From 71c93f5b24053ce39c9df540d849a843a434eb34 Mon Sep 17 00:00:00 2001 From: Delta-Sierra Date: Tue, 12 Jul 2022 10:53:14 +0200 Subject: [PATCH] fix caps typo --- clusters/botnet.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/clusters/botnet.json b/clusters/botnet.json index 4922a88..ac9d202 100644 --- a/clusters/botnet.json +++ b/clusters/botnet.json @@ -1293,7 +1293,6 @@ "value": "Ripprbot" }, { - "Value": "EnemyBot", "description": "In mid-March [2022], FortiGuard Labs observed a new DDoS botnet calling itself “Enemybot” and attributing itself to Keksec, a threat group that specializes in cryptomining and DDoS attacks.\n\nThis botnet is mainly derived from Gafgyt’s source code but has been observed to borrow several modules from Mirai’s original source code.\n\nIt uses several methods of obfuscation for its strings to hinder analysis and hide itself from other botnets. Furthermore, it connects to a command-and-control (C2) server that is hidden in the Tor network, making its takedown more complicated.\n\nEnemybot has been seen targeting routers from Seowon Intech, D-Link, and exploits a recently reported iRZ router vulnerability to infect more devices.", "meta": { "refs": [ @@ -1326,7 +1325,8 @@ "type": "variant-of" } ], - "uuid": "a5a067c9-c4d7-4f33-8e6f-01b903f89908" + "uuid": "a5a067c9-c4d7-4f33-8e6f-01b903f89908", + "value": "EnemyBot" } ], "version": 26