Felixroot

Description

(FireEye) In September 2017, FireEye identified the FELIXROOT backdoor as a payload in a campaign targeting Ukrainians and reported it to our intelligence customers. The campaign involved malicious Ukrainian bank documents, which contained a macro that downloaded a FELIXROOT payload, being distributed to targets.

FireEye recently observed the same FELIXROOT backdoor being distributed as part of a newer campaign. This time, weaponized lure documents claiming to contain seminar information on environmental protection were observed exploiting known Microsoft Office vulnerabilities CVE-2017-0199 and CVE-2017-11882 to drop and execute the backdoor binary on the victim’s machine.

Names

Name
Felixroot
GreyEnergy mini

Category

Malware

Type

  • Backdoor

Information

Mitre Attack

Malpedia

Alienvault Otx

Other Information

Uuid

ebbfbe19-e146-4df3-8d7d-19cd716a94bd

Last Card Change

2020-05-13