merge

2022-11-22 12:43:18 +01:00 · 2022-11-22 12:43:18 +01:00 · c02b74f999
parent ffc68b9b8f fe32cb4288
commit c02b74f999
6 changed files with 62664 additions and 7 deletions
--- a/clusters/botnet.json
+++ b/clusters/botnet.json
@ -1392,6 +1392,16 @@
      ],
      "uuid": "505c6a54-a701-4a4b-85d4-0f2038b7b46a",
      "value": "Dark.IoT"
+    },
+    {
+      "description": "Akamai Security Research has observed a new golang malware which they named KmsdBot. The malware scans for open SSH ports and performs a simple dictionary attack against it. The researchers from Akamai monitored only DDoS activity, but discovered also the functionality to launch cryptomining. The malware has varied targets including the gaming industry, technology industry, and luxury car manufacturers.",
+      "meta": {
+        "refs": [
+          "https://www.akamai.com/blog/security-research/kmdsbot-the-attack-and-mine-malware"
+        ]
+      },
+      "uuid": "b6919400-9b16-48ae-8379-fab26a506e32",
+      "value": "KmsdBot"
    }
  ],
  "version": 29
--- a/clusters/handicap.json
+++ b/clusters/handicap.json
@ -5,9 +5,9 @@
  ],
  "category": "med-bdm-it",
  "description": "Liste des maladies invalidantes reconnues comme handicap",
-  "name": "handicap",
+  "name": "Handicap",
  "source": "MDPH /caf",
-  "type": "Handicap",
+  "type": "handicap",
  "uuid": "84310ba3-fa6a-44aa-b378-b9e3271c7777",
  "values": [
    {
@ -272,5 +272,5 @@
      "value": "Tumeur maligne"
    }
  ],
-  "version": 1
+  "version": 2
 }
--- a/clusters/sigma-rules.json
+++ b/clusters/sigma-rules.json
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -9911,6 +9911,36 @@
      },
      "uuid": "906e2091-cc32-499e-a799-2b9b15e45042",
      "value": "BazarCall"
+    },
+    {
+      "description": "Evasive Panda is an APT group that has been active since at least 2012, conducting cyberespionage targeting individuals, government institutions and organizations.",
+      "meta": {
+        "attribution-confidence": "50",
+        "cfr-suspected-state-sponsor": "China",
+        "cfr-suspected-victims": [
+          "Hong Kong",
+          "India",
+          "Malaysia",
+          "Taiwan"
+        ],
+        "cfr-target-category": [
+          "Government",
+          "Individuals",
+          "Universities"
+        ],
+        "cfr-type-of-incident": "Espionage",
+        "country": "CN",
+        "refs": [
+          "https://blog.malwarebytes.com/threat-analysis/2020/07/chinese-apt-group-targets-india-and-hong-kong-using-new-variant-of-mgbot-malware/",
+          "https://vb2020.vblocalhost.com/uploads/VB2020-43.pdf",
+          "https://www.virusbulletin.com/virusbulletin/2014/02/needle-haystack"
+        ],
+        "synonym": [
+          "BRONZE HIGHLAND"
+        ]
+      },
+      "uuid": "171d0590-be92-443f-addb-af5dc2a8034d",
+      "value": "Evasive Panda"
    }
  ],
  "version": 253
--- a/galaxies/handicap.json
+++ b/galaxies/handicap.json
@ -1,9 +1,9 @@
 {
  "description": "Handicap classifying",
-  "icon": "android",
-  "name": "handicap",
+  "icon": "wheelchair",
+  "name": "Handicap",
  "namespace": "misp",
-  "type": "Handi",
+  "type": "handicap",
  "uuid": "84310ba3-fa6a-44aa-b378-b9e3271c7777",
-  "version": 1
+  "version": 2
 }
--- a/galaxies/sigma-rules.json
+++ b/galaxies/sigma-rules.json
@ -0,0 +1,9 @@
+{
+  "description": "Sigma Rules are used to detect suspicious behaviors related to threat actors, malware and tools",
+  "icon": "link",
+  "name": "Sigma-Rules",
+  "namespace": "misp",
+  "type": "sigma-rules",
+  "uuid": "9cf7cd2e-d5f1-48c4-9909-7896ba1c96b2",
+  "version": 1
+}