mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-26 08:47:18 +00:00
chg: [rat] Hallaj PRO Rat added
ref: https://securelist.com/attacks-on-industrial-enterprises-using-rms-and-teamviewer/87104/ misp-event: 5b63f5e4-bf24-4f46-8340-48fc02de0b81
This commit is contained in:
parent
3da005a3f3
commit
a0dfdd65ae
1 changed files with 11 additions and 1 deletions
|
@ -2,7 +2,7 @@
|
||||||
"uuid": "312f8714-45cb-11e7-b898-135207cdceb9",
|
"uuid": "312f8714-45cb-11e7-b898-135207cdceb9",
|
||||||
"description": "remote administration tool or remote access tool (RAT), also called sometimes remote access trojan, is a piece of software or programming that allows a remote \"operator\" to control a system as if they have physical access to that system.",
|
"description": "remote administration tool or remote access tool (RAT), also called sometimes remote access trojan, is a piece of software or programming that allows a remote \"operator\" to control a system as if they have physical access to that system.",
|
||||||
"source": "MISP Project",
|
"source": "MISP Project",
|
||||||
"version": 11,
|
"version": 12,
|
||||||
"values": [
|
"values": [
|
||||||
{
|
{
|
||||||
"meta": {
|
"meta": {
|
||||||
|
@ -2521,6 +2521,16 @@
|
||||||
"description": "The RAT is written in .NET, it uses socket.io for communication. Currently there are two variants of the malware, the 1st variant is a typical downloader whereas the 2nd one has download and C2 functionalities.",
|
"description": "The RAT is written in .NET, it uses socket.io for communication. Currently there are two variants of the malware, the 1st variant is a typical downloader whereas the 2nd one has download and C2 functionalities.",
|
||||||
"value": "SocketPlayer",
|
"value": "SocketPlayer",
|
||||||
"uuid": "d9475765-2cea-45c0-b638-a082b9427239"
|
"uuid": "d9475765-2cea-45c0-b638-a082b9427239"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "Hallaj PRO RAT",
|
||||||
|
"description": "RAT",
|
||||||
|
"uuid": "f6447046-f4e8-4977-9cc3-edee74ff0038",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://securelist.com/attacks-on-industrial-enterprises-using-rms-and-teamviewer/87104/"
|
||||||
|
]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"authors": [
|
"authors": [
|
||||||
|
|
Loading…
Reference in a new issue