misp-galaxy/elements/threat-actor-tools.json

211 lines
3.2 KiB
JSON

{
"values": [
{
"value": "PlugX",
"description": "Malware"
},
{
"value": "MSUpdater"
},
{
"value": "Poison Ivy"
},
{
"value": "Torn RAT"
},
{
"value": "ZeGhost"
},
{
"value": "Elise Backdoor",
"synonyms": ["Elise"]
},
{
"value": "Lstudio"
},
{
"value": "Joy RAT"
},
{
"value": "Sakula",
"synonyms": ["Sakurel"]
},
{
"value": "Derusbi"
},
{
"value": "EvilGrab"
},
{
"value": "IEChecker"
},
{
"value": "Trojan.Naid"
},
{
"value": "Backdoor.Moudoor"
},
{
"value": "NetTraveler"
},
{
"value": "Winnti"
},
{
"value": "Mimikatz"
},
{
"value": "WEBC2"
},
{
"value": "Pirpi"
},
{
"value": "RARSTONE"
},
{
"value": "BACKSPACe"
},
{
"value": "XSControl"
},
{
"value": "NETEAGLE"
},
{
"value": "Agent.BTZ",
"synonyms": ["ComRat"]
},
{
"value": "Heseber BOT",
"description": "RAT bundle with standard VNC (to avoid/limit A/V detection)."
},
{
"value": "Agent.dne"
},
{
"value": "Wipbot"
},
{
"value": "Turla"
},
{
"value": "Uroburos"
},
{
"value": "Winexe"
},
{
"value": "Dark Comet",
"description": "RAT initialy identified in 2011 and still actively used."
},
{
"value": "AlienSpy",
"description": "RAT for Apple OS X platforms"
},
{
"value": "CORESHELL"
},
{
"value": "CHOPSTICK"
},
{
"value": "SOURFACE"
},
{
"value": "OLDBAIT"
},
{
"value": "Havex RAT",
"synonyms": ["Havex"]
},
{
"value": "KjW0rm",
"description": "RAT initially written in VB.",
"refs": ["https://www.sentinelone.com/blog/understanding-kjw0rm-malware-we-dive-in-to-the-tv5-cyber-attack/"]
},
{
"value": "LURK"
},
{
"value": "Oldrea"
},
{
"value": "AmmyAdmin"
},
{
"value": "Matryoshka"
},
{
"value": "TinyZBot"
},
{
"value": "GHOLE"
},
{
"value": "CWoolger"
},
{
"value": "FireMalv"
},
{
"value": "Regin"
},
{
"value": "Duqu"
},
{
"value": "Flame"
},
{
"value": "Stuxnet"
},
{
"value": "EquationLaser"
},
{
"value": "EquationDrug"
},
{
"value": "DoubleFantasy"
},
{
"value": "TripleFantasy"
},
{
"value": "Fanny"
},
{
"value": "GrayFish"
},
{
"value": "Babar"
},
{
"value": "Bunny"
},
{
"value": "Casper"
},
{
"value": "NBot"
},
{
"value": "Tafacalou"
},
{
"value": "Tdrop"
},
{
"value": "Troy"
},
{
"value": "Tdrop2"
}
],
"version" : 1,
"description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
"author": ["Alexandre Dulaunoy", "Florian Roth"],
"type": "threat-actor-tools"
}