Merge pull request #314 from Delta-Sierra/master

New clusters
2018-12-13 17:44:20 +01:00 · 2018-12-13 17:44:20 +01:00 · 3cf2881ba4
parent 15d1d9b547 cb4345adf9
commit 3cf2881ba4
2 changed files with 17 additions and 3 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -6110,7 +6110,17 @@
      ],
      "uuid": "6d50a8a2-fdf5-11e8-9db3-833f231caac8",
      "value": "GC02"
+    },
+    {
+      "description": "The McAfee Advanced Threat Research team and McAfee Labs Malware Operations Group have discovered a new global campaign targeting nuclear, defense, energy, and financial companies, based on McAfee® Global Threat Intelligence. This campaign, Operation Sharpshooter, leverages an in-memory implant to download and retrieve a second-stage implant—which we call Rising Sun—for further exploitation. According to our analysis, the Rising Sun implant uses source code from the Lazarus Group’s 2015 backdoor Trojan Duuzer in a new framework to infiltrate these key industries.\nOperation Sharpshooter’s numerous technical links to the Lazarus Group seem too obvious to immediately draw the conclusion that they are responsible for the attacks, and instead indicate a potential for false flags. Our research focuses on how this actor operates, the global impact, and how to detect the attack. We shall leave attribution to the broader security community.",
+      "meta": {
+        "refs": [
+          "https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/operation-sharpshooter-targets-global-defense-critical-infrastructure/"
+        ]
+      },
+      "uuid": "b06c3af1-0243-4428-88da-b3451c345e1e",
+      "value": "Operation Sharpshooter"
    }
  ],
-  "version": 83
+  "version": 84
 }
--- a/clusters/tool.json
+++ b/clusters/tool.json
@ -3263,7 +3263,11 @@
      "description": "Shamoon,[a] also known as Disttrack, is a modular computer virus discovered by Seculert[1] in 2012, targeting recent NT kernel-based versions of Microsoft Windows. The virus has been used for cyber espionage in the energy sector.[2][3][4] Its discovery was announced on 16 August 2012 by Symantec,[3] Kaspersky Lab,[5] and Seculert.[6] Similarities have been highlighted by Kaspersky Lab and Seculert between Shamoon and the Flame malware.[5][6]",
      "meta": {
        "refs": [
-          "https://en.wikipedia.org/wiki/Shamoon"
+          "https://en.wikipedia.org/wiki/Shamoon",
+          "https://securityaffairs.co/wordpress/78867/breaking-news/shamoon-virustotal.html"
+        ],
+        "synonyms": [
+          "DistTrack"
        ]
      },
      "related": [
@ -7475,5 +7479,5 @@
      "value": "SpicyOmelette"
    }
  ],
-  "version": 105
+  "version": 106
 }