Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-11-29QianxinRed Raindrop Team
@online{team:20221129:job:1749e9c, author = {Red Raindrop Team}, title = {{Job hunting trap: Analysis of Lazarus attack activities using recruitment information such as Mizuho Bank of Japan as bait}}, date = {2022-11-29}, organization = {Qianxin}, url = {https://mp.weixin.qq.com/s/nnLqUBPX8xZ3hCr5u-iSjQ}, language = {Chinese}, urldate = {2022-12-01} } Job hunting trap: Analysis of Lazarus attack activities using recruitment information such as Mizuho Bank of Japan as bait
2022-11-14QianxinRed Raindrop Team
@online{team:20221114:operation:d4929d5, author = {Red Raindrop Team}, title = {{Operation (Đường chín đoạn) typhoon: the cyber sea lotus coveting the nine-dash line in the South China Sea}}, date = {2022-11-14}, organization = {Qianxin}, url = {https://mp.weixin.qq.com/s/pd6fUs5TLdBtwUHauclDOQ}, language = {Chinese}, urldate = {2022-11-15} } Operation (Đường chín đoạn) typhoon: the cyber sea lotus coveting the nine-dash line in the South China Sea
Caja
2022-08-10WeixinRed Raindrop Team
@online{team:20220810:operation:cdad302, author = {Red Raindrop Team}, title = {{Operation(верность) mercenary: a torrent of steel trapped in the plains of Eastern Europe}}, date = {2022-08-10}, organization = {Weixin}, url = {https://mp.weixin.qq.com/s/cGS8FocPnUdBconLbbaG-g}, language = {Chinese}, urldate = {2022-08-15} } Operation(верность) mercenary: a torrent of steel trapped in the plains of Eastern Europe
BumbleBee Cobalt Strike
2022-06-08Qianxin Threat Intelligence CenterRed Raindrop Team
@online{team:20220608:operation:3fe580d, author = {Red Raindrop Team}, title = {{Operation Tejas: A dying elephant curled up in the Kunlun Mountains}}, date = {2022-06-08}, organization = {Qianxin Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/8j_rHA7gdMxY1_X8alj8Zg}, language = {English}, urldate = {2022-06-09} } Operation Tejas: A dying elephant curled up in the Kunlun Mountains
HAZY TIGER RAZOR TIGER
2022-06-01Qianxin Threat Intelligence CenterRed Raindrop Team
@online{team:20220601:analysis:03a76ad, author = {Red Raindrop Team}, title = {{Analysis of the attack activities of the Maha grass group using the documents of relevant government agencies in Pakistan as bait}}, date = {2022-06-01}, organization = {Qianxin Threat Intelligence Center}, url = {https://ti.qianxin.com/blog/articles/analysis-of-the-attack-activities-of-patchwork-using-the-documents-of-relevant-government-agencies-in-pakistan-as-bait}, language = {English}, urldate = {2022-07-05} } Analysis of the attack activities of the Maha grass group using the documents of relevant government agencies in Pakistan as bait
BadNews QUILTED TIGER
2022-04-11Qianxin Threat Intelligence CenterRed Raindrop Team
@online{team:20220411:snow:b930f42, author = {Red Raindrop Team}, title = {{Snow Abuse: Analysis of the Suspected Lazarus Attack Activities against South Korean Companies}}, date = {2022-04-11}, organization = {Qianxin Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/kcIaoB8Yta1zI6Py-uxupA}, language = {Chinese}, urldate = {2022-05-04} } Snow Abuse: Analysis of the Suspected Lazarus Attack Activities against South Korean Companies
2022-03-23QianxinRed Raindrop Team
@online{team:20220323:analysis:225d95b, author = {Red Raindrop Team}, title = {{Analysis of Attack Activity of PROMETHIUM Disguised}}, date = {2022-03-23}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/promethium-attack-activity-analysis-disguised-as-Winrar.exe/}, language = {Chines}, urldate = {2022-03-25} } Analysis of Attack Activity of PROMETHIUM Disguised
StrongPity
2022-03-14QianxinRed Raindrop Team
@online{team:20220314:analysis:9a058f9, author = {Red Raindrop Team}, title = {{Analysis Of Attack Activities Of Suspected APT Organization UNC1151 Against Ukraine And Other Countries}}, date = {2022-03-14}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/Analysis-of-attack-activities-of-suspected-aptorganization-unc1151-against-ukraine-and-other-countries/}, language = {Chinese}, urldate = {2022-03-15} } Analysis Of Attack Activities Of Suspected APT Organization UNC1151 Against Ukraine And Other Countries
MicroBackdoor
2022-01-20QianxinRed Raindrop Team
@online{team:20220120:false:ef8ab19, author = {Red Raindrop Team}, title = {{False flags or upgrades? Suspected OceanLotus uses the Glitch platform to reproduce the attack sample}}, date = {2022-01-20}, organization = {Qianxin}, url = {https://mp.weixin.qq.com/s/1L7o1C-aGlMBAXzHqR9udA}, language = {Chinese}, urldate = {2022-01-25} } False flags or upgrades? Suspected OceanLotus uses the Glitch platform to reproduce the attack sample
2022-01-18QianxinRed Raindrop Team
@online{team:20220118:sidecopy:862ebbd, author = {Red Raindrop Team}, title = {{SideCopy Arsenal Update: Golang-based Linux stealth tools surface}}, date = {2022-01-18}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/SideCopy's-Golang-based-Linux-tool/}, language = {Chinese}, urldate = {2022-01-25} } SideCopy Arsenal Update: Golang-based Linux stealth tools surface
Unidentified 005 (Sidecopy)
2021-12-20QianxinRed Raindrop Team
@online{team:20211220:indias:645da44, author = {Red Raindrop Team}, title = {{India's Chief of Defence Staff Crashes: SideCopy APT takes advantage of the fire}}, date = {2021-12-20}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/SideCopy-APT-Group-Takes-Advantage-of-the-Fire/}, language = {English}, urldate = {2022-01-25} } India's Chief of Defence Staff Crashes: SideCopy APT takes advantage of the fire
2021-12-20QianxinRed Raindrop Team
@online{team:20211220:first:ccac693, author = {Red Raindrop Team}, title = {{First time using a dual platform attack weapon? Analysis of the suspected SideCopy organization's attack activities against India}}, date = {2021-12-20}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/Sidecopy-dual-platform-weapon/}, language = {Chinese}, urldate = {2022-01-25} } First time using a dual platform attack weapon? Analysis of the suspected SideCopy organization's attack activities against India
2021-11-30QianxinRed Raindrop Team
@online{team:20211130:cyberspaces:e8efd82, author = {Red Raindrop Team}, title = {{Cyberspace's Magic Eye: PROMETHIUM Fakes attack activity analysis of NotePads and installation packages}}, date = {2021-11-30}, organization = {Qianxin}, url = {https://mp.weixin.qq.com/s/nQVUkIwkiQTj2pLaNYHeOA}, language = {Chinese}, urldate = {2021-12-07} } Cyberspace's Magic Eye: PROMETHIUM Fakes attack activity analysis of NotePads and installation packages
StrongPity
2021-11-29Qianxin Threat Intelligence CenterRed Raindrop Team
@online{team:20211129:unknown:34c3ea9, author = {Red Raindrop Team}, title = {{Unknown}}, date = {2021-11-29}, organization = {Qianxin Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/Hzq4_tWmunDpKfHTlZNM-A}, language = {Chinese}, urldate = {2022-10-06} } Unknown
APT-Q-12
2021-11-11QianxinRed Raindrop Team
@online{team:20211111:sidecopy:ef53637, author = {Red Raindrop Team}, title = {{SideCopy organization's recent attack incident analysis using China-India current affairs news}}, date = {2021-11-11}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/October-Operation-SideCopy}, language = {Chinese}, urldate = {2022-01-25} } SideCopy organization's recent attack incident analysis using China-India current affairs news
2021-09-07QianxinRed Raindrop Team
@online{team:20210907:analysis:5fa5dff, author = {Red Raindrop Team}, title = {{Analysis of recent attacks by the Lazarus APT organization on the blockchain finance and energy industries}}, date = {2021-09-07}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/Lazarus'-Recent-Attack-Campaign-Targeting-Blockchain-Finance-and-Energy-Sectors/}, language = {Chinese}, urldate = {2021-10-11} } Analysis of recent attacks by the Lazarus APT organization on the blockchain finance and energy industries
2021-08-31QianxinRed Raindrop Team
@online{team:20210831:analysis:bed3f48, author = {Red Raindrop Team}, title = {{Analysis of suspected Russian-speaking attackers using COVID-19 vaccine bait to attack the Middle East}}, date = {2021-08-31}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/Suspected-Russian-speaking-attackers-use-COVID19-vaccine-decoys-against-Middle-East/}, language = {Chinese}, urldate = {2021-09-09} } Analysis of suspected Russian-speaking attackers using COVID-19 vaccine bait to attack the Middle East
GRUNT
2021-08-30QianxinRed Raindrop Team
@online{team:20210830:operation:7b5be26, author = {Red Raindrop Team}, title = {{Operation (Thủy Tinh) OceanStorm: The evil lotus hidden under the abyss}}, date = {2021-08-30}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/Operation-OceanStorm:The-OceanLotus-hidden-under-the-abyss-of-the-deep/}, language = {Chinese}, urldate = {2021-09-09} } Operation (Thủy Tinh) OceanStorm: The evil lotus hidden under the abyss
Cobalt Strike MimiKatz
2021-05-11QianxinRed Raindrop Team
@online{team:20210511:analysis:d95ef63, author = {Red Raindrop Team}, title = {{Analysis of a series of attacks by the suspected Lazarus organization using Daewoo Shipyard as relevant bait}}, date = {2021-05-11}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/Analysis-of-attacks-by-Lazarus-using-Daewoo-shipyard-as-bait/}, language = {Chinese}, urldate = {2021-06-25} } Analysis of a series of attacks by the suspected Lazarus organization using Daewoo Shipyard as relevant bait
BISTROMATH
2020-12-16QianxinRed Raindrop Team
@online{team:20201216:solarwinds:0871f46, author = {Red Raindrop Team}, title = {{中招目标首次披露:SolarWinds供应链攻击相关域名生成算法可破解!}}, date = {2020-12-16}, organization = {Qianxin}, url = {https://mp.weixin.qq.com/s/v-ekPFtVNZG1W7vWjcuVug}, language = {Chinese}, urldate = {2020-12-17} } 中招目标首次披露:SolarWinds供应链攻击相关域名生成算法可破解!
SUNBURST