MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-23 07:17:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

chg: [backdoor] Adds BOLDMOVE

Browse source 
Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
This commit is contained in:
Jürgen Löhel 2023-01-30 16:39:11 -06:00
parent 150e3152cc
commit 33513241bd
No known key found for this signature in database
GPG key ID: 54E44C4D345DD098
1 changed files with 13 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
clusters/backdoor.json
View file

@ -193,7 +193,19 @@
}, },
"uuid": "0c3b1aa5-3a33-493e-9126-28ebced4ed09", "uuid": "0c3b1aa5-3a33-493e-9126-28ebced4ed09",
"value": "BPFDoor" "value": "BPFDoor"
},
{
"description": "According to Mandiant, this malware family is attributed to potential chinese background and its Linux variant is related to exploitation of Fortinet's SSL-VPN (CVE-2022-42475).",
"meta": {
"refs": [
"https://malpedia.caad.fkie.fraunhofer.de/details/win.boldmove",
"https://malpedia.caad.fkie.fraunhofer.de/details/elf.boldmove",
"https://www.mandiant.com/resources/blog/chinese-actors-exploit-fortios-flaw"
]
},
"uuid": "2cef78bd-f097-4477-8888-79359042b515",
"value": "BOLDMOVE"
} }
], ],
"version": 13 "version": 14
} }