SYMBOLCOMMON_NAMEaka. SYNONYMS
ps1.bondupdater (Back to overview)

BONDUPDATER

aka: Poison Frog, Glimpse

Actor(s): OilRig, APT34


There is no description at this point.

References
2020-02-13QianxinQi Anxin Threat Intelligence Center
@techreport{center:20200213:report:146d333, author = {Qi Anxin Threat Intelligence Center}, title = {{APT Report 2019}}, date = {2020-02-13}, institution = {Qianxin}, url = {https://ti.qianxin.com/uploads/2020/02/13/cb78386a082f465f259b37dae5df4884.pdf}, language = {English}, urldate = {2020-02-27} } APT Report 2019
Chrysaor Exodus Dacls elf.vpnfilter DNSRat Griffon KopiLuwak More_eggs SQLRat AppleJeus BONDUPDATER Agent.BTZ Anchor AndroMut AppleJeus BOOSTWRITE Brambul Carbanak Cobalt Strike Dacls DistTrack DNSpionage Dtrack ELECTRICFISH FlawedAmmyy FlawedGrace Get2 Grateful POS HOPLIGHT Imminent Monitor RAT jason Joanap KerrDown KEYMARBLE Lambert LightNeuron LoJax MiniDuke PolyglotDuke PowerRatankba Rising Sun SDBbot ServHelper Snatch Stuxnet TinyMet tRat TrickBot Volgmer X-Agent Zebrocy
2020SecureworksSecureWorks
@online{secureworks:2020:cobalt:ce31320, author = {SecureWorks}, title = {{COBALT GYPSY}}, date = {2020}, organization = {Secureworks}, url = {https://www.secureworks.com/research/threat-profiles/cobalt-gypsy}, language = {English}, urldate = {2020-05-23} } COBALT GYPSY
TwoFace MacDownloader BONDUPDATER pupy Helminth jason RGDoor TinyZbot OilRig
2019-11-09NSFOCUSMina Hao
@online{hao:20191109:apt34:550c673, author = {Mina Hao}, title = {{APT34 Event Analysis Report}}, date = {2019-11-09}, organization = {NSFOCUS}, url = {https://nsfocusglobal.com/apt34-event-analysis-report/}, language = {English}, urldate = {2020-03-09} } APT34 Event Analysis Report
BONDUPDATER DNSpionage
2019-09-18IronNetJonathan Lepore
@online{lepore:20190918:chirp:44c11e9, author = {Jonathan Lepore}, title = {{Chirp of the PoisonFrog}}, date = {2019-09-18}, organization = {IronNet}, url = {https://ironnet.com/blog/chirp-of-the-poisonfrog/}, language = {English}, urldate = {2020-01-09} } Chirp of the PoisonFrog
BONDUPDATER
2019-05-02Marco Ramilli's BlogMarco Ramilli
@online{ramilli:20190502:apt34:06f5d53, author = {Marco Ramilli}, title = {{APT34: Glimpse project}}, date = {2019-05-02}, organization = {Marco Ramilli's Blog}, url = {https://marcoramilli.com/2019/05/02/apt34-glimpse-project/}, language = {English}, urldate = {2020-01-13} } APT34: Glimpse project
BONDUPDATER
2019-04-30Palo Alto Networks Unit 42Bryan Lee, Robert Falcone
@online{lee:20190430:behind:01b3010, author = {Bryan Lee and Robert Falcone}, title = {{Behind the Scenes with OilRig}}, date = {2019-04-30}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/behind-the-scenes-with-oilrig/}, language = {English}, urldate = {2020-01-06} } Behind the Scenes with OilRig
BONDUPDATER
2019-04-19Mediumx0rz
@online{x0rz:20190419:hacking:682f038, author = {x0rz}, title = {{Hacking (Back) and Influence Operations}}, date = {2019-04-19}, organization = {Medium}, url = {https://blog.0day.rocks/hacking-back-and-influence-operations-85cd52c1e933}, language = {English}, urldate = {2020-01-13} } Hacking (Back) and Influence Operations
BONDUPDATER
2019-04-16Robert Falcone
@online{falcone:20190416:dns:fed953e, author = {Robert Falcone}, title = {{DNS Tunneling in the Wild: Overview of OilRig’s DNS Tunneling}}, date = {2019-04-16}, url = {https://unit42.paloaltonetworks.com/dns-tunneling-in-the-wild-overview-of-oilrigs-dns-tunneling/}, language = {English}, urldate = {2019-12-03} } DNS Tunneling in the Wild: Overview of OilRig’s DNS Tunneling
BONDUPDATER QUADAGENT Alma Communicator Helminth ISMAgent
2018-09-14NetScoutASERT Team
@online{team:20180914:tunneling:c41e0f2, author = {ASERT Team}, title = {{Tunneling Under the Sands}}, date = {2018-09-14}, organization = {NetScout}, url = {https://www.netscout.com/blog/asert/tunneling-under-sands}, language = {English}, urldate = {2020-01-13} } Tunneling Under the Sands
BONDUPDATER
2018-09-12Palo Alto Networks Unit 42Kyle Wilhoit, Robert Falcone
@online{wilhoit:20180912:oilrig:5c64e44, author = {Kyle Wilhoit and Robert Falcone}, title = {{OilRig Uses Updated BONDUPDATER to Target Middle Eastern Government}}, date = {2018-09-12}, organization = {Palo Alto Networks Unit 42}, url = {https://researchcenter.paloaltonetworks.com/2018/09/unit42-oilrig-uses-updated-bondupdater-target-middle-eastern-government/}, language = {English}, urldate = {2019-12-20} } OilRig Uses Updated BONDUPDATER to Target Middle Eastern Government
BONDUPDATER
2018-04-20Booz Allen HamiltonJay Novak, Matthew Pennington
@online{novak:20180420:researchers:6764b0e, author = {Jay Novak and Matthew Pennington}, title = {{Researchers Discover New variants of APT34 Malware}}, date = {2018-04-20}, organization = {Booz Allen Hamilton}, url = {https://www.boozallen.com/s/insight/blog/dark-labs-discovers-apt34-malware-variants.html?cid=spo-csatb-2}, language = {English}, urldate = {2020-01-06} } Researchers Discover New variants of APT34 Malware
BONDUPDATER POWRUNER
2015-09-17F-SecureF-Secure Global
@online{global:20150917:dukes:5dc47f5, author = {F-Secure Global}, title = {{The Dukes: 7 Years Of Russian Cyber-Espionage}}, date = {2015-09-17}, organization = {F-Secure}, url = {https://www.zdnet.com/article/source-code-of-iranian-cyber-espionage-tools-leaked-on-telegram/}, language = {English}, urldate = {2020-01-09} } The Dukes: 7 Years Of Russian Cyber-Espionage
TwoFace BONDUPDATER DNSpionage

There is no Yara-Signature yet.