new threat actors & tools

2018-10-01 11:52:40 +02:00 · 2018-10-01 11:52:40 +02:00 · 35582f7ed5
parent 3649e03ad5
commit 35582f7ed5
2 changed files with 42 additions and 2 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -5880,7 +5880,27 @@
        ]
      },
      "uuid": "6c79bd1a-bfde-11e8-8c33-db4d9968671a"
+    },
+    {
+      "value": "MageCart",
+      "description": "Digital threat management company RiskIQ tracks the activity of MageCart group and reported their use of web-based card skimmers since 2016.",
+      "meta": {
+        "refs": [
+          "https://www.bleepingcomputer.com/news/security/british-airways-fell-victim-to-card-scraping-attack/"
+        ]
+      },
+      "uuid": "0768fd50-c547-11e8-9aa5-776183769eab"
+    },
+    {
+      "value": "Domestic Kitten",
+      "description": "An extensive surveillance operation targets specific groups of individuals with malicious mobile apps that collect sensitive information on the device along with surrounding voice recordings. Researchers with CheckPoint discovered the attack and named it Domestic Kitten. The targets are Kurdish and Turkish natives, and ISIS supporters, all Iranian citizens.",
+      "meta": {
+        "refs": [
+          "https://www.bleepingcomputer.com/news/security/domestic-kitten-apt-operates-in-silence-since-2016/"
+        ]
+      },
+      "uuid": "dda1b28e-c558-11e8-8666-27cf61d1d7ee"
    }
  ],
-  "version": 66
+  "version": 67
 }
--- a/clusters/tool.json
+++ b/clusters/tool.json
@ -5819,7 +5819,27 @@
        ]
      },
      "uuid": "https://www.bleepingcomputer.com/news/security/apt28-uses-lojax-first-uefi-rootkit-seen-in-the-wild/"
+    },
+    {
+      "value": "Chainshot",
+      "description": "The new piece of malware, which received the name Chainshot, is used in the early stages of an attack to activate a downloader for the final payload in a malicious chain reaction.",
+      "meta": {
+        "refs": [
+          "https://www.bleepingcomputer.com/news/security/new-chainshot-malware-found-by-cracking-512-bit-rsa-key/"
+        ]
+      },
+      "uuid": "a032460e-c54c-11e8-9965-43b7b6469a65"
+    },
+    {
+      "value": "CroniX",
+      "description": "The researchers named this campaign CroniX, a moniker that derives from the malware's use of Cron to achieve persistence and Xhide to launch executables with fake process names. The cryptocurrency minted on victim's computers is Monero (XMR), the coin of choice in cryptojacking activities. To make sure that rival activity does not revive, CroniX deletes the binaries of other cryptominers present on the system. Another action CroniX takes to establish supremacy on the machine is to check the names of the processes and kill those that swallow 60% of the CPU or more.",
+      "meta": {
+        "refs": [
+          "https://www.bleepingcomputer.com/news/security/cronix-cryptominer-kills-rivals-to-reign-supreme/"
+        ]
+      },
+      "uuid": "55d29d1c-c550-11e8-9904-47c1d86af7c5"
    }
  ],
-  "version": 88
+  "version": 89
 }