2016-03-15 07:59:44 +00:00
{
"values" : [
{
"value" : "PlugX" ,
"description" : "Malware"
} ,
{
"value" : "MSUpdater"
} ,
{
2016-03-20 08:17:41 +00:00
"value" : "Poison Ivy" ,
"description" : "Poison Ivy is a RAT which was freely available and first released in 2005." ,
"refs" : [ "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-poison-ivy.pdf" ]
2016-03-15 07:59:44 +00:00
} ,
{
"value" : "Torn RAT"
} ,
2016-03-17 06:34:47 +00:00
{
"value" : "ZeGhost"
} ,
{
"value" : "Elise Backdoor" ,
"synonyms" : [ "Elise" ]
} ,
{
"value" : "Lstudio"
} ,
2016-03-15 07:59:44 +00:00
{
"value" : "Joy RAT"
} ,
{
"value" : "Sakula" ,
"synonyms" : [ "Sakurel" ]
} ,
{
"value" : "Derusbi"
} ,
{
"value" : "EvilGrab"
} ,
{
"value" : "IEChecker"
} ,
{
"value" : "Trojan.Naid"
} ,
{
"value" : "Backdoor.Moudoor"
2016-03-17 06:34:47 +00:00
} ,
{
"value" : "NetTraveler"
} ,
{
"value" : "Winnti"
} ,
{
"value" : "Mimikatz"
} ,
{
"value" : "WEBC2"
} ,
{
"value" : "Pirpi"
} ,
{
"value" : "RARSTONE"
} ,
{
"value" : "BACKSPACe"
} ,
{
"value" : "XSControl"
} ,
{
"value" : "NETEAGLE"
} ,
{
2016-03-19 22:08:01 +00:00
"value" : "Agent.BTZ" ,
"synonyms" : [ "ComRat" ]
} ,
{
"value" : "Heseber BOT" ,
"description" : "RAT bundle with standard VNC (to avoid/limit A/V detection)."
2016-03-17 06:34:47 +00:00
} ,
{
"value" : "Agent.dne"
} ,
{
"value" : "Wipbot"
} ,
{
"value" : "Turla"
} ,
{
"value" : "Uroburos"
} ,
{
"value" : "Winexe"
} ,
2016-03-19 22:08:01 +00:00
{
"value" : "Dark Comet" ,
"description" : "RAT initialy identified in 2011 and still actively used."
} ,
{
"value" : "AlienSpy" ,
"description" : "RAT for Apple OS X platforms"
} ,
2016-03-20 08:17:41 +00:00
{
"value" : "Gh0st Rat" ,
"description" : "Gh0st Rat is a well-known Chinese remote access trojan which was originally made by C.Rufus Security Team several years ago." ,
"synonyms" : [ "Gh0stRat, GhostRat" ] ,
"refs" : [ "http://download01.norman.no/documents/ThemanyfacesofGh0stRat.pdf" ]
} ,
{
"value" : "Fakem RAT" ,
"description" : "Fakem RAT makes their network traffic look like well-known protocols (e.g. Messenger traffic, HTML pages). " ,
"synonyms" : [ "FAKEM" ] ,
"refs" : [ "http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-fakem-rat.pdf" ]
} ,
{
"value" : "MFC Huner" ,
"synonyms" : [ "Hupigon" , "BKDR_HUPIGON" ] ,
"refs" : [ "http://blog.trendmicro.com/trendlabs-security-intelligence/japan-us-defense-industries-among-targeted-entities-in-latest-attack/" ]
} ,
{
"value" : "Blackshades" ,
"description" : "Blackshades Remote Access Tool targets Microsoft Windows operating systems. Authors were arrested in 2012 and 2014." ,
"refs" : [ "https://www.justice.gov/usao-sdny/pr/manhattan-us-attorney-and-fbi-assistant-director-charge-announce-charges-connection" , "https://blog.malwarebytes.org/intelligence/2012/06/you-dirty-rat-part-2-blackshades-net/" ]
} ,
2016-03-17 06:34:47 +00:00
{
"value" : "CORESHELL"
} ,
{
"value" : "CHOPSTICK"
} ,
{
"value" : "SOURFACE"
} ,
{
"value" : "OLDBAIT"
} ,
{
2016-03-19 22:08:01 +00:00
"value" : "Havex RAT" ,
"synonyms" : [ "Havex" ]
} ,
{
"value" : "KjW0rm" ,
"description" : "RAT initially written in VB." ,
"refs" : [ "https://www.sentinelone.com/blog/understanding-kjw0rm-malware-we-dive-in-to-the-tv5-cyber-attack/" ]
2016-03-17 06:34:47 +00:00
} ,
{
"value" : "LURK"
} ,
{
"value" : "Oldrea"
} ,
{
"value" : "AmmyAdmin"
} ,
{
"value" : "Matryoshka"
} ,
{
"value" : "TinyZBot"
} ,
{
"value" : "GHOLE"
} ,
{
"value" : "CWoolger"
} ,
{
"value" : "FireMalv"
} ,
{
"value" : "Regin"
} ,
{
"value" : "Duqu"
} ,
{
"value" : "Flame"
} ,
{
"value" : "Stuxnet"
} ,
{
"value" : "EquationLaser"
} ,
{
"value" : "EquationDrug"
} ,
{
"value" : "DoubleFantasy"
} ,
{
"value" : "TripleFantasy"
} ,
{
"value" : "Fanny"
} ,
{
"value" : "GrayFish"
} ,
{
"value" : "Babar"
} ,
{
"value" : "Bunny"
} ,
{
"value" : "Casper"
} ,
{
"value" : "NBot"
} ,
{
"value" : "Tafacalou"
} ,
{
"value" : "Tdrop"
} ,
{
"value" : "Troy"
} ,
{
"value" : "Tdrop2"
2016-03-15 07:59:44 +00:00
}
] ,
"version" : 1 ,
2016-03-17 06:34:47 +00:00
"description" : "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries." ,
"author" : [ "Alexandre Dulaunoy" , "Florian Roth" ] ,
2016-03-15 07:59:44 +00:00
"type" : "threat-actor-tools"
}