From 91cf7b4ceeeb2dcc54de8d97c71d6535bb5a1836 Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Fri, 16 Jun 2017 15:34:20 +0200 Subject: [PATCH] add some rats sand tools --- clusters/rat.json | 43 +++++++++++++++++++++++++++++++++++++++++++ clusters/tool.json | 24 ++++++++++++++++++++++++ 2 files changed, 67 insertions(+) diff --git a/clusters/rat.json b/clusters/rat.json index 9dfa1f3..8509a82 100644 --- a/clusters/rat.json +++ b/clusters/rat.json @@ -720,6 +720,49 @@ }, "description": "Free, Open-Source Remote Administration Tool. xRAT 2.0 is a fast and light-weight Remote Administration Tool coded in C# (using .NET Framework 2.0).", "value": "xRAT" + }, + { + "meta": { + "refs": [ + "http://sakhackingarticles.blogspot.lu/2014/08/biodox-rat.html" + ] + }, + "value": "Biodox" + }, + { + "meta": { + "refs": [ + "https://leakforums.net/thread-31386?tid=31386&&pq=1" + ] + }, + "description": "Offense RAT is a free renote administration tool made in Delphi 9.", + "value": "Offence" + }, + { + "meta": { + "refs": [ + "https://leakforums.net/thread-36962" + ] + }, + "value": "Apocalypse" + }, + { + "meta": { + "refs": [ + "https://leakforums.net/thread-363920" + ] + }, + "value": "JCage" + }, + { + "meta": { + "refs": [ + "http://malware.wikia.com/wiki/Nuclear_RAT", + "http://www.nuclearwintercrew.com/Products-View/21/Nuclear_RAT_2.1.0/" + ] + }, + "description": "Nuclear RAT (short for Nuclear Remote Administration Tool) is a backdoor trojan horse that infects Windows NT family systems (Windows 2000, XP, 2003).", + "value": "Nuclear RAT" } ] } diff --git a/clusters/tool.json b/clusters/tool.json index 6a98ef8..0b767d6 100644 --- a/clusters/tool.json +++ b/clusters/tool.json @@ -2782,6 +2782,30 @@ "http://researchcenter.paloaltonetworks.com/2017/05/unit42-kazuar-multiplatform-espionage-backdoor-api-access/" ] } + }, + { + "description": "Many links indicate, that this bot is another product of the people previously involved in Dyreza. It seems to be rewritten from scratch – however, it contains many similar features and solutions to those we encountered analyzing Dyreza (read more).", + "value": "Trick Bot", + "meta": { + "refs": [ + "https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/", + "https://blog.fraudwatchinternational.com/malware/trickbot-malware-works", + "https://securityintelligence.com/trickbot-is-hand-picking-private-banks-for-targets-with-redirection-attacks-in-tow/" + ], + "synonyms": [ + "TrickBot", + "TrickLoader" + ] + } + }, + { + "value": "Moneygram Adwind", + "meta": { + "refs": [ + "https://myonlinesecurity.co.uk/new-guidelines-from-moneygram-malspam-delivers-a-brand-new-java-adwind-version/" + ] + } } + ] }