SYMBOLCOMMON_NAMEaka. SYNONYMS
win.envyscout (Back to overview)

EnvyScout

aka: ROOTSAW

There is no description at this point.

References
2023-04-13CERT.PLCERT.PL
@online{certpl:20230413:cert:fbd2671, author = {CERT.PL}, title = {{CERT Polska and SKW warn against the activities of Russian spies}}, date = {2023-04-13}, organization = {CERT.PL}, url = {https://cert.pl/posts/2023/04/kampania-szpiegowska-apt29/}, language = {Polish}, urldate = {2023-05-25} } CERT Polska and SKW warn against the activities of Russian spies
BOOMBOX EnvyScout SUNBURST
2023-03-14BlackberryBlackBerry Research & Intelligence Team
@online{team:20230314:nobelium:f35029b, author = {BlackBerry Research & Intelligence Team}, title = {{NOBELIUM Uses Poland's Ambassador’s Visit to the U.S. to Target EU Governments Assisting Ukraine}}, date = {2023-03-14}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2023/03/nobelium-targets-eu-governments-assisting-ukraine}, language = {English}, urldate = {2023-03-14} } NOBELIUM Uses Poland's Ambassador’s Visit to the U.S. to Target EU Governments Assisting Ukraine
EnvyScout GraphicalNeutrino
2023-03-10MrtiepoloGianluca Tiepolo
@online{tiepolo:20230310:sophisticated:2892d3e, author = {Gianluca Tiepolo}, title = {{Sophisticated APT29 Campaign Abuses Notion API to Target the European Commission}}, date = {2023-03-10}, organization = {Mrtiepolo}, url = {https://mrtiepolo.medium.com/sophisticated-apt29-campaign-abuses-notion-api-to-target-the-european-commission-200188059f58}, language = {English}, urldate = {2023-03-14} } Sophisticated APT29 Campaign Abuses Notion API to Target the European Commission
BEATDROP EnvyScout GraphicalNeutrino tDiscoverer VaporRage
2022-09-06INCIBE-CERTINCIBE
@techreport{incibe:20220906:estudio:20f14b0, author = {INCIBE}, title = {{Estudio del análisis de Nobelium}}, date = {2022-09-06}, institution = {INCIBE-CERT}, url = {https://www.incibe-cert.es/sites/default/files/contenidos/estudios/doc/incibe-cert_estudio_analisis_nobelium_2022_v1.pdf}, language = {Spanish}, urldate = {2022-11-22} } Estudio del análisis de Nobelium
BEATDROP BOOMBOX Cobalt Strike EnvyScout Unidentified 099 (APT29 Dropbox Loader) VaporRage
2022-07-19Palo Alto Networks Unit 42Mike Harbison, Peter Renals
@online{harbison:20220719:russian:acbf388, author = {Mike Harbison and Peter Renals}, title = {{Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive}}, date = {2022-07-19}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/cloaked-ursa-online-storage-services-campaigns/}, language = {English}, urldate = {2022-07-19} } Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive
Cobalt Strike EnvyScout Gdrive
2022-07-08Cert-AgIDCert-AgID
@online{certagid:20220708:il:c02e771, author = {Cert-AgID}, title = {{Il malware EnvyScout (APT29) è stato veicolato anche in Italia}}, date = {2022-07-08}, organization = {Cert-AgID}, url = {https://cert-agid.gov.it/news/il-malware-envyscout-apt29-e-stato-veicolato-anche-in-italia/}, language = {Italian}, urldate = {2022-10-19} } Il malware EnvyScout (APT29) è stato veicolato anche in Italia
EnvyScout Unidentified 098 (APT29 Slack Downloader)
2022-06-26BushidoToken
@online{bushidotoken:20220626:overview:97370ff, author = {BushidoToken}, title = {{Overview of Russian GRU and SVR Cyberespionage Campaigns 1H 2022}}, date = {2022-06-26}, url = {https://blog.bushidotoken.net/2022/06/overview-of-russian-gru-and-svr.html}, language = {English}, urldate = {2022-08-09} } Overview of Russian GRU and SVR Cyberespionage Campaigns 1H 2022
Cobalt Strike CredoMap EnvyScout
2022-05-03Recorded FutureInsikt Group®
@techreport{group:20220503:solardeflection:1470221, author = {Insikt Group®}, title = {{SOLARDEFLECTION C2 Infrastructure Used by NOBELIUM in Company Brand Misuse}}, date = {2022-05-03}, institution = {Recorded Future}, url = {https://go.recordedfuture.com/hubfs/reports/cta-2022-0503.pdf}, language = {English}, urldate = {2022-05-04} } SOLARDEFLECTION C2 Infrastructure Used by NOBELIUM in Company Brand Misuse
Cobalt Strike EnvyScout
2022-01-06Sekoiasekoia
@online{sekoia:20220106:nobeliums:de631e8, author = {sekoia}, title = {{NOBELIUM’s EnvyScout infection chain goes in the registry, targeting embassies}}, date = {2022-01-06}, organization = {Sekoia}, url = {https://www.sekoia.io/en/nobeliums-envyscout-infection-chain-goes-in-the-registry-targeting-embassies/}, language = {English}, urldate = {2022-01-10} } NOBELIUM’s EnvyScout infection chain goes in the registry, targeting embassies
Cobalt Strike EnvyScout

There is no Yara-Signature yet.