add: Iron Backdoor

This commit is contained in:
Alexandre Dulaunoy 2018-06-03 18:39:37 +02:00
parent 19344dc14c
commit 308774755c
Signed by: adulau
GPG key ID: 09E2CD4944E6CBCD

View file

@ -2,7 +2,7 @@
"uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f", "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
"name": "Tool", "name": "Tool",
"source": "MISP Project", "source": "MISP Project",
"version": 70, "version": 71,
"values": [ "values": [
{ {
"meta": { "meta": {
@ -4242,6 +4242,16 @@
"description": "Advanced, likely state-sponsored or state-affiliated modular malware. The code of this malware overlaps with versions of the BlackEnergy malware. Targeted devices are Linksys, MikroTik, NETGEAR and TP-Link networking equipment in the small and home office (SOHO) space, as well as QNAP network-attached storage (NAS) systems.", "description": "Advanced, likely state-sponsored or state-affiliated modular malware. The code of this malware overlaps with versions of the BlackEnergy malware. Targeted devices are Linksys, MikroTik, NETGEAR and TP-Link networking equipment in the small and home office (SOHO) space, as well as QNAP network-attached storage (NAS) systems.",
"value": "VPNFilter", "value": "VPNFilter",
"uuid": "895d769e-b288-4977-a4e1-7d64eb134bf9" "uuid": "895d769e-b288-4977-a4e1-7d64eb134bf9"
},
{
"uuid": "1740ec4-d730-40d6-a3b8-32d5fe7f21cf",
"value": "Iron Backdoor",
"description": "Iron Backdoor uses a virtual machine detection code taken directly from HackingTeams Soldier implant leaked source code. Iron Backdoor is also using the DynamicCall module from HackingTeam core library. Backdoor was used to drop cryptocurrency miners.",
"meta": {
"refs": [
"https://www.intezer.com/iron-cybercrime-group-under-the-scope-2/"
]
}
} }
], ],
"authors": [ "authors": [