Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Relations to add #269

Open
Delta-Sierra opened this issue Sep 28, 2018 · 6 comments
Open

Relations to add #269

Delta-Sierra opened this issue Sep 28, 2018 · 6 comments
Assignees
@Delta-Sierra
Labels
S: in progress Status: in progress. Ticket is currently being worked on S: stale Status: stale. This issue has had no activity in a long time, it may not be relevant anymore T: enhancement Type: enhancement. This issue is not a bug, it improves an existing feature

Comments

@Delta-Sierra
Copy link
Contributor

Delta-Sierra commented Sep 28, 2018
edited
Loading

  • Related
    --> Mirai
    --> Mirai Sora
    --> Mirai Owari

  • dropped/dropped-by
    --> Fallout (exploit-kit) - dropped
    --> SmokeLoader (tool) - dropped-by

  • dropped/dropped-by
    --> Fallout (exploit-kit) - dropped
    --> Kraken Cryptor Ransomware (ransomware -should be added-) - dropped-by

  • dropped/dropped-by
    --> Fallout (exploit-kit) - dropped
    --> Smoke Loader (mitre-entreprise-malware) - dropped-by

  • dropped/dropped-by
    --> Fallout (exploit-kit) - dropped
    --> GandCrab Ransomware (ransomware) - dropped-by

  • dropped/dropped-by
    --> Fallout (exploit-kit) - dropped
    --> SAVEfiles (ransomware) - dropped-by

  • uses/used-by
    --> APT28 (threat-actor) - uses
    --> LoJax (tool) - used-by

  • variant-of
    --> BankBot (android)
    --> Razdel (android or banking - galaxy to choose)
@Delta-Sierra Delta-Sierra self-assigned this Sep 28, 2018
@Delta-Sierra
Copy link
Contributor Author

Self-reminder (can be moved): Might be interesting to find a easy way to manage reciprocal relationships, such as dropped(dropper)/dropped-by or uses/used-by for instance

@Delta-Sierra
Copy link
Contributor Author

  • dropped/dropped-by
    --> Fallout (exploit-kit) - dropped
    --> CoalaBot (tool -to add-) - dropped-by

@Delta-Sierra
Copy link
Contributor Author

Delta-Sierra commented Oct 10, 2018
edited
Loading

  • dropped/dropped-by
    --> Fallout (exploit-kit) - dropped
    --> SAVEFiles (ransomware) - dropped-by

  • variant-of
    --> Panda Banker (Banker)
    --> Zeus (Banker)

ref: https://www.bleepingcomputer.com/news/security/new-backdoor-ties-notpetya-and-industroyer-to-telebots-group/

  • uses/used-by
    --> TeleBots Group
    --> NotPetya

  • uses/used-by
    --> TeleBots Group
    --> Industroyer

  • uses/used-by
    --> TA530
    --> August (tool)

  • variant-of
    --> File-Locker (ransomware)
    --> Hidden Tear (ransomware)

@Delta-Sierra
Copy link
Contributor Author

Delta-Sierra commented Nov 7, 2018
edited
Loading

ref: https://www.bleepingcomputer.com/news/security/hookads-malvertising-installing-malware-via-the-fallout-exploit-kit/

  • uses/used-by
    --> HookAds
    --> Fallout

  • dropped/dropped-by
    --> Fallout (exploit-kit) - dropped
    --> DanaBot banking Trojan - dropped-by

  • dropped/dropped-by
    --> Fallout (exploit-kit) - dropped
    --> Nocturnal information stealer - dropped-by

  • dropped/dropped-by
    --> Fallout (exploit-kit) - dropped
    --> GlobeImposter ransomware - dropped-by

  • Possibly related:
    --> EnyBeny Nuclear Ransomware
    --> EnyBeny Horsuke Ransomware

  • probably related
    --> EQ ransomware
    --> Globeimposter

  • uses/used-by
    --> TA505 (threat actor) - uses
    --> ServHelper backdoor - used-by

  • uses/used-by
    --> TA505 (threat actor) - uses
    --> FlawedGrace remote access trojan (RAT) - used-by

  • is part of (?)
    --> Lazarus Group - contains
    --> STARDUST CHOLLIMA - is part of

APT10
Associated malware: HAYMAKER, SNUGRIDE, BUGJUICE, QUASARRAT

Princess Ransomware
Variant --> Princess Evolution

Razdel is BankBot variant

@SteveClement
Copy link
Member

@Delta-Sierra could you label this accordingly, it seems to be WiP of some sorts?

@Delta-Sierra
Copy link
Contributor Author

This can be considered as WIP indeed. Or a kind of memo.

@Delta-Sierra Delta-Sierra added the S: in progress Status: in progress. Ticket is currently being worked on label Feb 12, 2019
@enjeck enjeck added S: stale Status: stale. This issue has had no activity in a long time, it may not be relevant anymore T: enhancement Type: enhancement. This issue is not a bug, it improves an existing feature labels Nov 18, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Delta-Sierra Delta-Sierra

Labels
S: in progress Status: in progress. Ticket is currently being worked on S: stale Status: stale. This issue has had no activity in a long time, it may not be relevant anymore T: enhancement Type: enhancement. This issue is not a bug, it improves an existing feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@SteveClement @Delta-Sierra @enjeck