Merge pull request #256 from Delta-Sierra/master

add ref for operation Applejeus
This commit is contained in:
Alexandre Dulaunoy 2018-09-12 22:12:45 +02:00 committed by GitHub
commit c50448a616
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 7 additions and 5 deletions

View file

@ -10541,7 +10541,7 @@
}, },
{ {
"value": "Sigma Ransomware", "value": "Sigma Ransomware",
"description": "", "description": "Today one of our volunteers, Aura, told me about a new new malspam campaign pretending to be from Craigslist that is under way and distributing the Sigma Ransomware. These spam emails contain password protected Word or RTF documents that download the Sigma Ransomware executable from a remote site and install it on a recipients computer.",
"meta": { "meta": {
"refs": [ "refs": [
"https://www.bleepingcomputer.com/news/security/sigma-ransomware-being-distributed-using-fake-craigslist-malspam/" "https://www.bleepingcomputer.com/news/security/sigma-ransomware-being-distributed-using-fake-craigslist-malspam/"

View file

@ -2742,7 +2742,8 @@
"description": "According to trusted third-party reporting, HIDDEN COBRA actors have likely been using FALLCHILL malware since 2016 to target the aerospace, telecommunications, and finance industries. The malware is a fully functional RAT with multiple commands that the actors can issue from a command and control (C2) server to a victims system via dual proxies. FALLCHILL typically infects a system as a file dropped by other HIDDEN COBRA malware or as a file downloaded unknowingly by users when visiting sites compromised by HIDDEN COBRA actors. HIDDEN COBRA actors use an external tool or dropper to install the FALLCHILL malware-as-a-service to establish persistence. Because of this, additional HIDDEN COBRA malware may be present on systems compromised with FALLCHILL.", "description": "According to trusted third-party reporting, HIDDEN COBRA actors have likely been using FALLCHILL malware since 2016 to target the aerospace, telecommunications, and finance industries. The malware is a fully functional RAT with multiple commands that the actors can issue from a command and control (C2) server to a victims system via dual proxies. FALLCHILL typically infects a system as a file dropped by other HIDDEN COBRA malware or as a file downloaded unknowingly by users when visiting sites compromised by HIDDEN COBRA actors. HIDDEN COBRA actors use an external tool or dropper to install the FALLCHILL malware-as-a-service to establish persistence. Because of this, additional HIDDEN COBRA malware may be present on systems compromised with FALLCHILL.",
"meta": { "meta": {
"refs": [ "refs": [
"https://www.us-cert.gov/ncas/alerts/TA17-318A" "https://www.us-cert.gov/ncas/alerts/TA17-318A",
"https://securelist.com/operation-applejeus/87553/"
] ]
}, },
"related": [ "related": [
@ -2913,5 +2914,5 @@
"value": "Hallaj PRO RAT" "value": "Hallaj PRO RAT"
} }
], ],
"version": 13 "version": 14
} }

View file

@ -2582,7 +2582,8 @@
"https://www.us-cert.gov/ncas/alerts/TA17-318B", "https://www.us-cert.gov/ncas/alerts/TA17-318B",
"https://www.bleepingcomputer.com/news/security/north-korean-hackers-are-up-to-no-good-again/", "https://www.bleepingcomputer.com/news/security/north-korean-hackers-are-up-to-no-good-again/",
"https://www.cfr.org/interactive/cyber-operations/lazarus-group", "https://www.cfr.org/interactive/cyber-operations/lazarus-group",
"https://www.cfr.org/interactive/cyber-operations/operation-ghostsecret" "https://www.cfr.org/interactive/cyber-operations/operation-ghostsecret",
"https://securelist.com/operation-applejeus/87553/"
], ],
"synonyms": [ "synonyms": [
"Operation DarkSeoul", "Operation DarkSeoul",
@ -5713,5 +5714,5 @@
"uuid": "abd89986-b1b0-11e8-b857-efe290264006" "uuid": "abd89986-b1b0-11e8-b857-efe290264006"
} }
], ],
"version": 56 "version": 57
} }