Merge pull request #274 from Delta-Sierra/master

Refs updates
2018-10-04 17:24:57 +02:00 · 2018-10-04 17:24:57 +02:00 · ecba2dbdbf
parent 276992f180 7cf37a57f1
commit ecba2dbdbf
3 changed files with 20 additions and 7 deletions
--- a/clusters/botnet.json
+++ b/clusters/botnet.json
@ -893,13 +893,24 @@
    },
    {
      "value": "Torii",
-      "description": " we have been observing a new malware strain, which we call Torii, that differs from Mirai and other botnets we know of, particularly in the advanced techniques it uses.",
+      "description": " we have been observing a new malware strain, which we call Torii, that differs from Mirai and other botnets we know of, particularly in the advanced techniques it uses. The developers of the botnet seek wide coverage and for this purpose they created binaries for multiple CPU architectures, tailoring the malware for stealth and persistence.",
      "meta": {
        "refs": [
-          "https://blog.avast.com/new-torii-botnet-threat-research"
+          "https://blog.avast.com/new-torii-botnet-threat-research",
+          "https://www.bleepingcomputer.com/news/security/new-iot-botnet-torii-uses-six-methods-for-persistence-has-no-clear-purpose/"
        ]
      }
+    },
+    {
+      "value": "Persirai",
+      "description": "A new Internet of Things (IoT) botnet called Persirai (Detected by Trend Micro as ELF_PERSIRAI.A) has been discovered targeting over 1,000 Internet Protocol (IP) Camera models based on various Original Equipment Manufacturer (OEM) products. This development comes on the heels of Mirai—an open-source backdoor malware that caused some of the most notable incidents of 2016 via Distributed Denial-of-Service (DDoS) attacks that compromised IoT devices such as Digital Video Recorders (DVRs) and CCTV cameras—as well as the Hajime botnet.",
+      "meta": {
+        "refs": [
+          "https://blog.trendmicro.com/trendlabs-security-intelligence/persirai-new-internet-things-iot-botnet-targets-ip-cameras/"
+        ]
+      },
+      "uuid": "e3e91fe2-c7ce-11e8-8e85-6bc15cd2a63c"
    }
  ],
-  "version": 13
+  "version": 15
 }
--- a/clusters/rat.json
+++ b/clusters/rat.json
@ -407,7 +407,8 @@
      "meta": {
        "date": "2003",
        "refs": [
-          "http://securityaffairs.co/wordpress/54837/hacking/one-stop-shop-hacking.html"
+          "http://securityaffairs.co/wordpress/54837/hacking/one-stop-shop-hacking.html",
+          "https://www.bleepingcomputer.com/news/security/zoho-heavily-used-by-keyloggers-to-transmit-stolen-data/"
        ]
      },
      "uuid": "8414f79c-a879-44b6-b154-4992aa12dff1",
@ -2940,5 +2941,5 @@
      "uuid": "5d0369ee-c718-11e8-b328-035ed1bdca07"
    }
  ],
-  "version": 17
+  "version": 18
 }
--- a/clusters/tool.json
+++ b/clusters/tool.json
@ -4437,7 +4437,8 @@
      "description": "Agent Tesla is modern powerful keystroke logger. It provides monitoring your personel computer via keyboard and screenshot. Keyboard, screenshot and registered passwords are sent in log. You can receive your logs via e-mail, ftp or php(web panel). ",
      "meta": {
        "refs": [
-          "https://www.agenttesla.com/"
+          "https://www.agenttesla.com/",
+          "https://www.bleepingcomputer.com/news/security/zoho-heavily-used-by-keyloggers-to-transmit-stolen-data/"
        ]
      },
      "uuid": "f8cd62cb-b9d3-4352-8f46-0961cfde104c",
@ -5875,5 +5876,5 @@
      "uuid": "8a2ae47a-c7b2-11e8-b223-ab4d8f78f3ef"
    }
  ],
-  "version": 91
+  "version": 92
 }