- BlackCoffee
Malware References
Thursday, December 31, 2015
Fexel
Community Synonyms
Malware References
- Agtid
- Deputy Dog
Malware References
- https://www.symantec.com/security_response/writeup.jsp?docid=2013-092314-4620-99&tabid=2
- http://www.novetta.com/wp-content/uploads/2014/11/Executive_Summary-Final_1.pdf
- http://blog.jpcert.or.jp/2015/11/a-volatility-plugin-created-for-detecting-malware-used-in-targeted-attacks.html
- http://blogs.cisco.com/security/talos/threat-spotlight-group-72
Stealer
Community Synonyms
Malware References
- Sayad (NCC Group)
Malware References
- https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-operation-saffron-rose.pdf
- http://www.crowdstrike.com/blog/cat-scratch-fever-crowdstrike-tracks-newly-reported-iranian-actor-flying-kitten/
- https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2014/july/a-new-flying-kitten/
ZxShell
Community References
Malware References
- Sensode (Cisco)
Malware References
- http://blog.trendmicro.com/trendlabs-security-intelligence/mers-news-used-in-targeted-attack-against-japanese-media-company/
- http://blogs.cisco.com/security/talos/opening-zxshell
- https://www.symantec.com/security_response/writeup.jsp?docid=2014-021716-3303-99&tabid=2
- https://www.f-secure.com/v-descs/backdoor_w32_zxshell_a.shtml
- http://blogs.cisco.com/security/talos/threat-spotlight-group-72
- http://www.talosintel.com/files/publications_and_presentations/papers/Cisco_security_Group72_wp.pdf
- http://www.symantec.com/connect/blogs/operation-cloudyomega-ichitaro-zero-day-and-ongoing-cyberespionage-campaign-targeting-japan
- http://www.crowdstrike.com/blog/french-connection-french-aerospace-focused-cve-2014-0322-attack-shares-similarities-2012/
- https://www.fireeye.com/blog/threat-research/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html
- https://www.bluecoat.com/security-blog/2014-07-21/korean-gaming-industry-still-under-fire
- https://www.novetta.com/2014/10/operation-smn-detailed-reporting-released/
- http://www.kashifali.ca/category/backdoor-zxshell/
9002
Introduction
The 9002 RAT was first noticed when used in 2009 as part of the Operation Aurora attacks and then the Sunshop Campaign and Operation DeputyDog.
Community References
Malware References
The 9002 RAT was first noticed when used in 2009 as part of the Operation Aurora attacks and then the Sunshop Campaign and Operation DeputyDog.
Community References
- Trojan.Hydraq!gen1 (Symantec)
- Trojan.Hydraq labeled malware are a different backdoor)
- HomeUnix (FireEye)
- Naid (Symantec)
- Vasport (Symantec)
- Boda (Symantec)
- McRat
- MdMBot
- Troj/Agent-XAL
- 3102 (Palo Alto)
Malware References
- http://cybercampaigns.net/wp-content/uploads/2013/05/Hydraq.pdf
- http://blogs.cisco.com/security/talos/threat-spotlight-group-72
- http://malware-unplugged.blogspot.com/2013/11/hunting-apt-rat-9002-in-memory-using.html
- http://holisticinfosec.blogspot.com/search/label/Trojan.APT.9002
- http://blog.cylance.com/another-9002-trojan-variant
- https://www.fireeye.com/blog/threat-research/2013/08/the-sunshop-campaign-continues.html
- https://www.fireeye.com/blog/threat-research/2013/11/operation-ephemeral-hydra-ie-zero-day-linked-to-deputydog-uses-diskless-method.html
- http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/hidden_lynx.pdf
- http://researchcenter.paloaltonetworks.com/2015/09/chinese-actors-use-3102-malware-in-attacks-on-us-government-and-eu-media/ [3102 Malware]
Hikit
Community Synonyms
Malware References
- Matrix RAT
- Gaolmay
Malware References
- https://www.fireeye.com/blog/threat-research/2012/08/hikit-rootkit-advanced-persistent-attack-techniques-part-1.html
- https://www.fireeye.com/blog/threat-research/2012/08/hikit-rootkit-advanced-persistent-attack-techniques-part-2.html
- https://www.novetta.com/wp-content/uploads/2014/11/HiKit.pdf
- http://www.symantec.com/security_response/writeup.jsp?docid=2012-082113-5541-99&tabid=2
- http://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/BKDR_HIKIT.A
- http://www.slideshare.net/ragebeast/infragard-hikitflash
- https://www.threatconnect.com/opm-breach-analysis-update/
- https://blog.bit9.com/2013/02/25/bit9-security-incident-update/
- http://krebsonsecurity.com/2013/03/new-java-0-day-attack-echoes-bit9-breach/
- http://blogs.cisco.com/security/talos/threat-spotlight-group-72
- http://www.talosintel.com/files/publications_and_presentations/papers/Cisco_security_Group72_wp.pdf
Gh0st
Community Synonyms:
Moudoor (Symantec)
HTTPS
Lurk (TrendMicro)
Malware Reference:
https://www.sentinelone.com/blog/the-curious-case-of-gh0st-malware/
https://www.emc.com/collateral/so-ASOC-use-case-gh0st-rat.pdf
http://malware-unplugged.blogspot.com/2015/01/hunting-and-decrypting-communications.html
http://download01.norman.no/documents/ThemanyfacesofGh0stRat.pdf
http://henrybasset.blogspot.com/2014/04/red-sky-weekly-gh0st-rat.html
http://www.mcafee.com/in/resources/white-papers/foundstone/wp-know-your-digital-enemy.pdf
http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-detecting-apt-activity-with-network-traffic-analysis.pdf
http://blogs.rsa.com/will-gragido/lions-at-the-watering-hole-the-voho-affair/
http://www.mcafee.com/ca/resources/white-papers/foundstone/wp-know-your-digital-enemy.pdf
http://blog.trendmicro.com/trendlabs-security-intelligence/kunming-attack-leads-to-gh0st-rat-variant/
http://xanalysis.blogspot.com/2009/04/gh0st-rat.html
Moudoor (Symantec)
HTTPS
Lurk (TrendMicro)
Malware Reference:
https://www.sentinelone.com/blog/the-curious-case-of-gh0st-malware/
https://www.emc.com/collateral/so-ASOC-use-case-gh0st-rat.pdf
http://malware-unplugged.blogspot.com/2015/01/hunting-and-decrypting-communications.html
http://download01.norman.no/documents/ThemanyfacesofGh0stRat.pdf
http://henrybasset.blogspot.com/2014/04/red-sky-weekly-gh0st-rat.html
http://www.mcafee.com/in/resources/white-papers/foundstone/wp-know-your-digital-enemy.pdf
http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-detecting-apt-activity-with-network-traffic-analysis.pdf
http://blogs.rsa.com/will-gragido/lions-at-the-watering-hole-the-voho-affair/
http://www.mcafee.com/ca/resources/white-papers/foundstone/wp-know-your-digital-enemy.pdf
http://blog.trendmicro.com/trendlabs-security-intelligence/kunming-attack-leads-to-gh0st-rat-variant/
http://xanalysis.blogspot.com/2009/04/gh0st-rat.html
Preshin
Community Synonyms:
Malware Reference:
Malware Reference:
| http://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/BKDR_PRESHIN.JTT |
Subscribe to:
Posts (Atom)