Update mitre-tool.json

2019-02-26 12:06:27 -05:00 · 2019-02-26 12:06:27 -05:00 · 7b2d3107c8
parent f7367ef887
commit 7b2d3107c8
1 changed files with 40 additions and 0 deletions
--- a/clusters/mitre-tool.json
+++ b/clusters/mitre-tool.json
@ -2606,6 +2606,46 @@
      ],
      "uuid": "da21929e-40c0-443d-bdf4-6b60d15448b4",
      "value": "Xbot - S0298"
+    },
+    {
+      "description": "The first Brushaloader campaign that caught our attention was back in August 2018. It was initially notable because it was only using Polish language emails targeting Polish victims. Although it is common to see threats target users in multiple languages, attackers typically don't target a single European country. Below is a sample of one of the emails from that initial campaign and shows the characteristics that we would come to expect from Brushaloader: a RAR attachment containing a Visual Basic script that results in a Brushaloader infection ending in the eventual download and execution of Danabot.[[Citation: Palo Alto menuPass Feb 2017]]]",
+      "meta": {
+        "uuid": "2ad2441e-3913-11e9-b210-d663bd873d93",
+        "refs": [
+          "https://blog.talosintelligence.com/2019/02/combing-through-brushaloader.html"
+                ]
+      },
+      "value": "Bushloader"
+    },
+    {
+      "description": "Icloader is a generic malware that largely behaves like adware. The samples are packed and have evasive checks to hinder the analysis and conceal the real activities. This family can inject code in the address space of other processes and upload files to a remote server.[[Citation: Threat Roundup for Feb. 15 to Feb. 22]]]",
+      "meta": {
+        "uuid": "3b880ee6-3914-11e9-b210-d663bd873d93",
+        "refs": [
+          "https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html"
+                ]
+      },
+      "value": "Icloader"
+    },  
+    {
+      "description": "ATM Malware. Automation of all kinds is there to help people with their routine work, make it faster and simpler. Although ATM fraud is a very peculiar sort of work, some cybercriminals spend a lot of effort to automate it. In March 2018, we came across a fairly simple but effective piece of malware named WinPot. It was created to make ATMs by a popular ATM vendor to automatically dispense all cash from their most valuable cassettes. We called it ATMPot.[[Citation: Kaspersky Lab]]",
+      "meta": {
+        "uuid": "5e48ce90-390d-11e9-924b-d663bd873d93",
+        "refs": [
+          "https://securelist.com/atm-robber-winpot/89611/"
+              ]
+      },
+      "value": "WinPot"
+    },
+    {
+      "description": "Segurança Informática (SI) Lab identified infection attempts aimed to install Muncy malware directed to the DHL shipment notifications. The malicious email messages contained a particular trojan spreading via phishing campaigns tailored to lure victims. [[Citation: SI-LAB The Muncy malware is on the rise]]]",
+      "meta": {
+        "uuid": "07ff6618-3915-11e9-b210-d663bd873d93",
+        "refs": [
+          "https://seguranca-informatica.pt/si-lab-the-muncy-malware-is-on-the-rise/#.XHQOLIhKiUm"
+                ]
+      },
+      "value": "Muncy"
    }
  ],
  "version": 10