mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-26 16:57:18 +00:00
Merge https://github.com/MISP/misp-galaxy into main
This commit is contained in:
Delta-Sierra
commit
9b76d71c43
3 changed files with 221 additions and 7 deletions
|
|
@ -5291,7 +5291,7 @@
|
|||
],
|
||||
"refs": [
|
||||
"http://download.bleepingcomputer.com/demonslay335/AlphaDecrypter.zip",
|
||||
"http://www.bleepingcomputer.com/news/security/decrypted-alpha-ransomware-continues-the-trend-of-accepting-amazon-cards/",
|
||||
"https://www.bleepingcomputer.com/news/security/decrypted-alpha-ransomware-accepts-itunes-gift-cards-as-payment/",
|
||||
"https://twitter.com/malwarebread/status/804714048499621888"
|
||||
],
|
||||
"synonyms": [
|
||||
|
|
@ -24224,7 +24224,202 @@
|
|||
},
|
||||
"uuid": "feb5fa26-bad4-46da-921d-986d2fd81a40",
|
||||
"value": "WhisperGate"
|
||||
},
|
||||
{
|
||||
"description": "BlackCat (ALPHV) is ransomware written in Rust. The ransomware makes heavy use of plaintext JSON configuration files to specify the ransomware functionality. BlackCat has many advanced capabilities like escalating privileges and bypassing UAC make use of AES and ChaCha20 or Salsa encryption, may use the Restart Manager, can delete volume shadow copies, can enumerate disk volumes and network shares automatically, and may kill specific processes and services. The ransomware exists for both Windows, Linux, and ESXi systems. Multiple extortion techniques are used by the BlackCat gang, such as exfiltrating victim data before the ransomware deployment, threats to release data if the ransomw is not paid, and distributed denial-of-service (DDoS) attacks.",
|
||||
"meta": {
|
||||
"date": "June 2021",
|
||||
"encryption": "AES",
|
||||
"ransomnotes-refs": [
|
||||
"https://unit42.paloaltonetworks.com/wp-content/uploads/2022/01/word-image-78.png"
|
||||
],
|
||||
"refs": [
|
||||
"https://malpedia.caad.fkie.fraunhofer.de/details/win.blackcat",
|
||||
"https://1-id--ransomware-blogspot-com.translate.goog/2021/12/blackcat-ransomware.html?_x_tr_enc=1&_x_tr_sl=ru&_x_tr_tl=en&_x_tr_hl=ru",
|
||||
"https://medium.com/s2wblog/blackcat-new-rust-based-ransomware-borrowing-blackmatters-configuration-31c8d330a809",
|
||||
"https://github.com/f0wl/blackCatConf",
|
||||
"https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/",
|
||||
"https://www.varonis.com/blog/alphv-blackcat-ransomware",
|
||||
"https://www.intrinsec.com/alphv-ransomware-gang-analysis",
|
||||
"https://unit42.paloaltonetworks.com/blackcat-ransomware/"
|
||||
],
|
||||
"synonyms": [
|
||||
"ALPHV"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "2acf44aa-542f-4366-b4eb-55ef5747759c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "0a5231ec-41af-4a35-83d0-6bdf11f28c65",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "650c784b-7504-4df7-ab2c-4ea882384d1e",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "4cbc6a62-9e34-4f94-8a19-5c1a11392a49",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "40597f16-0963-4249-bf4c-ac93b7fb9807",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "d74c4a7e-ffbf-432f-9365-7ebf1f787cab",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "d74c4a7e-ffbf-432f-9365-7ebf1f787cab",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "e6c09b63-a424-4d9e-b7f7-b752cbbca02a",
|
||||
"value": "BlackCat"
|
||||
}
|
||||
],
|
||||
"version": 99
|
||||
"version": 100
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4197,10 +4197,12 @@
|
|||
"https://attack.mitre.org/groups/G0047/",
|
||||
"https://github.com/StrangerealIntel/CyberThreatIntel/tree/master/Russia/APT/Gamaredon",
|
||||
"https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf",
|
||||
"https://www.welivesecurity.com/2020/06/18/digging-up-invisimole-hidden-arsenal/"
|
||||
"https://www.welivesecurity.com/2020/06/18/digging-up-invisimole-hidden-arsenal/",
|
||||
"https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine"
|
||||
],
|
||||
"synonyms": [
|
||||
"Primitive Bear"
|
||||
"Primitive Bear",
|
||||
"Shuckworm"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
|
|
@ -8919,7 +8921,24 @@
|
|||
},
|
||||
"uuid": "676c1129-5664-4698-92ee-031f81baefce",
|
||||
"value": "AQUATIC PANDA"
|
||||
},
|
||||
{
|
||||
"description": "Antlion is a Chinese state-backed advanced persistent threat (APT) group, who has been targeting financial institutions in Taiwan. This persistent campaign has lasted over the course of at least 18 months.",
|
||||
"meta": {
|
||||
"cfr-suspected-victims": [
|
||||
"Taiwan"
|
||||
],
|
||||
"cfr-target-category": [
|
||||
"Financial"
|
||||
],
|
||||
"country": "CN",
|
||||
"refs": [
|
||||
"https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/china-apt-antlion-taiwan-financial-attacks"
|
||||
]
|
||||
},
|
||||
"uuid": "8482f350-867c-11ec-a8a3-0242ac120002",
|
||||
"value": "Antlion"
|
||||
}
|
||||
],
|
||||
"version": 210
|
||||
"version": 211
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
python3 adoc_galaxy.py >a.txt
|
||||
asciidoctor -a allow-uri-read a.txt
|
||||
asciidoctor-pdf -a allow-uri-read a.txt
|
||||
cp a.html ../../misp-website/galaxy.html
|
||||
cp a.pdf ../../misp-website/galaxy.pdf
|
||||
cp a.html ../../misp-website/static/galaxy.html
|
||||
cp a.pdf ../../misp-website/static/galaxy.pdf
|
||||
scp -l 81920 a.html circl@cpab.circl.lu:/var/www/nwww.circl.lu/doc/misp-galaxy/index.html
|
||||
scp -l 81920 a.pdf circl@cpab.circl.lu:/var/www/nwww.circl.lu/doc/misp-galaxy/galaxy.pdf
|
||||
|
|
|
|||
Loading…
Reference in a new issue