RedDrip Team
@RedDrip7
Technical Twitter of QiAnXin Technology, leading Chinese security vendor. It is operated by RedDrip Team which focuses on malware, APT and threat intelligence.
#APT_Digital_Weapon We have categorized #IOCs, mostly #APT related, from public resources and sample details are available on #VT. The #GitHub project will keep updated and hope to help the security community fight against malware and targeted attack. github.com/RedDrip7/APT_D…
Brief analysis of Chrome vuln #CVE-2025-6554, which was exploited in the wild. ti.qianxin.com/blog/articles/…
At the recently held CYDES 2025, we disclosed #APT group #NightEagle (APT-Q-95). This threat group has been targeting high-tech industries for a long time, including chip semiconductors, AI/GPT and other fields. Actors used an unknown Exchange exploit chain. PPT: #IOCs #APT
#APT #Kimsuky 7ec88818697623a0130b1de42fa31335 (dropper, with digital signature "CJ Olivenetworks Co., Ltd") 580d7a5fdf78dd3e720b2ce772dc77e9 (dll, "C:\\Users\\Public\\config.dat") hxxp://gsegse.dasfesfgsegsefsede.o-r.kr/login.php (162[.220.11.186)
#APT #APT-Q-12 APT-Q-12 has exploited a #0day existing in the Foxmail Windows client in recent campaign and we reported it to Tencent immediately. Now the vuln has been fixed and Windows users are suggested updating to latest version 7.2.25 (2025-03-28). mp.weixin.qq.com/s/GkKocGG4iVGk…
#APT #Patchwork targets Nepal with Spyder malware dcd38befbaff3b153c40cd9c2858e72a myprivatedrives[.]com hxxp://myprivatedrives.com/ticket_line/openai.php hxxp://myprivatedrives.com/ticket_line/certificate.php
![RedDrip7's tweet image. #APT #Patchwork targets Nepal with Spyder malware
dcd38befbaff3b153c40cd9c2858e72a
myprivatedrives[.]com
hxxp://myprivatedrives.com/ticket_line/openai.php
hxxp://myprivatedrives.com/ticket_line/certificate.php](https://pbs.twimg.com/media/GlVmjsRawAAefUZ.png)
![RedDrip7's tweet image. #APT #Patchwork targets Nepal with Spyder malware
dcd38befbaff3b153c40cd9c2858e72a
myprivatedrives[.]com
hxxp://myprivatedrives.com/ticket_line/openai.php
hxxp://myprivatedrives.com/ticket_line/certificate.php](https://pbs.twimg.com/media/GlVmnpWXIAA1onc.png)
![RedDrip7's tweet image. #APT #Patchwork targets Nepal with Spyder malware
dcd38befbaff3b153c40cd9c2858e72a
myprivatedrives[.]com
hxxp://myprivatedrives.com/ticket_line/openai.php
hxxp://myprivatedrives.com/ticket_line/certificate.php](https://pbs.twimg.com/media/GlVmpLBa4AI-fRq.png)
#APT #CNC #UTG-Q-011 Recent espionage campaign operated by threat actors from South Asia targets Chinese scientific research in the maritime and other fields. ti.qianxin.com/blog/articles/…
Malware seems from #APT #Donot 893561ff6d17f1e95897b894dde29a2a hxxps://totalservices.info/WxporesjaTexopManor/ptomekasresdkolertys
#APT #OceanLotus: memory plug-ins and espionage purpose in latest years ti.qianxin.com/blog/articles/…
#APT #Bitter MiyaRAT 90947fbcf206eca23a6965a632815152 (nsrzx.tar) b11d50d48cb10c40dcad8b316253885d (nsrzx.exe) C&C: wusvcpsvc[.com:46346 PDB: "C:\DRIVE_Y\EDRIVE\repos\Leov3_client\Release\Leov3_client.pdb" related report: ti.qianxin.com/blog/articles/…
Unlock the Future of Cybersecurity! Join #DataCon2024 🎁RMB ¥500,000 BONUS prize! ⌛️Registration closes on November 11th, Don't miss out! 📝datacon.qianxin.com/datacon2024-en
Analysis of Windows DWM #EoP vuln (#CVE-2024-30051) in-the-wild exploitation sample and root cause ti.qianxin.com/blog/articles/…
