add several refs

This commit is contained in:
Deborah Servili 2018-10-15 11:33:37 +02:00
parent 8d0c87c830
commit c134035a6d
No known key found for this signature in database
GPG key ID: 7E3A832850D4D7D1

View file

@ -4895,7 +4895,8 @@
"description": "Talos has discovered an unknown Remote Administration Tool that we believe has been in use for over 3 years. During this time it has managed to avoid scrutiny by the security community. The current version of the malware allows the operator to steal files, keystrokes, perform screenshots, and execute arbitrary code on the infected host. Talos has named this malware KONNI. \nThroughout the multiple campaigns observed over the last 3 years, the actor has used an email attachment as the initial infection vector. They then use additional social engineering to prompt the target to open a .scr file, display a decoy document to the users, and finally execute the malware on the victim's machine. The malware infrastructure of the analysed samples was hosted by a free web hosting provider: 000webhost. The malware has evolved over time. In this article, we will analyse this evolution:",
"meta": {
"refs": [
"http://blog.talosintelligence.com/2017/05/konni-malware-under-radar-for-years.html"
"http://blog.talosintelligence.com/2017/05/konni-malware-under-radar-for-years.html",
"https://www.bleepingcomputer.com/news/security/report-ties-north-korean-attacks-to-new-malware-linked-by-word-macros/"
]
},
"related": [