diff --git a/clusters/rat.json b/clusters/rat.json index 194d1cce..416fad84 100644 --- a/clusters/rat.json +++ b/clusters/rat.json @@ -39,7 +39,8 @@ "refs": [ "http://www.symantec.com/avcenter/warn/backorifice.html", "https://www.f-secure.com/v-descs/netbus.shtml" - ] + ], + "date": "1998" }, "description": "NetBus or Netbus is a software program for remotely controlling a Microsoft Windows computer system over a network. It was created in 1998 and has been very controversial for its potential of being used as a backdoor.", "value": "Netbus" @@ -67,7 +68,8 @@ ], "refs": [ "https://www.symantec.com/security_response/writeup.jsp?docid=2001-020114-5445-99" - ] + ], + "date": "1999" }, "description": "Sub7, or SubSeven or Sub7Server, is a Trojan horse program.[1] Its name was derived by spelling NetBus backwards (\"suBteN\") and swapping \"ten\" with \"seven\". Sub7 was created by Mobman. Mobman has not maintained or updated the software since 2004, however an author known as Read101 has carried on the Sub7 legacy.", "value": "Sub7" @@ -76,7 +78,8 @@ "meta": { "refs": [ "https://en.wikipedia.org/wiki/Beast_(Trojan_horse)" - ] + ], + "date": "2002" }, "description": "Beast is a Windows-based backdoor trojan horse, more commonly known in the hacking community as a Remote Administration Tool or a \"RAT\". It is capable of infecting versions of Windows from 95 to 10.", "value": "Beast Trojan" @@ -86,7 +89,8 @@ "refs": [ "https://www.revolvy.com/main/index.php?s=Bifrost%20(trojan%20horse)&item_type=topic", "http://malware-info.blogspot.lu/2008/10/bifrost-trojan.html" - ] + ], + "date": "2004" }, "description": "Bifrost is a discontinued backdoor trojan horse family of more than 10 variants which can infect Windows 95 through Windows 10 (although on modern Windows systems, after Windows XP, its functionality is limited). Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attacker, who uses the client, to execute arbitrary code on the compromised machine (which runs the server whose behavior can be controlled by the server editor).", "value": "Bifrost" @@ -95,7 +99,8 @@ "meta": { "refs": [ "https://krebsonsecurity.com/2014/05/blackshades-trojan-users-had-it-coming/" - ] + ], + "date": "2010" }, "description": "Blackshades is the name of a malicious trojan horse used by hackers to control computers remotely. The malware targets computers using Microsoft Windows -based operating systems.[2] According to US officials, over 500,000 computer systems have been infected worldwide with the software.", "value": "Blackshades" @@ -108,7 +113,8 @@ ], "synonyms": [ "Dark Comet" - ] + ], + "date": "2008" }, "description": "DarkComet is a Remote Administration Tool (RAT) which was developed by Jean-Pierre Lesueur (known as DarkCoderSc), an independent programmer and computer security coder from the United Kingdom. Although the RAT was developed back in 2008, it began to proliferate at the start of 2012.", "value": "DarkComet" @@ -117,7 +123,8 @@ "meta": { "refs": [ "https://www.symantec.com/security_response/writeup.jsp?docid=2002-121116-0350-99" - ] + ], + "date": "2002" }, "description": "Backdoor.Lanfiltrator is a backdoor Trojan that gives an attacker unauthorized access to a compromised computer. The detection is used for a family of Trojans that are produced by the Backdoor.Lanfiltrator generator.", "value": "Lanfiltrator" @@ -138,7 +145,8 @@ "https://en.wikipedia.org/wiki/Optix_Pro", "https://www.symantec.com/security_response/writeup.jsp?docid=2002-090416-0521-99", "https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=20208" - ] + ], + "date": "2002" }, "description": "Optix Pro is a configurable remote access tool or Trojan, similar to SubSeven or BO2K", "value": "Optix Pro" @@ -153,7 +161,8 @@ "https://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=10229", "https://www.symantec.com/security_response/writeup.jsp?docid=2000-121814-5417-99", "https://www.f-secure.com/v-descs/bo2k.shtml" - ] + ], + "date": "1998" }, "description": "Back Orifice 2000 (often shortened to BO2k) is a computer program designed for remote system administration. It enables a user to control a computer running the Microsoft Windows operating system from a remote location. The name is a pun on Microsoft BackOffice Server software. Back Orifice 2000 is a new version of the famous Back Orifice backdoor trojan (hacker's remote access tool). It was created by the Cult of Dead Cow hackers group in July 1999. Originally the BO2K was released as a source code and utilities package on a CD-ROM. There are reports that some files on that CD-ROM were infected with CIH virus, so the people who got that CD might get infected and spread not only the compiled backdoor, but also the CIH virus. ", "value": "Back Orifice 2000" @@ -186,7 +195,8 @@ "https://securelist.com/securelist/files/2016/02/KL_AdwindPublicReport_2016.pdf", "https://www.f-secure.com/v-descs/backdoor_java_adwind.shtml", "https://blog.fortinet.com/2016/08/16/jbifrost-yet-another-incarnation-of-the-adwind-rat" - ] + ], + "date": "2011" }, "description": "Backdoor:Java/Adwind is a Java archive (.JAR) file that drops a malicious component onto the machines and runs as a backdoor. When active, it is capable of stealing user information and may also be used to distribute other malware. ", "value": "Adwind RAT" @@ -223,7 +233,8 @@ "refs": [ "https://leakforums.net/thread-123872", "https://techanarchy.net/2014/02/blue-banana-rat-config/" - ] + ], + "date": "2012" }, "description": "Blue Banana is a RAT (Remote Administration Tool) created purely in Java", "value": "Blue Banana" @@ -232,7 +243,8 @@ "meta": { "refs": [ "https://www.fireeye.com/blog/threat-research/2013/10/know-your-enemy-tracking-a-rapidly-evolving-apt-actor.html" - ] + ], + "date": "2013" }, "description": "Bozok, like many other popular RATs, is freely available. The author of the Bozok RAT goes by the moniker “Slayer616” and has created another RAT known as Schwarze Sonne, or “SS-RAT” for short. Both of these RATs are free and easy to find — various APT actors have used both in previous targeted attacks.", "value": "Bozok" @@ -252,7 +264,8 @@ "refs": [ "http://www.hackersthirst.com/2011/03/cybergate-rat-hacking-facebook-twitter.html", "http://www.nbcnews.com/id/41584097/ns/technology_and_science-security/t/cybergate-leaked-e-mails-hint-corporate-hacking-conspiracy/" - ] + ], + "date": "2011" }, "description": "CyberGate is a powerful, fully configurable and stable Remote Administration Tool coded in Delphi that is continuously getting developed. Using cybergate you can log the victim's passwords and can also get the screen shots of his computer's screen.", "value": "CyberGate" @@ -273,7 +286,8 @@ "refs": [ "https://www.infosecurity-magazine.com/blogs/the-dark-rat/", "http://darkratphp.blogspot.lu/" - ] + ], + "date": "2005" }, "description": "In March 2017, Fujitsu Cyber Threat Intelligence uncovered a newly developed remote access tool referred to by its developer as ‘Dark RAT’ – a tool used to steal sensitive information from victims. Offered as a Fully Undetectable build (FUD) the RAT has a tiered price model including 24/7 support and an Android version. Android malware has seen a significant rise in interest and in 2015 this resulted in the arrests of a number of suspects involved in the infamous DroidJack malware.", "value": "DarkRat" @@ -290,7 +304,8 @@ "meta": { "refs": [ "http://securityaffairs.co/wordpress/54837/hacking/one-stop-shop-hacking.html" - ] + ], + "date": "2003" }, "description": "HawkEye is a popular RAT that can be used as a keylogger, it is also able to identify login events and record the destination, username, and password.", "value": "HawkEye" @@ -302,7 +317,8 @@ ], "synonyms": [ "JacksBot" - ] + ], + "date": "2012" }, "description": "jRAT is the cross-platform remote administrator tool that is coded in Java, Because its coded in Java it gives jRAT possibilities to run on all operation systems, Which includes Windows, Mac OSX and Linux distributions.", "value": "jRAT" @@ -311,7 +327,8 @@ "meta": { "refs": [ "https://leakforums.net/thread-479505" - ] + ], + "date": "2013" }, "description": "jSpy is a Java RAT. ", "value": "jSpy" @@ -329,7 +346,11 @@ "meta": { "refs": [ "https://www.cyber.nj.gov/threat-profiles/trojan-variants/njrat" - ] + ], + "synonyms": [ + "Njw0rm" + ], + "date": "2012" }, "description": "NJRat is a remote access trojan (RAT), first spotted in June 2013 with samples dating back to November 2012. It was developed and is supported by Arabic speakers and mainly used by cybercrime groups against targets in the Middle East. In addition to targeting some governments in the region, the trojan is used to control botnets and conduct other typical cybercrime activity. It infects victims via phishing attacks and drive-by downloads and propagates through infected USB keys or networked drives. It can download and execute additional malware, execute shell commands, read and write registry keys, capture screenshots, log keystrokes, and spy on webcams.", "value": "NJRat" @@ -338,7 +359,8 @@ "meta": { "refs": [ "https://www.rekings.com/pandora-rat-2-2/" - ] + ], + "date": "2002" }, "description": "Remote administrator tool that has been developed for Windows operation system. With advanced features and stable structure, Pandora’s structure is based on advanced client / server architecture. was configured using modern technology.", "value": "Pandora" @@ -360,7 +382,8 @@ "meta": { "refs": [ "http://punisher-rat.blogspot.lu/" - ] + ], + "date": "2007" }, "description": "Remote administration tool", "value": "Punisher RAT" @@ -410,7 +433,8 @@ "meta": { "refs": [ "https://www.fireeye.com/blog/threat-research/2014/02/xtremerat-nuisance-or-threat.html" - ] + ], + "date": "2010" }, "description": "This malware has been used in targeted attacks as well as traditional cybercrime. During our investigation we found that the majority of XtremeRAT activity is associated with spam campaigns that typically distribute Zeus variants and other banking-focused malware. ", "value": "XtremeRAT" @@ -419,7 +443,8 @@ "meta": { "refs": [ "https://www.secureworks.com/blog/netwire-rat-steals-payment-card-data" - ] + ], + "date": "2012" }, "description": "NetWire has a built-in keylogger that can capture inputs from peripheral devices such as USB card readers.", "value": "Netwire" @@ -428,7 +453,8 @@ "meta": { "refs": [ "https://www.volexity.com/blog/2017/03/23/have-you-been-haunted-by-the-gh0st-rat-today/" - ] + ], + "date": "2001" }, "description": "Gh0st RAT is a Trojan horse for the Windows platform that the operators of GhostNet used to hack into some of the most sensitive computer networks on Earth. It is a cyber spying computer program. .", "value": "Gh0st RAT" @@ -473,7 +499,8 @@ "meta": { "refs": [ "https://github.com/quasar/QuasarRAT" - ] + ], + "date": "2014" }, "description": "Quasar is a fast and light-weight remote administration tool coded in C#. Providing high stability and an easy-to-use user interface", "value": "Quasar RAT" @@ -483,7 +510,8 @@ "refs": [ "https://github.com/qqshow/dendroid", "https://github.com/nyx0/Dendroid" - ] + ], + "date": "2014" }, "description": "Dendroid is malware that affects Android OS and targets the mobile platform. It was first discovered in early of 2014 by Symantec and appeared in the underground for sale for $300. Some things were noted in Dendroid, such as being able to hide from emulators at the time. When first discovered in 2014 it was one of the most sophisticated Android remote administration tools known at that time. It was one of the first Trojan applications to get past Google's Bouncer and caused researchers to warn about it being easier to create Android malware due to it. It also seems to have follow in the footsteps of Zeus and SpyEye by having simple-to-use command and control panels. The code appeared to be leaked somewhere around 2014. It was noted that an apk binder was included in the leak, which provided a simple way to bind Dendroid to legitimate applications.", "value": "Dendroid" @@ -492,7 +520,8 @@ "meta": { "refs": [ "https://github.com/shotskeber/Ratty" - ] + ], + "date": "2016" }, "description": "A Java R.A.T. program", "value": "Ratty" @@ -511,7 +540,8 @@ "meta": { "refs": [ "http://arabian-attacker.software.informer.com/" - ] + ], + "date": "2006" }, "value": "Arabian-Attacker RAT" }, @@ -542,7 +572,8 @@ ], "refs": [ "https://github.com/mwsrc/Schwarze-Sonne-RAT" - ] + ], + "date": "2010" }, "value": "Schwarze-Sonne-RAT" }, @@ -569,7 +600,8 @@ "meta": { "refs": [ "http://spynet-rat-officiel.blogspot.lu/" - ] + ], + "date": "2010" }, "description": "Spy-Net is a software that allow you to control any computer in world using Windows Operating System.He is back using new functions and good options to give you full control of your remote computer.Stable and fast, this software offer to you a good interface, creating a easy way to use all his functions", "value": "Spynet" @@ -622,7 +654,8 @@ "http://www.grayhatforum.org/thread-4373-post-5213.html#pid5213", "http://www.spy-emergency.com/research/T/Theef_Download_Creator.html", "http://www.spy-emergency.com/research/T/Theef.html" - ] + ], + "date": "2002" }, "value": "Theef" }, @@ -631,7 +664,8 @@ "refs": [ "http://prorat.software.informer.com/", "http://malware.wikia.com/wiki/ProRat" - ] + ], + "date": "2002" }, "description": "ProRat is a Microsoft Windows based backdoor trojan, more commonly known as a Remote Administration Tool. As with other trojan horses it uses a client and server. ProRat opens a port on the computer which allows the client to perform numerous operations on the server (the machine being controlled). ", "value": "ProRat" @@ -664,7 +698,8 @@ "meta": { "refs": [ "https://orcustechnologies.com/" - ] + ], + "date": "2015" }, "value": "Orcus" }, @@ -689,7 +724,8 @@ "meta": { "refs": [ "http://www.connect-trojan.net/2015/01/bx-rat-v1.0.html" - ] + ], + "date": "2014" }, "value": "BX" }, @@ -709,7 +745,8 @@ "refs": [ "https://www.rekings.com/darktrack-4-alien/", "http://news.softpedia.com/news/free-darktrack-rat-has-the-potential-of-being-the-best-rat-on-the-market-508179.shtml" - ] + ], + "date": "2017" }, "value": "DarkTrack" }, @@ -717,7 +754,8 @@ "meta": { "refs": [ "https://github.com/c4bbage/xRAT" - ] + ], + "date": "2017" }, "description": "Free, Open-Source Remote Administration Tool. xRAT 2.0 is a fast and light-weight Remote Administration Tool coded in C# (using .NET Framework 2.0).", "value": "xRAT" @@ -743,7 +781,8 @@ "meta": { "refs": [ "https://leakforums.net/thread-36962" - ] + ], + "date": "2009" }, "value": "Apocalypse" }, @@ -751,7 +790,8 @@ "meta": { "refs": [ "https://leakforums.net/thread-363920" - ] + ], + "date": "2013" }, "value": "JCage" }, @@ -827,7 +867,8 @@ ], "synonyms": [ "LostDoor" - ] + ], + "date": "2010" }, "description": "Unlike most attack tools that one can only find in cybercriminal underground markets, Lost Door is very easy to obtain. It’s promoted on social media sites like YouTube and Facebook. Its maker, “OussamiO,” even has his own Facebook page where details on his creation can be found. He also has a dedicated blog (hxxp://lost-door[.]blogspot[.]com/) where tutorial videos and instructions on using the RAT is found. Any cybercriminal or threat actor can purchase and use the RAT to launch attacks.", "value": "Lost Door" @@ -863,7 +904,8 @@ "meta": { "refs": [ "https://github.com/n1nj4sec/pupy" - ] + ], + "date": "2015" }, "description": "Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python ", "value": "Pupy" @@ -872,7 +914,8 @@ "meta": { "refs": [ "http://novarat.sourceforge.net/" - ] + ], + "date": "2002" }, "description": "Nova is a proof of concept demonstrating screen sharing over UDP hole punching.", "value": "Nova" @@ -888,7 +931,8 @@ "synonyms": [ "Back Door Y3K RAT", "Y3k" - ] + ], + "date": "1998" }, "value": "BD Y3K RAT" }, @@ -896,7 +940,8 @@ "meta": { "refs": [ "http://turkojan.blogspot.lu/" - ] + ], + "date": "2003" }, "description": "Turkojan is a remote administration and spying tool for Microsoft Windows operating systems.", "value": "Turkojan" @@ -919,7 +964,8 @@ "synonyms": [ "SHARK", "Shark" - ] + ], + "date": "2008" }, "description": "sharK is an advanced reverse connecting, firewall bypassing remote administration tool written in VB6. With sharK you will be able to administrate every PC (using Windows OS) remotely.", "value": "SharK" @@ -999,7 +1045,8 @@ ], "synonyms": [ "Ammyy" - ] + ], + "date": "2011" }, "description": "Ammyy Admin is a completely portable remote access program that's extremely simple to setup. It works by connecting one computer to another via an ID supplied by the program.", "value": "Ammyy Admin" @@ -1126,7 +1173,8 @@ "meta": { "refs": [ "http://www.nuclearwintercrew.com/Products-View/57/Bandook_RAT_v1.35__NEW_/" - ] + ], + "date": "2005" }, "description": "Bandook is a FWB#++ reverse connection rat (Remote Administration Tool), with a small size server when packed 30 KB, and a long list of amazing features", "value": "Bandook RAT" @@ -1135,35 +1183,47 @@ "meta": { "refs": [ "http://www.hacktohell.org/2011/05/setting-up-cerberus-ratremote.html" - ] + ], + "date": "2009" }, "value": "Cerberus RAT" }, { - "value": "Syndrome RAT" + "value": "Syndrome RAT", + "meta": { + "date": "2010" + } }, { "meta": { "refs": [ "http://www.spy-emergency.com/research/S/Snoopy.html" - ] + ], + "date": "2002" }, "description": "Snoopy is a Remote Administration Tool. Software for controlling user computer remotely from other computer on local network or Internet.", "value": "Snoopy" }, { - "value": "5p00f3r.N$ RAT" + "value": "5p00f3r.N$ RAT", + "meta": { + "date": "2010" + } }, { "meta": { "synonyms": [ "P.Storrie RAT" - ] + ], + "date": "2011" }, "value": "P. Storrie RAT" }, { - "value": "xHacker Pro RAT" + "value": "xHacker Pro RAT", + "meta": { + "date": "2007" + } }, { "meta": { @@ -1189,7 +1249,8 @@ "meta": { "refs": [ "https://www.zscaler.com/blogs/research/cobian-rat-backdoored-rat" - ] + ], + "date": "2017" } }, { @@ -1198,14 +1259,21 @@ "meta": { "refs": [ "http://www.netsupportmanager.com/index.asp" - ] + ], + "date": "1989" } }, { - "value": "Vortex" + "value": "Vortex", + "meta": { + "date": "1998" + } }, { - "value": "Assassin" + "value": "Assassin", + "meta": { + "date": "2002" + } }, { "value": "Net Devil", @@ -1213,6 +1281,7 @@ "refs": [ "https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=20702" ], + "date": "2002", "synonyms": [ "NetDevil" ] @@ -1223,7 +1292,8 @@ "meta": { "refs": [ "http://www.megasecurity.org/trojans/a/a4zeta/A4zeta_b2.html" - ] + ], + "date": "2002" } }, { @@ -1231,32 +1301,47 @@ "meta": { "refs": [ "http://www.connect-trojan.net/2013/04/greek-hackers-rat-1.0.html?m=0" - ] + ], + "date": "2002" } }, { - "value": "MRA RAT" + "value": "MRA RAT", + "meta": { + "refs": [ + "http://www.connect-trojan.net/2013/04/greek-hackers-rat-1.0.html?m=0" + ], + "date": "2002" + } }, { "value": "Sparta RAT", "meta": { "refs": [ "http://www.connect-trojan.net/2015/09/sparta-rat-1.2-by-azooz-ejram.html" - ] + ], + "date": "2002" } }, { - "value": "LokiTech" + "value": "LokiTech", + "meta": { + "date": "2003" + } }, { - "value": "MadRAT" + "value": "MadRAT", + "meta": { + "date": "2002" + } }, { "value": "Tequila Bandita", "meta": { "refs": [ "http://www.connect-trojan.net/2013/07/tequila-bandita-1.3b2.html" - ] + ], + "date": "2004" } }, { @@ -1264,7 +1349,8 @@ "meta": { "refs": [ "http://www.megasecurity.org/trojans/t/toquitobandito/Toquitobandito_all.html" - ] + ], + "date": "2004" } }, { @@ -1275,7 +1361,8 @@ "http://www.megasecurity.org/trojans/m/mofotro/Mofotro_beta.html", "http://www.megasecurity.org/trojans/m/mofotro/Mofotroresurrection.html", "http://www.megasecurity.org/trojans/m/mofotro/Mofotro_beta1.5.html" - ] + ], + "date": "2006" } }, { @@ -1284,7 +1371,8 @@ "meta": { "refs": [ "http://www.megasecurity.org/trojans/h/hav/Havrat1.2.html" - ] + ], + "date": "2007" } }, { @@ -1293,7 +1381,8 @@ "meta": { "refs": [ "https://attack.mitre.org/wiki/Software/S0126" - ] + ], + "date": "2007" } }, { @@ -1302,7 +1391,8 @@ "meta": { "refs": [ "https://attack.mitre.org/wiki/Software/S0065" - ] + ], + "date": "2007" } }, { @@ -1312,22 +1402,35 @@ "refs": [ "http://www.connect-trojan.net/2015/06/dark-net-rat-v.0.3.9.0.html" ], + "date": "2007", "synonyms": [ "Dark NET RAT" ] } }, { - "value": "CIA RAT" + "value": "CIA RAT", + "meta:": { + "date": "2008" + } }, { - "value": "Minimo" + "value": "Minimo", + "meta:": { + "date": "2008" + } }, { - "value": "miniRAT" + "value": "miniRAT", + "meta:": { + "date": "2008" + } }, { - "value": "Pain RAT" + "value": "Pain RAT", + "meta:": { + "date": "2008" + } }, { "description": "PLUGX is a remote access tool (RAT) used in targeted attacks aimed toward government-related institutions and key industries. It was utilized the same way as Poison Ivy, a RAT involved in a campaign dating back to 2008.", @@ -1339,7 +1442,8 @@ ], "synonyms": [ "Korplug" - ] + ], + "date": "2005 or 2008" } }, { @@ -1349,23 +1453,31 @@ "refs": [ "http://thehackernews.com/2017/09/shadowbrokers-unitedrake-hacking.html", "https://www.itnews.com.au/news/shadowbrokers-release-unitedrake-nsa-malware-472771" - ] + ], + "date": "2008" } }, { "description": "Written in Visual Basic", - "value": "MgaTrojan", + "value": "MegaTrojan", "meta": { "refs": [ "http://www.megasecurity.org/trojans/m/mega/Megatrojan1.0.html" - ] + ], + "date": "2008" } }, { - "value": "Venomous Ivy" + "value": "Venomous Ivy", + "meta": { + "date": "2009" + } }, { - "value": "Xploit" + "value": "Xploit", + "meta": { + "date": "2010" + } }, { "value": "Arctic R.A.T.", @@ -1375,7 +1487,8 @@ ], "synonyms": [ "Artic" - ] + ], + "date": "2010" } }, { @@ -1383,7 +1496,8 @@ "meta": { "refs": [ "http://www.connect-trojan.net/2014/02/golden-phoenix-rat-0.2.html" - ] + ], + "date": "2010" } }, { @@ -1391,14 +1505,21 @@ "meta": { "refs": [ "http://www.connect-trojan.net/2014/10/graphicbooting-rat-v0.1-beta.html?m=0" - ] + ], + "date": "2010" } }, { - "value": "Pocket RAT" + "value": "Pocket RAT", + "meta": { + "date": "2010" + } }, { - "value": "Erebus" + "value": "Erebus", + "meta": { + "date": "2010" + } }, { "value": "SharpEye", @@ -1406,18 +1527,23 @@ "refs": [ "http://www.connect-trojan.net/2014/10/sharpeye-rat-1.0-beta-1.html", "http://www.connect-trojan.net/2014/02/sharpeye-rat-1.0-beta-2.html" - ] + ], + "date": "2010" } }, { - "value": "VorteX" + "value": "VorteX", + "meta": { + "date": "2010" + } }, { "value": "Archelaus Beta", "meta": { "refs": [ "http://www.connect-trojan.net/2014/02/archelaus-rat-beta.html" - ] + ], + "date": "2010" } }, { @@ -1426,7 +1552,8 @@ "meta": { "refs": [ "https://github.com/hussein-aitlahcen/BlackHole" - ] + ], + "date": "2011" } }, { @@ -1434,7 +1561,8 @@ "meta": { "refs": [ "http://ktwox7.blogspot.lu/2010/12/vanguard-remote-administration.html" - ] + ], + "date": "2010" } }, { @@ -1442,14 +1570,16 @@ "meta": { "refs": [ "http://www.ibtimes.co.uk/turkish-journalist-baris-pehlivan-jailed-terrorism-was-framed-by-hackers-says-report-1577481" - ] + ], + "date": "2011" } }, { "meta": { "refs": [ "https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199_useda.html" - ] + ], + "date": "2012" }, "description": "Though we have not identified the targets, FINSPY is sold by Gamma Group to multiple nation-state clients, and we assess with moderate confidence that it was being used along with the zero-day to carry out cyber espionage.", "value": "FINSPY" @@ -1460,35 +1590,50 @@ "meta": { "refs": [ "http://www.nuclearwintercrew.com/Products-View/25/Seed_1.1/" - ] + ], + "date": "2004 or 2011" } }, { - "value": "SharpBot" + "value": "SharpBot", + "meta": { + "date": "2011" + } }, { "value": "TorCT PHP RAT", "meta": { "refs": [ "https://github.com/alienwithin/torCT-PHP-RAT" - ] + ], + "date": "2012" } }, { - "value": "A32s RAT" + "value": "A32s RAT", + "meta": { + "date": "2012" + } }, { - "value": "Char0n" + "value": "Char0n", + "meta": { + "date": "2012" + } }, { - "value": "Nytro" + "value": "Nytro", + "meta": { + "date": "2012" + } }, { "value": "Syla", "meta": { "refs": [ "http://www.connect-trojan.net/2013/07/syla-rat-0.3.html" - ] + ], + "date": "2012" } }, { @@ -1497,7 +1642,8 @@ "meta": { "refs": [ "https://www.cobaltstrike.com/" - ] + ], + "date": "2012" } }, { @@ -1510,7 +1656,8 @@ "synonyms": [ "Sakurel", "VIPER" - ] + ], + "date": "2012" } }, { @@ -1519,7 +1666,8 @@ "meta": { "refs": [ "https://attack.mitre.org/wiki/Software/S0071" - ] + ], + "date": "2012" } }, { @@ -1527,7 +1675,8 @@ "meta": { "refs": [ "http://www.connect-trojan.net/2015/01/crimson-rat-3.0.0.html" - ] + ], + "date": "2012" } }, { @@ -1535,7 +1684,8 @@ "meta": { "refs": [ "http://hack-defender.blogspot.fr/2015/12/kjw0rm-v05x.html" - ] + ], + "date": "2013" } }, { @@ -1546,20 +1696,33 @@ ], "synonyms": [ "Ucul" - ] + ], + "date": "2013" } }, { - "value": "9002" + "value": "9002", + "meta": { + "date": "2013" + } }, { - "value": "Sandro RAT" + "value": "Sandro RAT", + "meta": { + "date": "2014" + } }, { - "value": "Mega" + "value": "Mega", + "meta": { + "date": "2014" + } }, { - "value": "WiRAT" + "value": "WiRAT", + "meta": { + "date": "2014" + } }, { "value": "3PARA RAT", @@ -1570,7 +1733,10 @@ } }, { - "value": "BBS RAT" + "value": "BBS RAT", + "meta": { + "date": "2014" + } }, { "description": "KONNI is a remote access Trojan (RAT) that was first reported in May of 2017, but is believed to have been in use for over 3 years. As Part of our daily threat monitoring, FortiGuard Labs came across a new variant of the KONNI RAT and decided to take a deeper look.", @@ -1588,7 +1754,10 @@ } }, { - "value": "Felimus RAT" + "value": "Felismus RAT", + "meta": { + "date": "2014" + } }, { "description": "Xsser mRAT is a piece of malware that targets iOS devices that have software limitations removed. The app is installed via a rogue repository on Cydia, the most popular third-party application store for jailbroken iPhones. Once the malicious bundle has been installed and executed, it gains persistence - preventing the user from deleting it. The mRAT then makes server-side checks and proceeds to steal data from the user's device and executes remote commands as directed by its command-and-control (C2) server.", @@ -1600,7 +1769,8 @@ ], "synonyms": [ "mRAT" - ] + ], + "date": "2014" } }, { @@ -1610,7 +1780,8 @@ "refs": [ "http://securityaffairs.co/wordpress/41714/cyber-crime/govrat-platform.html", "http://securityaffairs.co/wordpress/51202/cyber-crime/govrat-2-0-attacks.html" - ] + ], + "date": "2015" } }, { @@ -1618,18 +1789,23 @@ "meta": { "refs": [ "https://www.youtube.com/watch?v=jUg5--68Iqs" - ] + ], + "date": "2015" } }, { - "value": "Killer RAT" + "value": "Killer RAT", + "meta": { + "date": "2015" + } }, { "value": "Hi-Zor", "meta": { "refs": [ "https://www.fidelissecurity.com/threatgeek/2016/01/introducing-hi-zor-rat" - ] + ], + "date": "2015" } }, { @@ -1641,11 +1817,15 @@ ], "synonyms": [ "QRAT" - ] + ], + "date": "2015" } }, { - "value": "Heseber" + "value": "Heseber", + "meta": { + "date": "2015" + } }, { "description": "Cardinal is a remote access trojan (RAT) discovered by Palo Alto Networks in 2017 and has been active for over two years. It is delivered via a downloader, known as Carp, and uses malicious macros in Microsoft Excel documents to compile embedded C# programming language source code into an executable that runs and deploys the Cardinal RAT. The malicious Excel files use different tactics to get the victims to execute it. ", @@ -1655,7 +1835,8 @@ "https://researchcenter.paloaltonetworks.com/2017/04/unit42-cardinal-rat-active-two-years/", "https://www.scmagazine.com/cardinal-rats-unique-downloader-allowed-it-to-avoid-detection-for-years/article/651927/", "https://www.cyber.nj.gov/threat-profiles/trojan-variants/cardinal" - ] + ], + "date": "2015" } }, { @@ -1664,7 +1845,8 @@ "meta": { "refs": [ "https://omnirat.eu/en/" - ] + ], + "date": "2015" } }, { @@ -1672,7 +1854,8 @@ "meta": { "refs": [ "https://www.youtube.com/watch?v=qKdoExQFb68" - ] + ], + "date": "2015" } }, { @@ -1682,7 +1865,8 @@ "refs": [ "https://researchcenter.paloaltonetworks.com/2017/03/unit42-trochilus-rat-new-moonwind-rat-used-attack-thai-utility-organizations/", "http://securityaffairs.co/wordpress/43889/cyber-crime/new-rat-trochilus.html" - ] + ], + "date": "2015" } }, { @@ -1691,7 +1875,8 @@ "meta": { "refs": [ "https://www.alienvault.com/blogs/security-essentials/matryoshka-malware-from-copykittens-group" - ] + ], + "date": "2015" } }, { @@ -1702,7 +1887,8 @@ "http://virusguides.com/newly-discovered-mangit-malware-offers-banking-trojan-service/", "https://www.cyber.nj.gov/threat-profiles/trojan-variants/mangit", "http://news.softpedia.com/news/new-malware-mangit-surfaces-as-banking-trojan-as-a-service-505458.shtml" - ] + ], + "date": "2016" } }, { @@ -1711,16 +1897,18 @@ "refs": [ "http://www.connect-trojan.net/2016/08/legend-rat-v1.3-by-ahmed-ibrahim.html", "http://www.connect-trojan.net/2016/11/legend-rat-v1.9-by-ahmed-ibrahim.html" - ] + ], + "date": "2016" } }, { "description": "Revenge v0.1 was a simple tool, according to a researcher known as Rui, who says the malware’s author didn’t bother obfuscating the RAT’s source code. This raised a question mark with the researchers, who couldn’t explain why VirusTotal scanners couldn’t pick it up as a threat right away.Revenge, which was written in Visual Basic, also didn’t feature too many working features, compared to similar RATs. Even Napolean admitted that his tool was still in the early development stages, a reason why he provided the RAT for free.", - "value": "revenge-RAT", + "value": "Revenge-RAT", "meta": { "refs": [ "http://www.securitynewspaper.com/2016/08/31/unsophisticated-revenge-rat-released-online-free-exclusive/" - ] + ], + "date": "2016" } }, { @@ -1728,7 +1916,8 @@ "meta": { "refs": [ "https://twitter.com/malwrhunterteam/status/816993165119016960?lang=en" - ] + ], + "date": "2016" } }, { @@ -1737,7 +1926,8 @@ "meta": { "refs": [ "http://blog.talosintelligence.com/2017/04/introducing-rokrat.html" - ] + ], + "date": "2016" } }, { @@ -1749,7 +1939,8 @@ ], "synonyms": [ "qrat" - ] + ], + "date": "2016" } }, { @@ -1759,7 +1950,8 @@ "refs": [ "https://researchcenter.paloaltonetworks.com/2017/03/unit42-trochilus-rat-new-moonwind-rat-used-attack-thai-utility-organizations/", "https://attack.mitre.org/wiki/Software/S0149" - ] + ], + "date": "2016" } }, { @@ -1768,7 +1960,8 @@ "meta": { "refs": [ "https://blog.fortinet.com/2017/02/14/remcos-a-new-rat-in-the-wild-2" - ] + ], + "date": "2016" } }, { @@ -1777,7 +1970,8 @@ "meta": { "refs": [ "https://securityintelligence.com/client-maximus-new-remote-overlay-malware-highlights-rising-malcode-sophistication-in-brazil/" - ] + ], + "date": "2016" } }, { @@ -1786,7 +1980,8 @@ "meta": { "refs": [ "https://github.com/Screetsec/TheFatRat" - ] + ], + "date": "2016" } }, { @@ -1795,7 +1990,8 @@ "meta": { "refs": [ "http://blog.jpcert.or.jp/2017/04/redleaves---malware-based-on-open-source-rat.html" - ] + ], + "date": "2016" } }, { @@ -1804,7 +2000,8 @@ "meta": { "refs": [ "http://www.securityweek.com/rurktar-malware-espionage-tool-development" - ] + ], + "date": "2017" } }, { @@ -1813,7 +2010,8 @@ "meta": { "refs": [ "https://www.cyber.nj.gov/threat-profiles/trojan-variants/ratattack" - ] + ], + "date": "2017" } }, { @@ -1822,7 +2020,8 @@ "meta": { "refs": [ "https://researchcenter.paloaltonetworks.com/2017/08/unit42-updated-khrat-malware-used-in-cambodia-attacks/" - ] + ], + "date": "2017" } }, { @@ -1831,7 +2030,8 @@ "meta": { "refs": [ "https://revcode.eu/" - ] + ], + "date": "2017" } }, { @@ -1840,11 +2040,15 @@ "meta": { "refs": [ "https://github.com/AhMyth/AhMyth-Android-RAT" - ] + ], + "date": "2017" } }, { - "value": "PowerRAT" + "value": "PowerRAT", + "meta": { + "date": "2017" + } }, { "description": "MacSpy is advertised as the \"most sophisticated Mac spyware ever\", with the low starting price of free. While the idea of malware-as-a-service (MaaS) isn’t a new one with players such as Tox and Shark the game, it can be said that MacSpy is one of the first seen for the OS X platform.", @@ -1852,7 +2056,8 @@ "meta": { "refs": [ "https://www.alienvault.com/blogs/labs-research/macspy-os-x-rat-as-a-service" - ] + ], + "date": "2017" } }, { @@ -1861,7 +2066,8 @@ "meta": { "refs": [ "http://blog.talosintelligence.com/2017/03/dnsmessenger.html" - ] + ], + "date": "2017" } }, { @@ -1869,7 +2075,8 @@ "meta": { "refs": [ "http://pentagon-rat.blogspot.fr/" - ] + ], + "date": "2017" } }, { @@ -1878,7 +2085,26 @@ "meta": { "refs": [ "https://www.cyber.nj.gov/threat-profiles/trojan-variants/newcore" - ] + ], + "date": "2017" + } + }, + { + "value": "Deeper RAT", + "meta": { + "date": "2010" + } + }, + { + "value": "Xyligan", + "meta": { + "date": "2012" + } + }, + { + "value": "H-w0rm", + "meta": { + "date": "2013" } } ]