From 272ea3ba4aa648e43535f842c7b13df150209b27 Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Thu, 28 Mar 2019 15:58:00 +0100 Subject: [PATCH 1/2] add ref for Ryuk and LockerGoga ransomwares --- clusters/ransomware.json | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/clusters/ransomware.json b/clusters/ransomware.json index 7c124ce..763b695 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -11717,7 +11717,8 @@ "https://www.crowdstrike.com/blog/wp-content/uploads/2019/01/RansomeNote-fig4.png" ], "refs": [ - "https://www.crowdstrike.com/blog/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomware/" + "https://www.crowdstrike.com/blog/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomware/", + "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2019-ACT-005.pdf" ] }, "uuid": "f9464c80-b776-4f37-8682-ffde0cf8f718", @@ -11745,7 +11746,8 @@ "https://www.bleepstatic.com/images/news/u/1100723/Ransomware/LockerGoga-ransom-note.png" ], "refs": [ - "https://www.bleepingcomputer.com/news/security/new-lockergoga-ransomware-allegedly-used-in-altran-attack/" + "https://www.bleepingcomputer.com/news/security/new-lockergoga-ransomware-allegedly-used-in-altran-attack/", + "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2019-ACT-005.pdf" ] }, "uuid": "1e19dae5-80c3-4358-abcd-2bf0ba4c76fe", @@ -11775,5 +11777,5 @@ "value": "Jokeroo" } ], - "version": 54 + "version": 55 } From 8ac7aec85cfef89c5073faba2038e3ea37edd1d9 Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Fri, 19 Apr 2019 13:21:11 +0200 Subject: [PATCH 2/2] add Sea Turtle campaign --- clusters/threat-actor.json | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index c84e46d..d7aa608 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -6675,6 +6675,16 @@ }, "uuid": "943f490e-ac7f-40fe-b6f3-33e2623649d2", "value": "Whitefly" + }, + { + "description": " This blog post discusses the technical details of a state-sponsored attack manipulating DNS systems. While this incident is limited to targeting primarily national security organizations in the Middle East and North Africa, and we do not want to overstate the consequences of this specific campaign, we are concerned that the success of this operation will lead to actors more broadly attacking the global DNS system. DNS is a foundational technology supporting the Internet. Manipulating that system has the potential to undermine the trust users have on the internet. That trust and the stability of the DNS system as a whole drives the global economy. Responsible nations should avoid targeting this system, work together to establish an accepted global norm that this system and the organizations that control it are off-limits, and cooperate in pursuing those actors who act irresponsibly by targeting this system.", + "meta": { + "refs": [ + "https://blog.talosintelligence.com/2019/04/seaturtle.html" + ] + }, + "uuid": "ce7bba52-5ae8-44ea-9979-68502d832ab7", + "value": "Sea Turtle" } ], "version": 108