From 2f5031b84509ce0447f3bc660996e762f3b9b5e2 Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Thu, 22 Nov 2018 08:37:45 +0100 Subject: [PATCH] add several references for Emotet and others --- clusters/banker.json | 10 +++++++--- clusters/threat-actor.json | 6 ++++-- clusters/tool.json | 6 ++++-- 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/clusters/banker.json b/clusters/banker.json index 9d349f1..75f3ea5 100644 --- a/clusters/banker.json +++ b/clusters/banker.json @@ -379,7 +379,8 @@ "https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/", "https://blog.malwarebytes.com/threat-analysis/2017/08/trickbot-comes-with-new-tricks-attacking-outlook-and-browsing-data/", "http://www.pwc.co.uk/issues/cyber-security-data-privacy/research/trickbots-bag-of-tricks.html", - "https://www.flashpoint-intel.com/blog/new-version-trickbot-adds-worm-propagation-module/" + "https://www.flashpoint-intel.com/blog/new-version-trickbot-adds-worm-propagation-module/", + "https://www.bleepingcomputer.com/news/security/trickbot-banking-trojan-starts-stealing-windows-problem-history/" ], "synonyms": [ "Trickster", @@ -477,7 +478,10 @@ "date": "Discovered ~Summer 2014", "refs": [ "https://feodotracker.abuse.ch/", - "http://blog.trendmicro.com/trendlabs-security-intelligence/new-banking-malware-uses-network-sniffing-for-data-theft/" + "http://blog.trendmicro.com/trendlabs-security-intelligence/new-banking-malware-uses-network-sniffing-for-data-theft/", + "https://www.bleepingcomputer.com/news/security/emotet-banking-trojan-loves-usa-internet-providers/", + "https://www.bleepingcomputer.com/news/security/emotet-returns-with-thanksgiving-theme-and-better-phishing-tricks/", + "https://www.forcepoint.com/blog/security-labs/thanks-giving-emotet" ], "synonyms": [ "Feodo Version C", @@ -1176,5 +1180,5 @@ "value": "CamuBot" } ], - "version": 15 + "version": 16 } diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 3a7230d..b1ae822 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -5921,7 +5921,9 @@ "refs": [ "https://www.bleepingcomputer.com/news/security/british-airways-fell-victim-to-card-scraping-attack/", "https://www.bleepingcomputer.com/news/security/feedify-hacked-with-magecart-information-stealing-script/", - "https://www.bleepingcomputer.com/news/security/magecart-group-compromises-plugin-used-in-thousands-of-stores-makes-rookie-mistake/" + "https://www.bleepingcomputer.com/news/security/magecart-group-compromises-plugin-used-in-thousands-of-stores-makes-rookie-mistake/", + "https://www.bleepingcomputer.com/news/security/visiondirect-data-breach-caused-by-magecart-attack/", + "https://www.bleepingcomputer.com/news/security/magecart-group-sabotages-rival-to-ruin-data-and-reputation/" ] }, "uuid": "0768fd50-c547-11e8-9aa5-776183769eab", @@ -6017,5 +6019,5 @@ "value": "HookAds" } ], - "version": 79 + "version": 80 } diff --git a/clusters/tool.json b/clusters/tool.json index 4530ea5..365ac08 100644 --- a/clusters/tool.json +++ b/clusters/tool.json @@ -1994,7 +1994,9 @@ { "meta": { "refs": [ - "https://securelist.com/analysis/publications/69560/the-banking-trojan-emotet-detailed-analysis/" + "https://securelist.com/analysis/publications/69560/the-banking-trojan-emotet-detailed-analysis/", + "https://www.forcepoint.com/blog/security-labs/thanks-giving-emotet", + "https://www.bleepingcomputer.com/news/security/emotet-returns-with-thanksgiving-theme-and-better-phishing-tricks/" ], "synonyms": [ "Geodo" @@ -7404,5 +7406,5 @@ "value": "China Chopper" } ], - "version": 100 + "version": 101 }