3,697 indexed
SOFTWARESoftware & malware
3,697 tools and malware families — MITRE ATT&CK Software plus the wider cs-graph malware corpus. Use /search for keyword + ID lookup. Authored by Adam Lundqvist.
Showing 2,351–2,400 of 3,697 · page 48 of 74
| ID | Title | Summary |
|---|---|---|
| RUSSIANROULETTE | RussianRoulette | Ransomware Variant of the Philadelphia ransomware |
| RUSTOCK | Rustock | |
| RUSTYLOCKER | rustylocker | |
| RWX-RAT | RWX RAT | |
| RYUK-RANSOMWARE | Ryuk ransomware | Similar to Samas and BitPaymer, Ryuk is specifically used to target enterprise environments. Code comparison between versions of Ryuk and Hermes ransomware ind… |
| S0001 | Trojan.Mebromi Windows | [Trojan.Mebromi](https://attack.mitre.org/software/S0001) is BIOS-level malware that takes control of the victim before MBR. (Citation: Ge 2011) Documented pl… |
| S0002 | Mimikatz Windows | [Mimikatz](https://attack.mitre.org/software/S0002) is a credential dumper capable of obtaining plaintext Windows account logins and passwords, along with many… |
| S0003 | RIPTIDE Windows | [RIPTIDE](https://attack.mitre.org/software/S0003) is a proxy-aware backdoor used by [APT12](https://attack.mitre.org/groups/G0005). (Citation: Moran 2014) Do… |
| S0004 | TinyZBot Windows | [TinyZBot](https://attack.mitre.org/software/S0004) is a bot written in C# that was developed by [Cleaver](https://attack.mitre.org/groups/G0003). (Citation: C… |
| S0005 | Windows Credential Editor Windows | [Windows Credential Editor](https://attack.mitre.org/software/S0005) is a password dumping tool. (Citation: Amplia WCE) Documented platforms: Windows. Catalog… |
| S0006 | pwdump Windows | [pwdump](https://attack.mitre.org/software/S0006) is a credential dumper. (Citation: Wikipedia pwdump) Documented platforms: Windows. Catalogued in ATT&CK 14.… |
| S0007 | Skeleton Key Windows | [Skeleton Key](https://attack.mitre.org/software/S0007) is malware used to inject false credentials into domain controllers with the intent of creating a backd… |
| S0008 | gsecdump Windows | [gsecdump](https://attack.mitre.org/software/S0008) is a publicly-available credential dumper used to obtain password hashes and LSA secrets from Windows opera… |
| S0009 | Hikit Windows | [Hikit](https://attack.mitre.org/software/S0009) is malware that has been used by [Axiom](https://attack.mitre.org/groups/G0001) for late-stage persistence and… |
| S0010 | Lurid Windows | [Lurid](https://attack.mitre.org/software/S0010) is a malware family that has been used by several groups, including [PittyTiger](https://attack.mitre.org/grou… |
| S0011 | Taidoor Windows | [Taidoor](https://attack.mitre.org/software/S0011) is a remote access trojan (RAT) that has been used by Chinese government cyber actors to maintain access on … |
| S0012 | PoisonIvy Windows | [PoisonIvy](https://attack.mitre.org/software/S0012) is a popular remote access tool (RAT) that has been used by many groups.(Citation: FireEye Poison Ivy)(Cit… |
| S0013 | PlugX Windows | [PlugX](https://attack.mitre.org/software/S0013) is a remote access tool (RAT) with modular plugins that has been used by multiple threat groups.(Citation: Las… |
| S0014 | BS2005 Windows | [BS2005](https://attack.mitre.org/software/S0014) is malware that was used by [Ke3chang](https://attack.mitre.org/groups/G0004) in spearphishing campaigns sinc… |
| S0015 | Ixeshe Windows | [Ixeshe](https://attack.mitre.org/software/S0015) is a malware family that has been used since at least 2009 against targets in East Asia. (Citation: Moran 201… |
| S0016 | P2P ZeuS Windows | [P2P ZeuS](https://attack.mitre.org/software/S0016) is a closed-source fork of the leaked version of the ZeuS botnet. It presents improvements over the leaked … |
| S0017 | BISCUIT Windows | [BISCUIT](https://attack.mitre.org/software/S0017) is a backdoor that has been used by [APT1](https://attack.mitre.org/groups/G0006) since as early as 2007. (C… |
| S0018 | Sykipot Windows | [Sykipot](https://attack.mitre.org/software/S0018) is malware that has been used in spearphishing campaigns since approximately 2007 against victims primarily … |
| S0019 | Regin Windows | [Regin](https://attack.mitre.org/software/S0019) is a malware platform that has targeted victims in a range of industries, including telecom, government, and f… |
| S0020 | China Chopper Windows | [China Chopper](https://attack.mitre.org/software/S0020) is a [Web Shell](https://attack.mitre.org/techniques/T1505/003) hosted on Web servers to provide acces… |
| S0021 | Derusbi WindowsLinux | [Derusbi](https://attack.mitre.org/software/S0021) is malware used by multiple Chinese APT groups.(Citation: Novetta-Axiom)(Citation: ThreatConnect Anthem) Bot… |
| S0022 | Uroburos LinuxWindowsmacOS | [Uroburos](https://attack.mitre.org/software/S0022) is a sophisticated cyber espionage tool written in C that has been used by units within Russia's Federal Se… |
| S0023 | CHOPSTICK WindowsLinux | [CHOPSTICK](https://attack.mitre.org/software/S0023) is a malware family of modular backdoors used by [APT28](https://attack.mitre.org/groups/G0007). It has be… |
| S0024 | Dyre Windows | [Dyre](https://attack.mitre.org/software/S0024) is a banking Trojan that has been used for financial gain. (Citation: Symantec Dyre June 2015)(Citation: Malw… |
| S0025 | CALENDAR Windows | [CALENDAR](https://attack.mitre.org/software/S0025) is malware used by [APT1](https://attack.mitre.org/groups/G0006) that mimics legitimate Gmail Calendar traf… |
| S0026 | GLOOXMAIL Windows | [GLOOXMAIL](https://attack.mitre.org/software/S0026) is malware used by [APT1](https://attack.mitre.org/groups/G0006) that mimics legitimate Jabber/XMPP traffi… |
| S0027 | Zeroaccess | [Zeroaccess](https://attack.mitre.org/software/S0027) is a kernel-mode [Rootkit](https://attack.mitre.org/techniques/T1014) that attempts to add victims to the… |
| S0028 | SHIPSHAPE | [SHIPSHAPE](https://attack.mitre.org/software/S0028) is malware developed by [APT30](https://attack.mitre.org/groups/G0013) that allows propagation and exfiltr… |
| S0029 | PsExec Windows | [PsExec](https://attack.mitre.org/software/S0029) is a free Microsoft tool that can be used to execute a program on another computer. It is used by IT administ… |
| S0030 | Carbanak Windows | [Carbanak](https://attack.mitre.org/software/S0030) is a full-featured, remote backdoor used by a group of the same name ([Carbanak](https://attack.mitre.org/g… |
| S0031 | BACKSPACE Windows | [BACKSPACE](https://attack.mitre.org/software/S0031) is a backdoor used by [APT30](https://attack.mitre.org/groups/G0013) that dates back to at least 2005. (Ci… |
| S0032 | gh0st RAT WindowsmacOS | [gh0st RAT](https://attack.mitre.org/software/S0032) is a remote access tool (RAT). The source code is public and it has been used by multiple groups.(Citation… |
| S0033 | NetTraveler Windows | [NetTraveler](https://attack.mitre.org/software/S0033) is malware that has been used in multiple cyber espionage campaigns for basic surveillance of victims. T… |
| S0034 | NETEAGLE Windows | [NETEAGLE](https://attack.mitre.org/software/S0034) is a backdoor developed by [APT30](https://attack.mitre.org/groups/G0013) with compile dates as early as 20… |
| S0035 | SPACESHIP Windows | [SPACESHIP](https://attack.mitre.org/software/S0035) is malware developed by [APT30](https://attack.mitre.org/groups/G0013) that allows propagation and exfiltr… |
| S0036 | FLASHFLOOD Windows | [FLASHFLOOD](https://attack.mitre.org/software/S0036) is malware developed by [APT30](https://attack.mitre.org/groups/G0013) that allows propagation and exfilt… |
| S0037 | HAMMERTOSS Windows | [HAMMERTOSS](https://attack.mitre.org/software/S0037) is a backdoor that was used by [APT29](https://attack.mitre.org/groups/G0016) in 2015. (Citation: FireEye… |
| S0038 | Duqu Windows | [Duqu](https://attack.mitre.org/software/S0038) is a malware platform that uses a modular approach to extend functionality after deployment within a target net… |
| S0039 | Net Windows | The [Net](https://attack.mitre.org/software/S0039) utility is a component of the Windows operating system. It is used in command-line operations for control of… |
| S0040 | HTRAN LinuxWindows | [HTRAN](https://attack.mitre.org/software/S0040) is a tool that proxies connections through intermediate hops and aids users in disguising their true geographi… |
| S0041 | Wiper | [Wiper](https://attack.mitre.org/software/S0041) is a family of destructive malware used in March 2013 during breaches of South Korean banks and media companie… |
| S0042 | LOWBALL Windows | [LOWBALL](https://attack.mitre.org/software/S0042) is malware used by [admin@338](https://attack.mitre.org/groups/G0018). It was used in August 2015 in email m… |
| S0043 | BUBBLEWRAP Windows | [BUBBLEWRAP](https://attack.mitre.org/software/S0043) is a full-featured, second-stage backdoor used by the [admin@338](https://attack.mitre.org/groups/G0018) … |
| S0044 | JHUHUGIT Windows | [JHUHUGIT](https://attack.mitre.org/software/S0044) is malware used by [APT28](https://attack.mitre.org/groups/G0007). It is based on Carberp source code and s… |
| S0045 | ADVSTORESHELL Windows | [ADVSTORESHELL](https://attack.mitre.org/software/S0045) is a spying backdoor that has been used by [APT28](https://attack.mitre.org/groups/G0007) from at leas… |