mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-26 16:57:18 +00:00
add olympic destroyer
This commit is contained in:
parent
92cbd29091
commit
dcd159f8ed
1 changed files with 12 additions and 1 deletions
|
@ -2,7 +2,7 @@
|
|||
"uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
|
||||
"name": "Tool",
|
||||
"source": "MISP Project",
|
||||
"version": 76,
|
||||
"version": 77,
|
||||
"values": [
|
||||
{
|
||||
"meta": {
|
||||
|
@ -4333,6 +4333,17 @@
|
|||
]
|
||||
},
|
||||
"uuid": "8981aaca-72dc-11e8-8649-838c1b2613c5"
|
||||
},
|
||||
{
|
||||
"value": "Olympic Destroyer",
|
||||
"description": "The Winter Olympics this year is being held in Pyeongchang, South Korea. The Guardian, a UK Newspaper reported an article that suggested the Olympic computer systems suffered technical issues during the opening ceremony. Officials at the games confirmed some technical issues to non-critical systems and they completed recovery within around 12 hours. Sunday 11th February the Olympic games officials confirmed a cyber attack occurred but did not comment or speculate further.\nTalos have identified the samples, with moderate confidence, used in this attack. The infection vector is currently unknown as we continue to investigate. The samples identified, however, are not from adversaries looking for information from the games but instead they are aimed to disrupt the games. The samples analysed appear to perform only destructive functionality. There does not appear to be any exfiltration of data. Analysis shows that actors are again favouring legitimate pieces of software as PsExec functionality is identified within the sample. The destructive nature of this malware aims to render the machine unusable by deleting shadow copies, event logs and trying to use PsExec & WMI to further move through the environment. This is something we have witnessed previously with BadRabbit and Nyetya.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://blog.talosintelligence.com/2018/02/olympic-destroyer.html",
|
||||
"https://www.bleepingcomputer.com/news/security/malware-that-hit-pyeongchang-olympics-deployed-in-new-attacks/"
|
||||
]
|
||||
},
|
||||
"uuid": "76d5c7a2-73c3-11e8-bd92-db4d715af093"
|
||||
}
|
||||
],
|
||||
"authors": [
|
||||
|
|
Loading…
Reference in a new issue