SYMBOLCOMMON_NAMEaka. SYNONYMS
elf.wellmail (Back to overview)

WellMail

Actor(s): APT 29


There is no description at this point.

References
2020-12-21IntezerIntezer
@online{intezer:20201221:top:9529707, author = {Intezer}, title = {{Top Linux Cloud Threats of 2020}}, date = {2020-12-21}, organization = {Intezer}, url = {https://www.intezer.com/blog/cloud-security/top-linux-cloud-threats-of-2020/}, language = {English}, urldate = {2020-12-26} } Top Linux Cloud Threats of 2020
AgeLocker Anchor_DNS Blackrota Cloud Snooper Dacls Doki FritzFrog IPStorm Kaiji Kinsing NOTROBIN Penquin Turla PLEAD Prometei RansomEXX Stantinko TeamTNT TSCookie WellMail elf.wellmess
2020-12-21IronNetAdam Hlavek, Kimberly Ortiz
@online{hlavek:20201221:russian:804662f, author = {Adam Hlavek and Kimberly Ortiz}, title = {{Russian cyber attack campaigns and actors}}, date = {2020-12-21}, organization = {IronNet}, url = {https://www.ironnet.com/blog/russian-cyber-attack-campaigns-and-actors}, language = {English}, urldate = {2021-01-05} } Russian cyber attack campaigns and actors
WellMail elf.wellmess Agent.BTZ BlackEnergy EternalPetya Havex RAT Industroyer Ryuk Triton WellMess
2020-11-03Kaspersky LabsGReAT
@online{great:20201103:trends:febc159, author = {GReAT}, title = {{APT trends report Q3 2020}}, date = {2020-11-03}, organization = {Kaspersky Labs}, url = {https://securelist.com/apt-trends-report-q3-2020/99204/}, language = {English}, urldate = {2020-11-04} } APT trends report Q3 2020
WellMail EVILNUM Janicab Poet RAT AsyncRAT Ave Maria Cobalt Strike Crimson RAT CROSSWALK Dtrack LODEINFO MoriAgent Okrum PlugX poisonplug Rover ShadowPad SoreFang Winnti
2020-09-17PWC UKPWC UK
@online{uk:20200917:analysis:6156982, author = {PWC UK}, title = {{Analysis of WellMail malware's Command and Control (C2) server}}, date = {2020-09-17}, organization = {PWC UK}, url = {https://www.pwc.co.uk/issues/cyber-security-services/insights/wellmail.html}, language = {English}, urldate = {2020-09-25} } Analysis of WellMail malware's Command and Control (C2) server
WellMail
2020-08-13Talos IntelligenceMartin Lee, Paul Rascagnères, Vitor Ventura
@online{lee:20200813:attribution:ced59ff, author = {Martin Lee and Paul Rascagnères and Vitor Ventura}, title = {{Attribution: A Puzzle}}, date = {2020-08-13}, organization = {Talos Intelligence}, url = {https://blog.talosintelligence.com/2020/08/attribution-puzzle.html}, language = {English}, urldate = {2020-08-14} } Attribution: A Puzzle
WellMail elf.wellmess AcidBox WellMess
2020-07-16NCSC UKNCSC UK
@techreport{uk:20200716:advisory:d2a121d, author = {NCSC UK}, title = {{Advisory: APT29 targets COVID-19 vaccine development}}, date = {2020-07-16}, institution = {NCSC UK}, url = {https://www.ncsc.gov.uk/files/Advisory-APT29-targets-COVID-19-vaccine-development.pdf}, language = {English}, urldate = {2020-09-01} } Advisory: APT29 targets COVID-19 vaccine development
WellMail elf.wellmess SoreFang WellMess
2020-07-16CISAUS-CERT
@online{uscert:20200716:malware:b2a55f2, author = {US-CERT}, title = {{Malware Analysis Report (AR20-198C)}}, date = {2020-07-16}, organization = {CISA}, url = {https://us-cert.cisa.gov/ncas/analysis-reports/ar20-198c}, language = {English}, urldate = {2020-07-20} } Malware Analysis Report (AR20-198C)
WellMail

There is no Yara-Signature yet.