aka: APT23, APT 23, KeyBoy, TropicTrooper, Tropic Trooper, BRONZE HOBART
TrendMicro described Tropic Trooper in a 2015 report as: 'Taiwan and the Philippines have become the targets of an ongoing campaign called Operation TropicTrooper. Active since 2012, the attackers behind the campaign haveset their sights on the Taiwanese government as well as a number of companies in the heavy industry. The same campaign has also targeted key Philippine military agencies.'
2021-12-14 ⋅ Trend Micro ⋅ Nick Dai, Ted Lee, Vickie Su
@online{dai:20211214:collecting:3d6dd34,
author = {Nick Dai and Ted Lee and Vickie Su},
title = {{Collecting In the Dark: Tropic Trooper Targets Transportation and Government}},
date = {2021-12-14},
organization = {Trend Micro},
url = {https://www.trendmicro.com/en_us/research/21/l/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government-organizations.html},
language = {English},
urldate = {2021-12-31}
}
Collecting In the Dark: Tropic Trooper Targets Transportation and Government
ChiserClient Ghost RAT Lilith Quasar RAT |
2021-12-01 ⋅ ESET Research ⋅ Alexis Dorais-Joncas, Facundo Muñoz
@techreport{doraisjoncas:20211201:jumping:00bc8f5,
author = {Alexis Dorais-Joncas and Facundo Muñoz},
title = {{Jumping the air gap: 15 years of nation‑state effort}},
date = {2021-12-01},
institution = {ESET Research},
url = {https://www.welivesecurity.com/wp-content/uploads/2021/12/eset_jumping_the_air_gap_wp.pdf},
language = {English},
urldate = {2021-12-17}
}
Jumping the air gap: 15 years of nation‑state effort
Agent.BTZ Fanny Flame Gauss PlugX Ramsay Retro Stuxnet USBCulprit USBferry |
2021-10-26 ⋅ Kaspersky ⋅ Kaspersky Lab ICS CERT
@techreport{cert:20211026:attacks:6f30d0f,
author = {Kaspersky Lab ICS CERT},
title = {{APT attacks on industrial organizations in H1 2021}},
date = {2021-10-26},
institution = {Kaspersky},
url = {https://ics-cert.kaspersky.com/media/Kaspersky-ICS-CERT-APT-attacks-on-industrial-organizations-in-H1-2021-En.pdf},
language = {English},
urldate = {2021-11-08}
}
APT attacks on industrial organizations in H1 2021
8.t Dropper AllaKore AsyncRAT GoldMax LimeRAT NjRAT NoxPlayer Raindrop ReverseRAT ShadowPad Zebrocy |
2021-03-17 ⋅ Recorded Future ⋅ Insikt Group®
@online{group:20210317:chinalinked:65b251b,
author = {Insikt Group®},
title = {{China-linked TA428 Continues to Target Russia and Mongolia IT Companies}},
date = {2021-03-17},
organization = {Recorded Future},
url = {https://www.recordedfuture.com/china-linked-ta428-threat-group},
language = {English},
urldate = {2021-03-19}
}
China-linked TA428 Continues to Target Russia and Mongolia IT Companies
PlugX Poison Ivy |
2021-02-28 ⋅ PWC UK ⋅ PWC UK
@techreport{uk:20210228:cyber:bd780cd,
author = {PWC UK},
title = {{Cyber Threats 2020: A Year in Retrospect}},
date = {2021-02-28},
institution = {PWC UK},
url = {https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf},
language = {English},
urldate = {2021-03-04}
}
Cyber Threats 2020: A Year in Retrospect
elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare |
2021-02-01 ⋅ ESET Research ⋅ Ignacio Sanmillan, Matthieu Faou
@online{sanmillan:20210201:operation:9e52a78,
author = {Ignacio Sanmillan and Matthieu Faou},
title = {{Operation NightScout: Supply‑chain attack targets online gaming in Asia}},
date = {2021-02-01},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2021/02/01/operation-nightscout-supply-chain-attack-online-gaming-asia/},
language = {English},
urldate = {2021-02-17}
}
Operation NightScout: Supply‑chain attack targets online gaming in Asia
Ghost RAT NoxPlayer Poison Ivy |
2021-01-15 ⋅ Swisscom ⋅ Markus Neis
@techreport{neis:20210115:cracking:b1c1684,
author = {Markus Neis},
title = {{Cracking a Soft Cell is Harder Than You Think}},
date = {2021-01-15},
institution = {Swisscom},
url = {https://raw.githubusercontent.com/yt0ng/cracking_softcell/main/Cracking_SOFTCLL_TLP_WHITE.pdf},
language = {English},
urldate = {2021-01-18}
}
Cracking a Soft Cell is Harder Than You Think
Ghost RAT MimiKatz PlugX Poison Ivy Trochilus RAT |
2021-01-13 ⋅ AlienVault ⋅ Tom Hegel
@techreport{hegel:20210113:global:72b7b9d,
author = {Tom Hegel},
title = {{A Global Perspective of the SideWinder APT}},
date = {2021-01-13},
institution = {AlienVault},
url = {https://cdn-cybersecurity.att.com/docs/global-perspective-of-the-sidewinder-apt.pdf},
language = {English},
urldate = {2021-01-18}
}
A Global Perspective of the SideWinder APT
8.t Dropper Koadic SideWinder |
2021-01-08 ⋅ Youtube (Virus Bulletin) ⋅ Fumio Ozawa, Shogo Hayashi, Rintaro Koike
@online{ozawa:20210108:operation:18eec5e,
author = {Fumio Ozawa and Shogo Hayashi and Rintaro Koike},
title = {{Operation LagTime IT: colourful Panda footprint}},
date = {2021-01-08},
organization = {Youtube (Virus Bulletin)},
url = {https://www.youtube.com/watch?v=1WfPlgtfWnQ},
language = {English},
urldate = {2021-02-06}
}
Operation LagTime IT: colourful Panda footprint
Cotx RAT nccTrojan Poison Ivy Tmanger |
2021-01-04 ⋅ nao_sec blog ⋅ nao_sec
@online{naosec:20210104:royal:041b9d3,
author = {nao_sec},
title = {{Royal Road! Re:Dive}},
date = {2021-01-04},
organization = {nao_sec blog},
url = {https://nao-sec.org/2021/01/royal-road-redive.html},
language = {English},
urldate = {2021-01-05}
}
Royal Road! Re:Dive
8.t Dropper Chinoxy FlowCloud FunnyDream Lookback |
2020-10-01 ⋅ US-CERT ⋅ US-CERT
@online{uscert:20201001:alert:a46c3d4,
author = {US-CERT},
title = {{Alert (AA20-275A): Potential for China Cyber Response to Heightened U.S.-China Tensions}},
date = {2020-10-01},
organization = {US-CERT},
url = {https://us-cert.cisa.gov/ncas/alerts/aa20-275a},
language = {English},
urldate = {2020-10-04}
}
Alert (AA20-275A): Potential for China Cyber Response to Heightened U.S.-China Tensions
CHINACHOPPER Cobalt Strike Empire Downloader MimiKatz Poison Ivy |
2020-09-30 ⋅ NTT Security ⋅ Fumio Ozawa, Shogo Hayashi, Rintaro Koike
@techreport{ozawa:20200930:operation:04593f6,
author = {Fumio Ozawa and Shogo Hayashi and Rintaro Koike},
title = {{Operation LagTime IT: colourful Panda footprint (Slides)}},
date = {2020-09-30},
institution = {NTT Security},
url = {https://vblocalhost.com/uploads/VB2020-20.pdf},
language = {English},
urldate = {2021-02-06}
}
Operation LagTime IT: colourful Panda footprint (Slides)
Cotx RAT nccTrojan Poison Ivy Tmanger |
2020-09-30 ⋅ NTT Security ⋅ Fumio Ozawa, Shogo Hayashi, Rintaro Koike
@techreport{ozawa:20200930:operation:1efe218,
author = {Fumio Ozawa and Shogo Hayashi and Rintaro Koike},
title = {{Operation LagTime IT: colourful Panda footprint}},
date = {2020-09-30},
institution = {NTT Security},
url = {https://vblocalhost.com/uploads/VB2020-Ozawa-etal.pdf},
language = {English},
urldate = {2021-01-25}
}
Operation LagTime IT: colourful Panda footprint
Cotx RAT nccTrojan Poison Ivy Tmanger |
2020-09-16 ⋅ RiskIQ ⋅ Jon Gross
@online{gross:20200916:riskiq:da4b864,
author = {Jon Gross},
title = {{RiskIQ: Adventures in Cookie Land - Part 2}},
date = {2020-09-16},
organization = {RiskIQ},
url = {https://community.riskiq.com/article/56fa1b2f},
language = {English},
urldate = {2020-09-23}
}
RiskIQ: Adventures in Cookie Land - Part 2
8.t Dropper Chinoxy Poison Ivy |
2020-08-19 ⋅ RiskIQ ⋅ Jon Gross, Cory Kennedy
@online{gross:20200819:riskiq:94e5ccf,
author = {Jon Gross and Cory Kennedy},
title = {{RiskIQ Adventures in Cookie Land - Part 1}},
date = {2020-08-19},
organization = {RiskIQ},
url = {https://community.riskiq.com/article/5fe2da7f},
language = {English},
urldate = {2020-09-23}
}
RiskIQ Adventures in Cookie Land - Part 1
8.t Dropper Chinoxy |
2020-06-03 ⋅ Kaspersky Labs ⋅ GReAT, Mark Lechtik, Giampaolo Dedola
@online{great:20200603:cycldek:ed9a830,
author = {GReAT and Mark Lechtik and Giampaolo Dedola},
title = {{Cycldek: Bridging the (air) gap}},
date = {2020-06-03},
organization = {Kaspersky Labs},
url = {https://securelist.com/cycldek-bridging-the-air-gap/97157/},
language = {English},
urldate = {2020-06-03}
}
Cycldek: Bridging the (air) gap
8.t Dropper NewCore RAT PlugX USBCulprit Hellsing |
2020-05-28 ⋅ Twitter (@stvemillertime) ⋅ Steve Miller
@online{miller:20200528:tclient:cc952e5,
author = {Steve Miller},
title = {{Tweet on TClient / FIRESHADOW used by Tropic Trooper}},
date = {2020-05-28},
organization = {Twitter (@stvemillertime)},
url = {https://twitter.com/stvemillertime/status/1266050369370677249},
language = {English},
urldate = {2020-06-05}
}
Tweet on TClient / FIRESHADOW used by Tropic Trooper
TClient |
2020-05-12 ⋅ Trend Micro ⋅ Joey Chen
@techreport{chen:20200512:tropic:a3285d0,
author = {Joey Chen},
title = {{Tropic Trooper’s Back: USBferry Attack Targets Air-gapped Environments (Technical Brief)}},
date = {2020-05-12},
institution = {Trend Micro},
url = {https://documents.trendmicro.com/assets/Tech-Brief-Tropic-Trooper-s-Back-USBferry-Attack-Targets-Air-gapped-Environments.pdf},
language = {English},
urldate = {2020-05-14}
}
Tropic Trooper’s Back: USBferry Attack Targets Air-gapped Environments (Technical Brief)
USBferry |
2020-05-12 ⋅ Trend Micro ⋅ Joey Chen
@online{chen:20200512:tropic:8fff7a4,
author = {Joey Chen},
title = {{Tropic Trooper’s Back: USBferry Attack Targets Air-gapped Environments}},
date = {2020-05-12},
organization = {Trend Micro},
url = {https://blog.trendmicro.com/trendlabs-security-intelligence/tropic-troopers-back-usbferry-attack-targets-air-gapped-environments/},
language = {English},
urldate = {2020-05-14}
}
Tropic Trooper’s Back: USBferry Attack Targets Air-gapped Environments
USBferry |
2020-03-21 ⋅ MalwareLab.pl ⋅ Maciej Kotowicz
@online{kotowicz:20200321:royal:da8fd16,
author = {Maciej Kotowicz},
title = {{On the Royal Road}},
date = {2020-03-21},
organization = {MalwareLab.pl},
url = {https://blog.malwarelab.pl/posts/on_the_royal_road/},
language = {English},
urldate = {2020-03-24}
}
On the Royal Road
8.t Dropper |
2020-03-20 ⋅ Medium Sebdraven ⋅ Sébastien Larinier
@online{larinier:20200320:new:3da1211,
author = {Sébastien Larinier},
title = {{New version of chinoxy backdoor using COVID19 alerts document lure}},
date = {2020-03-20},
organization = {Medium Sebdraven},
url = {https://medium.com/@Sebdraven/new-version-of-chinoxy-backdoor-using-covid19-document-lure-83fa294c0746},
language = {English},
urldate = {2020-03-26}
}
New version of chinoxy backdoor using COVID19 alerts document lure
8.t Dropper Chinoxy |
2020-03-12 ⋅ Check Point ⋅ Check Point Research
@online{research:20200312:vicious:3218bb8,
author = {Check Point Research},
title = {{Vicious Panda: The COVID Campaign}},
date = {2020-03-12},
organization = {Check Point},
url = {https://research.checkpoint.com/2020/vicious-panda-the-covid-campaign/},
language = {English},
urldate = {2020-03-13}
}
Vicious Panda: The COVID Campaign
8.t Dropper BYEBY Enfal Korlia Poison Ivy |
2020-03-11 ⋅ Virus Bulletin ⋅ Ghareeb Saad, Michael Raggi
@online{saad:20200311:attribution:3efcc0a,
author = {Ghareeb Saad and Michael Raggi},
title = {{Attribution is in the object: using RTF object dimensions to track APT phishing weaponizers}},
date = {2020-03-11},
organization = {Virus Bulletin},
url = {https://www.virusbulletin.com/virusbulletin/2020/03/vb2019-paper-attribution-object-using-rtf-object-dimensions-track-apt-phishing-weaponizers/},
language = {English},
urldate = {2020-03-13}
}
Attribution is in the object: using RTF object dimensions to track APT phishing weaponizers
8.t Dropper |
2020-03-04 ⋅ CrowdStrike ⋅ CrowdStrike
@techreport{crowdstrike:20200304:2020:818c85f,
author = {CrowdStrike},
title = {{2020 CrowdStrike Global Threat Report}},
date = {2020-03-04},
institution = {CrowdStrike},
url = {https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf},
language = {English},
urldate = {2020-07-24}
}
2020 CrowdStrike Global Threat Report
MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelDridex DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot vidar Winnti ANTHROPOID SPIDER APT31 APT39 BlackTech BuhTrap Charming Kitten CLOCKWORK SPIDER DOPPEL SPIDER FIN7 Gamaredon Group Leviathan MONTY SPIDER Mustang Panda NARWHAL SPIDER NOCTURNAL SPIDER PINCHY SPIDER Pirate Panda SALTY SPIDER SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER |
2020-03-02 ⋅ Virus Bulletin ⋅ Alex Hinchliffe
@online{hinchliffe:20200302:pulling:35771e7,
author = {Alex Hinchliffe},
title = {{Pulling the PKPLUG: the adversary playbook for the long-standing espionage activity of a Chinese nation-state adversary}},
date = {2020-03-02},
organization = {Virus Bulletin},
url = {https://www.virusbulletin.com/virusbulletin/2020/03/vb2019-paper-pulling-pkplug-adversary-playbook-long-standing-espionage-activity-chinese-nation-state-adversary/},
language = {English},
urldate = {2020-03-02}
}
Pulling the PKPLUG: the adversary playbook for the long-standing espionage activity of a Chinese nation-state adversary
HenBox Farseer PlugX Poison Ivy |
2020-01-29 ⋅ nao_sec blog ⋅ nao_sec
@online{naosec:20200129:overhead:ec0aeb5,
author = {nao_sec},
title = {{An Overhead View of the Royal Road}},
date = {2020-01-29},
organization = {nao_sec blog},
url = {https://nao-sec.org/2020/01/an-overhead-view-of-the-royal-road.html},
language = {English},
urldate = {2020-02-03}
}
An Overhead View of the Royal Road
BLACKCOFFEE Cotx RAT Datper DDKONG Derusbi Icefog Korlia NewCore RAT PLAINTEE Poison Ivy Sisfader |
2020-01-09 ⋅ Lab52 ⋅ Jagaimo Kawaii
@online{kawaii:20200109:ta428:2230af2,
author = {Jagaimo Kawaii},
title = {{TA428 Group abusing recent conflict between Iran and USA}},
date = {2020-01-09},
organization = {Lab52},
url = {https://lab52.io/blog/icefog-apt-group-abusing-recent-conflict-between-iran-and-eeuu/},
language = {English},
urldate = {2021-02-06}
}
TA428 Group abusing recent conflict between Iran and USA
Poison Ivy |
2020 ⋅ Secureworks ⋅ SecureWorks
@online{secureworks:2020:bronze:4db27ec,
author = {SecureWorks},
title = {{BRONZE UNION}},
date = {2020},
organization = {Secureworks},
url = {https://www.secureworks.com/research/threat-profiles/bronze-union},
language = {English},
urldate = {2020-05-23}
}
BRONZE UNION
9002 RAT CHINACHOPPER Enfal Ghost RAT HttpBrowser HyperBro owaauth PlugX Poison Ivy ZXShell EMISSARY PANDA |
2020 ⋅ Secureworks ⋅ SecureWorks
@online{secureworks:2020:bronze:65ecf8a,
author = {SecureWorks},
title = {{BRONZE KEYSTONE}},
date = {2020},
organization = {Secureworks},
url = {https://www.secureworks.com/research/threat-profiles/bronze-keystone},
language = {English},
urldate = {2020-05-23}
}
BRONZE KEYSTONE
9002 RAT BLACKCOFFEE DeputyDog Derusbi HiKit PlugX Poison Ivy ZXShell Aurora Panda |
2020 ⋅ Secureworks ⋅ SecureWorks
@online{secureworks:2020:aluminum:af22ffd,
author = {SecureWorks},
title = {{ALUMINUM SARATOGA}},
date = {2020},
organization = {Secureworks},
url = {https://www.secureworks.com/research/threat-profiles/aluminum-saratoga},
language = {English},
urldate = {2020-05-23}
}
ALUMINUM SARATOGA
BlackShades DarkComet Xtreme RAT Poison Ivy Quasar RAT Molerats |
2020 ⋅ Secureworks ⋅ SecureWorks
@online{secureworks:2020:bronze:a654071,
author = {SecureWorks},
title = {{BRONZE HOBART}},
date = {2020},
organization = {Secureworks},
url = {https://www.secureworks.com/research/threat-profiles/bronze-hobart},
language = {English},
urldate = {2020-05-23}
}
BRONZE HOBART
KeyBoy Pirate Panda |
2020 ⋅ Secureworks ⋅ SecureWorks
@online{secureworks:2020:bronze:972c13a,
author = {SecureWorks},
title = {{BRONZE FIRESTONE}},
date = {2020},
organization = {Secureworks},
url = {https://www.secureworks.com/research/threat-profiles/bronze-firestone},
language = {English},
urldate = {2020-05-23}
}
BRONZE FIRESTONE
9002 RAT Derusbi Empire Downloader PlugX Poison Ivy Shell Crew |
2020 ⋅ Secureworks ⋅ SecureWorks
@online{secureworks:2020:bronze:66f1290,
author = {SecureWorks},
title = {{BRONZE RIVERSIDE}},
date = {2020},
organization = {Secureworks},
url = {https://www.secureworks.com/research/threat-profiles/bronze-riverside},
language = {English},
urldate = {2020-05-23}
}
BRONZE RIVERSIDE
Anel ChChes Cobalt Strike PlugX Poison Ivy Quasar RAT RedLeaves Stone Panda |
2019-11-19 ⋅ FireEye ⋅ Kelli Vanderlee, Nalani Fraser
@techreport{vanderlee:20191119:achievement:6be19eb,
author = {Kelli Vanderlee and Nalani Fraser},
title = {{Achievement Unlocked: Chinese Cyber Espionage Evolves to Support Higher Level Missions}},
date = {2019-11-19},
institution = {FireEye},
url = {https://summit.fireeye.com/content/dam/fireeye-www/summit/cds-2019/presentations/cds19-executive-s08-achievement-unlocked.pdf},
language = {English},
urldate = {2021-03-02}
}
Achievement Unlocked: Chinese Cyber Espionage Evolves to Support Higher Level Missions
MESSAGETAP TSCookie ACEHASH CHINACHOPPER Cobalt Strike Derusbi Empire Downloader Ghost RAT HIGHNOON HTran MimiKatz NetWire RC poisonplug Poison Ivy pupy Quasar RAT ZXShell |
2019-09-25 ⋅ Cylance ⋅ Cylance Research and Intelligence Team
@online{team:20190925:pcshare:ac2d45a,
author = {Cylance Research and Intelligence Team},
title = {{PcShare Backdoor Attacks Targeting Windows Users with FakeNarrator Malware}},
date = {2019-09-25},
organization = {Cylance},
url = {https://web.archive.org/web/20191115210757/https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html},
language = {English},
urldate = {2021-10-24}
}
PcShare Backdoor Attacks Targeting Windows Users with FakeNarrator Malware
PcShare |
2019-09-22 ⋅ Check Point Research ⋅ Check Point Research
@online{research:20190922:rancor:e834f67,
author = {Check Point Research},
title = {{Rancor: The Year of The Phish}},
date = {2019-09-22},
organization = {Check Point Research},
url = {https://research.checkpoint.com/2019/rancor-the-year-of-the-phish/},
language = {English},
urldate = {2020-03-04}
}
Rancor: The Year of The Phish
8.t Dropper Cobalt Strike |
2019-07-23 ⋅ Proofpoint ⋅ Michael Raggi, Dennis Schwarz, Proofpoint Threat Insight Team
@online{raggi:20190723:chinese:804ec1c,
author = {Michael Raggi and Dennis Schwarz and Proofpoint Threat Insight Team},
title = {{Chinese APT “Operation LagTime IT” Targets Government Information Technology Agencies in Eastern Asia}},
date = {2019-07-23},
organization = {Proofpoint},
url = {https://www.proofpoint.com/us/threat-insight/post/chinese-apt-operation-lagtime-it-targets-government-information-technology},
language = {English},
urldate = {2021-02-06}
}
Chinese APT “Operation LagTime IT” Targets Government Information Technology Agencies in Eastern Asia
8.t Dropper Cotx RAT Poison Ivy TA428 |
2019-06-25 ⋅ Cybereason ⋅ Cybereason Nocturnus
@online{nocturnus:20190625:operation:21efa8f,
author = {Cybereason Nocturnus},
title = {{OPERATION SOFT CELL: A WORLDWIDE CAMPAIGN AGAINST TELECOMMUNICATIONS PROVIDERS}},
date = {2019-06-25},
organization = {Cybereason},
url = {https://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers},
language = {English},
urldate = {2019-12-17}
}
OPERATION SOFT CELL: A WORLDWIDE CAMPAIGN AGAINST TELECOMMUNICATIONS PROVIDERS
MimiKatz Poison Ivy Operation Soft Cell |
2019-01-03 ⋅ m4n0w4r
@online{m4n0w4r:20190103:another:2f48120,
author = {m4n0w4r},
title = {{Another malicious document with CVE-2017–11882}},
date = {2019-01-03},
url = {https://tradahacking.vn/another-malicious-document-with-cve-2017-11882-839e9c0bbf2f},
language = {Vietnamese},
urldate = {2020-03-11}
}
Another malicious document with CVE-2017–11882
8.t Dropper |
2019 ⋅ MITRE ⋅ MITRE ATT&CK
@online{attck:2019:tropic:0324452,
author = {MITRE ATT&CK},
title = {{Group description: Tropic Trooper}},
date = {2019},
organization = {MITRE},
url = {https://attack.mitre.org/groups/G0081/},
language = {English},
urldate = {2019-12-20}
}
Group description: Tropic Trooper
Pirate Panda |
2019 ⋅ Virus Bulletin ⋅ Lion Gu, Bowen Pan
@techreport{gu:2019:vine:df5dbfb,
author = {Lion Gu and Bowen Pan},
title = {{A vine climbing over the Great Firewall: A long-term attack against China}},
date = {2019},
institution = {Virus Bulletin},
url = {https://www.virusbulletin.com/uploads/pdf/conference_slides/2019/VB2019-GuPan.pdf},
language = {English},
urldate = {2020-01-08}
}
A vine climbing over the Great Firewall: A long-term attack against China
Poison Ivy ZXShell |
2018-11-03 ⋅ m4n0w4r
@online{m4n0w4r:20181103:l:d496fbd,
author = {m4n0w4r},
title = {{Là 1937CN hay OceanLotus hay Lazarus …}},
date = {2018-11-03},
url = {https://tradahacking.vn/l%C3%A0-1937cn-hay-oceanlotus-hay-lazarus-6ca15fe1b241},
language = {Vietnamese},
urldate = {2020-03-11}
}
Là 1937CN hay OceanLotus hay Lazarus …
8.t Dropper |
2018-10-08 ⋅ AT&T Cybersecurity ⋅ Chris Doman
@online{doman:20181008:delivery:8f2c9ed,
author = {Chris Doman},
title = {{Delivery (Key)Boy}},
date = {2018-10-08},
organization = {AT&T Cybersecurity},
url = {https://www.alienvault.com/blogs/labs-research/delivery-keyboy},
language = {English},
urldate = {2019-10-15}
}
Delivery (Key)Boy
Titan |
2018-09-21 ⋅ Qihoo 360 Technology ⋅ Qihoo 360
@online{360:20180921:poison:d1cab92,
author = {Qihoo 360},
title = {{Poison Ivy Group and the Cyberespionage Campaign Against Chinese Military and Goverment}},
date = {2018-09-21},
organization = {Qihoo 360 Technology},
url = {http://blogs.360.cn/post/APT_C_01_en.html},
language = {English},
urldate = {2019-11-29}
}
Poison Ivy Group and the Cyberespionage Campaign Against Chinese Military and Goverment
Poison Ivy |
2018-07-31 ⋅ Medium Sebdraven ⋅ Sébastien Larinier
@online{larinier:20180731:malicious:571d2df,
author = {Sébastien Larinier},
title = {{Malicious document targets Vietnamese officials}},
date = {2018-07-31},
organization = {Medium Sebdraven},
url = {https://medium.com/@Sebdraven/malicious-document-targets-vietnamese-officials-acb3b9d8b80a?},
language = {English},
urldate = {2020-03-04}
}
Malicious document targets Vietnamese officials
8.t Dropper |
2018-05-15 ⋅ BSides Detroit ⋅ Keven Murphy, Stefano Maccaglia
@online{murphy:20180515:ir:ac5b561,
author = {Keven Murphy and Stefano Maccaglia},
title = {{IR in Heterogeneous Environment}},
date = {2018-05-15},
organization = {BSides Detroit},
url = {https://www.slideshare.net/StefanoMaccaglia/bsides-ir-in-heterogeneous-environment},
language = {English},
urldate = {2020-07-20}
}
IR in Heterogeneous Environment
Korlia Poison Ivy |
2018-03-14 ⋅ Trend Micro ⋅ Jaromír Hořejší, Joey Chen, Joseph C. Chen
@online{hoej:20180314:tropic:352cf22,
author = {Jaromír Hořejší and Joey Chen and Joseph C. Chen},
title = {{Tropic Trooper’s New Strategy}},
date = {2018-03-14},
organization = {Trend Micro},
url = {https://blog.trendmicro.com/trendlabs-security-intelligence/tropic-trooper-new-strategy/},
language = {English},
urldate = {2020-01-09}
}
Tropic Trooper’s New Strategy
KeyBoy Pirate Panda |
2017-11-16 ⋅ Lookout ⋅ Michael Flossman
@online{flossman:20171116:tropic:4cd1fde,
author = {Michael Flossman},
title = {{Tropic Trooper goes mobile with Titan surveillanceware}},
date = {2017-11-16},
organization = {Lookout},
url = {https://blog.lookout.com/titan-mobile-threat},
language = {English},
urldate = {2020-01-06}
}
Tropic Trooper goes mobile with Titan surveillanceware
Titan Pirate Panda |
2017-11-02 ⋅ PWC UK ⋅ Bart Parys
@online{parys:20171102:keyboys:b57094e,
author = {Bart Parys},
title = {{The KeyBoys are back in town}},
date = {2017-11-02},
organization = {PWC UK},
url = {https://www.pwc.co.uk/issues/cyber-security-data-privacy/research/the-keyboys-are-back-in-town.html},
language = {English},
urldate = {2020-06-18}
}
The KeyBoys are back in town
KeyBoy |
2017-09-15 ⋅ Fortinet ⋅ Xiaopeng Zhang
@online{zhang:20170915:deep:5178fe3,
author = {Xiaopeng Zhang},
title = {{Deep Analysis of New Poison Ivy/PlugX Variant - Part II}},
date = {2017-09-15},
organization = {Fortinet},
url = {https://blog.fortinet.com/2017/09/15/deep-analysis-of-new-poison-ivy-plugx-variant-part-ii},
language = {English},
urldate = {2020-01-10}
}
Deep Analysis of New Poison Ivy/PlugX Variant - Part II
Poison Ivy |
2017-08-31 ⋅ NCC Group ⋅ Ahmed Zaki
@online{zaki:20170831:analysing:4c77e47,
author = {Ahmed Zaki},
title = {{Analysing a recent Poison Ivy sample}},
date = {2017-08-31},
organization = {NCC Group},
url = {https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/august/analysing-a-recent-poison-ivy-sample/},
language = {English},
urldate = {2020-01-10}
}
Analysing a recent Poison Ivy sample
Poison Ivy |
2017-08-23 ⋅ Fortinet ⋅ Xiaopeng Zhang
@online{zhang:20170823:deep:3d931ad,
author = {Xiaopeng Zhang},
title = {{Deep Analysis of New Poison Ivy Variant}},
date = {2017-08-23},
organization = {Fortinet},
url = {http://blog.fortinet.com/2017/08/23/deep-analysis-of-new-poison-ivy-variant},
language = {English},
urldate = {2020-01-06}
}
Deep Analysis of New Poison Ivy Variant
Poison Ivy |
2016-11-22 ⋅ Palo Alto Networks Unit 42 ⋅ Vicky Ray, Robert Falcone, Jen Miller-Osborn, Tom Lancaster
@online{ray:20161122:tropic:6be7f53,
author = {Vicky Ray and Robert Falcone and Jen Miller-Osborn and Tom Lancaster},
title = {{Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy}},
date = {2016-11-22},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/unit42-tropic-trooper-targets-taiwanese-government-and-fossil-fuel-provider-with-poison-ivy/},
language = {English},
urldate = {2020-01-09}
}
Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy
Pirate Panda |
2016-11-22 ⋅ Palo Alto Networks Unit 42 ⋅ Vicky Ray, Robert Falcone, Jen Miller-Osborn, Tom Lancaster
@online{ray:20161122:tropic:7f503e7,
author = {Vicky Ray and Robert Falcone and Jen Miller-Osborn and Tom Lancaster},
title = {{Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy}},
date = {2016-11-22},
organization = {Palo Alto Networks Unit 42},
url = {https://researchcenter.paloaltonetworks.com/2016/11/unit42-tropic-trooper-targets-taiwanese-government-and-fossil-fuel-provider-with-poison-ivy/},
language = {English},
urldate = {2019-12-20}
}
Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy
Poison Ivy |
2016-11-22 ⋅ Palo Alto Networks Unit 42 ⋅ Vicky Ray, Robert Falcone, Jen Miller-Osborn, Tom Lancaster
@online{ray:20161122:tropic:7857947,
author = {Vicky Ray and Robert Falcone and Jen Miller-Osborn and Tom Lancaster},
title = {{Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy}},
date = {2016-11-22},
organization = {Palo Alto Networks Unit 42},
url = {http://researchcenter.paloaltonetworks.com/2016/11/unit42-tropic-trooper-targets-taiwanese-government-and-fossil-fuel-provider-with-poison-ivy/},
language = {English},
urldate = {2019-12-20}
}
Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy
Winsloader Yahoyah Pirate Panda |
2016-11-17 ⋅ CitizenLab ⋅ Adam Hulcoop, Matt Brooks, Etienne Maynier, John Scott-Railton, Masashi Crete-Nishihata
@online{hulcoop:20161117:its:b644801,
author = {Adam Hulcoop and Matt Brooks and Etienne Maynier and John Scott-Railton and Masashi Crete-Nishihata},
title = {{It’s Parliamentary - KeyBoy and the targeting of the Tibetan Community}},
date = {2016-11-17},
organization = {CitizenLab},
url = {https://citizenlab.ca/2016/11/parliament-keyboy/},
language = {English},
urldate = {2019-07-11}
}
It’s Parliamentary - KeyBoy and the targeting of the Tibetan Community
KeyBoy |
2016-04-26 ⋅ Github (CyberMonitor) ⋅ Jason Jones
@techreport{jones:20160426:new:78ff145,
author = {Jason Jones},
title = {{New Poison Ivy Activity Targeting Myanmar, Asian Countries}},
date = {2016-04-26},
institution = {Github (CyberMonitor)},
url = {https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/blob/master/2016/2016.04.26.New_Poison_Ivy_Activity_Targeting_Myanmar_Asian_Countries/New%20Poison%20Ivy%20Activity%20Targeting%20Myanmar%2C%20Asian%20Countries.pdf},
language = {English},
urldate = {2019-12-17}
}
New Poison Ivy Activity Targeting Myanmar, Asian Countries
Poison Ivy |
2016-04-22 ⋅ Palo Alto Networks Unit 42 ⋅ Micah Yates, Mike Scott, Brandon Levene, Jen Miller-Osborn
@online{yates:20160422:new:249e32b,
author = {Micah Yates and Mike Scott and Brandon Levene and Jen Miller-Osborn},
title = {{New Poison Ivy RAT Variant Targets Hong Kong Pro-Democracy Activists}},
date = {2016-04-22},
organization = {Palo Alto Networks Unit 42},
url = {https://researchcenter.paloaltonetworks.com/2016/04/unit42-new-poison-ivy-rat-variant-targets-hong-kong-pro-democracy-activists/},
language = {English},
urldate = {2019-12-20}
}
New Poison Ivy RAT Variant Targets Hong Kong Pro-Democracy Activists
Poison Ivy |
2015-06-01 ⋅ CrowdStrike ⋅ Adam Kozy
@online{kozy:20150601:rhetoric:365c0d1,
author = {Adam Kozy},
title = {{Rhetoric Foreshadows Cyber Activity in the South China Sea}},
date = {2015-06-01},
organization = {CrowdStrike},
url = {http://www.crowdstrike.com/blog/rhetoric-foreshadows-cyber-activity-in-the-south-china-sea/},
language = {English},
urldate = {2019-12-20}
}
Rhetoric Foreshadows Cyber Activity in the South China Sea
Lotus Panda Pirate Panda |
2015-05-13 ⋅ Trend Micro ⋅ Kervin Alintanahin
@techreport{alintanahin:20150513:operation:a90911a,
author = {Kervin Alintanahin},
title = {{Operation Tropic Trooper}},
date = {2015-05-13},
institution = {Trend Micro},
url = {http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-operation-tropic-trooper.pdf},
language = {English},
urldate = {2020-01-06}
}
Operation Tropic Trooper
Pirate Panda |
2015-02-06 ⋅ CrowdStrike ⋅ CrowdStrike
@techreport{crowdstrike:20150206:crowdstrike:fbcc37f,
author = {CrowdStrike},
title = {{CrowdStrike Global Threat Intel Report 2014}},
date = {2015-02-06},
institution = {CrowdStrike},
url = {https://web.archive.org/web/20200509171721/https://raw.githubusercontent.com/fdiskyou/threat-INTel/master/2015/GlobalThreatIntelReport.pdf},
language = {English},
urldate = {2020-05-11}
}
CrowdStrike Global Threat Intel Report 2014
BlackPOS CryptoLocker Derusbi Elise Enfal EvilGrab Gameover P2P HttpBrowser Medusa Mirage Naikon NetTraveler pirpi PlugX Poison Ivy Sakula RAT Sinowal sykipot taidoor |
2014-09-19 ⋅ Palo Alto Networks Unit 42 ⋅ Jen Miller-Osborn, Ryan Olson
@online{millerosborn:20140919:recent:edf1ed3,
author = {Jen Miller-Osborn and Ryan Olson},
title = {{Recent Watering Hole Attacks Attributed to APT Group “th3bug” Using Poison Ivy}},
date = {2014-09-19},
organization = {Palo Alto Networks Unit 42},
url = {https://researchcenter.paloaltonetworks.com/2014/09/recent-watering-hole-attacks-attributed-apt-group-th3bug-using-poison-ivy/},
language = {English},
urldate = {2019-12-20}
}
Recent Watering Hole Attacks Attributed to APT Group “th3bug” Using Poison Ivy
Poison Ivy |
2014 ⋅ FireEye ⋅ FireEye
@techreport{fireeye:2014:operation:2160679,
author = {FireEye},
title = {{Operation Quantum Entanglement}},
date = {2014},
institution = {FireEye},
url = {http://csecybsec.com/download/zlab/20180713_CSE_APT28_X-Agent_Op-Roman%20Holiday-Report_v6_1.pdf},
language = {English},
urldate = {2021-04-29}
}
Operation Quantum Entanglement
IsSpace NewCT Poison Ivy SysGet |
2013-10-31 ⋅ FireEye ⋅ Thoufique Haq, Ned Moran
@online{haq:20131031:know:e772ee9,
author = {Thoufique Haq and Ned Moran},
title = {{Know Your Enemy: Tracking A Rapidly Evolving APT Actor}},
date = {2013-10-31},
organization = {FireEye},
url = {https://www.fireeye.com/blog/threat-research/2013/10/know-your-enemy-tracking-a-rapidly-evolving-apt-actor.html},
language = {English},
urldate = {2019-12-20}
}
Know Your Enemy: Tracking A Rapidly Evolving APT Actor
Bozok Poison Ivy Temper Panda |
2013-08-23 ⋅ FireEye ⋅ Nart Villeneuve, Thoufique Haq, Ned Moran
@online{villeneuve:20130823:operation:dc4b5d6,
author = {Nart Villeneuve and Thoufique Haq and Ned Moran},
title = {{Operation Molerats: Middle East Cyber Attacks Using Poison Ivy}},
date = {2013-08-23},
organization = {FireEye},
url = {https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-east-cyber-attacks-using-poison-ivy.html},
language = {English},
urldate = {2019-12-20}
}
Operation Molerats: Middle East Cyber Attacks Using Poison Ivy
Poison Ivy Molerats |
2013-06-07 ⋅ Rapid7 Labs ⋅ Claudio Guarnieri, Mark Schloesser
@online{guarnieri:20130607:keyboy:58ebd77,
author = {Claudio Guarnieri and Mark Schloesser},
title = {{KeyBoy, Targeted Attacks against Vietnam and India}},
date = {2013-06-07},
organization = {Rapid7 Labs},
url = {https://blog.rapid7.com/2013/06/07/keyboy-targeted-attacks-against-vietnam-and-india/},
language = {English},
urldate = {2019-12-20}
}
KeyBoy, Targeted Attacks against Vietnam and India
KeyBoy Pirate Panda |
2011 ⋅ Symantec ⋅ Erica Eng, Gavin O'Gorman
@techreport{eng:2011:nitro:656e464,
author = {Erica Eng and Gavin O'Gorman},
title = {{The Nitro Attacks: Stealing Secrets from the Chemical Industry}},
date = {2011},
institution = {Symantec},
url = {https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2011/the_nitro_attacks.pdf},
language = {English},
urldate = {2020-04-21}
}
The Nitro Attacks: Stealing Secrets from the Chemical Industry
Poison Ivy Nitro |
2010 ⋅ Mandiant ⋅ Ero Carrera, Peter Silberman
@techreport{carrera:2010:state:687e608,
author = {Ero Carrera and Peter Silberman},
title = {{State of Malware: Family Ties}},
date = {2010},
institution = {Mandiant},
url = {https://web.archive.org/web/20160616170611/https://media.blackhat.com/bh-eu-10/presentations/Carrera_Silberman/BlackHat-EU-2010-Carrera-Silberman-State-of-Malware-slides.pdf},
language = {English},
urldate = {2021-05-11}
}
State of Malware: Family Ties
Bredolab Conficker Cutwail KoobFace Kraken Poison Ivy Rustock Sinowal Szribi Zeus |