mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-30 02:37:17 +00:00
chg: [tool] NOKKI added
ref: https://researchcenter.paloaltonetworks.com/2018/09/unit42-new-konni-malware-attacking-eurasia-southeast-asia/
This commit is contained in:
parent
49fe210812
commit
2402c7d98f
1 changed files with 11 additions and 1 deletions
|
@ -4209,6 +4209,16 @@
|
||||||
"uuid": "24ee55e3-697f-482f-8fa8-d05999df40cd",
|
"uuid": "24ee55e3-697f-482f-8fa8-d05999df40cd",
|
||||||
"value": "KONNI"
|
"value": "KONNI"
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"value": "NOKKI",
|
||||||
|
"uuid": "9e4fd0d3-9736-421c-b1e1-96c1d3665c80",
|
||||||
|
"description": "Beginning in early 2018, Unit 42 observed a series of attacks using a previously unreported malware family, which we have named ‘NOKKI’. The malware in question has ties to a previously reported malware family named KONNI, however, after careful consideration, we believe enough differences are present to introduce a different malware family name. To reflect the close relationship with KONNI, we chose NOKKI, swapping KONNI’s Ns and Ks. Because of code overlap found within both malware families, as well as infrastructure overlap, we believe the threat actors responsible for KONNI are very likely also responsible for NOKKI. Previous reports stated it was likely KONNI had been in use for over three years in multiple campaigns with a heavy interest in the Korean peninsula and surrounding areas. As of this writing, it is not certain if the KONNI or NOKKI operators are related to known adversary groups operating in the regions of interest, although there is evidence of a tenuous relationship with a group known as Reaper.",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://researchcenter.paloaltonetworks.com/2018/09/unit42-new-konni-malware-attacking-eurasia-southeast-asia/"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"description": "Recently, Palo Alto Networks researchers discovered an advanced Android malware we’ve named “SpyDealer” which exfiltrates private data from more than 40 apps and steals sensitive messages from communication apps by abusing the Android accessibility service feature. SpyDealer uses exploits from a commercial rooting app to gain root privilege, which enables the subsequent data theft.",
|
"description": "Recently, Palo Alto Networks researchers discovered an advanced Android malware we’ve named “SpyDealer” which exfiltrates private data from more than 40 apps and steals sensitive messages from communication apps by abusing the Android accessibility service feature. SpyDealer uses exploits from a commercial rooting app to gain root privilege, which enables the subsequent data theft.",
|
||||||
"meta": {
|
"meta": {
|
||||||
|
@ -5821,5 +5831,5 @@
|
||||||
"uuid": "https://www.bleepingcomputer.com/news/security/apt28-uses-lojax-first-uefi-rootkit-seen-in-the-wild/"
|
"uuid": "https://www.bleepingcomputer.com/news/security/apt28-uses-lojax-first-uefi-rootkit-seen-in-the-wild/"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 88
|
"version": 89
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue