mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-30 02:37:17 +00:00
Merge pull request #220 from raw-data/master
[ADD] New Stealer galaxy and cluster
This commit is contained in:
commit
19344dc14c
3 changed files with 45 additions and 0 deletions
|
@ -18,6 +18,7 @@ to localized information (which is not shared) or additional information (that c
|
||||||
|
|
||||||
- [clusters/android.json](clusters/android.json) - Android malware galaxy based on multiple open sources.
|
- [clusters/android.json](clusters/android.json) - Android malware galaxy based on multiple open sources.
|
||||||
- [clusters/banker.json](clusters/banker.json) - A list of banker malware.
|
- [clusters/banker.json](clusters/banker.json) - A list of banker malware.
|
||||||
|
- [clusters/stealer.json](clusters/stealer.json) - A list of malware stealer.
|
||||||
- [clusters/botnet.json](clusters/botnet.json) - A list of known botnets.
|
- [clusters/botnet.json](clusters/botnet.json) - A list of known botnets.
|
||||||
- [clusters/branded_vulnerability.json](clusters/branded_vulnerability.json) - List of known vulnerabilities and exploits.
|
- [clusters/branded_vulnerability.json](clusters/branded_vulnerability.json) - List of known vulnerabilities and exploits.
|
||||||
- [clusters/exploit-kit.json](clusters/exploit-kit.json) - Exploit-Kit is an enumeration of some exploitation kits used by adversaries. The list includes document, browser and router exploit kits. It's not meant to be totally exhaustive but aim at covering the most seen in the past 5 years.
|
- [clusters/exploit-kit.json](clusters/exploit-kit.json) - Exploit-Kit is an enumeration of some exploitation kits used by adversaries. The list includes document, browser and router exploit kits. It's not meant to be totally exhaustive but aim at covering the most seen in the past 5 years.
|
||||||
|
|
35
clusters/stealer.json
Normal file
35
clusters/stealer.json
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
{
|
||||||
|
"uuid": "f2ef4033-9001-4427-a418-df8c48e6d054",
|
||||||
|
"description": "A list of malware stealer.",
|
||||||
|
"source": "Open Sources",
|
||||||
|
"version": 1,
|
||||||
|
"values": [
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"date": "March 2018.",
|
||||||
|
"refs": [
|
||||||
|
"https://www.proofpoint.com/us/threat-insight/post/thief-night-new-nocturnal-stealer-grabs-data-cheap"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"description": "It is designed to steal data found within multiple Chromium and Firefox based browsers, it can also steal many popular cryptocurrency wallets as well as any saved FTP passwords within FileZilla. Nocturnal Stealer uses several anti-VM and anti-analysis techniques, which include but are not limited to: environment fingerprinting, checking for debuggers and analyzers, searching for known virtual machine registry keys, and checking for emulation software.",
|
||||||
|
"value": "Nocturnal Stealer",
|
||||||
|
"uuid": "e7080bce-99b5-4615-a798-a192ed89bd5a"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"date": "March 2018.",
|
||||||
|
"refs": [
|
||||||
|
"https://blog.talosintelligence.com/2018/05/telegrab.html"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"description": "The first version stole browser credentials and cookies, along with all text files it can find on the system. The second variant added the ability to collect Telegram's desktop cache and key files, as well as login information for the video game storefront Steam.",
|
||||||
|
"value": "TeleGrab",
|
||||||
|
"uuid": "a6780288-24eb-4006-9ddd-062870c6feec"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"authors": [
|
||||||
|
"raw-data"
|
||||||
|
],
|
||||||
|
"type": "stealer",
|
||||||
|
"name": "Stealer"
|
||||||
|
}
|
9
galaxies/stealer.json
Normal file
9
galaxies/stealer.json
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
{
|
||||||
|
"description": "Malware stealer galaxy.",
|
||||||
|
"type": "stealer",
|
||||||
|
"version": 1,
|
||||||
|
"name": "Stealer",
|
||||||
|
"icon": "key",
|
||||||
|
"uuid": "f2ef4033-9001-4427-a418-df8c48e6d054",
|
||||||
|
"namespace": "misp"
|
||||||
|
}
|
Loading…
Reference in a new issue