mirror of https://github.com/MISP/misp-galaxy
commit
8498243005
|
@ -7,7 +7,7 @@
|
||||||
],
|
],
|
||||||
"description": "remote administration tool or remote access tool (RAT), also called sometimes remote access trojan, is a piece of software or programming that allows a remote \"operator\" to control a system as if they have physical access to that system.",
|
"description": "remote administration tool or remote access tool (RAT), also called sometimes remote access trojan, is a piece of software or programming that allows a remote \"operator\" to control a system as if they have physical access to that system.",
|
||||||
"uuid": "312f8714-45cb-11e7-b898-135207cdceb9",
|
"uuid": "312f8714-45cb-11e7-b898-135207cdceb9",
|
||||||
"version": 7,
|
"version": 8,
|
||||||
"values": [
|
"values": [
|
||||||
{
|
{
|
||||||
"meta": {
|
"meta": {
|
||||||
|
@ -2409,12 +2409,13 @@
|
||||||
"refs": [
|
"refs": [
|
||||||
"http://blog.jpcert.or.jp/.s/2018/03/malware-tscooki-7aa0.html"
|
"http://blog.jpcert.or.jp/.s/2018/03/malware-tscooki-7aa0.html"
|
||||||
]
|
]
|
||||||
}
|
},
|
||||||
|
"uuid": "7b107b46-4eca-11e8-b89f-0366ae765ddd"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"value": "Coldroot",
|
"value": "Coldroot",
|
||||||
"description": "Coldroot, a remote access trojan (RAT), is still undetectable by most antivirus engines, despite being uploaded and freely available on GitHub for almost two years.\nThe RAT appears to have been created as a joke, \"to Play with Mac users,\" and \"give Mac it's rights in this [the RAT] field,\" but has since expanded to work all three major desktop operating systems — Linux, macOS, and Windows— according to a screenshot of its builder extracted from a promotional YouTube video.",
|
"description": "Coldroot, a remote access trojan (RAT), is still undetectable by most antivirus engines, despite being uploaded and freely available on GitHub for almost two years.\nThe RAT appears to have been created as a joke, \"to Play with Mac users,\" and \"give Mac it's rights in this [the RAT] field,\" but has since expanded to work all three major desktop operating systems — Linux, macOS, and Windows— according to a screenshot of its builder extracted from a promotional YouTube video.",
|
||||||
"uuid": "0a1b71bc-21f6-11e8-8f58-371613fbbd8a",
|
"uuid": "86f1f048-4eca-11e8-a08e-7708666ace6e",
|
||||||
"meta": {
|
"meta": {
|
||||||
"refs": [
|
"refs": [
|
||||||
"https://www.bleepingcomputer.com/news/security/coldroot-rat-still-undetectable-despite-being-uploaded-on-github-two-years-ago/",
|
"https://www.bleepingcomputer.com/news/security/coldroot-rat-still-undetectable-despite-being-uploaded-on-github-two-years-ago/",
|
||||||
|
@ -2425,13 +2426,23 @@
|
||||||
{
|
{
|
||||||
"value": "Comnie",
|
"value": "Comnie",
|
||||||
"description": "Comnie is a RAT originally identified by Sophos. It has been using Github, Tumbler and Blogspot as covert channels for its C2 communications. Comnie has been observed targetting government, defense, aerospace, high-tech and telecommunication sectors in Asia.",
|
"description": "Comnie is a RAT originally identified by Sophos. It has been using Github, Tumbler and Blogspot as covert channels for its C2 communications. Comnie has been observed targetting government, defense, aerospace, high-tech and telecommunication sectors in Asia.",
|
||||||
"uuid": "fbc5bbb2-38b4-4fa3-9b9f-624e05cdc648",
|
"uuid": "d14806fe-4ecb-11e8-a120-ff726de6a4d3",
|
||||||
"meta": {
|
"meta": {
|
||||||
"refs": [
|
"refs": [
|
||||||
"https://exchange.xforce.ibmcloud.com/collection/East-Asia-Organizations-Victims-of-Comnie-Attack-12749a9dbc20e2f40b3ae99c43416d8c",
|
"https://exchange.xforce.ibmcloud.com/collection/East-Asia-Organizations-Victims-of-Comnie-Attack-12749a9dbc20e2f40b3ae99c43416d8c",
|
||||||
"https://researchcenter.paloaltonetworks.com/2018/01/unit42-comnie-continues-target-organizations-east-asia/"
|
"https://researchcenter.paloaltonetworks.com/2018/01/unit42-comnie-continues-target-organizations-east-asia/"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "GravityRAT",
|
||||||
|
"description": "GravityRAT has been under ongoing development for at least 18 months, during which the developer has implemented new features. We've seen file exfiltration, remote command execution capability and anti-vm techniques added throughout the life of GravityRAT. This consistent evolution beyond standard remote code execution is concerning because it shows determination and innovation by the actor. ",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://blog.talosintelligence.com/2018/04/gravityrat-two-year-evolution-of-apt.html"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "2d356870-4ecd-11e8-9bb8-e3ba5aa7da31"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
|
@ -465,7 +465,8 @@
|
||||||
"POTASSIUM",
|
"POTASSIUM",
|
||||||
"DustStorm",
|
"DustStorm",
|
||||||
"Red Apollo",
|
"Red Apollo",
|
||||||
"CVNX"
|
"CVNX",
|
||||||
|
"HOGFISH"
|
||||||
],
|
],
|
||||||
"country": "CN",
|
"country": "CN",
|
||||||
"refs": [
|
"refs": [
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
],
|
],
|
||||||
"description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
|
"description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
|
||||||
"uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
|
"uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
|
||||||
"version": 65,
|
"version": 66,
|
||||||
"values": [
|
"values": [
|
||||||
{
|
{
|
||||||
"meta": {
|
"meta": {
|
||||||
|
@ -4140,6 +4140,16 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"uuid": "d1e548b8-4793-11e8-8dea-6beff82cac0a"
|
"uuid": "d1e548b8-4793-11e8-8dea-6beff82cac0a"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "Rubella Macro Builder",
|
||||||
|
"description": "A crimeware kit dubbed the Rubella Macro Builder has recently been gaining popularity among members of a top-tier Russian hacking forum. Despite being relatively new and unsophisticated, the kit has a clear appeal for cybercriminals: it’s cheap, fast, and can defeat basic static antivirus detection.",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://www.flashpoint-intel.com/blog/rubella-macro-builder/"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "b7be6732-4ed5-11e8-8b82-dff39eb7a396"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue