From 2556273a22ac32ded31e8a66c8b4323929c9ca57 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Thu, 17 Mar 2016 07:34:47 +0100 Subject: [PATCH] More adversaries tools --- elements/threat-actor-tools.json | 152 ++++++++++++++++++++++++++++++- 1 file changed, 150 insertions(+), 2 deletions(-) diff --git a/elements/threat-actor-tools.json b/elements/threat-actor-tools.json index 9772544..90f5afa 100644 --- a/elements/threat-actor-tools.json +++ b/elements/threat-actor-tools.json @@ -13,6 +13,16 @@ { "value": "Torn RAT" }, + { + "value": "ZeGhost" + }, + { + "value": "Elise Backdoor", + "synonyms": ["Elise"] + }, + { + "value": "Lstudio" + }, { "value": "Joy RAT" }, @@ -34,10 +44,148 @@ }, { "value": "Backdoor.Moudoor" + }, + { + "value": "NetTraveler" + }, + { + "value": "Winnti" + }, + { + "value": "Mimikatz" + }, + { + "value": "WEBC2" + }, + { + "value": "Pirpi" + }, + { + "value": "RARSTONE" + }, + { + "value": "BACKSPACe" + }, + { + "value": "XSControl" + }, + { + "value": "NETEAGLE" + }, + { + "value": "Agent.BTZ" + }, + { + "value": "Agent.dne" + }, + { + "value": "Wipbot" + }, + { + "value": "Turla" + }, + { + "value": "Uroburos" + }, + { + "value": "Winexe" + }, + { + "value": "CORESHELL" + }, + { + "value": "CHOPSTICK" + }, + { + "value": "SOURFACE" + }, + { + "value": "OLDBAIT" + }, + { + "value": "Havex RAT" + }, + { + "value": "LURK" + }, + { + "value": "Oldrea" + }, + { + "value": "AmmyAdmin" + }, + { + "value": "Matryoshka" + }, + { + "value": "TinyZBot" + }, + { + "value": "GHOLE" + }, + { + "value": "CWoolger" + }, + { + "value": "FireMalv" + }, + { + "value": "Regin" + }, + { + "value": "Duqu" + }, + { + "value": "Flame" + }, + { + "value": "Stuxnet" + }, + { + "value": "EquationLaser" + }, + { + "value": "EquationDrug" + }, + { + "value": "DoubleFantasy" + }, + { + "value": "TripleFantasy" + }, + { + "value": "Fanny" + }, + { + "value": "GrayFish" + }, + { + "value": "Babar" + }, + { + "value": "Bunny" + }, + { + "value": "Casper" + }, + { + "value": "NBot" + }, + { + "value": "Tafacalou" + }, + { + "value": "Tdrop" + }, + { + "value": "Troy" + }, + { + "value": "Tdrop2" } ], "version" : 1, - "description": "threat-actor-tools is an enumeration of tools used by adversaries.", - "author": ["Alexandre Dulaunoy"], + "description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.", + "author": ["Alexandre Dulaunoy", "Florian Roth"], "type": "threat-actor-tools" }