SYMBOLCOMMON_NAMEaka. SYNONYMS

APT33  (Back to overview)

aka: APT 33, Elfin, MAGNALLIUM, Refined Kitten, HOLMIUM, COBALT TRINITY

Our analysis reveals that APT33 is a capable group that has carried out cyber espionage operations since at least 2013. We assess APT33 works at the behest of the Iranian government.


Associated Families
win.filerase win.powerband ps1.powerton win.poshc2 win.nanocore win.turnedup win.netwire win.remcos win.shapeshift win.darkcomet win.dropshot win.pupy win.quasar_rat

References
2020-07-30SpamhausSpamhaus Malware Labs
@techreport{labs:20200730:spamhaus:038546d, author = {Spamhaus Malware Labs}, title = {{Spamhaus Botnet Threat Update Q2 2020}}, date = {2020-07-30}, institution = {Spamhaus}, url = {https://www.spamhaus.org/news/images/botnet-report-2020-q2/2020-q2-spamhaus-botnet-threat-report.pdf}, language = {English}, urldate = {2020-07-30} } Spamhaus Botnet Threat Update Q2 2020
AdWind Agent Tesla Arkei Stealer AsyncRAT Ave Maria Azorult DanaBot Emotet IcedID ISFB KPOT Stealer Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Pony Raccoon RedLine Stealer Remcos Zloader
2020-07-14SophosLabs UncutMarkel Picado, Sean Gallagher
@online{picado:20200714:raticate:85d260a, author = {Markel Picado and Sean Gallagher}, title = {{RATicate upgrades “RATs as a Service” attacks with commercial “crypter”}}, date = {2020-07-14}, organization = {SophosLabs Uncut}, url = {https://news.sophos.com/en-us/2020/07/14/raticate-rats-as-service-with-commercial-crypter/?cmp=30728}, language = {English}, urldate = {2020-07-15} } RATicate upgrades “RATs as a Service” attacks with commercial “crypter”
LokiBot BetaBot CloudEyE NetWire RC
2020-07-13FireEyeAndrew Thompson, Aaron Stephens
@online{thompson:20200713:scandalous:15d59a2, author = {Andrew Thompson and Aaron Stephens}, title = {{SCANdalous! (External Detection Using Network Scan Data and Automation)}}, date = {2020-07-13}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/07/scandalous-external-detection-using-network-scan-data-and-automation.html}, language = {English}, urldate = {2020-07-15} } SCANdalous! (External Detection Using Network Scan Data and Automation)
POWERTON QUADAGENT PoshC2
2020-07-13Github (1d8)1d8
@online{1d8:20200713:remcos:531702d, author = {1d8}, title = {{Remcos RAT Macro Dropper Doc}}, date = {2020-07-13}, organization = {Github (1d8)}, url = {https://github.com/1d8/analyses/blob/master/RemcosDocDropper.MD}, language = {English}, urldate = {2020-07-16} } Remcos RAT Macro Dropper Doc
Remcos
2020-06-22MalwareLab.plMaciej Kotowicz
@online{kotowicz:20200622:venomrat:129ba02, author = {Maciej Kotowicz}, title = {{VenomRAT - new, hackforums grade, reincarnation of QuassarRAT}}, date = {2020-06-22}, organization = {MalwareLab.pl}, url = {https://blog.malwarelab.pl/posts/venom/}, language = {English}, urldate = {2020-06-25} } VenomRAT - new, hackforums grade, reincarnation of QuassarRAT
Quasar RAT Venom RAT
2020-06-18MicrosoftMicrosoft Threat Protection Intelligence Team
@online{team:20200618:inside:4d53bcc, author = {Microsoft Threat Protection Intelligence Team}, title = {{Inside Microsoft Threat Protection: Mapping attack chains from cloud to endpoint (APT33/HOLMIUM)}}, date = {2020-06-18}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2020/06/18/inside-microsoft-threat-protection-mapping-attack-chains-from-cloud-to-endpoint/}, language = {English}, urldate = {2020-06-19} } Inside Microsoft Threat Protection: Mapping attack chains from cloud to endpoint (APT33/HOLMIUM)
POWERTON
2020-06-17Nettitude LabsRob Bone
@online{bone:20200617:detecting:be87469, author = {Rob Bone}, title = {{Detecting PoshC2 – Indicators of Compromise}}, date = {2020-06-17}, organization = {Nettitude Labs}, url = {https://labs.nettitude.com/blog/detecting-poshc2-indicators-of-compromise/}, language = {English}, urldate = {2020-06-18} } Detecting PoshC2 – Indicators of Compromise
PoshC2
2020-06-15Amnesty InternationalAmnesty International
@online{international:20200615:india:2e4e60b, author = {Amnesty International}, title = {{India: Human Rights Defenders Targeted by a Coordinated Spyware Operation}}, date = {2020-06-15}, organization = {Amnesty International}, url = {https://www.amnesty.org/en/latest/research/2020/06/india-human-rights-defenders-targeted-by-a-coordinated-spyware-operation/}, language = {English}, urldate = {2020-06-16} } India: Human Rights Defenders Targeted by a Coordinated Spyware Operation
NetWire RC
2020-06-11Talos IntelligenceKendall McKay, Joe Marshall
@online{mckay:20200611:tor2mine:ee5dda6, author = {Kendall McKay and Joe Marshall}, title = {{Tor2Mine is up to their old tricks — and adds a few new ones}}, date = {2020-06-11}, organization = {Talos Intelligence}, url = {https://blog.talosintelligence.com/2020/06/tor2mine-is-up-to-their-old-tricks-and_11.html}, language = {English}, urldate = {2020-06-12} } Tor2Mine is up to their old tricks — and adds a few new ones
Azorult Remcos
2020-06-07Zero2Automated Blog0verfl0w_
@online{0verfl0w:20200607:dealing:b50665d, author = {0verfl0w_}, title = {{Dealing with Obfuscated Macros, Statically - NanoCore}}, date = {2020-06-07}, organization = {Zero2Automated Blog}, url = {https://zero2auto.com/2020/06/07/dealing-with-obfuscated-macros/}, language = {English}, urldate = {2020-06-11} } Dealing with Obfuscated Macros, Statically - NanoCore
Nanocore RAT
2020-05-29ZscalerSudeep Singh
@online{singh:20200529:shellreset:e80d2c8, author = {Sudeep Singh}, title = {{ShellReset RAT Spread Through Macro-Based Documents Using AppLocker Bypass}}, date = {2020-05-29}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/research/shellreset-rat-spread-through-macro-based-documents-using-applocker-bypass}, language = {English}, urldate = {2020-06-05} } ShellReset RAT Spread Through Macro-Based Documents Using AppLocker Bypass
Quasar RAT
2020-05-26CrowdStrikeGuillermo Taibo
@online{taibo:20200526:weaponized:0bca503, author = {Guillermo Taibo}, title = {{Weaponized Disk Image Files: Analysis, Trends and Remediation}}, date = {2020-05-26}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/weaponizing-disk-image-files-analysis/}, language = {English}, urldate = {2020-06-05} } Weaponized Disk Image Files: Analysis, Trends and Remediation
Nanocore RAT
2020-05-21MalwarebytesMalwarebytes Labs
@techreport{labs:20200521:cybercrime:d38d2da, author = {Malwarebytes Labs}, title = {{Cybercrime tactics and techniques}}, date = {2020-05-21}, institution = {Malwarebytes}, url = {https://resources.malwarebytes.com/files/2020/05/CTNT_Q1_2020_COVID-Report_Final.pdf}, language = {English}, urldate = {2020-06-03} } Cybercrime tactics and techniques
Ave Maria Azorult DanaBot Loki Password Stealer (PWS) NetWire RC
2020-05-14Lab52Dex
@online{dex:20200514:energy:43e92b4, author = {Dex}, title = {{The energy reserves in the Eastern Mediterranean Sea and a malicious campaign of APT10 against Turkey}}, date = {2020-05-14}, organization = {Lab52}, url = {https://lab52.io/blog/the-energy-reserves-in-the-eastern-mediterranean-sea-and-a-malicious-campaign-of-apt10-against-turkey/}, language = {English}, urldate = {2020-06-10} } The energy reserves in the Eastern Mediterranean Sea and a malicious campaign of APT10 against Turkey
Cobalt Strike HTran MimiKatz PlugX Quasar RAT
2020-05-14SophosLabsMarkel Picado
@online{picado:20200514:raticate:6334722, author = {Markel Picado}, title = {{RATicate: an attacker’s waves of information-stealing malware}}, date = {2020-05-14}, organization = {SophosLabs}, url = {https://news.sophos.com/en-us/2020/05/14/raticate/}, language = {English}, urldate = {2020-05-18} } RATicate: an attacker’s waves of information-stealing malware
Agent Tesla BetaBot BlackRemote Formbook Loki Password Stealer (PWS) NetWire RC NjRAT Remcos
2020-05-14360 Total Securitykate
@online{kate:20200514:vendetta:06e3cde, author = {kate}, title = {{Vendetta - new threat actor from Europe}}, date = {2020-05-14}, organization = {360 Total Security}, url = {https://blog.360totalsecurity.com/en/vendetta-new-threat-actor-from-europe/}, language = {English}, urldate = {2020-05-18} } Vendetta - new threat actor from Europe
Nanocore RAT Remcos
2020-04-270x00secDan Lisichkin
@online{lisichkin:20200427:master:1cfb192, author = {Dan Lisichkin}, title = {{Master of RATs - How to create your own Tracker}}, date = {2020-04-27}, organization = {0x00sec}, url = {https://0x00sec.org/t/master-of-rats-how-to-create-your-own-tracker/20848}, language = {English}, urldate = {2020-04-28} } Master of RATs - How to create your own Tracker
Quasar RAT
2020-04-15ZscalerSudeep Singh
@online{singh:20200415:multistage:c0330fa, author = {Sudeep Singh}, title = {{Multistage FreeDom loader used in Aggah Campaign to spread Nanocore and AZORult}}, date = {2020-04-15}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/research/multistage-freedom-loader-used-spread-azorult-and-nanocore-rat}, language = {English}, urldate = {2020-06-08} } Multistage FreeDom loader used in Aggah Campaign to spread Nanocore and AZORult
Azorult Nanocore RAT
2020-04-04MalwareInDepthMyrtus 0x0
@online{0x0:20200404:nanocore:6649008, author = {Myrtus 0x0}, title = {{Nanocore & CypherIT}}, date = {2020-04-04}, organization = {MalwareInDepth}, url = {https://malwareindepth.com/defeating-nanocore-and-cypherit/}, language = {English}, urldate = {2020-04-07} } Nanocore & CypherIT
Nanocore RAT
2020-04-02Cisco TalosVanja Svajcer
@online{svajcer:20200402:azorult:97b15f2, author = {Vanja Svajcer}, title = {{AZORult brings friends to the party}}, date = {2020-04-02}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/04/azorult-brings-friends-to-party.html}, language = {English}, urldate = {2020-04-07} } AZORult brings friends to the party
Azorult Remcos
2020-03-20BitdefenderLiviu Arsene
@online{arsene:20200320:5:46813c6, author = {Liviu Arsene}, title = {{5 Times More Coronavirus-themed Malware Reports during March}}, date = {2020-03-20}, organization = {Bitdefender}, url = {https://labs.bitdefender.com/2020/03/5-times-more-coronavirus-themed-malware-reports-during-march/?utm_campaign=twitter&utm_medium=twitter&utm_source=twitter}, language = {English}, urldate = {2020-03-26} } 5 Times More Coronavirus-themed Malware Reports during March
ostap HawkEye Keylogger Koadic Loki Password Stealer (PWS) Nanocore RAT Remcos
2020-03-18ProofpointAxel F, Sam Scholten
@online{f:20200318:coronavirus:8fe12a3, author = {Axel F and Sam Scholten}, title = {{Coronavirus Threat Landscape Update}}, date = {2020-03-18}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/coronavirus-threat-landscape-update}, language = {English}, urldate = {2020-03-26} } Coronavirus Threat Landscape Update
Agent Tesla Get2 ISFB Remcos
2020-03-05VinCSSDang Dinh Phuong
@online{phuong:20200305:re011:4496e8a, author = {Dang Dinh Phuong}, title = {{[RE011] Unpack crypter của malware Netwire bằng x64dbg}}, date = {2020-03-05}, organization = {VinCSS}, url = {https://blog.vincss.net/2020/03/re011-unpack-crypter-cua-malware-netwire-bang-x64dbg.html}, language = {Vietnamese}, urldate = {2020-03-11} } [RE011] Unpack crypter của malware Netwire bằng x64dbg
NetWire RC
2020-02-21ADEO DFIRADEO DFIR
@techreport{dfir:20200221:apt10:e9c3328, author = {ADEO DFIR}, title = {{APT10 Threat Analysis Report}}, date = {2020-02-21}, institution = {ADEO DFIR}, url = {https://adeo.com.tr/wp-content/uploads/2020/02/APT10_Report.pdf}, language = {English}, urldate = {2020-03-03} } APT10 Threat Analysis Report
CHINACHOPPER HTran MimiKatz PlugX Quasar RAT
2020-02-13TalosNick Biasini, Edmund Brumaghin
@online{biasini:20200213:threat:443d687, author = {Nick Biasini and Edmund Brumaghin}, title = {{Threat actors attempt to capitalize on coronavirus outbreak}}, date = {2020-02-13}, organization = {Talos}, url = {https://blog.talosintelligence.com/2020/02/coronavirus-themed-malware.html}, language = {English}, urldate = {2020-03-19} } Threat actors attempt to capitalize on coronavirus outbreak
Emotet Nanocore RAT Parallax RAT
2020-02-12TelsyTelsy
@online{telsy:20200212:meeting:085d775, author = {Telsy}, title = {{Meeting POWERBAND: The APT33 .NET POWERTON Variant}}, date = {2020-02-12}, organization = {Telsy}, url = {https://blog.telsy.com/meeting-powerband-the-apt33-net-powerton-variant/}, language = {English}, urldate = {2020-02-14} } Meeting POWERBAND: The APT33 .NET POWERTON Variant
POWERTON POWERBAND
2020-01-31ReversingLabsRobert Simmons
@online{simmons:20200131:rats:d8a4021, author = {Robert Simmons}, title = {{RATs in the Library: Remote Access Trojans Hide in Plain "Public" Site}}, date = {2020-01-31}, organization = {ReversingLabs}, url = {https://blog.reversinglabs.com/blog/rats-in-the-library}, language = {English}, urldate = {2020-02-03} } RATs in the Library: Remote Access Trojans Hide in Plain "Public" Site
CyberGate LimeRAT NjRAT Quasar RAT Revenge RAT
2020-01-26Brown Farinholt, Mohammad Rezaeirad, Damon McCoy, Kirill Levchenko
@techreport{farinholt:20200126:dark:9c2f434, author = {Brown Farinholt and Mohammad Rezaeirad and Damon McCoy and Kirill Levchenko}, title = {{Dark Matter: Uncovering the DarkComet RAT Ecosystem}}, date = {2020-01-26}, institution = {}, url = {https://www.sysnet.ucsd.edu/sysnet/miscpapers/darkmatter-www20.pdf}, language = {English}, urldate = {2020-03-07} } Dark Matter: Uncovering the DarkComet RAT Ecosystem
DarkComet
2020-01-23Recorded FutureInsikt Group
@techreport{group:20200123:european:c3ca9e3, author = {Insikt Group}, title = {{European Energy Sector Organization Targeted by PupyRAT Malware in Late 2019}}, date = {2020-01-23}, institution = {Recorded Future}, url = {https://go.recordedfuture.com/hubfs/reports/cta-2020-0123.pdf}, language = {English}, urldate = {2020-01-27} } European Energy Sector Organization Targeted by PupyRAT Malware in Late 2019
pupy pupy pupy
2020-01-19360kate
@online{kate:20200119:bayworld:2cc2212, author = {kate}, title = {{BayWorld event, Cyber Attack Against Foreign Trade Industry}}, date = {2020-01-19}, organization = {360}, url = {https://blog.360totalsecurity.com/en/bayworld-event-cyber-attack-against-foreign-trade-industry/}, language = {English}, urldate = {2020-02-03} } BayWorld event, Cyber Attack Against Foreign Trade Industry
Azorult Formbook Nanocore RAT Revenge RAT
2020-01-17JPCERT/CCTakayoshi Shiigi
@techreport{shiigi:20200117:looking:bf71db1, author = {Takayoshi Shiigi}, title = {{Looking back on the incidents in 2019}}, date = {2020-01-17}, institution = {JPCERT/CC}, url = {https://jsac.jpcert.or.jp/archive/2020/pdf/JSAC2020_0_JPCERT_en.pdf}, language = {English}, urldate = {2020-04-06} } Looking back on the incidents in 2019
TSCookie NodeRAT Emotet PoshC2 Quasar RAT
2020-01-01Github (nettitude)Nettitude
@online{nettitude:20200101:repository:640d828, author = {Nettitude}, title = {{Repository for Python Server for PoshC2}}, date = {2020-01-01}, organization = {Github (nettitude)}, url = {https://github.com/nettitude/PoshC2_Python/}, language = {English}, urldate = {2020-01-08} } Repository for Python Server for PoshC2
PoshC2
2020SecureworksSecureWorks
@online{secureworks:2020:cobalt:8d36ac3, author = {SecureWorks}, title = {{COBALT TRINITY}}, date = {2020}, organization = {Secureworks}, url = {https://www.secureworks.com/research/threat-profiles/cobalt-trinity}, language = {English}, urldate = {2020-05-23} } COBALT TRINITY
POWERTON pupy Imminent Monitor RAT Koadic Nanocore RAT NetWire RC PoshC2 APT33
2020SecureworksSecureWorks
@online{secureworks:2020:bronze:66f1290, author = {SecureWorks}, title = {{BRONZE RIVERSIDE}}, date = {2020}, organization = {Secureworks}, url = {https://www.secureworks.com/research/threat-profiles/bronze-riverside}, language = {English}, urldate = {2020-05-23} } BRONZE RIVERSIDE
Anel ChChes Cobalt Strike PlugX Poison Ivy Quasar RAT RedLeaves Stone Panda
2020SecureworksSecureWorks
@online{secureworks:2020:copper:e356116, author = {SecureWorks}, title = {{COPPER FIELDSTONE}}, date = {2020}, organization = {Secureworks}, url = {https://www.secureworks.com/research/threat-profiles/copper-fieldstone}, language = {English}, urldate = {2020-05-23} } COPPER FIELDSTONE
Crimson RAT DarkComet Luminosity RAT NjRAT Operation C-Major
2020SecureworksSecureWorks
@online{secureworks:2020:aluminum:af22ffd, author = {SecureWorks}, title = {{ALUMINUM SARATOGA}}, date = {2020}, organization = {Secureworks}, url = {https://www.secureworks.com/research/threat-profiles/aluminum-saratoga}, language = {English}, urldate = {2020-05-23} } ALUMINUM SARATOGA
BlackShades DarkComet Xtreme RAT Poison Ivy Quasar RAT Molerats
2019-12-12Trend MicroFeike Hacquebord, Cedric Pernet, Kenney Lu
@online{hacquebord:20191212:more:a1e84b7, author = {Feike Hacquebord and Cedric Pernet and Kenney Lu}, title = {{More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting}}, date = {2019-12-12}, organization = {Trend Micro}, url = {https://blog.trendmicro.com/trendlabs-security-intelligence/more-than-a-dozen-obfuscated-apt33-botnets-used-for-extreme-narrow-targeting/}, language = {English}, urldate = {2020-01-13} } More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting
APT33
2019-12-05Github (jeFF0Falltrades)Jeff Archer
@online{archer:20191205:poshc2:3066e19, author = {Jeff Archer}, title = {{PoshC2 (specifically as used by APT33)}}, date = {2019-12-05}, organization = {Github (jeFF0Falltrades)}, url = {https://github.com/jeFF0Falltrades/IoCs/blob/master/APT/poshc2_apt_33.md}, language = {English}, urldate = {2020-01-06} } PoshC2 (specifically as used by APT33)
PoshC2
2019-11-18Rewterz Information SecurityRewterz Information Security
@online{security:20191118:rewterz:29686ba, author = {Rewterz Information Security}, title = {{REWTERZ THREAT ALERT – IRANIAN APT USES JOB SCAMS TO LURE TARGETS}}, date = {2019-11-18}, organization = {Rewterz Information Security}, url = {http://www.rewterz.com/rewterz-news/rewterz-threat-alert-iranian-apt-uses-job-scams-to-lure-targets}, language = {English}, urldate = {2019-12-17} } REWTERZ THREAT ALERT – IRANIAN APT USES JOB SCAMS TO LURE TARGETS
PoshC2
2019-10-21FortinetXiaopeng Zhang, Chris Navarrete
@online{zhang:20191021:new:b72bcde, author = {Xiaopeng Zhang and Chris Navarrete}, title = {{New Variant of Remcos RAT Observed In the Wild}}, date = {2019-10-21}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/new-variant-of-remcos-rat-observed-in-the-wild.html}, language = {English}, urldate = {2019-11-21} } New Variant of Remcos RAT Observed In the Wild
Remcos
2019-09-26ProofpointBryan Campbell, Jeremy Hedges, Proofpoint Threat Insight Team
@online{campbell:20190926:new:d228362, author = {Bryan Campbell and Jeremy Hedges and Proofpoint Threat Insight Team}, title = {{New WhiteShadow downloader uses Microsoft SQL to retrieve malware}}, date = {2019-09-26}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/new-whiteshadow-downloader-uses-microsoft-sql-retrieve-malware}, language = {English}, urldate = {2020-02-26} } New WhiteShadow downloader uses Microsoft SQL to retrieve malware
WhiteShadow Agent Tesla Azorult Crimson RAT Formbook Nanocore RAT NetWire RC NjRAT Remcos
2019-09-19NSHCThreatRecon Team
@online{team:20190919:hagga:066e932, author = {ThreatRecon Team}, title = {{Hagga of SectorH01 continues abusing Bitly, Blogger and Pastebin to deliver RevengeRAT and NanoCore}}, date = {2019-09-19}, organization = {NSHC}, url = {https://threatrecon.nshc.net/2019/09/19/sectorh01-continues-abusing-web-services/}, language = {English}, urldate = {2020-01-08} } Hagga of SectorH01 continues abusing Bitly, Blogger and Pastebin to deliver RevengeRAT and NanoCore
Nanocore RAT Revenge RAT
2019-09-12AvastAdolf Středa, Luigino Camastra
@online{steda:20190912:tangle:204c26f, author = {Adolf Středa and Luigino Camastra}, title = {{The tangle of WiryJMPer’s obfuscation}}, date = {2019-09-12}, organization = {Avast}, url = {https://decoded.avast.io/adolfstreda/the-tangle-of-wiryjmpers-obfuscation/}, language = {English}, urldate = {2020-01-13} } The tangle of WiryJMPer’s obfuscation
NetWire RC
2019-09-07Dissecting MalwareMarius Genheimer
@online{genheimer:20190907:malicious:37195ec, author = {Marius Genheimer}, title = {{Malicious RATatouille}}, date = {2019-09-07}, organization = {Dissecting Malware}, url = {https://dissectingmalwa.re/malicious-ratatouille.html}, language = {English}, urldate = {2020-03-27} } Malicious RATatouille
Remcos
2019-08-25Github (threatland)ThreatLand
@online{threatland:20190825:nanocor:0ef5e7c, author = {ThreatLand}, title = {{Nanocor Sample}}, date = {2019-08-25}, organization = {Github (threatland)}, url = {https://github.com/threatland/TL-TROJAN/tree/master/TL.RAT/RAT.Win.Nanocore}, language = {English}, urldate = {2020-01-13} } Nanocor Sample
Nanocore RAT
2019-08-22Github (n1nj4sec)n1nj4sec
@online{n1nj4sec:20190822:pupy:a822ccd, author = {n1nj4sec}, title = {{Pupy RAT}}, date = {2019-08-22}, organization = {Github (n1nj4sec)}, url = {https://github.com/n1nj4sec/pupy}, language = {English}, urldate = {2020-01-07} } Pupy RAT
pupy pupy pupy
2019-08-22Youtube (OALabs)Sergei Frankoff
@online{frankoff:20190822:remcos:b86c5bd, author = {Sergei Frankoff}, title = {{Remcos RAT Unpacked From VB6 With x64dbg Debugger}}, date = {2019-08-22}, organization = {Youtube (OALabs)}, url = {https://www.youtube.com/watch?v=DIH4SvKuktM}, language = {English}, urldate = {2020-01-10} } Remcos RAT Unpacked From VB6 With x64dbg Debugger
Remcos
2019-07-22One Night in NorfolkKevin Perlow
@online{perlow:20190722:apt33:3258e71, author = {Kevin Perlow}, title = {{APT33 PowerShell Malware}}, date = {2019-07-22}, organization = {One Night in Norfolk}, url = {https://norfolkinfosec.com/apt33-powershell-malware/}, language = {English}, urldate = {2020-05-19} } APT33 PowerShell Malware
POWERTON
2019-06-24SymantecBenjamin Moench
@online{moench:20190624:backdoorpowerton:0fef32a, author = {Benjamin Moench}, title = {{Backdoor.Powerton}}, date = {2019-06-24}, organization = {Symantec}, url = {https://www.symantec.com/security-center/writeup/2019-062513-4935-99}, language = {English}, urldate = {2020-01-12} } Backdoor.Powerton
POWERTON
2019-06-19Check PointKobi Eisenkraft, Moshe Hayun
@online{eisenkraft:20190619:check:0a79b2b, author = {Kobi Eisenkraft and Moshe Hayun}, title = {{Check Point’s Threat Emulation Stops Large-Scale Phishing Campaign in Germany}}, date = {2019-06-19}, organization = {Check Point}, url = {https://blog.checkpoint.com/2019/06/19/sandblast-agent-phishing-germany-campaign-security-hack-ransomware/}, language = {English}, urldate = {2020-01-08} } Check Point’s Threat Emulation Stops Large-Scale Phishing Campaign in Germany
Remcos
2019-05-24enSiloBen Hunter
@online{hunter:20190524:uncovering:7d8776e, author = {Ben Hunter}, title = {{Uncovering new Activity by APT10}}, date = {2019-05-24}, organization = {enSilo}, url = {https://blog.ensilo.com/uncovering-new-activity-by-apt10}, language = {English}, urldate = {2020-01-13} } Uncovering new Activity by APT10
PlugX Quasar RAT
2019-05-20Twitter (@struppigel)Karsten Hahn
@online{hahn:20190520:yggdrasil:5a23fde, author = {Karsten Hahn}, title = {{Tweet on Yggdrasil / CinaRAT}}, date = {2019-05-20}, organization = {Twitter (@struppigel)}, url = {https://twitter.com/struppigel/status/1130455143504318466}, language = {English}, urldate = {2020-01-13} } Tweet on Yggdrasil / CinaRAT
Quasar RAT
2019-05-08Dr.WebDr.Web
@online{drweb:20190508:new:06a3aa5, author = {Dr.Web}, title = {{A new threat for macOS spreads as WhatsApp}}, date = {2019-05-08}, organization = {Dr.Web}, url = {https://news.drweb.ru/show/?i=13281&c=23}, language = {English}, urldate = {2020-01-08} } A new threat for macOS spreads as WhatsApp
NetWire RC
2019-05-08VMRayFrancis Montesino
@online{montesino:20190508:get:ed8ceb4, author = {Francis Montesino}, title = {{Get Smart with Enhanced Memory Dumping in VMRay Analyzer 3.0}}, date = {2019-05-08}, organization = {VMRay}, url = {https://www.vmray.com/cyber-security-blog/smart-memory-dumping/}, language = {English}, urldate = {2020-01-13} } Get Smart with Enhanced Memory Dumping in VMRay Analyzer 3.0
Remcos
2019-05-05GoggleHeadedHacker BlogJacob Pimental
@online{pimental:20190505:unpacking:3b96fc8, author = {Jacob Pimental}, title = {{Unpacking NanoCore Sample Using AutoIT}}, date = {2019-05-05}, organization = {GoggleHeadedHacker Blog}, url = {https://goggleheadedhacker.com/blog/post/11}, language = {English}, urldate = {2019-12-18} } Unpacking NanoCore Sample Using AutoIT
Nanocore RAT
2019-04-16FireEyeJohn Hultquist, Ben Read, Oleg Bondarenko, Chi-en Shen
@online{hultquist:20190416:spear:a0125cb, author = {John Hultquist and Ben Read and Oleg Bondarenko and Chi-en Shen}, title = {{Spear Phishing Campaign Targets Ukraine Government and Military; Infrastructure Reveals Potential Link to So-Called Luhansk People's Republic}}, date = {2019-04-16}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2019/04/spear-phishing-campaign-targets-ukraine-government.html}, language = {English}, urldate = {2019-12-20} } Spear Phishing Campaign Targets Ukraine Government and Military; Infrastructure Reveals Potential Link to So-Called Luhansk People's Republic
Quasar RAT Vermin
2019-03-27SymantecCritical Attack Discovery and Intelligence Team
@online{team:20190327:elfin:d90a330, author = {Critical Attack Discovery and Intelligence Team}, title = {{Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.}}, date = {2019-03-27}, organization = {Symantec}, url = {https://symantec-blogs.broadcom.com/blogs/threat-intelligence/elfin-apt33-espionage}, language = {English}, urldate = {2020-04-21} } Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.
DarkComet MimiKatz Nanocore RAT NetWire RC pupy Quasar RAT Remcos StoneDrill TURNEDUP APT33
2019-03-27SymantecSecurity Response Attack Investigation Team
@online{team:20190327:elfin:836cc39, author = {Security Response Attack Investigation Team}, title = {{Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.}}, date = {2019-03-27}, organization = {Symantec}, url = {https://www.symantec.com/blogs/threat-intelligence/elfin-apt33-espionage}, language = {English}, urldate = {2020-01-06} } Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.
DarkComet Nanocore RAT pupy Quasar RAT Remcos TURNEDUP APT33
2019-01-30Samip Pokharel
@online{pokharel:20190130:analysis:df83b7e, author = {Samip Pokharel}, title = {{Analysis of NetWiredRC trojan}}, date = {2019-01-30}, url = {https://maskop9.wordpress.com/2019/01/30/analysis-of-netwiredrc-trojan/}, language = {English}, urldate = {2020-01-13} } Analysis of NetWiredRC trojan
NetWire RC
2018-12-21FireEyeGeoff Ackerman, Rick Cole, Andrew Thompson, Alex Orleans, Nick Carr
@online{ackerman:20181221:overruled:74ac7b4, author = {Geoff Ackerman and Rick Cole and Andrew Thompson and Alex Orleans and Nick Carr}, title = {{OVERRULED: Containing a Potentially Destructive Adversary}}, date = {2018-12-21}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2018/12/overruled-containing-a-potentially-destructive-adversary.html}, language = {English}, urldate = {2019-12-20} } OVERRULED: Containing a Potentially Destructive Adversary
POWERTON PoshC2 pupy
2018-12-19McAfeeThomas Roccia, Jessica Saavedra-Morales, Christiaan Beek
@online{roccia:20181219:shamoon:8ffbc81, author = {Thomas Roccia and Jessica Saavedra-Morales and Christiaan Beek}, title = {{Shamoon Attackers Employ New Tool Kit to Wipe Infected Systems}}, date = {2018-12-19}, organization = {McAfee}, url = {https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems}, language = {English}, urldate = {2020-02-01} } Shamoon Attackers Employ New Tool Kit to Wipe Infected Systems
Filerase
2018-12-14SymantecCritical Attack Discovery and Intelligence Team
@online{team:20181214:shamoon:1f24fa5, author = {Critical Attack Discovery and Intelligence Team}, title = {{Shamoon: Destructive Threat Re-Emerges with New Sting in its Tail}}, date = {2018-12-14}, organization = {Symantec}, url = {https://symantec-blogs.broadcom.com/blogs/threat-intelligence/shamoon-destructive-threat-re-emerges-new-sting-its-tail}, language = {English}, urldate = {2020-04-21} } Shamoon: Destructive Threat Re-Emerges with New Sting in its Tail
DistTrack Filerase StoneDrill OilRig
2018-08-22Cisco TalosEdmund Brumaghin, Holger Unterbrink, Eric Kuhla, Lilia Gonzalez Medina
@online{brumaghin:20180822:picking:925912d, author = {Edmund Brumaghin and Holger Unterbrink and Eric Kuhla and Lilia Gonzalez Medina}, title = {{Picking Apart Remcos Botnet-In-A-Box}}, date = {2018-08-22}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2018/08/picking-apart-remcos.html}, language = {English}, urldate = {2019-10-23} } Picking Apart Remcos Botnet-In-A-Box
Remcos
2018-08-02Palo Alto Networks Unit 42Robert Falcone, David Fuertes, Josh Grunzweig, Kyle Wilhoit
@online{falcone:20180802:gorgon:06112b1, author = {Robert Falcone and David Fuertes and Josh Grunzweig and Kyle Wilhoit}, title = {{The Gorgon Group: Slithering Between Nation State and Cybercrime}}, date = {2018-08-02}, organization = {Palo Alto Networks Unit 42}, url = {https://researchcenter.paloaltonetworks.com/2018/08/unit42-gorgon-group-slithering-nation-state-cybercrime/}, language = {English}, urldate = {2019-12-20} } The Gorgon Group: Slithering Between Nation State and Cybercrime
Loki Password Stealer (PWS) Nanocore RAT NjRAT Quasar RAT Remcos Revenge RAT
2018-07-17ESET ResearchKaspars Osis
@online{osis:20180717:deep:56fcfcf, author = {Kaspars Osis}, title = {{A deep dive down the Vermin RAThole}}, date = {2018-07-17}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2018/07/17/deep-dive-vermin-rathole/}, language = {English}, urldate = {2019-11-14} } A deep dive down the Vermin RAThole
Quasar RAT Sobaken Vermin
2018-06-18Megabeets
@online{megabeets:20180618:decrypting:42e2d5f, author = {Megabeets}, title = {{Decrypting APT33’s Dropshot Malware with Radare2 and Cutter – Part 2}}, date = {2018-06-18}, url = {https://www.megabeets.net/decrypting-dropshot-with-radare2-and-cutter-part-2/}, language = {English}, urldate = {2019-10-14} } Decrypting APT33’s Dropshot Malware with Radare2 and Cutter – Part 2
DROPSHOT
2018-06-07VolexityMatthew Meltzer, Sean Koessel, Steven Adair
@online{meltzer:20180607:patchwork:5b8d3c8, author = {Matthew Meltzer and Sean Koessel and Steven Adair}, title = {{Patchwork APT Group Targets US Think Tanks}}, date = {2018-06-07}, organization = {Volexity}, url = {https://www.volexity.com/blog/2018/06/07/patchwork-apt-group-targets-us-think-tanks/}, language = {English}, urldate = {2020-01-08} } Patchwork APT Group Targets US Think Tanks
Quasar RAT Unidentified 047 Dropping Elephant
2018-05-21MegaBeetsItay Cohen
@online{cohen:20180521:decrypting:37d595c, author = {Itay Cohen}, title = {{Decrypting APT33’s Dropshot Malware with Radare2 and Cutter – Part 1}}, date = {2018-05-21}, organization = {MegaBeets}, url = {https://www.megabeets.net/decrypting-dropshot-with-radare2-and-cutter-part-1/}, language = {English}, urldate = {2019-07-10} } Decrypting APT33’s Dropshot Malware with Radare2 and Cutter – Part 1
DROPSHOT
2018-04-11CyberbitHod Gavriel, Boris Erbesfeld
@online{gavriel:20180411:new:9ed9a94, author = {Hod Gavriel and Boris Erbesfeld}, title = {{New ‘Early Bird’ Code Injection Technique Discovered}}, date = {2018-04-11}, organization = {Cyberbit}, url = {https://www.cyberbit.com/blog/endpoint-security/new-early-bird-code-injection-technique-discovered/}, language = {English}, urldate = {2020-03-03} } New ‘Early Bird’ Code Injection Technique Discovered
TURNEDUP
2018-03-30360 Threat IntelligenceQi Anxin Threat Intelligence Center
@online{center:20180330:analysis:4f1feb9, author = {Qi Anxin Threat Intelligence Center}, title = {{Analysis of the latest cyber attack activity of the APT organization against sensitive institutions in China}}, date = {2018-03-30}, organization = {360 Threat Intelligence}, url = {https://ti.360.net/blog/articles/analysis-of-apt-c-09-target-china/}, language = {Chinese}, urldate = {2020-01-13} } Analysis of the latest cyber attack activity of the APT organization against sensitive institutions in China
Quasar RAT
2018-03-02KrabsOnSecurityMr. Krabs
@online{krabs:20180302:analysing:7b1f12f, author = {Mr. Krabs}, title = {{Analysing Remcos RAT’s executable}}, date = {2018-03-02}, organization = {KrabsOnSecurity}, url = {https://krabsonsecurity.com/2018/03/02/analysing-remcos-rats-executable/}, language = {English}, urldate = {2019-07-31} } Analysing Remcos RAT’s executable
Remcos
2018-03-01My Online SecurityMy Online Security
@online{security:20180301:fake:7f835ef, author = {My Online Security}, title = {{Fake order spoofed from Finchers ltd Sankyo-Rubber delivers Remcos RAT via ACE attachments}}, date = {2018-03-01}, organization = {My Online Security}, url = {https://myonlinesecurity.co.uk/fake-order-spoofed-from-finchers-ltd-sankyo-rubber-delivers-remcos-rat-via-ace-attachments/}, language = {English}, urldate = {2020-01-13} } Fake order spoofed from Finchers ltd Sankyo-Rubber delivers Remcos RAT via ACE attachments
Remcos
2018-02-26Bleeping ComputerCatalin Cimpanu
@online{cimpanu:20180226:nanocore:4659d30, author = {Catalin Cimpanu}, title = {{Nanocore RAT Author Gets 33 Months in Prison}}, date = {2018-02-26}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/nanocore-rat-author-gets-33-months-in-prison/}, language = {English}, urldate = {2019-12-20} } Nanocore RAT Author Gets 33 Months in Prison
Nanocore RAT
2018-01-23RiskIQYonathan Klijnsma
@online{klijnsma:20180123:espionage:f3d28b0, author = {Yonathan Klijnsma}, title = {{Espionage Campaign Leverages Spear Phishing, RATs Against Turkish Defense Contractors}}, date = {2018-01-23}, organization = {RiskIQ}, url = {https://www.riskiq.com/blog/labs/spear-phishing-turkish-defense-contractors/}, language = {English}, urldate = {2019-12-24} } Espionage Campaign Leverages Spear Phishing, RATs Against Turkish Defense Contractors
Remcos
2018FireEyeFireEye
@online{fireeye:2018:apt38:20161b7, author = {FireEye}, title = {{APT38}}, date = {2018}, organization = {FireEye}, url = {https://content.fireeye.com/apt/rpt-apt38}, language = {English}, urldate = {2020-01-13} } APT38
Bitsran BLINDTOAD BOOTWRECK Contopee DarkComet DYEPACK HOTWAX NESTEGG PowerRatankba REDSHAWL WORMHOLE Lazarus Group
2017-12-22Malware Traffic AnalysisBrad Duncan
@online{duncan:20171222:malspam:4a3fd87, author = {Brad Duncan}, title = {{MALSPAM USES CVE-2017-0199 TO DISTRIBUTE REMCOS RAT}}, date = {2017-12-22}, organization = {Malware Traffic Analysis}, url = {http://malware-traffic-analysis.net/2017/12/22/index.html}, language = {English}, urldate = {2019-07-11} } MALSPAM USES CVE-2017-0199 TO DISTRIBUTE REMCOS RAT
Remcos
2017-12-11Trend MicroDaniel Lunghi, Jaromír Hořejší, Cedric Pernet
@online{lunghi:20171211:untangling:5f00f99, author = {Daniel Lunghi and Jaromír Hořejší and Cedric Pernet}, title = {{Untangling the Patchwork Cyberespionage Group}}, date = {2017-12-11}, organization = {Trend Micro}, url = {https://documents.trendmicro.com/assets/tech-brief-untangling-the-patchwork-cyberespionage-group.pdf?platform=hootsuite}, language = {English}, urldate = {2019-10-21} } Untangling the Patchwork Cyberespionage Group
Quasar RAT
2017-12-06CiscoHolger Unterbrink, Christopher Marczewski
@online{unterbrink:20171206:recam:2790363, author = {Holger Unterbrink and Christopher Marczewski}, title = {{Recam Redux - DeConfusing ConfuserEx}}, date = {2017-12-06}, organization = {Cisco}, url = {http://blog.talosintelligence.com/2017/12/recam-redux-deconfusing-confuserex.html}, language = {English}, urldate = {2019-12-06} } Recam Redux - DeConfusing ConfuserEx
NetWire RC
2017-09-21FireEyeStuart Davis, Nick Carr
@online{davis:20170921:apt33:52822d2, author = {Stuart Davis and Nick Carr}, title = {{APT33: New Insights into Iranian Cyber Espionage Group}}, date = {2017-09-21}, organization = {FireEye}, url = {https://www.brighttalk.com/webcast/10703/275683}, language = {English}, urldate = {2019-12-20} } APT33: New Insights into Iranian Cyber Espionage Group
APT33
2017-09-20FireEyeJacqueline O’Leary, Josiah Kimble, Kelli Vanderlee, Nalani Fraser
@online{oleary:20170920:insights:27e8253, author = {Jacqueline O’Leary and Josiah Kimble and Kelli Vanderlee and Nalani Fraser}, title = {{Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware}}, date = {2017-09-20}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html}, language = {English}, urldate = {2019-12-20} } Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware
DROPSHOT Nanocore RAT NetWire RC SHAPESHIFT TURNEDUP APT33
2017-07-01Secrary Bloglasha
@online{lasha:20170701:remcos:984d85c, author = {lasha}, title = {{Remcos RAT}}, date = {2017-07-01}, organization = {Secrary Blog}, url = {https://secrary.com/ReversingMalware/RemcosRAT/}, language = {English}, urldate = {2020-01-09} } Remcos RAT
Remcos
2017-04PricewaterhouseCoopersPricewaterhouseCoopers
@techreport{pricewaterhousecoopers:201704:operation:cb50712, author = {PricewaterhouseCoopers}, title = {{Operation Cloud Hopper: Technical Annex}}, date = {2017-04}, institution = {PricewaterhouseCoopers}, url = {https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf}, language = {English}, urldate = {2019-10-15} } Operation Cloud Hopper: Technical Annex
ChChes PlugX Quasar RAT RedLeaves Trochilus RAT
2017-02-15Palo Alto Networks Unit 42Bryan Lee, Robert Falcone
@online{lee:20170215:magic:e0b1b72, author = {Bryan Lee and Robert Falcone}, title = {{Magic Hound Campaign Attacks Saudi Targets}}, date = {2017-02-15}, organization = {Palo Alto Networks Unit 42}, url = {https://researchcenter.paloaltonetworks.com/2017/02/unit42-magic-hound-campaign-attacks-saudi-targets/}, language = {English}, urldate = {2019-09-22} } Magic Hound Campaign Attacks Saudi Targets
Leash MPKBot pupy Rocket Kitten
2017-02-15SecureworksSecureWorks' Counter Threat Unit Research Team
@online{team:20170215:iranian:004ec5a, author = {SecureWorks' Counter Threat Unit Research Team}, title = {{Iranian PupyRAT Bites Middle Eastern Organizations}}, date = {2017-02-15}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations}, language = {English}, urldate = {2019-10-23} } Iranian PupyRAT Bites Middle Eastern Organizations
pupy Cleaver
2017-02-14FortinetFloser Bacurio, Joie Salvio
@online{bacurio:20170214:remcos:e924c55, author = {Floser Bacurio and Joie Salvio}, title = {{REMCOS: A New RAT In The Wild}}, date = {2017-02-14}, organization = {Fortinet}, url = {https://blog.fortinet.com/2017/02/14/remcos-a-new-rat-in-the-wild-2}, language = {English}, urldate = {2020-01-09} } REMCOS: A New RAT In The Wild
Remcos
2017-02-10JPCERT/CCShusei Tomonaga
@online{tomonaga:20170210:malware:4f2c9aa, author = {Shusei Tomonaga}, title = {{Malware that infects using PowerSploit}}, date = {2017-02-10}, organization = {JPCERT/CC}, url = {https://blog.cyber4sight.com/2017/02/malicious-powershell-script-analysis-indicates-shamoon-actors-used-pupy-rat/}, language = {Japanese}, urldate = {2020-01-08} } Malware that infects using PowerSploit
pupy
2017-01-30Palo Alto Networks Unit 42Mashav Sapir, Tomer Bar, Netanel Rimer, Taras Malivanchuk, Yaron Samuel, Simon Conant
@online{sapir:20170130:downeks:8ed6329, author = {Mashav Sapir and Tomer Bar and Netanel Rimer and Taras Malivanchuk and Yaron Samuel and Simon Conant}, title = {{Downeks and Quasar RAT Used in Recent Targeted Attacks Against Governments}}, date = {2017-01-30}, organization = {Palo Alto Networks Unit 42}, url = {http://researchcenter.paloaltonetworks.com/2017/01/unit42-downeks-and-quasar-rat-used-in-recent-targeted-attacks-against-governments}, language = {English}, urldate = {2019-12-20} } Downeks and Quasar RAT Used in Recent Targeted Attacks Against Governments
Quasar RAT
2016-11-28SecureworksIncident Reponse Team
@online{team:20161128:netwire:b81c423, author = {Incident Reponse Team}, title = {{NetWire RAT Steals Payment Card Data}}, date = {2016-11-28}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/netwire-rat-steals-payment-card-data}, language = {English}, urldate = {2019-12-18} } NetWire RAT Steals Payment Card Data
NetWire RC
2016-10-20Twitter (@malwrhunterteam)MalwareHunterTeam
@online{malwarehunterteam:20161020:quasar:f530cea, author = {MalwareHunterTeam}, title = {{Tweet on Quasar RAT}}, date = {2016-10-20}, organization = {Twitter (@malwrhunterteam)}, url = {https://twitter.com/malwrhunterteam/status/789153556255342596}, language = {English}, urldate = {2019-07-11} } Tweet on Quasar RAT
Quasar RAT
2016-06-03FireEyeYin Hong Chang, Sudeep Singh
@online{chang:20160603:sends:176f9ab, author = {Yin Hong Chang and Sudeep Singh}, title = {{APT Group Sends Spear Phishing Emails to Indian Government Officials}}, date = {2016-06-03}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2016/06/apt_group_sends_spea.html}, language = {English}, urldate = {2019-12-20} } APT Group Sends Spear Phishing Emails to Indian Government Officials
BreachRAT DarkComet Operation C-Major
2014-11-26CIRCLCIRCL
@online{circl:20141126:tr23:fb5d867, author = {CIRCL}, title = {{TR-23 Analysis - NetWiredRC malware}}, date = {2014-11-26}, organization = {CIRCL}, url = {https://www.circl.lu/pub/tr-23/}, language = {English}, urldate = {2020-01-09} } TR-23 Analysis - NetWiredRC malware
NetWire RC
2014-08-04Palo Alto Networks Unit 42Phil Da Silva, Rob Downs, Ryan Olson
@online{silva:20140804:new:826d436, author = {Phil Da Silva and Rob Downs and Ryan Olson}, title = {{New Release: Decrypting NetWire C2 Traffic}}, date = {2014-08-04}, organization = {Palo Alto Networks Unit 42}, url = {http://researchcenter.paloaltonetworks.com/2014/08/new-release-decrypting-netwire-c2-traffic/}, language = {English}, urldate = {2019-12-20} } New Release: Decrypting NetWire C2 Traffic
NetWire RC
2012-10-05MalwarebytesAdam Kujawa
@online{kujawa:20121005:dark:192d4aa, author = {Adam Kujawa}, title = {{Dark Comet 2: Electric Boogaloo}}, date = {2012-10-05}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2012/10/dark-comet-2-electric-boogaloo/}, language = {English}, urldate = {2019-12-20} } Dark Comet 2: Electric Boogaloo
DarkComet
2012-06-21Contagio DumpMila Parkour
@online{parkour:20120621:rat:2186087, author = {Mila Parkour}, title = {{RAT samples from Syrian Targeted attacks - Blackshades RAT, XTreme RAT, Dark Comet RAT used by Syrian Electronic Army}}, date = {2012-06-21}, organization = {Contagio Dump}, url = {http://contagiodump.blogspot.com/2012/06/rat-samples-from-syrian-targeted.html}, language = {English}, urldate = {2019-12-20} } RAT samples from Syrian Targeted attacks - Blackshades RAT, XTreme RAT, Dark Comet RAT used by Syrian Electronic Army
BlackShades DarkComet Terminator RAT
2012-06-09MalwarebytesAdam Kujawa
@online{kujawa:20120609:you:c8d15e0, author = {Adam Kujawa}, title = {{You dirty RAT! Part 1: DarkComet}}, date = {2012-06-09}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2012/06/you-dirty-rat-part-1-darkcomet/}, language = {English}, urldate = {2019-12-20} } You dirty RAT! Part 1: DarkComet
DarkComet

Credits: MISP Project