diff --git a/clusters/ransomware.json b/clusters/ransomware.json index f5ca550..9d48f91 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -13444,6 +13444,9 @@ "meta": { "refs": [ "https://blog.talosintelligence.com/2019/04/sodinokibi-ransomware-exploits-weblogic.html" + ], + "synonyms": [ + "REvil" ] }, "uuid": "24bd9a4b-2b66-428b-8e1c-6b280b056c00", diff --git a/clusters/rat.json b/clusters/rat.json index 70b21ab..2fbafae 100644 --- a/clusters/rat.json +++ b/clusters/rat.json @@ -1934,7 +1934,9 @@ "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/PLUGX" ], "synonyms": [ - "Korplug" + "Korplug", + "SOGU", + "Scontroller" ] }, "related": [ @@ -3416,5 +3418,5 @@ "value": "InnfiRAT" } ], - "version": 31 + "version": 32 } diff --git a/clusters/tool.json b/clusters/tool.json index 69ae9bc..577e752 100644 --- a/clusters/tool.json +++ b/clusters/tool.json @@ -7844,7 +7844,22 @@ }, "uuid": "a577bb0d-9732-449a-80f7-5e6c93e6046c", "value": "Reductor" + }, + { + "description": "Legitimate tool - command-line tool used to monitor a running process and dump memory depending on customcriteria. The attackers use this tool to dump the LSASS process to gatherWINDOWScredentials hashes", + "uuid": "1ae22855-c343-4ae9-8cab-522c9da938aa", + "value": "ProcDump" + }, + { + "description": "Legitimate tool - command-line tool used to import and export certificates on a machine. The attackers use this toolto gather credentials used for VPN authentication to the clients’ networks", + "uuid": "fadd0d1f-b098-43ea-b7a6-50fb58aef9f6", + "value": "CertMig" + }, + { + "description": "Legitimate tool - tool used to scan IPv4/IPv6 networks and remotely execute PowerShell commands.", + "uuid": "bbba3a35-5064-4e60-ad4b-0ba16cc81a23", + "value": "Netscan" } ], - "version": 125 + "version": 126 }