| SYMBOL | COMMON_NAME | aka. SYNONYMS |
In 2018, the Cybereason Nocturnus team identified an advanced, persistent attack targeting global telecommunications providers carried out by a threat actor using tools and techniques commonly associated with Chinese-affiliated threat actors, such as APT10. This multi-wave attacks focused on obtaining data of specific, high-value targets and resulted in a complete takeover of the network.
| 2024-10-30
⋅
Palo Alto Networks Unit 42
⋅
Jumpy Pisces Engages in Play Ransomware Dtrack MimiKatz PLAY Sliver |
| 2024-08-29
⋅
Securonix
⋅
From Cobalt Strike to Mimikatz: A Deep Dive into the SLOW#TEMPEST Campaign Targeting Chinese Users Cobalt Strike MimiKatz |
| 2024-05-23
⋅
Palo Alto Networks Unit 42
⋅
Operation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Leverages Rare Tool Set to Target Governmental Entities in the Middle East, Africa and Asia Agent Racoon CHINACHOPPER Ghost RAT JuicyPotato MimiKatz Ntospy PlugX SweetSpecter TunnelSpecter CL-STA-0043 |
| 2024-04-19
⋅
⋅
Spiegel Online
⋅
VW-Konzern wurde jahrelang ausspioniert – von China? CHINACHOPPER PlugX |
| 2024-03-18
⋅
Trend Micro
⋅
Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks DinodasRAT PlugX Reshell ShadowPad Earth Krahang |
| 2024-02-08
⋅
Cisco Talos
⋅
New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organization HTran reGeorg Venom Proxy ZarDoor |
| 2023-10-26
⋅
⋅
ANSSI
⋅
Attack Campaigns of APT28 since 2021 CredoMap DriveOcean Empire Downloader Graphite MimiKatz Mocky LNK reGeorg |
| 2023-10-10
⋅
Symantec
⋅
Grayling: Previously Unseen Threat Actor Targets Multiple Organizations in Taiwan Cobalt Strike Havoc MimiKatz Grayling |
| 2023-09-22
⋅
Palo Alto Networks Unit 42
⋅
Persistent Attempts at Cyberespionage Against Southeast Asian Government Target Have Links to Alloy Taurus Reshell GALLIUM |
| 2023-09-22
⋅
Palo Alto Networks Unit 42
⋅
Cyberespionage Attacks Against Southeast Asian Government Linked to Stately Taurus, Aka Mustang Panda Cobalt Strike MimiKatz RemCom ShadowPad TONESHELL |
| 2023-09-12
⋅
⋅
ANSSI
⋅
FIN12: A Cybercriminal Group with Multiple Ransomware BlackCat Cobalt Strike Conti Hive MimiKatz Nokoyawa Ransomware PLAY Royal Ransom Ryuk SystemBC |
| 2023-09-07
⋅
Sekoia
⋅
My Tea’s not cold. An overview of China’s cyber threat Melofee PingPull SoWaT Sword2033 MgBot MQsTTang PlugX TONESHELL Dalbit MirrorFace |
| 2023-09-07
⋅
CISA
⋅
Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 Meterpreter MimiKatz |
| 2023-08-22
⋅
AhnLab
⋅
Analysis of APT Attack Cases Targeting Web Services of Korean Corporations Ladon Meterpreter MimiKatz Dalbit |
| 2023-08-22
⋅
⋅
AhnLab
⋅
Analyzing the new attack activity of the Andariel group Andardoor MimiKatz QuiteRAT Tiger RAT Volgmer |
| 2023-06-16
⋅
Palo Alto Networks: Cortex Threat Research
⋅
Through the Cortex XDR Lens: Uncovering a New Activity Group Targeting Governments in the Middle East and Africa CHINACHOPPER Ladon Yasso CL-STA-0043 |
| 2023-04-26
⋅
Palo Alto Networks Unit 42
⋅
Chinese Alloy Taurus Updates PingPull Malware PingPull Sword2033 |
| 2023-04-12
⋅
Kaspersky Labs
⋅
Following the Lazarus group by tracking DeathNote campaign Bankshot BLINDINGCAN ForestTiger LambLoad LPEClient MimiKatz NedDnLoader Racket Downloader Volgmer |
| 2023-04-03
⋅
Mandiant
⋅
ALPHV Ransomware Affiliate Targets Vulnerable Backup Installations to Gain Initial Access LaZagne BlackCat MimiKatz |
| 2023-03-23
⋅
SentinelOne
⋅
Operation Tainted Love | Chinese APTs Target Telcos in New Attacks mim221 |
| 2023-03-16
⋅
Palo Alto Networks Unit 42
⋅
Bee-Ware of Trigona, An Emerging Ransomware Strain Cryakl MimiKatz Trigona |
| 2023-02-13
⋅
AhnLab
⋅
Dalbit (m00nlight): Chinese Hacker Group’s APT Attack Campaign Godzilla Webshell ASPXSpy BlueShell CHINACHOPPER Cobalt Strike Ladon MimiKatz Dalbit |
| 2023-01-23
⋅
Kroll
⋅
Black Basta – Technical Analysis Black Basta Cobalt Strike MimiKatz QakBot SystemBC |
| 2023-01-05
⋅
Symantec
⋅
Bluebottle: Campaign Hits Banks in French-speaking Countries in Africa CloudEyE Cobalt Strike MimiKatz NetWire RC POORTRY Quasar RAT BlueBottle |
| 2022-12-24
⋅
Medium (@DCSO_CyTec)
⋅
APT41 — The spy who failed to encrypt me CHINACHOPPER |
| 2022-11-30
⋅
⋅
FFRI Security
⋅
Evolution of the PlugX loader PlugX Poison Ivy |
| 2022-11-09
⋅
Trend Micro
⋅
Hack the Real Box: APT41’s New Subgroup Earth Longzhi Cobalt Strike MimiKatz Earth Longzhi |
| 2022-10-18
⋅
Intrinsec
⋅
APT27 – One Year To Exfiltrate Them All: Intrusion In-Depth Analysis HyperBro MimiKatz |
| 2022-10-11
⋅
⋅
AhnLab
⋅
From Exchange Server vulnerability to ransomware infection in just 7 days LockBit MimiKatz |
| 2022-09-29
⋅
Symantec
⋅
Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East CHINACHOPPER Lookback MimiKatz PlugX Unidentified 096 (Keylogger) x4 Witchetty |
| 2022-09-15
⋅
Symantec
⋅
Webworm: Espionage Attackers Testing and Using Older Modified RATs 9002 RAT Ghost RAT Trochilus RAT |
| 2022-09-13
⋅
Symantec
⋅
New Wave of Espionage Activity Targets Asian Governments MimiKatz PlugX Quasar RAT ShadowPad Trochilus RAT |
| 2022-09-08
⋅
Cisco Talos
⋅
Lazarus and the tale of three RATs MagicRAT MimiKatz VSingle YamaBot |
| 2022-09-07
⋅
Blackberry
⋅
The Curious Case of “Monti” Ransomware: A Real-World Doppelganger Conti MimiKatz Veeam Dumper |
| 2022-09-06
⋅
ESET Research
⋅
Worok: The big picture MimiKatz PNGLoad reGeorg ShadowPad Worok |
| 2022-09-01
⋅
Trend Micro
⋅
Ransomware Spotlight Black Basta Black Basta Cobalt Strike MimiKatz QakBot |
| 2022-08-25
⋅
Microsoft
⋅
MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations MimiKatz |
| 2022-08-22
⋅
Fortinet
⋅
A Tale of PivNoxy and Chinoxy Puppeteer Chinoxy Poison Ivy |
| 2022-08-18
⋅
Sophos
⋅
Cookie stealing: the new perimeter bypass Cobalt Strike Meterpreter MimiKatz Phoenix Keylogger Quasar RAT |
| 2022-08-15
⋅
SentinelOne
⋅
Detecting a Rogue Domain Controller – DCShadow Attack MimiKatz TrickBot |
| 2022-07-31
⋅
BushidoToken Blog
⋅
Space Invaders: Cyber Threats That Are Out Of This World Poison Ivy Raindrop SUNBURST TEARDROP WastedLocker |
| 2022-07-27
⋅
ReversingLabs
⋅
Threat analysis: Follina exploit fuels 'live-off-the-land' attacks Cobalt Strike MimiKatz |
| 2022-07-26
⋅
Mandiant
⋅
Mandiant Red Team Emulates FIN11 Tactics To Control Operational Technology Servers Clop Industroyer MimiKatz Triton |
| 2022-07-26
⋅
Microsoft
⋅
Malicious IIS extensions quietly open persistent backdoors into servers CHINACHOPPER MimiKatz |
| 2022-07-18
⋅
Palo Alto Networks Unit 42
⋅
Obscure Serpens Cobalt Strike Empire Downloader Meterpreter MimiKatz DarkHydrus |
| 2022-07-18
⋅
Palo Alto Networks Unit 42
⋅
Shallow Taurus FormerFirstRAT IsSpace NewCT PlugX Poison Ivy Tidepool DragonOK |
| 2022-07-18
⋅
Palo Alto Networks Unit 42
⋅
Crawling Taurus Poison Ivy APT20 |
| 2022-07-18
⋅
Censys
⋅
Russian Ransomware C2 Network Discovered in Censys Data Cobalt Strike DeimosC2 MimiKatz PoshC2 |
| 2022-07-18
⋅
Palo Alto Networks Unit 42
⋅
Iron Taurus CHINACHOPPER Ghost RAT Wonknu ZXShell APT27 |
| 2022-06-30
⋅
Kaspersky
⋅
The SessionManager IIS backdoor: a possibly overlooked GELSEMIUM artefact MimiKatz Owlproxy SessionManager |
| 2022-06-21
⋅
Cisco Talos
⋅
Avos ransomware group expands with new attack arsenal AvosLocker Cobalt Strike DarkComet MimiKatz |
| 2022-06-20
⋅
⋅
Infinitum IT
⋅
Charming Kitten (APT35) LaZagne DownPaper MimiKatz pupy |
| 2022-06-15
⋅
Security Joes
⋅
Backdoor via XFF: Mysterious Threat Actor Under Radar CHINACHOPPER |
| 2022-06-03
⋅
AttackIQ
⋅
Attack Graph Response to US CERT AA22-152A: Karakurt Data Extortion Group Cobalt Strike MimiKatz |
| 2022-06-02
⋅
Mandiant
⋅
To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions FAKEUPDATES Blister Cobalt Strike DoppelPaymer Dridex FriedEx Hades LockBit Macaw MimiKatz Phoenix Locker WastedLocker |
| 2022-06-01
⋅
Elastic
⋅
CUBA Ransomware Campaign Analysis Cobalt Strike Cuba Meterpreter MimiKatz SystemBC |
| 2022-06-01
⋅
CISA
⋅
Joint Cybersecurity Advisory (Product ID AA22-152A): Karakurt Data Extortion Group MimiKatz |
| 2022-06-01
⋅
CISA
⋅
Alert (AA22-152A): Karakurt Data Extortion Group MimiKatz |
| 2022-05-17
⋅
Trend Micro
⋅
Ransomware Spotlight: RansomEXX LaZagne Cobalt Strike IcedID MimiKatz PyXie RansomEXX TrickBot |
| 2022-05-17
⋅
Positive Technologies
⋅
Space Pirates: analyzing the tools and connections of a new hacker group FormerFirstRAT PlugX Poison Ivy Rovnix ShadowPad Zupdax |
| 2022-05-16
⋅
JPCERT/CC
⋅
Analysis of HUI Loader HUI Loader PlugX Poison Ivy Quasar RAT |
| 2022-04-27
⋅
⋅
ANSSI
⋅
LE GROUPE CYBERCRIMINEL FIN7 Bateleur BELLHOP Griffon SQLRat POWERSOURCE Andromeda BABYMETAL BlackCat BlackMatter BOOSTWRITE Carbanak Cobalt Strike DNSMessenger Dridex DRIFTPIN Gameover P2P MimiKatz Murofet Qadars Ranbyus SocksBot |
| 2022-04-27
⋅
Trendmicro
⋅
Operation Gambling Puppet reptile oRAT AsyncRAT Cobalt Strike DCRat Ghost RAT PlugX Quasar RAT Trochilus RAT Earth Berberoka |
| 2022-04-19
⋅
Varonis
⋅
Hive Ransomware Analysis Cobalt Strike Hive MimiKatz |
| 2022-04-08
⋅
Infinitum Labs
⋅
Threat Spotlight: Conti Ransomware Group Behind the Karakurt Hacking Team Cobalt Strike MimiKatz |
| 2022-04-07
⋅
splunk
⋅
You Bet Your Lsass: Hunting LSASS Access Cobalt Strike MimiKatz |
| 2022-04-05
⋅
Symantec
⋅
Cicada: Chinese APT Group Widens Targeting in Recent Espionage Activity MimiKatz SodaMaster |
| 2022-04-05
⋅
Symantec
⋅
Cicada: Chinese APT Group Widens Targeting in Recent Espionage Activity MimiKatz APT10 |
| 2022-03-25
⋅
Dragos
⋅
How Dragos Activity Groups Obtain Initial Access into Industrial Environments MimiKatz |
| 2022-03-09
⋅
BreachQuest
⋅
The Conti Leaks | Insight into a Ransomware Unicorn Cobalt Strike MimiKatz TrickBot |
| 2022-03-01
⋅
VirusTotal
⋅
VirusTotal's 2021 Malware Trends Report Anubis AsyncRAT BlackMatter Cobalt Strike DanaBot Dridex Khonsari MimiKatz Mirai Nanocore RAT Orcus RAT |
| 2022-02-03
⋅
Symantec
⋅
Antlion: Chinese APT Uses Custom Backdoor to Target Financial Institutions in Taiwan MimiKatz xPack Antlion |
| 2022-01-27
⋅
JSAC 2021
⋅
What We Can Do against the Chaotic A41APT Campaign CHINACHOPPER Cobalt Strike HUI Loader SodaMaster |
| 2021-12-14
⋅
Symantec
⋅
Espionage Campaign Targets Telecoms Organizations across Middle East and Asia MimiKatz |
| 2021-12-06
⋅
Notice of Pleadings
⋅
Complaint filed by Microsoft against NICKEL/APT15 MimiKatz |
| 2021-12-06
⋅
Microsoft
⋅
NICKEL targeting government organizations across Latin America and Europe MimiKatz |
| 2021-12-06
⋅
PARAFLARE
⋅
Attack Lifecycle Detection of an Operational Technology Breach MimiKatz |
| 2021-11-18
⋅
Microsoft
⋅
Iranian targeting of IT sector on the rise MimiKatz ShellClient RAT Cuboid Sandstorm |
| 2021-11-05
⋅
Twitter (@inversecos)
⋅
TTPs used by Pysa Ransonmware group Mespinoza MimiKatz |
| 2021-11-03
⋅
Cisco Talos
⋅
Microsoft Exchange vulnerabilities exploited once again for ransomware, this time with Babuk Babuk CHINACHOPPER |
| 2021-11-01
⋅
Accenture
⋅
Diving into double extortion campaigns Cobalt Strike MimiKatz |
| 2021-10-25
⋅
CrowdStrike
⋅
OverWatch Elite In Action: Prompt Call Escalation Proves Vital to Containing Attack MimiKatz |
| 2021-10-15
⋅
Volatility Labs
⋅
Memory Forensics R&D Illustrated: Detecting Mimikatz's Skeleton Key Attack MimiKatz |
| 2021-10-11
⋅
Accenture
⋅
Moving Left of the Ransomware Boom REvil Cobalt Strike MimiKatz RagnarLocker REvil |
| 2021-09-24
⋅
Trend Micro
⋅
Examining the Cring Ransomware Techniques Cobalt Strike Cring MimiKatz |
| 2021-09-21
⋅
eSentire
⋅
Ransomware Hackers Attack a Top Safety Testing Org. Using Tactics and Techniques Borrowed from Chinese Espionage Groups Cobalt Strike MimiKatz UNC215 |
| 2021-09-14
⋅
McAfee
⋅
Operation ‘Harvest’: A Deep Dive into a Long-term Campaign MimiKatz PlugX Winnti |
| 2021-09-09
⋅
Symantec
⋅
Grayfly: Chinese Threat Actor Uses Newly-discovered Sidewalk Malware CROSSWALK MimiKatz SideWalk |
| 2021-09-03
⋅
FireEye
⋅
PST, Want a Shell? ProxyShell Exploiting Microsoft Exchange Servers CHINACHOPPER HTran |
| 2021-08-30
⋅
⋅
Qianxin
⋅
Operation (Thủy Tinh) OceanStorm: The evil lotus hidden under the abyss Cobalt Strike MimiKatz |
| 2021-08-23
⋅
FBI
⋅
Indicators of Compromise Associated with OnePercent Group Ransomware Cobalt Strike MimiKatz |
| 2021-08-15
⋅
Symantec
⋅
The Ransomware Threat Babuk BlackMatter DarkSide Avaddon Babuk BADHATCH BazarBackdoor BlackMatter Clop Cobalt Strike Conti DarkSide DoppelPaymer Egregor Emotet FiveHands FriedEx Hades IcedID LockBit Maze MegaCortex MimiKatz QakBot RagnarLocker REvil Ryuk TrickBot WastedLocker |
| 2021-08-10
⋅
FireEye
⋅
UNC215: Spotlight on a Chinese Espionage Campaign in Israel HyperBro HyperSSL MimiKatz |
| 2021-08-03
⋅
Cybereason
⋅
DeadRinger: Exposing Chinese Threat Actors Targeting Major Telcos CHINACHOPPER Cobalt Strike MimiKatz Nebulae |
| 2021-07-20
⋅
Secureworks
⋅
Ongoing Campaign Leveraging Exchange Vulnerability Potentially Linked to Iran CHINACHOPPER MimiKatz RGDoor |
| 2021-06-29
⋅
Accenture
⋅
HADES ransomware operators continue attacks Cobalt Strike Hades MimiKatz |
| 2021-06-16
⋅
Recorded Future
⋅
Threat Activity Group RedFoxtrot Linked to China’s PLA Unit 69010; Targets Bordering Asian Countries Icefog PcShare PlugX Poison Ivy QuickHeal DAGGER PANDA |
| 2021-06-10
⋅
ESET Research
⋅
BackdoorDiplomacy: Upgrading from Quarian to Turian CHINACHOPPER DoublePulsar EternalRocks turian BackdoorDiplomacy |
| 2021-05-18
⋅
Sophos
⋅
The Active Adversary Playbook 2021 Cobalt Strike MimiKatz |
| 2021-05-13
⋅
AWAKE
⋅
Catching the White Stork in Flight Cobalt Strike MimiKatz RMS |
| 2021-05-07
⋅
Cisco Talos
⋅
Lemon Duck spreads its wings: Actors target Microsoft Exchange servers, incorporate new TTPs CHINACHOPPER Cobalt Strike Lemon Duck |
| 2021-05-07
⋅
SophosLabs Uncut
⋅
New Lemon Duck variants exploiting Microsoft Exchange Server CHINACHOPPER Cobalt Strike Lemon Duck |
| 2021-05-06
⋅
Trend Micro
⋅
Proxylogon: A Coinminer, a Ransomware, and a Botnet Join the Party BlackKingdom Ransomware CHINACHOPPER Lemon Duck Prometei |
| 2021-05-05
⋅
Symantec
⋅
Multi-Factor Authentication: Headache for Cyber Actors Inspires New Attack Techniques CHINACHOPPER |
| 2021-04-27
⋅
Trend Micro
⋅
Legitimate Tools Weaponized for Ransomware in 2021 Cobalt Strike MimiKatz |
| 2021-04-27
⋅
Trend Micro
⋅
Hello Ransomware Uses Updated China Chopper Web Shell, SharePoint Vulnerability CHINACHOPPER Cobalt Strike |
| 2021-04-16
⋅
Trend Micro
⋅
Could the Microsoft Exchange breach be stopped? CHINACHOPPER |
| 2021-04-15
⋅
Palo Alto Networks Unit 42
⋅
Actor Exploits Microsoft Exchange Server Vulnerabilities, Cortex XDR Blocks Harvesting of Credentials CHINACHOPPER |
| 2021-03-31
⋅
Red Canary
⋅
2021 Threat Detection Report Shlayer Andromeda Cobalt Strike Dridex Emotet IcedID MimiKatz QakBot TrickBot |
| 2021-03-26
⋅
Imperva
⋅
Imperva Observes Hive of Activity Following Hafnium Microsoft Exchange Disclosures CHINACHOPPER |
| 2021-03-25
⋅
Microsoft
⋅
Web Shell Threat Hunting with Azure Sentinel CHINACHOPPER |
| 2021-03-25
⋅
Microsoft
⋅
Analyzing attacks taking advantage of the Exchange Server vulnerabilities CHINACHOPPER |
| 2021-03-21
⋅
Twitter (@CyberRaiju)
⋅
Twitter Thread with analysis of .NET China Chopper CHINACHOPPER |
| 2021-03-21
⋅
Blackberry
⋅
2021 Threat Report Bashlite FritzFrog IPStorm Mirai Tsunami elf.wellmess AppleJeus Dacls EvilQuest Manuscrypt Astaroth BazarBackdoor Cerber Cobalt Strike Emotet FinFisher RAT Kwampirs MimiKatz NjRAT Ryuk SmokeLoader TrickBot |
| 2021-03-19
⋅
Bundesamt für Sicherheit in der Informationstechnik
⋅
Microsoft Exchange Schwachstellen Detektion und Reaktion (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065) CHINACHOPPER MimiKatz |
| 2021-03-17
⋅
Recorded Future
⋅
China-linked TA428 Continues to Target Russia and Mongolia IT Companies PlugX Poison Ivy TA428 |
| 2021-03-15
⋅
Trustwave
⋅
HAFNIUM, China Chopper and ASP.NET Runtime CHINACHOPPER |
| 2021-03-11
⋅
Cyborg Security
⋅
You Don't Know the HAFNIUM of it... CHINACHOPPER Cobalt Strike PowerCat |
| 2021-03-11
⋅
Palo Alto Networks Unit 42
⋅
Microsoft Exchange Server Attack Timeline CHINACHOPPER |
| 2021-03-11
⋅
DEVO
⋅
Detection and Investigation Using Devo: HAFNIUM 0-day Exploits on Microsoft Exchange Service CHINACHOPPER MimiKatz |
| 2021-03-10
⋅
Lemon's InfoSec Ramblings
⋅
Microsoft Exchange & the HAFNIUM Threat Actor CHINACHOPPER |
| 2021-03-10
⋅
PICUS Security
⋅
Tactics, Techniques, and Procedures (TTPs) Used by HAFNIUM to Target Microsoft Exchange Servers CHINACHOPPER |
| 2021-03-10
⋅
ESET Research
⋅
Exchange servers under siege from at least 10 APT groups Microcin MimiKatz PlugX Winnti APT27 APT41 Calypso Tick ToddyCat Tonto Team Vicious Panda |
| 2021-03-10
⋅
DomainTools
⋅
Examining Exchange Exploitation and its Lessons for Defenders CHINACHOPPER |
| 2021-03-09
⋅
Palo Alto Networks Unit 42
⋅
Remediation Steps for the Microsoft Exchange Server Vulnerabilities CHINACHOPPER |
| 2021-03-09
⋅
Red Canary
⋅
Microsoft Exchange server exploitation: how to detect, mitigate, and stay calm CHINACHOPPER |
| 2021-03-09
⋅
PRAETORIAN
⋅
Reproducing the Microsoft Exchange Proxylogon Exploit Chain CHINACHOPPER |
| 2021-03-09
⋅
YouTube (John Hammond)
⋅
HAFNIUM - Post-Exploitation Analysis from Microsoft Exchange CHINACHOPPER |
| 2021-03-08
⋅
Symantec
⋅
How Symantec Stops Microsoft Exchange Server Attacks CHINACHOPPER MimiKatz |
| 2021-03-08
⋅
Palo Alto Networks Unit 42
⋅
Analyzing Attacks Against Microsoft Exchange Server With China Chopper Webshells CHINACHOPPER |
| 2021-03-07
⋅
TRUESEC
⋅
Tracking Microsoft Exchange Zero-Day ProxyLogon and HAFNIUM CHINACHOPPER |
| 2021-03-05
⋅
Wired
⋅
Chinese Hacking Spree Hit an ‘Astronomical’ Number of Victims CHINACHOPPER |
| 2021-03-05
⋅
Huntress Labs
⋅
Operation Exchange Marauder CHINACHOPPER |
| 2021-03-04
⋅
Huntress Labs
⋅
Operation Exchange Marauder CHINACHOPPER |
| 2021-03-04
⋅
FireEye
⋅
Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities CHINACHOPPER HAFNIUM |
| 2021-03-04
⋅
CrowdStrike
⋅
Falcon Complete Stops Microsoft Exchange Server Zero-Day Exploits CHINACHOPPER HAFNIUM |
| 2021-03-03
⋅
Huntress Labs
⋅
Rapid Response: Mass Exploitation of On-Prem Exchange Servers CHINACHOPPER HAFNIUM |
| 2021-03-03
⋅
Huntress Labs
⋅
Mass exploitation of on-prem Exchange servers :( CHINACHOPPER HAFNIUM |
| 2021-03-03
⋅
MITRE
⋅
HAFNIUM CHINACHOPPER HAFNIUM |
| 2021-03-02
⋅
Twitter (@ESETresearch)
⋅
Tweet on Exchange RCE CHINACHOPPER HAFNIUM |
| 2021-03-02
⋅
Volexity
⋅
Operation Exchange Marauder: Active Exploitation of Multiple Zero-Day Microsoft Exchange Vulnerabilities CHINACHOPPER HAFNIUM |
| 2021-03-02
⋅
Rapid7 Labs
⋅
Rapid7’s InsightIDR Enables Detection And Response to Microsoft Exchange Zero-Day CHINACHOPPER HAFNIUM |
| 2021-03-02
⋅
Microsoft
⋅
HAFNIUM targeting Exchange Servers with 0-day exploits CHINACHOPPER HAFNIUM |
| 2021-02-26
⋅
CrowdStrike
⋅
Hypervisor Jackpotting: CARBON SPIDER and SPRITE SPIDER Target ESXi Servers With Ransomware to Maximize Impact DarkSide RansomEXX Griffon Carbanak Cobalt Strike DarkSide IcedID MimiKatz PyXie RansomEXX REvil |
| 2021-02-01
⋅
ESET Research
⋅
Operation NightScout: Supply‑chain attack targets online gaming in Asia Ghost RAT NoxPlayer Poison Ivy Red Dev 17 |
| 2021-01-29
⋅
Trend Micro
⋅
Chopper ASPX web shell used in targeted attack CHINACHOPPER MimiKatz |
| 2021-01-26
⋅
Twitter (@swisscom_csirt)
⋅
Tweet on Cring Ransomware groups using customized Mimikatz sample followed by CobaltStrike and dropping Cring rasomware Cobalt Strike Cring MimiKatz |
| 2021-01-18
⋅
⋅
Bundesamt für Verfassungsschutz
⋅
BfV Cyber-Brief Nr. 01/2021 : Vorgehensweise von APT31 MimiKatz |
| 2021-01-15
⋅
Swisscom
⋅
Cracking a Soft Cell is Harder Than You Think Ghost RAT MimiKatz PlugX Poison Ivy Trochilus RAT |
| 2021-01-08
⋅
Youtube (Virus Bulletin)
⋅
Operation LagTime IT: colourful Panda footprint Cotx RAT nccTrojan Poison Ivy Tmanger TA428 |
| 2021-01-01
⋅
DomainTools
⋅
Conceptualizing a Continuum of Cyber Threat Attribution CHINACHOPPER SUNBURST |
| 2021-01-01
⋅
Secureworks
⋅
Threat Profile: GOLD FRANKLIN Grateful POS Meterpreter MimiKatz RemCom FIN6 |
| 2021-01-01
⋅
Secureworks
⋅
Threat Profile: GOLD BURLAP Empire Downloader Mespinoza MimiKatz GOLD BURLAP |
| 2021-01-01
⋅
Threat Profile: GOLD DRAKE Cobalt Strike Dridex FriedEx Koadic MimiKatz WastedLocker Evil Corp |
| 2020-12-21
⋅
⋅
SlideShare (yurikamuraki5)
⋅
Active Directory 侵害と推奨対策 MimiKatz |
| 2020-12-15
⋅
HvS-Consulting AG
⋅
Greetings from Lazarus: Anatomy of a cyber espionage campaign BLINDINGCAN MimiKatz Lazarus Group |
| 2020-12-15
⋅
HvS-Consulting AG
⋅
Greetings from Lazarus Anatomy of a cyber espionage campaign BLINDINGCAN HTTP(S) uploader MimiKatz |
| 2020-12-09
⋅
Avast Decoded
⋅
APT Group Targeting Governmental Agencies in East Asia LaZagne Albaniiutas HyperBro MimiKatz PolPo Tmanger TaskMasters |
| 2020-12-04
⋅
Theta
⋅
Snakes & Ladders: the offensive use of Python on Windows MimiKatz |
| 2020-11-30
⋅
FireEye
⋅
It's not FINished The Evolving Maturity in Ransomware Operations Cobalt Strike DoppelPaymer MimiKatz QakBot REvil |
| 2020-11-30
⋅
Yoroi
⋅
Shadows From The Past Threaten Italian Enterprises Rekoobe LaZagne Responder MimiKatz win.rekoobe |
| 2020-11-27
⋅
PTSecurity
⋅
Investigation with a twist: an accidental APT attack and averted data destruction TwoFace CHINACHOPPER HyperBro MegaCortex MimiKatz |
| 2020-10-30
⋅
YouTube (Kaspersky Tech)
⋅
Around the world in 80 days 4.2bn packets Cobalt Strike Derusbi HyperBro Poison Ivy ShadowPad Winnti |
| 2020-10-23
⋅
F-Secure Labs
⋅
Catching Lazarus: Threat Intelligence to Real Detection Logic - Part Two MimiKatz |
| 2020-10-20
⋅
F-Secure
⋅
Incident Readiness: Preparing a proactive response to attacks MimiKatz |
| 2020-10-01
⋅
US-CERT
⋅
Alert (AA20-275A): Potential for China Cyber Response to Heightened U.S.-China Tensions CHINACHOPPER Cobalt Strike Empire Downloader MimiKatz Poison Ivy |
| 2020-09-30
⋅
NTT Security
⋅
Operation LagTime IT: colourful Panda footprint (Slides) Cotx RAT nccTrojan Poison Ivy Tmanger |
| 2020-09-30
⋅
NTT Security
⋅
Operation LagTime IT: colourful Panda footprint Cotx RAT nccTrojan Poison Ivy Tmanger |
| 2020-09-17
⋅
FBI
⋅
FBI PIN Number 20200917-001: IRGC-Associated Cyber Operations Against US Company Networks MimiKatz Nanocore RAT |
| 2020-09-16
⋅
RiskIQ
⋅
RiskIQ: Adventures in Cookie Land - Part 2 8.t Dropper Chinoxy Poison Ivy |
| 2020-09-15
⋅
US-CERT
⋅
Alert (AA20-259A): Iran-Based Threat Actor Exploits VPN Vulnerabilities CHINACHOPPER Fox Kitten |
| 2020-09-15
⋅
US-CERT
⋅
Malware Analysis Report (AR20-259A): Iranian Web Shells CHINACHOPPER |
| 2020-08-31
⋅
The DFIR Report
⋅
NetWalker Ransomware in 1 Hour Cobalt Strike Mailto MimiKatz |
| 2020-08-28
⋅
NTT
⋅
Operation Lagtime IT: Colourful Panda Footprint Cotx RAT Poison Ivy TA428 |
| 2020-08-19
⋅
NTT Security
⋅
Operation LagTime IT: Colorful Panda Footprint 8.t Dropper Cotx RAT Poison Ivy TA428 |
| 2020-08-10
⋅
ZDNet
⋅
FBI says an Iranian hacking group is attacking F5 networking devices MimiKatz |
| 2020-08-06
⋅
Wired
⋅
Chinese Hackers Have Pillaged Taiwan's Semiconductor Industry Cobalt Strike MimiKatz Winnti Red Charon |
| 2020-08-04
⋅
BlackHat
⋅
Operation Chimera - APT Operation Targets Semiconductor Vendors Cobalt Strike MimiKatz Winnti Red Charon |
| 2020-07-21
⋅
Department of Justice
⋅
Two Chinese Hackers Working with the Ministry of State Security Charged with Global Computer Intrusion Campaign Targeting Intellectual Property and Confidential Business Information, Including COVID-19 Research CHINACHOPPER BRONZE SPRING |
| 2020-06-24
⋅
BRONZE VINEWOOD Targets Supply Chains MimiKatz Trochilus RAT APT31 |
| 2020-06-18
⋅
⋅
Bundesamt für Verfassungsschutz
⋅
BfV Cyber-BriefNr. 01/2020 - Hinweis auf aktuelle Angriffskampagne Ketrican MimiKatz |
| 2020-06-03
⋅
Trend Micro
⋅
How to perform long term monitoring of careless threat actors BBSRAT HyperBro Trochilus RAT |
| 2020-05-28
⋅
Kaspersky Labs
⋅
Steganography in targeted attacks on industrial enterprises MimiKatz |
| 2020-05-27
⋅
FBI
⋅
Alert Number MI-000148-MW: APT Actors Exploiting Fortinet Vulnerabilities to Gain Access for Malicious Activity MimiKatz |
| 2020-05-21
⋅
ESET Research
⋅
No “Game over” for the Winnti Group ACEHASH HTran MimiKatz PipeMon |
| 2020-05-21
⋅
Bitdefender
⋅
Iranian Chafer APT Targeted Air Transportation and Government in Kuwait and Saudi Arabia MimiKatz Remexi |
| 2020-05-14
⋅
Lab52
⋅
The energy reserves in the Eastern Mediterranean Sea and a malicious campaign of APT10 against Turkey Cobalt Strike HTran MimiKatz PlugX Quasar RAT |
| 2020-05-14
⋅
Avast Decoded
⋅
APT Group Planted Backdoors Targeting High Profile Networks in Central Asia BYEBY Ghost RAT Microcin MimiKatz Vicious Panda |
| 2020-05-07
⋅
REDTEAM.PL
⋅
Sodinokibi / REvil ransomware Maze MimiKatz REvil |
| 2020-04-16
⋅
Medium CyCraft
⋅
Taiwan High-Tech Ecosystem Targeted by Foreign APT Group: Digital Skeleton Key Bypasses Security Measures Cobalt Strike MimiKatz Red Charon |
| 2020-03-12
⋅
Check Point
⋅
Vicious Panda: The COVID Campaign 8.t Dropper BYEBY Enfal Korlia Poison Ivy |
| 2020-03-05
⋅
Microsoft
⋅
Human-operated ransomware attacks: A preventable disaster Dharma DoppelPaymer Dridex EternalPetya Gandcrab Hermes LockerGoga MegaCortex MimiKatz REvil RobinHood Ryuk SamSam TrickBot WannaCryptor PARINACOTA |
| 2020-03-02
⋅
Virus Bulletin
⋅
Pulling the PKPLUG: the adversary playbook for the long-standing espionage activity of a Chinese nation-state adversary HenBox Farseer PlugX Poison Ivy |
| 2020-02-21
⋅
ADEO DFIR
⋅
APT10 Threat Analysis Report CHINACHOPPER HTran MimiKatz PlugX Quasar RAT |
| 2020-02-19
⋅
Lexfo
⋅
The Lazarus Constellation A study on North Korean malware FastCash AppleJeus BADCALL Bankshot Brambul Dtrack Duuzer DYEPACK ELECTRICFISH HARDRAIN Hermes HOPLIGHT Joanap KEYMARBLE Kimsuky MimiKatz MyDoom NACHOCHEESE NavRAT PowerRatankba RokRAT Sierra(Alfa,Bravo, ...) Volgmer WannaCryptor |
| 2020-02-18
⋅
Cisco Talos
⋅
Building a bypass with MSBuild Cobalt Strike GRUNT MimiKatz |
| 2020-02-18
⋅
Trend Micro
⋅
Uncovering DRBControl: Inside the Cyberespionage Campaign Targeting Gambling Operations Cobalt Strike HyperBro PlugX Trochilus RAT |
| 2020-02-02
⋅
uf0 Blog
⋅
Uncovering Mimikatz ‘msv’ and collecting credentials through PyKD MimiKatz |
| 2020-01-29
⋅
nao_sec blog
⋅
An Overhead View of the Royal Road BLACKCOFFEE Cotx RAT Datper DDKONG Derusbi Icefog Korlia NewCore RAT PLAINTEE Poison Ivy Sisfader |
| 2020-01-09
⋅
Lab52
⋅
TA428 Group abusing recent conflict between Iran and USA Poison Ivy |
| 2020-01-01
⋅
Secureworks
⋅
GOLD DRAKE Dridex Empire Downloader FriedEx Koadic MimiKatz |
| 2020-01-01
⋅
Secureworks
⋅
GOLD KINGSWOOD More_eggs ATMSpitter Cobalt Strike CobInt MimiKatz |
| 2020-01-01
⋅
Secureworks
⋅
BRONZE PRESIDENT CHINACHOPPER Cobalt Strike PlugX MUSTANG PANDA |
| 2020-01-01
⋅
FireEye
⋅
Mandiant IR Grab Bag of Attacker Activity TwoFace CHINACHOPPER HyperBro HyperSSL |
| 2020-01-01
⋅
Secureworks
⋅
BRONZE ATLAS Speculoos Winnti ACEHASH CCleaner Backdoor CHINACHOPPER Empire Downloader HTran MimiKatz PlugX Winnti APT41 |
| 2020-01-01
⋅
Secureworks
⋅
BRONZE UNION 9002 RAT CHINACHOPPER Enfal Ghost RAT HttpBrowser HyperBro owaauth PlugX Poison Ivy ZXShell APT27 |
| 2020-01-01
⋅
Secureworks
⋅
BRONZE KEYSTONE 9002 RAT BLACKCOFFEE DeputyDog Derusbi HiKit PlugX Poison Ivy ZXShell APT17 |
| 2020-01-01
⋅
Secureworks
⋅
BRONZE VINEWOOD MimiKatz Trochilus RAT APT31 |
| 2020-01-01
⋅
Secureworks
⋅
BRONZE RIVERSIDE Anel ChChes Cobalt Strike PlugX Poison Ivy Quasar RAT RedLeaves APT10 |
| 2020-01-01
⋅
Secureworks
⋅
BRONZE FIRESTONE 9002 RAT Derusbi Empire Downloader PlugX Poison Ivy APT19 |
| 2020-01-01
⋅
Secureworks
⋅
GOLD KINGSWOOD More_eggs ATMSpitter Cobalt Strike CobInt MimiKatz Cobalt |
| 2020-01-01
⋅
Secureworks
⋅
ALUMINUM SARATOGA BlackShades DarkComet Xtreme RAT Poison Ivy Quasar RAT Molerats |
| 2020-01-01
⋅
Secureworks
⋅
BRONZE MAYFAIR HTran pirpi APT3 |
| 2020-01-01
⋅
Secureworks
⋅
COBALT HICKMAN MimiKatz Remexi APT39 |
| 2020-01-01
⋅
Secureworks
⋅
TIN WOODLAWN Cobalt Strike KerrDown MimiKatz PHOREAL RatSnif Remy SOUNDBITE APT32 |
| 2020-01-01
⋅
Secureworks
⋅
BRONZE MOHAWK AIRBREAK scanbox BLACKCOFFEE CHINACHOPPER Cobalt Strike Derusbi homefry murkytop SeDll APT40 |
| 2020-01-01
⋅
Secureworks
⋅
BRONZE EXPRESS 9002 RAT CHINACHOPPER IsSpace NewCT PlugX smac APT26 |
| 2019-12-12
⋅
Microsoft
⋅
GALLIUM: Targeting global telecom CHINACHOPPER Ghost RAT HTran MimiKatz Poison Ivy GALLIUM |
| 2019-11-19
⋅
FireEye
⋅
Achievement Unlocked: Chinese Cyber Espionage Evolves to Support Higher Level Missions MESSAGETAP TSCookie ACEHASH CHINACHOPPER Cobalt Strike Derusbi Empire Downloader Ghost RAT HIGHNOON HTran MimiKatz NetWire RC poisonplug Poison Ivy pupy Quasar RAT ZXShell |
| 2019-09-23
⋅
MITRE
⋅
APT41 Derusbi MESSAGETAP Winnti ASPXSpy BLACKCOFFEE CHINACHOPPER Cobalt Strike Derusbi Empire Downloader Ghost RAT MimiKatz NjRAT PlugX ShadowPad Winnti ZXShell APT41 |
| 2019-08-27
⋅
Cisco Talos
⋅
China Chopper still active 9 years later CHINACHOPPER |
| 2019-08-19
⋅
FireEye
⋅
GAME OVER: Detecting and Stopping an APT41 Operation ACEHASH CHINACHOPPER HIGHNOON |
| 2019-07-23
⋅
Proofpoint
⋅
Chinese APT “Operation LagTime IT” Targets Government Information Technology Agencies in Eastern Asia 8.t Dropper Cotx RAT Poison Ivy TA428 |
| 2019-06-25
⋅
Cybereason
⋅
OPERATION SOFT CELL: A WORLDWIDE CAMPAIGN AGAINST TELECOMMUNICATIONS PROVIDERS CHINACHOPPER HTran MimiKatz Poison Ivy Operation Soft Cell |
| 2019-05-28
⋅
Palo Alto Networks Unit 42
⋅
Emissary Panda Attacks Middle East Government Sharepoint Servers CHINACHOPPER HyperSSL |
| 2019-05-10
⋅
XPN Blog
⋅
Exploring Mimikatz - Part 1 - WDigest MimiKatz |
| 2019-04-04
⋅
CrowdStrike
⋅
Mimikatz in the Wild: Bypassing Signature-Based Detections Using the “AK47 of Cyber” MimiKatz |
| 2019-03-27
⋅
Symantec
⋅
Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S. DarkComet MimiKatz Nanocore RAT NetWire RC pupy Quasar RAT Remcos StoneDrill TURNEDUP APT33 |
| 2019-02-06
⋅
Recorded Future
⋅
APT10 Targeted Norwegian MSP and US Companies in Sustained Campaign Trochilus RAT APT31 HURRICANE PANDA |
| 2019-01-04
⋅
Github (gentilkiwi)
⋅
mimikatz Repository MimiKatz |
| 2019-01-01
⋅
Virus Bulletin
⋅
A vine climbing over the Great Firewall: A long-term attack against China Poison Ivy ZXShell |
| 2019-01-01
⋅
MITRE
⋅
Tool description: China Chopper CHINACHOPPER |
| 2018-09-21
⋅
Qihoo 360 Technology
⋅
Poison Ivy Group and the Cyberespionage Campaign Against Chinese Military and Goverment Poison Ivy |
| 2018-07-25
⋅
Symantec
⋅
Leafminer: New Espionage Campaigns Targeting Middle Eastern Regions Imecab MimiKatz Sorgu RASPITE |
| 2018-05-15
⋅
BSides Detroit
⋅
IR in Heterogeneous Environment Korlia Poison Ivy |
| 2018-03-16
⋅
FireEye
⋅
Suspected Chinese Cyber Espionage Group (TEMP.Periscope) Targeting U.S. Engineering and Maritime Industries badflick BLACKCOFFEE CHINACHOPPER homefry murkytop SeDll APT40 |
| 2018-02-28
⋅
Symantec
⋅
Chafer: Latest Attacks Reveal Heightened Ambitions MimiKatz Remexi |
| 2018-02-15
⋅
Secureworks
⋅
SamSam Ransomware Campaigns MimiKatz reGeorg SamSam BOSS SPIDER |
| 2017-12-20
⋅
CrowdStrike
⋅
An End to “Smash-and-Grab” and a Move to More Targeted Approaches CHINACHOPPER |
| 2017-12-04
⋅
RSA
⋅
The Shadows of Ghosts Inside the response of a unique Carbanak intrusion GOTROJ MimiKatz |
| 2017-11-09
⋅
Wired
⋅
He Perfected a Password-Hacking Tool—Then the Russians Came Calling MimiKatz |
| 2017-11-03
⋅
Github (5loyd)
⋅
Trochilus Trochilus RAT |
| 2017-09-15
⋅
Fortinet
⋅
Deep Analysis of New Poison Ivy/PlugX Variant - Part II Poison Ivy |
| 2017-08-31
⋅
NCC Group
⋅
Analysing a recent Poison Ivy sample Poison Ivy |
| 2017-08-23
⋅
Fortinet
⋅
Deep Analysis of New Poison Ivy Variant Poison Ivy |
| 2017-05-31
⋅
MITRE
⋅
Sandworm Team CyclopsBlink Exaramel BlackEnergy EternalPetya Exaramel GreyEnergy KillDisk MimiKatz Olympic Destroyer Sandworm |
| 2017-05-31
⋅
MITRE
⋅
PittyTiger Enfal Ghost RAT MimiKatz Poison Ivy APT24 |
| 2017-04-03
⋅
JPCERT/CC
⋅
RedLeaves - Malware Based on Open Source RAT PlugX RedLeaves Trochilus RAT |
| 2017-04-01
⋅
PricewaterhouseCoopers
⋅
Operation Cloud Hopper: Technical Annex ChChes PlugX Quasar RAT RedLeaves Trochilus RAT |
| 2017-02-27
⋅
Symantec
⋅
Shamoon: Multi-staged destructive attacks limited to specific targets DistTrack MimiKatz Rocket Kitten |
| 2016-11-22
⋅
Palo Alto Networks Unit 42
⋅
Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy Poison Ivy |
| 2016-10-11
⋅
Symantec
⋅
Odinaff: New Trojan used in high level financial attacks Cobalt Strike KLRD MimiKatz Odinaff |
| 2016-04-26
⋅
Github (CyberMonitor)
⋅
New Poison Ivy Activity Targeting Myanmar, Asian Countries Poison Ivy |
| 2016-04-22
⋅
Palo Alto Networks Unit 42
⋅
New Poison Ivy RAT Variant Targets Hong Kong Pro-Democracy Activists Poison Ivy |
| 2016-03-30
⋅
Secureworks
⋅
Ransomware Deployed by Adversary with Established Foothold MimiKatz reGeorg SamSam BOSS SPIDER |
| 2015-08-01
⋅
Arbor Networks
⋅
Uncovering the Seven Pointed Dagger 9002 RAT EvilGrab PlugX Trochilus RAT APT9 |
| 2015-02-06
⋅
CrowdStrike
⋅
CrowdStrike Global Threat Intel Report 2014 BlackPOS CryptoLocker Derusbi Elise Enfal EvilGrab Gameover P2P HttpBrowser Medusa Mirage Naikon NetTraveler pirpi PlugX Poison Ivy Sakula RAT Sinowal sykipot taidoor |
| 2014-09-19
⋅
Palo Alto Networks Unit 42
⋅
Recent Watering Hole Attacks Attributed to APT Group “th3bug” Using Poison Ivy Poison Ivy |
| 2014-01-01
⋅
FireEye
⋅
Operation Quantum Entanglement IsSpace NewCT Poison Ivy SysGet |
| 2013-10-31
⋅
FireEye
⋅
Know Your Enemy: Tracking A Rapidly Evolving APT Actor Bozok Poison Ivy TEMPER PANDA |
| 2013-08-23
⋅
FireEye
⋅
Operation Molerats: Middle East Cyber Attacks Using Poison Ivy Poison Ivy Molerats |
| 2013-08-07
⋅
FireEye
⋅
Breaking Down the China Chopper Web Shell - Part I CHINACHOPPER |
| 2013-03-04
⋅
Trend Micro
⋅
In-Depth Look: APT Attack Tools of the Trade HTran |
| 2011-08-03
⋅
Secureworks
⋅
HTran and the Advanced Persistent Threat HTran |
| 2011-04-28
⋅
Un observateur d’événements aveugle… MimiKatz |
| 2011-01-01
⋅
Symantec
⋅
The Nitro Attacks: Stealing Secrets from the Chemical Industry Poison Ivy Nitro |
| 2010-01-01
⋅
Mandiant
⋅
State of Malware: Family Ties Bredolab Conficker Cutwail KoobFace Oderoor Poison Ivy Rustock Sinowal Szribi Zeus |