MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

some updates

pull/233/head
Deborah Servili 2018-06-26 09:26:32 +02:00
parent dcda058944
commit 3838efb0bb
2 changed files with 17 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
clusters/botnet.json
View File

@ -2,7 +2,7 @@
"description": "botnet galaxy", "description": "botnet galaxy",
"uuid": "a91732f4-164a-11e8-924a-ffd4097eb03f", "uuid": "a91732f4-164a-11e8-924a-ffd4097eb03f",
"source": "MISP Project", "source": "MISP Project",
"version": 5, "version": 6,
"values": [ "values": [
{ {
"meta": { "meta": {
@ -617,6 +617,18 @@
"description": "The bot gathers information from the infected system through WMI queries (SerialNumber, SystemDrive, operating system, processor architecture), which it then sends back to a remote attacker. It installs a backdoor giving an attacker the possibility to run command such as: download a file, update itself, visit a website and perform HTTP, SYN, UDP flooding", "description": "The bot gathers information from the infected system through WMI queries (SerialNumber, SystemDrive, operating system, processor architecture), which it then sends back to a remote attacker. It installs a backdoor giving an attacker the possibility to run command such as: download a file, update itself, visit a website and perform HTTP, SYN, UDP flooding",
"value": "Pontoeb", "value": "Pontoeb",
"uuid": "bc60de19-27a5-4df8-a835-70781b923125" "uuid": "bc60de19-27a5-4df8-a835-70781b923125"
},
{
"meta": {
"refs": [
"https://www.bleepingcomputer.com/news/security/trik-spam-botnet-leaks-43-million-email-addresses/"
],
"synonyms": [
"Trik Trojan"
]
},
"value": "Trik Spam Botnet",
"uuid": "c68d5e64-7485-11e8-8625-2b14141f0501"
} }
], ],
"authors": [ "authors": [

6
clusters/ransomware.json
View File

@ -7966,7 +7966,8 @@
"samsam.exe", "samsam.exe",
"MIKOPONI.exe", "MIKOPONI.exe",
"RikiRafael.exe", "RikiRafael.exe",
"showmehowto.exe" "showmehowto.exe",
"SamSam Ransomware"
], ],
"extensions": [ "extensions": [
".encryptedAES", ".encryptedAES",
@ -8014,7 +8015,8 @@
"refs": [ "refs": [
"https://download.bleepingcomputer.com/demonslay335/SamSamStringDecrypter.zip", "https://download.bleepingcomputer.com/demonslay335/SamSamStringDecrypter.zip",
"http://blog.talosintel.com/2016/03/samsam-ransomware.html", "http://blog.talosintel.com/2016/03/samsam-ransomware.html",
"http://www.intelsecurity.com/advanced-threat-research/content/Analysis_SamSa_Ransomware.pdf" "http://www.intelsecurity.com/advanced-threat-research/content/Analysis_SamSa_Ransomware.pdf",
"https://www.bleepingcomputer.com/news/security/new-samsam-variant-requires-special-password-before-infection/"
] ]
}, },
"uuid": "731e4a5e-35f2-47b1-80ba-150b95fdc14d" "uuid": "731e4a5e-35f2-47b1-80ba-150b95fdc14d"