mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-22 23:07:19 +00:00
SloppyLemming relationsships
This commit is contained in:
parent
60340edb22
commit
70b0823947
5 changed files with 143 additions and 6 deletions
|
@ -488,7 +488,17 @@
|
||||||
],
|
],
|
||||||
"uuid": "4838b37b-2d1f-4cb8-945d-7185580f0bff",
|
"uuid": "4838b37b-2d1f-4cb8-945d-7185580f0bff",
|
||||||
"value": "TERRIBLETEA"
|
"value": "TERRIBLETEA"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "Merdoor is a fully-featured backdoor that appears to have been in existence since 2018.\nThe backdoor contains the following functionality: Installing itself as a service, Keylogging, A variety of methods to communicate with its command-and-control (C&C) server (HTTP, HTTPS, DNS, UDP, TCP), Ability to listen on a local port for commands\nInstances of the Merdoor backdoor are usually identical with the exception of embedded and encrypted configuration, which determines: C&C communication method, Service details, Installation directory\nTypically, the backdoor is injected into the legitimate processes perfhost.exe or svchost.exe.",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lancefly-merdoor-zxshell-custom-backdoor"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "8ebda9f4-f8f2-4d35-ba2b-d6ecb54b23d4",
|
||||||
|
"value": "Merdoor"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 19
|
"version": 20
|
||||||
}
|
}
|
||||||
|
|
|
@ -2031,7 +2031,29 @@
|
||||||
},
|
},
|
||||||
"uuid": "40cd57f6-39c9-4a9f-b4cf-de4762642bff",
|
"uuid": "40cd57f6-39c9-4a9f-b4cf-de4762642bff",
|
||||||
"value": "Ztorg"
|
"value": "Ztorg"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://www.team-cymru.com/post/botnet-7777-are-you-betting-on-a-compromised-router",
|
||||||
|
"https://gi7w0rm.medium.com/the-curious-case-of-the-7777-botnet-86e3464c3ffd"
|
||||||
|
],
|
||||||
|
"synonyms": [
|
||||||
|
"7777"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "3e027dad-9c0a-437e-9938-dd3cf13b0c22",
|
||||||
|
"value": "Quad7"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://www.team-cymru.com/post/botnet-7777-are-you-betting-on-a-compromised-router"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "963d898f-dc48-409e-8069-aaa51ad6664c",
|
||||||
|
"value": "63256 botnet"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 35
|
"version": 36
|
||||||
}
|
}
|
||||||
|
|
|
@ -1494,6 +1494,15 @@
|
||||||
"HavocCrypt Ransomware"
|
"HavocCrypt Ransomware"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "6f7489f5-7edc-4693-b35a-44e79c969678",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "used-by"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "c6bef9c8-becb-4bee-bd97-c1c655133396",
|
"uuid": "c6bef9c8-becb-4bee-bd97-c1c655133396",
|
||||||
"value": "Havoc"
|
"value": "Havoc"
|
||||||
},
|
},
|
||||||
|
@ -29684,5 +29693,5 @@
|
||||||
"value": "orca"
|
"value": "orca"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 133
|
"version": 134
|
||||||
}
|
}
|
||||||
|
|
|
@ -15215,6 +15215,15 @@
|
||||||
"Outrider Tiger"
|
"Outrider Tiger"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "6f7489f5-7edc-4693-b35a-44e79c969678",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "0df34184-4ccf-4357-8e8e-e990058d2992",
|
"uuid": "0df34184-4ccf-4357-8e8e-e990058d2992",
|
||||||
"value": "Fishing Elephant"
|
"value": "Fishing Elephant"
|
||||||
},
|
},
|
||||||
|
@ -16710,9 +16719,88 @@
|
||||||
"https://blog.cloudflare.com/unraveling-sloppylemming-operations/"
|
"https://blog.cloudflare.com/unraveling-sloppylemming-operations/"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "0df34184-4ccf-4357-8e8e-e990058d2992",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "97f26fab-af0e-4da9-b4c1-aec70cace22d",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "c6bef9c8-becb-4bee-bd97-c1c655133396",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "4b09b683-5650-4a6c-a383-d8f3b686ebc2",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "targets"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "84668357-5a8c-4bdd-9f0f-6b50b250414b",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "targets"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "84668357-5a8c-4bdd-9f0f-6b50b2424744",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "targets"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "84668357-5a8c-4bdd-9f0f-6b50b249444e",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "targets"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "84668357-5a8c-4bdd-9f0f-6b50b24c4b41",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "targets"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "84668357-5a8c-4bdd-9f0f-6b50b243484e",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "targets"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "84668357-5a8c-4bdd-9f0f-6b50b24e504c",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "targets"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "6012ecea-dcc8-490c-b368-e2e06b2cb62f",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "targets"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "6f7489f5-7edc-4693-b35a-44e79c969678",
|
"uuid": "6f7489f5-7edc-4693-b35a-44e79c969678",
|
||||||
"value": "SloppyLemming"
|
"value": "SloppyLemming"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 314
|
"version": 315
|
||||||
}
|
}
|
||||||
|
|
|
@ -1882,7 +1882,8 @@
|
||||||
"refs": [
|
"refs": [
|
||||||
"http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html",
|
"http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html",
|
||||||
"https://blogs.cisco.com/security/talos/opening-zxshell",
|
"https://blogs.cisco.com/security/talos/opening-zxshell",
|
||||||
"https://www.secureworks.com/research/a-peek-into-bronze-unions-toolbox"
|
"https://www.secureworks.com/research/a-peek-into-bronze-unions-toolbox",
|
||||||
|
"https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lancefly-merdoor-zxshell-custom-backdoor"
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"Sensode"
|
"Sensode"
|
||||||
|
@ -9208,6 +9209,13 @@
|
||||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
],
|
],
|
||||||
"type": "similar"
|
"type": "similar"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "6f7489f5-7edc-4693-b35a-44e79c969678",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "used-by"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"uuid": "97f26fab-af0e-4da9-b4c1-aec70cace22d",
|
"uuid": "97f26fab-af0e-4da9-b4c1-aec70cace22d",
|
||||||
|
@ -11075,5 +11083,5 @@
|
||||||
"value": "SLIVER"
|
"value": "SLIVER"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 173
|
"version": 174
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue