From ef1e2b23ebe9f5958f640769984fe85c04377aa7 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy
Date: Sat, 17 Mar 2018 21:36:32 +0100
Subject: [PATCH] fix: galaxy updated
---
galaxy.html | 1400 +-
galaxy.pdf | 307641 +++++++++++++++++++++++++------------------------
2 files changed, 155034 insertions(+), 154007 deletions(-)
diff --git a/galaxy.html b/galaxy.html
index de50a0b..56ee01f 100755
--- a/galaxy.html
+++ b/galaxy.html
@@ -81359,6 +81359,26 @@ Scarab also deletes shadow volume copies and drops a ransom note named "IF YOU W
+
+
+
+
A new ransomware has been discovered that utilizes the legitimate GnuPG, or GPG, encryption program to encrypt a victim’s files. Currently in the wild, this ransomware is called Qwerty Ransomware and will encrypt a victims files, overwrite the originals, and the append the .qwerty extension to an encrypted file’s name.
+
+
+
@@ -81393,7 +81413,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2154. Table References
+Table 2155. Table References
@@ -81413,7 +81433,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2155. Table References
+Table 2156. Table References
@@ -81443,7 +81463,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2156. Table References
+Table 2157. Table References
@@ -81476,7 +81496,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2157. Table References
+Table 2158. Table References
@@ -81515,7 +81535,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2158. Table References
+Table 2159. Table References
@@ -81551,7 +81571,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2159. Table References
+Table 2160. Table References
@@ -81571,7 +81591,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2160. Table References
+Table 2161. Table References
@@ -81591,7 +81611,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2161. Table References
+Table 2162. Table References
@@ -81614,7 +81634,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2162. Table References
+Table 2163. Table References
@@ -81644,7 +81664,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2163. Table References
+Table 2164. Table References
@@ -81667,7 +81687,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2164. Table References
+Table 2165. Table References
@@ -81687,7 +81707,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2165. Table References
+Table 2166. Table References
@@ -81710,7 +81730,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2166. Table References
+Table 2167. Table References
@@ -81746,7 +81766,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2167. Table References
+Table 2168. Table References
@@ -81788,7 +81808,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2168. Table References
+Table 2169. Table References
@@ -81836,7 +81856,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2169. Table References
+Table 2170. Table References
@@ -81859,7 +81879,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2170. Table References
+Table 2171. Table References
@@ -81879,7 +81899,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2171. Table References
+Table 2172. Table References
@@ -81902,7 +81922,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2172. Table References
+Table 2173. Table References
@@ -81922,7 +81942,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2173. Table References
+Table 2174. Table References
@@ -81945,7 +81965,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2174. Table References
+Table 2175. Table References
@@ -81965,7 +81985,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2175. Table References
+Table 2176. Table References
@@ -81988,7 +82008,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2176. Table References
+Table 2177. Table References
@@ -82008,7 +82028,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2177. Table References
+Table 2178. Table References
@@ -82038,7 +82058,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2178. Table References
+Table 2179. Table References
@@ -82058,7 +82078,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2179. Table References
+Table 2180. Table References
@@ -82078,7 +82098,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2180. Table References
+Table 2181. Table References
@@ -82108,7 +82128,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2181. Table References
+Table 2182. Table References
@@ -82128,7 +82148,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2182. Table References
+Table 2183. Table References
@@ -82148,7 +82168,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2183. Table References
+Table 2184. Table References
@@ -82178,7 +82198,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2184. Table References
+Table 2185. Table References
@@ -82198,7 +82218,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2185. Table References
+Table 2186. Table References
@@ -82228,7 +82248,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2186. Table References
+Table 2187. Table References
@@ -82251,7 +82271,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2187. Table References
+Table 2188. Table References
@@ -82271,7 +82291,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2188. Table References
+Table 2189. Table References
@@ -82307,7 +82327,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2189. Table References
+Table 2190. Table References
@@ -82327,7 +82347,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2190. Table References
+Table 2191. Table References
@@ -82347,7 +82367,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2191. Table References
+Table 2192. Table References
@@ -82367,7 +82387,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2192. Table References
+Table 2193. Table References
@@ -82387,7 +82407,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2193. Table References
+Table 2194. Table References
@@ -82407,7 +82427,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2194. Table References
+Table 2195. Table References
@@ -82427,7 +82447,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2195. Table References
+Table 2196. Table References
@@ -82447,7 +82467,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2196. Table References
+Table 2197. Table References
@@ -82467,7 +82487,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2197. Table References
+Table 2198. Table References
@@ -82487,7 +82507,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2198. Table References
+Table 2199. Table References
@@ -82507,7 +82527,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2199. Table References
+Table 2200. Table References
@@ -82527,7 +82547,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2200. Table References
+Table 2201. Table References
@@ -82550,7 +82570,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2201. Table References
+Table 2202. Table References
@@ -82570,7 +82590,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2202. Table References
+Table 2203. Table References
@@ -82590,7 +82610,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2203. Table References
+Table 2204. Table References
@@ -82610,7 +82630,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2204. Table References
+Table 2205. Table References
@@ -82633,7 +82653,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2205. Table References
+Table 2206. Table References
@@ -82663,7 +82683,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2206. Table References
+Table 2207. Table References
@@ -82680,7 +82700,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2207. Table References
+Table 2208. Table References
@@ -82701,7 +82721,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2208. Table References
+Table 2209. Table References
@@ -82721,7 +82741,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2209. Table References
+Table 2210. Table References
@@ -82738,7 +82758,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2210. Table References
+Table 2211. Table References
@@ -82755,7 +82775,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2211. Table References
+Table 2212. Table References
@@ -82772,7 +82792,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2212. Table References
+Table 2213. Table References
@@ -82792,7 +82812,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2213. Table References
+Table 2214. Table References
@@ -82812,7 +82832,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2214. Table References
+Table 2215. Table References
@@ -82829,7 +82849,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2215. Table References
+Table 2216. Table References
@@ -82855,7 +82875,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2216. Table References
+Table 2217. Table References
@@ -82875,7 +82895,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2217. Table References
+Table 2218. Table References
@@ -82892,7 +82912,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2218. Table References
+Table 2219. Table References
@@ -82909,7 +82929,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2219. Table References
+Table 2220. Table References
@@ -82926,7 +82946,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2220. Table References
+Table 2221. Table References
@@ -82943,7 +82963,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2221. Table References
+Table 2222. Table References
@@ -82960,7 +82980,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2222. Table References
+Table 2223. Table References
@@ -82980,7 +83000,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2223. Table References
+Table 2224. Table References
@@ -83001,7 +83021,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2224. Table References
+Table 2225. Table References
@@ -83018,7 +83038,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2225. Table References
+Table 2226. Table References
@@ -83041,7 +83061,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2226. Table References
+Table 2227. Table References
@@ -83058,7 +83078,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2227. Table References
+Table 2228. Table References
@@ -83078,7 +83098,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2228. Table References
+Table 2229. Table References
@@ -83095,7 +83115,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2229. Table References
+Table 2230. Table References
@@ -83112,7 +83132,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2230. Table References
+Table 2231. Table References
@@ -83132,7 +83152,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2231. Table References
+Table 2232. Table References
@@ -83155,7 +83175,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2232. Table References
+Table 2233. Table References
@@ -83172,7 +83192,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2233. Table References
+Table 2234. Table References
@@ -83202,7 +83222,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2234. Table References
+Table 2235. Table References
@@ -83238,7 +83258,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2235. Table References
+Table 2236. Table References
@@ -83276,7 +83296,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2236. Table References
+Table 2237. Table References
@@ -83302,7 +83322,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2237. Table References
+Table 2238. Table References
@@ -83319,7 +83339,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2238. Table References
+Table 2239. Table References
@@ -83336,7 +83356,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2239. Table References
+Table 2240. Table References
@@ -83362,7 +83382,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2240. Table References
+Table 2241. Table References
@@ -83382,7 +83402,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2241. Table References
+Table 2242. Table References
@@ -83412,7 +83432,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2242. Table References
+Table 2243. Table References
@@ -83441,7 +83461,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2243. Table References
+Table 2244. Table References
@@ -83461,7 +83481,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2244. Table References
+Table 2245. Table References
@@ -83494,7 +83514,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2245. Table References
+Table 2246. Table References
@@ -83536,7 +83556,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2246. Table References
+Table 2247. Table References
@@ -83553,7 +83573,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2247. Table References
+Table 2248. Table References
@@ -83573,7 +83593,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2248. Table References
+Table 2249. Table References
@@ -83601,7 +83621,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2249. Table References
+Table 2250. Table References
@@ -83631,7 +83651,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2250. Table References
+Table 2251. Table References
@@ -83651,7 +83671,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2251. Table References
+Table 2252. Table References
@@ -83681,7 +83701,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2252. Table References
+Table 2253. Table References
@@ -83701,7 +83721,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2253. Table References
+Table 2254. Table References
@@ -83721,7 +83741,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2254. Table References
+Table 2255. Table References
@@ -83747,7 +83767,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2255. Table References
+Table 2256. Table References
@@ -83777,7 +83797,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2256. Table References
+Table 2257. Table References
@@ -83797,7 +83817,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2257. Table References
+Table 2258. Table References
@@ -83817,7 +83837,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2258. Table References
+Table 2259. Table References
@@ -83837,7 +83857,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2259. Table References
+Table 2260. Table References
@@ -83857,7 +83877,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2260. Table References
+Table 2261. Table References
@@ -83877,7 +83897,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2261. Table References
+Table 2262. Table References
@@ -83897,7 +83917,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2262. Table References
+Table 2263. Table References
@@ -83917,7 +83937,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2263. Table References
+Table 2264. Table References
@@ -83937,7 +83957,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2264. Table References
+Table 2265. Table References
@@ -83961,7 +83981,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2265. Table References
+Table 2266. Table References
@@ -83978,7 +83998,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2266. Table References
+Table 2267. Table References
@@ -84002,7 +84022,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2267. Table References
+Table 2268. Table References
@@ -84047,7 +84067,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2268. Table References
+Table 2269. Table References
@@ -84068,7 +84088,7 @@ RAT is a cluster galaxy available in JSON format at
-Table 2269. Table References
+Table 2270. Table References
@@ -84088,7 +84108,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
The Zscaler ThreatLabZ research team has been monitoring a new remote access Trojan (RAT) family called Cobian RAT since February 2017. The RAT builder for this family was first advertised on multiple underground forums where cybercriminals often buy and sell exploit and malware kits. This RAT builder caught our attention as it was being offered for free and had lot of similarities to the njRAT/H-Worm family
-Table 2270. Table References
+Table 2271. Table References
@@ -84108,7 +84128,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
NetSupport Manager continues to deliver the very latest in remote access, PC support and desktop management capabilities. From a desktop, laptop, tablet or smartphone, monitor multiple systems in a single action, deliver hands-on remote support, collaborate and even record or play back sessions. When needed, gather real-time hardware and software inventory, monitor services and even view system config remotely to help resolve issues quickly.
-Table 2271. Table References
+Table 2272. Table References
@@ -84143,7 +84163,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
-Table 2272. Table References
+Table 2273. Table References
@@ -84160,7 +84180,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
-Table 2273. Table References
+Table 2274. Table References
@@ -84177,7 +84197,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
-Table 2274. Table References
+Table 2275. Table References
@@ -84194,7 +84214,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
-Table 2275. Table References
+Table 2276. Table References
@@ -84211,7 +84231,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
-Table 2276. Table References
+Table 2277. Table References
@@ -84236,7 +84256,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
-Table 2277. Table References
+Table 2278. Table References
@@ -84253,7 +84273,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
-Table 2278. Table References
+Table 2279. Table References
@@ -84273,7 +84293,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
MofoTro is a new rat coded by Cool_mofo_2.
-Table 2279. Table References
+Table 2280. Table References
@@ -84299,7 +84319,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
Written in Delphi
-Table 2280. Table References
+Table 2281. Table References
@@ -84319,7 +84339,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
ComRAT is a remote access tool suspected of being a decedent of Agent.btz and used by Turla.
-Table 2281. Table References
+Table 2282. Table References
@@ -84339,7 +84359,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
4H RAT is malware that has been used by Putter Panda since at least 2007.
-Table 2282. Table References
+Table 2283. Table References
@@ -84366,7 +84386,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
-Table 2283. Table References
+Table 2284. Table References
@@ -84412,7 +84432,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
-Table 2284. Table References
+Table 2285. Table References
@@ -84435,7 +84455,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
The existence of the UNITEDRAKE RAT first came to light in 2014 as part of a series of classified documents leaked by former NSA contractor Edward Snowden.
-Table 2285. Table References
+Table 2286. Table References
@@ -84458,7 +84478,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
Written in Visual Basic
-Table 2286. Table References
+Table 2287. Table References
@@ -84493,7 +84513,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
-Table 2287. Table References
+Table 2288. Table References
@@ -84510,7 +84530,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
-Table 2288. Table References
+Table 2289. Table References
@@ -84527,7 +84547,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
-Table 2289. Table References
+Table 2290. Table References
@@ -84552,7 +84572,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
-Table 2290. Table References
+Table 2291. Table References
@@ -84576,7 +84596,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
-Table 2291. Table References
+Table 2292. Table References
@@ -84596,7 +84616,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
C# RAT (Remote Adminitration Tool) - Educational purposes only
-Table 2292. Table References
+Table 2293. Table References
@@ -84613,7 +84633,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
-Table 2293. Table References
+Table 2294. Table References
@@ -84630,7 +84650,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
-Table 2294. Table References
+Table 2295. Table References
@@ -84650,7 +84670,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
Though we have not identified the targets, FINSPY is sold by Gamma Group to multiple nation-state clients, and we assess with moderate confidence that it was being used along with the zero-day to carry out cyber espionage.
-Table 2295. Table References
+Table 2296. Table References
@@ -84670,7 +84690,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
Seed is a firewall bypass plus trojan, injects into default browser and has a simple purpose: to be compact (4kb server size) and useful while uploading bigger and full trojans, or even making Seed download them somewhere. Has computer info, process manager, file manager, with download, create folder, delete, execute and upload. And a remote download function. Everything with a easy to use interface, reminds an instant messenger.
-Table 2296. Table References
+Table 2297. Table References
@@ -84691,7 +84711,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
-Table 2297. Table References
+Table 2298. Table References
@@ -84720,7 +84740,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
-Table 2298. Table References
+Table 2299. Table References
@@ -84740,7 +84760,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
Cobalt Strike is software for Adversary Simulations and Red Team Operations.
-Table 2299. Table References
+Table 2300. Table References
@@ -84773,7 +84793,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
-Table 2300. Table References
+Table 2301. Table References
@@ -84793,7 +84813,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
hcdLoader is a remote access tool (RAT) that has been used by APT18.
-Table 2301. Table References
+Table 2302. Table References
@@ -84810,7 +84830,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
-Table 2302. Table References
+Table 2303. Table References
@@ -84827,7 +84847,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
-Table 2303. Table References
+Table 2304. Table References
@@ -84854,7 +84874,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
-Table 2304. Table References
+Table 2305. Table References
@@ -84887,7 +84907,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
-Table 2305. Table References
+Table 2306. Table References
@@ -84921,7 +84941,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
-Table 2306. Table References
+Table 2307. Table References
@@ -84950,7 +84970,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
Used by Sowbug
-Table 2307. Table References
+Table 2308. Table References
@@ -84980,7 +85000,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
-Table 2308. Table References
+Table 2309. Table References
@@ -85003,7 +85023,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
GovRAT is an old cyberespionage tool, it has been in the wild since 2014 and it was used by various threat actors across the years.
-Table 2309. Table References
+Table 2310. Table References
@@ -85023,7 +85043,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
-Table 2310. Table References
+Table 2311. Table References
@@ -85044,7 +85064,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
-Table 2311. Table References
+Table 2312. Table References
@@ -85074,7 +85094,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
-Table 2312. Table References
+Table 2313. Table References
@@ -85098,7 +85118,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
Cardinal is a remote access trojan (RAT) discovered by Palo Alto Networks in 2017 and has been active for over two years. It is delivered via a downloader, known as Carp, and uses malicious macros in Microsoft Excel documents to compile embedded C# programming language source code into an executable that runs and deploys the Cardinal RAT. The malicious Excel files use different tactics to get the victims to execute it.
-Table 2313. Table References
+Table 2314. Table References
@@ -85124,7 +85144,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
Works on all Android, Windows, Linux and Mac devices!
-Table 2314. Table References
+Table 2315. Table References
@@ -85141,7 +85161,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
-Table 2315. Table References
+Table 2316. Table References
@@ -85161,7 +85181,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
Trochilus is a remote access trojan (RAT) first identified in October 2015 when attackers used it to infect visitors of a Myanmar website. It was then used in a 2016 cyber-espionage campaign, dubbed "the Seven Pointed Dagger," managed by another group, "Group 27," who also uses the PlugX trojan. Trochilus is primarily spread via emails with a malicious .RAR attachment containing the malware. The trojan’s functionality includes a shellcode extension, remote uninstall, a file manager, and the ability to download and execute, upload and execute, and access the system information. Once present on a system, Trochilus can move laterally in the network for better access. This trojan operates in memory only and does not write to the disk, helping it evade detection.
-Table 2316. Table References
+Table 2317. Table References
@@ -85184,7 +85204,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
Their most commonly used initial attack vector is a simple, yet alarmingly effective, spearphishing attack, infecting unsuspecting victims via a malicious email attachment (usually an executable that has been disguised as something else). From there, Matryoshka runs second stage malware via a dropper and covertly installs a Remote Access Toolkit (RAT). This is done using a reflective loader technique that allows the malware to run in process memory, rather than being written to disk. This not only hides the install of the RAT but also ensures that the RAT will be ‘reinstalled’ after system restart.
-Table 2317. Table References
+Table 2318. Table References
@@ -85204,7 +85224,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
First discovered by Trend Micro in June, Mangit is a new malware family being marketed on both the Dark web and open internet. Users have the option to rent the trojan’s infrastructure for about $600 per 10-day period or buy the source code for about $8,800. Mangit was allegedly developed by "Ric", a Brazilian hacker, who makes himself available via Skype to discuss rental agreements. Once the malware is rented or purchased, the user controls a portion of the Mangit botnet, the trojan, the dropper, an auto-update system, and the server infrastructure to run their attacks. Mangit contains support for nine Brazillian banks including Citibank, HSBC, and Santander. The malware can also be used to steal user PayPal credentials. Mangit has the capability to collect banking credentials, receive SMS texts when a victim is accessing their bank account, and take over victim’s browsers. To circumvent two-factor authentication, attackers can use Mangit to lock victim’s browsers and push pop-ups to the victim asking for the verification code they just received.
-Table 2318. Table References
+Table 2319. Table References
@@ -85227,7 +85247,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
-Table 2319. Table References
+Table 2320. Table References
@@ -85250,7 +85270,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
Revenge v0.1 was a simple tool, according to a researcher known as Rui, who says the malware’s author didn’t bother obfuscating the RAT’s source code. This raised a question mark with the researchers, who couldn’t explain why VirusTotal scanners couldn’t pick it up as a threat right away.Revenge, which was written in Visual Basic, also didn’t feature too many working features, compared to similar RATs. Even Napolean admitted that his tool was still in the early development stages, a reason why he provided the RAT for free.
-Table 2320. Table References
+Table 2321. Table References
@@ -85267,7 +85287,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
-Table 2321. Table References
+Table 2322. Table References
@@ -85297,7 +85317,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
-Table 2322. Table References
+Table 2323. Table References
@@ -85330,7 +85350,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
-Table 2323. Table References
+Table 2324. Table References
@@ -85350,7 +85370,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
MoonWind is a remote access tool (RAT) that was used in 2016 to target organizations in Thailand.
-Table 2324. Table References
+Table 2325. Table References
@@ -85373,7 +85393,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
Remcos is another RAT (Remote Administration Tool) that was first discovered being sold in hacking forums in the second half of 2016. Since then, it has been updated with more features, and just recently, we’ve seen its payload being distributed in the wild for the first time.
-Table 2325. Table References
+Table 2326. Table References
@@ -85393,7 +85413,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
The purpose of the Client Maximus malware is financial fraud. As such, its code aspires to create the capabilities that most banking Trojans have, which allow attackers to monitor victims’ web navigation and interrupt online banking session at will. After taking over a victim’s banking session, an attacker operating this malware can initiate a fraudulent transaction from the account and use social engineering screens to manipulate the unwitting victim into authorizing it.
-Table 2326. Table References
+Table 2327. Table References
@@ -85413,7 +85433,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
Thefatrat a massive exploiting tool revealed >> An easy tool to generate backdoor and easy tool to post exploitation attack like browser attack,dll . This tool compiles a malware with popular payload and then the compiled malware can be execute on windows, android, mac . The malware that created with this tool also have an ability to bypass most…
-Table 2327. Table References
+Table 2328. Table References
@@ -85433,7 +85453,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
Since around October 2016, JPCERT/CC has been confirming information leakage and other damages caused by malware ‘RedLeaves’. It is a new type of malware which has been observed since 2016 in attachments to targeted emails.
-Table 2328. Table References
+Table 2329. Table References
@@ -85453,7 +85473,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
Dubbed Rurktar, the tool hasn’t had all of its functionality implemented yet, but G DATA says “it is relatively safe to say [it] is intended for use in targeted spying operations.” The malicious program could be used for reconnaissance operations, as well as to spy on infected computers users, and steal or upload files.
-Table 2329. Table References
+Table 2330. Table References
@@ -85473,7 +85493,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
RATAttack is a remote access trojan (RAT) that uses the Telegram protocol to support encrypted communication between the victim’s machine and the attacker. The Telegram protocol also provides a simple method to communicate to the target, negating the need for port forwarding. Before using RATAttack, the attacker must create a Telegram bot and embed the bot’s Telegram token into the trojan’s configuration file. When a system is infected with RATAttack, it connects to the bot’s Telegram channel. The attacker can then connect to the same channel and manage the RATAttack clients on the infected host machines. The trojan’s code was available on GitHub then was taken down by the author on April 19, 2017.
-Table 2330. Table References
+Table 2331. Table References
@@ -85493,7 +85513,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
So called because the Command and Control (C2) infrastructure from previous variants of the malware was located in Cambodia, as discussed by Roland Dela Paz at Forecpoint here, KHRAT is a Trojan that registers victims using their infected machine’s username, system language and local IP address. KHRAT provides the threat actors typical RAT features and access to the victim system, including keylogging, screenshot capabilities, remote shell access and so on.
-Table 2331. Table References
+Table 2332. Table References
@@ -85510,7 +85530,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
-Table 2332. Table References
+Table 2333. Table References
@@ -85530,7 +85550,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
Android Remote Administration Tool
-Table 2333. Table References
+Table 2334. Table References
@@ -85550,7 +85570,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
SOCKET23 was launched from his web site and immedi- ately infected major French corporations between August and October 1998. The virus (distributing the Trojan) was known as W32/HLLP.DeTroie.A (alias W32/Cheval.TCV). Never had a virus so disrupted French industry. The author quickly offered his own remover and made his apologies on his web site (now suppressed). Jean-Christophe X (18) was arrested on Tuesday 15 June 1999 in the Paris area and placed under judicial investigation for ‘fraudulent intrusion of data in a data processing system, suppression and fraudulent modification of data’
-Table 2334. Table References
+Table 2335. Table References
@@ -85574,7 +85594,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
Standard macOS backdoor, offered via a 'malware-as-a-service' model. MacSpy is advertised as the "most sophisticated Mac spyware ever", with the low starting price of free. While the idea of malware-as-a-service (MaaS) isn’t a new one with players such as Tox and Shark the game, it can be said that MacSpy is one of the first seen for the OS X platform.
-Table 2335. Table References
+Table 2336. Table References
@@ -85597,7 +85617,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
Talos recently analyzed an interesting malware sample that made use of DNS TXT record queries and responses to create a bidirectional Command and Control (C2) channel. This allows the attacker to use DNS communications to submit new commands to be run on infected machines and return the results of the command execution to the attacker. This is an extremely uncommon and evasive way of administering a RAT. The use of multiple stages of Powershell with various stages being completely fileless indicates an attacker who has taken significant measures to avoid detection.
-Table 2336. Table References
+Table 2337. Table References
@@ -85614,7 +85634,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
-Table 2337. Table References
+Table 2338. Table References
@@ -85634,7 +85654,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
NewCore is a remote access trojan first discovered by Fortinet researchers while conducting analysis on a China-linked APT campaign targeting Vietnamese organizations. The trojan is a DLL file, executed after a trojan downloader is installed on the targeted machine. Based on strings in the code, the trojan may be compiled from the publicly-available source code of the PcClient and PcCortr backdoor trojans.
-Table 2338. Table References
+Table 2339. Table References
@@ -85669,7 +85689,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
On November 8, 2016 a non-disclosed entity in Laos was spear-phished by a group closely related to known Chinese adversaries and most likely affiliated with the Chinese government. The attackers utilized a new kind of Remote Access Trojan (RAT) that has not been previously observed or reported. The new RAT extends the capabilities of traditional RATs by providing complete remote execution of custom commands and programming. htpRAT, uncovered by RiskIQ cyber investigators, is the newest weapon in the Chinese adversary’s arsenal in a campaign against Association of Southeast Asian Nations (ASEAN). Most RATs can log keystrokes, take screenshots, record audio and video from a webcam or microphone, install and uninstall programs and manage files. They support a fixed set of commands operators can execute using different command IDs —’file download’ or ‘file upload,’ for example—and must be completely rebuilt to have different functionality. htpRAT, on the other hand, serves as a conduit for operators to do their job with greater precision and effect. On the Command and Control (C2) server side, threat actors can build new functionality in commands, which can be sent to the malware to execute. This capability makes htpRAT a small, agile, and incredibly dynamic piece of malware. Operators can change functionality, such as searching for a different file on the victim’s network, simply by wrapping commands.
-Table 2339. Table References
+Table 2340. Table References
@@ -85689,7 +85709,7 @@ DigiTrust experts were alerted to something malicious and blocked the download.
According to trusted third-party reporting, HIDDEN COBRA actors have likely been using FALLCHILL malware since 2016 to target the aerospace, telecommunications, and finance industries. The malware is a fully functional RAT with multiple commands that the actors can issue from a command and control (C2) server to a victim’s system via dual proxies. FALLCHILL typically infects a system as a file dropped by other HIDDEN COBRA malware or as a file downloaded unknowingly by users when visiting sites compromised by HIDDEN COBRA actors. HIDDEN COBRA actors use an external tool or dropper to install the FALLCHILL malware-as-a-service to establish persistence. Because of this, additional HIDDEN COBRA malware may be present on systems compromised with FALLCHILL.
-Table 2340. Table References
+Table 2341. Table References
@@ -85713,7 +85733,7 @@ Obtains C2 address from GitHub
Uses Microsoft Windows Background Intelligent Transfer Service(BITS) to maintain persistence.
-Table 2341. Table References
+Table 2342. Table References
@@ -85733,7 +85753,7 @@ Uses Microsoft Windows Background Intelligent Transfer Service(BITS) to maintain
The EFF/Lookout report describes CrossRat as a “newly discovered desktop surveillanceware tool…which is able to target Windows, OSX, and Linux.”
-Table 2342. Table References
+Table 2343. Table References
@@ -85754,7 +85774,7 @@ Uses Microsoft Windows Background Intelligent Transfer Service(BITS) to maintain
The data is RC4-encrypted from the beginning to 0x14 (the key is Date header value), which is followed by the information of the infected host (host name, user name, OS version, etc.). Please refer to Appendix C, Table C-1 for the data format.
-Table 2343. Table References
+Table 2344. Table References
@@ -85775,7 +85795,7 @@ The data is RC4-encrypted from the beginning to 0x14 (the key is Date header val
The RAT appears to have been created as a joke, "to Play with Mac users," and "give Mac it’s rights in this [the RAT] field," but has since expanded to work all three major desktop operating systems — Linux, macOS, and Windows— according to a screenshot of its builder extracted from a promotional YouTube video.
-Table 2344. Table References
+Table 2345. Table References
@@ -86330,7 +86350,7 @@ TDS is a cluster galaxy available in JSON format at
-Table 2345. Table References
+Table 2346. Table References
@@ -86350,7 +86370,7 @@ TDS is a cluster galaxy available in JSON format at
-Table 2346. Table References
+Table 2347. Table References
@@ -86376,7 +86396,7 @@ TDS is a cluster galaxy available in JSON format at
-Table 2347. Table References
+Table 2348. Table References
@@ -86406,7 +86426,7 @@ TDS is a cluster galaxy available in JSON format at
-Table 2348. Table References
+Table 2349. Table References
@@ -86426,7 +86446,7 @@ TDS is a cluster galaxy available in JSON format at
-Table 2349. Table References
+Table 2350. Table References
@@ -86446,7 +86466,7 @@ TDS is a cluster galaxy available in JSON format at
-Table 2350. Table References
+Table 2351. Table References
@@ -86543,7 +86563,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2351. Table References
+Table 2352. Table References
@@ -86580,7 +86600,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2352. Table References
+Table 2353. Table References
@@ -86619,7 +86639,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2353. Table References
+Table 2354. Table References
@@ -86645,7 +86665,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2354. Table References
+Table 2355. Table References
@@ -86665,7 +86685,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2355. Table References
+Table 2356. Table References
@@ -86695,7 +86715,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2356. Table References
+Table 2357. Table References
@@ -86715,7 +86735,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2357. Table References
+Table 2358. Table References
@@ -86732,7 +86752,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2358. Table References
+Table 2359. Table References
@@ -86749,7 +86769,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2359. Table References
+Table 2360. Table References
@@ -86766,7 +86786,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2360. Table References
+Table 2361. Table References
@@ -86783,7 +86803,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2361. Table References
+Table 2362. Table References
@@ -86847,7 +86867,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2362. Table References
+Table 2363. Table References
@@ -86895,7 +86915,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2363. Table References
+Table 2364. Table References
@@ -86943,7 +86963,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2364. Table References
+Table 2365. Table References
@@ -87012,7 +87032,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2365. Table References
+Table 2366. Table References
@@ -87029,7 +87049,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2366. Table References
+Table 2367. Table References
@@ -87074,7 +87094,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2367. Table References
+Table 2368. Table References
@@ -87122,7 +87142,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2368. Table References
+Table 2369. Table References
@@ -87152,7 +87172,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2369. Table References
+Table 2370. Table References
@@ -87227,7 +87247,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2370. Table References
+Table 2371. Table References
@@ -87284,7 +87304,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2371. Table References
+Table 2372. Table References
@@ -87332,7 +87352,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2372. Table References
+Table 2373. Table References
@@ -87365,7 +87385,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2373. Table References
+Table 2374. Table References
@@ -87395,7 +87415,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2374. Table References
+Table 2375. Table References
@@ -87425,7 +87445,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2375. Table References
+Table 2376. Table References
@@ -87482,7 +87502,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2376. Table References
+Table 2377. Table References
@@ -87539,7 +87559,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2377. Table References
+Table 2378. Table References
@@ -87575,7 +87595,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2378. Table References
+Table 2379. Table References
@@ -87605,7 +87625,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2379. Table References
+Table 2380. Table References
@@ -87622,7 +87642,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2380. Table References
+Table 2381. Table References
@@ -87676,7 +87696,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2381. Table References
+Table 2382. Table References
@@ -87721,7 +87741,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2382. Table References
+Table 2383. Table References
@@ -87748,7 +87768,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2383. Table References
+Table 2384. Table References
@@ -87781,7 +87801,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2384. Table References
+Table 2385. Table References
@@ -87817,7 +87837,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2385. Table References
+Table 2386. Table References
@@ -87834,7 +87854,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2386. Table References
+Table 2387. Table References
@@ -87877,7 +87897,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2387. Table References
+Table 2388. Table References
@@ -87922,7 +87942,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2388. Table References
+Table 2389. Table References
@@ -87965,7 +87985,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2389. Table References
+Table 2390. Table References
@@ -87985,7 +88005,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2390. Table References
+Table 2391. Table References
@@ -88024,7 +88044,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2391. Table References
+Table 2392. Table References
@@ -88057,7 +88077,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2392. Table References
+Table 2393. Table References
@@ -88102,7 +88122,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2393. Table References
+Table 2394. Table References
@@ -88144,7 +88164,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2394. Table References
+Table 2395. Table References
@@ -88186,7 +88206,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2395. Table References
+Table 2396. Table References
@@ -88233,7 +88253,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2396. Table References
+Table 2397. Table References
@@ -88263,7 +88283,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2397. Table References
+Table 2398. Table References
@@ -88302,7 +88322,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2398. Table References
+Table 2399. Table References
@@ -88374,7 +88394,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2399. Table References
+Table 2400. Table References
@@ -88479,7 +88499,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2400. Table References
+Table 2401. Table References
@@ -88569,7 +88589,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2401. Table References
+Table 2402. Table References
@@ -88641,7 +88661,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2402. Table References
+Table 2403. Table References
@@ -88710,7 +88730,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2403. Table References
+Table 2404. Table References
@@ -88761,7 +88781,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2404. Table References
+Table 2405. Table References
@@ -88803,7 +88823,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2405. Table References
+Table 2406. Table References
@@ -88839,7 +88859,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2406. Table References
+Table 2407. Table References
@@ -88893,7 +88913,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2407. Table References
+Table 2408. Table References
@@ -88910,7 +88930,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2408. Table References
+Table 2409. Table References
@@ -88959,7 +88979,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2409. Table References
+Table 2410. Table References
@@ -88995,7 +89015,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2410. Table References
+Table 2411. Table References
@@ -89049,7 +89069,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2411. Table References
+Table 2412. Table References
@@ -89097,7 +89117,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2412. Table References
+Table 2413. Table References
@@ -89140,7 +89160,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2413. Table References
+Table 2414. Table References
@@ -89170,7 +89190,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2414. Table References
+Table 2415. Table References
@@ -89215,7 +89235,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2415. Table References
+Table 2416. Table References
@@ -89245,7 +89265,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2416. Table References
+Table 2417. Table References
@@ -89275,7 +89295,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2417. Table References
+Table 2418. Table References
@@ -89308,7 +89328,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2418. Table References
+Table 2419. Table References
@@ -89341,7 +89361,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2419. Table References
+Table 2420. Table References
@@ -89361,7 +89381,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2420. Table References
+Table 2421. Table References
@@ -89400,7 +89420,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2421. Table References
+Table 2422. Table References
@@ -89429,7 +89449,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2422. Table References
+Table 2423. Table References
@@ -89449,7 +89469,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2423. Table References
+Table 2424. Table References
@@ -89472,7 +89492,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2424. Table References
+Table 2425. Table References
@@ -89505,7 +89525,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2425. Table References
+Table 2426. Table References
@@ -89553,7 +89573,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2426. Table References
+Table 2427. Table References
@@ -89589,7 +89609,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2427. Table References
+Table 2428. Table References
@@ -89619,7 +89639,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2428. Table References
+Table 2429. Table References
@@ -89648,7 +89668,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2429. Table References
+Table 2430. Table References
@@ -89668,7 +89688,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2430. Table References
+Table 2431. Table References
@@ -89691,7 +89711,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2431. Table References
+Table 2432. Table References
@@ -89727,7 +89747,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2432. Table References
+Table 2433. Table References
@@ -89771,7 +89791,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2433. Table References
+Table 2434. Table References
@@ -89824,7 +89844,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2434. Table References
+Table 2435. Table References
@@ -89863,7 +89883,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2435. Table References
+Table 2436. Table References
@@ -89905,7 +89925,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2436. Table References
+Table 2437. Table References
@@ -89938,7 +89958,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2437. Table References
+Table 2438. Table References
@@ -89961,7 +89981,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2438. Table References
+Table 2439. Table References
@@ -89981,7 +90001,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2439. Table References
+Table 2440. Table References
@@ -90001,7 +90021,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2440. Table References
+Table 2441. Table References
@@ -90021,7 +90041,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2441. Table References
+Table 2442. Table References
@@ -90041,7 +90061,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2442. Table References
+Table 2443. Table References
@@ -90134,7 +90154,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2443. Table References
+Table 2444. Table References
@@ -90154,7 +90174,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2444. Table References
+Table 2445. Table References
@@ -90177,7 +90197,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2445. Table References
+Table 2446. Table References
@@ -90210,7 +90230,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2446. Table References
+Table 2447. Table References
@@ -90240,7 +90260,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2447. Table References
+Table 2448. Table References
@@ -90269,7 +90289,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2448. Table References
+Table 2449. Table References
@@ -90302,7 +90322,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2449. Table References
+Table 2450. Table References
@@ -90325,7 +90345,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2450. Table References
+Table 2451. Table References
@@ -90345,7 +90365,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2451. Table References
+Table 2452. Table References
@@ -90368,7 +90388,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2452. Table References
+Table 2453. Table References
@@ -90416,7 +90436,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2453. Table References
+Table 2454. Table References
@@ -90445,7 +90465,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2454. Table References
+Table 2455. Table References
@@ -90481,7 +90501,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2455. Table References
+Table 2456. Table References
@@ -90517,7 +90537,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2456. Table References
+Table 2457. Table References
@@ -90550,7 +90570,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2457. Table References
+Table 2458. Table References
@@ -90573,7 +90593,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2458. Table References
+Table 2459. Table References
@@ -90602,7 +90622,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2459. Table References
+Table 2460. Table References
@@ -90638,7 +90658,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2460. Table References
+Table 2461. Table References
@@ -90655,7 +90675,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2461. Table References
+Table 2462. Table References
@@ -90672,7 +90692,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2462. Table References
+Table 2463. Table References
@@ -90689,7 +90709,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2463. Table References
+Table 2464. Table References
@@ -90709,7 +90729,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2464. Table References
+Table 2465. Table References
@@ -90726,7 +90746,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2465. Table References
+Table 2466. Table References
@@ -90753,7 +90773,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2466. Table References
+Table 2467. Table References
@@ -90780,7 +90800,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2467. Table References
+Table 2468. Table References
@@ -90825,7 +90845,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2468. Table References
+Table 2469. Table References
@@ -90842,7 +90862,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2469. Table References
+Table 2470. Table References
@@ -90859,7 +90879,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2470. Table References
+Table 2471. Table References
@@ -90876,7 +90896,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2471. Table References
+Table 2472. Table References
@@ -90893,7 +90913,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2472. Table References
+Table 2473. Table References
@@ -90920,7 +90940,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2473. Table References
+Table 2474. Table References
@@ -90950,7 +90970,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2474. Table References
+Table 2475. Table References
@@ -90976,7 +90996,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2475. Table References
+Table 2476. Table References
@@ -90996,7 +91016,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2476. Table References
+Table 2477. Table References
@@ -91013,7 +91033,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2477. Table References
+Table 2478. Table References
@@ -91030,7 +91050,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2478. Table References
+Table 2479. Table References
@@ -91050,7 +91070,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2479. Table References
+Table 2480. Table References
@@ -91080,7 +91100,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2480. Table References
+Table 2481. Table References
@@ -91103,7 +91123,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2481. Table References
+Table 2482. Table References
@@ -91120,7 +91140,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2482. Table References
+Table 2483. Table References
@@ -91147,7 +91167,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2483. Table References
+Table 2484. Table References
@@ -91164,7 +91184,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2484. Table References
+Table 2485. Table References
@@ -91181,7 +91201,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2485. Table References
+Table 2486. Table References
@@ -91208,7 +91228,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2486. Table References
+Table 2487. Table References
@@ -91225,7 +91245,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2487. Table References
+Table 2488. Table References
@@ -91261,7 +91281,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2488. Table References
+Table 2489. Table References
@@ -91281,7 +91301,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2489. Table References
+Table 2490. Table References
@@ -91298,7 +91318,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2490. Table References
+Table 2491. Table References
@@ -91315,7 +91335,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2491. Table References
+Table 2492. Table References
@@ -91342,7 +91362,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2492. Table References
+Table 2493. Table References
@@ -91394,7 +91414,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2493. Table References
+Table 2494. Table References
@@ -91438,7 +91458,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2494. Table References
+Table 2495. Table References
@@ -91465,7 +91485,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2495. Table References
+Table 2496. Table References
@@ -91495,7 +91515,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2496. Table References
+Table 2497. Table References
@@ -91512,7 +91532,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2497. Table References
+Table 2498. Table References
@@ -91529,7 +91549,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2498. Table References
+Table 2499. Table References
@@ -91549,7 +91569,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2499. Table References
+Table 2500. Table References
@@ -91569,7 +91589,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2500. Table References
+Table 2501. Table References
@@ -91589,7 +91609,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2501. Table References
+Table 2502. Table References
@@ -91615,7 +91635,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2502. Table References
+Table 2503. Table References
@@ -91638,7 +91658,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2503. Table References
+Table 2504. Table References
@@ -91658,7 +91678,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2504. Table References
+Table 2505. Table References
@@ -91703,7 +91723,7 @@ Threat actor is a cluster galaxy available in JSON format at
-Table 2505. Table References
+Table 2506. Table References
@@ -91726,6 +91746,39 @@ Threat actor is a cluster galaxy available in JSON format at
+
+
+
Leviathan is an espionage actor targeting organizations and high-value targets in defense and government. Active since at least 2014, this actor has long-standing interest in maritime industries, naval defense contractors, and associated research institutions in the United States and Western Europe.
+
+
+
Leviathan is also known as:
+
+
+
+
@@ -91776,7 +91829,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2506. Table References
+Table 2508. Table References
@@ -91821,7 +91874,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2507. Table References
+Table 2509. Table References
@@ -91843,7 +91896,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2508. Table References
+Table 2510. Table References
@@ -91863,7 +91916,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2509. Table References
+Table 2511. Table References
@@ -91896,7 +91949,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2510. Table References
+Table 2512. Table References
@@ -91919,7 +91972,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2511. Table References
+Table 2513. Table References
@@ -91946,7 +91999,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2512. Table References
+Table 2514. Table References
@@ -91976,7 +92029,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2513. Table References
+Table 2515. Table References
@@ -92012,7 +92065,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2514. Table References
+Table 2516. Table References
@@ -92042,7 +92095,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2515. Table References
+Table 2517. Table References
@@ -92072,7 +92125,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2516. Table References
+Table 2518. Table References
@@ -92111,7 +92164,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2517. Table References
+Table 2519. Table References
@@ -92156,7 +92209,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2518. Table References
+Table 2520. Table References
@@ -92189,7 +92242,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2519. Table References
+Table 2521. Table References
@@ -92219,7 +92272,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2520. Table References
+Table 2522. Table References
@@ -92258,7 +92311,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2521. Table References
+Table 2523. Table References
@@ -92288,7 +92341,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2522. Table References
+Table 2524. Table References
@@ -92305,7 +92358,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2523. Table References
+Table 2525. Table References
@@ -92332,7 +92385,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2524. Table References
+Table 2526. Table References
@@ -92371,7 +92424,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2525. Table References
+Table 2527. Table References
@@ -92419,7 +92472,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2526. Table References
+Table 2528. Table References
@@ -92455,7 +92508,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2527. Table References
+Table 2529. Table References
@@ -92491,7 +92544,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2528. Table References
+Table 2530. Table References
@@ -92527,7 +92580,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2529. Table References
+Table 2531. Table References
@@ -92560,7 +92613,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2530. Table References
+Table 2532. Table References
@@ -92583,7 +92636,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2531. Table References
+Table 2533. Table References
@@ -92619,7 +92672,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2532. Table References
+Table 2534. Table References
@@ -92639,7 +92692,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2533. Table References
+Table 2535. Table References
@@ -92669,7 +92722,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2534. Table References
+Table 2536. Table References
@@ -92692,7 +92745,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2535. Table References
+Table 2537. Table References
@@ -92728,7 +92781,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2536. Table References
+Table 2538. Table References
@@ -92761,7 +92814,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2537. Table References
+Table 2539. Table References
@@ -92810,7 +92863,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2538. Table References
+Table 2540. Table References
@@ -92849,7 +92902,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2539. Table References
+Table 2541. Table References
@@ -92892,7 +92945,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2540. Table References
+Table 2542. Table References
@@ -92919,7 +92972,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2541. Table References
+Table 2543. Table References
@@ -92949,7 +93002,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2542. Table References
+Table 2544. Table References
@@ -92979,7 +93032,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2543. Table References
+Table 2545. Table References
@@ -93009,7 +93062,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2544. Table References
+Table 2546. Table References
@@ -93029,7 +93082,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2545. Table References
+Table 2547. Table References
@@ -93068,7 +93121,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2546. Table References
+Table 2548. Table References
@@ -93110,7 +93163,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2547. Table References
+Table 2549. Table References
@@ -93149,7 +93202,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2548. Table References
+Table 2550. Table References
@@ -93179,7 +93232,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2549. Table References
+Table 2551. Table References
@@ -93215,7 +93268,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2550. Table References
+Table 2552. Table References
@@ -93248,7 +93301,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2551. Table References
+Table 2553. Table References
@@ -93281,7 +93334,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2552. Table References
+Table 2554. Table References
@@ -93354,7 +93407,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2553. Table References
+Table 2555. Table References
@@ -93449,7 +93502,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2554. Table References
+Table 2556. Table References
@@ -93466,7 +93519,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2555. Table References
+Table 2557. Table References
@@ -93493,7 +93546,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2556. Table References
+Table 2558. Table References
@@ -93510,7 +93563,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2557. Table References
+Table 2559. Table References
@@ -93527,7 +93580,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2558. Table References
+Table 2560. Table References
@@ -93544,7 +93597,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2559. Table References
+Table 2561. Table References
@@ -93565,7 +93618,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2560. Table References
+Table 2562. Table References
@@ -93582,7 +93635,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2561. Table References
+Table 2563. Table References
@@ -93599,7 +93652,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2562. Table References
+Table 2564. Table References
@@ -93624,7 +93677,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2563. Table References
+Table 2565. Table References
@@ -93645,7 +93698,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2564. Table References
+Table 2566. Table References
@@ -93662,7 +93715,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2565. Table References
+Table 2567. Table References
@@ -93679,7 +93732,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2566. Table References
+Table 2568. Table References
@@ -93696,7 +93749,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2567. Table References
+Table 2569. Table References
@@ -93713,7 +93766,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2568. Table References
+Table 2570. Table References
@@ -93740,7 +93793,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2569. Table References
+Table 2571. Table References
@@ -93757,7 +93810,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2570. Table References
+Table 2572. Table References
@@ -93774,7 +93827,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2571. Table References
+Table 2573. Table References
@@ -93801,7 +93854,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2572. Table References
+Table 2574. Table References
@@ -93834,7 +93887,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2573. Table References
+Table 2575. Table References
@@ -93851,7 +93904,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2574. Table References
+Table 2576. Table References
@@ -93878,7 +93931,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2575. Table References
+Table 2577. Table References
@@ -93913,7 +93966,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2576. Table References
+Table 2578. Table References
@@ -93946,7 +93999,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2577. Table References
+Table 2579. Table References
@@ -93963,7 +94016,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2578. Table References
+Table 2580. Table References
@@ -93990,7 +94043,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2579. Table References
+Table 2581. Table References
@@ -94023,7 +94076,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2580. Table References
+Table 2582. Table References
@@ -94053,7 +94106,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2581. Table References
+Table 2583. Table References
@@ -94070,7 +94123,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2582. Table References
+Table 2584. Table References
@@ -94103,7 +94156,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2583. Table References
+Table 2585. Table References
@@ -94120,7 +94173,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2584. Table References
+Table 2586. Table References
@@ -94137,7 +94190,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2585. Table References
+Table 2587. Table References
@@ -94154,7 +94207,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2586. Table References
+Table 2588. Table References
@@ -94171,7 +94224,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2587. Table References
+Table 2589. Table References
@@ -94188,7 +94241,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2588. Table References
+Table 2590. Table References
@@ -94205,7 +94258,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2589. Table References
+Table 2591. Table References
@@ -94238,7 +94291,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2590. Table References
+Table 2592. Table References
@@ -94277,7 +94330,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2591. Table References
+Table 2593. Table References
@@ -94294,7 +94347,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2592. Table References
+Table 2594. Table References
@@ -94311,7 +94364,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2593. Table References
+Table 2595. Table References
@@ -94328,7 +94381,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2594. Table References
+Table 2596. Table References
@@ -94348,7 +94401,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2595. Table References
+Table 2597. Table References
@@ -94368,7 +94421,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2596. Table References
+Table 2598. Table References
@@ -94388,7 +94441,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2597. Table References
+Table 2599. Table References
@@ -94408,7 +94461,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2598. Table References
+Table 2600. Table References
@@ -94428,7 +94481,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2599. Table References
+Table 2601. Table References
@@ -94458,7 +94511,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2600. Table References
+Table 2602. Table References
@@ -94488,7 +94541,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2601. Table References
+Table 2603. Table References
@@ -94536,7 +94589,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2602. Table References
+Table 2604. Table References
@@ -94574,7 +94627,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2603. Table References
+Table 2605. Table References
@@ -94609,7 +94662,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2604. Table References
+Table 2606. Table References
@@ -94629,7 +94682,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2605. Table References
+Table 2607. Table References
@@ -94666,7 +94719,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2606. Table References
+Table 2608. Table References
@@ -94692,7 +94745,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2607. Table References
+Table 2609. Table References
@@ -94712,7 +94765,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2608. Table References
+Table 2610. Table References
@@ -94732,7 +94785,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2609. Table References
+Table 2611. Table References
@@ -94752,7 +94805,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2610. Table References
+Table 2612. Table References
@@ -94785,7 +94838,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2611. Table References
+Table 2613. Table References
@@ -94821,7 +94874,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2612. Table References
+Table 2614. Table References
@@ -94851,7 +94904,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2613. Table References
+Table 2615. Table References
@@ -94875,7 +94928,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2614. Table References
+Table 2616. Table References
@@ -94905,7 +94958,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2615. Table References
+Table 2617. Table References
@@ -94940,7 +94993,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2616. Table References
+Table 2618. Table References
@@ -94960,7 +95013,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2617. Table References
+Table 2619. Table References
@@ -94980,7 +95033,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2618. Table References
+Table 2620. Table References
@@ -95013,7 +95066,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2619. Table References
+Table 2621. Table References
@@ -95036,7 +95089,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2620. Table References
+Table 2622. Table References
@@ -95056,7 +95109,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2621. Table References
+Table 2623. Table References
@@ -95098,7 +95151,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2622. Table References
+Table 2624. Table References
@@ -95118,7 +95171,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2623. Table References
+Table 2625. Table References
@@ -95138,7 +95191,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2624. Table References
+Table 2626. Table References
@@ -95158,7 +95211,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2625. Table References
+Table 2627. Table References
@@ -95178,7 +95231,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2626. Table References
+Table 2628. Table References
@@ -95211,7 +95264,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2627. Table References
+Table 2629. Table References
@@ -95234,7 +95287,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2628. Table References
+Table 2630. Table References
@@ -95254,7 +95307,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2629. Table References
+Table 2631. Table References
@@ -95274,7 +95327,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2630. Table References
+Table 2632. Table References
@@ -95294,7 +95347,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2631. Table References
+Table 2633. Table References
@@ -95314,7 +95367,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2632. Table References
+Table 2634. Table References
@@ -95334,7 +95387,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2633. Table References
+Table 2635. Table References
@@ -95354,7 +95407,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2634. Table References
+Table 2636. Table References
@@ -95374,7 +95427,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2635. Table References
+Table 2637. Table References
@@ -95394,7 +95447,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2636. Table References
+Table 2638. Table References
@@ -95414,7 +95467,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2637. Table References
+Table 2639. Table References
@@ -95434,7 +95487,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2638. Table References
+Table 2640. Table References
@@ -95454,7 +95507,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2639. Table References
+Table 2641. Table References
@@ -95474,7 +95527,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2640. Table References
+Table 2642. Table References
@@ -95494,7 +95547,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2641. Table References
+Table 2643. Table References
@@ -95514,7 +95567,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2642. Table References
+Table 2644. Table References
@@ -95534,7 +95587,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2643. Table References
+Table 2645. Table References
@@ -95554,7 +95607,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2644. Table References
+Table 2646. Table References
@@ -95574,7 +95627,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2645. Table References
+Table 2647. Table References
@@ -95594,7 +95647,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2646. Table References
+Table 2648. Table References
@@ -95614,7 +95667,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2647. Table References
+Table 2649. Table References
@@ -95634,7 +95687,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2648. Table References
+Table 2650. Table References
@@ -95654,7 +95707,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2649. Table References
+Table 2651. Table References
@@ -95674,7 +95727,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2650. Table References
+Table 2652. Table References
@@ -95694,7 +95747,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2651. Table References
+Table 2653. Table References
@@ -95714,7 +95767,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2652. Table References
+Table 2654. Table References
@@ -95734,7 +95787,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2653. Table References
+Table 2655. Table References
@@ -95754,7 +95807,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2654. Table References
+Table 2656. Table References
@@ -95774,7 +95827,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2655. Table References
+Table 2657. Table References
@@ -95794,7 +95847,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2656. Table References
+Table 2658. Table References
@@ -95814,7 +95867,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2657. Table References
+Table 2659. Table References
@@ -95834,7 +95887,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2658. Table References
+Table 2660. Table References
@@ -95854,7 +95907,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2659. Table References
+Table 2661. Table References
@@ -95874,7 +95927,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2660. Table References
+Table 2662. Table References
@@ -95894,7 +95947,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2661. Table References
+Table 2663. Table References
@@ -95914,7 +95967,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2662. Table References
+Table 2664. Table References
@@ -95934,7 +95987,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2663. Table References
+Table 2665. Table References
@@ -95954,7 +96007,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2664. Table References
+Table 2666. Table References
@@ -95974,7 +96027,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2665. Table References
+Table 2667. Table References
@@ -95994,7 +96047,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2666. Table References
+Table 2668. Table References
@@ -96014,7 +96067,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2667. Table References
+Table 2669. Table References
@@ -96047,7 +96100,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2668. Table References
+Table 2670. Table References
@@ -96067,7 +96120,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2669. Table References
+Table 2671. Table References
@@ -96090,7 +96143,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2670. Table References
+Table 2672. Table References
@@ -96110,7 +96163,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2671. Table References
+Table 2673. Table References
@@ -96130,7 +96183,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2672. Table References
+Table 2674. Table References
@@ -96150,7 +96203,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2673. Table References
+Table 2675. Table References
@@ -96170,7 +96223,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2674. Table References
+Table 2676. Table References
@@ -96190,7 +96243,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2675. Table References
+Table 2677. Table References
@@ -96220,7 +96273,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2676. Table References
+Table 2678. Table References
@@ -96240,7 +96293,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2677. Table References
+Table 2679. Table References
@@ -96260,7 +96313,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2678. Table References
+Table 2680. Table References
@@ -96280,7 +96333,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2679. Table References
+Table 2681. Table References
@@ -96310,7 +96363,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2680. Table References
+Table 2682. Table References
@@ -96340,7 +96393,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2681. Table References
+Table 2683. Table References
@@ -96360,7 +96413,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2682. Table References
+Table 2684. Table References
@@ -96382,7 +96435,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2683. Table References
+Table 2685. Table References
@@ -96404,7 +96457,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2684. Table References
+Table 2686. Table References
@@ -96424,7 +96477,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2685. Table References
+Table 2687. Table References
@@ -96444,7 +96497,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2686. Table References
+Table 2688. Table References
@@ -96464,7 +96517,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2687. Table References
+Table 2689. Table References
@@ -96484,7 +96537,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2688. Table References
+Table 2690. Table References
@@ -96504,7 +96557,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2689. Table References
+Table 2691. Table References
@@ -96524,7 +96577,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2690. Table References
+Table 2692. Table References
@@ -96547,7 +96600,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2691. Table References
+Table 2693. Table References
@@ -96567,7 +96620,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2692. Table References
+Table 2694. Table References
@@ -96587,7 +96640,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2693. Table References
+Table 2695. Table References
@@ -96607,7 +96660,7 @@ Tool is a cluster galaxy available in JSON format at (SY)# <HOSTNAME>" to the remote system, where <HOSTNAME> is the hostname of the victim system. The remote host responds with a packet that also begins with the string "(SY)# cmd". This causes the malware to launch a new cmd.exe child process. Further communications are forwarded to the cmd.exe child process to execute. The commands sent to the shell and their responses are obfuscated when sent over the network.
-Table 2694. Table References
+Table 2696. Table References
@@ -96627,7 +96680,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2695. Table References
+Table 2697. Table References
@@ -96659,7 +96712,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2696. Table References
+Table 2698. Table References
@@ -96679,7 +96732,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2697. Table References
+Table 2699. Table References
@@ -96699,7 +96752,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2698. Table References
+Table 2700. Table References
@@ -96719,7 +96772,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2699. Table References
+Table 2701. Table References
@@ -96739,7 +96792,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2700. Table References
+Table 2702. Table References
@@ -96759,7 +96812,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2701. Table References
+Table 2703. Table References
@@ -96781,7 +96834,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2702. Table References
+Table 2704. Table References
@@ -96801,7 +96854,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2703. Table References
+Table 2705. Table References
@@ -96821,7 +96874,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2704. Table References
+Table 2706. Table References
@@ -96841,7 +96894,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2705. Table References
+Table 2707. Table References
@@ -96861,7 +96914,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2706. Table References
+Table 2708. Table References
@@ -96881,7 +96934,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2707. Table References
+Table 2709. Table References
@@ -96901,7 +96954,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2708. Table References
+Table 2710. Table References
@@ -96921,7 +96974,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2709. Table References
+Table 2711. Table References
@@ -96941,7 +96994,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2710. Table References
+Table 2712. Table References
@@ -96961,7 +97014,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2711. Table References
+Table 2713. Table References
@@ -96981,7 +97034,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2712. Table References
+Table 2714. Table References
@@ -97001,7 +97054,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2713. Table References
+Table 2715. Table References
@@ -97021,7 +97074,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2714. Table References
+Table 2716. Table References
@@ -97041,7 +97094,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2715. Table References
+Table 2717. Table References
@@ -97061,7 +97114,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2716. Table References
+Table 2718. Table References
@@ -97081,7 +97134,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2717. Table References
+Table 2719. Table References
@@ -97101,7 +97154,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2718. Table References
+Table 2720. Table References
@@ -97121,7 +97174,7 @@ Tool is a cluster galaxy available in JSON format at https://github.com/quasar/QuasarRat . The versions used by APT10 (1.3.4.0, 2.0.0.0, and 2.0.0.1) are not available via the public GitHub page, indicating that APT10 has further customized the open source version. The 2.0 versions require a dropper to decipher and launch the AES encrypted QUASARRAT payload. QUASARRAT is a fully functional .NET backdoor that has been used by multiple cyber espionage groups in the past.
-Table 2719. Table References
+Table 2721. Table References
@@ -97154,7 +97207,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2720. Table References
+Table 2722. Table References
@@ -97180,7 +97233,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2721. Table References
+Table 2723. Table References
@@ -97213,7 +97266,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2722. Table References
+Table 2724. Table References
@@ -97233,7 +97286,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2723. Table References
+Table 2725. Table References
@@ -97433,7 +97486,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2724. Table References
+Table 2726. Table References
@@ -97453,7 +97506,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2725. Table References
+Table 2727. Table References
@@ -97473,7 +97526,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2726. Table References
+Table 2728. Table References
@@ -97493,7 +97546,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2727. Table References
+Table 2729. Table References
@@ -97526,7 +97579,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2728. Table References
+Table 2730. Table References
@@ -97552,7 +97605,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2729. Table References
+Table 2731. Table References
@@ -97569,7 +97622,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2730. Table References
+Table 2732. Table References
@@ -97591,7 +97644,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2731. Table References
+Table 2733. Table References
@@ -97630,7 +97683,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2732. Table References
+Table 2734. Table References
@@ -97650,7 +97703,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2733. Table References
+Table 2735. Table References
@@ -97680,7 +97733,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2734. Table References
+Table 2736. Table References
@@ -97703,7 +97756,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2735. Table References
+Table 2737. Table References
@@ -97724,7 +97777,7 @@ Tool is a cluster galaxy available in JSON format at
-Table 2736. Table References
+Table 2738. Table References
@@ -97744,7 +97797,7 @@ Throughout the multiple campaigns observed over the last 3 years, the actor has
Recently, Palo Alto Networks researchers discovered an advanced Android malware we’ve named “SpyDealer” which exfiltrates private data from more than 40 apps and steals sensitive messages from communication apps by abusing the Android accessibility service feature. SpyDealer uses exploits from a commercial rooting app to gain root privilege, which enables the subsequent data theft.
-Table 2737. Table References
+Table 2739. Table References
@@ -97764,7 +97817,7 @@ Throughout the multiple campaigns observed over the last 3 years, the actor has
CowerSnail was compiled using Qt and linked with various libraries. This framework provides benefits such as cross-platform capability and transferability of the source code between different operating systems.
-Table 2738. Table References
+Table 2740. Table References
@@ -97794,7 +97847,7 @@ Throughout the multiple campaigns observed over the last 3 years, the actor has
-Table 2739. Table References
+Table 2741. Table References
@@ -97815,7 +97868,7 @@ Throughout the multiple campaigns observed over the last 3 years, the actor has
During our analysis, we extracted the commands executed by the TwoFace webshell from the server logs on the compromised server. Our analysis shows that the commands issued by the threat actor date back to June 2016; this suggests that the actor had access to this shell for almost an entire year. The commands issued show the actor was interested in gathering credentials from the compromised server using the Mimikatz tool. We also saw the attacker using the TwoFace webshell to move laterally through the network by copying itself and other webshells to other servers.
-Table 2740. Table References
+Table 2742. Table References
@@ -97835,7 +97888,7 @@ During our analysis, we extracted the commands executed by the TwoFace webshell
Like TwoFace, the IntrudingDivisor webshell requires the threat actor to authenticate before issuing commands. To authenticate, the actor must provide two pieces of information, first an integer that is divisible by 5473 and a string whose MD5 hash is “9A26A0E7B88940DAA84FC4D5E6C61AD0”. Upon successful authentication, the webshell has a command handler that uses integers within the request to determine the command to execute - To complete
-Table 2741. Table References
+Table 2743. Table References
@@ -97855,7 +97908,7 @@ During our analysis, we extracted the commands executed by the TwoFace webshell
Attacks that use completely fileless malware are a rare occurrence, so we thought it important to discuss a new trojan known as JS_POWMET (Detected by Trend Micro as JS_POWMET.DE), which arrives via an autostart registry procedure. By utilizing a completely fileless infection chain, the malware will be more difficult to analyze using a sandbox, making it more difficult for anti-malware engineers to examine.
-Table 2742. Table References
+Table 2744. Table References
@@ -97875,7 +97928,7 @@ During our analysis, we extracted the commands executed by the TwoFace webshell
The main malware capabilities include a privilege escalation attempt using MS16–032 exploitation; a HTTP Proxy to intercept banking transactions; a backdoor to make it possible for the attacker to issue arbitrary remote commands and a C&C through a IRC channel. As it’s being identified as a Generic Trojan by most of VirusTotal (VT) engines, let s name it EngineBox— the core malware class I saw after reverse engineering it.
-Table 2743. Table References
+Table 2745. Table References
@@ -97895,7 +97948,7 @@ During our analysis, we extracted the commands executed by the TwoFace webshell
Spread via hacked Aeria games offered on unofficial websites, the modular malware can download and install virtually any other malicious code on the victim’s computer. To spread their malware, the attackers behind Joao have misused massively-multiplayer online role-playing games (MMORPGs) originally published by Aeria Games. At the time of writing this article, the Joao downloader was being distributed via the anime-themed MMORPG Grand Fantasia offered on gf.ignitgames[.]to.
-Table 2744. Table References
+Table 2746. Table References
@@ -97915,7 +97968,7 @@ During our analysis, we extracted the commands executed by the TwoFace webshell
Upon execution, Fireball installs a browser hijacker as well as any number of adware programs. Several different sources have linked different indicators of compromise (IOCs) and varied payloads, but a few details remain the same.
-Table 2745. Table References
+Table 2747. Table References
@@ -97935,7 +97988,7 @@ During our analysis, we extracted the commands executed by the TwoFace webshell
ShadowPad is a modular cyber-attack platform that attackers deploy in victim networks to gain flexible remote control capabilities. The platform is designed to run in two stages. The first stage is a shellcode that was embedded in a legitimate nssock2.dll used by Xshell, Xmanager and other software packages produced by NetSarang. This stage is responsible for connecting to “validation” command and control (C&C) servers and getting configuration information including the location of the real C&C server, which may be unique per victim. The second stage acts as an orchestrator for five main modules responsible for C&C communication, working with the DNS protocol, loading and injecting additional plugins into the memory of other processes.
-Table 2746. Table References
+Table 2748. Table References
@@ -97955,7 +98008,7 @@ During our analysis, we extracted the commands executed by the TwoFace webshell
IoT_reaper is fairly large now and is actively expanding. For example, there are multiple C2s we are tracking, the most recently data (October 19) from just one C2 shows the number of unique active bot IP address is more than 10k per day. While at the same time, there are millions of potential vulnerable device IPs being queued into the c2 system waiting to be processed by an automatic loader that injects malicious code to the devices to expand the size of the botnet.
-Table 2747. Table References
+Table 2749. Table References
@@ -97975,7 +98028,7 @@ During our analysis, we extracted the commands executed by the TwoFace webshell
FormBook is a data stealer and form grabber that has been advertised in various hacking forums since early 2016.
-Table 2748. Table References
+Table 2750. Table References
@@ -97998,7 +98051,7 @@ During our analysis, we extracted the commands executed by the TwoFace webshell
Dimnie, the commonly agreed upon name for the binary dropped by the PowerShell script above, has been around for several years. Palo Alto Networks has observed samples dating back to early 2014 with identical command and control mechanisms. The malware family serves as a downloader and has a modular design encompassing various information stealing functionalities. Each module is injected into the memory of core Windows processes, further complicating analysis. During its lifespan, it appears to have undergone few changes and its stealthy command and control methods combined with a previously Russian focused target base has allowed it to fly under the radar up until this most recent campaign.
-Table 2749. Table References
+Table 2751. Table References
@@ -98018,7 +98071,7 @@ During our analysis, we extracted the commands executed by the TwoFace webshell
The ALMA Communicator Trojan is a backdoor Trojan that uses DNS tunneling exclusively to receive commands from the adversary and to exfiltrate data. This Trojan specifically reads in a configuration from the cfg file that was initially created by the Clayslide delivery document. ALMA does not have an internal configuration, so the Trojan does not function without the cfg file created by the delivery document.
-Table 2750. Table References
+Table 2752. Table References
@@ -98039,7 +98092,7 @@ During our analysis, we extracted the commands executed by the TwoFace webshell
We saw that technique before in Carbanak, and other similar cases worldwide. The infection vector is a spear-phishing email with a malicious attachment. An interesting point in the Silence attack is that the cybercriminals had already compromised banking infrastructure in order to send their spear-phishing emails from the addresses of real bank employees and look as unsuspicious as possible to future victims.
-Table 2751. Table References
+Table 2753. Table References
@@ -98059,7 +98112,7 @@ We saw that technique before in Carbanak, and other similar cases worldwide. The
Volgmer is a backdoor Trojan designed to provide covert access to a compromised system. Since at least 2013, HIDDEN COBRA actors have been observed using Volgmer malware in the wild to target the government, financial, automotive, and media industries. It is suspected that spear phishing is the primary delivery mechanism for Volgmer infections; however, HIDDEN COBRA actors use a suite of custom tools, some of which could also be used to initially compromise a system. Therefore, it is possible that additional HIDDEN COBRA malware may be present on network infrastructure compromised with Volgmer
-Table 2752. Table References
+Table 2754. Table References
@@ -98079,7 +98132,7 @@ We saw that technique before in Carbanak, and other similar cases worldwide. The
Nymaim is a 2-year-old strain of malware most closely associated with ransomware. We have seen recent attacks spreading it using an established email marketing service provider to avoid blacklists and detection tools. But instead of ransomware, the malware is now being used to distribute banking Trojans
-Table 2753. Table References
+Table 2755. Table References
@@ -98109,7 +98162,7 @@ We saw that technique before in Carbanak, and other similar cases worldwide. The
-Table 2754. Table References
+Table 2756. Table References
@@ -98138,7 +98191,7 @@ We saw that technique before in Carbanak, and other similar cases worldwide. The
Agent Tesla is modern powerful keystroke logger. It provides monitoring your personel computer via keyboard and screenshot. Keyboard, screenshot and registered passwords are sent in log. You can receive your logs via e-mail, ftp or php(web panel).
-Table 2755. Table References
+Table 2757. Table References
@@ -98168,7 +98221,7 @@ We saw that technique before in Carbanak, and other similar cases worldwide. The
-Table 2756. Table References
+Table 2758. Table References
@@ -98198,7 +98251,7 @@ We saw that technique before in Carbanak, and other similar cases worldwide. The
-Table 2757. Table References
+Table 2759. Table References
@@ -98220,7 +98273,7 @@ The malware was first spotted online over the summer by Italian security researc
The initial version of this threat was loaded via an include call for the wp-vcd.php file —hence the malware’s name— and injected malicious code into WordPress core files such as functions.php and class.wp.php. This was not a massive campaign, but attacks continued throughout the recent months.
-Table 2758. Table References
+Table 2760. Table References
@@ -98243,7 +98296,7 @@ The initial version of this threat was loaded via an include call for the wp-vcd
malicious program for auto replacement of payment data in AWS CBR
-Table 2759. Table References
+Table 2761. Table References
@@ -98263,7 +98316,7 @@ The initial version of this threat was loaded via an include call for the wp-vcd
Described as a "professional exe loader / dll dropper" Quant Loader is in fact a very basic trojan downloader. It began being advertised on September 1, 2016 on various Russian underground forums.
-Table 2760. Table References
+Table 2762. Table References
@@ -98286,7 +98339,7 @@ The initial version of this threat was loaded via an include call for the wp-vcd
The Secure Shell Protocol (SSH) is a very popular protocol used for secure data communication. It is widely used in the Unix world to manage remote servers, transfer files, etc. The modified SSH daemon described here, Linux/SSHDoor.A, is designed to steal usernames and passwords and allows remote access to the server via either an hardcoded password or SSH key.
-Table 2761. Table References
+Table 2763. Table References
@@ -98316,7 +98369,7 @@ The initial version of this threat was loaded via an include call for the wp-vcd
-Table 2762. Table References
+Table 2764. Table References
@@ -98349,7 +98402,7 @@ The initial version of this threat was loaded via an include call for the wp-vcd
-Table 2763. Table References
+Table 2765. Table References
@@ -98378,7 +98431,7 @@ The initial version of this threat was loaded via an include call for the wp-vcd
3. Exfiltrate the payment card data via lengthy encoded and obfuscated DNS queries to a hardcoded domain registered and controlled by the perpetrators, similar to that described by Paul Rascagneres in his analysis of FrameworkPOS in 2014[iii], and more recently by Luis Mendieta of Anomoli in analysis of a precursor to this sample.
-Table 2764. Table References
+Table 2766. Table References
@@ -98398,7 +98451,7 @@ The initial version of this threat was loaded via an include call for the wp-vcd
Prilex malware steals the information of the infected ATM’s users. In this case, it was a Brazilian bank, but consider the implications of such an attack in your region, whether you’re a customer or the bank.
-Table 2765. Table References
+Table 2767. Table References
@@ -98418,7 +98471,7 @@ The initial version of this threat was loaded via an include call for the wp-vcd
Cutlet Maker is an ATM malware designed to empty the machine of all its banknotes. Interestingly, while its authors have been advertising its sale, their competitors have already cracked the program, allowing anybody to use it for free.
-Table 2766. Table References
+Table 2768. Table References
@@ -98448,7 +98501,7 @@ The initial version of this threat was loaded via an include call for the wp-vcd
-Table 2767. Table References
+Table 2769. Table References
@@ -98471,7 +98524,7 @@ The initial version of this threat was loaded via an include call for the wp-vcd
PowerSpritz is a Windows executable that hides both its legitimate payload and malicious PowerShell command using a non-standard implementation of the already rarely used Spritz encryption algorithm (see the Attribution section for additional analysis of the Spritz implementation). This malicious downloader has been observed being delivered via spearphishing attacks using the TinyCC link shortener service to redirect to likely attacker-controlled servers hosting the malicious PowerSpritz payload.
-Table 2768. Table References
+Table 2770. Table References
@@ -98491,7 +98544,7 @@ The initial version of this threat was loaded via an include call for the wp-vcd
PowerRatankba is used for the same purpose as Ratankba: as a first stage reconnaissance tool and for the deployment of further stage implants on targets that are deemed interesting by the actor. Similar to its predecessor, PowerRatankba utilizes HTTP for its C&C communication.
-Table 2769. Table References
+Table 2771. Table References
@@ -98512,7 +98565,7 @@ The initial version of this threat was loaded via an include call for the wp-vcd
The threat actor uses RATANKBA to survey the lay of the land as it looks into various aspects of the host machine where it has been initially downloaded—the machine that has been victim of the watering hole attack. Information such as the running tasks, domain, shares, user information, if the host has default internet connectivity, and so forth.
-Table 2770. Table References
+Table 2772. Table References
@@ -98532,7 +98585,7 @@ The threat actor uses RATANKBA to survey the lay of the land as it looks into va
USBStealer serves as a network tool that extracts sensitive information from air-gapped networks. We have not seen this component since mid 2015.
-Table 2771. Table References
+Table 2773. Table References
@@ -98552,7 +98605,7 @@ The threat actor uses RATANKBA to survey the lay of the land as it looks into va
Downdelph is a lightweight downloader developed in the Delphi programming language. As we already mentioned in our white paper, its period of activity was from November 2013 to September 2015 and there have been no new variants seen since.
-Table 2772. Table References
+Table 2774. Table References
@@ -98572,7 +98625,7 @@ The threat actor uses RATANKBA to survey the lay of the land as it looks into va
Monero-mining malware
-Table 2773. Table References
+Table 2775. Table References
@@ -98592,7 +98645,7 @@ The threat actor uses RATANKBA to survey the lay of the land as it looks into va
A fully-featured backdoor, designed to perversely spy on Mac users
-Table 2774. Table References
+Table 2776. Table References
@@ -98622,7 +98675,7 @@ The threat actor uses RATANKBA to survey the lay of the land as it looks into va
-Table 2775. Table References
+Table 2777. Table References
@@ -98652,7 +98705,7 @@ The threat actor uses RATANKBA to survey the lay of the land as it looks into va
-Table 2776. Table References
+Table 2778. Table References
@@ -98672,7 +98725,7 @@ The threat actor uses RATANKBA to survey the lay of the land as it looks into va
A fully-featured macOS backdoor, designed to collect and exfiltrate sensitive user data such as 1Password files, browser login data, and keychains.
-Table 2777. Table References
+Table 2779. Table References
@@ -98692,7 +98745,7 @@ The threat actor uses RATANKBA to survey the lay of the land as it looks into va
Adware which hijacks a macOS user’s homepage to redirect search queries.
-Table 2778. Table References
+Table 2780. Table References
@@ -98712,7 +98765,7 @@ The threat actor uses RATANKBA to survey the lay of the land as it looks into va
A macOS crypto-currency miner, distributed via a trojaned 'CS-GO' hack.
-Table 2779. Table References
+Table 2781. Table References
@@ -98732,7 +98785,7 @@ The threat actor uses RATANKBA to survey the lay of the land as it looks into va
A macOS crypto-currency mining trojan.
-Table 2780. Table References
+Table 2782. Table References
@@ -98762,7 +98815,7 @@ The threat actor uses RATANKBA to survey the lay of the land as it looks into va
-Table 2781. Table References
+Table 2783. Table References
@@ -98782,7 +98835,7 @@ The threat actor uses RATANKBA to survey the lay of the land as it looks into va
Digmine is coded in AutoIt, and sent to would-be victims posing as a video file but is actually an AutoIt executable script. If the user’s Facebook account is set to log in automatically, Digmine will manipulate Facebook Messenger in order to send a link to the file to the account’s friends. The abuse of Facebook is limited to propagation for now, but it wouldn’t be implausible for attackers to hijack the Facebook account itself down the line. This functionality’s code is pushed from the command-and-control (C&C) server, which means it can be updated.
-Table 2782. Table References
+Table 2784. Table References
@@ -98802,7 +98855,7 @@ The threat actor uses RATANKBA to survey the lay of the land as it looks into va
TSCookie itself only serves as a downloader. It expands functionality by downloading modules from C&C servers. The sample that was examined downloaded a DLL file which has exfiltrating function among many others (hereafter “TSCookieRAT”). Downloaded modules only runs on memory.
-Table 2783. Table References
+Table 2785. Table References