mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-26 16:57:18 +00:00
add Joanap RAT
This commit is contained in:
parent
308774755c
commit
3e10d0957c
1 changed files with 11 additions and 1 deletions
|
@ -2,7 +2,7 @@
|
|||
"uuid": "312f8714-45cb-11e7-b898-135207cdceb9",
|
||||
"name": "RAT",
|
||||
"source": "MISP Project",
|
||||
"version": 9,
|
||||
"version": 10,
|
||||
"values": [
|
||||
{
|
||||
"meta": {
|
||||
|
@ -2490,6 +2490,16 @@
|
|||
"description": "Classic RAT that can download, upload, execute commands on the victim host and perform keylogging. However, the command and control (C2) infrastructure is very specific. It uses the legitimate Naver email platform in order to communicate with the attackers via email",
|
||||
"value": "NavRAT",
|
||||
"uuid": "6ea032a0-d54a-463b-b016-2b7b9b9a5b7e"
|
||||
},
|
||||
{
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.us-cert.gov/ncas/alerts/TA18-149A"
|
||||
]
|
||||
},
|
||||
"description": "Joanap is a two-stage malware used to establish peer-to-peer communications and to manage botnets designed to enable other operations. Joanap malware provides HIDDEN COBRA actors with the ability to exfiltrate data, drop and run secondary payloads, and initialize proxy communications on a compromised Windows device. ",
|
||||
"value": "joanap",
|
||||
"uuid": "caac1aa2-6982-11e8-8107-a331ae3511e7"
|
||||
}
|
||||
],
|
||||
"authors": [
|
||||
|
|
Loading…
Reference in a new issue