Skip to content

[Intel]: https://www.pangulab.cn/files/The_Bvp47_a_top-tier_backdoor_of_us_nsa_equation_group.en.pdf #99

New issue
New issue
Open
Open
[Intel]: https://www.pangulab.cn/files/The_Bvp47_a_top-tier_backdoor_of_us_nsa_equation_group.en.pdf#99
Labels
missing:tag:IRCmissing:tag:Non-persistentStoragemissing:tag:ProcessTreeSpoofingmissing:tag:T1005missing:tag:T1021.002missing:tag:T1048missing:tag:T1053.003missing:tag:T1057missing:tag:T1070.004missing:tag:T1071.001missing:tag:T1518missing:tag:T1567missing:tag:T1573missing:tag:T1590new
@timb-machine

Description

@timb-machine
timb-machine
opened on Apr 19, 2022

Area

Malware reports

Parent threat

Persistence, Command and Control

Finding

https://www.pangulab.cn/files/The_Bvp47_a_top-tier_backdoor_of_us_nsa_equation_group.en.pdf

Industry reference

attack:T1205:Traffic Signaling
attack:T1205.002:Socket Filters
attack:T1573.002:Symmetric Cryptography
attack:T1573.002:Asymmetric Cryptography
attack:T1082:System Information Discovery
attack:T1547.006:Kernel Modules and Extensions

Malware reference

Bvp47
dewdrop
tipoff
StoicSurgeon
Incision

Actor reference

Equation Group

Component

Linux
Solaris
FreeBSD

Scenario

No response

Metadata

Metadata