MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [tool] NOKKI added 

ref: https://researchcenter.paloaltonetworks.com/2018/09/unit42-new-konni-malware-attacking-eurasia-southeast-asia/
pull/277/head
Alexandre Dulaunoy 2018-09-29 09:01:47 +02:00
parent 49fe210812
commit 2402c7d98f
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
clusters/tool.json
View File

@ -4209,6 +4209,16 @@
"uuid": "24ee55e3-697f-482f-8fa8-d05999df40cd",
"value": "KONNI"
},
{
"value": "NOKKI",
"uuid": "9e4fd0d3-9736-421c-b1e1-96c1d3665c80",
"description": "Beginning in early 2018, Unit 42 observed a series of attacks using a previously unreported malware family, which we have named NOKKI. The malware in question has ties to a previously reported malware family named KONNI, however, after careful consideration, we believe enough differences are present to introduce a different malware family name. To reflect the close relationship with KONNI, we chose NOKKI, swapping KONNIs Ns and Ks. Because of code overlap found within both malware families, as well as infrastructure overlap, we believe the threat actors responsible for KONNI are very likely also responsible for NOKKI. Previous reports stated it was likely KONNI had been in use for over three years in multiple campaigns with a heavy interest in the Korean peninsula and surrounding areas. As of this writing, it is not certain if the KONNI or NOKKI operators are related to known adversary groups operating in the regions of interest, although there is evidence of a tenuous relationship with a group known as Reaper.",
"meta": {
"refs": [
"https://researchcenter.paloaltonetworks.com/2018/09/unit42-new-konni-malware-attacking-eurasia-southeast-asia/"
]
}
},
{
"description": "Recently, Palo Alto Networks researchers discovered an advanced Android malware weve named “SpyDealer” which exfiltrates private data from more than 40 apps and steals sensitive messages from communication apps by abusing the Android accessibility service feature. SpyDealer uses exploits from a commercial rooting app to gain root privilege, which enables the subsequent data theft.",
"meta": {
@ -5821,5 +5831,5 @@
"uuid": "https://www.bleepingcomputer.com/news/security/apt28-uses-lojax-first-uefi-rootkit-seen-in-the-wild/"
}
],
"version": 88
"version": 89
}