Update mitre_malware.json

2019-02-25 13:27:37 -05:00 · 2019-02-25 13:27:37 -05:00 · 56002f39a6
parent 17cef1f580
commit 56002f39a6
1 changed files with 74 additions and 0 deletions
--- a/clusters/mitre_malware.json
+++ b/clusters/mitre_malware.json
@ -1656,6 +1656,80 @@
      },
      "value": "CAYOSIN"
    },
+    {
+      "description": "Cryptocurrency-mining malware affecting Linux systems. It is notable for being bundled with a rootkit component that hides the malicious process’ presence from monitoring tools. This makes it difficult to detect, as infected systems will only indicate performance issues. The malware is also capable of updating and upgrading itself and its configuration file. [[Citation: TrendMicro Cryptocurrency-mining Malware Targets Linux Systems, Uses Rootkit for Stealth]]]",
+      "meta": {
+        "uuid": "4858f22e-3924-11e9-b210-d663bd873d93",
+        "refs": [
+          "https://blog.trendmicro.com/trendlabs-security-intelligence/linux-coin-miner-copied-scripts-from-korkerds-removes-all-other-malware-and-miners/",
+		  "https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/cryptocurrency-mining-malware-targets-linux-systems-uses-rootkit-for-stealth?_ga=2.122843979.1999523329.1551112017-1726641427.1537884492"
+                ]
+      	},
+      "value": "KORKERDS"
+    },	  
+    {
+      "description": "SoftPulse is an adware that installs malicious software, leverages anti-virtual machine techniques and may access potentially sensitive information from local browsers. [[Citation: Cisco Talos - Threat Roundup for Feb. 1 to Feb. 8]]]",
+      "meta": {
+        "uuid": "318574ae-3925-11e9-b210-d663bd873d93",
+        "refs": [
+          "https://blog.talosintelligence.com/2019/02/threat-roundup-0201-0208.html"
+                ]
+      	},
+      "value": "Softpulse"
+    },
+    {
+      "description": "PUA.Win.Trojan.00519ead is the denomination of a set of malicious adware samples that could leverage the AppInit DLL technique to achieve persistence and perform several DNS queries. [[Citation: Cisco Talos - Threat Roundup for Feb. 8 to Feb. 15]]]",
+      "meta": {
+        "uuid": "31857724-3925-11e9-b210-d663bd873d93",
+        "refs": [
+          "https://blog.talosintelligence.com/2019/02/threat-roundup-0201-0208.html"
+                ]
+      	},
+      "value": "00519ead"
+    },
+    {
+      "description": "This cluster includes .NET adware samples capable of code injection, opening a port to listen for incoming connections, disabling system restore, modifying files inside system directories, contacting blacklisted domains, modifying the registry and, in some cases, even copying itself to USB drives. [[Citation: Cisco Talos - Threat Roundup for Feb. 8 to Feb. 15]]]",
+      "meta": {
+        "uuid": "3185788c-3925-11e9-b210-d663bd873d93",
+        "refs": [
+          "https://blog.talosintelligence.com/2019/02/threat-roundup-0201-0208.html"
+               	]
+      	},
+      "value": "Sanctionedmedia"
+    },
+    {
+      "description": "The SpeakUp backdoor leverages known vulnerabilities in six different Linux distros, it is also able to infect Mac systems. The Trojan spread by exploiting remote code execution flaw and for the initial infection hackers leverage recently disclosed flaw in ThinkPHP (CVE-2018-20062).  [[Citation: CheckPoint - SpeakUp Linux Backdoor targets Linux servers in East Asia and LATAM.]]]",
+      "meta": {
+        "uuid": "4fa65880-3926-11e9-b210-d663bd873d93",
+        "refs": [
+          "https://securityaffairs.co/wordpress/80706/malware/speakup-backdoor.html"
+                ]
+      },
+      "value": "SpeakUp"
+    },	 
+    {
+      "description": "ExileRAT is a simple RAT platform capable of getting information on the system (computer name, username, listing drives, network adapter, process name), getting/pushing files and executing/terminating processes. [[Citation: Cisco Talos - ExileRAT shares C2 with LuckyCat, targets Tibet]]]",
+      "meta": {
+        "uuid": "e6ebdea4-3926-11e9-b210-d663bd873d93",
+        "refs": [
+          "https://blog.talosintelligence.com/2019/02/exilerat-shares-c2-with-luckycat.html"
+                ]
+      	},
+      "value": "ExileRAT"
+    },
+    {
+      "description": "Ircbot, also known as Eldorado, is known for injecting into processes, spreading to removable media, and gaining execution via Autorun.inf files. [[Citation: Cisco Talos - Threat Roundup for Jan. 25 to Feb. 1]]]",
+      "meta": {
+        "uuid": "67ec994c-3929-11e9-b210-d663bd873d93",
+        "refs": [
+          "https://blog.talosintelligence.com/2019/02/threat-roundup-0125-0201.html"
+                ],
+		"synonyms" :[
+		"Eldorado"
+		]
+      },
+      "value": "Ircbot"
+    },
    {
      "description": "ATM Malware. Automation of all kinds is there to help people with their routine work, make it faster and simpler. Although ATM fraud is a very peculiar sort of work, some cybercriminals spend a lot of effort to automate it. In March 2018, we came across a fairly simple but effective piece of malware named WinPot. It was created to make ATMs by a popular ATM vendor to automatically dispense all cash from their most valuable cassettes. We called it ATMPot.[[Citation: Kaspersky Lab]]",
      "meta": {