CINXE.COM

<!doctype html> <html lang="en-US" class="no-touch js "> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1">  <meta name="blogsPostDate" content="2014-10-14 09:08:28"/><meta name="blogsPostTags" content="apt,cisco-talos,malware,operation-smn,security,smn,talos,threats"/><meta name="blogsPostCat" content="Threat Research"/><meta name="article:category" content="Threat Research"/> <meta name="wordCount" content="842" /> <meta name="readTime" content="202" />  <script type='text/javascript' src="//www.cisco.com/etc/designs/cdc/clientlibs/responsive/js/web-component-foundation.min.js"></script> <script> /** * Invokes appropriate private methods based on input parameters based on needs of web component architecture * @param {Array} wcAssets array of strings that correlate to the names of web components or array of objects containing asset name and corresponding locale/path * @param {String} localePath specifies where web component should be retrieved from (expected format: en/us or en_au for all other locales); false if wcAssets, is array of objects * @param {Boolean} isWem [Optional] specifies if assets are being loaded on a WEM environment * @param {Boolean} needTargetter [Optional] specifies need for targetter bundle to be loaded (generally needed on external sites) * @param {Boolean} isRelative [Optional] specifies if asset path(s) should be relative * @param {String} env [Optional] specifies enviornment to append to relative path (should not be used with isRelative) * @param {Boolean} hasEnvOverride [Optional] specifies if environment needs to be overridden (should be used with env) */ cdc.wcAncillaryAssetAllocator.init(['cdc-template-blogs'], 'en/us', false, true, false, 'prod'); if (window.cdc === undefined) { window.cdc = {}; } if (cdc.cdcMasthead === undefined) { cdc.cdcMasthead = {}; } if (cdc.cdcMasthead.additional === undefined) { cdc.cdcMasthead.additional = {}; } cdc.cdcMasthead.additional.env = 'prod'; </script> <script type="text/javascript"> if ( typeof cdc === "undefined")cdc = {}; if ( typeof cdc.util === "undefined")cdc.util = {}; cdc.util.ensureNamespace = function (namespaceStr) { if (!namespaceStr) { return; var parts = namespaceStr.split("."); var o = window; var i; var aPart; for (i = 0; i < parts.length; i++) aPart = parts[i]; if (typeof (o[aPart]) != "object"){ o[aPart] = {}; } o = o[aPart]; } }; cdc.dm = {}; cdc.dm.util = {}; cdc.dm.util.ensureNamespace = cdc.util.ensureNamespace; </script> <meta name="author" content="" /><meta name="blogsPostAuthor" content="" /><meta name='robots' content='index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1' /> <script type="text/javascript" src="//www.cisco.com/c/dam/cdc/t/ctm-core.js"></script>  <title>Threat Spotlight: Group 72 - Cisco Blogs</title> <meta name="description" content="This post is co-authored by Joel Esler, Martin Lee and Craig Williams Everyone has certain characteristics that can be recognised. This may be a way of" /> <link rel="canonical" href="https://blogs.cisco.com/security/talos/threat-spotlight-group-72" /> <meta property="og:locale" content="en_US" /> <meta property="og:type" content="article" /> <meta property="og:title" content="Threat Spotlight: Group 72" /> <meta property="og:description" content="This post is co-authored by Joel Esler, Martin Lee and Craig Williams Everyone has certain characteristics that can be recognised. This may be a way of" /> <meta property="og:url" content="https://blogs.cisco.com/security/talos/threat-spotlight-group-72" /> <meta property="og:site_name" content="Cisco Blogs" /> <meta property="article:published_time" content="2014-10-14T16:08:28+00:00" /> <meta property="article:modified_time" content="2021-02-26T22:21:59+00:00" /> <meta property="og:image" content="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2020/03/67b8201b-cisco-brand-logo-white-gradient-background-770x533-1-2.jpg" /> <meta property="og:image:width" content="770" /> <meta property="og:image:height" content="533" /> <meta property="og:image:type" content="image/jpeg" /> <meta name="author" content="Talos Group" /> <meta name="twitter:card" content="summary_large_image" /> <meta name="twitter:label1" content="Written by" /> <meta name="twitter:data1" content="Talos Group" /> <meta name="twitter:label2" content="Est. reading time" /> <meta name="twitter:data2" content="4 minutes" /> <script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"Article","@id":"https://blogs.cisco.com/security/talos/threat-spotlight-group-72#article","isPartOf":{"@id":"https://blogs.cisco.com/security/talos/threat-spotlight-group-72"},"author":{"name":"Talos Group","@id":"https://blogs.cisco.com/#/schema/person/4323e884111191651f7ec5acfd35bc50"},"headline":"Threat Spotlight: Group 72","datePublished":"2014-10-14T16:08:28+00:00","dateModified":"2021-02-26T22:21:59+00:00","mainEntityOfPage":{"@id":"https://blogs.cisco.com/security/talos/threat-spotlight-group-72"},"wordCount":856,"publisher":{"@id":"https://blogs.cisco.com/#organization"},"image":{"@id":"https://blogs.cisco.com/security/talos/threat-spotlight-group-72#primaryimage"},"thumbnailUrl":"https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2023/09/Cisco_Logo_Indigo_no_TM.png","keywords":["APT","Cisco Talos","malware","Operation SMN","Security","SMN","Talos","threats"],"articleSection":["Threat Research"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https://blogs.cisco.com/security/talos/threat-spotlight-group-72","url":"https://blogs.cisco.com/security/talos/threat-spotlight-group-72","name":"Threat Spotlight: Group 72 - Cisco Blogs","isPartOf":{"@id":"https://blogs.cisco.com/#website"},"primaryImageOfPage":{"@id":"https://blogs.cisco.com/security/talos/threat-spotlight-group-72#primaryimage"},"image":{"@id":"https://blogs.cisco.com/security/talos/threat-spotlight-group-72#primaryimage"},"thumbnailUrl":"https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2023/09/Cisco_Logo_Indigo_no_TM.png","datePublished":"2014-10-14T16:08:28+00:00","dateModified":"2021-02-26T22:21:59+00:00","description":"This post is co-authored by Joel Esler, Martin Lee and Craig Williams Everyone has certain characteristics that can be recognised. This may be a way of","breadcrumb":{"@id":"https://blogs.cisco.com/security/talos/threat-spotlight-group-72#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https://blogs.cisco.com/security/talos/threat-spotlight-group-72"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https://blogs.cisco.com/security/talos/threat-spotlight-group-72#primaryimage","url":"https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2023/09/Cisco_Logo_Indigo_no_TM.png","contentUrl":"https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2023/09/Cisco_Logo_Indigo_no_TM.png","width":1919,"height":935},{"@type":"BreadcrumbList","@id":"https://blogs.cisco.com/security/talos/threat-spotlight-group-72#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Cisco Blogs","item":"https://blogs.cisco.com/"},{"@type":"ListItem","position":2,"name":"Security","item":"https://blogs.cisco.com/security"},{"@type":"ListItem","position":3,"name":"Threat Spotlight: Group 72"}]},{"@type":"WebSite","@id":"https://blogs.cisco.com/#website","url":"https://blogs.cisco.com/","name":"Cisco Blogs","description":"","publisher":{"@id":"https://blogs.cisco.com/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https://blogs.cisco.com/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https://blogs.cisco.com/#organization","name":"Cisco Systems","url":"https://blogs.cisco.com/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https://blogs.cisco.com/#/schema/logo/image/","url":"https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2020/10/Cisco_Logo_no_TM_Sky_Blue-RGB.png","contentUrl":"https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2020/10/Cisco_Logo_no_TM_Sky_Blue-RGB.png","width":912,"height":482,"caption":"Cisco Systems"},"image":{"@id":"https://blogs.cisco.com/#/schema/logo/image/"}},{"@type":"Person","@id":"https://blogs.cisco.com/#/schema/person/4323e884111191651f7ec5acfd35bc50","name":"Talos Group","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https://blogs.cisco.com/#/schema/person/image/","url":"https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/07/1519565080-bpfull.jpg","contentUrl":"https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/07/1519565080-bpfull.jpg","caption":"Talos Group"},"description":"The Talos Security Intelligence and Research Group (Talos) is made up of leading threat researchers supported by sophisticated systems to create threat intelligence for Cisco products that detects, analyzes and protects against both known and emerging threats. Talos maintains the official rule sets of Snort.org, ClamAV, SenderBase.org and SpamCop. This blog profile is managed by multiple authors with expertise that spans software development, reverse engineering, vulnerability triage, malware investigation and intelligence gathering. Talos is the primary team that contributes threat information to the Cisco Collective Security Intelligence (CSI) ecosystem. Cisco CSI is shared across multiple security solutions and provides industry-leading security protections and efficacy. In addition to threat researchers, CSI is driven by intelligence infrastructure, product and service telemetry, public and private feeds and the open source community.","url":"https://blogs.cisco.com/author/talos"}]}</script>  <link rel='dns-prefetch' href='//www.cisco.com' /> <link rel='dns-prefetch' href='//s.w.org' /> <link rel="alternate" type="application/rss+xml" title="Cisco Blogs » Feed" href="https://blogs.cisco.com/feed" /> <link rel="alternate" type="application/rss+xml" title="Cisco Blogs » Comments Feed" href="https://blogs.cisco.com/comments/feed" /> <link rel="alternate" type="application/rss+xml" title="Cisco Blogs » Threat Spotlight: Group 72 Comments Feed" href="https://blogs.cisco.com/security/talos/threat-spotlight-group-72/feed" /> <script type="text/javascript"> window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/13.1.0\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/13.1.0\/svg\/","svgExt":".svg","source":{"concatemoji":"https:\/\/blogs.cisco.com\/wp-includes\/js\/wp-emoji-release.min.js?ver=5.9.2"}}; /*! This file is auto-generated */ !function(e,a,t){var n,r,o,i=a.createElement("canvas"),p=i.getContext&&i.getContext("2d");function s(e,t){var a=String.fromCharCode;p.clearRect(0,0,i.width,i.height),p.fillText(a.apply(this,e),0,0);e=i.toDataURL();return p.clearRect(0,0,i.width,i.height),p.fillText(a.apply(this,t),0,0),e===i.toDataURL()}function c(e){var t=a.createElement("script");t.src=e,t.defer=t.type="text/javascript",a.getElementsByTagName("head")[0].appendChild(t)}for(o=Array("flag","emoji"),t.supports={everything:!0,everythingExceptFlag:!0},r=0;r<o.length;r++)t.supports[o[r]]=function(e){if(!p||!p.fillText)return!1;switch(p.textBaseline="top",p.font="600 32px Arial",e){case"flag":return s([127987,65039,8205,9895,65039],[127987,65039,8203,9895,65039])?!1:!s([55356,56826,55356,56819],[55356,56826,8203,55356,56819])&&!s([55356,57332,56128,56423,56128,56418,56128,56421,56128,56430,56128,56423,56128,56447],[55356,57332,8203,56128,56423,8203,56128,56418,8203,56128,56421,8203,56128,56430,8203,56128,56423,8203,56128,56447]);case"emoji":return!s([10084,65039,8205,55357,56613],[10084,65039,8203,55357,56613])}return!1}(o[r]),t.supports.everything=t.supports.everything&&t.supports[o[r]],"flag"!==o[r]&&(t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&t.supports[o[r]]);t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&!t.supports.flag,t.DOMReady=!1,t.readyCallback=function(){t.DOMReady=!0},t.supports.everything||(n=function(){t.readyCallback()},a.addEventListener?(a.addEventListener("DOMContentLoaded",n,!1),e.addEventListener("load",n,!1)):(e.attachEvent("onload",n),a.attachEvent("onreadystatechange",function(){"complete"===a.readyState&&t.readyCallback()})),(n=t.source||{}).concatemoji?c(n.concatemoji):n.wpemoji&&n.twemoji&&(c(n.twemoji),c(n.wpemoji)))}(window,document,window._wpemojiSettings); </script> <style type="text/css"> img.wp-smiley, img.emoji { display: inline !important; border: none !important; box-shadow: none !important; height: 1em !important; width: 1em !important; margin: 0 0.07em !important; vertical-align: -0.1em !important; background: none !important; padding: 0 !important; } </style> <link rel='stylesheet' id='wp-block-library-css' href='https://blogs.cisco.com/wp-includes/css/dist/block-library/style.min.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='wp-components-css' href='https://blogs.cisco.com/wp-includes/css/dist/components/style.min.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='wp-block-editor-css' href='https://blogs.cisco.com/wp-includes/css/dist/block-editor/style.min.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='wp-nux-css' href='https://blogs.cisco.com/wp-includes/css/dist/nux/style.min.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='wp-reusable-blocks-css' href='https://blogs.cisco.com/wp-includes/css/dist/reusable-blocks/style.min.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='wp-editor-css' href='https://blogs.cisco.com/wp-includes/css/dist/editor/style.min.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='mux_video_block_style-css' href='https://blogs.cisco.com/wp-content/plugins/ilab-media-tools/public/blocks/mediacloud-mux.blocks.style.css' type='text/css' media='all' /> <style id='global-styles-inline-css' type='text/css'> body{--wp--preset--color--black: #000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--color--cisco-midnight-blue: #0d274d;--wp--preset--color--cisco-ocean-blue: #1e4471;--wp--preset--color--cisco-sky-blue: #00bceb;--wp--preset--color--cisco-green: #6abf4b;--wp--preset--color--cisco-orange: #fbab18;--wp--preset--color--cisco-red: #e2231a;--wp--preset--color--dark-gray: #495057;--wp--preset--color--medium-gray: #9e9ea2;--wp--preset--color--light-gray: #ced4da;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradient(135deg,rgba(252,185,0,1) 0%,rgba(255,105,0,1) 100%);--wp--preset--gradient--luminous-vivid-orange-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-warm-spectrum: linear-gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--wp--preset--gradient--luminous-dusk: linear-gradient(135deg,rgb(255,203,112) 0%,rgb(199,81,192) 50%,rgb(65,88,208) 100%);--wp--preset--gradient--pale-ocean: linear-gradient(135deg,rgb(255,245,203) 0%,rgb(182,227,212) 50%,rgb(51,167,181) 100%);--wp--preset--gradient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--duotone--dark-grayscale: url('#wp-duotone-dark-grayscale');--wp--preset--duotone--grayscale: url('#wp-duotone-grayscale');--wp--preset--duotone--purple-yellow: url('#wp-duotone-purple-yellow');--wp--preset--duotone--blue-red: url('#wp-duotone-blue-red');--wp--preset--duotone--midnight: url('#wp-duotone-midnight');--wp--preset--duotone--magenta-yellow: url('#wp-duotone-magenta-yellow');--wp--preset--duotone--purple-green: url('#wp-duotone-purple-green');--wp--preset--duotone--blue-orange: url('#wp-duotone-blue-orange');--wp--preset--font-size--small: 13px;--wp--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;}.has-black-color{color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-color{color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-color{color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-color{color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-color{color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-color{color: var(--wp--preset--color--vivid-purple) !important;}.has-black-background-color{background-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-background-color{background-color: var(--wp--preset--color--white) !important;}.has-pale-pink-background-color{background-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-background-color{background-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-background-color{background-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-background-color{background-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-background-color{background-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-background-color{background-color: var(--wp--preset--color--vivid-purple) !important;}.has-black-border-color{border-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-border-color{border-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-border-color{border-color: var(--wp--preset--color--white) !important;}.has-pale-pink-border-color{border-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-border-color{border-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-border-color{border-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-border-color{border-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-border-color{border-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-border-color{border-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-border-color{border-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-border-color{border-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-border-color{border-color: var(--wp--preset--color--vivid-purple) !important;}.has-vivid-cyan-blue-to-vivid-purple-gradient-background{background: var(--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple) !important;}.has-light-green-cyan-to-vivid-green-cyan-gradient-background{background: var(--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan) !important;}.has-luminous-vivid-amber-to-luminous-vivid-orange-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange) !important;}.has-luminous-vivid-orange-to-vivid-red-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-orange-to-vivid-red) !important;}.has-very-light-gray-to-cyan-bluish-gray-gradient-background{background: var(--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray) !important;}.has-cool-to-warm-spectrum-gradient-background{background: var(--wp--preset--gradient--cool-to-warm-spectrum) !important;}.has-blush-light-purple-gradient-background{background: var(--wp--preset--gradient--blush-light-purple) !important;}.has-blush-bordeaux-gradient-background{background: var(--wp--preset--gradient--blush-bordeaux) !important;}.has-luminous-dusk-gradient-background{background: var(--wp--preset--gradient--luminous-dusk) !important;}.has-pale-ocean-gradient-background{background: var(--wp--preset--gradient--pale-ocean) !important;}.has-electric-grass-gradient-background{background: var(--wp--preset--gradient--electric-grass) !important;}.has-midnight-gradient-background{background: var(--wp--preset--gradient--midnight) !important;}.has-small-font-size{font-size: var(--wp--preset--font-size--small) !important;}.has-medium-font-size{font-size: var(--wp--preset--font-size--medium) !important;}.has-large-font-size{font-size: var(--wp--preset--font-size--large) !important;}.has-x-large-font-size{font-size: var(--wp--preset--font-size--x-large) !important;} </style> <link rel='stylesheet' id='category-css-css' href='https://blogs.cisco.com/wp-content/plugins/cisco-category-page-enhancement/css/category-css.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='multiauthor_custom_front_style-css' href='https://blogs.cisco.com/wp-content/plugins/cisco-multiple-authors/css/multiauthor.css?ver=1.1' type='text/css' media='all' /> <link rel='stylesheet' id='parent-style-css' href='https://blogs.cisco.com/wp-content/themes/ciscowordpress/style.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='child-style-css' href='https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/style.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='ciscowordpress-style-css' href='https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/style.css?ver=5.9.2' type='text/css' media='all' /> <style id='ciscowordpress-style-inline-css' type='text/css'> @media only screen and (min-width: 930px){ ul#featured_categories li{ width: calc(100%/ ); }} </style> <link rel='stylesheet' id='cui-standard-css' href='https://www.cisco.com/web/fw/cisco-ui/1.3.5/dist/css/cui-standard.min.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='style_login_widget-css' href='https://blogs.cisco.com/wp-content/plugins/miniorange-oauth-oidc-single-sign-on/resources/css/style_login_widget.css?ver=5.9.2' type='text/css' media='all' /> <script type='text/javascript' src='https://blogs.cisco.com/wp-content/plugins/cisco-multiple-authors/js/custom-multiauthor.js?ver=5.9.2' id='multiauthor_custom_js-js'></script> <script type='text/javascript' src='https://blogs.cisco.com/wp-content/themes/ciscowordpress/js/card-dropdown.js?ver=5.9.2' id='ciscowordpress-card-tag-dropdown-js'></script> <link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://blogs.cisco.com/xmlrpc.php?rsd" /> <link rel="wlwmanifest" type="application/wlwmanifest+xml" href="https://blogs.cisco.com/wp-includes/wlwmanifest.xml" /> <meta name="generator" content="WordPress 5.9.2" /> <link rel='shortlink' href='https://blogs.cisco.com/?p=155771' /> <link rel="alternate" type="application/json+oembed" href="https://blogs.cisco.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fblogs.cisco.com%2Fsecurity%2Ftalos%2Fthreat-spotlight-group-72" /> <link rel="alternate" type="text/xml+oembed" href="https://blogs.cisco.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fblogs.cisco.com%2Fsecurity%2Ftalos%2Fthreat-spotlight-group-72&format=xml" /> <link rel="icon" href="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/09/cropped-Cisco-logo-thumb-sky-blue-150x150.jpg" sizes="32x32" /> <link rel="icon" href="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/09/cropped-Cisco-logo-thumb-sky-blue-300x300.jpg" sizes="192x192" /> <link rel="apple-touch-icon" href="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/09/cropped-Cisco-logo-thumb-sky-blue-300x300.jpg" /> <meta name="msapplication-TileImage" content="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/09/cropped-Cisco-logo-thumb-sky-blue-300x300.jpg" /> </head> <body class="post-template-default single single-post postid-155771 single-format-standard no-sidebar"> <div id="page" class="site"> <cdc-template-micro lang="en" search-set-context="blogs"> <a class="skip-link screen-reader-text" href="#content">Skip to content</a> <header id="masthead" class="site-header"> </header> <div id="content" class="site-content"> <div id="primary" class="content-area"> <main id="main" class="site-main"> <p id="breadcrumbs"><span><span><a href="https://blogs.cisco.com/">Cisco Blogs</a> / <span><a href="https://blogs.cisco.com/security">Security</a> / <span class="breadcrumb_last" aria-current="page">Threat Spotlight: Group 72</span></span></span></span></p> <div class="blog-post-header"> </div> <article id="post-155771" class="post-155771 post type-post status-publish format-standard has-post-thumbnail hentry category-talos tag-apt tag-cisco-talos tag-malware tag-operation-smn tag-security tag-smn tag-talos tag-threats"> <div class="main-content"> <header class="entry-header"> <div class="entry-meta"> October 14, 2014 <a id="post-comments" href="https://blogs.cisco.com/security/talos/threat-spotlight-group-72#comments">2 Comments</a> <hr> </div> </header> <div class="blog-post-header"> <div class="thumbnail-avatar"> <div class="post-thumbnail" style="background-image:url(https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2023/09/IL20241112064931-Cisco_Logo_Indigo_no_TM-600x200.png);"> <img src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/07/1519565080-bpfull.jpg" width="102" height="102" alt="Avatar" class="avatar avatar-102 wp-user-avatar wp-user-avatar-102 photo avatar-default"> </div> </div> <div class="blog-cat-post-author-container"> <a href=https://blogs.cisco.com/security><h5>Security</h5></a> <h1 class="entry-title">Threat Spotlight: Group 72</h1><p class="wordcount"><span class="black">3 min read</span></p> <p> <a href="https://blogs.cisco.com/author/talos" title="Posts by Talos Group" rel="author">Talos Group</a> </p> </div> </div>  <div class="entry-content"> <p dir="ltr" id="docs-internal-guid-975be0c6-0f4a-f1c1-4e6c-98519d87a4a0">This post is co-authored by <a title="Joel Esler" href="http://blogs.cisco.com/author/joelesler" target="_blank" rel="noopener noreferrer">Joel Esler</a>, <a title="Martin Lee" href="http://blogs.cisco.com/author/martinlee/" target="_blank" rel="noopener noreferrer">Martin Lee</a> and <a title="Craig Williams" href="http://blogs.cisco.com/author/CraigWilliams/" target="_blank" rel="noopener noreferrer">Craig Williams</a></p> <p dir="ltr">Everyone has certain characteristics that can be recognised. This may be a way of walking, an accent, a turn of phrase or a style of dressing. If you know what to look for you can easily spot a friend or acquaintance in a crowd by knowing what characteristics to look for. Exactly the same is true for threat actors.</p> <p dir="ltr">Each threat actor group may have certain characteristics that they display during their attack campaigns. These may be the types of malware that they use, a pattern in the naming conventions of their command and control servers, their choice of victims etc. Collecting attack data allows an observer to spot the characteristics that define each group and identify specific threat actors from the crowd of malicious activity on the internet.</p> <p dir="ltr">Talos security and intelligence research group collects attack data from our various telemetry systems to analyse, identify and monitor threat actors through their different tactics, techniques, and procedures. Rather than give names to the different identified groups, we assign numbers to the threat actors. We frequently blog about significant attack campaigns that we discover, behind the scenes we integrate our intelligence data directly into our products. As part of our research we keep track of certain threat actor groups and their activities. In conjunction with a number of other security companies, we are taking action to highlight and disrupt the activities of the threat actors identified by us as Group 72.<span id="more-155771"></span></p> <p dir="ltr">Group 72 is a long standing threat actor group involved in <a title="Operation SMN" href="http://www.novetta.com/blog/2014/14/cyber-security-coalition" target="_blank" rel="noopener noreferrer">Operation SMN</a>, named Axiom by Novetta. The group is sophisticated, well funded, and possesses an established, defined software development methodology. The group targets high profile organizations with high value intellectual property in the manufacturing, industrial, aerospace, defense, media sectors. Geographically, the group almost exclusively targets organizations based in United States, Japan, Taiwan, and Korea. The preferred tactics of the group include watering-hole attacks, spear-phishing, and other web-based tactics.</p> <p dir="ltr">The tools and infrastructure used by the attackers are common to a number of other threat actor groups which may indicate some degree of overlap. We have seen similar patterns used in domain registration for malicious domains, and the same tactics used in other threat actor groups leading us to believe that this group may be part of a larger organization that comprises many separate teams, or that different groups share tactics, code and personnel from time to time.</p> <p>It is possible that Group 72 has a vulnerability research team searching for 0-day vulnerabilities in Windows. The group is associated with the initial attack campaigns utilising exploits for the following vulnerabilities<a title="CVE-2014-0322" href="http://tools.cisco.com/security/center/viewAlert.x?alertId=32870" target="_blank" rel="noopener noreferrer"> CVE-2014-0322</a> and <a title="CVE-2012-4792" href="http://tools.cisco.com/security/center/viewAlert.x?alertId=27711" target="_blank" rel="noopener noreferrer">CVE-2012-4792</a> . We have also observed them using SQL injection as part of their attacks, and exploits based on <a title="CVE-2012-1889" href="http://tools.cisco.com/security/center/viewAlert.x?alertId=26148" target="_blank" rel="noopener noreferrer">CVE-2012-1889</a> and <a title="CVE-2013-3893" href="http://tools.cisco.com/security/center/viewAlert.x?alertId=30843" target="_blank" rel="noopener noreferrer">CVE-2013-3893</a>.</p> <p dir="ltr">Frequently the group deploys a remote access trojan (RAT) on compromised machines. These are used both to steal data and credentials from compromised machines, and to use the machine as a staging post to conduct attacks against further systems on the network, allowing the attackers to spread their compromise within the organization. Unlike some threat actors, Group 72 does not prefer to use a single RAT as part of their attacks. We have observed the group to use the following RAT malware:</p> <ul> <li>Gh0st RAT (aka Moudoor)</li> <li>Poison Ivy (aka Darkmoon)</li> <li>HydraQ (aka 9002 RAT aka McRAT aka Naid)</li> <li>Hikit (aka Matrix RAT aka Gaolmay)</li> <li>Zxshell (aka Sensode)</li> <li>DeputyDog (aka Fexel) — Using the kumanichi and moon campaign codes</li> <li>Derusbi</li> <li>PlugX (aka Destroy RAT aka Thoper aka Sogu)</li> <li>HydraQ and Hikit, according to our data are unique to Group 72 and to two other threat actor groups.</li> </ul> <p dir="ltr">While their operational security is very good, patterns in their domains can be identified such as seemingly naming domains after their intended victim. We have observed domains such as<em> companyname.attackerdomain.com</em> and <em>companyacronym.attackerdomain.com</em>. We have also observed similar patterns in the disposable email addresses used to register their domains. These slips, among others, allow us to follow their activities. Intriguingly we have observed the same email address being used in the activities of this and two other threat actor groups. This may suggest that these three groups are indeed one unit, or possibly hint at shared staff or ancillary facilities.</p> <p dir="ltr">We will post a follow up with more technical detail in the coming days.</p> <p dir="ltr">ClamAV names and Snort Signature IDs detecting Group 72 RAT malware:</p> <ul> <li>Gh0stRat — Win.Trojan.Gh0stRAT, 19484, 27964</li> <li>PoisonIVY / DarkMoon — Win.Trojan.DarkMoon, 7816, 7815, 7814, 7813, 12715, 12724</li> <li>Hydraq — Win.Trojan.HyDraq, 16368, 21304</li> <li>HiKit — Win.Trojan.HiKit, 30948</li> <li>Zxshell — Win.Trojan.Zxshell, 32180, 32181</li> <li>DeputyDog — Win.Trojan.DeputyDog, 28493, 29459</li> <li>Derusbi — Win.Trojan.Derusbi, 20080</li> </ul> <h3>Protecting Users Against These Threats</h3> <p> </p> <p dir="ltr"><img class="alignleft" alt="" src="https://alln-extcloud-storage.cisco.com/Cisco_Blogs:ciscoblogs/group_72_detection.gif" width="258" height="221" /></p> <p dir="ltr">Advanced Malware Protection (<a href="http://www.cisco.com/c/en/us/support/security/amp-firepower-software-license/tsd-products-support-series-home.html">AMP</a>) is ideally suited to detect the sophisticated malware used by this threat actor.</p> <p dir="ltr"> <a href="http://www.cisco.com/c/en/us/products/security/cloud-web-security/index.html">CWS</a> or<a href="http://www.cisco.com/c/en/us/products/security/web-security-appliance/index.html"> WSA</a> web scanning prevents access to malicious websites, including watering hole attacks, and detects malware used in these attacks.</p> <p dir="ltr"> The Network Security protection of<a href="http://www.cisco.com/c/en/us/products/security/intrusion-prevention-system-ips/index.html"> IPS</a> and<a href="http://www.cisco.com/c/en/us/products/security/asa-next-generation-firewall-services/index.html"> NGFW</a> have up-to-date signatures to detect malicious network activity by threat actors.</p> <p dir="ltr"> <a href="http://www.cisco.com/c/en/us/products/security/email-security-appliance/index.html">ESA</a> can block spear phishing emails sent by threat actors as part of their campaign.</p> <div id="share_bar_desktop"> <span class = "share_title">Share</span> <div class="twitter"> <div class = "box"> <a class = "share" href="https://twitter.com/intent/tweet?url=http://bit.ly/1cswblX&text=Threat Spotlight: Group 72&via=Cisco" target='_blank' data-config-metrics-group='social_shares' data-config-metrics-title='twitter_shares' data-config-metrics-item='twitter_share'> <img class="share_image" src="https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/svg/share_X_white.svg" alt="share on twitter"></a> </div> </div> <div class="facebook"> <div class = "box"> <a class = "share" href = "http://www.facebook.com/sharer/sharer.php?u=https://blogs.cisco.com/security/talos/threat-spotlight-group-72&title=Threat Spotlight: Group 72" data-config-metrics-group='social_shares' data-config-metrics-title='facebook_shares' data-config-metrics-item='facebook_share' onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=600,width=600');return false;"><img class="share_image" src="https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/svg/share_fb_white.svg" alt="share on facebook"></a> </div> </div> <div class="linkedin"> <div class = "box"> <a class = "share" href = "https://www.linkedin.com/cws/share?url=https://blogs.cisco.com/security/talos/threat-spotlight-group-72" data-title=" " data-config-metrics-group='social_shares' data-config-metrics-title='linkedin_shares' data-config-metrics-item='linkedin_share' onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=600,width=600');return false;"><img class="share_image" src="https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/svg/share_li_white.svg" alt="share on linkedin"></a> </div> </div> <div class = "mail"> <div class = "box"> <a class="share" href="mailto:?subject=Cisco Blog: Threat Spotlight: Group 72&body=I saw this post on Cisco Blogs and thought you might like to read it.%0A%0AThreat Spotlight: Group 72%0A%0Ahttps://blogs.cisco.com/security/talos/threat-spotlight-group-72%0A%0A****Disclaimer****%0A%0ACisco is not responsible for the content of this email, and its contents do not necessarily reflect Cisco’s views or opinions. Cisco has not verified the email address or name of the sender." data-config-metrics-group='social_shares' data-config-metrics-title='email_shares' data-config-metrics-item='email_share'> <img class="share_image" src="https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/svg/share_email_white.svg"> </a> </div> </div> <div class = "clear"></div> </div> <br> <div class = "share_text">Share:</div> <div id="share_bar_mobile"> <div class="twitter"> <div class = "box"> <a class = "share" href="https://twitter.com/intent/tweet?url=http://bit.ly/1cswblX&text=Threat Spotlight: Group 72&via=Cisco" target='_blank' data-config-metrics-group='social_shares' data-config-metrics-title='twitter_shares' data-config-metrics-item='twitter_share'> <img class="share_image" src="https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/svg/share_X_white.svg" alt="share on twitter"></a> </div> </div> <div class="facebook"> <div class = "box"> <a class = "share" href = "http://www.facebook.com/sharer/sharer.php?u=https://blogs.cisco.com/security/talos/threat-spotlight-group-72&title=Threat Spotlight: Group 72" data-config-metrics-group='social_shares' data-config-metrics-title='facebook_shares' data-config-metrics-item='facebook_share' onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=600,width=600');return false;"><img class="share_image" src="https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/svg/share_fb_white.svg" alt="share on facebook"></a> </div> </div> <div class="linkedin"> <div class = "box"> <a class = "share" href = "https://www.linkedin.com/cws/share?url=https://blogs.cisco.com/security/talos/threat-spotlight-group-72" data-title=" " data-config-metrics-group='social_shares' data-config-metrics-title='linkedin_shares' data-config-metrics-item='linkedin_share' onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=600,width=600');return false;"><img class="share_image" src="https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/svg/share_li_white.svg" alt="share on linkedin"></a> </div> </div> <div class = "mail"> <div class = "box"> <a class="share" href="mailto:?subject=Cisco Blog: Threat Spotlight: Group 72&body=I saw this post on Cisco Blogs and thought you might like to read it.%0A%0AThreat Spotlight: Group 72%0A%0Ahttps://blogs.cisco.com/security/talos/threat-spotlight-group-72%0A%0A****Disclaimer****%0A%0ACisco is not responsible for the content of this email, and its contents do not necessarily reflect Cisco’s views or opinions. Cisco has not verified the email address or name of the sender." data-config-metrics-group='social_shares' data-config-metrics-title='email_shares' data-config-metrics-item='email_share'> <img class="share_image" src="https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/svg/share_email_white.svg"> </a> </div> </div> <div class = "clear"></div> </div> <br> </div> <div class="author-section"> <div><h2>Authors</h2></div> <div class="auth-row"> <div class="blog-row author-bio"> <div class="item-thirds-1 author-bio-box" > <div class="author-image" > <a href="https://blogs.cisco.com/author/talos"><img src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/07/1519565080-bpfull.jpg" width="150" height="150" alt="Avatar" class="avatar avatar-150wp-user-avatar wp-user-avatar-150 alignnone photo avatar-default"> </a> </div> <div class="author-info"> <h3><a href="https://blogs.cisco.com/author/talos"> Talos Group</a> </h3> <h4 class="title">Talos Security Intelligence & Research Group </h4> <h4></h4> </div> </div> </div> </div> </div> <footer class="entry-footer"> </footer> </article> <div id="tags-container">Tags: <a href="https://blogs.cisco.com/tag/apt" rel="tag">APT</a> <a href="https://blogs.cisco.com/tag/cisco-talos" rel="tag">Cisco Talos</a> <a href="https://blogs.cisco.com/tag/malware" rel="tag">malware</a> <a href="https://blogs.cisco.com/tag/operation-smn" rel="tag">Operation SMN</a> <a href="https://blogs.cisco.com/tag/security" rel="tag">Security</a> <a href="https://blogs.cisco.com/tag/smn" rel="tag">SMN</a> <a href="https://blogs.cisco.com/tag/talos" rel="tag">Talos</a> <a href="https://blogs.cisco.com/tag/threats" rel="tag">threats</a> <hr id="comment-break-line"> </div> <div id="comments" class="comments-area"> <h2 class="comments-title"> 2 Comments </h2> <ul class="comment-list"> <li id="comment-2181972" class="comment even thread-even depth-1"> <article id="div-comment-2181972" class="comment-body"> <footer class="comment-meta"> <div class="comment-author vcard"> <img src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2020/08/IL20200817195118-Tazin-Khan-Norelius-150x150.png" width="32" height="32" alt="Avatar" class="avatar avatar-32wp-user-avatar wp-user-avatar-32 alignnone photo avatar-default" /> <b class="fn">Blake VandeVelde</b> <span class="says">says:</span> </div> <div class="comment-metadata"> <a href="https://blogs.cisco.com/security/talos/threat-spotlight-group-72#comment-2181972"><time datetime="2014-11-03T12:43:56-08:00">November 3, 2014 at 12:43 pm</time></a> </div> </footer> <div class="comment-content"> <p>I see mention made of “The Network Security protection of IPS and NGFW have up-to-date signatures to detect malicious network activity by threat actors.” There are four CVE’s listed in this article, and I only see two of them (the ones from 2012) showing up in the ASA CX IPS product. None of the other threat names show up in the ASA CX IPS either. We have the latest Oct 2014 signatures.</p> <p>Based on this document, (<a href="http://www.cisco.com/c/en/us/products/security/asa-5500-series-next-generation-firewalls/eos-eol-notice-listing.html" rel="nofollow ugc">http://www.cisco.com/c/en/us/products/security/asa-5500-series-next-generation-firewalls/eos-eol-notice-listing.html</a>) ASA CX is not EOL, so there ought to be regular IPS signatures coming out to protect us against things like this. When will we be protected against these threats?</p> </div> </article> </li> <li id="comment-2182105" class="comment byuser comment-author-alexanderchiu odd alt thread-odd thread-alt depth-1"> <article id="div-comment-2182105" class="comment-body"> <footer class="comment-meta"> <div class="comment-author vcard"> <img src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/07/1907-150x150.jpg" width="32" height="32" alt="Alex Chiu" class="avatar avatar-32 wp-user-avatar wp-user-avatar-32 alignnone photo" /> <b class="fn">Alex Chiu</b> <span class="says">says:</span> </div> <div class="comment-metadata"> <a href="https://blogs.cisco.com/security/talos/threat-spotlight-group-72#comment-2182105"><time datetime="2014-11-03T15:01:31-08:00">November 3, 2014 at 3:01 pm</time></a> </div> </footer> <div class="comment-content"> <p>Blake,</p> <p>Cisco CX IPS is not designed to address the entire range of signatures offered by the Cisco IPS. It is targeted for specific deployments and runs a subset of the signatures from the Cisco IPS. Each new IPS signature is evaluated, and when possible, implemented on CX. </p> <p>If you have any further questions on CX signature coverage feel free to reach out to <a href="mailto:ips-signature-team@cisco.com">ips-signature-team@cisco.com</a>.</p> </div> </article> </li> </ul> <p class="no-comments">Comments are closed.</p> </div> </main> </div> <div class="blog-row cui cta"> <div class="item-halves-1"> <div class="cta-container"> <div class="cta-image"> <img src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2023/07/IL20230719143932-Cybersecurity-Expert-graphic-marquee-3-scaled-150x150.jpg"> </div>  <div class="cta-description"> <h2>Cisco Cybersecurity Viewpoints</h2> <p>Where security insights and innovation meet. Read the e-book, see the video, dive into the infographic and more...</p> <div class="btn--parent"> <button class="btn--primary1" onclick="window.location.href = 'https://www.cisco.com/c/m/en_us/products/security/cybersecurity-viewpoints.html?CCID=cc000160&OID=otrsc031293&DTID=oblgcdc000651';">  Get expert perspectives now </button> </div>  </div>    </div>  </div>  <div class="item-halves-2"> <div class="cta-container"> <div class="cta-image"> <img src="https://alln-extcloud-storage.cisco.com/Cisco_Blogs:blogs/1/2020/01/IL20200117171458-Screen-Shot-2020-01-17-at-12.13.39-PM-150x150.png"> </div>  <div class="cta-description"> <h2>Why Cisco Security?</h2> <p>Explore our Products & Services</p> <div class="btn--parent"> <button class="btn--primary1" onclick="window.location.href = 'https://www.cisco.com/c/en/us/products/security/index.html';">  Learn More </button> </div>  </div>    </div>  </div>  </div> </div>  <div id="social-footer" class="blog-row"> <ul class="social-footer-item item-full"> <h5> CONNECT WITH US </h5> <ul id="social-icons-list"> <li> <a href="https://www.linkedin.com/company/cisco/" target="_blank" rel=”noopener noreferrer” tabindex="0" alt="Go to Cisco's LinkedIn"><svg width="32" height="32" viewBox="0 0 32 32" role="img" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><path d="m24.80382,24.53603l-3.70694,0l0,-5.62559c0,-1.34209 -0.02431,-3.06801 -1.92709,-3.06801c-1.92986,0 -2.22361,1.46262 -2.22361,2.97171l0,5.72189l-3.70347,0l0,-11.56902l3.55417,0l0,1.58181l0.05069,0c0.49445,-0.90976 1.70486,-1.86868 3.50903,-1.86868c3.75347,0 4.44722,2.39528 4.44722,5.51111l0,6.34478zm-15.74236,-13.1495c-1.19097,0 -2.15139,-0.934 -2.15139,-2.08552c0,-1.15084 0.96042,-2.08485 2.15139,-2.08485c1.18611,0 2.14931,0.93401 2.14931,2.08485c0,1.15152 -0.9632,2.08552 -2.14931,2.08552l0,0zm1.85486,13.1495l0,-11.56902l-3.71111,0l0,11.56902l3.71111,0zm15.73403,-20.65724l-21.30556,0c-1.01736,0 -1.84444,0.78249 -1.84444,1.74815l0,20.74545c0,0.96499 0.82708,1.74882 1.84444,1.74882l21.30556,0c1.02014,0 1.84931,-0.78383 1.84931,-1.74882l0,-20.74545c0,-0.96566 -0.82917,-1.74815 -1.84931,-1.74815l0,0z" fill="#fff" fill-rule="evenodd"></path></svg></a></li> <li> <a href="https://twitter.com/ciscosecure" target="_blank" rel=”noopener noreferrer” tabindex="0" alt="Go to Cisco's Twitter"><svg width="32" height="32" viewBox="0 0 32 32" role="img" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> <path d="M25.2019 2H30.1087L19.3887 13.8605L32 30H22.1254L14.3913 20.2115L5.54174 30H0.631901L12.0981 17.3138L0 2H10.1252L17.1162 10.9471L25.2019 2ZM23.4797 27.1569H26.1987L8.64785 4.69374H5.73013L23.4797 27.1569Z" fill="#fff"/> </svg></a></li> <li> <a href="https://www.facebook.com/cisco/" target="_blank" rel=”noopener noreferrer” tabindex="0" alt="Go to Cisco's Facebook"><svg width="32" height="32" viewBox="0 0 32 32" role="img" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><path d="m26.62006,4l-22.2403,0c-0.7622,0 -1.37976,0.59894 -1.37976,1.33804l0,21.56635c0,0.73891 0.61756,1.33803 1.37976,1.33803l11.97343,0l0,-9.38796l-3.25793,0l0,-3.65868l3.25793,0l0,-2.69815c0,-3.13113 1.97213,-4.83613 4.85266,-4.83613c1.37975,0 2.56571,0.09955 2.91135,0.14415l0,3.2722l-1.99788,0.00091c-1.56654,0 -1.86993,0.72183 -1.86993,1.7812l0,2.33582l3.7362,0l-0.48652,3.65868l-3.24968,0l0,9.38796l6.37067,0c0.76191,0 1.37975,-0.59912 1.37975,-1.33803l0,-21.56635c0,-0.7391 -0.61784,-1.33804 -1.37975,-1.33804" fill="#fff"></path></svg></a></li> <li> <a href="https://www.instagram.com/cisco/?hl=en" target="_blank" rel=”noopener noreferrer” tabindex="0" alt= "Go to Cisco's Instagram"><svg width="32" height="32" viewBox="0 0 32 32" role="img" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g fill="#fff"><path d="m22.23823,2.07724l-12.4768,0c-4.23706,0 -7.68419,3.44729 -7.68419,7.68435l0,12.4768c0,4.23723 3.44713,7.68436 7.68419,7.68436l12.4768,0c4.23739,0 7.68452,-3.4473 7.68452,-7.68436l0,-12.4768c0.00016,-4.23706 -3.44713,-7.68435 -7.68452,-7.68435zm5.21409,20.16115c0,2.87494 -2.33899,5.21377 -5.21393,5.21377l-12.47696,0c-2.87478,0.00016 -5.2136,-2.33883 -5.2136,-5.21377l0,-12.4768c0,-2.87477 2.33882,-5.21376 5.2136,-5.21376l12.4768,0c2.87494,0 5.21393,2.33899 5.21393,5.21376l0,12.4768l0.00016,0z"></path><path d="m15.99999,8.82524c-3.9564,0 -7.17508,3.21868 -7.17508,7.17508c0,3.95624 3.21868,7.17476 7.17508,7.17476c3.9564,0 7.17509,-3.21852 7.17509,-7.17476c0,-3.9564 -3.21869,-7.17508 -7.17509,-7.17508zm0,11.87908c-2.59395,0 -4.70449,-2.11021 -4.70449,-4.70416c0,-2.59412 2.11038,-4.7045 4.70449,-4.7045c2.59412,0 4.7045,2.11038 4.7045,4.7045c0,2.59395 -2.11054,4.70416 -4.7045,4.70416z"></path><path d="m23.47599,6.73035c-0.476,0 -0.9436,0.1927 -1.27976,0.53035c-0.33781,0.336 -0.532,0.80376 -0.532,1.28141c0,0.47617 0.19435,0.94377 0.532,1.28141c0.336,0.336 0.80376,0.53036 1.27976,0.53036c0.47765,0 0.94377,-0.19436 1.28141,-0.53036c0.33765,-0.33764 0.53036,-0.80541 0.53036,-1.28141c0,-0.47765 -0.19271,-0.94541 -0.53036,-1.28141c-0.336,-0.33765 -0.80376,-0.53035 -1.28141,-0.53035z"></path></g></svg></a></li> <li> <a href="https://www.youtube.com/user/Cisco/welcome" target="_blank" rel=”noopener noreferrer” tabindex="0" alt="Go to Cisco's Youtube"><svg width="32" height="32" viewBox="0 0 32 32" role="img" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><path d="m12.73901,19.93335l-0.00144,-8.54172l8.47104,4.28574l-8.4696,4.25598zm18.59878,-10.02146c0,0 -0.30631,-2.09493 -1.24635,-3.01746c-1.19214,-1.21081 -2.52842,-1.21682 -3.14122,-1.28769c-4.38704,-0.30753 -10.96784,-0.30753 -10.96784,-0.30753l-0.01363,0c0,0 -6.58064,0 -10.96784,0.30753c-0.61283,0.07087 -1.94862,0.07688 -3.14119,1.28769c-0.93998,0.92253 -1.24586,3.01746 -1.24586,3.01746c0,0 -0.31352,2.46013 -0.31352,4.92024l0,2.30635c0,2.46008 0.31352,4.92018 0.31352,4.92018c0,0 0.30588,2.09496 1.24586,3.01749c1.19257,1.21085 2.7591,1.17254 3.45682,1.29945c2.50808,0.23321 10.65906,0.30539 10.65906,0.30539c0,0 6.58758,-0.00962 10.97462,-0.31712c0.6128,-0.07089 1.94908,-0.07687 3.14122,-1.28772c0.94004,-0.92253 1.24635,-3.01749 1.24635,-3.01749c0,0 0.31306,-2.4601 0.31306,-4.92018l0,-2.30635c0,-2.46011 -0.31306,-4.92024 -0.31306,-4.92024l0,0z" fill="#fff"></path></svg></a></li> </ul> </ul> </div>  </cdc-template-micro>  </div> <script type="text/javascript" src="//www.cisco.com/c/dam/cdc/t/ctm.js"></script> <script> function convert_to_url(obj) { return Object .keys(obj) .map(k => `${encodeURIComponent(k)}=${encodeURIComponent(obj[k])}`) .join('&'); } function pass_to_backend() { if(window.location.hash) { var hash = window.location.hash; var elements = {}; hash.split("#")[1].split("&").forEach(element => { var vars = element.split("="); elements[vars[0]] = vars[1]; }); if(("access_token" in elements) || ("id_token" in elements) || ("token" in elements)) { if(window.location.href.indexOf("?") !== -1) { window.location = (window.location.href.split("?")[0] + window.location.hash).split('#')[0] + "?" + convert_to_url(elements); } else { window.location = window.location.href.split('#')[0] + "?" + convert_to_url(elements); } } } } pass_to_backend(); </script> <script type='text/javascript' src='https://blogs.cisco.com/wp-content/themes/ciscowordpress/js/navigation.js?ver=20151215' id='ciscowordpress-navigation-js'></script> <script type='text/javascript' src='https://blogs.cisco.com/wp-content/themes/ciscowordpress/js/skip-link-focus-fix.js?ver=20151215' id='ciscowordpress-skip-link-focus-fix-js'></script> </body> </html>