MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

add travle/PYLOT

pull/148/head
Deborah Servili 2018-01-15 14:44:36 +01:00
parent 8240934eb5
commit 8c1583b962
1 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
clusters/tool.json
View File

@ -10,7 +10,7 @@
], ],
"description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.", "description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
"uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f", "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
"version": 47, "version": 48,
"values": [ "values": [
{ {
"meta": { "meta": {
@ -3326,6 +3326,18 @@
"https://objective-see.com/blog/blog_0x25.html" "https://objective-see.com/blog/blog_0x25.html"
] ]
} }
},
{
"value": "Travle",
"description": "The Travle sample found during our investigation was a DLL with a single exported function (MSOProtect). The malware name Travle was chosen given a string found in early samples of this family: “Travle Path Failed!”. This typo was replaced with correct word “Travel” in newer releases. We believe that Travle could be a successor to the NetTraveler family.",
"meta": {
"refs": [
"https://securelist.com/travle-aka-pylot-backdoor-hits-russian-speaking-targets/83455/"
],
"synonyms": [
"PYLOT"
]
}
} }
] ]
} }