MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-26 16:57:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #736 from Delta-Sierra/main

Browse source 
add Qbot
This commit is contained in:
Alexandre Dulaunoy 2022-07-12 18:41:33 +02:00 committed by GitHub
commit cf603e8160
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 49 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
clusters/botnet.json
View file

@ -1323,11 +1323,48 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "variant-of" "type": "variant-of"
},
{
"dest-uuid": "e878d24d-f122-48c4-930c-f6b6d5f0ee28",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "variant-of"
},
{
"dest-uuid": "421a3805-7741-4315-82c2-6c9aa30d0953",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "variant-of"
} }
], ],
"uuid": "a5a067c9-c4d7-4f33-8e6f-01b903f89908", "uuid": "a5a067c9-c4d7-4f33-8e6f-01b903f89908",
"value": "EnemyBot" "value": "EnemyBot"
},
{
"description": "Discovered in 2008 and under constant development, with gaps in operational use in the wild; operators are occasionally known as GOLD LAGOON. Banking Trojan, steals financial data, browser information/hooks, keystrokes, credentials; described by CheckPoint as a “Swiss Army knife”. Known to leverage many other tools; for example, PowerShell and Mimikatz are used for self-propagation. Attempts obfuscation via legitimate process injection. Known to serve as a dropper for ProLock ransomware. Infection vectors are common, with malspam as the most frequent. Active in 2020 two big campaigns, one from March to June, second Starting in July and ongoing, as part of latest Emotet campaign. Newer version appeared in August.",
"meta": {
"refs": [
"https://www.cisa.gov/sites/default/files/publications/202010221030_QakBot%20TLPWHITE.pdf"
],
"synonyms": [
"QakBot",
"Pinkslipbot"
]
},
"related": [
{
"dest-uuid": "c4417bfb-717f-48d9-bd56-bc9e85d07c19",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "dropped"
}
],
"uuid": "421a3805-7741-4315-82c2-6c9aa30d0953",
"value": "Qbot"
} }
], ],
"version": 26 "version": 27
} }

13
clusters/ransomware.json
View file

@ -2250,7 +2250,7 @@
"https://id-ransomware.blogspot.co.il/2017/01/xcrypt-ransomware.html", "https://id-ransomware.blogspot.co.il/2017/01/xcrypt-ransomware.html",
"https://twitter.com/JakubKroustek/status/825790584971472902" "https://twitter.com/JakubKroustek/status/825790584971472902"
], ],
"synonyns": [ "synonyms": [
"XCrypt" "XCrypt"
] ]
}, },
@ -22140,6 +22140,15 @@
}, },
{ {
"description": "ransomware", "description": "ransomware",
"related": [
{
"dest-uuid": "421a3805-7741-4315-82c2-6c9aa30d0953",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "dropped-by"
}
],
"uuid": "c4417bfb-717f-48d9-bd56-bc9e85d07c19", "uuid": "c4417bfb-717f-48d9-bd56-bc9e85d07c19",
"value": "ProLock" "value": "ProLock"
}, },
@ -24568,5 +24577,5 @@
"value": "Maui ransomware" "value": "Maui ransomware"
} }
], ],
"version": 104 "version": 105
} }