diff --git a/clusters/botnet.json b/clusters/botnet.json index b763c404..7bf90bdb 100644 --- a/clusters/botnet.json +++ b/clusters/botnet.json @@ -2,7 +2,7 @@ "description": "botnet galaxy", "uuid": "a91732f4-164a-11e8-924a-ffd4097eb03f", "source": "MISP Project", - "version": 5, + "version": 6, "values": [ { "meta": { @@ -617,6 +617,18 @@ "description": "The bot gathers information from the infected system through WMI queries (SerialNumber, SystemDrive, operating system, processor architecture), which it then sends back to a remote attacker. It installs a backdoor giving an attacker the possibility to run command such as: download a file, update itself, visit a website and perform HTTP, SYN, UDP flooding", "value": "Pontoeb", "uuid": "bc60de19-27a5-4df8-a835-70781b923125" + }, + { + "meta": { + "refs": [ + "https://www.bleepingcomputer.com/news/security/trik-spam-botnet-leaks-43-million-email-addresses/" + ], + "synonyms": [ + "Trik Trojan" + ] + }, + "value": "Trik Spam Botnet", + "uuid": "c68d5e64-7485-11e8-8625-2b14141f0501" } ], "authors": [ diff --git a/clusters/ransomware.json b/clusters/ransomware.json index d7ccf5e9..39a82cf7 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -7966,7 +7966,8 @@ "samsam.exe", "MIKOPONI.exe", "RikiRafael.exe", - "showmehowto.exe" + "showmehowto.exe", + "SamSam Ransomware" ], "extensions": [ ".encryptedAES", @@ -8014,7 +8015,8 @@ "refs": [ "https://download.bleepingcomputer.com/demonslay335/SamSamStringDecrypter.zip", "http://blog.talosintel.com/2016/03/samsam-ransomware.html", - "http://www.intelsecurity.com/advanced-threat-research/content/Analysis_SamSa_Ransomware.pdf" + "http://www.intelsecurity.com/advanced-threat-research/content/Analysis_SamSa_Ransomware.pdf", + "https://www.bleepingcomputer.com/news/security/new-samsam-variant-requires-special-password-before-infection/" ] }, "uuid": "731e4a5e-35f2-47b1-80ba-150b95fdc14d" diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 943706b5..07141a1a 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -452,7 +452,28 @@ "http://www.secureworks.com/cyber-threat-intelligence/threats/threat-group-3390-targets-organizations-for-cyberespionage/", "http://www.scmagazineuk.com/iran-and-russia-blamed-for-state-sponsored-espionage/article/330401/", "https://labs.bitdefender.com/2018/02/operation-pzchao-a-possible-return-of-the-iron-tiger-apt/", - "https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-inside-a-highly-specialized-espionage-infrastructure/" + "https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-inside-a-highly-specialized-espionage-infrastructure/", + "https://www.cfr.org/interactive/cyber-operations/iron-tiger" + ], + "cfr-suspected-victims": [ + "United States", + "Japan", + "Taiwan", + "India", + "Canada", + "China", + "Thailand", + "Israel", + "Australia", + "Republic of Korea", + "Russia", + "Iran" + ], + "cfr-suspected-state-sponsor": "Unknown", + "cfr-type-of-incident": "Espionage", + "cfr-target-category": [ + "Government", + "Private sector" ] }, "description": "A China-based actor that targets foreign embassies to collect data on government, defence, and technology sectors.", @@ -2725,5 +2746,5 @@ ], "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.", "uuid": "7cdff317-a673-4474-84ec-4f1754947823", - "version": 43 + "version": 44 }