MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #804 from Delta-Sierra/main 

add Malteiro, TAG-53
pull/805/head v2.4.167
Alexandre Dulaunoy 2022-12-16 16:51:41 +01:00 committed by GitHub
parent 927d9208fc 3f4edb480b
commit ac1242a40e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 68 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
clusters/banker.json
View File

@ -1195,7 +1195,29 @@
},
"uuid": "fa574138-a3bd-4ebc-a5f7-3b465df7106f",
"value": "Dark Tequila"
},
{
"description": "Distributed by Malteiro",
"meta": {
"refs": [
"https://blog.scilabs.mx/en/cyber-threat-profile-malteiro/"
],
"synonyms": [
"URSA"
]
},
"related": [
{
"dest-uuid": "ba57c28a-47d0-46ba-a933-9aed69f7b84f",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "delivered-by"
}
],
"version": 17
"uuid": "d27eea57-e55f-40b1-9690-55c2c8500876",
"value": "Malteiro"
}
],
"version": 18
}

5
clusters/ransomware.json
View File

@ -24381,7 +24381,8 @@
"https://www.varonis.com/blog/alphv-blackcat-ransomware",
"https://www.intrinsec.com/alphv-ransomware-gang-analysis",
"https://unit42.paloaltonetworks.com/blackcat-ransomware/",
"https://www.cyber.gov.au/acsc/view-all-content/advisories/2022-004-acsc-ransomware-profile-alphv-aka-blackcat"
"https://www.cyber.gov.au/acsc/view-all-content/advisories/2022-004-acsc-ransomware-profile-alphv-aka-blackcat",
"https://www.microsoft.com/en-us/security/blog/2022/06/13/the-many-lives-of-blackcat-ransomware/"
],
"synonyms": [
"ALPHV",
@ -24724,7 +24725,7 @@
"ransomnotes": [
"Your data are stolen and encrypted\nThe data will be published on TOR website if you do not pay the ransom\nYou can contact us and decrypt one file for free on this TOR site (you should download and install TOR browser first https://torproject.org) https://aazsbsgya565y1u2c6Lay6yfiebkcbtvvcytyolt33s77xypi7nypxyd.onion/ \n\nYour company id for log in: [REDACTED]"
],
"ransomnotes-files": [
"ransomnotes-filenames": [
"readme.txt"
],
"ransomnotes-refs": [

43
clusters/threat-actor.json
View File

@ -9943,7 +9943,48 @@
},
"uuid": "171d0590-be92-443f-addb-af5dc2a8034d",
"value": "Evasive Panda"
},
{
"description": "A Russia-linked threat actor tracked as TAG-53 is running phishing campaigns impersonating various defense, aerospace, and logistic companies, according to The Record by Recorded Future. Recorded Futures Insikt Group identified overlaps with a threat actor tracked by other companies as Callisto Group, COLDRIVER, and SEABORGIUM.",
"meta": {
"refs": [
"https://blog.knowbe4.com/russian-threat-actor-impersonates-aerospace-and-defense-companies",
"https://www.recordedfuture.com/exposing-tag-53-credential-harvesting-infrastructure-for-russia-aligned-espionage-operations?utm_campaign=PostBeyond&utm_source=Twitter&utm_medium=359877&utm_term=Exposing+TAG-53%E2%80%99s+Credential+Harvesting+Infrastructure+Used+for+Russia-Aligned+Espionage+Operations",
"https://go.recordedfuture.com/hubfs/reports/cta-2022-1205.pdf"
]
},
"related": [
{
"dest-uuid": "fbd279ab-c095-48dc-ba48-4bece3dd5b0f",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "overlaps"
}
],
"version": 255
"uuid": "e5865ca1-ec95-43e2-954a-d0f3507a9747",
"value": "TAG-53"
},
{
"description": "This group of cybercriminals is named Malteiroby SCILabs, they operate and distribute the URSA/Mispadu banking trojan.",
"meta": {
"refs": [
"https://blog.scilabs.mx/en/cyber-threat-profile-malteiro/",
"https://blog.scilabs.mx/cyber-threat-profile-malteiro/"
]
},
"related": [
{
"dest-uuid": "d27eea57-e55f-40b1-9690-55c2c8500876",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "delivers"
}
],
"uuid": "ba57c28a-47d0-46ba-a933-9aed69f7b84f",
"value": "Malteiro"
}
],
"version": 256
}