mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-27 01:07:18 +00:00
234 lines
4.7 KiB
JSON
234 lines
4.7 KiB
JSON
{
|
|
"values": [
|
|
{
|
|
"value": "PlugX",
|
|
"description": "Malware"
|
|
},
|
|
{
|
|
"value": "MSUpdater"
|
|
},
|
|
{
|
|
"value": "Poison Ivy",
|
|
"description": "Poison Ivy is a RAT which was freely available and first released in 2005.",
|
|
"refs": ["https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-poison-ivy.pdf"]
|
|
},
|
|
{
|
|
"value": "Torn RAT"
|
|
},
|
|
{
|
|
"value": "ZeGhost"
|
|
},
|
|
{
|
|
"value": "Elise Backdoor",
|
|
"synonyms": ["Elise"]
|
|
},
|
|
{
|
|
"value": "Lstudio"
|
|
},
|
|
{
|
|
"value": "Joy RAT"
|
|
},
|
|
{
|
|
"value": "Sakula",
|
|
"synonyms": ["Sakurel"]
|
|
},
|
|
{
|
|
"value": "Derusbi"
|
|
},
|
|
{
|
|
"value": "EvilGrab"
|
|
},
|
|
{
|
|
"value": "IEChecker"
|
|
},
|
|
{
|
|
"value": "Trojan.Naid"
|
|
},
|
|
{
|
|
"value": "Backdoor.Moudoor"
|
|
},
|
|
{
|
|
"value": "NetTraveler"
|
|
},
|
|
{
|
|
"value": "Winnti"
|
|
},
|
|
{
|
|
"value": "Mimikatz"
|
|
},
|
|
{
|
|
"value": "WEBC2"
|
|
},
|
|
{
|
|
"value": "Pirpi"
|
|
},
|
|
{
|
|
"value": "RARSTONE"
|
|
},
|
|
{
|
|
"value": "BACKSPACe"
|
|
},
|
|
{
|
|
"value": "XSControl"
|
|
},
|
|
{
|
|
"value": "NETEAGLE"
|
|
},
|
|
{
|
|
"value": "Agent.BTZ",
|
|
"synonyms": ["ComRat"]
|
|
},
|
|
{
|
|
"value": "Heseber BOT",
|
|
"description": "RAT bundle with standard VNC (to avoid/limit A/V detection)."
|
|
},
|
|
{
|
|
"value": "Agent.dne"
|
|
},
|
|
{
|
|
"value": "Wipbot"
|
|
},
|
|
{
|
|
"value": "Turla"
|
|
},
|
|
{
|
|
"value": "Uroburos"
|
|
},
|
|
{
|
|
"value": "Winexe"
|
|
},
|
|
{
|
|
"value": "Dark Comet",
|
|
"description": "RAT initialy identified in 2011 and still actively used."
|
|
},
|
|
{
|
|
"value": "AlienSpy",
|
|
"description": "RAT for Apple OS X platforms"
|
|
},
|
|
{
|
|
"value": "Gh0st Rat",
|
|
"description": "Gh0st Rat is a well-known Chinese remote access trojan which was originally made by C.Rufus Security Team several years ago.",
|
|
"synonyms": ["Gh0stRat, GhostRat"],
|
|
"refs": ["http://download01.norman.no/documents/ThemanyfacesofGh0stRat.pdf"]
|
|
},
|
|
{
|
|
"value": "Fakem RAT",
|
|
"description": "Fakem RAT makes their network traffic look like well-known protocols (e.g. Messenger traffic, HTML pages). ",
|
|
"synonyms": ["FAKEM"],
|
|
"refs": ["http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-fakem-rat.pdf"]
|
|
},
|
|
{
|
|
"value": "MFC Huner",
|
|
"synonyms": ["Hupigon", "BKDR_HUPIGON"],
|
|
"refs": ["http://blog.trendmicro.com/trendlabs-security-intelligence/japan-us-defense-industries-among-targeted-entities-in-latest-attack/"]
|
|
},
|
|
{
|
|
"value": "Blackshades",
|
|
"description": "Blackshades Remote Access Tool targets Microsoft Windows operating systems. Authors were arrested in 2012 and 2014.",
|
|
"refs": ["https://www.justice.gov/usao-sdny/pr/manhattan-us-attorney-and-fbi-assistant-director-charge-announce-charges-connection","https://blog.malwarebytes.org/intelligence/2012/06/you-dirty-rat-part-2-blackshades-net/"]
|
|
},
|
|
{
|
|
"value": "CORESHELL"
|
|
},
|
|
{
|
|
"value": "CHOPSTICK"
|
|
},
|
|
{
|
|
"value": "SOURFACE"
|
|
},
|
|
{
|
|
"value": "OLDBAIT"
|
|
},
|
|
{
|
|
"value": "Havex RAT",
|
|
"synonyms": ["Havex"]
|
|
},
|
|
{
|
|
"value": "KjW0rm",
|
|
"description": "RAT initially written in VB.",
|
|
"refs": ["https://www.sentinelone.com/blog/understanding-kjw0rm-malware-we-dive-in-to-the-tv5-cyber-attack/"]
|
|
},
|
|
{
|
|
"value": "LURK"
|
|
},
|
|
{
|
|
"value": "Oldrea"
|
|
},
|
|
{
|
|
"value": "AmmyAdmin"
|
|
},
|
|
{
|
|
"value": "Matryoshka"
|
|
},
|
|
{
|
|
"value": "TinyZBot"
|
|
},
|
|
{
|
|
"value": "GHOLE"
|
|
},
|
|
{
|
|
"value": "CWoolger"
|
|
},
|
|
{
|
|
"value": "FireMalv"
|
|
},
|
|
{
|
|
"value": "Regin"
|
|
},
|
|
{
|
|
"value": "Duqu"
|
|
},
|
|
{
|
|
"value": "Flame"
|
|
},
|
|
{
|
|
"value": "Stuxnet"
|
|
},
|
|
{
|
|
"value": "EquationLaser"
|
|
},
|
|
{
|
|
"value": "EquationDrug"
|
|
},
|
|
{
|
|
"value": "DoubleFantasy"
|
|
},
|
|
{
|
|
"value": "TripleFantasy"
|
|
},
|
|
{
|
|
"value": "Fanny"
|
|
},
|
|
{
|
|
"value": "GrayFish"
|
|
},
|
|
{
|
|
"value": "Babar"
|
|
},
|
|
{
|
|
"value": "Bunny"
|
|
},
|
|
{
|
|
"value": "Casper"
|
|
},
|
|
{
|
|
"value": "NBot"
|
|
},
|
|
{
|
|
"value": "Tafacalou"
|
|
},
|
|
{
|
|
"value": "Tdrop"
|
|
},
|
|
{
|
|
"value": "Troy"
|
|
},
|
|
{
|
|
"value": "Tdrop2"
|
|
}
|
|
],
|
|
"version" : 1,
|
|
"description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
|
|
"author": ["Alexandre Dulaunoy", "Florian Roth"],
|
|
"type": "threat-actor-tools"
|
|
}
|