SYMBOLCOMMON_NAMEaka. SYNONYMS

Greenbug  (Back to overview)


Greenbug was discovered targeting a range of organizations in the Middle East including companies in the aviation, energy, government, investment, and education sectors.


Associated Families
win.ismagent win.ismdoor

References
2022-07-18Palo Alto Networks Unit 42Unit 42
@online{42:20220718:evasive:ccfb062, author = {Unit 42}, title = {{Evasive Serpens}}, date = {2022-07-18}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/atoms/evasive-serpens/}, language = {English}, urldate = {2022-07-29} } Evasive Serpens
TwoFace ISMAgent ISMDoor OopsIE RDAT OilRig
2020-05-19SymantecCritical Attack Discovery and Intelligence Team
@online{team:20200519:sophisticated:023b1bd, author = {Critical Attack Discovery and Intelligence Team}, title = {{Sophisticated Espionage Group Turns Attention to Telecom Providers in South Asia}}, date = {2020-05-19}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/greenbug-espionage-telco-south-asia}, language = {English}, urldate = {2020-05-20} } Sophisticated Espionage Group Turns Attention to Telecom Providers in South Asia
ISMAgent ISMDoor
2019-08-22CywareCyware
@online{cyware:20190822:apt34:3439fde, author = {Cyware}, title = {{APT34: The Helix Kitten Cybercriminal Group Loves to Meow Middle Eastern and International Organizations}}, date = {2019-08-22}, organization = {Cyware}, url = {https://cyware.com/blog/apt34-the-helix-kitten-cybercriminal-group-loves-to-meow-middle-eastern-and-international-organizations-48ae}, language = {English}, urldate = {2021-06-29} } APT34: The Helix Kitten Cybercriminal Group Loves to Meow Middle Eastern and International Organizations
TwoFace BONDUPDATER POWRUNER QUADAGENT Helminth ISMAgent Karkoff LONGWATCH OopsIE PICKPOCKET RGDoor VALUEVAULT
2019-04-16Robert Falcone
@online{falcone:20190416:dns:fed953e, author = {Robert Falcone}, title = {{DNS Tunneling in the Wild: Overview of OilRig’s DNS Tunneling}}, date = {2019-04-16}, url = {https://unit42.paloaltonetworks.com/dns-tunneling-in-the-wild-overview-of-oilrigs-dns-tunneling/}, language = {English}, urldate = {2019-12-03} } DNS Tunneling in the Wild: Overview of OilRig’s DNS Tunneling
BONDUPDATER QUADAGENT Alma Communicator Helminth ISMAgent
2017-10-24ClearSkyClearSky Research Team
@online{team:20171024:iranian:44f6acc, author = {ClearSky Research Team}, title = {{Iranian Threat Agent Greenbug Impersonates Israeli High-Tech and Cyber Security Companies}}, date = {2017-10-24}, organization = {ClearSky}, url = {https://www.clearskysec.com/greenbug/}, language = {English}, urldate = {2019-12-02} } Iranian Threat Agent Greenbug Impersonates Israeli High-Tech and Cyber Security Companies
Greenbug
2017-10-24ClearSkyClearSky Research Team
@online{team:20171024:iranian:f9fddd8, author = {ClearSky Research Team}, title = {{Iranian Threat Agent Greenbug Impersonates Israeli High-Tech and Cyber Security Companies}}, date = {2017-10-24}, organization = {ClearSky}, url = {http://www.clearskysec.com/greenbug/}, language = {English}, urldate = {2020-01-13} } Iranian Threat Agent Greenbug Impersonates Israeli High-Tech and Cyber Security Companies
ISMDoor
2017-08-28ClearSkyClearSky Research Team
@online{team:20170828:recent:fab1e53, author = {ClearSky Research Team}, title = {{Recent ISMAgent Samples and Infrastructure by Iranian Threat Group GreenBug}}, date = {2017-08-28}, organization = {ClearSky}, url = {http://www.clearskysec.com/ismagent/}, language = {English}, urldate = {2019-12-19} } Recent ISMAgent Samples and Infrastructure by Iranian Threat Group GreenBug
ISMAgent
2017-07-27Palo Alto Networks Unit 42Robert Falcone, Bryan Lee
@online{falcone:20170727:oilrig:36046ef, author = {Robert Falcone and Bryan Lee}, title = {{OilRig Uses ISMDoor Variant; Possibly Linked to Greenbug Threat Group}}, date = {2017-07-27}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/unit42-oilrig-uses-ismdoor-variant-possibly-linked-greenbug-threat-group/}, language = {English}, urldate = {2019-11-16} } OilRig Uses ISMDoor Variant; Possibly Linked to Greenbug Threat Group
Greenbug
2017-05-02ThreatpostTom Spring
@online{spring:20170502:shamoon:56ac4ae, author = {Tom Spring}, title = {{Shamoon Collaborator Greenbug Adopts New Communication Tool}}, date = {2017-05-02}, organization = {Threatpost}, url = {https://threatpost.com/shamoon-collaborator-greenbug-adopts-new-communication-tool/125383/}, language = {English}, urldate = {2019-12-10} } Shamoon Collaborator Greenbug Adopts New Communication Tool
Greenbug
2017-01-23SymantecSymantec Security Response
@online{response:20170123:greenbug:a118a76, author = {Symantec Security Response}, title = {{Greenbug cyberespionage group targeting Middle East, possible links to Shamoon}}, date = {2017-01-23}, organization = {Symantec}, url = {https://web.archive.org/web/20190331181353/https://www.symantec.com/connect/blogs/greenbug-cyberespionage-group-targeting-middle-east-possible-links-shamoon}, language = {English}, urldate = {2020-04-21} } Greenbug cyberespionage group targeting Middle East, possible links to Shamoon
DistTrack ISMDoor Greenbug
2017-01-23SymantecSymantec Security Response
@online{response:20170123:greenbug:96eab4c, author = {Symantec Security Response}, title = {{Greenbug cyberespionage group targeting Middle East, possible links to Shamoon}}, date = {2017-01-23}, organization = {Symantec}, url = {https://www.symantec.com/connect/blogs/greenbug-cyberespionage-group-targeting-middle-east-possible-links-shamoon}, language = {English}, urldate = {2020-01-13} } Greenbug cyberespionage group targeting Middle East, possible links to Shamoon
DistTrack ISMDoor Greenbug

Credits: MISP Project