mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-30 02:37:17 +00:00
add Chalubo botnet (+ jqallthethings)
This commit is contained in:
parent
41942d0daf
commit
e6b1eec329
2 changed files with 13 additions and 3 deletions
|
@ -1136,7 +1136,17 @@
|
||||||
],
|
],
|
||||||
"uuid": "e3e91fe2-c7ce-11e8-8e85-6bc15cd2a63c",
|
"uuid": "e3e91fe2-c7ce-11e8-8e85-6bc15cd2a63c",
|
||||||
"value": "Persirai"
|
"value": "Persirai"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "Since early September, SophosLabs has been monitoring an increasingly prolific attack targeting Internet-facing SSH servers on Linux-based systems that has been dropping a newly-discovered family of denial-of-service bots we’re calling Chalubo. The attackers encrypt both the main bot component and its corresponding Lua script using the ChaCha stream cipher. This adoption of anti-analysis techniques demonstrates an evolution in Linux malware, as the authors have adopted principles more common to Windows malware in an effort to thwart detection. Like some of its predecessors, Chalubo incorporates code from the Xor.DDoS and Mirai malware families.",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://news.sophos.com/en-us/2018/10/22/chalubo-botnet-wants-to-ddos-from-your-server-or-iot-device/"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "f387e30a-dc48-11e8-b9f4-370bc63008bf",
|
||||||
|
"value": "Chalubo"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 17
|
"version": 18
|
||||||
}
|
}
|
||||||
|
|
|
@ -5985,7 +5985,6 @@
|
||||||
"value": "The Shadow Brokers"
|
"value": "The Shadow Brokers"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value" : "EvilTraffic",
|
|
||||||
"description": "Malware experts at CSE Cybsec uncovered a massive malvertising campaign dubbed EvilTraffic leveraging tens of thousands compromised websites. Crooks exploited some CMS vulnerabilities to upload and execute arbitrary PHP pages used to generate revenues via advertising.",
|
"description": "Malware experts at CSE Cybsec uncovered a massive malvertising campaign dubbed EvilTraffic leveraging tens of thousands compromised websites. Crooks exploited some CMS vulnerabilities to upload and execute arbitrary PHP pages used to generate revenues via advertising.",
|
||||||
"meta": {
|
"meta": {
|
||||||
"refs": [
|
"refs": [
|
||||||
|
@ -5996,7 +5995,8 @@
|
||||||
"Operation EvilTraffic"
|
"Operation EvilTraffic"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"uuid": "c2d5a052-dc30-11e8-9643-d76f3b9c94fa"
|
"uuid": "c2d5a052-dc30-11e8-9643-d76f3b9c94fa",
|
||||||
|
"value": "EvilTraffic"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 76
|
"version": 76
|
||||||
|
|
Loading…
Reference in a new issue