mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-22 23:07:19 +00:00
add gamut botnet
This commit is contained in:
parent
2e9827d9a3
commit
510347c730
1 changed files with 12 additions and 1 deletions
|
@ -10,7 +10,7 @@
|
|||
],
|
||||
"description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
|
||||
"uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
|
||||
"version": 56,
|
||||
"version": 57,
|
||||
"values": [
|
||||
{
|
||||
"meta": {
|
||||
|
@ -3854,6 +3854,17 @@
|
|||
]
|
||||
},
|
||||
"uuid": "73cb7ecc-25e3-11e8-a97b-c35ec4e7dcf8"
|
||||
},
|
||||
{
|
||||
"value": "Gamut Botnet",
|
||||
"description": "Gamut was found to be downloaded by a Trojan Downloader that arrives as an attachment from a spam email message. The bot installation is quite simple. After the malware binary has been downloaded, it launches itself from its current directory, usually the Windows %Temp% folder and installs itself as a Windows service.\nThe malware utilizes an anti-VM (virtual machine) trick and terminates itself if it detects that it is running in a virtual machine environment. The bot uses INT 03h trap sporadically in its code, an anti-debugging technique which prevents its code from running within a debugger environment. It can also determine if it is being debugged by using the Kernel32 API - IsDebuggerPresent function.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.bleepingcomputer.com/news/security/necurs-and-gamut-botnets-account-for-97-percent-of-the-internets-spam-emails/",
|
||||
"https://www.trustwave.com/Resources/SpiderLabs-Blog/Gamut-Spambot-Analysis/"
|
||||
]
|
||||
},
|
||||
"uuid": "492879ac-285b-11e8-a06e-33f548e66e42"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue