SloppyLemming relationsships

pull/1022/head
Delta-Sierra 2024-09-27 14:23:01 +02:00
parent 60340edb22
commit 70b0823947
5 changed files with 143 additions and 6 deletions

View File

@ -488,7 +488,17 @@
], ],
"uuid": "4838b37b-2d1f-4cb8-945d-7185580f0bff", "uuid": "4838b37b-2d1f-4cb8-945d-7185580f0bff",
"value": "TERRIBLETEA" "value": "TERRIBLETEA"
},
{
"description": "Merdoor is a fully-featured backdoor that appears to have been in existence since 2018.\nThe backdoor contains the following functionality: Installing itself as a service, Keylogging, A variety of methods to communicate with its command-and-control (C&C) server (HTTP, HTTPS, DNS, UDP, TCP), Ability to listen on a local port for commands\nInstances of the Merdoor backdoor are usually identical with the exception of embedded and encrypted configuration, which determines: C&C communication method, Service details, Installation directory\nTypically, the backdoor is injected into the legitimate processes perfhost.exe or svchost.exe.",
"meta": {
"refs": [
"https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lancefly-merdoor-zxshell-custom-backdoor"
]
},
"uuid": "8ebda9f4-f8f2-4d35-ba2b-d6ecb54b23d4",
"value": "Merdoor"
} }
], ],
"version": 19 "version": 20
} }

View File

@ -2031,7 +2031,29 @@
}, },
"uuid": "40cd57f6-39c9-4a9f-b4cf-de4762642bff", "uuid": "40cd57f6-39c9-4a9f-b4cf-de4762642bff",
"value": "Ztorg" "value": "Ztorg"
},
{
"meta": {
"refs": [
"https://www.team-cymru.com/post/botnet-7777-are-you-betting-on-a-compromised-router",
"https://gi7w0rm.medium.com/the-curious-case-of-the-7777-botnet-86e3464c3ffd"
],
"synonyms": [
"7777"
]
},
"uuid": "3e027dad-9c0a-437e-9938-dd3cf13b0c22",
"value": "Quad7"
},
{
"meta": {
"refs": [
"https://www.team-cymru.com/post/botnet-7777-are-you-betting-on-a-compromised-router"
]
},
"uuid": "963d898f-dc48-409e-8069-aaa51ad6664c",
"value": "63256 botnet"
} }
], ],
"version": 35 "version": 36
} }

View File

@ -1494,6 +1494,15 @@
"HavocCrypt Ransomware" "HavocCrypt Ransomware"
] ]
}, },
"related": [
{
"dest-uuid": "6f7489f5-7edc-4693-b35a-44e79c969678",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "used-by"
}
],
"uuid": "c6bef9c8-becb-4bee-bd97-c1c655133396", "uuid": "c6bef9c8-becb-4bee-bd97-c1c655133396",
"value": "Havoc" "value": "Havoc"
}, },
@ -29684,5 +29693,5 @@
"value": "orca" "value": "orca"
} }
], ],
"version": 133 "version": 134
} }

View File

@ -15215,6 +15215,15 @@
"Outrider Tiger" "Outrider Tiger"
] ]
}, },
"related": [
{
"dest-uuid": "6f7489f5-7edc-4693-b35a-44e79c969678",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
}
],
"uuid": "0df34184-4ccf-4357-8e8e-e990058d2992", "uuid": "0df34184-4ccf-4357-8e8e-e990058d2992",
"value": "Fishing Elephant" "value": "Fishing Elephant"
}, },
@ -16710,9 +16719,88 @@
"https://blog.cloudflare.com/unraveling-sloppylemming-operations/" "https://blog.cloudflare.com/unraveling-sloppylemming-operations/"
] ]
}, },
"related": [
{
"dest-uuid": "0df34184-4ccf-4357-8e8e-e990058d2992",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
},
{
"dest-uuid": "97f26fab-af0e-4da9-b4c1-aec70cace22d",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "c6bef9c8-becb-4bee-bd97-c1c655133396",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "uses"
},
{
"dest-uuid": "4b09b683-5650-4a6c-a383-d8f3b686ebc2",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "targets"
},
{
"dest-uuid": "84668357-5a8c-4bdd-9f0f-6b50b250414b",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "targets"
},
{
"dest-uuid": "84668357-5a8c-4bdd-9f0f-6b50b2424744",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "targets"
},
{
"dest-uuid": "84668357-5a8c-4bdd-9f0f-6b50b249444e",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "targets"
},
{
"dest-uuid": "84668357-5a8c-4bdd-9f0f-6b50b24c4b41",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "targets"
},
{
"dest-uuid": "84668357-5a8c-4bdd-9f0f-6b50b243484e",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "targets"
},
{
"dest-uuid": "84668357-5a8c-4bdd-9f0f-6b50b24e504c",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "targets"
},
{
"dest-uuid": "6012ecea-dcc8-490c-b368-e2e06b2cb62f",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "targets"
}
],
"uuid": "6f7489f5-7edc-4693-b35a-44e79c969678", "uuid": "6f7489f5-7edc-4693-b35a-44e79c969678",
"value": "SloppyLemming" "value": "SloppyLemming"
} }
], ],
"version": 314 "version": 315
} }

View File

@ -1882,7 +1882,8 @@
"refs": [ "refs": [
"http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html", "http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html",
"https://blogs.cisco.com/security/talos/opening-zxshell", "https://blogs.cisco.com/security/talos/opening-zxshell",
"https://www.secureworks.com/research/a-peek-into-bronze-unions-toolbox" "https://www.secureworks.com/research/a-peek-into-bronze-unions-toolbox",
"https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lancefly-merdoor-zxshell-custom-backdoor"
], ],
"synonyms": [ "synonyms": [
"Sensode" "Sensode"
@ -9208,6 +9209,13 @@
"estimative-language:likelihood-probability=\"almost-certain\"" "estimative-language:likelihood-probability=\"almost-certain\""
], ],
"type": "similar" "type": "similar"
},
{
"dest-uuid": "6f7489f5-7edc-4693-b35a-44e79c969678",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "used-by"
} }
], ],
"uuid": "97f26fab-af0e-4da9-b4c1-aec70cace22d", "uuid": "97f26fab-af0e-4da9-b4c1-aec70cace22d",
@ -11075,5 +11083,5 @@
"value": "SLIVER" "value": "SLIVER"
} }
], ],
"version": 173 "version": 174
} }