malpedia.caad.fkie.fraunhofer.de
Open in
urlscan Pro
129.233.182.56
Public Scan
URL:
https://malpedia.caad.fkie.fraunhofer.de/details/win.tinba
Submission: On April 23 via manual from AR — Scanned from DE
Submission: On April 23 via manual from AR — Scanned from DE
Form analysis 2 forms found in the DOM
POST /backend/propose_change
<form class="propose_change" method="post" enctype="multipart/form-data" action="/backend/propose_change"><input required="" type="hidden" class="form-control" name="family_name" value="win.tinba">
<div class="modal-header">
<h4 class="modal-title" id="proposeChangeTitle">Propose Change for <span class="mono-font">win.tinba</span></h4><button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">×</span></button>
</div>
<div class="modal-body">
<div class="ajax-message"></div><input type="hidden" name="csrfmiddlewaretoken" value="jt1Bvd88Chrg8bCxAnpFFZpAxjxZgqn3zOtjBczhA0OYnGwvRCHnWEXrw0IGUgL1">
<div class="form-group"><label for="category_select">In which category would you like to suggest a change?</label><select required="" class="form-control tab-select" id="category_select" name="category_select">
<option value="" disabled="" selected="" hidden="">Please select a category</option>
<option value="category_actors">Actors</option>
<option value="category_family_name">Naming</option>
<option value="category_description">Description</option>
<option value="category_references">References</option>
<option value="category_other">Other</option>
</select></div>
<div class="tab-content">
<div class="tab-pane" id="category_family_name" role="tabpanel">
<div class="form-group"><label for="family_name_select">What would you like to do?</label><select class="form-control tab-select" id="family_name_select" name="family_name_select">
<option value="" disabled="" selected="" hidden="">Please select an option</option>
<option value="family_name_add_alias">Suggest an alias</option>
<option value="family_name_change_common_name">Change the common name</option><!--<option value="family_name_change_name">Change the directory name</option>-->
</select></div>
<div class="tab-content">
<div class="tab-pane" id="family_name_add_alias" role="tabpanel">
<div class="form-group"><label for="newFamilyAlias">New Alias for <span class="mono-font">win.tinba</span></label><input type="text" class="form-control" id="newFamilyAlias" name="new_alias" aria-describedby="newFamilyAliasInfo"
placeholder="Enter name"><small id="newFamilyAliasInfo" class="form-text text-muted">Please enter a new alias that you think is appropriate for Tinba. Give a reference for the alias in the box below.</small></div>
</div>
<div class="tab-pane" id="family_name_change_name" role="tabpanel">
<div class="form-group"><label for="newFamilyName">New Name for <span class="mono-font">win.tinba</span></label><input type="text" class="form-control" id="newFamilyName" name="new_name" aria-describedby="newFamilyNameInfo"
placeholder="Enter name"><small id="newFamilyNameInfo" class="form-text text-muted">Please enter your proposal for a new primary family name that you think is more appropriate than win.tinba.</small></div>
</div>
<div class="tab-pane" id="family_name_change_common_name" role="tabpanel">
<div class="form-group"><label for="newFamilyCommonName">New Common Name for <span class="mono-font">win.tinba</span></label><input type="text" class="form-control" id="newFamilyCommonName" name="new_common_name"
aria-describedby="newFamilyCommonNameInfo" placeholder="Enter name"><small id="newFamilyCommonNameInfo" class="form-text text-muted">Please enter your proposal for a new primary family name that you think is more appropriate than
Tinba.</small></div>
</div>
</div>
</div>
<div class="tab-pane" id="category_description" role="tabpanel">
<div class="form-group"><label for="description_select">What would you like to do?</label><select class="form-control tab-select" id="description_select" name="description_select">
<option value="" disabled="" selected="" hidden="">Please select an option</option>
<option value="description_change">Change the existing description</option>
</select></div>
<div class="tab-content">
<div class="tab-pane" id="description_new" role="tabpanel">
<div class="form-group"><label for="new_description">Add Description</label><textarea class="form-control" id="new_description" name="new_description" rows="3" aria-describedby="new_descriptionInfo" minlength="20"></textarea><small
id="new_descriptionInfo" class="form-text text-muted">The Family description will be visible on the family details site.</small></div>
</div>
<div class="tab-pane" id="description_change" role="tabpanel">
<div class="form-group"><label for="changed_description">Change Description</label><textarea class="form-control" id="changed_description" name="changed_description" rows="3" aria-describedby="changed_descriptionInfo" minlength="20"
value="F-Secure notes that TinyBanker or short Tinba is usually distributed through malvertising (advertising content that leads the user to sites hosting malicious threats), exploit kits and spam email campaigns. According to news reports, Tinba has been found targeting bank customers in the United States and Europe.
If Tinba successfully infects a device, it can steal banking and personal information through webinjects. To do this, the malware monitors the user's browser activity and if specific banking portals are visited, Tinba injects code to present the victim with fake web forms designed to mimic the legitimate web site. The malware then tricks them into entering their personal information, log-in credentials, etc in the legitimate-looking page.
Tinba may also display socially-engineered messages to lure or pressure the user into entering their information on the fake page; for example, a message may be shown which attempts to convince the victim that funds were accidentally deposited to his account and must be refunded immediately."></textarea><small
id="changed_descriptionInfo" class="form-text text-muted">Change the existing description like you think it would be advisable.</small></div>
</div>
</div>
</div>
<div class="tab-pane" id="category_other" role="tabpanel">
<p> If your designated proposal does not fit in any other category, <br> feel free to write a free-text in the comment field below. </p>
</div>
<div class="tab-pane" id="category_references" role="tabpanel">
<div class="tab-content">
<p> Please propose all changes regarding references on the <a class="logo-red" href="/library">Malpedia library page</a></p>
</div>
</div>
<div class="tab-pane" id="category_actors" role="tabpanel">
<div class="form-group"><label for="actors_select">What would you like to do?</label><select class="form-control tab-select" id="actors_select" name="actors_select">
<option value="" disabled="" selected="" hidden="">Please select an option</option>
<option value="actors_add">Add new actor</option>
</select></div>
<div class="tab-content">
<div class="tab-pane" id="actors_add" role="tabpanel">
<div class="form-group"><label for="new_actor">New Actor for <span class="mono-font">win.tinba</span></label><select id="new_actor" name="new_actor" aria-describedby="new_actorInfo" class="selectpicker form-control"
data-live-search="true">
<option value=" Stealth Mango and Tangelo "> Stealth Mango and Tangelo </option>
<option value="1937CN">1937CN</option>
<option value="ALLANITE">ALLANITE (Palmetto Fusion, Allanite)</option>
<option value="ANDROMEDA SPIDER">ANDROMEDA SPIDER</option>
<option value="ANTHROPOID SPIDER">ANTHROPOID SPIDER (Empire Monkey, CobaltGoblin)</option>
<option value="APT-C-12">APT-C-12 (Sapphire Mushroom, Blue Mushroom, NuclearCrisis)</option>
<option value="APT-C-27">APT-C-27 (GoldMouse, Golden RAT, ATK80)</option>
<option value="APT-C-34">APT-C-34 (Golden Falcon)</option>
<option value="APT-C-36">APT-C-36 (Blind Eagle)</option>
<option value="APT-C-60">APT-C-60 (APT-Q-12)</option>
<option value="APT.3102">APT.3102</option>
<option value="APT1">APT1 (COMMENT PANDA, PLA Unit 61398, Comment Crew, Byzantine Candor, Group 3, TG-8223, Comment Group, Brown Fox, GIF89a, ShadyRAT, G0006)</option>
<option value="APT10">APT10 (STONE PANDAD, Menupass Team, happyyongzi, POTASSIUM, Red Apollo, CVNX, HOGFISH, Cloud Hopper, BRONZE RIVERSIDE, ATK41, G0045, Granite Taurus, TA429)</option>
<option value="APT12">APT12 (NUMBERED PANDA, TG-2754, BeeBus, Group 22, DynCalc, Calc Team, DNSCalc, Crimson Iron, IXESHE, BRONZE GLOBE)</option>
<option value="APT14">APT14 (ANCHOR PANDA, QAZTeam, ALUMINUM)</option>
<option value="APT15">APT15 (VIXEN PANDA, Ke3Chang, Playful Dragon, Metushy, Lurid, Social Network Team, Royal APT, BRONZE PALACE, BRONZE DAVENPORT, BRONZE IDLEWOOD, NICKEL, G0004, Red Vulture, Nylon Typhoon, Mirage)</option>
<option value="APT16">APT16 (SVCMONDR, G0023)</option>
<option value="APT17">APT17 (Group 8, AURORA PANDA, Hidden Lynx, Tailgater Team, Dogfish, BRONZE KEYSTONE, G0025, Group 72, G0001, Axiom, HELIUM)</option>
<option value="APT18">APT18 (DYNAMITE PANDA, TG-0416, SCANDIUM, PLA Navy, Wekby, G0026)</option>
<option value="APT19">APT19 (DEEP PANDA, Codoso, WebMasters, KungFu Kittens, Black Vine, TEMP.Avengers, Group 13, PinkPanther, Shell Crew, BRONZE FIRESTONE, G0009, G0073, Pupa, Sunshop Group)</option>
<option value="APT2">APT2 (PLA Unit 61486, PUTTER PANDA, MSUpdater, 4HCrew, SULPHUR, SearchFire, TG-6952, G0024)</option>
<option value="APT20">APT20 (VIOLIN PANDA, TH3Bug, Crawling Taurus)</option>
<option value="APT21">APT21 (HAMMER PANDA, TEMP.Zhenbao, NetTraveler)</option>
<option value="APT22">APT22 (G0039, Suckfly, BRONZE OLIVE, Group 46)</option>
<option value="APT23">APT23 (PIRATE PANDA, KeyBoy, Tropic Trooper, BRONZE HOBART, G0081, Red Orthrus, Earth Centaur)</option>
<option value="APT24">APT24 (PITTY PANDA, G0011, Temp.Pittytiger)</option>
<option value="APT26">APT26 (JerseyMikes, TURBINE PANDA, BRONZE EXPRESS, TECHNETIUM)</option>
<option value="APT27">APT27 (GreedyTaotie, TG-3390, EMISSARY PANDA, TEMP.Hippo, Red Phoenix, Budworm, Group 35, ZipToken, Iron Tiger, BRONZE UNION, Lucky Mouse, G0027, Iron Taurus, Earth Smilodon)</option>
<option value="APT28">APT28 (Pawn Storm, FANCY BEAR, Sednit, SNAKEMACKEREL, Tsar Team, TG-4127, STRONTIUM, Swallowtail, IRON TWILIGHT, Group 74, SIG40, Grizzly Steppe, G0007, ATK5, Fighting Ursa, ITG05, Blue Athena, TA422, T-APT-12,
APT-C-20, UAC-0028, FROZENLAKE, Sofacy, Forest Blizzard, APT 28, TsarTeam, Group-4127, Grey-Cloud)</option>
<option value="APT29">APT29 (Group 100, COZY BEAR, The Dukes, Minidionis, SeaDuke, YTTRIUM, IRON HEMLOCK, Grizzly Steppe, G0016, ATK7, Cloaked Ursa, TA421, Blue Kitsune, ITG11, BlueBravo, Nobelium, UAC-0029, Midnight Blizzard)
</option>
<option value="APT3">APT3 (GOTHIC PANDA, TG-0110, Group 6, UPS, Buckeye, Boyusec, BORON, BRONZE MAYFAIR, Red Sylvan)</option>
<option value="APT30">APT30 (G0013, Raspberry Typhoon, RADIUM, LotusBlossom)</option>
<option value="APT31">APT31 (ZIRCONIUM, JUDGMENT PANDA, BRONZE VINEWOOD, Red keres, Violet Typhoon, TA412, Zirconium)</option>
<option value="APT32">APT32 (OceanLotus Group, Ocean Lotus, OceanLotus, Cobalt Kitty, APT-C-00, SeaLotus, Sea Lotus, APT-32, APT 32, Ocean Buffalo, POND LOACH, TIN WOODLAWN, BISMUTH, ATK17, G0050, Canvas Cyclone)</option>
<option value="APT33">APT33 (APT 33, Elfin, MAGNALLIUM, Refined Kitten, HOLMIUM, COBALT TRINITY, G0064, ATK35, Peach Sandstorm, TA451)</option>
<option value="APT35">APT35 (Newscaster Team, Magic Hound, G0059, Phosphorus, Mint Sandstorm, TunnelVision, COBALT MIRAGE, Charming Kitten)</option>
<option value="APT37">APT37 (APT 37, Group 123, Group123, InkySquid, Operation Daybreak, Operation Erebus, Reaper Group, Reaper, Red Eyes, Ricochet Chollima, ScarCruft, Venus 121, ATK4, G0067, Moldy Pisces)</option>
<option value="APT39">APT39 (Chafer, REMIX KITTEN, COBALT HICKMAN, G0087, Radio Serpens, TA454)</option>
<option value="APT4">APT4 (PLA Navy, MAVERICK PANDA, BRONZE EDISON, SODIUM, Salmon Typhoon)</option>
<option value="APT40">APT40 (TEMP.Periscope, TEMP.Jumper, Leviathan, BRONZE MOHAWK, GADOLINIUM, KRYPTONITE PANDA, G0065, ATK29, TA423, Red Ladon, ITG09, MUDCARP, ISLANDDREAMS, Gingham Typhoon)</option>
<option value="APT41">APT41 (G0096, TA415, Blackfly, Grayfly, LEAD, BARIUM, WICKED SPIDER, WICKED PANDA, BRONZE ATLAS, BRONZE EXPORT, Red Kelpie, G0044, Earth Baku, Amoeba, HOODOO, Brass Typhoon)</option>
<option value="APT42">APT42 (UNC788, CALANQUE)</option>
<option value="APT43">APT43</option>
<option value="APT5">APT5 (KEYHOLE PANDA, MANGANESE, BRONZE FLEETWOOD, TEMP.Bottle, Mulberry Typhoon, Poisoned Flight, TABCTENG)</option>
<option value="APT6">APT6 (1.php Group)</option>
<option value="APT9">APT9 (NIGHTSHADE PANDA, Red Pegasus, Group 27)</option>
<option value="AeroBlade">AeroBlade</option>
<option value="Altahrea Team">Altahrea Team</option>
<option value="Anonymous Sudan">Anonymous Sudan</option>
<option value="Antlion">Antlion</option>
<option value="Aoqin Dragon">Aoqin Dragon (UNC94)</option>
<option value="AppMilad">AppMilad</option>
<option value="AridViper">AridViper (Desert Falcon, Renegade Jackal, DESERTVARNISH, UNC718, Arid Viper, APT-C-23)</option>
<option value="Aslan Neferler Tim">Aslan Neferler Tim (Lion Soldiers Team, Phantom Turk)</option>
<option value="AtlasCross">AtlasCross</option>
<option value="Attor">Attor</option>
<option value="Avivore">Avivore</option>
<option value="Ayyıldız Tim">Ayyıldız Tim (Crescent and Star)</option>
<option value="BAMBOO SPIDER">BAMBOO SPIDER</option>
<option value="BANISHED KITTEN">BANISHED KITTEN (DUNE, Storm-0842)</option>
<option value="BIG PANDA">BIG PANDA</option>
<option value="BITWISE SPIDER">BITWISE SPIDER</option>
<option value="BOSON SPIDER">BOSON SPIDER</option>
<option value="BOSS SPIDER">BOSS SPIDER (GOLD LOWELL)</option>
<option value="BRONZE EDGEWOOD">BRONZE EDGEWOOD (Red Hariasa)</option>
<option value="BRONZE HIGHLAND">BRONZE HIGHLAND (Evasive Panda, Daggerfly)</option>
<option value="BRONZE SPIRAL">BRONZE SPIRAL</option>
<option value="BRONZE SPRING">BRONZE SPRING (UNC302)</option>
<option value="BRONZE STARLIGHT">BRONZE STARLIGHT (SLIME34, DEV-0401, Cinnamon Tempest, Emperor Dragonfly)</option>
<option value="BRONZE VAPOR">BRONZE VAPOR</option>
<option value="BackdoorDiplomacy">BackdoorDiplomacy (BackDip, CloudComputating, Quarian)</option>
<option value="BadRory">BadRory</option>
<option value="Bahamut">Bahamut</option>
<option value="BazarCall">BazarCall (BazzarCall, BazaCall)</option>
<option value="Beijing Group">Beijing Group (SNEAKY PANDA, Elderwood, Elderwood Gang, SIG22, G0066)</option>
<option value="BelialDemon">BelialDemon (Matanbuchus)</option>
<option value="BiBiGun">BiBiGun</option>
<option value="BlackOasis">BlackOasis (G0063)</option>
<option value="BlackTech">BlackTech (CIRCUIT PANDA, Temp.Overboard, HUAPI, Palmerworm, G0098, T-APT-03, Manga Taurus, Red Djinn)</option>
<option value="Blackatom">Blackatom</option>
<option value="Blackgear">Blackgear (Topgear, Comnie, BLACKGEAR)</option>
<option value="Blacktail">Blacktail</option>
<option value="Blackwood">Blackwood</option>
<option value="BladeHawk">BladeHawk</option>
<option value="Blue Termite">Blue Termite (Cloudy Omega, Emdivi)</option>
<option value="Blue Tsunami">Blue Tsunami (Black Cube)</option>
<option value="BlueBottle">BlueBottle</option>
<option value="Bohrium">Bohrium (Smoke Sandstorm, BOHRIUM)</option>
<option value="Boulder Bear">Boulder Bear</option>
<option value="Budminer">Budminer (Budminer cyberespionage group)</option>
<option value="BuhTrap">BuhTrap</option>
<option value="CHRYSENE">CHRYSENE (OilRig, Greenbug, Hazel Sandstorm, EUROPIUM, Cobalt Gypsy, APT34)</option>
<option value="CIRCUS SPIDER">CIRCUS SPIDER</option>
<option value="CL-STA-0043">CL-STA-0043</option>
<option value="CLOCKWORK SPIDER">CLOCKWORK SPIDER</option>
<option value="COBALT JUNO">COBALT JUNO (APT-C-38 (QiAnXin), SABER LION, TG-2884 (SCWX CTU))</option>
<option value="COBALT KATANA">COBALT KATANA (Hive0081 (IBM), SectorD01 (NHSC), xHunt campaign (Palo Alto), Hunter Serpens)</option>
<option value="Cadelle">Cadelle</option>
<option value="Caliente Bandits">Caliente Bandits (TA2721)</option>
<option value="Callisto">Callisto (COLDRIVER, SEABORGIUM, TA446, GOSSAMER BEAR, BlueCharlie, Star Blizzard, Reuse Team)</option>
<option value="Calypso">Calypso (BRONZE MEDLEY)</option>
<option value="Camaro Dragon">Camaro Dragon</option>
<option value="Caracal Kitten">Caracal Kitten (APT-Q-58)</option>
<option value="Caramel Tsunami">Caramel Tsunami (SOURGUM, Candiru)</option>
<option value="Carderbee">Carderbee</option>
<option value="CardinalLizard">CardinalLizard</option>
<option value="Careto">Careto (The Mask, Mask, Ugly Face)</option>
<option value="Carmine Tsunami">Carmine Tsunami (DEV-0196, QuaDream)</option>
<option value="Chamelgang">Chamelgang</option>
<option value="Charming Kitten">Charming Kitten (Newscaster, Parastoo, iKittens, Group 83, NewsBeef, G0058, CharmingCypress, Mint Sandstorm, PHOSPHORUS, APT35)</option>
<option value="Chernovite">Chernovite</option>
<option value="Cleaver">Cleaver (Operation Cleaver, Op Cleaver, Tarh Andishan, Alibaba, TG-2889, Cobalt Gypsy, G0003, Hazel Sandstorm, EUROPIUM, APT34, OilRig)</option>
<option value="Clever Kitten">Clever Kitten (Group 41)</option>
<option value="Cobalt">Cobalt (Cobalt Group, Cobalt Gang, GOLD KINGSWOOD, COBALT SPIDER, G0080, Mule Libra)</option>
<option value="Cold River">Cold River (Nahr Elbard, Nahr el bared)</option>
<option value="Common Raven">Common Raven (OPERA1ER, NXSMS, DESKTOP-GROUP)</option>
<option value="Confucious">Confucious</option>
<option value="Copy-Paste">Copy-Paste</option>
<option value="CopyKittens">CopyKittens (Slayer Kitten, G0052)</option>
<option value="Corsair Jackal">Corsair Jackal (TunisianCyberArmy)</option>
<option value="Cosmic Lynx">Cosmic Lynx</option>
<option value="CostaRicto">CostaRicto</option>
<option value="Cotton Sandstorm">Cotton Sandstorm (Emennet Pasargad, Holy Souls, MARNANBRIDGE, NEPTUNIUM)</option>
<option value="Cuboid Sandstorm">Cuboid Sandstorm (DEV-0228)</option>
<option value="Curious Gorge">Curious Gorge (UNC3742)</option>
<option value="Cutting Kitten">Cutting Kitten (ITsecTeam)</option>
<option value="Cyber Av3ngers">Cyber Av3ngers</option>
<option value="Cyber Berkut">Cyber Berkut</option>
<option value="Cyber Caliphate Army">Cyber Caliphate Army (Islamic State Hacking Division, CCA, United Cyber Caliphate, UUC, CyberCaliphate)</option>
<option value="Cyber Partisans">Cyber Partisans</option>
<option value="Cyber Toufan">Cyber Toufan</option>
<option value="Cyber fighters of Izz Ad-Din Al Qassam">Cyber fighters of Izz Ad-Din Al Qassam (Fraternal Jackal)</option>
<option value="Cyber.Anarchy.Squad">Cyber.Anarchy.Squad (Cyber Anarchy Squad)</option>
<option value="DAGGER PANDA">DAGGER PANDA (IceFog, Trident, RedFoxtrot, Red Wendigo, PLA Unit 69010)</option>
<option value="DEV-0147">DEV-0147</option>
<option value="DEV-0270">DEV-0270 (Nemesis Kitten, Storm-0270)</option>
<option value="DEV-0569">DEV-0569 (Storm-0569)</option>
<option value="DEV-0586">DEV-0586 (Ruinous Ursa, Cadet Blizzard)</option>
<option value="DEV-0928">DEV-0928</option>
<option value="DEV-0950">DEV-0950 (Lace Tempest)</option>
<option value="DEV-1028">DEV-1028</option>
<option value="DEXTOROUS SPIDER">DEXTOROUS SPIDER</option>
<option value="DIZZY PANDA">DIZZY PANDA (LadyBoyle)</option>
<option value="DNSpionage">DNSpionage (COBALT EDGEWATER)</option>
<option value="DOPPEL SPIDER">DOPPEL SPIDER (GOLD HERON)</option>
<option value="DUNGEON SPIDER">DUNGEON SPIDER</option>
<option value="Daixin Team">Daixin Team</option>
<option value="Dalbit">Dalbit</option>
<option value="Dancing Salome">Dancing Salome</option>
<option value="DangerousSavanna">DangerousSavanna</option>
<option value="Danti">Danti</option>
<option value="Dark Basin">Dark Basin</option>
<option value="Dark Caracal">Dark Caracal (G0070)</option>
<option value="DarkCasino">DarkCasino</option>
<option value="DarkHotel">DarkHotel (DUBNIUM, Fallout Team, Karba, Luder, Nemim, Nemin, Tapaoux, Pioneer, Shadow Crane, APT-C-06, SIG25, TUNGSTEN BRIDGE, T-APT-02, G0012, ATK52, Zigzag Hail, Dark Hotel)</option>
<option value="DarkHydrus">DarkHydrus (LazyMeerkat, G0079, Obscure Serpens)</option>
<option value="DarkVishnya">DarkVishnya</option>
<option value="Deadeye Jackal">Deadeye Jackal (SyrianElectronicArmy, SEA)</option>
<option value="DefrayX">DefrayX (Hive0091)</option>
<option value="Denim Tsunami">Denim Tsunami (KNOTWEED, DSIRF)</option>
<option value="Desorden Group">Desorden Group</option>
<option value="DiceyF">DiceyF</option>
<option value="Domestic Kitten">Domestic Kitten (Bouncing Golf, APT-C-50)</option>
<option value="DragonForce">DragonForce</option>
<option value="DragonOK">DragonOK (Moafee, BRONZE OVERBROOK, G0017, G0002, Shallow Taurus)</option>
<option value="DragonSpark">DragonSpark</option>
<option value="DriftingCloud">DriftingCloud</option>
<option value="Dust Storm">Dust Storm (G0031)</option>
<option value="DustSquad">DustSquad (Nomadic Octopus)</option>
<option value="ELECTRIC PANDA">ELECTRIC PANDA</option>
<option value="ELOQUENT PANDA">ELOQUENT PANDA</option>
<option value="ENERGETIC BEAR">ENERGETIC BEAR (BERSERK BEAR, ALLANITE, CASTLE, DYMALLOY, TG-4192, Dragonfly, Crouching Yeti, Group 24, Havex, Koala Team, IRON LIBERTY, G0035, ATK6, ITG15, BROMINE, Blue Kraken, Ghost Blizzard)</option>
<option value="EXOTIC LILY">EXOTIC LILY (DEV-0413)</option>
<option value="Earth Berberoka">Earth Berberoka (GamblingPuppet)</option>
<option value="Earth Estries">Earth Estries</option>
<option value="Earth Kapre">Earth Kapre (RedCurl, Red Wolf)</option>
<option value="Earth Kitsune">Earth Kitsune</option>
<option value="Earth Krahang">Earth Krahang</option>
<option value="Earth Longzhi">Earth Longzhi (SnakeCharmer)</option>
<option value="Earth Lusca">Earth Lusca (CHROMIUM, ControlX, TAG-22, FISHMONGER, BRONZE UNIVERSITY, AQUATIC PANDA, Red Dev 10, RedHotel, Charcoal Typhoon, BountyGlad, Red Scylla)</option>
<option value="Earth Wendigo">Earth Wendigo</option>
<option value="Earth Yako">Earth Yako (Operation RestyLink, Enelink)</option>
<option value="Edalat-e Ali">Edalat-e Ali</option>
<option value="El Machete">El Machete (Machete, machete-apt, APT-C-43, G0095)</option>
<option value="Equation Group">Equation Group (Tilded Team, EQGRP, G0020)</option>
<option value="Evasive Panda">Evasive Panda (BRONZE HIGHLAND)</option>
<option value="Evil Corp">Evil Corp (GOLD DRAKE)</option>
<option value="EvilPost">EvilPost</option>
<option value="EvilTraffic">EvilTraffic (Operation EvilTraffic)</option>
<option value="Evilnum">Evilnum (DeathStalker, TA4563, EvilNum, Jointworm, KNOCKOUT SPIDER)</option>
<option value="FASTCash">FASTCash</option>
<option value="FIN1">FIN1</option>
<option value="FIN10">FIN10 (G0051)</option>
<option value="FIN11">FIN11 (TEMP.Warlock, UNC902, Lace Tempest, DEV-0950, TA505)</option>
<option value="FIN13">FIN13 (TG2003, Elephant Beetle)</option>
<option value="FIN5">FIN5 (G0053)</option>
<option value="FIN6">FIN6 (SKELETON SPIDER, ITG08, MageCart Group 6, White Giant, GOLD FRANKLIN, ATK88, G0037, Camouflage Tempest, TAAL)</option>
<option value="FIN7">FIN7 (CARBON SPIDER, GOLD NIAGARA, Calcium, ATK32, G0046, G0008, Coreid, Carbanak, Sangria Tempest, ELBRUS, Carbon Spider)</option>
<option value="FIN8">FIN8 (ATK113, G0061)</option>
<option value="FOXY PANDA">FOXY PANDA</option>
<option value="Ferocious Kitten">Ferocious Kitten</option>
<option value="Fishing Elephant">Fishing Elephant (Outrider Tiger)</option>
<option value="Flash Kitten">Flash Kitten</option>
<option value="Flax Typhoon">Flax Typhoon (Ethereal Panda, Storm-0919)</option>
<option value="Flying Kitten">Flying Kitten (SaffronRose, Saffron Rose, AjaxSecurityTeam, Ajax Security Team, Group 26, Sayad)</option>
<option value="Fox Kitten">Fox Kitten (PIONEER KITTEN, PARISITE, UNC757, Lemon Sandstorm, RUBIDIUM, PioneerKitten)</option>
<option value="FusionCore">FusionCore</option>
<option value="Fxmsp">Fxmsp</option>
<option value="GALLIUM">GALLIUM (Red Dev 4, Alloy Taurus, Granite Typhoon, Operation Soft Cell)</option>
<option value="GC01">GC01 (Golden Chickens, Golden Chickens01, Golden Chickens 01)</option>
<option value="GC02">GC02 (Golden Chickens, Golden Chickens02, Golden Chickens 02)</option>
<option value="GCMAN">GCMAN (G0036)</option>
<option value="GIBBERISH PANDA">GIBBERISH PANDA</option>
<option value="GOBLIN PANDA">GOBLIN PANDA (Conimes, Cycldek)</option>
<option value="GOLD BURLAP">GOLD BURLAP (CYBORG SPIDER)</option>
<option value="GOLD CABIN">GOLD CABIN (Shakthak, TA551, ATK236, G0127, Monster Libra)</option>
<option value="GOLD DUPONT">GOLD DUPONT (SPRITE SPIDER)</option>
<option value="GOLD EVERGREEN">GOLD EVERGREEN</option>
<option value="GOLD FAIRFAX">GOLD FAIRFAX</option>
<option value="GOLD FLANDERS">GOLD FLANDERS</option>
<option value="GOLD GALLEON">GOLD GALLEON</option>
<option value="GOLD GARDEN">GOLD GARDEN</option>
<option value="GOLD MANSARD">GOLD MANSARD</option>
<option value="GOLD NORTHFIELD">GOLD NORTHFIELD</option>
<option value="GOLD PRELUDE">GOLD PRELUDE (TA569, UNC1543)</option>
<option value="GOLD RIVERVIEW">GOLD RIVERVIEW</option>
<option value="GOLD SKYLINE">GOLD SKYLINE</option>
<option value="GOLD SOUTHFIELD">GOLD SOUTHFIELD</option>
<option value="GOLD SYMPHONY">GOLD SYMPHONY</option>
<option value="GOLD WATERFALL">GOLD WATERFALL</option>
<option value="GOLD WINTER">GOLD WINTER</option>
<option value="GREF">GREF</option>
<option value="GRIM SPIDER">GRIM SPIDER (GOLD ULRICK)</option>
<option value="GURU SPIDER">GURU SPIDER</option>
<option value="Gallmaker">Gallmaker</option>
<option value="Gamaredon Group">Gamaredon Group (ACTINIUM, DEV-0157, Blue Otso, BlueAlpha, G0047, IRON TILDEN, PRIMITIVE BEAR, Shuckworm, Trident Ursa, UAC-0010, Winterflounder, Aqua Blizzard, Actinium, UNC530, Gamaredon)</option>
<option value="GambleForce">GambleForce</option>
<option value="Gelsemium">Gelsemium (狼毒草)</option>
<option value="Ghost Jackal">Ghost Jackal</option>
<option value="GhostEmperor">GhostEmperor</option>
<option value="GhostNet">GhostNet (Snooping Dragon)</option>
<option value="GhostSec">GhostSec (Ghost Security)</option>
<option value="Ghostwriter">Ghostwriter (UNC1151, TA445, PUSHCHA, Storm-0257, DEV-0257)</option>
<option value="Gnosticplayers">Gnosticplayers</option>
<option value="GoldFactory">GoldFactory</option>
<option value="GoldenJackal">GoldenJackal</option>
<option value="GozNym">GozNym</option>
<option value="Gray Sandstorm">Gray Sandstorm (DEV-0343)</option>
<option value="Grayling">Grayling</option>
<option value="Greenbug">Greenbug</option>
<option value="GreyEnergy">GreyEnergy</option>
<option value="Groundbait">Groundbait</option>
<option value="Group5">Group5 (G0043)</option>
<option value="Guacamaya">Guacamaya</option>
<option value="HAFNIUM">HAFNIUM (ATK233, G0125, Operation Exchange Marauder, Red Dev 13, Silk Typhoon)</option>
<option value="HAZY TIGER">HAZY TIGER (Bitter, T-APT-17, APT-C-08, Orange Yali)</option>
<option value="HOUND SPIDER">HOUND SPIDER</option>
<option value="HURRICANE PANDA">HURRICANE PANDA</option>
<option value="Hacking Team">Hacking Team</option>
<option value="Hagga">Hagga (Aggah, TH-157)</option>
<option value="Hellsing">Hellsing</option>
<option value="HenBox">HenBox</option>
<option value="Hezb">Hezb (Mimo)</option>
<option value="HiddenArt">HiddenArt</option>
<option value="Higaisa">Higaisa</option>
<option value="HomeLand Justice">HomeLand Justice</option>
<option value="Honeybee">Honeybee (G0072)</option>
<option value="HookAds">HookAds</option>
<option value="HummingBad">HummingBad</option>
<option value="IMPERSONATING PANDA">IMPERSONATING PANDA</option>
<option value="INDRIK SPIDER">INDRIK SPIDER (Manatee Tempest, DEV-0243, EvilCorp, UNC2165)</option>
<option value="IRIDIUM">IRIDIUM (Seashell Blizzard, Sandworm)</option>
<option value="Inception Framework">Inception Framework (Clean Ursa, Cloud Atlas, OXYGEN, G0100, ATK116, Blue Odin)</option>
<option value="IndigoZebra">IndigoZebra</option>
<option value="Infy">Infy (Operation Mermaid, Prince of Persia, Foudre)</option>
<option value="InvisiMole">InvisiMole</option>
<option value="Iron Group">Iron Group (Iron Cyber Group)</option>
<option value="IronHusky">IronHusky</option>
<option value="ItaDuke">ItaDuke (DarkUniverse, SIG27)</option>
<option value="KAX17">KAX17</option>
<option value="Karakurt">Karakurt (Karakurt Lair)</option>
<option value="Karkadann">Karkadann (Piwiks)</option>
<option value="Kasablanka">Kasablanka</option>
<option value="Keksec">Keksec</option>
<option value="KelvinSecurity">KelvinSecurity</option>
<option value="Killnet">Killnet</option>
<option value="Kimsuky">Kimsuky (Velvet Chollima, Black Banshee, Thallium, Operation Stolen Pencil, G0086, APT43, Emerald Sleet, THALLIUM)</option>
<option value="Kinsing">Kinsing (Money Libra)</option>
<option value="Kiss-a-Dog">Kiss-a-Dog</option>
<option value="KromSec">KromSec</option>
<option value="LAPSUS">LAPSUS (LAPSUS$, DEV-0537, SLIPPY SPIDER, Strawberry Tempest)</option>
<option value="LOTUS PANDA">LOTUS PANDA (Spring Dragon, ST Group, DRAGONFISH, BRONZE ELGIN, ATK1, G0030, Red Salamander, Lotus BLossom)</option>
<option value="LUNAR SPIDER">LUNAR SPIDER (GOLD SWATHMORE)</option>
<option value="LYCEUM">LYCEUM (COBALT LYCEUM, HEXANE, UNC1530, Spirlin, MYSTICDOME, siamesekitten, Chrono Kitten, Storm-0133)</option>
<option value="LabHost">LabHost</option>
<option value="Lancefly">Lancefly</option>
<option value="Lazarus Group">Lazarus Group (Operation DarkSeoul, Dark Seoul, Hidden Cobra, Hastati Group, Andariel, Unit 121, Bureau 121, NewRomanic Cyber Army Team, Bluenoroff, Subgroup: Bluenoroff, Group 77, Labyrinth Chollima,
Operation Troy, Operation GhostSecret, Operation AppleJeus, APT38, APT 38, Stardust Chollima, Whois Hacking Team, Zinc, Appleworm, Nickel Academy, APT-C-26, NICKEL GLADSTONE, COVELLITE, ATK3, G0032, ATK117, G0082, Citrine Sleet,
DEV-0139, DEV-1222, Diamond Sleet, ZINC, Sapphire Sleet, COPERNICIUM, TA404, Lazarus group, BeagleBoyz, Lazarus, Genie Spider)</option>
<option value="Libyan Scorpions">Libyan Scorpions</option>
<option value="LightBasin">LightBasin (UNC1945, CL-CRI-0025)</option>
<option value="Lilac Typhoon">Lilac Typhoon (DEV-0234)</option>
<option value="LofyGang">LofyGang</option>
<option value="Longhorn">Longhorn (Lamberts, the Lamberts, APT-C-39, PLATINUM TERMINAL)</option>
<option value="Lucky Cat">Lucky Cat (TA413, White Dev 9)</option>
<option value="MAGNETIC SPIDER">MAGNETIC SPIDER</option>
<option value="MALLARD SPIDER">MALLARD SPIDER (GOLD LAGOON)</option>
<option value="MIMIC SPIDER">MIMIC SPIDER</option>
<option value="MONTY SPIDER">MONTY SPIDER</option>
<option value="MUMMY SPIDER">MUMMY SPIDER (TA542, GOLD CRESTWOOD)</option>
<option value="MUSTANG PANDA">MUSTANG PANDA (BRONZE PRESIDENT, HoneyMyte, Red Lich, TEMP.HEX, BASIN, Earth Preta, TA416, Stately Taurus, LuminousMoth, Polaris, TANTALUM, Twill Typhoon)</option>
<option value="Madi">Madi</option>
<option value="MageCart">MageCart</option>
<option value="Magic Kitten">Magic Kitten (Group 42, VOYEUR)</option>
<option value="MalKamak">MalKamak</option>
<option value="Malteiro">Malteiro</option>
<option value="Mana Team">Mana Team</option>
<option value="Metador">Metador</option>
<option value="Mirage Tiger">Mirage Tiger</option>
<option value="MirrorFace">MirrorFace</option>
<option value="ModifiedElephant">ModifiedElephant</option>
<option value="Mofang">Mofang (Superman, BRONZE WALKER)</option>
<option value="Mogilevich">Mogilevich</option>
<option value="Molerats">Molerats (Gaza Hackers Team, Gaza cybergang, Gaza Cybergang, Operation Molerats, Extreme Jackal, Moonlight, ALUMINUM SARATOGA, G0021, BLACKSTEM)</option>
<option value="MoneyTaker">MoneyTaker</option>
<option value="MosesStaff">MosesStaff (Moses Staff, Marigold Sandstorm, DEV-0500)</option>
<option value="Moshen Dragon">Moshen Dragon</option>
<option value="Moskalvzapoe">Moskalvzapoe (MAN1, TA511)</option>
<option value="MoustachedBouncer">MoustachedBouncer</option>
<option value="MuddyWater">MuddyWater (TEMP.Zagros, Static Kitten, Seedworm, MERCURY, COBALT ULSTER, G0069, ATK51, Boggy Serpens, Mango Sandstorm, TA450, Earth Vetala)</option>
<option value="MurenShark">MurenShark (Actor210426)</option>
<option value="Mustard Tempest">Mustard Tempest (DEV-0206, Purple Vallhund)</option>
<option value="N4ughtysecTU">N4ughtysecTU</option>
<option value="NARWHAL SPIDER">NARWHAL SPIDER (GOLD ESSEX, TA544)</option>
<option value="NB65">NB65 (Network Battalion 65)</option>
<option value="NEODYMIUM">NEODYMIUM (G0055)</option>
<option value="NOCTURNAL SPIDER">NOCTURNAL SPIDER</option>
<option value="NOMAD PANDA">NOMAD PANDA</option>
<option value="NOTROBIN">NOTROBIN</option>
<option value="Naikon">Naikon (PLA Unit 78020, OVERRIDE PANDA, Camerashy, BRONZE GENEVA, G0019, Naikon, BRONZE STERLING, G0013)</option>
<option value="Nazar">Nazar (SIG37)</option>
<option value="NewsPenguin">NewsPenguin</option>
<option value="Nexus Zeta">Nexus Zeta</option>
<option value="Night Dragon">Night Dragon (G0014)</option>
<option value="Nitro">Nitro (Covert Grove)</option>
<option value="NoName057(16)">NoName057(16) (NoName057, NoName05716, 05716nnm, Nnm05716)</option>
<option value="OUTLAW SPIDER">OUTLAW SPIDER</option>
<option value="OVERLORD SPIDER">OVERLORD SPIDER</option>
<option value="OilAlpha">OilAlpha</option>
<option value="OilRig">OilRig (Twisted Kitten, Cobalt Gypsy, Crambus, Helix Kitten, APT 34, APT34, IRN2, ATK40, G0049, Evasive Serpens, Hazel Sandstorm, EUROPIUM, TA452)</option>
<option value="OldGremlin">OldGremlin</option>
<option value="OnionDog">OnionDog</option>
<option value="Opal Sleet">Opal Sleet (OSMIUM, Konni)</option>
<option value="Operation BugDrop">Operation BugDrop</option>
<option value="Operation C-Major">Operation C-Major (C-Major, Transparent Tribe, Mythic Leopard, ProjectM, APT36, APT 36, TMP.Lapis, Green Havildar, COPPER FIELDSTONE, Earth Karkaddan)</option>
<option value="Operation Comando">Operation Comando</option>
<option value="Operation Emmental">Operation Emmental (Retefe Gang, Retefe Group)</option>
<option value="Operation Ghoul">Operation Ghoul</option>
<option value="Operation Kabar Cobra">Operation Kabar Cobra</option>
<option value="Operation Parliament">Operation Parliament</option>
<option value="Operation Poison Needles">Operation Poison Needles</option>
<option value="Operation Red Signature">Operation Red Signature</option>
<option value="Operation Shadow Force">Operation Shadow Force</option>
<option value="Operation ShadowHammer">Operation ShadowHammer</option>
<option value="Operation Sharpshooter">Operation Sharpshooter</option>
<option value="Operation Soft Cell">Operation Soft Cell (GALLIUM)</option>
<option value="Operation Triangulation">Operation Triangulation</option>
<option value="Operation WizardOpium">Operation WizardOpium</option>
<option value="Operation Wocao">Operation Wocao</option>
<option value="Orangeworm">Orangeworm</option>
<option value="OurMine">OurMine</option>
<option value="PALE PANDA">PALE PANDA</option>
<option value="PARINACOTA">PARINACOTA (Wine Tempest, Wadhrama)</option>
<option value="PINCHY SPIDER">PINCHY SPIDER</option>
<option value="PIZZO SPIDER">PIZZO SPIDER (DD4BC, Ambiorx)</option>
<option value="PLATINUM">PLATINUM (TwoForOne, G0068, ATK33)</option>
<option value="POISON CARP">POISON CARP (Evil Eye, Red Dev 16, Earth Empusa)</option>
<option value="POISONUS PANDA">POISONUS PANDA</option>
<option value="POLONIUM">POLONIUM (Plaid Rain, UNC4453, GREATRIFT)</option>
<option value="PREDATOR PANDA">PREDATOR PANDA</option>
<option value="PROMETHIUM">PROMETHIUM (StrongPity, G0056)</option>
<option value="Pacha Group">Pacha Group</option>
<option value="Packrat">Packrat</option>
<option value="PassCV">PassCV</option>
<option value="Pearl Sleet">Pearl Sleet (DEV-0215, LAWRENCIUM)</option>
<option value="PerSwaysion">PerSwaysion</option>
<option value="PhantomControl">PhantomControl</option>
<option value="Phlox Tempest">Phlox Tempest (DEV-0796)</option>
<option value="Pickaxe">Pickaxe (Prying Libra)</option>
<option value="Pink Sandstorm">Pink Sandstorm (AMERICIUM, BlackShadow, DEV-0022, Agrius, Agonizing Serpens)</option>
<option value="Poseidon Group">Poseidon Group (G0033)</option>
<option value="PowerPool">PowerPool (IAmTheKing)</option>
<option value="Predatory Sparrow">Predatory Sparrow (Indra, Gonjeshke Darande)</option>
<option value="ProCC">ProCC</option>
<option value="ProjectSauron">ProjectSauron (Strider, Sauron, Project Sauron, G0041)</option>
<option value="Prolific Puma">Prolific Puma</option>
<option value="Prophet Spider">Prophet Spider (GOLD MELODY, UNC961)</option>
<option value="QUILTED TIGER">QUILTED TIGER (Chinastrats, Patchwork, Monsoon, Sarit, Dropping Elephant, APT-C-09, ZINC EMERSON, ATK11, G0040, Orange Athos, Thirsty Gemini)</option>
<option value="R00tK1T">R00tK1T</option>
<option value="RADIO PANDA">RADIO PANDA (Shrouded Crossbow)</option>
<option value="RANCOR">RANCOR (Rancor group, Rancor, Rancor Group, G0075, Rancor Taurus)</option>
<option value="RASPITE">RASPITE (LeafMiner, Raspite)</option>
<option value="RATPAK SPIDER">RATPAK SPIDER</option>
<option value="RAZOR TIGER">RAZOR TIGER (SideWinder, Rattlesnake, APT-C-17, T-APT-04)</option>
<option value="REF2924">REF2924</option>
<option value="REF5961">REF5961</option>
<option value="RIDDLE SPIDER">RIDDLE SPIDER</option>
<option value="RTM">RTM (G0048)</option>
<option value="RansomHouse">RansomHouse</option>
<option value="RansomVC">RansomVC (Ransomed.vc)</option>
<option value="Raspberry Typhoon">Raspberry Typhoon (RADIUM)</option>
<option value="Rebel Jackal">Rebel Jackal (FallagaTeam)</option>
<option value="Red Charon">Red Charon</option>
<option value="Red Dev 17">Red Dev 17</option>
<option value="Red Menshen">Red Menshen (Red Dev 18)</option>
<option value="Red Nue">Red Nue (LuoYu)</option>
<option value="Red-Lili">Red-Lili</option>
<option value="RedAlpha">RedAlpha (DeepCliff, Red Dev 3)</option>
<option value="RedDelta">RedDelta</option>
<option value="RedEcho">RedEcho</option>
<option value="RedGolf">RedGolf</option>
<option value="RedStinger">RedStinger (Bad Magic)</option>
<option value="Redfly">Redfly</option>
<option value="ResumeLooters">ResumeLooters</option>
<option value="Returned Libra">Returned Libra (8220 Mining Group)</option>
<option value="RevengeHotels">RevengeHotels</option>
<option value="Roaming Mantis">Roaming Mantis (Roaming Mantis Group)</option>
<option value="Roaming Tiger">Roaming Tiger (BRONZE WOODLAND, Rotten Tomato)</option>
<option value="Rocke">Rocke (Aged Libra)</option>
<option value="Rocket Kitten">Rocket Kitten (TEMP.Beanie, Operation Woolen Goldfish, Operation Woolen-Goldfish, Thamar Reservoir, Timberworm)</option>
<option value="RomCom">RomCom (Storm-0978)</option>
<option value="Ruby Sleet">Ruby Sleet (CERIUM)</option>
<option value="SABRE PANDA">SABRE PANDA</option>
<option value="SALTY SPIDER">SALTY SPIDER</option>
<option value="SAMURAI PANDA">SAMURAI PANDA (PLA Navy, Wisp Team)</option>
<option value="SCARLETEEL">SCARLETEEL</option>
<option value="SCULLY SPIDER">SCULLY SPIDER</option>
<option value="SHARK SPIDER">SHARK SPIDER</option>
<option value="SINGING SPIDER">SINGING SPIDER</option>
<option value="SLIME29">SLIME29</option>
<option value="SMOKY SPIDER">SMOKY SPIDER</option>
<option value="SNOWGLOBE">SNOWGLOBE (Animal Farm, Snowglobe, ATK8)</option>
<option value="SOLAR SPIDER">SOLAR SPIDER</option>
<option value="SPICY PANDA">SPICY PANDA</option>
<option value="SPIKEDWINE">SPIKEDWINE</option>
<option value="STARDUST CHOLLIMA">STARDUST CHOLLIMA</option>
<option value="SWEED">SWEED</option>
<option value="Saad Tycoon">Saad Tycoon</option>
<option value="SaintBear">SaintBear (UNC2589, TA471, UAC-0056, Nascent Ursa, Nodaria, FROZENVISTA, Storm-0587, DEV-0587, Saint Bear)</option>
<option value="SandCat">SandCat</option>
<option value="Sandman APT">Sandman APT</option>
<option value="Sands Casino">Sands Casino</option>
<option value="Sandworm">Sandworm (Quedagh, VOODOO BEAR, TEMP.Noble, IRON VIKING, G0034, ELECTRUM, TeleBots, IRIDIUM, Blue Echidna, FROZENBARENTS, UAC-0113, Seashell Blizzard, UAC-0082)</option>
<option value="Sath-ı Müdafaa">Sath-ı Müdafaa</option>
<option value="ScamClub">ScamClub</option>
<option value="Scarab">Scarab</option>
<option value="Scarlet Mimic">Scarlet Mimic (G0029, Golfing Taurus)</option>
<option value="Scarred Manticore">Scarred Manticore</option>
<option value="Scattered Canary">Scattered Canary</option>
<option value="Scattered Spider">Scattered Spider (UNC3944, Muddled Libra, Oktapus, Scattered Swine, Scatter Swine, Octo Tempest, 0ktapus, Storm-0971, DEV-0971)</option>
<option value="Sea Turtle">Sea Turtle (COSMIC WOLF, Marbled Dust, SILICON, Teal Kurma, UNC1326)</option>
<option value="Shadow Network">Shadow Network</option>
<option value="ShadowSyndicate">ShadowSyndicate</option>
<option value="ShaggyPanther">ShaggyPanther</option>
<option value="SharpPanda">SharpPanda</option>
<option value="ShinyHunters">ShinyHunters</option>
<option value="ShroudedSnooper">ShroudedSnooper</option>
<option value="SideCopy">SideCopy</option>
<option value="SiegedSec">SiegedSec</option>
<option value="Siesta">Siesta</option>
<option value="Silence group">Silence group (Silence, WHISPER SPIDER)</option>
<option value="Silent Chollima">Silent Chollima (OperationTroy, Guardian of Peace, GOP, WHOis Team, Andariel, Subgroup: Andariel, Onyx Sleet, PLUTONIUM)</option>
<option value="Silent Librarian">Silent Librarian (COBALT DICKENS, Mabna Institute, TA407, TA4900, Yellow Nabu)</option>
<option value="SilitNetwork">SilitNetwork</option>
<option value="SilverFish">SilverFish</option>
<option value="SilverTerrier">SilverTerrier</option>
<option value="Sima">Sima</option>
<option value="SingularityMD">SingularityMD</option>
<option value="Slingshot">Slingshot</option>
<option value="SmugX">SmugX</option>
<option value="Snake Wine">Snake Wine</option>
<option value="Solntsepek">Solntsepek</option>
<option value="Sowbug">Sowbug (G0054)</option>
<option value="SparklingGoblin">SparklingGoblin</option>
<option value="Stealth Falcon">Stealth Falcon (FruityArmor, G0038)</option>
<option value="Storm Cloud">Storm Cloud</option>
<option value="Storm-0062">Storm-0062 (Oro0lxy, DarkShadow)</option>
<option value="Storm-0324">Storm-0324 (DEV-0324, Sagrid, TA543)</option>
<option value="Storm-0381">Storm-0381 (DEV-0381)</option>
<option value="Storm-0530">Storm-0530 (DEV-0530, H0lyGh0st)</option>
<option value="Storm-0539">Storm-0539</option>
<option value="Storm-0558">Storm-0558</option>
<option value="Storm-0829">Storm-0829 (DEV-0829, Nwgen Team)</option>
<option value="Storm-0835">Storm-0835</option>
<option value="Storm-0867">Storm-0867 (DEV-0867)</option>
<option value="Storm-1044">Storm-1044 (DEV-1044)</option>
<option value="Storm-1084">Storm-1084 (DEV-1084)</option>
<option value="Storm-1099">Storm-1099</option>
<option value="Storm-1101">Storm-1101 (DEV-1101)</option>
<option value="Storm-1113">Storm-1113</option>
<option value="Storm-1133">Storm-1133</option>
<option value="Storm-1152">Storm-1152</option>
<option value="Storm-1167">Storm-1167 (DEV-1167)</option>
<option value="Storm-1283">Storm-1283</option>
<option value="Storm-1286">Storm-1286</option>
<option value="Storm-1295">Storm-1295 (DEV-1295)</option>
<option value="Storm-1567">Storm-1567 (Akira)</option>
<option value="Storm-1575">Storm-1575</option>
<option value="Storm-1674">Storm-1674</option>
<option value="Sunglow Blizzard">Sunglow Blizzard (DEV-0665)</option>
<option value="TA2101">TA2101 (Maze Team, TWISTED SPIDER, GOLD VILLAGE, Storm-0216, DEV-0216, Twisted Spider)</option>
<option value="TA2536">TA2536</option>
<option value="TA2541">TA2541</option>
<option value="TA2552">TA2552</option>
<option value="TA2719">TA2719</option>
<option value="TA2722">TA2722 (Balikbayan Foxes)</option>
<option value="TA2725">TA2725</option>
<option value="TA402">TA402</option>
<option value="TA406">TA406</option>
<option value="TA410">TA410</option>
<option value="TA428">TA428 (Colourful Panda, BRONZE DUDLEY)</option>
<option value="TA444">TA444</option>
<option value="TA453">TA453</option>
<option value="TA459">TA459 (G0062)</option>
<option value="TA482">TA482</option>
<option value="TA499">TA499 (Vovan, Lexus)</option>
<option value="TA505">TA505 (SectorJ04, SectorJ04 Group, GRACEFUL SPIDER, GOLD TAHOE, Dudear, G0092, ATK103, Hive0065, CHIMBORAZO, Spandex Tempest, Lace Tempest, DEV-0950, FIN11)</option>
<option value="TA516">TA516</option>
<option value="TA530">TA530</option>
<option value="TA547">TA547</option>
<option value="TA554">TA554 (TH-163)</option>
<option value="TA555">TA555</option>
<option value="TA558">TA558</option>
<option value="TA570">TA570 (DEV-0450)</option>
<option value="TA575">TA575</option>
<option value="TA577">TA577 (Hive0118)</option>
<option value="TA578">TA578</option>
<option value="TA579">TA579</option>
<option value="TA800">TA800</option>
<option value="TA866">TA866</option>
<option value="TAG-28">TAG-28</option>
<option value="TAG-53">TAG-53</option>
<option value="TAG-56">TAG-56</option>
<option value="TEMP.Hermit">TEMP.Hermit</option>
<option value="TEMP.Veles">TEMP.Veles (Xenotime, G0088, ATK91)</option>
<option value="TEMPER PANDA">TEMPER PANDA (Admin338, Team338, MAGNESIUM, admin@338, G0018)</option>
<option value="TEMP_Heretic">TEMP_Heretic</option>
<option value="TERBIUM">TERBIUM</option>
<option value="TEST PANDA">TEST PANDA</option>
<option value="TINY SPIDER">TINY SPIDER</option>
<option value="TOXIC PANDA">TOXIC PANDA</option>
<option value="TRACER KITTEN">TRACER KITTEN</option>
<option value="TRAVELING SPIDER">TRAVELING SPIDER</option>
<option value="Taidoor">Taidoor (G0015, Earth Aughisky)</option>
<option value="Team-Xecuter">Team-Xecuter</option>
<option value="TeamSpy Crew">TeamSpy Crew (TeamSpy, Team Bear, Anger Bear, IRON LYRIC)</option>
<option value="TeamTNT">TeamTNT (Adept Libra)</option>
<option value="TeamXRat">TeamXRat (CorporacaoXRat, CorporationXRat)</option>
<option value="TempTick">TempTick</option>
<option value="TetrisPhantom">TetrisPhantom</option>
<option value="The Big Bang">The Big Bang</option>
<option value="The Gorgon Group">The Gorgon Group (Gorgon Group, Subaat, ATK92, G0078, Pasty Gemini)</option>
<option value="The Shadow Brokers">The Shadow Brokers (The ShadowBrokers, TSB, Shadow Brokers, ShadowBrokers)</option>
<option value="TheDarkOverlord">TheDarkOverlord</option>
<option value="Threatsec">Threatsec</option>
<option value="Thrip">Thrip (G0076, ATK78)</option>
<option value="TianWu">TianWu</option>
<option value="Tick">Tick (Nian, BRONZE BUTLER, REDBALDKNIGHT, STALKER PANDA, G0060, Stalker Taurus, PLA Unit 61419)</option>
<option value="TiltedTemple">TiltedTemple (DEV-0322, Circle Typhoon)</option>
<option value="ToddyCat">ToddyCat (Websiic)</option>
<option value="Tomiris">Tomiris</option>
<option value="Tonto Team">Tonto Team (CactusPete, KARMA PANDA, BRONZE HUNTLEY, COPPER, Red Beifang, G0131, PLA Unit 65017, Earth Akhlut, TAG-74)</option>
<option value="Tortoiseshell">Tortoiseshell (IMPERIAL KITTEN, Yellow Liderc, Imperial Kitten, TA456, DUSTYCAVE, Crimson Sandstorm)</option>
<option value="TraderTraitor">TraderTraitor (Jade Sleet, UNC4899)</option>
<option value="TunnelSnake">TunnelSnake</option>
<option value="TurkHackTeam">TurkHackTeam (Turk Hack Team)</option>
<option value="Turla">Turla (Snake, VENOMOUS Bear, Group 88, Waterbug, WRAITH, Uroburos, Pfinet, TAG_0530, KRYPTON, Hippo Team, Pacifier APT, Popeye, SIG23, IRON HUNTER, MAKERSMARK, ATK13, G0010, ITG12, Blue Python, SUMMIT, UNC4210,
Secret Blizzard, UAC-0144, UAC-0024, UAC-0003)</option>
<option value="TwoSail Junk">TwoSail Junk (Operation Poisoned News)</option>
<option value="UAC-0006">UAC-0006</option>
<option value="UAC-0050">UAC-0050</option>
<option value="UAC-0094">UAC-0094</option>
<option value="UAC-0099">UAC-0099</option>
<option value="UAC-0118">UAC-0118 (FRwL, FromRussiaWithLove)</option>
<option value="UAC-0184">UAC-0184</option>
<option value="UNC1549">UNC1549</option>
<option value="UNC1878">UNC1878</option>
<option value="UNC215">UNC215</option>
<option value="UNC2447">UNC2447</option>
<option value="UNC2452">UNC2452 (DarkHalo, StellarParticle, NOBELIUM, Solar Phoenix, Midnight Blizzard, APT29, Cozy Bear)</option>
<option value="UNC2565">UNC2565 (Hive0127)</option>
<option value="UNC2630">UNC2630</option>
<option value="UNC2659">UNC2659</option>
<option value="UNC2717">UNC2717</option>
<option value="UNC3524">UNC3524</option>
<option value="UNC3886">UNC3886</option>
<option value="UNC3890">UNC3890</option>
<option value="UNC4191">UNC4191</option>
<option value="UNC4736">UNC4736</option>
<option value="UNC4841">UNC4841</option>
<option value="UNC4990">UNC4990</option>
<option value="UNC5174">UNC5174 (Uteus)</option>
<option value="UNC5325">UNC5325</option>
<option value="UNION PANDA">UNION PANDA</option>
<option value="UNION SPIDER">UNION SPIDER</option>
<option value="UTA0178">UTA0178 (UNC5221, Red Dev 61)</option>
<option value="Unit 8200">Unit 8200 (Duqu Group)</option>
<option value="Unnamed Actor">Unnamed Actor</option>
<option value="Urpage">Urpage</option>
<option value="UserSec">UserSec</option>
<option value="VENOM SPIDER">VENOM SPIDER (badbullzvenom, badbullz)</option>
<option value="VICEROY TIGER">VICEROY TIGER (OPERATION HANGOVER, Donot Team, APT-C-35, SectorE02, Orange Kala)</option>
<option value="VIKING SPIDER">VIKING SPIDER</option>
<option value="Vanilla Tempest">Vanilla Tempest (DEV-0832, Vice Society)</option>
<option value="Velvet Tempest">Velvet Tempest (DEV-0504)</option>
<option value="ViceLeaker">ViceLeaker</option>
<option value="Vicious Panda">Vicious Panda (SixLittleMonkeys)</option>
<option value="Viking Jackal">Viking Jackal (Vikingdom)</option>
<option value="Void Balaur">Void Balaur</option>
<option value="Void Rabisu">Void Rabisu (Tropical Scorpius)</option>
<option value="Volatile Cedar">Volatile Cedar (Lebanese Cedar, DeftTorero)</option>
<option value="Volt Typhoon">Volt Typhoon (BRONZE SILHOUETTE, VANGUARD PANDA)</option>
<option value="VulzSecTeam">VulzSecTeam (VulzSec)</option>
<option value="WET PANDA">WET PANDA (Red Chimera)</option>
<option value="WIP19">WIP19</option>
<option value="WIRTE">WIRTE</option>
<option value="WIZARD SPIDER">WIZARD SPIDER (TEMP.MixMaster, GOLD BLACKBURN, FIN12, Periwinkle Tempest, DEV-0193, Storm-0193, Trickbot LLC, UNC2053, Pistachio Tempest, DEV-0237)</option>
<option value="WOLF SPIDER">WOLF SPIDER (FIN4, G0085)</option>
<option value="Watchdog">Watchdog (Thief Libra)</option>
<option value="Water Curupira">Water Curupira</option>
<option value="Water Labbu">Water Labbu</option>
<option value="WeRedEvils">WeRedEvils</option>
<option value="Webworm">Webworm (Space Pirates)</option>
<option value="WeedSec">WeedSec</option>
<option value="White Bear">White Bear (Skipper Turla)</option>
<option value="Whitefly">Whitefly</option>
<option value="WildCard">WildCard</option>
<option value="WildNeutron">WildNeutron (Butterfly, Morpho, Sphinx Moth)</option>
<option value="WildPressure">WildPressure</option>
<option value="WindShift">WindShift (Windy Phoenix)</option>
<option value="Winter Vivern">Winter Vivern (UAC-0114, TA473, TAG-70, TA-473)</option>
<option value="Witchetty">Witchetty (LookingFrog)</option>
<option value="Worok">Worok</option>
<option value="XDSpy">XDSpy</option>
<option value="XakNet">XakNet (UAC-0100, UAC-0106)</option>
<option value="Xcatze">Xcatze</option>
<option value="Xiaoqiying">Xiaoqiying (Genesis Day, Teng Snake)</option>
<option value="Yanbian Gang">Yanbian Gang</option>
<option value="YoroTrooper">YoroTrooper (Salted Earth, Sturgeon Fisher)</option>
<option value="ZOMBIE SPIDER">ZOMBIE SPIDER</option>
<option value="Zarya">Zarya (UAC-0109)</option>
<option value="ZooPark">ZooPark</option>
<option value="[Unnamed group]">[Unnamed group]</option>
<option value="[Vault 7/8]">[Vault 7/8]</option>
<option value="luoxk">luoxk</option>
</select><!--<input type="text" class="form-control" id="new_actor" name="new_actor" aria-describedby="new_actorInfo" placeholder="Type actors Name">--><!--<small id="new_actoreInfo" class="form-text text-muted"></small>--></div>
</div>
<div class="tab-pane" id="actors_remove" role="tabpanel">
<div class="form-group"><label for="actor_to_delete">Which actor do you think should be removed?</label><select class="form-control" id="actor_to_delete" name="actor_to_delete">
<option value="" disabled="" selected="" hidden="">Please select an actor</option>
</select></div>
</div>
</div>
</div>
</div>
<div class="form-group"><label for="comment">Explanation / Reference</label><textarea class="form-control" id="comment" name="comment" rows="3" aria-describedby="commentInfo"></textarea><small id="commentInfo" class="form-text text-muted">Why do
you think this change is advisable? Feel free to include references.</small></div>
<p> Your suggestion will be reviewed before being published. <br> Thank you for contributing! </p>
<script src="https://www.google.com/recaptcha/api.js" async="" defer=""></script>
<div class="g-recaptcha d-none" style="margin-bottom: 15px;" data-sitekey="6LfK8IMUAAAAAFbpwlbTjM7r4tsATWd_oMPDxFCW" data-callback="recaptchaCallback">
<div style="width: 304px; height: 78px;">
<div><iframe title="reCAPTCHA" width="304" height="78" role="presentation" name="a-qp536volpv0l" frameborder="0" scrolling="no"
sandbox="allow-forms allow-popups allow-same-origin allow-scripts allow-top-navigation allow-modals allow-popups-to-escape-sandbox allow-storage-access-by-user-activation"
src="https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfK8IMUAAAAAFbpwlbTjM7r4tsATWd_oMPDxFCW&co=aHR0cHM6Ly9tYWxwZWRpYS5jYWFkLmZraWUuZnJhdW5ob2Zlci5kZTo0NDM.&hl=de&v=QoukH5jSO3sKFzVEA7Vc8VgC&size=normal&cb=9s3l0vvg59x9"></iframe>
</div><textarea id="g-recaptcha-response" name="g-recaptcha-response" class="g-recaptcha-response"
style="width: 250px; height: 40px; border: 1px solid rgb(193, 193, 193); margin: 10px 25px; padding: 0px; resize: none; display: none;"></textarea>
</div><iframe style="display: none;"></iframe>
</div>
</div>
<div class="modal-footer"><button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button><button type="submit" class="btn btn-logo-red disabled" disabled="">Submit</button></div>
</form>POST /backend/propose_entry_change
<form class="propose_entry_change" method="post" enctype="multipart/form-data" action="/backend/propose_entry_change"><input required="" type="hidden" class="form-control" name="entry_id" id="pec_entry_id" value="">
<div class="modal-header">
<h4 class="modal-title" id="proposeEntryChangeTitle">Propose Change of Library Entry</h4><button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">×</span></button>
</div>
<div class="modal-body">
<div class="ajax-message"></div><input type="hidden" name="csrfmiddlewaretoken" value="jt1Bvd88Chrg8bCxAnpFFZpAxjxZgqn3zOtjBczhA0OYnGwvRCHnWEXrw0IGUgL1">
<div class="form-group"><label for="pec_url">URL</label><input type="url" class="form-control" id="pec_url" name="url" aria-describedby="urlHelp" required=""></div>
<div class="form-group"><label for="pec_title">Title</label><input type="text" class="form-control" id="pec_title" name="title" aria-describedby="titleHelp" required=""></div>
<div class="form-group"><label for="pec_authors">Authors</label><select class="select-authors selectized" id="pec_select-authors" multiple="multiple" name="select-authors[]" tabindex="-1" style="display: none;"></select>
<div class="selectize-control select-authors multi">
<div class="selectize-input items not-full has-options"><input type="select-multiple" autocomplete="off" tabindex="" id="pec_select-authors-selectized" style="width: 4px;"></div>
<div class="selectize-dropdown multi select-authors" style="display: none;">
<div class="selectize-dropdown-content"></div>
</div>
</div>
</div>
<div class="form-group"><label for="pec_language">Language</label><input type="text" class="form-control" id="pec_language" name="language" aria-describedby="languageHelp" required="" value="English"></div>
<div class="form-group"><label for="pec_date">Date</label><input pattern="(\d\d\d\d)(-\d\d){0,2}" type="text" class="form-control" id="pec_date" name="date" aria-describedby="dateHelp" required=""><small id="dateHelp"
class="form-text text-muted"> Please use <code>YYYY-MM-DD</code>, <code>YYYY-MM</code>, or <code>YYYY</code>. </small></div>
<div class="form-group"><label for="pec_organization">Organization (optional)</label><select class="select-organization selectized" name="select-organization" id="pec_select-organization" tabindex="-1" style="display: none;">
<option value="" selected="selected"></option>
</select>
<div class="selectize-control select-organization single">
<div class="selectize-input items not-full has-options"><input type="select-one" autocomplete="off" tabindex="" id="pec_select-organization-selectized" style="width: 4px;"></div>
<div class="selectize-dropdown single select-organization" style="display: none;">
<div class="selectize-dropdown-content"></div>
</div>
</div>
</div>
<div class="form-group"><label for="pec_select-families-selectized">Referenced families (optional)</label><select class="select-families selectized" multiple="multiple" name="select-families[]" id="pec_select-families" tabindex="-1"
style="display: none;"></select>
<div class="selectize-control select-families multi">
<div class="selectize-input items not-full has-options"><input type="select-multiple" autocomplete="off" tabindex="" id="pec_select-families-selectized" placeholder="Select families..." style="width: 121.188px;"></div>
<div class="selectize-dropdown multi select-families" style="display: none;">
<div class="selectize-dropdown-content"></div>
</div>
</div>
</div>
<div class="form-group"><label for="comment">Comment</label><textarea class="form-control" id="comment" name="comment" rows="1" aria-describedby="commentInfo" placeholder="Further Information"></textarea><small id="commentInfo"
class="form-text text-muted"> Add additional information to explain your proposal. </small></div>
<p> Your suggestion will be reviewed before being published. <br> Thank you for contributing! </p>
</div>
<div class="modal-footer"><button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button><button type="submit" class="btn btn-logo-red">Submit</button></div>
</form>Text Content
Please enable JavaScript to use all features of this site.
--------------------------------------------------------------------------------
* Inventory
* Statistics
* Usage
* ApiVector
* Login
SYMBOLCOMMON_NAMEaka. SYNONYMS
win.tinba (Back to overview)
TINBA PROPOSE CHANGE
aka: Zusy, TinyBanker, Illi
VTCollection URLhaus
--------------------------------------------------------------------------------
F-Secure notes that TinyBanker or short Tinba is usually distributed through
malvertising (advertising content that leads the user to sites hosting malicious
threats), exploit kits and spam email campaigns. According to news reports,
Tinba has been found targeting bank customers in the United States and Europe.
If Tinba successfully infects a device, it can steal banking and personal
information through webinjects. To do this, the malware monitors the user's
browser activity and if specific banking portals are visited, Tinba injects code
to present the victim with fake web forms designed to mimic the legitimate web
site. The malware then tricks them into entering their personal information,
log-in credentials, etc in the legitimate-looking page.
Tinba may also display socially-engineered messages to lure or pressure the user
into entering their information on the fake page; for example, a message may be
shown which attempts to convince the victim that funds were accidentally
deposited to his account and must be refunded immediately.
REFERENCES
×
Select Content
×
Select Content
×
Select Content
×
Select Content
×
Select Content
×
Select Content
×
Select Content
×
Select Content
×
Select Content
×
Select Content
×
Select Content
×
Select Content
×
Select Content
2022-02-11 ⋅ Cisco Talos ⋅ Talos
Threat Roundup for February 4 to February 11
DarkComet Ghost RAT Loki Password Stealer (PWS) Tinba Tofsee Zeus 2020-08-09 ⋅
F5 Labs ⋅ Debbie Walkowski, Remi Cohen
Banking Trojans: A Reference Guide to the Malware Family Tree
BackSwap Carberp Citadel DanaBot Dridex Dyre Emotet Gozi Kronos PandaBanker
Ramnit Shylock SpyEye Tinba TrickBot Vawtrak Zeus 2020-07-29 ⋅ ESET Research ⋅
welivesecurity
THREAT REPORT Q2 2020
DEFENSOR ID HiddenAd Bundlore Pirrit Agent.BTZ Cerber ClipBanker CROSSWALK
Cryptowall CTB Locker DanaBot Dharma Formbook Gandcrab Grandoreiro Houdini ISFB
LockBit Locky Mailto Maze Microcin Nemty NjRAT Phobos PlugX Pony REvil Socelars
STOP Tinba TrickBot WannaCryptor 2019-08-13 ⋅ Adalogics ⋅ David Korczynski
The state of advanced code injections
Dridex Emotet Tinba 2019-03-13 ⋅ Cylance ⋅ Tatsuya Hasegawa
BlackBerry Cylance vs. Tinba Banking Trojan
Tinba 2018-07-05 ⋅ Zscaler ⋅ Dhanalakshmi
A Look At Recent Tinba Banking Trojan Variant
Tinba 2015-08-12 ⋅ SecurityIntelligence ⋅ Limor Kessem
Tinba Trojan Sets Its Sights on Romania
Tinba 2015-06-18 ⋅ SWITCH Security Blog ⋅ Slavo Greminger
So Long, and Thanks for All the Domains
Tinba 2014-09-22 ⋅ SecurityIntelligence ⋅ Assaf Regev, Tal Darsan
Tinba Malware Reloaded and Attacking Banks Around the World
Tinba 2014-07-16 ⋅ StopMalvertising ⋅ Kimberly
Mini Analysis of the TinyBanker Tinba
Tinba 2012-06-06 ⋅ Contagio Dump ⋅ Mila Parkour
Tinba / Zusy - tiny banker trojan
Tinba 2012-06-04 ⋅ John Leyden
Small banking Trojan poses major risk
Tinba 2012-01-01 ⋅ CSIS Trend Micro ⋅ Feike Hacquebord (Trend Micro), Peter
Kruse (CSIS), Robert McArdle (Trend Micro)
W32.Tinba (Tinybanker) The Turkish Incident
Tinba
YARA RULES
[TLP:WHITE] win_tinba_auto (20230808 | Detects win.tinba.)
rule win_tinba_auto {
meta:
author = "Felix Bilstein - yara-signator at cocacoding dot com"
date = "2023-12-06"
version = "1"
description = "Detects win.tinba."
info = "autogenerated rule brought to you by yara-signator"
tool = "yara-signator v0.6.0"
signator_config = "callsandjumps;datarefs;binvalue"
malpedia_reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.tinba"
malpedia_rule_date = "20231130"
malpedia_hash = "fc8a0e9f343f6d6ded9e7df1a64dac0cc68d7351"
malpedia_version = "20230808"
malpedia_license = "CC BY-SA 4.0"
malpedia_sharing = "TLP:WHITE"
/* DISCLAIMER
* The strings used in this rule have been automatically selected from the
* disassembly of memory dumps and unpacked files, using YARA-Signator.
* The code and documentation is published here:
* https://github.com/fxb-cocacoding/yara-signator
* As Malpedia is used as data source, please note that for a given
* number of families, only single samples are documented.
* This likely impacts the degree of generalization these rules will offer.
* Take the described generation method also into consideration when you
* apply the rules in your use cases and assign them confidence levels.
*/
strings:
$sequence_0 = { 8b7508 ad 50 56 }
// n = 4, score = 1100
// 8b7508 | mov esi, dword ptr [ebp + 8]
// ad | lodsd eax, dword ptr [esi]
// 50 | push eax
// 56 | push esi
$sequence_1 = { 8b4510 aa 8b450c ab }
// n = 4, score = 1100
// 8b4510 | mov eax, dword ptr [ebp + 0x10]
// aa | stosb byte ptr es:[edi], al
// 8b450c | mov eax, dword ptr [ebp + 0xc]
// ab | stosd dword ptr es:[edi], eax
$sequence_2 = { 8a241f 88240f 88041f 41 }
// n = 4, score = 1000
// 8a241f | mov ah, byte ptr [edi + ebx]
// 88240f | mov byte ptr [edi + ecx], ah
// 88041f | mov byte ptr [edi + ebx], al
// 41 | inc ecx
$sequence_3 = { 6a00 6a00 6a00 ff750c 6a00 6a00 ff7508 }
// n = 7, score = 1000
// 6a00 | push 0
// 6a00 | push 0
// 6a00 | push 0
// ff750c | push dword ptr [ebp + 0xc]
// 6a00 | push 0
// 6a00 | push 0
// ff7508 | push dword ptr [ebp + 8]
$sequence_4 = { 8b4114 83f8fd 7506 8b4108 8b4014 85c0 7403 }
// n = 7, score = 900
// 8b4114 | mov eax, dword ptr [ecx + 0x14]
// 83f8fd | cmp eax, -3
// 7506 | jne 8
// 8b4108 | mov eax, dword ptr [ecx + 8]
// 8b4014 | mov eax, dword ptr [eax + 0x14]
// 85c0 | test eax, eax
// 7403 | je 5
$sequence_5 = { 66b80d0a 66ab b8436f6f6b ab b869653a20 ab }
// n = 6, score = 900
// 66b80d0a | mov ax, 0xa0d
// 66ab | stosw word ptr es:[edi], ax
// b8436f6f6b | mov eax, 0x6b6f6f43
// ab | stosd dword ptr es:[edi], eax
// b869653a20 | mov eax, 0x203a6569
// ab | stosd dword ptr es:[edi], eax
$sequence_6 = { ff15???????? 48 83c420 48 85c0 0f84b4000000 }
// n = 6, score = 900
// ff15???????? |
// 48 | dec eax
// 83c420 | add esp, 0x20
// 48 | dec eax
// 85c0 | test eax, eax
// 0f84b4000000 | je 0xba
$sequence_7 = { 814a3500080000 4c 29c6 40 8832 }
// n = 5, score = 900
// 814a3500080000 | or dword ptr [edx + 0x35], 0x800
// 4c | dec esp
// 29c6 | sub esi, eax
// 40 | inc eax
// 8832 | mov byte ptr [edx], dh
$sequence_8 = { 8b7d0c 31c9 bb0a000000 31d2 f7f3 52 }
// n = 6, score = 900
// 8b7d0c | mov edi, dword ptr [ebp + 0xc]
// 31c9 | xor ecx, ecx
// bb0a000000 | mov ebx, 0xa
// 31d2 | xor edx, edx
// f7f3 | div ebx
// 52 | push edx
$sequence_9 = { 8b4514 8908 290e 8b06 }
// n = 4, score = 900
// 8b4514 | mov eax, dword ptr [ebp + 0x14]
// 8908 | mov dword ptr [eax], ecx
// 290e | sub dword ptr [esi], ecx
// 8b06 | mov eax, dword ptr [esi]
$sequence_10 = { 66b80d0a 66ab b855736572 ab b82d416765 ab }
// n = 6, score = 900
// 66b80d0a | mov ax, 0xa0d
// 66ab | stosw word ptr es:[edi], ax
// b855736572 | mov eax, 0x72657355
// ab | stosd dword ptr es:[edi], eax
// b82d416765 | mov eax, 0x6567412d
// ab | stosd dword ptr es:[edi], eax
$sequence_11 = { 73ed 88e8 48 8d1d5a020000 }
// n = 4, score = 900
// 73ed | jae 0xffffffef
// 88e8 | mov al, ch
// 48 | dec eax
// 8d1d5a020000 | lea ebx, [0x25a]
$sequence_12 = { fd 8b7d0c 83c707 8b4508 83e00f }
// n = 5, score = 900
// fd | std
// 8b7d0c | mov edi, dword ptr [ebp + 0xc]
// 83c707 | add edi, 7
// 8b4508 | mov eax, dword ptr [ebp + 8]
// 83e00f | and eax, 0xf
condition:
7 of them and filesize < 57344
}
[TLP:WHITE] win_tinba_w0 (20170605 | Tinba 2 (DGA) banking trojan)
rule win_tinba_w0 {
meta:
author = "n3sfox <n3sfox@gmail.com>"
date = "2015/11/07"
description = "Tinba 2 (DGA) banking trojan"
reference = "https://securityintelligence.com/tinba-malware-reloaded-and-attacking-banks-around-the-world"
filetype = "memory"
hash = "c7f662594f07776ab047b322150f6ed0"
hash = "dc71ef1e55f1ddb36b3c41b1b95ae586"
hash = "b788155cb82a7600f2ed1965cffc1e88"
source = "https://github.com/mattulm/sfiles_yara/blob/master/malware/tinba2.yar"
malpedia_reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.tinba"
malpedia_version = "20170605"
malpedia_license = "CC BY-NC-SA 4.0"
malpedia_sharing = "TLP:WHITE"
strings:
$str3 = "NtCreateUserProcess"
$str4 = "NtQueryDirectoryFile"
$str5 = "RtlCreateUserThread"
$str6 = "DeleteUrlCacheEntry"
$str7 = "PR_Read"
$str8 = "PR_Write"
$pubkey = "BEGIN PUBLIC KEY"
$code1 = {50 87 44 24 04 6A ?? E8}
condition:
all of ($str*) and $pubkey and $code1
}
Download all Yara Rules
--------------------------------------------------------------------------------
PROPOSE CHANGE FOR WIN.TINBA
×
In which category would you like to suggest a change?Please select a
categoryActorsNamingDescriptionReferencesOther
What would you like to do?Please select an optionSuggest an aliasChange the
common name
New Alias for win.tinbaPlease enter a new alias that you think is appropriate
for Tinba. Give a reference for the alias in the box below.
New Name for win.tinbaPlease enter your proposal for a new primary family name
that you think is more appropriate than win.tinba.
New Common Name for win.tinbaPlease enter your proposal for a new primary family
name that you think is more appropriate than Tinba.
What would you like to do?Please select an optionChange the existing description
Add DescriptionThe Family description will be visible on the family details
site.
Change DescriptionChange the existing description like you think it would be
advisable.
If your designated proposal does not fit in any other category,
feel free to write a free-text in the comment field below.
Please propose all changes regarding references on the Malpedia library page
What would you like to do?Please select an optionAdd new actor
New Actor for win.tinba Stealth Mango and Tangelo 1937CNALLANITE (Palmetto
Fusion, Allanite)ANDROMEDA SPIDERANTHROPOID SPIDER (Empire Monkey,
CobaltGoblin)APT-C-12 (Sapphire Mushroom, Blue Mushroom, NuclearCrisis)APT-C-27
(GoldMouse, Golden RAT, ATK80)APT-C-34 (Golden Falcon)APT-C-36 (Blind
Eagle)APT-C-60 (APT-Q-12)APT.3102APT1 (COMMENT PANDA, PLA Unit 61398, Comment
Crew, Byzantine Candor, Group 3, TG-8223, Comment Group, Brown Fox, GIF89a,
ShadyRAT, G0006)APT10 (STONE PANDAD, Menupass Team, happyyongzi, POTASSIUM, Red
Apollo, CVNX, HOGFISH, Cloud Hopper, BRONZE RIVERSIDE, ATK41, G0045, Granite
Taurus, TA429)APT12 (NUMBERED PANDA, TG-2754, BeeBus, Group 22, DynCalc, Calc
Team, DNSCalc, Crimson Iron, IXESHE, BRONZE GLOBE)APT14 (ANCHOR PANDA, QAZTeam,
ALUMINUM)APT15 (VIXEN PANDA, Ke3Chang, Playful Dragon, Metushy, Lurid, Social
Network Team, Royal APT, BRONZE PALACE, BRONZE DAVENPORT, BRONZE IDLEWOOD,
NICKEL, G0004, Red Vulture, Nylon Typhoon, Mirage)APT16 (SVCMONDR, G0023)APT17
(Group 8, AURORA PANDA, Hidden Lynx, Tailgater Team, Dogfish, BRONZE KEYSTONE,
G0025, Group 72, G0001, Axiom, HELIUM)APT18 (DYNAMITE PANDA, TG-0416, SCANDIUM,
PLA Navy, Wekby, G0026)APT19 (DEEP PANDA, Codoso, WebMasters, KungFu Kittens,
Black Vine, TEMP.Avengers, Group 13, PinkPanther, Shell Crew, BRONZE FIRESTONE,
G0009, G0073, Pupa, Sunshop Group)APT2 (PLA Unit 61486, PUTTER PANDA, MSUpdater,
4HCrew, SULPHUR, SearchFire, TG-6952, G0024)APT20 (VIOLIN PANDA, TH3Bug,
Crawling Taurus)APT21 (HAMMER PANDA, TEMP.Zhenbao, NetTraveler)APT22 (G0039,
Suckfly, BRONZE OLIVE, Group 46)APT23 (PIRATE PANDA, KeyBoy, Tropic Trooper,
BRONZE HOBART, G0081, Red Orthrus, Earth Centaur)APT24 (PITTY PANDA, G0011,
Temp.Pittytiger)APT26 (JerseyMikes, TURBINE PANDA, BRONZE EXPRESS,
TECHNETIUM)APT27 (GreedyTaotie, TG-3390, EMISSARY PANDA, TEMP.Hippo, Red
Phoenix, Budworm, Group 35, ZipToken, Iron Tiger, BRONZE UNION, Lucky Mouse,
G0027, Iron Taurus, Earth Smilodon)APT28 (Pawn Storm, FANCY BEAR, Sednit,
SNAKEMACKEREL, Tsar Team, TG-4127, STRONTIUM, Swallowtail, IRON TWILIGHT, Group
74, SIG40, Grizzly Steppe, G0007, ATK5, Fighting Ursa, ITG05, Blue Athena,
TA422, T-APT-12, APT-C-20, UAC-0028, FROZENLAKE, Sofacy, Forest Blizzard, APT
28, TsarTeam, Group-4127, Grey-Cloud)APT29 (Group 100, COZY BEAR, The Dukes,
Minidionis, SeaDuke, YTTRIUM, IRON HEMLOCK, Grizzly Steppe, G0016, ATK7, Cloaked
Ursa, TA421, Blue Kitsune, ITG11, BlueBravo, Nobelium, UAC-0029, Midnight
Blizzard)APT3 (GOTHIC PANDA, TG-0110, Group 6, UPS, Buckeye, Boyusec, BORON,
BRONZE MAYFAIR, Red Sylvan)APT30 (G0013, Raspberry Typhoon, RADIUM,
LotusBlossom)APT31 (ZIRCONIUM, JUDGMENT PANDA, BRONZE VINEWOOD, Red keres,
Violet Typhoon, TA412, Zirconium)APT32 (OceanLotus Group, Ocean Lotus,
OceanLotus, Cobalt Kitty, APT-C-00, SeaLotus, Sea Lotus, APT-32, APT 32, Ocean
Buffalo, POND LOACH, TIN WOODLAWN, BISMUTH, ATK17, G0050, Canvas Cyclone)APT33
(APT 33, Elfin, MAGNALLIUM, Refined Kitten, HOLMIUM, COBALT TRINITY, G0064,
ATK35, Peach Sandstorm, TA451)APT35 (Newscaster Team, Magic Hound, G0059,
Phosphorus, Mint Sandstorm, TunnelVision, COBALT MIRAGE, Charming Kitten)APT37
(APT 37, Group 123, Group123, InkySquid, Operation Daybreak, Operation Erebus,
Reaper Group, Reaper, Red Eyes, Ricochet Chollima, ScarCruft, Venus 121, ATK4,
G0067, Moldy Pisces)APT39 (Chafer, REMIX KITTEN, COBALT HICKMAN, G0087, Radio
Serpens, TA454)APT4 (PLA Navy, MAVERICK PANDA, BRONZE EDISON, SODIUM, Salmon
Typhoon)APT40 (TEMP.Periscope, TEMP.Jumper, Leviathan, BRONZE MOHAWK,
GADOLINIUM, KRYPTONITE PANDA, G0065, ATK29, TA423, Red Ladon, ITG09, MUDCARP,
ISLANDDREAMS, Gingham Typhoon)APT41 (G0096, TA415, Blackfly, Grayfly, LEAD,
BARIUM, WICKED SPIDER, WICKED PANDA, BRONZE ATLAS, BRONZE EXPORT, Red Kelpie,
G0044, Earth Baku, Amoeba, HOODOO, Brass Typhoon)APT42 (UNC788,
CALANQUE)APT43APT5 (KEYHOLE PANDA, MANGANESE, BRONZE FLEETWOOD, TEMP.Bottle,
Mulberry Typhoon, Poisoned Flight, TABCTENG)APT6 (1.php Group)APT9 (NIGHTSHADE
PANDA, Red Pegasus, Group 27)AeroBladeAltahrea TeamAnonymous SudanAntlionAoqin
Dragon (UNC94)AppMiladAridViper (Desert Falcon, Renegade Jackal, DESERTVARNISH,
UNC718, Arid Viper, APT-C-23)Aslan Neferler Tim (Lion Soldiers Team, Phantom
Turk)AtlasCrossAttorAvivoreAyyıldız Tim (Crescent and Star)BAMBOO SPIDERBANISHED
KITTEN (DUNE, Storm-0842)BIG PANDABITWISE SPIDERBOSON SPIDERBOSS SPIDER (GOLD
LOWELL)BRONZE EDGEWOOD (Red Hariasa)BRONZE HIGHLAND (Evasive Panda,
Daggerfly)BRONZE SPIRALBRONZE SPRING (UNC302)BRONZE STARLIGHT (SLIME34,
DEV-0401, Cinnamon Tempest, Emperor Dragonfly)BRONZE VAPORBackdoorDiplomacy
(BackDip, CloudComputating, Quarian)BadRoryBahamutBazarCall (BazzarCall,
BazaCall)Beijing Group (SNEAKY PANDA, Elderwood, Elderwood Gang, SIG22,
G0066)BelialDemon (Matanbuchus)BiBiGunBlackOasis (G0063)BlackTech (CIRCUIT
PANDA, Temp.Overboard, HUAPI, Palmerworm, G0098, T-APT-03, Manga Taurus, Red
Djinn)BlackatomBlackgear (Topgear, Comnie,
BLACKGEAR)BlacktailBlackwoodBladeHawkBlue Termite (Cloudy Omega, Emdivi)Blue
Tsunami (Black Cube)BlueBottleBohrium (Smoke Sandstorm, BOHRIUM)Boulder
BearBudminer (Budminer cyberespionage group)BuhTrapCHRYSENE (OilRig, Greenbug,
Hazel Sandstorm, EUROPIUM, Cobalt Gypsy, APT34)CIRCUS SPIDERCL-STA-0043CLOCKWORK
SPIDERCOBALT JUNO (APT-C-38 (QiAnXin), SABER LION, TG-2884 (SCWX CTU))COBALT
KATANA (Hive0081 (IBM), SectorD01 (NHSC), xHunt campaign (Palo Alto), Hunter
Serpens)CadelleCaliente Bandits (TA2721)Callisto (COLDRIVER, SEABORGIUM, TA446,
GOSSAMER BEAR, BlueCharlie, Star Blizzard, Reuse Team)Calypso (BRONZE
MEDLEY)Camaro DragonCaracal Kitten (APT-Q-58)Caramel Tsunami (SOURGUM,
Candiru)CarderbeeCardinalLizardCareto (The Mask, Mask, Ugly Face)Carmine Tsunami
(DEV-0196, QuaDream)ChamelgangCharming Kitten (Newscaster, Parastoo, iKittens,
Group 83, NewsBeef, G0058, CharmingCypress, Mint Sandstorm, PHOSPHORUS,
APT35)ChernoviteCleaver (Operation Cleaver, Op Cleaver, Tarh Andishan, Alibaba,
TG-2889, Cobalt Gypsy, G0003, Hazel Sandstorm, EUROPIUM, APT34, OilRig)Clever
Kitten (Group 41)Cobalt (Cobalt Group, Cobalt Gang, GOLD KINGSWOOD, COBALT
SPIDER, G0080, Mule Libra)Cold River (Nahr Elbard, Nahr el bared)Common Raven
(OPERA1ER, NXSMS, DESKTOP-GROUP)ConfuciousCopy-PasteCopyKittens (Slayer Kitten,
G0052)Corsair Jackal (TunisianCyberArmy)Cosmic LynxCostaRictoCotton Sandstorm
(Emennet Pasargad, Holy Souls, MARNANBRIDGE, NEPTUNIUM)Cuboid Sandstorm
(DEV-0228)Curious Gorge (UNC3742)Cutting Kitten (ITsecTeam)Cyber Av3ngersCyber
BerkutCyber Caliphate Army (Islamic State Hacking Division, CCA, United Cyber
Caliphate, UUC, CyberCaliphate)Cyber PartisansCyber ToufanCyber fighters of Izz
Ad-Din Al Qassam (Fraternal Jackal)Cyber.Anarchy.Squad (Cyber Anarchy
Squad)DAGGER PANDA (IceFog, Trident, RedFoxtrot, Red Wendigo, PLA Unit
69010)DEV-0147DEV-0270 (Nemesis Kitten, Storm-0270)DEV-0569 (Storm-0569)DEV-0586
(Ruinous Ursa, Cadet Blizzard)DEV-0928DEV-0950 (Lace Tempest)DEV-1028DEXTOROUS
SPIDERDIZZY PANDA (LadyBoyle)DNSpionage (COBALT EDGEWATER)DOPPEL SPIDER (GOLD
HERON)DUNGEON SPIDERDaixin TeamDalbitDancing SalomeDangerousSavannaDantiDark
BasinDark Caracal (G0070)DarkCasinoDarkHotel (DUBNIUM, Fallout Team, Karba,
Luder, Nemim, Nemin, Tapaoux, Pioneer, Shadow Crane, APT-C-06, SIG25, TUNGSTEN
BRIDGE, T-APT-02, G0012, ATK52, Zigzag Hail, Dark Hotel)DarkHydrus (LazyMeerkat,
G0079, Obscure Serpens)DarkVishnyaDeadeye Jackal (SyrianElectronicArmy,
SEA)DefrayX (Hive0091)Denim Tsunami (KNOTWEED, DSIRF)Desorden
GroupDiceyFDomestic Kitten (Bouncing Golf, APT-C-50)DragonForceDragonOK (Moafee,
BRONZE OVERBROOK, G0017, G0002, Shallow Taurus)DragonSparkDriftingCloudDust
Storm (G0031)DustSquad (Nomadic Octopus)ELECTRIC PANDAELOQUENT PANDAENERGETIC
BEAR (BERSERK BEAR, ALLANITE, CASTLE, DYMALLOY, TG-4192, Dragonfly, Crouching
Yeti, Group 24, Havex, Koala Team, IRON LIBERTY, G0035, ATK6, ITG15, BROMINE,
Blue Kraken, Ghost Blizzard)EXOTIC LILY (DEV-0413)Earth Berberoka
(GamblingPuppet)Earth EstriesEarth Kapre (RedCurl, Red Wolf)Earth KitsuneEarth
KrahangEarth Longzhi (SnakeCharmer)Earth Lusca (CHROMIUM, ControlX, TAG-22,
FISHMONGER, BRONZE UNIVERSITY, AQUATIC PANDA, Red Dev 10, RedHotel, Charcoal
Typhoon, BountyGlad, Red Scylla)Earth WendigoEarth Yako (Operation RestyLink,
Enelink)Edalat-e AliEl Machete (Machete, machete-apt, APT-C-43, G0095)Equation
Group (Tilded Team, EQGRP, G0020)Evasive Panda (BRONZE HIGHLAND)Evil Corp (GOLD
DRAKE)EvilPostEvilTraffic (Operation EvilTraffic)Evilnum (DeathStalker, TA4563,
EvilNum, Jointworm, KNOCKOUT SPIDER)FASTCashFIN1FIN10 (G0051)FIN11
(TEMP.Warlock, UNC902, Lace Tempest, DEV-0950, TA505)FIN13 (TG2003, Elephant
Beetle)FIN5 (G0053)FIN6 (SKELETON SPIDER, ITG08, MageCart Group 6, White Giant,
GOLD FRANKLIN, ATK88, G0037, Camouflage Tempest, TAAL)FIN7 (CARBON SPIDER, GOLD
NIAGARA, Calcium, ATK32, G0046, G0008, Coreid, Carbanak, Sangria Tempest,
ELBRUS, Carbon Spider)FIN8 (ATK113, G0061)FOXY PANDAFerocious KittenFishing
Elephant (Outrider Tiger)Flash KittenFlax Typhoon (Ethereal Panda,
Storm-0919)Flying Kitten (SaffronRose, Saffron Rose, AjaxSecurityTeam, Ajax
Security Team, Group 26, Sayad)Fox Kitten (PIONEER KITTEN, PARISITE, UNC757,
Lemon Sandstorm, RUBIDIUM, PioneerKitten)FusionCoreFxmspGALLIUM (Red Dev 4,
Alloy Taurus, Granite Typhoon, Operation Soft Cell)GC01 (Golden Chickens, Golden
Chickens01, Golden Chickens 01)GC02 (Golden Chickens, Golden Chickens02, Golden
Chickens 02)GCMAN (G0036)GIBBERISH PANDAGOBLIN PANDA (Conimes, Cycldek)GOLD
BURLAP (CYBORG SPIDER)GOLD CABIN (Shakthak, TA551, ATK236, G0127, Monster
Libra)GOLD DUPONT (SPRITE SPIDER)GOLD EVERGREENGOLD FAIRFAXGOLD FLANDERSGOLD
GALLEONGOLD GARDENGOLD MANSARDGOLD NORTHFIELDGOLD PRELUDE (TA569, UNC1543)GOLD
RIVERVIEWGOLD SKYLINEGOLD SOUTHFIELDGOLD SYMPHONYGOLD WATERFALLGOLD
WINTERGREFGRIM SPIDER (GOLD ULRICK)GURU SPIDERGallmakerGamaredon Group
(ACTINIUM, DEV-0157, Blue Otso, BlueAlpha, G0047, IRON TILDEN, PRIMITIVE BEAR,
Shuckworm, Trident Ursa, UAC-0010, Winterflounder, Aqua Blizzard, Actinium,
UNC530, Gamaredon)GambleForceGelsemium (狼毒草)Ghost JackalGhostEmperorGhostNet
(Snooping Dragon)GhostSec (Ghost Security)Ghostwriter (UNC1151, TA445, PUSHCHA,
Storm-0257, DEV-0257)GnosticplayersGoldFactoryGoldenJackalGozNymGray Sandstorm
(DEV-0343)GraylingGreenbugGreyEnergyGroundbaitGroup5 (G0043)GuacamayaHAFNIUM
(ATK233, G0125, Operation Exchange Marauder, Red Dev 13, Silk Typhoon)HAZY TIGER
(Bitter, T-APT-17, APT-C-08, Orange Yali)HOUND SPIDERHURRICANE PANDAHacking
TeamHagga (Aggah, TH-157)HellsingHenBoxHezb (Mimo)HiddenArtHigaisaHomeLand
JusticeHoneybee (G0072)HookAdsHummingBadIMPERSONATING PANDAINDRIK SPIDER
(Manatee Tempest, DEV-0243, EvilCorp, UNC2165)IRIDIUM (Seashell Blizzard,
Sandworm)Inception Framework (Clean Ursa, Cloud Atlas, OXYGEN, G0100, ATK116,
Blue Odin)IndigoZebraInfy (Operation Mermaid, Prince of Persia,
Foudre)InvisiMoleIron Group (Iron Cyber Group)IronHuskyItaDuke (DarkUniverse,
SIG27)KAX17Karakurt (Karakurt Lair)Karkadann
(Piwiks)KasablankaKeksecKelvinSecurityKillnetKimsuky (Velvet Chollima, Black
Banshee, Thallium, Operation Stolen Pencil, G0086, APT43, Emerald Sleet,
THALLIUM)Kinsing (Money Libra)Kiss-a-DogKromSecLAPSUS (LAPSUS$, DEV-0537, SLIPPY
SPIDER, Strawberry Tempest)LOTUS PANDA (Spring Dragon, ST Group, DRAGONFISH,
BRONZE ELGIN, ATK1, G0030, Red Salamander, Lotus BLossom)LUNAR SPIDER (GOLD
SWATHMORE)LYCEUM (COBALT LYCEUM, HEXANE, UNC1530, Spirlin, MYSTICDOME,
siamesekitten, Chrono Kitten, Storm-0133)LabHostLanceflyLazarus Group (Operation
DarkSeoul, Dark Seoul, Hidden Cobra, Hastati Group, Andariel, Unit 121, Bureau
121, NewRomanic Cyber Army Team, Bluenoroff, Subgroup: Bluenoroff, Group 77,
Labyrinth Chollima, Operation Troy, Operation GhostSecret, Operation AppleJeus,
APT38, APT 38, Stardust Chollima, Whois Hacking Team, Zinc, Appleworm, Nickel
Academy, APT-C-26, NICKEL GLADSTONE, COVELLITE, ATK3, G0032, ATK117, G0082,
Citrine Sleet, DEV-0139, DEV-1222, Diamond Sleet, ZINC, Sapphire Sleet,
COPERNICIUM, TA404, Lazarus group, BeagleBoyz, Lazarus, Genie Spider)Libyan
ScorpionsLightBasin (UNC1945, CL-CRI-0025)Lilac Typhoon
(DEV-0234)LofyGangLonghorn (Lamberts, the Lamberts, APT-C-39, PLATINUM
TERMINAL)Lucky Cat (TA413, White Dev 9)MAGNETIC SPIDERMALLARD SPIDER (GOLD
LAGOON)MIMIC SPIDERMONTY SPIDERMUMMY SPIDER (TA542, GOLD CRESTWOOD)MUSTANG PANDA
(BRONZE PRESIDENT, HoneyMyte, Red Lich, TEMP.HEX, BASIN, Earth Preta, TA416,
Stately Taurus, LuminousMoth, Polaris, TANTALUM, Twill Typhoon)MadiMageCartMagic
Kitten (Group 42, VOYEUR)MalKamakMalteiroMana TeamMetadorMirage
TigerMirrorFaceModifiedElephantMofang (Superman, BRONZE
WALKER)MogilevichMolerats (Gaza Hackers Team, Gaza cybergang, Gaza Cybergang,
Operation Molerats, Extreme Jackal, Moonlight, ALUMINUM SARATOGA, G0021,
BLACKSTEM)MoneyTakerMosesStaff (Moses Staff, Marigold Sandstorm, DEV-0500)Moshen
DragonMoskalvzapoe (MAN1, TA511)MoustachedBouncerMuddyWater (TEMP.Zagros, Static
Kitten, Seedworm, MERCURY, COBALT ULSTER, G0069, ATK51, Boggy Serpens, Mango
Sandstorm, TA450, Earth Vetala)MurenShark (Actor210426)Mustard Tempest
(DEV-0206, Purple Vallhund)N4ughtysecTUNARWHAL SPIDER (GOLD ESSEX, TA544)NB65
(Network Battalion 65)NEODYMIUM (G0055)NOCTURNAL SPIDERNOMAD PANDANOTROBINNaikon
(PLA Unit 78020, OVERRIDE PANDA, Camerashy, BRONZE GENEVA, G0019, Naikon, BRONZE
STERLING, G0013)Nazar (SIG37)NewsPenguinNexus ZetaNight Dragon (G0014)Nitro
(Covert Grove)NoName057(16) (NoName057, NoName05716, 05716nnm, Nnm05716)OUTLAW
SPIDEROVERLORD SPIDEROilAlphaOilRig (Twisted Kitten, Cobalt Gypsy, Crambus,
Helix Kitten, APT 34, APT34, IRN2, ATK40, G0049, Evasive Serpens, Hazel
Sandstorm, EUROPIUM, TA452)OldGremlinOnionDogOpal Sleet (OSMIUM, Konni)Operation
BugDropOperation C-Major (C-Major, Transparent Tribe, Mythic Leopard, ProjectM,
APT36, APT 36, TMP.Lapis, Green Havildar, COPPER FIELDSTONE, Earth
Karkaddan)Operation ComandoOperation Emmental (Retefe Gang, Retefe
Group)Operation GhoulOperation Kabar CobraOperation ParliamentOperation Poison
NeedlesOperation Red SignatureOperation Shadow ForceOperation
ShadowHammerOperation SharpshooterOperation Soft Cell (GALLIUM)Operation
TriangulationOperation WizardOpiumOperation WocaoOrangewormOurMinePALE
PANDAPARINACOTA (Wine Tempest, Wadhrama)PINCHY SPIDERPIZZO SPIDER (DD4BC,
Ambiorx)PLATINUM (TwoForOne, G0068, ATK33)POISON CARP (Evil Eye, Red Dev 16,
Earth Empusa)POISONUS PANDAPOLONIUM (Plaid Rain, UNC4453, GREATRIFT)PREDATOR
PANDAPROMETHIUM (StrongPity, G0056)Pacha GroupPackratPassCVPearl Sleet
(DEV-0215, LAWRENCIUM)PerSwaysionPhantomControlPhlox Tempest (DEV-0796)Pickaxe
(Prying Libra)Pink Sandstorm (AMERICIUM, BlackShadow, DEV-0022, Agrius,
Agonizing Serpens)Poseidon Group (G0033)PowerPool (IAmTheKing)Predatory Sparrow
(Indra, Gonjeshke Darande)ProCCProjectSauron (Strider, Sauron, Project Sauron,
G0041)Prolific PumaProphet Spider (GOLD MELODY, UNC961)QUILTED TIGER
(Chinastrats, Patchwork, Monsoon, Sarit, Dropping Elephant, APT-C-09, ZINC
EMERSON, ATK11, G0040, Orange Athos, Thirsty Gemini)R00tK1TRADIO PANDA (Shrouded
Crossbow)RANCOR (Rancor group, Rancor, Rancor Group, G0075, Rancor
Taurus)RASPITE (LeafMiner, Raspite)RATPAK SPIDERRAZOR TIGER (SideWinder,
Rattlesnake, APT-C-17, T-APT-04)REF2924REF5961RIDDLE SPIDERRTM
(G0048)RansomHouseRansomVC (Ransomed.vc)Raspberry Typhoon (RADIUM)Rebel Jackal
(FallagaTeam)Red CharonRed Dev 17Red Menshen (Red Dev 18)Red Nue
(LuoYu)Red-LiliRedAlpha (DeepCliff, Red Dev 3)RedDeltaRedEchoRedGolfRedStinger
(Bad Magic)RedflyResumeLootersReturned Libra (8220 Mining
Group)RevengeHotelsRoaming Mantis (Roaming Mantis Group)Roaming Tiger (BRONZE
WOODLAND, Rotten Tomato)Rocke (Aged Libra)Rocket Kitten (TEMP.Beanie, Operation
Woolen Goldfish, Operation Woolen-Goldfish, Thamar Reservoir, Timberworm)RomCom
(Storm-0978)Ruby Sleet (CERIUM)SABRE PANDASALTY SPIDERSAMURAI PANDA (PLA Navy,
Wisp Team)SCARLETEELSCULLY SPIDERSHARK SPIDERSINGING SPIDERSLIME29SMOKY
SPIDERSNOWGLOBE (Animal Farm, Snowglobe, ATK8)SOLAR SPIDERSPICY
PANDASPIKEDWINESTARDUST CHOLLIMASWEEDSaad TycoonSaintBear (UNC2589, TA471,
UAC-0056, Nascent Ursa, Nodaria, FROZENVISTA, Storm-0587, DEV-0587, Saint
Bear)SandCatSandman APTSands CasinoSandworm (Quedagh, VOODOO BEAR, TEMP.Noble,
IRON VIKING, G0034, ELECTRUM, TeleBots, IRIDIUM, Blue Echidna, FROZENBARENTS,
UAC-0113, Seashell Blizzard, UAC-0082)Sath-ı MüdafaaScamClubScarabScarlet Mimic
(G0029, Golfing Taurus)Scarred ManticoreScattered CanaryScattered Spider
(UNC3944, Muddled Libra, Oktapus, Scattered Swine, Scatter Swine, Octo Tempest,
0ktapus, Storm-0971, DEV-0971)Sea Turtle (COSMIC WOLF, Marbled Dust, SILICON,
Teal Kurma, UNC1326)Shadow
NetworkShadowSyndicateShaggyPantherSharpPandaShinyHuntersShroudedSnooperSideCopySiegedSecSiestaSilence
group (Silence, WHISPER SPIDER)Silent Chollima (OperationTroy, Guardian of
Peace, GOP, WHOis Team, Andariel, Subgroup: Andariel, Onyx Sleet,
PLUTONIUM)Silent Librarian (COBALT DICKENS, Mabna Institute, TA407, TA4900,
Yellow
Nabu)SilitNetworkSilverFishSilverTerrierSimaSingularityMDSlingshotSmugXSnake
WineSolntsepekSowbug (G0054)SparklingGoblinStealth Falcon (FruityArmor,
G0038)Storm CloudStorm-0062 (Oro0lxy, DarkShadow)Storm-0324 (DEV-0324, Sagrid,
TA543)Storm-0381 (DEV-0381)Storm-0530 (DEV-0530,
H0lyGh0st)Storm-0539Storm-0558Storm-0829 (DEV-0829, Nwgen
Team)Storm-0835Storm-0867 (DEV-0867)Storm-1044 (DEV-1044)Storm-1084
(DEV-1084)Storm-1099Storm-1101
(DEV-1101)Storm-1113Storm-1133Storm-1152Storm-1167
(DEV-1167)Storm-1283Storm-1286Storm-1295 (DEV-1295)Storm-1567
(Akira)Storm-1575Storm-1674Sunglow Blizzard (DEV-0665)TA2101 (Maze Team, TWISTED
SPIDER, GOLD VILLAGE, Storm-0216, DEV-0216, Twisted
Spider)TA2536TA2541TA2552TA2719TA2722 (Balikbayan
Foxes)TA2725TA402TA406TA410TA428 (Colourful Panda, BRONZE DUDLEY)TA444TA453TA459
(G0062)TA482TA499 (Vovan, Lexus)TA505 (SectorJ04, SectorJ04 Group, GRACEFUL
SPIDER, GOLD TAHOE, Dudear, G0092, ATK103, Hive0065, CHIMBORAZO, Spandex
Tempest, Lace Tempest, DEV-0950, FIN11)TA516TA530TA547TA554
(TH-163)TA555TA558TA570 (DEV-0450)TA575TA577
(Hive0118)TA578TA579TA800TA866TAG-28TAG-53TAG-56TEMP.HermitTEMP.Veles (Xenotime,
G0088, ATK91)TEMPER PANDA (Admin338, Team338, MAGNESIUM, admin@338,
G0018)TEMP_HereticTERBIUMTEST PANDATINY SPIDERTOXIC PANDATRACER KITTENTRAVELING
SPIDERTaidoor (G0015, Earth Aughisky)Team-XecuterTeamSpy Crew (TeamSpy, Team
Bear, Anger Bear, IRON LYRIC)TeamTNT (Adept Libra)TeamXRat (CorporacaoXRat,
CorporationXRat)TempTickTetrisPhantomThe Big BangThe Gorgon Group (Gorgon Group,
Subaat, ATK92, G0078, Pasty Gemini)The Shadow Brokers (The ShadowBrokers, TSB,
Shadow Brokers, ShadowBrokers)TheDarkOverlordThreatsecThrip (G0076,
ATK78)TianWuTick (Nian, BRONZE BUTLER, REDBALDKNIGHT, STALKER PANDA, G0060,
Stalker Taurus, PLA Unit 61419)TiltedTemple (DEV-0322, Circle Typhoon)ToddyCat
(Websiic)TomirisTonto Team (CactusPete, KARMA PANDA, BRONZE HUNTLEY, COPPER, Red
Beifang, G0131, PLA Unit 65017, Earth Akhlut, TAG-74)Tortoiseshell (IMPERIAL
KITTEN, Yellow Liderc, Imperial Kitten, TA456, DUSTYCAVE, Crimson
Sandstorm)TraderTraitor (Jade Sleet, UNC4899)TunnelSnakeTurkHackTeam (Turk Hack
Team)Turla (Snake, VENOMOUS Bear, Group 88, Waterbug, WRAITH, Uroburos, Pfinet,
TAG_0530, KRYPTON, Hippo Team, Pacifier APT, Popeye, SIG23, IRON HUNTER,
MAKERSMARK, ATK13, G0010, ITG12, Blue Python, SUMMIT, UNC4210, Secret Blizzard,
UAC-0144, UAC-0024, UAC-0003)TwoSail Junk (Operation Poisoned
News)UAC-0006UAC-0050UAC-0094UAC-0099UAC-0118 (FRwL,
FromRussiaWithLove)UAC-0184UNC1549UNC1878UNC215UNC2447UNC2452 (DarkHalo,
StellarParticle, NOBELIUM, Solar Phoenix, Midnight Blizzard, APT29, Cozy
Bear)UNC2565
(Hive0127)UNC2630UNC2659UNC2717UNC3524UNC3886UNC3890UNC4191UNC4736UNC4841UNC4990UNC5174
(Uteus)UNC5325UNION PANDAUNION SPIDERUTA0178 (UNC5221, Red Dev 61)Unit 8200
(Duqu Group)Unnamed ActorUrpageUserSecVENOM SPIDER (badbullzvenom,
badbullz)VICEROY TIGER (OPERATION HANGOVER, Donot Team, APT-C-35, SectorE02,
Orange Kala)VIKING SPIDERVanilla Tempest (DEV-0832, Vice Society)Velvet Tempest
(DEV-0504)ViceLeakerVicious Panda (SixLittleMonkeys)Viking Jackal
(Vikingdom)Void BalaurVoid Rabisu (Tropical Scorpius)Volatile Cedar (Lebanese
Cedar, DeftTorero)Volt Typhoon (BRONZE SILHOUETTE, VANGUARD PANDA)VulzSecTeam
(VulzSec)WET PANDA (Red Chimera)WIP19WIRTEWIZARD SPIDER (TEMP.MixMaster, GOLD
BLACKBURN, FIN12, Periwinkle Tempest, DEV-0193, Storm-0193, Trickbot LLC,
UNC2053, Pistachio Tempest, DEV-0237)WOLF SPIDER (FIN4, G0085)Watchdog (Thief
Libra)Water CurupiraWater LabbuWeRedEvilsWebworm (Space Pirates)WeedSecWhite
Bear (Skipper Turla)WhiteflyWildCardWildNeutron (Butterfly, Morpho, Sphinx
Moth)WildPressureWindShift (Windy Phoenix)Winter Vivern (UAC-0114, TA473,
TAG-70, TA-473)Witchetty (LookingFrog)WorokXDSpyXakNet (UAC-0100,
UAC-0106)XcatzeXiaoqiying (Genesis Day, Teng Snake)Yanbian GangYoroTrooper
(Salted Earth, Sturgeon Fisher)ZOMBIE SPIDERZarya (UAC-0109)ZooPark[Unnamed
group][Vault 7/8]luoxk
Which actor do you think should be removed?Please select an actor
Explanation / ReferenceWhy do you think this change is advisable? Feel free to
include references.
Your suggestion will be reviewed before being published.
Thank you for contributing!
CancelSubmit
PROPOSE CHANGE OF LIBRARY ENTRY
×
URL
Title
Authors
Language
Date Please use YYYY-MM-DD, YYYY-MM, or YYYY.
Organization (optional)
Referenced families (optional)
Comment Add additional information to explain your proposal.
Your suggestion will be reviewed before being published.
Thank you for contributing!
CancelSubmit
Impressum Datenschutzerklärung
Select families...