From 0775bfce6298c3558741ebd5105b4fbc66327996 Mon Sep 17 00:00:00 2001 From: Thanat0s Date: Sun, 26 Feb 2017 19:26:21 +0100 Subject: [PATCH] pimp winnti --- clusters/tool.json | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/clusters/tool.json b/clusters/tool.json index bc3daf2..56e6d54 100644 --- a/clusters/tool.json +++ b/clusters/tool.json @@ -356,7 +356,7 @@ }, { "value": "NetTraveler", - "description": "APT that infected hundreds of high profile victims in more than 40 countries. Known targets of NetTraveler include Tibetan/Uyghur activists, oil industry companies, scientific research centers and institutes, universities, private companies, governments and governmental institutions, embassies and military contractors.", + "description": "APT that infected hundreds of high profile victims in more than 40 countries. Known targets of NetTraveler include Tibetan/Uyghur activists, oil industry companies, scientific research centers and institutes, universities, private companies, governments and governmental institutions, embassies and military contractors.", "meta": { "synonyms": [ "TravNet", @@ -371,7 +371,21 @@ } }, { - "value": "Winnti" + "value": "Winnti", + "description": "APT used As part of Operation SMN, Novetta analyzed recent versions of the Winnti malware. The samples, compiled from mid- to late 2014, exhibited minimal functional changes over the previous generations Kaspersky reported in 2013.", + "meta": { + "synonyms": [ + "Etso", + "SUQ", + "Agent.ALQHI" + ], + "refs": [ + "https://securelist.com/blog/incidents/57455/nettraveler-is-back-the-red-star-apt-returns-with-new-tricks/" + ], + "type": [ + "Backdoor" + ] + } }, { "value": "Mimikatz",