SYMBOLCOMMON_NAMEaka. SYNONYMS

Poseidon Group  (Back to overview)

aka: G0033

Poseidon Group is a Portuguese-speaking threat group that has been active since at least 2005. The group has a history of using information exfiltrated from victims to blackmail victim companies into contracting the Poseidon Group as a security firm.


Associated Families
win.makadocs

References
2021MITRE
@online{mitre:2021:groups:35abb07, author = {MITRE}, title = {{Groups Overview of MITRE}}, date = {2021}, url = {https://attack.mitre.org/wiki/Groups}, language = {English}, urldate = {2021-07-26} } Groups Overview of MITRE
DragonOK Poseidon Group Scarlet Mimic
2019-08-12Kindred SecurityKindred Security
@online{security:20190812:overview:0726c0a, author = {Kindred Security}, title = {{An Overview of Public Platform C2’s}}, date = {2019-08-12}, organization = {Kindred Security}, url = {https://kindredsec.wordpress.com/2019/08/12/an-overview-of-public-platform-c2s/}, language = {English}, urldate = {2021-07-20} } An Overview of Public Platform C2’s
HTML5 Encoding LOWBALL Makadocs MiniDuke RogueRobinNET RokRAT
2019-05-20Youtube (Kaspersky)Costin Raiu, Vitaly Kamluk
@online{raiu:20190520:operation:fc54347, author = {Costin Raiu and Vitaly Kamluk}, title = {{Operation ShadowHammer: Costin Raiu and Vitaly Kamlyuk at #TheSAS2019}}, date = {2019-05-20}, organization = {Youtube (Kaspersky)}, url = {https://www.youtube.com/watch?v=T5wPwvLrBYU}, language = {English}, urldate = {2021-07-20} } Operation ShadowHammer: Costin Raiu and Vitaly Kamlyuk at #TheSAS2019
DragonOK Poseidon Group Scarlet Mimic
2019MITREMITRE ATT&CK
@online{attck:2019:poseidon:9c4e9d2, author = {MITRE ATT&CK}, title = {{Group description: Poseidon Group}}, date = {2019}, organization = {MITRE}, url = {https://attack.mitre.org/groups/G0033/}, language = {English}, urldate = {2019-12-20} } Group description: Poseidon Group
Poseidon Group
2016-02-09Kaspersky LabsGReAT
@online{great:20160209:poseidon:61725f7, author = {GReAT}, title = {{Poseidon Group: a Targeted Attack Boutique specializing in global cyber-espionage}}, date = {2016-02-09}, organization = {Kaspersky Labs}, url = {https://securelist.com/poseidon-group-a-targeted-attack-boutique-specializing-in-global-cyber-espionage/73673/}, language = {English}, urldate = {2019-12-20} } Poseidon Group: a Targeted Attack Boutique specializing in global cyber-espionage
Poseidon Group
2012-12-07Contagio DumpMila Parkour
@online{parkour:20121207:nov:c57f8ac, author = {Mila Parkour}, title = {{Nov 2012 - Backdoor.W32.Makadocs Sample}}, date = {2012-12-07}, organization = {Contagio Dump}, url = {http://contagiodump.blogspot.com/2012/12/nov-2012-backdoorw32makadocs-sample.html}, language = {English}, urldate = {2019-12-20} } Nov 2012 - Backdoor.W32.Makadocs Sample
Makadocs
2012-11-16SymantecTakashi Katsuki
@online{katsuki:20121116:malware:9268919, author = {Takashi Katsuki}, title = {{Malware Targeting Windows 8 Uses Google Docs}}, date = {2012-11-16}, organization = {Symantec}, url = {https://www.symantec.com/connect/blogs/malware-targeting-windows-8-uses-google-docs}, language = {English}, urldate = {2020-01-10} } Malware Targeting Windows 8 Uses Google Docs
Makadocs

Credits: MISP Project