| SYMBOL | COMMON_NAME | aka. SYNONYMS |
This threat actor targets industrial control systems, using a tool called Black Energy, associated with electricity and power generation for espionage, denial of service, and data destruction purposes. Some believe that the threat actor is linked to the 2015 compromise of the Ukrainian electrical grid and a distributed denial of service prior to the Russian invasion of Georgia. Believed to be responsible for the 2008 DDoS attacks in Georgia and the 2015 Ukraine power grid outage
| 2025-06-03
⋅
VMRay
⋅
Rhadamanthys slips through in large installer files Rhadamanthys |
| 2025-05-22
⋅
Elastic
⋅
De-obfuscating ALCATRAZ DOUBLELOADER Rhadamanthys |
| 2025-03-28
⋅
Trend Micro
⋅
A Deep Dive into Water Gamayun’s Arsenal and Infrastructure DarkWisp SilentPrism Kematian Stealer Rhadamanthys Stealc Water Gamayun |
| 2025-03-14
⋅
Twitter (@CERTCyberdef)
⋅
Tweet on Emmenhtal v3 Emmenhtal Lumma Stealer Rhadamanthys |
| 2025-03-06
⋅
Outpost24
⋅
Unveiling EncryptHub: Analysis of a multi-stage malware campaign Rhadamanthys |
| 2025-02-12
⋅
Microsoft
⋅
The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation LocalOlive |
| 2025-02-11
⋅
EclecticIQ
⋅
Sandworm APT Targets Ukrainian Users with Trojanized Microsoft KMS Activation Tools in Cyber Espionage Campaigns Kalambur BACKORDER DCRat |
| 2025-01-15
⋅
⋅
CTFIOT
⋅
Article 113: One of the Russian-Ukrainian cyberwars, a review of the first major blackout in Ukraine caused by the Sandworm APT organization KillDisk |
| 2025-01-10
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update July to December 2024 Coper FluBot Hook Mirai FAKEUPDATES AsyncRAT BianLian Brute Ratel C4 Cobalt Strike DanaBot DCRat Havoc Latrodectus NjRAT Quasar RAT RedLine Stealer Remcos Rhadamanthys Sliver Stealc |
| 2025-01-04
⋅
revdiaries.com
⋅
"Solara" Roblox Executor Malware Rhadamanthys |
| 2024-11-06
⋅
Check Point Research
⋅
CopyRh(ight)adamantys Campaign: Rhadamantys Exploits Intellectual Property Infringement Baits Rhadamanthys |
| 2024-10-23
⋅
Cisco Talos
⋅
Highlighting TA866/Asylum Ambuscade Activity Since 2021 WasabiSeed Cobalt Strike csharp-streamer RAT Resident Rhadamanthys WarmCookie |
| 2024-10-17
⋅
Sekoia
⋅
ClickFix tactic: The Phantom Meet Rhadamanthys Stealc |
| 2024-09-26
⋅
Recorded Future
⋅
Rhadamanthys Stealer Adds Innovative AI Feature in Version 0.7.0 Rhadamanthys |
| 2024-07-25
⋅
Symantec
⋅
Growing Number of Threats Leveraging AI Broomstick DBatLoader NetSupportManager RAT Rhadamanthys |
| 2024-07-24
⋅
Check Point Research
⋅
Stargazers Ghost Network Atlantida Lumma Stealer RedLine Stealer Rhadamanthys RisePro Stargazer Goblin |
| 2024-07-14
⋅
Medium b.magnezi
⋅
Malware Analysis - Rhadamanthys Rhadamanthys |
| 2024-07-09
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update January to June 2024 Coper FluBot Hook Bashlite Mirai FAKEUPDATES AsyncRAT BianLian Cobalt Strike DCRat Havoc NjRAT QakBot Quasar RAT RedLine Stealer Remcos Rhadamanthys RisePro Sliver |
| 2024-06-17
⋅
Recorded Future
⋅
The Travels of “markopolo”: Self-Proclaimed Meeting Software Vortax Spreads Infostealers, Unveils Expansive Network of Malicious macOS Applications AMOS Rhadamanthys Stealc Markopolo |
| 2024-05-11
⋅
Russian APT deploys new 'Kapeka' backdoor in Eastern European attacks Kapeka |
| 2024-04-29
⋅
ThreatMon
⋅
Understanding the 'Kapeka' Backdoor: Detailed Analysis by APT44 Kapeka |
| 2024-04-19
⋅
⋅
Cert-UA
⋅
UAC-0133 (Sandworm) plans for cyber sabotage on almost 20 objects of critical infrastructure of Ukraine Kapeka reGeorg |
| 2024-04-17
⋅
WithSecure
⋅
KAPEKA A novel backdoor spotted in Eastern Europe Kapeka |
| 2024-04-17
⋅
Mandiant
⋅
Unearthing APT44: Russia’s Notorious Cyber Sabotage Unit Sandworm Sandworm |
| 2024-04-16
⋅
Mandiant
⋅
APT44: Unearthing Sandworm VPNFilter BlackEnergy CaddyWiper EternalPetya HermeticWiper Industroyer INDUSTROYER2 Olympic Destroyer PartyTicket RoarBAT Sandworm |
| 2024-04-15
⋅
UC Santa Cruz
⋅
A Tale of Two Industroyers: It was the Season of Darkness Industroyer INDUSTROYER2 |
| 2024-04-10
⋅
Proofpoint
⋅
Security Brief: TA547 Targets German Organizations with Rhadamanthys Stealer Rhadamanthys |
| 2024-01-12
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q4 2023 FluBot Hook FAKEUPDATES AsyncRAT BianLian Cobalt Strike DCRat Havoc IcedID Lumma Stealer Meterpreter NjRAT Pikabot QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver |
| 2023-12-14
⋅
Checkpoint
⋅
Rhadamanthys v0.5.0 – A Deep Dive into the Stealer’s Components Rhadamanthys |
| 2023-11-09
⋅
Mandiant
⋅
Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology CaddyWiper |
| 2023-10-27
⋅
Elastic
⋅
GHOSTPULSE haunts victims using defense evasion bag o' tricks HijackLoader Lumma Stealer NetSupportManager RAT Rhadamanthys SectopRAT Vidar |
| 2023-10-12
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q3 2023 FluBot AsyncRAT Ave Maria Cobalt Strike DCRat Havoc IcedID ISFB Nanocore RAT NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Stealc Tofsee Vidar |
| 2023-10-03
⋅
Outpost24
⋅
Rhadamanthys malware analysis: How infostealers use VMs to avoid analysis Rhadamanthys |
| 2023-09-28
⋅
CIP
⋅
Russia's Cyber Tactics H1' 2023 APT29 Sandworm Turla XakNet Zarya |
| 2023-09-25
⋅
EchoCTI
⋅
Rhdamanthys Technical Analysis Report Rhadamanthys |
| 2023-08-31
⋅
Checkpoint
⋅
From Hidden Bee to Rhadamanthys - The Evolution of Custom Executable Formats Hidden Bee Rhadamanthys |
| 2023-07-12
⋅
Mandiant
⋅
The GRU's Disruptive Playbook CaddyWiper INDUSTROYER2 XakNet |
| 2023-07-11
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q2 2023 Hydra AsyncRAT Aurora Stealer Ave Maria BumbleBee Cobalt Strike DCRat Havoc IcedID ISFB NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee |
| 2023-06-15
⋅
eSentire
⋅
eSentire Threat Intelligence Malware Analysis: Resident Campaign Cobalt Strike Resident Rhadamanthys WarmCookie |
| 2023-05-16
⋅
Secureworks
⋅
The Growing Threat from Infostealers Graphiron GraphSteel Raccoon RedLine Stealer Rhadamanthys Taurus Stealer Vidar |
| 2023-05-04
⋅
SOCRadar
⋅
Sandworm Attackers Use WinRAR to Wipe Data from Government Devices RoarBAT |
| 2023-04-19
⋅
Google
⋅
Ukraine remains Russia’s biggest cyber focus in 2023 Rhadamanthys |
| 2023-04-18
⋅
Mandiant
⋅
M-Trends 2023 QUIETEXIT AppleJeus Black Basta BlackCat CaddyWiper Cobalt Strike Dharma HermeticWiper Hive INDUSTROYER2 Ladon LockBit Meterpreter PartyTicket PlugX QakBot REvil Royal Ransom SystemBC WhisperGate |
| 2023-04-14
⋅
Dragos
⋅
2022 ICS/OT Threat Landscape Recap & What to Watch for This Year INDUSTROYER2 Wassonite |
| 2023-04-12
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q1 2023 FluBot Amadey AsyncRAT Aurora Ave Maria BumbleBee Cobalt Strike DCRat Emotet IcedID ISFB NjRAT QakBot RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee Vidar |
| 2023-03-27
⋅
Check Point Research
⋅
Rhadamanthys: The “Everything Bagel” Infostealer Rhadamanthys |
| 2023-03-15
⋅
Microsoft
⋅
A year of Russian hybrid warfare in Ukraine CaddyWiper DesertBlade DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper PartyTicket SwiftSlicer WhisperGate |
| 2023-02-21
⋅
Zscaler
⋅
Technical Analysis of Rhadamanthys Obfuscation Techniques Rhadamanthys |
| 2023-02-16
⋅
Google
⋅
Fog of war: how the Ukraine conflict transformed the cyber threat landscape APT28 Ghostwriter SaintBear Sandworm Turla |
| 2023-02-15
⋅
Google
⋅
Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape CaddyWiper Dharma HermeticWiper INDUSTROYER2 PartyTicket WhisperGate Callisto Curious Gorge MUSTANG PANDA Turla |
| 2023-01-29
⋅
Acronis
⋅
Petya/Not Petya Ransomware Analysis EternalPetya |
| 2023-01-27
⋅
ESET Research
⋅
SwiftSlicer: New destructive wiper malware strikes Ukraine SwiftSlicer |
| 2023-01-27
⋅
ESET Research
⋅
Tweets on SwiftSlicer SwiftSlicer |
| 2023-01-27
⋅
⋅
Cert-UA
⋅
Cyber attack on the Ukrinform information and communication system CaddyWiper |
| 2023-01-24
⋅
Fortinet
⋅
The Year of the Wiper Azov Wiper Bruh Wiper CaddyWiper Cobalt Strike Vidar |
| 2023-01-16
⋅
Medium elis531989
⋅
Dancing With Shellcodes: Analyzing Rhadamanthys Stealer Rhadamanthys |
| 2023-01-12
⋅
Cybleinc
⋅
Rhadamanthys: New Stealer Spreading Through Google Ads Rhadamanthys |
| 2023-01-03
⋅
Malware Traffic Analysis
⋅
2023-01-03 (TUESDAY) - GOOGLE AD --> FAKE NOTPAD++ PAGE --> RHADAMANTHYS STEALER Rhadamanthys |
| 2022-12-05
⋅
Accenture
⋅
Popularity spikes for information stealer malware on the dark web MetaStealer Rhadamanthys |
| 2022-12-03
⋅
Microsoft
⋅
Preparing for a Russian cyber offensive against Ukraine this winter CaddyWiper HermeticWiper Prestige |
| 2022-11-18
⋅
Atlantic Council
⋅
GRU 26165: The Russian cyber unit that hacks targets on-site EternalPetya |
| 2022-10-31
⋅
The Record
⋅
Mondelez and Zurich reach settlement in NotPetya cyberattack insurance suit EternalPetya |
| 2022-10-24
⋅
Youtube (Virus Bulletin)
⋅
Russian wipers in the cyberwar against Ukraine AcidRain CaddyWiper DesertBlade DoubleZero EternalPetya HermeticWiper HermeticWizard INDUSTROYER2 IsaacWiper KillDisk PartyTicket WhisperGate |
| 2022-10-06
⋅
ThreatMon
⋅
Rhadamanthys Stealer Analysis Rhadamanthys |
| 2022-09-26
⋅
CrowdStrike
⋅
The Anatomy of Wiper Malware, Part 3: Input/Output Controls CaddyWiper DEADWOOD DistTrack DoubleZero DUSTMAN HermeticWiper IsaacWiper Meteor Petya Sierra(Alfa,Bravo, ...) StoneDrill WhisperGate ZeroCleare |
| 2022-09-23
⋅
Mandiant
⋅
GRU: Rise of the (Telegram) MinIOns ArguePatch CaddyWiper XakNet |
| 2022-08-18
⋅
Trustwave
⋅
Overview of the Cyber Weapons Used in the Ukraine - Russia War AcidRain CaddyWiper Cobalt Strike CredoMap DCRat DoubleZero GraphSteel GrimPlant HermeticWiper INDUSTROYER2 InvisiMole IsaacWiper PartyTicket |
| 2022-08-18
⋅
Trustwave
⋅
Overview of the Cyber Weapons Used in the Ukraine - Russia War AcidRain CaddyWiper Cobalt Strike CredoMap DCRat DoubleZero GraphSteel GrimPlant HermeticWiper INDUSTROYER2 InvisiMole IsaacWiper PartyTicket |
| 2022-08-12
⋅
CrowdStrike
⋅
The Anatomy of Wiper Malware, Part 1: Common Techniques Apostle CaddyWiper DEADWOOD DistTrack DoubleZero DUSTMAN HermeticWiper IsaacWiper IsraBye KillDisk Meteor Olympic Destroyer Ordinypt Petya Sierra(Alfa,Bravo, ...) StoneDrill WhisperGate ZeroCleare |
| 2022-07-26
⋅
Mandiant
⋅
Mandiant Red Team Emulates FIN11 Tactics To Control Operational Technology Servers Clop Industroyer MimiKatz Triton |
| 2022-07-19
⋅
Google
⋅
Continued cyber activity in Eastern Europe observed by TAG CyberAzov APT28 Callisto Ghostwriter Sandworm Turla |
| 2022-06-24
⋅
⋅
Cert-UA
⋅
Cyberattack against Ukrainian telecommunications operators using DarkCrystal RAT malware (CERT-UA # 4874) DCRat Sandworm |
| 2022-06-23
⋅
splunk
⋅
Threat Update: Industroyer2 INDUSTROYER2 |
| 2022-05-31
⋅
NOZOMI Network Labs
⋅
Industroyer vs. Industroyer2: Evolution of the IEC 104 Component INDUSTROYER2 |
| 2022-05-18
⋅
ntop
⋅
How ntopng monitors IEC 60870-5-104 traffic INDUSTROYER2 |
| 2022-05-12
⋅
Blackberry
⋅
Threat Thursday: Malware Rebooted - How Industroyer2 Takes Aim at Ukraine Infrastructure INDUSTROYER2 |
| 2022-05-09
⋅
cocomelonc
⋅
Malware development: persistence - part 4. Windows services. Simple C++ example. Anchor AppleJeus Attor BBSRAT BlackEnergy Carbanak Cobalt Strike DuQu |
| 2022-05-02
⋅
AT&T
⋅
Analysis on recent wiper attacks: examples and how wiper malware works AcidRain CaddyWiper DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper |
| 2022-04-28
⋅
Fortinet
⋅
An Overview of the Increasing Wiper Malware Threat AcidRain CaddyWiper DistTrack DoubleZero EternalPetya HermeticWiper IsaacWiper Olympic Destroyer Ordinypt WhisperGate ZeroCleare |
| 2022-04-27
⋅
Nozomi Networks
⋅
Industroyer2: Nozomi Networks Labs Analyzes the IEC 104 Payload INDUSTROYER2 |
| 2022-04-27
⋅
Microsoft
⋅
Special Report: Ukraine An overview of Russia’s cyberattack activity in Ukraine CaddyWiper DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper PartyTicket WhisperGate |
| 2022-04-25
⋅
Mandiant
⋅
INDUSTROYER.V2: Old Malware Learns New Tricks INDUSTROYER2 |
| 2022-04-25
⋅
Netresec
⋅
Industroyer2 IEC-104 Analysis INDUSTROYER2 |
| 2022-04-23
⋅
Stranded on Pylos Blog
⋅
Industroyer2 in Perspective INDUSTROYER2 |
| 2022-04-20
⋅
CISA
⋅
AA22-110A Joint CSA: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure VPNFilter BlackEnergy DanaBot DoppelDridex Emotet EternalPetya GoldMax Industroyer Sality SmokeLoader TrickBot Triton Zloader |
| 2022-04-20
⋅
CISA
⋅
Alert (AA22-110A): Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure VPNFilter BlackEnergy DanaBot DoppelDridex Emotet EternalPetya GoldMax Industroyer Sality SmokeLoader TrickBot Triton Zloader Killnet |
| 2022-04-20
⋅
cocomelonc
⋅
Malware development: persistence - part 1. Registry run keys. C++ example. Agent Tesla Amadey BlackEnergy Cobian RAT COZYDUKE Emotet Empire Downloader Kimsuky |
| 2022-04-14
⋅
SCADAfence
⋅
Industroyer2: ICS Networks need to heighten vigilance - SCADAfence INDUSTROYER2 |
| 2022-04-12
⋅
Max Kersten's Blog
⋅
Ghidra script to handle stack strings CaddyWiper PlugX |
| 2022-04-12
⋅
ESET Research
⋅
Industroyer2: Industroyer reloaded ArguePatch CaddyWiper Industroyer INDUSTROYER2 |
| 2022-04-12
⋅
Twitter (@silascutler)
⋅
Tweet on analysis of CADDYWIPER used alongside with INDUSTROYER2 CaddyWiper INDUSTROYER2 |
| 2022-04-12
⋅
⋅
Cert-UA
⋅
Cyberattack of Sandworm Group (UAC-0082) on energy facilities of Ukraine using malicious programs INDUSTROYER2 and CADDYWIPER (CERT-UA # 4435) CaddyWiper Industroyer INDUSTROYER2 |
| 2022-04-12
⋅
ESET Research
⋅
Industroyer2: Industroyer reloaded CaddyWiper INDUSTROYER2 |
| 2022-04-05
⋅
Morphisec
⋅
New Analysis: The CaddyWiper Malware Attacking Ukraine CaddyWiper |
| 2022-04-01
⋅
splunk
⋅
Threat Update: CaddyWiper CaddyWiper |
| 2022-03-31
⋅
eSentire
⋅
eSentire Threat Intelligence Malware Analysis: CaddyWiper CaddyWiper |
| 2022-03-26
⋅
n0p Blog
⋅
Analysis of a Caddy Wiper Sample Targeting Ukraine CaddyWiper |
| 2022-03-25
⋅
GOV.UA
⋅
Who is behind the Cyberattacks on Ukraine's Critical Information Infrastructure: Statistics for March 15-22 Xloader Agent Tesla CaddyWiper Cobalt Strike DoubleZero GraphSteel GrimPlant HeaderTip HermeticWiper IsaacWiper MicroBackdoor Pandora RAT |
| 2022-03-24
⋅
NextGov
⋅
Ukrainian Cyber Lead Says ‘At Least 4 Types of Malware’ in Use to Target Critical Infrastructure and Humanitarian Aid CaddyWiper DoubleZero HermeticWiper IsaacWiper |
| 2022-03-18
⋅
Malwarebytes
⋅
Double header: IsaacWiper and CaddyWiper CaddyWiper IsaacWiper |
| 2022-03-17
⋅
NioGuard
⋅
Analysis of CaddyWiper CaddyWiper |
| 2022-03-16
⋅
Cyber Security News
⋅
Destructive Data Wiper Malware Targeting high-profile Ukrainian Organizations CaddyWiper |
| 2022-03-15
⋅
ESET Research
⋅
CaddyWiper: New wiper malware discovered in Ukraine CaddyWiper |
| 2022-03-15
⋅
SecurityAffairs
⋅
CaddyWiper, a new data wiper hits Ukraine CaddyWiper |
| 2022-03-15
⋅
Twitter (@HackNPatch)
⋅
Tweet on Exploring CaddyWiper API resolution CaddyWiper |
| 2022-03-15
⋅
TRUESEC
⋅
Analysis of CaddyWiper, wiper targeting Ukraine CaddyWiper |
| 2022-03-15
⋅
SecurityIntelligence
⋅
CaddyWiper: Third Wiper Malware Targeting Ukrainian Organizations CaddyWiper |
| 2022-03-15
⋅
Cisco
⋅
Threat Advisory: CaddyWiper CaddyWiper |
| 2022-03-15
⋅
The Hacker News
⋅
CaddyWiper: Yet Another Data Wiping Malware Targeting Ukrainian Networks CaddyWiper |
| 2022-03-14
⋅
Cybernews
⋅
New destructive wiper malware deployed in Ukraine CaddyWiper |
| 2022-03-14
⋅
Twitter (@ESETresearch)
⋅
Tweet on CaddyWiper as 3rd destructive wiper found deployed against Ukraine CaddyWiper Sunglow Blizzard |
| 2022-03-14
⋅
Bleeping Computer
⋅
New CaddyWiper data wiping malware hits Ukrainian networks CaddyWiper |
| 2022-03-01
⋅
Marco Ramilli's Blog
⋅
DiskKill/HermeticWiper and NotPetya (Dis)similarities EternalPetya HermeticWiper |
| 2022-02-28
⋅
Microsoft
⋅
Cyber threat activity in Ukraine: analysis and resources CaddyWiper DesertBlade DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper PartyTicket WhisperGate DEV-0586 |
| 2022-02-25
⋅
UKRAINE: Timeline of Cyberattacks VPNFilter EternalPetya HermeticWiper WhisperGate |
| 2022-02-24
⋅
Talos
⋅
Threat Advisory: Current executive guidance for ongoing cyberattacks in Ukraine VPNFilter EternalPetya |
| 2022-02-24
⋅
Tesorion
⋅
Report OSINT: Russia/ Ukraine Conflict Cyberaspect Mirai VPNFilter BlackEnergy EternalPetya HermeticWiper Industroyer WhisperGate |
| 2022-02-24
⋅
nviso
⋅
Threat Update – Ukraine & Russia conflict EternalPetya GreyEnergy HermeticWiper Industroyer KillDisk WhisperGate |
| 2022-02-23
⋅
ISTARI
⋅
Re-cap: The Untold Story of NotPetya, The Most Devastating Cyberattack in History EternalPetya |
| 2021-09-09
⋅
Recorded Future
⋅
Dark Covenant: Connections Between the Russian State and Criminal Actors BlackEnergy EternalPetya Gameover P2P Zeus |
| 2021-08-05
⋅
Symantec
⋅
Attacks Against Critical Infrastructure: A Global Concern BlackEnergy DarkSide DistTrack Stuxnet |
| 2021-07-27
⋅
Blackberry
⋅
Old Dogs New Tricks: Attackers Adopt Exotic Programming Languages elf.wellmess ElectroRAT BazarNimrod Buer Cobalt Strike Remcos Snake TeleBot WellMess Zebrocy |
| 2021-05-31
⋅
Wired
⋅
Hacker Lexicon: What Is a Supply Chain Attack? EternalPetya SUNBURST |
| 2021-04-29
⋅
The Institute for Security and Technology
⋅
Combating Ransomware A Comprehensive Framework for Action: Key Recommendations from the Ransomware Task Force Conti EternalPetya |
| 2021-04-29
⋅
ESET Research
⋅
ESET Industry Report on Government: Targeted but not alone Exaramel Crutch Exaramel HyperBro HyperSSL InvisiMole XDSpy |
| 2021-03-03
⋅
DomainTools
⋅
Centreon to Exim and Back: On the Trail of Sandworm Exaramel PAS |
| 2021-02-16
⋅
Twitter (@craiu)
⋅
Twitter thread on Exaramel Linux backdoor used by Russian Group Sandworm Exaramel |
| 2021-02-15
⋅
Wired
⋅
France Ties Russia's Sandworm to a Multiyear Hacking Spree Exaramel Exaramel |
| 2021-02-11
⋅
DomainTools
⋅
Visibility, Monitoring, and Critical Infrastructure Security Industroyer Stuxnet Triton |
| 2021-01-27
⋅
CERT-FR
⋅
Sandword Intrusion Set: Campaign Targeting Centreon Ssystems Exaramel PAS Exaramel |
| 2020-12-21
⋅
IronNet
⋅
Russian cyber attack campaigns and actors WellMail elf.wellmess Agent.BTZ BlackEnergy EternalPetya Havex RAT Industroyer Ryuk Triton WellMess |
| 2020-11-12
⋅
Dragos
⋅
Cyber Threat Perspective MANUFACTURING SECTOR Industroyer Snake |
| 2020-11-04
⋅
Stranded on Pylos Blog
⋅
The Enigmatic Energetic Bear EternalPetya Havex RAT |
| 2020-10-19
⋅
UK Government
⋅
UK exposes series of Russian cyber attacks against Olympic and Paralympic Games VPNFilter BlackEnergy EternalPetya Industroyer |
| 2020-10-19
⋅
Wired
⋅
US Indicts Sandworm, Russia's Most Destructive Cyberwar Unit EternalPetya Olympic Destroyer |
| 2020-10-19
⋅
CyberScoop
⋅
US charges Russian GRU officers for NotPetya, other major hacks EternalPetya |
| 2020-10-19
⋅
Riskint Blog
⋅
Revisited: Fancy Bear's New Faces...and Sandworms' too BlackEnergy EternalPetya Industroyer Olympic Destroyer |
| 2020-08-29
⋅
Aguinet
⋅
Emulating NotPetya bootloader with Miasm EternalPetya |
| 2020-07-29
⋅
Kaspersky Labs
⋅
APT trends report Q2 2020 PhantomLance Dacls Penquin Turla elf.wellmess AppleJeus Dacls AcidBox Cobalt Strike Dacls EternalPetya Godlike12 Olympic Destroyer PlugX shadowhammer ShadowPad Sinowal VHD Ransomware Volgmer WellMess X-Agent XTunnel |
| 2020-07-29
⋅
Atlantic Council
⋅
BREAKING TRUST: Shades of Crisis Across an Insecure Software Supply Chain EternalPetya GoldenSpy Kwampirs Stuxnet |
| 2020-06-21
⋅
GVNSHTN
⋅
Maersk, me & notPetya EternalPetya |
| 2020-06-09
⋅
Kaspersky Labs
⋅
Looking at Big Threats Using Code Similarity. Part 1 Penquin Turla CCleaner Backdoor EternalPetya Regin WannaCryptor XTunnel |
| 2020-05-21
⋅
PICUS Security
⋅
T1055 Process Injection BlackEnergy Cardinal RAT Downdelph Emotet Kazuar RokRAT SOUNDBITE |
| 2020-03-05
⋅
Microsoft
⋅
Human-operated ransomware attacks: A preventable disaster Dharma DoppelPaymer Dridex EternalPetya Gandcrab Hermes LockerGoga MegaCortex MimiKatz REvil RobinHood Ryuk SamSam TrickBot WannaCryptor PARINACOTA |
| 2020-01-31
⋅
Virus Bulletin
⋅
Rich Headers: leveraging this mysterious artifact of the PE format Dridex Exaramel Industroyer Neutrino RCS Sathurbot |
| 2020-01-01
⋅
Secureworks
⋅
IRON VIKING BlackEnergy EternalPetya GreyEnergy Industroyer KillDisk TeleBot TeleDoor |
| 2020-01-01
⋅
Dragos
⋅
Threat Intelligence and the Limits of Malware Analysis Exaramel Exaramel Industroyer Lookback NjRAT PlugX |
| 2019-08-01
⋅
Kaspersky Labs
⋅
APT trends report Q2 2019 ZooPark magecart POWERSTATS Chaperone COMpfun EternalPetya FinFisher RAT HawkEye Keylogger HOPLIGHT Microcin NjRAT Olympic Destroyer PLEAD RokRAT Triton Zebrocy |
| 2019-05-08
⋅
Verizon Communications Inc.
⋅
2019 Data Breach Investigations Report BlackEnergy Cobalt Strike DanaBot Gandcrab GreyEnergy Mirai Olympic Destroyer SamSam |
| 2019-02-12
⋅
Nozomi Networks
⋅
GreyEnergy Malware Research Paper: Maldoc to Backdoor GreyEnergy |
| 2019-01-25
⋅
Github (NozomiNetworks)
⋅
Toolkit collection developed to help malware analysts dissecting and detecting the packer used by GreyEnergy samples. GreyEnergy |
| 2019-01-24
⋅
Kaspersky Labs
⋅
GreyEnergy’s overlap with Zebrocy GreyEnergy Zebrocy |
| 2019-01-18
⋅
BLACK ENERGY – Analysis BlackEnergy |
| 2019-01-01
⋅
Dragos
⋅
Adversary Reports ALLANITE APT33 CHRYSENE ENERGETIC BEAR Lazarus Group Sandworm |
| 2019-01-01
⋅
MITRE
⋅
Group description: Sandworm Team Sandworm |
| 2019-01-01
⋅
Council on Foreign Relations
⋅
Black Energy Sandworm |
| 2018-10-18
⋅
ESET Research
⋅
GREYENERGY: A successor to BlackEnergy Felixroot GreyEnergy |
| 2018-10-17
⋅
ESET Research
⋅
ESET unmasks ‘GREYENERGY’ cyber-espionage group GreyEnergy GreyEnergy |
| 2018-10-11
⋅
ESET Research
⋅
New TeleBots backdoor: First evidence linking Industroyer to NotPetya Exaramel EternalPetya Exaramel Industroyer |
| 2018-08-22
⋅
Wired
⋅
The Untold Story of NotPetya, the Most Devastating Cyberattack in History EternalPetya |
| 2018-03-01
⋅
Dragos
⋅
INDUSTRIAL CONTROL SYSTEM THREATS APT33 CHRYSENE ENERGETIC BEAR Lazarus Group Sandworm |
| 2018-01-13
⋅
The Washington Post
⋅
Russian military was behind ‘NotPetya’ cyberattack in Ukraine, CIA concludes EternalPetya |
| 2017-10-27
⋅
F-Secure
⋅
The big difference with Bad Rabbit EternalPetya |
| 2017-10-26
⋅
FireEye
⋅
BACKSWING - Pulling a BADRABBIT Out of a Hat EternalPetya |
| 2017-10-26
⋅
Reversing Labs
⋅
ReversingLabs' YARA rule detects BadRabbit encryption routine specifics EternalPetya |
| 2017-10-25
⋅
RiskIQ
⋅
Down the Rabbit Hole: Tracking the BadRabbit Ransomware to a Long Ongoing Campaign of Target Selection EternalPetya |
| 2017-10-24
⋅
Kaspersky Labs
⋅
Bad Rabbit ransomware EternalPetya |
| 2017-10-24
⋅
Wired
⋅
New Ransomware Linked to NotPetya Sweeps Russia and Ukraine EternalPetya |
| 2017-10-24
⋅
ESET Research
⋅
Bad Rabbit: Not‑Petya is back with improved ransomware EternalPetya |
| 2017-10-24
⋅
Intezer
⋅
NotPetya Returns as Bad Rabbit EternalPetya |
| 2017-10-24
⋅
Cisco Talos
⋅
Threat Spotlight: Follow the Bad Rabbit EternalPetya |
| 2017-10-24
⋅
ESET Research
⋅
Kiev metro hit with a new variant of the infamous Diskcoder ransomware EternalPetya |
| 2017-10-05
⋅
Virus Bulletin
⋅
Industroyer: Biggest threat to industrial control systems since Stuxnet Industroyer |
| 2017-09-19
⋅
NCC Group
⋅
EternalGlue part one: Rebuilding NotPetya to assess real-world resilience EternalPetya |
| 2017-09-18
⋅
ThreatConnect
⋅
Casting a Light on BlackEnergy BlackEnergy |
| 2017-08-24
⋅
ESET Research
⋅
Bad Rabbit: Not‑Petya is back with improved ransomware EternalPetya Sandworm |
| 2017-08-11
⋅
Threatpost
⋅
Ukrainian Man Arrested, Charged in NotPetya Distribution EternalPetya |
| 2017-07-14
⋅
Malwarebytes
⋅
Keeping up with the Petyas: Demystifying the malware family EternalPetya GoldenEye PetrWrap Petya |
| 2017-07-05
⋅
Cisco Talos
⋅
The MeDoc Connection TeleDoor |
| 2017-07-04
⋅
Kaspersky
⋅
In ExPetr/Petya’s shadow, FakeCry ransomware wave hits Ukraine EternalPetya FakeCry |
| 2017-07-04
⋅
ESET Research
⋅
Analysis of TeleBots’ cunning backdoor TeleDoor |
| 2017-07-04
⋅
Wikipedia
⋅
Industroyer Industroyer |
| 2017-07-03
⋅
CrowdStrike
⋅
NotPetya Technical Analysis Part II: Further Findings and Potential for MBR Recovery EternalPetya |
| 2017-07-03
⋅
ESET Research
⋅
BlackEnergy – what we really know about the notorious cyber attacks BlackEnergy |
| 2017-07-03
⋅
G Data
⋅
Who is behind Petna? EternalPetya |
| 2017-07-03
⋅
The Guardian
⋅
'NotPetya' malware attacks could warrant retaliation, says Nato affiliated-researcher EternalPetya |
| 2017-06-30
⋅
Malwarebytes
⋅
EternalPetya – yet another stolen piece in the package? EternalPetya |
| 2017-06-30
⋅
ESET Research
⋅
TeleBots are back: Supply‑chain attacks against Ukraine TeleBot Sandworm |
| 2017-06-30
⋅
ESET Research
⋅
TeleBots are back: Supply‑chain attacks against Ukraine EternalPetya |
| 2017-06-30
⋅
Kaspersky Labs
⋅
From BlackEnergy to ExPetr EternalPetya |
| 2017-06-29
⋅
Malwarebytes
⋅
EternalPetya and the lost Salsa20 key EternalPetya |
| 2017-06-29
⋅
NonPetya: no evidence it was a "smokescreen" EternalPetya |
| 2017-06-29
⋅
Bleeping Computer
⋅
Ransomware Attacks Continue in Ukraine with Mysterious WannaCry Clone EternalPetya |
| 2017-06-29
⋅
Microsoft
⋅
Windows 10 platform resilience against the Petya ransomware attack EternalPetya |
| 2017-06-28
⋅
Why NotPetya Kept Me Awake (& You Should Worry Too) EternalPetya |
| 2017-06-28
⋅
Kaspersky Labs
⋅
ExPetr/Petya/NotPetya is a Wiper, Not Ransomware EternalPetya |
| 2017-06-28
⋅
CrowdStrike
⋅
CrowdStrike Protects Against NotPetya Attack EternalPetya |
| 2017-06-27
⋅
SANS
⋅
Checking out the new Petya variant EternalPetya |
| 2017-06-27
⋅
Kaspersky Labs
⋅
Schroedinger’s Pet(ya) EternalPetya |
| 2017-06-27
⋅
Medium thegrugq
⋅
Pnyetya: Yet Another Ransomware Outbreak EternalPetya |
| 2017-06-27
⋅
ESET Research
⋅
New WannaCryptor‑like ransomware attack hits globally: All you need to know EternalPetya Sandworm |
| 2017-06-13
⋅
Dragos
⋅
CRASHOVERRIDE: Analysis of the Threatto Electric Grid Operations Industroyer Sandworm |
| 2017-06-12
⋅
ESET Research
⋅
WIN32/INDUSTROYER: A new threat for industrial control systems Industroyer Sandworm |
| 2017-06-12
⋅
ESET Research
⋅
Industroyer: Biggest threat to industrial control systems since Stuxnet Industroyer |
| 2017-06-12
⋅
CISA
⋅
Alert (TA17-163A) Sandworm |
| 2017-05-31
⋅
MITRE
⋅
Sandworm Team CyclopsBlink Exaramel BlackEnergy EternalPetya Exaramel GreyEnergy KillDisk MimiKatz Olympic Destroyer Sandworm |
| 2017-05-23
⋅
ESET Research
⋅
XData ransomware making rounds amid global WannaCryptor scare Sandworm |
| 2017-01-05
⋅
ESET Research
⋅
KillDisk now targeting Linux: Demands $250K ransom, but can’t decrypt KillDisk Sandworm |
| 2016-12-13
⋅
ESET Research
⋅
The rise of TeleBots: Analyzing disruptive KillDisk attacks KillDisk TeleBot Sandworm |
| 2016-12-13
⋅
ESET Research
⋅
The rise of TeleBots: Analyzing disruptive KillDisk attacks Credraptor KillDisk TeleBot |
| 2016-01-28
⋅
Kaspersky Labs
⋅
BlackEnergy APT Attacks in Ukraine employ spearphishing with Word documents BlackEnergy |
| 2016-01-09
⋅
Industrial Control Systems
⋅
Confirmation of a Coordinated Attack on the Ukrainian Power Grid Sandworm |
| 2015-12-30
⋅
SANS
⋅
Current Reporting on the Cyber Attack in Ukraine Resulting in Power Outage Sandworm |
| 2015-02-17
⋅
Kaspersky Labs
⋅
BE2 extraordinary plugins, Siemens targeting, dev fails BlackEnergy |
| 2014-11-10
⋅
Trend Micro
⋅
Timeline of Sandworm Attacks Sandworm |
| 2014-11-10
⋅
Trend Micro
⋅
Timeline of Sandworm Attacks Sandworm |
| 2014-11-03
⋅
Kaspersky Labs
⋅
BE2 custom plugins, router abuse, and target profiles BlackEnergy |
| 2014-10-14
⋅
Symantec
⋅
Sandworm Windows zero-day vulnerability being actively exploited in targeted attacks Sandworm |
| 2014-10-14
⋅
ESET Research
⋅
CVE‑2014‑4114: Details on August BlackEnergy PowerPoint Campaigns BlackEnergy |
| 2014-10-14
⋅
Symantec
⋅
Sandworm Windows zero-day vulnerability being actively exploited in targeted attacks Sandworm |
| 2010-07-15
⋅
Kaspersky Labs
⋅
Black DDoS BlackEnergy |
| 2010-03-03
⋅
FireEye
⋅
Black Energy Crypto BlackEnergy |
| 2010-03-03
⋅
Secureworks
⋅
BlackEnergy Version 2 Threat Analysis BlackEnergy |
| 2007-10-01
⋅
Arbor Networks
⋅
BlackEnergy DDoS Bot Analysis BlackEnergy |