misp-galaxy/clusters/backdoor.json

{
  "authors": [
    "raw-data"
  ],
  "description": "A list of backdoor malware.",
  "name": "Backdoor",
  "source": "Open Sources",
  "type": "backdoor",
  "uuid": "75436e27-cb57-4f32-bf1d-9636dd78a2bf",
  "values": [
    {
      "description": "Cross-platform malware written in Golang, compatible with Linux and Windows. Although there are some minor differences, both variants have the same functionality. The malware communicates with a CnC server using HTTP requests and performs functions based on the received commands. Results of command execution are sent in HTTP POST requests data (RSA-encrypted). Main functionalities are: (1) Execute arbitrary shell commands, (2) Upload/Download files. The PE variant of the infection, in addition, executes PowerShell scripts. A .Net version was also observed in the wild.",
      "meta": {
        "date": "July 2018.",
        "refs": [
          "https://blog.jpcert.or.jp/2018/07/malware-wellmes-9b78.html"
        ]
      },
      "uuid": "e0e79fab-0f1d-4fc2-b424-208cb019a9cd",
      "value": "WellMess"
    }
  ],
  "version": 1
}
[add] new backdoor galaxy and cluster 2018-07-06 19:09:52 +00:00			`{`
no change: dump files with sort_keys=True This is needed to keep better track of the changes when other tools load and save the json files. 2018-08-13 15:06:29 +00:00			`"authors": [`
			`"raw-data"`
			`],`
[add] new backdoor galaxy and cluster 2018-07-06 19:09:52 +00:00			`"description": "A list of backdoor malware.",`
no change: dump files with sort_keys=True This is needed to keep better track of the changes when other tools load and save the json files. 2018-08-13 15:06:29 +00:00			`"name": "Backdoor",`
[add] new backdoor galaxy and cluster 2018-07-06 19:09:52 +00:00			`"source": "Open Sources",`
no change: dump files with sort_keys=True This is needed to keep better track of the changes when other tools load and save the json files. 2018-08-13 15:06:29 +00:00			`"type": "backdoor",`
			`"uuid": "75436e27-cb57-4f32-bf1d-9636dd78a2bf",`
[add] new backdoor galaxy and cluster 2018-07-06 19:09:52 +00:00			`"values": [`
			`{`
no change: dump files with sort_keys=True This is needed to keep better track of the changes when other tools load and save the json files. 2018-08-13 15:06:29 +00:00			"description": "Cross-platform malware written in Golang, compatible with Linux and Windows. Although there are some minor differences, both variants have the same functionality. The malware communicates with a CnC server using HTTP requests and performs functions based on the received commands. Results of command execution are sent in HTTP POST requests data (RSA-encrypted). Main functionalities are: (1) Execute arbitrary shell commands, (2) Upload/Download files. The PE variant of the infection, in addition, executes PowerShell scripts. A .Net version was also observed in the wild.",
[add] new backdoor galaxy and cluster 2018-07-06 19:09:52 +00:00			`"meta": {`
			`"date": "July 2018.",`
			`"refs": [`
			`"https://blog.jpcert.or.jp/2018/07/malware-wellmes-9b78.html"`
			`]`
			`},`
no change: dump files with sort_keys=True This is needed to keep better track of the changes when other tools load and save the json files. 2018-08-13 15:06:29 +00:00			`"uuid": "e0e79fab-0f1d-4fc2-b424-208cb019a9cd",`
			`"value": "WellMess"`
[add] new backdoor galaxy and cluster 2018-07-06 19:09:52 +00:00			`}`
			`],`
no change: dump files with sort_keys=True This is needed to keep better track of the changes when other tools load and save the json files. 2018-08-13 15:06:29 +00:00			`"version": 1`
[add] new backdoor galaxy and cluster 2018-07-06 19:09:52 +00:00			`}`