mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-26 00:37:18 +00:00
update 2 array
This commit is contained in:
parent
7265af6612
commit
a29a5afbe8
2 changed files with 195 additions and 160 deletions
|
@ -1,167 +1,194 @@
|
|||
{
|
||||
"values": [
|
||||
{
|
||||
"value" : "PlugX",
|
||||
"description" : "Malware",
|
||||
"meta" : {
|
||||
"refs" : [
|
||||
"https://www.trendmicro.com/vinfo/us/threat-encyclopedia/web-attack/112/pulling-the-plug-on-plugx"
|
||||
],
|
||||
"synonyms" : [
|
||||
"Backdoor.FSZO-5117",
|
||||
"Trojan.Heur.JP.juW@ayZZvMb",
|
||||
"Trojan.Inject1.6386",
|
||||
"Korplug",
|
||||
"Agent.dhwf"
|
||||
],
|
||||
"type" : "rat"
|
||||
}
|
||||
},
|
||||
{
|
||||
"value" : "MSUpdater",
|
||||
"description" : " Trojan (RAT) linked to current targeted attacks and others dating back to at least early 2009",
|
||||
"meta" : {
|
||||
"refs" : [
|
||||
"https://www.zscaler.com/pdf/whitepapers/msupdater_trojan_whitepaper.pdfx"
|
||||
],
|
||||
"type" : "rat"
|
||||
}
|
||||
},
|
||||
{
|
||||
"value" : "Lazagne",
|
||||
"description" : "A password sthealing tool regularly used by attackers",
|
||||
"meta" : {
|
||||
"refs" : [
|
||||
"https://github.com/AlessandroZ/LaZagne"
|
||||
],
|
||||
"type" : "tool"
|
||||
}
|
||||
},
|
||||
{
|
||||
"value" : "Poison Ivy",
|
||||
"description" : "Poison Ivy is a RAT which was freely available and first released in 2005.",
|
||||
"meta" : {
|
||||
"refs" : [
|
||||
"https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-poison-ivy.pdf",
|
||||
"https://www.f-secure.com/v-descs/backdoor_w32_poisonivy.shtml"
|
||||
],
|
||||
"synonyms" : [
|
||||
"Backdoor.Win32.PoisonIvy",
|
||||
"Gen:Trojan.Heur.PT"
|
||||
],
|
||||
"type" : "rat"
|
||||
}
|
||||
},
|
||||
{
|
||||
"value" : "SPIVY",
|
||||
"description" : "In March 2016, Unit 42 observed this new Poison Ivy variant we’ve named SPIVY being deployed via weaponized documents leveraging CVE-2015-2545.",
|
||||
"meta" : {
|
||||
"refs" : [
|
||||
"http://researchcenter.paloaltonetworks.com/2016/04/unit42-new-poison-ivy-rat-variant-targets-hong-kong-pro-democracy-activists/"
|
||||
],
|
||||
"type" :"rat"
|
||||
}
|
||||
},
|
||||
{
|
||||
"value" : "Torn RAT",
|
||||
"meta" : {
|
||||
"refs" : [
|
||||
"https://www.crowdstrike.com/blog/whois-anchor-panda/"
|
||||
],
|
||||
"synonyms" : [
|
||||
"Anchor Panda"
|
||||
],
|
||||
"type": "rat"
|
||||
}
|
||||
},
|
||||
{
|
||||
"value" : "OzoneRAT",
|
||||
"meta" : {
|
||||
"refs" : [
|
||||
"https://blog.fortinet.com/2016/08/29/german-speakers-targeted-by-spam-leading-to-ozone-rat"
|
||||
],
|
||||
"synonyms" : [
|
||||
"Ozone RAT",
|
||||
"ozonercp"
|
||||
],
|
||||
"type" : [
|
||||
"rat"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value" : "ZeGhost",
|
||||
"description" : "ZeGhots is a RAT which was freely available and first released in 2014.",
|
||||
"meta" : {
|
||||
"refs" : [
|
||||
"https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Backdoor%3aWin32%2fZegost.BW"
|
||||
],
|
||||
"synonyms" : [
|
||||
"BackDoor-FBZT!52D84425CDF2",
|
||||
"Trojan.Win32.Staser.ytq",
|
||||
"Win32/Zegost.BW"
|
||||
],
|
||||
"type" : "rat"
|
||||
}
|
||||
},
|
||||
{
|
||||
"value" : "Elise Backdoor",
|
||||
"description" : " Trojan (RAT) linked to current targeted attacks and others dating back to at least early 2009",
|
||||
"meta" : {
|
||||
"refs" : [
|
||||
"http://thehackernews.com/2015/08/elise-malware-hacking.html"
|
||||
],
|
||||
"synonyms" : [
|
||||
"Elise"
|
||||
],
|
||||
"type" : "dropper, stealer"
|
||||
}
|
||||
},
|
||||
{
|
||||
"value" : "Trojan.Laziok",
|
||||
"description" : "A new information stealer, Trojan.Laziok, acts as a reconnaissance tool allowing attackers to gather information and tailor their attack methods for each compromised computer.",
|
||||
"meta" : {
|
||||
"refs" : [
|
||||
"http://www.symantec.com/connect/blogs/new-reconnaissance-threat-trojanlaziok-targets-energy-sector"
|
||||
],
|
||||
"synonyms" : [
|
||||
"Laziok"
|
||||
],
|
||||
"type" : "stealer ,reco"
|
||||
}
|
||||
},
|
||||
{
|
||||
"value" : "Slempo",
|
||||
"description" : "Android-based malware",
|
||||
"meta" : {
|
||||
"refs" : [
|
||||
"https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/"
|
||||
],
|
||||
"synonyms" : [
|
||||
"GM-Bot",
|
||||
"SlemBunk",
|
||||
"Bankosy",
|
||||
"Acecard"
|
||||
],
|
||||
"type" : "spyware, android"
|
||||
}
|
||||
},
|
||||
{
|
||||
{
|
||||
"value": "PlugX",
|
||||
"description": "Malware",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.trendmicro.com/vinfo/us/threat-encyclopedia/web-attack/112/pulling-the-plug-on-plugx"
|
||||
],
|
||||
"synonyms": [
|
||||
"Backdoor.FSZO-5117",
|
||||
"Trojan.Heur.JP.juW@ayZZvMb",
|
||||
"Trojan.Inject1.6386",
|
||||
"Korplug",
|
||||
"Agent.dhwf"
|
||||
],
|
||||
"type": [
|
||||
"rat"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "MSUpdater",
|
||||
"description": " Trojan (RAT) linked to current targeted attacks and others dating back to at least early 2009",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.zscaler.com/pdf/whitepapers/msupdater_trojan_whitepaper.pdfx"
|
||||
],
|
||||
"type": [
|
||||
"rat"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "Lazagne",
|
||||
"description": "A password sthealing tool regularly used by attackers",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://github.com/AlessandroZ/LaZagne"
|
||||
],
|
||||
"type": [
|
||||
"tool"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "Poison Ivy",
|
||||
"description": "Poison Ivy is a RAT which was freely available and first released in 2005.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-poison-ivy.pdf",
|
||||
"https://www.f-secure.com/v-descs/backdoor_w32_poisonivy.shtml"
|
||||
],
|
||||
"synonyms": [
|
||||
"Backdoor.Win32.PoisonIvy",
|
||||
"Gen:Trojan.Heur.PT"
|
||||
],
|
||||
"type": [
|
||||
"rat"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "SPIVY",
|
||||
"description": "In March 2016, Unit 42 observed this new Poison Ivy variant we’ve named SPIVY being deployed via weaponized documents leveraging CVE-2015-2545.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"http://researchcenter.paloaltonetworks.com/2016/04/unit42-new-poison-ivy-rat-variant-targets-hong-kong-pro-democracy-activists/"
|
||||
],
|
||||
"type": [
|
||||
"rat"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "Torn RAT",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.crowdstrike.com/blog/whois-anchor-panda/"
|
||||
],
|
||||
"synonyms": [
|
||||
"Anchor Panda"
|
||||
],
|
||||
"type": [
|
||||
"rat"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "OzoneRAT",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://blog.fortinet.com/2016/08/29/german-speakers-targeted-by-spam-leading-to-ozone-rat"
|
||||
],
|
||||
"synonyms": [
|
||||
"Ozone RAT",
|
||||
"ozonercp"
|
||||
],
|
||||
"type": [
|
||||
"rat"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "ZeGhost",
|
||||
"description": "ZeGhots is a RAT which was freely available and first released in 2014.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Backdoor%3aWin32%2fZegost.BW"
|
||||
],
|
||||
"synonyms": [
|
||||
"BackDoor-FBZT!52D84425CDF2",
|
||||
"Trojan.Win32.Staser.ytq",
|
||||
"Win32/Zegost.BW"
|
||||
],
|
||||
"type": [
|
||||
"rat"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "Elise Backdoor",
|
||||
"description": " Trojan (RAT) linked to current targeted attacks and others dating back to at least early 2009",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"http://thehackernews.com/2015/08/elise-malware-hacking.html"
|
||||
],
|
||||
"synonyms": [
|
||||
"Elise"
|
||||
],
|
||||
"type": [
|
||||
"dropper",
|
||||
"stealer"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "Trojan.Laziok",
|
||||
"description": "A new information stealer, Trojan.Laziok, acts as a reconnaissance tool allowing attackers to gather information and tailor their attack methods for each compromised computer.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"http://www.symantec.com/connect/blogs/new-reconnaissance-threat-trojanlaziok-targets-energy-sector"
|
||||
],
|
||||
"synonyms": [
|
||||
"Laziok"
|
||||
],
|
||||
"type": [
|
||||
"stealer",
|
||||
"reco"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "Slempo",
|
||||
"description": "Android-based malware",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/"
|
||||
],
|
||||
"synonyms": [
|
||||
"GM-Bot",
|
||||
"SlemBunk",
|
||||
"Bankosy",
|
||||
"Acecard"
|
||||
],
|
||||
"type": [
|
||||
"spyware",
|
||||
"android"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "PWOBot",
|
||||
"description": "We have discovered a malware family named ‘PWOBot’ that is fairly unique because it is written entirely in Python, and compiled via PyInstaller to generate a Microsoft Windows executable. The malware has been witnessed affecting a number of Europe-based organizations, particularly in Poland. Additionally, the malware is delivered via a popular Polish file-sharing web service.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"http://researchcenter.paloaltonetworks.com/2016/04/unit42-python-based-pwobot-targets-european-organizations/"
|
||||
"http://researchcenter.paloaltonetworks.com/2016/04/unit42-python-based-pwobot-targets-european-organizations/"
|
||||
],
|
||||
"synonyms" : [
|
||||
"PWOLauncher",
|
||||
"PWOHTTPD",
|
||||
"PWOKeyLogger",
|
||||
"PWOMiner",
|
||||
"PWOPyExec",
|
||||
"PWOQuery"
|
||||
"synonyms": [
|
||||
"PWOLauncher",
|
||||
"PWOHTTPD",
|
||||
"PWOKeyLogger",
|
||||
"PWOMiner",
|
||||
"PWOPyExec",
|
||||
"PWOQuery"
|
||||
],
|
||||
"type" : "dropper, coinminer, spyware"
|
||||
"type": [
|
||||
"dropper",
|
||||
"miner",
|
||||
"spyware"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
|
@ -175,7 +202,9 @@
|
|||
"refs": [
|
||||
"http://blog.trendmicro.com/trendlabs-security-intelligence/lost-door-rat-accessible-customizable-attack-tool/"
|
||||
],
|
||||
"type": "rat"
|
||||
"type": [
|
||||
"rat"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
|
@ -188,7 +217,9 @@
|
|||
"refs": [
|
||||
"http://www.fidelissecurity.com/files/files/FTA_1009-njRAT_Uncovered_rev2.pdf"
|
||||
],
|
||||
"type": "rat"
|
||||
"type": [
|
||||
"rat"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
|
@ -198,7 +229,7 @@
|
|||
"NanoCore",
|
||||
"Nancrat",
|
||||
"Zurten",
|
||||
"Atros2.CKPN"
|
||||
"Atros2.CKPN"
|
||||
],
|
||||
"refs": [
|
||||
"http://www.symantec.com/connect/blogs/nanocore-another-rat-tries-make-it-out-gutter",
|
||||
|
|
|
@ -74,7 +74,11 @@
|
|||
"type": "string"
|
||||
},
|
||||
"type": {
|
||||
"type": "string"
|
||||
"type": "array",
|
||||
"uniqueItems": true,
|
||||
"items": {
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"impact": {
|
||||
"type": "string"
|
||||
|
|
Loading…
Reference in a new issue