From f595195cd2b6aba9d9bed69d3aab5e652b35147f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=BCrgen=20L=C3=B6hel?= Date: Tue, 15 Nov 2022 18:10:39 -0600 Subject: [PATCH] chg: [botnets] Adds KmsdBot MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jürgen Löhel --- clusters/botnet.json | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/clusters/botnet.json b/clusters/botnet.json index df6dea5..19a421d 100644 --- a/clusters/botnet.json +++ b/clusters/botnet.json @@ -1383,7 +1383,17 @@ ], "uuid": "505c6a54-a701-4a4b-85d4-0f2038b7b46a", "value": "Dark.IoT" + }, + { + "description": "Akamai Security Research has observed a new golang malware which they named KmsdBot. The malware scans for open SSH ports and performs a simple dictionary attack against it. The researchers from Akamai monitored only DDoS activity, but discovered also the functionality to launch cryptomining. The malware has varied targets including the gaming industry, technology industry, and luxury car manufacturers.", + "meta": { + "refs": [ + "https://www.akamai.com/blog/security-research/kmdsbot-the-attack-and-mine-malware" + ] + }, + "uuid": "b6919400-9b16-48ae-8379-fab26a506e32", + "value": "KmsdBot" } ], - "version": 28 + "version": 29 }