chg: [backdoors] Adds BPFDoor

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
2022-05-11 19:03:39 -05:00 · 2022-05-11 19:03:39 -05:00 · 45da13ce5e
parent fcdc6c86e6
commit 45da13ce5e
1 changed files with 14 additions and 1 deletions
--- a/clusters/backdoor.json
+++ b/clusters/backdoor.json
@ -172,7 +172,20 @@
      ],
      "uuid": "16902832-0118-40f2-b29e-eaba799b2bf4",
      "value": "SUNBURST"
+    },
+    {
+      "description": "BPFDoor is a passive backdoor used by a China-based threat actor. This backdoor supports multiple protocols for communicating with a C2 including TCP, UDP, and ICMP allowing the threat actor a variety of mechanisms to interact with the implant",
+      "meta": {
+        "refs": [
+          "https://troopers.de/troopers22/talks/7cv8pz/",
+          "https://doublepulsar.com/bpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896?gi=1effe9eb6507",
+          "https://twitter.com/cyb3rops/status/1523227511551033349",
+          "https://twitter.com/CraigHRowland/status/1523266585133457408"
+        ]
+      },
+      "uuid": "0c3b1aa5-3a33-493e-9126-28ebced4ed09",
+      "value": "BPFDoor"
    }
  ],
-  "version": 11
+  "version": 12
 }