MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

Gutemberg on first 10

pull/30/head
Thanat0s 2017-02-23 10:14:18 +01:00
parent 644e429110
commit b75e9cf59d
1 changed files with 173 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

115
clusters/tool.json
View File

@ -2,21 +2,64 @@
"values": [ "values": [
{ {
"value" : "PlugX", "value" : "PlugX",
"description": "Malware" "description" : "Malware",
"meta" : {
"refs" : [
"https://www.trendmicro.com/vinfo/us/threat-encyclopedia/web-attack/112/pulling-the-plug-on-plugx"
],
"synonyms" : [
"W32/Backdoor.FSZO-5117",
"Gen:Trojan.Heur.JP.juW@ayZZvMb",
"Trojan.Inject1.6386",
"Win32/Korplug.A",
"Trojan.Win32.Korplug",
"Backdoor/Win32.Plugx",
"Backdoor.Win32.Agent.dhwf",
"W32/Korplug.CH!tr"
],
"category" : [
"rat"
]
}
}, },
{ {
"value": "MSUpdater" "value" : "MSUpdater",
"description" : " Trojan (RAT) linked to current targeted attacks and others dating back to at least early 2009",
"meta" : {
"refs" : [
"https://www.zscaler.com/pdf/whitepapers/msupdater_trojan_whitepaper.pdfx"
],
"category" : [
"rat"
]
}
}, },
{ {
"value" : "Lazagne", "value" : "Lazagne",
"description": "A password recovery tool regularly used by attackers" "description" : "A password sthealing tool regularly used by attackers",
"meta" : {
"refs" : [
"https://github.com/AlessandroZ/LaZagne"
],
"category" : [
"tool"
]
}
}, },
{ {
"value" : "Poison Ivy", "value" : "Poison Ivy",
"description" : "Poison Ivy is a RAT which was freely available and first released in 2005.", "description" : "Poison Ivy is a RAT which was freely available and first released in 2005.",
"meta" : { "meta" : {
"refs" : [ "refs" : [
"https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-poison-ivy.pdf" "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-poison-ivy.pdf",
"https://www.f-secure.com/v-descs/backdoor_w32_poisonivy.shtml"
],
"synonyms" : [
"Backdoor.Win32.PoisonIvy",
"Gen:Trojan.Heur.PT"
],
"category" : [
"rat"
] ]
} }
}, },
@ -26,11 +69,25 @@
"meta" : { "meta" : {
"refs" : [ "refs" : [
"http://researchcenter.paloaltonetworks.com/2016/04/unit42-new-poison-ivy-rat-variant-targets-hong-kong-pro-democracy-activists/" "http://researchcenter.paloaltonetworks.com/2016/04/unit42-new-poison-ivy-rat-variant-targets-hong-kong-pro-democracy-activists/"
],
"category" : [
"rat"
] ]
} }
}, },
{ {
"value": "Torn RAT" "value" : "Torn RAT",
"meta" : {
"refs" : [
"https://www.crowdstrike.com/blog/whois-anchor-panda/"
],
"synonyms" : [
"Anchor Panda"
],
"category" : [
"rat"
]
}
}, },
{ {
"value" : "OzoneRAT", "value" : "OzoneRAT",
@ -41,39 +98,77 @@
"synonyms" : [ "synonyms" : [
"Ozone RAT", "Ozone RAT",
"ozonercp" "ozonercp"
],
"category" : [
"rat"
] ]
} }
}, },
{ {
"value": "ZeGhost" "value" : "ZeGhost",
"description" : "ZeGhots is a RAT which was freely available and first released in 2014.",
"meta" : {
"refs" : [
"https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Backdoor%3aWin32%2fZegost.BW"
],
"synonyms" : [
"BackDoor-FBZT!52D84425CDF2",
"Trojan.Win32.Staser.ytq",
"Win32/Zegost.BW"
],
"category" : [
"rat"
]
}
}, },
{ {
"value" : "Elise Backdoor", "value" : "Elise Backdoor",
"description" : " Trojan (RAT) linked to current targeted attacks and others dating back to at least early 2009",
"meta" : { "meta" : {
"refs" : [
"http://thehackernews.com/2015/08/elise-malware-hacking.html"
],
"synonyms" : [ "synonyms" : [
"Elise" "Elise"
],
"category" : [
"dropper",
"stealer"
] ]
} }
}, },
{ {
"value" : "Trojan.Laziok", "value" : "Trojan.Laziok",
"description" : "A new information stealer, Trojan.Laziok, acts as a reconnaissance tool allowing attackers to gather information and tailor their attack methods for each compromised computer.",
"meta" : { "meta" : {
"refs" : [
"http://www.symantec.com/connect/blogs/new-reconnaissance-threat-trojanlaziok-targets-energy-sector"
],
"synonyms" : [ "synonyms" : [
"Laziok" "Laziok"
], ],
"refs": [ "category" : [
"http://www.symantec.com/connect/blogs/new-reconnaissance-threat-trojanlaziok-targets-energy-sector" "stealer",
"reco"
] ]
}, }
"description": "A new information stealer, Trojan.Laziok, acts as a reconnaissance tool allowing attackers to gather information and tailor their attack methods for each compromised computer."
}, },
{ {
"value" : "Slempo", "value" : "Slempo",
"description" : "Android-based malware", "description" : "Android-based malware",
"meta" : { "meta" : {
"refs" : [
"https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/"
],
"synonyms" : [ "synonyms" : [
"GM-Bot", "GM-Bot",
"SlemBunk",
"Bankosy",
"Acecard" "Acecard"
],
"category" : [
"spyware",
"android"
] ]
} }
}, },