This commit is contained in:
Deborah Servili 2018-08-14 12:07:12 +02:00
parent 2081dc1627
commit a28c50203e
No known key found for this signature in database
GPG key ID: 7E3A832850D4D7D1
2 changed files with 3 additions and 13 deletions

View file

@ -5,7 +5,7 @@
"description": "A list of backdoor malware.", "description": "A list of backdoor malware.",
"name": "Backdoor", "name": "Backdoor",
"source": "Open Sources", "source": "Open Sources",
"version": 2, "version": 1,
"type": "backdoor", "type": "backdoor",
"uuid": "75436e27-cb57-4f32-bf1d-9636dd78a2bf", "uuid": "75436e27-cb57-4f32-bf1d-9636dd78a2bf",
"values": [ "values": [
@ -17,7 +17,6 @@
"https://blog.jpcert.or.jp/2018/07/malware-wellmes-9b78.html" "https://blog.jpcert.or.jp/2018/07/malware-wellmes-9b78.html"
] ]
}, },
"description": "Cross-platform malware written in Golang, compatible with Linux and Windows. Although there are some minor differences, both variants have the same functionality. The malware communicates with a CnC server using HTTP requests and performs functions based on the received commands. Results of command execution are sent in HTTP POST requests data (RSA-encrypted). Main functionalities are: (1) Execute arbitrary shell commands, (2) Upload/Download files. The PE variant of the infection, in addition, executes PowerShell scripts. A .Net version was also observed in the wild.",
"value": "WellMess", "value": "WellMess",
"uuid": "e0e79fab-0f1d-4fc2-b424-208cb019a9cd" "uuid": "e0e79fab-0f1d-4fc2-b424-208cb019a9cd"
}, },
@ -33,7 +32,6 @@
] ]
}, },
"uuid": "2bb165dc-9f93-11e8-ae64-d3dbab0dd786" "uuid": "2bb165dc-9f93-11e8-ae64-d3dbab0dd786"
} }
], ]
"version": 1
} }

View file

@ -10371,13 +10371,5 @@
"uuid": "c76c4d24-9f99-11e8-808d-a7f1c66a53c5" "uuid": "c76c4d24-9f99-11e8-808d-a7f1c66a53c5"
} }
], ],
"source": "Various",
"uuid": "10cf658b-5d32-4c4b-bb32-61760a640372",
"name": "Ransomware",
"version": 28,
"type": "ransomware",
"description": "Ransomware galaxy based on https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml and http://pastebin.com/raw/GHgpWjar"
}
],
"version": 28 "version": 28
} }