diff --git a/elements/threat-actor-tools.json b/elements/threat-actor-tools.json index 90f5afa6..66bffc57 100644 --- a/elements/threat-actor-tools.json +++ b/elements/threat-actor-tools.json @@ -73,7 +73,12 @@ "value": "NETEAGLE" }, { - "value": "Agent.BTZ" + "value": "Agent.BTZ", + "synonyms": ["ComRat"] + }, + { + "value": "Heseber BOT", + "description": "RAT bundle with standard VNC (to avoid/limit A/V detection)." }, { "value": "Agent.dne" @@ -90,6 +95,14 @@ { "value": "Winexe" }, + { + "value": "Dark Comet", + "description": "RAT initialy identified in 2011 and still actively used." + }, + { + "value": "AlienSpy", + "description": "RAT for Apple OS X platforms" + }, { "value": "CORESHELL" }, @@ -103,7 +116,13 @@ "value": "OLDBAIT" }, { - "value": "Havex RAT" + "value": "Havex RAT", + "synonyms": ["Havex"] + }, + { + "value": "KjW0rm", + "description": "RAT initially written in VB.", + "refs": ["https://www.sentinelone.com/blog/understanding-kjw0rm-malware-we-dive-in-to-the-tv5-cyber-attack/"] }, { "value": "LURK"