mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-26 16:57:18 +00:00
add: Iron Backdoor
This commit is contained in:
parent
19344dc14c
commit
308774755c
1 changed files with 11 additions and 1 deletions
|
@ -2,7 +2,7 @@
|
|||
"uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
|
||||
"name": "Tool",
|
||||
"source": "MISP Project",
|
||||
"version": 70,
|
||||
"version": 71,
|
||||
"values": [
|
||||
{
|
||||
"meta": {
|
||||
|
@ -4242,6 +4242,16 @@
|
|||
"description": "Advanced, likely state-sponsored or state-affiliated modular malware. The code of this malware overlaps with versions of the BlackEnergy malware. Targeted devices are Linksys, MikroTik, NETGEAR and TP-Link networking equipment in the small and home office (SOHO) space, as well as QNAP network-attached storage (NAS) systems.",
|
||||
"value": "VPNFilter",
|
||||
"uuid": "895d769e-b288-4977-a4e1-7d64eb134bf9"
|
||||
},
|
||||
{
|
||||
"uuid": "1740ec4-d730-40d6-a3b8-32d5fe7f21cf",
|
||||
"value": "Iron Backdoor",
|
||||
"description": "Iron Backdoor uses a virtual machine detection code taken directly from HackingTeam’s Soldier implant leaked source code. Iron Backdoor is also using the DynamicCall module from HackingTeam core library. Backdoor was used to drop cryptocurrency miners.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.intezer.com/iron-cybercrime-group-under-the-scope-2/"
|
||||
]
|
||||
}
|
||||
}
|
||||
],
|
||||
"authors": [
|
||||
|
|
Loading…
Reference in a new issue