aka: Group 8, AURORA PANDA, Hidden Lynx, Tailgater Team, Dogfish, BRONZE KEYSTONE, G0025, Group 72, G0001, Axiom, HELIUM
FireEye described APT17 in a 2015 report as: 'APT17, also known as DeputyDog, is a China based threat group that FireEye Intelligence has observed conducting network intrusions against U.S. government entities, the defense industry, law firms, information technology companies, mining companies, and non-government organizations.'
2023-09-12 ⋅ Symantec ⋅ Threat Hunter Team @online{team:20230912:redfly:b57156b,
author = {Threat Hunter Team},
title = {{Redfly: Espionage Actors Continue to Target Critical Infrastructure}},
date = {2023-09-12},
organization = {Symantec},
url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/critical-infrastructure-attacks},
language = {English},
urldate = {2023-12-04}
}
Redfly: Espionage Actors Continue to Target Critical Infrastructure ShadowPad |
2023-08-07 ⋅ Recorded Future ⋅ Insikt Group @techreport{group:20230807:redhotel:ee4dd20,
author = {Insikt Group},
title = {{RedHotel: A Prolific, Chinese State-Sponsored Group Operating at a Global Scale}},
date = {2023-08-07},
institution = {Recorded Future},
url = {https://go.recordedfuture.com/hubfs/reports/cta-2023-0808.pdf},
language = {English},
urldate = {2023-08-09}
}
RedHotel: A Prolific, Chinese State-Sponsored Group Operating at a Global Scale Winnti Brute Ratel C4 Cobalt Strike FunnySwitch PlugX ShadowPad Spyder Earth Lusca |
2023-07-14 ⋅ Trend Micro ⋅ Daniel Lunghi @online{lunghi:20230714:possible:94fad78,
author = {Daniel Lunghi},
title = {{Possible Supply-Chain Attack Targeting Pakistani Government Delivers Shadowpad}},
date = {2023-07-14},
organization = {Trend Micro},
url = {https://www.trendmicro.com/en_us/research/23/g/supply-chain-attack-targeting-pakistani-government-delivers-shad.html},
language = {English},
urldate = {2023-09-04}
}
Possible Supply-Chain Attack Targeting Pakistani Government Delivers Shadowpad ShadowPad |
2023-05-15 ⋅ Symantec ⋅ Threat Hunter Team @online{team:20230515:lancefly:49fd53e,
author = {Threat Hunter Team},
title = {{Lancefly: Group Uses Custom Backdoor to Target Orgs in Government, Aviation, Other Sectors}},
date = {2023-05-15},
organization = {Symantec},
url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lancefly-merdoor-zxshell-custom-backdoor},
language = {English},
urldate = {2023-05-26}
}
Lancefly: Group Uses Custom Backdoor to Target Orgs in Government, Aviation, Other Sectors Merdoor PlugX ShadowPad ZXShell Lancefly |
2023-02-02 ⋅ Elastic ⋅ Salim Bitam, Remco Sprooten, Cyril François, Andrew Pease, Devon Kerr, Seth Goodwin @online{bitam:20230202:update:57ea3a2,
author = {Salim Bitam and Remco Sprooten and Cyril François and Andrew Pease and Devon Kerr and Seth Goodwin},
title = {{Update to the REF2924 intrusion set and related campaigns}},
date = {2023-02-02},
organization = {Elastic},
url = {https://www.elastic.co/security-labs/update-to-the-REF2924-intrusion-set-and-related-campaigns},
language = {English},
urldate = {2023-03-21}
}
Update to the REF2924 intrusion set and related campaigns DoorMe ShadowPad SiestaGraph |
2022-10-25 ⋅ VMware Threat Analysis Unit ⋅ Takahiro Haruyama @techreport{haruyama:20221025:tracking:1f60260,
author = {Takahiro Haruyama},
title = {{Tracking the entire iceberg: long-term APT malware C2 protocol emulation and scanning}},
date = {2022-10-25},
institution = {VMware Threat Analysis Unit},
url = {https://www.virusbulletin.com/uploads/pdf/conference/vb2022/slides/VB2022-Tracking-the-entire-iceberg.pdf},
language = {English},
urldate = {2022-11-01}
}
Tracking the entire iceberg: long-term APT malware C2 protocol emulation and scanning ShadowPad Winnti |
2022-09-30 ⋅ NCC Group ⋅ William Backhouse, Michael Mullen, Nikolaos Pantazopoulos @online{backhouse:20220930:glimpse:5194be6,
author = {William Backhouse and Michael Mullen and Nikolaos Pantazopoulos},
title = {{A glimpse into the shadowy realm of a Chinese APT: detailed analysis of a ShadowPad intrusion}},
date = {2022-09-30},
organization = {NCC Group},
url = {https://research.nccgroup.com/2022/09/30/a-glimpse-into-the-shadowy-realm-of-a-chinese-apt-detailed-analysis-of-a-shadowpad-intrusion/},
language = {English},
urldate = {2022-10-04}
}
A glimpse into the shadowy realm of a Chinese APT: detailed analysis of a ShadowPad intrusion ShadowPad |
2022-09-19 ⋅ Virus Bulletin ⋅ Takahiro Haruyama @techreport{haruyama:20220919:tracking:bffa146,
author = {Takahiro Haruyama},
title = {{Tracking the entire iceberg - long-term APT malware C2 protocol emulation and scanning}},
date = {2022-09-19},
institution = {Virus Bulletin},
url = {https://www.virusbulletin.com/uploads/pdf/conference/vb2022/papers/VB2022-Tracking-the-entire-iceberg-long-term-APT-malware-C2-protocol-emulation-and-scanning.pdf},
language = {English},
urldate = {2022-11-01}
}
Tracking the entire iceberg - long-term APT malware C2 protocol emulation and scanning ShadowPad Winnti |
2022-09-13 ⋅ Symantec ⋅ Threat Hunter Team @online{team:20220913:new:2ff2e98,
author = {Threat Hunter Team},
title = {{New Wave of Espionage Activity Targets Asian Governments}},
date = {2022-09-13},
organization = {Symantec},
url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/espionage-asia-governments},
language = {English},
urldate = {2022-09-20}
}
New Wave of Espionage Activity Targets Asian Governments MimiKatz PlugX Quasar RAT ShadowPad Trochilus RAT |
2022-09-06 ⋅ ESET Research ⋅ Thibaut Passilly @online{passilly:20220906:worok:0c106ac,
author = {Thibaut Passilly},
title = {{Worok: The big picture}},
date = {2022-09-06},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2022/09/06/worok-big-picture/},
language = {English},
urldate = {2022-09-10}
}
Worok: The big picture MimiKatz PNGLoad reGeorg ShadowPad Worok |
2022-08-04 ⋅ Mandiant ⋅ Mandiant @online{mandiant:20220804:advanced:afb8956,
author = {Mandiant},
title = {{Advanced Persistent Threats (APTs)}},
date = {2022-08-04},
organization = {Mandiant},
url = {https://www.mandiant.com/resources/insights/apt-groups},
language = {English},
urldate = {2022-08-30}
}
Advanced Persistent Threats (APTs) APT1 APT10 APT12 APT14 APT15 APT16 APT17 APT18 APT19 APT2 APT20 APT21 APT22 APT23 APT24 APT27 APT3 APT30 APT31 APT4 APT40 APT5 APT9 Naikon |
2022-07-01 ⋅ RiskIQ ⋅ RiskIQ @online{riskiq:20220701:toddycat:485d554,
author = {RiskIQ},
title = {{ToddyCat: A Guided Journey through the Attacker's Infrastructure}},
date = {2022-07-01},
organization = {RiskIQ},
url = {https://community.riskiq.com/article/d8b749f2},
language = {English},
urldate = {2022-07-15}
}
ToddyCat: A Guided Journey through the Attacker's Infrastructure ShadowPad ToddyCat |
2022-06-27 ⋅ Kaspersky ICS CERT ⋅ Artem Snegirev, Kirill Kruglov @online{snegirev:20220627:attacks:100c151,
author = {Artem Snegirev and Kirill Kruglov},
title = {{Attacks on industrial control systems using ShadowPad}},
date = {2022-06-27},
organization = {Kaspersky ICS CERT},
url = {https://ics-cert.kaspersky.com/publications/reports/2022/06/27/attacks-on-industrial-control-systems-using-shadowpad/},
language = {English},
urldate = {2022-06-29}
}
Attacks on industrial control systems using ShadowPad Cobalt Strike PlugX ShadowPad |
2022-05-17 ⋅ Positive Technologies ⋅ Positive Technologies @online{technologies:20220517:space:abd655a,
author = {Positive Technologies},
title = {{Space Pirates: analyzing the tools and connections of a new hacker group}},
date = {2022-05-17},
organization = {Positive Technologies},
url = {https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/space-pirates-tools-and-connections/},
language = {English},
urldate = {2022-05-25}
}
Space Pirates: analyzing the tools and connections of a new hacker group FormerFirstRAT PlugX Poison Ivy Rovnix ShadowPad Zupdax |
2022-05-12 ⋅ TEAMT5 ⋅ Leon Chang, Silvia Yeh @techreport{chang:20220512:next:5fd8a83,
author = {Leon Chang and Silvia Yeh},
title = {{The Next Gen PlugX/ShadowPad? A Dive into the Emerging China-Nexus Modular Trojan, Pangolin8RAT (slides)}},
date = {2022-05-12},
institution = {TEAMT5},
url = {https://i.blackhat.com/Asia-22/Thursday-Materials/AS-22-LeonSilvia-NextGenPlugXShadowPad.pdf},
language = {English},
urldate = {2022-08-08}
}
The Next Gen PlugX/ShadowPad? A Dive into the Emerging China-Nexus Modular Trojan, Pangolin8RAT (slides) KEYPLUG Cobalt Strike CROSSWALK FunnySwitch PlugX ShadowPad Winnti SLIME29 TianWu |
2022-05-04 ⋅ Cybereason ⋅ Chen Erlich, Fusao Tanida, Ofir Ozer, Akihiro Tomita, Niv Yona, Daniel Frank, Assaf Dahan @online{erlich:20220504:operation:0d23595,
author = {Chen Erlich and Fusao Tanida and Ofir Ozer and Akihiro Tomita and Niv Yona and Daniel Frank and Assaf Dahan},
title = {{Operation CuckooBees: Deep-Dive into Stealthy Winnti Techniques}},
date = {2022-05-04},
organization = {Cybereason},
url = {https://www.cybereason.com/blog/operation-cuckoobees-deep-dive-into-stealthy-winnti-techniques},
language = {English},
urldate = {2022-05-09}
}
Operation CuckooBees: Deep-Dive into Stealthy Winnti Techniques PRIVATELOG Spyder STASHLOG Winnti |
2022-05-04 ⋅ Cybereason ⋅ Chen Erlich, Fusao Tanida, Ofir Ozer, Akihiro Tomita, Niv Yona, Daniel Frank, Assaf Dahan @online{erlich:20220504:operation:e40ec58,
author = {Chen Erlich and Fusao Tanida and Ofir Ozer and Akihiro Tomita and Niv Yona and Daniel Frank and Assaf Dahan},
title = {{Operation CuckooBees: A Winnti Malware Arsenal Deep-Dive}},
date = {2022-05-04},
organization = {Cybereason},
url = {https://www.cybereason.com/blog/operation-cuckoobees-a-winnti-malware-arsenal-deep-dive},
language = {English},
urldate = {2022-05-05}
}
Operation CuckooBees: A Winnti Malware Arsenal Deep-Dive PRIVATELOG Spyder STASHLOG Winnti |
2022-05-02 ⋅ Sentinel LABS ⋅ Joey Chen, Amitai Ben Shushan Ehrlich @online{chen:20220502:moshen:1969df2,
author = {Joey Chen and Amitai Ben Shushan Ehrlich},
title = {{Moshen Dragon’s Triad-and-Error Approach | Abusing Security Software to Sideload PlugX and ShadowPad}},
date = {2022-05-02},
organization = {Sentinel LABS},
url = {https://www.sentinelone.com/labs/moshen-dragons-triad-and-error-approach-abusing-security-software-to-sideload-plugx-and-shadowpad/},
language = {English},
urldate = {2022-05-04}
}
Moshen Dragon’s Triad-and-Error Approach | Abusing Security Software to Sideload PlugX and ShadowPad PlugX ShadowPad |
2022-05-01 ⋅ BushidoToken ⋅ BushidoToken @online{bushidotoken:20220501:gamer:0acfc22,
author = {BushidoToken},
title = {{Gamer Cheater Hacker Spy}},
date = {2022-05-01},
organization = {BushidoToken},
url = {https://blog.bushidotoken.net/2022/05/gamer-cheater-hacker-spy.html},
language = {English},
urldate = {2022-05-03}
}
Gamer Cheater Hacker Spy Egregor HelloKitty NetfilterRootkit RagnarLocker Winnti |
2022-04-08 ⋅ The Register ⋅ Laura Dobberstein @online{dobberstein:20220408:china:6626bbc,
author = {Laura Dobberstein},
title = {{China accused of cyberattacks on Indian power grid}},
date = {2022-04-08},
organization = {The Register},
url = {https://www.theregister.com/2022/04/08/china_sponsored_attacks_india_ukraine/},
language = {English},
urldate = {2022-04-12}
}
China accused of cyberattacks on Indian power grid ShadowPad |
2022-04-06 ⋅ Recorded Future ⋅ Insikt Group® @techreport{group:20220406:continued:dcee8d2,
author = {Insikt Group®},
title = {{Continued Targeting of Indian Power Grid Assets by Chinese State-Sponsored Activity Group (TAG-38)}},
date = {2022-04-06},
institution = {Recorded Future},
url = {https://go.recordedfuture.com/hubfs/reports/ta-2022-0406.pdf},
language = {English},
urldate = {2022-08-05}
}
Continued Targeting of Indian Power Grid Assets by Chinese State-Sponsored Activity Group (TAG-38) ShadowPad |
2022-04-06 ⋅ Recorded Future ⋅ Insikt Group @online{group:20220406:continued:cdf57e5,
author = {Insikt Group},
title = {{Continued Targeting of Indian Power Grid Assets by Chinese State-Sponsored Activity Group}},
date = {2022-04-06},
organization = {Recorded Future},
url = {https://www.recordedfuture.com/continued-targeting-of-indian-power-grid-assets/},
language = {English},
urldate = {2022-04-12}
}
Continued Targeting of Indian Power Grid Assets by Chinese State-Sponsored Activity Group ShadowPad |
2022-02-23 ⋅ Dragos ⋅ Dragos @techreport{dragos:20220223:2021:539931a,
author = {Dragos},
title = {{2021 ICS OT Cybersecurity Year In Review}},
date = {2022-02-23},
institution = {Dragos},
url = {https://hub.dragos.com/hubfs/333%20Year%20in%20Review/2021/2021%20ICS%20OT%20Cybersecurity%20Year%20In%20Review%20-%20Dragos%202021.pdf},
language = {English},
urldate = {2022-04-12}
}
2021 ICS OT Cybersecurity Year In Review ShadowPad |
2022-02-15 ⋅ The Hacker News ⋅ Ravie Lakshmanan @online{lakshmanan:20220215:researchers:834fc13,
author = {Ravie Lakshmanan},
title = {{Researchers Link ShadowPad Malware Attacks to Chinese Ministry and PLA}},
date = {2022-02-15},
organization = {The Hacker News},
url = {https://thehackernews.com/2022/02/researchers-link-shadowpad-malware.html},
language = {English},
urldate = {2022-02-17}
}
Researchers Link ShadowPad Malware Attacks to Chinese Ministry and PLA ShadowPad |
2022-02-15 ⋅ Secureworks ⋅ Counter Threat Unit ResearchTeam @online{researchteam:20220215:shadowpad:cd3fa10,
author = {Counter Threat Unit ResearchTeam},
title = {{ShadowPad Malware Analysis}},
date = {2022-02-15},
organization = {Secureworks},
url = {https://www.secureworks.com/research/shadowpad-malware-analysis},
language = {English},
urldate = {2022-02-17}
}
ShadowPad Malware Analysis ShadowPad |
2022-01-17 ⋅ Trend Micro ⋅ Joseph Chen, Kenney Lu, Gloria Chen, Jaromír Hořejší, Daniel Lunghi, Cedric Pernet @techreport{chen:20220117:delving:4cd2b1c,
author = {Joseph Chen and Kenney Lu and Gloria Chen and Jaromír Hořejší and Daniel Lunghi and Cedric Pernet},
title = {{Delving Deep: An Analysis of Earth Lusca’s Operations}},
date = {2022-01-17},
institution = {Trend Micro},
url = {https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf},
language = {English},
urldate = {2022-07-25}
}
Delving Deep: An Analysis of Earth Lusca’s Operations BIOPASS Cobalt Strike FunnySwitch JuicyPotato ShadowPad Winnti Earth Lusca |
2021-12-17 ⋅ FBI ⋅ FBI @techreport{fbi:20211217:ac000159mw:03082da,
author = {FBI},
title = {{AC-000159-MW: APT Actors Exploiting Newly-Identified Zero Day in ManageEngine Desktop Central (CVE-2021-44515)}},
date = {2021-12-17},
institution = {FBI},
url = {https://www.ic3.gov/Media/News/2021/211220.pdf},
language = {English},
urldate = {2021-12-23}
}
AC-000159-MW: APT Actors Exploiting Newly-Identified Zero Day in ManageEngine Desktop Central (CVE-2021-44515) ShadowPad |
2021-12-16 ⋅ TEAMT5 ⋅ Charles Li, Aragorn Tseng, Peter Syu, Tom Lai @online{li:20211216:winnti:adce3fa,
author = {Charles Li and Aragorn Tseng and Peter Syu and Tom Lai},
title = {{Winnti is Coming - Evolution after Prosecution}},
date = {2021-12-16},
organization = {TEAMT5},
url = {https://speakerdeck.com/aragorntseng/winnti-is-coming-evolution-after-prosecution-at-hitcon2021},
language = {English},
urldate = {2023-04-28}
}
Winnti is Coming - Evolution after Prosecution Cobalt Strike FishMaster FunnySwitch HIGHNOON ShadowPad Spyder |
2021-12-08 ⋅ PWC UK ⋅ Adam Prescott @online{prescott:20211208:chasing:3921a35,
author = {Adam Prescott},
title = {{Chasing Shadows: A deep dive into the latest obfuscation methods being used by ShadowPad}},
date = {2021-12-08},
organization = {PWC UK},
url = {https://www.pwc.co.uk/issues/cyber-security-services/research/chasing-shadows.html},
language = {English},
urldate = {2021-12-13}
}
Chasing Shadows: A deep dive into the latest obfuscation methods being used by ShadowPad ShadowPad Earth Lusca |
2021-11-19 ⋅ insomniacs(Medium) ⋅ Asuna Amawaka @online{amawaka:20211119:its:bd24ebf,
author = {Asuna Amawaka},
title = {{It’s a BEE! It’s a… no, it’s ShadowPad.}},
date = {2021-11-19},
organization = {insomniacs(Medium)},
url = {https://medium.com/insomniacs/its-a-bee-it-s-a-no-it-s-shadowpad-aff6a970a1c2},
language = {English},
urldate = {2021-11-25}
}
It’s a BEE! It’s a… no, it’s ShadowPad. ShadowPad |
2021-11-16 ⋅ vmware ⋅ Takahiro Haruyama @online{haruyama:20211116:monitoring:e4ca54e,
author = {Takahiro Haruyama},
title = {{Monitoring Winnti 4.0 C2 Servers for Two Years}},
date = {2021-11-16},
organization = {vmware},
url = {https://blogs.vmware.com/security/2021/11/monitoring-winnti-4-0-c2-servers-for-two-years.html},
language = {English},
urldate = {2021-11-17}
}
Monitoring Winnti 4.0 C2 Servers for Two Years Winnti |
2021-11-04 ⋅ Youtube (Virus Bulletin) ⋅ Yi-Jhen Hsieh, Joey Chen @online{hsieh:20211104:shadowpad:8dbd5c7,
author = {Yi-Jhen Hsieh and Joey Chen},
title = {{ShadowPad: the masterpiece of privately sold malware in Chinese espionage}},
date = {2021-11-04},
organization = {Youtube (Virus Bulletin)},
url = {https://www.youtube.com/watch?v=r1zAVX_HnJg},
language = {English},
urldate = {2022-08-08}
}
ShadowPad: the masterpiece of privately sold malware in Chinese espionage PlugX ShadowPad |
2021-10-26 ⋅ Kaspersky ⋅ Kaspersky Lab ICS CERT @techreport{cert:20211026:attacks:6f30d0f,
author = {Kaspersky Lab ICS CERT},
title = {{APT attacks on industrial organizations in H1 2021}},
date = {2021-10-26},
institution = {Kaspersky},
url = {https://ics-cert.kaspersky.com/media/Kaspersky-ICS-CERT-APT-attacks-on-industrial-organizations-in-H1-2021-En.pdf},
language = {English},
urldate = {2021-11-08}
}
APT attacks on industrial organizations in H1 2021 8.t Dropper AllaKore AsyncRAT GoldMax LimeRAT NjRAT NoxPlayer Raindrop ReverseRAT ShadowPad Zebrocy |
2021-09-28 ⋅ Recorded Future ⋅ Insikt Group® @online{group:20210928:4:069b441,
author = {Insikt Group®},
title = {{4 Chinese APT Groups Identified Targeting Mail Server of Afghan Telecommunications Firm Roshan}},
date = {2021-09-28},
organization = {Recorded Future},
url = {https://www.recordedfuture.com/chinese-apt-groups-target-afghan-telecommunications-firm/},
language = {English},
urldate = {2021-10-11}
}
4 Chinese APT Groups Identified Targeting Mail Server of Afghan Telecommunications Firm Roshan PlugX Winnti |
2021-09-21 ⋅ Recorded Future ⋅ Insikt Group® @techreport{group:20210921:chinalinked:8959683,
author = {Insikt Group®},
title = {{China-Linked Group TAG-28 Targets India’s “The Times Group” and UIDAI (Aadhaar) Government Agency With Winnti Malware}},
date = {2021-09-21},
institution = {Recorded Future},
url = {https://go.recordedfuture.com/hubfs/reports/cta-2021-0921.pdf},
language = {English},
urldate = {2021-10-11}
}
China-Linked Group TAG-28 Targets India’s “The Times Group” and UIDAI (Aadhaar) Government Agency With Winnti Malware Winnti |
2021-09-14 ⋅ McAfee ⋅ Christiaan Beek @online{beek:20210914:operation:95aed8d,
author = {Christiaan Beek},
title = {{Operation ‘Harvest’: A Deep Dive into a Long-term Campaign}},
date = {2021-09-14},
organization = {McAfee},
url = {https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/operation-harvest-a-deep-dive-into-a-long-term-campaign/},
language = {English},
urldate = {2021-09-19}
}
Operation ‘Harvest’: A Deep Dive into a Long-term Campaign MimiKatz PlugX Winnti |
2021-09-01 ⋅ YouTube (Hack In The Box Security Conference) ⋅ Yi-Jhen Hsieh, Joey Chen @online{hsieh:20210901:shadowpad:f9ae111,
author = {Yi-Jhen Hsieh and Joey Chen},
title = {{SHADOWPAD: Chinese Espionage Malware-as-a-Service}},
date = {2021-09-01},
organization = {YouTube (Hack In The Box Security Conference)},
url = {https://www.youtube.com/watch?v=IRh6R8o1Q7U},
language = {English},
urldate = {2022-08-08}
}
SHADOWPAD: Chinese Espionage Malware-as-a-Service PlugX ShadowPad |
2021-08-23 ⋅ SentinelOne ⋅ Yi-Jhen Hsieh, Joey Chen @techreport{hsieh:20210823:shadowpad:58780f1,
author = {Yi-Jhen Hsieh and Joey Chen},
title = {{ShadowPad: the Masterpiece of Privately Sold Malware in Chinese Espionage}},
date = {2021-08-23},
institution = {SentinelOne},
url = {https://conference.hitb.org/hitbsecconf2021sin/materials/D1T1%20-%20%20ShadowPad%20-%20A%20Masterpiece%20of%20Privately%20Sold%20Malware%20in%20Chinese%20Espionage%20-%20Yi-Jhen%20Hsieh%20&%20Joey%20Chen.pdf},
language = {English},
urldate = {2022-07-18}
}
ShadowPad: the Masterpiece of Privately Sold Malware in Chinese Espionage PlugX ShadowPad |
2021-08-19 ⋅ Sentinel LABS ⋅ Yi-Jhen Hsieh, Joey Chen @online{hsieh:20210819:shadowpad:04bbb1e,
author = {Yi-Jhen Hsieh and Joey Chen},
title = {{ShadowPad | A Masterpiece of Privately Sold Malware in Chinese Espionage}},
date = {2021-08-19},
organization = {Sentinel LABS},
url = {https://labs.sentinelone.com/shadowpad-a-masterpiece-of-privately-sold-malware-in-chinese-espionage/},
language = {English},
urldate = {2021-08-23}
}
ShadowPad | A Masterpiece of Privately Sold Malware in Chinese Espionage ShadowPad |
2021-08-12 ⋅ Sentinel LABS ⋅ SentinelLabs @techreport{sentinellabs:20210812:shadowpad:61c0a20,
author = {SentinelLabs},
title = {{ShadowPad: A Masterpiece of Privately Sold Malware in Chinese Espionage}},
date = {2021-08-12},
institution = {Sentinel LABS},
url = {https://www.sentinelone.com/wp-content/uploads/2021/08/SentinelOne_-SentinelLabs_ShadowPad_WP_V2.pdf},
language = {English},
urldate = {2022-07-25}
}
ShadowPad: A Masterpiece of Privately Sold Malware in Chinese Espionage ShadowPad Earth Lusca |
2021-07-08 ⋅ Recorded Future ⋅ Insikt Group® @online{group:20210708:chinese:98d34d3,
author = {Insikt Group®},
title = {{Chinese State-Sponsored Activity Group TAG-22 Targets Nepal, the Philippines, and Taiwan Using Winnti and Other Tooling}},
date = {2021-07-08},
organization = {Recorded Future},
url = {https://www.recordedfuture.com/chinese-group-tag-22-targets-nepal-philippines-taiwan/},
language = {English},
urldate = {2021-07-12}
}
Chinese State-Sponsored Activity Group TAG-22 Targets Nepal, the Philippines, and Taiwan Using Winnti and Other Tooling ShadowPad Spyder Winnti |
2021-07-08 ⋅ YouTube (PT Product Update) ⋅ Denis Kuvshinov @online{kuvshinov:20210708:how:ea6d201,
author = {Denis Kuvshinov},
title = {{How winnti APT grouping works}},
date = {2021-07-08},
organization = {YouTube (PT Product Update)},
url = {https://www.youtube.com/watch?v=_fstHQSK-kk},
language = {Russian},
urldate = {2021-09-20}
}
How winnti APT grouping works Korlia ShadowPad Winnti |
2021-07-08 ⋅ PTSecurity ⋅ Denis Kuvshinov @techreport{kuvshinov:20210708:how:2e5a659,
author = {Denis Kuvshinov},
title = {{How winnti APT grouping works}},
date = {2021-07-08},
institution = {PTSecurity},
url = {https://www.ptsecurity.com/upload/corporate/ru-ru/webinars/ics/winnti-shadowpad.pdf},
language = {Russian},
urldate = {2021-09-20}
}
How winnti APT grouping works Korlia ShadowPad Winnti |
2021-07-07 ⋅ Trend Micro ⋅ Joseph C Chen, Kenney Lu, Jaromír Hořejší, Gloria Chen @online{chen:20210707:biopass:88dcdc2,
author = {Joseph C Chen and Kenney Lu and Jaromír Hořejší and Gloria Chen},
title = {{BIOPASS RAT: New Malware Sniffs Victims via Live Streaming}},
date = {2021-07-07},
organization = {Trend Micro},
url = {https://www.trendmicro.com/en_us/research/21/g/biopass-rat-new-malware-sniffs-victims-via-live-streaming.html},
language = {English},
urldate = {2021-07-19}
}
BIOPASS RAT: New Malware Sniffs Victims via Live Streaming BIOPASS Cobalt Strike Derusbi |
2021-04-29 ⋅ NTT ⋅ Threat Detection NTT Ltd. @techreport{ltd:20210429:operations:a7ad0d4,
author = {Threat Detection NTT Ltd.},
title = {{The Operations of Winnti group}},
date = {2021-04-29},
institution = {NTT},
url = {https://hello.global.ntt/-/media/ntt/global/insights/white-papers/the-operations-of-winnti-group.pdf},
language = {English},
urldate = {2021-08-09}
}
The Operations of Winnti group Cobalt Strike ShadowPad Spyder Winnti Earth Lusca |
2021-03-29 ⋅ The Record ⋅ Catalin Cimpanu @online{cimpanu:20210329:redecho:30b16b4,
author = {Catalin Cimpanu},
title = {{RedEcho group parks domains after public exposure}},
date = {2021-03-29},
organization = {The Record},
url = {https://therecord.media/redecho-group-parks-domains-after-public-exposure/},
language = {English},
urldate = {2021-03-31}
}
RedEcho group parks domains after public exposure PlugX ShadowPad RedEcho |
2021-03-10 ⋅ ESET Research ⋅ Thomas Dupuy, Matthieu Faou, Mathieu Tartare @online{dupuy:20210310:exchange:8f65a1f,
author = {Thomas Dupuy and Matthieu Faou and Mathieu Tartare},
title = {{Exchange servers under siege from at least 10 APT groups}},
date = {2021-03-10},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/},
language = {English},
urldate = {2021-03-11}
}
Exchange servers under siege from at least 10 APT groups Microcin MimiKatz PlugX Winnti APT27 APT41 Calypso Tick ToddyCat Tonto Team Vicious Panda |
2021-02-28 ⋅ Recorded Future ⋅ Insikt Group® @techreport{group:20210228:chinalinked:2fb1230,
author = {Insikt Group®},
title = {{China-Linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions}},
date = {2021-02-28},
institution = {Recorded Future},
url = {https://go.recordedfuture.com/hubfs/reports/cta-2021-0228.pdf},
language = {English},
urldate = {2021-03-04}
}
China-Linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions Icefog PlugX ShadowPad |
2021-02-28 ⋅ Recorded Future ⋅ Insikt Group® @online{group:20210228:chinalinked:ce3b62d,
author = {Insikt Group®},
title = {{China-linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions}},
date = {2021-02-28},
organization = {Recorded Future},
url = {https://www.recordedfuture.com/redecho-targeting-indian-power-sector/},
language = {English},
urldate = {2021-03-31}
}
China-linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions PlugX ShadowPad RedEcho |
2021-02-28 ⋅ PWC UK ⋅ PWC UK @techreport{uk:20210228:cyber:bd780cd,
author = {PWC UK},
title = {{Cyber Threats 2020: A Year in Retrospect}},
date = {2021-02-28},
institution = {PWC UK},
url = {https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf},
language = {English},
urldate = {2021-03-04}
}
Cyber Threats 2020: A Year in Retrospect elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare APT10 APT23 APT27 APT31 APT41 BlackTech BRONZE EDGEWOOD Inception Framework MUSTANG PANDA Red Charon Red Nue Sea Turtle Tonto Team |
2021-02-23 ⋅ CrowdStrike ⋅ CrowdStrike @techreport{crowdstrike:20210223:2021:bf5bc4f,
author = {CrowdStrike},
title = {{2021 Global Threat Report}},
date = {2021-02-23},
institution = {CrowdStrike},
url = {https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf},
language = {English},
urldate = {2021-02-25}
}
2021 Global Threat Report RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader KNOCKOUT SPIDER OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER |
2021-01-20 ⋅ FireEye ⋅ Andrew Davis @online{davis:20210120:emulation:4061f1c,
author = {Andrew Davis},
title = {{Emulation of Kernel Mode Rootkits With Speakeasy}},
date = {2021-01-20},
organization = {FireEye},
url = {https://www.fireeye.com/blog/threat-research/2021/01/emulation-of-kernel-mode-rootkits-with-speakeasy.html},
language = {English},
urldate = {2021-01-25}
}
Emulation of Kernel Mode Rootkits With Speakeasy Winnti |
2021-01-14 ⋅ PTSecurity ⋅ PT ESC Threat Intelligence @online{intelligence:20210114:higaisa:4676ec7,
author = {PT ESC Threat Intelligence},
title = {{Higaisa or Winnti? APT41 backdoors, old and new}},
date = {2021-01-14},
organization = {PTSecurity},
url = {https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/higaisa-or-winnti-apt-41-backdoors-old-and-new/},
language = {English},
urldate = {2021-02-09}
}
Higaisa or Winnti? APT41 backdoors, old and new Cobalt Strike CROSSWALK FunnySwitch PlugX ShadowPad |
2020-12-26 ⋅ CYBER GEEKS All Things Infosec ⋅ CyberMasterV @online{cybermasterv:20201226:analyzing:b94f52e,
author = {CyberMasterV},
title = {{Analyzing APT19 malware using a step-by-step method}},
date = {2020-12-26},
organization = {CYBER GEEKS All Things Infosec},
url = {https://cybergeeks.tech/analyzing-apt19-malware-using-a-step-by-step-method/},
language = {English},
urldate = {2021-01-01}
}
Analyzing APT19 malware using a step-by-step method Derusbi |
2020-12-24 ⋅ IronNet ⋅ Adam Hlavek @online{hlavek:20201224:china:723bed3,
author = {Adam Hlavek},
title = {{China cyber attacks: the current threat landscape}},
date = {2020-12-24},
organization = {IronNet},
url = {https://www.ironnet.com/blog/china-cyber-attacks-the-current-threat-landscape},
language = {English},
urldate = {2021-01-01}
}
China cyber attacks: the current threat landscape PLEAD TSCookie FlowCloud Lookback PLEAD PlugX Quasar RAT Winnti |
2020-12-10 ⋅ ESET Research ⋅ Mathieu Tartare @online{tartare:20201210:operation:0eecfc8,
author = {Mathieu Tartare},
title = {{Operation StealthyTrident: corporate software under attack}},
date = {2020-12-10},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2020/12/10/luckymouse-ta428-compromise-able-desktop/},
language = {English},
urldate = {2020-12-10}
}
Operation StealthyTrident: corporate software under attack HyperBro PlugX ShadowPad Tmanger |
2020-11-23 ⋅ Youtube (OWASP DevSlop) ⋅ Negar Shabab, Noushin Shabab @online{shabab:20201123:compromised:6dd1417,
author = {Negar Shabab and Noushin Shabab},
title = {{Compromised Compilers - A new perspective of supply chain cyber attacks}},
date = {2020-11-23},
organization = {Youtube (OWASP DevSlop)},
url = {https://www.youtube.com/watch?v=55kaaMGBARM},
language = {English},
urldate = {2020-11-23}
}
Compromised Compilers - A new perspective of supply chain cyber attacks ShadowPad |
2020-11-03 ⋅ Kaspersky Labs ⋅ GReAT @online{great:20201103:trends:febc159,
author = {GReAT},
title = {{APT trends report Q3 2020}},
date = {2020-11-03},
organization = {Kaspersky Labs},
url = {https://securelist.com/apt-trends-report-q3-2020/99204/},
language = {English},
urldate = {2020-11-04}
}
APT trends report Q3 2020 WellMail EVILNUM Janicab Poet RAT AsyncRAT Ave Maria Cobalt Strike Crimson RAT CROSSWALK Dtrack LODEINFO MoriAgent Okrum PlugX poisonplug Rover ShadowPad SoreFang Winnti |
2020-10-27 ⋅ Dr.Web ⋅ Dr.Web @techreport{drweb:20201027:study:9f6e628,
author = {Dr.Web},
title = {{Study of the ShadowPad APT backdoor and its relation to PlugX}},
date = {2020-10-27},
institution = {Dr.Web},
url = {https://st.drweb.com/static/new-www/news/2020/october/Study_of_the_ShadowPad_APT_backdoor_and_its_relation_to_PlugX_en.pdf},
language = {English},
urldate = {2020-10-29}
}
Study of the ShadowPad APT backdoor and its relation to PlugX Ghost RAT PlugX ShadowPad |
2020-10-12 ⋅ Malwarebytes Labs ⋅ Roberto Santos, Hossein Jazi, Jérôme Segura, Malwarebytes Threat Intelligence Team @techreport{santos:20201012:winnti:597eacc,
author = {Roberto Santos and Hossein Jazi and Jérôme Segura and Malwarebytes Threat Intelligence Team},
title = {{Winnti APT group docks in Sri Lanka for new campaign}},
date = {2020-10-12},
institution = {Malwarebytes Labs},
url = {https://www.malwarebytes.com/blog/threat-intelligence/2022/winnti-apt-group-docks-in-sri-lanka-for-new-campaign-final.pdf},
language = {English},
urldate = {2022-11-18}
}
Winnti APT group docks in Sri Lanka for new campaign DBoxAgent SerialVlogger Winnti |
2020-09-18 ⋅ Symantec ⋅ Threat Hunter Team @online{team:20200918:apt41:363daa8,
author = {Threat Hunter Team},
title = {{APT41: Indictments Put Chinese Espionage Group in the Spotlight}},
date = {2020-09-18},
organization = {Symantec},
url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/apt41-indictments-china-espionage},
language = {English},
urldate = {2020-09-23}
}
APT41: Indictments Put Chinese Espionage Group in the Spotlight CROSSWALK PlugX poisonplug ShadowPad Winnti |
2020-09-08 ⋅ PTSecurity ⋅ PTSecurity @techreport{ptsecurity:20200908:shadowpad:2903f45,
author = {PTSecurity},
title = {{ShadowPad: new activity from the Winnti group}},
date = {2020-09-08},
institution = {PTSecurity},
url = {https://www.ptsecurity.com/upload/corporate/ww-en/pt-esc/winnti-2020-eng.pdf},
language = {English},
urldate = {2020-10-08}
}
ShadowPad: new activity from the Winnti group CCleaner Backdoor Korlia ShadowPad TypeHash |
2020-08-06 ⋅ Wired ⋅ Andy Greenberg @online{greenberg:20200806:chinese:32c43e3,
author = {Andy Greenberg},
title = {{Chinese Hackers Have Pillaged Taiwan's Semiconductor Industry}},
date = {2020-08-06},
organization = {Wired},
url = {https://www.wired.com/story/chinese-hackers-taiwan-semiconductor-industry-skeleton-key/},
language = {English},
urldate = {2020-11-04}
}
Chinese Hackers Have Pillaged Taiwan's Semiconductor Industry Cobalt Strike MimiKatz Winnti Red Charon |
2020-08-04 ⋅ BlackHat ⋅ Chung-Kuan Chen, Inndy Lin, Shang-De Jiang @techreport{chen:20200804:operation:4cf417f,
author = {Chung-Kuan Chen and Inndy Lin and Shang-De Jiang},
title = {{Operation Chimera - APT Operation Targets Semiconductor Vendors}},
date = {2020-08-04},
institution = {BlackHat},
url = {https://i.blackhat.com/USA-20/Thursday/us-20-Chen-Operation-Chimera-APT-Operation-Targets-Semiconductor-Vendors.pdf},
language = {English},
urldate = {2020-11-04}
}
Operation Chimera - APT Operation Targets Semiconductor Vendors Cobalt Strike MimiKatz Winnti Red Charon |
2020-07-29 ⋅ Kaspersky Labs ⋅ GReAT @online{great:20200729:trends:6810325,
author = {GReAT},
title = {{APT trends report Q2 2020}},
date = {2020-07-29},
organization = {Kaspersky Labs},
url = {https://securelist.com/apt-trends-report-q2-2020/97937/},
language = {English},
urldate = {2020-07-30}
}
APT trends report Q2 2020 PhantomLance Dacls Penquin Turla elf.wellmess AppleJeus Dacls AcidBox Cobalt Strike Dacls EternalPetya Godlike12 Olympic Destroyer PlugX shadowhammer ShadowPad Sinowal VHD Ransomware Volgmer WellMess X-Agent XTunnel |
2020-07-14 ⋅ CrowdStrike ⋅ Falcon OverWatch Team @online{team:20200714:manufacturing:3e552ec,
author = {Falcon OverWatch Team},
title = {{Manufacturing Industry in the Adversaries’ Crosshairs}},
date = {2020-07-14},
organization = {CrowdStrike},
url = {https://www.crowdstrike.com/blog/adversaries-targeting-the-manufacturing-industry/},
language = {English},
urldate = {2020-07-23}
}
Manufacturing Industry in the Adversaries’ Crosshairs ShadowPad Snake |
2020-05-07 ⋅ Council on Foreign Relations ⋅ Cyber Operations Tracker @online{tracker:20200507:axiom:da87987,
author = {Cyber Operations Tracker},
title = {{Axiom}},
date = {2020-05-07},
organization = {Council on Foreign Relations},
url = {https://cfr.org/cyber-operations/axiom},
language = {English},
urldate = {2022-08-30}
}
Axiom APT17 |
2020-04-20 ⋅ QuoScient ⋅ QuoIntelligence @online{quointelligence:20200420:winnti:6a4fb66,
author = {QuoIntelligence},
title = {{WINNTI GROUP: Insights From the Past}},
date = {2020-04-20},
organization = {QuoScient},
url = {https://quointelligence.eu/2020/04/winnti-group-insights-from-the-past/},
language = {English},
urldate = {2020-04-21}
}
WINNTI GROUP: Insights From the Past Winnti |
2020-04-13 ⋅ Palo Alto Networks Unit 42 ⋅ Bryan Lee, Robert Falcone, Jen Miller-Osborn @online{lee:20200413:apt41:fdd4c46,
author = {Bryan Lee and Robert Falcone and Jen Miller-Osborn},
title = {{APT41 Using New Speculoos Backdoor to Target Organizations Globally}},
date = {2020-04-13},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/apt41-using-new-speculoos-backdoor-to-target-organizations-globally/},
language = {English},
urldate = {2020-04-14}
}
APT41 Using New Speculoos Backdoor to Target Organizations Globally Speculoos APT41 |
2020-03-25 ⋅ FireEye ⋅ Christopher Glyer, Dan Perez, Sarah Jones, Steve Miller @online{glyer:20200325:this:0bc322f,
author = {Christopher Glyer and Dan Perez and Sarah Jones and Steve Miller},
title = {{This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits}},
date = {2020-03-25},
organization = {FireEye},
url = {https://www.fireeye.com/blog/threat-research/2020/03/apt41-initiates-global-intrusion-campaign-using-multiple-exploits.html},
language = {English},
urldate = {2020-04-14}
}
This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits Speculoos Cobalt Strike |
2020-03-04 ⋅ CrowdStrike ⋅ CrowdStrike @techreport{crowdstrike:20200304:2020:818c85f,
author = {CrowdStrike},
title = {{2020 CrowdStrike Global Threat Report}},
date = {2020-03-04},
institution = {CrowdStrike},
url = {https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf},
language = {English},
urldate = {2020-07-24}
}
2020 CrowdStrike Global Threat Report MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelDridex DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot Vidar Winnti ANTHROPOID SPIDER APT23 APT31 APT39 APT40 BlackTech BuhTrap Charming Kitten CLOCKWORK SPIDER DOPPEL SPIDER FIN7 Gamaredon Group GOBLIN PANDA MONTY SPIDER MUSTANG PANDA NARWHAL SPIDER NOCTURNAL SPIDER PINCHY SPIDER SALTY SPIDER SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER VICEROY TIGER |
2020-03-03 ⋅ PWC UK ⋅ PWC UK @techreport{uk:20200303:cyber:1f1eef0,
author = {PWC UK},
title = {{Cyber Threats 2019:A Year in Retrospect}},
date = {2020-03-03},
institution = {PWC UK},
url = {https://www.pwc.co.uk/cyber-security/assets/cyber-threats-2019-retrospect.pdf},
language = {English},
urldate = {2020-03-03}
}
Cyber Threats 2019:A Year in Retrospect KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare APT41 MUSTANG PANDA Sea Turtle |
2020-03-03 ⋅ GIthub (superkhung) ⋅ superkhung @online{superkhung:20200303:github:8ea37ed,
author = {superkhung},
title = {{GitHub Repository: winnti-sniff}},
date = {2020-03-03},
organization = {GIthub (superkhung)},
url = {https://github.com/superkhung/winnti-sniff},
language = {English},
urldate = {2020-03-04}
}
GitHub Repository: winnti-sniff Winnti |
2020-02-20 ⋅ Carbon Black ⋅ Takahiro Haruyama @online{haruyama:20200220:threat:aa4ef11,
author = {Takahiro Haruyama},
title = {{Threat Analysis: Active C2 Discovery Using Protocol Emulation Part2 (Winnti 4.0)}},
date = {2020-02-20},
organization = {Carbon Black},
url = {https://www.carbonblack.com/2020/02/20/threat-analysis-active-c2-discovery-using-protocol-emulation-part2-winnti-4-0/},
language = {English},
urldate = {2020-02-21}
}
Threat Analysis: Active C2 Discovery Using Protocol Emulation Part2 (Winnti 4.0) Winnti |
2020-01-31 ⋅ ESET Research ⋅ Mathieu Tartare @online{tartare:20200131:winnti:9f891e4,
author = {Mathieu Tartare},
title = {{Winnti Group targeting universities in Hong Kong}},
date = {2020-01-31},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2020/01/31/winnti-group-targeting-universities-hong-kong/},
language = {English},
urldate = {2020-02-03}
}
Winnti Group targeting universities in Hong Kong ShadowPad Winnti |
2020-01-31 ⋅ Tagesschau ⋅ Jan Lukas Strozyk @online{strozyk:20200131:deutsches:d0a9221,
author = {Jan Lukas Strozyk},
title = {{Deutsches Chemieunternehmen gehackt}},
date = {2020-01-31},
organization = {Tagesschau},
url = {https://www.tagesschau.de/investigativ/ndr/hackerangriff-chemieunternehmen-101.html},
language = {German},
urldate = {2020-02-03}
}
Deutsches Chemieunternehmen gehackt Winnti |
2020-01-29 ⋅ nao_sec blog ⋅ nao_sec @online{naosec:20200129:overhead:ec0aeb5,
author = {nao_sec},
title = {{An Overhead View of the Royal Road}},
date = {2020-01-29},
organization = {nao_sec blog},
url = {https://nao-sec.org/2020/01/an-overhead-view-of-the-royal-road.html},
language = {English},
urldate = {2020-02-03}
}
An Overhead View of the Royal Road BLACKCOFFEE Cotx RAT Datper DDKONG Derusbi Icefog Korlia NewCore RAT PLAINTEE Poison Ivy Sisfader |
2020 ⋅ Secureworks ⋅ SecureWorks @online{secureworks:2020:bronze:4118462,
author = {SecureWorks},
title = {{BRONZE ATLAS}},
date = {2020},
organization = {Secureworks},
url = {https://www.secureworks.com/research/threat-profiles/bronze-atlas},
language = {English},
urldate = {2020-05-23}
}
BRONZE ATLAS Speculoos Winnti ACEHASH CCleaner Backdoor CHINACHOPPER Empire Downloader HTran MimiKatz PlugX Winnti APT41 |
2020 ⋅ Secureworks ⋅ SecureWorks @online{secureworks:2020:bronze:65ecf8a,
author = {SecureWorks},
title = {{BRONZE KEYSTONE}},
date = {2020},
organization = {Secureworks},
url = {https://www.secureworks.com/research/threat-profiles/bronze-keystone},
language = {English},
urldate = {2020-05-23}
}
BRONZE KEYSTONE 9002 RAT BLACKCOFFEE DeputyDog Derusbi HiKit PlugX Poison Ivy ZXShell APT17 |
2020 ⋅ Secureworks ⋅ SecureWorks @online{secureworks:2020:bronze:972c13a,
author = {SecureWorks},
title = {{BRONZE FIRESTONE}},
date = {2020},
organization = {Secureworks},
url = {https://www.secureworks.com/research/threat-profiles/bronze-firestone},
language = {English},
urldate = {2020-05-23}
}
BRONZE FIRESTONE 9002 RAT Derusbi Empire Downloader PlugX Poison Ivy APT19 |
2020 ⋅ Secureworks ⋅ SecureWorks @online{secureworks:2020:bronze:e8ad4fb,
author = {SecureWorks},
title = {{BRONZE MOHAWK}},
date = {2020},
organization = {Secureworks},
url = {https://www.secureworks.com/research/threat-profiles/bronze-mohawk},
language = {English},
urldate = {2020-05-23}
}
BRONZE MOHAWK AIRBREAK scanbox BLACKCOFFEE CHINACHOPPER Cobalt Strike Derusbi homefry murkytop SeDll APT40 |
2019-12-17 ⋅ Palo Alto Networks Unit 42 ⋅ Jen Miller-Osborn, Mike Harbison @online{millerosborn:20191217:rancor:998fe1c,
author = {Jen Miller-Osborn and Mike Harbison},
title = {{Rancor: Cyber Espionage Group Uses New Custom Malware to Attack Southeast Asia}},
date = {2019-12-17},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/rancor-cyber-espionage-group-uses-new-custom-malware-to-attack-southeast-asia/},
language = {English},
urldate = {2020-01-08}
}
Rancor: Cyber Espionage Group Uses New Custom Malware to Attack Southeast Asia DDKONG Derusbi KHRAT |
2019-11-19 ⋅ FireEye ⋅ Kelli Vanderlee, Nalani Fraser @techreport{vanderlee:20191119:achievement:6be19eb,
author = {Kelli Vanderlee and Nalani Fraser},
title = {{Achievement Unlocked: Chinese Cyber Espionage Evolves to Support Higher Level Missions}},
date = {2019-11-19},
institution = {FireEye},
url = {https://summit.fireeye.com/content/dam/fireeye-www/summit/cds-2019/presentations/cds19-executive-s08-achievement-unlocked.pdf},
language = {English},
urldate = {2021-03-02}
}
Achievement Unlocked: Chinese Cyber Espionage Evolves to Support Higher Level Missions MESSAGETAP TSCookie ACEHASH CHINACHOPPER Cobalt Strike Derusbi Empire Downloader Ghost RAT HIGHNOON HTran MimiKatz NetWire RC poisonplug Poison Ivy pupy Quasar RAT ZXShell |
2019-10-07 ⋅ ESET Research ⋅ Marc-Etienne M.Léveillé, Mathieu Tartare @techreport{mlveill:20191007:connecting:e59d4c8,
author = {Marc-Etienne M.Léveillé and Mathieu Tartare},
title = {{CONNECTING THE DOTS: Exposing the arsenal and methods of the Winnti Group}},
date = {2019-10-07},
institution = {ESET Research},
url = {https://www.welivesecurity.com/wp-content/uploads/2019/10/ESET_Winnti.pdf},
language = {English},
urldate = {2020-01-10}
}
CONNECTING THE DOTS: Exposing the arsenal and methods of the Winnti Group LOWKEY shadowhammer ShadowPad |
2019-10 ⋅ CrowdStrike ⋅ Karl Scheuerman, Piotr Wojtyla @online{scheuerman:201910:dont:11aa9dc,
author = {Karl Scheuerman and Piotr Wojtyla},
title = {{Don't miss the forest for the trees gleaning hunting value from too much intrusion data}},
date = {2019-10},
organization = {CrowdStrike},
url = {https://docplayer.net/162112338-Don-t-miss-the-forest-for-the-trees-gleaning-hunting-value-from-too-much-intrusion-data.html},
language = {English},
urldate = {2021-03-31}
}
Don't miss the forest for the trees gleaning hunting value from too much intrusion data Winnti |
2019-09-30 ⋅ Lastline ⋅ Jason Zhang, Stefano Ortolani @online{zhang:20190930:helo:559ed11,
author = {Jason Zhang and Stefano Ortolani},
title = {{HELO Winnti: Attack or Scan?}},
date = {2019-09-30},
organization = {Lastline},
url = {https://www.lastline.com/labsblog/helo-winnti-attack-scan/},
language = {English},
urldate = {2019-10-23}
}
HELO Winnti: Attack or Scan? Winnti |
2019-09-23 ⋅ MITRE ⋅ MITRE ATT&CK @online{attck:20190923:apt41:63b9ff7,
author = {MITRE ATT&CK},
title = {{APT41}},
date = {2019-09-23},
organization = {MITRE},
url = {https://attack.mitre.org/groups/G0096},
language = {English},
urldate = {2022-08-30}
}
APT41 Derusbi MESSAGETAP Winnti ASPXSpy BLACKCOFFEE CHINACHOPPER Cobalt Strike Derusbi Empire Downloader Ghost RAT MimiKatz NjRAT PlugX ShadowPad Winnti ZXShell APT41 |
2019-09-04 ⋅ CarbonBlack ⋅ Takahiro Haruyama @online{haruyama:20190904:cb:7c71995,
author = {Takahiro Haruyama},
title = {{CB TAU Threat Intelligence Notification: Winnti Malware 4.0}},
date = {2019-09-04},
organization = {CarbonBlack},
url = {https://www.carbonblack.com/2019/09/04/cb-tau-threat-intelligence-notification-winnti-malware-4-0/},
language = {English},
urldate = {2019-12-17}
}
CB TAU Threat Intelligence Notification: Winnti Malware 4.0 Winnti |
2019-09-04 ⋅ FireEye ⋅ FireEye @online{fireeye:20190904:apt41:b5d6780,
author = {FireEye},
title = {{APT41: Double Dragon APT41, a dual espionage and cyber crime operation}},
date = {2019-09-04},
organization = {FireEye},
url = {https://content.fireeye.com/api/pdfproxy?id=86840},
language = {English},
urldate = {2020-01-13}
}
APT41: Double Dragon APT41, a dual espionage and cyber crime operation EASYNIGHT Winnti |
2019-08-09 ⋅ FireEye ⋅ FireEye @online{fireeye:20190809:double:40f736e,
author = {FireEye},
title = {{Double Dragon APT41, a dual espionage and cyber crime operation}},
date = {2019-08-09},
organization = {FireEye},
url = {https://content.fireeye.com/apt-41/rpt-apt41/},
language = {English},
urldate = {2019-12-18}
}
Double Dragon APT41, a dual espionage and cyber crime operation CLASSFON crackshot CROSSWALK GEARSHIFT HIGHNOON HIGHNOON.BIN JUMPALL poisonplug Winnti |
2019-07-24 ⋅ Github (br-data) ⋅ Hakan Tanriverdi, Svea Eckert, Jan Strozyk, Maximilian Zierer, Rebecca Ciesielski @online{tanriverdi:20190724:winnti:25b27fb,
author = {Hakan Tanriverdi and Svea Eckert and Jan Strozyk and Maximilian Zierer and Rebecca Ciesielski},
title = {{Winnti analysis}},
date = {2019-07-24},
organization = {Github (br-data)},
url = {https://github.com/br-data/2019-winnti-analyse/},
language = {English},
urldate = {2019-12-10}
}
Winnti analysis Winnti |
2019-07-24 ⋅ Bayerischer Rundfunk ⋅ Hakan Tanriverdi, Svea Eckert, Jan Strozyk, Maximilian Zierer, Rebecca Ciesielski @online{tanriverdi:20190724:attacking:66ef327,
author = {Hakan Tanriverdi and Svea Eckert and Jan Strozyk and Maximilian Zierer and Rebecca Ciesielski},
title = {{Attacking the Heart of the German Industry}},
date = {2019-07-24},
organization = {Bayerischer Rundfunk},
url = {http://web.br.de/interaktiv/winnti/english/},
language = {English},
urldate = {2019-11-29}
}
Attacking the Heart of the German Industry Winnti |
2019-07-24 ⋅ Twitter (@bkMSFT) ⋅ Ben K (bkMSFT) @online{bkmsft:20190724:apt17:8b88bcb,
author = {Ben K (bkMSFT)},
title = {{Tweet on APT17}},
date = {2019-07-24},
organization = {Twitter (@bkMSFT)},
url = {https://twitter.com/bkMSFT/status/1153994428949749761},
language = {English},
urldate = {2020-01-07}
}
Tweet on APT17 HIGHNOTE |
2019-04-23 ⋅ Kaspersky Labs ⋅ GReAT, AMR @online{great:20190423:operation:20b8f83,
author = {GReAT and AMR},
title = {{Operation ShadowHammer: a high-profile supply chain attack}},
date = {2019-04-23},
organization = {Kaspersky Labs},
url = {https://securelist.com/operation-shadowhammer-a-high-profile-supply-chain-attack/90380/},
language = {English},
urldate = {2019-12-20}
}
Operation ShadowHammer: a high-profile supply chain attack shadowhammer ShadowPad |
2019-04-22 ⋅ Trend Micro ⋅ Mohamad Mokbel @online{mokbel:20190422:cc:23b1202,
author = {Mohamad Mokbel},
title = {{C/C++ Runtime Library Code Tampering in Supply Chain}},
date = {2019-04-22},
organization = {Trend Micro},
url = {https://www.trendmicro.com/en_us/research/19/d/analyzing-c-c-runtime-library-code-tampering-in-software-supply-chain-attacks.html},
language = {English},
urldate = {2021-09-19}
}
C/C++ Runtime Library Code Tampering in Supply Chain shadowhammer ShadowPad Winnti |
2019 ⋅ Council on Foreign Relations ⋅ Cyber Operations Tracker @online{tracker:2019:17:d2951a8,
author = {Cyber Operations Tracker},
title = {{APT 17}},
date = {2019},
organization = {Council on Foreign Relations},
url = {https://www.cfr.org/interactive/cyber-operations/apt-17},
language = {English},
urldate = {2019-12-20}
}
APT 17 APT17 |
2018-10-01 ⋅ Macnica Networks ⋅ Macnica Networks @techreport{networks:20181001:trends:17b1db5,
author = {Macnica Networks},
title = {{Trends in cyber espionage (targeted attacks) targeting Japan | First half of 2018}},
date = {2018-10-01},
institution = {Macnica Networks},
url = {https://www.macnica.net/file/mpressioncss_2018-1h-report_mnc_rev3_nopw.pdf},
language = {Japanese},
urldate = {2021-03-02}
}
Trends in cyber espionage (targeted attacks) targeting Japan | First half of 2018 Anel Cobalt Strike Datper FlawedAmmyy Quasar RAT RedLeaves taidoor Winnti xxmm |
2018-05-22 ⋅ Github (TKCERT) ⋅ thyssenkrupp CERT @online{cert:20180522:nmap:1ee2530,
author = {thyssenkrupp CERT},
title = {{Nmap Script to scan for Winnti infections}},
date = {2018-05-22},
organization = {Github (TKCERT)},
url = {https://github.com/TKCERT/winnti-nmap-script},
language = {English},
urldate = {2020-01-07}
}
Nmap Script to scan for Winnti infections Winnti |
2018-03-05 ⋅ Github (TKCERT) ⋅ TKCERT @online{tkcert:20180305:suricata:0b45f94,
author = {TKCERT},
title = {{Suricata rules to detect Winnti communication}},
date = {2018-03-05},
organization = {Github (TKCERT)},
url = {https://github.com/TKCERT/winnti-suricata-lua},
language = {English},
urldate = {2020-01-07}
}
Suricata rules to detect Winnti communication Winnti |
2017-08-15 ⋅ Kaspersky Labs ⋅ GReAT @online{great:20170815:shadowpad:3d5b9a0,
author = {GReAT},
title = {{ShadowPad in corporate networks}},
date = {2017-08-15},
organization = {Kaspersky Labs},
url = {https://securelist.com/shadowpad-in-corporate-networks/81432/},
language = {English},
urldate = {2019-12-20}
}
ShadowPad in corporate networks ShadowPad |
2017-05-31 ⋅ MITRE ⋅ MITRE ATT&CK @online{attck:20170531:apt17:ebee596,
author = {MITRE ATT&CK},
title = {{APT17}},
date = {2017-05-31},
organization = {MITRE},
url = {https://attack.mitre.org/groups/G0025/},
language = {English},
urldate = {2022-07-05}
}
APT17 BLACKCOFFEE APT17 |
2017-05-31 ⋅ MITRE ⋅ MITRE ATT&CK @online{attck:20170531:axiom:b181fdb,
author = {MITRE ATT&CK},
title = {{Axiom}},
date = {2017-05-31},
organization = {MITRE},
url = {https://attack.mitre.org/groups/G0001/},
language = {English},
urldate = {2022-08-30}
}
Axiom Derusbi 9002 RAT BLACKCOFFEE Derusbi Ghost RAT HiKit PlugX ZXShell APT17 |
2017-04-19 ⋅ Trend Micro ⋅ Trendmicro @online{trendmicro:20170419:of:1656f97,
author = {Trendmicro},
title = {{Of Pigs and Malware: Examining a Possible Member of the Winnti Group}},
date = {2017-04-19},
organization = {Trend Micro},
url = {http://blog.trendmicro.com/trendlabs-security-intelligence/pigs-malware-examining-possible-member-winnti-group/},
language = {English},
urldate = {2019-12-04}
}
Of Pigs and Malware: Examining a Possible Member of the Winnti Group Winnti |
2017-03-22 ⋅ Trend Micro ⋅ Cedric Pernet @online{pernet:20170322:winnti:bfd35bc,
author = {Cedric Pernet},
title = {{Winnti Abuses GitHub for C&C Communications}},
date = {2017-03-22},
organization = {Trend Micro},
url = {http://blog.trendmicro.com/trendlabs-security-intelligence/winnti-abuses-github/},
language = {English},
urldate = {2019-07-09}
}
Winnti Abuses GitHub for C&C Communications Winnti |
2016-03-06 ⋅ Github (TKCERT) ⋅ thyssenkrupp CERT @online{cert:20160306:network:f9244d3,
author = {thyssenkrupp CERT},
title = {{Network detector for Winnti malware}},
date = {2016-03-06},
organization = {Github (TKCERT)},
url = {https://github.com/TKCERT/winnti-detector},
language = {English},
urldate = {2020-01-07}
}
Network detector for Winnti malware Winnti |
2016-03-02 ⋅ RSA Conference ⋅ Vanja Svajcer @techreport{svajcer:20160302:dissecting:e8721e3,
author = {Vanja Svajcer},
title = {{Dissecting Derusbi}},
date = {2016-03-02},
institution = {RSA Conference},
url = {https://web.archive.org/web/20180310053107/https://www.rsaconference.com/writable/presentations/file_upload/hta-w02-dissecting-derusbi.pdf},
language = {English},
urldate = {2020-02-27}
}
Dissecting Derusbi Derusbi |
2015-12-15 ⋅ Airbus Defence & Space ⋅ Fabien Perigaud @online{perigaud:20151215:newcomers:73beb0c,
author = {Fabien Perigaud},
title = {{Newcomers in the Derusbi family}},
date = {2015-12-15},
organization = {Airbus Defence & Space},
url = {https://web.archive.org/web/20151216071054/http://blog.airbuscybersecurity.com/post/2015/11/Newcomers-in-the-Derusbi-family},
language = {English},
urldate = {2020-02-27}
}
Newcomers in the Derusbi family Derusbi |
2015-10-13 ⋅ Kaspersky Labs ⋅ Dmitry Tarakanov @online{tarakanov:20151013:i:36fae83,
author = {Dmitry Tarakanov},
title = {{I am HDRoot! Part 2}},
date = {2015-10-13},
organization = {Kaspersky Labs},
url = {https://securelist.com/i-am-hdroot-part-2/72356/},
language = {English},
urldate = {2020-03-19}
}
I am HDRoot! Part 2 HDRoot |
2015-10-08 ⋅ Virus Bulletin ⋅ Micky Pun, Eric Leung, Neo Tan @techreport{pun:20151008:catching:368d81d,
author = {Micky Pun and Eric Leung and Neo Tan},
title = {{Catching the silent whisper: Understanding the Derusbi family tree}},
date = {2015-10-08},
institution = {Virus Bulletin},
url = {https://www.virusbulletin.com/uploads/pdf/conference_slides/2015/Pun-etal-VB2015.pdf},
language = {English},
urldate = {2020-02-27}
}
Catching the silent whisper: Understanding the Derusbi family tree Derusbi |
2015-10-06 ⋅ Kaspersky Labs ⋅ Dmitry Tarakanov @online{tarakanov:20151006:i:445dc3a,
author = {Dmitry Tarakanov},
title = {{I am HDRoot! Part 1}},
date = {2015-10-06},
organization = {Kaspersky Labs},
url = {https://securelist.com/i-am-hdroot-part-1/72275/},
language = {English},
urldate = {2020-03-19}
}
I am HDRoot! Part 1 HDRoot |
2015-06-22 ⋅ Kaspersky Labs ⋅ Dmitry Tarakanov @online{tarakanov:20150622:games:aba8183,
author = {Dmitry Tarakanov},
title = {{Games are over: Winnti is now targeting pharmaceutical companies}},
date = {2015-06-22},
organization = {Kaspersky Labs},
url = {https://securelist.com/games-are-over/70991/},
language = {English},
urldate = {2019-12-20}
}
Games are over: Winnti is now targeting pharmaceutical companies Winnti APT41 |
2015-04-14 ⋅ Youtube (Kaspersky) ⋅ Kris McConkey @online{mcconkey:20150414:following:02e29b8,
author = {Kris McConkey},
title = {{Following APT OpSec failures}},
date = {2015-04-14},
organization = {Youtube (Kaspersky)},
url = {https://www.youtube.com/watch?v=NFJqD-LcpIg},
language = {English},
urldate = {2022-08-30}
}
Following APT OpSec failures BLACKCOFFEE Mangzamel APT17 |
2015-04-06 ⋅ Novetta ⋅ Novetta @techreport{novetta:20150406:winnti:acc4030,
author = {Novetta},
title = {{WINNTI ANALYSIS}},
date = {2015-04-06},
institution = {Novetta},
url = {https://www.novetta.com/wp-content/uploads/2015/04/novetta_winntianalysis.pdf},
language = {English},
urldate = {2020-01-10}
}
WINNTI ANALYSIS Winnti |
2015-02-27 ⋅ ThreatConnect ⋅ ThreatConnect Research Team @online{team:20150227:anthem:3576532,
author = {ThreatConnect Research Team},
title = {{The Anthem Hack: All Roads Lead to China}},
date = {2015-02-27},
organization = {ThreatConnect},
url = {https://www.threatconnect.com/the-anthem-hack-all-roads-lead-to-china/},
language = {English},
urldate = {2020-01-09}
}
The Anthem Hack: All Roads Lead to China Derusbi |
2015-02-06 ⋅ CrowdStrike ⋅ CrowdStrike @techreport{crowdstrike:20150206:crowdstrike:fbcc37f,
author = {CrowdStrike},
title = {{CrowdStrike Global Threat Intel Report 2014}},
date = {2015-02-06},
institution = {CrowdStrike},
url = {https://web.archive.org/web/20200509171721/https://raw.githubusercontent.com/fdiskyou/threat-INTel/master/2015/GlobalThreatIntelReport.pdf},
language = {English},
urldate = {2020-05-11}
}
CrowdStrike Global Threat Intel Report 2014 BlackPOS CryptoLocker Derusbi Elise Enfal EvilGrab Gameover P2P HttpBrowser Medusa Mirage Naikon NetTraveler pirpi PlugX Poison Ivy Sakula RAT Sinowal sykipot taidoor |
2015 ⋅ Ruxcon ⋅ Matt McCormack @techreport{mccormack:2015:why:fa3d041,
author = {Matt McCormack},
title = {{WHY ATTACKER TOOLSETS DO WHAT THEY DO}},
date = {2015},
institution = {Ruxcon},
url = {http://2015.ruxcon.org.au/assets/2015/slides/Ruxcon%202015%20-%20McCormack.pdf},
language = {English},
urldate = {2020-01-08}
}
WHY ATTACKER TOOLSETS DO WHAT THEY DO Winnti |
2014-10-28 ⋅ Novetta ⋅ Novetta @techreport{novetta:20141028:derusbi:aae275a,
author = {Novetta},
title = {{Derusbi (Server Variant) Analysis}},
date = {2014-10-28},
institution = {Novetta},
url = {http://www.novetta.com/wp-content/uploads/2014/11/Derusbi.pdf},
language = {English},
urldate = {2020-01-06}
}
Derusbi (Server Variant) Analysis Derusbi |
2014-10-14 ⋅ Symantec ⋅ Symantec Security Response @online{response:20141014:security:81c5ea5,
author = {Symantec Security Response},
title = {{Security vendors take action against Hidden Lynx malware}},
date = {2014-10-14},
organization = {Symantec},
url = {https://web.archive.org/web/20141016080249/http://www.symantec.com/connect/blogs/security-vendors-take-action-against-hidden-lynx-malware},
language = {English},
urldate = {2020-04-21}
}
Security vendors take action against Hidden Lynx malware Gameover P2P HiKit Shylock APT17 |
2014-05-01 ⋅ Recorded Future ⋅ Chris @online{chris:20140501:hunting:bcefc84,
author = {Chris},
title = {{Hunting Hidden Lynx: How OSINT is Crucial for APT Analysis}},
date = {2014-05-01},
organization = {Recorded Future},
url = {https://www.recordedfuture.com/hidden-lynx-analysis/},
language = {English},
urldate = {2020-01-07}
}
Hunting Hidden Lynx: How OSINT is Crucial for APT Analysis APT17 |
2014-01 ⋅ RSA ⋅ RSA Research @techreport{research:201401:rsa:5fa5815,
author = {RSA Research},
title = {{RSA Incident Response: Emerging Threat Profile Shell_Crew}},
date = {2014-01},
institution = {RSA},
url = {https://www.rsa.com/content/dam/en/white-paper/rsa-incident-response-emerging-threat-profile-shell-crew.pdf},
language = {English},
urldate = {2021-01-29}
}
RSA Incident Response: Emerging Threat Profile Shell_Crew Derusbi |
2013-09-21 ⋅ FireEye ⋅ Ned Moran, Nart Villeneuve @online{moran:20130921:operation:0289318,
author = {Ned Moran and Nart Villeneuve},
title = {{Operation DeputyDog: Zero-Day (CVE-2013-3893) Attack Against Japanese Targets}},
date = {2013-09-21},
organization = {FireEye},
url = {https://web.archive.org/web/20130924130243/https://www.fireeye.com/blog/technical/cyber-exploits/2013/09/operation-deputydog-zero-day-cve-2013-3893-attack-against-japanese-targets.html},
language = {English},
urldate = {2020-06-08}
}
Operation DeputyDog: Zero-Day (CVE-2013-3893) Attack Against Japanese Targets DeputyDog APT17 |
2013-09-17 ⋅ Symantec ⋅ Symantec Security Response @online{response:20130917:hidden:e91b6bb,
author = {Symantec Security Response},
title = {{Hidden Lynx – Professional Hackers for Hire}},
date = {2013-09-17},
organization = {Symantec},
url = {https://web.archive.org/web/20130920000343/https://www.symantec.com/connect/blogs/hidden-lynx-professional-hackers-hire},
language = {English},
urldate = {2020-04-21}
}
Hidden Lynx – Professional Hackers for Hire APT17 |
2013-09-17 ⋅ Symantec ⋅ Stephen Doherty, Jozsef Gegeny, Branko Spasojevic, Jonell Baltazar @techreport{doherty:20130917:hidden:72a1bd7,
author = {Stephen Doherty and Jozsef Gegeny and Branko Spasojevic and Jonell Baltazar},
title = {{Hidden Lynx – Professional Hackers for Hire}},
date = {2013-09-17},
institution = {Symantec},
url = {https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2013/hidden_lynx.pdf},
language = {English},
urldate = {2020-04-21}
}
Hidden Lynx – Professional Hackers for Hire 9002 RAT HiKit APT17 |
2013-04 ⋅ Kaspersky Labs ⋅ GReAT @techreport{great:201304:winnti:c8e6f40,
author = {GReAT},
title = {{Winnti - More than just a game}},
date = {2013-04},
institution = {Kaspersky Labs},
url = {https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/20134508/winnti-more-than-just-a-game-130410.pdf},
language = {English},
urldate = {2019-07-11}
}
Winnti - More than just a game portless Winnti |
2013-02-08 ⋅ VMWare Carbon Black ⋅ Patrick Morley @online{morley:20130208:bit9:edaa56d,
author = {Patrick Morley},
title = {{Bit9 and Our Customers’ Security}},
date = {2013-02-08},
organization = {VMWare Carbon Black},
url = {https://www.carbonblack.com/2013/02/08/bit9-and-our-customers-security/},
language = {English},
urldate = {2020-05-18}
}
Bit9 and Our Customers’ Security APT17 |