From 647fc025d7bc78a00f43cc2e069fd28f104b8c73 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=BCrgen=20L=C3=B6hel?= <juergen.loehel@inlyse.com>
Date: Mon, 3 Apr 2023 11:19:08 -0600
Subject: [PATCH] chg[botnet]: Add HinataBot
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
---
 clusters/botnet.json | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/clusters/botnet.json b/clusters/botnet.json
index dad5596..c8619b4 100644
--- a/clusters/botnet.json
+++ b/clusters/botnet.json
@@ -1402,7 +1402,27 @@
       },
       "uuid": "b6919400-9b16-48ae-8379-fab26a506e32",
       "value": "KmsdBot"
+    },
+    {
+      "description": "Akamai researchers on the Security Intelligence Response Team (SIRT) have discovered a new Go-based, DDoS-focused botnet. The malware appears to have been named “Hinata” by the malware author after a character from the popular anime series, Naruto. We are calling it “HinataBot.” Looks like an attempt to rewrite Mirai in Go. The threat actors behind HinataBot originally distributed Mirai binaries.",
+      "meta": {
+        "refs": [
+          "https://www.akamai.com/blog/security-research/hinatabot-uncovering-new-golang-ddos-botnet",
+          "https://malpedia.caad.fkie.fraunhofer.de/details/elf.hinata_bot"
+        ]
+      },
+      "related": [
+        {
+          "dest-uuid": "fcdfd4af-da35-49a8-9610-19be8a487185",
+          "tags": [
+            "estimative-language:likelihood-probability=\"likely\""
+          ],
+          "type": "similar"
+        }
+      ],
+      "uuid": "040f2e89-b8be-4150-9426-c30f75e858a2",
+      "value": "HinataBot"
     }
   ],
-  "version": 30
+  "version": 31
 }