SYMBOLCOMMON_NAMEaka. SYNONYMS
js.airbreak (Back to overview)

AIRBREAK

aka: Orz

Actor(s): Leviathan

AIRBREAK, a JavaScript-based backdoor which retrieves commands from hidden strings in compromised webpages.

References
2020SecureworksSecureWorks
@online{secureworks:2020:bronze:e8ad4fb, author = {SecureWorks}, title = {{BRONZE MOHAWK}}, date = {2020}, organization = {Secureworks}, url = {https://www.secureworks.com/research/threat-profiles/bronze-mohawk}, language = {English}, urldate = {2020-05-23} } BRONZE MOHAWK
AIRBREAK scanbox BLACKCOFFEE CHINACHOPPER Cobalt Strike Derusbi homefry murkytop SeDll APT40
2018-07-11FireEyeScott Henderson, Steve Miller, Dan Perez, Marcin Siedlarz, Ben Wilson, Ben Read
@online{henderson:20180711:chinese:f0f3cbc, author = {Scott Henderson and Steve Miller and Dan Perez and Marcin Siedlarz and Ben Wilson and Ben Read}, title = {{Chinese Espionage Group TEMP.Periscope Targets Cambodia Ahead of July 2018 Elections and Reveals Broad Operations Globally}}, date = {2018-07-11}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2018/07/chinese-espionage-group-targets-cambodia-ahead-of-elections.html}, language = {English}, urldate = {2019-12-20} } Chinese Espionage Group TEMP.Periscope Targets Cambodia Ahead of July 2018 Elections and Reveals Broad Operations Globally
AIRBREAK APT40
2018-03-30Kahu SecurityKahu Security
@online{security:20180330:reflow:7e1ee15, author = {Kahu Security}, title = {{Reflow JavaScript Backdoor}}, date = {2018-03-30}, organization = {Kahu Security}, url = {http://www.kahusecurity.com/posts/reflow_javascript_backdoor.html}, language = {English}, urldate = {2020-01-07} } Reflow JavaScript Backdoor
AIRBREAK

There is no Yara-Signature yet.