+disdain+captainblack-Neutrino

2017-08-15 20:53:41 +02:00 · 2017-08-15 20:53:41 +02:00 · bde18d917f
parent a39dde6dba
commit bde18d917f
1 changed files with 30 additions and 19 deletions
--- a/clusters/exploit-kit.json
+++ b/clusters/exploit-kit.json
@ -64,6 +64,13 @@
 		"status": "Active"
       }
    }
+,{
+      "value": "Disdain",
+      "description": "Disdain EK has been introduced on underground forum on 2017-08-07. The panel is stolen from Sundown, the pattern are Terror alike and the obfuscation reminds Nebula",
+      "meta": {
+		"status": "Active"
+       }
+    }
 ,

    {
@ -108,23 +115,6 @@
 		"status": "Active"
       }
    }
-,
-    { "value": "Neutrino",
-      "description": "Neutrino Exploit Kit has been one of the major exploit kit from its launch in 2013 till september 2016 when it become private (defense name for this variation is Neutrino-v). This EK vanished from  march 2014 till november 2014.",
-      "meta": {
-        "refs": [
-          "http://malware.dontneedcoffee.com/2013/03/hello-neutrino-just-one-more-exploit-kit.html",
-          "http://malware.dontneedcoffee.com/2014/11/neutrino-come-back.html"
-        ],
-        "synonyms": [
-          "Job314",
-          "Neutrino Rebooted",
-		  "Neutrino-v"
-        ]		
-		,
-		"status": "Active"
-       }
-    }
 ,
    { "value": "RIG",
      "description": "RIG is an exploit kit that takes its source in Infinity EK itself an evolution of Redkit. It became dominant after the fall of Angler, Nuclear Pack and the end of public access to Neutrino. RIG-v is the name given to RIG 4 when it was only accessible by \"vip\" customers and when RIG 3 was still in use.",
@ -157,10 +147,14 @@
    },
 	      {
      "value": "Sundown-P",
-      "description": "Sundown-P/Sundown-Pirate is a rip of Sundown seen used in a private way (One group using it only) - First spotted at the end of June 2017",
+      "description": "Sundown-P/Sundown-Pirate is a rip of Sundown seen used in a private way (One group using it only) - First spotted at the end of June 2017, branded as CaptainBlack in August 2017",
      "meta": {
        "refs": [
-          "http://blog.trendmicro.com/trendlabs-security-intelligence/[LinkSoon]"
+          "http://blog.trendmicro.com/trendlabs-security-intelligence/promediads-malvertising-sundown-pirate-exploit-kit/"
+        ],
+	"synonyms": [
+          "Sundown-Pirate",
+          "CaptainBlack"		
        ],
        "status": "Active"
      }
@ -411,6 +405,23 @@
       }
    }
 	  ,
+	  { "value": "Neutrino",
+      "description": "Neutrino Exploit Kit has been one of the major exploit kit from its launch in 2013 till september 2016 when it become private (defense name for this variation is Neutrino-v). This EK vanished from  march 2014 till november 2014.",
+      "meta": {
+        "refs": [
+          "http://malware.dontneedcoffee.com/2013/03/hello-neutrino-just-one-more-exploit-kit.html",
+          "http://malware.dontneedcoffee.com/2014/11/neutrino-come-back.html"
+        ],
+        "synonyms": [
+          "Job314",
+          "Neutrino Rebooted",
+	  "Neutrino-v"
+        ]		
+		,
+		"status": "Retired - Last seen 2017-04-10"
+       }
+    }
+,
    {
      "value": "Niteris",
      "description": "Niteris was used mainly to target Russian.",