add gamut botnet

This commit is contained in:
Deborah Servili 2018-03-21 08:29:41 +01:00
parent 2e9827d9a3
commit 510347c730

View file

@ -10,7 +10,7 @@
], ],
"description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.", "description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
"uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f", "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
"version": 56, "version": 57,
"values": [ "values": [
{ {
"meta": { "meta": {
@ -3854,6 +3854,17 @@
] ]
}, },
"uuid": "73cb7ecc-25e3-11e8-a97b-c35ec4e7dcf8" "uuid": "73cb7ecc-25e3-11e8-a97b-c35ec4e7dcf8"
},
{
"value": "Gamut Botnet",
"description": "Gamut was found to be downloaded by a Trojan Downloader that arrives as an attachment from a spam email message. The bot installation is quite simple. After the malware binary has been downloaded, it launches itself from its current directory, usually the Windows %Temp% folder and installs itself as a Windows service.\nThe malware utilizes an anti-VM (virtual machine) trick and terminates itself if it detects that it is running in a virtual machine environment. The bot uses INT 03h trap sporadically in its code, an anti-debugging technique which prevents its code from running within a debugger environment. It can also determine if it is being debugged by using the Kernel32 API - IsDebuggerPresent function.",
"meta": {
"refs": [
"https://www.bleepingcomputer.com/news/security/necurs-and-gamut-botnets-account-for-97-percent-of-the-internets-spam-emails/",
"https://www.trustwave.com/Resources/SpiderLabs-Blog/Gamut-Spambot-Analysis/"
]
},
"uuid": "492879ac-285b-11e8-a06e-33f548e66e42"
} }
] ]
} }