Merge pull request #67 from Delta-Sierra/master

add some rats and tools
This commit is contained in:
Alexandre Dulaunoy 2017-06-16 22:18:14 +02:00 committed by GitHub
commit 3219d5de5c
2 changed files with 67 additions and 0 deletions

View file

@ -720,6 +720,49 @@
},
"description": "Free, Open-Source Remote Administration Tool. xRAT 2.0 is a fast and light-weight Remote Administration Tool coded in C# (using .NET Framework 2.0).",
"value": "xRAT"
},
{
"meta": {
"refs": [
"http://sakhackingarticles.blogspot.lu/2014/08/biodox-rat.html"
]
},
"value": "Biodox"
},
{
"meta": {
"refs": [
"https://leakforums.net/thread-31386?tid=31386&&pq=1"
]
},
"description": "Offense RAT is a free renote administration tool made in Delphi 9.",
"value": "Offence"
},
{
"meta": {
"refs": [
"https://leakforums.net/thread-36962"
]
},
"value": "Apocalypse"
},
{
"meta": {
"refs": [
"https://leakforums.net/thread-363920"
]
},
"value": "JCage"
},
{
"meta": {
"refs": [
"http://malware.wikia.com/wiki/Nuclear_RAT",
"http://www.nuclearwintercrew.com/Products-View/21/Nuclear_RAT_2.1.0/"
]
},
"description": "Nuclear RAT (short for Nuclear Remote Administration Tool) is a backdoor trojan horse that infects Windows NT family systems (Windows 2000, XP, 2003).",
"value": "Nuclear RAT"
}
]
}

View file

@ -2782,6 +2782,30 @@
"http://researchcenter.paloaltonetworks.com/2017/05/unit42-kazuar-multiplatform-espionage-backdoor-api-access/"
]
}
},
{
"description": "Many links indicate, that this bot is another product of the people previously involved in Dyreza. It seems to be rewritten from scratch however, it contains many similar features and solutions to those we encountered analyzing Dyreza (read more).",
"value": "Trick Bot",
"meta": {
"refs": [
"https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/",
"https://blog.fraudwatchinternational.com/malware/trickbot-malware-works",
"https://securityintelligence.com/trickbot-is-hand-picking-private-banks-for-targets-with-redirection-attacks-in-tow/"
],
"synonyms": [
"TrickBot",
"TrickLoader"
]
}
},
{
"value": "Moneygram Adwind",
"meta": {
"refs": [
"https://myonlinesecurity.co.uk/new-guidelines-from-moneygram-malspam-delivers-a-brand-new-java-adwind-version/"
]
}
}
]
}