Merge branch 'master' of https://github.com/Kafeine/misp-galaxy into Kafeine-master

2018-02-14 11:06:19 +01:00 · 2018-02-14 11:06:19 +01:00 · db2b187bc6
parent 9cfba28d36 bbb76373a5
commit db2b187bc6
3 changed files with 29 additions and 6 deletions
--- a/clusters/exploit-kit.json
+++ b/clusters/exploit-kit.json
@ -322,7 +322,7 @@
    },
    {
      "value": "GrandSoft",
-      "description": "GrandSoft Exploit Kit was a quite common exploit kit used in 2012/2013",
+      "description": "GrandSoft Exploit Kit was a quite common exploit kit used in 2012/2013. Disappeared between march 2014 and September 2017",
      "meta": {
        "refs": [
          "http://malware.dontneedcoffee.com/2013/09/FinallyGrandSoft.html",
@ -333,7 +333,7 @@
          "StampEK",
          "SofosFO"
        ],
-        "status": "Retired - Last seen: 2014-03"
+        "status": "Active"
      }
    },
    {
@ -497,7 +497,7 @@
    },
    {
      "value": "Sakura",
-      "description": "Description Here",
+      "description": "Sakura Exploit Kit appeared in 2012 and was adopted by several big actor",
      "meta": {
        "refs": [
          "http://www.xylibox.com/2012/01/sakura-exploit-pack-10.html"
@ -505,6 +505,17 @@
        "status": "Retired - Last seen: 2013-09"
      }
    },
+	{
+		"value": "SPL",
+		"description": "SPL exploit kit was mainly seen in 2012/2013 most often associated with ZeroAccess and Scareware/FakeAV",
+		"meta": {
+			"refs": ["http://www.malwaresigs.com/2012/12/05/spl-exploit-kit/"],
+			"status": "Retired - Last seen: 2015-04",
+			"synonyms": ["SPL_Data",
+			"SPLNet",
+			"SPL2"],
+		}
+	},
    {
      "value": "Sundown",
      "description": "Sundown Exploit Kit is mainly built out of stolen code from other exploit kits",
@ -570,7 +581,7 @@
      }
    }
  ],
-  "version": 5,
+  "version": 6,
  "uuid": "454f4e78-bd7c-11e6-a4a6-cec0c932ce01",
  "description": "Exploit-Kit is an enumeration of some exploitation kits used by adversaries. The list includes document, browser and router exploit kits.It's not meant to be totally exhaustive but aim at covering the most seen in the past 5 years",
  "authors": [
--- a/clusters/tds.json
+++ b/clusters/tds.json
@ -12,6 +12,18 @@
        ]
      }
    },
+    {
+      "value": "BlackTDS",
+      "description": "BlackTDS is mutualised TDS advertised underground since end of December 2017",
+      "meta": {
+        "refs": [
+          "https://blacktds[.com/"
+        ],
+        "type": [
+          "Underground"
+        ]
+      }
+    },
    {
      "value": "ShadowTDS",
      "description": "ShadowTDS is advertised underground since 2016-02. It's in fact more like a Social Engineering kit focused on Android and embedding a TDS",
@ -91,7 +103,7 @@
      }
    }
  ],
-  "version": 2,
+  "version": 3,
  "uuid": "ab5fffaa-c5f6-11e6-9d9d-cec0c932ce01",
  "description": "TDS is a list of Traffic Direction System used by adversaries",
  "authors": [
--- a/tools/gen.sh
+++ b/tools/gen.sh
@ -1,5 +1,5 @@
 python3 adoc_galaxy.py >a.txt
-asciidoctor a.txt
+asciidoctor -a allow-uri-read a.txt
 asciidoctor-pdf -a allow-uri-read a.txt
 cp a.html ../../misp-website/galaxy.html
 cp a.pdf ../../misp-website/galaxy.pdf