Merge branch 'master' of github.com:MISP/misp-galaxy

This commit is contained in:
Alexandre Dulaunoy 2017-01-17 20:56:36 +01:00
commit 7a97b1bcb2
2 changed files with 91 additions and 5 deletions

View file

@ -1350,6 +1350,14 @@
], ],
"motive": "Hacktivists-Nationalists" "motive": "Hacktivists-Nationalists"
} }
},
{
"value": "Equation Group",
"description": "The Equation Group is a highly sophisticated threat actor described by its discoverers at Kaspersky Labs as one of the most sophisticated cyber attack groups in the world, operating alongside but always from a position of superiority with the creators of Stuxnet and Flame",
"meta": {
"country": "US",
"refs": ["https://en.wikipedia.org/wiki/Equation_Group"]
}
} }
], ],
"name": "Threat actor", "name": "Threat actor",
@ -1364,5 +1372,5 @@
], ],
"description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.", "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.",
"uuid": "7cdff317-a673-4474-84ec-4f1754947823", "uuid": "7cdff317-a673-4474-84ec-4f1754947823",
"version": 11 "version": 12
} }

View file

@ -303,13 +303,86 @@
"value": "CORESHELL" "value": "CORESHELL"
}, },
{ {
"value": "CHOPSTICK" "value": "CHOPSTICK",
"description": "backdoor",
"meta": {
"synonyms": [
"Xagent",
"webhp",
"SPLM",
"(.v2 fysbis)"
],
"refs": [
"https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf"
]
}
}, },
{ {
"value": "SOURFACE" "value": "EVILTOSS",
"description": "backdoor",
"meta": {
"synonyms": [
"Sedreco",
"AZZY",
"Xagent",
"ADVSTORESHELL",
"NETUI"
],
"refs": [
"https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf"
]
}
}, },
{ {
"value": "OLDBAIT" "value": "GAMEFISH",
"description": "backdoor",
"meta": {
"synonyms": [
"Sednit",
"Seduploader",
"JHUHUGIT",
"Sofacy"
],
"refs": [
"https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf"
]
}
},
{
"value": "SOURFACE",
"description": "downloader - Older version of CORESHELL",
"meta": {
"synonyms": [
"Sofacy"
],
"refs": [
"https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf"
]
}
},
{
"value": "OLDBAIT",
"description": "credential harvester",
"meta": {
"synonyms": [
"Sasfis"
],
"refs": [
"https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf"
]
}
},
{
"value": "CORESHELL",
"description": "downloader - Newer version of SOURFACE",
"meta": {
"synonyms": [
"Sofacy"
],
"refs": [
"https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf"
]
}
}, },
{ {
"value": "Havex RAT", "value": "Havex RAT",
@ -359,7 +432,12 @@
"value": "FireMalv" "value": "FireMalv"
}, },
{ {
"value": "Regin" "value": "Regin",
"description": "Regin (also known as Prax or WarriorPride) is a sophisticated malware toolkit revealed by Kaspersky Lab, Symantec, and The Intercept in November 2014. The malware targets specific users of Microsoft Windows-based computers and has been linked to the US intelligence gathering agency NSA and its British counterpart, the GCHQ. The Intercept provided samples of Regin for download including malware discovered at Belgian telecommunications provider, Belgacom. Kaspersky Lab says it first became aware of Regin in spring 2012, but that some of the earliest samples date from 2003. The name Regin is first found on the VirusTotal website on 9 March 2011.",
"meta": {
"refs": ["https://en.wikipedia.org/wiki/Regin_(malware)"],
"synonyms": ["Prax","WarriorPride"]
}
}, },
{ {
"value": "Duqu" "value": "Duqu"