add Kronos Banking Trojan

This commit is contained in:
Deborah Servili 2018-07-25 09:46:46 +02:00
parent 381f7e4a19
commit e7d2541929

View file

@ -2,7 +2,7 @@
"uuid": "59f20cce-5420-4084-afd5-0884c0a83832", "uuid": "59f20cce-5420-4084-afd5-0884c0a83832",
"description": "A list of banker malware.", "description": "A list of banker malware.",
"source": "Open Sources", "source": "Open Sources",
"version": 10, "version": 11,
"values": [ "values": [
{ {
"meta": { "meta": {
@ -668,6 +668,18 @@
"description": "Trojan under development and already being distributed through the RIG Exploit Kit. Observed code similarities with other well-known bankers such as Ramnit, Vawtrak and TrickBot. Karius works in a rather traditional fashion to other banking malware and consists of three components (injector32\\64.exe, proxy32\\64.dll and mod32\\64.dll), these components essentially work together to deploy webinjects in several browsers.", "description": "Trojan under development and already being distributed through the RIG Exploit Kit. Observed code similarities with other well-known bankers such as Ramnit, Vawtrak and TrickBot. Karius works in a rather traditional fashion to other banking malware and consists of three components (injector32\\64.exe, proxy32\\64.dll and mod32\\64.dll), these components essentially work together to deploy webinjects in several browsers.",
"value": "Karius", "value": "Karius",
"uuid": "a088c428-d0bb-49c8-9ed7-dcced0c74754" "uuid": "a088c428-d0bb-49c8-9ed7-dcced0c74754"
},
{
"meta": {
"refs": [
"https://en.wikipedia.org/wiki/Kronos_(malware)",
"https://www.proofpoint.com/us/threat-insight/post/kronos-banking-trojan-used-to-deliver-new-point-of-sale-malware",
"https://www.bleepingcomputer.com/news/security/new-version-of-the-kronos-banking-trojan-discovered/"
]
},
"description": "Kronos was a type of banking malware first reported in 2014. It was sold for $7000. As of September 2015, a renew version was reconnecting with infected bots and sending them a brand new configuration file against U.K. banks and one bank in India. Similar to Zeus it was focused on stealing banking login credentials from browser sessions. A new version of this malware appears to have been used in 2018, the main difference is that the 2018 edition uses Tor-hosted C&C control panels.",
"value": "Kronos",
"uuid": "5b42af8e-8fdc-11e8-bf48-f32ff64d5502"
} }
], ],
"authors": [ "authors": [