Merge branch 'master' of https://github.com/Kafeine/misp-galaxy into Kafeine-master

2019-04-28 19:11:20 +02:00 · 2019-04-28 19:11:20 +02:00 · 82a85d1651
parent 2405f1c59e 915b673b7a
commit 82a85d1651
2 changed files with 51 additions and 2 deletions
--- a/clusters/exploit-kit.json
+++ b/clusters/exploit-kit.json
@ -97,7 +97,7 @@
          "http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-ramps-up-spear-phishing-before-zero-days-get-patched/",
          "https://www.welivesecurity.com/2017/12/21/sednit-update-fancy-bear-spent-year/"
        ],
-        "status": "Retired - Last seen ",
+        "status": "",
        "synonyms": [
          "Sednit RTF EK"
        ]
@ -120,6 +120,20 @@
      "uuid": "74fb6a14-1279-4a5b-939a-76478d36d3e1",
      "value": "DNSChanger"
    },
+    {
+      "description": "Novidade Exploit Kit is an exploit kit targeting Routers via the browser",
+      "meta": {
+        "refs": [
+          "https://blog.trendmicro.com/trendlabs-security-intelligence/new-exploit-kit-novidade-found-targeting-home-and-soho-routers/"
+        ],
+        "status": "Active",
+        "synonyms": [
+          "DNSGhost"
+        ]
+      },
+      "uuid": "88acc3b7-2cdd-4e7b-ad0b-2880ffa1eb6d",
+      "value": "Novidade"
+    },
    {
      "description": "Disdain EK has been introduced on underground forum on 2017-08-07. The panel is stolen from Sundown, the pattern are Terror alike and the obfuscation reminds Nebula",
      "meta": {
@ -201,6 +215,17 @@
      "uuid": "b8be7af8-69a8-11e8-adc0-fa7ae01bbebc",
      "value": "VenomKit"
    },
+    {
+      "description": "Taurus Builder is a tool used to generate malicious MS Word documents that contain macros. The kit is advertised on forums by the user \"badbullzvenom\". ",
+      "meta": {
+        "refs": [
+          ""
+        ],
+        "status": "Active"
+      },
+      "uuid": "63988ca2-46c8-4bda-be46-96a8670af357",
+      "value": "Taurus Builder"
+    },
    {
      "description": "RIG is an exploit kit that takes its source in Infinity EK itself an evolution of Redkit. It became dominant after the fall of Angler, Nuclear Pack and the end of public access to Neutrino. RIG-v is the name given to RIG 4 when it was only accessible by \"vip\" customers and when RIG 3 was still in use.",
      "meta": {
@ -220,6 +245,17 @@
      },
      "uuid": "0545e5c0-ed0d-4a02-a69d-31e9e2b31e8a",
      "value": "RIG"
+    },
+        {
+      "description": "Spelevo is an exploit kit that appeared at the end of February 2019 and could be an evolution of SPL EK",
+      "meta": {
+        "refs": [
+          "https://twitter.com/kafeine/status/1103649040800145409"
+        ],
+        "status": "Active"
+      },
+      "uuid": "c880991f-1c17-4bf2-8955-50309364e358",
+      "value": "Spelevo"
    },
    {
      "description": "Sednit EK is the exploit kit used by APT28",
--- a/clusters/tds.json
+++ b/clusters/tds.json
@ -74,6 +74,19 @@
      "uuid": "aa179c37-1a8a-4761-841a-cc940e19d7be",
      "value": "SimpleTDS"
    },
+    {
+      "description": "zTDS is an open source TDS",
+      "meta": {
+        "refs": [
+          "http://ztds.info/doku.php"
+        ],
+        "type": [
+          "OpenSource"
+        ]
+      },
+      "uuid": "7a84de25-545a-4220-b500-85b9219dd67d",
+      "value": "zTDS"
+    },
    {
      "description": "BossTDS",
      "meta": {
@ -121,5 +134,5 @@
      "value": "Orchid TDS"
    }
  ],
-  "version": 3
+  "version": 4
 }