misp-galaxy/elements/threat-actor-tools.json

{
  "values": [
    {
      "value": "PlugX",
      "description": "Malware"
    },
    {
      "value": "MSUpdater"
    },
    {
      "value": "Poison Ivy"
    },
    {
      "value": "Torn RAT"
    },
    {
      "value": "ZeGhost"
    },
    {
      "value": "Elise Backdoor",
      "synonyms": ["Elise"]
    },
    {
      "value": "Lstudio"
    },
    {
      "value": "Joy RAT"
    },
    {
      "value": "Sakula",
      "synonyms": ["Sakurel"]
    },
    {
      "value": "Derusbi"
    },
    {
      "value": "EvilGrab"
    },
    {
      "value": "IEChecker"
    },
    {
      "value": "Trojan.Naid"
    },
    {
      "value": "Backdoor.Moudoor"
    },
    {
      "value": "NetTraveler"
    },
    {
      "value": "Winnti"
    },
    {
      "value": "Mimikatz"
    },
    {
      "value": "WEBC2"
    },
    {
      "value": "Pirpi"
    },
    {
      "value": "RARSTONE"
    },
    {
      "value": "BACKSPACe"
    },
    {
      "value": "XSControl"
    },
    {
      "value": "NETEAGLE"
    },
    {
      "value": "Agent.BTZ",
      "synonyms": ["ComRat"]
    },
    {
      "value": "Heseber BOT",
      "description": "RAT bundle with standard VNC (to avoid/limit A/V detection)."
    },
    {
      "value": "Agent.dne"
    },
    {
      "value": "Wipbot"
    },
    {
      "value": "Turla"
    },
    {
      "value": "Uroburos"
    },
    {
      "value": "Winexe"
    },
    {
      "value": "Dark Comet",
      "description": "RAT initialy identified in 2011 and still actively used."
    },
    {
      "value": "AlienSpy",
      "description": "RAT for Apple OS X platforms"
    },
    {
      "value": "CORESHELL"
    },
    {
      "value": "CHOPSTICK"
    },
    {
      "value": "SOURFACE"
    },
    {
      "value": "OLDBAIT"
    },
    {
      "value": "Havex RAT",
      "synonyms": ["Havex"]
    },
    {
      "value": "KjW0rm",
      "description": "RAT initially written in VB.",
      "refs": ["https://www.sentinelone.com/blog/understanding-kjw0rm-malware-we-dive-in-to-the-tv5-cyber-attack/"]
    },
    {
      "value": "LURK"
    },
    {
      "value": "Oldrea"
    },
    {
      "value": "AmmyAdmin"
    },
    {
      "value": "Matryoshka"
    },
    {
      "value": "TinyZBot"
    },
    {
      "value": "GHOLE"
    },
    {
      "value": "CWoolger"
    },
    {
      "value": "FireMalv"
    },
    {
      "value": "Regin"
    },
    {
      "value": "Duqu"
    },
    {
      "value": "Flame"
    },
    {
      "value": "Stuxnet"
    },
    {
      "value": "EquationLaser"
    },
    {
      "value": "EquationDrug"
    },
    {
      "value": "DoubleFantasy"
    },
    {
      "value": "TripleFantasy"
    },
    {
      "value": "Fanny"
    },
    {
      "value": "GrayFish"
    },
    {
      "value": "Babar"
    },
    {
      "value": "Bunny"
    },
    {
      "value": "Casper"
    },
    {
      "value": "NBot"
    },
    {
      "value": "Tafacalou"
    },
    {
      "value": "Tdrop"
    },
    {
      "value": "Troy"
    },
    {
      "value": "Tdrop2"
    }
  ],
  "version" : 1,
  "description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
  "author": ["Alexandre Dulaunoy", "Florian Roth"],
  "type": "threat-actor-tools"
}
First version of adversary tools 2016-03-15 07:59:44 +00:00			`{`
			`"values": [`
			`{`
			`"value": "PlugX",`
			`"description": "Malware"`
			`},`
			`{`
			`"value": "MSUpdater"`
			`},`
			`{`
			`"value": "Poison Ivy"`
			`},`
			`{`
			`"value": "Torn RAT"`
			`},`
More adversaries tools 2016-03-17 06:34:47 +00:00			`{`
			`"value": "ZeGhost"`
			`},`
			`{`
			`"value": "Elise Backdoor",`
			`"synonyms": ["Elise"]`
			`},`
			`{`
			`"value": "Lstudio"`
			`},`
First version of adversary tools 2016-03-15 07:59:44 +00:00			`{`
			`"value": "Joy RAT"`
			`},`
			`{`
			`"value": "Sakula",`
			`"synonyms": ["Sakurel"]`
			`},`
			`{`
			`"value": "Derusbi"`
			`},`
			`{`
			`"value": "EvilGrab"`
			`},`
			`{`
			`"value": "IEChecker"`
			`},`
			`{`
			`"value": "Trojan.Naid"`
			`},`
			`{`
			`"value": "Backdoor.Moudoor"`
More adversaries tools 2016-03-17 06:34:47 +00:00			`},`
			`{`
			`"value": "NetTraveler"`
			`},`
			`{`
			`"value": "Winnti"`
			`},`
			`{`
			`"value": "Mimikatz"`
			`},`
			`{`
			`"value": "WEBC2"`
			`},`
			`{`
			`"value": "Pirpi"`
			`},`
			`{`
			`"value": "RARSTONE"`
			`},`
			`{`
			`"value": "BACKSPACe"`
			`},`
			`{`
			`"value": "XSControl"`
			`},`
			`{`
			`"value": "NETEAGLE"`
			`},`
			`{`
More RATs and description added. 2016-03-19 22:08:01 +00:00			`"value": "Agent.BTZ",`
			`"synonyms": ["ComRat"]`
			`},`
			`{`
			`"value": "Heseber BOT",`
			`"description": "RAT bundle with standard VNC (to avoid/limit A/V detection)."`
More adversaries tools 2016-03-17 06:34:47 +00:00			`},`
			`{`
			`"value": "Agent.dne"`
			`},`
			`{`
			`"value": "Wipbot"`
			`},`
			`{`
			`"value": "Turla"`
			`},`
			`{`
			`"value": "Uroburos"`
			`},`
			`{`
			`"value": "Winexe"`
			`},`
More RATs and description added. 2016-03-19 22:08:01 +00:00			`{`
			`"value": "Dark Comet",`
			`"description": "RAT initialy identified in 2011 and still actively used."`
			`},`
			`{`
			`"value": "AlienSpy",`
			`"description": "RAT for Apple OS X platforms"`
			`},`
More adversaries tools 2016-03-17 06:34:47 +00:00			`{`
			`"value": "CORESHELL"`
			`},`
			`{`
			`"value": "CHOPSTICK"`
			`},`
			`{`
			`"value": "SOURFACE"`
			`},`
			`{`
			`"value": "OLDBAIT"`
			`},`
			`{`
More RATs and description added. 2016-03-19 22:08:01 +00:00			`"value": "Havex RAT",`
			`"synonyms": ["Havex"]`
			`},`
			`{`
			`"value": "KjW0rm",`
			`"description": "RAT initially written in VB.",`
			`"refs": ["https://www.sentinelone.com/blog/understanding-kjw0rm-malware-we-dive-in-to-the-tv5-cyber-attack/"]`
More adversaries tools 2016-03-17 06:34:47 +00:00			`},`
			`{`
			`"value": "LURK"`
			`},`
			`{`
			`"value": "Oldrea"`
			`},`
			`{`
			`"value": "AmmyAdmin"`
			`},`
			`{`
			`"value": "Matryoshka"`
			`},`
			`{`
			`"value": "TinyZBot"`
			`},`
			`{`
			`"value": "GHOLE"`
			`},`
			`{`
			`"value": "CWoolger"`
			`},`
			`{`
			`"value": "FireMalv"`
			`},`
			`{`
			`"value": "Regin"`
			`},`
			`{`
			`"value": "Duqu"`
			`},`
			`{`
			`"value": "Flame"`
			`},`
			`{`
			`"value": "Stuxnet"`
			`},`
			`{`
			`"value": "EquationLaser"`
			`},`
			`{`
			`"value": "EquationDrug"`
			`},`
			`{`
			`"value": "DoubleFantasy"`
			`},`
			`{`
			`"value": "TripleFantasy"`
			`},`
			`{`
			`"value": "Fanny"`
			`},`
			`{`
			`"value": "GrayFish"`
			`},`
			`{`
			`"value": "Babar"`
			`},`
			`{`
			`"value": "Bunny"`
			`},`
			`{`
			`"value": "Casper"`
			`},`
			`{`
			`"value": "NBot"`
			`},`
			`{`
			`"value": "Tafacalou"`
			`},`
			`{`
			`"value": "Tdrop"`
			`},`
			`{`
			`"value": "Troy"`
			`},`
			`{`
			`"value": "Tdrop2"`
First version of adversary tools 2016-03-15 07:59:44 +00:00			`}`
			`],`
			`"version" : 1,`
More adversaries tools 2016-03-17 06:34:47 +00:00			`"description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",`
			`"author": ["Alexandre Dulaunoy", "Florian Roth"],`
First version of adversary tools 2016-03-15 07:59:44 +00:00			`"type": "threat-actor-tools"`
			`}`