Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-01-17QianxinRed Raindrop Team
@online{team:20230117:kasablanka:d2d13e1, author = {Red Raindrop Team}, title = {{Kasablanka Group Probably Conducted Compaigns Targeting Russia}}, date = {2023-01-17}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/Kasablanka-Group-Probably-Conducted-Compaigns-Targeting-Russia/}, language = {English}, urldate = {2023-01-18} } Kasablanka Group Probably Conducted Compaigns Targeting Russia
Ave Maria Loda
2022-11-30Qianxin Threat Intelligence CenterRed Raindrop Team
@online{team:20221130:analysis:aa1ce2e, author = {Red Raindrop Team}, title = {{Analysis of APT29's attack activities against Italy}}, date = {2022-11-30}, organization = {Qianxin Threat Intelligence Center}, url = {https://ti.qianxin.com/blog/articles/analysis-of-apt29%27s-attack-activities-against-italy/}, language = {Chinese}, urldate = {2022-12-20} } Analysis of APT29's attack activities against Italy
Unidentified 098 (APT29 Slack Downloader)
2022-11-29QianxinRed Raindrop Team
@online{team:20221129:job:1749e9c, author = {Red Raindrop Team}, title = {{Job hunting trap: Analysis of Lazarus attack activities using recruitment information such as Mizuho Bank of Japan as bait}}, date = {2022-11-29}, organization = {Qianxin}, url = {https://mp.weixin.qq.com/s/nnLqUBPX8xZ3hCr5u-iSjQ}, language = {Chinese}, urldate = {2023-07-11} } Job hunting trap: Analysis of Lazarus attack activities using recruitment information such as Mizuho Bank of Japan as bait
CageyChameleon Cur1Downloader
2022-11-14QianxinRed Raindrop Team
@online{team:20221114:operation:d4929d5, author = {Red Raindrop Team}, title = {{Operation (Đường chín đoạn) typhoon: the cyber sea lotus coveting the nine-dash line in the South China Sea}}, date = {2022-11-14}, organization = {Qianxin}, url = {https://mp.weixin.qq.com/s/pd6fUs5TLdBtwUHauclDOQ}, language = {Chinese}, urldate = {2022-11-15} } Operation (Đường chín đoạn) typhoon: the cyber sea lotus coveting the nine-dash line in the South China Sea
Caja
2022-08-10WeixinRed Raindrop Team
@online{team:20220810:operation:cdad302, author = {Red Raindrop Team}, title = {{Operation(верность) mercenary: a torrent of steel trapped in the plains of Eastern Europe}}, date = {2022-08-10}, organization = {Weixin}, url = {https://mp.weixin.qq.com/s/cGS8FocPnUdBconLbbaG-g}, language = {Chinese}, urldate = {2022-08-15} } Operation(верность) mercenary: a torrent of steel trapped in the plains of Eastern Europe
BumbleBee Cobalt Strike
2022-06-08Qianxin Threat Intelligence CenterRed Raindrop Team
@online{team:20220608:operation:3fe580d, author = {Red Raindrop Team}, title = {{Operation Tejas: A dying elephant curled up in the Kunlun Mountains}}, date = {2022-06-08}, organization = {Qianxin Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/8j_rHA7gdMxY1_X8alj8Zg}, language = {English}, urldate = {2022-06-09} } Operation Tejas: A dying elephant curled up in the Kunlun Mountains
HAZY TIGER RAZOR TIGER
2022-06-01Qianxin Threat Intelligence CenterRed Raindrop Team
@online{team:20220601:analysis:03a76ad, author = {Red Raindrop Team}, title = {{Analysis of the attack activities of the Maha grass group using the documents of relevant government agencies in Pakistan as bait}}, date = {2022-06-01}, organization = {Qianxin Threat Intelligence Center}, url = {https://ti.qianxin.com/blog/articles/analysis-of-the-attack-activities-of-patchwork-using-the-documents-of-relevant-government-agencies-in-pakistan-as-bait}, language = {English}, urldate = {2022-07-05} } Analysis of the attack activities of the Maha grass group using the documents of relevant government agencies in Pakistan as bait
BadNews QUILTED TIGER
2022-04-11Qianxin Threat Intelligence CenterRed Raindrop Team
@online{team:20220411:snow:b930f42, author = {Red Raindrop Team}, title = {{Snow Abuse: Analysis of the Suspected Lazarus Attack Activities against South Korean Companies}}, date = {2022-04-11}, organization = {Qianxin Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/kcIaoB8Yta1zI6Py-uxupA}, language = {Chinese}, urldate = {2022-05-04} } Snow Abuse: Analysis of the Suspected Lazarus Attack Activities against South Korean Companies
2022-03-23QianxinRed Raindrop Team
@online{team:20220323:analysis:225d95b, author = {Red Raindrop Team}, title = {{Analysis of Attack Activity of PROMETHIUM Disguised}}, date = {2022-03-23}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/promethium-attack-activity-analysis-disguised-as-Winrar.exe/}, language = {Chines}, urldate = {2022-03-25} } Analysis of Attack Activity of PROMETHIUM Disguised
StrongPity
2022-03-14QianxinRed Raindrop Team
@online{team:20220314:analysis:9a058f9, author = {Red Raindrop Team}, title = {{Analysis Of Attack Activities Of Suspected APT Organization UNC1151 Against Ukraine And Other Countries}}, date = {2022-03-14}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/Analysis-of-attack-activities-of-suspected-aptorganization-unc1151-against-ukraine-and-other-countries/}, language = {Chinese}, urldate = {2022-03-15} } Analysis Of Attack Activities Of Suspected APT Organization UNC1151 Against Ukraine And Other Countries
MicroBackdoor
2022-01-20QianxinRed Raindrop Team
@online{team:20220120:false:ef8ab19, author = {Red Raindrop Team}, title = {{False flags or upgrades? Suspected OceanLotus uses the Glitch platform to reproduce the attack sample}}, date = {2022-01-20}, organization = {Qianxin}, url = {https://mp.weixin.qq.com/s/1L7o1C-aGlMBAXzHqR9udA}, language = {Chinese}, urldate = {2022-01-25} } False flags or upgrades? Suspected OceanLotus uses the Glitch platform to reproduce the attack sample
2022-01-18QianxinRed Raindrop Team
@online{team:20220118:sidecopy:862ebbd, author = {Red Raindrop Team}, title = {{SideCopy Arsenal Update: Golang-based Linux stealth tools surface}}, date = {2022-01-18}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/SideCopy's-Golang-based-Linux-tool/}, language = {Chinese}, urldate = {2022-01-25} } SideCopy Arsenal Update: Golang-based Linux stealth tools surface
Unidentified 005 (Sidecopy)
2021-12-20QianxinRed Raindrop Team
@online{team:20211220:indias:645da44, author = {Red Raindrop Team}, title = {{India's Chief of Defence Staff Crashes: SideCopy APT takes advantage of the fire}}, date = {2021-12-20}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/SideCopy-APT-Group-Takes-Advantage-of-the-Fire/}, language = {English}, urldate = {2022-01-25} } India's Chief of Defence Staff Crashes: SideCopy APT takes advantage of the fire
2021-12-20QianxinRed Raindrop Team
@online{team:20211220:first:ccac693, author = {Red Raindrop Team}, title = {{First time using a dual platform attack weapon? Analysis of the suspected SideCopy organization's attack activities against India}}, date = {2021-12-20}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/Sidecopy-dual-platform-weapon/}, language = {Chinese}, urldate = {2022-01-25} } First time using a dual platform attack weapon? Analysis of the suspected SideCopy organization's attack activities against India
2021-11-30QianxinRed Raindrop Team
@online{team:20211130:cyberspaces:e8efd82, author = {Red Raindrop Team}, title = {{Cyberspace's Magic Eye: PROMETHIUM Fakes attack activity analysis of NotePads and installation packages}}, date = {2021-11-30}, organization = {Qianxin}, url = {https://mp.weixin.qq.com/s/nQVUkIwkiQTj2pLaNYHeOA}, language = {Chinese}, urldate = {2021-12-07} } Cyberspace's Magic Eye: PROMETHIUM Fakes attack activity analysis of NotePads and installation packages
StrongPity
2021-11-29Qianxin Threat Intelligence CenterRed Raindrop Team
@online{team:20211129:aptq12:34c3ea9, author = {Red Raindrop Team}, title = {{APT-Q-12: An intelligence espionage campaign targeting the trade industry}}, date = {2021-11-29}, organization = {Qianxin Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/Hzq4_tWmunDpKfHTlZNM-A}, language = {Chinese}, urldate = {2022-12-06} } APT-Q-12: An intelligence espionage campaign targeting the trade industry
Unidentified 100 (APT-Q-12) APT-C-60
2021-11-11QianxinRed Raindrop Team
@online{team:20211111:sidecopy:ef53637, author = {Red Raindrop Team}, title = {{SideCopy organization's recent attack incident analysis using China-India current affairs news}}, date = {2021-11-11}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/October-Operation-SideCopy}, language = {Chinese}, urldate = {2022-01-25} } SideCopy organization's recent attack incident analysis using China-India current affairs news
2021-09-07QianxinRed Raindrop Team
@online{team:20210907:analysis:5fa5dff, author = {Red Raindrop Team}, title = {{Analysis of recent attacks by the Lazarus APT organization on the blockchain finance and energy industries}}, date = {2021-09-07}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/Lazarus'-Recent-Attack-Campaign-Targeting-Blockchain-Finance-and-Energy-Sectors/}, language = {Chinese}, urldate = {2021-10-11} } Analysis of recent attacks by the Lazarus APT organization on the blockchain finance and energy industries
2021-08-31QianxinRed Raindrop Team
@online{team:20210831:analysis:bed3f48, author = {Red Raindrop Team}, title = {{Analysis of suspected Russian-speaking attackers using COVID-19 vaccine bait to attack the Middle East}}, date = {2021-08-31}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/Suspected-Russian-speaking-attackers-use-COVID19-vaccine-decoys-against-Middle-East/}, language = {Chinese}, urldate = {2021-09-09} } Analysis of suspected Russian-speaking attackers using COVID-19 vaccine bait to attack the Middle East
GRUNT
2021-08-30QianxinRed Raindrop Team
@online{team:20210830:operation:7b5be26, author = {Red Raindrop Team}, title = {{Operation (Thủy Tinh) OceanStorm: The evil lotus hidden under the abyss}}, date = {2021-08-30}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/Operation-OceanStorm:The-OceanLotus-hidden-under-the-abyss-of-the-deep/}, language = {Chinese}, urldate = {2021-09-09} } Operation (Thủy Tinh) OceanStorm: The evil lotus hidden under the abyss
Cobalt Strike MimiKatz