. [Alexandre Dulaunoy] * [doc] new lists added. [Alexandre Dulaunoy] * List of warning-lists updated. [Alexandre Dulaunoy] * Lists/microsoft-attack-simulator/list.json added. [Alexandre Dulaunoy] * Enforce type in schema. [Raphaël Vinot] * Remove exec flag on json files. [Raphaël Vinot] ### Fix * Python 3.9 compat, take 2. [Raphaël Vinot] * Python 3.9 compat. [Raphaël Vinot] * Changed parsing algorithm to string, see #7c1de70. [Andras Iklody] * Sort entries. [Raphaël Vinot] * [schema] regexp added as supported type. [Alexandre Dulaunoy] * [alex] The generator wants to decode things ;) [Steve Clement] * [moz500] Fix the confusion about Moz.com and Mozilla.com (#107) [Steve Clement] fix: [moz500] Fix the confusion about Moz.com and Mozilla.com * [moz500] Fix the confusion about Moz.com and Mozilla.com. [Steve Clement] * [tools] Made python scripts executable. (#105) [Steve Clement] fix: [tools] Made python scripts executable. * [tools] Made python scripts executable. [Steve Clement] * Wrong file name in the scripts. [Raphaël Vinot] * Flienames of new warning lists. [Raphaël Vinot] * Common IOC warning list added. [Alexandre Dulaunoy] * Various fixes + add number of elements in each lists. [Alexandre Dulaunoy] * Perfect match is string ;-) [Alexandre Dulaunoy] * Reverse.it added to the list of dynamic malware analysis tools. [Alexandre Dulaunoy] * CIDR block added. [Alexandre Dulaunoy] * Public-dns-hostname not following schema. [Raphaël Vinot] * Resolver expressed as hostname removed. [Alexandre Dulaunoy] * Typo fixed for Travis. [Alexandre Dulaunoy] * Jq output to /dev/null - Travis. [Alexandre Dulaunoy] * JSON tests. [Alexandre Dulaunoy] ### Other * Merge pull request #178 from Wiscy-Security/main. [Alexandre Dulaunoy] Added new warninglist for Stackpath CDN * Add stackpath to generate_all.sh script. [Kevin Holvoet] * Gave execute permissions to generate_phone_numbers.py. [Kevin Holvoet] * Created new Stackpath CDN IP list. [Kevin Holvoet] * Merge branch 'main' of github.com:MISP/misp-warninglists into main. [Alexandre Dulaunoy] * Merge pull request #176 from przemekzny/patch-1. [Alexandre Dulaunoy] Update list.json * Update list.json. [przemekzny] Added domains of PKO Bank Polski S.A. * Merge branch 'main' of github.com:MISP/misp-warninglists into main. [Alexandre Dulaunoy] * Merge pull request #173 from DocArmoryTech/patch-1. [Alexandre Dulaunoy] Added Neo23x0/ti-falsepositive warninglist * Corrected version number to one. [Cormac Doherty] * Jq all the things. [Cormac Doherty] * Added Neo23x0/ti-falsepositive warninglist. [DocArmoryTech] Neo23x0:Neo23x0/ti-falsepositive is a "hash generator for typical false positive hashes". This warninglist was generated using a modified version of the generator (see: DocArmoryTech:DocArmoryTech-mispwl) `python3 ./fp-hashes.py > list.json` * Merge pull request #172 from pettai/Fastly. [Alexandre Dulaunoy] Add Fastly IPs * Add Fastly IPs. [pettai] Add all Fastlys IP addresses * Merge pull request #170 from chrisr3d/main. [Alexandre Dulaunoy] Added a few more entries to the phone numbers warninglist * Add: A few more phone numbers regexes. [chrisr3d] * Add: Added regexes for the american fictitious numbers in the list. [chrisr3d] * Merge pull request #168 from chrisr3d/main. [Alexandre Dulaunoy] New warning list for unattributed phone numbers * Add: Added phone numbers warninglist to the list. [chrisr3d] * Add: New Warninglist for phone numbers that should never be attributed. [chrisr3d] - First examples filling the list of regexes: the phone numbers used for audiovisual works, or the communications companies internal numbers. Those phone numbers are reserved and should never be given to any user - We'll add as well the numbers reserved for the american audiovisual works soon * Merge pull request #166 from pettai/GCP. [Alexandre Dulaunoy] Add GCP IPs * +jq_all_the_things.sh. [pettai] missed to run jq_all_the_things.sh * Add GCP IPs. [pettai] Add GCP (Google Cloud Platform) IP addresses * Merge pull request #165 from HugeekMcGill/main. [Alexandre Dulaunoy] Adding replacement for wildcard and dash inputs * Adding replacement for wildcard and dash inputs. [hugeek] * Merge pull request #164 from cyber288/main. [Alexandre Dulaunoy] Change hostname type to string type for multiple lists * Changed matching algorithm to string. [cyber288] * Changed matching algorithm to string. [cyber288] * Update version number. [cyber288] * Update version number. [cyber288] * Update version number. [cyber288] * Fix date. [cyber288] * Changed matching algorithm to string. [cyber288] * Changed matching algorithm to string. [cyber288] * Changed matching algorithm to string. [cyber288] * Changed matching algorithm to string. [cyber288] * Changed matching algorithm to string. [cyber288] * Changed matching algorithm to string. [cyber288] * Changed matching algorithm to string. [cyber288] * Merge pull request #163 from rhaist/patch-1. [Alexandre Dulaunoy] Create requirements.txt * Create requirements.txt. [Robert Haist] Those are the additional Python3 requirements I needed to generate all the lists. * Changed matching algorithm to string. [Andras Iklody] Example for a dangerous entry: dropbox.com with the hostname algorithm and url as a valid attribute type means that https://dropbox.com/malicious/files.exe would get excluded from the automation systems when using the warninglist. I've changed the algorithm to full string matches. * Merge pull request #162 from Wiscy-Security/main. [Alexandre Dulaunoy] Refactor last scripts, central logging, central directory for downloads, automation script * Merge upstream, update lists, fix conflicts. [Kevin Holvoet] Merge remote-tracking branch 'upstream/main' into main * Merge pull request #161 from bartblaze/patch-1. [Alexandre Dulaunoy] Add new domains * Add new domains. [Bart] * Merge pull request #157 from sustefil/fix-issue-156. [Alexandre Dulaunoy] Fix generator.py:download_to_file * Fix generator.py:download_to_file. [Filip Suster] When some script which is using generator.py module (e.g. generate-publicdns.py) is run for the first time, the file is missing and unhandled exception is thrown * Merge remote-tracking branch 'upstream/main' into main. [Kevin Holvoet] * Merge pull request #154 from Wiscy-Security/main. [Alexandre Dulaunoy] Refactoring of code + updates of warninglists * Refactor last scripts, logging, central directory for downloads. [Kevin Holvoet] * Refactored generate_moz-top50.py * Download all file to new /tmp file to centralize all downloads * Add central logging to generators.log file * Create Bash script that generates all warninglists * Add /tmp folder and extra files to .gitignore * Start adding exception handling in download_to_file and write_to_file * Refactor more generators. [Kevin Holvoet] * Remove extra .txt extension from downloaded filed. [Kevin Holvoet] * Add check if downloaded file has changed on server before downloading. [Kevin Holvoet] * Refactor code to make it simpler/more uniform. [Kevin Holvoet] * Chg generator-publicdns: work with new CSV format 1. The CSV format has changed with the update on 2020-07-14. 2. The script also generates IPv4, IPv6, and the hostname lists at once. 3. Downloaded file added to .gitignore. [Kevin Holvoet] * Solved LGTM alerts. [Kevin Holvoet] * Added multiple lists from Cisco Umbrella list. Solves issue #24 and #13. [Kevin Holvoet] * Merge remote-tracking branch 'upstream/main' into main. [Kevin Holvoet] * Merge pull request #153 from Wiscy-Security/main. [Alexandre Dulaunoy] Change tool/scripts permission + update tranco lists * Updated lists after updating scripts. [Kevin Holvoet] * Add .gitignore for downloaded files, refactor code for generators: use central module, remove useless code, fix minor issues. [Kevin Holvoet] * Fix Microsoft Azure generator: format changed from XML to JSON + download link changed. [Kevin Holvoet] * Merge tranco scripts,:generate_tranco.py generates both full and 10k list. [Kevin Holvoet] * Automatically copy output to list.json file in correct folder. [Kevin Holvoet] * Refactored mozilla certificate generator: solve relative path issue, remove unused code, refactor structure of code. [Kevin Holvoet] * Renamed cisco top1m to top1k to reflect reality. [Kevin Holvoet] * Update Tranco & Tranco10k list. [Kevin Holvoet] * Merge branch 'main' of github.com:MISP/misp-warninglists into main. [Alexandre Dulaunoy] * Merge pull request #151 from JakubOnderka/tlds-update. [Alexandre Dulaunoy] Update TLDs list * Update TLDs list. [Jakub Onderka] * Merge pull request #150 from houey/patch-3. [Alexandre Dulaunoy] adding forms.gle which is for google forms. * Adding forms.gle which is for google forms. [Houston] adding forms.gle to the list. This is a short link for Google Forms managed by Google Firebase * Merge pull request #149 from houey/patch-2. [Alexandre Dulaunoy] added gvt1.com to Google domains warning list. * Added gvt1.com to Google domains warning list. [Houston] * Merge pull request #148 from GlennHD/master. [Alexandre Dulaunoy] Fixed typo in list.json of Tranco10k * Fixed typo. [GlennHD] Fixed typo in list.json * Merge branch 'GlennHD-master' [Alexandre Dulaunoy] * Update README.md. [GlennHD] * Added Tranco10k list. [GlennHD] * Create tranco10k list.json. [GlennHD] * Added tranco10k. [GlennHD] * Merge pull request #146 from GlennHD/patch-3. [Alexandre Dulaunoy] Added Majestic Million to Readme * Added Majestic Million to Readme. [GlennHD] Added Majestic Million to Readme * Merge pull request #145 from JakubOnderka/validate-values. [Andras Iklody] Validate values in CI * Validate values in CI. [Jakub Onderka] * Merge pull request #143 from bartblaze/patch-9. [Alexandre Dulaunoy] Update list.json * Update list.json. [Bart] Make hostname only, same for another one already in the list. * Update list.json. [Bart] * Jq the covid lists. [iglocska] * Merge branch 'master' of github.com:MISP/misp-warninglists. [iglocska] * Merge pull request #140 from kirzaks/master. [Alexandre Dulaunoy] Arcgis whitelistening * Version change. [Armins Palms] * Arcgis whitelist. [Armins Palms] * Merge pull request #138 from bartblaze/patch-8. [Alexandre Dulaunoy] Update list.json * Update list.json. [Bart] Add CAPEv2 * Merge pull request #137 from gallypette/patch-1. [Alexandre Dulaunoy] chg: [covid] adding luxemburg's covid domains. * Merge pull request #136 from rommelfs/patch-2. [Alexandre Dulaunoy] duplicate removed * Duplicate removed. [Sascha Rommelfangen] * Merge pull request #135 from rommelfs/patch-1. [Christophe Vandeplas] added info-coronavirus.be * Added info-coronavirus.be. [Sascha Rommelfangen] * Update to the covid list. [Andras Iklody] * Merge branch 'master' of github.com:MISP/misp-warninglists. [Alexandre Dulaunoy] * Merge pull request #133 from GlennHD/patch-2. [Alexandre Dulaunoy] Create list.json * Create list.json. [GlennHD] * Merge pull request #132 from GlennHD/patch-1. [Alexandre Dulaunoy] Create generate_majestic-million.py * Create generate_majestic-million.py. [GlennHD] Pulls top 10K of the most referred to hosts from Majestic Million. * Merge pull request #131 from bartblaze/patch-7. [Alexandre Dulaunoy] Update list.json * Update list.json. [Bart] Adds localizaip domains. * Merge pull request #130 from houey/patch-1. [Alexandre Dulaunoy] Added domain cutt.ly * Added domain cutt.ly. [Houston] * Merge pull request #129 from StefanKelm/master. [Andras Iklody] Update list.json * Update list.json. [StefanKelm] merky.de * Merge pull request #128 from davidljohnson/patch-1. [Alexandre Dulaunoy] Added windowsupdate.com domain * Added windowsupdate.com domain. [David J] I received false positives and detections for this domain. Thought it should added. * Merge pull request #127 from bartblaze/patch-6. [Alexandre Dulaunoy] Update list.json * Update list.json. [Bart] Adds ipv6-test * Merge pull request #126 from elhoim/master. [Andras Iklody] Added domains using Azuredns-prd.info as Nameserver * Added domains using Azuredns-prd.info as Nameserver. [David André] azuredns-prd.info is verified as being Microsoft owned and operated for some Azure related domains * Merge pull request #125 from certbe-trey/master. [Alexandre Dulaunoy] Add Tranco warning list (and generator) * Add Tranco warning list to README. [Trey Darley] * Add Tranco warning list (https://tranco-list.eu/) [Trey Darley] * Add script to generate warning list from Tranco (https://tranco-list.eu/) [Trey Darley] * Merge pull request #124 from bartblaze/patch-5. [Alexandre Dulaunoy] Update list.json * Update list.json. [Bart] Bump version number, add/edit domains. * Merge pull request #123 from bartblaze/patch-4. [Alexandre Dulaunoy] Update list.json * Update list.json. [Bart] Add Extreme IP. * Merge branch 'master' of github.com:MISP/misp-warninglists. [Alexandre Dulaunoy] * Merge pull request #122 from wesinator/patch-1. [Alexandre Dulaunoy] add sinkhole IP * Add sinkhole IP. [Ԝеѕ] https://dns.google.com/query?name=sinkhole.dynu.net https://dns.google.com/query?name=a.sinkhole.yourtrap.com&type=A&dnssec=true * Merge pull request #121 from bartblaze/patch-3. [Alexandre Dulaunoy] Add domain * Add domain. [Bart] * Merge pull request #120 from bartblaze/patch-2. [Alexandre Dulaunoy] Add sndbox * Add sndbox. [Bart] * Merge pull request #119 from wesinator/patch-1. [Alexandre Dulaunoy] Add additional Sinkhole IPs * Add additional Sinkhole IPs. [Ԝеѕ] https://github.com/brakmic/Sinkholes/pull/10/files https://github.com/brakmic/Sinkholes/pull/12/files https://github.com/grettir/malware-sinkholes/pull/2/files * Merge pull request #118 from mkb2091/master. [Alexandre Dulaunoy] Fixed typo in akamai list description * Fixed typo in akamai list description. [Alex Williams] * Merge pull request #117 from bartblaze/patch-1. [Alexandre Dulaunoy] Update list.json * Update list.json. [Bart] Add some systems. * Merge pull request #115 from gallypette/master. [Alexandre Dulaunoy] Wikimedia * Add: [wikimedia] adds a warning list for wikimedia infrastructure. [Jean-Louis Huynen] * Merge pull request #113 from droe/master. [Alexandre Dulaunoy] Fix minor field syntax error in google-gmail-sending-ips * Remove erroneous space character and bump version. [Daniel Roethlisberger] * Merge pull request #112 from elhoim/master. [Andras Iklody] Three new warning lists * Modified README to includ three new added warning lists. [elhoim] * Added list for Googlebot crawler IP ranges. [elhoim] * Added list with Google gmail sending IPs. [elhoim] * Added list and tool to generate list for cloudflare IP ranges. [elhoim] * Merge pull request #111 from github-pba/more-german-banks. [Alexandre Dulaunoy] URL change ING, new bank Mainzer Volksbank * Name change ING, new bank Mainzer Volksbank. [github-pba] * Update list.json. [cgi1] Adding BMW * Dax30 inital version. [cgi1] * Merge pull request #106 from SteveClement/tools. [Alexandre Dulaunoy] fix: [alexa] The generator wants to decode things ;) * Merge pull request #103 from obert01/remove-pastebin. [Alexandre Dulaunoy] Removed pastebin.com, as it is not a security provider. * Removed pastebin.com, as it is not a security provider. [Olivier BERT] It is often used by malware to download configuration or payloads. * Merge pull request #101 from crondaemon/crondaemon. [Alexandre Dulaunoy] Remove wrong line from vpn-ipv4. * Remove wrong line from vpn-ipv4. [Dario Lombardo] * Merge pull request #100 from zMathieu/patch-1. [Alexandre Dulaunoy] Transform URL to domains for few entries * Transform URL to domains for few entries. [zMathieu] Remove / or http for some domains. * Add: [doc] mozilla CA and intermediate CA added. [Alexandre Dulaunoy] * Merge pull request #99 from CERN-CERT/certificates. [Alexandre Dulaunoy] Add warning lists based on Mozilla's trusted CA and Intermediates * CAs: Fix final new line in json. [Vincent Brillault] * CAs: Fix json indentation (2 spaces, not 4) [Vincent Brillault] * Mozilla CA/intermediate: also match x509-fingerprint-* [Vincent Brillault] * Add warning lists based on Mozilla's trusted CA and Intermediates. [Vincent Brillault] * Add: Test for list.json filename. [Raphaël Vinot] * Merge pull request #98 from liviuvalsan/domain_ips. [Alexandre Dulaunoy] Make sure that matching attributes are consistent for lists that include domains * Make sure that matching attributes are consistent for lists that include domains. [Liviu Valsan] * Merge pull request #97 from kx499/master. [Alexandre Dulaunoy] A couple of office 365 list fixes * Updated office 365 file names, changed string to substring, and changed lists.json to list.json. [Faber] * Merge branch 'kx499-master' [Alexandre Dulaunoy] * Merge branch 'master' of https://github.com/kx499/misp-warninglists into kx499-master. [Alexandre Dulaunoy] * Updated MS O365 script to handle json and updated list.json. [Faber] * Merge branch 'kx499-master' [Alexandre Dulaunoy] * Adding akamai warning list. [Faber] * Merge pull request #93 from ater49/master. [Alexandre Dulaunoy] Adding university domains warninglist * Correcting updater. [ater49] * Correcting updater. [ater49] * Correction of duplicate. [ater49] * Adding updater for crl warninglist. [ater49] * Adding update tool for university domains list. [ater49] * Adding university domains warninglist from issue #38. [ater49] * Merge pull request #91 from ater49/master. [Alexandre Dulaunoy] Adding CRL Whistelist (Issue #83) * Modifying type from string to substring. [ater49] * Modifying version number to int. [ater49] * Correction for non-unique values in json. [ater49] * Adding CRL Whistelist (Issue #83) [ater49] * Merge pull request #90 from ater49/master. [Alexandre Dulaunoy] Adding cape.contextis.com in sandbox warninglist * JQing all the things. [ater49] * Adding "cape.contextis.com" to sandbox warninglists. [ater49] * Merge pull request #89 from robertnixon2003/master. [Andras Iklody] Updated Cisco warninglist * Added type. [Robert Nixon] * Fixed with jq all the things. [Robert Nixon] * Add files via upload. [Robert Nixon] * Update list.json. [Robert Nixon] * Create list.json. [Robert Nixon] * Delete list.json. [Robert Nixon] * Merge pull request #87 from wotschel/master. [Alexandre Dulaunoy] added the shortener of the german state rlp * Added the shortener of the german state rlp. [Bjoern Mainz] added the shortener of the german state rhineland-palatinate (rlp) * Merge pull request #86 from StefanKelm/master. [Alexandre Dulaunoy] more german bank sites * More german bank sites. [StefanKelm] * Merge pull request #85 from mlodic/master. [Alexandre Dulaunoy] fixed value in ovh-cluster and added new url shortener * Fixed value in ovh-cluster and added new url shortener. [Matteo Lodi] * Merge pull request #84 from liviuvalsan/update-security-provider-blogpost. [Alexandre Dulaunoy] Removing imgur.com from the list of known security providers/vendors blog domains * Removing imgur.com from the list of known security providers/vendors blog domains. [Liviu Valsan] * Merge pull request #82 from robertnixon2003/master. [Alexandre Dulaunoy] Updated Cisco Top 1000 List * Updated list "version": 20181012. [Robert Nixon] * Deleting list to add updated list. [Robert Nixon] * Add: [doc] added the new sinkholes list. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-warninglists. [Alexandre Dulaunoy] * Merge pull request #80 from ater49/master. [Alexandre Dulaunoy] New warninglist for bank websites. * New warninglist for bank websites. The list is based on university proxylist (ftp://ftp.ut-capitole.fr/pub/reseau/cache/squidguard_contrib/bank.tar.gz). [ater49] * Merge pull request #79 from StefanKelm/master. [Alexandre Dulaunoy] New list: Windows 10 connection endpoints * Win10 connection endpoints. [Stefan Kelm] * New list: win10 connection endpoints. [Stefan Kelm] * Merge pull request #78 from robertnixon2003/master. [Alexandre Dulaunoy] Fixed cisco gen script * Pulled list again after fixing generation script. [Robert Nixon] * Fixed TLD truncation issue. [Robert Nixon] Fixed TLD truncation issue * Merge pull request #76 from robertnixon2003/master. [Alexandre Dulaunoy] replace Alexa with Cisco Umbrella * Added Alexa list back. [Robert Nixon] * Added generate_alexa.py back and added type param. [Robert Nixon] * Updated list. [Robert Nixon] * Not sure why Travis is failing. [Robert Nixon] * Added type for Travis. [Robert Nixon] * Removing gen Alexa. [Robert Nixon] * New script to generate Cisco Umbrella Top 1000. [Robert Nixon] * Created new list. [Robert Nixon] * Removed Alexa List. [Robert Nixon] * Add: [microsoft-attack-simulator] warning list about phishing campaign for "security awareness" [Alexandre Dulaunoy] * Add: common IOC false-positives as mentioned by Florian Roth. [Alexandre Dulaunoy] * Merge pull request #73 from raw-data/master. [Alexandre Dulaunoy] [add] new domain for whats-my-ip section * [add] new domain for whats-my-ip section. [raw-data] * Merge pull request #71 from xbmc-goph/patch-2. [Alexandre Dulaunoy] Update version file * Update version file. [xbmc-goph] * Merge pull request #70 from xbmc-goph/patch-1. [Alexandre Dulaunoy] Updated with italian "what's my ip" services * Added the required separtor #2. [xbmc-goph] * Added the required separator. [xbmc-goph] * Updated with italian "what's my ip" services. [xbmc-goph] * Merge pull request #69 from raw-data/master. [Alexandre Dulaunoy] [ADD] new domains for whats-my-ip section and url-shortener section * [ADD] 1 new domain for url-shortener section. [raw-data] * [ADD] 3 new domains for whats-my-ip section. [raw-data] * Merge pull request #68 from raw-data/master. [Alexandre Dulaunoy] [ADD] 3 new domains for whats-my-ip section * [ADD] 1 new domain for url-shortener section. [raw-data] * [ADD] 3 new domains for whats-my-ip section. [raw-data] * [ADD] 3 new domains for whats-my-ip section. [raw-data] * Merge pull request #67 from droe/master. [Alexandre Dulaunoy] Add reference to PyMISPWarningLists * Add reference to PyMISPWarningLists. [Daniel Roethlisberger] * Add: BIT gTLD was missing. [Alexandre Dulaunoy] * Merge pull request #65 from StefanKelm/master. [Alexandre Dulaunoy] add RFC 6761 list * Update list.json. [StefanKelm] * Update README.md. [StefanKelm] * Update list.json. [StefanKelm] * Update list.json. [StefanKelm] * Create list.json. [StefanKelm] * Merge branch 'gizolka-master' [Alexandre Dulaunoy] * Merge branch 'master' of https://github.com/gizolka/misp-warninglists into gizolka-master. [Alexandre Dulaunoy] * Created a converter of MISP warning lists to asciidoctor format. [Joanna] * Fix #64. [Alexandre Dulaunoy] * Indeed LoL is not a security provider ;-) Fix #62. [Alexandre Dulaunoy] * Add: OVH cluster. [Alexandre Dulaunoy] * Merge pull request #61 from ater49/dev. [Alexandre Dulaunoy] Adding Ovh-cluster WarningList * Modification of errors in json. [ater49] * Modify errors. [ater49] * Revert "New WarningList for OVH Cluster" [ater49] Thir reverts commit 2bf5201110859bbc2b108178ee673b858bb4e3d5. * New WarningList for OVH Cluster. [ater49] * OVH Cluster IP add to misp-warninglists. [ater49] * Merge pull request #57 from eCrimeLabs/master. [Alexandre Dulaunoy] Bugfix and update * Updated with IPv6 addresses. [eCrimeLabs] * Bugfix (l.append) [eCrimeLabs] * Add: amazon-aws warning lists. [Alexandre Dulaunoy] * Merge pull request #55 from eCrimeLabs/master. [Alexandre Dulaunoy] Amazon AWS IP range for Warninglists * Bugfix type. [eCrimeLabs] * Fixed typo. [eCrimeLabs] * "type": "cidr", [eCrimeLabs] * Added "type": "cidr", [eCrimeLabs] * Update generate-amazon-aws.py. [eCrimeLabs] * Added Warninglists for Amazon AWS. [root] * Merge pull request #1 from eCrimeLabs/eCrimeLabs-dev. [eCrimeLabs] Generate json file of Amazon AWS IP's * Generate json file of Amazon AWS IP's. [eCrimeLabs] * Merge pull request #56 from sebdraven/master. [Alexandre Dulaunoy] add app.any.run in warninglists * Add app.any.run in warninglists. [Sébastien Larinier] * Merge pull request #53 from Delta-Sierra/master. [Alexandre Dulaunoy] add security provider blogpost warninglist * Elements must be unique. [Deborah Servili] * Add security provider blogpost warninglist. [Deborah Servili] * Merge pull request #52 from cgi1/patch-1. [Alexandre Dulaunoy] Resolving outdated list from #51 * Resolving outdated list from #51. [cgi1] @adulau * Merge pull request #48 from elhoim/patch-2. [Andras Iklody] Added some security vendors sites * Added some security vendors sites. [David André] * Add: regex type added as now available in MISP https://github.com/MISP/MISP/commit/98e07175a898434a0cdc82f3dff0e957bd28ea29. [Alexandre Dulaunoy] * Merge pull request #47 from elhoim/patch-1. [Andras Iklody] Changed matching algorithm to domain to avoid false positive matches * Changed matching algorithm to domain to avoid false positive matches. [David André] Changed matching algorithm to domain to avoid false positive matches + version bump * Version bump. [iglocska] * Wrong algorithm. [iglocska] * Changed matching algorithm to domain to avoid false positive matches. [iglocska] * Merge pull request #46 from c-goes/patch-1. [Alexandre Dulaunoy] Fix link to ipv6-linklocal list * Fix link to ipv6-linklocal list. [c-goes] * Add: automated-malware-analysis known domain list. [Alexandre Dulaunoy] Fix #45 * Add: Microsoft Azure Datacenter IP Ranges added including tool to generate the JSON. [Alexandre Dulaunoy] Fix #43 * Fix (temp): office 365 warning list only matching as substring (new list for CIDR block matching required) [Alexandre Dulaunoy] * Add: list of Microsoft office365/azure in China + extraction tool added. [Alexandre Dulaunoy] fix #42 * Office 365 warning-list updated to the latest version. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-warninglists. [Raphaël Vinot] * Merge branch 'master' of github.com:MISP/misp-warninglists. [Alexandre Dulaunoy] * Changed type and parser for hostname based public resolver list. [iglocska] * Merge branch 'master' of github.com:MISP/misp-warninglists. [Alexandre Dulaunoy] * Merge pull request #44 from cvandeplas/master. [Alexandre Dulaunoy] quad9 project * Quad9 project. [Christophe Vandeplas] * Merge branch 'master' of github.com:MISP/misp-warninglists. [Raphaël Vinot] * Merge pull request #39 from ater49/patch-1. [Alexandre Dulaunoy] checkip.amazonaws.com added into warninglist * Update list.json. [ater49] Comma added to the line * Update list.json. [ater49] Just to add checkip.amazonaws.com into WarningList * List of known public DNS resolvers expressed as hostname added. [Alexandre Dulaunoy] The list has been separated from ipv4 list to be sure matching works in MISP * Changed warninglist from sting matches to hostname type. [Andras Iklody] * Merge pull request #35 from rmarsollier/ggl. [Alexandre Dulaunoy] adding some google owned domains v2 * Solving last problem with google domain list. [rmarsollier] * Adding wikipedia scrapper for google domains. [rmarsollier] * Importing google domains from wikipedia. [rmarsollier] * Merge pull request #31 from rmarsollier/patch-2. [Alexandre Dulaunoy] Fixing #23 * Fix typo. [RbN] * Adding domains of #23. [RbN] * Merge pull request #30 from rmarsollier/patch-1. [Alexandre Dulaunoy] Adding sha224 to empty_hashs * Adding sha224. [RbN] d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f is a sha224, let's use it. * Fixed #25 adding more URL shorteners. [Alexandre Dulaunoy] * Run JQ on empty-hashes. [Raphaël Vinot] * Matching_attributes isn't required. [Raphaël Vinot] * Merge pull request #22 from devnull-/eicar.com. [Andras Iklody] No attribute filtering -- eicar.com * Add matching_attributes. [devnull-] * Merge pull request #21 from devnull-/empty-hashes. [Andras Iklody] No attribute filtering -- empty-hashes * Formating. [devnull-] * Add matching_attributes. [devnull-] * Merge pull request #1 from MISP/master. [devnull-] Pull update * Do not allow additional properties in the schema. [Raphaël Vinot] * Update travis. [Raphaël Vinot] * Fix JQ all the things. [Raphaël Vinot] * Revert "JQ all the things" [Raphaël Vinot] This reverts commit d422560a4e773d1fd58193a2fa3633e1d9265217. * Install dep. [Raphaël Vinot] * Fix travis. [Raphaël Vinot] * JQ all the things. [Raphaël Vinot] * Update lists, add schema. [Raphaël Vinot] * EICAR added in the README. [Alexandre Dulaunoy] * Merge pull request #20 from michael-hamm/eicar.com. [Alexandre Dulaunoy] Hashes for EICAR, EICAR zip and EICAR 2x zip. * Hashes for EICAR, EICAR zip and EICAR 2x zip. [Michael Hamm] * RFC 6598 added in the README. [Alexandre Dulaunoy] * Merge pull request #19 from michael-hamm/rfc6598. [Alexandre Dulaunoy] RFC 6598 - Carrier- Grade NAT (CGN) devices * RFC 6598 - Carrier- Grade NAT (CGN) devices. [Michael Hamm] * Merge pull request #18 from nbareil/master. [Alexandre Dulaunoy] No attribute filtering * Adds matching_attribute. [Nicolas Bareil] * Typo in the name. [Nicolas Bareil] * Type of warning-list added. [Alexandre Dulaunoy] * Bumped the date to force an update. [Iglocska] * Merge branch 'master' of https://github.com/MISP/misp-warninglists. [Iglocska] * Date updated. [Alexandre Dulaunoy] * Switched alexa to the "hostname" list. [Iglocska] * Added url type to the alexa list. [Iglocska] * Type was not declared as substring. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-warninglists. [Alexandre Dulaunoy] * Merge pull request #16 from devnull-/URL-shortener-services. [Alexandre Dulaunoy] Warning list URL shorteners services * Merge branch 'master' into URL-shortener-services. [devnull-] * Merge pull request #15 from devnull-/whats-my-ip. [Alexandre Dulaunoy] Warning list "What's my IP" domains * Add types URI & URL. [devnull-] * Add ip-score.com. [devnull-] * Warning list "What's my IP" service. [devnull-] * Warning list URL shorteners services. [devnull-] * Substring added (to support the new substring matching) [Alexandre Dulaunoy] * Merge pull request #12 from CZ-NIC/master. [Alexandre Dulaunoy] Checks for open resolvers in the list of IPs. * Checks for open resolvers in the list of IPs. [Edvard Rejthar] Is able to fetch the MISP warning list a say if there are some resolvers. * Add version and name to the office365 warning list. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-warninglists. [Alexandre Dulaunoy] * Merge pull request #10 from Maijin/master. [Raphaël Vinot] Add Comodo public DNS * Add Comodo public DNS. [Maijin] * Office 365 URLs and IP address ranges added. [Alexandre Dulaunoy] * Known microsoft domains added. [Alexandre Dulaunoy] * Warning list of known microsoft domains added. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-warninglists. [Alexandre Dulaunoy] * Merge pull request #8 from claudex/fix-travis. [Alexandre Dulaunoy] Fix travis build * View error output from jq. [Xavier Claude] * Fix travis build using jq from packages. [Xavier Claude] * License clarified. [Alexandre Dulaunoy] * Merge pull request #6 from claudex/dns. [Alexandre Dulaunoy] Use DNS list from http://public-dns.info/ * Add public dns v4 and v6 resolvers IP from the tool. [Xavier Claude] * Add a tool to generate public dns resolver list. [Xavier Claude] The tool generate two lists, one for IPv4 (list4.json) and one for IPv6 (list6.json) to allow the user to only enable one of the two. The list is downloaded from http://public-dns.info/ and a sample of the list was tested with: for dns in $( awk -F "," '{ print $1 }' < nameservers.csv ) ; do dig +noedns @$dns google.com | grep NOERROR 1>/dev/null || echo $dns ; done ~95% of the tested servers responded. So the list is not all crap. * Merge pull request #7 from claudex/rfc4291. [Alexandre Dulaunoy] Add IPv6 link local prefix * Add IPv6 link local prefix. [Xavier Claude] * Merge pull request #5 from claudex/alexa. [Alexandre Dulaunoy] Alexa * Actualy put alexa 1000 top domains in the output list. [Xavier Claude] * Write the alexa top1M zip file after download. [Xavier Claude] * Fix alexa top1M url. [Xavier Claude] * Merge pull request #4 from claudex/rfc3849. [Alexandre Dulaunoy] Add RFC 3849 - IPv6 prefix for documentation * Add RFC 3849 - IPv6 prefix for documentation. [Xavier Claude] * Merge branch 'list_updates' [Iglocska] * Updated warninglists with domains or IP addresses to also include domain|ip type attributes. [Iglocska] - fixes issue as reported by @Delta-Sierra * Build status icon added. [Alexandre Dulaunoy] * Travis test scripts added. [Alexandre Dulaunoy] * RFC 5735 added. [Alexandre Dulaunoy] * Alexa top 1000 list added. [Alexandre Dulaunoy] * Alexa top 1000 MISP warning list added including generation tool. [Alexandre Dulaunoy] * Multicast CIDR blocks added. [Alexandre Dulaunoy] * Rfc5771 added. [Alexandre Dulaunoy] * More public DNS servers added. [Alexandre Dulaunoy] * Google added. [Alexandre Dulaunoy] * List of known google domains and hostnames. [Alexandre Dulaunoy] * Merge pull request #3 from wllm-rbnt/second-level-tlds. [Alexandre Dulaunoy] Expand second level tlds from Wikipedia * Expand second level tlds from Wikipedia. [William Robinet] * Second-level of TLD lists. [Alexandre Dulaunoy] * Merge pull request #2 from wllm-rbnt/second-level-tlds. [Alexandre Dulaunoy] Add second level tlds from Mozilla Foundation * Add second level tlds from Mozilla Foundation. [William Robinet] * Merge pull request #1 from wllm-rbnt/openresolver. [Alexandre Dulaunoy] Add level3 open resolver * Add level3 open resolver. [William Robinet] * Basic README added. [Alexandre Dulaunoy] * Version added. [Alexandre Dulaunoy] * RFC 1918 networks. [Alexandre Dulaunoy] * Hashes of empty files. [Alexandre Dulaunoy] * Public-dns warning list. [Alexandre Dulaunoy] * Initial list with TLDs. [Alexandre Dulaunoy] 2021-04-26T09:18:18+00:00 misp-galaxy v2.4.142 misp-galaxy v2.4.142 2021-04-26T10:23:08+00:00 ## v2.4.142 (2021-04-26) ### New * [att&ck] support for subtechniques. [Christophe Vandeplas] * [dev] fix empty strings, lists. [VVX7] * [dev] add ASPI's China Defence University Tracker. [VVX7] Thanks to Cormac Doherty for writing the web scraper! To update the galaxy run the included gen_defence_university.py script. "The China Defence Universities Tracker is a database of Chinese institutions engaged in military or security-related science and technology research. It was created by ASPI’s International Cyber Policy Centre. It includes entries on nearly 100 civilian universities, 50 People’s Liberation Army institutions, China’s nuclear weapons program, three Ministry of State Security institutions, four Ministry of Public Security universities, and 12 state-owned defence industry conglomerates. The Tracker is a tool to inform universities, governments and scholars as they engage with the entities from the People’s Republic of China. It aims to build understanding of the expansion of military-civil fusion—the Chinese government’s policy of integrating military and civilian efforts—into the education sector. The Tracker should be used to inform due diligence of Chinese institutions. However, the fact that an institution is not included here does not indicate that it should not raise risks or is not involved in defence research. Similarly, entries in the database may not reflect the full range and nature of an institution’s defence and security links." - ASPI (https://unitracker.aspi.org.au/about/) * Added Bhadra framework for mobile attacks. [iglocska] - based on the paper published here: https://arxiv.org/pdf/2005.05110.pdf - thanks to the ATT&CK EU community conference speakers highlighting this framework! * [country] galaxy added. [iglocska] * [galaxy] AMITT (Adversarial Misinformation and Influence Tactics and Techniques) framework for describing disinformation incidents. AMITT is part of misinfosec - work on adapting information security practices to help track and counter misinformation - and is designed as far as possible to fit existing infosec practices and tools. [VVX7] * Added draft of the election guildelines galaxy. [mokaddem] * Add entries from Bambenek Consulting. [Raphaël Vinot] ### Changes * [ransomware] duplicate removed. [Alexandre Dulaunoy] * [ransomware] duplicate removed. [Alexandre Dulaunoy] * [ransomware] duplicates removed. [Alexandre Dulaunoy] * [ransomware] Flyper removed. [Alexandre Dulaunoy] * [ransomware] first duplicate removed. [Alexandre Dulaunoy] * [ransomware] remove duplicate "File-Locker" [Alexandre Dulaunoy] * [malpedia] jq all the file and removed ref duplicates. [Alexandre Dulaunoy] * [clusters] fixing broken UUID fix #628. [Alexandre Dulaunoy] * [ransomware] fix the broken UUID fix #628. [Alexandre Dulaunoy] * [microsoft activity group] HAFNIUM added. [Alexandre Dulaunoy] * [tool] SUNSPOT added. [Alexandre Dulaunoy] * [rsit] rsit as galaxy name. [Alexandre Dulaunoy] * [threat-actor] UNC2452/DarkHalo added - ref. #614. [Alexandre Dulaunoy] * [ransomware] Babuk Ransomware added. [Alexandre Dulaunoy] * [ransomware] RegretLocker added. [Alexandre Dulaunoy] * Fix gh actions. [Raphaël Vinot] * Add PR to GH actions. [Raphaël Vinot] * [doc] Travis is dead, GH Action is alive. [Alexandre Dulaunoy] * [att&ck] update to latest MITRE ATT&CK version. [Christophe Vandeplas] * [cryptominer] updated. [Alexandre Dulaunoy] * [rename] tea matrix. [Alexandre Dulaunoy] * [tea] matrix updated to include brewing time and the milk attack technique. [Alexandre Dulaunoy] * [tea] first version. [Alexandre Dulaunoy] * [att&ck] no tag for subtechnique. [Christophe Vandeplas] * [botnet] Katura mess added. [Alexandre Dulaunoy] * [galaxy] fix the name to China Defence Universities Tracker. [Alexandre Dulaunoy] * [dev] jq. [VVX7] * [dev] gen_defence_university.py no longer outputs empty strings, lists. [VVX7] * [threat-actor] remove duplicate references. [Alexandre Dulaunoy] * [threat-actor] fix #561 by using new meta to classify as a campaign only. [Alexandre Dulaunoy] Based on https://github.com/MISP/misp-galaxy/issues/469 There is an old and persistence issue in attribution world and basically no-one really agrees on this. So we decided to start a specific metadata `threat-actor-classification` on the threat-actor to define the various types per cluster entry: - _operation_: - _A military operation is the coordinated military actions of a state, or a non-state actor, in response to a developing situation. These actions are designed as a military plan to resolve the situation in the state or actor's favor. Operations may be of a combat or non-combat nature and may be referred to by a code name for the purpose of national security. Military operations are often known for their more generally accepted common usage names than their actual operational objectives._ from Wikipedia - **In the context of MISP threat-actor name, it's a single specific operation.** - _campaign_: - _The term military campaign applies to large scale, long duration, significant military strategy plans incorporating a series of inter-related military operations or battles forming a distinct part of a larger conflict often called a war. The term derives from the plain of Campania, a place of annual wartime operations by the armies of the Roman Republic._ from Wikipedia - **In the context of MISP threat-actor-name, it's long-term activity which might be composed of one or more operations.** - threat-actor - **In the context of MISP threat-actor-name, it's an agreed name by a set of organisations.** - activity group - **In the context of MISP threat-actor-name, it's a group defined by its set of common techniques or activities.** - unknown - **In the context of MISP threat-actor-name, it's still not clear if it's an operation, campaign, threat-actor or activity group** The meta field is an array to allow specific cluster of threat-actor to show the current disagreement between different organisations about the type (threat actor, activity group, campaign and operation). * Bump travis. [Raphaël Vinot] * [jq] all the things. [Alexandre Dulaunoy] * [preventive-measure] packet filtering added. [Alexandre Dulaunoy] * [threat-actor] remove the non-unique elements. [Alexandre Dulaunoy] * [ta] fix the JSON. [Alexandre Dulaunoy] * [jq] JSON fixed. [Alexandre Dulaunoy] * [json] add missing comma. [Alexandre Dulaunoy] * [country] jq all. [Alexandre Dulaunoy] * [malpedia] fixes. [Alexandre Dulaunoy] * [threat-actor] JSON fixed. [Alexandre Dulaunoy] * [travis] pip3. [Alexandre Dulaunoy] * [ransomware] Nodera ransomware added. [Alexandre Dulaunoy] * [threat-actor] typo fixed. [Alexandre Dulaunoy] * [threat-actor] format fixed. [Alexandre Dulaunoy] * [threat-actor] fix order. [Alexandre Dulaunoy] * [threat-actor] Budminer APT added based on document from "Soesanto, Stefan" [Alexandre Dulaunoy] * [threat-actor] SideWinder APT group added. [Alexandre Dulaunoy] * [threat-actor] jq. [Alexandre Dulaunoy] * [dark-pattern] namespace: misp. [Jean-Louis Huynen] * [ransomware] jq ;-) [Alexandre Dulaunoy] * [clean-up] jq all the things. [Alexandre Dulaunoy] * [threat-actor] Lucky Mouse synonym added. [Alexandre Dulaunoy] * [threat-actor] Calypso group added. [Alexandre Dulaunoy] Ref: https://www.ptsecurity.com/upload/corporate/ru-ru/analytics/calypso-apt-2019-rus.pdf MISP UUID: 5ca4718b-7f38-4822-83b7-0a1a0a00b412 * [threat-actor] threat-actor-classification updated. [Alexandre Dulaunoy] * [threat-actor] jq is jq. [Alexandre Dulaunoy] * [threat-actor] Operation WizardOpium added. [Alexandre Dulaunoy] ref: https://securelist.com/chrome-0-day-exploit-cve-2019-13720-used-in-operation-wizardopium/94866/ * [attack] update to latest ATT&CK data. [Christophe Vandeplas] * [attck4fraud] jq all the things. [Alexandre Dulaunoy] * [attck4fraud] updates based on issue #466. [Alexandre Dulaunoy] * [galaxy] added AMITT galaxy/cluster generator script. [VVX7] * [galaxy] version number to int. [VVX7] * [misp-galaxy] jq all the things. [Alexandre Dulaunoy] * [tool] COMPfun - Reductor added. [Alexandre Dulaunoy] * [threat-actor] new LookBack (Malware?Campaign?TA?) [Alexandre Dulaunoy] * [threat-actor] Evil Eye and POISON CARP. [Alexandre Dulaunoy] * [threat-actor] add machete-apt synonyms as reported in #445. [Alexandre Dulaunoy] * [threat-actor] jq all. [Alexandre Dulaunoy] * [threat-actor] LYCEUM added - 443 #fixed. [Alexandre Dulaunoy] * [threat-actor] rollback as discussed by chat with Andras until version 2.0. [Alexandre Dulaunoy] * [att&ck] July ATT&CK release included in MISP galaxy. [Alexandre Dulaunoy] * [threat-actor] version updated. [Alexandre Dulaunoy] * [threat-actor] duplicated refs removed. [Alexandre Dulaunoy] * [threat-actor] synonyms fixed. [Alexandre Dulaunoy] * [threat-actor] jq everything. [Alexandre Dulaunoy] * [branded_vulnerability] version updated. [Alexandre Dulaunoy] * Add PyMISPGalaxies test. [Raphaël Vinot] * [attack-pattern] Sync kill-chain with data from MITRE. [mokaddem] * [o365-exchange-techniques] Actions on Intent added (finalized) [Alexandre Dulaunoy] * [o365-exchange-techniques] Expansion added (WiP) [Alexandre Dulaunoy] * [o365-exchange-techniques] Persistence kill-chain added (WiP) [Alexandre Dulaunoy] * [o365-exchange-techniques] Compromise row added (WiP) [Alexandre Dulaunoy] * [o365-exchange-techniques] [WiP] based on John Lambert matrix techniques. [Alexandre Dulaunoy] * [malpedia] duplicates fixed. [Alexandre Dulaunoy] * [malpedia] jq all the things. [Alexandre Dulaunoy] * [malpedia] updated to the latest version. [Rintaro KOIKE] * [threat-actor] FIN4 updates. [Alexandre Dulaunoy] * [ATT&CK] updated to the latest version. [Alexandre Dulaunoy] * [exploit-kit] jq all the things. [Alexandre Dulaunoy] * [tool] Cowboy and KimJongRAT (Sorry Paul, we forgot ;-) [Alexandre Dulaunoy] ref: https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/ * [tool] jq all the things. [Alexandre Dulaunoy] * [tool] Karkoff tool added. [Alexandre Dulaunoy] * [ransomware] various fixes. [Alexandre Dulaunoy] * [ransomware] jq all the things(tm) [Alexandre Dulaunoy] * [ransomware] fix the meta to payment-method. [Alexandre Dulaunoy] * [mitre att&ck] updated with new version. [Alexandre Dulaunoy] * [threat-actor] change attribution confidence to be a string by default. [Alexandre Dulaunoy] * [tools] fix the attribution confidence level. [Alexandre Dulaunoy] * [attck4fraud] updated. [Alexandre Dulaunoy] * [attck4fraud] completed. [Alexandre Dulaunoy] * [attck4fraud] Assets Transfer added. [Alexandre Dulaunoy] * [attck4fraud] Obtain Fraudulent Assets added. [Alexandre Dulaunoy] * [attck4fraud] Perform fraud added. [Alexandre Dulaunoy] * [attck4fraud] Target compromise updated. [Alexandre Dulaunoy] * [attck4fraud] more techniques. [Alexandre Dulaunoy] * [threat-actor] BRONZE UNION is also uppercase. [Alexandre Dulaunoy] * [threat-actor] updated the version to avoid the past issue with 0 value for integer values. [Alexandre Dulaunoy] * [sector] typo fixed - reported in #364. [Alexandre Dulaunoy] * [attck4fraud] fix the type issue. [Alexandre Dulaunoy] * [attck4fraud] uuid fixed. [Alexandre Dulaunoy] * [attck4fraud] ATM Shimming added. [Alexandre Dulaunoy] * [attck4fraud] description fixed for FT1003. [Alexandre Dulaunoy] * [threat-actor] SandCat added. [Alexandre Dulaunoy] * [threat-actor] new attribution-confidence level introduced. [Alexandre Dulaunoy] * [threat-actor] jq all the things. [Alexandre Dulaunoy] * [threat-actor] IRIDIUM added. [Alexandre Dulaunoy] * [tools] jq all the things. [Alexandre Dulaunoy] * [tool] SLUB Backdoor added. [Alexandre Dulaunoy] * [tool] Xbash description updated. [Alexandre Dulaunoy] * [threat-actor] format fixed. [Alexandre Dulaunoy] * [threat-actor] jq all the things late in the night. [Alexandre Dulaunoy] * [threat-actor] uuid fixed. [Alexandre Dulaunoy] * [tool] BabyShark added. [Alexandre Dulaunoy] * [threat-actor] STOLEN PENCIL added. [Alexandre Dulaunoy] * [cert-eu-govsector] version fixed. [Alexandre Dulaunoy] * [threat-actor] version fixed. [Alexandre Dulaunoy] * [ransomware] no related object in meta. [Alexandre Dulaunoy] * [mitre-attack-pattern] jq. [Alexandre Dulaunoy] * [mitre-attack-pattern] bumped version number. [mokaddem] * [mitre-attack-pattern] Added kill_chain_order. [mokaddem] * [election-guidelines] sorting is important ;-) [Alexandre Dulaunoy] * [schema] optional kill_chain_order field added. [Alexandre Dulaunoy] * [election-guidelines] jq. [Alexandre Dulaunoy] * [mitre] Deprecated pre/enterprise/mobile separate galaxies. [Christophe Vandeplas] * [tool] jq jq jq jq jq jq jq jq. [Alexandre Dulaunoy] * [doc] new year copyright fun. [Alexandre Dulaunoy] * [mitre] bump to latest MITRE ATT&CK dataset. [Christophe Vandeplas] * [mitre] re-generated galaxies and values using the MITRE sources. [Christophe Vandeplas] and also using the MISP version to keep manually created relationships and such * [malpedia] updated to the latest version. [Alexandre Dulaunoy] * [licensing] 2-clause BSD added in addition to CC0. [Alexandre Dulaunoy] To remove ambiguity of licensing and allowing users to select the license they would like to use CC0 or 2-clause BSD. Related to: https://github.com/MISP/misp-taxonomies/issues/126 * [doc] move how to contribute to the CONTRIBUTE file. [Alexandre Dulaunoy] * [doc] Added some dependency pointers. [Steve Clement] * Uuid fixed. [Alexandre Dulaunoy] * [threat-actor] INDRIK SPIDER added. [Alexandre Dulaunoy] * [ransomware] duplicate removed. [Alexandre Dulaunoy] * Further categorization of galaxies. [Christophe Vandeplas] * Categorization of galaxies. [Christophe Vandeplas] This allows relationships to be created. * Removal of older unused relationships. [Christophe Vandeplas] * MITRE relationships included in the respective cluster. [Christophe Vandeplas] * Mappings are now in the generated adoc. [Christophe Vandeplas] plus massive performance improvement * Magical mapping with malpedia. [Christophe Vandeplas] * [malpedia] duplicate urls removed. [Alexandre Dulaunoy] * [tool] NOKKI added. [Alexandre Dulaunoy] ref: https://researchcenter.paloaltonetworks.com/2018/09/unit42-new-konni-malware-attacking-eurasia-southeast-asia/ * [botnet] Torii added. [Alexandre Dulaunoy] * [threat-actor] Iron Group added. [Alexandre Dulaunoy] ref: https://www.intezer.com/iron-cybercrime-group-under-the-scope-2/ * [tool] Xbash added. [Alexandre Dulaunoy] ref: https://researchcenter.paloaltonetworks.com/2018/09/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows/ * [tool] biscuit biscvt tool BISKVIT. [Alexandre Dulaunoy] ref: https://www.fortinet.com/blog/threat-research/russian-army-exhibition-decoy-leads-to-new-biskvit-malware.html * [threat-actor] APT-C-35 actor added. [Alexandre Dulaunoy] ref: https://ti.360.net/blog/articles/latest-activity-of-apt-c-35/ * [mapping] Generated automatic mapping between clusters. [Christophe Vandeplas] * [tool] KEYMARBLE malware added. [Alexandre Dulaunoy] ref: https://www.us-cert.gov/ncas/analysis-reports/AR18-221A * [threat-actor] jq document. [Alexandre Dulaunoy] * [schema clusters] fix the JSON indentation. [Alexandre Dulaunoy] * [threat-actor] The Gordon Group added. [Alexandre Dulaunoy] ref: https://researchcenter.paloaltonetworks.com/2018/08/unit42-gorgon-group-slithering-nation-state-cybercrime/ * [rat] Hallaj PRO Rat added. [Alexandre Dulaunoy] ref: https://securelist.com/attacks-on-industrial-enterprises-using-rms-and-teamviewer/87104/ misp-event: 5b63f5e4-bf24-4f46-8340-48fc02de0b81 * [threat-actor] leafminer - RASPITE added. [Alexandre Dulaunoy] * [tool] added based on Carbanak tooling description from Crowdstrike. [Alexandre Dulaunoy] ref: https://www.crowdstrike.com/blog/arrests-put-new-focus-on-carbon-spider-adversary-group/ * [threat-actor] new reference to CARBON SPIDER/Carbanak. [Alexandre Dulaunoy] * [tool] Bisonal malware added (new variant with encryption capabilities) [Alexandre Dulaunoy] * [threat-actor] The Big Bang campaign/group added. [Alexandre Dulaunoy] * [botnet] Xor DDoS added. [Alexandre Dulaunoy] * RANCOR group added. [Alexandre Dulaunoy] * Stalker Panda description added. [Alexandre Dulaunoy] * Old MITRE ATT&CK (2017) is moving to deprecated namespace. [Alexandre Dulaunoy] * Namespace mitre-attack added for version 2 of the MITRE ATT&CK after 2018. [Alexandre Dulaunoy] * [misp-galaxy] namespace misp added. [Alexandre Dulaunoy] ### Fix * Cryptominers type. [Jakub Onderka] * Rename "Innitial Access" to "Initial Access" [Thijsvanede] Renamed mitre-ics-tactics "Innitial Access" to "Initial Access". Original was a minor spelling mistake. The fixed naming corresponds to the original ATT&CK framework description https://collaborate.mitre.org/attackics/index.php/Initial_Access * Reorganize GH actions. [Raphaël Vinot] * Sort keys, fix tests. [Raphaël Vinot] * Remove comma. [Thomas Dupuy] * Name of SoD Matrix cluster to match galaxy. [Raphaël Vinot] Fix #566 * Small fixes to the bhadra framework. [iglocska] * JQ all the things. [Raphaël Vinot] * [attack] fixes old MITRE relationships not being removed. [Christophe Vandeplas] * [adoc] ignore deprecated galaxies. [Christophe Vandeplas] * [region] inconsistent type. [Christophe Vandeplas] * [misinfosec] fixes inconsistent filename. [Christophe Vandeplas] * [misinfosec] fixed kill_chain fields. [mokaddem] * Make tests happy. [Raphaël Vinot] * O365-exchange-techniques (duplicate values, duplicate UUIDs) [Raphaël Vinot] * UUID issues. [Raphaël Vinot] * Duplicate values, typos. [Raphaël Vinot] * Make validate all happy. [Raphaël Vinot] * Wrong (duplicate) value. [Raphaël Vinot] * [tool] MITRE conversion script. [Christophe Vandeplas] * [ransomware] more duplicates removed. [Alexandre Dulaunoy] * [ransomware] removed duplicate values. [Alexandre Dulaunoy] * [ransomware] duplicate removed. [Alexandre Dulaunoy] * [graph.py] small fix to make it work. [Alexandre Dulaunoy] * [malpedia] version. [Alexandre Dulaunoy] * [malpedia] broken reference has been fixed. [Alexandre Dulaunoy] * Add missing relations from commit 78c1f073590c4ae1822c8508f62934ffb215fab2. [Christophe Vandeplas] * Add missing relations from commit b857be9cabb02fb24aa5ef7db8e0c209a630189b. [Christophe Vandeplas] * Add missing relations from commit a81bbe288f91298fad0028e0f3c940c41c8d27fa. [Christophe Vandeplas] * Add missing relations from commit 29beb01dc3ed0067db6ccc33f41456147d38d2d7. [Christophe Vandeplas] * Intrusion is an actor and not a tool. [Christophe Vandeplas] * Jq all the things. [Christophe Vandeplas] * Minor newline difference after jq_all_the. [Christophe Vandeplas] * Automatically fix missing uuids. [Christophe Vandeplas] * Array in synonyms (MISP accepts it but not the schema ;-) [Alexandre Dulaunoy] * [threat-actor] added missing uuids. [Christophe Vandeplas] * [threat-actor] related is an array of JSON objects. [Alexandre Dulaunoy] * [JSON schema] related element is an array of JSON objects. [Alexandre Dulaunoy] * Jq all the things(tm) [Alexandre Dulaunoy] * [threat-actor] synonyms are always arraus. [Alexandre Dulaunoy] * Cleanup the link generation based on type instead of title (Thanks to Juan Rocha for the report) [Alexandre Dulaunoy] * Duplicate ELECTRUM entry. [Raphaël Vinot] Fix #212 * Duplicate UUID in tools. [Raphaël Vinot] * JSON format. [Alexandre Dulaunoy] * PureMasuta added to Masuta. [Alexandre Dulaunoy] * Typo in meta field. [Alexandre Dulaunoy] * Updated description to clearly states that only branded vulnerabilities. [Alexandre Dulaunoy] * Dedication page (CEF) and update overall structure of the document generated. [Alexandre Dulaunoy] * BARIUM and LEAD added. [Alexandre Dulaunoy] * Preventive measures added. [Alexandre Dulaunoy] * Naming normalisation. [Iglocska] ### Other * Merge pull request #647 from Delta-Sierra/master. [Alexandre Dulaunoy] Remove duplicate * Fix duplicates and add relations. [Delta-Sierra] * Merge https://github.com/MISP/misp-galaxy. [Delta-Sierra] * Merge pull request #645 from Delta-Sierra/master. [Alexandre Dulaunoy] Adding ransomware names [WIP 2/3] * Merge pull request #644 from danielplohmann/patch-7. [Alexandre Dulaunoy] adding Yanbian Gang as threat actor * Adding Yanbian Gang as threat actor. [Daniel Plohmann] * Merge pull request #643 from Delta-Sierra/master. [Alexandre Dulaunoy] Adding ransomware names[WIP] * Removing duplicate. [Delta-Sierra] * Removing unexpected line. [Delta-Sierra] * Adding ransomware names [WIP 3] [Delta-Sierra] * Adding ransomware names [WIP 2] [Delta-Sierra] * Fix version. [Delta-Sierra] * Adding ransomwares WIP. [Delta-Sierra] * Merge pull request #642 from danielplohmann/patch-6. [Alexandre Dulaunoy] Symantec uses Palmerworm as alias for BlackTech * Symantec uses Palmerworm as alias for BlackTech. [Daniel Plohmann] Adding Palmerworm as Symantec alias for BlackTech (with reference). * Merge pull request #641 from nyx0/main. [Alexandre Dulaunoy] Add Ghostwriter. * Add Ghostwriter. [Thomas Dupuy] * Merge pull request #639 from r0ny123/patch-1. [Alexandre Dulaunoy] remove turbine panda synonyms from hafnium * Reverted changes made into 52ae97718d520ad800cc2fa8631e44cfbf44dab5. [Rony] * Merge pull request #638 from sebdraven/main. [Alexandre Dulaunoy] add Turbinia Panda to Haffnium * Validation jsons. [sebdraven] * Update threat-actor.json. [Sebdraven] add a synonym to Haffnium * Merge pull request #637 from sebdraven/main. [Alexandre Dulaunoy] Add RedEcho Threat Actor * Validation ok. [sebdraven] * Update threat-actor.json. [Sebdraven] format json * Update threat-actor.json. [Sebdraven] add redecho threat actor * Merge pull request #2 from MISP/main. [sebdraven] Sync Forks * Merge pull request #636 from JakubOnderka/cryptominers-type. [Alexandre Dulaunoy] fix: Cryptominers type * Merge branch 'marjatech-main' into main. [Alexandre Dulaunoy] * Update to latest Ref: https://malpedia.caad.fkie.fraunhofer.de/api/get/misp. [Jakob M] * Merge pull request #634 from Delta-Sierra/master. [Alexandre Dulaunoy] Serveral updates and additions * Fix progress. [Delta-Sierra] * Fix merge & jq. [Delta-Sierra] * Merge. [Delta-Sierra] * Merge pull request #633 from r0ny123/patch-1. [Alexandre Dulaunoy] add more HAFNIUM references * From Nextron. [Rony] * More! [Rony] * More references. [Rony] From Crowdstrike MSRC and kql hunting query from James Quinn * Add HAFNIUM detection refs. [Rony] * Fix. [Rony] * Add more HAFNIUM references. [Rony] * Merge pull request #632 from r0ny123/patch-1. [Alexandre Dulaunoy] Adding alias NOBELIUM * Adding alias NOBELIUM. [Rony] * Merge pull request #631 from r0ny123/Enhancement. [Alexandre Dulaunoy] Add HAFNIUM * Added HAFNIUM. [Rony] Updates: Tonto Team UNC2452 * Add relationships between Maze, Rgnar, Egregor and Sekhmet. [Delta-Sierra] * Add Sekhmet ransomware. [Delta-Sierra] * Add TeamTNT ref. [Delta-Sierra] * Add Ragnar Locker and update accordingly. [Delta-Sierra] * Add Covidloc and tycoon ransomware + small updates on some ransomwares. [Delta-Sierra] * Add TeamTNT. [Delta-Sierra] * Merge https://github.com/MISP/misp-galaxy. [Delta-Sierra] * Fix merge. [Delta-Sierra] * Update sidewinder threat actor. [Delta-Sierra] * Merge pull request #1 from MISP/main. [sebdraven] merge * Merge pull request #630 from sebdraven/main. [Alexandre Dulaunoy] Update threat-actor.json * Update threat-actor.json. [Sebdraven] update Sidewinder card * Merge pull request #629 from nyx0/main. [Alexandre Dulaunoy] Update Infy TA. * Update Infy TA. [Thomas Dupuy] * Merge branch 'main' of github.com:MISP/misp-galaxy into main. [Alexandre Dulaunoy] * Merge pull request #627 from r0ny123/patch-2. [Alexandre Dulaunoy] removing DePrimon * Removing DePrimon. [Rony] DePrimon is not a TA, added malfamily (waiting for approval) to Malpedia to better reflect that. * Merge pull request #626 from nyx0/main. [Alexandre Dulaunoy] Add RDAT backdoor * Add RDAT backdoor. [Thomas Dupuy] * Merge pull request #625 from Thijsvanede/patch-1. [Alexandre Dulaunoy] * Merge pull request #624 from nyx0/main. [Alexandre Dulaunoy] Add Exaramel and P.A.S. webshell tool. * Remove empty values. [Thomas Dupuy] * Add Exaramel and P.A.S. webshell tool. [Thomas Dupuy] * Merge pull request #623 from nyx0/main. [Alexandre Dulaunoy] Add Caterpillar WebShell. * Add Caterpillar WebShell. [Thomas Dupuy] * Merge branch 'main' of github.com:MISP/misp-galaxy into main. [Alexandre Dulaunoy] * Merge pull request #622 from danielplohmann/patch-5. [Alexandre Dulaunoy] adding ClearSky alias for Volatile Cedar * Adding ClearSky alias for Volatile Cedar. [Daniel Plohmann] adding ClearSky report as source and alias to the VolatileCedar entry. As proof from the report: "We attributed the operation to Lebanese Cedar (also known as Volatile Cedar), mainly based on the code overlaps between the 2015 variants of Explosive RAT and Caterpillar WebShell, to the 2020 variants of these malicious files." * Merge pull request #621 from cudeso/main. [Alexandre Dulaunoy] RSIT Galaxy/Cluster * Move cfr-type-of-incident to meta. [Koen Van Impe] * RSIT Galaxy/Cluster. [Koen Van Impe] * Merge pull request #620 from StefanKelm/main. [Alexandre Dulaunoy] Update threat-actor.json * Update threat-actor.json. [StefanKelm] Lazarus * Merge pull request #619 from nyx0/main. [Alexandre Dulaunoy] Update tool cluster * Add HyperBro in tools. [Thomas Dupuy] * Update ZxShell tool. [Thomas Dupuy] * Merge pull request #618 from StefanKelm/main. [Alexandre Dulaunoy] Update threat-actor.json * Update threat-actor.json. [StefanKelm] Lazarus * Merge pull request #617 from danielplohmann/patch-4. [Alexandre Dulaunoy] merge COVELLITE into Lazarus Group * Merge COVELLITE into Lazarus Group. [Daniel Plohmann] I would propose to move COVELLITE as tracked by Dragos as an alias into Lazarus Group and merge the references. Dragos' own description states that it refers to the same group as "Lazarus" and "Hidden Cobra" in that infrastructure and tools are the same: https://www.dragos.com/threat-activity-groups/ - the entry in MISP's threat actor library also reflects that. * Merge pull request #616 from r0ny123/patch-2. [Alexandre Dulaunoy] removing Starcruft * Update threat-actor.json. [Rony] Don't know how StarCraft * Merge pull request #615 from danielplohmann/patch-3. [Alexandre Dulaunoy] merging ScarCruft->APT37 * Merging ScarCruft->APT37. [Daniel Plohmann] I would like to propose merging entry "ScarCruft" into "APT37". It really just seems like a redundancy, as both its aliases "Operation Daybreak" and "Operation Erebus" are already present for "APT37", along alias "StarCruft", which just seems to be a less popular variation of the name ("StarCruft" 3.2k google hits vs "ScarCruft" 31.5k google hits). The references of the entry can be fully merged as well - they do not overlap so far. * Merge pull request #612 from r0ny123/patch-1. [Alexandre Dulaunoy] BISMUTH * Update threat-actor.json. [Rony] * BISMUTH. [Rony] * Merge pull request #609 from StefanKelm/master. [Alexandre Dulaunoy] Update threat-actor.json * Update threat-actor.json. [StefanKelm] DeathStalker, Mabna * Merge pull request #610 from Delta-Sierra/master. [Alexandre Dulaunoy] Add new clusters * Add BazarBackdoor. [Delta-Sierra] * Add RansomEXX. [Delta-Sierra] * Merge https://github.com/MISP/misp-galaxy. [Delta-Sierra] * Merge pull request #608 from StefanKelm/master. [Alexandre Dulaunoy] Update threat-actor.json * Update threat-actor.json. [StefanKelm] Turla * Merge pull request #607 from StefanKelm/master. [Alexandre Dulaunoy] Update threat-actor.json * Update threat-actor.json. [StefanKelm] OceanLotus * Merge branch 'main' of github.com:MISP/misp-galaxy into main. [Alexandre Dulaunoy] * Merge pull request #606 from StefanKelm/master. [Alexandre Dulaunoy] Update threat-actor.json * Update threat-actor.json. [StefanKelm] APT27 * Merge https://github.com/MISP/misp-galaxy. [Delta-Sierra] * Merge pull request #604 from StefanKelm/master. [Alexandre Dulaunoy] Update threat-actor.json * Update threat-actor.json. [StefanKelm] * Merge pull request #603 from StefanKelm/master. [Alexandre Dulaunoy] Update threat-actor.json * Update threat-actor.json. [StefanKelm] Lazarus * Add Darkside ransomware. [Delta-Sierra] * Merge pull request #602 from snurilov/patch-1. [Alexandre Dulaunoy] Add ConfuserEx and Beds Protector .NET packers to tools.json cluster * Add ConfuserEx and Beds Protector .NET packers to tools.json cluster. [snurilov] Add ConfuserEx and Beds Protector .NET packers to tools.json cluster * Merge pull request #601 from snurilov/patch-1. [Alexandre Dulaunoy] Update rat.json to include Iperius Remote * Update rat.json to include Iperius Remote. [snurilov] Add Iperius Remote to the rat.json cluster. * Merge pull request #600 from StefanKelm/master. [Christophe Vandeplas] Update threat-actor.json * Update threat-actor.json. [StefanKelm] OceanLotus * Merge pull request #598 from StefanKelm/master. [Alexandre Dulaunoy] Update threat-actor.json * Update threat-actor.json. [StefanKelm] Kimsuky * Merge pull request #596 from r0ny123/patch-1. [Alexandre Dulaunoy] Update threat-actor.json * Remove duplicate! [Rony] * Update threat-actor.json. [Rony] Added TRACER KITTEN, FIN11, UNC1878, Operation Skeleton Key * Merge pull request #594 from Delta-Sierra/master. [Alexandre Dulaunoy] update microsoft activity groups * Merge branch 'main' into master. [Deborah Servili] * Merge branch 'enhanced-master' into main. [Alexandre Dulaunoy] * Merge branch 'master' of https://github.com/enhanced/misp-galaxy into enhanced-master. [Alexandre Dulaunoy] * Added a new cryptominer galaxy and additional missing recent families to various clusters. [JJ Cummings] * Merge pull request #591 from StefanKelm/master. [Alexandre Dulaunoy] Update threat-actor.json * Update threat-actor.json. [StefanKelm] Kimsuky * Merge pull request #588 from danielplohmann/patch-2. [Alexandre Dulaunoy] adding PowerPool alias IAmTheKing (Kaspersky) * Adding PowerPool alias IAmTheKing (Kaspersky) [Daniel Plohmann] after a quick search I haven't found a nice source except for costin's tweet. * Merge pull request #587 from StefanKelm/master. [Christophe Vandeplas] Update threat-actor.json * Update threat-actor.json. [StefanKelm] TA505 * Update threat-actor.json. [StefanKelm] XDSpy * Clarify error messages in validate_all.sh. [Christophe Vandeplas] * Fixes issues in attack-ics. [Christophe Vandeplas] * Added MITRE ICS to readme. [Christophe Vandeplas] * MITRE ATT&CK for ICS fixes #586. [Christophe Vandeplas] fixed issues in pull request #586 * Merge pull request #586 from tw010101/main. [Christophe Vandeplas] Mitre ATT&CK for ICS Galaxies/Clusters * Revert "Merge pull request #586 from tw010101/main" [Christophe Vandeplas] This reverts commit a416987d4052221eb80a92169616a5af86f54bd8. * Merge pull request #586 from tw010101/main. [Christophe Vandeplas] Mitre ATT&CK for ICS Galaxies/Clusters * Add files via upload. [tw010101] * Add files via upload. [tw010101] Mitre ATT&CK for ICS Galaxy + Cluster files Mitre ATT&CK for ICS - Assets Galaxy + Cluster files Mitre ATT&CK for ICS - Groups Galaxy and Cluster files Mitre ATT&CK for ICS - Levels Galaxy + Cluster files for Mitre ATT&CK for ICS - Software Galaxy + Cluster files for Mitre ATT&CK for ICS - Tactics Galaxy + Cluster files for Mitre ATT&CK for ICS - Techniques Galaxy + Cluster files for Mitre ATT&CK for ICS - Technique Matrix * Merge pull request #585 from StefanKelm/master. [Alexandre Dulaunoy] Lazarus * Lazarus. [StefanKelm] * Merge pull request #584 from bartblaze/patch-1. [Alexandre Dulaunoy] Update threat-actor.json * Update threat-actor.json. [Bart] Add Machete alias * Merge pull request #583 from StefanKelm/master. [Alexandre Dulaunoy] Update threat-actor.json * Update threat-actor.json. [StefanKelm] GADOLINIUM * Merge pull request #582 from StefanKelm/master. [Alexandre Dulaunoy] Update threat-actor.json * Update threat-actor.json. [StefanKelm] APT28 * Jq. [Delta-Sierra] * Update microsoft activity groups. [Delta-Sierra] * Add Sepulcher RAT. [Deborah Servili] * Merge https://github.com/MISP/misp-galaxy. [Deborah Servili] * Merge pull request #581 from r0ny123/patch-3. [Alexandre Dulaunoy] FBI FLASH AC-000133-TT * FBI FLASH AC-000133-TT. [Rony] * Merge pull request #580 from r0ny123/patch-2. [Alexandre Dulaunoy] Update threat-actor.json * Update threat-actor.json. [Rony] Adding Fox-Kitten and cleaned (or improved) winnti * Merge https://github.com/MISP/misp-galaxy. [Deborah Servili] * Merge pull request #579 from danielplohmann/ta413-evilnum. [Alexandre Dulaunoy] Adding TA413 and Evilnum * Adding TA413 and Evilnum. [Daniel Plohmann (jupiter)] * Merge pull request #578 from StefanKelm/master. [Alexandre Dulaunoy] Update threat-actor.json * Update threat-actor.json. [StefanKelm] APT33 * Merge pull request #577 from StefanKelm/master. [Alexandre Dulaunoy] Update threat-actor.json * Update threat-actor.json. [StefanKelm] STRONTIUM * Merge pull request #576 from StefanKelm/master. [Alexandre Dulaunoy] Update threat-actor.json * Update threat-actor.json. [StefanKelm] Lazarus, FIN7 * Merge pull request #575 from StefanKelm/master. [Alexandre Dulaunoy] Update threat-actor.json * Update threat-actor.json. [StefanKelm] TA542 * Merge pull request #574 from VVX7/main. [Alexandre Dulaunoy] new: [dev] add ASPI's China Defence University Tracker. * Merge pull request #573 from rmkml/master. [Alexandre Dulaunoy] add Conti Ransomware * Add Conti Ransomware. [rmkml] * Merge pull request #572 from nyx0/main. [Alexandre Dulaunoy] Few updates * Update Tonto Team/CactusPete threat actor. [Thomas Dupuy] * Add Drovorub tool. [Thomas Dupuy] * Update TA APT40. [Thomas Dupuy] * Merge pull request #571 from danielplohmann/patch-30. [Alexandre Dulaunoy] adding Kaspersky's name for Microcin. * Update threat-actor.json. [Daniel Plohmann] adding Kaspersky's name for Microcin. * Merge pull request #570 from nyx0/master. [Alexandre Dulaunoy] Add WellMess and WellMail * Add WellMess and WellMail. [Thomas Dupuy] * Merge pull request #569 from rmkml/master. [Alexandre Dulaunoy] add Ragnarok Ransomware * Merge branch 'master' of https://github.com/rmkml/misp-galaxy. [rmkml] * Add Ragnarok Ransomware. [rmkml] * Add Ragnarok Ransomware. [rmkml] * Merge pull request #568 from Vasileios-Mavroeidis/patch-1. [Alexandre Dulaunoy] Motive correction based on the EU Cert motive taxonomy * Motive correction based on the EU Cert motive taxonomy. [Vasileios Mavroeidis] Changed the motive in object 29af2812-f7fb-4edb-8cc4-86d0d9e3644b from Hactivism-Nationalist to Hacktivists-Nationalists * Merge branch 'StefanKelm-master' into main. [Alexandre Dulaunoy] * Update threat-actor.json. [StefanKelm] OilRig * Merge pull request #563 from r0ny123/patch-1. [Steve Clement] * Update threat-actor.json. [Rony] Moved the JUDGMENT PANDA references to APT31 following the previous commit. Off note, Crowdstrike quietly removed the JUDGMENT PANDA section from its GTR-2019 report. However if anyone wants to grab the unchanged report, they can get it [here](https://b-ok.asia/book/3697424/2ab30a). * Update threat-actor.json. [Rony] * Merge pull request #564 from StefanKelm/master. [Christophe Vandeplas] Update threat-actor.json * Update threat-actor.json. [StefanKelm] Turla * Merge pull request #562 from cudeso/main. [Alexandre Dulaunoy] SoD Matrix * SoD Matrix. [Koen Van Impe] Described at https://github.com/cudeso/SoD-Matrix * Add refs. [Deborah Servili] * Merge. [Deborah Servili] * Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] * Merge pull request #559 from StefanKelm/master. [Alexandre Dulaunoy] Update threat-actor.json * Update threat-actor.json. [StefanKelm] APT31 * Merge pull request #558 from StefanKelm/master. [Alexandre Dulaunoy] Update threat-actor.json * Update threat-actor.json. [StefanKelm] APT30 * Merge pull request #556 from StefanKelm/master. [Alexandre Dulaunoy] Update threat-actor.json * Update threat-actor.json. [StefanKelm] TA505 * Merge pull request #557 from r0ny123/patch-1. [Alexandre Dulaunoy] Update threat-actor.json * Update threat-actor.json. [Rony] * Merge branch 'r0ny123-master' [Alexandre Dulaunoy] * Fixed typo! [Rony] * Adding GALLIUM Threat Actor. [Rony] * Merge pull request #1 from MISP/master. [Rony] update * Merge pull request #554 from StefanKelm/master. [Alexandre Dulaunoy] Update threat-actor.json * Update threat-actor.json. [StefanKelm] Higaisa * Commit. [Deborah Servili] * Merge pull request #553 from StefanKelm/master. [Alexandre Dulaunoy] Update threat-actor.json * Update threat-actor.json. [StefanKelm] Cycldek * Merge pull request #552 from danielplohmann/reference-fixes. [Alexandre Dulaunoy] Reference fixes * Fixing deadlinks where possible. [Daniel Plohmann (jupiter)] * Default to HTTPS to be consistent with other links to same page. [Daniel Plohmann (jupiter)] * Merge pull request #551 from nyx0/master. [Alexandre Dulaunoy] Add CrackMapExec, metasploit, Cobalt Strike and Covenant * Remove duplicate TA (Chafer), fix symantec link, add synonyme for DarkHotel. [Thomas Dupuy] * Add CrackMapExec, metasploit, Cobalt Strike and Covenant. [Thomas Dupuy] * Merge pull request #550 from r0ny123/patch-1. [Alexandre Dulaunoy] fix * Update threat-actor.json. [Rony] * Fix. [Rony] * Merge branch '3c7-secureworks_profiles' [Alexandre Dulaunoy] * Merged (most) SecureWorks threat actor profiles && jq. [Nils Kuhnert] * Merge pull request #547 from Delta-Sierra/master. [Alexandre Dulaunoy] add Snake Ransomware * Fix missing description. [Deborah Servili] * Add Snake Ransomware. [Deborah Servili] * Merge pull request #546 from danielplohmann/patch-29. [Alexandre Dulaunoy] msft name: BORON for APT3 * Msft name: BORON for APT3. [Daniel Plohmann] as per tweet: https://twitter.com/bkMSFT/status/1259578051962306562 * Merge branch 'nyx0-master' [Alexandre Dulaunoy] * Add Sednit's Exploit-kit Sedkit. [Thomas Dupuy] * Add Higaisa Threat Actor. [Thomas Dupuy] * Merge pull request #542 from Delta-Sierra/master. [Alexandre Dulaunoy] add speculoos bakdoor * Merge branch 'master' into master. [Deborah Servili] * Merge pull request #541 from nyx0/master. [Alexandre Dulaunoy] Add DenesRAT/METALJACK * Add DenesRAT/METALJACK. [Thomas Dupuy] * Merge branch 'intezer-fix/reports' [Alexandre Dulaunoy] * Added misp info. [de Rosen] * Merge pull request #539 from r0ny123/MergingTA. [Alexandre Dulaunoy] Adding alias Thallium and merging STOLEN PENCIL * Adding alias Thallium and merging STOLEN PENCIL. [Rony] Pretty much confirmed from the crowdstrike talk at ATT&CKon 2.0. And also Netscout named the campaign as STOLEN PENCIL. * Merge branch 'rvs1st-patch-1' [Alexandre Dulaunoy] * Update threat-actor.json. [rvs1st] Added on line 1403: Trident per campaign malicious RTF documents to exploit CVE-2017-11882 and CVE-2012-0158 * Merge pull request #537 from danielplohmann/patch-28. [Alexandre Dulaunoy] Adding Nazar APT as described by JAGS in his OPCDE talk yesterday. * Adding Nazar APT as described by JAGS in his OPCDE talk yesterday. [Daniel Plohmann] * Merge pull request #536 from danielplohmann/patch-27. [Alexandre Dulaunoy] adding VOYEUR as alias (used by NSA) for MAGIC KITTEN (source referen… * Adding VOYEUR as alias (used by NSA) for MAGIC KITTEN (source reference included) [Daniel Plohmann] * Merge pull request #535 from ITAYC0HEN/feature/AddDarkUniverseActor. [Alexandre Dulaunoy] Add ItaDuke/DarkUniverse actor * Add ItaDuke/DarkUniverse actor. [itayc0hen] * Add speculoos bakdoor. [Deborah Servili] * Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili] * Merge pull request #534 from danielplohmann/fin1. [Alexandre Dulaunoy] adding FIN1 * Adding FIN1. [pnx@pyrite] * Merge pull request #533 from r0ny123/MergingTA. [Alexandre Dulaunoy] fix * Typo. [Rony] thanks to @patricksvgr * Update threat-actor.json. [Rony] * More fix. [Rony] * Fix broken links. [Rony] * Dead link. [Rony] * Add link. [Rony] * Merging APT23 & Tropic Trooper. [Rony] * Merge pull request #531 from r0ny123/patch-3. [Alexandre Dulaunoy] Update threat-actor.json * Update threat-actor.json. [Rony] * Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili] * Merge pull request #529 from danielplohmann/patch-26. [Alexandre Dulaunoy] fixing/removing some more dead links * Removed duplicate entry. [Daniel Plohmann] * Fixing/removing some more dead links. [Daniel Plohmann] * Merge pull request #528 from Delta-Sierra/master. [Alexandre Dulaunoy] UPdate Ransomware Galaxy * Add Operation Shadow Forece. [Deborah Servili] * Add coronavirus ransomware. [Deborah Servili] * Add Pyta ransomnotes. [Deborah Servili] * Add pyza ransomware. [Deborah Servili] * Merge pull request #526 from Delta-Sierra/master. [Alexandre Dulaunoy] PARINACOTA group * PARINACOTA group. [Deborah Servili] * Merge pull request #523 from danielplohmann/patch-24. [Alexandre Dulaunoy] adding aliases MERCURY, HOLMIUM * Adding aliases MERCURY, HOLMIUM. [Daniel Plohmann] Muddywater->MERCURY: https://twitter.com/moranned/status/1234071210822184960 APT33->HOLMIUM: https://www.zdnet.com/article/microsoft-notified-10000-victims-of-nation-state-attacks/ * Merge pull request #524 from danielplohmann/patch-25. [Alexandre Dulaunoy] Kimsuki -> Black Banshee * Kimsuki -> Black Banshee. [Daniel Plohmann] PWC refers to Kimsuki as Black Banshee (https://www.pwc.co.uk/issues/cyber-security-data-privacy/research/tracking-kimsuky-north-korea-based-cyber-espionage-group-part-2.html) * Merge pull request #522 from Delta-Sierra/master. [Alexandre Dulaunoy] add sdbbot * Add SdBbot. [Deborah Servili] * Add clop ransomware extension. [Deborah Servili] * Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] * Merge pull request #519 from danielplohmann/crowdstrike2020report. [Alexandre Dulaunoy] adding new/updated threat actor names from CrowdStrike 2020 report * While we are at it, we can also do Longhorn = APT-C-39. [Daniel Plohmann (jupiter)] * IMPERIAL KITTEN as alias for Tortoiseshell. [Daniel Plohmann (jupiter)] * Adding new/updated threat actor names from CrowdStrike 2020 report. [pnx@pyrite] * Merge branch 'cocaman-patch-1' [Alexandre Dulaunoy] * Fixing a comma error. [Corsin Camichel] * Adding Raccoon (win.raccoon) [Corsin Camichel] * Merge pull request #518 from danielplohmann/patch-21. [Alexandre Dulaunoy] Accenture calls APT32 - "POND LOACH" * Accenture calls APT32 - "POND LOACH" [Daniel Plohmann] * Merge branch 'nyx0-master' [Alexandre Dulaunoy] * Merge branch 'master' of https://github.com/nyx0/misp-galaxy into nyx0-master. [Alexandre Dulaunoy] * Add InvisiMole cluster. [Thomas Dupuy] * Merge pull request #517 from Delta-Sierra/master. [Alexandre Dulaunoy] update ransomware galaxy * Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili] * Merge pull request #516 from rmkml/master. [Alexandre Dulaunoy] add MedusaLocker ransomware * Add MedusaLocker ransomware. [rmkml] * Add extension to clop ransomware. [Deborah Servili] * Add razor ransomware. [Deborah Servili] * Merge pull request #513 from danielplohmann/patch-20. [Alexandre Dulaunoy] adding APT-C-12 * Adding APT-C-12. [Daniel Plohmann] * Merge pull request #512 from Delta-Sierra/master. [Alexandre Dulaunoy] Add several tools * Add tools used by TA505 + others. [Deborah Servili] * Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili] * Add warzone RAT. [Deborah Servili] * Merge pull request #510 from Delta-Sierra/master. [Alexandre Dulaunoy] add ransomwares * Add ransomwares. [Deborah Servili] * Merge pull request #509 from r0ny123/patch-3. [Alexandre Dulaunoy] Update threat-actor.json * Update threat-actor.json. [Rony] those are the name of aliases of the same malware family sykipot. so removing it. * Merge pull request #508 from Delta-Sierra/master. [Alexandre Dulaunoy] add Operation Wocao * Merge branch 'master' into master. [Deborah Servili] * Merge pull request #507 from nyx0/master. [Alexandre Dulaunoy] Add Attor and DePriMon * Add Attor and DePriMon. [Thomas Dupuy] * Merge pull request #506 from danielplohmann/patch-19. [Alexandre Dulaunoy] removing and fixing deadlinks in the best possible way * Removing and fixing deadlinks in the best possible way. [Daniel Plohmann] Hi! While migrating Malpedia to our new reference data format, we noticed a few potentially dead/moved references in your cluster. This pull request should fix most of them, for some I was not able to find an appropriate replacement. * Merge pull request #505 from danielplohmann/patch-18. [Alexandre Dulaunoy] adding references and TEMP.MixMaster as alias for WIZARD SPIDER * Adding references and TEMP.MixMaster as alias for WIZARD SPIDER. [Daniel Plohmann] with kudos to @tbarabosch * Merge pull request #504 from Delta-Sierra/master. [Alexandre Dulaunoy] update target location galaxy * Merge pull request #503 from StefanKelm/master. [Alexandre Dulaunoy] Update ransomware.json * Update ransomware.json. [StefanKelm] * Update ransomware.json. [StefanKelm] 5ss5c * Merge pull request #502 from Delta-Sierra/master. [Alexandre Dulaunoy] update tool galaxy * Jq. [Deborah Servili] * Add Operation Wocao. [Deborah Servili] * Complete Zimbabwe cluster. [Deborah Servili] * Update target location galaxy. [Deborah Servili] * Merge branch 'master' into master. [Deborah Servili] * Merge pull request #500 from Delta-Sierra/master. [Alexandre Dulaunoy] update target information * Merge pull request #501 from StefanKelm/master. [Alexandre Dulaunoy] Update tool.json * Update tool.json. [StefanKelm] LiquorBot * Merge pull request #499 from StefanKelm/master. [Alexandre Dulaunoy] Update tool.json * Update tool.json. [StefanKelm] Lampion * Add Autochk Rootkit as tool. [Deborah Servili] * Add two wipers to tools. [Deborah Servili] * Update target information. [Deborah Servili] * Merge pull request #498 from StefanKelm/master. [Alexandre Dulaunoy] Update threat-actor.json * Update threat-actor.json. [StefanKelm] * Update threat-actor.json. [StefanKelm] BRONZE PRESIDENT * Merge pull request #497 from r0ny123/patch-2. [Alexandre Dulaunoy] Update threat-actor.json * Update threat-actor.json. [Rony] * Merge pull request #496 from bartblaze/patch-1. [Alexandre Dulaunoy] Update threat-actor.json * Update threat-actor.json. [Bart] Adds Operation Wocao.. * Merge pull request #495 from Delta-Sierra/master. [Alexandre Dulaunoy] add clop ransomware * Add clop ransomware. [Deborah Servili] * Merge pull request #494 from Delta-Sierra/master. [Alexandre Dulaunoy] add BitPaymer Synonyms * Jq. [Deborah Servili] * Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili] * Merge pull request #493 from Delta-Sierra/master. [Deborah Servili] add tools used by GALLIUM * Merge pull request #492 from Delta-Sierra/master. [Alexandre Dulaunoy] Operation Soft Cell ralated Updates * Merge pull request #491 from wagner-certat/threat-actor-syn-sofacy. [Alexandre Dulaunoy] sofacy: add apt_sofacy as synonym * Sofacy: add apt_sofacy as synonym. [Sebastian Wagner] * Merge pull request #490 from Delta-Sierra/master. [Alexandre Dulaunoy] Update threat actor galaxy * Add BitPaymer Synonsyms. [Deborah Servili] * Add tools used by GALLIUM. [Deborah Servili] * Add GALLIUM as microsoft activities group and similar to Operation Soft Cell. [Deborah Servili] * Update threat actor version. [Deborah Servili] * Add relation suspected link between operation soft cell and apt10. [Deborah Servili] * ##COMMA## [Deborah Servili] * Merge branch 'master' into master. [Deborah Servili] * Merge pull request #489 from danielplohmann/patch-16. [Alexandre Dulaunoy] added APT-C-34 / Golden Falcon * Added APT-C-34 / Golden Falcon. [Daniel Plohmann] * Merge pull request #488 from Delta-Sierra/master. [Alexandre Dulaunoy] create new galaxy - surveillance-vendor * Merge pull request #487 from gallypette/patch-1. [Alexandre Dulaunoy] add: [dark-pattern] updates the README * Add: [dark-pattern] updates the README. [Jean-Louis Huynen] * Merge pull request #486 from gallypette/master. [Alexandre Dulaunoy] chg: [dark-pattern] namespace: misp * Merge pull request #485 from danielplohmann/patch-15. [Alexandre Dulaunoy] added TA2101 * Added TA2101. [Daniel Plohmann] * Merge pull request #484 from gallypette/master. [Alexandre Dulaunoy] add: [dark-pattern] galaxy to tag dark patterns * Add: [dark-pattern] add a source. [Jean-Louis Huynen] * Add: [dark-pattern] galaxy to tag dark patterns. [Jean-Louis Huynen] * Add Axiom synonym. [Deborah Servili] * Add Sofacy ref. [Deborah Servili] * Add clusters to surveillance-vendor galaxy. [Deborah Servili] * Fix surveillance-vendor galaxy. [Deborah Servili] * Fix-tentative. [Deborah Servili] * Fix. [Deborah Servili] * Jq. [Deborah Servili] * Update schema_cluster. [Deborah Servili] * Add FlexiSPY + jq. [Deborah Servili] * Add new galaxy - surveillance-vendor. [Deborah Servili] * Add Private Internet Access as Tool. [Deborah Servili] * Merge branch 'rmkml-master' [Alexandre Dulaunoy] * Merge branch 'master' into master. [rmkml] * Merge pull request #482 from Delta-Sierra/master. [Alexandre Dulaunoy] add DePriMon malicious downloader & Cyborg ransomware * Jq. [Deborah Servili] * Add cyborg ransomnote refs. [Deborah Servili] * Add cyborg ransomnote filename. [Deborah Servili] * Add cyborg ranspmware extension. [Deborah Servili] * Jq. [Deborah Servili] * Add DePriMon malicious downloader & Cyborg ransomware. [Deborah Servili] * Merge pull request #481 from Delta-Sierra/master. [Andras Iklody] add silence synonym & new meta field spoken-language * Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy. [Deborah Servili] * Merge branch 'master' into master. [Deborah Servili] * Merge. [Deborah Servili] * Merge pull request #480 from rmkml/master. [Alexandre Dulaunoy] Add Maze Ransomware * Merge pull request #477 from rmkml/master. [Alexandre Dulaunoy] Add Desync Ransomware * Merge pull request #476 from StefanKelm/master. [Alexandre Dulaunoy] new refs for APT33 * New refs for APT33. [StefanKelm] * Merge pull request #475 from Delta-Sierra/master. [Alexandre Dulaunoy] target information update [WIP] * Merge pull request #473 from Delta-Sierra/master. [Alexandre Dulaunoy] update target location WIP * Merge. [Deborah Servili] * Add silence synonym & new meta field spoken-language. [Deborah Servili] * Traget information update [WIP] [Deborah Servili] * Jq. [Deborah Servili] * Traget information update [WIP] [Deborah Servili] * Add Palestine PPound. [Deborah Servili] * Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili] * Merge pull request #472 from rmkml/master. [Alexandre Dulaunoy] Add DoppelPaymer Ransomware * Merge pull request #471 from rmkml/master. [Alexandre Dulaunoy] Add FreeMe Ransomware * Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] * Merge pull request #468 from Delta-Sierra/master. [Alexandre Dulaunoy] add Turla Group Symonym variant * Merge pull request #467 from Delta-Sierra/master. [Deborah Servili] Few updates * Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] * Merge pull request #465 from r0ny123/patch-1. [Alexandre Dulaunoy] Update threat-actor.json * Update threat-actor.json. [Rony] * Jq. [Deborah Servili] * Update target location WIP. [Deborah Servili] * Add Turla Group Symonym variant. [Deborah Servili] * Jq. [Deborah Servili] * Add Winnti related tools etc. [Deborah Servili] * Add operation soft cell. [Deborah Servili] * Merge pull request #464 from MISP/fix-misinfosec. [Sami Mokaddem] fix: [misinfosec] fixed kill_chain fields * Merge pull request #463 from VVX7/master. [Alexandre Dulaunoy] new: [galaxy] AMITT (Adversarial Misinformation and Influence Tactics… * Merge pull request #462 from Delta-Sierra/master. [Alexandre Dulaunoy] add synonyms * Jq. [Deborah Servili] * Add legitimate tools. [Deborah Servili] * Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili] * Merge pull request #461 from Delta-Sierra/target-location-galaxy. [Alexandre Dulaunoy] Target location galaxy * Fix empty string. [Deborah Servili] * Jq. [Deborah Servili] * Add TVSPY tool. [Deborah Servili] * WIP update target info. [Deborah Servili] * Try to please CodeFactor. [Deborah Servili] * Add script used to create region galaxy (Not optimised or anything) [Deborah Servili] * New galaxy - Region based on UN M49. [Deborah Servili] * WIP update target info. [Deborah Servili] * Merge pull request #459 from Delta-Sierra/target-location-galaxy. [Alexandre Dulaunoy] Target location galaxy * Jq. [Deborah Servili] * Merge branch 'master' of https://github.com/MISP/misp-galaxy into target-location-galaxy. [Deborah Servili] * Merge pull request #458 from Delta-Sierra/master. [Alexandre Dulaunoy] Add Tortoiseshell thrat actor * WIP update target info - fix empty string. [Deborah Servili] * WIP update target info. [Deborah Servili] * WIP update target info. [Deborah Servili] * Moar clusters. [Deborah Servili] * Update target information [draft] [Deborah Servili] * Update target information. [Deborah Servili] * Update target information. [Deborah Servili] * Improve target-information. [Deborah Servili] * Update version. [Deborah Servili] * Add PlugX rat sysnonyms. [Deborah Servili] * Add Sodinokibi synonym. [Deborah Servili] * Version update. [Deborah Servili] * Add Tortoiseshell thrat actor. [Deborah Servili] * Merge pull request #457 from rmkml/master. [Alexandre Dulaunoy] Add Mr.Dec Ransomware * Merge pull request #456 from rmkml/master. [Alexandre Dulaunoy] Add Hildacrypt Ransomware * Merge pull request #455 from rmkml/master. [Alexandre Dulaunoy] Add InnfiRAT * Merge pull request #454 from StefanKelm/master. [Alexandre Dulaunoy] Update threat-actor.json * Update threat-actor.json. [StefanKelm] Silent Librarian * Merge pull request #453 from rmkml/master. [Alexandre Dulaunoy] Add AsyncRAT * Fix Add FTCode Ransomware. [rmkml] * Add FTCode Ransomware. [rmkml] * Add Maze Ransomware. [rmkml] * Revert "Add Maze Ransomware" [rmkml] This reverts commit cfc6e2802cf8760e1389e77d3f1452f3eda7fb8f. * Add Maze Ransomware. [rmkml] * Add Desync Ransomware. [rmkml] * Add DoppelPaymer Ransomware. [rmkml] * Add FreeMe Ransomware. [rmkml] * Add Mr.Dec Ransomware. [rmkml] * Add Hildacrypt Ransomware. [rmkml] * Add InnfiRAT. [rmkml] * Merge branch 'master' into master. [rmkml] * Merge pull request #452 from Delta-Sierra/master. [Deborah Servili] aff SectorJ04 group * Merge branch 'master' into master. [Deborah Servili] * Merge pull request #450 from rmkml/master. [Alexandre Dulaunoy] Add Buran Ransomware * Merge pull request #449 from danielplohmann/patch-14. [Alexandre Dulaunoy] 'SectorJ04 Group' as alias introduced by NSHC for TA505 * 'SectorJ04 Group' as alias introduced by NSHC for TA505. [Daniel Plohmann] Not explicitly mentioned in the blog post but it looks like we just got an alias for TA505... https://threatrecon.nshc.net/2019/08/29/sectorj04-groups-increased-activity-in-2019/ * Merge pull request #448 from rmkml/master. [Alexandre Dulaunoy] Add Nemty Ransomware * Merge pull request #447 from Delta-Sierra/target-location-galaxy. [Alexandre Dulaunoy] improve more clusters * Improve more clusters. [Deborah Servili] * Merge pull request #446 from wagner-certat/tool-empty-strings. [Alexandre Dulaunoy] Add test for empty strings * Target-information: fix territory-type for China. [Sebastian Wagner] * Add test for empty strings. [Sebastian Wagner] Should prevent MISP/misp-galaxy#438 * Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] * Merge pull request #441 from Delta-Sierra/target-location-galaxy. [Deborah Servili] More clusters improved * More clusters improved. [Deborah Servili] * Merge pull request #444 from StefanKelm/master. [Alexandre Dulaunoy] Update threat-actor.json * Update threat-actor.json. [StefanKelm] Add ITG08 as synonym for FIN6 * Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] * Merge branch 'Delta-Sierra-master' [Alexandre Dulaunoy] * Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master. [Alexandre Dulaunoy] * Aff SectorJ04 group. [Deborah Servili] * Add Asruex Backdoor. [Deborah Servili] * Add ref for Gamaredon. [Deborah Servili] * Merge pull request #440 from Delta-Sierra/target-location-galaxy. [Alexandre Dulaunoy] Target location galaxy * More clusters improved. [Deborah Servili] * More clusters improved. [Deborah Servili] * Merge pull request #439 from Delta-Sierra/target-location-galaxy. [Alexandre Dulaunoy] Target location galaxy * More clusters improved. [Deborah Servili] * More clusters improved. [Deborah Servili] * More countries. [Deborah Servili] * Merge pull request #438 from wagner-certat/empty-strings. [Alexandre Dulaunoy] Remove some empty strings * Remove empty strings. [Sebastian Wagner] * Merge pull request #437 from Delta-Sierra/target-location-galaxy. [Deborah Servili] Target location galaxy * Complete more cluster + country is now an array. [Deborah Servili] * Target-informatione - add membership member-of attribute - Example:member-of NATO. [Deborah Servili] * Merge pull request #436 from Delta-Sierra/target-location-galaxy. [Alexandre Dulaunoy] Target location galaxy * Jq. [Deborah Servili] * Change attribute name. [Deborah Servili] * Jq. [Deborah Servili] * Complete some clusters. [Deborah Servili] * Fix building mistakes. [Deborah Servili] * Add tld. [Deborah Servili] * Add target-information galaxy file. [Deborah Servili] * Rename galaxy target-location -> target-information. [Deborah Servili] * New galaxy target-location [DRAFT] [Deborah Servili] * Merge pull request #435 from hackunagi/master. [Alexandre Dulaunoy] Adding Amavaldo Banking Trojan * Adding Amavaldo Banking Trojan. [Carlos Borges] * Merge pull request #434 from r0ny123/patch-1. [Alexandre Dulaunoy] added microsoft naming for the groups * Added microsoft naming for the groups. [Rony] * Merge pull request #433 from nyx0/master. [Alexandre Dulaunoy] add APT41 * Add synonyme for Turla. [Thomas Dupuy] * Update victims. [Thomas Dupuy] * Add APT41. [Thomas Dupuy] * Merge pull request #431 from Delta-Sierra/master. [Alexandre Dulaunoy] add Amavaldo * Jq. [Deborah Servili] * Update version. [Deborah Servili] * Add Amavaldo. [Deborah Servili] * Merge pull request #430 from 3c7/patch-2. [Alexandre Dulaunoy] [threat-actor] Remove local file reference in threat actor galaxy * Remove local file link :) [Nils Kuhnert] * Lowercased value field for DarkHotel. [Andras Iklody] * Merge pull request #429 from danielplohmann/patch-13. [Alexandre Dulaunoy] adding secureworks actor names for energetic bear and teamspy * Merge branch 'master' into patch-13. [Alexandre Dulaunoy] * Merge pull request #428 from danielplohmann/patch-12. [Alexandre Dulaunoy] adding Proofpoint's TA428 * Adding Proofpoint's TA428. [Daniel Plohmann] * Adding secureworks actor names for energetic bear and teamspy. [Daniel Plohmann] * Merge pull request #426 from mokaddem/patch-2. [Alexandre Dulaunoy] Update mitre-course-of-action.json * Update mitre-course-of-action.json. [Sami Mokaddem] Changed icon * Merge pull request #425 from mokaddem/patch-1. [Alexandre Dulaunoy] Update banker.json * Update banker.json. [Sami Mokaddem] Changed icon name * Merge pull request #424 from mokaddem/patch-3. [Alexandre Dulaunoy] Update mitre-enterprise-attack-course-of-action.json * Update mitre-enterprise-attack-course-of-action.json. [Sami Mokaddem] Changed icon * Merge pull request #423 from mokaddem/patch-4. [Alexandre Dulaunoy] Update mitre-mobile-attack-course-of-action.json * Update mitre-mobile-attack-course-of-action.json. [Sami Mokaddem] Changed icon * Merge pull request #422 from Delta-Sierra/master. [Alexandre Dulaunoy] add SWEED threat actor * Jq. [Deborah Servili] * Add SWEED threat actor. [Deborah Servili] * Merge pull request #420 from Delta-Sierra/master. [Deborah Servili] add Felipe Trojan * Jq. [Deborah Servili] * Add Felipe Trojan. [Deborah Servili] * Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy. [Alexandre Dulaunoy] * Fix duplicate. [Deborah Servili] * Update threat actor galaxy. [Deborah Servili] * Update threat actor galaxy. [Deborah Servili] * Update threat actor galaxy. [Deborah Servili] * Update threat actor galaxy. [Deborah Servili] * ##COMMA## [Deborah Servili] * Fix duplicate. [Deborah Servili] * Update version. [Deborah Servili] * Update threat actor galaxy. [Deborah Servili] * Merge pull request #419 from r0ny123/patch-6. [Alexandre Dulaunoy] Update threat-actor.json * Update threat-actor.json. [Rony] * Merge pull request #415 from Delta-Sierra/master. [Alexandre Dulaunoy] update threat actor galaxy * Fix duplicate and links update (APT34) [Deborah Servili] * Fix duplicate. [Deborah Servili] * Update threat actor galaxy. [Deborah Servili] * Tryto fix duplicate. [Deborah Servili] * Update threat actor galaxy. [Deborah Servili] * Merge pull request #414 from Delta-Sierra/master. [Alexandre Dulaunoy] update threat actor galaxy * Fix duplicate. [Deborah Servili] * Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili] * Merge pull request #413 from Delta-Sierra/master. [Alexandre Dulaunoy] update threat actor galaxy * Merge pull request #412 from Delta-Sierra/master. [Alexandre Dulaunoy] update threat actors and tools * Merge pull request #411 from Delta-Sierra/master. [Alexandre Dulaunoy] update threat-actor galaxy * Merge pull request #409 from rmkml/master. [Alexandre Dulaunoy] Add GetCrypt Ransomware * Merge pull request #408 from rmkml/master. [Alexandre Dulaunoy] Add Phobos Ransomware * Merge pull request #407 from Delta-Sierra/master. [Alexandre Dulaunoy] add BlueKeep vulnerability * Update threat actor galaxy. [Deborah Servili] * Jq. [Deborah Servili] * Update threat actor galaxy. [Deborah Servili] * Update threat actor galaxy. [Deborah Servili] * Update Threat actor galaxy. [Deborah Servili] * Update threat actor. [Deborah Servili] * Update threat actor darkhotel (nemim might be a typo) [Deborah Servili] * Update threat actor. [Deborah Servili] * FlawedAmmy RAT. [Deborah Servili] * Fix multiple refs. [Deborah Servili] * Update threat actors. [Deborah Servili] * Update threat actors. [Deborah Servili] * Update threat actors and tools. [Deborah Servili] * Fix merge mistakes. [Deborah Servili] * Update threat actor. [Deborah Servili] * Update threat actor. [Deborah Servili] * Update threat-actor galaxy. [Deborah Servili] * Update Anchor Panda Threat Actor. [Deborah Servili] * Add BlueKeep. [Deborah Servili] * Add AsyncRAT. [rmkml] * Add Buran Ransomware. [rmkml] * Add Nemty Ransomware. [rmkml] * Add GetCrypt Ransomware. [rmkml] * Merge branch 'master' into master. [rmkml] * Merge pull request #406 from Delta-Sierra/master. [Alexandre Dulaunoy] Rework of ransomware galaxy * Fix ransomware ransomnotes. [Deborah Servili] * Jq. [Deborah Servili] * Rework of ransomware galaxy. [Deborah Servili] * Merge pull request #405 from danielplohmann/patch-11. [Alexandre Dulaunoy] adding TA542 to MUMMY SPIDER (emotet) * Adding TA542 to MUMMY SPIDER (emotet) [Daniel Plohmann] * Merge pull request #404 from r0ny123/patch-5. [Alexandre Dulaunoy] merging Pacifier & Turla * Merging Pacifier & Turla. [Rony] * Merge pull request #403 from Delta-Sierra/master. [Alexandre Dulaunoy] add Reaver and probably related tools * Add Reaver and probably related tools. [Deborah Servili] * Merge pull request #402 from danielplohmann/patch-9. [Alexandre Dulaunoy] adding APT31/ZIRCONIUM * Adding APT31/ZIRCONIUM. [Daniel Plohmann] * Merge pull request #401 from mokaddem/bump-attack-pattern. [Alexandre Dulaunoy] chg: [attack-pattern] Sync kill-chain with data from MITRE. * Merge pull request #400 from Delta-Sierra/master. [Deborah Servili] add Sodinokibi * Add Sodinokibi. [Deborah Servili] * Merge pull request #399 from r0ny123/patch-4. [Alexandre Dulaunoy] Update threat-actor.json * Update threat-actor.json. [Rony] * Merge pull request #395 from Delta-Sierra/master. [Alexandre Dulaunoy] add Scranos * Add Scarnos. [Deborah Servili] * Merge pull request #394 from StefanKelm/master. [Alexandre Dulaunoy] Update threat-actor.json * Update threat-actor.json. [StefanKelm] Silent Librarian / COBALT DICKENS * Merge pull request #393 from Delta-Sierra/master. [Alexandre Dulaunoy] add AESDDoS Botnet and JasperLoader * Add JasperLoader. [Deborah Servili] * Add AESDDoS Botnet. [Deborah Servili] * Merge branch 'nao-sec-master' [Alexandre Dulaunoy] * Merge branch 'master' of https://github.com/nao-sec/misp-galaxy into nao-sec-master. [Alexandre Dulaunoy] * Merge branch 'r0ny123-patch-2' [Alexandre Dulaunoy] * Update threat-actor.json. [Rony] * Update threat-actor.json. [Rony] * Update threat-actor.json. [Rony] * Updated FIN4. [Rony] * Merge branch 'Kafeine-master' [Alexandre Dulaunoy] * Merge branch 'master' of https://github.com/Kafeine/misp-galaxy into Kafeine-master. [Alexandre Dulaunoy] * += Spelevo. [Kafeine] * ZTDS. [Kafeine] * Novidade,taurus. [Kafeine] * Merge pull request #387 from r0ny123/patch-1. [Alexandre Dulaunoy] more report on APT36 * More report on APT36. [Rony] * Merge pull request #386 from Delta-Sierra/master. [Alexandre Dulaunoy] ad Sea Turtle Campaign * Add Sea Turtle campaign. [Deborah Servili] * Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili] * Chg; [threat-actor] validate + version bump. [Christophe Vandeplas] * Merge pull request #385 from bartblaze/master. [Christophe Vandeplas] Add Whitefly * Add Whitefly. [Bart] * Merge. [Deborah Servili] * Merge pull request #384 from r0ny123/patch-3. [Deborah Servili] fixed the broken link * Fixed the broken link. [Rony] * Merge pull request #383 from rmkml/master. [Deborah Servili] Add BigBobRoss Ransomware * Merge pull request #382 from rmkml/master. [Alexandre Dulaunoy] Add Caesar RAT * Merge pull request #381 from rmkml/master. [Alexandre Dulaunoy] Add Tellyouthepass Ransomware * Merge pull request #380 from bartblaze/master. [Alexandre Dulaunoy] Add DoNot team references * Add DoNot team references. [Bart] * Merge pull request #379 from rmkml/master. [Alexandre Dulaunoy] Add BlackWorm Ransomware * Merge branch 'danielplohmann-patch-8' [Alexandre Dulaunoy] * Merge branch 'patch-8' of https://github.com/danielplohmann/misp-galaxy into danielplohmann-patch-8. [Alexandre Dulaunoy] * Based on additional research, APT36 can actually be merged into Mythic Leopard. [Daniel Plohmann] * Merge pull request #377 from r0ny123/patch-2. [Alexandre Dulaunoy] Update threat-actor.json * Update threat-actor.json. [Rony] * Merge pull request #376 from r0ny123/patch-1. [Alexandre Dulaunoy] adding additional resources for APT36 * Update threat-actor.json. [Rony] * Adding additional resources for APT36. [Rony] * Merge pull request #375 from rmkml/master. [Alexandre Dulaunoy] Add Globe Imposter Ransomware * Merge pull request #374 from rmkml/master. [Alexandre Dulaunoy] Add Parasite HTTP RAT * Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili] * Add ref for Ryuk and LockerGoga ransomwares. [Deborah Servili] * Add Phobos Ransomware. [rmkml] * Add Cr1ptt0r Ransomware. [rmkml] * Add SpelevoEK. [rmkml] * Add Planetary Ransomware. [rmkml] * Add BigBobRoss Ransomware. [rmkml] * Add Caesar RAT. [rmkml] * Add Ave Maria Stealer. [rmkml] * Add Tellyouthepass Ransomware. [rmkml] * Add Vidar Stealer. [rmkml] * Add Brushaloader Malware. [rmkml] * Add BlackWorm Ransomware. [rmkml] * Add Globe Imposter Ransomware. [rmkml] * Add Parasite HTTP RAT. [rmkml] * Merge pull request #373 from danielplohmann/patch-7. [Alexandre Dulaunoy] adding FireEye's TMP.Lapis / APT36 * Adding FireEye's TMP.Lapis / APT36. [Daniel Plohmann] * Merge branch 'ismasma-master' [Alexandre Dulaunoy] * Merge branch 'master' of https://github.com/ismasma/misp-galaxy into ismasma-master. [Alexandre Dulaunoy] * Add payment method and price. [ismasma] * Merge pull request #371 from Delta-Sierra/master. [Alexandre Dulaunoy] Add Operation ShadowHammer * Add Operation ShadowHammer. [Deborah Servili] * Add relationship between Cardinal RAT and EVILNUM. [Deborah Servili] * Merge branch 'Delta-Sierra-master' [Alexandre Dulaunoy] * Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master. [Alexandre Dulaunoy] * Jq. [Deborah Servili] * Merge branch 'master' into master. [Deborah Servili] * Add Cardinal RAT ref. [Deborah Servili] * Add AOT-C-27 Goldmouse. [Deborah Servili] * Add SPOILER vulnerability + other minor changes. [Deborah Servili] * Remove mitre-relationships from readme. [Deborah Servili] * Merge pull request #370 from danielplohmann/patch-6. [Alexandre Dulaunoy] added APT-C-27 / GoldMouse * Added APT-C-27 / GoldMouse. [Daniel Plohmann] * Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] * Merge pull request #363 from Delta-Sierra/master. [Alexandre Dulaunoy] add H-worm RAT * Add H-worm RAT. [Deborah Servili] * Add: [attck4fraud] initial attck-like matrix for fraud from https://github.com/burritoblue/attck4fraud (WiP) [Alexandre Dulaunoy] * Merge pull request #362 from bartblaze/master. [Alexandre Dulaunoy] Update preventive-measure.json * Update preventive-measure.json. [Bart] Add ACL * Merge pull request #361 from Delta-Sierra/master. [Alexandre Dulaunoy] add Operation Comando - hit version 100 * Add Operation Comando - hit version 100. [Deborah Servili] * Merge pull request #359 from nyx0/master. [Alexandre Dulaunoy] add synonym, no need for uppercase in the name :) * Add synonym, no need for uppercase in the name :) [Thomas Dupuy] * Merge pull request #358 from Delta-Sierra/master. [Alexandre Dulaunoy] add attribution-confidence attribute to threat-actor * Add attribution-confidence attribute to threat-actor. [Deborah Servili] * Merge pull request #357 from Delta-Sierra/master. [Alexandre Dulaunoy] New clusters * Relations between SLUB Backdoor. [Deborah Servili] * Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy. [Deborah Servili] * Merge branch 'master' into master. [Deborah Servili] * Merge branch 'master' into master. [Deborah Servili] * Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili] * Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] * Merge pull request #356 from danielplohmann/patch-5. [Alexandre Dulaunoy] another actor described by 360TIC. * Update threat-actor.json. [Daniel Plohmann] another actor described by 360TIC. * Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] * Merge pull request #355 from danielplohmann/patch-4. [Alexandre Dulaunoy] FireEye upgraded TEMP.Periscope to APT40 * FireEye upgraded TEMP.Periscope to APT40. [Daniel Plohmann] * Add StealthWorker malware. [Deborah Servili] * Add SLUB backdoor. [Deborah Servili] * Add Jokeroo RaaS. [Deborah Servili] * Add operation Kabar Cobra. [Deborah Servili] * Add ref for garrantydecrypt. [Deborah Servili] * Add relation between Lazarus Group and Operation SharpShooter. [Deborah Servili] * Add Rising Sun Backdoor. [Deborah Servili] * Add Razdel. [Deborah Servili] * Merge pull request #350 from bartblaze/master. [Alexandre Dulaunoy] Add more info on Lotus Blossom * Add more info on Lotus Blossom. [Bart] Add 2 more references, fix typo - Trend calls it "Esile", not "Eslie" as mistakenly stated by CFR. The backdoor itself is commonly referred to as Elise. * Merge pull request #347 from bartblaze/master. [Alexandre Dulaunoy] Update cert-eu-motive.json * Update cert-eu-motive.json. [Bart] Fix typo * Merge pull request #346 from danielplohmann/patch-3. [Alexandre Dulaunoy] Two more actor names from GTR2019 * Two more actor names from GTR2019. [Daniel Plohmann] I found two more actor names while going again over the crowdstrike's report and updating the cross-references to malpedia. * Merge pull request #345 from danielplohmann/patch-2. [Alexandre Dulaunoy] Added missing actors from CrowdStrike GTR2019 * Added missing actors from CrowdStrike GTR2019. [Daniel Plohmann] * Merge pull request #344 from ITAYC0HEN/patch-1. [Alexandre Dulaunoy] Fix 404'd reference of BuhTrap * Fix 404'd reference of BuhTrap. [Itay Cohen] * Merge pull request #343 from mokaddem/newMitre. [Alexandre Dulaunoy] Added kill_chain_order in mitre-attack-pattern * Merge branch 'master' of https://github.com/MISP/misp-galaxy into newMitre. [mokaddem] * Merge pull request #342 from mokaddem/electionGuidelines. [Alexandre Dulaunoy] new: Added draft of the election guildelines galaxy * Merge pull request #320 from cvandeplas/mitre_attack. [Alexandre Dulaunoy] chg: [mitre] Deprecated pre/enterprise/mobile separate galaxies * Merge pull request #341 from Delta-Sierra/master. [Alexandre Dulaunoy] Add several clusters * Merge branch 'master' into master. [Deborah Servili] * Merge pull request #340 from nyx0/master. [Alexandre Dulaunoy] add ANEL/UPPERCUT in tool cluster * Add ANEL/UPPERCUT in tool cluster. [Thomas Dupuy] * Merge pull request #338 from netjinho/patch-1. [Alexandre Dulaunoy] Updated "Iran" name * Updated "Iran" name. [João Neto] This extra space leads to an unnecessary key error when parsing the json file * Merge pull request #337 from 3c7/synonym/velvet-chollima. [Alexandre Dulaunoy] Added Velvet Chollima as synonym to Kimsuki * Added Velvet Chollima as synonym to Kimsuki. [Nils Kuhnert] * Merge pull request #336 from 3c7/synonym/static-kitten. [Christophe Vandeplas] Added static kitten as synonym for MuddyWater * Added static kitten as synonym for MuddyWater. [Nils Kuhnert] * Merge pull request #334 from 3c7/synonym/cobalt-spider. [Alexandre Dulaunoy] Added Cobalt Spider as Synonym for Cobalt * Added Cobalt Spider reference. [Nils Kuhnert] * Added Cobalt Spider as Synonym for Cobalt. [Nils Kuhnert] * Merge pull request #335 from 3c7/synonym/turbine-panda. [Alexandre Dulaunoy] Added Turbine Panda as synonym for APT 26 * Added Turbine Panda as synonym for APT 26. [Nils Kuhnert] * Merge pull request #333 from 3c7/synonym/oceanbuffalo. [Alexandre Dulaunoy] Added Ocean Buffalo synonym for Ocean Lotus * Added Ocean Buffalo synonym for Ocean Lotus. [Nils Kuhnert] * Merge pull request #332 from Delta-Sierra/master. [Alexandre Dulaunoy] Add APT39 & LockerGoga * Merge pull request #331 from 3c7/synonym/quilted_tiger. [Alexandre Dulaunoy] Added Quilted Tiger as Synonym for Patchwork/Dropping Elephant. * Added Quilted Tiger as Synonym for Patchwork/Dropping Elephant. [Nils Kuhnert] * Merge pull request #330 from 3c7/synonym/shadow_crane. [Alexandre Dulaunoy] Added Shadow Crane as synonym for Dark Hotel. * Added Shadow Crane as synonym for Dark Hotel. [Nils Kuhnert] * Add Gallmaker and other clusters. [Deborah Servili] * Add OSX/Shlayer and some refs. [Deborah Servili] * Add Siesta campaign. [Deborah Servili] * Add APT39. [Deborah Servili] * Add LockerGoga ransomware. [Deborah Servili] * Merge pull request #329 from 3c7/synonym/stardustchollima. [Alexandre Dulaunoy] Added "Stardust Chollima" as synonym for Lazarus. * Added "Stardust Chollima" as synonym for Lazarus. [Nils Kuhnert] * Merge pull request #328 from Delta-Sierra/master. [Alexandre Dulaunoy] add Silence Group * Add Silence Group. [Deborah Servili] * Merge pull request #327 from nyx0/master. [Alexandre Dulaunoy] add alternative name for DarkHydrus * Add alternative name for DarkHydrus. [Thomas Dupuy] * Merge pull request #326 from Delta-Sierra/master. [Alexandre Dulaunoy] add Cold River Threat actor * Add LoJax ref. [Deborah Servili] * Add Cold River Threat actor. [Deborah Servili] * Merge pull request #325 from Delta-Sierra/master. [Alexandre Dulaunoy] add several ransomware and threat actors * Fix versions. [Deborah Servili] * Add several ransomware and threat actors. [Deborah Servili] * Merge pull request #324 from Delta-Sierra/master. [Alexandre Dulaunoy] TA505 threat actorand affiliates malwares * Add drakhydrus ref. [Deborah Servili] * TA505 threat actorand affiliates malwares. [Deborah Servili] * Merge pull request #322 from Delta-Sierra/master. [Alexandre Dulaunoy] add Cryptomix variants refs * Add hidenad synonym. [Deborah Servili] * Add Cryptomix variants refs. [Deborah Servili] * Merge pull request #321 from Delta-Sierra/master. [Alexandre Dulaunoy] add AndroidOS_HidenAd * Update version. [Deborah Servili] * Add AndroidOS_HidenAd. [Deborah Servili] * Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili] * Merge pull request #319 from cvandeplas/master. [Christophe Vandeplas] chg: [mitre] bump to latest MITRE ATT&CK dataset * MITRE galaxy regeneration + updated migration script. [Christophe Vandeplas] * MITRE sorted. [Christophe Vandeplas] While dicts were sorted, lists were not yet sorted. This current sort algo is not yet the best, but is a good start. A good sort is needed for better comparison afterwards with automated tools. In a next stage tt will also be needed in the validate_all scripts. * MITRE galaxy - initial conversion and migration script. [Christophe Vandeplas] this is not fully working yet ! * Merge pull request #318 from 3c7/feature/helixkitten. [Alexandre Dulaunoy] Added OilRig synonym "Helix Kitten". * Added OilRig synonym "Helix Kitten". [Nils Kuhnert] * Merge pull request #316 from danielplohmann/master. [Alexandre Dulaunoy] New name SNAKEMACKEREL for APT28 by Accenture * Microsoft alias for apt29 is YTTRIUM. [Daniel Plohmann] * New name SNAKEMACKEREL for APT28 by Accenture. [Daniel Plohmann] * Removed Puplishing industry. [Gerard Wagener] * Merge pull request #315 from Delta-Sierra/master. [Alexandre Dulaunoy] add OSX malwares * Merge pull request #314 from Delta-Sierra/master. [Alexandre Dulaunoy] New clusters * Add ransomwares. [Deborah Servili] * Add OSX malwares. [Deborah Servili] * Add operation sharpshooter. [Deborah Servili] * Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili] * Merge pull request #313 from Delta-Sierra/master. [Alexandre Dulaunoy] add some clusters or info * Merge pull request #310 from Delta-Sierra/master. [Alexandre Dulaunoy] add several clusters * Update toll version. [Deborah Servili] * Add shamoon synonym. [Deborah Servili] * Fix tool version. [Deborah Servili] * Fix exploit-kit version. [Deborah Servili] * Add some clusters or info. [Deborah Servili] * Add Goden Chickens and affiliates. [Deborah Servili] * Add ransomwares. [Deborah Servili] * Add Operation Poison Needles. [Deborah Servili] * Add clusters. [Deborah Servili] * Add several clusters. [Deborah Servili] * Merge branch 'Delta-Sierra-master' [Alexandre Dulaunoy] * Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master. [Alexandre Dulaunoy] * Add DNSpionage cluster. [Deborah Servili] * Add everbe rasomnotes. [Deborah Servili] * Add ransomwares. [Deborah Servili] * Add ransomwares. [Deborah Servili] * Merge pull request #309 from cvandeplas/master. [Alexandre Dulaunoy] pep8, include the misp-galaxy tag in the output * Pep8, include the misp-galaxy tag in the output. [Christophe Vandeplas] * Add: [doc] contribution doc added. [Alexandre Dulaunoy] * Merge pull request #306 from SteveClement/master. [Steve Clement] chg: [doc] Added some dependency pointers. * Merge pull request #305 from Delta-Sierra/master. [Alexandre Dulaunoy] Add Rotexy * Add Aurora Ransomware metadata. [Deborah Servili] * Add Aurora Ransomware synonym. [Deborah Servili] * Fix version. [Deborah Servili] * Add Rotexy. [Deborah Servili] * Merge pull request #304 from Delta-Sierra/master. [Alexandre Dulaunoy] add PNG Dropper * Update version. [Deborah Servili] * Add PNG Dropper. [Deborah Servili] * Merge pull request #303 from Delta-Sierra/master. [Deborah Servili] add several references for Emotet and others * Add reference for Emotet/Geodo. [Deborah Servili] * Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy. [Deborah Servili] * Add several references for Emotet and others. [Deborah Servili] * Merge pull request #302 from Delta-Sierra/master. [Alexandre Dulaunoy] update oilrig related clusters + others * Merge branch 'master' into master. [Deborah Servili] * Merge branch 'Delta-Sierra-master' [Alexandre Dulaunoy] * Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master. [Alexandre Dulaunoy] * Merge pull request #300 from Delta-Sierra/master. [Deborah Servili] add several rqansomware and HookAds campaign * Update oilrig related clusters + others. [Deborah Servili] * Fix rat galaxy version. [Deborah Servili] * Jq and add ref in tool galaxy -hit version 100- [Deborah Servili] * Add TheOneSpy. [Deborah Servili] * Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili] * Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] * Merge pull request #299 from b3n7s/patch-1. [Alexandre Dulaunoy] Update threat-actor.json * Update threat-actor.json. [Benoit Sevens] Add LuckyMouse link * Merge pull request #297 from danielplohmann/patch-1. [Alexandre Dulaunoy] added APT38 as (FireEye) alias for Lazarus * Added APT38 as (FireEye) alias for Lazarus. [Daniel Plohmann] cross-references in https://content.fireeye.com/apt/rpt-apt38 suggest the link to Lazarus. * Merge branch 'Delta-Sierra-master' [Alexandre Dulaunoy] * Add several rqansomware and HookAds campaign. [Deborah Servili] * Add/update ransomawares. [Deborah Servili] * Add several tools and refs. [Deborah Servili] * Merge pull request #296 from Delta-Sierra/master. [Deborah Servili] update ransomware galaxy * Update ransomware galaxy. [Deborah Servili] * Merge pull request #295 from Delta-Sierra/master. [Alexandre Dulaunoy] update Red Alert 2 Android Banking Trojan * Jq fix. [Deborah Servili] * Update version. [Deborah Servili] * Update Red Alert 2 Android Banking Trojan. [Deborah Servili] * Merge pull request #294 from Delta-Sierra/master. [Deborah Servili] add ransomwares * Add ransomwares. [Deborah Servili] * Merge pull request #293 from Delta-Sierra/master. [Alexandre Dulaunoy] add Operation EvilTraffic * Add Chalubo botnet (+ jqallthethings) [Deborah Servili] * Add Operation EvilTraffic. [Deborah Servili] * Add Operation EvilTraffic. [Deborah Servili] * Merge pull request #292 from 3c7/master. [Alexandre Dulaunoy] Corrected DarkHotel threat actor entry * Corrected DarkHotel threat actor entry. [Nils Kuhnert] * Merge pull request #291 from Delta-Sierra/master. [Deborah Servili] Clusters & references * Fix duplicate ref. [Deborah Servili] * Add August Stealer. [Deborah Servili] * Add NukeSped reference. [Deborah Servili] * Add GhostMiner. [Deborah Servili] * Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili] * Merge pull request #290 from cvandeplas/master. [Alexandre Dulaunoy] tool: experimental graphing tool * Tool: experimental graphing tool. [Christophe Vandeplas] * Merge pull request #289 from cvandeplas/master. [Alexandre Dulaunoy] chg: further categorization of galaxies * Merge pull request #288 from cvandeplas/master. [Alexandre Dulaunoy] categorization of galaxies * Jq. [Christophe Vandeplas] * Merge remote-tracking branch 'MISP/master' [Christophe Vandeplas] * Merge pull request #287 from cvandeplas/master. [Alexandre Dulaunoy] fixes an important bug in the gen_relations * Some minor fixes. [Andras Iklody] * Merge remote-tracking branch 'MISP/master' [Christophe Vandeplas] * Merge pull request #286 from Delta-Sierra/master. [Alexandre Dulaunoy] Several clusters, refs, others. * Merge pull request #285 from cvandeplas/master. [Alexandre Dulaunoy] MITRE relationships included in the respective cluster * Merge pull request #284 from cvandeplas/master. [Alexandre Dulaunoy] chg: mappings are now in the generated adoc * Add tools from https://github.com/misterch0c/shadowbroker. [Deborah Servili] * Add DarkPulsar and affiliates + update some refs. [Deborah Servili] * Add GreyEnergy. [Deborah Servili] * Add refs & synonyms. [Deborah Servili] * Add several refs. [Deborah Servili] * Add several refs. [Deborah Servili] * Add roaming mantis group. [Deborah Servili] * Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili] * Merge pull request #283 from cvandeplas/master. [Alexandre Dulaunoy] fixes + relations with malpedia * Jq sort keys. [Christophe Vandeplas] Allows automation to edit the files * Merge branch 'steffenenders-patch-1' [Alexandre Dulaunoy] * Jq all the things. [Alexandre Dulaunoy] * Updated malpedia.json to the current state. [Steffen Enders] Fetched the new malpedia galaxy cluster from https://malpedia.caad.fkie.fraunhofer.de/api/get/misp - this includes an additional ~120 new families. * Merge pull request #281 from Delta-Sierra/master. [Deborah Servili] add SAVEfiles ransomware * Merge pull request #280 from Delta-Sierra/master. [Deborah Servili] update matrix ransomware * Add magecart ref. [Deborah Servili] * Add SAVEfiles ransomware. [Deborah Servili] * Update version. [Deborah Servili] * Update matrix ransomware. [Deborah Servili] * Merge pull request #279 from Delta-Sierra/master. [Alexandre Dulaunoy] add Triout Android Malware * Add Triout Android Malware. [Deborah Servili] * Merge pull request #278 from Delta-Sierra/master. [Alexandre Dulaunoy] fix failed copy-paste * Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili] * Merge pull request #276 from Delta-Sierra/master. [Alexandre Dulaunoy] add CoalaBot + Kraken Cryptor Ransmware + refs * Merge pull request #277 from dadokkio/master. [Alexandre Dulaunoy] Added Malpedia Galaxy * Added Malpedia Galaxy. [Davide Arcuri] based on malpedia git repo * Merge pull request #274 from Delta-Sierra/master. [Alexandre Dulaunoy] Refs updates * Merge pull request #273 from Delta-Sierra/master. [Alexandre Dulaunoy] update synonyms & attributions * Merge pull request #272 from Delta-Sierra/master. [Deborah Servili] New clusters based on CIG Circular 66 – FASTCash ATM Cash Out Campaign * Merge pull request #271 from Delta-Sierra/master. [Alexandre Dulaunoy] Several updates * Fix failed copy-paste. [Deborah Servili] * Jq. [Deborah Servili] * Add CoalaBot + Kraken Cryptor Ransmware + refs. [Deborah Servili] * Add CoalaBot + Kraken Cryptor Ransmware + refs. [Deborah Servili] * Add Persirai botnet. [Deborah Servili] * Update Torii botnet. [Deborah Servili] * Add ref for Torii botnet. [Deborah Servili] * Add refs. [Deborah Servili] * Add ZEBROCY tool. [Deborah Servili] * Update regarding https://twitter.com/adulau/status/1047764090410737664. [Deborah Servili] * Update synonyms & attributions. [Deborah Servili] * Add NukeSped. [Deborah Servili] * Add FASTCash. [Deborah Servili] * Add ref for magecart. [Deborah Servili] * New threat actors & tools. [Deborah Servili] * Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili] * Merge pull request #270 from Delta-Sierra/master. [Alexandre Dulaunoy] new clusters, relations and information * Merge pull request #268 from botherder/master. [Alexandre Dulaunoy] Added missing country values * Added missing country values. [Nex] * Merge pull request #267 from Delta-Sierra/master. [Alexandre Dulaunoy] New clusters * Merge pull request #266 from Delta-Sierra/master. [Alexandre Dulaunoy] small updates * Merge pull request #265 from Delta-Sierra/master. [Alexandre Dulaunoy] new threat actors * Merge pull request #264 from Delta-Sierra/master. [Alexandre Dulaunoy] more clusters~ * Add synonym. [Deborah Servili] * Add refs. [Deborah Servili] * Jq. [Deborah Servili] * New clusters and informtion. [Deborah Servili] * New ransomware and relations. [Deborah Servili] * Add relationships on Mirai. [Deborah Servili] * Add references. [Deborah Servili] * Add BusyGasper android spyware. [Deborah Servili] * Add Cobalt Dickensthreat actor. [Deborah Servili] * Add remcos ref. [Deborah Servili] * Update version. [Deborah Servili] * Fix field mistake. [Deborah Servili] * Update Lazarus group cluster. [Deborah Servili] * New unnamedthreat actor. [Deborah Servili] * New threat actors. [Deborah Servili] * Merge. [Deborah Servili] * Merge pull request #263 from botherder/bahamut. [Alexandre Dulaunoy] Added Bahamut to threat actors list * Added Bahamut to threat actors list. [Nex] * Merge pull request #262 from botherder/mythic-leopard. [Alexandre Dulaunoy] Added additional name to C-Major * Added additional name to C-Major. [Nex] * Merge pull request #261 from botherder/dedup. [Alexandre Dulaunoy] Removed duplicates * Removed duplicates. [Nex] * Merge pull request #259 from botherder/country-sync. [Alexandre Dulaunoy] Synced country codes with suspected state sponsor * Synced country codes with suspected state sponsor. [Nex] * Merge pull request #258 from botherder/transparent-tribe. [Alexandre Dulaunoy] Merged Transparent Tribe in C-Major * Merged Transparent Tribe in C-Major. [Nex] * Merge pull request #257 from Delta-Sierra/master. [Alexandre Dulaunoy] adding and updating clusters * Merge pull request #256 from Delta-Sierra/master. [Alexandre Dulaunoy] add ref for operation Applejeus * Merge pull request #255 from Delta-Sierra/master. [Alexandre Dulaunoy] Schema update * Merge pull request #254 from Delta-Sierra/master. [Alexandre Dulaunoy] add ransomwares * Add notpetya and update jadeRAT. [Deborah Servili] * Add references. [Deborah Servili] * Add magentocore malware. [Deborah Servili] * Add blacknurse logo. [Deborah Servili] * Add blacknurse. [Deborah Servili] * Add Crypt0saur ransomware. [Deborah Servili] * Adding and updating clusters. [Deborah Servili] * Add description for sigma ransomware. [Deborah Servili] * Fix versions. [Deborah Servili] * Add ref for operation Applejeus. [Deborah Servili] * Fix version. [Deborah Servili] * Add Operation AppleJeus. [Deborah Servili] * Fix schema. [Deborah Servili] * Fix some relations. [Deborah Servili] * Clusters. [Deborah Servili] * More clusters~ [Deborah Servili] * Add CamuBot Banker Trojan. [Deborah Servili] * Jq~ [Deborah Servili] * Add ransomwares. [Deborah Servili] * Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili] * "jq all the thing (tm)" [Alexandre Dulaunoy] * Merge branch 'Kafeine-master' [Alexandre Dulaunoy] * Merge branch 'master' of https://github.com/Kafeine/misp-galaxy into Kafeine-master. [Alexandre Dulaunoy] * + Fallout. [Kafeine] * Hunter EK > Active. [Kafeine] * Adding Underminer EK. [Kafeine] * Status from Terror, Bingo and Astrum. [Kafeine] * Adapting to modification from Misp repository. [Kafeine] * Merge pull request #250 from Delta-Sierra/master. [Alexandre Dulaunoy] add cfr data * Add ransomware. [Deborah Servili] * Add cfr data. [Deborah Servili] * Update microsoft-activity-group.json version. [Deborah Servili] * Merge pull request #249 from Delta-Sierra/master. [Alexandre Dulaunoy] Update and add threat actors * More clusters. [Deborah Servili] * Add APT28/STRONTIUM refs. [Deborah Servili] * Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili] * Merge pull request #248 from Delta-Sierra/master. [Deborah Servili] merge black ruby duplicate (delete the newer) * Merge pull request #247 from Delta-Sierra/master. [Alexandre Dulaunoy] New clusters * Update Dharma Ransomware. [Deborah Servili] * Version update. [Deborah Servili] * Merge black ruby duplicate (delete the newer) [Deborah Servili] * Merge. [Deborah Servili] * Merge branch 'master' into master. [Deborah Servili] * Fix. [Deborah Servili] * Resolve merge confilct -I hope- [Deborah Servili] * Cosmetic change. [Christophe Vandeplas] * No change: dump files with sort_keys=True. [Christophe Vandeplas] This is needed to keep better track of the changes when other tools load and save the json files. * Merge pull request #246 from Delta-Sierra/master. [Deborah Servili] add Skygofree android spyware * Merge pull request #245 from Delta-Sierra/master. [Alexandre Dulaunoy] add tools used by SamSam * Merge pull request #244 from Delta-Sierra/master. [Deborah Servili] add ransomwares * Fix typo and missing uuid. [Deborah Servili] * Add Rosenbridge backdoor. [Deborah Servili] * Add KEYPASS ransomware. [Deborah Servili] * Add Skygofree android spyware. [Deborah Servili] * Add tools used by SamSam. [Deborah Servili] * Add ransomwares. [Deborah Servili] * Merge branch 'Delta-Sierra-master' [Alexandre Dulaunoy] * Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master. [Alexandre Dulaunoy] * Update schema. [Deborah Servili] * Update schema. [Deborah Servili] * Tags is an array. [Deborah Servili] * Relationship system - v2. [Deborah Servili] * Update some clusters and try to add a relationship system. [Deborah Servili] * Merge pull request #242 from Delta-Sierra/master. [Deborah Servili] add RedAlpha campaigns * Add RedAlpha campaigns. [Deborah Servili] * Merge pull request #239 from Delta-Sierra/master. [Alexandre Dulaunoy] more clusters * Delete forgotten conflict marker. [Deborah Servili] * Resolve merge conflict. [Deborah Servili] * Merge branch 'master' into master. [Deborah Servili] * Resolve merge conflict. [Deborah Servili] * Merge pull request #241 from 3c7/threat-actor/darkhydrus. [Andras Iklody] Added DarkHydrus * Added DarkHydrus. [Nils Kuhnert] * Merge pull request #240 from 3c7/fix/typos. [Alexandre Dulaunoy] Two small typos * Two small typos. [Nils Kuhnert] * Merge pull request #238 from Delta-Sierra/master. [Alexandre Dulaunoy] add Kronos Banking Trojan * Merge pull request #237 from Delta-Sierra/master. [Deborah Servili] Add CFR.org metadata into the galaxy - part 2 * Delete duplicate gorgon group. [Deborah Servili] * More clusters. [Deborah Servili] * Add Kronos Banking Trojan. [Deborah Servili] * Add CFR.org metadata into the galaxy - part 2. [Deborah Servili] * Merge https://github.com/MISP/misp-galaxy. [Deborah Servili] * Merge pull request #236 from raw-data/master. [Alexandre Dulaunoy] [add] new cluster + galaxy * [add] new backdoor cluster. [raw-data] * [add] new backdoor galaxy and cluster. [raw-data] * Merge branch 'master' of github.com:MISP/misp-galaxy. [Raphaël Vinot] * Merge pull request #235 from raw-data/master. [Alexandre Dulaunoy] [add] x1 new entry in stealer.json - AZORult * [add] x1 new entry in stealer.json - AZORult. [raw-data] * Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] * Merge pull request #234 from Delta-Sierra/master. [Alexandre Dulaunoy] cfr update -in progress- + add clusters associated to RANCOR * Merging attempt. [Deborah Servili] * Merge branch 'master' into master. [Deborah Servili] * Merge pull request #233 from Delta-Sierra/master. [Alexandre Dulaunoy] Add CFR.org metadata into the galaxy - Test * Merge pull request #231 from raw-data/master. [Alexandre Dulaunoy] [ADD] new entries in banker, rat and tool * [ADD] x1 new entry in tool.json - Koadic. [raw-data] * [ADD] x2 new rat - Sisfader, SocketPlayer. [raw-data] * [ADD] banker.json version bump. [raw-data] * [ADD] x2 new banker - Backswap, Karius. [raw-data] * Merge pull request #230 from 3c7/patch-1. [Alexandre Dulaunoy] Updated APT1 report link * Updated APT1 report link. [Nils Kuhnert] * Update cert-eu-govsector.json. [Deborah Servili] * Update cert-eu-govsector.json. [Deborah Servili] * Fix typo in type. [Deborah Servili] * Merge pull request #229 from iglocska/patch-1. [Andras Iklody] Fixed typo * Fixed typo. [Andras Iklody] * Merge pull request #228 from Delta-Sierra/master. [Alexandre Dulaunoy] add Thrip as threat actor * Merge pull request #227 from Delta-Sierra/master. [Andras Iklody] Ransomwares and Olympic Destroyer * Merge pull request #226 from Delta-Sierra/master. [Alexandre Dulaunoy] Even more clusters * Merge pull request #225 from Delta-Sierra/master. [Alexandre Dulaunoy] More ransomwares and other clusters * Add cfr related informations -still in progress- [Deborah Servili] * Cfr update -in progress + add clusters associated to RANCOR. [Deborah Servili] * Add cfr prefix for cfr data - test. [Deborah Servili] * Add CFR.org metadata into the galaxy - Test. [Deborah Servili] * Some updates. [Deborah Servili] * Update verion. [Deborah Servili] * Add Thrip as threat actor. [Deborah Servili] * Add olympic destroyer. [Deborah Servili] * Add severals ransomware. [Deborah Servili] * More clusters. [Deborah Servili] * Add cluster in threat actor. [Deborah Servili] * Add ClipboardWalletHijacker. [Deborah Servili] * Add MysteryBot in android galaxy. [Deborah Servili] * Add some ransomwares. [Deborah Servili] * Merge pull request #224 from Delta-Sierra/master. [Alexandre Dulaunoy] add some clusters * Add some tools. [Deborah Servili] * Update version. [Deborah Servili] * Add some clusters. [Deborah Servili] * Minor layout corrections - validate_all. [Christophe Vandeplas] * Merge pull request #222 from Kafeine/master. [Christophe Vandeplas] * Merge pull request 222. [Christophe Vandeplas] * Fix. [Kafeine] * + Glazunov. [Kafeine] * Guuid & + VenomKit. [Kafeine] * +ThreadKit. [Kafeine] * +Glazunov. [Kafeine] * Merge pull request #223 from Delta-Sierra/master. [Deborah Servili] Add tools * Add BabaYaga Malware. [Deborah Servili] * Add PLEAD. [Deborah Servili] * Merge pull request #221 from Delta-Sierra/master. [Alexandre Dulaunoy] New clusters * Add sigrun ransomware's ransomnotes. [Deborah Servili] * Add Sigrun ransomwaremeta data. [Deborah Servili] * Add Sigrun ransomware. [Deborah Servili] * Add another cryptomix variant. [Deborah Servili] * Add Brambul worm. [Deborah Servili] * Add Joanap RAT. [Deborah Servili] * Add: Iron Backdoor. [Alexandre Dulaunoy] * Merge pull request #220 from raw-data/master. [Alexandre Dulaunoy] [ADD] New Stealer galaxy and cluster * [FIX] botnet file link. [raw-data] * [ADD] Stealer galaxy definition. [raw-data] * [ADD] x2 new info/pwd stealers - Nocturnal Stealer, TeleGrab. [raw-data] * [ADD] Introduced stealer cluster. [raw-data] * Merge pull request #219 from raw-data/master. [Alexandre Dulaunoy] [ADD] x2 new entries for banker.json and rat.json * [ADD] NavRAT. [raw-data] * [ADD] DanaBot. [raw-data] * Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] * Merge pull request #218 from Delta-Sierra/master. [Alexandre Dulaunoy] fix typo in pre-attack-relationship script - thanks @Terrtia * Fix typo in pre-attack-relationship script - thanks @Terrtia. [Deborah Servili] * Merge pull request #217 from Terrtia/master. [Alexandre Dulaunoy] fix typo mitre-pre-attack-relationship * Fix typo mitre-pre-attack-relationship. [Thirion Aurélien] * Merge pull request #216 from raw-data/master. [Alexandre Dulaunoy] [ADD] VPNFilter in tool.json cluster * [ADD] VPNFilter in tool.json cluster. [raw-data] * Merge pull request #215 from raw-data/master. [Alexandre Dulaunoy] [ADD] Pontoeb, WICKED and Brain Food into botnet.json cluster * [ADD] Pontoeb, WICKED and Brain Food into botnet.json cluster. [raw-data] * Add: mitre-attack namespace for all the ATT&CK galaxies. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-galaxy. [Raphaël Vinot] * Merge pull request #214 from Delta-Sierra/master. [Deborah Servili] update mitre galaxies - add external id and killchain * Jq. [Deborah Servili] * Fix scripts for nobile and pre attack attack pattern. [Deborah Servili] * Jq. [Deborah Servili] * Update mitre galaxies - add external id and killchain. [Deborah Servili] * Merge pull request #213 from Delta-Sierra/master. [Alexandre Dulaunoy] update mitre 2.0 scripts to add external_id in meta * Update mitre 2.0 scripts to add external_id in meta (still need to be tested) [Deborah Servili] * Schema updated to have namespace key at galaxy level. [Alexandre Dulaunoy] * Merge pull request #211 from eCrimeLabs/master. [Alexandre Dulaunoy] Added links in relation to Threat-actor info from Dragos * Added data related to Dragos Adverseries. [Dennis Rand] * Merge pull request #2 from MISP/master. [eCrimeLabs] Updated from Core * Merge pull request #209 from raw-data/master. [Alexandre Dulaunoy] [ADD] RadRAT, ARS VBS Loader and FlawedAmmyy into rat.json cluster * [ADD] RadRAT, ARS VBS Loader and FlawedAmmyy into rat.json cluster. [raw-data] * Merge pull request #210 from Delta-Sierra/master. [Deborah Servili] update/add some clusters * Add Stalinlocker. [Deborah Servili] * Add Mettle botnet. [Deborah Servili] * Update some clusters. [Deborah Servili] * Merge pull request #208 from Delta-Sierra/master. [Deborah Servili] add maikspy * Merge https://github.com/MISP/misp-galaxy. [Deborah Servili] * Merge pull request #207 from Delta-Sierra/master. [Deborah Servili] New clusters * Merge pull request #206 from Delta-Sierra/master. [Alexandre Dulaunoy] update ransomware version * Merge pull request #205 from Delta-Sierra/master. [Deborah Servili] update - GandCrab v3 * Merge pull request #204 from Delta-Sierra/master. [Alexandre Dulaunoy] New clusters~ * Merge pull request #203 from Delta-Sierra/master. [Deborah Servili] add ZooPark campaign * Add maikspy. [Deborah Servili] * Jq~ [Deborah Servili] * Add reference for HNS botnet. [Deborah Servili] * Add HNS bot net & HPE iLO 4 Ransomware/Wiper. [Deborah Servili] * Add Kitty malware. [Deborah Servili] * Update version -oops- [Deborah Servili] * Update - GandCrab v3. [Deborah Servili] * Add an unnamed ransomware. [Deborah Servili] * Add spymaster pro as rat. [Deborah Servili] * Add ZooPark campaign. [Deborah Servili] * Add: threat actors from Dragos Inc. (based on https://dragos.com/adversaries.html) [Alexandre Dulaunoy] * Merge pull request #202 from Delta-Sierra/master. [Alexandre Dulaunoy] MOAR & MOAR Clusters * Jq. [Deborah Servili] * Add Rubella Macro Builder. [Deborah Servili] * Add GravityRAT. [Deborah Servili] * Add HOGFISH as APT10 synonym. [Deborah Servili] * Merge pull request #201 from Delta-Sierra/master. [Alexandre Dulaunoy] add Henbox * Add Henbox. [Deborah Servili] * Merge pull request #200 from Delta-Sierra/master. [Alexandre Dulaunoy] MOAR CLUSTERS * Add Orangeworm, Kwampirs, Iron ransomware and Ton ransomware. [Deborah Servili] * Add Muhstik botnet. [Deborah Servili] * Merge pull request #199 from StefanKelm/master. [Alexandre Dulaunoy] add NMCRYPT ransomware * NMCRYPT ransomware. [Stefan Kelm] * Merge pull request #198 from Delta-Sierra/master. [Deborah Servili] add Xiaoba * Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy. [Deborah Servili] * Update Ransomware galaxy version. [Deborah Servili] * Jq. [Deborah Servili] * Add Xiaoba. [Deborah Servili] * Merge pull request #197 from Delta-Sierra/master. [Deborah Servili] add some ransomwares * Merge https://github.com/MISP/misp-galaxy. [Deborah Servili] * Merge pull request #195 from droe/master. [Alexandre Dulaunoy] Add Comnie RAT * Add Comnie RAT. [Daniel Roethlisberger] * Merge pull request #194 from StefanKelm/master. [Alexandre Dulaunoy] Update to 'Chthonic' galaxy * Added 'Chtonic' synonym. [StefanKelm] * Remove Chthonic since it's a duplicate (banker.json) [StefanKelm] * Merge pull request #192 from Delta-Sierra/master. [Deborah Servili] add some ransomwares & threat actors * Merge pull request #191 from Delta-Sierra/master. [Deborah Servili] add Rovnix * Merge pull request #190 from Delta-Sierra/master. [Deborah Servili] add LockCrypt ransomware & GoScanSSH tool * Merge pull request #189 from Delta-Sierra/master. [Deborah Servili] add PUBG ransomware * Merge pull request #188 from Delta-Sierra/master. [Deborah Servili] update matrix ransomware * Merge pull request #187 from Delta-Sierra/master. [Deborah Servili] update threat actor galaxy based on https://www.fireeye.com/content/d… * Add some ransomwares. [Deborah Servili] * Add some ransomwares & threat actors. [Deborah Servili] * Add Rovnix. [Deborah Servili] * Add IcedID reference. [Deborah Servili] * Add GoScanSSH tool. [Deborah Servili] * Add LockCrypt ransomware. [Deborah Servili] * Jq. [Deborah Servili] * Add PUBG ransomware. [Deborah Servili] * Update matrix ransomware. [Deborah Servili] * Update version. [Deborah Servili] * Update matrix ransomware. [Deborah Servili] * Update threat actor galaxy based on https://www.fireeye.com/content/dam/collateral/en/mtrends-2018.pdf. [Deborah Servili] * Merge pull request #186 from Delta-Sierra/master. [Deborah Servili] add BlackRuby& WhiteRose ransomwares (+some fix) * Add BlackRuby& WhiteRose ransomwares (+some fix) [Deborah Servili] * Merge pull request #185 from Delta-Sierra/master. [Deborah Servili] merge the two Igexin clusters - fix #183 * Merge the two Igexin clusters - fix #183. [Deborah Servili] * Merge pull request #184 from Delta-Sierra/master. [Deborah Servili] add 2 -supposed- wipers * Add 2 -supposed- wipers. [Deborah Servili] * Merge pull request #182 from Delta-Sierra/master. [Deborah Servili] Add hajime botnet + update cryptomix (new variant) * Update ransomware galaxy versionC. [Deborah Servili] * Update cryptomix. [Deborah Servili] * Update botnet version. [Deborah Servili] * Complete hajime botnet. [Deborah Servili] * Add hajime botnet. [Deborah Servili] * Merge pull request #181 from Delta-Sierra/master. [Deborah Servili] add external_id to values (MITRE galaxies) * Jq. [Deborah Servili] * Add external_id to values. [Deborah Servili] * Add: SHARPKNOT. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-galaxy. [Raphaël Vinot] * Merge pull request #179 from Delta-Sierra/master. [Alexandre Dulaunoy] add several tools * Merge https://github.com/MISP/misp-galaxy. [Deborah Servili] * Add several tools. [Deborah Servili] * Merge pull request #176 from StefanKelm/master. [Alexandre Dulaunoy] Cosmetic changes only * Update mitre-enterprise-attack-intrusion-set.json. [StefanKelm] * Update create_mitre-enterprise-attack-tool_galaxy.py. [StefanKelm] * Update create_mitre-enterprise-attack-relationship_galaxy.py. [StefanKelm] * Update create_mitre-enterprise-attack-malware_galaxy.py. [StefanKelm] * Update create_mitre-enterprise-attack-intrusion-set_galaxy.py. [StefanKelm] * Update create_mitre-enterprise-attack-course-of-action_galaxy.py. [StefanKelm] * Update create_mitre-enterprise-attack-attack-pattern_galaxy.py. [StefanKelm] * Update mitre-enterprise-attack-intrusion-set.json. [StefanKelm] * Update README.md. [StefanKelm] * Update and rename mitre-entreprise-attack-tool.json to mitre-enterprise-attack-tool.json. [StefanKelm] * Rename mitre-entreprise-attack-relationship.json to mitre-enterprise-attack-relationship.json. [StefanKelm] * Update mitre-entreprise-attack-relationship.json. [StefanKelm] * Update and rename mitre-entreprise-attack-malware.json to mitre-enterprise-attack-malware.json. [StefanKelm] * Update and rename mitre-entreprise-attack-intrusion-set.json to mitre-enterprise-attack-intrusion-set.json. [StefanKelm] * Update and rename mitre-entreprise-attack-course-of-action.json to mitre-enterprise-attack-course-of-action.json. [StefanKelm] * Update and rename mitre-entreprise-attack-attack-pattern.json to mitre-enterprise-attack-attack-pattern.json. [StefanKelm] * Update and rename mitre-entreprise-attack-tool.json to mitre-enterprise-attack-tool.json. [StefanKelm] * Update and rename mitre-entreprise-attack-relationship.json to mitre-enterprise-attack-relationship.json. [StefanKelm] * Update and rename mitre-entreprise-attack-malware.json to mitre-enterprise-attack-malware.json. [StefanKelm] * Update and rename mitre-entreprise-attack-intrusion-set.json to mitre-enterprise-attack-intrusion-set.json. [StefanKelm] * Update mitre-enterprise-attack-course-of-action.json. [StefanKelm] * Update and rename mitre-entreprise-attack-course-of-action.json to mitre-enterprise-attack-course-of-action.json. [StefanKelm] * Update and rename mitre-entreprise-attack-attack-pattern.json to mitre-enterprise-attack-attack-pattern.json. [StefanKelm] * Merge pull request #175 from Delta-Sierra/master. [Deborah Servili] add Zenis ransomware * Update Android galaxy based on: https://source.android.com/security/reports/Google_Android_Security_2017_Report_Final.pdf - possible duplicates! [Deborah Servili] * Add Zenis ransomware. [Deborah Servili] * Merge pull request #174 from Delta-Sierra/master. [Deborah Servili] add gamut botnet * Merge branch 'master' into master. [Deborah Servili] * Merge pull request #173 from danielplohmann/leviathan. [Alexandre Dulaunoy] adding Leviathan / TEMP.Periscope * Added leviathan. [Daniel Plohmann (jupiter)] * Merge pull request #172 from eCrimeLabs/master. [Alexandre Dulaunoy] Added RoyalCli and RoyalDNS related to APT15 based on information from NCC Group * Added RoyalCli and RoyalDNS related to APT15 based on information from NCC Group. [Dennis Rand] * Merge pull request #1 from MISP/master. [eCrimeLabs] Syncing Fork * Merge pull request #171 from Delta-Sierra/master. [Alexandre Dulaunoy] add qwerty ransomware * Merge pull request #170 from eCrimeLabs/master. [Alexandre Dulaunoy] Malware Used by APT37 * Malware Used by APT37. [eCrimeLabs] Malware Used by APT37 * Added tools from APT37. [eCrimeLabs] Malware Used by APT37 * Merge pull request #167 from Delta-Sierra/master. [Alexandre Dulaunoy] update some clusters * Merge pull request #166 from Delta-Sierra/master. [Alexandre Dulaunoy] add Nautilus, Neuron and update GandCrab * Merge pull request #165 from Delta-Sierra/master. [Alexandre Dulaunoy] add some tools * Merge pull request #164 from Delta-Sierra/master. [Alexandre Dulaunoy] add RSAUtil and Coldroot * Merge pull request #163 from Delta-Sierra/master. [Alexandre Dulaunoy] Add TSCookie Malware and RAT * Add gamut botnet. [Deborah Servili] * Jq. [Deborah Servili] * Add qwertyransomware. [Deborah Servili] * Update version. [Deborah Servili] * Jq. [Deborah Servili] * Add missing uuid. [Deborah Servili] * Add ref for BS2005. [Deborah Servili] * Update Mirage Threat actor. [Deborah Servili] * Add Nautilus, Neuron and update GandCrab. [Deborah Servili] * Update GandCrab. [Deborah Servili] * Jq all the things. [Deborah Servili] * Add missing uuid. [Deborah Servili] * Add Shipup. [Deborah Servili] * Add ghotex. [Deborah Servili] * Add miniflame. [Deborah Servili] * Add Downloader-FGO. [Deborah Servili] * Add Cheshire Cat -hack.lu video as reference! [Deborah Servili] * Add Aurora/Hydraq. [Deborah Servili] * Add Rotinom. [Deborah Servili] * Add Exforel. [Deborah Servili] * Add RSAUtil and Coldroot. [Deborah Servili] * Add TSCookie Malware and RAT. [Deborah Servili] * Merge pull request #162 from Delta-Sierra/master. [Alexandre Dulaunoy] add uuid to every cluster * Jq. [Deborah Servili] * Merge https://github.com/MISP/misp-galaxy. [Deborah Servili] * Fix #161. [Alexandre Dulaunoy] * Merge pull request #160 from Delta-Sierra/master. [Alexandre Dulaunoy] add botnets to galaxy * Merge pull request #159 from Delta-Sierra/master. [Alexandre Dulaunoy] add MITRE Galaxies V2.0 * Modify argument in add_missing_uuid script. [Deborah Servili] * Jq ftw. [Deborah Servili] * Add uuid to every cluster. [Deborah Servili] * Add extension for Thanatos ransomware. [Deborah Servili] * Add botnets to galaxy. [Deborah Servili] * Add Thanatos ransomware. [Deborah Servili] * Removing duplicates refs - 2. [Deborah Servili] * Manage duplicate refs - first try. [Deborah Servili] * Clean version. [Deborah Servili] * Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili] * Add: UUID also at value level. [Alexandre Dulaunoy] * Merge pull request #157 from Delta-Sierra/master. [Alexandre Dulaunoy] add botnet galaxy and other stuffs * Merge pull request #156 from Delta-Sierra/master. [Alexandre Dulaunoy] complete gandcrab - add ransomnotes * Merge pull request #155 from Delta-Sierra/master. [Alexandre Dulaunoy] add gandcrap ransomware + update references * Jq all the things. [Deborah Servili] * Add uuid as a field. [Deborah Servili] * Fix empty meta field. [Deborah Servili] * Add MITRE Galaxies V2.0. [Deborah Servili] * Add botnet galaxy to readme. [Deborah Servili] * Create botnet galaxy. [Deborah Servili] * Add ShurL0ckr ransomware. [Deborah Servili] * Add synonym and ref for Emissary Panda (Iron Tiger APT) [Deborah Servili] * Jq. [Deborah Servili] * Complete gandcrab. [Deborah Servili] * Add gandcrap ransomware + update references. [Deborah Servili] * Merge branch 'Kafeine-master' [Alexandre Dulaunoy] * Merge branch 'master' of https://github.com/Kafeine/misp-galaxy into Kafeine-master. [Alexandre Dulaunoy] * ~Sakura description. [Kafeine] * +SPL Exploit Kit, ~Grandsoft. [Kafeine] * BlackTDS added. [Kafeine] * Merge pull request #153 from Delta-Sierra/master. [Alexandre Dulaunoy] add Smominru * Add Smominru. [Deborah Servili] * Merge pull request #152 from Delta-Sierra/master. [Alexandre Dulaunoy] add CrossRat * Add CrossRat. [Deborah Servili] * Add ref to Nexus Zeta. [Alexandre Dulaunoy] * Add: Nexus Zeta is no stranger when it comes to implementing SOAP relatedrelated exploit ;-) [Alexandre Dulaunoy] * Add: Matsuta IoT botnet added. [Alexandre Dulaunoy] * Merge pull request #151 from danielplohmann/dark-caracal. [Alexandre Dulaunoy] adding dark caracal * Adding dark caracal. [Daniel Plohmann] * Merge pull request #150 from Delta-Sierra/master. [Alexandre Dulaunoy] add Digmine * Add Digmine. [Deborah Servili] * Merge pull request #149 from Delta-Sierra/master. [Alexandre Dulaunoy] add downAndExec * Add downAndExec. [Deborah Servili] * Merge pull request #148 from Delta-Sierra/master. [Deborah Servili] add travle/PYLOT * Add travle/PYLOT. [Deborah Servili] * Merge pull request #147 from Delta-Sierra/master. [Deborah Servili] fix forgotten value Microcin * Fix forgotten value Microcin. [Deborah Servili] * Merge pull request #146 from Delta-Sierra/master. [Alexandre Dulaunoy] add macOS malwares * Add macOS malwares. [Deborah Servili] * Merge pull request #145 from Delta-Sierra/master. [Alexandre Dulaunoy] add monero miner * Add monero miner. [Deborah Servili] * Merge pull request #144 from Delta-Sierra/master. [Alexandre Dulaunoy] rename files + update README.md * Rename files + update README.md. [Deborah Servili] * Merge pull request #143 from Delta-Sierra/master. [Alexandre Dulaunoy] New galaxy Branded Vulnerability * New galaxy Branded Vulnerability. [Deborah Servili] * Add in preventive measures: blacklisting phone numbers. [Alexandre Dulaunoy] * Merge pull request #142 from Delta-Sierra/master. [Alexandre Dulaunoy] add SedKit * Jqallthethings. [Deborah Servili] * Update Sofacy tools. [Deborah Servili] * Modify SedKit description. [Deborah Servili] * Add SedKit. [Deborah Servili] * Merge pull request #141 from Delta-Sierra/master. [Alexandre Dulaunoy] add "Power"tools * Add "Power"tools. [Deborah Servili] * Merge pull request #140 from Delta-Sierra/master. [Alexandre Dulaunoy] add satori (Mirai Variant) * Add satori (Mirai Variant) [Deborah Servili] * Merge pull request #139 from Delta-Sierra/master. [Alexandre Dulaunoy] update Android galaxy * Merge https://github.com/MISP/misp-galaxy. [Deborah Servili] * Merge pull request #138 from Delta-Sierra/master. [Alexandre Dulaunoy] add source for NewCore RAT * Merge pull request #137 from Delta-Sierra/master. [Alexandre Dulaunoy] update OilRig threat actor * Merge pull request #136 from Delta-Sierra/master. [Alexandre Dulaunoy] add OSX.Pirrit * Add PRILEX & CUTLET MAKER. [Deborah Servili] * Add GratefulPOS. [Deborah Servili] * Update Android galaxy. [Deborah Servili] * Add source for NewCore RAT. [Deborah Servili] * Update OilRig threat actor. [Deborah Servili] * Add file spider ransomware. [Deborah Servili] * Add OSX.Pirrit. [Deborah Servili] * TRISIS is the main name of TRITON as discussed in https://twitter.com/DragosInc/status/941355602512613381. [Alexandre Dulaunoy] * TRITON added. [Alexandre Dulaunoy] * Merge pull request #135 from Delta-Sierra/master. [Alexandre Dulaunoy] add Quant Loader * Add SSHDoor. [Deborah Servili] * Add cryptomix variant. [Deborah Servili] * Add Quant Loader. [Deborah Servili] * Merge pull request #134 from Delta-Sierra/master. [Deborah Servili] Add MoneyTaker * Add MoneyTaker. [Deborah Servili] * Update threat actor galaxy. [Deborah Servili] * Merge pull request #133 from Delta-Sierra/master. [Deborah Servili] add source for BankBot * Add source for BankBot. [Deborah Servili] * Merge branch 'Delta-Sierra-master' [Alexandre Dulaunoy] * Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master. [Alexandre Dulaunoy] * Jq. [Deborah Servili] * Add malware/ransomwares. [Deborah Servili] * Merge conflict solved - wp-vcd added. [Alexandre Dulaunoy] * StrongPity2 added. [Alexandre Dulaunoy] * Merge pull request #131 from Delta-Sierra/master. [Deborah Servili] add SLocker * Add SLocker. [Deborah Servili] * Merge pull request #130 from Delta-Sierra/master. [Deborah Servili] add HC7 ransomware * Add HC7 ransomware. [Deborah Servili] * Merge pull request #129 from Delta-Sierra/master. [Deborah Servili] add StorageCrypt Ransomware * Add StorageCrypt Ransomware. [Deborah Servili] * Merge pull request #128 from Delta-Sierra/master. [Deborah Servili] add Halloware ransomware * Add Halloware ransomware. [Deborah Servili] * Merge pull request #127 from Delta-Sierra/master. [Deborah Servili] update cryptomix * Update cryptomix. [Deborah Servili] * Add: Tizi malware added. [Alexandre Dulaunoy] * Merge pull request #126 from Delta-Sierra/master. [Alexandre Dulaunoy] add UBoatRAT * Add UBoatRAT. [Deborah Servili] * Merge pull request #125 from Delta-Sierra/master. [Raphaël Vinot] update ROKRAT * Update ROKRAT. [Deborah Servili] * Merge pull request #124 from Delta-Sierra/master. [Deborah Servili] cryptomix - update * Cryptomix - update. [Deborah Servili] * Merge pull request #123 from Delta-Sierra/master. [Alexandre Dulaunoy] add IcedID banker * Add IcedID banker. [Deborah Servili] * Merge pull request #122 from Delta-Sierra/master. [Deborah Servili] cryptomix - merge duplicates and update * Cryptomix - add ransomnotes. [Deborah Servili] * Cryptomix - merge duplicates and update. [Deborah Servili] * Merge pull request #121 from Delta-Sierra/master. [Alexandre Dulaunoy] add Ordinypt * Add Ordinypt. [Deborah Servili] * Merge pull request #120 from Delta-Sierra/master. [Alexandre Dulaunoy] update tool galaxy * Jq. [Deborah Servili] * Update tool galaxy. [Deborah Servili] * Merge pull request #119 from steffenenders/patch-1. [Alexandre Dulaunoy] Fixed mixed up description/value for MuddyWater * Fixed mixed up description/value for MuddyWater. [steffenenders] * Merge pull request #118 from Delta-Sierra/master. [Alexandre Dulaunoy] add MuddyWater + Update HIDDEN COBRA and update its tools * Add MuddyWater + Update HIDDEN COBRA and update its tools. [Deborah Servili] * Merge pull request #117 from Delta-Sierra/master. [Alexandre Dulaunoy] add Silence Trojan * Add Silence Trojan. [Deborah Servili] * Merge pull request #116 from Delta-Sierra/master. [Alexandre Dulaunoy] Fix typo * Update version number. [Deborah Servili] * Merge https://github.com/MISP/misp-galaxy. [Deborah Servili] * Merge pull request #115 from Delta-Sierra/master. [Alexandre Dulaunoy] add ALMA Communicator * Merge pull request #114 from Delta-Sierra/master. [Alexandre Dulaunoy] add Sowbug group * Merge pull request #113 from Delta-Sierra/master. [Alexandre Dulaunoy] add sector vocabulary * Merge pull request #112 from Delta-Sierra/master. [Deborah Servili] update Felismus RAT * Merge pull request #111 from Delta-Sierra/master. [Alexandre Dulaunoy] Fix README.md AGAIN * Fix typo - Spaaaace~ [Deborah Servili] * Add ALMA Communicator. [Deborah Servili] * Add Sowbug group. [Deborah Servili] * Add sector vocabulary. [Deborah Servili] * Update Falismus RAT. [Deborah Servili] * Merge https://github.com/MISP/misp-galaxy. [Deborah Servili] * Merge pull request #110 from Delta-Sierra/master. [Alexandre Dulaunoy] Fix README.md * ##comma## AGAIN. [Deborah Servili] * Merge https://github.com/MISP/misp-galaxy. [Deborah Servili] * Merge pull request #108 from sbrom/master. [Alexandre Dulaunoy] Updated with data from APT Groups and Operations * Merge pull request #4 from frbor/fix-iso-code-3. [sbrom] Fix iso codes * Fix-iso-code-3. [Fredrik Borg] * Fix iso codes. [Fredrik Borg] * Merge pull request #2 from frbor/master. [sbrom] Remove duplicate references * Merge branch 'fix-duplicates' [Fredrik Borg] * Remove duplicate references. [Fredrik Borg] * Merge pull request #1 from frbor/master. [sbrom] Replace tab with space and add newline at end of file * Replace tab with space and add newline at end of file. [Fredrik Borg] * Updated with data from APT Groups and Operations. [Siri Bromander] * Merge pull request #109 from Delta-Sierra/master. [Alexandre Dulaunoy] update README * ##comma## [Deborah Servili] * Update README. [Deborah Servili] * Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] * Merge pull request #107 from frbor/iso-codes. [Raphaël Vinot] Use standard (2 digits) ISO codes for all countries * Bump version number. [Fredrik Borg] * Use standard (2 digits) ISO codes for all countries. [Fredrik Borg] * Update banker galaxy. [Raphaël Vinot] * Merge branch 'master' of github.com:MISP/misp-galaxy. [Raphaël Vinot] * Merge pull request #106 from Delta-Sierra/master. [Deborah Servili] add htpRAT * Add htpRAT. [Deborah Servili] * Merge pull request #105 from Delta-Sierra/master. [Alexandre Dulaunoy] add dimnie * Add dimnie. [Deborah Servili] * Merge pull request #104 from Delta-Sierra/master. [Alexandre Dulaunoy] add ttp-categories descriptions * Add ttp-categories descripiions. [Deborah Servili] * Merge pull request #103 from Delta-Sierra/master. [Deborah Servili] add Formbook * Fix typo. [Deborah Servili] * Add Formbook. [Deborah Servili] * Cosmetic updates. [Raphaël Vinot] * Deduplicate Android cluster. [Raphaël Vinot] * Merge branch 'master' of github.com:MISP/misp-galaxy. [Raphaël Vinot] * Merge pull request #102 from Delta-Sierra/master. [Alexandre Dulaunoy] delete x_ prefix from mitre_attack_pattern * Jq. [Deborah Servili] * Add galaxy icon to mitre-cti tools & regenerate galaxies. [Deborah Servili] * Delete x_ prefix from mitre_attack_pattern. [Deborah Servili] * Add android and banker galaxies. [Raphaël Vinot] * Remove the executable flag from the json files, again. [Raphaël Vinot] * Merge branch 'master' of github.com:MISP/misp-galaxy. [Raphaël Vinot] * Merge pull request #101 from Delta-Sierra/master. [Deborah Servili] add BadRabbit ransomware * Add BadRabbit ransomware. [Deborah Servili] * Merge pull request #100 from Delta-Sierra/master. [Alexandre Dulaunoy] add cert EU govsectors galaxy * Update README.md. [Deborah Servili] * Add cert EU govsectors galaxy. [Deborah Servili] * Merge pull request #99 from Delta-Sierra/master. [Deborah Servili] typo * Typo. [Deborah Servili] * SOCKET23 RAT added. [Alexandre Dulaunoy] * JadeRAT added. [Alexandre Dulaunoy] * Merge pull request #98 from Delta-Sierra/master. [Alexandre Dulaunoy] add cert-eu based vocabularies * Jq. [Deborah Servili] * Add IoT_reaper. [Deborah Servili] * Delete duplicate. [Deborah Servili] * Add cert-eu based vocabularies. [Deborah Servili] * Jq all the things. [Alexandre Dulaunoy] * Merge pull request #97 from Delta-Sierra/master. [Alexandre Dulaunoy] add synonym in tool galaxy * Add synonym in tool galaxy. [Deborah Servili] * Merge pull request #96 from Delta-Sierra/master. [Alexandre Dulaunoy] add cert EU's motive vocabulary * ##comma## [Deborah Servili] * Add cert EU's motive vocabulary. [Deborah Servili] * Merge pull request #95 from Delta-Sierra/master. [Alexandre Dulaunoy] add sectors galaxy * Add sectors galaxy. [Deborah Servili] * Merge pull request #94 from Delta-Sierra/master. [Alexandre Dulaunoy] add lukitus extension to Locky * Add lukitus ransomnote to Locky. [Deborah Servili] * Add lukitus extension to Locky. [Deborah Servili] * Merge pull request #93 from Delta-Sierra/master. [Alexandre Dulaunoy] add year of apparition for Rats + fixing some typos * Fix typo. [Deborah Servili] * Add year of apparition for Rats + fixing some typos. [Deborah Servili] * Merge pull request #92 from Delta-Sierra/master. [Alexandre Dulaunoy] add Remote Access/Administration Tools * Jq. [Deborah Servili] * Add Remote Access/Administration Tools. [Deborah Servili] * Merge pull request #91 from danielplohmann/apt33. [Alexandre Dulaunoy] add APT33 as identified by FireEye * Add APT33 as identified by FireEye. [Daniel Plohmann] * Schema updated to include icon field. [Alexandre Dulaunoy] * As now everything is in the Blockchain, ransomware are too. [Alexandre Dulaunoy] * Icons for the grand Master who is redesigning the overall graphical view. [Alexandre Dulaunoy] * Merge pull request #90 from Delta-Sierra/master. [Deborah Servili] add Adwind RAT synonyms * Add Adwind RAT synonyms. [Deborah Servili] * Fix typo. [Deborah Servili] * Merge pull request #89 from Delta-Sierra/master. [Deborah Servili] add SyncCrypt Ransomwar * Add SyncCrypt Ransomwar. [Deborah Servili] * Merge pull request #88 from Delta-Sierra/master. [Deborah Servili] add SynAck Ransomware * Add SynAck Ransomware ransomnote's name. [Deborah Servili] * Add SynAck Ransomware. [Deborah Servili] * Merge pull request #87 from Delta-Sierra/master. [Alexandre Dulaunoy] add tools and rat * Fix typo~ [Deborah Servili] * Add tools and rat. [Deborah Servili] * Remove the executable flag from the json files. [Raphaël Vinot] * JQ all the things. [Raphaël Vinot] * Fixed with jq ;-) [Alexandre Dulaunoy] * Merge pull request #86 from Kafeine/master. [Alexandre Dulaunoy] Up EK and TDS * Merge branch 'master' into master. [Kafeine] * Merge pull request #85 from Delta-Sierra/master. [Deborah Servili] add ransomwares * Add ransomwares. [Deborah Servili] * Merge pull request #84 from Delta-Sierra/master. [Alexandre Dulaunoy] add fireball malware * Add fireball malware. [Deborah Servili] * Merge pull request #83 from Delta-Sierra/master. [Alexandre Dulaunoy] add Joao malware * Add Joao malware. [Deborah Servili] * EngineBox malware added. [Alexandre Dulaunoy] * Adversarial Tactics, Techniques & Common Knowledge from MITRE ATT&CK added. [Alexandre Dulaunoy] * Merge pull request #82 from Delta-Sierra/master. [Alexandre Dulaunoy] update mitre galaxies and scripts * Jq. [Deborah Servili] * Update mitre galaxies. [Deborah Servili] * Script mitre - version given as an input + renaming. [Deborah Servili] * Merge pull request #81 from Delta-Sierra/master. [Alexandre Dulaunoy] Fixed some issues with a misnamed galaxy - script * Fixed some issues with a misnamed galaxy - script. [Deborah Servili] * Fixed some issues with a misnamed galaxy. [iglocska] * Merge pull request #80 from Delta-Sierra/master. [Alexandre Dulaunoy] add mitre based galaxies * Version is integer. [Deborah Servili] * Put uuid as meta. [Deborah Servili] * New generation of mitre galaxies. [Deborah Servili] * Fix mitre-cti script - replace 'name' by 'value' [Deborah Servili] * Add mitre based galaxies. [Deborah Servili] * Asciidoctor-pdf is now stable. [Alexandre Dulaunoy] * Documentation generator added. [Alexandre Dulaunoy] * Merge pull request #79 from Delta-Sierra/master. [Alexandre Dulaunoy] add scripts to create galaxy from https://github.com/mitre/cti/tree/master/ATTACK * Add scripts to create galaxy from https://github.com/mitre/cti/tree/master/ATTACK - still under testing. [Deborah Servili] * Fix space typo. [Deborah Servili] * Merge pull request #78 from Delta-Sierra/master. [Alexandre Dulaunoy] add GlobeImposter synonym * Type is array -shh I'm bad with the format, I know. [Deborah Servili] * Type is meta. [Deborah Servili] * Jq~ [Deborah Servili] * Add/update tool galaxy. [Deborah Servili] * Add GlobeImposter synonym. [Deborah Servili] * Merge pull request #75 from Delta-Sierra/master. [Raphaël Vinot] add svpeng tool * Jq. [Deborah Servili] * Merge branch 'master' into master. [Deborah Servili] * Try to merge 'CowerSnail added' [Deborah Servili] * Add svpeng tool. [Deborah Servili] * Merge pull request #77 from danielplohmann/fin7. [Raphaël Vinot] added FIN7 as alias for anunak * Added FIN7 as alias for anunak. [Daniel Plohmann] * Merge pull request #76 from danielplohmann/axiom-merge. [Raphaël Vinot] merged barium into axiom (only one redundant reference given) * Merged barium into axiom (only one redundant reference given) [Daniel Plohmann] * CowerSnail added. [Alexandre Dulaunoy] * Remove duplicates. [Raphaël Vinot] * Merge pull request #74 from Delta-Sierra/master. [Raphaël Vinot] adding clusters based on MISP data * Clean tool.json. [Deborah Servili] * Update Spring Dragon threat actor. [Deborah Servili] * Adding clusters based on MISP data. [Deborah Servili] * Add missing name XtremeRAT. [Raphaël Vinot] * Merge branch 'master' of github.com:MISP/misp-galaxy. [Raphaël Vinot] * Add validators for vocabularies and misp. [Raphaël Vinot] * Remove empty string. [Raphaël Vinot] * Add new entries in meta key. [Raphaël Vinot] * Remove duplicates. [Raphaël Vinot] * Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] * Merge pull request #73 from Delta-Sierra/master. [Alexandre Dulaunoy] add cerber synonym * Add cerber synonym. [Deborah Servili] * Cobalt gang added. [Alexandre Dulaunoy] * El Machete added. [Alexandre Dulaunoy] * Merge pull request #72 from Delta-Sierra/master. [Alexandre Dulaunoy] add synonym for ammyyadmin * Merge https://github.com/MISP/misp-galaxy. [Deborah Servili] * Merge pull request #71 from Delta-Sierra/master. [Alexandre Dulaunoy] Add SOREBRECT ransomware * Add synonym for ammyyadmin. [Deborah Servili] * Add SOREBRECT ransomware. [Deborah Servili] * Jq all ;-) [Alexandre Dulaunoy] * Merge pull request #70 from jaimeblasco/master. [Alexandre Dulaunoy] Added FIN8 actor * Added FIN8 actor. [Jaime] * Merge pull request #69 from Delta-Sierra/master. [Alexandre Dulaunoy] alwaaays moooore RAT * Merge https://github.com/MISP/misp-galaxy. [Deborah Servili] * Merge pull request #68 from Delta-Sierra/master. [Alexandre Dulaunoy] add rats * Alwaaays moooore RAT. [Deborah Servili] * Add rats from https://www.lifewire.com/free-remote-access-software-tools-2625161. [Deborah Servili] * Add rats. [Deborah Servili] * Validation added. [Alexandre Dulaunoy] * Jq. [Alexandre Dulaunoy] * Merge pull request #67 from Delta-Sierra/master. [Alexandre Dulaunoy] add some rats and tools * Add some rats sand tools. [Deborah Servili] * Merge pull request #66 from elhoim/patch-2. [Alexandre Dulaunoy] Added Symantec alias for sofacy * Added Symantec alias for sofacy. [David André] * Merge pull request #65 from danielplohmann/hidden-cobra-lazarus. [Alexandre Dulaunoy] added Hidden Cobra as alias for Lazarus Group * Merge branch 'master' into hidden-cobra-lazarus. [danielplohmann] * Merge pull request #64 from danielplohmann/threat-actor-electrum. [Alexandre Dulaunoy] Threat actor electrum * Added ELECTRUM to threat-actor.json (afaik not confirmed as an alias atm) [Daniel Plohmann] * Added PLATINUM to threat-actor.json (afaik not confirmed as an alias atm) [Daniel Plohmann] * Added Hidden Cobra as alias for Lazarus Group. [Daniel Plohmann (jupiter)] * Merge pull request #62 from Delta-Sierra/master. [Raphaël Vinot] update rat galaxy * Merge https://github.com/MISP/misp-galaxy. [Deborah Servili] * Merge pull request #58 from danielplohmann/wildneutron. [Alexandre Dulaunoy] added WildNeutron (Morph, Butterfly, Sphinx Moth) * Added WildNeutron (Morph, Butterfly, Sphinx Moth) [Daniel Plohmann (jupiter)] * Merge pull request #61 from Delta-Sierra/master. [Alexandre Dulaunoy] edit threat actor - should fix #59 and #60 * Update rat. [Deborah Servili] * Edit threat actor - should fix #59 and #60. [Deborah Servili] * Merge pull request #56 from elhoim/patch-1. [Alexandre Dulaunoy] Added synonyms for APT10 and one for APT1 * Added synonyms for APT10 and one for APT1. [David André] * RAT added. [Alexandre Dulaunoy] * Merge pull request #57 from Delta-Sierra/master. [Alexandre Dulaunoy] add rat galaxy * Jq. [Deborah Servili] * Add RAT listed in https://github.com/kevthehermit/RATDecoders. [Deborah Servili] * Add rat galaxy. [Deborah Servili] * SilverTerrier added. [Alexandre Dulaunoy] * Jq all. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] * Merge pull request #54 from Delta-Sierra/master. [Alexandre Dulaunoy] add Uiwik ransomware * Jq 'n ##COMMA## [Deborah Servili] * Add Uiwik ransomware. [Deborah Servili] * Merge pull request #53 from Delta-Sierra/master. [Alexandre Dulaunoy] add synonym - half done * Add synonym and cleaning. [Deborah Servili] * Merge hiddentear & cryptear data. [Deborah Servili] * Add synonym - half done. [Deborah Servili] * Add synonym - step 1. [Deborah Servili] * Merge pull request #52 from Delta-Sierra/master. [Alexandre Dulaunoy] add synonym to hancitor * Add synonym to hancitor. [Deborah Servili] * Merge pull request #51 from Delta-Sierra/master. [Alexandre Dulaunoy] add jaff Ransomware * Add jaff Ransomwarejq-ed. [Deborah Servili] * Add jaff Ransomware. [Deborah Servili] * Emotet/Geodo added. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] * Merge pull request #50 from Delta-Sierra/master. [Alexandre Dulaunoy] Update ransomware galaxy - possible duplicate * Property requirement updated. [Deborah Servili] * Update Wannacry ransomware. [Deborah Servili] * Make it mergable (try to) [Deborah Servili] * Update ransomware galaxy - possible duplicate. [Déborah Servili] * Remove duplicate ref. [Alexandre Dulaunoy] * Input from Deborah incorporated. [Alexandre Dulaunoy] * APT32 added. [Alexandre Dulaunoy] * WannaCry added. [Alexandre Dulaunoy] * PDF added. [Alexandre Dulaunoy] * Fixed the double trailing dot. [Alexandre Dulaunoy] * Add meaningful infobox. [Alexandre Dulaunoy] * A tool to convert MISP Galaxy Cluster into an asciidoctor document. [Alexandre Dulaunoy] * Kazuar: Multiplatform Espionage Backdoor with API Access added. [Alexandre Dulaunoy] * Duplicate references removed. [Alexandre Dulaunoy] * Merge pull request #49 from Delta-Sierra/master. [Alexandre Dulaunoy] reformat ransomware galaxy * Add source to please the schema~ [Déborah Servili] * Change sources for authors. [Déborah Servili] * Jq on ransomware. [Déborah Servili] * Managing duplicate. [Déborah Servili] * Managing duplicate. [Déborah Servili] * Reformat ransomware galaxy - including http://pastebin.com/raw/GHgpWjar. [Déborah Servili] * Reformat ransomware galaxy. [Déborah Servili] * Additional properties allowed on the meta part. [Alexandre Dulaunoy] * REDLEAVES malware added. [Alexandre Dulaunoy] * Merge pull request #48 from Delta-Sierra/master. [Raphaël Vinot] add Cardinal RAT * Update tools. [Déborah Servili] * Feodo added. [Alexandre Dulaunoy] * FlexiSpy. [Alexandre Dulaunoy] * Shadow broker leak of NSA tools from https://github.com/misterch0c/shadowbroker. [Alexandre Dulaunoy] * First batch of shadow broker leak (NSA name of exploit and tools) from https://github.com/misterch0c/shadowbroker. [Alexandre Dulaunoy] * Jq all. [Alexandre Dulaunoy] * Merge pull request #40 from Kafeine/master. [Alexandre Dulaunoy] Updated. * Merge pull request #47 from Delta-Sierra/master. [Alexandre Dulaunoy] add synonyms for Da Vinci RCS * Merge pull request #46 from Delta-Sierra/master. [Alexandre Dulaunoy] Add some tools/threat actor * Add Cardinal RAT. [Déborah Servili] * Add synonyms for Da Vinci RCS. [Déborah Servili] * Merge https://github.com/MISP/misp-galaxy. [Déborah Servili] * Merge pull request #45 from Delta-Sierra/master. [Alexandre Dulaunoy] add tools from https://www.fireeye.com/blog/threat-research/2017/04/apt10_menupass_grou.html * ##comma## [Déborah Servili] * Add some tools/threat actor. [Déborah Servili] * Correct copypasta mistake. [Déborah Servili] * Merge https://github.com/MISP/misp-galaxy. [Déborah Servili] * Merge pull request #44 from Delta-Sierra/master. [Alexandre Dulaunoy] Update tool's galaxy * Add tools from https://www.fireeye.com/blog/threat-research/2017/04/apt10_menupass_grou.html. [Déborah Servili] * Update tool. [Déborah Servili] * Json fix. [Déborah Servili] * Update tool's galaxy using http://contagiodump.blogspot.lu/2013/03/mandiant-apt1-samples-categorized-by.html. [Déborah Servili] * Merge https://github.com/MISP/misp-galaxy. [Déborah Servili] * Longhorn (CIA) added. [Alexandre Dulaunoy] * Sathurbot added. [Alexandre Dulaunoy] * The product from NSO Group Technologies added to the list of tools. [Alexandre Dulaunoy] The Pegasus name is used as synonym of Chrysaor ;-) * The mysterious ZIRCONIUM activity group added. [Alexandre Dulaunoy] * Merge pull request #43 from nyx0/master. [Alexandre Dulaunoy] Add new Sednit name * Add new Sednit name according to https://www.secureworks.com/research/iron-twilight-supports-active-measures. [nyx0] * Trochilus and MoonWind RATs added. [Alexandre Dulaunoy] * KHRAT added. [Alexandre Dulaunoy] * Merge pull request #42 from chrisdoman/master. [Alexandre Dulaunoy] Added descriptions and reference to threat-actor json * Added descriptions and reference to threat-actor json. [chrisdoman] * JQ all. [Alexandre Dulaunoy] * Merge https://github.com/MISP/misp-galaxy. [Déborah Servili] * +WhiteHole +ref for Disdain. [Kafeine] * +disdain+captainblack-Neutrino. [Kafeine] * Update exploit-kit.json. [Kafeine] * Fix. [Kafeine] * +Bingo -- Hunter > Retired. [Kafeine] * Update tds.json. [Kafeine] * Fix. [Kafeine] * Update Terror. [Kafeine] * Updated. [Kafeine] Blaze <-> Terror - Updated Sundown and Nebula status * Merge branch 'master' into master. [Raphaël Vinot] * JQ all the things. [Raphaël Vinot] * Merge pull request #41 from CERT-Bund/patch-1. [Raphaël Vinot] Added groups, joined groups, added synonyms (see extended description) * Fix typo. [Raphaël Vinot] * Added groups, joined groups, added synonyms (see extended description) [CERT-Bund] * IMEIJ added. [Alexandre Dulaunoy] * Missing \n at the end of the file. [Alexandre Dulaunoy] * Merge pull request #38 from chrisdoman/master. [Alexandre Dulaunoy] Added references * Ran jq. [Chris Doman] * Added references. [Chris Doman] Mostly added references to existing groups Capitalised DarkHotel, put a space in APT30 default name (the others had that) * Add: Gamaredon Group added. [Alexandre Dulaunoy] * Merge pull request #37 from cvandeplas/master. [Christophe Vandeplas] minor correction * Minor correction. [Christophe Vandeplas] * Merge pull request #36 from Th4nat0s/gutembergII. [Alexandre Dulaunoy] Gutemberg II * Remove duplicate of ratdecode import. [Thanat0s] * Add a bunch of rat from ratdecoder list. [Thanat0s] * Pimp Epic turla. [Thanat0s] * Pimp and agreggate turla. [Thanat0s] * Somes alias fetch from : https://attack.mitre.org/wiki/Groups. [Thanat0s] * Pimp comrat. [Thanat0s] * Pimp xneteagle. [Thanat0s] * Pimp xscontrol. [Thanat0s] * Update Xagent from aptnote Bitdefender-Whitepaper-APT-Mac-A4-en-EN-web(02-23-2017) [Thanat0s] * Pimp lecna/Backspace. [Thanat0s] * Pimp lecna/Backspace. [Thanat0s] * Pimp RarStone. [Thanat0s] * Pimp Pirpi. Hard to say:) [Thanat0s] * Pimp webc2. [Thanat0s] * Pimp winnti. [Thanat0s] * Pimp nettraveler. [Thanat0s] * Cleanup zeus duplicate in alias and name. [Thanat0s] * Update apt28 tools. [Thanat0s] * Remove duplicate AlienSpy. [Thanat0s] * Merge pull request #32 from Th4nat0s/donokilljson. [Alexandre Dulaunoy] modify validators to check json an format, stop on any error * Block by default, but usable anyway with param. [Thanat0s] * Modify validators to check json an format, stop on any error. [Thanat0s] * Merge pull request #30 from Th4nat0s/gutemberg. [Alexandre Dulaunoy] Gutemberg work.. * Add info to the famous mimikatz. [Thanat0s] * Add moudor info. [Thanat0s] * Add Tinba banking. [Thanat0s] * Udpate trojan.main. [Thanat0s] * Update evilgrab. [Thanat0s] * Remove coreshell duplicate. [Thanat0s] * Add derusbi. [Thanat0s] * Merge IEchecker et sasfi. [Thanat0s] * Go for caro, add hi-zor. [Thanat0s] * Fix side victims of schemaupdate. [Thanat0s] * Update 2 array. [Thanat0s] * Go 4 string. [Thanat0s] * Follow the format. [Thanat0s] * Json typo. [Thanat0s] * Locky removed > ransomware. [Thanat0s] * Json issue. [Thanat0s] * Generic plugx names. [Thanat0s] * Update. [Thanat0s] * Remove JOYRat -> team -> https://www.crowdstrike.com/blog/whois-numbered-panda/ [Thanat0s] * Remove Lstudio (group using elise) , add info to PWOBOT. [Thanat0s] * Remove EK and Ransomwares. [Thanat0s] * Gutemberg on first 10. [Thanat0s] * Merge pull request #33 from Th4nat0s/checkdup. [Alexandre Dulaunoy] Tool to find duplicate * Add tool to find duplicate. [Thanat0s] * PupyRAT added. [Alexandre Dulaunoy] * Strict schema, update clusters accordingly. [Raphaël Vinot] * Add validator for galaxies. [Raphaël Vinot] * Fix validation, remove duplicate. [Raphaël Vinot] * Initial Json schema. [Raphaël Vinot] * Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] * Merge pull request #29 from Delta-Sierra/master. [Alexandre Dulaunoy] add Erebus ransomware * Add Erebus ransomware. [Déborah Servili] * Merge pull request #28 from Kafeine/master. [Alexandre Dulaunoy] Added Microsoft Naming * StreamEX added. [Alexandre Dulaunoy] * ZeroT added. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] * Merge pull request #26 from Delta-Sierra/master. [Alexandre Dulaunoy] Change author name to 'Various' * Merge https://github.com/MISP/misp-galaxy. [Déborah Servili] * Change author name to 'Various' [Déborah Servili] * Flokibot added. [Alexandre Dulaunoy] * Merge pull request #25 from Delta-Sierra/master. [Alexandre Dulaunoy] ransomware galaxy * Fix galaxy ##comma## [Déborah Servili] * Ransomware galaxy. [Déborah Servili] * Merge pull request #24 from Delta-Sierra/master. [Alexandre Dulaunoy] add ransomware galaxy * Merge https://github.com/MISP/misp-galaxy. [Déborah Servili] * Merge pull request #23 from Delta-Sierra/master. [Alexandre Dulaunoy] improve csv_to_galaxy * Merge pull request #22 from Delta-Sierra/master. [Alexandre Dulaunoy] add csv to galaxy converter * Add ransomware galaxy. [Déborah Servili] * Improve csv_to_galaxy 2. [Déborah Servili] * Improve csv_to_galaxy. [Déborah Servili] * Merge https://github.com/MISP/misp-galaxy. [Déborah Servili] * Merge pull request #20 from cgi1/master. [Alexandre Dulaunoy] Adding Zeus to tools * Adding Zeus to tools. [cgi] * Greenbug added. [Alexandre Dulaunoy] * Tavdig was missing. [Alexandre Dulaunoy] * LuminosityLink RAT added. [Alexandre Dulaunoy] * EyePyramid added. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] * Merge pull request #18 from Delta-Sierra/master. [Alexandre Dulaunoy] add APT28's tools * GhostAdmin added. [Alexandre Dulaunoy] * Add csv to galaxy converter. [Déborah Servili] * Add APT28's tools. [Déborah Servili] * Equation Group added. [Alexandre Dulaunoy] * "the shoemaker's son always goes barefoot" Regin added. [Alexandre Dulaunoy] * Merge pull request #17 from Delta-Sierra/master. [Alexandre Dulaunoy] begin preventive-measure galaxy * Complete preventive-measure. [Déborah Servili] * Begin preventive-measure galaxy. [Déborah Servili] * Shamoon added. [Alexandre Dulaunoy] * Import manually cert-eu contribution. [Alexandre Dulaunoy] - Fix the meta attributes (like the motive field ) to be within meta and not outside - Remove some "null" values that seems to come from previous tests - Pretty-print the Javascript (better for diffing) * MM Core added. [Alexandre Dulaunoy] * Shiz Trojan + Shifu. [Alexandre Dulaunoy] * GeminiDuke added. [Alexandre Dulaunoy] * Separate APT30 from Naikon group. [Alexandre Dulaunoy] * PassCV group added. [Alexandre Dulaunoy] * Cadelle and Chafer groups added. [Alexandre Dulaunoy] * Exploit-kit and TDS added. [Alexandre Dulaunoy] * Merge pull request #15 from Kafeine/master. [Alexandre Dulaunoy] Exploit Kit and TDS Galaxies * Empire status, Nebula, Blaze/Terror. [Kafeine] * +Pangimop, alias Microsoft for magnitude. [Kafeine] * Fix. [Kafeine] * +Derbit alias for Sundown. [Kafeine] * Indent. [Kafeine] * Added Microsoft Naming. [root] * TDS Cluster: EOF. [root] * EK and TDS clusters : several minor fixes. [root] * EK and TDS clusters : Removed empty entries. [root] * TDS Cluster: json fix. [root] * EK Cluster : several fixes. [root] * EK Cluster typo fix. [root] * EK Cluster update. [root] * EK galaxie. [root] * Mwi added. [root] * Init. [root] * Clarification regarding the contribution and the different models. [Alexandre Dulaunoy] * Various updates including the addition of Chthonic Banking Trojan. [Alexandre Dulaunoy] * Packrat added. [Alexandre Dulaunoy] * DownRage added. [Alexandre Dulaunoy] * Java RAT updated. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] * Merge pull request #14 from Delta-Sierra/master. [Alexandre Dulaunoy] update readme * Update readme. [Déborah Servili] * Merge pull request #13 from Delta-Sierra/master. [Alexandre Dulaunoy] Add microsoft-activity-group cluster * ##comma## [Déborah Servili] * Add microsoft-activity-group cluster. [Déborah Servili] * Seaduke added. [Alexandre Dulaunoy] * MISP integration added. [Alexandre Dulaunoy] * MISP galaxy screenshot. [Alexandre Dulaunoy] * Operation Iron Tiger added as synonym. [Alexandre Dulaunoy] * Molerats, PROMETHIUM and NEODYMIUM added. [Alexandre Dulaunoy] * BlackEnergy malware family added. [Alexandre Dulaunoy] * TeleBots group added. [Alexandre Dulaunoy] * TERBIUM added. [Alexandre Dulaunoy] * Mirai and BASHLITE added. [Alexandre Dulaunoy] * Links fixed. [Alexandre Dulaunoy] * Added missing file. [Iglocska] * Threat-actor fixed. [Alexandre Dulaunoy] * Singular everywhere. [Alexandre Dulaunoy] * Singular everywhere. [Alexandre Dulaunoy] * Singular everywhere. [Alexandre Dulaunoy] * Singular everywhere. [Alexandre Dulaunoy] * Structure ready for MISP 2.4.56. [Alexandre Dulaunoy] * Fixed to merge PR #11. [Alexandre Dulaunoy] * Meta added as required by MISP 2.4.56. [Alexandre Dulaunoy] * Source added as required by MISP 2.4.56. [Alexandre Dulaunoy] * Source field added as required to MISP 2.4.56. [Alexandre Dulaunoy] * Add a source field for the clusters (required for MISP 2.4.56) [Alexandre Dulaunoy] * Merge pull request #10 from cvandeplas/master. [Alexandre Dulaunoy] Metushy, Uroburos, Pfinet synonyms added * Metushy, Uroburos, Pfinet synonyms added. [Christophe Vandeplas] * Yahoyah added. [Alexandre Dulaunoy] * Tropic Trooper added. [Alexandre Dulaunoy] * KeyBoy malware added. [Alexandre Dulaunoy] * Merge pull request #9 from cvandeplas/master. [Alexandre Dulaunoy] added Callisto threat actor, and removed duplicates * Added Callisto. [Christophe Vandeplas] * Removed duplicates. [Christophe Vandeplas] * Merge pull request #7 from cvandeplas/master. [Alexandre Dulaunoy] Added Rocket Kitten * Added Rocket Kitten. [Christophe Vandeplas] * Description added for Volatile Cedar. [Alexandre Dulaunoy] * Explosive malware added. [Alexandre Dulaunoy] * Volatile Cedar added. [Alexandre Dulaunoy] * OilRig added. [Alexandre Dulaunoy] * Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Iglocska] * Empire post-exploitation tool added. [Alexandre Dulaunoy] * Some small fixes. [Iglocska] - more uniform pluralisation - Added display name fields * Plural it's plural (tm) [Alexandre Dulaunoy] * README updated to reflect the new structure. [Alexandre Dulaunoy] * Threat actors simplified (no more groups) it's already in the value field. [Alexandre Dulaunoy] * Tools added. [Alexandre Dulaunoy] * Merge pull request #6 from MISP/restructure. [Alexandre Dulaunoy] Restructure * Typo fixed. [Alexandre Dulaunoy] * Typo fixed. [Alexandre Dulaunoy] * Some small fixes. [Iglocska] * Some small changes. [Iglocska] * Moving things around. [Iglocska] * Merge pull request #5 from cvandeplas/master. [Alexandre Dulaunoy] adding additional threat-actor-tools * Minor correction. [Christophe Vandeplas] * Added additional threat-actor-tools. [Christophe Vandeplas] * Merged branch master into master. [Christophe Vandeplas] * Houdini added. [Alexandre Dulaunoy] * Corrected typo in njRAT synonym. [Christophe Vandeplas] * Removed empty synonym. [Christophe Vandeplas] * Odinaff added. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] * Merge pull request #4 from cvandeplas/master. [Alexandre Dulaunoy] additional adversary groups * Additional adversary groups. [Christophe Vandeplas] Using as a source https://docs.google.com/spreadsheets/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/edit * TeamXRat added. [Alexandre Dulaunoy] * StrongPity added (more refs required) [Alexandre Dulaunoy] * Libyan Scorpions added. [Alexandre Dulaunoy] * FIN6 added. [Alexandre Dulaunoy] * Suckfly added. [Alexandre Dulaunoy] * GCMAN added. [Alexandre Dulaunoy] * More synonyms. [Alexandre Dulaunoy] * TA530 added. [Alexandre Dulaunoy] * Dust storm added. [Alexandre Dulaunoy] * More synonyms added. [Alexandre Dulaunoy] * Lazagne tools added. [Alexandre Dulaunoy] * Pirpi reference added. [Alexandre Dulaunoy] * Buckeye added. [Alexandre Dulaunoy] * Gothic Panda updated. [Alexandre Dulaunoy] * Sauron versus Project Sauron (Kasperksy used both) [Alexandre Dulaunoy] * License (PD) added. [Alexandre Dulaunoy] * Umbreon added. [Alexandre Dulaunoy] * Turla synonym added. [Alexandre Dulaunoy] * Ozone RAT added. [Alexandre Dulaunoy] * Typo fixed. [Alexandre Dulaunoy] * UUID added. [Alexandre Dulaunoy] * UUID added. [Alexandre Dulaunoy] * Mapping triples/machine tags with galaxy, clusters and so on. [Alexandre Dulaunoy] * Revert "Machine tags/triple tags mapping" [Alexandre Dulaunoy] This reverts commit 06e2372d6674f86e32c10216fcbf5e4ea3ee03f1. * Machine tags/triple tags mapping. [Alexandre Dulaunoy] * Make JSON key values inline with the other elements. [Alexandre Dulaunoy] * ProjectSauron added. [Alexandre Dulaunoy] * Badnews added. [Alexandre Dulaunoy] * Moonsoon added. [Alexandre Dulaunoy] * NANHAISHU added. [Alexandre Dulaunoy] * Threat Group-3390 added. [Alexandre Dulaunoy] * Moafee added. [Alexandre Dulaunoy] * DragonOK added. [Alexandre Dulaunoy] * Quedagh added. [Alexandre Dulaunoy] * Poseidon Group added. [Alexandre Dulaunoy] * Scarlet Mimic added. [Alexandre Dulaunoy] * Admin338 updated. [Alexandre Dulaunoy] * Turla is also known as Waterbug. [Alexandre Dulaunoy] * Prikormka malware added. [Alexandre Dulaunoy] * Operation Transparent Tribe added. [Alexandre Dulaunoy] * Crimson malwre added. [Alexandre Dulaunoy] * Mad Max malware added. [Alexandre Dulaunoy] * More references. [Alexandre Dulaunoy] * Chinastrats added. [Alexandre Dulaunoy] * HummingBad added. [Alexandre Dulaunoy] * Pacifier APT added. [Alexandre Dulaunoy] * More RU tools. [Alexandre Dulaunoy] * ScarCruft added. [Alexandre Dulaunoy] * ShimRAT added. [Alexandre Dulaunoy] * Darkhotel added. [Alexandre Dulaunoy] * IRONGATE added. [Alexandre Dulaunoy] * HDRoot added. [Alexandre Dulaunoy] * WINNTI reference updated. [Alexandre Dulaunoy] * Typo fixed. [Alexandre Dulaunoy] * HerHer Trojan and Helminth Backdoor added. [Alexandre Dulaunoy] * Stealth Falcon added. [Alexandre Dulaunoy] * Hancitor and Ruckguv added. [Alexandre Dulaunoy] * Pretty-print of the adversary groups. [Alexandre Dulaunoy] * Lazarus group (KP) added. [Alexandre Dulaunoy] * NanoCore RAT added. [Alexandre Dulaunoy] * Lost Door RAT added. [Alexandre Dulaunoy] * SPIVY added. [Alexandre Dulaunoy] * Laziok added. [Alexandre Dulaunoy] * PWOBot added. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] * Add Travis file (validate json files) [Raphaël Vinot] * Slempo added. [Alexandre Dulaunoy] * Timo Steffens contributed various refs, tools and actors. [Alexandre Dulaunoy] * PK actor added Operation C-Major. [Alexandre Dulaunoy] * Recommendation regarding the pull-request. [Alexandre Dulaunoy] * Backdoor.Dripion added. [Alexandre Dulaunoy] * Missing comma. [Christophe Vandeplas] * APT 4 synonyms added. [Alexandre Dulaunoy] * Snifula added. [Alexandre Dulaunoy] * More adversary tools. [Alexandre Dulaunoy] * More adversary tools added. [Alexandre Dulaunoy] * New synonyms and potential adversary groups. [Alexandre Dulaunoy] * More RATs added. [Alexandre Dulaunoy] * More RATs and description added. [Alexandre Dulaunoy] * Adversary tools added + some clarification. [Alexandre Dulaunoy] * Threat-actor tools added. [Alexandre Dulaunoy] * More adversaries tools. [Alexandre Dulaunoy] * First version of adversary tools. [Alexandre Dulaunoy] * Fix #3 - as black energy is sometimes mentioned as group (even if it seems to be more a campaign). [Alexandre Dulaunoy] * Nitro/CN added. [Alexandre Dulaunoy] * Codoso/CN added. [Alexandre Dulaunoy] * More IR. [Alexandre Dulaunoy] * More IR added. [Alexandre Dulaunoy] * Additional IR operation added. [Alexandre Dulaunoy] * SNOWGLOBE added. [Alexandre Dulaunoy] * New elements added. [Alexandre Dulaunoy] * Threat-actor-sophistication-vocabulary added. [Alexandre Dulaunoy] * The ThreatActorSophisticationVocab enumeration is used to define the default STIX vocabulary for expressing the subjective level of sophistication of a threat actor. [Alexandre Dulaunoy] * Threat actor type added. [Alexandre Dulaunoy] * Threat actor type vocabulary added. [Alexandre Dulaunoy] * Foxy Panda added. [Alexandre Dulaunoy] * Karma panda added. [Alexandre Dulaunoy] * New actors + refs added. [Alexandre Dulaunoy] * Planning-and-operational-support-vocabulary added. [Alexandre Dulaunoy] * The PlanningAndOperationalSupportVocab is the default STIX vocabulary for expressing the planning and operational support functions available to a threat actor. added. [Alexandre Dulaunoy] * Planning-and-operational-support-vocabulary added. [Alexandre Dulaunoy] * JSON beautified. [Alexandre Dulaunoy] * Description added. [Alexandre Dulaunoy] * More descriptions added. [Alexandre Dulaunoy] * Typo fixed. [Alexandre Dulaunoy] * More adversaries... [Alexandre Dulaunoy] * Thomas added. [Alexandre Dulaunoy] * More groups. [Alexandre Dulaunoy] * Synonyms updates. [Alexandre Dulaunoy] * RU and CN updates. [Alexandre Dulaunoy] * More actors CN,TN and RU + synonyms. [Alexandre Dulaunoy] * CN group updated. [Alexandre Dulaunoy] * IR group added. [Alexandre Dulaunoy] * RU synonym of TeamSpy. [Alexandre Dulaunoy] * AE group added. [Alexandre Dulaunoy] * CN synonyms added + IR group. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] * Merge pull request #1 from rotanid/patch-1. [Andras Iklody] fix small grammatical errors in README.md * Fix small grammatical errors in README.md. [Andreas Ziegler] * Certainty level added. [Alexandre Dulaunoy] * Certainty-level added. [Alexandre Dulaunoy] * Certainty level of an associated element or cluster added. [Alexandre Dulaunoy] * Adversary groups added. [Alexandre Dulaunoy] * APT groups renamed to adversary groups. [Alexandre Dulaunoy] * Deleted old APT groups. [Alexandre Dulaunoy] * Adversary groups instead of APT. [Alexandre Dulaunoy] * Adversary groups instead of APT. [Alexandre Dulaunoy] * Motivation vocabulary added. [Alexandre Dulaunoy] * Motivation vocabulary added. [Alexandre Dulaunoy] * The MotivationVocab is the default STIX vocabulary for expressing the motivation of a threat actor. [Alexandre Dulaunoy] * More CN-based groups. [Alexandre Dulaunoy] * More CN-based groups. [Alexandre Dulaunoy] * Some more CN actors. [Alexandre Dulaunoy] * More CN groups. [Alexandre Dulaunoy] * MISP distribution to be applied on cluster objects. [Alexandre Dulaunoy] * First explanation. [Alexandre Dulaunoy] * Some more CN groups. [Alexandre Dulaunoy] * More CN groups. [Alexandre Dulaunoy] * Groups array updated. [Alexandre Dulaunoy] * Description added + stix version reference. [Alexandre Dulaunoy] * More groups from RU. [Alexandre Dulaunoy] * Example of galaxy including a cluster which is default type where you can add as much element as you want. [Alexandre Dulaunoy] The elements are the default values known by MISP but a local instance can add more or overwrite some elements. 2021-04-26T10:23:08+00:00 yara v4.1.0 yara v4.1.0 2021-04-26T12:06:30+00:00 * New operators `icontains`, `endswith`, `iendswith`, `startswith`, `istartswith`. * Accept `\t` escape sequence in text strings. * Add `--no-follow-links` command-line option to yara. * Prevent yara from following links to "." (@1D2D). * Implemented non-blocking scanning API (@simonhf). * When a string causes too many matches, YARA raises a warning instead of failing (@wxsBSD). * BUGFIX: The use of `--timeout` could hang `yara` when scanning directories or lists of files (#1481). * BUGFIX: Incorrect parsing of PE certificates (#1443). * BUGFIX: Short-circuit evaluation not working fine with undefined expressions. 2021-04-26T12:06:30+00:00 org.quietmodem.Quiet v0.2.1 org.quietmodem.Quiet v0.2.1 2021-04-26T23:44:40+00:00 Let's use 48khz as a default instead of 44.1 2021-04-26T23:44:40+00:00 org.quietmodem.Quiet v0.2.2 org.quietmodem.Quiet v0.2.2 2021-04-26T23:51:02+00:00 2021-04-26T23:51:02+00:00 misp-objects v2.4.142 misp-objects v2.4.142 2021-04-27T04:14:41+00:00 ## v2.4.142 (2021-04-27) ### New * [doc] gitchangelog.rc added. [Alexandre Dulaunoy] * [dkim] DomainKeys Identified Mail - DKIM object template. [Alexandre Dulaunoy] * [windows-service] windows-service object added. [Alexandre Dulaunoy] * [telegram-user] basic telegram user. [Alexandre Dulaunoy] * [jarm] new jarm object to describe TLS/SSL implementation matching a jarm fingerprint. [Alexandre Dulaunoy] * GH workflow. [Raphaël Vinot] * [sh] Added process state. [Steve Clement] * [cpe-asset] an asset as defined with a CPE value. [Alexandre Dulaunoy] This object was created to support the use-case of pisax.org for the following use-case: - They define well-known assets which are used by IXPs and GRXs via their CPEs; - The assets are defined in a set of fixed/master MISP events; - Those events are used to query NVD/CVE database via cve-search (https://github.com/cve-search/cve-search) using a PyMISP script - Then the CVEs matching the CPE are added in MISP and dispatched to the sharing community of users as specific MISP events. * [gitlab-user] GitLab user. Gitlab.com user or self-hosted GitLab instance object template. [Alexandre Dulaunoy] * [github-user] a GitHub user object template. [Alexandre Dulaunoy] Based on the information seen on the web interface. * Android-app object template. [Raphaël Vinot] * [dev] add Twitter objects: twitter-account, twitter-list, twitter-post. add YouTube objects: youtube-channel, youtube-comment, youtube-playlist, youtube-video. add object: image. [VVX7] * [dev] add Reddit objects: reddit-account, reddit-post, reddit-comment, reddit-subreddit. [VVX7] * [dev] add facebook-account. [VVX7] * [dev] add facebook-post object. [VVX7] * [dev] add facebook-page object. [VVX7] * [dev] add facebook-group object. [VVX7] * Preliminary version of git-vuln-finder object template. [Raphaël Vinot] * Objects and relations for FollowTheMoney. [Raphaël Vinot] * [publication] jq'd the object. [VVX7] * [publication] add object to describe academic journals, books, etc. [VVX7] * Category FollowTheMoney. [Raphaël Vinot] To represent objects described there: https://docs.alephdata.org/developers/FollowTheMoney * [object] add scheduled-event, add social-media-group. [VVX7] * [object] add narrative. [VVX7] * Add covid19 dxy live object. [Raphaël Vinot] * Health object meta type. [Raphaël Vinot] * [crypto-material] add generic-symmetric-key. [Raphaël Vinot] * CSSE COVID-19 Dataset - Daily report. [Raphaël Vinot] Source: https://github.com/CSSEGISandData/COVID-19/tree/master/csse_covid_19_data * [iot] a first version of the IoT object. [Alexandre Dulaunoy] Ref: based on the workshop discussion in https://github.com/C00kie-/workshop-materials The idea is to have this root object when a new IoT device is documented and further objects will be connected such as firmware or even file object * [objects] add instant-message object. add instant-message-group object. [VVX7] * [objects] news-agency, news-media. [VVX7] * TruStar report object. [Raphaël Vinot] * [attributes] chrome-extension-id added. [Alexandre Dulaunoy] * [objects] blog, forged-document, leaked-document, meme-image. [VVX7] * [attribute type] kusto-query attribute type. [Alexandre Dulaunoy] Kusto query is the query language for the Kusto services in Azure used to search large dataset. It's used in Windows Defender ATP Hunting-Queries and also Azure Sentinel (Cloud-native SIEM). * IntelQM objects. [Raphaël Vinot] * [virustotal-graph] VirusTotal graph object added. [Alexandre Dulaunoy] Based on the discussion with VT, virustotal-graph object has been added which will be used with the expansion modules and also to trigger the specific quick-tab in MISP to display the VT graph result in an iframe if this object is present. * Weakness & attack-pattern objects to describe CWE & CAPEC related to a CVE. [chrisr3d] - The attack-pattern object is using a new attribute type called weakness to describe CWE id, which will link to its own information as described in https://cve.circl.lu * Add "includes" relationship. [Raphaël Vinot] * Objects for Scripps CO2. [Raphaël Vinot] * New object describing user accounts. [chrisr3d] * [imsi-catcher] object based on the output format of IMSI-catcher open source tools. [Alexandre Dulaunoy] The object has been created to show the flexibility of the object template during the PassTheSalt 2019 conference and the D4 presentation. * [shell-commands] Object describing a series of shell commands executed. This object can be linked with malicious files in order to describe a specific execution of shell commands. [Alexandre Dulaunoy] * Add offset, virtual_address and virtual_size to the pe section object. [Raphaël Vinot] Related to https://github.com/MISP/PyMISP/issues/388 * Internal reference object. [Raphaël Vinot] * Add Alfred relationships (CCCS) [Raphaël Vinot] * New Object describing original files usedd to import data in MISP. [chrisr3d] * [tracking-id] Analytics and tracking ID such as used in Google Analytics or other analytic platform. [Alexandre Dulaunoy] * [short-message-service] Short Message Service (SMS) object template describing one or more SMS message added. [Alexandre Dulaunoy] * Threatgrid-report object template. [Raphaël Vinot] * Exploit-poc object describing a proof of concept or exploit of a vulnerability. This object has often a relationship with a vulnerability object. [Alexandre Dulaunoy] * Add EML to the email template. [Raphaël Vinot] * Attach logfile to fail2ban. [Raphaël Vinot] * Fail2ban object. [Raphaël Vinot] ### Changes * [doc] list of objects updated. [Alexandre Dulaunoy] * Make jq validation happy. [Raphaël Vinot] * Make jq validation happy. [Raphaël Vinot] * Add PR to GH actions. [Raphaël Vinot] * [report] add a report type. [Alexandre Dulaunoy] * [person] full-name attribute type added + expanding object person with full-name. [Alexandre Dulaunoy] * [schema] dkim and dkim signature added. [Alexandre Dulaunoy] * [network-element] jq. [Alexandre Dulaunoy] * [network-profile] AS updated. [Alexandre Dulaunoy] * [network-profile] add jarm-fingerprint. [Alexandre Dulaunoy] * [relationships] jq all the things. [Alexandre Dulaunoy] * Update json schema for relationships to include opposite key. [Théo BARRAGUÉ] * [report] make link or summary as non-required field. [Alexandre Dulaunoy] * [regexp] fixed. [Alexandre Dulaunoy] * [regexp] added Farsight Compatible Regular Expressions (FCRE) added. [Alexandre Dulaunoy] * [splunk] object updated. [Alexandre Dulaunoy] * [report] add a link field to the report object template. [Alexandre Dulaunoy] * Disable correlation in VT objects. [Raphaël Vinot] * [relationships] updated. [Alexandre Dulaunoy] * [relationships] writes added. [Alexandre Dulaunoy] * [url] jq all the things. [Alexandre Dulaunoy] * Allow multiple IPs in URL object. [Raphaël Vinot] * [telegram-account] required attributes. [Terrtia] * [telegram-account] fixes. [Alexandre Dulaunoy] * Update objects to match lief output for authenticode. [Raphaël Vinot] * [jarm] jq all the things. [Alexandre Dulaunoy] * [jarm] jarm type is jarm-fingerprint. [Alexandre Dulaunoy] * [doc] fixed. [Alexandre Dulaunoy] * [trustar_report] Updated to add "THREAT_ACTOR" [Alexandre Dulaunoy] Fixing #273 * [yara] disable correlations on some fields. [Alexandre Dulaunoy] * [crypto-material] add a public field for public cryptographic materials. [Alexandre Dulaunoy] * [favicon] jq all the things. [Alexandre Dulaunoy] * [favicon] A favicon, also known as a shortcut icon, website icon, tab icon, URL icon, or bookmark icon, is a file containing one or more small icons, associated with a particular web site or web page. The object template can include the murmur3 hash of the favicon to facilitate correlation. [Alexandre Dulaunoy] * [type] favicon-mmh3 is the murmur3 hash of a favicon as used in Shodan. [Alexandre Dulaunoy] * [doc] MISP objects list updated. [Alexandre Dulaunoy] * [twitter-post] jq. [Alexandre Dulaunoy] * [jq] all the things. [Alexandre Dulaunoy] * [doc] travis removed. [Alexandre Dulaunoy] * Can have mutliple text attributes. [Beaujeant] * [domain-ip] hostname added as an attribute. [Alexandre Dulaunoy] * Add type in schema. [Raphaël Vinot] * [schema] process-state updated. [Alexandre Dulaunoy] * [jq] all the [things] [Alexandre Dulaunoy] * [json] sort. [Steve Clement] * [process] revert back to single char in light of the new process-attribute. [Steve Clement] * [process] Added sane defaults. [Steve Clement] * [process] Updated process object. [Steve Clement] * [types] jarm-fingerprint added. [Alexandre Dulaunoy] * Using the actual attribute type for cpe and weakness instead of text. [chrisr3d] * [cpe-asset] updated. [Alexandre Dulaunoy] * [vulnerability] fixed. [Alexandre Dulaunoy] * [vulnerability] vulnerable_configuration are now cpe type. [Alexandre Dulaunoy] * [file] because sorted is always better. [Alexandre Dulaunoy] * [file] imphash and telfhash added. [Alexandre Dulaunoy] * [attribute type] new telfhash added. [Alexandre Dulaunoy] * [gitlab-user] because -r is important. [Alexandre Dulaunoy] * [type] new type added. [Alexandre Dulaunoy] * [doc] object lists updated. [Alexandre Dulaunoy] * Sort json. [Raphaël Vinot] * [github-user] reflect the API fields. [Alexandre Dulaunoy] * [keybase] be consistent with keybase API. [Alexandre Dulaunoy] * [keybase-account] at least username is required. [Alexandre Dulaunoy] * [twitter-account] incorrect description fixed. [Alexandre Dulaunoy] * [relationships] leaks, leaked-by doxed-by. [Alexandre Dulaunoy] * [schema] updated. [Alexandre Dulaunoy] * Making source port attribute multiple in the ip-port object. [chrisr3d] * [keybase] newline issue. [Alexandre Dulaunoy] * [keybase-account] meta category updated. [Alexandre Dulaunoy] * [jq] all the things. [Alexandre Dulaunoy] * [keybase] description updated. [Alexandre Dulaunoy] * [keybase] updated. [Alexandre Dulaunoy] * [restore] file. [Alexandre Dulaunoy] * [doc] MISP object template. [Alexandre Dulaunoy] * [doc] example was broken. [Alexandre Dulaunoy] * [doc] README. [Alexandre Dulaunoy] * [jq] all the things. [Alexandre Dulaunoy] * [jq] all the things. [Alexandre Dulaunoy] * [jq] all the things. [Alexandre Dulaunoy] * [jq] all the things. [Alexandre Dulaunoy] * [relationships] update relationships with space. [Alexandre Dulaunoy] * [tools] now using main branch instead of master while generating documentation. [Alexandre Dulaunoy] * [vulnerability] vulnerability is is now a vulnerability type. [Alexandre Dulaunoy] The vulnerability type is an official CVE number. We might need to add in the future a new attribute in the object for non-CVE id of a vulnerability or adding other id type in the object. This commit fixes #234 * [schema] new types added. [Alexandre Dulaunoy] * [misp-objects] newline newline newline is the evil. [Alexandre Dulaunoy] * [pe] multiple is true not 1 ;-) [Alexandre Dulaunoy] * [pe] richpe. [Alexandre Dulaunoy] * [RichPE] added. [Andras Iklody] * [file] jq. [Alexandre Dulaunoy] * [doc] misp-objects list updated. [Alexandre Dulaunoy] * [license] clarify the license of MISP objects and software. [Alexandre Dulaunoy] The MISP objects JSON template are dual-licensed under CC-0 or 2-clause BSD (like the taxonomies). Only the software in /tools is under the AGPL. Fix #266 * [dev] add Parler app objects. [VVX7] * [cortex-taxonomy] sort attributes. [Marc Hörsken] Make sure the attributes are sorted like a Cortex taxonomy would normally be displayed/summarized: `namespace:predicate="value"` with `level` as a meta information. * [dev] disable correlation on some attributes. fix underscore typo in account profile-image. [VVX7] * [dev] make Reddit attributes (mostly) reflect Reddit API. [VVX7] * [dev] run validate_all/jq. [VVX7] * [dev] make twitter object attributes more consistent with twitter api. [VVX7] * [dev] add object properties from #257. [VVX7] * [dev] fix attribute type. [VVX7] * [dev] add user avatar. [VVX7] * [dev] change post-id attribute type to text. [VVX7] * [dev] run rq. [VVX7] * [dev] update tracking-id to disable correlation on id description. minor changes to attribute descriptions. [VVX7] * [new types] git-commit-id added. [Alexandre Dulaunoy] * [sms] format fixed. [Alexandre Dulaunoy] * [boleto] JSON fixed. [Alexandre Dulaunoy] * [publication] modify requiredOneOf, contributor type to text attribute. [VVX7] * Sort relationships. [Raphaël Vinot] * Sort all entries in jq script. [Raphaël Vinot] * Sort all the entries in the templates by default. [Raphaël Vinot] * [legal-entity] website and logo added for legal entity. [Alexandre Dulaunoy] Thanks to Emmanuel MANCIET for the proposal * [object] add new microblog attributes, change some of the descriptions to make them clearer. [VVX7] * [victim] add a domain to field to reference a victim by their Internet domain name. [Alexandre Dulaunoy] * [object] update narrative required object fields. [VVX7] * [object] update narrative object fields. [VVX7] * [x509] using built-in types wherever possible. [Golbark] * [doc] clarify the need to validate before doing a PR. [Christophe Vandeplas] * [object] disable correlation on some fields. add external references. [VVX7] * [object] add narrative description/summary. [VVX7] * [object] add narrative description/summary. [VVX7] * [object] change narrative version. [VVX7] * Bump CSSE COVID-19 Daily report to new version. [Raphaël Vinot] * [victim] add reference to case (as requested by law-enforcement - ENFORCE project) [Alexandre Dulaunoy] * [http-request] fixed. [Alexandre Dulaunoy] * [network-socket] add filename to object template. [Alexandre Dulaunoy] * [microblog] add Twitter-id reference. [Alexandre Dulaunoy] * [IntelMQ Event] replace non-ascii double quote by single quote. [Raphaël Vinot] * [vulnerability] remove underscore from the object. [Alexandre Dulaunoy] * [iot-device] reference added. [Alexandre Dulaunoy] * [file] imphash removed as it should be at PE level. [Alexandre Dulaunoy] * [pe] imphash and impfuzzy can be as key attribute. [Alexandre Dulaunoy] * [domain-crawled] domain shouldn't be a multiple. [Terrtia] * [iot] add SPI, Serial and JTAG status. [Alexandre Dulaunoy] * [iot] because reusing UUID is bad. [Alexandre Dulaunoy] * [schema] iot category added. [Alexandre Dulaunoy] * [crawled domain] rename object. [Terrtia] * Add domain crawled object. [Terrtia] * [relationships] 'knows' relationship added. [Alexandre Dulaunoy] * [sms] the SMS center is a phone number. [Alexandre Dulaunoy] * [rtir] disable correlation on incident state. [Alexandre Dulaunoy] * [sms] missing Cellebrite fields added. [Alexandre Dulaunoy] * [email] ip-src added in the email object templated as requested by Norberto Chavez. [Alexandre Dulaunoy] * [vehicule] image + type of vehicle added. [Alexandre Dulaunoy] * [organization] typo fixed + description added. [Alexandre Dulaunoy] * [phone] add brand and model. [Alexandre Dulaunoy] * [new object pgp-meta] Metadata extracted from a PGP keyblock, message or signature. [Terrtia] * [object fields] allow additional requiredOneOf fields in blog, microblog, meme-image objects. add attachment field to blog object. add username to news-media. [VVX7] * [object field] add profile picture to user-account. [VVX7] * [object field] enable multiple URL/link in microblog. [VVX7] * [object field] add title to microblog. [VVX7] * [object field] add link for user-account page. [VVX7] * [object fields] add forged-document types, add microblog state. [VVX7] * [microblog] allow multiple attachments per the enhancement request. [VVX7] * [microblog] add attachment field for issue #186. [VVX7] * [misinfosec objects] add archive (Internet Archive, Archive.is, etc) fields, change blog post title description. [VVX7] * [blog] add title field to object. [VVX7] * [meme-image] uuid and name duplicate. [VVX7] * [domain-ip] port added (required by AIL crawling) [Alexandre Dulaunoy] * [microblog] disable correlation for the verified-username state. [Alexandre Dulaunoy] * [annotation] 'full report' type added. [Alexandre Dulaunoy] * [organization] VAT - TAX-ID added in the template. [Alexandre Dulaunoy] * [relationships] mentions relationship has been added. [Alexandre Dulaunoy] Fix #214 * [microblog] add the ability to have non-malicious links. [Alexandre Dulaunoy] Fix #215 * [dark-pattern] typos. [Jean-Louis Huynen] * [types] updated. [Alexandre Dulaunoy] * [script] attachment field added. [Alexandre Dulaunoy] * Update crypto-material and url. [Raphaël Vinot] * [microblog] verified field added to add the state of the username. [Alexandre Dulaunoy] * [x509, crypto-material] several changes: - enables correlation on n, p, q; - allows for only providing modulus for crypto material; - specifies the expected data format of several fields. [Jean-Louis Huynen] * [crypto-material] new object to described key materials (public and private) [Alexandre Dulaunoy] * [x509] to map with D4 project snakeoil database. [Alexandre Dulaunoy] * [cowrie] to add HASSH of the client SSH session following Salesforce algorithm. [Alexandre Dulaunoy] As mentioned in #84 * [coin-address] DASH cryptocurrency address added. [Alexandre Dulaunoy] * [schema] updated to the latest version. [Alexandre Dulaunoy] * [translation] double entry fixed in requiredOneOf. [Alexandre Dulaunoy] Signed-off by: By de leaduh of JavaScript and decayin' indicatawhs * [translation] list of sane default for the languages + type of translation. [Alexandre Dulaunoy] * [credential] adding disable correlation when required. [Alexandre Dulaunoy] * [new object templates] various updates. [Alexandre Dulaunoy] * [relationships] new relationship added is-author-of - fix #183. [Alexandre Dulaunoy] * [validation] complement schema with categories/types. [Christophe Vandeplas] * [validation] improve validation script. [Christophe Vandeplas] * Rename category environment -> climate. [Raphaël Vinot] * [process] updated following the "mess" of representation in process object. [Alexandre Dulaunoy] * [doc] new object templates added. [Alexandre Dulaunoy] * [network-connection] community-id added. [Alexandre Dulaunoy] * [netflow] attribute community-id added in netflow object template. [Alexandre Dulaunoy] * [yara] add a yara-rule-name field which can be optional or the only field. [Alexandre Dulaunoy] As requested in https://github.com/MISP/MISP/issues/4858 * [objects] new objects added in the README. [Alexandre Dulaunoy] * Added user-id attribute as one of the required ones. [chrisr3d] * [rogue-dns] new object template expressing rogue dns. [Alexandre Dulaunoy] Thanks to CERT.br for the contribution * [relationships] screenshot-of added to the list of default relationships. [Alexandre Dulaunoy] * [shell-commands] fix typo in object name. [Alexandre Dulaunoy] * [doc] shell-commands object added. [Alexandre Dulaunoy] * [script] requiredOneOf for script or filename. [Alexandre Dulaunoy] Malicious scripts can be received without having a filename. * [doc] ssh-authorized-keys object template added. [Alexandre Dulaunoy] * [person] Gender unknown added. [Alexandre Dulaunoy] This has been added when investigation is ongoing and alias is know but gender is unknown discovered during Enforce training. topic:enforce * [microblog] state field added to describe if the tweet is malicious or just OSINT. [Alexandre Dulaunoy] * [authenticode] signerinfo template added. [Alexandre Dulaunoy] * [authenticode-signerinfo] first version. [Alexandre Dulaunoy] * [jq] jq all the things(tm) [Alexandre Dulaunoy] * [x509] improve X.509 certificate description to match required ones from LIEF (as discussed in #180). [Alexandre Dulaunoy] * [regripper] version updated. [Alexandre Dulaunoy] * [irc] add nickname used for associated IRC server and channel(s) [Alexandre Dulaunoy] * [device] name of an object must be lowercase. [Alexandre Dulaunoy] * [doc] phishing-kit object added to the list. [Alexandre Dulaunoy] * [phishing-kit] small typo fixed in the description. [Alexandre Dulaunoy] * [tools] remove trailing dot if presents. [Alexandre Dulaunoy] * Allow to create a file object with a non-malicious file. [Raphaël Vinot] Fix #175 #176 * [doc] new organization and device object added. [Alexandre Dulaunoy] * [schema] category removed. [Alexandre Dulaunoy] * [ip-port] ip-src added to fix #149. [Alexandre Dulaunoy] * [script] filename added to fix #149. [Alexandre Dulaunoy] * [doc] tor-hiddenservices added. [Alexandre Dulaunoy] * [lnk] new LNK object (Windows Shortcut) [Alexandre Dulaunoy] * [process] fix the type - fix #160. [Alexandre Dulaunoy] * Bump vehicle object. [Raphaël Vinot] * [person] Spanish IDs added (NIE, NIF and DNI) [Alexandre Dulaunoy] * [elf] disable correlation on file type. [Alexandre Dulaunoy] * [email] IP and hostname fields from extracted headers. [Alexandre Dulaunoy] * [file] preferred charset used by the file (if decoded from mime-type parsing) [Alexandre Dulaunoy] * [doc] to_ids flag was missing in the README. [Alexandre Dulaunoy] * [phishing] removed the IDS flag on the email used for takedown - and change attribute type. [Alexandre Dulaunoy] * [anonymisation] add level-of-knowledge to request for more information if needed. [Alexandre Dulaunoy] * [anonymisation] algo list fixed. [Alexandre Dulaunoy] * [script] added PHP in the most used programming language (at least when looking at malicious WebShells on the Internet) [Alexandre Dulaunoy] - I sense a new stackoverflow survey category * [http-request] IP as allowed type. [Christophe Vandeplas] * [doc] copyright date fixed. [Alexandre Dulaunoy] * [relationships] witness-of added. [Alexandre Dulaunoy] * [doc] facial-composite object added. [Alexandre Dulaunoy] * [person] portrait added #133. [Alexandre Dulaunoy] * [person] OFAC fields - Office of Foreign Assets Control. [Alexandre Dulaunoy] * Chg: [microblog] a small clarification about the username to avoid the @ [Alexandre Dulaunoy] * [cortex] description updated as TheHive/Cortex observables will be attributes with relationships from this object. [Alexandre Dulaunoy] * [cortex-taxonomy] aka mini-report. [Alexandre Dulaunoy] * [definition] Extended crypto coin object to be able to enrich with interesting data. [Steve Clement] * [mactime-timeline-analysis] disable some correlations. [Alexandre Dulaunoy] * [ip-api-adress] updated to ensure correlation disabled. [Alexandre Dulaunoy] * Add type of internal reference. [Raphaël Vinot] * [regripper-sam-hive-single-user] uuid fixed. [Alexandre Dulaunoy] * [tsk-web-downloads] including link versus url (we assume it's malicious link by default) [Alexandre Dulaunoy] * Jq'ed all the objects. [aksha] * [pcap-metadata] linktype added in the sane default. [Alexandre Dulaunoy] * [relationships] newline and relationship file ;-) [Alexandre Dulaunoy] * [person] add attributes to whois-related information which can be associated to a person. [Alexandre Dulaunoy] * [relationships] references added (useful for *INT collection referencing something which needs further analysis) [Alexandre Dulaunoy] - Example: a tweet referencing a hash which needs further analysis: * [network-connection] disable correlation. [Alexandre Dulaunoy] * [process] disable correlation where it's not required. [Alexandre Dulaunoy] * [phishing] new object added. [Alexandre Dulaunoy] * [phishing] new template object (first draft) based on the phishtank format. [Alexandre Dulaunoy] * [doc] mactime template added. [Alexandre Dulaunoy] * Jq all the things ;-) [Alexandre Dulaunoy] * [relationship] annotates relationship added (useful for the annotation object) [Alexandre Dulaunoy] * [README] malware-config object added. [Alexandre Dulaunoy] * [malware-config] new object to describe malware configuration in clear-text or encrypted/encoded. [Alexandre Dulaunoy] ref: fix https://github.com/MISP/MISP/issues/3679 * [file] fullpath can be part of a single file object. [Alexandre Dulaunoy] * [relationships] updated with new relationships. [Alexandre Dulaunoy] * [ail] version of the template updated. [Alexandre Dulaunoy] * [tracking-id] add the tracker origin such as the vendor or software. [Alexandre Dulaunoy] * [original-import-file] list of "sane" default format. [Alexandre Dulaunoy] * [doc] tracking-id added to the list of templates. [Alexandre Dulaunoy] * Deleted filename attribute since it is already contained in attachment. [chrisr3d] * [file] following some CyBOX import adding a fullpath field which includes filename and path request. [Alexandre Dulaunoy] * [forensic-evidence] updated to include other tools and correlation disabled for some fields. [Alexandre Dulaunoy] * Chg: [forensic-case] object added based on the original one from @Aks6193. [Alexandre Dulaunoy] The idea is to separate the evidences from the case itself as you can have multiple acquisitions for a specific case. Another object template is required such as [forensic-evidence] to be able to link between the forensic-case object and one or more evidences. * [ja3] categories removed (default attributes categories will be used) [Alexandre Dulaunoy] Fix MISP/MISP/issues/3593 * [geolocation] disable correlation on specific attributes. [Alexandre Dulaunoy] * [vehicle] Vehicle object template to describe a vehicle information and registration. [Alexandre Dulaunoy] * [paste object] add a link attribute when the paste reference is not malicious. [Alexandre Dulaunoy] * [misp-objects] multiple flag is now visible in asciidoctor output. [Alexandre Dulaunoy] * Allow multiple domains too fix #108. [Alexandre Dulaunoy] * [threadgrid-report] added in the list of objects. [Alexandre Dulaunoy] * [coin-address] ETN symbol added. [Alexandre Dulaunoy] * [relationship] exploits added. [Alexandre Dulaunoy] * [exploit-poc] a same context can contains multiple PoC samples. [Alexandre Dulaunoy] * [exploit-poc] added to the list of objects. [Alexandre Dulaunoy] * [JSON schema] vulnerability added as meta-category. [Alexandre Dulaunoy] * [vulnerability] is now in its own vulnerability meta-category. [Alexandre Dulaunoy] * [vulnerability] updated following NATO and CIRCL feedback. [Alexandre Dulaunoy] - CVSS score added - CVSS string added - credit attribute added - text -> description - vulnerability attribute can now be any format (not only the CVE format) * [coin-address] XMR type address added in addition to the default Bitcoin address format. [Alexandre Dulaunoy] * Jq all the things. [Alexandre Dulaunoy] * New script template object. [Alexandre Dulaunoy] Object describing a computer program written to be run in a special run-time environment. The script or shell script can be used for malicious activities but also as support tools for threat analysts. Fix #101 * EPSG and spacial-reference add fix #102. [Alexandre Dulaunoy] Following feedback during the last ENISA Cyber Europe 2018, we updated the geolocation object to the following: - Fixing ui-priority to ensure lat,long in order - Adding the ability to specify an EPSG value instead of coordinates (handy if you want to quickly express a known location/area) - Set a default spacial-reference to avoid confusion between reported value from GPS versus values projected into a specific spacial projection. default is WGS-84. * Shortened-link template added. [Alexandre Dulaunoy] * Username of the author added + disable correlation for origin. [Alexandre Dulaunoy] * Change version of the SS7 template object. [Alexandre Dulaunoy] * Timecode object to describe a start of video sequence (e.g. CCTV evidence) and the end of the video sequence. [Alexandre Dulaunoy] * Update email template. [Raphaël Vinot] * [email] add email-body in requiredOneOf. [Raphaël Vinot] * Disable correlations in fail2ban. [Raphaël Vinot] * Fix&update fail2ban def. [Raphaël Vinot] * Added address and zip code attributes. [chrisr3d] * Updated name of the new attribute. [chrisr3d] * Added identity card number. [chrisr3d] * Whois object now includes registrant-org matching new MISP attributes type - whois-registrant-org. [Alexandre Dulaunoy] * Allow malware-sample as only attribute in file. [Raphaël Vinot] * Fix logic in URL. [Raphaël Vinot] Fix #21 * Disable some correlations by default in URL. [Raphaël Vinot] Fix #47 ### Fix * [stix2-pattern] disable correlation on version. [Alexandre Dulaunoy] Thanks to the new feature in MISP 2.4.142 to find top correlations ;-) * Typo. [Raphaël Vinot] * [dkim] clean-up. [Alexandre Dulaunoy] * Commas were sometimes doubled. [Théo BARRAGUÉ] * [splunk] fixed. [Alexandre Dulaunoy] * Keys order in VT object. [Raphaël Vinot] * [tool] link to object template fixed. [Alexandre Dulaunoy] * [twitter-post] underscore - minus are difficult to choose from ;-) [Alexandre Dulaunoy] * JSON Validation. [chrisr3d] * Disabling correlation for all the bgp-ranking object attributes. [chrisr3d] * JSON validation. [chrisr3d] * Incorrect relationships in requiredoneof field. [Raphaël Vinot] * Validate json. [Raphaël Vinot] * Validation issue fixed. [chrisr3d] * Normalised object relations of the ilr objects. [chrisr3d] - Using dash as separator instead of space * Normalised object relations of the vehicle object. [chrisr3d] - Using dash as separator instead of space * Normalised object relations of the phishing objects. [chrisr3d] - Using dash as separator instead of space * Normalised object relations of the ip-api-address object. [chrisr3d] - Using dash as separator instead of space * Python2 is dead dead dead. [Raphaël Vinot] * Align directory names with object name. [Raphaël Vinot] * Typo in requiredOneOf. [Raphaël Vinot] * Typo in requiredOneOf. [Raphaël Vinot] * Attachment object relation does not exists. [Raphaël Vinot] * Added iban as an alternative to bank account for the requirements. [Andras Iklody] - fixes https://github.com/MISP/MISP/issues/5358 * [new object pgp-meta] remove first seen/last seen + fix description. [Terrtia] * Missing pep8 check. [Raphaël Vinot] * Wrong name in requiredOneOf. [Raphaël Vinot] * To_ids must be a bool. [Raphaël Vinot] * [microblog] to_ids changes. [Andras Iklody] * Type asn -> AS. [Raphaël Vinot] * Ui-priority is required in the object template. [Raphaël Vinot] * Make jq happy. [Raphaël Vinot] * Duplicate in coin-address. [Raphaël Vinot] * [virustotal] corrected typo in category. [Christophe Vandeplas] * [timesketch] fix incorrect attribute type. [Christophe Vandeplas] * [process] change undefined attributes. [Pierre-Jean Grenier] misp-attributes 'uuid' and 'src-port' do not exist, change those to something else so that we can use this object properly * JQed all the things. [chrisr3d] * TYPO. [chrisr3d] * Disabled correlation for original imported samples. [chrisr3d] * [relationships] removed duplicate. [Christophe Vandeplas] * [cortex-taxonomy] jq all the things(tm) [Alexandre Dulaunoy] * [definition] Fixed current balance type, is float. [Steve Clement] * JQ things. [Raphaël Vinot] * Various typos. [Alexandre Dulaunoy] * Jq all the things(tm) [Alexandre Dulaunoy] * Changed TSK object names to lower case. [aksha] * Regripper object templates fixed. [aksha] * NTUser template. [aksha] * Disabled correlation of imported files format attribute. [chrisr3d] * JQed ip-api-address template. [chrisr3d] * Fixed ip-api-address object template filename. [chrisr3d] * [ail-leak] disable correlation. [Terrtia] * Typo in link to an object. [chrisr3d] * Changed 'type' attribute that is more relevant as being called 'format' [chrisr3d] * [geolocation] to include accuracy-radius as described by maxmind geoip2 API. [Alexandre Dulaunoy] * Some relationships typo fixed. [chrisr3d] * Fixed exploits relationship properties. [chrisr3d] * [suricata] allow multiple Suricata rules in the object (similar context) and fix the rule to be in Snort format. [Alexandre Dulaunoy] Fix #106 * Missing ui-priority. [Alexandre Dulaunoy] * RequiredOneOf field. [chrisr3d] Sorry, ate too much ananas in my pizza * Jq all. [Alexandre Dulaunoy] * Bump email template version. [Raphaël Vinot] * Add hostname to ip-port template and make attributes multiple. [Alexandre Dulaunoy] * File path added in file object. [Alexandre Dulaunoy] * Fix: Feedback from @sheidan. [Alexandre Dulaunoy] * Name of the object template was incorrect. [Alexandre Dulaunoy] * Wrong attribute name. [Raphaël Vinot] * Attribute type fixed. [Alexandre Dulaunoy] * Version field added if stix2-pattern has multiple version in the future. [Alexandre Dulaunoy] * Whois record object updated to cover both cases: domain or IP address. [Alexandre Dulaunoy] * Raw whois is also accepted as single attribute in whois object. [Alexandre Dulaunoy] Required for importing STIX CybOX 1.1 object where just a raw whois entry is added in remarks. * Some parts of the URL can be repeated such as resource path, anchor... [Alexandre Dulaunoy] multiple flag added to the potential part to be repeated. following a discussion in Gitter with @makflwana * Disable correlation for compression algorithms. [Alexandre Dulaunoy] * Cowrie object - SSH attributes added. [Alexandre Dulaunoy] * Add missing destination and source port. [Alexandre Dulaunoy] * Jq all the things. [Alexandre Dulaunoy] * Fixed somme bank-account fields. [chrisr3d] * Use new attribute type mime-type instead of text. [Alexandre Dulaunoy] * Trailing dot removed. [Alexandre Dulaunoy] * Improve ip-port object to add domain instead of IP address. [Alexandre Dulaunoy] * Increment version of the MISP email object. [Alexandre Dulaunoy] * Sandbox report. [Alexandre Dulaunoy] * Sandbox signature added. [Alexandre Dulaunoy] * Sandbox report object added in the list. [Alexandre Dulaunoy] * Passive DNS records especially on the disabled_correlation fields. [Alexandre Dulaunoy] * Make the schema happy. [Raphaël Vinot] * Make JQ happy. [Raphaël Vinot] * Person object updated to match AML client record + various fixes. [Alexandre Dulaunoy] * Registry-key updated. [Alexandre Dulaunoy] * We are in 2018. [Alexandre Dulaunoy] * Annotation object. [Alexandre Dulaunoy] * Add missing attribute type for the state. [Alexandre Dulaunoy] * Vulnerability object improved to include the case of unpublished security vulnerability. [Alexandre Dulaunoy] * GTPInterface updated. [Alexandre Dulaunoy] * GTP attack - multiple on GTP interface. [Alexandre Dulaunoy] * Disable correlation on fields where is not needed. [Alexandre Dulaunoy] * Disable correlation on microblog type (Twitter or alike) [Alexandre Dulaunoy] * Disable correlation on all filename-* [Alexandre Dulaunoy] * Disable correlation on filename by default. [Alexandre Dulaunoy] * Update registry-key to match correct MISP attributes. [Alexandre Dulaunoy] * X509 object now uses the new and proper fp type. [Alexandre Dulaunoy] * Update android permissions based on Google latest list. [Alexandre Dulaunoy] * MISP type are case-sensitive - fixing AS number type. [Alexandre Dulaunoy] * AIL leak object to include raw-data. [Alexandre Dulaunoy] * Subnets announced is an ip-src type. [Alexandre Dulaunoy] * Structure fixed + CEF dedication added. [Alexandre Dulaunoy] * Origin of credential as sane_default. [Alexandre Dulaunoy] * RequiredOneOf list of r2graphity was wrong. [Raphaël Vinot] Fix #20 * Missing description added in asciidoc files. [Alexandre Dulaunoy] * Fixed typo. [iglocska] * Updated the required value field to values list. [iglocska] * Updated the required_value field with the new name: values_list. [iglocska] * Fixed an issue with the email object not having the correct requiredoneof fieldnames, fixes MISP/MISP#2481. [iglocska] * Port is used instead of text type. [Alexandre Dulaunoy] * Communicate-with relationship added. [Alexandre Dulaunoy] * Tld type not existing in MISP. [Alexandre Dulaunoy] ### Other * Merge branch 'main' of github.com:MISP/misp-objects into main. [Alexandre Dulaunoy] * Merge branch 'phmazzoni-patch-3' into main. [Raphaël Vinot] * Create definition.json. [phmazzoni] * Delete objects/panorama directory. [phmazzoni] * Merge pull request #308 from phmazzoni/main. [Raphaël Vinot] Create Palo Alto Threat Log Object Template. * Create definition.json. [phmazzoni] Create Palo Alto Threat Log Object Template. * Merge pull request #307 from hackunagi/main. [Alexandre Dulaunoy] Creation of Network Profile MISP Object * Creation of Network Profile MISP Object. [Carlos Borges] The idea behind this object is to provide a unique form to identify network artifacts. It's a mix of different including whois, URL and domain. The need for a consolidated object comes to group correlated elements. Beyond that, I'm introducing the idea to use the correlation feature in more generic ways. Example: The value of "threat-actor-infrastructure-value" is the unique value observed on a network resource that identify it. A practical and tested example is this resources from Kaspesky. https://securelist.com/the-tetrade-brazilian-banking-malware/97779/ On this article they mention a trojan family called Javali. They recover the C2 server abusing Google Docs services. The mentioned field "threat-actor-infrastructure-value" would register the values available on this image. This item should be hard to correlate with other similar items, as this can change frequently. A way to change it is also to register a more general pattern of the data with the "threat-actor-infrastructure-pattern". I.E inicio{ "host":"<variable>", "porta":"<variable>" }fim With other investigations and registry of it on MISP, is possible to correlate this data, facilitate identification of patterns used for tracking purposes and facilitate analysis. * Merge branch 'main' of github.com:MISP/misp-objects into main. [Alexandre Dulaunoy] * Merge pull request #306 from theobarrague/main. [Alexandre Dulaunoy] Ajout des relations opposées dans relationships/definition.json * Merge branch 'main' into main. [Théo BARRAGUÉ] * Add: check if opposite key is valid in relationships. [Théo BARRAGUÉ] * Add: tool to validate if declared opposites exist. [Théo BARRAGUÉ] * Add: opposite of 26 relationships. [Théo BARRAGUÉ] * Merge pull request #305 from marcnil815/patch-1. [Alexandre Dulaunoy] Update definition.json * Update definition.json. [marcnil815] Added possibility for multiple searches in same object to accomodate using raw searches and datamodel searches. * Merge pull request #304 from Terrtia/master. [Alexandre Dulaunoy] chg: [telegram-account] required attributes * Merge pull request #302 from ater49/main. [Alexandre Dulaunoy] Adding fields in twitter-post and paste * Typo and version number correction + adding a field in twitter-post. [ater49] Adding created-at field in twitter-post * Add media in twitter-post in order to store attached medias in a tweet. [ater49] Add pastebin.fr in source of paste and paste_file for storing whole paste file. * Merge pull request #303 from seamustuohy/pymisp-pr/631. [Alexandre Dulaunoy] Updated for support for msg format. * Updated for support for msg format. [seamus tuohy] Adding first class support for Emails in .msg format to the email definition. This includes making the attribute support multiple bodies. Msg formats nearly always have at least 2, if not 3, versions of the body (plain text, rtf, html). * Merge branch 'main' of github.com:MISP/misp-objects into main. [Alexandre Dulaunoy] * Merge pull request #299 from beaujeant/main. [Alexandre Dulaunoy] chg: can have mutliple text attributes * Merge branch 'main' of github.com:MISP/misp-objects into main. [Alexandre Dulaunoy] * Merge branch 'SteveClement-process' into main. [Alexandre Dulaunoy] * Merge branch 'process' of https://github.com/SteveClement/misp-objects into SteveClement-process. [Alexandre Dulaunoy] * Merge remote-tracking branch 'upstream/main' into process. [Steve Clement] * Merge remote-tracking branch 'upstream/master' into process. [Steve Clement] * Add: [passive-dns] Added a raw_rdata object relation. [chrisr3d] * Merge pull request #297 from MISP/chrisr3d_patch. [Alexandre Dulaunoy] Using the actual attribute type for cpe and weakness instead of text * Merge pull request #295 from rhallick/intel471-1. [Raphaël Vinot] Addition of intel471-vulnerability-intelligence object * .DS_Store file removed. [Richard Hallick] .DS_Store file removed. * Addition of Intel 471 vulnerability intelligence object. [Richard Hallick] Intel 471 object to contain structured vulnerability related data. * Addition of intel471-vulnerability-intelligence object. [Richard Hallick] Intel 471 object to contain structured vulnerability related data. * Merge branch 'main' of github.com:MISP/misp-objects into main. [Alexandre Dulaunoy] * Merge branch 'main' of github.com:MISP/misp-objects into main. [chrisr3d] * Merge branch 'main' of github.com:MISP/misp-objects into main. [Alexandre Dulaunoy] * Add: Description of the bgp-ranking new object added to the list of objects. [chrisr3d] * Merge pull request #293 from MISP/chrisr3d_patch. [Alexandre Dulaunoy] BGP Ranking object & relationships * Add: Added specific relationship between an asn object and the recently added bgp-ranking object. [chrisr3d] * Add: Added some relationships introduced recently in misp modules. [chrisr3d] * Merge branch 'main' of github.com:MISP/misp-objects into chrisr3d_patch. [chrisr3d] * Add: Added an IP address family attribute to describe the address family concerned by the BGP ranking. [chrisr3d] * Add: First version of a BGP ranking object to represent the ranking of an ASN at a specific point of time. [chrisr3d] - We can then associate as many bgp-ranking objects as we need to the corresponding ASN object, each one of them being the ranking of the ASN for a given day * Merge pull request #291 from MISP/chrisr3d_patch. [Alexandre Dulaunoy] Normalisation of the object relations for some object + small change on an attribute of the ip-port object * Merge branch 'C00kie--main' into main. [Alexandre Dulaunoy] * Merge branch 'main' of https://github.com/C00kie-/misp-objects into C00kie--main. [Alexandre Dulaunoy] * Revert "added description field in attributes" [Pauline Bourmeau] This reverts commit 3224f78d4ff6b40bd34fe25f4f7f6b2d2d12eed6. * Merge branch 'main' of https://github.com/C00kie-/misp-objects into C00kie--main. [Alexandre Dulaunoy] * Jq-ed file. [Pauline Bourmeau] * Added description field in attributes. [Pauline Bourmeau] * Fixed comments. [Pauline Bourmeau] * First addition of keybase object. [Pauline Bourmeau] * Merge pull request #284 from C00kie-/patch-5. [Alexandre Dulaunoy] added json multiple objects twitter-following and twitter-followers * Update definition.json. [Pauline Bourmeau] * Merge pull request #283 from C00kie-/patch-3. [Alexandre Dulaunoy] added multiple json object for following and followers * Update definition.json. [Pauline Bourmeau] * Merge pull request #282 from C00kie-/patch-1. [Alexandre Dulaunoy] Update definition.json * Update definition.json. [Pauline Bourmeau] * Merge branch 'C00kie--main' into main. [Alexandre Dulaunoy] * Merge branch 'main' of https://github.com/C00kie-/misp-objects into C00kie--main. [Alexandre Dulaunoy] * Update definition.json. [Pauline Bourmeau] * Update definition.json. [Pauline Bourmeau] * Update definition.json. [Pauline Bourmeau] * Merge branch 'main' of github.com:MISP/misp-objects into main. [Alexandre Dulaunoy] * Merge pull request #276 from rmkml/main. [Alexandre Dulaunoy] add SHA3 Hash on definition.json * Add SHA3 Hash on definition.json. [rmkml] * Merge branch 'rmkml-main' into main. [Alexandre Dulaunoy] * UUID must be the same. [Alexandre Dulaunoy] * Add vhash (VirusTotal Hash) on definition.json. [rmkml] * Merge pull request #269 from emilhf/additional-dns-records. [Alexandre Dulaunoy] Add more rrtypes to dns-record * Add more rrtypes to dns-record. [Emil Henry Flakk] * Merge pull request #265 from VVX7/master. [Andras Iklody] chg: [dev] add Parler app objects * Merge pull request #264 from mback2k/patch-1. [Alexandre Dulaunoy] chg: [cortex-taxonomy] sort attributes * Merge pull request #262 from gallypette/master. [Alexandre Dulaunoy] add: [d4] authentication failure report object * Add: [d4] authentication failure report object. [Jean-Louis Huynen] * Merge pull request #261 from VVX7/master. [Alexandre Dulaunoy] chg: [dev] disable correlation on some attributes. * Merge pull request #260 from VVX7/master. [Alexandre Dulaunoy] chg: [dev] make Reddit attributes reflect Reddit API. * Merge pull request #258 from VVX7/master. [Alexandre Dulaunoy] chg: [dev] add object properties from #254 * Merge pull request #259 from trustar/EN-4434/misp-objects/trustar_report_update. [Alexandre Dulaunoy] extending trustar_report object in order to provide fields in which e… * Fixed order. [Jesse Hedden] * Extending trustar_report object in order to provide fields in which enrichment data from a planned expansion module can be stored. [Jesse Hedden] * Merge pull request #257 from VVX7/master. [Alexandre Dulaunoy] new reddit objects * Merge branch 'master' of https://github.com/misp/misp-objects. [VVX7] * Merge pull request #256 from VVX7/master. [Alexandre Dulaunoy] facebook account object * Merge pull request #255 from VVX7/master. [Andras Iklody] add facebook objects * Merge branch 'master' of github.com:MISP/misp-objects. [Alexandre Dulaunoy] * Merge pull request #253 from MISP/git-vuln-finder. [Raphaël Vinot] new: Preliminary version of git-vuln-finder object template * Merge branch 'hackunagi-master' [Alexandre Dulaunoy] * Updating template version. [Carlos Borges] * Updating a missing comma. [Carlos Borges] * Adding phone company of the sending SMS number. [Carlos Borges] While sharing some data using this object, we saw the need to add the phone company of the number sending the sms. With it we can make good local correlations and have an idea of flaws ocurring on phone number release by these companies. Using web services like Truecaller, it's possible to enrich an analysis with this data. * Merge pull request #2 from MISP/master. [Carlos Borges] Fork update * Merge branch 'hackunagi-master' [Alexandre Dulaunoy] * New object - Boleto. [Carlos Borges] Boleto is a very common form of payment used in Brazil and used a lot by cybercriminals to execute fraud. Basically a bank or financial instituion is allowed to generate boletos, that is a 40 digit number code. This object will help institutions identify frauds sources and improve orgs protection. * Merge pull request #1 from MISP/master. [Carlos Borges] Fork update * Merge pull request #250 from VVX7/master. [Alexandre Dulaunoy] chg: [publication] modify requiredOneOf field * Merge pull request #249 from VVX7/master. [Alexandre Dulaunoy] new: [publication] add object to describe academic journals, books, etc. * Merge pull request #248 from MISP/sort. [Alexandre Dulaunoy] Sort all json files, fix a few directories names. * Merge pull request #247 from VVX7/master. [Andras Iklody] chg: [object] add new microblog attributes * Merge pull request #246 from VVX7/master. [Alexandre Dulaunoy] chg: [object] update narrative required object fields * Merge branch 'master' of https://github.com/misp/misp-objects. [VVX7] * Merge pull request #245 from VVX7/master. [Alexandre Dulaunoy] chg: [narrative] add disproof property * Merge branch 'master' of https://github.com/misp/misp-objects. [VVX7] * Merge pull request #244 from Golbark/x509_enhancements. [Christophe Vandeplas] chg: [x509] using built-in types wherever possible * Merge pull request #243 from VVX7/master. [Alexandre Dulaunoy] chg: [narrative] update narrative object * Merge branch 'master' of https://github.com/misp/misp-objects. [VVX7] * Merge pull request #242 from VVX7/master. [Alexandre Dulaunoy] new: [object] add narrative. * Merge branch 'master' of github.com:MISP/misp-objects. [Raphaël Vinot] * Merge pull request #241 from MISP/chrisr3d_patch. [Alexandre Dulaunoy] External references attribute for attack-pattern object * Add: External references attribute for attack-pattern object. [chrisr3d] * Merge branch 'master' into chrisr3d_patch. [chrisr3d] * Merge pull request #240 from cudeso/master. [Alexandre Dulaunoy] Objects for data coming from the Cytomic Orion API * JQ-all-the-things. [Koen Van Impe] * Update object definition with first-|last- seen. [Koen Van Impe] * Remove -x from JSON files. [Koen Van Impe] * Fix with jq_all_the_things. [Koen Van Impe] * Objects for data coming from the Cytomic Orion API. [Koen Van Impe] * Merge pull request #239 from cbboggs/cbboggs-http-request. [Alexandre Dulaunoy] Adding optional ip-src to http-request * Adding optional ip-src to http-request. [cbboggs] modified existing "ip" attribute to "ip-dst", and added attribute for ip-src. This allows http-request to be used in scenarios where observed connections are source specific, not destination specific. * Merge pull request #238 from pettai/intelmq_event. [Alexandre Dulaunoy] More explicit misp-attribute types * Update definition.json. [frpet] bump version * Use more explicit misp-attribute types. [frpet] Use the apropriate misp-attribute type for *local_hostname, *fqdn, *.md5|*.sha* * Merge branch 'master' of github.com:MISP/misp-objects. [Raphaël Vinot] * Merge pull request #235 from MISP/gen_sym_key. [Alexandre Dulaunoy] new: [crypto-material] add generic-symmetric-key * Merge branch 'master' of github.com:MISP/misp-objects. [Raphaël Vinot] * Add: [iot-firmware] new object template to describe IoT firmware. [Alexandre Dulaunoy] The relationship will be often between iot-device and iot-firmware. * Merge pull request #233 from Terrtia/master. [Alexandre Dulaunoy] chg: [domain-crawled] domain shouldn't be a multiple * Merge pull request #232 from Terrtia/master. [Alexandre Dulaunoy] domain-crawled object * Merge pull request #231 from Delta-Sierra/master. [Alexandre Dulaunoy] allow several subjects or sender for email objects * Update version. [Deborah Servili] * Allow several subjects or sender for email objects. [Deborah Servili] * Merge pull request #229 from ater49/master. [Alexandre Dulaunoy] Adding compatibility with some HAR fields * Adding some parts from HAR format description (http://www.softwareishard.com/blog/har-12-spec/) (More to come) [ater49] * Merge pull request #228 from VVX7/master. [Alexandre Dulaunoy] new: [objects] instant message objects * Merge branch 'master' of github.com:MISP/misp-objects. [Alexandre Dulaunoy] * Merge pull request #227 from Terrtia/master. [Alexandre Dulaunoy] chg: [new object pgp-meta] * Merge pull request #226 from VVX7/master. [Alexandre Dulaunoy] chg: [object fields] allow additional requiredOneOf fields * Merge pull request #225 from VVX7/master. [Alexandre Dulaunoy] chg: [object field] add title to microblog * Merge pull request #223 from VVX7/master. [Alexandre Dulaunoy] chg: [misinfosec objects] add archive field * Fic: Make pep8 happy. [Raphaël Vinot] * Merge pull request #222 from VVX7/master. [Alexandre Dulaunoy] chg: [blog] add title field to blog object * Merge pull request #221 from VVX7/master. [Alexandre Dulaunoy] Disinformation objects * Merge remote-tracking branch 'upstream/master' [VVX7] * Merge pull request #219 from N1col4s5742/master. [Alexandre Dulaunoy] Add vehicle state * Change definition.json for vehicle and geolocation with verification sponge. [Nicolas] * Change definition.json for vehicle and geolocation. [Nicolas] * Change definition.json for vehicle. [Nicolas] * Vehicle state. [N1col4s5742] * Bump version. [N1col4s5742] * Add vehicle state. [N1col4s5742] * Merge branch 'master' of github.com:MISP/misp-objects. [Alexandre Dulaunoy] * Merge pull request #220 from StefanKelm/master. [Alexandre Dulaunoy] Update definition.json * Update definition.json. [StefanKelm] Add compilation timestamp (similar to pe object) * Merge branch 'master' of github.com:MISP/misp-objects. [Alexandre Dulaunoy] * Merge pull request #217 from Delta-Sierra/master. [Deborah Servili] add imphash in file object * Add imphash in file object. [Deborah Servili] * Switch requiredOneOf list to required since it contains only one element. [Deborah Servili] * Merge branch 'master' of github.com:MISP/misp-objects. [Alexandre Dulaunoy] * Merge pull request #216 from gallypette/patch-1. [Christian Studer] chg: [dark-pattern] typos * Merge pull request #213 from gallypette/master. [Alexandre Dulaunoy] add: [dark-pattern] new object to share dark-patterns * Add: [dark-pattern] new object to share dark-patterns. [Jean-Louis Huynen] * Merge branch 'master' of github.com:MISP/misp-objects. [Alexandre Dulaunoy] * Merge pull request #211 from file-not-found/master. [Alexandre Dulaunoy] added "type" to "requiredOneOf" * Updated "version" to 4. [m4tze] * Added "type" to "requiredOneOf" [m4tze] * New [tools] simple tool to dump list of objects with their descriptions. [Alexandre Dulaunoy] * Merge pull request #209 from gallypette/master. [Alexandre Dulaunoy] chg: [x509, crypto-material] several changes: * Merge branch 'master' of github.com:MISP/misp-objects. [Alexandre Dulaunoy] * Update definition.json. [Alexandre Dulaunoy] Following discussion during MISP training - new language seen in a malware campaign. * Merge pull request #207 from Delta-Sierra/master. [Alexandre Dulaunoy] rename object misc to organization + update version * Rename object misc to organization + update version. [Deborah Servili] * Update version of paste object. [Deborah Servili] * Merge pull request #206 from Delta-Sierra/master. [Alexandre Dulaunoy] add translation object * Jq. [Deborah Servili] * Add translation object. [Deborah Servili] * Add hashtag attribute in microblog object. [Deborah Servili] * Merge pull request #205 from Delta-Sierra/master. [Alexandre Dulaunoy] update microblog object - use link for non malicious link of the micr… * Merge https://github.com/MISP/misp-objects. [Deborah Servili] * Merge pull request #204 from saadkadhi/patch-1. [Alexandre Dulaunoy] Better wording * Better wording. [Saad Kadhi] * Merge pull request #203 from saadkadhi/patch-2. [Alexandre Dulaunoy] Better wording * Better wording. [Saad Kadhi] * Update microblog object - use link for non malicious link of the microblog post and embedded-link forlink into the microblog post. [Deborah Servili] * Merge branch 'Delta-Sierra-master' [Alexandre Dulaunoy] * Merge branch 'master' of https://github.com/Delta-Sierra/misp-objects into Delta-Sierra-master. [Alexandre Dulaunoy] * Draft command object. [Deborah Servili] * Add impersonation object. [Deborah Servili] * Merge pull request #200 from cvandeplas/master. [Christophe Vandeplas] adds validation on type/categories and fixes an incorrect one * Sort schema_objects. [Christophe Vandeplas] * Merge pull request #198 from zaphodef/patch-3. [Raphaël Vinot] fix: [process] change undefined attributes * Add: Updated readme with the latest objects added. [chrisr3d] * Merge pull request #197 from Delta-Sierra/master. [Alexandre Dulaunoy] add injects-into and injected-into relationships * Merge. [Deborah Servili] * Merge pull request #196 from zaphodef/patch-1. [Christophe Vandeplas] Change undefined category to "External analysis" * Change undefined category to "External analysis" [Pierre-Jean Grenier] * Merge pull request #195 from chrisr3d/new_objects. [Alexandre Dulaunoy] New objects to describe CWE & CAPEC data related to a CVE * Merge pull request #193 from kx499/master. [Alexandre Dulaunoy] Adds employee object, dns-record object, and shodan object * Merge remote-tracking branch 'upstream/master' [kx1499] * Merge remote-tracking branch 'upstream/master' [kx1499] * Merge remote-tracking branch 'upstream/master' [kx1499] * Merge branch 'master' of https://github.com/kx499/misp-objects. [kx1499] * Merge remote-tracking branch 'upstream/master' [kx499] * Updated employee object to disable correlation on specific fields. [kx499] * Merge remote-tracking branch 'upstream/master' [kx499] * Updated disabling correlation for userid. [kx1499] * Merge remote-tracking branch 'upstream/master' [kx1499] * Added employee-type. [kx499] * Added employee object. [kx499] * Dns record and shodan report objects. [kx499] * Merge branch 'master' of github.com:MISP/misp-objects. [Alexandre Dulaunoy] * Disable correlation on the text field. [Sascha Rommelfangen] * Transaction number must be multiple (and text) [Sascha Rommelfangen] * Merge pull request #191 from MISP/rommelfs-patch-5. [Sascha Rommelfangen] fixed issue with requirements * Bumped version. [Sascha Rommelfangen] * Fixed issue with requirements. [Sascha Rommelfangen] * Merge pull request #190 from MISP/rommelfs-patch-4. [Sascha Rommelfangen] missing parts for balance corrected * Bumped version. [Sascha Rommelfangen] * Missing parts for balance corrected. [Sascha Rommelfangen] * Merge pull request #188 from rommelfs/master. [Alexandre Dulaunoy] btc wallet and transaction object templates * Merge pull request #1 from rommelfs/rommelfs-patch-1. [Sascha Rommelfangen] removed unneeded characters * Removed unneeded characters. [Sascha Rommelfangen] * Merge commit 'ad1300767f7b7757867a8c01ffb4c7d6fa308540' [Sascha Rommelfangen] * Add: btc wallet and transaction object templates. [Sascha Rommelfangen] * Merge pull request #187 from chrisr3d/master. [Alexandre Dulaunoy] User account object * Add: [ip-port] Added ip-dst as one of the required attributes. [chrisr3d] * Add: [ip-port] Added ip-dst attribute eeeeeeeeeeeeeeeeeeeeeee. [chrisr3d] - Users can then choose between "ip" when they do not know whever it is a source or destination IP address, or "ip-src" & "ip-dst" to have more clarity about the IP address * Merge pull request #185 from ater49/master. [Alexandre Dulaunoy] Adding IIN and bank_name in objects * Adding IIN and bank_name. [ater49] * Merge pull request #2 from MISP/master. [ater49] update * Add: [ssh-authorized-keys] object to add elements from SSH authorized keys (and do correlation for fun-and-profit(tm)) [Alexandre Dulaunoy] * Merge pull request #181 from ater49/master. [Alexandre Dulaunoy] Adding registration-date in domain-ip * Correcting "_" to "-" in fields name. [ater49] * Adding registration-date to domain-ip. [ater49] * Merge pull request #1 from MISP/master. [ater49] merge * Merge pull request #179 from mtday/fix-empty-misp-attribute. [Alexandre Dulaunoy] Attribute Fixes * Update the misp-attribute to specify a valid value instead of an empty string. [mday] * Merge pull request #178 from mtday/fix-missing-required-attribute. [Alexandre Dulaunoy] Fix Missing Required Attributes * Update the definition files of various object types so that the `required` and `requiredOneOf` lists no longer specify attributes that do not exist in the objects. [mday] * Add: [irc] IRC object to describe an IRC server with associated IRC channels. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-objects. [Raphaël Vinot] * Merge pull request #177 from haxpak/haxpak/update-device. [Andras Iklody] Haxpak/update device * Changed device type drop down from category to sane_default. [haxpak] * Merge pull request #174 from haxpak/haxpak/relationship-executes. [Andras Iklody] Haxpak/relationship executes * [added] relationship 'executes' : Describes a an object that executes another object. [haxpak] * Added relationship "executes" [haxpak] * Merge pull request #173 from haxpak/master. [Andras Iklody] added option "Further Analysis Required" to attribute stage of object course-of-action * Added option "Further Analysis Required" to attribute stage. [haxpak] * Merge pull request #172 from haxpak/haxpak/#24. [Andras Iklody] updated device object * Merge branch 'master' into haxpak/#24. [Andras Iklody] * Merge pull request #170 from haxpak/haxpak-objects. [Andras Iklody] Haxpak objects * Meta category for organization changed back to misc since schema_objects.json does not recognize organization as a meta category. [haxpak] * Corrected typo. [haxpak] * Added meta category organization. [haxpak] * Modified: relationships/definition.json. [haxpak] * Modified: objects/device/definition.json modified: objects/phishing-kit/definition.json. [haxpak] * Added MAC address to device meta category of organization changed to organization meta category of person object changed to organization new object phishing-kit. [haxpak] * Merge pull request #166 from haxpak/haxpak-objects. [Alexandre Dulaunoy] Added new objects * Changed organization meta category to misc. [haxpak] * Merge pull request #163 from haxpak/master. [Alexandre Dulaunoy] add : relationship "creates" * Added attribute DNS name to device object changed MAC address misp attribute to mac-address. [haxpak] * Added OS, version, dns-name attribute to device changed misp-attribute of mac-address from text to mac-address. [haxpak] * Reverted device to misc category. [haxpak] * Added requiredOneOf to device definition. [haxpak] * Fixed typos and ran jq_all_things. [haxpak] * - added : attachment attribute to annotation - added : new object type device. [haxpak] * Added : meta_category "organization" #162. [haxpak] * Modified : person object "changed UI priority of the attributes" modified : report object "added attachment to report" [haxpak] * New-object : Organization "Defines an organization" [haxpak] * Add : relationship "creates" [haxpak] * Add: [tor-hiddenservice] a simple object template to describe Tor Onion Service. [Alexandre Dulaunoy] * Merge pull request #161 from geekscrapy/geekscrapy-patch-1. [Alexandre Dulaunoy] Username is often utilised alongside a credential * Username is often utilised alongside a credential. [molley] Username can often identify malicious behavior, and is usually part of the credential tuple - it can also be used to highlight common user accounts without password/api key * Merge pull request #159 from geekscrapy/patch-1. [Alexandre Dulaunoy] Added current-directory to required field * Added current-directory to required field. [molley] This field will often indicate where a malicious binary is started from, therefore a good candidate for solo use * Merge pull request #158 from geekscrapy/patch-2. [Alexandre Dulaunoy] Added issuer as one of the required fields * Added issuer as one of the required fields. [molley] This is often a field used on it's own to identify a malicious cert * Add: New relationship "retrieved-from" [chrisr3d] * Merge pull request #155 from Delta-Sierra/master. [Alexandre Dulaunoy] remove accent from ilr objects * Merge pull request #154 from Delta-Sierra/master. [Alexandre Dulaunoy] add ilr-notification-incident object * Merge pull request #153 from Delta-Sierra/master. [Alexandre Dulaunoy] fix ilr-impact attributes names * Merge pull request #152 from Delta-Sierra/master. [Alexandre Dulaunoy] add ilr-impact object * Add injects-into and injected-into relationships. [Deborah Servili] * Remove accent from ilr objects - bis. [Deborah Servili] * Remove accent from ilrobjects. [Deborah Servili] * Add ilr-notification-incident object. [Deborah Servili] * Fix lr-impact attributes names. [Deborah Servili] * Disable correlations on ilr-impact attributes. [Deborah Servili] * Add ilr-impact object. [Deborah Servili] * Merge pull request #151 from MISP/rommelfs-patch-3. [Alexandre Dulaunoy] corrected order * Corrected order. [Sascha Rommelfangen] * Merge pull request #148 from marcnil815/master. [Alexandre Dulaunoy] Create splunk object definition.json * Jq'ed definition.json. [marcnil815] * Create splunk object definition.json. [marcnil815] Adding misp-object for basic splunk search/correlation search values. * Merge pull request #147 from Delta-Sierra/master. [Alexandre Dulaunoy] Person object - Add a (or several) role to a person * Person object - Add a (several) role to a person. [Deborah Servili] * Merge pull request #144 from MISP/rommelfs-patch-1. [Alexandre Dulaunoy] added hostname attribute to the phishing object * Added hostname attribute to the phishing object. [Sascha Rommelfangen] * Merge pull request #143 from rommelfs/master. [Alexandre Dulaunoy] added values valuable to operators * Added values valuable to operators. [Sascha Rommelfangen] * Update definition.json. [Andras Iklody] * Add: [anonymisation] Anonymisation object describing an anonymisation technique which is used in MISP anonymised attributes. [Alexandre Dulaunoy] * Merge pull request #141 from Delta-Sierra/master. [Alexandre Dulaunoy] fix jq_all_the_things script * Fix jq_all_the_things script. [Deborah Servili] * Merge pull request #140 from Delta-Sierra/master. [Alexandre Dulaunoy] add interpol notice object * Merge https://github.com/MISP/misp-objects. [Deborah Servili] * Merge pull request #139 from Delta-Sierra/master. [Alexandre Dulaunoy] Person object - add alias as a requiredOneof attribute * Merge branch 'master' of github.com:MISP/misp-objects. [chrisr3d] * Fix required field for interpol notice. [Deborah Servili] * Add interpol notice object. [Deborah Servili] * Update person object version. [Deborah Servili] * Add alias as a requiredOneof attribute. [Deborah Servili] * Merge pull request #138 from cvandeplas/master. [Alexandre Dulaunoy] chg: [http-request] IP as allowed type * Merge pull request #137 from StefanKelm/master. [Alexandre Dulaunoy] New object: Information related to known scanning activity (e.g. from research projects) * New object: Information related to known scanning activity (e.g. from research projects) [Stefan Kelm] * Merge pull request #136 from eCrimeLabs/master. [Alexandre Dulaunoy] Updated JA3 to have own data type ja3-fingerprint-md5 and bumped the … * Updated JA3 to have own data type ja3-fingerprint-md5 and bumped the version. [eCrimeLabs] * Merge pull request #135 from cvandeplas/master. [Christophe Vandeplas] fix: [relationships] removed duplicate * Add: [facial-composite] new facial composite object. [Alexandre Dulaunoy] * Merge pull request #134 from Delta-Sierra/master. [Alexandre Dulaunoy] Object Victim - Extended requiredOneof * Object Victim - Extended requiredOneof. [Deborah Servili] * Merge pull request #130 from deralexxx/patch-2. [Raphaël Vinot] new misp object for a timesketch message * New misp object for a timesketch message. [Alexander J] to be able to push timesketch messages (timesketch.org) to a misp event it is handy to have a specific type of object for it. * Add: [cortex] new object based on a discussion with Jerome L. from TheHive (thanks to SNCF) [Alexandre Dulaunoy] * Merge pull request #129 from tk-hendrik/cortex-taxonomy-obj. [Alexandre Dulaunoy] Added cortex taxonomy object definition * Added cortex taxonomy object definition. [Hendrik] * Merge pull request #127 from thomaspatzke/process-extension. [Alexandre Dulaunoy] Extension of process object * Extension of process object. [Thomas Patzke] * Merge pull request #126 from thomaspatzke/paste-fix. [Alexandre Dulaunoy] Fixed misp-attribute in link attribute of paste object * Fixed misp-attribute in link attribute of paste object. [Thomas Patzke] * Merge pull request #125 from SteveClement/master. [Alexandre Dulaunoy] chg: [definition] Extended crypto coin for enrichment module * Typo fixed. [Alexandre Dulaunoy] * Fix typo. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-objects. [Alexandre Dulaunoy] * Merge pull request #123 from neok0/sandbox-file-attribute. [Alexandre Dulaunoy] added sandbox-file type as attribute for storing e.g. sandbox results… * Fix failing check via running .jq_all_the_things.sh. [Tobias Mainka] * Added sandbox-file type as attribute for storing e.g. sandbox results file in sandbox-report object. [Tobias Mainka] * Merge pull request #122 from neok0/master. [Alexandre Dulaunoy] enable multiple summary attribute in report object * Enable multiple summary attribute in report object. [Tobias Mainka] * Merge branch 'master' of https://github.com/Aks6193/misp-objects. [Alexandre Dulaunoy] * Add: Web artefacts objects. [aksha] * Add: python-etvx object. [aksha] * Add: Regripper objects (System + Software Hive) [aksha] * Add: regripper objects for system hive. [aksha] * Add: Regripper 3 object templates including SAM hive and NTUSer.dat. [aksha] * Fix the required part of the url. [Alexandre Dulaunoy] * Add: [pcap-metadata] new object template for pcap file metadata (WiP) [Alexandre Dulaunoy] * Merge pull request #120 from MISP/alfred. [Alexandre Dulaunoy] new: Add Alfred relationships (CCCS) * Updated list of objects in README. [chrisr3d] * Merge branch 'master' of github.com:MISP/misp-objects. [Alexandre Dulaunoy] * Merge pull request #117 from DigitalLeukocyte/master. [Alexandre Dulaunoy] Added new IP Address Object * Added ip-api-address object. [DigitalLeukocyte] Object useful for IP data from http://ip-api.com. * Delete IP_API_IP_Address.json. [DigitalLeukocyte] * Deleted IP_API single file. [DigitalLeukocyte] * Uploaded IP_API Object in folder. [DigitalLeukocyte] * Updated to match more of ip-api.com. [DigitalLeukocyte] * Created for data from ip-api.com. [DigitalLeukocyte] * Create IP_API.JSON. [DigitalLeukocyte] * Merge branch 'Aks6193-master' [Alexandre Dulaunoy] * Merge branch 'master' of https://github.com/Aks6193/misp-objects into Aks6193-master. [Alexandre Dulaunoy] * Add: Misp object for Mactime-timeline-analysis. [aksha] * Merge pull request #115 from Delta-Sierra/master. [Alexandre Dulaunoy] add docs - time related objects * Add docs - time related objects. [Deborah Servili] * Merge pull request #114 from StefanKelm/master. [Alexandre Dulaunoy] BGP hijack * Bgp-hijack. [Stefan Kelm] * Bgp-hijack. [Stefan Kelm] * Bgp-hijack. [Stefan Kelm] * Merge pull request #113 from Terrtia/master. [Alexandre Dulaunoy] fix: [ail-leak] disable correlation * Merge branch 'master' of github.com:MISP/misp-objects. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-objects into chrisr3d_patch. [chrisr3d] * Jq all the things (tm) [Alexandre Dulaunoy] * Merge pull request #112 from Aks6193/master. [Alexandre Dulaunoy] Forensic-evidence * Update: Forensic-evidence object. [aksha] * Fixed intendation. [aksha] * Add: Object template for digital evidence. [aksha] * Merge pull request #1 from MISP/master. [Aks6193] chg: [forensic-case] object added based on the original one from @Aks… * Add: Misp object for Digital Forensic - Case metadata. [aksha] * Merge branch 'master' of github.com:MISP/misp-objects. [chrisr3d] * Added "signed-by" relationship fix #87. [Alexandre Dulaunoy] * Merge pull request #111 from Delta-Sierra/master. [Alexandre Dulaunoy] fix requiredOneOf lists regarding non-existing attributes * Fix file object version. [Deborah Servili] * Fix RequiredOneOf list in fle object. [Deborah Servili] * Url is not a field of email object, then not one of the requiredOneOf. [Deborah Servili] * Merge branch 'master' of github.com:MISP/misp-objects. [Alexandre Dulaunoy] * Allow multiple "pattern-in-file" in file object, fixes #109. [Andras Iklody] * Add: Updated relationships list with Cybox relationships best practices. [chrisr3d] * Merge branch 'master' of github.com:MISP/misp-objects. [Alexandre Dulaunoy] * Merge pull request #105 from chrisr3d/master. [Alexandre Dulaunoy] Added some relations used on stix1 files * Merge branch 'master' of github.com:MISP/misp-objects. [chrisr3d] * Add: Added some relations seen on stix. [chrisr3d] * Add: missing timesketch-timeline object template. [Alexandre Dulaunoy] * Merge pull request #104 from ahuan-gdms/master. [Alexandre Dulaunoy] adding STIX AIS Information source Object * STIX AIS Information source. [AH] * Merge pull request #103 from Terrtia/master. [Alexandre Dulaunoy] modify ail-leak object for the tagging system * Modify ail-leak object for the tagging system. [Thirion Aurélien] * Merge pull request #100 from cocaman/master. [Alexandre Dulaunoy] New misp-object for a shortened URL and the redirect URL * Renamed url attributed, versioning date based. [Corsin Camichel] * Updated definition, removed some attributes. [Corsin Camichel] * Shortened link and its redirect target. [Corsin Camichel] * Merge branch 'master' of github.com:MISP/misp-objects. [chrisr3d] * Add: Timecode object to describe a start of video sequence (e.g. CCTV evidence) and the end of the video sequence. [Alexandre Dulaunoy] * Attribute typo. [chrisr3d] * Add: Added protocol attribute in the network socket object. [chrisr3d] * Add: Added hostname (src & dst) attributes. [chrisr3d] * Merge branch 'master' of github.com:MISP/misp-objects. [Alexandre Dulaunoy] * Fixed link. [chrisr3d] * Network socket connection template object added. [Alexandre Dulaunoy] * Missing objects added. [Alexandre Dulaunoy] * Merge pull request #98 from yodresh/patch-2. [Alexandre Dulaunoy] Update definition.json * Update definition.json. [Alexandre De Oliveira] To avoid having multiple object for each similar attacks coming from the same source, we allow multiple attack source in the same attack. * First version of process object. [chrisr3d] - Potentially more attributes to come * Merge branch 'master' of github.com:MISP/misp-objects. [chrisr3d] * Added definition. [chrisr3d] * Merge branch 'master' of github.com:MISP/misp-objects. [chrisr3d] * Add: Context where the YARA rule can be applied. [Alexandre Dulaunoy] * Add: new timestamp object. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-objects. [Raphaël Vinot] * Merge pull request #97 from StefanKelm/master. [Alexandre Dulaunoy] * Update definition.json. [StefanKelm] * Allow multiple domains and/or IP addresses per object. [StefanKelm] * Network connection object. [chrisr3d] * Add: Added 2 relationships seen on stix. [chrisr3d] * Merge pull request #96 from ater49/master. [Raphaël Vinot] Adding comment fields in VT report objects * Adding ui-priority fields. [ater49] * Correction for multiple parameter. [ater49] * Modifying version number. [ater49] * Dding comment fields in VT report objects. [ater49] * Merge pull request #94 from Delta-Sierra/master. [Deborah Servili] regexp object - disable correlation on type * Regexp object - change version. [Deborah Servili] * Regexp object - disable correlation on type. [Deborah Servili] * Merge pull request #93 from chrisr3d/master. [Andras Iklody] Course of Action object * Add: Course of action description added in readme. [chrisr3d] * Course of Action object. [chrisr3d] * Merge pull request #92 from eCrimeLabs/master. [Alexandre Dulaunoy] Added target-system * Moved object into internal. [Dennis Rand] * Added target-system as object. [Dennis Rand] * Merge pull request #3 from MISP/master. [eCrimeLabs] Update * Merge pull request #2 from MISP/master. [eCrimeLabs] Updated from master * Add: Suricata template object added. [Alexandre Dulaunoy] * Add: Suricata object added with context. [Alexandre Dulaunoy] * Fail2ban and yara object template added in list. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-objects. [Raphaël Vinot] * Version fixed for X509 object. [Alexandre Dulaunoy] * Merge pull request #86 from Sh3idan/master. [Alexandre Dulaunoy] x509-add-required-one-of-serial-number * X509-add-required-one-of-serial-number. [Sheidan] * Merge branch 'master' of github.com:MISP/misp-objects. [Raphaël Vinot] * Add: new yara object added with a version number. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-objects. [Raphaël Vinot] * Jq all. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-objects. [Raphaël Vinot] * Add: Connected_To (old STIX 1.1 relationship) [Alexandre Dulaunoy] * Merge pull request #1 from MISP/master. [eCrimeLabs] fix: some parts of the URL can be repeated such as resource path, anc… * Merge pull request #85 from mokaddem/master. [Alexandre Dulaunoy] typo: passsword -> password * Typo: passsword -> password. [Sami Mokaddem] * Add: Cowrie object template added. [Alexandre Dulaunoy] * Add: Cowrie honeypot object template. [Alexandre Dulaunoy] * Merge branch 'zoomequipd-patch-1' [Alexandre Dulaunoy] * Correct rbn --> rtn. [zoomequipd] * Add aba-rtn to bank-account object. [zoomequipd] * Merge pull request #82 from chrisr3d/master. [Alexandre Dulaunoy] Fixed somme bank-account fields * Merge pull request #81 from chrisr3d/master. [Alexandre Dulaunoy] Fixed the bank-account meta-category * Fixed the bank-account meta-category. [chrisr3d] ... which is actually "financial" * Merge pull request #80 from chrisr3d/transaction_test. [Alexandre Dulaunoy] Attributes describing "t_to" and "t_from" fields of a transaction * Added default values of funds code. [chrisr3d] * Merge branch 'master' of github.com:MISP/misp-objects into transaction_test. [chrisr3d] * Merge pull request #79 from chrisr3d/master. [Alexandre Dulaunoy] Added optional attributes for a transaction * Added attributes to describe some origin and target fields of a transaction. [chrisr3d] * Added attributes for the teller and the authorizer of a transaction. [chrisr3d] * Changed http request object template. [Andras Iklody] require either uri or url, http method is no longer required. * Add: Common Alerting Protocol Version (CAP) object templates. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-objects. [Alexandre Dulaunoy] * Merge pull request #78 from chrisr3d/master. [Alexandre Dulaunoy] Transaction Object definition and readme file updated * Updated description and readme. [chrisr3d] * Add: Common Alerting Protocol Version (CAP) resource object. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-objects. [Alexandre Dulaunoy] * Merge pull request #76 from chrisr3d/master. [Alexandre Dulaunoy] Transaction object, first version * Merge branch 'master' of github.com:MISP/misp-objects. [chrisr3d] * Transaction object. [chrisr3d] * Add: Common Alerting Protocol Version (CAP) info object. [Alexandre Dulaunoy] * Common Alerting Protocol Version (CAP) alert object. [Alexandre Dulaunoy] * Merge pull request #75 from chrisr3d/master. [Alexandre Dulaunoy] legal-entity object * Fixed disable_correlation variable type. [chrisr3d] * Typo. [chrisr3d] * Added additional attributes. [chrisr3d] * Updated readme. [chrisr3d] * Merge branch 'master' of github.com:MISP/misp-objects. [chrisr3d] * Merge pull request #74 from chrisr3d/master. [Alexandre Dulaunoy] Updated person & geolocation objects * First version of the legal-entity object. [chrisr3d] * Description typo. [chrisr3d] * Merge pull request #73 from d-lord/master. [Alexandre Dulaunoy] Add email-body to the email object definition * Add email-body to the email object definition. [David Lord] * Add: bank-account added in the list. [Alexandre Dulaunoy] * Add: an object describing bank account information based on account description from goAML 4.0. [Alexandre Dulaunoy] A generic bank account partially based on the goAML 4.0 standard. The bank account alone can convey information regarding the type of transactions seen or suspected which allow to use the object alone without the need to describe the full list of transactions. Additional objects could be created like report, transactions and like to fully support AML. The existing person in MISP objects was previously updated to include the field missing from AML. A potential evolution is based on the transaction status which can be described as a simple relationship between MISP objects like: Bought, Sold, Let, Hired, Exchanged, Donated, Destroyed and Other * Merge branch 'LDO-CERT-master' [Raphaël Vinot] * Sandbox-signature. [garanews] Added object sb-signature * Add: Object to describe mutual exclusion locks (mutex) as seen in memory or computer program. [Alexandre Dulaunoy] * Remove registry hive because registry-key is enough. [Alexandre Dulaunoy] * Add: registry-hive object describing a Windows registry hive including key, subkey and value (and associated data if any) [Alexandre Dulaunoy] * Merge pull request #68 from yodresh/patch-1. [Alexandre Dulaunoy] Update SS7-attack definition.json * Update definition.json. [Alexandre De Oliveira] Adding the multiple possibility for SMSC GT to cover SMS Spaming case. Also text field for multiple details if needed. Adding "MapSmsText" attribute to help matching malicious URL, keywords or MSISDN inside SMS. * Merge pull request #66 from c-goes/sandbox_report_object. [Alexandre Dulaunoy] added sandbox-report object * Added sandbox-report object. [c-goes] * Add: An annotation object allowing analysts to add annotations, comments, executive summary to a MISP event, objects or attributes. [Alexandre Dulaunoy] * Add: ss7-attack object for the attack against GSM/UMTS networks seen in SS7 logging. [Alexandre Dulaunoy] * Add: Diameter attack object targeting GSM, UMTS and 4G networks. [Alexandre Dulaunoy] * Add: first version of a MISP object to describe GTP attack on GSM/UTMS/3G network. [Alexandre Dulaunoy] * Add: new relationship "drops" - This relationship describes an object which drops another object. [Alexandre Dulaunoy] * Add: new stix2-pattern object to include STIX 2 patterning. [Alexandre Dulaunoy] * Merge pull request #61 from cvandeplas/master. [Alexandre Dulaunoy] whois - adds nameserver attributes * Whois - adds nameserver attributes. [Christophe Vandeplas] adding nameserver attributes as a whois response contains those * Jq all the things! [Alexandre Dulaunoy] * Merge pull request #41 from truckydev/patch-1. [Alexandre Dulaunoy] regex addon * Regex addon. [truckydev] Add field to specify which type correspond to this regex. * Merge pull request #58 from c-goes/master. [Alexandre Dulaunoy] disable correlation for last-seen/first-seen/text * Disable correlation for last-seen/first-seen/text. [c-goes] * Android-permission and coin-address added. [Alexandre Dulaunoy] * Merge pull request #57 from c-goes/coin-address. [Alexandre Dulaunoy] Coin address object * Added coin-address object(2) [c-goes] * Added coin-address object. [c-goes] * Never trust standards using Google docs to store list of machine parsable information. [Alexandre Dulaunoy] Another good reason, why all open vocabularies in OASIS should be in parsable and validated JSON files. And not *bloody* list of words in a Google doc. * State of the file is no more correlated - and default state value is Malicious. [Alexandre Dulaunoy] * Merge pull request #56 from c-goes/victim_wip. [Alexandre Dulaunoy] Victim object extended, attributes changed * Victim object: changed attributes, added object relations(2) [c-goes] * Victim object: changed attributes, added object relations. [c-goes] * Disable correlation on classification on the victim object. [Alexandre Dulaunoy] * Typo fixed. [Alexandre Dulaunoy] * Add: x509-fingerprint-sha1 added to file object description (e.g signed APK but not PE) [Alexandre Dulaunoy] * Registar->registrar. [Alexandre Dulaunoy] * Add: first version of an android permission(s) object. [Alexandre Dulaunoy] * Merge pull request #54 from Delta-Sierra/master. [Alexandre Dulaunoy] ddos v5 - add destination domain attribute * Ddos v5 - add destination domain attribute. [Deborah Servili] * Merge pull request #53 from c-goes/filenames_multiple. [Alexandre Dulaunoy] allow multiple filenames for file * Allow multiple filenames. [c-goes] * Raw data is now an attachment. [Alexandre Dulaunoy] * Being lax on origin to avoid rebuilding url path for unknown services. [Alexandre Dulaunoy] * AIL leak template updated to include duplicate of leaks. [Alexandre Dulaunoy] * Add: "followed-by" - "preceding-by" added as relationship type when the time is not known. [Alexandre Dulaunoy] * Asn added in the default objects. [Alexandre Dulaunoy] * Added: Autonomous system object describing an autonomous system which can include one or more network operators management an entity (e.g. ISP) along with their routing policy, routing prefixes o r alike. [Alexandre Dulaunoy] Fix #50 * Merge branch 'master' of github.com:MISP/misp-objects. [Raphaël Vinot] * Merge pull request #49 from c-goes/master. [Alexandre Dulaunoy] Added file attribute screenshot to email object * Added file attribute screenshot to email object. [c-goes] * Merge pull request #48 from Delta-Sierra/master. [Andras Iklody] allow multiple ips in domain|ip object * Allow multiple ips in domain|ip object. [Deborah Servili] * Merge pull request #46 from Delta-Sierra/master. [Alexandre Dulaunoy] update ail-leak object * Update ail-leak object. [Deborah Servili] * Description clarified. [Alexandre Dulaunoy] * Typo fixed. [Alexandre Dulaunoy] * New objects added. [Alexandre Dulaunoy] * Add: credential object (fix #44) [Alexandre Dulaunoy] * Merge pull request #43 from Delta-Sierra/master. [Alexandre Dulaunoy] add cert eu relationships * Add cert eu relationships. [Deborah Servili] * Merge pull request #42 from Delta-Sierra/master. [Alexandre Dulaunoy] add cert-eu relationships * Replace space by dash in names. [Deborah Servili] * Add cert-eu relationships. [Deborah Servili] * Remove the executable flag from the json files. [Raphaël Vinot] * Add report object. [Raphaël Vinot] * Merge pull request #40 from CenturyLinkCIRT/master. [Raphaël Vinot] Disabled correlation for software name in av-signature * Fixed av-signature merge conflicts with upstream. [Thomas Gardner] * Fix the file object. [Alexandre Dulaunoy] * State added to file like signed, harmless... [Alexandre Dulaunoy] * Jq all the things. [Raphaël Vinot] * Merge pull request #39 from CenturyLinkCIRT/master. [Raphaël Vinot] added av-signature and virustotal-report * Disabled AV software correlation and re-ran jq-all-the-things. [Thomas Gardner] * Added av-signature and virustotal-report. [Thomas Gardner] * Merge pull request #34 from MISP/fix-31-2. [Alexandre Dulaunoy] Fix object name * Fix object name. [Raphaël Vinot] Related to: https://github.com/MISP/misp-objects/issues/31 * Merge pull request #33 from MISP/fix-31-1. [Alexandre Dulaunoy] Fix object name. * Fix object name. [Raphaël Vinot] Related to: https://github.com/MISP/misp-objects/issues/31 * Fix typo in the field. [Alexandre Dulaunoy] * Some updates including description of fields. [Alexandre Dulaunoy] * First version of Netflow object based on proposal from @JanKoDFNCERT. [Alexandre Dulaunoy] Open questions: - What is a minimal Netflow records? I relax a bit the required fields. - How does this work with IPFIX (and variable templates)? - How should we express the TCP flags expressed? (S/SA/SAF) * Add: RTIR - Request Tracker for Incident Response added in index. [Alexandre Dulaunoy] * Add: RTIR object added (as requested by CSP - Cyber Security Core Service Platform) [Alexandre Dulaunoy] * Merge branch 'ater49-patch-4' [Alexandre Dulaunoy] * Use url attribute type for link inside a post. [Alexandre Dulaunoy] * Merge branch 'patch-4' of https://github.com/ater49/misp-objects into ater49-patch-4. [Alexandre Dulaunoy] * Update definition.json. [ater49] Link attribute added in case of url present into the post. Multiple set to true for "username-quoted" * Merge pull request #29 from ater49/patch-2. [Alexandre Dulaunoy] New attribute: title * New attributes: title. [ater49] In case of paste or post has a title. Ghostbin.com origin added * Paste added. [Alexandre Dulaunoy] * Add: Paste or similar post from a website allowing to share privately or publicly posts. [Alexandre Dulaunoy] * Microblog object added. [Alexandre Dulaunoy] * Merge pull request #28 from deralexxx/patch-1. [Alexandre Dulaunoy] mention uuid * Mention uuid. [Alexander J] How to create a uuid and also mention the UUID in the example. https://twitter.com/alexanderjaeger/status/913505371817435138 * Merge branch 'ater49-patch-1' [Alexandre Dulaunoy] * Jq all and fix the space ;-) [Alexandre Dulaunoy] * Attributes username-quoted added. [ater49] Added Attributes: "username-quoted" Added types: LinkedIn, Reddit, Google+, Instagram * Add: Microblog post object like a Twitter tweet or a post on a Facebook wall. [Alexandre Dulaunoy] * Carbon copy field added. [Alexandre Dulaunoy] * Documentation links added. [Alexandre Dulaunoy] * Return-path added in email object. [Alexandre Dulaunoy] * Fixed the release version. [Alexandre Dulaunoy] * Sane_default added in the documentation. [Alexandre Dulaunoy] * Victim object added to the list. [Alexandre Dulaunoy] * Victim object added mainly based on the STIX 2.0 victim proposal. [Alexandre Dulaunoy] * Ja3 and person added in the list. [Alexandre Dulaunoy] * First version of the ja3 object based on the proposal from @delbs. [Alexandre Dulaunoy] * Fixing typo in the credit-card object. [Alexandre Dulaunoy] * 2.4.80 released. [Alexandre Dulaunoy] * Whois template fixed. [Alexandre Dulaunoy] * Fix #22. [Alexandre Dulaunoy] * Values_list added in the documentation. [Alexandre Dulaunoy] * An object describing a regular expression (regex or regexp). The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a regular expression. [Alexandre Dulaunoy] * Add: first version of a person object (partially based on the PNR types) [Alexandre Dulaunoy] * Link fixed. [Alexandre Dulaunoy] * Url fixed. [Alexandre Dulaunoy] * Add: first version of the credit-card object. [Alexandre Dulaunoy] * Port type instead of text. [Alexandre Dulaunoy] * Disable some correlations. [Raphaël Vinot] * Be consistent and use hyphen everywhere (not more underscore). [Alexandre Dulaunoy] Thanks to Terry MacDonald * Feedback from David added (two new relationships - triggers and detected_as) [Alexandre Dulaunoy] * Updated following Andras feedback. [Alexandre Dulaunoy] * Yabin updated following Andras feedback. [Alexandre Dulaunoy] * First version of a yabin object. [Alexandre Dulaunoy] * Relationships added to the documentation export. [Alexandre Dulaunoy] * Typo fixed. [Alexandre Dulaunoy] * Add descriptions in all the objects. [Raphaël Vinot] * Merge branch 'master' of github.com:MISP/misp-objects. [Raphaël Vinot] * First version of a documentation generator tool. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-objects. [Raphaël Vinot] * Phone object added. [Alexandre Dulaunoy] * Remove pipe from PE object def. [Raphaël Vinot] * Update definitions of binaries. [Raphaël Vinot] * Allow multiple entries of type flag in the ELFSection object. [Raphaël Vinot] * Phone defintion fixed. [Alexandre Dulaunoy] * Typo fixed. [Alexandre Dulaunoy] * First version of a mobile phone object. [Alexandre Dulaunoy] * Calls relationship type added. [Alexandre Dulaunoy] * Mach object file format added. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-objects. [Raphaël Vinot] * New relationship types added. [Alexandre Dulaunoy] * Some more relationship type. [Alexandre Dulaunoy] * Update ELF definitions, add MachO. [Raphaël Vinot] * Merge branch 'master' of github.com:MISP/misp-objects. [Raphaël Vinot] * Relationships types added + target MISP version. [Alexandre Dulaunoy] * Often used relationships added used for malware analysis. [Alexandre Dulaunoy] * Keep it consistent. [Alexandre Dulaunoy] * Add mimetype to file object template. [Raphaël Vinot] * Add schema for relationships. [Raphaël Vinot] * Make relationship type more generic. [Alexandre Dulaunoy] Make the relationship types more generic especially to avoid issue with community-designed standards that might change later the types, broke compatibility or decide to change their mind due to some proprietary vendors trying to lock-in the users. * First version of the types of relationships for MISP objects. [Alexandre Dulaunoy] Relationship type can be from existing STIX 2.0 ones, MISP relationships or other proposed by the community. Please be careful that a relationship type can influence the ability of export of MISP events if the type is not supported by the target format. * Version updated. [Alexandre Dulaunoy] * Merge pull request #18 from truckydev/truckydev_2357. [Alexandre Dulaunoy] add X509-fingerprint * Add X509-fingerprint. [truckydev] https://github.com/MISP/MISP/pull/2357 * Merge pull request #17 from CenturyLinkCIRT/master. [Alexandre Dulaunoy] added http-request object * Added http-request object. [Thomas Gardner] * A cookie object has been added. [Alexandre Dulaunoy] An HTTP cookie (web cookie, browser cookie) is a small piece of data that a server sends to the user's web browser. The object includes type which can help to describe the malicious use-case of the cookie. * Typo fixed in key-size - Thanks to @StefanKelm. [Alexandre Dulaunoy] * Update required entries for PE objects. [Raphaël Vinot] * Merge branch 'master' of github.com:MISP/misp-objects. [Raphaël Vinot] * Improved Tor node object to include support of the new Tor monitoring. [Alexandre Dulaunoy] * Template definitions are not always distributed along with the objects. [Alexandre Dulaunoy] * Add a comment field. [Alexandre Dulaunoy] * Tor node object template which are part of the Tor network at a time. [Alexandre Dulaunoy] * Ui-priority. [Alexandre Dulaunoy] * Ui-priority. [Alexandre Dulaunoy] * Ui-priority. [Alexandre Dulaunoy] * Ui-priority. [Alexandre Dulaunoy] * Ui-priority. [Alexandre Dulaunoy] * Ui-priority. [Alexandre Dulaunoy] * Ui-priority. [Alexandre Dulaunoy] * Ui-priority. [Alexandre Dulaunoy] * Ui-priority. [Alexandre Dulaunoy] * Ui-priority. [Alexandre Dulaunoy] * Ui-priority. [Alexandre Dulaunoy] * Ui-priority. [Alexandre Dulaunoy] * Ui-priority. [Alexandre Dulaunoy] * Ui-priority. [Alexandre Dulaunoy] * Ui-priority. [Alexandre Dulaunoy] * Ui-priority. [Alexandre Dulaunoy] * Ui-priority. [Alexandre Dulaunoy] * Ui-priority. [Alexandre Dulaunoy] * Ui-priority. [Alexandre Dulaunoy] * Ui-priority updated. [Alexandre Dulaunoy] * Ui-frequency updated. [Alexandre Dulaunoy] * Ui-frequency is the one! [Alexandre Dulaunoy] * Ui-priority is now the King! [Alexandre Dulaunoy] * Ui-priority is now the new frequency. [Alexandre Dulaunoy] * Misp-usage-frequency updated. [Alexandre Dulaunoy] * Misp-usage-frequency updated. [Alexandre Dulaunoy] * Misp-usage-frequency updated. [Alexandre Dulaunoy] * Misp-usage-frequency updated. [Alexandre Dulaunoy] * Misp-usage-frequency updated. [Alexandre Dulaunoy] * Misp-usage-frequency updated. [Alexandre Dulaunoy] * Misp-usage-frequency updated. [Alexandre Dulaunoy] * Misp-usage-frequency updated. [Alexandre Dulaunoy] * Misp-usage-frequency updated. [Alexandre Dulaunoy] * Misp-usage-frequency updated. [Alexandre Dulaunoy] * Misp-usage-frequency updated. [Alexandre Dulaunoy] * Misp-usage-frequency updated. [Alexandre Dulaunoy] * Misp-usage-frequency. [Alexandre Dulaunoy] * Misp-usage-frequency -> ui-priority. [Alexandre Dulaunoy] * Fix #14. [Alexandre Dulaunoy] * Merge pull request #15 from MISP/ddos-port-fix. [Alexandre Dulaunoy] Changed DDOS port attributes to port type * Changed DDOS port attributes to port type. [Andras Iklody] * Update versions. [Raphaël Vinot] * Enforce meta-category. [Raphaël Vinot] * Now meta category for ail to misc. [Alexandre Dulaunoy] * The list of default meta-category: file, network, financial, misc, internal has been updated. [Alexandre Dulaunoy] * Geolocation object added. [Alexandre Dulaunoy] * Jq of geolocation object. [Alexandre Dulaunoy] * Geolocation - an object to describe a geographic location. [Alexandre Dulaunoy] * Ail-leak, elf, self-section and r2graphity added to the list of MISP objects. [Alexandre Dulaunoy] * Jq of ail-leak. [Alexandre Dulaunoy] * Information leak object as defined by the AIL Analysis Information Leak framework. [Alexandre Dulaunoy] * Update required fields on PE object. [Raphaël Vinot] * Update attributes os r2graphity object. [Raphaël Vinot] * Updade r2graphity definition. [Raphaël Vinot] * Add initial version of the r2graphity object. [Raphaël Vinot] * Remove duplicate entries in file object. [Raphaël Vinot] * Merge branch 'master' of github.com:MISP/misp-objects. [Raphaël Vinot] * Jq all. [Alexandre Dulaunoy] * Merge branch 'master' of github.com:MISP/misp-objects. [Alexandre Dulaunoy] * Disable_correlation added. [Alexandre Dulaunoy] * Add and enforce UUID in the object definitions. [Raphaël Vinot] * Add malware-sample to file object. [Raphaël Vinot] * Merge pull request #10 from sebdraven/master. [Raphaël Vinot] add impfuzzy * Correct travis. [Sébastien Larinier] * Add impfuzzy. [Sébastien Larinier] * Disable_correlation added. [Alexandre Dulaunoy] * Update PE object. [Raphaël Vinot] * Merge pull request #9 from sebdraven/master. [Raphaël Vinot] add information in elf and elf sections * Correct travis failed. [Sébastien Larinier] * Add type of sections. [Sébastien Larinier] * Add attributes. [Sébastien Larinier] * Delete attribute. [Sébastien Larinier] * Merge pull request #8 from sebdraven/master. [Raphaël Vinot] add elf,elf-section and number of sections in a pe, and move pehash in pe object * Add elf,elf-section and number of sections in a pe, and move pehash in pe. [Sébastien Larinier] * Merge pull request #7 from sebdraven/master. [Alexandre Dulaunoy] add characteristics and ssdeep to pe-sections * Correct bug on characteristics. [Sébastien Larinier] * Correct bug. [Sébastien Larinier] * Correct bug. [Sébastien Larinier] * Add characteristics and ssdeep to pe-sections. [Sébastien Larinier] * Add disable_correlation. [Raphaël Vinot] * Merge branch 'master' of github.com:MISP/misp-objects. [Raphaël Vinot] * Add sane_default to the schema. [Alexandre Dulaunoy] * JQifized. [Alexandre Dulaunoy] * Url object added. [Alexandre Dulaunoy] * Url object JQified. [Alexandre Dulaunoy] * Url object describes an url along with its normalized field (e.g. using faup parsing library) and its metadata. [Alexandre Dulaunoy] * PE section added. [Alexandre Dulaunoy] * Update file/PE objects. [Raphaël Vinot] * Add sane defaults * Disable correlation when it doesn't make sense * Merge branch 'master' of github.com:MISP/misp-objects. [Raphaël Vinot] * Portable Executable format added. [Alexandre Dulaunoy] * Update file and pe, add pe-section. [Raphaël Vinot] * Add PE object. [Raphaël Vinot] * Update schema. [Raphaël Vinot] * Jq all the things. [Alexandre Dulaunoy] * Required_value for protocol added. [Alexandre Dulaunoy] * Required_value and sane_default description added. [Alexandre Dulaunoy] * DDoS object added. [Alexandre Dulaunoy] * First proposal of a DDoS object in MISP. [Alexandre Dulaunoy] * Add forgotten dep for travis. [Raphaël Vinot] * JQ all the things. [Raphaël Vinot] * Add testing, update travis. [Raphaël Vinot] * Registry-key and email objects added. [Alexandre Dulaunoy] * Merge pull request #1 from mike1703/master. [Alexandre Dulaunoy] email object added * Registry key object added. [Michael Kerscher] * Email object added. [Michael Kerscher] * Merge pull request #2 from MISP/Rafiot-patch-1. [Alexandre Dulaunoy] Update definition.json * Update definition.json. [Raphaël Vinot] * Passive dns link fixed. [Alexandre Dulaunoy] * Clarification regarding the multiple field as discussed with @igloska as used in the vulnerability object. [Alexandre Dulaunoy] * First version of the vulnerability object (basic CVE support) [Alexandre Dulaunoy] * Fix json files (file and whois) [Raphaël Vinot] * Add Travis file (validate json files) [Raphaël Vinot] * Raw-base64 attribute added. [Alexandre Dulaunoy] * X509 object added. [Alexandre Dulaunoy] * Ip-port added. [Alexandre Dulaunoy] * Ip-port added. [Alexandre Dulaunoy] An IP address and a port seen as a tuple (or as a triple) in a specific time frame. * Passive DNS record added as misp-object. [Alexandre Dulaunoy] * Passive DNS object added. [Alexandre Dulaunoy] * Typo fixed. [Alexandre Dulaunoy] * Definition and some clarification. [Alexandre Dulaunoy] * Optional text attributes added. [Alexandre Dulaunoy] * Pattern-in-file added. [Alexandre Dulaunoy] * File object added. [Alexandre Dulaunoy] * First version of the file object. [Alexandre Dulaunoy] * Whois object added + requireOneOf added. [Alexandre Dulaunoy] * Whois object added. [Alexandre Dulaunoy] * Misp-attribute is more logical. [Alexandre Dulaunoy] * Updates on the attributes format. [Alexandre Dulaunoy] * Some updates. [Alexandre Dulaunoy] * Simple README added. [Alexandre Dulaunoy] * Everything is meta... [Alexandre Dulaunoy] * Adding a category field to classify the object (e.g. quick filter) [Alexandre Dulaunoy] * Updated version based on feedback from Andras. [Alexandre Dulaunoy] * Proposal updated based on feedback from Andras. [Alexandre Dulaunoy] * A first experimental description of a MISP combined object. [Alexandre Dulaunoy] 2021-04-27T04:14:41+00:00 syncthing v1.16.0-rc.3 syncthing v1.16.0-rc.3 2021-04-27T06:13:48+00:00 This release adds untrusted / encrypted devices for public testing. It should still be considered beta / testing-only. Bugfixes: - #7026: panic: key not found when repairing DB - #7379: "Warning, this path is a subdirectory of an existing folder" does not appear when editing only folder label - #7533: Remote completion on untrusted devices is incorrect - #7548: Upgrading syncthing-relaysrv to 1.15.0 fails in post-installation - #7551: QUIC: failed to determine receive buffer size: doesn't have a SyscallConn - #7557: Encrypted folder(s) on Windows reported as "Unexpected Objects" - #7568: panic: runtime error: slice bounds out of range [24:3] - #7584: Folder label missing from folder path when adding new folders Enhancements: - #109: Support for file encryption (e.g. non-trusted servers) - #3322: GUI "Out of sync" modal uses massive amounts of CPU in browser - #7520: Ask for confirmation before reverting/overriding a folder 2021-04-27T06:13:48+00:00 intelmq 2.3.2 intelmq 2.3.2 2021-04-27T10:20:50+00:00 Installation documentation: https://intelmq.readthedocs.io/en/maintenance/user/installation.html Upgrade documentation: https://intelmq.readthedocs.io/en/maintenance/user/upgrade.html ### Core - `intelmq.lib.harmonization`: - `TLP` type: accept value "yellow" for TLP level AMBER. ### Bots #### Collectors - `intelmq.bots.collectors.shadowserver.collector_reports_api`: - Handle timeouts by logging the error and continuing to next report (PR#1852 by Marius Karotkis and Sebastian Wagner, fixes #1823). #### Parsers - `intelmq.bots.parsers.shadowserver.config`: - Parse and harmonize field `end_time` as date in Feeds "Drone-Brute-Force" and "Amplification-DDoS-Victim" (PR#1833 by Mikk Margus Möll). - Add conversion function `convert_date_utc` which assumes UTC and sanitizes the data to datetime (by Sebastian Wagner, fixes #1848). - `intelmq.bots.parsers.shadowserver.parser_json`: - Use the overwrite parameter for optionally overwriting the "feed.name" field (by Sebastian Wagner). - `intelmq.bots.parsers.microsoft.parser_ctip`: - Handle fields `timestamp`, `timestamp_utc`, `source_ip`, `source_port`, `destination_ip`, `destination_port`, `computer_name`, `bot_id`, `asn`, `geo` in `Payload` of CTIP Azure format (PR#1841, PR#1851 and PR#1879 by Sebastian Wagner). - `intelmq.bots.parsers.shodan.parser`: - Added support for unique keys and verified vulns (PR#1835 by Mikk Margus Möll). - `intelmq.bots.parsers.cymru.parser_cap_program`: - Fix parsing in whitespace edge case in comments (PR#1870 by Alex Kaplan, fixes #1862). #### Experts - `intelmq.bots.experts.modify`: - Add a new rule to the example configuration to change the type of malicious-code events to `c2server` if the malware name indicates c2 (PR#1854 by Sebastian Wagner). - `intelmq.bots.experts.gethostbyname.expert`: - Fix handling of parameter `gaierrors_to_ignore` with value `None` (PR#1890 by Sebastian Wagner, fixes #1886). #### Outputs - `intelmq.bots.outputs.elasticsearch`: Fix log message on required elasticsearch library message (by Sebastian Wagner). ### Documentation - `dev/data-harmonization`: Fix taxonomy name "information gathering" should be "information-gathering" (by Sebastian Wagner). ### Tests - `intelmq.tests.bots.parsers.microsoft.test_parser_ctip_azure`: - Add test case for TLP level "YELLOW". ### Known issues - ParserBot: erroneous raw line recovery in error handling (#1850). 2021-04-27T10:20:50+00:00 uBlock 1.35.1b0 uBlock 1.35.1b0 2021-04-27T13:02:44+00:00 [Commits to master since this release](https://github.com/gorhill/uBlock/compare/1.35.1b0...master) To install the developer build: - **Firefox**: Click [uBlock0_1.35.1b0.firefox.signed.xpi](https://github.com/gorhill/uBlock/releases/download/1.35.1b0/uBlock0_1.35.1b0.firefox.signed.xpi). - [uBO works best on Firefox](https://github.com/gorhill/uBlock/wiki/uBlock-Origin-works-best-on-Firefox). - **Chromium**: Install from the Chrome Web Store (CWS): <https://chrome.google.com/webstore/detail/ublock-origin-dev-build/cgbcahbpdhpcegmbfconppldiemgcoii>. - **Thunderbird**: Download [uBlock0_1.35.1b0.thunderbird.xpi](https://github.com/gorhill/uBlock/releases/download/1.35.1b0/uBlock0_1.35.1b0.thunderbird.xpi), then drag-n-drop it into Thunderbird's _Add-ons Manager_ pane (Thunderbird 65+ required) --- ## Notable commits without en entry in the issue tracker - [Stop autoplay for unset media source with no-large-media-elements](https://github.com/gorhill/uBlock/commit/81fadf836f305a9065bbebe21ca38afb7b12c8ee) - [Use CDN URLs as fall back URLs](https://github.com/gorhill/uBlock/commit/2a5e67e3f5158fc45657dee97369ab5d3a2b11d4) 2021-04-27T13:02:44+00:00 netbox v2.11.2 netbox v2.11.2 2021-04-27T14:46:38+00:00 ## Enhancements * [#6275](https://github.com/netbox-community/netbox/issues/6275) - Linkify rack, device counts on locations list * [#6278](https://github.com/netbox-community/netbox/issues/6278) - Note device locations on cable traces * [#6287](https://github.com/netbox-community/netbox/issues/6287) - Add option to clear assigned max length filter on prefixes list ## Bug Fixes * [#6236](https://github.com/netbox-community/netbox/issues/6236) - Journal entry title should account for configured timezone * [#6246](https://github.com/netbox-community/netbox/issues/6246) - Permit full-length descriptions when creating device components and VM interfaces * [#6248](https://github.com/netbox-community/netbox/issues/6248) - Fix table column reconfiguration under Chrome * [#6252](https://github.com/netbox-community/netbox/issues/6252) - Fix assignment of console port speed values above 19.2kbps * [#6254](https://github.com/netbox-community/netbox/issues/6254) - Disable ordering of space column in racks table * [#6258](https://github.com/netbox-community/netbox/issues/6258) - Fix parent assignment for SiteGroup API serializer * [#6262](https://github.com/netbox-community/netbox/issues/6262) - Support filtering by created/updated time for all relevant objects * [#6267](https://github.com/netbox-community/netbox/issues/6267) - Fix cable tracing API endpoint for circuit terminations * [#6289](https://github.com/netbox-community/netbox/issues/6289) - Fix assignment of VC member interfaces to LAG interfaces 2021-04-27T14:46:38+00:00 sslscan 2.0.10 sslscan 2.0.10 2021-04-27T15:41:30+00:00 2021-04-27T15:41:30+00:00 logstash v7.12.1 logstash v7.12.1 2021-04-27T16:56:21+00:00 Downloads: https://elastic.co/downloads/logstash Release notes: https://www.elastic.co/guide/en/logstash/7.12/logstash-7-12-1.html 2021-04-27T16:56:21+00:00 khal v0.10.3 khal v0.10.3 2021-04-27T17:18:38+00:00 * DROPPED support for Python 3.4 * FIX `khal interactive` now accepts -a/-d options (as documented) * FIX Strip whitespace when loading `displayname` and `color` files * FIX Warn when loading events with a recurrence that finishes before it starts * FIX Warn when loading events with a recurrence that never occurs * FIX Alarms without descriptions no longer crash `ikhal` * FIX Display all-day events at the top of the day in `ikhal` * FIX Keybindings in empty search results no longer crash `ikhal` * NEW Possibility to add a blank line before day in `khal` with `blank_line_before_day` option * FIX `new` keybinding in search no longer crash `ikhal` * NEW Improved sorting of events. Sort by `DTSTART`, `DTEND` then `SUMMARY`. * NEW Add url input and `{url}` template option 2021-04-27T17:18:38+00:00 asciidoctor v2.0.15 asciidoctor v2.0.15 2021-04-27T21:11:27+00:00 ## Summary Right on the tails of the previous release, this minor patch release comes out of thoroughly testing the Asciidoctor 1 to Asciidoctor 2 upgrade on several large documentation sites. That hope that the previous release was the last one in the 2.0.x series before work begins on 2.1.x now extends to this release. The main issue this release fixes is to provide fallback xreftext for HTML output and the correct linkend value for DocBook output when an xref resolves to the current document and no link text is provided. This release also brings three minor fixes to how attrlists are parsed, though the impact of these changes is likely very small. While working on parsing, we discovered that trailing punctuation (., ?, and !) was getting included in the target URL of an autolink in certain cases. The trailing punctuation now stays outside of the link. In the manpage output, keyboard references are now formatted in monospace. Additionally, text formatting markup should now be interpreted more accurately. Consult the CHANGELOG to find the full list of changes in this release. ## Distributions - [RubyGem (asciidoctor)](https://rubygems.org/gems/asciidoctor) Asciidoctor is also packaged for [Fedora](https://apps.fedoraproject.org/packages/rubygem-asciidoctor), [Debian](https://packages.debian.org/sid/asciidoctor), [Ubuntu](https://packages.ubuntu.com/search?keywords=asciidoctor), [Alpine Linux](https://pkgs.alpinelinux.org/packages?name=asciidoctor), [OpenSUSE](https://software.opensuse.org/package/rubygem-asciidoctor), and [Homebrew](http://brewformulas.org/Asciidoctor). You can use the system's package manager to install the package named **asciidoctor**. ## Release meta Released on: 2020-04-27 Released by: @mojavelinux Release beer: Casey, You're On Mute by 4 Noses Brewing Company Logs: [resolved issues](https://github.com/asciidoctor/asciidoctor/issues?q=label%3Av2.0.15+is%3Aclosed) | [full diff](https://github.com/asciidoctor/asciidoctor/compare/v2.0.14...v2.0.15) | [issues resolved in 2.0.x (cumulative)](https://github.com/asciidoctor/asciidoctor/milestone/33?closed=1) ## Changelog ## Bug Fixes * Don't include trailing period, question mark, or exclamation point in target (URL) of autolink (#3860) * Don't assign nil value to named attribute mapped to absent positional attribute when parsing attrlist (#4033) * Remove leading and trailing spaces around role on inline phrase (#4035) * Ignore empty role on inline phrase defined using legacy syntax and followed by comma (#4035) * Use xreftext on document as fallback link text in HTML output for inter-document xref that resolves to current document when no link text is provided (#4032) * Use xreftext on document as fallback link text in HTML output for internal xref with empty fragment when no link text is provided (#4032) * Use document ID as linkend in DocBook output for internal xref with empty fragment; auto-generating one if necessary (#4032) ## Improvements * Format keyboard references in monospace in manpage output ## Build / Infrastructure * Get remaining invoker tests working on JRuby 9.1 for Windows ## Credits A very special thanks to all the **awesome** [supporters of the Asciidoctor OpenCollective campaign](https://opencollective.com/asciidoctor) who provided critical funding for the development of this release as well as ongoing development of the project. We'd also like to thank the maintainers of the Rouge project, who helped us work through the compatibility issue with Rouge and applied a fix to restore it ahead of our own release. 2021-04-27T21:11:27+00:00 influxdb v2.0.5 influxdb v2.0.5 2021-04-27T21:56:36+00:00 ## v2.0.5 [2021-04-27] #### Docker `influxdb:2.0.5` #### Binary Packages OSS BINARY FILES | SHA256 ---------------------------------------|--------------------------------------- [influxdb2-2.0.5-linux-amd64.tar.gz](https://dl.influxdata.com/influxdb/releases/influxdb2-2.0.5-linux-amd64.tar.gz) | df61e3f93c4d50aebe4453f62326b3c53496a6e770ba4b05a9bfea6f6c643cb9 [influxdb2-client-2.0.5-linux-amd64.tar.gz](https://dl.influxdata.com/influxdb/releases/influxdb2-client-2.0.5-linux-amd64.tar.gz) | e69ec3c8fc12ee45f2004cd565821d27aee34faf426fb1763deb2fad02e8bffb [influxdb2-2.0.5-linux-arm64.tar.gz](https://dl.influxdata.com/influxdb/releases/influxdb2-2.0.5-linux-arm64.tar.gz) | b563cb2db284dbfa717a2170a5438b2c7562c3efec774d45cf95ea81d2876b97 [influxdb2-client-2.0.5-linux-arm64.tar.gz](https://dl.influxdata.com/influxdb/releases/influxdb2-client-2.0.5-linux-arm64.tar.gz) | d05aae48d70a983e79761324a1edcee620d7d0bb507ca4f35312b4000db01e76 [influxdb2-2.0.5-darwin-amd64.tar.gz](https://dl.influxdata.com/influxdb/releases/influxdb2-2.0.5-darwin-amd64.tar.gz) | 45386f2e78703be54cbd73e73205261a419820509995294aad69976614c2dac1 [influxdb2-client-2.0.5-darwin-amd64.tar.gz](https://dl.influxdata.com/influxdb/releases/influxdb2-client-2.0.5-darwin-amd64.tar.gz) | 752ae6d520daf480fa50b7fb74b4ac8e96d49d67938b34ad40671126cbf7af3d [influxdb2-2.0.5-windows-amd64.zip](https://dl.influxdata.com/influxdb/releases/influxdb2-2.0.5-windows-amd64.zip) | fa2c9b7f27fa7bd97cabf85977b644099138f134064a46c582d4edb29540fdca [influxdb2-client-2.0.5-windows-amd64.zip](https://dl.influxdata.com/influxdb/releases/influxdb2-client-2.0.5-windows-amd64.zip) | 808bae7b55f1fa2ce9e98b47c530c22b963dea879331c95620c80b8a84962bd6 OSS UBUNTU AND DEBIAN PACKAGE FILES | SHA256 ---------------------------------------|--------------------------------------- [influxdb2-2.0.5-amd64.deb](https://dl.influxdata.com/influxdb/releases/influxdb2-2.0.5-amd64.deb) | 749a793335c42b8b9fcb76899c58844407acbc30f978300de06a4a925f1fdaf1 [influxdb2-2.0.5-arm64.deb](https://dl.influxdata.com/influxdb/releases/influxdb2-2.0.5-arm64.deb) | 3bde279d0c428b1136ee18f03e95754c7acb2d8a1c4caa7de9f882cb7993c3e4 OSS REDHAT & CENTOS PACKAGE FILES | SHA256 ---------------------------------------|--------------------------------------- [influxdb2-2.0.5.x86_64.rpm](https://dl.influxdata.com/influxdb/releases/influxdb2-2.0.5.x86_64.rpm) | cbbc33fb641cb9b8d20467ae42c6ed1677ca5336f0d1a46935208e5ef16e9fe8 [influxdb2-2.0.5.arm64.rpm](https://dl.influxdata.com/influxdb/releases/influxdb2-2.0.5.arm64.rpm) | 5915d8833a2b4c7cd2cbc706b9ee6bf683dc8e018c0902c8a570cc0c7758dcb8 ### Windows Support This release includes our initial Windows preview build. ### Breaking Changes #### /debug/vars removed Prior to this release, the `influxd` server would always expose profiling information over `/debug/vars`. This endpoint was unauthenticated, and not used by InfluxDB systems to report diagnostics. For security and clarity, the endpoint has been removed. Use the `/metrics` endpoint to collect system statistics. #### `influx transpile` removed The `transpile` command has been retired. Users can send InfluxQL directly to the server via the `/api/v2/query` or `/query` HTTP endpoints. #### Default query concurrency changed The default setting for the max number of concurrent Flux queries has been changed from 10 to unlimited. Set the `query-concurrency` config parameter to > 0 when running `influxd` to re-limit the maximum running query count, and the `query-queue-size` config parameter to > 0 to set the max number of queries that can be queued before the server starts rejecting requests. #### Prefix for query-controller metrics changed The prefix used for Prometheus metrics from the query controller has changed from `query_control_` to `qc_`. ### Features 1. [20860](https://github.com/influxdata/influxdb/pull/20860): Add `--pprof-disabled` option to `influxd` to disable exposing profiling information over HTTP. 1. [20860](https://github.com/influxdata/influxdb/pull/20860): Add `/debug/pprof/all` HTTP endpoint to gather all profiles at once. 1. [20860](https://github.com/influxdata/influxdb/pull/20860): Upgrade `http.pprof-enabled` config in `influxd upgrade`. 1. [20846](https://github.com/influxdata/influxdb/pull/20846): Add `--compression` option to `influx write` to support GZIP inputs. 1. [20845](https://github.com/influxdata/influxdb/pull/20845): Add `influx task retry-failed` command to rerun failed runs. 1. [20965](https://github.com/influxdata/influxdb/pull/20965): Add `--metrics-disabled` option to `influxd` to disable exposing Prometheus metrics over HTTP. 1. [20962](https://github.com/influxdata/influxdb/pull/20962): Rewrite regex conditions in InfluxQL subqueries for performance. Thanks @yujiahaol68! 1. [20988](https://github.com/influxdata/influxdb/pull/20988): Add `--http-read-header-timeout`, `--http-read-timeout`, `--http-write-timeout`, and `--http-idle-timeout` options to `influxd`. 1. [20988](https://github.com/influxdata/influxdb/pull/20988): Set a default `--http-read-header-timeout` of 10s in `influxd`. 1. [20988](https://github.com/influxdata/influxdb/pull/20988): Set a default `--http-idle-timeout` of 3m in `influxd`. 1. [20949](https://github.com/influxdata/influxdb/pull/20949): Add support for explicitly setting shard-group durations on buckets. Thanks @hinst! 1. [20838](https://github.com/influxdata/influxdb/pull/20838): Add Swift client library to the data loading section of the UI 1. [21032](https://github.com/influxdata/influxdb/pull/21032): Display task IDs in the UI. 1. [21030](https://github.com/influxdata/influxdb/pull/21030): Update Telegraf plugins in UI to include additions and changes in 1.18 release. 1. [21049](https://github.com/influxdata/influxdb/pull/21049): Write to standard out when `--output-path -` is passed to `influxd inspect export-lp`. 1. [21050](https://github.com/influxdata/influxdb/pull/21050): Add `-p, --profilers` flag to `influx query` command. 1. [21126](https://github.com/influxdata/influxdb/pull/21126): Update UI to match InfluxDB Cloud. 1. [21144](https://github.com/influxdata/influxdb/pull/21144): Allow for disabling concurrency-limits in Flux controller. 1. [21166](https://github.com/influxdata/influxdb/pull/21166): Replace unique resource IDs (UI assets, backup shards) with slugs to reduce cardinality of telemetry data. 1. [21181](https://github.com/influxdata/influxdb/pull/21181): Enabled several UI features: Band & mosaic plot types, axis tick mark configuration, CSV file uploader, editable telegraf configurations, legend orientation options, and dashboard single cell refresh. 1. [21241](https://github.com/influxdata/influxdb/pull/21241): HTTP server errors output logs following the standard format. 1. [21227](https://github.com/influxdata/influxdb/pull/21268): Upgrade Flux to v0.113.0. ### Bug Fixes 1. [20886](https://github.com/influxdata/influxdb/pull/20886): Prevent "do not have an execution context" error when parsing Flux options in tasks. 1. [20872](https://github.com/influxdata/influxdb/pull/20872): Respect 24 hour clock formats in the UI and allow more choices 1. [20860](https://github.com/influxdata/influxdb/pull/20860): Remove unauthenticated, unsupported `/debug/vars` HTTP endpoint. 1. [20839](https://github.com/influxdata/influxdb/pull/20839): Fix TSM WAL segment size check. Thanks @foobar! 1. [20841](https://github.com/influxdata/influxdb/pull/20841): Update references to docs site to use current URLs. 1. [20837](https://github.com/influxdata/influxdb/pull/20837): Fix use-after-free bug in series ID iterator. Thanks @foobar! 1. [20834](https://github.com/influxdata/influxdb/pull/20834): Fix InfluxDB port in Flux function UI examples. Thanks @sunjincheng121! 1. [20833](https://github.com/influxdata/influxdb/pull/20833): Fix Single Stat graphs with thresholds crashing on negative values. 1. [20843](https://github.com/influxdata/influxdb/pull/20843): Fix data race in TSM cache. Thanks @StoneYunZhao! 1. [20967](https://github.com/influxdata/influxdb/pull/20967): Log error details when `influxd upgrade` fails to migrate databases. 1. [20966](https://github.com/influxdata/influxdb/pull/20966): Prevent time field names from being formatted in the Table visualization. 1. [20918](https://github.com/influxdata/influxdb/pull/20918): Deprecate misleading `retentionPeriodHrs` key in onboarding API. 1. [20851](https://github.com/influxdata/influxdb/pull/20851): Fix TSM WAL segment size computing. Thanks @StoneYunZhao! 1. [20844](https://github.com/influxdata/influxdb/pull/20844): Repair swagger to match implementation of DBRPs type. 1. [20987](https://github.com/influxdata/influxdb/pull/20987): Fix the cipher suite used when TLS strict ciphers are enabled in `influxd`. 1. [21031](https://github.com/influxdata/influxdb/pull/21031): Fix parse error in UI for tag filters containing regex meta characters. 1. [20836](https://github.com/influxdata/influxdb/pull/20836): Fix data race in TSM engine when inspecting tombstone stats. 1. [21048](https://github.com/influxdata/influxdb/pull/21048): Prevent concurrent access panic when gathering bolt metrics. 1. [21144](https://github.com/influxdata/influxdb/pull/21144): Fix race condition in Flux controller shutdown. 1. [21151](https://github.com/influxdata/influxdb/pull/21151): Use descending cursor when needed in window aggregate Flux queries. 1. [21230](https://github.com/influxdata/influxdb/pull/21230): Reduce lock contention when adding new fields and measurements. 1. [21232](https://github.com/influxdata/influxdb/pull/21232): Escape dots in community templates hostname regex. 2021-04-27T21:56:36+00:00 hindsight v2021.04.26 hindsight v2021.04.26 2021-04-27T23:26:06+00:00 The **2021.04.26** release of Hindsight is here! Read on for details on the changes: ## 🚀 Features - Parse "Site Characteristics Database" LevelDB @obsidianforensics (#73) - Add plugin to run Unfurl across Local Storage values @obsidianforensics (#77) - Add support for Chrome 88 - 90 (#72, #79) ## 🛠️ Minor Changes & Fixes - Update Chrome Extensions parser to work on updated artifact types. @obsidianforensics (#82) - Added additional download interrupt\_reason codes. Minor style fixes. @obsidianforensics (#81) - Add more exception handling around LevelDB records in case of corruption @obsidianforensics (#78) - Add check to ensure duration values in Media History are plausible @obsidianforensics (#75) - Fix bug in per\_host\_zoom\_levels parsing @obsidianforensics (#74) - If autofill values are encrypted (as Edge's are), replace the encrypted bytes with a placeholder @obsidianforensics (#70) - Add new visit\_source values to Update chrome.py @chadtilbury (#68) Both the GUI and command line versions of this release are available as: - compiled exes attached to this release or in the dist/ folder - .py versions are available by `pip install pyhindsight` or by downloading/cloning the GitHub repo. 2021-04-27T23:26:06+00:00 wazuh v3.13.3 wazuh v3.13.3 2021-04-28T06:27:52+00:00 ## Fixed - Fixed a bug in Vulnerability Detector that made Modulesd crash while updating the NVD feed due to a missing CPE entry. ([#8346](https://github.com/wazuh/wazuh/pull/8346)) 2021-04-28T06:27:52+00:00 Loki 0.41.0 Loki 0.41.0 2021-04-28T06:59:08+00:00 - build with YARA 4.1.0 - performance improvements (20-35%) - lower memory usage 2021-04-28T06:59:08+00:00 ChameleonMini Build-41fa24352106274142bbc467b90313f36ef11f2c ChameleonMini Build-41fa24352106274142bbc467b90313f36ef11f2c 2021-04-28T14:01:32+00:00 Built at commit 41fa24352106274142bbc467b90313f36ef11f2c from fptrs 2021-04-28T14:01:32+00:00 ILSpy v7.0 ILSpy v7.0 2021-04-28T16:33:03+00:00 # New Language Features * C# 9.0: record classes * C# 9.0: with expressions * C# 9.0: primary constructors * Support for .NET 5 custom calling conventions * Improved support for Unsafe-intrinsics # UI Improvements * Dark mode (@tom-englert in #2347) * .NET bundles and Nuget packages are now directly embedded in the tree view * Search enabled in NuGet packages * Added setting highlight the current line in the code view (see #2224, by @DickvdBrink) * Simple UI language switching support # General * Support for .NET bundles (see #2191) * Detect use of csc /deterministic switch * Improve assembly resolver API to allow async usage * #2286: Enable server-mode GC in ILSpy * Building ILSpy for .NET 5 is now possible (see [multitargeting.props.template](https://github.com/icsharpcode/ILSpy/blob/master/multitargeting.props.template#L3)) * Improved project/solution decompilation (see #2186, by @wwh1004) * Updated ReadyToRun (see #2238 & #2279, by @cshung) * Added inline display of CustomDebugInformation table entries in metadata * Add metadata tree nodes for blob, guid, string and user string heap * Performance improvements in DataGrid filter (by @tom-englert) * Adjust fitness calculation for destructors (by @MikeFH in #2344) * Refactored insertion of search results (by @MikeFH in #2335) * Align dependencies with Roslyn 3.8.0, see #2173 (affects ICSharpCode.Decompiler NuGet package users) * Removed the dependency on Humanizer (see #2232 and #2235) # Bug fixes * Fix #2192: Add support for VB.NET delegate construction * Fix #2195: foreach loop conversion accidentally removes end container labels * Fix #2197: .NET 5 RC2: "Analyze/Used By" throws BadImageFormatException * Fix #2196: Add support for extern local functions. * Fix #1079: CSharpFormattingOptions.AutoPropertyFormatting has no effect * Fix #2222: switch-expression does not support implicit conversions. * #2241: Fix possible NRE in TypeProvider.GetTypeFromReference * Fix #2233: ResourcesFileTreeNode no longer creates child nodes for BAML files * Fix #2230: do not emit directly consecutive null propagation operators * Fix #603: Single element arrays should not span multiple lines * Fixed crash when loading DLLs with invalid sections in their `.deps.json` (see #2227, by @bernd5) * #2278: Implement support for CSharpBinderFlags.InvokeSimpleName * #2280: Add additional checks to GenerateVariableName * #2275: Fix exception when assembly does not contain proper MetadataVersion. * #2260: Fix switch(string) transform: handle empty cases where the C# compiler optimizes out the `if` * #2288: Fix decompilation of nullable lifting in expression trees (by @wwh1004) * PDBGen: Ignore duplicated ILFunctions (see 5a8b488) * #2314: ILSpy incorrectly resolves a runtime dependency when dll is present in both WindowsDesktop.App and NETCore.App * #1648 and #2133: Use simple assembly names for KnownThings to allow the resolver to use the relative framework version * #2349: Use proper ExpressionType with DynamicCompoundAssign. * #1512: XmlDocumentationProvider Unable to load some XML files to have special characters * #2342: Do not generate empty names for foreach loop variables. * #2340: Do not traverse assemblies with load errors in AssemblyList.GetAllAssemblies() * #2356: Can't navigate if switch language in Analyze panel * Improved decompilation of rethrow/throw and finally blocks in async methods. (see #1749, #2339 and #2353) 2021-04-28T16:33:03+00:00 MISP v2.4.142 MISP v2.4.142 2021-04-28T16:34:37+00:00 # MISP 2.4.142 released MISP 2.4.142 released including many new features, a security fix and a long list of quality of life improvements. ![](https://www.misp-project.org/assets/images/misp/blog/new-ransomware-1.png) # Correlation changes One of the most annoying bottlenecks in how we use MISP currently is caused by low quality correlations, both in terms of usability and having a clear view on relevant relationships among data-points. These very often come from either sub-optimal strategies chosen on data creation/ingestion for certain types of attributes, but very often also on edge cases. With the current release we've included two main tools to combat this: ### Correlation exclusions We can now remove individual values from ever correlating again, so if you come across some typical noisy values (such as empty file hashes, registry values of 000000, internal IPs recurrinly encoded by your sandbox), you can add those to the exclusion list. Once added, you can execute the cleaning of the existing correlations, to retroactively execute your exclusion rules. This is a background processed task and depending on the amount of correlations you have may take quite some time (it took us around 30 minutes on 25M correlations), so just fire it off and check back later whether the job has completed. You can also comment your reason for removing an entry. In the future we plan on publishing community maintained default exclusion lists. ![Correlation exclusion in MISP](https://www.misp-project.org/assets/images/misp/blog/correlation-exclusion.png) ### Top correlations List the most correlating values in your instance - in order to evaluate which the most problematic correlations are, simply have a look at the most noisy correlations. We've had some surprising entries in our communities, so perfect time to do some spring cleaning. Just hit the delete button on a correlation and it will add a rule to your correlation exclusion list - just don't forget to run the historic cleanup from the correlation exclusion index to remove already existing correlations matching your newly added rules. # Server sync rule management rework ![MISP server sync rule management](https://www.misp-project.org/assets/images/misp/blog/pull-rules.png) One of the more painful aspects of managing servers has been the historically bad UI used to manage filter rules. This has now been completely revamped, both with a new look but familiar look and feel as well as some clever new tools to make it more usable. For example, when creating pull filters, your instance will now attempt to contact the remote instance to retrieve a list of available tags, so that you no longer have to manually enter all of the filters when creating pull rules. The JSON rule field allowing custom filters now also uses a handy JSON parsing text entry, allowing you to avoid potential mistakes. # New dashboard widgets Thanks to Jeroen Pinoy, we have some new dashboard widgets meant to give you better oversight over how your instance is being used, showing some usage statistics as well as tools to monitor the growth of the user base of the community. ![](https://www.misp-project.org/assets/images/misp/blog/evolution-usercount.png) # A bunch of other fixes including security fixes We have also a [security](https://www.misp-project.org/security/) issue (CVE-2021-31780) causing a potential misalignment of sharing groups on synced attributes, so we highly encourage everyone to update their MISP instance. Besides that we have introduced a long list of quality of life improvements as well as [many fixes](https://www.misp-project.org/Changelog.txt). # Acknowledgement We would like to thank all the [contributors](https://www.misp-project.org/contributors), reporters and users who have helped us in the past months to improve MISP and information sharing at large. This release includes multiple updates in [misp-objects](https://www.misp-project.org/objects.html), [misp-taxonomies](https://www.misp-project.org/taxonomies.html) and [misp-galaxy](https://www.misp-project.org/galaxy.html) . The MISP galaxy includes a major update in the Ransomware galaxy which now includes more than 1600 documented ransomware. As always, a detailed and [complete changelog is available](https://www.misp-project.org/Changelog.txt) with all the fixes, changes and improvements. 2021-04-28T16:34:37+00:00 openlibrary deploy-2021-04-28 openlibrary deploy-2021-04-28 2021-04-28T23:39:46+00:00 General: - @Yashs911 a11y: Add lang attribute to the language menu (#5081) - @mekarpeles Hotfix: Invalid syntax in covers add template (#5086) - @mekarpeles a11y: Add `lang` to html template globals (#5065) - @RayBB a11y: Make user list header levels more accessible (#5005) - @Yashs911 a11y: Fix Individual Subject Page Images Accessibility (#4651) - @lephemere Discard catalog edition number in DDC parser (#4980) - @lephemere APIs: Make more /search urls work with /search.json (#5041) - @Yashs911 Make reading log import and export page responsive (#4981) - @Yashs911 Add Half Star Rating (#4401) - @RayBB Fix: markdown preview word wrap (#5017) - @mheiman Fix: Re-adding book to reading log should use the edition_id (#4932) - @hornc /*.rdf improvements (#3855) - @Yashs911 a11y: Fix Home Page Keyboard Accessibility (#4957) - @Yashs911 Small UI tweaks to lists on user profile (#4920) - @prakashaditya369 Display patron's lists under "Want to Read" button (#4597) - @finnless Add Search Inside box to borrowable books (#4716) Dev: - @lephemere Refactor/Move inline js from work_search template (#5068) - @cdrini Small fixes to deploy script (#5082) - @cdrini Solrbuilder fixes and cleanups (#5048) - @dhruvmanila Faster CI: Cache entire pip instead of just wheels (#5057) - @cdrini Use olbase on prod instead of oldev (#5090) - @cdrini Fixup to solr-updater (#5101) - @RayBB add links to github workflow and label docs (#5084) - @RayBB remove inline js from user view (#5096) - @cdrini Clean up new-solr-updater + add solr8-updater service (#5056) Dependencies: - @dependabot[bot] Bump ssri from 6.0.1 to 6.0.2 (#5067) - @dependabot[bot] Bump pymemcache from 3.4.1 to 3.4.2 (#5061) Stats: - PR Authors: @Yashs911 (6), @cdrini (6), @RayBB (4), @lephemere (3), @mekarpeles (2), @bpmcneilly (1), @dhruvmanila (1), @finnless (1), @hornc (1), @mheiman (1), @prakashaditya369 (1) - PR Assignees: @mekarpeles (12), @jdlrobson (6), @bpmcneilly (5), @cdrini (4), @dhruvmanila (1) Full diff: https://github.com/internetarchive/openlibrary/compare/deploy-2021-04-21...deploy-2021-04-28 PRs: [is:pr is:merged merged:2021-04-21T21:05:03Z..2021-04-28T22:02:33Z sort:updated-asc](https://github.com/internetarchive/openlibrary/pulls?q=is%3Apr%20is%3Amerged%20merged%3A2021-04-21T21%3A05%3A03Z..2021-04-28T22%3A02%3A33Z%20sort%3Aupdated-asc) 2021-04-28T23:39:46+00:00 graudit v3.0 graudit v3.0 2021-04-29T06:11:22+00:00 Fixed broken Java rule causing massive false positives Additional PHP fruit rules 2021-04-29T06:11:22+00:00 cti ATT&CK-v9.0 cti ATT&CK-v9.0 2021-04-29T13:06:13+00:00 - See release notes for the content changes [here](https://attack.mitre.org/resources/updates/updates-april-2021) - See a summary of STIX changes [here](https://github.com/mitre/cti/blob/master/CHANGELOG.md#changes-to-stix-for-april-2021-attck-content-release-attck-v90) 2021-04-29T13:06:13+00:00 rita v4.2.1 rita v4.2.1 2021-04-29T17:49:35+00:00 Changes: - Make `--config` a global option on `rita` command (#631) - Add support for detecting beacons behind HTTP proxies (#632) Bug Fixes: - Remove invalid certificates from old chunks when using the rolling importer (#634) 2021-04-29T17:49:35+00:00 influxdb v2.0.6 influxdb v2.0.6 2021-04-29T18:35:46+00:00 # v2.0.6 [2021-04-29] #### Docker `influxdb:2.0.6` #### Binary Packages OSS BINARY FILES | SHA256 ---------------------------------------|--------------------------------------- [influxdb2-2.0.6-linux-amd64.tar.gz](https://dl.influxdata.com/influxdb/releases/influxdb2-2.0.6-linux-amd64.tar.gz) | f24ab5afe20d095a0e44267bf21b094007015b5deaf8442c691130fa18ebc10d [influxdb2-client-2.0.6-linux-amd64.tar.gz](https://dl.influxdata.com/influxdb/releases/influxdb2-client-2.0.6-linux-amd64.tar.gz) | 768de0fc0b763ddaf0d322987bcfa5c4b2c68a79feb0d601b2f5ea9d3329e99c [influxdb2-2.0.6-linux-arm64.tar.gz](https://dl.influxdata.com/influxdb/releases/influxdb2-2.0.6-linux-arm64.tar.gz) | d77fe08751c0d1c8699bd4fa65af142f4a96c6c33255b6232a8867332f828898 [influxdb2-client-2.0.6-linux-arm64.tar.gz](https://dl.influxdata.com/influxdb/releases/influxdb2-client-2.0.6-linux-arm64.tar.gz) | 367e338c121c44f06dfc888a3cdd9382437eeefbc8313db786617849f60ca28b [influxdb2-2.0.6-darwin-amd64.tar.gz](https://dl.influxdata.com/influxdb/releases/influxdb2-2.0.6-darwin-amd64.tar.gz) | 2091761ba37209c91c021c9b2c9590043f515ff39511188aa9021f1feae476b2 [influxdb2-client-2.0.6-darwin-amd64.tar.gz](https://dl.influxdata.com/influxdb/releases/influxdb2-client-2.0.6-darwin-amd64.tar.gz) | db62fd5be1fbe690a01b7f3aaf1f4c44ceabd1a8e5d95365a2e33553ed868ac2 [influxdb2-2.0.6-windows-amd64.zip](https://dl.influxdata.com/influxdb/releases/influxdb2-2.0.6-windows-amd64.zip) | f5c50e6a9d8df3ee145ad655a6dd8084959dd40f5db391ffe939c341abe4974a [influxdb2-client-2.0.6-windows-amd64.zip](https://dl.influxdata.com/influxdb/releases/influxdb2-client-2.0.6-windows-amd64.zip) | 29023770f3e025e2da3557066418cb0ee4648ff19f6a7d413722649ac9f55b7f OSS UBUNTU AND DEBIAN PACKAGE FILES | SHA256 ---------------------------------------|--------------------------------------- [influxdb2-2.0.6-amd64.deb](https://dl.influxdata.com/influxdb/releases/influxdb2-2.0.6-amd64.deb) | 7d8de2c5806593e3a14f19a681515a4b36f3fe23eb1b19a23a551d89de8c20a6 [influxdb2-2.0.6-arm64.deb](https://dl.influxdata.com/influxdb/releases/influxdb2-2.0.6-arm64.deb) | d5a004776002638f286aad4e2795eb34eb5c318933be4344e83cd219495644cf OSS REDHAT & CENTOS PACKAGE FILES | SHA256 ---------------------------------------|--------------------------------------- [influxdb2-2.0.6.x86_64.rpm](https://dl.influxdata.com/influxdb/releases/influxdb2-2.0.6.x86_64.rpm) | a1e2a9e226e21761d49f153e37dbe0ad281c3171076e3d1c298530b2e01c2fab [influxdb2-2.0.6.arm64.rpm](https://dl.influxdata.com/influxdb/releases/influxdb2-2.0.6.arm64.rpm) | e9b287d9aa6be3447ec3dd67ed9ab6ee84d28712cb18e39295e6ea5ad5ab542d ### Bug Fixes 1. [21325](https://github.com/influxdata/influxdb/pull/21325): Ensure query config written by influxd upgrade is valid. 1. [21325](https://github.com/influxdata/influxdb/pull/21325): Revert to nonzero defaults for `query-concurrency` and `query-queue-size` to avoid validation failures for upgrading users. 1. [21325](https://github.com/influxdata/influxdb/pull/21325): Don't fail validation when `query-concurrency` is 0 and `query-queue-size` is > 0. 2021-04-29T18:35:46+00:00 uBlock 1.35.1b2 uBlock 1.35.1b2 2021-04-29T20:38:45+00:00 [Commits to master since this release](https://github.com/gorhill/uBlock/compare/1.35.1b2...master) To install the developer build: - **Firefox**: Click [uBlock0_1.35.1b2.firefox.signed.xpi](https://github.com/gorhill/uBlock/releases/download/1.35.1b2/uBlock0_1.35.1b2.firefox.signed.xpi). - [uBO works best on Firefox](https://github.com/gorhill/uBlock/wiki/uBlock-Origin-works-best-on-Firefox). - **Chromium**: Install from the Chrome Web Store (CWS): <https://chrome.google.com/webstore/detail/ublock-origin-dev-build/cgbcahbpdhpcegmbfconppldiemgcoii>. - **Thunderbird**: Download [uBlock0_1.35.1b2.thunderbird.xpi](https://github.com/gorhill/uBlock/releases/download/1.35.1b2/uBlock0_1.35.1b2.thunderbird.xpi), then drag-n-drop it into Thunderbird's _Add-ons Manager_ pane (Thunderbird 65+ required) --- ## Closed as fixed: ### Firefox 66.0 and earlier. - [Element picker, zapper and procedural filtering not working on facebook.com](https://github.com/uBlockOrigin/uBlock-issues/issues/1571) ## Notable commits without en entry in the issue tracker - [Better handle network error when fetching sublist](https://github.com/gorhill/uBlock/commit/fca4db80217ddc52973408da282227d23b6843d1) - [Stop autoplay for unset media source with no-large-media-elements](https://github.com/gorhill/uBlock/commit/81fadf836f305a9065bbebe21ca38afb7b12c8ee) - [Use CDN URLs as fall back URLs](https://github.com/gorhill/uBlock/commit/2a5e67e3f5158fc45657dee97369ab5d3a2b11d4) 2021-04-29T20:38:45+00:00 analyzer-d4-ipa v0.2 analyzer-d4-ipa v0.2 2021-04-30T09:40:29+00:00 # Mains changes - Bump lxml to v4.6.3 2021-04-30T09:40:29+00:00 seaweedfs 2.42 seaweedfs 2.42 2021-04-30T10:40:00+00:00 * FUSE Mount * Handle random reads more memory efficient #2037 * S3 * authorization uses bucket wild cards #2030 * Minor * Volume server: `-minFreeSpace` option supports specific free space size #2025 * Do not compress on brotlii archives #2031, rar files #2032 2021-04-30T10:40:00+00:00 uBlock 1.35.2 uBlock 1.35.2 2021-04-30T13:45:39+00:00 [Commits to master since this release](https://github.com/gorhill/uBlock/compare/1.35.2...master) [Commits since last release](https://github.com/gorhill/uBlock/compare/1.35.0...1.35.2) To install the stable build: - **Firefox**: Review pending <!-- Click [uBlock0_1.35.0.firefox.signed.xpi](https://addons.mozilla.org/firefox/downloads/file/3763753/ublock_origin-1.35.0-an+fx.xpi) --> - [uBO works best on Firefox](https://github.com/gorhill/uBlock/wiki/uBlock-Origin-works-best-on-Firefox). - **Chromium**: Submission pending <!-- Install from the Chrome store (CWS): <https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm> --> - **Edge**: Install from Microsoft Store: <https://microsoftedge.microsoft.com/addons/detail/odfafepnkmbhccpbejgmiehpchacaeak> - The Microsoft Store version of uBO is published by [Nik Rolls](https://github.com/nikrolls/uBlock-Edge) - **Opera**: Submission pending <!-- Install from Opera addons: <https://addons.opera.com/en/extensions/details/ublock/> --> --- ## Closed as fixed: ### Firefox 66.0 and earlier. - [Element picker, zapper and procedural filtering not working on facebook.com](https://github.com/uBlockOrigin/uBlock-issues/issues/1571) ## Notable commits without en entry in the issue tracker - [Better handle network error when fetching sublist](https://github.com/gorhill/uBlock/commit/fca4db80217ddc52973408da282227d23b6843d1) - [Stop autoplay for unset media source with no-large-media-elements](https://github.com/gorhill/uBlock/commit/81fadf836f305a9065bbebe21ca38afb7b12c8ee) - [Use CDN URLs as fall back URLs](https://github.com/gorhill/uBlock/commit/2a5e67e3f5158fc45657dee97369ab5d3a2b11d4) 2021-04-30T13:45:39+00:00 pwntools 4.5.0 pwntools 4.5.0 2021-04-30T16:14:29+00:00 - [#1261][1261] Misc `run_in_new_terminal` improvements (notably gdb terminated by default) - [#1695][1695] Allow using GDB Python API - [#1735][1735] Python 3.9 support in safeeval - [#1738][1738] Which function support custom search path - process also looks now at `env['PATH']` to find the path for the executable - [#1742][1742] New `baremetal` os to debug binaries executed with qemu-system-$(arch) - [#1757][1757] update cache directories - [#1758][1758] Remove eval from cli - [#1780][1780] Re-add Python2 to the official Dockerfile - [#1941][1941] Disable all Android tests, `pwnlib.adb` is no longer supported in CI - [#1811][1811] Remove unnecessary `pwn.toplevel.__all__` - [#1827][1827] Support `$XDG_CONFIG_HOME` dir for `pwn.conf` - [#1841][1841] Add colored_traceback - [#1839][1839] run_in_new_terminal now creates a runner script if given a list or tuple - [#1833][1833] Add pwnlib.filesystem module - [#1852][1852] Fix `atexit` on Python 3 [1261]: https://github.com/Gallopsled/pwntools/pull/1261 [1695]: https://github.com/Gallopsled/pwntools/pull/1695 [1735]: https://github.com/Gallopsled/pwntools/pull/1735 [1738]: https://github.com/Gallopsled/pwntools/pull/1738 [1742]: https://github.com/Gallopsled/pwntools/pull/1742 [1757]: https://github.com/Gallopsled/pwntools/pull/1757 [1758]: https://github.com/Gallopsled/pwntools/pull/1758 [1780]: https://github.com/Gallopsled/pwntools/pull/1780 [1941]: https://github.com/Gallopsled/pwntools/pull/1941 [1811]: https://github.com/Gallopsled/pwntools/pull/1811 [1827]: https://github.com/Gallopsled/pwntools/pull/1827 [1841]: https://github.com/Gallopsled/pwntools/pull/1841 [1839]: https://github.com/Gallopsled/pwntools/pull/1839 [1833]: https://github.com/Gallopsled/pwntools/pull/1833 [1852]: https://github.com/Gallopsled/pwntools/pull/1852 2021-04-30T16:14:29+00:00 pwntools 4.6.0beta0 pwntools 4.6.0beta0 2021-04-30T16:15:20+00:00 - [#1429][1429] Add a mechanism for ret2csu (originally #1138) - [#1566][1566] Add `ignore_config` argument to `pwnlib.tubes.ssh` and improve `allow_agent` implementation - [#1652][1652] Add `process.readmem` and `process.writemem` - [#1739][1739] Add/fix shellcraft.linux.kill() / shellcraft.linux.killparent() - [#1746][1746] Prefer Python3 over Python2 for spawning remote processes over SSH - [#1751][1751] Fix process() with executable relative to cwd - [#1753][1753] major change: less unconditional imports in pwnlib - [#1776][1776] mips: do not use $t0 temporary variable in dupio - [#1846][1846] support launching GDB in more different terminals [1429]: https://github.com/Gallopsled/pwntools/pull/1429 [1566]: https://github.com/Gallopsled/pwntools/pull/1566 [1652]: https://github.com/Gallopsled/pwntools/pull/1652 [1739]: https://github.com/Gallopsled/pwntools/pull/1739 [1746]: https://github.com/Gallopsled/pwntools/pull/1746 [1751]: https://github.com/Gallopsled/pwntools/pull/1751 [1753]: https://github.com/Gallopsled/pwntools/pull/1753 [1776]: https://github.com/Gallopsled/pwntools/pull/1776 [1846]: https://github.com/Gallopsled/pwntools/pull/1846 2021-04-30T16:15:20+00:00 seaweedfs 2.43 seaweedfs 2.43 2021-05-01T07:39:25+00:00 * FUSE Mount * Fix regression on data inconsistencies between multiple mounts #2038 * Handle random reads more memory efficient #2037 * S3 * authorization uses bucket wild cards #2030 * Minor * Volume server: `-minFreeSpace` option supports specific free space size #2025 * Do not compress on brotlii archives #2031, rar files #2032 2021-05-01T07:39:25+00:00 gopass v1.12.6 gopass v1.12.6 2021-05-01T18:06:00+00:00 ## 1.12.6 / 2021-05-01 * [BUGFIX] Do not recurse with a key (#1907, #1906) * [BUGFIX] Fix SSH control path (#1899, #1896) * [BUGFIX] Fix gopass env with subtrees (#1894, #1893) * [BUGFIX] Honor create -s flag (#1891) * [BUGFIX] Ignore commented values in gpg config (#1901, #1898) * [ENHANCEMENT] Add better usage instructions (#1912) 2021-05-01T18:06:00+00:00 org.quietmodem.Quiet v0.2.3 org.quietmodem.Quiet v0.2.3 2021-05-02T01:05:34+00:00 Use Voice Recognition preset to reduce processing applied to signal 2021-05-02T01:05:34+00:00 celery v5.1.0b2 celery v5.1.0b2 2021-05-02T13:32:41+00:00 2021-05-02T13:32:41+00:00 cti-stix-elevator v4.0.0 cti-stix-elevator v4.0.0 2021-05-02T21:37:10+00:00 The elevator and stepper are compliant with STIX 2.1 CS01 Python 3.5 is no longer supported. All compatibility code to support Python 2.7 has been removed (e.g., the six package) Major Changes - Support Extension feature described in section 7.3 of the specification - Support Incident as a specification SDO - Use handle_missing_properties method to encapsulate most extension/custom functionality - Handle related objects with no know STIX 2.1 relationship Other Changes - Handle ArchiveFile different for 2.0 vs 2.1 - email_message:message_id is only in 2.1 - Infer network-traffic protocol from extension type - Handle registry key in example where there is no hive property - Better handling of Sightings - Add object data marking to Relationships when appropriate based on the source and target references - Handle name and title properties of malware better Testing changes - Added testing for python 3.9 - Test for the ignore missing policy for STIX 2.1 2021-05-02T21:37:10+00:00 bitcoin v0.21.1 bitcoin v0.21.1 2021-05-03T01:33:04+00:00 Bitcoin Core version 0.21.1 is now available from: https://bitcoincore.org/bin/bitcoin-core-0.21.1/ For the release notes please see the git repository: https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-0.21.1.md Preferably use the above download link, not the links provided by GitHub to download the source tarball, as the release tarballs are generated deterministically whereas GitHub's are not. 2021-05-03T01:33:04+00:00 caddy v2.4.0-rc.1 caddy v2.4.0-rc.1 2021-05-03T18:02:07+00:00 This is a Release Candidate, meaning we think it's good enough to release but we want your help to make sure. It contains over 100 commits from the last stable release! Please report any bugs. If you're coming from v2.3, be sure to check the change logs from the previous pre-releases as well. ## Changelog a8d45277 caddyfile: Fix `import` replacing unrelated placeholders (#4129) 3401f91d caddyfile: Normalize line endings before comparing fmt result (#4103) 3903642a caddyfile: reject cyclic imports (#4022) d789596b caddyhttp: Implement better logic for inserting the HTTP->HTTPS redirs (#4033) 53ececda caddyhttp: performance improvement in HeaderRE Matcher (#4143) 1e218e1d caddytls: Add `load_storage` module (#4055) 42b7134f caddytls: Configurable storage clean interval 2250920e caddytls: Disable OCSP stapling for manual certs (#4064) 956f0116 caddytls: Implement remote IP connection matcher (#4123) e6f6d3a4 cmd: Add --envfile flag to `start` command (#4141) 3f6283b3 fileserver: Add status code override (#4076) 3a1e81db fileserver: Better handling of HTTP status override (#4132) 637fd8f6 fileserver: Share template logic for both `templates` and `file_server browse` (#4093) 00e12aa9 fuzz: fix the FuzzFormat comparison (#4117) efe84497 go.mod: CertMagic v0.13.1 66783eb4 go.mod: Update quic-go to v0.20.1 (#4075) ef7f15f3 httpcaddyfile: Add `auto_https ignore_loaded_certs` (#4077) 6e0e3e15 httpcaddyfile: Add global option for `storage_clean_interval` (#4134) 1455d6bb httpcaddyfile: Fix panic in automation policy consolidation (#4104) ff6ca577 httpcaddyfile: Fix unexpectedly removed policy (#4128) 96bb3659 httpcaddyfile: Take into account host scheme/port (fix #4113) 45fb7202 notify: Send all sd_notify signals from main caddy process (#4060) e4a22de9 reverseproxy: Add `handle_response` blocks to `reverse_proxy` (#3712) (#4021) 4d0474e3 reverseproxy: Admin endpoint for reporting upstream statuses (#4125) 90175571 reverseproxy: fix hash selection policy (#4137) 2021-05-03T18:02:07+00:00 redis 6.0.13 redis 6.0.13 2021-05-03T19:59:51+00:00 Upgrade urgency: SECURITY, Contains fixes to security issues that affect authenticated client connections. LOW otherwise. Integer overflow in STRALGO LCS command (CVE-2021-29477): An integer overflow bug in Redis version 6.0 or newer could be exploited using the STRALGO LCS command to corrupt the heap and potentially result in remote code execution. The integer overflow bug exists in all versions of Redis starting with 6.0. Integer overflow in COPY command for large intsets (CVE-2021-29478): An integer overflow bug in Redis 6.2 could be exploited to corrupt the heap and potentially result in remote code execution. The vulnerability involves changing the default set-max-intset-entries configuration value, creating a large set key that consists of integer values and using the COPY command to duplicate it. The integer overflow bug exists in all versions of Redis starting with 2.6, where it could result with a corrupted RDB or DUMP payload, but not exploited through COPY (which did not exist before 6.2). Bug fixes: * Cluster: Skip unnecessary check which may prevent failure detection (#8585) * Fix not starting on alpine/libmusl without IPv6 (#8655) Improvements: * Fix performance regression in BRPOP on Redis 6.0 (#8689) Modules: * Fix edge-case when a module client is unblocked (#8618) 2021-05-03T19:59:51+00:00 redis 6.2.3 redis 6.2.3 2021-05-03T20:01:58+00:00 Upgrade urgency: SECURITY, Contains fixes to security issues that affect authenticated client connections. LOW otherwise. Integer overflow in STRALGO LCS command (CVE-2021-29477): An integer overflow bug in Redis version 6.0 or newer could be exploited using the STRALGO LCS command to corrupt the heap and potentially result in remote code execution. The integer overflow bug exists in all versions of Redis starting with 6.0. Integer overflow in COPY command for large intsets (CVE-2021-29478): An integer overflow bug in Redis 6.2 could be exploited to corrupt the heap and potentially result in remote code execution. The vulnerability involves changing the default set-max-intset-entries configuration value, creating a large set key that consists of integer values and using the COPY command to duplicate it. The integer overflow bug exists in all versions of Redis starting with 2.6, where it could result with a corrupted RDB or DUMP payload, but not exploited through COPY (which did not exist before 6.2). Bug fixes that are only applicable to previous releases of Redis 6.2: * Fix memory leak in moduleDefragGlobals (#8853) * Fix memory leak when doing lazy freeing client tracking table (#8822) * Block abusive replicas from sending commands that could assert and crash redis (#8868) Other bug fixes: * Use a monotonic clock to check for Lua script timeout (#8812) * redis-cli: Do not use unix socket when we got redirected in cluster mode (#8870) Modules: * Fix RM_GetClusterNodeInfo() to correctly populate master id (#8846) 2021-05-03T20:01:58+00:00 mongotail 2.4.1 mongotail 2.4.1 2021-05-03T23:53:53+00:00 * Fix bug cause "aggregate" queries not be logged. * Minor rewording of the messages used when the user checks or changes the profiling level. 2021-05-03T23:53:53+00:00 turbinia 20210503 turbinia 20210503 2021-05-03T23:58:36+00:00 2021-05-03T23:58:36+00:00 syncthing v1.16.0 syncthing v1.16.0 2021-05-04T09:00:10+00:00 This release adds untrusted / encrypted devices for public testing. It should still be considered beta / testing-only. Bugfixes: - #7026: panic: key not found when repairing DB - #7379: "Warning, this path is a subdirectory of an existing folder" does not appear when editing only folder label - #7533: Remote completion on untrusted devices is incorrect - #7548: Upgrading syncthing-relaysrv to 1.15.0 fails in post-installation - #7551: QUIC: failed to determine receive buffer size: doesn't have a SyscallConn - #7557: Encrypted folder(s) on Windows reported as "Unexpected Objects" - #7568: panic: runtime error: slice bounds out of range [24:3] - #7584: Folder label missing from folder path when adding new folders Enhancements: - #109: Support for file encryption (e.g. non-trusted servers) - #3322: GUI "Out of sync" modal uses massive amounts of CPU in browser - #7520: Ask for confirmation before reverting/overriding a folder 2021-05-04T09:00:10+00:00 clair v4.1.0-alpha.3 clair v4.1.0-alpha.3 2021-05-04T14:34:44+00:00 <a name="unreleased"></a> ## [Unreleased] <a name="v4.1.0-alpha.3"></a> ## [v4.1.0-alpha.3] - 2021-05-04 ### Chore - [f3d64ff](https://github.com/quay/clair/commit/f3d64ffc3f3b8ebcf4d91d60117e8a268d840fd8): v4.1.0-alpha.3 changelog bump - [01c44cc](https://github.com/quay/clair/commit/01c44cc39dd5d5c644d6849dfe204a1ffd02bab8): update claircore revision ### Cicd - [4535b9f](https://github.com/quay/clair/commit/4535b9f41c310b3d590e2e0d8e3758d0d39d5105): changelog fixups ### Config - [1f9b565](https://github.com/quay/clair/commit/1f9b56577957ce28044b221af58b160328a671a2): validate based on combo mode or not ### Httptransport - [9e67501](https://github.com/quay/clair/commit/9e67501d818045749c4f263128b72e7cb6856bd1): fix LatestUpdateOperations method ### Notifier - [6d33153](https://github.com/quay/clair/commit/6d331530c7a8714a16d32ce3ca6e74ec8afc5184): check msg contents in integration tests - [cc4a10f](https://github.com/quay/clair/commit/cc4a10ffedfc2edaae229cd953b3602ca16da2ec): remove direct zerolog use ### Tests - [08734ab](https://github.com/quay/clair/commit/08734ab233457dc4bba1b071331f0c8024f6b4dd): fix small unit test race - [6e50ec2](https://github.com/quay/clair/commit/6e50ec2eec4eb50711ac48f14181e5a7ca075a70): add testing command - [1e92bd2](https://github.com/quay/clair/commit/1e92bd241ba42eec3cca6c8e983ba937caa23bd9): fix small race [Unreleased]: https://github.com/quay/clair/compare/v4.1.0-alpha.3...HEAD [v4.1.0-alpha.3]: https://github.com/quay/clair/compare/v4.1.0-alpha.2...v4.1.0-alpha.3 2021-05-04T14:34:44+00:00 snappy 1.1.9 snappy 1.1.9 2021-05-04T23:38:49+00:00 * Performance improvements. * Google Test and Google Benchmark are now bundled in third_party/. 2021-05-04T23:38:49+00:00 syncthing v1.16.1 syncthing v1.16.1 2021-05-05T07:52:01+00:00 This release corrects a `.deb` packaging issue only. Bugfixes: - #7628: upgrade with apt fails in post-inst script 2021-05-05T07:52:01+00:00 igraph 0.9.3 igraph 0.9.3 2021-05-05T10:55:41+00:00 ### Added - OpenMP is now enabled and used by certain functions (notably PageRank calculation) when the compiler supports it. Set `IGRAPH_OPENMP_SUPPORT=OFF` at configuration time to disable this. ### Fixed - `igraph_get_incidence()` no longer reads and writes out of bounds when given a non-bipartite graph, but gives a warning and ignores edges within a part. - `igraph_dyad_census()` no longer reports an overflow on singleton graphs, and handles loops and multigraphs correctly. Undirected graphs are handled consistently and will no longer give a warning. - `igraph_vector_lex_cmp()` and `igraph_vector_colex_cmp()` dereferenced their arguments only once instead of twice, and therefore did not work with `igraph_vector_ptr_sort()`. - `igraph_maximal_cliques_subset()` and `igraph_transitivity_barrat()` corrupted the error handling stack ("finally stack") under some circumstances. - CMake package files did not respect `CMAKE_INSTALL_LIBDIR`. This only affected Linux distributions which install into `lib64` or other locations instead of `lib`. - The parser sources could not be generated when igraph was in a location that contained spaces in its path. - igraph no longer links to the math library (`libm`) when this is not necessary. - `_CRT_SECURE_NO_WARNINGS` is now defined during compilation to enable compatibility with UWP. - Fixed a compilation issue on MSYS / MinGW when link-time optimization was enabled and the `MSYS Makefiles` CMake generator was used. Some source files in igraph were renamed as a consequence, but these should not affect users of the library. ### Deprecated - `igraph_rng_min()` is now deprecated; assume a constant zero as its return value if you used this function in your own code. ### Other - Updated the vendored CXSparse library to version 3.2.0 2021-05-05T10:55:41+00:00 wire-server v2021-05-04 wire-server v2021-05-04 2021-05-05T12:53:15+00:00 Intermediary release. See v2021-05-05. 2021-05-05T12:53:15+00:00 rocksdb v6.20.3 rocksdb v6.20.3 2021-05-06T00:53:37+00:00 ## 6.20.3 (05/05/2021) ### Bug Fixes * Fixed a bug where `GetLiveFiles()` output included a non-existent file called "OPTIONS-000000". Backups and checkpoints, which use `GetLiveFiles()`, failed on DBs impacted by this bug. Read-write DBs were impacted when the latest OPTIONS file failed to write and `fail_if_options_file_error == false`. Read-only DBs were impacted when no OPTIONS files existed. ## 6.20.2 (04/23/2021) ### Bug Fixes * Fixed a bug in handling file rename error in distributed/network file systems when the server succeeds but client returns error. The bug can cause CURRENT file to point to non-existing MANIFEST file, thus DB cannot be opened. * Fixed a bug where ingested files were written with incorrect boundary key metadata. In rare cases this could have led to a level's files being wrongly ordered and queries for the boundary keys returning wrong results. * Fixed a data race between insertion into memtables and the retrieval of the DB properties `rocksdb.cur-size-active-mem-table`, `rocksdb.cur-size-all-mem-tables`, and `rocksdb.size-all-mem-tables`. * Fixed the false-positive alert when recovering from the WAL file. Avoid reporting "SST file is ahead of WAL" on a newly created empty column family, if the previous WAL file is corrupted. ### Behavior Changes * Due to the fix of false-postive alert of "SST file is ahead of WAL", all the CFs with no SST file (CF empty) will bypass the consistency check. We fixed a false-positive, but introduced a very rare true-negative which will be triggered in the following conditions: A CF with some delete operations in the last a few queries which will result in an empty CF (those are flushed to SST file and a compaction triggered which combines this file and all other SST files and generates an empty CF, or there is another reason to write a manifest entry for this CF after a flush that generates no SST file from an empty CF). The deletion entries are logged in a WAL and this WAL was corrupted, while the CF's log number points to the next WAL (due to the flush). Therefore, the DB can only recover to the point without these trailing deletions and cause the inconsistent DB status. ## 6.20.0 (04/16/2021) ### Behavior Changes * `ColumnFamilyOptions::sample_for_compression` now takes effect for creation of all block-based tables. Previously it only took effect for block-based tables created by flush. * `CompactFiles()` can no longer compact files from lower level to up level, which has the risk to corrupt DB (details: #8063). The validation is also added to all compactions. * Fixed some cases in which DB::OpenForReadOnly() could write to the filesystem. If you want a Logger with a read-only DB, you must now set DBOptions::info_log yourself, such as using CreateLoggerFromOptions(). * get_iostats_context() will never return nullptr. If thread-local support is not available, and user does not opt-out iostats context, then compilation will fail. The same applies to perf context as well. ### Bug Fixes * Use thread-safe `strerror_r()` to get error messages. * Fixed a potential hang in shutdown for a DB whose `Env` has high-pri thread pool disabled (`Env::GetBackgroundThreads(Env::Priority::HIGH) == 0`) * Made BackupEngine thread-safe and added documentation comments to clarify what is safe for multiple BackupEngine objects accessing the same backup directory. * Fixed crash (divide by zero) when compression dictionary is applied to a file containing only range tombstones. * Fixed a backward iteration bug with partitioned filter enabled: not including the prefix of the last key of the previous filter partition in current filter partition can cause wrong iteration result. * Fixed a bug that allowed `DBOptions::max_open_files` to be set with a non-negative integer with `ColumnFamilyOptions::compaction_style = kCompactionStyleFIFO`. * Fixed a bug in handling file rename error in distributed/network file systems when the server succeeds but client returns error. The bug can cause CURRENT file to point to non-existing MANIFEST file, thus DB cannot be opened. * Fixed a data race between insertion into memtables and the retrieval of the DB properties `rocksdb.cur-size-active-mem-table`, `rocksdb.cur-size-all-mem-tables`, and `rocksdb.size-all-mem-tables`. ### Performance Improvements * On ARM platform, use `yield` instead of `wfe` to relax cpu to gain better performance. ### Public API change * Added `TableProperties::slow_compression_estimated_data_size` and `TableProperties::fast_compression_estimated_data_size`. When `ColumnFamilyOptions::sample_for_compression > 0`, they estimate what `TableProperties::data_size` would have been if the "fast" or "slow" (see `ColumnFamilyOptions::sample_for_compression` API doc for definitions) compression had been used instead. * Update DB::StartIOTrace and remove Env object from the arguments as its redundant and DB already has Env object that is passed down to IOTracer::StartIOTrace * Added `FlushReason::kWalFull`, which is reported when a memtable is flushed due to the WAL reaching its size limit; those flushes were previously reported as `FlushReason::kWriteBufferManager`. Also, changed the reason for flushes triggered by the write buffer manager to `FlushReason::kWriteBufferManager`; they were previously reported as `FlushReason::kWriteBufferFull`. * Extend file_checksum_dump ldb command and DB::GetLiveFilesChecksumInfo API for IntegratedBlobDB and get checksum of blob files along with SST files. ### New Features * Added the ability to open BackupEngine backups as read-only DBs, using BackupInfo::name_for_open and env_for_open provided by BackupEngine::GetBackupInfo() with include_file_details=true. * Added BackupEngine support for integrated BlobDB, with blob files shared between backups when table files are shared. Because of current limitations, blob files always use the kLegacyCrc32cAndFileSize naming scheme, and incremental backups must read and checksum all blob files in a DB, even for files that are already backed up. * Added an optional output parameter to BackupEngine::CreateNewBackup(WithMetadata) to return the BackupID of the new backup. * Added BackupEngine::GetBackupInfo / GetLatestBackupInfo for querying individual backups. * Made the Ribbon filter a long-term supported feature in terms of the SST schema(compatible with version >= 6.15.0) though the API for enabling it is expected to change. 2021-05-06T00:53:37+00:00 onionshare v2.3.2.dev1 onionshare v2.3.2.dev1 2021-05-06T03:41:30+00:00 This is a pre-release for testing and for translators. Documentation for version 2.3.2.dev1 is [here](https://docs.onionshare.org/2.3.2/en/). Specifically check these new/updated sections: - [Receive Files and Message](https://docs.onionshare.org/2.3.2/en/features.html#receive-files-and-messages) - [Custom Titles](https://docs.onionshare.org/2.3.2/en/advanced.html#custom-titles) Windows installer: `OnionShare-2.3.2.dev1.msi` macOS installer: `OnionShare-2.3.2.dev1.dmg` To install in Linux: `snap install --devmode ~/Downloads/onionshare_2.3.2.dev1_amd64.snap` 2021-05-06T03:41:30+00:00 bcc v0.20.0 bcc v0.20.0 2021-05-06T04:32:22+00:00 * Support for kernel up to 5.12 * Some basic support for MIPS * added bpf_map_lookup_batch and bpf_map_delete_batch support * tools/funclatency.py support nested or recursive functions * tools/biolatency.py can optionally print out average/total value * fix possible marco HAVE_BUILTIN_BSWAP redefine warning for kernel >= 5.10. * new tools: virtiostat * new libbpf-tools: ext4dist * doc update and bug fixes 2021-05-06T04:32:22+00:00 wire-server v2021-05-05 wire-server v2021-05-05 2021-05-06T11:44:51+00:00 ## Features - [brig] New option to use a random prekey selection strategy to remove DynamoDB dependency (#1416, #1476) - [brig] Ensure servant APIs are recorded by the metrics middleware (#1441) - [brig] Add exact handle matches from all teams in /search/contacts (#1431, #1455) - [brig] CSV endpoint: Add columns to output (#1452) - [galley] Make pagination more idiomatic (#1460) - [federation] Testing improvements (#1411, #1429) - [federation] error reporting, DNS error logging (#1433, #1463) - [federation] endpoint refactoring, new brig endpoints, servant client for federated calls, originDomain metadata (#1389, #1446, #1445, #1468, #1447) - [federation] Add federator to galley (#1465) - [move-team] Update move-team with upstream schema changes #1423 ## Bug fixes and other updates - [security] Update webapp container image tag to address CVE-2021-21400 (#1473) - [brig] Return correct status phrase and body on error (#1414) … - [brig] Fix FromJSON instance of ListUsersQuery (#1456) - [galley] Lower the limit for URL lengths for galley -> brig RPC calls (#1469) - [chores] Remove unused dependencies (#1424) … - [compilation] Stop re-compiling nginz when running integration test for unrelated changes - [tooling] Use jq magic instead of bash (#1432), Add wget (#1443) - [chores] Refactor Dockerfile apk installation tasks (#1448) - [tooling] Script to generate token for SCIM endpoints (#1457) - [tooling] Ormolu script improvements (#1458) - [tooling] Add script to colourise test failure output (#1459) - [tooling] Setup for running tests in kind (#1451, #1462) - [tooling] HLS workaround for optimisation flags (#1449) ## Documentation - [docs] Document how to run multi-backend tests for federation (#1436) - [docs] Fix CHANGELOG: incorrect release dates (#1435) - [docs] Update release notes with data migration for SCIM (#1442) - [docs] Fixes a k8s typo in the README (#1475) - [docs] Document testing strategy and patterns (#1472) 2021-05-06T11:44:51+00:00 nfdump v1.6.23 nfdump v1.6.23 2021-05-06T15:56:14+00:00 - Fix potential FreeNode without valid Node in nfpcapd. - Add all non TCP/UDP IP protocols as streams in nfpcapd - Add mpls unwrap in nfpcapd. Skip MPLS labels - Add ESP to processed protocols in nfpcapd. - Some Code cleanup - Change spin lock to native C11 lock - Cleanup code for issue #283 - Fix minor nfpcapd issues - Add mpls unwrap in sflow code - adds mpls labels if available - Update rbtree. - Fix potential deadlock in nfpcapd if it terminates. - Add packet capture buffer size to nfpcapd - Fix sflow code extended field parsing. #262 and #273 - Fix endless loop of nfexpire, if it does not find files - Fix processing deoding error for yaf exporter - Zero out tcp flags for non TCP records - Add reverse element enterprise ID 29305 for counter values - Add biFlow direction element 239 - Add flow end reason element 136 - Make -Tall the default for nfcapd to collect extensions - Code cleanup and boundary checks in option template processing - Implement element 160 (SystemInitTime) in option template - Add Element 160 (SystemInitTime) in flow record used by Huawei - Fix path handling for -l <dir> - Fix print plain numbers #263 2021-05-06T15:56:14+00:00 openlibrary deploy-2021-05-06 openlibrary deploy-2021-05-06 2021-05-06T19:23:53+00:00 General: - @mekarpeles Exempt trusted-users from recaptcha (#4998) - @lephemere Correct pagination when results multiple of 20 (#5054) - @lephemere a11y: Library Explorer accessibility/Enable keyboard navigation on floating controls panel (#5044) - @hornc Use the specific `{{cite book` Wikipedia template for citations (#5106) - @Sabreen-Parveen Add may collection to homepage (#5112) - @dcapillae Expanded Spanish translation of the website (#5113) - @ma8642 Fix set div padding to 0 to remove stats graph underline tail (#5110) - @jamesachamp [beta] Observation statistics component improvements (#5139) Dev: - @cdrini Small tweaks to deploy scripts (#5107) - @RayBB Refactor: Remove inline js for user edit page (#5095) - @CliftonMcCallum Refactor: Moves inline JS from check.html to index.js (#4661) - @cdrini Switch to Python 3.9 as default! (#5050) - @lephemere Add i18n support to search/inside template (#5137) - @lephemere Improve i18n support on templates (#5124) - @lephemere Hotfix/JS error from index.js (#5125) - @cdrini Fix update_work bug with solr8 (#5129) Dependencies: - @dependabot[bot] Bump eslint-plugin-vue from 7.8.0 to 7.9.0 (#5117) - @dependabot[bot] Bump stylelint from 13.12.0 to 13.13.1 (#5116) - @dependabot[bot] Bump babel from 2.9.0 to 2.9.1 (#5122) - @dependabot[bot] Bump httpx from 0.17.1 to 0.18.1 (#5123) Stats: - PR Authors: @lephemere (5), @cdrini (3), @CliftonMcCallum (1), @RayBB (1), @Sabreen-Parveen (1), @dcapillae (1), @hornc (1), @jamesachamp (1), @ma8642 (1), @mekarpeles (1) - PR Assignees: @cdrini (9), @jdlrobson (6), @mekarpeles (4) Full diff: https://github.com/internetarchive/openlibrary/compare/deploy-2021-04-28...deploy-2021-05-06 PRs: [is:pr is:merged merged:2021-04-28T23:39:46Z..2021-05-06T19:05:48Z sort:updated-asc](https://github.com/internetarchive/openlibrary/pulls?q=is%3Apr%20is%3Amerged%20merged%3A2021-04-28T23%3A39%3A46Z..2021-05-06T19%3A05%3A48Z%20sort%3Aupdated-asc) 2021-05-06T19:23:53+00:00 netbox v2.11.3 netbox v2.11.3 2021-05-07T14:21:01+00:00 ## Enhancements * [#6197](https://github.com/netbox-community/netbox/issues/6197) - Introduced `SESSION_COOKIE_NAME` config parameter * [#6318](https://github.com/netbox-community/netbox/issues/6318) - Add OM5 MMF cable type * [#6351](https://github.com/netbox-community/netbox/issues/6351) - Add aggregates count to tenant view * [#6359](https://github.com/netbox-community/netbox/issues/6359) - Enable custom links for organizational and nested group models ## Bug Fixes * [#6240](https://github.com/netbox-community/netbox/issues/6240) - Fix display of available VLAN ranges under VLAN group view * [#6308](https://github.com/netbox-community/netbox/issues/6308) - Fix linking of available VLANs in VLAN group view * [#6309](https://github.com/netbox-community/netbox/issues/6309) - Restrict parent VM interface assignment to the parent VM * [#6312](https://github.com/netbox-community/netbox/issues/6312) - Interface device filter should return all virtual chassis interfaces only if device is master * [#6313](https://github.com/netbox-community/netbox/issues/6313) - Fix device type instance count under manufacturer view * [#6321](https://github.com/netbox-community/netbox/issues/6321) - Restore "add an IP" button under prefix IPs view * [#6333](https://github.com/netbox-community/netbox/issues/6333) - Fix filtering of circuit terminations by primary key * [#6339](https://github.com/netbox-community/netbox/issues/6339) - Improve ordering of interfaces when viewing virtual chassis master * [#6350](https://github.com/netbox-community/netbox/issues/6350) - Include first & last IP addresses when allocating available IPv6 addresses via the REST API * [#6355](https://github.com/netbox-community/netbox/issues/6355) - Fix caching error when swapping A/Z circuit terminations * [#6357](https://github.com/netbox-community/netbox/issues/6357) - Fix ProviderNetwork nested API serializer * [#6363](https://github.com/netbox-community/netbox/issues/6363) - Correct pre-population of cluster group when creating a cluster * [#6369](https://github.com/netbox-community/netbox/issues/6369) - Fix interface assignment for VLANs in non-scoped groups 2021-05-07T14:21:01+00:00 chipsec 1.6.2 chipsec 1.6.2 2021-05-07T22:23:01+00:00 __New or Updated Modules/UtilCmds:__ * `common.sgx_check` - Update missed formatting changes * `common.uefi.access_uefispec` - Get rid of call to ord(), delete unreferenced lists, print error message only if ro_concern is not empty, try to modify other variables as well and fix status code check for set_EFI_variable * `module_common` - Update BaseModule methods * `modules.tools.uefi.uefivar_fuzz` - Add bytes support to uefivar_fuzz.py * `tools.smm.smm_ptr` - Fix smm_ptr.py sig bytearray * `utilcmd.interrupts_cmd` - Fix payload reading for smi_smmc * `utilcmd.mmio_cmd` - General Flake8 formatting cleanup and add partial MMIO region dump * `utilcmd.pci_cmd` - Remove underscores that are no longer needed __New or Updated Configurations:__ * `8086/common` - Switch to MEI1 device definition * `8086/pch_4xx` - PCH 4xx series updates * `8086/pch_4xxh` - PCH 4xx series updates * `8086/pch_4xxlp` - PCH 4xx series updates __Removed Modules:__ * None __Additional Changes:__ * `.travis.yaml` - Change xenial to newer distros * `chipsec.chipset` - Update functions to display register in verbose mode, update for issue #761 and add changes to enable consistancy checking * `chipsec.defines` - Improve winhelper.py py3 str handling * `chipsec.hal.iobar` - Add changes to enable consistancy checking * `chipsec.hal.mmio` - Add changes to enable consistancy checking * `chipsec.hal.spi_uefi` - Update spi_uefi.py to handle the corrupted GUID * `chipsec.hal.spi` - Fix hal.spi bytearray verbose print * `chipsec.hal.tpm_eventlog` - Remove stray backslash from the URL for TCG EFI Platform Specification * `chipsec.helper.linux.linuxhelper` - Change tostring to tobytes, add one additional status_dict and other minor improvements * `chipsec.helper.win.win32helper` - Improve winhelper.py py3 str handling * `chipsec.logger` - Update to prefer WConio2 over the original WConio * `tests.software.cs` - Update to always close the temporary log file when a test fails * `tests.software.test_tpm_eventlog` - Generate 12-byte fake TPM event in EFIFirmwareBlob test * `tests.software.util` - Update to always close the temporary log file when a test fails __Additional Notes:__ * __For Windows users, please rebuild your windows driver as updates have been made.__ * __For Windows, Linux and MacOS: Python2 support has been deprecated as of June 2020. Please use Python3.__ * Any modules under the `modules.tools` directory have not yet been fully validated to work with Python3. __New Module Details:__ Module Name | Supported Platforms | Flags :---: | :---: | :---: 2021-05-07T22:23:01+00:00 rtl_433 21.05 rtl_433 21.05 2021-05-09T10:42:50+00:00 ### Highlights - Last release to support Autotools (autoconf, automake) builds (#1644) - Last release to offer "oldmodel" keys (deprected since 2020) - Added Github Release builds for Windows - Added GPSd tags option (#1636) - Added optional TLS support to MQTT (#1633) - Added OpenSSL support for influxs TLS (#1569) - Added support for ELK-319DWM, Alula RE101 to Interlogix (#1711) - Added conf for Tesla charge port opener (#1704) - Added support for Hyundai-VDO TPMS (#1643) - Added support for TX25U dual channel temp sensor - Added support for Honeywell CM921/BDR91/Evohome (#1336) - Added support for Auriol AFT 77 B2 - Added support for Auriol AHFL (#1683) - Added support for Bresser Professional Rain Gauge (#1676) - Added support for TFA Marbella pool thermometer (#1675) - Added support for Amazon Basics Meat Thermometer (#1671) - Added support for Owl 180i support - Added support for Jansite TPMS Model Solar (#1663) - Added support for Cavius alarms (#1648) - Added support for Security plus v1 (#1483) - Added conf for Skylink HA-434TL motion sensor (s.a. #814) - Added support for Burnhard BBQ thermometer (#1624) - Added support for wmbus water meter Maddalena (#1610) - Added conf for ATC Technology LMT-430 (#1600) - Added support for Blueline PowerCost Monitor - Added conf for FAN-53T (#1588) - Added support for Acurite 515 fridge/freezer sensors (#1579) - Added support for TelFix-RadioLoop (#1571) - Added conf for Salus RT300RF thermostat, Heatmiser PRT-W thermostat (#1573) ### Changed - Added Release build workflow - Added pressure_kPa key for HA (#1712) - Added support for ELK-319DWM, Alula RE101 to Interlogix (closes #1711) - Fixed and style Honeywell CM921 - Added option to set force_update for all sensors (#1695) - Added Tesla charge port opener decoder conf (#1704) - Added battery flags to Bresser 7in1 (closes #1703) - Fixed Hyundai-VDO TPMS - Added Hyundai-VDO TPMS (#1643) - Added X10 Dim, Bright, All Lights ON, and All Off commands (#1687) - Added support for TX25U dual channel temp sensor - Fixed code warnings - Fixed code style - Added forgotten id - Added Honeywell CM921/BDR91/Evohome decoder (#1336) - Added Auriol AFT 77 B2 protocol decoder - Fixed Holman-WS5029 rain count (#1686) - Fixed explanation of supposed PM10 (estimated) value (#1678) - Added support for Auriol AHFL protocol (#1683) - Fixed PSI calculation for Ford TPMS - Added support for higher pressure range in Ford TPMS - Fixed secplus_v1 endless loop (closes #1662) - Fixed secplus_v1 overflow - Added support for some Ecowitt WH41 sensor signals - Added comment regarding PM10 readings in the FineOffset WH0290 decoder - Added support for Bresser Professional Rain Gauge (#1676) - Added TFA Marbella pool thermometer protocol decoder (#1675) - Added Amazon Basics Meat Thermometer decoder (#1671) - Fixed exit if http server can't start - Fixed missing sdr_stop for WIN32 - Added Owl 180i support - Added website and sensor specifications for Jansite TPMS Model Solar (#1666) - Added decoder for jansite solar tpms (#1663) - Added Ford TPMS pressure and temperature (closes #1654) - Fixed http redirect to index for Chrome - Added support for Cavius alarms (#1648) - Added mqtt token slash accepts any character - Added variable fm low pass filter option - Added support for Security plus v1 (#1483) - Added GPSd tags option (#1636) - Added FineOffset WH0290 extra fields (#1639) - Fixed Hideki Gust speed by Udo Kirsten - Added option for multiple data tags - Added optional TLS support to MQTT (closes #1633) - Added OpenSSL support for influxs TLS (closes #1569) - Added LaCrosse TX141TH-Bv2 checksum - Changed rain field format for WS2032 - Added m_bus decoded values + HCA (#1630) - Changed battery_ok, rain field for WS2032 - Fixed m_bus Show invalid dates as invalid (#1628) - Fixed mqtt retain on hass script (#1602) - Added Skylink HA-434TL motion sensor conf (s.a. #814) - Added support for Burnhard BBQ thermometer (#1624) - Added TFA 30.3208.02 note (closes #1622) - Added raw pulse printing mode - Added support for parsing timedate in wbus (#1616) - Added Battery Level for Fineoffset WH0290 Wireless Air Quality Monitor (#1617) - Fixed Blueline tweaks and improvements (#1590) - Added support for wmbus water meter Maddalena (#1610) - Changed soil moisture to percent display (#1595) - Added ATC Technology LMT-430 conf (#1600) - Fixed buffer length in honeywell (#1598) - Fixed buffer size error (#1596) - Fixed FineOffset WH1050 field widths (#1592) - Added support for Blueline PowerCost Monitor - Added FAN-53T decoder conf (#1588) - Added support for Acurite 515 fridge/freezer sensors (#1579) - Fixed invalid HASS "weather" device_class (#1548) - Fixed rtlsdr_read_async() abort on read stall (closes #1581) - Fixed rtlsdr_set_freq_correction non-error code - Added support for UV index and light intensity readings in Cotech (#1575) - Fixed false positive bug in Nexus (closes #1576) - Added support for TelFix-RadioLoop to Somfy (closes #1571) - Added Thermostat example conf files with mqtt outputs (#1573) - Added lacrosse decoder sanity checks 2021-05-09T10:42:50+00:00 pcileech v4.9 pcileech v4.9 2021-05-09T12:58:20+00:00 * Bug fixes. * Signature updates. * Better support for recent x64 Linux kernels (Ubuntu 21.04). * Unmount of monted driver when CTRL+C pressed. 2021-05-09T12:58:20+00:00 uBlock 1.35.3b0 uBlock 1.35.3b0 2021-05-09T15:57:28+00:00 [Commits to master since this release](https://github.com/gorhill/uBlock/compare/1.35.3b0...master) To install the developer build: - **Firefox**: Click [uBlock0_1.35.3b0.firefox.signed.xpi](https://github.com/gorhill/uBlock/releases/download/1.35.3b0/uBlock0_1.35.3b0.firefox.signed.xpi). - [uBO works best on Firefox](https://github.com/gorhill/uBlock/wiki/uBlock-Origin-works-best-on-Firefox). - **Chromium**: Install from the Chrome Web Store (CWS): <https://chrome.google.com/webstore/detail/ublock-origin-dev-build/cgbcahbpdhpcegmbfconppldiemgcoii>. - **Thunderbird**: Download [uBlock0_1.35.3b0.thunderbird.xpi](https://github.com/gorhill/uBlock/releases/download/1.35.3b0/uBlock0_1.35.3b0.thunderbird.xpi), then drag-n-drop it into Thunderbird's _Add-ons Manager_ pane (Thunderbird 65+ required) --- ## Notable commits without en entry in the issue tracker - [Keep reporting last time "out of date" lists were updated](https://github.com/gorhill/uBlock/commit/d0e4c60f59201217cfa7c04d65f20af46f75da69) - [Fix improper hashing of rules in classic popup panel](https://github.com/gorhill/uBlock/commit/1f8a67f40eb7293dcb8f4eba9a21cc122dc0d0eb) 2021-05-09T15:57:28+00:00 asciidoctor-pdf v1.6.0 asciidoctor-pdf v1.6.0 2021-05-10T09:18:27+00:00 ## Summary This is special major release of Asciidoctor PDF before transitioning to semantic versioning. The purpose of this release is to make Asciidoctor PDF compatible with Ruby 3 (in advance of the Asciidoctor PDF 2.0.0 release). As part of that upgrade, this release drops support for Ruby < 2.5 (which also means JRuby < 9.2). It also drops support for Asciidoctor < 2. In order to get the full CI matrix running, support for controlling the location of the `gs` command using the `GS` environment variable was backported to this release. As part of removing patches to support Ruby < 2.5, the fix to not hyphenate a hyphen was also backported. The Asciidoctor PDF 1.5.x release line does not work on Ruby 3 because the version of Prawn it depends on cannot be installed on Ruby 3. And it's not possible to upgrade Prawn in that release line since newer versions of Prawn dropped support for Ruby < 2.5. Since that upgrade constitutes a major breaking change, we've decided to create a 1.6.x release line. Since Asciidoctor PDF isn't yet using semantic versioning, this is considered a major release. As part of upgrading Prawn, this release also upgrades prawn-svg, prawn-icon, and ttfunk. Those upgrades bring in additional enhancements. For example, the ttfunk upgrade adds partial support for OTF fonts. The prawn-svg upgrade adds support for loading embedded images from a data URI. And the prawn-icon upgrade brings in a newer version of Font Awesome (5.15.1). ## Distribution - [RubyGem (asciidoctor-pdf)](https://rubygems.org/gems/asciidoctor-pdf) ## Changelog **Enhancements** * allow path of ghostscript command to be controlled using `GS` env var (#1791) **Bug Fixes** * do not hyphenate a hyphen when hyphenation is enabled (#1562) **Compliance** * add support for Ruby 3 and drop support for Ruby < 2.5 and JRuby < 9.2 (#1681) * upgrade to Prawn 2.4.0 (adds support for Ruby 3) * upgrade to prawn-svg 0.32 (adds support for Ruby 3 without a patch and for loading embedded images from a data URI) * upgrade to prawn-icon 3.0.x * release lock on ttfunk version (1.6 produces slightly different output from 1.5 for certain missing glyphs) * drop support for Asciidoctor < 2 (#1552) **Build / Infrastructure** * run tests against pygments.rb 2.x in addition to pygments.rb 1.2.0 ## Release meta Released on: 2021-05-10 Released by: @mojavelinux Release beer: Sun Reaper by Toppling Goliath Logs: [full diff](https://github.com/asciidoctor/asciidoctor-pdf/compare/v1.5.4...v1.6.0) ## Credits A very special thanks to all the **awesome** [supporters of the Asciidoctor OpenCollective campaign](https://opencollective.com/asciidoctor) who provided critical funding for the development of this release as well as ongoing development of the project. 2021-05-10T09:18:27+00:00 testssl.sh 3.0.5 testssl.sh 3.0.5 2021-05-10T11:55:19+00:00 Another maintenance release of the stable branch 3.0 with the following changes: * Fix off by one error in HSTS (now: 180 instead of 179 days) * Fix minor output inconsistency in JSON output (Chad) * Improve compatibility for OpenSSL 3.0 (David Cooper) * Fix localization issue for ciphers where e.g. in Swedish W is being treated as a variant of V so that the W in ``TLS_ECDHE_RSA_WITH*`` didn't match the bash pattern * Fixes in file ``openssl-iana.mapping.html`` (Elfranne) * Fix quoting for CVE+JSON output in ``run_heartbleed()`` * Fix trailing dot issue in hostnames * Fix improper proper halving of the dates for Let's Encrypt certificates * Documentation update for docker Details see git log. 2021-05-10T11:55:19+00:00 maltrail 0.32 maltrail 0.32 2021-05-10T12:35:49+00:00 Start-of-month release 2021-05-10T12:35:49+00:00 MONARC v2.10.3 MONARC v2.10.3 2021-05-10T15:51:29+00:00 ### New - Implement the UI language management ([#318](https://github.com/monarc-project/MonarcAppFO/issues/318)) - Implementation of the library objects import and assets export from/to MOSP ([#320](https://github.com/monarc-project/MonarcAppFO/issues/320)) - Possibility to export items from the Knowledge Base ([#321](https://github.com/monarc-project/MonarcAppFO/issues/321)) - Send MONARC version to Stats Service ([#341](https://github.com/monarc-project/MonarcAppFO/issues/341)) ### Fix - [Front Office] export of measure related to "amvs" stoped working since v2.10.1 ([#340](https://github.com/monarc-project/MonarcAppFO/issues/340)) ### Enhancement - Improve the import speed of analyses and instances (*partially done*). ([#248](https://github.com/monarc-project/MonarcAppFO/issues/248)) 2021-05-10T15:51:29+00:00 python_api v2.4.0 python_api v2.4.0 2021-05-10T16:43:34+00:00 #### Enhancements: - Early implementation of exception handling for SSL properties; analyzer. AnalyzerError now available as a base exception type. - SSL certs will now populate their own `ip` property, accessing the SSL history API when needed to fill in the details. - New `iphistory` property of SSL certs to support the `ip` property and give direct access to the historial results. - Used the `tldextract` Python library to expose useful properties on Hostname objects such as `tld`, `registered_domain`, and `subdomain` - Change default days back for date-aware searches to 90 days (was 30) - Reject IPs as strings for Hostname objects - Ensure IPs are used when instantiating IPAddress objects - Defang hostnames (i.e. `analyzer.Hostname('api[.]riskiq[.]net')` ) - Support for Articles as a property of Hostnames and IPs, with autoloading for detailed fields including indicators, plus easy access to a list of all articles directly from `analyzer.AllArticles()` - Support for Malware as a property of Hostnames and IPs - Better coverage of pretty printing and dictionary representation across analyzer objects. #### Bug Fixes: - Exception handling when no details found for an SSL certificate. - Proper handling of None types that may have prevented result caching 2021-05-10T16:43:34+00:00 OpenWPM v0.15.0 OpenWPM v0.15.0 2021-05-10T18:55:04+00:00 This release reenables the support for stateful crawling. Updates OpenWPM to Firefox 88 For more details see the [CHANGELOG.md](https://github.com/mozilla/OpenWPM/blob/6a40b9460b09b183c6fcc395332d2c1649f48ef4/CHANGELOG.md) 2021-05-10T18:55:04+00:00 caddy v2.4.0 caddy v2.4.0 2021-05-10T20:07:36+00:00 Caddy v2.4.0 is our first stable release of 2021, ushering in over 110 patches including new features and bug fixes. Thank you to the many contributors who helped make this possible! Highlights: - **Secure remote management.** You can now [enable secure remote access](https://caddyserver.com/docs/json/admin/remote/) to Caddy's [admin API](https://caddyserver.com/docs/api)! It uses TLS mutual authentication, and you can even define permissions for different users. PR #3994 - **Config pull at start.** Caddy can be configured to [load a different config at startup](https://caddyserver.com/docs/json/admin/config/load/). This is useful if your config is federated through a separate system that doesn't have the ability to push configs to Caddy. This feature is modular, so configurations can be loaded different ways! PR #3994 - **Server identity management.** Caddy can [automatically manage its own server identity certificate](https://caddyserver.com/docs/json/admin/identity/), which can be used when negotiating TLS connections with peers. This is required when enabling the secure admin API. PR #3994 - **Self-upgrade command.** The [new `caddy upgrade` command](https://caddyserver.com/docs/command-line#caddy-upgrade) will replace the current Caddy binary with an upgraded one from our website, with all the same modules installed, including third-party plugins that are registered on our site! (We can use this code to add/remove modules later, too.) - **Configure other apps from the HTTP Caddyfile.** The global options block of the Caddyfile now allows configuration of Caddy apps other than HTTP (for example, [dynamic_dns](https://github.com/mholt/caddy-dynamicdns) to keep DNS records pointed at your server with a dynamic IP address). - **Caddyfile `fmt` lint check.** When running with a Caddyfile, Caddy will emit a warning if the Caddyfile is not formatted with `caddy fmt`. - **New `abort` directive.** [The `abort` directive](https://caddyserver.com/docs/caddyfile/directives/abort) is a special case of the `static_response` HTTP handler that _prevents_ an HTTP response by aborting the handler chain immediately and forcefully closing the connection. - **New `error` directive.** [The `error` directive](https://caddyserver.com/docs/caddyfile/directives/error) returns internal error values in the HTTP handler chain, as if an HTTP error had occurred, causing your error routes to be invoked. - **Configure response interception from Caddyfile.** The reverse_proxy is capable of intercepting responses from the backend, and [now this is exposed in the Caddyfile with `handle_response`](https://caddyserver.com/docs/caddyfile/directives/reverse_proxy#intercepting-responses). - **Better `caddy list-modules` output.** Now modules are organized by standard and non-standard modules, so you can easily see if a Caddy build has been customized. - **Configure logging from Caddyfile.** The process logs can now be [configured from the global options](https://caddyserver.com/docs/caddyfile/options#log) of the Caddyfile. - **Better content negotiation.** [The file server can now be configured](https://caddyserver.com/docs/modules/http.handlers.file_server#precompressed) to serve precompressed sidecar files, and content encoding preferences are better configured and honored. - **Dark mode in directory listings.** The file server's "browse" file listings now has a dark mode. - **:warning: Removed the `logfmt` log encoder.** It was broken anyways, and its deprecation has been warned in previous releases. - **:warning: Deprecated `common_log` format.** It will be removed in a future release. Issue #4148 - **:warning: Deprecated `health_path` in `reverse_proxy` directive.** It has been replaced with `health_uri` and will be removed in the future. - **Numerous bug fixes and improvements.** Thanks for the detailed, helpful bug reports! We appreciate your collaboration in making Caddy better. ## New content for sponsors I've started writing high-quality, in-depth chatpers about how to get the most out of Caddy in my new [Expert Caddy](https://matt.life/expert-caddy) series, exclusively for sponsors! If you or your company are sponsoring, you can have access to this content, which I'll continue adding to over time. If you aren't sponsoring yet, [please do so](https://github.com/sponsors/mholt)! Sponsorships fund my full-time development of Caddy, and that's especially vital if your business relies on Caddy. ## Changelog (since RC 1) For a detailed list of all commits since v2.3.0, please refer to prior pre-release changelogs. bc221024 caddyfile: Fix `caddy fmt` nesting not decrementing (#4157) d4b2f1bc caddyhttp: Fix fallback for the error handler chain (#4131) 61642b76 caddytls: Run replacer on ask URL, for env vars (#4154) 77764714 encode: Default to order the formats are enabled for `prefer` in Caddyfile (#4151) f5db41ce encode: Drop `prefer` from Caddyfile (#4156) 74f5d66c fileserver: Fix `file` matcher with empty `try_files` (#4147) 3cf443f0 httpcaddyfile: Add `grace_period` global option (#4152) a17c3b56 reverseproxy: Minor logging improvements 2021-05-10T20:07:36+00:00 seaweedfs 2.45 seaweedfs 2.45 2021-05-10T20:54:34+00:00 * FUSE mount * temporary reverting from temp file upload (2.44) back to in memory write and upload 2021-05-10T20:54:34+00:00 cytoscape.js v3.19.0 cytoscape.js v3.19.0 2021-05-10T22:32:20+00:00 2021-05-10T22:32:20+00:00 syncthing v1.17.0-rc.1 syncthing v1.17.0-rc.1 2021-05-11T09:23:03+00:00 This release deprecates TLS 1.2 for sync connections; other side should be Syncthing 1.3.0 or newer, or see [insecureAllowOldTLSVersions](https://docs.syncthing.net/advanced/option-insecure-allow-old-tls-versions.html). Bugfixes: - #7592: Web UI doesn't handle long machine names well - #7593: ChaCha priority detection logic broken - #7608: Files ignored on one remote do not get synced Enhancements: - #7580: Improve logging for service failures - #7594: Consider removing support for TLS <1.3 on sync connections - #7600: Fast connect to new devices following config update - #7636: Improve QUIC performance 2021-05-11T09:23:03+00:00 lynis 3.0.4 lynis 3.0.4 2021-05-11T09:30:29+00:00 ## Lynis 3.0.4 (2021-05-11) ### Added - ACCT-9670 - Detection of cmd tooling - ACCT-9672 - Test cmd configuration file - BOOT-5140 - Check for ELILO boot loader presence - OS detection of AlmaLinux, Garuda Linux, Manjaro (ARM), and others ### Changed - BOOT-5104 - Add service manager detection support for runit - FILE-6430 - Report suggestion only when at least one kernel module is not in the blacklist - FIRE-4540 - Corrected nftables empy ruleset test - LOGG-2138 - Do not check for klogd when metalog is being used - TIME-3185 - Improved support for Debian stretch - Corrected issue when Lynis is not executed directly from lynis directory 2021-05-11T09:30:29+00:00 syncthing v1.17.0-rc.2 syncthing v1.17.0-rc.2 2021-05-11T12:50:49+00:00 This release deprecates TLS 1.2 for sync connections; other side should be Syncthing 1.3.0 or newer, or see [insecureAllowOldTLSVersions](https://docs.syncthing.net/advanced/option-insecure-allow-old-tls-versions.html). Bugfixes: - #7592: Web UI doesn't handle long machine names well - #7593: ChaCha priority detection logic broken - #7608: Files ignored on one remote do not get synced Enhancements: - #7580: Improve logging for service failures - #7594: Consider removing support for TLS <1.3 on sync connections - #7600: Fast connect to new devices following config update - #7636: Improve QUIC performance 2021-05-11T12:50:49+00:00 monarc-stats-service v0.4.0 monarc-stats-service v0.4.0 2021-05-11T14:38:53+00:00 ### Notable changes - redesigned the *Current Cybersecurity Landscape* dashboard; - added a *Cybersecurity Weather Map* page; - performances improvements for the processor ``threat_average_on_date``; - the lib/mosp.py helper is now using [PyMOSP](https://pypi.org/project/pymosp/) in order to check if an object is present on MOSP (objects.monarc.lu); - improved auto-update procedure. ![Screenshot_20210511_164933](https://user-images.githubusercontent.com/465400/117836395-2c080c80-b268-11eb-9ba1-361680426193.png) 2021-05-11T14:38:53+00:00 seaweedfs 2.47 seaweedfs 2.47 2021-05-11T17:13:17+00:00 * Volume * ahead of time volume assignment #2049 * add retry to assign volumes #2056 * FUSE Mount * write to local temporary file before uploading * Filer * delete specific tags #2041 * fix wrong log error #2051 * Shell * optional parallel copy ec shards #2048 * S3 * return 404 if bucket does not exist #2039 * Java Client * Add exists() function * make SeaweedInputStream throw FileNotFoundException 2021-05-11T17:13:17+00:00 syncthing v1.17.0-rc.3 syncthing v1.17.0-rc.3 2021-05-11T19:21:34+00:00 This release deprecates TLS 1.2 for sync connections; other side should be Syncthing 1.3.0 or newer, or see [insecureAllowOldTLSVersions](https://docs.syncthing.net/advanced/option-insecure-allow-old-tls-versions.html). Bugfixes: - #7592: Web UI doesn't handle long machine names well - #7593: ChaCha priority detection logic broken - #7608: Files ignored on one remote do not get synced Enhancements: - #7580: Improve logging for service failures - #7594: Consider removing support for TLS <1.3 on sync connections - #7600: Fast connect to new devices following config update - #7636: Improve QUIC performance 2021-05-11T19:21:34+00:00 mimikatz 2.2.0-20210511 mimikatz 2.2.0-20210511 2021-05-11T19:39:58+00:00 ![SCCM_dump](https://user-images.githubusercontent.com/2307945/117874384-31357d80-b2a1-11eb-9949-9cd7a96a96ce.png) This release does not contain Authenticode PE Signature (waiting for certificate) 2021-05-11T19:39:58+00:00 Gaffer gaffer2-1.16.1 Gaffer gaffer2-1.16.1 2021-05-12T14:51:09+00:00 ## :beetle: Bugs Fixed - Change AssumeTrue typo to AssertTrue [#2364](https://github.com/gchq/Gaffer/issues/2364) ## :heart: Contributors We'd like to thank all the contributors who worked on this release! - [@t92549](https://github.com/t92549) 2021-05-12T14:51:09+00:00 mailvelope v4.4.1 mailvelope v4.4.1 2021-05-12T15:21:18+00:00 * [Gmail] Fix Mailvelope editor button integration when Meet section active in main menu * [Gmail] Fix missing cc recipients when reply to all * [Gmail] Fix legacy G Suite detection * Fix unit tests: replace expired keys * Update dependencies 2021-05-12T15:21:18+00:00 oxalis v5.0.1 oxalis v5.0.1 2021-05-12T16:04:38+00:00 * Addition of new approved ICD values - OpenPEPPOL eDEC Code Lists - Participant Identifier Schemes v7.5 : https://github.com/OxalisCommunity/vefa-peppol/commit/faa49b4daf450fb89a05424ffbb39eac7e768935 * SMP-Redirect by @FrodeBjerkholt : https://github.com/OxalisCommunity/vefa-peppol/commit/ddda09aa89596a18ffbec18f0d2293a889e37683 👏 * Invalid Null Check - Exception in BusdoxReader.java : https://github.com/OxalisCommunity/vefa-peppol/commit/84fd271aecbeb5accbfbf9bc1c98639e7f3122e4 2021-05-12T16:04:38+00:00 mattermost-server v5.31.5 mattermost-server v5.31.5 2021-05-12T16:27:16+00:00 Mattermost Platform Release v5.31.5 2021-05-12T16:27:16+00:00 mimikatz 2.2.0-20210512 mimikatz 2.2.0-20210512 2021-05-12T21:19:35+00:00 ![sccm_network](https://user-images.githubusercontent.com/2307945/118045617-6f51a080-b378-11eb-842a-77c5cdf31de7.png) This release still does not contain Authenticode PE Signature (waiting for certificate) 2021-05-12T21:19:35+00:00 clair v4.1.0 clair v4.1.0 2021-05-13T14:42:12+00:00 <a name="unreleased"></a> ## [Unreleased] <a name="v4.1.0"></a> ## [v4.1.0] - 2021-05-13 ### All - [6638793](https://github.com/quay/clair/commit/66387930f2b80087a32a1aeddc9b1ef16eec01e1): use RateLimiter where it seems appropriate ### Chore - [8bcbbf1](https://github.com/quay/clair/commit/8bcbbf1be8b14051a05cc86bc404834b5778a6e8): v4.1.0 changelog bump - [04f2cb7](https://github.com/quay/clair/commit/04f2cb71acc8eceac0d1a7766c5ebfcfa01150ee): bump claircore version ### Cicd - [8b0cdb3](https://github.com/quay/clair/commit/8b0cdb38fa8f4d701e0ef804e37728721798f564): use golang major version tag for dev env - [c1895c4](https://github.com/quay/clair/commit/c1895c433dfc3a872cce2c1468801ecdddf2e962): use quay.io/projectquay/golang image ### Claircore - [bc2b059](https://github.com/quay/clair/commit/bc2b0591d3ea3a07498820bc625f7dc9cd5ce934): update to use new libvuln API ### Clairctl - [c80a99d](https://github.com/quay/clair/commit/c80a99d14ed96e539a79212fb23f608a03ee636c): move to updates.Manager interface - [30f8696](https://github.com/quay/clair/commit/30f86961b88b7a590157f28fc6cb8f22f16dfa06): move to zlog ### Httputil - [ed8ffc5](https://github.com/quay/clair/commit/ed8ffc50b56c9b11873f00bb2deb4fba9107ec95): create package and RateLimiter ### Initialize - [5df82e1](https://github.com/quay/clair/commit/5df82e19e971c67ebdecf3f92682d4ae897db53a): update call to Libindex contstructor ### Introspection - [ec59a43](https://github.com/quay/clair/commit/ec59a431032713654e2eb7a29ad7c446dd16a490): enable readiness endpoint [Unreleased]: https://github.com/quay/clair/compare/v4.1.0...HEAD [v4.1.0]: https://github.com/quay/clair/compare/v4.1.0-alpha.3...v4.1.0 2021-05-13T14:42:12+00:00 mattermost-server v5.35.0 mattermost-server v5.35.0 2021-05-13T16:40:48+00:00 Mattermost Platform Release v5.35.0 2021-05-13T16:40:48+00:00 openlibrary deploy-2021-05-13 openlibrary deploy-2021-05-13 2021-05-14T00:25:20+00:00 General: - @lephemere a11y: Fix Library Explorer shelf label keyboard focus order (#5091) - @bpmcneilly a11y: Ensuring Color Contrast for Author Names When Cover Is Not Present (#5158) - @RayBB Feature: Make Open Library appear as a candidate search engine in Firefox (#5104) - @Yashs911 a11y: Fix Tab order of Edit Toolbar (#5073) - @mmcnl Fix: update Internet Archive mailing lists to match new values in petabox (#5148) Dev: - @mekarpeles attempting to fix crons on ol-home0 (#5147) - @lephemere Refactor/Move inline js from books/edit/web template (#5126) - @cdrini Fix copydocs default openlibrary port (#5150) - @cdrini Add OLIMAGE env variable to restart_servers for easy rollbacks (#5149) - @cdrini Fix 092 DDC shelf pollution (#5140) - @dhruvmanila refactor: remove Python 3.8 references (#5146) - @tirkarthi Use current_thread and access name attribute directly instead of deprecated access in Python 3.10. (#5157) Dependencies: - @dependabot[bot] Bump lodash from 4.17.20 to 4.17.21 in /tests/screenshots (#5152) - @dependabot[bot] Bump @babel/register from 7.13.8 to 7.13.16 (#5118) - @dependabot[bot] Bump core-js from 3.10.0 to 3.11.1 (#5121) - @dependabot[bot] Bump hosted-git-info from 2.7.1 to 2.8.9 in /tests/screenshots (#5166) - @dependabot[bot] Bump svgo from 2.2.2 to 2.3.0 (#4965) - @dependabot[bot] Bump css-loader from 5.1.3 to 5.2.4 (#5115) - @dependabot[bot] Bump pytest from 6.2.3 to 6.2.4 (#5165) - @dependabot[bot] Bump flake8 from 3.9.1 to 3.9.2 (#5164) - @dependabot[bot] Bump sentry-sdk from 1.0.0 to 1.1.0 (#5161) - @dependabot[bot] Bump @babel/core from 7.13.10 to 7.14.0 (#5120) - @dependabot[bot] Bump @babel/preset-env from 7.13.10 to 7.14.1 (#5167) Stats: - PR Authors: @cdrini (3), @lephemere (2), @RayBB (1), @Yashs911 (1), @bpmcneilly (1), @dhruvmanila (1), @mekarpeles (1), @mmcnl (1), @tirkarthi (1) - PR Assignees: @jdlrobson (10), @mekarpeles (5), @dhruvmanila (4), @bpmcneilly (2), @cdrini (2) Full diff: https://github.com/internetarchive/openlibrary/compare/deploy-2021-05-06...deploy-2021-05-13 PRs: [is:pr is:merged merged:2021-05-06T19:23:53Z..2021-05-13T23:40:03Z sort:updated-asc](https://github.com/internetarchive/openlibrary/pulls?q=is%3Apr%20is%3Amerged%20merged%3A2021-05-06T19%3A23%3A53Z..2021-05-13T23%3A40%3A03Z%20sort%3Aupdated-asc) 2021-05-14T00:25:20+00:00 git-stats 2.11.0 git-stats 2.11.0 2021-05-14T07:04:26+00:00 Adds the author filter -- thanks @theowenyoung! :cake: /cc #168 2021-05-14T07:04:26+00:00 uBlock 1.35.3b1 uBlock 1.35.3b1 2021-05-14T14:37:32+00:00 [Commits to master since this release](https://github.com/gorhill/uBlock/compare/1.35.3b1...master) To install the developer build: - **Firefox**: Click [uBlock0_1.35.3b1.firefox.signed.xpi](https://github.com/gorhill/uBlock/releases/download/1.35.3b1/uBlock0_1.35.3b1.firefox.signed.xpi). - [uBO works best on Firefox](https://github.com/gorhill/uBlock/wiki/uBlock-Origin-works-best-on-Firefox). - **Chromium**: Install from the Chrome Web Store (CWS): <https://chrome.google.com/webstore/detail/ublock-origin-dev-build/cgbcahbpdhpcegmbfconppldiemgcoii>. - **Thunderbird**: Download [uBlock0_1.35.3b1.thunderbird.xpi](https://github.com/gorhill/uBlock/releases/download/1.35.3b1/uBlock0_1.35.3b1.thunderbird.xpi), then drag-n-drop it into Thunderbird's _Add-ons Manager_ pane (Thunderbird 65+ required) --- ## Closed as fixed - [Text in Manage Extension Shortcuts includes escaped `&shy;`](https://github.com/uBlockOrigin/uBlock-issues/issues/1570) ## Notable commits without en entry in the issue tracker - [Keep reporting last time "out of date" lists were updated](https://github.com/gorhill/uBlock/commit/d0e4c60f59201217cfa7c04d65f20af46f75da69) - [Fix improper hashing of rules in classic popup panel](https://github.com/gorhill/uBlock/commit/1f8a67f40eb7293dcb8f4eba9a21cc122dc0d0eb) 2021-05-14T14:37:32+00:00 zstd v1.5.0 zstd v1.5.0 2021-05-14T16:01:54+00:00 `v1.5.0` is a major release featuring large performance improvements as well as API changes. # Performance ## Improved Middle-Level Compression Speed 1.5.0 introduces a new default match finder for the compression strategies `greedy`, `lazy`, and `lazy2`, (which map to levels 5-12 for inputs larger than 256K). The optimization brings a massive improvement in compression speed with slight perturbations in compression ratio (< 0.5%) and equal or decreased memory usage. Benchmarked with gcc, on an i9-9900K: | level | `silesia.tar` speed delta | `enwik7` speed delta | |--------|-----------|------------| | 5 | +25% | +25% | | 6 | +50% | +50% | | 7 | +40% | +40% | | 8 | +40% | +50% | | 9 | +50% | +65% | | 10 | +65% | +80% | | 11 | +85% | +105% | | 12 | +110% | +140% | On heavily loaded machines with significant cache contention, we have internally measured _even larger gains_: 2-3x+ speed at levels 5-7. 🚀 The biggest gains are achieved on files typically larger than 128KB. On files smaller than 16KB, by default we revert back to the legacy match finder which becomes the faster one. This default policy can be overriden manually: the new match finder can be forcibly enabled with the advanced parameter `ZSTD_c_useRowMatchFinder`, or through the CLI option `--[no-]row-match-finder`. Note: only CPUs that support `SSE2` realize the full extent of this improvement. ## Improved High-Level Compression Ratio Improving compression ratio via block splitting is now enabled by default for high compression levels (16+). The amount of benefit varies depending on the workload. Compressing archives comprised of heavily differing files will see more improvement than compression of single files that don’t vary much entropically (like text files/enwik). At levels 16+, we observe no measurable regression to compression speed. **level 22 compression** | file | ratio 1.4.9 | ratio 1.5.0 | ratio % delta | |-----|---------|--------|-------| | silesia.tar | 4.021 | 4.041 | +0.49% | | calgary.tar | 3.646 | 3.672 | +0.71% | | enwik7 | 3.579 | 3.579 | +0.0% | The block splitter can be forcibly enabled on lower compression levels as well with the advanced parameter `ZSTD_c_splitBlocks`. When forcibly enabled at lower levels, speed regressions can become more notable. Additionally, since more compressed blocks may be produced, decompression speed on these blobs may also see small regressions. ## Faster Decompression Speed The decompression speed of data compressed with large window settings (such as `--long` or `--ultra`) has been significantly improved in this version. The gains vary depending on compiler brand and version, with `clang` generally benefiting the most. The following benchmark was measured by compressing `enwik9` at level `--ultra -22` (with a 128 MB window size) on a core i7-9700K. | Compiler version | D. Speed improvement | | --- | --- | | gcc-7 | +15% | | gcc-8 | +10 % | | gcc-9 | +5% | | gcc-10 | +1% | | clang-6 | +21% | | clang-7 | +16% | | clang-8 | +16% | | clang-9 | +18% | | clang-10 | +16% | | clang-11 | +15% | Average decompression speed for “normal” payload is slightly improved too, though the impact is less impressive. Once again, mileage varies depending on exact compiler version, payload, and even compression level. In general, a majority of scenarios see benefits ranging from +1 to +9%. There are also a few outliers here and there, from -4% to +13%. The average gain across all these scenarios stands at ~+4%. # Library Updates ## Dynamic Library Supports Multithreading by Default It was already possible to compile `libzstd` with multithreading support. But it was an active operation. By default, the `make` build script would build `libzstd` as a single-thread-only library. This changes in `v1.5.0`. Now the dynamic library (typically `libzstd.so.1` on Linux) supports multi-threaded compression by default. Note that this property is not extended to the static library (typically `libzstd.a` on Linux) because doing so would have impacted the build script of existing client applications (requiring them to add `-pthread` to their recipe), thus potentially breaking their build. In order to avoid this disruption, the static library remains single-threaded by default. Luckily, this build disruption does not extend to the dynamic library, which can be built with multi-threading support while existing applications linking to `libzstd.so` and expecting only single-thread capabilities will be none the wiser, and remain completely unaffected. The idea is that starting from `v1.5.0`, applications can _expect_ the dynamic library to support multi-threading should they need it, which will progressively lead to increased adoption of this capability overtime. That being said, since the locally deployed dynamic library may, or may not, support multi-threading compression, depending on local build configuration, it’s always better to check this capability at runtime. For this goal, it’s enough to check the return value when changing parameter `ZSTD_c_nbWorkers` , and if it results in an error, then multi-threading is not supported. _Q: What if I prefer to keep the libraries in single-thread mode only ?_ The target `make lib-nomt` will ensure this outcome. _Q: Actually, I want both static and dynamic library versions to support multi-threading !_ The target `make lib-mt` will generate this outcome. ## Promotions to Stable Moving up to the higher digit `1.5` signals an opportunity to extend the _stable_ portion of `zstd` public API. This update is relatively minor, featuring only a few non-controversial newcomers. `ZSTD_defaultCLevel()` indicates which level is default (applied when selecting level `0`). It completes existing `ZSTD_minCLevel()` and `ZSTD_maxCLevel()`. Similarly, `ZSTD_getDictID_fromCDict()` is a straightforward equivalent to already promoted `ZSTD_getDictID_fromDDict()`. ## Deprecations [Zstd-1.4.0](https://github.com/facebook/zstd/releases/tag/v1.4.0) stabilized a new [advanced API](https://github.com/facebook/zstd/blob/705a62b612151cff06f453bc3452b9e99088a574/lib/zstd.h#L238) which allows users to pass advanced parameters to zstd. We’re now deprecating all the old experimental APIs that are subsumed by the new advanced API. They will be considered for removal in the next Zstd major release zstd-1.6.0. Note that only experimental symbols are impacted. Stable functions, like `ZSTD_initCStream()`, remain fully supported. The deprecated functions are listed below, together with the migration. All the suggested migrations are stable APIs, meaning that once you migrate, the API will be supported forever. See the documentation for the deprecated functions for more details on how to migrate. - Functions that migrate to `ZSTD_compress2()` with parameter setters: * `ZSTD_compress_advanced()`: Use [`ZSTD_CCtx_setParameter()`](https://github.com/facebook/zstd/blob/705a62b612151cff06f453bc3452b9e99088a574/lib/zstd.h#L458-L469). * `ZSTD_compress_usingCDict_advanced()`: Use [`ZSTD_CCtx_setParameter()`](https://github.com/facebook/zstd/blob/705a62b612151cff06f453bc3452b9e99088a574/lib/zstd.h#L458-L469) and [`ZSTD_CCtx_refCDict()`](https://github.com/facebook/zstd/blob/705a62b612151cff06f453bc3452b9e99088a574/lib/zstd.h#L960-L972). - Functions that migrate to `ZSTD_compressStream()` or `ZSTD_compressStream2()` with parameter setters: * `ZSTD_initCStream_srcSize()`: Use [`ZSTD_CCtx_setPledgedSrcSize()`](https://github.com/facebook/zstd/blob/705a62b612151cff06f453bc3452b9e99088a574/lib/zstd.h#L471-L486). * `ZSTD_initCStream_usingDict()`: Use [`ZSTD_CCtx_loadDictionary()`](https://github.com/facebook/zstd/blob/705a62b612151cff06f453bc3452b9e99088a574/lib/zstd.h#L941-L958). * `ZSTD_initCStream_usingCDict()`: Use [`ZSTD_CCtx_refCDict()`](https://github.com/facebook/zstd/blob/705a62b612151cff06f453bc3452b9e99088a574/lib/zstd.h#L960-L972). * `ZSTD_initCStream_advanced()`: Use [`ZSTD_CCtx_setParameter()`](https://github.com/facebook/zstd/blob/705a62b612151cff06f453bc3452b9e99088a574/lib/zstd.h#L458-L469). * `ZSTD_initCStream_usingCDict_advanced()`: Use [`ZSTD_CCtx_setParameter()`](https://github.com/facebook/zstd/blob/705a62b612151cff06f453bc3452b9e99088a574/lib/zstd.h#L458-L469) and [`ZSTD_CCtx_refCDict()`](https://github.com/facebook/zstd/blob/705a62b612151cff06f453bc3452b9e99088a574/lib/zstd.h#L960-L972). * `ZSTD_resetCStream()`: Use [`ZSTD_CCtx_reset()`](https://github.com/facebook/zstd/blob/705a62b612151cff06f453bc3452b9e99088a574/lib/zstd.h#L494-L508) and [`ZSTD_CCtx_setPledgedSrcSize()`](https://github.com/facebook/zstd/blob/705a62b612151cff06f453bc3452b9e99088a574/lib/zstd.h#L471-L486). - Functions that are deprecated without replacement. We don’t expect any users of these functions. Please open an issue if you use these and have questions about how to migrate. * `ZSTD_compressBegin_advanced()` * `ZSTD_compressBegin_usingCDict_advanced()` ## Header File Locations Zstd has slightly re-organized the library layout to move all public headers to the top level `lib/` directory. This is for consistency, so all public headers are in `lib/` and all private headers are in a sub-directory. If you build zstd from source, this may affect your build system. - `lib/common/zstd_errors.h` has moved to `lib/zstd_errors.h`. - `lib/dictBuilder/zdict.h` has moved to `lib/zdict.h`. ## Single-File Library We have moved the scripts in `contrib/single_file_libs` to `build/single_file_libs`. These scripts, originally contributed by @cwoffenden, produce a single compilation-unit amalgamation of the zstd library, which can be convenient for integrating Zstandard into other source trees. This move reflects a commitment on our part to support this tool and this pattern of using zstd going forward. ## Windows Release Artifact Format We are slightly changing the format of the Windows release `.zip` files, to match our other release artifacts. The `.zip` files now bundle everything in a single folder whose name matches the archive name. The contents of that folder exactly match what was previously included in the root of the archive. ## Signed Releases We have created a [signing key](http://keys.gnupg.net/pks/lookup?op=get&search=0xEF8FE99528B52FFD) for the Zstandard project. This release and all future releases will be signed by this key. See #2520 for discussion. # Changelog - api: Various functions promoted from experimental to stable API: ([#2579](https://github.com/facebook/zstd/pull/2579)-[#2581](https://github.com/facebook/zstd/pull/2581), [@senhuang42](https://github.com/senhuang42)) * `ZSTD_defaultCLevel()` * `ZSTD_getDictID_fromCDict()` - api: Several experimental functions have been deprecated and will emit a compiler warning ([#2582](https://github.com/facebook/zstd/pull/2582), [@senhuang42](https://github.com/senhuang42)) * `ZSTD_compress_advanced()` * `ZSTD_compress_usingCDict_advanced()` * `ZSTD_compressBegin_advanced()` * `ZSTD_compressBegin_usingCDict_advanced()` * `ZSTD_initCStream_srcSize()` * `ZSTD_initCStream_usingDict()` * `ZSTD_initCStream_usingCDict()` * `ZSTD_initCStream_advanced()` * `ZSTD_initCStream_usingCDict_advanced()` * `ZSTD_resetCStream()` - api: `ZSTDMT_NBWORKERS_MAX` reduced to 64 for 32-bit environments ([#2643](https://github.com/facebook/zstd/pull/2643), [@Cyan4973](https://github.com/Cyan4973)) - perf: Significant speed improvements for middle compression levels ([#2494](https://github.com/facebook/zstd/pull/2494), [@senhuang42](https://github.com/senhuang42) & [@terrelln](https://github.com/terrelln)) - perf: Block splitter to improve compression ratio, enabled by default for high compression levels ([#2447](https://github.com/facebook/zstd/pull/2447), [@senhuang42](https://github.com/senhuang42)) - perf: Decompression loop refactor, speed improvements on `clang` and for `--long` modes ([#2614](https://github.com/facebook/zstd/pull/2614) [#2630](https://github.com/facebook/zstd/pull/2630), [@Cyan4973](https://github.com/Cyan4973)) - perf: Reduced stack usage during compression and decompression entropy stage ([#2522](https://github.com/facebook/zstd/pull/2522) [#2524](https://github.com/facebook/zstd/pull/2524), [@terrelln](https://github.com/terrelln)) - bug: Make the number of physical CPU cores detection more robust ([#2517](https://github.com/facebook/zstd/pull/2517), [@PaulBone](https://github.com/PaulBone)) - bug: Improve setting permissions of created files ([#2525](https://github.com/facebook/zstd/pull/2525), [@felixhandte](https://github.com/felixhandte)) - bug: Fix large dictionary non-determinism ([#2607](https://github.com/facebook/zstd/pull/2607), [@terrelln](https://github.com/terrelln)) - bug: Fix various dedicated dictionary search bugs ([#2540](https://github.com/facebook/zstd/pull/2540) [#2586](https://github.com/facebook/zstd/pull/2586), [@senhuang42](https://github.com/senhuang42) [@felixhandte](https://github.com/felixhandte)) - bug: Fix non-determinism test failures on Linux i686 ([#2606](https://github.com/facebook/zstd/pull/2606), [@terrelln](https://github.com/terrelln)) - bug: Fix UBSAN error in decompression ([#2625](https://github.com/facebook/zstd/pull/2625), [@terrelln](https://github.com/terrelln)) - bug: Fix superblock compression divide by zero bug ([#2592](https://github.com/facebook/zstd/pull/2592), [@senhuang42](https://github.com/senhuang42)) - bug: Ensure `ZSTD_estimateCCtxSize*()` monotonically increases with compression level ([#2538](https://github.com/facebook/zstd/pull/2538), [@senhuang42](https://github.com/senhuang42)) - doc: Improve `zdict.h` dictionary training API documentation ([#2622](https://github.com/facebook/zstd/pull/2622), [@terrelln](https://github.com/terrelln)) - doc: Note that public `ZSTD_free*()` functions accept NULL pointers ([#2521](https://github.com/facebook/zstd/pull/2521), [@animalize](https://github.com/animalize)) - doc: Add style guide docs for open source contributors ([#2626](https://github.com/facebook/zstd/pull/2626), [@Cyan4973](https://github.com/Cyan4973)) - tests: Better regression test coverage for different dictionary modes ([#2559](https://github.com/facebook/zstd/pull/2559), [@senhuang42](https://github.com/senhuang42)) - tests: Better test coverage of index reduction ([#2603](https://github.com/facebook/zstd/pull/2603), [@terrelln](https://github.com/terrelln)) - tests: OSS-Fuzz coverage for seekable format ([#2617](https://github.com/facebook/zstd/pull/2617), [@senhuang42](https://github.com/senhuang42)) - tests: Test coverage for ZSTD threadpool API ([#2604](https://github.com/facebook/zstd/pull/2604), [@senhuang42](https://github.com/senhuang42)) - build: Dynamic library built multithreaded by default ([#2584](https://github.com/facebook/zstd/pull/2584), [@senhuang42](https://github.com/senhuang42)) - build: Move `zstd_errors.h` and `zdict.h` to `lib/` root ([#2597](https://github.com/facebook/zstd/pull/2597), [@terrelln](https://github.com/terrelln)) - build: Single file library build script moved to `build/` directory ([#2618](https://github.com/facebook/zstd/pull/2618), [@felixhandte](https://github.com/felixhandte)) - build: Allow `ZSTDMT_JOBSIZE_MIN` to be configured at compile-time, reduce default to 512KB ([#2611](https://github.com/facebook/zstd/pull/2611), [@Cyan4973](https://github.com/Cyan4973)) - build: Fixed Meson build ([#2548](https://github.com/facebook/zstd/pull/2548), [@SupervisedThinking](https://github.com/SupervisedThinking) & [@kloczek](https://github.com/kloczek)) - build: `ZBUFF_*()` is no longer built by default ([#2583](https://github.com/facebook/zstd/pull/2583), [@senhuang42](https://github.com/senhuang42)) - build: Fix excessive compiler warnings with clang-cl and CMake ([#2600](https://github.com/facebook/zstd/pull/2600), [@nickhutchinson](https://github.com/nickhutchinson)) - build: Detect presence of `md5` on Darwin ([#2609](https://github.com/facebook/zstd/pull/2609), [@felixhandte](https://github.com/felixhandte)) - build: Avoid SIGBUS on armv6 ([#2633](https://github.com/facebook/zstd/pull/2633), @bmwiedmann) - cli: `--progress` flag added to always display progress bar ([#2595](https://github.com/facebook/zstd/pull/2595), [@senhuang42](https://github.com/senhuang42)) - cli: Allow reading from block devices with `--force` ([#2613](https://github.com/facebook/zstd/pull/2613), [@felixhandte](https://github.com/felixhandte)) - cli: Fix CLI filesize display bug ([#2550](https://github.com/facebook/zstd/pull/2550), [@Cyan4973](https://github.com/Cyan4973)) - cli: Fix windows CLI `--filelist` end-of-line bug ([#2620](https://github.com/facebook/zstd/pull/2620), [@Cyan4973](https://github.com/Cyan4973)) - contrib: Various fixes for linux kernel patch ([#2539](https://github.com/facebook/zstd/pull/2539), [@terrelln](https://github.com/terrelln)) - contrib: Seekable format - Decompression hanging edge case fix ([#2516](https://github.com/facebook/zstd/pull/2516), [@senhuang42](https://github.com/senhuang42)) - contrib: Seekable format - New seek table-only API ([#2113](https://github.com/facebook/zstd/pull/2113) [#2518](https://github.com/facebook/zstd/pull/2518), [@mdittmer](https://github.com/mdittmer) [@Cyan4973](https://github.com/Cyan4973)) - contrib: Seekable format - Fix seek table descriptor check when loading ([#2534](https://github.com/facebook/zstd/pull/2534), [@foxeng](https://github.com/foxeng)) - contrib: Seekable format - Decompression fix for large offsets, ([#2594](https://github.com/facebook/zstd/pull/2594), [@azat](https://github.com/azat)) - misc: Automatically published release tarballs available on Github ([#2535](https://github.com/facebook/zstd/pull/2535), [@felixhandte](https://github.com/felixhandte)) 2021-05-14T16:01:54+00:00 hashcat v6.2.0 hashcat v6.2.0 2021-05-14T17:17:54+00:00 Welcome to hashcat 6.2.0 release! This release is mostly about expanding support for new algorithms and fixing bugs. Thanks to everyone who contributed to this release!!! Full changelog: https://hashcat.net/forum/thread-10103.html 2021-05-14T17:17:54+00:00 seaweedfs 2.48 seaweedfs 2.48 2021-05-14T17:27:12+00:00 * Mount * Fix bugs related to renaming files and directories #2068 #2064 * Fix reading file when file is still being written #2065 * weed filer.copy * Adds option to skip copying files if file sizes are the same #2067 2021-05-14T17:27:12+00:00