mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-26 08:47:18 +00:00
chg: [fix] resolve conflict
This commit is contained in:
parent
932fcf1871
commit
2e045d9c8c
1 changed files with 36 additions and 1 deletions
|
@ -9679,6 +9679,41 @@
|
||||||
"uuid": "e665ac2f-87b4-4c2e-bef7-78bf0a8af87b",
|
"uuid": "e665ac2f-87b4-4c2e-bef7-78bf0a8af87b",
|
||||||
"value": "Predatory Sparrow"
|
"value": "Predatory Sparrow"
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"description": "MSTIC has not found any notable associations between this observed activity, tracked as DEV-0586, and other known activity groups. MSTIC assesses that the malware (WhisperGate), which is designed to look like ransomware but lacking a ransom recovery mechanism, is intended to be destructive and designed to render targeted devices inoperable rather than to obtain a ransom.",
|
||||||
|
"meta": {
|
||||||
|
"cfr-suspected-victims": [
|
||||||
|
"Ukraine"
|
||||||
|
],
|
||||||
|
"cfr-type-of-incident": "Sabotage",
|
||||||
|
"refs": [
|
||||||
|
"https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/",
|
||||||
|
"https://msrc-blog.microsoft.com/2022/02/28/analysis-resources-cyber-threat-activity-ukraine/",
|
||||||
|
"https://unit42.paloaltonetworks.com/atoms/ruinousursa/"
|
||||||
|
],
|
||||||
|
"synonyms": [
|
||||||
|
"Ruinous Ursa"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "a5f64c1a-c829-4855-903d-e0ff2098b2d7",
|
||||||
|
"value": "DEV-0586"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "This group started operating during the first quarter of 2022. They published samples of alleged stolen data from companies on their site on Tor. It is unclear if they conducted the attacks themselves, or if they bought leaked databases from third parties.",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://www.trendmicro.com/en_us/research/20/k/analysis-of-kinsing-malwares-use-of-rootkit.html",
|
||||||
|
"https://blog.aquasec.com/threat-alert-kinsing-malware-container-vulnerability",
|
||||||
|
"https://sysdig.com/blog/zoom-into-kinsing-kdevtmpfsi/",
|
||||||
|
"https://unit42.paloaltonetworks.com/atoms/moneylibra/"
|
||||||
|
],
|
||||||
|
"synonyms": [
|
||||||
|
"Money Libra"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "4d522fad-452c-46be-94ea-5803aec9b709",
|
||||||
|
"value": "Kinsing"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"description": "According to TrendMicro, Earth Berberoka is a threat group originating from China that mainly focuses on targeting gambling websites. This group's campaign uses multiple malware families that target the Windows, Linux, and macOS platforms that have been attributed to Chinese-speaking actors. Aside from using tried-and-tested malware families that have been upgraded, such as PlugX and Gh0st RAT, Earth Berberoka has also developed a brand-new complex, multistage malware family, which has been dubbed PuppetLoader.",
|
"description": "According to TrendMicro, Earth Berberoka is a threat group originating from China that mainly focuses on targeting gambling websites. This group's campaign uses multiple malware families that target the Windows, Linux, and macOS platforms that have been attributed to Chinese-speaking actors. Aside from using tried-and-tested malware families that have been upgraded, such as PlugX and Gh0st RAT, Earth Berberoka has also developed a brand-new complex, multistage malware family, which has been dubbed PuppetLoader.",
|
||||||
"meta": {
|
"meta": {
|
||||||
|
@ -9983,5 +10018,5 @@
|
||||||
"value": "Red Nue"
|
"value": "Red Nue"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 233
|
"version": 234
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue