MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-22 23:07:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

add: Iron Backdoor

Browse source
This commit is contained in:
Alexandre Dulaunoy 2018-06-03 18:39:37 +02:00
parent 19344dc14c
commit 308774755c
Signed by: adulau
GPG key ID: 09E2CD4944E6CBCD
1 changed files with 11 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
clusters/tool.json
View file

@ -2,7 +2,7 @@
"uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
"name": "Tool",
"source": "MISP Project",
"version": 70,
"version": 71,
"values": [
{
"meta": {
@ -4242,6 +4242,16 @@
"description": "Advanced, likely state-sponsored or state-affiliated modular malware. The code of this malware overlaps with versions of the BlackEnergy malware. Targeted devices are Linksys, MikroTik, NETGEAR and TP-Link networking equipment in the small and home office (SOHO) space, as well as QNAP network-attached storage (NAS) systems.",
"value": "VPNFilter",
"uuid": "895d769e-b288-4977-a4e1-7d64eb134bf9"
},
{
"uuid": "1740ec4-d730-40d6-a3b8-32d5fe7f21cf",
"value": "Iron Backdoor",
"description": "Iron Backdoor uses a virtual machine detection code taken directly from HackingTeams Soldier implant leaked source code. Iron Backdoor is also using the DynamicCall module from HackingTeam core library. Backdoor was used to drop cryptocurrency miners.",
"meta": {
"refs": [
"https://www.intezer.com/iron-cybercrime-group-under-the-scope-2/"
]
}
}
],
"authors": [