add SSHDoor

2024-12-03 12:17:20 +00:00 · 2017-12-14 11:37:05 +01:00 · 2017-12-14 11:37:05 +01:00 · 901d624a52
commit 901d624a52
parent a2deaed935
1 changed files with 11 additions and 2 deletions
--- a/clusters/tool.json
+++ b/clusters/tool.json
@ -10,7 +10,7 @@
  ],
  "description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
  "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
-  "version": 42,
+  "version": 43,
  "values": [
    {
      "meta": {
@ -3117,13 +3117,22 @@
    },
    {
      "value": "Quant Loader",
-      "description": "Described as a \"professional exe loader / dll dropper\" Quant Loader is in fact a very basic trojan downloader. It began being advertised on September 1, 2016 on various Russian underground forums:",
+      "description": "Described as a \"professional exe loader / dll dropper\" Quant Loader is in fact a very basic trojan downloader. It began being advertised on September 1, 2016 on various Russian underground forums.",
      "meta": {
        "refs": [
          "https://www.bleepingcomputer.com/news/security/quant-loader-is-now-bundled-with-other-crappy-malware/",
          "https://blogs.forcepoint.com/security-labs/locky-distributor-uses-newly-released-quant-loader-sold-russian-underground"
        ]
      }
+    },
+    {
+      "value": "SSHDoor",
+      "description": "The Secure Shell Protocol (SSH) is a very popular protocol used for secure data communication. It is widely used in the Unix world to manage remote servers, transfer files, etc. The modified SSH daemon described here, Linux/SSHDoor.A, is designed to steal usernames and passwords and allows remote access to the server via either an hardcoded password or SSH key.",
+      "meta": {
+        "refs": [
+          "https://www.welivesecurity.com/2013/01/24/linux-sshdoor-a-backdoored-ssh-daemon-that-steals-passwords/"
+        ]
+      }
    }
  ]
 }