MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #115 from Delta-Sierra/master 

add ALMA Communicator
pull/118/head
Alexandre Dulaunoy 2017-11-09 09:32:09 +01:00 committed by GitHub
parent bd313cb38d 880c74f469
commit 454e6183e6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
clusters/tool.json
View File

@ -3011,6 +3011,15 @@
"https://researchcenter.paloaltonetworks.com/2017/03/unit42-dimnie-hiding-plain-sight/"
]
}
},
{
"value": "ALMA Communicator",
"description": "The ALMA Communicator Trojan is a backdoor Trojan that uses DNS tunneling exclusively to receive commands from the adversary and to exfiltrate data. This Trojan specifically reads in a configuration from the cfg file that was initially created by the Clayslide delivery document. ALMA does not have an internal configuration, so the Trojan does not function without the cfg file created by the delivery document.",
"meta": {
"refs": [
"https://researchcenter.paloaltonetworks.com/2017/11/unit42-oilrig-deploys-alma-communicator-dns-tunneling-trojan/"
]
}
}
]
}