MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #149 from Delta-Sierra/master 

add downAndExec
pull/151/head
Alexandre Dulaunoy 2018-01-15 15:04:16 +01:00 committed by GitHub
parent 5a8caae6b5 8c5eb9e957
commit 2c31d8d215
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
clusters/banker.json
View File

@ -502,9 +502,18 @@
"https://objective-see.com/blog/blog_0x25.html#Dok"
]
}
},
{
"value": "downAndExec",
"description": "Services like Netflix use content delivery networks (CDNs) to maximize bandwidth usage as it gives users greater speed when viewing the content, as the server is close to them and is part of the Netflix CDN. This results in faster loading times for series and movies, wherever you are in the world. But, apparently, the CDNs are starting to become a new way of spreading malware. The attack chain is very extensive, and incorporates the execution of remote scripts (similar in some respects to the recent “fileless” banking malware trend), plus the use of CDNs for command and control (C&C), and other standard techniques for the execution and protection of malware.",
"meta": {
"refs": [
"https://www.welivesecurity.com/2017/09/13/downandexec-banking-malware-cdns-brazil/"
]
}
}
],
"version": 6,
"version": 7,
"uuid": "59f20cce-5420-4084-afd5-0884c0a83832",
"description": "A list of banker malware.",
"authors": [