add H-worm RAT

This commit is contained in:
Deborah Servili 2019-03-18 16:24:55 +01:00
parent 5ce8aae89e
commit 3294091600
No known key found for this signature in database
GPG key ID: 7E3A832850D4D7D1

View file

@ -3308,7 +3308,17 @@
}, },
"uuid": "428c8288-6f65-453f-bfa2-4b519d08f8e9", "uuid": "428c8288-6f65-453f-bfa2-4b519d08f8e9",
"value": "FlawedGrace" "value": "FlawedGrace"
},
{
"description": "H-worm is a VBS (Visual Basic Script) based RAT written by an individual going by the name Houdini. We believe the author is based in Algeria and has connections to njq8, the author of njw0rm [1] and njRAT/LV [2] through means of a shared or common code base. We have seen the H-worm RAT being employed in targeted attacks against the international energy industry; however, we also see it being employed in a wider context as run of the mill attacks through spammed email attachments and malicious links.",
"meta": {
"refs": [
"https://www.fireeye.com/blog/threat-research/2013/09/now-you-see-me-h-worm-by-houdini.html"
]
},
"uuid": "1b6a067b-50b9-4aa7-a49b-823e94e210fe",
"value": "H-worm"
} }
], ],
"version": 24 "version": 25
} }