Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-06-08Qianxin Threat Intelligence CenterRed Raindrop Team
@online{team:20220608:operation:3fe580d, author = {Red Raindrop Team}, title = {{Operation Tejas: A dying elephant curled up in the Kunlun Mountains}}, date = {2022-06-08}, organization = {Qianxin Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/8j_rHA7gdMxY1_X8alj8Zg}, language = {English}, urldate = {2022-06-09} } Operation Tejas: A dying elephant curled up in the Kunlun Mountains
HAZY TIGER RAZOR TIGER
2022-04-11Qianxin Threat Intelligence CenterRed Raindrop Team
@online{team:20220411:snow:b930f42, author = {Red Raindrop Team}, title = {{Snow Abuse: Analysis of the Suspected Lazarus Attack Activities against South Korean Companies}}, date = {2022-04-11}, organization = {Qianxin Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/kcIaoB8Yta1zI6Py-uxupA}, language = {Chinese}, urldate = {2022-05-04} } Snow Abuse: Analysis of the Suspected Lazarus Attack Activities against South Korean Companies
2022-03-23QianxinRed Raindrop Team
@online{team:20220323:analysis:225d95b, author = {Red Raindrop Team}, title = {{Analysis of Attack Activity of PROMETHIUM Disguised}}, date = {2022-03-23}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/promethium-attack-activity-analysis-disguised-as-Winrar.exe/}, language = {Chines}, urldate = {2022-03-25} } Analysis of Attack Activity of PROMETHIUM Disguised
StrongPity
2022-03-14QianxinRed Raindrop Team
@online{team:20220314:analysis:9a058f9, author = {Red Raindrop Team}, title = {{Analysis Of Attack Activities Of Suspected APT Organization UNC1151 Against Ukraine And Other Countries}}, date = {2022-03-14}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/Analysis-of-attack-activities-of-suspected-aptorganization-unc1151-against-ukraine-and-other-countries/}, language = {Chinese}, urldate = {2022-03-15} } Analysis Of Attack Activities Of Suspected APT Organization UNC1151 Against Ukraine And Other Countries
MicroBackdoor
2022-01-20QianxinRed Raindrop Team
@online{team:20220120:false:ef8ab19, author = {Red Raindrop Team}, title = {{False flags or upgrades? Suspected OceanLotus uses the Glitch platform to reproduce the attack sample}}, date = {2022-01-20}, organization = {Qianxin}, url = {https://mp.weixin.qq.com/s/1L7o1C-aGlMBAXzHqR9udA}, language = {Chinese}, urldate = {2022-01-25} } False flags or upgrades? Suspected OceanLotus uses the Glitch platform to reproduce the attack sample
2022-01-18QianxinRed Raindrop Team
@online{team:20220118:sidecopy:862ebbd, author = {Red Raindrop Team}, title = {{SideCopy Arsenal Update: Golang-based Linux stealth tools surface}}, date = {2022-01-18}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/SideCopy's-Golang-based-Linux-tool/}, language = {Chinese}, urldate = {2022-01-25} } SideCopy Arsenal Update: Golang-based Linux stealth tools surface
Unidentified 005 (Sidecopy)
2021-12-20QianxinRed Raindrop Team
@online{team:20211220:first:ccac693, author = {Red Raindrop Team}, title = {{First time using a dual platform attack weapon? Analysis of the suspected SideCopy organization's attack activities against India}}, date = {2021-12-20}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/Sidecopy-dual-platform-weapon/}, language = {Chinese}, urldate = {2022-01-25} } First time using a dual platform attack weapon? Analysis of the suspected SideCopy organization's attack activities against India
2021-12-20QianxinRed Raindrop Team
@online{team:20211220:indias:645da44, author = {Red Raindrop Team}, title = {{India's Chief of Defence Staff Crashes: SideCopy APT takes advantage of the fire}}, date = {2021-12-20}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/SideCopy-APT-Group-Takes-Advantage-of-the-Fire/}, language = {English}, urldate = {2022-01-25} } India's Chief of Defence Staff Crashes: SideCopy APT takes advantage of the fire
2021-11-30QianxinRed Raindrop Team
@online{team:20211130:cyberspaces:e8efd82, author = {Red Raindrop Team}, title = {{Cyberspace's Magic Eye: PROMETHIUM Fakes attack activity analysis of NotePads and installation packages}}, date = {2021-11-30}, organization = {Qianxin}, url = {https://mp.weixin.qq.com/s/nQVUkIwkiQTj2pLaNYHeOA}, language = {Chinese}, urldate = {2021-12-07} } Cyberspace's Magic Eye: PROMETHIUM Fakes attack activity analysis of NotePads and installation packages
StrongPity
2021-11-11QianxinRed Raindrop Team
@online{team:20211111:sidecopy:ef53637, author = {Red Raindrop Team}, title = {{SideCopy organization's recent attack incident analysis using China-India current affairs news}}, date = {2021-11-11}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/October-Operation-SideCopy}, language = {Chinese}, urldate = {2022-01-25} } SideCopy organization's recent attack incident analysis using China-India current affairs news
2021-09-07QianxinRed Raindrop Team
@online{team:20210907:analysis:5fa5dff, author = {Red Raindrop Team}, title = {{Analysis of recent attacks by the Lazarus APT organization on the blockchain finance and energy industries}}, date = {2021-09-07}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/Lazarus'-Recent-Attack-Campaign-Targeting-Blockchain-Finance-and-Energy-Sectors/}, language = {Chinese}, urldate = {2021-10-11} } Analysis of recent attacks by the Lazarus APT organization on the blockchain finance and energy industries
2021-08-31QianxinRed Raindrop Team
@online{team:20210831:analysis:bed3f48, author = {Red Raindrop Team}, title = {{Analysis of suspected Russian-speaking attackers using COVID-19 vaccine bait to attack the Middle East}}, date = {2021-08-31}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/Suspected-Russian-speaking-attackers-use-COVID19-vaccine-decoys-against-Middle-East/}, language = {Chinese}, urldate = {2021-09-09} } Analysis of suspected Russian-speaking attackers using COVID-19 vaccine bait to attack the Middle East
GRUNT
2021-08-30QianxinRed Raindrop Team
@online{team:20210830:operation:7b5be26, author = {Red Raindrop Team}, title = {{Operation (Thủy Tinh) OceanStorm: The evil lotus hidden under the abyss}}, date = {2021-08-30}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/Operation-OceanStorm:The-OceanLotus-hidden-under-the-abyss-of-the-deep/}, language = {Chinese}, urldate = {2021-09-09} } Operation (Thủy Tinh) OceanStorm: The evil lotus hidden under the abyss
Cobalt Strike MimiKatz
2021-05-11QianxinRed Raindrop Team
@online{team:20210511:analysis:d95ef63, author = {Red Raindrop Team}, title = {{Analysis of a series of attacks by the suspected Lazarus organization using Daewoo Shipyard as relevant bait}}, date = {2021-05-11}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/Analysis-of-attacks-by-Lazarus-using-Daewoo-shipyard-as-bait/}, language = {Chinese}, urldate = {2021-06-25} } Analysis of a series of attacks by the suspected Lazarus organization using Daewoo Shipyard as relevant bait
BISTROMATH
2020-12-16QianxinRed Raindrop Team
@online{team:20201216:solarwinds:0871f46, author = {Red Raindrop Team}, title = {{中招目标首次披露:SolarWinds供应链攻击相关域名生成算法可破解!}}, date = {2020-12-16}, organization = {Qianxin}, url = {https://mp.weixin.qq.com/s/v-ekPFtVNZG1W7vWjcuVug}, language = {Chinese}, urldate = {2020-12-17} } 中招目标首次披露:SolarWinds供应链攻击相关域名生成算法可破解!
SUNBURST
2020-12-10QianxinRed Raindrop Team
@online{team:20201210:model:eec2704, author = {Red Raindrop Team}, title = {{APT model worker: A summary of the activities of the Eastern European hacker group using spear phishing emails to attack Ukraine}}, date = {2020-12-10}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/Hackers-in-Eastern-Europe-Use-Harpoon-Mail-to-Target-Activities-in-Ukraine/}, language = {Chinese}, urldate = {2020-12-14} } APT model worker: A summary of the activities of the Eastern European hacker group using spear phishing emails to attack Ukraine
2020-12-07QianxinRed Raindrop Team
@online{team:20201207:blocking:11414ce, author = {Red Raindrop Team}, title = {{Blocking APT: Qi'anxin QOWL engine defeats BITTER's targeted attacks on domestic government and enterprises}}, date = {2020-12-07}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/Blocking-APT:-Qianxin's-QOWL-Engine-Defeats-Bitter's-Targeted-Attack-on-Domestic-Government-and-Enterprises/}, language = {Chinese}, urldate = {2020-12-11} } Blocking APT: Qi'anxin QOWL engine defeats BITTER's targeted attacks on domestic government and enterprises
2020-12-07QianxinRed Raindrop Team
@online{team:20201207:analysis:30935b5, author = {Red Raindrop Team}, title = {{Analysis of the suspected two-tailed scorpion APT organization using CIA-funded information about Hamas as bait}}, date = {2020-12-07}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/analysis-of-APT-C-23-CIA-funding-for-Hamas-information-as-bait/}, language = {Chinese}, urldate = {2020-12-11} } Analysis of the suspected two-tailed scorpion APT organization using CIA-funded information about Hamas as bait
2020-09-16QianxinRed Raindrop Team
@online{team:20200916:target:a21c14d, author = {Red Raindrop Team}, title = {{Target defense industry: Lazarus uses recruitment bait combined with continuously updated cyber weapons}}, date = {2020-09-16}, organization = {Qianxin}, url = {https://mp.weixin.qq.com/s/2sV-DrleHiJMSpSCW0kAMg}, language = {English}, urldate = {2021-01-27} } Target defense industry: Lazarus uses recruitment bait combined with continuously updated cyber weapons
CRAT
2020-04-30QianxinRed Raindrop Team
@online{team:20200430:lazarus:4a450b4, author = {Red Raindrop Team}, title = {{Lazarus APT organization uses information such as recruitment of a Western aviation giant to analyze targeted attack incidents in specific countries}}, date = {2020-04-30}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/analysis-of-lazarus-apt-oriented-attack-event/}, language = {English}, urldate = {2020-05-07} } Lazarus APT organization uses information such as recruitment of a Western aviation giant to analyze targeted attack incidents in specific countries