merge pull request 222

2018-06-12 10:58:08 +02:00 · 2018-06-12 10:58:08 +02:00 · d0d54b2751
parent 2bbe386107 25d21204fb
commit d0d54b2751
1 changed files with 34 additions and 1 deletions
--- a/clusters/exploit-kit.json
+++ b/clusters/exploit-kit.json
@ -124,6 +124,28 @@
        "status": "Active"
      },
      "uuid": "489acbf2-d80b-4bb5-ac7d-c8573dcb6324"
+    },
+	  {
+      "value": "ThreadKit",
+      "description": "ThreadKit is the name given to a widely used Microsoft Office document exploit builder kit that appeared in June 2017",
+      "meta": {
+        "refs": [
+          "https://www.proofpoint.com/us/threat-insight/post/unraveling-ThreadKit-new-document-exploit-builder-distribute-The-Trick-Formbook-Loki-Bot-malware"
+        ],
+        "status": "Active"
+      },
+	  "uuid": "b8be783c-69a8-11e8-adc0-fa7ae01bbebc"
+    },
+	{
+      "value": "VenomKit",
+      "description": "VenomKit is the name given to a kit sold since april 2017 as \"Word 1day exploit builder\" by user badbullzvenom. Author allows only use in targeted campaign. Is used for instance by the \"Cobalt Gang\"",
+      "meta": {
+        "refs": [
+          ""
+        ],
+        "status": "Active"
+      },
+	  "uuid": "b8be7af8-69a8-11e8-adc0-fa7ae01bbebc"
    },
    {
      "value": "RIG",
@ -343,6 +365,17 @@
      },
      "uuid": "55a30ccc-8905-4af2-a498-5c0010815cc1"
    },
+    {
+      "value": "Glazunov",
+      "description": "Glazunov is an exploit kit mainly seen behind compromised website in 2012 and 2013. Glazunov compromission is likely the ancestor activity of what became EITest in July 2014. Sibhost and Flimkit later shown similarities with this Exploit Kit",
+      "meta": {
+        "refs": [
+          "https://nakedsecurity.sophos.com/2013/06/24/taking-a-closer-look-at-the-glazunov-exploit-kit/"
+        ],
+	  "status": "Retired - Last seen: maybe end of 2013"
+     },
+      "uuid": "897374fa-6a35-11e8-adc0-fa7ae01bbebc"
+     },
    {
      "value": "GrandSoft",
      "description": "GrandSoft Exploit Kit was a quite common exploit kit used in 2012/2013. Disappeared between march 2014 and September 2017",
@ -628,7 +661,7 @@
      "uuid": "00815961-3249-4e2e-9421-bb57feb73bb2"
    }
  ],
-  "version": 6,
+  "version": 7,
  "uuid": "454f4e78-bd7c-11e6-a4a6-cec0c932ce01",
  "description": "Exploit-Kit is an enumeration of some exploitation kits used by adversaries. The list includes document, browser and router exploit kits.It's not meant to be totally exhaustive but aim at covering the most seen in the past 5 years",
  "authors": [