diff --git a/clusters/rat.json b/clusters/rat.json index fcfaa95..21c9776 100644 --- a/clusters/rat.json +++ b/clusters/rat.json @@ -1,6 +1,6 @@ { "uuid": "312f8714-45cb-11e7-b898-135207cdceb9", - "description": "remote administration tool or remote access tool (RAT), also called sometimes remote access trojan, is a piece of software or programming that allows a remote \"operator\" to control a system as if they have physical access to that system.", + "name": "RAT", "source": "MISP Project", "version": 9, "values": [ @@ -2480,11 +2480,21 @@ "uuid": "e9f9d900-4f9a-11e8-bce9-4bfbb0e9ab4c", "value": "Spymaster Pro", "description": "Monitoring Software" + }, + { + "meta": { + "refs": [ + "https://blog.talosintelligence.com/2018/05/navrat.html" + ] + }, + "description": "Classic RAT that can download, upload, execute commands on the victim host and perform keylogging. However, the command and control (C2) infrastructure is very specific. It uses the legitimate Naver email platform in order to communicate with the attackers via email", + "value": "NavRAT", + "uuid": "6ea032a0-d54a-463b-b016-2b7b9b9a5b7e" } ], "authors": [ "Various" ], "type": "rat", - "name": "RAT" + "description": "remote administration tool or remote access tool (RAT), also called sometimes remote access trojan, is a piece of software or programming that allows a remote \"operator\" to control a system as if they have physical access to that system." }