mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-23 07:17:17 +00:00
Merge pull request #238 from Delta-Sierra/master
add Kronos Banking Trojan
This commit is contained in:
commit
83497c54ef
1 changed files with 13 additions and 1 deletions
|
@ -2,7 +2,7 @@
|
||||||
"uuid": "59f20cce-5420-4084-afd5-0884c0a83832",
|
"uuid": "59f20cce-5420-4084-afd5-0884c0a83832",
|
||||||
"description": "A list of banker malware.",
|
"description": "A list of banker malware.",
|
||||||
"source": "Open Sources",
|
"source": "Open Sources",
|
||||||
"version": 10,
|
"version": 11,
|
||||||
"values": [
|
"values": [
|
||||||
{
|
{
|
||||||
"meta": {
|
"meta": {
|
||||||
|
@ -668,6 +668,18 @@
|
||||||
"description": "Trojan under development and already being distributed through the RIG Exploit Kit. Observed code similarities with other well-known bankers such as Ramnit, Vawtrak and TrickBot. Karius works in a rather traditional fashion to other banking malware and consists of three components (injector32\\64.exe, proxy32\\64.dll and mod32\\64.dll), these components essentially work together to deploy webinjects in several browsers.",
|
"description": "Trojan under development and already being distributed through the RIG Exploit Kit. Observed code similarities with other well-known bankers such as Ramnit, Vawtrak and TrickBot. Karius works in a rather traditional fashion to other banking malware and consists of three components (injector32\\64.exe, proxy32\\64.dll and mod32\\64.dll), these components essentially work together to deploy webinjects in several browsers.",
|
||||||
"value": "Karius",
|
"value": "Karius",
|
||||||
"uuid": "a088c428-d0bb-49c8-9ed7-dcced0c74754"
|
"uuid": "a088c428-d0bb-49c8-9ed7-dcced0c74754"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://en.wikipedia.org/wiki/Kronos_(malware)",
|
||||||
|
"https://www.proofpoint.com/us/threat-insight/post/kronos-banking-trojan-used-to-deliver-new-point-of-sale-malware",
|
||||||
|
"https://www.bleepingcomputer.com/news/security/new-version-of-the-kronos-banking-trojan-discovered/"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"description": "Kronos was a type of banking malware first reported in 2014. It was sold for $7000. As of September 2015, a renew version was reconnecting with infected bots and sending them a brand new configuration file against U.K. banks and one bank in India. Similar to Zeus it was focused on stealing banking login credentials from browser sessions. A new version of this malware appears to have been used in 2018, the main difference is that the 2018 edition uses Tor-hosted C&C control panels.",
|
||||||
|
"value": "Kronos",
|
||||||
|
"uuid": "5b42af8e-8fdc-11e8-bf48-f32ff64d5502"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"authors": [
|
"authors": [
|
||||||
|
|
Loading…
Reference in a new issue