Across
- 3. I replaced wermgr.exe for persistence and used Twitter for DDR, I am not to be tossed around
- 4. Developed in .NET, my name translates to Cassowary in English
- 7. I am only 1 away from being a perfect PHP webshell
- 9. They say I targeted electric grid systems in UA, featured a modular design with multiple custom ICS payloads each speaking different ICS communication protocols (IEC and OPC), sported wiper, network discovery and Denial-of-Service modules
- 10. I was a multi-purpose espionage framework, I was named after the name of one of my main modules, what do Flamin’ Hot Cheetos and I share in common?
- 13. I, the DLL live on Exchange Servers, they say MFA’s and diplomatic missions/orgs are my favorite targets, I leverage SMTP events to read, modify, compose and block emails
- 14. Some people know me as Pirpi, others confuse me with a power supply
- 17. I’m so happy I wanna…cry
- 19. Chop chop, who’s there? webshell
- 23. Last name's duke, I was born in Python
- 24. Some call me malware others say I am just a proxy tool, how about we ask my author, the “lion” of HUC
- 25. Listen, like any good bootkit, when they go high, you go low, Jack
- 26. We told you not to release The Interview, got wiper?
- 28. I, the reptile rootkit use two CAST-128 encrypted Virtual File Systems to store data, INT C3 is my favorite Interrupt
Down
- 1. My twitter handle
- 2. They say I was born in Russia but rumor has it that I was named after an R-rated bar in San Francisco
- 5. They claim I was the first member of the “~D Platform”, I got my name from a prefix I commonly used in the name of files I created
- 6. My network traffic is encrypted with Camilla, stay away or else you might develop a rash
- 8. Rumint has it that I was born in a western country but I have never been (publicly) attributed to a country, lots of Lua modules, some know me by my “all-seeing eye” Project name
- 11. My name may sound cute but I’m neither mimi nor a cat
- 12. I targeted SCADA systems…Summer 2010, it was raining 0days when a rebellious worm infected PLC systems with rootkits...oh you still need a hint? Drops mic
- 15. I used to be an Agent, my cousin used to be a Tunnel
- 16. One of the most sophisticated malware suites to date, they say my name has something to do with being "In Reg" and was originated from the submission name of a sample that was uploaded to VirusTotal, I'd say ask my father, Hreiðmarr
- 18. Some said I was more sophisticated than Duqu while others dissed me, I got caught while trying to exploit a vulnerability in an AV product to hide what they called my “ugly face”, my creators and I share the same Spanish name
- 20. They say I targeted Industrial Control Systems (ICS) in EU and NA, mapped industrials networks using an OPC protocol scanning module, I propagated via trojanized legitimate ICS/SCADA software and watering-hole attacks that leveraged exploit kits
- 21. I was distributed via a malicious Tor exit node and infected torrent files, C2 analysis linked me to The Dukes.
- 22. Beloved by East Asian APT actors, most know me for my “X-“ HTTP header fields
- 27. They say my authors were inspired (in retaliation) by Flame, just like Flame I was used to target national oil companies, wiped hard drives and featured a logic bomb