[Longhorn group] Backdoor.Plexor + Backdoor.Trojan.LH1

Forum for analysis and discussion about malware.

[Longhorn group] Backdoor.Plexor + Backdoor.Trojan.LH1

Postby R136a1 » Mon Apr 10, 2017 7:19 pm

Hi folks,

Symantec published an article about a group they named Longhorn whose tools match the descriptions of the Vault 7 documents leaked by Wikileaks, allegedly the CIA hacking tools arsenal. In the article, they also published the signature names of some tools of which some can be found on Virustotal.

Blogpost: https://www.symantec.com/connect/blogs/ ... ed-vault-7

Backdoor.Plexor:
https://virustotal.com/en/file/6f03586b ... /analysis/
https://virustotal.com/en/file/425bbe70 ... /analysis/
https://virustotal.com/en/file/2156adca ... /analysis/

Backdoor.Trojan.LH1:
https://virustotal.com/en/file/21f72733 ... /analysis/
https://virustotal.com/en/file/e7591998 ... /analysis/

One of the samples is detected as Duqu by Microsoft...

Files attached.
You do not have the required permissions to view the files attached to this post.
User avatar
R136a1
 
Posts: 216
Joined: Wed Jul 13, 2011 4:30 pm
Location: Germany
Reputation point: 136

Return to Malware

Who is online

Users browsing this forum: No registered users and 10 guests