chg: [rat] Hallaj PRO Rat added

ref: https://securelist.com/attacks-on-industrial-enterprises-using-rms-and-teamviewer/87104/ misp-event: 5b63f5e4-bf24-4f46-8340-48fc02de0b81
2018-08-03 08:34:55 +02:00 · 2018-08-03 08:34:55 +02:00 · a0dfdd65ae
parent 3da005a3f3
commit a0dfdd65ae
1 changed files with 11 additions and 1 deletions
--- a/clusters/rat.json
+++ b/clusters/rat.json
@ -2,7 +2,7 @@
  "uuid": "312f8714-45cb-11e7-b898-135207cdceb9",
  "description": "remote administration tool or remote access tool (RAT), also called sometimes remote access trojan, is a piece of software or programming that allows a remote \"operator\" to control a system as if they have physical access to that system.",
  "source": "MISP Project",
-  "version": 11,
+  "version": 12,
  "values": [
    {
      "meta": {
@ -2521,6 +2521,16 @@
      "description": "The RAT is written in .NET, it uses socket.io for communication. Currently there are two variants of the malware, the 1st variant is a typical downloader whereas the 2nd one has download and C2 functionalities.",
      "value": "SocketPlayer",
      "uuid": "d9475765-2cea-45c0-b638-a082b9427239"
+    },
+    {
+      "value": "Hallaj PRO RAT",
+      "description": "RAT",
+      "uuid": "f6447046-f4e8-4977-9cc3-edee74ff0038",
+      "meta": {
+        "refs": [
+          "https://securelist.com/attacks-on-industrial-enterprises-using-rms-and-teamviewer/87104/"
+        ]
+      }
    }
  ],
  "authors": [