add Muhstik botnet

This commit is contained in:
Deborah Servili 2018-04-23 09:26:28 +02:00
parent ecf2d0848d
commit 6bf2004bd5

View file

@ -541,6 +541,16 @@
]
},
"uuid": "383fd414-3805-11e8-ac12-c7b5af38ff67"
},
{
"value": "Muhstik",
"description": "The botnet is exploiting the CVE-2018-7600 vulnerability —also known as Drupalgeddon 2— to access a specific URL and gain the ability to execute commands on a server running the Drupal CMS.\nAt the technical level, Netlab says Muhstik is built on top of Tsunami, a very old strain of malware that has been used for years to create botnets by infecting Linux servers and smart devices running Linux-based firmware.\nCrooks have used Tsunami initially for DDoS attacks, but its feature-set has greatly expanded after its source code leaked online.\nThe Muhstik version of Tsunami, according to a Netlab report published today, can launch DDoS attacks, install the XMRig Monero miner, or install the CGMiner to mine Dash cryptocurrency on infected hosts. Muhstik operators are using these three payloads to make money via the infected hosts.",
"meta": {
"refs": [
"https://www.bleepingcomputer.com/news/security/big-iot-botnet-starts-large-scale-exploitation-of-drupalgeddon-2-vulnerability/"
]
},
"uuid": "8364b00c-46c6-11e8-a78e-9bcc5609574f"
}
],
"name": "Botnet",
@ -551,5 +561,5 @@
],
"description": "botnet galaxy",
"uuid": "a91732f4-164a-11e8-924a-ffd4097eb03f",
"version": 2
"version": 3
}