From 4ac23483b90301bcc72799158990cf0d29155077 Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Wed, 13 Jun 2018 11:54:50 +0200 Subject: [PATCH] add some tools --- clusters/tool.json | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/clusters/tool.json b/clusters/tool.json index 9dc8241..5593653 100644 --- a/clusters/tool.json +++ b/clusters/tool.json @@ -4292,6 +4292,26 @@ "https://www.bleepingcomputer.com/news/security/invisimole-is-a-complex-spyware-that-can-take-pictures-and-record-audio/" ] } + }, + { + "uuid": "f35f219a-6eed-11e8-980a-93bb96299951", + "value": "Roaming Mantis", + "description": "Roaming Mantis malware is designed for distribution through a simple, but very efficient trick based on a technique known as DNS hijacking. When a user attempts to access any website via a compromised router, they will be redirected to a malicious website. For example, if a user were to navigate to www.securelist.com using a web browser, the browser would be redirected to a rogue server which has nothing to do with the security research blog. As long as the browser displays the original URL, users are likely to believe the website is genuine. The web page from the rogue server displays the popup message: To better experience the browsing, update to the latest chrome version.", + "meta": { + "refs": [ + "https://securelist.com/roaming-mantis-uses-dns-hijacking-to-infect-android-smartphones/85178/" + ] + } + }, + { + "uuid": "7cda6406-6eef-11e8-a2ad-9340096d5711", + "value": "PLEAD Downloader", + "description": "PLEAD is referred to both as a name of malware including TSCookie and its attack campaign. PLEAD has two kinds – RAT (Remote Access Tool) and downloader. The RAT operates based on commands that are provided from C&C servers. On the other hand, PLEAD downloader downloads modules and runs it on memory in the same way as TSCookie does.", + "meta": { + "refs": [ + "https://blog.jpcert.or.jp/2018/06/plead-downloader-used-by-blacktech.html" + ] + } } ], "authors": [