From 572404dcc78fcf9e0d9d746b19d400de4c3fa2bc Mon Sep 17 00:00:00 2001
From: Deborah Servili <deborah.servili@gmail.com>
Date: Wed, 4 Apr 2018 14:41:57 +0200
Subject: [PATCH] add hajime botnet

---
 clusters/botnet.json | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/clusters/botnet.json b/clusters/botnet.json
index a298c3f..000de47 100644
--- a/clusters/botnet.json
+++ b/clusters/botnet.json
@@ -45,7 +45,7 @@
     },
     {
       "value": "Torpig",
-      "description": "Torpig, also known as Anserin or Sinowal is a type of botnet spread through systems compromised by the Mebroot rootkit by a variety of trojan horses for the purpose of collecting sensitive personal and corporate data such as bank account and credit card information. It targets computers that use Microsoft Windows, recruiting a network of zombies for the botnet. Torpig circumvents antivirus software through the use of rootkit technology and scans the infected system for credentials, accounts and passwords as well as potentially allowing attackers full access to the computer. It is also purportedly capable of modifying data on the computer, and can perform man-in-the-browser attacks.",
+      "description": "Torpig, also known as Anserin or Sinowal is a type of botnet spread through systems compromised by the Mebroot rootkit by a variety of trojan horses for the purpose of collecting sensitive personal and corporate data such as bank account and credit card information. It targets computers that use Microsoft Windows, recruiting a network of zombies for the botnet. Torpig circumvents antivirus software through the use of rootkit technology and scans the infected system for credentials, accounts and passwords as well as potentially allowing attackers full access to the computer. It is also purportedly capable of modifying data hajimeon the computer, and can perform man-in-the-browser attacks.",
       "meta": {
         "refs": [
           "https://en.wikipedia.org/wiki/Torpig"
@@ -529,6 +529,18 @@
         "date": "April 2017"
       },
       "uuid": "3d7c771b-b175-41c9-8ba1-904ef29715fa"
+    },
+    {
+      "value": "Hajime",
+      "description": "Hajime (meaning ‘beginning’ in Japanese) is an IoT worm that was first mentioned on 16 October 2016 in a public report by RapidityNetworks. One month later we saw the first samples being uploaded from Spain to VT. This worm builds a huge P2P botnet (almost 300,000 devices at the time of publishing this blogpost), but its real purpose remains unknown. ",
+      "meta": {
+        "refs": [
+          "https://www.bleepingcomputer.com/news/security/hajime-botnet-makes-a-comeback-with-massive-scan-for-mikrotik-routers/",
+          "https://en.wikipedia.org/wiki/Hajime_(malware)",
+          "https://securelist.com/hajime-the-mysterious-evolving-botnet/78160/"
+        ]
+      },
+      "uuid": "383fd414-3805-11e8-ac12-c7b5af38ff67"
     }
   ],
   "name": "Botnet",