mirror of https://github.com/MISP/misp-galaxy
Merge https://github.com/MISP/misp-galaxy into main
commit
9b76d71c43
|
@ -5291,7 +5291,7 @@
|
||||||
],
|
],
|
||||||
"refs": [
|
"refs": [
|
||||||
"http://download.bleepingcomputer.com/demonslay335/AlphaDecrypter.zip",
|
"http://download.bleepingcomputer.com/demonslay335/AlphaDecrypter.zip",
|
||||||
"http://www.bleepingcomputer.com/news/security/decrypted-alpha-ransomware-continues-the-trend-of-accepting-amazon-cards/",
|
"https://www.bleepingcomputer.com/news/security/decrypted-alpha-ransomware-accepts-itunes-gift-cards-as-payment/",
|
||||||
"https://twitter.com/malwarebread/status/804714048499621888"
|
"https://twitter.com/malwarebread/status/804714048499621888"
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
|
@ -24224,7 +24224,202 @@
|
||||||
},
|
},
|
||||||
"uuid": "feb5fa26-bad4-46da-921d-986d2fd81a40",
|
"uuid": "feb5fa26-bad4-46da-921d-986d2fd81a40",
|
||||||
"value": "WhisperGate"
|
"value": "WhisperGate"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "BlackCat (ALPHV) is ransomware written in Rust. The ransomware makes heavy use of plaintext JSON configuration files to specify the ransomware functionality. BlackCat has many advanced capabilities like escalating privileges and bypassing UAC make use of AES and ChaCha20 or Salsa encryption, may use the Restart Manager, can delete volume shadow copies, can enumerate disk volumes and network shares automatically, and may kill specific processes and services. The ransomware exists for both Windows, Linux, and ESXi systems. Multiple extortion techniques are used by the BlackCat gang, such as exfiltrating victim data before the ransomware deployment, threats to release data if the ransomw is not paid, and distributed denial-of-service (DDoS) attacks.",
|
||||||
|
"meta": {
|
||||||
|
"date": "June 2021",
|
||||||
|
"encryption": "AES",
|
||||||
|
"ransomnotes-refs": [
|
||||||
|
"https://unit42.paloaltonetworks.com/wp-content/uploads/2022/01/word-image-78.png"
|
||||||
|
],
|
||||||
|
"refs": [
|
||||||
|
"https://malpedia.caad.fkie.fraunhofer.de/details/win.blackcat",
|
||||||
|
"https://1-id--ransomware-blogspot-com.translate.goog/2021/12/blackcat-ransomware.html?_x_tr_enc=1&_x_tr_sl=ru&_x_tr_tl=en&_x_tr_hl=ru",
|
||||||
|
"https://medium.com/s2wblog/blackcat-new-rust-based-ransomware-borrowing-blackmatters-configuration-31c8d330a809",
|
||||||
|
"https://github.com/f0wl/blackCatConf",
|
||||||
|
"https://www.sentinelone.com/labs/blackcat-ransomware-highly-configurable-rust-driven-raas-on-the-prowl-for-victims/",
|
||||||
|
"https://www.varonis.com/blog/alphv-blackcat-ransomware",
|
||||||
|
"https://www.intrinsec.com/alphv-ransomware-gang-analysis",
|
||||||
|
"https://unit42.paloaltonetworks.com/blackcat-ransomware/"
|
||||||
|
],
|
||||||
|
"synonyms": [
|
||||||
|
"ALPHV"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "2acf44aa-542f-4366-b4eb-55ef5747759c",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "0a5231ec-41af-4a35-83d0-6bdf11f28c65",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "650c784b-7504-4df7-ab2c-4ea882384d1e",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "4cbc6a62-9e34-4f94-8a19-5c1a11392a49",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "40597f16-0963-4249-bf4c-ac93b7fb9807",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "d74c4a7e-ffbf-432f-9365-7ebf1f787cab",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"dest-uuid": "d74c4a7e-ffbf-432f-9365-7ebf1f787cab",
|
||||||
|
"tags": [
|
||||||
|
"estimative-language:likelihood-probability=\"almost-certain\""
|
||||||
|
],
|
||||||
|
"type": "uses"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"uuid": "e6c09b63-a424-4d9e-b7f7-b752cbbca02a",
|
||||||
|
"value": "BlackCat"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 99
|
"version": 100
|
||||||
}
|
}
|
||||||
|
|
|
@ -4197,10 +4197,12 @@
|
||||||
"https://attack.mitre.org/groups/G0047/",
|
"https://attack.mitre.org/groups/G0047/",
|
||||||
"https://github.com/StrangerealIntel/CyberThreatIntel/tree/master/Russia/APT/Gamaredon",
|
"https://github.com/StrangerealIntel/CyberThreatIntel/tree/master/Russia/APT/Gamaredon",
|
||||||
"https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf",
|
"https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf",
|
||||||
"https://www.welivesecurity.com/2020/06/18/digging-up-invisimole-hidden-arsenal/"
|
"https://www.welivesecurity.com/2020/06/18/digging-up-invisimole-hidden-arsenal/",
|
||||||
|
"https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine"
|
||||||
],
|
],
|
||||||
"synonyms": [
|
"synonyms": [
|
||||||
"Primitive Bear"
|
"Primitive Bear",
|
||||||
|
"Shuckworm"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
@ -8919,7 +8921,24 @@
|
||||||
},
|
},
|
||||||
"uuid": "676c1129-5664-4698-92ee-031f81baefce",
|
"uuid": "676c1129-5664-4698-92ee-031f81baefce",
|
||||||
"value": "AQUATIC PANDA"
|
"value": "AQUATIC PANDA"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "Antlion is a Chinese state-backed advanced persistent threat (APT) group, who has been targeting financial institutions in Taiwan. This persistent campaign has lasted over the course of at least 18 months.",
|
||||||
|
"meta": {
|
||||||
|
"cfr-suspected-victims": [
|
||||||
|
"Taiwan"
|
||||||
|
],
|
||||||
|
"cfr-target-category": [
|
||||||
|
"Financial"
|
||||||
|
],
|
||||||
|
"country": "CN",
|
||||||
|
"refs": [
|
||||||
|
"https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/china-apt-antlion-taiwan-financial-attacks"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "8482f350-867c-11ec-a8a3-0242ac120002",
|
||||||
|
"value": "Antlion"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 210
|
"version": 211
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
python3 adoc_galaxy.py >a.txt
|
python3 adoc_galaxy.py >a.txt
|
||||||
asciidoctor -a allow-uri-read a.txt
|
asciidoctor -a allow-uri-read a.txt
|
||||||
asciidoctor-pdf -a allow-uri-read a.txt
|
asciidoctor-pdf -a allow-uri-read a.txt
|
||||||
cp a.html ../../misp-website/galaxy.html
|
cp a.html ../../misp-website/static/galaxy.html
|
||||||
cp a.pdf ../../misp-website/galaxy.pdf
|
cp a.pdf ../../misp-website/static/galaxy.pdf
|
||||||
scp -l 81920 a.html circl@cpab.circl.lu:/var/www/nwww.circl.lu/doc/misp-galaxy/index.html
|
scp -l 81920 a.html circl@cpab.circl.lu:/var/www/nwww.circl.lu/doc/misp-galaxy/index.html
|
||||||
scp -l 81920 a.pdf circl@cpab.circl.lu:/var/www/nwww.circl.lu/doc/misp-galaxy/galaxy.pdf
|
scp -l 81920 a.pdf circl@cpab.circl.lu:/var/www/nwww.circl.lu/doc/misp-galaxy/galaxy.pdf
|
||||||
|
|
Loading…
Reference in New Issue