mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-26 16:57:18 +00:00
commit
cf603e8160
2 changed files with 49 additions and 3 deletions
|
@ -1323,11 +1323,48 @@
|
||||||
"estimative-language:likelihood-probability=\"likely\""
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
],
|
],
|
||||||
"type": "variant-of"
|
"type": "variant-of"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "e878d24d-f122-48c4-930c-f6b6d5f0ee28",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "variant-of"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "421a3805-7741-4315-82c2-6c9aa30d0953",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "variant-of"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"uuid": "a5a067c9-c4d7-4f33-8e6f-01b903f89908",
|
"uuid": "a5a067c9-c4d7-4f33-8e6f-01b903f89908",
|
||||||
"value": "EnemyBot"
|
"value": "EnemyBot"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "Discovered in 2008 and under constant development, with gaps in operational use in the wild; operators are occasionally known as GOLD LAGOON. Banking Trojan, steals financial data, browser information/hooks, keystrokes, credentials; described by CheckPoint as a “Swiss Army knife”. Known to leverage many other tools; for example, PowerShell and Mimikatz are used for self-propagation. Attempts obfuscation via legitimate process injection. Known to serve as a dropper for ProLock ransomware. Infection vectors are common, with malspam as the most frequent. Active in 2020 – two big campaigns, one from March to June, second Starting in July and ongoing, as part of latest Emotet campaign. Newer version appeared in August.",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://www.cisa.gov/sites/default/files/publications/202010221030_QakBot%20TLPWHITE.pdf"
|
||||||
|
],
|
||||||
|
"synonyms": [
|
||||||
|
"QakBot",
|
||||||
|
"Pinkslipbot"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "c4417bfb-717f-48d9-bd56-bc9e85d07c19",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "dropped"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 26
|
"uuid": "421a3805-7741-4315-82c2-6c9aa30d0953",
|
||||||
|
"value": "Qbot"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"version": 27
|
||||||
}
|
}
|
||||||
|
|
|
@ -2250,7 +2250,7 @@
|
||||||
"https://id-ransomware.blogspot.co.il/2017/01/xcrypt-ransomware.html",
|
"https://id-ransomware.blogspot.co.il/2017/01/xcrypt-ransomware.html",
|
||||||
"https://twitter.com/JakubKroustek/status/825790584971472902"
|
"https://twitter.com/JakubKroustek/status/825790584971472902"
|
||||||
],
|
],
|
||||||
"synonyns": [
|
"synonyms": [
|
||||||
"XCrypt"
|
"XCrypt"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
@ -22140,6 +22140,15 @@
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"description": "ransomware",
|
"description": "ransomware",
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "421a3805-7741-4315-82c2-6c9aa30d0953",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"likely\""
|
||||||
|
],
|
||||||
|
"type": "dropped-by"
|
||||||
|
}
|
||||||
|
],
|
||||||
"uuid": "c4417bfb-717f-48d9-bd56-bc9e85d07c19",
|
"uuid": "c4417bfb-717f-48d9-bd56-bc9e85d07c19",
|
||||||
"value": "ProLock"
|
"value": "ProLock"
|
||||||
},
|
},
|
||||||
|
@ -24568,5 +24577,5 @@
|
||||||
"value": "Maui ransomware"
|
"value": "Maui ransomware"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 104
|
"version": 105
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue