2020.12.15.APT-C-47_ClickOnce

README.md

@@ -33,12 +33,14 @@ Please fire issue to me if any lost APT/Malware events/campaigns.
 * Dec 17 - [[ClearSky] Pay2Kitten](https://www.clearskysec.com/wp-content/uploads/2020/12/Pay2Kitten.pdf) | [:closed_book:](../../blob/master/2020/2020.12.17.Pay2Kitten)
 * Dec 17 - [[ESET] Operation SignSight: Supply‑chain attack against a certification authority in Southeast Asia](https://www.welivesecurity.com/2020/12/17/operation-signsight-supply-chain-attack-southeast-asia/) | [:closed_book:](../../blob/master/2020/2020.12.17.Operation_SignSight)
 * Dec 16 - [[Team Cymru] Mapping out AridViper Infrastructure Using Augury’s Malware Module](https://team-cymru.com/blog/2020/12/16/mapping-out-aridviper-infrastructure-using-augurys-malware-addon/) | [:closed_book:](../../blob/master/2020/2020.12.16.AridViper_Augury)
+* Dec 15 - [[WeiXin] APT-C-47 ClickOnce Operation](https://mp.weixin.qq.com/s/h_MUJfa3QGM9SqT_kzcdHQ) | [:closed_book:](../../blob/master/2020/2020.12.15.APT-C-47_ClickOnce)
 * Dec 15 - [[hvs consulting] Greetings from Lazarus Anatomy of a cyber espionage campaign](https://www.hvs-consulting.de/media/downloads/ThreatReport-Lazarus.pdf) | [:closed_book:](../../blob/master/2020/2020.12.15.Lazarus_Campaign)
 * Dec 13 - [[Fireeye] Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor](https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html) | [:closed_book:](../../blob/master/2020/2020.12.13.SolarWinds_Supply_Chain_SUNBURST_Backdoor)
 * Dec 09 - [[Trend Micro] SideWinder Uses South Asian Issues for Spear Phishing, Mobile Attacks](https://www.trendmicro.com/en_us/research/20/l/sidewinder-leverages-south-asian-territorial-issues-for-spear-ph.html) | [:closed_book:](../../blob/master/2020/2020.12.09.SideWinder)
 * Dec 07 - [[Group-IB] The footprints of Raccoon: a story about operators of JS-sniffer FakeSecurity distributing Raccoon stealer](https://www.group-ib.com/blog/fakesecurity_raccoon) | [:closed_book:](../../blob/master/2020/2020.12.07.FakeSecurity)
 * Dec 02 - [[ESET] Turla Crutch: Keeping the “back door” open](https://www.welivesecurity.com/2020/12/02/turla-crutch-keeping-back-door-open/) | [:closed_book:](../../blob/master/2020/2020.12.02.Turla_Crutch)
 * Dec 01 - [[CISA] Advanced Persistent Threat Actors Targeting U.S. Think Tanks](https://us-cert.cisa.gov/ncas/alerts/aa20-336a) | [:closed_book:](../../blob/master/2020/2020.12.01.APT_US_Think_Tanks)
+* Dec 01 - [[Prevasio] OPERATION RED KANGAROO: INDUSTRY'S FIRST DYNAMIC ANALYSIS OF 4M PUBLIC DOCKER CONTAINER IMAGES](https://blog.prevasio.com/2020/12/operation-red-kangaroo-industrys-first.html) | [:closed_book:](../../blob/master/2020/2020.12.01.Operation_RED_KANGAROO)
 * Nov 30 - [[Microsoft] Threat actor leverages coin miner techniques to stay under the radar – here’s how to spot them](https://www.microsoft.com/security/blog/2020/11/30/threat-actor-leverages-coin-miner-techniques-to-stay-under-the-radar-heres-how-to-spot-them/) | [:closed_book:](../../blob/master/2020/2020.11.30.BISMUTH_CoinMiner)
 * Nov 27 - [[PTSecurity] Investigation with a twist: an accidental APT attack and averted data destruction](https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/incident-response-polar-ransomware-apt27/) | [:closed_book:](../../blob/master/2020/2020.11.27.Twist_APT27)
 * Nov 26 - [[CheckPoint] Bandook: Signed & Delivered](https://research.checkpoint.com/2020/bandook-signed-delivered/) | [:closed_book:](../../blob/master/2020/2020.11.26.Bandook)