Merge pull request #191 from Delta-Sierra/master

add Rovnix
MISP · Apr 11, 2018 · ccae073 · ccae073
2 parents 0eabb83 + 1a18ffb
commit ccae073
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 2 deletions.
diff --git a/clusters/banker.json b/clusters/banker.json
@@ -514,7 +514,8 @@
       "meta": {
         "refs": [
           "https://www.bleepingcomputer.com/news/security/new-icedid-banking-trojan-discovered/",
-          "https://securityintelligence.com/new-banking-trojan-icedid-discovered-by-ibm-x-force-research/"
+          "https://securityintelligence.com/new-banking-trojan-icedid-discovered-by-ibm-x-force-research/",
+          "http://blog.talosintelligence.com/2018/04/icedid-banking-trojan.html"
         ],
         "date": "Discovered in September 2017"
       },

diff --git a/clusters/tool.json b/clusters/tool.json
@@ -11,7 +11,7 @@
   ],
   "description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
   "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
-  "version": 62,
+  "version": 63,
   "values": [
     {
       "meta": {
@@ -4126,6 +4126,19 @@
         ]
       },
       "uuid": "8c0a7e1e-3cc4-11e8-8f03-2f71e72f737b"
+    },
+    {
+      "value": "Rovnix",
+      "description": "We recently found that the malware family ROVNIX is capable of being distributed via macro downloader. This malware technique was previously seen in the DRIDEX malware, which was notable for using the same routines. DRIDEX is also known as the successor of the banking malware CRIDEX.",
+      "meta": {
+        "refs": [
+          "https://blog.trendmicro.com/trendlabs-security-intelligence/rovnix-infects-systems-with-password-protected-macros/"
+        ],
+        "synonyms": [
+          "ROVNIX"
+        ]
+      },
+      "uuid": "a4036a28-3d94-11e8-ad9f-97ada3c6d5fb"
     }
   ]
 }