8000 add Quant Loader by Delta-Sierra · Pull Request #135 · MISP/misp-galaxy · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

add Quant Loader #135

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Dec 14, 2017
Merged

add Quant Loader #135

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
8836dfd
add Quant Loader
Delta-Sierra Dec 13, 2017
a2deaed
add cryptomix variant
Delta-Sierra Dec 14, 2017
901d624
add SSHDoor
Delta-Sierra Dec 14, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 6 additions & 3 deletions clusters/ransomware.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5022,7 +5022,8 @@
".EMPTY",
".0000",
".XZZX",
".TEST"
".TEST",
".WORK"
],
"ransomnotes": [
"HELP_YOUR_FILES.html (CryptXXX)",
Expand All @@ -5034,7 +5035,8 @@
"Hello!\n\nAttention! All Your data was encrypted!\n\nFor specific informartion, please send us an email with Your ID number:\n\nempty01@techmail.info\n\nempty02@yahooweb.co\n\nempty003@protonmail.com\n\nWe will help You as soon as possible!\n\nDECRYPT-ID-[id] number",
"Hello!\n\nAttention! All Your data was encrypted!\n\nFor specific informartion, please send us an email with Your ID number:\n\ny0000@tuta.io\n\ny0000@protonmail.com\n\ny0000z@yandex.com\n\ny0000s@yandex.com\n\nPlease send email to all email addresses! We will help You as soon as possible!\n\nDECRYPT-ID-[id]",
"Hello!\n\nAttention! All Your data was encrypted!\n\nFor specific informartion, please send us an email with Your ID number:\n\nxzzx@tuta.io\n\nxzzx1@protonmail.com\n\nxzzx10@yandex.com\n\nxzzx101@yandex.com\n\nPlease send email to all email addresses! We will help You as soon as possible!\n\nDECRYPT-ID-[id] number",
"Hello!\n\nAttention! All Your data was encrypted!\n\nFor specific informartion, please send us an email with Your ID number:\n\ntest757@tuta.io\n\ntest757@protonmail.com\n\ntest757xz@yandex.com\n\ntest757xy@yandex.com\n\ntest757@consultant.com\n\nPlease send email to all email addresses! We will help You as soon as possible!\n\nIMPORTANT: DO NOT USE ANY PUBLIC SOFTWARE! IT MAY DAMAGE YOUR DATA FOREVER!\n\nDECRYPT-ID-[id] number"
"Hello!\n\nAttention! All Your data was encrypted!\n\nFor specific informartion, please send us an email with Your ID number:\n\ntest757@tuta.io\n\ntest757@protonmail.com\n\ntest757xz@yandex.com\n\ntest757xy@yandex.com\n\ntest757@consultant.com\n\nPlease send email to all email addresses! We will help You as soon as possible!\n\nIMPORTANT: DO NOT USE ANY PUBLIC SOFTWARE! IT MAY DAMAGE YOUR DATA FOREVER!\n\nDECRYPT-ID-[id] number",
"Attention! All Your data was encrypted!\n\nFor specific informartion, please send us an email with Your ID number:\n\nworknow@keemail.me\n\nworknow@protonmail.com\n\nworknow8@yandex.com\n\nworknow9@yandex.com\n\nworknow@techie.com\n\nPlease send email to all email addresses! We will help You as soon as possible!\n\nIMPORTANT: DO NOT USE ANY PUBLIC SOFTWARE! IT MAY DAMAGE YOUR DATA FOREVER!\n\nDECRYPT-ID-[id] number"
],
"refs": [
"http://www.nyxbone.com/malware/CryptoMix.html",
Expand All @@ -5043,7 +5045,8 @@
"https://www.bleepingcomputer.com/news/security/new-empty-cryptomix-ransomware-variant-released/",
"https://www.bleepingcomputer.com/news/security/0000-cryptomix-ransomware-variant-released/",
"https://www.bleepingcomputer.com/news/security/xzzx-cryptomix-ransomware-variant-released/",
"https://www.bleepingcomputer.com/news/security/test-cryptomix-ransomware-variant-released/"
"https://www.bleepingcomputer.com/news/security/test-cryptomix-ransomware-variant-released/",
"https://www.bleepingcomputer.com/news/security/work-cryptomix-ransomware-variant-released/"
]
}
},
Expand Down
21 changes: 20 additions & 1 deletion clusters/tool.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
],
"description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
"uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
"version": 41,
"version": 43,
"values": [
{
"meta": {
Expand Down Expand Up @@ -3114,6 +3114,25 @@
"https://www.group-ib.com/blog/moneytaker"
]
}
},
{
"value": "Quant Loader",
"description": "Described as a \"professional exe loader / dll dropper\" Quant Loader is in fact a very basic trojan downloader. It began being advertised on September 1, 2016 on various Russian underground forums.",
"meta": {
"refs": [
"https://www.bleepingcomputer.com/news/security/quant-loader-is-now-bundled-with-other-crappy-malware/",
"https://blogs.forcepoint.com/security-labs/locky-distributor-uses-newly-released-quant-loader-sold-russian-underground"
]
}
},
{
"value": "SSHDoor",
"description": "The Secure Shell Protocol (SSH) is a very popular protocol used for secure data communication. It is widely used in the Unix world to manage remote servers, transfer files, etc. The modified SSH daemon described here, Linux/SSHDoor.A, is designed to steal usernames and passwords and allows remote access to the server via either an hardcoded password or SSH key.",
"meta": {
"refs": [
"https://www.welivesecurity.com/2013/01/24/linux-sshdoor-a-backdoored-ssh-daemon-that-steals-passwords/"
]
}
}
]
}
0