SYMBOLCOMMON_NAMEaka. SYNONYMS
elf.xagent (Back to overview)

X-Agent

aka: splm, chopstick, fysbis

Actor(s): APT28

There is no description at this point.

References
2020-09-10Kaspersky LabsGReAT
@online{great:20200910:overview:f751b73, author = {GReAT}, title = {{An overview of targeted attacks and APTs on Linux}}, date = {2020-09-10}, organization = {Kaspersky Labs}, url = {https://securelist.com/an-overview-of-targeted-attacks-and-apts-on-linux/98440/}, language = {English}, urldate = {2020-10-05} } An overview of targeted attacks and APTs on Linux
Cloud Snooper Dacls DoubleFantasy MESSAGETAP Penquin Turla Tsunami elf.wellmess X-Agent
2020SecureworksSecureWorks
@online{secureworks:2020:iron:48c68a0, author = {SecureWorks}, title = {{IRON TWILIGHT}}, date = {2020}, organization = {Secureworks}, url = {https://www.secureworks.com/research/threat-profiles/iron-twilight}, language = {English}, urldate = {2020-05-23} } IRON TWILIGHT
X-Agent X-Agent X-Agent Computrace HideDRV Sedreco Seduploader X-Agent XTunnel Zebrocy Zebrocy (AutoIT)
2017-02-20Contagio DumpMila Parkour
@online{parkour:20170220:part:c54b5de, author = {Mila Parkour}, title = {{Part I. Russian APT - APT28 collection of samples including OSX XAgent}}, date = {2017-02-20}, organization = {Contagio Dump}, url = {https://contagiodump.blogspot.de/2017/02/russian-apt-apt28-collection-of-samples.html}, language = {English}, urldate = {2019-11-26} } Part I. Russian APT - APT28 collection of samples including OSX XAgent
X-Agent Komplex Coreshell Downdelph HideDRV SEADADDY Sedreco Seduploader X-Agent XTunnel
2016-10-20ESET ResearchESET Research
@techreport{research:20161020:en:e2e6603, author = {ESET Research}, title = {{En Route with Sednit Part 2: Observing the Comings and Goings}}, date = {2016-10-20}, institution = {ESET Research}, url = {http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf}, language = {English}, urldate = {2019-10-25} } En Route with Sednit Part 2: Observing the Comings and Goings
X-Agent Sedreco X-Agent XTunnel
2016-06-15CrowdStrikeDmitri Alperovitch
@online{alperovitch:20160615:bears:604c1d9, author = {Dmitri Alperovitch}, title = {{Bears in the Midst: Intrusion into the Democratic National Committee}}, date = {2016-06-15}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/}, language = {English}, urldate = {2022-03-14} } Bears in the Midst: Intrusion into the Democratic National Committee
X-Agent ATI-Agent SEADADDY Seduploader X-Agent XTunnel APT28
2016-02-12Palo Alto Networks Unit 42Bryan Lee, Rob Downs
@online{lee:20160212:look:1483b5a, author = {Bryan Lee and Rob Downs}, title = {{A Look Into Fysbis: Sofacy’s Linux Backdoor}}, date = {2016-02-12}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/a-look-into-fysbis-sofacys-linux-backdoor/}, language = {English}, urldate = {2020-01-13} } A Look Into Fysbis: Sofacy’s Linux Backdoor
X-Agent
2016-02-12Palo Alto Networks Unit 42Bryan Lee, Rob Downs
@online{lee:20160212:look:4113ea1, author = {Bryan Lee and Rob Downs}, title = {{A Look Into Fysbis: Sofacy’s Linux Backdoor}}, date = {2016-02-12}, organization = {Palo Alto Networks Unit 42}, url = {http://researchcenter.paloaltonetworks.com/2016/02/a-look-into-fysbis-sofacys-linux-backdoor/}, language = {English}, urldate = {2019-12-20} } A Look Into Fysbis: Sofacy’s Linux Backdoor
X-Agent
2015-12-17BitdefenderBitdefender
@techreport{bitdefender:20151217:apt28:fca586f, author = {Bitdefender}, title = {{APT28 Under the Scope: A Journey into Exfiltrating Intelligence and Government Information}}, date = {2015-12-17}, institution = {Bitdefender}, url = {https://download.bitdefender.com/resources/media/materials/white-papers/en/Bitdefender_In-depth_analysis_of_APT28%E2%80%93The_Political_Cyber-Espionage.pdf}, language = {English}, urldate = {2020-01-09} } APT28 Under the Scope: A Journey into Exfiltrating Intelligence and Government Information
X-Agent XP PrivEsc (CVE-2014-4076)

There is no Yara-Signature yet.