mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-27 01:07:18 +00:00
commit
e591852ec0
3 changed files with 23 additions and 3 deletions
|
@ -13444,6 +13444,9 @@
|
||||||
"meta": {
|
"meta": {
|
||||||
"refs": [
|
"refs": [
|
||||||
"https://blog.talosintelligence.com/2019/04/sodinokibi-ransomware-exploits-weblogic.html"
|
"https://blog.talosintelligence.com/2019/04/sodinokibi-ransomware-exploits-weblogic.html"
|
||||||
|
],
|
||||||
|
"synonyms": [
|
||||||
|
"REvil"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"uuid": "24bd9a4b-2b66-428b-8e1c-6b280b056c00",
|
"uuid": "24bd9a4b-2b66-428b-8e1c-6b280b056c00",
|
||||||
|
|
|
@ -1934,7 +1934,9 @@
|
||||||
"https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/PLUGX"
|
"https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/PLUGX"
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"Korplug"
|
"Korplug",
|
||||||
|
"SOGU",
|
||||||
|
"Scontroller"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
@ -3416,5 +3418,5 @@
|
||||||
"value": "InnfiRAT"
|
"value": "InnfiRAT"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 31
|
"version": 32
|
||||||
}
|
}
|
||||||
|
|
|
@ -7844,7 +7844,22 @@
|
||||||
},
|
},
|
||||||
"uuid": "a577bb0d-9732-449a-80f7-5e6c93e6046c",
|
"uuid": "a577bb0d-9732-449a-80f7-5e6c93e6046c",
|
||||||
"value": "Reductor"
|
"value": "Reductor"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "Legitimate tool - command-line tool used to monitor a running process and dump memory depending on customcriteria. The attackers use this tool to dump the LSASS process to gatherWINDOWScredentials hashes",
|
||||||
|
"uuid": "1ae22855-c343-4ae9-8cab-522c9da938aa",
|
||||||
|
"value": "ProcDump"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "Legitimate tool - command-line tool used to import and export certificates on a machine. The attackers use this toolto gather credentials used for VPN authentication to the clients’ networks",
|
||||||
|
"uuid": "fadd0d1f-b098-43ea-b7a6-50fb58aef9f6",
|
||||||
|
"value": "CertMig"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "Legitimate tool - tool used to scan IPv4/IPv6 networks and remotely execute PowerShell commands.",
|
||||||
|
"uuid": "bbba3a35-5064-4e60-ad4b-0ba16cc81a23",
|
||||||
|
"value": "Netscan"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 125
|
"version": 126
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue