DNC Leak

Claims of Russian hacking

 * Digital Attack on German Parliament: Investigative Report on the Hack of the Left Party Infrastructure in Bundestag - Netzpolitik.org, June 19, 2015

June 2016

 * Russian government hackers penetrated DNC, stole opposition research on Trump - Ellen Nakashima, Washington Post, June 14, 2018
 * Bears in the Midst: Intrusion into the Democratic National Committee - Dmitri Alperovitch, CrowdStrike, June 15, 2016
 * Findings from Analysis of DNC Intrusion Malware - Michael Buratowski, Threat Geek, June 20, 2016
 * Here’s What We Know About Russia and the DNC Hack - April Glaser, Wired, July 27, 2016

October 2016

 * Joint Statement from the Department Of Homeland Security and Office of the Director of National Intelligence on Election Security - US-CERT, October 7, 2016
 * The Russian Expat Leading the Fight to Protect America, Vicky Ward, Esquire, October 24, 2016

December 2016

 * Here’s The Evidence Russia Hacked The Democratic National Committee - Massimo Calabresi, TIME, December 13, 2016

Grizzly Steppe

 * ''See also Profexer‎


 * GRIZZLY STEPPE – Russian Malicious Cyber Activity - US-CERT, December 29, 2016
 * JAR_16-20296A_GRIZZLY STEPPE-2016-1229.pdf - Report as PDF file

Burlington Electric Department

 * Russian operation hacked a Vermont utility, showing risk to U.S. electrical grid security, officials say - Juliet Eilperin, Washington Post, December 30, 2016
 * ''A code associated with the Russian hacking operation dubbed Grizzly Steppe by the Obama administration has been detected within the system of a Vermont utility, according to U.S. officials.
 * ''While the Russians did not actively use the code to disrupt operations, according to officials who spoke on the condition of anonymity to discuss a security matter, the discovery underscores the vulnerabilities of the nation’s electrical grid. And it raises fears in the U.S. government that Russian government hackers are actively trying to penetrate the grid to carry out potential attacks.
 * Vermont Electricity Department Finds Malware Linked to Russian Hackers - Phil Helsel, NBC News, December 31, 2016
 * ''A Vermont electricity provider said it found malware linked to an alleged Russian campaign to hack political entities in a laptop, after U.S. utilities were warned about the "Grizzly Steppe" affiliated code by the federal government.
 * Russia penetrated Vermont utility company computer - USA Today, December 31, 2016
 * ''BURLINGTON, Vt. — Malicious software believed tied to a Russian hacking group associated with attempts to influence the U.S. presidential election was found Friday within a computer that belongs to Burlington Electric, one of Vermont’s electrical utilities.
 * How The Washington Post's Defense Of Its Russian Hacking Story Unraveled Through Web Archiving - Kalev Leetaru, Forbes, January 2, 2016
 * ''How the Internet Archive’s historical snapshots of the Post’s story undermined the…

January 2017

 * 'Russian meddling doubters should wait to see report, says Brennan' (on video) - PBS, 4 January, 2017
 * (Detailed report to be provided to the US President who is to decide what and how to share...)
 * U.S. obtained evidence after election that Russia leaked emails: officials -Arshad Mohammed and Jonathan Landay, Reuters, January 5, 2017
 * ''U.S. intelligence agencies obtained what they considered to be conclusive evidence after the November election that Russia provided hacked material from the Democratic National Committee to WikiLeaks through a third party, three U.S. officials said on Wednesday.
 * Foreign Cyber Threats to the United States - US Senate Committee hearing, January 5, 2017
 * (In response to Sen. McCain question: 'we stand by our previous assessment' from October)
 * @realDonaldTrump, January 5, 2017
 * ''The Democratic National Committee would not allow the FBI to study or see its computer info after it was supposedly hacked by Russia......So how and why are they so sure about hacking if they never even requested an examination of the computer servers? What is going on?
 * Background to “Assessing Russian Activities and Intentions in Recent US Elections”: The Analytic Process and Cyber Incident Attribution, dni.gov, 6 January 2017

June 2017

 * TOP-SECRET NSA REPORT DETAILS RUSSIAN HACKING EFFORT DAYS BEFORE 2016 ELECTION - The Intercept, June 5 2017
 * In response to a question 'does he have any doubt', ex-FBI director James Comey (a lawyer by background) testified that he has 'no doubt' that Russia attempted to influence elections and was behind DNC and DCCC intrusions and subsequent leaks -live stream, vox.com, June 8, 2017
 * BURR: Do you have any doubt that Russia attempted to interfere in the 2016 elections?
 * COMEY: None.
 * BURR: Do you have any doubt that the Russian government was behind the intrusions in the DNC and the DCCC systems, and the subsequent leaks of that information?
 * COMEY: No, no doubt.
 * BURR: Do you have any doubt that the Russian government was behind the cyber intrusion in the state voter files?
 * COMEY: No.
 * BURR: Do you have any doubt that officials of the Russian government were fully aware of these activities?
 * COMEY: No doubt. (NY Times transcript)(video).
 * (later, answering Heinrich)
 * The — there should be no fuzz on this whatsoever. The Russians interfered in our election during the 2016 cycle. They did it with purpose. They did it with sophistication. They did it with overwhelming technical efforts. And it was an active-measures campaign driven from the top of that government. There is no fuzz on that.
 * It is a high-confidence judgment of the entire intelligence community, and — and the members of this committee have — have seen the intelligence. It’s not a close call. That happened. That’s about as un-fake as you can possibly get, and is very, very serious, which is why it’s so refreshing to see a bipartisan focus on that, because this is about America, not about any particular party.

Recall earlier Robert Parry commentary:
 * Repeating an accusation over and over again is not evidence that the accused is guilty, no matter how much “confidence” the accuser asserts about the conclusion.
 * ''the case, as presented (DNI report), is one-sided and lacks any actual proof. Further, the continued use of the word “assesses” – as in the U.S. intelligence community “assesses” that Russia is guilty – suggests that the underlying classified information also may be less than conclusive because, in intelligence-world-speak, “assesses” often means “guesses.”
 * ''The DNI report admits as much, saying, “Judgments are not intended to imply that we have proof that shows something to be a fact. Assessments are based on collected information, which is often incomplete or fragmentary, as well as logic, argumentation, and precedents.”


 * FBI requested DNC servers multiple times, and denied - James Comey, video published June 1, 2017. FBI access was denied, and eventually it was agreed that a 'highly respected private company' got access and shared 'what they saw'.

February 2018
--Resup (talk) 18:23, 16 February 2018 (UTC)
 * Mueller Indicts 13 Russians for Hacking During U.S. Election
 * Indictment.
 * Internet Research Agency, Prigozhin, see also here and here; all claims as per respective sources.
 * --Resup (talk) 18:03, 16 February 2018 (UTC)
 * 12 b. Co-conspirators arranged for a poster Happy 55 th Birthday Dear Boss in front of the White House (matching Prigozhin birthday)
 * Counts: (1) 8. Conspiracy to defraud the US (2) 86. conspiracy of wire and bank fraud (3-8) 96. aggravated identity theft, details in the linked document

April 2019

 * Trump Ordered Aides to Search for Clinton Emails, While the Russians Already Were Looking -The New York Times, April 18, 2019

June 2019

 * DOJ Admits FBI Never Saw Crowdstrike Report on DNC Russian Hacking Claim - Conservative Treehouse, June 15, 2019
 * US Govt's Entire Russia-DNC Hacking Narrative Based On Redacted Draft Of Crowdstrike Report - ZeroHedge, June 17, 2019

Denials and rebuttals

 * Reality Check: 5 Problems with CIA Claim That Russia Hacked DNC/Podesta emails - Ben Swann, CBS, December 16, 2016 (video)
 * Spy Film Thriller: Obama’s attributions of the Clinton hacks to Russia’s GRU and FSB don’t add up - Alexander Mercouris, The Duran, December 30, 2016
 * Why Crowdstrike’s Russian Hacking Story Fell Apart- Say Hello to Fancy Bear - George Eliason, January 3, 2017
 * Emails were leaked, not hacked - William Binney, Ray McGovern, Baltimore Sun, January 5, 2017
 * New Cracks in Russia-gate ‘Assessment’, Robert Parry, 23 May 2017
 * ''Yet, as any intelligence expert will tell you, if you “hand-pick” the analysts, you are really hand-picking the conclusion.
 * Answer at St. Petersburg forum, June 2017 - long transcript, Eng. video (also: 'horror-fied' translation in a video clip by Wasington Post; 'Putin is ruthlessly trolling the Democrats' - NY Post editorial, etc.).
 * Megyn Kelly: ...''And what they say in response to the question of “Where is the proof?” is that this type of disinformation campaign is intentionally difficult to find hardcore proof of. It is other factors. And what the experts say is that this couldn’t have been faked – that it’s not one factor, it is a hundred factors that point to Russia. They say it is the forensics, it’s the digital fingerprints, it’s the IP addresses, the malware, the encryption keys, the specific pieces of code – that all of them, all of them, point to Russia and none of them points to anyone other than Russia.
 * Vladimir Putin: ''What fingerprints? Hoof prints, horn prints? Whose fingerprints are these?
 * IP addresses can be simply made up. Do you know how many such specialists there are? They will make it look like it was sent from your home address by your children – your three-year old kid, they will organise everything to look like it was your three-year old daughter who carried out the attack. There are such IT specialists in the world today and they can arrange anything and then blame it on whoever ...
 * ''The other team lost. They are reluctant to acknowledge the mistake. They do not want to admit that they did not get it, that they miscalculated. It is easier to say, “We are not to blame, the Russians are to blame, they interfered in our election, but we are good.” It reminds me of anti-Semitism: the Jews are to blame for everything. The halfwit cannot do anything but the Jews are the ones who are to blame.
 * (part of longer answer, and returning to the issue several more times)
 * Vladimir Putin Tells Megyn Kelly: U.S. Hackers Could Have Framed Russia - NBC trailer, June 2, 2017
 * Megyn Kelly One-on-One with Russian President Vladimir Putin - NBC, June 4, 2017 (video length here, 11:02)
 * Full interview video, Russ. version so far here (length 20:10)
 * Body language study
 * NBC edited out Putin's hard truths - here's what you missed, by Inessa Sinchougova, Fort Russ

Wordfence

 * US Govt Data Shows Russia Used Outdated Ukrainian PHP Malware - Mark Maunder, Wordfence, December 30, 2016
 * ''The IP addresses that DHS provided may have been used for an attack by a state actor like Russia. But they don’t appear to provide any association with Russia. They are probably used by a wide range of other malicious actors, especially the 15% of IP addresses that are Tor exit nodes.
 * ''The malware sample is old, widely used and appears to be Ukrainian. It has no apparent relationship with Russian intelligence and it would be an indicator of compromise for any website.
 * Is “Grizzly Steppe” Really a Russian Operation? - Power Line, December 31, 2016
 * Grizzly Misstep: Security Experts Call Russia Hacking Report “Poorly Done,” “Fatally Flawed” - David Z. Morris, Fortune, December 31, 2016
 * New Russian Hacks? No, Old Ukrainian Malware Found. - ''Moon of Alabama, December 31, 2016
 * U.S. Intelligence Got the Wrong Cyber Bear - Leonid Bershidsky, Bloomberg, January 2, 2017
 * Did a Ukrainian University Student Create Grizzly Steppe? - Petri Krohn, SAFKA, January 3, 2017
 * In Ukraine, a Malware Expert Who Could Blow the Whistle on Russian Hacking - NY Times, August 16, 2017
 * But while Profexer’s online persona vanished, a flesh-and-blood person has emerged: a fearful man who the Ukrainian police said turned himself in early this year, and has now become a witness for the F.B.I. “I don’t know what will happen,” he wrote in one of his last messages posted on a restricted-access website before going to the police.
 * СМИ: хакера с Украины допросили по делу о взломе серверов демократов в США (Media: hacker from Ukraine interrogated in case of hacking of Democrat servers in USA) - RIA, August 16, 2017

Veteran Intelligence Professionals for Sanity

 * More Holes in Russia-gate Narrative-William Binney and Ray McGovern, Consortium News, September 20, 2017
 * Still Waiting for Evidence of a Russian Hack] - Ray McGovern, Consortium News, June 7, 2018
 * Did Sen. Warner and Comey ‘Collude’ on Russia-gate? - Ray McGovern, Consortium News, June 27, 2018
 * VIPS: Mueller’s Forensics-Free Findings - Veteran Intelligence Professionals for Sanity via Consortium News, March 13, 2019
 * Bill Binney (former NSA) on the Arrest of Julian Assange - LaRouchePAC Videos, youtube, April 11, 2019
 * Binney: 'GRU agents going here and there, and so on, inside the DNC', alleged in the indictment (noted: and repeated in the Mueller report) 'can't be NSA data, because NSA data is classified'; if anything is published it has to be redacted. Binney assumes this is Crowdstrike or another third party data.
 * Noted: it remains unclear where essentially same cross-referenced allegations in the Mueller report are coming from. Mueller report is released in the redacted, methods-wise, form.
 * Noted: (alleged, by unreliable 'The Insider', but deemed reliable enough for Skipals) leaked NSA report on Russian hacking, August to November, 2016 appears less striking/flashy than the material in the indictment and Mueller report.

Guccifer 2.0

 * ‘Guccifer 2.0’ Is Likely a Russian Government Attempt to Cover Up Its Own Hack - Lorenzo Franceschi-Bicchierai, Motherboard, June 16 2016
 * We Spoke to DNC Hacker 'Guccifer 2.0' - Lorenzo Franceschi-Bicchierai, Motherboard, June 21 2016
 * ''Last week, a mysterious hacker using the handle "Guccifer 2.0" emerged to claim responsibility for the data breach at the Democratic National Committee, which democrats and several cybersecurity firms attributed to two groups of Russian hackers, likely working for Vladimir Putin's government.
 * "Did the Russians really hack the DNC or is this another Sony Pictures moment? You decide" - The Register, July 27, 2016 + threatconnect
 * ''We're told Team Guccifer used AOL France's webmail to exchange messages with journalists; these messages, sent from guccifer20@aol.fr, were stamped with a French IP address – 95.130.15.34 – by AOL's infrastructure, meaning the sender was using that network address at the time
 * ''...It is important to note that the IP address seen in the Guccifer 2.0 AOL communications – 95.130.15.34 – is not listed as an option within Elite VPN Service, although it has an identical SSH fingerprint and has the exact same port (1723, PPTP) open as the listed options. This demonstrates the server was cloned from the same server image as all the Elite VPN servers but may be a private or dedicated version of the service." ThreatConnect also notes that the 95.130.15.34 IP address has been used in a few swindles, including a Russian mail-order bride scam in 2014 and attacks against WordPress blogs last year. The IP address also crops up in a Russian-language text message proxy service and a node list for crypto-currency EDR
 * ''Russian foreign minister Sergey Lavrov gave a simple reply when asked about the matter by the press. "I don't want to use four-letter words," he said.
 * ‘Lone DNC Hacker’ Guccifer 2.0 Slipped Up and Revealed He Was a Russian Intelligence Officer -''The Daily Beast', March 22, 2018
 * Claims made; no supporting data provided.
 * ''But on one occasion, The Daily Beast has learned, Guccifer failed to activate the VPN client before logging on. As a result, he left a real, Moscow-based Internet Protocol address in the server logs of an American social media company, according to a source familiar with the government’s Guccifer investigation. Twitter and WordPress were Guccifer 2.0’s favored outlets. Neither company would comment for this story, and Guccifer did not respond to a direct message on Twitter.
 * How do you distinguish 'VPN' from a 'real IP address' in the 'logs of a social media company'? Just how much info is actually recorded?
 * Habakkuk on metadata, David Habbakkuk, July 18, 2018
 * Forensic Data Proves DNC Was Not Hacked by Russia - Forbidden Knowledge TV, July 17, 2018

Was Guccifer 2.0 a cover-up?

 * The Seth Rich Case - JimmysLlama, May 19, 2017
 * ''Guccifer2 was created by the DNC to do two things: Make it appear that the Russians hacked their shiz so nobody knew it came from an inside source and use it as cover for the murder of Seth Rich.
 * Guccifer 2.0: Game Over - ADAM CARTER
 * ''Metadata suggests it took only 30 minutes to go from a DNC tech/data strategy consultant creating documents to Guccifer2.0 tainting them - all occurring on a date that Guccifer2.0 claimed to be after he was locked out of the DNC Network - occurring on the same day that Guccifer2.0 emerged.
 * ''Data found deeper in files now also demonstrates there was a misdirection effort, that, in its larger scope - seems to have been intended to discredit leaks by having leaks blamed on Russian hackers
 * Russia and WikiLeaks: The Case of the Gilded Guccifer - /u/tvor_22, February 17, 2017 (archived from source)
 * ''d) Guccifer2 was a CIA disinformation campaign to frame the Russians, while thumbing their noses (obvious deception,) before an assumed Hillary Clinton win could provide an appropriate and ‘pragmatic’ response. Had to have assumed a Clinton win, but in the event of a Trump win would be (and is) greatly advantageous. May imply apt28 itself was a false-flag pwn-job.
 * Proof that DNC manufactured the Russian controversy in June 2016 - byecomey on Reddit, May 25, 2017
 * Day 217.17. Hillary's Leakers, Hackers, and Henchmen - George Webb, May 28, 2017
 * Intel Vets (VIPS) Challenge ‘Russia Hack’ Evidence - Consortium News, 24 July, 2017
 * Guccifer 2.0 NGP/VAN Metadata Analysis - undated, theforensicator.wordpress.com (possibly related).
 * Did Hillary Scapegoat Russia to Save Her Campaign? - Mike Whitney, Counterpunch, August 1, 2017
 * Guccifer 1.0 in an interview to Fox news expressed an opinion that Guccifer 2.0 was an inside job - 'Guccifer' calls Fox from Romania, says he shouldn't be sent back to U.S. -Fox News, 11 August, 2017.
 * Did Guccifer 2 Plant his Russian Fingerprints? - The Forensicator, April 30, 2018
 * VIPS: Mueller’s Forensics-Free Findings - Veteran Intelligence Professionals for Sanity via Consortium News, March 13, 2019
 * Nope, Guccifer 2.0 Was Not a Russian Creation - Larry C Johnson, Sic_Semper Tyrannis, May 22, 2019

Charges
see below

Craig Murray

 * The CIA’s Absence of Conviction 329 - Craig Murray, December 11, 2016
 * Craig Murray Radio Interview, Scott Horton Show, December 13, 2016
 * Craig Murray claims to have 'rather more direct information' on the source, not just what Assange told him, 'which relates to the visit' he (Craig Murray) 'paid to Washington in September of this year' (2016). His claim is not really clarified past that above statement. He also stresses that DNC and Podesta cases are different but characterize both as 'leaks, not hacks'.
 * WikiLeaks operative claims Russia did NOT provide Hillary Clinton emails - Daily Mail. December 14, 2016
 * Exit Obama in a Cloud of Disillusion, Delusion and Deceit - Craig Murray, December 30, 2016

Seth Rich?

 * Come On, We All Know It Was Seth Rich - Caitlin Johnstone, December 18, 2016
 * Family of slain DNC staffer Seth Rich blasts detective over report of WikiLeaks link - Malia Zimmerman, Fox News, May 16, 2017
 * ''The federal investigator, who requested anonymity, said 44,053 emails and 17,761 attachments between Democratic National Committee leaders, spanning from January 2015 through late May 2016, were transferred from Rich to MacFadyen before May 21.
 * Murdered DNC staffer Seth Rich had sent 44,000 internal emails to WikiLeaks: Report - Kyle Feldscher, Washington Examiner, May 16, 2017

No public comment

 * Assange meets U.S. congressman, vows to prove Russia did not leak him documents - The Hill, August 16, 2017
 * Congressman Dana Rohrabacher recounted his conversation with Assange to The Hill.''Our three-hour meeting covered a wide array of issues, including the WikiLeaks exposure of the DNC emails during last year's presidential election,” Rohrabacher said, “Julian emphatically stated that the Russians were not involved in the hacking or disclosure of those emails. Pressed for more detail on the source of the documents, Rohrabacher said he had information to share privately with President Donald Trump

Roger Stone

 * Mueller Thinks Roger Stone Was Tipped Off About WikiLeaks Email Dump - Court Doc - Sputnik, November 29, 2018
 * Ex-Trump Adviser Stone Arrested in Mueller Probe - Special Counsel's Office - Sputnik, January 25, 2019
 * Roger Stone indicted on charges brought by special counsel - CNN, January 25, 2019

Crowdstrike?
A theory (number ****) by conspiracy journalist Georg Webb (starts around 9:30 here). He claims that McAfee/Networks Associates in the early days bought a company of Russian hackers, kept 12 of them to keep writing viruses, while in another office  the anti-viruses were produced (veracity of this is entirely on George Webb). With Alperovich coming from McAffe, he thinks it might go along similar lines with Crowdstrike. (No real evidence for that, of course, but a curious thought).

Now, from John McAfee interview:
 * ''“When the FBI or when any other agency says the Russians did it or the Chinese did something or the Iranians did something – that's a fallacy,”
 * “Any hacker capable of breaking into something is extraordinarily capable of hiding their tracks. If I were the Chinese and I wanted to make it look like the Russians did it I would use Russian language within the code.
 * “This is what the FBI and other agencies want us to believe so that they can manipulate our opinions, but I can promise you – if it looks like the Russians did it, then I can guarantee you it was not the Russians.”

Other sources

 * 2016 Democratic National Committee email leak - Wikipedia
 * Russia-Wiretapping hypotheses only timeline - RulerOfSlides

Analysis

 * Fancy Frauds, Bogus Bears & Malware Mimicry?!Fancy Frauds, Bogus Bears & Malware Mimicry?! - Adam Carter, Disobedient Media, December 26, 2017
 * The DNC Leaks and Crossfire Hurricane: A Timeline - Leo Goldstein, American Thinker, August 8, 2018

Indictments

 * https://www.justice.gov/file/1080281/download, July 13, 2018

Comments (USA).
 * Donald Trump.
 * Trump has ”very low expectations" for Putin meeting -CBS (video), published Jul 15, 2018
 * Our relationship with Russia has NEVER been worse thanks to many years of U.S. foolishness and stupidity and now, the Rigged Witch Hunt! -twitter, 1,2, July 15, 2018
 * John Bolton. 'I find it hard to believe' Putin didn’t know about Russian interference in U.S. election: White House national security adviser -ABC news, Jul 15, 2018
 * Rudy Giuliani 1, 2.

Comments (Russia)
 * Putin interview to Fox News, 16 July 2018 (Fox News; Kremlin).

Alleged Timeline

 * (Private server): March, 2016 WikiLeaks launched a searchable archive of emails  sent to/from Sec. Clinton private email server
 * (Russians): Allegedly, on April 22, 2016 'gigabytes of data' compressed, and on April 26, 2016 transferred to moved the compressed DNC data using X-Tunnel to a  GRU-leased computer located in Illinois (Indictment, 28), by indicted Russians
 * (Allegedly hack noticed): 'DNC leaders were tipped to the hack in late April (2016). Chief executive Amy Dacey got a call from her operations chief saying that their information technology team had noticed some unusual network activity. Within 24 hours, CrowdStrike had installed software on the DNC’s computers so that it could analyze data '. (WaPo)
 * More leaks threatened by Wikileaks, June 12, 2016:
 * (Alleged hack reported): WaPo, June 14, 2016; Crowdstrike, June 16, 2016

Some details
Military Units from the indictment:
 * 'Federal State Military Unit 26165' listing, map
 * 'Federal State Military Unit 74455', listing not found, the unit and address, military camp No. 48/1, Moscow, Svoboda street (ulitsa Svobody), 21/2, mentioned in this unrelated court document, map.
 * However, Mueller indictment has (18)'...Unit 74455 was located at 22 Kirova Street, Khimki, Moscow, a building referred to within the GRU as the “Tower.” ...map 1, 2
 * Added: svoboda.org (below) discussed those and some other addresses.

People:
 * VIKTOR BORISOVICH NETYKSHO (Нетыкшо Виктор Борисович) (dissertation). Some info given by svoboda.org (below)


 * Sources
 * В чем обвиняет офицеров российского разведуправления минюст США: факты -Novaya Gazeta, 18 July, 2018
 * По следам офицеров ГРУ. Новые детали в "деле русских хакеров" -svoboda.org, 17 July, 2018

Some units and people appear to be real and potentially capable. Mueller still has to show that they were involved. What he provides is some @mail.com email address said to be used. It is not really clear (to me) how this establishes involvement of two military units and 12 people, said to be officers. --Resup (talk) 09:55, 22 July 2018 (UTC)
 * Comments.

X agent

 * https://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-update-ios-espionage-app-found/, February 4, 2015
 * ''We found two malicious iOS applications in Operation Pawn Storm. One is called XAgent (detected as IOS_XAGENT.A) and the other one uses the name of a legitimate iOS game, MadCap (detected as IOS_ XAGENT.B). After analysis, we concluded that both are applications related to SEDNIT.
 * ''Analysis of XAgent ...Installing the malware into an iOS 8 device yields different results. The icon is not hidden and it also cannot restart automatically. This suggests that the malware was designed prior to the release of iOS 8 last September 2014.
 * https://www.crowdstrike.com/blog/danger-close-fancy-bear-tracking-ukrainian-field-artillery-units/
 * ''From late 2014 and through 2016, FANCY BEAR X-Agent implant was covertly distributed on Ukrainian military forums within a legitimate Android application developed by Ukrainian artillery officer Yaroslav Sherstuk.
 * The original application enabled artillery forces to more rapidly process targeting data for the Soviet-era D-30 Howitzer employed by Ukrainian artillery forces reducing targeting time from minutes to under 15 seconds. According to Sherstuk’s interviews with the press, over 9000 artillery personnel have been using the application in Ukrainian military.
 * Open source reporting indicates that Ukrainian artillery forces have lost over 50% of their weapons in the 2 years of conflict and over 80% of D-30 howitzers, the highest percentage of loss of any other artillery pieces in Ukraine’s arsenal.
 * Defense ministry denies reports of alleged artillery losses because of Russian hackers' break into software -Interfax.ua, 06.01.2017
 * ''"The information of the Command of Missile Troops and Artillery of the Ukrainian Ground Forces is that losses in artillery weapons during the Anti-Terrorist operation were way below those reported [by the media, which claimed 80% of D-30 howitzers were lost] and have nothing to do with the stated cause.

X tunnel

 * https://github.com/mitre/cti/blob/master/enterprise-attack/malware/malware--7343e208-7cab-45f2-a47b-41ba5e2f0fab.json
 * https://www.enigmasoftware.com/malware-chinese-open-source-second-dnc-hack/
 * ''X-Tunnel is capable of doing many other things, but according to Invincea, its characteristics suggest that its main goal is data exfiltration. The malware's impressive capabilities meant that the damage it caused was huge. What is interesting, however, is that it didn't employ some state-of-the-art technology. Instead, it used a protocol that is now more than ten years old.
 * ''Researchers at Invincia reckon that the X-Tunnel malware is a modified version of Xtunnel PortMap – an open-source project that used the aforementioned protocol and was developed by a Chinese company called Xten.