MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

add: Iron Backdoor

pull/221/head
Alexandre Dulaunoy 2018-06-03 18:39:37 +02:00
parent 19344dc14c
commit 308774755c
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
clusters/tool.json
View File

@ -2,7 +2,7 @@
"uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
"name": "Tool",
"source": "MISP Project",
"version": 70,
"version": 71,
"values": [
{
"meta": {
@ -4242,6 +4242,16 @@
"description": "Advanced, likely state-sponsored or state-affiliated modular malware. The code of this malware overlaps with versions of the BlackEnergy malware. Targeted devices are Linksys, MikroTik, NETGEAR and TP-Link networking equipment in the small and home office (SOHO) space, as well as QNAP network-attached storage (NAS) systems.",
"value": "VPNFilter",
"uuid": "895d769e-b288-4977-a4e1-7d64eb134bf9"
},
{
"uuid": "1740ec4-d730-40d6-a3b8-32d5fe7f21cf",
"value": "Iron Backdoor",
"description": "Iron Backdoor uses a virtual machine detection code taken directly from HackingTeams Soldier implant leaked source code. Iron Backdoor is also using the DynamicCall module from HackingTeam core library. Backdoor was used to drop cryptocurrency miners.",
"meta": {
"refs": [
"https://www.intezer.com/iron-cybercrime-group-under-the-scope-2/"
]
}
}
],
"authors": [