From fca032ea73ac90ee49127684d765f718ed737fb4 Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Mon, 30 Sep 2019 10:45:53 +0200 Subject: [PATCH] add TVSPY tool --- clusters/tool.json | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/clusters/tool.json b/clusters/tool.json index 685b8ef..e738307 100644 --- a/clusters/tool.json +++ b/clusters/tool.json @@ -7808,7 +7808,19 @@ }, "uuid": "c72f8f57-fc2f-4ca2-afbe-ca5bfa5a1747", "value": "Amavaldo" + }, + { + "value": "TVSPY", + "description": "hacker going by the handle Mr. Burns. He also created something similar called RMS, which behaves very much like the TVSPY builder.\n“RMS/TVSPY continues to be developed, with a new version being posted by the developer/reseller on a regular basis,” Damballa researchers noted. “In fact, the legitimate RMS version developed by TektonIT and the version posted in criminal forums appear to be identical. TVSPY seems to be merely a modification of RMS to utilize TeamViewer infrastructure and a command-and-control interface manageable through the Web.", + "meta": { + "refs": [ + "https://mobile.twitter.com/SaudiDFIR/status/1177740045186457600" + ], + "synonyms": [ + "TVRAT", "SpY-Agent","teamspy" + ] + } } ], - "version": 123 + "version": 124 }