| SYMBOL | COMMON_NAME | aka. SYNONYMS |
| 2021-07-08 ⋅ PTSecurity ⋅ How winnti APT grouping works Korlia ShadowPad Winnti |
| 2021-07-08 ⋅ YouTube (PT Product Update) ⋅ How winnti APT grouping works Korlia ShadowPad Winnti |
| 2021-02-28 ⋅ PWC UK ⋅ Cyber Threats 2020: A Year in Retrospect elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare |
| 2021-02-05 ⋅ Twitter (@8th_grey_owl) ⋅ Tweet on CALMTHORN, used by Tonto Team CALMTHORN |
| 2021-01-13 ⋅ AlienVault ⋅ A Global Perspective of the SideWinder APT 8.t Dropper Koadic SideWinder |
| 2021-01-04 ⋅ nao_sec blog ⋅ Royal Road! Re:Dive 8.t Dropper Chinoxy FlowCloud FunnyDream Lookback |
| 2020-10-03 ⋅ Trend Micro ⋅ Earth Akhlut: Exploring the Tools, Tactics, and Procedures of an Advanced Threat Actor Operating a Large Infrastructure Dexbia TypeHash |
| 2020-09-16 ⋅ RiskIQ ⋅ RiskIQ: Adventures in Cookie Land - Part 2 8.t Dropper Chinoxy Poison Ivy |
| 2020-09-08 ⋅ PTSecurity ⋅ ShadowPad: new activity from the Winnti group CCleaner Backdoor Korlia ShadowPad TypeHash |
| 2020-08-19 ⋅ RiskIQ ⋅ RiskIQ Adventures in Cookie Land - Part 1 8.t Dropper Chinoxy |
| 2020-08-13 ⋅ Kaspersky Labs ⋅ CactusPete APT group’s updated Bisonal backdoor Korlia Tonto Team |
| 2020-06-03 ⋅ Kaspersky Labs ⋅ Cycldek: Bridging the (air) gap 8.t Dropper NewCore RAT PlugX USBCulprit Hellsing |
| 2020-05-14 ⋅ Avast Decoded ⋅ APT Group Planted Backdoors Targeting High Profile Networks in Central Asia BYEBY Microcin Microcin |
| 2020-05-14 ⋅ ESET Research ⋅ Mikroceen: Spying backdoor leveraged in high‑profile networks in Central Asia BYEBY Microcin Microcin |
| 2020-03-21 ⋅ MalwareLab.pl ⋅ On the Royal Road 8.t Dropper |
| 2020-03-20 ⋅ Medium Sebdraven ⋅ New version of chinoxy backdoor using COVID19 alerts document lure 8.t Dropper Chinoxy |
| 2020-03-12 ⋅ Check Point ⋅ Vicious Panda: The COVID Campaign 8.t Dropper BYEBY Enfal Korlia Poison Ivy |
| 2020-03-11 ⋅ Virus Bulletin ⋅ Attribution is in the object: using RTF object dimensions to track APT phishing weaponizers 8.t Dropper |
| 2020-03-05 ⋅ AhnLab ⋅ 신천지 비상연락처 위장한 Bisonal 악성코드 유포 중 Korlia |
| 2020-03-05 ⋅ Cisco Talos ⋅ Bisonal: 10 years of play Korlia |
| 2020-03-04 ⋅ CrowdStrike ⋅ 2020 CrowdStrike Global Threat Report MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelDridex DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot vidar Winnti ANTHROPOID SPIDER APT31 APT39 BlackTech BuhTrap Charming Kitten CLOCKWORK SPIDER DOPPEL SPIDER FIN7 Gamaredon Group Leviathan MONTY SPIDER Mustang Panda NARWHAL SPIDER NOCTURNAL SPIDER PINCHY SPIDER Pirate Panda SALTY SPIDER SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER |
| 2020-01-29 ⋅ nao_sec blog ⋅ An Overhead View of the Royal Road BLACKCOFFEE Cotx RAT Datper DDKONG Derusbi Icefog Korlia NewCore RAT PLAINTEE Poison Ivy Sisfader |
| 2020-01-17 ⋅ NTT Security ⋅ Operation Bitter Biscuit Korlia |
| 2020 ⋅ Secureworks ⋅ BRONZE HUNTLEY Korlia |
| 2019-10-31 ⋅ PTSecurity ⋅ Calypso APT: new group attacking state institutions BYEBY FlyingDutchman Hussar PlugX |
| 2019-09-22 ⋅ Check Point Research ⋅ Rancor: The Year of The Phish 8.t Dropper Cobalt Strike |
| 2019-07-23 ⋅ Proofpoint ⋅ Chinese APT “Operation LagTime IT” Targets Government Information Technology Agencies in Eastern Asia 8.t Dropper Cotx RAT Poison Ivy TA428 |
| 2019-05-09 ⋅ Youtube (FireEye Korea) ⋅ Over the Horizon: Innovating to confront evolving cyber threats CALMTHORN |
| 2019-04-25 ⋅ DATANET ⋅ Chinese-based hackers attack domestic energy institutions CALMTHORN Ghost RAT |
| 2019-03-22 ⋅ AhnLab ⋅ ASEC REPORT VOL.93 Q4 2018 Korlia |
| 2019-01-03 ⋅ Another malicious document with CVE-2017–11882 8.t Dropper |
| 2018-11-03 ⋅ Là 1937CN hay OceanLotus hay Lazarus … 8.t Dropper |
| 2018-07-31 ⋅ Medium Sebdraven ⋅ Malicious document targets Vietnamese officials 8.t Dropper |
| 2018-07-31 ⋅ Palo Alto Networks Unit 42 ⋅ Bisonal Malware Used in Attacks Against Russia and South Korea Korlia |
| 2018-05-15 ⋅ BSides Detroit ⋅ IR in Heterogeneous Environment Korlia Poison Ivy |
| 2017-09-28 ⋅ Palo Alto Networks Unit 42 ⋅ Threat Actors Target Government of Belarus Using CMSTAR Trojan BYEBY CMSTAR |
| 2017-04-21 ⋅ The Wall Street Journal ⋅ China Hacked South Korea Over Missile Defense, U.S. Firm Says Tonto Team |
| 2017-04-21 ⋅ The Wall Street Journal ⋅ China Hacked South Korea Over Missile Defense, U.S. Firm Says Tonto Team |
| 2017-04-21 ⋅ Ars Technica ⋅ Researchers claim China trying to hack South Korea missile defense efforts Tonto Team |
| 2014-11-25 ⋅ Adventures in Security ⋅ Curious Korlia Korlia |
| 2014-02-24 ⋅ RSA Conference ⋅ The Art of Attribution Identifying and Pursuing your Cyber Adversaries ANDROMEDA SPIDER DEXTOROUS SPIDER Shell Crew Silent Chollima SINGING SPIDER Tonto Team Toxic Panda UNION SPIDER |
| 2013 ⋅ FireEye ⋅ APTs By The Dozen: Dissecting Advanced Attacks Korlia |