Hide Navigation Hide TOC

Edit

TDS

TDS is a list of Traffic Direction System used by adversaries

Authors

Authors and/or Contributors
Kafeine

Keitaro

Keitaro TDS is among the mostly used TDS in drive by infection chains

Internal MISP references

UUID 94c57fc0-4477-4643-b539-55ba8c455df6 which can be used as unique global reference for Keitaro in MISP communities and other software using the MISP galaxy

External references

• https://keitarotds.com/ - webarchive

Associated metadata

Metadata key	Value
type	['Commercial']

BlackTDS

BlackTDS is mutualised TDS advertised underground since end of December 2017

Internal MISP references

UUID d5c0cf8d-8ed0-4fa2-a2e6-7274516ea1c8 which can be used as unique global reference for BlackTDS in MISP communities and other software using the MISP galaxy

External references

• https://blacktds[.com/

Associated metadata

Metadata key	Value
type	['Underground']

ShadowTDS

ShadowTDS is advertised underground since 2016-02. It's in fact more like a Social Engineering kit focused on Android and embedding a TDS

Internal MISP references

UUID 2680a4b1-84d1-4af0-8126-4429a90f8ef8 which can be used as unique global reference for ShadowTDS in MISP communities and other software using the MISP galaxy

Associated metadata

Metadata key	Value
type	['Underground']

Sutra

Sutra TDS was dominant from 2012 till 2015

Internal MISP references

UUID 67f21003-bbc8-4993-b615-f990e539929f which can be used as unique global reference for Sutra in MISP communities and other software using the MISP galaxy

External references

• http://kytoon.com/sutra-tds.html - webarchive

Associated metadata

Metadata key	Value
type	['Commercial']

SimpleTDS

SimpleTDS is a basic open source TDS

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular SimpleTDS.

Known Synonyms
Stds

Internal MISP references

UUID aa179c37-1a8a-4761-841a-cc940e19d7be which can be used as unique global reference for SimpleTDS in MISP communities and other software using the MISP galaxy

External references

• https://sourceforge.net/projects/simpletds/ - webarchive

Associated metadata

Metadata key	Value
type	['OpenSource']

zTDS

zTDS is an open source TDS

Internal MISP references

UUID 7a84de25-545a-4220-b500-85b9219dd67d which can be used as unique global reference for zTDS in MISP communities and other software using the MISP galaxy

External references

• http://ztds.info/doku.php - webarchive

Associated metadata

Metadata key	Value
type	['OpenSource']

BossTDS

BossTDS

Internal MISP references

UUID 5a483b4b-671a-4113-9b99-a115d2d2d644 which can be used as unique global reference for BossTDS in MISP communities and other software using the MISP galaxy

External references

• http://bosstds.com/ - webarchive

Associated metadata

Metadata key	Value
type	['Commercial']

BlackHat TDS

BlackHat TDS is sold underground.

Internal MISP references

UUID 36aa3b2d-4927-45e5-be08-f30144fd1909 which can be used as unique global reference for BlackHat TDS in MISP communities and other software using the MISP galaxy

External references

• http://malware.dontneedcoffee.com/2014/04/meet-blackhat-tds.html - webarchive

Associated metadata

Metadata key	Value
type	['Underground']

Futuristic TDS

Futuristic TDS is the TDS component of BlackOS/CookieBomb/NorthTale Iframer

Internal MISP references

UUID 19d8eab9-72d5-4f22-affb-c0d6aed66346 which can be used as unique global reference for Futuristic TDS in MISP communities and other software using the MISP galaxy

Associated metadata

Metadata key	Value
type	['Underground']

Orchid TDS

Orchid TDS was sold underground. Rare usage

Internal MISP references

UUID ec0048f2-a7b2-4a71-83de-6e8fe4fef252 which can be used as unique global reference for Orchid TDS in MISP communities and other software using the MISP galaxy

Associated metadata

Metadata key	Value
type	['Underground']

404 TDS

Proofpoint has tracked the 404 TDS since at least September 2022. Proofpoint is not aware if this is a service sold on underground forums, but it is likely a shared or sold tool due to its involvement in a variety of phishing and malware campaigns.

Internal MISP references

UUID 7b956ff0-9021-499c-82a4-24b958cb32d9 which can be used as unique global reference for 404 TDS in MISP communities and other software using the MISP galaxy

External references

• https://www.proofpoint.com/us/blog/threat-insight/screentime-sometimes-it-feels-like-somebodys-watching-me - webarchive

Associated metadata

Metadata key	Value
type	['Underground']