add Rising Sun Backdoor

This commit is contained in:
Deborah Servili 2019-03-04 10:11:26 +01:00
parent bd3fce00e1
commit 19c4fe4d11
No known key found for this signature in database
GPG key ID: 7E3A832850D4D7D1

View file

@ -51,7 +51,17 @@
}, },
"uuid": "8b50360c-4d16-4f52-be75-e74c27f533df", "uuid": "8b50360c-4d16-4f52-be75-e74c27f533df",
"value": "ServHelper" "value": "ServHelper"
},
{
"description": "The Rising Sun backdoor uses the RC4 cipher to encrypt its configuration data and communications. As with most backdoors, on initial infection, Rising Sun will send data regarding the infected system to a command and control (C2) site. That information captures computer and user name, IP address, operating system version and network adapter information. Rising Sun contains 14 functions including executing commands, obtaining information on disk drives and running processes, terminating processes, obtaining file creation and last access times, reading and writing files, deleting files, altering file attributes, clearing the memory of processes and connecting to a specified IP address.",
"meta": {
"refs": [
"https://www.bluvector.io/threat-report-rising-sun-operation-sharpshooter/"
]
},
"uuid": "0ae6636e-87e4-4b4c-a1c8-e14e1cab964f",
"value": "Rising Sun"
} }
], ],
"version": 4 "version": 5
} }