go for caro, add hi-zor

2017-02-25 00:42:44 +01:00 · 2017-02-25 00:42:44 +01:00 · 50d2b1c871
parent d502d5b5bf
commit 50d2b1c871
1 changed files with 38 additions and 18 deletions
--- a/clusters/tool.json
+++ b/clusters/tool.json
@ -15,7 +15,7 @@
          "Agent.dhwf"
        ],
        "type": [
-          "rat"
+          "Backdoor"
        ]
      }
    },
@ -27,7 +27,7 @@
          "https://www.zscaler.com/pdf/whitepapers/msupdater_trojan_whitepaper.pdfx"
        ],
        "type": [
-          "rat"
+          "Backdoor"
        ]
      }
    },
@ -39,7 +39,7 @@
          "https://github.com/AlessandroZ/LaZagne"
        ],
        "type": [
-          "tool"
+          "HackTool"
        ]
      }
    },
@ -56,7 +56,7 @@
          "Gen:Trojan.Heur.PT"
        ],
        "type": [
-          "rat"
+          "Backdoor"
        ]
      }
    },
@ -68,7 +68,7 @@
          "http://researchcenter.paloaltonetworks.com/2016/04/unit42-new-poison-ivy-rat-variant-targets-hong-kong-pro-democracy-activists/"
        ],
        "type": [
-          "rat"
+          "Backdoor"
        ]
      }
    },
@ -82,7 +82,7 @@
          "Anchor Panda"
        ],
        "type": [
-          "rat"
+          "Backdoor"
        ]
      }
    },
@ -97,7 +97,7 @@
          "ozonercp"
        ],
        "type": [
-          "rat"
+          "Backdoor"
        ]
      }
    },
@ -114,13 +114,13 @@
          "Win32/Zegost.BW"
        ],
        "type": [
-          "rat"
+          "Backdoor"
        ]
      }
    },
    {
      "value": "Elise Backdoor",
-      "description": " Trojan (RAT) linked to current targeted attacks and others dating back to at least early 2009",
+      "description": "Trojan (RAT) linked to current targeted attacks and others dating back to at least early 2009",
      "meta": {
        "refs": [
          "http://thehackernews.com/2015/08/elise-malware-hacking.html"
@ -130,7 +130,7 @@
        ],
        "type": [
          "dropper",
-          "stealer"
+          "PWS"
        ]
      }
    },
@ -145,7 +145,7 @@
          "Laziok"
        ],
        "type": [
-          "stealer",
+          "PWS",
          "reco"
        ]
      }
@ -164,8 +164,8 @@
          "Acecard"
        ],
        "type": [
-          "spyware",
-          "android"
+          "Spyware",
+          "AndroidOS"
        ]
      }
    },
@ -185,9 +185,9 @@
          "PWOQuery"
        ],
        "type": [
-          "dropper",
-          "miner",
-          "spyware"
+          "Dropper",
+          "Miner",
+          "Spyware"
        ]
      }
    },
@ -203,7 +203,7 @@
          "http://blog.trendmicro.com/trendlabs-security-intelligence/lost-door-rat-accessible-customizable-attack-tool/"
        ],
        "type": [
-          "rat"
+          "Backdoor"
        ]
      }
    },
@ -218,7 +218,7 @@
          "http://www.fidelissecurity.com/files/files/FTA_1009-njRAT_Uncovered_rev2.pdf"
        ],
        "type": [
-          "rat"
+          "Backdoor"
        ]
      }
    },
@ -234,6 +234,9 @@
        "refs": [
          "http://www.symantec.com/connect/blogs/nanocore-another-rat-tries-make-it-out-gutter",
          "https://nanocore.io/"
+        ],
+        "type": [
+          "Backdoor"
        ]
      }
    },
@ -242,6 +245,23 @@
      "meta": {
        "synonyms": [
          "Sakurel"
+        ],
+        "refs": [
+          "https://www.secureworks.com/research/sakula-malware-family"
+        ],
+        "type": [
+          "Backdoor"
+        ]
+      }
+    },
+    {
+      "value": "Hi-ZOR",
+      "meta": {
+        "refs": [
+          "http://www.threatgeek.com/2016/01/introducing-hi-zor-rat.html"
+        ],
+        "type": [
+          "Backdoor"
        ]
      }
    },