3,697 indexed
SOFTWARESoftware & malware
3,697 tools and malware families — MITRE ATT&CK Software plus the wider cs-graph malware corpus. Use /search for keyword + ID lookup. Authored by Adam Lundqvist.
Showing 2,651–2,700 of 3,697 · page 54 of 74
| ID | Title | Summary |
|---|---|---|
| S0340 | Octopus Windows | [Octopus](https://attack.mitre.org/software/S0340) is a Windows Trojan written in the Delphi programming language that has been used by [Nomadic Octopus](https… |
| S0341 | Xbash WindowsLinux | [Xbash](https://attack.mitre.org/software/S0341) is a malware family that has targeted Linux and Microsoft Windows servers. The malware has been tied to the Ir… |
| S0342 | GreyEnergy Windows | [GreyEnergy](https://attack.mitre.org/software/S0342) is a backdoor written in C and compiled in Visual Studio. [GreyEnergy](https://attack.mitre.org/software/… |
| S0343 | Exaramel for Windows Windows | [Exaramel for Windows](https://attack.mitre.org/software/S0343) is a backdoor used for targeting Windows systems. The Linux version is tracked separately under… |
| S0344 | Azorult Windows | [Azorult](https://attack.mitre.org/software/S0344) is a commercial Trojan that is used to steal information from compromised hosts. [Azorult](https://attack.mi… |
| S0345 | Seasalt Windows | [Seasalt](https://attack.mitre.org/software/S0345) is malware that has been linked to [APT1](https://attack.mitre.org/groups/G0006)'s 2010 operations. It share… |
| S0346 | OceanSalt Windows | [OceanSalt](https://attack.mitre.org/software/S0346) is a Trojan that was used in a campaign targeting victims in South Korea, United States, and Canada. [Ocea… |
| S0347 | AuditCred Windows | [AuditCred](https://attack.mitre.org/software/S0347) is a malicious DLL that has been used by [Lazarus Group](https://attack.mitre.org/groups/G0032) during the… |
| S0348 | Cardinal RAT Windows | [Cardinal RAT](https://attack.mitre.org/software/S0348) is a potentially low volume remote access trojan (RAT) observed since December 2015. [Cardinal RAT](htt… |
| S0349 | LaZagne LinuxmacOSWindows | [LaZagne](https://attack.mitre.org/software/S0349) is a post-exploitation, open-source tool used to recover stored passwords on a system. It has modules for Wi… |
| S0350 | zwShell Windows | [zwShell](https://attack.mitre.org/software/S0350) is a remote access tool (RAT) written in Delphi that has been seen in the wild since the spring of 2010 and … |
| S0351 | Cannon Windows | [Cannon](https://attack.mitre.org/software/S0351) is a Trojan with variants written in C# and Delphi. It was first observed in April 2018. (Citation: Unit42 Ca… |
| S0352 | OSX_OCEANLOTUS.D macOS | [OSX_OCEANLOTUS.D](https://attack.mitre.org/software/S0352) is a macOS backdoor used by [APT32](https://attack.mitre.org/groups/G0050). First discovered in 201… |
| S0353 | NOKKI Windows | [NOKKI](https://attack.mitre.org/software/S0353) is a modular remote access tool. The earliest observed attack using [NOKKI](https://attack.mitre.org/software/… |
| S0354 | Denis Windows | [Denis](https://attack.mitre.org/software/S0354) is a Windows backdoor and Trojan used by [APT32](https://attack.mitre.org/groups/G0050). [Denis](https://attac… |
| S0355 | Final1stspy Windows | [Final1stspy](https://attack.mitre.org/software/S0355) is a dropper family that has been used to deliver [DOGCALL](https://attack.mitre.org/software/S0213).(Ci… |
| S0356 | KONNI Windows | [KONNI](https://attack.mitre.org/software/S0356) is a remote access tool that security researchers assess has been used by North Korean cyber actors since at l… |
| S0357 | Impacket LinuxmacOSWindows | [Impacket](https://attack.mitre.org/software/S0357) is an open source collection of modules written in Python for programmatically constructing and manipulatin… |
| S0358 | Ruler WindowsOffice 365 | [Ruler](https://attack.mitre.org/software/S0358) is a tool to abuse Microsoft Exchange services. It is publicly available on GitHub and the tool is executed vi… |
| S0359 | Nltest Windows | [Nltest](https://attack.mitre.org/software/S0359) is a Windows command-line utility used to list domain controllers and enumerate domain trusts.(Citation: Nlte… |
| S0360 | BONDUPDATER Windows | [BONDUPDATER](https://attack.mitre.org/software/S0360) is a PowerShell backdoor used by [OilRig](https://attack.mitre.org/groups/G0049). It was first observed … |
| S0361 | Expand Windows | [Expand](https://attack.mitre.org/software/S0361) is a Windows utility used to expand one or more compressed CAB files.(Citation: Microsoft Expand Utility) It … |
| S0362 | Linux Rabbit Linux | [Linux Rabbit](https://attack.mitre.org/software/S0362) is malware that targeted Linux servers and IoT devices in a campaign lasting from August to October 201… |
| S0363 | Empire LinuxmacOSWindows | [Empire](https://attack.mitre.org/software/S0363) is an open source, cross-platform remote administration and post-exploitation framework that is publicly avai… |
| S0364 | RawDisk Windows | [RawDisk](https://attack.mitre.org/software/S0364) is a legitimate commercial driver from the EldoS Corporation that is used for interacting with files, disks,… |
| S0365 | Olympic Destroyer Windows | [Olympic Destroyer](https://attack.mitre.org/software/S0365) is malware that was used by [Sandworm Team](https://attack.mitre.org/groups/G0034) against the 201… |
| S0366 | WannaCry Windows | [WannaCry](https://attack.mitre.org/software/S0366) is ransomware that was first seen in a global attack during May 2017, which affected more than 150 countrie… |
| S0367 | Emotet Windows | [Emotet](https://attack.mitre.org/software/S0367) is a modular malware variant which is primarily used as a downloader for other malware variants such as [Tric… |
| S0368 | NotPetya Windows | [NotPetya](https://attack.mitre.org/software/S0368) is malware that was used by [Sandworm Team](https://attack.mitre.org/groups/G0034) in a worldwide attack st… |
| S0369 | CoinTicker macOS | [CoinTicker](https://attack.mitre.org/software/S0369) is a malicious application that poses as a cryptocurrency price ticker and installs components of the ope… |
| S0370 | SamSam Windows | [SamSam](https://attack.mitre.org/software/S0370) is ransomware that appeared in early 2016. Unlike some ransomware, its variants have required operators to ma… |
| S0371 | POWERTON Windows | [POWERTON](https://attack.mitre.org/software/S0371) is a custom PowerShell backdoor first observed in 2018. It has typically been deployed as a late-stage back… |
| S0372 | LockerGoga Windows | [LockerGoga](https://attack.mitre.org/software/S0372) is ransomware that was first reported in January 2019, and has been tied to various attacks on European c… |
| S0373 | Astaroth Windows | [Astaroth](https://attack.mitre.org/software/S0373) is a Trojan and information stealer known to affect companies in Europe, Brazil, and throughout Latin Ameri… |
| S0374 | SpeakUp LinuxmacOS | [SpeakUp](https://attack.mitre.org/software/S0374) is a Trojan backdoor that targets both Linux and OSX devices. It was first observed in January 2019. (Citati… |
| S0375 | Remexi Windows | [Remexi](https://attack.mitre.org/software/S0375) is a Windows-based Trojan that was developed in the C programming language.(Citation: Securelist Remexi Jan 2… |
| S0376 | HOPLIGHT Windows | [HOPLIGHT](https://attack.mitre.org/software/S0376) is a backdoor Trojan that has reportedly been used by the North Korean government.(Citation: US-CERT HOPLIG… |
| S0377 | Ebury Linux | [Ebury](https://attack.mitre.org/software/S0377) is an SSH backdoor targeting Linux operating systems. Attackers require root-level access, which allows them t… |
| S0378 | PoshC2 WindowsLinuxmacOS | [PoshC2](https://attack.mitre.org/software/S0378) is an open source remote administration and post-exploitation framework that is publicly available on GitHub.… |
| S0379 | Revenge RAT Windows | [Revenge RAT](https://attack.mitre.org/software/S0379) is a freely available remote access tool written in .NET (C#).(Citation: Cylance Shaheen Nov 2018)(Citat… |
| S0380 | StoneDrill Windows | [StoneDrill](https://attack.mitre.org/software/S0380) is wiper malware discovered in destructive campaigns against both Middle Eastern and European targets in … |
| S0381 | FlawedAmmyy Windows | [FlawedAmmyy](https://attack.mitre.org/software/S0381) is a remote access tool (RAT) that was first seen in early 2016. The code for [FlawedAmmyy](https://atta… |
| S0382 | ServHelper Windows | [ServHelper](https://attack.mitre.org/software/S0382) is a backdoor first observed in late 2018. The backdoor is written in Delphi and is typically delivered a… |
| S0383 | FlawedGrace Windows | [FlawedGrace](https://attack.mitre.org/software/S0383) is a fully featured remote access tool (RAT) written in C++ that was first observed in late 2017.(Citati… |
| S0384 | Dridex Windows | [Dridex](https://attack.mitre.org/software/S0384) is a prolific banking Trojan that first appeared in 2014. By December 2019, the US Treasury estimated [Dridex… |
| S0385 | njRAT Windows | [njRAT](https://attack.mitre.org/software/S0385) is a remote access tool (RAT) that was first observed in 2012. It has been used by threat actors in the Middle… |
| S0386 | Ursnif Windows | [Ursnif](https://attack.mitre.org/software/S0386) is a banking trojan and variant of the Gozi malware observed being spread through various automated exploit k… |
| S0387 | KeyBoy Windows | [KeyBoy](https://attack.mitre.org/software/S0387) is malware that has been used in targeted campaigns against members of the Tibetan Parliament in 2016.(Citati… |
| S0388 | YAHOYAH Windows | [YAHOYAH](https://attack.mitre.org/software/S0388) is a Trojan used by [Tropic Trooper](https://attack.mitre.org/groups/G0081) as a second-stage backdoor.(Cita… |
| S0389 | JCry | [JCry](https://attack.mitre.org/software/S0389) is ransomware written in Go. It was identified as apart of the #OpJerusalem 2019 campaign.(Citation: Carbon Bla… |