From 8c1583b962aaca86c5afa346b9e2e358b1b5fc19 Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Mon, 15 Jan 2018 14:44:36 +0100 Subject: [PATCH] add travle/PYLOT --- clusters/tool.json | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/clusters/tool.json b/clusters/tool.json index a3811de0..386fb840 100644 --- a/clusters/tool.json +++ b/clusters/tool.json @@ -10,7 +10,7 @@ ], "description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.", "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f", - "version": 47, + "version": 48, "values": [ { "meta": { @@ -3326,6 +3326,18 @@ "https://objective-see.com/blog/blog_0x25.html" ] } + }, + { + "value": "Travle", + "description": "The Travle sample found during our investigation was a DLL with a single exported function (MSOProtect). The malware name Travle was chosen given a string found in early samples of this family: “Travle Path Failed!”. This typo was replaced with correct word “Travel” in newer releases. We believe that Travle could be a successor to the NetTraveler family.", + "meta": { + "refs": [ + "https://securelist.com/travle-aka-pylot-backdoor-hits-russian-speaking-targets/83455/" + ], + "synonyms": [ + "PYLOT" + ] + } } ] }