Hworm (e5f7bb36-c982-4f5a-9b29-ab73d2c5f70e)
Unit 42 has observed a new version of Hworm (or Houdini) being used within multiple attacks. This blog outlines technical details of this new Hworm version and documents an attack campaign making use of the backdoor. Of the samples used in this attack, the first we observed were June 2016, while as-of publication we were still seeing attacks as recently as mid-October, suggesting that this is likely an active, ongoing campaign.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Houdini (11775f11-03a0-4ba8-932f-c125dfb66e35) | Malpedia | Hworm (e5f7bb36-c982-4f5a-9b29-ab73d2c5f70e) | Tool | 1 |
| Hworm (e5f7bb36-c982-4f5a-9b29-ab73d2c5f70e) | Tool | H-worm (1b6a067b-50b9-4aa7-a49b-823e94e210fe) | RAT | 1 |