From 9df95031a7b2592c49a6f884ea2c38a921898bd1 Mon Sep 17 00:00:00 2001 From: Thomas Dupuy Date: Wed, 20 Jan 2021 13:27:51 -0500 Subject: [PATCH 1/2] Update ZxShell tool. --- clusters/tool.json | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/clusters/tool.json b/clusters/tool.json index f0d1983..ebebdb3 100644 --- a/clusters/tool.json +++ b/clusters/tool.json @@ -1736,9 +1736,12 @@ "value": "Tdrop2" }, { + "description": "ZxShell is a remote access trojan (RAT). It was developed in 2006 by the persona \"LZX\", who then publicly released the source code in 2007", "meta": { "refs": [ - "http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html" + "http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html", + "https://blogs.cisco.com/security/talos/opening-zxshell", + "https://www.secureworks.com/research/a-peek-into-bronze-unions-toolbox" ], "synonyms": [ "Sensode" @@ -8206,5 +8209,5 @@ "value": "Beds Protector" } ], - "version": 139 + "version": 140 } From f964514ec57eb03857a10e2d2364377f785bb440 Mon Sep 17 00:00:00 2001 From: Thomas Dupuy Date: Wed, 20 Jan 2021 13:44:28 -0500 Subject: [PATCH 2/2] Add HyperBro in tools --- clusters/tool.json | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/clusters/tool.json b/clusters/tool.json index ebebdb3..4bab6de 100644 --- a/clusters/tool.json +++ b/clusters/tool.json @@ -8207,6 +8207,20 @@ "related": [], "uuid": "5ce18513-bd12-4689-a705-634cf727162e", "value": "Beds Protector" + }, + { + "description": "HyperBro Trojan was used as last-stage in-memory remote administration tool (RAT).", + "meta": { + "refs": [ + "https://securelist.com/luckymouse-hits-national-data-center/86083/" + ], + "type": [ + "RAT" + ] + }, + "related": [], + "uuid": "e1bfe1d9-190c-4cf4-aec8-a8f2c41c7d8b", + "value": "HyperBro" } ], "version": 140