add rat galaxy

This commit is contained in:
Deborah Servili 2017-05-31 16:39:19 +02:00
parent fab863933e
commit c9ede88868

97
clusters/rat.json Normal file
View file

@ -0,0 +1,97 @@
{
"name": "rat",
"type": "rat",
"source": "MISP Project",
"authors": [
"Various",
],
"description": "remote administration tool or remote access tool (RAT) is a piece of software or programming that allows a remote \"operator\" to control a system as if they have physical access to that system. ",
"uuid": "312f8714-45cb-11e7-b898-135207cdceb9",
"version": 1,
"values": [
{
"meta": {
"refs": [
"https://www.teamviewer.com"
]
},
"description": "TeamViewer is a proprietary computer software package for remote control, desktop sharing, online meetings, web conferencing and file transfer between computers.",
"value": "TeamViewer"
},
{
"meta": {
"synonyms": [
"BO"
],
"refs": [
"http://www.cultdeadcow.com/tools/bo.html",
"http://www.symantec.com/avcenter/warn/backorifice.html"
]
},
"description": "Back Orifice (often shortened to BO) is a computer program designed for remote system administration. It enables a user to control a computer running the Microsoft Windows operating system from a remote location.",
"value": "Back Orifice"
},
{
"meta": {
"synonyms": [
"NetBus"
],
"refs": [
"http://www.symantec.com/avcenter/warn/backorifice.html",
"https://www.f-secure.com/v-descs/netbus.shtml"
]
},
"description": "NetBus or Netbus is a software program for remotely controlling a Microsoft Windows computer system over a network. It was created in 1998 and has been very controversial for its potential of being used as a backdoor.",
"value": "Netbus"
},
{
"meta": {
"synonyms": [
"Poison Ivy",
"Backdoor.Win32.PoisonIvy",
"Gen:Trojan.Heur.PT"
],
"refs": [
"https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-poison-ivy.pdf",
"https://www.f-secure.com/v-descs/backdoor_w32_poisonivy.shtml"
]
},
"description": "Poison Ivy is a RAT which was freely available and first released in 2005.",
"value": "PoisonIvy"
},
{
"meta": {
"synonyms": [
"SubSeven",
"Sub7Server"
],
"refs": [
"https://www.symantec.com/security_response/writeup.jsp?docid=2001-020114-5445-99"
]
},
"description": "Sub7, or SubSeven or Sub7Server, is a Trojan horse program.[1] Its name was derived by spelling NetBus backwards (\"suBteN\") and swapping \"ten\" with \"seven\". Sub7 was created by Mobman. Mobman has not maintained or updated the software since 2004, however an author known as Read101 has carried on the Sub7 legacy.",
"value": "Sub7"
},
{
"meta": {
"refs": [
"https://en.wikipedia.org/wiki/Beast_(Trojan_horse)"
]
},
"description": "Beast is a Windows-based backdoor trojan horse, more commonly known in the hacking community as a Remote Administration Tool or a \"RAT\". It is capable of infecting versions of Windows from 95 to 10.",
"value": "Beast Trojan"
},
{
"meta": {
"synonyms": [
""
],
"refs": [
""
]
},
"description": "",
"value": ""
}
]
}