From c9ede8886809d82679e8c280ecc5fae9c7a78381 Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Wed, 31 May 2017 16:39:19 +0200 Subject: [PATCH] add rat galaxy --- clusters/rat.json | 97 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 97 insertions(+) create mode 100644 clusters/rat.json diff --git a/clusters/rat.json b/clusters/rat.json new file mode 100644 index 0000000..d76cb23 --- /dev/null +++ b/clusters/rat.json @@ -0,0 +1,97 @@ +{ + "name": "rat", + "type": "rat", + "source": "MISP Project", + "authors": [ + "Various", + ], + "description": "remote administration tool or remote access tool (RAT) is a piece of software or programming that allows a remote \"operator\" to control a system as if they have physical access to that system. ", + "uuid": "312f8714-45cb-11e7-b898-135207cdceb9", + "version": 1, + "values": [ + { + "meta": { + "refs": [ + "https://www.teamviewer.com" + ] + }, + "description": "TeamViewer is a proprietary computer software package for remote control, desktop sharing, online meetings, web conferencing and file transfer between computers.", + "value": "TeamViewer" + }, + { + "meta": { + "synonyms": [ + "BO" + ], + "refs": [ + "http://www.cultdeadcow.com/tools/bo.html", + "http://www.symantec.com/avcenter/warn/backorifice.html" + ] + }, + "description": "Back Orifice (often shortened to BO) is a computer program designed for remote system administration. It enables a user to control a computer running the Microsoft Windows operating system from a remote location.", + "value": "Back Orifice" + }, + { + "meta": { + "synonyms": [ + "NetBus" + ], + "refs": [ + "http://www.symantec.com/avcenter/warn/backorifice.html", + "https://www.f-secure.com/v-descs/netbus.shtml" + ] + }, + "description": "NetBus or Netbus is a software program for remotely controlling a Microsoft Windows computer system over a network. It was created in 1998 and has been very controversial for its potential of being used as a backdoor.", + "value": "Netbus" + }, + { + "meta": { + "synonyms": [ + "Poison Ivy", + "Backdoor.Win32.PoisonIvy", + "Gen:Trojan.Heur.PT" + ], + "refs": [ + "https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-poison-ivy.pdf", + "https://www.f-secure.com/v-descs/backdoor_w32_poisonivy.shtml" + ] + }, + "description": "Poison Ivy is a RAT which was freely available and first released in 2005.", + "value": "PoisonIvy" + }, + { + "meta": { + "synonyms": [ + "SubSeven", + "Sub7Server" + ], + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2001-020114-5445-99" + ] + }, + "description": "Sub7, or SubSeven or Sub7Server, is a Trojan horse program.[1] Its name was derived by spelling NetBus backwards (\"suBteN\") and swapping \"ten\" with \"seven\". Sub7 was created by Mobman. Mobman has not maintained or updated the software since 2004, however an author known as Read101 has carried on the Sub7 legacy.", + "value": "Sub7" + }, + { + "meta": { + "refs": [ + "https://en.wikipedia.org/wiki/Beast_(Trojan_horse)" + ] + }, + "description": "Beast is a Windows-based backdoor trojan horse, more commonly known in the hacking community as a Remote Administration Tool or a \"RAT\". It is capable of infecting versions of Windows from 95 to 10.", + "value": "Beast Trojan" + }, + { + "meta": { + "synonyms": [ + "" + ], + "refs": [ + "" + ] + }, + "description": "", + "value": "" + } + ] +}