mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-26 08:47:18 +00:00
update some clusters and try to add a relationship system
This commit is contained in:
parent
84adb50f0f
commit
050a864be0
2 changed files with 59 additions and 6 deletions
|
@ -8016,7 +8016,9 @@
|
||||||
"https://download.bleepingcomputer.com/demonslay335/SamSamStringDecrypter.zip",
|
"https://download.bleepingcomputer.com/demonslay335/SamSamStringDecrypter.zip",
|
||||||
"http://blog.talosintel.com/2016/03/samsam-ransomware.html",
|
"http://blog.talosintel.com/2016/03/samsam-ransomware.html",
|
||||||
"http://www.intelsecurity.com/advanced-threat-research/content/Analysis_SamSa_Ransomware.pdf",
|
"http://www.intelsecurity.com/advanced-threat-research/content/Analysis_SamSa_Ransomware.pdf",
|
||||||
"https://www.bleepingcomputer.com/news/security/new-samsam-variant-requires-special-password-before-infection/"
|
"https://www.bleepingcomputer.com/news/security/new-samsam-variant-requires-special-password-before-infection/",
|
||||||
|
"https://www.bleepingcomputer.com/news/security/samsam-ransomware-crew-made-nearly-6-million-from-ransom-payments/",
|
||||||
|
"https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/SamSam-The-Almost-Six-Million-Dollar-Ransomware.pdf"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"uuid": "731e4a5e-35f2-47b1-80ba-150b95fdc14d"
|
"uuid": "731e4a5e-35f2-47b1-80ba-150b95fdc14d"
|
||||||
|
|
|
@ -774,10 +774,22 @@
|
||||||
"refs": [
|
"refs": [
|
||||||
"https://www.fireeye.com/blog/threat-research/2014/09/forced-to-adapt-xslcmd-backdoor-now-on-os-x.html",
|
"https://www.fireeye.com/blog/threat-research/2014/09/forced-to-adapt-xslcmd-backdoor-now-on-os-x.html",
|
||||||
"http://arstechnica.com/security/2015/04/elite-cyber-crime-group-strikes-back-after-attack-by-rival-apt-gang/",
|
"http://arstechnica.com/security/2015/04/elite-cyber-crime-group-strikes-back-after-attack-by-rival-apt-gang/",
|
||||||
"https://github.com/nccgroup/Royal_APT"
|
"https://github.com/nccgroup/Royal_APT",
|
||||||
|
"https://www.cfr.org/interactive/cyber-operations/mirage"
|
||||||
|
],
|
||||||
|
"cfr-suspected-victims": [
|
||||||
|
"European Union",
|
||||||
|
"India",
|
||||||
|
"United Kingdom"
|
||||||
|
],
|
||||||
|
"cfr-suspected-state-sponsor": "China",
|
||||||
|
"cfr-type-of-incident": "Espionage",
|
||||||
|
"cfr-target-category": [
|
||||||
|
"Government"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"value": "Mirage",
|
"value": "Mirage",
|
||||||
|
"description": "This threat actor uses phishing techniques to compromise the networks of foreign ministries of European countries for espionage purposes.",
|
||||||
"uuid": "3501fbf2-098f-47e7-be6a-6b0ff5742ce8"
|
"uuid": "3501fbf2-098f-47e7-be6a-6b0ff5742ce8"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -967,7 +979,19 @@
|
||||||
],
|
],
|
||||||
"country": "CN",
|
"country": "CN",
|
||||||
"refs": [
|
"refs": [
|
||||||
"http://www.crowdstrike.com/blog/whois-samurai-panda/"
|
"http://www.crowdstrike.com/blog/whois-samurai-panda/",
|
||||||
|
"https://www.cfr.org/interactive/cyber-operations/sykipot"
|
||||||
|
],
|
||||||
|
"cfr-suspected-victims": [
|
||||||
|
"United States",
|
||||||
|
"United Kingdom",
|
||||||
|
"Hong Kong"
|
||||||
|
],
|
||||||
|
"cfr-suspected-state-sponsor": "China",
|
||||||
|
"cfr-type-of-incident": "Espionage",
|
||||||
|
"cfr-target-category": [
|
||||||
|
"Private sector",
|
||||||
|
"Military"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"value": "Samurai Panda",
|
"value": "Samurai Panda",
|
||||||
|
@ -1082,7 +1106,14 @@
|
||||||
},
|
},
|
||||||
"value": "Flying Kitten",
|
"value": "Flying Kitten",
|
||||||
"description": "Activity: defense and aerospace sectors, also interested in targeting entities in the oil/gas industry.",
|
"description": "Activity: defense and aerospace sectors, also interested in targeting entities in the oil/gas industry.",
|
||||||
"uuid": "ba724df5-9aa0-45ca-8e0e-7101c208ae48"
|
"uuid": "ba724df5-9aa0-45ca-8e0e-7101c208ae48",
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "f873db71-3d53-41d5-b141-530675ade27a",
|
||||||
|
"type": "similar",
|
||||||
|
"likelihood-probability": "very-likely"
|
||||||
|
}
|
||||||
|
]
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"meta": {
|
"meta": {
|
||||||
|
@ -1189,6 +1220,7 @@
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"TEMP.Beanie",
|
"TEMP.Beanie",
|
||||||
"Operation Woolen Goldfish",
|
"Operation Woolen Goldfish",
|
||||||
|
"Operation Woolen-Goldfish",
|
||||||
"Thamar Reservoir",
|
"Thamar Reservoir",
|
||||||
"Timberworm"
|
"Timberworm"
|
||||||
],
|
],
|
||||||
|
@ -1230,7 +1262,14 @@
|
||||||
},
|
},
|
||||||
"description": "Targets Saudi Arabia, Israel, US, Iran, high ranking defense officials, embassies of various target countries, notable Iran researchers, human rights activists, media and journalists, academic institutions and various scholars, including scientists in the fields of physics and nuclear sciences.",
|
"description": "Targets Saudi Arabia, Israel, US, Iran, high ranking defense officials, embassies of various target countries, notable Iran researchers, human rights activists, media and journalists, academic institutions and various scholars, including scientists in the fields of physics and nuclear sciences.",
|
||||||
"value": "Rocket Kitten",
|
"value": "Rocket Kitten",
|
||||||
"uuid": "f873db71-3d53-41d5-b141-530675ade27a"
|
"uuid": "f873db71-3d53-41d5-b141-530675ade27a",
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "ba724df5-9aa0-45ca-8e0e-7101c208ae48",
|
||||||
|
"type": "similar",
|
||||||
|
"likelihood-probability": "very-likely"
|
||||||
|
}
|
||||||
|
]
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"meta": {
|
"meta": {
|
||||||
|
@ -3056,7 +3095,19 @@
|
||||||
"refs": [
|
"refs": [
|
||||||
"https://www.alienvault.com/open-threat-exchange/blog/new-sykipot-developments",
|
"https://www.alienvault.com/open-threat-exchange/blog/new-sykipot-developments",
|
||||||
"http://blog.trendmicro.com/trendlabs-security-intelligence/sykipot-now-targeting-us-civil-aviation-sector-information/",
|
"http://blog.trendmicro.com/trendlabs-security-intelligence/sykipot-now-targeting-us-civil-aviation-sector-information/",
|
||||||
"https://www.sans.org/reading-room/whitepapers/malicious/detailed-analysis-sykipot-smartcard-proxy-variant-33919"
|
"https://www.sans.org/reading-room/whitepapers/malicious/detailed-analysis-sykipot-smartcard-proxy-variant-33919",
|
||||||
|
"https://www.cfr.org/interactive/cyber-operations/sykipot"
|
||||||
|
],
|
||||||
|
"cfr-suspected-victims": [
|
||||||
|
"United States",
|
||||||
|
"United Kingdom",
|
||||||
|
"Hong Kong"
|
||||||
|
],
|
||||||
|
"cfr-suspected-state-sponsor": "China",
|
||||||
|
"cfr-type-of-incident": "Espionage",
|
||||||
|
"cfr-target-category": [
|
||||||
|
"Private sector",
|
||||||
|
"Military"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"value": "Maverick Panda",
|
"value": "Maverick Panda",
|
||||||
|
|
Loading…
Reference in a new issue