This commit is contained in:
Delta-Sierra 2022-07-12 14:03:43 +02:00
parent 6c6355f2ba
commit d40017ae50
2 changed files with 46 additions and 0 deletions

View file

@ -1323,10 +1323,47 @@
"estimative-language:likelihood-probability=\"likely\"" "estimative-language:likelihood-probability=\"likely\""
], ],
"type": "variant-of" "type": "variant-of"
},
{
"dest-uuid": "e878d24d-f122-48c4-930c-f6b6d5f0ee28",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "variant-of"
},
{
"dest-uuid": "421a3805-7741-4315-82c2-6c9aa30d0953",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "variant-of"
} }
], ],
"uuid": "a5a067c9-c4d7-4f33-8e6f-01b903f89908", "uuid": "a5a067c9-c4d7-4f33-8e6f-01b903f89908",
"value": "EnemyBot" "value": "EnemyBot"
},
{
"description": "Discovered in 2008 and under constant development, with gaps in operational use in the wild; operators are occasionally known as GOLD LAGOON. Banking Trojan, steals financial data, browser information/hooks, keystrokes, credentials; described by CheckPoint as a “Swiss Army knife”. Known to leverage many other tools; for example, PowerShell and Mimikatz are used for self-propagation. Attempts obfuscation via legitimate process injection. Known to serve as a dropper for ProLock ransomware. Infection vectors are common, with malspam as the most frequent. Active in 2020 two big campaigns, one from March to June, second Starting in July and ongoing, as part of latest Emotet campaign. Newer version appeared in August.",
"meta": {
"refs": [
"https://www.cisa.gov/sites/default/files/publications/202010221030_QakBot%20TLPWHITE.pdf"
],
"synonyms": [
"QakBot",
"Pinkslipbot"
]
},
"related": [
{
"dest-uuid": "c4417bfb-717f-48d9-bd56-bc9e85d07c19",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "dropped"
}
],
"uuid": "421a3805-7741-4315-82c2-6c9aa30d0953",
"value": "Qbot"
} }
], ],
"version": 26 "version": 26

View file

@ -22140,6 +22140,15 @@
}, },
{ {
"description": "ransomware", "description": "ransomware",
"related": [
{
"dest-uuid": "421a3805-7741-4315-82c2-6c9aa30d0953",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "dropped-by"
}
],
"uuid": "c4417bfb-717f-48d9-bd56-bc9e85d07c19", "uuid": "c4417bfb-717f-48d9-bd56-bc9e85d07c19",
"value": "ProLock" "value": "ProLock"
}, },