diff --git a/clusters/botnet.json b/clusters/botnet.json index b763c404..7bf90bdb 100644 --- a/clusters/botnet.json +++ b/clusters/botnet.json @@ -2,7 +2,7 @@ "description": "botnet galaxy", "uuid": "a91732f4-164a-11e8-924a-ffd4097eb03f", "source": "MISP Project", - "version": 5, + "version": 6, "values": [ { "meta": { @@ -617,6 +617,18 @@ "description": "The bot gathers information from the infected system through WMI queries (SerialNumber, SystemDrive, operating system, processor architecture), which it then sends back to a remote attacker. It installs a backdoor giving an attacker the possibility to run command such as: download a file, update itself, visit a website and perform HTTP, SYN, UDP flooding", "value": "Pontoeb", "uuid": "bc60de19-27a5-4df8-a835-70781b923125" + }, + { + "meta": { + "refs": [ + "https://www.bleepingcomputer.com/news/security/trik-spam-botnet-leaks-43-million-email-addresses/" + ], + "synonyms": [ + "Trik Trojan" + ] + }, + "value": "Trik Spam Botnet", + "uuid": "c68d5e64-7485-11e8-8625-2b14141f0501" } ], "authors": [ diff --git a/clusters/ransomware.json b/clusters/ransomware.json index d7ccf5e9..39a82cf7 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -7966,7 +7966,8 @@ "samsam.exe", "MIKOPONI.exe", "RikiRafael.exe", - "showmehowto.exe" + "showmehowto.exe", + "SamSam Ransomware" ], "extensions": [ ".encryptedAES", @@ -8014,7 +8015,8 @@ "refs": [ "https://download.bleepingcomputer.com/demonslay335/SamSamStringDecrypter.zip", "http://blog.talosintel.com/2016/03/samsam-ransomware.html", - "http://www.intelsecurity.com/advanced-threat-research/content/Analysis_SamSa_Ransomware.pdf" + "http://www.intelsecurity.com/advanced-threat-research/content/Analysis_SamSa_Ransomware.pdf", + "https://www.bleepingcomputer.com/news/security/new-samsam-variant-requires-special-password-before-infection/" ] }, "uuid": "731e4a5e-35f2-47b1-80ba-150b95fdc14d"