From 33513241bd4d5785b5b387df4a5c03c41d08de64 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=BCrgen=20L=C3=B6hel?= <juergen.loehel@inlyse.com>
Date: Mon, 30 Jan 2023 16:39:11 -0600
Subject: [PATCH] chg: [backdoor] Adds BOLDMOVE
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
---
 clusters/backdoor.json | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/clusters/backdoor.json b/clusters/backdoor.json
index c52e142..3564edb 100644
--- a/clusters/backdoor.json
+++ b/clusters/backdoor.json
@@ -193,7 +193,19 @@
       },
       "uuid": "0c3b1aa5-3a33-493e-9126-28ebced4ed09",
       "value": "BPFDoor"
+    },
+    {
+      "description": "According to Mandiant, this malware family is attributed to potential chinese background and its Linux variant is related to exploitation of Fortinet's SSL-VPN (CVE-2022-42475).",
+      "meta": {
+        "refs": [
+          "https://malpedia.caad.fkie.fraunhofer.de/details/win.boldmove",
+          "https://malpedia.caad.fkie.fraunhofer.de/details/elf.boldmove",
+          "https://www.mandiant.com/resources/blog/chinese-actors-exploit-fortios-flaw"
+        ]
+      },
+      "uuid": "2cef78bd-f097-4477-8888-79359042b515",
+      "value": "BOLDMOVE"
     }
   ],
-  "version": 13
+  "version": 14
 }