SYMBOLCOMMON_NAMEaka. SYNONYMS
elf.keyplug (Back to overview)

KEYPLUG

aka: ELFSHELF

Actor(s): APT41


There is no description at this point.

References
2022-03-28MandiantGeoff Ackerman, Tufail Ahmed, James Maclachlan, Dallin Warne, John Wolfram, Brandon Wilbur
@online{ackerman:20220328:forged:3105d8e, author = {Geoff Ackerman and Tufail Ahmed and James Maclachlan and Dallin Warne and John Wolfram and Brandon Wilbur}, title = {{Forged in Fire: A Survey of MobileIron Log4Shell Exploitation}}, date = {2022-03-28}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/mobileiron-log4shell-exploitation}, language = {English}, urldate = {2022-03-30} } Forged in Fire: A Survey of MobileIron Log4Shell Exploitation
KEYPLUG
2022-03-08MandiantRufus Brown, Van Ta, Douglas Bienstock, Geoff Ackerman, John Wolfram
@online{brown:20220308:does:94c6c3e, author = {Rufus Brown and Van Ta and Douglas Bienstock and Geoff Ackerman and John Wolfram}, title = {{Does This Look Infected? A Summary of APT41 Targeting U.S. State Governments}}, date = {2022-03-08}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/apt41-us-state-governments}, language = {English}, urldate = {2022-03-10} } Does This Look Infected? A Summary of APT41 Targeting U.S. State Governments
KEYPLUG Cobalt Strike LOWKEY
2022-03-08Twitter (@CyberJack42)CyberJack
@online{cyberjack:20220308:elfshelf:2111663, author = {CyberJack}, title = {{Tweet on ELFSHELF alias for KEYPLUG}}, date = {2022-03-08}, organization = {Twitter (@CyberJack42)}, url = {https://twitter.com/CyberJack42/status/1501290277864046595}, language = {English}, urldate = {2022-03-14} } Tweet on ELFSHELF alias for KEYPLUG
KEYPLUG
2022-02-26MandiantMandiant
@online{mandiant:20220226:trending:a445d4a, author = {Mandiant}, title = {{TRENDING EVIL Q1 2022}}, date = {2022-02-26}, organization = {Mandiant}, url = {https://experience.mandiant.com/trending-evil/p/1}, language = {English}, urldate = {2022-03-14} } TRENDING EVIL Q1 2022
KEYPLUG FAKEUPDATES GootLoader BazarBackdoor QakBot

There is no Yara-Signature yet.