add several tools and refs

2018-11-08 10:39:32 +01:00 · 2018-11-08 10:39:32 +01:00 · 14444e4321
parent 954264c084
commit 14444e4321
3 changed files with 30 additions and 9 deletions
--- a/clusters/rat.json
+++ b/clusters/rat.json
@ -286,7 +286,8 @@
        "refs": [
          "https://securelist.com/securelist/files/2016/02/KL_AdwindPublicReport_2016.pdf",
          "https://www.f-secure.com/v-descs/backdoor_java_adwind.shtml",
-          "https://blog.fortinet.com/2016/08/16/jbifrost-yet-another-incarnation-of-the-adwind-rat"
+          "https://blog.fortinet.com/2016/08/16/jbifrost-yet-another-incarnation-of-the-adwind-rat",
+          "https://www.ncsc.gov.uk/content/files/protected_files/article_files/Joint%20report%20on%20publicly%20available%20hacking%20tools%20%28NCSC%29.pdf"
        ],
        "synonyms": [
          "UNRECOM",
@ -724,7 +725,8 @@
        "date": "2014",
        "refs": [
          "https://github.com/quasar/QuasarRAT",
-          "https://researchcenter.paloaltonetworks.com/2017/10/unit42-tracking-subaat-targeted-phishing-attacks-point-leader-threat-actors-repository/"
+          "https://researchcenter.paloaltonetworks.com/2017/10/unit42-tracking-subaat-targeted-phishing-attacks-point-leader-threat-actors-repository/",
+          "https://www.ncsc.gov.uk/content/files/protected_files/article_files/Joint%20report%20on%20publicly%20available%20hacking%20tools%20%28NCSC%29.pdf"
        ]
      },
      "related": [
@ -3278,5 +3280,5 @@
      "value": "NukeSped"
    }
  ],
-  "version": 20
+  "version": 21
 }
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -105,7 +105,8 @@
          "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks",
          "http://www.isightpartners.com/2015/02/codoso/#sthash.VJMDVPQB.dpuf",
          "http://researchcenter.paloaltonetworks.com/2016/01/new-attacks-linked-to-c0d0s0-group/",
-          "https://www.nytimes.com/2016/06/12/technology/the-chinese-hackers-in-the-back-office.html"
+          "https://www.nytimes.com/2016/06/12/technology/the-chinese-hackers-in-the-back-office.html",
+          "https://www.ncsc.gov.uk/content/files/protected_files/article_files/Joint%20report%20on%20publicly%20available%20hacking%20tools%20%28NCSC%29.pdf"
        ],
        "synonyms": [
          "C0d0so",
@ -995,7 +996,8 @@
        "country": "CN",
        "refs": [
          "http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-malware-new-attacks-japanese-academics-organizations/",
-          "https://www.cfr.org/interactive/cyber-operations/apt-10"
+          "https://www.cfr.org/interactive/cyber-operations/apt-10",
+          "https://www.ncsc.gov.uk/content/files/protected_files/article_files/Joint%20report%20on%20publicly%20available%20hacking%20tools%20%28NCSC%29.pdf"
        ],
        "synonyms": [
          "APT10",
@ -5999,5 +6001,5 @@
      "value": "EvilTraffic"
    }
  ],
-  "version": 76
+  "version": 77
 }
--- a/clusters/tool.json
+++ b/clusters/tool.json
@ -677,7 +677,8 @@
      "meta": {
        "refs": [
          "https://github.com/gentilkiwi/mimikatz",
-          "https://researchcenter.paloaltonetworks.com/2017/07/unit42-twoface-webshell-persistent-access-point-lateral-movement/"
+          "https://researchcenter.paloaltonetworks.com/2017/07/unit42-twoface-webshell-persistent-access-point-lateral-movement/",
+          "https://www.ncsc.gov.uk/content/files/protected_files/article_files/Joint%20report%20on%20publicly%20available%20hacking%20tools%20%28NCSC%29.pdf"
        ],
        "synonyms": [
          "Mikatz"
@ -2049,9 +2050,15 @@
      "value": "Hoardy"
    },
    {
+      "description": "HUC Packet Transmitter (HTran) is a proxy tool, used to intercept and redirect Transmission Control Protocol (TCP) connections from the local host to a remote host. This makes it possible to obfuscate an attacker's communications with victim networks. The tool has been freely available on the internet since at least 2009.\nHTran facilitates TCP connections between the victim and a hop point controlled by an attacker. Malicious cyber actors can use this technique to redirect their packets through multiple compromised hosts running HTran, to gain greater access to hosts in a network",
      "meta": {
        "refs": [
-          "http://www.secureworks.com/research/threats/htran/"
+          "http://www.secureworks.com/research/threats/htran/",
+          "https://www.ncsc.gov.uk/content/files/protected_files/article_files/Joint%20report%20on%20publicly%20available%20hacking%20tools%20%28NCSC%29.pdf"
+        ],
+        "synonyms": [
+          "HUC Packet Transmitter",
+          "HTran"
        ]
      },
      "uuid": "f3bfe513-2a65-49b5-9d64-a66541dce697",
@ -7384,7 +7391,17 @@
      },
      "uuid": "9972d4c4-d6c6-11e8-867e-87b4a45aa76d",
      "value": "August"
+    },
+    {
+      "description": "China Chopper is a publicly available, well-documented web shell, in widespread use since 2012.",
+      "meta": {
+        "refs": [
+          "https://www.ncsc.gov.uk/content/files/protected_files/article_files/Joint%20report%20on%20publicly%20available%20hacking%20tools%20%28NCSC%29.pdf"
+        ]
+      },
+      "uuid": "1ac4a966-0c74-46d5-b7e1-a40f4c681bc8",
+      "value": "China Chopper"
    }
  ],
-  "version": 98
+  "version": 99
 }