MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

jq

pull/202/head
Deborah Servili 2018-05-03 16:08:27 +02:00
parent 83581c62b0
commit 979c784640
1 changed files with 4 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
clusters/rat.json
View File

@ -2415,26 +2415,24 @@
{ {
"value": "Coldroot", "value": "Coldroot",
"description": "Coldroot, a remote access trojan (RAT), is still undetectable by most antivirus engines, despite being uploaded and freely available on GitHub for almost two years.\nThe RAT appears to have been created as a joke, \"to Play with Mac users,\" and \"give Mac it's rights in this [the RAT] field,\" but has since expanded to work all three major desktop operating systems — Linux, macOS, and Windows— according to a screenshot of its builder extracted from a promotional YouTube video.", "description": "Coldroot, a remote access trojan (RAT), is still undetectable by most antivirus engines, despite being uploaded and freely available on GitHub for almost two years.\nThe RAT appears to have been created as a joke, \"to Play with Mac users,\" and \"give Mac it's rights in this [the RAT] field,\" but has since expanded to work all three major desktop operating systems — Linux, macOS, and Windows— according to a screenshot of its builder extracted from a promotional YouTube video.",
"uuid": "0a1b71bc-21f6-11e8-8f58-371613fbbd8a", "uuid": "86f1f048-4eca-11e8-a08e-7708666ace6e",
"meta": { "meta": {
"refs": [ "refs": [
"https://www.bleepingcomputer.com/news/security/coldroot-rat-still-undetectable-despite-being-uploaded-on-github-two-years-ago/", "https://www.bleepingcomputer.com/news/security/coldroot-rat-still-undetectable-despite-being-uploaded-on-github-two-years-ago/",
"https://github.com/xlinshan/Coldroot" "https://github.com/xlinshan/Coldroot"
] ]
}, }
"uuid": "86f1f048-4eca-11e8-a08e-7708666ace6e"
}, },
{ {
"value": "Comnie", "value": "Comnie",
"description": "Comnie is a RAT originally identified by Sophos. It has been using Github, Tumbler and Blogspot as covert channels for its C2 communications. Comnie has been observed targetting government, defense, aerospace, high-tech and telecommunication sectors in Asia.", "description": "Comnie is a RAT originally identified by Sophos. It has been using Github, Tumbler and Blogspot as covert channels for its C2 communications. Comnie has been observed targetting government, defense, aerospace, high-tech and telecommunication sectors in Asia.",
"uuid": "fbc5bbb2-38b4-4fa3-9b9f-624e05cdc648", "uuid": "d14806fe-4ecb-11e8-a120-ff726de6a4d3",
"meta": { "meta": {
"refs": [ "refs": [
"https://exchange.xforce.ibmcloud.com/collection/East-Asia-Organizations-Victims-of-Comnie-Attack-12749a9dbc20e2f40b3ae99c43416d8c", "https://exchange.xforce.ibmcloud.com/collection/East-Asia-Organizations-Victims-of-Comnie-Attack-12749a9dbc20e2f40b3ae99c43416d8c",
"https://researchcenter.paloaltonetworks.com/2018/01/unit42-comnie-continues-target-organizations-east-asia/" "https://researchcenter.paloaltonetworks.com/2018/01/unit42-comnie-continues-target-organizations-east-asia/"
] ]
}, }
"uuid": "d14806fe-4ecb-11e8-a120-ff726de6a4d3"
}, },
{ {
"value": "GravityRAT", "value": "GravityRAT",