Merge pull request #150 from Delta-Sierra/master

add Digmine
This commit is contained in:
Alexandre Dulaunoy 2018-01-15 15:52:33 +01:00 committed by GitHub
commit 3fe8677e74
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -10,7 +10,7 @@
], ],
"description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.", "description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
"uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f", "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
"version": 48, "version": 49,
"values": [ "values": [
{ {
"meta": { "meta": {
@ -3338,6 +3338,15 @@
"PYLOT" "PYLOT"
] ]
} }
},
{
"value": "Digmine",
"description": "Digmine is coded in AutoIt, and sent to would-be victims posing as a video file but is actually an AutoIt executable script. If the users Facebook account is set to log in automatically, Digmine will manipulate Facebook Messenger in order to send a link to the file to the accounts friends. The abuse of Facebook is limited to propagation for now, but it wouldnt be implausible for attackers to hijack the Facebook account itself down the line. This functionalitys code is pushed from the command-and-control (C&C) server, which means it can be updated.",
"meta": {
"refs": [
"https://blog.trendmicro.com/trendlabs-security-intelligence/digmine-cryptocurrency-miner-spreading-via-facebook-messenger/"
]
}
} }
] ]
} }