add Smominru

clusters/banker.json

@@ -511,6 +511,19 @@
           "https://www.welivesecurity.com/2017/09/13/downandexec-banking-malware-cdns-brazil/"
         ]
       }
+    },
+    {
+      "value": "Smominru",
+      "description": "Since the end of May 2017, we have been monitoring a Monero miner that spreads using the EternalBlue Exploit (CVE-2017-0144). The miner itself, known as Smominru (aka Ismo) has been well-documented, so we will not discuss  its post-infection behavior. However, the miner’s use of Windows Management Infrastructure is unusual among coin mining malware.\nThe speed at which mining operations conduct mathematical operations to unlock new units of cryptocurrency is referred to as “hash power”. Based on the hash power associated with the Monero payment address for this operation, it appeared that this botnet was likely twice the size of Adylkuzz. The operators had already mined approximately 8,900 Monero (valued this week between $2.8M and $3.6M). Each day, the botnet mined roughly 24 Monero, worth an average of $8,500 this week.",
+      "meta": {
+        "refs": [
+          "https://www.proofpoint.com/us/threat-insight/post/smominru-monero-mining-botnet-making-millions-operators"
+        ],
+        "synonyms": [
+          "Ismo",
+          "lsmo"
+        ]
+      }
     }
   ],
   "version": 7,