misp-galaxy/elements/threat-actor-tools.json

{
  "values": [
    {
      "value": "PlugX",
      "description": "Malware"
    },
    {
      "value": "MSUpdater"
    },
    {
      "value": "Poison Ivy"
    },
    {
      "value": "Torn RAT"
    },
    {
      "value": "ZeGhost"
    },
    {
      "value": "Elise Backdoor",
      "synonyms": ["Elise"]
    },
    {
      "value": "Lstudio"
    },
    {
      "value": "Joy RAT"
    },
    {
      "value": "Sakula",
      "synonyms": ["Sakurel"]
    },
    {
      "value": "Derusbi"
    },
    {
      "value": "EvilGrab"
    },
    {
      "value": "IEChecker"
    },
    {
      "value": "Trojan.Naid"
    },
    {
      "value": "Backdoor.Moudoor"
    },
    {
      "value": "NetTraveler"
    },
    {
      "value": "Winnti"
    },
    {
      "value": "Mimikatz"
    },
    {
      "value": "WEBC2"
    },
    {
      "value": "Pirpi"
    },
    {
      "value": "RARSTONE"
    },
    {
      "value": "BACKSPACe"
    },
    {
      "value": "XSControl"
    },
    {
      "value": "NETEAGLE"
    },
    {
      "value": "Agent.BTZ"
    },
    {
      "value": "Agent.dne"
    },
    {
      "value": "Wipbot"
    },
    {
      "value": "Turla"
    },
    {
      "value": "Uroburos"
    },
    {
      "value": "Winexe"
    },
    {
      "value": "CORESHELL"
    },
    {
      "value": "CHOPSTICK"
    },
    {
      "value": "SOURFACE"
    },
    {
      "value": "OLDBAIT"
    },
    {
      "value": "Havex RAT"
    },
    {
      "value": "LURK"
    },
    {
      "value": "Oldrea"
    },
    {
      "value": "AmmyAdmin"
    },
    {
      "value": "Matryoshka"
    },
    {
      "value": "TinyZBot"
    },
    {
      "value": "GHOLE"
    },
    {
      "value": "CWoolger"
    },
    {
      "value": "FireMalv"
    },
    {
      "value": "Regin"
    },
    {
      "value": "Duqu"
    },
    {
      "value": "Flame"
    },
    {
      "value": "Stuxnet"
    },
    {
      "value": "EquationLaser"
    },
    {
      "value": "EquationDrug"
    },
    {
      "value": "DoubleFantasy"
    },
    {
      "value": "TripleFantasy"
    },
    {
      "value": "Fanny"
    },
    {
      "value": "GrayFish"
    },
    {
      "value": "Babar"
    },
    {
      "value": "Bunny"
    },
    {
      "value": "Casper"
    },
    {
      "value": "NBot"
    },
    {
      "value": "Tafacalou"
    },
    {
      "value": "Tdrop"
    },
    {
      "value": "Troy"
    },
    {
      "value": "Tdrop2"
    }
  ],
  "version" : 1,
  "description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
  "author": ["Alexandre Dulaunoy", "Florian Roth"],
  "type": "threat-actor-tools"
}