MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'master' of https://github.com/MISP/misp-galaxy

pull/386/head
Deborah Servili 2019-04-02 08:21:41 +02:00
parent 272ea3ba4a a0234020bc
commit c69a18c723
2 changed files with 1485 additions and 195 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1677
clusters/ransomware.json
View File

File diff suppressed because one or more lines are too long

3
clusters/threat-actor.json
View File

@ -6634,12 +6634,13 @@
"value": "Operation Comando" "value": "Operation Comando"
}, },
{ {
"description": "On March 17, 2019, 360 Threat Intelligence Center captured a target attack sample against the Middle East by exploiting WinRAR vulnerability (CVE-2018-20250[6]), and it seems that the attack is carried out by the Goldmouse APT group (APT-C-27). There is a decoy Word document inside the archive regarding terrorist attacks to lure the victim into decompressing. When the archive gets decompressed on the vulnerable computer, the embedded njRAT backdoor (Telegram Desktop.exe) will be extracted to the startup folder and then triggered into execution if the victim restarts the computer or performs re-login. After that, the attacker is capable to control the compromised device.",
"meta": { "meta": {
"refs": [ "refs": [
"https://ti.360.net/blog/articles/apt-c-27-(goldmouse):-suspected-target-attack-against-the-middle-east-with-winrar-exploit-en/" "https://ti.360.net/blog/articles/apt-c-27-(goldmouse):-suspected-target-attack-against-the-middle-east-with-winrar-exploit-en/"
], ],
"synonyms": [ "synonyms": [
"Goldmouse" "GoldMouse"
] ]
}, },
"uuid": "ee7f535d-cc3e-40f3-99f3-c97963cfa250", "uuid": "ee7f535d-cc3e-40f3-99f3-c97963cfa250",