SYMBOLCOMMON_NAMEaka. SYNONYMS

APT17  (Back to overview)

aka: AURORA PANDA, Axiom, BRONZE KEYSTONE, Dogfish, G0001, G0025, Group 72, Group 8, HELIUM, Hidden Lynx, Tailgater Team

FireEye described APT17 in a 2015 report as: 'APT17, also known as DeputyDog, is a China based threat group that FireEye Intelligence has observed conducting network intrusions against U.S. government entities, the defense industry, law firms, information technology companies, mining companies, and non-government organizations.'


Associated Families
elf.speculoos osx.winnti win.hdroot win.derusbi win.highnote win.shadowpad win.winnti

References
2024-05-23ITOCHUITOCHU Cyber & Intelligence Inc.
Malware Transmutation! - Unveiling the Hidden Traces of BloodAlchemy
BloodAlchemy ShadowPad
2024-03-18Trend MicroDaniel Lunghi, Joseph C Chen
Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks
DinodasRAT PlugX Reshell ShadowPad Earth Krahang
2024-03-05ReliaquestRELIAQUEST THREAT RESEARCH TEAM
Anxun and Chinese APT Activity
ShadowPad
2024-03-01HarfangLabHarfangLab CTI
A Comprehensive Analysis of i-SOON’s Commercial Offering
ShadowPad Winnti
2024-02-21YouTube (SentinelOne)Kris McConkey
LABSCon23 Replay | Chasing Shadows | The rise of a prolific espionage actor
9002 RAT PlugX ShadowPad Spyder Earth Lusca
2024-02-09Hunt.ioMichael R
Tracking ShadowPad Infrastructure Via Non-Standard Certificates
ShadowPad
2024-01-09Recorded FutureInsikt Group
2023 Adversary Infrastructure Report
AsyncRAT Cobalt Strike Emotet PlugX ShadowPad
2023-11-07Youtube (Virus Bulletin)Daniel Lunghi
Possible supply chain attack targeting South Asian government delivers Shadowpad
ShadowPad
2023-10-04Trend MicroDaniel Lunghi
Possible supply chain attack targeting Pakistan government delivers ShadowPad
ShadowPad
2023-10-04Trend MicroDaniel Lunghi
Possible supply chain attack targeting Pakistan government delivers Shadowpad (Slides)
ShadowPad
2023-09-22Palo Alto Networks Unit 42Lior Rochberger, Robert Falcone, Tom Fakterman
Cyberespionage Attacks Against Southeast Asian Government Linked to Stately Taurus, Aka Mustang Panda
Cobalt Strike MimiKatz RemCom ShadowPad TONESHELL
2023-09-12SymantecThreat Hunter Team
Redfly: Espionage Actors Continue to Target Critical Infrastructure
ShadowPad Redfly
2023-08-07Recorded FutureInsikt Group
RedHotel: A Prolific, Chinese State-Sponsored Group Operating at a Global Scale
Winnti Brute Ratel C4 Cobalt Strike FunnySwitch PlugX ShadowPad Spyder Earth Lusca
2023-07-14Trend MicroDaniel Lunghi
Possible Supply-Chain Attack Targeting Pakistani Government Delivers Shadowpad
ShadowPad DriftingCloud Tonto Team
2023-05-15SymantecThreat Hunter Team
Lancefly: Group Uses Custom Backdoor to Target Orgs in Government, Aviation, Other Sectors
Merdoor PlugX ShadowPad ZXShell Lancefly
2023-02-02ElasticAndrew Pease, Cyril François, Devon Kerr, Remco Sprooten, Salim Bitam, Seth Goodwin
Update to the REF2924 intrusion set and related campaigns
DoorMe ShadowPad SiestaGraph
2023-01-14YouTube (CODE BLUE)Takahiro Haruyama
[CB22]Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulation and Scanning
ShadowPad Winnti
2022-10-27vmwareTakahiro Haruyama
Threat Analysis: Active C2 Discovery Using Protocol Emulation Part3 (ShadowPad)
ShadowPad
2022-10-25VMware Threat Analysis UnitTakahiro Haruyama
Tracking the entire iceberg: long-term APT malware C2 protocol emulation and scanning
ShadowPad Winnti
2022-09-30NCC GroupMichael Mullen, Nikolaos Pantazopoulos, William Backhouse
A glimpse into the shadowy realm of a Chinese APT: detailed analysis of a ShadowPad intrusion
ShadowPad
2022-09-26Youtube (Virus Bulletin)Takahiro Haruyama
Tracking the entire iceberg long term APT malware C2 protocol emulation and scanning
ShadowPad Winnti
2022-09-19Virus BulletinTakahiro Haruyama
Tracking the entire iceberg - long-term APT malware C2 protocol emulation and scanning
ShadowPad Winnti
2022-09-13SymantecThreat Hunter Team
New Wave of Espionage Activity Targets Asian Governments
MimiKatz PlugX Quasar RAT ShadowPad Trochilus RAT
2022-09-06ESET ResearchThibaut Passilly
Worok: The big picture
MimiKatz PNGLoad reGeorg ShadowPad Worok
2022-08-04MandiantMandiant
Advanced Persistent Threats (APTs)
APT1 APT10 APT12 APT14 APT15 APT16 APT17 APT18 APT19 APT2 APT20 APT21 APT22 APT23 APT24 APT27 APT3 APT30 APT31 APT4 APT40 APT5 APT9 Naikon
2022-07-01RiskIQRiskIQ
ToddyCat: A Guided Journey through the Attacker's Infrastructure
ShadowPad ToddyCat
2022-06-27Kaspersky ICS CERTArtem Snegirev, Kirill Kruglov
Attacks on industrial control systems using ShadowPad
Cobalt Strike PlugX ShadowPad
2022-05-17Positive TechnologiesPositive Technologies
Space Pirates: analyzing the tools and connections of a new hacker group
FormerFirstRAT PlugX Poison Ivy Rovnix ShadowPad Zupdax
2022-05-12TEAMT5Leon Chang, Silvia Yeh
The Next Gen PlugX/ShadowPad? A Dive into the Emerging China-Nexus Modular Trojan, Pangolin8RAT (slides)
KEYPLUG Cobalt Strike CROSSWALK FunnySwitch PlugX ShadowPad Winnti SLIME29 TianWu
2022-05-04CybereasonAkihiro Tomita, Assaf Dahan, Chen Erlich, Daniel Frank, Fusao Tanida, Niv Yona, Ofir Ozer
Operation CuckooBees: Deep-Dive into Stealthy Winnti Techniques
PRIVATELOG Spyder STASHLOG Winnti
2022-05-04CybereasonAkihiro Tomita, Assaf Dahan, Chen Erlich, Daniel Frank, Fusao Tanida, Niv Yona, Ofir Ozer
Operation CuckooBees: A Winnti Malware Arsenal Deep-Dive
PRIVATELOG Spyder STASHLOG Winnti
2022-05-02Sentinel LABSAmitai Ben Shushan Ehrlich, Joey Chen
Moshen Dragon’s Triad-and-Error Approach | Abusing Security Software to Sideload PlugX and ShadowPad
PlugX ShadowPad Moshen Dragon
2022-05-01BushidoTokenBushidoToken
Gamer Cheater Hacker Spy
Egregor HelloKitty NetfilterRootkit RagnarLocker Winnti
2022-04-08The RegisterLaura Dobberstein
China accused of cyberattacks on Indian power grid
ShadowPad
2022-04-06Recorded FutureInsikt Group
Continued Targeting of Indian Power Grid Assets by Chinese State-Sponsored Activity Group
ShadowPad
2022-04-06Recorded FutureInsikt Group®
Continued Targeting of Indian Power Grid Assets by Chinese State-Sponsored Activity Group (TAG-38)
ShadowPad
2022-03-31Recorded FutureInsikt Group
China-Linked Group TAG-28 Targets India’s “The Times Group” and UIDAI (Aadhaar) Government Agency With Winnti Malware
Winnti TAG-28
2022-02-23DragosDragos
2021 ICS OT Cybersecurity Year In Review
ShadowPad
2022-02-15The Hacker NewsRavie Lakshmanan
Researchers Link ShadowPad Malware Attacks to Chinese Ministry and PLA
ShadowPad
2022-02-15SecureworksCounter Threat Unit ResearchTeam
ShadowPad Malware Analysis
ShadowPad
2022-01-17Trend MicroCedric Pernet, Daniel Lunghi, Gloria Chen, Jaromír Hořejší, Joseph Chen, Kenney Lu
Delving Deep: An Analysis of Earth Lusca’s Operations
BIOPASS Cobalt Strike FunnySwitch JuicyPotato ShadowPad Winnti Earth Lusca
2021-12-17FBIFBI
AC-000159-MW: APT Actors Exploiting Newly-Identified Zero Day in ManageEngine Desktop Central (CVE-2021-44515)
ShadowPad
2021-12-16TEAMT5Aragorn Tseng, Charles Li, Peter Syu, Tom Lai
Winnti is Coming - Evolution after Prosecution
Cobalt Strike FishMaster FunnySwitch HIGHNOON ShadowPad Spyder
2021-12-08PWC UKAdam Prescott
Chasing Shadows: A deep dive into the latest obfuscation methods being used by ShadowPad
ShadowPad Earth Lusca
2021-11-19insomniacs(Medium)Asuna Amawaka
It’s a BEE! It’s a… no, it’s ShadowPad.
ShadowPad
2021-11-16vmwareTakahiro Haruyama
Monitoring Winnti 4.0 C2 Servers for Two Years
Winnti
2021-11-04Youtube (Virus Bulletin)Joey Chen, Yi-Jhen Hsieh
ShadowPad: the masterpiece of privately sold malware in Chinese espionage
PlugX ShadowPad
2021-10-26KasperskyKaspersky Lab ICS CERT
APT attacks on industrial organizations in H1 2021
8.t Dropper AllaKore AsyncRAT GoldMax LimeRAT NjRAT NoxPlayer Raindrop ReverseRAT ShadowPad Zebrocy
2021-09-28Recorded FutureInsikt Group®
4 Chinese APT Groups Identified Targeting Mail Server of Afghan Telecommunications Firm Roshan
PlugX Winnti
2021-09-21Recorded FutureInsikt Group®
China-Linked Group TAG-28 Targets India’s “The Times Group” and UIDAI (Aadhaar) Government Agency With Winnti Malware
Winnti
2021-09-14McAfeeChristiaan Beek
Operation ‘Harvest’: A Deep Dive into a Long-term Campaign
MimiKatz PlugX Winnti
2021-09-01YouTube (Hack In The Box Security Conference)Joey Chen, Yi-Jhen Hsieh
SHADOWPAD: Chinese Espionage Malware-as-a-Service
PlugX ShadowPad
2021-08-23SentinelOneJoey Chen, Yi-Jhen Hsieh
ShadowPad: the Masterpiece of Privately Sold Malware in Chinese Espionage
PlugX ShadowPad
2021-08-19Sentinel LABSJoey Chen, Yi-Jhen Hsieh
ShadowPad | A Masterpiece of Privately Sold Malware in Chinese Espionage
ShadowPad
2021-08-12Sentinel LABSSentinelLabs
ShadowPad: A Masterpiece of Privately Sold Malware in Chinese Espionage
ShadowPad Earth Lusca
2021-07-08PTSecurityDenis Kuvshinov
How winnti APT grouping works
Korlia ShadowPad Winnti
2021-07-08Recorded FutureInsikt Group®
Chinese State-Sponsored Activity Group TAG-22 Targets Nepal, the Philippines, and Taiwan Using Winnti and Other Tooling
ShadowPad Spyder Winnti
2021-07-08YouTube (PT Product Update)Denis Kuvshinov
How winnti APT grouping works
Korlia ShadowPad Winnti
2021-07-07Trend MicroGloria Chen, Jaromír Hořejší, Joseph C Chen, Kenney Lu
BIOPASS RAT: New Malware Sniffs Victims via Live Streaming
BIOPASS Cobalt Strike Derusbi
2021-06-05PrevailionDanny Adamitis
The Gh0st remain the same
Winnti
2021-04-29NTTThreat Detection NTT Ltd.
The Operations of Winnti group
Cobalt Strike ShadowPad Spyder Winnti Earth Lusca
2021-03-29The RecordCatalin Cimpanu
RedEcho group parks domains after public exposure
PlugX ShadowPad RedEcho
2021-03-10ESET ResearchMathieu Tartare, Matthieu Faou, Thomas Dupuy
Exchange servers under siege from at least 10 APT groups
Microcin MimiKatz PlugX Winnti APT27 APT41 Calypso Tick ToddyCat Tonto Team Vicious Panda
2021-02-28Recorded FutureInsikt Group®
China-Linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions
Icefog PlugX ShadowPad
2021-02-28PWC UKPWC UK
Cyber Threats 2020: A Year in Retrospect
elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare APT10 APT23 APT27 APT31 APT41 BlackTech BRONZE EDGEWOOD Inception Framework MUSTANG PANDA Red Charon Red Nue Sea Turtle Tonto Team
2021-02-28Recorded FutureInsikt Group®
China-linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions
PlugX ShadowPad RedEcho
2021-02-23CrowdStrikeCrowdStrike
2021 Global Threat Report
RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader Evilnum OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER
2021-01-20FireEyeAndrew Davis
Emulation of Kernel Mode Rootkits With Speakeasy
Winnti
2021-01-14PTSecurityPT ESC Threat Intelligence
Higaisa or Winnti? APT41 backdoors, old and new
Cobalt Strike CROSSWALK FunnySwitch PlugX ShadowPad
2020-12-26CYBER GEEKS All Things InfosecCyberMasterV
Analyzing APT19 malware using a step-by-step method
Derusbi
2020-12-24IronNetAdam Hlavek
China cyber attacks: the current threat landscape
PLEAD TSCookie FlowCloud Lookback PLEAD PlugX Quasar RAT Winnti
2020-12-10ESET ResearchMathieu Tartare
Operation StealthyTrident: corporate software under attack
HyperBro PlugX ShadowPad Tmanger
2020-11-23Youtube (OWASP DevSlop)Negar Shabab, Noushin Shabab
Compromised Compilers - A new perspective of supply chain cyber attacks
ShadowPad
2020-11-03Kaspersky LabsGReAT
APT trends report Q3 2020
WellMail EVILNUM Janicab Poet RAT AsyncRAT Ave Maria Cobalt Strike Crimson RAT CROSSWALK Dtrack LODEINFO MoriAgent Okrum PlugX poisonplug Rover ShadowPad SoreFang Winnti
2020-10-30YouTube (Kaspersky Tech)Kris McConkey
Around the world in 80 days 4.2bn packets
Cobalt Strike Derusbi HyperBro Poison Ivy ShadowPad Winnti
2020-10-27Dr.WebDr.Web
Study of the ShadowPad APT backdoor and its relation to PlugX
Ghost RAT PlugX ShadowPad
2020-10-12Malwarebytes LabsHossein Jazi, Jérôme Segura, Malwarebytes Threat Intelligence Team, Roberto Santos
Winnti APT group docks in Sri Lanka for new campaign
DBoxAgent SerialVlogger Winnti
2020-09-22vmwareOmar Elgebaly, Takahiro Haruyama
Detecting Threats in Real-time With Active C2 Information
Agent.BTZ Cobalt Strike Dacls NetWire RC PoshC2 Winnti
2020-09-18SymantecThreat Hunter Team
APT41: Indictments Put Chinese Espionage Group in the Spotlight
CROSSWALK PlugX poisonplug ShadowPad Winnti
2020-09-08PTSecurityPTSecurity
ShadowPad: new activity from the Winnti group
CCleaner Backdoor Korlia ShadowPad TypeHash
2020-08-06WiredAndy Greenberg
Chinese Hackers Have Pillaged Taiwan's Semiconductor Industry
Cobalt Strike MimiKatz Winnti Red Charon
2020-08-04BlackHatChung-Kuan Chen, Inndy Lin, Shang-De Jiang
Operation Chimera - APT Operation Targets Semiconductor Vendors
Cobalt Strike MimiKatz Winnti Red Charon
2020-07-29Kaspersky LabsGReAT
APT trends report Q2 2020
PhantomLance Dacls Penquin Turla elf.wellmess AppleJeus Dacls AcidBox Cobalt Strike Dacls EternalPetya Godlike12 Olympic Destroyer PlugX shadowhammer ShadowPad Sinowal VHD Ransomware Volgmer WellMess X-Agent XTunnel
2020-07-14CrowdStrikeFalcon OverWatch Team
Manufacturing Industry in the Adversaries’ Crosshairs
ShadowPad Snake
2020-06-25Dr.WebDr.Web
BackDoor.ShadowPad.1
ShadowPad
2020-05-07Council on Foreign RelationsCyber Operations Tracker
Axiom
APT17
2020-04-20QuoScientQuoIntelligence
WINNTI GROUP: Insights From the Past
Winnti
2020-04-13Palo Alto Networks Unit 42Bryan Lee, Jen Miller-Osborn, Robert Falcone
APT41 Using New Speculoos Backdoor to Target Organizations Globally
Speculoos APT41
2020-03-25FireEyeChristopher Glyer, Dan Perez, Sarah Jones, Steve Miller
This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits
Speculoos Cobalt Strike
2020-03-04CrowdStrikeCrowdStrike
2020 CrowdStrike Global Threat Report
MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelDridex DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot Vidar Winnti ANTHROPOID SPIDER APT23 APT31 APT39 APT40 BlackTech BuhTrap Charming Kitten CLOCKWORK SPIDER DOPPEL SPIDER FIN7 Gamaredon Group GOBLIN PANDA MONTY SPIDER MUSTANG PANDA NARWHAL SPIDER NOCTURNAL SPIDER PINCHY SPIDER SALTY SPIDER SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER VICEROY TIGER
2020-03-03PWC UKPWC UK
Cyber Threats 2019:A Year in Retrospect
KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare APT41 MUSTANG PANDA Sea Turtle
2020-03-03GIthub (superkhung)superkhung
GitHub Repository: winnti-sniff
Winnti
2020-02-20Carbon BlackTakahiro Haruyama
Threat Analysis: Active C2 Discovery Using Protocol Emulation Part2 (Winnti 4.0)
Winnti
2020-01-31ESET ResearchMathieu Tartare
Winnti Group targeting universities in Hong Kong
ShadowPad Winnti
2020-01-31TagesschauJan Lukas Strozyk
Deutsches Chemieunternehmen gehackt
Winnti
2020-01-29nao_sec blognao_sec
An Overhead View of the Royal Road
BLACKCOFFEE Cotx RAT Datper DDKONG Derusbi Icefog Korlia NewCore RAT PLAINTEE Poison Ivy Sisfader
2020-01-01SecureworksSecureWorks
BRONZE ATLAS
Speculoos Winnti ACEHASH CCleaner Backdoor CHINACHOPPER Empire Downloader HTran MimiKatz PlugX Winnti APT41
2020-01-01SecureworksSecureWorks
BRONZE KEYSTONE
9002 RAT BLACKCOFFEE DeputyDog Derusbi HiKit PlugX Poison Ivy ZXShell APT17
2020-01-01SecureworksSecureWorks
BRONZE FIRESTONE
9002 RAT Derusbi Empire Downloader PlugX Poison Ivy APT19
2020-01-01SecureworksSecureWorks
BRONZE MOHAWK
AIRBREAK scanbox BLACKCOFFEE CHINACHOPPER Cobalt Strike Derusbi homefry murkytop SeDll APT40
2019-12-17Palo Alto Networks Unit 42Jen Miller-Osborn, Mike Harbison
Rancor: Cyber Espionage Group Uses New Custom Malware to Attack Southeast Asia
DDKONG Derusbi KHRAT
2019-11-19FireEyeKelli Vanderlee, Nalani Fraser
Achievement Unlocked: Chinese Cyber Espionage Evolves to Support Higher Level Missions
MESSAGETAP TSCookie ACEHASH CHINACHOPPER Cobalt Strike Derusbi Empire Downloader Ghost RAT HIGHNOON HTran MimiKatz NetWire RC poisonplug Poison Ivy pupy Quasar RAT ZXShell
2019-10-07ESET ResearchMarc-Etienne M.Léveillé, Mathieu Tartare
CONNECTING THE DOTS: Exposing the arsenal and methods of the Winnti Group
LOWKEY shadowhammer ShadowPad
2019-10-01CrowdStrikeKarl Scheuerman, Piotr Wojtyla
Don't miss the forest for the trees gleaning hunting value from too much intrusion data
Winnti
2019-09-30LastlineJason Zhang, Stefano Ortolani
HELO Winnti: Attack or Scan?
Winnti
2019-09-23MITREMITRE ATT&CK
APT41
Derusbi MESSAGETAP Winnti ASPXSpy BLACKCOFFEE CHINACHOPPER Cobalt Strike Derusbi Empire Downloader Ghost RAT MimiKatz NjRAT PlugX ShadowPad Winnti ZXShell APT41
2019-09-04CarbonBlackTakahiro Haruyama
CB TAU Threat Intelligence Notification: Winnti Malware 4.0
Winnti
2019-09-04FireEyeFireEye
APT41: Double Dragon APT41, a dual espionage and cyber crime operation
EASYNIGHT Winnti
2019-08-09FireEyeFireEye
Double Dragon APT41, a dual espionage and cyber crime operation
CLASSFON crackshot CROSSWALK GEARSHIFT HIGHNOON HIGHNOON.BIN JUMPALL poisonplug Winnti
2019-07-24Github (br-data)Hakan Tanriverdi, Jan Strozyk, Maximilian Zierer, Rebecca Ciesielski, Svea Eckert
Winnti analysis
Winnti
2019-07-24Bayerischer RundfunkHakan Tanriverdi, Jan Strozyk, Maximilian Zierer, Rebecca Ciesielski, Svea Eckert
Attacking the Heart of the German Industry
Winnti
2019-07-24Twitter (@bkMSFT)Ben K (bkMSFT)
Tweet on APT17
HIGHNOTE
2019-04-23Kaspersky LabsAMR, GReAT
Operation ShadowHammer: a high-profile supply chain attack
shadowhammer ShadowPad
2019-04-22Trend MicroMohamad Mokbel
C/C++ Runtime Library Code Tampering in Supply Chain
shadowhammer ShadowPad Winnti
2019-01-01Council on Foreign RelationsCyber Operations Tracker
APT 17
APT17
2018-10-01Macnica NetworksMacnica Networks
Trends in cyber espionage (targeted attacks) targeting Japan | First half of 2018
Anel Cobalt Strike Datper FlawedAmmyy Quasar RAT RedLeaves taidoor Winnti xxmm
2018-05-22Github (TKCERT)thyssenkrupp CERT
Nmap Script to scan for Winnti infections
Winnti
2018-03-05Github (TKCERT)TKCERT
Suricata rules to detect Winnti communication
Winnti
2017-08-15Kaspersky LabsGReAT
ShadowPad in corporate networks
ShadowPad
2017-05-31MITREMITRE ATT&CK
Axiom
Derusbi 9002 RAT BLACKCOFFEE Derusbi Ghost RAT HiKit PlugX ZXShell APT17
2017-05-31MITREMITRE ATT&CK
APT17
BLACKCOFFEE APT17
2017-04-19Trend MicroTrendmicro
Of Pigs and Malware: Examining a Possible Member of the Winnti Group
Winnti
2017-03-22Trend MicroCedric Pernet
Winnti Abuses GitHub for C&C Communications
Winnti
2016-03-06Github (TKCERT)thyssenkrupp CERT
Network detector for Winnti malware
Winnti
2016-03-02RSA ConferenceVanja Svajcer
Dissecting Derusbi
Derusbi
2015-12-15Airbus Defence & SpaceFabien Perigaud
Newcomers in the Derusbi family
Derusbi
2015-10-13Kaspersky LabsDmitry Tarakanov
I am HDRoot! Part 2
HDRoot
2015-10-08Virus BulletinEric Leung, Micky Pun, Neo Tan
Catching the silent whisper: Understanding the Derusbi family tree
Derusbi
2015-10-06Kaspersky LabsDmitry Tarakanov
I am HDRoot! Part 1
HDRoot
2015-06-22Kaspersky LabsDmitry Tarakanov
Games are over: Winnti is now targeting pharmaceutical companies
Winnti APT41
2015-04-14Youtube (Kaspersky)Kris McConkey
Following APT OpSec failures
BLACKCOFFEE Mangzamel APT17
2015-04-06NovettaNovetta
WINNTI ANALYSIS
Winnti
2015-02-27ThreatConnectThreatConnect Research Team
The Anthem Hack: All Roads Lead to China
Derusbi
2015-02-06CrowdStrikeCrowdStrike
CrowdStrike Global Threat Intel Report 2014
BlackPOS CryptoLocker Derusbi Elise Enfal EvilGrab Gameover P2P HttpBrowser Medusa Mirage Naikon NetTraveler pirpi PlugX Poison Ivy Sakula RAT Sinowal sykipot taidoor
2015-01-01RuxconMatt McCormack
WHY ATTACKER TOOLSETS DO WHAT THEY DO
Winnti
2014-10-28NovettaNovetta
Derusbi (Server Variant) Analysis
Derusbi
2014-10-14SymantecSymantec Security Response
Security vendors take action against Hidden Lynx malware
Gameover P2P HiKit Shylock APT17
2014-05-01Recorded FutureChris
Hunting Hidden Lynx: How OSINT is Crucial for APT Analysis
APT17
2014-01-01RSARSA Research
RSA Incident Response: Emerging Threat Profile Shell_Crew
Derusbi
2013-09-21FireEyeNart Villeneuve, Ned Moran
Operation DeputyDog: Zero-Day (CVE-2013-3893) Attack Against Japanese Targets
DeputyDog APT17
2013-09-17SymantecBranko Spasojevic, Jonell Baltazar, Jozsef Gegeny, Stephen Doherty
Hidden Lynx – Professional Hackers for Hire
9002 RAT HiKit APT17
2013-09-17SymantecSymantec Security Response
Hidden Lynx – Professional Hackers for Hire
APT17
2013-04-01Kaspersky LabsGReAT
Winnti - More than just a game
portless Winnti
2013-02-08VMWare Carbon BlackPatrick Morley
Bit9 and Our Customers’ Security
APT17

Credits: MISP Project