MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-30 02:37:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge https://github.com/MISP/misp-galaxy

Browse source
This commit is contained in:
Deborah Servili 2018-04-19 16:04:18 +02:00
commit 0e0c806e9e
3 changed files with 16 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
clusters/banker.json
View file

@ -211,6 +211,9 @@
"https://www.proofpoint.com/us/threat-insight/post/threat-actors-using-legitimate-paypal-accounts-to-distribute-chthonic-banking-trojan", "https://www.proofpoint.com/us/threat-insight/post/threat-actors-using-legitimate-paypal-accounts-to-distribute-chthonic-banking-trojan",
"https://securelist.com/chthonic-a-new-modification-of-zeus/68176/" "https://securelist.com/chthonic-a-new-modification-of-zeus/68176/"
], ],
"synonyms": [
"Chtonic"
],
"date": "First seen fall of 2014" "date": "First seen fall of 2014"
}, },
"description": "Chthonic according to Kaspersky is an evolution of Zeus VM. It uses the same encryptor as Andromeda bot, the same encryption scheme as Zeus AES and Zeus V2 Trojans, and a virtual machine similar to that used in ZeusVM and KINS malware.", "description": "Chthonic according to Kaspersky is an evolution of Zeus VM. It uses the same encryptor as Andromeda bot, the same encryption scheme as Zeus AES and Zeus V2 Trojans, and a virtual machine similar to that used in ZeusVM and KINS malware.",
@ -568,7 +571,7 @@
"uuid": "f93acc85-8d2c-41e0-b0c5-47795b8c6194" "uuid": "f93acc85-8d2c-41e0-b0c5-47795b8c6194"
} }
], ],
"version": 7, "version": 8,
"uuid": "59f20cce-5420-4084-afd5-0884c0a83832", "uuid": "59f20cce-5420-4084-afd5-0884c0a83832",
"description": "A list of banker malware.", "description": "A list of banker malware.",
"authors": [ "authors": [

11
clusters/rat.json
View file

@ -2421,6 +2421,17 @@
"https://github.com/xlinshan/Coldroot" "https://github.com/xlinshan/Coldroot"
] ]
} }
},
{
"value": "Comnie",
"description": "Comnie is a RAT originally identified by Sophos. It has been using Github, Tumbler and Blogspot as covert channels for its C2 communications. Comnie has been observed targetting government, defense, aerospace, high-tech and telecommunication sectors in Asia.",
"uuid": "fbc5bbb2-38b4-4fa3-9b9f-624e05cdc648",
"meta": {
"refs": [
"https://exchange.xforce.ibmcloud.com/collection/East-Asia-Organizations-Victims-of-Comnie-Attack-12749a9dbc20e2f40b3ae99c43416d8c",
"https://researchcenter.paloaltonetworks.com/2018/01/unit42-comnie-continues-target-organizations-east-asia/"
]
}
} }
] ]
} }

11
clusters/tool.json
View file

@ -11,7 +11,7 @@
], ],
"description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.", "description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
"uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f", "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
"version": 63, "version": 64,
"values": [ "values": [
{ {
"meta": { "meta": {
@ -1704,15 +1704,6 @@
"value": "DownRage", "value": "DownRage",
"uuid": "ab5c4362-c369-4c78-985d-04ba1226ea32" "uuid": "ab5c4362-c369-4c78-985d-04ba1226ea32"
}, },
{
"meta": {
"refs": [
"https://www.proofpoint.com/us/threat-insight/post/threat-actors-using-legitimate-paypal-accounts-to-distribute-chthonic-banking-trojan"
]
},
"value": "Chthonic",
"uuid": "783f61a1-8210-4145-b801-53f71b909ebf"
},
{ {
"value": "GeminiDuke", "value": "GeminiDuke",
"description": "GeminiDuke is malware that was used by APT29 from 2009 to 2012.", "description": "GeminiDuke is malware that was used by APT29 from 2009 to 2012.",