aka: Pawn Storm, FANCY BEAR, Sednit, SNAKEMACKEREL, Tsar Team, TG-4127, STRONTIUM, Swallowtail, IRON TWILIGHT, Group 74, SIG40, Grizzly Steppe, G0007, ATK5, Fighting Ursa, ITG05, Blue Athena, TA422, T-APT-12, APT-C-20, UAC-0028, FROZENLAKE, Sofacy
The Sofacy Group (also known as APT28, Pawn Storm, Fancy Bear and Sednit) is a cyber espionage group believed to have ties to the Russian government. Likely operating since 2007, the group is known to target government, military, and security organizations. It has been characterized as an advanced persistent threat.
2023-04-19 ⋅ Microsoft ⋅ Justin Warner, Microsoft Threat Intelligence Center (MSTIC)
@online{warner:20230419:exploring:c68c1d0,
author = {Justin Warner and Microsoft Threat Intelligence Center (MSTIC)},
title = {{Exploring STRONTIUM's Abuse of Cloud Services}},
date = {2023-04-19},
organization = {Microsoft},
url = {https://www.youtube.com/watch?v=_qdCGgQlHJE},
language = {English},
urldate = {2023-04-22}
}
Exploring STRONTIUM's Abuse of Cloud Services
FusionDrive |
2023-04-18 ⋅ Mandiant ⋅ Mandiant
@online{mandiant:20230418:mtrends:af1a28e,
author = {Mandiant},
title = {{M-Trends 2023}},
date = {2023-04-18},
organization = {Mandiant},
url = {https://mandiant.widen.net/s/pkffwrbjlz/m-trends-2023},
language = {English},
urldate = {2023-04-18}
}
M-Trends 2023
QUIETEXIT AppleJeus Black Basta BlackCat CaddyWiper Cobalt Strike Dharma HermeticWiper Hive INDUSTROYER2 Ladon LockBit Meterpreter PartyTicket PlugX QakBot REvil Royal Ransom SystemBC WhisperGate |
2023-03-15 ⋅ Microsoft ⋅ Microsoft Threat Intelligence
@techreport{intelligence:20230315:year:01e29b1,
author = {Microsoft Threat Intelligence},
title = {{A year of Russian hybrid warfare in Ukraine}},
date = {2023-03-15},
institution = {Microsoft},
url = {https://www.microsoft.com/en-us/security/business/security-insider/wp-content/uploads/2023/03/A-year-of-Russian-hybrid-warfare-in-Ukraine_MS-Threat-Intelligence-1.pdf},
language = {English},
urldate = {2023-04-25}
}
A year of Russian hybrid warfare in Ukraine
CaddyWiper DesertBlade DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper PartyTicket SwiftSlicer WhisperGate |
2023-02-16 ⋅ Google ⋅ Shane Huntley
@online{huntley:20230216:fog:de676ba,
author = {Shane Huntley},
title = {{Fog of war: how the Ukraine conflict transformed the cyber threat landscape}},
date = {2023-02-16},
organization = {Google},
url = {https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/},
language = {English},
urldate = {2023-02-16}
}
Fog of war: how the Ukraine conflict transformed the cyber threat landscape
APT28 Ghostwriter SaintBear Sandworm Turla |
2023-02-15 ⋅ Google ⋅ Google Threat Analysis Group, Mandiant
@techreport{group:20230215:fog:0d99aaa,
author = {Google Threat Analysis Group and Mandiant},
title = {{Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape}},
date = {2023-02-15},
institution = {Google},
url = {https://services.google.com/fh/files/blogs/google_fog_of_war_research_report.pdf},
language = {English},
urldate = {2023-03-13}
}
Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape
CaddyWiper Dharma HermeticWiper INDUSTROYER2 PartyTicket WhisperGate Callisto Curious Gorge MUSTANG PANDA Turla |
2023-01-27 ⋅ Cert-UA ⋅ Cert-UA
@online{certua:20230127:cyber:b31b337,
author = {Cert-UA},
title = {{Cyber attack on the Ukrinform information and communication system}},
date = {2023-01-27},
organization = {Cert-UA},
url = {https://cert.gov.ua/article/3718487},
language = {Ukrainian},
urldate = {2023-02-03}
}
Cyber attack on the Ukrinform information and communication system
CaddyWiper |
2023-01-24 ⋅ Fortinet ⋅ Geri Revay
@online{revay:20230124:year:00a1450,
author = {Geri Revay},
title = {{The Year of the Wiper}},
date = {2023-01-24},
organization = {Fortinet},
url = {https://www.fortinet.com/blog/threat-research/the-year-of-the-wiper},
language = {English},
urldate = {2023-01-25}
}
The Year of the Wiper
Azov Wiper Bruh Wiper CaddyWiper Cobalt Strike Vidar |
2022-12-27 ⋅ Palo Alto Networks Unit 42 ⋅ Esmid Idrizovic, Bob Jung, Daniel Raygoza, Sean Hughes
@online{idrizovic:20221227:navigating:4cd52c5,
author = {Esmid Idrizovic and Bob Jung and Daniel Raygoza and Sean Hughes},
title = {{Navigating the Vast Ocean of Sandbox Evasions}},
date = {2022-12-27},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/sandbox-evasion-memory-detection/},
language = {English},
urldate = {2022-12-29}
}
Navigating the Vast Ocean of Sandbox Evasions
TrickBot Zebrocy |
2022-12-09 ⋅ cocomelonc ⋅ cocomelonc
@online{cocomelonc:20221209:malware:cff0b3d,
author = {cocomelonc},
title = {{Malware development: persistence - part 20. UserInitMprLogonScript (Logon Script). Simple C++ example.}},
date = {2022-12-09},
organization = {cocomelonc},
url = {https://cocomelonc.github.io/persistence/2022/12/09/malware-pers-20.html},
language = {English},
urldate = {2022-12-12}
}
Malware development: persistence - part 20. UserInitMprLogonScript (Logon Script). Simple C++ example.
Attor Zebrocy |
2022-12-03 ⋅ Microsoft ⋅ Cliff Watts
@online{watts:20221203:preparing:139621a,
author = {Cliff Watts},
title = {{Preparing for a Russian cyber offensive against Ukraine this winter}},
date = {2022-12-03},
organization = {Microsoft},
url = {https://blogs.microsoft.com/on-the-issues/2022/12/03/preparing-russian-cyber-offensive-ukraine/},
language = {English},
urldate = {2022-12-05}
}
Preparing for a Russian cyber offensive against Ukraine this winter
CaddyWiper HermeticWiper Prestige |
2022-10-24 ⋅ Youtube (Virus Bulletin) ⋅ Alexander Adamov
@online{adamov:20221024:russian:97d3e2a,
author = {Alexander Adamov},
title = {{Russian wipers in the cyberwar against Ukraine}},
date = {2022-10-24},
organization = {Youtube (Virus Bulletin)},
url = {https://www.youtube.com/watch?v=mrTdSdMMgnk},
language = {English},
urldate = {2023-03-20}
}
Russian wipers in the cyberwar against Ukraine
AcidRain CaddyWiper DesertBlade DoubleZero EternalPetya HermeticWiper HermeticWizard INDUSTROYER2 IsaacWiper KillDisk PartyTicket WhisperGate |
2022-09-27 ⋅ SecurityScorecard ⋅ Vlad Pasca
@online{pasca:20220927:deep:203b1f0,
author = {Vlad Pasca},
title = {{A Deep Dive Into the APT28’s stealer called CredoMap}},
date = {2022-09-27},
organization = {SecurityScorecard},
url = {https://securityscorecard.com/research/apt28s-stealer-called-credomap},
language = {English},
urldate = {2022-09-29}
}
A Deep Dive Into the APT28’s stealer called CredoMap
CredoMap |
2022-09-26 ⋅ CrowdStrike ⋅ Ioan Iacob, Iulian Madalin Ionita
@online{iacob:20220926:anatomy:248e6ff,
author = {Ioan Iacob and Iulian Madalin Ionita},
title = {{The Anatomy of Wiper Malware, Part 3: Input/Output Controls}},
date = {2022-09-26},
organization = {CrowdStrike},
url = {https://www.crowdstrike.com/blog/the-anatomy-of-wiper-malware-part-3/},
language = {English},
urldate = {2022-09-29}
}
The Anatomy of Wiper Malware, Part 3: Input/Output Controls
CaddyWiper DEADWOOD DistTrack DoubleZero DUSTMAN HermeticWiper IsaacWiper Meteor Petya Sierra(Alfa,Bravo, ...) StoneDrill WhisperGate ZeroCleare |
2022-09-23 ⋅ Cluster25 ⋅ Cluster25
@online{cluster25:20220923:in:ea96772,
author = {Cluster25},
title = {{In the footsteps of the Fancy Bear: PowerPoint mouse-over event abused to deliver Graphite implants}},
date = {2022-09-23},
organization = {Cluster25},
url = {https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/},
language = {English},
urldate = {2022-09-26}
}
In the footsteps of the Fancy Bear: PowerPoint mouse-over event abused to deliver Graphite implants
Graphite |
2022-09-23 ⋅ Mandiant ⋅ Mandiant Intelligence
@online{intelligence:20220923:gru:511ea47,
author = {Mandiant Intelligence},
title = {{GRU: Rise of the (Telegram) MinIOns}},
date = {2022-09-23},
organization = {Mandiant},
url = {https://www.mandiant.com/resources/blog/gru-rise-telegram-minions},
language = {English},
urldate = {2022-09-26}
}
GRU: Rise of the (Telegram) MinIOns
ArguePatch CaddyWiper |
2022-08-18 ⋅ Trustwave ⋅ Pawel Knapczyk
@online{knapczyk:20220818:overview:bf3eca2,
author = {Pawel Knapczyk},
title = {{Overview of the Cyber Weapons Used in the Ukraine - Russia War}},
date = {2022-08-18},
organization = {Trustwave},
url = {https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/overview-of-the-cyber-weapons-used-in-the-ukraine-russia-war/},
language = {English},
urldate = {2022-08-28}
}
Overview of the Cyber Weapons Used in the Ukraine - Russia War
AcidRain CaddyWiper Cobalt Strike CredoMap DCRat DoubleZero GraphSteel GrimPlant HermeticWiper INDUSTROYER2 InvisiMole IsaacWiper PartyTicket |
2022-08-18 ⋅ Trustwave ⋅ Pawel Knapczyk
@online{knapczyk:20220818:overview:a12950c,
author = {Pawel Knapczyk},
title = {{Overview of the Cyber Weapons Used in the Ukraine - Russia War}},
date = {2022-08-18},
organization = {Trustwave},
url = {https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/overview-of-the-cyber-weapons-used-in-the-ukraine-russia-war},
language = {English},
urldate = {2022-08-22}
}
Overview of the Cyber Weapons Used in the Ukraine - Russia War
AcidRain CaddyWiper Cobalt Strike CredoMap DCRat DoubleZero GraphSteel GrimPlant HermeticWiper INDUSTROYER2 InvisiMole IsaacWiper PartyTicket |
2022-08-12 ⋅ CrowdStrike ⋅ Ioan Iacob, Iulian Madalin Ionita
@online{iacob:20220812:anatomy:b13ce32,
author = {Ioan Iacob and Iulian Madalin Ionita},
title = {{The Anatomy of Wiper Malware, Part 1: Common Techniques}},
date = {2022-08-12},
organization = {CrowdStrike},
url = {https://www.crowdstrike.com/blog/the-anatomy-of-wiper-malware-part-1/},
language = {English},
urldate = {2023-01-19}
}
The Anatomy of Wiper Malware, Part 1: Common Techniques
Apostle CaddyWiper DEADWOOD DistTrack DoubleZero DUSTMAN HermeticWiper IsaacWiper IsraBye KillDisk Meteor Olympic Destroyer Ordinypt Petya Sierra(Alfa,Bravo, ...) StoneDrill WhisperGate ZeroCleare |
2022-07-19 ⋅ Google ⋅ Billy Leonard
@online{leonard:20220719:continued:2a97da1,
author = {Billy Leonard},
title = {{Continued cyber activity in Eastern Europe observed by TAG}},
date = {2022-07-19},
organization = {Google},
url = {https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag},
language = {English},
urldate = {2022-08-05}
}
Continued cyber activity in Eastern Europe observed by TAG
CyberAzov APT28 Callisto Ghostwriter Sandworm Turla |
2022-07-18 ⋅ Palo Alto Networks Unit 42 ⋅ Unit 42
@online{42:20220718:fighting:865c81e,
author = {Unit 42},
title = {{Fighting Ursa}},
date = {2022-07-18},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/atoms/fighting-ursa/},
language = {English},
urldate = {2022-07-29}
}
Fighting Ursa
Cannon Zebrocy APT28 |
2022-06-26 ⋅ BushidoToken
@online{bushidotoken:20220626:overview:97370ff,
author = {BushidoToken},
title = {{Overview of Russian GRU and SVR Cyberespionage Campaigns 1H 2022}},
date = {2022-06-26},
url = {https://blog.bushidotoken.net/2022/06/overview-of-russian-gru-and-svr.html},
language = {English},
urldate = {2022-08-09}
}
Overview of Russian GRU and SVR Cyberespionage Campaigns 1H 2022
Cobalt Strike CredoMap EnvyScout |
2022-06-20 ⋅ Cert-UA ⋅ Cert-UA
@online{certua:20220620:apt28:2c02bf5,
author = {Cert-UA},
title = {{APT28 cyberattack using CredoMap malware (CERT-UA#4843)}},
date = {2022-06-20},
organization = {Cert-UA},
url = {https://cert.gov.ua/article/341128},
language = {Ukrainian},
urldate = {2022-07-15}
}
APT28 cyberattack using CredoMap malware (CERT-UA#4843)
CredoMap |
2022-05-27 ⋅ PTSecurity ⋅ Anton Belousov, Aleksey Vishnyakov
@online{belousov:20220527:how:d00c942,
author = {Anton Belousov and Aleksey Vishnyakov},
title = {{How bootkits are implemented in modern firmware and how UEFI differs from Legacy BIOS}},
date = {2022-05-27},
organization = {PTSecurity},
url = {https://habr.com/ru/amp/post/668154/},
language = {Russian},
urldate = {2022-05-29}
}
How bootkits are implemented in modern firmware and how UEFI differs from Legacy BIOS
LoJax MoonBounce |
2022-05-02 ⋅ AT&T ⋅ Fernando Martinez
@online{martinez:20220502:analysis:e5d626b,
author = {Fernando Martinez},
title = {{Analysis on recent wiper attacks: examples and how wiper malware works}},
date = {2022-05-02},
organization = {AT&T},
url = {https://cybersecurity.att.com/blogs/labs-research/analysis-on-recent-wiper-attacks-examples-and-how-they-wiper-malware-works},
language = {English},
urldate = {2022-05-04}
}
Analysis on recent wiper attacks: examples and how wiper malware works
AcidRain CaddyWiper DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper |
2022-04-28 ⋅ Fortinet ⋅ Gergely Revay
@online{revay:20220428:overview:0ac963f,
author = {Gergely Revay},
title = {{An Overview of the Increasing Wiper Malware Threat}},
date = {2022-04-28},
organization = {Fortinet},
url = {https://www.fortinet.com/blog/threat-research/the-increasing-wiper-malware-threat},
language = {English},
urldate = {2022-04-29}
}
An Overview of the Increasing Wiper Malware Threat
AcidRain CaddyWiper DistTrack DoubleZero EternalPetya HermeticWiper IsaacWiper Olympic Destroyer Ordinypt WhisperGate ZeroCleare |
2022-04-27 ⋅ Microsoft ⋅ Microsoft Digital Security Unit (DSU)
@online{dsu:20220427:special:f1a2031,
author = {Microsoft Digital Security Unit (DSU)},
title = {{Special Report: Ukraine An overview of Russia’s cyberattack activity in Ukraine}},
date = {2022-04-27},
organization = {Microsoft},
url = {https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4Vwwd},
language = {English},
urldate = {2022-05-03}
}
Special Report: Ukraine An overview of Russia’s cyberattack activity in Ukraine
CaddyWiper DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper PartyTicket WhisperGate |
2022-04-12 ⋅ ESET Research ⋅ ESET Research
@online{research:20220412:industroyer2:4d6c5f8,
author = {ESET Research},
title = {{Industroyer2: Industroyer reloaded}},
date = {2022-04-12},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/},
language = {English},
urldate = {2022-04-13}
}
Industroyer2: Industroyer reloaded
ArguePatch CaddyWiper Industroyer INDUSTROYER2 |
2022-04-12 ⋅ Twitter (@silascutler) ⋅ Silas Cutler
@online{cutler:20220412:analysis:561c2a2,
author = {Silas Cutler},
title = {{Tweet on analysis of CADDYWIPER used alongside with INDUSTROYER2}},
date = {2022-04-12},
organization = {Twitter (@silascutler)},
url = {https://twitter.com/silascutler/status/1513870210398363651},
language = {English},
urldate = {2022-05-25}
}
Tweet on analysis of CADDYWIPER used alongside with INDUSTROYER2
CaddyWiper INDUSTROYER2 |
2022-04-12 ⋅ Max Kersten's Blog ⋅ Max Kersten
@online{kersten:20220412:ghidra:4afe367,
author = {Max Kersten},
title = {{Ghidra script to handle stack strings}},
date = {2022-04-12},
organization = {Max Kersten's Blog},
url = {https://maxkersten.nl/binary-analysis-course/analysis-scripts/ghidra-script-to-handle-stack-strings/},
language = {English},
urldate = {2022-04-20}
}
Ghidra script to handle stack strings
CaddyWiper PlugX |
2022-04-12 ⋅ ESET Research ⋅ ESET Ireland
@online{ireland:20220412:industroyer2:aa61be3,
author = {ESET Ireland},
title = {{Industroyer2: Industroyer reloaded}},
date = {2022-04-12},
organization = {ESET Research},
url = {https://blog.eset.ie/2022/04/12/industroyer2-industroyer-reloaded/},
language = {English},
urldate = {2022-05-04}
}
Industroyer2: Industroyer reloaded
CaddyWiper INDUSTROYER2 |
2022-04-12 ⋅ Cert-UA ⋅ Cert-UA
@online{certua:20220412:cyberattack:5f28c75,
author = {Cert-UA},
title = {{Cyberattack of Sandworm Group (UAC-0082) on energy facilities of Ukraine using malicious programs INDUSTROYER2 and CADDYWIPER (CERT-UA # 4435)}},
date = {2022-04-12},
organization = {Cert-UA},
url = {https://cert.gov.ua/article/39518},
language = {Ukrainian},
urldate = {2022-05-25}
}
Cyberattack of Sandworm Group (UAC-0082) on energy facilities of Ukraine using malicious programs INDUSTROYER2 and CADDYWIPER (CERT-UA # 4435)
CaddyWiper Industroyer INDUSTROYER2 |
2022-04-10 ⋅ Brandefense ⋅ Brandefense
@online{brandefense:20220410:zebrocy:467d0a0,
author = {Brandefense},
title = {{Zebrocy Malware Technical Analysis Report}},
date = {2022-04-10},
organization = {Brandefense},
url = {https://brandefense.io/zebrocy-malware-technical-analysis-report/},
language = {English},
urldate = {2022-05-03}
}
Zebrocy Malware Technical Analysis Report
Zebrocy |
2022-04-05 ⋅ Morphisec ⋅ Michael Dereviashkin
@online{dereviashkin:20220405:new:2f2f8a9,
author = {Michael Dereviashkin},
title = {{New Analysis: The CaddyWiper Malware Attacking Ukraine}},
date = {2022-04-05},
organization = {Morphisec},
url = {https://blog.morphisec.com/caddywiper-analysis-new-malware-attacking-ukraine},
language = {English},
urldate = {2022-04-07}
}
New Analysis: The CaddyWiper Malware Attacking Ukraine
CaddyWiper |
2022-04-01 ⋅ splunk ⋅ Splunk Threat Research Team
@online{team:20220401:threat:1955941,
author = {Splunk Threat Research Team},
title = {{Threat Update: CaddyWiper}},
date = {2022-04-01},
organization = {splunk},
url = {https://www.splunk.com/en_us/blog/security/threat-update-caddywiper.html},
language = {English},
urldate = {2022-04-12}
}
Threat Update: CaddyWiper
CaddyWiper |
2022-03-31 ⋅ eSentire ⋅ eSentire Threat Response Unit (TRU)
@online{tru:20220331:esentire:287e4dd,
author = {eSentire Threat Response Unit (TRU)},
title = {{eSentire Threat Intelligence Malware Analysis: CaddyWiper}},
date = {2022-03-31},
organization = {eSentire},
url = {https://www.esentire.com/blog/esentire-threat-intelligence-malware-analysis-caddywiper},
language = {English},
urldate = {2022-05-23}
}
eSentire Threat Intelligence Malware Analysis: CaddyWiper
CaddyWiper |
2022-03-26 ⋅ n0p Blog ⋅ Ali Mosajjal
@online{mosajjal:20220326:analysis:b94c029,
author = {Ali Mosajjal},
title = {{Analysis of a Caddy Wiper Sample Targeting Ukraine}},
date = {2022-03-26},
organization = {n0p Blog},
url = {https://n0p.me/2022/03/2022-03-26-caddywiper/},
language = {English},
urldate = {2022-03-28}
}
Analysis of a Caddy Wiper Sample Targeting Ukraine
CaddyWiper |
2022-03-25 ⋅ GOV.UA ⋅ State Service of Special Communication and Information Protection of Ukraine (CIP)
@online{cip:20220325:who:e75f0ac,
author = {State Service of Special Communication and Information Protection of Ukraine (CIP)},
title = {{Who is behind the Cyberattacks on Ukraine's Critical Information Infrastructure: Statistics for March 15-22}},
date = {2022-03-25},
organization = {GOV.UA},
url = {https://cip.gov.ua/en/news/khto-stoyit-za-kiberatakami-na-ukrayinsku-kritichnu-informaciinu-infrastrukturu-statistika-15-22-bereznya},
language = {English},
urldate = {2022-08-05}
}
Who is behind the Cyberattacks on Ukraine's Critical Information Infrastructure: Statistics for March 15-22
Xloader Agent Tesla CaddyWiper Cobalt Strike DoubleZero GraphSteel GrimPlant HeaderTip HermeticWiper IsaacWiper MicroBackdoor Pandora RAT |
2022-03-24 ⋅ NextGov ⋅ Brandi Vincent
@online{vincent:20220324:ukrainian:74b1566,
author = {Brandi Vincent},
title = {{Ukrainian Cyber Lead Says ‘At Least 4 Types of Malware’ in Use to Target Critical Infrastructure and Humanitarian Aid}},
date = {2022-03-24},
organization = {NextGov},
url = {https://www.nextgov.com/cybersecurity/2022/03/ukrainian-cyber-lead-least-4-types-malware-are-targeting-ukrainian-institutions/363558/},
language = {English},
urldate = {2022-03-25}
}
Ukrainian Cyber Lead Says ‘At Least 4 Types of Malware’ in Use to Target Critical Infrastructure and Humanitarian Aid
CaddyWiper DoubleZero HermeticWiper IsaacWiper |
2022-03-18 ⋅ Malwarebytes ⋅ Threat Intelligence Team
@online{team:20220318:double:fde615f,
author = {Threat Intelligence Team},
title = {{Double header: IsaacWiper and CaddyWiper}},
date = {2022-03-18},
organization = {Malwarebytes},
url = {https://blog.malwarebytes.com/threat-intelligence/2022/03/double-header-isaacwiper-and-caddywiper/},
language = {English},
urldate = {2022-03-28}
}
Double header: IsaacWiper and CaddyWiper
CaddyWiper IsaacWiper |
2022-03-17 ⋅ NioGuard ⋅ NioGuard Security Lab
@online{lab:20220317:analysis:90c9558,
author = {NioGuard Security Lab},
title = {{Analysis of CaddyWiper}},
date = {2022-03-17},
organization = {NioGuard},
url = {https://www.nioguard.com/2022/03/analysis-of-caddywiper.html},
language = {English},
urldate = {2022-03-22}
}
Analysis of CaddyWiper
CaddyWiper |
2022-03-16 ⋅ Cyber Security News ⋅ Gurubaran
@online{gurubaran:20220316:destructive:f915ddf,
author = {Gurubaran},
title = {{Destructive Data Wiper Malware Targeting high-profile Ukrainian Organizations}},
date = {2022-03-16},
organization = {Cyber Security News},
url = {https://cybersecuritynews.com/destructive-data-wiper-malware/},
language = {English},
urldate = {2022-03-17}
}
Destructive Data Wiper Malware Targeting high-profile Ukrainian Organizations
CaddyWiper |
2022-03-15 ⋅ The Hacker News ⋅ Ravie Lakshmanan
@online{lakshmanan:20220315:caddywiper:f70771d,
author = {Ravie Lakshmanan},
title = {{CaddyWiper: Yet Another Data Wiping Malware Targeting Ukrainian Networks}},
date = {2022-03-15},
organization = {The Hacker News},
url = {https://thehackernews.com/2022/03/caddywiper-yet-another-data-wiping.html},
language = {English},
urldate = {2022-03-17}
}
CaddyWiper: Yet Another Data Wiping Malware Targeting Ukrainian Networks
CaddyWiper |
2022-03-15 ⋅ SecurityAffairs ⋅ Pierluigi Paganini
@online{paganini:20220315:caddywiper:13b5403,
author = {Pierluigi Paganini},
title = {{CaddyWiper, a new data wiper hits Ukraine}},
date = {2022-03-15},
organization = {SecurityAffairs},
url = {https://securityaffairs.co/wordpress/129069/cyber-warfare-2/caddywiper-wiper-hits-ukraine.html},
language = {English},
urldate = {2022-03-15}
}
CaddyWiper, a new data wiper hits Ukraine
CaddyWiper |
2022-03-15 ⋅ Cisco ⋅ Cisco Talos
@online{talos:20220315:threat:67922cf,
author = {Cisco Talos},
title = {{Threat Advisory: CaddyWiper}},
date = {2022-03-15},
organization = {Cisco},
url = {https://blog.talosintelligence.com/2022/03/threat-advisory-caddywiper.html},
language = {English},
urldate = {2022-03-18}
}
Threat Advisory: CaddyWiper
CaddyWiper |
2022-03-15 ⋅ SecurityIntelligence ⋅ Christopher Del Fierro, John Dwyer
@online{fierro:20220315:caddywiper:6504bd2,
author = {Christopher Del Fierro and John Dwyer},
title = {{CaddyWiper: Third Wiper Malware Targeting Ukrainian Organizations}},
date = {2022-03-15},
organization = {SecurityIntelligence},
url = {https://securityintelligence.com/posts/caddywiper-malware-targeting-ukrainian-organizations/},
language = {English},
urldate = {2022-03-16}
}
CaddyWiper: Third Wiper Malware Targeting Ukrainian Organizations
CaddyWiper |
2022-03-15 ⋅ TRUESEC ⋅ Nicklas Keijser
@online{keijser:20220315:analysis:648df73,
author = {Nicklas Keijser},
title = {{Analysis of CaddyWiper, wiper targeting Ukraine}},
date = {2022-03-15},
organization = {TRUESEC},
url = {https://www.truesec.com/hub/blog/analysis-of-caddywiper-wiper-targeting-ukraine},
language = {English},
urldate = {2022-03-16}
}
Analysis of CaddyWiper, wiper targeting Ukraine
CaddyWiper |
2022-03-15 ⋅ Twitter (@HackNPatch) ⋅ HackNPatch
@online{hacknpatch:20220315:exploring:5399622,
author = {HackNPatch},
title = {{Tweet on Exploring CaddyWiper API resolution}},
date = {2022-03-15},
organization = {Twitter (@HackNPatch)},
url = {https://twitter.com/HackPatch/status/1503538555611607042},
language = {English},
urldate = {2022-03-28}
}
Tweet on Exploring CaddyWiper API resolution
CaddyWiper |
2022-03-15 ⋅ ESET Research ⋅ ESET Research
@online{research:20220315:caddywiper:0edb827,
author = {ESET Research},
title = {{CaddyWiper: New wiper malware discovered in Ukraine}},
date = {2022-03-15},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2022/03/15/caddywiper-new-wiper-malware-discovered-ukraine/},
language = {English},
urldate = {2022-03-15}
}
CaddyWiper: New wiper malware discovered in Ukraine
CaddyWiper |
2022-03-14 ⋅ Twitter (@ESETresearch) ⋅ ESET Research
@online{research:20220314:caddywiper:ac25105,
author = {ESET Research},
title = {{Tweet on CaddyWiper as 3rd destructive wiper found deployed against Ukraine}},
date = {2022-03-14},
organization = {Twitter (@ESETresearch)},
url = {https://twitter.com/ESETresearch/status/1503436420886712321},
language = {English},
urldate = {2022-03-14}
}
Tweet on CaddyWiper as 3rd destructive wiper found deployed against Ukraine
CaddyWiper |
2022-03-14 ⋅ Bleeping Computer ⋅ Sergiu Gatlan
@online{gatlan:20220314:new:b53c7a5,
author = {Sergiu Gatlan},
title = {{New CaddyWiper data wiping malware hits Ukrainian networks}},
date = {2022-03-14},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/new-caddywiper-data-wiping-malware-hits-ukrainian-networks/},
language = {English},
urldate = {2022-03-17}
}
New CaddyWiper data wiping malware hits Ukrainian networks
CaddyWiper |
2022-03-14 ⋅ Cybernews ⋅ Jurgita Lapienytė
@online{lapienyt:20220314:new:965eae1,
author = {Jurgita Lapienytė},
title = {{New destructive wiper malware deployed in Ukraine}},
date = {2022-03-14},
organization = {Cybernews},
url = {https://cybernews.com/cyber-war/new-destructive-wiper-malware-deployed-in-ukraine/},
language = {English},
urldate = {2022-03-15}
}
New destructive wiper malware deployed in Ukraine
CaddyWiper |
2022-02-28 ⋅ Microsoft ⋅ MSRC Team
@online{team:20220228:cyber:69efe8b,
author = {MSRC Team},
title = {{Cyber threat activity in Ukraine: analysis and resources}},
date = {2022-02-28},
organization = {Microsoft},
url = {https://msrc-blog.microsoft.com/2022/02/28/analysis-resources-cyber-threat-activity-ukraine/},
language = {English},
urldate = {2022-07-25}
}
Cyber threat activity in Ukraine: analysis and resources
CaddyWiper DesertBlade DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper PartyTicket WhisperGate DEV-0586 |
2022-01-25 ⋅ Trellix ⋅ Marc Elias, Christiaan Beek, Alexandre Mundo, Leandro Velasco, Max Kersten
@online{elias:20220125:prime:20a5b0c,
author = {Marc Elias and Christiaan Beek and Alexandre Mundo and Leandro Velasco and Max Kersten},
title = {{Prime Minister’s Office Compromised: Details of Recent Espionage Campaign}},
date = {2022-01-25},
organization = {Trellix},
url = {https://www.trellix.com/en-gb/about/newsroom/stories/threat-labs/prime-ministers-office-compromised.html},
language = {English},
urldate = {2022-01-25}
}
Prime Minister’s Office Compromised: Details of Recent Espionage Campaign
Graphite |
2022-01-11 ⋅ ESET Research ⋅ Michal Poslušný
@online{poslun:20220111:signed:1c59d41,
author = {Michal Poslušný},
title = {{Signed kernel drivers – Unguarded gateway to Windows’ core}},
date = {2022-01-11},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2022/01/11/signed-kernel-drivers-unguarded-gateway-windows-core/},
language = {English},
urldate = {2022-01-18}
}
Signed kernel drivers – Unguarded gateway to Windows’ core
InvisiMole LoJax RobinHood Slingshot |
2021-10-26 ⋅ Kaspersky ⋅ Kaspersky Lab ICS CERT
@techreport{cert:20211026:attacks:6f30d0f,
author = {Kaspersky Lab ICS CERT},
title = {{APT attacks on industrial organizations in H1 2021}},
date = {2021-10-26},
institution = {Kaspersky},
url = {https://ics-cert.kaspersky.com/media/Kaspersky-ICS-CERT-APT-attacks-on-industrial-organizations-in-H1-2021-En.pdf},
language = {English},
urldate = {2021-11-08}
}
APT attacks on industrial organizations in H1 2021
8.t Dropper AllaKore AsyncRAT GoldMax LimeRAT NjRAT NoxPlayer Raindrop ReverseRAT ShadowPad Zebrocy |
2021-07-27 ⋅ Blackberry ⋅ BlackBerry Research & Intelligence Team
@techreport{team:20210727:old:3060d53,
author = {BlackBerry Research & Intelligence Team},
title = {{Old Dogs New Tricks: Attackers Adopt Exotic Programming Languages}},
date = {2021-07-27},
institution = {Blackberry},
url = {https://www.blackberry.com/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-old-dogs-new-tricks.pdf},
language = {English},
urldate = {2021-07-27}
}
Old Dogs New Tricks: Attackers Adopt Exotic Programming Languages
elf.wellmess ElectroRAT BazarNimrod Buer Cobalt Strike Remcos Snake TeleBot WellMess Zebrocy |
2021-05-20 ⋅ Github (microsoft) ⋅ Microsoft
@online{microsoft:20210520:microsoft:41112d3,
author = {Microsoft},
title = {{Microsoft 365 Defender Hunting Queries for hunting multiple threat actors' TTPs and malwares}},
date = {2021-05-20},
organization = {Github (microsoft)},
url = {https://github.com/microsoft/Microsoft-365-Defender-Hunting-Queries},
language = {English},
urldate = {2021-05-25}
}
Microsoft 365 Defender Hunting Queries for hunting multiple threat actors' TTPs and malwares
STRRAT OceanLotus BabyShark Elise Revenge RAT WastedLocker Zebrocy |
2021-04-19 ⋅ Sentinel LABS ⋅ Marco Figueroa
@online{figueroa:20210419:deep:f5cf649,
author = {Marco Figueroa},
title = {{A Deep Dive into Zebrocy’s Dropper Docs}},
date = {2021-04-19},
organization = {Sentinel LABS},
url = {https://labs.sentinelone.com/a-deep-dive-into-zebrocys-dropper-docs/},
language = {English},
urldate = {2021-04-20}
}
A Deep Dive into Zebrocy’s Dropper Docs
Downdelph |
2021-03-18 ⋅ PRODAFT Threat Intelligence ⋅ PRODAFT
@techreport{prodaft:20210318:silverfish:f203208,
author = {PRODAFT},
title = {{SilverFish GroupThreat Actor Report}},
date = {2021-03-18},
institution = {PRODAFT Threat Intelligence},
url = {https://www.prodaft.com/m/uploads/SilverFish_TLPWHITE.pdf},
language = {English},
urldate = {2021-04-06}
}
SilverFish GroupThreat Actor Report
Cobalt Strike Dridex Koadic |
2021-02-25 ⋅ Intezer ⋅ Intezer
@techreport{intezer:20210225:year:eb47cd1,
author = {Intezer},
title = {{Year of the Gopher A 2020 Go Malware Round-Up}},
date = {2021-02-25},
institution = {Intezer},
url = {https://www.intezer.com/wp-content/uploads/2021/02/Intezer-2020-Go-Malware-Round-Up.pdf},
language = {English},
urldate = {2021-06-30}
}
Year of the Gopher A 2020 Go Malware Round-Up
NiuB WellMail elf.wellmess ArdaMax AsyncRAT CyberGate DarkComet Glupteba Nanocore RAT Nefilim NjRAT Quasar RAT WellMess Zebrocy |
2021-02-24 ⋅ Malwarebytes ⋅ Hossein Jazi
@techreport{jazi:20210224:lazyscripter:433f4bc,
author = {Hossein Jazi},
title = {{LazyScripter: From Empire to double RAT}},
date = {2021-02-24},
institution = {Malwarebytes},
url = {https://resources.malwarebytes.com/files/2021/02/LazyScripter.pdf},
language = {English},
urldate = {2021-02-25}
}
LazyScripter: From Empire to double RAT
Octopus Koadic |
2021-01-13 ⋅ AlienVault ⋅ Tom Hegel
@techreport{hegel:20210113:global:72b7b9d,
author = {Tom Hegel},
title = {{A Global Perspective of the SideWinder APT}},
date = {2021-01-13},
institution = {AlienVault},
url = {https://cdn-cybersecurity.att.com/docs/global-perspective-of-the-sidewinder-apt.pdf},
language = {English},
urldate = {2021-01-18}
}
A Global Perspective of the SideWinder APT
8.t Dropper Koadic SideWinder |
2021 ⋅ SecureWorks
@online{secureworks:2021:threat:dbd7ed7,
author = {SecureWorks},
title = {{Threat Profile: GOLD DRAKE}},
date = {2021},
url = {http://www.secureworks.com/research/threat-profiles/gold-drake},
language = {English},
urldate = {2021-05-28}
}
Threat Profile: GOLD DRAKE
Cobalt Strike Dridex FriedEx Koadic MimiKatz WastedLocker Evil Corp |
2020-12-17 ⋅ Trend Micro ⋅ Feike Hacquebord, Lord Alfred Remorin
@online{hacquebord:20201217:pawn:0e42861,
author = {Feike Hacquebord and Lord Alfred Remorin},
title = {{Pawn Storm’s Lack of Sophistication as a Strategy}},
date = {2020-12-17},
organization = {Trend Micro},
url = {https://www.trendmicro.com/en_us/research/20/l/pawn-storm-lack-of-sophistication-as-a-strategy.html},
language = {English},
urldate = {2020-12-19}
}
Pawn Storm’s Lack of Sophistication as a Strategy
DriveOcean |
2020-12-09 ⋅ Intezer ⋅ Joakim Kennedy
@online{kennedy:20201209:zebra:1c73168,
author = {Joakim Kennedy},
title = {{A Zebra in Gopher's Clothing: Russian APT Uses COVID-19 Lures to Deliver Zebrocy}},
date = {2020-12-09},
organization = {Intezer},
url = {https://www.intezer.com/blog/research/russian-apt-uses-covid-19-lures-to-deliver-zebrocy/},
language = {English},
urldate = {2020-12-10}
}
A Zebra in Gopher's Clothing: Russian APT Uses COVID-19 Lures to Deliver Zebrocy
Zebrocy |
2020-11-28 ⋅ pat_h/to/file ⋅ pat_h/to/file
@online{pathtofile:20201128:hunting:21f38be,
author = {pat_h/to/file},
title = {{Hunting Koadic Pt. 2 - JARM Fingerprinting}},
date = {2020-11-28},
organization = {pat_h/to/file},
url = {https://blog.tofile.dev/2020/11/28/koadic_jarm.html},
language = {English},
urldate = {2020-12-08}
}
Hunting Koadic Pt. 2 - JARM Fingerprinting
Koadic |
2020-10-29 ⋅ US-CERT ⋅ US-CERT
@online{uscert:20201029:malware:8122496,
author = {US-CERT},
title = {{Malware Analysis Report (AR20-303B): ZEBROCY Backdoor}},
date = {2020-10-29},
organization = {US-CERT},
url = {https://us-cert.cisa.gov/ncas/analysis-reports/ar20-303b},
language = {English},
urldate = {2020-11-02}
}
Malware Analysis Report (AR20-303B): ZEBROCY Backdoor
Zebrocy |
2020-10-23 ⋅ 360 ⋅ 360 Threat Intelligence Center
@online{center:20201023:apt28:099c6cd,
author = {360 Threat Intelligence Center},
title = {{APT28携小众压缩包诱饵对北约、中亚目标的定向攻击分析}},
date = {2020-10-23},
organization = {360},
url = {https://mp.weixin.qq.com/s/6R7bFs9lH1I3BNdkatCC9g},
language = {Chinese},
urldate = {2020-10-26}
}
APT28携小众压缩包诱饵对北约、中亚目标的定向攻击分析
Zebrocy |
2020-09-22 ⋅ Bleeping Computer ⋅ Ax Sharma
@online{sharma:20200922:russian:c3158b2,
author = {Ax Sharma},
title = {{Russian hackers use fake NATO training docs to breach govt networks}},
date = {2020-09-22},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/russian-hackers-use-fake-nato-training-docs-to-breach-govt-networks/},
language = {English},
urldate = {2020-09-24}
}
Russian hackers use fake NATO training docs to breach govt networks
Zebrocy APT28 |
2020-09-22 ⋅ QuoScient ⋅ QuoIntelligence
@online{quointelligence:20200922:apt28:9bfda0c,
author = {QuoIntelligence},
title = {{APT28 Delivers Zebrocy Malware Campaign using NATO Theme as Lure}},
date = {2020-09-22},
organization = {QuoScient},
url = {https://quointelligence.eu/2020/09/apt28-zebrocy-malware-campaign-nato-theme/},
language = {English},
urldate = {2020-09-23}
}
APT28 Delivers Zebrocy Malware Campaign using NATO Theme as Lure
Zebrocy APT28 |
2020-09-10 ⋅ Kaspersky Labs ⋅ GReAT
@online{great:20200910:overview:f751b73,
author = {GReAT},
title = {{An overview of targeted attacks and APTs on Linux}},
date = {2020-09-10},
organization = {Kaspersky Labs},
url = {https://securelist.com/an-overview-of-targeted-attacks-and-apts-on-linux/98440/},
language = {English},
urldate = {2020-10-05}
}
An overview of targeted attacks and APTs on Linux
Cloud Snooper Dacls DoubleFantasy MESSAGETAP Penquin Turla Tsunami elf.wellmess X-Agent |
2020-09-10 ⋅ Microsoft ⋅ Microsoft Threat Intelligence Center (MSTIC)
@online{mstic:20200910:strontium:eeaafcd,
author = {Microsoft Threat Intelligence Center (MSTIC)},
title = {{STRONTIUM: Detecting new patterns in credential harvesting}},
date = {2020-09-10},
organization = {Microsoft},
url = {https://www.microsoft.com/security/blog/2020/09/10/strontium-detecting-new-patters-credential-harvesting/},
language = {English},
urldate = {2020-09-15}
}
STRONTIUM: Detecting new patterns in credential harvesting
APT28 |
2020-09-01 ⋅ Twitter (@Vishnyak0v) ⋅ Alexey Vishnyakov
@online{vishnyakov:20200901:sample:cbed5e0,
author = {Alexey Vishnyakov},
title = {{Tweet on sample discovery}},
date = {2020-09-01},
organization = {Twitter (@Vishnyak0v)},
url = {https://twitter.com/Vishnyak0v/status/1300704689865060353},
language = {English},
urldate = {2020-09-01}
}
Tweet on sample discovery
Unidentified 078 (Zebrocy Nim Loader?) |
2020-07-29 ⋅ Kaspersky Labs ⋅ GReAT
@online{great:20200729:trends:6810325,
author = {GReAT},
title = {{APT trends report Q2 2020}},
date = {2020-07-29},
organization = {Kaspersky Labs},
url = {https://securelist.com/apt-trends-report-q2-2020/97937/},
language = {English},
urldate = {2020-07-30}
}
APT trends report Q2 2020
PhantomLance Dacls Penquin Turla elf.wellmess AppleJeus Dacls AcidBox Cobalt Strike Dacls EternalPetya Godlike12 Olympic Destroyer PlugX shadowhammer ShadowPad Sinowal VHD Ransomware Volgmer WellMess X-Agent XTunnel |
2020-07-01 ⋅ 360 ⋅ 360 Threat Intelligence Center
@online{center:20200701::fc5fdee,
author = {360 Threat Intelligence Center},
title = {{游走在东欧和中亚的奇幻熊}},
date = {2020-07-01},
organization = {360},
url = {https://mp.weixin.qq.com/s/pE_6VRDk-2aTI996sff0og},
language = {Chinese},
urldate = {2020-10-26}
}
游走在东欧和中亚的奇幻熊
Zebrocy |
2020-06-09 ⋅ Kaspersky Labs ⋅ Costin Raiu
@online{raiu:20200609:looking:3038dce,
author = {Costin Raiu},
title = {{Looking at Big Threats Using Code Similarity. Part 1}},
date = {2020-06-09},
organization = {Kaspersky Labs},
url = {https://securelist.com/big-threats-using-code-similarity-part-1/97239/},
language = {English},
urldate = {2020-08-18}
}
Looking at Big Threats Using Code Similarity. Part 1
Penquin Turla CCleaner Backdoor EternalPetya Regin WannaCryptor XTunnel |
2020-05-21 ⋅ PICUS Security ⋅ Süleyman Özarslan
@online{zarslan:20200521:t1055:4400f98,
author = {Süleyman Özarslan},
title = {{T1055 Process Injection}},
date = {2020-05-21},
organization = {PICUS Security},
url = {https://www.picussecurity.com/blog/picus-10-critical-mitre-attck-techniques-t1055-process-injection},
language = {English},
urldate = {2020-06-03}
}
T1055 Process Injection
BlackEnergy Cardinal RAT Downdelph Emotet Kazuar RokRAT SOUNDBITE |
2020-03-20 ⋅ Bitdefender ⋅ Liviu Arsene
@online{arsene:20200320:5:46813c6,
author = {Liviu Arsene},
title = {{5 Times More Coronavirus-themed Malware Reports during March}},
date = {2020-03-20},
organization = {Bitdefender},
url = {https://labs.bitdefender.com/2020/03/5-times-more-coronavirus-themed-malware-reports-during-march/?utm_campaign=twitter&utm_medium=twitter&utm_source=twitter},
language = {English},
urldate = {2020-03-26}
}
5 Times More Coronavirus-themed Malware Reports during March
ostap HawkEye Keylogger Koadic Loki Password Stealer (PWS) Nanocore RAT Remcos |
2020-02-13 ⋅ Qianxin ⋅ Qi Anxin Threat Intelligence Center
@techreport{center:20200213:report:146d333,
author = {Qi Anxin Threat Intelligence Center},
title = {{APT Report 2019}},
date = {2020-02-13},
institution = {Qianxin},
url = {https://ti.qianxin.com/uploads/2020/02/13/cb78386a082f465f259b37dae5df4884.pdf},
language = {English},
urldate = {2020-02-27}
}
APT Report 2019
Chrysaor Exodus Dacls VPNFilter DNSRat Griffon KopiLuwak More_eggs SQLRat AppleJeus BONDUPDATER Agent.BTZ Anchor AndroMut AppleJeus BOOSTWRITE Brambul Carbanak Cobalt Strike Dacls DistTrack DNSpionage Dtrack ELECTRICFISH FlawedAmmyy FlawedGrace Get2 Grateful POS HOPLIGHT Imminent Monitor RAT jason Joanap KerrDown KEYMARBLE Lambert LightNeuron LoJax MiniDuke PolyglotDuke PowerRatankba Rising Sun SDBbot ServHelper Snatch Stuxnet TinyMet tRat TrickBot Volgmer X-Agent Zebrocy |
2020-01-09 ⋅ Github (zerosum0x0) ⋅ zerosum0x0
@online{zerosum0x0:20200109:koadic:2b6e0c1,
author = {zerosum0x0},
title = {{Koadic}},
date = {2020-01-09},
organization = {Github (zerosum0x0)},
url = {https://github.com/zerosum0x0/koadic},
language = {English},
urldate = {2020-01-09}
}
Koadic
Koadic |
2020 ⋅ Secureworks ⋅ SecureWorks
@online{secureworks:2020:cobalt:e50c4e9,
author = {SecureWorks},
title = {{COBALT ULSTER}},
date = {2020},
organization = {Secureworks},
url = {http://www.secureworks.com/research/threat-profiles/cobalt-ulster},
language = {English},
urldate = {2020-05-27}
}
COBALT ULSTER
POWERSTATS Koadic MuddyWater |
2020 ⋅ Secureworks ⋅ SecureWorks
@online{secureworks:2020:iron:48c68a0,
author = {SecureWorks},
title = {{IRON TWILIGHT}},
date = {2020},
organization = {Secureworks},
url = {https://www.secureworks.com/research/threat-profiles/iron-twilight},
language = {English},
urldate = {2020-05-23}
}
IRON TWILIGHT
X-Agent X-Agent X-Agent Computrace HideDRV Sedreco Seduploader X-Agent XTunnel Zebrocy Zebrocy (AutoIT) |
2020 ⋅ Secureworks ⋅ SecureWorks
@online{secureworks:2020:cobalt:8d36ac3,
author = {SecureWorks},
title = {{COBALT TRINITY}},
date = {2020},
organization = {Secureworks},
url = {https://www.secureworks.com/research/threat-profiles/cobalt-trinity},
language = {English},
urldate = {2020-05-23}
}
COBALT TRINITY
POWERTON pupy Imminent Monitor RAT Koadic Nanocore RAT NetWire RC PoshC2 APT33 |
2020 ⋅ Secureworks ⋅ SecureWorks
@online{secureworks:2020:gold:0d8c853,
author = {SecureWorks},
title = {{GOLD DRAKE}},
date = {2020},
organization = {Secureworks},
url = {https://www.secureworks.com/research/threat-profiles/gold-drake},
language = {English},
urldate = {2020-05-23}
}
GOLD DRAKE
Dridex Empire Downloader FriedEx Koadic MimiKatz |
2019-12-05 ⋅ Marco Ramilli's Blog ⋅ Marco Ramilli
@online{ramilli:20191205:apt28:aa3defd,
author = {Marco Ramilli},
title = {{APT28 Attacks Evolution}},
date = {2019-12-05},
organization = {Marco Ramilli's Blog},
url = {https://marcoramilli.com/2019/12/05/apt28-attacks-evolution/},
language = {English},
urldate = {2019-12-17}
}
APT28 Attacks Evolution
APT28 |
2019-10-24 ⋅ MeltX0R Security ⋅ MeltX0R
@online{meltx0r:20191024:10242019:6438b53,
author = {MeltX0R},
title = {{10/24/2019 - APT28: Targeted attacks against mining corporations in Kazakhstan}},
date = {2019-10-24},
organization = {MeltX0R Security},
url = {https://meltx0r.github.io/tech/2019/10/24/apt28.html},
language = {English},
urldate = {2020-01-07}
}
10/24/2019 - APT28: Targeted attacks against mining corporations in Kazakhstan
Zebrocy |
2019-09-24 ⋅ ESET Research ⋅ ESET Research
@online{research:20190924:no:a84b64a,
author = {ESET Research},
title = {{No summer vacations for Zebrocy}},
date = {2019-09-24},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2019/09/24/no-summer-vacations-zebrocy/},
language = {English},
urldate = {2019-11-14}
}
No summer vacations for Zebrocy
Zebrocy |
2019-08-28 ⋅ Cylance ⋅ Cylance Threat Research Team
@online{team:20190828:inside:c3051c2,
author = {Cylance Threat Research Team},
title = {{Inside the APT28 DLL Backdoor Blitz}},
date = {2019-08-28},
organization = {Cylance},
url = {https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html},
language = {English},
urldate = {2020-01-06}
}
Inside the APT28 DLL Backdoor Blitz
PocoDown |
2019-08-01 ⋅ Kaspersky Labs ⋅ GReAT
@online{great:20190801:trends:5e25d5b,
author = {GReAT},
title = {{APT trends report Q2 2019}},
date = {2019-08-01},
organization = {Kaspersky Labs},
url = {https://securelist.com/apt-trends-report-q2-2019/91897/},
language = {English},
urldate = {2020-08-13}
}
APT trends report Q2 2019
ZooPark magecart POWERSTATS Chaperone COMpfun EternalPetya FinFisher RAT HawkEye Keylogger HOPLIGHT Microcin NjRAT Olympic Destroyer PLEAD RokRAT Triton Zebrocy |
2019-07-10 ⋅ Cylance ⋅ Cylance Threat Research Team
@online{team:20190710:flirting:dbf23d3,
author = {Cylance Threat Research Team},
title = {{Flirting With IDA and APT28}},
date = {2019-07-10},
organization = {Cylance},
url = {https://threatvector.cylance.com/en_us/home/flirting-with-ida-and-apt28.html},
language = {English},
urldate = {2020-01-06}
}
Flirting With IDA and APT28
PocoDown |
2019-06-03 ⋅ Kaspersky Labs ⋅ GReAT
@online{great:20190603:zebrocys:25be7a9,
author = {GReAT},
title = {{Zebrocy’s Multilanguage Malware Salad}},
date = {2019-06-03},
organization = {Kaspersky Labs},
url = {https://securelist.com/zebrocys-multilanguage-malware-salad/90680/},
language = {English},
urldate = {2019-12-20}
}
Zebrocy’s Multilanguage Malware Salad
Zebrocy |
2019-05-22 ⋅ ESET Research ⋅ ESET Research
@online{research:20190522:journey:0627ad7,
author = {ESET Research},
title = {{A journey to Zebrocy land}},
date = {2019-05-22},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2019/05/22/journey-zebrocy-land/},
language = {English},
urldate = {2019-11-14}
}
A journey to Zebrocy land
Zebrocy |
2019-05-20 ⋅ Check Point ⋅ Ben Herzog
@online{herzog:20190520:malware:dac1524,
author = {Ben Herzog},
title = {{Malware Against the C Monoculture}},
date = {2019-05-20},
organization = {Check Point},
url = {https://research.checkpoint.com/malware-against-the-c-monoculture/},
language = {English},
urldate = {2019-10-14}
}
Malware Against the C Monoculture
AdWind jRAT GhostMiner Zebrocy |
2019-05-18 ⋅ Twitter (@cyb3rops) ⋅ Florian Roth
@online{roth:20190518:yara:b6d66a4,
author = {Florian Roth},
title = {{Tweet on YARA and APT28}},
date = {2019-05-18},
organization = {Twitter (@cyb3rops)},
url = {https://twitter.com/cyb3rops/status/1129653190444703744},
language = {English},
urldate = {2020-01-10}
}
Tweet on YARA and APT28
PocoDown |
2019-04-18 ⋅ Yoroi ⋅ ZLAB-Yoroi
@online{zlabyoroi:20190418:apt28:709f72a,
author = {ZLAB-Yoroi},
title = {{APT28 and Upcoming Elections: Evidence of Possible Interference (Part II)}},
date = {2019-04-18},
organization = {Yoroi},
url = {https://blog.yoroi.company/research/apt28-and-upcoming-elections-possible-interference-signals-part-ii/},
language = {English},
urldate = {2022-03-14}
}
APT28 and Upcoming Elections: Evidence of Possible Interference (Part II)
Seduploader |
2019-04-01 ⋅ Macnica Networks ⋅ Macnica Networks
@techreport{networks:20190401:trends:cf738dc,
author = {Macnica Networks},
title = {{Trends in Cyber Espionage Targeting Japan 2nd Half of 2018}},
date = {2019-04-01},
institution = {Macnica Networks},
url = {https://www.macnica.net/file/mpressioncss_ta_report_2019.pdf},
language = {Japanese},
urldate = {2021-03-02}
}
Trends in Cyber Espionage Targeting Japan 2nd Half of 2018
Anel Cobalt Strike Datper PLEAD Quasar RAT RedLeaves taidoor Zebrocy |
2019-02-20 ⋅ Washington Post ⋅ Elizabeth Dwoskin, Craig Timberg
@online{dwoskin:20190220:microsoft:9d4cb73,
author = {Elizabeth Dwoskin and Craig Timberg},
title = {{Microsoft says it has found another Russian operation targeting prominent think tanks}},
date = {2019-02-20},
organization = {Washington Post},
url = {https://www.washingtonpost.com/technology/2019/02/20/microsoft-says-it-has-found-another-russian-operation-targeting-prominent-think-tanks/?utm_term=.870ff11468ae},
language = {English},
urldate = {2019-11-29}
}
Microsoft says it has found another Russian operation targeting prominent think tanks
APT28 |
2019-02-13 ⋅ Accenture Security ⋅ Accenture Security
@techreport{security:20190213:snakemackerel:17add25,
author = {Accenture Security},
title = {{SNAKEMACKEREL: Threat Campaign Likely Targeting NATO Members, Defense and Military Outlets}},
date = {2019-02-13},
institution = {Accenture Security},
url = {https://www.accenture.com/t20190213T141124Z__w__/us-en/_acnmedia/PDF-94/Accenture-SNAKEMACKEREL-Threat-Campaign-Likely-Targeting-NATO-Members-Defense-and-Military-Outlets.pdf},
language = {English},
urldate = {2019-12-18}
}
SNAKEMACKEREL: Threat Campaign Likely Targeting NATO Members, Defense and Military Outlets
APT28 |
2019-01-24 ⋅ Kaspersky Labs ⋅ Kaspersky Lab ICS CERT
@online{cert:20190124:greyenergys:523e803,
author = {Kaspersky Lab ICS CERT},
title = {{GreyEnergy’s overlap with Zebrocy}},
date = {2019-01-24},
organization = {Kaspersky Labs},
url = {https://securelist.com/greyenergys-overlap-with-zebrocy/89506/},
language = {English},
urldate = {2019-12-20}
}
GreyEnergy’s overlap with Zebrocy
GreyEnergy Zebrocy |
2019-01-11 ⋅ Kaspersky Labs ⋅ GReAT
@online{great:20190111:zebrocy:671fed1,
author = {GReAT},
title = {{A Zebrocy Go Downloader}},
date = {2019-01-11},
organization = {Kaspersky Labs},
url = {https://securelist.com/a-zebrocy-go-downloader/89419/},
language = {English},
urldate = {2019-12-20}
}
A Zebrocy Go Downloader
Zebrocy |
2019 ⋅ MITRE ⋅ MITRE ATT&CK
@online{attck:2019:apt28:f03c2bd,
author = {MITRE ATT&CK},
title = {{Group description: APT28}},
date = {2019},
organization = {MITRE},
url = {https://attack.mitre.org/groups/G0007/},
language = {English},
urldate = {2019-12-20}
}
Group description: APT28
APT28 |
2019 ⋅ Council on Foreign Relations ⋅ Cyber Operations Tracker
@online{tracker:2019:28:7c5afdd,
author = {Cyber Operations Tracker},
title = {{APT 28}},
date = {2019},
organization = {Council on Foreign Relations},
url = {https://www.cfr.org/interactive/cyber-operations/apt-28},
language = {English},
urldate = {2019-12-20}
}
APT 28
APT28 |
2018-12-21 ⋅ Vitali Kremez
@online{kremez:20181221:lets:46e594a,
author = {Vitali Kremez},
title = {{Let's Learn: In-Depth on APT28/Sofacy Zebrocy Golang Loader}},
date = {2018-12-21},
url = {https://www.vkremez.com/2018/12/lets-learn-dissecting-apt28sofacy.html},
language = {English},
urldate = {2019-12-24}
}
Let's Learn: In-Depth on APT28/Sofacy Zebrocy Golang Loader
Zebrocy |
2018-12-21 ⋅ Emanuele De Lucia
@online{lucia:20181221:apt28:466f390,
author = {Emanuele De Lucia},
title = {{APT28 / Sofacy – SedUploader under the Christmas tree}},
date = {2018-12-21},
url = {https://www.emanueledelucia.net/apt28-sofacy-seduploader-under-the-christmas-tree/},
language = {English},
urldate = {2020-03-30}
}
APT28 / Sofacy – SedUploader under the Christmas tree
Seduploader |
2018-12-18 ⋅ paloalto Networks Unit 42 ⋅ Robert Falcone
@online{falcone:20181218:sofacy:3573b82,
author = {Robert Falcone},
title = {{Sofacy Creates New ‘Go’ Variant of Zebrocy Tool}},
date = {2018-12-18},
organization = {paloalto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/sofacy-creates-new-go-variant-of-zebrocy-tool/},
language = {English},
urldate = {2020-01-07}
}
Sofacy Creates New ‘Go’ Variant of Zebrocy Tool
Zebrocy |
2018-12-12 ⋅ Palo Alto Networks Unit 42 ⋅ Bryan Lee, Robert Falcone
@online{lee:20181212:dear:0d9a44e,
author = {Bryan Lee and Robert Falcone},
title = {{Dear Joohn: The Sofacy Group’s Global Campaign}},
date = {2018-12-12},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/dear-joohn-sofacy-groups-global-campaign/},
language = {English},
urldate = {2020-01-08}
}
Dear Joohn: The Sofacy Group’s Global Campaign
APT28 |
2018-12-10 ⋅ Vitali Kremez Blog ⋅ Vitali Kremez
@online{kremez:20181210:lets:f947fb1,
author = {Vitali Kremez},
title = {{Let's Learn: Reviewing Sofacy's "Zebrocy" C++ Loader: Advanced Insight}},
date = {2018-12-10},
organization = {Vitali Kremez Blog},
url = {https://www.vkremez.com/2018/12/lets-learn-reviewing-sofacys-zebrocy-c.html},
language = {English},
urldate = {2020-01-09}
}
Let's Learn: Reviewing Sofacy's "Zebrocy" C++ Loader: Advanced Insight
Zebrocy |
2018-11-29 ⋅ Accenture ⋅ Michael Yip
@online{yip:20181129:snakemackerel:aa02eba,
author = {Michael Yip},
title = {{Snakemackerel delivers Zekapab malware}},
date = {2018-11-29},
organization = {Accenture},
url = {https://www.accenture.com/us-en/blogs/blogs-snakemackerel-delivers-zekapab-malware},
language = {English},
urldate = {2019-12-10}
}
Snakemackerel delivers Zekapab malware
Zebrocy APT28 |
2018-11-27 ⋅ Vitali Kremez Blog ⋅ Vitali Kremez
@online{kremez:20181127:lets:e9928d7,
author = {Vitali Kremez},
title = {{Let's Learn: In-Depth on Sofacy Cannon Loader/Backdoor Review}},
date = {2018-11-27},
organization = {Vitali Kremez Blog},
url = {https://www.vkremez.com/2018/11/lets-learn-in-depth-on-sofacy-canon.html},
language = {English},
urldate = {2020-01-13}
}
Let's Learn: In-Depth on Sofacy Cannon Loader/Backdoor Review
Cannon |
2018-11-20 ⋅ Palo Alto Networks Unit 42 ⋅ Robert Falcone, Bryan Lee
@online{falcone:20181120:sofacy:bb4fd84,
author = {Robert Falcone and Bryan Lee},
title = {{Sofacy Continues Global Attacks and Wheels Out New ‘Cannon’ Trojan}},
date = {2018-11-20},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/unit42-sofacy-continues-global-attacks-wheels-new-cannon-trojan/},
language = {English},
urldate = {2020-01-08}
}
Sofacy Continues Global Attacks and Wheels Out New ‘Cannon’ Trojan
APT28 |
2018-11-20 ⋅ ESET Research ⋅ ESET Research
@online{research:20181120:sednit:caedbdb,
author = {ESET Research},
title = {{Sednit: What’s going on with Zebrocy?}},
date = {2018-11-20},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2018/11/20/sednit-whats-going-zebrocy/},
language = {English},
urldate = {2019-11-14}
}
Sednit: What’s going on with Zebrocy?
Zebrocy |
2018-11-20 ⋅ Palo Alto Networks Unit 42 ⋅ Robert Falcone, Bryan Lee
@online{falcone:20181120:sofacy:b1ef88a,
author = {Robert Falcone and Bryan Lee},
title = {{Sofacy Continues Global Attacks and Wheels Out New ‘Cannon’ Trojan}},
date = {2018-11-20},
organization = {Palo Alto Networks Unit 42},
url = {https://researchcenter.paloaltonetworks.com/2018/11/unit42-sofacy-continues-global-attacks-wheels-new-cannon-trojan/},
language = {English},
urldate = {2019-12-20}
}
Sofacy Continues Global Attacks and Wheels Out New ‘Cannon’ Trojan
Cannon |
2018-11-05 ⋅ Youtube (MSRC) ⋅ Jean-Ian Boutin, Frédéric Vachon
@online{boutin:20181105:bluehat:65f6d65,
author = {Jean-Ian Boutin and Frédéric Vachon},
title = {{BlueHat v18 || First STRONTIUM UEFI Rootkit Unveiled}},
date = {2018-11-05},
organization = {Youtube (MSRC)},
url = {https://www.youtube.com/watch?v=VeoXT0nEcFU},
language = {English},
urldate = {2019-12-17}
}
BlueHat v18 || First STRONTIUM UEFI Rootkit Unveiled
LoJax |
2018-10-04 ⋅ NCSC UK ⋅ NCSC UK
@online{uk:20181004:indicators:65560f3,
author = {NCSC UK},
title = {{Indicators of Compromise for Malware used by APT28}},
date = {2018-10-04},
organization = {NCSC UK},
url = {https://www.ncsc.gov.uk/alerts/indicators-compromise-malware-used-apt28},
language = {English},
urldate = {2020-01-07}
}
Indicators of Compromise for Malware used by APT28
X-Tunnel (.NET) |
2018-10-04 ⋅ NCSC UK ⋅ NCSC UK
@techreport{uk:20181004:indicators:af0d14a,
author = {NCSC UK},
title = {{Indicators of Compromise for Malware used by APT28}},
date = {2018-10-04},
institution = {NCSC UK},
url = {https://www.thecssc.com/wp-content/uploads/2018/10/4OctoberIOC-APT28-malware-advisory.pdf},
language = {English},
urldate = {2019-11-29}
}
Indicators of Compromise for Malware used by APT28
X-Agent |
2018-10-04 ⋅ Symantec ⋅ Security Response Attack Investigation Team
@online{team:20181004:apt28:f5e15cf,
author = {Security Response Attack Investigation Team},
title = {{APT28: New Espionage Operations Target Military and Government Organizations}},
date = {2018-10-04},
organization = {Symantec},
url = {https://www.symantec.com/blogs/election-security/apt28-espionage-military-government},
language = {English},
urldate = {2019-11-23}
}
APT28: New Espionage Operations Target Military and Government Organizations
XTunnel |
2018-10-04 ⋅ Symantec ⋅ Critical Attack Discovery and Intelligence Team
@online{team:20181004:apt28:97a1356,
author = {Critical Attack Discovery and Intelligence Team},
title = {{APT28: New Espionage Operations Target Military and Government Organizations}},
date = {2018-10-04},
organization = {Symantec},
url = {https://symantec-blogs.broadcom.com/blogs/election-security/apt28-espionage-military-government},
language = {English},
urldate = {2020-04-21}
}
APT28: New Espionage Operations Target Military and Government Organizations
LoJax Seduploader X-Agent XTunnel Zebrocy APT28 |
2018-10-04 ⋅ Unknown ⋅ MSN News
@online{news:20181004:russian:92336c6,
author = {MSN News},
title = {{Russian hackers accused of targeting UN chemical weapons watchdog, MH17 files}},
date = {2018-10-04},
organization = {Unknown},
url = {https://www.msn.com/en-nz/news/world/russian-hackers-accused-of-targeting-un-chemical-weapons-watchdog-mh17-files/ar-BBNV2ny},
language = {English},
urldate = {2020-04-06}
}
Russian hackers accused of targeting UN chemical weapons watchdog, MH17 files
APT28 |
2018-09-27 ⋅ Bleeping Computer ⋅ Ionut Ilascu
@online{ilascu:20180927:apt28:12917be,
author = {Ionut Ilascu},
title = {{APT28 Uses LoJax, First UEFI Rootkit Seen in the Wild}},
date = {2018-09-27},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/apt28-uses-lojax-first-uefi-rootkit-seen-in-the-wild/},
language = {English},
urldate = {2019-12-20}
}
APT28 Uses LoJax, First UEFI Rootkit Seen in the Wild
APT28 |
2018-09-27 ⋅ ESET Research ⋅ ESET Research
@online{research:20180927:lojax:5351e6c,
author = {ESET Research},
title = {{LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group}},
date = {2018-09-27},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2018/09/27/lojax-first-uefi-rootkit-found-wild-courtesy-sednit-group/},
language = {English},
urldate = {2020-01-10}
}
LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group
APT28 |
2018-09 ⋅ ESET Research
@techreport{research:201809:lojax:747e1e3,
author = {ESET Research},
title = {{LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group}},
date = {2018-09},
institution = {},
url = {https://www.welivesecurity.com/wp-content/uploads/2018/09/ESET-LoJax.pdf},
language = {English},
urldate = {2019-12-17}
}
LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group
LoJax |
2018-08-26 ⋅ SecJuice ⋅ SecJuice
@online{secjuice:20180826:remember:d5f1006,
author = {SecJuice},
title = {{Remember Fancy Bear?}},
date = {2018-08-26},
organization = {SecJuice},
url = {https://www.secjuice.com/fancy-bear-review/},
language = {English},
urldate = {2020-01-06}
}
Remember Fancy Bear?
OLDBAIT |
2018-08-21 ⋅ Bleeping Computer ⋅ Catalin Cimpanu
@online{cimpanu:20180821:microsoft:bc5c2f0,
author = {Catalin Cimpanu},
title = {{Microsoft Disrupts APT28 Hacking Campaign Aimed at US Midterm Elections}},
date = {2018-08-21},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/microsoft-disrupts-apt28-hacking-campaign-aimed-at-us-midterm-elections/},
language = {English},
urldate = {2019-12-20}
}
Microsoft Disrupts APT28 Hacking Campaign Aimed at US Midterm Elections
APT28 |
2018-08-21 ⋅ BBC ⋅ BBC News
@online{news:20180821:microsoft:f0674db,
author = {BBC News},
title = {{Microsoft claims win over 'Russian political hackers'}},
date = {2018-08-21},
organization = {BBC},
url = {https://www.bbc.co.uk/news/technology-45257081},
language = {English},
urldate = {2019-10-30}
}
Microsoft claims win over 'Russian political hackers'
APT28 |
2018-08-20 ⋅ Microsoft ⋅ Brad Smith
@online{smith:20180820:we:2a387d2,
author = {Brad Smith},
title = {{We are taking new steps against broadening threats to democracy}},
date = {2018-08-20},
organization = {Microsoft},
url = {https://blogs.microsoft.com/on-the-issues/2018/08/20/we-are-taking-new-steps-against-broadening-threats-to-democracy/},
language = {English},
urldate = {2020-01-06}
}
We are taking new steps against broadening threats to democracy
APT28 |
2018-06-06 ⋅ Palo Alto Networks Unit 42 ⋅ Bryan Lee, Robert Falcone
@online{lee:20180606:sofacy:6d3e723,
author = {Bryan Lee and Robert Falcone},
title = {{Sofacy Group’s Parallel Attacks}},
date = {2018-06-06},
organization = {Palo Alto Networks Unit 42},
url = {https://researchcenter.paloaltonetworks.com/2018/06/unit42-sofacy-groups-parallel-attacks/},
language = {English},
urldate = {2019-12-20}
}
Sofacy Group’s Parallel Attacks
Koadic Zebrocy |
2018-05-23 ⋅ Department of Justice ⋅ Office of Public Affairs
@online{affairs:20180523:justice:806d785,
author = {Office of Public Affairs},
title = {{Justice Department Announces Actions to Disrupt Advanced Persistent Threat 28 Botnet of Infected Routers and Network Storage Devices}},
date = {2018-05-23},
organization = {Department of Justice},
url = {https://www.justice.gov/opa/pr/justice-department-announces-actions-disrupt-advanced-persistent-threat-28-botnet-infected},
language = {English},
urldate = {2020-01-06}
}
Justice Department Announces Actions to Disrupt Advanced Persistent Threat 28 Botnet of Infected Routers and Network Storage Devices
VPNFilter APT28 |
2018-05-15 ⋅ Reuters ⋅ Simon Johnson, Olof Swahnberg, Niklas Pollard, Hugh Lawson
@online{johnson:20180515:swedish:47c0265,
author = {Simon Johnson and Olof Swahnberg and Niklas Pollard and Hugh Lawson},
title = {{Swedish sports body says anti-doping unit hit by hacking attack}},
date = {2018-05-15},
organization = {Reuters},
url = {https://www.reuters.com/article/us-sweden-doping/swedish-sports-body-says-anti-doping-unit-hit-by-hacking-attack-idUSKCN1IG2GN},
language = {English},
urldate = {2019-12-10}
}
Swedish sports body says anti-doping unit hit by hacking attack
APT28 |
2018-05-08 ⋅ AP News ⋅ Raphael Satter
@online{satter:20180508:russian:8731568,
author = {Raphael Satter},
title = {{Russian hackers posed as IS to threaten military wives}},
date = {2018-05-08},
organization = {AP News},
url = {https://www.apnews.com/4d174e45ef5843a0ba82e804f080988f},
language = {English},
urldate = {2020-01-07}
}
Russian hackers posed as IS to threaten military wives
APT28 |
2018-05-01 ⋅ NetScout ⋅ ASERT Team
@online{team:20180501:lojack:244d59b,
author = {ASERT Team},
title = {{Lojack Becomes a Double-Agent}},
date = {2018-05-01},
organization = {NetScout},
url = {https://asert.arbornetworks.com/lojack-becomes-a-double-agent/},
language = {English},
urldate = {2019-10-23}
}
Lojack Becomes a Double-Agent
Computrace |
2018-04-24 ⋅ ESET Research ⋅ ESET Research
@online{research:20180424:sednit:ab398cd,
author = {ESET Research},
title = {{Sednit update: Analysis of Zebrocy}},
date = {2018-04-24},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy/},
language = {English},
urldate = {2019-11-14}
}
Sednit update: Analysis of Zebrocy
Zebrocy Zebrocy (AutoIT) |
2018-02-28 ⋅ Palo Alto Networks Unit 42 ⋅ Bryan Lee, Mike Harbison, Robert Falcone
@online{lee:20180228:sofacy:04fead3,
author = {Bryan Lee and Mike Harbison and Robert Falcone},
title = {{Sofacy Attacks Multiple Government Entities}},
date = {2018-02-28},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/unit42-sofacy-attacks-multiple-government-entities/},
language = {English},
urldate = {2020-01-06}
}
Sofacy Attacks Multiple Government Entities
APT28 |
2018-02-20 ⋅ Kaspersky Labs ⋅ GReAT
@online{great:20180220:slice:0f910f7,
author = {GReAT},
title = {{A Slice of 2017 Sofacy Activity}},
date = {2018-02-20},
organization = {Kaspersky Labs},
url = {https://securelist.com/a-slice-of-2017-sofacy-activity/83930/},
language = {English},
urldate = {2022-03-14}
}
A Slice of 2017 Sofacy Activity
Seduploader APT28 |
2018-01-10 ⋅ Wired ⋅ Louise Matsakis
@online{matsakis:20180110:hack:73c4c38,
author = {Louise Matsakis},
title = {{Hack Brief: Russian Hackers Release Apparent IOC Emails in Wake of Olympic Ban}},
date = {2018-01-10},
organization = {Wired},
url = {https://www.wired.com/story/russian-fancy-bears-hackers-release-apparent-ioc-emails/},
language = {English},
urldate = {2020-01-13}
}
Hack Brief: Russian Hackers Release Apparent IOC Emails in Wake of Olympic Ban
APT28 |
2018 ⋅ Accenture Security ⋅ Accenture Security
@techreport{security:2018:snakemackerel:fa2c552,
author = {Accenture Security},
title = {{SNAKEMACKEREL - A BREXIT-themed lure document that delivers ZEKAPAB malware}},
date = {2018},
institution = {Accenture Security},
url = {https://www.accenture.com/t20181129T203820Z__w__/us-en/_acnmedia/PDF-90/Accenture-snakemackerel-delivers-zekapab-malware.pdf},
language = {English},
urldate = {2019-10-15}
}
SNAKEMACKEREL - A BREXIT-themed lure document that delivers ZEKAPAB malware
APT28 |
2017-12-21 ⋅ ESET Research ⋅ ESET Research
@online{research:20171221:sednit:630ff7c,
author = {ESET Research},
title = {{Sednit update: How Fancy Bear Spent the Year}},
date = {2017-12-21},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2017/12/21/sednit-update-fancy-bear-spent-year/},
language = {English},
urldate = {2019-11-14}
}
Sednit update: How Fancy Bear Spent the Year
Seduploader X-Agent |
2017-10-22 ⋅ Cisco ⋅ Warren Mercer, Paul Rascagnères, Vitor Ventura
@online{mercer:20171022:cyber:b26ac86,
author = {Warren Mercer and Paul Rascagnères and Vitor Ventura},
title = {{“Cyber Conflict” Decoy Document Used In Real Cyber Conflict}},
date = {2017-10-22},
organization = {Cisco},
url = {http://blog.talosintelligence.com/2017/10/cyber-conflict-decoy-document.html},
language = {English},
urldate = {2020-01-07}
}
“Cyber Conflict” Decoy Document Used In Real Cyber Conflict
Seduploader |
2017-10-19 ⋅ Proofpoint ⋅ Kafeine, Pierre T
@online{kafeine:20171019:apt28:927b889,
author = {Kafeine and Pierre T},
title = {{APT28 racing to exploit CVE-2017-11292 Flash vulnerability before patches are deployed}},
date = {2017-10-19},
organization = {Proofpoint},
url = {https://www.proofpoint.com/us/threat-insight/post/apt28-racing-exploit-cve-2017-11292-flash-vulnerability-patches-are-deployed},
language = {English},
urldate = {2019-12-20}
}
APT28 racing to exploit CVE-2017-11292 Flash vulnerability before patches are deployed
Seduploader |
2017-08-13 ⋅ Adam Chester
@online{chester:20170813:analysis:11db4f8,
author = {Adam Chester},
title = {{Analysis of APT28 hospitality malware (Part 2)}},
date = {2017-08-13},
url = {https://blog.xpnsec.com/apt28-hospitality-malware-part-2/},
language = {English},
urldate = {2020-01-08}
}
Analysis of APT28 hospitality malware (Part 2)
Seduploader |
2017-08-11 ⋅ FireEye ⋅ Lindsay Smith, Ben Read
@online{smith:20170811:apt28:a39510a,
author = {Lindsay Smith and Ben Read},
title = {{APT28 Targets Hospitality Sector, Presents Threat to Travelers}},
date = {2017-08-11},
organization = {FireEye},
url = {https://www.fireeye.com/blog/threat-research/2017/08/apt28-targets-hospitality-sector.html},
language = {English},
urldate = {2019-12-20}
}
APT28 Targets Hospitality Sector, Presents Threat to Travelers
Seduploader |
2017-05-09 ⋅ ESET Research ⋅ ESET Research
@online{research:20170509:sednit:dde92c1,
author = {ESET Research},
title = {{Sednit adds two zero‑day exploits using ‘Trump’s attack on Syria’ as a decoy}},
date = {2017-05-09},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2017/05/09/sednit-adds-two-zero-day-exploits-using-trumps-attack-syria-decoy/},
language = {English},
urldate = {2019-12-20}
}
Sednit adds two zero‑day exploits using ‘Trump’s attack on Syria’ as a decoy
Seduploader |
2017-04-26 ⋅ Handelsblatt ⋅ Daniel Tost
@online{tost:20170426:russialinked:9fd1d9d,
author = {Daniel Tost},
title = {{Russia-linked Hackers Target German Political Foundations}},
date = {2017-04-26},
organization = {Handelsblatt},
url = {https://www.handelsblatt.com/today/politics/election-risks-russia-linked-hackers-target-german-political-foundations/23569188.html?ticket=ST-2696734-GRHgtQukDIEXeSOwksXO-ap1},
language = {English},
urldate = {2020-01-09}
}
Russia-linked Hackers Target German Political Foundations
APT28 |
2017-04-03 ⋅ VOA ⋅ VOA
@online{voa:20170403:iaaf:0b4dd3b,
author = {VOA},
title = {{IAAF Says It Has Been Hacked, Athlete Medical Info Accessed}},
date = {2017-04-03},
organization = {VOA},
url = {https://www.voanews.com/a/iaaf-hack-fancy-bears/3793874.html},
language = {English},
urldate = {2020-01-07}
}
IAAF Says It Has Been Hacked, Athlete Medical Info Accessed
APT28 |
2017-03-23 ⋅ Twitter (PhysicalDrive0) ⋅ PhysicalDrive0
@online{physicaldrive0:20170323:xagent:74f4c95,
author = {PhysicalDrive0},
title = {{Tweet on XAgent for macOS}},
date = {2017-03-23},
organization = {Twitter (PhysicalDrive0)},
url = {https://twitter.com/PhysicalDrive0/status/845009226388918273},
language = {English},
urldate = {2019-12-17}
}
Tweet on XAgent for macOS
X-Agent |
2017-03-02 ⋅ Laboratory of Cryptography and System Security ⋅ Boldizsar Bencsath
@online{bencsath:20170302:update:0e03ee6,
author = {Boldizsar Bencsath},
title = {{Update on the Fancy Bear Android malware (poprd30.apk)}},
date = {2017-03-02},
organization = {Laboratory of Cryptography and System Security},
url = {http://blog.crysys.hu/2017/03/update-on-the-fancy-bear-android-malware-poprd30-apk/},
language = {English},
urldate = {2019-10-13}
}
Update on the Fancy Bear Android malware (poprd30.apk)
X-Agent |
2017-02-21 ⋅ Bitdefender ⋅ Bitdefender
@techreport{bitdefender:20170221:dissecting:eec4e1f,
author = {Bitdefender},
title = {{Dissecting the APT28 Mac OS X Payload}},
date = {2017-02-21},
institution = {Bitdefender},
url = {https://download.bitdefender.com/resources/files/News/CaseStudies/study/143/Bitdefender-Whitepaper-APT-Mac-A4-en-EN-web.pdf},
language = {English},
urldate = {2020-01-10}
}
Dissecting the APT28 Mac OS X Payload
X-Agent |
2017-02-20 ⋅ Contagio Dump ⋅ Mila Parkour
@online{parkour:20170220:part:c54b5de,
author = {Mila Parkour},
title = {{Part I. Russian APT - APT28 collection of samples including OSX XAgent}},
date = {2017-02-20},
organization = {Contagio Dump},
url = {https://contagiodump.blogspot.de/2017/02/russian-apt-apt28-collection-of-samples.html},
language = {English},
urldate = {2019-11-26}
}
Part I. Russian APT - APT28 collection of samples including OSX XAgent
X-Agent Komplex Coreshell Downdelph HideDRV SEADADDY Sedreco Seduploader X-Agent XTunnel |
2017-02-14 ⋅ Palo Alto Networks Unit 42 ⋅ Robert Falcone
@online{falcone:20170214:xagentosx:33ef060,
author = {Robert Falcone},
title = {{XAgentOSX: Sofacy’s XAgent macOS Tool}},
date = {2017-02-14},
organization = {Palo Alto Networks Unit 42},
url = {http://researchcenter.paloaltonetworks.com/2017/02/unit42-xagentosx-sofacys-xagent-macos-tool/},
language = {English},
urldate = {2019-12-20}
}
XAgentOSX: Sofacy’s XAgent macOS Tool
X-Agent |
2017-02-04 ⋅ de Volkskrant ⋅ Huib Modderkolk
@online{modderkolk:20170204:russen:2dcb3d1,
author = {Huib Modderkolk},
title = {{Russen faalden bij hackpogingen ambtenaren op Nederlandse ministeries}},
date = {2017-02-04},
organization = {de Volkskrant},
url = {https://www.volkskrant.nl/cultuur-media/russen-faalden-bij-hackpogingen-ambtenaren-op-nederlandse-ministeries~b77ff391/},
language = {Dutch},
urldate = {2019-12-19}
}
Russen faalden bij hackpogingen ambtenaren op Nederlandse ministeries
APT28 |
2017-01-10 ⋅ FireEye ⋅ FireEye iSIGHT Intelligence
@techreport{intelligence:20170110:apt28:2f371ee,
author = {FireEye iSIGHT Intelligence},
title = {{APT28: At The Center Of The Storm}},
date = {2017-01-10},
institution = {FireEye},
url = {https://www.mandiant.com/sites/default/files/2021-09/APT28-Center-of-Storm-2017.pdf},
language = {English},
urldate = {2022-05-04}
}
APT28: At The Center Of The Storm
Coreshell OLDBAIT Sedreco Seduploader X-Agent |
2017-01-03 ⋅ CrySyS Lab ⋅ Boldizsar Bencsath
@online{bencsath:20170103:technical:1c2e81e,
author = {Boldizsar Bencsath},
title = {{Technical details on the Fancy Bear Android malware (poprd30.apk)}},
date = {2017-01-03},
organization = {CrySyS Lab},
url = {http://blog.crysys.hu/2017/01/technical-details-on-the-fancy-bear-android-malware-poprd30-apk/},
language = {English},
urldate = {2020-01-09}
}
Technical details on the Fancy Bear Android malware (poprd30.apk)
X-Agent |
2017-01-01 ⋅ Objective-See ⋅ Patrick Wardle
@online{wardle:20170101:mac:8c2d52b,
author = {Patrick Wardle},
title = {{Mac Malware of 2016}},
date = {2017-01-01},
organization = {Objective-See},
url = {https://objective-see.com/blog/blog_0x16.html},
language = {English},
urldate = {2020-01-09}
}
Mac Malware of 2016
KeRanger Keydnap Komplex Laoshu MacInstaller MacVX Mokes WireLurker XSLCmd |
2016-12-15 ⋅ Palo Alto Networks Unit 42 ⋅ Robert Falcone, Bryan Lee
@online{falcone:20161215:let:d1d1011,
author = {Robert Falcone and Bryan Lee},
title = {{Let It Ride: The Sofacy Group’s DealersChoice Attacks Continue}},
date = {2016-12-15},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/unit42-let-ride-sofacy-groups-dealerschoice-attacks-continue/},
language = {English},
urldate = {2020-01-07}
}
Let It Ride: The Sofacy Group’s DealersChoice Attacks Continue
APT28 |
2016-10-20 ⋅ ESET Research ⋅ ESET Research
@techreport{research:20161020:en:e2e6603,
author = {ESET Research},
title = {{En Route with Sednit Part 2: Observing the Comings and Goings}},
date = {2016-10-20},
institution = {ESET Research},
url = {http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf},
language = {English},
urldate = {2019-10-25}
}
En Route with Sednit Part 2: Observing the Comings and Goings
X-Agent Sedreco X-Agent XTunnel |
2016-10-17 ⋅ Palo Alto Networks Unit 42 ⋅ Robert Falcone, Bryan Lee
@online{falcone:20161017:dealerschoice:14aaca9,
author = {Robert Falcone and Bryan Lee},
title = {{‘DealersChoice’ is Sofacy’s Flash Player Exploit Platform}},
date = {2016-10-17},
organization = {Palo Alto Networks Unit 42},
url = {https://researchcenter.paloaltonetworks.com/2016/10/unit42-dealerschoice-sofacys-flash-player-exploit-platform/},
language = {English},
urldate = {2019-12-20}
}
‘DealersChoice’ is Sofacy’s Flash Player Exploit Platform
APT28 |
2016-10-10 ⋅ BBC ⋅ Gordon Corera
@online{corera:20161010:how:29d38b3,
author = {Gordon Corera},
title = {{How France's TV5 was almost destroyed by 'Russian hackers'}},
date = {2016-10-10},
organization = {BBC},
url = {https://www.bbc.com/news/technology-37590375},
language = {English},
urldate = {2020-01-09}
}
How France's TV5 was almost destroyed by 'Russian hackers'
APT28 |
2016-09-27 ⋅ Malwarebytes ⋅ Thomas Reed
@online{reed:20160927:komplex:0cd401d,
author = {Thomas Reed},
title = {{Komplex Mac backdoor answers old questions}},
date = {2016-09-27},
organization = {Malwarebytes},
url = {https://blog.malwarebytes.com/threat-analysis/2016/09/komplex-mac-backdoor-answers-old-questions/},
language = {English},
urldate = {2019-12-20}
}
Komplex Mac backdoor answers old questions
Komplex |
2016-09-26 ⋅ Palo Alto Networks Unit 42 ⋅ Dani Creus, Tyler Halfpop, Robert Falcone
@online{creus:20160926:sofacys:6ddbb81,
author = {Dani Creus and Tyler Halfpop and Robert Falcone},
title = {{Sofacy’s ‘Komplex’ OS X Trojan}},
date = {2016-09-26},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/unit42-sofacys-komplex-os-x-trojan/},
language = {English},
urldate = {2020-01-13}
}
Sofacy’s ‘Komplex’ OS X Trojan
APT28 |
2016-09-26 ⋅ Palo Alto Networks Unit 42 ⋅ Dani Creus, Tyler Halfpop, Robert Falcone
@online{creus:20160926:sofacys:2c11dc9,
author = {Dani Creus and Tyler Halfpop and Robert Falcone},
title = {{Sofacy’s ‘Komplex’ OS X Trojan}},
date = {2016-09-26},
organization = {Palo Alto Networks Unit 42},
url = {http://researchcenter.paloaltonetworks.com/2016/09/unit42-sofacys-komplex-os-x-trojan/},
language = {English},
urldate = {2019-12-20}
}
Sofacy’s ‘Komplex’ OS X Trojan
Komplex |
2016-09-20 ⋅ Deutsche Welle ⋅ ipj, kl
@online{ipj:20160920:hackers:fae1710,
author = {ipj and kl},
title = {{Hackers lurking, parliamentarians told}},
date = {2016-09-20},
organization = {Deutsche Welle},
url = {https://www.dw.com/en/hackers-lurking-parliamentarians-told/a-19564630},
language = {English},
urldate = {2020-09-15}
}
Hackers lurking, parliamentarians told
APT28 |
2016-09-11 ⋅ ESET Research ⋅ ESET Research
@techreport{research:20160911:en:28dbd06,
author = {ESET Research},
title = {{En Route with Sednit - Part 3: A Mysterious Downloader}},
date = {2016-09-11},
institution = {ESET Research},
url = {http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part3.pdf},
language = {English},
urldate = {2019-10-12}
}
En Route with Sednit - Part 3: A Mysterious Downloader
Downdelph |
2016-08-23 ⋅ International Business Times ⋅ Hyacinth Mascarenhas
@online{mascarenhas:20160823:russian:9531f82,
author = {Hyacinth Mascarenhas},
title = {{Russian hackers 'Fancy Bear' likely breached Olympic drug-testing agency and DNC, experts say}},
date = {2016-08-23},
organization = {International Business Times},
url = {https://www.ibtimes.co.uk/russian-hackers-fancy-bear-likely-breached-olympic-drug-testing-agency-dnc-experts-say-1577508},
language = {English},
urldate = {2020-09-15}
}
Russian hackers 'Fancy Bear' likely breached Olympic drug-testing agency and DNC, experts say
APT28 |
2016-08 ⋅ ESET Research ⋅ ESET Research
@techreport{research:201608:en:0617083,
author = {ESET Research},
title = {{En Route with Sednit - Part 1: Approaching the Target}},
date = {2016-08},
institution = {ESET Research},
url = {http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part1.pdf},
language = {English},
urldate = {2019-12-10}
}
En Route with Sednit - Part 1: Approaching the Target
Komplex Seduploader |
2016-06-15 ⋅ CrowdStrike ⋅ Dmitri Alperovitch
@online{alperovitch:20160615:bears:604c1d9,
author = {Dmitri Alperovitch},
title = {{Bears in the Midst: Intrusion into the Democratic National Committee}},
date = {2016-06-15},
organization = {CrowdStrike},
url = {https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/},
language = {English},
urldate = {2022-03-14}
}
Bears in the Midst: Intrusion into the Democratic National Committee
X-Agent ATI-Agent SEADADDY Seduploader X-Agent XTunnel APT28 |
2016-06-14 ⋅ Palo Alto Networks Unit 42 ⋅ Robert Falcone, Bryan Lee
@online{falcone:20160614:new:0c98099,
author = {Robert Falcone and Bryan Lee},
title = {{New Sofacy Attacks Against US Government Agency}},
date = {2016-06-14},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/unit42-new-sofacy-attacks-against-us-government-agency/},
language = {English},
urldate = {2019-10-29}
}
New Sofacy Attacks Against US Government Agency
APT28 |
2016-06-14 ⋅ Palo Alto Networks Unit 42 ⋅ Robert Falcone, Bryan Lee
@online{falcone:20160614:new:b51d1ab,
author = {Robert Falcone and Bryan Lee},
title = {{New Sofacy Attacks Against US Government Agency}},
date = {2016-06-14},
organization = {Palo Alto Networks Unit 42},
url = {https://researchcenter.paloaltonetworks.com/2016/06/unit42-new-sofacy-attacks-against-us-government-agency/},
language = {English},
urldate = {2020-09-15}
}
New Sofacy Attacks Against US Government Agency
Seduploader APT28 |
2016-02-12 ⋅ Palo Alto Networks Unit 42 ⋅ Bryan Lee, Rob Downs
@online{lee:20160212:look:1483b5a,
author = {Bryan Lee and Rob Downs},
title = {{A Look Into Fysbis: Sofacy’s Linux Backdoor}},
date = {2016-02-12},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/a-look-into-fysbis-sofacys-linux-backdoor/},
language = {English},
urldate = {2020-01-13}
}
A Look Into Fysbis: Sofacy’s Linux Backdoor
X-Agent |
2016-02-12 ⋅ Palo Alto Networks Unit 42 ⋅ Bryan Lee, Rob Downs
@online{lee:20160212:look:4113ea1,
author = {Bryan Lee and Rob Downs},
title = {{A Look Into Fysbis: Sofacy’s Linux Backdoor}},
date = {2016-02-12},
organization = {Palo Alto Networks Unit 42},
url = {http://researchcenter.paloaltonetworks.com/2016/02/a-look-into-fysbis-sofacys-linux-backdoor/},
language = {English},
urldate = {2019-12-20}
}
A Look Into Fysbis: Sofacy’s Linux Backdoor
X-Agent |
2016-01 ⋅ FireEye ⋅ Michael Bailey
@techreport{bailey:201601:matryoshka:3c7753f,
author = {Michael Bailey},
title = {{MATRYOSHKA MINING}},
date = {2016-01},
institution = {FireEye},
url = {https://www2.fireeye.com/rs/848-DID-242/images/wp-mandiant-matryoshka-mining.pdf},
language = {English},
urldate = {2019-11-27}
}
MATRYOSHKA MINING
APT28 |
2015-12-17 ⋅ Bitdefender ⋅ Bitdefender
@techreport{bitdefender:20151217:apt28:fca586f,
author = {Bitdefender},
title = {{APT28 Under the Scope: A Journey into Exfiltrating Intelligence and Government Information}},
date = {2015-12-17},
institution = {Bitdefender},
url = {https://download.bitdefender.com/resources/media/materials/white-papers/en/Bitdefender_In-depth_analysis_of_APT28%E2%80%93The_Political_Cyber-Espionage.pdf},
language = {English},
urldate = {2020-01-09}
}
APT28 Under the Scope: A Journey into Exfiltrating Intelligence and Government Information
X-Agent XP PrivEsc (CVE-2014-4076) |
2015-12-04 ⋅ Kaspersky Labs ⋅ GReAT
@online{great:20151204:sofacy:664b5a8,
author = {GReAT},
title = {{Sofacy APT hits high profile targets with updated toolset}},
date = {2015-12-04},
organization = {Kaspersky Labs},
url = {https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/},
language = {English},
urldate = {2019-12-20}
}
Sofacy APT hits high profile targets with updated toolset
Sedreco |
2015-12-04 ⋅ Kaspersky Labs ⋅ GReAT
@online{great:20151204:sofacy:b437b35,
author = {GReAT},
title = {{Sofacy APT hits high profile targets with updated toolset}},
date = {2015-12-04},
organization = {Kaspersky Labs},
url = {https://securelist.com/sofacy-apt-hits-high-profile-targets-with-updated-toolset/72924/},
language = {English},
urldate = {2020-08-30}
}
Sofacy APT hits high profile targets with updated toolset
Coreshell Sedreco Seduploader X-Agent APT28 |
2015-11-20 ⋅ Microsoft ⋅ Microsoft
@techreport{microsoft:20151120:microsoft:d41c5ad,
author = {Microsoft},
title = {{Microsoft Security Intelligence Report Volume 19}},
date = {2015-11-20},
institution = {Microsoft},
url = {http://download.microsoft.com/download/4/4/C/44CDEF0E-7924-4787-A56A-16261691ACE3/Microsoft_Security_Intelligence_Report_Volume_19_English.pdf},
language = {English},
urldate = {2020-01-13}
}
Microsoft Security Intelligence Report Volume 19
XTunnel |
2015-10-22 ⋅ Trend Micro ⋅ Feike Hacquebord
@online{hacquebord:20151022:pawn:8231722,
author = {Feike Hacquebord},
title = {{Pawn Storm Targets MH17 Investigation Team}},
date = {2015-10-22},
organization = {Trend Micro},
url = {https://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-targets-mh17-investigation-team/},
language = {English},
urldate = {2020-01-10}
}
Pawn Storm Targets MH17 Investigation Team
APT28 |
2015-10-13 ⋅ Trend Micro ⋅ Brooks Li, Feike Hacquebord, Peter Pi
@online{li:20151013:new:34dc6b1,
author = {Brooks Li and Feike Hacquebord and Peter Pi},
title = {{New Adobe Flash Zero-Day Used in Pawn Storm Campaign Targeting Foreign Affairs Ministries}},
date = {2015-10-13},
organization = {Trend Micro},
url = {http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/},
language = {English},
urldate = {2019-10-15}
}
New Adobe Flash Zero-Day Used in Pawn Storm Campaign Targeting Foreign Affairs Ministries
Seduploader |
2015-10-13 ⋅ Trend Micro ⋅ Brooks Li, Feike Hacquebord, Peter Pi
@online{li:20151013:new:f451b34,
author = {Brooks Li and Feike Hacquebord and Peter Pi},
title = {{New Adobe Flash Zero-Day Used in Pawn Storm Campaign Targeting Foreign Affairs Ministries}},
date = {2015-10-13},
organization = {Trend Micro},
url = {https://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/},
language = {English},
urldate = {2019-12-19}
}
New Adobe Flash Zero-Day Used in Pawn Storm Campaign Targeting Foreign Affairs Ministries
APT28 |
2015-09-01 ⋅ Wikipedia ⋅ Various
@online{various:20150901:fancy:d2f6475,
author = {Various},
title = {{Fancy Bear}},
date = {2015-09-01},
organization = {Wikipedia},
url = {https://en.wikipedia.org/wiki/Fancy_Bear},
language = {English},
urldate = {2020-01-06}
}
Fancy Bear
APT28 |
2015-09-01 ⋅ Wikipedia ⋅ Various
@online{various:20150901:fancy:3ed81e7,
author = {Various},
title = {{Fancy Bear}},
date = {2015-09-01},
organization = {Wikipedia},
url = {https://en.wikipedia.org/wiki/Sofacy_Group},
language = {English},
urldate = {2020-01-13}
}
Fancy Bear
APT28 |
2015-08-27 ⋅ Electronic Frontier Foundation ⋅ Cooper Quintin
@online{quintin:20150827:new:b79e5c0,
author = {Cooper Quintin},
title = {{New Spear Phishing Campaign Pretends to be EFF}},
date = {2015-08-27},
organization = {Electronic Frontier Foundation},
url = {https://www.eff.org/deeplinks/2015/08/new-spear-phishing-campaign-pretends-be-eff},
language = {English},
urldate = {2020-01-06}
}
New Spear Phishing Campaign Pretends to be EFF
APT28 |
2015-08 ⋅ root9b ⋅ root9b
@techreport{root9b:201508:technical:fff6a0b,
author = {root9b},
title = {{TECHNICAL FOLLOW UP - APT28}},
date = {2015-08},
institution = {root9b},
url = {https://www.root9b.com/sites/default/files/whitepapers/root9b_follow_up_report_apt28.pdf},
language = {English},
urldate = {2020-01-08}
}
TECHNICAL FOLLOW UP - APT28
XTunnel |
2015-06-19 ⋅ London South East ⋅ Alliance News
@online{news:20150619:russian:7295c92,
author = {Alliance News},
title = {{Russian Hackers Suspected In Cyberattack On German Parliament}},
date = {2015-06-19},
organization = {London South East},
url = {https://www.lse.co.uk/AllNews.asp?code=kwdwehme&headline=Russian_Hackers_Suspected_In_Cyberattack_On_German_Parliament},
language = {English},
urldate = {2020-09-15}
}
Russian Hackers Suspected In Cyberattack On German Parliament
APT28 |
2015-06-19 ⋅ Netzpolitik.org ⋅ Claudio Guarnieri
@online{guarnieri:20150619:digital:6c1a11b,
author = {Claudio Guarnieri},
title = {{Digital Attack on German Parliament: Investigative Report on the Hack of the Left Party Infrastructure in Bundestag}},
date = {2015-06-19},
organization = {Netzpolitik.org},
url = {https://netzpolitik.org/2015/digital-attack-on-german-parliament-investigative-report-on-the-hack-of-the-left-party-infrastructure-in-bundestag/},
language = {English},
urldate = {2020-01-10}
}
Digital Attack on German Parliament: Investigative Report on the Hack of the Left Party Infrastructure in Bundestag
XTunnel APT28 |
2015-04-18 ⋅ FireEye ⋅ Dan Caselden, Yasir Khalid, James “Tom” Bennett, Genwei Jiang, Corbin Souffrant, Joshua Homan, Jonathan Wrolstad, Chris Phillips, Darien Kin
@online{caselden:20150418:operation:f2f3cba,
author = {Dan Caselden and Yasir Khalid and James “Tom” Bennett and Genwei Jiang and Corbin Souffrant and Joshua Homan and Jonathan Wrolstad and Chris Phillips and Darien Kin},
title = {{Operation RussianDoll: Adobe & Windows Zero-Day Exploits Likely Leveraged by Russia’s APT28 in Highly-Targeted Attack}},
date = {2015-04-18},
organization = {FireEye},
url = {https://www.fireeye.com/blog/threat-research/2015/04/probable_apt28_useo.html},
language = {English},
urldate = {2019-10-16}
}
Operation RussianDoll: Adobe & Windows Zero-Day Exploits Likely Leveraged by Russia’s APT28 in Highly-Targeted Attack
APT28 |
2015-02-04 ⋅ Trend Micro ⋅ Lambert Sun, Brooks Hong, Feike Hacquebord
@online{sun:20150204:pawn:58d080c,
author = {Lambert Sun and Brooks Hong and Feike Hacquebord},
title = {{Pawn Storm Update: iOS Espionage App Found}},
date = {2015-02-04},
organization = {Trend Micro},
url = {https://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-update-ios-espionage-app-found/},
language = {English},
urldate = {2020-05-18}
}
Pawn Storm Update: iOS Espionage App Found
X-Agent |
2014-11-10 ⋅ Blaze's Security Blog ⋅ BartBlaze
@online{bartblaze:20141110:thoughts:d7d0d68,
author = {BartBlaze},
title = {{Thoughts on Absolute Computrace}},
date = {2014-11-10},
organization = {Blaze's Security Blog},
url = {https://bartblaze.blogspot.de/2014/11/thoughts-on-absolute-computrace.html},
language = {English},
urldate = {2019-11-26}
}
Thoughts on Absolute Computrace
Computrace |
2014-10-27 ⋅ Trend Micro ⋅ Loucif Kharouni, Feike Hacquebord, Numaan Huq, Jim Gogolinski, Fernando Mercês, Alfred Remorin, Douglas Otis
@techreport{kharouni:20141027:operation:1b13f15,
author = {Loucif Kharouni and Feike Hacquebord and Numaan Huq and Jim Gogolinski and Fernando Mercês and Alfred Remorin and Douglas Otis},
title = {{Operation Pawn Storm: Using Decoys to Evade Detection}},
date = {2014-10-27},
institution = {Trend Micro},
url = {https://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-operation-pawn-storm.pdf},
language = {English},
urldate = {2020-09-15}
}
Operation Pawn Storm: Using Decoys to Evade Detection
Sedreco Seduploader APT28 |
2014-09-05 ⋅ Google ⋅ Neel Mehta, Billy Leonard, Shane Huntiey
@techreport{mehta:20140905:peering:8ce5720,
author = {Neel Mehta and Billy Leonard and Shane Huntiey},
title = {{Peering Into the Aquarium: Analysis of a Sophisticated Multi-Stage Malware Family}},
date = {2014-09-05},
institution = {Google},
url = {https://assets.documentcloud.org/documents/3461560/Google-Aquarium-Clean.pdf},
language = {English},
urldate = {2020-07-30}
}
Peering Into the Aquarium: Analysis of a Sophisticated Multi-Stage Malware Family
X-Agent |
2014-08-11 ⋅ Prevenity
@online{prevenity:20140811:mht:d828ead,
author = {Prevenity},
title = {{mht, MS12-27 and * malware * .info}},
date = {2014-08-11},
url = {http://malware.prevenity.com/2014/08/malware-info.html},
language = {Polish},
urldate = {2019-11-28}
}
mht, MS12-27 and * malware * .info
Coreshell |
2014 ⋅ FireEye ⋅ FireEye
@techreport{fireeye:2014:apt28:277f9ab,
author = {FireEye},
title = {{APT28: A Windows into Russia's Cyber Espionage Operations?}},
date = {2014},
institution = {FireEye},
url = {https://www2.fireeye.com/rs/fireye/images/rpt-apt28.pdf},
language = {English},
urldate = {2019-12-04}
}
APT28: A Windows into Russia's Cyber Espionage Operations?
OLDBAIT |
2014 ⋅ FireEye ⋅ FireEye
@techreport{fireeye:2014:apt28:27799d1,
author = {FireEye},
title = {{APT28}},
date = {2014},
institution = {FireEye},
url = {http://www2.fireeye.com/rs/fireye/images/rpt-apt28.pdf},
language = {English},
urldate = {2020-01-08}
}
APT28
Coreshell Sedreco X-Agent |
2012-12-15 ⋅ Malware Reversing Blog ⋅ R136a1
@online{r136a1:20121215:disclosure:c36a5a8,
author = {R136a1},
title = {{Disclosure of another 0day malware - Initial Dropper and Downloader (Part 1)}},
date = {2012-12-15},
organization = {Malware Reversing Blog},
url = {http://www.malware-reversing.com/2012/12/3-disclosure-of-another-0day-malware.html},
language = {English},
urldate = {2020-01-06}
}
Disclosure of another 0day malware - Initial Dropper and Downloader (Part 1)
Coreshell |
2012-12-15 ⋅ R136a1
@online{r136a1:20121215:disclosure:fdfe8f2,
author = {R136a1},
title = {{Disclosure of another 0day malware - Analysis of 2nd Dropper and 3rd Dropper (Part 2)}},
date = {2012-12-15},
url = {http://www.malware-reversing.com/2012/12/3-disclosure-of-another-0day-malware_15.html},
language = {English},
urldate = {2019-12-31}
}
Disclosure of another 0day malware - Analysis of 2nd Dropper and 3rd Dropper (Part 2)
Sedreco |
2010-05-31 ⋅ Trend Micro ⋅ Joseph Cepe
@techreport{cepe:20100531:sasfis:c0eab28,
author = {Joseph Cepe},
title = {{SASFIS Malware Uses a New Trick}},
date = {2010-05-31},
institution = {Trend Micro},
url = {https://aptnotes.malwareconfig.com/web/viewer.html?file=../APTnotes/2014/apt28.pdf},
language = {English},
urldate = {2020-01-08}
}
SASFIS Malware Uses a New Trick
APT28 |