mirror of https://github.com/MISP/misp-galaxy
commit
5175fb0364
|
@ -8549,7 +8549,28 @@
|
||||||
],
|
],
|
||||||
"uuid": "7d34ca56-ce69-465f-b8c8-ffd02c4b619d",
|
"uuid": "7d34ca56-ce69-465f-b8c8-ffd02c4b619d",
|
||||||
"value": "Esile"
|
"value": "Esile"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "MOUSEISLAND is a Microsoft Word macro downloader used as the first infection stage and is delivered inside a password-protected zip attached to a phishing email (Figure 2). Based on our intrusion data from responding to ICEDID related incidents, the secondary payload delivered by MOUSEISLAND has been PHOTOLOADER, which acts as an intermediary downloader to install ICEDID. Mandiant attributes the MOUSEISLAND distribution of PHOTOLOADER and other payloads to UNC2420, a distribution threat cluster created by Mandiant’s Threat Pursuit team. UNC2420 activity shares overlaps with the publicly reported nomenclature of “Shathak” or “TA551”.",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://www.mandiant.com/resources/blog/melting-unc2198-icedid-to-ransomware-operations"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "2bea2cc9-c1cc-453d-a483-541b895867d1",
|
||||||
|
"value": "MOUSEISLAND"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "GootLoader is a malware loader historically associated with the GootKit malware. As its developers updated its capabilities, GootLoader has evolved from a loader downloading a malicious payload into a multi-payload malware platform. As a loader malware, GootLoader is usually the first-stage of a system compromise. By leveraging search engine poisoning, GootLoader’s developers may compromise or create websites that rank highly in search engine results, such as Google search results. How is it delivered? Via Malicious files available for download on compromised websites that rank high as search engine results",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://www.cyber.nj.gov/alerts-advisories/gootloader-malware-platform-uses-sophisticated-techniques-to-deliver-malware",
|
||||||
|
"https://blogs.blackberry.com/en/2022/07/gootloader-from-seo-poisoning-to-multi-stage-downloader"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "0bdb6f1c-1229-4556-a535-7444ddfbd7a9",
|
||||||
|
"value": "GootLoader"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 152
|
"version": 153
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue