Hackers- Hacker Mobile Yemen

1.  
2. A
3. ACRIDMINI - TAO computer hacking project *
4. ADJUTANT VENTURE - Intrusion set? *
5. ALOOFNESS - Cyber threat actor *
6. ALTEREDCARBON - An IRATEMONK implant for Seagate drives *
7. AMULETSTELLAR - Cyber threat actor sending malicious e-mails *
8. ANGRYNEIGHBOR - Family of radar retro-reflector tools used by NSA's TAO division *
9. APERTURESCIENCE - TAO computer hacking project *
10. ARGYLEALIEN - Method to cause a loss of data by exploiting zeroization of hard-drives *
11. ARKSTREAM - Implant used to reflash BIOS, installed by remote access or intercepted shipping
12. ARROWECLIPSE - Counter CNE tool *
13.  
14. B
15. BADDECISION (BDN) - Hacking tool to redirect users of a wireless/802.11 network to NSA FOXACID servers * *
16. BALLOONKNOT - TAO computer hacking project *
17. BANANAAID - NSA hacking tool or code included in the Shadow Brokers leak *
18. BANANABALLOT - A BIOS module associated with an implant (likely BANANAGLEE) *
19. BANNANADAIQUIRI - An implant associated with SCREAMINGPLOW *
20. BANANAGLEE - A non-persistent firewall software implant for Cisco ASA and PIX devices that allows remote JETPLOW installation *
21. BANANALIAR - A tool for connecting to an unspecified implant (likely BANANAGLEE) *
22. BARGLEE - A software implant for a firewall of an unknown vendor *
23. BARICE - A tool that provides a shell for installing the BARGLEE implant *
24. BARNFIRE - TAO tool to erase the BIOS on a brand of servers that act as a backbone to many rival governments *
25. BARPUNCH - A module for BANANAGLEE and BARGLEE implants *
26. BEACHHEAD - Computer exploit delivered by the FERRETCANON system * *
27. BEECHPONY - A firewall implant that is a predecessor of BANANAGLEE *
28. BENIGNCERTAIN - A tool that appears to be for sending certain types of Internet Key Exchange (IKE) packets to a remote host and parsing the response *
29. BERSERKR - Persistent backdoor that is implanted into the BIOS and runs from System Management Mode * *
30. BILLOCEAN - Retrieves the serial number of a firewall, to be recorded in operation notes *
31. BISHOP KNIGHT - Major cyber threat category of Chinese attacks against NASA, DoD, DoE, part of BYZANTINE HADES, countered by the TUTELAGE system * *
32. BLACK ENERGY Bot - Major cyber threat category countered by the TUTELAGE system *
33. BLATSTING - A firewall software implant that is used with EGREGIOUSBLUNDER (Fortigate) and ELIGIBLEBACHELOR (TOPSEC) *
34. BLINDDATE (BD) - Survey and exploitation hardware with a mobile antenna system to run BADDECISION, which allows for a SECONDDATE attack * * *
35. BLIND MARKSMAN - Major cyber threat category countered by the TUTELAGE system *
36. BOOKISHMUTE - An exploit against an unknown firewall using Red Hat 6.0 *
37. BORGERKING - Something related to Linux exploits *
38. BOTANICREALTY - Video demodulation tool (formerly: UNCANNY) *
39. BOXINGRUMBLE - Network attack that was countered by QUANTUMDNS *
40. BRICKTOP - Project to learn about new malware by intercepting e-mail from several security companies (2009) *
41. BROKENTIGO - Tool for computer network operations
42. BULLDOZER - PCI bus hardware implant on intercepted shipping
43. BUZZDIRECTION - A firewall software implant for Fortigate firewalls *
44. BYZANTINE - First word of nicknames for programs involving defense against Chinese cyber-warfare and US offensive cyber-warfare *
45. BYZANTINE ANCHOR - Chinese cyber attacks against a broad range of US targets since 2003, part of BYZANTINE HADES * *
46. BYZANTINE CANDOR (BC) - Chinese cyber attacks against DoD and other US targets, part of BYZANTINE HADES, formerly TITAN RAIN III * * *
47. BYZANTINE FOOTHOLD (BF) - Major cyber threat category of Chinese attacks against TRANSCOM, PACOM and others, countered by the TUTELAGE system * *
48. BYZANTINE HADES - Chinese computer network exploitation (CNE) against the US * probably renamed to the LEGION-series *
49. BYZANTINE PRAIRIE - Chinese cyber attacks but inactive since 2008, part of BYZANTINE HADES *
50. BYZANTINE RAPTOR - Chinese cyber attacks against DoD and Congress, resurfaced 2008, part of BYZANTINE HADES * *
51. BYZANTINE TRACE - Chinese cyber attacks against DoD, part of BYZANTINE HADES * already indentified in 2007 *
52. BYZANTINE VIKING - Major cyber threat category countered by the TUTELAGE system *
53.  
54. C
55. CAPTIVATEDAUDIENCE - Computer implant plug-in to take over a targeted computer’s microphone and record conversations taking place near the device
56. CARBON PEPTIDE - Major cyber threat category, part of BYZANTINE HADES, countered by the TUTELAGE system *
57. CASTLECRASHER - Primary technique for executing DNT payloads for Windows computers *
58. CASTLECREEK (CC) - Hacking tool *
59. CATFLAP - Alleged NSA hacking tool, offered for sale by Shadow Brokers *
60. CENTRICDUD - Tool that can read and write bytes in the CMOS of a targeted Windows computer *
61. CHAOSOVERLORD - TAO computer hacking project *
62. CHARMS - Alleged NSA implant, offered for sale by Shadow Brokers *
63. CHELSEABLUE - ? *
64. CHIMNEYPOOL - Framework or specification of GENIE-compliance for hardware/software implants
65. CHOCOLATESHIP - TAO computer hacking project *
66. CHOCOPOP - SNOWGLOBE cyber threat process *
67. CLIMBINGSHIRT - Expeditionary Access Operations (EAO) in Iraq *
68. CLOUDSHIELD - System that terminates a client-side connection to a malicious server and blocks the server's response *
69. CLUCKLINE - A module for BANANAGLEE implants *
70. COLOSSUS - FTP mover on TAONet *
71. COMMON - Alleged NSA hacking tool, offered for sale by Shadow Brokers *
72. COMMONDEER - Computer exploit for looking whether a computer has security software
73. CONFICKER - Major cyber threat category countered by the TUTELAGE system *
74. CONJECTURE - Network compatible with HOWLERMONKEY
75. CONTAINMENTGRID - A payload for the ELIGIBLEBOMBSHELL TOPSEC firewall exploit *
76. COTTONMOUTH (CM) - Computer implant devices used by NSA's TAO division
77. COTTONMOUTH-I (CM-I) - USB hardware implant providing wireless bridge into target network and loading of exploit software onto target PCs, formerly DEWSWEEPER
78. COTTONMOUTH-II (CM-II) - USB hardware host tap provides covert link over USP into target's network co-located with long haul relay; dual-stacked USB connector, consists of CM-I digital hardware plus long haul relay concealed in chassis; hub with switches is concealed in a dual stacked USB connector and hard-wired to provide intra-chassis link.
79. COTTONMOUTH-III (CM-III) - Radio Frequency link for commands to software implants and data infiltration/exfiltration, short range inter-chassis link within RJ45 Dual Stacked USB connector
80. CROSSBEAM - GSM module mating commercial Motorola cell with WagonBed controller board for collecting voice data content via GPRS (web), circuit-switched data, data over voice, and DTMF to secure facility, implanted cell tower switch
81. CROSSBONES - Cyber threat analysis tool * *
82. CROSSEYEDSLOTH - TAO computer hacking project *
83. CROWNPRINCE - Related to the MAKERSMARK intrusion set *
84. CROWNROYAL - Related to the MAKERSMARK intrusion set *
85. CRYPTICSENTINEL - Counter computer network exploitation (CCNE) project *
86. CURSES - Alleged NSA implant, offered for sale by Shadow Brokers *
87. CUTEBOY - Foreign (Chinese) computer network exploitation actor *
88. CYBERCOP - Cyber attack visualisation tool
89. CYBERQUEST (CQ) - Cyber threat discovery mission? (since 2008)*
90.  
91. D
92. DAMPCROWD - Alleged NSA hacking tool, offered for sale by Shadow Brokers *
93. DANCING PANDA - Hacking effort by China in which private e-mails of top US officials were obtained; renamed into LEGION AMETHYST (since 2010) * *
94. DANDERSPRITZ – An implant for interacting with a compromised host and controlling Windows systems, published by the Shadow Brokers *
95. DAREDEVIL - Shooter/implant as part of the QUANTUM system *
96. DARKFIRE - TAO counter cyber attack project * *
97. DARKHELMET - Counter computer network exploitation (CCNE) project *
98. DARKTHUNDER - TAO traffic shaping program supporting SSO cable tapping collection *
99. DEAD SEA - Computer network exploitation tool (?) *
100. DEEPFRIEDPIG - Data processing system on TAONet, including SEAGULLFARO *
101. DEFIANTWARRIOR - Program under which a host computer that is infected with an exploitable bot can hijacked through a QUANTUMBOT attack and redirected to the NSA *
102. DEITYBOUNCE - Provides implanted software persistence on Dell PowerEdge RAID servers via motherboard BIOS using Intel's System Management Mode for periodic execution, installed via ArkStream to reflash the BIOS
103. DEMENTIAWHEEL - Hacking tool *
104. DESERTWINTER - Codeword found in the source code used by the Equation hacking group *
105. DEWDROP - Implant presumably used by TAO's Equation Group and offered for sale by Shadow Brokers *
106. DEWSWEEPER - Technique to tap USB hardware hosts *
107. DIESEL RATTLE - Chinese cyber attacks against US ISPs, government, defense contractors and Japan, part of BYZANTINE HADES *
108. DIRESCALLOP - Tool that disables DeepFreeze without the need for a reboot *
109. DISABLEVALOR - Hacking tool *
110. DISCOROUTE - NAC/GCHQ repository for router configuration files from CNE and passive SIGINT, like for example telnet sessions * *
111. DISCOVERY - Major cyber threat category countered by the TUTELAGE system *
112. DOCKETDICTATE - Something related to NSA's TAO division
113. DOUBLEPULSAR - Payload uploaded through the FUZZBUNCH framework, published by the Shadow Brokers *
114. DOURMAGNUM - Cyber threat activity from the Imam Hussein University *
115. DRINKPARSLEY - Codeword found in the source code used by the Equation hacking group *
116. DROPMIRE - Passive collection of emanations (e.g. from printers or faxes) by using a radio frequency antenna
117. DROPOUTJEEP - STRAITBIZARRE-based software implant for iPhone, initially close access but later remotely
118. DUBMOAT - Alleged NSA trojan, offered for sale by Shadow Brokers *
119. DURABLENAPKIN - A tool for injecting packets on LANs *
120.  
121. E
122. EARLYSHOVEL - Alleged NSA exploit, offered for sale by Shadow Brokers *
123. EASYKRAKEN - An IRATEMONK implantation for ARM-based Samsung drives *
124. EBB - Alleged NSA exploit, offered for sale by Shadow Brokers *
125. EBBISLAND - Alleged TAO exploit for the Solaris operating system, published by the Shadow Brokers *
126. ECLECTICPILOT - ? *
127. EGGBASKET - Alleged NSA exploit, offered for sale by Shadow Brokers *
128. EGOTISTICALGIRAFFE (EGGI) - NSA program for exploiting the TOR network *
129. EGOTISTICALGOAT (EGGO) - NSA tool for exploiting the TOR network *
130. EGREGIOUSBLUNDER (EGBL) - A remote code execution exploit for Fortigate firewalls that exploits a HTTP cookie overflow vulnerability *
131. ELATEDMONKEY - Alleged NSA exploit, offered for sale by Shadow Brokers *
132. ELDESTMYRIAD - Alleged NSA exploit, offered for sale by Shadow Brokers *
133. ELECTRICSLIDE - Alleged NSA exploit, offered for sale by Shadow Brokers *
134. ELEGANTEAGLE - Alleged NSA exploit, offered for sale by Shadow Brokers *
135. ELEONORE Exploit Kit - Major cyber threat category countered by the TUTELAGE system *
136. ELGINGAMBLE - Alleged NSA exploit, offered for sale by Shadow Brokers *
137. ELIGIBLEBACHELOR (ELBA) - An exploit for TOPSEC firewalls running the TOS operation system *
138. ELIGIBLEBOMBSHELL (ELBO) - A remote code execution exploit for TOPSEC firewalls that exploits a HTTP cookie command injection vulnerability *
139. ELIGIBLECANDIDATE (ELCA) - A remote code execution exploit for TOPSEC firewalls that exploits a HTTP cookie command injection vulnerability *
140. ELIGIBLECONTESTANT (ELCO) - A remote code execution exploit for TOPSEC firewalls that exploits a HTTP POST paramter injection vulnerability *
141. ENDLESSDONUT - Alleged NSA exploit, offered for sale by Shadow Brokers *
142. ENEMYRUN - Alleged NSA implant, offered for sale by Shadow Brokers *
143. ENGLANDBOGGY - Alleged NSA exploit, offered for sale by Shadow Brokers *
144. ENVISIONCOLLISION - Alleged NSA hacking tool, offered for sale by Shadow Brokers *
145. ENVOYTOMATO - Alleged NSA hacking tool, offered for sale by Shadow Brokers *
146. EPICBANANA (EPBA) - A privilege escalation exploit against Cisco Adaptive Security Appliance (ASA) and Cisco Private Internet eXchange (PIX) devices *
147. EPICHERO - Alleged NSA exploit, offered for sale by Shadow Brokers *
148. EQUATION Group - Nickname given by Kaspersky to a highly advanced computer hacking group, considered to be part of TAO *
149. ERRONEOUSINGENUITY (ERIN) - NSA tool for exploiting the TOR network *
150. ESCALATEPLOWMAN (ESPL) - A privilege escalation exploit against WatchGuard firewalls *
151. ESTOPMOONLIT - Alleged NSA exploit, offered for sale by Shadow Brokers *
152. ETERNALBLUE – TAO exploit for Windows XP, 2003, Vista, 7 & 2008, published by the Shadow Brokers * and included in the WanneCry ransomware worm (2017) *
153. ETERNALCHAMPION – Exploit for Windows XP, 2003, Vista, 7 & 2008, published by the Shadow Brokers *
154. ETERNALROMANCE – Exploit for Windows XP, 2003, Vista, 7 & 2008, published by the Shadow Brokers *
155. ETERNALSYNERGY – Exploit for Windows 8 SP0 & Windows 2012 SP0, published by the Shadow Brokers *
156. EVOLVINGSTRATEGY - Alleged NSA hacking tool, offered for sale by Shadow Brokers *
157. EWOK - Alleged NSA hacking tool, offered for sale by Shadow Brokers *
158. EXACTCHANGE - Alleged NSA exploit, offered for sale by Shadow Brokers *
159. EXPOXYRASIN - Alleged NSA hacking tool, offered for sale by Shadow Brokers *
160. EXTRABACON (EXBA) - A remote code execution exploit against Cisco Adaptive Security Appliance (ASA) devices *
161. EXTREMEPARR - Alleged TAO exploit for the Solaris operating system, published by the Shadow Brokers *
162. EXZE - Alleged NSA hacking tool, offered for sale by Shadow Brokers *
163.  
164. F
165. FABULOUSFABLE (FABFAB) - Tool used in automated SECONDDATE tasking *
166. FAKEDOUBT - An IRATEMONK implantation for ARM-based Hitachi drives *
167. FALSEMOREL - Allows for the deduction of the "enable" password from data freely offered by an unspecified firewall *
168. FANNER - Cyber threat actor *
169. FASHIONCLEFT - TAO/DNT protocol used by implants to exfiltrate collected network packets to the Common Data Receptor (CDR)
170. FEEDTROUGH - A technique for persisting BANANAGLEE and ZESTYLEAK implants for Juniper NetScreen firewalls * *
171. FERRETCANON - Subsystem of the FOXACID system *
172. FESTIVEWRAPPER - Something used for TAO botnet hacking *
173. FIGBUILD - External mission network for TAO/ROC hacking operations, connected to OPTICPINCH through ROOTKNOT (2009) *
174. FINKCOAT - ? *
175. FINKDIFFERENT (FIDI) - Tool used for exploiting TOR networks
176. FIREWALK -Bidirectional network implant, passive gigabit ethernet traffic collector and active ethernet packet injector within RJ45 Dual Stacked USB connector, digital core used with HOWLERMONKEY, formerly RADON
177. FLASHHANDLE Mission Management (FMM) - Database for generating and retaining crypto keys for encrypting data that have to be transferred onto internal TAO networks * provides this to SURPASSPIN *
178. FLATLIQUID - TAO operation against the office of the Mexican president *
179. FLAXENPRECEPT - Common Data Receptor interface(?) *
180. FLOCKFORWARD - A payload for the ELIGIBLEBOMBSHELL TOPSEC firewall exploit *
181. FLUXBABBITT - Hardware implant for Dell PowerEdge RAID servers using Xeon processors
182. FOGGYBOTTOM - Computer implant plug-in that records logs of internet browsing histories and collects login details and passwords used to access websites and email accounts
183. FOGYNULL - DNT standard exfiltration protocol *
184. FORKPTY - Alleged NSA hacking tool, offered for sale by Shadow Brokers *
185. FORRESTPLACE - Access system *
186. FOSHO - A Python library for creating HTTP exploits *
187. FOXACID (FA) - Originally a counter-terrorism mission against Al-Qaeda, now a network of covert internet servers used to exploit a target's browser through spam e-mail * *
188. FOXSEARCH - Tool for monitoring a QUANTUM target which involves FOXACID servers
189. FREEFLOW - One-way data diodes, see HANGARSURPLUS and SURPLUSHANGAR *
190. FREEZEPOST - Something related to NSA's TAO division
191. FROZENGAZE - System related to SECONDDATE operations *
192. FRUGALSHOT - FOXACID servers for receiving callbacks from computers infected with NSA spying software *
193. FUNNELAPS - DNT standard exfiltration data format *
194. FUZZBUNCH - An exploit framework containing 15 exploits and advanced kernel-mode backdoors for Windows, published by the Shadow Brokers *
195.  
196. G
197. GADGET HISS - Computer network "intrusion set" already identified in 2007 *
198. GECKO II - System consisting of hardware implant MR RF or GSM, UNITEDRAKE software implant, IRONCHEF persistence back door
199. GENESIS - Modified GSM handset for covert network surveys, recording of RF spectrum use, and handset geolocation based on software defined radio
200. GENIE - Overall close-access program, collection by Sigads US-3136 and US-3137 * *
201. GHOST - Alleged NSA hacking tool, offered for sale by Shadow Brokers *
202. GHOSTRECON - Related to the VOYEUR intrusion set *
203. GNOMEFISHER - Major cyber threat category countered by the TUTELAGE system *
204. GNOMEVISION - Analytic tool for cyber attacks *
205. GODSURGE - Runs on FLUXBABBITT circuit board to provide software persistence by exploiting JTAG debugging interface of server processors, requires interdiction and removal of motherboard of JTAG scan chain reconnection
206. GOLLUM - Computer implant created by a partner agency *
207. GOPHERRAGE - Pilot project that seeks to develop a hypervisor implant to provide implant capabilites and a back door *
208. GOPHERSET - Software implant on GMS SIM phase 2+ Toolkit cards that exfiltrates contact list, SMS and call log from handset via SMS to user-defined phone; malware loaded using USB smartcard reader or over-the-air.
209. GOSSIPGIRL - Cyber threat actor *
210. GOTHAM - Processor for external monitor recreating target monitor from red video
211. GOTHAMKNIGHT - A payload for the ELIGIBLEBOMBSHELL TOPSEC firewall exploit *
212. GOURMETTROUGH - Configurable implant for Juniper NetScreen firewalls including SSG type, minimal beaconing
213. GROK - Computer implant plug-in used to log keystrokes
214. GUMFISH - Computer implant plug-in to take over a computer’s webcam and snap photographs
215.  
216. H
217. HALLUXWATER - Software implant as boot ROM upgrade for Huawei Eudemon firewalls, finds patch points in inbound packet processing, used in O2, Vodafone and Deutsche Telekom
218. HAMMERCHANT - Implant for network routers to intercept and perform exploitation attacks against data sent through a Virtual Private Network (VPN) and/or phone calls via Skype and other VoIP software *
219. HAMMERMILL - Insertion Tool controls HEADWATER boot ROM backdoor
220. HAMMERSTEIN - Implant for network routers to intercept and perform exploitation attacks against data sent through a Virtual Private Network (VPN) and/or phone calls via Skype and other VoIP software
221. HANGARSURPLUS - Low-to-High diode used for botnet hacking *
222. HAPPYFOOT - Program that intercepts traffic generated by mobile apps that send a smartphone’s location to advertising networks *
223. HAPPYHOUR - Plug-in for the wireless survey and exploitation system BLINDDATE *
224. HAWALA - ? *
225. HEADMOVIES - TAO computer hacking project *
226. HEADWATER - Permanent backdoor in boot ROM for Huawei routers stable to firmware updates, installed over internet, capture and examination of all IP packets passing through host router, controlled by Hammermill Insertion Tool
227. HIDDENTEMPLE - A payload for the ELIGIBLEBOMBSHELL TOPSEC firewall exploit *
228. HIGHLANDS - Technique for close access collection from computer implants *
229. HOGTECH - Streaming packets collected through hacking operations *
230. HOWLERMONKEY (HM) - Generic radio frequency (RF) transceiver tool used for various applications *
231. HUFF - System like FOXACID? *
232. HYDROCASTLE - Tool or database with 802.11 configuration data extracted from CNE activity in specific locations *
233.  
234. I
235. ICYTWINS - Processing system for data collected from vPCS shaping under the STEELFLAUTA program *
236. INCAADAM - Major intrusion set effort *
237. INCISION - Implant presumably used by TAO's Equation Group and offered for sale by Shadow Brokers *
238. INTOLERANT - Data set stolen by hackers, discovered and exploited by CSEC and Menwith Hill Station since 2010 *
239. IRATEMONK - Hard drive firmware providing software persistence for desktops and laptops via Master Boot Record substitution, for Seagate Maxtor Samsung file systems FAR NRFS EXT3 UFS, payload is implant installer, shown at internet cafe *
240. IRONAVENGER - NSA hacking operation against an ally and an adversary (2010) *
241. IRONCHEF - Provides access persistence back door exploiting BIOS and SMM to communicate with a 2-way RF hardware implant
242. IRONPERSISTANCE - Access Technologies Operations (ATO) operation support to DIA in Afghanistan *
243. ITIME - Alleged NSA hacking tool, offered for sale by Shadow Brokers *
244.  
245. J
246. JACKLADDER - Implant presumably used by TAO's Equation Group and offered for sale by Shadow Brokers *
247. JEEPFLEA - TAO computer hacking project *
248. JETPLOW - A firmware persistence implant for Cisco ASA and PIX devices that persists BANANAGLEE *
249. JIFFYRAUL - A module loaded into Cisco PIX firewalls with BANANAGLEE *
250. JOLLYROGER - Tool that provides metadata that describe the networking environment of TAO-implanted Windows PCs *
251. JUMPDOLLAR - Tool to support various file systems *
252. JUNIORMINT - Implant digital core, either mini printed circuit board or ultra-mini Flip Chip Module, contains ARM9 micro-controller, FPGA Flash SDRAM and DDR2 memories
253.  
254.  
255. [NSA codenames used under the SPINALTAP program]
256. NSA codenames (not included on this page) used under the SPINALTAP program
257. for combining data from active hacking operations
258. and passive signals intelligence collection.
259.  
260. K
261. KIRKBOMB - Windows kernel examination to detect loaded drivers and processes *
262. KOALAPUNCH - TAO computer hacking project *
263. KONGUR - Software implant restorable by GINSU after OS upgrade or reinstall
264.  
265. L
266. LEAKYFAUCET - Flow repository of 802.11 WiFi IP addresses and clients via STUN data *
267. LEGION AMBER - Chinese hacking operation against a major US software company *
268. LEGION AMETHYST - Hacking effort by China in which private e-mails of top US officials were obtained; previously codenamed DANCING PANDA (since 2010) *
269. LEGION JADE - A group of Chinese hackers *
270. LEGION RUBY - A group of Chinese hackers *
271. LEGION YANKEE - Chinese hacking operation against the Pentagon and defense contractors (2011)*
272. LIFESAVER - Technique which images the hard drive of computers *
273. LOUDAUTO - An ANGRYNEIGHBOR radar retro-reflector, microphone captures room audio by pulse position modulation of square wave
274. LUTEUSICARUS - TAO computer hacking project *
275. LUTEUSOBSTOS - Codeword found in the source code used by the Equation hacking group *
276.  
277. M
278. MADBISHOP - Hard drive implant *
279. MAESTRO-II - Mini digital core implant, standard TAO implant architecture
280. MAGICBEAN - Man-in-the-middle WiFi attack tool *
281. MAGICJACK - Alleged NSA implant, offered for sale by Shadow Brokers *
282. MAGICSQUIRREL - Man-in-the-middle WiFi attack tool *
283. MAGNETIC - Technique of sensor collection of magnetic emanations *
284. MAGNUMOPUS - TAO computer hacking project *
285. MAKERSMARK - Major cyber threat category countered by the TUTELAGE system * identified in 2007 *
286. MAVERICK CHURCH - Major cyber threat category countered by the TUTELAGE system, formerly BISHOP * part of BYZANTINE HADES *
287. MIDDLEMAN - TAO covert network
288. MINERALIZE - Technique for close access collection through LAN implants *
289. MIRROR - Automated survey system that can for example identify the presence of a VPN; interface to the ROADBED system *
290. MISTYVEAL (MV) - Another version of VALIDATOR for installation on a target's computer *
291. MOCCASIN - A hardware implant, permanently connected to a USB keyboard *
292. MONKEYCALENDAR - Software implant on GMS SIM cards that exfiltrates user geolocation data
293. MOUSETRAP - Sandia implant for EFI *
294. MURPHYSLAW - TAO computer hacking project *
295.  
296. N
297. NATIVE DANCER - Major cyber threat category countered by the TUTELAGE system *
298. NEBULA - Base station router similar to CYCLONE Hx9
299. NIGHTWATCH - Portable computer in shielded case for recreating target monitor from progressive-scan non-interlaced VAGRANT signals
300. NIGHTSTAND (NS) - Plug-in for the wireless survey and exploitation system BLINDDATE, which injects a packet that forces a client to access a monitored listening post *
301. NIGHTTRAIN - Major intrusion set effort *
302. NITESTAND - See NIGHTSTAND
303. NITRO ZEUS - Umbrella program for hacking operations against Iranian critical civilian and military infrastructure *
304. NOPEN - A RAT or post-exploitation shell consisting of a client and a server that encrypts data using RC6, offered for sale by Shadow Brokers *
305.  
306. O
307. ODDJOB – A HTTP command and control implant for installation on compromised Windows hosts, published by the Shadow Brokers *
308. OLYMPIC - First word of nicknames for programs involving defense against Chinese cyber-warfare and US offensive cyber-warfare *
309. OLYMPIC GAMES - Joint US and Israel operation against the Iranian nuclear program (aka Stuxnet)*
310. OLYMPUS - Software component of VALIDATOR/SOMBERKNAVE used to communicate via wireless LAN 802.11 hardware *
311. OPTICPINCH - Internal mission network for TAO/ROC hacking operations, connected to FIGBUILD through ROOTKNOT (2009) *
312. ORANGUTAN - Implant, tool or exploit presumably used by TAO's Equation Group *
313. ORLEANSTRIDE - Alleged NSA implant, offered for sale by Shadow Brokers *
314.  
315. P
316. PACKETWRENCH - Computer exploit delivered by the FERRETCANON system *
317. PANDAROCK - A tool for connecting to a POLARPAWS implant *
318. PANDORAS MAYHEM - Part of QUANTUM operations involving TUTELAGE *
319. PARCHDUSK (PD) - Productions Operation of NSA's TAO division *
320. PASSIONATEPOLKA - TAO tool for remotely bricking network cards *
321. PASTEPIG - NetApp on the TAONet/NSANet DMZ *
322. PATCHICILLIN - Implant, tool or exploit presumably used by TAO's Equation Group *
323. PCLEAN - Alleged NSA hacking tool, offered for sale by Shadow Brokers *
324. PEDDLECHEAP - Computer exploit delivered by the FERRETCANON system *
325. PERFECT CITIZEN - Research and engineering program to counter cyberattacks, in cooperation with Raytheon *
326. PHOENIX Exploit Kit - Major cyber threat category countered by the TUTELAGE system *
327. PHOTOANGLO - A continuous wave generator and receiver. The bugs on the other end are ANGRYNEIGHBOR class
328. PITIEDFOOL - A suite of CNA tools for use against file systems. Overwrites data to the point it is irrecoverable.
329. PLAIDDIANA - Major intrusion set effort *
330. PLUCKHAGEN - An IRATEMONK implantation for ARM-based Fujitsu drives *
331. POLARBREEZE - NSA technique to tap into nearby computers *
332. POLARPAWS - An implant for a firewall form an unknown vendor *
333. POLARSNEEZE - An implant for a firewall form an unknown vendor *
334. POLARSTARKEY - Network Defense data source *
335. POLITERAIN - CNA team or operation from the ATO unit of TAO *
336. POPROCKS - Chinese cyber attacks against video conference provides, 2009 Navy Router Incident, part of BYZANTINE HADES *
337. POPQUIZ - Project of NSA's Research Directorate to collect network metadata on high-bandwidth protocols such as HTTP, SMTP and DNS (2008) * or analytic tool for cyper attacks *
338. PORK - Alleged NSA implant, offered for sale by Shadow Brokers *
339. POTBED - TAO computer hacking project *
340. PROTOSS - Local computer handling radio frequency signals from implants
341. PUZZLECUBE - TAO tasking database * *
342.  
343. Q
344. QFIRE - A consolidated QUANTUMTHEORY platform to reduce latencies by co-locating passive sensors with local decisioning and traffic injection (under development in 2011)
345. QUANTUM - Secret servers placed by NSA at key places on the internet backbone; part of the TURMOIL program *
346. QUANTUMBISCUIT - Enhancement of QUANTUMINSERT for targets which are behind large proxies *
347. QUANTUMBOT - Method for taking control of idle IRC bots and botnets) *
348. QUANTUMBOT2 - Combination of Q-BOT and Q-BISCUIT for webbased botnets *
349. QUANTUMCOOKIE - Method to force cookies onto target computers
350. QUANTUMCOPPER - Method for corrupting file uploads and downloads *
351. QUANTUMDIRK - Replacement for the QUANTUMINSERT hacking toolset that injects malicious content into chat services provided by websites such as Facebook and Yahoo *
352. QUANTUMDNS - DNS injection/redirection based off of A record queries *
353. QUANTUMHAND - Man-on-the-side technique using a fake Facebook server *
354. QUANTUMINSERT (QI) - Man-on-the-side technique that redirects target internet traffic to a FOXACID server for exploitation *
355. QUANTUMMUSH - Targeted spam exploitation method *
356. QUANTUMNATION - Umbrella for COMMONDEER and VALIDATOR computer exploits
357. QUANTUMPHANTOM - Hijacks any IP address to use as covert infrastructure *
358. QUANTUMSKY - Malware used to block targets from accessing certain websites through RST packet spoofing *
359. QUANTUMSMACKDOWN - Method for using packet injection to block attacks against DoD computers *
360. QUANTUMSPIN - Exploitation method for instant messaging *
361. QUANTUMSQUEEL - Method for injecting MySQL persistant database connections *
362. QUANTUMSQUIRREL - Using any IP address as a covert infrastructure *
363. QUANTUMTHEORY (QT) - Computer hacking toolbox, which dynamically injects packets into target's network session *
364. QWERTY - TAO keylogger tool, probably a component of the WARRIORPRIDE malware framework *
365.  
366. R
367. RADON - Host tap that can inject Ethernet packets *
368. RAGEMASTER - Part of ANGRYNEIGHBOR radar retro-reflectors, for red video graphics array cable in ferrite bead RFI chokers between video card and monitor, target for RF flooding and collection of VAGRANT video signal
369. RAISEBED - Access system *
370. RAPTOR JOY - Intrusion set? *
371. RAPTOR ROLEX - Intrusion set? *
372. RAPORT SAD - Intrusion set? *
373. RATWHARF - Cyber mission *
374. RECORDER - Major intrusion set effort *
375. REGIN - Highly sophisticated spyware found in computers systems worldwide, supposedly used by NSA and GCHQ (discovered in 2013, codename by Microsoft) *
376. REPLICANTFARM - Signature based output of the WARRIORPRIDE framework *
377. RETICULUM - Implant, tool or exploit presumably used by TAO's Equation Group *
378. RETURNSPRING - High-side server shown in UNITEDRAKE internet cafe monitoring graphic
379. REXKWONDO - TAO project for shaping and MitM capabilities against Lebanon's internet traffic (2013) *
380. ROGUESAMURAI - Test framework of TAO's persistence division for testing computer exploits *
381. ROOTKNOT - One-way transfer device *
382.  
383. S
384. SADDLEBACK - Hacking tool that performs a firmware modification? *
385. SCHOOLMONTANA - Software implant for Juniper J-series routers used to direct traffic between server, desktop computers, corporate network and internet
386. SCREAMINGHARPY - TAO computer hacking project *
387. SCREAMINGPLOW - Similar to JETPLOW *
388. SEAGULLFARO - Processing system on TAONet, part of DEEPFRIEDPIG * part of OPTICPINCH in 2009 *
389. SEASONEDMOTH (SMOTH) - Stage0 computer implant which dies after 30 days, deployed by the QUANTUMNATION method
390. SECONDDATE - Method to influence real-time communications between client and server in order to redirect web-browsers to FOXACID malware servers, offered for sale by Shadow Brokers * component of BADDECISION *
391. SEED SPHERE - Computer network "intrusion set" identified in 2007 * *
392. SENTRY EAGLE (SEE) - Overarching umbrella program for ECI compartments and SAP programs of the National Initiative to protect US cyberspace
393. SENTRY HAWK - ECI compartment of SENTRY EAGLE that protects information about Computer Network Exploitation *
394. SENTRY FALCON - ECI compartment of SENTRY EAGLE that protects information about Computer Network Defense *
395. SERUM - Bank of servers within ROC managing approvals and ticket system
396. SHADOWDRAGON - Major intrusion set effort *
397. SHAREDTAFFY - TAO computer hacking project *
398. SHARPFOCUS (SF2) - Productions Operation of NSA's TAO division *
399. SHARPSHADOW - TAO computer hacking project *
400. SHELLGREY - DNT standard exfiltration metadata format *
401. SHENTYSDELIGHT - Alleged NSA hacking tool, offered for sale by Shadow Brokers *
402. SHEPARD - Related to the MAKERSMARK intrusion set *
403. SHORTSHEET - NSA tool for Computer Network Exploitation *
404. SHOTGIANT - NSA operation for hacking and monitoring the Huawei network (since 2009)
405. SHOUTPIG - FTP server on the TAONet/NSANet DMZ *
406. SIDETRACK - Implant, tool or exploit presumably used by TAO's Equation Group *
407. SIERRAMONTANA - Software implant for Juniper M-series routers used by enterprises and service providers
408. SIFT - Alleged NSA implant, offered for sale by Shadow Brokers *
409. SILLYBUNNY - Some kind of webbrowser tag which can be used as selector *
410. SKIMCOUNTRY - Alleged NSA implant, offered for sale by Shadow Brokers *
411. SKYHOOKCHOW - Codeword found in the source code used by the Equation hacking group *
412. SLICKERVICAR - Used with UNITEDRAKE or STRAITBIZARRE to upload hard drive firmware to implant IRATEMONK
413. SLIPSTREAM - Part of the WARRIORPRIDE framework *
414. SLYHERETIC_CHECKER - Alleged NSA hacking tool, offered for sale by Shadow Brokers *
415. SNORT - Repository of computer network attack techniques/coding
416. SNOWGLOBE - Hacking operations against the US that may have originated in France * *
417. SODAPRESSED - Linux application presistence *
418. SOMBERKNAVE - Windows XP wireless software implant providing covert internet connectivity, routing TCP traffic via an unused 802.11 network device allowing OLYMPUS or VALIDATOR to call home from air-gapped computer
419. SOUFFLETROUGH - Software implant in BIOS Juniper SSG300 and SSG500 devices, permanent backdoor, modifies ScreenOS at boot, utilizes Intel's System Management Mode
420. SPARROW II - Airborne wireless network detector running BLINDDATE tools via 802.11
421. SPECULATION - Protocol for over-the-air communication between COTTONMOUTH computer implant devices, compatible with HOWLERMONKEY
422. SPINALTAP - NSA program for combining data from active hacking operations and passive signals intelligence collection *
423. SPITEFULANGEL - Hacking tool or method in or for the Python programming language *
424. STEALTHFIGTHER - Codeword found in the source code used by the Equation hacking group *
425. STEELFLAUTA - TAO traffic shaping program supporting SSO cable tapping collection
426. STOICSURGEON - Hacking tool presumably used by TAO's Equation Group, offered for sale by Shadow Brokers *
427. STORMPIG - Data cleanup tool on TAONet used for TAO botnet hacking *
428. STRAITACID - Codeword found in the source code used by the Equation hacking group *
429. STRAI(GH)TBIZARRE (SBZ) - TAO software implant used to communicate through covert channels * or spyware that can turn computers into disposable and non-attributable "shooter" nodes *
430. STRAITSHOOTER - Codeword found in the source code used by the Equation hacking group *
431. STRIFEWORLD - Alleged NSA implant, offered for sale by Shadow Brokers *
432. STRIKEZONE - Device running HOWLERMONKEY personality
433. STRONGMITE - Computer at remote operations center used for long range communications
434. STUCCOMONTANA - Software implant for Juniper T-Series routers used in large fixed-line, mobile, video, and cloud networks, otherwise just like SCHOOLMONTANA
435. STUMPCURSOR - Foreign computer accessing program of the NSA's Tailored Access Operations
436. STUXNET - A computer worm that was used to destroy Iran's nuclear centrifuges (discovered in 2010)
437. STYLISHCHAMP - Tool that can create a HPA on a hard drive and then provide raw reads and writes to this area *
438. SUAVEEYEFUL - Alleged NSA implant, offered for sale by Shadow Brokers *
439. SUBTLESNOW - Major cyber threat category countered by the TUTELAGE system *
440. SUCTIONCHAR - Alleged NSA implant, offered for sale by Shadow Brokers *
441. SUPERDRAKE - Cyber threat actor * related to WIDOWKEY *
442. SURLEYSPAWN - Data RF retro-reflector, gathers keystrokes FSK frequency shift keyed radar retro-reflector, USB or IBM keyboards
443. SURPASSPIN - Transfers commands and tasking instructions from TAO's internal to the external mission network * receives messages from the FLASHHANDLE Mission Manager *
444. SURPLUSHANGAR (SH) - High-to-Low diode, used for the QUANTUM system * and botnet hacking *
445. SUTURESAILOR - Printed circuit board digital core used with HOWLERMONKEY
446. SWAP - Implanted software persistence by exploiting motherboard BIOS and hard drive Host Protected Area for execution before OS loads, operative on windows linux, freeBSD Solaris
447.  
448. T
449. TEFLONDOOR - A self-destructing post-exploitation shell for executing an arbitrary file *
450. TITAN RAIN - Presumably Chinese attacks on American computer systems (since 2003)
451. TOAST - Alleged NSA hacking tool, offered for sale by Shadow Brokers *
452. TORNSTEAK - Exploit solution for two firewall devices from a particular vendor *
453. TOTECHASER - Software implant in flash ROM windows CE for Thuraya 2520 satellite/GSM/web/email/MMS/GPS
454. TOTEGHOSTLY - Modular implant for windows mobile OS based on SB using CP framework, Freeflow-compliant so supported by TURBULENCE architecture
455. TRANSGRESSION - TAO/CES unit providing cryptanalytic support for various missions *
456. TREACLEBETA - TAO hacking against the Pakistani terrorist group Lashkar-e-Taiba *
457. TRINITY - Implant digital core concealed in COTTONMOUTH-I, providing ARM9 microcontroller, FPGA Flash and SDRAM memories *
458. TUNINGFORK - Sustained collection linked to SEAGULLFARO, previously NSA database or cyber threat analysis tool *
459. TURBINE - Active SIGINT: centralized automated command/control system for managing a large network of active computer implants for intelligence gathering (since 2010) *
460. TURBOPANDA - A tool that can be used to communicate with a HALLUXWATER implant and allows read/write to memory, execute an address or packet; joint NSA/CIA project on Huawei network equipment *
461. TUTELAGE - Active defense system with detection sensors that monitor network traffic at for example the NIPRNet in order to detect malicious code and network attacks, part of the TURBULENCE program *
462. TWEEZERS - Major intrusion set effort *
463. TWISTEDKILT - Writes to Host Protected area on hard drive to implant Swap and its implant installer payload, which can be used with the STYLISHCHAMP tool *
464.  
465. U
466. UNCANNY - Video demodulation tool (now: BOTANICREALTY) *
467. UNITEDRAKE - Computer exploit delivered by the FERRETCANON system * receiving e-mails and files *
468. UnPacMan - Processing system on TAONet, part of DEEPFRIEDPIG *
469.  
470. V
471. VAGRANT - Radar retro-reflector technique on video cable to reproduce open computer screens *
472. VALIANTSURF - A "major system acquisition" that enables more efficient Computer Network Operations (CNO) by the TAO division; it will integrate into the TURBULENCE architecture *
473. VALIDATOR - Computer exploit delivered by the FERRETCANON system for looking whether a computer has security software, runs as user process on target OS, modified for SCHOOLMONTANA, initiates a call home, passes to SOMBERKNAVE, downloads OLYMPUS and communicates with remote operation center *
474. VICTORYDANCE - Joint NSA-CIA operation to map WiFi fingerprints of nearly every major town in Yemen *
475. VIEWPLATE - Processor for external monitor recreating target monitor from red video
476. VINYLSEAT - E-mails collected through hacking operations *
477. VIOLETSPIRIT - Alleged NSA hacking tool, offered for sale by Shadow Brokers *
478. VITALAIR - NSA tool
479. VITALAIR2 - Tool or database for automated scanned IP addresses for TAO known vulnerabilities *
480. VOYEUR - US monitoring operation in which an Iranian hacking operation against the US was detected * *
481.  
482. VULCANDEATHGRIP - Repository for data collected from vPCS shaping under the STEELFLAUTA program *
483.  
484. W
485. WAGONBED - Hardware GSM controller board implant on CrossBeam or HP Proliant G5 server that communicates over I2C interface
486. WAITAUTO - Network used by the Remote Operations Center of NSA's TAO division *
487. WALKERBLACK - Related to the MAKERSMARK intrusion set *
488. WARNVULCANO - Something residing on the WAITAUTO network used for TAO botnet hacking *
489. WARRIORPRIDE (WP) - Scalable, flexible and portable unified CNE platform used throughout the Five Eyes; equivalent at GCHQ is DAREDEVIL * It was for example used to break into iPhones *
490. WATCHER - Tipping tool related to SECONDDATE operations, offered for sale by Shadow Brokers *
491. WAXTITAN - TAO computer hacking project *
492. WEASELWAGGLE - Major cyber threat category countered by the TUTELAGE system *
493. WELLSPRING - Tool that strips out facial images from e-mails and other communications, and displays those that might contain passport images *
494. WIDOWKEY - Major intrusion set effort, related to SUPERDRAKE *
495. WHISTLINGDUXIE - TAO computer hacking project *
496. WICKEDVICAR - Hacking tool used to perform remote survey and installation *
497. WIDOWKEY - Major cyber threat category countered by the TUTELAGE system *
498. WILDCHOCOBO - TAO computer hacking project *
499. WILDCOUGAR - TAO computer hacking project *
500. WILLOWVIXEN - Method to deploy malware by sending out spam e-mails that trick targets into clicking a malicious link * *
501. WISTFULTOLL - Plug-in for UNITEDRAKE and STRAITBIZARRE used to harvest target forensics via Windows Management Instrumentation and Registry extractions, can be done through USB thumb drive *
502. WINTERLIGHT - A QUANTUM computer hacking program in which Sweden takes part
503. WOBBLYLLAMA - A payload for the ELIGIBLEBOMBSHELL TOPSEC firewall exploit *
504. RAW Paste Data
505. A
506. ACRIDMINI - TAO computer hacking project *
507. ADJUTANT VENTURE - Intrusion set? *
508. ALOOFNESS - Cyber threat actor *
509. ALTEREDCARBON - An IRATEMONK implant for Seagate drives *
510. AMULETSTELLAR - Cyber threat actor sending malicious e-mails *
511. ANGRYNEIGHBOR - Family of radar retro-reflector tools used by NSA's TAO division *
512. APERTURESCIENCE - TAO computer hacking project *
513. ARGYLEALIEN - Method to cause a loss of data by exploiting zeroization of hard-drives *
514. ARKSTREAM - Implant used to reflash BIOS, installed by remote access or intercepted shipping
515. ARROWECLIPSE - Counter CNE tool *
516.  
517. B
518. BADDECISION (BDN) - Hacking tool to redirect users of a wireless/802.11 network to NSA FOXACID servers * *
519. BALLOONKNOT - TAO computer hacking project *
520. BANANAAID - NSA hacking tool or code included in the Shadow Brokers leak *
521. BANANABALLOT - A BIOS module associated with an implant (likely BANANAGLEE) *
522. BANNANADAIQUIRI - An implant associated with SCREAMINGPLOW *
523. BANANAGLEE - A non-persistent firewall software implant for Cisco ASA and PIX devices that allows remote JETPLOW installation *
524. BANANALIAR - A tool for connecting to an unspecified implant (likely BANANAGLEE) *
525. BARGLEE - A software implant for a firewall of an unknown vendor *
526. BARICE - A tool that provides a shell for installing the BARGLEE implant *
527. BARNFIRE - TAO tool to erase the BIOS on a brand of servers that act as a backbone to many rival governments *
528. BARPUNCH - A module for BANANAGLEE and BARGLEE implants *
529. BEACHHEAD - Computer exploit delivered by the FERRETCANON system * *
530. BEECHPONY - A firewall implant that is a predecessor of BANANAGLEE *
531. BENIGNCERTAIN - A tool that appears to be for sending certain types of Internet Key Exchange (IKE) packets to a remote host and parsing the response *
532. BERSERKR - Persistent backdoor that is implanted into the BIOS and runs from System Management Mode * *
533. BILLOCEAN - Retrieves the serial number of a firewall, to be recorded in operation notes *
534. BISHOP KNIGHT - Major cyber threat category of Chinese attacks against NASA, DoD, DoE, part of BYZANTINE HADES, countered by the TUTELAGE system * *
535. BLACK ENERGY Bot - Major cyber threat category countered by the TUTELAGE system *
536. BLATSTING - A firewall software implant that is used with EGREGIOUSBLUNDER (Fortigate) and ELIGIBLEBACHELOR (TOPSEC) *
537. BLINDDATE (BD) - Survey and exploitation hardware with a mobile antenna system to run BADDECISION, which allows for a SECONDDATE attack * * *
538. BLIND MARKSMAN - Major cyber threat category countered by the TUTELAGE system *
539. BOOKISHMUTE - An exploit against an unknown firewall using Red Hat 6.0 *
540. BORGERKING - Something related to Linux exploits *
541. BOTANICREALTY - Video demodulation tool (formerly: UNCANNY) *
542. BOXINGRUMBLE - Network attack that was countered by QUANTUMDNS *
543. BRICKTOP - Project to learn about new malware by intercepting e-mail from several security companies (2009) *
544. BROKENTIGO - Tool for computer network operations
545. BULLDOZER - PCI bus hardware implant on intercepted shipping
546. BUZZDIRECTION - A firewall software implant for Fortigate firewalls *
547. BYZANTINE - First word of nicknames for programs involving defense against Chinese cyber-warfare and US offensive cyber-warfare *
548. BYZANTINE ANCHOR - Chinese cyber attacks against a broad range of US targets since 2003, part of BYZANTINE HADES * *
549. BYZANTINE CANDOR (BC) - Chinese cyber attacks against DoD and other US targets, part of BYZANTINE HADES, formerly TITAN RAIN III * * *
550. BYZANTINE FOOTHOLD (BF) - Major cyber threat category of Chinese attacks against TRANSCOM, PACOM and others, countered by the TUTELAGE system * *
551. BYZANTINE HADES - Chinese computer network exploitation (CNE) against the US * probably renamed to the LEGION-series *
552. BYZANTINE PRAIRIE - Chinese cyber attacks but inactive since 2008, part of BYZANTINE HADES *
553. BYZANTINE RAPTOR - Chinese cyber attacks against DoD and Congress, resurfaced 2008, part of BYZANTINE HADES * *
554. BYZANTINE TRACE - Chinese cyber attacks against DoD, part of BYZANTINE HADES * already indentified in 2007 *
555. BYZANTINE VIKING - Major cyber threat category countered by the TUTELAGE system *
556.  
557. C
558. CAPTIVATEDAUDIENCE - Computer implant plug-in to take over a targeted computer’s microphone and record conversations taking place near the device
559. CARBON PEPTIDE - Major cyber threat category, part of BYZANTINE HADES, countered by the TUTELAGE system *
560. CASTLECRASHER - Primary technique for executing DNT payloads for Windows computers *
561. CASTLECREEK (CC) - Hacking tool *
562. CATFLAP - Alleged NSA hacking tool, offered for sale by Shadow Brokers *
563. CENTRICDUD - Tool that can read and write bytes in the CMOS of a targeted Windows computer *
564. CHAOSOVERLORD - TAO computer hacking project *
565. CHARMS - Alleged NSA implant, offered for sale by Shadow Brokers *
566. CHELSEABLUE - ? *
567. CHIMNEYPOOL - Framework or specification of GENIE-compliance for hardware/software implants
568. CHOCOLATESHIP - TAO computer hacking project *
569. CHOCOPOP - SNOWGLOBE cyber threat process *
570. CLIMBINGSHIRT - Expeditionary Access Operations (EAO) in Iraq *
571. CLOUDSHIELD - System that terminates a client-side connection to a malicious server and blocks the server's response *
572. CLUCKLINE - A module for BANANAGLEE implants *
573. COLOSSUS - FTP mover on TAONet *
574. COMMON - Alleged NSA hacking tool, offered for sale by Shadow Brokers *
575. COMMONDEER - Computer exploit for looking whether a computer has security software
576. CONFICKER - Major cyber threat category countered by the TUTELAGE system *
577. CONJECTURE - Network compatible with HOWLERMONKEY
578. CONTAINMENTGRID - A payload for the ELIGIBLEBOMBSHELL TOPSEC firewall exploit *
579. COTTONMOUTH (CM) - Computer implant devices used by NSA's TAO division
580. COTTONMOUTH-I (CM-I) - USB hardware implant providing wireless bridge into target network and loading of exploit software onto target PCs, formerly DEWSWEEPER
581. COTTONMOUTH-II (CM-II) - USB hardware host tap provides covert link over USP into target's network co-located with long haul relay; dual-stacked USB connector, consists of CM-I digital hardware plus long haul relay concealed in chassis; hub with switches is concealed in a dual stacked USB connector and hard-wired to provide intra-chassis link.
582. COTTONMOUTH-III (CM-III) - Radio Frequency link for commands to software implants and data infiltration/exfiltration, short range inter-chassis link within RJ45 Dual Stacked USB connector
583. CROSSBEAM - GSM module mating commercial Motorola cell with WagonBed controller board for collecting voice data content via GPRS (web), circuit-switched data, data over voice, and DTMF to secure facility, implanted cell tower switch
584. CROSSBONES - Cyber threat analysis tool * *
585. CROSSEYEDSLOTH - TAO computer hacking project *
586. CROWNPRINCE - Related to the MAKERSMARK intrusion set *
587. CROWNROYAL - Related to the MAKERSMARK intrusion set *
588. CRYPTICSENTINEL - Counter computer network exploitation (CCNE) project *
589. CURSES - Alleged NSA implant, offered for sale by Shadow Brokers *
590. CUTEBOY - Foreign (Chinese) computer network exploitation actor *
591. CYBERCOP - Cyber attack visualisation tool
592. CYBERQUEST (CQ) - Cyber threat discovery mission? (since 2008)*
593.  
594. D
595. DAMPCROWD - Alleged NSA hacking tool, offered for sale by Shadow Brokers *
596. DANCING PANDA - Hacking effort by China in which private e-mails of top US officials were obtained; renamed into LEGION AMETHYST (since 2010) * *
597. DANDERSPRITZ – An implant for interacting with a compromised host and controlling Windows systems, published by the Shadow Brokers *
598. DAREDEVIL - Shooter/implant as part of the QUANTUM system *
599. DARKFIRE - TAO counter cyber attack project * *
600. DARKHELMET - Counter computer network exploitation (CCNE) project *
601. DARKTHUNDER - TAO traffic shaping program supporting SSO cable tapping collection *
602. DEAD SEA - Computer network exploitation tool (?) *
603. DEEPFRIEDPIG - Data processing system on TAONet, including SEAGULLFARO *
604. DEFIANTWARRIOR - Program under which a host computer that is infected with an exploitable bot can hijacked through a QUANTUMBOT attack and redirected to the NSA *
605. DEITYBOUNCE - Provides implanted software persistence on Dell PowerEdge RAID servers via motherboard BIOS using Intel's System Management Mode for periodic execution, installed via ArkStream to reflash the BIOS
606. DEMENTIAWHEEL - Hacking tool *
607. DESERTWINTER - Codeword found in the source code used by the Equation hacking group *
608. DEWDROP - Implant presumably used by TAO's Equation Group and offered for sale by Shadow Brokers *
609. DEWSWEEPER - Technique to tap USB hardware hosts *
610. DIESEL RATTLE - Chinese cyber attacks against US ISPs, government, defense contractors and Japan, part of BYZANTINE HADES *
611. DIRESCALLOP - Tool that disables DeepFreeze without the need for a reboot *
612. DISABLEVALOR - Hacking tool *
613. DISCOROUTE - NAC/GCHQ repository for router configuration files from CNE and passive SIGINT, like for example telnet sessions * *
614. DISCOVERY - Major cyber threat category countered by the TUTELAGE system *
615. DOCKETDICTATE - Something related to NSA's TAO division
616. DOUBLEPULSAR - Payload uploaded through the FUZZBUNCH framework, published by the Shadow Brokers *
617. DOURMAGNUM - Cyber threat activity from the Imam Hussein University *
618. DRINKPARSLEY - Codeword found in the source code used by the Equation hacking group *
619. DROPMIRE - Passive collection of emanations (e.g. from printers or faxes) by using a radio frequency antenna
620. DROPOUTJEEP - STRAITBIZARRE-based software implant for iPhone, initially close access but later remotely
621. DUBMOAT - Alleged NSA trojan, offered for sale by Shadow Brokers *
622. DURABLENAPKIN - A tool for injecting packets on LANs *
623.  
624. E
625. EARLYSHOVEL - Alleged NSA exploit, offered for sale by Shadow Brokers *
626. EASYKRAKEN - An IRATEMONK implantation for ARM-based Samsung drives *
627. EBB - Alleged NSA exploit, offered for sale by Shadow Brokers *
628. EBBISLAND - Alleged TAO exploit for the Solaris operating system, published by the Shadow Brokers *
629. ECLECTICPILOT - ? *
630. EGGBASKET - Alleged NSA exploit, offered for sale by Shadow Brokers *
631. EGOTISTICALGIRAFFE (EGGI) - NSA program for exploiting the TOR network *
632. EGOTISTICALGOAT (EGGO) - NSA tool for exploiting the TOR network *
633. EGREGIOUSBLUNDER (EGBL) - A remote code execution exploit for Fortigate firewalls that exploits a HTTP cookie overflow vulnerability *
634. ELATEDMONKEY - Alleged NSA exploit, offered for sale by Shadow Brokers *
635. ELDESTMYRIAD - Alleged NSA exploit, offered for sale by Shadow Brokers *
636. ELECTRICSLIDE - Alleged NSA exploit, offered for sale by Shadow Brokers *
637. ELEGANTEAGLE - Alleged NSA exploit, offered for sale by Shadow Brokers *
638. ELEONORE Exploit Kit - Major cyber threat category countered by the TUTELAGE system *
639. ELGINGAMBLE - Alleged NSA exploit, offered for sale by Shadow Brokers *
640. ELIGIBLEBACHELOR (ELBA) - An exploit for TOPSEC firewalls running the TOS operation system *
641. ELIGIBLEBOMBSHELL (ELBO) - A remote code execution exploit for TOPSEC firewalls that exploits a HTTP cookie command injection vulnerability *
642. ELIGIBLECANDIDATE (ELCA) - A remote code execution exploit for TOPSEC firewalls that exploits a HTTP cookie command injection vulnerability *
643. ELIGIBLECONTESTANT (ELCO) - A remote code execution exploit for TOPSEC firewalls that exploits a HTTP POST paramter injection vulnerability *
644. ENDLESSDONUT - Alleged NSA exploit, offered for sale by Shadow Brokers *
645. ENEMYRUN - Alleged NSA implant, offered for sale by Shadow Brokers *
646. ENGLANDBOGGY - Alleged NSA exploit, offered for sale by Shadow Brokers *
647. ENVISIONCOLLISION - Alleged NSA hacking tool, offered for sale by Shadow Brokers *
648. ENVOYTOMATO - Alleged NSA hacking tool, offered for sale by Shadow Brokers *
649. EPICBANANA (EPBA) - A privilege escalation exploit against Cisco Adaptive Security Appliance (ASA) and Cisco Private Internet eXchange (PIX) devices *
650. EPICHERO - Alleged NSA exploit, offered for sale by Shadow Brokers *
651. EQUATION Group - Nickname given by Kaspersky to a highly advanced computer hacking group, considered to be part of TAO *
652. ERRONEOUSINGENUITY (ERIN) - NSA tool for exploiting the TOR network *
653. ESCALATEPLOWMAN (ESPL) - A privilege escalation exploit against WatchGuard firewalls *
654. ESTOPMOONLIT - Alleged NSA exploit, offered for sale by Shadow Brokers *
655. ETERNALBLUE – TAO exploit for Windows XP, 2003, Vista, 7 & 2008, published by the Shadow Brokers * and included in the WanneCry ransomware worm (2017) *
656. ETERNALCHAMPION – Exploit for Windows XP, 2003, Vista, 7 & 2008, published by the Shadow Brokers *
657. ETERNALROMANCE – Exploit for Windows XP, 2003, Vista, 7 & 2008, published by the Shadow Brokers *
658. ETERNALSYNERGY – Exploit for Windows 8 SP0 & Windows 2012 SP0, published by the Shadow Brokers *
659. EVOLVINGSTRATEGY - Alleged NSA hacking tool, offered for sale by Shadow Brokers *
660. EWOK - Alleged NSA hacking tool, offered for sale by Shadow Brokers *
661. EXACTCHANGE - Alleged NSA exploit, offered for sale by Shadow Brokers *
662. EXPOXYRASIN - Alleged NSA hacking tool, offered for sale by Shadow Brokers *
663. EXTRABACON (EXBA) - A remote code execution exploit against Cisco Adaptive Security Appliance (ASA) devices *
664. EXTREMEPARR - Alleged TAO exploit for the Solaris operating system, published by the Shadow Brokers *
665. EXZE - Alleged NSA hacking tool, offered for sale by Shadow Brokers *
666.  
667. F
668. FABULOUSFABLE (FABFAB) - Tool used in automated SECONDDATE tasking *
669. FAKEDOUBT - An IRATEMONK implantation for ARM-based Hitachi drives *
670. FALSEMOREL - Allows for the deduction of the "enable" password from data freely offered by an unspecified firewall *
671. FANNER - Cyber threat actor *
672. FASHIONCLEFT - TAO/DNT protocol used by implants to exfiltrate collected network packets to the Common Data Receptor (CDR)
673. FEEDTROUGH - A technique for persisting BANANAGLEE and ZESTYLEAK implants for Juniper NetScreen firewalls * *
674. FERRETCANON - Subsystem of the FOXACID system *
675. FESTIVEWRAPPER - Something used for TAO botnet hacking *
676. FIGBUILD - External mission network for TAO/ROC hacking operations, connected to OPTICPINCH through ROOTKNOT (2009) *
677. FINKCOAT - ? *
678. FINKDIFFERENT (FIDI) - Tool used for exploiting TOR networks
679. FIREWALK -Bidirectional network implant, passive gigabit ethernet traffic collector and active ethernet packet injector within RJ45 Dual Stacked USB connector, digital core used with HOWLERMONKEY, formerly RADON
680. FLASHHANDLE Mission Management (FMM) - Database for generating and retaining crypto keys for encrypting data that have to be transferred onto internal TAO networks * provides this to SURPASSPIN *
681. FLATLIQUID - TAO operation against the office of the Mexican president *
682. FLAXENPRECEPT - Common Data Receptor interface(?) *
683. FLOCKFORWARD - A payload for the ELIGIBLEBOMBSHELL TOPSEC firewall exploit *
684. FLUXBABBITT - Hardware implant for Dell PowerEdge RAID servers using Xeon processors
685. FOGGYBOTTOM - Computer implant plug-in that records logs of internet browsing histories and collects login details and passwords used to access websites and email accounts
686. FOGYNULL - DNT standard exfiltration protocol *
687. FORKPTY - Alleged NSA hacking tool, offered for sale by Shadow Brokers *
688. FORRESTPLACE - Access system *
689. FOSHO - A Python library for creating HTTP exploits *
690. FOXACID (FA) - Originally a counter-terrorism mission against Al-Qaeda, now a network of covert internet servers used to exploit a target's browser through spam e-mail * *
691. FOXSEARCH - Tool for monitoring a QUANTUM target which involves FOXACID servers
692. FREEFLOW - One-way data diodes, see HANGARSURPLUS and SURPLUSHANGAR *
693. FREEZEPOST - Something related to NSA's TAO division
694. FROZENGAZE - System related to SECONDDATE operations *
695. FRUGALSHOT - FOXACID servers for receiving callbacks from computers infected with NSA spying software *
696. FUNNELAPS - DNT standard exfiltration data format *
697. FUZZBUNCH - An exploit framework containing 15 exploits and advanced kernel-mode backdoors for Windows, published by the Shadow Brokers *
698.  
699. G
700. GADGET HISS - Computer network "intrusion set" already identified in 2007 *
701. GECKO II - System consisting of hardware implant MR RF or GSM, UNITEDRAKE software implant, IRONCHEF persistence back door
702. GENESIS - Modified GSM handset for covert network surveys, recording of RF spectrum use, and handset geolocation based on software defined radio
703. GENIE - Overall close-access program, collection by Sigads US-3136 and US-3137 * *
704. GHOST - Alleged NSA hacking tool, offered for sale by Shadow Brokers *
705. GHOSTRECON - Related to the VOYEUR intrusion set *
706. GNOMEFISHER - Major cyber threat category countered by the TUTELAGE system *
707. GNOMEVISION - Analytic tool for cyber attacks *
708. GODSURGE - Runs on FLUXBABBITT circuit board to provide software persistence by exploiting JTAG debugging interface of server processors, requires interdiction and removal of motherboard of JTAG scan chain reconnection
709. GOLLUM - Computer implant created by a partner agency *
710. GOPHERRAGE - Pilot project that seeks to develop a hypervisor implant to provide implant capabilites and a back door *
711. GOPHERSET - Software implant on GMS SIM phase 2+ Toolkit cards that exfiltrates contact list, SMS and call log from handset via SMS to user-defined phone; malware loaded using USB smartcard reader or over-the-air.
712. GOSSIPGIRL - Cyber threat actor *
713. GOTHAM - Processor for external monitor recreating target monitor from red video
714. GOTHAMKNIGHT - A payload for the ELIGIBLEBOMBSHELL TOPSEC firewall exploit *
715. GOURMETTROUGH - Configurable implant for Juniper NetScreen firewalls including SSG type, minimal beaconing
716. GROK - Computer implant plug-in used to log keystrokes
717. GUMFISH - Computer implant plug-in to take over a computer’s webcam and snap photographs
718.  
719. H
720. HALLUXWATER - Software implant as boot ROM upgrade for Huawei Eudemon firewalls, finds patch points in inbound packet processing, used in O2, Vodafone and Deutsche Telekom
721. HAMMERCHANT - Implant for network routers to intercept and perform exploitation attacks against data sent through a Virtual Private Network (VPN) and/or phone calls via Skype and other VoIP software *
722. HAMMERMILL - Insertion Tool controls HEADWATER boot ROM backdoor
723. HAMMERSTEIN - Implant for network routers to intercept and perform exploitation attacks against data sent through a Virtual Private Network (VPN) and/or phone calls via Skype and other VoIP software
724. HANGARSURPLUS - Low-to-High diode used for botnet hacking *
725. HAPPYFOOT - Program that intercepts traffic generated by mobile apps that send a smartphone’s location to advertising networks *
726. HAPPYHOUR - Plug-in for the wireless survey and exploitation system BLINDDATE *
727. HAWALA - ? *
728. HEADMOVIES - TAO computer hacking project *
729. HEADWATER - Permanent backdoor in boot ROM for Huawei routers stable to firmware updates, installed over internet, capture and examination of all IP packets passing through host router, controlled by Hammermill Insertion Tool
730. HIDDENTEMPLE - A payload for the ELIGIBLEBOMBSHELL TOPSEC firewall exploit *
731. HIGHLANDS - Technique for close access collection from computer implants *
732. HOGTECH - Streaming packets collected through hacking operations *
733. HOWLERMONKEY (HM) - Generic radio frequency (RF) transceiver tool used for various applications *
734. HUFF - System like FOXACID? *
735. HYDROCASTLE - Tool or database with 802.11 configuration data extracted from CNE activity in specific locations *
736.  
737. I
738. ICYTWINS - Processing system for data collected from vPCS shaping under the STEELFLAUTA program *
739. INCAADAM - Major intrusion set effort *
740. INCISION - Implant presumably used by TAO's Equation Group and offered for sale by Shadow Brokers *
741. INTOLERANT - Data set stolen by hackers, discovered and exploited by CSEC and Menwith Hill Station since 2010 *
742. IRATEMONK - Hard drive firmware providing software persistence for desktops and laptops via Master Boot Record substitution, for Seagate Maxtor Samsung file systems FAR NRFS EXT3 UFS, payload is implant installer, shown at internet cafe *
743. IRONAVENGER - NSA hacking operation against an ally and an adversary (2010) *
744. IRONCHEF - Provides access persistence back door exploiting BIOS and SMM to communicate with a 2-way RF hardware implant
745. IRONPERSISTANCE - Access Technologies Operations (ATO) operation support to DIA in Afghanistan *
746. ITIME - Alleged NSA hacking tool, offered for sale by Shadow Brokers *
747.  
748. J
749. JACKLADDER - Implant presumably used by TAO's Equation Group and offered for sale by Shadow Brokers *
750. JEEPFLEA - TAO computer hacking project *
751. JETPLOW - A firmware persistence implant for Cisco ASA and PIX devices that persists BANANAGLEE *
752. JIFFYRAUL - A module loaded into Cisco PIX firewalls with BANANAGLEE *
753. JOLLYROGER - Tool that provides metadata that describe the networking environment of TAO-implanted Windows PCs *
754. JUMPDOLLAR - Tool to support various file systems *
755. JUNIORMINT - Implant digital core, either mini printed circuit board or ultra-mini Flip Chip Module, contains ARM9 micro-controller, FPGA Flash SDRAM and DDR2 memories
756.  
757.  
758. [NSA codenames used under the SPINALTAP program]
759. NSA codenames (not included on this page) used under the SPINALTAP program
760. for combining data from active hacking operations
761. and passive signals intelligence collection.
762.  
763. K
764. KIRKBOMB - Windows kernel examination to detect loaded drivers and processes *
765. KOALAPUNCH - TAO computer hacking project *
766. KONGUR - Software implant restorable by GINSU after OS upgrade or reinstall
767.  
768. L
769. LEAKYFAUCET - Flow repository of 802.11 WiFi IP addresses and clients via STUN data *
770. LEGION AMBER - Chinese hacking operation against a major US software company *
771. LEGION AMETHYST - Hacking effort by China in which private e-mails of top US officials were obtained; previously codenamed DANCING PANDA (since 2010) *
772. LEGION JADE - A group of Chinese hackers *
773. LEGION RUBY - A group of Chinese hackers *
774. LEGION YANKEE - Chinese hacking operation against the Pentagon and defense contractors (2011)*
775. LIFESAVER - Technique which images the hard drive of computers *
776. LOUDAUTO - An ANGRYNEIGHBOR radar retro-reflector, microphone captures room audio by pulse position modulation of square wave
777. LUTEUSICARUS - TAO computer hacking project *
778. LUTEUSOBSTOS - Codeword found in the source code used by the Equation hacking group *
779.  
780. M
781. MADBISHOP - Hard drive implant *
782. MAESTRO-II - Mini digital core implant, standard TAO implant architecture
783. MAGICBEAN - Man-in-the-middle WiFi attack tool *
784. MAGICJACK - Alleged NSA implant, offered for sale by Shadow Brokers *
785. MAGICSQUIRREL - Man-in-the-middle WiFi attack tool *
786. MAGNETIC - Technique of sensor collection of magnetic emanations *
787. MAGNUMOPUS - TAO computer hacking project *
788. MAKERSMARK - Major cyber threat category countered by the TUTELAGE system * identified in 2007 *
789. MAVERICK CHURCH - Major cyber threat category countered by the TUTELAGE system, formerly BISHOP * part of BYZANTINE HADES *
790. MIDDLEMAN - TAO covert network
791. MINERALIZE - Technique for close access collection through LAN implants *
792. MIRROR - Automated survey system that can for example identify the presence of a VPN; interface to the ROADBED system *
793. MISTYVEAL (MV) - Another version of VALIDATOR for installation on a target's computer *
794. MOCCASIN - A hardware implant, permanently connected to a USB keyboard *
795. MONKEYCALENDAR - Software implant on GMS SIM cards that exfiltrates user geolocation data
796. MOUSETRAP - Sandia implant for EFI *
797. MURPHYSLAW - TAO computer hacking project *
798.  
799. N
800. NATIVE DANCER - Major cyber threat category countered by the TUTELAGE system *
801. NEBULA - Base station router similar to CYCLONE Hx9
802. NIGHTWATCH - Portable computer in shielded case for recreating target monitor from progressive-scan non-interlaced VAGRANT signals
803. NIGHTSTAND (NS) - Plug-in for the wireless survey and exploitation system BLINDDATE, which injects a packet that forces a client to access a monitored listening post *
804. NIGHTTRAIN - Major intrusion set effort *
805. NITESTAND - See NIGHTSTAND
806. NITRO ZEUS - Umbrella program for hacking operations against Iranian critical civilian and military infrastructure *
807. NOPEN - A RAT or post-exploitation shell consisting of a client and a server that encrypts data using RC6, offered for sale by Shadow Brokers *
808.  
809. O
810. ODDJOB – A HTTP command and control implant for installation on compromised Windows hosts, published by the Shadow Brokers *
811. OLYMPIC - First word of nicknames for programs involving defense against Chinese cyber-warfare and US offensive cyber-warfare *
812. OLYMPIC GAMES - Joint US and Israel operation against the Iranian nuclear program (aka Stuxnet)*
813. OLYMPUS - Software component of VALIDATOR/SOMBERKNAVE used to communicate via wireless LAN 802.11 hardware *
814. OPTICPINCH - Internal mission network for TAO/ROC hacking operations, connected to FIGBUILD through ROOTKNOT (2009) *
815. ORANGUTAN - Implant, tool or exploit presumably used by TAO's Equation Group *
816. ORLEANSTRIDE - Alleged NSA implant, offered for sale by Shadow Brokers *
817.  
818. P
819. PACKETWRENCH - Computer exploit delivered by the FERRETCANON system *
820. PANDAROCK - A tool for connecting to a POLARPAWS implant *
821. PANDORAS MAYHEM - Part of QUANTUM operations involving TUTELAGE *
822. PARCHDUSK (PD) - Productions Operation of NSA's TAO division *
823. PASSIONATEPOLKA - TAO tool for remotely bricking network cards *
824. PASTEPIG - NetApp on the TAONet/NSANet DMZ *
825. PATCHICILLIN - Implant, tool or exploit presumably used by TAO's Equation Group *
826. PCLEAN - Alleged NSA hacking tool, offered for sale by Shadow Brokers *
827. PEDDLECHEAP - Computer exploit delivered by the FERRETCANON system *
828. PERFECT CITIZEN - Research and engineering program to counter cyberattacks, in cooperation with Raytheon *
829. PHOENIX Exploit Kit - Major cyber threat category countered by the TUTELAGE system *
830. PHOTOANGLO - A continuous wave generator and receiver. The bugs on the other end are ANGRYNEIGHBOR class
831. PITIEDFOOL - A suite of CNA tools for use against file systems. Overwrites data to the point it is irrecoverable.
832. PLAIDDIANA - Major intrusion set effort *
833. PLUCKHAGEN - An IRATEMONK implantation for ARM-based Fujitsu drives *
834. POLARBREEZE - NSA technique to tap into nearby computers *
835. POLARPAWS - An implant for a firewall form an unknown vendor *
836. POLARSNEEZE - An implant for a firewall form an unknown vendor *
837. POLARSTARKEY - Network Defense data source *
838. POLITERAIN - CNA team or operation from the ATO unit of TAO *
839. POPROCKS - Chinese cyber attacks against video conference provides, 2009 Navy Router Incident, part of BYZANTINE HADES *
840. POPQUIZ - Project of NSA's Research Directorate to collect network metadata on high-bandwidth protocols such as HTTP, SMTP and DNS (2008) * or analytic tool for cyper attacks *
841. PORK - Alleged NSA implant, offered for sale by Shadow Brokers *
842. POTBED - TAO computer hacking project *
843. PROTOSS - Local computer handling radio frequency signals from implants
844. PUZZLECUBE - TAO tasking database * *
845.  
846. Q
847. QFIRE - A consolidated QUANTUMTHEORY platform to reduce latencies by co-locating passive sensors with local decisioning and traffic injection (under development in 2011)
848. QUANTUM - Secret servers placed by NSA at key places on the internet backbone; part of the TURMOIL program *
849. QUANTUMBISCUIT - Enhancement of QUANTUMINSERT for targets which are behind large proxies *
850. QUANTUMBOT - Method for taking control of idle IRC bots and botnets) *
851. QUANTUMBOT2 - Combination of Q-BOT and Q-BISCUIT for webbased botnets *
852. QUANTUMCOOKIE - Method to force cookies onto target computers
853. QUANTUMCOPPER - Method for corrupting file uploads and downloads *
854. QUANTUMDIRK - Replacement for the QUANTUMINSERT hacking toolset that injects malicious content into chat services provided by websites such as Facebook and Yahoo *
855. QUANTUMDNS - DNS injection/redirection based off of A record queries *
856. QUANTUMHAND - Man-on-the-side technique using a fake Facebook server *
857. QUANTUMINSERT (QI) - Man-on-the-side technique that redirects target internet traffic to a FOXACID server for exploitation *
858. QUANTUMMUSH - Targeted spam exploitation method *
859. QUANTUMNATION - Umbrella for COMMONDEER and VALIDATOR computer exploits
860. QUANTUMPHANTOM - Hijacks any IP address to use as covert infrastructure *
861. QUANTUMSKY - Malware used to block targets from accessing certain websites through RST packet spoofing *
862. QUANTUMSMACKDOWN - Method for using packet injection to block attacks against DoD computers *
863. QUANTUMSPIN - Exploitation method for instant messaging *
864. QUANTUMSQUEEL - Method for injecting MySQL persistant database connections *
865. QUANTUMSQUIRREL - Using any IP address as a covert infrastructure *
866. QUANTUMTHEORY (QT) - Computer hacking toolbox, which dynamically injects packets into target's network session *
867. QWERTY - TAO keylogger tool, probably a component of the WARRIORPRIDE malware framework *
868.  
869. R
870. RADON - Host tap that can inject Ethernet packets *
871. RAGEMASTER - Part of ANGRYNEIGHBOR radar retro-reflectors, for red video graphics array cable in ferrite bead RFI chokers between video card and monitor, target for RF flooding and collection of VAGRANT video signal
872. RAISEBED - Access system *
873. RAPTOR JOY - Intrusion set? *
874. RAPTOR ROLEX - Intrusion set? *
875. RAPORT SAD - Intrusion set? *
876. RATWHARF - Cyber mission *
877. RECORDER - Major intrusion set effort *
878. REGIN - Highly sophisticated spyware found in computers systems worldwide, supposedly used by NSA and GCHQ (discovered in 2013, codename by Microsoft) *
879. REPLICANTFARM - Signature based output of the WARRIORPRIDE framework *
880. RETICULUM - Implant, tool or exploit presumably used by TAO's Equation Group *
881. RETURNSPRING - High-side server shown in UNITEDRAKE internet cafe monitoring graphic
882. REXKWONDO - TAO project for shaping and MitM capabilities against Lebanon's internet traffic (2013) *
883. ROGUESAMURAI - Test framework of TAO's persistence division for testing computer exploits *
884. ROOTKNOT - One-way transfer device *
885.  
886. S
887. SADDLEBACK - Hacking tool that performs a firmware modification? *
888. SCHOOLMONTANA - Software implant for Juniper J-series routers used to direct traffic between server, desktop computers, corporate network and internet
889. SCREAMINGHARPY - TAO computer hacking project *
890. SCREAMINGPLOW - Similar to JETPLOW *
891. SEAGULLFARO - Processing system on TAONet, part of DEEPFRIEDPIG * part of OPTICPINCH in 2009 *
892. SEASONEDMOTH (SMOTH) - Stage0 computer implant which dies after 30 days, deployed by the QUANTUMNATION method
893. SECONDDATE - Method to influence real-time communications between client and server in order to redirect web-browsers to FOXACID malware servers, offered for sale by Shadow Brokers * component of BADDECISION *
894. SEED SPHERE - Computer network "intrusion set" identified in 2007 * *
895. SENTRY EAGLE (SEE) - Overarching umbrella program for ECI compartments and SAP programs of the National Initiative to protect US cyberspace
896. SENTRY HAWK - ECI compartment of SENTRY EAGLE that protects information about Computer Network Exploitation *
897. SENTRY FALCON - ECI compartment of SENTRY EAGLE that protects information about Computer Network Defense *
898. SERUM - Bank of servers within ROC managing approvals and ticket system
899. SHADOWDRAGON - Major intrusion set effort *
900. SHAREDTAFFY - TAO computer hacking project *
901. SHARPFOCUS (SF2) - Productions Operation of NSA's TAO division *
902. SHARPSHADOW - TAO computer hacking project *
903. SHELLGREY - DNT standard exfiltration metadata format *
904. SHENTYSDELIGHT - Alleged NSA hacking tool, offered for sale by Shadow Brokers *
905. SHEPARD - Related to the MAKERSMARK intrusion set *
906. SHORTSHEET - NSA tool for Computer Network Exploitation *
907. SHOTGIANT - NSA operation for hacking and monitoring the Huawei network (since 2009)
908. SHOUTPIG - FTP server on the TAONet/NSANet DMZ *
909. SIDETRACK - Implant, tool or exploit presumably used by TAO's Equation Group *
910. SIERRAMONTANA - Software implant for Juniper M-series routers used by enterprises and service providers
911. SIFT - Alleged NSA implant, offered for sale by Shadow Brokers *
912. SILLYBUNNY - Some kind of webbrowser tag which can be used as selector *
913. SKIMCOUNTRY - Alleged NSA implant, offered for sale by Shadow Brokers *
914. SKYHOOKCHOW - Codeword found in the source code used by the Equation hacking group *
915. SLICKERVICAR - Used with UNITEDRAKE or STRAITBIZARRE to upload hard drive firmware to implant IRATEMONK
916. SLIPSTREAM - Part of the WARRIORPRIDE framework *
917. SLYHERETIC_CHECKER - Alleged NSA hacking tool, offered for sale by Shadow Brokers *
918. SNORT - Repository of computer network attack techniques/coding
919. SNOWGLOBE - Hacking operations against the US that may have originated in France * *
920. SODAPRESSED - Linux application presistence *
921. SOMBERKNAVE - Windows XP wireless software implant providing covert internet connectivity, routing TCP traffic via an unused 802.11 network device allowing OLYMPUS or VALIDATOR to call home from air-gapped computer
922. SOUFFLETROUGH - Software implant in BIOS Juniper SSG300 and SSG500 devices, permanent backdoor, modifies ScreenOS at boot, utilizes Intel's System Management Mode
923. SPARROW II - Airborne wireless network detector running BLINDDATE tools via 802.11
924. SPECULATION - Protocol for over-the-air communication between COTTONMOUTH computer implant devices, compatible with HOWLERMONKEY
925. SPINALTAP - NSA program for combining data from active hacking operations and passive signals intelligence collection *
926. SPITEFULANGEL - Hacking tool or method in or for the Python programming language *
927. STEALTHFIGTHER - Codeword found in the source code used by the Equation hacking group *
928. STEELFLAUTA - TAO traffic shaping program supporting SSO cable tapping collection
929. STOICSURGEON - Hacking tool presumably used by TAO's Equation Group, offered for sale by Shadow Brokers *
930. STORMPIG - Data cleanup tool on TAONet used for TAO botnet hacking *
931. STRAITACID - Codeword found in the source code used by the Equation hacking group *
932. STRAI(GH)TBIZARRE (SBZ) - TAO software implant used to communicate through covert channels * or spyware that can turn computers into disposable and non-attributable "shooter" nodes *
933. STRAITSHOOTER - Codeword found in the source code used by the Equation hacking group *
934. STRIFEWORLD - Alleged NSA implant, offered for sale by Shadow Brokers *
935. STRIKEZONE - Device running HOWLERMONKEY personality
936. STRONGMITE - Computer at remote operations center used for long range communications
937. STUCCOMONTANA - Software implant for Juniper T-Series routers used in large fixed-line, mobile, video, and cloud networks, otherwise just like SCHOOLMONTANA
938. STUMPCURSOR - Foreign computer accessing program of the NSA's Tailored Access Operations
939. STUXNET - A computer worm that was used to destroy Iran's nuclear centrifuges (discovered in 2010)
940. STYLISHCHAMP - Tool that can create a HPA on a hard drive and then provide raw reads and writes to this area *
941. SUAVEEYEFUL - Alleged NSA implant, offered for sale by Shadow Brokers *
942. SUBTLESNOW - Major cyber threat category countered by the TUTELAGE system *
943. SUCTIONCHAR - Alleged NSA implant, offered for sale by Shadow Brokers *
944. SUPERDRAKE - Cyber threat actor * related to WIDOWKEY *
945. SURLEYSPAWN - Data RF retro-reflector, gathers keystrokes FSK frequency shift keyed radar retro-reflector, USB or IBM keyboards
946. SURPASSPIN - Transfers commands and tasking instructions from TAO's internal to the external mission network * receives messages from the FLASHHANDLE Mission Manager *
947. SURPLUSHANGAR (SH) - High-to-Low diode, used for the QUANTUM system * and botnet hacking *
948. SUTURESAILOR - Printed circuit board digital core used with HOWLERMONKEY
949. SWAP - Implanted software persistence by exploiting motherboard BIOS and hard drive Host Protected Area for execution before OS loads, operative on windows linux, freeBSD Solaris
950.  
951. T
952. TEFLONDOOR - A self-destructing post-exploitation shell for executing an arbitrary file *
953. TITAN RAIN - Presumably Chinese attacks on American computer systems (since 2003)
954. TOAST - Alleged NSA hacking tool, offered for sale by Shadow Brokers *
955. TORNSTEAK - Exploit solution for two firewall devices from a particular vendor *
956. TOTECHASER - Software implant in flash ROM windows CE for Thuraya 2520 satellite/GSM/web/email/MMS/GPS
957. TOTEGHOSTLY - Modular implant for windows mobile OS based on SB using CP framework, Freeflow-compliant so supported by TURBULENCE architecture
958. TRANSGRESSION - TAO/CES unit providing cryptanalytic support for various missions *
959. TREACLEBETA - TAO hacking against the Pakistani terrorist group Lashkar-e-Taiba *
960. TRINITY - Implant digital core concealed in COTTONMOUTH-I, providing ARM9 microcontroller, FPGA Flash and SDRAM memories *
961. TUNINGFORK - Sustained collection linked to SEAGULLFARO, previously NSA database or cyber threat analysis tool *
962. TURBINE - Active SIGINT: centralized automated command/control system for managing a large network of active computer implants for intelligence gathering (since 2010) *
963. TURBOPANDA - A tool that can be used to communicate with a HALLUXWATER implant and allows read/write to memory, execute an address or packet; joint NSA/CIA project on Huawei network equipment *
964. TUTELAGE - Active defense system with detection sensors that monitor network traffic at for example the NIPRNet in order to detect malicious code and network attacks, part of the TURBULENCE program *
965. TWEEZERS - Major intrusion set effort *
966. TWISTEDKILT - Writes to Host Protected area on hard drive to implant Swap and its implant installer payload, which can be used with the STYLISHCHAMP tool *
967.  
968. U
969. UNCANNY - Video demodulation tool (now: BOTANICREALTY) *
970. UNITEDRAKE - Computer exploit delivered by the FERRETCANON system * receiving e-mails and files *
971. UnPacMan - Processing system on TAONet, part of DEEPFRIEDPIG *
972.  
973. V
974. VAGRANT - Radar retro-reflector technique on video cable to reproduce open computer screens *
975. VALIANTSURF - A "major system acquisition" that enables more efficient Computer Network Operations (CNO) by the TAO division; it will integrate into the TURBULENCE architecture *
976. VALIDATOR - Computer exploit delivered by the FERRETCANON system for looking whether a computer has security software, runs as user process on target OS, modified for SCHOOLMONTANA, initiates a call home, passes to SOMBERKNAVE, downloads OLYMPUS and communicates with remote operation center *
977. VICTORYDANCE - Joint NSA-CIA operation to map WiFi fingerprints of nearly every major town in Yemen *
978. VIEWPLATE - Processor for external monitor recreating target monitor from red video
979. VINYLSEAT - E-mails collected through hacking operations *
980. VIOLETSPIRIT - Alleged NSA hacking tool, offered for sale by Shadow Brokers *
981. VITALAIR - NSA tool
982. VITALAIR2 - Tool or database for automated scanned IP addresses for TAO known vulnerabilities *
983. VOYEUR - US monitoring operation in which an Iranian hacking operation against the US was detected * *
984.  
985. VULCANDEATHGRIP - Repository for data collected from vPCS shaping under the STEELFLAUTA program *
986.  
987. W
988. WAGONBED - Hardware GSM controller board implant on CrossBeam or HP Proliant G5 server that communicates over I2C interface
989. WAITAUTO - Network used by the Remote Operations Center of NSA's TAO division *
990. WALKERBLACK - Related to the MAKERSMARK intrusion set *
991. WARNVULCANO - Something residing on the WAITAUTO network used for TAO botnet hacking *
992. WARRIORPRIDE (WP) - Scalable, flexible and portable unified CNE platform used throughout the Five Eyes; equivalent at GCHQ is DAREDEVIL * It was for example used to break into iPhones *
993. WATCHER - Tipping tool related to SECONDDATE operations, offered for sale by Shadow Brokers *
994. WAXTITAN - TAO computer hacking project *
995. WEASELWAGGLE - Major cyber threat category countered by the TUTELAGE system *
996. WELLSPRING - Tool that strips out facial images from e-mails and other communications, and displays those that might contain passport images *
997. WIDOWKEY - Major intrusion set effort, related to SUPERDRAKE *
998. WHISTLINGDUXIE - TAO computer hacking project *
999. WICKEDVICAR - Hacking tool used to perform remote survey and installation *
1000. WIDOWKEY - Major cyber threat category countered by the TUTELAGE system *
1001. WILDCHOCOBO - TAO computer hacking project *
1002. WILDCOUGAR - TAO computer hacking project *
1003. WILLOWVIXEN - Method to deploy malware by sending out spam e-mails that trick targets into clicking a malicious link * *
1004. WISTFULTOLL - Plug-in for UNITEDRAKE and STRAITBIZARRE used to harvest target forensics via Windows Management Instrumentation and Registry extractions, can be done through USB thumb drive *
1005. WINTERLIGHT - A QUANTUM computer hacking program in which Sweden takes part
1006. WOBBLYLLAMA - A payload for the ELIGIBLEBOMBSHELL TOPSEC firewall exploit *
1007.        
1008. create new paste  /  dealsnew!  /  syntax languages  /  archive  /  faq  /  tools  /  night mode  /  api  /  scraping api
1009. privacy statement  /  cookies policy  /  terms of service  /  security disclosure  /  dmca  /  contact
1010.  
1011. Dedicated Server Hosting by Steadfast