From e3d88f45c6b6895161cea3ae7519e97c185de3ad Mon Sep 17 00:00:00 2001
From: Delta-Sierra <deborah.servili@gmail.com>
Date: Tue, 13 Sep 2022 13:35:55 +0200
Subject: [PATCH] add Dark.IoT

---
 clusters/botnet.json | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/clusters/botnet.json b/clusters/botnet.json
index dd9f867a..df6dea58 100644
--- a/clusters/botnet.json
+++ b/clusters/botnet.json
@@ -1364,7 +1364,26 @@
       ],
       "uuid": "421a3805-7741-4315-82c2-6c9aa30d0953",
       "value": "Qbot"
+    },
+    {
+      "description": "This malware is characterized by alternative DNS connections and connects to several *.lib domains using custom DNS servers.",
+      "meta": {
+        "refs": [
+          "https://www.lacework.com/blog/kinsing-dark-iot-botnet-among-threats-targeting-cve-2022-26134/"
+        ]
+      },
+      "related": [
+        {
+          "dest-uuid": "fcdfd4af-da35-49a8-9610-19be8a487185",
+          "tags": [
+            "estimative-language:likelihood-probability=\"likely\""
+          ],
+          "type": "variant-of"
+        }
+      ],
+      "uuid": "505c6a54-a701-4a4b-85d4-0f2038b7b46a",
+      "value": "Dark.IoT"
     }
   ],
-  "version": 27
+  "version": 28
 }