diff --git a/clusters/botnet.json b/clusters/botnet.json index 0919053..0b6c4a8 100644 --- a/clusters/botnet.json +++ b/clusters/botnet.json @@ -893,13 +893,24 @@ }, { "value": "Torii", - "description": " we have been observing a new malware strain, which we call Torii, that differs from Mirai and other botnets we know of, particularly in the advanced techniques it uses.", + "description": " we have been observing a new malware strain, which we call Torii, that differs from Mirai and other botnets we know of, particularly in the advanced techniques it uses. The developers of the botnet seek wide coverage and for this purpose they created binaries for multiple CPU architectures, tailoring the malware for stealth and persistence.", "meta": { "refs": [ - "https://blog.avast.com/new-torii-botnet-threat-research" + "https://blog.avast.com/new-torii-botnet-threat-research", + "https://www.bleepingcomputer.com/news/security/new-iot-botnet-torii-uses-six-methods-for-persistence-has-no-clear-purpose/" ] } + }, + { + "value": "Persirai", + "description": "A new Internet of Things (IoT) botnet called Persirai (Detected by Trend Micro as ELF_PERSIRAI.A) has been discovered targeting over 1,000 Internet Protocol (IP) Camera models based on various Original Equipment Manufacturer (OEM) products. This development comes on the heels of Mirai—an open-source backdoor malware that caused some of the most notable incidents of 2016 via Distributed Denial-of-Service (DDoS) attacks that compromised IoT devices such as Digital Video Recorders (DVRs) and CCTV cameras—as well as the Hajime botnet.", + "meta": { + "refs": [ + "https://blog.trendmicro.com/trendlabs-security-intelligence/persirai-new-internet-things-iot-botnet-targets-ip-cameras/" + ] + }, + "uuid": "e3e91fe2-c7ce-11e8-8e85-6bc15cd2a63c" } ], - "version": 13 + "version": 15 } diff --git a/clusters/rat.json b/clusters/rat.json index f009463..b0b8fe5 100644 --- a/clusters/rat.json +++ b/clusters/rat.json @@ -407,7 +407,8 @@ "meta": { "date": "2003", "refs": [ - "http://securityaffairs.co/wordpress/54837/hacking/one-stop-shop-hacking.html" + "http://securityaffairs.co/wordpress/54837/hacking/one-stop-shop-hacking.html", + "https://www.bleepingcomputer.com/news/security/zoho-heavily-used-by-keyloggers-to-transmit-stolen-data/" ] }, "uuid": "8414f79c-a879-44b6-b154-4992aa12dff1", @@ -2940,5 +2941,5 @@ "uuid": "5d0369ee-c718-11e8-b328-035ed1bdca07" } ], - "version": 17 + "version": 18 } diff --git a/clusters/tool.json b/clusters/tool.json index 49e2192..a90ee9d 100644 --- a/clusters/tool.json +++ b/clusters/tool.json @@ -4437,7 +4437,8 @@ "description": "Agent Tesla is modern powerful keystroke logger. It provides monitoring your personel computer via keyboard and screenshot. Keyboard, screenshot and registered passwords are sent in log. You can receive your logs via e-mail, ftp or php(web panel). ", "meta": { "refs": [ - "https://www.agenttesla.com/" + "https://www.agenttesla.com/", + "https://www.bleepingcomputer.com/news/security/zoho-heavily-used-by-keyloggers-to-transmit-stolen-data/" ] }, "uuid": "f8cd62cb-b9d3-4352-8f46-0961cfde104c", @@ -5875,5 +5876,5 @@ "uuid": "8a2ae47a-c7b2-11e8-b223-ab4d8f78f3ef" } ], - "version": 91 + "version": 92 }