MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-23 15:27:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge pull request #135 from Delta-Sierra/master

Browse source 
add Quant Loader
This commit is contained in:
Alexandre Dulaunoy 2017-12-14 15:29:50 +01:00 committed by GitHub
commit d4c70879fc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 26 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
clusters/ransomware.json
View file

@ -5022,7 +5022,8 @@
".EMPTY", ".EMPTY",
".0000", ".0000",
".XZZX", ".XZZX",
".TEST" ".TEST",
".WORK"
], ],
"ransomnotes": [ "ransomnotes": [
"HELP_YOUR_FILES.html (CryptXXX)", "HELP_YOUR_FILES.html (CryptXXX)",
@ -5034,7 +5035,8 @@
"Hello!\n\nAttention! All Your data was encrypted!\n\nFor specific informartion, please send us an email with Your ID number:\n\nempty01@techmail.info\n\nempty02@yahooweb.co\n\nempty003@protonmail.com\n\nWe will help You as soon as possible!\n\nDECRYPT-ID-[id] number", "Hello!\n\nAttention! All Your data was encrypted!\n\nFor specific informartion, please send us an email with Your ID number:\n\nempty01@techmail.info\n\nempty02@yahooweb.co\n\nempty003@protonmail.com\n\nWe will help You as soon as possible!\n\nDECRYPT-ID-[id] number",
"Hello!\n\nAttention! All Your data was encrypted!\n\nFor specific informartion, please send us an email with Your ID number:\n\ny0000@tuta.io\n\ny0000@protonmail.com\n\ny0000z@yandex.com\n\ny0000s@yandex.com\n\nPlease send email to all email addresses! We will help You as soon as possible!\n\nDECRYPT-ID-[id]", "Hello!\n\nAttention! All Your data was encrypted!\n\nFor specific informartion, please send us an email with Your ID number:\n\ny0000@tuta.io\n\ny0000@protonmail.com\n\ny0000z@yandex.com\n\ny0000s@yandex.com\n\nPlease send email to all email addresses! We will help You as soon as possible!\n\nDECRYPT-ID-[id]",
"Hello!\n\nAttention! All Your data was encrypted!\n\nFor specific informartion, please send us an email with Your ID number:\n\nxzzx@tuta.io\n\nxzzx1@protonmail.com\n\nxzzx10@yandex.com\n\nxzzx101@yandex.com\n\nPlease send email to all email addresses! We will help You as soon as possible!\n\nDECRYPT-ID-[id] number", "Hello!\n\nAttention! All Your data was encrypted!\n\nFor specific informartion, please send us an email with Your ID number:\n\nxzzx@tuta.io\n\nxzzx1@protonmail.com\n\nxzzx10@yandex.com\n\nxzzx101@yandex.com\n\nPlease send email to all email addresses! We will help You as soon as possible!\n\nDECRYPT-ID-[id] number",
"Hello!\n\nAttention! All Your data was encrypted!\n\nFor specific informartion, please send us an email with Your ID number:\n\ntest757@tuta.io\n\ntest757@protonmail.com\n\ntest757xz@yandex.com\n\ntest757xy@yandex.com\n\ntest757@consultant.com\n\nPlease send email to all email addresses! We will help You as soon as possible!\n\nIMPORTANT: DO NOT USE ANY PUBLIC SOFTWARE! IT MAY DAMAGE YOUR DATA FOREVER!\n\nDECRYPT-ID-[id] number" "Hello!\n\nAttention! All Your data was encrypted!\n\nFor specific informartion, please send us an email with Your ID number:\n\ntest757@tuta.io\n\ntest757@protonmail.com\n\ntest757xz@yandex.com\n\ntest757xy@yandex.com\n\ntest757@consultant.com\n\nPlease send email to all email addresses! We will help You as soon as possible!\n\nIMPORTANT: DO NOT USE ANY PUBLIC SOFTWARE! IT MAY DAMAGE YOUR DATA FOREVER!\n\nDECRYPT-ID-[id] number",
"Attention! All Your data was encrypted!\n\nFor specific informartion, please send us an email with Your ID number:\n\nworknow@keemail.me\n\nworknow@protonmail.com\n\nworknow8@yandex.com\n\nworknow9@yandex.com\n\nworknow@techie.com\n\nPlease send email to all email addresses! We will help You as soon as possible!\n\nIMPORTANT: DO NOT USE ANY PUBLIC SOFTWARE! IT MAY DAMAGE YOUR DATA FOREVER!\n\nDECRYPT-ID-[id] number"
], ],
"refs": [ "refs": [
"http://www.nyxbone.com/malware/CryptoMix.html", "http://www.nyxbone.com/malware/CryptoMix.html",
@ -5043,7 +5045,8 @@
"https://www.bleepingcomputer.com/news/security/new-empty-cryptomix-ransomware-variant-released/", "https://www.bleepingcomputer.com/news/security/new-empty-cryptomix-ransomware-variant-released/",
"https://www.bleepingcomputer.com/news/security/0000-cryptomix-ransomware-variant-released/", "https://www.bleepingcomputer.com/news/security/0000-cryptomix-ransomware-variant-released/",
"https://www.bleepingcomputer.com/news/security/xzzx-cryptomix-ransomware-variant-released/", "https://www.bleepingcomputer.com/news/security/xzzx-cryptomix-ransomware-variant-released/",
"https://www.bleepingcomputer.com/news/security/test-cryptomix-ransomware-variant-released/" "https://www.bleepingcomputer.com/news/security/test-cryptomix-ransomware-variant-released/",
"https://www.bleepingcomputer.com/news/security/work-cryptomix-ransomware-variant-released/"
] ]
} }
}, },

21
clusters/tool.json
View file

@ -10,7 +10,7 @@
], ],
"description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.", "description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
"uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f", "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
"version": 41, "version": 43,
"values": [ "values": [
{ {
"meta": { "meta": {
@ -3114,6 +3114,25 @@
"https://www.group-ib.com/blog/moneytaker" "https://www.group-ib.com/blog/moneytaker"
] ]
} }
},
{
"value": "Quant Loader",
"description": "Described as a \"professional exe loader / dll dropper\" Quant Loader is in fact a very basic trojan downloader. It began being advertised on September 1, 2016 on various Russian underground forums.",
"meta": {
"refs": [
"https://www.bleepingcomputer.com/news/security/quant-loader-is-now-bundled-with-other-crappy-malware/",
"https://blogs.forcepoint.com/security-labs/locky-distributor-uses-newly-released-quant-loader-sold-russian-underground"
]
}
},
{
"value": "SSHDoor",
"description": "The Secure Shell Protocol (SSH) is a very popular protocol used for secure data communication. It is widely used in the Unix world to manage remote servers, transfer files, etc. The modified SSH daemon described here, Linux/SSHDoor.A, is designed to steal usernames and passwords and allows remote access to the server via either an hardcoded password or SSH key.",
"meta": {
"refs": [
"https://www.welivesecurity.com/2013/01/24/linux-sshdoor-a-backdoored-ssh-daemon-that-steals-passwords/"
]
}
} }
] ]
} }