mirror of https://github.com/MISP/misp-galaxy
add rat galaxy
parent
fab863933e
commit
c9ede88868
|
@ -0,0 +1,97 @@
|
||||||
|
{
|
||||||
|
"name": "rat",
|
||||||
|
"type": "rat",
|
||||||
|
"source": "MISP Project",
|
||||||
|
"authors": [
|
||||||
|
"Various",
|
||||||
|
],
|
||||||
|
"description": "remote administration tool or remote access tool (RAT) is a piece of software or programming that allows a remote \"operator\" to control a system as if they have physical access to that system. ",
|
||||||
|
"uuid": "312f8714-45cb-11e7-b898-135207cdceb9",
|
||||||
|
"version": 1,
|
||||||
|
"values": [
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://www.teamviewer.com"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"description": "TeamViewer is a proprietary computer software package for remote control, desktop sharing, online meetings, web conferencing and file transfer between computers.",
|
||||||
|
"value": "TeamViewer"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"synonyms": [
|
||||||
|
"BO"
|
||||||
|
],
|
||||||
|
"refs": [
|
||||||
|
"http://www.cultdeadcow.com/tools/bo.html",
|
||||||
|
"http://www.symantec.com/avcenter/warn/backorifice.html"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"description": "Back Orifice (often shortened to BO) is a computer program designed for remote system administration. It enables a user to control a computer running the Microsoft Windows operating system from a remote location.",
|
||||||
|
"value": "Back Orifice"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"synonyms": [
|
||||||
|
"NetBus"
|
||||||
|
],
|
||||||
|
"refs": [
|
||||||
|
"http://www.symantec.com/avcenter/warn/backorifice.html",
|
||||||
|
"https://www.f-secure.com/v-descs/netbus.shtml"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"description": "NetBus or Netbus is a software program for remotely controlling a Microsoft Windows computer system over a network. It was created in 1998 and has been very controversial for its potential of being used as a backdoor.",
|
||||||
|
"value": "Netbus"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"synonyms": [
|
||||||
|
"Poison Ivy",
|
||||||
|
"Backdoor.Win32.PoisonIvy",
|
||||||
|
"Gen:Trojan.Heur.PT"
|
||||||
|
],
|
||||||
|
"refs": [
|
||||||
|
"https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-poison-ivy.pdf",
|
||||||
|
"https://www.f-secure.com/v-descs/backdoor_w32_poisonivy.shtml"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"description": "Poison Ivy is a RAT which was freely available and first released in 2005.",
|
||||||
|
"value": "PoisonIvy"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"synonyms": [
|
||||||
|
"SubSeven",
|
||||||
|
"Sub7Server"
|
||||||
|
],
|
||||||
|
"refs": [
|
||||||
|
"https://www.symantec.com/security_response/writeup.jsp?docid=2001-020114-5445-99"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"description": "Sub7, or SubSeven or Sub7Server, is a Trojan horse program.[1] Its name was derived by spelling NetBus backwards (\"suBteN\") and swapping \"ten\" with \"seven\". Sub7 was created by Mobman. Mobman has not maintained or updated the software since 2004, however an author known as Read101 has carried on the Sub7 legacy.",
|
||||||
|
"value": "Sub7"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://en.wikipedia.org/wiki/Beast_(Trojan_horse)"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"description": "Beast is a Windows-based backdoor trojan horse, more commonly known in the hacking community as a Remote Administration Tool or a \"RAT\". It is capable of infecting versions of Windows from 95 to 10.",
|
||||||
|
"value": "Beast Trojan"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"meta": {
|
||||||
|
"synonyms": [
|
||||||
|
""
|
||||||
|
],
|
||||||
|
"refs": [
|
||||||
|
""
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"description": "",
|
||||||
|
"value": ""
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
Loading…
Reference in New Issue