From 6416d0b2de9c2eb8b5241bd39514962642ac3a23 Mon Sep 17 00:00:00 2001 From: botlabsDev <54632107+botlabsDev@users.noreply.github.com> Date: Fri, 18 Mar 2022 15:34:11 +0100 Subject: [PATCH] add Rook Ransomware, Pandora Ranomsware, Astro Locker, Mount Locker, Ripprbot, Abcbot Cyclops Blink and Elknot --- clusters/botnet.json | 48 +++++++++++++++++++++++++++++++++++++++- clusters/ransomware.json | 46 +++++++++++++++++++++++++++++++++++++- 2 files changed, 92 insertions(+), 2 deletions(-) diff --git a/clusters/botnet.json b/clusters/botnet.json index 4cb2ba7..ab30792 100644 --- a/clusters/botnet.json +++ b/clusters/botnet.json @@ -1245,7 +1245,53 @@ }, "uuid": "37c5d3ad-9057-4fcb-9fb3-4f7e5377a304", "value": "Glupteba" + }, + { + "description": "DDoS Botnet", + "meta": { + "refs": [ + "https://www.virusbulletin.com/conference/vb2016/abstracts/elknot-ddos-botnets-we-watched", + "https://www.virusbulletin.com/uploads/pdf/conference_slides/2016/Liu_Wang-vb-2016-TheElknotDDoSBotnetsWeWatched.pdf" + ], + "synonyms": [ + "Linux/BillGates", + "BillGates" + ] + }, + "uuid": "98392af9-d4a4-4e63-aded-f802a0fa6ef7", + "value": "Elknot" + }, + { + "description": "Advanced modular botnet that is reportedly linked to the Sandworm or Voodoo Bear advanced persistent threat (APT) group.", + "meta": { + "refs": [ + "https://www.trendmicro.com/en_us/research/22/c/cyclops-blink-sets-sights-on-asus-routers--.html", + "https://www.cisa.gov/uscert/ncas/alerts/aa22-054a" + ] + }, + "uuid": "98392af9-d4a4-4e63-aded-f802a0fa6ef7", + "value": "Cyclops Blink" + }, + { + "description": "Botnet", + "meta": { + "refs": [ + "https://blog.netlab.360.com/abcbot_an_evolving_botnet_en" + ] + }, + "uuid": "bcc60155-e824-4adb-a906-eec43c2d1ae8", + "value": "Abcbot" + }, + { + "description": "Botnet", + "meta": { + "refs": [ + "https://blog.netlab.360.com/some_details_of_the_ddos_attacks_targeting_ukraine_and_russia_in_recent_days" + ] + }, + "uuid": "3e40c1af-51f5-4b02-b189-74567125c6e0", + "value": "Ripprbot" } ], - "version": 24 + "version": 25 } diff --git a/clusters/ransomware.json b/clusters/ransomware.json index 2c6a281..c0a65e3 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -24419,7 +24419,51 @@ ], "uuid": "e6c09b63-a424-4d9e-b7f7-b752cbbca02a", "value": "BlackCat" + }, + { + "description": "Ransomware", + "meta": { + "refs": [ + "https://www.cyclonis.com/mount-locker-ransomware-more-dangerous", + "https://www.bleepingcomputer.com/news/security/mount-locker-ransomware-joins-the-multi-million-dollar-ransom-game" + ] + }, + "uuid": "1da28691-684a-4cd2-b2f8-e80a123e150c", + "value": "Mount Locker" + }, + { + "description": "Ransomware", + "meta": { + "refs": [ + "https://threatpost.com/mount-locker-ransomware-changes-tactics/165559/", + "https://news.sophos.com/en-us/2021/03/31/sophos-mtr-in-real-time-what-is-astro-locker-team/" + ] + }, + "uuid": "1da28691-684a-4cd2-b2f8-e80a123e150c", + "value": "Astro Locker" + }, + { + "description": "Ransomware ", + "meta": { + "refs": [ + "https://twitter.com/malwrhunterteam/status/1501857263493001217", + "https://dissectingmalwa.re/blog/pandora" + ] + }, + "uuid": "bb6d933f-7b6d-4694-853d-1ca400f6bd8f", + "value": "Pandora" + }, + { + "description": "Ransomware", + "meta": { + "refs": [ + "https://www.sentinelone.com/labs/new-rook-ransomware-feeds-off-the-code-of-babuk", + "https://twitter.com/techyteachme/status/1464317136944435209" + ] + }, + "uuid": "bb6d933f-7b6d-4694-853d-1ca400f6bd8f", + "value": "Rook" } ], - "version": 100 + "version": 101 }