SYMBOL | COMMON_NAME | aka. SYNONYMS |
The Gelsemium group has been active since at least 2014 and was described in the past by a few security companies. Gelsemium’s name comes from one possible translation ESET found while reading a report from VenusTech who dubbed the group 狼毒草 for the first time. It’s the name of a genus of flowering plants belonging to the family Gelsemiaceae, Gelsemium elegans is the species that contains toxic compounds like Gelsemine, Gelsenicine and Gelsevirine, which ESET choses as names for the three components of this malware family.
2024-11-21
⋅
ESET Research
⋅
Unveiling WolfsBane: Gelsemium’s Linux counterpart to Gelsevirine FireWood WolfsBane Icesword |
2022-06-30
⋅
Kaspersky
⋅
The SessionManager IIS backdoor: a possibly overlooked GELSEMIUM artefact MimiKatz Owlproxy SessionManager |
2021-06-09
⋅
ESET Research
⋅
Gelsemium: When threat actors go gardening Gelsemium |
2018-08-15
⋅
Beijing Venus Information Security Tech
⋅
APT organization Lemons Threat to Attack Gelsemium |
2016-01-01
⋅
Verint
⋅
An Intelligence-Driven Approach to Cyber Defense Gelsemium |
2014-10-31
⋅
G Data
⋅
OPERATION “TOOHASH”: HOW TARGETED ATTACKS WORK Cohhoc ProjectWood Gelsemium |