diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index f03852c..394b3f4 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -12105,6 +12105,19 @@ }, "uuid": "b01f7ed8-db75-45c7-ac7b-60aa4a1f7f4b", "value": "Keksec" + }, + { + "description": "The threat group behind EnemyBot, Keksec, is well-resourced and has the ability to update and add new capabilities to its arsenal of malware on a daily basis (see below for more detail on Keksec)", + "meta": { + "refs": [ + "https://www.fortinet.com/blog/threat-research/enemybot-a-look-into-keksecs-latest-ddos-botnet", + "https://www.cybersecurity-insiders.com/rapidly-evolving-iot-malware-enemybot-now-targeting-content-management-system-servers-and-android-devices/?utm_source=rss&utm_medium=rss&utm_campaign=rapidly-evolving-iot-malware-enemybot-now-targeting-content-management-system-servers-and-android-devices", + "https://blog.netlab.360.com/necro-upgrades-again-using-tor-dynamic-domain-dga-and-aiming-at-both-windows-linux/", + "https://blog.netlab.360.com/gafgtyt_tor-and-necro-are-on-the-move-again/" + ] + }, + "uuid": "39ef9941-4f9c-4807-ab10-88e863ce7953", + "value": "Keksec" } ], "version": 288