EK and TDS clusters : Removed empty entries

2017-01-05 14:41:57 +01:00 · 2017-01-05 14:41:57 +01:00 · 9128289bc5
parent 7df3b0b7b6
commit 9128289bc5
2 changed files with 6 additions and 36 deletions
--- a/clusters/exploit-kit.json
+++ b/clusters/exploit-kit.json
@ -46,8 +46,7 @@
      "description": "The Empire Pack is a variation of RIG operated by a load seller. It's being fed by many traffic actors",
      "meta": {
        "refs": [
-          "http://malware.dontneedcoffee.com/2016/10/rig-evolves-neutrino-waves-goodbye.html",
-          ""
+          "http://malware.dontneedcoffee.com/2016/10/rig-evolves-neutrino-waves-goodbye.html"
        ],
       "synonyms": [
          "RIG-E"
@ -79,8 +78,7 @@
          "http://www.kahusecurity.com/2012/new-chinese-exploit-pack/"
        ],
       "synonyms": [
-          "CK vip",
-          ""
+          "CK vip"
        ]		,
 		"status": "Active"
       }
@ -108,9 +106,6 @@
        "refs": [
          "https://www.fireeye.com/blog/threat-research/2015/04/a_new_word_document.html",
          "https://www.sophos.com/en-us/medialibrary/PDFs/technical%20papers/sophos-microsoft-word-intruder-revealed.pdf"
-        ],
-       "synonyms": [
-          ""
        ],
 		"status": "Active"
       }
@ -157,9 +152,6 @@
        "refs": [
          "http://www.welivesecurity.com/2014/10/08/sednit-espionage-group-now-using-custom-exploit-kit/",
          "http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/"
-        ],
-       "synonyms": [
-          ""
        ],
 		"status": "Active"
       }
@ -239,7 +231,6 @@
      "description": "The BlackHole Exploit Kit has been the most popular exploit kit from 2011 to 2013. Its activity stopped with Paunch's arrest (all activity since then is anecdotal and based on an old leak)",
      "meta": {
        "refs": [
-	  "",
          "https://www.trustwave.com/Resources/SpiderLabs-Blog/Blackhole-Exploit-Kit-v2/",
          "https://nakedsecurity.sophos.com/exploring-the-blackhole-exploit-kit/"
        ],
@ -251,7 +242,7 @@
    }
 ,
    { "value": "Bleeding Life",
-      "description": "Bleeding Life is an exploit kit that got open source with its version 2",
+      "description": "Bleeding Life is an exploit kit that became open source with its version 2",
      "meta": {
        "refs": [
          "http://www.kahusecurity.com/2011/flash-used-in-idol-malvertisement/",
@ -290,8 +281,7 @@
          "http://www.kahusecurity.com/2011/neosploit-is-back/"
        ],
       "synonyms": [
-          "NeoSploit",
-          ""
+          "NeoSploit"
        ]
 		,
 		"status": "Retired - Last Seen: beginning of 2015-07"
@ -340,10 +330,6 @@
 		"https://blog.malwarebytes.com/threat-analysis/2014/08/shining-some-light-on-the-unknown-exploit-kit/",
          "http://blog.trendmicro.com/trendlabs-security-intelligence/a-closer-look-at-the-exploit-kit-in-cve-2015-0313-attack",
          "https://twitter.com/kafeine/status/562575744501428226"
-        ],
-       "synonyms": [
-          "",
-          ""
        ],
 		"status": "Retired - Last seen: 2015-07"
       }
@ -367,10 +353,6 @@
      "meta": {
        "refs": [
          "http://malware.dontneedcoffee.com/2012/12/inside-impact-exploit-kit-back-on-track.html"
-        ],
-       "synonyms": [
-          "",
-          ""
        ]
 		,
 		"status": "Retired"
@ -399,9 +381,6 @@
          "http://blog.talosintel.com/2014/03/hello-new-exploit-kit.html",
          "http://blog.talosintel.com/2014/05/continued-analysis-of-lightsout-exploit.html",
 		  "http://malwageddon.blogspot.fr/2013/09/unknown-ek-by-way-how-much-is-fish.html"
-        ],
-       "synonyms": [
-          ""
        ],
 		"status": "Unknown - Last seen: 2014-03"
       }
@ -425,7 +404,6 @@
      "description": "The Nuclear Pack appeared in 2009 and has been one of the longer living one. Spartan EK was a landing less variation of Nuclear Pack",
      "meta": {
        "refs": [
-          "",
          "http://blog.checkpoint.com/2016/05/17/inside-nuclears-core-unraveling-a-ransomware-as-a-service-infrastructure/"
        ],
       "synonyms": [
@ -481,8 +459,7 @@
      "description": "Description Here",
      "meta": {
        "refs": [
-          "http://www.xylibox.com/2012/01/sakura-exploit-pack-10.html",
-          ""
+          "http://www.xylibox.com/2012/01/sakura-exploit-pack-10.html"
        ],
 		"status": "Retired - Last seen: 2013-09"
       }
@ -492,8 +469,7 @@
      "description": "Sweet Orange",
      "meta": {
        "refs": [
-          "http://malware.dontneedcoffee.com/2012/12/juice-sweet-orange-2012-12.html",
-          ""
+          "http://malware.dontneedcoffee.com/2012/12/juice-sweet-orange-2012-12.html"
        ],
       "synonyms": [
          "SWO"
--- a/clusters/tds.json
+++ b/clusters/tds.json
@ -56,9 +56,6 @@
    { "value": "Futuristic TDS",
      "description": "Futuristic TDS is the TDS componenent of BlackOS/CookieBomb/NorthTale Iframer",
      "meta": {
-        "refs": [
-          ""
-        ],
 	   "type":"Underground"
       }
    }
@ -66,9 +63,6 @@
    { "value": "Orchid TDS",
      "description": "Orchid TDS was sold underground. Rare usage",
      "meta": {
-        "refs": [
-          ""
-        ],
 	   "type":"Underground"
       }
    }