Merge pull request #236 from raw-data/master

[add] new cluster + galaxy
pull/240/head
Alexandre Dulaunoy 2018-07-06 21:33:54 +02:00 committed by GitHub
commit 11af1cad81
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 34 additions and 0 deletions

View File

@ -19,6 +19,7 @@ to localized information (which is not shared) or additional information (that c
- [clusters/android.json](clusters/android.json) - Android malware galaxy based on multiple open sources.
- [clusters/banker.json](clusters/banker.json) - A list of banker malware.
- [clusters/stealer.json](clusters/stealer.json) - A list of malware stealer.
- [clusters/backdoor.json](clusters/backdoor.json) - A list of backdoor malware.
- [clusters/botnet.json](clusters/botnet.json) - A list of known botnets.
- [clusters/branded_vulnerability.json](clusters/branded_vulnerability.json) - List of known vulnerabilities and exploits.
- [clusters/exploit-kit.json](clusters/exploit-kit.json) - Exploit-Kit is an enumeration of some exploitation kits used by adversaries. The list includes document, browser and router exploit kits. It's not meant to be totally exhaustive but aim at covering the most seen in the past 5 years.

24
clusters/backdoor.json Normal file
View File

@ -0,0 +1,24 @@
{
"uuid": "75436e27-cb57-4f32-bf1d-9636dd78a2bf",
"description": "A list of backdoor malware.",
"source": "Open Sources",
"version": 1,
"values": [
{
"meta": {
"date": "July 2018.",
"refs": [
"https://blog.jpcert.or.jp/2018/07/malware-wellmes-9b78.html"
]
},
"description": "Cross-platform malware written in Golang, compatible with Linux and Windows. Although there are some minor differences, both variants have the same functionality. The malware communicates with a CnC server using HTTP requests and performs functions based on the received commands. Results of command execution are sent in HTTP POST requests data (RSA-encrypted). Main functionalities are: (1) Execute arbitrary shell commands, (2) Upload/Download files. The PE variant of the infection, in addition, executes PowerShell scripts. A .Net version was also observed in the wild.",
"value": "WellMess",
"uuid": "e0e79fab-0f1d-4fc2-b424-208cb019a9cd"
}
],
"authors": [
"raw-data"
],
"type": "backdoor",
"name": "Backdoor"
}

9
galaxies/backdoor.json Normal file
View File

@ -0,0 +1,9 @@
{
"description": "Malware Backdoor galaxy.",
"type": "backdoor",
"version": 1,
"name": "Backdoor",
"icon": "door-open",
"uuid": "75436e27-cb57-4f32-bf1d-9636dd78a2bf",
"namespace": "misp"
}