MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [misp-galaxy] updated to the latest version

pull/6/head
Alexandre Dulaunoy 2018-07-31 15:40:44 +02:00
parent bbed22a652
commit 64f6f2e9b1
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
2 changed files with 9519 additions and 9107 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
galaxy.html
View File

@ -107861,12 +107861,35 @@ Talos have identified the samples, with moderate confidence, used in this attack
</tbody>
</table>
</div>
<div class="sect2">
<h3 id="_bisonal"><a class="anchor" href="#_bisonal"></a><a class="link" href="#_bisonal">Bisonal</a></h3>
<div class="paragraph">
<p>In early May, Unit 42 discovered an attack campaign against at least one defense company in Russia and one unidentified organization in South Korea delivering a variant of Bisonal malware. While not previously publicly documented, the variant has been in the wild since at least 2014. There are three primary differences between it and older Bisonal malware including a different cipher and encryption for C2 communication, and a large rewrite of the code for both network communication and maintaining persistence. To date, we have only collected 14 samples of this variant, indicating it may be sparingly used. The adversary behind these attacks lured the targets into launching the Microsoft Windows executable malware by masquerading it as a PDF file (using a fake PDF icon) and reusing publicly available data for the decoy PDF files contents. Attacks using Bisonal have been blogged about in the past. In 2013, both COSEINC and FireEye revealed attacks using Bisonal against Japanese organizations . In October 2017, AhnLab published a report called “Operation Bitter Biscuit,” an attack campaign against South Korea, Japan, India and Russia using Bisonal and its successors, Bioazih and Dexbia.</p>
</div>
<table class="tableblock frame-all grid-all stretch">
<caption class="title">Table 3033. Table References</caption>
<colgroup>
<col style="width: 100%;">
</colgroup>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">Links</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="https://researchcenter.paloaltonetworks.com/2018/07/unit42-bisonal-malware-used-attacks-russia-south-korea/">https://researchcenter.paloaltonetworks.com/2018/07/unit42-bisonal-malware-used-attacks-russia-south-korea/</a></p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="https://camal.coseinc.com/publish/2013Bisonal.pdf">https://camal.coseinc.com/publish/2013Bisonal.pdf</a></p></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</div>
<div id="footer">
<div id="footer-text">
Last updated 2018-07-25 15:11:32 CEST
Last updated 2018-07-31 15:38:35 CEST
</div>
</div>
</body>

18601
galaxy.pdf
View File

File diff suppressed because it is too large Load Diff