From 33513241bd4d5785b5b387df4a5c03c41d08de64 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=BCrgen=20L=C3=B6hel?= Date: Mon, 30 Jan 2023 16:39:11 -0600 Subject: [PATCH] chg: [backdoor] Adds BOLDMOVE MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jürgen Löhel --- clusters/backdoor.json | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/clusters/backdoor.json b/clusters/backdoor.json index c52e142..3564edb 100644 --- a/clusters/backdoor.json +++ b/clusters/backdoor.json @@ -193,7 +193,19 @@ }, "uuid": "0c3b1aa5-3a33-493e-9126-28ebced4ed09", "value": "BPFDoor" + }, + { + "description": "According to Mandiant, this malware family is attributed to potential chinese background and its Linux variant is related to exploitation of Fortinet's SSL-VPN (CVE-2022-42475).", + "meta": { + "refs": [ + "https://malpedia.caad.fkie.fraunhofer.de/details/win.boldmove", + "https://malpedia.caad.fkie.fraunhofer.de/details/elf.boldmove", + "https://www.mandiant.com/resources/blog/chinese-actors-exploit-fortios-flaw" + ] + }, + "uuid": "2cef78bd-f097-4477-8888-79359042b515", + "value": "BOLDMOVE" } ], - "version": 13 + "version": 14 }