{
  "authors": [
    "Kafeine"
  ],
  "category": "tool",
  "description": "TDS is a list of Traffic Direction System used by adversaries",
  "name": "TDS",
  "source": "MISP Project",
  "type": "tds",
  "uuid": "ab5fffaa-c5f6-11e6-9d9d-cec0c932ce01",
  "values": [
    {
      "description": "Keitaro TDS is among the mostly used TDS in drive by infection chains",
      "meta": {
        "refs": [
          "https://keitarotds.com/"
        ],
        "type": [
          "Commercial"
        ]
      },
      "uuid": "94c57fc0-4477-4643-b539-55ba8c455df6",
      "value": "Keitaro"
    },
    {
      "description": "BlackTDS is mutualised TDS advertised underground since end of December 2017",
      "meta": {
        "refs": [
          "https://blacktds[.com/"
        ],
        "type": [
          "Underground"
        ]
      },
      "uuid": "d5c0cf8d-8ed0-4fa2-a2e6-7274516ea1c8",
      "value": "BlackTDS"
    },
    {
      "description": "ShadowTDS is advertised underground since 2016-02. It's in fact more like a Social Engineering kit focused on Android and embedding a TDS",
      "meta": {
        "type": [
          "Underground"
        ]
      },
      "uuid": "2680a4b1-84d1-4af0-8126-4429a90f8ef8",
      "value": "ShadowTDS"
    },
    {
      "description": "Sutra TDS was dominant from 2012 till 2015",
      "meta": {
        "refs": [
          "http://kytoon.com/sutra-tds.html"
        ],
        "type": [
          "Commercial"
        ]
      },
      "uuid": "67f21003-bbc8-4993-b615-f990e539929f",
      "value": "Sutra"
    },
    {
      "description": "SimpleTDS is a basic open source TDS",
      "meta": {
        "refs": [
          "https://sourceforge.net/projects/simpletds/"
        ],
        "synonyms": [
          "Stds"
        ],
        "type": [
          "OpenSource"
        ]
      },
      "uuid": "aa179c37-1a8a-4761-841a-cc940e19d7be",
      "value": "SimpleTDS"
    },
    {
      "description": "zTDS is an open source TDS",
      "meta": {
        "refs": [
          "http://ztds.info/doku.php"
        ],
        "type": [
          "OpenSource"
        ]
      },
      "uuid": "7a84de25-545a-4220-b500-85b9219dd67d",
      "value": "zTDS"
    },
    {
      "description": "BossTDS",
      "meta": {
        "refs": [
          "http://bosstds.com/"
        ],
        "type": [
          "Commercial"
        ]
      },
      "uuid": "5a483b4b-671a-4113-9b99-a115d2d2d644",
      "value": "BossTDS"
    },
    {
      "description": "BlackHat TDS is sold underground.",
      "meta": {
        "refs": [
          "http://malware.dontneedcoffee.com/2014/04/meet-blackhat-tds.html"
        ],
        "type": [
          "Underground"
        ]
      },
      "uuid": "36aa3b2d-4927-45e5-be08-f30144fd1909",
      "value": "BlackHat TDS"
    },
    {
      "description": "Futuristic TDS is the TDS component of BlackOS/CookieBomb/NorthTale Iframer",
      "meta": {
        "type": [
          "Underground"
        ]
      },
      "uuid": "19d8eab9-72d5-4f22-affb-c0d6aed66346",
      "value": "Futuristic TDS"
    },
    {
      "description": "Orchid TDS was sold underground. Rare usage",
      "meta": {
        "type": [
          "Underground"
        ]
      },
      "uuid": "ec0048f2-a7b2-4a71-83de-6e8fe4fef252",
      "value": "Orchid TDS"
    },
    {
      "description": "Proofpoint has tracked the 404 TDS since at least September 2022. Proofpoint is not aware if this is a service sold on underground forums, but it is likely a shared or sold tool due to its involvement in a variety of phishing and malware campaigns.",
      "meta": {
        "refs": [
          "https://www.proofpoint.com/us/blog/threat-insight/screentime-sometimes-it-feels-like-somebodys-watching-me"
        ],
        "type": [
          "Underground"
        ]
      },
      "uuid": "7b956ff0-9021-499c-82a4-24b958cb32d9",
      "value": "404 TDS"
    }
  ],
  "version": 5
}