MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-23 07:17:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge pull request #226 from Delta-Sierra/master

Browse source 
Even more clusters
This commit is contained in:
Alexandre Dulaunoy 2018-06-18 15:53:02 +02:00 committed by GitHub
commit 4631916a69
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 64 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
clusters/ransomware.json
View file

@ -9838,12 +9838,40 @@
]
},
"uuid": "fe42c270-7077-11e8-af82-d7bf7e6ab8a9"
},
{
"value": "Donut",
"description": "S!Ri found a new ransomware called Donut that appends the .donut extension and uses the email donutmmm@tutanota.com.",
"meta": {
"refs": [
"https://twitter.com/siri_urz/status/1005438610806583296",
"https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-15th-2018-dbger-scarab-and-more/"
],
"extensions": [
".donut"
],
"ransomnotes": [
"https://www.bleepstatic.com/images/news/columns/week-in-ransomware/2018/june/15/DfQI_lnXUAAukGK[1].jpg"
]
},
"uuid": "e57e1f4a-72da-11e8-8c0d-af46e8f393d2"
},
{
"value": "NemeS1S Ransomware",
"description": "Ransomware as a Service",
"meta": {
"refs": [
"https://twitter.com/Damian1338B/status/1005411102660923392",
"https://www.bleepingcomputer.com/news/security/nemes1s-raas-is-padcrypt-ransomwares-affiliate-system/"
]
},
"uuid": "3ac0f41e-72e0-11e8-85a8-f7ae254ab629"
}
],
"source": "Various",
"uuid": "10cf658b-5d32-4c4b-bb32-61760a640372",
"name": "Ransomware",
"version": 24,
"version": 25,
"type": "ransomware",
"description": "Ransomware galaxy based on https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml and http://pastebin.com/raw/GHgpWjar"
}

25
clusters/threat-actor.json
View file

@ -2678,6 +2678,29 @@
]
},
"uuid": "4defbf2e-4f73-11e8-807f-578d61da7568"
},
{
"value": "LuckyMouse",
"description": "Experts assigned the codename of LuckyMouse to the group behind this hack, but they later realized the attackers were an older Chinese threat actor known under various names in the reports of other cyber-security firms, such as Emissary Panda, APT27, Threat Group 3390, Bronze Union, ZipToken, and Iron Tiger",
"meta": {
"refs": [
"https://www.bleepingcomputer.com/news/security/chinese-cyber-espionage-group-hacked-government-data-center/",
"https://www.secureworks.com/research/bronze-union",
"http://newsroom.trendmicro.com/blog/operation-iron-tiger-attackers-shift-east-asia-united-states",
"https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage",
"https://www.threatconnect.com/blog/threatconnect-discovers-chinese-apt-activity-in-europe/",
"https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/april/decoding-network-data-from-a-gh0st-rat-variant/"
],
"synonyms": [
"Emissary Panda",
"APT27",
"Threat Group 3390",
"Bronze Union",
"ZipToken",
"Iron Tiger"
]
},
"uuid": "4af45fea-72d3-11e8-846c-d37699506c8d"
}
],
"name": "Threat actor",
@ -2692,5 +2715,5 @@
],
"description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.",
"uuid": "7cdff317-a673-4474-84ec-4f1754947823",
"version": 41
"version": 42
}

12
clusters/tool.json
View file

@ -2,7 +2,7 @@
"uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
"name": "Tool",
"source": "MISP Project",
"version": 75,
"version": 76,
"values": [
{
"meta": {
@ -4323,6 +4323,16 @@
"https://blog.360totalsecurity.com/en/new-cryptominer-hijacks-your-bitcoin-transaction-over-300000-computers-have-been-attacked/"
]
}
},
{
"value": "TYPEFRAME",
"description": "Trojan malware",
"meta": {
"refs": [
"https://www.us-cert.gov/ncas/analysis-reports/AR18-165A"
]
},
"uuid": "8981aaca-72dc-11e8-8649-838c1b2613c5"
}
],
"authors": [