From ce94cb845886f97c891074242e2dafe2a95ebc50 Mon Sep 17 00:00:00 2001 From: Kafeine Date: Sat, 22 Dec 2018 10:19:52 +0100 Subject: [PATCH 1/3] novidade,taurus --- clusters/exploit-kit.json | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/clusters/exploit-kit.json b/clusters/exploit-kit.json index c6489c3..8c5db5c 100644 --- a/clusters/exploit-kit.json +++ b/clusters/exploit-kit.json @@ -97,7 +97,7 @@ "http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-ramps-up-spear-phishing-before-zero-days-get-patched/", "https://www.welivesecurity.com/2017/12/21/sednit-update-fancy-bear-spent-year/" ], - "status": "Retired - Last seen ", + "status": "", "synonyms": [ "Sednit RTF EK" ] @@ -120,6 +120,20 @@ "uuid": "74fb6a14-1279-4a5b-939a-76478d36d3e1", "value": "DNSChanger" }, + { + "description": "Novidade Exploit Kit is an exploit kit targeting Routers via the browser", + "meta": { + "refs": [ + "https://blog.trendmicro.com/trendlabs-security-intelligence/new-exploit-kit-novidade-found-targeting-home-and-soho-routers/" + ], + "status": "Active", + "synonyms": [ + "DNSGhost" + ] + }, + "uuid": "88acc3b7-2cdd-4e7b-ad0b-2880ffa1eb6d", + "value": "Novidade" + }, { "description": "Disdain EK has been introduced on underground forum on 2017-08-07. The panel is stolen from Sundown, the pattern are Terror alike and the obfuscation reminds Nebula", "meta": { @@ -201,6 +215,17 @@ "uuid": "b8be7af8-69a8-11e8-adc0-fa7ae01bbebc", "value": "VenomKit" }, + { + "description": "Taurus Builder is a tool used to generate malicious MS Word documents that contain macros. The kit is advertised on forums by the user \"badbullzvenom\". ", + "meta": { + "refs": [ + "" + ], + "status": "Active" + }, + "uuid": "63988ca2-46c8-4bda-be46-96a8670af357", + "value": "Taurus Builder" + }, { "description": "RIG is an exploit kit that takes its source in Infinity EK itself an evolution of Redkit. It became dominant after the fall of Angler, Nuclear Pack and the end of public access to Neutrino. RIG-v is the name given to RIG 4 when it was only accessible by \"vip\" customers and when RIG 3 was still in use.", "meta": { @@ -751,5 +776,5 @@ "value": "Unknown" } ], - "version": 13 + "version": 14 } From 5766cd68f8edb88f1c1c2e40c42c32defd8c36a0 Mon Sep 17 00:00:00 2001 From: Kafeine Date: Sat, 22 Dec 2018 11:51:40 +0100 Subject: [PATCH 2/3] zTDS --- clusters/tds.json | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/clusters/tds.json b/clusters/tds.json index 5865325..5b7658f 100644 --- a/clusters/tds.json +++ b/clusters/tds.json @@ -74,6 +74,19 @@ "uuid": "aa179c37-1a8a-4761-841a-cc940e19d7be", "value": "SimpleTDS" }, + { + "description": "zTDS is an open source TDS", + "meta": { + "refs": [ + "http://ztds.info/doku.php" + ], + "type": [ + "OpenSource" + ] + }, + "uuid": "7a84de25-545a-4220-b500-85b9219dd67d", + "value": "zTDS" + }, { "description": "BossTDS", "meta": { @@ -121,5 +134,5 @@ "value": "Orchid TDS" } ], - "version": 3 + "version": 4 } From 915b673b7af17037489f0879ee1e794fad2094fc Mon Sep 17 00:00:00 2001 From: Kafeine Date: Sun, 28 Apr 2019 12:24:48 +0200 Subject: [PATCH 3/3] += Spelevo --- clusters/exploit-kit.json | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/clusters/exploit-kit.json b/clusters/exploit-kit.json index 8c5db5c..a2b249f 100644 --- a/clusters/exploit-kit.json +++ b/clusters/exploit-kit.json @@ -245,6 +245,17 @@ }, "uuid": "0545e5c0-ed0d-4a02-a69d-31e9e2b31e8a", "value": "RIG" + }, + { + "description": "Spelevo is an exploit kit that appeared at the end of February 2019 and could be an evolution of SPL EK", + "meta": { + "refs": [ + "https://twitter.com/kafeine/status/1103649040800145409" + ], + "status": "Active" + }, + "uuid": "c880991f-1c17-4bf2-8955-50309364e358", + "value": "Spelevo" }, { "description": "Sednit EK is the exploit kit used by APT28",