add Milan Rat, Shark tool and Lyceum synonyms

This commit is contained in:
Delta-Sierra 2021-11-29 16:00:40 +01:00
parent bb92427b65
commit b8960393a4
2 changed files with 25 additions and 2 deletions

View file

@ -3486,7 +3486,20 @@
}, },
"uuid": "833ed94d-97c1-4b57-9634-c27bf42eb867", "uuid": "833ed94d-97c1-4b57-9634-c27bf42eb867",
"value": "Guildma" "value": "Guildma"
},
{
"description": "Milan is a 32-bit RAT written in Visual C++ and .NET. Milan is loaded and persists using tasks. An encoded routine waits for three to four seconds between executing the first task, deleting this task, and setting a second scheduled task for persistence.",
"meta": {
"refs": [
"https://www.prevailion.com/latest-targets-of-cyber-group-lyceum/"
],
"synonyms": [
"James"
]
},
"uuid": "a5e5a48a-5ce7-45f0-97d7-517d7f37b4ce",
"value": "Milan"
} }
], ],
"version": 36 "version": 37
} }

View file

@ -8450,7 +8450,17 @@
}, },
"uuid": "d5b31712-a5b4-4b1c-9a74-4340abc61210", "uuid": "d5b31712-a5b4-4b1c-9a74-4340abc61210",
"value": "ESPecter bootkit" "value": "ESPecter bootkit"
},
{
"description": "Shark is a 32-bit executable written in C# and .NET. To run Shark, a parameter is passed on the command line that includes the executables filename. Shark generates a mutex that uses the executables filename as the mutex value. The mutex likely ensures Shark does not execute on a machine where it is already running and that the correct version of Shark is executed.",
"meta": {
"refs": [
"https://www.prevailion.com/latest-targets-of-cyber-group-lyceum/"
]
},
"uuid": "9ea6d29e-00a7-4042-9bc5-31b1adeee6ec",
"value": "Shark"
} }
], ],
"version": 148 "version": 149
} }