chg: [rat] Hallaj PRO Rat added

ref: https://securelist.com/attacks-on-industrial-enterprises-using-rms-and-teamviewer/87104/
misp-event: 5b63f5e4-bf24-4f46-8340-48fc02de0b81
This commit is contained in:
Alexandre Dulaunoy 2018-08-03 08:34:55 +02:00
parent 3da005a3f3
commit a0dfdd65ae
Signed by: adulau
GPG key ID: 09E2CD4944E6CBCD

View file

@ -2,7 +2,7 @@
"uuid": "312f8714-45cb-11e7-b898-135207cdceb9", "uuid": "312f8714-45cb-11e7-b898-135207cdceb9",
"description": "remote administration tool or remote access tool (RAT), also called sometimes remote access trojan, is a piece of software or programming that allows a remote \"operator\" to control a system as if they have physical access to that system.", "description": "remote administration tool or remote access tool (RAT), also called sometimes remote access trojan, is a piece of software or programming that allows a remote \"operator\" to control a system as if they have physical access to that system.",
"source": "MISP Project", "source": "MISP Project",
"version": 11, "version": 12,
"values": [ "values": [
{ {
"meta": { "meta": {
@ -2521,6 +2521,16 @@
"description": "The RAT is written in .NET, it uses socket.io for communication. Currently there are two variants of the malware, the 1st variant is a typical downloader whereas the 2nd one has download and C2 functionalities.", "description": "The RAT is written in .NET, it uses socket.io for communication. Currently there are two variants of the malware, the 1st variant is a typical downloader whereas the 2nd one has download and C2 functionalities.",
"value": "SocketPlayer", "value": "SocketPlayer",
"uuid": "d9475765-2cea-45c0-b638-a082b9427239" "uuid": "d9475765-2cea-45c0-b638-a082b9427239"
},
{
"value": "Hallaj PRO RAT",
"description": "RAT",
"uuid": "f6447046-f4e8-4977-9cc3-edee74ff0038",
"meta": {
"refs": [
"https://securelist.com/attacks-on-industrial-enterprises-using-rms-and-teamviewer/87104/"
]
}
} }
], ],
"authors": [ "authors": [