Merge pull request #68 from Delta-Sierra/master

add rats
2017-06-20 09:27:06 +02:00 · 2017-06-20 09:27:06 +02:00 · 1ce99243bd
parent 5775880e4a 57f6c2414d
commit 1ce99243bd
1 changed files with 197 additions and 0 deletions
--- a/clusters/rat.json
+++ b/clusters/rat.json
@ -763,6 +763,203 @@
      },
      "description": "Nuclear RAT (short for Nuclear Remote Administration Tool) is a backdoor trojan horse that infects Windows NT family systems (Windows 2000, XP, 2003).",
      "value": "Nuclear RAT"
+    },
+    {
+      "meta": {
+        "refs": [
+          "http://ozonercp.com/"
+        ]
+      },
+      "description": "C++ REMOTE CONTROL PROGRAM",
+      "value": "Ozone"
+    },
+    {
+      "meta": {
+        "refs": [
+          "https://github.com/alienwithin/xanity-php-rat"
+        ]
+      },
+      "value": "Xanity"
+    },
+    {
+      "meta": {
+        "synonyms": [
+          "Dark Moon"
+        ]
+      },
+      "value": "DarkMoon"
+    },
+    {
+      "meta": {
+        "refs": [
+          "http://broad-product.biz/forum/r-a-t-(remote-administration-tools)/xpert-rat-3-0-10-by-abronsius(vb6)/",
+          "https://www.nulled.to/topic/18355-xpert-rat-309/",
+          "https://trickytamilan.blogspot.lu/2016/03/xpert-rat.html"
+        ]
+      },
+      "value": "Xpert"
+    },
+    {
+      "meta": {
+        "refs": [
+          "https://www.alienvault.com/blogs/labs-research/kilerrat-taking-over-where-njrat-remote-access-trojan-left-off"
+        ]
+      },
+      "description": "This remote access trojan (RAT) has capabilities ranging from manipulating the registry to opening a reverse shell. From stealing credentials stored in browsers to accessing the victims webcam. Through the Command & Control (CnC) server software, the attacker has capabilities to create and configure the malware to spread utilizing physic devices, such as USB drives, but also to use the victim as a pivot point to gain more access laterally throughout the network. This remote access trojan could be classified as a variant of the well known njrat, as they share many similar features such as their display style, several abilities and a general template for communication methods . However, where njrat left off KilerRat has taken over. KilerRat is a very feature rich RAT with an active development force that is rapidly gaining in popularity amongst the middle eastern community and the world.",
+      "value": "Kiler RAT"
+    },
+    {
+      "value": "Brat"
+    },
+    {
+      "value": "MINI-MO"
+    },
+    {
+      "meta": {
+        "refs": [
+          "http://blog.trendmicro.com/trendlabs-security-intelligence/lost-door-rat-accessible-customizable-attack-tool/"
+        ]
+      },
+      "description": "Unlike most attack tools that one can only find in cybercriminal underground markets, Lost Door is very easy to obtain. It’s promoted on social media sites like YouTube and Facebook. Its maker, “OussamiO,” even has his own Facebook page where details on his creation can be found. He also has a dedicated blog (hxxp://lost-door[.]blogspot[.]com/) where tutorial videos and instructions on using the RAT is found. Any cybercriminal or threat actor can purchase and use the RAT to launch attacks.",
+      "value": "Lost Door"
+    },
+    {
+      "meta": {
+        "refs": [
+          "https://www.rekings.com/loki-rat-php-rat/"
+        ]
+      },
+      "description": "Loki RAT is a php RAT that means no port forwarding is needed for this RAT, If you dont know how to setup this RAT click on tutorial.",
+      "value": "Loki RAT"
+    },
+    {
+      "meta": {
+        "refs": [
+          "https://github.com/BahNahNah/MLRat"
+        ]
+      },
+      "value": "MLRat"
+    },
+    {
+      "meta": {
+        "refs": [
+          "http://perfect-conexao.blogspot.lu/2014/09/spycronic-1021.html",
+          "http://www.connect-trojan.net/2013/09/spycronic-v1.02.1.html",
+          "https://ranger-exploit.com/spycronic-v1-02-1/"
+        ]
+      },
+      "value": "SpyCronic"
+    },
+    {
+      "meta": {
+        "refs": [
+          "https://github.com/n1nj4sec/pupy"
+        ]
+      },
+      "description": "Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python ",
+      "value": "Pupy"
+    },
+    {
+      "meta": {
+        "refs": [
+          "http://novarat.sourceforge.net/"
+        ]
+      },
+      "description": "Nova is a proof of concept demonstrating screen sharing over UDP hole punching.",
+      "value": "Nova"
+    },
+    {
+      "meta": {
+        "refs": [
+          "https://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=9401&signatureSubId=2",
+          "https://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=9401&signatureSubId=0&softwareVersion=6.0&releaseVersion=S177",
+          "https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=20292",
+          "https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=20264"
+        ],
+        "synonyms": [
+          "Back Door Y3K RAT "
+        ]
+      },
+      "value": "BD Y3K RAT "
+    },
+    {
+      "meta": {
+        "refs": [
+          "http://turkojan.blogspot.lu/"
+        ]
+      },
+      "description": "Turkojan is a remote administration and spying tool for Microsoft Windows operating systems.",
+      "value": "Turkojan"
+    },
+    {
+      "meta": {
+        "refs": [
+          "http://josh.com/tiny/"
+        ]
+      },
+      "description": "TINY is a set of programs that lets you control a DOS computer from any Java-capable machine over a TCP/IP connection.  It is comparable to programs like VNC, CarbonCopy, and GotoMyPC except that the host machine is a DOS computer rather than a Windows one.",
+      "value": "TINY"
+    },
+    {
+      "meta": {
+        "refs": [
+          "https://www.security-database.com/toolswatch/SharK-3-Remote-Administration-Tool.html",
+          "http://lpc1.clpccd.cc.ca.us/lpc/mdaoud/CNT7501/NETLABS/Ethical_Hacking_Lab_05.pdf"
+        ],
+        "synonyms": [
+          "SHARK",
+          "Shark"
+        ]
+      },
+      "description": "sharK is an advanced reverse connecting, firewall bypassing remote administration tool written in VB6. With sharK you will be able to administrate every PC (using Windows OS) remotely.",
+      "value": "SharK"
+    },
+    {
+      "meta": {
+        "refs": [
+          "https://www.symantec.com/security_response/writeup.jsp?docid=2003-022018-5040-99"
+        ],
+        "synonyms": [
+          "Backdoor.Blizzard",
+          "Backdoor.Fxdoor",
+          "Backdoor.Snowdoor",
+          "Backdoor:Win32/Snowdoor"
+        ]
+      },
+      "description": "Backdoor.Snowdoor is a Backdoor Trojan Horse that allows unauthorized access to an infected computer. It creates an open C drive share with its default settings. By default, the Trojan listens on port 5,328.",
+      "value": "Snowdoor"
+    },
+    {
+      "meta": {
+        "refs": [
+          "https://www.nulled.to/topic/155464-paradox-rat/"
+        ]
+      },
+      "value": "Paradox"
+    },
+    {
+      "meta": {
+        "refs": [
+          "https://www.rekings.com/spynote-v4-android-rat/"
+        ]
+      },
+      "description": "Android RAT",
+      "value": "SpyNote"
+    },
+    {
+      "value": "ZOMBIE SLAYER"
+    },
+    {
+      "value": "HTTP WEB BACKDOOR"
+    },
+    {
+      "meta": {
+        "refs": [
+          "https://networklookout.com/help/"
+        ]
+      },
+      "description": "Net Monitor for Employees lets you see what everyone's doing - without leaving your desk. Monitor the activity of all employees. Plus you can share your screen with your employees PCs, making demos and presentations much easier.",
+      "value": "NET-MONITOR PRO"
    }
  ]
 }