mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-27 01:07:18 +00:00
commit
ac1242a40e
3 changed files with 68 additions and 4 deletions
|
@ -1195,7 +1195,29 @@
|
||||||
},
|
},
|
||||||
"uuid": "fa574138-a3bd-4ebc-a5f7-3b465df7106f",
|
"uuid": "fa574138-a3bd-4ebc-a5f7-3b465df7106f",
|
||||||
"value": "Dark Tequila"
|
"value": "Dark Tequila"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "Distributed by Malteiro",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://blog.scilabs.mx/en/cyber-threat-profile-malteiro/"
|
||||||
|
],
|
||||||
|
"synonyms": [
|
||||||
|
"URSA"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "ba57c28a-47d0-46ba-a933-9aed69f7b84f",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "delivered-by"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"uuid": "d27eea57-e55f-40b1-9690-55c2c8500876",
|
||||||
|
"value": "Malteiro"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 17
|
"version": 18
|
||||||
}
|
}
|
||||||
|
|
|
@ -24381,7 +24381,8 @@
|
||||||
"https://www.varonis.com/blog/alphv-blackcat-ransomware",
|
"https://www.varonis.com/blog/alphv-blackcat-ransomware",
|
||||||
"https://www.intrinsec.com/alphv-ransomware-gang-analysis",
|
"https://www.intrinsec.com/alphv-ransomware-gang-analysis",
|
||||||
"https://unit42.paloaltonetworks.com/blackcat-ransomware/",
|
"https://unit42.paloaltonetworks.com/blackcat-ransomware/",
|
||||||
"https://www.cyber.gov.au/acsc/view-all-content/advisories/2022-004-acsc-ransomware-profile-alphv-aka-blackcat"
|
"https://www.cyber.gov.au/acsc/view-all-content/advisories/2022-004-acsc-ransomware-profile-alphv-aka-blackcat",
|
||||||
|
"https://www.microsoft.com/en-us/security/blog/2022/06/13/the-many-lives-of-blackcat-ransomware/"
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"ALPHV",
|
"ALPHV",
|
||||||
|
@ -24724,7 +24725,7 @@
|
||||||
"ransomnotes": [
|
"ransomnotes": [
|
||||||
"Your data are stolen and encrypted\nThe data will be published on TOR website if you do not pay the ransom\nYou can contact us and decrypt one file for free on this TOR site (you should download and install TOR browser first https://torproject.org) https://aazsbsgya565y1u2c6Lay6yfiebkcbtvvcytyolt33s77xypi7nypxyd.onion/ \n\nYour company id for log in: [REDACTED]"
|
"Your data are stolen and encrypted\nThe data will be published on TOR website if you do not pay the ransom\nYou can contact us and decrypt one file for free on this TOR site (you should download and install TOR browser first https://torproject.org) https://aazsbsgya565y1u2c6Lay6yfiebkcbtvvcytyolt33s77xypi7nypxyd.onion/ \n\nYour company id for log in: [REDACTED]"
|
||||||
],
|
],
|
||||||
"ransomnotes-files": [
|
"ransomnotes-filenames": [
|
||||||
"readme.txt"
|
"readme.txt"
|
||||||
],
|
],
|
||||||
"ransomnotes-refs": [
|
"ransomnotes-refs": [
|
||||||
|
|
|
@ -9943,7 +9943,48 @@
|
||||||
},
|
},
|
||||||
"uuid": "171d0590-be92-443f-addb-af5dc2a8034d",
|
"uuid": "171d0590-be92-443f-addb-af5dc2a8034d",
|
||||||
"value": "Evasive Panda"
|
"value": "Evasive Panda"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "A Russia-linked threat actor tracked as TAG-53 is running phishing campaigns impersonating various defense, aerospace, and logistic companies, according to The Record by Recorded Future. Recorded Future’s Insikt Group identified overlaps with a threat actor tracked by other companies as Callisto Group, COLDRIVER, and SEABORGIUM.",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://blog.knowbe4.com/russian-threat-actor-impersonates-aerospace-and-defense-companies",
|
||||||
|
"https://www.recordedfuture.com/exposing-tag-53-credential-harvesting-infrastructure-for-russia-aligned-espionage-operations?utm_campaign=PostBeyond&utm_source=Twitter&utm_medium=359877&utm_term=Exposing+TAG-53%E2%80%99s+Credential+Harvesting+Infrastructure+Used+for+Russia-Aligned+Espionage+Operations",
|
||||||
|
"https://go.recordedfuture.com/hubfs/reports/cta-2022-1205.pdf"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "fbd279ab-c095-48dc-ba48-4bece3dd5b0f",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "overlaps"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"uuid": "e5865ca1-ec95-43e2-954a-d0f3507a9747",
|
||||||
|
"value": "TAG-53"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "This group of cybercriminals is named Malteiroby SCILabs, they operate and distribute the URSA/Mispadu banking trojan.",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://blog.scilabs.mx/en/cyber-threat-profile-malteiro/",
|
||||||
|
"https://blog.scilabs.mx/cyber-threat-profile-malteiro/"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "d27eea57-e55f-40b1-9690-55c2c8500876",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "delivers"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"uuid": "ba57c28a-47d0-46ba-a933-9aed69f7b84f",
|
||||||
|
"value": "Malteiro"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 255
|
"version": 256
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue