Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-08-18TEAMT5Still Hsu, Zih-Cing Liao
@techreport{hsu:20230818:unmasking:61bd6b5, author = {Still Hsu and Zih-Cing Liao}, title = {{Unmasking CamoFei: An In-depth Analysis of an Emerging APT Group Focused on Healthcare Sectors in East Asia}}, date = {2023-08-18}, institution = {TEAMT5}, url = {http://stillu.cc/assets/slides/2023-08-Unmasking%20CamoFei.pdf}, language = {English}, urldate = {2023-08-23} } Unmasking CamoFei: An In-depth Analysis of an Emerging APT Group Focused on Healthcare Sectors in East Asia
CatB Cobalt Strike DoorMe GIMMICK
2023-01-26TEAMT5Still Hsu
@techreport{hsu:20230126:brief:5a0716d, author = {Still Hsu}, title = {{Brief History of MustangPanda and its PlugX Evolution}}, date = {2023-01-26}, institution = {TEAMT5}, url = {https://jsac.jpcert.or.jp/archive/2023/pdf/JSAC2023_2_LT4.pdf}, language = {English}, urldate = {2023-02-09} } Brief History of MustangPanda and its PlugX Evolution
PlugX
2022-05-12TEAMT5Leon Chang, Silvia Yeh
@techreport{chang:20220512:next:5fd8a83, author = {Leon Chang and Silvia Yeh}, title = {{The Next Gen PlugX/ShadowPad? A Dive into the Emerging China-Nexus Modular Trojan, Pangolin8RAT (slides)}}, date = {2022-05-12}, institution = {TEAMT5}, url = {https://i.blackhat.com/Asia-22/Thursday-Materials/AS-22-LeonSilvia-NextGenPlugXShadowPad.pdf}, language = {English}, urldate = {2022-08-08} } The Next Gen PlugX/ShadowPad? A Dive into the Emerging China-Nexus Modular Trojan, Pangolin8RAT (slides)
KEYPLUG Cobalt Strike CROSSWALK FunnySwitch PlugX ShadowPad Winnti SLIME29 TianWu
2022-05-11TEAMT5Charles Li, Che Chang
@techreport{li:20220511:to:12668fe, author = {Charles Li and Che Chang}, title = {{To loot or Not to Loot? That Is Not a Question - When State-Nexus APT Targets Online Entertainment Industry}}, date = {2022-05-11}, institution = {TEAMT5}, url = {https://i.blackhat.com/Asia-22/Friday-Materials/AS-22-Li-To-Loot-Or-Not-To-Loot-That-Is-Not-a-Question.pdf}, language = {English}, urldate = {2022-08-15} } To loot or Not to Loot? That Is Not a Question - When State-Nexus APT Targets Online Entertainment Industry
APT27 BRONZE STARLIGHT SLIME29 TianWu
2022-05-09TEAMT5TeamT5
@online{teamt5:20220509:hiding:5e7c212, author = {TeamT5}, title = {{Hiding in Plain Sight: Obscuring C2s by Abusing CDN Services}}, date = {2022-05-09}, organization = {TEAMT5}, url = {https://teamt5.org/en/posts/hiding-in-plain-sight-obscuring-c2s-by-abusing-cdn-services}, language = {English}, urldate = {2022-05-11} } Hiding in Plain Sight: Obscuring C2s by Abusing CDN Services
Cobalt Strike
2022-03-14TEAMT5TeamT5
@online{teamt5:20220314:nt:29d1c09, author = {TeamT5}, title = {{刻 の 涙 : NT 5.x NDIS 驅動程式後門分析《Daxin x32》}}, date = {2022-03-14}, organization = {TEAMT5}, url = {https://teamt5.org/tw/posts/backdoor-of-driver-analysis-Daxin/}, language = {Chinese}, urldate = {2023-02-01} } 刻 の 涙 : NT 5.x NDIS 驅動程式後門分析《Daxin x32》
Daxin
2021-12-16TEAMT5Charles Li, Aragorn Tseng, Peter Syu, Tom Lai
@online{li:20211216:winnti:adce3fa, author = {Charles Li and Aragorn Tseng and Peter Syu and Tom Lai}, title = {{Winnti is Coming - Evolution after Prosecution}}, date = {2021-12-16}, organization = {TEAMT5}, url = {https://speakerdeck.com/aragorntseng/winnti-is-coming-evolution-after-prosecution-at-hitcon2021}, language = {English}, urldate = {2023-04-28} } Winnti is Coming - Evolution after Prosecution
Cobalt Strike FishMaster FunnySwitch HIGHNOON ShadowPad Spyder
2021-10-22TEAMT5TeamT5
@online{teamt5:20211022:assassinations:4cccf2a, author = {TeamT5}, title = {{Assassinations of "MiniNinja" in Various APAC Countries}}, date = {2021-10-22}, organization = {TEAMT5}, url = {https://teamt5.org/en/posts/assassinations-of-minininja-in-various-apac-countries/}, language = {English}, urldate = {2021-10-26} } Assassinations of "MiniNinja" in Various APAC Countries
ToddyCat
2021-08-20TEAMT5TeamT5
@online{teamt5:20210820:see:815321b, author = {TeamT5}, title = {{See REvil again?! See how hackers use the same encryption ransomware program REvil to annihilate the attack evidence}}, date = {2021-08-20}, organization = {TEAMT5}, url = {https://teamt5.org/tw/posts/revil-dll-sideloading-technique-used-by-other-hackers/}, language = {Chinese}, urldate = {2021-08-31} } See REvil again?! See how hackers use the same encryption ransomware program REvil to annihilate the attack evidence
REvil
2021-07-21TEAMT5Tom, Peter, Jason3e7
@online{tom:20210721:le:ce23918, author = {Tom and Peter and Jason3e7}, title = {{"Le" is not tired of this, IE is really naughty}}, date = {2021-07-21}, organization = {TEAMT5}, url = {https://teamt5.org/tw/posts/internet-explorer-the-vulnerability-ridden-browser/}, language = {Chinese}, urldate = {2021-08-30} } "Le" is not tired of this, IE is really naughty
Magniber
2021-06-11TEAMT5Linda Kuo, Zih-Cing Liao
@techreport{kuo:20210611:story:897e55c, author = {Linda Kuo and Zih-Cing Liao}, title = {{Story of the ‘Phisherman’ -Dissecting Phishing Techniques of CloudDragon APT (slides)}}, date = {2021-06-11}, institution = {TEAMT5}, url = {https://conference.hitb.org/hitbsecconf2021ams/materials/D2T1%20-%20The%20Phishermen%20-%20Dissecting%20Phishing%20Techniques%20of%20CloudDragon%20APT%20-%20Linda%20Kuo%20&Zih-Cing%20Liao%20.pdf}, language = {English}, urldate = {2021-06-22} } Story of the ‘Phisherman’ -Dissecting Phishing Techniques of CloudDragon APT (slides)
Appleseed BabyShark
2021-06-02TEAMT5TeamT5
@online{teamt5:20210602:introducing:e0f8171, author = {TeamT5}, title = {{Introducing The Most Profitable Ransomware REvil}}, date = {2021-06-02}, organization = {TEAMT5}, url = {https://teamt5.org/en/posts/introducing-the-most-profitable-ransomware-revil/}, language = {English}, urldate = {2021-06-09} } Introducing The Most Profitable Ransomware REvil
Gandcrab REvil
2021-05-10TEAMT5Charles Li
@online{li:20210510:threat:bcb06cf, author = {Charles Li}, title = {{APT Threat Landscape of Taiwan in 2020}}, date = {2021-05-10}, organization = {TEAMT5}, url = {https://teamt5.org/en/posts/apt-threat-landscape-of-taiwan-in-2020/}, language = {English}, urldate = {2021-05-25} } APT Threat Landscape of Taiwan in 2020
2021-05-07TEAMT5Aragorn Tseng, Charles Li
@techreport{tseng:20210507:mem2img:494799d, author = {Aragorn Tseng and Charles Li}, title = {{Mem2Img: Memory-Resident Malware Detection via Convolution Neural Network}}, date = {2021-05-07}, institution = {TEAMT5}, url = {https://i.blackhat.com/asia-21/Friday-Handouts/as-21-Tseng-Mem2Img-Memory-Resident-Malware-Detection-via-Convolution-Neural-Network.pdf}, language = {English}, urldate = {2021-09-12} } Mem2Img: Memory-Resident Malware Detection via Convolution Neural Network
Cobalt Strike PlugX Waterbear
2021-05-07TEAMT5Jhih-Lin Kuo, Zih-Cing Liao
@techreport{kuo:20210507:we:cd620c1, author = {Jhih-Lin Kuo and Zih-Cing Liao}, title = {{"We Are About to Land": How CloudDragon Turns a Nightmare Into Reality}}, date = {2021-05-07}, institution = {TEAMT5}, url = {https://i.blackhat.com/asia-21/Friday-Handouts/as-21-Kuo-We-Are-About-To-Land-How-CloudDragon-Turns-A-Nightmare-Into-Reality.pdf}, language = {English}, urldate = {2021-09-14} } "We Are About to Land": How CloudDragon Turns a Nightmare Into Reality
FlowerPower Appleseed BabyShark GoldDragon NavRAT
2021-01-27TEAMT5Shui, Leon
@techreport{shui:20210127:luoyu:32b7965, author = {Shui and Leon}, title = {{LuoYu: The eavesdropper sneaking in multiple platforms}}, date = {2021-01-27}, institution = {TEAMT5}, url = {https://jsac.jpcert.or.jp/archive/2021/pdf/JSAC2021_301_shui-leon_en.pdf}, language = {English}, urldate = {2021-11-03} } LuoYu: The eavesdropper sneaking in multiple platforms
systemd WinDealer Red Nue
2021-01-13TEAMT5TeamT5
@online{teamt5:20210113:oracle:4eb3e85, author = {TeamT5}, title = {{年度最慘漏洞!深入探究 Oracle WebLogic CVE-2020-14882}}, date = {2021-01-13}, organization = {TEAMT5}, url = {https://teamt5.org/tw/posts/most-epic-fail-vulnerability-research-on-oracle-weblogic-cve-2020-14882}, language = {Chinese (Traditional)}, urldate = {2021-03-31} } 年度最慘漏洞!深入探究 Oracle WebLogic CVE-2020-14882
2020-12-22TEAMT5TeamT5
@online{teamt5:20201222:macos:d0657a9, author = {TeamT5}, title = {{macOS 用戶當心!北韓駭客 Lazarus 將目標瞄準虛擬貨幣交易用戶}}, date = {2020-12-22}, organization = {TEAMT5}, url = {https://teamt5.org/tw/posts/north-korea-linked-lazarus-apt-uses-a-macos-malware-in-cryptocurrency-exchange-attack/}, language = {Chinese (Traditional)}, urldate = {2021-03-31} } macOS 用戶當心!北韓駭客 Lazarus 將目標瞄準虛擬貨幣交易用戶
2020-08-19TEAMT5TeamT5
@online{teamt5:20200819:0819:e955419, author = {TeamT5}, title = {{調查局 08/19 公布中國對台灣政府機關駭侵事件說明}}, date = {2020-08-19}, organization = {TEAMT5}, url = {https://teamt5.org/tw/posts/mjib-holds-briefing-on-chinese-hackers-attacks-on-taiwanese-government-agencies/}, language = {Chinese}, urldate = {2021-05-03} } 調查局 08/19 公布中國對台灣政府機關駭侵事件說明
Cobalt Strike Waterbear
2020-05-01Macnica NetworksTeamT5, Macnica Networks
@techreport{teamt5:20200501:cyber:70c9cbc, author = {TeamT5 and Macnica Networks}, title = {{Cyber Espionage Tradecraft in the Real World Adversaries targeting Japan in the second half of 2019}}, date = {2020-05-01}, institution = {Macnica Networks}, url = {https://www.macnica.net/pdf/mpressioncss_ta_report_2019_4_en.pdf}, language = {English}, urldate = {2021-02-26} } Cyber Espionage Tradecraft in the Real World Adversaries targeting Japan in the second half of 2019
TSCookie LODEINFO