From 19c4fe4d11c0e1f06c27c713ae31334b0fcf89ab Mon Sep 17 00:00:00 2001
From: Deborah Servili <deborah.servili@gmail.com>
Date: Mon, 4 Mar 2019 10:11:26 +0100
Subject: [PATCH] add Rising Sun Backdoor

---
 clusters/backdoor.json | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/clusters/backdoor.json b/clusters/backdoor.json
index b1deff9..76fe3dc 100644
--- a/clusters/backdoor.json
+++ b/clusters/backdoor.json
@@ -51,7 +51,17 @@
       },
       "uuid": "8b50360c-4d16-4f52-be75-e74c27f533df",
       "value": "ServHelper"
+    },
+    {
+      "description": "The Rising Sun backdoor uses the RC4 cipher to encrypt its configuration data and communications. As with most backdoors, on initial infection, Rising Sun will send data regarding the infected system to a command and control (C2) site. That information captures computer and user name, IP address, operating system version and network adapter information. Rising Sun contains 14 functions  including executing commands, obtaining information on disk drives and running processes, terminating processes, obtaining file creation and last access times, reading and writing files, deleting files, altering file attributes, clearing the memory of processes and connecting to a specified IP address.",
+      "meta": {
+        "refs": [
+          "https://www.bluvector.io/threat-report-rising-sun-operation-sharpshooter/"
+        ]
+      },
+      "uuid": "0ae6636e-87e4-4b4c-a1c8-e14e1cab964f",
+      "value": "Rising Sun"
     }
   ],
-  "version": 4
+  "version": 5
 }