Merge pull request #223 from Delta-Sierra/master

Add tools
pull/225/head
Deborah Servili 2018-06-08 16:22:21 +02:00 committed by GitHub
commit 2bbe386107
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 21 additions and 1 deletions

View File

@ -2,7 +2,7 @@
"uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f", "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
"name": "Tool", "name": "Tool",
"source": "MISP Project", "source": "MISP Project",
"version": 72, "version": 73,
"values": [ "values": [
{ {
"meta": { "meta": {
@ -4262,6 +4262,26 @@
"https://www.us-cert.gov/ncas/alerts/TA18-149A" "https://www.us-cert.gov/ncas/alerts/TA18-149A"
] ]
} }
},
{
"uuid": "d1482c9e-6af3-11e8-aa8e-279274bd10c7",
"value": "PLEAD",
"description": "PLEAD has two kinds RAT (Remote Access Tool) and downloader. The RAT operates based on commands that are provided from C&C servers. On the other hand, PLEAD downloader downloads modules and runs it on memory in the same way as TSCookie does.",
"meta": {
"refs": [
"https://blog.jpcert.or.jp/2018/06/plead-downloader-used-by-blacktech.html"
]
}
},
{
"uuid": "65c0dff4-6b23-11e8-899f-8fcb21ad9649",
"value": "BabaYaga",
"description": "The group behind BabaYaga —believed to be Russian-speaking hackers— uses this malware to inject sites with special keyboards to drive SEO traffic to hidden pages on compromised sites. These pages are then used to redirect users to affiliate marketing links, where if the user purchases advertised goods, the hackers also make a profit.\nThe malware per-se is comprised of two modules —one that injects the spam content inside the compromised sites, and a backdoor module that gives attackers control over an infected site at any time.\nThe intricacies of both modules are detailed in much more depth in this 26-page report authored by Defiant (formerly known as WordFence), the security firm which dissected the malware's more recent versions.\n\"[BabaYaga] is relatively well-written, and it demonstrates that the author has some understanding of software development challenges, like code deployment, performance and management,\" Defiant researchers say. \"It can also infect Joomla and Drupal sites, or even generic PHP sites, but it is most fully developed around Wordpress.\"",
"meta": {
"refs": [
"https://www.bleepingcomputer.com/news/security/lol-babayaga-wordpress-malware-updates-your-site/"
]
}
} }
], ],
"authors": [ "authors": [