From b45b4ce0b1d2985477082e72954a534a5fb8ffb7 Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Thu, 4 Oct 2018 12:01:26 +0200 Subject: [PATCH 1/4] add refs --- clusters/rat.json | 5 +++-- clusters/tool.json | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/clusters/rat.json b/clusters/rat.json index f009463..b0b8fe5 100644 --- a/clusters/rat.json +++ b/clusters/rat.json @@ -407,7 +407,8 @@ "meta": { "date": "2003", "refs": [ - "http://securityaffairs.co/wordpress/54837/hacking/one-stop-shop-hacking.html" + "http://securityaffairs.co/wordpress/54837/hacking/one-stop-shop-hacking.html", + "https://www.bleepingcomputer.com/news/security/zoho-heavily-used-by-keyloggers-to-transmit-stolen-data/" ] }, "uuid": "8414f79c-a879-44b6-b154-4992aa12dff1", @@ -2940,5 +2941,5 @@ "uuid": "5d0369ee-c718-11e8-b328-035ed1bdca07" } ], - "version": 17 + "version": 18 } diff --git a/clusters/tool.json b/clusters/tool.json index 794c7fd..dccdb00 100644 --- a/clusters/tool.json +++ b/clusters/tool.json @@ -4427,7 +4427,8 @@ "description": "Agent Tesla is modern powerful keystroke logger. It provides monitoring your personel computer via keyboard and screenshot. Keyboard, screenshot and registered passwords are sent in log. You can receive your logs via e-mail, ftp or php(web panel). ", "meta": { "refs": [ - "https://www.agenttesla.com/" + "https://www.agenttesla.com/", + "https://www.bleepingcomputer.com/news/security/zoho-heavily-used-by-keyloggers-to-transmit-stolen-data/" ] }, "uuid": "f8cd62cb-b9d3-4352-8f46-0961cfde104c", @@ -5865,5 +5866,5 @@ "uuid": "8a2ae47a-c7b2-11e8-b223-ab4d8f78f3ef" } ], - "version": 91 + "version": 92 } From 138a4e6f9eb7f9156bc9846cb59c284a39ed60c1 Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Thu, 4 Oct 2018 13:41:27 +0200 Subject: [PATCH 2/4] add ref for Torii botnet --- clusters/botnet.json | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/clusters/botnet.json b/clusters/botnet.json index 0919053..13369ba 100644 --- a/clusters/botnet.json +++ b/clusters/botnet.json @@ -896,10 +896,11 @@ "description": " we have been observing a new malware strain, which we call Torii, that differs from Mirai and other botnets we know of, particularly in the advanced techniques it uses.", "meta": { "refs": [ - "https://blog.avast.com/new-torii-botnet-threat-research" + "https://blog.avast.com/new-torii-botnet-threat-research", + "https://www.bleepingcomputer.com/news/security/new-iot-botnet-torii-uses-six-methods-for-persistence-has-no-clear-purpose/" ] } } ], - "version": 13 + "version": 14 } From 50fecccf39015445ab74b82e999bdf086960c48a Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Thu, 4 Oct 2018 13:44:32 +0200 Subject: [PATCH 3/4] update Torii botnet --- clusters/botnet.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/botnet.json b/clusters/botnet.json index 13369ba..5c2a7c7 100644 --- a/clusters/botnet.json +++ b/clusters/botnet.json @@ -893,7 +893,7 @@ }, { "value": "Torii", - "description": " we have been observing a new malware strain, which we call Torii, that differs from Mirai and other botnets we know of, particularly in the advanced techniques it uses.", + "description": " we have been observing a new malware strain, which we call Torii, that differs from Mirai and other botnets we know of, particularly in the advanced techniques it uses. The developers of the botnet seek wide coverage and for this purpose they created binaries for multiple CPU architectures, tailoring the malware for stealth and persistence.", "meta": { "refs": [ "https://blog.avast.com/new-torii-botnet-threat-research", From 7cf37a57f1d36c89f311bdcd17151acee1a4980a Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Thu, 4 Oct 2018 14:17:16 +0200 Subject: [PATCH 4/4] add Persirai botnet --- clusters/botnet.json | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/clusters/botnet.json b/clusters/botnet.json index 5c2a7c7..0b6c4a8 100644 --- a/clusters/botnet.json +++ b/clusters/botnet.json @@ -900,7 +900,17 @@ "https://www.bleepingcomputer.com/news/security/new-iot-botnet-torii-uses-six-methods-for-persistence-has-no-clear-purpose/" ] } + }, + { + "value": "Persirai", + "description": "A new Internet of Things (IoT) botnet called Persirai (Detected by Trend Micro as ELF_PERSIRAI.A) has been discovered targeting over 1,000 Internet Protocol (IP) Camera models based on various Original Equipment Manufacturer (OEM) products. This development comes on the heels of Mirai—an open-source backdoor malware that caused some of the most notable incidents of 2016 via Distributed Denial-of-Service (DDoS) attacks that compromised IoT devices such as Digital Video Recorders (DVRs) and CCTV cameras—as well as the Hajime botnet.", + "meta": { + "refs": [ + "https://blog.trendmicro.com/trendlabs-security-intelligence/persirai-new-internet-things-iot-botnet-targets-ip-cameras/" + ] + }, + "uuid": "e3e91fe2-c7ce-11e8-8e85-6bc15cd2a63c" } ], - "version": 14 + "version": 15 }