SYMBOLCOMMON_NAMEaka. SYNONYMS

IRIDIUM  (Back to overview)

aka: Sandworm, Seashell Blizzard

Resecurity’s research indicates that the attack on Parliament is a part of a multi-year cyberespionage campaign orchestrated by a nation-state actor whom we are calling IRIDIUM. This actor targets sensitive government, diplomatic, and military resources in the countries comprising the Five Eyes intelligence alliance (which includes Australia, Canada, New Zealand, the United Kingdom and the United States)


Associated Families
win.arguepatch win.roar_bat win.swiftslicer win.teledoor win.blackenergy win.caddywiper win.eternal_petya win.industroyer2 win.kapeka win.killdisk win.telebot win.rhadamanthys

References
2024-11-06Check Point ResearchCheck Point Research
CopyRh(ight)adamantys Campaign: Rhadamantys Exploits Intellectual Property Infringement Baits
Rhadamanthys
2024-10-23Cisco TalosEdmund Brumaghin, Holger Unterbrink, Jordyn Dunk, Nicole Hoffman
Highlighting TA866/Asylum Ambuscade Activity Since 2021
WasabiSeed Cobalt Strike csharp-streamer RAT Resident Rhadamanthys WarmCookie
2024-10-17SekoiaQuentin Bourgue, Sekoia TDR
ClickFix tactic: The Phantom Meet
Rhadamanthys Stealc
2024-09-26Recorded FutureInsikt Group
Rhadamanthys Stealer Adds Innovative AI Feature in Version 0.7.0
Rhadamanthys
2024-07-25SymantecSymantec
Growing Number of Threats Leveraging AI
Broomstick DBatLoader NetSupportManager RAT Rhadamanthys
2024-07-24Check Point ResearchAntonis Terefos
Stargazers Ghost Network
Atlantida Lumma Stealer RedLine Stealer Rhadamanthys RisePro Stargazer Goblin
2024-07-14Medium b.magnezi0xMrMagnezi
Malware Analysis - Rhadamanthys
Rhadamanthys
2024-07-09SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update January to June 2024
Coper FluBot Hook Bashlite Mirai FAKEUPDATES AsyncRAT BianLian Cobalt Strike DCRat Havoc NjRAT QakBot Quasar RAT RedLine Stealer Remcos Rhadamanthys RisePro Sliver
2024-05-11Purple Team Security Research
Russian APT deploys new 'Kapeka' backdoor in Eastern European attacks
Kapeka
2024-04-29ThreatMonKerime Gencay, MalwareR&DTeam
Understanding the 'Kapeka' Backdoor: Detailed Analysis by APT44
Kapeka
2024-04-19Cert-UACert-UA
UAC-0133 (Sandworm) plans for cyber sabotage on almost 20 objects of critical infrastructure of Ukraine
Kapeka reGeorg
2024-04-17WithSecureMohammad Kazem Hassan Nejad
KAPEKA A novel backdoor spotted in Eastern Europe
Kapeka
2024-04-16MandiantAlden Wahlstrom, Anton Prokopenkov, Dan Black, Dan Perez, Gabby Roncone, John Wolfram, Lexie Aytes, Nick Simonian, Ryan Hall, Tyler McLellan
APT44: Unearthing Sandworm
VPNFilter BlackEnergy CaddyWiper EternalPetya HermeticWiper Industroyer INDUSTROYER2 Olympic Destroyer PartyTicket RoarBAT Sandworm
2024-04-15UC Santa CruzAlonso Rojas, Alvaro A. Cardenas, Bing Huang, Emmanuele Zambon, Juan Lozano, Keerthi Koneru, Luis Salazar, Marina Krotofil, Ross Baldick, Sebastian R. Castro
A Tale of Two Industroyers: It was the Season of Darkness
Industroyer INDUSTROYER2
2024-04-10ProofpointSelena Larson, Tommy Madjar
Security Brief: TA547 Targets German Organizations with Rhadamanthys Stealer
Rhadamanthys
2024-01-12SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update Q4 2023
FluBot Hook FAKEUPDATES AsyncRAT BianLian Cobalt Strike DCRat Havoc IcedID Lumma Stealer Meterpreter NjRAT Pikabot QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver
2023-12-14Checkpointhasherezade
Rhadamanthys v0.5.0 – A Deep Dive into the Stealer’s Components
Rhadamanthys
2023-11-09MandiantChris Sistrunk, Daniel Kapellmann Zafra, Jared Wilson, John Wolfram, Keith Lunden, Ken Proska, Nathan Brubaker, Tyler McLellan
Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology
CaddyWiper
2023-10-27ElasticJoe Desimone, Salim Bitam
GHOSTPULSE haunts victims using defense evasion bag o' tricks
HijackLoader Lumma Stealer NetSupportManager RAT Rhadamanthys SectopRAT Vidar
2023-10-12SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update Q3 2023
FluBot AsyncRAT Ave Maria Cobalt Strike DCRat Havoc IcedID ISFB Nanocore RAT NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Stealc Tofsee Vidar
2023-10-03Outpost24David Catalan
Rhadamanthys malware analysis: How infostealers use VMs to avoid analysis
Rhadamanthys
2023-09-25EchoCTIBilal BAKARTEPE, bixploit
Rhdamanthys Technical Analysis Report
Rhadamanthys
2023-08-31Checkpointhasherezade
From Hidden Bee to Rhadamanthys - The Evolution of Custom Executable Formats
Hidden Bee Rhadamanthys
2023-07-12MandiantDan Black, Gabby Roncone
The GRU's Disruptive Playbook
CaddyWiper INDUSTROYER2 XakNet
2023-07-11SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update Q2 2023
Hydra AsyncRAT Aurora Stealer Ave Maria BumbleBee Cobalt Strike DCRat Havoc IcedID ISFB NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee
2023-06-15eSentireRussianPanda
eSentire Threat Intelligence Malware Analysis: Resident Campaign
Cobalt Strike Resident Rhadamanthys WarmCookie
2023-05-16SecureworksCounter Threat Unit ResearchTeam
The Growing Threat from Infostealers
Graphiron GraphSteel Raccoon RedLine Stealer Rhadamanthys Taurus Stealer Vidar
2023-05-04SOCRadarSOCRadar
Sandworm Attackers Use WinRAR to Wipe Data from Government Devices
RoarBAT
2023-04-19GoogleBilly Leonard, Google Threat Analysis Group
Ukraine remains Russia’s biggest cyber focus in 2023
Rhadamanthys
2023-04-18MandiantMandiant
M-Trends 2023
QUIETEXIT AppleJeus Black Basta BlackCat CaddyWiper Cobalt Strike Dharma HermeticWiper Hive INDUSTROYER2 Ladon LockBit Meterpreter PartyTicket PlugX QakBot REvil Royal Ransom SystemBC WhisperGate
2023-04-12SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update Q1 2023
FluBot Amadey AsyncRAT Aurora Ave Maria BumbleBee Cobalt Strike DCRat Emotet IcedID ISFB NjRAT QakBot RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee Vidar
2023-03-27Check Point ResearchCheckpoint Research
Rhadamanthys: The “Everything Bagel” Infostealer
Rhadamanthys
2023-03-15MicrosoftMicrosoft Threat Intelligence
A year of Russian hybrid warfare in Ukraine
CaddyWiper DesertBlade DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper PartyTicket SwiftSlicer WhisperGate
2023-02-21ZscalerNikolaos Pantazopoulos, Sarthak Misraa
Technical Analysis of Rhadamanthys Obfuscation Techniques
Rhadamanthys
2023-02-15GoogleGoogle Threat Analysis Group, Mandiant
Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape
CaddyWiper Dharma HermeticWiper INDUSTROYER2 PartyTicket WhisperGate Callisto Curious Gorge MUSTANG PANDA Turla
2023-01-29AcronisIlan Duhin
Petya/Not Petya Ransomware Analysis
EternalPetya
2023-01-27ESET ResearchESET Research
SwiftSlicer: New destructive wiper malware strikes Ukraine
SwiftSlicer
2023-01-27ESET ResearchESET Research
Tweets on SwiftSlicer
SwiftSlicer
2023-01-27Cert-UACert-UA
Cyber attack on the Ukrinform information and communication system
CaddyWiper
2023-01-24FortinetGeri Revay
The Year of the Wiper
Azov Wiper Bruh Wiper CaddyWiper Cobalt Strike Vidar
2023-01-16Medium elis531989Eli Salem
Dancing With Shellcodes: Analyzing Rhadamanthys Stealer
Rhadamanthys
2023-01-12CybleincCyble
Rhadamanthys: New Stealer Spreading Through Google Ads
Rhadamanthys
2023-01-03Malware Traffic AnalysisBrad Duncan
2023-01-03 (TUESDAY) - GOOGLE AD --> FAKE NOTPAD++ PAGE --> RHADAMANTHYS STEALER
Rhadamanthys
2022-12-05AccenturePaul Mansfield, Thomas Willkan
Popularity spikes for information stealer malware on the dark web
MetaStealer Rhadamanthys
2022-12-03MicrosoftCliff Watts
Preparing for a Russian cyber offensive against Ukraine this winter
CaddyWiper HermeticWiper Prestige
2022-11-18Atlantic CouncilJustin Sherman
GRU 26165: The Russian cyber unit that hacks targets on-site
EternalPetya
2022-10-31The RecordAlexander Martin
Mondelez and Zurich reach settlement in NotPetya cyberattack insurance suit
EternalPetya
2022-10-24Youtube (Virus Bulletin)Alexander Adamov
Russian wipers in the cyberwar against Ukraine
AcidRain CaddyWiper DesertBlade DoubleZero EternalPetya HermeticWiper HermeticWizard INDUSTROYER2 IsaacWiper KillDisk PartyTicket WhisperGate
2022-10-06ThreatMonThreatMon Malware Research Team
Rhadamanthys Stealer Analysis
Rhadamanthys
2022-09-26CrowdStrikeIoan Iacob, Iulian Madalin Ionita
The Anatomy of Wiper Malware, Part 3: Input/Output Controls
CaddyWiper DEADWOOD DistTrack DoubleZero DUSTMAN HermeticWiper IsaacWiper Meteor Petya Sierra(Alfa,Bravo, ...) StoneDrill WhisperGate ZeroCleare
2022-09-23MandiantMandiant Intelligence
GRU: Rise of the (Telegram) MinIOns
ArguePatch CaddyWiper XakNet
2022-08-18TrustwavePawel Knapczyk
Overview of the Cyber Weapons Used in the Ukraine - Russia War
AcidRain CaddyWiper Cobalt Strike CredoMap DCRat DoubleZero GraphSteel GrimPlant HermeticWiper INDUSTROYER2 InvisiMole IsaacWiper PartyTicket
2022-08-18TrustwavePawel Knapczyk
Overview of the Cyber Weapons Used in the Ukraine - Russia War
AcidRain CaddyWiper Cobalt Strike CredoMap DCRat DoubleZero GraphSteel GrimPlant HermeticWiper INDUSTROYER2 InvisiMole IsaacWiper PartyTicket
2022-08-12CrowdStrikeIoan Iacob, Iulian Madalin Ionita
The Anatomy of Wiper Malware, Part 1: Common Techniques
Apostle CaddyWiper DEADWOOD DistTrack DoubleZero DUSTMAN HermeticWiper IsaacWiper IsraBye KillDisk Meteor Olympic Destroyer Ordinypt Petya Sierra(Alfa,Bravo, ...) StoneDrill WhisperGate ZeroCleare
2022-06-23splunkSplunk Threat Research Team
Threat Update: Industroyer2
INDUSTROYER2
2022-05-31NOZOMI Network LabsGiannis Tsaraias, Ivan Speziale
Industroyer vs. Industroyer2: Evolution of the IEC 104 Component
INDUSTROYER2
2022-05-18ntopntop
How ntopng monitors IEC 60870-5-104 traffic
INDUSTROYER2
2022-05-12BlackberryThe BlackBerry Research & Intelligence Team
Threat Thursday: Malware Rebooted - How Industroyer2 Takes Aim at Ukraine Infrastructure
INDUSTROYER2
2022-05-09cocomelonccocomelonc
Malware development: persistence - part 4. Windows services. Simple C++ example.
Anchor AppleJeus Attor BBSRAT BlackEnergy Carbanak Cobalt Strike DuQu
2022-05-02AT&TFernando Martinez
Analysis on recent wiper attacks: examples and how wiper malware works
AcidRain CaddyWiper DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper
2022-04-28FortinetGergely Revay
An Overview of the Increasing Wiper Malware Threat
AcidRain CaddyWiper DistTrack DoubleZero EternalPetya HermeticWiper IsaacWiper Olympic Destroyer Ordinypt WhisperGate ZeroCleare
2022-04-27Nozomi NetworksNozomi Networks Labs
Industroyer2: Nozomi Networks Labs Analyzes the IEC 104 Payload
INDUSTROYER2
2022-04-27MicrosoftMicrosoft Digital Security Unit (DSU)
Special Report: Ukraine An overview of Russia’s cyberattack activity in Ukraine
CaddyWiper DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper PartyTicket WhisperGate
2022-04-25MandiantChris Sistrunk, Corey Hildebrandt, Daniel Kapellmann Zafra, Keith Lunden, Ken Proska, Nathan Brubaker, Raymond Leong
INDUSTROYER.V2: Old Malware Learns New Tricks
INDUSTROYER2
2022-04-25NetresecErik Hjelmvik
Industroyer2 IEC-104 Analysis
INDUSTROYER2
2022-04-23Stranded on Pylos BlogJoe Slowik
Industroyer2 in Perspective
INDUSTROYER2
2022-04-20CISAAustralian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), CISA, FBI, Government Communications Security Bureau, National Crime Agency (NCA), NCSC UK, NSA
AA22-110A Joint CSA: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure
VPNFilter BlackEnergy DanaBot DoppelDridex Emotet EternalPetya GoldMax Industroyer Sality SmokeLoader TrickBot Triton Zloader
2022-04-20CISACISA
Alert (AA22-110A): Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure
VPNFilter BlackEnergy DanaBot DoppelDridex Emotet EternalPetya GoldMax Industroyer Sality SmokeLoader TrickBot Triton Zloader Killnet
2022-04-20cocomelonccocomelonc
Malware development: persistence - part 1. Registry run keys. C++ example.
Agent Tesla Amadey BlackEnergy Cobian RAT COZYDUKE Emotet Empire Downloader Kimsuky
2022-04-14SCADAfenceMaayan Fishelov
Industroyer2: ICS Networks need to heighten vigilance - SCADAfence
INDUSTROYER2
2022-04-12Max Kersten's BlogMax Kersten
Ghidra script to handle stack strings
CaddyWiper PlugX
2022-04-12ESET ResearchESET Research
Industroyer2: Industroyer reloaded
ArguePatch CaddyWiper Industroyer INDUSTROYER2
2022-04-12Twitter (@silascutler)Silas Cutler
Tweet on analysis of CADDYWIPER used alongside with INDUSTROYER2
CaddyWiper INDUSTROYER2
2022-04-12Cert-UACert-UA
Cyberattack of Sandworm Group (UAC-0082) on energy facilities of Ukraine using malicious programs INDUSTROYER2 and CADDYWIPER (CERT-UA # 4435)
CaddyWiper Industroyer INDUSTROYER2
2022-04-12ESET ResearchESET Ireland
Industroyer2: Industroyer reloaded
CaddyWiper INDUSTROYER2
2022-04-05MorphisecMichael Dereviashkin
New Analysis: The CaddyWiper Malware Attacking Ukraine
CaddyWiper
2022-04-01splunkSplunk Threat Research Team
Threat Update: CaddyWiper
CaddyWiper
2022-03-31eSentireeSentire Threat Response Unit (TRU)
eSentire Threat Intelligence Malware Analysis: CaddyWiper
CaddyWiper
2022-03-26n0p BlogAli Mosajjal
Analysis of a Caddy Wiper Sample Targeting Ukraine
CaddyWiper
2022-03-25GOV.UAState Service of Special Communication and Information Protection of Ukraine (CIP)
Who is behind the Cyberattacks on Ukraine's Critical Information Infrastructure: Statistics for March 15-22
Xloader Agent Tesla CaddyWiper Cobalt Strike DoubleZero GraphSteel GrimPlant HeaderTip HermeticWiper IsaacWiper MicroBackdoor Pandora RAT
2022-03-24NextGovBrandi Vincent
Ukrainian Cyber Lead Says ‘At Least 4 Types of Malware’ in Use to Target Critical Infrastructure and Humanitarian Aid
CaddyWiper DoubleZero HermeticWiper IsaacWiper
2022-03-18MalwarebytesThreat Intelligence Team
Double header: IsaacWiper and CaddyWiper
CaddyWiper IsaacWiper
2022-03-17NioGuardNioGuard Security Lab
Analysis of CaddyWiper
CaddyWiper
2022-03-16Cyber Security NewsGurubaran
Destructive Data Wiper Malware Targeting high-profile Ukrainian Organizations
CaddyWiper
2022-03-15ESET ResearchESET Research
CaddyWiper: New wiper malware discovered in Ukraine
CaddyWiper
2022-03-15SecurityAffairsPierluigi Paganini
CaddyWiper, a new data wiper hits Ukraine
CaddyWiper
2022-03-15Twitter (@HackNPatch)HackNPatch
Tweet on Exploring CaddyWiper API resolution
CaddyWiper
2022-03-15TRUESECNicklas Keijser
Analysis of CaddyWiper, wiper targeting Ukraine
CaddyWiper
2022-03-15SecurityIntelligenceChristopher Del Fierro, John Dwyer
CaddyWiper: Third Wiper Malware Targeting Ukrainian Organizations
CaddyWiper
2022-03-15CiscoCisco Talos
Threat Advisory: CaddyWiper
CaddyWiper
2022-03-15The Hacker NewsRavie Lakshmanan
CaddyWiper: Yet Another Data Wiping Malware Targeting Ukrainian Networks
CaddyWiper
2022-03-14CybernewsJurgita Lapienytė
New destructive wiper malware deployed in Ukraine
CaddyWiper
2022-03-14Twitter (@ESETresearch)ESET Research
Tweet on CaddyWiper as 3rd destructive wiper found deployed against Ukraine
CaddyWiper Sunglow Blizzard
2022-03-14Bleeping ComputerSergiu Gatlan
New CaddyWiper data wiping malware hits Ukrainian networks
CaddyWiper
2022-03-01Marco Ramilli's BlogMarco Ramilli
DiskKill/HermeticWiper and NotPetya (Dis)similarities
EternalPetya HermeticWiper
2022-02-28MicrosoftMSRC Team
Cyber threat activity in Ukraine: analysis and resources
CaddyWiper DesertBlade DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper PartyTicket WhisperGate DEV-0586
2022-02-25CyberPeace Institute
UKRAINE: Timeline of Cyberattacks
VPNFilter EternalPetya HermeticWiper WhisperGate
2022-02-24TalosMitch Neff
Threat Advisory: Current executive guidance for ongoing cyberattacks in Ukraine
VPNFilter EternalPetya
2022-02-24TesorionTESORION
Report OSINT: Russia/ Ukraine Conflict Cyberaspect
Mirai VPNFilter BlackEnergy EternalPetya HermeticWiper Industroyer WhisperGate
2022-02-24nvisoMichel Coene
Threat Update – Ukraine & Russia conflict
EternalPetya GreyEnergy HermeticWiper Industroyer KillDisk WhisperGate
2022-02-23ISTARIManuel Hepfer
Re-cap: The Untold Story of NotPetya, The Most Devastating Cyberattack in History
EternalPetya
2021-09-09Recorded FutureInsikt Group
Dark Covenant: Connections Between the Russian State and Criminal Actors
BlackEnergy EternalPetya Gameover P2P Zeus
2021-08-05SymantecThreat Hunter Team
Attacks Against Critical Infrastructure: A Global Concern
BlackEnergy DarkSide DistTrack Stuxnet
2021-07-27BlackberryBlackBerry Research & Intelligence Team
Old Dogs New Tricks: Attackers Adopt Exotic Programming Languages
elf.wellmess ElectroRAT BazarNimrod Buer Cobalt Strike Remcos Snake TeleBot WellMess Zebrocy
2021-05-31WiredAndy Greenberg
Hacker Lexicon: What Is a Supply Chain Attack?
EternalPetya SUNBURST
2021-04-29The Institute for Security and TechnologyThe Institute for Security and Technology
Combating Ransomware A Comprehensive Framework for Action: Key Recommendations from the Ransomware Task Force
Conti EternalPetya
2020-12-21IronNetAdam Hlavek, Kimberly Ortiz
Russian cyber attack campaigns and actors
WellMail elf.wellmess Agent.BTZ BlackEnergy EternalPetya Havex RAT Industroyer Ryuk Triton WellMess
2020-11-04Stranded on Pylos BlogJoe Slowik
The Enigmatic Energetic Bear
EternalPetya Havex RAT
2020-10-19UK GovernmentDominic Raab, ForeignCommonwealth & Development Office
UK exposes series of Russian cyber attacks against Olympic and Paralympic Games
VPNFilter BlackEnergy EternalPetya Industroyer
2020-10-19WiredAndy Greenberg
US Indicts Sandworm, Russia's Most Destructive Cyberwar Unit
EternalPetya Olympic Destroyer
2020-10-19CyberScoopTim Starks
US charges Russian GRU officers for NotPetya, other major hacks
EternalPetya
2020-10-19Riskint BlogCurtis
Revisited: Fancy Bear's New Faces...and Sandworms' too
BlackEnergy EternalPetya Industroyer Olympic Destroyer
2020-08-29AguinetAdrien Guinet
Emulating NotPetya bootloader with Miasm
EternalPetya
2020-07-29Kaspersky LabsGReAT
APT trends report Q2 2020
PhantomLance Dacls Penquin Turla elf.wellmess AppleJeus Dacls AcidBox Cobalt Strike Dacls EternalPetya Godlike12 Olympic Destroyer PlugX shadowhammer ShadowPad Sinowal VHD Ransomware Volgmer WellMess X-Agent XTunnel
2020-07-29Atlantic CouncilJune Lee, Stewart Scott, Trey Herr, William Loomis
BREAKING TRUST: Shades of Crisis Across an Insecure Software Supply Chain
EternalPetya GoldenSpy Kwampirs Stuxnet
2020-06-21GVNSHTNGavin Ashton
Maersk, me & notPetya
EternalPetya
2020-06-09Kaspersky LabsCostin Raiu
Looking at Big Threats Using Code Similarity. Part 1
Penquin Turla CCleaner Backdoor EternalPetya Regin WannaCryptor XTunnel
2020-05-21PICUS SecuritySüleyman Özarslan
T1055 Process Injection
BlackEnergy Cardinal RAT Downdelph Emotet Kazuar RokRAT SOUNDBITE
2020-03-05MicrosoftMicrosoft Threat Protection Intelligence Team
Human-operated ransomware attacks: A preventable disaster
Dharma DoppelPaymer Dridex EternalPetya Gandcrab Hermes LockerGoga MegaCortex MimiKatz REvil RobinHood Ryuk SamSam TrickBot WannaCryptor PARINACOTA
2020-01-01SecureworksSecureWorks
IRON VIKING
BlackEnergy EternalPetya GreyEnergy Industroyer KillDisk TeleBot TeleDoor
2019-08-01Kaspersky LabsGReAT
APT trends report Q2 2019
ZooPark magecart POWERSTATS Chaperone COMpfun EternalPetya FinFisher RAT HawkEye Keylogger HOPLIGHT Microcin NjRAT Olympic Destroyer PLEAD RokRAT Triton Zebrocy
2019-05-08Verizon Communications Inc.Verizon Communications Inc.
2019 Data Breach Investigations Report
BlackEnergy Cobalt Strike DanaBot Gandcrab GreyEnergy Mirai Olympic Destroyer SamSam
2019-03-11PacktMelissa Dsouza
Resecurity reports ‘IRIDUIM’ behind Citrix data breach, 200+ government agencies, oil and gas companies, and technology companies also targeted.
IRIDIUM
2019-03-11ThreatpostTara Seals
Researcher Claims Iranian APT Behind 6TB Data Heist at Citrix
IRIDIUM
2019-03-08NBCCourtney Kube, Dan De Luce
Iranian-backed hackers stole data from major U.S. government contractor
IRIDIUM
2019-01-18Mark Edmondson
BLACK ENERGY – Analysis
BlackEnergy
2018-10-11ESET ResearchAnton Cherepanov, Robert Lipovsky
New TeleBots backdoor: First evidence linking Industroyer to NotPetya
Exaramel EternalPetya Exaramel Industroyer
2018-08-22WiredAndy Greenberg
The Untold Story of NotPetya, the Most Devastating Cyberattack in History
EternalPetya
2018-01-13The Washington PostEllen Nakashima
Russian military was behind ‘NotPetya’ cyberattack in Ukraine, CIA concludes
EternalPetya
2017-10-27F-SecureF-Secure Global
The big difference with Bad Rabbit
EternalPetya
2017-10-26FireEyeBarry Vengerik, Ben Read, Brian Mordosky, Christopher Glyer, Ian Ahl, Matt Williams, Michael Matonis, Nick Carr
BACKSWING - Pulling a BADRABBIT Out of a Hat
EternalPetya
2017-10-26Reversing LabsNone
ReversingLabs' YARA rule detects BadRabbit encryption routine specifics
EternalPetya
2017-10-25RiskIQYonathan Klijnsma
Down the Rabbit Hole: Tracking the BadRabbit Ransomware to a Long Ongoing Campaign of Target Selection
EternalPetya
2017-10-24Kaspersky LabsAnton Ivanov, Fedor Sinitsyn, Orkhan Mamedov
Bad Rabbit ransomware
EternalPetya
2017-10-24WiredAndy Greenberg
New Ransomware Linked to NotPetya Sweeps Russia and Ukraine
EternalPetya
2017-10-24ESET ResearchMarc-Etienne M.Léveillé
Bad Rabbit: Not‑Petya is back with improved ransomware
EternalPetya
2017-10-24IntezerJay Rosenberg
NotPetya Returns as Bad Rabbit
EternalPetya
2017-10-24Cisco TalosNick Biasini
Threat Spotlight: Follow the Bad Rabbit
EternalPetya
2017-10-24ESET ResearchEditor
Kiev metro hit with a new variant of the infamous Diskcoder ransomware
EternalPetya
2017-09-19NCC GroupOllie Whitehouse
EternalGlue part one: Rebuilding NotPetya to assess real-world resilience
EternalPetya
2017-09-18ThreatConnectPaul Vann
Casting a Light on BlackEnergy
BlackEnergy
2017-08-24ESET ResearchMarc-Etienne M.Léveillé
Bad Rabbit: Not‑Petya is back with improved ransomware
EternalPetya Sandworm
2017-08-11ThreatpostTom Spring
Ukrainian Man Arrested, Charged in NotPetya Distribution
EternalPetya
2017-07-14MalwarebytesMalwarebytes Labs
Keeping up with the Petyas: Demystifying the malware family
EternalPetya GoldenEye PetrWrap Petya
2017-07-05Cisco TalosAleksandar Nikolic, David Maynor, Matt Olney, Yves Younan
The MeDoc Connection
TeleDoor
2017-07-04KasperskyAnton Ivanov, Orkhan Mamedov
In ExPetr/Petya’s shadow, FakeCry ransomware wave hits Ukraine
EternalPetya FakeCry
2017-07-04ESET ResearchAnton Cherepanov
Analysis of TeleBots’ cunning backdoor
TeleDoor
2017-07-03CrowdStrikeKaran Sood, Shaun Hurley
NotPetya Technical Analysis Part II: Further Findings and Potential for MBR Recovery
EternalPetya
2017-07-03ESET ResearchAnton Cherepanov, Robert Lipovsky
BlackEnergy – what we really know about the notorious cyber attacks
BlackEnergy
2017-07-03G DataG Data
Who is behind Petna?
EternalPetya
2017-07-03The GuardianAlex Hern
'NotPetya' malware attacks could warrant retaliation, says Nato affiliated-researcher
EternalPetya
2017-06-30MalwarebytesMalwarebytes Labs
EternalPetya – yet another stolen piece in the package?
EternalPetya
2017-06-30ESET ResearchAnton Cherepanov
TeleBots are back: Supply‑chain attacks against Ukraine
TeleBot Sandworm
2017-06-30ESET ResearchAnton Cherepanov
TeleBots are back: Supply‑chain attacks against Ukraine
EternalPetya
2017-06-30Kaspersky LabsGReAT
From BlackEnergy to ExPetr
EternalPetya
2017-06-29MalwarebytesMalwarebytes Labs
EternalPetya and the lost Salsa20 key
EternalPetya
2017-06-29Robert Graham
NonPetya: no evidence it was a "smokescreen"
EternalPetya
2017-06-29Bleeping ComputerCatalin Cimpanu
Ransomware Attacks Continue in Ukraine with Mysterious WannaCry Clone
EternalPetya
2017-06-29MicrosoftMicrosoft Defender ATP Research Team
Windows 10 platform resilience against the Petya ransomware attack
EternalPetya
2017-06-28hacks4pancakes
Why NotPetya Kept Me Awake (& You Should Worry Too)
EternalPetya
2017-06-28Kaspersky LabsAnton Ivanov, Orkhan Mamedov
ExPetr/Petya/NotPetya is a Wiper, Not Ransomware
EternalPetya
2017-06-28CrowdStrikeFalcon Intelligence Team
CrowdStrike Protects Against NotPetya Attack
EternalPetya
2017-06-27SANSBrad Duncan
Checking out the new Petya variant
EternalPetya
2017-06-27Kaspersky LabsGReAT
Schroedinger’s Pet(ya)
EternalPetya
2017-06-27Medium thegrugqthegrugq
Pnyetya: Yet Another Ransomware Outbreak
EternalPetya
2017-06-27ESET ResearchEditor
New WannaCryptor‑like ransomware attack hits globally: All you need to know
EternalPetya Sandworm
2017-05-31MITREMITRE ATT&CK
Sandworm Team
CyclopsBlink Exaramel BlackEnergy EternalPetya Exaramel GreyEnergy KillDisk MimiKatz Olympic Destroyer Sandworm
2017-01-05ESET ResearchPeter Kálnai, Robert Lipovsky
KillDisk now targeting Linux: Demands $250K ransom, but can’t decrypt
KillDisk Sandworm
2016-12-13ESET ResearchAnton Cherepanov
The rise of TeleBots: Analyzing disruptive KillDisk attacks
KillDisk TeleBot Sandworm
2016-12-13ESET ResearchAnton Cherepanov
The rise of TeleBots: Analyzing disruptive KillDisk attacks
Credraptor KillDisk TeleBot
2016-01-28Kaspersky LabsGReAT
BlackEnergy APT Attacks in Ukraine employ spearphishing with Word documents
BlackEnergy
2015-02-17Kaspersky LabsKurt Baumgartner, Maria Garnaeva
BE2 extraordinary plugins, Siemens targeting, dev fails
BlackEnergy
2014-11-03Kaspersky LabsKurt Baumgartner, Maria Garnaeva
BE2 custom plugins, router abuse, and target profiles
BlackEnergy
2014-10-14ESET ResearchRobert Lipovsky
CVE‑2014‑4114: Details on August BlackEnergy PowerPoint Campaigns
BlackEnergy
2010-07-15Kaspersky LabsDmitry Tarakanov
Black DDoS
BlackEnergy
2010-03-03FireEyeJulia Wolf
Black Energy Crypto
BlackEnergy
2010-03-03SecureworksJoe Stewart
BlackEnergy Version 2 Threat Analysis
BlackEnergy
2007-10-01Arbor NetworksJose Nazario
BlackEnergy DDoS Bot Analysis
BlackEnergy

Credits: MISP Project