mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-22 23:07:19 +00:00
add DePriMon malicious downloader & Cyborg ransomware
This commit is contained in:
parent
8cc5e02f22
commit
08a4897cbe
2 changed files with 21 additions and 2 deletions
|
@ -13572,7 +13572,16 @@
|
||||||
},
|
},
|
||||||
"uuid": "7cea8846-1f3d-331a-3ebf-055d452351b6",
|
"uuid": "7cea8846-1f3d-331a-3ebf-055d452351b6",
|
||||||
"value": "Maze"
|
"value": "Maze"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "Cyborg Ransomware",
|
||||||
|
"description": "Ransomware delivered using fake Windows Update spam",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/fake-windows-update-spam-leads-to-cyborg-ransomware-and-its-builder/"
|
||||||
|
]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 72
|
"version": 73
|
||||||
}
|
}
|
||||||
|
|
|
@ -7876,7 +7876,17 @@
|
||||||
},
|
},
|
||||||
"uuid": "c1815516-aa2a-43d2-9136-78a8feb054b6",
|
"uuid": "c1815516-aa2a-43d2-9136-78a8feb054b6",
|
||||||
"value": "ShadowHammer"
|
"value": "ShadowHammer"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "DePriMon",
|
||||||
|
"description": "DePriMon is a malicious downloader, with several stages and using many non-traditional techniques. To achieve persistence, the malware registers a new local port monitor – a trick falling under the “Port Monitors” technique in the MITRE ATT&CK knowledgebase. For that, the malware uses the “Windows Default Print Monitor” name; that’s why we have named it DePriMon. Due to its complexity and modular architecture, we consider it to be a framework.",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://www.bleepingcomputer.com/news/security/deprimon-malware-registers-itself-as-a-windows-print-monitor/",
|
||||||
|
"https://www.welivesecurity.com/2019/11/21/deprimon-default-print-monitor-malicious-downloader/"
|
||||||
|
]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 127
|
"version": 128
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue