SYMBOLCOMMON_NAMEaka. SYNONYMS
elf.wellmess (Back to overview)

elf.wellmess

Actor(s): APT 29

There is no description at this point.

References
2021-10-19NTTThreat Detection Team Security division of NTT
@online{ntt:20211019:layered:92e34d1, author = {Threat Detection Team Security division of NTT}, title = {{The layered infrastructure operated by APT29}}, date = {2021-10-19}, organization = {NTT}, url = {https://services.global.ntt/en-us/insights/blog/the-layered-infrastructure-operated-by-apt29}, language = {English}, urldate = {2021-12-31} } The layered infrastructure operated by APT29
elf.wellmess
2021-07-30RiskIQTeam Atlas
@online{atlas:20210730:bear:04ae603, author = {Team Atlas}, title = {{Bear Tracks: Infrastructure Patterns Lead to More Than 30 Active APT29 C2 Servers}}, date = {2021-07-30}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/541a465f/description}, language = {English}, urldate = {2021-08-02} } Bear Tracks: Infrastructure Patterns Lead to More Than 30 Active APT29 C2 Servers
elf.wellmess WellMess
2021-07-27BlackberryBlackBerry Research & Intelligence Team
@techreport{team:20210727:old:3060d53, author = {BlackBerry Research & Intelligence Team}, title = {{Old Dogs New Tricks: Attackers Adopt Exotic Programming Languages}}, date = {2021-07-27}, institution = {Blackberry}, url = {https://www.blackberry.com/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-old-dogs-new-tricks.pdf}, language = {English}, urldate = {2021-07-27} } Old Dogs New Tricks: Attackers Adopt Exotic Programming Languages
elf.wellmess ElectroRAT BazarNimrod Buer Cobalt Strike Remcos Snake TeleBot WellMess Zebrocy
2021-04-26CISACISA, FBI, Department of Homeland Security
@techreport{cisa:20210426:russian:0ef89c2, author = {CISA and FBI and Department of Homeland Security}, title = {{Russian Foreign Intelligence Service (SVR)Cyber Operations: Trends and Best Practices for Network Defenders}}, date = {2021-04-26}, institution = {CISA}, url = {https://us-cert.cisa.gov/sites/default/files/publications/AA21-116A_Russian_Foreign_Intelligence_Service_Cyber_Operations_508C.pdf}, language = {English}, urldate = {2021-04-29} } Russian Foreign Intelligence Service (SVR)Cyber Operations: Trends and Best Practices for Network Defenders
elf.wellmess WellMess
2021-03-21BlackberryBlackberry Research
@techreport{research:20210321:2021:a393473, author = {Blackberry Research}, title = {{2021 Threat Report}}, date = {2021-03-21}, institution = {Blackberry}, url = {https://www.blackberry.com/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-bb-2021-threat-report.pdf}, language = {English}, urldate = {2021-03-25} } 2021 Threat Report
Bashlite FritzFrog IPStorm Mirai Tsunami elf.wellmess AppleJeus Dacls EvilQuest Manuscrypt Astaroth BazarBackdoor Cerber Cobalt Strike Emotet FinFisher RAT Kwampirs MimiKatz NjRAT Ryuk SmokeLoader TrickBot
2021-02-28PWC UKPWC UK
@techreport{uk:20210228:cyber:bd780cd, author = {PWC UK}, title = {{Cyber Threats 2020: A Year in Retrospect}}, date = {2021-02-28}, institution = {PWC UK}, url = {https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf}, language = {English}, urldate = {2021-03-04} } Cyber Threats 2020: A Year in Retrospect
elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare APT10 APT23 APT27 APT31 APT41 BlackTech BRONZE EDGEWOOD Inception Framework MUSTANG PANDA Red Charon Red Nue Tonto Team
2021-02-25IntezerIntezer
@techreport{intezer:20210225:year:eb47cd1, author = {Intezer}, title = {{Year of the Gopher A 2020 Go Malware Round-Up}}, date = {2021-02-25}, institution = {Intezer}, url = {https://www.intezer.com/wp-content/uploads/2021/02/Intezer-2020-Go-Malware-Round-Up.pdf}, language = {English}, urldate = {2021-06-30} } Year of the Gopher A 2020 Go Malware Round-Up
NiuB WellMail elf.wellmess ArdaMax AsyncRAT CyberGate DarkComet Glupteba Nanocore RAT Nefilim NjRAT Quasar RAT WellMess Zebrocy
2020-12-21IntezerIntezer
@online{intezer:20201221:top:9529707, author = {Intezer}, title = {{Top Linux Cloud Threats of 2020}}, date = {2020-12-21}, organization = {Intezer}, url = {https://www.intezer.com/blog/cloud-security/top-linux-cloud-threats-of-2020/}, language = {English}, urldate = {2020-12-26} } Top Linux Cloud Threats of 2020
AgeLocker AnchorDNS Blackrota Cloud Snooper Dacls Doki FritzFrog IPStorm Kaiji Kinsing NOTROBIN Penquin Turla PLEAD Prometei RansomEXX Stantinko TeamTNT TSCookie WellMail elf.wellmess TeamTNT
2020-12-21IronNetAdam Hlavek, Kimberly Ortiz
@online{hlavek:20201221:russian:804662f, author = {Adam Hlavek and Kimberly Ortiz}, title = {{Russian cyber attack campaigns and actors}}, date = {2020-12-21}, organization = {IronNet}, url = {https://www.ironnet.com/blog/russian-cyber-attack-campaigns-and-actors}, language = {English}, urldate = {2021-01-05} } Russian cyber attack campaigns and actors
WellMail elf.wellmess Agent.BTZ BlackEnergy EternalPetya Havex RAT Industroyer Ryuk Triton WellMess
2020-09-10Kaspersky LabsGReAT
@online{great:20200910:overview:f751b73, author = {GReAT}, title = {{An overview of targeted attacks and APTs on Linux}}, date = {2020-09-10}, organization = {Kaspersky Labs}, url = {https://securelist.com/an-overview-of-targeted-attacks-and-apts-on-linux/98440/}, language = {English}, urldate = {2020-10-05} } An overview of targeted attacks and APTs on Linux
Cloud Snooper Dacls DoubleFantasy MESSAGETAP Penquin Turla Tsunami elf.wellmess X-Agent
2020-08-17PWCPWC UK
@online{uk:20200817:wellmess:a67a30c, author = {PWC UK}, title = {{WellMess malware: analysis of its Command and Control (C2) server}}, date = {2020-08-17}, organization = {PWC}, url = {https://www.pwc.co.uk/issues/cyber-security-services/insights/wellmess-analysis-command-control.html}, language = {English}, urldate = {2020-08-20} } WellMess malware: analysis of its Command and Control (C2) server
elf.wellmess
2020-08-13Talos IntelligenceMartin Lee, Paul Rascagnères, Vitor Ventura
@online{lee:20200813:attribution:ced59ff, author = {Martin Lee and Paul Rascagnères and Vitor Ventura}, title = {{Attribution: A Puzzle}}, date = {2020-08-13}, organization = {Talos Intelligence}, url = {https://blog.talosintelligence.com/2020/08/attribution-puzzle.html}, language = {English}, urldate = {2020-08-14} } Attribution: A Puzzle
WellMail elf.wellmess AcidBox WellMess
2020-07-29Kaspersky LabsGReAT
@online{great:20200729:trends:6810325, author = {GReAT}, title = {{APT trends report Q2 2020}}, date = {2020-07-29}, organization = {Kaspersky Labs}, url = {https://securelist.com/apt-trends-report-q2-2020/97937/}, language = {English}, urldate = {2020-07-30} } APT trends report Q2 2020
PhantomLance Dacls Penquin Turla elf.wellmess AppleJeus Dacls AcidBox Cobalt Strike Dacls EternalPetya Godlike12 Olympic Destroyer PlugX shadowhammer ShadowPad Sinowal VHD Ransomware Volgmer WellMess X-Agent XTunnel
2020-07-16NCSC UKNCSC UK
@techreport{uk:20200716:advisory:d2a121d, author = {NCSC UK}, title = {{Advisory: APT29 targets COVID-19 vaccine development}}, date = {2020-07-16}, institution = {NCSC UK}, url = {https://www.ncsc.gov.uk/files/Advisory-APT29-targets-COVID-19-vaccine-development.pdf}, language = {English}, urldate = {2020-09-01} } Advisory: APT29 targets COVID-19 vaccine development
WellMail elf.wellmess SoreFang WellMess
2020-07-16PWC UKPWC UK
@online{uk:20200716:how:8504d30, author = {PWC UK}, title = {{How WellMess malware has been used to target Covid-19 vaccines}}, date = {2020-07-16}, organization = {PWC UK}, url = {https://www.pwc.co.uk/issues/cyber-security-services/insights/cleaning-up-after-wellmess.html}, language = {English}, urldate = {2020-07-17} } How WellMess malware has been used to target Covid-19 vaccines
elf.wellmess WellMess
2020-05-26CISAUS-CERT
@online{uscert:20200526:alert:ee61285, author = {US-CERT}, title = {{Alert (AA21-116A): Russian Foreign Intelligence Service (SVR) Cyber Operations: Trends and Best Practices for Network Defenders}}, date = {2020-05-26}, organization = {CISA}, url = {https://us-cert.cisa.gov/ncas/alerts/aa21-116a}, language = {English}, urldate = {2021-06-09} } Alert (AA21-116A): Russian Foreign Intelligence Service (SVR) Cyber Operations: Trends and Best Practices for Network Defenders
elf.wellmess WellMess
2018-12-01BotconfYoshihiro Ishikawa, Shinichi Nagano
@techreport{ishikawa:20181201:lets:73b0c60, author = {Yoshihiro Ishikawa and Shinichi Nagano}, title = {{Let's go with a Go RAT!}}, date = {2018-12-01}, institution = {Botconf}, url = {https://www.botconf.eu/wp-content/uploads/2018/12/2018-Y-Ishikawa-S-Nagano-Lets-go-with-a-Go-RAT-_final.pdf}, language = {English}, urldate = {2020-04-28} } Let's go with a Go RAT!
elf.wellmess WellMess
2018-07-06JPCERT/CCShusei Tomonaga
@online{tomonaga:20180706:malware:dc21b83, author = {Shusei Tomonaga}, title = {{Malware “WellMess” Targeting Linux and Windows}}, date = {2018-07-06}, organization = {JPCERT/CC}, url = {https://blogs.jpcert.or.jp/en/2018/07/malware-wellmes-9b78.html}, language = {English}, urldate = {2020-07-17} } Malware “WellMess” Targeting Linux and Windows
elf.wellmess WellMess

There is no Yara-Signature yet.