MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'master' into master

pull/452/head
Deborah Servili 2019-09-04 14:42:47 +02:00 committed by GitHub
parent 9e3a998dfc 9690d070ab
commit 718ea55dd7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 646 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
__pycache__

24
clusters/ransomware.json
View File

@ -13471,7 +13471,29 @@
}, },
"uuid": "6cfa553a-1e1b-115a-401f-015d681470b1", "uuid": "6cfa553a-1e1b-115a-401f-015d681470b1",
"value": "GetCrypt" "value": "GetCrypt"
},
{
"description": "A new ransomware family dubbed “Nemty” for the extension it adds to encrypted files has recently surfaced in the wild. According to a report from Bleeping Computer, New York-based reverse engineer Vitali Kremez posits that Nemty is possibly delivered through exposed remote desktop connections.",
"meta": {
"payment-method": "Bitcoin",
"price": "1000 $",
"refs": [
"https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/nemty-ransomware-possibly-spreads-through-exposed-remote-desktop-connections"
]
},
"uuid": "6cfa554a-1e2b-115a-400f-014d671470b1",
"value": "Nemty"
},
{
"description": "Buran is a new version of the Vega ransomware strain (a.k.a. Jamper, Ghost, Buhtrap) that attacked accountants from February through April 2019. The new Buran ransomware first was discovered by nao_sec in June 2019, delivered by the RIG Exploit Kit, as reported by BleepingComputer.",
"meta": {
"refs": [
"https://www.acronis.com/en-us/blog/posts/meet-buran-new-delphi-ransomware-delivered-rig-exploit-kit"
]
},
"uuid": "6cfa554a-1e1b-114a-300f-013d671370b0",
"value": "Buran"
} }
], ],
"version": 64 "version": 66
} }

558
clusters/target-information.json
View File

@ -1493,7 +1493,7 @@
"Zhōnghuá Rénmín Gònghéguó" "Zhōnghuá Rénmín Gònghéguó"
], ],
"territory-type": [ "territory-type": [
"" "Country"
] ]
}, },
"uuid": "53d3d205-db31-4ec9-86aa-c2bf11fd18e6", "uuid": "53d3d205-db31-4ec9-86aa-c2bf11fd18e6",
@ -2154,7 +2154,7 @@
"currency": [ "currency": [
"$", "$",
"USD", "USD",
"United States dollara" "United States dollar"
], ],
"iso-code": [ "iso-code": [
"SV", "SV",
@ -2517,10 +2517,27 @@
"calling-code": [ "calling-code": [
"+241" "+241"
], ],
"capital": [
"Libreville"
],
"currency": [
"Central African CFA franc",
"XAF"
],
"iso-code": [ "iso-code": [
"GA", "GA",
"GAB" "GAB"
], ],
"official-languages": [
"French"
],
"synomyms": [
"Gabonese Republic",
"République gabonaise"
],
"territory-type": [
"Country"
],
"top-level-domain": ".ga" "top-level-domain": ".ga"
}, },
"uuid": "8e70d742-c708-4a9e-8ab1-6a8a90306ccf", "uuid": "8e70d742-c708-4a9e-8ab1-6a8a90306ccf",
@ -2531,10 +2548,28 @@
"calling-code": [ "calling-code": [
"+220" "+220"
], ],
"capital": [
"Banjul"
],
"currency": [
"Dalasi",
"GMD"
],
"iso-code": [ "iso-code": [
"GM", "GM",
"GMB" "GMB"
] ],
"official-languages": [
"English"
],
"synomyms": [
"The Gambia",
"Republic of The Gambia"
],
"territory-type": [
"Country"
],
"top-level-domain": ".gm"
}, },
"uuid": "2ded2689-16c3-4476-a2d8-04c4bc51ae4a", "uuid": "2ded2689-16c3-4476-a2d8-04c4bc51ae4a",
"value": "Gambia" "value": "Gambia"
@ -2544,10 +2579,32 @@
"calling-code": [ "calling-code": [
"+995" "+995"
], ],
"capital": [
"Tbilisi"
],
"currency": [
"Georgian lari",
"₾",
"GEL"
],
"iso-code": [ "iso-code": [
"GE", "GE",
"GEO" "GEO"
], ],
"official-languages": [
"Georgian",
"Abkhazian"
],
"synomyms": [
"საქართველო",
"sakartvelo",
"Republic of Georgia",
"საქართველოს რესპუბლიკა",
"sakartvelos resp'ublik'a"
],
"territory-type": [
"Country"
],
"top-level-domain": ".ge" "top-level-domain": ".ge"
}, },
"uuid": "76c2f2fe-ce68-4008-aa30-1ac8de38d617", "uuid": "76c2f2fe-ce68-4008-aa30-1ac8de38d617",
@ -2558,6 +2615,14 @@
"calling-code": [ "calling-code": [
"+49" "+49"
], ],
"capital": [
"Berlin"
],
"currency": [
"€",
"EUR",
"EURO"
],
"iso-code": [ "iso-code": [
"DE", "DE",
"DEU" "DEU"
@ -2565,6 +2630,17 @@
"member-of": [ "member-of": [
"NATO" "NATO"
], ],
"official-languages": [
"German"
],
"synomyms": [
"Deutschland",
"Federal Republic of Germany",
"Bundesrepublik Deutschland"
],
"territory-type": [
"Country"
],
"top-level-domain": ".de" "top-level-domain": ".de"
}, },
"uuid": "4121d334-39d0-49c4-8a0e-0442c6bdcbc4", "uuid": "4121d334-39d0-49c4-8a0e-0442c6bdcbc4",
@ -2575,10 +2651,26 @@
"calling-code": [ "calling-code": [
"+233" "+233"
], ],
"capital": [
"Accra"
],
"currency": [
"Ghanaian cedi",
"GHS"
],
"iso-code": [ "iso-code": [
"GH", "GH",
"GHA" "GHA"
], ],
"official-languages": [
"English"
],
"synomyms": [
"Republic of Ghana"
],
"territory-type": [
"Country"
],
"top-level-domain": ".gh" "top-level-domain": ".gh"
}, },
"uuid": "6f7a0f04-8299-4a2d-95d0-a8305a1ae23e", "uuid": "6f7a0f04-8299-4a2d-95d0-a8305a1ae23e",
@ -2589,10 +2681,29 @@
"calling-code": [ "calling-code": [
"+350" "+350"
], ],
"capital": [
"Gibraltar"
],
"currency": [
"Gibraltar pound",
"£",
"GIP"
],
"iso-code": [ "iso-code": [
"GI", "GI",
"GIB" "GIB"
] ],
"official-languages": [
"English"
],
"synomyms": [
"جبل طارق",
"Jabal Ṭāriq"
],
"territory-type": [
"British Overseas Territory"
],
"top-level-domain": ".gi"
}, },
"uuid": "078a914d-7ef3-413b-8a62-2473b8db1c12", "uuid": "078a914d-7ef3-413b-8a62-2473b8db1c12",
"value": "Gibraltar" "value": "Gibraltar"
@ -2602,6 +2713,14 @@
"calling-code": [ "calling-code": [
"+30" "+30"
], ],
"capital": [
"Athens"
],
"currency": [
"€",
"EUR",
"EURO"
],
"iso-code": [ "iso-code": [
"GR", "GR",
"GRC" "GRC"
@ -2609,6 +2728,19 @@
"member-of": [ "member-of": [
"NATO" "NATO"
], ],
"official-languages": [
"Greek"
],
"synomyms": [
"Hellas",
"Ελλάς",
"Hellenic Republic",
"Ελληνική Δημοκρατία",
"Ellinikí Dimokratía"
],
"territory-type": [
"sovereign state"
],
"top-level-domain": ".gr" "top-level-domain": ".gr"
}, },
"uuid": "505730f7-2637-4efb-845d-f1af7cdca109", "uuid": "505730f7-2637-4efb-845d-f1af7cdca109",
@ -2619,10 +2751,28 @@
"calling-code": [ "calling-code": [
"+299" "+299"
], ],
"capital": [
"Nuuk"
],
"currency": [
"Danish krone",
"DKK"
],
"iso-code": [ "iso-code": [
"GL", "GL",
"GRL" "GRL"
] ],
"official-languages": [
"Greenandic"
],
"synomyms": [
"Kalaallit Nunaat",
"Grønland"
],
"territory-type": [
"Country"
],
"top-level-domain": ".gl"
}, },
"uuid": "20f2c544-093d-4964-84ae-7d5fd54ad6d0", "uuid": "20f2c544-093d-4964-84ae-7d5fd54ad6d0",
"value": "Greenland" "value": "Greenland"
@ -2632,10 +2782,23 @@
"calling-code": [ "calling-code": [
"+1-473" "+1-473"
], ],
"capital": [
"St. George's"
],
"currency": [
"East Caribbean dollar",
"XCD"
],
"iso-code": [ "iso-code": [
"GD", "GD",
"GRD" "GRD"
], ],
"official-languages": [
"English"
],
"territory-type": [
"sovereign state"
],
"top-level-domain": ".gd" "top-level-domain": ".gd"
}, },
"uuid": "1aea4486-eef7-496b-9a69-a2d2bdbe7b77", "uuid": "1aea4486-eef7-496b-9a69-a2d2bdbe7b77",
@ -2646,10 +2809,30 @@
"calling-code": [ "calling-code": [
"+1-671" "+1-671"
], ],
"capital": [
"Hagåtña"
],
"currency": [
"$",
"USD",
"United States dollar"
],
"iso-code": [ "iso-code": [
"GU", "GU",
"GUM" "GUM"
] ],
"official-languages": [
"English",
"Chamorro"
],
"synomyms": [
"Guåhån",
"Territory of Guam"
],
"territory-type": [
"Unincorporated organized territory"
],
"top-level-domain": ".gu"
}, },
"uuid": "4dc24d07-79ee-43b7-98a0-53bc79a29708", "uuid": "4dc24d07-79ee-43b7-98a0-53bc79a29708",
"value": "Guam" "value": "Guam"
@ -2659,10 +2842,27 @@
"calling-code": [ "calling-code": [
"+502" "+502"
], ],
"capital": [
"Guatemala City"
],
"currency": [
"Quetzal",
"GTQ"
],
"iso-code": [ "iso-code": [
"GT", "GT",
"GTM" "GTM"
], ],
"official-languages": [
"Spanish"
],
"synomyms": [
"Republic of Guatemala",
"República de Guatemala"
],
"territory-type": [
"Country"
],
"top-level-domain": ".gt" "top-level-domain": ".gt"
}, },
"uuid": "3e3e89d2-07f3-4ddc-addf-2d5cb05bedd1", "uuid": "3e3e89d2-07f3-4ddc-addf-2d5cb05bedd1",
@ -2673,10 +2873,30 @@
"calling-code": [ "calling-code": [
"+44-1481" "+44-1481"
], ],
"capital": [
"St Peter Port"
],
"currency": [
"Guernsey Pound",
"Pound sterling",
"GGP",
"GBP"
],
"iso-code": [ "iso-code": [
"GG", "GG",
"GGY" "GGY"
] ],
"official-languages": [
"English",
"French"
],
"synomyms": [
"Guernési"
],
"territory-type": [
"Jurisdiction"
],
"top-level-domain": ".gg"
}, },
"uuid": "dd42b40e-2740-46f5-9bb1-6d0799a081c7", "uuid": "dd42b40e-2740-46f5-9bb1-6d0799a081c7",
"value": "Guernsey" "value": "Guernsey"
@ -2686,10 +2906,30 @@
"calling-code": [ "calling-code": [
"+224" "+224"
], ],
"capital": [
"Conakry"
],
"currency": [
"Guinean franc",
"GNF"
],
"iso-code": [ "iso-code": [
"GN", "GN",
"GIN" "GIN"
], ],
"official-languages": [
"French"
],
"synomyms": [
"Ginee",
"Guinée",
"Republic of Guinea",
"Renndaandi Ginee",
"République de Guinée (French)"
],
"territory-type": [
"Country"
],
"top-level-domain": ".gn" "top-level-domain": ".gn"
}, },
"uuid": "f227edf8-e538-45b8-8a70-1a05ea5a605b", "uuid": "f227edf8-e538-45b8-8a70-1a05ea5a605b",
@ -2700,10 +2940,28 @@
"calling-code": [ "calling-code": [
"+245" "+245"
], ],
"capital": [
"Bisseau"
],
"currency": [
"West African CFA franc",
"XOF"
],
"iso-code": [ "iso-code": [
"GW", "GW",
"GNB" "GNB"
], ],
"official-languages": [
"Portuguese"
],
"synomyms": [
"Guiné-Bissau",
"Republic of Guinea-Bissau",
"República da Guiné-Bissau"
],
"territory-type": [
"Country"
],
"top-level-domain": ".gw" "top-level-domain": ".gw"
}, },
"uuid": "3b5824bc-936e-4403-bdc9-4dd9a7db36e3", "uuid": "3b5824bc-936e-4403-bdc9-4dd9a7db36e3",
@ -2714,10 +2972,26 @@
"calling-code": [ "calling-code": [
"+592" "+592"
], ],
"capital": [
"Georgetown"
],
"currency": [
"Guyanese dollar",
"GYD"
],
"iso-code": [ "iso-code": [
"GY", "GY",
"GUY" "GUY"
], ],
"official-languages": [
"English"
],
"synomyms": [
"Co-operative Republic of Guyana"
],
"territory-type": [
"Country"
],
"top-level-domain": ".gy" "top-level-domain": ".gy"
}, },
"uuid": "cb9fbca4-6cc6-4f83-9ebc-4e975cddea69", "uuid": "cb9fbca4-6cc6-4f83-9ebc-4e975cddea69",
@ -2728,10 +3002,33 @@
"calling-code": [ "calling-code": [
"+509" "+509"
], ],
"capital": [
"Port-au-Prince"
],
"currency": [
"Haitian gourde",
"G",
"HTG"
],
"iso-code": [ "iso-code": [
"HT", "HT",
"HTI" "HTI"
], ],
"official-languages": [
"French",
"Haitian Creole"
],
"synomyms": [
"Haïti",
"Ayiti",
"Republic of Haiti",
"République d'Haïti",
"Repiblik Ayiti",
"Hayti"
],
"territory-type": [
"Country"
],
"top-level-domain": ".ht" "top-level-domain": ".ht"
}, },
"uuid": "595dd000-64ac-43b5-be17-0f52eff47459", "uuid": "595dd000-64ac-43b5-be17-0f52eff47459",
@ -2742,10 +3039,27 @@
"calling-code": [ "calling-code": [
"+504" "+504"
], ],
"capital": [
"Tegucigalpa"
],
"currency": [
"Lempira",
"HNL"
],
"iso-code": [ "iso-code": [
"HN", "HN",
"HND" "HND"
], ],
"official-languages": [
"Spanish"
],
"synomyms": [
"Republic of Honduras",
"República de Honduras"
],
"territory-type": [
"Country"
],
"top-level-domain": ".hn" "top-level-domain": ".hn"
}, },
"uuid": "74a66006-ce2b-4280-abd1-e6f14ff9b926", "uuid": "74a66006-ce2b-4280-abd1-e6f14ff9b926",
@ -2756,10 +3070,25 @@
"calling-code": [ "calling-code": [
"+852" "+852"
], ],
"currency": [
"Hong Kong dollar",
"HK$",
"HKD"
],
"iso-code": [ "iso-code": [
"HK", "HK",
"HKG" "HKG"
], ],
"official-languages": [
"Chinese",
"English"
],
"synomyms": [
"Hong Kong Special Administrative Region of the People's Republic of China"
],
"territory-type": [
"special administrative region"
],
"top-level-domain": ".hk" "top-level-domain": ".hk"
}, },
"uuid": "51c8ffc5-5453-4bf8-b100-74186d9a0de0", "uuid": "51c8ffc5-5453-4bf8-b100-74186d9a0de0",
@ -2770,6 +3099,13 @@
"calling-code": [ "calling-code": [
"+36" "+36"
], ],
"capital": [
"Budapest"
],
"currency": [
"Forint",
"HUF"
],
"iso-code": [ "iso-code": [
"HU", "HU",
"HUN" "HUN"
@ -2777,6 +3113,15 @@
"member-of": [ "member-of": [
"NATO" "NATO"
], ],
"official-languages": [
"Hungarian"
],
"synomyms": [
"Magyarország"
],
"territory-type": [
"Country"
],
"top-level-domain": ".hu" "top-level-domain": ".hu"
}, },
"uuid": "adc52cee-5668-498d-8111-db1c38a584c5", "uuid": "adc52cee-5668-498d-8111-db1c38a584c5",
@ -2787,6 +3132,13 @@
"calling-code": [ "calling-code": [
"+354" "+354"
], ],
"capital": [
"Reykjavík"
],
"currency": [
"Icelandic króna",
"ISK"
],
"iso-code": [ "iso-code": [
"IS", "IS",
"ISL" "ISL"
@ -2794,6 +3146,15 @@
"member-of": [ "member-of": [
"NATO" "NATO"
], ],
"official-languages": [
"Icelandic"
],
"synomyms": [
"Ísland"
],
"territory-type": [
"Country"
],
"top-level-domain": ".is" "top-level-domain": ".is"
}, },
"uuid": "5bcfbed4-d9af-40ab-bcbd-013cad252570", "uuid": "5bcfbed4-d9af-40ab-bcbd-013cad252570",
@ -2804,10 +3165,29 @@
"calling-code": [ "calling-code": [
"+91" "+91"
], ],
"capital": [
"New Delhi"
],
"currency": [
"Indian rupee",
"₹",
"INR"
],
"iso-code": [ "iso-code": [
"IN", "IN",
"IND" "IND"
], ],
"official-languages": [
"Hindi",
"English"
],
"synomyms": [
"Republic of India",
"Bhārat Gaṇarājya"
],
"territory-type": [
"Country"
],
"top-level-domain": ".in" "top-level-domain": ".in"
}, },
"uuid": "283a7b58-9fa6-48c8-95bc-9ece77b5b2ea", "uuid": "283a7b58-9fa6-48c8-95bc-9ece77b5b2ea",
@ -2818,10 +3198,28 @@
"calling-code": [ "calling-code": [
"+62" "+62"
], ],
"capital": [
"Jakarta"
],
"currency": [
"Indonesian rupiah",
"Rp",
"IDR"
],
"iso-code": [ "iso-code": [
"ID", "ID",
"IDN" "IDN"
], ],
"official-languages": [
"Indonesian"
],
"synomyms": [
"Republic of Indonesia",
"Republik Indonesia"
],
"territory-type": [
"Country"
],
"top-level-domain": ".id" "top-level-domain": ".id"
}, },
"uuid": "417b5c63-a388-45d1-b104-cede98b13fe0", "uuid": "417b5c63-a388-45d1-b104-cede98b13fe0",
@ -2832,10 +3230,30 @@
"calling-code": [ "calling-code": [
"+98" "+98"
], ],
"capital": [
"Tehran"
],
"currency": [
"Rial",
"ریال",
"IRR"
],
"iso-code": [ "iso-code": [
"IR", "IR",
"IRN" "IRN"
], ],
"official-languages": [
"Persian"
],
"synomyms": [
"Persia",
"Islamic Republic of Iran",
"جمهوری اسلامی ایران",
"Jomhuri-ye Eslāmi-ye Irān"
],
"territory-type": [
"Country"
],
"top-level-domain": ".ir" "top-level-domain": ".ir"
}, },
"uuid": "12b32332-ead1-4f69-be61-69ab1ed27d01", "uuid": "12b32332-ead1-4f69-be61-69ab1ed27d01",
@ -2846,10 +3264,36 @@
"calling-code": [ "calling-code": [
"+964" "+964"
], ],
"capital": [
"Baghdad"
],
"currency": [
"Iraqi dinar",
"IQD"
],
"iso-code": [ "iso-code": [
"IQ", "IQ",
"IRQ" "IRQ"
], ],
"official-languages": [
"Arabic",
"Kurdish"
],
"synomyms": [
"العراق",
"al-'Irāq",
"عێراق‎",
"Êraq",
"Republic of Iraq",
"جمهورية العراق",
"کۆماری عێراق",
"کۆمارا ئێـراقێ",
"Jumhūrīyyat al-'Irāq",
"Komarî Êraq"
],
"territory-type": [
"Country"
],
"top-level-domain": ".iq" "top-level-domain": ".iq"
}, },
"uuid": "625f37bd-fe48-4791-ac1e-be8d069643a1", "uuid": "625f37bd-fe48-4791-ac1e-be8d069643a1",
@ -2860,10 +3304,29 @@
"calling-code": [ "calling-code": [
"+353" "+353"
], ],
"capital": [
"Dublin"
],
"currency": [
"€",
"EUR",
"EURO"
],
"iso-code": [ "iso-code": [
"IE", "IE",
"IRL" "IRL"
], ],
"official-languages": [
"Irish",
"English"
],
"synomyms": [
"Éire",
"Republic of Ireland"
],
"territory-type": [
"Country"
],
"top-level-domain": ".ie" "top-level-domain": ".ie"
}, },
"uuid": "b1243ef1-78f4-4e10-841d-bc61361f21f8", "uuid": "b1243ef1-78f4-4e10-841d-bc61361f21f8",
@ -2874,10 +3337,32 @@
"calling-code": [ "calling-code": [
"+44-1624" "+44-1624"
], ],
"capital": [
"Douglas"
],
"currency": [
"Pound sterling",
"GBP",
"Manx pound",
"IMP"
],
"iso-code": [ "iso-code": [
"IM", "IM",
"IMN" "IMN"
] ],
"official-languages": [
"English",
"Manx"
],
"synomyms": [
"Mannin",
"Ellan Vannin",
"Mann"
],
"territory-type": [
"Crown dependency"
],
"top-level-domain": ".im"
}, },
"uuid": "57855966-b290-47e2-b098-1d903f4163b8", "uuid": "57855966-b290-47e2-b098-1d903f4163b8",
"value": "Isle of Man" "value": "Isle of Man"
@ -2887,10 +3372,29 @@
"calling-code": [ "calling-code": [
"+972" "+972"
], ],
"capital": [
"Jerusalem"
],
"currency": [
"New shekel",
"₪",
"ILS"
],
"iso-code": [ "iso-code": [
"IL", "IL",
"ISR" "ISR"
], ],
"official-languages": [
"Hebrew"
],
"synomyms": [
"יִשְׂרָאֵל",
"إِسْرَائِيل‎",
"State of Israel"
],
"territory-type": [
"Country"
],
"top-level-domain": ".il" "top-level-domain": ".il"
}, },
"uuid": "3273414a-8331-44cc-b3f6-890bf2363607", "uuid": "3273414a-8331-44cc-b3f6-890bf2363607",
@ -2901,6 +3405,14 @@
"calling-code": [ "calling-code": [
"+39" "+39"
], ],
"capital": [
"Rome"
],
"currency": [
"€",
"EUR",
"EURO"
],
"iso-code": [ "iso-code": [
"IT", "IT",
"ITA" "ITA"
@ -2908,6 +3420,17 @@
"member-of": [ "member-of": [
"NATO" "NATO"
], ],
"official-languages": [
"Italian"
],
"synomyms": [
"Italia",
"Italian Republic",
"Repubblica Italiana"
],
"territory-type": [
"Country"
],
"top-level-domain": ".it" "top-level-domain": ".it"
}, },
"uuid": "1bcc0b11-d906-40ea-910c-a1124c4d82bd", "uuid": "1bcc0b11-d906-40ea-910c-a1124c4d82bd",
@ -2918,10 +3441,29 @@
"calling-code": [ "calling-code": [
"+225" "+225"
], ],
"capital": [
"Yamoussoukro",
"Abidjan"
],
"currency": [
"West African CFA franc",
"XOF"
],
"iso-code": [ "iso-code": [
"CI", "CI",
"CIV" "CIV"
], ],
"official-languages": [
"French"
],
"synomyms": [
"Côte d'Ivoire",
"Republic of Côte d'Ivoire",
"République de Côte d'Ivoire"
],
"territory-type": [
"Country"
],
"top-level-domain": ".ci" "top-level-domain": ".ci"
}, },
"uuid": "c1aac71f-b060-4816-9369-451df1550883", "uuid": "c1aac71f-b060-4816-9369-451df1550883",

26
clusters/threat-actor.json
View File

@ -3735,10 +3735,12 @@
"refs": [ "refs": [
"https://www2.fireeye.com/rs/848-DID-242/images/rpt-fin6.pdf", "https://www2.fireeye.com/rs/848-DID-242/images/rpt-fin6.pdf",
"https://www.fireeye.com/blog/threat-research/2019/04/pick-six-intercepting-a-fin6-intrusion.html", "https://www.fireeye.com/blog/threat-research/2019/04/pick-six-intercepting-a-fin6-intrusion.html",
"https://attack.mitre.org/groups/G0037/" "https://attack.mitre.org/groups/G0037/",
"https://securityintelligence.com/posts/more_eggs-anyone-threat-actor-itg08-strikes-again/"
], ],
"synonyms": [ "synonyms": [
"Skeleton Spider" "Skeleton Spider",
"ITG08"
] ]
}, },
"related": [ "related": [
@ -4675,7 +4677,8 @@
"https://threatvector.cylance.com/en_us/home/el-machete-malware-attacks-cut-through-latam.html" "https://threatvector.cylance.com/en_us/home/el-machete-malware-attacks-cut-through-latam.html"
], ],
"synonyms": [ "synonyms": [
"Machete" "Machete",
"machete-apt"
] ]
}, },
"uuid": "827c17e0-c3f5-4ad1-a4f4-30a40ed0a2d3", "uuid": "827c17e0-c3f5-4ad1-a4f4-30a40ed0a2d3",
@ -6911,7 +6914,11 @@
"https://www.cybereason.com/blog/threat-actor-ta505-targets-financial-enterprises-using-lolbins-and-a-new-backdoor-malware", "https://www.cybereason.com/blog/threat-actor-ta505-targets-financial-enterprises-using-lolbins-and-a-new-backdoor-malware",
"https://e.cyberint.com/hubfs/Report%20Legit%20Remote%20Access%20Tools%20Turn%20Into%20Threat%20Actors%20Tools/CyberInt_Legit%20Remote%20Access%20Tools%20Turn%20Into%20Threat%20Actors'%20Tools_Report.pdf", "https://e.cyberint.com/hubfs/Report%20Legit%20Remote%20Access%20Tools%20Turn%20Into%20Threat%20Actors%20Tools/CyberInt_Legit%20Remote%20Access%20Tools%20Turn%20Into%20Threat%20Actors'%20Tools_Report.pdf",
"https://threatpost.com/ta505-servhelper-malware/140792/", "https://threatpost.com/ta505-servhelper-malware/140792/",
"https://blog.yoroi.company/research/the-stealthy-email-stealer-in-the-ta505-arsenal/" "https://blog.yoroi.company/research/the-stealthy-email-stealer-in-the-ta505-arsenal/",
"https://threatrecon.nshc.net/2019/08/29/sectorj04-groups-increased-activity-in-2019/"
],
"synonyms": [
"SectorJ04 Group"
] ]
}, },
"uuid": "03c80674-35f8-4fe0-be2b-226ed0fcd69f", "uuid": "03c80674-35f8-4fe0-be2b-226ed0fcd69f",
@ -7643,6 +7650,15 @@
"uuid": "5533d062-18ab-4c70-9472-0eac03f95a1d", "uuid": "5533d062-18ab-4c70-9472-0eac03f95a1d",
"value": "TA428" "value": "TA428"
}, },
{
"meta": {
"refs": [
"https://www.secureworks.com/blog/lyceum-takes-center-stage-in-middle-east-campaign"
]
},
"uuid": "e1b95185-8db6-4f3c-9ffd-1749087d934a",
"value": "LYCEUM"
},
{ {
"description": "APT41 is a prolific cyber threat group that carries out Chinese state-sponsored espionage activity in addition to financially motivated activity potentially outside of state control.", "description": "APT41 is a prolific cyber threat group that carries out Chinese state-sponsored espionage activity in addition to financially motivated activity potentially outside of state control.",
"meta": { "meta": {
@ -7694,5 +7710,5 @@
"value": "SectorJ04" "value": "SectorJ04"
} }
], ],
"version": 129 "version": 131
} }

0
tools/__init__.py Normal file
View File

19
tools/chk_dup.py
View File

@ -8,9 +8,19 @@ import os
import collections import collections
def loadjsons(path): def loadjsons(path, return_paths=False):
""" """
Find all Jsons and load them in a dict Find all Jsons and load them in a dict
Parameters:
path: string
return_names: boolean, if the name of the file should be returned,
default: False
Returns:
List of parsed file contents.
If return_paths is True, then every list item is a tuple of the
file name and the file content
""" """
files = [] files = []
data = [] data = []
@ -18,9 +28,14 @@ def loadjsons(path):
if os.path.isfile(os.path.join(path, name)) and name.endswith('.json'): if os.path.isfile(os.path.join(path, name)) and name.endswith('.json'):
files.append(name) files.append(name)
for jfile in files: for jfile in files:
data.append(json.load(open("%s/%s" % (path, jfile)))) filepath = os.path.join(path, jfile)
if return_paths:
data.append((filepath, json.load(open(filepath))))
else:
data.append(json.load(json.load(open(filepath))))
return data return data
if __name__ == '__main__': if __name__ == '__main__':
""" """
Iterate all name + synonyms Iterate all name + synonyms

24
tools/chk_empty_strings.py Executable file
View File

@ -0,0 +1,24 @@
#!/usr/bin/env python3
# coding=utf-8
"""
Tools to find empty string entries in galaxies
"""
from .chk_dup import loadjsons
import sys
if __name__ == '__main__':
jsons = loadjsons("clusters", return_paths=True)
retval = 0
for clustername, djson in jsons:
items = djson.get('values')
for entry in items:
name = entry.get('value')
for key, value in entry.get('meta', {}).items():
if isinstance(value, list):
if '' in value:
retval = 1
print("Empty string found in Cluster %r: values/%s/meta/%s"
"" % (clustername, name, key),
file=sys.stderr)
sys.exit(retval)

3
validate_all.sh
View File

@ -84,3 +84,6 @@ do
fi fi
echo '' echo ''
done done
# check for empyt strings in clusters
python3 -m tools.chk_empty_strings