From f7367ef887915d13a6353406f80ed4720a911b67 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Sat, 23 Feb 2019 09:25:14 +0100 Subject: [PATCH] chg: [tool] Xbash description updated --- clusters/tool.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/clusters/tool.json b/clusters/tool.json index 7dc0272..7fe9fe4 100644 --- a/clusters/tool.json +++ b/clusters/tool.json @@ -7220,7 +7220,7 @@ "value": "NotPetya" }, { - "description": "Xbash is a malware family that is targeting Linux and Microsoft Windows servers. We can tie this malware, which we have named Xbash, to the Iron Group, a threat actor group known for previous ransomware attacks.", + "description": "Xbash is a malware family that is targeting Linux and Microsoft Windows servers. We can tie this malware, which we have named Xbash, to the Iron Group, a threat actor group known for previous ransomware attacks. Xbash was developed using Python and converted into self-contained Linux ELF executables by abusing the legitimate tool PyInstaller for distribution. Xbash aimed on discovering unprotected services, deleting victim’s MySQL, PostgreSQL and MongoDB databases, and ransom for Bitcoins. Linux based systems are targeted for ransomware and botnet capabilities. The ransomware targets and deletes linux databases and there is no evidence of any functionality that makes recovery even possible by payment the ransom. Where as, windows based systems are targeted for coinmining & self-propagating capabilities. Xbash spreads by attacking weak passwords and unpatched vulnerabilities.", "meta": { "refs": [ "https://researchcenter.paloaltonetworks.com/2018/09/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows/" @@ -7554,5 +7554,5 @@ "value": "BabyShark" } ], - "version": 110 + "version": 111 }