aka: Sandworm Team, Black Energy, BlackEnergy, Quedagh, Voodoo Bear, TEMP.Noble, Iron Viking
This threat actor targets industrial control systems, using a tool called Black Energy, associated with electricity and power generation for espionage, denial of service, and data destruction purposes. Some believe that the threat actor is linked to the 2015 compromise of the Ukrainian electrical grid and a distributed denial of service prior to the Russian invasion of Georgia. Believed to be responsible for the 2008 DDoS attacks in Georgia and the 2015 Ukraine power grid outage
2020-12-21 ⋅ IronNet ⋅ Adam Hlavek, Kimberly Ortiz @online{hlavek:20201221:russian:804662f,
author = {Adam Hlavek and Kimberly Ortiz},
title = {{Russian cyber attack campaigns and actors}},
date = {2020-12-21},
organization = {IronNet},
url = {https://www.ironnet.com/blog/russian-cyber-attack-campaigns-and-actors},
language = {English},
urldate = {2021-01-05}
}
Russian cyber attack campaigns and actors WellMail elf.wellmess Agent.BTZ BlackEnergy EternalPetya Havex RAT Industroyer Ryuk Triton WellMess |
2020-11-04 ⋅ Stranded on Pylos Blog ⋅ Joe Slowik @online{slowik:20201104:enigmatic:c2d7b4e,
author = {Joe Slowik},
title = {{The Enigmatic Energetic Bear}},
date = {2020-11-04},
organization = {Stranded on Pylos Blog},
url = {https://pylos.co/2020/11/04/the-enigmatic-energetic-bear/},
language = {English},
urldate = {2020-11-06}
}
The Enigmatic Energetic Bear EternalPetya Havex RAT |
2020-10-19 ⋅ CyberScoop ⋅ Tim Starks @online{starks:20201019:us:d77b8f8,
author = {Tim Starks},
title = {{US charges Russian GRU officers for NotPetya, other major hacks}},
date = {2020-10-19},
organization = {CyberScoop},
url = {https://www.cyberscoop.com/russian-hackers-notpetya-charges-gru/},
language = {English},
urldate = {2020-10-19}
}
US charges Russian GRU officers for NotPetya, other major hacks EternalPetya |
2020-10-19 ⋅ Wired ⋅ Andy Greenberg @online{greenberg:20201019:us:89aec2c,
author = {Andy Greenberg},
title = {{US Indicts Sandworm, Russia's Most Destructive Cyberwar Unit}},
date = {2020-10-19},
organization = {Wired},
url = {https://www.wired.com/story/us-indicts-sandworm-hackers-russia-cyberwar-unit/},
language = {English},
urldate = {2020-10-19}
}
US Indicts Sandworm, Russia's Most Destructive Cyberwar Unit EternalPetya Olympic Destroyer |
2020-10-19 ⋅ UK Government ⋅ ForeignCommonwealth & Development Office, Dominic Raab @online{office:20201019:uk:7ead390,
author = {ForeignCommonwealth & Development Office and Dominic Raab},
title = {{UK exposes series of Russian cyber attacks against Olympic and Paralympic Games}},
date = {2020-10-19},
organization = {UK Government},
url = {https://www.gov.uk/government/news/uk-exposes-series-of-russian-cyber-attacks-against-olympic-and-paralympic-games},
language = {English},
urldate = {2020-10-23}
}
UK exposes series of Russian cyber attacks against Olympic and Paralympic Games elf.vpnfilter BlackEnergy EternalPetya Industroyer |
2020-10-19 ⋅ Riskint Blog ⋅ Curtis @online{curtis:20201019:revisited:df05745,
author = {Curtis},
title = {{Revisited: Fancy Bear's New Faces...and Sandworms' too}},
date = {2020-10-19},
organization = {Riskint Blog},
url = {https://www.riskint.blog/post/revisited-fancy-bear-s-new-faces-and-sandworms-too},
language = {English},
urldate = {2020-10-23}
}
Revisited: Fancy Bear's New Faces...and Sandworms' too BlackEnergy EternalPetya Industroyer Olympic Destroyer |
2020-08-29 ⋅ Aguinet ⋅ Adrien Guinet @online{guinet:20200829:emulating:45c0c16,
author = {Adrien Guinet},
title = {{Emulating NotPetya bootloader with Miasm}},
date = {2020-08-29},
organization = {Aguinet},
url = {https://aguinet.github.io//blog/2020/08/29/miasm-bootloader.html},
language = {English},
urldate = {2020-09-04}
}
Emulating NotPetya bootloader with Miasm EternalPetya |
2020-07-29 ⋅ Kaspersky Labs ⋅ GReAT @online{great:20200729:trends:6810325,
author = {GReAT},
title = {{APT trends report Q2 2020}},
date = {2020-07-29},
organization = {Kaspersky Labs},
url = {https://securelist.com/apt-trends-report-q2-2020/97937/},
language = {English},
urldate = {2020-07-30}
}
APT trends report Q2 2020 PhantomLance Dacls Penquin Turla elf.wellmess AppleJeus Dacls AcidBox Cobalt Strike Dacls EternalPetya Godlike12 Olympic Destroyer PlugX shadowhammer ShadowPad Sinowal VHD Ransomware Volgmer WellMess X-Agent XTunnel |
2020-07-29 ⋅ Atlantic Council ⋅ Trey Herr, June Lee, William Loomis, Stewart Scott @techreport{herr:20200729:breaking:d37db04,
author = {Trey Herr and June Lee and William Loomis and Stewart Scott},
title = {{BREAKING TRUST: Shades of Crisis Across an Insecure Software Supply Chain}},
date = {2020-07-29},
institution = {Atlantic Council},
url = {https://www.atlanticcouncil.org/wp-content/uploads/2020/07/Breaking-trust-Shades-of-crisis-across-an-insecure-software-supply-chain.pdf},
language = {English},
urldate = {2020-08-05}
}
BREAKING TRUST: Shades of Crisis Across an Insecure Software Supply Chain EternalPetya GoldenSpy Kwampirs Stuxnet |
2020-06-21 ⋅ GVNSHTN ⋅ Gavin Ashton @online{ashton:20200621:maersk:5121522,
author = {Gavin Ashton},
title = {{Maersk, me & notPetya}},
date = {2020-06-21},
organization = {GVNSHTN},
url = {https://gvnshtn.com/maersk-me-notpetya/},
language = {English},
urldate = {2020-08-18}
}
Maersk, me & notPetya EternalPetya |
2020-06-09 ⋅ Kaspersky Labs ⋅ Costin Raiu @online{raiu:20200609:looking:3038dce,
author = {Costin Raiu},
title = {{Looking at Big Threats Using Code Similarity. Part 1}},
date = {2020-06-09},
organization = {Kaspersky Labs},
url = {https://securelist.com/big-threats-using-code-similarity-part-1/97239/},
language = {English},
urldate = {2020-08-18}
}
Looking at Big Threats Using Code Similarity. Part 1 Penquin Turla CCleaner Backdoor EternalPetya Regin WannaCryptor XTunnel |
2020-05-21 ⋅ PICUS Security ⋅ Süleyman Özarslan @online{zarslan:20200521:t1055:4400f98,
author = {Süleyman Özarslan},
title = {{T1055 Process Injection}},
date = {2020-05-21},
organization = {PICUS Security},
url = {https://www.picussecurity.com/blog/picus-10-critical-mitre-attck-techniques-t1055-process-injection},
language = {English},
urldate = {2020-06-03}
}
T1055 Process Injection BlackEnergy Cardinal RAT Downdelph Emotet Kazuar RokRAT SOUNDBITE |
2020-03-05 ⋅ Microsoft ⋅ Microsoft Threat Protection Intelligence Team @online{team:20200305:humanoperated:d90a28e,
author = {Microsoft Threat Protection Intelligence Team},
title = {{Human-operated ransomware attacks: A preventable disaster}},
date = {2020-03-05},
organization = {Microsoft},
url = {https://www.microsoft.com/security/blog/2020/03/05/human-operated-ransomware-attacks-a-preventable-disaster/},
language = {English},
urldate = {2020-03-06}
}
Human-operated ransomware attacks: A preventable disaster Dharma DoppelPaymer Dridex EternalPetya Gandcrab Hermes LockerGoga MegaCortex MimiKatz REvil RobinHood Ryuk SamSam TrickBot WannaCryptor |
2020 ⋅ Secureworks ⋅ SecureWorks @online{secureworks:2020:iron:3c939bc,
author = {SecureWorks},
title = {{IRON VIKING}},
date = {2020},
organization = {Secureworks},
url = {https://www.secureworks.com/research/threat-profiles/iron-viking},
language = {English},
urldate = {2020-05-23}
}
IRON VIKING BlackEnergy EternalPetya GreyEnergy Industroyer KillDisk TeleBot TeleDoor |
2019-08-01 ⋅ Kaspersky Labs ⋅ GReAT @online{great:20190801:trends:5e25d5b,
author = {GReAT},
title = {{APT trends report Q2 2019}},
date = {2019-08-01},
organization = {Kaspersky Labs},
url = {https://securelist.com/apt-trends-report-q2-2019/91897/},
language = {English},
urldate = {2020-08-13}
}
APT trends report Q2 2019 ZooPark magecart POWERSTATS Chaperone COMpfun EternalPetya FinFisher RAT HawkEye Keylogger HOPLIGHT Microcin NjRAT Olympic Destroyer PLEAD RokRAT Triton Zebrocy Microcin |
2019-05-08 ⋅ Verizon Communications Inc. ⋅ Verizon Communications Inc. @techreport{inc:20190508:2019:3c20a3b,
author = {Verizon Communications Inc.},
title = {{2019 Data Breach Investigations Report}},
date = {2019-05-08},
institution = {Verizon Communications Inc.},
url = {https://enterprise.verizon.com/resources/reports/2019-data-breach-investigations-report.pdf},
language = {English},
urldate = {2020-05-10}
}
2019 Data Breach Investigations Report BlackEnergy Cobalt Strike DanaBot Gandcrab GreyEnergy Mirai Olympic Destroyer SamSam |
2019-01-18 ⋅ Mark Edmondson @online{edmondson:20190118:black:e66dcec,
author = {Mark Edmondson},
title = {{BLACK ENERGY – Analysis}},
date = {2019-01-18},
url = {https://marcusedmondson.com/2019/01/18/black-energy-analysis/},
language = {English},
urldate = {2020-01-08}
}
BLACK ENERGY – Analysis BlackEnergy |
2019 ⋅ Council on Foreign Relations ⋅ Cyber Operations Tracker @online{tracker:2019:black:cea08bf,
author = {Cyber Operations Tracker},
title = {{Black Energy}},
date = {2019},
organization = {Council on Foreign Relations},
url = {https://www.cfr.org/interactive/cyber-operations/black-energy},
language = {English},
urldate = {2019-12-20}
}
Black Energy Sandworm |
2019 ⋅ MITRE ⋅ MITRE ATT&CK @online{attck:2019:sandworm:2c635f5,
author = {MITRE ATT&CK},
title = {{Group description: Sandworm Team}},
date = {2019},
organization = {MITRE},
url = {https://attack.mitre.org/groups/G0034/},
language = {English},
urldate = {2019-12-20}
}
Group description: Sandworm Team Sandworm |
2018-10-11 ⋅ ESET Research ⋅ Anton Cherepanov, Robert Lipovsky @online{cherepanov:20181011:new:8e588c3,
author = {Anton Cherepanov and Robert Lipovsky},
title = {{New TeleBots backdoor: First evidence linking Industroyer to NotPetya}},
date = {2018-10-11},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2018/10/11/new-telebots-backdoor-linking-industroyer-notpetya/},
language = {English},
urldate = {2019-11-14}
}
New TeleBots backdoor: First evidence linking Industroyer to NotPetya Exaramel EternalPetya Exaramel Industroyer |
2018-04-03 ⋅ ESET Research ⋅ Peter Kálnai, Anton Cherepanov @online{klnai:20180403:lazarus:14ff18c,
author = {Peter Kálnai and Anton Cherepanov},
title = {{Lazarus KillDisks Central American casino}},
date = {2018-04-03},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2018/04/03/lazarus-killdisk-central-american-casino/},
language = {English},
urldate = {2019-11-14}
}
Lazarus KillDisks Central American casino KillDisk Lazarus Group |
2018-01-15 ⋅ Trend Micro ⋅ Gilbert Sison, Rheniel Ramos, Jay Yaneza, Alfredo Oliveira @online{sison:20180115:new:15ece8f,
author = {Gilbert Sison and Rheniel Ramos and Jay Yaneza and Alfredo Oliveira},
title = {{New KillDisk Variant Hits Financial Organizations in Latin America}},
date = {2018-01-15},
organization = {Trend Micro},
url = {https://blog.trendmicro.com/trendlabs-security-intelligence/new-killdisk-variant-hits-financial-organizations-in-latin-america/},
language = {English},
urldate = {2020-01-06}
}
New KillDisk Variant Hits Financial Organizations in Latin America KillDisk Lazarus Group |
2018-01-13 ⋅ The Washington Post ⋅ Ellen Nakashima @online{nakashima:20180113:russian:fce58a2,
author = {Ellen Nakashima},
title = {{Russian military was behind ‘NotPetya’ cyberattack in Ukraine, CIA concludes}},
date = {2018-01-13},
organization = {The Washington Post},
url = {https://www.washingtonpost.com/world/national-security/russian-military-was-behind-notpetya-cyberattack-in-ukraine-cia-concludes/2018/01/12/048d8506-f7ca-11e7-b34a-b85626af34ef_story.html},
language = {English},
urldate = {2020-01-06}
}
Russian military was behind ‘NotPetya’ cyberattack in Ukraine, CIA concludes EternalPetya |
2017-10-27 ⋅ F-Secure ⋅ F-Secure Global @online{global:20171027:big:916374a,
author = {F-Secure Global},
title = {{The big difference with Bad Rabbit}},
date = {2017-10-27},
organization = {F-Secure},
url = {https://labsblog.f-secure.com/2017/10/27/the-big-difference-with-bad-rabbit/},
language = {English},
urldate = {2020-01-07}
}
The big difference with Bad Rabbit EternalPetya |
2017-10-26 ⋅ FireEye ⋅ Barry Vengerik, Ben Read, Brian Mordosky, Christopher Glyer, Ian Ahl, Matt Williams, Michael Matonis, Nick Carr @online{vengerik:20171026:backswing:3aab9cf,
author = {Barry Vengerik and Ben Read and Brian Mordosky and Christopher Glyer and Ian Ahl and Matt Williams and Michael Matonis and Nick Carr},
title = {{BACKSWING - Pulling a BADRABBIT Out of a Hat}},
date = {2017-10-26},
organization = {FireEye},
url = {https://www.fireeye.com/blog/threat-research/2017/10/backswing-pulling-a-badrabbit-out-of-a-hat.html},
language = {English},
urldate = {2019-12-20}
}
BACKSWING - Pulling a BADRABBIT Out of a Hat EternalPetya |
2017-10-26 ⋅ Reversing Labs ⋅ None @online{none:20171026:reversinglabs:d3543db,
author = {None},
title = {{ReversingLabs' YARA rule detects BadRabbit encryption routine specifics}},
date = {2017-10-26},
organization = {Reversing Labs},
url = {https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-badrabbit-encryption-routine-specifics.html},
language = {English},
urldate = {2019-10-17}
}
ReversingLabs' YARA rule detects BadRabbit encryption routine specifics EternalPetya |
2017-10-25 ⋅ RiskIQ ⋅ Yonathan Klijnsma @online{klijnsma:20171025:down:8d41ef5,
author = {Yonathan Klijnsma},
title = {{Down the Rabbit Hole: Tracking the BadRabbit Ransomware to a Long Ongoing Campaign of Target Selection}},
date = {2017-10-25},
organization = {RiskIQ},
url = {https://www.riskiq.com/blog/labs/badrabbit/},
language = {English},
urldate = {2020-01-10}
}
Down the Rabbit Hole: Tracking the BadRabbit Ransomware to a Long Ongoing Campaign of Target Selection EternalPetya |
2017-10-24 ⋅ ESET Research ⋅ Editor @online{editor:20171024:kiev:b706a68,
author = {Editor},
title = {{Kiev metro hit with a new variant of the infamous Diskcoder ransomware}},
date = {2017-10-24},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2017/10/24/kiev-metro-hit-new-variant-infamous-diskcoder-ransomware/?utm_content=buffer8ffe4&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer},
language = {English},
urldate = {2019-11-14}
}
Kiev metro hit with a new variant of the infamous Diskcoder ransomware EternalPetya |
2017-10-24 ⋅ ESET Research ⋅ Marc-Etienne M.Léveillé @online{mlveill:20171024:bad:5653a57,
author = {Marc-Etienne M.Léveillé},
title = {{Bad Rabbit: Not‑Petya is back with improved ransomware}},
date = {2017-10-24},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back/},
language = {English},
urldate = {2019-07-11}
}
Bad Rabbit: Not‑Petya is back with improved ransomware EternalPetya TeleBots |
2017-10-24 ⋅ Cisco Talos ⋅ Nick Biasini @online{biasini:20171024:threat:7bd8515,
author = {Nick Biasini},
title = {{Threat Spotlight: Follow the Bad Rabbit}},
date = {2017-10-24},
organization = {Cisco Talos},
url = {http://blog.talosintelligence.com/2017/10/bad-rabbit.html},
language = {English},
urldate = {2019-12-10}
}
Threat Spotlight: Follow the Bad Rabbit EternalPetya |
2017-10-24 ⋅ Kaspersky Labs ⋅ Orkhan Mamedov, Fedor Sinitsyn, Anton Ivanov @online{mamedov:20171024:bad:3c21717,
author = {Orkhan Mamedov and Fedor Sinitsyn and Anton Ivanov},
title = {{Bad Rabbit ransomware}},
date = {2017-10-24},
organization = {Kaspersky Labs},
url = {https://securelist.com/bad-rabbit-ransomware/82851/},
language = {English},
urldate = {2019-12-20}
}
Bad Rabbit ransomware EternalPetya |
2017-10-24 ⋅ Wired ⋅ Andy Greenberg @online{greenberg:20171024:new:5359735,
author = {Andy Greenberg},
title = {{New Ransomware Linked to NotPetya Sweeps Russia and Ukraine}},
date = {2017-10-24},
organization = {Wired},
url = {https://www.wired.com/story/badrabbit-ransomware-notpetya-russia-ukraine/},
language = {English},
urldate = {2020-01-06}
}
New Ransomware Linked to NotPetya Sweeps Russia and Ukraine EternalPetya |
2017-10-24 ⋅ Intezer ⋅ Jay Rosenberg @online{rosenberg:20171024:notpetya:7146657,
author = {Jay Rosenberg},
title = {{NotPetya Returns as Bad Rabbit}},
date = {2017-10-24},
organization = {Intezer},
url = {http://www.intezer.com/notpetya-returns-bad-rabbit/},
language = {English},
urldate = {2020-01-05}
}
NotPetya Returns as Bad Rabbit EternalPetya |
2017-09-19 ⋅ NCC Group ⋅ Ollie Whitehouse @online{whitehouse:20170919:eternalglue:c4348e0,
author = {Ollie Whitehouse},
title = {{EternalGlue part one: Rebuilding NotPetya to assess real-world resilience}},
date = {2017-09-19},
organization = {NCC Group},
url = {https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/september/eternalglue-part-one-rebuilding-notpetya-to-assess-real-world-resilience/},
language = {English},
urldate = {2019-12-10}
}
EternalGlue part one: Rebuilding NotPetya to assess real-world resilience EternalPetya |
2017-09-18 ⋅ ThreatConnect ⋅ Paul Vann @online{vann:20170918:casting:87b63a9,
author = {Paul Vann},
title = {{Casting a Light on BlackEnergy}},
date = {2017-09-18},
organization = {ThreatConnect},
url = {https://threatconnect.com/blog/casting-a-light-on-blackenergy/},
language = {English},
urldate = {2020-01-13}
}
Casting a Light on BlackEnergy BlackEnergy |
2017-08-11 ⋅ Threatpost ⋅ Tom Spring @online{spring:20170811:ukrainian:eb4451f,
author = {Tom Spring},
title = {{Ukrainian Man Arrested, Charged in NotPetya Distribution}},
date = {2017-08-11},
organization = {Threatpost},
url = {https://threatpost.com/ukrainian-man-arrested-charged-in-notpetya-distribution/127391/},
language = {English},
urldate = {2020-01-05}
}
Ukrainian Man Arrested, Charged in NotPetya Distribution EternalPetya |
2017-07-14 ⋅ Malwarebytes ⋅ Malwarebytes Labs @online{labs:20170714:keeping:0759a8b,
author = {Malwarebytes Labs},
title = {{Keeping up with the Petyas: Demystifying the malware family}},
date = {2017-07-14},
organization = {Malwarebytes},
url = {https://blog.malwarebytes.com/cybercrime/2017/07/keeping-up-with-the-petyas-demystifying-the-malware-family/},
language = {English},
urldate = {2019-12-20}
}
Keeping up with the Petyas: Demystifying the malware family EternalPetya GoldenEye PetrWrap Petya |
2017-07-05 ⋅ Cisco Talos ⋅ David Maynor, Aleksandar Nikolic, Matt Olney, Yves Younan @online{maynor:20170705:medoc:58bcc4a,
author = {David Maynor and Aleksandar Nikolic and Matt Olney and Yves Younan},
title = {{The MeDoc Connection}},
date = {2017-07-05},
organization = {Cisco Talos},
url = {http://blog.talosintelligence.com/2017/07/the-medoc-connection.html},
language = {English},
urldate = {2020-01-13}
}
The MeDoc Connection TeleDoor |
2017-07-04 ⋅ ESET Research ⋅ Anton Cherepanov @online{cherepanov:20170704:analysis:37c48b2,
author = {Anton Cherepanov},
title = {{Analysis of TeleBots’ cunning backdoor}},
date = {2017-07-04},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2017/07/04/analysis-of-telebots-cunning-backdoor/},
language = {English},
urldate = {2019-11-14}
}
Analysis of TeleBots’ cunning backdoor TeleDoor |
2017-07-03 ⋅ The Guardian ⋅ Alex Hern @online{hern:20170703:notpetya:ba6bc6c,
author = {Alex Hern},
title = {{'NotPetya' malware attacks could warrant retaliation, says Nato affiliated-researcher}},
date = {2017-07-03},
organization = {The Guardian},
url = {https://www.theguardian.com/technology/2017/jul/03/notpetya-malware-attacks-ukraine-warrant-retaliation-nato-researcher-tomas-minarik},
language = {English},
urldate = {2019-07-11}
}
'NotPetya' malware attacks could warrant retaliation, says Nato affiliated-researcher EternalPetya |
2017-07-03 ⋅ CrowdStrike ⋅ Shaun Hurley, Karan Sood @online{hurley:20170703:notpetya:1453645,
author = {Shaun Hurley and Karan Sood},
title = {{NotPetya Technical Analysis Part II: Further Findings and Potential for MBR Recovery}},
date = {2017-07-03},
organization = {CrowdStrike},
url = {https://www.crowdstrike.com/blog/petrwrap-technical-analysis-part-2-further-findings-and-potential-for-mbr-recovery/},
language = {English},
urldate = {2019-12-20}
}
NotPetya Technical Analysis Part II: Further Findings and Potential for MBR Recovery EternalPetya |
2017-07-03 ⋅ G Data ⋅ G Data @online{data:20170703:who:7b53706,
author = {G Data},
title = {{Who is behind Petna?}},
date = {2017-07-03},
organization = {G Data},
url = {https://www.gdatasoftware.com/blog/2017/07/29859-who-is-behind-petna},
language = {English},
urldate = {2020-01-08}
}
Who is behind Petna? EternalPetya |
2017-07-03 ⋅ ESET Research ⋅ Anton Cherepanov, Robert Lipovsky @techreport{cherepanov:20170703:blackenergy:2403feb,
author = {Anton Cherepanov and Robert Lipovsky},
title = {{BlackEnergy – what we really know about the notorious cyber attacks}},
date = {2017-07-03},
institution = {ESET Research},
url = {https://www.virusbulletin.com/uploads/pdf/magazine/2016/VB2016-Cherepanov-Lipovsky.pdf},
language = {English},
urldate = {2019-10-14}
}
BlackEnergy – what we really know about the notorious cyber attacks BlackEnergy |
2017-06-30 ⋅ Kaspersky Labs ⋅ GReAT @online{great:20170630:from:d91b457,
author = {GReAT},
title = {{From BlackEnergy to ExPetr}},
date = {2017-06-30},
organization = {Kaspersky Labs},
url = {https://securelist.com/from-blackenergy-to-expetr/78937/},
language = {English},
urldate = {2019-12-20}
}
From BlackEnergy to ExPetr EternalPetya |
2017-06-30 ⋅ ESET Research ⋅ Anton Cherepanov @online{cherepanov:20170630:telebots:84aa93d,
author = {Anton Cherepanov},
title = {{TeleBots are back: Supply‑chain attacks against Ukraine}},
date = {2017-06-30},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2017/06/30/telebots-back-supply-chain-attacks-against-ukraine/},
language = {English},
urldate = {2019-12-20}
}
TeleBots are back: Supply‑chain attacks against Ukraine EternalPetya TeleBots |
2017-06-30 ⋅ Malwarebytes ⋅ Malwarebytes Labs @online{labs:20170630:eternalpetya:122fb36,
author = {Malwarebytes Labs},
title = {{EternalPetya – yet another stolen piece in the package?}},
date = {2017-06-30},
organization = {Malwarebytes},
url = {https://blog.malwarebytes.com/threat-analysis/2017/06/eternalpetya-yet-another-stolen-piece-package/},
language = {English},
urldate = {2019-12-20}
}
EternalPetya – yet another stolen piece in the package? EternalPetya |
2017-06-29 ⋅ Robert Graham @online{graham:20170629:nonpetya:c470dd8,
author = {Robert Graham},
title = {{NonPetya: no evidence it was a "smokescreen"}},
date = {2017-06-29},
url = {http://blog.erratasec.com/2017/06/nonpetya-no-evidence-it-was-smokescreen.html},
language = {English},
urldate = {2020-01-07}
}
NonPetya: no evidence it was a "smokescreen" EternalPetya |
2017-06-29 ⋅ Malwarebytes ⋅ Malwarebytes Labs @online{labs:20170629:eternalpetya:bdd5896,
author = {Malwarebytes Labs},
title = {{EternalPetya and the lost Salsa20 key}},
date = {2017-06-29},
organization = {Malwarebytes},
url = {https://blog.malwarebytes.com/threat-analysis/2017/06/eternalpetya-lost-salsa20-key/},
language = {English},
urldate = {2019-12-20}
}
EternalPetya and the lost Salsa20 key EternalPetya |
2017-06-29 ⋅ Bleeping Computer ⋅ Catalin Cimpanu @online{cimpanu:20170629:ransomware:d2d7b40,
author = {Catalin Cimpanu},
title = {{Ransomware Attacks Continue in Ukraine with Mysterious WannaCry Clone}},
date = {2017-06-29},
organization = {Bleeping Computer},
url = {https://www.bleepingcomputer.com/news/security/ransomware-attacks-continue-in-ukraine-with-mysterious-wannacry-clone/},
language = {English},
urldate = {2019-12-20}
}
Ransomware Attacks Continue in Ukraine with Mysterious WannaCry Clone EternalPetya |
2017-06-29 ⋅ Microsoft ⋅ Microsoft Defender ATP Research Team @online{team:20170629:windows:f957ff3,
author = {Microsoft Defender ATP Research Team},
title = {{Windows 10 platform resilience against the Petya ransomware attack}},
date = {2017-06-29},
organization = {Microsoft},
url = {https://blogs.technet.microsoft.com/mmpc/2017/06/29/windows-10-platform-resilience-against-the-petya-ransomware-attack/},
language = {English},
urldate = {2020-01-07}
}
Windows 10 platform resilience against the Petya ransomware attack EternalPetya |
2017-06-28 ⋅ Kaspersky Labs ⋅ Anton Ivanov, Orkhan Mamedov @online{ivanov:20170628:expetrpetyanotpetya:903b1fc,
author = {Anton Ivanov and Orkhan Mamedov},
title = {{ExPetr/Petya/NotPetya is a Wiper, Not Ransomware}},
date = {2017-06-28},
organization = {Kaspersky Labs},
url = {https://securelist.com/expetrpetyanotpetya-is-a-wiper-not-ransomware/78902/},
language = {English},
urldate = {2019-12-20}
}
ExPetr/Petya/NotPetya is a Wiper, Not Ransomware EternalPetya |
2017-06-28 ⋅ CrowdStrike ⋅ Falcon Intelligence Team @online{team:20170628:crowdstrike:e933e49,
author = {Falcon Intelligence Team},
title = {{CrowdStrike Protects Against NotPetya Attack}},
date = {2017-06-28},
organization = {CrowdStrike},
url = {https://www.crowdstrike.com/blog/fast-spreading-petrwrap-ransomware-attack-combines-eternalblue-exploit-credential-stealing/},
language = {English},
urldate = {2019-12-20}
}
CrowdStrike Protects Against NotPetya Attack EternalPetya |
2017-06-28 ⋅ hacks4pancakes @online{hacks4pancakes:20170628:why:8053178,
author = {hacks4pancakes},
title = {{Why NotPetya Kept Me Awake (& You Should Worry Too)}},
date = {2017-06-28},
url = {https://tisiphone.net/2017/06/28/why-notpetya-kept-me-awake-you-should-worry-too/},
language = {English},
urldate = {2020-01-09}
}
Why NotPetya Kept Me Awake (& You Should Worry Too) EternalPetya |
2017-06-27 ⋅ SANS ⋅ Brad Duncan @online{duncan:20170627:checking:23c2251,
author = {Brad Duncan},
title = {{Checking out the new Petya variant}},
date = {2017-06-27},
organization = {SANS},
url = {https://isc.sans.edu/forums/diary/Checking+out+the+new+Petya+variant/22562/},
language = {English},
urldate = {2020-01-06}
}
Checking out the new Petya variant EternalPetya |
2017-06-27 ⋅ Kaspersky Labs ⋅ GReAT @online{great:20170627:schroedingers:43c7e28,
author = {GReAT},
title = {{Schroedinger’s Pet(ya)}},
date = {2017-06-27},
organization = {Kaspersky Labs},
url = {https://securelist.com/schroedingers-petya/78870/},
language = {English},
urldate = {2019-12-20}
}
Schroedinger’s Pet(ya) EternalPetya |
2017-06-27 ⋅ Medium thegrugq ⋅ thegrugq @online{thegrugq:20170627:pnyetya:45771f2,
author = {thegrugq},
title = {{Pnyetya: Yet Another Ransomware Outbreak}},
date = {2017-06-27},
organization = {Medium thegrugq},
url = {https://medium.com/@thegrugq/pnyetya-yet-another-ransomware-outbreak-59afd1ee89d4},
language = {English},
urldate = {2020-01-13}
}
Pnyetya: Yet Another Ransomware Outbreak EternalPetya |
2017-06-13 ⋅ Dragos ⋅ Dragos @techreport{dragos:20170613:crashoverride:ee53f66,
author = {Dragos},
title = {{CRASHOVERRIDE: Analysis of the Threatto Electric Grid Operations}},
date = {2017-06-13},
institution = {Dragos},
url = {https://dragos.com/blog/crashoverride/CrashOverride-01.pdf},
language = {English},
urldate = {2020-01-10}
}
CRASHOVERRIDE: Analysis of the Threatto Electric Grid Operations Industroyer ELECTRUM Sandworm |
2017-06-12 ⋅ CISA ⋅ CISA @online{cisa:20170612:alert:7799e28,
author = {CISA},
title = {{Alert (TA17-163A)}},
date = {2017-06-12},
organization = {CISA},
url = {https://www.us-cert.gov/ncas/alerts/TA17-163A},
language = {English},
urldate = {2020-01-08}
}
Alert (TA17-163A) Sandworm |
2016-12-13 ⋅ ESET Research ⋅ Anton Cherepanov @online{cherepanov:20161213:rise:d6ee3c1,
author = {Anton Cherepanov},
title = {{The rise of TeleBots: Analyzing disruptive KillDisk attacks}},
date = {2016-12-13},
organization = {ESET Research},
url = {http://www.welivesecurity.com/2016/12/13/rise-telebots-analyzing-disruptive-killdisk-attacks/},
language = {English},
urldate = {2019-12-20}
}
The rise of TeleBots: Analyzing disruptive KillDisk attacks Credraptor KillDisk TeleBot TeleBots |
2016-01-28 ⋅ Kaspersky Labs ⋅ GReAT @online{great:20160128:blackenergy:3c2a914,
author = {GReAT},
title = {{BlackEnergy APT Attacks in Ukraine employ spearphishing with Word documents}},
date = {2016-01-28},
organization = {Kaspersky Labs},
url = {https://securelist.com/blackenergy-apt-attacks-in-ukraine-employ-spearphishing-with-word-documents/73440/},
language = {English},
urldate = {2019-12-20}
}
BlackEnergy APT Attacks in Ukraine employ spearphishing with Word documents BlackEnergy |
2016-01-09 ⋅ Industrial Control Systems ⋅ Robert M. Lee @online{lee:20160109:confirmation:a5aeb08,
author = {Robert M. Lee},
title = {{Confirmation of a Coordinated Attack on the Ukrainian Power Grid}},
date = {2016-01-09},
organization = {Industrial Control Systems},
url = {https://ics.sans.org/blog/2016/01/09/confirmation-of-a-coordinated-attack-on-the-ukrainian-power-grid},
language = {English},
urldate = {2020-01-07}
}
Confirmation of a Coordinated Attack on the Ukrainian Power Grid Sandworm |
2015-12-30 ⋅ SANS ⋅ Michael J. Assante @online{assante:20151230:current:342c55e,
author = {Michael J. Assante},
title = {{Current Reporting on the Cyber Attack in Ukraine Resulting in Power Outage}},
date = {2015-12-30},
organization = {SANS},
url = {https://ics.sans.org/blog/2015/12/30/current-reporting-on-the-cyber-attack-in-ukraine-resulting-in-power-outage},
language = {English},
urldate = {2019-12-17}
}
Current Reporting on the Cyber Attack in Ukraine Resulting in Power Outage Sandworm |
2015-07-30 ⋅ ESET Research ⋅ Robert Lipovsky, Anton Cherepanov @techreport{lipovsky:20150730:operation:bfe3508,
author = {Robert Lipovsky and Anton Cherepanov},
title = {{Operation Potao Express: Analysis of a cyber‑espionage toolkit}},
date = {2015-07-30},
institution = {ESET Research},
url = {https://www.welivesecurity.com/wp-content/uploads/2015/07/Operation-Potao-Express_final_v2.pdf},
language = {English},
urldate = {2020-02-25}
}
Operation Potao Express: Analysis of a cyber‑espionage toolkit FakeTC |
2015-07-30 ⋅ ESET Research ⋅ Robert Lipovsky, Anton Cherepanov @online{lipovsky:20150730:operation:3e5afee,
author = {Robert Lipovsky and Anton Cherepanov},
title = {{Operation Potao Express: Analysis of a cyber‑espionage toolkit}},
date = {2015-07-30},
organization = {ESET Research},
url = {http://www.welivesecurity.com/2015/07/30/operation-potao-express/},
language = {English},
urldate = {2019-12-20}
}
Operation Potao Express: Analysis of a cyber‑espionage toolkit FakeTC |
2015-02-17 ⋅ Kaspersky Labs ⋅ Kurt Baumgartner, Maria Garnaeva @online{baumgartner:20150217:be2:f7ce288,
author = {Kurt Baumgartner and Maria Garnaeva},
title = {{BE2 extraordinary plugins, Siemens targeting, dev fails}},
date = {2015-02-17},
organization = {Kaspersky Labs},
url = {https://securelist.com/be2-extraordinary-plugins-siemens-targeting-dev-fails/68838/},
language = {English},
urldate = {2019-12-20}
}
BE2 extraordinary plugins, Siemens targeting, dev fails BlackEnergy |
2014-11-10 ⋅ Trend Micro ⋅ William Gamazo Sanchez @online{sanchez:20141110:timeline:fd77607,
author = {William Gamazo Sanchez},
title = {{Timeline of Sandworm Attacks}},
date = {2014-11-10},
organization = {Trend Micro},
url = {https://blog.trendmicro.com/trendlabs-security-intelligence/timeline-of-sandworm-attacks/},
language = {English},
urldate = {2020-01-09}
}
Timeline of Sandworm Attacks Sandworm TeleBots |
2014-11-03 ⋅ Kaspersky Labs ⋅ Kurt Baumgartner, Maria Garnaeva @online{baumgartner:20141103:be2:ea8544a,
author = {Kurt Baumgartner and Maria Garnaeva},
title = {{BE2 custom plugins, router abuse, and target profiles}},
date = {2014-11-03},
organization = {Kaspersky Labs},
url = {https://securelist.com/be2-custom-plugins-router-abuse-and-target-profiles/67353/},
language = {English},
urldate = {2019-12-20}
}
BE2 custom plugins, router abuse, and target profiles BlackEnergy |
2014-10-14 ⋅ Symantec ⋅ Symantec Security Response @online{response:20141014:sandworm:c129395,
author = {Symantec Security Response},
title = {{Sandworm Windows zero-day vulnerability being actively exploited in targeted attacks}},
date = {2014-10-14},
organization = {Symantec},
url = {https://www.symantec.com/connect/blogs/sandworm-windows-zero-day-vulnerability-being-actively-exploited-targeted-attacks},
language = {English},
urldate = {2020-01-08}
}
Sandworm Windows zero-day vulnerability being actively exploited in targeted attacks Sandworm |
2014-10-14 ⋅ Symantec ⋅ Symantec Security Response @online{response:20141014:sandworm:3f6e951,
author = {Symantec Security Response},
title = {{Sandworm Windows zero-day vulnerability being actively exploited in targeted attacks}},
date = {2014-10-14},
organization = {Symantec},
url = {https://web.archive.org/web/20141016132823/https://www.symantec.com/connect/blogs/sandworm-windows-zero-day-vulnerability-being-actively-exploited-targeted-attacks},
language = {English},
urldate = {2020-04-21}
}
Sandworm Windows zero-day vulnerability being actively exploited in targeted attacks Sandworm |
2014-10-14 ⋅ ESET Research ⋅ Robert Lipovsky @online{lipovsky:20141014:cve20144114:49123f0,
author = {Robert Lipovsky},
title = {{CVE‑2014‑4114: Details on August BlackEnergy PowerPoint Campaigns}},
date = {2014-10-14},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2014/10/14/cve-2014-4114-details-august-blackenergy-powerpoint-campaigns/},
language = {English},
urldate = {2019-11-14}
}
CVE‑2014‑4114: Details on August BlackEnergy PowerPoint Campaigns BlackEnergy |
2010-07-15 ⋅ Kaspersky Labs ⋅ Dmitry Tarakanov @online{tarakanov:20100715:black:e6d41f9,
author = {Dmitry Tarakanov},
title = {{Black DDoS}},
date = {2010-07-15},
organization = {Kaspersky Labs},
url = {https://securelist.com/black-ddos/36309/},
language = {English},
urldate = {2019-12-20}
}
Black DDoS BlackEnergy |
2010-03-03 ⋅ FireEye ⋅ Julia Wolf @online{wolf:20100303:black:6ee657a,
author = {Julia Wolf},
title = {{Black Energy Crypto}},
date = {2010-03-03},
organization = {FireEye},
url = {https://web.archive.org/web/20140428201836/http://www.fireeye.com/blog/technical/malware-research/2010/03/black-energy-crypto.html},
language = {English},
urldate = {2020-02-27}
}
Black Energy Crypto BlackEnergy |
2010-03-03 ⋅ Secureworks ⋅ Joe Stewart @online{stewart:20100303:blackenergy:d3aa259,
author = {Joe Stewart},
title = {{BlackEnergy Version 2 Threat Analysis}},
date = {2010-03-03},
organization = {Secureworks},
url = {https://www.secureworks.com/research/blackenergy2},
language = {English},
urldate = {2019-10-15}
}
BlackEnergy Version 2 Threat Analysis BlackEnergy |
2007-10 ⋅ Arbor Networks ⋅ Jose Nazario @techreport{nazario:200710:blackenergy:f414256,
author = {Jose Nazario},
title = {{BlackEnergy DDoS Bot Analysis}},
date = {2007-10},
institution = {Arbor Networks},
url = {http://atlas-public.ec2.arbor.net/docs/BlackEnergy+DDoS+Bot+Analysis.pdf},
language = {English},
urldate = {2020-01-07}
}
BlackEnergy DDoS Bot Analysis BlackEnergy |