aka: TEMP.Beanie, Operation Woolen Goldfish, Operation Woolen-Goldfish, Thamar Reservoir, Timberworm
Targets Saudi Arabia, Israel, US, Iran, high ranking defense officials, embassies of various target countries, notable Iran researchers, human rights activists, media and journalists, academic institutions and various scholars, including scientists in the fields of physics and nuclear sciences.
2023-01-04 ⋅ K7 Security ⋅ Saikumaravel
@online{saikumaravel:20230104:pupy:f6eacce,
author = {Saikumaravel},
title = {{Pupy RAT hiding under WerFault’s cover}},
date = {2023-01-04},
organization = {K7 Security},
url = {https://labs.k7computing.com/index.php/pupy-rat-hiding-under-werfaults-cover/},
language = {English},
urldate = {2023-01-05}
}
Pupy RAT hiding under WerFault’s cover
pupy |
2022-09-26 ⋅ CrowdStrike ⋅ Ioan Iacob, Iulian Madalin Ionita
@online{iacob:20220926:anatomy:248e6ff,
author = {Ioan Iacob and Iulian Madalin Ionita},
title = {{The Anatomy of Wiper Malware, Part 3: Input/Output Controls}},
date = {2022-09-26},
organization = {CrowdStrike},
url = {https://www.crowdstrike.com/blog/the-anatomy-of-wiper-malware-part-3/},
language = {English},
urldate = {2022-09-29}
}
The Anatomy of Wiper Malware, Part 3: Input/Output Controls
CaddyWiper DEADWOOD DistTrack DoubleZero DUSTMAN HermeticWiper IsaacWiper Meteor Petya Sierra(Alfa,Bravo, ...) StoneDrill WhisperGate ZeroCleare |
2022-08-12 ⋅ CrowdStrike ⋅ Ioan Iacob, Iulian Madalin Ionita
@online{iacob:20220812:anatomy:b13ce32,
author = {Ioan Iacob and Iulian Madalin Ionita},
title = {{The Anatomy of Wiper Malware, Part 1: Common Techniques}},
date = {2022-08-12},
organization = {CrowdStrike},
url = {https://www.crowdstrike.com/blog/the-anatomy-of-wiper-malware-part-1/},
language = {English},
urldate = {2023-01-19}
}
The Anatomy of Wiper Malware, Part 1: Common Techniques
Apostle CaddyWiper DEADWOOD DistTrack DoubleZero DUSTMAN HermeticWiper IsaacWiper IsraBye KillDisk Meteor Olympic Destroyer Ordinypt Petya Sierra(Alfa,Bravo, ...) StoneDrill WhisperGate ZeroCleare |
2022-06-20 ⋅ Infinitum IT ⋅ infinitum IT
@online{it:20220620:charming:b356ff2,
author = {infinitum IT},
title = {{Charming Kitten (APT35)}},
date = {2022-06-20},
organization = {Infinitum IT},
url = {https://www.infinitumit.com.tr/apt-35/},
language = {Turkish},
urldate = {2022-06-22}
}
Charming Kitten (APT35)
LaZagne DownPaper MimiKatz pupy |
2022-06-15 ⋅ Volexity ⋅ Steven Adair, Thomas Lancaster, Volexity Threat Research
@online{adair:20220615:driftingcloud:58322a8,
author = {Steven Adair and Thomas Lancaster and Volexity Threat Research},
title = {{DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach}},
date = {2022-06-15},
organization = {Volexity},
url = {https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/},
language = {English},
urldate = {2022-06-17}
}
DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach
pupy Sliver |
2022-05-23 ⋅ Trend Micro ⋅ Daniel Lunghi, Jaromír Hořejší
@techreport{lunghi:20220523:operation:e3c402b,
author = {Daniel Lunghi and Jaromír Hořejší},
title = {{Operation Earth Berberoka}},
date = {2022-05-23},
institution = {Trend Micro},
url = {https://documents.trendmicro.com/assets/white_papers/wp-operation-earth-berberoka.pdf},
language = {English},
urldate = {2022-07-25}
}
Operation Earth Berberoka
reptile oRAT Ghost RAT PlugX pupy Earth Berberoka |
2022-04-28 ⋅ Fortinet ⋅ Gergely Revay
@online{revay:20220428:overview:0ac963f,
author = {Gergely Revay},
title = {{An Overview of the Increasing Wiper Malware Threat}},
date = {2022-04-28},
organization = {Fortinet},
url = {https://www.fortinet.com/blog/threat-research/the-increasing-wiper-malware-threat},
language = {English},
urldate = {2022-04-29}
}
An Overview of the Increasing Wiper Malware Threat
AcidRain CaddyWiper DistTrack DoubleZero EternalPetya HermeticWiper IsaacWiper Olympic Destroyer Ordinypt WhisperGate ZeroCleare |
2022-04-27 ⋅ Trendmicro ⋅ Trendmicro
@online{trendmicro:20220427:iocs:b6d7ab5,
author = {Trendmicro},
title = {{IOCs for Earth Berberoka - Linux}},
date = {2022-04-27},
organization = {Trendmicro},
url = {https://documents.trendmicro.com/assets/txt/earth-berberoka-linux-iocs-2.txt},
language = {English},
urldate = {2022-07-25}
}
IOCs for Earth Berberoka - Linux
Rekoobe pupy Earth Berberoka |
2022-03-30 ⋅ Recorded Future ⋅ Insikt Group
@techreport{group:20220330:social:e36c4e5,
author = {Insikt Group},
title = {{Social Engineering Remains Key Tradecraft for Iranian APTs}},
date = {2022-03-30},
institution = {Recorded Future},
url = {https://go.recordedfuture.com/hubfs/reports/cta-2022-0330.pdf},
language = {English},
urldate = {2022-04-05}
}
Social Engineering Remains Key Tradecraft for Iranian APTs
Liderc pupy |
2022-03-08 ⋅ Cylera ⋅ Cylera
@techreport{cylera:20220308:link:2b7c36f,
author = {Cylera},
title = {{The link between Kwampirs (Orangeworm) and Shamoon APTs}},
date = {2022-03-08},
institution = {Cylera},
url = {https://resources.cylera.com/hubfs/Cylera%20Labs/Cylera%20Labs%20Kwampirs%20Shamoon%20Technical%20Report.pdf},
language = {English},
urldate = {2022-03-10}
}
The link between Kwampirs (Orangeworm) and Shamoon APTs
DistTrack Kwampirs |
2021-08-05 ⋅ Symantec ⋅ Threat Hunter Team
@techreport{team:20210805:attacks:c2d7348,
author = {Threat Hunter Team},
title = {{Attacks Against Critical Infrastructure: A Global Concern}},
date = {2021-08-05},
institution = {Symantec},
url = {https://symantec.broadcom.com/hubfs/Attacks-Against-Critical_Infrastructrure.pdf},
language = {English},
urldate = {2021-08-06}
}
Attacks Against Critical Infrastructure: A Global Concern
BlackEnergy DarkSide DistTrack Stuxnet |
2020-02-13 ⋅ Qianxin ⋅ Qi Anxin Threat Intelligence Center
@techreport{center:20200213:report:146d333,
author = {Qi Anxin Threat Intelligence Center},
title = {{APT Report 2019}},
date = {2020-02-13},
institution = {Qianxin},
url = {https://ti.qianxin.com/uploads/2020/02/13/cb78386a082f465f259b37dae5df4884.pdf},
language = {English},
urldate = {2020-02-27}
}
APT Report 2019
Chrysaor Exodus Dacls VPNFilter DNSRat Griffon KopiLuwak More_eggs SQLRat AppleJeus BONDUPDATER Agent.BTZ Anchor AndroMut AppleJeus BOOSTWRITE Brambul Carbanak Cobalt Strike Dacls DistTrack DNSpionage Dtrack ELECTRICFISH FlawedAmmyy FlawedGrace Get2 Grateful POS HOPLIGHT Imminent Monitor RAT jason Joanap KerrDown KEYMARBLE Lambert LightNeuron LoJax MiniDuke PolyglotDuke PowerRatankba Rising Sun SDBbot ServHelper Snatch Stuxnet TinyMet tRat TrickBot Volgmer X-Agent Zebrocy |
2020-02-10 ⋅ ZDNet ⋅ Catalin Cimpanu
@online{cimpanu:20200210:fbi:1904430,
author = {Catalin Cimpanu},
title = {{FBI warns about ongoing attacks against software supply chain companies}},
date = {2020-02-10},
organization = {ZDNet},
url = {https://www.zdnet.com/article/fbi-warns-about-ongoing-attacks-against-software-supply-chain-companies/},
language = {English},
urldate = {2020-02-11}
}
FBI warns about ongoing attacks against software supply chain companies
DistTrack Kwampirs |
2020-01-23 ⋅ Recorded Future ⋅ Insikt Group
@techreport{group:20200123:european:c3ca9e3,
author = {Insikt Group},
title = {{European Energy Sector Organization Targeted by PupyRAT Malware in Late 2019}},
date = {2020-01-23},
institution = {Recorded Future},
url = {https://go.recordedfuture.com/hubfs/reports/cta-2020-0123.pdf},
language = {English},
urldate = {2020-01-27}
}
European Energy Sector Organization Targeted by PupyRAT Malware in Late 2019
pupy pupy pupy |
2019-12-21 ⋅ MalwareInDepth ⋅ Myrtus 0x0
@online{0x0:20191221:shamoon:eb1828b,
author = {Myrtus 0x0},
title = {{Shamoon 2012 Complete Analysis}},
date = {2019-12-21},
organization = {MalwareInDepth},
url = {https://malwareindepth.com/shamoon-2012/},
language = {English},
urldate = {2020-01-12}
}
Shamoon 2012 Complete Analysis
DistTrack |
2019-11-19 ⋅ FireEye ⋅ Kelli Vanderlee, Nalani Fraser
@techreport{vanderlee:20191119:achievement:6be19eb,
author = {Kelli Vanderlee and Nalani Fraser},
title = {{Achievement Unlocked: Chinese Cyber Espionage Evolves to Support Higher Level Missions}},
date = {2019-11-19},
institution = {FireEye},
url = {https://summit.fireeye.com/content/dam/fireeye-www/summit/cds-2019/presentations/cds19-executive-s08-achievement-unlocked.pdf},
language = {English},
urldate = {2021-03-02}
}
Achievement Unlocked: Chinese Cyber Espionage Evolves to Support Higher Level Missions
MESSAGETAP TSCookie ACEHASH CHINACHOPPER Cobalt Strike Derusbi Empire Downloader Ghost RAT HIGHNOON HTran MimiKatz NetWire RC poisonplug Poison Ivy pupy Quasar RAT ZXShell |
2019-08-22 ⋅ Github (n1nj4sec) ⋅ n1nj4sec
@online{n1nj4sec:20190822:pupy:a822ccd,
author = {n1nj4sec},
title = {{Pupy RAT}},
date = {2019-08-22},
organization = {Github (n1nj4sec)},
url = {https://github.com/n1nj4sec/pupy},
language = {English},
urldate = {2020-01-07}
}
Pupy RAT
pupy pupy pupy |
2019-03-27 ⋅ Symantec ⋅ Security Response Attack Investigation Team
@online{team:20190327:elfin:836cc39,
author = {Security Response Attack Investigation Team},
title = {{Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.}},
date = {2019-03-27},
organization = {Symantec},
url = {https://www.symantec.com/blogs/threat-intelligence/elfin-apt33-espionage},
language = {English},
urldate = {2020-01-06}
}
Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.
DarkComet Nanocore RAT pupy Quasar RAT Remcos TURNEDUP APT33 |
2019-03-27 ⋅ Symantec ⋅ Critical Attack Discovery and Intelligence Team
@online{team:20190327:elfin:d90a330,
author = {Critical Attack Discovery and Intelligence Team},
title = {{Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.}},
date = {2019-03-27},
organization = {Symantec},
url = {https://symantec-blogs.broadcom.com/blogs/threat-intelligence/elfin-apt33-espionage},
language = {English},
urldate = {2020-04-21}
}
Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.
DarkComet MimiKatz Nanocore RAT NetWire RC pupy Quasar RAT Remcos StoneDrill TURNEDUP APT33 |
2019 ⋅ Council on Foreign Relations ⋅ Cyber Operations Tracker
@online{tracker:2019:rocket:463504b,
author = {Cyber Operations Tracker},
title = {{Rocket Kitten}},
date = {2019},
organization = {Council on Foreign Relations},
url = {https://www.cfr.org/interactive/cyber-operations/rocket-kitten},
language = {English},
urldate = {2019-12-20}
}
Rocket Kitten
Rocket Kitten |
2018-12-21 ⋅ FireEye ⋅ Geoff Ackerman, Rick Cole, Andrew Thompson, Alex Orleans, Nick Carr
@online{ackerman:20181221:overruled:74ac7b4,
author = {Geoff Ackerman and Rick Cole and Andrew Thompson and Alex Orleans and Nick Carr},
title = {{OVERRULED: Containing a Potentially Destructive Adversary}},
date = {2018-12-21},
organization = {FireEye},
url = {https://www.fireeye.com/blog/threat-research/2018/12/overruled-containing-a-potentially-destructive-adversary.html},
language = {English},
urldate = {2019-12-20}
}
OVERRULED: Containing a Potentially Destructive Adversary
POWERTON PoshC2 pupy |
2018-12-14 ⋅ Symantec ⋅ Critical Attack Discovery and Intelligence Team
@online{team:20181214:shamoon:1f24fa5,
author = {Critical Attack Discovery and Intelligence Team},
title = {{Shamoon: Destructive Threat Re-Emerges with New Sting in its Tail}},
date = {2018-12-14},
organization = {Symantec},
url = {https://symantec-blogs.broadcom.com/blogs/threat-intelligence/shamoon-destructive-threat-re-emerges-new-sting-its-tail},
language = {English},
urldate = {2020-04-21}
}
Shamoon: Destructive Threat Re-Emerges with New Sting in its Tail
DistTrack Filerase StoneDrill OilRig |
2018-12-13 ⋅ Palo Alto Networks Unit 42 ⋅ Robert Falcone
@online{falcone:20181213:shamoon:1623fe7,
author = {Robert Falcone},
title = {{Shamoon 3 Targets Oil and Gas Organization}},
date = {2018-12-13},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/shamoon-3-targets-oil-gas-organization/},
language = {English},
urldate = {2020-01-10}
}
Shamoon 3 Targets Oil and Gas Organization
DistTrack |
2017-07-25 ⋅ ClearSky ⋅ ClearSky Research Team
@online{team:20170725:operation:a39915e,
author = {ClearSky Research Team},
title = {{Operation Wilted Tulip – Exposing a Cyber Espionage Apparatus}},
date = {2017-07-25},
organization = {ClearSky},
url = {http://www.clearskysec.com/tulip/},
language = {English},
urldate = {2020-01-08}
}
Operation Wilted Tulip – Exposing a Cyber Espionage Apparatus
Matryoshka RAT TDTESS CopyKittens |
2017-07 ⋅ ClearSky ⋅ ClearSky, Trend Micro
@techreport{clearsky:201707:operationwilted:7e57e58,
author = {ClearSky and Trend Micro},
title = {{OperationWilted Tulip}},
date = {2017-07},
institution = {ClearSky},
url = {https://www.clearskysec.com/wp-content/uploads/2017/07/Operation_Wilted_Tulip.pdf},
language = {English},
urldate = {2020-01-06}
}
OperationWilted Tulip
Matryoshka RAT CopyKittens |
2017-03-26 ⋅ Palo Alto Networks Unit 42 ⋅ Robert Falcone, Bryan Lee
@online{falcone:20170326:shamoon:8a62f1a,
author = {Robert Falcone and Bryan Lee},
title = {{Shamoon 2: Delivering Disttrack}},
date = {2017-03-26},
organization = {Palo Alto Networks Unit 42},
url = {http://researchcenter.paloaltonetworks.com/2017/03/unit42-shamoon-2-delivering-disttrack/},
language = {English},
urldate = {2019-12-20}
}
Shamoon 2: Delivering Disttrack
DistTrack |
2017-03-14 ⋅ FireEye ⋅ FireEye
@online{fireeye:20170314:mtrend:0ea7d30,
author = {FireEye},
title = {{M-Trend 2017: A View From the Front Lines}},
date = {2017-03-14},
organization = {FireEye},
url = {https://content.fireeye.com/m-trends/rpt-m-trends-2017},
language = {English},
urldate = {2020-06-03}
}
M-Trend 2017: A View From the Front Lines
DistTrack Powersniff FIN8 |
2017-02-27 ⋅ Symantec ⋅ Symantec Security Response
@online{response:20170227:shamoon:62798a3,
author = {Symantec Security Response},
title = {{Shamoon: Multi-staged destructive attacks limited to specific targets}},
date = {2017-02-27},
organization = {Symantec},
url = {https://www.symantec.com/connect/blogs/shamoon-multi-staged-destructive-attacks-limited-specific-targets},
language = {English},
urldate = {2019-10-12}
}
Shamoon: Multi-staged destructive attacks limited to specific targets
Rocket Kitten |
2017-02-27 ⋅ Symantec ⋅ A L Johnson
@online{johnson:20170227:shamoon:0188f39,
author = {A L Johnson},
title = {{Shamoon: Multi-staged destructive attacks limited to specific targets}},
date = {2017-02-27},
organization = {Symantec},
url = {https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=5758557d-6e3a-4174-90f3-fa92a712ecd9&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments},
language = {English},
urldate = {2020-04-21}
}
Shamoon: Multi-staged destructive attacks limited to specific targets
DistTrack MimiKatz Rocket Kitten |
2017-02-16 ⋅ SecurityAffairs ⋅ Pierluigi Paganini
@online{paganini:20170216:iranian:917f46c,
author = {Pierluigi Paganini},
title = {{Iranian hackers behind the Magic Hound campaign linked to Shamoon}},
date = {2017-02-16},
organization = {SecurityAffairs},
url = {https://securityaffairs.co/wordpress/56348/intelligence/magic-hound-campaign.html},
language = {English},
urldate = {2022-07-29}
}
Iranian hackers behind the Magic Hound campaign linked to Shamoon
pupy APT35 |
2017-02-15 ⋅ Palo Alto Networks Unit 42 ⋅ Bryan Lee, Robert Falcone
@online{lee:20170215:magic:e0b1b72,
author = {Bryan Lee and Robert Falcone},
title = {{Magic Hound Campaign Attacks Saudi Targets}},
date = {2017-02-15},
organization = {Palo Alto Networks Unit 42},
url = {https://researchcenter.paloaltonetworks.com/2017/02/unit42-magic-hound-campaign-attacks-saudi-targets/},
language = {English},
urldate = {2019-09-22}
}
Magic Hound Campaign Attacks Saudi Targets
Leash MPKBot pupy Rocket Kitten |
2017-02-15 ⋅ Secureworks ⋅ SecureWorks' Counter Threat Unit Research Team
@online{team:20170215:iranian:004ec5a,
author = {SecureWorks' Counter Threat Unit Research Team},
title = {{Iranian PupyRAT Bites Middle Eastern Organizations}},
date = {2017-02-15},
organization = {Secureworks},
url = {https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations},
language = {English},
urldate = {2019-10-23}
}
Iranian PupyRAT Bites Middle Eastern Organizations
pupy Cleaver |
2017-02-10 ⋅ JPCERT/CC ⋅ Shusei Tomonaga
@online{tomonaga:20170210:malware:4f2c9aa,
author = {Shusei Tomonaga},
title = {{Malware that infects using PowerSploit}},
date = {2017-02-10},
organization = {JPCERT/CC},
url = {https://blog.cyber4sight.com/2017/02/malicious-powershell-script-analysis-indicates-shamoon-actors-used-pupy-rat/},
language = {Japanese},
urldate = {2020-01-08}
}
Malware that infects using PowerSploit
pupy |
2017-02-05 ⋅ VinRansomware ⋅ Gregory Paul, Shaunak
@online{paul:20170205:detailed:3a65aaf,
author = {Gregory Paul and Shaunak},
title = {{Detailed threat analysis of Shamoon 2.0 Malware}},
date = {2017-02-05},
organization = {VinRansomware},
url = {http://www.vinransomware.com/blog/detailed-threat-analysis-of-shamoon-2-0-malware},
language = {English},
urldate = {2020-01-09}
}
Detailed threat analysis of Shamoon 2.0 Malware
DistTrack |
2017-01-23 ⋅ Symantec ⋅ Symantec Security Response
@online{response:20170123:greenbug:a118a76,
author = {Symantec Security Response},
title = {{Greenbug cyberespionage group targeting Middle East, possible links to Shamoon}},
date = {2017-01-23},
organization = {Symantec},
url = {https://web.archive.org/web/20190331181353/https://www.symantec.com/connect/blogs/greenbug-cyberespionage-group-targeting-middle-east-possible-links-shamoon},
language = {English},
urldate = {2020-04-21}
}
Greenbug cyberespionage group targeting Middle East, possible links to Shamoon
DistTrack ISMDoor Greenbug |
2017-01-23 ⋅ Symantec ⋅ Symantec Security Response
@online{response:20170123:greenbug:96eab4c,
author = {Symantec Security Response},
title = {{Greenbug cyberespionage group targeting Middle East, possible links to Shamoon}},
date = {2017-01-23},
organization = {Symantec},
url = {https://www.symantec.com/connect/blogs/greenbug-cyberespionage-group-targeting-middle-east-possible-links-shamoon},
language = {English},
urldate = {2020-01-13}
}
Greenbug cyberespionage group targeting Middle East, possible links to Shamoon
DistTrack ISMDoor Greenbug |
2017-01-09 ⋅ Palo Alto Networks Unit 42 ⋅ Robert Falcone
@online{falcone:20170109:second:2e36550,
author = {Robert Falcone},
title = {{Second Wave of Shamoon 2 Attacks Identified}},
date = {2017-01-09},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/unit42-second-wave-shamoon-2-attacks-identified/},
language = {English},
urldate = {2020-01-07}
}
Second Wave of Shamoon 2 Attacks Identified
DistTrack |
2016-12-26 ⋅ Wikipedia ⋅ Wikipedia
@online{wikipedia:20161226:rocket:24b6dd9,
author = {Wikipedia},
title = {{Rocket Kitten}},
date = {2016-12-26},
organization = {Wikipedia},
url = {https://en.wikipedia.org/wiki/Rocket_Kitten},
language = {English},
urldate = {2019-11-16}
}
Rocket Kitten
Rocket Kitten |
2016-12-03 ⋅ Coding and Security ⋅ Coding, Security
@online{coding:20161203:sophisticated:af2cbb4,
author = {Coding and Security},
title = {{"Sophisticated" and "Genius" Shamoon 2.0 Malware Analysis}},
date = {2016-12-03},
organization = {Coding and Security},
url = {https://www.codeandsec.com/Sophisticated-CyberWeapon-Shamoon-2-Malware-Analysis},
language = {English},
urldate = {2020-01-08}
}
"Sophisticated" and "Genius" Shamoon 2.0 Malware Analysis
DistTrack |
2016-11-30 ⋅ Palo Alto Networks Unit 42 ⋅ Robert Falcone
@online{falcone:20161130:shamoon:6befcf1,
author = {Robert Falcone},
title = {{Shamoon 2: Return of the Disttrack Wiper}},
date = {2016-11-30},
organization = {Palo Alto Networks Unit 42},
url = {http://researchcenter.paloaltonetworks.com/2016/11/unit42-shamoon-2-return-disttrack-wiper/?adbsc=social68389776&adbid=804134348374970368&adbpl=tw&adbpr=4487645412},
language = {English},
urldate = {2019-12-20}
}
Shamoon 2: Return of the Disttrack Wiper
DistTrack |
2016-11-30 ⋅ Symantec ⋅ A L Johnson
@online{johnson:20161130:shamoon:50feb7c,
author = {A L Johnson},
title = {{Shamoon: Back from the dead and destructive as ever}},
date = {2016-11-30},
organization = {Symantec},
url = {https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=ad6f8259-2bb4-4f7f-b8e1-710b35a4cbed&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments},
language = {English},
urldate = {2020-04-21}
}
Shamoon: Back from the dead and destructive as ever
DistTrack OilRig |
2015-11 ⋅ Check Point ⋅ Check Point
@techreport{point:201511:rocket:2e2b21c,
author = {Check Point},
title = {{ROCKET KIT TEN: A CAMPAIGN WITH 9 LIVES}},
date = {2015-11},
institution = {Check Point},
url = {https://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdf},
language = {English},
urldate = {2020-01-07}
}
ROCKET KIT TEN: A CAMPAIGN WITH 9 LIVES
FireMalv MPKBot Woolger Cleaver Rocket Kitten |
2015-09-01 ⋅ Trend Micro ⋅ Cedric Pernet, Eyal Sela
@techreport{pernet:20150901:spy:66fcfab,
author = {Cedric Pernet and Eyal Sela},
title = {{The Spy Kittens Are Back: Rocket Kitten 2}},
date = {2015-09-01},
institution = {Trend Micro},
url = {https://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-the-spy-kittens-are-back.pdf},
language = {English},
urldate = {2020-01-08}
}
The Spy Kittens Are Back: Rocket Kitten 2
Rocket Kitten |
2015-08-27 ⋅ CitizenLab ⋅ John Scott-Railton, Katie Kleemola
@online{scottrailton:20150827:london:d3ff105,
author = {John Scott-Railton and Katie Kleemola},
title = {{London Calling: Two-Factor Authentication Phishing From Iran}},
date = {2015-08-27},
organization = {CitizenLab},
url = {https://citizenlab.ca/2015/08/iran_two_factor_phishing/},
language = {English},
urldate = {2020-04-06}
}
London Calling: Two-Factor Authentication Phishing From Iran
Rocket Kitten |
2015-06-03 ⋅ ClearSky ⋅ ClearSky Research Team
@online{team:20150603:thamar:6baa58c,
author = {ClearSky Research Team},
title = {{Thamar Reservoir – An Iranian cyber-attack campaign against targets in the Middle East}},
date = {2015-06-03},
organization = {ClearSky},
url = {http://www.clearskysec.com/thamar-reservoir/},
language = {English},
urldate = {2019-12-20}
}
Thamar Reservoir – An Iranian cyber-attack campaign against targets in the Middle East
Rocket Kitten |
2015-03-24 ⋅ Trend Micro ⋅ Cedric Pernet, Kenney Lu
@techreport{pernet:20150324:operation:65e881c,
author = {Cedric Pernet and Kenney Lu},
title = {{Operation Woolen-Goldfish: When Kittens Go Phishing}},
date = {2015-03-24},
institution = {Trend Micro},
url = {http://www.trendmicro.it/media/wp/operation-woolen-goldfish-whitepaper-en.pdf},
language = {English},
urldate = {2019-07-09}
}
Operation Woolen-Goldfish: When Kittens Go Phishing
Ghole Woolger |
2015-03-19 ⋅ Trend Micro ⋅ Trend Micro
@online{micro:20150319:rocket:3046dd1,
author = {Trend Micro},
title = {{Rocket Kitten Showing Its Claws: Operation Woolen-GoldFish and the GHOLE campaign}},
date = {2015-03-19},
organization = {Trend Micro},
url = {https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/operation-woolen-goldfish-when-kittens-go-phishing},
language = {English},
urldate = {2020-01-06}
}
Rocket Kitten Showing Its Claws: Operation Woolen-GoldFish and the GHOLE campaign
Cleaver Rocket Kitten |
2015-03-19 ⋅ Trend Micro ⋅ Cedric Pernet, Kenney Lu
@techreport{pernet:20150319:operation:a0443b7,
author = {Cedric Pernet and Kenney Lu},
title = {{Operation WOOLEN-GOLDFISH: When Kittens Go Phishing}},
date = {2015-03-19},
institution = {Trend Micro},
url = {https://documents.trendmicro.com/assets/wp/wp-operation-woolen-goldfish.pdf},
language = {English},
urldate = {2022-04-29}
}
Operation WOOLEN-GOLDFISH: When Kittens Go Phishing
Ghole Woolger |
2014-09-04 ⋅ ClearSky ⋅ ClearSky Research Team
@online{team:20140904:gholee:9f6be42,
author = {ClearSky Research Team},
title = {{Gholee – a “protective edge” themed spear phishing campaign}},
date = {2014-09-04},
organization = {ClearSky},
url = {https://www.clearskysec.com/gholee-a-protective-edge-themed-spear-phishing-campaign/},
language = {English},
urldate = {2020-01-10}
}
Gholee – a “protective edge” themed spear phishing campaign
Ghole |
2012-08-17 ⋅ Contagiodump Blog ⋅ Mila Parkour
@online{parkour:20120817:shamoon:efffab1,
author = {Mila Parkour},
title = {{Shamoon or DistTrack.A samples}},
date = {2012-08-17},
organization = {Contagiodump Blog},
url = {http://contagiodump.blogspot.com/2012/08/shamoon-or-disttracka-samples.html},
language = {English},
urldate = {2019-12-20}
}
Shamoon or DistTrack.A samples
DistTrack |
2012-08-16 ⋅ Symantec ⋅ Symantec Security Response
@online{response:20120816:shamoon:8f8fe97,
author = {Symantec Security Response},
title = {{The Shamoon Attacks}},
date = {2012-08-16},
organization = {Symantec},
url = {https://web.archive.org/web/20120818235442/https://www.symantec.com/connect/blogs/shamoon-attacks},
language = {English},
urldate = {2020-04-21}
}
The Shamoon Attacks
DistTrack OilRig |
2012-08-16 ⋅ Kaspersky Labs ⋅ GReAT
@online{great:20120816:shamoon:143efb8,
author = {GReAT},
title = {{Shamoon the Wiper – Copycats at Work}},
date = {2012-08-16},
organization = {Kaspersky Labs},
url = {https://securelist.com/shamoon-the-wiper-copycats-at-work/},
language = {English},
urldate = {2019-12-20}
}
Shamoon the Wiper – Copycats at Work
DistTrack |