<!DOCTYPE html> <html lang="en-US"> <head> <meta charset="UTF-8" /> <meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <script type="text/javascript"> /* <![CDATA[ */ var gform;gform||(document.addEventListener("gform_main_scripts_loaded",function(){gform.scriptsLoaded=!0}),window.addEventListener("DOMContentLoaded",function(){gform.domLoaded=!0}),gform={domLoaded:!1,scriptsLoaded:!1,initializeOnLoaded:function(o){gform.domLoaded&&gform.scriptsLoaded?o():!gform.domLoaded&&gform.scriptsLoaded?window.addEventListener("DOMContentLoaded",o):document.addEventListener("gform_main_scripts_loaded",o)},hooks:{action:{},filter:{}},addAction:function(o,n,r,t){gform.addHook("action",o,n,r,t)},addFilter:function(o,n,r,t){gform.addHook("filter",o,n,r,t)},doAction:function(o){gform.doHook("action",o,arguments)},applyFilters:function(o){return gform.doHook("filter",o,arguments)},removeAction:function(o,n){gform.removeHook("action",o,n)},removeFilter:function(o,n,r){gform.removeHook("filter",o,n,r)},addHook:function(o,n,r,t,i){null==gform.hooks[o][n]&&(gform.hooks[o][n]=[]);var e=gform.hooks[o][n];null==i&&(i=n+"_"+e.length),gform.hooks[o][n].push({tag:i,callable:r,priority:t=null==t?10:t})},doHook:function(n,o,r){var t;if(r=Array.prototype.slice.call(r,1),null!=gform.hooks[n][o]&&((o=gform.hooks[n][o]).sort(function(o,n){return o.priority-n.priority}),o.forEach(function(o){"function"!=typeof(t=o.callable)&&(t=window[t]),"action"==n?t.apply(null,r):r[0]=t.apply(null,r)})),"filter"==n)return r[0]},removeHook:function(o,n,t,i){var r;null!=gform.hooks[o][n]&&(r=(r=gform.hooks[o][n]).filter(function(o,n,r){return!!(null!=i&&i!=o.tag||null!=t&&t!=o.priority)}),gform.hooks[o][n]=r)}}); /* ]]> */ </script> <link rel="profile" href="http://gmpg.org/xfn/11" /> <link rel="pingback" href="https://securelist.com/xmlrpc.php" /> <link rel="apple-touch-icon" sizes="192x192" href="https://securelist.com/wp-content/themes/securelist2020/assets/images/favicons/favicon-192x192.png"> <link rel="icon" type="image/png" sizes="192x192" href="https://securelist.com/wp-content/themes/securelist2020/assets/images/favicons/favicon-192x192.png"> <link rel="icon" type="image/png" sizes="96x96" href="https://securelist.com/wp-content/themes/securelist2020/assets/images/favicons/favicon-96x96.png"> <link rel="icon" type="image/png" sizes="48x48" href="https://securelist.com/wp-content/themes/securelist2020/assets/images/favicons/favicon-48x48.png"> <link rel="icon" type="image/png" sizes="32x32" href="https://securelist.com/wp-content/themes/securelist2020/assets/images/favicons/favicon-32x32.png"> <link rel="icon" type="image/png" sizes="16x16" href="https://securelist.com/wp-content/themes/securelist2020/assets/images/favicons/favicon-16x16.png"> <link rel="manifest" href="https://securelist.com/wp-content/themes/securelist2020/assets/images/favicons/site.webmanifest"> <title>Transparent Tribe: Evolution analysis, part 2 | Securelist</title> <!-- The SEO Framework by Sybre Waaijer --> <meta name="keywords" content="APT,Google Android,Malware Descriptions,Malware Technologies,Microsoft Office,RAT Trojan,Targeted Attacks" /> <link rel="canonical" href="https://securelist.com/transparent-tribe-part-2/98233/" /> <meta name="description" content="In the second article, we describe a new Android implant used by Transparent Tribe for spying on mobile devices and present new evidence confirms a link between&#8230;" /> <meta property="og:type" content="article" /> <meta property="og:title" content="Transparent Tribe: Evolution analysis, part 2 | Securelist" /> <meta property="og:description" content="In the second article, we describe a new Android implant used by Transparent Tribe for spying on mobile devices and present new evidence confirms a link between ObliqueRAT and Transparent Tribe." /> <meta property="og:url" content="https://securelist.com/transparent-tribe-part-2/98233/" /> <meta property="og:image" content="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/11/11130332/securelist_abs_5.jpg" /> <meta property="og:image:width" content="1200" /> <meta property="og:image:height" content="800" /> <meta name="twitter:card" content="summary_large_image" /> <meta name="twitter:site" content="@Securelist" /> <meta name="twitter:creator" content="@Securelist" /> <meta name="twitter:title" content="Transparent Tribe: Evolution analysis, part 2 | Securelist" /> <meta name="twitter:description" content="In the second article, we describe a new Android implant used by Transparent Tribe for spying on mobile devices and present new evidence confirms a link between ObliqueRAT and Transparent Tribe." /> <meta name="twitter:image" content="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/11/11130332/securelist_abs_5.jpg" /> <script type="application/ld+json">{"@context":"https://schema.org","@type":"NewsArticle","mainEntityOfPage":{"@type":"WebPage","@id":"https://securelist.com/transparent-tribe-part-2/98233/"},"headline":"Transparent Tribe: Evolution analysis, part 2","image":{"@type":"ImageObject","url":"https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/11/11130332/securelist_abs_5.jpg","width":1200,"height":800},"datePublished":"2020-08-26T10:00:44+00:00","dateModified":"2020-09-24T13:54:57+00:00","author":{"@type":"Person","name":"Giampaolo Dedola","url":"https://securelist.com/author/giampaolodedola/"},"publisher":{"@type":"Organization","name":"Kaspersky","logo":{"@type":"ImageObject","url":"https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/06/04065705/article-logo-small_new.png","width":60,"height":60}},"description":"In the second article, we describe a new Android implant used by Transparent Tribe for spying on mobile devices and present new evidence confirms a link between\u0026#8230;"}</script> <!-- / The SEO Framework by Sybre Waaijer | 16.87ms meta | 0.16ms boot --> <link rel='dns-prefetch' href='//kasperskycontenthub.com' /> <link rel='dns-prefetch' href='//securelist.com' /> <link rel='dns-prefetch' href='//www.google.com' /> <link rel='dns-prefetch' href='//media.kaspersky.com' /> <link rel="alternate" type="application/rss+xml" title="Securelist - English - Global - securelist.com &raquo; Feed" href="https://securelist.com/feed/" /> <link rel="alternate" type="application/rss+xml" title="Securelist - English - Global - securelist.com &raquo; Comments Feed" href="https://securelist.com/comments/feed/" /> <link rel="alternate" type="application/rss+xml" title="Securelist - English - Global - securelist.com &raquo; Transparent Tribe: Evolution analysis, part 2 Comments Feed" href="https://securelist.com/transparent-tribe-part-2/98233/feed/" /> <link rel='stylesheet' id='crayon-group-css' href='//assets.kasperskycontenthub.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/crayon-syntax-highlighter/css/min/crayon.min.css,wp-includes/css/dist/block-library/style.min.css,wp-content/plugins/jquery-collapse-o-matic/css/core_style.css,wp-content/plugins/jquery-collapse-o-matic/css/light_style.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/themes/securelist2020/assets/css/main.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css' type='text/css' media='all' /> <link rel='stylesheet' id='taxonomy-image-plugin-public-group-css' href='//assets.kasperskycontenthub.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/taxonomy-images/css/style.css' type='text/css' media='screen' /> <script type="text/javascript" src="https://securelist.com/wp-content/plugins/kaspersky-enable-jquery-migrate-helper/js/jquery/jquery-1.12.4-wp.js?ver=1.12.4-wp" id="jquery-core-js"></script> <script type="text/javascript" id="kaspersky-sso-integration-js-extra"> /* <![CDATA[ */ var kasperskySSOIntegrationData = {"authorizationURL":"https:\/\/auth.ca.uis.kaspersky.com\/connect\/authorize?client_id=securelist&client_name=Securelist&redirect_uri=https%3A%2F%2Fsecurelist.com%2Fkaspersky-sso%2Flogin%2F&response_type=code&scope=openid email profile offline_access","endSessionURL":"https:\/\/auth.ca.uis.kaspersky.com\/connect\/endsession?id_token_hint=eyJhbGciOiJSUzI1NiIsImtpZCI6IkNCNzFGQTExMjc4MzgyMzQ3OTAxNzlENkJGMkVBNkFCRkZGOEQ5OUYiLCJ4NXQiOiJ5M0g2RVNlRGdqUjVBWG5Xdnk2bXFfXzQyWjgiLCJ0eXAiOiJKV1QifQ.eyJhdF9oYXNoIjoiZDZVNFRvSi1MamJMdVlpR3VRNHFOQSIsInNpZCI6ImNrblhXczF5UFotYVVmRmJWQUZzN0EiLCJzdWIiOiIwMmU0MWE1My03MmY1LTQyNmYtYTUxNS1hMzFjZjc3NjZjODEiLCJhdXRoX3RpbWUiOiIxNzMyNTIyNjE2IiwiaWRwIjoiS2FzcGVyc2t5SWQiLCJrYXNwZXJza3kuc3ViX3ZlcnNpb24iOiIxIiwia2FzcGVyc2t5LnN1c3BpY2lvdXNfYXV0aGVudGljYXRpb24iOiJmYWxzZSIsIm5iZiI6MTczMjUyMjYxOSwiZXhwIjoxNzMyNjA5MDE5LCJpYXQiOjE3MzI1MjI2MTksImlzcyI6Imh0dHBzOi8vYXV0aC5jYS51aXMua2FzcGVyc2t5LmNvbSIsImF1ZCI6InNlY3VyZWxpc3QifQ.OguUvee3qrjOD6Dd5MSQFF3NfOlluXFgG5RYs3v287UUNcgvJChXtDsi0F5YA_VdzXCHz4PpZ4z9nQmK7YLleUEAFDYa1fPkE2gzooA3B8GPp66rVQBr8OFh5HpLkVOhFPk1QFGYe6igJ_7SS5CeVLci8QL6W4G6WdihuSNv9A8xhq0w5zzDT17cVJZvp_eFxoV7LYc5rHgx6MKw--NbK45pH0868zh1C_nivtFsWDGy61pk3DMBiyApBtjNAYMa409CDPKQHm6LknLVeMdedGDE64jbAXb0lD94TcHQzaSiO4QP0Vm6OWOKk1bXR21onCMoD5XrqJAaRtPtu-Yb0A&post_logout_redirect_uri=https:\/\/securelist.com\/kaspersky-sso\/logout\/"}; /* ]]> */ </script> <script type="text/javascript" id="kss_js-js-extra"> /* <![CDATA[ */ var kss = {"twitter_account":"Securelist"}; /* ]]> */ </script> <script type='text/javascript' src='//assets.kasperskycontenthub.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/kaspersky-lazy-load/assets/js/lazyload.js,wp-content/plugins/kaspersky-sso-integration/assets/js/main.js,wp-content/plugins/kspr_twitter_pullquote/js/kaspersky-twitter-pullquote.js,wp-content/plugins/kaspersky-social-sharing/assets/js/social-share.js'></script> <link rel="alternate" hreflang="x-default" href="https://securelist.com/transparent-tribe-part-2/98233/" /> <script> window.dataLayer = window.dataLayer || []; window.dataLayer.push({ 'Author' : 'Giampaolo Dedola', 'PostId' : '98233', 'PublicationDate' : '2020-08-26', 'Categories': 'APT reports', 'Tags': 'APT, Google Android, Malware Descriptions, Malware Technologies, Microsoft Office, RAT Trojan, Targeted attacks', }); </script> <!-- Google Tag Manager --> <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-5CGZ3HG');</script> <!-- End Google Tag Manager --> <!-- Google Tag Manager --> <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-WZ7LJ3');</script> <!-- End Google Tag Manager --> <link rel="https://api.w.org/" href="https://securelist.com/wp-json/" /><link rel="alternate" type="application/json" href="https://securelist.com/wp-json/wp/v2/posts/98233" /><link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://securelist.com/xmlrpc.php?rsd" /> <link rel="alternate" type="application/json+oembed" href="https://securelist.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fsecurelist.com%2Ftransparent-tribe-part-2%2F98233%2F" /> <link rel="alternate" type="text/xml+oembed" href="https://securelist.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fsecurelist.com%2Ftransparent-tribe-part-2%2F98233%2F&#038;format=xml" /> <script type="text/javascript"> var sNew = document.createElement("script"); sNew.async = true; sNew.src = "https://kasperskycontenthub.com/?dm=ed1f9e435dc885292eab65620c51f3fb&action=load&blogid=43&siteid=1&t=2082536570&back=https%3A%2F%2Fsecurelist.com%2Ftransparent-tribe-part-2%2F98233%2F" var s0 = document.getElementsByTagName('script')[0]; s0.parentNode.insertBefore(sNew, s0); </script> <script type="text/javascript"> document.write(unescape("%3Cscript src='//munchkin.marketo.net/munchkin.js' type='text/javascript'%3E%3C/script%3E")); </script> <script>Munchkin.init('802-IJN-240');</script> <meta name="google-site-verification" content="o48MojucKcP-DT5iCMR8AsvkVWP14fE78flHCqqjo50" /> <script type="text/javascript"> var jQueryMigrateHelperHasSentDowngrade = false; window.onerror = function( msg, url, line, col, error ) { // Break out early, do not processing if a downgrade reqeust was already sent. if ( jQueryMigrateHelperHasSentDowngrade ) { return true; } var xhr = new XMLHttpRequest(); var nonce = '4ed5b6ce96'; var jQueryFunctions = [ 'andSelf', 'browser', 'live', 'boxModel', 'support.boxModel', 'size', 'swap', 'clean', 'sub', ]; var match_pattern = /\)\.(.+?) is not a function/; var erroredFunction = msg.match( match_pattern ); // If there was no matching functions, do not try to downgrade. if ( typeof erroredFunction !== 'object' || typeof erroredFunction[1] === "undefined" || -1 === jQueryFunctions.indexOf( erroredFunction[1] ) ) { return true; } // Set that we've now attempted a downgrade request. jQueryMigrateHelperHasSentDowngrade = true; xhr.open( 'POST', 'https://securelist.com/wp-admin/admin-ajax.php' ); xhr.setRequestHeader( 'Content-Type', 'application/x-www-form-urlencoded' ); xhr.onload = function () { var response, reload = false; if ( 200 === xhr.status ) { try { response = JSON.parse( xhr.response ); reload = response.data.reload; } catch ( e ) { reload = false; } } // Automatically reload the page if a deprecation caused an automatic downgrade, ensure visitors get the best possible experience. if ( reload ) { location.reload(); } }; xhr.send( encodeURI( 'action=jquery-migrate-downgrade-version&_wpnonce=' + nonce ) ); // Suppress error alerts in older browsers return true; } </script> <div id="fb-root"></div> <script> (function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "//connect.facebook.net/en_US/all.js#xfbml=1&appId=160639043985664"; fjs.parentNode.insertBefore(js, fjs); }(document, 'script', 'facebook-jssdk')); </script> <script> (function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true; po.src = '//apis.google.com/js/platform.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })(); </script> <link rel="icon" href="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/11/06125514/cropped-sl_favicon-32x32.png" sizes="32x32" /> <link rel="icon" href="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/11/06125514/cropped-sl_favicon-192x192.png" sizes="192x192" /> <link rel="apple-touch-icon" href="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/11/06125514/cropped-sl_favicon-180x180.png" /> <meta name="msapplication-TileImage" content="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/11/06125514/cropped-sl_favicon-270x270.png" /> </head> <body class="post-template-default single single-post postid-98233 single-format-standard lang-en_US c-theme--light"> <!-- Google Tag Manager (noscript) --> <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-5CGZ3HG" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript> <!-- End Google Tag Manager (noscript) --> <!-- Google Tag Manager (noscript) --> <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-WZ7LJ3" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript> <!-- End Google Tag Manager (noscript) --> <div id="site-top" class="site-top"> <div class="container"> <nav class="site-nav" data-element-id="product-menu"> <div class="label"> <p>Solutions for:</p> </div> <ul id="menu-product-menu-daily-nxgen" class="site-selector"><li><a target="_blank" href="https://www.kaspersky.com/home-security?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_prodmen_sm-team_______d5c53f9a5bd411f7" data-element-id="product-menu-link" class="font-icons icon-home menu-item menu-item-type-custom menu-item-object-custom menu-item-87907">Home Products</a></li> <li><a title="font-icons icon-small-business" target="_blank" href="https://www.kaspersky.com/small-business-security?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_prodmen_sm-team_______d5c53f9a5bd411f7" data-element-id="product-menu-link" class="font-icons icon-small-business menu-item menu-item-type-custom menu-item-object-custom menu-item-87908">Small Business 1-50 employees</a></li> <li><a target="_blank" href="https://www.kaspersky.com/small-to-medium-business-security?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_prodmen_sm-team_______d5c53f9a5bd411f7" data-element-id="product-menu-link" class="font-icons icon-medium-business menu-item menu-item-type-custom menu-item-object-custom menu-item-87909">Medium Business 51-999 employees</a></li> <li><a target="_blank" href="https://www.kaspersky.com/enterprise-security?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_prodmen_sm-team_______d5c53f9a5bd411f7" data-element-id="product-menu-link" class="font-icons icon-enterprise menu-item menu-item-type-custom menu-item-object-custom menu-item-87910">Enterprise 1000+ employees</a></li> </ul> </nav> </div> </div> <header id="site-header" class="site-header js-sticky-mobile-header"> <div class="container"> <a href="" class="c-page-nav-toggle js-mobile-menu-toggle"> <span class="c-page-nav-toggle__icon"> <span></span> <span></span> <span></span> </span> </a> <a href="" class="menu-toggle"> <span></span> <span></span> <span></span> </a> <div class="c-site-title"> <div class="c-site-logo__group"> <a data-element-id="securelist-logo" href="https://securelist.com/" class="c-site-logo c-site-logo--basic"></a> <span class="c-site-tagline">by Kaspersky</span> </div> </div> <ul id="menu-my-kaspersky" class="menu-utility sticky-utility"><li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87905"><a href="https://companyaccount.kaspersky.com/account/login?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="companyaccount">CompanyAccount</a> <li class="sticky-item sticky-xl-only menu-item menu-item-type-custom menu-item-object-custom menu-item-87906"><a href="https://www.kaspersky.com/enterprise-security/contact?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="getintouch">Get In Touch</a> <li class="securelist-theme-switcher menu-item menu-item-type-custom menu-item-object-custom menu-item-99824"><a data-element-id="dark-mode" href="#" class="js-theme-switcher"><i class="font-icons icon-moon"></i>Dark mode<span class="u-hidden u-inline--dark"> off</span></a> <li class="dropdown"><a data-element-id="lang-selector" href="#" class="">English</a><ul class="sub-menu-regular"><li><a href="https://securelist.ru">Russian</a></li><li><a href="https://securelist.lat">Spanish</a></li></ul> </ul> <div class="c-page-search js-main-search"> <form class="c-page-search__form c-page-search__form--small js-wizardinfosys_autosearch_form" full_search_url="https://securelist.com/?s=%q%" action="https://securelist.com/" method="get"> <div class="c-form-element c-form-element--style-fill"> <div class="c-form-element__field wp_autosearch_form_wrapper"> <input name="s" class="c-form-element__text wp_autosearch_input ac_input" data-webinars="" type="text" value="" placeholder="Search..." autocomplete="off"> </div> </div> <button class="c-button c-button--icon wp_autosearch_submit"><svg class="o-icon o-svg-icon o-svg-large"><use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-search"></use></svg></button> </form> <div class="c-page-search__toggle js-main-search-toggle"><svg class="o-icon o-svg-icon o-svg-larger"><use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-search"></use></svg></div> </div> <nav class="main-nav" data-element-id="nextgen-menu"> <ul id="menu-corp-menu" class="main-menu"><li class="dropdown mega menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-87706"><a href="https://www.kaspersky.com/enterprise-security?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Solutions</a> <ul class="submenu"> <li class="first featured featured-smaller menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-87707"> <ul class="featured section-col-l-3 no-gutter"> <li class="show-figure smaller-item icon-iot-embed-security menu-item menu-item-type-custom menu-item-object-custom menu-item-87710"><figure><a href="https://www.kaspersky.com/enterprise-security/embedded-security-internet-of-things?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/enterprise-menu-icons/iot-embed-security.png"</a></figure><a href="https://www.kaspersky.com/enterprise-security/embedded-security-internet-of-things?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Internet of Things &#038; Embedded Security</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/embedded-security-internet-of-things?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item icon-transportation-cybersecurity menu-item menu-item-type-custom menu-item-object-custom menu-item-87712"><figure><a href="https://www.kaspersky.com/enterprise-security/industrial-solution?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/enterprise-menu-icons/transportation-cybersecurity.png"</a></figure><a href="https://www.kaspersky.com/enterprise-security/industrial-solution?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Industrial Cybersecurity</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/industrial-solution?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item icon-fraud-prevention menu-item menu-item-type-custom menu-item-object-custom menu-item-87713"><figure><a href="https://www.kaspersky.com/enterprise-security/fraud-prevention?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/enterprise-menu-icons/fraud-prevention.png"</a></figure><a href="https://www.kaspersky.com/enterprise-security/fraud-prevention?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Fraud Prevention</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/fraud-prevention?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item menu-item menu-item-type-custom menu-item-object-custom menu-item-87711"><a href="https://www.kaspersky.com/enterprise-security/kasperskyos?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">KasperskyOS-based solutions</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/kasperskyos?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> </ul> <li> <ul class="regular"> <li class="title"><h6>Other solutions</h6> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-105615"><a href="https://www.kaspersky.com/enterprise-security/security-operations-center-soc?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Kaspersky for Security Operations Center</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-105614"><a href="https://www.kaspersky.com/enterprise-security/kaspersky-iot-infrastructure-security?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Kaspersky IoT Infrastructure Security</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-112322"><a href="https://www.kaspersky.com/enterprise-security/kaspersky-secure-remote-workspace?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Kaspersky Secure Remote Workspace</a> </ul> </ul> <li class="dropdown mega menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-87714"><a href="https://www.kaspersky.com/enterprise-security/industries?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Industries</a> <ul class="submenu"> <li class="first featured featured-smaller menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-87715"> <ul class="featured section-col-l-3 no-gutter"> <li class="show-figure smaller-item icon-national-cybersecurity menu-item menu-item-type-custom menu-item-object-custom menu-item-87716"><figure><a href="https://www.kaspersky.com/enterprise-security/national-cybersecurity?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/enterprise-menu-icons/national-cybersecurity.png"</a></figure><a href="https://www.kaspersky.com/enterprise-security/national-cybersecurity?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">National Cybersecurity</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/national-cybersecurity?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item icon-industrial-cybersecurity menu-item menu-item-type-custom menu-item-object-custom menu-item-87717"><figure><a href="https://www.kaspersky.com/enterprise-security/industrial?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/enterprise-menu-icons/industrial-cybersecurity.png"</a></figure><a href="https://www.kaspersky.com/enterprise-security/industrial?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Industrial Cybersecurity</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/industrial?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item icon-financial-cybersecurity menu-item menu-item-type-custom menu-item-object-custom menu-item-87718"><figure><a href="https://www.kaspersky.com/enterprise-security/finance?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/enterprise-menu-icons/financial-cybersecurity.png"</a></figure><a href="https://www.kaspersky.com/enterprise-security/finance?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Finance Services Cybersecurity</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/finance?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item icon-healthcare-cybersecurity menu-item menu-item-type-custom menu-item-object-custom menu-item-87719"><figure><a href="https://www.kaspersky.com/enterprise-security/healthcare?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/enterprise-menu-icons/healthcare-cybersecurity.png"</a></figure><a href="https://www.kaspersky.com/enterprise-security/healthcare?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Healthcare Cybersecurity</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/healthcare?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item icon-transportation-cybersecurity menu-item menu-item-type-custom menu-item-object-custom menu-item-87720"><figure><a href="https://www.kaspersky.com/enterprise-security/transportation-cybersecurity-it-infrastructure?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/enterprise-menu-icons/transportation-cybersecurity.png"</a></figure><a href="https://www.kaspersky.com/enterprise-security/transportation-cybersecurity-it-infrastructure?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Transportation Cybersecurity</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/transportation-cybersecurity-it-infrastructure?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item icon-retail-cybersecurity menu-item menu-item-type-custom menu-item-object-custom menu-item-87721"><figure><a href="https://www.kaspersky.com/enterprise-security/retail-cybersecurity?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/enterprise-menu-icons/retail-cybersecurity.png"</a></figure><a href="https://www.kaspersky.com/enterprise-security/retail-cybersecurity?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Retail Cybersecurity</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/retail-cybersecurity?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> </ul> <li> <ul class="regular"> <li class="title"><h6>Other Industries</h6> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87724"><a href="https://www.kaspersky.com/enterprise-security/telecom?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Telecom Cybersecurity</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87725"><a href="https://www.kaspersky.com/enterprise-security/industries?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">View all</a> </ul> </ul> <li class="dropdown mega menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-87726"><a href="https://www.kaspersky.com/enterprise-security/products?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Products</a> <ul class="submenu"> <li class="first featured featured-smaller menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-87728"> <ul class="featured section-col-l-3 no-gutter"> <li class="show-figure smaller-item menu-item menu-item-type-custom menu-item-object-custom menu-item-112352"><a href="https://www.kaspersky.com/next?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><figure><img alt="" src="https://media.kasperskydaily.com/wp-content/uploads/sites/92/2024/04/10052437/k_Next_RGB_black_icon.png"></figure>Kaspersky Next <small class="label-inline red">NEW!</small></a><div class="desc"><p><a href="https://www.kaspersky.com/next?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item menu-item menu-item-type-custom menu-item-object-custom menu-item-112323"><a href="https://www.kaspersky.com/enterprise-security/xdr?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><span class="surtitle">Kaspersky</span>XDR</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/xdr?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item icon-endpoint-security_products menu-item menu-item-type-custom menu-item-object-custom menu-item-87727"><figure><a href="https://www.kaspersky.com/enterprise-security/endpoint?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/enterprise-menu-icons/endpoint-security_products.png"</a></figure><a href="https://www.kaspersky.com/enterprise-security/endpoint?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><span class="surtitle">Kaspersky</span>Endpoint Security for Business</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/endpoint?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item icon-endpoint-detection-and-response menu-item menu-item-type-custom menu-item-object-custom menu-item-112324"><figure><a href="https://www.kaspersky.com/enterprise-security/endpoint-detection-response-edr?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/enterprise-menu-icons/endpoint-detection-and-response.png"</a></figure><a href="https://www.kaspersky.com/enterprise-security/endpoint-detection-response-edr?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><span class="surtitle">Kaspersky</span>EDR Expert</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/endpoint-detection-response-edr?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item icon-hybrid-cloud-security_products menu-item menu-item-type-custom menu-item-object-custom menu-item-87730"><figure><a href="https://www.kaspersky.com/enterprise-security/edr-security-software-solution?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/enterprise-menu-icons/hybrid-cloud-security_products.png"</a></figure><a href="https://www.kaspersky.com/enterprise-security/edr-security-software-solution?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><span class="surtitle">Kaspersky</span>EDR Optimum</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/edr-security-software-solution?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item icon-anti-targeted-attack-platform menu-item menu-item-type-custom menu-item-object-custom menu-item-87731"><figure><a href="https://www.kaspersky.com/enterprise-security/anti-targeted-attack-platform?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/enterprise-menu-icons/anti-targeted-attack-platform.png"</a></figure><a href="https://www.kaspersky.com/enterprise-security/anti-targeted-attack-platform?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><span class="surtitle">Kaspersky</span>Anti Targeted Attack Platform</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/anti-targeted-attack-platform?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item menu-item menu-item-type-custom menu-item-object-custom menu-item-112325"><a href="https://www.kaspersky.com/enterprise-security/cloud-security?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><span class="surtitle">Kaspersky</span>Hybrid Cloud Security</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/cloud-security?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item menu-item menu-item-type-custom menu-item-object-custom menu-item-112326"><a href="https://www.kaspersky.com/enterprise-security/sd-wan?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><span class="surtitle">Kaspersky</span>SD-WAN</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/sd-wan?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item icon-private-security-network menu-item menu-item-type-custom menu-item-object-custom menu-item-87732"><figure><a href="https://www.kaspersky.com/enterprise-security/industrial-cybersecurity?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/enterprise-menu-icons/private-security-network.png"</a></figure><a href="https://www.kaspersky.com/enterprise-security/industrial-cybersecurity?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><span class="surtitle">Kaspersky</span>Industrial CyberSecurity</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/industrial-cybersecurity?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item icon-embedded-systems-security menu-item menu-item-type-custom menu-item-object-custom menu-item-87733"><figure><a href="https://www.kaspersky.com/enterprise-security/container-security?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/enterprise-menu-icons/embedded-systems-security.png"</a></figure><a href="https://www.kaspersky.com/enterprise-security/container-security?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><span class="surtitle">Kaspersky</span>Container Security</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/container-security?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> </ul> <li> <ul class="regular"> <li class="title"><h6>Other Products</h6> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-112328"><a href="https://www.kaspersky.com/enterprise-security/products/internet-gateway?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Kaspersky Security for Internet Gateway</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-112329"><a href="https://www.kaspersky.com/enterprise-security/embedded-systems?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Kaspersky Embedded Systems Security</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-112330"><a href="https://www.kaspersky.com/enterprise-security/kaspersky-iot-infrastructure-security?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Kaspersky IoT Infrastructure Security</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-112331"><a href="https://www.kaspersky.com/enterprise-security/kaspersky-secure-remote-workspace?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Kaspersky Secure Remote Workspace</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-112332"><a href="https://www.kaspersky.com/enterprise-security/mail-server-security?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Kaspersky Security for Mail Server</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87740"><a target="_blank" href="https://www.kaspersky.com/enterprise-security/products?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">View All</a> </ul> </ul> <li class="dropdown mega menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-87741"><a href="https://www.kaspersky.com/enterprise-security/services?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Services</a> <ul class="submenu"> <li class="first featured featured-smaller menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-87742"> <ul class="featured section-col-l-3 no-gutter"> <li class="show-figure smaller-item icon-cybersecurity-services menu-item menu-item-type-custom menu-item-object-custom menu-item-87743"><figure><a href="https://www.kaspersky.com/enterprise-security/cybersecurity-services?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/enterprise-menu-icons/cybersecurity-services.png"</a></figure><a href="https://www.kaspersky.com/enterprise-security/cybersecurity-services?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><span class="surtitle">Kaspersky</span>Cybersecurity Services</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/cybersecurity-services?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item menu-item menu-item-type-custom menu-item-object-custom menu-item-105619"><a href="https://www.kaspersky.com/enterprise-security/security-awareness?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><span class="surtitle">Kaspersky</span>Security Awareness</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/security-awareness?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item icon-premium-support menu-item menu-item-type-custom menu-item-object-custom menu-item-87745"><figure><a href="https://www.kaspersky.com/enterprise-security/premium-support?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/enterprise-menu-icons/premium-support.png"</a></figure><a href="https://www.kaspersky.com/enterprise-security/premium-support?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><span class="surtitle">Kaspersky</span>Premium Support</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/premium-support?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item icon-threat-intelligence menu-item menu-item-type-custom menu-item-object-custom menu-item-87746"><figure><a href="https://www.kaspersky.com/enterprise-security/threat-intelligence?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/enterprise-menu-icons/threat-intelligence.png"</a></figure><a href="https://www.kaspersky.com/enterprise-security/threat-intelligence?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><span class="surtitle">Kaspersky</span>Threat Intelligence</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/threat-intelligence?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item icon-incident-response menu-item menu-item-type-custom menu-item-object-custom menu-item-87748"><figure><a href="https://www.kaspersky.com/enterprise-security/managed-detection-and-response?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/enterprise-menu-icons/incident-response.png"</a></figure><a href="https://www.kaspersky.com/enterprise-security/managed-detection-and-response?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><span class="surtitle">Kaspersky</span>Managed Detection and Response</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/managed-detection-and-response?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item icon-threat-hunting menu-item menu-item-type-custom menu-item-object-custom menu-item-87747"><figure><a href="https://www.kaspersky.com/enterprise-security/compromise-assessment?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/enterprise-menu-icons/threat-hunting.png"</a></figure><a href="https://www.kaspersky.com/enterprise-security/compromise-assessment?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><span class="surtitle">Kaspersky</span>Compromise Assessment</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/compromise-assessment?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> <li class="show-figure smaller-item icon-threat-hunting menu-item menu-item-type-custom menu-item-object-custom menu-item-112333"><figure><a href="https://www.kaspersky.com/enterprise-security/soc-consulting?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><img src="https://securelist.com/wp-content/themes/securelist2020/assets/images/enterprise-menu-icons/threat-hunting.png"</a></figure><a href="https://www.kaspersky.com/enterprise-security/soc-consulting?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link"><span class="surtitle">Kaspersky</span>SOC Consulting</a><div class="desc"><p><a href="https://www.kaspersky.com/enterprise-security/soc-consulting?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f">Learn More</a></p></div> </ul> <li> <ul class="regular"> <li class="title"><h6>Other Services</h6> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87751"><a href="https://www.kaspersky.com/enterprise-security/professional-services?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Kaspersky Professional Services</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87752"><a href="https://www.kaspersky.com/enterprise-security/incident-response?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Kaspersky Incident Response</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87753"><a href="https://www.kaspersky.com/enterprise-security/cyber-security-training?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Kaspersky Cybersecurity Training</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87755"><a href="https://www.kaspersky.com/enterprise-security/services?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">View All</a> </ul> </ul> <li class="dropdown menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-87756"><a href="https://www.kaspersky.com/enterprise-security/resources?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Resource Center</a> <ul class="submenu"> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87757"><a href="https://www.kaspersky.com/enterprise-security/resources/case-studies?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Case Studies</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87758"><a href="https://www.kaspersky.com/enterprise-security/resources/white-papers?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">White Papers</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87759"><a href="https://www.kaspersky.com/enterprise-security/resources/data-sheets?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Datasheets</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87760"><a href="https://www.kaspersky.com/enterprise-security/wiki-section/home?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Technologies</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-105620"><a href="https://www.kaspersky.com/MITRE?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">MITRE ATT&#038;CK</a> </ul> <li class="dropdown menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-87761"><a href="https://www.kaspersky.com/about?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">About Us</a> <ul class="submenu"> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-105621"><a href="https://www.kaspersky.com/about/transparency?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Transparency</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-105622"><a href="https://www.kaspersky.com/about/press-releases?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Corporate News</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-105623"><a href="https://press.kaspersky.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Press Center</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-105624"><a href="https://www.kaspersky.com/about/careers?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Careers</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-105626"><a href="https://www.kaspersky.com/about/sponsorships/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Sponsorship</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-105627"><a href="https://www.kaspersky.com/about/policy-blog?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Policy Blog</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-105628"><a href="https://www.kaspersky.com/about/contact?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">Contacts</a> </ul> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87762"><a href="https://www.kaspersky.com/gdpr?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="nextgen-menu-link">GDPR</a> </ul> </nav> </div> </header> <div class="mobile-menu-wrapper mobile-menu-wrapper--dark"> <ul class="mobile-nav" data-back="Back"> <li class="selector"> <a data-element-id="subscribe-button" href="#modal-newsletter" class="button-link js-modal-open"><i class="font-icons icon-envelope"></i>Subscribe</a> <a href="#" class="button-link c-theme-switcher js-theme-switcher"><i class="font-icons icon-moon"></i> Dark mode<span class="u-hidden u-inline--dark"> off</span></a> <a data-element-id="login-button" href="#" class="button-link js-kaspersky-sso-login"><svg class="o-icon o-svg-icon"><use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-user"></use></svg>Login</a> </li> <li class="title"> <span>Securelist menu</span> </li> <li class="parent" data-parent data-icon="top-item"><a data-element-id="lang-selector" href="#" class=""><i class="top-item"></i><span>English</span></a><ul class="submenu"><li class="menu-item"><a href="https://securelist.ru">Russian</a></li><li class="menu-item"><a href="https://securelist.lat">Spanish</a></li></ul> <li class="parent" data-parent="Existing Customers" data-icon="font-icons top-item"><a rel="Existing Customers" href="#"><i class="font-icons top-item"></i><span>Existing Customers</span></a> <ul class="submenu"> <li class="parent" data-parent="Personal" data-icon="top-item"><a rel="Personal" href="#"><i class="top-item"></i><span>Personal</span></a> <ul class="submenu"> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87860"><a href="https://my.kaspersky.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">My Kaspersky</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-105987"><a href="https://www.kaspersky.com/renewal-center/home?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Renew your product</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-105988"><a href="https://www.kaspersky.com/downloads?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Update your product</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-105989"><a href="https://support.kaspersky.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Customer support</a> </ul> <li class="parent" data-parent="Business" data-icon="top-item"><a rel="Business" href="#"><i class="top-item"></i><span>Business</span></a> <ul class="submenu"> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-105991"><a href="https://ksos.kaspersky.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">KSOS portal</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-105992"><a href="https://cloud.kaspersky.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Kaspersky Business Hub</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-105993"><a href="https://support.kaspersky.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Technical Support</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-105994"><a href="https://www.kaspersky.com/small-to-medium-business-security/resources?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Knowledge Base</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-105995"><a href="https://www.kaspersky.com/renewal-center/vsb?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Renew License</a> </ul> </ul> <li class="parent" data-parent="Home" data-icon="font-icons top-item"><a rel="Home" href="#"><i class="font-icons top-item"></i><span>Home</span></a> <ul class="submenu"> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87778"><a href="https://www.kaspersky.com/home-security?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Products</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87771"><a href="https://www.kaspersky.com/downloads?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Trials&#038;Update</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87859"><a href="https://www.kaspersky.com/resource-center?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Resource Center</a> </ul> <li class="parent" data-parent="Business" data-icon="top-item"><a rel="Business" href="#"><i class="top-item"></i><span>Business</span></a> <ul class="submenu"> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-112353"><a href="https://www.kaspersky.com/next?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Kaspersky Next</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87776"><a href="https://www.kaspersky.com/small-business-security?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Small Business (1-50 employees)</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87782"><a href="https://www.kaspersky.com/small-to-medium-business-security?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Medium Business (51-999 employees)</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87783"><a href="https://www.kaspersky.com/enterprise-security?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Enterprise (1000+ employees)</a> </ul> <li class="splitter"></li> <li class="title"><span>Securelist</span> <li class="parent" data-parent="" data-icon="top-item"><a href="https://securelist.com/threat-categories/"><i class="top-item"></i><span>Threats</span></a> <ul class="submenu"> <li class="menu-item menu-item-type-taxonomy menu-item-object-threat-category menu-item-89472"><a href="https://securelist.com/threat-category/financial-threats/">Financial threats</a> <li class="menu-item menu-item-type-taxonomy menu-item-object-threat-category current-post-ancestor current-menu-parent current-post-parent menu-item-89467"><a href="https://securelist.com/threat-category/mobile-threats/">Mobile threats</a> <li class="menu-item menu-item-type-taxonomy menu-item-object-threat-category menu-item-89471"><a href="https://securelist.com/threat-category/web-threats/">Web threats</a> <li class="menu-item menu-item-type-taxonomy menu-item-object-threat-category menu-item-89468"><a href="https://securelist.com/threat-category/secure-environment/">Secure environment (IoT)</a> <li class="menu-item menu-item-type-taxonomy menu-item-object-threat-category menu-item-89470"><a href="https://securelist.com/threat-category/vulnerabilities-and-exploits/">Vulnerabilities and exploits</a> <li class="menu-item menu-item-type-taxonomy menu-item-object-threat-category menu-item-89466"><a href="https://securelist.com/threat-category/spam-and-phishing/">Spam and Phishing</a> <li class="menu-item menu-item-type-taxonomy menu-item-object-threat-category menu-item-89469"><a href="https://securelist.com/threat-category/industrial-threats/">Industrial threats</a> </ul> <li class="parent" data-parent="" data-icon="top-item"><a href="https://securelist.com/categories/"><i class="top-item"></i><span>Categories</span></a> <ul class="submenu"> <li class="menu-item menu-item-type-taxonomy menu-item-object-category current-post-ancestor current-menu-parent current-post-parent menu-item-87880"><a href="https://securelist.com/category/apt-reports/">APT reports</a> <li class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-87881"><a href="https://securelist.com/category/incidents/">Incidents</a> <li class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-87886"><a href="https://securelist.com/category/research/">Research</a> <li class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-89476"><a href="https://securelist.com/category/malware-reports/">Malware reports</a> <li class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-89479"><a href="https://securelist.com/category/spam-and-phishing-reports/">Spam and phishing reports</a> <li class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-89477"><a href="https://securelist.com/category/publications/">Publications</a> <li class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-87882"><a href="https://securelist.com/category/kaspersky-security-bulletin/">Kaspersky Security Bulletin</a> </ul> <li class="menu-item menu-item-type-post_type menu-item-object-page current_page_parent menu-item-101953"><a href="https://securelist.com/all/">Archive</a> <li class="menu-item menu-item-type-post_type menu-item-object-page menu-item-87899"><a href="https://securelist.com/tags/">All Tags</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-101954"><a href="https://apt.securelist.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">APT Logbook</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-101955"><a href="https://securelist.com/webinars/">Webinars</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-102687"><a href="https://statistics.securelist.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Statistics</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87901"><a target="_blank" href="https://encyclopedia.kaspersky.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Encyclopedia</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87902"><a target="_blank" href="https://threats.kaspersky.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Threats descriptions</a> <li class="menu-item menu-item-type-post_type menu-item-object-page menu-item-105984"><a href="https://securelist.com/ksb-2021/">KSB 2021</a> <li class="splitter"></li> <li class="parent" data-parent="About Us" data-icon="top-item"><a rel="About Us" href="#"><i class="top-item"></i><span>About Us</span></a> <ul class="submenu"> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87792"><a href="https://www.kaspersky.com/about/company?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Company</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87968"><a href="https://www.kaspersky.com/transparency?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Transparency</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87971"><a href="https://www.kaspersky.com/about/press-releases?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Corporate News</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87796"><a href="https://press.kaspersky.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Press Center</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87797"><a href="https://www.kaspersky.com/about/careers?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Careers</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87798"><a href="https://www.kaspersky.com/about/sponsorships/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Sponsorships</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87970"><a href="https://www.kaspersky.com/about/policy-blog?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Policy Blog</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87793"><a href="https://www.kaspersky.com/about/contact?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Contacts</a> </ul> <li class="parent" data-parent="Partners" data-icon="top-item"><a rel="Partners" href="#"><i class="top-item"></i><span>Partners</span></a> <ul class="submenu"> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87768"><a href="https://www.kasperskypartners.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Find a Partner</a> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-87769"><a href="https://www.kaspersky.com/partners?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8">Partner Program</a> </ul> </ul> <div class="background-overlay"></div> </div> <div class="c-page"> <section class="c-block c-block--bg-image c-page-header js-sticky-header" style="background-image: url(https://securelist.com/wp-content/themes/securelist2020/assets/images/content/bg-gradient-01.jpg);"> <div class="o-container-fluid"> <div class="c-page-header__wrapper u-mt-spacer-base-"> <div class="o-row o-row--small-gutters"> <div class="o-col-3@md u-mt-spacer-base-"> <a data-element-id="content-menu" href="#" class="c-page-nav-toggle js-main-menu-toggle"> <span class="c-page-nav-toggle__icon"> <span></span> <span></span> <span></span> </span> <span class="c-page-nav-toggle__text">Content menu</span> <span class="c-page-nav-toggle__text c-page-nav-toggle__text--active">Close</span> </a> </div> <div class="o-col-6@md"> <form class="c-page-search__form js-main-search-popup js-wizardinfosys_autosearch_form" full_search_url="https://securelist.com/?s=%q%" action="https://securelist.com/" method="get"> <div class="c-form-element c-form-element--style-fill"> <div class="c-form-element__field wp_autosearch_form_wrapper"> <input name="s" class="c-form-element__text wp_autosearch_input ac_input" data-webinars="" type="text" value="" placeholder="Search..." autocomplete="off"> </div> </div> <button class="c-button c-button--icon wp_autosearch_submit"><svg class="o-icon o-svg-icon o-svg-large"><use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-search"></use></svg></button> </form> </div> <div class="o-col-3@md c-page-header__utilities"> <a data-element-id="subscribe-button" href="#modal-newsletter" class="c-button c-subscribe-modal-toggle js-modal-open"><svg class="o-icon o-svg-icon o-svg-large"><use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-envelope"></use></svg><span>Subscribe</span></a> <div class="c-page-header__dropdown-wrapper"> <button class="c-button c-button--icon c-user-button js-kaspersky-sso-login"><svg class="o-icon o-svg-icon o-svg-large"><use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-user"></use></svg></button> </div> </div> </div> </div> </div> <nav class="c-page-nav c-color--invert"> <div class="o-container-fluid"> <div class="o-row o-row--small-gutters"> <div class="o-col-3@md c-page-nav__info"> <div class="c-site-logo__group"> <a data-element-id="content-menu-securelist-logo" href="https://securelist.com/" class="c-site-logo c-site-logo--basic c-site-logo--sm"></a> <span class="c-site-tagline">by Kaspersky</span> </div> <a data-element-id="content-menu-dark-mode" href="#" class="c-theme-switcher js-theme-switcher"><i class="font-icons icon-moon"></i> Dark mode<span class="u-hidden u-inline--dark"> off</span></a> </div> <div class="o-col-9@md"> <div class="c-page-menu"> <div class="o-row c-page-menu__dividers"> <div class="o-col-4@md"><div class="c-accordion js-accordion c-accordion--reset@md"><p id="menu-item-226" class="menu-item-threats section-title accordion menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-226 c-page-menu__title u-hidden u-block@md"><a href="https://securelist.com/threat-categories/" data-element-id="content-menu-link">Threats</a></p><div class="c-accordion-toggle js-accordion-toggle"><p>Threats</p></div><div class="c-accordion-container js-accordion-container"> <ul class="sub-menu"> <li id="menu-item-99839" class="menu-item menu-item-type-taxonomy menu-item-object-threat-category current-post-ancestor current-menu-parent current-post-parent menu-item-99839"><a href="https://securelist.com/threat-category/apt-targeted-attacks/" data-element-id="content-menu-link">APT (Targeted attacks)</a></li> <li id="menu-item-89457" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-89457"><a href="https://securelist.com/threat-category/secure-environment/" data-element-id="content-menu-link">Secure environment (IoT)</a></li> <li id="menu-item-63231" class="topic-item vulnerabilities menu-item menu-item-type-custom menu-item-object-custom menu-item-63231"><a href="https://securelist.com/threat-category/mobile-threats/" data-element-id="content-menu-link">Mobile threats</a></li> <li id="menu-item-63229" class="topic-item detected menu-item menu-item-type-custom menu-item-object-custom menu-item-63229"><a href="https://securelist.com/threat-category/financial-threats/" data-element-id="content-menu-link">Financial threats</a></li> <li id="menu-item-89458" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-89458"><a href="https://securelist.com/threat-category/spam-and-phishing/" data-element-id="content-menu-link">Spam and phishing</a></li> <li id="menu-item-99840" class="menu-item menu-item-type-taxonomy menu-item-object-threat-category menu-item-99840"><a href="https://securelist.com/threat-category/industrial-threats/" data-element-id="content-menu-link">Industrial threats</a></li> <li id="menu-item-89465" class="menu-item menu-item-type-taxonomy menu-item-object-threat-category menu-item-89465"><a href="https://securelist.com/threat-category/web-threats/" data-element-id="content-menu-link">Web threats</a></li> <li id="menu-item-89459" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-89459"><a href="https://securelist.com/threat-category/vulnerabilities-and-exploits/" data-element-id="content-menu-link">Vulnerabilities and exploits</a></li> <li id="menu-item-113855" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-113855"><a href="https://securelist.com/threat-categories/" data-element-id="content-menu-link">All threats</a></li> </ul> </li> </li></ul></div></div></div><div class="o-col-4@md"><div class="c-accordion js-accordion c-accordion--reset@md"><p id="menu-item-230" class="menu-item-categories section-title accordion menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-230 c-page-menu__title u-hidden u-block@md"><a href="https://securelist.com/categories/" data-element-id="content-menu-link">Categories</a></p><div class="c-accordion-toggle js-accordion-toggle"><p>Categories</p></div><div class="c-accordion-container js-accordion-container"> <ul class="sub-menu"> <li id="menu-item-84158" class="menu-item menu-item-type-taxonomy menu-item-object-category current-post-ancestor current-menu-parent current-post-parent menu-item-84158"><a href="https://securelist.com/category/apt-reports/" data-element-id="content-menu-link">APT reports</a></li> <li id="menu-item-99841" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-99841"><a href="https://securelist.com/category/malware-descriptions/" data-element-id="content-menu-link">Malware descriptions</a></li> <li id="menu-item-84160" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-84160"><a href="https://securelist.com/category/kaspersky-security-bulletin/" data-element-id="content-menu-link">Security Bulletin</a></li> <li id="menu-item-84161" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-84161"><a href="https://securelist.com/category/malware-reports/" data-element-id="content-menu-link">Malware reports</a></li> <li id="menu-item-89460" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-89460"><a href="https://securelist.com/category/spam-and-phishing-reports/" data-element-id="content-menu-link">Spam and phishing reports</a></li> <li id="menu-item-99842" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-99842"><a href="https://securelist.com/category/security-technologies/" data-element-id="content-menu-link">Security technologies</a></li> <li id="menu-item-84165" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-84165"><a href="https://securelist.com/category/research/" data-element-id="content-menu-link">Research</a></li> <li id="menu-item-84164" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-84164"><a href="https://securelist.com/category/publications/" data-element-id="content-menu-link">Publications</a></li> <li id="menu-item-113876" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-113876"><a href="https://securelist.com/categories/" data-element-id="content-menu-link">All categories</a></li> </ul> </li> </li></ul></div></div></div><div class="o-col-4@md"><p id="menu-item-277" class="menu-item-tags section-title after-accordion menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-277 c-page-menu__title u-hidden u-block@md"><a data-element-id="content-menu-link">Other sections</a></p> <ul class="sub-menu"> <li id="menu-item-100526" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-100526"><a href="https://securelist.com/all/" data-element-id="content-menu-link">Archive</a></li> <li id="menu-item-57837" class="show-all-tags menu-item menu-item-type-post_type menu-item-object-page menu-item-57837"><a href="https://securelist.com/tags/" data-element-id="content-menu-link">All tags</a></li> <li id="menu-item-101956" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-101956"><a href="https://securelist.com/webinars/" data-element-id="content-menu-link">Webinars</a></li> <li id="menu-item-101126" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-101126"><a target="_blank" rel="noopener noreferrer" href="https://apt.securelist.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="content-menu-link">APT Logbook</a></li> <li id="menu-item-241" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-241"><a target="_blank" rel="noopener noreferrer" href="https://statistics.securelist.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="content-menu-link">Statistics</a></li> <li id="menu-item-86643" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-86643"><a target="_blank" rel="noopener noreferrer" href="https://encyclopedia.kaspersky.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="content-menu-link">Encyclopedia</a></li> <li id="menu-item-58141" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-58141"><a target="_blank" rel="noopener noreferrer" href="https://threats.kaspersky.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="content-menu-link">Threats descriptions</a></li> <li id="menu-item-111312" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-111312"><a href="https://securelist.com/ksb-2023/" data-element-id="content-menu-link">KSB 2023</a></li> </ul> </li> </div> </div> </div> </div> </div> </div> </nav> </section> <section class="c-block c-block--spacing-t@md c-block--spacing-b-small@md c-block--divider-internal" style="z-index:10"> <div class="o-container-fluid"> <article class="c-article"> <header class="c-article__header"> <figure class="c-article__figure u-hidden@md"> <img width="800" height="450" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/11/11130332/securelist_abs_5-800x450.jpg" class="attachment-securelist-2020-thumbnail size-securelist-2020-thumbnail wp-post-image" alt="" decoding="async" fetchpriority="high" data-src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/11/11130332/securelist_abs_5-800x450.jpg" data-srcset="" srcset="" /> </figure> <p class="c-article__headline u-hidden@md"> <a href="https://securelist.com/category/apt-reports/" class="c-tag c-tag--primary">APT reports</a> </p> <h1 class="c-article__title">Transparent Tribe: Evolution analysis, part 2</h1> <div class="c-article__info"> <p class="c-article__headline u-hidden u-block@md"> <a href="https://securelist.com/category/apt-reports/" class="c-tag c-tag--primary">APT reports</a> </p> <p class="u-uppercase"><time datetime="2020-08-26T10:00:44+00:00">26 Aug 2020</time></p> <p class="c-article__reading u-ml-auto@md"> <svg class="o-icon o-svg-icon"><use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-hourglass"></use></svg> <span class="js-reading-time"></span> minute read </p> </div> </header> <div class="c-article__wrapper"> <div class="c-article__main"> <div class="o-row c-article__container"> <div class="o-col c-article__content js-article-body"> <div class="js-reading-wrapper"> <figure class="c-article__figure u-hidden u-block@md"> <img width="1200" height="600" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/11/11130332/securelist_abs_5-1200x600.jpg" class="attachment-securelist-2020-thumbnail-large size-securelist-2020-thumbnail-large wp-post-image" alt="" decoding="async" data-src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/11/11130332/securelist_abs_5-1200x600.jpg" data-srcset="" srcset="" /> </figure> <div class="c-article__authors u-hidden u-block@md"> <p class="c-block__title">Authors</p> <ul class="c-list-authors"> <li> <a href="https://securelist.com/author/giampaolodedola/" > <img alt='' src='https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2023/03/21153414/Giampaolo_Dedola_Securelist_2023-30x30.jpg' srcset='https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2023/03/21153414/Giampaolo_Dedola_Securelist_2023-60x60.jpg 2x' class='avatar avatar-30 photo' height='30' width='30' decoding='async'/> <span>Giampaolo Dedola</span></a> </li> </ul> </div> <div class="js-reading-content"> <div class="c-wysiwyg"> <h2 id="background-key-findings">Background + Key findings</h2> <p>Transparent Tribe, also known as PROJECTM or MYTHIC LEOPARD, is a highly prolific group whose activities can be traced as far back as 2013. In the last four years, this APT group has never taken time off. They continue to hit their targets, which typically are Indian military and government personnel.</p> <p>This is the second of two articles written to share the results of our recent investigations into Transparent Tribe. In the previous article, we described the various Crimson RAT components and provided an overview of impacted users. Here are some of the key insights that will be described in this part:</p> <ul> <li>We found a new Android implant used by Transparent Tribe for spying on mobile devices. It was distributed in India disguised as a porn-related app and a fake national COVID-19 tracking app.</li> <li>New evidence confirms a link between ObliqueRAT and Transparent Tribe.</li> </ul> <h2 id="android-implant">Android implant</h2> <p>During our analysis, we found an interesting sample, which follows a variant of the previously described attack scheme. Specifically, the attack starts with a simple document, which is not malicious by itself, does not contain any macro and does not try to download other malicious components, but it uses social engineering tricks to lure the victim into downloading other documents from the following external URLs:</p> <p>hxxp://sharingmymedia[.]com/files/Criteria-of-Army-Officers.doc</p> <p>hxxp://sharingmymedia[.]com/files/7All-Selected-list.xls</p> <p><a href="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/08/25121915/sl_transparent_tribe_p2_01.png" class="magnificImage"><img loading="lazy" decoding="async" class="aligncenter size-full wp-image-98235" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/08/25121915/sl_transparent_tribe_p2_01.png" alt="" width="687" height="634" srcset="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/08/25121915/sl_transparent_tribe_p2_01.png 687w, https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/08/25121915/sl_transparent_tribe_p2_01-300x277.png 300w" sizes="(max-width: 687px) 100vw, 687px" /></a></p> <p style="text-align: center"><strong><em>15DA10765B7BECFCCA3325A91D90DB37 &#8211; Special Benefits.docx</em></strong></p> <p>The remote files are two Microsoft Office documents with an embedded malicious VBA, which behaves similarly to those described in the previous article and drops the Crimson &#8220;Thin Client&#8221;. The domain sharingmymedia[.]com was even more interesting: it was resolved with the IP 89.45.67[.]160 and was registered on 2020-01-10 using Namesilo and the following information:</p> <p>Registrant Name: bluff hunnter<br /> Registrant Organization:<br /> Registrant Street: India Dehli<br /> Registrant City: Dehli<br /> Registrant State/Province: Delhi<br /> Registrant Postal Code: 110001<br /> Registrant Country: IN<br /> Registrant Phone: +91.4214521212<br /> Registrant Phone Ext:<br /> Registrant Fax:<br /> Registrant Fax Ext:<br /> Registrant Email: hunterbluff007@gmail.com</p> <p>The same information was used to register another domain, sharemydrives[.]com, which was registered seven days before, on 2020-01-03, using Namesilo. DNS resolution points to the same IP address: 89.45.67[.]160.</p> <p>Using our Kaspersky Threat Intelligence Portal, we found the following related URL:</p> <p style="text-align: center"><a href="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/08/25122131/sl_transparent_tribe_p2_02.png" class="magnificImage"><img loading="lazy" decoding="async" class="aligncenter size-full wp-image-98236" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/08/25122131/sl_transparent_tribe_p2_02.png" alt="" width="833" height="40" srcset="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/08/25122131/sl_transparent_tribe_p2_02.png 833w, https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/08/25122131/sl_transparent_tribe_p2_02-300x14.png 300w, https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/08/25122131/sl_transparent_tribe_p2_02-768x37.png 768w" sizes="(max-width: 833px) 100vw, 833px" /></a><br /> <strong><em>Information in Kaspersky Threat Intelligence Portal</em></strong></p> <p>The file is a modified version of MxVideoPlayer, a simple open-source video player for Android, downloadable from GitHub and used by Transparent Tribe to drop and execute their Android RAT.</p> <p><a href="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/08/25122231/sl_transparent_tribe_p2_03.png" class="magnificImage"><img loading="lazy" decoding="async" class="aligncenter size-full wp-image-98237" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/08/25122231/sl_transparent_tribe_p2_03.png" alt="" width="366" height="673" srcset="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/08/25122231/sl_transparent_tribe_p2_03.png 366w, https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/08/25122231/sl_transparent_tribe_p2_03-163x300.png 163w" sizes="(max-width: 366px) 100vw, 366px" /></a></p> <p style="text-align: center"><strong><em>Desi-porn.apk screenshot</em></strong></p> <p>The dropper tries to find a list of legitimate packages on the system:</p> <ul> <li>imo.android.imoim</li> <li>snapchat.android</li> <li>viber.voip</li> <li>facebook.lite</li> </ul> <p>If the device was produced by Xiaomi, it also checks if the com.truecaller package is present.</p> <p><a href="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/08/25122333/sl_transparent_tribe_p2_04.png" class="magnificImage"><img loading="lazy" decoding="async" class="aligncenter size-full wp-image-98238" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/08/25122333/sl_transparent_tribe_p2_04.png" alt="" width="818" height="608" srcset="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/08/25122333/sl_transparent_tribe_p2_04.png 818w, https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/08/25122333/sl_transparent_tribe_p2_04-300x223.png 300w, https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/08/25122333/sl_transparent_tribe_p2_04-768x571.png 768w, https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/08/25122333/sl_transparent_tribe_p2_04-200x150.png 200w" sizes="(max-width: 818px) 100vw, 818px" /></a></p> <p style="text-align: center"><strong><em>The code used to check if legitimate packages are installed</em></strong></p> <p>The first application on the list that is not installed on the system will be selected as the target application. The malware embeds multiple APK files, which are stored in a directory named &#8220;assets&#8221;. The analyzed sample includes the following packages:</p> <ul> <li>apk a20fc273a49c3b882845ac8d6cc5beac</li> <li>apk 53cd72147b0ef6bf6e64d266bf3ccafe</li> <li>apk bae69f2ce9f002a11238dcf29101c14f</li> <li>apk b8006e986453a6f25fd94db6b7114ac2</li> <li>apk 4556ccecbf24b2e3e07d3856f42c7072</li> <li>apk 6c3308cd8a060327d841626a677a0549</li> </ul> <p>The selected APK is copied to /.System/APK/. By default, the application tries to save the file to external storage, otherwise it saves it to the data directory.</p> <p>Finally, the application tries to install the copied APK. The final malware is a modified version of the AhMyth Android RAT, open-source malware downloadable from GitHub, which is built by binding the malicious payload inside other legitimate applications.</p> <p>The original AhMyth RAT includes support for the following commands:</p> <table> <tbody> <tr> <td width="83"><strong>Commands</strong></td> <td width="78"><strong>Additional fields </strong></td> <td width="89"><strong>Value</strong></td> <td width="300"><strong>Description</strong></td> </tr> <tr> <td width="83">x0000ca</td> <td width="78">extra</td> <td width="89">camlist</td> <td width="300">get a camera list</td> </tr> <tr> <td width="83"></td> <td width="78">extra</td> <td width="89">1</td> <td width="300">get a photo from the camera with the id 1</td> </tr> <tr> <td width="83"></td> <td width="78">extra</td> <td width="89">0</td> <td width="300">get a photo from the camera with the id 0</td> </tr> <tr> <td style="vertical-align: top">x0000fm</td> <td style="vertical-align: top" width="78">extra</p> <p>path</td> <td style="vertical-align: top" width="89">ls</p> <p>%dirpath%</td> <td style="vertical-align: top" width="300">get a list of files in the directory specified in the &#8220;path&#8221; variable.</td> </tr> <tr> <td width="83"></td> <td width="78">extra</p> <p>path</td> <td width="89">dl</p> <p>%filepath%</td> <td style="vertical-align: top" width="300">upload the specified file to the C2</td> </tr> <tr> <td width="83">x0000sm</td> <td width="78">extra</td> <td width="89">ls</td> <td width="300">get a list of text messages</td> </tr> <tr> <td width="83"></td> <td width="78">extra</p> <p>to</p> <p>sms</td> <td width="89">sendSMS</p> <p>%number%</p> <p>%message%</td> <td style="vertical-align: top" width="300">send a new text to another number</td> </tr> <tr> <td width="83">x0000cl</td> <td width="78"></td> <td width="89"></td> <td width="300">get the call log</td> </tr> <tr> <td width="83">x0000cn</td> <td width="78"></td> <td width="89"></td> <td width="300">get contacts</td> </tr> <tr> <td style="vertical-align: top" width="83">x0000mc</td> <td style="vertical-align: top" width="78">sec</td> <td style="vertical-align: top" width="89">%seconds%</td> <td width="300">record audio from the microphone for the specified number of seconds and upload the resulting file to the C2.</td> </tr> <tr> <td width="83">x0000lm</td> <td width="78"></td> <td width="89"></td> <td width="300">get the device location</td> </tr> </tbody> </table> <p>&nbsp;</p> <p>Basically, it provides the following features:</p> <ul> <li>camera manager (list devices and steal screenshots)</li> <li>file manager (enumerate files and upload these to the C2)</li> <li>SMS manager (get a list of text messages or send a text)</li> <li>get the call log</li> <li>get the contact list</li> <li>microphone manager</li> <li>location manager (track the device location)</li> </ul> <p>The RAT that we analyzed is slightly different from the original. It includes new features added by the attackers to improve data exfiltration, whereas some of the core features, such as the ability to steal pictures from the camera, are missing.</p> <p>The operators added the following commands:</p> <ul> <li>x000upd – download a new APK from the URL specified in the &#8220;path&#8221; field.</li> <li>x000adm – autodownloader: not implemented in the version we analyzed, but available in other samples.</li> </ul> <p>Moreover, the creators of the RAT also improved its audio surveillance capabilities and included a command to delete text messages with specific contents.</p> <table> <tbody> <tr> <td width="83"><strong>Commands</strong></td> <td width="78"><strong>Additional fields </strong></td> <td width="89"><strong>Value</strong></td> <td width="300"><strong>Description</strong></td> </tr> <tr style="vertical-align: top"> <td width="83">x000upd</td> <td width="78">path</td> <td width="89">%url%</td> <td width="300">download a new APK from the URL specified in the &#8220;path&#8221; field</td> </tr> <tr> <td width="83">x000adm</td> <td width="78"></td> <td width="89"></td> <td width="300">not implemented in the analyzed version. Other samples use this to start a class named &#8220;autodownloader&#8221;.</td> </tr> <tr style="vertical-align: top"> <td style="vertical-align: top" width="83">x0000mc</td> <td width="78">extra</p> <p>sec</td> <td width="89">au</p> <p>%seconds%</td> <td style="vertical-align: top" width="300">record audio for x seconds and upload the resulting file to the C2. Duration is specified in the &#8220;sec&#8221; value.</td> </tr> <tr> <td width="83"></td> <td width="78">extra</td> <td width="89">mu</td> <td width="300">stop recording and upload the resulting file to the C2</td> </tr> <tr> <td width="83"></td> <td style="vertical-align: top">extra</td> <td width="89">muS</p> <p>&nbsp;</td> <td style="vertical-align: top" width="300">start recording continuously. This generates MP3 files stored in the &#8220;/.System/Records/&#8221; directory.</td> </tr> <tr style="vertical-align: top"> <td style="vertical-align: top" width="83">x0000fm</td> <td width="78">extra</p> <p>path</td> <td width="89">ls</p> <p>%dirpath%</td> <td style="vertical-align: top" width="300">get a list of files in the directory specified in the &#8220;path&#8221; variable</td> </tr> <tr style="vertical-align: top"> <td width="83"></td> <td width="78">extra</p> <p>path</td> <td width="89">dl</p> <p>%filepath%</td> <td style="vertical-align: top" width="300">upload the specified file to hxxp://212.8.240[.]221:80/server/upload.php</td> </tr> <tr> <td width="83">sms</td> <td width="78">extra</td> <td width="89">ls</td> <td width="300">get a list of text messages</td> </tr> <tr style="vertical-align: top"> <td width="83"></td> <td width="78">extra</p> <p>to</p> <p>sms</td> <td width="89">sendSMS</p> <p>%number%</p> <p>%message%</td> <td style="vertical-align: top" width="300">Send a new text to another number.</td> </tr> <tr style="vertical-align: top"> <td width="83"></td> <td width="78">extra</p> <p>to</p> <p>sms</td> <td width="89">deleteSMS</p> <p>&nbsp;</p> <p>%message%</td> <td style="vertical-align: top" width="300">Delete a text that contains the string specified in the &#8220;sms&#8221; value. The &#8220;to&#8221; value is ignored.</td> </tr> <tr> <td width="83">x0000cl</td> <td width="78"></td> <td width="89"></td> <td width="300">get the call log</td> </tr> <tr> <td width="83">x0000cn</td> <td width="78"></td> <td width="89"></td> <td width="300">get contacts</td> </tr> <tr> <td width="83">x0000lm</td> <td width="78"></td> <td width="89"></td> <td width="300">get the device location</td> </tr> </tbody> </table> <p>&nbsp;</p> <p>The &#8220;autodownloader&#8221; is a method used for performing the following actions:</p> <ul> <li>upload a contact list</li> <li>upload a text message list</li> <li>upload files stored in the following directories: <ul> <li>/.System/Records/</li> <li>/Download/</li> <li>/DCIM/Camera/</li> <li>/Documents/</li> <li>/WhatsApp/Media/WhatsApp Images/</li> <li>/WhatsApp/Media/WhatsApp Documents/</li> </ul> </li> </ul> <p>The attacker uses the method to collect contacts and text messages automatically. In addition, the method collects the following: audio files created with the &#8220;x0000mc&#8221; command and stored in /.System/Records/, downloaded files, photos, images and documents shared via WhatsApp and other documents stored on the device.</p> <p>Another interesting difference between the original AhMyth and the one modified by Transparent Tribe is the technique used for getting the C2 address. The original version stores the C2 server as a string directly embedded in the code, whereas the modified version uses a different approach. It embeds another URL encoded with Base64 and used for getting a configuration file, which contains the real C2 address.</p> <p>In our sample, the URL was as follows:</p> <p>hxxp://tryanotherhorse[.]com/config.txt</p> <p>It provided the following content:</p> <p>212.8.240.221:5987</p> <p>http://www.tryanotherhorse.com</p> <p>The first value is the real C2, which seems to be a server hosted in the Netherlands.</p> <p>The modified version communicates via a different URL scheme, which includes more information:</p> <ul> <li>Original URL scheme: http://%server%:%port?model=%val%&amp;manf=%val%&amp;release=%val%&amp;id=%val%</li> <li>Modified URL scheme http://%server%:%port?mac=%val%&amp;battery=%val%&amp;model=%val%&amp;manf=%val%&amp;release=%val%&amp;id=%val%</li> </ul> <h2 id="covid-19-tracking-app">Covid-19 tracking app</h2> <p>We found evidence of Transparent Tribe taking advantage of pandemic-tracking applications to distribute trojanized code. Specifically, we found an APK file imitating <a href="https://www.mygov.in/aarogya-setu-app/">Aarogya Setu</a>, a COVID-19 tracking mobile application developed by the National Informatics Centre under the Ministry of Electronics and Information Technology, Government of India. It allows users to connect to essential health services in India.</p> <p>The discovered application tries to connect to the same malicious URL to get the C2 IP address:<br /> hxxp://tryanotherhorse[.]com/config.txt</p> <p>It uses the same URL scheme described earlier and it embeds the following APK packages:</p> <ul> <li>apk CF71BA878434605A3506203829C63B9D</li> <li>apk 627AA2F8A8FC2787B783E64C8C57B0ED</li> <li>apk 62FAD3AC69DB0E8E541EFA2F479618CE</li> <li>apk A912E5967261656457FD076986BB327C</li> <li>apk 3EB36A9853C9C68524DBE8C44734EC35</li> <li>apk 931435CB8A5B2542F8E5F29FD369E010</li> </ul> <p>Interestingly enough, at the end of April, the Indian Army issued a warning to its personnel against Pakistani agencies&#8217; nefarious designs to hack the phones of Indian military personnel through a malicious application similar to Aarogya Setu.</p> <p>According to some Indian online <a href="https://www.tribuneindia.com/news/nation/intel-agencies-caution-armed-forces-against-pak-propped-fake-aarogya-setumobile-app-78549">news</a> <a href="https://www.thehitavada.com/Encyc/2020/5/1/Pak-agencies-using-fake-Aarogya-Setu-app-to-spy-on-us-Indian-Army.html">sites</a>, these applications were found to be sent by Pakistani Intelligence Operatives to WhatsApp groups of Indian Army personnel. It also mentioned that these applications later deployed additional packages:</p> <p>According to some Indian online news sites, these applications were found to be sent by Pakistani Intelligence Operatives to WhatsApp groups of Indian Army personnel. It also mentioned that these applications later deployed additional packages:</p> <ul> <li>face.apk</li> <li>imo.apk</li> <li>normal.apk</li> <li>trueC.apk</li> <li>snap.apk</li> <li>viber.apk</li> </ul> <p>Based on public information, the application may have been distributed by sending a malicious link via WhatsApp, SMS, phishing email or social media.</p> <h2 id="obliquerat-connection">ObliqueRAT connection</h2> <p>ObliqueRAT is another malicious program, described by Cisco Talos in an <a href="https://blog.talosintelligence.com/2020/02/obliquerat-hits-victims-via-maldocs.html">interesting article</a> published in February. It was attributed to Transparent Tribe because some samples were distributed through malicious documents forged with macros that resembled those used for distributing Crimson RAT.</p> <p>The report described two ObliqueRAT variants, one distributed via a malicious document as the infection vector and another one, named &#8220;Variant #0&#8221; and distributed with a dropper.</p> <p>4a25e48b8cf515f4cdd6711a69ccc875429dcc32007adb133fb25d63e53e2ac6</p> <p>Unfortunately, as reported by Talos, &#8220;The initial distribution vector of this dropper is currently unknown&#8221;.</p> <p>At this time, we do not have the full infection chain, but we can add another piece to the puzzle, because sharemydrives[.]com also hosted another file:</p> <p><a href="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/08/25122942/sl_transparent_tribe_p2_05.png" class="magnificImage"><img loading="lazy" decoding="async" class="aligncenter size-full wp-image-98239" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/08/25122942/sl_transparent_tribe_p2_05.png" alt="" width="876" height="77" srcset="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/08/25122942/sl_transparent_tribe_p2_05.png 876w, https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/08/25122942/sl_transparent_tribe_p2_05-300x26.png 300w, https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/08/25122942/sl_transparent_tribe_p2_05-768x68.png 768w" sizes="(max-width: 876px) 100vw, 876px" /></a></p> <p style="text-align: center"><strong><em>Information in Kaspersky Threat Intelligence Portal</em></strong></p> <p>The wifeexchange.exe sample is another dropper, which disguises itself as a porn clip.</p> <p>Specifically, the executable file uses the same icon used by Windows for multimedia files.</p> <p><a href="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/08/25123019/sl_transparent_tribe_p2_06.png" class="magnificImage"><img loading="lazy" decoding="async" class="aligncenter size-full wp-image-98240" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/08/25123019/sl_transparent_tribe_p2_06.png" alt="" width="123" height="136" /></a></p> <p style="text-align: center"><strong><em>Dropper icon</em></strong></p> <p>Once executed, the process tries to find a specific marker (&#8220;*#@&#8221;) inside its file image, then drops and opens the following files:</p> <ul> <li>frame.exe &#8211; 4a25e48b8cf515f4cdd6711a69ccc875429dcc32007adb133fb25d63e53e2ac6</li> <li>movie.mp4</li> </ul> <p>Frame.exe is the dropper described by Talos, while movie.mp4 is a small porn clip.</p> <h2 id="conclusions">Conclusions</h2> <p>Transparent Tribe members are trying to add new tools to extend their operations and infect mobile devices. They are also developing new custom .NET tools like ObliqueRAT, and as observed in the first report, we do not expect this group to slow down any time soon. We will keep monitoring their activities.</p> <h2 id="ioc">IoC</h2> <p>The followings IoC list is not complete. If you want more information about the APT discussed here, a full IoC list and YARA rules are available to customers of Kaspersky Threat Intelligence Reports. Contact: <a href="mailto:intelreports@kaspersky.com">intelreports@kaspersky.com</a></p> <p>15DA10765B7BECFCCA3325A91D90DB37 &#8211; Special Benefits.docx<br /> 48476DA4403243B342A166D8A6BE7A3F &#8211; 7All_Selected_list.xls<br /> B3F8EEE133AE385D9C7655AAE033CA3E &#8211; Criteria of Army Officers.doc<br /> D7D6889BFA96724F7B3F951BC06E8C02 &#8211; wifeexchange.exe</p> <p>0294F46D0E8CB5377F97B49EA3593C25 &#8211; Android Dropper – Desi-porn.apk<br /> 5F563A38E3B98A7BC6C65555D0AD5CFD &#8211; Android Dropper &#8211; Aarogya Setu.apk<br /> A20FC273A49C3B882845AC8D6CC5BEAC – Android RAT &#8211; face.apk<br /> 53CD72147B0EF6BF6E64D266BF3CCAFE &#8211; Android RAT &#8211; imo.apk<br /> BAE69F2CE9F002A11238DCF29101C14F &#8211; Android RAT &#8211; normal.apk<br /> B8006E986453A6F25FD94DB6B7114AC2 &#8211; Android RAT &#8211; snap.apk<br /> 4556CCECBF24B2E3E07D3856F42C7072 &#8211; Android RAT &#8211; trueC.apk<br /> 6C3308CD8A060327D841626A677A0549 &#8211; Android RAT &#8211; viber.apk<br /> CF71BA878434605A3506203829C63B9D &#8211; Android RAT &#8211; face.apk<br /> 627AA2F8A8FC2787B783E64C8C57B0ED &#8211; Android RAT &#8211; imo.apk<br /> 62FAD3AC69DB0E8E541EFA2F479618CE &#8211; Android RAT &#8211; normal.apk<br /> A912E5967261656457FD076986BB327C &#8211; Android RAT &#8211; snap.apk<br /> 3EB36A9853C9C68524DBE8C44734EC35 &#8211; Android RAT &#8211; trueC.apk<br /> 931435CB8A5B2542F8E5F29FD369E010 &#8211; Android RAT &#8211; viber.apk</p> <p>hxxp://sharingmymedia[.]com/files/Criteria-of-Army-Officers.doc<br /> hxxp://sharingmymedia[.]com/files/7All-Selected-list.xls<br /> hxxp://sharemydrives[.]com/files/Laptop/wifeexchange.exe<br /> hxxp://sharemydrives[.]com/files/Mobile/Desi-Porn.apk<br /> hxxp://tryanotherhorse[.]com/config.txt – APK URL<br /> 212.8.240[.]221:5987 – Android RAT C2<br /> hxxp://212.8.240[.]221:80/server/upload.php – URL used by Android RAT to upload files</p> <p>&nbsp;</p> </div> </div> </div> <div class="c-article__footer"> <div class="c-article__categories"> <ul class="c-list-tags"> <li><a href="https://securelist.com/tag/apt/" class="c-link-tag"><span>APT</span></a></li> <li><a href="https://securelist.com/tag/google-android/" class="c-link-tag"><span>Google Android</span></a></li> <li><a href="https://securelist.com/tag/malware-descriptions/" class="c-link-tag"><span>Malware Descriptions</span></a></li> <li><a href="https://securelist.com/tag/malware-technologies/" class="c-link-tag"><span>Malware Technologies</span></a></li> <li><a href="https://securelist.com/tag/microsoft-office/" class="c-link-tag"><span>Microsoft Office</span></a></li> <li><a href="https://securelist.com/tag/rat-trojan/" class="c-link-tag"><span>RAT Trojan</span></a></li> <li><a href="https://securelist.com/tag/targeted-attacks/" class="c-link-tag"><span>Targeted attacks</span></a></li> </ul> </div> <div class="c-article__authors u-hidden@md"> <p class="c-title--extra-small">Authors</p> <ul class="c-list-authors"> <li> <a href="https://securelist.com/author/giampaolodedola/" > <img alt='' src='https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2023/03/21153414/Giampaolo_Dedola_Securelist_2023-30x30.jpg' srcset='https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2023/03/21153414/Giampaolo_Dedola_Securelist_2023-60x60.jpg 2x' class='avatar avatar-30 photo' height='30' width='30' loading='lazy' decoding='async'/> <span>Giampaolo Dedola</span></a> </li> </ul> </div> </div> <div id="comments" class="entry-comments c-article__comments js-comments-wrapper"> <p class="c-title--extra-small">Transparent Tribe: Evolution analysis, part 2</p> <div id="respond" class="comment-respond"> <h3 id="reply-title" class="u-hidden"> <small></small></h3><form action="https://securelist.com/wp-comments-post.php" method="post" id="loginform" class="comment-form"><p class="comment-notes"><span id="email-notes">Your email address will not be published.</span> <span class="required-field-message">Required fields are marked <span class="required">*</span></span></p><div class="comment-form-comment"><textarea id="comment" name="comment" style="width:100%" rows="8" aria-required="true" placeholder="Type your comment here"></textarea></div><!-- .comment-form-comment --><p class="comment-form-author"><label for="author">Name <span class="required">*</span></label> <input id="author" name="author" type="text" value="" size="30" maxlength="245" autocomplete="name" required="required" /></p> <p class="comment-form-email"><label for="email">Email <span class="required">*</span></label> <input id="email" name="email" type="text" value="" size="30" maxlength="100" aria-describedby="email-notes" autocomplete="email" required="required" /></p> <script type="text/javascript"> document.addEventListener("input", function (event) { if (!event.target.closest("#comment")) return; try{ grecaptcha.render("recaptcha-submit-btn-area", { "sitekey" : "6LfQdrAaAAAAAEb_rTrwlbyc8z0Fa9CMjELY_2Ts", "theme" : "standard" }); }catch(error){/*possible duplicated instances*/} }); </script> <script src="https://www.google.com/recaptcha/api.js?hl=en&render=explicit" async defer></script> <div id="recaptcha-submit-btn-area">&nbsp;</div> <noscript> <style type="text/css">#form-submit-save {display:none;}</style> <input name="submit" type="submit" id="submit-alt" tabindex="6" value="Submit Comment"/> </noscript> <p class="form-submit"><input name="submit" type="submit" id="commentsubmit" class="submit" value="Comment" /><a rel="nofollow" id="cancel-comment-reply-link" href="/transparent-tribe-part-2/98233/#respond" style="display:none;">Cancel</a> <input type='hidden' name='comment_post_ID' value='98233' id='comment_post_ID' /> <input type='hidden' name='comment_parent' id='comment_parent' value='0' /> </p><p style="display: none;"><input type="hidden" id="akismet_comment_nonce" name="akismet_comment_nonce" value="3919c54174" /></p><p style="display: none !important;" class="akismet-fields-container" data-prefix="ak_"><label>&#916;<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label><input type="hidden" id="ak_js_1" name="ak_js" value="206"/><script>document.getElementById( "ak_js_1" ).setAttribute( "value", ( new Date() ).getTime() );</script></p></form> </div><!-- #respond --> </div><!-- .entry-comments --> </div> <div class="o-col c-article__sidebar c-widgets--distributed u-hidden u-flex@md"> <div class="c-widget__wrapper"> <div class="js-sticky-widget"> <p><span class="c-tag c-tag--primary">GReAT webinars</span></p> <div class="o-row o-row--small-gutters"> <div class="o-col-12 c-card__dividers c-card__dividers--hide-first@xs c-card__dividers--show-last@xs"> <article class="c-card c-card--hor-reverse@xs u-items-center"> <div class="c-card__body"> <header class="c-card__header"> <time datetime="2021-05-13T13:00:00+00:00" class="c-card__event-date"> 13 May 2021, 1:00pm </time> <h3 class="c-card__title c-card__title--has-icon"><a href="https://securelist.com/webinars/great-ideas-balalaika-edition/" class="c-card__title-icon"><svg class="o-icon o-svg-icon o-svg-larger"><use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-webinar"></use></svg></a><a href="https://securelist.com/webinars/great-ideas-balalaika-edition/" class="c-card__link">GReAT Ideas. Balalaika Edition</a></h3> </header> <footer class="c-card__footer"> <div class="c-card__authors"> <ul class="c-list-authors c-list-authors--comma"> <li> <a href="https://securelist.com/author/borislarin/" > <span>Boris Larin</span></a> </li> <li> <a href="https://securelist.com/author/denislegezo/" > <span>Denis Legezo</span></a> </li> </ul> </div> </footer> </div> </article> <article class="c-card c-card--hor-reverse@xs u-items-center"> <div class="c-card__body"> <header class="c-card__header"> <time datetime="2021-02-26T12:00:00+00:00" class="c-card__event-date"> 26 Feb 2021, 12:00pm </time> <h3 class="c-card__title c-card__title--has-icon"><a href="https://securelist.com/webinars/great-ideas-green-tea-edition/" class="c-card__title-icon"><svg class="o-icon o-svg-icon o-svg-larger"><use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-webinar"></use></svg></a><a href="https://securelist.com/webinars/great-ideas-green-tea-edition/" class="c-card__link">GReAT Ideas. Green Tea Edition</a></h3> </header> <footer class="c-card__footer"> <div class="c-card__authors"> <ul class="c-list-authors c-list-authors--comma"> <li> <a href="https://securelist.com/author/johnhultquist/" > <span>John Hultquist</span></a> </li> <li> <a href="https://securelist.com/author/brian_bartholomew/" > <span>Brian Bartholomew</span></a> </li> <li> <a href="https://securelist.com/author/suguru/" > <span>Suguru Ishimaru</span></a> </li> <li> <a href="https://securelist.com/author/vitalykamluk/" > <span>Vitaly Kamluk</span></a> </li> <li> <a href="https://securelist.com/author/seongsupark/" > <span>Seongsu Park</span></a> </li> <li> <a href="https://securelist.com/author/yusukeniwa/" > <span>Yusuke Niwa</span></a> </li> <li> <a href="https://securelist.com/author/motohikosato/" > <span>Motohiko Sato</span></a> </li> </ul> </div> </footer> </div> </article> <article class="c-card c-card--hor-reverse@xs u-items-center"> <div class="c-card__body"> <header class="c-card__header"> <time datetime="2020-06-17T13:00:00+00:00" class="c-card__event-date"> 17 Jun 2020, 1:00pm </time> <h3 class="c-card__title c-card__title--has-icon"><a href="https://securelist.com/webinars/great-ideas-powered-by-sas-malware-attribution-and-next-gen-iot-honeypots/" class="c-card__title-icon"><svg class="o-icon o-svg-icon o-svg-larger"><use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-webinar"></use></svg></a><a href="https://securelist.com/webinars/great-ideas-powered-by-sas-malware-attribution-and-next-gen-iot-honeypots/" class="c-card__link">GReAT Ideas. Powered by SAS: malware attribution and next-gen IoT honeypots</a></h3> </header> <footer class="c-card__footer"> <div class="c-card__authors"> <ul class="c-list-authors c-list-authors--comma"> <li> <a href="https://securelist.com/author/marcopreuss/" > <span>Marco Preuss</span></a> </li> <li> <a href="https://securelist.com/author/denislegezo/" > <span>Denis Legezo</span></a> </li> <li> <a href="https://securelist.com/author/costin/" > <span>Costin Raiu</span></a> </li> <li> <a href="https://securelist.com/author/kurtb/" > <span>Kurt Baumgartner</span></a> </li> <li> <a href="https://securelist.com/author/dandemeter/" > <span>Dan Demeter</span></a> </li> <li> <a href="https://securelist.com/author/yaroslavshmelev/" > <span>Yaroslav Shmelev</span></a> </li> </ul> </div> </footer> </div> </article> <article class="c-card c-card--hor-reverse@xs u-items-center"> <div class="c-card__body"> <header class="c-card__header"> <time datetime="2020-08-26T14:00:00+00:00" class="c-card__event-date"> 26 Aug 2020, 2:00pm </time> <h3 class="c-card__title c-card__title--has-icon"><a href="https://securelist.com/webinars/great-ideas-powered-by-sas-threat-actors-advance-on-new-fronts/" class="c-card__title-icon"><svg class="o-icon o-svg-icon o-svg-larger"><use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-webinar"></use></svg></a><a href="https://securelist.com/webinars/great-ideas-powered-by-sas-threat-actors-advance-on-new-fronts/" class="c-card__link">GReAT Ideas. Powered by SAS: threat actors advance on new fronts</a></h3> </header> <footer class="c-card__footer"> <div class="c-card__authors"> <ul class="c-list-authors c-list-authors--comma"> <li> <a href="https://securelist.com/author/ivankwiatkowski/" > <span>Ivan Kwiatkowski</span></a> </li> <li> <a href="https://securelist.com/author/maheryamout/" > <span>Maher Yamout</span></a> </li> <li> <a href="https://securelist.com/author/noushinshabab/" > <span>Noushin Shabab</span></a> </li> <li> <a href="https://securelist.com/author/pierredelcher/" > <span>Pierre Delcher</span></a> </li> <li> <a href="https://securelist.com/author/felixaime/" > <span>Félix Aime</span></a> </li> <li> <a href="https://securelist.com/author/giampaolodedola/" > <span>Giampaolo Dedola</span></a> </li> <li> <a href="https://securelist.com/author/santiago/" > <span>Santiago Pontiroli</span></a> </li> </ul> </div> </footer> </div> </article> <article class="c-card c-card--hor-reverse@xs u-items-center"> <div class="c-card__body"> <header class="c-card__header"> <time datetime="2020-07-22T14:00:00+00:00" class="c-card__event-date"> 22 Jul 2020, 2:00pm </time> <h3 class="c-card__title c-card__title--has-icon"><a href="https://securelist.com/webinars/great-ideas-powered-by-sas-threat-hunting-and-new-techniques/" class="c-card__title-icon"><svg class="o-icon o-svg-icon o-svg-larger"><use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-webinar"></use></svg></a><a href="https://securelist.com/webinars/great-ideas-powered-by-sas-threat-hunting-and-new-techniques/" class="c-card__link">GReAT Ideas. Powered by SAS: threat hunting and new techniques</a></h3> </header> <footer class="c-card__footer"> <div class="c-card__authors"> <ul class="c-list-authors c-list-authors--comma"> <li> <a href="https://securelist.com/author/dimitrybestuzhev/" > <span>Dmitry Bestuzhev</span></a> </li> <li> <a href="https://securelist.com/author/costin/" > <span>Costin Raiu</span></a> </li> <li> <a href="https://securelist.com/author/pierredelcher/" > <span>Pierre Delcher</span></a> </li> <li> <a href="https://securelist.com/author/brian_bartholomew/" > <span>Brian Bartholomew</span></a> </li> <li> <a href="https://securelist.com/author/borislarin/" > <span>Boris Larin</span></a> </li> <li> <a href="https://securelist.com/author/arieljungheit/" > <span>Ariel Jungheit</span></a> </li> <li> <a href="https://securelist.com/author/fabioa/" > <span>Fabio Assolini</span></a> </li> </ul> </div> </footer> </div> </article> </div> </div> </div> </div> <div class="c-widget__wrapper"> <div class="js-sticky-widget"> <p><span class="c-tag c-tag--primary">From the same authors</span></p> <div class="o-row o-row--small-gutters"> <div class="o-col-12 c-card__dividers c-card__dividers--hide-first@xs c-card__dividers--show-last@xs"> <article class="c-card c-card--hor-reverse@xs u-items-center"> <a href="https://securelist.com/sidewinder-apt/114089/" class="c-card__figure" style=""> <img width="800" height="450" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/10/11172712/SL-SideWinder-StealerBot-featured-800x450.jpg" class="attachment-securelist-2020-thumbnail size-securelist-2020-thumbnail wp-post-image" alt="" decoding="async" loading="lazy" data-src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/10/11172712/SL-SideWinder-StealerBot-featured-800x450.jpg" data-srcset="" srcset="" /> </a> <div class="c-card__body"> <header class="c-card__header"> <h3 class="c-card__title"><a href="https://securelist.com/sidewinder-apt/114089/" class="c-card__link">Beyond the Surface: the evolution and expansion of the SideWinder APT group</a></h3> </header> </div> </article> </div> <div class="o-col-12 c-card__dividers c-card__dividers--hide-first@xs c-card__dividers--show-last@xs"> <article class="c-card c-card--hor-reverse@xs u-items-center"> <a href="https://securelist.com/toddycat-keep-calm-and-check-logs/110696/" class="c-card__figure" style=""> <img width="800" height="450" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2023/10/12092515/SL_featured_ToddyCat-800x450.jpg" class="attachment-securelist-2020-thumbnail size-securelist-2020-thumbnail wp-post-image" alt="" decoding="async" loading="lazy" data-src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2023/10/12092515/SL_featured_ToddyCat-800x450.jpg" data-srcset="" srcset="" /> </a> <div class="c-card__body"> <header class="c-card__header"> <h3 class="c-card__title"><a href="https://securelist.com/toddycat-keep-calm-and-check-logs/110696/" class="c-card__link">ToddyCat: Keep calm and check logs</a></h3> </header> </div> </article> </div> <div class="o-col-12 c-card__dividers c-card__dividers--hide-first@xs c-card__dividers--show-last@xs"> <article class="c-card c-card--hor-reverse@xs u-items-center"> <a href="https://securelist.com/goldenjackal-apt-group/109677/" class="c-card__figure" style=""> <img width="800" height="450" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2023/05/22123825/anubis-golden-jackal-binary-code-sl-1200-800x450.jpg" class="attachment-securelist-2020-thumbnail size-securelist-2020-thumbnail wp-post-image" alt="" decoding="async" loading="lazy" data-src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2023/05/22123825/anubis-golden-jackal-binary-code-sl-1200-800x450.jpg" data-srcset="" srcset="" /> </a> <div class="c-card__body"> <header class="c-card__header"> <h3 class="c-card__title"><a href="https://securelist.com/goldenjackal-apt-group/109677/" class="c-card__link">Meet the GoldenJackal APT group. Don&#8217;t expect any howls</a></h3> </header> </div> </article> </div> <div class="o-col-12 c-card__dividers c-card__dividers--hide-first@xs c-card__dividers--show-last@xs"> <article class="c-card c-card--hor-reverse@xs u-items-center"> <a href="https://securelist.com/toddycat/106799/" class="c-card__figure" style=""> <img width="800" height="450" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/06/21102251/intro_toddycat_apt-800x450.jpg" class="attachment-securelist-2020-thumbnail size-securelist-2020-thumbnail wp-post-image" alt="" decoding="async" loading="lazy" data-src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/06/21102251/intro_toddycat_apt-800x450.jpg" data-srcset="" srcset="" /> </a> <div class="c-card__body"> <header class="c-card__header"> <h3 class="c-card__title"><a href="https://securelist.com/toddycat/106799/" class="c-card__link">APT ToddyCat</a></h3> </header> </div> </article> </div> <div class="o-col-12 c-card__dividers c-card__dividers--hide-first@xs c-card__dividers--show-last@xs"> <article class="c-card c-card--hor-reverse@xs u-items-center"> <a href="https://securelist.com/transparent-tribe-part-1/98127/" class="c-card__figure" style=""> <img width="800" height="450" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/11/11130332/securelist_abs_5-800x450.jpg" class="attachment-securelist-2020-thumbnail size-securelist-2020-thumbnail wp-post-image" alt="" decoding="async" loading="lazy" data-src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/11/11130332/securelist_abs_5-800x450.jpg" data-srcset="" srcset="" /> </a> <div class="c-card__body"> <header class="c-card__header"> <h3 class="c-card__title"><a href="https://securelist.com/transparent-tribe-part-1/98127/" class="c-card__link">Transparent Tribe: Evolution analysis, part 1</a></h3> </header> </div> </article> </div> </div> </div> </div> <div class="c-widget__wrapper"> <div class="c-widget-subscribe js-sticky-widget"> <div class="c-block__header"> <h5 class="c-title--small">Subscribe to our weekly e-mails</h5> <p>The hottest research right in your inbox</p> </div> <div class="c-form--float-labels js-float-labels"> <script type="text/javascript"></script> <div class='gf_browser_gecko gform_wrapper gform_wrapper_original_id_11 gravity-theme subscribe-mc_wrapper' id='gform_wrapper_17306142' ><div id='gf_17306142' class='gform_anchor' tabindex='-1'></div><form method='post' enctype='multipart/form-data' target='gform_ajax_frame_17306142' id='gform_17306142' class='subscribe-mc' action='/transparent-tribe-part-2/98233/#gf_17306142' > <div class="gform-content-wrapper"><div class='gform_body gform-body'><div id='gform_fields_17306142' class='gform_fields top_label form_sublabel_below description_below'><div id="field_11_1" class="gfield gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible" ><label class='gfield_label screen-reader-text' for='input_17306142_1' >Email<span class="gfield_required"><span class="gfield_required gfield_required_text">(Required)</span></span></label><div class='ginput_container ginput_container_email'> <input name='input_1' id='input_17306142_1' type='text' value='' class='medium' placeholder='Email' aria-required="true" aria-invalid="false" /> </div></div><div id="field_11_3" class="gfield js-kaspersky-gform-recaptcha-placeholder gform_hidden field_sublabel_below field_description_below gfield_visibility_hidden" ><div class='ginput_container ginput_container_text'><input name='input_3' id='input_17306142_3' type='hidden' class='gform_hidden' aria-invalid="false" value='' /></div></div><fieldset id="field_11_2" class="gfield input-without-label label-gdpr gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible" ><legend class='gfield_label screen-reader-text gfield_label_before_complex' ><span class="gfield_required"><span class="gfield_required gfield_required_text">(Required)</span></span></legend><div class='ginput_container ginput_container_checkbox'><div class='gfield_checkbox' id='input_17306142_2'><div class='gchoice gchoice_11_2_1'> <input class='gfield-choice-input' name='input_2.1' type='checkbox' value='I agree' id='choice_17306142_11_2_1' /> <label for='choice_17306142_11_2_1' id='label_17306142_11_2_1'>I agree to provide my email address to “AO Kaspersky Lab” to receive information about new posts on the site. I understand that I can withdraw this consent at any time via e-mail by clicking the “unsubscribe” link that I find at the bottom of any e-mail sent to me for the purposes mentioned above.</label> </div></div></div></fieldset></div></div> <div class='gform_footer top_label'> <button type="submit" class="gform_button button" id='gform_submit_button_17306142' value="Sign up"> <svg class="o-icon o-svg-icon o-svg-large"><use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-envelope"></use></svg> <span>Subscribe</span> </button> <input type='hidden' name='gform_ajax' value='form_id=11&amp;title=&amp;description=&amp;tabindex=0' /> <input type='hidden' class='gform_hidden' name='is_submit_11' value='1' /> <input type='hidden' class='gform_hidden' name='gform_submit' value='11' /> <input type='hidden' class='gform_hidden' name='gform_unique_id' value='' /> <input type='hidden' class='gform_hidden' name='state_11' value='WyJbXSIsImIwODQwZTA2ZGQ0NzYwODcyOTBkZjNmZDM1NDk2Y2ZkIl0=' /> <input type='hidden' class='gform_hidden' name='gform_target_page_number_11' id='gform_target_page_number_17306142_11' value='0' /> <input type='hidden' class='gform_hidden' name='gform_source_page_number_11' id='gform_source_page_number_17306142_11' value='1' /> <input type='hidden' name='gform_random_id' value='17306142' /><input type='hidden' name='gform_field_values' value='securelist_2020_form_location=sidebar' /> </div> </div><p style="display: none !important;" class="akismet-fields-container" data-prefix="ak_"><label>&#916;<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label><input type="hidden" id="ak_js_2" name="ak_js" value="162"/><script>document.getElementById( "ak_js_2" ).setAttribute( "value", ( new Date() ).getTime() );</script></p></form> </div> <iframe style='display:none;width:0px;height:0px;' src='about:blank' name='gform_ajax_frame_17306142' id='gform_ajax_frame_17306142' title='This iframe contains the logic required to handle Ajax powered Gravity Forms.'></iframe> <script type="text/javascript"> /* <![CDATA[ */ gform.initializeOnLoaded( function() {gformInitSpinner( 17306142, 'https://securelist.com/wp-content/themes/securelist2020/assets/images/content/ajax-spinner-red.svg' );jQuery('#gform_ajax_frame_17306142').on('load',function(){var contents = jQuery(this).contents().find('*').html();var is_postback = contents.indexOf('GF_AJAX_POSTBACK') >= 0;if(!is_postback){return;}var form_content = jQuery(this).contents().find('#gform_wrapper_17306142');var is_confirmation = jQuery(this).contents().find('#gform_confirmation_wrapper_17306142').length > 0;var is_redirect = contents.indexOf('gformRedirect(){') >= 0;var is_form = form_content.length > 0 && ! is_redirect && ! is_confirmation;var mt = parseInt(jQuery('html').css('margin-top'), 10) + parseInt(jQuery('body').css('margin-top'), 10) + 100;if(is_form){jQuery('#gform_wrapper_17306142').html(form_content.html());if(form_content.hasClass('gform_validation_error')){jQuery('#gform_wrapper_17306142').addClass('gform_validation_error');} else {jQuery('#gform_wrapper_17306142').removeClass('gform_validation_error');}setTimeout( function() { /* delay the scroll by 50 milliseconds to fix a bug in chrome */ jQuery(document).scrollTop(jQuery('#gform_wrapper_17306142').offset().top - mt); }, 50 );if(window['gformInitDatepicker']) {gformInitDatepicker();}if(window['gformInitPriceFields']) {gformInitPriceFields();}var current_page = jQuery('#gform_source_page_number_17306142_11').val();gformInitSpinner( 17306142, 'https://securelist.com/wp-content/themes/securelist2020/assets/images/content/ajax-spinner-red.svg' );jQuery(document).trigger('gform_page_loaded', [17306142, current_page]);window['gf_submitting_17306142'] = false;}else if(!is_redirect){var confirmation_content = jQuery(this).contents().find('.GF_AJAX_POSTBACK').html();if(!confirmation_content){confirmation_content = contents;}setTimeout(function(){jQuery('#gform_wrapper_17306142').replaceWith(confirmation_content);jQuery(document).scrollTop(jQuery('#gf_17306142').offset().top - mt);jQuery(document).trigger('gform_confirmation_loaded', [17306142]);window['gf_submitting_17306142'] = false;wp.a11y.speak(jQuery('#gform_confirmation_message_17306142').text());}, 50);}else{jQuery('#gform_17306142').append(contents);if(window['gformRedirect']) {gformRedirect();}}jQuery(document).trigger('gform_post_render', [17306142, current_page]);} );} ); /* ]]> */ </script> </div> </div> </div> <div class="c-widget__wrapper"> <div class="js-sticky-widget"> <p><span class="c-tag c-tag--primary">In the same category</span></p> <div class="o-row o-row--small-gutters"> <div class="o-col-12 c-card__dividers c-card__dividers--hide-first@xs c-card__dividers--show-last@xs"> <article class="c-card c-card--hor-reverse@xs u-items-center"> <a href="https://securelist.com/sidewinder-apt/114089/" class="c-card__figure" style=""> <img width="800" height="450" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/10/11172712/SL-SideWinder-StealerBot-featured-800x450.jpg" class="attachment-securelist-2020-thumbnail size-securelist-2020-thumbnail wp-post-image" alt="" decoding="async" loading="lazy" data-src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/10/11172712/SL-SideWinder-StealerBot-featured-800x450.jpg" data-srcset="" srcset="" /> </a> <div class="c-card__body"> <header class="c-card__header"> <h3 class="c-card__title"><a href="https://securelist.com/sidewinder-apt/114089/" class="c-card__link">Beyond the Surface: the evolution and expansion of the SideWinder APT group</a></h3> </header> </div> </article> </div> <div class="o-col-12 c-card__dividers c-card__dividers--hide-first@xs c-card__dividers--show-last@xs"> <article class="c-card c-card--hor-reverse@xs u-items-center"> <a href="https://securelist.com/blindeagle-apt/113414/" class="c-card__figure" style=""> <img width="800" height="450" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/08/16173535/SL-BlindEagle-featured-800x450.jpg" class="attachment-securelist-2020-thumbnail size-securelist-2020-thumbnail wp-post-image" alt="" decoding="async" loading="lazy" data-src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/08/16173535/SL-BlindEagle-featured-800x450.jpg" data-srcset="" srcset="" /> </a> <div class="c-card__body"> <header class="c-card__header"> <h3 class="c-card__title"><a href="https://securelist.com/blindeagle-apt/113414/" class="c-card__link">BlindEagle flying high in Latin America</a></h3> </header> </div> </article> </div> <div class="o-col-12 c-card__dividers c-card__dividers--hide-first@xs c-card__dividers--show-last@xs"> <article class="c-card c-card--hor-reverse@xs u-items-center"> <a href="https://securelist.com/eastwind-apt-campaign/113345/" class="c-card__figure" style=""> <img width="800" height="450" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/08/14084410/SL-EastWind-targeted-attack-featured-800x450.jpg" class="attachment-securelist-2020-thumbnail size-securelist-2020-thumbnail wp-post-image" alt="" decoding="async" loading="lazy" data-src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/08/14084410/SL-EastWind-targeted-attack-featured-800x450.jpg" data-srcset="" srcset="" /> </a> <div class="c-card__body"> <header class="c-card__header"> <h3 class="c-card__title"><a href="https://securelist.com/eastwind-apt-campaign/113345/" class="c-card__link">EastWind campaign: new CloudSorcerer attacks on government organizations in Russia</a></h3> </header> </div> </article> </div> <div class="o-col-12 c-card__dividers c-card__dividers--hide-first@xs c-card__dividers--show-last@xs"> <article class="c-card c-card--hor-reverse@xs u-items-center"> <a href="https://securelist.com/apt-trends-report-q2-2024/113275/" class="c-card__figure" style=""> <img width="800" height="450" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/08/06073438/apt-report-q2-2024-featured-image-800x450.jpg" class="attachment-securelist-2020-thumbnail size-securelist-2020-thumbnail wp-post-image" alt="" decoding="async" loading="lazy" data-src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/08/06073438/apt-report-q2-2024-featured-image-800x450.jpg" data-srcset="" srcset="" /> </a> <div class="c-card__body"> <header class="c-card__header"> <h3 class="c-card__title"><a href="https://securelist.com/apt-trends-report-q2-2024/113275/" class="c-card__link">APT trends report Q2 2024</a></h3> </header> </div> </article> </div> <div class="o-col-12 c-card__dividers c-card__dividers--hide-first@xs c-card__dividers--show-last@xs"> <article class="c-card c-card--hor-reverse@xs u-items-center"> <a href="https://securelist.com/cloudsorcerer-new-apt-cloud-actor/113056/" class="c-card__figure" style=""> <img width="800" height="450" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/07/03121455/CloudSorcerer-featured-800x450.jpg" class="attachment-securelist-2020-thumbnail size-securelist-2020-thumbnail wp-post-image" alt="" decoding="async" loading="lazy" data-src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/07/03121455/CloudSorcerer-featured-800x450.jpg" data-srcset="" srcset="" /> </a> <div class="c-card__body"> <header class="c-card__header"> <h3 class="c-card__title"><a href="https://securelist.com/cloudsorcerer-new-apt-cloud-actor/113056/" class="c-card__link">CloudSorcerer – A new APT targeting Russian government entities</a></h3> </header> </div> </article> </div> </div> </div> </div> <li id="text-22" class="widget widget_text"> <div class="textwidget"><p><a href="https://www.kaspersky.com/next?icid=gl_KNext_acq_ona_smm__onl_b2b_securelist_ban_sm-team___knext___" target="_blank" rel="noopener"><img decoding="async" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/04/10092337/NEXT_310x420_EN.jpg" width="370" /></a></p> </div> </li> </div> </div> </div> </div> <div class="c-article__progress rpi-progress-bar"> <div class="c-article__progress-bar__position rpi-progress-bar__position"></div> <div class="rpi-progress-bar__percentage"></div> </div> </article> </div> </section> <section class="c-block c-block--spacing-t-small c-block--spacing-b-small@md c-block--divider-internal"> <div class="o-container-fluid"> <h5 class="c-block__title">Latest Posts</h5> <div class="o-row o-row--small-gutters@sm c-card__row c-card__row--fixed-width-down@sm js-slider-posts-mobile"> <div class="o-col-6@sm o-col-3@md"> <article class="c-card c-card--standard@xs"> <a href="https://securelist.com/internet-exposed-gnss-receivers-in-2024/114548/" class="c-card__figure" style=""> <img width="800" height="450" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/11/13080938/SL-satellite-antennae-featured-800x450.jpg" class="attachment-securelist-2020-thumbnail size-securelist-2020-thumbnail wp-post-image" alt="" decoding="async" loading="lazy" data-src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/11/13080938/SL-satellite-antennae-featured-800x450.jpg" data-srcset="" srcset="" /> </a> <div class="c-card__body"> <header class="c-card__header"> <p class="c-card__headline u-hidden u-block@md"> <a href="https://securelist.com/category/research/" class="c-tag c-tag--primary">Research</a> </p> <h3 class="c-card__title"><a href="https://securelist.com/internet-exposed-gnss-receivers-in-2024/114548/" class="c-card__link">Threats in space (or rather, on Earth): internet-exposed GNSS receivers</a></h3> </header> <footer class="c-card__footer"> <div class="c-card__authors"> <ul class="c-list-authors c-list-authors--comma"> <li> <a href="https://securelist.com/author/isabelmanjarrez/" > <span>Isabel Manjarrez</span></a> </li> </ul> </div> </footer> </div> </article> </div> <div class="o-col-6@sm o-col-3@md"> <article class="c-card c-card--standard@xs"> <a href="https://securelist.com/new-ymir-ransomware-found-in-colombia/114493/" class="c-card__figure" style=""> <img width="800" height="450" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/11/11075744/ymir-featured-image-800x450.jpg" class="attachment-securelist-2020-thumbnail size-securelist-2020-thumbnail wp-post-image" alt="" decoding="async" loading="lazy" data-src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/11/11075744/ymir-featured-image-800x450.jpg" data-srcset="" srcset="" /> </a> <div class="c-card__body"> <header class="c-card__header"> <p class="c-card__headline u-hidden u-block@md"> <a href="https://securelist.com/category/malware-descriptions/" class="c-tag c-tag--primary">Malware descriptions</a> </p> <h3 class="c-card__title"><a href="https://securelist.com/new-ymir-ransomware-found-in-colombia/114493/" class="c-card__link">Ymir: new stealthy ransomware in the wild</a></h3> </header> <footer class="c-card__footer"> <div class="c-card__authors"> <ul class="c-list-authors c-list-authors--comma"> <li> <a href="https://securelist.com/author/cristiansouza/" > <span>Cristian Souza</span></a> </li> <li> <a href="https://securelist.com/author/ashleymunoz/" > <span>Ashley Muñoz</span></a> </li> <li> <a href="https://securelist.com/author/eduardoovalle/" > <span>Eduardo Ovalle</span></a> </li> </ul> </div> </footer> </div> </article> </div> <div class="o-col-6@sm o-col-3@md"> <article class="c-card c-card--standard@xs"> <a href="https://securelist.com/cloudcomputating-qsc-framework/114438/" class="c-card__figure" style=""> <img width="800" height="450" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/11/07083007/cloud-computating-featured-image-800x450.jpg" class="attachment-securelist-2020-thumbnail size-securelist-2020-thumbnail wp-post-image" alt="" decoding="async" loading="lazy" data-src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/11/07083007/cloud-computating-featured-image-800x450.jpg" data-srcset="" srcset="" /> </a> <div class="c-card__body"> <header class="c-card__header"> <p class="c-card__headline u-hidden u-block@md"> <a href="https://securelist.com/category/malware-descriptions/" class="c-tag c-tag--primary">Malware descriptions</a> </p> <h3 class="c-card__title"><a href="https://securelist.com/cloudcomputating-qsc-framework/114438/" class="c-card__link">QSC: A multi-plugin framework used by CloudComputating group in cyberespionage campaigns</a></h3> </header> <footer class="c-card__footer"> <div class="c-card__authors"> <ul class="c-list-authors c-list-authors--comma"> <li> <a href="https://securelist.com/author/saurabhsharma/" > <span>Saurabh Sharma</span></a> </li> </ul> </div> </footer> </div> </article> </div> <div class="o-col-6@sm o-col-3@md"> <article class="c-card c-card--standard@xs"> <a href="https://securelist.com/steelfox-trojan-drops-stealer-and-miner/114414/" class="c-card__figure" style=""> <img width="800" height="450" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/11/05093826/steelfox-featured-image-800x450.jpg" class="attachment-securelist-2020-thumbnail size-securelist-2020-thumbnail wp-post-image" alt="" decoding="async" loading="lazy" data-src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/11/05093826/steelfox-featured-image-800x450.jpg" data-srcset="" srcset="" /> </a> <div class="c-card__body"> <header class="c-card__header"> <p class="c-card__headline u-hidden u-block@md"> <a href="https://securelist.com/category/malware-descriptions/" class="c-tag c-tag--primary">Malware descriptions</a> </p> <h3 class="c-card__title"><a href="https://securelist.com/steelfox-trojan-drops-stealer-and-miner/114414/" class="c-card__link">New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency</a></h3> </header> <footer class="c-card__footer"> <div class="c-card__authors"> <ul class="c-list-authors c-list-authors--comma"> <li> <a href="https://securelist.com/author/kirillkorchemny/" > <span>Kirill Korchemny</span></a> </li> </ul> </div> </footer> </div> </article> </div> </div> </div> </section> <section class="c-block c-block--spacing-t-small c-block--spacing-b-small@md c-block--divider-internal" data-element-id="latest-webinars-post-section"> <div class="o-container-fluid"> <h5 class="c-block__title">Latest Webinars</h5> <div class="o-row o-row--small-gutters@sm c-card__row c-card__row--fixed-width-down@sm js-slider-posts-mobile"> <div class="o-col-6@sm o-col-3@md"> <article class="c-card c-card--standard@xs"> <div class="c-card__figure"> <a href="https://securelist.com/webinars/inside-the-dark-web-exploring-the-human-side-of-cybercriminals/" class="c-card__figure-link" data-element-id="latest-webinars-post-image"> <img width="800" height="450" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/09/10125625/cybercriminal-portrait-webinar-800x450.png" class="attachment-securelist-2020-thumbnail size-securelist-2020-thumbnail" alt="" title="" decoding="async" loading="lazy" data-src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/09/10125625/cybercriminal-portrait-webinar-800x450.png" data-srcset="" srcset="" /> </a> </div> <div class="c-card__body"> <header class="c-card__header"> <p class="c-card__headline"> <a href="https://securelist.com/webinar-category/threat-intelligence-and-incident-response/" class="c-tag c-tag--primary c-tag--has-icon" data-element-id="latest-webinars-post-category"><span class="c-tag__icon"><svg class="o-icon o-svg-icon o-svg-larger"><use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-webinar"></use></svg></span>Threat intelligence and IR</a> </p> <div class="u-flex u-justify-between"> <time datetime="2024-09-04T17:00:00+00:00" class="c-card__event-date"> 04 Sep 2024, 5:00pm </time> <span class="c-card__event-date">60 min</span> </div> <h3 class="c-card__title"><a href="https://securelist.com/webinars/inside-the-dark-web-exploring-the-human-side-of-cybercriminals/" class="c-card__link" data-element-id="latest-webinars-post-title">Inside the Dark Web: exploring the human side of cybercriminals</a></h3> </header> <footer class="c-card__footer"> <div class="c-card__authors"> <ul class="c-list-authors c-list-authors--comma"> <li> <a href="https://securelist.com/author/annapavlovskaya/" data-element-id="latest-webinars-post-author"> <span>Anna Pavlovskaya</span></a> </li> </ul> </div> </footer> </div> </article> </div> <div class="o-col-6@sm o-col-3@md"> <article class="c-card c-card--standard@xs"> <div class="c-card__figure"> <a href="https://securelist.com/webinars/the-cybersecurity-buyers-dilemma-hype-vs-true-expertise/" class="c-card__figure-link" data-element-id="latest-webinars-post-image"> <img width="800" height="450" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/08/27144737/expertise-center-webinar-800x450.jpg" class="attachment-securelist-2020-thumbnail size-securelist-2020-thumbnail" alt="" title="" decoding="async" loading="lazy" srcset="" sizes="(max-width: 800px) 100vw, 800px" data-src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/08/27144737/expertise-center-webinar-800x450.jpg" data-srcset="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/08/27144737/expertise-center-webinar-800x450.jpg 800w, https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/08/27144737/expertise-center-webinar-300x168.jpg 300w, https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/08/27144737/expertise-center-webinar-500x280.jpg 500w" /> </a> </div> <div class="c-card__body"> <header class="c-card__header"> <p class="c-card__headline"> <a href="https://securelist.com/webinar-category/technologies-and-services/" class="c-tag c-tag--primary c-tag--has-icon" data-element-id="latest-webinars-post-category"><span class="c-tag__icon"><svg class="o-icon o-svg-icon o-svg-larger"><use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-webinar"></use></svg></span>Technologies and services</a> </p> <div class="u-flex u-justify-between"> <time datetime="2024-08-13T17:00:00+00:00" class="c-card__event-date"> 13 Aug 2024, 5:00pm </time> <span class="c-card__event-date">60 min</span> </div> <h3 class="c-card__title"><a href="https://securelist.com/webinars/the-cybersecurity-buyers-dilemma-hype-vs-true-expertise/" class="c-card__link" data-element-id="latest-webinars-post-title">The Cybersecurity Buyer&#8217;s Dilemma: Hype vs (True) Expertise</a></h3> </header> <footer class="c-card__footer"> <div class="c-card__authors"> <ul class="c-list-authors c-list-authors--comma"> <li> <a href="https://securelist.com/author/oleggorobets/" data-element-id="latest-webinars-post-author"> <span>Oleg Gorobets</span></a> </li> <li> <a href="https://securelist.com/author/alexanderliskin/" data-element-id="latest-webinars-post-author"> <span>Alexander Liskin</span></a> </li> </ul> </div> </footer> </div> </article> </div> <div class="o-col-6@sm o-col-3@md"> <article class="c-card c-card--standard@xs"> <div class="c-card__figure"> <a href="https://securelist.com/webinars/cybersecuritys-human-factor-more-than-an-unpatched-vulnerability/" class="c-card__figure-link" data-element-id="latest-webinars-post-image"> <img width="800" height="450" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/08/27140525/human-factor-webinar-01-800x450.jpg" class="attachment-securelist-2020-thumbnail size-securelist-2020-thumbnail" alt="" title="" decoding="async" loading="lazy" srcset="" sizes="(max-width: 800px) 100vw, 800px" data-src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/08/27140525/human-factor-webinar-01-800x450.jpg" data-srcset="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/08/27140525/human-factor-webinar-01-800x450.jpg 800w, https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/08/27140525/human-factor-webinar-01-300x168.jpg 300w, https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/08/27140525/human-factor-webinar-01-500x280.jpg 500w" /> </a> </div> <div class="c-card__body"> <header class="c-card__header"> <p class="c-card__headline"> <a href="https://securelist.com/webinar-category/cyberthreat-talks/" class="c-tag c-tag--primary c-tag--has-icon" data-element-id="latest-webinars-post-category"><span class="c-tag__icon"><svg class="o-icon o-svg-icon o-svg-larger"><use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-webinar"></use></svg></span>Cyberthreat talks</a> </p> <div class="u-flex u-justify-between"> <time datetime="2024-07-16T17:00:00+00:00" class="c-card__event-date"> 16 Jul 2024, 5:00pm </time> <span class="c-card__event-date">60 min</span> </div> <h3 class="c-card__title"><a href="https://securelist.com/webinars/cybersecuritys-human-factor-more-than-an-unpatched-vulnerability/" class="c-card__link" data-element-id="latest-webinars-post-title">Cybersecurity&#8217;s human factor – more than an unpatched vulnerability</a></h3> </header> <footer class="c-card__footer"> <div class="c-card__authors"> <ul class="c-list-authors c-list-authors--comma"> <li> <a href="https://securelist.com/author/oleggorobets/" data-element-id="latest-webinars-post-author"> <span>Oleg Gorobets</span></a> </li> </ul> </div> </footer> </div> </article> </div> <div class="o-col-6@sm o-col-3@md"> <article class="c-card c-card--standard@xs"> <div class="c-card__figure"> <a href="https://securelist.com/webinars/building-and-prioritizing-detection-engineering-backlogs-with-mitre-attck/" class="c-card__figure-link" data-element-id="latest-webinars-post-image"> <img width="800" height="450" src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/07/09100900/sl-detection_backlog_prioritization-featured-800x450.jpg" class="attachment-securelist-2020-thumbnail size-securelist-2020-thumbnail" alt="" title="" decoding="async" loading="lazy" srcset="" sizes="(max-width: 800px) 100vw, 800px" data-src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/07/09100900/sl-detection_backlog_prioritization-featured-800x450.jpg" data-srcset="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/07/09100900/sl-detection_backlog_prioritization-featured-800x450.jpg 800w, https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/07/09100900/sl-detection_backlog_prioritization-featured-300x168.jpg 300w, https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/07/09100900/sl-detection_backlog_prioritization-featured-500x280.jpg 500w" /> </a> </div> <div class="c-card__body"> <header class="c-card__header"> <p class="c-card__headline"> <a href="https://securelist.com/webinar-category/trainings-and-workshops/" class="c-tag c-tag--primary c-tag--has-icon" data-element-id="latest-webinars-post-category"><span class="c-tag__icon"><svg class="o-icon o-svg-icon o-svg-larger"><use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-webinar"></use></svg></span>Trainings and workshops</a> </p> <div class="u-flex u-justify-between"> <time datetime="2024-07-09T16:00:00+00:00" class="c-card__event-date"> 09 Jul 2024, 4:00pm </time> <span class="c-card__event-date">60 min</span> </div> <h3 class="c-card__title"><a href="https://securelist.com/webinars/building-and-prioritizing-detection-engineering-backlogs-with-mitre-attck/" class="c-card__link" data-element-id="latest-webinars-post-title">Building and prioritizing detection engineering backlogs with MITRE ATT&#038;CK</a></h3> </header> <footer class="c-card__footer"> <div class="c-card__authors"> <ul class="c-list-authors c-list-authors--comma"> <li> <a href="https://securelist.com/author/andreytamoykin/" data-element-id="latest-webinars-post-author"> <span>Andrey Tamoykin</span></a> </li> </ul> </div> </footer> </div> </article> </div> </div> </div> </section> <section data-element-id="footer-reports-section" class="c-block c-block--spacing-t-small c-block--spacing-b-small@md c-block--divider-internal"> <div class="o-container-fluid"> <h5 class="c-block__title">Reports</h5> <div class="o-row o-row--small-gutters"> <div class="o-col-8@sm"> <div class="o-row o-row--small-gutters"> <div class="o-col-6@md"> <article class="c-card c-card--standard@xs"> <div class="c-card__body"> <header class="c-card__header"> <h3 class="c-card__title"><a data-element-id="footer-reports-title" href="https://securelist.com/sidewinder-apt/114089/" class="c-card__link">Beyond the Surface: the evolution and expansion of the SideWinder APT group</a></h3> </header> <div class="c-card__desc"> <p>Kaspersky analyzes SideWinder APT’s recent activity: new targets in the MiddleEast and Africa, post-exploitation tools and techniques.</p> </div> </div> </article> </div> <div class="o-col-6@md c-card__dividers c-card__dividers--hide@md"> <article class="c-card c-card--standard@xs"> <div class="c-card__body"> <header class="c-card__header"> <h3 class="c-card__title"><a data-element-id="footer-reports-title" href="https://securelist.com/blindeagle-apt/113414/" class="c-card__link">BlindEagle flying high in Latin America</a></h3> </header> <div class="c-card__desc u-hidden u-block@md"> <p>Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries.</p> </div> </div> </article> </div> <div class="o-col-6@md c-card__dividers c-card__dividers--hide@md"> <article class="c-card c-card--standard@xs"> <div class="c-card__body"> <header class="c-card__header"> <h3 class="c-card__title"><a data-element-id="footer-reports-title" href="https://securelist.com/eastwind-apt-campaign/113345/" class="c-card__link">EastWind campaign: new CloudSorcerer attacks on government organizations in Russia</a></h3> </header> <div class="c-card__desc u-hidden u-block@md"> <p>Kaspersky has identified a new EastWind campaign targeting Russian organizations and using CloudSorcerer as well as APT31 and APT27 tools.</p> </div> </div> </article> </div> <div class="o-col-6@md c-card__dividers c-card__dividers--hide@md"> <article class="c-card c-card--standard@xs"> <div class="c-card__body"> <header class="c-card__header"> <h3 class="c-card__title"><a data-element-id="footer-reports-title" href="https://securelist.com/apt-trends-report-q2-2024/113275/" class="c-card__link">APT trends report Q2 2024</a></h3> </header> <div class="c-card__desc u-hidden u-block@md"> <p>The report features the most significant developments relating to APT groups in Q2 2024, including the new backdoor in Linux utility XZ, a new RAT called SalmonQT, and hacktivist activity.</p> </div> </div> </article> </div> </div> </div> <div class="o-col-4@sm u-hidden u-block@sm"> <div class="c-image c-image--overflow-down@sm"> <a href="https://www.kaspersky.com/next?icid=gl_KNext_acq_ona_smm__onl_b2b_securelist_ban_sm-team___knext___"><img src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/12/10091839/NEXT_370x500_EN.jpg" /></a> </div> </div> </div> </div> </section> <section class="c-block c-block--spacing-t-small c-block--spacing-b-small@md" data-element-id="footer-subscribe-section"> <div class="o-container-fluid"> <div class="o-row c-block__row u-flex-nowrap@md"> <div class="o-col"> <div class="c-block__header"> <h5 class="c-block__title">Subscribe to our weekly e-mails</h5> <p>The hottest research right in your inbox</p> </div> </div> <div class="o-col u-flex-shrink-0 u-flex-grow"> <div class="c-form--newsletter u-ml-auto"> <div class='gf_browser_gecko gform_wrapper gform_wrapper_original_id_11 gravity-theme subscribe-mc_wrapper' id='gform_wrapper_1600183061' ><div id='gf_1600183061' class='gform_anchor' tabindex='-1'></div><form method='post' enctype='multipart/form-data' target='gform_ajax_frame_1600183061' id='gform_1600183061' class='subscribe-mc' action='/transparent-tribe-part-2/98233/#gf_1600183061' > <div class="gform-content-wrapper"><div class='gform_body gform-body'><div id='gform_fields_1600183061' class='gform_fields top_label form_sublabel_below description_below'><div id="field_11_1" class="gfield gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible" ><label class='gfield_label screen-reader-text' for='input_1600183061_1' >Email<span class="gfield_required"><span class="gfield_required gfield_required_text">(Required)</span></span></label><div class='ginput_container ginput_container_email'> <input name='input_1' id='input_1600183061_1' type='text' value='' class='medium' placeholder='Email' aria-required="true" aria-invalid="false" /> </div></div><div id="field_11_3" class="gfield js-kaspersky-gform-recaptcha-placeholder gform_hidden field_sublabel_below field_description_below gfield_visibility_hidden" ><div class='ginput_container ginput_container_text'><input name='input_3' id='input_1600183061_3' type='hidden' class='gform_hidden' aria-invalid="false" value='' /></div></div><fieldset id="field_11_2" class="gfield input-without-label label-gdpr gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible" ><legend class='gfield_label screen-reader-text gfield_label_before_complex' ><span class="gfield_required"><span class="gfield_required gfield_required_text">(Required)</span></span></legend><div class='ginput_container ginput_container_checkbox'><div class='gfield_checkbox' id='input_1600183061_2'><div class='gchoice gchoice_11_2_1'> <input class='gfield-choice-input' name='input_2.1' type='checkbox' value='I agree' id='choice_1600183061_11_2_1' /> <label for='choice_1600183061_11_2_1' id='label_1600183061_11_2_1'>I agree to provide my email address to “AO Kaspersky Lab” to receive information about new posts on the site. I understand that I can withdraw this consent at any time via e-mail by clicking the “unsubscribe” link that I find at the bottom of any e-mail sent to me for the purposes mentioned above.</label> </div></div></div></fieldset></div></div> <div class='gform_footer top_label'> <button class="gform_button button" type="submit" id='gform_submit_button_1600183061' value="Sign up"> <svg class="o-icon o-svg-icon o-svg-large u-hidden u-inline-block@sm"><use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-envelope"></use></svg> <span class="u-hidden u-inline@sm">Subscribe</span> <span class="u-hidden@sm"><svg class="o-icon o-svg-icon o-svg-right"><use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-arrow"></use></svg></span> </button> <input type='hidden' name='gform_ajax' value='form_id=11&amp;title=&amp;description=&amp;tabindex=0' /> <input type='hidden' class='gform_hidden' name='is_submit_11' value='1' /> <input type='hidden' class='gform_hidden' name='gform_submit' value='11' /> <input type='hidden' class='gform_hidden' name='gform_unique_id' value='' /> <input type='hidden' class='gform_hidden' name='state_11' value='WyJbXSIsImIwODQwZTA2ZGQ0NzYwODcyOTBkZjNmZDM1NDk2Y2ZkIl0=' /> <input type='hidden' class='gform_hidden' name='gform_target_page_number_11' id='gform_target_page_number_1600183061_11' value='0' /> <input type='hidden' class='gform_hidden' name='gform_source_page_number_11' id='gform_source_page_number_1600183061_11' value='1' /> <input type='hidden' name='gform_random_id' value='1600183061' /><input type='hidden' name='gform_field_values' value='securelist_2020_form_location=' /> </div> </div><p style="display: none !important;" class="akismet-fields-container" data-prefix="ak_"><label>&#916;<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label><input type="hidden" id="ak_js_3" name="ak_js" value="186"/><script>document.getElementById( "ak_js_3" ).setAttribute( "value", ( new Date() ).getTime() );</script></p></form> </div> <iframe style='display:none;width:0px;height:0px;' src='about:blank' name='gform_ajax_frame_1600183061' id='gform_ajax_frame_1600183061' title='This iframe contains the logic required to handle Ajax powered Gravity Forms.'></iframe> <script type="text/javascript"> /* <![CDATA[ */ gform.initializeOnLoaded( function() {gformInitSpinner( 1600183061, 'https://securelist.com/wp-content/themes/securelist2020/assets/images/content/ajax-spinner-red.svg' );jQuery('#gform_ajax_frame_1600183061').on('load',function(){var contents = jQuery(this).contents().find('*').html();var is_postback = contents.indexOf('GF_AJAX_POSTBACK') >= 0;if(!is_postback){return;}var form_content = jQuery(this).contents().find('#gform_wrapper_1600183061');var is_confirmation = jQuery(this).contents().find('#gform_confirmation_wrapper_1600183061').length > 0;var is_redirect = contents.indexOf('gformRedirect(){') >= 0;var is_form = form_content.length > 0 && ! is_redirect && ! is_confirmation;var mt = parseInt(jQuery('html').css('margin-top'), 10) + parseInt(jQuery('body').css('margin-top'), 10) + 100;if(is_form){jQuery('#gform_wrapper_1600183061').html(form_content.html());if(form_content.hasClass('gform_validation_error')){jQuery('#gform_wrapper_1600183061').addClass('gform_validation_error');} else {jQuery('#gform_wrapper_1600183061').removeClass('gform_validation_error');}setTimeout( function() { /* delay the scroll by 50 milliseconds to fix a bug in chrome */ jQuery(document).scrollTop(jQuery('#gform_wrapper_1600183061').offset().top - mt); }, 50 );if(window['gformInitDatepicker']) {gformInitDatepicker();}if(window['gformInitPriceFields']) {gformInitPriceFields();}var current_page = jQuery('#gform_source_page_number_1600183061_11').val();gformInitSpinner( 1600183061, 'https://securelist.com/wp-content/themes/securelist2020/assets/images/content/ajax-spinner-red.svg' );jQuery(document).trigger('gform_page_loaded', [1600183061, current_page]);window['gf_submitting_1600183061'] = false;}else if(!is_redirect){var confirmation_content = jQuery(this).contents().find('.GF_AJAX_POSTBACK').html();if(!confirmation_content){confirmation_content = contents;}setTimeout(function(){jQuery('#gform_wrapper_1600183061').replaceWith(confirmation_content);jQuery(document).scrollTop(jQuery('#gf_1600183061').offset().top - mt);jQuery(document).trigger('gform_confirmation_loaded', [1600183061]);window['gf_submitting_1600183061'] = false;wp.a11y.speak(jQuery('#gform_confirmation_message_1600183061').text());}, 50);}else{jQuery('#gform_1600183061').append(contents);if(window['gformRedirect']) {gformRedirect();}}jQuery(document).trigger('gform_post_render', [1600183061, current_page]);} );} ); /* ]]> */ </script> </div> </div> </div> <div class="u-hidden@sm u-mb-spacer-base-"> <div class="c-image c-image--overflow-down@sm"> <a href="https://www.kaspersky.com/next?icid=gl_KNext_acq_ona_smm__onl_b2b_securelist_ban_sm-team___knext___"><img src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/08/28092440/NEXT_banner_1080x1080-740x740.jpg" /></a> </div> </div> </div> </section> </div><!-- /.c-page --> <section class="c-block c-block--spacing-t-small c-block--spacing-t-large@md c-block--spacing-b c-page-footer c-block--bg-image c-color--invert" style="background-image: url(https://securelist.com/wp-content/themes/securelist2020/assets/images/content/bg-gradient-02.jpg);"> <div class="o-container-fluid"> <div data-element-id="footer-content-block" class="c-page-footer__content"> <div class="o-row o-row--reverse"> <div class="o-col-9@md"> <div class="c-page-menu"> <div class="o-row c-page-menu__dividers"> <div class="o-col-4@md"><div class="c-accordion js-accordion c-accordion--reset@md"><p class="menu-item-threats section-title accordion menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-226 c-page-menu__title u-hidden u-block@md"><a href="https://securelist.com/threat-categories/" data-element-id="footer-content-link">Threats</a></p><div class="c-accordion-toggle js-accordion-toggle"><p>Threats</p></div><div class="c-accordion-container js-accordion-container"> <ul class="sub-menu"> <li class="menu-item menu-item-type-taxonomy menu-item-object-threat-category current-post-ancestor current-menu-parent current-post-parent menu-item-99839"><a href="https://securelist.com/threat-category/apt-targeted-attacks/" data-element-id="footer-content-link">APT (Targeted attacks)</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-89457"><a href="https://securelist.com/threat-category/secure-environment/" data-element-id="footer-content-link">Secure environment (IoT)</a></li> <li class="topic-item vulnerabilities menu-item menu-item-type-custom menu-item-object-custom menu-item-63231"><a href="https://securelist.com/threat-category/mobile-threats/" data-element-id="footer-content-link">Mobile threats</a></li> <li class="topic-item detected menu-item menu-item-type-custom menu-item-object-custom menu-item-63229"><a href="https://securelist.com/threat-category/financial-threats/" data-element-id="footer-content-link">Financial threats</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-89458"><a href="https://securelist.com/threat-category/spam-and-phishing/" data-element-id="footer-content-link">Spam and phishing</a></li> <li class="menu-item menu-item-type-taxonomy menu-item-object-threat-category menu-item-99840"><a href="https://securelist.com/threat-category/industrial-threats/" data-element-id="footer-content-link">Industrial threats</a></li> <li class="menu-item menu-item-type-taxonomy menu-item-object-threat-category menu-item-89465"><a href="https://securelist.com/threat-category/web-threats/" data-element-id="footer-content-link">Web threats</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-89459"><a href="https://securelist.com/threat-category/vulnerabilities-and-exploits/" data-element-id="footer-content-link">Vulnerabilities and exploits</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-113855"><a href="https://securelist.com/threat-categories/" data-element-id="footer-content-link">All threats</a></li> </ul> </li> </li></ul></div></div></div><div class="o-col-4@md"><div class="c-accordion js-accordion c-accordion--reset@md"><p class="menu-item-categories section-title accordion menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-230 c-page-menu__title u-hidden u-block@md"><a href="https://securelist.com/categories/" data-element-id="footer-content-link">Categories</a></p><div class="c-accordion-toggle js-accordion-toggle"><p>Categories</p></div><div class="c-accordion-container js-accordion-container"> <ul class="sub-menu"> <li class="menu-item menu-item-type-taxonomy menu-item-object-category current-post-ancestor current-menu-parent current-post-parent menu-item-84158"><a href="https://securelist.com/category/apt-reports/" data-element-id="footer-content-link">APT reports</a></li> <li class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-99841"><a href="https://securelist.com/category/malware-descriptions/" data-element-id="footer-content-link">Malware descriptions</a></li> <li class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-84160"><a href="https://securelist.com/category/kaspersky-security-bulletin/" data-element-id="footer-content-link">Security Bulletin</a></li> <li class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-84161"><a href="https://securelist.com/category/malware-reports/" data-element-id="footer-content-link">Malware reports</a></li> <li class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-89460"><a href="https://securelist.com/category/spam-and-phishing-reports/" data-element-id="footer-content-link">Spam and phishing reports</a></li> <li class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-99842"><a href="https://securelist.com/category/security-technologies/" data-element-id="footer-content-link">Security technologies</a></li> <li class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-84165"><a href="https://securelist.com/category/research/" data-element-id="footer-content-link">Research</a></li> <li class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-84164"><a href="https://securelist.com/category/publications/" data-element-id="footer-content-link">Publications</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-113876"><a href="https://securelist.com/categories/" data-element-id="footer-content-link">All categories</a></li> </ul> </li> </li></ul></div></div></div><div class="o-col-4@md"><p class="menu-item-tags section-title after-accordion menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-277 c-page-menu__title u-hidden u-block@md"><a data-element-id="footer-content-link">Other sections</a></p> <ul class="sub-menu"> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-100526"><a href="https://securelist.com/all/" data-element-id="footer-content-link">Archive</a></li> <li class="show-all-tags menu-item menu-item-type-post_type menu-item-object-page menu-item-57837"><a href="https://securelist.com/tags/" data-element-id="footer-content-link">All tags</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-101956"><a href="https://securelist.com/webinars/" data-element-id="footer-content-link">Webinars</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-101126"><a target="_blank" rel="noopener noreferrer" href="https://apt.securelist.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="footer-content-link">APT Logbook</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-241"><a target="_blank" rel="noopener noreferrer" href="https://statistics.securelist.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="footer-content-link">Statistics</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-86643"><a target="_blank" rel="noopener noreferrer" href="https://encyclopedia.kaspersky.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="footer-content-link">Encyclopedia</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-58141"><a target="_blank" rel="noopener noreferrer" href="https://threats.kaspersky.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f" data-element-id="footer-content-link">Threats descriptions</a></li> <li class="menu-item menu-item-type-post_type menu-item-object-page menu-item-111312"><a href="https://securelist.com/ksb-2023/" data-element-id="footer-content-link">KSB 2023</a></li> </ul> </li> </div> </div> </div> </div> <div class="o-col-3@md"> <div class="c-site-logo c-site-logo--kaspersky"></div> </div> </div> </div> <div data-element-id="footer-menu-block" class="c-page-footer__wrapper"> <div class="c-page-footer__info"> <p>© 2024 AO Kaspersky Lab. All Rights Reserved.<br /> Registered trademarks and service marks are the property of their respective owners.</p> </div> <div class="c-page-footer__links"> <ul> <li><a data-element-id="footer-menu-link" href="https://www.kaspersky.com/web-privacy-policy?icid=gl_seclistfooter_acq_ona_smm__onl_b2b_securelist_footer_sm-team_______11d7a8212d94123d">Privacy Policy</a></li> <li><a data-element-id="footer-menu-link" href="https://www.kaspersky.com/end-user-license-agreement?icid=gl_seclistfooter_acq_ona_smm__onl_b2b_securelist_footer_sm-team_______11d7a8212d94123d">License Agreement</a></li> <li><a data-element-id="footer-menu-link" href="javascript: void(0);" onclick="javascript: Cookiebot.renew()">Cookies</a></li> </ul> </div> </div> </div> </section> <div id="modal-newsletter" class="c-modal__wrapper c-modal__wrapper--sm mfp-hide"> <div class="c-modal"> <a href="#" class="c-modal-close js-modal-close"></a> <div class="c-modal__main"> <div class="c-block c-block--spacing-t-small c-block--spacing-b-small"> <div class="o-container-fluid"> <div class="c-block__header"> <h5 class="c-title--small">Subscribe to our weekly e-mails</h5> <p>The hottest research right in your inbox</p> </div> <div class="c-form--float-labels js-float-labels"> <div class='gf_browser_gecko gform_wrapper gform_wrapper_original_id_11 gravity-theme subscribe-mc_wrapper' id='gform_wrapper_1577007840' ><div id='gf_1577007840' class='gform_anchor' tabindex='-1'></div><form method='post' enctype='multipart/form-data' target='gform_ajax_frame_1577007840' id='gform_1577007840' class='subscribe-mc' action='/transparent-tribe-part-2/98233/#gf_1577007840' > <div class="gform-content-wrapper"><div class='gform_body gform-body'><div id='gform_fields_1577007840' class='gform_fields top_label form_sublabel_below description_below'><div id="field_11_1" class="gfield gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible" ><label class='gfield_label screen-reader-text' for='input_1577007840_1' >Email<span class="gfield_required"><span class="gfield_required gfield_required_text">(Required)</span></span></label><div class='ginput_container ginput_container_email'> <input name='input_1' id='input_1577007840_1' type='text' value='' class='medium' placeholder='Email' aria-required="true" aria-invalid="false" /> </div></div><div id="field_11_3" class="gfield js-kaspersky-gform-recaptcha-placeholder gform_hidden field_sublabel_below field_description_below gfield_visibility_hidden" ><div class='ginput_container ginput_container_text'><input name='input_3' id='input_1577007840_3' type='hidden' class='gform_hidden' aria-invalid="false" value='' /></div></div><fieldset id="field_11_2" class="gfield input-without-label label-gdpr gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible" ><legend class='gfield_label screen-reader-text gfield_label_before_complex' ><span class="gfield_required"><span class="gfield_required gfield_required_text">(Required)</span></span></legend><div class='ginput_container ginput_container_checkbox'><div class='gfield_checkbox' id='input_1577007840_2'><div class='gchoice gchoice_11_2_1'> <input class='gfield-choice-input' name='input_2.1' type='checkbox' value='I agree' id='choice_1577007840_11_2_1' /> <label for='choice_1577007840_11_2_1' id='label_1577007840_11_2_1'>I agree to provide my email address to “AO Kaspersky Lab” to receive information about new posts on the site. I understand that I can withdraw this consent at any time via e-mail by clicking the “unsubscribe” link that I find at the bottom of any e-mail sent to me for the purposes mentioned above.</label> </div></div></div></fieldset></div></div> <div class='gform_footer top_label'> <button type="submit" class="gform_button button" id='gform_submit_button_1577007840' value="Sign up"> <svg class="o-icon o-svg-icon o-svg-large"><use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://securelist.com/wp-content/themes/securelist2020/assets/sprite/icons.svg#icon-envelope"></use></svg> <span>Subscribe</span> </button> <input type='hidden' name='gform_ajax' value='form_id=11&amp;title=&amp;description=&amp;tabindex=0' /> <input type='hidden' class='gform_hidden' name='is_submit_11' value='1' /> <input type='hidden' class='gform_hidden' name='gform_submit' value='11' /> <input type='hidden' class='gform_hidden' name='gform_unique_id' value='' /> <input type='hidden' class='gform_hidden' name='state_11' value='WyJbXSIsImIwODQwZTA2ZGQ0NzYwODcyOTBkZjNmZDM1NDk2Y2ZkIl0=' /> <input type='hidden' class='gform_hidden' name='gform_target_page_number_11' id='gform_target_page_number_1577007840_11' value='0' /> <input type='hidden' class='gform_hidden' name='gform_source_page_number_11' id='gform_source_page_number_1577007840_11' value='1' /> <input type='hidden' name='gform_random_id' value='1577007840' /><input type='hidden' name='gform_field_values' value='securelist_2020_form_location=sidebar' /> </div> </div><p style="display: none !important;" class="akismet-fields-container" data-prefix="ak_"><label>&#916;<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label><input type="hidden" id="ak_js_4" name="ak_js" value="164"/><script>document.getElementById( "ak_js_4" ).setAttribute( "value", ( new Date() ).getTime() );</script></p></form> </div> <iframe style='display:none;width:0px;height:0px;' src='about:blank' name='gform_ajax_frame_1577007840' id='gform_ajax_frame_1577007840' title='This iframe contains the logic required to handle Ajax powered Gravity Forms.'></iframe> <script type="text/javascript"> /* <![CDATA[ */ gform.initializeOnLoaded( function() {gformInitSpinner( 1577007840, 'https://securelist.com/wp-content/themes/securelist2020/assets/images/content/ajax-spinner-red.svg' );jQuery('#gform_ajax_frame_1577007840').on('load',function(){var contents = jQuery(this).contents().find('*').html();var is_postback = contents.indexOf('GF_AJAX_POSTBACK') >= 0;if(!is_postback){return;}var form_content = jQuery(this).contents().find('#gform_wrapper_1577007840');var is_confirmation = jQuery(this).contents().find('#gform_confirmation_wrapper_1577007840').length > 0;var is_redirect = contents.indexOf('gformRedirect(){') >= 0;var is_form = form_content.length > 0 && ! is_redirect && ! is_confirmation;var mt = parseInt(jQuery('html').css('margin-top'), 10) + parseInt(jQuery('body').css('margin-top'), 10) + 100;if(is_form){jQuery('#gform_wrapper_1577007840').html(form_content.html());if(form_content.hasClass('gform_validation_error')){jQuery('#gform_wrapper_1577007840').addClass('gform_validation_error');} else {jQuery('#gform_wrapper_1577007840').removeClass('gform_validation_error');}setTimeout( function() { /* delay the scroll by 50 milliseconds to fix a bug in chrome */ jQuery(document).scrollTop(jQuery('#gform_wrapper_1577007840').offset().top - mt); }, 50 );if(window['gformInitDatepicker']) {gformInitDatepicker();}if(window['gformInitPriceFields']) {gformInitPriceFields();}var current_page = jQuery('#gform_source_page_number_1577007840_11').val();gformInitSpinner( 1577007840, 'https://securelist.com/wp-content/themes/securelist2020/assets/images/content/ajax-spinner-red.svg' );jQuery(document).trigger('gform_page_loaded', [1577007840, current_page]);window['gf_submitting_1577007840'] = false;}else if(!is_redirect){var confirmation_content = jQuery(this).contents().find('.GF_AJAX_POSTBACK').html();if(!confirmation_content){confirmation_content = contents;}setTimeout(function(){jQuery('#gform_wrapper_1577007840').replaceWith(confirmation_content);jQuery(document).scrollTop(jQuery('#gf_1577007840').offset().top - mt);jQuery(document).trigger('gform_confirmation_loaded', [1577007840]);window['gf_submitting_1577007840'] = false;wp.a11y.speak(jQuery('#gform_confirmation_message_1577007840').text());}, 50);}else{jQuery('#gform_1577007840').append(contents);if(window['gformRedirect']) {gformRedirect();}}jQuery(document).trigger('gform_post_render', [1577007840, current_page]);} );} ); /* ]]> */ </script> </div> </div> </div> </div><!-- /.c-modal__main --> </div><!-- /.c-modal --> </div><!-- /.c-modal__wrapper --> <script type="text/javascript"> if ( typeof _recaptcha_wordpress_savedcomment != 'undefined') { document.getElementById('comment').value = _recaptcha_wordpress_savedcomment; } </script><script type="text/javascript" src="https://kasperskycontenthub.com/securelist/wp-content/plugins/kaspersky-embeds/js/scripts.js?ver=1.0" id="kspr_embeds-js"></script> <script type="text/javascript" src="https://www.google.com/recaptcha/api.js?render=explicit&amp;ver=202124050927" id="kaspersky-dynamic-gravity-forms-google-recaptcha-js"></script> <script type="text/javascript" id="kaspersky-omniture-js-extra"> /* <![CDATA[ */ var kaspersky = {"pageName":"Kaspersky Securelist","pageType":"blog","platformName":"Micro Site","businessType":"b2c","siteLocale":"en-GLOBAL"}; /* ]]> */ </script> <script type="text/javascript" src="//media.kaspersky.com/tracking/omniture/s_code_single_suite.js?ver=6.5.5" id="kaspersky-omniture-js"></script> <script type="text/javascript" id="crayon_js-js-extra"> /* <![CDATA[ */ var CrayonSyntaxSettings = {"version":"_2.7.2_beta","is_admin":"0","ajaxurl":"https:\/\/securelist.com\/wp-admin\/admin-ajax.php","prefix":"crayon-","setting":"crayon-setting","selected":"crayon-setting-selected","changed":"crayon-setting-changed","special":"crayon-setting-special","orig_value":"data-orig-value","debug":""}; var CrayonSyntaxStrings = {"copy":"Press %s to Copy, %s to Paste","minimize":"Click To Expand Code"}; /* ]]> */ </script> <script type="text/javascript" id="kaspersky-dynamic-gravity-forms-main-js-extra"> /* <![CDATA[ */ var kasperskyDynamicaReCaptchaData = {"ajaxUrl":"https:\/\/securelist.com\/wp-admin\/admin-ajax.php"}; /* ]]> */ </script> <script type="text/javascript" id="wp-autosearch-script-js-extra"> /* <![CDATA[ */ var wp_autosearch_config = {"autocomplete_taxonomies":{"0":"category"},"split_results_by_type":"true","search_title":"true","search_content":"false","search_terms":"false","search_exactonly":"true","order_by":"title","order":"DESC","search_comments":"false","search_tags":"false","no_of_results":"5","description_limit":"100","title_limit":"50","excluded_ids":{},"excluded_cats":{"0":0},"full_search_url":"https:\/\/kasperskycontenthub.com\/securelist\/?s=%q%","min_chars":"3","ajax_delay":"200","cache_length":"200","autocomplete_sortorder":"posts","thumb_image_display":"false","thumb_image_width":"50","thumb_image_height":"50","get_first_image":"true","force_resize_first_image":"true","thumb_image_crop":"true","default_image":"https:\/\/kasperskycontenthub.com\/securelist\/wp-content\/plugins\/wp-autosearch\/assert\/image\/default.png","search_image":"","display_more_bar":"false","display_result_title":"false","enable_token":"true","custom_css":"","custom_js":"","try_full_search_text":"Search more...","no_results_try_full_search_text":"No Results!","show_author":"false","show_date":"false","description_result":"false","color":{"results_even_bar":"E8E8E8","results_odd_bar":"FFFFFF","results_even_text":"000000","results_odd_text":"000000","results_hover_bar":"5CCCB2","results_hover_text":"FFFFFF","seperator_bar":"2D8DA0","seperator_hover_bar":"6A81A0","seperator_text":"FFFFFF","seperator_hover_text":"FFFFFF","more_bar":"5286A0","more_hover_bar":"4682A0","more_text":"FFFFFF","more_hover_text":"FFFFFF","box_border":"57C297","box_background":"FFFFFF","box_text":"000000"},"title":{"page":"Pages","post":"Posts","webinars":"Webinars"},"post_types":{"0":"page","1":"post","2":"webinars"},"nonce":"92725ed6a8","ajax_url":"https:\/\/securelist.com\/wp-admin\/admin-ajax.php"}; /* ]]> */ </script> <script type="text/javascript" id="securelist-script-js-extra"> /* <![CDATA[ */ var securelist2020Data = {"ajaxUrl":"https:\/\/securelist.com\/wp-admin\/admin-ajax.php","loading":"Loading...","marketoBaseURL":"","marketoVirtualForm":"27241","munchkinID":"802-IJN-240","reCaptcha_key":"6Lf2eUQUAAAAAC-GQSZ6R2pjePmmD6oA6F_3AV7j"}; /* ]]> */ </script> <script type='text/javascript' src='//assets.kasperskycontenthub.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/crayon-syntax-highlighter/js/min/crayon.min.js,wp-content/plugins/kaspersky-gravity-forms-dynamic-recaptcha/assets/js/main.js,wp-content/plugins/kaspersky-lazy-load/assets/js/main.js,wp-content/plugins/kaspersky-wp-autosearch/assert/js/migrate.js,wp-content/plugins/kaspersky-wp-autosearch/assert/js/autocomplete.js,wp-content/plugins/kaspersky-wp-autosearch/assert/js/ajax-script.js,wp-content/plugins/wds-no-login-autocomplete/js/script.js,wp-content/themes/securelist2020/assets/js/main.js,wp-includes/js/comment-reply.min.js,wp-content/plugins/akismet/_inc/akismet-frontend.js'></script> <script type='text/javascript' src='//assets.kasperskycontenthub.com/wp-content/plugins/bwp-minify/min/?f=wp-includes/js/dist/vendor/wp-polyfill-inert.min.js,wp-includes/js/dist/vendor/regenerator-runtime.min.js,wp-includes/js/dist/vendor/wp-polyfill.min.js,wp-includes/js/dist/dom-ready.min.js,wp-includes/js/dist/hooks.min.js,wp-includes/js/dist/i18n.min.js,wp-includes/js/dist/a11y.min.js'></script> <script type="text/javascript" defer='defer' src="https://securelist.com/wp-content/plugins/gravityforms/js/jquery.json.min.js?ver=2.5.16.3" id="gform_json-js"></script> <script type="text/javascript" id="gform_gravityforms-js-extra"> /* <![CDATA[ */ var gform_i18n = {"datepicker":{"days":{"monday":"Mon","tuesday":"Tue","wednesday":"Wed","thursday":"Thu","friday":"Fri","saturday":"Sat","sunday":"Sun"},"months":{"january":"January","february":"February","march":"March","april":"April","may":"May","june":"June","july":"July","august":"August","september":"September","october":"October","november":"November","december":"December"},"firstDay":1,"iconText":"Select date"}}; var gf_global = {"gf_currency_config":{"name":"U.S. Dollar","symbol_left":"$","symbol_right":"","symbol_padding":"","thousand_separator":",","decimal_separator":".","decimals":2,"code":"USD"},"base_url":"https:\/\/securelist.com\/wp-content\/plugins\/gravityforms","number_formats":[],"spinnerUrl":"https:\/\/securelist.com\/wp-content\/plugins\/gravityforms\/images\/spinner.svg","strings":{"newRowAdded":"New row added.","rowRemoved":"Row removed","formSaved":"The form has been saved. The content contains the link to return and complete the form."}}; var gf_legacy_multi = {"11":""}; var gf_global = {"gf_currency_config":{"name":"U.S. Dollar","symbol_left":"$","symbol_right":"","symbol_padding":"","thousand_separator":",","decimal_separator":".","decimals":2,"code":"USD"},"base_url":"https:\/\/securelist.com\/wp-content\/plugins\/gravityforms","number_formats":[],"spinnerUrl":"https:\/\/securelist.com\/wp-content\/plugins\/gravityforms\/images\/spinner.svg","strings":{"newRowAdded":"New row added.","rowRemoved":"Row removed","formSaved":"The form has been saved. The content contains the link to return and complete the form."}}; var gf_legacy_multi = {"11":""}; var gf_global = {"gf_currency_config":{"name":"U.S. Dollar","symbol_left":"$","symbol_right":"","symbol_padding":"","thousand_separator":",","decimal_separator":".","decimals":2,"code":"USD"},"base_url":"https:\/\/securelist.com\/wp-content\/plugins\/gravityforms","number_formats":[],"spinnerUrl":"https:\/\/securelist.com\/wp-content\/plugins\/gravityforms\/images\/spinner.svg","strings":{"newRowAdded":"New row added.","rowRemoved":"Row removed","formSaved":"The form has been saved. The content contains the link to return and complete the form."}}; var gf_legacy_multi = {"11":""}; /* ]]> */ </script> <script type="text/javascript" defer='defer' src="https://securelist.com/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.5.16.3" id="gform_gravityforms-js"></script> <script type="text/javascript" defer='defer' src="https://securelist.com/wp-content/plugins/gravityforms/js/placeholders.jquery.min.js?ver=2.5.16.3" id="gform_placeholder-js"></script> <script type="text/javascript"> /* <![CDATA[ */ gform.initializeOnLoaded( function() { jQuery(document).on('gform_post_render', function(event, formId, currentPage){if(formId == 11) {if(typeof Placeholders != 'undefined'){ Placeholders.enable(); }} } );jQuery(document).bind('gform_post_conditional_logic', function(event, formId, fields, isInit){} ) } ); /* ]]> */ </script> <script type="text/javascript"> /* <![CDATA[ */ gform.initializeOnLoaded( function() { jQuery(document).trigger('gform_post_render', [11, 1]) } ); /* ]]> */ </script> </body> </html>