mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-26 16:57:18 +00:00
1166 lines
43 KiB
JSON
1166 lines
43 KiB
JSON
{
|
||
"name": "RAT",
|
||
"type": "rat",
|
||
"source": "MISP Project",
|
||
"authors": [
|
||
"Various"
|
||
],
|
||
"description": "remote administration tool or remote access tool (RAT), also called sometimes remote access trojan, is a piece of software or programming that allows a remote \"operator\" to control a system as if they have physical access to that system.",
|
||
"uuid": "312f8714-45cb-11e7-b898-135207cdceb9",
|
||
"version": 1,
|
||
"values": [
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://www.teamviewer.com"
|
||
]
|
||
},
|
||
"description": "TeamViewer is a proprietary computer software package for remote control, desktop sharing, online meetings, web conferencing and file transfer between computers.",
|
||
"value": "TeamViewer"
|
||
},
|
||
{
|
||
"meta": {
|
||
"synonyms": [
|
||
"BO"
|
||
],
|
||
"refs": [
|
||
"http://www.cultdeadcow.com/tools/bo.html",
|
||
"http://www.symantec.com/avcenter/warn/backorifice.html"
|
||
]
|
||
},
|
||
"description": "Back Orifice (often shortened to BO) is a computer program designed for remote system administration. It enables a user to control a computer running the Microsoft Windows operating system from a remote location.",
|
||
"value": "Back Orifice"
|
||
},
|
||
{
|
||
"meta": {
|
||
"synonyms": [
|
||
"NetBus"
|
||
],
|
||
"refs": [
|
||
"http://www.symantec.com/avcenter/warn/backorifice.html",
|
||
"https://www.f-secure.com/v-descs/netbus.shtml"
|
||
]
|
||
},
|
||
"description": "NetBus or Netbus is a software program for remotely controlling a Microsoft Windows computer system over a network. It was created in 1998 and has been very controversial for its potential of being used as a backdoor.",
|
||
"value": "Netbus"
|
||
},
|
||
{
|
||
"meta": {
|
||
"synonyms": [
|
||
"Poison Ivy",
|
||
"Backdoor.Win32.PoisonIvy",
|
||
"Gen:Trojan.Heur.PT"
|
||
],
|
||
"refs": [
|
||
"https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-poison-ivy.pdf",
|
||
"https://www.f-secure.com/v-descs/backdoor_w32_poisonivy.shtml"
|
||
]
|
||
},
|
||
"description": "Poison Ivy is a RAT which was freely available and first released in 2005.",
|
||
"value": "PoisonIvy"
|
||
},
|
||
{
|
||
"meta": {
|
||
"synonyms": [
|
||
"SubSeven",
|
||
"Sub7Server"
|
||
],
|
||
"refs": [
|
||
"https://www.symantec.com/security_response/writeup.jsp?docid=2001-020114-5445-99"
|
||
]
|
||
},
|
||
"description": "Sub7, or SubSeven or Sub7Server, is a Trojan horse program.[1] Its name was derived by spelling NetBus backwards (\"suBteN\") and swapping \"ten\" with \"seven\". Sub7 was created by Mobman. Mobman has not maintained or updated the software since 2004, however an author known as Read101 has carried on the Sub7 legacy.",
|
||
"value": "Sub7"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://en.wikipedia.org/wiki/Beast_(Trojan_horse)"
|
||
]
|
||
},
|
||
"description": "Beast is a Windows-based backdoor trojan horse, more commonly known in the hacking community as a Remote Administration Tool or a \"RAT\". It is capable of infecting versions of Windows from 95 to 10.",
|
||
"value": "Beast Trojan"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://www.revolvy.com/main/index.php?s=Bifrost%20(trojan%20horse)&item_type=topic",
|
||
"http://malware-info.blogspot.lu/2008/10/bifrost-trojan.html"
|
||
]
|
||
},
|
||
"description": "Bifrost is a discontinued backdoor trojan horse family of more than 10 variants which can infect Windows 95 through Windows 10 (although on modern Windows systems, after Windows XP, its functionality is limited). Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attacker, who uses the client, to execute arbitrary code on the compromised machine (which runs the server whose behavior can be controlled by the server editor).",
|
||
"value": "Bifrost"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://krebsonsecurity.com/2014/05/blackshades-trojan-users-had-it-coming/"
|
||
]
|
||
},
|
||
"description": "Blackshades is the name of a malicious trojan horse used by hackers to control computers remotely. The malware targets computers using Microsoft Windows -based operating systems.[2] According to US officials, over 500,000 computer systems have been infected worldwide with the software.",
|
||
"value": "Blackshades"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://blog.malwarebytes.com/threat-analysis/2012/06/you-dirty-rat-part-1-darkcomet/",
|
||
"https://blogs.cisco.com/security/talos/darkkomet-rat-spam"
|
||
],
|
||
"synonyms": [
|
||
"Dark Comet"
|
||
]
|
||
},
|
||
"description": "DarkComet is a Remote Administration Tool (RAT) which was developed by Jean-Pierre Lesueur (known as DarkCoderSc), an independent programmer and computer security coder from the United Kingdom. Although the RAT was developed back in 2008, it began to proliferate at the start of 2012.",
|
||
"value": "DarkComet"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://www.symantec.com/security_response/writeup.jsp?docid=2002-121116-0350-99"
|
||
]
|
||
},
|
||
"description": "Backdoor.Lanfiltrator is a backdoor Trojan that gives an attacker unauthorized access to a compromised computer. The detection is used for a family of Trojans that are produced by the Backdoor.Lanfiltrator generator.",
|
||
"value": "Lanfiltrator"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"http://lexmarket.su/thread-27692.html",
|
||
"https://www.nulled.to/topic/129749-win32hsidir-rat/"
|
||
]
|
||
},
|
||
"description": "Win32.HsIdir is an advanced remote administrator tool systems was done by the original author HS32-Idir, it is the development of the release made since 2006 Copyright © 2006-2010 HS32-Idir.",
|
||
"value": "Win32.HsIdir"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://en.wikipedia.org/wiki/Optix_Pro",
|
||
"https://www.symantec.com/security_response/writeup.jsp?docid=2002-090416-0521-99",
|
||
"https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=20208"
|
||
]
|
||
},
|
||
"description": "Optix Pro is a configurable remote access tool or Trojan, similar to SubSeven or BO2K",
|
||
"value": "Optix Pro"
|
||
},
|
||
{
|
||
"meta": {
|
||
"synonyms": [
|
||
"BO2k"
|
||
],
|
||
"refs": [
|
||
"https://en.wikipedia.org/wiki/Back_Orifice_2000",
|
||
"https://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=10229",
|
||
"https://www.symantec.com/security_response/writeup.jsp?docid=2000-121814-5417-99",
|
||
"https://www.f-secure.com/v-descs/bo2k.shtml"
|
||
]
|
||
},
|
||
"description": "Back Orifice 2000 (often shortened to BO2k) is a computer program designed for remote system administration. It enables a user to control a computer running the Microsoft Windows operating system from a remote location. The name is a pun on Microsoft BackOffice Server software. Back Orifice 2000 is a new version of the famous Back Orifice backdoor trojan (hacker's remote access tool). It was created by the Cult of Dead Cow hackers group in July 1999. Originally the BO2K was released as a source code and utilities package on a CD-ROM. There are reports that some files on that CD-ROM were infected with CIH virus, so the people who got that CD might get infected and spread not only the compiled backdoor, but also the CIH virus. ",
|
||
"value": "Back Orifice 2000"
|
||
},
|
||
{
|
||
"meta": {
|
||
"synonyms": [
|
||
"VNC Connect",
|
||
"VNC Viewer"
|
||
],
|
||
"refs": [
|
||
"https://www.realvnc.com/"
|
||
]
|
||
},
|
||
"description": "The software consists of a server and client application for the Virtual Network Computing (VNC) protocol to control another ",
|
||
"value": "RealVNC"
|
||
},
|
||
{
|
||
"meta": {
|
||
"synonyms": [
|
||
"UNRECOM",
|
||
"UNiversal REmote COntrol Multi-Platform"
|
||
],
|
||
"refs": [
|
||
"https://securelist.com/securelist/files/2016/02/KL_AdwindPublicReport_2016.pdf",
|
||
"https://www.f-secure.com/v-descs/backdoor_java_adwind.shtml"
|
||
]
|
||
},
|
||
"description": "Backdoor:Java/Adwind is a Java archive (.JAR) file that drops a malicious component onto the machines and runs as a backdoor. When active, it is capable of stealing user information and may also be used to distribute other malware. ",
|
||
"value": "Adwind RAT"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://www.virustotal.com/en/file/b31812e5b4c63c5b52c9b23e76a5ea9439465ab366a9291c6074bfae5c328e73/analysis/1359376345/"
|
||
]
|
||
},
|
||
"value": "Albertino Advanced RAT"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://www.symantec.com/security_response/writeup.jsp?docid=2012-112912-5237-99",
|
||
"http://blog.trendmicro.com/trendlabs-security-intelligence/tsunami-warning-leads-to-arcom-rat/"
|
||
]
|
||
},
|
||
"description": "The malware is a Remote Access Trojan (RAT), known as Arcom RAT, and it is sold on underground forums for $2000.00.",
|
||
"value": "Arcom"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://leakforums.net/thread-18123?tid=18123&&pq=1"
|
||
]
|
||
},
|
||
"description": "BlackNix rat is a rat coded in delphi. ",
|
||
"value": "BlackNix"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://leakforums.net/thread-123872",
|
||
"https://techanarchy.net/2014/02/blue-banana-rat-config/"
|
||
]
|
||
},
|
||
"description": "Blue Banana is a RAT (Remote Administration Tool) created purely in Java",
|
||
"value": "Blue Banana"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://www.fireeye.com/blog/threat-research/2013/10/know-your-enemy-tracking-a-rapidly-evolving-apt-actor.html"
|
||
]
|
||
},
|
||
"description": "Bozok, like many other popular RATs, is freely available. The author of the Bozok RAT goes by the moniker “Slayer616” and has created another RAT known as Schwarze Sonne, or “SS-RAT” for short. Both of these RATs are free and easy to find — various APT actors have used both in previous targeted attacks.",
|
||
"value": "Bozok"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://sinister.ly/Thread-ClientMesh-RAT-In-Built-FUD-Crypter-Stable-DDoSer-No-PortForwading-40-Lifetime",
|
||
"https://blog.yakuza112.org/2012/clientmesh-rat-v5-cracked-clean/"
|
||
]
|
||
},
|
||
"description": "ClientMesh is a Remote Administration Application yhich allows a user to control a number of client PCs from around the world.",
|
||
"value": "ClientMesh"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"http://www.hackersthirst.com/2011/03/cybergate-rat-hacking-facebook-twitter.html",
|
||
"http://www.nbcnews.com/id/41584097/ns/technology_and_science-security/t/cybergate-leaked-e-mails-hint-corporate-hacking-conspiracy/"
|
||
]
|
||
},
|
||
"description": "CyberGate is a powerful, fully configurable and stable Remote Administration Tool coded in Delphi that is continuously getting developed. Using cybergate you can log the victim's passwords and can also get the screen shots of his computer's screen.",
|
||
"value": "CyberGate"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"http://meinblogzumtesten.blogspot.lu/2013/05/dark-ddoser-v56c-cracked.html"
|
||
]
|
||
},
|
||
"value": "Dark DDoSeR"
|
||
},
|
||
{
|
||
"meta": {
|
||
"synonyms": [
|
||
"DarkRAT"
|
||
],
|
||
"refs": [
|
||
"https://www.infosecurity-magazine.com/blogs/the-dark-rat/",
|
||
"http://darkratphp.blogspot.lu/"
|
||
]
|
||
},
|
||
"description": "In March 2017, Fujitsu Cyber Threat Intelligence uncovered a newly developed remote access tool referred to by its developer as ‘Dark RAT’ – a tool used to steal sensitive information from victims. Offered as a Fully Undetectable build (FUD) the RAT has a tiered price model including 24/7 support and an Android version. Android malware has seen a significant rise in interest and in 2015 this resulted in the arrests of a number of suspects involved in the infamous DroidJack malware.",
|
||
"value": "DarkRat"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://sites.google.com/site/greymecompany/greame-rat-project"
|
||
]
|
||
},
|
||
"value": "Greame"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"http://securityaffairs.co/wordpress/54837/hacking/one-stop-shop-hacking.html"
|
||
]
|
||
},
|
||
"description": "HawkEye is a popular RAT that can be used as a keylogger, it is also able to identify login events and record the destination, username, and password.",
|
||
"value": "HawkEye"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://www.rekings.com/shop/jrat/"
|
||
]
|
||
},
|
||
"description": "jRAT is the cross-platform remote administrator tool that is coded in Java, Because its coded in Java it gives jRAT possibilities to run on all operation systems, Which includes Windows, Mac OSX and Linux distributions.",
|
||
"value": "jRAT"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://leakforums.net/thread-479505"
|
||
]
|
||
},
|
||
"description": "jSpy is a Java RAT. ",
|
||
"value": "jSpy"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://leakforums.net/thread-284656"
|
||
]
|
||
},
|
||
"description": "Just saying that this is a very badly coded RAT by the biggest skid in this world, that is XilluX. The connection is very unstable, the GUI is always flickering because of the bad Multi-Threading and many more bugs.",
|
||
"value": "LuxNET"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://www.cyber.nj.gov/threat-profiles/trojan-variants/njrat"
|
||
]
|
||
},
|
||
"description": "NJRat is a remote access trojan (RAT), first spotted in June 2013 with samples dating back to November 2012. It was developed and is supported by Arabic speakers and mainly used by cybercrime groups against targets in the Middle East. In addition to targeting some governments in the region, the trojan is used to control botnets and conduct other typical cybercrime activity. It infects victims via phishing attacks and drive-by downloads and propagates through infected USB keys or networked drives. It can download and execute additional malware, execute shell commands, read and write registry keys, capture screenshots, log keystrokes, and spy on webcams.",
|
||
"value": "NJRat"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://www.rekings.com/pandora-rat-2-2/"
|
||
]
|
||
},
|
||
"description": "Remote administrator tool that has been developed for Windows operation system. With advanced features and stable structure, Pandora’s structure is based on advanced client / server architecture. was configured using modern technology.",
|
||
"value": "Pandora"
|
||
},
|
||
{
|
||
"meta": {
|
||
"synonyms": [
|
||
"PredatorPain"
|
||
],
|
||
"refs": [
|
||
"http://blog.trendmicro.com/trendlabs-security-intelligence/predator-pain-and-limitless-behind-the-fraud/",
|
||
"https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-predator-pain-and-limitless.pdf"
|
||
]
|
||
},
|
||
"description": "Unlike Zeus, Predator Pain and Limitless are relatively simple keyloggers. They indiscriminately steal web credentials and mail client credentials, as well as capturing keystrokes and screen captures. The output is human readable, which is good if you are managing a few infected machines only, but the design doesn’t scale well when there are a lot of infected machines and logs involved.",
|
||
"value": "Predator Pain"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"http://punisher-rat.blogspot.lu/"
|
||
]
|
||
},
|
||
"description": "Remote administration tool",
|
||
"value": "Punisher RAT"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://www.rekings.com/spygate-rat-3-2/",
|
||
"https://www.symantec.com/security_response/attacksignatures/detail.jsp%3Fasid%3D27950",
|
||
"http://spygate-rat.blogspot.lu/"
|
||
]
|
||
},
|
||
"description": "This is tool that allow you to control your computer form anywhere in world with full support to unicode language. ",
|
||
"value": "SpyGate"
|
||
},
|
||
{
|
||
"meta": {
|
||
"synonyms": [
|
||
"SmallNet"
|
||
],
|
||
"refs": [
|
||
"http://small-net-rat.blogspot.lu/"
|
||
]
|
||
},
|
||
"description": "RAT",
|
||
"value": "Small-Net"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://www.rekings.com/vantom-rat/"
|
||
]
|
||
},
|
||
"description": "Vantom is a free RAT with good option and very stable.",
|
||
"value": "Vantom"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://leakforums.net/thread-497480"
|
||
]
|
||
},
|
||
"description": "Xena RAT is a fully-functional, stable, state-of-the-art RAT, coded in a native language called Delphi, it has almost no dependencies.",
|
||
"value": "Xena"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://www.fireeye.com/blog/threat-research/2014/02/xtremerat-nuisance-or-threat.html"
|
||
]
|
||
},
|
||
"description": "This malware has been used in targeted attacks as well as traditional cybercrime. During our investigation we found that the majority of XtremeRAT activity is associated with spam campaigns that typically distribute Zeus variants and other banking-focused malware. ",
|
||
"value": "XtremeRAT"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://www.secureworks.com/blog/netwire-rat-steals-payment-card-data"
|
||
]
|
||
},
|
||
"description": "NetWire has a built-in keylogger that can capture inputs from peripheral devices such as USB card readers.",
|
||
"value": "Netwire"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://www.volexity.com/blog/2017/03/23/have-you-been-haunted-by-the-gh0st-rat-today/"
|
||
]
|
||
},
|
||
"description": "Gh0st RAT is a Trojan horse for the Windows platform that the operators of GhostNet used to hack into some of the most sensitive computer networks on Earth. It is a cyber spying computer program. .",
|
||
"value": "Gh0st RAT"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"http://www.zunzutech.com/blog/security/analysis-of-plasma-rats-source-code/"
|
||
]
|
||
},
|
||
"description": "Plasma RAT’s stub is fairly advanced, having many robust features. Some of the features include botkilling, Cryptocurrencies Mining (CPU and GPU), persistence, anti-analysis, torrent seeding, AV killer, 7 DDoS methods and a keylogger. The RAT is coded in VB.Net. There is also a Botnet version of it (Plasma HTTP), which is pretty similar to the RAT version.",
|
||
"value": "Plasma RAT"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://www.rekings.com/babylon-rat/"
|
||
]
|
||
},
|
||
"description": "Babylon is a highly advanced remote administration tool with no dependencies. The server is developed in C++ which is an ideal language for high performance and the client is developed in C#(.Net Framework 4.5)",
|
||
"value": "Babylon"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"http://www.imminentmethods.info/"
|
||
]
|
||
},
|
||
"description": "RAT",
|
||
"value": "Imminent Monitor"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"http://droidjack.net/"
|
||
]
|
||
},
|
||
"description": "DroidJack is a RAT (Remote Access Trojan/Remote Administration Tool) nature of remote accessing, monitoring and managing tool (Java based) for Android mobile OS. You can use it to perform a complete remote control to any Android devices infected with DroidJack through your PC. It comes with powerful function and user-friendly operation – even allows attackers to fully take over the mobile phone and steal, record the victim’s private data wilfully.",
|
||
"value": "DroidJack"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://github.com/quasar/QuasarRAT"
|
||
]
|
||
},
|
||
"description": "Quasar is a fast and light-weight remote administration tool coded in C#. Providing high stability and an easy-to-use user interface",
|
||
"value": "Quasar RAT"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://github.com/qqshow/dendroid",
|
||
"https://github.com/nyx0/Dendroid"
|
||
]
|
||
},
|
||
"description": "Dendroid is malware that affects Android OS and targets the mobile platform. It was first discovered in early of 2014 by Symantec and appeared in the underground for sale for $300. Some things were noted in Dendroid, such as being able to hide from emulators at the time. When first discovered in 2014 it was one of the most sophisticated Android remote administration tools known at that time. It was one of the first Trojan applications to get past Google's Bouncer and caused researchers to warn about it being easier to create Android malware due to it. It also seems to have follow in the footsteps of Zeus and SpyEye by having simple-to-use command and control panels. The code appeared to be leaked somewhere around 2014. It was noted that an apk binder was included in the leak, which provided a simple way to bind Dendroid to legitimate applications.",
|
||
"value": "Dendroid"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://github.com/shotskeber/Ratty"
|
||
]
|
||
},
|
||
"description": "A Java R.A.T. program",
|
||
"value": "Ratty"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"http://level23hacktools.com/forum/showthread.php?t=27971",
|
||
"https://leakforums.net/thread-405562?tid=405562&&pq=1"
|
||
]
|
||
},
|
||
"description": "Java RAT",
|
||
"value": "RaTRon"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"http://arabian-attacker.software.informer.com/"
|
||
]
|
||
},
|
||
"value": "Arabian-Attacker RAT"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://latesthackingnews.com/2015/05/31/how-to-hack-android-phones-with-androrat/",
|
||
"https://github.com/wszf/androrat"
|
||
]
|
||
},
|
||
"description": "Androrat is a client/server application developed in Java Android for the client side and in Java/Swing for the Server.",
|
||
"value": "Androrat"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"http://adzok.com/"
|
||
]
|
||
},
|
||
"description": "Remote Administrator",
|
||
"value": "Adzok"
|
||
},
|
||
{
|
||
"meta": {
|
||
"synonyms": [
|
||
"SS-RAT",
|
||
"Schwarze Sonne"
|
||
],
|
||
"refs": [
|
||
"https://github.com/mwsrc/Schwarze-Sonne-RAT"
|
||
]
|
||
},
|
||
"value": "Schwarze-Sonne-RAT"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://www.indetectables.net/viewtopic.php?t=24245"
|
||
]
|
||
},
|
||
"value": "Cyber Eye RAT"
|
||
},
|
||
{
|
||
"value": "Batch NET"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://leakforums.net/thread-530663"
|
||
]
|
||
},
|
||
"value": "RWX RAT"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"http://spynet-rat-officiel.blogspot.lu/"
|
||
]
|
||
},
|
||
"description": "Spy-Net is a software that allow you to control any computer in world using Windows Operating System.He is back using new functions and good options to give you full control of your remote computer.Stable and fast, this software offer to you a good interface, creating a easy way to use all his functions",
|
||
"value": "Spynet"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://leakforums.net/thread-559871"
|
||
]
|
||
},
|
||
"value": "CTOS"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://github.com/mwsrc/Virus-RAT-v8.0-Beta"
|
||
]
|
||
},
|
||
"value": "Virus RAT"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"http://www.atelierweb.com/products/"
|
||
]
|
||
},
|
||
"value": "Atelier Web Remote Commander"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://github.com/chrismattmann/drat"
|
||
]
|
||
},
|
||
"description": "A distributed, parallelized (Map Reduce) wrapper around Apache™ RAT to allow it to complete on large code repositories of multiple file types where Apache™ RAT hangs forev",
|
||
"value": "drat"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://www.f-secure.com/v-descs/mosuck.shtml"
|
||
]
|
||
},
|
||
"description": "MoSucker is a powerful backdoor - hacker's remote access tool.",
|
||
"value": "MoSucker"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"http://www.grayhatforum.org/thread-4373-post-5213.html#pid5213",
|
||
"http://www.spy-emergency.com/research/T/Theef_Download_Creator.html",
|
||
"http://www.spy-emergency.com/research/T/Theef.html"
|
||
]
|
||
},
|
||
"value": "Theef"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"http://prorat.software.informer.com/",
|
||
"http://malware.wikia.com/wiki/ProRat"
|
||
]
|
||
},
|
||
"description": "ProRat is a Microsoft Windows based backdoor trojan, more commonly known as a Remote Administration Tool. As with other trojan horses it uses a client and server. ProRat opens a port on the computer which allows the client to perform numerous operations on the server (the machine being controlled). ",
|
||
"value": "ProRat"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://sites.google.com/site/greymecompany/setro-rat-project"
|
||
]
|
||
},
|
||
"value": "Setro"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"http://www.connect-trojan.net/2015/03/indetectables-rat-v.0.5-beta.html"
|
||
]
|
||
},
|
||
"value": "Indetectables RAT"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://luminosity.link/"
|
||
]
|
||
},
|
||
"value": "Luminosity Link"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://orcustechnologies.com/"
|
||
]
|
||
},
|
||
"value": "Orcus"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"http://www.connect-trojan.net/2014/10/blizzard-rat-lite-v1.3.1.html"
|
||
]
|
||
},
|
||
"value": "Blizzard"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://www.rekings.com/kazybot-lite-php-rat/",
|
||
"http://telussecuritylabs.com/threats/show/TSL20150122-06"
|
||
]
|
||
},
|
||
"value": "Kazybot"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"http://www.connect-trojan.net/2015/01/bx-rat-v1.0.html"
|
||
]
|
||
},
|
||
"value": "BX"
|
||
},
|
||
{
|
||
"value": "death"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://rubear.me/threads/sky-wyder-2016-cracked.127/"
|
||
]
|
||
},
|
||
"value": "Sky Wyder"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://www.rekings.com/darktrack-4-alien/",
|
||
"http://news.softpedia.com/news/free-darktrack-rat-has-the-potential-of-being-the-best-rat-on-the-market-508179.shtml"
|
||
]
|
||
},
|
||
"value": "DarkTrack"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://github.com/c4bbage/xRAT"
|
||
]
|
||
},
|
||
"description": "Free, Open-Source Remote Administration Tool. xRAT 2.0 is a fast and light-weight Remote Administration Tool coded in C# (using .NET Framework 2.0).",
|
||
"value": "xRAT"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"http://sakhackingarticles.blogspot.lu/2014/08/biodox-rat.html"
|
||
]
|
||
},
|
||
"value": "Biodox"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://leakforums.net/thread-31386?tid=31386&&pq=1"
|
||
]
|
||
},
|
||
"description": "Offense RAT is a free renote administration tool made in Delphi 9.",
|
||
"value": "Offence"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://leakforums.net/thread-36962"
|
||
]
|
||
},
|
||
"value": "Apocalypse"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://leakforums.net/thread-363920"
|
||
]
|
||
},
|
||
"value": "JCage"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"http://malware.wikia.com/wiki/Nuclear_RAT",
|
||
"http://www.nuclearwintercrew.com/Products-View/21/Nuclear_RAT_2.1.0/"
|
||
]
|
||
},
|
||
"description": "Nuclear RAT (short for Nuclear Remote Administration Tool) is a backdoor trojan horse that infects Windows NT family systems (Windows 2000, XP, 2003).",
|
||
"value": "Nuclear RAT"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"http://ozonercp.com/"
|
||
]
|
||
},
|
||
"description": "C++ REMOTE CONTROL PROGRAM",
|
||
"value": "Ozone"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://github.com/alienwithin/xanity-php-rat"
|
||
]
|
||
},
|
||
"value": "Xanity"
|
||
},
|
||
{
|
||
"meta": {
|
||
"synonyms": [
|
||
"Dark Moon"
|
||
]
|
||
},
|
||
"value": "DarkMoon"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"http://broad-product.biz/forum/r-a-t-(remote-administration-tools)/xpert-rat-3-0-10-by-abronsius(vb6)/",
|
||
"https://www.nulled.to/topic/18355-xpert-rat-309/",
|
||
"https://trickytamilan.blogspot.lu/2016/03/xpert-rat.html"
|
||
]
|
||
},
|
||
"value": "Xpert"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://www.alienvault.com/blogs/labs-research/kilerrat-taking-over-where-njrat-remote-access-trojan-left-off"
|
||
]
|
||
},
|
||
"description": "This remote access trojan (RAT) has capabilities ranging from manipulating the registry to opening a reverse shell. From stealing credentials stored in browsers to accessing the victims webcam. Through the Command & Control (CnC) server software, the attacker has capabilities to create and configure the malware to spread utilizing physic devices, such as USB drives, but also to use the victim as a pivot point to gain more access laterally throughout the network. This remote access trojan could be classified as a variant of the well known njrat, as they share many similar features such as their display style, several abilities and a general template for communication methods . However, where njrat left off KilerRat has taken over. KilerRat is a very feature rich RAT with an active development force that is rapidly gaining in popularity amongst the middle eastern community and the world.",
|
||
"value": "Kiler RAT"
|
||
},
|
||
{
|
||
"value": "Brat"
|
||
},
|
||
{
|
||
"value": "MINI-MO"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"http://lost-door.blogspot.lu/",
|
||
"http://blog.trendmicro.com/trendlabs-security-intelligence/lost-door-rat-accessible-customizable-attack-tool/",
|
||
"https://www.cyber.nj.gov/threat-profiles/trojan-variants/lost-door-rat"
|
||
]
|
||
},
|
||
"description": "Unlike most attack tools that one can only find in cybercriminal underground markets, Lost Door is very easy to obtain. It’s promoted on social media sites like YouTube and Facebook. Its maker, “OussamiO,” even has his own Facebook page where details on his creation can be found. He also has a dedicated blog (hxxp://lost-door[.]blogspot[.]com/) where tutorial videos and instructions on using the RAT is found. Any cybercriminal or threat actor can purchase and use the RAT to launch attacks.",
|
||
"value": "Lost Door"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://www.rekings.com/loki-rat-php-rat/"
|
||
]
|
||
},
|
||
"description": "Loki RAT is a php RAT that means no port forwarding is needed for this RAT, If you dont know how to setup this RAT click on tutorial.",
|
||
"value": "Loki RAT"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://github.com/BahNahNah/MLRat"
|
||
]
|
||
},
|
||
"value": "MLRat"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"http://perfect-conexao.blogspot.lu/2014/09/spycronic-1021.html",
|
||
"http://www.connect-trojan.net/2013/09/spycronic-v1.02.1.html",
|
||
"https://ranger-exploit.com/spycronic-v1-02-1/"
|
||
]
|
||
},
|
||
"value": "SpyCronic"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://github.com/n1nj4sec/pupy"
|
||
]
|
||
},
|
||
"description": "Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python ",
|
||
"value": "Pupy"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"http://novarat.sourceforge.net/"
|
||
]
|
||
},
|
||
"description": "Nova is a proof of concept demonstrating screen sharing over UDP hole punching.",
|
||
"value": "Nova"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=9401&signatureSubId=2",
|
||
"https://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=9401&signatureSubId=0&softwareVersion=6.0&releaseVersion=S177",
|
||
"https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=20292",
|
||
"https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=20264"
|
||
],
|
||
"synonyms": [
|
||
"Back Door Y3K RAT "
|
||
]
|
||
},
|
||
"value": "BD Y3K RAT "
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"http://turkojan.blogspot.lu/"
|
||
]
|
||
},
|
||
"description": "Turkojan is a remote administration and spying tool for Microsoft Windows operating systems.",
|
||
"value": "Turkojan"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"http://josh.com/tiny/"
|
||
]
|
||
},
|
||
"description": "TINY is a set of programs that lets you control a DOS computer from any Java-capable machine over a TCP/IP connection. It is comparable to programs like VNC, CarbonCopy, and GotoMyPC except that the host machine is a DOS computer rather than a Windows one.",
|
||
"value": "TINY"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://www.security-database.com/toolswatch/SharK-3-Remote-Administration-Tool.html",
|
||
"http://lpc1.clpccd.cc.ca.us/lpc/mdaoud/CNT7501/NETLABS/Ethical_Hacking_Lab_05.pdf"
|
||
],
|
||
"synonyms": [
|
||
"SHARK",
|
||
"Shark"
|
||
]
|
||
},
|
||
"description": "sharK is an advanced reverse connecting, firewall bypassing remote administration tool written in VB6. With sharK you will be able to administrate every PC (using Windows OS) remotely.",
|
||
"value": "SharK"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://www.symantec.com/security_response/writeup.jsp?docid=2003-022018-5040-99"
|
||
],
|
||
"synonyms": [
|
||
"Backdoor.Blizzard",
|
||
"Backdoor.Fxdoor",
|
||
"Backdoor.Snowdoor",
|
||
"Backdoor:Win32/Snowdoor"
|
||
]
|
||
},
|
||
"description": "Backdoor.Snowdoor is a Backdoor Trojan Horse that allows unauthorized access to an infected computer. It creates an open C drive share with its default settings. By default, the Trojan listens on port 5,328.",
|
||
"value": "Snowdoor"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://www.nulled.to/topic/155464-paradox-rat/"
|
||
]
|
||
},
|
||
"value": "Paradox"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://www.rekings.com/spynote-v4-android-rat/"
|
||
]
|
||
},
|
||
"description": "Android RAT",
|
||
"value": "SpyNote"
|
||
},
|
||
{
|
||
"value": "ZOMBIE SLAYER"
|
||
},
|
||
{
|
||
"value": "HTTP WEB BACKDOOR"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://networklookout.com/help/"
|
||
]
|
||
},
|
||
"description": "Net Monitor for Employees lets you see what everyone's doing - without leaving your desk. Monitor the activity of all employees. Plus you can share your screen with your employees PCs, making demos and presentations much easier.",
|
||
"value": "NET-MONITOR PRO"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"http://www.dameware.com/dameware-mini-remote-control"
|
||
],
|
||
"synonyms": [
|
||
"dameware"
|
||
]
|
||
},
|
||
"description": "Affordable remote control software for all your customer support and help desk needs.",
|
||
"value": "DameWare Mini Remote Control"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://www.remoteutilities.com/"
|
||
]
|
||
},
|
||
"description": "Remote Utilities is a free remote access program with some really great features. It works by pairing two remote computers together with what they call an \"Internet ID.\" You can control a total of 10 PCs with Remote Utilities.",
|
||
"value": "Remote Utilities"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"http://ammyy-admin.soft32.com/"
|
||
],
|
||
"synonyms": [
|
||
"Ammyy"
|
||
]
|
||
},
|
||
"description": "Ammyy Admin is a completely portable remote access program that's extremely simple to setup. It works by connecting one computer to another via an ID supplied by the program.",
|
||
"value": "Ammyy Admin"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"http://www.uvnc.com/"
|
||
]
|
||
},
|
||
"description": "UltraVNC works a bit like Remote Utilities, where a server and viewer is installed on two PCs, and the viewer is used to control the server.",
|
||
"value": "Ultra VNC"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"http://www.aeroadmin.com/en/"
|
||
]
|
||
},
|
||
"description": "AeroAdmin is probably the easiest program to use for free remote access. There are hardly any settings, and everything is quick and to the point, which is perfect for spontaneous support.",
|
||
"value": "AeroAdmin"
|
||
},
|
||
{
|
||
"description": "Windows Remote Desktop is the remote access software built into the Windows operating system. No additional download is necessary to use the program.",
|
||
"value": "Windows Remote Desktop"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://www.remotepc.com/"
|
||
]
|
||
},
|
||
"description": "RemotePC, for good or bad, is a more simple free remote desktop program. You're only allowed one connection (unless you upgrade) but for many of you, that'll be just fine.",
|
||
"value": "RemotePC"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"http://seecreen.com/"
|
||
],
|
||
"synonyms": [
|
||
"Firnass"
|
||
]
|
||
},
|
||
"description": "Seecreen (previously called Firnass) is an extremely tiny (500 KB), yet powerful free remote access program that's absolutely perfect for on-demand, instant support.",
|
||
"value": "Seecreen"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://chrome.google.com/webstore/detail/chrome-remote-desktop/gbchcmhmhahfdphkhkmpfmihenigjmpp?hl=en"
|
||
]
|
||
},
|
||
"description": "Chrome Remote Desktop is an extension for the Google Chrome web browser that lets you setup a computer for remote access from any other Chrome browser.",
|
||
"value": "Chrome Remote Desktop"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://anydesk.com/remote-desktop"
|
||
]
|
||
},
|
||
"description": "AnyDesk is a remote desktop program that you can run portably or install like a regular program.",
|
||
"value": "AnyDesk"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"http://www.litemanager.com/"
|
||
]
|
||
},
|
||
"description": "LiteManager is another remote access program, and it's strikingly similar to Remote Utilities, which I explain on the first page of this list. However, unlike Remote Utilities, which can control a total of only 10 PCs, LiteManager supports up to 30 slots for storing and connecting to remote computers, and also has lots of useful features.",
|
||
"value": "LiteManager"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://www.comodo.com/home/download/download.php?prod=comodounite"
|
||
]
|
||
},
|
||
"description": "Comodo Unite is another free remote access program that creates a secure VPN between multiple computers. Once a VPN is established, you can remotely have access to applications and files through the client software.",
|
||
"value": "Comodo Unite"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://showmypc.com/"
|
||
]
|
||
},
|
||
"description": "ShowMyPC is a portable and free remote access program that's nearly identical to UltraVNC but uses a password to make a connection instead of an IP address.",
|
||
"value": "ShowMyPC"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://www.join.me/"
|
||
]
|
||
},
|
||
"description": "join.me is a remote access program from the producers of LogMeIn that provides quick access to another computer over an internet browser.",
|
||
"value": "join.me"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"http://www.nchsoftware.com/remotedesktop/index.html"
|
||
]
|
||
},
|
||
"description": "DesktopNow is a free remote access program from NCH Software. After optionally forwarding the proper port number in your router, and signing up for a free account, you can access your PC from anywhere through a web browser.",
|
||
"value": "DesktopNow"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"http://www.beamyourscreen.com/"
|
||
]
|
||
},
|
||
"description": "Another free and portable remote access program is BeamYourScreen. This program works like some of the others in this list, where the presenter is given an ID number they must share with another user so they can connect to the presenter's screen.",
|
||
"value": "BeamYourScreen"
|
||
},
|
||
{
|
||
"value": "Casa RAT"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"http://www.nuclearwintercrew.com/Products-View/57/Bandook_RAT_v1.35__NEW_/"
|
||
]
|
||
},
|
||
"description": "Bandook is a FWB#++ reverse connection rat (Remote Administration Tool), with a small size server when packed 30 KB, and a long list of amazing features",
|
||
"value": "Bandook RAT"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"http://www.hacktohell.org/2011/05/setting-up-cerberus-ratremote.html"
|
||
]
|
||
},
|
||
"value": "Cerberus RAT"
|
||
},
|
||
{
|
||
"value": "Syndrome RAT"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"http://www.spy-emergency.com/research/S/Snoopy.html"
|
||
]
|
||
},
|
||
"description": "Snoopy is a Remote Administration Tool. Software for controlling user computer remotely from other computer on local network or Internet.",
|
||
"value": "Snoopy"
|
||
},
|
||
{
|
||
"value": "5p00f3r.N$ RAT"
|
||
},
|
||
{
|
||
"value": "P. Storrie RAT"
|
||
},
|
||
{
|
||
"value": "xHacker Pro RAT"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://www.symantec.com/security_response/writeup.jsp?docid=2002-021310-3452-99"
|
||
]
|
||
},
|
||
"description": "Backdoor.NetDevil allows a hacker to remotely control an infected computer.",
|
||
"value": "NetDevil"
|
||
},
|
||
{
|
||
"meta": {
|
||
"refs": [
|
||
"https://www.digitrustgroup.com/nanocore-not-your-average-rat/"
|
||
]
|
||
},
|
||
"description": "In September of 2015, a DigiTrust client visited a web link that was providing an Adobe Flash Player update. The client, an international retail organization, attempted to download and run what appeared to be a regular update. The computer trying to download this update was a back office system that processed end of day credit card transactions. This system also had the capability of connecting to the corporate network which contained company sales reports.\nDigiTrust experts were alerted to something malicious and blocked the download. The investigation found that what appeared to be an Adobe Flash Player update, was a Remote Access Trojan called NanoCore. If installation had been successful, customer credit card data, personal information, and internal sales information could have been captured and monetized. During the analysis of NanoCore, our experts found that there was much more to this RAT than simply being another Remote Access Trojan.",
|
||
"value": "NanoCore"
|
||
}
|
||
]
|
||
}
|