Leviathan is an espionage actor targeting organizations and high-value targets in defense and government. Active since at least 2014, this actor has long-standing interest in maritime industries, naval defense contractors, and associated research institutions in the United States and Western Europe.
1
http://blog.airbuscybersecurity.com/post/2014/01/plugx-some-uncovered-points.html
|
1
http://blog.jpcert.or.jp/.s/2017/04/redleaves---malware-based-on-open-source-rat.html
|
1
http://blog.jpcert.or.jp/2015/01/analysis-of-a-r-ff05.html
|
1
http://blog.jpcert.or.jp/2017/02/plugx-poison-iv-919a.html
|
1
http://blog.morphisec.com/new-global-attack-on-point-of-sale-systems
|
1
http://cyberforensicator.com/2018/12/23/dissecting-cozy-bears-malicious-lnk-file/
|
1
http://download01.norman.no/documents/ThemanyfacesofGh0stRat.pdf
|
1
http://malware-log.hatenablog.com/entry/2015/05/18/000000_1
|
1
http://resources.infosecinstitute.com/scanbox-framework/
|
1
http://www.hexblog.com/?p=1248
|
1
http://www.kahusecurity.com/posts/reflow_javascript_backdoor.html
|
1
http://www.malware-traffic-analysis.net/2018/01/04/index.html
|
1
http://www.novetta.com/wp-content/uploads/2014/11/Derusbi.pdf
|
1
https://401trg.com/burning-umbrella/
|
https://attack.mitre.org/groups/G0065/
|
1
https://attack.mitre.org/software/S0020/
|
1
https://attack.mitre.org/software/S0069/
|
1
https://attack.mitre.org/software/S0228/
|
1
https://blog.amossys.fr/badflick-is-not-so-bad.html
|
1
https://blog.cobaltstrike.com/
|
1
https://blog.cylance.com/the-ghost-dragon
|
1
https://blog.ensilo.com/uncovering-new-activity-by-apt10
|
1
https://blog.malwarebytes.com/threat-analysis/2016/08/unpacking-the-spyware-disguised-as-antivirus/
|
1
https://blog.talosintelligence.com/2019/08/china-chopper-still-active-9-years-later.html
|
1
https://blog.talosintelligence.com/2019/09/panda-evolution.html
|
1
https://blogs.cisco.com/security/talos/opening-zxshell
|
1
https://blogs.jpcert.or.jp/en/2018/08/volatility-plugin-for-detecting-cobalt-strike-beacon.html
|
1
https://blogs.rsa.com/cat-phishing/
|
1
https://circl.lu/assets/files/tr-12/tr-12-circl-plugx-analysis-v1.pdf
|
1
https://community.rsa.com/thread/185439
|
1
https://community.spiceworks.com/topic/1028936-stealthy-cyberespionage-campaign-attacks-with-social-engineering
|
1
https://content.fireeye.com/apt-41/rpt-apt41
|
1
https://content.fireeye.com/m-trends/rpt-m-trends-2019
|
1
https://countuponsecurity.com/2018/02/04/malware-analysis-plugx/
|
1
https://countuponsecurity.com/2018/05/09/malware-analysis-plugx-part-2/
|
1
https://github.com/JPCERTCC/aa-tools/blob/master/cobaltstrikescan.py
|
1
https://github.com/smb01/zxshell
|
2
https://go.crowdstrike.com/rs/281-obq-266/images/reportglobalthreatintelligence.pdf
|
1
https://informationonsecurity.blogspot.com/2012/11/china-chopper-webshell.html
|
1
https://labs.bitdefender.com/2018/02/operation-pzchao-a-possible-return-of-the-iron-tiger-apt/
|
1
https://meltx0r.github.io/tech/2019/09/19/emissary-panda-apt.html
|
1
https://mp.weixin.qq.com/s/xPsEXp2J5IE7wNSMEVC24A
|
1
https://pylos.co/2018/11/18/cozybear-in-from-the-cold/
|
1
https://researchcenter.paloaltonetworks.com/2017/06/unit42-paranoid-plugx/
|
1
https://securelist.com/time-of-death-connected-medicine/84315/
|
1
https://threatrecon.nshc.net/2019/03/19/sectorm04-targeting-singapore-custom-malware-analysis/
|
1
https://twitter.com/MrDanPerez/status/1097881406661902337
|
1
https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/
|
1
https://www.alienvault.com/blogs/labs-research/scanbox-a-reconnaissance-framework-used-on-watering-hole-attacks
|
1
https://www.arbornetworks.com/blog/asert/wp-content/uploads/2016/01/ASERT-Threat-Intelligence-Brief-2015-08-Uncovering-the-Seven-Point-Dagger.pdf
|
1
https://www.bitdefender.com/files/News/CaseStudies/study/262/Bitdefender-WhitePaper-An-APT-Blueprint-Gaining-New-Visibility-into-Financial-Threats-interactive.pdf
|
https://www.cfr.org/interactive/cyber-operations/leviathan
|
1
https://www.cobaltstrike.com/support
|
1
https://www.contextis.com/de/blog/avivore
|
1
https://www.f-secure.com/documents/996508/1030745/nanhaishu_whitepaper.pdf
|
1
https://www.fireeye.com/blog/threat-research/2013/08/breaking-down-the-china-chopper-web-shell-part-i.html
|
1
https://www.fireeye.com/blog/threat-research/2014/06/clandestine-fox-part-deux.html
|
1
https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html
|
6
https://www.fireeye.com/blog/threat-research/2018/03/suspected-chinese-espionage-group-targeting-maritime-and-engineering-industries.html
|
1
https://www.fireeye.com/blog/threat-research/2018/07/chinese-espionage-group-targets-cambodia-ahead-of-elections.html
|
1
https://www.fireeye.com/blog/threat-research/2018/11/not-so-cozy-an-uncomfortable-examination-of-a-suspected-apt29-phishing-campaign.html
|
1
https://www.fireeye.com/blog/threat-research/2019/03/apt40-examining-a-china-nexus-espionage-actor.html
|
1
https://www.fireeye.com/blog/threat-research/2019/08/game-over-detecting-and-stopping-an-apt41-operation.html
|
1
https://www.intezer.com/blog-chinaz-relations/
|
1
https://www.lac.co.jp/lacwatch/people/20171218_001445.html
|
1
https://www.lac.co.jp/lacwatch/people/20180521_001638.html
|
1
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/april/decoding-network-data-from-a-gh0st-rat-variant/
|
1
https://www.pentestpartners.com/security-blog/cobalt-strike-walkthrough-for-red-teamers/
|
1
https://www.proofpoint.com/sites/default/files/pfpt-us-wp-north-korea-bitten-by-bitcoin-bug.pdf
|
2
https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets
|
1
https://www.proofpoint.com/us/threat-insight/post/north-korea-bitten-bitcoin-bug-financially-motivated-campaigns-reveal-new
|
1
https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf
|
1
https://www.recordedfuture.com/chinese-threat-actor-tempperiscope/
|
1
https://www.rsa.com/content/dam/pdfs/2-2017/kingslayer-a-supply-chain-attack.pdf
|
2
https://www.secureworks.com/research/a-peek-into-bronze-unions-toolbox
|
1
https://www.sophos.com/en-us/medialibrary/pdfs/technical%20papers/plugx-thenextgeneration.pdf
|
1
https://www.symantec.com/connect/blogs/odinaff-new-trojan-used-high-level-financial-attacks
|
1
https://www.threatconnect.com/the-anthem-hack-all-roads-lead-to-china/
|
1
https://www.virusbulletin.com/uploads/pdf/conference_slides/2015/Pun-etal-VB2015.pdf
|
1
https://www.virusbulletin.com/uploads/pdf/conference_slides/2019/VB2019-GuPan.pdf
|
1
https://www.volexity.com/blog/2019/09/02/digital-crackdown-large-scale-surveillance-and-exploitation-of-uyghurs/
|
1
https://www2.fireeye.com/rs/fireye/images/APT17_Report.pdf
|