MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-22 23:07:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

jq

Browse source
This commit is contained in:
Deborah Servili 2019-11-22 14:15:29 +01:00
parent 08a4897cbe
commit cab60a02e2
No known key found for this signature in database
GPG key ID: 7E3A832850D4D7D1
2 changed files with 6 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
clusters/ransomware.json
View file

@ -13574,13 +13574,14 @@
"value": "Maze"
},
{
"value": "Cyborg Ransomware",
"description": "Ransomware delivered using fake Windows Update spam",
"meta": {
"refs": [
"https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/fake-windows-update-spam-leads-to-cyborg-ransomware-and-its-builder/"
]
}
},
"uuid": "0a0b9311-8cbc-4d97-b337-42c9a018ebe0",
"value": "Cyborg Ransomware"
}
],
"version": 73

5
clusters/tool.json
View file

@ -7878,14 +7878,15 @@
"value": "ShadowHammer"
},
{
"value": "DePriMon",
"description": "DePriMon is a malicious downloader, with several stages and using many non-traditional techniques. To achieve persistence, the malware registers a new local port monitor a trick falling under the “Port Monitors” technique in the MITRE ATT&CK knowledgebase. For that, the malware uses the “Windows Default Print Monitor” name; thats why we have named it DePriMon. Due to its complexity and modular architecture, we consider it to be a framework.",
"meta": {
"refs": [
"https://www.bleepingcomputer.com/news/security/deprimon-malware-registers-itself-as-a-windows-print-monitor/",
"https://www.welivesecurity.com/2019/11/21/deprimon-default-print-monitor-malicious-downloader/"
]
}
},
"uuid": "c76874cd-0d73-4cbf-8d39-a066900dd4ce",
"value": "DePriMon"
}
],
"version": 128