From e7d2541929624d6f8a9a74fe4a627a5bcbb1c7aa Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Wed, 25 Jul 2018 09:46:46 +0200 Subject: [PATCH] add Kronos Banking Trojan --- clusters/banker.json | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/clusters/banker.json b/clusters/banker.json index 725f3d5..8dae821 100644 --- a/clusters/banker.json +++ b/clusters/banker.json @@ -2,7 +2,7 @@ "uuid": "59f20cce-5420-4084-afd5-0884c0a83832", "description": "A list of banker malware.", "source": "Open Sources", - "version": 10, + "version": 11, "values": [ { "meta": { @@ -668,6 +668,18 @@ "description": "Trojan under development and already being distributed through the RIG Exploit Kit. Observed code similarities with other well-known bankers such as Ramnit, Vawtrak and TrickBot. Karius works in a rather traditional fashion to other banking malware and consists of three components (injector32\\64.exe, proxy32\\64.dll and mod32\\64.dll), these components essentially work together to deploy webinjects in several browsers.", "value": "Karius", "uuid": "a088c428-d0bb-49c8-9ed7-dcced0c74754" + }, + { + "meta": { + "refs": [ + "https://en.wikipedia.org/wiki/Kronos_(malware)", + "https://www.proofpoint.com/us/threat-insight/post/kronos-banking-trojan-used-to-deliver-new-point-of-sale-malware", + "https://www.bleepingcomputer.com/news/security/new-version-of-the-kronos-banking-trojan-discovered/" + ] + }, + "description": "Kronos was a type of banking malware first reported in 2014. It was sold for $7000. As of September 2015, a renew version was reconnecting with infected bots and sending them a brand new configuration file against U.K. banks and one bank in India. Similar to Zeus it was focused on stealing banking login credentials from browser sessions. A new version of this malware appears to have been used in 2018, the main difference is that the 2018 edition uses Tor-hosted C&C control panels.", + "value": "Kronos", + "uuid": "5b42af8e-8fdc-11e8-bf48-f32ff64d5502" } ], "authors": [