add Joanap RAT

This commit is contained in:
Deborah Servili 2018-06-06 14:34:42 +02:00
parent 308774755c
commit 3e10d0957c

View file

@ -2,7 +2,7 @@
"uuid": "312f8714-45cb-11e7-b898-135207cdceb9", "uuid": "312f8714-45cb-11e7-b898-135207cdceb9",
"name": "RAT", "name": "RAT",
"source": "MISP Project", "source": "MISP Project",
"version": 9, "version": 10,
"values": [ "values": [
{ {
"meta": { "meta": {
@ -2490,6 +2490,16 @@
"description": "Classic RAT that can download, upload, execute commands on the victim host and perform keylogging. However, the command and control (C2) infrastructure is very specific. It uses the legitimate Naver email platform in order to communicate with the attackers via email", "description": "Classic RAT that can download, upload, execute commands on the victim host and perform keylogging. However, the command and control (C2) infrastructure is very specific. It uses the legitimate Naver email platform in order to communicate with the attackers via email",
"value": "NavRAT", "value": "NavRAT",
"uuid": "6ea032a0-d54a-463b-b016-2b7b9b9a5b7e" "uuid": "6ea032a0-d54a-463b-b016-2b7b9b9a5b7e"
},
{
"meta": {
"refs": [
"https://www.us-cert.gov/ncas/alerts/TA18-149A"
]
},
"description": "Joanap is a two-stage malware used to establish peer-to-peer communications and to manage botnets designed to enable other operations. Joanap malware provides HIDDEN COBRA actors with the ability to exfiltrate data, drop and run secondary payloads, and initialize proxy communications on a compromised Windows device. ",
"value": "joanap",
"uuid": "caac1aa2-6982-11e8-8107-a331ae3511e7"
} }
], ],
"authors": [ "authors": [