From bb088f97d1f5d5c2a60df21584127af71381c706 Mon Sep 17 00:00:00 2001 From: Thanat0s Date: Fri, 24 Feb 2017 13:56:33 +0100 Subject: [PATCH] =?UTF-8?q?Update=C2=A0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- clusters/tool.json | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/clusters/tool.json b/clusters/tool.json index cb1687a..7ff7bb7 100644 --- a/clusters/tool.json +++ b/clusters/tool.json @@ -199,10 +199,14 @@ "description": "We recently came across a cyber attack that used a remote access Trojan (RAT) called Lost Door, a tool currently offered on social media sites. What also struck us the most about this RAT (detected as BKDR_LODORAT.A) is how it abuses the Port Forward feature in routers.", "meta": { "synonyms": [ - "LostDoor RAT" + "LostDoor RAT", + "BKDR_LODORAT" ], "refs": [ "http://blog.trendmicro.com/trendlabs-security-intelligence/lost-door-rat-accessible-customizable-attack-tool/" + ], + "category": [ + "rat" ] } }, @@ -210,10 +214,14 @@ "value": "njRAT", "meta": { "synonyms": [ - "Bladabindi" + "Bladabindi", + "Jorik" ], "refs": [ "http://www.fidelissecurity.com/files/files/FTA_1009-njRAT_Uncovered_rev2.pdf" + ], + "category": [ + "rat" ] } }, @@ -221,10 +229,14 @@ "value": "NanoCoreRAT", "meta": { "synonyms": [ - "NanoCore" + "NanoCore", + "Nancrat", + "Zurten", + "Atros2.CKPN" ], "refs": [ - "http://www.symantec.com/connect/blogs/nanocore-another-rat-tries-make-it-out-gutter" + "http://www.symantec.com/connect/blogs/nanocore-another-rat-tries-make-it-out-gutter", + "https://nanocore.io/" ] } },