Merge branch 'master' of github.com:MISP/misp-galaxy

2017-02-10 10:10:00 +01:00 · 2017-02-10 10:10:00 +01:00 · 6fb89a644f
parent 5442a262ab 87296fe95c
commit 6fb89a644f
2 changed files with 22 additions and 13 deletions
--- a/clusters/exploit-kit.json
+++ b/clusters/exploit-kit.json
@ -10,7 +10,7 @@
       "synonyms": [
          "Stegano EK"
        ],
-		"status": "Active"
+		"status": "Unknown - Last Seen 2016-12-07"
       }
    }
 ,
@ -52,7 +52,7 @@
          "RIG-E"
        ]
 	   ,
-		"status": "Active"
+		"status": "Unknown - Last seen: 2016-12-29"
       }
    }
 ,
@ -121,7 +121,7 @@
       "synonyms": [
          "Job314",
          "Neutrino Rebooted",
-		  "Neutrino-v"
+          "Neutrino-v"
        ]		
 		,
 		"status": "Active"
@ -140,7 +140,8 @@
       "synonyms": [
          "RIG 3",
 		  "RIG-v",
-		  "RIG 4"
+		  "RIG 4",
+		  "Meadgive"
        ],
 		"status": "Active"
       }
@ -194,7 +195,7 @@
       "synonyms": [
          "Beps",
          "Xer",
-		  "Beta"
+          "Beta"
        ],
 		"status": "Active",
 		"colour": "#C03701"
@ -211,7 +212,8 @@
        ],
       "synonyms": [
          "XXX",
-          "AEK"
+          "AEK",
+          "Axpergle"
        ],
 		"status": "Retired - Last seen: 2016-06-07"
       }
@ -281,7 +283,8 @@
          "http://www.kahusecurity.com/2011/neosploit-is-back/"
        ],
       "synonyms": [
-          "NeoSploit"
+          "NeoSploit",
+          "Fiexp"
        ]
 		,
 		"status": "Retired - Last Seen: beginning of 2015-07"
@ -409,7 +412,8 @@
       "synonyms": [
          "NEK",
          "Nuclear Pack",
-		  "Spartan"
+		  "Spartan",
+		  "Neclu"
        ]		,
 		"status": "Retired - Last seen: 2015-04-30"
       }
@ -449,7 +453,7 @@
        "refs": [
          "https://www.trustwave.com/Resources/SpiderLabs-Blog/A-Wild-Exploit-Kit-Appears----Meet-RedKit/",
          "http://malware.dontneedcoffee.com/2012/05/inside-redkit.html",
-		  "https://nakedsecurity.sophos.com/2013/05/09/redkit-exploit-kit-part-2/"
+          "https://nakedsecurity.sophos.com/2013/05/09/redkit-exploit-kit-part-2/"
        ],
 		"status": "Retired"
       }
@ -472,7 +476,8 @@
          "http://malware.dontneedcoffee.com/2012/12/juice-sweet-orange-2012-12.html"
        ],
       "synonyms": [
-          "SWO"
+          "SWO",
+          "Anogre"
        ],
 		"status": "Retired - Last seen: 2015-04-05"
       }
@ -483,7 +488,7 @@
      "meta": {
        "refs": [
          "http://malware.dontneedcoffee.com/2012/12/crossing-styx-styx-sploit-pack-20-cve.html",
-		  "https://krebsonsecurity.com/2013/07/styx-exploit-pack-domo-arigato-pc-roboto/",
+          "https://krebsonsecurity.com/2013/07/styx-exploit-pack-domo-arigato-pc-roboto/",
          "http://malware.dontneedcoffee.com/2013/05/inside-styx-2013-05.html"
        ],
 		"status":"Retired - Last seen: 2014-06"
@ -495,13 +500,13 @@
      "meta": {
        "refs": [
          "https://twitter.com/kafeine",
-		  "https://twitter.com/node5",
+          "https://twitter.com/node5",
          "https://twitter.com/kahusecurity"
        ]
       }
    }
 ],
-  "version": 2,
+  "version": 3,
  "uuid": "454f4e78-bd7c-11e6-a4a6-cec0c932ce01",
  "description": "Exploit-Kit is an enumeration of some exploitation kits used by adversaries. The list includes document, browser and router exploit kits.It's not meant to be totally exhaustive but aim at covering the most seen in the past 5 years",
  "authors": [
--- a/clusters/ransomware.json
+++ b/clusters/ransomware.json
@ -859,6 +859,10 @@
    {
      "description": "GNL Locker; .zyklon; ",
      "value": "Zyklon"
+    },
+    {
+      "description": "AES; ",
+      "value": "Erebus"
    }
  ],
  "source": "https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml"