MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-27 01:07:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

update tool galaxy

Browse source
This commit is contained in:
Deborah Servili 2017-11-20 12:32:35 +01:00
parent 46b27c1eff
commit 632f030b28
1 changed files with 34 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
clusters/tool.json
View file

@ -10,7 +10,7 @@
], ],
"description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.", "description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
"uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f", "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
"version": 36, "version": 37,
"values": [ "values": [
{ {
"meta": { "meta": {
@ -3038,6 +3038,39 @@
"https://www.us-cert.gov/ncas/alerts/TA17-318B" "https://www.us-cert.gov/ncas/alerts/TA17-318B"
] ]
} }
},
{
"value": "Nymaim",
"description": "Nymaim is a 2-year-old strain of malware most closely associated with ransomware. We have seen recent attacks spreading it using an established email marketing service provider to avoid blacklists and detection tools. But instead of ransomware, the malware is now being used to distribute banking Trojans",
"meta": {
"refs": [
"https://www.proofpoint.com/us/what-old-new-again-nymaim-moves-past-its-ransomware-roots-0"
]
}
},
{
"value": "GootKit",
"description": "As was the case earlier, the bot Gootkit is written in NodeJS, and is downloaded to a victim computer via a chain of downloaders. The main purpose of the bot also remained the same to steal banking data. The new Gootkit version, detected in September, primarily targets clients of European banks, including those in Germany, France, Italy, the Netherlands, Poland, etc.",
"meta": {
"refs": [
"https://securelist.com/inside-the-gootkit-cc-server/76433/",
"https://securityintelligence.com/gootkit-bobbing-and-weaving-to-avoid-prying-eyes/",
"https://securityintelligence.com/gootkit-launches-redirection-attacks-in-the-uk/",
"https://www.symantec.com/security_response/writeup.jsp?docid=2010-051118-0604-99"
],
"synonyms": [
"Gootkit"
]
},
}
{
"value": "Agent Tesla",
"description": "Agent Tesla is modern powerful keystroke logger. It provides monitoring your personel computer via keyboard and screenshot. Keyboard, screenshot and registered passwords are sent in log. You can receive your logs via e-mail, ftp or php(web panel). ",
"meta": {
"refs": [
"https://www.agenttesla.com/"
]
}
} }
] ]
} }