Felixroot
Description
(FireEye) In September 2017, FireEye identified the FELIXROOT backdoor as a payload in a campaign targeting Ukrainians and reported it to our intelligence customers. The campaign involved malicious Ukrainian bank documents, which contained a macro that downloaded a FELIXROOT payload, being distributed to targets.
FireEye recently observed the same FELIXROOT backdoor being distributed as part of a newer campaign. This time, weaponized lure documents claiming to contain seminar information on environmental protection were observed exploiting known Microsoft Office vulnerabilities CVE-2017-0199 and CVE-2017-11882 to drop and execute the backdoor binary on the victim’s machine.
Names
Name |
---|
Felixroot |
GreyEnergy mini |
Category
Malware
Type
- Backdoor
Information
- https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html
- https://medium.com/@Sebdraven/when-a-malware-is-more-complex-than-the-paper-5822fc7ff257
Mitre Attack
Malpedia
Alienvault Otx
Other Information
Uuid
ebbfbe19-e146-4df3-8d7d-19cd716a94bd
Last Card Change
2020-05-13