Names | BADNEWS JakyllHyde | |
Category | Malware | |
Type | Backdoor | |
Description | BADNEWS is malware that has been used by the actors responsible for the Patchwork campaign. Its name was given due to its use of RSS feeds, forums, and blogs for command and control. | |
Information | <https://unit42.paloaltonetworks.com/unit42-patchwork-continues-deliver-badnews-indian-subcontinent/> <http://blog.fortinet.com/2017/04/05/in-depth-look-at-new-variant-of-monsoon-apt-backdoor-part-1> <http://blog.fortinet.com/2017/04/05/in-depth-look-at-new-variant-of-monsoon-apt-backdoor-part-2> <https://documents.trendmicro.com/assets/tech-brief-untangling-the-patchwork-cyberespionage-group.pdf> | |
MITRE ATT&CK | <https://attack.mitre.org/software/S0128/> | |
Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.badnews> |
Last change to this tool card: 16 May 2021
Download this tool card in JSON format
Changed | Name | Country | Observed | ||
APT groups | |||||
Operation HangOver, Monsoon, Viceroy Tiger | 2010-Jan 2020 | ||||
Patchwork, Dropping Elephant | 2013-Jul 2024 |
2 groups listed (2 APT, 0 other, 0 unknown)
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |