The 9002 RAT was first noticed when used in 2009 as part of the Operation Aurora attacks and then the Sunshop Campaign and Operation DeputyDog.
Community References
- Trojan.Hydraq!gen1 (Symantec)
- Trojan.Hydraq labeled malware are a different backdoor)
- HomeUnix (FireEye)
- Naid (Symantec)
- Vasport (Symantec)
- Boda (Symantec)
- McRat
- MdMBot
- Troj/Agent-XAL
- 3102 (Palo Alto)
Malware References
- http://cybercampaigns.net/wp-content/uploads/2013/05/Hydraq.pdf
- http://blogs.cisco.com/security/talos/threat-spotlight-group-72
- http://malware-unplugged.blogspot.com/2013/11/hunting-apt-rat-9002-in-memory-using.html
- http://holisticinfosec.blogspot.com/search/label/Trojan.APT.9002
- http://blog.cylance.com/another-9002-trojan-variant
- https://www.fireeye.com/blog/threat-research/2013/08/the-sunshop-campaign-continues.html
- https://www.fireeye.com/blog/threat-research/2013/11/operation-ephemeral-hydra-ie-zero-day-linked-to-deputydog-uses-diskless-method.html
- http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/hidden_lynx.pdf
- http://researchcenter.paloaltonetworks.com/2015/09/chinese-actors-use-3102-malware-in-attacks-on-us-government-and-eu-media/ [3102 Malware]
No comments:
Post a Comment