diff --git a/clusters/tool.json b/clusters/tool.json index 5424d6a..76cdddc 100644 --- a/clusters/tool.json +++ b/clusters/tool.json @@ -3187,6 +3187,19 @@ "http://blog.trendmicro.com/trendlabs-security-intelligence/dissecting-prilex-cutlet-maker-atm-malware-families/" ] } + }, + { + "value": "Satori", + "description": "According to a report Li shared with Bleeping Computer today, the Mirai Satori variant is quite different from all previous pure Mirai variants.Previous Mirai versions infected IoT devices and then downloaded a Telnet scanner component that attempted to find other victims and infect them with the Mirai bot.The Satori variant does not use a scanner but uses two embedded exploits that will try to connect to remote devices on ports 37215 and 52869.Effectively, this makes Satori an IoT worm, being able to spread by itself without the need for separate components.", + "meta": { + "refs": [ + "https://www.bleepingcomputer.com/news/security/satori-botnet-has-sudden-awakening-with-over-280-000-active-bots/", + "https://blog.fortinet.com/2017/12/12/rise-of-one-more-mirai-worm-variant" + ], + "synonyms": [ + "Okiru" + ] + } } ] }