_software - RunkIntel

# Software — Malware & Tools > Catalogo de software usado por threat actors - malware customizado e ferramentas legitimas de uso dual, alinhado com a taxonomia MITRE ATT&CK Software. > **730+ familias de malware** organizadas em 6 subcategorias funcionais + **92 ferramentas** dual-use. ```mermaid graph TB SW["💻 Software Hub 820+ entradas"] SW --> MAL["🦠 Malware Hub 730+ familias"] SW --> TOO["🔧 Tools 92 ferramentas"] MAL --> R["🟥 Ransomware 21 familias"] MAL --> B["🟧 Banking Trojans 19 familias"] MAL --> RAT["🟨 RATs 38 familias"] MAL --> BD["🟦 Backdoors 38 familias"] MAL --> IS["🟩 Infostealers 13 familias"] MAL --> LO["⬜ Loaders 8 familias"] TOO --> C2["Frameworks C2 Cobalt Strike, Sliver"] TOO --> CR["Credential Tools Mimikatz, LaZagne"] TOO --> SA["Sysadmin PsExec, AnyDesk"] style SW fill:#9b59b6,color:#fff style MAL fill:#1a1a2e,color:#fff style TOO fill:#1a1a2e,color:#fff style R fill:#c0392b,color:#fff style B fill:#e67e22,color:#fff style RAT fill:#d4a017,color:#fff style BD fill:#2471a3,color:#fff style IS fill:#1e8449,color:#fff style LO fill:#616a6b,color:#fff style C2 fill:#1abc9c,color:#fff style CR fill:#2ecc71,color:#fff style SA fill:#27ae60,color:#fff ``` ## Sub-seções | Seção | Familias | Descrição | Navegar | |-------|----------|-----------|---------| | Malware | 730+ | Software malicioso organizado em 6 subcategorias funcionais | [[_malware\|Malware Hub]] | | Tools | 92 | Ferramentas legitimas de uso dual - C2 frameworks, credential tools, sysadmin | [[_tools\|Tools]] | > [!info] Classificação > A separacao segue o MITRE ATT&CK: **Malware** e software desenvolvido para fins maliciosos. **Tools** sao software legitimo que atacantes abusam (ex: Cobalt Strike, Mimikatz, PsExec). O campo `malware-type` no YAML define a classificação. ## Subcategorias de Malware | Subcategoria | Familias | Descrição | Navegar | |--------------|----------|-----------|---------| | Ransomware | 21 | Sequestro de dados com dupla extorsao - principal ameaça ao Brasil corporativo | [[_ransomware\|Ransomware]] | | Banking Trojans | 19 | Fraude bancaria e roubo de credenciais - Brasil e epicentro global | [[_banking-trojans\|Banking Trojans]] | | RATs | 38 | Controle remoto total - espinha dorsal de operações APT | [[_rats\|RATs]] | | Backdoors | 38 | Implantes furtivos de longa duracao - favoritos de APTs patrocinados | [[_backdoors\|Backdoors]] | | Infostealers | 13 | Roubo silencioso de credenciais - pipeline para acesso ransomware | [[_infostealers\|Infostealers]] | | Loaders | 8 | Primeira fase de infecção - distribuidores de payloads em escala | [[_loaders\|Loaders]] | ## Malware Recente %% ```dataview TABLE WITHOUT ID link(file.link, title) AS "Nome", malware-type AS "Tipo", aliases AS "Aliases", status AS "Status" FROM "cti/software/malware" WHERE type = "malware" SORT updated DESC LIMIT 10 ``` %%   | Nome | Tipo | Aliases | Status | | ---------------------------------------------------------------- | -------- | ---------------------------------------------------- | -------- | | [[crosswalk\|Crosswalk]] | backdoor | <ul><li>Crosswalk</li><li>ProxIP</li></ul> | active | | [[deathstalker\|DeathStalker]] | backdoor | <ul><li>DeathStalker</li><li>Powersing</li></ul> | active | | [[freshcamel\|FreshCamel]] | backdoor | <ul><li>FreshCamel</li></ul> | active | | [[funshion\|Funshion]] | backdoor | <ul><li>Funshion</li></ul> | active | | [[glamtariel\|GLAMTARIEL]] | backdoor | <ul><li>GLAMTARIEL</li></ul> | active | | [[gobot2\|Gobot2]] | backdoor | <ul><li>Gobot2</li><li>Gobot</li></ul> | active | | [[goldbackdoor\|GoldBackdoor]] | backdoor | <ul><li>GoldBackdoor</li></ul> | active | | [[gopuram\|Gopuram]] | backdoor | <ul><li>Gopuram</li></ul> | active | | [[graphite\|Graphite]] | backdoor | <ul><li>Graphite</li></ul> | active | | [[greenlambert\|GreenLambert]] | backdoor | <ul><li>GreenLambert</li><li>Green Lambert</li></ul> | inactive |  ## Tools Recentes %% ```dataview TABLE WITHOUT ID link(file.link, title) AS "Nome", malware-type AS "Tipo", aliases AS "Aliases" FROM "cti/software/tools" WHERE type = "malware" SORT updated DESC LIMIT 10 ``` %%   | Nome | Tipo | Aliases | | ---------------------------------------------------------------------- | ---- | ------------------------------------------------------------------------------------- | | [[cti/software/tools/credential-tools/mimikatz.md\|Mimikatz]] | tool | <ul><li>Mimikatz</li><li>gentilkiwi</li></ul> | | [[s0002-mimikatz\|Mimikatz]] | tool | <ul><li>Mimikatz</li><li>mimikatz.exe</li><li>sekurlsa</li></ul> | | [[s0029-psexec\|PsExec]] | tool | <ul><li>PsExec</li><li>psexec.exe</li><li>Sysinternals PsExec</li></ul> | | [[cti/software/tools/psexec.md\|PsExec]] | tool | <ul><li>PsExec</li><li>psexec.exe</li><li>Sysinternals PsExec</li></ul> | | [[s1063-brute-ratel-c4\|Brute Ratel C4]] | tool | <ul><li>Brute Ratel C4</li><li>Brute Ratel</li><li>BRc4</li><li>Dark Vortex</li></ul> | | [[brute-ratel-c4\|Brute Ratel C4]] | tool | <ul><li>Brute Ratel C4</li><li>BRc4</li><li>Dark Vortex</li></ul> | | [[s0192-pupy\|Pupy]] | tool | <ul><li>Pupy</li></ul> | | [[s0363-empire\|Empire]] | tool | <ul><li>Empire</li><li>EmPyre</li><li>PowerShell Empire</li></ul> | | [[s0465-carrotball\|CARROTBALL]] | tool | <ul><li>CARROTBALL</li></ul> | | [[s0633-sliver\|Sliver]] | tool | <ul><li>Sliver</li><li>Sliver C2</li><li>BishopFox Sliver</li></ul> |