Tool: BackBend| Names | BackBend | |
| Category | Malware | |
| Type | Downloader | |
| Description | FireEye describes BACKBEND as a secondary downloader used as a backup mechanism in the case the primary backdoor is removed. When executed, BACKBEND checks for the presence of the mutexes MicrosoftZj or MicrosoftZjBak (both associated with Backspace variants). If either of the mutexes exist, the malware exits. | |
| Information | <https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf> | |
| Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.backbend> | |
| AlienVault OTX | <https://otx.alienvault.com/browse/pulses?q=tag:BACKBEND> | |
Last change to this tool card: 22 April 2020
Download this tool card in JSON format
| Changed | Name | Country | Observed | ||
APT groups | |||||
| APT 30, Override Panda |  | 2005 | |||
| Naikon, Lotus Panda | | 2012-2017 | |||
2 groups listed (2 APT, 0 other, 0 unknown)
|
Thailand Computer Emergency Response Team (ThaiCERT) Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1234 | |
 |
report@thaicert.or.th | |
 |
Download PGP key | |