Poisoned torrents
The technique of threat actors deploying torrent files onto torrent sites that are pre-infected with malware has not been widely seen before, especially with respect to BitTorrent-types of attack.
This behavior is difficult to trace and track and is indiscriminate in its infection pattern unless it has some means of targeting desired demographics.
Malware/Threat actors
| Name | Type | Years | Source |
|---|---|---|---|
| Jaku | malware | 2015-2016 | report_jaku_analysis_of_botnet_campaign_en_0.pdf
|
| APT37 | threat actor | 2014-2017 | rpt_APT37.pdf
|
| Dukes | ThreatActor | 2008-2015 | dukes_whitepaper.pdf
|
| OnionDuke | < threat actor/malware > | 2003-2015 | ICIT-Brief-Know-Your-Enemies-2.0.pdf
|
| DarkHotel | threat actor | 2007-2012 | stamp.jsp?tp=&arnumber=7460498&tag=1
|
| GRIZZLY STEPPE | threat actor | 2015-2018 | GRIZZLY-STEPPE-Russian-Malicious-Cyber-Activity
AR-17-20045_Enhanced_Analysis_of_GRIZZLY_STEPPE_Activity.pdf |
Preventions
<Mitigation techniques>
Detections
<Detection techniques>
Toolkit
<Toolkit instructions, if applicable>
Similar techniques
References
[<Source name>](<Source link>)