Merge pull request #624 from nyx0/main

Add Exaramel and P.A.S. webshell tool.

clusters/tool.json

@@ -8235,7 +8235,40 @@
       "related": [],
       "uuid": "1974ea65-7312-4d91-a592-649983b46554",
       "value": "Caterpillar WebShell"
+    },
+    {
+      "description": "The P.A.S. webshell was developed by an ukrainian student, Jaroslav Volodimirovich Panchenko, who used the nick-name Profexer. It was developed in PHP and features a characteristic password-based encryption. This tool was available through a form on his website, where a user had to provide a password to receive a custom webshell. The form suggested a donation to the developer. It was commonly used, including during a WORDPRESS website attack.",
+      "meta": {
+        "refs": [
+          "https://us-cert.cisa.gov/GRIZZLY-STEPPE-Russian-Malicious-Cyber-Activity",
+          "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
+        ],
+        "synonyms": [
+          "Fobushell"
+        ],
+        "type": [
+          "webshell"
+        ]
+      },
+      "related": [],
+      "uuid": "6baa1f46-daa9-4f40-952b-ec613c835abb",
+      "value": "P.A.S. webshell"
+    },
+    {
+      "description": "Exaramel is a backdoor first publicly reported by ESET in 2018. Two samples were identified, one targeting the WINDOWS operating system and the other targeting LINUX operating systems.",
+      "meta": {
+        "refs": [
+          "https://www.welivesecurity.com/2018/10/11/new-telebots-backdoor-linking-industroyer-notpetya/",
+          "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
+        ],
+        "type": [
+          "backdoor"
+        ]
+      },
+      "related": [],
+      "uuid": "95174297-6dff-47d9-bcb9-263f9b2efcfb",
+      "value": "Exaramel"
     }
   ],
-  "version": 141
+  "version": 142
 }