mirror of https://github.com/MISP/misp-galaxy
chg: [stealer] Adds DarkCloud and BluStealer
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>pull/813/head
parent
150e3152cc
commit
ca635cc3fc
|
@ -166,7 +166,46 @@
|
|||
],
|
||||
"uuid": "d410b534-07a4-4190-b253-f6616934bea6",
|
||||
"value": "WorldWind"
|
||||
},
|
||||
{
|
||||
"description": "Avast describe this malware as a recombination of other malware including SpyEx, ThunderFox, ChromeRecovery, StormKitty, and firepwd.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://malpedia.caad.fkie.fraunhofer.de/details/win.blustealer",
|
||||
"https://blogs.blackberry.com/en/2022/05/dot-net-stubs-sowing-the-seeds-of-discord",
|
||||
"https://minerva-labs.com/blog/a-new-blustealer-loader-uses-direct-syscalls-to-evade-edrs/",
|
||||
"https://blogs.blackberry.com/en/2021/10/threat-thursday-blustealer-infostealer",
|
||||
"https://www.gosecure.net/blog/2021/09/22/gosecure-titan-labs-technical-report-blustealer-malware-threat/",
|
||||
"https://decoded.avast.io/anhho/blustealer/",
|
||||
"https://twitter.com/GoSecure_Inc/status/1437435265350397957"
|
||||
]
|
||||
},
|
||||
"synonyms": [
|
||||
"a310logger"
|
||||
],
|
||||
"uuid": "ac565486-89c1-4984-9bee-9202d8a5134d",
|
||||
"value": "BluStealer"
|
||||
},
|
||||
{
|
||||
"description": "Stealer is written in Visual Basic.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://malpedia.caad.fkie.fraunhofer.de/details/win.darkcloud",
|
||||
"https://c3rb3ru5d3d53c.github.io/malware-blog/darkcloud-stealer/"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
{
|
||||
"dest-uuid": "ac565486-89c1-4984-9bee-9202d8a5134d",
|
||||
"tags": [
|
||||
"estimative-language:likelihood-probability=\"very-likely\""
|
||||
],
|
||||
"type": "variant-of"
|
||||
}
|
||||
],
|
||||
"uuid": "e550f534-dc8b-4f94-a276-ce3d5d9c8115",
|
||||
"value": "DarkCloud Stealer"
|
||||
}
|
||||
],
|
||||
"version": 9
|
||||
"version": 10
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue