mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-23 07:17:17 +00:00
create botnet galaxy
This commit is contained in:
Deborah Servili
parent
6147b89c4a
commit
384e26a1b4
3 changed files with 45 additions and 0 deletions
22
clusters/botnet.json
Normal file
22
clusters/botnet.json
Normal file
|
|
@ -0,0 +1,22 @@
|
||||||
|
{
|
||||||
|
"values": [
|
||||||
|
{
|
||||||
|
"value": "ADB.miner",
|
||||||
|
"description": "A new botnet appeared over the weekend, and it's targeting Android devices by scanning for open debug ports so it can infect victims with malware that mines the Monero cryptocurrency.\n\nThe botnet came to life on Saturday, February 3, and is targeting port 5555, which on devices running the Android OS is the port used by the operating system's native Android Debug Bridge (ADB), a debugging interface that grants access to some of the operating system's most sensitive features.\n\nOnly devices running the Android OS have been infected until now, such as smartphones, smart TVs, and TV top boxes, according to security researchers from Qihoo 360's Network Security Research Lab [Netlab] division, the ones who discovered the botnet, which the named ADB.miner.",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://www.bleepingcomputer.com/news/security/android-devices-targeted-by-new-monero-mining-botnet/"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"name": "Botnet",
|
||||||
|
"type": "botnet",
|
||||||
|
"source": "MISP Project",
|
||||||
|
"authors": [
|
||||||
|
"Various"
|
||||||
|
],
|
||||||
|
"description": "botnet galaxy",
|
||||||
|
"uuid": "a91732f4-164a-11e8-924a-ffd4097eb03f",
|
||||||
|
"version": 1
|
||||||
|
}
|
||||||
|
|
@ -8732,6 +8732,21 @@
|
||||||
],
|
],
|
||||||
"date": "Febuary 2018"
|
"date": "Febuary 2018"
|
||||||
}
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "Cryakl",
|
||||||
|
"description": "ransomware",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://sensorstechforum.com/fr/fairytail-files-virus-cryakl-ransomware-remove-restore-data/",
|
||||||
|
"https://www.technologynews.tech/cryakl-ransomware-virus",
|
||||||
|
"http://www.zdnet.com/article/cryakl-ransomware-decryption-keys-now-available-for-free/"
|
||||||
|
],
|
||||||
|
"date": "January 2018",
|
||||||
|
"extensions": [
|
||||||
|
".fairytail"
|
||||||
|
]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"source": "Various",
|
"source": "Various",
|
||||||
|
|
|
||||||
8
galaxies/botnet.json
Normal file
8
galaxies/botnet.json
Normal file
|
|
@ -0,0 +1,8 @@
|
||||||
|
{
|
||||||
|
"description": "Botnet galaxy.",
|
||||||
|
"type": "botnet",
|
||||||
|
"version": 1,
|
||||||
|
"name": "Botnet",
|
||||||
|
"icon": "sitemap",
|
||||||
|
"uuid": "90ccdf38-1649-11e8-b8bf-e7326d553087"
|
||||||
|
}
|
||||||
Loading…
Reference in a new issue