From 5e5a6119f5f987647920aaea388b55a27a021e7f Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Sat, 7 Jan 2017 14:48:45 +0100 Subject: [PATCH] Shiz Trojan + Shifu --- clusters/tool.json | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/clusters/tool.json b/clusters/tool.json index 5699d71..eb26e3d 100644 --- a/clusters/tool.json +++ b/clusters/tool.json @@ -10,7 +10,7 @@ ], "description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.", "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f", - "version": 9, + "version": 10, "values": [ { "description": "Malware", @@ -1120,6 +1120,21 @@ "meta": { "refs": ["https://attack.mitre.org/wiki/Software/S0049"] } + }, + { + "value": "Shifu", + "description": "Shifu is a Banking Trojan first discovered in 2015. Shifu is based on the Shiz source code which incorporated techniques used by Zeus. Attackers use Shifu to steal credentials for online banking websites around the world, starting in Russia but later including the UK, Italy, and others.", + "meta": { + "refs": ["http://researchcenter.paloaltonetworks.com/2017/01/unit42-2016-updates-shifu-banking-trojan/"], + "derivated-from": ["Shiz"] + } + }, + { + "value": "Shiz", + "description": "The new variant of the Shiz Trojan malware targets mission-critical enterprise resource planning (ERP) applications — particularly SAP users. ", + "meta": { + "refs": ["https://securityintelligence.com/tag/shiz-trojan-malware/"] + } } ] }