Rifdoor

Description

(AhnLab) Rifdoor was first discovered in November 2015, and it remained active until early 2016. A Rifdoor variant was used to attack SEOUL ADEX exhibitors in 2015 and was found in the hacking incidents of security companies in early 2016.

When it enters the system, Rifdoor generates a file by adding garbage data to the 4 bytes of the last part of the file. Therefore, since the hash value changes each time the system is infected, the malware cannot be found in the system with a simple hash value.

Names

Name
Rifdoor

Type

Backdoor

Information

https://global.ahnlab.com/global/upload/download/techreport/%5BAhnLab%5DAndariel_a_Subgroup_of_Lazarus%20(3).pdf
https://www.carbonblack.com/2020/04/16/vmware-carbon-black-tau-threat-analysis-the-evolution-of-lazarus/

Mitre Attack

https://attack.mitre.org/software/S0433/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.rifdoor

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:Rifdoor

Other Information

Uuid

52c89d28-fe3b-4d5f-9881-a0df2180f712

Last Card Change

2022-12-30

Threat Intelligence Garden

Explorer

Rifdoor

Rifdoor

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks