Softwares

Nom
Description

GreyEnergy

[GreyEnergy] is a backdoor written in C and compiled in Visual Studio. [GreyEnergy] shares similarities with the [BlackEnergy](https://attack.mitre.org/software/S0089) malware and is thought to be the successor of it.(Citation: ESET GreyEnergy Oct 2018)


Darkmoon


Aria-body

[Aria-body] is a custom backdoor that has been used by [Naikon](https://attack.mitre.org/groups/G0019).(Citation: CheckPoint Naikon May 2020)


Emotet

[Emotet] is a modular malware variant which is primarily used as a downloader for other malware variants such as [TrickBot](https://attack.mitre.org/software/S0266) and [IcedID](https://attack.mitre.org/software/S0483). Emotet first emerged in June 2014 and has been primarily used to target the banking sector. (Citation: Trend Micro Banking Malware Jan 2019)


SNUGRIDE

[SNUGRIDE] is a backdoor that has been used by [menuPass](https://attack.mitre.org/groups/G0045) as first stage malware. (Citation: FireEye APT10 April 2017)


Olympic Destroyer

[Olympic Destroyer] is malware that was used by [Sandworm Team](https://attack.mitre.org/groups/G0034) against the 2018 Winter Olympics, held in Pyeongchang, South Korea. The main purpose of the malware was to render infected computer systems inoperable. The malware leverages various native Windows utilities and API calls to carry out its destructive tasks. [Olympic Destroyer] has worm-like featur


Crimson

[Crimson] is malware used as part of a campaign known as Operation Transparent Tribe that targeted Indian diplomatic and military victims. (Citation: Proofpoint Operation Transparent Tribe March 2016)


TEARDROP

[TEARDROP] is a memory-only dropper that was discovered on some victim machines during investigations related to the 2020 SolarWinds cyber intrusion. It was likely used by [APT29](https://attack.mitre.org/groups/G0016) since at least May 2020.(Citation: FireEye SUNBURST Backdoor December 2020)(Citation: Microsoft Deep Dive Solorigate January 2021)


Machete

[Machete] is a cyber espionage toolset used by [Machete](https://attack.mitre.org/groups/G0095). It is a Python-based backdoor targeting Windows machines that was first observed in 2010.(Citation: ESET Machete July 2019)(Citation: Securelist Machete Aug 2014)(Citation: 360 Machete Sep 2020)


Avenger

[Avenger] is a downloader that has been used by [BRONZE BUTLER](https://attack.mitre.org/groups/G0060) since at least 2019.(Citation: Trend Micro Tick November 2019)