add several tools and refs

This commit is contained in:
Deborah Servili 2018-11-08 10:39:32 +01:00
parent 954264c084
commit 14444e4321
No known key found for this signature in database
GPG key ID: 7E3A832850D4D7D1
3 changed files with 30 additions and 9 deletions

View file

@ -286,7 +286,8 @@
"refs": [ "refs": [
"https://securelist.com/securelist/files/2016/02/KL_AdwindPublicReport_2016.pdf", "https://securelist.com/securelist/files/2016/02/KL_AdwindPublicReport_2016.pdf",
"https://www.f-secure.com/v-descs/backdoor_java_adwind.shtml", "https://www.f-secure.com/v-descs/backdoor_java_adwind.shtml",
"https://blog.fortinet.com/2016/08/16/jbifrost-yet-another-incarnation-of-the-adwind-rat" "https://blog.fortinet.com/2016/08/16/jbifrost-yet-another-incarnation-of-the-adwind-rat",
"https://www.ncsc.gov.uk/content/files/protected_files/article_files/Joint%20report%20on%20publicly%20available%20hacking%20tools%20%28NCSC%29.pdf"
], ],
"synonyms": [ "synonyms": [
"UNRECOM", "UNRECOM",
@ -724,7 +725,8 @@
"date": "2014", "date": "2014",
"refs": [ "refs": [
"https://github.com/quasar/QuasarRAT", "https://github.com/quasar/QuasarRAT",
"https://researchcenter.paloaltonetworks.com/2017/10/unit42-tracking-subaat-targeted-phishing-attacks-point-leader-threat-actors-repository/" "https://researchcenter.paloaltonetworks.com/2017/10/unit42-tracking-subaat-targeted-phishing-attacks-point-leader-threat-actors-repository/",
"https://www.ncsc.gov.uk/content/files/protected_files/article_files/Joint%20report%20on%20publicly%20available%20hacking%20tools%20%28NCSC%29.pdf"
] ]
}, },
"related": [ "related": [
@ -3278,5 +3280,5 @@
"value": "NukeSped" "value": "NukeSped"
} }
], ],
"version": 20 "version": 21
} }

View file

@ -105,7 +105,8 @@
"https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks", "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks",
"http://www.isightpartners.com/2015/02/codoso/#sthash.VJMDVPQB.dpuf", "http://www.isightpartners.com/2015/02/codoso/#sthash.VJMDVPQB.dpuf",
"http://researchcenter.paloaltonetworks.com/2016/01/new-attacks-linked-to-c0d0s0-group/", "http://researchcenter.paloaltonetworks.com/2016/01/new-attacks-linked-to-c0d0s0-group/",
"https://www.nytimes.com/2016/06/12/technology/the-chinese-hackers-in-the-back-office.html" "https://www.nytimes.com/2016/06/12/technology/the-chinese-hackers-in-the-back-office.html",
"https://www.ncsc.gov.uk/content/files/protected_files/article_files/Joint%20report%20on%20publicly%20available%20hacking%20tools%20%28NCSC%29.pdf"
], ],
"synonyms": [ "synonyms": [
"C0d0so", "C0d0so",
@ -995,7 +996,8 @@
"country": "CN", "country": "CN",
"refs": [ "refs": [
"http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-malware-new-attacks-japanese-academics-organizations/", "http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-malware-new-attacks-japanese-academics-organizations/",
"https://www.cfr.org/interactive/cyber-operations/apt-10" "https://www.cfr.org/interactive/cyber-operations/apt-10",
"https://www.ncsc.gov.uk/content/files/protected_files/article_files/Joint%20report%20on%20publicly%20available%20hacking%20tools%20%28NCSC%29.pdf"
], ],
"synonyms": [ "synonyms": [
"APT10", "APT10",
@ -5999,5 +6001,5 @@
"value": "EvilTraffic" "value": "EvilTraffic"
} }
], ],
"version": 76 "version": 77
} }

View file

@ -677,7 +677,8 @@
"meta": { "meta": {
"refs": [ "refs": [
"https://github.com/gentilkiwi/mimikatz", "https://github.com/gentilkiwi/mimikatz",
"https://researchcenter.paloaltonetworks.com/2017/07/unit42-twoface-webshell-persistent-access-point-lateral-movement/" "https://researchcenter.paloaltonetworks.com/2017/07/unit42-twoface-webshell-persistent-access-point-lateral-movement/",
"https://www.ncsc.gov.uk/content/files/protected_files/article_files/Joint%20report%20on%20publicly%20available%20hacking%20tools%20%28NCSC%29.pdf"
], ],
"synonyms": [ "synonyms": [
"Mikatz" "Mikatz"
@ -2049,9 +2050,15 @@
"value": "Hoardy" "value": "Hoardy"
}, },
{ {
"description": "HUC Packet Transmitter (HTran) is a proxy tool, used to intercept and redirect Transmission Control Protocol (TCP) connections from the local host to a remote host. This makes it possible to obfuscate an attacker's communications with victim networks. The tool has been freely available on the internet since at least 2009.\nHTran facilitates TCP connections between the victim and a hop point controlled by an attacker. Malicious cyber actors can use this technique to redirect their packets through multiple compromised hosts running HTran, to gain greater access to hosts in a network",
"meta": { "meta": {
"refs": [ "refs": [
"http://www.secureworks.com/research/threats/htran/" "http://www.secureworks.com/research/threats/htran/",
"https://www.ncsc.gov.uk/content/files/protected_files/article_files/Joint%20report%20on%20publicly%20available%20hacking%20tools%20%28NCSC%29.pdf"
],
"synonyms": [
"HUC Packet Transmitter",
"HTran"
] ]
}, },
"uuid": "f3bfe513-2a65-49b5-9d64-a66541dce697", "uuid": "f3bfe513-2a65-49b5-9d64-a66541dce697",
@ -7384,7 +7391,17 @@
}, },
"uuid": "9972d4c4-d6c6-11e8-867e-87b4a45aa76d", "uuid": "9972d4c4-d6c6-11e8-867e-87b4a45aa76d",
"value": "August" "value": "August"
},
{
"description": "China Chopper is a publicly available, well-documented web shell, in widespread use since 2012.",
"meta": {
"refs": [
"https://www.ncsc.gov.uk/content/files/protected_files/article_files/Joint%20report%20on%20publicly%20available%20hacking%20tools%20%28NCSC%29.pdf"
]
},
"uuid": "1ac4a966-0c74-46d5-b7e1-a40f4c681bc8",
"value": "China Chopper"
} }
], ],
"version": 98 "version": 99
} }