mirror of https://github.com/MISP/misp-galaxy
Merge pull request #751 from r0ny123/vicious-panda
Merge microcin/sixlittlemonkeys to vicious pandapull/752/head
commit
cf4e5c8cf0
|
@ -5657,23 +5657,6 @@
|
||||||
"uuid": "7d78ec00-dfdc-4a80-a4da-63f1ae63bd7f",
|
"uuid": "7d78ec00-dfdc-4a80-a4da-63f1ae63bd7f",
|
||||||
"value": "MoneyTaker"
|
"value": "MoneyTaker"
|
||||||
},
|
},
|
||||||
{
|
|
||||||
"description": "We’re already used to the fact that complex cyberattacks use 0-day vulnerabilities, bypassing digital signature checks, virtual file systems, non-standard encryption algorithms and other tricks. Sometimes, however, all of this may be done in much simpler ways, as was the case in the malicious campaign that we detected a while ago – we named it ‘Microcin’ after microini, one of the malicious components used in it.",
|
|
||||||
"meta": {
|
|
||||||
"refs": [
|
|
||||||
"https://securelist.com/a-simple-example-of-a-complex-cyberattack/82636/",
|
|
||||||
"https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07170759/Microcin_Technical_4PDF_eng_final_s.pdf",
|
|
||||||
"https://securelist.com/apt-trends-report-q2-2019/91897/",
|
|
||||||
"https://www.welivesecurity.com/2020/05/14/mikroceen-spying-backdoor-high-profile-networks-central-asia/",
|
|
||||||
"https://decoded.avast.io/luigicamastra/apt-group-planted-backdoors-targeting-high-profile-networks-in-central-asia/"
|
|
||||||
],
|
|
||||||
"synonyms": [
|
|
||||||
"SixLittleMonkeys"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"uuid": "0a6b31cd-54cd-4f82-9b87-aab780604632",
|
|
||||||
"value": "Microcin"
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
"description": "Lookout and Electronic Frontier Foundation (EFF) have discovered Dark Caracal, a persistent and prolific actor, who at the time of writing is believed to be administered out of a building belonging to the Lebanese General Security Directorate in Beirut. At present, we have knowledge of hundreds of gigabytes of exfiltrated data, in 21+ countries, across thousands of victims. Stolen data includes enterprise intellectual property and personally identifiable information.",
|
"description": "Lookout and Electronic Frontier Foundation (EFF) have discovered Dark Caracal, a persistent and prolific actor, who at the time of writing is believed to be administered out of a building belonging to the Lebanese General Security Directorate in Beirut. At present, we have knowledge of hundreds of gigabytes of exfiltrated data, in 21+ countries, across thousands of victims. Stolen data includes enterprise intellectual property and personally identifiable information.",
|
||||||
"meta": {
|
"meta": {
|
||||||
|
@ -9768,11 +9751,19 @@
|
||||||
"country": "CN",
|
"country": "CN",
|
||||||
"refs": [
|
"refs": [
|
||||||
"https://securelist.com/microcin-is-here/97353",
|
"https://securelist.com/microcin-is-here/97353",
|
||||||
|
"https://securelist.com/a-simple-example-of-a-complex-cyberattack/82636",
|
||||||
"https://decoded.avast.io/luigicamastra/apt-group-planted-backdoors-targeting-high-profile-networks-in-central-asia",
|
"https://decoded.avast.io/luigicamastra/apt-group-planted-backdoors-targeting-high-profile-networks-in-central-asia",
|
||||||
"https://www.welivesecurity.com/2020/05/14/mikroceen-spying-backdoor-high-profile-networks-central-asia",
|
"https://www.welivesecurity.com/2020/05/14/mikroceen-spying-backdoor-high-profile-networks-central-asia",
|
||||||
"https://research.checkpoint.com/2020/vicious-panda-the-covid-campaign",
|
"https://research.checkpoint.com/2020/vicious-panda-the-covid-campaign",
|
||||||
"https://unit42.paloaltonetworks.com/unit42-threat-actors-target-government-belarus-using-cmstar-trojan",
|
"https://unit42.paloaltonetworks.com/unit42-threat-actors-target-government-belarus-using-cmstar-trojan",
|
||||||
"https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07170759/Microcin_Technical_4PDF_eng_final_s.pdf"
|
"https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07170759/Microcin_Technical_4PDF_eng_final_s.pdf",
|
||||||
|
"https://securelist.com/apt-trends-report-q2-2019/91897",
|
||||||
|
"https://securelist.com/apt-trends-report-q2-2020/97937",
|
||||||
|
"https://securelist.com/it-threat-evolution-q2-2020/98230",
|
||||||
|
"https://securelist.com/apt-trends-report-q3-2021/104708"
|
||||||
|
],
|
||||||
|
"synonyms": [
|
||||||
|
"SixLittleMonkeys"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"uuid": "68d8c25b-8595-4c20-a5c7-a11a2a34b717",
|
"uuid": "68d8c25b-8595-4c20-a5c7-a11a2a34b717",
|
||||||
|
|
|
@ -8484,7 +8484,33 @@
|
||||||
},
|
},
|
||||||
"uuid": "f43a3828-a3b6-11ec-80e1-55a8e5815c2c",
|
"uuid": "f43a3828-a3b6-11ec-80e1-55a8e5815c2c",
|
||||||
"value": "BadPotato"
|
"value": "BadPotato"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "A simple RAT used by Vicious Panda",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://securelist.com/microcin-is-here/97353",
|
||||||
|
"https://securelist.com/a-simple-example-of-a-complex-cyberattack/82636",
|
||||||
|
"https://decoded.avast.io/luigicamastra/apt-group-planted-backdoors-targeting-high-profile-networks-in-central-asia",
|
||||||
|
"https://www.welivesecurity.com/2020/05/14/mikroceen-spying-backdoor-high-profile-networks-central-asia",
|
||||||
|
"https://research.checkpoint.com/2020/vicious-panda-the-covid-campaign"
|
||||||
|
],
|
||||||
|
"synonyms": [
|
||||||
|
"Mikroceen"
|
||||||
|
],
|
||||||
|
"type": [
|
||||||
|
"RAT"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"related": [
|
||||||
|
{
|
||||||
|
"dest-uuid": "68d8c25b-8595-4c20-a5c7-a11a2a34b717",
|
||||||
|
"type": "used-by"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 150
|
"uuid": "7d17dabf-a68e-4eda-a18f-26868ced8e73",
|
||||||
|
"value": "Microcin"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"version": 151
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue