ReferencesActors

GooNky

- Zirconium

References:
  • The shadow knows: Malvertising campaigns use domain shadowing to pull in Angler EK - 2015-12-15 - Proofpoint - Kafeine GooNky Angler CVE-2016-3351
  • Uncovering 2017’s Largest Malvertising Operation - 2018-01-13 - Confiant - Jérôme Dangu GooNky

    • More Reading:

  • Let’s Encrypt Now Being Abused By Malvertisers - 2016-01-06 - Trend Micro - Joseph C. Chen GooNky Angler
  • Operation Fingerprint: A Look Into Several Angler Exploit Kit Malvertising Campaigns - 2016-03-01 - MalwarebytesGeoEdge - Eugene Aseev - Jérôme Segura VirtualDonna GooNky AdGholas Angler
  • A Look Into Malvertising Attacks Targeting The UK - 2016-03-16 - Malwarebytes - Jérôme Segura GooNky Angler
  • CryptXXX 2.0: Ransomware Authors Strike Back Against Free Decryption Tool - 2016-05-09 - Proofpoint - Proofpoint Staff CryptXXX GooNky Angler
  • Is it the End of Angler ? - 2016-06-11 - MDNC - Kafeine Angler Lurk Nuclear SadClowns GooNky EITest WordsJS ScriptJS
  • Microsoft Patches CVE-2016-3351 Zero-Day, Exploited By AdGholas and GooNky Malvertising Groups - 2016-09-13 - Proofpoint - Kafeine CVE-2016-3351 GooNky AdGholas Angler Astrum
  • RIG exploit kit takes on large malvertising campaign - 2016-09-27 - Malwarebytes - Jérôme Segura GooNky RIG
  • Peas in a pod: Microsoft patches CVE-2016-3298, a second information disclosure zero-day used in malvertising campaigns and the Neutrino Exploit Kit - 2016-10-11 - Proofpoint - Kafeine CVE-2016-3298 GooNky AdGholas CVE-2016-3351
  • Zirconium was one step ahead of Chrome’s redirect blocker with 0-day - 2018-03-05 - Confiant - Jérôme Dangu GooNky