MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

add several refs

pull/286/head
Deborah Servili 2018-10-15 11:33:37 +02:00
parent 8d0c87c830
commit c134035a6d
No known key found for this signature in database
GPG Key ID: 7E3A832850D4D7D1
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
clusters/tool.json
View File

@ -4895,7 +4895,8 @@
"description": "Talos has discovered an unknown Remote Administration Tool that we believe has been in use for over 3 years. During this time it has managed to avoid scrutiny by the security community. The current version of the malware allows the operator to steal files, keystrokes, perform screenshots, and execute arbitrary code on the infected host. Talos has named this malware KONNI. \nThroughout the multiple campaigns observed over the last 3 years, the actor has used an email attachment as the initial infection vector. They then use additional social engineering to prompt the target to open a .scr file, display a decoy document to the users, and finally execute the malware on the victim's machine. The malware infrastructure of the analysed samples was hosted by a free web hosting provider: 000webhost. The malware has evolved over time. In this article, we will analyse this evolution:",
"meta": {
"refs": [
"http://blog.talosintelligence.com/2017/05/konni-malware-under-radar-for-years.html"
"http://blog.talosintelligence.com/2017/05/konni-malware-under-radar-for-years.html",
"https://www.bleepingcomputer.com/news/security/report-ties-north-korean-attacks-to-new-malware-linked-by-word-macros/"
]
},
"related": [