mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-26 16:57:18 +00:00
Kimsuky relations
This commit is contained in:
parent
77462a1dbb
commit
70456bd8ac
5 changed files with 358 additions and 1 deletions
|
@ -674,6 +674,13 @@
|
||||||
"estimative-language:likelihood-probability=\"likely\""
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
],
|
],
|
||||||
"type": "similar"
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "used-by"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"uuid": "e683cd91-40b4-4e1c-be25-34a27610a22e",
|
"uuid": "e683cd91-40b4-4e1c-be25-34a27610a22e",
|
||||||
|
|
|
@ -23395,6 +23395,36 @@
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"description": "ransomware",
|
"description": "ransomware",
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "used-by"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "509aff15-ba17-4582-b1a0-b0ed89df01d8",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "c76e2ee8-52d1-4a55-81df-5542d232ca32",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "a8f167a8-30b9-4953-8eb6-247f0d046d32",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "d650da35-7ad7-417a-902a-16ea55bd1126",
|
"uuid": "d650da35-7ad7-417a-902a-16ea55bd1126",
|
||||||
"value": "XRat"
|
"value": "XRat"
|
||||||
},
|
},
|
||||||
|
|
|
@ -760,6 +760,27 @@
|
||||||
"estimative-language:likelihood-probability=\"likely\""
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
],
|
],
|
||||||
"type": "similar"
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "used-by"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "4d58ad7d-b5ee-4efb-b6af-6c70aadb326a",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "da04ac30-27da-4959-a67d-450ce47d9470",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"uuid": "6efa425c-3731-44fd-9224-2a62df061a2d",
|
"uuid": "6efa425c-3731-44fd-9224-2a62df061a2d",
|
||||||
|
@ -1064,6 +1085,36 @@
|
||||||
"https://github.com/c4bbage/xRAT"
|
"https://github.com/c4bbage/xRAT"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "used-by"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "c76e2ee8-52d1-4a55-81df-5542d232ca32",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "d650da35-7ad7-417a-902a-16ea55bd1126",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "a8f167a8-30b9-4953-8eb6-247f0d046d32",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "509aff15-ba17-4582-b1a0-b0ed89df01d8",
|
"uuid": "509aff15-ba17-4582-b1a0-b0ed89df01d8",
|
||||||
"value": "xRAT"
|
"value": "xRAT"
|
||||||
},
|
},
|
||||||
|
@ -1496,6 +1547,15 @@
|
||||||
"https://chrome.google.com/webstore/detail/chrome-remote-desktop/gbchcmhmhahfdphkhkmpfmihenigjmpp?hl=en"
|
"https://chrome.google.com/webstore/detail/chrome-remote-desktop/gbchcmhmhahfdphkhkmpfmihenigjmpp?hl=en"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "used-by"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "6583d982-a5cb-47e0-a3b0-bc18cadaeb53",
|
"uuid": "6583d982-a5cb-47e0-a3b0-bc18cadaeb53",
|
||||||
"value": "Chrome Remote Desktop"
|
"value": "Chrome Remote Desktop"
|
||||||
},
|
},
|
||||||
|
|
|
@ -5553,7 +5553,8 @@
|
||||||
"https://attack.mitre.org/groups/G0086/",
|
"https://attack.mitre.org/groups/G0086/",
|
||||||
"https://us-cert.cisa.gov/ncas/alerts/aa20-301a",
|
"https://us-cert.cisa.gov/ncas/alerts/aa20-301a",
|
||||||
"https://www.cybereason.com/blog/back-to-the-future-inside-the-kimsuky-kgh-spyware-suite",
|
"https://www.cybereason.com/blog/back-to-the-future-inside-the-kimsuky-kgh-spyware-suite",
|
||||||
"https://mandiant.widen.net/s/zvmfw5fnjs/apt43-report"
|
"https://mandiant.widen.net/s/zvmfw5fnjs/apt43-report",
|
||||||
|
"https://asec.ahnlab.com/en/57873/"
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"Velvet Chollima",
|
"Velvet Chollima",
|
||||||
|
@ -5571,6 +5572,146 @@
|
||||||
"estimative-language:likelihood-probability=\"likely\""
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
],
|
],
|
||||||
"type": "similar"
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "509aff15-ba17-4582-b1a0-b0ed89df01d8",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "c76e2ee8-52d1-4a55-81df-5542d232ca32",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "d650da35-7ad7-417a-902a-16ea55bd1126",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "a8f167a8-30b9-4953-8eb6-247f0d046d32",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "4d58ad7d-b5ee-4efb-b6af-6c70aadb326a",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "6efa425c-3731-44fd-9224-2a62df061a2d",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "05252643-093b-4070-b62f-d5836683a9fa",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "da04ac30-27da-4959-a67d-450ce47d9470",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "bea5f660-a106-4983-a11a-0e0b6ce348d2",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "5a78ec38-8b93-4dde-a99e-0c9b77674838",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "e683cd91-40b4-4e1c-be25-34a27610a22e",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "e596e014-c0b7-491a-afee-3588fbfc61c1",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "6583d982-a5cb-47e0-a3b0-bc18cadaeb53",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "78ed653d-2d76-4a99-849e-1509e4573c32",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "8abdd40c-d79a-4353-80e3-29f8a4229a37",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "d1b7830a-fced-4be3-a99c-f495af9d9e1b",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "cdd432b0-8899-4e7d-ad4a-b18741ade11d",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "0ec2f388-bf0f-4b5c-97b1-fc736d26c25f",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "860643d6-5693-4e4e-ad1f-56c49faa10a7",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "4e18657-3995-5837-88f1-f823520382a8",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
|
"uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
|
||||||
|
|
|
@ -4249,6 +4249,27 @@
|
||||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
],
|
],
|
||||||
"type": "similar"
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "used-by"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "509aff15-ba17-4582-b1a0-b0ed89df01d8",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "d650da35-7ad7-417a-902a-16ea55bd1126",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"uuid": "c76e2ee8-52d1-4a55-81df-5542d232ca32",
|
"uuid": "c76e2ee8-52d1-4a55-81df-5542d232ca32",
|
||||||
|
@ -5303,6 +5324,34 @@
|
||||||
"estimative-language:likelihood-probability=\"likely\""
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
],
|
],
|
||||||
"type": "used-by"
|
"type": "used-by"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "used-by"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "6efa425c-3731-44fd-9224-2a62df061a2d",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "05252643-093b-4070-b62f-d5836683a9fa",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "da04ac30-27da-4959-a67d-450ce47d9470",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"uuid": "4d58ad7d-b5ee-4efb-b6af-6c70aadb326a",
|
"uuid": "4d58ad7d-b5ee-4efb-b6af-6c70aadb326a",
|
||||||
|
@ -8524,6 +8573,20 @@
|
||||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
],
|
],
|
||||||
"type": "similar"
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "used-by"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "d1b7830a-fced-4be3-a99c-f495af9d9e1b",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"uuid": "78ed653d-2d76-4a99-849e-1509e4573c32",
|
"uuid": "78ed653d-2d76-4a99-849e-1509e4573c32",
|
||||||
|
@ -10675,6 +10738,62 @@
|
||||||
],
|
],
|
||||||
"uuid": "f162df7a-725b-40ef-add2-43ce74eb50a4",
|
"uuid": "f162df7a-725b-40ef-add2-43ce74eb50a4",
|
||||||
"value": "AtlasAgent"
|
"value": "AtlasAgent"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://asec.ahnlab.com/en/57873/"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "used-by"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"uuid": "bea5f660-a106-4983-a11a-0e0b6ce348d2",
|
||||||
|
"value": "RDP Wrapper"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "open-source VNC tool",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://asec.ahnlab.com/en/57873/"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "used-by"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"uuid": "e596e014-c0b7-491a-afee-3588fbfc61c1",
|
||||||
|
"value": "TightVNC"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "Malware",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://asec.ahnlab.com/en/57873/"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "bcaaad6f-0597-4b89-b69b-84a6be2b7bc3",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "used-by"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"uuid": "cdd432b0-8899-4e7d-ad4a-b18741ade11d",
|
||||||
|
"value": "RevClient"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 170
|
"version": 170
|
||||||
|
|
Loading…
Reference in a new issue