MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

EngineBox malware added

pull/83/head
Alexandre Dulaunoy 2017-08-19 09:38:45 +02:00
parent e5c2294c5c
commit 760f863f8a
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
clusters/tool.json
View File

@ -2944,6 +2944,15 @@
"http://blog.trendmicro.com/trendlabs-security-intelligence/look-js_powmet-completely-fileless-malware/"
]
}
},
{
"value": "EngineBox Malware",
"description": "The main malware capabilities include a privilege escalation attempt using MS16032 exploitation; a HTTP Proxy to intercept banking transactions; a backdoor to make it possible for the attacker to issue arbitrary remote commands and a C&C through a IRC channel. As it's being identified as a Generic Trojan by most of VirusTotal (VT) engines, let s name it EngineBox— the core malware class I saw after reverse engineering it.",
"meta": {
"refs": [
"https://isc.sans.edu/diary/22736"
]
}
}
]
}