MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-30 02:37:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Remove Lstudio (group using elise) , add info to PWOBOT

Browse source
This commit is contained in:
Thanat0s 2017-02-24 13:39:53 +01:00
parent c6ac4d847c
commit 796382d4ab
1 changed files with 14 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
clusters/tool.json
View file

@ -177,13 +177,23 @@
"description": "We have discovered a malware family named PWOBot that is fairly unique because it is written entirely in Python, and compiled via PyInstaller to generate a Microsoft Windows executable. The malware has been witnessed affecting a number of Europe-based organizations, particularly in Poland. Additionally, the malware is delivered via a popular Polish file-sharing web service.", "description": "We have discovered a malware family named PWOBot that is fairly unique because it is written entirely in Python, and compiled via PyInstaller to generate a Microsoft Windows executable. The malware has been witnessed affecting a number of Europe-based organizations, particularly in Poland. Additionally, the malware is delivered via a popular Polish file-sharing web service.",
"meta": { "meta": {
"refs": [ "refs": [
"http://researchcenter.paloaltonetworks.com/2016/04/unit42-python-based-pwobot-targets-european-organizations/" "http://researchcenter.paloaltonetworks.com/2016/04/unit42-python-based-pwobot-targets-european-organizations/"
],
"synonyms" : [
"PWOLauncher",
"PWOHTTPD",
"PWOKeyLogger",
"PWOMiner",
"PWOPyExec",
"PWOQuery"
],
"category" : [
"dropper",
"coinminer",
"spyware"
] ]
} }
}, },
{
"value": "Lstudio"
},
{ {
"value": "Joy RAT" "value": "Joy RAT"
}, },