SYMBOLCOMMON_NAMEaka. SYNONYMS

XENOTIME  (Back to overview)


Adversaries abusing ICS (based on Dragos Inc adversary list).


Associated Families
win.triton

References
2022-04-20CISACISA, NSA, FBI, Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), Government Communications Security Bureau, NCSC UK, National Crime Agency (NCA)
@techreport{cisa:20220420:aa22110a:4fde5d6, author = {CISA and NSA and FBI and Australian Cyber Security Centre (ACSC) and Canadian Centre for Cyber Security (CCCS) and Government Communications Security Bureau and NCSC UK and National Crime Agency (NCA)}, title = {{AA22-110A Joint CSA: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure}}, date = {2022-04-20}, institution = {CISA}, url = {https://www.cisa.gov/uscert/sites/default/files/publications/AA22-110A_Joint_CSA_Russian_State-Sponsored_and_Criminal_Cyber_Threats_to_Critical_Infrastructure_4_20_22_Final.pdf}, language = {English}, urldate = {2022-04-25} } AA22-110A Joint CSA: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure
VPNFilter BlackEnergy DanaBot DoppelDridex Emotet EternalPetya GoldMax Industroyer Sality SmokeLoader TrickBot Triton Zloader
2022-04-20CISACISA
@online{cisa:20220420:alert:529e28c, author = {CISA}, title = {{Alert (AA22-110A): Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure}}, date = {2022-04-20}, organization = {CISA}, url = {https://www.cisa.gov/uscert/ncas/alerts/aa22-110a}, language = {English}, urldate = {2022-04-25} } Alert (AA22-110A): Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure
VPNFilter BlackEnergy DanaBot DoppelDridex Emotet EternalPetya GoldMax Industroyer Sality SmokeLoader TrickBot Triton Zloader Killnet
2022-03-24FBIFBI
@techreport{fbi:20220324:pin:d54bbb9, author = {FBI}, title = {{PIN Number 20220324-001 TRITON Malware Remains Threat to Global Critical Infrastructure Industrial Control Systems (ICS)}}, date = {2022-03-24}, institution = {FBI}, url = {https://www.ic3.gov/Media/News/2022/220325.pdf}, language = {English}, urldate = {2022-03-25} } PIN Number 20220324-001 TRITON Malware Remains Threat to Global Critical Infrastructure Industrial Control Systems (ICS)
Triton
2022-03-24CISAUS-CERT
@online{uscert:20220324:alert:03a7f21, author = {US-CERT}, title = {{Alert (AA22-083A) Tactics, Techniques, and Procedures of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector}}, date = {2022-03-24}, organization = {CISA}, url = {https://www.cisa.gov/uscert/ncas/alerts/aa22-083a}, language = {English}, urldate = {2022-03-25} } Alert (AA22-083A) Tactics, Techniques, and Procedures of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector
Havex RAT Triton
2021-02-11DomainToolsJoe Slowik
@online{slowik:20210211:visibility:5d2f96e, author = {Joe Slowik}, title = {{Visibility, Monitoring, and Critical Infrastructure Security}}, date = {2021-02-11}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/visibility-monitoring-and-critical-infrastructure-security}, language = {English}, urldate = {2021-02-20} } Visibility, Monitoring, and Critical Infrastructure Security
Industroyer Stuxnet Triton
2020-12-21IronNetAdam Hlavek, Kimberly Ortiz
@online{hlavek:20201221:russian:804662f, author = {Adam Hlavek and Kimberly Ortiz}, title = {{Russian cyber attack campaigns and actors}}, date = {2020-12-21}, organization = {IronNet}, url = {https://www.ironnet.com/blog/russian-cyber-attack-campaigns-and-actors}, language = {English}, urldate = {2021-01-05} } Russian cyber attack campaigns and actors
WellMail elf.wellmess Agent.BTZ BlackEnergy EternalPetya Havex RAT Industroyer Ryuk Triton WellMess
2020-10-23U.S. Department of the TreasuryU.S. Department of the Treasury
@online{treasury:20201023:treasury:c08bd19, author = {U.S. Department of the Treasury}, title = {{Treasury Sanctions Russian Government Research Institution Connected to the Triton Malware}}, date = {2020-10-23}, organization = {U.S. Department of the Treasury}, url = {https://home.treasury.gov/news/press-releases/sm1162}, language = {English}, urldate = {2020-10-26} } Treasury Sanctions Russian Government Research Institution Connected to the Triton Malware
Triton
2019-08-01Kaspersky LabsGReAT
@online{great:20190801:trends:5e25d5b, author = {GReAT}, title = {{APT trends report Q2 2019}}, date = {2019-08-01}, organization = {Kaspersky Labs}, url = {https://securelist.com/apt-trends-report-q2-2019/91897/}, language = {English}, urldate = {2020-08-13} } APT trends report Q2 2019
ZooPark magecart POWERSTATS Chaperone COMpfun EternalPetya FinFisher RAT HawkEye Keylogger HOPLIGHT Microcin NjRAT Olympic Destroyer PLEAD RokRAT Triton Zebrocy Microcin
2019-04-10Github (ICSrepo)Marcin Dudek
@online{dudek:20190410:trisis:480b199, author = {Marcin Dudek}, title = {{TRISIS / TRITON / HatMan Malware Repository}}, date = {2019-04-10}, organization = {Github (ICSrepo)}, url = {https://github.com/ICSrepo/TRISIS-TRITON-HATMAN}, language = {English}, urldate = {2019-07-09} } TRISIS / TRITON / HatMan Malware Repository
Triton
2019-03-07E&E NewsBlake Sobczak
@online{sobczak:20190307:inside:9bae24e, author = {Blake Sobczak}, title = {{The inside story of the world's most dangerous malware}}, date = {2019-03-07}, organization = {E&E News}, url = {https://www.eenews.net/stories/1060123327/}, language = {English}, urldate = {2020-04-07} } The inside story of the world's most dangerous malware
Triton
2019DragosDragos
@online{dragos:2019:adversary:0237a20, author = {Dragos}, title = {{Adversary Reports}}, date = {2019}, organization = {Dragos}, url = {https://dragos.com/adversaries.html}, language = {English}, urldate = {2020-01-10} } Adversary Reports
ALLANITE CHRYSENE DYMALLOY ELECTRUM Lazarus Group MAGNALLIUM XENOTIME
2018-10-23FireEyeFireEye Intelligence
@online{intelligence:20181023:triton:95a881f, author = {FireEye Intelligence}, title = {{TRITON Attribution: Russian Government-Owned Lab Most Likely Built Custom Intrusion Tools for TRITON Attackers}}, date = {2018-10-23}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2018/10/triton-attribution-russian-government-owned-lab-most-likely-built-tools.html}, language = {English}, urldate = {2019-12-20} } TRITON Attribution: Russian Government-Owned Lab Most Likely Built Custom Intrusion Tools for TRITON Attackers
Triton
2018-10-01SANS Cyber SummitAndrea Carcano
@techreport{carcano:20181001:triton:7863291, author = {Andrea Carcano}, title = {{TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of Industrial Control Systems, Forever}}, date = {2018-10-01}, institution = {SANS Cyber Summit}, url = {https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1538425180.pdf}, language = {English}, urldate = {2020-01-20} } TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of Industrial Control Systems, Forever
Triton
2018-08-08Nozomi NetworksAlessandro Di Pinto, Younes Dragoni, Andrea Carcano
@techreport{pinto:20180808:triton:7c9e25d, author = {Alessandro Di Pinto and Younes Dragoni and Andrea Carcano}, title = {{TRITON: The First ICS Cyber Attack on Safety Instrument Systems}}, date = {2018-08-08}, institution = {Nozomi Networks}, url = {https://www.nozominetworks.com//downloads/US/Nozomi-Networks-TRITON-The-First-SIS-Cyberattack.pdf}, language = {English}, urldate = {2021-09-24} } TRITON: The First ICS Cyber Attack on Safety Instrument Systems
Triton
2018-04-10NCCICNCCIC
@techreport{nccic:20180410:mar1735201:b351b8c, author = {NCCIC}, title = {{MAR-17-352-01 HatMan - Safety System Targeted Malware (Update A)}}, date = {2018-04-10}, institution = {NCCIC}, url = {https://us-cert.cisa.gov/sites/default/files/documents/MAR-17-352-01%20HatMan%20-%20Safety%20System%20Targeted%20Malware%20%28Update%20A%29_S508C.PDF}, language = {English}, urldate = {2021-08-09} } MAR-17-352-01 HatMan - Safety System Targeted Malware (Update A)
Triton
2018-01-16Midnight Blue LabsJos Wetzels, Carlo Meijer
@online{wetzels:20180116:analyzing:aac7e2f, author = {Jos Wetzels and Carlo Meijer}, title = {{Analyzing the TRITON industrial malware}}, date = {2018-01-16}, organization = {Midnight Blue Labs}, url = {https://www.midnightbluelabs.com/blog/2018/1/16/analyzing-the-triton-industrial-malware}, language = {English}, urldate = {2020-01-07} } Analyzing the TRITON industrial malware
Triton
2017-12-18NCCICNCCIC
@techreport{nccic:20171218:malware:42d9be2, author = {NCCIC}, title = {{Malware Analysis Report on Hatman}}, date = {2017-12-18}, institution = {NCCIC}, url = {https://ics-cert.us-cert.gov/sites/default/files/documents/MAR-17-352-01%20HatMan%E2%80%94Safety%20System%20Targeted%20Malware_S508C.pdf}, language = {English}, urldate = {2020-01-09} } Malware Analysis Report on Hatman
Triton
2017-12-14FireEyeBlake Johnson, Dan Caban, Marina Krotofil, Dan Scali, Nathan Brubaker, Christopher Glyer
@online{johnson:20171214:attackers:6b0be76, author = {Blake Johnson and Dan Caban and Marina Krotofil and Dan Scali and Nathan Brubaker and Christopher Glyer}, title = {{Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure}}, date = {2017-12-14}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html}, language = {English}, urldate = {2019-12-20} } Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure
Triton TEMP.Veles
2017-12-13DragosDragos
@techreport{dragos:20171213:trisis:43675c1, author = {Dragos}, title = {{TRISIS Malware: Analysis of Safety System Targeted Malware}}, date = {2017-12-13}, institution = {Dragos}, url = {https://dragos.com/blog/trisis/TRISIS-01.pdf}, language = {English}, urldate = {2020-01-13} } TRISIS Malware: Analysis of Safety System Targeted Malware
Triton

Credits: MISP Project