mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-27 01:07:18 +00:00
More adversary tools added
This commit is contained in:
parent
abf850ec9f
commit
1f26cca3b8
1 changed files with 137 additions and 0 deletions
|
@ -28,6 +28,11 @@
|
||||||
{
|
{
|
||||||
"value": "Joy RAT"
|
"value": "Joy RAT"
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"value": "njRAT",
|
||||||
|
"synonyms": ["Bladakindi"],
|
||||||
|
"refs": ["http://www.fidelissecurity.com/files/files/FTA_1009-njRAT_Uncovered_rev2.pdf"]
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"value": "Sakula",
|
"value": "Sakula",
|
||||||
"synonyms": ["Sakurel"]
|
"synonyms": ["Sakurel"]
|
||||||
|
@ -225,6 +230,138 @@
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "Tdrop2"
|
"value": "Tdrop2"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "ZXShell",
|
||||||
|
"synonyms": ["Sensode"],
|
||||||
|
"refs": ["http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "T9000",
|
||||||
|
"refs": ["http://researchcenter.paloaltonetworks.com/2016/02/t9000-advanced-modular-backdoor-uses-complex-anti-analysis-techniques/"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "T5000",
|
||||||
|
"synonyms": ["Plat1"],
|
||||||
|
"refs": ["http://www.cylance.com/techblog/Grand-Theft-Auto-Panda.shtml"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "Taidoor",
|
||||||
|
"refs": ["http://www.symantec.com/connect/blogs/trojantaidoor-takes-aim-policy-think-tanks"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "Swisyn",
|
||||||
|
"refs": ["http://labs.alienvault.com/labs/index.php/2013/latest-adobe-pdf-exploit-used-to-target-uyghur-and-tibetan-activists/"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "Rekaf",
|
||||||
|
"refs": ["https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "Scieron"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "SkeletonKey",
|
||||||
|
"refs": ["http://www.secureworks.com/cyber-threat-intelligence/threats/skeleton-key-malware-analysis/"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "Skyipot",
|
||||||
|
"refs": ["http://labs.alienvault.com/labs/index.php/2011/another-sykipot-sample-likely-targeting-us-federal-agencies/"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "Spindest",
|
||||||
|
"refs": ["http://www.threatconnect.com/news/threatconnect-enables-healthy-networking-biomed-life-sciences-industry/"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "Preshin"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "Rekaf",
|
||||||
|
"refs": ["https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "Oficla"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "PCClient RAT",
|
||||||
|
"refs": ["http://researchcenter.paloaltonetworks.com/2014/10/new-indicators-compromise-apt-group-nitro-uncovered/"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "Plexor"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "Mongall",
|
||||||
|
"refs": ["https://www.fireeye.com/blog/threat-research/2014/09/the-path-to-mass-producing-cyber-attacks.html"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "NeD Worm",
|
||||||
|
"refs": ["http://www.clearskysec.com/dustysky/"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "NewCT",
|
||||||
|
"refs": ["https://www.fireeye.com/blog/threat-research/2014/09/the-path-to-mass-producing-cyber-attacks.html"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "Nflog",
|
||||||
|
"refs": ["https://www.fireeye.com/blog/threat-research/2014/09/the-path-to-mass-producing-cyber-attacks.html"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "Janicab",
|
||||||
|
"refs": ["http://blog.avast.com/2013/07/22/multisystem-trojan-janicab-attacks-windows-and-macosx-via-scripts/"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "Jripbot",
|
||||||
|
"synonyms": ["Jiripbot"],
|
||||||
|
"refs": ["http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/butterfly-corporate-spies-out-for-financial-gain.pdf"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "Jolob",
|
||||||
|
"refs": ["http://pwc.blogs.com/cyber_security_updates/2014/10/scanbox-framework-whos-affected-and-whos-using-it-1.html"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "IsSpace",
|
||||||
|
"refs": ["https://www.fireeye.com/blog/threat-research/2014/09/the-path-to-mass-producing-cyber-attacks.html"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "Hoardy",
|
||||||
|
"synonyms": ["Hoarde", "Phindolp", "BS2005"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "Htran",
|
||||||
|
"refs": ["http://www.secureworks.com/research/threats/htran/"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "HTTPBrowser",
|
||||||
|
"synonyms": ["TokenControl"],
|
||||||
|
"refs": ["https://www.threatstream.com/blog/evasive-maneuvers-the-wekby-group-attempts-to-evade-analysis-via-custom-rop"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "Disgufa"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "Elirks"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "Emdivi",
|
||||||
|
"synonyms": ["Newsripper"],
|
||||||
|
"refs": ["http://www.symantec.com/connect/blogs/operation-cloudyomega-ichitaro-zero-day-and-ongoing-cyberespionage-campaign-targeting-japan"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "Etumbot",
|
||||||
|
"synonyms": ["Exploz", "Specfix", "RIPTIDE"],
|
||||||
|
"refs": ["www.arbornetworks.com/asert/wp-content/uploads/2014/06/ASERT-Threat-Intelligence-Brief-2014-07-Illuminating-Etumbot-APT.pdf"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "Fexel",
|
||||||
|
"synonyms": ["Loneagent"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "Fysbis",
|
||||||
|
"refs": ["http://researchcenter.paloaltonetworks.com/2016/02/a-look-into-fysbis-sofacys-linux-backdoor/"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "Hikit",
|
||||||
|
"refs": ["https://blog.bit9.com/2013/02/25/bit9-security-incident-update/"]
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version" : 1,
|
"version" : 1,
|
||||||
|
|
Loading…
Reference in a new issue