https://mp.weixin.qq.com/s/ji37khbyot1sajof2t5heg

https://sentinelone.com/labs/comrades-in-arms-north-korea-compromises-sanctioned-

https://www.seqrite.com/blog/double-action-triple-infection-and-a-new-rat-sidecopys-

https://mp.weixin.qq.com/s/g8osytvgrsv2773kwzyuha

https://mp.weixin.qq.com/s/mhyglpqothzg-h2rveobaw

https://blogs.blackberry.com/en/2023/02/newspenguin-a-previously-unknown-threat-actor-

https://securityaffairs.com/149698/apt/kimsuky-war-simulation-centre.html

https://securelist.com/the-lazarus-group-deathnote-campaign/109490

https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344

https://medium.com/checkmarx-security/lazarus-group-launches-first-open-source-supply-

https://www.microsoft.com/en-us/security/blog/2023/11/22/diamond-sleet-supply-chain-

https://www.cisa.gov/sites/default/files/2023-12/aa23-347a-russian-foreign-intelligence-

https://www.mandiant.com/resources/blog/apt43-north-korea-cybercrime-espionage

https://mp.weixin.qq.com/s/yx8ikapsr9vs3z2wsgdisw

https://mp.weixin.qq.com/s/so2rjbybqlcyb3avaumegg

https://mp.weixin.qq.com/s/lvsragnmsl3a1jeuubuvyw

https://www.seqrite.com/blog/transparent-tribe-apt-actively-lures-indian-army-amidst-

https://www.fbi.gov/news/press-releases/fbi-identifies-cryptocurrency-funds-stolen-by-dprk

https://mp.weixin.qq.com/s/eq8nrfe3tkfg4nb8f49vla

https://www.proofpoint.com/us/blog/threat-insight/ta444-apt-startup-aimed-at-your-funds

https://asec.ahnlab.com/ko/47622

https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal

https://asec.ahnlab.com/en/49295

https://blog.alyac.co.kr/5103

https://www.zscaler.com/blogs/security-research/unintentional-leak-glimpse-attack-vectors-

https://asec.ahnlab.com/en/50625

https://blog.virustotal.com/2023/04/apt43-investigation-into-north-korean.html

https://www.jamf.com/blog/bluenoroff-apt-targets-macos-rustbucket-malware/#

https://research.checkpoint.com/2023/chain-reaction-rokrats-missing-link

https://asec.ahnlab.com/ko/52662

https://www.genians.co.kr/hubfs/blogfile/threat_intelligence_report_apt37.pdf?hslang=ko

https://www.sentinelone.com/labs/kimsuky-ongoing-campaign-using-tailored-reconnaissance-

https://www.nsa.gov/press-room/press-releases-statements/press-release-view

https://asec.ahnlab.com/en/53377

https://www.genians.co.kr/hubfs/blogfile/20230620_threat_inteligence_report_apt37_macos.

https://mp.weixin.qq.com/s/mlkyhlzkamygcf4czw0vag

https://www.elastic.co/cn/security-labs/dprk-strikes-using-a-new-variant-of-rustbucket

https://www.sentinelone.com/blog/bluenoroff-how-dprks-macos-rustbucket-seeks-to-evade-

https://ti.qianxin.com/blog/articles/cloud-spy-analysis-of-recent-attack-activities-by-

https://mp.weixin.qq.com/s/gmgk6lg6pysebf4y7f7g7w

https://mp.weixin.qq.com/s/8aootjxn3c5sviae08-_gq

https://www.sentinelone.com/labs/comrades-in-arms-north-korea-compromises-sanctioned-

https://blog.talosintelligence.com/lazarus-quiterat

https://mp.weixin.qq.com/s/2anqicw1lii3j-ickcuthw?poc_token=hav7d2wjfljxoutf772bre3m

https://mp.weixin.qq.com/s/pzfbhtrz6jelwibujrzcyw

https://mp.weixin.qq.com/s/1j4jnqlvust6psawwoq1cq

https://mp.weixin.qq.com/s/hwveqib68aadnpqvrknaeq

https://asec.ahnlab.com/ko/57427

https://www.microsoft.com/en-us/security/blog/2023/10/18/multiple-north-korean-threat-

https://medium.com/s2wblog/fastviewer-variant-merged-with-fastspy-and-disguised-as-a-

https://www.jamf.com/blog/bluenoroff-strikes-again-with-new-macos-malware

https://asec.ahnlab.com/ko/59209

https://mp.weixin.qq.com/s/s3wvspnjkfvhroufxrdtiq

https://securelist.com/bluenoroff-new-macos-malware/111290

https://ti.qianxin.com/blog/articles/analysis-of-suspected-lazarus-apt-q-1-attack-sample-

https://mp.weixin.qq.com/s/bdab1bbgtd3amuziu2_tsw

https://www.group-ib.com/blog/dark-pink-apt

https://www.deepinstinct.com/blog/ducktail-threat-operation-re-emerges-with-new-lnk-

https://yoroi.company/en/research/ducktail-dissecting-a-complex-infection-chain-started-

https://www.elastic.co/cn/security-labs/elastic-charms-spectralviper

https://labs.withsecure.com/publications/meet-the-ducks

https://www.appgate.com/blog/vietnamese-information-stealer-campaigns-target-

https://mp.weixin.qq.com/s/ib2w86cxcpmgs8qronprkw

https://labs.withsecure.com/publications/ducktail

https://labs.withsecure.com/publications/ducktail-returns

https://mp.weixin.qq.com/s/p7vxmhib5djl9zoe1obdww

https://mp.weixin.qq.com/s/rslbgqgtl_jzd73ajqi05q

https://mp.weixin.qq.com/s/xu7b3m-l2olai2bu7nbj0a

https://threatmon.io/apt-sidecopy-targeting-indian-government-entities

https://blog.cyble.com/2023/03/21/notorious-sidecopy-apt-group-sets-sights-on-indias-drdo

https://mp.weixin.qq.com/s/duzinbdwpwj3qbbafrnzyg

https://www.cyfirma.com/outofband/donot-apt-targets-individuals-in-south-asia-using-

https://www.uptycs.com/blog/cyber_espionage_in_india_decoding_apt_36_new_linux_

https://www.fortinet.com/blog/threat-research/clean-rooms-nuclear-missiles-and-sidecopy

https://mp.weixin.qq.com/s/syk4ptmjloruogbmnd3hrg

https://mp.weixin.qq.com/s/qtsefcnpz9aeg0v2sipwua

https://mp.weixin.qq.com/s/wu0vnmcf-fqyxibkzfzaew

https://perception-point.io/blog/operation-red-deer

https://www.cyfirma.com/outofband/donot-apt-elevates-its-tactics-by-deploying-malicious-

https://www.rewterz.com/rewterz-news/rewterz-threat-alert-sidewinder-apt-group-launches-

https://mp.weixin.qq.com/s/ewgyvlmwud45xtvsoxevpg

https://threatmon.io/unraveling-the-complex-infection-chain-analysis-of-the-sidecopy-apts-

https://mp.weixin.qq.com/s/hvhxyib4skug6ddwwe4pcw

https://mp.weixin.qq.com/s/f

https://mp.weixin.qq.com/s/vcgi3ftr4lwxpwzf5eulia

https://mp.weixin.qq.com/s/nmtqww-jhkdkbwfpydfpra

https://www.zscaler.com/blogs/security-research/peek-apt36-s-updated-arsenal

https://www.seqrite.com/blog/sidecopys-multi-platform-onslaught-leveraging-winrar-zero-

https://mp.weixin.qq.com/s/crx7nlpe4zzgwheowe8_ba

https://mp.weixin.qq.com/s/cew83kzo6omopglpg-qgxw

https://www.seqrite.com/blog/operation-rusticweb-targets-indian-govt-from-rust-based-

https://cert.gov.ua/article/3718487

https://therecord.media/latvia-confirms-phishing-attack-on-ministry-of-defense-linking-it-to-

https://mrtiepolo.medium.com/russian-apt-gamaredon-exploits-hoaxshell-to-target-

https://threatmon.io/beyond-bullets-and-bombs-an-examination-of-armageddon-groups-

https://informnapalm.org/en/hacked-russian-gru-officer

https://blog.eclecticiq.com/exposed-web-panel-reveals-gamaredon-groups-automated-spear-

https://securelist.com/tomiris-called-they-want-their-turla-malware-back/109552

https://www.prodaft.com/resource/detail/paperbug-nomadic-octopus-paperbug-campaign

https://cert.gov.ua/article/4501891

https://thedfirreport.com/2023/06/12/a-truly-graceful-wipe-out

https://cert.gov.ua/article/4905718

https://cert.gov.ua/article/4905829

https://blog.talosintelligence.com/malicious-campaigns-target-entities-in-ukraine-poland

https://cert.gov.ua/article/5213167

https://mp.weixin.qq.com/s/32u2nbhye0hjbwskhwct4g

https://blog.eclecticiq.com/german-embassy-lure-likely-part-of-campaign-against-nato-

https://www.zscaler.com/blogs/security-research/steal-it-campaign

https://unit42.paloaltonetworks.com/turla-pensive-ursa-threat-assessment

https://blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-

https://unit42.paloaltonetworks.com/pensive-ursa-uses-upgraded-kazuar-backdoor

https://www.rnbo.gov.ua/files/2023_year/cybercenter/november/apt29%20attacks%20

https://www.wojsko-polskie.pl/woc/articles/aktualnosci-w/detecting-malicious-activity-

https://mp.weixin.qq.com/s/qxegbv6ltn_udjrsks-srg

https://www.welivesecurity.com/2023/01/10/strongpity-espionage-campaign-targeting-

https://www.gov.il/en/departments/news/_muddywater

https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/mantis-palestinian-

https://www.microsoft.com/en-us/security/blog/2023/04/18/nation-state-threat-actor-mint-

https://research.checkpoint.com/2023/educated-manticore-iran-aligned-threat-actor-

https://www.welivesecurity.com/2023/05/02/apt-groups-muddying-waters-msps

https://www.volexity.com/blog/2023/06/28/charming-kitten-updates-powerstar-with-an-

https://www.proofpoint.com/us/blog/threat-insight/welcome-new-york-exploring-ta453s-

https://mp.weixin.qq.com/s/e4s10n9slxjrmmgyjfzn0g

https://www.welivesecurity.com/en/eset-research/sponsor-batch-filed-whiskers-ballistic-

https://mp.weixin.qq.com/s/-lyxjtjehdwa8km_ri1cxg

https://www.welivesecurity.com/en/eset-research/stealth-falcon-preying-middle-eastern-

https://mp.weixin.qq.com/s/xy9pfucgtytzae_xlwsn6w

https://research.checkpoint.com/2023/from-albania-to-the-middle-east-the-scarred-

https://www.deepinstinct.com/blog/muddywater-en-able-spear-phishing-with-new-ttps

https://www.sentinelone.com/labs/arid-viper-apts-nest-of-spyc23-malware-continues-to-

https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-

https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/iran-apt-seedworm-

https://securelist.com/find-the-triangulation-utility/109867

https://securelist.com/triangulation-validators-modules/110847

https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669

https://blogs.blackberry.com/en/2023/02/blind-eagle-apt-c-36-targets-colombia

https://threatmon.io/apt-blind-eagles-malware-arsenal-technical-analysis

https://it.rising.com.cn/anquan/20037.html

https://mp.weixin.qq.com/s/b0fskq6d3mvla8yx3v4iug

https://www.trendmicro.com/en_us/research/23/b/earth-kitsune-delivers-new-whiskerspy-

https://securelist.com/goldenjackal-apt-group/109677

https://www.paloaltonetworks.com/blog/security-operations/through-the-cortex-xdr-lens-

https://unit42.paloaltonetworks.com/rare-possible-gelsemium-attack-targets-se-asia

https://mp.weixin.qq.com/s/doq5ka7mwqcdg2x_ngboea

https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-193a

https://docs.google.com/spreadsheets/d/1lknj0uqwbec1ztrrxdtuplcil7mlureokfsigajnsyy

https://blog.google/threat-analysis-group/0-days-exploited-by-commercial-surveillance-

https://www.trendmicro.com/en_us/research/22/d/new-apt-group-earth-berberoka-targets-

https://ti.qianxin.com/apt/detail/5acb29d0596a10001a1a9794?name=turla&type=map

UAC-0056

CNVD-2023-69477

cve-2023-2868

cve-2022-4262

cve-2023-42793

cve-2023-41990

cve-2023-38606

cve-2019-5782

cve-2023-23529

cve-2023-21715

cve-2023-20963

cve-2023-21768

cve-2023-26083

cve-2023-28205

cve-2023-2033

cve-2023-21492

cve-2023-32373

cve-2023-29336

cve-2023-32439

cve-2023-32046

cve-2023-36884

cve-2023-35674

cve-2023-41064

cve-2023-4863

cve-2023-36802

cve-2023-41992

cve-2023-41993

cve-2023-4211

cve-2023-33107

cve-2023-42824

cve-2023-36036

cve-2023-46604

cve-2023-42916

cve-2022-44698

qianxin.com

000webhostapp.com

xxxx.co

cert.pl

www.gov.pl

lab52.io

cert.gov.ua

mp.weixin.qq.com

www.seqrite.com

blogs.blackberry.com

securelist.com

www.mandiant.com

www.reversinglabs.com

www.cisa.gov

www.sentinelone.com

www.proofpoint.com

blog.alyac.co.kr

threatmon.io

blog.virustotal.com

research.checkpoint.com

www.nsa.gov

blog.talosintelligence.com

www.deepinstinct.com

www.trendmicro.com

www.appgate.com

www.intezer.com

www.uptycs.com

perception-point.io

therecord.media

informnapalm.org

blog.eclecticiq.com

www.prodaft.com

thedfirreport.com

www.avertium.com

www.silentpush.com

www.rnbo.gov.ua

socradar.io

www.bitdefender.com

it.rising.com.cn

www.ptsecurity.com

msrc.microsoft.com

docs.google.com

ti_support@qianxin.com

ank.php

mwvcis.png

释放名为nvspcaps1.db

gov.pl

service-svr-exploiting-jetbrains-teamcity-cve-globally_0.pdf

apt43-investigation-into-north-korean.html

trend-micro-vision-one.html

www.cer

embassies%20using%20cve-2023-38831%20-%20report%20en.pdf

east.html

20037.html

gambling-websites-with-old.html

396eaf4482e610119ce0cdcd7526c945

UNC4841

Storm-0558

storm-0558

APT-C-26

APT-C-35

APT-C-52

APT-C-36

APT-Q-77

APT-Q-27

APT-Q-1

APT-Q-36

APT-Q-12

APT-Q-37

APT-Q-11

APT-Q-38

APT28

APT43

APT38

APT34

APT33

FIN7

https://ti.qianxin.com

https://www.gov.pl/web/baza-wiedzy/espionage-campaign-linked-to-russian-intelligence-

https://lab52.io/blog/2344-2

https://cert.gov.ua/article/5105791

https://mp.weixin.qq.com/s/_wmljf41etsbrqda3bjftq

https://mp.weixin.qq.com/s/fixirwadiknrv4wlghj_mw