mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-29 18:27:19 +00:00
[add] new backdoor galaxy and cluster
This commit is contained in:
parent
e5939e3248
commit
77cfaa8221
2 changed files with 33 additions and 0 deletions
24
clusters/backdoor.json
Normal file
24
clusters/backdoor.json
Normal file
|
@ -0,0 +1,24 @@
|
|||
{
|
||||
"uuid": "75436e27-cb57-4f32-bf1d-9636dd78a2bf",
|
||||
"description": "A list of backdoor malware.",
|
||||
"source": "Open Sources",
|
||||
"version": 1,
|
||||
"values": [
|
||||
{
|
||||
"meta": {
|
||||
"date": "July 2018.",
|
||||
"refs": [
|
||||
"https://blog.jpcert.or.jp/2018/07/malware-wellmes-9b78.html"
|
||||
]
|
||||
},
|
||||
"description": "Cross-platform malware written in Golang, compatible with Linux and Windows. Although there are some minor differences, both variants have the same functionality. The malware communicates with a CnC server using HTTP requests and performs functions based on the received commands. Results of command execution are sent in HTTP POST requests data (RSA-encrypted). Main functionalities are: (1) Execute arbitrary shell commands, (2) Upload/Download files. The PE variant of the infection, in addition, executes PowerShell scripts. A .Net version was also observed in the wild.",
|
||||
"value": "WellMess",
|
||||
"uuid": "e0e79fab-0f1d-4fc2-b424-208cb019a9cd"
|
||||
}
|
||||
],
|
||||
"authors": [
|
||||
"raw-data"
|
||||
],
|
||||
"type": "backdoor",
|
||||
"name": "Backdoor"
|
||||
}
|
9
galaxies/backdoor.json
Normal file
9
galaxies/backdoor.json
Normal file
|
@ -0,0 +1,9 @@
|
|||
{
|
||||
"description": "Malware Backdoor galaxy.",
|
||||
"type": "backdoor",
|
||||
"version": 1,
|
||||
"name": "Backdoor",
|
||||
"icon": "door-open",
|
||||
"uuid": "75436e27-cb57-4f32-bf1d-9636dd78a2bf",
|
||||
"namespace": "misp"
|
||||
}
|
Loading…
Reference in a new issue