SYMBOLCOMMON_NAMEaka. SYNONYMS

SNOWGLOBE  (Back to overview)

aka: Animal Farm, Snowglobe

In 2014, researchers at Kaspersky Lab discovered and reported on three zero-days that were being used in cyberattacks in the wild. Two of these zero-day vulnerabilities are associated with an advanced threat actor we call Animal Farm. Over the past few years, Animal Farm has targeted a wide range of global organizations. The group has been active since at least 2009 and there are signs that earlier malware versions were developed as far back as 2007.


Associated Families
win.babar win.evilbunny win.casper

References
2019Council on Foreign RelationsCyber Operations Tracker
@online{tracker:2019:snowglobe:af65769, author = {Cyber Operations Tracker}, title = {{Snowglobe}}, date = {2019}, organization = {Council on Foreign Relations}, url = {https://www.cfr.org/interactive/cyber-operations/snowglobe}, language = {English}, urldate = {2019-12-20} } Snowglobe
SNOWGLOBE
2017-09-06Palo Alto Networks Unit 42Dominik Reichel
@online{reichel:20170906:analysing:a5a6017, author = {Dominik Reichel}, title = {{Analysing a 10-Year-Old SNOWBALL}}, date = {2017-09-06}, organization = {Palo Alto Networks Unit 42}, url = {https://researchcenter.paloaltonetworks.com/2017/09/unit42-analysing-10-year-old-snowball/}, language = {English}, urldate = {2019-12-20} } Analysing a 10-Year-Old SNOWBALL
Babar
2015-07-08InfosecPierluigi Paganini
@online{paganini:20150708:animal:bd9d9dc, author = {Pierluigi Paganini}, title = {{Animal Farm APT and the Shadow of French Intelligence}}, date = {2015-07-08}, organization = {Infosec}, url = {https://resources.infosecinstitute.com/animal-farm-apt-and-the-shadow-of-france-intelligence/}, language = {English}, urldate = {2019-12-19} } Animal Farm APT and the Shadow of French Intelligence
SNOWGLOBE
2015-03-06Kaspersky LabsGReAT
@online{great:20150306:animals:f15e26a, author = {GReAT}, title = {{Animals in the APT Farm}}, date = {2015-03-06}, organization = {Kaspersky Labs}, url = {https://securelist.com/blog/research/69114/animals-in-the-apt-farm/}, language = {English}, urldate = {2019-12-20} } Animals in the APT Farm
SNOWGLOBE
2015-03-05ESET ResearchJoan Calvet
@online{calvet:20150305:casper:be062ed, author = {Joan Calvet}, title = {{Casper Malware: After Babar and Bunny, Another Espionage Cartoon}}, date = {2015-03-05}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2015/03/05/casper-malware-babar-bunny-another-espionage-cartoon/}, language = {English}, urldate = {2019-11-14} } Casper Malware: After Babar and Bunny, Another Espionage Cartoon
Casper
2015-02-18G DataG Data
@online{data:20150218:babar:24e6c08, author = {G Data}, title = {{Babar: espionage software finally found and put under the microscope}}, date = {2015-02-18}, organization = {G Data}, url = {https://www.gdatasoftware.com/blog/2015/02/24270-babar-espionage-software-finally-found-and-put-under-the-microscope}, language = {English}, urldate = {2019-12-02} } Babar: espionage software finally found and put under the microscope
Evilbunny SNOWGLOBE
2015-02-18CyphortMarion Marschalek
@online{marschalek:20150218:shooting:91fead0, author = {Marion Marschalek}, title = {{Shooting Elephants}}, date = {2015-02-18}, organization = {Cyphort}, url = {https://drive.google.com/a/cyphort.com/file/d/0B9Mrr-en8FX4dzJqLWhDblhseTA/}, language = {English}, urldate = {2020-01-08} } Shooting Elephants
Babar
2015-02-18Vice MotherboardLorenzo Franceschi-Bicchierai
@online{franceschibicchierai:20150218:meet:2f64fcb, author = {Lorenzo Franceschi-Bicchierai}, title = {{Meet Babar, a New Malware Almost Certainly Created by France}}, date = {2015-02-18}, organization = {Vice Motherboard}, url = {https://motherboard.vice.com/read/meet-babar-a-new-malware-almost-certainly-created-by-france}, language = {English}, urldate = {2020-01-10} } Meet Babar, a New Malware Almost Certainly Created by France
SNOWGLOBE
2015-02-18CyphortMarion Marschalek
@online{marschalek:20150218:babar:f8c92b6, author = {Marion Marschalek}, title = {{Babar: Suspected Nation State Spyware In The Spotlight}}, date = {2015-02-18}, organization = {Cyphort}, url = {https://web.archive.org/web/20150218192803/http://www.cyphort.com/babar-suspected-nation-state-spyware-spotlight/}, language = {English}, urldate = {2020-06-08} } Babar: Suspected Nation State Spyware In The Spotlight
Babar Evilbunny SNOWGLOBE
2014-12-16CyphortMarion Marschalek
@online{marschalek:20141216:evilbunny:8e78c65, author = {Marion Marschalek}, title = {{EvilBunny: Malware Instrumented By Lua}}, date = {2014-12-16}, organization = {Cyphort}, url = {https://web.archive.org/web/20150311013500/http://www.cyphort.com/evilbunny-malware-instrumented-lua/}, language = {English}, urldate = {2020-06-08} } EvilBunny: Malware Instrumented By Lua
Evilbunny SNOWGLOBE
2011Spiegel OnlineCSE Canada
@techreport{canada:2011:snowglobe:2cf6813, author = {CSE Canada}, title = {{SNOWGLOBE: From Discovery to Attribution}}, date = {2011}, institution = {Spiegel Online}, url = {http://www.spiegel.de/media/media-35683.pdf}, language = {English}, urldate = {2019-12-17} } SNOWGLOBE: From Discovery to Attribution
Babar

Credits: MISP Project