add travle/PYLOT

This commit is contained in:
Deborah Servili 2018-01-15 14:44:36 +01:00
parent 8240934eb5
commit 8c1583b962

View file

@ -10,7 +10,7 @@
],
"description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
"uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
"version": 47,
"version": 48,
"values": [
{
"meta": {
@ -3326,6 +3326,18 @@
"https://objective-see.com/blog/blog_0x25.html"
]
}
},
{
"value": "Travle",
"description": "The Travle sample found during our investigation was a DLL with a single exported function (MSOProtect). The malware name Travle was chosen given a string found in early samples of this family: “Travle Path Failed!”. This typo was replaced with correct word “Travel” in newer releases. We believe that Travle could be a successor to the NetTraveler family.",
"meta": {
"refs": [
"https://securelist.com/travle-aka-pylot-backdoor-hits-russian-speaking-targets/83455/"
],
"synonyms": [
"PYLOT"
]
}
}
]
}