MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

add downAndExec

pull/149/head
Deborah Servili 2018-01-15 15:00:25 +01:00
parent 8c1583b962
commit 8c5eb9e957
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
clusters/banker.json
View File

@ -502,9 +502,18 @@
"https://objective-see.com/blog/blog_0x25.html#Dok"
]
}
},
{
"value": "downAndExec",
"description": "Services like Netflix use content delivery networks (CDNs) to maximize bandwidth usage as it gives users greater speed when viewing the content, as the server is close to them and is part of the Netflix CDN. This results in faster loading times for series and movies, wherever you are in the world. But, apparently, the CDNs are starting to become a new way of spreading malware. The attack chain is very extensive, and incorporates the execution of remote scripts (similar in some respects to the recent “fileless” banking malware trend), plus the use of CDNs for command and control (C&C), and other standard techniques for the execution and protection of malware.",
"meta": {
"refs": [
"https://www.welivesecurity.com/2017/09/13/downandexec-banking-malware-cdns-brazil/"
]
}
}
],
"version": 6,
"version": 7,
"uuid": "59f20cce-5420-4084-afd5-0884c0a83832",
"description": "A list of banker malware.",
"authors": [