Merge pull request #191 from Delta-Sierra/master

add Rovnix
2018-04-11 16:41:18 +02:00 · 2018-04-11 16:41:18 +02:00 · ccae073d1c
parent 0eabb833de 1a18ffb3eb
commit ccae073d1c
2 changed files with 16 additions and 2 deletions
--- a/clusters/banker.json
+++ b/clusters/banker.json
@ -514,7 +514,8 @@
      "meta": {
        "refs": [
          "https://www.bleepingcomputer.com/news/security/new-icedid-banking-trojan-discovered/",
-          "https://securityintelligence.com/new-banking-trojan-icedid-discovered-by-ibm-x-force-research/"
+          "https://securityintelligence.com/new-banking-trojan-icedid-discovered-by-ibm-x-force-research/",
+          "http://blog.talosintelligence.com/2018/04/icedid-banking-trojan.html"
        ],
        "date": "Discovered in September 2017"
      },
--- a/clusters/tool.json
+++ b/clusters/tool.json
@ -11,7 +11,7 @@
  ],
  "description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
  "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
-  "version": 62,
+  "version": 63,
  "values": [
    {
      "meta": {
@ -4126,6 +4126,19 @@
        ]
      },
      "uuid": "8c0a7e1e-3cc4-11e8-8f03-2f71e72f737b"
+    },
+    {
+      "value": "Rovnix",
+      "description": "We recently found that the malware family ROVNIX is capable of being distributed via macro downloader. This malware technique was previously seen in the DRIDEX malware, which was notable for using the same routines. DRIDEX is also known as the successor of the banking malware CRIDEX.",
+      "meta": {
+        "refs": [
+          "https://blog.trendmicro.com/trendlabs-security-intelligence/rovnix-infects-systems-with-password-protected-macros/"
+        ],
+        "synonyms": [
+          "ROVNIX"
+        ]
+      },
+      "uuid": "a4036a28-3d94-11e8-ad9f-97ada3c6d5fb"
    }
  ]
 }