From f595195cd2b6aba9d9bed69d3aab5e652b35147f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=BCrgen=20L=C3=B6hel?= <juergen.loehel@inlyse.com>
Date: Tue, 15 Nov 2022 18:10:39 -0600
Subject: [PATCH] chg: [botnets] Adds KmsdBot
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
---
 clusters/botnet.json | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/clusters/botnet.json b/clusters/botnet.json
index df6dea58..19a421d2 100644
--- a/clusters/botnet.json
+++ b/clusters/botnet.json
@@ -1383,7 +1383,17 @@
       ],
       "uuid": "505c6a54-a701-4a4b-85d4-0f2038b7b46a",
       "value": "Dark.IoT"
+    },
+    {
+      "description": "Akamai Security Research has observed a new golang malware which they named KmsdBot. The malware scans for open SSH ports and performs a simple dictionary attack against it. The researchers from Akamai monitored only DDoS activity, but discovered also the functionality to launch cryptomining. The malware has varied targets including the gaming industry, technology industry, and luxury car manufacturers.",
+      "meta": {
+        "refs": [
+          "https://www.akamai.com/blog/security-research/kmdsbot-the-attack-and-mine-malware"
+        ]
+      },
+      "uuid": "b6919400-9b16-48ae-8379-fab26a506e32",
+      "value": "KmsdBot"
     }
   ],
-  "version": 28
+  "version": 29
 }