mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-30 02:37:17 +00:00
add hajime botnet
This commit is contained in:
parent
a78972e0ac
commit
572404dcc7
1 changed files with 13 additions and 1 deletions
|
@ -45,7 +45,7 @@
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "Torpig",
|
"value": "Torpig",
|
||||||
"description": "Torpig, also known as Anserin or Sinowal is a type of botnet spread through systems compromised by the Mebroot rootkit by a variety of trojan horses for the purpose of collecting sensitive personal and corporate data such as bank account and credit card information. It targets computers that use Microsoft Windows, recruiting a network of zombies for the botnet. Torpig circumvents antivirus software through the use of rootkit technology and scans the infected system for credentials, accounts and passwords as well as potentially allowing attackers full access to the computer. It is also purportedly capable of modifying data on the computer, and can perform man-in-the-browser attacks.",
|
"description": "Torpig, also known as Anserin or Sinowal is a type of botnet spread through systems compromised by the Mebroot rootkit by a variety of trojan horses for the purpose of collecting sensitive personal and corporate data such as bank account and credit card information. It targets computers that use Microsoft Windows, recruiting a network of zombies for the botnet. Torpig circumvents antivirus software through the use of rootkit technology and scans the infected system for credentials, accounts and passwords as well as potentially allowing attackers full access to the computer. It is also purportedly capable of modifying data hajimeon the computer, and can perform man-in-the-browser attacks.",
|
||||||
"meta": {
|
"meta": {
|
||||||
"refs": [
|
"refs": [
|
||||||
"https://en.wikipedia.org/wiki/Torpig"
|
"https://en.wikipedia.org/wiki/Torpig"
|
||||||
|
@ -529,6 +529,18 @@
|
||||||
"date": "April 2017"
|
"date": "April 2017"
|
||||||
},
|
},
|
||||||
"uuid": "3d7c771b-b175-41c9-8ba1-904ef29715fa"
|
"uuid": "3d7c771b-b175-41c9-8ba1-904ef29715fa"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "Hajime",
|
||||||
|
"description": "Hajime (meaning ‘beginning’ in Japanese) is an IoT worm that was first mentioned on 16 October 2016 in a public report by RapidityNetworks. One month later we saw the first samples being uploaded from Spain to VT. This worm builds a huge P2P botnet (almost 300,000 devices at the time of publishing this blogpost), but its real purpose remains unknown. ",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://www.bleepingcomputer.com/news/security/hajime-botnet-makes-a-comeback-with-massive-scan-for-mikrotik-routers/",
|
||||||
|
"https://en.wikipedia.org/wiki/Hajime_(malware)",
|
||||||
|
"https://securelist.com/hajime-the-mysterious-evolving-botnet/78160/"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "383fd414-3805-11e8-ac12-c7b5af38ff67"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"name": "Botnet",
|
"name": "Botnet",
|
||||||
|
|
Loading…
Reference in a new issue