MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-27 01:07:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

add ALMA Communicator

Browse source
This commit is contained in:
Deborah Servili 2017-11-09 09:25:16 +01:00
parent 3369270bdb
commit 880c74f469
1 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
clusters/tool.json
View file

@ -3011,6 +3011,15 @@
"https://researchcenter.paloaltonetworks.com/2017/03/unit42-dimnie-hiding-plain-sight/" "https://researchcenter.paloaltonetworks.com/2017/03/unit42-dimnie-hiding-plain-sight/"
] ]
} }
},
{
"value": "ALMA Communicator",
"description": "The ALMA Communicator Trojan is a backdoor Trojan that uses DNS tunneling exclusively to receive commands from the adversary and to exfiltrate data. This Trojan specifically reads in a configuration from the cfg file that was initially created by the Clayslide delivery document. ALMA does not have an internal configuration, so the Trojan does not function without the cfg file created by the delivery document.",
"meta": {
"refs": [
"https://researchcenter.paloaltonetworks.com/2017/11/unit42-oilrig-deploys-alma-communicator-dns-tunneling-trojan/"
]
}
} }
] ]
} }