mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-27 01:07:18 +00:00
commit
1f4db6d4a1
2 changed files with 565 additions and 30 deletions
|
@ -9,7 +9,8 @@
|
|||
"Advanced Persistent Threat 1",
|
||||
"Byzantine Candor",
|
||||
"Group 3",
|
||||
"TG-8223"
|
||||
"TG-8223",
|
||||
"Comment Group"
|
||||
],
|
||||
"country": "CN",
|
||||
"refs": [
|
||||
|
@ -670,7 +671,9 @@
|
|||
"synonyms": [
|
||||
"Operation Cleaver",
|
||||
"Tarh Andishan",
|
||||
"Alibaba"
|
||||
"Alibaba",
|
||||
"2889",
|
||||
"TG-2889"
|
||||
],
|
||||
"refs": [
|
||||
"http://cdn2.hubspot.net/hubfs/270968/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf"
|
||||
|
@ -1100,6 +1103,10 @@
|
|||
},
|
||||
{
|
||||
"meta": {
|
||||
"synonyms": [
|
||||
"TG-3390",
|
||||
"Emissary Panda"
|
||||
],
|
||||
"refs": [
|
||||
"http://www.secureworks.com/cyber-threat-intelligence/threats/threat-group-3390-targets-organizations-for-cyberespionage/",
|
||||
"https://attack.mitre.org"
|
||||
|
|
|
@ -233,7 +233,8 @@
|
|||
"Jorik"
|
||||
],
|
||||
"refs": [
|
||||
"http://www.fidelissecurity.com/files/files/FTA_1009-njRAT_Uncovered_rev2.pdf"
|
||||
"http://www.fidelissecurity.com/files/files/FTA_1009-njRAT_Uncovered_rev2.pdf",
|
||||
"https://github.com/kevthehermit/RATDecoders/blob/master/yaraRules/njRat.yar"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
|
@ -355,10 +356,37 @@
|
|||
}
|
||||
},
|
||||
{
|
||||
"value": "NetTraveler"
|
||||
"value": "NetTraveler",
|
||||
"description": "APT that infected hundreds of high profile victims in more than 40 countries. Known targets of NetTraveler include Tibetan/Uyghur activists, oil industry companies, scientific research centers and institutes, universities, private companies, governments and governmental institutions, embassies and military contractors.",
|
||||
"meta": {
|
||||
"synonyms": [
|
||||
"TravNet",
|
||||
"Netfile"
|
||||
],
|
||||
"refs": [
|
||||
"https://securelist.com/blog/incidents/57455/nettraveler-is-back-the-red-star-apt-returns-with-new-tricks/"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "Winnti"
|
||||
"value": "Winnti",
|
||||
"description": "APT used As part of Operation SMN, Novetta analyzed recent versions of the Winnti malware. The samples, compiled from mid- to late 2014, exhibited minimal functional changes over the previous generations Kaspersky reported in 2013.",
|
||||
"meta": {
|
||||
"synonyms": [
|
||||
"Etso",
|
||||
"SUQ",
|
||||
"Agent.ALQHI"
|
||||
],
|
||||
"refs": [
|
||||
"https://securelist.com/blog/incidents/57455/nettraveler-is-back-the-red-star-apt-returns-with-new-tricks/"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "Mimikatz",
|
||||
|
@ -376,33 +404,104 @@
|
|||
}
|
||||
},
|
||||
{
|
||||
"value": "WEBC2"
|
||||
},
|
||||
{
|
||||
"value": "Pirpi",
|
||||
"value": "WEBC2",
|
||||
"description": "Backdoor attribued to APT1",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"http://www.symantec.com/connect/blogs/buckeye-cyberespionage-group-shifts-gaze-us-hong-kong"
|
||||
"https://github.com/gnaegle/cse4990-practical3",
|
||||
"https://www.securestate.com/blog/2013/02/20/apt-if-it-aint-broke"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "RARSTONE"
|
||||
"value": "Pirpi",
|
||||
"description": "Symantec has observed Buckeye activity dating back to 2009, involving attacks on various organizations in several regions. Buckeye used a remote access Trojan (Backdoor.Pirpi) in attacks against a US organization’s network in 2009. The group delivered Backdoor.Pirpi through malicious attachments or links in convincing spear-phishing emails.",
|
||||
"meta": {
|
||||
"synonyms": [
|
||||
"Badey",
|
||||
"EXL"
|
||||
],
|
||||
"refs": [
|
||||
"http://www.symantec.com/connect/blogs/buckeye-cyberespionage-group-shifts-gaze-us-hong-kong"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "BACKSPACe"
|
||||
"value": "RARSTONE",
|
||||
"description": "RARSTONE is a Remote Access Tool (RAT) discovered early 2013 by TrendMicro, it’s characterized by a great affinity with the other RAT know as Plug is and was used in April for phishing campaigns that followed the dramatic attack to the Boston Marathon.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"http://blog.trendmicro.com/trendlabs-security-intelligence/bkdr_rarstone-new-rat-to-watch-out-for/"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "XSControl"
|
||||
"value": "Backspace",
|
||||
"description": "Backspace is a Backdoor that targets the Windows platform. This malware is reportedly associated with targeted attacks against Association of Southeast Asian Nations (ASEAN) members (APT30).",
|
||||
"meta": {
|
||||
"synonyms": [
|
||||
"Lecna"
|
||||
],
|
||||
"refs": [
|
||||
"https://www2.fireeye.com/WEB-2015RPTAPT30.html",
|
||||
"https://www.fireeye.com/content/dam/fireeye-www/current-threats/pdfs/rpt-southeast-asia-threat-landscape.pdf"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "NETEAGLE"
|
||||
"value": "XSControl",
|
||||
"description": "Backdoor user by he Naikon APT group",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://securelist.com/analysis/publications/69953/the-naikon-apt/",
|
||||
"https://kasperskycontenthub.com/securelist/files/2015/05/TheNaikonAPT-MsnMM.pdf"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "Neteagle",
|
||||
"description": "NETEAGLE is a backdoor developed by APT30 with compile dates as early as 2008. It has two main variants known as Scout and Norton.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://attack.mitre.org/wiki/Software/S0034",
|
||||
"https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
|
||||
],
|
||||
"synonyms": [
|
||||
"scout",
|
||||
"norton"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "Agent.BTZ",
|
||||
"description": "In November 2014, the experts of the G DATA SecurityLabs published an article about ComRAT, the Agent.BTZ successor. We explained that this case is linked to the Uroburos rootkit.",
|
||||
"meta": {
|
||||
"synonyms": [
|
||||
"ComRat"
|
||||
],
|
||||
"refs": [
|
||||
"https://blog.gdatasoftware.com/2015/01/23927-evolution-of-sophisticated-spyware-from-agent-btz-to-comrat"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
|
@ -419,18 +518,36 @@
|
|||
"meta": {
|
||||
"synonyms": [
|
||||
"Tavdig",
|
||||
"Epic Turla"
|
||||
"Epic Turla",
|
||||
"WorldCupSec",
|
||||
"TadjMakhal"
|
||||
],
|
||||
"refs": [
|
||||
"https://securelist.com/analysis/publications/65545/the-epic-turla-operation/",
|
||||
"https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/waterbug-attack-group.pdf"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "Turla"
|
||||
},
|
||||
{
|
||||
"value": "Uroburos"
|
||||
"value": "Turla",
|
||||
"description": "Family of related sophisticated backdoor software - Name comes from Microsoft detection signature – anagram of Ultra (Ultra3) was a name of the fake driver).",
|
||||
"meta": {
|
||||
"synonyms": [
|
||||
"Snake",
|
||||
"Uroburos",
|
||||
"Urouros"
|
||||
],
|
||||
"refs": [
|
||||
"https://www.first.org/resources/papers/tbilisi2014/turla-operations_and_development.pdf"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor",
|
||||
"Rootkit"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "Winexe"
|
||||
|
@ -439,10 +556,6 @@
|
|||
"value": "Dark Comet",
|
||||
"description": "RAT initialy identified in 2011 and still actively used."
|
||||
},
|
||||
{
|
||||
"value": "AlienSpy",
|
||||
"description": "RAT for Apple OS X platforms"
|
||||
},
|
||||
{
|
||||
"value": "Cadelspy",
|
||||
"meta": {
|
||||
|
@ -518,32 +631,38 @@
|
|||
},
|
||||
{
|
||||
"value": "CHOPSTICK",
|
||||
"description": "backdoor",
|
||||
"description": "backdoor used by apt28 ",
|
||||
"meta": {
|
||||
"synonyms": [
|
||||
"Xagent",
|
||||
"webhp",
|
||||
"SPLM",
|
||||
"(.v2 fysbis)"
|
||||
],
|
||||
"refs": [
|
||||
"https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf"
|
||||
],
|
||||
"possible_issues": "Report tells that is could be Xagent alias (Java Rat)",
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "EVILTOSS",
|
||||
"description": "backdoor",
|
||||
"description": "backdoor used by apt28",
|
||||
"meta": {
|
||||
"synonyms": [
|
||||
"Sedreco",
|
||||
"AZZY",
|
||||
"Xagent",
|
||||
"ADVSTORESHELL",
|
||||
"NETUI"
|
||||
],
|
||||
"refs": [
|
||||
"https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf"
|
||||
],
|
||||
"possible_issues": "Report tells that is could be Xagent alias (Java Rat)",
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
|
@ -559,6 +678,9 @@
|
|||
],
|
||||
"refs": [
|
||||
"https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
|
@ -1057,12 +1179,17 @@
|
|||
},
|
||||
{
|
||||
"value": "X-Agent",
|
||||
"description": "This backdoor component is known to have a modular structure featuring various espionage functionalities, such as key-logging, screen grabbing and file exfiltration. This component is available for Osx, Windows, Linux and iOS operating systems.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-update-ios-espionage-app-found/"
|
||||
"http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-update-ios-espionage-app-found/",
|
||||
"https://app.box.com/s/l7n781ig6n8wlf1aff5hgwbh4qoi5jqq"
|
||||
],
|
||||
"synonyms": [
|
||||
"XAgent"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
|
@ -1112,6 +1239,9 @@
|
|||
"meta": {
|
||||
"refs": [
|
||||
"https://www.proofpoint.com/sites/default/files/proofpoint-operation-transparent-tribe-threat-insight-en.pdf"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
|
@ -1121,6 +1251,9 @@
|
|||
"meta": {
|
||||
"refs": [
|
||||
"http://www.welivesecurity.com/wp-content/uploads/2016/05/Operation-Groundbait.pdf"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
|
@ -1385,8 +1518,7 @@
|
|||
"meta": {
|
||||
"synonyms": [
|
||||
"Trojan.Zbot",
|
||||
"Zbot",
|
||||
"ZeuS"
|
||||
"Zbot"
|
||||
],
|
||||
"refs": [
|
||||
"https://en.wikipedia.org/wiki/Zeus_(malware)",
|
||||
|
@ -1501,6 +1633,402 @@
|
|||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "adzok",
|
||||
"description": "Remote Access Trojan",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://github.com/kevthehermit/RATDecoders"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "albertino",
|
||||
"description": "Remote Access Trojan",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://github.com/kevthehermit/RATDecoders"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "arcom",
|
||||
"description": "Remote Access Trojan",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://github.com/kevthehermit/RATDecoders"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "blacknix",
|
||||
"description": "Remote Access Trojan",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://github.com/kevthehermit/RATDecoders"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "bluebanana",
|
||||
"description": "Remote Access Trojan",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://github.com/kevthehermit/RATDecoders"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "bozok",
|
||||
"description": "Remote Access Trojan",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://github.com/kevthehermit/RATDecoders"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "clientmesh",
|
||||
"description": "Remote Access Trojan",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://github.com/kevthehermit/RATDecoders"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "cybergate",
|
||||
"description": "Remote Access Trojan",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://github.com/kevthehermit/RATDecoders"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "darkcomet",
|
||||
"description": "Remote Access Trojan",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://github.com/kevthehermit/RATDecoders"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "darkrat",
|
||||
"description": "Remote Access Trojan",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://github.com/kevthehermit/RATDecoders"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "gh0st",
|
||||
"description": "Remote Access Trojan",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://github.com/kevthehermit/RATDecoders"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "greame",
|
||||
"description": "Remote Access Trojan",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://github.com/kevthehermit/RATDecoders"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "hawkeye",
|
||||
"description": "Remote Access Trojan",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://github.com/kevthehermit/RATDecoders"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "javadropper",
|
||||
"description": "Remote Access Trojan",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://github.com/kevthehermit/RATDecoders"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "lostdoor",
|
||||
"description": "Remote Access Trojan",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://github.com/kevthehermit/RATDecoders"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "luxnet",
|
||||
"description": "Remote Access Trojan",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://github.com/kevthehermit/RATDecoders"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "pandora",
|
||||
"description": "Remote Access Trojan",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://github.com/kevthehermit/RATDecoders"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "poisonivy",
|
||||
"description": "Remote Access Trojan",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://github.com/kevthehermit/RATDecoders"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "predatorpain",
|
||||
"description": "Remote Access Trojan",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://github.com/kevthehermit/RATDecoders"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "punisher",
|
||||
"description": "Remote Access Trojan",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://github.com/kevthehermit/RATDecoders"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "qrat",
|
||||
"description": "Remote Access Trojan",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://github.com/kevthehermit/RATDecoders"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "shadowtech",
|
||||
"description": "Remote Access Trojan",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://github.com/kevthehermit/RATDecoders"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "smallnet",
|
||||
"description": "Remote Access Trojan",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://github.com/kevthehermit/RATDecoders"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "spygate",
|
||||
"description": "Remote Access Trojan",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://github.com/kevthehermit/RATDecoders"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "template",
|
||||
"description": "Remote Access Trojan",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://github.com/kevthehermit/RATDecoders"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "tapaoux",
|
||||
"description": "Remote Access Trojan",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://github.com/kevthehermit/RATDecoders"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "vantom",
|
||||
"description": "Remote Access Trojan",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://github.com/kevthehermit/RATDecoders"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "virusrat",
|
||||
"description": "Remote Access Trojan",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://github.com/kevthehermit/RATDecoders"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "xena",
|
||||
"description": "Remote Access Trojan",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://github.com/kevthehermit/RATDecoders"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "xtreme",
|
||||
"description": "Remote Access Trojan",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://github.com/kevthehermit/RATDecoders"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "darkddoser",
|
||||
"description": "Remote Access Trojan",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://github.com/kevthehermit/RATDecoders"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "jspy",
|
||||
"description": "Remote Access Trojan",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://github.com/kevthehermit/RATDecoders"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "xrat",
|
||||
"description": "Remote Access Trojan",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://github.com/kevthehermit/RATDecoders"
|
||||
],
|
||||
"type": [
|
||||
"Backdoor"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"value": "PupyRAT",
|
||||
"description": "Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python.",
|
||||
|
|
Loading…
Reference in a new issue