mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-26 16:57:18 +00:00
Merge branch 'main' of github.com:MISP/misp-galaxy into main
This commit is contained in:
commit
524676282e
3 changed files with 63 additions and 17 deletions
|
@ -271,7 +271,7 @@
|
|||
]
|
||||
},
|
||||
"uuid": "2366ffb0-91ba-4b8e-bfad-d460c98d43a8",
|
||||
"value": "Innitial Access"
|
||||
"value": "Initial Access"
|
||||
}
|
||||
],
|
||||
"version": 1
|
||||
|
|
|
@ -7996,21 +7996,6 @@
|
|||
"uuid": "947a450a-df6c-4c2e-807b-0da8ecea1d26",
|
||||
"value": "Attor"
|
||||
},
|
||||
{
|
||||
"description": "DePriMon is an unusually advanced downloader whose developers have put extra effort into setting up the architecture and crafting the critical components.",
|
||||
"meta": {
|
||||
"cfr-target-category": [
|
||||
"Private sector",
|
||||
"Finance"
|
||||
],
|
||||
"cfr-type-of-incident": "Espionage",
|
||||
"refs": [
|
||||
"https://www.welivesecurity.com/2019/11/21/deprimon-default-print-monitor-malicious-downloader"
|
||||
]
|
||||
},
|
||||
"uuid": "443faf38-ad93-4421-8a53-47ad84b195fa",
|
||||
"value": "DePriMon"
|
||||
},
|
||||
{
|
||||
"description": "According to 360 TIC the actor has carried out continuous cyber espionage activities since 2011 on key units and departments of the Chinese government, military industry, scientific research, and finance. The organization focuses on information related to the nuclear industry and scientific research. The targets were mainly concentrated in mainland China...[M]ore than 670 malware samples have been collected from the group, including more than 60 malicious plugins specifically for lateral movement; more than 40 C2 domain names and IPs related to the organization have also been discovered.",
|
||||
"meta": {
|
||||
|
|
|
@ -8231,7 +8231,68 @@
|
|||
},
|
||||
"uuid": "d9b2305e-9802-483c-a95d-2ae8525c7704",
|
||||
"value": "SUNSPOT"
|
||||
},
|
||||
{
|
||||
"description": "",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.clearskysec.com/cedar/"
|
||||
],
|
||||
"type": [
|
||||
"webshell"
|
||||
]
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "1974ea65-7312-4d91-a592-649983b46554",
|
||||
"value": "Caterpillar WebShell"
|
||||
},
|
||||
{
|
||||
"description": "The P.A.S. webshell was developed by an ukrainian student, Jaroslav Volodimirovich Panchenko, who used the nick-name Profexer. It was developed in PHP and features a characteristic password-based encryption. This tool was available through a form on his website, where a user had to provide a password to receive a custom webshell. The form suggested a donation to the developer. It was commonly used, including during a WORDPRESS website attack.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://us-cert.cisa.gov/GRIZZLY-STEPPE-Russian-Malicious-Cyber-Activity",
|
||||
"https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
|
||||
],
|
||||
"synonyms": [
|
||||
"Fobushell"
|
||||
],
|
||||
"type": [
|
||||
"webshell"
|
||||
]
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "6baa1f46-daa9-4f40-952b-ec613c835abb",
|
||||
"value": "P.A.S. webshell"
|
||||
},
|
||||
{
|
||||
"description": "Exaramel is a backdoor first publicly reported by ESET in 2018. Two samples were identified, one targeting the WINDOWS operating system and the other targeting LINUX operating systems.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.welivesecurity.com/2018/10/11/new-telebots-backdoor-linking-industroyer-notpetya/",
|
||||
"https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
|
||||
],
|
||||
"type": [
|
||||
"backdoor"
|
||||
]
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "95174297-6dff-47d9-bcb9-263f9b2efcfb",
|
||||
"value": "Exaramel"
|
||||
},
|
||||
{
|
||||
"description": "RDAT is a backdoor used by the suspected Iranian threat group OilRig. RDAT was originally identified in 2017 and targeted companies in the telecommunications sector.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://unit42.paloaltonetworks.com/oilrig-novel-c2-channel-steganography/"
|
||||
],
|
||||
"type": [
|
||||
"backdoor"
|
||||
]
|
||||
},
|
||||
"related": [],
|
||||
"uuid": "d357a6ff-00e5-4fcc-8b9e-4a9d98a736e7",
|
||||
"value": "RDAT"
|
||||
}
|
||||
],
|
||||
"version": 141
|
||||
"version": 144
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue