mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-30 10:47:17 +00:00
update tool galaxy
This commit is contained in:
parent
46b27c1eff
commit
632f030b28
1 changed files with 34 additions and 1 deletions
|
@ -10,7 +10,7 @@
|
||||||
],
|
],
|
||||||
"description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
|
"description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
|
||||||
"uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
|
"uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
|
||||||
"version": 36,
|
"version": 37,
|
||||||
"values": [
|
"values": [
|
||||||
{
|
{
|
||||||
"meta": {
|
"meta": {
|
||||||
|
@ -3038,6 +3038,39 @@
|
||||||
"https://www.us-cert.gov/ncas/alerts/TA17-318B"
|
"https://www.us-cert.gov/ncas/alerts/TA17-318B"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "Nymaim",
|
||||||
|
"description": "Nymaim is a 2-year-old strain of malware most closely associated with ransomware. We have seen recent attacks spreading it using an established email marketing service provider to avoid blacklists and detection tools. But instead of ransomware, the malware is now being used to distribute banking Trojans",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://www.proofpoint.com/us/what-old-new-again-nymaim-moves-past-its-ransomware-roots-0"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "GootKit",
|
||||||
|
"description": "As was the case earlier, the bot Gootkit is written in NodeJS, and is downloaded to a victim computer via a chain of downloaders. The main purpose of the bot also remained the same – to steal banking data. The new Gootkit version, detected in September, primarily targets clients of European banks, including those in Germany, France, Italy, the Netherlands, Poland, etc.",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://securelist.com/inside-the-gootkit-cc-server/76433/",
|
||||||
|
"https://securityintelligence.com/gootkit-bobbing-and-weaving-to-avoid-prying-eyes/",
|
||||||
|
"https://securityintelligence.com/gootkit-launches-redirection-attacks-in-the-uk/",
|
||||||
|
"https://www.symantec.com/security_response/writeup.jsp?docid=2010-051118-0604-99"
|
||||||
|
],
|
||||||
|
"synonyms": [
|
||||||
|
"Gootkit"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
}
|
||||||
|
{
|
||||||
|
"value": "Agent Tesla",
|
||||||
|
"description": "Agent Tesla is modern powerful keystroke logger. It provides monitoring your personel computer via keyboard and screenshot. Keyboard, screenshot and registered passwords are sent in log. You can receive your logs via e-mail, ftp or php(web panel). ",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://www.agenttesla.com/"
|
||||||
|
]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue