List of pseudo-APT campaigns

Forum for analysis and discussion about malware.

List of pseudo-APT campaigns

Postby EP_X0FF » Wed Jul 20, 2016 4:51 am

Below is the short list of pseudo-APT campaigns launched in MSM by AV proxy/fake security "companies"

  • Rombertik - This terrifying malware destroys your PC if detected
    Campaign orchestrated by so-called "Talos Group" from Cisco - low quality "security analysts" who doesn't know how popular compiler generated file formats looks. It was so advanced for them so it is sure NationState APT.
  • Gyges - Invisible Malware
    Campaign launched by SentinelLabs (now rebranded as SentinelOne) - fraudware company. They introduced popular ransomware Win32/Urasy as invisible(sic) NationState sponsored APT.
  • Patchwork - The Copy-Paste APT
    Campaign launched by Cymmetria serving as a proxy company. They unveiled how to create hype from github open-source projects and script-kiddie blog posts. Of course it is NationState APT.
  • SFG - Furtims parent
    Campaign from SentinelOne, started after they registered here and downloaded sample from the above thread, after that they named this place as 'darkweb'. Represent malware package with various Carberp code as NationState APT.

This list will be updated when more fake "NationState APT" will be discovered (and they will be).

NOTE: The content of this list is originally from: viewtopic.php?f=16&t=4423. If you are reading it elsewhere, please visit the original location.
Ring0 - the source of inspiration
User avatar
EP_X0FF
Global Moderator
 
Posts: 4750
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Reputation point: 562

Re: List of pseudo-APT campaigns

Postby TSION » Tue Aug 16, 2016 2:08 pm

EP_XOFF should be very interesting for an amateur reverse engineer and should be interesting experience.
TSION
 
Posts: 14
Joined: Wed Feb 03, 2016 10:35 pm
Reputation point: 0


Return to Malware

Who is online

Users browsing this forum: tx707 and 3 guests