MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-29 18:27:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

update 2 array

Browse source
This commit is contained in:
Thanat0s 2017-02-24 23:36:45 +01:00
parent 7265af6612
commit a29a5afbe8
2 changed files with 195 additions and 160 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

349
clusters/tool.json
View file

@ -1,167 +1,194 @@
{ {
"values": [ "values": [
{ {
"value" : "PlugX", "value": "PlugX",
"description" : "Malware", "description": "Malware",
"meta" : { "meta": {
"refs" : [ "refs": [
"https://www.trendmicro.com/vinfo/us/threat-encyclopedia/web-attack/112/pulling-the-plug-on-plugx" "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/web-attack/112/pulling-the-plug-on-plugx"
], ],
"synonyms" : [ "synonyms": [
"Backdoor.FSZO-5117", "Backdoor.FSZO-5117",
"Trojan.Heur.JP.juW@ayZZvMb", "Trojan.Heur.JP.juW@ayZZvMb",
"Trojan.Inject1.6386", "Trojan.Inject1.6386",
"Korplug", "Korplug",
"Agent.dhwf" "Agent.dhwf"
], ],
"type" : "rat" "type": [
} "rat"
}, ]
{ }
"value" : "MSUpdater", },
"description" : " Trojan (RAT) linked to current targeted attacks and others dating back to at least early 2009", {
"meta" : { "value": "MSUpdater",
"refs" : [ "description": " Trojan (RAT) linked to current targeted attacks and others dating back to at least early 2009",
"https://www.zscaler.com/pdf/whitepapers/msupdater_trojan_whitepaper.pdfx" "meta": {
], "refs": [
"type" : "rat" "https://www.zscaler.com/pdf/whitepapers/msupdater_trojan_whitepaper.pdfx"
} ],
}, "type": [
{ "rat"
"value" : "Lazagne", ]
"description" : "A password sthealing tool regularly used by attackers", }
"meta" : { },
"refs" : [ {
"https://github.com/AlessandroZ/LaZagne" "value": "Lazagne",
], "description": "A password sthealing tool regularly used by attackers",
"type" : "tool" "meta": {
} "refs": [
}, "https://github.com/AlessandroZ/LaZagne"
{ ],
"value" : "Poison Ivy", "type": [
"description" : "Poison Ivy is a RAT which was freely available and first released in 2005.", "tool"
"meta" : { ]
"refs" : [ }
"https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-poison-ivy.pdf", },
"https://www.f-secure.com/v-descs/backdoor_w32_poisonivy.shtml" {
], "value": "Poison Ivy",
"synonyms" : [ "description": "Poison Ivy is a RAT which was freely available and first released in 2005.",
"Backdoor.Win32.PoisonIvy", "meta": {
"Gen:Trojan.Heur.PT" "refs": [
], "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-poison-ivy.pdf",
"type" : "rat" "https://www.f-secure.com/v-descs/backdoor_w32_poisonivy.shtml"
} ],
}, "synonyms": [
{ "Backdoor.Win32.PoisonIvy",
"value" : "SPIVY", "Gen:Trojan.Heur.PT"
"description" : "In March 2016, Unit 42 observed this new Poison Ivy variant weve named SPIVY being deployed via weaponized documents leveraging CVE-2015-2545.", ],
"meta" : { "type": [
"refs" : [ "rat"
"http://researchcenter.paloaltonetworks.com/2016/04/unit42-new-poison-ivy-rat-variant-targets-hong-kong-pro-democracy-activists/" ]
], }
"type" :"rat" },
} {
}, "value": "SPIVY",
{ "description": "In March 2016, Unit 42 observed this new Poison Ivy variant weve named SPIVY being deployed via weaponized documents leveraging CVE-2015-2545.",
"value" : "Torn RAT", "meta": {
"meta" : { "refs": [
"refs" : [ "http://researchcenter.paloaltonetworks.com/2016/04/unit42-new-poison-ivy-rat-variant-targets-hong-kong-pro-democracy-activists/"
"https://www.crowdstrike.com/blog/whois-anchor-panda/" ],
], "type": [
"synonyms" : [ "rat"
"Anchor Panda" ]
], }
"type": "rat" },
} {
}, "value": "Torn RAT",
{ "meta": {
"value" : "OzoneRAT", "refs": [
"meta" : { "https://www.crowdstrike.com/blog/whois-anchor-panda/"
"refs" : [ ],
"https://blog.fortinet.com/2016/08/29/german-speakers-targeted-by-spam-leading-to-ozone-rat" "synonyms": [
], "Anchor Panda"
"synonyms" : [ ],
"Ozone RAT", "type": [
"ozonercp" "rat"
], ]
"type" : [ }
"rat" },
] {
} "value": "OzoneRAT",
}, "meta": {
{ "refs": [
"value" : "ZeGhost", "https://blog.fortinet.com/2016/08/29/german-speakers-targeted-by-spam-leading-to-ozone-rat"
"description" : "ZeGhots is a RAT which was freely available and first released in 2014.", ],
"meta" : { "synonyms": [
"refs" : [ "Ozone RAT",
"https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Backdoor%3aWin32%2fZegost.BW" "ozonercp"
], ],
"synonyms" : [ "type": [
"BackDoor-FBZT!52D84425CDF2", "rat"
"Trojan.Win32.Staser.ytq", ]
"Win32/Zegost.BW" }
], },
"type" : "rat" {
} "value": "ZeGhost",
}, "description": "ZeGhots is a RAT which was freely available and first released in 2014.",
{ "meta": {
"value" : "Elise Backdoor", "refs": [
"description" : " Trojan (RAT) linked to current targeted attacks and others dating back to at least early 2009", "https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Backdoor%3aWin32%2fZegost.BW"
"meta" : { ],
"refs" : [ "synonyms": [
"http://thehackernews.com/2015/08/elise-malware-hacking.html" "BackDoor-FBZT!52D84425CDF2",
], "Trojan.Win32.Staser.ytq",
"synonyms" : [ "Win32/Zegost.BW"
"Elise" ],
], "type": [
"type" : "dropper, stealer" "rat"
} ]
}, }
{ },
"value" : "Trojan.Laziok", {
"description" : "A new information stealer, Trojan.Laziok, acts as a reconnaissance tool allowing attackers to gather information and tailor their attack methods for each compromised computer.", "value": "Elise Backdoor",
"meta" : { "description": " Trojan (RAT) linked to current targeted attacks and others dating back to at least early 2009",
"refs" : [ "meta": {
"http://www.symantec.com/connect/blogs/new-reconnaissance-threat-trojanlaziok-targets-energy-sector" "refs": [
], "http://thehackernews.com/2015/08/elise-malware-hacking.html"
"synonyms" : [ ],
"Laziok" "synonyms": [
], "Elise"
"type" : "stealer ,reco" ],
} "type": [
}, "dropper",
{ "stealer"
"value" : "Slempo", ]
"description" : "Android-based malware", }
"meta" : { },
"refs" : [ {
"https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/" "value": "Trojan.Laziok",
], "description": "A new information stealer, Trojan.Laziok, acts as a reconnaissance tool allowing attackers to gather information and tailor their attack methods for each compromised computer.",
"synonyms" : [ "meta": {
"GM-Bot", "refs": [
"SlemBunk", "http://www.symantec.com/connect/blogs/new-reconnaissance-threat-trojanlaziok-targets-energy-sector"
"Bankosy", ],
"Acecard" "synonyms": [
], "Laziok"
"type" : "spyware, android" ],
} "type": [
}, "stealer",
{ "reco"
]
}
},
{
"value": "Slempo",
"description": "Android-based malware",
"meta": {
"refs": [
"https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/"
],
"synonyms": [
"GM-Bot",
"SlemBunk",
"Bankosy",
"Acecard"
],
"type": [
"spyware",
"android"
]
}
},
{
"value": "PWOBot", "value": "PWOBot",
"description": "We have discovered a malware family named PWOBot that is fairly unique because it is written entirely in Python, and compiled via PyInstaller to generate a Microsoft Windows executable. The malware has been witnessed affecting a number of Europe-based organizations, particularly in Poland. Additionally, the malware is delivered via a popular Polish file-sharing web service.", "description": "We have discovered a malware family named PWOBot that is fairly unique because it is written entirely in Python, and compiled via PyInstaller to generate a Microsoft Windows executable. The malware has been witnessed affecting a number of Europe-based organizations, particularly in Poland. Additionally, the malware is delivered via a popular Polish file-sharing web service.",
"meta": { "meta": {
"refs": [ "refs": [
"http://researchcenter.paloaltonetworks.com/2016/04/unit42-python-based-pwobot-targets-european-organizations/" "http://researchcenter.paloaltonetworks.com/2016/04/unit42-python-based-pwobot-targets-european-organizations/"
], ],
"synonyms" : [ "synonyms": [
"PWOLauncher", "PWOLauncher",
"PWOHTTPD", "PWOHTTPD",
"PWOKeyLogger", "PWOKeyLogger",
"PWOMiner", "PWOMiner",
"PWOPyExec", "PWOPyExec",
"PWOQuery" "PWOQuery"
], ],
"type" : "dropper, coinminer, spyware" "type": [
"dropper",
"miner",
"spyware"
]
} }
}, },
{ {
@ -175,7 +202,9 @@
"refs": [ "refs": [
"http://blog.trendmicro.com/trendlabs-security-intelligence/lost-door-rat-accessible-customizable-attack-tool/" "http://blog.trendmicro.com/trendlabs-security-intelligence/lost-door-rat-accessible-customizable-attack-tool/"
], ],
"type": "rat" "type": [
"rat"
]
} }
}, },
{ {
@ -188,7 +217,9 @@
"refs": [ "refs": [
"http://www.fidelissecurity.com/files/files/FTA_1009-njRAT_Uncovered_rev2.pdf" "http://www.fidelissecurity.com/files/files/FTA_1009-njRAT_Uncovered_rev2.pdf"
], ],
"type": "rat" "type": [
"rat"
]
} }
}, },
{ {
@ -198,7 +229,7 @@
"NanoCore", "NanoCore",
"Nancrat", "Nancrat",
"Zurten", "Zurten",
"Atros2.CKPN" "Atros2.CKPN"
], ],
"refs": [ "refs": [
"http://www.symantec.com/connect/blogs/nanocore-another-rat-tries-make-it-out-gutter", "http://www.symantec.com/connect/blogs/nanocore-another-rat-tries-make-it-out-gutter",

6
schema_clusters.json
View file

@ -74,7 +74,11 @@
"type": "string" "type": "string"
}, },
"type": { "type": {
"type": "string" "type": "array",
"uniqueItems": true,
"items": {
"type": "string"
}
}, },
"impact": { "impact": {
"type": "string" "type": "string"