Merge pull request #233 from Delta-Sierra/master

Add CFR.org metadata into the galaxy - Test
2018-06-26 14:26:18 +02:00 · 2018-06-26 14:26:18 +02:00 · 1bd0fb34d7
parent 1ae075acca 6f9e639981
commit 1bd0fb34d7
3 changed files with 40 additions and 5 deletions
--- a/clusters/botnet.json
+++ b/clusters/botnet.json
@ -2,7 +2,7 @@
  "description": "botnet galaxy",
  "uuid": "a91732f4-164a-11e8-924a-ffd4097eb03f",
  "source": "MISP Project",
-  "version": 5,
+  "version": 6,
  "values": [
    {
      "meta": {
@ -617,6 +617,18 @@
      "description": "The bot gathers information from the infected system through WMI queries (SerialNumber, SystemDrive, operating system, processor architecture), which it then sends back to a remote attacker. It installs a backdoor giving an attacker the possibility to run command such as: download a file, update itself, visit a website and perform HTTP, SYN, UDP flooding",
      "value": "Pontoeb",
      "uuid": "bc60de19-27a5-4df8-a835-70781b923125"
+    },
+    {
+      "meta": {
+        "refs": [
+          "https://www.bleepingcomputer.com/news/security/trik-spam-botnet-leaks-43-million-email-addresses/"
+        ],
+        "synonyms": [
+          "Trik Trojan"
+        ]
+      },
+      "value": "Trik Spam Botnet",
+      "uuid": "c68d5e64-7485-11e8-8625-2b14141f0501"
    }
  ],
  "authors": [
--- a/clusters/ransomware.json
+++ b/clusters/ransomware.json
@ -7966,7 +7966,8 @@
          "samsam.exe",
          "MIKOPONI.exe",
          "RikiRafael.exe",
-          "showmehowto.exe"
+          "showmehowto.exe",
+          "SamSam Ransomware"
        ],
        "extensions": [
          ".encryptedAES",
@ -8014,7 +8015,8 @@
        "refs": [
          "https://download.bleepingcomputer.com/demonslay335/SamSamStringDecrypter.zip",
          "http://blog.talosintel.com/2016/03/samsam-ransomware.html",
-          "http://www.intelsecurity.com/advanced-threat-research/content/Analysis_SamSa_Ransomware.pdf"
+          "http://www.intelsecurity.com/advanced-threat-research/content/Analysis_SamSa_Ransomware.pdf",
+          "https://www.bleepingcomputer.com/news/security/new-samsam-variant-requires-special-password-before-infection/"
        ]
      },
      "uuid": "731e4a5e-35f2-47b1-80ba-150b95fdc14d"
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -452,7 +452,28 @@
          "http://www.secureworks.com/cyber-threat-intelligence/threats/threat-group-3390-targets-organizations-for-cyberespionage/",
          "http://www.scmagazineuk.com/iran-and-russia-blamed-for-state-sponsored-espionage/article/330401/",
          "https://labs.bitdefender.com/2018/02/operation-pzchao-a-possible-return-of-the-iron-tiger-apt/",
-          "https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-inside-a-highly-specialized-espionage-infrastructure/"
+          "https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-inside-a-highly-specialized-espionage-infrastructure/",
+          "https://www.cfr.org/interactive/cyber-operations/iron-tiger"
+        ],
+        "cfr-suspected-victims": [
+          "United States",
+          "Japan",
+          "Taiwan",
+          "India",
+          "Canada",
+          "China",
+          "Thailand",
+          "Israel",
+          "Australia",
+          "Republic of Korea",
+          "Russia",
+          "Iran"
+        ],
+        "cfr-suspected-state-sponsor": "Unknown",
+        "cfr-type-of-incident": "Espionage",
+        "cfr-target-category": [
+          "Government",
+          "Private sector"
        ]
      },
      "description": "A China-based actor that targets foreign embassies to collect data on government, defence, and technology sectors.",
@ -2725,5 +2746,5 @@
  ],
  "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.",
  "uuid": "7cdff317-a673-4474-84ec-4f1754947823",
-  "version": 43
+  "version": 44
 }