Basic HTML Version
Reference
• http://researchcenter.paloaltonetworks.com/2016/03/digital-quartermaster-scenario-demonstrated-in-attacks-against-the-mongolian-government/
• http://researchcenter.paloaltonetworks.com/2015/07/unit-42-technical-analysis-seaduke/
• “Roaming Tiger”
• Lurid/Enfal adversaries
• http://researchcenter.paloaltonetworks.com/2015/05/cmstar-downloader-lurid-and-enfals-new-cousin/
• http://researchcenter.paloaltonetworks.com/2016/01/nettraveler -spear-phishing-email-targets-diplomat-of-uzbekistan/
• http://researchcenter.paloaltonetworks.com/2016/01/nettraveler -spear-phishing-email-targets-diplomat-of-uzbekistan/
• http://researchcenter.paloaltonetworks.com/2015/12/bbsrat-attacks-targeting-russian-organizations-linked-to-roaming-tiger/
• https://www.thecyberwire.com/issues/issues2016/March/CyberWire_2016_03_15.html
• https://www.us-cert.gov/security-publications/GRIZZLY-STEPPE-Russian-Malicious-Cyber-Activity
• https://www.tenable.com/blog/grizzly-steppe-detection-with-securitycenter
• https://github.com/tennc/webshell/tree/master/php/pas
• http://blog.erratasec.com/2016/12/some-notes-on-iocs.html#.WPyBNPmGPIU
• http://amanda.secured.org/just-a-php-web-shell-sold-in-dark-forums/
• https://www.wordfence.com/blog/2016/12/russia-malware-ip-hack/
• https://github.com/wordfence/grizzly
• http://wiki.yobi.be/wiki/Forensics_on_Incident_3
• https://www.fireeye.com/blog/threat-research/2017/02/spear_phishing_techn.html
• https://github.com/fireeye/iocs
• https://github.com/aptnotes/data
• https://www.blackhat.com/docs/asia-14/materials/Haruyama/Asia-14-Haruyama-I-Know-You-Want-Me-Unplugging-PlugX.pdf
• http://takahiroharuyama.github.io/blog/2014/03/12/plugx-builder-slash-controller/