From edea2d25ee8a9ad40141a14ccc05e64ad5225b91 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?D=C3=A9borah=20Servili?= Date: Mon, 16 Jan 2017 12:08:20 +0100 Subject: [PATCH] add APT28's tools --- clusters/tool.json | 79 ++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 76 insertions(+), 3 deletions(-) diff --git a/clusters/tool.json b/clusters/tool.json index 8a9858b7..1d4a41b6 100644 --- a/clusters/tool.json +++ b/clusters/tool.json @@ -303,13 +303,86 @@ "value": "CORESHELL" }, { - "value": "CHOPSTICK" + "value": "CHOPSTICK", + "description": "backdoor", + "meta": { + "synonyms": [ + "Xagent", + "webhp", + "SPLM", + "(.v2 fysbis)" + ], + "refs": [ + "https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf" + ] + } }, { - "value": "SOURFACE" + "value": "EVILTOSS", + "description": "backdoor", + "meta": { + "synonyms": [ + "Sedreco", + "AZZY", + "Xagent", + "ADVSTORESHELL", + "NETUI" + ], + "refs": [ + "https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf" + ] + } }, { - "value": "OLDBAIT" + "value": "GAMEFISH", + "description": "backdoor", + "meta": { + "synonyms": [ + "Sednit", + "Seduploader", + "JHUHUGIT", + "Sofacy" + ], + "refs": [ + "https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf" + ] + } + }, + { + "value": "SOURFACE", + "description": "downloader - Older version of CORESHELL", + "meta": { + "synonyms": [ + "Sofacy" + ], + "refs": [ + "https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf" + ] + } + }, + { + "value": "OLDBAIT", + "description": "credential harvester", + "meta": { + "synonyms": [ + "Sasfis" + ], + "refs": [ + "https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf" + ] + } + }, + { + "value": "CORESHELL", + "description": "downloader - Newer version of SOURFACE", + "meta": { + "synonyms": [ + "Sofacy" + ], + "refs": [ + "https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf" + ] + } }, { "value": "Havex RAT",