update apt28 tools

2025-02-17 01:06:22 +00:00 · 2017-02-26 17:06:19 +01:00 · 2017-02-26 17:06:19 +01:00 · 93df12be35
commit 93df12be35
parent afe682cf3f
1 changed files with 10 additions and 4 deletions
--- a/clusters/tool.json
+++ b/clusters/tool.json
@ -514,32 +514,38 @@
    },
    {
      "value": "CHOPSTICK",
-      "description": "backdoor",
+      "description": "backdoor used by apt28 ",
      "meta": {
        "synonyms": [
-          "Xagent",
          "webhp",
          "SPLM",
          "(.v2 fysbis)"
        ],
        "refs": [
          "https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf"
+        ],
+        "possible_issues": "Report tells that is could be Xagent alias (Java Rat)",
+        "type": [
+          "Backdoor"
        ]
      }
    },
    {
      "value": "EVILTOSS",
-      "description": "backdoor",
+      "description": "backdoor used by apt28",
      "meta": {
        "synonyms": [
          "Sedreco",
          "AZZY",
-          "Xagent",
          "ADVSTORESHELL",
          "NETUI"
        ],
        "refs": [
          "https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf"
+        ],
+        "possible_issues": "Report tells that is could be Xagent alias (Java Rat)",
+        "type": [
+          "Backdoor"
        ]
      }
    },