SYMBOLCOMMON_NAMEaka. SYNONYMS
win.envyscout (Back to overview)

EnvyScout

aka: ROOTSAW

There is no description at this point.

References
2022-09-06INCIBE-CERTINCIBE
@techreport{incibe:20220906:estudio:20f14b0, author = {INCIBE}, title = {{Estudio del análisis de Nobelium}}, date = {2022-09-06}, institution = {INCIBE-CERT}, url = {https://www.incibe-cert.es/sites/default/files/contenidos/estudios/doc/incibe-cert_estudio_analisis_nobelium_2022_v1.pdf}, language = {Spanish}, urldate = {2022-11-22} } Estudio del análisis de Nobelium
BEATDROP BOOMBOX Cobalt Strike EnvyScout Unidentified 099 (APT29 Dropbox Loader) VaporRage
2022-07-19Palo Alto Networks Unit 42Mike Harbison, Peter Renals
@online{harbison:20220719:russian:acbf388, author = {Mike Harbison and Peter Renals}, title = {{Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive}}, date = {2022-07-19}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/cloaked-ursa-online-storage-services-campaigns/}, language = {English}, urldate = {2022-07-19} } Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive
Cobalt Strike EnvyScout Gdrive
2022-07-08Cert-AgIDCert-AgID
@online{certagid:20220708:il:c02e771, author = {Cert-AgID}, title = {{Il malware EnvyScout (APT29) è stato veicolato anche in Italia}}, date = {2022-07-08}, organization = {Cert-AgID}, url = {https://cert-agid.gov.it/news/il-malware-envyscout-apt29-e-stato-veicolato-anche-in-italia/}, language = {Italian}, urldate = {2022-10-19} } Il malware EnvyScout (APT29) è stato veicolato anche in Italia
EnvyScout Unidentified 098 (APT29 Slack Downloader)
2022-06-26BushidoToken
@online{bushidotoken:20220626:overview:97370ff, author = {BushidoToken}, title = {{Overview of Russian GRU and SVR Cyberespionage Campaigns 1H 2022}}, date = {2022-06-26}, url = {https://blog.bushidotoken.net/2022/06/overview-of-russian-gru-and-svr.html}, language = {English}, urldate = {2022-08-09} } Overview of Russian GRU and SVR Cyberespionage Campaigns 1H 2022
Cobalt Strike CredoMap EnvyScout
2022-05-03Recorded FutureInsikt Group®
@techreport{group:20220503:solardeflection:1470221, author = {Insikt Group®}, title = {{SOLARDEFLECTION C2 Infrastructure Used by NOBELIUM in Company Brand Misuse}}, date = {2022-05-03}, institution = {Recorded Future}, url = {https://go.recordedfuture.com/hubfs/reports/cta-2022-0503.pdf}, language = {English}, urldate = {2022-05-04} } SOLARDEFLECTION C2 Infrastructure Used by NOBELIUM in Company Brand Misuse
Cobalt Strike EnvyScout
2022-01-06Sekoiasekoia
@online{sekoia:20220106:nobeliums:de631e8, author = {sekoia}, title = {{NOBELIUM’s EnvyScout infection chain goes in the registry, targeting embassies}}, date = {2022-01-06}, organization = {Sekoia}, url = {https://www.sekoia.io/en/nobeliums-envyscout-infection-chain-goes-in-the-registry-targeting-embassies/}, language = {English}, urldate = {2022-01-10} } NOBELIUM’s EnvyScout infection chain goes in the registry, targeting embassies
Cobalt Strike EnvyScout

There is no Yara-Signature yet.