mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-27 01:07:18 +00:00
Merge pull request #293 from Delta-Sierra/master
add Operation EvilTraffic
This commit is contained in:
commit
2465235817
2 changed files with 26 additions and 2 deletions
|
@ -1136,7 +1136,17 @@
|
||||||
],
|
],
|
||||||
"uuid": "e3e91fe2-c7ce-11e8-8e85-6bc15cd2a63c",
|
"uuid": "e3e91fe2-c7ce-11e8-8e85-6bc15cd2a63c",
|
||||||
"value": "Persirai"
|
"value": "Persirai"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "Since early September, SophosLabs has been monitoring an increasingly prolific attack targeting Internet-facing SSH servers on Linux-based systems that has been dropping a newly-discovered family of denial-of-service bots we’re calling Chalubo. The attackers encrypt both the main bot component and its corresponding Lua script using the ChaCha stream cipher. This adoption of anti-analysis techniques demonstrates an evolution in Linux malware, as the authors have adopted principles more common to Windows malware in an effort to thwart detection. Like some of its predecessors, Chalubo incorporates code from the Xor.DDoS and Mirai malware families.",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://news.sophos.com/en-us/2018/10/22/chalubo-botnet-wants-to-ddos-from-your-server-or-iot-device/"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "f387e30a-dc48-11e8-b9f4-370bc63008bf",
|
||||||
|
"value": "Chalubo"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 17
|
"version": 18
|
||||||
}
|
}
|
||||||
|
|
|
@ -5983,7 +5983,21 @@
|
||||||
},
|
},
|
||||||
"uuid": "d5e90854-d5c9-11e8-98b9-1f98eb80d30a",
|
"uuid": "d5e90854-d5c9-11e8-98b9-1f98eb80d30a",
|
||||||
"value": "The Shadow Brokers"
|
"value": "The Shadow Brokers"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "Malware experts at CSE Cybsec uncovered a massive malvertising campaign dubbed EvilTraffic leveraging tens of thousands compromised websites. Crooks exploited some CMS vulnerabilities to upload and execute arbitrary PHP pages used to generate revenues via advertising.",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"http://securityaffairs.co/wordpress/68059/cyber-crime/eviltraffic-malvertising-campaign.html",
|
||||||
|
"http://csecybsec.com/download/zlab/20180121_CSE_Massive_Malvertising_Report.pdf"
|
||||||
|
],
|
||||||
|
"synonyms": [
|
||||||
|
"Operation EvilTraffic"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "c2d5a052-dc30-11e8-9643-d76f3b9c94fa",
|
||||||
|
"value": "EvilTraffic"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 75
|
"version": 76
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue