MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

add hajime botnet

pull/182/head
Deborah Servili 2018-04-04 14:41:57 +02:00
parent a78972e0ac
commit 572404dcc7
1 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
clusters/botnet.json
View File

@ -45,7 +45,7 @@
},
{
"value": "Torpig",
"description": "Torpig, also known as Anserin or Sinowal is a type of botnet spread through systems compromised by the Mebroot rootkit by a variety of trojan horses for the purpose of collecting sensitive personal and corporate data such as bank account and credit card information. It targets computers that use Microsoft Windows, recruiting a network of zombies for the botnet. Torpig circumvents antivirus software through the use of rootkit technology and scans the infected system for credentials, accounts and passwords as well as potentially allowing attackers full access to the computer. It is also purportedly capable of modifying data on the computer, and can perform man-in-the-browser attacks.",
"description": "Torpig, also known as Anserin or Sinowal is a type of botnet spread through systems compromised by the Mebroot rootkit by a variety of trojan horses for the purpose of collecting sensitive personal and corporate data such as bank account and credit card information. It targets computers that use Microsoft Windows, recruiting a network of zombies for the botnet. Torpig circumvents antivirus software through the use of rootkit technology and scans the infected system for credentials, accounts and passwords as well as potentially allowing attackers full access to the computer. It is also purportedly capable of modifying data hajimeon the computer, and can perform man-in-the-browser attacks.",
"meta": {
"refs": [
"https://en.wikipedia.org/wiki/Torpig"
@ -529,6 +529,18 @@
"date": "April 2017"
},
"uuid": "3d7c771b-b175-41c9-8ba1-904ef29715fa"
},
{
"value": "Hajime",
"description": "Hajime (meaning beginning in Japanese) is an IoT worm that was first mentioned on 16 October 2016 in a public report by RapidityNetworks. One month later we saw the first samples being uploaded from Spain to VT. This worm builds a huge P2P botnet (almost 300,000 devices at the time of publishing this blogpost), but its real purpose remains unknown. ",
"meta": {
"refs": [
"https://www.bleepingcomputer.com/news/security/hajime-botnet-makes-a-comeback-with-massive-scan-for-mikrotik-routers/",
"https://en.wikipedia.org/wiki/Hajime_(malware)",
"https://securelist.com/hajime-the-mysterious-evolving-botnet/78160/"
]
},
"uuid": "383fd414-3805-11e8-ac12-c7b5af38ff67"
}
],
"name": "Botnet",