diff --git a/clusters/tool.json b/clusters/tool.json index 8a9858b..1d4a41b 100644 --- a/clusters/tool.json +++ b/clusters/tool.json @@ -303,13 +303,86 @@ "value": "CORESHELL" }, { - "value": "CHOPSTICK" + "value": "CHOPSTICK", + "description": "backdoor", + "meta": { + "synonyms": [ + "Xagent", + "webhp", + "SPLM", + "(.v2 fysbis)" + ], + "refs": [ + "https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf" + ] + } }, { - "value": "SOURFACE" + "value": "EVILTOSS", + "description": "backdoor", + "meta": { + "synonyms": [ + "Sedreco", + "AZZY", + "Xagent", + "ADVSTORESHELL", + "NETUI" + ], + "refs": [ + "https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf" + ] + } }, { - "value": "OLDBAIT" + "value": "GAMEFISH", + "description": "backdoor", + "meta": { + "synonyms": [ + "Sednit", + "Seduploader", + "JHUHUGIT", + "Sofacy" + ], + "refs": [ + "https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf" + ] + } + }, + { + "value": "SOURFACE", + "description": "downloader - Older version of CORESHELL", + "meta": { + "synonyms": [ + "Sofacy" + ], + "refs": [ + "https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf" + ] + } + }, + { + "value": "OLDBAIT", + "description": "credential harvester", + "meta": { + "synonyms": [ + "Sasfis" + ], + "refs": [ + "https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf" + ] + } + }, + { + "value": "CORESHELL", + "description": "downloader - Newer version of SOURFACE", + "meta": { + "synonyms": [ + "Sofacy" + ], + "refs": [ + "https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf" + ] + } }, { "value": "Havex RAT",