mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-29 18:27:19 +00:00
add some SNOWYAMBER relationships
This commit is contained in:
parent
8e9880d932
commit
d4225c5469
3 changed files with 46 additions and 2 deletions
|
@ -315,6 +315,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "uses"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "0125ef58-2675-426f-90eb-0b189961199a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "d7247cf9-13b6-4781-b789-a5f33521633b",
|
||||
|
|
|
@ -2274,6 +2274,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "0125ef58-2675-426f-90eb-0b189961199a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "b2056ff0-00b9-482e-b11c-c771daa5f28a",
|
||||
|
@ -8160,6 +8167,13 @@
|
|||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "similar"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "0125ef58-2675-426f-90eb-0b189961199a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "uses"
|
||||
}
|
||||
],
|
||||
"uuid": "2ee5ed7a-c4d0-40be-a837-20817474a15b",
|
||||
|
|
|
@ -8711,7 +8711,7 @@
|
|||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "54c03b3c-6f97-46ea-a93f-f07bfd5cdd36,",
|
||||
"dest-uuid": "54c03b3c-6f97-46ea-a93f-f07bfd5cdd36",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
|
@ -8756,7 +8756,7 @@
|
|||
"value": "AHK Bot"
|
||||
},
|
||||
{
|
||||
"description": "A tool first used in October 2022, abusing the Notion7 service to communicate and download further malicious files. Two versions of this tool have been observed.",
|
||||
"description": "A tool first used in October 2022, abusing the Notion service to communicate and download further malicious files. Two versions of this tool have been observed.\n\nSNOWYAMBER is a dropper that was used in an espionage campaign significantly overlapping with publicly described activity linked to the APT29 and NOBELIUM activity sets. SNOWYAMBER abuses the NOTION collaboration service as a communication channel. It does not contain any other capabilities aside from downloading and executing 2nd stage. To bypass security products, SNOWYAMBER uses several antidetection and obfuscation techniques, including string encryption, dynamic API resolving, EDR/AV unhooking, and direct syscalls.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.gov.pl/web/baza-wiedzy/espionage-campaign-linked-to-russian-intelligence-services",
|
||||
|
@ -8764,6 +8764,29 @@
|
|||
"https://www.gov.pl/attachment/ee91f24d-3e67-436d-aa50-7fa56acf789d"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "b2056ff0-00b9-482e-b11c-c771daa5f28a",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "used-by"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "d7247cf9-13b6-4781-b789-a5f33521633b",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "used-by"
|
||||
},
|
||||
{
|
||||
"dest-uuid": "2ee5ed7a-c4d0-40be-a837-20817474a15b",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"likely\""
|
||||
],
|
||||
"type": "used-by"
|
||||
}
|
||||
],
|
||||
"uuid": "0125ef58-2675-426f-90eb-0b189961199a",
|
||||
"value": "SNOWYAMBER"
|
||||
},
|
||||
|
|
Loading…
Reference in a new issue