From 8c5eb9e9576be0360f5082e2d9b4c20c2aa5892f Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Mon, 15 Jan 2018 15:00:25 +0100 Subject: [PATCH] add downAndExec --- clusters/banker.json | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/clusters/banker.json b/clusters/banker.json index f8096a6..aac1f81 100644 --- a/clusters/banker.json +++ b/clusters/banker.json @@ -502,9 +502,18 @@ "https://objective-see.com/blog/blog_0x25.html#Dok" ] } + }, + { + "value": "downAndExec", + "description": "Services like Netflix use content delivery networks (CDNs) to maximize bandwidth usage as it gives users greater speed when viewing the content, as the server is close to them and is part of the Netflix CDN. This results in faster loading times for series and movies, wherever you are in the world. But, apparently, the CDNs are starting to become a new way of spreading malware. The attack chain is very extensive, and incorporates the execution of remote scripts (similar in some respects to the recent “fileless” banking malware trend), plus the use of CDNs for command and control (C&C), and other standard techniques for the execution and protection of malware.", + "meta": { + "refs": [ + "https://www.welivesecurity.com/2017/09/13/downandexec-banking-malware-cdns-brazil/" + ] + } } ], - "version": 6, + "version": 7, "uuid": "59f20cce-5420-4084-afd5-0884c0a83832", "description": "A list of banker malware.", "authors": [