Merge pull request #148 from Delta-Sierra/master

add travle/PYLOT
This commit is contained in:
Deborah Servili 2018-01-15 14:47:38 +01:00 committed by GitHub
commit 5a8caae6b5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -10,7 +10,7 @@
], ],
"description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.", "description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
"uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f", "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
"version": 47, "version": 48,
"values": [ "values": [
{ {
"meta": { "meta": {
@ -3326,6 +3326,18 @@
"https://objective-see.com/blog/blog_0x25.html" "https://objective-see.com/blog/blog_0x25.html"
] ]
} }
},
{
"value": "Travle",
"description": "The Travle sample found during our investigation was a DLL with a single exported function (MSOProtect). The malware name Travle was chosen given a string found in early samples of this family: “Travle Path Failed!”. This typo was replaced with correct word “Travel” in newer releases. We believe that Travle could be a successor to the NetTraveler family.",
"meta": {
"refs": [
"https://securelist.com/travle-aka-pylot-backdoor-hits-russian-speaking-targets/83455/"
],
"synonyms": [
"PYLOT"
]
}
} }
] ]
} }