Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-08-31QianxinRed Raindrop Team
@online{team:20210831:analysis:bed3f48, author = {Red Raindrop Team}, title = {{Analysis of suspected Russian-speaking attackers using COVID-19 vaccine bait to attack the Middle East}}, date = {2021-08-31}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/Suspected-Russian-speaking-attackers-use-COVID19-vaccine-decoys-against-Middle-East/}, language = {Chinese}, urldate = {2021-09-09} } Analysis of suspected Russian-speaking attackers using COVID-19 vaccine bait to attack the Middle East
GRUNT
2021-08-30QianxinRed Raindrop Team
@online{team:20210830:operation:7b5be26, author = {Red Raindrop Team}, title = {{Operation (Thủy Tinh) OceanStorm: The evil lotus hidden under the abyss}}, date = {2021-08-30}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/Operation-OceanStorm:The-OceanLotus-hidden-under-the-abyss-of-the-deep/}, language = {Chinese}, urldate = {2021-09-09} } Operation (Thủy Tinh) OceanStorm: The evil lotus hidden under the abyss
Cobalt Strike MimiKatz
2021-05-11QianxinRed Raindrop Team
@online{team:20210511:analysis:d95ef63, author = {Red Raindrop Team}, title = {{Analysis of a series of attacks by the suspected Lazarus organization using Daewoo Shipyard as relevant bait}}, date = {2021-05-11}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/Analysis-of-attacks-by-Lazarus-using-Daewoo-shipyard-as-bait/}, language = {Chinese}, urldate = {2023-09-22} } Analysis of a series of attacks by the suspected Lazarus organization using Daewoo Shipyard as relevant bait
BISTROMATH TigerLite
2021-05-11QianxinQi'anxin Threat Intelligence
@online{intelligence:20210511:analysis:dd512ff, author = {Qi'anxin Threat Intelligence}, title = {{Analysis of a series of attacks by the suspected Lazarus organization using Daewoo Shipyard as relevant bait}}, date = {2021-05-11}, organization = {Qianxin}, url = {https://www.freebuf.com/articles/paper/272517.html}, language = {English}, urldate = {2021-05-13} } Analysis of a series of attacks by the suspected Lazarus organization using Daewoo Shipyard as relevant bait
2020-12-23QianxinQi AnXin CERT
@online{cert:20201223:solarwindsapt:a237c40, author = {Qi AnXin CERT}, title = {{从Solarwinds供应链攻击(金链熊)看APT行动中的隐蔽作战}}, date = {2020-12-23}, organization = {Qianxin}, url = {https://mp.weixin.qq.com/s/UqXC1vovKUu97569LkYm2Q}, language = {Chinese}, urldate = {2020-12-23} } 从Solarwinds供应链攻击(金链熊)看APT行动中的隐蔽作战
SUNBURST
2020-12-16QianxinRed Raindrop Team
@online{team:20201216:solarwinds:0871f46, author = {Red Raindrop Team}, title = {{中招目标首次披露:SolarWinds供应链攻击相关域名生成算法可破解!}}, date = {2020-12-16}, organization = {Qianxin}, url = {https://mp.weixin.qq.com/s/v-ekPFtVNZG1W7vWjcuVug}, language = {Chinese}, urldate = {2020-12-17} } 中招目标首次披露:SolarWinds供应链攻击相关域名生成算法可破解!
SUNBURST
2020-12-10QianxinRed Raindrop Team
@online{team:20201210:model:eec2704, author = {Red Raindrop Team}, title = {{APT model worker: A summary of the activities of the Eastern European hacker group using spear phishing emails to attack Ukraine}}, date = {2020-12-10}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/Hackers-in-Eastern-Europe-Use-Harpoon-Mail-to-Target-Activities-in-Ukraine/}, language = {Chinese}, urldate = {2020-12-14} } APT model worker: A summary of the activities of the Eastern European hacker group using spear phishing emails to attack Ukraine
2020-12-07QianxinRed Raindrop Team
@online{team:20201207:blocking:11414ce, author = {Red Raindrop Team}, title = {{Blocking APT: Qi'anxin QOWL engine defeats BITTER's targeted attacks on domestic government and enterprises}}, date = {2020-12-07}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/Blocking-APT:-Qianxin's-QOWL-Engine-Defeats-Bitter's-Targeted-Attack-on-Domestic-Government-and-Enterprises/}, language = {Chinese}, urldate = {2020-12-11} } Blocking APT: Qi'anxin QOWL engine defeats BITTER's targeted attacks on domestic government and enterprises
2020-12-07QianxinRed Raindrop Team
@online{team:20201207:analysis:30935b5, author = {Red Raindrop Team}, title = {{Analysis of the suspected two-tailed scorpion APT organization using CIA-funded information about Hamas as bait}}, date = {2020-12-07}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/analysis-of-APT-C-23-CIA-funding-for-Hamas-information-as-bait/}, language = {Chinese}, urldate = {2020-12-11} } Analysis of the suspected two-tailed scorpion APT organization using CIA-funded information about Hamas as bait
2020-12-01QianxinQi Anxin Threat Intelligence Center
@online{center:20201201:blade:1b3519c, author = {Qi Anxin Threat Intelligence Center}, title = {{Blade Eagle Group - Targeted attack group activities circling the Middle East and West Asia's cyberspace revealed}}, date = {2020-12-01}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/Blade-hawk-The-activities-of-targeted-the-Middle-East-and-West-Asia-are-exposed/}, language = {English}, urldate = {2022-04-15} } Blade Eagle Group - Targeted attack group activities circling the Middle East and West Asia's cyberspace revealed
SpyNote BladeHawk
2020-10-30QianxinThreat Intelligence Center
@online{center:20201030:donot:5f3e428, author = {Threat Intelligence Center}, title = {{攻击武器再升级:Donot组织利用伪造签名样本的攻击活动分析}}, date = {2020-10-30}, organization = {Qianxin}, url = {https://mp.weixin.qq.com/s/3Pa3hiuZyQBspDzH0kGSHw}, language = {Chinese}, urldate = {2020-11-02} } 攻击武器再升级:Donot组织利用伪造签名样本的攻击活动分析
2020-10-26QianxinThreat Intelligence Center
@online{center:20201026:analysis:81bfa52, author = {Threat Intelligence Center}, title = {{Analysis of the attack activities of the Rattlesnake organization using the Buffy bilateral agreement as bait}}, date = {2020-10-26}, organization = {Qianxin}, url = {https://www.secrss.com/articles/26507}, language = {Chinese}, urldate = {2020-10-27} } Analysis of the attack activities of the Rattlesnake organization using the Buffy bilateral agreement as bait
SideWinder
2020-10-13QianxinRedDrip Team
@techreport{team:20201013::30e32cd, author = {RedDrip Team}, title = {{血茜草:永不停歇的华语情报搜集活动}}, date = {2020-10-13}, institution = {Qianxin}, url = {https://ti.qianxin.com/uploads/2020/10/13/b837df2b51f6b69f3d002b087537486f.pdf}, language = {Chinese}, urldate = {2020-10-23} } 血茜草:永不停歇的华语情报搜集活动
2020-09-21QianxinRedDrip Team
@techreport{team:20200921:operation:730163c, author = {RedDrip Team}, title = {{Operation Tibo: A retaliatory targeted attack from the South Asian APT organization "Mo Luo Suo"}}, date = {2020-09-21}, institution = {Qianxin}, url = {https://ti.qianxin.com/uploads/2020/09/17/69da886eecc7087e9dac2d3ea4c66ba8.pdf}, language = {Chinese}, urldate = {2021-03-12} } Operation Tibo: A retaliatory targeted attack from the South Asian APT organization "Mo Luo Suo"
AsyncRAT Darktrack RAT
2020-09-16QianxinRed Raindrop Team
@online{team:20200916:target:a21c14d, author = {Red Raindrop Team}, title = {{Target defense industry: Lazarus uses recruitment bait combined with continuously updated cyber weapons}}, date = {2020-09-16}, organization = {Qianxin}, url = {https://mp.weixin.qq.com/s/2sV-DrleHiJMSpSCW0kAMg}, language = {English}, urldate = {2021-01-27} } Target defense industry: Lazarus uses recruitment bait combined with continuously updated cyber weapons
CRAT
2020-08-25QianxinQi'anxin Threat Intelligence
@online{intelligence:20200825:apt:0ad132f, author = {Qi'anxin Threat Intelligence}, title = {{南亚APT组织“透明部落”在移动端上与对手的较量}}, date = {2020-08-25}, organization = {Qianxin}, url = {https://www.secrss.com/articles/24995}, language = {Chinese}, urldate = {2020-08-25} } 南亚APT组织“透明部落”在移动端上与对手的较量
AhMyth Crimson RAT Oblique RAT
2020-06-30QianxinRedDrip Team
@online{team:20200630:donot:f611c31, author = {RedDrip Team}, title = {{Donot APT团伙使用升级版数字武器针对周边地区的攻击活动分析}}, date = {2020-06-30}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/analysis-of-donot-apt-group-attacks-on-surrounding-areas/}, language = {Chinese}, urldate = {2020-07-02} } Donot APT团伙使用升级版数字武器针对周边地区的攻击活动分析
2020-06-29QianxinRedDrip Team
@techreport{team:20200629:global:6fa9d6e, author = {RedDrip Team}, title = {{Global Advanced Persistent Threats (APT) Mid-2020 Report}}, date = {2020-06-29}, institution = {Qianxin}, url = {https://ti.qianxin.com/uploads/2020/06/29/e4663b4f11f01e5ec8a1a5d91a71dc72.pdf}, language = {English}, urldate = {2020-06-30} } Global Advanced Persistent Threats (APT) Mid-2020 Report
2020-05-28QianxinThreat Intelligence Center
@online{center:20200528:analysis:5b197d4, author = {Threat Intelligence Center}, title = {{Analysis of recent rattlesnake APT attacks against surrounding countries and regions}}, date = {2020-05-28}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/the-recent-rattlesnake-apt-organized-attacks-on-neighboring-countries-and-regions/}, language = {Chinese}, urldate = {2020-10-27} } Analysis of recent rattlesnake APT attacks against surrounding countries and regions
SideWinder
2020-04-30QianxinRed Raindrop Team
@online{team:20200430:lazarus:4a450b4, author = {Red Raindrop Team}, title = {{Lazarus APT organization uses information such as recruitment of a Western aviation giant to analyze targeted attack incidents in specific countries}}, date = {2020-04-30}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/analysis-of-lazarus-apt-oriented-attack-event/}, language = {English}, urldate = {2020-05-07} } Lazarus APT organization uses information such as recruitment of a Western aviation giant to analyze targeted attack incidents in specific countries