From 1f26cca3b83a25244f9cdbb4828df10cf5475578 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Wed, 23 Mar 2016 13:33:03 +0100 Subject: [PATCH] More adversary tools added --- elements/threat-actor-tools.json | 137 +++++++++++++++++++++++++++++++ 1 file changed, 137 insertions(+) diff --git a/elements/threat-actor-tools.json b/elements/threat-actor-tools.json index 2ba27cf..8076895 100644 --- a/elements/threat-actor-tools.json +++ b/elements/threat-actor-tools.json @@ -28,6 +28,11 @@ { "value": "Joy RAT" }, + { + "value": "njRAT", + "synonyms": ["Bladakindi"], + "refs": ["http://www.fidelissecurity.com/files/files/FTA_1009-njRAT_Uncovered_rev2.pdf"] + }, { "value": "Sakula", "synonyms": ["Sakurel"] @@ -225,6 +230,138 @@ }, { "value": "Tdrop2" + }, + { + "value": "ZXShell", + "synonyms": ["Sensode"], + "refs": ["http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html"] + }, + { + "value": "T9000", + "refs": ["http://researchcenter.paloaltonetworks.com/2016/02/t9000-advanced-modular-backdoor-uses-complex-anti-analysis-techniques/"] + }, + { + "value": "T5000", + "synonyms": ["Plat1"], + "refs": ["http://www.cylance.com/techblog/Grand-Theft-Auto-Panda.shtml"] + }, + { + "value": "Taidoor", + "refs": ["http://www.symantec.com/connect/blogs/trojantaidoor-takes-aim-policy-think-tanks"] + }, + { + "value": "Swisyn", + "refs": ["http://labs.alienvault.com/labs/index.php/2013/latest-adobe-pdf-exploit-used-to-target-uyghur-and-tibetan-activists/"] + }, + { + "value": "Rekaf", + "refs": ["https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"] + }, + { + "value": "Scieron" + }, + { + "value": "SkeletonKey", + "refs": ["http://www.secureworks.com/cyber-threat-intelligence/threats/skeleton-key-malware-analysis/"] + }, + { + "value": "Skyipot", + "refs": ["http://labs.alienvault.com/labs/index.php/2011/another-sykipot-sample-likely-targeting-us-federal-agencies/"] + }, + { + "value": "Spindest", + "refs": ["http://www.threatconnect.com/news/threatconnect-enables-healthy-networking-biomed-life-sciences-industry/"] + }, + { + "value": "Preshin" + }, + { + "value": "Rekaf", + "refs": ["https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"] + }, + { + "value": "Oficla" + }, + { + "value": "PCClient RAT", + "refs": ["http://researchcenter.paloaltonetworks.com/2014/10/new-indicators-compromise-apt-group-nitro-uncovered/"] + }, + { + "value": "Plexor" + }, + { + "value": "Mongall", + "refs": ["https://www.fireeye.com/blog/threat-research/2014/09/the-path-to-mass-producing-cyber-attacks.html"] + }, + { + "value": "NeD Worm", + "refs": ["http://www.clearskysec.com/dustysky/"] + }, + { + "value": "NewCT", + "refs": ["https://www.fireeye.com/blog/threat-research/2014/09/the-path-to-mass-producing-cyber-attacks.html"] + }, + { + "value": "Nflog", + "refs": ["https://www.fireeye.com/blog/threat-research/2014/09/the-path-to-mass-producing-cyber-attacks.html"] + }, + { + "value": "Janicab", + "refs": ["http://blog.avast.com/2013/07/22/multisystem-trojan-janicab-attacks-windows-and-macosx-via-scripts/"] + }, + { + "value": "Jripbot", + "synonyms": ["Jiripbot"], + "refs": ["http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/butterfly-corporate-spies-out-for-financial-gain.pdf"] + }, + { + "value": "Jolob", + "refs": ["http://pwc.blogs.com/cyber_security_updates/2014/10/scanbox-framework-whos-affected-and-whos-using-it-1.html"] + }, + { + "value": "IsSpace", + "refs": ["https://www.fireeye.com/blog/threat-research/2014/09/the-path-to-mass-producing-cyber-attacks.html"] + }, + { + "value": "Hoardy", + "synonyms": ["Hoarde", "Phindolp", "BS2005"] + }, + { + "value": "Htran", + "refs": ["http://www.secureworks.com/research/threats/htran/"] + }, + { + "value": "HTTPBrowser", + "synonyms": ["TokenControl"], + "refs": ["https://www.threatstream.com/blog/evasive-maneuvers-the-wekby-group-attempts-to-evade-analysis-via-custom-rop"] + }, + { + "value": "Disgufa" + }, + { + "value": "Elirks" + }, + { + "value": "Emdivi", + "synonyms": ["Newsripper"], + "refs": ["http://www.symantec.com/connect/blogs/operation-cloudyomega-ichitaro-zero-day-and-ongoing-cyberespionage-campaign-targeting-japan"] + }, + { + "value": "Etumbot", + "synonyms": ["Exploz", "Specfix", "RIPTIDE"], + "refs": ["www.arbornetworks.com/asert/wp-content/uploads/2014/06/ASERT-Threat-Intelligence-Brief-2014-07-Illuminating-Etumbot-APT.pdf"] + }, + { + "value": "Fexel", + "synonyms": ["Loneagent"] + }, + { + "value": "Fysbis", + "refs": ["http://researchcenter.paloaltonetworks.com/2016/02/a-look-into-fysbis-sofacys-linux-backdoor/"] + }, + { + "value": "Hikit", + "refs": ["https://blog.bit9.com/2013/02/25/bit9-security-incident-update/"] } ], "version" : 1,