MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-26 08:47:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

add Rising Sun Backdoor

Browse source
This commit is contained in:
Deborah Servili 2019-03-04 10:11:26 +01:00
parent bd3fce00e1
commit 19c4fe4d11
No known key found for this signature in database
GPG key ID: 7E3A832850D4D7D1
1 changed files with 11 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
clusters/backdoor.json
View file

@ -51,7 +51,17 @@
}, },
"uuid": "8b50360c-4d16-4f52-be75-e74c27f533df", "uuid": "8b50360c-4d16-4f52-be75-e74c27f533df",
"value": "ServHelper" "value": "ServHelper"
},
{
"description": "The Rising Sun backdoor uses the RC4 cipher to encrypt its configuration data and communications. As with most backdoors, on initial infection, Rising Sun will send data regarding the infected system to a command and control (C2) site. That information captures computer and user name, IP address, operating system version and network adapter information. Rising Sun contains 14 functions including executing commands, obtaining information on disk drives and running processes, terminating processes, obtaining file creation and last access times, reading and writing files, deleting files, altering file attributes, clearing the memory of processes and connecting to a specified IP address.",
"meta": {
"refs": [
"https://www.bluvector.io/threat-report-rising-sun-operation-sharpshooter/"
]
},
"uuid": "0ae6636e-87e4-4b4c-a1c8-e14e1cab964f",
"value": "Rising Sun"
} }
], ],
"version": 4 "version": 5
} }