mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-29 18:27:19 +00:00
Merge pull request #838 from Delta-Sierra/main
Adding SNOWYAMBER, HALFRIG, QUARTERRIG tools & PowerMagic backdoor
This commit is contained in:
commit
5f9760923f
2 changed files with 47 additions and 2 deletions
|
@ -205,7 +205,16 @@
|
|||
},
|
||||
"uuid": "2cef78bd-f097-4477-8888-79359042b515",
|
||||
"value": "BOLDMOVE"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://securelist.com/bad-magic-apt/109087/"
|
||||
]
|
||||
},
|
||||
"uuid": "c866b002-1cb6-4c91-8a8b-f0b0c6ac2b1a",
|
||||
"value": "PowerMagic"
|
||||
}
|
||||
],
|
||||
"version": 14
|
||||
"version": 15
|
||||
}
|
||||
|
|
|
@ -8754,7 +8754,43 @@
|
|||
},
|
||||
"uuid": "5c7fa5e1-352a-41c3-8e55-744e5fa88793",
|
||||
"value": "AHK Bot"
|
||||
},
|
||||
{
|
||||
"description": "A tool first used in October 2022, abusing the Notion7 service to communicate and download further malicious files. Two versions of this tool have been observed.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.gov.pl/web/baza-wiedzy/espionage-campaign-linked-to-russian-intelligence-services",
|
||||
"https://www.gov.pl/attachment/6e085a2c-ac05-4b62-9423-5d6e9ef730bf",
|
||||
"https://www.gov.pl/attachment/ee91f24d-3e67-436d-aa50-7fa56acf789d"
|
||||
]
|
||||
},
|
||||
"uuid": "0125ef58-2675-426f-90eb-0b189961199a",
|
||||
"value": "SNOWYAMBER"
|
||||
},
|
||||
{
|
||||
"description": "Used for the first time in February 2023. This tool is distinguished from the others by the embedded code that runs the COBALT STRIKE tool.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.gov.pl/web/baza-wiedzy/espionage-campaign-linked-to-russian-intelligence-services",
|
||||
"https://www.gov.pl/attachment/64193e8d-05e2-4cbf-bb4c-5f58da21fefb",
|
||||
"https://www.gov.pl/attachment/6e085a2c-ac05-4b62-9423-5d6e9ef730bf"
|
||||
]
|
||||
},
|
||||
"uuid": "f169f0b3-fe4d-40e5-a443-2561c98eb67e",
|
||||
"value": "HALFRIG"
|
||||
},
|
||||
{
|
||||
"description": "A tool first used in March 2023, sharing part of the code with HALFRIG. Two versions of this tool were observed.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.gov.pl/web/baza-wiedzy/espionage-campaign-linked-to-russian-intelligence-services",
|
||||
"https://www.gov.pl/attachment/6f51bb1a-3ad2-461c-a16d-408915a56f77",
|
||||
"https://www.gov.pl/attachment/6e085a2c-ac05-4b62-9423-5d6e9ef730bf"
|
||||
]
|
||||
},
|
||||
"uuid": "2d5072db-64e2-4d81-9b3a-3aa76cfa978b",
|
||||
"value": "QUARTERRIG"
|
||||
}
|
||||
],
|
||||
"version": 161
|
||||
"version": 162
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue