Hellsing (Threat Actor)

SYMBOL	COMMON_NAME	aka. SYNONYMS

Hellsing (Back to overview)

This threat actor uses spear-phishing techniques to compromise diplomatic targets in Southeast Asia, India, and the United States. It also seems to have targeted the APT 30. Possibly uses the same infrastructure as Mirage

Associated Families

elf.lootwodniw win.usbculprit win.8t_dropper win.grillmark win.newcore_rat win.plugx win.sisfader

References

2023-09-08 ⋅ PolySwarm Tech Team ⋅ The Hivemind
Carderbee Targets Hong Kong in Supply Chain Attack
PlugX

2023-09-07 ⋅ Sekoia ⋅ Jamila B.
My Tea’s not cold. An overview of China’s cyber threat
Melofee PingPull SoWaT Sword2033 MgBot MQsTTang PlugX TONESHELL Dalbit

2023-08-22 ⋅ Symantec ⋅ Threat Hunter Team
Carderbee: APT Group use Legit Software in Supply Chain Attack Targeting Orgs in Hong Kong
PlugX Carderbee

2023-08-07 ⋅ Recorded Future ⋅ Insikt Group
RedHotel: A Prolific, Chinese State-Sponsored Group Operating at a Global Scale
Winnti Brute Ratel C4 Cobalt Strike FunnySwitch PlugX ShadowPad Spyder Earth Lusca

2023-07-11 ⋅ Mandiant ⋅ Rommel Joven, Ng Choon Kiat
The Spies Who Loved You: Infected USB Drives to Steal Secrets
PlugX

2023-07-03 ⋅ Check Point Research ⋅ Checkpoint Research
Chinese Threat Actors Targeting Europe in SmugX Campaign
PlugX SmugX

2023-05-15 ⋅ Symantec ⋅ Threat Hunter Team
Lancefly: Group Uses Custom Backdoor to Target Orgs in Government, Aviation, Other Sectors
Merdoor PlugX ShadowPad ZXShell Lancefly

2023-05-03 ⋅ Lab52 ⋅ Lab52
New Mustang Panda’s campaing against Australia
PlugX

2023-04-18 ⋅ Mandiant ⋅ Mandiant
M-Trends 2023
QUIETEXIT AppleJeus Black Basta BlackCat CaddyWiper Cobalt Strike Dharma HermeticWiper Hive INDUSTROYER2 Ladon LockBit Meterpreter PartyTicket PlugX QakBot REvil Royal Ransom SystemBC WhisperGate

2023-04-05 ⋅ Medium Ilandu ⋅ Ilan Duhin
PortDoor - APT Backdoor analysis
ACBackdoor 8.t Dropper PortDoor

2023-03-30 ⋅ Recorded Future ⋅ Insikt Group
With KEYPLUG, China’s RedGolf Spies On, Steals From Wide Field of Targets
KEYPLUG Cobalt Strike PlugX

2023-03-09 ⋅ Sophos ⋅ Gabor Szappanos
A border-hopping PlugX USB worm takes its act on the road
PlugX

2023-03-09 ⋅ ASEC ⋅ Sanseo
PlugX Malware Being Distributed via Vulnerability Exploitation
PlugX

2023-03-07 ⋅ Check Point Research ⋅ Check Point Research
Pandas with a Soul: Chinese Espionage Attacks Against Southeast Asian Government Entities
5.t Downloader 8.t Dropper Soul

2023-02-24 ⋅ Trend Micro ⋅ Buddy Tancio, Jed Valderama, Catherine Loveria
Investigating the PlugX Trojan Disguised as a Legitimate Windows Debugger Tool
PlugX

2023-02-07 ⋅ MalGamy ⋅ MalGamy
The Approach of TA413 for Tibetan Targets
8.t Dropper LOWZERO

2023-02-02 ⋅ EclecticIQ ⋅ EclecticIQ Threat Research Team
Mustang Panda APT Group Uses European Commission-Themed Lure to Deliver PlugX Malware
PlugX

2023-01-26 ⋅ Palo Alto Networks Unit 42 ⋅ Mike Harbison, Jen Miller-Osborn
Chinese PlugX Malware Hidden in Your USB Devices?
PlugX

2023-01-26 ⋅ TEAMT5 ⋅ Still Hsu
Brief History of MustangPanda and its PlugX Evolution
PlugX

2023-01-09 ⋅ kienmanowar Blog ⋅ m4n0w4r, Tran Trung Kien
[QuickNote] Another nice PlugX sample
PlugX

2022-12-27 ⋅ kienmanowar Blog ⋅ m4n0w4r, Tran Trung Kien
Diving into a PlugX sample of Mustang Panda group
PlugX

2022-12-22 ⋅ Recorded Future ⋅ Insikt Group
RedDelta Targets European Government Organizations and Continues to Iterate Custom PlugX Variant
PlugX RedDelta

2022-12-06 ⋅ Blackberry ⋅ BlackBerry Research & Intelligence Team
Mustang Panda Uses the Russian-Ukrainian War to Attack Europe and Asia Pacific Targets
PlugX

2022-12-02 ⋅ Avast Decoded ⋅ Threat Intelligence Team
Hitching a ride with Mustang Panda
PlugX

2022-11-30 ⋅ FFRI Security ⋅ Matsumoto
Evolution of the PlugX loader
PlugX Poison Ivy

2022-10-06 ⋅ Blackberry ⋅ The BlackBerry Research & Intelligence Team
Mustang Panda Abuses Legitimate Apps to Target Myanmar Based Victims
PlugX

2022-09-29 ⋅ Symantec ⋅ Threat Hunter Team
Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East
CHINACHOPPER Lookback MimiKatz PlugX Unidentified 096 (Keylogger) x4 Witchetty

2022-09-26 ⋅ Palo Alto Networks Unit 42 ⋅ Daniela Shalev, Itay Gamliel
Hunting for Unsigned DLLs to Find APTs
PlugX Raspberry Robin Roshtyak

2022-09-22 ⋅ Recorded Future ⋅ Insikt Group®
Chinese State-Sponsored Group TA413 Adopts New Capabilities in Pursuit of Tibetan Targets
8.t Dropper LOWZERO

2022-09-14 ⋅ Security Joes ⋅ Felipe Duarte
Dissecting PlugX to Extract Its Crown Jewels
PlugX

2022-09-13 ⋅ Symantec ⋅ Threat Hunter Team
New Wave of Espionage Activity Targets Asian Governments
MimiKatz PlugX Quasar RAT ShadowPad Trochilus RAT

2022-09-09 ⋅ Github (m4now4r) ⋅ m4n0w4r
“Mustang Panda” – Enemy at the gate
PlugX

2022-09-08 ⋅ Secureworks ⋅ Counter Threat Unit ResearchTeam
BRONZE PRESIDENT Targets Government Officials
PlugX

2022-09-08 ⋅ Cybereason ⋅ Kotaro Ogino, Yuki Shibuya, Aleksandar Milenkoski
Threat Analysis Report: PlugX RAT Loader Evolution
PlugX

2022-07-18 ⋅ YouTube (Security Joes) ⋅ Felipe Duarte
PlugX DLL Side-Loading Technique
PlugX

2022-07-18 ⋅ Palo Alto Networks Unit 42 ⋅ Unit 42
Shallow Taurus
FormerFirstRAT IsSpace NewCT PlugX Poison Ivy Tidepool DragonOK

2022-07-07 ⋅ Sentinel LABS ⋅ Tom Hegel
Targets of Interest - Russian Organizations Increasingly Under Attack By Chinese APTs
8.t Dropper Korlia

2022-06-27 ⋅ Kaspersky ICS CERT ⋅ Artem Snegirev, Kirill Kruglov
Attacks on industrial control systems using ShadowPad
Cobalt Strike PlugX ShadowPad

2022-06-23 ⋅ Secureworks ⋅ Counter Threat Unit ResearchTeam
BRONZE STARLIGHT Ransomware Operations Use HUI Loader
ATOMSILO Cobalt Strike HUI Loader LockFile NightSky Pandora PlugX Quasar RAT Rook SodaMaster

2022-05-23 ⋅ Trend Micro ⋅ Daniel Lunghi, Jaromír Hořejší
Operation Earth Berberoka
reptile oRAT Ghost RAT PlugX pupy Earth Berberoka

2022-05-20 ⋅ VinCSS ⋅ m4n0w4r, Tran Trung Kien, Dang Dinh Phuong
[RE027] China-based APT Mustang Panda might have still continued their attack activities against organizations in Vietnam
PlugX

2022-05-17 ⋅ Positive Technologies ⋅ Positive Technologies
Space Pirates: analyzing the tools and connections of a new hacker group
FormerFirstRAT PlugX Poison Ivy Rovnix ShadowPad Zupdax

2022-05-16 ⋅ JPCERT/CC ⋅ Shusei Tomonaga
Analysis of HUI Loader
HUI Loader PlugX Poison Ivy Quasar RAT

2022-05-12 ⋅ TEAMT5 ⋅ Leon Chang, Silvia Yeh
The Next Gen PlugX/ShadowPad? A Dive into the Emerging China-Nexus Modular Trojan, Pangolin8RAT (slides)
KEYPLUG Cobalt Strike CROSSWALK FunnySwitch PlugX ShadowPad Winnti SLIME29 TianWu

2022-05-05 ⋅ Cisco Talos ⋅ Jung soo An, Asheer Malhotra, Justin Thattil, Aliza Berk, Kendall McKay
Mustang Panda deploys a new wave of malware targeting Europe
Cobalt Strike Meterpreter PlugX Unidentified 094

2022-05-02 ⋅ Sentinel LABS ⋅ Joey Chen, Amitai Ben Shushan Ehrlich
Moshen Dragon’s Triad-and-Error Approach | Abusing Security Software to Sideload PlugX and ShadowPad
PlugX ShadowPad

2022-04-28 ⋅ DARKReading ⋅ Jai Vijayan
Chinese APT Bronze President Mounts Spy Campaign on Russian Military
PlugX MUSTANG PANDA

2022-04-28 ⋅ PWC ⋅ PWC UK
Cyber Threats 2021: A Year in Retrospect (Annex)
Cobalt Strike Conti PlugX RokRAT Inception Framework Red Menshen

2022-04-27 ⋅ Trend Micro ⋅ Daniel Lunghi, Jaromír Hořejší
New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware
HelloBot AsyncRAT Ghost RAT HelloBot PlugX Quasar RAT Earth Berberoka

2022-04-27 ⋅ Trendmicro ⋅ Trendmicro
IOCs for Earth Berberoka - Windows
AsyncRAT Cobalt Strike PlugX Quasar RAT Earth Berberoka

2022-04-27 ⋅ Secureworks ⋅ Counter Threat Unit ResearchTeam
BRONZE PRESIDENT Targets Russian Speakers with Updated PlugX
PlugX

2022-04-27 ⋅ Trendmicro ⋅ Daniel Lunghi, Jaromír Hořejší
Operation Gambling Puppet
reptile oRAT AsyncRAT Cobalt Strike DCRat Ghost RAT PlugX Quasar RAT Trochilus RAT Earth Berberoka

2022-04-14 ⋅ NSHC RedAlert Labs ⋅ NSHC Threatrecon Team
Hacking activity of SectorB Group in 2021 Chinese government supported hacking group SectorB
PlugX

2022-04-12 ⋅ Max Kersten's Blog ⋅ Max Kersten
Ghidra script to handle stack strings
CaddyWiper PlugX

2022-03-28 ⋅ Trellix ⋅ Max Kersten, Marc Elias
PlugX: A Talisman to Behold
PlugX

2022-03-25 ⋅ ESET Research ⋅ Alexandre Côté Cyr
Mustang Panda's Hodur: Old stuff, new variant of Korplug
PlugX

2022-03-24 ⋅ Threat Post ⋅ Nate Nelson
Chinese APT Combines Fresh Hodur RAT with Complex Anti-Detection
PlugX

2022-03-23 ⋅ ESET Research ⋅ Alexandre Côté Cyr
Mustang Panda’s Hodur: Old tricks, new Korplug variant
PlugX

2022-03-23 ⋅ BleepingComputer ⋅ Bill Toulas
New Mustang Panda hacking campaign targets diplomats, ISPs
PlugX

2022-03-07 ⋅ Proofpoint ⋅ Michael Raggi, Myrtus 0x0
The Good, the Bad, and the Web Bug: TA416 Increases Operational Tempo Against European Governments as Conflict in Ukraine Escalates
PlugX

2022-02-17 ⋅ SinaCyber ⋅ Adam Kozy
Testimony before the U.S.-China Economic and Security Review Commission Hearing on “China’s Cyber Capabilities: Warfare, Espionage, and Implications for the United States”
PlugX APT26 APT41

2022-01-06 ⋅ Cyber And Ramen blog ⋅ Mike R
A “GULP” of PlugX
PlugX

2021-12-01 ⋅ ESET Research ⋅ Alexis Dorais-Joncas, Facundo Muñoz
Jumping the air gap: 15 years of nation‑state effort
Agent.BTZ Fanny Flame Gauss PlugX Ramsay Retro Stuxnet USBCulprit USBferry

2021-11-18 ⋅ Cisco ⋅ Josh Pyorre
BlackMatter, LockBit, and THOR
BlackMatter LockBit PlugX

2021-11-04 ⋅ Youtube (Virus Bulletin) ⋅ Yi-Jhen Hsieh, Joey Chen
ShadowPad: the masterpiece of privately sold malware in Chinese espionage
PlugX ShadowPad

2021-10-26 ⋅ Kaspersky ⋅ Kaspersky Lab ICS CERT
APT attacks on industrial organizations in H1 2021
8.t Dropper AllaKore AsyncRAT GoldMax LimeRAT NjRAT NoxPlayer Raindrop ReverseRAT ShadowPad Zebrocy

2021-10-18 ⋅ NortonLifeLock ⋅ Norton Labs
Operation Exorcist - 7 Years of Targeted Attacks against the Roman Catholic Church
NewBounce PlugX Zupdax

2021-09-28 ⋅ Recorded Future ⋅ Insikt Group®
4 Chinese APT Groups Identified Targeting Mail Server of Afghan Telecommunications Firm Roshan
PlugX Winnti

2021-09-14 ⋅ McAfee ⋅ Christiaan Beek
Operation ‘Harvest’: A Deep Dive into a Long-term Campaign
MimiKatz PlugX Winnti

2021-09-10 ⋅ The Record ⋅ Catalin Cimpanu
Indonesian intelligence agency compromised in suspected Chinese hack
PlugX

2021-09-01 ⋅ YouTube (Black Hat) ⋅ Aragorn Tseng, Charles Li
Mem2Img: Memory-Resident Malware Detection via Convolution Neural Network
Cobalt Strike PlugX Waterbear

2021-09-01 ⋅ YouTube (Hack In The Box Security Conference) ⋅ Yi-Jhen Hsieh, Joey Chen
SHADOWPAD: Chinese Espionage Malware-as-a-Service
PlugX ShadowPad

2021-08-23 ⋅ SentinelOne ⋅ Yi-Jhen Hsieh, Joey Chen
ShadowPad: the Masterpiece of Privately Sold Malware in Chinese Espionage
PlugX ShadowPad

2021-07-27 ⋅ Palo Alto Networks Unit 42 ⋅ Mike Harbison, Alex Hinchliffe
THOR: Previously Unseen PlugX Variant Deployed During Microsoft Exchange Server Attacks by PKPLUG Group
PlugX

2021-07-21 ⋅ Bitdefender ⋅ Bogdan Botezatu, Victor Vrabie
LuminousMoth – PlugX, File Exfiltration and Persistence Revisited
PlugX

2021-06-16 ⋅ Recorded Future ⋅ Insikt Group®
Threat Activity Group RedFoxtrot Linked to China’s PLA Unit 69010; Targets Bordering Asian Countries
Icefog PcShare PlugX Poison Ivy QuickHeal DAGGER PANDA

2021-06-02 ⋅ Twitter (@xorhex) ⋅ Xorhex
Tweet on new variant of PlugX from RedDelta Group
PlugX

2021-06-02 ⋅ xorhex blog ⋅ Twitter (@xorhex)
RedDelta PlugX Undergoing Changes and Overlapping Again with Mustang Panda PlugX Infrastructure
PlugX

2021-05-27 ⋅ xorhex blog ⋅ Twitter (@xorhex)
Mustang Panda PlugX - Reused Mutex and Folder Found in the Extracted Config
PlugX

2021-05-17 ⋅ xorhex blog ⋅ Twitter (@xorhex)
Mustang Panda PlugX - 45.251.240.55 Pivot
PlugX

2021-05-07 ⋅ TEAMT5 ⋅ Aragorn Tseng, Charles Li
Mem2Img: Memory-Resident Malware Detection via Convolution Neural Network
Cobalt Strike PlugX Waterbear

2021-03-29 ⋅ The Record ⋅ Catalin Cimpanu
RedEcho group parks domains after public exposure
PlugX ShadowPad RedEcho

2021-03-25 ⋅ Recorded Future ⋅ Insikt Group®
Suspected Chinese Group Calypso APT Exploiting Vulnerable Microsoft Exchange Servers
Meterpreter PlugX

2021-03-17 ⋅ Recorded Future ⋅ Insikt Group®
China-linked TA428 Continues to Target Russia and Mongolia IT Companies
PlugX Poison Ivy TA428

2021-03-10 ⋅ ESET Research ⋅ Thomas Dupuy, Matthieu Faou, Mathieu Tartare
Exchange servers under siege from at least 10 APT groups
Microcin MimiKatz PlugX Winnti APT27 APT41 Calypso Tick ToddyCat Tonto Team Vicious Panda

2021-02-28 ⋅ Recorded Future ⋅ Insikt Group®
China-Linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions
Icefog PlugX ShadowPad

2021-02-28 ⋅ Recorded Future ⋅ Insikt Group®
China-linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions
PlugX ShadowPad RedEcho

2021-02-28 ⋅ PWC UK ⋅ PWC UK
Cyber Threats 2020: A Year in Retrospect
elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare APT10 APT23 APT27 APT31 APT41 BlackTech BRONZE EDGEWOOD Inception Framework MUSTANG PANDA Red Charon Red Nue Sea Turtle Tonto Team

2021-02-23 ⋅ CrowdStrike ⋅ CrowdStrike
2021 Global Threat Report
RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader KNOCKOUT SPIDER OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER

2021-01-20 ⋅ Trend Micro ⋅ Gilbert Sison, Abraham Camba, Ryan Maglaque
XDR investigation uncovers PlugX, unique technique in APT attack
PlugX

2021-01-15 ⋅ Swisscom ⋅ Markus Neis
Cracking a Soft Cell is Harder Than You Think
Ghost RAT MimiKatz PlugX Poison Ivy Trochilus RAT

2021-01-14 ⋅ PTSecurity ⋅ PT ESC Threat Intelligence
Higaisa or Winnti? APT41 backdoors, old and new
Cobalt Strike CROSSWALK FunnySwitch PlugX ShadowPad

2021-01-13 ⋅ AlienVault ⋅ Tom Hegel
A Global Perspective of the SideWinder APT
8.t Dropper Koadic SideWinder

2021-01-09 ⋅ Marco Ramilli's Blog ⋅ Marco Ramilli
Command and Control Traffic Patterns
ostap LaZagne Agent Tesla Azorult Buer Cobalt Strike DanaBot DarkComet Dridex Emotet Formbook IcedID ISFB NetWire RC PlugX Quasar RAT SmokeLoader TrickBot

2021-01-04 ⋅ Bleeping Computer ⋅ Ionut Ilascu
China's APT hackers move to ransomware attacks
Clambling PlugX

2021-01-04 ⋅ nao_sec blog ⋅ nao_sec
Royal Road! Re:Dive
8.t Dropper Chinoxy FlowCloud FunnyDream Lookback

2020-12-24 ⋅ IronNet ⋅ Adam Hlavek
China cyber attacks: the current threat landscape
PLEAD TSCookie FlowCloud Lookback PLEAD PlugX Quasar RAT Winnti

2020-12-10 ⋅ ESET Research ⋅ Mathieu Tartare
Operation StealthyTrident: corporate software under attack
HyperBro PlugX ShadowPad Tmanger

2020-12-10 ⋅ ESET Research ⋅ Mathieu Tartare
Operation StealthyTrident: corporate software under attack
HyperBro PlugX Tmanger TA428

2020-12-09 ⋅ Avast Decoded ⋅ Luigino Camastra, Igor Morgenstern
APT Group Targeting Governmental Agencies in East Asia
Albaniiutas HyperBro PlugX PolPo Tmanger

2020-12-09 ⋅ Avast Decoded ⋅ Luigino Camastra, Igor Morgenstern
APT Group Targeting Governmental Agencies in East Asia
Albaniiutas HyperBro PlugX Tmanger TA428

2020-11-23 ⋅ Proofpoint ⋅ Proofpoint Threat Research Team
TA416 Goes to Ground and Returns with a Golang PlugX Malware Loader
PlugX

2020-11-20 ⋅ Trend Micro ⋅ Abraham Camba, Bren Matthew Ebriega, Gilbert Sison
Weaponizing Open Source Software for Targeted Attacks
LaZagne Defray PlugX

2020-11-12 ⋅ Twitter (@ddash_ct) ⋅ ddash
Tweet on Lootwodniw
Lootwodniw

2020-11-04 ⋅ Sophos ⋅ Gabor Szappanos
A new APT uses DLL side-loads to “KilllSomeOne”
KilllSomeOne PlugX

2020-11-03 ⋅ Kaspersky Labs ⋅ GReAT
APT trends report Q3 2020
WellMail EVILNUM Janicab Poet RAT AsyncRAT Ave Maria Cobalt Strike Crimson RAT CROSSWALK Dtrack LODEINFO MoriAgent Okrum PlugX poisonplug Rover ShadowPad SoreFang Winnti

2020-10-27 ⋅ Dr.Web ⋅ Dr.Web
Study of the ShadowPad APT backdoor and its relation to PlugX
Ghost RAT PlugX ShadowPad

2020-09-24 ⋅ CARO ⋅ Mark Lechtik, Giampaolo Dedola
Cycldek aka Goblin Panda: Chronicles of the Goblin
NewCore RAT USBCulprit

2020-09-18 ⋅ Symantec ⋅ Threat Hunter Team
APT41: Indictments Put Chinese Espionage Group in the Spotlight
CROSSWALK PlugX poisonplug ShadowPad Winnti

2020-09-16 ⋅ RiskIQ ⋅ Jon Gross
RiskIQ: Adventures in Cookie Land - Part 2
8.t Dropper Chinoxy Poison Ivy

2020-09-15 ⋅ Recorded Future ⋅ Insikt Group®
Back Despite Disruption: RedDelta Resumes Operations
PlugX

2020-09-11 ⋅ ThreatConnect ⋅ ThreatConnect Research Team
Research Roundup: Activity on Previously Identified APT33 Domains
Emotet PlugX APT33

2020-08-19 ⋅ RiskIQ ⋅ Jon Gross, Cory Kennedy
RiskIQ Adventures in Cookie Land - Part 1
8.t Dropper Chinoxy

2020-08-19 ⋅ NTT Security ⋅ Fumio Ozawa, Shogo Hayashi, Rintaro Koike
Operation LagTime IT: Colorful Panda Footprint
8.t Dropper Cotx RAT Poison Ivy TA428

2020-07-29 ⋅ Recorded Future ⋅ Insikt Group
Chinese State-sponsored Group RedDelta Targets the Vatican and Catholic Organizations
PlugX

2020-07-29 ⋅ ESET Research ⋅ welivesecurity
THREAT REPORT Q2 2020
DEFENSOR ID HiddenAd Bundlore Pirrit Agent.BTZ Cerber ClipBanker CROSSWALK Cryptowall CTB Locker DanaBot Dharma Formbook Gandcrab Grandoreiro Houdini ISFB LockBit Locky Mailto Maze Microcin Nemty NjRAT Phobos PlugX Pony REvil Socelars STOP Tinba TrickBot WannaCryptor

2020-07-29 ⋅ Kaspersky Labs ⋅ GReAT
APT trends report Q2 2020
PhantomLance Dacls Penquin Turla elf.wellmess AppleJeus Dacls AcidBox Cobalt Strike Dacls EternalPetya Godlike12 Olympic Destroyer PlugX shadowhammer ShadowPad Sinowal VHD Ransomware Volgmer WellMess X-Agent XTunnel

2020-07-28 ⋅ NTT ⋅ NTT Security
CraftyPanda 標的型攻撃解析レポート
Ghost RAT PlugX

2020-07-20 ⋅ Dr.Web ⋅ Dr.Web
Study of the APT attacks on state institutions in Kazakhstan and Kyrgyzstan
Microcin Mirage PlugX WhiteBird

2020-07-20 ⋅ or10nlabs ⋅ oR10n
Reverse Engineering the New Mustang Panda PlugX Downloader
PlugX

2020-07-20 ⋅ Risky.biz ⋅ Daniel Gordon
What even is Winnti?
CCleaner Backdoor Ghost RAT PlugX ZXShell

2020-07-15 ⋅ ZDNet ⋅ Catalin Cimpanu
Chinese state hackers target Hong Kong Catholic Church
PlugX

2020-07-05 ⋅ or10nlabs ⋅ oR10n
Reverse Engineering the Mustang Panda PlugX RAT – Extracting the Config
PlugX

2020-07-01 ⋅ Contextis ⋅ Lampros Noutsos, Oliver Fay
DLL Search Order Hijacking
Cobalt Strike PlugX

2020-06-03 ⋅ Kaspersky Labs ⋅ GReAT, Mark Lechtik, Giampaolo Dedola
Cycldek: Bridging the (air) gap
8.t Dropper NewCore RAT PlugX USBCulprit GOBLIN PANDA Hellsing

2020-06-02 ⋅ Lab52 ⋅ Jagaimo Kawaii
Mustang Panda Recent Activity: Dll-Sideloading trojans with temporal C2 servers
PlugX

2020-05-24 ⋅ or10nlabs ⋅ oR10n
Reverse Engineering the Mustang Panda PlugX Loader
PlugX

2020-05-15 ⋅ Twitter (@stvemillertime) ⋅ Steve Miller
Tweet on SOGU development timeline, including TIGERPLUG IOCs
PlugX

2020-05-14 ⋅ Lab52 ⋅ Dex
The energy reserves in the Eastern Mediterranean Sea and a malicious campaign of APT10 against Turkey
Cobalt Strike HTran MimiKatz PlugX Quasar RAT

2020-05-01 ⋅ Viettel Cybersecurity ⋅ Cyberthreat
Chiến dịch của nhóm APT Trung Quốc Goblin Panda tấn công vào Việt Nam lợi dụng đại dịch Covid-19 (phần 1)
NewCore RAT PlugX

2020-03-21 ⋅ MalwareLab.pl ⋅ Maciej Kotowicz
On the Royal Road
8.t Dropper

2020-03-20 ⋅ Medium Sebdraven ⋅ Sébastien Larinier
New version of chinoxy backdoor using COVID19 alerts document lure
8.t Dropper Chinoxy

2020-03-19 ⋅ VinCSS ⋅ m4n0w4r
Phân tích mã độc lợi dụng dịch Covid-19 để phát tán giả mạo “Chỉ thị của thủ tướng Nguyễn Xuân Phúc” - Phần 2
PlugX

2020-03-12 ⋅ Check Point ⋅ Check Point Research
Vicious Panda: The COVID Campaign
8.t Dropper BYEBY Enfal Korlia Poison Ivy

2020-03-12 ⋅ Check Point Research ⋅ Check Point
Vicious Panda: The COVID Campaign
8.t Dropper Vicious Panda

2020-03-11 ⋅ Virus Bulletin ⋅ Ghareeb Saad, Michael Raggi
Attribution is in the object: using RTF object dimensions to track APT phishing weaponizers
8.t Dropper

2020-03-10 ⋅ VinCSS ⋅ m4n0w4r
[RE012] Phân tích mã độc lợi dụng dịch Covid-19 để phát tán giả mạo “Chỉ thị của thủ tướng Nguyễn Xuân Phúc” - Phần 1
PlugX

2020-03-04 ⋅ CrowdStrike ⋅ CrowdStrike
2020 CrowdStrike Global Threat Report
MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelDridex DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot Vidar Winnti ANTHROPOID SPIDER APT23 APT31 APT39 APT40 BlackTech BuhTrap Charming Kitten CLOCKWORK SPIDER DOPPEL SPIDER FIN7 Gamaredon Group GOBLIN PANDA MONTY SPIDER MUSTANG PANDA NARWHAL SPIDER NOCTURNAL SPIDER PINCHY SPIDER SALTY SPIDER SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER VICEROY TIGER

2020-03-02 ⋅ Virus Bulletin ⋅ Alex Hinchliffe
Pulling the PKPLUG: the adversary playbook for the long-standing espionage activity of a Chinese nation-state adversary
HenBox Farseer PlugX Poison Ivy

2020-02-21 ⋅ ADEO DFIR ⋅ ADEO DFIR
APT10 Threat Analysis Report
CHINACHOPPER HTran MimiKatz PlugX Quasar RAT

2020-02-18 ⋅ Trend Micro ⋅ Daniel Lunghi, Cedric Pernet, Kenney Lu, Jamz Yaneza
Uncovering DRBControl: Inside the Cyberespionage Campaign Targeting Gambling Operations
Cobalt Strike HyperBro PlugX Trochilus RAT

2020-02-17 ⋅ Talent-Jump Technologies ⋅ Theo Chen, Zero Chen
CLAMBLING - A New Backdoor Base On Dropbox
HyperBro PlugX

2020-02-12 ⋅ MeltX0R Security ⋅ MeltX0R
Goblin Panda APT: Recent infrastructure and RAT analysis
NewCore RAT

2020-01-31 ⋅ Avira ⋅ Shahab Hamzeloofard
New wave of PlugX targets Hong Kong
PlugX

2020-01-31 ⋅ YouTube (Context Information Security) ⋅ Contextis
New AVIVORE threat group – how they operate and managing the risk
PlugX

2020-01-29 ⋅ nao_sec blog ⋅ nao_sec
An Overhead View of the Royal Road
BLACKCOFFEE Cotx RAT Datper DDKONG Derusbi Icefog Korlia NewCore RAT PLAINTEE Poison Ivy Sisfader

2020 ⋅ Secureworks ⋅ SecureWorks
BRONZE ATLAS
Speculoos Winnti ACEHASH CCleaner Backdoor CHINACHOPPER Empire Downloader HTran MimiKatz PlugX Winnti APT41

2020 ⋅ Secureworks ⋅ SecureWorks
BRONZE KEYSTONE
9002 RAT BLACKCOFFEE DeputyDog Derusbi HiKit PlugX Poison Ivy ZXShell APT17

2020 ⋅ Secureworks ⋅ SecureWorks
BRONZE FIRESTONE
9002 RAT Derusbi Empire Downloader PlugX Poison Ivy APT19

2020 ⋅ Secureworks ⋅ SecureWorks
BRONZE OLIVE
ANGRYREBEL PlugX APT22

2020 ⋅ Secureworks ⋅ SecureWorks
BRONZE PRESIDENT
CHINACHOPPER Cobalt Strike PlugX MUSTANG PANDA

2020 ⋅ Secureworks ⋅ SecureWorks
BRONZE UNION
9002 RAT CHINACHOPPER Enfal Ghost RAT HttpBrowser HyperBro owaauth PlugX Poison Ivy ZXShell APT27

2020 ⋅ Secureworks ⋅ SecureWorks
BRONZE RIVERSIDE
Anel ChChes Cobalt Strike PlugX Poison Ivy Quasar RAT RedLeaves APT10

2020 ⋅ Secureworks ⋅ SecureWorks
BRONZE EXPRESS
9002 RAT CHINACHOPPER IsSpace NewCT PlugX smac APT26

2020 ⋅ Secureworks ⋅ SecureWorks
BRONZE WOODLAND
PlugX Zeus Roaming Tiger

2020-01 ⋅ Dragos ⋅ Joe Slowik
Threat Intelligence and the Limits of Malware Analysis
Exaramel Exaramel Industroyer Lookback NjRAT PlugX

2020 ⋅ Secureworks ⋅ SecureWorks
BRONZE OVERBROOK
Aveo DDKONG IsSpace PLAINTEE PlugX Rambo DragonOK

2019-12-29 ⋅ Secureworks ⋅ CTU Research Team
BRONZE PRESIDENT Targets NGOs
PlugX

2019-11-16 ⋅ Silas Cutler's Blog ⋅ Silas Cutler
Fresh PlugX October 2019
PlugX

2019-11-11 ⋅ Virus Bulletin ⋅ Shusei Tomonaga, Tomoaki Tani, Hiroshi Soeda, Wataru Takahashi
APT cases exploiting vulnerabilities in region‑specific software
NodeRAT Emdivi PlugX

2019-10-31 ⋅ PTSecurity ⋅ PTSecurity
Calypso APT: new group attacking state institutions
BYEBY FlyingDutchman Hussar PlugX

2019-10-22 ⋅ Contextis ⋅ Contextis
AVIVORE - An overview of Tools, Techniques and Procedures (Whitepaper)
PlugX Avivore

2019-10-03 ⋅ ComputerWeekly ⋅ Alex Scroxton
New threat group behind Airbus cyber attacks, claim researchers
PlugX Avivore

2019-10-03 ⋅ Palo Alto Networks Unit 42 ⋅ Alex Hinchliffe
PKPLUG: Chinese Cyber Espionage Group Attacking Asia
HenBox Farseer PlugX

2019-09-23 ⋅ MITRE ⋅ MITRE ATT&CK
APT41
Derusbi MESSAGETAP Winnti ASPXSpy BLACKCOFFEE CHINACHOPPER Cobalt Strike Derusbi Empire Downloader Ghost RAT MimiKatz NjRAT PlugX ShadowPad Winnti ZXShell APT41

2019-09-22 ⋅ Check Point Research ⋅ Check Point Research
Rancor: The Year of The Phish
8.t Dropper Cobalt Strike

2019-07-23 ⋅ Proofpoint ⋅ Michael Raggi, Dennis Schwarz, Proofpoint Threat Insight Team
Chinese APT “Operation LagTime IT” Targets Government Information Technology Agencies in Eastern Asia
8.t Dropper Cotx RAT Poison Ivy TA428

2019-06-19 ⋅ YouTube (44CON Information Security Conference) ⋅ Kevin O’Reilly
The Malware CAPE: Automated Extraction of Configuration and Payloads from Sophisticated Malware
PlugX

2019-06-03 ⋅ FireEye ⋅ Chi-en Shen
Into the Fog - The Return of ICEFOG APT
Icefog PlugX Sarhust

2019-05-24 ⋅ Fortinet ⋅ Ben Hunter
Uncovering new Activity by APT10
PlugX Quasar RAT

2019-05-02 ⋅ Medium Sebdraven ⋅ Sébastien Larinier
Goblin Panda continues to target Vietnam
NewCore RAT

2019-04-11 ⋅ FireEye ⋅ FireEye
M-Trend 2019
GRILLMARK

2019-03-19 ⋅ NSHC ⋅ ThreatRecon Team
SectorM04 Targeting Singapore – An Analysis
PlugX Termite

2019-03-05 ⋅ Accenture ⋅ Accenture
MUDCARP's Focus on Submarine Technologies
8.t Dropper APT40

2019-01-03 ⋅ m4n0w4r
Another malicious document with CVE-2017–11882
8.t Dropper

2019 ⋅ Council on Foreign Relations ⋅ Cyber Operations Tracker
Hellsing
Hellsing

2018-12-14 ⋅ Australian Cyber Security Centre ⋅ ASD
Investigationreport: Compromise of an Australian companyvia their Managed Service Provider
PlugX RedLeaves

2018-11-03 ⋅ m4n0w4r
Là 1937CN hay OceanLotus hay Lazarus …
8.t Dropper

2018-11-01 ⋅ Fortinet ⋅ FortiGuard SE Team
CTA Adversary Playbook: Goblin Panda
GOBLIN PANDA Hellsing

2018-08-29 ⋅ CrowdStrike ⋅ Adam Meyers
Meet CrowdStrike’s Adversary of the Month for August: GOBLIN PANDA
GOBLIN PANDA Hellsing

2018-08-02 ⋅ Sébastien Larinier
Goblin Panda against the Bears
Sisfader

2018-07-31 ⋅ Medium Sebdraven ⋅ Sébastien Larinier
Malicious document targets Vietnamese officials
8.t Dropper

2018-07-31 ⋅ Medium Sebdraven ⋅ Sébastien Larinier
Malicious document targets Vietnamese officials
8.t Dropper PlugX

2018-06-12 ⋅ NCC Group ⋅ Ben Humphrey
CVE-2017-8570 RTF and the Sisfader RAT
Sisfader

2018-05-09 ⋅ COUNT UPON SECURITY ⋅ Luis Rocha
Malware Analysis - PlugX - Part 2
PlugX

2018-03-13 ⋅ Kaspersky Labs ⋅ Denis Makrushin, Yury Namestnikov
Time of death? A therapeutic postmortem of connected medicine
PlugX

2018-02-04 ⋅ COUNT UPON SECURITY ⋅ Luis Rocha
MALWARE ANALYSIS – PLUGX
PlugX

2017-12-18 ⋅ LAC ⋅ Yoshihiro Ishikawa
Relationship between PlugX and attacker group "DragonOK"
PlugX

2017-09-05 ⋅ Fortinet ⋅ Jasper Manuel, Artem Semenchenko
Rehashed RAT Used in APT Campaign Against Vietnamese Organizations
NewCore RAT

2017-06-27 ⋅ Palo Alto Networks Unit 42 ⋅ Tom Lancaster, Esmid Idrizovic
Paranoid PlugX
PlugX

2017-05-31 ⋅ MITRE ⋅ MITRE ATT&CK
Axiom
Derusbi 9002 RAT BLACKCOFFEE Derusbi Ghost RAT HiKit PlugX ZXShell APT17

2017-04-27 ⋅ US-CERT ⋅ US-CERT
Alert (TA17-117A): Intrusions Affecting Multiple Victims Across Multiple Sectors
PlugX RedLeaves

2017-04-03 ⋅ JPCERT/CC ⋅ Shusei Tomonaga
RedLeaves - Malware Based on Open Source RAT
PlugX RedLeaves Trochilus RAT

2017-04 ⋅ PricewaterhouseCoopers ⋅ PricewaterhouseCoopers
Operation Cloud Hopper: Technical Annex
ChChes PlugX Quasar RAT RedLeaves Trochilus RAT

2017-02-21 ⋅ JPCERT/CC ⋅ Shusei Tomonaga
PlugX + Poison Ivy = PlugIvy? - PlugX Integrating Poison Ivy’s Code
PlugX

2017-02-13 ⋅ RSA ⋅ RSA Research
KINGSLAYER – A SUPPLY CHAIN ATTACK
CodeKey PlugX

2016-08-25 ⋅ Malwarebytes ⋅ Malwarebytes Labs
Unpacking the spyware disguised as antivirus
PlugX

2016-06-13 ⋅ Macnica Networks ⋅ Macnica Networks
Survey of the actual situation of the large-scale cyber spy activity that hit Japan | 1st edition
Emdivi PlugX

2016-01-22 ⋅ RSA Link ⋅ Norton Santos
PlugX APT Malware
PlugX

2015-08 ⋅ Arbor Networks ⋅ ASERT Team
Uncovering the Seven Pointed Dagger
9002 RAT EvilGrab PlugX Trochilus RAT APT9

2015-04-15 ⋅ Kaspersky Labs ⋅ Costin Raiu, Maxim Golovkin
The Chronicles of the Hellsing APT: the Empire Strikes Back
GRILLMARK Hellsing

2015-04-15 ⋅ Kaspersky Labs ⋅ Costin Raiu, Maxim Golovkin
The Chronicles of the Hellsing APT: the Empire Strikes Back
Hellsing

2015-02-06 ⋅ CrowdStrike ⋅ CrowdStrike
CrowdStrike Global Threat Intel Report 2014
BlackPOS CryptoLocker Derusbi Elise Enfal EvilGrab Gameover P2P HttpBrowser Medusa Mirage Naikon NetTraveler pirpi PlugX Poison Ivy Sakula RAT Sinowal sykipot taidoor

2015-01-29 ⋅ JPCERT/CC ⋅ Shusei Tomonaga
Analysis of a Recent PlugX Variant - “P2P PlugX”
PlugX

2014-06-27 ⋅ SophosLabs ⋅ Gabor Szappanos
PlugX - The Next Generation
PlugX

2014-06-10 ⋅ FireEye ⋅ Mike Scott
Clandestine Fox, Part Deux
PlugX

2014-01-06 ⋅ Airbus ⋅ Fabien Perigaud
PlugX: some uncovered points
PlugX

2013-03-29 ⋅ Computer Incident Response Center Luxembourg ⋅ CIRCL
Analysis Report (TLP:WHITE) Analysis of a PlugX variant (PlugX version 7.0)
PlugX

2013-03-26 ⋅ Contextis ⋅ Kevin O’Reilly
PlugX–Payload Extraction
PlugX

2013-02-27 ⋅ Trend Micro ⋅ Abraham Camba
BKDR_RARSTONE: New RAT to Watch Out For
PlugX Naikon

2012-02-10 ⋅ tracker.h3x.eu ⋅ Malware Corpus Tracker
Info for Family: plugx
PlugX

Credits: MISP Project