misp-galaxy Relations to add

Related --> Mirai --> Mirai Sora --> Mirai Owari
dropped/dropped-by --> Fallout (exploit-kit) - dropped --> SmokeLoader (tool) - dropped-by
dropped/dropped-by --> Fallout (exploit-kit) - dropped --> Kraken Cryptor Ransomware (ransomware -should be added-) - dropped-by
dropped/dropped-by --> Fallout (exploit-kit) - dropped --> Smoke Loader (mitre-entreprise-malware) - dropped-by
dropped/dropped-by --> Fallout (exploit-kit) - dropped --> GandCrab Ransomware (ransomware) - dropped-by
dropped/dropped-by --> Fallout (exploit-kit) - dropped --> SAVEfiles (ransomware) - dropped-by
uses/used-by --> APT28 (threat-actor) - uses --> LoJax (tool) - used-by
variant-of --> BankBot (android) --> Razdel (android or banking - galaxy to choose)

Sep 28 '18 08:09 Delta-Sierra

Self-reminder (can be moved): Might be interesting to find a easy way to manage reciprocal relationships, such as dropped(dropper)/dropped-by or uses/used-by for instance

Sep 28 '18 08:09 Delta-Sierra

dropped/dropped-by --> Fallout (exploit-kit) - dropped --> CoalaBot (tool -to add-) - dropped-by

Oct 05 '18 07:10 Delta-Sierra

dropped/dropped-by --> Fallout (exploit-kit) - dropped --> SAVEFiles (ransomware) - dropped-by
variant-of --> Panda Banker (Banker) --> Zeus (Banker)

ref: https://www.bleepingcomputer.com/news/security/new-backdoor-ties-notpetya-and-industroyer-to-telebots-group/

uses/used-by --> TeleBots Group --> NotPetya
uses/used-by --> TeleBots Group --> Industroyer
uses/used-by --> TA530 --> August (tool)

variant-of --> File-Locker (ransomware) --> Hidden Tear (ransomware)

Oct 10 '18 09:10 Delta-Sierra

uses/used-by --> APT 10 --> Quasar RAT
Related (probably) --> MVP Ransomware --> Scarab Ransomware ref: https://twitter.com/siri_urz/status/1039077365039673344
Related --> Scarab-DiskDoctor (Ransomware) --> Scarab (Ransomware)

ref: https://www.bleepingcomputer.com/news/security/hookads-malvertising-installing-malware-via-the-fallout-exploit-kit/

uses/used-by --> HookAds --> Fallout
dropped/dropped-by --> Fallout (exploit-kit) - dropped --> DanaBot banking Trojan - dropped-by
dropped/dropped-by --> Fallout (exploit-kit) - dropped --> Nocturnal information stealer - dropped-by
dropped/dropped-by --> Fallout (exploit-kit) - dropped --> GlobeImposter ransomware - dropped-by

Possibly related: --> EnyBeny Nuclear Ransomware --> EnyBeny Horsuke Ransomware
probably related --> EQ ransomware --> Globeimposter

uses/used-by --> TA505 (threat actor) - uses --> ServHelper backdoor - used-by
uses/used-by --> TA505 (threat actor) - uses --> FlawedGrace remote access trojan (RAT) - used-by

is part of (?) --> Lazarus Group - contains --> STARDUST CHOLLIMA - is part of

APT10 Associated malware: HAYMAKER, SNUGRIDE, BUGJUICE, QUASARRAT

Princess Ransomware Variant --> Princess Evolution

Razdel is BankBot variant

Nov 07 '18 10:11 Delta-Sierra

@Delta-Sierra could you label this accordingly, it seems to be WiP of some sorts?

Feb 04 '19 07:02 SteveClement

This can be considered as WIP indeed. Or a kind of memo.

Feb 12 '19 09:02 Delta-Sierra

misp-galaxy misp-galaxy copied to clipboard

Relations to add

Princess Ransomware Variant --> Princess Evolution

misp-galaxy
misp-galaxy copied to clipboard