From 35582f7ed5f673f2af532bfeafdfbe4fdefae367 Mon Sep 17 00:00:00 2001
From: Deborah Servili <deborah.servili@gmail.com>
Date: Mon, 1 Oct 2018 11:52:40 +0200
Subject: [PATCH] new threat actors & tools

---
 clusters/threat-actor.json | 22 +++++++++++++++++++++-
 clusters/tool.json         | 22 +++++++++++++++++++++-
 2 files changed, 42 insertions(+), 2 deletions(-)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 84a92f6..ebf32c3 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -5880,7 +5880,27 @@
         ]
       },
       "uuid": "6c79bd1a-bfde-11e8-8c33-db4d9968671a"
+    },
+    {
+      "value": "MageCart",
+      "description": "Digital threat management company RiskIQ tracks the activity of MageCart group and reported their use of web-based card skimmers since 2016.",
+      "meta": {
+        "refs": [
+          "https://www.bleepingcomputer.com/news/security/british-airways-fell-victim-to-card-scraping-attack/"
+        ]
+      },
+      "uuid": "0768fd50-c547-11e8-9aa5-776183769eab"
+    },
+    {
+      "value": "Domestic Kitten",
+      "description": "An extensive surveillance operation targets specific groups of individuals with malicious mobile apps that collect sensitive information on the device along with surrounding voice recordings. Researchers with CheckPoint discovered the attack and named it Domestic Kitten. The targets are Kurdish and Turkish natives, and ISIS supporters, all Iranian citizens.",
+      "meta": {
+        "refs": [
+          "https://www.bleepingcomputer.com/news/security/domestic-kitten-apt-operates-in-silence-since-2016/"
+        ]
+      },
+      "uuid": "dda1b28e-c558-11e8-8666-27cf61d1d7ee"
     }
   ],
-  "version": 66
+  "version": 67
 }
diff --git a/clusters/tool.json b/clusters/tool.json
index 7493a83..f0991b9 100644
--- a/clusters/tool.json
+++ b/clusters/tool.json
@@ -5819,7 +5819,27 @@
         ]
       },
       "uuid": "https://www.bleepingcomputer.com/news/security/apt28-uses-lojax-first-uefi-rootkit-seen-in-the-wild/"
+    },
+    {
+      "value": "Chainshot",
+      "description": "The new piece of malware, which received the name Chainshot, is used in the early stages of an attack to activate a downloader for the final payload in a malicious chain reaction.",
+      "meta": {
+        "refs": [
+          "https://www.bleepingcomputer.com/news/security/new-chainshot-malware-found-by-cracking-512-bit-rsa-key/"
+        ]
+      },
+      "uuid": "a032460e-c54c-11e8-9965-43b7b6469a65"
+    },
+    {
+      "value": "CroniX",
+      "description": "The researchers named this campaign CroniX, a moniker that derives from the malware's use of Cron to achieve persistence and Xhide to launch executables with fake process names. The cryptocurrency minted on victim's computers is Monero (XMR), the coin of choice in cryptojacking activities. To make sure that rival activity does not revive, CroniX deletes the binaries of other cryptominers present on the system. Another action CroniX takes to establish supremacy on the machine is to check the names of the processes and kill those that swallow 60% of the CPU or more.",
+      "meta": {
+        "refs": [
+          "https://www.bleepingcomputer.com/news/security/cronix-cryptominer-kills-rivals-to-reign-supreme/"
+        ]
+      },
+      "uuid": "55d29d1c-c550-11e8-9904-47c1d86af7c5"
     }
   ],
-  "version": 88
+  "version": 89
 }