mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-26 16:57:18 +00:00
new: Add entries from Bambenek Consulting
This commit is contained in:
parent
b7d52a8bac
commit
6f7a7921ae
3 changed files with 137 additions and 2 deletions
|
@ -2,7 +2,7 @@
|
||||||
"uuid": "59f20cce-5420-4084-afd5-0884c0a83832",
|
"uuid": "59f20cce-5420-4084-afd5-0884c0a83832",
|
||||||
"description": "A list of banker malware.",
|
"description": "A list of banker malware.",
|
||||||
"source": "Open Sources",
|
"source": "Open Sources",
|
||||||
"version": 9,
|
"version": 10,
|
||||||
"values": [
|
"values": [
|
||||||
{
|
{
|
||||||
"meta": {
|
"meta": {
|
||||||
|
@ -595,6 +595,70 @@
|
||||||
"value": "Backswap",
|
"value": "Backswap",
|
||||||
"uuid": "ea0b5f45-6b56-4c92-b22b-0d84c45160a0"
|
"uuid": "ea0b5f45-6b56-4c92-b22b-0d84c45160a0"
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanSpy:Win32/Bebloh.A",
|
||||||
|
"https://www.symantec.com/security-center/writeup/2011-041411-0912-99"
|
||||||
|
],
|
||||||
|
"synonyms": [
|
||||||
|
"URLZone",
|
||||||
|
"Shiotob"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"value": "Bebloh",
|
||||||
|
"uuid": "67a1a317-9f79-42bd-a4b2-fa1867d37d27"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://www.johannesbader.ch/2015/02/the-dga-of-banjori/"
|
||||||
|
],
|
||||||
|
"synonyms": [
|
||||||
|
"MultiBanker 2",
|
||||||
|
"BankPatch",
|
||||||
|
"BackPatcher"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"value": "Banjori",
|
||||||
|
"uuid": "f68555ff-6fbd-4f5a-bc23-34996f629c52"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://www.countercept.com/our-thinking/decrypting-qadars-banking-trojan-c2-traffic/"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"value": "Qadars",
|
||||||
|
"uuid": "a717c873-6670-447a-ba98-90db6464c07d"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://www.johannesbader.ch/2016/06/the-dga-of-sisron/"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"value": "Sisron",
|
||||||
|
"uuid": "610a136c-820d-4f5f-b66c-ae298923dc55"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://www.johannesbader.ch/2016/06/the-dga-of-sisron/"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"value": "Ranbyus",
|
||||||
|
"uuid": "6720f960-0382-479b-a0f8-f9e008995af4"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://searchfinancialsecurity.techtarget.com/news/4500249201/Fobber-Drive-by-financial-malware-returns-with-new-tricks"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"value": "Fobber",
|
||||||
|
"uuid": "da124511-463c-4514-ad05-7ec8db1b38aa"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"meta": {
|
"meta": {
|
||||||
"refs": [
|
"refs": [
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
"description": "botnet galaxy",
|
"description": "botnet galaxy",
|
||||||
"uuid": "a91732f4-164a-11e8-924a-ffd4097eb03f",
|
"uuid": "a91732f4-164a-11e8-924a-ffd4097eb03f",
|
||||||
"source": "MISP Project",
|
"source": "MISP Project",
|
||||||
"version": 6,
|
"version": 7,
|
||||||
"values": [
|
"values": [
|
||||||
{
|
{
|
||||||
"meta": {
|
"meta": {
|
||||||
|
@ -629,6 +629,68 @@
|
||||||
},
|
},
|
||||||
"value": "Trik Spam Botnet",
|
"value": "Trik Spam Botnet",
|
||||||
"uuid": "c68d5e64-7485-11e8-8625-2b14141f0501"
|
"uuid": "c68d5e64-7485-11e8-8625-2b14141f0501"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://news.softpedia.com/news/researchers-crack-mad-max-botnet-algorithm-and-see-in-the-future-506696.shtml"
|
||||||
|
],
|
||||||
|
"synonyms": [
|
||||||
|
"Mad Max"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"value": "Madmax",
|
||||||
|
"uuid": "7a6fcec7-3408-4371-907b-cbf8fc931b66"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://labs.bitdefender.com/2013/12/in-depth-analysis-of-pushdo-botnet/"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"value": "Pushdo",
|
||||||
|
"uuid": "94d12a03-6ae8-4006-a98f-80c15e6f95c0"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://www.us-cert.gov/ncas/alerts/TA15-105A"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"value": "Simda",
|
||||||
|
"uuid": "347e7a64-8ee2-487f-bcb3-ca7564fa836c"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://en.wikipedia.org/wiki/Virut"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"value": "Virut",
|
||||||
|
"uuid": "cc1432a1-6580-4338-b119-a43236528ea1"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://www.trendmicro.com/vinfo/us/threat-encyclopedia/web-attack/151/beebone-botnet-takedown-trend-micro-solutions"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"value": "Beebone",
|
||||||
|
"uuid": "49b13880-9baf-4ae0-9171-814094b03d89"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32%2FBamital",
|
||||||
|
"https://www.symantec.com/security-center/writeup/2010-070108-5941-99"
|
||||||
|
],
|
||||||
|
"synonyms": [
|
||||||
|
"Mdrop-CSK",
|
||||||
|
"Agent-OCF"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"value": "Bamital",
|
||||||
|
"uuid": "07815089-e2c6-4084-9a62-3ece7210f33f"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"authors": [
|
"authors": [
|
||||||
|
|
|
@ -9974,6 +9974,15 @@
|
||||||
},
|
},
|
||||||
"uuid": "9d09ac4a-73a0-11e8-b71c-63b86eedf9a2"
|
"uuid": "9d09ac4a-73a0-11e8-b71c-63b86eedf9a2"
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"value": "DirCrypt",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://www.johannesbader.ch/2015/03/the-dga-of-dircrypt/"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "cdcc59a0-955e-412d-b481-8dff4bce6fdf"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"value": "DBGer Ransomware",
|
"value": "DBGer Ransomware",
|
||||||
"description": "The authors of the Satan ransomware have rebranded their \"product\" and they now go by the name of DBGer ransomware, according to security researcher MalwareHunter, who spotted this new version earlier today. The change was not only in name but also in the ransomware's modus operandi. According to the researcher, whose discovery was later confirmed by an Intezer code similarity analysis, the new (Satan) DBGer ransomware now also incorporates Mimikatz, an open-source password-dumping utility. The purpose of DBGer incorporating Mimikatz is for lateral movement inside compromised networks. This fits a recently observed trend in Satan's modus operandi.",
|
"description": "The authors of the Satan ransomware have rebranded their \"product\" and they now go by the name of DBGer ransomware, according to security researcher MalwareHunter, who spotted this new version earlier today. The change was not only in name but also in the ransomware's modus operandi. According to the researcher, whose discovery was later confirmed by an Intezer code similarity analysis, the new (Satan) DBGer ransomware now also incorporates Mimikatz, an open-source password-dumping utility. The purpose of DBGer incorporating Mimikatz is for lateral movement inside compromised networks. This fits a recently observed trend in Satan's modus operandi.",
|
||||||
|
|
Loading…
Reference in a new issue