Tool: BADNEWS| Names | BADNEWS | |
| Category | Malware | |
| Type | Backdoor | |
| Description | BADNEWS is malware that has been used by the actors responsible for the Patchwork campaign. Its name was given due to its use of RSS feeds, forums, and blogs for command and control. | |
| Information | <https://unit42.paloaltonetworks.com/unit42-patchwork-continues-deliver-badnews-indian-subcontinent/> <http://blog.fortinet.com/2017/04/05/in-depth-look-at-new-variant-of-monsoon-apt-backdoor-part-1> <http://blog.fortinet.com/2017/04/05/in-depth-look-at-new-variant-of-monsoon-apt-backdoor-part-2> <https://documents.trendmicro.com/assets/tech-brief-untangling-the-patchwork-cyberespionage-group.pdf> | |
| MITRE ATT&CK | <https://attack.mitre.org/software/S0128/> | |
| Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.badnews> | |
Last change to this tool card: 13 May 2020
Download this tool card in JSON format
Previous: BadHatch
Next: BadPatch
| Changed | Name | Country | Observed | ||
APT groups | |||||
| Operation HangOver, Monsoon, Viceroy Tiger |  | 2010-Jan 2020 | |||
 | Patchwork, Dropping Elephant | | 2013-Mar 2018 | ||
2 groups listed (2 APT, 0 other, 0 unknown)
|
Thailand Computer Emergency Response Team (ThaiCERT) Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1234 | |
 |
report@thaicert.or.th | |
 |
Download PGP key | |