| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Dropping Elephant (also known as “Chinastrats” and “Patchwork“) is a relatively new threat actor that is targeting a variety of high profile diplomatic and economic targets using a custom set of attack tools. Its victims are all involved with China’s foreign relations in some way, and are generally caught through spear-phishing or watering hole attacks.
| 2024-04-11
⋅
Github (jeFF0Falltrades)
⋅
Rat King Configuration Parser AsyncRAT DCRat Quasar RAT Venom RAT |
| 2024-01-25
⋅
JSAC 2024
⋅
Threat Intelligence of Abused Public Post-Exploitation Frameworks AsyncRAT DCRat Empire Downloader GRUNT Havoc Koadic Merlin PoshC2 Quasar RAT Sliver |
| 2024-01-12
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q4 2023 FluBot Hook FAKEUPDATES AsyncRAT BianLian Cobalt Strike DCRat Havoc IcedID Lumma Stealer Meterpreter NjRAT Pikabot QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver |
| 2024-01-08
⋅
YouTube (Embee Research)
⋅
Malware Analysis - Powershell decoding and .NET C2 Extraction (Quasar RAT) Quasar RAT |
| 2023-10-12
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q3 2023 FluBot AsyncRAT Ave Maria Cobalt Strike DCRat Havoc IcedID ISFB Nanocore RAT NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Stealc Tofsee Vidar |
| 2023-09-08
⋅
Uncovering DDGroup — A long-time threat actor AsyncRAT Ave Maria BitRAT DBatLoader NetWire RC Quasar RAT XWorm |
| 2023-07-11
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q2 2023 Hydra AsyncRAT Aurora Stealer Ave Maria BumbleBee Cobalt Strike DCRat Havoc IcedID ISFB NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee |
| 2023-06-08
⋅
Twitter (@embee_research)
⋅
Practical Queries for Identifying Malware Infrastructure: An informal page for storing Censys/Shodan queries Amadey AsyncRAT Cobalt Strike QakBot Quasar RAT Sliver solarmarker |
| 2023-05-15
⋅
embeeresearch
⋅
Quasar Rat Analysis - Identification of 64 Quasar Servers Using Shodan and Censys Quasar RAT |
| 2023-04-13
⋅
OALabs
⋅
Quasar Chaos: Open Source Ransomware Meets Open Source RAT Chaos Quasar RAT |
| 2023-03-30
⋅
loginsoft
⋅
From Innocence to Malice: The OneNote Malware Campaign Uncovered Agent Tesla AsyncRAT DOUBLEBACK Emotet Formbook IcedID NetWire RC QakBot Quasar RAT RedLine Stealer XWorm |
| 2023-02-24
⋅
Zscaler
⋅
Snip3 Crypter Reveals New TTPs Over Time DCRat Quasar RAT |
| 2023-01-05
⋅
Symantec
⋅
Bluebottle: Campaign Hits Banks in French-speaking Countries in Africa CloudEyE Cobalt Strike MimiKatz NetWire RC POORTRY Quasar RAT BlueBottle |
| 2022-11-23
⋅
ESET Research
⋅
Bahamut cybermercenary group targets Android users with fake VPN apps Bahamut |
| 2022-09-13
⋅
Symantec
⋅
New Wave of Espionage Activity Targets Asian Governments MimiKatz PlugX Quasar RAT ShadowPad Trochilus RAT |
| 2022-08-18
⋅
Sophos
⋅
Cookie stealing: the new perimeter bypass Cobalt Strike Meterpreter MimiKatz Phoenix Keylogger Quasar RAT |
| 2022-07-29
⋅
Qualys
⋅
New Qualys Research Report: Evolution of Quasar RAT Quasar RAT |
| 2022-07-27
⋅
Qualys
⋅
Stealthy Quasar Evolving to Lead the RAT Race Quasar RAT |
| 2022-07-18
⋅
Palo Alto Networks Unit 42
⋅
Thirsty Gemini BackConfig QUILTED TIGER |
| 2022-07-13
⋅
Weixin
⋅
Confucius: The Angler Hidden Under CloudFlare Quasar RAT |
| 2022-06-29
⋅
cyble
⋅
Bahamut Android Malware Returns With New Spying Capabilities Bahamut |
| 2022-06-23
⋅
Secureworks
⋅
BRONZE STARLIGHT Ransomware Operations Use HUI Loader ATOMSILO Cobalt Strike HUI Loader LockFile NightSky Pandora PlugX Quasar RAT Rook SodaMaster BRONZE STARLIGHT |
| 2022-06-02
⋅
FortiGuard Labs
⋅
Threat Actors Prey on Eager Travelers AsyncRAT NetWire RC Quasar RAT |
| 2022-06-01
⋅
Qianxin Threat Intelligence Center
⋅
Analysis of the attack activities of the Maha grass group using the documents of relevant government agencies in Pakistan as bait BadNews QUILTED TIGER |
| 2022-05-19
⋅
Blackberry
⋅
.NET Stubs: Sowing the Seeds of Discord Agent Tesla Quasar RAT WhisperGate |
| 2022-05-19
⋅
Blackberry
⋅
.NET Stubs: Sowing the Seeds of Discord (PureCrypter) Aberebot AbstractEmu AdoBot 404 Keylogger Agent Tesla Amadey AsyncRAT Ave Maria BitRAT BluStealer Formbook LimeRAT Loki Password Stealer (PWS) Nanocore RAT Orcus RAT Quasar RAT Raccoon RedLine Stealer WhisperGate |
| 2022-05-16
⋅
JPCERT/CC
⋅
Analysis of HUI Loader HUI Loader PlugX Poison Ivy Quasar RAT |
| 2022-05-12
⋅
Morphisec
⋅
New SYK Crypter Distributed Via Discord AsyncRAT Ave Maria Nanocore RAT NjRAT Quasar RAT RedLine Stealer |
| 2022-04-28
⋅
PWC
⋅
Cyber Threats 2021: A Year in Retrospect BPFDoor APT15 APT31 APT41 APT9 BlackTech BRONZE EDGEWOOD DAGGER PANDA Earth Lusca HAFNIUM HAZY TIGER Inception Framework LOTUS PANDA QUILTED TIGER RedAlpha Red Dev 17 Red Menshen Red Nue VICEROY TIGER |
| 2022-04-27
⋅
Trendmicro
⋅
IOCs for Earth Berberoka - Windows AsyncRAT Cobalt Strike PlugX Quasar RAT Earth Berberoka |
| 2022-04-27
⋅
Trend Micro
⋅
New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware HelloBot AsyncRAT Ghost RAT HelloBot PlugX Quasar RAT Earth Berberoka |
| 2022-04-27
⋅
Trendmicro
⋅
Operation Gambling Puppet reptile oRAT AsyncRAT Cobalt Strike DCRat Ghost RAT PlugX Quasar RAT Trochilus RAT Earth Berberoka |
| 2022-04-12
⋅
⋅
360 Threat Intelligence Center
⋅
Recent attacks by Bahamut group revealed Bahamut |
| 2022-03-24
⋅
Lab52
⋅
Another cyber espionage campaign in the Russia-Ukrainian ongoing cyber attacks Quasar RAT |
| 2022-03-05
⋅
Bleeping Computer
⋅
Malware now using NVIDIA's stolen code signing certificates Quasar RAT |
| 2022-02-22
⋅
China Implicated in Prolonged Supply Chain Attack Targeting Taiwan Financial Sector Quasar RAT |
| 2022-02-21
⋅
⋅
CyCraft
⋅
An in-depth analysis of the Operation Cache Panda organized supply chain attack on Taiwan's financial industry Quasar RAT |
| 2022-02-21
⋅
The Record
⋅
Chinese hackers linked to months-long attack on Taiwanese financial sector Quasar RAT |
| 2022-02-11
⋅
blog.rootshell.be
⋅
[SANS ISC] CinaRAT Delivered Through HTML ID Attributes Quasar RAT |
| 2022-02-08
⋅
ASEC
⋅
Distribution of Kimsuky Group’s xRAT (Quasar RAT) Confirmed GoldDragon Quasar RAT |
| 2022-02-08
⋅
Intel 471
⋅
PrivateLoader: The first step in many malware schemes Dridex Kronos LockBit Nanocore RAT NjRAT PrivateLoader Quasar RAT RedLine Stealer Remcos SmokeLoader STOP Tofsee TrickBot Vidar |
| 2022-01-08
⋅
Bleeping Computer
⋅
Trojanized dnSpy app drops malware cocktail on researchers, devs Quasar RAT |
| 2022-01-07
⋅
Malwarebytes
⋅
Patchwork APT caught in its own web BadNews |
| 2021-12-14
⋅
Trend Micro
⋅
Collecting In the Dark: Tropic Trooper Targets Transportation and Government ChiserClient Ghost RAT Lilith Quasar RAT xPack APT23 |
| 2021-10-19
⋅
Cisco Talos
⋅
Malicious campaign uses a barrage of commodity RATs to target Afghanistan and India DCRat Quasar RAT |
| 2021-09-20
⋅
Trend Micro
⋅
Water Basilisk Uses New HCrypt Variant to Flood Victims with RAT Payloads Ave Maria BitRAT LimeRAT Nanocore RAT NjRAT Quasar RAT |
| 2021-09-04
⋅
cocomelonc
⋅
AV engines evasion for C++ simple malware: part 1 4h_rat Azorult BADCALL BadNews BazarBackdoor Cardinal RAT |
| 2021-09-03
⋅
Trend Micro
⋅
The State of SSL/TLS Certificate Usage in Malware C&C Communications AdWind ostap AsyncRAT BazarBackdoor BitRAT Buer Chthonic CloudEyE Cobalt Strike DCRat Dridex FindPOS GootKit Gozi IcedID ISFB Nanocore RAT Orcus RAT PandaBanker Qadars QakBot Quasar RAT Rockloader ServHelper Shifu SManager TorrentLocker TrickBot Vawtrak Zeus Zloader |
| 2021-07-12
⋅
IBM
⋅
RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation 404 Keylogger Agent Tesla AsyncRAT Ave Maria Azorult BitRAT Formbook HawkEye Keylogger Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Quasar RAT RedLine Stealer Remcos |
| 2021-07-12
⋅
Cipher Tech Solutions
⋅
RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation 404 Keylogger Agent Tesla AsyncRAT Ave Maria Azorult BitRAT Formbook HawkEye Keylogger Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Quasar RAT RedLine Stealer Remcos |
| 2021-05-27
⋅
MinervaLabs
⋅
Trapping A Fat Quasar RAT Quasar RAT |
| 2021-05-05
⋅
Zscaler
⋅
Catching RATs Over Custom Protocols Analysis of top non-HTTP/S threats Agent Tesla AsyncRAT Crimson RAT CyberGate Ghost RAT Nanocore RAT NetWire RC NjRAT Quasar RAT Remcos |
| 2021-04-27
⋅
Kaspersky
⋅
APT trends report Q1 2021 PAS Artra Downloader BadNews Bozok DILLJUICE Kazuar Quasar RAT SodaMaster |
| 2021-04-14
⋅
Zscaler
⋅
A look at HydroJiin campaign NetWire RC Quasar RAT |
| 2021-02-25
⋅
Intezer
⋅
Year of the Gopher A 2020 Go Malware Round-Up NiuB WellMail elf.wellmess ArdaMax AsyncRAT CyberGate DarkComet Glupteba Nanocore RAT Nefilim NjRAT Quasar RAT WellMess Zebrocy |
| 2021-02-23
⋅
CrowdStrike
⋅
2021 Global Threat Report RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader Evilnum OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER |
| 2021-02-05
⋅
Morphisec
⋅
CinaRAT Resurfaces with New Evasive Tactics and Techniques Quasar RAT |
| 2021-01-09
⋅
Marco Ramilli's Blog
⋅
Command and Control Traffic Patterns ostap LaZagne Agent Tesla Azorult Buer Cobalt Strike DanaBot DarkComet Dridex Emotet Formbook IcedID ISFB NetWire RC PlugX Quasar RAT SmokeLoader TrickBot |
| 2020-12-28
⋅
⋅
Antiy CERT
⋅
"Civerids" organization vs. Middle East area attack activity analysis report Quasar RAT |
| 2020-12-24
⋅
IronNet
⋅
China cyber attacks: the current threat landscape PLEAD TSCookie FlowCloud Lookback PLEAD PlugX Quasar RAT Winnti |
| 2020-12-10
⋅
JPCERT/CC
⋅
Attack Activities by Quasar Family AsyncRAT Quasar RAT Venom RAT XPCTRA |
| 2020-12-09
⋅
Cybereason
⋅
MOLERATS IN THE CLOUD: New Malware Arsenal Abuses Cloud Platforms in Middle East Espionage Campaign DropBook JhoneRAT Molerat Loader Pierogi Quasar RAT SharpStage Spark |
| 2020-12-09
⋅
Cybereason
⋅
New Malware Arsenal Abusing Cloud Platforms in Middle East Espionage Campaign DropBook MoleNet Quasar RAT SharpStage Spark |
| 2020-11-19
⋅
Threatpost
⋅
APT Exploits Microsoft Zerologon Bug: Targets Japanese Companies Quasar RAT Ryuk |
| 2020-11-17
⋅
Symantec
⋅
Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign Quasar RAT |
| 2020-10-06
⋅
Blackberry
⋅
BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps Bahamut Bahamut |
| 2020-06-22
⋅
MalwareLab.pl
⋅
VenomRAT - new, hackforums grade, reincarnation of QuassarRAT Quasar RAT Venom RAT |
| 2020-05-29
⋅
Zscaler
⋅
ShellReset RAT Spread Through Macro-Based Documents Using AppLocker Bypass Quasar RAT |
| 2020-05-14
⋅
Lab52
⋅
The energy reserves in the Eastern Mediterranean Sea and a malicious campaign of APT10 against Turkey Cobalt Strike HTran MimiKatz PlugX Quasar RAT |
| 2020-04-27
⋅
0x00sec
⋅
Master of RATs - How to create your own Tracker Quasar RAT |
| 2020-03-04
⋅
CrowdStrike
⋅
2020 CrowdStrike Global Threat Report MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelDridex DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot Vidar Winnti ANTHROPOID SPIDER APT23 APT31 APT39 APT40 BlackTech BuhTrap Charming Kitten CLOCKWORK SPIDER DOPPEL SPIDER FIN7 Gamaredon Group GOBLIN PANDA MONTY SPIDER MUSTANG PANDA NARWHAL SPIDER NOCTURNAL SPIDER PINCHY SPIDER SALTY SPIDER SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER VICEROY TIGER |
| 2020-02-21
⋅
ADEO DFIR
⋅
APT10 Threat Analysis Report CHINACHOPPER HTran MimiKatz PlugX Quasar RAT |
| 2020-01-31
⋅
ReversingLabs
⋅
RATs in the Library: Remote Access Trojans Hide in Plain "Public" Site CyberGate LimeRAT NjRAT Quasar RAT Revenge RAT |
| 2020-01-17
⋅
JPCERT/CC
⋅
Looking back on the incidents in 2019 TSCookie NodeRAT Emotet PoshC2 Quasar RAT |
| 2020-01-01
⋅
Secureworks
⋅
ZINC EMERSON yty QUILTED TIGER |
| 2020-01-01
⋅
Secureworks
⋅
BRONZE RIVERSIDE Anel ChChes Cobalt Strike PlugX Poison Ivy Quasar RAT RedLeaves APT10 |
| 2020-01-01
⋅
Secureworks
⋅
ALUMINUM SARATOGA BlackShades DarkComet Xtreme RAT Poison Ivy Quasar RAT Molerats |
| 2019-11-19
⋅
FireEye
⋅
Achievement Unlocked: Chinese Cyber Espionage Evolves to Support Higher Level Missions MESSAGETAP TSCookie ACEHASH CHINACHOPPER Cobalt Strike Derusbi Empire Downloader Ghost RAT HIGHNOON HTran MimiKatz NetWire RC poisonplug Poison Ivy pupy Quasar RAT ZXShell |
| 2019-10-22
⋅
Lab52
⋅
New PatchWork Spearphishing Attack BadNews |
| 2019-10-02
⋅
Virus Bulletin
⋅
Abusing third-party cloud services in targeted attacks BadNews SLUB |
| 2019-08-26
⋅
Qianxin
⋅
APT-C-09 Reappeared as Conflict Intensified Between India and Pakistan BadNews |
| 2019-05-24
⋅
Fortinet
⋅
Uncovering new Activity by APT10 PlugX Quasar RAT |
| 2019-05-20
⋅
Twitter (@struppigel)
⋅
Tweet on Yggdrasil / CinaRAT Quasar RAT |
| 2019-04-16
⋅
FireEye
⋅
Spear Phishing Campaign Targets Ukraine Government and Military; Infrastructure Reveals Potential Link to So-Called Luhansk People's Republic Quasar RAT Vermin |
| 2019-04-01
⋅
⋅
Macnica Networks
⋅
Trends in Cyber Espionage Targeting Japan 2nd Half of 2018 Anel Cobalt Strike Datper PLEAD Quasar RAT RedLeaves taidoor Zebrocy |
| 2019-03-27
⋅
Symantec
⋅
Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S. DarkComet Nanocore RAT pupy Quasar RAT Remcos TURNEDUP APT33 |
| 2019-03-27
⋅
Symantec
⋅
Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S. DarkComet MimiKatz Nanocore RAT NetWire RC pupy Quasar RAT Remcos StoneDrill TURNEDUP APT33 |
| 2019-01-01
⋅
MITRE
⋅
Group description: Patchwork QUILTED TIGER |
| 2018-11-29
⋅
360 Threat Intelligence
⋅
Analysis Of Targeted Attack Against Pakistan By Exploiting InPage Vulnerability And Related APT Groups BioData Bitter RAT WSCSPL |
| 2018-10-09
⋅
Trend Micro
⋅
Untangling the Patchwork Espionage Group BadNews SocksBot QUILTED TIGER |
| 2018-10-01
⋅
⋅
Macnica Networks
⋅
Trends in cyber espionage (targeted attacks) targeting Japan | First half of 2018 Anel Cobalt Strike Datper FlawedAmmyy Quasar RAT RedLeaves taidoor Winnti xxmm |
| 2018-08-29
⋅
Trend Micro
⋅
The Urpage Connection to Bahamut, Confucius and Patchwork AndroRAT Bahamut |
| 2018-08-29
⋅
Trend Micro
⋅
Bahamut, Confucius and Patchwork Connected to Urpage Bahamut Confucius Urpage |
| 2018-08-02
⋅
Palo Alto Networks Unit 42
⋅
The Gorgon Group: Slithering Between Nation State and Cybercrime Loki Password Stealer (PWS) Nanocore RAT NjRAT Quasar RAT Remcos Revenge RAT |
| 2018-07-17
⋅
ESET Research
⋅
A deep dive down the Vermin RAThole Quasar RAT Sobaken Vermin |
| 2018-06-07
⋅
Volexity
⋅
Patchwork APT Group Targets US Think Tanks Quasar RAT Unidentified 047 QUILTED TIGER |
| 2018-03-30
⋅
⋅
360 Threat Intelligence
⋅
Analysis of the latest cyber attack activity of the APT organization against sensitive institutions in China Quasar RAT |
| 2018-03-07
⋅
Palo Alto Networks Unit 42
⋅
Patchwork Continues to Deliver BADNEWS to the Indian Subcontinent BadNews |
| 2017-12-11
⋅
Trend Micro
⋅
Untangling the Patchwork Cyberespionage Group Quasar RAT |
| 2017-10-27
⋅
Bellingcat
⋅
Bahamut Revisited, More Cyber Espionage in the Middle East and South Asia Bahamut Bahamut Bahamut |
| 2017-09-19
⋅
Cymmetria
⋅
Unveiling Patchwork – a targeted attack caught with cyber deception QUILTED TIGER |
| 2017-06-12
⋅
Bellingcat
⋅
Bahamut, Pursuing a Cyber Espionage Actor in the Middle East Bahamut Bahamut Bahamut |
| 2017-04-05
⋅
Fortninet
⋅
In-Depth Look at New Variant of MONSOON APT Backdoor, Part 2 BadNews |
| 2017-04-05
⋅
Fortinet
⋅
In-Depth Look at New Variant of MONSOON APT Backdoor, Part 1 BadNews |
| 2017-04-01
⋅
PricewaterhouseCoopers
⋅
Operation Cloud Hopper: Technical Annex ChChes PlugX Quasar RAT RedLeaves Trochilus RAT |
| 2017-01-30
⋅
Palo Alto Networks Unit 42
⋅
Downeks and Quasar RAT Used in Recent Targeted Attacks Against Governments Quasar RAT |
| 2016-10-20
⋅
Twitter (@malwrhunterteam)
⋅
Tweet on Quasar RAT Quasar RAT |
| 2016-08-08
⋅
Forcepoint
⋅
MONSOON - Analysis Of An APT Campaign BadNews TinyTyphon QUILTED TIGER |
| 2016-08-08
⋅
Forcepoint
⋅
MONSOON – ANALYSIS OF AN APT CAMPAIGN BadNews TinyTyphon QUILTED TIGER |
| 2016-07-25
⋅
Symantec
⋅
Patchwork cyberespionage group expands targets from governments to wide range of industries QUILTED TIGER |
| 2016-07-08
⋅
Kaspersky Labs
⋅
The Dropping Elephant – aggressive cyber-espionage in the Asian region QUILTED TIGER |
| 2016-01-01
⋅
Cymmetria
⋅
Unveiling Patchwork: The Copy-Paste APT QUILTED TIGER |