mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-27 01:07:18 +00:00
Merge pull request #236 from raw-data/master
[add] new cluster + galaxy
This commit is contained in:
commit
11af1cad81
3 changed files with 34 additions and 0 deletions
|
@ -19,6 +19,7 @@ to localized information (which is not shared) or additional information (that c
|
||||||
- [clusters/android.json](clusters/android.json) - Android malware galaxy based on multiple open sources.
|
- [clusters/android.json](clusters/android.json) - Android malware galaxy based on multiple open sources.
|
||||||
- [clusters/banker.json](clusters/banker.json) - A list of banker malware.
|
- [clusters/banker.json](clusters/banker.json) - A list of banker malware.
|
||||||
- [clusters/stealer.json](clusters/stealer.json) - A list of malware stealer.
|
- [clusters/stealer.json](clusters/stealer.json) - A list of malware stealer.
|
||||||
|
- [clusters/backdoor.json](clusters/backdoor.json) - A list of backdoor malware.
|
||||||
- [clusters/botnet.json](clusters/botnet.json) - A list of known botnets.
|
- [clusters/botnet.json](clusters/botnet.json) - A list of known botnets.
|
||||||
- [clusters/branded_vulnerability.json](clusters/branded_vulnerability.json) - List of known vulnerabilities and exploits.
|
- [clusters/branded_vulnerability.json](clusters/branded_vulnerability.json) - List of known vulnerabilities and exploits.
|
||||||
- [clusters/exploit-kit.json](clusters/exploit-kit.json) - Exploit-Kit is an enumeration of some exploitation kits used by adversaries. The list includes document, browser and router exploit kits. It's not meant to be totally exhaustive but aim at covering the most seen in the past 5 years.
|
- [clusters/exploit-kit.json](clusters/exploit-kit.json) - Exploit-Kit is an enumeration of some exploitation kits used by adversaries. The list includes document, browser and router exploit kits. It's not meant to be totally exhaustive but aim at covering the most seen in the past 5 years.
|
||||||
|
|
24
clusters/backdoor.json
Normal file
24
clusters/backdoor.json
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
{
|
||||||
|
"uuid": "75436e27-cb57-4f32-bf1d-9636dd78a2bf",
|
||||||
|
"description": "A list of backdoor malware.",
|
||||||
|
"source": "Open Sources",
|
||||||
|
"version": 1,
|
||||||
|
"values": [
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"date": "July 2018.",
|
||||||
|
"refs": [
|
||||||
|
"https://blog.jpcert.or.jp/2018/07/malware-wellmes-9b78.html"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"description": "Cross-platform malware written in Golang, compatible with Linux and Windows. Although there are some minor differences, both variants have the same functionality. The malware communicates with a CnC server using HTTP requests and performs functions based on the received commands. Results of command execution are sent in HTTP POST requests data (RSA-encrypted). Main functionalities are: (1) Execute arbitrary shell commands, (2) Upload/Download files. The PE variant of the infection, in addition, executes PowerShell scripts. A .Net version was also observed in the wild.",
|
||||||
|
"value": "WellMess",
|
||||||
|
"uuid": "e0e79fab-0f1d-4fc2-b424-208cb019a9cd"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"authors": [
|
||||||
|
"raw-data"
|
||||||
|
],
|
||||||
|
"type": "backdoor",
|
||||||
|
"name": "Backdoor"
|
||||||
|
}
|
9
galaxies/backdoor.json
Normal file
9
galaxies/backdoor.json
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
{
|
||||||
|
"description": "Malware Backdoor galaxy.",
|
||||||
|
"type": "backdoor",
|
||||||
|
"version": 1,
|
||||||
|
"name": "Backdoor",
|
||||||
|
"icon": "door-open",
|
||||||
|
"uuid": "75436e27-cb57-4f32-bf1d-9636dd78a2bf",
|
||||||
|
"namespace": "misp"
|
||||||
|
}
|
Loading…
Reference in a new issue