| SYMBOL | COMMON_NAME | aka. SYNONYMS |
A China-based actor that targets foreign embassies to collect data on government, defence, and technology sectors.
| 2025-03-24
⋅
SYGNIA
⋅
Weaver Ant, the Web Shell Whisperer: Tracking a Live China-nexus Operation CHINACHOPPER reGeorg |
| 2025-02-20
⋅
Trend Micro
⋅
Updated Shadowpad Malware Leads to Ransomware Deployment EvilExtractor PlugX ShadowPad Teleboyi |
| 2025-02-20
⋅
Orange Cyberdefense
⋅
Meet NailaoLocker: a ransomware distributed in Europe by ShadowPad and PlugX backdoors NailaoLocker PlugX ShadowPad |
| 2025-02-20
⋅
Trend Micro
⋅
Updated Shadowpad Malware Leads to Ransomware Deployment EvilExtractor NailaoLocker PlugX ShadowPad |
| 2025-02-18
⋅
Orange Cyberdefense
⋅
IOCs Green Nailao campaign (NailaoLocker, ShadowPad) NailaoLocker PlugX ShadowPad |
| 2025-02-13
⋅
Symantec
⋅
China-linked Espionage Tools Used in Ransomware Attacks PlugX |
| 2025-01-14
⋅
Department of Justice
⋅
Justice Department and FBI Conduct International Operation to Delete Malware Used by China-Backed Hackers PlugX |
| 2025-01-09
⋅
Recorded Future
⋅
Chinese State-Sponsored RedDelta Targeted Taiwan, Mongolia, and Southeast Asia with Adapted PlugX Infection Chain PlugX |
| 2024-10-10
⋅
Hunt.io
⋅
Unmasking Adversary Infrastructure: How Certificates and Redirects Exposed Earth Baxia and PlugX Activity Cobalt Strike PlugX |
| 2024-09-10
⋅
Talos Intelligence
⋅
DragonRank, a Chinese-speaking SEO manipulator service provider IISpy PlugX DragonRank |
| 2024-08-23
⋅
TEAMT5
⋅
Sailing the Seven SEAs: Deep Dive into Polaris' Arsenal and Intelligence Insights Cobalt Strike Hodur PlugX TONESHELL |
| 2024-07-10
⋅
Akamai
⋅
CVE-2024-4577 Exploits in the Wild One Day After Disclosure Tsunami Ghost RAT xmrig |
| 2024-06-03
⋅
SYGNIA
⋅
China-Nexus Threat Group ‘Velvet Ant’ Abuses F5 Load Balancers for Persistence PlugX |
| 2024-05-23
⋅
Palo Alto Networks Unit 42
⋅
Operation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Leverages Rare Tool Set to Target Governmental Entities in the Middle East, Africa and Asia Agent Racoon CHINACHOPPER Ghost RAT JuicyPotato MimiKatz Ntospy PlugX SweetSpecter TunnelSpecter CL-STA-0043 |
| 2024-04-27
⋅
Google
⋅
Finding Malware: Detecting SOGU with Google Security Operations. PlugX |
| 2024-04-19
⋅
⋅
Spiegel Online
⋅
VW-Konzern wurde jahrelang ausspioniert – von China? CHINACHOPPER PlugX |
| 2024-03-18
⋅
Trend Micro
⋅
Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks DinodasRAT PlugX Reshell ShadowPad Earth Krahang |
| 2024-02-21
⋅
YouTube (SentinelOne)
⋅
LABSCon23 Replay | Chasing Shadows | The rise of a prolific espionage actor 9002 RAT PlugX ShadowPad Spyder Earth Lusca |
| 2024-01-25
⋅
JSAC 2024
⋅
Unveiling TeleBoyi: Chinese APT Group Targeting Critical Infrastructure Worldwide PlugX |
| 2024-01-25
⋅
JSAC 2024
⋅
The Secret Life of RATs: connecting the dots by dissecting multiple backdoors DracuLoader GroundPeony HemiGate PlugX |
| 2024-01-23
⋅
CSIRT-CTI
⋅
Stately Taurus Targets Myanmar Amidst Concerns over Military Junta’s Handling of Rebel Attacks PlugX PUBLOAD TONESHELL |
| 2024-01-21
⋅
Mahmoud Zohdy Blog
⋅
A Look into PlugX Kernel driver PlugX |
| 2024-01-09
⋅
Recorded Future
⋅
2023 Adversary Infrastructure Report AsyncRAT Cobalt Strike Emotet PlugX ShadowPad |
| 2023-12-06
⋅
splunk
⋅
Unmasking the Enigma: A Historical Dive into the World of PlugX Malware PlugX |
| 2023-09-08
⋅
PolySwarm Tech Team
⋅
Carderbee Targets Hong Kong in Supply Chain Attack PlugX Carderbee |
| 2023-09-07
⋅
Sekoia
⋅
My Tea’s not cold. An overview of China’s cyber threat Melofee PingPull SoWaT Sword2033 MgBot MQsTTang PlugX TONESHELL Dalbit MirrorFace |
| 2023-08-22
⋅
Symantec
⋅
Carderbee: APT Group use Legit Software in Supply Chain Attack Targeting Orgs in Hong Kong PlugX Carderbee |
| 2023-08-07
⋅
Recorded Future
⋅
RedHotel: A Prolific, Chinese State-Sponsored Group Operating at a Global Scale Winnti Brute Ratel C4 Cobalt Strike FunnySwitch PlugX ShadowPad Spyder Earth Lusca |
| 2023-07-18
⋅
Mandiant
⋅
Stealth Mode: Chinese Cyber Espionage Actors Continue to Evolve Tactics to Avoid Detection BPFDoor SALTWATER SEASPY SideWalk ZuoRAT Daxin HyperBro HyperSSL Waterbear |
| 2023-07-11
⋅
Mandiant
⋅
The Spies Who Loved You: Infected USB Drives to Steal Secrets PlugX |
| 2023-06-16
⋅
Palo Alto Networks: Cortex Threat Research
⋅
Through the Cortex XDR Lens: Uncovering a New Activity Group Targeting Governments in the Middle East and Africa CHINACHOPPER Ladon Yasso CL-STA-0043 |
| 2023-05-15
⋅
Symantec
⋅
Lancefly: Group Uses Custom Backdoor to Target Orgs in Government, Aviation, Other Sectors Merdoor PlugX ShadowPad ZXShell Lancefly |
| 2023-05-03
⋅
Lab52
⋅
New Mustang Panda’s campaing against Australia PlugX |
| 2023-04-24
⋅
Cofense
⋅
Open-Source Gh0st RAT Still Haunting Inboxes 15 Years After Release Ghost RAT |
| 2023-04-18
⋅
Mandiant
⋅
M-Trends 2023 QUIETEXIT AppleJeus Black Basta BlackCat CaddyWiper Cobalt Strike Dharma HermeticWiper Hive INDUSTROYER2 Ladon LockBit Meterpreter PartyTicket PlugX QakBot REvil Royal Ransom SystemBC WhisperGate |
| 2023-04-13
⋅
Intel 471
⋅
From GhostNet to PseudoManuscrypt - The evolution of Gh0st RAT BBSRAT Gh0stTimes Ghost RAT PseudoManuscrypt |
| 2023-03-30
⋅
Recorded Future
⋅
With KEYPLUG, China’s RedGolf Spies On, Steals From Wide Field of Targets KEYPLUG Cobalt Strike PlugX RedGolf |
| 2023-03-09
⋅
ASEC
⋅
PlugX Malware Being Distributed via Vulnerability Exploitation PlugX |
| 2023-03-09
⋅
Sophos
⋅
A border-hopping PlugX USB worm takes its act on the road PlugX |
| 2023-03-01
⋅
Trend Micro
⋅
Iron Tiger’s SysUpdate Reappears, Adds Linux Targeting HyperSSL HyperSSL |
| 2023-02-24
⋅
Trend Micro
⋅
Investigating the PlugX Trojan Disguised as a Legitimate Windows Debugger Tool PlugX |
| 2023-02-13
⋅
AhnLab
⋅
Dalbit (m00nlight): Chinese Hacker Group’s APT Attack Campaign Godzilla Webshell ASPXSpy BlueShell CHINACHOPPER Cobalt Strike Ladon MimiKatz Dalbit |
| 2023-02-02
⋅
EclecticIQ
⋅
Mustang Panda APT Group Uses European Commission-Themed Lure to Deliver PlugX Malware PlugX |
| 2023-01-26
⋅
TEAMT5
⋅
Brief History of MustangPanda and its PlugX Evolution PlugX MUSTANG PANDA |
| 2023-01-26
⋅
Palo Alto Networks Unit 42
⋅
Chinese PlugX Malware Hidden in Your USB Devices? PlugX |
| 2023-01-09
⋅
kienmanowar Blog
⋅
[QuickNote] Another nice PlugX sample PlugX |
| 2022-12-27
⋅
kienmanowar Blog
⋅
Diving into a PlugX sample of Mustang Panda group PlugX |
| 2022-12-24
⋅
Medium (@DCSO_CyTec)
⋅
APT41 — The spy who failed to encrypt me CHINACHOPPER |
| 2022-12-06
⋅
Blackberry
⋅
Mustang Panda Uses the Russian-Ukrainian War to Attack Europe and Asia Pacific Targets PlugX |
| 2022-12-02
⋅
Avast Decoded
⋅
Hitching a ride with Mustang Panda PlugX |
| 2022-11-30
⋅
⋅
FFRI Security
⋅
Evolution of the PlugX loader PlugX Poison Ivy |
| 2022-11-22
⋅
Twitter (@ESETresearch)
⋅
Tweets on SysUpdate / Soldier / HyperSSL HyperSSL |
| 2022-10-18
⋅
Intrinsec
⋅
APT27 – One Year To Exfiltrate Them All: Intrusion In-Depth Analysis HyperBro MimiKatz |
| 2022-10-06
⋅
Blackberry
⋅
Mustang Panda Abuses Legitimate Apps to Target Myanmar Based Victims PlugX |
| 2022-09-29
⋅
Symantec
⋅
Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East CHINACHOPPER Lookback MimiKatz PlugX Unidentified 096 (Keylogger) x4 Witchetty |
| 2022-09-26
⋅
Palo Alto Networks Unit 42
⋅
Hunting for Unsigned DLLs to Find APTs PlugX Raspberry Robin Roshtyak |
| 2022-09-15
⋅
Symantec
⋅
Webworm: Espionage Attackers Testing and Using Older Modified RATs 9002 RAT Ghost RAT Trochilus RAT |
| 2022-09-14
⋅
Security Joes
⋅
Dissecting PlugX to Extract Its Crown Jewels PlugX |
| 2022-09-13
⋅
Symantec
⋅
New Wave of Espionage Activity Targets Asian Governments MimiKatz PlugX Quasar RAT ShadowPad Trochilus RAT |
| 2022-09-09
⋅
Github (m4now4r)
⋅
“Mustang Panda” – Enemy at the gate PlugX |
| 2022-09-08
⋅
Secureworks
⋅
BRONZE PRESIDENT Targets Government Officials PlugX |
| 2022-09-08
⋅
Cybereason
⋅
Threat Analysis Report: PlugX RAT Loader Evolution PlugX |
| 2022-08-12
⋅
Sekoia
⋅
LuckyMouse uses a backdoored Electron app to target MacOS HyperBro |
| 2022-08-12
⋅
Trend Micro
⋅
Iron Tiger Compromises Chat Application Mimi, Targets Windows, Mac, and Linux Users (IOCs) HyperBro |
| 2022-08-12
⋅
Trend Micro
⋅
Iron Tiger Compromises Chat Application Mimi, Targets Windows, Mac, and Linux Users Rshell HyperBro Earth Berberoka |
| 2022-08-04
⋅
Mandiant
⋅
Advanced Persistent Threats (APTs) APT1 APT10 APT12 APT14 APT15 APT16 APT17 APT18 APT19 APT2 APT20 APT21 APT22 APT23 APT24 APT27 APT3 APT30 APT31 APT4 APT40 APT5 APT9 Naikon |
| 2022-07-26
⋅
Microsoft
⋅
Malicious IIS extensions quietly open persistent backdoors into servers CHINACHOPPER MimiKatz |
| 2022-07-18
⋅
YouTube (Security Joes)
⋅
PlugX DLL Side-Loading Technique PlugX |
| 2022-07-18
⋅
Palo Alto Networks Unit 42
⋅
Shallow Taurus FormerFirstRAT IsSpace NewCT PlugX Poison Ivy Tidepool DragonOK |
| 2022-07-18
⋅
Palo Alto Networks Unit 42
⋅
Iron Taurus CHINACHOPPER Ghost RAT Wonknu ZXShell APT27 |
| 2022-06-27
⋅
Kaspersky ICS CERT
⋅
Attacks on industrial control systems using ShadowPad Cobalt Strike PlugX ShadowPad |
| 2022-06-23
⋅
Secureworks
⋅
BRONZE STARLIGHT Ransomware Operations Use HUI Loader ATOMSILO Cobalt Strike HUI Loader LockFile NightSky Pandora PlugX Quasar RAT Rook SodaMaster BRONZE STARLIGHT |
| 2022-06-15
⋅
Security Joes
⋅
Backdoor via XFF: Mysterious Threat Actor Under Radar CHINACHOPPER |
| 2022-05-23
⋅
Trend Micro
⋅
Operation Earth Berberoka reptile oRAT Ghost RAT PlugX pupy Earth Berberoka |
| 2022-05-20
⋅
VinCSS
⋅
[RE027] China-based APT Mustang Panda might have still continued their attack activities against organizations in Vietnam PlugX |
| 2022-05-17
⋅
Positive Technologies
⋅
Space Pirates: analyzing the tools and connections of a new hacker group FormerFirstRAT PlugX Poison Ivy Rovnix ShadowPad Zupdax |
| 2022-05-16
⋅
JPCERT/CC
⋅
Analysis of HUI Loader HUI Loader PlugX Poison Ivy Quasar RAT |
| 2022-05-12
⋅
TEAMT5
⋅
The Next Gen PlugX/ShadowPad? A Dive into the Emerging China-Nexus Modular Trojan, Pangolin8RAT (slides) KEYPLUG Cobalt Strike CROSSWALK FunnySwitch PlugX ShadowPad Winnti SLIME29 TianWu |
| 2022-05-11
⋅
TEAMT5
⋅
To loot or Not to Loot? That Is Not a Question - When State-Nexus APT Targets Online Entertainment Industry APT27 BRONZE STARLIGHT SLIME29 TianWu |
| 2022-05-09
⋅
⋅
Qianxin Threat Intelligence Center
⋅
Operation EviLoong: An electronic party of "borderless" hackers ZXShell |
| 2022-05-05
⋅
Cisco Talos
⋅
Mustang Panda deploys a new wave of malware targeting Europe Cobalt Strike Meterpreter PlugX PUBLOAD |
| 2022-05-02
⋅
Sentinel LABS
⋅
Moshen Dragon’s Triad-and-Error Approach | Abusing Security Software to Sideload PlugX and ShadowPad PlugX ShadowPad Moshen Dragon |
| 2022-04-28
⋅
PWC
⋅
Cyber Threats 2021: A Year in Retrospect (Annex) Cobalt Strike Conti PlugX RokRAT Inception Framework Red Menshen |
| 2022-04-28
⋅
DARKReading
⋅
Chinese APT Bronze President Mounts Spy Campaign on Russian Military PlugX MUSTANG PANDA |
| 2022-04-27
⋅
Trendmicro
⋅
IOCs for Earth Berberoka - Windows AsyncRAT Cobalt Strike PlugX Quasar RAT Earth Berberoka |
| 2022-04-27
⋅
Trend Micro
⋅
New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware HelloBot AsyncRAT Ghost RAT HelloBot PlugX Quasar RAT Earth Berberoka |
| 2022-04-27
⋅
Trendmicro
⋅
Operation Gambling Puppet reptile oRAT AsyncRAT Cobalt Strike DCRat Ghost RAT PlugX Quasar RAT Trochilus RAT Earth Berberoka |
| 2022-04-15
⋅
Center for Internet Security
⋅
Top 10 Malware March 2022 Mirai Shlayer Agent Tesla Ghost RAT Nanocore RAT SectopRAT solarmarker Zeus |
| 2022-04-14
⋅
NSHC RedAlert Labs
⋅
Hacking activity of SectorB Group in 2021 Chinese government supported hacking group SectorB PlugX |
| 2022-04-12
⋅
Max Kersten's Blog
⋅
Ghidra script to handle stack strings CaddyWiper PlugX |
| 2022-04-01
⋅
The Hacker News
⋅
Chinese Hackers Target VMware Horizon Servers with Log4Shell to Deploy Rootkit Fire Chili Ghost RAT |
| 2022-03-30
⋅
Fortinet
⋅
New Milestones for Deep Panda: Log4Shell and Digitally Signed Fire Chili Rootkits Fire Chili Ghost RAT |
| 2022-03-28
⋅
Trellix
⋅
PlugX: A Talisman to Behold PlugX |
| 2022-03-25
⋅
⋅
ESET Research
⋅
Mustang Panda's Hodur: Old stuff, new variant of Korplug PlugX |
| 2022-03-24
⋅
Threat Post
⋅
Chinese APT Combines Fresh Hodur RAT with Complex Anti-Detection PlugX |
| 2022-03-23
⋅
BleepingComputer
⋅
New Mustang Panda hacking campaign targets diplomats, ISPs PlugX |
| 2022-03-23
⋅
ESET Research
⋅
Mustang Panda’s Hodur: Old tricks, new Korplug variant Hodur PlugX |
| 2022-03-16
⋅
AhnLab
⋅
Gh0stCringe RAT Being Distributed to Vulnerable Database Servers Ghost RAT Kingminer |
| 2022-03-07
⋅
Proofpoint
⋅
The Good, the Bad, and the Web Bug: TA416 Increases Operational Tempo Against European Governments as Conflict in Ukraine Escalates PlugX MUSTANG PANDA |
| 2022-02-17
⋅
SinaCyber
⋅
Testimony before the U.S.-China Economic and Security Review Commission Hearing on “China’s Cyber Capabilities: Warfare, Espionage, and Implications for the United States” PlugX APT26 APT41 |
| 2022-02-11
⋅
Cisco Talos
⋅
Threat Roundup for February 4 to February 11 DarkComet Ghost RAT Loki Password Stealer (PWS) Tinba Tofsee Zeus |
| 2022-02-07
⋅
Cyware
⋅
APT27 Group Targets German Organizations with HyperBro HyperBro |
| 2022-01-27
⋅
JSAC 2021
⋅
What We Can Do against the Chaotic A41APT Campaign CHINACHOPPER Cobalt Strike HUI Loader SodaMaster |
| 2022-01-26
⋅
BleepingComputer
⋅
German govt warns of APT27 hackers backdooring business networks HyperBro |
| 2022-01-26
⋅
Bundesamt für Verfassungsschutz
⋅
Current cyber attack campaign against German business enterprises by APT27 HyperBro |
| 2022-01-06
⋅
Cyber And Ramen blog
⋅
A “GULP” of PlugX PlugX |
| 2021-12-14
⋅
Trend Micro
⋅
Collecting In the Dark: Tropic Trooper Targets Transportation and Government ChiserClient Ghost RAT Lilith Quasar RAT xPack APT23 |
| 2021-12-01
⋅
ESET Research
⋅
Jumping the air gap: 15 years of nation‑state effort Agent.BTZ Fanny Flame Gauss PlugX Ramsay Retro Stuxnet USBCulprit USBferry |
| 2021-11-18
⋅
Cisco
⋅
BlackMatter, LockBit, and THOR BlackMatter LockBit PlugX |
| 2021-11-04
⋅
Youtube (Virus Bulletin)
⋅
ShadowPad: the masterpiece of privately sold malware in Chinese espionage PlugX ShadowPad |
| 2021-11-03
⋅
Cisco Talos
⋅
Microsoft Exchange vulnerabilities exploited once again for ransomware, this time with Babuk Babuk CHINACHOPPER |
| 2021-10-18
⋅
NortonLifeLock
⋅
Operation Exorcist - 7 Years of Targeted Attacks against the Roman Catholic Church NewBounce PlugX Zupdax |
| 2021-10-05
⋅
Blackberry
⋅
Drawing a Dragon: Connecting the Dots to Find APT41 Cobalt Strike Ghost RAT |
| 2021-10-04
⋅
JPCERT/CC
⋅
Malware Gh0stTimes Used by BlackTech Gh0stTimes Ghost RAT |
| 2021-09-28
⋅
Recorded Future
⋅
4 Chinese APT Groups Identified Targeting Mail Server of Afghan Telecommunications Firm Roshan PlugX Winnti |
| 2021-09-14
⋅
McAfee
⋅
Operation ‘Harvest’: A Deep Dive into a Long-term Campaign MimiKatz PlugX Winnti |
| 2021-09-10
⋅
The Record
⋅
Indonesian intelligence agency compromised in suspected Chinese hack PlugX |
| 2021-09-03
⋅
FireEye
⋅
PST, Want a Shell? ProxyShell Exploiting Microsoft Exchange Servers CHINACHOPPER HTran |
| 2021-09-01
⋅
YouTube (Black Hat)
⋅
Mem2Img: Memory-Resident Malware Detection via Convolution Neural Network Cobalt Strike PlugX Waterbear |
| 2021-09-01
⋅
YouTube (Hack In The Box Security Conference)
⋅
SHADOWPAD: Chinese Espionage Malware-as-a-Service PlugX ShadowPad |
| 2021-08-23
⋅
SentinelOne
⋅
ShadowPad: the Masterpiece of Privately Sold Malware in Chinese Espionage PlugX ShadowPad |
| 2021-08-10
⋅
FireEye
⋅
UNC215: Spotlight on a Chinese Espionage Campaign in Israel HyperBro HyperSSL MimiKatz |
| 2021-08-03
⋅
Cybereason
⋅
DeadRinger: Exposing Chinese Threat Actors Targeting Major Telcos CHINACHOPPER Cobalt Strike MimiKatz Nebulae |
| 2021-07-27
⋅
Palo Alto Networks Unit 42
⋅
THOR: Previously Unseen PlugX Variant Deployed During Microsoft Exchange Server Attacks by PKPLUG Group PlugX |
| 2021-07-21
⋅
Bitdefender
⋅
LuminousMoth – PlugX, File Exfiltration and Persistence Revisited PlugX |
| 2021-07-20
⋅
Secureworks
⋅
Ongoing Campaign Leveraging Exchange Vulnerability Potentially Linked to Iran CHINACHOPPER MimiKatz RGDoor |
| 2021-06-16
⋅
Recorded Future
⋅
Threat Activity Group RedFoxtrot Linked to China’s PLA Unit 69010; Targets Bordering Asian Countries Icefog PcShare PlugX Poison Ivy QuickHeal DAGGER PANDA |
| 2021-06-10
⋅
ESET Research
⋅
BackdoorDiplomacy: Upgrading from Quarian to Turian CHINACHOPPER DoublePulsar EternalRocks turian BackdoorDiplomacy |
| 2021-06-02
⋅
Trend Micro
⋅
Taking Advantage of PE Metadata,or How To Complete your Favorite ThreatActor’s Sample Collection (Paper) HyperSSL |
| 2021-06-02
⋅
Twitter (@xorhex)
⋅
Tweet on new variant of PlugX from RedDelta Group PlugX |
| 2021-06-02
⋅
Trend Micro
⋅
Taking Advantage of PE Metadata, or How To Complete Your Favorite Threat Actor’s Sample Collection HyperSSL |
| 2021-06-02
⋅
xorhex blog
⋅
RedDelta PlugX Undergoing Changes and Overlapping Again with Mustang Panda PlugX Infrastructure PlugX |
| 2021-05-27
⋅
xorhex blog
⋅
Mustang Panda PlugX - Reused Mutex and Folder Found in the Extracted Config PlugX |
| 2021-05-17
⋅
xorhex blog
⋅
Mustang Panda PlugX - 45.251.240.55 Pivot PlugX |
| 2021-05-07
⋅
Cisco Talos
⋅
Lemon Duck spreads its wings: Actors target Microsoft Exchange servers, incorporate new TTPs CHINACHOPPER Cobalt Strike Lemon Duck |
| 2021-05-07
⋅
TEAMT5
⋅
Mem2Img: Memory-Resident Malware Detection via Convolution Neural Network Cobalt Strike PlugX Waterbear |
| 2021-05-07
⋅
SophosLabs Uncut
⋅
New Lemon Duck variants exploiting Microsoft Exchange Server CHINACHOPPER Cobalt Strike Lemon Duck |
| 2021-05-06
⋅
Trend Micro
⋅
Proxylogon: A Coinminer, a Ransomware, and a Botnet Join the Party BlackKingdom Ransomware CHINACHOPPER Lemon Duck Prometei |
| 2021-05-05
⋅
Symantec
⋅
Multi-Factor Authentication: Headache for Cyber Actors Inspires New Attack Techniques CHINACHOPPER |
| 2021-05-05
⋅
Zscaler
⋅
Catching RATs Over Custom Protocols Analysis of top non-HTTP/S threats Agent Tesla AsyncRAT Crimson RAT CyberGate Ghost RAT Nanocore RAT NetWire RC NjRAT Quasar RAT Remcos |
| 2021-04-29
⋅
ESET Research
⋅
ESET Industry Report on Government: Targeted but not alone Exaramel Crutch Exaramel HyperBro HyperSSL InvisiMole XDSpy |
| 2021-04-28
⋅
Trend Micro
⋅
Water Pamola Attacked Online Shops Via Malicious Orders Ghost RAT |
| 2021-04-27
⋅
Trend Micro
⋅
Hello Ransomware Uses Updated China Chopper Web Shell, SharePoint Vulnerability CHINACHOPPER Cobalt Strike |
| 2021-04-16
⋅
Trend Micro
⋅
Could the Microsoft Exchange breach be stopped? CHINACHOPPER |
| 2021-04-15
⋅
Palo Alto Networks Unit 42
⋅
Actor Exploits Microsoft Exchange Server Vulnerabilities, Cortex XDR Blocks Harvesting of Credentials CHINACHOPPER |
| 2021-04-09
⋅
Trend Micro
⋅
Iron Tiger APT Updates Toolkit With Evolved SysUpdate Malware HyperBro HyperSSL APT27 |
| 2021-04-02
⋅
Dr.Web
⋅
Study of targeted attacks on Russian research institutes Cotx RAT Ghost RAT TA428 |
| 2021-03-29
⋅
The Record
⋅
RedEcho group parks domains after public exposure PlugX ShadowPad RedEcho |
| 2021-03-26
⋅
Imperva
⋅
Imperva Observes Hive of Activity Following Hafnium Microsoft Exchange Disclosures CHINACHOPPER |
| 2021-03-25
⋅
Microsoft
⋅
Web Shell Threat Hunting with Azure Sentinel CHINACHOPPER |
| 2021-03-25
⋅
Recorded Future
⋅
Suspected Chinese Group Calypso APT Exploiting Vulnerable Microsoft Exchange Servers Meterpreter PlugX |
| 2021-03-25
⋅
Microsoft
⋅
Analyzing attacks taking advantage of the Exchange Server vulnerabilities CHINACHOPPER |
| 2021-03-21
⋅
Twitter (@CyberRaiju)
⋅
Twitter Thread with analysis of .NET China Chopper CHINACHOPPER |
| 2021-03-19
⋅
Bundesamt für Sicherheit in der Informationstechnik
⋅
Microsoft Exchange Schwachstellen Detektion und Reaktion (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065) CHINACHOPPER MimiKatz |
| 2021-03-17
⋅
Recorded Future
⋅
China-linked TA428 Continues to Target Russia and Mongolia IT Companies PlugX Poison Ivy TA428 |
| 2021-03-15
⋅
Trustwave
⋅
HAFNIUM, China Chopper and ASP.NET Runtime CHINACHOPPER |
| 2021-03-11
⋅
Cyborg Security
⋅
You Don't Know the HAFNIUM of it... CHINACHOPPER Cobalt Strike PowerCat |
| 2021-03-11
⋅
Palo Alto Networks Unit 42
⋅
Microsoft Exchange Server Attack Timeline CHINACHOPPER |
| 2021-03-11
⋅
DEVO
⋅
Detection and Investigation Using Devo: HAFNIUM 0-day Exploits on Microsoft Exchange Service CHINACHOPPER MimiKatz |
| 2021-03-10
⋅
Lemon's InfoSec Ramblings
⋅
Microsoft Exchange & the HAFNIUM Threat Actor CHINACHOPPER |
| 2021-03-10
⋅
PICUS Security
⋅
Tactics, Techniques, and Procedures (TTPs) Used by HAFNIUM to Target Microsoft Exchange Servers CHINACHOPPER |
| 2021-03-10
⋅
ESET Research
⋅
Exchange servers under siege from at least 10 APT groups Microcin MimiKatz PlugX Winnti APT27 APT41 Calypso Tick ToddyCat Tonto Team Vicious Panda |
| 2021-03-10
⋅
DomainTools
⋅
Examining Exchange Exploitation and its Lessons for Defenders CHINACHOPPER |
| 2021-03-09
⋅
Palo Alto Networks Unit 42
⋅
Remediation Steps for the Microsoft Exchange Server Vulnerabilities CHINACHOPPER |
| 2021-03-09
⋅
Red Canary
⋅
Microsoft Exchange server exploitation: how to detect, mitigate, and stay calm CHINACHOPPER |
| 2021-03-09
⋅
PRAETORIAN
⋅
Reproducing the Microsoft Exchange Proxylogon Exploit Chain CHINACHOPPER |
| 2021-03-09
⋅
YouTube (John Hammond)
⋅
HAFNIUM - Post-Exploitation Analysis from Microsoft Exchange CHINACHOPPER |
| 2021-03-08
⋅
Symantec
⋅
How Symantec Stops Microsoft Exchange Server Attacks CHINACHOPPER MimiKatz |
| 2021-03-08
⋅
Palo Alto Networks Unit 42
⋅
Analyzing Attacks Against Microsoft Exchange Server With China Chopper Webshells CHINACHOPPER |
| 2021-03-07
⋅
TRUESEC
⋅
Tracking Microsoft Exchange Zero-Day ProxyLogon and HAFNIUM CHINACHOPPER |
| 2021-03-05
⋅
Wired
⋅
Chinese Hacking Spree Hit an ‘Astronomical’ Number of Victims CHINACHOPPER |
| 2021-03-05
⋅
Huntress Labs
⋅
Operation Exchange Marauder CHINACHOPPER |
| 2021-03-04
⋅
Huntress Labs
⋅
Operation Exchange Marauder CHINACHOPPER |
| 2021-03-04
⋅
FireEye
⋅
Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities CHINACHOPPER HAFNIUM |
| 2021-03-04
⋅
CrowdStrike
⋅
Falcon Complete Stops Microsoft Exchange Server Zero-Day Exploits CHINACHOPPER HAFNIUM |
| 2021-03-03
⋅
Huntress Labs
⋅
Rapid Response: Mass Exploitation of On-Prem Exchange Servers CHINACHOPPER HAFNIUM |
| 2021-03-03
⋅
Huntress Labs
⋅
Mass exploitation of on-prem Exchange servers :( CHINACHOPPER HAFNIUM |
| 2021-03-03
⋅
MITRE
⋅
HAFNIUM CHINACHOPPER HAFNIUM |
| 2021-03-02
⋅
Twitter (@ESETresearch)
⋅
Tweet on Exchange RCE CHINACHOPPER HAFNIUM |
| 2021-03-02
⋅
Volexity
⋅
Operation Exchange Marauder: Active Exploitation of Multiple Zero-Day Microsoft Exchange Vulnerabilities CHINACHOPPER HAFNIUM |
| 2021-03-02
⋅
Rapid7 Labs
⋅
Rapid7’s InsightIDR Enables Detection And Response to Microsoft Exchange Zero-Day CHINACHOPPER HAFNIUM |
| 2021-03-02
⋅
Microsoft
⋅
HAFNIUM targeting Exchange Servers with 0-day exploits CHINACHOPPER HAFNIUM |
| 2021-02-28
⋅
Recorded Future
⋅
China-Linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions Icefog PlugX ShadowPad |
| 2021-02-28
⋅
PWC UK
⋅
Cyber Threats 2020: A Year in Retrospect elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare APT10 APT23 APT27 APT31 APT41 BlackTech BRONZE EDGEWOOD Inception Framework MUSTANG PANDA Red Charon Red Nue Sea Turtle Tonto Team |
| 2021-02-28
⋅
Recorded Future
⋅
China-linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions PlugX ShadowPad RedEcho |
| 2021-02-23
⋅
CrowdStrike
⋅
2021 Global Threat Report RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader Evilnum OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER |
| 2021-02-22
⋅
tccontre Blog
⋅
Gh0stRat Anti-Debugging: Nested SEH (try - catch) to Decrypt and Load its Payload Ghost RAT |
| 2021-02-08
⋅
Myanmar Computer Emergency Response Team
⋅
PlugX Removal Guide Version 1.2 PlugX |
| 2021-02-01
⋅
ESET Research
⋅
Operation NightScout: Supply‑chain attack targets online gaming in Asia Ghost RAT NoxPlayer Poison Ivy Red Dev 17 |
| 2021-01-29
⋅
Trend Micro
⋅
Chopper ASPX web shell used in targeted attack CHINACHOPPER MimiKatz |
| 2021-01-20
⋅
Trend Micro
⋅
XDR investigation uncovers PlugX, unique technique in APT attack PlugX |
| 2021-01-15
⋅
Swisscom
⋅
Cracking a Soft Cell is Harder Than You Think Ghost RAT MimiKatz PlugX Poison Ivy Trochilus RAT |
| 2021-01-14
⋅
PTSecurity
⋅
Higaisa or Winnti? APT41 backdoors, old and new Cobalt Strike CROSSWALK FunnySwitch PlugX ShadowPad |
| 2021-01-09
⋅
Marco Ramilli's Blog
⋅
Command and Control Traffic Patterns ostap LaZagne Agent Tesla Azorult Buer Cobalt Strike DanaBot DarkComet Dridex Emotet Formbook IcedID ISFB NetWire RC PlugX Quasar RAT SmokeLoader TrickBot |
| 2021-01-04
⋅
Bleeping Computer
⋅
China's APT hackers move to ransomware attacks Clambling PlugX |
| 2021-01-01
⋅
DomainTools
⋅
Conceptualizing a Continuum of Cyber Threat Attribution CHINACHOPPER SUNBURST |
| 2020-12-24
⋅
IronNet
⋅
China cyber attacks: the current threat landscape PLEAD TSCookie FlowCloud Lookback PLEAD PlugX Quasar RAT Winnti |
| 2020-12-18
⋅
Seqrite
⋅
RAT used by Chinese cyberspies infiltrating Indian businesses Ghost RAT |
| 2020-12-10
⋅
ESET Research
⋅
Operation StealthyTrident: corporate software under attack HyperBro PlugX Tmanger TA428 |
| 2020-12-10
⋅
ESET Research
⋅
Operation StealthyTrident: corporate software under attack HyperBro PlugX ShadowPad Tmanger |
| 2020-12-10
⋅
Intel 471
⋅
No pandas, just people: The current state of China’s cybercrime underground Anubis SpyNote AsyncRAT Cobalt Strike Ghost RAT NjRAT |
| 2020-12-10
⋅
US-CERT
⋅
Alert (AA20-345A): Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data PerlBot Shlayer Agent Tesla Cerber Dridex Ghost RAT Kovter Maze MedusaLocker Nanocore RAT Nefilim REvil Ryuk Zeus |
| 2020-12-09
⋅
Avast Decoded
⋅
APT Group Targeting Governmental Agencies in East Asia LaZagne Albaniiutas HyperBro MimiKatz PolPo Tmanger TaskMasters |
| 2020-12-09
⋅
Avast Decoded
⋅
APT Group Targeting Governmental Agencies in East Asia Albaniiutas HyperBro PlugX PolPo Tmanger |
| 2020-12-09
⋅
Avast Decoded
⋅
APT Group Targeting Governmental Agencies in East Asia Albaniiutas HyperBro PlugX Tmanger TA428 |
| 2020-11-27
⋅
PTSecurity
⋅
Investigation with a twist: an accidental APT attack and averted data destruction TwoFace CHINACHOPPER HyperBro MegaCortex MimiKatz |
| 2020-11-23
⋅
Proofpoint
⋅
TA416 Goes to Ground and Returns with a Golang PlugX Malware Loader PlugX MUSTANG PANDA |
| 2020-11-20
⋅
Trend Micro
⋅
Weaponizing Open Source Software for Targeted Attacks LaZagne Defray PlugX |
| 2020-11-04
⋅
Sophos
⋅
A new APT uses DLL side-loads to “KilllSomeOne” KilllSomeOne PlugX |
| 2020-11-03
⋅
Kaspersky Labs
⋅
APT trends report Q3 2020 WellMail EVILNUM Janicab Poet RAT AsyncRAT Ave Maria Cobalt Strike Crimson RAT CROSSWALK Dtrack LODEINFO MoriAgent Okrum PlugX POISONPLUG Rover ShadowPad SoreFang Winnti |
| 2020-10-30
⋅
YouTube (Kaspersky Tech)
⋅
Around the world in 80 days 4.2bn packets Cobalt Strike Derusbi HyperBro Poison Ivy ShadowPad Winnti |
| 2020-10-27
⋅
Dr.Web
⋅
Study of the ShadowPad APT backdoor and its relation to PlugX Ghost RAT PlugX ShadowPad |
| 2020-10-01
⋅
US-CERT
⋅
Alert (AA20-275A): Potential for China Cyber Response to Heightened U.S.-China Tensions CHINACHOPPER Cobalt Strike Empire Downloader MimiKatz Poison Ivy |
| 2020-09-30
⋅
Team Cymru
⋅
Pandamic: Emissary Pandas in the Middle East HyperBro HyperSSL |
| 2020-09-18
⋅
Symantec
⋅
APT41: Indictments Put Chinese Espionage Group in the Spotlight CROSSWALK PlugX POISONPLUG ShadowPad Winnti |
| 2020-09-15
⋅
US-CERT
⋅
Alert (AA20-259A): Iran-Based Threat Actor Exploits VPN Vulnerabilities CHINACHOPPER Fox Kitten |
| 2020-09-15
⋅
Recorded Future
⋅
Back Despite Disruption: RedDelta Resumes Operations PlugX |
| 2020-09-15
⋅
US-CERT
⋅
Malware Analysis Report (AR20-259A): Iranian Web Shells CHINACHOPPER |
| 2020-09-11
⋅
ThreatConnect
⋅
Research Roundup: Activity on Previously Identified APT33 Domains Emotet PlugX APT33 |
| 2020-07-29
⋅
Recorded Future
⋅
Chinese State-sponsored Group RedDelta Targets the Vatican and Catholic Organizations PlugX |
| 2020-07-29
⋅
ESET Research
⋅
THREAT REPORT Q2 2020 DEFENSOR ID HiddenAd Bundlore Pirrit Agent.BTZ Cerber ClipBanker CROSSWALK Cryptowall CTB Locker DanaBot Dharma Formbook Gandcrab Grandoreiro Houdini ISFB LockBit Locky Mailto Maze Microcin Nemty NjRAT Phobos PlugX Pony REvil Socelars STOP Tinba TrickBot WannaCryptor |
| 2020-07-29
⋅
Kaspersky Labs
⋅
APT trends report Q2 2020 PhantomLance Dacls Penquin Turla elf.wellmess AppleJeus Dacls AcidBox Cobalt Strike Dacls EternalPetya Godlike12 Olympic Destroyer PlugX shadowhammer ShadowPad Sinowal VHD Ransomware Volgmer WellMess X-Agent XTunnel |
| 2020-07-28
⋅
⋅
NTT
⋅
CraftyPanda 標的型攻撃解析レポート Ghost RAT PlugX |
| 2020-07-21
⋅
Department of Justice
⋅
Two Chinese Hackers Working with the Ministry of State Security Charged with Global Computer Intrusion Campaign Targeting Intellectual Property and Confidential Business Information, Including COVID-19 Research CHINACHOPPER BRONZE SPRING |
| 2020-07-20
⋅
Dr.Web
⋅
Study of the APT attacks on state institutions in Kazakhstan and Kyrgyzstan Microcin Mirage PlugX WhiteBird |
| 2020-07-20
⋅
Risky.biz
⋅
What even is Winnti? CCleaner Backdoor Ghost RAT PlugX ZXShell |
| 2020-07-20
⋅
or10nlabs
⋅
Reverse Engineering the New Mustang Panda PlugX Downloader PlugX |
| 2020-07-15
⋅
ZDNet
⋅
Chinese state hackers target Hong Kong Catholic Church PlugX |
| 2020-07-05
⋅
or10nlabs
⋅
Reverse Engineering the Mustang Panda PlugX RAT – Extracting the Config PlugX |
| 2020-07-01
⋅
Contextis
⋅
DLL Search Order Hijacking Cobalt Strike PlugX |
| 2020-06-14
⋅
BushidoToken
⋅
Deep-dive: The DarkHotel APT Asruex Ghost RAT Ramsay Retro Unidentified 076 (Higaisa LNK to Shellcode) |
| 2020-06-05
⋅
Prevailion
⋅
The Gh0st Remains the Same Ghost RAT |
| 2020-06-04
⋅
PTSecurity
⋅
COVID-19 and New Year greetings: an investigation into the tools and methods used by the Higaisa group Ghost RAT SongXY |
| 2020-06-03
⋅
Trend Micro
⋅
How to perform long term monitoring of careless threat actors BBSRAT HyperBro Trochilus RAT |
| 2020-06-03
⋅
Kaspersky Labs
⋅
Cycldek: Bridging the (air) gap 8.t Dropper NewCore RAT PlugX USBCulprit GOBLIN PANDA Hellsing |
| 2020-06-02
⋅
Lab52
⋅
Mustang Panda Recent Activity: Dll-Sideloading trojans with temporal C2 servers PlugX |
| 2020-05-24
⋅
or10nlabs
⋅
Reverse Engineering the Mustang Panda PlugX Loader PlugX |
| 2020-05-20
⋅
Medium Asuna Amawaka
⋅
What happened between the BigBadWolf and the Tiger? Ghost RAT |
| 2020-05-15
⋅
Twitter (@stvemillertime)
⋅
Tweet on SOGU development timeline, including TIGERPLUG IOCs PlugX |
| 2020-05-14
⋅
Lab52
⋅
The energy reserves in the Eastern Mediterranean Sea and a malicious campaign of APT10 against Turkey Cobalt Strike HTran MimiKatz PlugX Quasar RAT |
| 2020-05-14
⋅
Avast Decoded
⋅
APT Group Planted Backdoors Targeting High Profile Networks in Central Asia BYEBY Ghost RAT Microcin MimiKatz Vicious Panda |
| 2020-05-01
⋅
⋅
Viettel Cybersecurity
⋅
Chiến dịch của nhóm APT Trung Quốc Goblin Panda tấn công vào Việt Nam lợi dụng đại dịch Covid-19 (phần 1) NewCore RAT PlugX |
| 2020-04-07
⋅
Blackberry
⋅
Decade of the RATS: Cross-Platform APT Espionage Attacks Targeting Linux, Windows and Android Penquin Turla XOR DDoS ZXShell |
| 2020-03-25
⋅
Team Cymru
⋅
How the Iranian Cyber Security Agency Detects Emissary Panda Malware HyperBro |
| 2020-03-22
⋅
Anomali
⋅
COVID-19 Themes Are Being Utilized by Threat Actors of Varying Sophistication PlugX |
| 2020-03-19
⋅
⋅
VinCSS
⋅
Analysis of malware taking advantage of the Covid-19 epidemic to spread fake "Directive of Prime Minister Nguyen Xuan Phuc" - Part 2 PlugX |
| 2020-03-10
⋅
⋅
VinCSS
⋅
[RE012] Analysis of malware taking advantage of the Covid-19 epidemic to spread fake "Directive of Prime Minister Nguyen Xuan Phuc" - Part 1 PlugX |
| 2020-03-05
⋅
SophosLabs
⋅
Cloud Snooper Attack Bypasses AWS Security Measures Cloud Snooper Ghost RAT |
| 2020-03-02
⋅
Virus Bulletin
⋅
Pulling the PKPLUG: the adversary playbook for the long-standing espionage activity of a Chinese nation-state adversary HenBox Farseer PlugX Poison Ivy |
| 2020-02-21
⋅
ADEO DFIR
⋅
APT10 Threat Analysis Report CHINACHOPPER HTran MimiKatz PlugX Quasar RAT |
| 2020-02-18
⋅
Trend Micro
⋅
Uncovering DRBControl: Inside the Cyberespionage Campaign Targeting Gambling Operations Cobalt Strike HyperBro PlugX Trochilus RAT Operation DRBControl |
| 2020-02-17
⋅
Talent-Jump Technologies
⋅
CLAMBLING - A New Backdoor Base On Dropbox HyperBro PlugX |
| 2020-01-31
⋅
Avira
⋅
New wave of PlugX targets Hong Kong PlugX |
| 2020-01-31
⋅
YouTube (Context Information Security)
⋅
New AVIVORE threat group – how they operate and managing the risk PlugX |
| 2020-01-13
⋅
Lab52
⋅
APT27 ZxShell RootKit module updates ZXShell |
| 2020-01-01
⋅
Secureworks
⋅
BRONZE PRESIDENT CHINACHOPPER Cobalt Strike PlugX MUSTANG PANDA |
| 2020-01-01
⋅
FireEye
⋅
Mandiant IR Grab Bag of Attacker Activity TwoFace CHINACHOPPER HyperBro HyperSSL |
| 2020-01-01
⋅
Secureworks
⋅
BRONZE ATLAS Speculoos Winnti ACEHASH CCleaner Backdoor CHINACHOPPER Empire Downloader HTran MimiKatz PlugX Winnti APT41 |
| 2020-01-01
⋅
Secureworks
⋅
BRONZE EDISON Ghost RAT sykipot APT4 SAMURAI PANDA |
| 2020-01-01
⋅
Secureworks
⋅
BRONZE OLIVE ANGRYREBEL PlugX APT22 |
| 2020-01-01
⋅
Secureworks
⋅
BRONZE UNION 9002 RAT CHINACHOPPER Enfal Ghost RAT HttpBrowser HyperBro owaauth PlugX Poison Ivy ZXShell APT27 |
| 2020-01-01
⋅
Secureworks
⋅
BRONZE KEYSTONE 9002 RAT BLACKCOFFEE DeputyDog Derusbi HiKit PlugX Poison Ivy ZXShell APT17 |
| 2020-01-01
⋅
Secureworks
⋅
BRONZE RIVERSIDE Anel ChChes Cobalt Strike PlugX Poison Ivy Quasar RAT RedLeaves APT10 |
| 2020-01-01
⋅
Secureworks
⋅
BRONZE OVERBROOK Aveo DDKONG IsSpace PLAINTEE PlugX Rambo DragonOK |
| 2020-01-01
⋅
Secureworks
⋅
BRONZE FIRESTONE 9002 RAT Derusbi Empire Downloader PlugX Poison Ivy APT19 |
| 2020-01-01
⋅
Dragos
⋅
Threat Intelligence and the Limits of Malware Analysis Exaramel Exaramel Industroyer Lookback NjRAT PlugX |
| 2020-01-01
⋅
Secureworks
⋅
BRONZE GLOBE EtumBot Ghost RAT APT12 |
| 2020-01-01
⋅
Secureworks
⋅
BRONZE FLEETWOOD Binanen Ghost RAT OrcaRAT APT5 |
| 2020-01-01
⋅
Secureworks
⋅
BRONZE MOHAWK AIRBREAK scanbox BLACKCOFFEE CHINACHOPPER Cobalt Strike Derusbi homefry murkytop SeDll APT40 |
| 2020-01-01
⋅
Secureworks
⋅
BRONZE WOODLAND PlugX Zeus Roaming Tiger |
| 2020-01-01
⋅
Secureworks
⋅
BRONZE EXPRESS 9002 RAT CHINACHOPPER IsSpace NewCT PlugX smac APT26 |
| 2019-12-29
⋅
Secureworks
⋅
BRONZE PRESIDENT Targets NGOs PlugX |
| 2019-12-12
⋅
Microsoft
⋅
GALLIUM: Targeting global telecom CHINACHOPPER Ghost RAT HTran MimiKatz Poison Ivy GALLIUM |
| 2019-11-19
⋅
FireEye
⋅
Achievement Unlocked: Chinese Cyber Espionage Evolves to Support Higher Level Missions MESSAGETAP TSCookie ACEHASH CHINACHOPPER Cobalt Strike Derusbi Empire Downloader Ghost RAT HIGHNOON HTran MimiKatz NetWire RC POISONPLUG Poison Ivy pupy Quasar RAT ZXShell |
| 2019-11-16
⋅
Silas Cutler's Blog
⋅
Fresh PlugX October 2019 PlugX |
| 2019-11-11
⋅
Virus Bulletin
⋅
APT cases exploiting vulnerabilities in region‑specific software NodeRAT Emdivi PlugX |
| 2019-11-06
⋅
VirusBulletin
⋅
A vine climbing over the Great Firewall: a long‑term attack against China Poison Ivy ZXShell GreenSpot |
| 2019-11-04
⋅
⋅
Tencent
⋅
APT attack group "Higaisa" attack activity disclosed Ghost RAT Higaisa |
| 2019-10-31
⋅
PTSecurity
⋅
Calypso APT: new group attacking state institutions BYEBY FlyingDutchman Hussar PlugX |
| 2019-10-22
⋅
Contextis
⋅
AVIVORE - An overview of Tools, Techniques and Procedures (Whitepaper) PlugX Avivore |
| 2019-10-03
⋅
Palo Alto Networks Unit 42
⋅
PKPLUG: Chinese Cyber Espionage Group Attacking Asia HenBox Farseer PlugX |
| 2019-10-03
⋅
ComputerWeekly
⋅
New threat group behind Airbus cyber attacks, claim researchers PlugX Avivore |
| 2019-09-23
⋅
MITRE
⋅
APT41 Derusbi MESSAGETAP Winnti ASPXSpy BLACKCOFFEE CHINACHOPPER Cobalt Strike Derusbi Empire Downloader Ghost RAT MimiKatz NjRAT PlugX ShadowPad Winnti ZXShell APT41 |
| 2019-09-19
⋅
Emissary Panda APT: Recent infrastructure and RAT analysis ZXShell |
| 2019-09-17
⋅
Talos
⋅
Cryptocurrency miners aren’t dead yet: Documenting the voracious but simple “Panda” Ghost RAT |
| 2019-08-27
⋅
Cisco Talos
⋅
China Chopper still active 9 years later CHINACHOPPER |
| 2019-08-19
⋅
FireEye
⋅
GAME OVER: Detecting and Stopping an APT41 Operation ACEHASH CHINACHOPPER HIGHNOON |
| 2019-07-21
⋅
One Night in Norfolk
⋅
Emissary Panda DLL Backdoor HyperSSL |
| 2019-06-25
⋅
Cybereason
⋅
OPERATION SOFT CELL: A WORLDWIDE CAMPAIGN AGAINST TELECOMMUNICATIONS PROVIDERS CHINACHOPPER HTran MimiKatz Poison Ivy Operation Soft Cell |
| 2019-06-19
⋅
YouTube (44CON Information Security Conference)
⋅
The Malware CAPE: Automated Extraction of Configuration and Payloads from Sophisticated Malware PlugX |
| 2019-06-13
⋅
ae CERT
⋅
Advanced Notification of Cyber Threats against Family of Malware Giving Remote Access to Computers HyperBro HyperSSL |
| 2019-06-03
⋅
FireEye
⋅
Into the Fog - The Return of ICEFOG APT Icefog PlugX Sarhust |
| 2019-05-28
⋅
Palo Alto Networks Unit 42
⋅
Emissary Panda Attacks Middle East Government Sharepoint Servers CHINACHOPPER HyperSSL |
| 2019-05-24
⋅
Fortinet
⋅
Uncovering new Activity by APT10 PlugX Quasar RAT |
| 2019-04-25
⋅
⋅
DATANET
⋅
Chinese-based hackers attack domestic energy institutions CALMTHORN Ghost RAT |
| 2019-03-19
⋅
NSHC
⋅
SectorM04 Targeting Singapore – An Analysis PlugX Termite |
| 2019-02-27
⋅
Secureworks
⋅
A Peek into BRONZE UNION’s Toolbox Ghost RAT HyperBro ZXShell |
| 2019-01-07
⋅
Intezer
⋅
ChinaZ Revelations: Revealing ChinaZ Relationships with other Chinese Threat Actor Groups Ghost RAT |
| 2019-01-01
⋅
MITRE
⋅
Group description: Threat Group-3390 APT27 |
| 2019-01-01
⋅
Council on Foreign Relations
⋅
Iron Tiger APT27 |
| 2019-01-01
⋅
Virus Bulletin
⋅
A vine climbing over the Great Firewall: A long-term attack against China Poison Ivy ZXShell |
| 2019-01-01
⋅
MITRE
⋅
Tool description: China Chopper CHINACHOPPER |
| 2018-12-14
⋅
Australian Cyber Security Centre
⋅
Investigationreport: Compromise of an Australian companyvia their Managed Service Provider PlugX RedLeaves |
| 2018-09-19
⋅
Möbius Strip Reverse Engineering
⋅
Hex-Rays Microcode API vs. Obfuscating Compiler Ghost RAT |
| 2018-09-10
⋅
Kaspersky Labs
⋅
LuckyMouse signs malicious NDISProxy driver with certificate of Chinese IT company Unidentified 080 APT27 |
| 2018-08-21
⋅
Trend Micro
⋅
Operation Red Signature Targets South Korean Companies 9002 RAT PlugX Operation Red Signature |
| 2018-07-31
⋅
Medium Sebdraven
⋅
Malicious document targets Vietnamese officials 8.t Dropper PlugX 1937CN |
| 2018-06-15
⋅
Bleeping Computer
⋅
Chinese Cyber-Espionage Group Hacked Government Data Center APT27 |
| 2018-06-13
⋅
Kaspersky Labs
⋅
LuckyMouse hits national data center to organize country-level waterholing campaign HyperBro APT27 |
| 2018-05-18
⋅
NCC Group
⋅
Emissary Panda – A potential new malicious tool HttpBrowser |
| 2018-05-09
⋅
COUNT UPON SECURITY
⋅
Malware Analysis - PlugX - Part 2 PlugX |
| 2018-04-20
⋅
NCC Group
⋅
Decoding network data from a Gh0st RAT variant Ghost RAT APT27 |
| 2018-04-17
⋅
NCC Group
⋅
Decoding network data from a Gh0st RAT variant Ghost RAT APT27 |
| 2018-03-16
⋅
FireEye
⋅
Suspected Chinese Cyber Espionage Group (TEMP.Periscope) Targeting U.S. Engineering and Maritime Industries badflick BLACKCOFFEE CHINACHOPPER homefry murkytop SeDll APT40 |
| 2018-03-13
⋅
Kaspersky Labs
⋅
Time of death? A therapeutic postmortem of connected medicine PlugX |
| 2018-02-04
⋅
COUNT UPON SECURITY
⋅
MALWARE ANALYSIS – PLUGX PlugX |
| 2018-02-01
⋅
Bitdefender
⋅
Operation PZChao: a possible return of the Iron Tiger APT APT27 |
| 2018-02-01
⋅
Bitdefender
⋅
Operation PZCHAO Inside a highly specialized espionage infrastructure Ghost RAT APT27 |
| 2018-01-04
⋅
Malware Traffic Analysis
⋅
MALSPAM PUSHING PCRAT/GH0ST Ghost RAT |
| 2017-12-20
⋅
CrowdStrike
⋅
An End to “Smash-and-Grab” and a Move to More Targeted Approaches CHINACHOPPER |
| 2017-12-19
⋅
Proofpoint
⋅
North Korea Bitten by Bitcoin Bug QUICKCAFE PowerSpritz Ghost RAT PowerRatankba |
| 2017-12-19
⋅
Proofpoint
⋅
North Korea Bitten by Bitcoin Bug: Financially motivated campaigns reveal new dimension of the Lazarus Group Ghost RAT |
| 2017-12-18
⋅
⋅
LAC
⋅
Relationship between PlugX and attacker group "DragonOK" PlugX |
| 2017-06-27
⋅
Secureworks
⋅
BRONZE UNION Cyberespionage Persists Despite Disclosures APT27 |
| 2017-06-27
⋅
Palo Alto Networks Unit 42
⋅
Paranoid PlugX PlugX |
| 2017-05-31
⋅
MITRE
⋅
Axiom Derusbi 9002 RAT BLACKCOFFEE Derusbi Ghost RAT HiKit PlugX ZXShell APT17 |
| 2017-05-31
⋅
MITRE
⋅
PittyTiger Enfal Ghost RAT MimiKatz Poison Ivy APT24 |
| 2017-05-31
⋅
MITRE
⋅
APT18 Ghost RAT HttpBrowser APT18 |
| 2017-04-27
⋅
US-CERT
⋅
Alert (TA17-117A): Intrusions Affecting Multiple Victims Across Multiple Sectors PlugX RedLeaves |
| 2017-04-03
⋅
JPCERT/CC
⋅
RedLeaves - Malware Based on Open Source RAT PlugX RedLeaves Trochilus RAT |
| 2017-04-01
⋅
PricewaterhouseCoopers
⋅
Operation Cloud Hopper: Technical Annex ChChes PlugX Quasar RAT RedLeaves Trochilus RAT |
| 2017-02-25
⋅
Financial Security Institute
⋅
Silent RIFLE: Response Against Advanced Threat Ghost RAT |
| 2017-02-21
⋅
JPCERT/CC
⋅
PlugX + Poison Ivy = PlugIvy? - PlugX Integrating Poison Ivy’s Code PlugX |
| 2017-02-13
⋅
RSA
⋅
KINGSLAYER – A SUPPLY CHAIN ATTACK CodeKey PlugX |
| 2016-10-28
⋅
Github (smb01)
⋅
zxshell repository ZXShell |
| 2016-10-17
⋅
ThreatConnect
⋅
A Tale of Two Targets HttpBrowser APT27 |
| 2016-08-25
⋅
Malwarebytes
⋅
Unpacking the spyware disguised as antivirus PlugX |
| 2016-06-13
⋅
⋅
Macnica Networks
⋅
Survey of the actual situation of the large-scale cyber spy activity that hit Japan | 1st edition Emdivi PlugX |
| 2016-04-22
⋅
Cylance
⋅
The Ghost Dragon Ghost RAT |
| 2016-01-22
⋅
RSA Link
⋅
PlugX APT Malware PlugX |
| 2015-09-17
⋅
Trend Micro
⋅
Operation Iron Tiger: Exploring Chinese Cyber-Espionage Attacks on United States Defense Contractors APT27 |
| 2015-09-16
⋅
Trend Micro
⋅
Operation Iron Tiger: Attackers Shift from East Asia to the United States APT27 |
| 2015-09-15
⋅
Proofpoint
⋅
In Pursuit of Optical Fibers and Troop Intel: Targeted Attack Distributes PlugX in Russia PlugX |
| 2015-08-05
⋅
Secureworks
⋅
Threat Group 3390 Cyberespionage APT27 |
| 2015-08-05
⋅
Ars Technica
⋅
Newly discovered Chinese hacking group hacked 100+ websites to use as “watering holes” APT27 |
| 2015-08-01
⋅
Arbor Networks
⋅
Uncovering the Seven Pointed Dagger 9002 RAT EvilGrab PlugX Trochilus RAT APT9 |
| 2015-02-27
⋅
ThreatConnect
⋅
The Anthem Hack: All Roads Lead to China HttpBrowser |
| 2015-02-06
⋅
CrowdStrike
⋅
CrowdStrike Global Threat Intel Report 2014 BlackPOS CryptoLocker Derusbi Elise Enfal EvilGrab Gameover P2P HttpBrowser Medusa Mirage Naikon NetTraveler pirpi PlugX Poison Ivy Sakula RAT Sinowal sykipot taidoor |
| 2015-01-29
⋅
JPCERT/CC
⋅
Analysis of a Recent PlugX Variant - “P2P PlugX” PlugX |
| 2014-10-28
⋅
Cisco
⋅
Threat Spotlight: Group 72, Opening the ZxShell ZXShell |
| 2014-06-27
⋅
SophosLabs
⋅
PlugX - The Next Generation PlugX |
| 2014-06-10
⋅
FireEye
⋅
Clandestine Fox, Part Deux PlugX |
| 2014-01-22
⋅
SC Magazine
⋅
Iran and Russia blamed for state-sponsored espionage APT27 |
| 2014-01-06
⋅
Airbus
⋅
PlugX: some uncovered points PlugX |
| 2013-08-07
⋅
FireEye
⋅
Breaking Down the China Chopper Web Shell - Part I CHINACHOPPER |
| 2013-03-29
⋅
Computer Incident Response Center Luxembourg
⋅
Analysis Report (TLP:WHITE) Analysis of a PlugX variant (PlugX version 7.0) PlugX |
| 2013-03-26
⋅
Contextis
⋅
PlugX–Payload Extraction PlugX |
| 2013-02-27
⋅
Trend Micro
⋅
BKDR_RARSTONE: New RAT to Watch Out For PlugX Naikon |
| 2012-02-10
⋅
tracker.h3x.eu
⋅
Info for Family: plugx PlugX |
| 2012-01-01
⋅
Norman ASA
⋅
The many faces of Gh0st Rat Ghost RAT |
| 2011-06-29
⋅
Symantec
⋅
Inside a Back Door Attack Ghost RAT Dust Storm |
| 2009-03-28
⋅
Infinitum Labs
⋅
Tracking GhostNet: Investigating a Cyber Espionage Network Ghost RAT GhostNet |