SYMBOLCOMMON_NAMEaka. SYNONYMS

Sandworm  (Back to overview)

aka: APT44, Blue Echidna, ELECTRUM, FROZENBARENTS, G0034, IRIDIUM, IRON VIKING, Quedagh, Seashell Blizzard, TEMP.Noble, TeleBots, UAC-0082, UAC-0113, VOODOO BEAR

This threat actor targets industrial control systems, using a tool called Black Energy, associated with electricity and power generation for espionage, denial of service, and data destruction purposes. Some believe that the threat actor is linked to the 2015 compromise of the Ukrainian electrical grid and a distributed denial of service prior to the Russian invasion of Georgia. Believed to be responsible for the 2008 DDoS attacks in Georgia and the 2015 Ukraine power grid outage


Associated Families
elf.exaramel win.arguepatch win.roar_bat win.swiftslicer win.teledoor win.blackenergy win.caddywiper win.credraptor win.eternal_petya win.exaramel win.grey_energy win.industroyer2 win.kapeka win.killdisk win.telebot win.rhadamanthys win.industroyer

References
2024-11-06Check Point ResearchCheck Point Research
CopyRh(ight)adamantys Campaign: Rhadamantys Exploits Intellectual Property Infringement Baits
Rhadamanthys
2024-10-23Cisco TalosEdmund Brumaghin, Holger Unterbrink, Jordyn Dunk, Nicole Hoffman
Highlighting TA866/Asylum Ambuscade Activity Since 2021
WasabiSeed Cobalt Strike csharp-streamer RAT Resident Rhadamanthys WarmCookie
2024-10-17SekoiaQuentin Bourgue, Sekoia TDR
ClickFix tactic: The Phantom Meet
Rhadamanthys Stealc
2024-09-26Recorded FutureInsikt Group
Rhadamanthys Stealer Adds Innovative AI Feature in Version 0.7.0
Rhadamanthys
2024-07-25SymantecSymantec
Growing Number of Threats Leveraging AI
Broomstick DBatLoader NetSupportManager RAT Rhadamanthys
2024-07-24Check Point ResearchAntonis Terefos
Stargazers Ghost Network
Atlantida Lumma Stealer RedLine Stealer Rhadamanthys RisePro Stargazer Goblin
2024-07-14Medium b.magnezi0xMrMagnezi
Malware Analysis - Rhadamanthys
Rhadamanthys
2024-07-09SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update January to June 2024
Coper FluBot Hook Bashlite Mirai FAKEUPDATES AsyncRAT BianLian Cobalt Strike DCRat Havoc NjRAT QakBot Quasar RAT RedLine Stealer Remcos Rhadamanthys RisePro Sliver
2024-06-17Recorded FutureInsikt Group
The Travels of “markopolo”: Self-Proclaimed Meeting Software Vortax Spreads Infostealers, Unveils Expansive Network of Malicious macOS Applications
AMOS Rhadamanthys Stealc Markopolo
2024-05-11Purple Team Security Research
Russian APT deploys new 'Kapeka' backdoor in Eastern European attacks
Kapeka
2024-04-29ThreatMonKerime Gencay, MalwareR&DTeam
Understanding the 'Kapeka' Backdoor: Detailed Analysis by APT44
Kapeka
2024-04-19Cert-UACert-UA
UAC-0133 (Sandworm) plans for cyber sabotage on almost 20 objects of critical infrastructure of Ukraine
Kapeka reGeorg
2024-04-17WithSecureMohammad Kazem Hassan Nejad
KAPEKA A novel backdoor spotted in Eastern Europe
Kapeka
2024-04-16MandiantAlden Wahlstrom, Anton Prokopenkov, Dan Black, Dan Perez, Gabby Roncone, John Wolfram, Lexie Aytes, Nick Simonian, Ryan Hall, Tyler McLellan
APT44: Unearthing Sandworm
VPNFilter BlackEnergy CaddyWiper EternalPetya HermeticWiper Industroyer INDUSTROYER2 Olympic Destroyer PartyTicket RoarBAT Sandworm
2024-04-15UC Santa CruzAlonso Rojas, Alvaro A. Cardenas, Bing Huang, Emmanuele Zambon, Juan Lozano, Keerthi Koneru, Luis Salazar, Marina Krotofil, Ross Baldick, Sebastian R. Castro
A Tale of Two Industroyers: It was the Season of Darkness
Industroyer INDUSTROYER2
2024-04-10ProofpointSelena Larson, Tommy Madjar
Security Brief: TA547 Targets German Organizations with Rhadamanthys Stealer
Rhadamanthys
2024-01-12SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update Q4 2023
FluBot Hook FAKEUPDATES AsyncRAT BianLian Cobalt Strike DCRat Havoc IcedID Lumma Stealer Meterpreter NjRAT Pikabot QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver
2023-12-14Checkpointhasherezade
Rhadamanthys v0.5.0 – A Deep Dive into the Stealer’s Components
Rhadamanthys
2023-11-09MandiantChris Sistrunk, Daniel Kapellmann Zafra, Jared Wilson, John Wolfram, Keith Lunden, Ken Proska, Nathan Brubaker, Tyler McLellan
Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology
CaddyWiper
2023-10-27ElasticJoe Desimone, Salim Bitam
GHOSTPULSE haunts victims using defense evasion bag o' tricks
HijackLoader Lumma Stealer NetSupportManager RAT Rhadamanthys SectopRAT Vidar
2023-10-12SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update Q3 2023
FluBot AsyncRAT Ave Maria Cobalt Strike DCRat Havoc IcedID ISFB Nanocore RAT NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Stealc Tofsee Vidar
2023-10-03Outpost24David Catalan
Rhadamanthys malware analysis: How infostealers use VMs to avoid analysis
Rhadamanthys
2023-09-28CIPState Service of Special Communication and Information Protection of Ukraine (CIP)
Russia's Cyber Tactics H1' 2023
APT29 Sandworm Turla XakNet Zarya
2023-09-25EchoCTIBilal BAKARTEPE, bixploit
Rhdamanthys Technical Analysis Report
Rhadamanthys
2023-08-31Checkpointhasherezade
From Hidden Bee to Rhadamanthys - The Evolution of Custom Executable Formats
Hidden Bee Rhadamanthys
2023-07-12MandiantDan Black, Gabby Roncone
The GRU's Disruptive Playbook
CaddyWiper INDUSTROYER2 XakNet
2023-07-11SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update Q2 2023
Hydra AsyncRAT Aurora Stealer Ave Maria BumbleBee Cobalt Strike DCRat Havoc IcedID ISFB NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee
2023-06-15eSentireRussianPanda
eSentire Threat Intelligence Malware Analysis: Resident Campaign
Cobalt Strike Resident Rhadamanthys WarmCookie
2023-05-16SecureworksCounter Threat Unit ResearchTeam
The Growing Threat from Infostealers
Graphiron GraphSteel Raccoon RedLine Stealer Rhadamanthys Taurus Stealer Vidar
2023-05-04SOCRadarSOCRadar
Sandworm Attackers Use WinRAR to Wipe Data from Government Devices
RoarBAT
2023-04-19GoogleBilly Leonard, Google Threat Analysis Group
Ukraine remains Russia’s biggest cyber focus in 2023
Rhadamanthys
2023-04-18MandiantMandiant
M-Trends 2023
QUIETEXIT AppleJeus Black Basta BlackCat CaddyWiper Cobalt Strike Dharma HermeticWiper Hive INDUSTROYER2 Ladon LockBit Meterpreter PartyTicket PlugX QakBot REvil Royal Ransom SystemBC WhisperGate
2023-04-12SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update Q1 2023
FluBot Amadey AsyncRAT Aurora Ave Maria BumbleBee Cobalt Strike DCRat Emotet IcedID ISFB NjRAT QakBot RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee Vidar
2023-03-27Check Point ResearchCheckpoint Research
Rhadamanthys: The “Everything Bagel” Infostealer
Rhadamanthys
2023-03-15MicrosoftMicrosoft Threat Intelligence
A year of Russian hybrid warfare in Ukraine
CaddyWiper DesertBlade DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper PartyTicket SwiftSlicer WhisperGate
2023-02-21ZscalerNikolaos Pantazopoulos, Sarthak Misraa
Technical Analysis of Rhadamanthys Obfuscation Techniques
Rhadamanthys
2023-02-16GoogleShane Huntley
Fog of war: how the Ukraine conflict transformed the cyber threat landscape
APT28 Ghostwriter SaintBear Sandworm Turla
2023-02-15GoogleGoogle Threat Analysis Group, Mandiant
Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape
CaddyWiper Dharma HermeticWiper INDUSTROYER2 PartyTicket WhisperGate Callisto Curious Gorge MUSTANG PANDA Turla
2023-01-29AcronisIlan Duhin
Petya/Not Petya Ransomware Analysis
EternalPetya
2023-01-27ESET ResearchESET Research
SwiftSlicer: New destructive wiper malware strikes Ukraine
SwiftSlicer
2023-01-27ESET ResearchESET Research
Tweets on SwiftSlicer
SwiftSlicer
2023-01-27Cert-UACert-UA
Cyber attack on the Ukrinform information and communication system
CaddyWiper
2023-01-24FortinetGeri Revay
The Year of the Wiper
Azov Wiper Bruh Wiper CaddyWiper Cobalt Strike Vidar
2023-01-16Medium elis531989Eli Salem
Dancing With Shellcodes: Analyzing Rhadamanthys Stealer
Rhadamanthys
2023-01-12CybleincCyble
Rhadamanthys: New Stealer Spreading Through Google Ads
Rhadamanthys
2023-01-03Malware Traffic AnalysisBrad Duncan
2023-01-03 (TUESDAY) - GOOGLE AD --> FAKE NOTPAD++ PAGE --> RHADAMANTHYS STEALER
Rhadamanthys
2022-12-05AccenturePaul Mansfield, Thomas Willkan
Popularity spikes for information stealer malware on the dark web
MetaStealer Rhadamanthys
2022-12-03MicrosoftCliff Watts
Preparing for a Russian cyber offensive against Ukraine this winter
CaddyWiper HermeticWiper Prestige
2022-11-18Atlantic CouncilJustin Sherman
GRU 26165: The Russian cyber unit that hacks targets on-site
EternalPetya
2022-10-31The RecordAlexander Martin
Mondelez and Zurich reach settlement in NotPetya cyberattack insurance suit
EternalPetya
2022-10-24Youtube (Virus Bulletin)Alexander Adamov
Russian wipers in the cyberwar against Ukraine
AcidRain CaddyWiper DesertBlade DoubleZero EternalPetya HermeticWiper HermeticWizard INDUSTROYER2 IsaacWiper KillDisk PartyTicket WhisperGate
2022-10-06ThreatMonThreatMon Malware Research Team
Rhadamanthys Stealer Analysis
Rhadamanthys
2022-09-26CrowdStrikeIoan Iacob, Iulian Madalin Ionita
The Anatomy of Wiper Malware, Part 3: Input/Output Controls
CaddyWiper DEADWOOD DistTrack DoubleZero DUSTMAN HermeticWiper IsaacWiper Meteor Petya Sierra(Alfa,Bravo, ...) StoneDrill WhisperGate ZeroCleare
2022-09-23MandiantMandiant Intelligence
GRU: Rise of the (Telegram) MinIOns
ArguePatch CaddyWiper XakNet
2022-08-18TrustwavePawel Knapczyk
Overview of the Cyber Weapons Used in the Ukraine - Russia War
AcidRain CaddyWiper Cobalt Strike CredoMap DCRat DoubleZero GraphSteel GrimPlant HermeticWiper INDUSTROYER2 InvisiMole IsaacWiper PartyTicket
2022-08-18TrustwavePawel Knapczyk
Overview of the Cyber Weapons Used in the Ukraine - Russia War
AcidRain CaddyWiper Cobalt Strike CredoMap DCRat DoubleZero GraphSteel GrimPlant HermeticWiper INDUSTROYER2 InvisiMole IsaacWiper PartyTicket
2022-08-12CrowdStrikeIoan Iacob, Iulian Madalin Ionita
The Anatomy of Wiper Malware, Part 1: Common Techniques
Apostle CaddyWiper DEADWOOD DistTrack DoubleZero DUSTMAN HermeticWiper IsaacWiper IsraBye KillDisk Meteor Olympic Destroyer Ordinypt Petya Sierra(Alfa,Bravo, ...) StoneDrill WhisperGate ZeroCleare
2022-07-26MandiantDaniel Kapellmann Zafra, Jay Christiansen, Keith Lunden, Ken Proska, Thibault van Geluwe de Berlaere
Mandiant Red Team Emulates FIN11 Tactics To Control Operational Technology Servers
Clop Industroyer MimiKatz Triton
2022-07-19GoogleBilly Leonard
Continued cyber activity in Eastern Europe observed by TAG
CyberAzov APT28 Callisto Ghostwriter Sandworm Turla
2022-06-24Cert-UACert-UA
Cyberattack against Ukrainian telecommunications operators using DarkCrystal RAT malware (CERT-UA # 4874)
DCRat Sandworm
2022-06-23splunkSplunk Threat Research Team
Threat Update: Industroyer2
INDUSTROYER2
2022-05-31NOZOMI Network LabsGiannis Tsaraias, Ivan Speziale
Industroyer vs. Industroyer2: Evolution of the IEC 104 Component
INDUSTROYER2
2022-05-18ntopntop
How ntopng monitors IEC 60870-5-104 traffic
INDUSTROYER2
2022-05-12BlackberryThe BlackBerry Research & Intelligence Team
Threat Thursday: Malware Rebooted - How Industroyer2 Takes Aim at Ukraine Infrastructure
INDUSTROYER2
2022-05-09cocomelonccocomelonc
Malware development: persistence - part 4. Windows services. Simple C++ example.
Anchor AppleJeus Attor BBSRAT BlackEnergy Carbanak Cobalt Strike DuQu
2022-05-02AT&TFernando Martinez
Analysis on recent wiper attacks: examples and how wiper malware works
AcidRain CaddyWiper DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper
2022-04-28FortinetGergely Revay
An Overview of the Increasing Wiper Malware Threat
AcidRain CaddyWiper DistTrack DoubleZero EternalPetya HermeticWiper IsaacWiper Olympic Destroyer Ordinypt WhisperGate ZeroCleare
2022-04-27Nozomi NetworksNozomi Networks Labs
Industroyer2: Nozomi Networks Labs Analyzes the IEC 104 Payload
INDUSTROYER2
2022-04-27MicrosoftMicrosoft Digital Security Unit (DSU)
Special Report: Ukraine An overview of Russia’s cyberattack activity in Ukraine
CaddyWiper DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper PartyTicket WhisperGate
2022-04-25MandiantChris Sistrunk, Corey Hildebrandt, Daniel Kapellmann Zafra, Keith Lunden, Ken Proska, Nathan Brubaker, Raymond Leong
INDUSTROYER.V2: Old Malware Learns New Tricks
INDUSTROYER2
2022-04-25NetresecErik Hjelmvik
Industroyer2 IEC-104 Analysis
INDUSTROYER2
2022-04-23Stranded on Pylos BlogJoe Slowik
Industroyer2 in Perspective
INDUSTROYER2
2022-04-20CISAAustralian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), CISA, FBI, Government Communications Security Bureau, National Crime Agency (NCA), NCSC UK, NSA
AA22-110A Joint CSA: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure
VPNFilter BlackEnergy DanaBot DoppelDridex Emotet EternalPetya GoldMax Industroyer Sality SmokeLoader TrickBot Triton Zloader
2022-04-20CISACISA
Alert (AA22-110A): Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure
VPNFilter BlackEnergy DanaBot DoppelDridex Emotet EternalPetya GoldMax Industroyer Sality SmokeLoader TrickBot Triton Zloader Killnet
2022-04-20cocomelonccocomelonc
Malware development: persistence - part 1. Registry run keys. C++ example.
Agent Tesla Amadey BlackEnergy Cobian RAT COZYDUKE Emotet Empire Downloader Kimsuky
2022-04-14SCADAfenceMaayan Fishelov
Industroyer2: ICS Networks need to heighten vigilance - SCADAfence
INDUSTROYER2
2022-04-12Max Kersten's BlogMax Kersten
Ghidra script to handle stack strings
CaddyWiper PlugX
2022-04-12ESET ResearchESET Research
Industroyer2: Industroyer reloaded
ArguePatch CaddyWiper Industroyer INDUSTROYER2
2022-04-12Twitter (@silascutler)Silas Cutler
Tweet on analysis of CADDYWIPER used alongside with INDUSTROYER2
CaddyWiper INDUSTROYER2
2022-04-12Cert-UACert-UA
Cyberattack of Sandworm Group (UAC-0082) on energy facilities of Ukraine using malicious programs INDUSTROYER2 and CADDYWIPER (CERT-UA # 4435)
CaddyWiper Industroyer INDUSTROYER2
2022-04-12ESET ResearchESET Ireland
Industroyer2: Industroyer reloaded
CaddyWiper INDUSTROYER2
2022-04-05MorphisecMichael Dereviashkin
New Analysis: The CaddyWiper Malware Attacking Ukraine
CaddyWiper
2022-04-01splunkSplunk Threat Research Team
Threat Update: CaddyWiper
CaddyWiper
2022-03-31eSentireeSentire Threat Response Unit (TRU)
eSentire Threat Intelligence Malware Analysis: CaddyWiper
CaddyWiper
2022-03-26n0p BlogAli Mosajjal
Analysis of a Caddy Wiper Sample Targeting Ukraine
CaddyWiper
2022-03-25GOV.UAState Service of Special Communication and Information Protection of Ukraine (CIP)
Who is behind the Cyberattacks on Ukraine's Critical Information Infrastructure: Statistics for March 15-22
Xloader Agent Tesla CaddyWiper Cobalt Strike DoubleZero GraphSteel GrimPlant HeaderTip HermeticWiper IsaacWiper MicroBackdoor Pandora RAT
2022-03-24NextGovBrandi Vincent
Ukrainian Cyber Lead Says ‘At Least 4 Types of Malware’ in Use to Target Critical Infrastructure and Humanitarian Aid
CaddyWiper DoubleZero HermeticWiper IsaacWiper
2022-03-18MalwarebytesThreat Intelligence Team
Double header: IsaacWiper and CaddyWiper
CaddyWiper IsaacWiper
2022-03-17NioGuardNioGuard Security Lab
Analysis of CaddyWiper
CaddyWiper
2022-03-16Cyber Security NewsGurubaran
Destructive Data Wiper Malware Targeting high-profile Ukrainian Organizations
CaddyWiper
2022-03-15ESET ResearchESET Research
CaddyWiper: New wiper malware discovered in Ukraine
CaddyWiper
2022-03-15SecurityAffairsPierluigi Paganini
CaddyWiper, a new data wiper hits Ukraine
CaddyWiper
2022-03-15Twitter (@HackNPatch)HackNPatch
Tweet on Exploring CaddyWiper API resolution
CaddyWiper
2022-03-15TRUESECNicklas Keijser
Analysis of CaddyWiper, wiper targeting Ukraine
CaddyWiper
2022-03-15SecurityIntelligenceChristopher Del Fierro, John Dwyer
CaddyWiper: Third Wiper Malware Targeting Ukrainian Organizations
CaddyWiper
2022-03-15CiscoCisco Talos
Threat Advisory: CaddyWiper
CaddyWiper
2022-03-15The Hacker NewsRavie Lakshmanan
CaddyWiper: Yet Another Data Wiping Malware Targeting Ukrainian Networks
CaddyWiper
2022-03-14CybernewsJurgita Lapienytė
New destructive wiper malware deployed in Ukraine
CaddyWiper
2022-03-14Twitter (@ESETresearch)ESET Research
Tweet on CaddyWiper as 3rd destructive wiper found deployed against Ukraine
CaddyWiper Sunglow Blizzard
2022-03-14Bleeping ComputerSergiu Gatlan
New CaddyWiper data wiping malware hits Ukrainian networks
CaddyWiper
2022-03-01Marco Ramilli's BlogMarco Ramilli
DiskKill/HermeticWiper and NotPetya (Dis)similarities
EternalPetya HermeticWiper
2022-02-28MicrosoftMSRC Team
Cyber threat activity in Ukraine: analysis and resources
CaddyWiper DesertBlade DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper PartyTicket WhisperGate DEV-0586
2022-02-25CyberPeace Institute
UKRAINE: Timeline of Cyberattacks
VPNFilter EternalPetya HermeticWiper WhisperGate
2022-02-24TalosMitch Neff
Threat Advisory: Current executive guidance for ongoing cyberattacks in Ukraine
VPNFilter EternalPetya
2022-02-24TesorionTESORION
Report OSINT: Russia/ Ukraine Conflict Cyberaspect
Mirai VPNFilter BlackEnergy EternalPetya HermeticWiper Industroyer WhisperGate
2022-02-24nvisoMichel Coene
Threat Update – Ukraine & Russia conflict
EternalPetya GreyEnergy HermeticWiper Industroyer KillDisk WhisperGate
2022-02-23ISTARIManuel Hepfer
Re-cap: The Untold Story of NotPetya, The Most Devastating Cyberattack in History
EternalPetya
2021-09-09Recorded FutureInsikt Group
Dark Covenant: Connections Between the Russian State and Criminal Actors
BlackEnergy EternalPetya Gameover P2P Zeus
2021-08-05SymantecThreat Hunter Team
Attacks Against Critical Infrastructure: A Global Concern
BlackEnergy DarkSide DistTrack Stuxnet
2021-07-27BlackberryBlackBerry Research & Intelligence Team
Old Dogs New Tricks: Attackers Adopt Exotic Programming Languages
elf.wellmess ElectroRAT BazarNimrod Buer Cobalt Strike Remcos Snake TeleBot WellMess Zebrocy
2021-05-31WiredAndy Greenberg
Hacker Lexicon: What Is a Supply Chain Attack?
EternalPetya SUNBURST
2021-04-29The Institute for Security and TechnologyThe Institute for Security and Technology
Combating Ransomware A Comprehensive Framework for Action: Key Recommendations from the Ransomware Task Force
Conti EternalPetya
2021-04-29ESET ResearchAndy Garth, Daniel Chromek, Matthieu Faou, Robert Lipovsky, Tony Anscombe
ESET Industry Report on Government: Targeted but not alone
Exaramel Crutch Exaramel HyperBro HyperSSL InvisiMole XDSpy
2021-03-03DomainToolsJoe Slowik
Centreon to Exim and Back: On the Trail of Sandworm
Exaramel PAS
2021-02-16Twitter (@craiu)Costin Raiu
Twitter thread on Exaramel Linux backdoor used by Russian Group Sandworm
Exaramel
2021-02-15WiredAndy Greenberg
France Ties Russia's Sandworm to a Multiyear Hacking Spree
Exaramel Exaramel
2021-02-11DomainToolsJoe Slowik
Visibility, Monitoring, and Critical Infrastructure Security
Industroyer Stuxnet Triton
2021-01-27CERT-FRCERT-FR
Sandword Intrusion Set: Campaign Targeting Centreon Ssystems
Exaramel PAS Exaramel
2020-12-21IronNetAdam Hlavek, Kimberly Ortiz
Russian cyber attack campaigns and actors
WellMail elf.wellmess Agent.BTZ BlackEnergy EternalPetya Havex RAT Industroyer Ryuk Triton WellMess
2020-11-12DragosDragos
Cyber Threat Perspective MANUFACTURING SECTOR
Industroyer Snake
2020-11-04Stranded on Pylos BlogJoe Slowik
The Enigmatic Energetic Bear
EternalPetya Havex RAT
2020-10-19UK GovernmentDominic Raab, ForeignCommonwealth & Development Office
UK exposes series of Russian cyber attacks against Olympic and Paralympic Games
VPNFilter BlackEnergy EternalPetya Industroyer
2020-10-19WiredAndy Greenberg
US Indicts Sandworm, Russia's Most Destructive Cyberwar Unit
EternalPetya Olympic Destroyer
2020-10-19CyberScoopTim Starks
US charges Russian GRU officers for NotPetya, other major hacks
EternalPetya
2020-10-19Riskint BlogCurtis
Revisited: Fancy Bear's New Faces...and Sandworms' too
BlackEnergy EternalPetya Industroyer Olympic Destroyer
2020-08-29AguinetAdrien Guinet
Emulating NotPetya bootloader with Miasm
EternalPetya
2020-07-29Kaspersky LabsGReAT
APT trends report Q2 2020
PhantomLance Dacls Penquin Turla elf.wellmess AppleJeus Dacls AcidBox Cobalt Strike Dacls EternalPetya Godlike12 Olympic Destroyer PlugX shadowhammer ShadowPad Sinowal VHD Ransomware Volgmer WellMess X-Agent XTunnel
2020-07-29Atlantic CouncilJune Lee, Stewart Scott, Trey Herr, William Loomis
BREAKING TRUST: Shades of Crisis Across an Insecure Software Supply Chain
EternalPetya GoldenSpy Kwampirs Stuxnet
2020-06-21GVNSHTNGavin Ashton
Maersk, me & notPetya
EternalPetya
2020-06-09Kaspersky LabsCostin Raiu
Looking at Big Threats Using Code Similarity. Part 1
Penquin Turla CCleaner Backdoor EternalPetya Regin WannaCryptor XTunnel
2020-05-21PICUS SecuritySüleyman Özarslan
T1055 Process Injection
BlackEnergy Cardinal RAT Downdelph Emotet Kazuar RokRAT SOUNDBITE
2020-03-05MicrosoftMicrosoft Threat Protection Intelligence Team
Human-operated ransomware attacks: A preventable disaster
Dharma DoppelPaymer Dridex EternalPetya Gandcrab Hermes LockerGoga MegaCortex MimiKatz REvil RobinHood Ryuk SamSam TrickBot WannaCryptor PARINACOTA
2020-01-31Virus BulletinMichal Poslušný, Peter Kálnai
Rich Headers: leveraging this mysterious artifact of the PE format
Dridex Exaramel Industroyer Neutrino RCS Sathurbot
2020-01-01SecureworksSecureWorks
IRON VIKING
BlackEnergy EternalPetya GreyEnergy Industroyer KillDisk TeleBot TeleDoor
2020-01-01DragosJoe Slowik
Threat Intelligence and the Limits of Malware Analysis
Exaramel Exaramel Industroyer Lookback NjRAT PlugX
2019-08-01Kaspersky LabsGReAT
APT trends report Q2 2019
ZooPark magecart POWERSTATS Chaperone COMpfun EternalPetya FinFisher RAT HawkEye Keylogger HOPLIGHT Microcin NjRAT Olympic Destroyer PLEAD RokRAT Triton Zebrocy
2019-05-08Verizon Communications Inc.Verizon Communications Inc.
2019 Data Breach Investigations Report
BlackEnergy Cobalt Strike DanaBot Gandcrab GreyEnergy Mirai Olympic Destroyer SamSam
2019-02-12Nozomi NetworksAlessandro Di Pinto
GreyEnergy Malware Research Paper: Maldoc to Backdoor
GreyEnergy
2019-01-25Github (NozomiNetworks)NozomiNetworks
Toolkit collection developed to help malware analysts dissecting and detecting the packer used by GreyEnergy samples.
GreyEnergy
2019-01-24Kaspersky LabsKaspersky Lab ICS CERT
GreyEnergy’s overlap with Zebrocy
GreyEnergy Zebrocy
2019-01-18Mark Edmondson
BLACK ENERGY – Analysis
BlackEnergy
2019-01-01DragosDragos
Adversary Reports
ALLANITE APT33 CHRYSENE ENERGETIC BEAR Lazarus Group Sandworm
2019-01-01MITREMITRE ATT&CK
Group description: Sandworm Team
Sandworm
2019-01-01Council on Foreign RelationsCyber Operations Tracker
Black Energy
Sandworm
2018-10-18ESET ResearchAnton Cherepanov
GREYENERGY: A successor to BlackEnergy
Felixroot GreyEnergy
2018-10-17ESET ResearchAnton Cherepanov, Robert Lipovsky
ESET unmasks ‘GREYENERGY’ cyber-espionage group
GreyEnergy GreyEnergy
2018-10-11ESET ResearchAnton Cherepanov, Robert Lipovsky
New TeleBots backdoor: First evidence linking Industroyer to NotPetya
Exaramel EternalPetya Exaramel Industroyer
2018-08-22WiredAndy Greenberg
The Untold Story of NotPetya, the Most Devastating Cyberattack in History
EternalPetya
2018-03-01DragosDragos
INDUSTRIAL CONTROL SYSTEM THREATS
APT33 CHRYSENE ENERGETIC BEAR Lazarus Group Sandworm
2018-01-13The Washington PostEllen Nakashima
Russian military was behind ‘NotPetya’ cyberattack in Ukraine, CIA concludes
EternalPetya
2017-10-27F-SecureF-Secure Global
The big difference with Bad Rabbit
EternalPetya
2017-10-26FireEyeBarry Vengerik, Ben Read, Brian Mordosky, Christopher Glyer, Ian Ahl, Matt Williams, Michael Matonis, Nick Carr
BACKSWING - Pulling a BADRABBIT Out of a Hat
EternalPetya
2017-10-26Reversing LabsNone
ReversingLabs' YARA rule detects BadRabbit encryption routine specifics
EternalPetya
2017-10-25RiskIQYonathan Klijnsma
Down the Rabbit Hole: Tracking the BadRabbit Ransomware to a Long Ongoing Campaign of Target Selection
EternalPetya
2017-10-24Kaspersky LabsAnton Ivanov, Fedor Sinitsyn, Orkhan Mamedov
Bad Rabbit ransomware
EternalPetya
2017-10-24WiredAndy Greenberg
New Ransomware Linked to NotPetya Sweeps Russia and Ukraine
EternalPetya
2017-10-24ESET ResearchMarc-Etienne M.Léveillé
Bad Rabbit: Not‑Petya is back with improved ransomware
EternalPetya
2017-10-24IntezerJay Rosenberg
NotPetya Returns as Bad Rabbit
EternalPetya
2017-10-24Cisco TalosNick Biasini
Threat Spotlight: Follow the Bad Rabbit
EternalPetya
2017-10-24ESET ResearchEditor
Kiev metro hit with a new variant of the infamous Diskcoder ransomware
EternalPetya
2017-10-05Virus BulletinAnton Cherepanov, Robert Lipovsky
Industroyer: Biggest threat to industrial control systems since Stuxnet
Industroyer
2017-09-19NCC GroupOllie Whitehouse
EternalGlue part one: Rebuilding NotPetya to assess real-world resilience
EternalPetya
2017-09-18ThreatConnectPaul Vann
Casting a Light on BlackEnergy
BlackEnergy
2017-08-24ESET ResearchMarc-Etienne M.Léveillé
Bad Rabbit: Not‑Petya is back with improved ransomware
EternalPetya Sandworm
2017-08-11ThreatpostTom Spring
Ukrainian Man Arrested, Charged in NotPetya Distribution
EternalPetya
2017-07-14MalwarebytesMalwarebytes Labs
Keeping up with the Petyas: Demystifying the malware family
EternalPetya GoldenEye PetrWrap Petya
2017-07-05Cisco TalosAleksandar Nikolic, David Maynor, Matt Olney, Yves Younan
The MeDoc Connection
TeleDoor
2017-07-04KasperskyAnton Ivanov, Orkhan Mamedov
In ExPetr/Petya’s shadow, FakeCry ransomware wave hits Ukraine
EternalPetya FakeCry
2017-07-04ESET ResearchAnton Cherepanov
Analysis of TeleBots’ cunning backdoor
TeleDoor
2017-07-04WikipediaVarious
Industroyer
Industroyer
2017-07-03CrowdStrikeKaran Sood, Shaun Hurley
NotPetya Technical Analysis Part II: Further Findings and Potential for MBR Recovery
EternalPetya
2017-07-03ESET ResearchAnton Cherepanov, Robert Lipovsky
BlackEnergy – what we really know about the notorious cyber attacks
BlackEnergy
2017-07-03G DataG Data
Who is behind Petna?
EternalPetya
2017-07-03The GuardianAlex Hern
'NotPetya' malware attacks could warrant retaliation, says Nato affiliated-researcher
EternalPetya
2017-06-30MalwarebytesMalwarebytes Labs
EternalPetya – yet another stolen piece in the package?
EternalPetya
2017-06-30ESET ResearchAnton Cherepanov
TeleBots are back: Supply‑chain attacks against Ukraine
TeleBot Sandworm
2017-06-30ESET ResearchAnton Cherepanov
TeleBots are back: Supply‑chain attacks against Ukraine
EternalPetya
2017-06-30Kaspersky LabsGReAT
From BlackEnergy to ExPetr
EternalPetya
2017-06-29MalwarebytesMalwarebytes Labs
EternalPetya and the lost Salsa20 key
EternalPetya
2017-06-29Robert Graham
NonPetya: no evidence it was a "smokescreen"
EternalPetya
2017-06-29Bleeping ComputerCatalin Cimpanu
Ransomware Attacks Continue in Ukraine with Mysterious WannaCry Clone
EternalPetya
2017-06-29MicrosoftMicrosoft Defender ATP Research Team
Windows 10 platform resilience against the Petya ransomware attack
EternalPetya
2017-06-28hacks4pancakes
Why NotPetya Kept Me Awake (& You Should Worry Too)
EternalPetya
2017-06-28Kaspersky LabsAnton Ivanov, Orkhan Mamedov
ExPetr/Petya/NotPetya is a Wiper, Not Ransomware
EternalPetya
2017-06-28CrowdStrikeFalcon Intelligence Team
CrowdStrike Protects Against NotPetya Attack
EternalPetya
2017-06-27SANSBrad Duncan
Checking out the new Petya variant
EternalPetya
2017-06-27Kaspersky LabsGReAT
Schroedinger’s Pet(ya)
EternalPetya
2017-06-27Medium thegrugqthegrugq
Pnyetya: Yet Another Ransomware Outbreak
EternalPetya
2017-06-27ESET ResearchEditor
New WannaCryptor‑like ransomware attack hits globally: All you need to know
EternalPetya Sandworm
2017-06-13DragosDragos
CRASHOVERRIDE: Analysis of the Threatto Electric Grid Operations
Industroyer Sandworm
2017-06-12ESET ResearchAnton Cherepanov
WIN32/INDUSTROYER: A new threat for industrial control systems
Industroyer Sandworm
2017-06-12ESET ResearchAnton Cherepanov, Robert Lipovsky
Industroyer: Biggest threat to industrial control systems since Stuxnet
Industroyer
2017-06-12CISACISA
Alert (TA17-163A)
Sandworm
2017-05-31MITREMITRE ATT&CK
Sandworm Team
CyclopsBlink Exaramel BlackEnergy EternalPetya Exaramel GreyEnergy KillDisk MimiKatz Olympic Destroyer Sandworm
2017-05-23ESET ResearchAnton Cherepanov
XData ransomware making rounds amid global WannaCryptor scare
Sandworm
2017-01-05ESET ResearchPeter Kálnai, Robert Lipovsky
KillDisk now targeting Linux: Demands $250K ransom, but can’t decrypt
KillDisk Sandworm
2016-12-13ESET ResearchAnton Cherepanov
The rise of TeleBots: Analyzing disruptive KillDisk attacks
KillDisk TeleBot Sandworm
2016-12-13ESET ResearchAnton Cherepanov
The rise of TeleBots: Analyzing disruptive KillDisk attacks
Credraptor KillDisk TeleBot
2016-01-28Kaspersky LabsGReAT
BlackEnergy APT Attacks in Ukraine employ spearphishing with Word documents
BlackEnergy
2016-01-09Industrial Control SystemsRobert M. Lee
Confirmation of a Coordinated Attack on the Ukrainian Power Grid
Sandworm
2015-12-30SANSMichael J. Assante
Current Reporting on the Cyber Attack in Ukraine Resulting in Power Outage
Sandworm
2015-02-17Kaspersky LabsKurt Baumgartner, Maria Garnaeva
BE2 extraordinary plugins, Siemens targeting, dev fails
BlackEnergy
2014-11-10Trend MicroWilliam Gamazo Sanchez
Timeline of Sandworm Attacks
Sandworm
2014-11-10Trend MicroWilliam Gamazo Sanchez
Timeline of Sandworm Attacks
Sandworm
2014-11-03Kaspersky LabsKurt Baumgartner, Maria Garnaeva
BE2 custom plugins, router abuse, and target profiles
BlackEnergy
2014-10-14SymantecSymantec Security Response
Sandworm Windows zero-day vulnerability being actively exploited in targeted attacks
Sandworm
2014-10-14ESET ResearchRobert Lipovsky
CVE‑2014‑4114: Details on August BlackEnergy PowerPoint Campaigns
BlackEnergy
2014-10-14SymantecSymantec Security Response
Sandworm Windows zero-day vulnerability being actively exploited in targeted attacks
Sandworm
2010-07-15Kaspersky LabsDmitry Tarakanov
Black DDoS
BlackEnergy
2010-03-03FireEyeJulia Wolf
Black Energy Crypto
BlackEnergy
2010-03-03SecureworksJoe Stewart
BlackEnergy Version 2 Threat Analysis
BlackEnergy
2007-10-01Arbor NetworksJose Nazario
BlackEnergy DDoS Bot Analysis
BlackEnergy

Credits: MISP Project