diff --git a/clusters/backdoor.json b/clusters/backdoor.json index b1deff9..76fe3dc 100644 --- a/clusters/backdoor.json +++ b/clusters/backdoor.json @@ -51,7 +51,17 @@ }, "uuid": "8b50360c-4d16-4f52-be75-e74c27f533df", "value": "ServHelper" + }, + { + "description": "The Rising Sun backdoor uses the RC4 cipher to encrypt its configuration data and communications. As with most backdoors, on initial infection, Rising Sun will send data regarding the infected system to a command and control (C2) site. That information captures computer and user name, IP address, operating system version and network adapter information. Rising Sun contains 14 functions including executing commands, obtaining information on disk drives and running processes, terminating processes, obtaining file creation and last access times, reading and writing files, deleting files, altering file attributes, clearing the memory of processes and connecting to a specified IP address.", + "meta": { + "refs": [ + "https://www.bluvector.io/threat-report-rising-sun-operation-sharpshooter/" + ] + }, + "uuid": "0ae6636e-87e4-4b4c-a1c8-e14e1cab964f", + "value": "Rising Sun" } ], - "version": 4 + "version": 5 }