Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-07-20QianxinRed Raindrops Team
@online{team:20220720:sidewinder:8d70604, author = {Red Raindrops Team}, title = {{The Sidewinder (APT-Q-39) uses Google Play to spread an analysis of malicious Android software}}, date = {2022-07-20}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/analysis-of-malware-android-software-spread-by-sidewinder-using-google-play/}, language = {Chinese}, urldate = {2022-08-02} } The Sidewinder (APT-Q-39) uses Google Play to spread an analysis of malicious Android software
SideWinder
2022-06-08Qianxin Threat Intelligence CenterRed Raindrop Team
@online{team:20220608:operation:3fe580d, author = {Red Raindrop Team}, title = {{Operation Tejas: A dying elephant curled up in the Kunlun Mountains}}, date = {2022-06-08}, organization = {Qianxin Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/8j_rHA7gdMxY1_X8alj8Zg}, language = {English}, urldate = {2022-06-09} } Operation Tejas: A dying elephant curled up in the Kunlun Mountains
HAZY TIGER RAZOR TIGER
2022-06-01Qianxin Threat Intelligence CenterRed Raindrop Team
@online{team:20220601:analysis:03a76ad, author = {Red Raindrop Team}, title = {{Analysis of the attack activities of the Maha grass group using the documents of relevant government agencies in Pakistan as bait}}, date = {2022-06-01}, organization = {Qianxin Threat Intelligence Center}, url = {https://ti.qianxin.com/blog/articles/analysis-of-the-attack-activities-of-patchwork-using-the-documents-of-relevant-government-agencies-in-pakistan-as-bait}, language = {English}, urldate = {2022-07-05} } Analysis of the attack activities of the Maha grass group using the documents of relevant government agencies in Pakistan as bait
BadNews QUILTED TIGER
2022-05-09Qianxin Threat Intelligence CenterRed Raindrops Team
@online{team:20220509:operation:5c9c0d7, author = {Red Raindrops Team}, title = {{Operation EviLoong: An electronic party of "borderless" hackers}}, date = {2022-05-09}, organization = {Qianxin Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/K1uBLGqD8kgsIp1yTyYBfw}, language = {Chinese}, urldate = {2022-05-17} } Operation EviLoong: An electronic party of "borderless" hackers
ZXShell
2022-04-11Qianxin Threat Intelligence CenterRed Raindrop Team
@online{team:20220411:snow:b930f42, author = {Red Raindrop Team}, title = {{Snow Abuse: Analysis of the Suspected Lazarus Attack Activities against South Korean Companies}}, date = {2022-04-11}, organization = {Qianxin Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/kcIaoB8Yta1zI6Py-uxupA}, language = {Chinese}, urldate = {2022-05-04} } Snow Abuse: Analysis of the Suspected Lazarus Attack Activities against South Korean Companies
2022-03-23QianxinRed Raindrop Team
@online{team:20220323:analysis:225d95b, author = {Red Raindrop Team}, title = {{Analysis of Attack Activity of PROMETHIUM Disguised}}, date = {2022-03-23}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/promethium-attack-activity-analysis-disguised-as-Winrar.exe/}, language = {Chines}, urldate = {2022-03-25} } Analysis of Attack Activity of PROMETHIUM Disguised
StrongPity
2022-03-14QianxinRed Raindrop Team
@online{team:20220314:analysis:9a058f9, author = {Red Raindrop Team}, title = {{Analysis Of Attack Activities Of Suspected APT Organization UNC1151 Against Ukraine And Other Countries}}, date = {2022-03-14}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/Analysis-of-attack-activities-of-suspected-aptorganization-unc1151-against-ukraine-and-other-countries/}, language = {Chinese}, urldate = {2022-03-15} } Analysis Of Attack Activities Of Suspected APT Organization UNC1151 Against Ukraine And Other Countries
MicroBackdoor
2022-01-20QianxinRed Raindrop Team
@online{team:20220120:false:ef8ab19, author = {Red Raindrop Team}, title = {{False flags or upgrades? Suspected OceanLotus uses the Glitch platform to reproduce the attack sample}}, date = {2022-01-20}, organization = {Qianxin}, url = {https://mp.weixin.qq.com/s/1L7o1C-aGlMBAXzHqR9udA}, language = {Chinese}, urldate = {2022-01-25} } False flags or upgrades? Suspected OceanLotus uses the Glitch platform to reproduce the attack sample
2022-01-18QianxinRed Raindrop Team
@online{team:20220118:sidecopy:862ebbd, author = {Red Raindrop Team}, title = {{SideCopy Arsenal Update: Golang-based Linux stealth tools surface}}, date = {2022-01-18}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/SideCopy's-Golang-based-Linux-tool/}, language = {Chinese}, urldate = {2022-01-25} } SideCopy Arsenal Update: Golang-based Linux stealth tools surface
Unidentified 005 (Sidecopy)
2021-12-20QianxinRed Raindrop Team
@online{team:20211220:indias:645da44, author = {Red Raindrop Team}, title = {{India's Chief of Defence Staff Crashes: SideCopy APT takes advantage of the fire}}, date = {2021-12-20}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/SideCopy-APT-Group-Takes-Advantage-of-the-Fire/}, language = {English}, urldate = {2022-01-25} } India's Chief of Defence Staff Crashes: SideCopy APT takes advantage of the fire
2021-12-20QianxinRed Raindrop Team
@online{team:20211220:first:ccac693, author = {Red Raindrop Team}, title = {{First time using a dual platform attack weapon? Analysis of the suspected SideCopy organization's attack activities against India}}, date = {2021-12-20}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/Sidecopy-dual-platform-weapon/}, language = {Chinese}, urldate = {2022-01-25} } First time using a dual platform attack weapon? Analysis of the suspected SideCopy organization's attack activities against India
2021-11-30QianxinRed Raindrop Team
@online{team:20211130:cyberspaces:e8efd82, author = {Red Raindrop Team}, title = {{Cyberspace's Magic Eye: PROMETHIUM Fakes attack activity analysis of NotePads and installation packages}}, date = {2021-11-30}, organization = {Qianxin}, url = {https://mp.weixin.qq.com/s/nQVUkIwkiQTj2pLaNYHeOA}, language = {Chinese}, urldate = {2021-12-07} } Cyberspace's Magic Eye: PROMETHIUM Fakes attack activity analysis of NotePads and installation packages
StrongPity
2021-11-11QianxinRed Raindrop Team
@online{team:20211111:sidecopy:ef53637, author = {Red Raindrop Team}, title = {{SideCopy organization's recent attack incident analysis using China-India current affairs news}}, date = {2021-11-11}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/October-Operation-SideCopy}, language = {Chinese}, urldate = {2022-01-25} } SideCopy organization's recent attack incident analysis using China-India current affairs news
2021-09-07QianxinRed Raindrop Team
@online{team:20210907:analysis:5fa5dff, author = {Red Raindrop Team}, title = {{Analysis of recent attacks by the Lazarus APT organization on the blockchain finance and energy industries}}, date = {2021-09-07}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/Lazarus'-Recent-Attack-Campaign-Targeting-Blockchain-Finance-and-Energy-Sectors/}, language = {Chinese}, urldate = {2021-10-11} } Analysis of recent attacks by the Lazarus APT organization on the blockchain finance and energy industries
2021-08-31QianxinRed Raindrop Team
@online{team:20210831:analysis:bed3f48, author = {Red Raindrop Team}, title = {{Analysis of suspected Russian-speaking attackers using COVID-19 vaccine bait to attack the Middle East}}, date = {2021-08-31}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/Suspected-Russian-speaking-attackers-use-COVID19-vaccine-decoys-against-Middle-East/}, language = {Chinese}, urldate = {2021-09-09} } Analysis of suspected Russian-speaking attackers using COVID-19 vaccine bait to attack the Middle East
GRUNT
2021-08-30QianxinRed Raindrop Team
@online{team:20210830:operation:7b5be26, author = {Red Raindrop Team}, title = {{Operation (Thủy Tinh) OceanStorm: The evil lotus hidden under the abyss}}, date = {2021-08-30}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/Operation-OceanStorm:The-OceanLotus-hidden-under-the-abyss-of-the-deep/}, language = {Chinese}, urldate = {2021-09-09} } Operation (Thủy Tinh) OceanStorm: The evil lotus hidden under the abyss
Cobalt Strike MimiKatz
2021-05-11QianxinRed Raindrop Team
@online{team:20210511:analysis:d95ef63, author = {Red Raindrop Team}, title = {{Analysis of a series of attacks by the suspected Lazarus organization using Daewoo Shipyard as relevant bait}}, date = {2021-05-11}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/Analysis-of-attacks-by-Lazarus-using-Daewoo-shipyard-as-bait/}, language = {Chinese}, urldate = {2021-06-25} } Analysis of a series of attacks by the suspected Lazarus organization using Daewoo Shipyard as relevant bait
BISTROMATH
2021-05-11QianxinQi'anxin Threat Intelligence
@online{intelligence:20210511:analysis:dd512ff, author = {Qi'anxin Threat Intelligence}, title = {{Analysis of a series of attacks by the suspected Lazarus organization using Daewoo Shipyard as relevant bait}}, date = {2021-05-11}, organization = {Qianxin}, url = {https://www.freebuf.com/articles/paper/272517.html}, language = {English}, urldate = {2021-05-13} } Analysis of a series of attacks by the suspected Lazarus organization using Daewoo Shipyard as relevant bait
2020-12-23QianxinQi AnXin CERT
@online{cert:20201223:solarwindsapt:a237c40, author = {Qi AnXin CERT}, title = {{从Solarwinds供应链攻击(金链熊)看APT行动中的隐蔽作战}}, date = {2020-12-23}, organization = {Qianxin}, url = {https://mp.weixin.qq.com/s/UqXC1vovKUu97569LkYm2Q}, language = {Chinese}, urldate = {2020-12-23} } 从Solarwinds供应链攻击(金链熊)看APT行动中的隐蔽作战
SUNBURST
2020-12-16QianxinRed Raindrop Team
@online{team:20201216:solarwinds:0871f46, author = {Red Raindrop Team}, title = {{中招目标首次披露:SolarWinds供应链攻击相关域名生成算法可破解!}}, date = {2020-12-16}, organization = {Qianxin}, url = {https://mp.weixin.qq.com/s/v-ekPFtVNZG1W7vWjcuVug}, language = {Chinese}, urldate = {2020-12-17} } 中招目标首次披露:SolarWinds供应链攻击相关域名生成算法可破解!
SUNBURST