add GravityRAT

This commit is contained in:
Deborah Servili 2018-05-03 14:35:20 +02:00
parent 55504f93d6
commit 434716df86

View file

@ -7,7 +7,7 @@
], ],
"description": "remote administration tool or remote access tool (RAT), also called sometimes remote access trojan, is a piece of software or programming that allows a remote \"operator\" to control a system as if they have physical access to that system.", "description": "remote administration tool or remote access tool (RAT), also called sometimes remote access trojan, is a piece of software or programming that allows a remote \"operator\" to control a system as if they have physical access to that system.",
"uuid": "312f8714-45cb-11e7-b898-135207cdceb9", "uuid": "312f8714-45cb-11e7-b898-135207cdceb9",
"version": 7, "version": 8,
"values": [ "values": [
{ {
"meta": { "meta": {
@ -2409,7 +2409,8 @@
"refs": [ "refs": [
"http://blog.jpcert.or.jp/.s/2018/03/malware-tscooki-7aa0.html" "http://blog.jpcert.or.jp/.s/2018/03/malware-tscooki-7aa0.html"
] ]
} },
"uuid": "7b107b46-4eca-11e8-b89f-0366ae765ddd"
}, },
{ {
"value": "Coldroot", "value": "Coldroot",
@ -2420,7 +2421,8 @@
"https://www.bleepingcomputer.com/news/security/coldroot-rat-still-undetectable-despite-being-uploaded-on-github-two-years-ago/", "https://www.bleepingcomputer.com/news/security/coldroot-rat-still-undetectable-despite-being-uploaded-on-github-two-years-ago/",
"https://github.com/xlinshan/Coldroot" "https://github.com/xlinshan/Coldroot"
] ]
} },
"uuid": "86f1f048-4eca-11e8-a08e-7708666ace6e"
}, },
{ {
"value": "Comnie", "value": "Comnie",
@ -2431,7 +2433,18 @@
"https://exchange.xforce.ibmcloud.com/collection/East-Asia-Organizations-Victims-of-Comnie-Attack-12749a9dbc20e2f40b3ae99c43416d8c", "https://exchange.xforce.ibmcloud.com/collection/East-Asia-Organizations-Victims-of-Comnie-Attack-12749a9dbc20e2f40b3ae99c43416d8c",
"https://researchcenter.paloaltonetworks.com/2018/01/unit42-comnie-continues-target-organizations-east-asia/" "https://researchcenter.paloaltonetworks.com/2018/01/unit42-comnie-continues-target-organizations-east-asia/"
] ]
} },
"uuid": "d14806fe-4ecb-11e8-a120-ff726de6a4d3"
},
{
"value": "GravityRAT",
"description": "GravityRAT has been under ongoing development for at least 18 months, during which the developer has implemented new features. We've seen file exfiltration, remote command execution capability and anti-vm techniques added throughout the life of GravityRAT. This consistent evolution beyond standard remote code execution is concerning because it shows determination and innovation by the actor. ",
"meta": {
"refs": [
"https://blog.talosintelligence.com/2018/04/gravityrat-two-year-evolution-of-apt.html"
]
},
"uuid": "2d356870-4ecd-11e8-9bb8-e3ba5aa7da31"
} }
] ]
} }