SYMBOLCOMMON_NAMEaka. SYNONYMS

APT27  (Back to overview)

aka: BRONZE UNION, Budworm, EMISSARY PANDA, Earth Smilodon, G0027, GreedyTaotie, Group 35, Iron Taurus, Iron Tiger, Lucky Mouse, Red Phoenix, TEMP.Hippo, TG-3390, ZipToken

A China-based actor that targets foreign embassies to collect data on government, defence, and technology sectors.


Associated Families
elf.hyperssl win.zxshell win.chinachopper win.ghost_rat win.httpbrowser win.hyperbro win.hyperssl win.polpo win.unidentified_080 win.plugx

References
2024-02-21YouTube (SentinelOne)Kris McConkey
LABSCon23 Replay | Chasing Shadows | The rise of a prolific espionage actor
9002 RAT PlugX ShadowPad Spyder
2024-01-25JSAC 2024Yi-Chin Chuang, Yu-Tung Chang
Unveiling TeleBoyi: Chinese APT Group Targeting Critical Infrastructure Worldwide
PlugX
2024-01-25JSAC 2024Hara Hiroaki, Kawakami Ryonosuke, Shota Nakajima
The Secret Life of RATs: connecting the dots by dissecting multiple backdoors
DracuLoader GroundPeony HemiGate PlugX
2024-01-23CSIRT-CTICSIRT-CTI
Stately Taurus Targets Myanmar Amidst Concerns over Military Junta’s Handling of Rebel Attacks
PlugX TONESHELL Unidentified 094
2024-01-09Recorded FutureInsikt Group
2023 Adversary Infrastructure Report
AsyncRAT Cobalt Strike Emotet PlugX ShadowPad
2023-12-06splunkSplunk Threat Research Team
Unmasking the Enigma: A Historical Dive into the World of PlugX Malware
PlugX
2023-09-08PolySwarm Tech TeamThe Hivemind
Carderbee Targets Hong Kong in Supply Chain Attack
PlugX Carderbee
2023-09-07SekoiaJamila B.
My Tea’s not cold. An overview of China’s cyber threat
Melofee PingPull SoWaT Sword2033 MgBot MQsTTang PlugX TONESHELL Dalbit MirrorFace
2023-08-22SymantecThreat Hunter Team
Carderbee: APT Group use Legit Software in Supply Chain Attack Targeting Orgs in Hong Kong
PlugX Carderbee
2023-08-07Recorded FutureInsikt Group
RedHotel: A Prolific, Chinese State-Sponsored Group Operating at a Global Scale
Winnti Brute Ratel C4 Cobalt Strike FunnySwitch PlugX ShadowPad Spyder Earth Lusca
2023-07-18MandiantMandiant Intelligence
Stealth Mode: Chinese Cyber Espionage Actors Continue to Evolve Tactics to Avoid Detection
BPFDoor SALTWATER SEASPY SideWalk ZuoRAT Daxin HyperBro HyperSSL Waterbear
2023-07-11MandiantNg Choon Kiat, Rommel Joven
The Spies Who Loved You: Infected USB Drives to Steal Secrets
PlugX
2023-07-03Check Point ResearchCheckpoint Research
Chinese Threat Actors Targeting Europe in SmugX Campaign
PlugX SmugX
2023-06-16Palo Alto Networks: Cortex Threat ResearchLior Rochberger
Through the Cortex XDR Lens: Uncovering a New Activity Group Targeting Governments in the Middle East and Africa
CHINACHOPPER Ladon Yasso CL-STA-0043
2023-05-15SymantecThreat Hunter Team
Lancefly: Group Uses Custom Backdoor to Target Orgs in Government, Aviation, Other Sectors
Merdoor PlugX ShadowPad ZXShell Lancefly
2023-05-03Lab52Lab52
New Mustang Panda’s campaing against Australia
PlugX
2023-04-24CofenseAustin Jones
Open-Source Gh0st RAT Still Haunting Inboxes 15 Years After Release
Ghost RAT
2023-04-18MandiantMandiant
M-Trends 2023
QUIETEXIT AppleJeus Black Basta BlackCat CaddyWiper Cobalt Strike Dharma HermeticWiper Hive INDUSTROYER2 Ladon LockBit Meterpreter PartyTicket PlugX QakBot REvil Royal Ransom SystemBC WhisperGate
2023-04-13Intel 471Jorge Rodriguez, Souhail Hammou
From GhostNet to PseudoManuscrypt - The evolution of Gh0st RAT
BBSRAT Gh0stTimes Ghost RAT PseudoManuscrypt
2023-03-30Recorded FutureInsikt Group
With KEYPLUG, China’s RedGolf Spies On, Steals From Wide Field of Targets
KEYPLUG Cobalt Strike PlugX RedGolf
2023-03-09ASECSanseo
PlugX Malware Being Distributed via Vulnerability Exploitation
PlugX
2023-03-09SophosGabor Szappanos
A border-hopping PlugX USB worm takes its act on the road
PlugX
2023-03-01Trend MicroDaniel Lunghi
Iron Tiger’s SysUpdate Reappears, Adds Linux Targeting
HyperSSL HyperSSL
2023-02-24Trend MicroBuddy Tancio, Catherine Loveria, Jed Valderama
Investigating the PlugX Trojan Disguised as a Legitimate Windows Debugger Tool
PlugX
2023-02-13AhnLabkingkimgim
Dalbit (m00nlight): Chinese Hacker Group’s APT Attack Campaign
Godzilla Webshell ASPXSpy BlueShell CHINACHOPPER Cobalt Strike Ladon MimiKatz Dalbit
2023-02-02EclecticIQEclecticIQ Threat Research Team
Mustang Panda APT Group Uses European Commission-Themed Lure to Deliver PlugX Malware
PlugX
2023-01-26TEAMT5Still Hsu
Brief History of MustangPanda and its PlugX Evolution
PlugX
2023-01-26Palo Alto Networks Unit 42Jen Miller-Osborn, Mike Harbison
Chinese PlugX Malware Hidden in Your USB Devices?
PlugX
2023-01-09kienmanowar Blogm4n0w4r, Tran Trung Kien
[QuickNote] Another nice PlugX sample
PlugX
2022-12-27kienmanowar Blogm4n0w4r, Tran Trung Kien
Diving into a PlugX sample of Mustang Panda group
PlugX
2022-12-22Recorded FutureInsikt Group
RedDelta Targets European Government Organizations and Continues to Iterate Custom PlugX Variant
PlugX RedDelta
2022-12-06BlackberryBlackBerry Research & Intelligence Team
Mustang Panda Uses the Russian-Ukrainian War to Attack Europe and Asia Pacific Targets
PlugX
2022-12-02Avast DecodedThreat Intelligence Team
Hitching a ride with Mustang Panda
PlugX
2022-11-30FFRI SecurityMatsumoto
Evolution of the PlugX loader
PlugX Poison Ivy
2022-11-22Twitter (@ESETresearch)ESET Research
Tweets on SysUpdate / Soldier / HyperSSL
HyperSSL
2022-10-18IntrinsecCERT Intrinsec, Intrinsec
APT27 – One Year To Exfiltrate Them All: Intrusion In-Depth Analysis
HyperBro MimiKatz
2022-10-06BlackberryThe BlackBerry Research & Intelligence Team
Mustang Panda Abuses Legitimate Apps to Target Myanmar Based Victims
PlugX
2022-09-29SymantecThreat Hunter Team
Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East
CHINACHOPPER Lookback MimiKatz PlugX Unidentified 096 (Keylogger) x4 Witchetty
2022-09-26Palo Alto Networks Unit 42Daniela Shalev, Itay Gamliel
Hunting for Unsigned DLLs to Find APTs
PlugX Raspberry Robin Roshtyak
2022-09-15SymantecThreat Hunter Team
Webworm: Espionage Attackers Testing and Using Older Modified RATs
9002 RAT Ghost RAT Trochilus RAT
2022-09-14Security JoesFelipe Duarte
Dissecting PlugX to Extract Its Crown Jewels
PlugX
2022-09-13SymantecThreat Hunter Team
New Wave of Espionage Activity Targets Asian Governments
MimiKatz PlugX Quasar RAT ShadowPad Trochilus RAT
2022-09-09Github (m4now4r)m4n0w4r
“Mustang Panda” – Enemy at the gate
PlugX
2022-09-08SecureworksCounter Threat Unit ResearchTeam
BRONZE PRESIDENT Targets Government Officials
PlugX
2022-09-08CybereasonAleksandar Milenkoski, Kotaro Ogino, Yuki Shibuya
Threat Analysis Report: PlugX RAT Loader Evolution
PlugX
2022-08-12SekoiaThreat & Detection Research Team
LuckyMouse uses a backdoored Electron app to target MacOS
HyperBro
2022-08-12Trend MicroDaniel Lunghi, Jaromír Hořejší
Iron Tiger Compromises Chat Application Mimi, Targets Windows, Mac, and Linux Users (IOCs)
HyperBro
2022-08-12Trend MicroDaniel Lunghi, Jaromír Hořejší
Iron Tiger Compromises Chat Application Mimi, Targets Windows, Mac, and Linux Users
Rshell HyperBro Earth Berberoka
2022-08-04MandiantMandiant
Advanced Persistent Threats (APTs)
APT1 APT10 APT12 APT14 APT15 APT16 APT17 APT18 APT19 APT2 APT20 APT21 APT22 APT23 APT24 APT27 APT3 APT30 APT31 APT4 APT40 APT5 APT9 Naikon
2022-07-26MicrosoftMicrosoft 365 Defender Research Team
Malicious IIS extensions quietly open persistent backdoors into servers
CHINACHOPPER MimiKatz
2022-07-18YouTube (Security Joes)Felipe Duarte
PlugX DLL Side-Loading Technique
PlugX
2022-07-18Palo Alto Networks Unit 42Unit 42
Shallow Taurus
FormerFirstRAT IsSpace NewCT PlugX Poison Ivy Tidepool DragonOK
2022-07-18Palo Alto Networks Unit 42Unit 42
Iron Taurus
CHINACHOPPER Ghost RAT Wonknu ZXShell APT27
2022-06-27Kaspersky ICS CERTArtem Snegirev, Kirill Kruglov
Attacks on industrial control systems using ShadowPad
Cobalt Strike PlugX ShadowPad
2022-06-23SecureworksCounter Threat Unit ResearchTeam
BRONZE STARLIGHT Ransomware Operations Use HUI Loader
ATOMSILO Cobalt Strike HUI Loader LockFile NightSky Pandora PlugX Quasar RAT Rook SodaMaster BRONZE STARLIGHT
2022-06-15Security JoesCharles Lomboni, Felipe Duarte, Venkat Rajgor
Backdoor via XFF: Mysterious Threat Actor Under Radar
CHINACHOPPER
2022-05-23Trend MicroDaniel Lunghi, Jaromír Hořejší
Operation Earth Berberoka
reptile oRAT Ghost RAT PlugX pupy Earth Berberoka
2022-05-20VinCSSDang Dinh Phuong, m4n0w4r, Tran Trung Kien
[RE027] China-based APT Mustang Panda might have still continued their attack activities against organizations in Vietnam
PlugX
2022-05-17Positive TechnologiesPositive Technologies
Space Pirates: analyzing the tools and connections of a new hacker group
FormerFirstRAT PlugX Poison Ivy Rovnix ShadowPad Zupdax
2022-05-16JPCERT/CCShusei Tomonaga
Analysis of HUI Loader
HUI Loader PlugX Poison Ivy Quasar RAT
2022-05-12TEAMT5Leon Chang, Silvia Yeh
The Next Gen PlugX/ShadowPad? A Dive into the Emerging China-Nexus Modular Trojan, Pangolin8RAT (slides)
KEYPLUG Cobalt Strike CROSSWALK FunnySwitch PlugX ShadowPad Winnti SLIME29 TianWu
2022-05-11TEAMT5Charles Li, Che Chang
To loot or Not to Loot? That Is Not a Question - When State-Nexus APT Targets Online Entertainment Industry
APT27 BRONZE STARLIGHT SLIME29 TianWu
2022-05-09Qianxin Threat Intelligence CenterRed Raindrops Team
Operation EviLoong: An electronic party of "borderless" hackers
ZXShell
2022-05-05Cisco TalosAliza Berk, Asheer Malhotra, Jung soo An, Justin Thattil, Kendall McKay
Mustang Panda deploys a new wave of malware targeting Europe
Cobalt Strike Meterpreter PlugX Unidentified 094
2022-05-02Sentinel LABSAmitai Ben Shushan Ehrlich, Joey Chen
Moshen Dragon’s Triad-and-Error Approach | Abusing Security Software to Sideload PlugX and ShadowPad
PlugX ShadowPad Moshen Dragon
2022-04-28PWCPWC UK
Cyber Threats 2021: A Year in Retrospect (Annex)
Cobalt Strike Conti PlugX RokRAT Inception Framework Red Menshen
2022-04-28DARKReadingJai Vijayan
Chinese APT Bronze President Mounts Spy Campaign on Russian Military
PlugX MUSTANG PANDA
2022-04-27TrendmicroTrendmicro
IOCs for Earth Berberoka - Windows
AsyncRAT Cobalt Strike PlugX Quasar RAT Earth Berberoka
2022-04-27SecureworksCounter Threat Unit ResearchTeam
BRONZE PRESIDENT Targets Russian Speakers with Updated PlugX
PlugX
2022-04-27Trend MicroDaniel Lunghi, Jaromír Hořejší
New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware
HelloBot AsyncRAT Ghost RAT HelloBot PlugX Quasar RAT Earth Berberoka
2022-04-27TrendmicroDaniel Lunghi, Jaromír Hořejší
Operation Gambling Puppet
reptile oRAT AsyncRAT Cobalt Strike DCRat Ghost RAT PlugX Quasar RAT Trochilus RAT Earth Berberoka
2022-04-15Center for Internet SecurityCIS
Top 10 Malware March 2022
Mirai Shlayer Agent Tesla Ghost RAT Nanocore RAT SectopRAT solarmarker Zeus
2022-04-14NSHC RedAlert LabsNSHC Threatrecon Team
Hacking activity of SectorB Group in 2021 Chinese government supported hacking group SectorB
PlugX
2022-04-12Max Kersten's BlogMax Kersten
Ghidra script to handle stack strings
CaddyWiper PlugX
2022-04-01The Hacker NewsRavie Lakshmanan
Chinese Hackers Target VMware Horizon Servers with Log4Shell to Deploy Rootkit
Fire Chili Ghost RAT
2022-03-30FortinetEliran Voronovitch, Rotem Sde-Or
New Milestones for Deep Panda: Log4Shell and Digitally Signed Fire Chili Rootkits
Fire Chili Ghost RAT
2022-03-28TrellixMarc Elias, Max Kersten
PlugX: A Talisman to Behold
PlugX
2022-03-25ESET ResearchAlexandre Côté Cyr
Mustang Panda's Hodur: Old stuff, new variant of Korplug
PlugX
2022-03-24Threat PostNate Nelson
Chinese APT Combines Fresh Hodur RAT with Complex Anti-Detection
PlugX
2022-03-23BleepingComputerBill Toulas
New Mustang Panda hacking campaign targets diplomats, ISPs
PlugX
2022-03-23ESET ResearchAlexandre Côté Cyr
Mustang Panda’s Hodur: Old tricks, new Korplug variant
PlugX
2022-03-16AhnLabASEC Analysis Team
Gh0stCringe RAT Being Distributed to Vulnerable Database Servers
Ghost RAT Kingminer
2022-03-07ProofpointMichael Raggi, Myrtus 0x0
The Good, the Bad, and the Web Bug: TA416 Increases Operational Tempo Against European Governments as Conflict in Ukraine Escalates
PlugX MUSTANG PANDA
2022-02-17SinaCyberAdam Kozy
Testimony before the U.S.-China Economic and Security Review Commission Hearing on “China’s Cyber Capabilities: Warfare, Espionage, and Implications for the United States”
PlugX APT26 APT41
2022-02-11Cisco TalosTalos
Threat Roundup for February 4 to February 11
DarkComet Ghost RAT Loki Password Stealer (PWS) Tinba Tofsee Zeus
2022-02-07CywareCyware
APT27 Group Targets German Organizations with HyperBro
HyperBro
2022-01-27JSAC 2021Hajime Yanagishita, Kiyotaka Tamada, Suguru Ishimaru, You Nakatsuru
What We Can Do against the Chaotic A41APT Campaign
CHINACHOPPER Cobalt Strike HUI Loader SodaMaster
2022-01-26BleepingComputerSergiu Gatlan
German govt warns of APT27 hackers backdooring business networks
HyperBro
2022-01-26Bundesamt für VerfassungsschutzBundesamt für Verfassungsschutz
Current cyber attack campaign against German business enterprises by APT27
HyperBro
2022-01-06Cyber And Ramen blogMike R
A “GULP” of PlugX
PlugX
2021-12-14Trend MicroNick Dai, Ted Lee, Vickie Su
Collecting In the Dark: Tropic Trooper Targets Transportation and Government
ChiserClient Ghost RAT Lilith Quasar RAT xPack APT23
2021-12-01ESET ResearchAlexis Dorais-Joncas, Facundo Muñoz
Jumping the air gap: 15 years of nation‑state effort
Agent.BTZ Fanny Flame Gauss PlugX Ramsay Retro Stuxnet USBCulprit USBferry
2021-11-18CiscoJosh Pyorre
BlackMatter, LockBit, and THOR
BlackMatter LockBit PlugX
2021-11-04Youtube (Virus Bulletin)Joey Chen, Yi-Jhen Hsieh
ShadowPad: the masterpiece of privately sold malware in Chinese espionage
PlugX ShadowPad
2021-11-03Cisco TalosCaitlin Huey, Chetan Raghuprasad, Vanja Svajcer
Microsoft Exchange vulnerabilities exploited once again for ransomware, this time with Babuk
Babuk CHINACHOPPER
2021-10-18NortonLifeLockNorton Labs
Operation Exorcist - 7 Years of Targeted Attacks against the Roman Catholic Church
NewBounce PlugX Zupdax
2021-10-05BlackberryThe BlackBerry Research & Intelligence Team
Drawing a Dragon: Connecting the Dots to Find APT41
Cobalt Strike Ghost RAT
2021-10-04JPCERT/CCShusei Tomonaga
Malware Gh0stTimes Used by BlackTech
Gh0stTimes Ghost RAT
2021-09-28Recorded FutureInsikt Group®
4 Chinese APT Groups Identified Targeting Mail Server of Afghan Telecommunications Firm Roshan
PlugX Winnti
2021-09-14McAfeeChristiaan Beek
Operation ‘Harvest’: A Deep Dive into a Long-term Campaign
MimiKatz PlugX Winnti
2021-09-10The RecordCatalin Cimpanu
Indonesian intelligence agency compromised in suspected Chinese hack
PlugX
2021-09-03FireEyeAdrian Sanchez Hernandez, Alex Pennino, Andrew Rector, Brendan McKeague, Govand Sinjari, Harris Ansari, John Wolfram, Joshua Goddard, Yash Gupta
PST, Want a Shell? ProxyShell Exploiting Microsoft Exchange Servers
CHINACHOPPER HTran
2021-09-01YouTube (Black Hat)Aragorn Tseng, Charles Li
Mem2Img: Memory-Resident Malware Detection via Convolution Neural Network
Cobalt Strike PlugX Waterbear
2021-09-01YouTube (Hack In The Box Security Conference)Joey Chen, Yi-Jhen Hsieh
SHADOWPAD: Chinese Espionage Malware-as-a-Service
PlugX ShadowPad
2021-08-23SentinelOneJoey Chen, Yi-Jhen Hsieh
ShadowPad: the Masterpiece of Privately Sold Malware in Chinese Espionage
PlugX ShadowPad
2021-08-10FireEyeIsrael Research Team, U.S. Threat Intel Team
UNC215: Spotlight on a Chinese Espionage Campaign in Israel
HyperBro HyperSSL MimiKatz
2021-08-03CybereasonAssaf Dahan, Daniel Frank, Lior Rochberger, Tom Fakterman
DeadRinger: Exposing Chinese Threat Actors Targeting Major Telcos
CHINACHOPPER Cobalt Strike MimiKatz Nebulae
2021-07-27Palo Alto Networks Unit 42Alex Hinchliffe, Mike Harbison
THOR: Previously Unseen PlugX Variant Deployed During Microsoft Exchange Server Attacks by PKPLUG Group
PlugX
2021-07-21BitdefenderBogdan Botezatu, Victor Vrabie
LuminousMoth – PlugX, File Exfiltration and Persistence Revisited
PlugX
2021-07-20SecureworksCounter Threat Unit ResearchTeam
Ongoing Campaign Leveraging Exchange Vulnerability Potentially Linked to Iran
CHINACHOPPER MimiKatz RGDoor
2021-06-16Recorded FutureInsikt Group®
Threat Activity Group RedFoxtrot Linked to China’s PLA Unit 69010; Targets Bordering Asian Countries
Icefog PcShare PlugX Poison Ivy QuickHeal DAGGER PANDA
2021-06-10ESET ResearchAdam Burgher
BackdoorDiplomacy: Upgrading from Quarian to Turian
CHINACHOPPER DoublePulsar EternalRocks turian BackdoorDiplomacy
2021-06-02Trend MicroDaniel Lunghi
Taking Advantage of PE Metadata,or How To Complete your Favorite ThreatActor’s Sample Collection (Paper)
HyperSSL
2021-06-02Twitter (@xorhex)Xorhex
Tweet on new variant of PlugX from RedDelta Group
PlugX
2021-06-02Trend MicroDaniel Lunghi
Taking Advantage of PE Metadata, or How To Complete Your Favorite Threat Actor’s Sample Collection
HyperSSL
2021-06-02xorhex blogTwitter (@xorhex)
RedDelta PlugX Undergoing Changes and Overlapping Again with Mustang Panda PlugX Infrastructure
PlugX
2021-05-27xorhex blogTwitter (@xorhex)
Mustang Panda PlugX - Reused Mutex and Folder Found in the Extracted Config
PlugX
2021-05-17xorhex blogTwitter (@xorhex)
Mustang Panda PlugX - 45.251.240.55 Pivot
PlugX
2021-05-07Cisco TalosAndrew Windsor, Caitlin Huey, Edmund Brumaghin
Lemon Duck spreads its wings: Actors target Microsoft Exchange servers, incorporate new TTPs
CHINACHOPPER Cobalt Strike Lemon Duck
2021-05-07TEAMT5Aragorn Tseng, Charles Li
Mem2Img: Memory-Resident Malware Detection via Convolution Neural Network
Cobalt Strike PlugX Waterbear
2021-05-07SophosLabs UncutRajesh Nataraj
New Lemon Duck variants exploiting Microsoft Exchange Server
CHINACHOPPER Cobalt Strike Lemon Duck
2021-05-06Trend MicroArianne Dela Cruz, Cris Tomboc, Jayson Chong, Nikki Madayag, Sean Torre
Proxylogon: A Coinminer, a Ransomware, and a Botnet Join the Party
BlackKingdom Ransomware CHINACHOPPER Lemon Duck Prometei
2021-05-05SymantecThreat Hunter Team
Multi-Factor Authentication: Headache for Cyber Actors Inspires New Attack Techniques
CHINACHOPPER
2021-05-05ZscalerAniruddha Dolas, Manohar Ghule, Mohd Sadique
Catching RATs Over Custom Protocols Analysis of top non-HTTP/S threats
Agent Tesla AsyncRAT Crimson RAT CyberGate Ghost RAT Nanocore RAT NetWire RC NjRAT Quasar RAT Remcos
2021-04-29ESET ResearchAndy Garth, Daniel Chromek, Matthieu Faou, Robert Lipovsky, Tony Anscombe
ESET Industry Report on Government: Targeted but not alone
Exaramel Crutch Exaramel HyperBro HyperSSL InvisiMole XDSpy
2021-04-28Trend MicroJaromír Hořejší, Joseph C Chen
Water Pamola Attacked Online Shops Via Malicious Orders
Ghost RAT
2021-04-27Trend MicroJanus Agcaoili
Hello Ransomware Uses Updated China Chopper Web Shell, SharePoint Vulnerability
CHINACHOPPER Cobalt Strike
2021-04-16Trend MicroNitesh Surana
Could the Microsoft Exchange breach be stopped?
CHINACHOPPER
2021-04-15Palo Alto Networks Unit 42Robert Falcone
Actor Exploits Microsoft Exchange Server Vulnerabilities, Cortex XDR Blocks Harvesting of Credentials
CHINACHOPPER
2021-04-09Trend MicroDaniel Lunghi, Kenney Lu
Iron Tiger APT Updates Toolkit With Evolved SysUpdate Malware
HyperBro HyperSSL APT27
2021-04-02Dr.WebDr.Web
Study of targeted attacks on Russian research institutes
Cotx RAT Ghost RAT TA428
2021-03-29The RecordCatalin Cimpanu
RedEcho group parks domains after public exposure
PlugX ShadowPad RedEcho
2021-03-26ImpervaDaniel Johnston
Imperva Observes Hive of Activity Following Hafnium Microsoft Exchange Disclosures
CHINACHOPPER
2021-03-25MicrosoftTom McElroy
Web Shell Threat Hunting with Azure Sentinel
CHINACHOPPER
2021-03-25Recorded FutureInsikt Group®
Suspected Chinese Group Calypso APT Exploiting Vulnerable Microsoft Exchange Servers
Meterpreter PlugX
2021-03-25MicrosoftMicrosoft 365 Defender Threat Intelligence Team
Analyzing attacks taking advantage of the Exchange Server vulnerabilities
CHINACHOPPER
2021-03-21Twitter (@CyberRaiju)Jai Minton
Twitter Thread with analysis of .NET China Chopper
CHINACHOPPER
2021-03-19Bundesamt für Sicherheit in der InformationstechnikCERT-Bund
Microsoft Exchange Schwachstellen Detektion und Reaktion (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065)
CHINACHOPPER MimiKatz
2021-03-17Recorded FutureInsikt Group®
China-linked TA428 Continues to Target Russia and Mongolia IT Companies
PlugX Poison Ivy TA428
2021-03-15TrustwaveJoshua Deacon
HAFNIUM, China Chopper and ASP.NET Runtime
CHINACHOPPER
2021-03-11Cyborg SecurityJosh Campbell
You Don't Know the HAFNIUM of it...
CHINACHOPPER Cobalt Strike PowerCat
2021-03-11Palo Alto Networks Unit 42Unit 42
Microsoft Exchange Server Attack Timeline
CHINACHOPPER
2021-03-11DEVOFran Gomez
Detection and Investigation Using Devo: HAFNIUM 0-day Exploits on Microsoft Exchange Service
CHINACHOPPER MimiKatz
2021-03-10Lemon's InfoSec RamblingsJosh Lemon
Microsoft Exchange & the HAFNIUM Threat Actor
CHINACHOPPER
2021-03-10PICUS SecuritySüleyman Özarslan
Tactics, Techniques, and Procedures (TTPs) Used by HAFNIUM to Target Microsoft Exchange Servers
CHINACHOPPER
2021-03-10ESET ResearchMathieu Tartare, Matthieu Faou, Thomas Dupuy
Exchange servers under siege from at least 10 APT groups
Microcin MimiKatz PlugX Winnti APT27 APT41 Calypso Tick ToddyCat Tonto Team Vicious Panda
2021-03-10DomainToolsJoe Slowik
Examining Exchange Exploitation and its Lessons for Defenders
CHINACHOPPER
2021-03-09Palo Alto Networks Unit 42Unit 42
Remediation Steps for the Microsoft Exchange Server Vulnerabilities
CHINACHOPPER
2021-03-09Red CanaryBrian Donohue, Katie Nickels, Tony Lambert
Microsoft Exchange server exploitation: how to detect, mitigate, and stay calm
CHINACHOPPER
2021-03-09PRAETORIANAnthony Weems, Dallas Kaman, Michael Weber
Reproducing the Microsoft Exchange Proxylogon Exploit Chain
CHINACHOPPER
2021-03-09YouTube (John Hammond)John Hammond
HAFNIUM - Post-Exploitation Analysis from Microsoft Exchange
CHINACHOPPER
2021-03-08SymantecThreat Hunter Team
How Symantec Stops Microsoft Exchange Server Attacks
CHINACHOPPER MimiKatz
2021-03-08Palo Alto Networks Unit 42Jeff White
Analyzing Attacks Against Microsoft Exchange Server With China Chopper Webshells
CHINACHOPPER
2021-03-07TRUESECRasmus Grönlund
Tracking Microsoft Exchange Zero-Day ProxyLogon and HAFNIUM
CHINACHOPPER
2021-03-05WiredAndy Greenberg
Chinese Hacking Spree Hit an ‘Astronomical’ Number of Victims
CHINACHOPPER
2021-03-05Huntress LabsHuntress Labs
Operation Exchange Marauder
CHINACHOPPER
2021-03-04Huntress LabsHuntress Labs
Operation Exchange Marauder
CHINACHOPPER
2021-03-04FireEyeAndrew Thompson, Chris DiGiamo, Matt Bromiley, Robert Wallace
Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities
CHINACHOPPER HAFNIUM
2021-03-04CrowdStrikeThe Falcon Complete Team
Falcon Complete Stops Microsoft Exchange Server Zero-Day Exploits
CHINACHOPPER HAFNIUM
2021-03-03Huntress LabsJohn Hammond
Rapid Response: Mass Exploitation of On-Prem Exchange Servers
CHINACHOPPER HAFNIUM
2021-03-03Huntress LabsHuntress Labs
Mass exploitation of on-prem Exchange servers :(
CHINACHOPPER HAFNIUM
2021-03-03MITREMITRE ATT&CK
HAFNIUM
CHINACHOPPER HAFNIUM
2021-03-02Twitter (@ESETresearch)ESET Research
Tweet on Exchange RCE
CHINACHOPPER HAFNIUM
2021-03-02VolexityJosh Grunzweig, Matthew Meltzer, Sean Koessel, Steven Adair, Thomas Lancaster
Operation Exchange Marauder: Active Exploitation of Multiple Zero-Day Microsoft Exchange Vulnerabilities
CHINACHOPPER HAFNIUM
2021-03-02Rapid7 LabsAndrew Christian
Rapid7’s InsightIDR Enables Detection And Response to Microsoft Exchange Zero-Day
CHINACHOPPER HAFNIUM
2021-03-02MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft 365 Security, Microsoft Threat Intelligence Center (MSTIC)
HAFNIUM targeting Exchange Servers with 0-day exploits
CHINACHOPPER HAFNIUM
2021-02-28Recorded FutureInsikt Group®
China-Linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions
Icefog PlugX ShadowPad
2021-02-28PWC UKPWC UK
Cyber Threats 2020: A Year in Retrospect
elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare APT10 APT23 APT27 APT31 APT41 BlackTech BRONZE EDGEWOOD Inception Framework MUSTANG PANDA Red Charon Red Nue Sea Turtle Tonto Team
2021-02-28Recorded FutureInsikt Group®
China-linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions
PlugX ShadowPad RedEcho
2021-02-23CrowdStrikeCrowdStrike
2021 Global Threat Report
RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader Evilnum OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER
2021-02-22tccontre Blogtcontre
Gh0stRat Anti-Debugging: Nested SEH (try - catch) to Decrypt and Load its Payload
Ghost RAT
2021-02-01ESET ResearchIgnacio Sanmillan, Matthieu Faou
Operation NightScout: Supply‑chain attack targets online gaming in Asia
Ghost RAT NoxPlayer Poison Ivy Red Dev 17
2021-01-29Trend MicroTrend Micro
Chopper ASPX web shell used in targeted attack
CHINACHOPPER MimiKatz
2021-01-20Trend MicroAbraham Camba, Gilbert Sison, Ryan Maglaque
XDR investigation uncovers PlugX, unique technique in APT attack
PlugX
2021-01-15SwisscomMarkus Neis
Cracking a Soft Cell is Harder Than You Think
Ghost RAT MimiKatz PlugX Poison Ivy Trochilus RAT
2021-01-14PTSecurityPT ESC Threat Intelligence
Higaisa or Winnti? APT41 backdoors, old and new
Cobalt Strike CROSSWALK FunnySwitch PlugX ShadowPad
2021-01-09Marco Ramilli's BlogMarco Ramilli
Command and Control Traffic Patterns
ostap LaZagne Agent Tesla Azorult Buer Cobalt Strike DanaBot DarkComet Dridex Emotet Formbook IcedID ISFB NetWire RC PlugX Quasar RAT SmokeLoader TrickBot
2021-01-04Bleeping ComputerIonut Ilascu
China's APT hackers move to ransomware attacks
Clambling PlugX
2021-01-01DomainToolsJoe Slowik
Conceptualizing a Continuum of Cyber Threat Attribution
CHINACHOPPER SUNBURST
2020-12-24IronNetAdam Hlavek
China cyber attacks: the current threat landscape
PLEAD TSCookie FlowCloud Lookback PLEAD PlugX Quasar RAT Winnti
2020-12-18SeqritePavankumar Chaudhari
RAT used by Chinese cyberspies infiltrating Indian businesses
Ghost RAT
2020-12-10ESET ResearchMathieu Tartare
Operation StealthyTrident: corporate software under attack
HyperBro PlugX Tmanger TA428
2020-12-10ESET ResearchMathieu Tartare
Operation StealthyTrident: corporate software under attack
HyperBro PlugX ShadowPad Tmanger
2020-12-10Intel 471Intel 471
No pandas, just people: The current state of China’s cybercrime underground
Anubis SpyNote AsyncRAT Cobalt Strike Ghost RAT NjRAT
2020-12-10US-CERTFBI, MS-ISAC, US-CERT
Alert (AA20-345A): Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data
PerlBot Shlayer Agent Tesla Cerber Dridex Ghost RAT Kovter Maze MedusaLocker Nanocore RAT Nefilim REvil Ryuk Zeus
2020-12-09Avast DecodedIgor Morgenstern, Luigino Camastra
APT Group Targeting Governmental Agencies in East Asia
Albaniiutas HyperBro PlugX PolPo Tmanger
2020-12-09Avast DecodedIgor Morgenstern, Luigino Camastra
APT Group Targeting Governmental Agencies in East Asia
Albaniiutas HyperBro PlugX Tmanger TA428
2020-11-27PTSecurityAlexey Vishnyakov, Denis Goydenko
Investigation with a twist: an accidental APT attack and averted data destruction
TwoFace CHINACHOPPER HyperBro MegaCortex MimiKatz
2020-11-23ProofpointProofpoint Threat Research Team
TA416 Goes to Ground and Returns with a Golang PlugX Malware Loader
PlugX MUSTANG PANDA
2020-11-20Trend MicroAbraham Camba, Bren Matthew Ebriega, Gilbert Sison
Weaponizing Open Source Software for Targeted Attacks
LaZagne Defray PlugX
2020-11-04SophosGabor Szappanos
A new APT uses DLL side-loads to “KilllSomeOne”
KilllSomeOne PlugX
2020-11-03Kaspersky LabsGReAT
APT trends report Q3 2020
WellMail EVILNUM Janicab Poet RAT AsyncRAT Ave Maria Cobalt Strike Crimson RAT CROSSWALK Dtrack LODEINFO MoriAgent Okrum PlugX poisonplug Rover ShadowPad SoreFang Winnti
2020-10-27Dr.WebDr.Web
Study of the ShadowPad APT backdoor and its relation to PlugX
Ghost RAT PlugX ShadowPad
2020-10-01US-CERTUS-CERT
Alert (AA20-275A): Potential for China Cyber Response to Heightened U.S.-China Tensions
CHINACHOPPER Cobalt Strike Empire Downloader MimiKatz Poison Ivy
2020-09-30Team CymruJacomo Piccolini, James Shank
Pandamic: Emissary Pandas in the Middle East
HyperBro HyperSSL
2020-09-18SymantecThreat Hunter Team
APT41: Indictments Put Chinese Espionage Group in the Spotlight
CROSSWALK PlugX poisonplug ShadowPad Winnti
2020-09-15US-CERTUS-CERT
Alert (AA20-259A): Iran-Based Threat Actor Exploits VPN Vulnerabilities
CHINACHOPPER Fox Kitten
2020-09-15Recorded FutureInsikt Group®
Back Despite Disruption: RedDelta Resumes Operations
PlugX
2020-09-15US-CERTUS-CERT
Malware Analysis Report (AR20-259A): Iranian Web Shells
CHINACHOPPER
2020-09-11ThreatConnectThreatConnect Research Team
Research Roundup: Activity on Previously Identified APT33 Domains
Emotet PlugX APT33
2020-07-29Recorded FutureInsikt Group
Chinese State-sponsored Group RedDelta Targets the Vatican and Catholic Organizations
PlugX
2020-07-29ESET Researchwelivesecurity
THREAT REPORT Q2 2020
DEFENSOR ID HiddenAd Bundlore Pirrit Agent.BTZ Cerber ClipBanker CROSSWALK Cryptowall CTB Locker DanaBot Dharma Formbook Gandcrab Grandoreiro Houdini ISFB LockBit Locky Mailto Maze Microcin Nemty NjRAT Phobos PlugX Pony REvil Socelars STOP Tinba TrickBot WannaCryptor
2020-07-29Kaspersky LabsGReAT
APT trends report Q2 2020
PhantomLance Dacls Penquin Turla elf.wellmess AppleJeus Dacls AcidBox Cobalt Strike Dacls EternalPetya Godlike12 Olympic Destroyer PlugX shadowhammer ShadowPad Sinowal VHD Ransomware Volgmer WellMess X-Agent XTunnel
2020-07-28NTTNTT Security
CraftyPanda 標的型攻撃解析レポート
Ghost RAT PlugX
2020-07-21Department of JusticeDepartment of Justice
Two Chinese Hackers Working with the Ministry of State Security Charged with Global Computer Intrusion Campaign Targeting Intellectual Property and Confidential Business Information, Including COVID-19 Research
CHINACHOPPER BRONZE SPRING
2020-07-20Dr.WebDr.Web
Study of the APT attacks on state institutions in Kazakhstan and Kyrgyzstan
Microcin Mirage PlugX WhiteBird
2020-07-20Risky.bizDaniel Gordon
What even is Winnti?
CCleaner Backdoor Ghost RAT PlugX ZXShell
2020-07-20or10nlabsoR10n
Reverse Engineering the New Mustang Panda PlugX Downloader
PlugX
2020-07-15ZDNetCatalin Cimpanu
Chinese state hackers target Hong Kong Catholic Church
PlugX
2020-07-05or10nlabsoR10n
Reverse Engineering the Mustang Panda PlugX RAT – Extracting the Config
PlugX
2020-07-01ContextisLampros Noutsos, Oliver Fay
DLL Search Order Hijacking
Cobalt Strike PlugX
2020-06-14BushidoTokenBushidoToken
Deep-dive: The DarkHotel APT
Asruex Ghost RAT Ramsay Retro Unidentified 076 (Higaisa LNK to Shellcode)
2020-06-05PrevailionDanny Adamitis
The Gh0st Remains the Same
Ghost RAT
2020-06-04PTSecurityPT ESC Threat Intelligence
COVID-19 and New Year greetings: an investigation into the tools and methods used by the Higaisa group
Ghost RAT
2020-06-03Trend MicroDaniel Lunghi
How to perform long term monitoring of careless threat actors
BBSRAT HyperBro Trochilus RAT
2020-06-03Kaspersky LabsGiampaolo Dedola, GReAT, Mark Lechtik
Cycldek: Bridging the (air) gap
8.t Dropper NewCore RAT PlugX USBCulprit GOBLIN PANDA Hellsing
2020-06-02Lab52Jagaimo Kawaii
Mustang Panda Recent Activity: Dll-Sideloading trojans with temporal C2 servers
PlugX
2020-05-24or10nlabsoR10n
Reverse Engineering the Mustang Panda PlugX Loader
PlugX
2020-05-20Medium Asuna AmawakaAsuna Amawaka
What happened between the BigBadWolf and the Tiger?
Ghost RAT
2020-05-15Twitter (@stvemillertime)Steve Miller
Tweet on SOGU development timeline, including TIGERPLUG IOCs
PlugX
2020-05-14Lab52Dex
The energy reserves in the Eastern Mediterranean Sea and a malicious campaign of APT10 against Turkey
Cobalt Strike HTran MimiKatz PlugX Quasar RAT
2020-05-14Avast DecodedLuigino Camastra
APT Group Planted Backdoors Targeting High Profile Networks in Central Asia
BYEBY Ghost RAT Microcin MimiKatz Vicious Panda
2020-05-01Viettel CybersecurityCyberthreat
Chiến dịch của nhóm APT Trung Quốc Goblin Panda tấn công vào Việt Nam lợi dụng đại dịch Covid-19 (phần 1)
NewCore RAT PlugX
2020-04-07BlackberryBlackberry Research
Decade of the RATS: Cross-Platform APT Espionage Attacks Targeting Linux, Windows and Android
Penquin Turla XOR DDoS ZXShell
2020-03-25Team CymruTeam Cymru
How the Iranian Cyber Security Agency Detects Emissary Panda Malware
HyperBro
2020-03-22AnomaliAnomali Threat Research
COVID-19 Themes Are Being Utilized by Threat Actors of Varying Sophistication
PlugX
2020-03-19VinCSSm4n0w4r
Analysis of malware taking advantage of the Covid-19 epidemic to spread fake "Directive of Prime Minister Nguyen Xuan Phuc" - Part 2
PlugX
2020-03-10VinCSSm4n0w4r
[RE012] Analysis of malware taking advantage of the Covid-19 epidemic to spread fake "Directive of Prime Minister Nguyen Xuan Phuc" - Part 1
PlugX
2020-03-05SophosLabsSergei Shevchenko
Cloud Snooper Attack Bypasses AWS Security Measures
Cloud Snooper Ghost RAT
2020-03-02Virus BulletinAlex Hinchliffe
Pulling the PKPLUG: the adversary playbook for the long-standing espionage activity of a Chinese nation-state adversary
HenBox Farseer PlugX Poison Ivy
2020-02-21ADEO DFIRADEO DFIR
APT10 Threat Analysis Report
CHINACHOPPER HTran MimiKatz PlugX Quasar RAT
2020-02-18Trend MicroCedric Pernet, Daniel Lunghi, Jamz Yaneza, Kenney Lu
Uncovering DRBControl: Inside the Cyberespionage Campaign Targeting Gambling Operations
Cobalt Strike HyperBro PlugX Trochilus RAT
2020-02-17Talent-Jump TechnologiesTheo Chen, Zero Chen
CLAMBLING - A New Backdoor Base On Dropbox
HyperBro PlugX
2020-01-31AviraShahab Hamzeloofard
New wave of PlugX targets Hong Kong
PlugX
2020-01-31YouTube (Context Information Security)Contextis
New AVIVORE threat group – how they operate and managing the risk
PlugX
2020-01-13Lab52Jagaimo Kawaii
APT27 ZxShell RootKit module updates
ZXShell
2020-01-01SecureworksSecureWorks
BRONZE PRESIDENT
CHINACHOPPER Cobalt Strike PlugX MUSTANG PANDA
2020-01-01FireEyeMandiant, Mitchell Clarke, Tom Hall
Mandiant IR Grab Bag of Attacker Activity
TwoFace CHINACHOPPER HyperBro HyperSSL
2020-01-01SecureworksSecureWorks
BRONZE ATLAS
Speculoos Winnti ACEHASH CCleaner Backdoor CHINACHOPPER Empire Downloader HTran MimiKatz PlugX Winnti APT41
2020-01-01SecureworksSecureWorks
BRONZE EDISON
Ghost RAT sykipot APT4 SAMURAI PANDA
2020-01-01SecureworksSecureWorks
BRONZE OLIVE
ANGRYREBEL PlugX APT22
2020-01-01SecureworksSecureWorks
BRONZE UNION
9002 RAT CHINACHOPPER Enfal Ghost RAT HttpBrowser HyperBro owaauth PlugX Poison Ivy ZXShell APT27
2020-01-01SecureworksSecureWorks
BRONZE KEYSTONE
9002 RAT BLACKCOFFEE DeputyDog Derusbi HiKit PlugX Poison Ivy ZXShell APT17
2020-01-01SecureworksSecureWorks
BRONZE RIVERSIDE
Anel ChChes Cobalt Strike PlugX Poison Ivy Quasar RAT RedLeaves APT10
2020-01-01SecureworksSecureWorks
BRONZE OVERBROOK
Aveo DDKONG IsSpace PLAINTEE PlugX Rambo DragonOK
2020-01-01SecureworksSecureWorks
BRONZE FIRESTONE
9002 RAT Derusbi Empire Downloader PlugX Poison Ivy APT19
2020-01-01DragosJoe Slowik
Threat Intelligence and the Limits of Malware Analysis
Exaramel Exaramel Industroyer Lookback NjRAT PlugX
2020-01-01SecureworksSecureWorks
BRONZE GLOBE
EtumBot Ghost RAT APT12
2020-01-01SecureworksSecureWorks
BRONZE FLEETWOOD
Binanen Ghost RAT OrcaRAT APT5
2020-01-01SecureworksSecureWorks
BRONZE MOHAWK
AIRBREAK scanbox BLACKCOFFEE CHINACHOPPER Cobalt Strike Derusbi homefry murkytop SeDll APT40
2020-01-01SecureworksSecureWorks
BRONZE WOODLAND
PlugX Zeus Roaming Tiger
2020-01-01SecureworksSecureWorks
BRONZE EXPRESS
9002 RAT CHINACHOPPER IsSpace NewCT PlugX smac APT26
2019-12-29SecureworksCTU Research Team
BRONZE PRESIDENT Targets NGOs
PlugX
2019-12-12MicrosoftMicrosoft Threat Intelligence Center
GALLIUM: Targeting global telecom
CHINACHOPPER Ghost RAT HTran MimiKatz Poison Ivy GALLIUM
2019-11-19FireEyeKelli Vanderlee, Nalani Fraser
Achievement Unlocked: Chinese Cyber Espionage Evolves to Support Higher Level Missions
MESSAGETAP TSCookie ACEHASH CHINACHOPPER Cobalt Strike Derusbi Empire Downloader Ghost RAT HIGHNOON HTran MimiKatz NetWire RC poisonplug Poison Ivy pupy Quasar RAT ZXShell
2019-11-16Silas Cutler's BlogSilas Cutler
Fresh PlugX October 2019
PlugX
2019-11-11Virus BulletinHiroshi Soeda, Shusei Tomonaga, Tomoaki Tani, Wataru Takahashi
APT cases exploiting vulnerabilities in region‑specific software
NodeRAT Emdivi PlugX
2019-11-04TencentTencent Security Mikan TIC
APT attack group "Higaisa" attack activity disclosed
Ghost RAT Higaisa
2019-10-31PTSecurityPTSecurity
Calypso APT: new group attacking state institutions
BYEBY FlyingDutchman Hussar PlugX
2019-10-22ContextisContextis
AVIVORE - An overview of Tools, Techniques and Procedures (Whitepaper)
PlugX Avivore
2019-10-03Palo Alto Networks Unit 42Alex Hinchliffe
PKPLUG: Chinese Cyber Espionage Group Attacking Asia
HenBox Farseer PlugX
2019-10-03ComputerWeeklyAlex Scroxton
New threat group behind Airbus cyber attacks, claim researchers
PlugX Avivore
2019-09-23MITREMITRE ATT&CK
APT41
Derusbi MESSAGETAP Winnti ASPXSpy BLACKCOFFEE CHINACHOPPER Cobalt Strike Derusbi Empire Downloader Ghost RAT MimiKatz NjRAT PlugX ShadowPad Winnti ZXShell APT41
2019-09-19MeltX0R
Emissary Panda APT: Recent infrastructure and RAT analysis
ZXShell
2019-09-17TalosChristopher Evans, David Liebenberg
Cryptocurrency miners aren’t dead yet: Documenting the voracious but simple “Panda”
Ghost RAT
2019-08-27Cisco TalosPaul Rascagnères, Vanja Svajcer
China Chopper still active 9 years later
CHINACHOPPER
2019-08-19FireEyeAlex Pennino, Matt Bromiley
GAME OVER: Detecting and Stopping an APT41 Operation
ACEHASH CHINACHOPPER HIGHNOON
2019-07-21One Night in NorfolkKevin Perlow
Emissary Panda DLL Backdoor
HyperSSL
2019-06-25CybereasonCybereason Nocturnus
OPERATION SOFT CELL: A WORLDWIDE CAMPAIGN AGAINST TELECOMMUNICATIONS PROVIDERS
CHINACHOPPER HTran MimiKatz Poison Ivy Operation Soft Cell
2019-06-19YouTube (44CON Information Security Conference)Kevin O’Reilly
The Malware CAPE: Automated Extraction of Configuration and Payloads from Sophisticated Malware
PlugX
2019-06-13ae CERTae CERT
Advanced Notification of Cyber Threats against Family of Malware Giving Remote Access to Computers
HyperBro HyperSSL
2019-06-03FireEyeChi-en Shen
Into the Fog - The Return of ICEFOG APT
Icefog PlugX Sarhust
2019-05-28Palo Alto Networks Unit 42Robert Falcone, Tom Lancaster
Emissary Panda Attacks Middle East Government Sharepoint Servers
CHINACHOPPER HyperSSL
2019-05-24FortinetBen Hunter
Uncovering new Activity by APT10
PlugX Quasar RAT
2019-04-25DATANETKim Seon-ae
Chinese-based hackers attack domestic energy institutions
CALMTHORN Ghost RAT
2019-03-19NSHCThreatRecon Team
SectorM04 Targeting Singapore – An Analysis
PlugX Termite
2019-02-27SecureworksCTU Research Team
A Peek into BRONZE UNION’s Toolbox
Ghost RAT HyperBro ZXShell
2019-01-07IntezerIgnacio Sanmillan
ChinaZ Revelations: Revealing ChinaZ Relationships with other Chinese Threat Actor Groups
Ghost RAT
2019-01-01MITREMITRE ATT&CK
Group description: Threat Group-3390
APT27
2019-01-01Council on Foreign RelationsCyber Operations Tracker
Iron Tiger
APT27
2019-01-01Virus BulletinBowen Pan, Lion Gu
A vine climbing over the Great Firewall: A long-term attack against China
Poison Ivy ZXShell
2019-01-01MITREMITRE ATT&CK
Tool description: China Chopper
CHINACHOPPER
2018-12-14Australian Cyber Security CentreASD
Investigationreport: Compromise of an Australian companyvia their Managed Service Provider
PlugX RedLeaves
2018-09-19Möbius Strip Reverse EngineeringRolf Rolles
Hex-Rays Microcode API vs. Obfuscating Compiler
Ghost RAT
2018-09-10Kaspersky LabsGReAT
LuckyMouse signs malicious NDISProxy driver with certificate of Chinese IT company
Unidentified 080 APT27
2018-08-21Trend MicroJaromír Hořejší, Joseph C Chen, Kawabata Kohei, Kenney Lu
Operation Red Signature Targets South Korean Companies
9002 RAT PlugX
2018-07-31Medium SebdravenSébastien Larinier
Malicious document targets Vietnamese officials
8.t Dropper PlugX 1937CN
2018-06-15Bleeping ComputerCatalin Cimpanu
Chinese Cyber-Espionage Group Hacked Government Data Center
APT27
2018-06-13Kaspersky LabsDenis Legezo
LuckyMouse hits national data center to organize country-level waterholing campaign
HyperBro APT27
2018-05-18NCC GroupNikolaos Pantazopoulos, Thomas Henry
Emissary Panda – A potential new malicious tool
HttpBrowser
2018-05-09COUNT UPON SECURITYLuis Rocha
Malware Analysis - PlugX - Part 2
PlugX
2018-04-20NCC GroupNikolaos Pantazopoulos
Decoding network data from a Gh0st RAT variant
Ghost RAT APT27
2018-04-17NCC GroupNikolaos Pantazopoulos
Decoding network data from a Gh0st RAT variant
Ghost RAT APT27
2018-03-16FireEyeFireEye
Suspected Chinese Cyber Espionage Group (TEMP.Periscope) Targeting U.S. Engineering and Maritime Industries
badflick BLACKCOFFEE CHINACHOPPER homefry murkytop SeDll APT40
2018-03-13Kaspersky LabsDenis Makrushin, Yury Namestnikov
Time of death? A therapeutic postmortem of connected medicine
PlugX
2018-02-04COUNT UPON SECURITYLuis Rocha
MALWARE ANALYSIS – PLUGX
PlugX
2018-02-01BitdefenderBogdan Botezatu, Ivona Alexandra Chili
Operation PZChao: a possible return of the Iron Tiger APT
APT27
2018-02-01BitdefenderBitdefender Team
Operation PZCHAO Inside a highly specialized espionage infrastructure
Ghost RAT APT27
2018-01-04Malware Traffic AnalysisBrad Duncan
MALSPAM PUSHING PCRAT/GH0ST
Ghost RAT
2017-12-20CrowdStrikeAdam Kozy
An End to “Smash-and-Grab” and a Move to More Targeted Approaches
CHINACHOPPER
2017-12-19ProofpointDarien Huss
North Korea Bitten by Bitcoin Bug
QUICKCAFE PowerSpritz Ghost RAT PowerRatankba
2017-12-19ProofpointDarien Huss
North Korea Bitten by Bitcoin Bug: Financially motivated campaigns reveal new dimension of the Lazarus Group
Ghost RAT
2017-12-18LACYoshihiro Ishikawa
Relationship between PlugX and attacker group "DragonOK"
PlugX
2017-06-27SecureworksCTU Research Team
BRONZE UNION Cyberespionage Persists Despite Disclosures
APT27
2017-06-27Palo Alto Networks Unit 42Esmid Idrizovic, Tom Lancaster
Paranoid PlugX
PlugX
2017-05-31MITREMITRE ATT&CK
Axiom
Derusbi 9002 RAT BLACKCOFFEE Derusbi Ghost RAT HiKit PlugX ZXShell APT17
2017-05-31MITREMITRE ATT&CK
PittyTiger
Enfal Ghost RAT MimiKatz Poison Ivy APT24
2017-05-31MITREMITRE
APT18
Ghost RAT HttpBrowser APT18
2017-04-27US-CERTUS-CERT
Alert (TA17-117A): Intrusions Affecting Multiple Victims Across Multiple Sectors
PlugX RedLeaves
2017-04-03JPCERT/CCShusei Tomonaga
RedLeaves - Malware Based on Open Source RAT
PlugX RedLeaves Trochilus RAT
2017-04-01PricewaterhouseCoopersPricewaterhouseCoopers
Operation Cloud Hopper: Technical Annex
ChChes PlugX Quasar RAT RedLeaves Trochilus RAT
2017-02-25Financial Security InstituteKyoung-Ju Kwak (郭炅周)
Silent RIFLE: Response Against Advanced Threat
Ghost RAT
2017-02-21JPCERT/CCShusei Tomonaga
PlugX + Poison Ivy = PlugIvy? - PlugX Integrating Poison Ivy’s Code
PlugX
2017-02-13RSARSA Research
KINGSLAYER – A SUPPLY CHAIN ATTACK
CodeKey PlugX
2016-10-28Github (smb01)smb01
zxshell repository
ZXShell
2016-10-17ThreatConnectThreatConnect
A Tale of Two Targets
HttpBrowser APT27
2016-08-25MalwarebytesMalwarebytes Labs
Unpacking the spyware disguised as antivirus
PlugX
2016-06-13Macnica NetworksMacnica Networks
Survey of the actual situation of the large-scale cyber spy activity that hit Japan | 1st edition
Emdivi PlugX
2016-04-22CylanceIsaac Palmer
The Ghost Dragon
Ghost RAT
2016-01-22RSA LinkNorton Santos
PlugX APT Malware
PlugX
2015-09-17Trend MicroTrendmicro
Operation Iron Tiger: Exploring Chinese Cyber-Espionage Attacks on United States Defense Contractors
APT27
2015-09-16Trend MicroChristopher Budd
Operation Iron Tiger: Attackers Shift from East Asia to the United States
APT27
2015-08-05SecureworksCTU Research Team
Threat Group 3390 Cyberespionage
APT27
2015-08-05Ars TechnicaSean Gallagher
Newly discovered Chinese hacking group hacked 100+ websites to use as “watering holes”
APT27
2015-08-01Arbor NetworksASERT Team
Uncovering the Seven Pointed Dagger
9002 RAT EvilGrab PlugX Trochilus RAT APT9
2015-02-27ThreatConnectThreatConnect Research Team
The Anthem Hack: All Roads Lead to China
HttpBrowser
2015-02-06CrowdStrikeCrowdStrike
CrowdStrike Global Threat Intel Report 2014
BlackPOS CryptoLocker Derusbi Elise Enfal EvilGrab Gameover P2P HttpBrowser Medusa Mirage Naikon NetTraveler pirpi PlugX Poison Ivy Sakula RAT Sinowal sykipot taidoor
2015-01-29JPCERT/CCShusei Tomonaga
Analysis of a Recent PlugX Variant - “P2P PlugX”
PlugX
2014-10-28CiscoAlain Zidouemba, Andrea Allievi, Douglas Goddard, Shaun Hurley
Threat Spotlight: Group 72, Opening the ZxShell
ZXShell
2014-06-27SophosLabsGabor Szappanos
PlugX - The Next Generation
PlugX
2014-06-10FireEyeMike Scott
Clandestine Fox, Part Deux
PlugX
2014-01-22SC MagazineSteve Gold
Iran and Russia blamed for state-sponsored espionage
APT27
2014-01-06AirbusFabien Perigaud
PlugX: some uncovered points
PlugX
2013-08-07FireEyeDennis Hanzlik, Ian Ahl, Tony Lee
Breaking Down the China Chopper Web Shell - Part I
CHINACHOPPER
2013-03-29Computer Incident Response Center LuxembourgCIRCL
Analysis Report (TLP:WHITE) Analysis of a PlugX variant (PlugX version 7.0)
PlugX
2013-03-26ContextisKevin O’Reilly
PlugX–Payload Extraction
PlugX
2013-02-27Trend MicroAbraham Camba
BKDR_RARSTONE: New RAT to Watch Out For
PlugX Naikon
2012-02-10tracker.h3x.euMalware Corpus Tracker
Info for Family: plugx
PlugX
2012-01-01Norman ASASnorre Fagerland
The many faces of Gh0st Rat
Ghost RAT
2011-06-29SymantecJohn McDonald
Inside a Back Door Attack
Ghost RAT Dust Storm
2009-03-28Infinitum LabsInformation Warfare Monitor
Tracking GhostNet: Investigating a Cyber Espionage Network
Ghost RAT GhostNet

Credits: MISP Project