From a0dfdd65ae2aeab3e9552535cd576c7399694e88 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Fri, 3 Aug 2018 08:34:55 +0200 Subject: [PATCH] chg: [rat] Hallaj PRO Rat added ref: https://securelist.com/attacks-on-industrial-enterprises-using-rms-and-teamviewer/87104/ misp-event: 5b63f5e4-bf24-4f46-8340-48fc02de0b81 --- clusters/rat.json | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/clusters/rat.json b/clusters/rat.json index a953b8b..7394c96 100644 --- a/clusters/rat.json +++ b/clusters/rat.json @@ -2,7 +2,7 @@ "uuid": "312f8714-45cb-11e7-b898-135207cdceb9", "description": "remote administration tool or remote access tool (RAT), also called sometimes remote access trojan, is a piece of software or programming that allows a remote \"operator\" to control a system as if they have physical access to that system.", "source": "MISP Project", - "version": 11, + "version": 12, "values": [ { "meta": { @@ -2521,6 +2521,16 @@ "description": "The RAT is written in .NET, it uses socket.io for communication. Currently there are two variants of the malware, the 1st variant is a typical downloader whereas the 2nd one has download and C2 functionalities.", "value": "SocketPlayer", "uuid": "d9475765-2cea-45c0-b638-a082b9427239" + }, + { + "value": "Hallaj PRO RAT", + "description": "RAT", + "uuid": "f6447046-f4e8-4977-9cc3-edee74ff0038", + "meta": { + "refs": [ + "https://securelist.com/attacks-on-industrial-enterprises-using-rms-and-teamviewer/87104/" + ] + } } ], "authors": [