diff --git a/clusters/backdoor.json b/clusters/backdoor.json index 4bb7a60..ac2cc9b 100644 --- a/clusters/backdoor.json +++ b/clusters/backdoor.json @@ -80,7 +80,17 @@ ], "uuid": "a4757e11-0837-42c0-958a-7490cff58687", "value": "SLUB" + }, + { + "description": "Since it first emerged in 2015, Asruex has been known for its backdoor capabilities and connection to the spyware DarkHotel. However, when we encountered Asruex in a PDF file, we found that a variant of the malware can also act as an infector particularly through the use of old vulnerabilities CVE-2012-0158 and CVE-2010-2883, which inject code in Word and PDF files respectively.", + "meta": { + "refs": [ + "https://blog.trendmicro.com/trendlabs-security-intelligence/asruex-backdoor-variant-infects-word-documents-and-pdfs-through-old-ms-office-and-adobe-vulnerabilities/" + ] + }, + "uuid": "b7ad60a0-d648-4775-adec-c78b1a92fc34", + "value": "Asruex" } ], - "version": 5 + "version": 6 } diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index a99c16d..d5a6142 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -4257,7 +4257,8 @@ "http://researchcenter.paloaltonetworks.com/2017/02/unit-42-title-gamaredon-group-toolset-evolution", "https://www.lookingglasscyber.com/wp-content/uploads/2015/08/Operation_Armageddon_Final.pdf", "https://unit42.paloaltonetworks.com/unit-42-title-gamaredon-group-toolset-evolution/", - "https://attack.mitre.org/groups/G0047/" + "https://attack.mitre.org/groups/G0047/", + "https://github.com/StrangerealIntel/CyberThreatIntel/tree/master/Russia/APT/Gamaredon" ] }, "related": [