Merge pull request #393 from Delta-Sierra/master

add AESDDoS Botnet and JasperLoader
2019-05-02 16:48:55 +02:00 · 2019-05-02 16:48:55 +02:00 · 20007e7b7c
parent d309c3bf7e dda2ede5f2
commit 20007e7b7c
2 changed files with 22 additions and 2 deletions
--- a/clusters/botnet.json
+++ b/clusters/botnet.json
@ -1147,7 +1147,17 @@
      },
      "uuid": "f387e30a-dc48-11e8-b9f4-370bc63008bf",
      "value": "Chalubo"
+    },
+    {
+      "description": "Our honeypot sensors recently detected an AESDDoS botnet malware variant (detected by Trend Micro as Backdoor.Linux.AESDDOS.J) exploiting a server-side template injection vulnerability (CVE-2019-3396) in the Widget Connector macro in Atlassian Confluence Server, a collaboration software program used by DevOps professionals.",
+      "meta": {
+        "refs": [
+          "https://blog.trendmicro.com/trendlabs-security-intelligence/aesddos-botnet-malware-exploits-cve-2019-3396-to-perform-remote-code-execution-ddos-attacks-and-cryptocurrency-mining/"
+        ]
+      },
+      "uuid": "809d100b-d46d-40f4-b498-5371f46bb9d6",
+      "value": "AESDDoS"
    }
  ],
-  "version": 19
+  "version": 20
 }
--- a/clusters/tool.json
+++ b/clusters/tool.json
@ -7660,7 +7660,17 @@
      },
      "uuid": "50baa4dc-0667-4b47-b4aa-374a2743f409",
      "value": "Cowboy"
+    },
+    {
+      "description": "JasperLoader employs a multi-stage infection process that features several obfuscation techniques that make analysis more difficult. It appears that this loader was designed with resiliency and flexibility in mind, as evidenced in later stages of the infection process. ",
+      "meta": {
+        "refs": [
+          "https://blog.talosintelligence.com/2019/04/jasperloader-targets-italy.html?m=1"
+        ]
+      },
+      "uuid": "d8de6b56-9950-4389-83b8-4fc3262dc4c9",
+      "value": "JasperLoader"
    }
  ],
-  "version": 118
+  "version": 119
 }