MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

add Rovnix

pull/191/head
Deborah Servili 2018-04-11 16:30:58 +02:00
parent e4b95abce3
commit 1a18ffb3eb
1 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
clusters/tool.json
View File

@ -11,7 +11,7 @@
], ],
"description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.", "description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
"uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f", "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
"version": 62, "version": 63,
"values": [ "values": [
{ {
"meta": { "meta": {
@ -4126,6 +4126,19 @@
] ]
}, },
"uuid": "8c0a7e1e-3cc4-11e8-8f03-2f71e72f737b" "uuid": "8c0a7e1e-3cc4-11e8-8f03-2f71e72f737b"
},
{
"value": "Rovnix",
"description": "We recently found that the malware family ROVNIX is capable of being distributed via macro downloader. This malware technique was previously seen in the DRIDEX malware, which was notable for using the same routines. DRIDEX is also known as the successor of the banking malware CRIDEX.",
"meta": {
"refs": [
"https://blog.trendmicro.com/trendlabs-security-intelligence/rovnix-infects-systems-with-password-protected-macros/"
],
"synonyms": [
"ROVNIX"
]
},
"uuid": "a4036a28-3d94-11e8-ad9f-97ada3c6d5fb"
} }
] ]
} }