China-based cyber threat group. It has previously used newsworthy events as lures to deliver malware and has primarily targeted organizations involved in financial, economic, and trade policy, typically using publicly available RATs such as PoisonIvy, as well as some non-public backdoors. This threat actor targets prodemocratic activists and organizations in Hong Kong, European and international financial institutions, and a U.S.-based think tank.
2022-05-17 ⋅ Positive Technologies ⋅ Positive Technologies @online{technologies:20220517:space:abd655a,
author = {Positive Technologies},
title = {{Space Pirates: analyzing the tools and connections of a new hacker group}},
date = {2022-05-17},
organization = {Positive Technologies},
url = {https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/space-pirates-tools-and-connections/},
language = {English},
urldate = {2022-05-25}
}
Space Pirates: analyzing the tools and connections of a new hacker group FormerFirstRAT PlugX Poison Ivy Rovnix ShadowPad Zupdax |
2022-05-16 ⋅ JPCERT/CC ⋅ Shusei Tomonaga @online{tomonaga:20220516:analysis:b1c8089,
author = {Shusei Tomonaga},
title = {{Analysis of HUI Loader}},
date = {2022-05-16},
organization = {JPCERT/CC},
url = {https://blogs.jpcert.or.jp/ja/2022/05/HUILoader.html},
language = {English},
urldate = {2022-05-17}
}
Analysis of HUI Loader HUI Loader PlugX Poison Ivy Quasar RAT |
2021-04-27 ⋅ Kaspersky ⋅ GReAT @online{great:20210427:trends:e1c92a3,
author = {GReAT},
title = {{APT trends report Q1 2021}},
date = {2021-04-27},
organization = {Kaspersky},
url = {https://securelist.com/apt-trends-report-q1-2021/101967/},
language = {English},
urldate = {2021-04-29}
}
APT trends report Q1 2021 PAS Artra Downloader BadNews Bozok DILLJUICE Kazuar Quasar RAT SodaMaster |
2021-03-17 ⋅ Recorded Future ⋅ Insikt Group® @online{group:20210317:chinalinked:65b251b,
author = {Insikt Group®},
title = {{China-linked TA428 Continues to Target Russia and Mongolia IT Companies}},
date = {2021-03-17},
organization = {Recorded Future},
url = {https://www.recordedfuture.com/china-linked-ta428-threat-group},
language = {English},
urldate = {2021-03-19}
}
China-linked TA428 Continues to Target Russia and Mongolia IT Companies PlugX Poison Ivy |
2021-02-01 ⋅ ESET Research ⋅ Ignacio Sanmillan, Matthieu Faou @online{sanmillan:20210201:operation:9e52a78,
author = {Ignacio Sanmillan and Matthieu Faou},
title = {{Operation NightScout: Supply‑chain attack targets online gaming in Asia}},
date = {2021-02-01},
organization = {ESET Research},
url = {https://www.welivesecurity.com/2021/02/01/operation-nightscout-supply-chain-attack-online-gaming-asia/},
language = {English},
urldate = {2021-02-17}
}
Operation NightScout: Supply‑chain attack targets online gaming in Asia Ghost RAT NoxPlayer Poison Ivy |
2021-01-15 ⋅ Swisscom ⋅ Markus Neis @techreport{neis:20210115:cracking:b1c1684,
author = {Markus Neis},
title = {{Cracking a Soft Cell is Harder Than You Think}},
date = {2021-01-15},
institution = {Swisscom},
url = {https://raw.githubusercontent.com/yt0ng/cracking_softcell/main/Cracking_SOFTCLL_TLP_WHITE.pdf},
language = {English},
urldate = {2021-01-18}
}
Cracking a Soft Cell is Harder Than You Think Ghost RAT MimiKatz PlugX Poison Ivy Trochilus RAT |
2021-01-08 ⋅ Youtube (Virus Bulletin) ⋅ Fumio Ozawa, Shogo Hayashi, Rintaro Koike @online{ozawa:20210108:operation:18eec5e,
author = {Fumio Ozawa and Shogo Hayashi and Rintaro Koike},
title = {{Operation LagTime IT: colourful Panda footprint}},
date = {2021-01-08},
organization = {Youtube (Virus Bulletin)},
url = {https://www.youtube.com/watch?v=1WfPlgtfWnQ},
language = {English},
urldate = {2021-02-06}
}
Operation LagTime IT: colourful Panda footprint Cotx RAT nccTrojan Poison Ivy Tmanger |
2020-10-01 ⋅ US-CERT ⋅ US-CERT @online{uscert:20201001:alert:a46c3d4,
author = {US-CERT},
title = {{Alert (AA20-275A): Potential for China Cyber Response to Heightened U.S.-China Tensions}},
date = {2020-10-01},
organization = {US-CERT},
url = {https://us-cert.cisa.gov/ncas/alerts/aa20-275a},
language = {English},
urldate = {2020-10-04}
}
Alert (AA20-275A): Potential for China Cyber Response to Heightened U.S.-China Tensions CHINACHOPPER Cobalt Strike Empire Downloader MimiKatz Poison Ivy |
2020-09-30 ⋅ NTT Security ⋅ Fumio Ozawa, Shogo Hayashi, Rintaro Koike @techreport{ozawa:20200930:operation:04593f6,
author = {Fumio Ozawa and Shogo Hayashi and Rintaro Koike},
title = {{Operation LagTime IT: colourful Panda footprint (Slides)}},
date = {2020-09-30},
institution = {NTT Security},
url = {https://vblocalhost.com/uploads/VB2020-20.pdf},
language = {English},
urldate = {2021-02-06}
}
Operation LagTime IT: colourful Panda footprint (Slides) Cotx RAT nccTrojan Poison Ivy Tmanger |
2020-09-30 ⋅ NTT Security ⋅ Fumio Ozawa, Shogo Hayashi, Rintaro Koike @techreport{ozawa:20200930:operation:1efe218,
author = {Fumio Ozawa and Shogo Hayashi and Rintaro Koike},
title = {{Operation LagTime IT: colourful Panda footprint}},
date = {2020-09-30},
institution = {NTT Security},
url = {https://vblocalhost.com/uploads/VB2020-Ozawa-etal.pdf},
language = {English},
urldate = {2021-01-25}
}
Operation LagTime IT: colourful Panda footprint Cotx RAT nccTrojan Poison Ivy Tmanger |
2020-09-16 ⋅ RiskIQ ⋅ Jon Gross @online{gross:20200916:riskiq:da4b864,
author = {Jon Gross},
title = {{RiskIQ: Adventures in Cookie Land - Part 2}},
date = {2020-09-16},
organization = {RiskIQ},
url = {https://community.riskiq.com/article/56fa1b2f},
language = {English},
urldate = {2020-09-23}
}
RiskIQ: Adventures in Cookie Land - Part 2 8.t Dropper Chinoxy Poison Ivy |
2020-03-12 ⋅ Check Point ⋅ Check Point Research @online{research:20200312:vicious:3218bb8,
author = {Check Point Research},
title = {{Vicious Panda: The COVID Campaign}},
date = {2020-03-12},
organization = {Check Point},
url = {https://research.checkpoint.com/2020/vicious-panda-the-covid-campaign/},
language = {English},
urldate = {2020-03-13}
}
Vicious Panda: The COVID Campaign 8.t Dropper BYEBY Enfal Korlia Poison Ivy |
2020-03-02 ⋅ Virus Bulletin ⋅ Alex Hinchliffe @online{hinchliffe:20200302:pulling:35771e7,
author = {Alex Hinchliffe},
title = {{Pulling the PKPLUG: the adversary playbook for the long-standing espionage activity of a Chinese nation-state adversary}},
date = {2020-03-02},
organization = {Virus Bulletin},
url = {https://www.virusbulletin.com/virusbulletin/2020/03/vb2019-paper-pulling-pkplug-adversary-playbook-long-standing-espionage-activity-chinese-nation-state-adversary/},
language = {English},
urldate = {2020-03-02}
}
Pulling the PKPLUG: the adversary playbook for the long-standing espionage activity of a Chinese nation-state adversary HenBox Farseer PlugX Poison Ivy |
2020-01-29 ⋅ nao_sec blog ⋅ nao_sec @online{naosec:20200129:overhead:ec0aeb5,
author = {nao_sec},
title = {{An Overhead View of the Royal Road}},
date = {2020-01-29},
organization = {nao_sec blog},
url = {https://nao-sec.org/2020/01/an-overhead-view-of-the-royal-road.html},
language = {English},
urldate = {2020-02-03}
}
An Overhead View of the Royal Road BLACKCOFFEE Cotx RAT Datper DDKONG Derusbi Icefog Korlia NewCore RAT PLAINTEE Poison Ivy Sisfader |
2020-01-09 ⋅ Lab52 ⋅ Jagaimo Kawaii @online{kawaii:20200109:ta428:2230af2,
author = {Jagaimo Kawaii},
title = {{TA428 Group abusing recent conflict between Iran and USA}},
date = {2020-01-09},
organization = {Lab52},
url = {https://lab52.io/blog/icefog-apt-group-abusing-recent-conflict-between-iran-and-eeuu/},
language = {English},
urldate = {2021-02-06}
}
TA428 Group abusing recent conflict between Iran and USA Poison Ivy |
2020 ⋅ Secureworks ⋅ SecureWorks @online{secureworks:2020:bronze:4db27ec,
author = {SecureWorks},
title = {{BRONZE UNION}},
date = {2020},
organization = {Secureworks},
url = {https://www.secureworks.com/research/threat-profiles/bronze-union},
language = {English},
urldate = {2020-05-23}
}
BRONZE UNION 9002 RAT CHINACHOPPER Enfal Ghost RAT HttpBrowser HyperBro owaauth PlugX Poison Ivy ZXShell EMISSARY PANDA |
2020 ⋅ Secureworks ⋅ SecureWorks @online{secureworks:2020:bronze:65ecf8a,
author = {SecureWorks},
title = {{BRONZE KEYSTONE}},
date = {2020},
organization = {Secureworks},
url = {https://www.secureworks.com/research/threat-profiles/bronze-keystone},
language = {English},
urldate = {2020-05-23}
}
BRONZE KEYSTONE 9002 RAT BLACKCOFFEE DeputyDog Derusbi HiKit PlugX Poison Ivy ZXShell Aurora Panda |
2020 ⋅ Secureworks ⋅ SecureWorks @online{secureworks:2020:aluminum:af22ffd,
author = {SecureWorks},
title = {{ALUMINUM SARATOGA}},
date = {2020},
organization = {Secureworks},
url = {https://www.secureworks.com/research/threat-profiles/aluminum-saratoga},
language = {English},
urldate = {2020-05-23}
}
ALUMINUM SARATOGA BlackShades DarkComet Xtreme RAT Poison Ivy Quasar RAT Molerats |
2020 ⋅ Secureworks ⋅ SecureWorks @online{secureworks:2020:bronze:66f1290,
author = {SecureWorks},
title = {{BRONZE RIVERSIDE}},
date = {2020},
organization = {Secureworks},
url = {https://www.secureworks.com/research/threat-profiles/bronze-riverside},
language = {English},
urldate = {2020-05-23}
}
BRONZE RIVERSIDE Anel ChChes Cobalt Strike PlugX Poison Ivy Quasar RAT RedLeaves Stone Panda |
2020 ⋅ Secureworks ⋅ SecureWorks @online{secureworks:2020:bronze:972c13a,
author = {SecureWorks},
title = {{BRONZE FIRESTONE}},
date = {2020},
organization = {Secureworks},
url = {https://www.secureworks.com/research/threat-profiles/bronze-firestone},
language = {English},
urldate = {2020-05-23}
}
BRONZE FIRESTONE 9002 RAT Derusbi Empire Downloader PlugX Poison Ivy Shell Crew |
2019-12-12 ⋅ Microsoft ⋅ Microsoft Threat Intelligence Center @online{center:20191212:gallium:79f6460,
author = {Microsoft Threat Intelligence Center},
title = {{GALLIUM: Targeting global telecom}},
date = {2019-12-12},
organization = {Microsoft},
url = {https://www.microsoft.com/security/blog/2019/12/12/gallium-targeting-global-telecom/},
language = {English},
urldate = {2022-06-15}
}
GALLIUM: Targeting global telecom CHINACHOPPER Ghost RAT HTran MimiKatz Poison Ivy GALLIUM |
2019-11-19 ⋅ FireEye ⋅ Kelli Vanderlee, Nalani Fraser @techreport{vanderlee:20191119:achievement:6be19eb,
author = {Kelli Vanderlee and Nalani Fraser},
title = {{Achievement Unlocked: Chinese Cyber Espionage Evolves to Support Higher Level Missions}},
date = {2019-11-19},
institution = {FireEye},
url = {https://summit.fireeye.com/content/dam/fireeye-www/summit/cds-2019/presentations/cds19-executive-s08-achievement-unlocked.pdf},
language = {English},
urldate = {2021-03-02}
}
Achievement Unlocked: Chinese Cyber Espionage Evolves to Support Higher Level Missions MESSAGETAP TSCookie ACEHASH CHINACHOPPER Cobalt Strike Derusbi Empire Downloader Ghost RAT HIGHNOON HTran MimiKatz NetWire RC poisonplug Poison Ivy pupy Quasar RAT ZXShell |
2019-08-12 ⋅ Kindred Security ⋅ Kindred Security @online{security:20190812:overview:0726c0a,
author = {Kindred Security},
title = {{An Overview of Public Platform C2’s}},
date = {2019-08-12},
organization = {Kindred Security},
url = {https://kindredsec.wordpress.com/2019/08/12/an-overview-of-public-platform-c2s/},
language = {English},
urldate = {2021-07-20}
}
An Overview of Public Platform C2’s HTML5 Encoding LOWBALL Makadocs MiniDuke RogueRobinNET RokRAT |
2019-07-23 ⋅ Proofpoint ⋅ Michael Raggi, Dennis Schwarz, Proofpoint Threat Insight Team @online{raggi:20190723:chinese:804ec1c,
author = {Michael Raggi and Dennis Schwarz and Proofpoint Threat Insight Team},
title = {{Chinese APT “Operation LagTime IT” Targets Government Information Technology Agencies in Eastern Asia}},
date = {2019-07-23},
organization = {Proofpoint},
url = {https://www.proofpoint.com/us/threat-insight/post/chinese-apt-operation-lagtime-it-targets-government-information-technology},
language = {English},
urldate = {2021-02-06}
}
Chinese APT “Operation LagTime IT” Targets Government Information Technology Agencies in Eastern Asia 8.t Dropper Cotx RAT Poison Ivy TA428 |
2019-06-25 ⋅ Cybereason ⋅ Cybereason Nocturnus @online{nocturnus:20190625:operation:21efa8f,
author = {Cybereason Nocturnus},
title = {{OPERATION SOFT CELL: A WORLDWIDE CAMPAIGN AGAINST TELECOMMUNICATIONS PROVIDERS}},
date = {2019-06-25},
organization = {Cybereason},
url = {https://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers},
language = {English},
urldate = {2019-12-17}
}
OPERATION SOFT CELL: A WORLDWIDE CAMPAIGN AGAINST TELECOMMUNICATIONS PROVIDERS MimiKatz Poison Ivy Operation Soft Cell |
2019 ⋅ MITRE ⋅ MITRE ATT&CK @online{attck:2019:admin338:c8e4d93,
author = {MITRE ATT&CK},
title = {{Group description: admin@338}},
date = {2019},
organization = {MITRE},
url = {https://attack.mitre.org/groups/G0018/},
language = {English},
urldate = {2019-12-20}
}
Group description: admin@338 Temper Panda |
2019 ⋅ Council on Foreign Relations ⋅ Cyber Operations Tracker @online{tracker:2019:admin338:bffdfdd,
author = {Cyber Operations Tracker},
title = {{admin@338}},
date = {2019},
organization = {Council on Foreign Relations},
url = {https://www.cfr.org/interactive/cyber-operations/admin338},
language = {English},
urldate = {2019-12-20}
}
admin@338 Temper Panda |
2019 ⋅ MITRE ⋅ MITRE ATT&CK @online{attck:2019:tool:ae50919,
author = {MITRE ATT&CK},
title = {{Tool description: BUBBLEWRAP}},
date = {2019},
organization = {MITRE},
url = {https://attack.mitre.org/software/S0043/},
language = {English},
urldate = {2019-12-20}
}
Tool description: BUBBLEWRAP BUBBLEWRAP |
2019 ⋅ Virus Bulletin ⋅ Lion Gu, Bowen Pan @techreport{gu:2019:vine:df5dbfb,
author = {Lion Gu and Bowen Pan},
title = {{A vine climbing over the Great Firewall: A long-term attack against China}},
date = {2019},
institution = {Virus Bulletin},
url = {https://www.virusbulletin.com/uploads/pdf/conference_slides/2019/VB2019-GuPan.pdf},
language = {English},
urldate = {2020-01-08}
}
A vine climbing over the Great Firewall: A long-term attack against China Poison Ivy ZXShell |
2018-09-21 ⋅ Qihoo 360 Technology ⋅ Qihoo 360 @online{360:20180921:poison:d1cab92,
author = {Qihoo 360},
title = {{Poison Ivy Group and the Cyberespionage Campaign Against Chinese Military and Goverment}},
date = {2018-09-21},
organization = {Qihoo 360 Technology},
url = {http://blogs.360.cn/post/APT_C_01_en.html},
language = {English},
urldate = {2019-11-29}
}
Poison Ivy Group and the Cyberespionage Campaign Against Chinese Military and Goverment Poison Ivy |
2018-05-15 ⋅ BSides Detroit ⋅ Keven Murphy, Stefano Maccaglia @online{murphy:20180515:ir:ac5b561,
author = {Keven Murphy and Stefano Maccaglia},
title = {{IR in Heterogeneous Environment}},
date = {2018-05-15},
organization = {BSides Detroit},
url = {https://www.slideshare.net/StefanoMaccaglia/bsides-ir-in-heterogeneous-environment},
language = {English},
urldate = {2020-07-20}
}
IR in Heterogeneous Environment Korlia Poison Ivy |
2017-09-15 ⋅ Fortinet ⋅ Xiaopeng Zhang @online{zhang:20170915:deep:5178fe3,
author = {Xiaopeng Zhang},
title = {{Deep Analysis of New Poison Ivy/PlugX Variant - Part II}},
date = {2017-09-15},
organization = {Fortinet},
url = {https://blog.fortinet.com/2017/09/15/deep-analysis-of-new-poison-ivy-plugx-variant-part-ii},
language = {English},
urldate = {2020-01-10}
}
Deep Analysis of New Poison Ivy/PlugX Variant - Part II Poison Ivy |
2017-08-31 ⋅ NCC Group ⋅ Ahmed Zaki @online{zaki:20170831:analysing:4c77e47,
author = {Ahmed Zaki},
title = {{Analysing a recent Poison Ivy sample}},
date = {2017-08-31},
organization = {NCC Group},
url = {https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/august/analysing-a-recent-poison-ivy-sample/},
language = {English},
urldate = {2020-01-10}
}
Analysing a recent Poison Ivy sample Poison Ivy |
2017-08-23 ⋅ Fortinet ⋅ Xiaopeng Zhang @online{zhang:20170823:deep:3d931ad,
author = {Xiaopeng Zhang},
title = {{Deep Analysis of New Poison Ivy Variant}},
date = {2017-08-23},
organization = {Fortinet},
url = {http://blog.fortinet.com/2017/08/23/deep-analysis-of-new-poison-ivy-variant},
language = {English},
urldate = {2020-01-06}
}
Deep Analysis of New Poison Ivy Variant Poison Ivy |
2016-11-22 ⋅ Palo Alto Networks Unit 42 ⋅ Vicky Ray, Robert Falcone, Jen Miller-Osborn, Tom Lancaster @online{ray:20161122:tropic:7f503e7,
author = {Vicky Ray and Robert Falcone and Jen Miller-Osborn and Tom Lancaster},
title = {{Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy}},
date = {2016-11-22},
organization = {Palo Alto Networks Unit 42},
url = {https://researchcenter.paloaltonetworks.com/2016/11/unit42-tropic-trooper-targets-taiwanese-government-and-fossil-fuel-provider-with-poison-ivy/},
language = {English},
urldate = {2019-12-20}
}
Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy Poison Ivy |
2016-04-26 ⋅ Github (CyberMonitor) ⋅ Jason Jones @techreport{jones:20160426:new:78ff145,
author = {Jason Jones},
title = {{New Poison Ivy Activity Targeting Myanmar, Asian Countries}},
date = {2016-04-26},
institution = {Github (CyberMonitor)},
url = {https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/blob/master/2016/2016.04.26.New_Poison_Ivy_Activity_Targeting_Myanmar_Asian_Countries/New%20Poison%20Ivy%20Activity%20Targeting%20Myanmar%2C%20Asian%20Countries.pdf},
language = {English},
urldate = {2019-12-17}
}
New Poison Ivy Activity Targeting Myanmar, Asian Countries Poison Ivy |
2016-04-22 ⋅ Palo Alto Networks Unit 42 ⋅ Micah Yates, Mike Scott, Brandon Levene, Jen Miller-Osborn @online{yates:20160422:new:249e32b,
author = {Micah Yates and Mike Scott and Brandon Levene and Jen Miller-Osborn},
title = {{New Poison Ivy RAT Variant Targets Hong Kong Pro-Democracy Activists}},
date = {2016-04-22},
organization = {Palo Alto Networks Unit 42},
url = {https://researchcenter.paloaltonetworks.com/2016/04/unit42-new-poison-ivy-rat-variant-targets-hong-kong-pro-democracy-activists/},
language = {English},
urldate = {2019-12-20}
}
New Poison Ivy RAT Variant Targets Hong Kong Pro-Democracy Activists Poison Ivy |
2016-03-25 ⋅ Palo Alto Networks Unit 42 ⋅ Robert Falcone, Simon Conant @online{falcone:20160325:projectm:afcff3a,
author = {Robert Falcone and Simon Conant},
title = {{ProjectM: Link Found Between Pakistani Actor and Operation Transparent Tribe}},
date = {2016-03-25},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/unit42-projectm-link-found-between-pakistani-actor-and-operation-transparent-tribe},
language = {English},
urldate = {2020-01-10}
}
ProjectM: Link Found Between Pakistani Actor and Operation Transparent Tribe Bozok Operation C-Major |
2015-12-01 ⋅ FireEye ⋅ FireEye Threat Intelligence @online{intelligence:20151201:chinabased:8836a81,
author = {FireEye Threat Intelligence},
title = {{China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets}},
date = {2015-12-01},
organization = {FireEye},
url = {https://www.fireeye.com/blog/threat-research/2015/11/china-based-threat.html},
language = {English},
urldate = {2019-12-20}
}
China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets BUBBLEWRAP LOWBALL Temper Panda |
2015-02-06 ⋅ CrowdStrike ⋅ CrowdStrike @techreport{crowdstrike:20150206:crowdstrike:fbcc37f,
author = {CrowdStrike},
title = {{CrowdStrike Global Threat Intel Report 2014}},
date = {2015-02-06},
institution = {CrowdStrike},
url = {https://web.archive.org/web/20200509171721/https://raw.githubusercontent.com/fdiskyou/threat-INTel/master/2015/GlobalThreatIntelReport.pdf},
language = {English},
urldate = {2020-05-11}
}
CrowdStrike Global Threat Intel Report 2014 BlackPOS CryptoLocker Derusbi Elise Enfal EvilGrab Gameover P2P HttpBrowser Medusa Mirage Naikon NetTraveler pirpi PlugX Poison Ivy Sakula RAT Sinowal sykipot taidoor |
2014-09-19 ⋅ Palo Alto Networks Unit 42 ⋅ Jen Miller-Osborn, Ryan Olson @online{millerosborn:20140919:recent:edf1ed3,
author = {Jen Miller-Osborn and Ryan Olson},
title = {{Recent Watering Hole Attacks Attributed to APT Group “th3bug” Using Poison Ivy}},
date = {2014-09-19},
organization = {Palo Alto Networks Unit 42},
url = {https://researchcenter.paloaltonetworks.com/2014/09/recent-watering-hole-attacks-attributed-apt-group-th3bug-using-poison-ivy/},
language = {English},
urldate = {2019-12-20}
}
Recent Watering Hole Attacks Attributed to APT Group “th3bug” Using Poison Ivy Poison Ivy |
2014 ⋅ FireEye ⋅ FireEye @techreport{fireeye:2014:operation:2160679,
author = {FireEye},
title = {{Operation Quantum Entanglement}},
date = {2014},
institution = {FireEye},
url = {http://csecybsec.com/download/zlab/20180713_CSE_APT28_X-Agent_Op-Roman%20Holiday-Report_v6_1.pdf},
language = {English},
urldate = {2021-04-29}
}
Operation Quantum Entanglement IsSpace NewCT Poison Ivy SysGet |
2013-10-31 ⋅ FireEye ⋅ Thoufique Haq, Ned Moran @online{haq:20131031:know:e772ee9,
author = {Thoufique Haq and Ned Moran},
title = {{Know Your Enemy: Tracking A Rapidly Evolving APT Actor}},
date = {2013-10-31},
organization = {FireEye},
url = {https://www.fireeye.com/blog/threat-research/2013/10/know-your-enemy-tracking-a-rapidly-evolving-apt-actor.html},
language = {English},
urldate = {2019-12-20}
}
Know Your Enemy: Tracking A Rapidly Evolving APT Actor Bozok Poison Ivy Temper Panda |
2013-08-23 ⋅ FireEye ⋅ Nart Villeneuve, Thoufique Haq, Ned Moran @online{villeneuve:20130823:operation:dc4b5d6,
author = {Nart Villeneuve and Thoufique Haq and Ned Moran},
title = {{Operation Molerats: Middle East Cyber Attacks Using Poison Ivy}},
date = {2013-08-23},
organization = {FireEye},
url = {https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-east-cyber-attacks-using-poison-ivy.html},
language = {English},
urldate = {2019-12-20}
}
Operation Molerats: Middle East Cyber Attacks Using Poison Ivy Poison Ivy Molerats |
2011 ⋅ Symantec ⋅ Erica Eng, Gavin O'Gorman @techreport{eng:2011:nitro:656e464,
author = {Erica Eng and Gavin O'Gorman},
title = {{The Nitro Attacks: Stealing Secrets from the Chemical Industry}},
date = {2011},
institution = {Symantec},
url = {https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2011/the_nitro_attacks.pdf},
language = {English},
urldate = {2020-04-21}
}
The Nitro Attacks: Stealing Secrets from the Chemical Industry Poison Ivy Nitro |
2010 ⋅ Mandiant ⋅ Ero Carrera, Peter Silberman @techreport{carrera:2010:state:687e608,
author = {Ero Carrera and Peter Silberman},
title = {{State of Malware: Family Ties}},
date = {2010},
institution = {Mandiant},
url = {https://web.archive.org/web/20160616170611/https://media.blackhat.com/bh-eu-10/presentations/Carrera_Silberman/BlackHat-EU-2010-Carrera-Silberman-State-of-Malware-slides.pdf},
language = {English},
urldate = {2022-01-28}
}
State of Malware: Family Ties Bredolab Conficker Cutwail KoobFace Oderoor Poison Ivy Rustock Sinowal Szribi Zeus |