From 4a7d9461f980390325a14f1a8bbc5881f6e921b8 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Sat, 19 Mar 2016 23:08:01 +0100 Subject: [PATCH] More RATs and description added. --- elements/threat-actor-tools.json | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/elements/threat-actor-tools.json b/elements/threat-actor-tools.json index 90f5afa..66bffc5 100644 --- a/elements/threat-actor-tools.json +++ b/elements/threat-actor-tools.json @@ -73,7 +73,12 @@ "value": "NETEAGLE" }, { - "value": "Agent.BTZ" + "value": "Agent.BTZ", + "synonyms": ["ComRat"] + }, + { + "value": "Heseber BOT", + "description": "RAT bundle with standard VNC (to avoid/limit A/V detection)." }, { "value": "Agent.dne" @@ -90,6 +95,14 @@ { "value": "Winexe" }, + { + "value": "Dark Comet", + "description": "RAT initialy identified in 2011 and still actively used." + }, + { + "value": "AlienSpy", + "description": "RAT for Apple OS X platforms" + }, { "value": "CORESHELL" }, @@ -103,7 +116,13 @@ "value": "OLDBAIT" }, { - "value": "Havex RAT" + "value": "Havex RAT", + "synonyms": ["Havex"] + }, + { + "value": "KjW0rm", + "description": "RAT initially written in VB.", + "refs": ["https://www.sentinelone.com/blog/understanding-kjw0rm-malware-we-dive-in-to-the-tv5-cyber-attack/"] }, { "value": "LURK"