APT_CyberCriminal_Campagin_.../README.md

1236 lines
274 KiB
Markdown
Raw Normal View History

2019-09-11 02:32:07 +00:00
# APT & Cybercriminals Campaign Collection
2017-02-11 07:00:00 +00:00
2019-09-11 02:32:07 +00:00
This is collections of APT and cybercriminals campaign.
2017-12-12 03:27:14 +00:00
Please fire issue to me if any lost APT/Malware events/campaigns.
2017-02-28 07:03:11 +00:00
2018-04-24 20:46:45 +00:00
🤷The password of malware samples could be 'virus' or 'infected'
2019-01-30 06:56:30 +00:00
## URL to PDF Tool
* [Print Friendly & PDF](https://www.printfriendly.com/)
2017-10-24 05:54:56 +00:00
## Reference Resources
2019-08-14 09:46:36 +00:00
:small_blue_diamond: [kbandla](https://github.com/kbandla/APTnotes) <br>
:small_blue_diamond: [APTnotes](https://github.com/aptnotes/data) <br>
:small_blue_diamond: [Florian Roth - APT Groups](https://docs.google.com/spreadsheets/u/0/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/pubhtml) <br>
:small_blue_diamond: [Attack Wiki](https://attack.mitre.org/wiki/Groups) <br>
:small_blue_diamond: [threat-INTel](https://github.com/fdiskyou/threat-INTel) <br>
:small_blue_diamond: [targetedthreats](https://securitywithoutborders.org/resources/targeted-surveillance-reports.html) <br>
2019-08-14 09:46:36 +00:00
:small_blue_diamond: [Raw Threat Intelligence](https://docs.google.com/document/d/1oYX3uN6KxIX_StzTH0s0yFNNoHDnV8VgmVqU5WoeErc/edit) <br>
:small_blue_diamond: [APT search](https://cse.google.com/cse/publicurl?cx=003248445720253387346:turlh5vi4xc) <br>
:small_blue_diamond: [APT Sample by 0xffff0800](http://0xffff0800.ddns.net/Library/) (https://iec56w4ibovnb4wc.onion.si/) <br>
:small_blue_diamond: [APT Map](https://aptmap.netlify.com/) <br>
:small_blue_diamond: [sapphirex00 - Threat-Hunting](https://github.com/sapphirex00/Threat-Hunting) <br>
:small_blue_diamond: [APTSimulator](https://github.com/NextronSystems/APTSimulator) <br>
:small_blue_diamond: [MITRE Att&CK: Group](https://attack.mitre.org/groups/) <br>
:small_blue_diamond: [APT_REPORT collected by @blackorbird](https://github.com/blackorbird/APT_REPORT) <br>
2019-09-11 02:28:08 +00:00
:small_blue_diamond: [Analysis of malware and Cyber Threat Intel of APT and cybercriminals groups](https://github.com/StrangerealIntel/CyberThreatIntel) <br>
:small_blue_diamond: [APT_Digital_Weapon](https://github.com/RedDrip7/APT_Digital_Weapon) <br>
2020-11-19 02:50:12 +00:00
:small_blue_diamond: [vx-underground](https://vx-underground.org/apts.html) <br>
2019-11-30 00:56:07 +00:00
2020-01-06 04:27:08 +00:00
## 2020
2020-12-02 07:50:06 +00:00
* Dec 01 - [CISA] Advanced Persistent Threat Actors Targeting U.S. Think Tanks](https://us-cert.cisa.gov/ncas/alerts/aa20-336a) | [:closed_book:](../../blob/master/2020/2020.12.01.APT_US_Think_Tanks)
2020-12-01 05:35:18 +00:00
* Nov 30 - [[Microsoft] Threat actor leverages coin miner techniques to stay under the radar heres how to spot them](https://www.microsoft.com/security/blog/2020/11/30/threat-actor-leverages-coin-miner-techniques-to-stay-under-the-radar-heres-how-to-spot-them/) | [:closed_book:](../../blob/master/2020/2020.11.30.BISMUTH_CoinMiner)
2020-11-30 04:19:54 +00:00
* Nov 27 - [[PTSecurity] Investigation with a twist: an accidental APT attack and averted data destruction](https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/incident-response-polar-ransomware-apt27/) | [:closed_book:](../../blob/master/2020/2020.11.27.Twist_APT27)
2020-11-30 04:10:35 +00:00
* Nov 26 - [[CheckPoint] Bandook: Signed & Delivered](https://research.checkpoint.com/2020/bandook-signed-delivered/) | [:closed_book:](../../blob/master/2020/2020.11.26.Bandook)
2020-11-27 09:41:42 +00:00
* Nov 23 - [[S2W Lab] Analysis of Clop Ransomware suspiciously related to the Recent Incident](https://www.notion.so/S2W-LAB-Analysis-of-Clop-Ransomware-suspiciously-related-to-the-Recent-Incident-English-088056baf01242409a6e9f844f0c5f2e) | [:closed_book:](../../blob/master/2020/2020.11.23.Clop_Campaign)
* Nov 19 - [[Cybereason] Cybereason vs. MedusaLocker Ransomware](https://www.cybereason.com/blog/medusalocker-ransomware) | [:closed_book:](../../blob/master/2020/2020.11.19.MedusaLocker_Ransomware)
2020-12-02 04:50:00 +00:00
* Nov 18 - [[KR-CERT] Analysis of the Bookcodes RAT C2 framework starting with spear phishing](https://www.boho.or.kr/filedownload.do?attach_file_seq=2612&attach_file_id=EpF2612.pdf) | [:closed_book:](../../blob/master/2020/2020.11.18.Bookcodes_C2)
2020-11-19 02:56:56 +00:00
* Nov 17 - [[Cybereason] CHAES: Novel Malware Targeting Latin American E-Commerce](https://www.cybereason.com/hubfs/dam/collateral/reports/11-2020-Chaes-e-commerce-malware-research.pdf) | [:closed_book:](../../blob/master/2020/2020.11.17.CHAES)
2020-11-19 02:24:50 +00:00
* Nov 17 - [[Symantec] Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign](https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-japan-espionage) | [:closed_book:](../../blob/master/2020/2020.11.17.Cicada_Japan)
2020-11-19 02:46:09 +00:00
* Nov 16 - [[FoxIT] TA505: A Brief History Of Their Time](https://blog.fox-it.com/2020/11/16/ta505-a-brief-history-of-their-time/) | [:closed_book:](../../blob/master/2020/2020.11.16.TA505_History)
* Nov 16 - [[Bitdefender] A Detailed Timeline of a Chinese APT Espionage Attack Targeting South Eastern Asian Government Institutions](https://www.bitdefender.com/files/News/CaseStudies/study/379/Bitdefender-Whitepaper-Chinese-APT.pdf) | [:closed_book:](../../blob/master/2020/2020.11.16.Chinese_APT_South_Eastern_Asian)
2020-11-13 04:15:53 +00:00
* Nov 12 - [[CISCO] CRAT wants to plunder your endpoints](https://blog.talosintelligence.com/2020/11/crat-and-plugins.html) | [:closed_book:](../../blob/master/2020/2020.11.12.CRAT_Lazarus)
2020-11-13 04:07:49 +00:00
* Nov 12 - [[BlackBerry] The CostaRicto Campaign: Cyber-Espionage Outsourced](https://blogs.blackberry.com/en/2020/11/the-costaricto-campaign-cyber-espionage-outsourced) | [:closed_book:](../../blob/master/2020/2020.11.12.CostaRicto_Campaign)
* Nov 12 - [[ESET] Hungry for data, ModPipe backdoor hits POS software used in hospitality sector](https://www.welivesecurity.com/2020/11/12/hungry-data-modpipe-backdoor-hits-pos-software-hospitality-sector/) | [:closed_book:](../../blob/master/2020/2020.11.12.ModPipe_POS_Hospitality-Sector)
2020-11-11 04:21:04 +00:00
* Nov 10 - [[Record Future] New APT32 Malware Campaign Targets Cambodian Government](https://www.recordedfuture.com/apt32-malware-campaign/) | [:closed_book:](../../blob/master/2020/2020.11.10.APT32_Cambodian)
2020-11-11 07:00:27 +00:00
* Nov 06 - [[Volexity] OceanLotus: Extending Cyber Espionage Operations Through Fake Websites](https://www.volexity.com/blog/2020/11/06/oceanlotus-extending-cyber-espionage-operations-through-fake-websites/) | [:closed_book:](../../blob/master/2020/2020.11.06.OceanLotus_Fake_Websites)
2020-11-05 06:21:29 +00:00
* Nov 04 - [[Sophos] A new APT uses DLL side-loads to “KilllSomeOne”](https://news.sophos.com/en-us/2020/11/04/a-new-apt-uses-dll-side-loads-to-killlsomeone/) | [:closed_book:](../../blob/master/2020/2020.11.04.KilllSomeOne_DLL_APT)
2020-11-04 06:20:15 +00:00
* Nov 01 - [[Cyberstanc] A look into APT36's (Transparent Tribe) tradecraft](https://cyberstanc.com/blog/a-look-into-apt36-transparent-tribe/) | [:closed_book:](../../blob/master/2020/2020.11.01.Transparent_Tribe_APT)
2020-11-04 06:16:19 +00:00
* Oct 27 - [[US-CERT] North Korean Advanced Persistent Threat
Focus: Kimsuky](https://us-cert.cisa.gov/sites/default/files/publications/TLP-WHITE_AA20-301A_North_Korean_APT_Focus_Kimsuky.pdf) | [:closed_book:](../../blob/master/2020/2020.10.27_AA20-301A.North_Korean_APT)
* Oct 26 - [[DrWeb] Study of the ShadowPad APT backdoor and its relation to PlugX](https://news.drweb.com/show/?i=14048&lng=en) | [:closed_book:](../../blob/master/2020/2020.10.26.ShadowPad_APT_backdoor_PlugX)
2020-10-27 08:13:22 +00:00
* Oct 23 - [[360] APT-C-44 NAFox](https://blogs.360.cn/post/APT-C-44.html) | [:closed_book:](../../blob/master/2020/2020.10.23.APT-C-44_NAFox)
2020-10-26 07:33:28 +00:00
* Oct 22 - [[WeiXin] Bitter CHM](https://mp.weixin.qq.com/s/9O4nZV-LNHuBy2ihg2XeIw) | [:closed_book:](../../blob/master/2020/2020.10.22.Bitter_CHM_APT)
2020-12-02 04:55:51 +00:00
* Oct 19 - [[Trend Micro] Operation Earth Kitsune: Tracking SLUBs Current Operations](https://www.trendmicro.com/vinfo/hk-en/security/news/cyber-attacks/operation-earth-kitsune-tracking-slub-s-current-operations) | [:closed_book:](../../blob/master/2020/2020.10.19_-_Operation_Earth_Kitsune_-_Tracking_SLUBs_current_operations/2020.10.19_-_Operation_Earth_Kitsune_-_Tracking_SLUBs_current_operations.pdf)
2020-10-16 15:51:31 +00:00
* Oct 15 - [[ClearSky] Operation Quicksand MuddyWaters Offensive Attack Against Israeli Organizations](https://www.clearskysec.com/operation-quicksand/) | [:closed_book:](../../blob/master/2020/2020.10.15_Operation_Quicksand_MuddyWaters_Offensive_Attack_Against_Israeli/2020.10.15_Operation_Quicksand_MuddyWaters_Offensive_Attack_Against_Israeli.pdf)
2020-11-16 02:01:09 +00:00
* Oct 14 - [[MalwareByte] Silent Librarian APT right on schedule for 20/21 academic year](https://blog.malwarebytes.com/malwarebytes-news/2020/10/silent-librarian-apt-phishing-attack/) | [:closed_book:](../../blob/master/2020/2020.10.14.Silent_Librarian_APT)
2020-10-14 04:31:39 +00:00
* Oct 13 - [[WeiXin] Operation Rubia cordifolia](https://mp.weixin.qq.com/s/omacDXAdio88a_f0Xwu-kg) | [:closed_book:](../../blob/master/2020/2020.10.13.Operation_Rubia_cordifolia)
2020-10-08 08:52:55 +00:00
* Oct 07 - [[BlackBerry] BlackBerry Uncovers Massive Hack-For-Hire Group Targeting Governments, Businesses, Human Rights Groups and Influential Individuals](https://www.blackberry.com/us/en/company/newsroom/press-releases/2020/blackberry-uncovers-massive-hack-for-hire-group-targeting-governments-businesses-human-rights-groups-and-influential-individuals) | [:closed_book:](../../blob/master/2020/2020.10.07.Massive_Hack-For-Hire_Group)
2020-10-08 08:46:22 +00:00
* Oct 06 - [[Malwarebytes] Release the Kraken: Fileless APT attack abuses Windows Error Reporting service](https://blog.malwarebytes.com/malwarebytes-news/2020/10/kraken-attack-abuses-wer-service/) | [:closed_book:](../../blob/master/2020/2020.10.06.Kraken_Fileless_APT)
2020-10-06 17:34:22 +00:00
* Oct 05 - [[Kaspersky] MosaicRegressor: Lurking in the Shadows of UEFI](https://securelist.com/mosaicregressor/98849/) | [:closed_book:](../../blob/master/2020/2020.10.05.MosaicRegressor_Lurking_in_the_Shadows_of_UEFI/2020.10.05_-_MosaicRegressor_Lurking_in_the_Shadows_of_UEFI_Securelist_2020.pdf)
2020-10-08 08:57:03 +00:00
* Sep 30 - [[ESET] APTC23 group evolves its Android spyware](https://www.welivesecurity.com/2020/09/30/aptc23-group-evolves-its-android-spyware/) | [:closed_book:](../../blob/master/2020/2020.09.30.APTC23_Android)
2020-10-08 09:01:57 +00:00
* Sep 29 - [[Symantec] Palmerworm: Espionage Gang Targets the Media, Finance, and Other Sectors](https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt) | [:closed_book:](../../blob/master/2020/2020.09.29.Palmerworm)
* Sep 29 - [[PTSecurity] ShadowPad: new activity from the Winnti group](https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/shadowpad-new-activity-from-the-winnti-group/) | [:closed_book:](../../blob/master/2020/2020.09.29_ShadowPad_-_new_activity_from_the_Winnti_group)
2020-09-28 05:28:25 +00:00
* Sep 25 - [[Amnesty] German-made FinSpy spyware found in Egypt, and Mac and Linux versions revealed](https://www.amnesty.org/en/latest/research/2020/09/german-made-finspy-spyware-found-in-egypt-and-mac-and-linux-versions-revealed/) | [:closed_book:](../../blob/master/2020/2020.09.25.Finspy_in_Egypt)
2020-09-28 04:27:58 +00:00
* Sep 25 - [[360] APT-C-43 steals Venezuelan military secrets to provide intelligence support for the reactionaries — HpReact campaign](https://blog.360totalsecurity.com/en/apt-c-43-steals-venezuelan-military-secrets-to-provide-intelligence-support-for-the-reactionaries-hpreact-campaign/) | [:closed_book:](../../blob/master/2020/2020.09.25.APT-C-43_HpReact_campaign)
2020-09-25 10:08:30 +00:00
* Sep 24 - [[Microsoft] detecting empires in the cloud](https://www.microsoft.com/security/blog/2020/09/24/gadolinium-detecting-empires-cloud/) | [:closed_book:](../../blob/master/2020/2020.09.24.Empires_in_the_Cloud)
2020-09-24 09:17:27 +00:00
* Sep 23 - [[Seqrite] Operation SideCopy](https://www.seqrite.com/blog/operation-sidecopy/) | [:closed_book:](../../blob/master/2020/2020.09.23.Operation_SideCopy)
* Sep 22 - [[Quointelligence] APT28 Delivers Zebrocy Malware Campaign using NATO Theme as Lure](https://quointelligence.eu/2020/09/apt28-zebrocy-malware-campaign-nato-theme/) | [:closed_book:](../../blob/master/2020/2020.09.22.APT28_Zebrocy_Malware_Campaign)
* Sep 21 - [[CISCO] The art and science of detecting Cobalt Strike](https://blog.talosintelligence.com/2020/09/coverage-strikes-back-cobalt-strike-paper.html) | [:closed_book:](../../blob/master/2020/2020.09.21.coverage-strikes-back-cobalt-strike-paper)
2020-09-17 05:51:06 +00:00
* Sep 17 - [[Qianxin] Operation Tibbar](https://ti.qianxin.com/uploads/2020/09/17/69da886eecc7087e9dac2d3ea4c66ba8.pdf) | [:closed_book:](../../blob/master/2020/2020.09.17.Operation_Tibbar)
2020-12-02 06:07:24 +00:00
* Sep 16 - [[Intel471] Partners in crime: North Koreans and elite Russian-speaking cybercriminals](https://public.intel471.com/blog/partners-in-crime-north-koreans-and-elite-russian-speaking-cybercriminals/) | [:closed_book:](../../blob/master/2020/2020.09.16.Partners_in_crime)
2020-09-17 05:51:06 +00:00
* Sep 08 - [[Microsoft] TeamTNT activity targets Weave Scope deployments](https://techcommunity.microsoft.com/t5/azure-security-center/teamtnt-activity-targets-weave-scope-deployments/ba-p/1645968) | [:closed_book:](../../blob/master/2020/2020.09.08.TeamTNT_Weave-Scope)
2020-09-07 09:02:42 +00:00
* Sep 03 - [[Cybereason] NO REST FOR THE WICKED: EVILNUM UNLEASHES PYVIL RAT](https://www.cybereason.com/blog/no-rest-for-the-wicked-evilnum-unleashes-pyvil-rat) | [:closed_book:](../../blob/master/2020/2020.09.03.Evilnum_Pyvil)
2020-09-07 07:29:21 +00:00
* Sep 01 - [[proofpoint] Chinese APT TA413 Resumes Targeting of Tibet Following COVID-19 Themed Economic Espionage Campaign Delivering Sepulcher Malware Targeting Europe](https://www.proofpoint.com/us/blog/threat-insight/chinese-apt-ta413-resumes-targeting-tibet-following-covid-19-themed-economic) | [:closed_book:](../../blob/master/2020/2020.09.01.Chinese_APT_TA413)
* Aug 27 - [[ClearSky] The Kittens Are Back in Town 3](https://www.clearskysec.com/the-kittens-are-back-in-town-3/) | [:closed_book:](../../blob/master/2020/2020.08.27.Kittens_Are_Back)
2020-09-24 01:27:43 +00:00
* Aug 28 - [[Kaspersky] Transparent Tribe: Evolution analysis, part 2](https://securelist.com/transparent-tribe-part-2/98233/) | [:closed_book:](../../blob/master/2020/2020.08.28_Transparent_Tribe)
2020-11-26 04:03:01 +00:00
* Aug 24 - [[Kaspersky] Lifting the veil on DeathStalker, a mercenary triumvirate](https://securelist.com/deathstalker-mercenary-triumvirate/98177/) | [:closed_book:](../../blob/master/2020/2020.08.24_DeathStalker)
2020-09-07 07:29:21 +00:00
* Aug 20 - [[CertFR] DEVELOPMENT OF THE ACTIVITY OF THE TA505 CYBERCRIMINAL GROUP](https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-009.pdf) | [:closed_book:](../../blob/master/2020/2020.08.20_DEVELOPMENT_TA505)
2020-08-27 04:01:32 +00:00
* Aug 20 - [[Bitdefender] More Evidence of APT Hackers-for-Hire Used for Industrial Espionage](https://labs.bitdefender.com/2020/08/apt-hackers-for-hire-used-for-industrial-espionage/) | [:closed_book:](../../blob/master/2020/2020.08.20_APT_Hackers_for_Hire)
2020-09-28 04:55:17 +00:00
* Aug 18 - [[F-Secure] LAZARUS GROUP CAMPAIGN TARGETING THE CRYPTOCURRENCY VERTICAL](https://labs.f-secure.com/assets/BlogFiles/f-secureLABS-tlp-white-lazarus-threat-intel-report2.pdf) | [:closed_book:](../../blob/master/2020/2020.08.18.LAZARUS_GROUP)
2020-08-14 03:27:57 +00:00
* Aug 13 - [[Kaspersky] CactusPete APT groups updated Bisonal backdoor](https://securelist.com/cactuspete-apt-groups-updated-bisonal-backdoor/97962/) | [:closed_book:](../../blob/master/2020/2020.08.13.CactusPete_APT)
2020-08-13 07:26:40 +00:00
* Aug 13 - [[ClearSky] Operation Dream Job Widespread North Korean Espionage Campaign](https://www.clearskysec.com/operation-dream-job/) | [:closed_book:](../../blob/master/2020/2020.08.13.Operation_Dream_Job)
2020-12-02 07:54:03 +00:00
* Aug 13 - [[CISA] Russian GRU 85th GTsSS Deploys Previously Undisclosed Drovorub Malware](https://media.defense.gov/2020/Aug/13/2002476465/-1/-1/0/CSA_DROVORUB_RUSSIAN_GRU_MALWARE_AUG_2020.PDF) | [:closed_book:](../../blob/master/2020/2020.08.13.Russian_GRU_85th_GTsSS)
2020-08-14 08:03:43 +00:00
* Aug 12 - [[Kaspersky] Internet Explorer and Windows zero-day exploits used in Operation PowerFall](https://securelist.com/ie-and-windows-zero-day-operation-powerfall/97976/) | [:closed_book:](../../blob/master/2020/2020.08.12.Operation_PowerFall)
2020-08-12 06:10:50 +00:00
* Aug 10 - [[Seqrite] Gorgon APT targeting MSME sector in India](https://www.seqrite.com/blog/gorgon-apt-targeting-msme-sector-in-india/) | [:closed_book:](../../blob/master/2020/2020.08.10.Gorgon_APT)
2020-12-02 07:50:06 +00:00
* Aug 03 - [[CISA] MAR-10292089-1.v2 Chinese Remote Access Trojan: TAIDOOR](https://us-cert.cisa.gov/ncas/analysis-reports/ar20-216a) | [:closed_book:](../../blob/master/2020/2020.08.03.TAIDOOR)
2020-08-04 08:17:30 +00:00
* Jul 29 - [[McAfee] Operation North Star: A Job Offer Thats Too Good to be True?](https://www.mcafee.com/blogs/other-blogs/mcafee-labs/operation-north-star-a-job-offer-thats-too-good-to-be-true/) | [:closed_book:](../../blob/master/2020/2020.07.29.Operation_North_Star)
2020-12-02 06:19:41 +00:00
* Jul 28 - [[Group-IB] JOLLY ROGERS PATRONS](https://www.group-ib.com/resources/threat-research/black-jack.html) | [:closed_book:](../../blob/master/2020/2020.07.28.black-jack)
2020-07-23 01:55:19 +00:00
* Jul 22 - [[Palo Alto Network] OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory](https://unit42.paloaltonetworks.com/oilrig-novel-c2-channel-steganography/) | [:closed_book:](../../blob/master/2020/2020.07.22.OilRig_Middle_Eastern_Telecommunication)
2020-07-23 01:44:25 +00:00
* Jul 22 - [[Kaspersky] MATA: Multi-platform targeted malware framework](https://securelist.com/mata-multi-platform-targeted-malware-framework/97746/) | [:closed_book:](../../blob/master/2020/2020.07.22_MATA_APT)
2020-12-02 07:50:06 +00:00
* Jul 16 - [[NCSC] Advisory: APT29 targets COVID-19 vaccine development](https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development) | [:closed_book:](../../blob/master/2020/2020.07.16.apt29-targets-covid-19-vaccine-development)
2020-07-16 07:55:39 +00:00
* Jul 15 - [[F-Secure] THE FAKE CISCO: Hunting for backdoors in Counterfeit Cisco devices](https://labs.f-secure.com/assets/BlogFiles/2020-07-the-fake-cisco.pdf) | [:closed_book:](../../blob/master/2020/2020.07.15_the_Fake_CISCO)
2020-07-23 01:55:19 +00:00
* Jul 14 - [[Tesly] TURLA / VENOMOUS BEAR UPDATES ITS ARSENAL: “NEWPASS” APPEARS ON THE APT THREAT SCENE](https://www.telsy.com/turla-venomous-bear-updates-its-arsenal-newpass-appears-on-the-apt-threat-scene/) | [:closed_book:](../../blob/master/2020/2020.07.14_Turla_VENOMOUS_BEAR)
2020-07-16 03:28:29 +00:00
* Jul 14 - [[ESET] Welcome Chat as a secure messaging app? Nothing could be further from the truth](https://www.welivesecurity.com/2020/07/14/welcome-chat-secure-messaging-app-nothing-further-truth/) | [:closed_book:](../../blob/master/2020/2020.07.14_Molerats_Middle_East_APT)
2020-07-13 02:06:08 +00:00
* Jul 12 - [[WeiXin] SideWinder 2020 H1](https://mp.weixin.qq.com/s/5mBqxf_v6G006EnjECoTHw) | [:closed_book:](../../blob/master/2020/2020.07.12_SideWinder_2020_H1)
2020-07-12 02:50:47 +00:00
* Jul 09 - [[AGARI] Cosmic Lynx: The Rise of Russian BEC](https://www.agari.com/cyber-intelligence-research/whitepapers/acid-agari-cosmic-lynx.pdf) | [:closed_book:](../../blob/master/2020/2020.07.09_Cosmic_Lynx)
2020-07-10 03:26:47 +00:00
* Jul 09 - [[ESET] More evil: A deep look at Evilnum and its toolset](https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/) | [:closed_book:](../../blob/master/2020/2020.07.09_Evilnum_Toolset)
2020-09-24 01:27:43 +00:00
* Jul 08 - [[Sedbraven] Copy cat of APT Sidewinder ?](https://medium.com/@Sebdraven/copy-cat-of-apt-sidewinder-1893059ca68d) | [:closed_book:](../../blob/master/2020/2020.07.08.Copy_Cat_of_Sidewinder)
2020-08-20 06:41:15 +00:00
* Jul 08 - [[proofpoint] TA410: The Group Behind LookBack Attacks Against U.S. Utilities Sector Returns with New Malware](https://www.proofpoint.com/us/blog/threat-insight/ta410-group-behind-lookback-attacks-against-us-utilities-sector-returns-new) | [:closed_book:](../../blob/master/2020/2020.07.08.TA410)
2020-07-10 03:58:50 +00:00
* Jul 08 - [[Seqrite] Operation Honey Trap: APT36 Targets Defense Organizations in India](https://www.seqrite.com/blog/operation-honey-trap-apt36-targets-defense-organizations-in-india/) | [:closed_book:](../../blob/master/2020/2020.07.08_Operation_Honey_Trap)
2020-07-06 08:36:51 +00:00
* Jul 06 - [[Sansec] North Korean hackers are skimming US and European shoppers](https://sansec.io/research/north-korea-magecart) | [:closed_book:](../../blob/master/2020/2020.07.06_North_Korean_Magecart)
2020-07-03 12:57:15 +00:00
* Jul 01 - [[Lookout] Mobile APT Surveillance Campaigns Targeting Uyghurs](https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf) | [:closed_book:](../../blob/master/2020/2020.07.01.Mobile_APT_Uyghurs)
2020-06-30 08:33:15 +00:00
* Jun 30 - [[Bitdefender] StrongPity APT Revealing Trojanized Tools, Working Hours and Infrastructure](https://labs.bitdefender.com/2020/06/strongpity-apt-revealing-trojanized-tools-working-hours-and-infrastructure/) | [:closed_book:](../../blob/master/2020/2020.06.30_StrongPity_APT)
2020-06-30 03:35:55 +00:00
* Jun 29 - [[CISCO] PROMETHIUM extends global reach with StrongPity3 APT](https://blog.talosintelligence.com/2020/06/promethium-extends-with-strongpity3.html) | [:closed_book:](../../blob/master/2020/2020.06.29.PROMETHIUM_StrongPity3_APT)
2020-06-30 04:17:05 +00:00
* Jun 26 - [[Symantec] WastedLocker: Symantec Identifies Wave of Attacks Against U.S. Organizations](https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/wastedlocker-ransomware-us) | [:closed_book:](../../blob/master/2020/2020.06.26_WastedLocker_Attack)
* Jun 25 - [[Elastic] A close look at the advanced techniques used in a Malaysian-focused APT campaign](https://www.elastic.co/blog/advanced-techniques-used-in-malaysian-focused-apt-campaign) | [:closed_book:](../../blob/master/2020/2020.06.25.Malaysian-focused-APT_campaign)
2020-08-27 04:01:32 +00:00
* Jun 24 - [[Dell] BRONZE VINEWOOD Targets Supply Chains](https://www.secureworks.com/research/bronze-vinewood-targets-supply-chains) | [:closed_book:](../../blob/master/2020/2020.06.24.BRONZE_VINEWOOD)
2020-06-30 04:17:05 +00:00
* Jun 23 - [[NCCGroup] WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group](https://research.nccgroup.com/2020/06/23/wastedlocker-a-new-ransomware-variant-developed-by-the-evil-corp-group/) | [:closed_book:](../../blob/master/2020/2020.06.23.WastedLocker_Evil_Corp_Group)
* Jun 19 - [[Zscaler] Targeted Attack Leverages India-China Border Dispute to Lure Victims](https://www.zscaler.com/blogs/research/targeted-attack-leverages-india-china-border-dispute-lure-victims) | [:closed_book:](../../blob/master/2020/2020.06.19.India-China_Border_Dispute_APT)
2020-06-19 08:36:05 +00:00
* Jun 18 - [[ESET] Digging up InvisiMoles hidden arsenal](https://www.welivesecurity.com/2020/06/18/digging-up-invisimole-hidden-arsenal/) | [:closed_book:](../../blob/master/2020/2020.06.18.InvisiMole_hidden_arsenal)
2020-06-18 04:05:55 +00:00
* Jun 17 - [[ESET] Operation In(ter)ception: Aerospace and military companies in the crosshairs of cyberspies](https://www.welivesecurity.com/2020/06/17/operation-interception-aerospace-military-companies-cyberspies/) | [:closed_book:](../../blob/master/2020/2020.06.17.Operation_Interception)
2020-06-18 03:49:05 +00:00
* Jun 17 - [[Palo Alto] AcidBox: Rare Malware Repurposing Turla Group Exploit Targeted Russian Organizations](https://unit42.paloaltonetworks.com/acidbox-rare-malware/) | [:closed_book:](../../blob/master/2020/2020.06.17.AcidBox)
2020-06-18 03:41:59 +00:00
* Jun 17 - [[Malwarebytes] Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature](https://blog.malwarebytes.com/threat-analysis/2020/06/multi-stage-apt-attack-drops-cobalt-strike-using-malleable-c2-feature/) | [:closed_book:](../../blob/master/2020/2020.06.17.malleable-c2-feature_APT)
2020-06-19 05:33:42 +00:00
* Jun 16 - [[PTSecurity] Cobalt: tactics and tools update](https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/cobalt_upd_ttps/) | [:closed_book:](../../blob/master/2020/2020.06.16.Cobalt_Update)
* Jun 15 - [[Amnesty] India: Human Rights Defenders Targeted by a Coordinated Spyware Operation](https://www.amnesty.org/en/latest/research/2020/06/india-human-rights-defenders-targeted-by-a-coordinated-spyware-operation/) | [:closed_book:](../../blob/master/2020/2020.06.15.india-human-rights-defenders-targeted)
2020-06-15 02:42:55 +00:00
* Jun 11 - [[Trend Micro] New Android Spyware ActionSpy Revealed via Phishing Attacks from Earth Empusa](https://blog.trendmicro.com/trendlabs-security-intelligence/new-android-spyware-actionspy-revealed-via-phishing-attacks-from-earth-empusa/) | [:closed_book:](../../blob/master/2020/2020.06.11.Earth_Empusa)
2020-08-27 04:01:32 +00:00
* Jul 11 - [[ESET] Gamaredon group grows its game](https://www.welivesecurity.com/2020/06/11/gamaredon-group-grows-its-game/) | [:closed_book:](../../blob/master/2020/2020.06.11.Gamaredon_group)
2020-06-09 04:23:36 +00:00
* Jun 08 - [[proofpoint] TA410: The Group Behind LookBack Attacks Against U.S. Utilities Sector Returns with New Malware](https://www.proofpoint.com/us/blog/threat-insight/ta410-group-behind-lookback-attacks-against-us-utilities-sector-returns-new) | [:closed_book:](../../blob/master/2020/2020.06.08.TA410)
2020-06-16 07:55:47 +00:00
* Jun 08 - [[CheckPoint] GuLoader? No, CloudEyE](https://research.checkpoint.com/2020/guloader-cloudeye/) | [:closed_book:](../../blob/master/2020/2020.06.08.GuLoader_CloudEyE)
2020-06-05 06:43:14 +00:00
* Jun 03 - [[Malwarebyte] New LNK attack tied to Higaisa APT discovered](https://blog.malwarebytes.com/threat-analysis/2020/06/higaisa/) | [:closed_book:](../../blob/master/2020/2020.06.03.Higaisa_APT)
2020-06-04 04:10:51 +00:00
* Jun 03 - [[Kaspersky] Cycldek: Bridging the (air) gap](https://securelist.com/cycldek-bridging-the-air-gap/97157/) | [:closed_book:](../../blob/master/2020/2020.06.03.Cycldek)
* May 29 - [[IronNet] Russian Cyber Attack Campaigns and Actors](https://ironnet.com/blog/russian-cyber-attack-campaigns-and-actors/) | [:closed_book:](../../blob/master/2020/2020.05.29_russian-cyber-attack-campaigns-and-actors)
* May 28 - [[Kaspersky] The zero-day exploits of Operation WizardOpium](https://securelist.com/the-zero-day-exploits-of-operation-wizardopium/97086/) | [:closed_book:](../../blob/master/2020/2020.05.28_Operation_WizardOpium)
2020-05-27 01:38:45 +00:00
* May 26 - [[ESET] From Agent.BTZ to ComRAT v4: A tenyear journey](https://www.welivesecurity.com/2020/05/26/agentbtz-comratv4-ten-year-journey/) | [:closed_book:](../../blob/master/2020/2020.05.26_From_Agent.BTZ_to_ComRAT)
2020-06-04 04:10:51 +00:00
* May 21 - [[Intezer] The Evolution of APT15s Codebase 2020](https://www.intezer.com/blog/research/the-evolution-of-apt15s-codebase-2020/) | [:closed_book:](../../blob/master/2020/2020.05.21.APT15_Codebase_2020)
2020-05-22 03:14:57 +00:00
* May 21 - [[Bitdefender] Iranian Chafer APT Targeted Air Transportation and Government in Kuwait and Saudi Arabia](https://www.bitdefender.com/files/News/CaseStudies/study/332/Bitdefender-Whitepaper-Chafer-creat4491-en-EN-interactive.pdf) | [:closed_book:](../../blob/master/2020/2020.05.21.Iranian_Chafer_APT)
2020-05-21 10:31:11 +00:00
* May 21 - [[ESET] No “Game over” for the Winnti Group](https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/) | [:closed_book:](../../blob/master/2020/2020.05.21.No_Game_Over_Winnti)
2020-05-21 06:23:50 +00:00
* May 19 - [[Symantec] Sophisticated Espionage Group Turns Attention to Telecom Providers in South Asia](https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/greenbug-espionage-telco-south-asia) | [:closed_book:](../../blob/master/2020/2020.05.19.Greenbug_South_Asia)
* May 18 - [[360] APT-C-23 middle East](https://blogs.360.cn/post/APT-C-23_target_at_Middle_East.html) | [:closed_book:](../../blob/master/2020/2020.05.18_APT-C-23)
2020-05-15 04:28:30 +00:00
* May 14 - [[Telekom] LOLSnif Tracking Another Ursnif-Based Targeted Campaign](https://www.telekom.com/en/blog/group/article/lolsnif-tracking-another-ursnif-based-targeted-campaign-600062) | [:closed_book:](../../blob/master/2020/2020.05.14.LOLSnif)
2020-05-15 03:09:06 +00:00
* May 14 - [[Sophos] RATicate: an attackers waves of information-stealing malware](https://news.sophos.com/en-us/2020/05/14/raticate/) | [:closed_book:](../../blob/master/2020/2020.05.14.RATicate)
2020-05-15 02:57:47 +00:00
* May 14 - [[360] Vendetta-new threat actor from Europe](https://blog.360totalsecurity.com/en/vendetta-new-threat-actor-from-europe/) | [:closed_book:](../../blob/master/2020/2020.05.14.Vendetta_APT)
2020-05-15 02:46:23 +00:00
* May 14 - [[ESET] Mikroceen: Spying backdoor leveraged in highprofile networks in Central Asia](https://www.welivesecurity.com/2020/05/14/mikroceen-spying-backdoor-high-profile-networks-central-asia/) | [:closed_book:](../../blob/master/2020/2020.05.14.Mikroceen)
* May 14 - [[Avast] APT Group Planted Backdoors Targeting High Profile Networks in Central Asia](https://decoded.avast.io/luigicamastra/apt-group-planted-backdoors-targeting-high-profile-networks-in-central-asia/?utm_source=rss&utm_medium=rss&utm_campaign=apt-group-planted-backdoors-targeting-high-profile-networks-in-central-asia) | [:closed_book:](../../blob/master/2020/2020.05.14.Central_Asia_APT)
* May 14 - [[Kaspersky] COMpfun authors spoof visa application with HTTP status-based Trojan](https://securelist.com/compfun-http-status-based-trojan/96874/) | [:closed_book:](../../blob/master/2020/2020.05.14.COMpfun)
2020-05-14 01:11:47 +00:00
* May 13 - [[ESET] Ramsay: A cyberespionage toolkit tailored for airgapped networks](https://www.welivesecurity.com/2020/05/13/ramsay-cyberespionage-toolkit-airgapped-networks/) | [:closed_book:](../../blob/master/2020/2020.05.13.Ramsay)
2020-05-15 02:45:20 +00:00
* May 12 - [[Trend Micro] Tropic Troopers Back: USBferry Attack Targets Air-gapped Environments](https://blog.trendmicro.com/trendlabs-security-intelligence/tropic-troopers-back-usbferry-attack-targets-air-gapped-environments/?utm_source=trendmicroresearch&utm_medium=smk&utm_campaign=0520_tropic-trooper) | [:closed_book:](../../blob/master/2020/2020.05.12.Tropic_Trooper_Back)
* May 11 - [[Zscaler] Targeted Attacks on Indian Government and Financial Institutions Using the JsOutProx RAT](https://www.zscaler.com/blogs/research/targeted-attacks-indian-government-and-financial-institutions-using-jsoutprox-rat) | [:closed_book:](../../blob/master/2020/2020.05.11.JsOutProx_RAT_Targeted_Attacks)
2020-05-15 04:28:30 +00:00
* May 11 - [[Palo Alto] Updated BackConfig Malware Targeting Government and Military Organizations in South Asia](https://unit42.paloaltonetworks.com/updated-backconfig-malware-targeting-government-and-military-organizations/) | [:closed_book:](../../blob/master/2020/2020.05.11_BackConfig_South_Asia)
2020-05-26 07:16:30 +00:00
* May 07 - [[RedCanary] Introducing Blue Mockingbird](https://redcanary.com/blog/blue-mockingbird-cryptominer/) | [:closed_book:](../../blob/master/2020/2020.05.07_Blue_Mockingbird)
2020-05-08 02:06:18 +00:00
* May 07 - [[CheckPoint] Naikon APT: Cyber Espionage Reloaded](https://research.checkpoint.com/2020/naikon-apt-cyber-espionage-reloaded/) | [:closed_book:](../../blob/master/2020/2020.05.07_Naikon_APT_Reloaded)
2020-07-10 03:35:50 +00:00
* May 06 - [[Prevailion] Phantom in the Command Shell
](https://blog.prevailion.com/2020/05/phantom-in-command-shell5.html) | [:closed_book:](../../blob/master/2020/2020.05.06_Phantom_EVILNUM)
2020-05-21 08:18:27 +00:00
* May 06 - [[CyberStruggle] Leery Turtle Threat Report](https://cyberstruggle.org/delta/LeeryTurtleThreatReport_05_20.pdf) | [:closed_book:](../../blob/master/2020/2020.05.06_Leery_Turtle)
2020-05-06 06:32:11 +00:00
* May 05 - [[CheckPoint] Nazar: Spirits of the Past](https://research.checkpoint.com/2020/nazar-spirits-of-the-past/) | [:closed_book:](../../blob/master/2020/2020.05.05.Nazar_APT)
* Apr 29 - [[Recorded Future] Chinese Influence Operations Evolve in Campaigns Targeting Taiwanese Elections, Hong Kong Protests](https://go.recordedfuture.com/hubfs/reports/cta-2020-0429.pdf) | [:closed_book:](../../blob/master/2020/2020.04.29.Chinese_Influence_Operations_Taiwanese_Elections_Hong_Kong_Protests)
2020-05-12 02:17:40 +00:00
* Apr 28 - [[Yoroi] Outlaw is Back, a New Crypto-Botnet Targets European Organizations](https://yoroi.company/research/outlaw-is-back-a-new-crypto-botnet-targets-european-organizations/) | [:closed_book:](../../blob/master/2020/2020.04.28_Outlaw_is_Back)
2020-06-15 03:29:38 +00:00
* Apr 28 - [[ESET] Grandoreiro: How engorged can an EXE get?](https://www.welivesecurity.com/2020/04/28/grandoreiro-how-engorged-can-exe-get/) | [:closed_book:](../../blob/master/2020/2020.04.28.Grandoreiro)
2020-05-07 14:50:57 +00:00
* Apr 24 - [[LAC JP] PoshC2](https://www.lac.co.jp/lacwatch/people/20200424_002177.html) | [:closed_book:](../../blob/master/2020/2020.04.24_PoshC2_APT)
2020-04-22 06:32:39 +00:00
* Apr 21 - [[Volexity] Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant](https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/) | [:closed_book:](../../blob/master/2020/2020.04.21.evil-eye-threat-actor)
2020-04-21 08:22:29 +00:00
* Apr 20 - [[QuoIntelligence] WINNTI GROUP: Insights From the Past](https://quointelligence.eu/2020/04/winnti-group-insights-from-the-past/) | [:closed_book:](../../blob/master/2020/2020.04.20_Winnti_from_the_past)
2020-04-27 05:55:04 +00:00
* Apr 17 - [[Trend Micro] Gamaredon APT Group Use Covid-19 Lure in Campaigns](https://blog.trendmicro.com/trendlabs-security-intelligence/gamaredon-apt-group-use-covid-19-lure-in-campaigns) | [:closed_book:](../../blob/master/2020/2020.04.17_Gamaredon_APT_Covid-19)
2020-04-17 04:53:17 +00:00
* Apr 16 - [[Trend Micro] Exposing Modular Adware: How DealPly, IsErIk, and ManageX Persist in Systems](https://blog.trendmicro.com/trendlabs-security-intelligence/exposing-modular-adware-how-dealply-iserik-and-managex-persist-in-systems/) | [:closed_book:](../../blob/master/2020/2020.04.16_Exposing_Modular_Adware)
* Apr 16 - [[White Ops] Giving Fraudsters the Cold Shoulder: Inside the Largest Connected TV Bot Attack](https://www.whiteops.com/blog/giving-fraudsters-the-cold-shoulder-inside-the-largest-connected-tv-bot-attack) | [:closed_book:](../../blob/master/2020/2020.04.16_ICEBUCKET_TV_Bot_Attack)
2020-04-16 05:10:34 +00:00
* Apr 16 - [[CyCraft] Taiwan High-Tech Ecosystem Targeted by Foreign APT Group](https://cycraft.com/download/%5BTLP-Green%5D20200415%20Chimera_V4.1.pdf) | [:closed_book:](../../blob/master/2020/2020.04.16_Taiwan_High-Tech_APT)
2020-05-18 01:42:13 +00:00
* Apr 15 - [[Lookout] Nation-state Mobile Malware Targets Syrians with COVID-19 Lures](https://blog.lookout.com/nation-state-mobile-malware-targets-syrians-with-covid-19-lures) | [:closed_book:](../../blob/master/2020/2020.04.15_COVID-19_Lures_Syrians)
2020-08-12 06:10:50 +00:00
* Apr 15 - [[Cycraft] Craft for Resilience: APT Group Chimera](https://cycraft.com/download/%5BTLP-White%5D20200415%20Chimera_V4.1.pdf) | [:closed_book:](../../blob/master/2020/2020.04.15_Chimera_APT)
2020-04-14 01:48:26 +00:00
* Apr 07 - [[MalwareBytes] APTs and COVID-19: How advanced persistent threats use the coronavirus as a lure](https://resources.malwarebytes.com/files/2020/04/200407-MWB-COVID-White-Paper_Final.pdf) | [:closed_book:](../../blob/master/2020/2020.04.07_APTs_COVID-19)
2020-04-08 06:25:07 +00:00
* Apr 07 - [[Zscaler] New Ursnif Campaign: A Shift from PowerShell to Mshta](https://www.zscaler.com/blogs/research/new-ursnif-campaign-shift-powershell-mshta) | [:closed_book:](../../blob/master/2020/2020.04.07_New_Ursnif_Campaign)
* Apr 07 - [[BlackBerry] Decade of the RATs: Novel APT Attacks Targeting Linux, Windows and Android](https://blogs.blackberry.com/en/2020/04/decade-of-the-rats) | [:closed_book:](../../blob/master/2020/2020.04.07_Decade_of_the_RATs)
2020-03-31 05:48:52 +00:00
* Mar 30 - [[Alyac] The 'Spy Cloud' Operation: Geumseong121 group carries out the APT attack disguising the evidence of North Korean defection](https://blog.alyac.co.kr/attachment/cfile8.uf@9977CF405E81A09B1C4CE2.pdf) | [:closed_book:](../../blob/master/2020/2020.03.30_Spy_Cloud_Operation)
2020-03-26 23:45:24 +00:00
* Mar 26 - [[Kaspersky] iOS exploit chain deploys LightSpy feature-rich malware](https://securelist.com/ios-exploit-chain-deploys-lightspy-malware/96407/) | [:closed_book:](../../blob/master/2020/2020.03.26_LightSpy_TwoSail_Junk_APT)
* Mar 25 - [[FireEye] This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits](https://www.fireeye.com/blog/threat-research/2020/03/apt41-initiates-global-intrusion-campaign-using-multiple-exploits.html) | [:closed_book:](../../blob/master/2020/2020.03.25_APT41-initiates-global-intrusion-campaign)
2020-03-26 23:53:46 +00:00
* Mar 24 - [[Kaspersky] WildPressure targets industrial-related entities in the Middle East](https://securelist.com/wildpressure-targets-industrial-in-the-middle-east/96360/) | [:closed_book:](../../blob/master/2020/2020.03.24_WildPressure)
2020-03-24 14:02:06 +00:00
* Mar 24 - [[Trend Micro] Operation Poisoned News: Hong Kong Users Targeted With Mobile Malware via Local News Links](https://blog.trendmicro.com/trendlabs-security-intelligence/operation-poisoned-news-hong-kong-users-targeted-with-mobile-malware-via-local-news-links/) | [:closed_book:](../../blob/master/2020/2020.03.24_Operation_Poisoned_News)
2020-03-20 07:38:05 +00:00
* Mar 19 - [[Trend Micro] Probing Pawn Storm : Cyberespionage Campaign Through Scanning, Credential Phishing and More](https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/probing-pawn-storm-cyberespionage-campaign-through-scanning-credential-phishing-and-more) | [:closed_book:](../../blob/master/2020/2020.03.19_Probing_Pawn_Storm)
2020-03-17 03:50:07 +00:00
* Mar 15 - [[MalwareBytes] APT36 jumps on the coronavirus bandwagon, delivers Crimson RAT](https://blog.malwarebytes.com/threat-analysis/2020/03/apt36-jumps-on-the-coronavirus-bandwagon-delivers-crimson-rat/) | [:closed_book:](../../blob/master/2020/2020.03.15_APT36_Crimson_RAT)
* Mar 12 - [[Checkpoint] Vicious Panda: The COVID Campaign](https://research.checkpoint.com/2020/vicious-panda-the-covid-campaign/) | [:closed_book:](../../blob/master/2020/2020.03.12_Vicious_Panda)
2020-03-14 15:07:38 +00:00
* Mar 12 - [[SecPulse] Two-tailed scorpion APT-C-23](https://www.secpulse.com/archives/125292.html) | [:closed_book:](../../blob/master/2020/2020.03.12_Two-tailed_scorpion)
2020-03-13 05:52:34 +00:00
* Mar 12 - [[ESET] Tracking Turla: New backdoor delivered via Armenian watering holes](https://www.welivesecurity.com/2020/03/12/tracking-turla-new-backdoor-armenian-watering-holes) | [:closed_book:](../../blob/master/2020/2020.03.12_Tracking_Turla)
2020-03-12 08:06:20 +00:00
* Mar 11 - [[Trend Micro] Operation Overtrap Targets Japanese Online Banking Users Via Bottle Exploit Kit and Brand-New Cinobi Banking Trojan](https://blog.trendmicro.com/trendlabs-security-intelligence/operation-overtrap-targets-japanese-online-banking-users-via-bottle-exploit-kit-and-brand-new-cinobi-banking-trojan/) | [:closed_book:](../../blob/master/2020/2020.03.11.Operation_Overtrap)
2020-03-14 15:36:48 +00:00
* Mar 10 - [[Cybereason] WHO'S HACKING THE HACKERS: NO HONOR AMONG THIEVES](https://www.cybereason.com/blog/whos-hacking-the-hackers-no-honor-among-thieves) | [:closed_book:](../../blob/master/2020/2020.03.10.WHO_HACKING_THE_HACKERS)
2020-03-14 14:53:28 +00:00
* Mar 05 - [[Trend Micro] Dissecting Geost: Exposing the Anatomy of the Android Trojan Targeting Russian Banks](https://blog.trendmicro.com/trendlabs-security-intelligence/dissecting-geost-exposing-the-anatomy-of-the-android-trojan-targeting-russian-banks/) | [:closed_book:](../../blob/master/2020/2020.03.05_Dissecting_Geost)
2020-03-14 15:31:42 +00:00
* Mar 05 - [[ESET] Guildma: The Devil drives electric](https://www.welivesecurity.com/2020/03/05/guildma-devil-drives-electric/) | [:closed_book:](../../blob/master/2020/2020.03.05_Guildma)
2020-03-04 08:47:54 +00:00
* Mar 03 - [[F5] New Perl Botnet (Tuyul) Found with Possible Indonesian Attribution](https://www.f5.com/labs/articles/threat-intelligence/new-perl-botnet--tuyul--found-with-possible-indonesian-attributi) | [:closed_book:](../../blob/master/2020/2020.03.03_Tuyul_Botnet_Indonesian)
2020-03-04 08:27:45 +00:00
* Mar 03 - [[Yoroi] The North Korean Kimsuky APT keeps threatening South Korea evolving its TTPs](https://blog.yoroi.company/research/the-north-korean-kimsuky-apt-keeps-threatening-south-korea-evolving-its-ttps/) | [:closed_book:](../../blob/master/2020/2020.03.03_Kimsuky_APT)
2020-03-03 01:50:30 +00:00
* Mar 02 - [[Telsy] APT34 (AKA OILRIG, AKA HELIX KITTEN) ATTACKS LEBANON GOVERNMENT ENTITIES WITH MAILDROPPER IMPLANTS](https://blog.telsy.com/apt34-aka-oilrig-attacks-lebanon-government-entities-with-maildropper-implant/) | [:closed_book:](../../blob/master/2020/2020.03.02_APT34_MAILDROPPER)
2020-03-16 01:20:03 +00:00
* Feb 28 - [[Qianxin] Nortrom_Lion_APT](https://ti.qianxin.com/blog/articles/who-is-the-next-silent-lamb-nuo-chong-lions-apt-organization-revealed/) | [:closed_book:](../../blob/master/2020/2020.02.28_Nortrom_Lion_APT)
2020-02-27 05:45:22 +00:00
* Feb 25 - [[Sophos] Cloud Snooper Attack Bypasses Firewall Security Measures](https://news.sophos.com/en-us/2020/02/25/cloud-snooper-attack-bypasses-firewall-security-measures/) | [:closed_book:](../../blob/master/2020/2020.02.25_Cloud_Snooper)
2020-02-27 05:59:07 +00:00
* Feb 22 - [[Objective-See] Weaponizing a Lazarus Group Implant](https://objective-see.com/blog/blog_0x54.html) | [:closed_book:](../../blob/master/2020/2020.02.22_Lazarus_Group_Weaponizing)
2020-03-03 01:41:09 +00:00
* Feb 21 - [[AhnLab] MyKings Botnet](http://download.ahnlab.com/kr/site/library/[AhnLab]Analysis%20Report_MyKings%20Botnet.pdf) | [:closed_book:](../../blob/master/2020/2020.02.21_MyKings_Botnet)
2020-09-17 05:55:44 +00:00
* Feb 19 - [[lexfo] The Lazarus Constellation](https://blog.lexfo.fr/ressources/Lexfo-WhitePaper-The_Lazarus_Constellation.pdf) | [:closed_book:](../../blob/master/2020/2020.02.19_The_Lazarus_Constellation)
2020-02-18 09:40:59 +00:00
* Feb 18 - [[Trend Micro] Operation DRBControl](https://documents.trendmicro.com/assets/white_papers/wp-uncovering-DRBcontrol.pdf) | [:closed_book:](../../blob/master/2020/2020.02.18_Operation_DRBControl)
2020-02-24 08:14:38 +00:00
* Feb 17 - [[Yoroi] Cyberwarfare: A deep dive into the latest Gamaredon Espionage Campaign](https://blog.yoroi.company/research/cyberwarfare-a-deep-dive-into-the-latest-gamaredon-espionage-campaign/) | [:closed_book:](../../blob/master/2020/2020.02.17.Cyberwarfare_Gamaredon_Campaign)
* Feb 17 - [[Talent-Jump] CLAMBLING - A New Backdoor Base On Dropbox (EN)](http://www.talent-jump.com/article/2020/02/17/CLAMBLING-A-New-Backdoor-Base-On-Dropbox-en/) | [:closed_book:](../../blob/master/2020/2020.02.17_CLAMBLING_Dropbox_Backdoor)
2020-02-18 07:10:56 +00:00
* Feb 17 - [[ClearSky] Fox Kitten Campaign](https://www.clearskysec.com/wp-content/uploads/2020/02/ClearSky-Fox-Kitten-Campaign-v1.pdf) | [:closed_book:](../../blob/master/2020/2020.02.17_Fox_Kitten_Campaign)
2020-02-18 15:05:01 +00:00
* Feb 13 - [[Cybereason] NEW CYBER ESPIONAGE CAMPAIGNS TARGETING PALESTINIANS - PART 2: THE DISCOVERY OF THE NEW, MYSTERIOUS PIEROGI BACKDOOR](https://www.cybereason.com/blog/new-cyber-espionage-campaigns-targeting-palestinians-part-2-the-discovery-of-the-new-mysterious-pierogi-backdoor?utm_content=116986912&utm_medium=social&utm_source=twitter&hss_channel=tw-835463838) | [:closed_book:](../../blob/master/2020/2020.02.13.PIEROGI_BACKDOOR_APT)
2020-02-11 08:42:10 +00:00
* Feb 10 - [[Trend Micro] Outlaw Updates Kit to Kill Older Miner Versions, Targets More Systems](https://blog.trendmicro.com/trendlabs-security-intelligence/outlaw-updates-kit-to-kill-older-miner-versions-targets-more-systems/) | [:closed_book:](../../blob/master/2020/2020.02.10_Outlaw_Updates)
* Feb 03 - [[PaloAlto Networks] Actors Still Exploiting SharePoint Vulnerability to Attack Middle East Government Organizations](https://unit42.paloaltonetworks.com/actors-still-exploiting-sharepoint-vulnerability/) | [:closed_book:](../../blob/master/2020/2020.02.03.SharePoint_Vulnerability_Middle_East)
2020-07-20 06:23:09 +00:00
* Jan XX - [[IBM] New Destructive Wiper “ZeroCleare” Targets Energy Sector in the Middle East](https://www.ibm.com/downloads/cas/OAJ4VZNJ) | [:closed_book:](../../blob/master/2020/2020.01.xx.ZeroCleare_Wiper)
2020-02-04 11:36:16 +00:00
* Jan 31 - [[ESET] Winnti Group targeting universities in Hong Kong](https://www.welivesecurity.com/2020/01/31/winnti-group-targeting-universities-hong-kong/) | [:closed_book:](../../blob/master/2020/2020.01.31.Winnti_universities_in_HK)
2020-01-21 03:29:17 +00:00
* Jan 16 - [[CISCO] JhoneRAT: Cloud based python RAT targeting Middle Eastern countries](https://blog.talosintelligence.com/2020/01/jhonerat.html) | [:closed_book:](../../blob/master/2020/2020.01.16.JhoneRAT)
2020-01-14 09:05:01 +00:00
* Jan 13 - [[ShellsSystems] Reviving MuddyC3 Used by MuddyWater (IRAN) APT](https://shells.systems/reviving-leaked-muddyc3-used-by-muddywater-apt/) | [:closed_book:](../../blob/master/2020/2020.01.13.muddyc3.Revived)
2020-01-14 06:29:22 +00:00
* Jan 13 - [[Lab52] APT27 ZxShell RootKit module updates](https://lab52.io/blog/apt27-rootkit-updates/) | [:closed_book:](../../blob/master/2020/2020.01.13.APT27_ZxShell_RootKit)
2020-01-14 08:38:28 +00:00
* Jan 09 - [[Dragos] The State of Threats to Electric Entities in North America](https://dragos.com/wp-content/uploads/NA-EL-Threat-Perspective-2019.pdf) | [:closed_book:](../../blob/master/2020/2020.01.09.NA-EL-Threat-Perspective)
2020-01-14 08:19:37 +00:00
* Jan 08 - [[Kaspersky] Operation AppleJeus Sequel](https://securelist.com/operation-applejeus-sequel/95596/) | [:closed_book:](../../blob/master/2020/2020.01.08_Operation_AppleJeus_Sequel)
2020-01-21 03:29:17 +00:00
* Jan 07 - [[Recorded Future] Iranian Cyber Response to Death of IRGC Head Would Likely Use Reported TTPs and Previous Access](https://www.recordedfuture.com/iranian-cyber-response/?utm_content=111464182) | [:closed_book:](../../blob/master/2020/2020.01.07_Iranian_Cyber_Response)
2020-01-14 08:48:55 +00:00
* Jan 07 - [[NCA] Destructive Attack: DUSTMAN](https://github.com/blackorbird/APT_REPORT/blob/master/International%20Strategic/Iran/Saudi-Arabia-CNA-report.pdf) | [:closed_book:](../../blob/master/2020/2020.01.07_Destructive_Attack_DUSTMAN)
2020-01-06 13:48:18 +00:00
* Jan 06 - [[Trend Micro] First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group](https://blog.trendmicro.com/trendlabs-security-intelligence/first-active-attack-exploiting-cve-2019-2215-found-on-google-play-linked-to-sidewinder-apt-group/) | [:closed_book:](../../blob/master/2020/2020.01.06.SideWinder_Google_Play)
2020-01-06 04:27:08 +00:00
* Jan 01 - [[WeiXin] Pakistan Sidewinder APT Attack](https://mp.weixin.qq.com/s/CZrdslzEs4iwlaTzJH7Ubg) | [:closed_book:](../../blob/master/2020/2020.01.01.SideWinder_APT)
2019-11-30 00:56:07 +00:00
2019-01-02 06:44:23 +00:00
## 2019
2020-01-06 13:48:18 +00:00
* Dec 29 - [[Dell] BRONZE PRESIDENT Targets NGOs](https://www.secureworks.com/research/bronze-president-targets-ngos) | [:closed_book:](../../blob/master/2019/2019.12.29_BRONZE_PRESIDENT_NGO)
2020-01-06 08:46:09 +00:00
* Dec 26 - [[Pedro Tavares] Targeting Portugal: A new trojan Lampion has spread using template emails from the Portuguese Government Finance & Tax](https://seguranca-informatica.pt/targeting-portugal-a-new-trojan-lampion-has-spread-using-template-emails-from-the-portuguese-government-finance-tax/) | [:closed_book:](../../blob/master/2019/2019.12.26.Trojan-Lampion)
2019-12-19 08:41:20 +00:00
* Dec 19 - [[FoxIT] Operation Wocao](https://resources.fox-it.com/rs/170-CAK-271/images/201912_Report_Operation_Wacao.pdf) | [:closed_book:](../../blob/master/2019/2019.12.19.Operation_Wocao)
2019-12-18 09:56:06 +00:00
* Dec 17 - [[PaloAlto] Rancor: Cyber Espionage Group Uses New Custom Malware to Attack Southeast Asia](https://unit42.paloaltonetworks.com/rancor-cyber-espionage-group-uses-new-custom-malware-to-attack-southeast-asia/) | [:closed_book:](../../blob/master/2019/2019.12.17.Rancor)
2020-01-09 01:20:34 +00:00
* Dec 17 - [[360] Dacls, the Dual platform RAT](https://blog.netlab.360.com/dacls-the-dual-platform-rat-en/) | [:closed_book:](../../blob/master/2019/2019.12.17.Dacls_RAT)
2020-07-03 12:57:15 +00:00
* Dec 16 - [[Sophos] MyKings: The Slow But Steady Growth of a Relentless Botnet](https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/sophoslabs-uncut-mykings-report.pdf) | [:closed_book:](../../blob/master/2019/2019.12.16.MyKings)
2019-12-13 02:47:45 +00:00
* Dec 12 - [[Trend Micro] Drilling Deep: A Look at Cyberattacks on the Oil and Gas Industry](https://documents.trendmicro.com/assets/white_papers/wp-drilling-deep-a-look-at-cyberattacks-on-the-oil-and-gas-industry.pdf) | [:closed_book:](../../blob/master/2019/2019.12.12.Drilling_Deep)
* Dec 12 - [[Microsoft] GALLIUM: Targeting global telecom](https://www.microsoft.com/security/blog/2019/12/12/gallium-targeting-global-telecom/) | [:closed_book:](../../blob/master/2019/2019.12.12.GALLIUM)
* Dec 12 - [[Recorded Future] Operation Gamework: Infrastructure Overlaps Found Between BlueAlpha and Iranian APTs](https://go.recordedfuture.com/hubfs/reports/cta-2019-1212.pdf) | [:closed_book:](../../blob/master/2019/2019.12.12.Operation_Gamework)
2019-12-12 09:53:11 +00:00
* Dec 11 - [[Trend Micro] Waterbear is Back, Uses API Hooking to Evade Security Product Detection](https://blog.trendmicro.com/trendlabs-security-intelligence/waterbear-is-back-uses-api-hooking-to-evade-security-product-detection/) | [:closed_book:](../../blob/master/2019/2019.12.11.Waterbear_Back)
2020-09-17 07:48:41 +00:00
* Dec 11 - [[Cyberason] DROPPING ANCHOR: FROM A TRICKBOT INFECTION TO THE DISCOVERY OF THE ANCHOR MALWARE](https://www.cybereason.com/blog/dropping-anchor-from-a-trickbot-infection-to-the-discovery-of-the-anchor-malware) | [:closed_book:](../../blob/master/2019/2019.12.11_DROPPING_ANCHOR)
* Dec 10 - [[Sentinel] Anchor Project: The Deadly Planeswalker: How The TrickBot Group United High-Tech Crimeware & APT](https://labs.sentinelone.com/the-deadly-planeswalker-how-the-trickbot-group-united-high-tech-crimeware-apt/#report) | [:closed_book:](../../blob/master/2019/2019.12.10_TrickBot_Planeswalker)
2019-12-13 05:48:15 +00:00
* Dec 06 - [[SCILabs] Cosmic Banker campaign is still active revealing link with Banload malware](https://blog.scilabs.mx/cosmic-banker-campaign-is-still-active-revealing-link-with-banload-malware/) | [:closed_book:](../../blob/master/2019/2019.12.06.Cosmic_Banker_campaign)
2019-12-05 08:02:01 +00:00
* Dec 04 - [[IBM] New Destructive Wiper “ZeroCleare” Targets Energy Sector in the Middle East](https://www.ibm.com/downloads/cas/OAJ4VZNJ) | [:closed_book:](../../blob/master/2019/2019.12.04.ZeroCleare)
* Dec 04 - [[Trend Micro] Obfuscation Tools Found in the Capesand Exploit Kit Possibly Used in “KurdishCoder” Campaign](https://blog.trendmicro.com/trendlabs-security-intelligence/obfuscation-tools-found-in-the-capesand-exploit-kit-possibly-used-in-kurdishcoder-campaign/) | [:closed_book:](../../blob/master/2019/2019.12.04.KurdishCoder_Campaign)
2019-12-03 09:51:51 +00:00
* Dec 03 - [[NSHC] Threat Actor Targeting Hong Kong Pro-Democracy Figures](https://threatrecon.nshc.net/2019/12/03/threat-actor-targeting-hong-kong-activists/) | [:closed_book:](../../blob/master/2019/2019.12.03.Hong_Kong_Pro-Democracy)
2019-12-07 12:58:42 +00:00
* Nov 29 - [[Trend Micro] Operation ENDTRADE: Finding Multi-Stage Backdoors that TICK](https://blog.trendmicro.com/trendlabs-security-intelligence/operation-endtrade-finding-multi-stage-backdoors-that-tick) | [:closed_book:](../../blob/master/2019/2019.11.29.Operation_ENDTRADE)
2019-11-29 04:15:02 +00:00
* Nov 28 - [[Kaspersky] RevengeHotels: cybercrime targeting hotel front desks worldwide](https://securelist.com/revengehotels/95229/) | [:closed_book:](../../blob/master/2019/2019.11.28.RevengeHotels)
2019-11-27 07:51:38 +00:00
* Nov 26 - [[Microsoft] Insights from one year of tracking a polymorphic threat: Dexphot](https://www.microsoft.com/security/blog/2019/11/26/insights-from-one-year-of-tracking-a-polymorphic-threat/) | [:closed_book:](../../blob/master/2019/2019.11.26.Dexphot)
2019-11-30 00:56:07 +00:00
* Nov 25 - [[Positive] Studying Donot Team](http://blog.ptsecurity.com/2019/11/studying-donot-team.html) | [:closed_book:](../../blob/master/2019/2019.11.25_Donot_Team)
2020-03-04 08:02:53 +00:00
* Nov 21 - [[ESET] Registers as “Default Print Monitor”, but is a malicious downloader. Meet DePriMon](https://www.welivesecurity.com/2019/11/21/deprimon-default-print-monitor-malicious-downloader/) | [:closed_book:](../../blob/master/2019/2019.11.21.DePriMon)
2019-11-22 09:11:33 +00:00
* Nov 20 - [[360] Golden Eagle (APT-C-34)](http://blogs.360.cn/post/APT-C-34_Golden_Falcon.html) | [:closed_book:](../../blob/master/2019/2019.11.20.Golden_Eagle_APT-C-34)
2019-11-21 01:49:54 +00:00
* Nov 20 - [[Trend Micro] Mac Backdoor Linked to Lazarus Targets Korean Users](https://blog.trendmicro.com/trendlabs-security-intelligence/mac-backdoor-linked-to-lazarus-targets-korean-users/) | [:closed_book:](../../blob/master/2019/2019.11.20.Mac_Lazarus)
* Nov 13 - [[Trend Micro] More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting](https://blog.trendmicro.com/trendlabs-security-intelligence/more-than-a-dozen-obfuscated-apt33-botnets-used-for-extreme-narrow-targeting/) | [:closed_book:](../../blob/master/2019/2019.11.13.APT33_Extreme_Narrow_Targeting)
2020-02-11 08:58:43 +00:00
* Nov 12 - [[Marco Ramilli] TA-505 Cybercrime on System Integrator Companies](https://marcoramilli.com/2019/11/12/ta-505-cybercrime-on-system-integrator-companies/) | [:closed_book:](../../blob/master/2019/2019.11.12_TA-505_On_SI)
* Nov 08 - [[Kapsersky] Titanium: the Platinum group strikes again](https://securelist.com/titanium-the-platinum-group-strikes-again/94961/) | [:closed_book:](../../blob/master/2019/2019.11.08_Titanium_Action_Platinum_group)
2019-11-07 02:12:20 +00:00
* Nov 05 - [[Telsy] THE LAZARUS GAZE TO THE WORLD: WHAT IS BEHIND THE FIRST STONE ?](https://blog.telsy.com/the-lazarus-gaze-to-the-world-what-is-behind-the-first-stone/) | [:closed_book:](../../blob/master/2019/2019.11.05.LAZARUS_GAZE)
2019-11-05 03:02:46 +00:00
* Nov 04 - [[Tencent] Higaisa APT](https://s.tencent.com/research/report/836.html) | [:closed_book:](../../blob/master/2019/2019.11.04.Higaisa_APT)
2019-12-17 10:02:09 +00:00
* Nov 04 - [[Marcoramilli] Is Lazarus/APT38 Targeting Critical Infrastructures](https://marcoramilli.com/2019/11/04/is-lazarus-apt38-targeting-critical-infrastructures) | [:closed_book:](../../blob/master/2019/2019.11.04.Lazarus_APT38)
2019-12-11 07:20:38 +00:00
* Nov 01 - [[Kaspersky] Chrome 0-day exploit CVE-2019-13720 used in Operation WizardOpium](https://securelist.com/chrome-0-day-exploit-cve-2019-13720-used-in-operation-wizardopium/94866/) | [:closed_book:](../../blob/master/2019/2019.11.1.Operation_WizardOpium)
2020-03-31 05:54:32 +00:00
* Oct 31 - [[PTsecurity] Calypso APT: new group attacking state institutions](https://www.ptsecurity.com/ww-en/analytics/calypso-apt-2019/) | [:closed_book:](../../blob/master/2019/2019.10.31.Calypso_APT)
2019-11-05 03:02:46 +00:00
* Oct 31 - [[Fireeye] MESSAGETAP: Whos Reading Your Text Messages?](https://www.fireeye.com/blog/threat-research/2019/10/messagetap-who-is-reading-your-text-messages.html) | [:closed_book:](../../blob/master/2019/2019.10.31.MESSAGETAP)
2020-02-11 08:58:43 +00:00
* Oct 28 - [[Marco Ramilli] SWEED Targeting Precision Engineering Companies in Italy](https://marcoramilli.com/2019/10/28/sweed-targeting-precision-engineering-companies-in-italy/) | [:closed_book:](../../blob/master/2019/2019.10.28_SWEED_Italy)
2019-10-21 09:52:12 +00:00
* Oct 21 - [[ESET] Winnti Groups skip2.0: A Microsoft SQL Server backdoor](https://www.welivesecurity.com/2019/10/21/winnti-group-skip2-0-microsoft-sql-server-backdoor/) | [:closed_book:](../../blob/master/2019/2019.10.21.Winnti_skip_2.0)
2020-03-14 14:57:38 +00:00
* Oct 21 - [[VB] Geost botnet. The story of the discovery of a new Android banking trojan from an OpSec error](https://www.virusbulletin.com/uploads/pdf/magazine/2019/VB2019-Garcia-etal.pdf) | [:closed_book:](../../blob/master/2019/2019.10.21_Geost_botnet)
2019-10-21 06:17:36 +00:00
* Oct 17 - [[ESET] Operation Ghost: The Dukes arent back they never left](https://www.welivesecurity.com/2019/10/17/operation-ghost-dukes-never-left/) | [:closed_book:](../../blob/master/2019/2019.10.17.Operation_Ghost)
2019-10-16 15:39:37 +00:00
* Oct 15 - [[Fireeye] LOWKEY: Hunting for the Missing Volume Serial ID](https://www.fireeye.com/blog/threat-research/2019/10/lowkey-hunting-for-the-missing-volume-serial-id.html) | [:closed_book:](../../blob/master/2019/2019.10.15.LOWKEY)
2020-02-11 08:58:43 +00:00
* Oct 14 - [[Marco Ramilli] Is Emotet gang targeting companies with external SOC?](https://marcoramilli.com/2019/10/14/is-emotet-gang-targeting-companies-with-external-soc/) | [:closed_book:](../../blob/master/2019/2019.10.14.Emotet_external_SOC)
2019-10-16 15:19:30 +00:00
* Oct 14 - [[Exatrack] From tweet to rootkit](https://exatrack.com/public/winnti_EN.pdf) | [:closed_book:](../../blob/master/2019/2019.10.14.From_tweet_to_rootkit)
2019-10-16 14:58:24 +00:00
* Oct 14 - [[Crowdstrike] HUGE FAN OF YOUR WORK: TURBINE PANDA ](https://www.crowdstrike.com/resources/wp-content/brochures/reports/huge-fan-of-your-work-intelligence-report.pdf) | [:closed_book:](../../blob/master/2019/2019.10.14.TURBINE_PANDA)
2019-10-11 15:39:14 +00:00
* Oct 10 - [[Fireeye] Mahalo FIN7: Responding to the Criminal Operators New Tools and Techniques](https://www.fireeye.com/blog/threat-research/2019/10/mahalo-fin7-responding-to-new-tools-and-techniques.html) | [:closed_book:](../../blob/master/2019/2019.10.10.Fin7)
2019-10-16 15:05:40 +00:00
* Oct 10 - [[ESET] CONNECTING THE DOTS Exposing the arsenal and methods of the Winnti Group](https://www.welivesecurity.com/wp-content/uploads/2019/10/ESET_Winnti.pdf) | [:closed_book:](../../blob/master/2019/2019.10.10.Winnti_Group)
* Oct 10 - [[ESET] Attor, a spy platform with curious GSM fingerprinting](https://www.welivesecurity.com/2019/10/10/eset-discovers-attor-spy-platform/) | [:closed_book:](../../blob/master/2019/2019.10.10.Attor_GSM_fingerprinting_spy_platform)
2020-02-11 09:09:01 +00:00
* Oct 09 - [[Trend Micro] FIN6 Compromised E-commerce Platform via Magecart to Inject Credit Card Skimmers Into Thousands of Online Shops](https://blog.trendmicro.com/trendlabs-security-intelligence/fin6-compromised-e-commerce-platform-via-magecart-to-inject-credit-card-skimmers-into-thousands-of-online-shops/) | [:closed_book:](../../blob/master/2019/2019.10.09_FIN6_Magecart)
2019-10-09 01:34:27 +00:00
* Oct 07 - [[CERT-FR] Supply chain attacks: threats targeting service providers and design offices](https://www.cert.ssi.gouv.fr/uploads/CERTFR-2019-CTI-005.pdf) | [:closed_book:](../../blob/master/2019/2019.10.07.Supply_Chain_Attacks)
* Oct 07 - [[Clearsky] The Kittens Are Back in Town 2 Charming Kitten Campaign Keeps Going on, Using New Impersonation Methods](https://www.clearskysec.com/the-kittens-are-back-in-town-2/) | [:closed_book:](../../blob/master/2019/2019.10.07.Charming_Kitten_Back_in_Town_2)
2019-10-08 07:38:32 +00:00
* Oct 07 - [[Anomali] China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations](https://www.anomali.com/blog/china-based-apt-mustang-panda-targets-minority-groups-public-and-private-sector-organizations) | [:closed_book:](../../blob/master/2019/2019.10.07.Panda_minority-groups)
2019-10-04 06:41:47 +00:00
* Oct 04 - [[Avest] GEOST BOTNET. THE STORY OF THE DISCOVERY OF A NEW ANDROID BANKING TROJAN FROM AN OPSEC ERROR](http://public.avast.com/research/VB2019-Garcia-etal.pdf) | [:closed_book:](../../blob/master/2019/2019.10.04.GEOST_BOTNET)
* Oct 03 - [[Palo Alto Networks] PKPLUG: Chinese Cyber Espionage Group Attacking Asia](https://unit42.paloaltonetworks.com/pkplug_chinese_cyber_espionage_group_attacking_asia/) | [:closed_book:](../../blob/master/2019/2019.10.03.PKPLUG)
2019-10-02 03:39:29 +00:00
* Oct 01 - [[Netskope] New Adwind Campaign targets US Petroleum Industry](https://www.netskope.com/blog/new-adwind-campaign-targets-us-petroleum-industry-2) | [:closed_book:](../../blob/master/2019/2019.10.01.Adwind_Campaign_US_Petroleum_Industry)
* Oct 01 - [[Trend Micro] New Fileless Botnet Novter Distributed by KovCoreG Malvertising Campaign](https://blog.trendmicro.com/trendlabs-security-intelligence/new-fileless-botnet-novter-distributed-by-kovcoreg-malvertising-campaign/) | [:closed_book:](../../blob/master/2019/2019.10.01.kovcoreg-malvertising-campaign)
2019-10-01 08:27:01 +00:00
* Sep 30 - [[Lastline] HELO Winnti: Attack or Scan?](https://www.lastline.com/labsblog/helo-winnti-attack-scan/) | [:closed_book:](../../blob/master/2019/2019.09.30_HELO_Winnti)
* Sep 26 - [[GBHackers] Chinese APT Hackers Attack Windows Users via FakeNarrator Malware to Implant PcShare Backdoor](https://gbhackers.com/fakenarrator-malware/) | [:closed_book:](../../blob/master/2019/2019.09.26_China_APT_FakeNarrator_To_PcShare)
2019-10-23 07:17:43 +00:00
* Sep 24 - [[Telsy] DeadlyKiss APT](https://blog.telsy.com/wp-content/uploads/2019/09/DeadlyKiss_TAAR.pdf) | [:closed_book:](../../blob/master/2019/2019.09.24.DeadlyKiss_APT)
2019-10-08 07:38:32 +00:00
* Sep 24 - [[CISCO] How Tortoiseshell created a fake veteran hiring website to host malware](https://blog.talosintelligence.com/2019/09/tortoiseshell-fake-veterans.html) | [:closed_book:](../../blob/master/2019/2019.09.24_New_Tortoiseshell)
2019-10-01 08:38:29 +00:00
* Sep 24 - [[CheckPoint] Mapping the connections inside Russias APT Ecosystem](https://research.checkpoint.com/russianaptecosystem/) | [:closed_book:](../../blob/master/2019/2019.09.24_Russia_APT_Ecosystem)
2019-10-01 08:51:15 +00:00
* Sep 18 - [[Symantec] Tortoiseshell Group Targets IT Providers in Saudi Arabia in Probable Supply Chain Attacks](https://www.symantec.com/blogs/threat-intelligence/tortoiseshell-apt-supply-chain) | [:closed_book:](../../blob/master/2019/2019.09.18.Tortoiseshell-APT)
* Sep 18 - [[Trend Micro] Magecart Skimming Attack Targets Mobile Users of Hotel Chain Booking Websites](https://blog.trendmicro.com/trendlabs-security-intelligence/magecart-skimming-attack-targets-mobile-users-of-hotel-chain-booking-websites/) | [:closed_book:](../../blob/master/2019/2019.09.18.Magecart_Hotel_Chain_Booking)
2019-09-16 05:43:41 +00:00
* Sep 15 - [[Clearsky] The Kittens Are Back in Town Charming Kitten Campaign Against Academic
Researchers](https://www.clearskysec.com/wp-content/uploads/2019/09/The-Kittens-Are-Back-in-Town-Charming-Kitten-2019.pdf) | [:closed_book:](../../blob/master/2019/2019.09.15_Kittens_back)
2019-09-12 08:36:32 +00:00
* Sep 11 - [[MeltX0R Security] RANCOR APT: Suspected targeted attacks against South East Asia](https://meltx0r.github.io/tech/2019/09/11/rancor-apt.html) | [:closed_book:](../../blob/master/2019/2019.09.11.RANCOR_APT)
2019-09-10 07:59:24 +00:00
* Sep 09 - [[Symantec] Thrip: Ambitious Attacks Against High Level Targets Continue](https://www.symantec.com/blogs/threat-intelligence/thrip-apt-south-east-asia) | [:closed_book:](../../blob/master/2019/2019.09.09.Thrip)
2019-09-11 02:32:07 +00:00
* Sep 06 - [[MeltX0R Security] BITTER APT: Not So Sweet](https://meltx0r.github.io/tech/2019/09/06/bitter-apt-not-so-sweet.html) | [:closed_book:](../../blob/master/2019/2019.09.06.BITTER_APT_Not_So_Sweet)
2019-09-06 04:03:00 +00:00
* Sep 05 - [[CheckPoint] UPSynergy: Chinese-American Spy vs. Spy Story](https://research.checkpoint.com/upsynergy/) | [:closed_book:](../../blob/master/2019/2019.09.05.UPSynergy)
2019-09-09 05:53:25 +00:00
* Sep 04 - [[Trend Micro] Glupteba Campaign Hits Network Routers and Updates C&C Servers with Data from Bitcoin Transactions](https://blog.trendmicro.com/trendlabs-security-intelligence/glupteba-campaign-hits-network-routers-and-updates-cc-servers-with-data-from-bitcoin-transactions/) | [:closed_book:](../../blob/master/2019/2019.09.04.Glupteba_Campaign)
2019-09-11 03:08:37 +00:00
* Aug 31 - [[StrangerealIntel] Malware analysis on Bitter APT campaign](https://github.com/StrangerealIntel/CyberThreatIntel/blob/master/offshore%20APT%20organization/Bitter/27-08-19/Malware%20analysis%2031-08-19.md) | [:closed_book:](../../blob/master/2019/2019.08.31.Bitter_APT_Malware_analysis)
2020-03-14 14:57:38 +00:00
* Aug 29 - [[AhnLab] Tick Tock - Activities of the Tick Cyber Espionage Group in East Asia Over the Last 10 Years](https://gsec.hitb.org/materials/sg2019/D1%20COMMSEC%20-%20Tick%20Group%20-%20Activities%20Of%20The%20Tick%20Cyber%20Espionage%20Group%20In%20East%20Asia%20Over%20The%20Last%2010%20Years%20-%20Cha%20Minseok.pdf) | [:closed_book:](../../blob/master/2019/2019.08.29_Tick_Tock)
2019-09-06 04:12:26 +00:00
* Aug 29 - [[Trend Micro] Heatstroke Campaign Uses Multistage Phishing Attack to Steal PayPal and Credit Card Information](https://blog.trendmicro.com/trendlabs-security-intelligence/heatstroke-campaign-uses-multistage-phishing-attack-to-steal-paypal-and-credit-card-information/) | [:closed_book:](../../blob/master/2019/2019.08.29.Heatstroke_Campaign)
2019-08-31 15:03:28 +00:00
* Aug 29 - [[IBM] More_eggs, Anyone? Threat Actor ITG08 Strikes Again](https://securityintelligence.com/posts/more_eggs-anyone-threat-actor-itg08-strikes-again/) | [:closed_book:](../../blob/master/2019/2019.08.29.FIN6_ITG08)
2019-08-29 09:20:02 +00:00
* Aug 29 - [[NSHC] SectorJ04 Groups Increased Activity in 2019](https://threatrecon.nshc.net/2019/08/29/sectorj04-groups-increased-activity-in-2019/) | [:closed_book:](../../blob/master/2019/2019.08.29.SectorJ04_2019)
2019-09-11 03:08:37 +00:00
* Aug 27 - [[StrangerealIntel] Malware analysis about sample of APT Patchwork](https://github.com/StrangerealIntel/CyberThreatIntel/blob/master/Indian/APT/Patchwork/27-08-19/Malware%20analysis%2027-08-19.md) | [:closed_book:](../../blob/master/2019/2019.08.27.Patchwork_Malware_Analysis)
2019-08-29 02:57:47 +00:00
* Aug 27 - [[Dell] LYCEUM Takes Center Stage in Middle East Campaign](https://www.secureworks.com/blog/lyceum-takes-center-stage-in-middle-east-campaign) | [:closed_book:](../../blob/master/2019/2019.08.27.LYCEUM_threat_group)
2019-08-28 09:34:04 +00:00
* Aug 27 - [[CISCO] China Chopper still active 9 years later](https://blog.talosintelligence.com/2019/08/china-chopper-still-active-9-years-later.html) | [:closed_book:](../../blob/master/2019/2019.08.27.China_Chopper)
2019-08-28 09:44:04 +00:00
* Aug 27 - [[Trend Micro] TA505 At It Again: Variety is the Spice of ServHelper and FlawedAmmyy](https://blog.trendmicro.com/trendlabs-security-intelligence/ta505-at-it-again-variety-is-the-spice-of-servhelper-and-flawedammyy/) | [:closed_book:](../../blob/master/2019/2019.08.27.TA505_Again)
2019-08-28 09:48:51 +00:00
* Aug 26 - [[QianXin] APT-C-09 Reappeared as Conflict Intensified Between India and Pakistan](https://ti.qianxin.com/blog/articles/apt-c-09-reappeared-as-conflict-intensified-between-india-and-pakistan/) | [:closed_book:](../../blob/master/2019/2019.08.26.APT-C-09)
2020-03-31 05:48:52 +00:00
* Aug 22 - [[PTsecurity] Operation TaskMasters: Cyberespionage in the digital economy age](https://www.ptsecurity.com/ww-en/analytics/operation-taskmasters-2019/) | [:closed_book:](../../blob/master/2019/2019.08.22.Operation_TaskMasters)
2019-08-28 09:34:04 +00:00
* Aug 21 - [[Fortinet] The Gamaredon Group: A TTP Profile Analysis](https://www.fortinet.com/blog/threat-research/gamaredon-group-ttp-profile-analysis.html) | [:closed_book:](../../blob/master/2019/2019.08.21.Gamaredon_Group)
2019-08-22 05:57:55 +00:00
* Aug 21 - [[Group-IB] Silence 2.0](https://www.group-ib.com/resources/threat-research/silence_2.0.going_global.pdf) | [:closed_book:](../../blob/master/2019/2019.08.21.Silence_2.0)
* Aug 20 - [[StrangerealIntel] Malware analysis about unknown Chinese APT campaign](https://github.com/StrangerealIntel/CyberThreatIntel/blob/master/China/APT/Unknown/20-08-19/Malware%20analysis%2020-08-19.md) | [:closed_book:](../../blob/master/2019/2019.08.20.unknown_Chinese_APT)
2019-08-15 03:59:15 +00:00
* Aug 14 - [[ESET] In the Balkans, businesses are under fire from a doublebarreled weapon](https://www.welivesecurity.com/2019/08/14/balkans-businesses-double-barreled-weapon/) | [:closed_book:](../../blob/master/2019/2019.08.14.Balkans_Campaign)
2019-08-16 02:24:05 +00:00
* Aug 12 - [[Kaspersky] Recent Cloud Atlas activity](https://securelist.com/recent-cloud-atlas-activity/92016/)| [:closed_book:](../../blob/master/2019/2019.08.12.Cloud_Atlas_activity)
2019-08-14 09:41:26 +00:00
* Aug 08 - [[Anomali] Suspected BITTER APT Continues Targeting Government of China and Chinese Organizations](https://www.anomali.com/blog/suspected-bitter-apt-continues-targeting-government-of-china-and-chinese-organizations) | [:closed_book:](../../blob/master/2019/2019.08.08.BITTER_APT)
2019-08-14 09:38:24 +00:00
* Aug 07 - [[FireEye] APT41: A Dual Espionage and Cyber Crime Operation](https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html) | [:closed_book:](../../blob/master/2019/2019.08.07.APT41)
2019-12-05 08:02:01 +00:00
* Aug 05 - [[Trend Micro] Latest Trickbot Campaign Delivered via Highly Obfuscated JS File](https://blog.trendmicro.com/trendlabs-security-intelligence/latest-trickbot-campaign-delivered-via-highly-obfuscated-js-file/) | [:closed_book:](../../blob/master/2019/2019.08.05.Trickbot_Obfuscated_JS)
2019-08-14 09:38:24 +00:00
* Aug 05 - [[ESET] Sharpening the Machete](https://www.welivesecurity.com/2019/08/05/sharpening-machete-cyberespionage/) | [:closed_book:](../../blob/master/2019/2019.08.05.Sharpening_the_Machete)
* Aug 01 - [[Anity] Analysis of the Attack of Mobile Devices by OceanLotus](https://www.antiy.net/p/analysis-of-the-attack-of-mobile-devices-by-oceanlotus/) | [:closed_book:](../../blob/master/2019/2019.08.01.Mobile_OceanLotus)
2020-01-14 08:30:47 +00:00
* Jul 24 - [[Dell] Resurgent Iron Liberty Targeting Energy Sector](https://www.secureworks.com/research/resurgent-iron-liberty-targeting-energy-sector) | [:closed_book:](../../blob/master/2019/2019.07.24.Resurgent_Iron_Liberty)
2019-08-14 09:38:24 +00:00
* Jul 24 - [[] Attacking the Heart of the German Industry](https://web.br.de/interaktiv/winnti/english/) | [:closed_book:](../../blob/master/2019/2019.07.24.Winnti_German)
2019-08-29 05:01:02 +00:00
* Jul 24 - [[Proofpoint] Chinese APT “Operation LagTime IT” Targets Government Information Technology Agencies in Eastern Asia](https://www.proofpoint.com/us/threat-insight/post/chinese-apt-operation-lagtime-it-targets-government-information-technology) | [:closed_book:](../../blob/master/2019/2019.07.24.Operation_LagTime_IT)
2019-08-14 09:38:24 +00:00
* Jul 18 - [[FireEye] Hard Pass: Declining APT34s Invite to Join Their Professional Network](https://www.fireeye.com/blog/threat-research/2019/07/hard-pass-declining-apt34-invite-to-join-their-professional-network.html) | [:closed_book:](../../blob/master/2019/2019.07.18.APT34_Hard_Pass)
* Jul 18 - [[Trend Micro] Spam Campaign Targets Colombian Entities with Custom-made Proyecto RAT, Uses Email Service YOPmail for C&C](https://blog.trendmicro.com/trendlabs-security-intelligence/spam-campaign-targets-colombian-entities-with-custom-proyecto-rat-email-service-yopmail-for-cc/) | [:closed_book:](../../blob/master/2019/2019.07.18.Proyecto_RAT_Colombian)
* Jul 18 - [[ESET] OKRUM AND KETRICAN: AN OVERVIEW OF RECENT KE3CHANG GROUP ACTIVITY ](https://www.welivesecurity.com/2019/07/18/okrum-ke3chang-targets-diplomatic-missions/) | [:closed_book:](../../blob/master/2019/2019.07.18.Okrum)
2020-06-30 03:55:27 +00:00
* Jul 17 - [[AT&T] Newly identified StrongPity operations](https://cybersecurity.att.com/blogs/labs-research/newly-identified-strongpity-operations) | [:closed_book:](../../blob/master/2019/2019.07.17.StrongPity_operations)
2019-08-14 09:38:24 +00:00
* Jul 17 - [[Intezer] EvilGnome: Rare Malware Spying on Linux Desktop Users](https://www.intezer.com/blog-evilgnome-rare-malware-spying-on-linux-desktop-users/) | [:closed_book:](../../blob/master/2019/2019.07.17.EvilGnome)
* Jul 16 - [[Trend Micro] SLUB Gets Rid of GitHub, Intensifies Slack Use](https://blog.trendmicro.com/trendlabs-security-intelligence/slub-gets-rid-of-github-intensifies-slack-use/) | [:closed_book:](../../blob/master/2019/2019.07.16.SLUB)
* Jul 15 - [[CISCO] SWEED: Exposing years of Agent Tesla campaigns](https://blog.talosintelligence.com/2019/07/sweed-agent-tesla.html) | [:closed_book:](../../blob/master/2019/2019.07.15.SWEED)
* Jul 11 - [[ESET] Buhtrap group uses zeroday in latest espionage campaigns](https://www.welivesecurity.com/2019/07/11/buhtrap-zero-day-espionage-campaigns/) | [:closed_book:](../../blob/master/2019/2019.07.11.Buhtrap_Group)
* Jul 09 - [[CISCO] Sea Turtle keeps on swimming, finds new victims, DNS hijacking techniques](https://blog.talosintelligence.com/2019/07/sea-turtle-keeps-on-swimming.html) | [:closed_book:](../../blob/master/2019/2019.07.09.SeaTurtle_swimming)
* Jul 04 - [[Kaspersky] Twas the night before](https://securelist.com/twas-the-night-before/91599/) | [:closed_book:](../../blob/master/2019/2019.07.04.NewsBeef_APT)
* Jul 04 - [[Trend Micro] Latest Spam Campaigns from TA505 Now Using New Malware Tools Gelup and FlowerPippi](https://blog.trendmicro.com/trendlabs-security-intelligence/latest-spam-campaigns-from-ta505-now-using-new-malware-tools-gelup-and-flowerpippi/) | [:closed_book:](../../blob/master/2019/2019.07.04.TA505_Gelup_FlowerPippi)
* Jul 03 - [[Anomali] Multiple Chinese Threat Groups Exploiting CVE-2018-0798 Equation Editor Vulnerability Since Late 2018](https://www.anomali.com/blog/multiple-chinese-threat-groups-exploiting-cve-2018-0798-equation-editor-vulnerability-since-late-2018) | [:closed_book:](../../blob/master/2019/2019.07.03.Chinese_APT_CVE-2018-0798)
* Jul 01 - [[Check Point] Operation Tripoli](https://research.checkpoint.com/operation-tripoli/) | [:closed_book:](../../blob/master/2019/2019.07.01.Operation_Tripoli)
* Jul 01 - [[Cylance] Threat Spotlight: Ratsnif - New Network Vermin from OceanLotus](https://threatvector.cylance.com/en_us/home/threat-spotlight-ratsnif-new-network-vermin-from-oceanlotus.html) | [:closed_book:](../../blob/master/2019/2019.07.01.OceanLotus_Ratsnif)
2020-02-11 09:19:50 +00:00
* Jun 27 - [[Trend Micro] ShadowGate Returns to Worldwide Operations With Evolved Greenflash Sundown Exploit Kit](https://blog.trendmicro.com/trendlabs-security-intelligence/shadowgate-returns-to-worldwide-operations-with-evolved-greenflash-sundown-exploit-kit/) | [:closed_book:](../../blob/master/2019/2019.06.27.ShadowGate_Returns)
2019-08-14 09:38:24 +00:00
* Jun 26 - [[Recorded Future] Iranian Threat Actor Amasses Large Cyber Operations Infrastructure Network to Target Saudi Organizations](https://go.recordedfuture.com/hubfs/reports/cta-2019-0626.pdf) | [:closed_book:](../../blob/master/2019/2019.06.26.Iranian_to_Saudi)
2019-08-29 05:01:02 +00:00
* Jun 25 - [[QianXin] Analysis of MuddyC3, a New Weapon Used by MuddyWater](https://ti.qianxin.com/blog/articles/analysis-of-muddyc3-a-new-weapon-used-by-muddywater/) | [:closed_book:](../../blob/master/2019/2019.06.25.MuddyC3)
2019-09-12 08:34:10 +00:00
* Jun 25 - [[Cybereason] OPERATION SOFT CELL: A WORLDWIDE CAMPAIGN AGAINST TELECOMMUNICATIONS PROVIDERS](https://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers) | [:closed_book:](../../blob/master/2019/2019.06.25.Operation_Soft_Cell)
2019-08-14 09:38:24 +00:00
* Jun 21 - [[Symantec] Waterbug: Espionage Group Rolls Out Brand-New Toolset in Attacks Against Governments](https://www.symantec.com/blogs/threat-intelligence/waterbug-espionage-governments) | [:closed_book:](../../blob/master/2019/2019.06.21.Waterbug)
2019-08-29 05:01:02 +00:00
* Jun 20 - [[QianXin] New Approaches Utilized by OceanLotus to Target An Environmental Group in Vietnam](https://ti.qianxin.com/blog/articles/english-version-of-new-approaches-utilized-by-oceanLotus-to-target-vietnamese-environmentalist/) | [:closed_book:](../../blob/master/2019/2019.06.20.OceanLotus_New_Approaches)
2019-08-14 09:38:24 +00:00
* Jun 12 - [[ThaiCERT] Threat Group Cards: A Threat Actor Encyclopedia](https://www.dropbox.com/s/ds0ra0c8odwsv3m/Threat%20Group%20Cards.pdf?dl) | [:closed_book:](../../blob/master/2019/2019.06.12.Threat_Group_Cards)
2019-10-29 08:29:45 +00:00
* Jun 11 - [[Recorded Future] The Discovery of Fishwrap: A New Social Media Information Operation Methodology](https://www.recordedfuture.com/fishwrap-influence-operation/) | [:closed_book:](../../blob/master/2019/2019.06.11.Fishwrap_Group)
2020-11-19 02:30:43 +00:00
* Jun 10 - [[BlackBerry] Threat Spotlight: MenuPass/QuasarRAT Backdoor](https://blogs.blackberry.com/en/2019/06/threat-spotlight-menupass-quasarrat-backdoor) | [:closed_book:](../../blob/master/2019/2019.06.10.MenuPass_QuasarRAT_Backdoor)
2019-08-14 09:38:24 +00:00
* Jun 10 - [[Trend Micro] MuddyWater Resurfaces, Uses Multi-Stage Backdoor POWERSTATS V3 and New Post-Exploitation Tools](https://blog.trendmicro.com/trendlabs-security-intelligence/muddywater-resurfaces-uses-multi-stage-backdoor-powerstats-v3-and-new-post-exploitation-tools/) | [:closed_book:](../../blob/master/2019/2019.06.10.MuddyWater_Resurfaces)
* Jun 05 - [[Agari] Scattered Canary The Evolution and Inner Workings of a West African Cybercriminal Startup Turned BEC Enterprise](https://www.agari.com/cyber-intelligence-research/whitepapers/scattered-canary.pdf) | [:closed_book:](../../blob/master/2019/2019.06.05.Scattered_Canary)
* Jun 04 - [[Bitdefender] An APT Blueprint: Gaining New Visibility into Financial Threats](https://www.bitdefender.com/files/News/CaseStudies/study/262/Bitdefender-WhitePaper-An-APT-Blueprint-Gaining-New-Visibility-into-Financial-Threats-interactive.pdf) | [:closed_book:](../../blob/master/2019/2019.06.04.APT_Blueprint)
* Jun 03 - [[Kaspersky] Zebrocys Multilanguage Malware Salad](https://securelist.com/zebrocys-multilanguage-malware-salad/90680/) | [:closed_book:](../../blob/master/2019/2019.06.03.Zebrocy)
* May 30 - [[CISCO] 10 years of virtual dynamite: A high-level retrospective of ATM malware](https://blog.talosintelligence.com/2019/05/10-years-of-virtual-dynamite.html) | [:closed_book:](../../blob/master/2019/2019.05.30.10_Years_ATM_Malware)
* May 29 - [[ESET] A dive into Turla PowerShell usage](https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/) | [:closed_book:](../../blob/master/2019/2019.05.29.Turla_PowerShell)
* May 29 - [[Yoroi] TA505 is Expanding its Operations](https://blog.yoroi.company/research/ta505-is-expanding-its-operations/) | [:closed_book:](../../blob/master/2019/2019.05.29.TA505)
2019-08-29 05:01:02 +00:00
* May 28 - [[Palo Alto Networks] Emissary Panda Attacks Middle East Government Sharepoint Servers](https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/) | [:closed_book:](../../blob/master/2019/2019.05.28.Emissary_Panda)
2019-08-14 09:38:24 +00:00
* May 27 - [[360] APT-C-38](http://blogs.360.cn/post/analysis-of-APT-C-38.html) | [:closed_book:](../../blob/master/2019/2019.05.27.APT-C-38)
* May 24 - [[ENSILO] UNCOVERING NEW ACTIVITY BY APT10](https://blog.ensilo.com/uncovering-new-activity-by-apt10) | [:closed_book:](../../blob/master/2019/2019.05.24_APT10_New_Activity)
* May 22 - [[ESET] A journey to Zebrocy land](https://www.welivesecurity.com/2019/05/22/journey-zebrocy-land/) | [:closed_book:](../../blob/master/2019/2019.05.22.Zebrocy_Land)
* May 19 - [[Intezer] HiddenWasp Malware Stings Targeted Linux Systems](https://www.intezer.com/blog-hiddenwasp-malware-targeting-linux-systems/) | [:closed_book:](../../blob/master/2019/2019.05.19.HiddenWasp_Linux)
* May 18 - [[ADLab] Operation_BlackLion](https://www.secrss.com/articles/10745) | [:closed_book:](../../blob/master/2019/2019.05.18.Operation_BlackLion)
* May 15 - [[Chronicle] Winnti: More than just Windows and Gates](https://medium.com/chronicle-blog/winnti-more-than-just-windows-and-gates-e4f03436031a) | [:closed_book:](../../blob/master/2019/2019.05.15.Winnti_More)
2019-08-29 05:01:02 +00:00
* May 13 - [[Kaspersky] ScarCruft continues to evolve, introduces Bluetooth harvester](https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/) | [:closed_book:](../../blob/master/2019/2019.05.13.ScarCruft_Bluetooth)
2019-08-14 09:38:24 +00:00
* May 11 - [[Sebdraven] Chinese Actor APT target Ministry of Justice Vietnamese](https://medium.com/@Sebdraven/chineses-actor-apt-target-ministry-of-justice-vietnamese-14f13cc1c906) | [:closed_book:](../../blob/master/2019/2019.05.11.Chinese_APT_Vietnamese)
* May 09 - [[Clearsky] Iranian Nation-State APT Groups “Black Box” Leak](https://www.clearskysec.com/wp-content/uploads/2019/05/Iranian-Nation-State-APT-Leak-Analysis-and-Overview.pdf) | [:closed_book:](../../blob/master/2019/2019.05.09.Iranian_APT_Leak)
* May 08 - [[Kaspersky] FIN7.5: the infamous cybercrime rig “FIN7” continues its activities](https://securelist.com/fin7-5-the-infamous-cybercrime-rig-fin7-continues-its-activities/90703/) | [:closed_book:](../../blob/master/2019/2019.05.08.Fin7.5)
2019-08-29 05:01:02 +00:00
* May 08 - [[QianXin] OceanLotus Attacks to Indochinese Peninsula: Evolution of Targets, Techniques and Procedure
2019-08-14 09:38:24 +00:00
](https://ti.qianxin.com/blog/articles/oceanlotus-attacks-to-indochinese-peninsula-evolution-of-targets-techniques-and-procedure/) | [:closed_book:](../../blob/master/2019/2019.05.08.OceanLotus)
* May 07 - [[Yoroi] ATMitch: New Evidence Spotted In The Wild](https://blog.yoroi.company/research/atmitch-new-evidence-spotted-in-the-wild/) | [:closed_book:](../../blob/master/2019/2019.05.07.ATMitch)
* May 07 - [[ESET] Turla LightNeuron: An email too far](https://www.welivesecurity.com/wp-content/uploads/2019/05/ESET-LightNeuron.pdf) | [:closed_book:](../../blob/master/2019/2019.05.07.Turla_LightNeuron)
* May 07 - [[Symantec] Buckeye: Espionage Outfit Used Equation Group Tools Prior to Shadow Brokers Leak](https://www.symantec.com/blogs/threat-intelligence/buckeye-windows-zero-day-exploit) | [:closed_book:](../../blob/master/2019/2019.05.07.Buckeye)
* May 03 - [[Kaspersky] Whos who in the Zoo Cyberespionage operation targets Android users in the Middle East](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/05/24122414/ZooPark_for_public_final_edited.pdf) | [:closed_book:](../../blob/master/2019/2019.05.03.ZooPark)
* Apr 30 - [[ThreatRecon] SectorB06 using Mongolian language in lure document](https://threatrecon.nshc.net/2019/04/30/sectorb06-using-mongolian-language-in-lure-document/) | [:closed_book:](../../blob/master/2019/2019.04.30.SectorB06_Mongolian)
* Apr 24 - [[CyberInt] legit remote admin tools turn into threat actors' tools](https://e.cyberint.com/hubfs/Report%20Legit%20Remote%20Access%20Tools%20Turn%20Into%20Threat%20Actors%20Tools/CyberInt_Legit%20Remote%20Access%20Tools%20Turn%20Into%20Threat%20Actors%27%20Tools_Report.pdf) | [:closed_book:](../../blob/master/2019/2019.04.24.TA505_Abusing_Legit_Remote_Admin_Tool)
* Apr 23 - [[Kaspersky] Operation ShadowHammer: a high-profile supply chain attack](https://securelist.com/operation-shadowhammer-a-high-profile-supply-chain-attack/90380/) | [:closed_book:](../../blob/master/2019/2019.04.23.Operation_ShadowHammer)
* Apr 22 - [[CheckPoint] FINTEAM: Trojanized TeamViewer Against Government Targets](https://research.checkpoint.com/finteam-trojanized-teamviewer-against-government-targets/) | [:closed_book:](../../blob/master/2019/2019.04.22.FINTEAM)
* Apr 19 - [[MalwareBytes] “Funky malware format” found in Ocean Lotus sample](https://blog.malwarebytes.com/threat-analysis/2019/04/funky-malware-format-found-in-ocean-lotus-sample/) | [:closed_book:](../../blob/master/2019/2019.04.19.Funky_malware_format)
2019-08-29 05:01:02 +00:00
* Apr 17 - [[Palo Alto Networks] Aggah Campaign: Bit.ly, BlogSpot, and Pastebin Used for C2 in Large Scale Campaign](https://unit42.paloaltonetworks.com/aggah-campaign-bit-ly-blogspot-and-pastebin-used-for-c2-in-large-scale-campaign/) | [:closed_book:](../../blob/master/2019/2019.04.17.Aggah_Campaign)
2019-08-14 09:38:24 +00:00
* Apr 17 - [[CISCO] DNS Hijacking Abuses Trust In Core Internet Service](https://blog.talosintelligence.com/2019/04/seaturtle.html) | [:closed_book:](../../blob/master/2019/2019.04.17.Operation_Sea_Turtle)
* Apr 10 - [[CheckPoint] The Muddy Waters of APT Attacks](https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/) | [:closed_book:](../../blob/master/2019/2019.04.10.Muddy_Waters)
* Apr 10 - [[Kaspersky] Project TajMahal a sophisticated new APT framework](https://securelist.com/project-tajmahal/90240/) | [:closed_book:](../../blob/master/2019/2019.04.10.Project_TajMahal)
* Apr 10 - [[Kaspersky] Gaza Cybergang Group1, operation SneakyPastes](https://securelist.com/gaza-cybergang-group1-operation-sneakypastes/90068/) | [:closed_book:](../../blob/master/2019/2019.04.10.Operation_SneakyPastes)
* Apr 02 - [[Cylance] OceanLotus Steganography](https://threatvector.cylance.com/en_us/home/report-oceanlotus-apt-group-leveraging-steganography.html) | [:closed_book:](../../blob/master/2019/2019.04.02.OceanLotus_Steganography)
* Mar 28 - [[Trend Micro] Desktop, Mobile Phishing Campaign Targets South Korean Websites, Steals Credentials Via Watering Hole](https://blog.trendmicro.com/trendlabs-security-intelligence/desktop-mobile-phishing-campaign-targets-south-korean-websites-steals-credentials-via-watering-hole/) | [:closed_book:](../../blob/master/2019/2019.03.28.Desktop_Mobile_Phishing_Campaign)
* Mar 28 - [[C4ADS] Above Us Only Stars: Exposing GPS Spoofing in Russia and Syria](https://static1.squarespace.com/static/566ef8b4d8af107232d5358a/t/5c99488beb39314c45e782da/1553549492554/Above+Us+Only+Stars.pdf) | [:closed_book:](../../blob/master/2019/2019.03.28.Exposing_GPS_Spoofing_in_Russia_and_Syria)
* Mar 28 - [[ThreatRecon] Threat Actor Group using UAC Bypass Module to run BAT File](https://threatrecon.nshc.net/2019/03/28/threat-actor-group-using-uac-bypass-module-to-run-bat-file/) | [:closed_book:](../../blob/master/2019/2019.03.28.UAC_Bypass_BAT_APT)
* Mar 27 - [[Symantec] Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.](https://www.symantec.com/blogs/threat-intelligence/elfin-apt33-espionage) | [:closed_book:](../../blob/master/2019/2019.03.27.Elfin)
* Mar 25 - [[Kaspersky] Operation ShadowHammer](https://securelist.com/operation-shadowhammer/89992/) | [:closed_book:](../../blob/master/2019/2019.03.25.Operation_ShadowHammer)
* Mar 22 - [[Netscout] LUCKY ELEPHANT CAMPAIGN MASQUERADING](https://www.netscout.com/blog/asert/lucky-elephant-campaign-masquerading) | [:closed_book:](../../blob/master/2019/2019.03.22.LUCKY_ELEPHANT)
* Mar 13 - [[CISCO] GlitchPOS: New PoS malware for sale](https://blog.talosintelligence.com/2019/03/glitchpos-new-pos-malware-for-sale.html) | [:closed_book:](../../blob/master/2019/2019.03.13.GlitchPOS_POS_Malware)
* Mar 13 - [[FlashPoint] DMSniff POS Malware Actively Leveraged to Target Small-, Medium-Sized Businesses](https://www.flashpoint-intel.com/blog/dmsniff-pos-malware-actively-leveraged-target-medium-sized-businesses/) | [:closed_book:](../../blob/master/2019/2019.03.13.DMSniff_POS_Malware)
* Mar 13 - [[CheckPoint] Operation Sheep: Pilfer-Analytics SDK in Action](https://research.checkpoint.com/operation-sheep-pilfer-analytics-sdk-in-action/) | [:closed_book:](../../blob/master/2019/2019.03.13.Operation_Sheep)
* Mar 12 - [[Pala Alto Network] Operation Comando: How to Run a Cheap and Effective Credit Card Business](https://unit42.paloaltonetworks.com/operation-comando-or-how-to-run-a-cheap-and-effective-credit-card-business/) | [:closed_book:](../../blob/master/2019/2019.03.12.Operation_Comando)
* Mar 11 - [[ESET] Gaming industry still in the scope of attackers in Asia](https://www.welivesecurity.com/2019/03/11/gaming-industry-scope-attackers-asia/) | [:closed_book:](../../blob/master/2019/2019.03.11.Gaming-Industry.Asia)
* Mar 08 - [[Resecurity] Supply Chain The Major Target of Cyberespionage Groups](https://resecurity.com/blog/supply-chain-the-major-target-of-cyberespionage-groups/) | [:closed_book:](../../blob/master/2019/2019.03.08.Supply_Chain_Groups)
* Mar 07 - [[Trend Micro] New SLUB Backdoor Uses GitHub, Communicates via Slack](https://blog.trendmicro.com/trendlabs-security-intelligence/new-slub-backdoor-uses-github-communicates-via-slack/) | [:closed_book:](../../blob/master/2019/2019.03.07.SLUB_Backdoor)
* Mar 06 - [[Cybaze-Yoroi Z-LAB] Operation Pistacchietto](https://blog.yoroi.company/research/op-pistacchietto-an-italian-job/) | [:closed_book:](../../blob/master/2019/2019.03.06.Operation_Pistacchietto)
* Mar 06 - [[NTT] Targeted attack using Taidoor Analysis report](https://www.nttsecurity.com/docs/librariesprovider3/resources/taidoor%E3%82%92%E7%94%A8%E3%81%84%E3%81%9F%E6%A8%99%E7%9A%84%E5%9E%8B%E6%94%BB%E6%92%83%E8%A7%A3%E6%9E%90%E3%83%AC%E3%83%9D%E3%83%BC%E3%83%88_v1) | [:closed_book:](../../blob/master/2019/2019.03.06_Taidoor_Analysis)
* Mar 06 - [[Symantec] Whitefly: Espionage Group has Singapore in Its Sights](https://www.symantec.com/blogs/threat-intelligence/whitefly-espionage-singapore) | [:closed_book:](../../blob/master/2019/2019.03.06.Whitefly)
* Mar 04 - [[FireEye] APT40: Examining a China-Nexus Espionage Actor](https://www.fireeye.com/blog/threat-research/2019/03/apt40-examining-a-china-nexus-espionage-actor.html) | [:closed_book:](../../blob/master/2019/2019.03.04.APT40)
2020-02-11 08:58:43 +00:00
* Feb 28 - [[Marco Ramilli] Ransomware, Trojan and Miner together against “PIK-Group”](https://marcoramilli.com/2019/02/28/ransomware-trojan-and-miner-together-against-pik-group/) | [:closed_book:](../../blob/master/2019/2019.02.28_RIK_Group)
2019-08-14 09:38:24 +00:00
* Feb 27 - [[Dell] A Peek into BRONZE UNIONs Toolbox](https://www.secureworks.com/research/a-peek-into-bronze-unions-toolbox) | [:closed_book:](../../blob/master/2019/2019.02.27.BRONZE_UNION_Toolbox)
* Feb 26 - [[Cybaze-Yoroi Z-LAB] The Arsenal Behind the Australian Parliament Hack](https://blog.yoroi.company/research/the-arsenal-behind-the-australian-parliament-hack/) | [:closed_book:](../../blob/master/2019/2019.02.26.Australian_Parliament_Hack)
* Feb 25 - [[CarbonBlack] Defeating Compiler Level Obfuscations Used in APT10 Malware](https://www.carbonblack.com/2019/02/25/defeating-compiler-level-obfuscations-used-in-apt10-malware/) | [:closed_book:](../../blob/master/2019/2019.02.25.APT10_Defeating_Compiler_Level)
* Feb 20 - [[SecureSoft] IT IS IDENTIFIED ATTACKS OF THE CIBERCRIMINAL LAZARUS GROUP DIRECTED TO ORGANIZATIONS IN RUSSIA](http://securitysummitperu.com/articulos/se-identifico-ataques-del-grupo-cibercriminal-lazarus-dirigidos-a-organizaciones-en-rusia/) | [:closed_book:](../../blob/master/2019/2019.02.20.LAZARUS_to_RUSSIA)
* Feb 18 - [[360] APT-C-36: Continuous Attacks Targeting Colombian Government Institutions and Corporations](https://ti.360.net/blog/articles/apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en/) | [:closed_book:](../../blob/master/2019/2019.02.18.APT-C-36.Colombian)
* Feb 14 - [[360] Suspected Molerats' New Attack in the Middle East](https://ti.360.net/blog/articles/suspected-molerats-new-attack-in-the-middle-east-en/) | [:closed_book:](../../blob/master/2019/2019.02.14.Molerats_APT)
* Feb 06 - [[Recorded Future] APT10 Targeted Norwegian MSP and US Companies in Sustained Campaign](https://www.recordedfuture.com/apt10-cyberespionage-campaign/) | [:closed_book:](../../blob/master/2019/2019.02.06.APT10_Sustained_Campaign)
2019-08-29 05:01:02 +00:00
* Feb 05 - [[Anomali] Analyzing Digital Quartermasters in Asia Do Chinese and Indian APTs Have a Shared Supply Chain?](https://www.anomali.com/blog/analyzing-digital-quartermasters-in-asia-do-chinese-and-indian-apts-have-a-shared-supply-chain) | [:closed_book:](../../blob/master/2019/2019.02.05.China_India_APT_shared)
* Feb 01 - [[Palo Alto Networks] Tracking OceanLotus new Downloader, KerrDown](https://unit42.paloaltonetworks.com/tracking-oceanlotus-new-downloader-kerrdown/) | [:closed_book:](../../blob/master/2019/2019.02.01.OceanLotus_KerrDown)
2019-08-14 09:38:24 +00:00
* Jan 30 - [[Kaspersky] Chafer used Remexi malware to spy on Iran-based foreign diplomatic entities](https://securelist.com/chafer-used-remexi-malware/89538/) | [:closed_book:](../../blob/master/2019/2019.01.30.Chafer_APT_Spy_Iran)
* Jan 30 - [[NSHC] The Double Life of SectorA05 Nesting in Agora (Operation Kitty Phishing](https://threatrecon.nshc.net/2019/01/30/operation-kitty-phishing) | [:closed_book:](../../blob/master/2019/2019.01.30.Operation_Kitty_Phishing)
* Jan 30 - [[Morphisec] NEW CAMPAIGN DELIVERS ORCUS RAT](http://blog.morphisec.com/new-campaign-delivering-orcus-rat) | [:closed_book:](../../blob/master/2019/2019.01.30.ORCUS_RAT)
2020-06-09 04:23:36 +00:00
* Jan 25 - [[LAB52] WIRTE Group attacking the Middle East](https://www.securityartwork.es/2019/01/25/wirte-group-attacking-the-middle-east/) | [:closed_book:](../../blob/master/2019/2019.01.18.WIRTE_Group_attacking_the_Middle_East)
2019-08-14 09:38:24 +00:00
* Jan 24 - [[Carbon Black] GandCrab and Ursnif Campaign](https://www.carbonblack.com/2019/01/24/carbon-black-tau-threatsight-analysis-gandcrab-and-ursnif-campaign/) | [:closed_book:](../../blob/master/2019/2019.01.24.GandCrab_and_Ursnif)
2019-08-29 05:01:02 +00:00
* Jan 18 - [[Palo Alto Networks] DarkHydrus delivers new Trojan that can use Google Drive for C2 communications](https://unit42.paloaltonetworks.com/darkhydrus-delivers-new-trojan-that-can-use-google-drive-for-c2-communications/) | [:closed_book:](../../blob/master/2019/2019.01.18.DarkHydrus)
* Jan 17 - [[Palo Alto Networks] Malware Used by “Rocke” Group Evolves to Evade Detection by Cloud Security Products](https://unit42.paloaltonetworks.com/malware-used-by-rocke-group-evolves-to-evade-detection-by-cloud-security-products/) | [:closed_book:](../../blob/master/2019/2019.01.17.Rocke_Group)
2019-08-14 09:38:24 +00:00
* Jan 16 - [[360] Latest Target Attack of DarkHydruns Group Against Middle East](https://ti.360.net/blog/articles/latest-target-attack-of-darkhydruns-group-against-middle-east-en/) | [:closed_book:](../../blob/master/2019/2019.01.16.DarkHydruns)
2019-01-17 03:17:19 +00:00
2018-01-10 08:31:27 +00:00
## 2018
2019-08-14 09:38:24 +00:00
* Dec 28 - [[Medium] Goblin Panda changes the dropper and reuses the old infrastructure](https://medium.com/@Sebdraven/goblin-panda-changes-the-dropper-and-reused-the-old-infrastructure-a35915f3e37a) | [:closed_book:](../../blob/master/2018/2018.12.28.Goblin_Panda)
2019-08-29 05:01:02 +00:00
* Dec 27 - [[Cybaze-Yoroi Z-LAB] The Enigmatic “Roma225” Campaign](https://blog.yoroi.company/research/the-enigmatic-roma225-campaign/) | [:closed_book:](../../blob/master/2018/2018.12.27.Roma225_Campaign)
2019-08-14 09:38:24 +00:00
* Dec 20 - [[Objective-See] Middle East Cyber-Espionage: analyzing WindShift's implant: OSX.WindTail](https://objective-see.com/blog/blog_0x3B.html)| [:closed_book:](../../blob/master/2018/2018.12.20.WindShift_Middle_East)
* Dec 18 - [[Trend Micro] URSNIF, EMOTET, DRIDEX and BitPaymer Gangs Linked by a Similar Loader](https://blog.trendmicro.com/trendlabs-security-intelligence/ursnif-emotet-dridex-and-bitpaymer-gangs-linked-by-a-similar-loader/) | [:closed_book:](../../blob/master/2018/2018.12.18.ursnif-emotet-dridex-and-bitpaymer-gangs)
* Dec 13 - [[Certfa] The Return of The Charming Kitten](https://blog.certfa.com/posts/the-return-of-the-charming-kitten/) | [:closed_book:](../../blob/master/2018/2018.12.13.Charming_Kitten_Return)
* Dec 13 - [[Trend Micro] Tildeb: Analyzing the 18-year-old Implant from the Shadow Brokers Leak](https://documents.trendmicro.com/assets/tech-brief-tildeb-analyzing-the-18-year-old-implant-from-the-shadow-brokers-leak.pdf) | [:closed_book:](../../blob/master/2018/2018.12.13.Tildeb_Shadow_Brokers)
* Dec 13 - [[Palo Alto Networks] Shamoon 3 Targets Oil and Gas Organization](https://unit42.paloaltonetworks.com/shamoon-3-targets-oil-gas-organization/) | [:closed_book:](../../blob/master/2018/2018.12.13.Shamoon_3)
* Dec 12 - [[McAfee] Operation Sharpshooter Targets Global Defense, Critical Infrastructure](https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-sharpshooter.pdf) | [:closed_book:](../../blob/master/2018/2018.12.12.Operation_Sharpshooter)
* Dec 12 - [[360] Donot (APT-C-35) Group Is Targeting Pakistani Businessman Working In China](https://ti.360.net/blog/articles/donot-group-is-targeting-pakistani-businessman-working-in-china-en/) | [:closed_book:](../../blob/master/2018/2018.12.12.Donot_Group)
* Dec 11 - [[Cylance] Poking the Bear: Three-Year Campaign Targets Russian Critical Infrastructure](https://threatvector.cylance.com/en_us/home/poking-the-bear-three-year-campaign-targets-russian-critical-infrastructure.html) | [:closed_book:](../../blob/master/2018/2018.12.11.Poking_the_Bear)
* Nov ?? - [[Google] The Hunt for 3ve](https://services.google.com/fh/files/blogs/3ve_google_whiteops_whitepaper_final_nov_2018.pdf) | [:closed_book:](../../blob/master/2018/2018.11.The_Hunt_for_3ve)
* Nov 30 - [[Trend Micro] New PowerShell-based Backdoor Found in Turkey, Strikingly Similar to MuddyWater Tools](https://blog.trendmicro.com/trendlabs-security-intelligence/new-powershell-based-backdoor-found-in-turkey-strikingly-similar-to-muddywater-tools/) | [:closed_book:](../../blob/master/2018/2018.11.30.MuddyWater_Turkey)
* Nov 29 - [[360] Analysis Of Targeted Attack Against Pakistan By Exploiting InPage Vulnerability And Related APT Groups](https://ti.360.net/blog/articles/analysis-of-targeted-attack-against-pakistan-by-exploiting-inpage-vulnerability-and-related-apt-groups-english/) | [:closed_book:](../../blob/master/2018/2018.11.29.Attack_Pakistan_By_Exploiting_InPage)
* Nov 28 - [[Microsoft] Windows Defender ATP device risk score exposes new cyberattack, drives Conditional access to protect networks](https://cloudblogs.microsoft.com/microsoftsecure/2018/11/28/windows-defender-atp-device-risk-score-exposes-new-cyberattack-drives-conditional-access-to-protect-networks/) | [:closed_book:](../../blob/master/2018/2018.11.28.Tropic_Trooper_microsoft)
* Nov 28 - [[Clearsky] MuddyWater Operations in Lebanon and Oman](https://www.clearskysec.com/wp-content/uploads/2018/11/MuddyWater-Operations-in-Lebanon-and-Oman.pdf) | [:closed_book:](../../blob/master/2018/2018.11.28.MuddyWater-Operations-in-Lebanon-and-Oman)
* Nov 27 - [[CISCO] DNSpionage Campaign Targets Middle East](https://blog.talosintelligence.com/2018/11/dnspionage-campaign-targets-middle-east.html) | [:closed_book:](../../blob/master/2018/2018.11.27.dnspionage-campaign-targets-middle-east)
* Nov 20 - [[Trend Micro] Lazarus Continues Heists, Mounts Attacks on Financial Organizations in Latin America](https://blog.trendmicro.com/trendlabs-security-intelligence/lazarus-continues-heists-mounts-attacks-on-financial-organizations-in-latin-america/) | [:closed_book:](../../blob/master/2018/2018.11.20.lazarus-in-latin-america)
* Nov 19 - [[FireEye] Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign](https://www.fireeye.com/blog/threat-research/2018/11/not-so-cozy-an-uncomfortable-examination-of-a-suspected-apt29-phishing-campaign.html) | [:closed_book:](../../blob/master/2018/2018.11.19.APT29_Phishing)
2019-08-29 05:01:02 +00:00
* Nov 13 - [[Recorded Future] Chinese Threat Actor TEMP.Periscope Targets UK-Based Engineering Company Using Russian APT Techniques ](https://go.recordedfuture.com/hubfs/reports/cta-2018-1113.pdf) | [:closed_book:](../../blob/master/2018/2018.11.13.China.TEMP.Periscope.Using.Russian_APT)
2019-08-14 09:38:24 +00:00
* Nov 08 - [[Symantec] FASTCash: How the Lazarus Group is Emptying Millions from ATMs](https://www.symantec.com/blogs/threat-intelligence/fastcash-lazarus-atm-malware) | [:closed_book:](../../blob/master/2018/2018.11.08.FASTCash)
2019-08-29 05:01:02 +00:00
* Nov 05 - [[Palo Alto Networks] Inception Attackers Target Europe with Year-old Office Vulnerability](https://unit42.paloaltonetworks.com/unit42-inception-attackers-target-europe-year-old-office-vulnerability/) | [:closed_book:](../../blob/master/2018/2018.11.05.Inception_Attackers_Target_Europe)
2020-05-12 02:17:40 +00:00
* Nov 01 - [[Trend Micro] Outlaw group: Perl-Based Shellbot Looks to Target Organizations via C&C](https://blog.trendmicro.com/trendlabs-security-intelligence/perl-based-shellbot-looks-to-target-organizations-via-cc/) | [:closed_book:](../../blob/master/2018/2018.11.01_Outlaw_group)
2019-08-14 09:38:24 +00:00
* Oct 19 - [[Kaspersky] DarkPulsar](https://securelist.com/darkpulsar/88199/) | [:closed_book:](../../blob/master/2018/2018.10.19.DarkPulsar)
* Oct 18 - [[Medium] APT Sidewinder changes theirs TTPs to install their backdoor](https://medium.com/@Sebdraven/apt-sidewinder-changes-theirs-ttps-to-install-their-backdoor-f92604a2739) | [:closed_book:](../../blob/master/2018/2018.10.18.APT_Sidewinder_changes)
* Oct 18 - [[CISCO] Tracking Tick Through Recent Campaigns Targeting East Asia](https://blog.talosintelligence.com/2018/10/tracking-tick-through-recent-campaigns.html) | [:closed_book:](../../blob/master/2018/2018.10.18.Datper_Bronze_Butler)
* Oct 18 - [[McAfee] Operation Oceansalt Attacks South Korea, U.S. and Canada with Source Code from Chinese Hacker Group](https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-oceansalt.pdf) | [:closed_book:](../../blob/master/2018/2018.10.18.Operation_Oceansalt)
2020-02-11 08:58:43 +00:00
* Oct 17 - [[Marco Ramilli] MartyMcFly Malware: Targeting Naval Industry](https://marcoramilli.com/2018/10/17/martymcfly-malware-targeting-naval-industry/) | [:closed_book:](../../blob/master/2018/2018.10.17_MartyMcFly_Targeting_Naval_Industry)
2019-08-14 09:38:24 +00:00
* Oct 17 - [[Cylance] The SpyRATs of OceanLotus: Malware Analysis White Paper](https://www.cylance.com/content/dam/cylance-web/en-us/resources/knowledge-center/resource-library/reports/SpyRATsofOceanLotusMalwareWhitePaper.pdf) | [:closed_book:](../../blob/master/2018/2018.10.17.OceanLotus_SpyRATs)
* Oct 17 - [[ESET] GreyEnergy: Updated arsenal of one of the most dangerous threat actors](https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/) | [:closed_book:](../../blob/master/2018/2018.10.17.GreyEnergy)
* Oct 17 - [[Yoroi] Cyber-Espionage Campaign Targeting the Naval Industry (“MartyMcFly”)](https://blog.yoroi.company/?p=1829) | [:closed_book:](../../blob/master/2018/2018.10.17.Targeting_the_Naval_Industry)
* Oct 15 - [[Kaspersky] Octopus-infested seas of Central Asia](https://securelist.com/octopus-infested-seas-of-central-asia/88200/) | [:closed_book:](../../blob/master/2018/2018.10.15.Octopus_Central_Asia)
* Oct 11 - [[Symantec] Gallmaker: New Attack Group Eschews Malware to Live off the Land](https://www.symantec.com/blogs/threat-intelligence/gallmaker-attack-group) | [:closed_book:](../../blob/master/2018/2018.10.11.Gallmaker)
* Oct 10 - [[Kaspersky] MuddyWater expands operations](https://securelist.com/muddywater/88059/) | [:closed_book:](../../blob/master/2018/2018.10.10.MuddyWater_expands)
* Oct 03 - [[FireEye] APT38: Details on New North Korean Regime-Backed Threat Group](https://content.fireeye.com/apt/rpt-apt38) | [:closed_book:](../../blob/master/2018/2018.10.03.APT38)
* Sep 27 - [[ESET] LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group](https://www.welivesecurity.com/wp-content/uploads/2018/09/ESET-LoJax.pdf) | [:closed_book:](../../blob/master/2018/2018.09.27.LoJax)
* Sep 20 - [[360] (Non-English) (CN) PoisonVine](https://ti.360.net/uploads/2018/09/20/6f8ad451646c9eda1f75c5d31f39f668.pdf) | [:closed_book:](../../blob/master/2018/2018.09.20.Poison_Trumpet_Vine_Operation)
2020-06-12 08:15:37 +00:00
* Sep 19 - [[Antiy] (Non-English) (CN) Green Spot APT](https://www.antiy.cn/report-download/20180919.pdf) | [:closed_book:](../../blob/master/2018/2018.09.19.Green_Spot_APT)
2019-08-14 09:38:24 +00:00
* Sep 13 - [[FireEye] APT10 Targeting Japanese Corporations Using Updated TTPs](https://www.fireeye.com/blog/threat-research/2018/09/apt10-targeting-japanese-corporations-using-updated-ttps.html) | [:closed_book:](../../blob/master/2018/2018.09.13.APT10_Targeting_Japanese)
* Sep 10 - [[Kaspersky] LuckyMouse signs malicious NDISProxy driver with certificate of Chinese IT company](https://securelist.com/luckymouse-ndisproxy-driver/87914) | [:closed_book:](../../blob/master/2018/2018.09.07.Goblin_Panda_targets_Cambodia)
2020-03-02 06:08:37 +00:00
* Sep 07 - [[Volon] Targeted Attack on Indian Ministry of External Affairs using Crimson RAT](https://volon.io/2018/09/07/targeted-attack-on-indian-ministry-of-external-affairs-using-crimson-rat/) | [:closed_book:](../../blob/master/2018/2018.09.07.indian-ministry_crimson-rat)
2019-08-14 09:38:24 +00:00
* Sep 07 - [[CheckPoint] Domestic Kitten: An Iranian Surveillance Operation](https://research.checkpoint.com/domestic-kitten-an-iranian-surveillance-operation/) | [:closed_book:](../../blob/master/2018/2018.09.07.Domestic_Kitten)
* Sep 07 - [[Medium] Goblin Panda targets Cambodia sharing capacities with another Chinese group hackers Temp Periscope](https://medium.com/@Sebdraven/goblin-panda-targets-cambodia-sharing-capacities-with-another-chinese-group-hackers-temp-periscope-7871382ffcc0) | [:closed_book:](../../blob/master/2018/2018.08.28.CeidPageLock)
2019-08-29 05:01:02 +00:00
* Sep 04 - [[Palo Alto Networks] OilRig Targets a Middle Eastern Government and Adds Evasion Techniques to OopsIE](https://researchcenter.paloaltonetworks.com/2018/09/unit42-oilrig-targets-middle-eastern-government-adds-evasion-techniques-oopsie/) | [:closed_book:](../../blob/master/2018/2018.09.04.OilRig_Targets_Middle_Eastern)
2019-08-22 10:07:35 +00:00
* Sep 04 - [[Group-IB] Silence: Moving into the darkside](https://www.group-ib.com/resources/threat-research/silence_moving-into-the-darkside.pdf) | [:closed_book:](../../blob/master/2018/2018.09.04.Silence)
2019-08-29 05:01:02 +00:00
* Aug 30 - [[MalwareBytes] Reversing malware in a custom format: Hidden Bee elements](https://blog.malwarebytes.com/threat-analysis/2018/08/reversing-malware-in-a-custom-format-hidden-bee-elements/) | [:closed_book:](../../blob/master/2018/2018.08.30.Hidden_Bee_Custom_format)
* Aug 30 - [[CrowdStrike] Two Birds, One STONE PANDA](https://www.crowdstrike.com/blog/two-birds-one-stone-panda/) | [:closed_book:](../../blob/master/2018/2018.08.30.Stone_Panda)
2019-08-14 09:38:24 +00:00
* Aug 30 - [[Arbor] Double the Infection, Double the Fun](https://asert.arbornetworks.com/double-the-infection-double-the-fun/) | [:closed_book:](../../blob/master/2018/2018.08.30.Cobalt_Group_Fun)
* Aug 30 - [[Dark Matter] COMMSEC: The Trails of WINDSHIFT APT](https://gsec.hitb.org/materials/sg2018/D1%20COMMSEC%20-%20In%20the%20Trails%20of%20WINDSHIFT%20APT%20-%20Taha%20Karim.pdf) | [:closed_book:](../../blob/master/2018/2018.08.30.WINDSHIFT_APT)
* Aug 29 - [[Trend Micro] The Urpage Connection to Bahamut, Confucius and Patchwork](https://blog.trendmicro.com/trendlabs-security-intelligence/the-urpage-connection-to-bahamut-confucius-and-patchwork/) | [:closed_book:](../../blob/master/2018/2018.08.29.Bahamut_Confucius_Patchwork)
* Aug 28 - [[CheckPoint] CeidPageLock: A Chinese RootKit](https://research.checkpoint.com/ceidpagelock-a-chinese-rootkit/) | [:closed_book:](../../blob/master/2018/2018.08.28.CeidPageLock)
* Aug 23 - [[Kaspersky] Operation AppleJeus: Lazarus hits cryptocurrency exchange with fake installer and macOS malware](https://securelist.com/operation-applejeus/87553/) | [:closed_book:](../../blob/master/2018/2018.08.23.Operation_AppleJeus)
* Aug 21 - [[ESET] TURLA OUTLOOK BACKDOOR](https://www.welivesecurity.com/wp-content/uploads/2018/08/Eset-Turla-Outlook-Backdoor.pdf) | [:closed_book:](../../blob/master/2018/2018.08.21.Operation_Red_Signature)
* Aug 21 - [[Trend Micro] Supply Chain Attack Operation Red Signature Targets South Korean Organizations](https://blog.trendmicro.com/trendlabs-security-intelligence/supply-chain-attack-operation-red-signature-targets-south-korean-organizations) | [:closed_book:](../../blob/master/2018/2018.08.21.Operation_Red_Signature)
* Aug 16 - [[Recorded Future] Chinese Cyberespionage Originating From Tsinghua University Infrastructure](https://go.recordedfuture.com/hubfs/reports/cta-2018-0816.pdf) | [:closed_book:](../../blob/master/2018/2018.08.16.Chinese_Cyberespionage_Tsinghua_University)
* Aug 09 - [[McAfee] Examining Code Reuse Reveals Undiscovered Links Among North Koreas Malware Families](https://securingtomorrow.mcafee.com/mcafee-labs/examining-code-reuse-reveals-undiscovered-links-among-north-koreas-malware-families/) | [:closed_book:](../../blob/master/2018/2018.08.09.north-koreas-malware-families)
* Aug 02 - [[Accenture] Goldfin Security Alert](https://www.accenture.com/us-en/blogs/blogs-goldfin-security-alert) | [:closed_book:](../../blob/master/2018/2018.08.02.Goldfin_Security_Alert)
2019-08-29 05:01:02 +00:00
* Aug 02 - [[Palo Alto Networks] The Gorgon Group: Slithering Between Nation State and Cybercrime](https://researchcenter.paloaltonetworks.com/2018/08/unit42-gorgon-group-slithering-nation-state-cybercrime/) | [:closed_book:](../../blob/master/2018/2018.08.02.Gorgon_Group)
2019-08-14 09:38:24 +00:00
* Aug 02 - [[Medium] Goblin Panda against the Bears](https://medium.com/@Sebdraven/gobelin-panda-against-the-bears-1f462d00e3a4) | [:closed_book:](../../blob/master/2018/2018.08.02.Goblin_Panda)
* Aug 01 - [[Medium] Malicious document targets Vietnamese officials](https://medium.com/@Sebdraven/malicious-document-targets-vietnamese-officials-acb3b9d8b80a) | [:closed_book:](../../blob/master/2018/2018.08.01.Vietnamese_officials_Targets)
2019-08-29 05:01:02 +00:00
* Jul 31 - [[Palo Alto Networks] Bisonal Malware Used in Attacks Against Russia and South Korea](https://researchcenter.paloaltonetworks.com/2018/07/unit42-bisonal-malware-used-attacks-russia-south-korea/) | [:closed_book:](../../blob/master/2018/2018.07.31.bisonal-malware-used-attacks-russia-south-korea)
2019-08-14 09:38:24 +00:00
* Jul 31 - [[Medium] Malicious document targets Vietnamese officials](https://medium.com/@Sebdraven/malicious-document-targets-vietnamese-officials-acb3b9d8b80a) | [:closed_book:](../../blob/master/2018/2018.07.31.APT_SideWinder_Malicious_Doc)
2019-08-29 05:01:02 +00:00
* Jul 27 - [[Palo Alto Networks] New Threat Actor Group DarkHydrus Targets Middle East Government](https://unit42.paloaltonetworks.com/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/) | [:closed_book:](../../blob/master/2018/2018.07.27.DarkHydrus)
2019-08-14 09:38:24 +00:00
* Jul 23 - [[CSE] APT27: A long-term espionage campaign in Syria](http://csecybsec.com/download/zlab/20180723_CSE_APT27_Syria_v1.pdf) | [:closed_book:](../../blob/master/2018/2018.07.23_APT27_Syria)
* Jul 16 - [[Trend Micro] New Andariel Reconnaissance Tactics Hint At Next Targets](https://blog.trendmicro.com/trendlabs-security-intelligence/new-andariel-reconnaissance-tactics-hint-at-next-targets/) | [:closed_book:](../../blob/master/2018/2018.07.16.new-andariel)
* Jul 13 - [[CSE] Operation Roman Holiday Hunting the Russian
2019-08-14 09:38:24 +00:00
APT28 group](http://csecybsec.com/download/zlab/20180713_CSE_APT28_X-Agent_Op-Roman%20Holiday-Report_v6_1.pdf) | [:closed_book:](../../blob/master/2018/2018.07.13.Operation_Roman_Holiday)
* Jul 12 - [[CISCO] Advanced Mobile Malware Campaign in India uses Malicious MDM](https://blog.talosintelligence.com/2018/07/Mobile-Malware-Campaign-uses-Malicious-MDM.html) | [:closed_book:](../../blob/master/2018/2018.07.12.Advanced_Mobile_Malware_Campaign_in_India)
* Jul 09 - [[ESET] Certificates stolen from Taiwanese tech-companies misused in Plead malware campaign](https://www.welivesecurity.com/2018/07/09/certificates-stolen-taiwanese-tech-companies-plead-malware-campaign/) | [:closed_book:](../../blob/master/2018/2018.07.09.certificates-stolen-taiwanese-tech-companies-plead-malware-campaign)
* Jul 08 - [[CheckPoint] APT Attack In the Middle East: The Big Bang](https://research.checkpoint.com/apt-attack-middle-east-big-bang/) | [:closed_book:](../../blob/master/2018/2018.07.08.Big_Bang)
* Jul 08 - [[Fortinet] Hussarini Targeted Cyber Attack in the Philippines](https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html) | [:closed_book:](../../blob/master/2018/2018.07.08.Hussarini)
* Jun XX - [[Ahnlab] Operation Red Gambler](http://image.ahnlab.com/file_upload/asecissue_files/ASEC%20REPORT_vol.91.pdf) | [:closed_book:](../../blob/master/2018/2018.06.xx.Operation_Red_Gambler)
* Jun 26 - [[Palo Alto Networks] RANCOR: Targeted Attacks in South East Asia Using PLAINTEE and DDKONG Malware Families](https://researchcenter.paloaltonetworks.com/2018/06/unit42-rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/) | [:closed_book:](../../blob/master/2018/2018.06.26.RANCOR)
* Jun 23 - [[Ahnlab] Full Discloser of Andariel,A Subgroup of Lazarus Threat Group](https://global.ahnlab.com/global/upload/download/techreport/[AhnLab]Andariel_a_Subgroup_of_Lazarus%20(3).pdf) | [:closed_book:](../../blob/master/2018/2018.06.23.Andariel_Group)
2019-10-14 07:05:55 +00:00
* Jun 22 - [[Palo Alto networks] Tick Group Weaponized Secure USB Drives to Target Air-Gapped Critical Systems](https://unit42.paloaltonetworks.com/unit42-tick-group-weaponized-secure-usb-drives-target-air-gapped-critical-systems/) | [:closed_book:](../../blob/master/2018/2018.06.22.Iick.Group-weaponized-secure-usb)
2019-08-14 09:38:24 +00:00
* Jun 20 - [[Symantec] Thrip: Espionage Group Hits Satellite, Telecoms, and Defense Companies](https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets) | [:closed_book:](../../blob/master/2018/2018.06.20.thrip-hits-satellite-telecoms-defense-targets)
* Jun 19 - [[Kaspersky] Olympic Destroyer is still alive](https://securelist.com/olympic-destroyer-is-still-alive/86169/) | [:closed_book:](../../blob/master/2018/2017.06.19.olympic-destroyer-is-still-alive)
* Jun 14 - [[Trend Micro] Another Potential MuddyWater Campaign uses Powershell-based PRB-Backdoor](https://blog.trendmicro.com/trendlabs-security-intelligence/another-potential-muddywater-campaign-uses-powershell-based-prb-backdoor/) | [:closed_book:](../../blob/master/2018/2018.06.14.another-potential-muddywater-campaign)
* Jun 14 - [[intezer] MirageFox: APT15 Resurfaces With New Tools Based On Old Ones](https://www.intezer.com/miragefox-apt15-resurfaces-with-new-tools-based-on-old-ones/) | [:closed_book:](../../blob/master/2018/2018.06.14.MirageFox_APT15)
* Jun 13 - [[Kaspersky] LuckyMouse hits national data center to organize country-level waterholing campaign](https://securelist.com/luckymouse-hits-national-data-center/86083/) | [:closed_book:](../../blob/master/2018/2018.06.13.LuckyMouse)
* Jun 07 - [[Volexity] Patchwork APT Group Targets US Think Tanks](https://www.volexity.com/blog/2018/06/07/patchwork-apt-group-targets-us-think-tanks/) | [:closed_book:](../../blob/master/2018/2018.06.07.patchwork-apt-group-targets-us-think-tanks)
* Jun 07 - [[ICEBRG] ADOBE FLASH ZERO-DAY LEVERAGED FOR TARGETED ATTACK IN MIDDLE EAST](https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack) | [:closed_book:](../../blob/master/2018/2018.06.07.dobe-flash-zero-day-targeted-attack)
* Jun 07 - [[FireEye] A Totally Tubular Treatise on TRITON and TriStation](https://www.fireeye.com/blog/threat-research/2018/06/totally-tubular-treatise-on-triton-and-tristation.html) | [:closed_book:](../../blob/master/2018/2018.06.07.Totally_Tubular_Treatise_on_TRITON_TriStation)
* Jun 06 - [[CISCO] VPNFilter Update - VPNFilter exploits endpoints, targets new devices](https://blog.talosintelligence.com/2018/06/vpnfilter-update.html) | [:closed_book:](../../blob/master/2018/2018.06.06.vpnfilter-update)
* Jun 06 - [[GuardiCore] OPERATION PROWLI: MONETIZING 40,000 VICTIM MACHINES](https://www.guardicore.com/2018/06/operation-prowli-traffic-manipulation-cryptocurrency-mining/) | [:closed_book:](../../blob/master/2018/2018.06.06.OPERATION_PROWLI)
* Jun 06 - [[Palo Alto Networks] Sofacy Groups Parallel Attacks](https://researchcenter.paloaltonetworks.com/2018/06/unit42-sofacy-groups-parallel-attacks/) | [:closed_book:](../../blob/master/2018/2018.06.06.sofacy-groups-parallel-attacks)
* May 31 - [[CISCO] NavRAT Uses US-North Korea Summit As Decoy For Attacks In South Korea](https://blog.talosintelligence.com/2018/05/navrat.html) | [:closed_book:](../../blob/master/2018/2018.03.31.NavRAT_Uses_US-North_Korea_Summit_As_Decoy)
* May 29 - [[intezer] Iron Cybercrime Group Under The Scope](https://www.intezer.com/iron-cybercrime-group-under-the-scope-2/) | [:closed_book:](../../blob/master/2018/2018.05.29.iron-cybercrime-group)
* May 23 - [[CISCO] New VPNFilter malware targets at least 500K networking devices worldwide](https://blog.talosintelligence.com/2018/05/VPNFilter.html) | [:closed_book:](../../blob/master/2018/2018.05.23.New_VPNFilter)
* May 23 - [[Ahnlab] Andariel Group Trend Report](http://download.ahnlab.com/kr/site/library/[Report]Andariel_Threat_Group.pdf) | [:closed_book:](../../blob/master/2018/2018.05.23.Andariel_Group)
* May 23 - [[Trend Micro] Confucius Update: New Tools and Techniques, Further Connections with Patchwork](https://blog.trendmicro.com/trendlabs-security-intelligence/confucius-update-new-tools-and-techniques-further-connections-with-patchwork/) | [:closed_book:](../../blob/master/2018/2018.05.23.Confucius_Update)
* May 22 - [[Intrusiontruth] The destruction of APT3](https://intrusiontruth.wordpress.com/2018/05/22/the-destruction-of-apt3/) | [:closed_book:](../../blob/master/2018/2018.05.22.The_destruction_of_APT3)
* May 22 - [[ESET] Turla Mosquito: A shift towards more generic tools](https://www.welivesecurity.com/2018/05/22/turla-mosquito-shift-towards-generic-tools/) | [:closed_book:](../../blob/master/2018/2018.05.22.Turla_Mosquito)
* May 09 - [[Recorded Future] Irans Hacker Hierarchy Exposed](https://go.recordedfuture.com/hubfs/reports/cta-2018-0509.pdf) | [:closed_book:](../../blob/master/2018/2018.05.09.Iran_Hacker_Hierarchy_Exposed)
* May 09 - [[360] Analysis of CVE-2018-8174 VBScript 0day and APT actor related to Office targeted attack](http://blogs.360.cn/blog/cve-2018-8174-en/) | [:closed_book:](../../blob/master/2018/2018.05.09.APT-C-06_CVE-2018-8174)
* May 03 - [[ProtectWise] Burning Umbrella](https://github.com/401trg/detections/raw/master/pdfs/20180503_Burning_Umbrella.pdf) | [:closed_book:](../../blob/master/2018/2018.05.03.Burning_Umbrella)
* May 03 - [[Kaspersky] Whos who in the Zoo: Cyberespionage operation targets Android users in the Middle East](https://securelist.com/whos-who-in-the-zoo/85394/) | [:closed_book:](../../blob/master/2018/2018.05.03.whos-who-in-the-zoo)
* May 03 - [[Ahnlab] Detailed Analysis of Red Eyes Hacking Group](https://global.ahnlab.com/global/upload/download/techreport/[AhnLab]%20Red_Eyes_Hacking_Group_Report%20(1).pdf) | [:closed_book:](../../blob/master/2018/2018.05.03.Red_Eyes_Hacking_Group)
* Apr 27 - [[Tencent] OceanLotus new malware analysis](https://s.tencent.com/research/report/471.html) | [:closed_book:](../../blob/master/2018/2018.04.27.OceanLotus_new_malware)
* Apr 26 - [[CISCO] GravityRAT - The Two-Year Evolution Of An APT Targeting India](https://blog.talosintelligence.com/2018/04/gravityrat-two-year-evolution-of-apt.html) | [:closed_book:](../../blob/master/2018/2018.04.26.GravityRAT)
* Apr 24 - [[FireEye] Metamorfo Campaigns Targeting Brazilian Users](https://www.fireeye.com/blog/threat-research/2018/04/metamorfo-campaign-targeting-brazilian-users.html) | [:closed_book:](../../blob/master/2018/2018.04.24.metamorfo-campaign)
* Apr 24 - [[McAfee] Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide](https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/) | [:closed_book:](../../blob/master/2018/2018.04.24.Operation_GhostSecret)
* Apr 24 - [[ESET] Sednit update: Analysis of Zebrocy](https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy/) | [:closed_book:](../../blob/master/2018/2018.04.24.sednit-update-analysis-zebrocy)
* Apr 23 - [[Accenture] HOGFISH REDLEAVES CAMPAIGN](https://www.accenture.com/t20180423T055005Z__w__/us-en/_acnmedia/PDF-76/Accenture-Hogfish-Threat-Analysis.pdf) | [:closed_book:](../../blob/master/2018/2018.04.23.HOGFISH_REDLEAVES_CAMPAIGN)
* Apr 23 - [[Symantec] New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia](https://www.symantec.com/blogs/threat-intelligence/orangeworm-targets-healthcare-us-europe-asia) | [:closed_book:](../../blob/master/2018/2018.04.23.New_Orangeworm)
* Apr 23 - [[Kaspersky] Energetic Bear/Crouching Yeti: attacks on servers](https://securelist.com/energetic-bear-crouching-yeti/85345/) | [:closed_book:](../../blob/master/2018/2018.04.23.energetic-bear-crouching-yeti)
* Apr 17 - [[NCCGroup] Decoding network data from a Gh0st RAT variant](https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/april/decoding-network-data-from-a-gh0st-rat-variant) | [:closed_book:](../../blob/master/2018.04.17.Iron_Tiger_Gh0st_RAT_variant)
* Apr 12 - [[Kaspersky] Operation Parliament, who is doing what?](https://securelist.com/operation-parliament-who-is-doing-what/85237/) | [:closed_book:](../../blob/master/2018/2018.04.12.operation-parliament)
* Apr 04 - [[Trend Micro] New MacOS Backdoor Linked to OceanLotus Found](https://blog.trendmicro.com/trendlabs-security-intelligence/new-macos-backdoor-linked-to-oceanlotus-found/) | [:closed_book:](../../blob/master/2018/2018.04.04.MacOS_Backdoor_OceanLotus)
* Mar 29 - [[Trend Micro] ChessMaster Adds Updated Tools to Its Arsenal](https://blog.trendmicro.com/trendlabs-security-intelligence/chessmaster-adds-updated-tools-to-its-arsenal/) | [:closed_book:](../../blob/master/2018/2018.03.29.ChessMaster_Adds_Updated_Tools)
* Mar 27 - [[Arbor] Panda Banker Zeros in on Japanese Targets](https://www.arbornetworks.com/blog/asert/panda-banker-zeros-in-on-japanese-targets/) | [:closed_book:](../../blob/master/2018/2018.03.27.panda-banker-zeros-in-on-japanese-targets)
* Mar 23 - [[Ahnlab] Targeted Attacks on South Korean Organizations](http://global.ahnlab.com/global/upload/download/techreport/Tech_Report_Malicious_Hancom.pdf) | [:closed_book:](../../blob/master/2018/2018.03.23.Targeted_Attacks_on_South_Korean_Organizations)
* Mar 15 - [[US-CERT] Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors](https://www.us-cert.gov/ncas/alerts/TA18-074A) | [:closed_book:](../../blob/master/2018/2018.03.15.Russian_Government_Cyber_Activity_TA18-074A)
* Mar 14 - [[Symantec] Inception Framework: Alive and Well, and Hiding Behind Proxies](https://www.symantec.com/blogs/threat-intelligence/inception-framework-hiding-behind-proxies) | [:closed_book:](../../blob/master/2018/2018.03.14.Inception_Framework)
* Mar 14 - [[Trend Micro] Tropic Troopers New Strategy](https://blog.trendmicro.com/trendlabs-security-intelligence/tropic-trooper-new-strategy/) | [:closed_book:](../../blob/master/2018/2018.03.14.tropic-trooper-new-strategy)
* Mar 13 - [[FireEye] Iranian Threat Group Updates Tactics, Techniques and Procedures in Spear Phishing Campaign](https://www.fireeye.com/blog/threat-research/2018/03/iranian-threat-group-updates-ttps-in-spear-phishing-campaign.html) | [:closed_book:](../../blob/master/2018/2018.03.13.Iranian-threat-group)
* Mar 13 - [[Kaspersky] Time of death? A therapeutic postmortem of connected medicine](https://securelist.com/time-of-death-connected-medicine/84315/) | [:closed_book:](../../blob/master/2018/2018.03.13.A_therapeutic_postmortem_of_connected_medicine)
* Mar 13 - [[Proofpoint] Drive-by as a service: BlackTDS](https://www.proofpoint.com/us/threat-insight/post/drive-service-blacktds) | [:closed_book:](../../blob/master/2018/2018.03.13.BlackTDS)
* Mar 13 - [[ESET] OceanLotus: Old techniques, new backdoor](https://www.welivesecurity.com/wp-content/uploads/2018/03/ESET_OceanLotus.pdf) | [:closed_book:](../../blob/master/2018/2018.03.13.OceanLotus_Old_techniques_new_backdoor)
* Mar 12 - [[Trend Micro] Campaign Possibly Connected to “MuddyWater” Surfaces in the Middle East and Central Asia](https://blog.trendmicro.com/trendlabs-security-intelligence/campaign-possibly-connected-muddywater-surfaces-middle-east-central-asia/) | [:closed_book:](../../blob/master/2018/2018.03.12.MuddyWater_Middle_East_and_Central_Asia)
* Mar 09 - [[CitizenLab] BAD TRAFFIC Sandvines PacketLogic Devices Used to Deploy Government Spyware in Turkey and Redirect Egyptian Users to Affiliate Ads?](https://citizenlab.ca/2018/03/bad-traffic-sandvines-packetlogic-devices-deploy-government-spyware-turkey-syria/) | [:closed_book:](../../blob/master/2018/2018.03.09.Sandvine_PacketLogic_Devices_APT)
2019-08-14 09:38:24 +00:00
* Mar 09 - [[Kaspersky] Masha and these Bears 2018 Sofacy Activity](https://securelist.com/masha-and-these-bears/84311/) | [:closed_book:](../../blob/master/2018/2018.03.09.masha-and-these-bears)
* Mar 09 - [[NCC] APT15 is alive and strong: An analysis of RoyalCli and RoyalDNS](https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/march/apt15-is-alive-and-strong-an-analysis-of-royalcli-and-royaldns/?Year=2018&Month=3) | [:closed_book:](../../blob/master/2018/2018.03.09.APT15_is_alive_and_strong)
* Mar 09 - [[ESET] New traces of Hacking Team in the wild](https://www.welivesecurity.com/2018/03/09/new-traces-hacking-team-wild/) | [:closed_book:](../../blob/master/2018/2018.03.09.new-traces-hacking-team-wild)
* Mar 08 - [[McAfee] Hidden Cobra Targets Turkish Financial Sector With New Bankshot Implant](https://securingtomorrow.mcafee.com/mcafee-labs/hidden-cobra-targets-turkish-financial-sector-new-bankshot-implant/) | [:closed_book:](../../blob/master/2018/2018.03.08.hidden-cobra-targets-turkish-financial)
* Mar 08 - [[Kaspersky] OlympicDestroyer is here to trick the industry](https://securelist.com/olympicdestroyer-is-here-to-trick-the-industry/84295/) | [:closed_book:](../../blob/master/2018/2018.03.08.olympicdestroyer-is-here-to-trick-the-industry)
* Mar 08 - [[Arbor] Donot Team Leverages New Modular Malware Framework in South Asia](https://www.arbornetworks.com/blog/asert/donot-team-leverages-new-modular-malware-framework-south-asia/) | [:closed_book:](../../blob/master/2018/2018.03.08.donot-team-leverages-new-modular)
2019-08-29 05:01:02 +00:00
* Mar 08 - [[Crysys] Territorial Dispute NSAs perspective on APT landscape](https://www.crysys.hu/files/tedi/ukatemicrysys_territorialdispute.pdf) | [:closed_book:](../../blob/master/2018/2018.03.08.Territorial_Dispute)
2019-08-14 09:38:24 +00:00
* Mar 07 - [[Palo Alto Networks] Patchwork Continues to Deliver BADNEWS to the Indian Subcontinent](https://researchcenter.paloaltonetworks.com/2018/03/unit42-patchwork-continues-deliver-badnews-indian-subcontinent/) | [:closed_book:](../../blob/master/2018/2018.03.07.patchwork-continues-deliver-badnews-indian-subcontinent)
* Mar 06 - [[Kaspersky] The Slingshot APT](https://s3-eu-west-1.amazonaws.com/khub-media/wp-content/uploads/sites/43/2018/03/09133534/The-Slingshot-APT_report_ENG_final.pdf) | [:closed_book:](../../blob/master/2018/2018.03.06.The-Slingshot-APT)
* Mar 05 - [[Palo Alto Networks] Sure, Ill take that! New ComboJack Malware Alters Clipboards to Steal Cryptocurrency](https://researchcenter.paloaltonetworks.com/2018/03/unit42-sure-ill-take-new-combojack-malware-alters-clipboards-steal-cryptocurrency/) | [:closed_book:](../../blob/master/2018/2018.03.05.New_ComboJack_Malware)
* Mar 02 - [[McAfee] McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups](https://securingtomorrow.mcafee.com/mcafee-labs/mcafee-uncovers-operation-honeybee-malicious-document-campaign-targeting-humanitarian-aid-groups/) | [:closed_book:](../../blob/master/2018/2018.03.02.Operation_Honeybee)
* Mar 01 - [[Security 0wnage] A Quick Dip into MuddyWater's Recent Activity](https://sec0wn.blogspot.tw/2018/03/a-quick-dip-into-muddywaters-recent.html) | [:closed_book:](../../blob/master/2018/2018.03.01.a-quick-dip-into-muddywaters-recent)
* Feb 28 - [[Palo Alto Networks] Sofacy Attacks Multiple Government Entities](https://researchcenter.paloaltonetworks.com/2018/02/unit42-sofacy-attacks-multiple-government-entities/) | [:closed_book:](../../blob/master/2018/2018.02.28.sofacy-attacks-multiple-government-entities)
* Feb 28 - [[Symantec] Chafer: Latest Attacks Reveal Heightened Ambitions](https://www.symantec.com/blogs/threat-intelligence/chafer-latest-attacks-reveal-heightened-ambitions) | [:closed_book:](../../blob/master/2018/2018.02.28.Chafer_Latest_Attacks_Reveal)
* Feb 21 - [[Avast] Avast tracks down Tempting Cedar Spyware](https://blog.avast.com/avast-tracks-down-tempting-cedar-spyware) | [:closed_book:](../../blob/master/2018/2018.02.21.Tempting_Cedar)
* Feb 20 - [[Arbor] Musical Chairs Playing Tetris](https://www.arbornetworks.com/blog/asert/musical-chairs-playing-tetris/) | [:closed_book:](../../blob/master/2018/2018.02.20.musical-chairs-playing-tetris)
* Feb 20 - [[Kaspersky] A Slice of 2017 Sofacy Activity](https://securelist.com/a-slice-of-2017-sofacy-activity/83930/) | [:closed_book:](../../blob/master/2018/2018.02.20.a-slice-of-2017-sofacy-activity)
* Feb 20 - [[FireEye] APT37 (Reaper): The Overlooked North Korean Actor](https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf) | [:closed_book:](../../blob/master/2018/2018.02.20.APT37)
* Feb 13 - [[Trend Micro] Deciphering Confucius Cyberespionage Operations](https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confucius-cyberespionage-operations/) | [:closed_book:](../../blob/master/2018/2018.02.13.deciphering-confucius)
* Feb 13 - [[RSA] Lotus Blossom Continues ASEAN Targeting](https://community.rsa.com/community/products/netwitness/blog/2018/02/13/lotus-blossom-continues-asean-targeting) | [:closed_book:](../../blob/master/2018/2018.02.13.Lotus-Blossom-Continues)
* Feb 07 - [[CISCO] Targeted Attacks In The Middle East](http://blog.talosintelligence.com/2018/02/targeted-attacks-in-middle-east.html) | [:closed_book:](../../blob/master/2018/2018.02.07.targeted-attacks-in-middle-east_VBS_CAMPAIGN)
* Feb 02 - [[McAfee] Gold Dragon Widens Olympics Malware Attacks, Gains Permanent Presence on Victims Systems](https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malware-attacks-gains-permanent-presence-on-victims-systems/) | [:closed_book:](../../blob/master/2018/2018.02.02.gold-dragon-widens-olympics-malware)
* Feb 01 - [[Bitdefender] Operation PZChao: a possible return of the Iron Tiger APT](https://labs.bitdefender.com/2018/02/operation-pzchao-a-possible-return-of-the-iron-tiger-apt/) | [:closed_book:](../../blob/master/2018/2018.02.01.operation-pzchao)
* Jan 30 - [[Palo Alto Networks] Comnie Continues to Target Organizations in East Asia](https://researchcenter.paloaltonetworks.com/2018/01/unit42-comnie-continues-target-organizations-east-asia/) | [:closed_book:](../../blob/master/2018/2018.01.31.Comnie_Continues_to_Target_Organizations_in_East_Asia)
* Jan 30 - [[RSA] APT32 Continues ASEAN Targeting](https://community.rsa.com/community/products/netwitness/blog/2018/01/30/apt32-continues-asean-targeting) | [:closed_book:](../../blob/master/2018/2018.01.30.APT32_Continues_ASEAN_Targeting)
* Jan 29 - [[Trend Micro] Hacking Group Spies on Android Users in India Using PoriewSpy](https://blog.trendmicro.com/trendlabs-security-intelligence/hacking-group-spies-android-users-india-using-poriewspy/) | [:closed_book:](../../blob/master/2018/2018.01.29.PoriewSpy.India)
* Jan 29 - [[Palo Alto Networks] VERMIN: Quasar RAT and Custom Malware Used In Ukraine](https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/) | [:closed_book:](../../blob/master/2018/2018.01.29.VERMIN_Quasar_RAT_and_Custom_Malware_Used_In_Ukraine)
* Jan 27 - [[Accenture] DRAGONFISH DELIVERS NEW FORM OF ELISE MALWARE TARGETING ASEAN DEFENCE MINISTERS MEETING AND ASSOCIATES](https://www.accenture.com/t20180127T003755Z__w__/us-en/_acnmedia/PDF-46/Accenture-Security-Dragonfish-Threat-Analysis.pdf) | [:closed_book:](../../blob/master/2018/2018.01.27.DRAGONFISH)
* Jan 26 - [[Palo Alto Networks] The TopHat Campaign: Attacks Within The Middle East Region Using Popular Third-Party Services](https://researchcenter.paloaltonetworks.com/2018/01/unit42-the-tophat-campaign-attacks-within-the-middle-east-region-using-popular-third-party-services/) | [:closed_book:](../../blob/master/2018/2018.01.26.TopHat_Campaign)
* Jan 25 - [[Palo Alto Networks] OilRig uses RGDoor IIS Backdoor on Targets in the Middle East](https://researchcenter.paloaltonetworks.com/2018/01/unit42-oilrig-uses-rgdoor-iis-backdoor-targets-middle-east/) | [:closed_book:](../../blob/master/2018/2018.01.25.oilrig_Middle_East)
* Jan 24 - [[Trend Micro] Lazarus Campaign Targeting Cryptocurrencies Reveals Remote Controller Tool, an Evolved RATANKBA, and More](https://blog.trendmicro.com/trendlabs-security-intelligence/lazarus-campaign-targeting-cryptocurrencies-reveals-remote-controller-tool-evolved-ratankba/) | [:closed_book:](../../blob/master/2018/2018.01.24.lazarus-campaign-targeting-cryptocurrencies)
* Jan 18 - [[NCSC] Turla group update Neuron malware](https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20Neuron%20Malware%20Update.pdf) | [:closed_book:](../../blob/master/2018/2018.01.18.Turla_group_update_Neuron_malware)
* Jan 17 - [[Lookout] Dark Caracal](https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf) | [:closed_book:](../../blob/master/2018/2018.01.18.Dark_Caracal)
* Jan 16 - [[Kaspersky] Skygofree: Following in the footsteps of HackingTeam](https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/) | [:closed_book:](../../blob/master/2018/2018.01.16.skygofree)
* Jan 16 - [[Recorded Future] North Korea Targeted South Korean Cryptocurrency Users and Exchange in Late 2017 Campaign](https://www.recordedfuture.com/north-korea-cryptocurrency-campaign/) | [:closed_book:](../../blob/master/2018/2018.01.16.north-korea-cryptocurrency-campaign)
* Jan 16 - [[CISCO] Korea In The Crosshairs](http://blog.talosintelligence.com/2018/01/korea-in-crosshairs.html) | [:closed_book:](../../blob/master/2018/2018.01.16.korea-in-crosshairs)
* Jan 15 - [[Trend Micro] New KillDisk Variant Hits Financial Organizations in Latin America](https://blog.trendmicro.com/trendlabs-security-intelligence/new-killdisk-variant-hits-financial-organizations-in-latin-america/) | [:closed_book:](../../blob/master/2018/2018.01.15.new-killdisk-variant-hits-financial-organizations-in-latin-america)
* Jan 12 - [[Trend Micro] Update on Pawn Storm: New Targets and Politically Motivated Campaigns](http://blog.trendmicro.com/trendlabs-security-intelligence/update-pawn-storm-new-targets-politically-motivated-campaigns/?utm_campaign=shareaholic&utm_medium=twitter&utm_source=socialnetwork) | [:closed_book:](../../blob/master/2018/2018.01.12.update-pawn-storm-new-targets-politically)
* Jan 11 - [[McAfee] North Korean Defectors and Journalists Targeted Using Social Networks and KakaoTalk](https://securingtomorrow.mcafee.com/mcafee-labs/north-korean-defectors-journalists-targeted-using-social-networks-kakaotalk/) | [:closed_book:](../../blob/master/2018/2018.01.11.North_Korean_Defectors_and_Journalists_Targeted)
* Jan 09 - [[ESET] Diplomats in Eastern Europe bitten by a Turla mosquito](https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf) | [:closed_book:](../../blob/master/2018/2018.01.09.Turla_Mosquito)
* Jan 07 - [[Clearsky] Operation DustySky](http://www.clearskysec.com/dustysky/) | [:closed_book:](../../blob/master/2018/2018.01.07.Operation_DustySky)
* Jan 06 - [[McAfee] Malicious Document Targets Pyeongchang Olympics](https://securingtomorrow.mcafee.com/mcafee-labs/malicious-document-targets-pyeongchang-olympics/) | [:closed_book:](../../blob/master/2018/2018.01.06.malicious-document-targets-pyeongchang-olympics)
* Jan 04 - [[Carnegie] Irans Cyber Threat: Espionage, Sabotage, and Revenge](http://carnegieendowment.org/files/Iran_Cyber_Final_Full_v2.pdf) | [:closed_book:](../../blob/master/2018/2018.01.04.Iran_Cyber_Threat_Carnegie)
2018-01-10 08:31:27 +00:00
2017-08-11 13:56:42 +00:00
## 2017
2019-08-14 09:38:24 +00:00
* Dec 19 - [[Proofpoint] North Korea Bitten by Bitcoin Bug: Financially motivated campaigns reveal new dimension of the Lazarus Group](https://www.proofpoint.com/us/threat-insight/post/north-korea-bitten-bitcoin-bug-financially-motivated-campaigns-reveal-new) | [:closed_book:](../../blob/master/2017/2017.12.19.North_Korea_Bitten_by_Bitcoin_Bug)
* Dec 17 - [[McAfee] Operation Dragonfly Analysis Suggests Links to Earlier Attacks](https://securingtomorrow.mcafee.com/mcafee-labs/operation-dragonfly-analysis-suggests-links-to-earlier-attacks/) | [:closed_book:](../../blob/master/2017/2017.12.17.operation-dragonfly-analysis-suggests-links-to-earlier-attacks)
* Dec 14 - [[FireEye] Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure](https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html) | [:closed_book:](../../blob/master/2017/2017.12.14.attackers-deploy-new-ics-attack-framework-triton)
* Dec 11 - [[Group-IB] MoneyTaker, revealed after 1.5 years of silent operations.](https://www.group-ib.com/resources/reports/money-taker.html) | [:closed_book:](../../blob/master/2017/2017.12.11.MoneyTaker)
* Dec 11 - [[Trend Micro] Untangling the Patchwork Cyberespionage Group](http://blog.trendmicro.com/trendlabs-security-intelligence/untangling-the-patchwork-cyberespionage-group/) | [:closed_book:](../../blob/master/2017/2017.12.11.Patchwork_APT)
* Dec 07 - [[FireEye] New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit](https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html) | [:closed_book:](../../blob/master/2017/2017.12.07.New_Targeted_Attack_in_the_Middle_East_by_APT34)
* Dec 05 - [[ClearSky] Charming Kitten: Iranian Cyber Espionage Against Human Rights Activists, Academic Researchers and Media Outlets And the HBO Hacker Connection](http://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf) | [:closed_book:](../../blob/master/2017/2017.12.05.Charming_Kitten)
* Dec 04 - [[RSA] The Shadows of Ghosts: Inside the Response of a Unique Carbanak Intrusion](https://community.rsa.com/community/products/netwitness/blog/2017/12/04/anatomy-of-an-attack-carbanak) | [:closed_book:](../../blob/master/2017/2017.12.04.The_Shadows_of_Ghosts)
* Nov 22 - [[REAQTA] A dive into MuddyWater APT targeting Middle-East](https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/) | [:closed_book:](../../blob/master/2017/2017.11.22.MuddyWater_APT)
* Nov 14 - [[Palo Alto Networks] Muddying the Water: Targeted Attacks in the Middle East](https://researchcenter.paloaltonetworks.com/2017/11/2017.11.14.Muddying_the_Water) | [:closed_book:](../../blob/master/2017/2017.11.14.Muddying_the_Water)
* Nov 10 - [[Palo Alto Networks] New Malware with Ties to SunOrcal Discovered](https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-ties-to-sunorcal-discovered/) | [:closed_book:](../../blob/master/2017/2017.11.10.New_Malware_with_Ties_to_SunOrcal_Discovered)
* Nov 07 - [[McAfee] Threat Group APT28 Slips Office Malware into Doc Citing NYC Terror Attack](https://securingtomorrow.mcafee.com/mcafee-labs/apt28-threat-group-adopts-dde-technique-nyc-attack-theme-in-latest-campaign/#sf151634298) | [:closed_book:](../../blob/master/2017/2017.11.07.APT28_Slips_Office_Malware)
* Nov 07 - [[Symantec] Sowbug: Cyber espionage group targets South American and Southeast Asian governments](https://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-south-american-and-southeast-asian-governments) | [:closed_book:](../../blob/master/2017/2017.11.07.sowbug-cyber-espionage-group-targets)
* Nov 06 - [[Trend Micro] ChessMasters New Strategy: Evolving Tools and Tactics](http://blog.trendmicro.com/trendlabs-security-intelligence/chessmasters-new-strategy-evolving-tools-tactics/) | [:closed_book:](../../blob/master/2017/2017.11.06.ChessMaster_New_Strategy)
* Nov 06 - [[Volexity] OceanLotus Blossoms: Mass Digital Surveillance and Attacks Targeting ASEAN, Asian Nations, the Media, Human Rights Groups, and Civil Society](https://www.volexity.com/blog/2017/11/06/oceanlotus-blossoms-mass-digital-surveillance-and-exploitation-of-asean-nations-the-media-human-rights-and-civil-society/) | [:closed_book:](../../blob/master/2017/2017.11.06.oceanlotus-blossomsk)
* Nov 02 - [[Palo Alto Networks] Recent InPage Exploits Lead to Multiple Malware Families](https://unit42.paloaltonetworks.com/unit42-recent-inpage-exploits-lead-multiple-malware-families/) | [:closed_book:](../../blob/master/2017/2017.11.02.InPage_Exploits)
* Nov 02 - [[PwC] The KeyBoys are back in town](http://www.pwc.co.uk/issues/cyber-security-data-privacy/research/the-keyboys-are-back-in-town.html) | [:closed_book:](../../blob/master/2017/2017.11.02.KeyBoys_are_back)
* Nov 02 - [[Clearsky] LeetMX a Yearlong Cyber-Attack Campaign Against Targets in Latin America](http://www.clearskysec.com/leetmx/) | [:closed_book:](../../blob/master/2017/2017.11.02.LeetMX)
* Nov 02 - [[RISKIQ] New Insights into Energetic Bears Watering Hole Attacks on Turkish Critical Infrastructure](https://www.riskiq.com/blog/labs/energetic-bear/) | [:closed_book:](../../blob/master/2017/2017.11.02.Energetic_Bear_on_Turkish_Critical_Infrastructure)
* Oct 31 - [[Cybereason] Night of the Devil: Ransomware or wiper? A look into targeted attacks in Japan using MBR-ONI](https://www.cybereason.com/blog/night-of-the-devil-ransomware-or-wiper-a-look-into-targeted-attacks-in-japan) | [:closed_book:](../../blob/master/2017/2017.10.31.MBR-ONI.Japan)
* Oct 30 - [[Kaspersky] Gaza Cybergang updated activity in 2017](https://securelist.com/gaza-cybergang-updated-2017-activity/82765/) | [:closed_book:](../../blob/master/2017/2017.10.30.Gaza_Cybergang)
* Oct 27 - [[Bellingcat] Bahamut Revisited, More Cyber Espionage in the Middle East and South Asia](https://www.bellingcat.com/resources/case-studies/2017/10/27/bahamut-revisited-cyber-espionage-middle-east-south-asia/) | [:closed_book:](../../blob/master/2017/2017.10.27.bahamut-revisited)
* Oct 24 - [[ClearSky] Iranian Threat Agent Greenbug Impersonates Israeli High-Tech and Cyber Security Companies](http://www.clearskysec.com/greenbug/) | [:closed_book:](../../blob/master/2017/2017.10.02.Aurora_Operation_CCleaner_II)
* Oct 19 - [[Bitdefender] Operation PZCHAO](https://download.bitdefender.com/resources/files/News/CaseStudies/study/185/Bitdefender-Business-2017-WhitePaper-PZCHAO-crea2452-en-EN-GenericUse.pdf) | [:closed_book:](../../blob/master/2017/2017.10.19.Operation_PZCHAO)
* Oct 16 - [[BAE Systems] Taiwan Heist: Lazarus Tools And Ransomware](https://baesystemsai.blogspot.kr/2017/10/taiwan-heist-lazarus-tools.html) | [:closed_book:](../../blob/master/2017/2017.10.16.Taiwan-Heist)
* Oct 16 - [[Kaspersky] BlackOasis APT and new targeted attacks leveraging zero-day exploit](https://securelist.com/blackoasis-apt-and-new-targeted-attacks-leveraging-zero-day-exploit/82732/) | [:closed_book:](../../blob/master/2017/2017.10.16.BlackOasis_APT)
* OCt 16 - [[Proofpoint] Leviathan: Espionage actor spearphishes maritime and defense targets](https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets) | [:closed_book:](../../blob/master/2017/2017.10.16.Leviathan)
* Oct 12 - [[Dell] BRONZE BUTLER Targets Japanese Enterprises](https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses) | [:closed_book:](../../blob/master/2017/2017.10.12.BRONZE_BUTLER)
* Oct 10 - [[Trustwave] Post Soviet Bank Heists](https://www.trustwave.com/Resources/Library/Documents/Post-Soviet-Bank-Heists/) | [:closed_book:](../../blob/master/2017/2017.10.02.Aurora_Operation_CCleaner_II)
* Oct 02 - [[intezer] Evidence Aurora Operation Still Active Part 2: More Ties Uncovered Between CCleaner Hack & Chinese Hackers]() | [:closed_book:](../../blob/master/2017/2017.10.02.Aurora_Operation_CCleaner_II)
* Sep XX - [[MITRE] APT3 Adversary Emulation Plan](https://attack.mitre.org/w/img_auth.php/6/6c/APT3_Adversary_Emulation_Plan.pdf) | [:closed_book:](../../blob/master/2017/2017.09.XX.APT3_Adversary_Emulation_Plan)
* Sep 28 - [[Palo Alto Networks] Threat Actors Target Government of Belarus Using CMSTAR Trojan](https://researchcenter.paloaltonetworks.com/2017/09/unit42-threat-actors-target-government-belarus-using-cmstar-trojan/) | [:closed_book:](../../blob/master/2017/2017.09.28.Belarus_CMSTAR_Trojan)
* Sep 20 - [[intezer] Evidence Aurora Operation Still Active: Supply Chain Attack Through CCleaner](http://www.intezer.com/evidence-aurora-operation-still-active-supply-chain-attack-through-ccleaner/) | [:closed_book:](../../blob/master/2017/2017.09.20.Aurora_Operation_CCleaner)
* Sep 20 - [[FireEye] Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware](https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html) | [:closed_book:](../../blob/master/2017/2017.09.20.apt33-insights-into-iranian-cyber-espionage)
* Sep 20 - [[CISCO] CCleaner Command and Control Causes Concern](http://blog.talosintelligence.com/2017/09/ccleaner-c2-concern.html) | [:closed_book:](../../blob/master/2017/2017.09.18.CCleanup)
* Sep 18 - [[CISCO] CCleanup: A Vast Number of Machines at Risk](http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html) | [:closed_book:](../../blob/master/2017/2017.09.18.CCleanup)
2019-08-29 05:01:02 +00:00
* Sep 18 - [[Kaspersky] An (un)documented Word feature abused by attackers](https://securelist.com/an-undocumented-word-feature-abused-by-attackers/81899/)| [:closed_book:](../../blob/master/2017/2017.09.18.Windows_branch_of_the_Cloud_Atlas)
2019-08-14 09:38:24 +00:00
* Sep 12 - [[FireEye] FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY](https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute-finspy.html) | [:closed_book:](../../blob/master/2017/2017.09.12.FINSPY_CVE-2017-8759)
* Sep 06 - [[Symantec] Dragonfly: Western energy sector targeted by sophisticated attack group](https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group) | [:closed_book:](../../blob/master/2017/2017.09.06.dragonfly-western-energy-sector-targeted-sophisticated-attack-group)
* Sep 06 - [[Treadstone 71] Intelligence Games in the Power Grid](https://treadstone71llc.files.wordpress.com/2017/09/intelligence-games-in-the-power-grid-2016.pdf) | [:closed_book:](../../blob/master/2017/2017.09.06.intelligence-games-in-the-power-grid-2016)
* Aug 30 - [[ESET] Gazing at Gazer: Turlas new second stage backdoor](https://www.welivesecurity.com/2017/08/30/eset-research-cyberespionage-gazer/) | [:closed_book:](../../blob/master/2017/2017.08.30.Gazing_at_Gazer)
* Aug 30 - [[Kaspersky] Introducing WhiteBear](https://securelist.com/introducing-whitebear/81638/) | [:closed_book:](../../blob/master/2017/2017.08.30.Introducing_WhiteBear)
* Aug 25 - [[Proofpoint] Operation RAT Cook: Chinese APT actors use fake Game of Thrones leaks as lures](https://www.proofpoint.com/us/threat-insight/post/operation-rat-cook-chinese-apt-actors-use-fake-game-thrones-leaks-lures) | [:closed_book:](../../blob/master/2017/2017.08.25.operation-rat-cook)
* Aug 18 - [[RSA] Russian Bank Offices Hit with Broad Phishing Wave](https://community.rsa.com/community/products/netwitness/blog/2017/08/18/russian-bank-offices-hit-with-broad-phishing-wave) | [:closed_book:](../../blob/master/2017/2017.08.18.Russian_Bank_Offices_Hit)
* Aug 17 - [[Proofpoint] Turla APT actor refreshes KopiLuwak JavaScript backdoor for use in G20-themed attack](https://www.proofpoint.com/us/threat-insight/post/turla-apt-actor-refreshes-kopiluwak-javascript-backdoor-use-g20-themed-attack) | [:closed_book:](../../blob/master/2017/2017.08.17.turla-apt-actor-refreshes-kopiluwak-javascript-backdoor)
* Aug 15 - [[Palo Alto Networks] The Curious Case of Notepad and Chthonic: Exposing a Malicious Infrastructure](https://researchcenter.paloaltonetworks.com/2017/08/unit42-the-curious-case-of-notepad-and-chthonic-exposing-a-malicious-infrastructure/) | [:closed_book:](../../blob/master/2017/2017.08.15.Notepad_and_Chthonic)
* Aug 11 - [[FireEye] APT28 Targets Hospitality Sector, Presents Threat to Travelers](https://www.fireeye.com/blog/threat-research/2017/08/apt28-targets-hospitality-sector.html) | [:closed_book:](../../blob/master/2017/2017.08.11.apt28-targets-hospitality-sector)
* Aug 08 - [[Kaspersky] APT Trends report Q2 2017](https://securelist.com/apt-trends-report-q2-2017/79332/) | [:closed_book:](../../blob/master/2017/2017.08.08.APT_Trends_Report_2017Q2)
* Aug 01 - [[Positive Research] Cobalt strikes back: an evolving multinational threat to finance](http://blog.ptsecurity.com/2017/08/cobalt-group-2017-cobalt-strikes-back.html) | [:closed_book:](../../blob/master/2017/2017.08.01.cobalt-group-2017-cobalt-strikes-back)
* Jul 27 - [[Trend Micro] ChessMaster Makes its Move: A Look into the Campaigns Cyberespionage Arsenal](http://blog.trendmicro.com/trendlabs-security-intelligence/chessmaster-cyber-espionage-campaign/) | [:closed_book:](../../blob/master/2017/2017.07.27.chessmaster-cyber-espionage-campaign)
* Jul 27 - [[Palo Alto Networks] OilRig Uses ISMDoor Variant; Possibly Linked to Greenbug Threat Group](https://researchcenter.paloaltonetworks.com/2017/07/unit42-oilrig-uses-ismdoor-variant-possibly-linked-greenbug-threat-group/) | [:closed_book:](../../blob/master/2017/2017.07.27.oilrig-uses-ismdoor-variant-possibly-linked-greenbug-threat-group)
* Jul 27 - [[Clearsky, Trend Micro] Operation Wilted Tulip](http://www.clearskysec.com/wp-content/uploads/2017/07/Operation_Wilted_Tulip.pdf) | [:closed_book:](../../blob/master/2017/2017.07.27.Operation_Wilted_Tulip)
* Jul 24 - [[Palo Alto Networks] “Tick” Group Continues Attacks](https://researchcenter.paloaltonetworks.com/2017/07/unit42-tick-group-continues-attacks/) | [:closed_book:](../../blob/master/2017/2017.07.24.Tick_group)
* Jul 18 - [[Clearsky] Recent Winnti Infrastructure and Samples](http://www.clearskysec.com/winnti/) | [:closed_book:](../../blob/master/2017/2017.07.18.winnti)
* Jul 18 - [[Bitdefender] Inexsmar: An unusual DarkHotel campaign](https://labs.bitdefender.com/wp-content/uploads/downloads/inexsmar-an-unusual-darkhotel-campaign/) | [:closed_book:](../../blob/master/2017/2017.07.18.Inexsmar)
* Jul 11 - [[ProtectWise] Winnti Evolution - Going Open Source](https://www.protectwise.com/blog/winnti-evolution-going-open-source.html) | [:closed_book:](../../blob/master/2017/2017.07.11.winnti-evolution-going-open-source)
* Jul 10 - [[Trend Micro] OSX Malware Linked to Operation Emmental Hijacks User Network Traffic](http://blog.trendmicro.com/trendlabs-security-intelligence/osx_dok-mac-malware-emmental-hijacks-user-network-traffic/) | [:closed_book:](../../blob/master/2017/2017.07.10.osx_dok-mac-malware-emmental-hijacks-user-network-traffic)
* Jul 06 - [[Malware Party] Operation Desert Eagle](http://mymalwareparty.blogspot.tw/2017/07/operation-desert-eagle.html) | [:closed_book:](../../blob/master/2017/2017.07.06.Operation_Desert_Eagle)
* Jul 05 - [[Citizen Lab] Insider Information: An intrusion campaign targeting Chinese language news sites](https://citizenlab.org/2017/07/insider-information-an-intrusion-campaign-targeting-chinese-language-news-sites/) | [:closed_book:](../../blob/master/2017/2017.07.05.insider-information)
* Jun 30 - [[ESET] TeleBots are back: supply-chain attacks against Ukraine](https://www.welivesecurity.com/2017/06/30/telebots-back-supply-chain-attacks-against-ukraine/) | [:closed_book:](../../blob/master/2017/2017.06.30.telebots-back-supply-chain)
* Jun 30 - [[Kaspersky] From BlackEnergy to ExPetr](https://securelist.com/from-blackenergy-to-expetr/78937/) | [:closed_book:](../../blob/master/2017/2017.06.30.From_BlackEnergy_to_ExPetr)
* Jun 26 - [[Dell] Threat Group-4127 Targets Google Accounts](https://www.secureworks.com/research/threat-group-4127-targets-google-accounts) | [:closed_book:](../../blob/master/2017/2017.06.26.Threat_Group-4127)
* Jun 22 - [[Palo Alto Networks] The New and Improved macOS Backdoor from OceanLotus](https://www.secureworks.com/research/threat-group-4127-targets-google-accounts) | [:closed_book:](../../blob/master/2017/2017.06.22.new-improved-macos-backdoor-oceanlotus)
* Jun 22 - [[Trend Micro] Following the Trail of BlackTechs Cyber Espionage Campaigns](http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blacktech-cyber-espionage-campaigns/) | [:closed_book:](../../blob/master/2017/2017.06.22.following-trail-blacktech-cyber-espionage-campaigns)
* Jun 19 - [[root9B] SHELLTEA + POSLURP MALWARE: memory resident point-of-sale malware attacks industry](https://www.root9b.com/sites/default/files/whitepapers/PoS%20Malware%20ShellTea%20PoSlurp_0.pdf) | [:closed_book:](../../blob/master/2017/2017.06.19.SHELLTEA_POSLURP_MALWARE)
* Jun 18 - [[Palo Alto Networks] APT3 Uncovered: The code evolution of Pirpi](https://recon.cx/2017/montreal/resources/slides/RECON-MTL-2017-evolution_of_pirpi.pdf) | [:closed_book:](../../blob/master/2017/2017.06.18.APT3_Uncovered_The_code_evolution_of_Pirpi)
* Jun 15 - [[Recorded Future] North Korea Is Not Crazy](https://www.recordedfuture.com/north-korea-cyber-activity/) | [:closed_book:](../../blob/master/2017/2017.06.15.north-korea-cyber-activity)
* Jun 14 - [[ThreatConnect] KASPERAGENT Malware Campaign resurfaces in the run up to May Palestinian Authority Elections](https://www.threatconnect.com/blog/kasperagent-malware-campaign/) | [:closed_book:](../../blob/master/2017/2017.06.14.KASPERAGENT)
* Jun 13 - [[US-CERT] HIDDEN COBRA North Koreas DDoS Botnet Infrastructure](https://www.us-cert.gov/ncas/alerts/TA17-164A) | [:closed_book:](../../blob/master/2017/2017.06.13.HIDDEN_COBRA)
* Jun 12 - [[Dragos] CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations](https://dragos.com/blog/crashoverride/CrashOverride-01.pdf) | [:closed_book:](../../blob/master/2017/2017.06.12.CRASHOVERRIDE)
* Jun 12 - [[ESET] WIN32/INDUSTROYER A new threat for industrial control systems](https://www.welivesecurity.com/wp-content/uploads/2017/06/Win32_Industroyer.pdf) | [:closed_book:](../../blob/master/2017/2017.06.12.INDUSTROYER)
* May 30 - [[Group-IB] Lazarus Arisen: Architecture, Techniques and Attribution](http://www.group-ib.com/lazarus.html) | [:closed_book:](../../blob/master/2017/2017.05.30.Lazarus_Arisen)
* May 24 - [[Cybereason] OPERATION COBALT KITTY: A LARGE-SCALE APT IN ASIA CARRIED OUT BY THE OCEANLOTUS GROUP](https://www.cybereason.com/blog/operation-cobalt-kitty-apt) | [:closed_book:](../../blob/master/2017/2017.05.24.OPERATION_COBALT_KITTY)
* May 14 - [[FireEye] Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations](https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html) | [:closed_book:](../../blob/master/2017/2017.05.14.cyber-espionage-apt32)
* May 03 - [[Palo Alto Networks] Kazuar: Multiplatform Espionage Backdoor with API Access](http://researchcenter.paloaltonetworks.com/2017/05/unit42-kazuar-multiplatform-espionage-backdoor-api-acces) | [:closed_book:](../../blob/master/2017/2017.05.03.kazuar-multiplatform-espionage-backdoor-api-access)
* May 03 - [[CISCO] KONNI: A Malware Under The Radar For Years](http://blog.talosintelligence.com/2017/05/konni-malware-under-radar-for-years.html) | [:closed_book:](../../blob/master/2017/konni-malware-under-radar-for-years)
* Apr 27 - [[Morphisec] Iranian Fileless Attack Infiltrates Israeli Organizations](http://blog.morphisec.com/iranian-fileless-cyberattack-on-israel-word-vulnerability) | [:closed_book:](../../blob/master/2017/2017.04.27.iranian-fileless-cyberattack-on-israel-word-vulnerability)
* Apr 13 - [[F-SECURE] Callisto Group](https://www.f-secure.com/documents/996508/1030745/callisto-group) | [:closed_book:](../../blob/master/2017/2017.04.13.callisto-group)
2020-03-04 08:08:31 +00:00
* Apr 11 - [[Kaspersky] Unraveling the Lamberts Toolkit](https://securelist.com/unraveling-the-lamberts-toolkit/77990/) | [:closed_book:](../../blob/master/2017/2017.04.11.Lamberts_Toolkit)
2020-03-04 08:12:10 +00:00
* Apr 10 - [[Symantec] Longhorn: Tools used by cyberespionage group linked to Vault 7](https://www.symantec.com/connect/blogs/longhorn-tools-used-cyberespionage-group-linked-vault-7) | [:closed_book:](../../blob/master/2017/2017.04.10_Longhorn)
2019-08-14 09:38:24 +00:00
* Apr 06 - [[PwC] Operation Cloud Hopper](https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-report-final-v4.pdf) | [:closed_book:](../../blob/master/2017/2017.04.06.Operation_Cloud_Hopper)
* Apr 05 - [[Palo Alto Networks, Clearsky] Targeted Attacks in the Middle East Using KASPERAGENT and MICROPSIA](https://researchcenter.paloaltonetworks.com/2017/04/unit42-targeted-attacks-middle-east-using-kasperagent-micropsia/) | [:closed_book:](../../blob/master/2017/2017.04.05.KASPERAGENT_and_MICROPSIA)
* Mar 15 - [[JPCERT] FHAPPI Campaign](http://blog.0day.jp/p/english-report-of-fhappi-freehosting.html) | [:closed_book:](../../blob/master/2017/2017.03.15.FHAPPI_Campaign)
* Mar 14 - [[Clearsky] Operation Electric Powder Who is targeting Israel Electric Company?](http://www.clearskysec.com/iec/) | [:closed_book:](../../blob/master/2017/2017.03.14.Operation_Electric_Powder)
2019-10-02 03:39:29 +00:00
* Mar 08 - [[Netskope] Targeted Attack Campaigns with Multi-Variate Malware Observed in the Cloud](https://www.netskope.com/blog/targeted-attack-campaigns-multi-variate-malware-observed-cloud) | [:closed_book:](../../blob/master/2017/2017.03.08.Targeted_Attack_Campaigns)
2019-08-14 09:38:24 +00:00
* Mar 06 - [[Kaspersky] From Shamoon to StoneDrill](https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/) | [:closed_book:](../../blob/master/2017/2017.03.06.from-shamoon-to-stonedrill)
* Feb 28 - [[IBM] Dridexs Cold War: Enter AtomBombing](https://securityintelligence.com/dridexs-cold-war-enter-atombombing/) | [:closed_book:](../../blob/master/2017/2017.02.28.dridexs-cold-war-enter-atombombing)
* Feb 27 - [[Palo Alto Networks] The Gamaredon Group Toolset Evolution](http://researchcenter.paloaltonetworks.com/2017/02/unit-42-title-gamaredon-group-toolset-evolution/) | [:closed_book:](../../blob/master/2017/2017.02.27.gamaredon-group-toolset-evolution/)
* Feb 23 - [[Bitdefender] Dissecting the APT28 Mac OS X Payload](https://download.bitdefender.com/resources/files/News/CaseStudies/study/143/Bitdefender-Whitepaper-APT-Mac-A4-en-EN-web.pdf) | [:closed_book:](../../blob/master/2017/2017.02.23.APT28_Mac_OS_X_Payload)
* Feb 22 - [[FireEye] Spear Phishing Techniques Used in Attacks Targeting the Mongolian Government](https://www.fireeye.com/blog/threat-research/2017/02/spear_phishing_techn.html) | [:closed_book:](../../blob/master/2017/2017.02.22.Spear_Phishing_Mongolian_Government)
* Feb 21 - [[Arbor] Additional Insights on Shamoon2](https://www.arbornetworks.com/blog/asert/additional-insights-on-shamoon2/) | [:closed_book:](../../blob/master/2017/2017.02.21.Additional_Insights_on_Shamoon2)
* Feb 20 - [[BAE Systems] azarus' False Flag Malware](http://baesystemsai.blogspot.tw/2017/02/lazarus-false-flag-malware.html) | [:closed_book:](../../blob/master/2017/2017.02.20.Lazarus_False_Flag_Malware)
* Feb 17 - [[JPCERT] ChChes - Malware that Communicates with C&C Servers Using Cookie Headers](http://blog.jpcert.or.jp/2017/02/chches-malware--93d6.html) | [:closed_book:](../../blob/master/2017/2017.02.17.chches-malware)
* Feb 16 - [[BadCyber] Technical analysis of recent attacks against Polish banks](https://badcyber.com/technical-analysis-of-recent-attacks-against-polish-banks/) | [:closed_book:](../../blob/master/2017/2017.02.16.Technical_analysis_Polish_banks)
* Feb 15 - [[Morphick] Deep Dive On The DragonOK Rambo Backdoor](http://www.morphick.com/resources/news/deep-dive-dragonok-rambo-backdoor) | [:closed_book:](../../blob/master/2017/2017.02.15.deep-dive-dragonok-rambo-backdoor)
* Feb 15 - [[IBM] The Full Shamoon: How the Devastating Malware Was Inserted Into Networks](https://securityintelligence.com/the-full-shamoon-how-the-devastating-malware-was-inserted-into-networks/) | [:closed_book:](../../blob/master/2017/2017.02.15.the-full-shamoon)
* Feb 15 - [[Dell] Iranian PupyRAT Bites Middle Eastern Organizations](https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations) | [:closed_book:](../../blob/master/2017/2017.02.15.iranian-pupyrat-bites-middle-eastern-organizations)
* Feb 15 - [[Palo Alto Networks] Magic Hound Campaign Attacks Saudi Targets](http://researchcenter.paloaltonetworks.com/2017/02/unit42-magic-hound-campaign-attacks-saudi-targets/) | [:closed_book:](../../blob/master/2017/2017.02.15.magic-hound-campaign)
* Feb 14 - [[Medium] Operation Kingphish: Uncovering a Campaign of Cyber Attacks against Civil Society in Qatar and Nepal](https://medium.com/amnesty-insights/operation-kingphish-uncovering-a-campaign-of-cyber-attacks-against-civil-society-in-qatar-and-aa40c9e08852#.cly4mg1g8) | [:closed_book:](../../blob/master/2017/2017.02.14.Operation_Kingphish)
* Feb 12 - [[BAE Systems] Lazarus & Watering-Hole Attacks](https://baesystemsai.blogspot.tw/2017/02/lazarus-watering-hole-attacks.html) | [:closed_book:](../../blob/master/2017/2017.02.12.lazarus-watering-hole-attacks)
* Feb 10 - [[Cysinfo] Cyber Attack Targeting Indian Navy's Submarine And Warship Manufacturer](https://cysinfo.com/cyber-attack-targeting-indian-navys-submarine-warship-manufacturer/) | [:closed_book:](../../blob/master/2017/2017.02.10.cyber-attack-targeting-indian-navys-submarine-warship-manufacturer)
* Feb 10 - [[DHS] Enhanced Analysis of GRIZZLY STEPPE Activity](https://www.us-cert.gov/sites/default/files/publications/AR-17-20045_Enhanced_Analysis_of_GRIZZLY_STEPPE_Activity.pdf) | [:closed_book:](../../blob/master/2017/2017.02.10.Enhanced_Analysis_of_GRIZZLY_STEPPE)
* Feb 03 - [[RSA] KingSlayer A Supply chain attack](https://www.rsa.com/content/dam/pdfs/2-2017/kingslayer-a-supply-chain-attack.pdf) | [:closed_book:](../../blob/master/2017/2017.02.03.kingslayer-a-supply-chain-attack)
* Feb 03 - [[BadCyber] Several Polish banks hacked, information stolen by unknown attackers](https://badcyber.com/several-polish-banks-hacked-information-stolen-by-unknown-attackers/) | [:closed_book:](../../blob/master/2017/2017.02.03.several-polish-banks-hacked)
* Feb 02 - [[Proofpoint] Oops, they did it again: APT Targets Russia and Belarus with ZeroT and PlugX](https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx) | [:closed_book:](../../blob/master/2017/2017.02.02.APT_Targets_Russia_and_Belarus_with_ZeroT_and_PlugX)
* Jan 30 - [[Palo Alto Networks] Downeks and Quasar RAT Used in Recent Targeted Attacks Against Governments](http://researchcenter.paloaltonetworks.com/2017/01/unit42-downeks-and-quasar-rat-used-in-recent-targeted-attacks-against-governments/) | [:closed_book:](../../blob/master/2017/2017.01.30.downeks-and-quasar-rat-used-in-recent-targeted-attacks-against-governments)
* Jan 25 - [[Microsoft] Detecting threat actors in recent German industrial attacks with Windows Defender ATP](https://cloudblogs.microsoft.com/microsoftsecure/2017/01/25/detecting-threat-actors-in-recent-german-industrial-attacks-with-windows-defender-atp/?source=mmpc) | [:closed_book:](../../blob/master/2017/2017.01.25.german-industrial-attacks)
* Jan 19 - [[Cysinfo] URI Terror Attack & Kashmir Protest Themed Spear Phishing Emails Targeting Indian Embassies And Indian Ministry Of External Affairs](https://cysinfo.com/uri-terror-attack-spear-phishing-emails-targeting-indian-embassies-and-indian-mea/) | [:closed_book:](../../blob/master/2017/2017.01.19.uri-terror-attack)
* Jan 18 - [[Trustwave] Operation Grand Mars: Defending Against Carbanak Cyber Attacks](https://www.trustwave.com/Resources/Library/Documents/Operation-Grand-Mars--Defending-Against-Carbanak-Cyber-Attacks/) | [:closed_book:](../../blob/master/2017/2017.01.18.Operation-Grand-Mars)
* Jan 15 - [[tr1adx] Bear Spotting Vol. 1: Russian Nation State Targeting of Government and Military Interests](https://www.tr1adx.net/intel/TIB-00003.html) | [:closed_book:](../../blob/master/2017/2017.01.15.Bear_Spotting_Vol.1)
* Jan 12 - [[Kaspersky] The “EyePyramid” attacks](https://securelist.com/blog/incidents/77098/the-eyepyramid-attacks/) | [:closed_book:](../../blob/master/2017/2017.01.12.EyePyramid.attacks)
* Jan 11 - [[FireEye] APT28: AT THE CENTER OF THE STORM](https://www.fireeye.com/blog/threat-research/2017/01/apt28_at_the_center.html) | [:closed_book:](../../blob/master/2017/2017.01.11.apt28_at_the_center)
* Jan 09 - [[Palo Alto Networks] Second Wave of Shamoon 2 Attacks Identified](http://researchcenter.paloaltonetworks.com/2017/01/unit42-second-wave-shamoon-2-attacks-identified/) | [:closed_book:](../../blob/master/2017/2017.01.09.second-wave-shamoon-2-attacks-identified)
* Jan 05 - [[Clearsky] Iranian Threat Agent OilRig Delivers Digitally Signed Malware, Impersonates University of Oxford](http://www.clearskysec.com/oilrig/) | [:closed_book:](../../blob/master/2017/2017.01.05.Iranian_Threat_Agent_OilRig)
2017-02-11 07:00:00 +00:00
## 2016
2019-08-14 09:38:24 +00:00
* Dec 15 - [[Microsoft] PROMETHIUM and NEODYMIUM APT groups on Turkish citizens living in Turkey and various other European countries.](http://download.microsoft.com/download/E/B/0/EB0F50CC-989C-4B66-B7F6-68CD3DC90DE3/Microsoft_Security_Intelligence_Report_Volume_21_English.pdf) | [:closed_book:](../../blob/master/2016/2016.12.15.PROMETHIUM_and_NEODYMIUM)
* Dec 13 - [[ESET] The rise of TeleBots: Analyzing disruptive KillDisk attacks](http://www.welivesecurity.com/2016/12/13/rise-telebots-analyzing-disruptive-killdisk-attacks/) | [:closed_book:](../../blob/master/2016/2016.12.13.rise-telebots-analyzing-disruptive-killdisk-attacks)
* Nov 30 - [[Cysinfo] MALWARE ACTORS USING NIC CYBER SECURITY THEMED SPEAR PHISHING TO TARGET INDIAN GOVERNMENT ORGANIZATIONS](https://cysinfo.com/malware-actors-using-nic-cyber-security-themed-spear-phishing-target-indian-government-organizations/) | [:closed_book:](../../blob/master/2016/2016.11.30.nic-cyber-security-themed)
* Nov 22 - [[Palo Alto Networks] Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy](http://researchcenter.paloaltonetworks.com/2016/11/unit42-tropic-trooper-targets-taiwanese-government-and-fossil-fuel-provider-with-poison-ivy/) | [:closed_book:](../../blob/master/2016/2016.11.22.tropic-trooper-targets-taiwanese-government-and-fossil-fuel-provider-with-poison-ivy)
* Nov 09 - [[Fidelis] Down the H-W0rm Hole with Houdini's RAT](https://www.fidelissecurity.com/threatgeek/2016/11/down-h-w0rm-hole-houdinis-rat) | [:closed_book:](../../blob/master/2016/2016.11.09_down-the-h-w0rm-hole-with-houdinis-rat)
* Nov 03 - [[Booz Allen] When The Lights Went Out: Ukraine Cybersecurity Threat Briefing](http://www.boozallen.com/content/dam/boozallen/documents/2016/09/ukraine-report-when-the-lights-went-out.pdf) | [:closed_book:](../../blob/master/2016/2016.11.03.Ukraine_Cybersecurity_Threat_Briefing)
* Oct 31 - [[Palo Alto Networks] Emissary Trojan Changelog: Did Operation Lotus Blossom Cause It to Evolve?](http://researchcenter.paloaltonetworks.com/2016/02/emissary-trojan-changelog-did-operation-lotus-blossom-cause-it-to-evolve/) | [:closed_book:](../../blob/master/2016/2016.10.31.Emissary_Trojan_Changelog)
* Oct 27 - [[ESET] En Route with Sednit Part 3: A Mysterious Downloader](http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part3.pdf) | [:closed_book:](../../blob/master/2016/2016.10.27.En_Route_Part3)
* Oct 27 - [[Trend Micro] BLACKGEAR Espionage Campaign Evolves, Adds Japan To Target List](http://blog.trendmicro.com/trendlabs-security-intelligence/blackgear-espionage-campaign-evolves-adds-japan-target-list/) | [:closed_book:](../../blob/master/2016/2016.10.27.BLACKGEAR_Espionage_Campaign_Evolves)
* Oct 26 - [[Vectra Networks] Moonlight Targeted attacks in the Middle East](http://blog.vectranetworks.com/blog/moonlight-middle-east-targeted-attacks) | [:closed_book:](../../blob/master/2016/2016.10.26.Moonlight_Middle_East)
* Oct 25 - [[Palo Alto Networks] Houdinis Magic Reappearance](http://researchcenter.paloaltonetworks.com/2016/10/unit42-houdinis-magic-reappearance/) | [:closed_book:](../../blob/master/2016/2016.10.25.Houdini_Magic_Reappearance)
* Oct 25 - [[ESET] En Route with Sednit Part 2: Lifting the lid on Sednit: A closer look at the software it uses](http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf) | [:closed_book:](../../blob/master/2016/2016.10.25.Lifting_the_lid_on_Sednit)
* Oct 20 - [[ESET] En Route with Sednit Part 1: Approaching the Target](http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part1.pdf) | [:closed_book:](../../blob/master/2016/2016.10.20.En_Route_with_Sednit)
* Oct 17 - [[ThreatConnect] ThreatConnect identifies Chinese targeting of two companies. Economic espionage or military intelligence? ](https://www.threatconnect.com/blog/threatconnect-discovers-chinese-apt-activity-in-europe/) | [:closed_book:](../../blob/master/2016/2016.10.16.A_Tale_of_Two_Targets)
* Oct 05 - [[Kaspersky] Wave your false flags](https://securelist.com/files/2016/10/Bartholomew-GuerreroSaade-VB2016.pdf) | [:closed_book:](../../blob/master/2016/2016.10.05_Wave_Your_False_flag)
* Oct 03 - [[Kaspersky] On the StrongPity Waterhole Attacks Targeting Italian and Belgian Encryption Users](https://securelist.com/blog/research/76147/on-the-strongpity-waterhole-attacks-targeting-italian-and-belgian-encryption-users/) | [:closed_book:](../../blob/master/2016/2016.10.03.StrongPity)
* Sep 29 - [[NATO CCD COE] China and Cyber: Attitudes, Strategies, Organisation](https://ccdcoe.org/sites/default/files/multimedia/pdf/CS_organisation_CHINA_092016.pdf) | [:closed_book:](../../blob/master/2016/2016.09.29.China_and_Cyber_Attitudes_Strategies_Organisation)
* Sep 28 - [[Palo Alto Networks] Confucius Says…Malware Families Get Further By Abusing Legitimate Websites](https://unit42.paloaltonetworks.com/unit42-confucius-says-malware-families-get-further-by-abusing-legitimate-websites/) | [:closed_book:](../../blob/master/2016/2016.09.28.Confucius_Says)
* Sep 28 - [[ThreatConnect] Belling the BEAR: russia-hacks-bellingcat-mh17-investigation](https://www.threatconnect.com/blog/russia-hacks-bellingcat-mh17-investigation/) | [:closed_book:](../../blob/master/2016/2016.09.28.russia-hacks-bellingcat-mh17-investigation)
* Sep 26 - [[Palo Alto Networks] Sofacys Komplex OS X Trojan](http://researchcenter.paloaltonetworks.com/2016/09/unit42-sofacys-komplex-os-x-trojan/) | [:closed_book:](../../blob/master/2016/2016.09.26_Sofacy_Komplex_OSX_Trojan)
* Sep 18 - [[Cyberkov] Hunting Libyan Scorpions](https://cyberkov.com/wp-content/uploads/2016/09/Hunting-Libyan-Scorpions-EN.pdf) | [:closed_book:](../../blob/master/2016/2016.09.18.Hunting-Libyan-Scorpions)
* Sep 14 - [[Palo Alto Networks] MILE TEA: Cyber Espionage Campaign Targets Asia Pacific Businesses and Government Agencies](http://researchcenter.paloaltonetworks.com/2016/09/mile-tea-cyber-espionage-campaign-targets-asia-pacific-businesses-and-government-agencies/) | [:closed_book:](../../blob/master/2016/2016.09.14.MILE_TEA)
* Sep 06 - [[Symantec] Buckeye cyberespionage group shifts gaze from US to Hong Kong](http://www.symantec.com/connect/blogs/buckeye-cyberespionage-group-shifts-gaze-us-hong-kong) | [:closed_book:](../../blob/master/2016/2016.09.06.buckeye-cyberespionage-group-shifts-gaze-us-hong-kong)
* Sep 01 - [[IRAN THREATS] MALWARE POSING AS HUMAN RIGHTS ORGANIZATIONS AND COMMERCIAL SOFTWARE TARGETING IRANIANS, FOREIGN POLICY INSTITUTIONS AND MIDDLE EASTERN COUNTRIES](https://iranthreats.github.io/resources/human-rights-impersonation-malware/) | [:closed_book:](../../blob/master/2016/2016.09.01.human-rights-impersonation-malware)
* Aug 25 - [[Lookout] Technical Analysis of Pegasus Spyware](https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf) | [:closed_book:](../../blob/master/2016/2016.08.25.lookout-pegasus-technical-analysis)
* Aug 24 - [[Citizen Lab] The Million Dollar Dissident: NSO Groups iPhone Zero-Days used against a UAE Human Rights Defender](https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/) | [:closed_book:](../../blob/master/2016/2016.08.24.million-dollar-dissident-iphone-zero-day-nso-group-uae)
* Aug 19 - [[ThreatConnect] Russian Cyber Operations on Steroids](https://www.threatconnect.com/blog/fancy-bear-anti-doping-agency-phishing/) | [:closed_book:](../../blob/master/2016/2016.08.19.fancy-bear-anti-doping-agency-phishing)
* Aug 17 - [[Kaspersky] Operation Ghoul: targeted attacks on industrial and engineering organizations](https://securelist.com/blog/research/75718/operation-ghoul-targeted-attacks-on-industrial-and-engineering-organizations/) | [:closed_book:](../../blob/master/2016/2016.08.17_operation-ghoul)
* Aug 16 - [[Palo Alto Networks] Aveo Malware Family Targets Japanese Speaking Users](http://researchcenter.paloaltonetworks.com/2016/08/unit42-aveo-malware-family-targets-japanese-speaking-users/) | [:closed_book:](../../blob/master/2016/2016.08.16.aveo-malware-family-targets-japanese)
* Aug 11 - [[IRAN THREATS] Iran and the Soft War for Internet Dominance](https://iranthreats.github.io/us-16-Guarnieri-Anderson-Iran-And-The-Soft-War-For-Internet-Dominance-paper.pdf) | [:closed_book:](../../blob/master/2016/2016.08.11.Iran-And-The-Soft-War-For-Internet-Dominance)
* Aug 08 - [[Forcepoint] MONSOON](https://blogs.forcepoint.com/security-labs/monsoon-analysis-apt-campaign) | [:closed_book:](../../blob/master/2016/2016.08.08.monsoon-analysis-apt-campaign)
* Aug 08 - [[Kaspersky] ProjectSauron: top level cyber-espionage platform covertly extracts encrypted government comms](https://securelist.com/analysis/publications/75533/faq-the-projectsauron-apt/) | [:closed_book:](../../blob/master/2016/2016.08.08.ProjectSauron)
* Aug 07 - [[Symantec] Strider: Cyberespionage group turns eye of Sauron on targets](http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets) | [:closed_book:](../../blob/master/2016/2016.08.07.Strider_Cyberespionage_group_turns_eye_of_Sauron_on_targets)
* Aug 06 - [[360] APT-C-09](http://www.nsoad.com/Article/Network-security/20160806/269.html) | [:closed_book:](../../blob/master/2016/2016.08.06.APT-C-09)
* Aug 04 - [[Recorded Future] Running for Office: Russian APT Toolkits Revealed](https://www.recordedfuture.com/russian-apt-toolkits/) | [:closed_book:](../../blob/master/2016/2016.08.04.russian-apt-toolkits)
* Aug 03 - [[EFF] Operation Manul: I Got a Letter From the Government the Other Day...Unveiling a Campaign of Intimidation, Kidnapping, and Malware in Kazakhstan](https://www.eff.org/files/2016/08/03/i-got-a-letter-from-the-government.pdf) | [:closed_book:](../../blob/master/2016/2016.08.03.i-got-a-letter-from-the-government)
* Aug 02 - [[Citizen Lab] Group5: Syria and the Iranian Connection](https://citizenlab.org/2016/08/group5-syria/) | [:closed_book:](../../blob/master/2016/2016.08.02.group5-syria)
* Jul 28 - [[ICIT] Chinas Espionage Dynasty](http://icitech.org/wp-content/uploads/2016/07/ICIT-Brief-China-Espionage-Dynasty.pdf) | [:closed_book:](../../blob/master/2016/2016.07.28.China_Espionage_Dynasty)
* Jul 26 - [[Palo Alto Networks] Attack Delivers 9002 Trojan Through Google Drive](http://researchcenter.paloaltonetworks.com/2016/07/unit-42-attack-delivers-9002-trojan-through-google-drive/) | [:closed_book:](../../blob/master/2016/2016.07.26.Attack_Delivers_9002_Trojan_Through_Google_Drive)
* Jul 21 - [[360] Sphinx (APT-C-15) Targeted cyber-attack in the Middle East](https://ti.360.com/upload/report/file/rmsxden20160721.pdf) | [:closed_book:](../../blob/master/2016/2016.07.21.Sphinx_Targeted_cyber-attack_in_the_Middle_East)
* Jul 21 - [[RSA] Hide and Seek: How Threat Actors Respond in the Face of Public Exposure](https://www.rsaconference.com/writable/presentations/file_upload/tta1-f04_hide-and-seek-how-threat-actors-respond-in-the-face-of-public-exposure.pdf) | [:closed_book:](../../blob/master/2016/2016.07.21.Hide_and_Seek)
* Jul 13 - [[SentinelOne] State-Sponsored SCADA Malware targeting European Energy Companies](https://sentinelone.com/blogs/sfg-furtims-parent/) | [:closed_book:](../../blob/master/2016/2016.07.13.State-Sponsored_SCADA_Malware_targeting_European_Energy_Companies)
* Jul 12 - [[F-SECURE] NanHaiShu: RATing the South China Sea](https://www.f-secure.com/documents/996508/1030745/nanhaishu_whitepaper.pdf) | [:closed_book:](../../blob/master/2016/2016.07.12.NanHaiShu_RATing_the_South_China_Sea)
* Jul 08 - [[Kaspersky] The Dropping Elephant aggressive cyber-espionage in the Asian region](https://securelist.com/blog/research/75328/the-dropping-elephant-actor/) | [:closed_book:](../../blob/master/2016/2016.07.08.The_Dropping_Elephant)
* Jul 07 - [[Proofpoint] NetTraveler APT Targets Russian, European Interests](https://www.proofpoint.com/us/threat-insight/post/nettraveler-apt-targets-russian-european-interests) | [:closed_book:](../../blob/master/2016/2016.07.07.nettraveler-apt-targets-russian-european-interests)
* Jul 07 - [[Cymmetria] UNVEILING PATCHWORK: THE COPY-PASTE APT](https://www.cymmetria.com/wp-content/uploads/2016/07/Unveiling-Patchwork.pdf) | [:closed_book:](../../blob/master/2016/2016.07.07.UNVEILING_PATCHWORK)
* Jul 03 - [[Check Point] From HummingBad to Worse ](http://blog.checkpoint.com/wp-content/uploads/2016/07/HummingBad-Research-report_FINAL-62916.pdf) | [:closed_book:](../../blob/master/2016/2016.07.03_From_HummingBad_to_Worse)
* Jul 01 - [[Bitdefender] Pacifier APT](http://download.bitdefender.com/resources/files/News/CaseStudies/study/115/Bitdefender-Whitepaper-PAC-A4-en-EN1.pdf) | [:closed_book:](../../blob/master/2016/2016.07.01.Bitdefender_Pacifier_APT)
* Jul 01 - [[ESET] Espionage toolkit targeting Central and Eastern Europe uncovered](http://www.welivesecurity.com/2016/07/01/espionage-toolkit-targeting-central-eastern-europe-uncovered/) | [:closed_book:](../../blob/master/2016/2016.07.01.SBDH_toolkit_targeting_Central_and_Eastern_Europe)
* Jun 30 - [[JPCERT] Asruex: Malware Infecting through Shortcut Files](http://blog.jpcert.or.jp/2016/06/asruex-malware-infecting-through-shortcut-files.html) | [:closed_book:](../../blob/master/2016/2016.06.30.Asruex)
* Jun 29 - [[Proofpoint] MONSOON ANALYSIS OF AN APT CAMPAIGN](https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-security-labs-monsoon-analysis-report.pdf) | [:closed_book:](../../blob/master/2016/2016.06.29.MonSoon)
* Jun 28 - [[Palo Alto Networks] Prince of Persia Game Over](http://researchcenter.paloaltonetworks.com/2016/06/unit42-prince-of-persia-game-over/) | [:closed_book:](../../blob/master/2016/2016.06.28.prince-of-persia-game-over)
* Jun 28 - [[JPCERT] (Japan)Attack Tool Investigation](https://www.jpcert.or.jp/research/20160628ac-ir_research.pdf) | [:closed_book:](../../blob/master/2016/2016.06.28.Attack_Tool_Investigation)
* Jun 26 - [[Trend Micro] The State of the ESILE/Lotus Blossom Campaign](http://blog.trendmicro.com/trendlabs-security-intelligence/the-state-of-the-esilelotus-blossom-campaign/) | [:closed_book:](../../blob/master/2016/2016.06.26.The_State_of_the_ESILE_Lotus_Blossom_Campaign)
* Jun 26 - [[Cylance] Nigerian Cybercriminals Target High-Impact Industries in India via Pony](https://blog.cylance.com/threat-update-nigerian-cybercriminals-target-high-impact-indian-industries-via-pony) | [:closed_book:](../../blob/master/2016/2016.06.26.Nigerian_Cybercriminals_Target_High_Impact_Industries_in_India)
* Jun 23 - [[Palo Alto Networks] Tracking Elirks Variants in Japan: Similarities to Previous Attacks](http://researchcenter.paloaltonetworks.com/2016/06/unit42-tracking-elirks-variants-in-japan-similarities-to-previous-attacks/) | [:closed_book:](../../blob/master/2016/2016.06.23.Tracking_Elirks_Variants_in_Japan)
* Jun 21 - [[Fortinet] The Curious Case of an Unknown Trojan Targeting German-Speaking Users](https://blog.fortinet.com/2016/06/21/the-curious-case-of-an-unknown-trojan-targeting-german-speaking-users) | [:closed_book:](../../blob/master/2016/2016.06.21.Unknown_Trojan_Targeting_German_Speaking_Users)
* Jun 21 - [[FireEye] Redline Drawn: China Recalculates Its Use of Cyber Espionage]( https://www.fireeye.com/content/dam/FireEye-www/current-threats/pdfs/rpt-china-espionage.pdf) | [:closed_book:](../../blob/master/2016/2016.06.21.Redline_Drawn_China_Recalculates_Its_Use_of_Cyber_Espionage)
* Jun 21 - [[ESET] Visiting The Bear Den](http://www.welivesecurity.com/wp-content/uploads/2016/06/visiting_the_bear_den_recon_2016_calvet_campos_dupuy-1.pdf) | [:closed_book:](../../blob/master/2016/2016.06.21.visiting_the_bear_den_recon_2016_calvet_campos_dupuy)
* Jun 17 - [[Kaspersky] Operation Daybreak](https://securelist.com/operation-daybreak/75100/) | [:closed_book:](../../blob/master/2016/2016.06.17.Operation_Daybreak)
* Jun 16 - [[Dell] Threat Group-4127 Targets Hillary Clinton Presidential Campaign](https://www.secureworks.com/research/threat-group-4127-targets-hillary-clinton-presidential-campaign) | [:closed_book:](../../blob/master/2016/2016.06.16.DNC)
* Jun 15 - [[CrowdStrike] Bears in the Midst: Intrusion into the Democratic National Committee](https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/) | [:closed_book:](../../blob/master/2016/2016.06.09.Operation_DustySky_II/)
* Jun 09 - [[Clearsky] Operation DustySky Part 2](http://www.clearskysec.com/wp-content/uploads/2016/06/Operation-DustySky2_-6.2016_TLP_White.pdf) | [:closed_book:](../../blob/master/2016/2016.06.09.Operation_DustySky_II/)
* Jun 02 - [[Trend Micro] FastPOS: Quick and Easy Credit Card Theft](http://documents.trendmicro.com/assets/fastPOS-quick-and-easy-credit-card-theft.pdf) | [:closed_book:](../../blob/master/2016/2016.06.02.fastpos-quick-and-easy-credit-card-theft/)
* May 27 - [[Trend Micro] IXESHE Derivative IHEATE Targets Users in America](http://blog.trendmicro.com/trendlabs-security-intelligence/ixeshe-derivative-iheate-targets-users-america/) | [:closed_book:](../../blob/master/2016/2016.05.27.IXESHE_Derivative_IHEATE_Targets_Users_in_America/)
* May 26 - [[Palo Alto Networks] The OilRig Campaign: Attacks on Saudi Arabian Organizations Deliver Helminth Backdoor](http://researchcenter.paloaltonetworks.com/2016/05/the-oilrig-campaign-attacks-on-saudi-arabian-organizations-deliver-helminth-backdoor/) | [:closed_book:](../../blob/master/2016/2016.05.26.OilRig_Campaign/)
* May 25 - [[Kaspersky] CVE-2015-2545: overview of current threats](https://securelist.com/analysis/publications/74828/cve-2015-2545-overview-of-current-threats/) | [:closed_book:](../../blob/master/2016/2016.05.25.CVE-2015-2545/)
* May 24 - [[Palo Alto Networks] New Wekby Attacks Use DNS Requests As Command and Control Mechanism](http://researchcenter.paloaltonetworks.com/2016/05/unit42-new-wekby-attacks-use-dns-requests-as-command-and-control-mechanism/) | [:closed_book:](../../blob/master/2016/2016.05.24.New_Wekby_Attacks)
* May 23 - [[MELANI:GovCERT] APT Case RUAG Technical Report](https://www.melani.admin.ch/dam/melani/en/dokumente/2016/technical%20report%20ruag.pdf.download.pdf/Report_Ruag-Espionage-Case.pdf) | [:closed_book:](../../blob/master/2016/2016.05.23.APT_Case_RUAG)
* May 22 - [[FireEye] TARGETED ATTACKS AGAINST BANKS IN THE MIDDLE EAST](https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html) | [:closed_book:](../../blob/master/2016/2016.05.22.Targeted_Attacks_Against_Banks_in_Middle_East)
* May 22 - [[Palo Alto Networks] Operation Ke3chang Resurfaces With New TidePool Malware](http://researchcenter.paloaltonetworks.com/2016/05/operation-ke3chang-resurfaces-with-new-tidepool-malware/) | [:closed_book:](../../blob/master/2016/2016.05.22.Operation_Ke3chang_Resurfaces_With_New_TidePool_Malware/)
* May 18 - [[ESET] Operation Groundbait: Analysis of a surveillance toolkit](http://www.welivesecurity.com/wp-content/uploads/2016/05/Operation-Groundbait.pdf) | [:closed_book:](../../blob/master/2016/2016.05.18.Operation_Groundbait/)
* May 17 - [[FOX-IT] Mofang: A politically motivated information stealing adversary](https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp-white.pdf) | [:closed_book:](../../blob/master/2016/2016.05.17.Mofang)
* May 17 - [[Symantec] Indian organizations targeted in Suckfly attacks](http://www.symantec.com/connect/ko/blogs/indian-organizations-targeted-suckfly-attacks) | [:closed_book:](../../blob/master/2016/2016.05.17.Indian_organizations_targeted_in_Suckfly_attacks/)
* May 10 - [[Trend Micro] Backdoor as a Software Suite: How TinyLoader Distributes and Upgrades PoS Threats](http://blog.trendmicro.com/trendlabs-security-intelligence/how-tinyloader-distributes-and-upgrades-pos-threats/) | [paper](http://documents.trendmicro.com/assets/tinypos-abaddonpos-ties-to-tinyloader.pdf) | [:closed_book:](../../blob/master/2016/2016.05.10.tinyPOS_tinyloader/)
* May 09 - [[CMU SEI] Using Honeynets and the Diamond Model for ICS Threat Analysis](http://resources.sei.cmu.edu/asset_files/TechnicalReport/2016_005_001_454247.pdf) | [:closed_book:](../../blob/master/2016/2016.05.09_ICS_Threat_Analysis/)
* May 06 - [[PwC] Exploring CVE-2015-2545 and its users](http://pwc.blogs.com/cyber_security_updates/2016/05/exploring-cve-2015-2545-and-its-users.html) | [:closed_book:](../../blob/master/2016/2016.05.06_Exploring_CVE-2015-2545/)
* May 05 - [[Forcepoint] Jaku: an on-going botnet campaign](https://www.forcepoint.com/sites/default/files/resources/files/report_jaku_analysis_of_botnet_campaign_en_0.pdf) | [:closed_book:](../../blob/master/2016/2016.05.05_Jaku_botnet_campaign/)
* May 02 - [[Team Cymru] GOZNYM MALWARE target US, AT, DE ](https://blog.team-cymru.org/2016/05/goznym-malware/) | [:closed_book:](../../blob/master/2016/2016.05.02.GOZNYM_MALWARE)
* May 02 - [[Palo Alto Networks] Prince of Persia: Infy Malware Active In Decade of Targeted Attacks](http://researchcenter.paloaltonetworks.com/2016/05/prince-of-persia-infy-malware-active-in-decade-of-targeted-attacks/) | [:closed_book:](../../blob/master/2016/2016.05.02.Prince_of_Persia_Infy_Malware/)
* Apr 27 - [[Kaspersky] Repackaging Open Source BeEF for Tracking and More](https://securelist.com/blog/software/74503/freezer-paper-around-free-meat/) | [:closed_book:](../../blob/master/2016/2016.04.27.Repackaging_Open_Source_BeEF)
* Apr 26 - [[Financial Times] Cyber warfare: Iran opens a new front](http://www.ft.com/intl/cms/s/0/15e1acf0-0a47-11e6-b0f1-61f222853ff3.html#axzz478cZz3ao) | [:closed_book:](../../blob/master/2016/2016.04.26.Iran_Opens_a_New_Front/)
* Apr 26 - [[Arbor] New Poison Ivy Activity Targeting Myanmar, Asian Countries](https://www.arbornetworks.com/blog/asert/recent-poison-iv/) | [:closed_book:](../../blob/master/2016/2016.04.26.New_Poison_Ivy_Activity_Targeting_Myanmar_Asian_Countries/)
* Apr 22 - [[Cylance] The Ghost Dragon](https://blog.cylance.com/the-ghost-dragon) | [:closed_book:](../../blob/master/2016/2016.04.22.the-ghost-dragon)
* Apr 21 - [[SentinelOne] Teaching an old RAT new tricks](https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/) | [:closed_book:](../../blob/master/2016/2016.04.21.Teaching_an_old_RAT_new_tricks/)
* Apr 21 - [[Palo Alto Networks] New Poison Ivy RAT Variant Targets Hong Kong Pro-Democracy Activists](http://researchcenter.paloaltonetworks.com/2016/04/unit42-new-poison-ivy-rat-variant-targets-hong-kong-pro-democracy-activists/) | [:closed_book:](../../blob/master/2016/2016.04.21.New_Poison_Ivy_RAT_Variant_Targets_Hong_Kong/)
* Apr 18 - [[Citizen Lab] Between Hong Kong and Burma: Tracking UP007 and SLServer Espionage Campaigns](https://citizenlab.org/2016/04/between-hong-kong-and-burma/) | [:closed_book:](../../blob/master/2016/2016.04.18.UP007/)
* Apr 15 - [[SANS] Detecting and Responding Pandas and Bears](http://files.sans.org/summit/Threat_Hunting_Incident_Response_Summit_2016/PDFs/Detecting-and-Responding-to-Pandas-and-Bears-Christopher-Scott-CrowdStrike-and-Wendi-Whitmore-IBM.pdf) | [:closed_book:](../../blob/master/2016/2016.04.15.pandas_and_bears/)
* Apr 12 - [[Microsoft] PLATINUM: Targeted attacks in South and Southeast Asia](http://download.microsoft.com/download/2/2/5/225BFE3E-E1DE-4F5B-A77B-71200928D209/Platinum%20feature%20article%20-%20Targeted%20attacks%20in%20South%20and%20Southeast%20Asia%20April%202016.pdf) | [:closed_book:](../../blob/master/2016/2016.04.12.PLATINUM_Targeted_attacks_in_South_and_Southeast_Asia/)
* Mar 25 - [[Palo Alto Networks] ProjectM: Link Found Between Pakistani Actor and Operation Transparent Tribe](http://researchcenter.paloaltonetworks.com/2016/03/unit42-projectm-link-found-between-pakistani-actor-and-operation-transparent-tribe/?utm_medium=email&utm_source=Adobe%20Campaign&utm_campaign=Unit%2042%20Blog%20Updates%2031Mar16) | [:closed_book:](../../blob/master/2016/2016.03.25.ProjectM/)
* Mar 23 - [[Trend Micro] Operation C-Major: Information Theft Campaign Targets Military Personnel in India](http://blog.trendmicro.com/trendlabs-security-intelligence/indian-military-personnel-targeted-by-information-theft-campaign/) | [:closed_book:](../../blob/master/2016/2016.03.23.Operation_C_Major/)
* Mar 18 - [[SANS] Analysis of the Cyber Attack on the Ukrainian Power Grid: Defense Use Case](https://ics.sans.org/media/E-ISAC_SANS_Ukraine_DUC_5.pdf) | [:closed_book:](../../blob/master/2016/2016.03.18.Analysis_of_the_Cyber_Attack_on_the_Ukrainian_Power_Grid/)
* Mar 17 - [[PwC] Taiwan Presidential Election: A Case Study on Thematic Targeting](http://pwc.blogs.com/cyber_security_updates/2016/03/taiwant-election-targetting.html) | [:closed_book:](../../blob/master/2016/2016.03.17.Taiwan-election-targetting/)
* Mar 15 - [[Symantec] Suckfly: Revealing the secret life of your code signing certificates](http://www.symantec.com/connect/blogs/suckfly-revealing-secret-life-your-code-signing-certificates) | [:closed_book:](../../blob/master/2016/2016.03.15.Suckfly)
* Mar 14 - [[Proofpoint] Bank robbery in progress: New attacks from Carbanak group target banks in Middle East and US](https://www.proofpoint.com/us/threat-insight/post/carbanak-cybercrime-group-targets-executives-of-financial-organizations-in-middle-east) | [:closed_book:](../../blob/master/2016/2016.03.14.Carbanak_cybercrime_group)
* Mar 10 - [[Citizen Lab] Shifting Tactics: Tracking changes in years-long espionage campaign against Tibetans](https://citizenlab.org/2016/03/shifting-tactics/) | [:closed_book:](../../blob/master/2016/2016.03.10.shifting-tactics)
* Mar 09 - [[FireEye] LESSONS FROM OPERATION RUSSIANDOLL](https://www.fireeye.com/blog/threat-research/2016/03/lessons-from-operation-russian-doll.html) | [:closed_book:](../../blob/master/2016/2016.03.09.Operation_RussianDoll)
* Mar 08 - [[360] Operation OnionDog: A 3 Year Old APT Focused On the Energy and Transportation Industries in Korean-language Countries](http://www.prnewswire.com/news-releases/onion-dog-a-3-year-old-apt-focused-on-the-energy-and-transportation-industries-in-korean-language-countries-is-exposed-by-360-300232441.html) | [:closed_book:](../../blob/master/2016/2016.03.08.OnionDog)
* Mar 03 - [[Recorded Future] Shedding Light on BlackEnergy With Open Source Intelligence](https://www.recordedfuture.com/blackenergy-malware-analysis/) | [:closed_book:](../../blob/master/2016/2016.03.03.Shedding_Light_BlackEnergy)
* Mar 01 - [[Proofpoint] Operation Transparent Tribe - APT Targeting Indian Diplomatic and Military Interests](https://www.proofpoint.com/us/threat-insight/post/Operation-Transparent-Tribe) | [:closed_book:](../../blob/master/2016/2016.03.01.Operation_Transparent_Tribe/)
* Feb 29 - [[Fidelis] The Turbo Campaign, Featuring Derusbi for 64-bit Linux](https://www.fidelissecurity.com/sites/default/files/TA_Fidelis_Turbo_1602_0.pdf) | [:closed_book:](../../blob/master/2016/2016.02.24.Operation_Blockbuster)
* Feb 24 - [[NOVETTA] Operation Blockbuster](https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf) | [:closed_book:](../../blob/master/2016/2016.02.24.Operation_Blockbuster)
* Feb 23 - [[Cylance] OPERATION DUST STORM](https://www.cylance.com/hubfs/2015_cylance_website/assets/operation-dust-storm/Op_Dust_Storm_Report.pdf?t=1456355696065) | [:closed_book:](../../blob/master/2016/2016.02.23.Operation_Dust_Storm)
* Feb 12 - [[Palo Alto Networks] A Look Into Fysbis: Sofacys Linux Backdoor](http://researchcenter.paloaltonetworks.com/2016/02/a-look-into-fysbis-sofacys-linux-backdoor/) | [:closed_book:](../../blob/master/2016/2016.02.12.Fysbis_Sofacy_Linux_Backdoor)
* Feb 11 - [[Recorded Future] Hacktivism: India vs. Pakistan](https://www.recordedfuture.com/india-pakistan-cyber-rivalry/) | [:closed_book:](../../blob/master/2016/2016.02.11.Hacktivism_India_vs_Pakistan)
* Feb 09 - [[Kaspersky] Poseidon Group: a Targeted Attack Boutique specializing in global cyber-espionage](https://securelist.com/blog/research/73673/poseidon-group-a-targeted-attack-boutique-specializing-in-global-cyber-espionage/) | [:closed_book:](../../blob/master/2016/2016.02.09_Poseidon_APT_Boutique)
* Feb 08 - [[ICIT] Know Your Enemies 2.0: A Primer on Advanced Persistent Threat Groups](http://icitech.org/know-your-enemies-2-0/) | [:closed_book:](../../blob/master/2016/2016.02.08.Know_Your_Enemies_2.0)
* Feb 04 - [[Palo Alto Networks] T9000: Advanced Modular Backdoor Uses Complex Anti-Analysis Techniques](http://researchcenter.paloaltonetworks.com/2016/02/t9000-advanced-modular-backdoor-uses-complex-anti-analysis-techniques/) | [:closed_book:](../../blob/master/2016/2016.02.04_PaloAlto_T9000-Advanced-Modular-Backdoor)
* Feb 03 - [[Palo Alto Networks] Emissary Trojan Changelog: Did Operation Lotus Blossom Cause It to Evolve?](http://researchcenter.paloaltonetworks.com/2016/02/emissary-trojan-changelog-did-operation-lotus-blossom-cause-it-to-evolve/) | [:closed_book:](../../blob/master/2016.02.03.Emissary_Trojan_Changelog)
* Feb 01 - [[Sucuri] Massive Admedia/Adverting iFrame Infection](https://blog.sucuri.net/2016/02/massive-admedia-iframe-javascript-infection.html) | [:closed_book:](../../blob/master/2016/2016.02.01.Massive_Admedia_Adverting_iFrame_Infection)
* Feb 01 - [[IBM] Organized Cybercrime Big in Japan: URLZone Now on the Scene](https://securityintelligence.com/organized-cybercrime-big-in-japan-urlzone-now-on-the-scene/) | [:closed_book:](../../blob/master/2016/2016.02.01.URLzone_Team)
* Jan 29 - [[F5] Tinbapore: Millions of Dollars at Risk](https://devcentral.f5.com/d/tinbapore-millions-of-dollars-at-risk?download=true) | [:closed_book:](../../blob/master/2016/2016.01.29.Tinbapore_Attack)
* Jan 29 - [[Zscaler] Malicious Office files dropping Kasidet and Dridex](http://research.zscaler.com/2016/01/malicious-office-files-dropping-kasidet.html) | [:closed_book:](../../blob/master/2016/2016.01.29.Malicious_Office_files_dropping_Kasidet_and_Dridex)
* Jan 28 - [[Kaspersky] BlackEnergy APT Attacks in Ukraine employ spearphishing with Word documents](https://securelist.com/blog/research/73440/blackenergy-apt-attacks-in-ukraine-employ-spearphishing-with-word-documents/) | [:closed_book:](../../blob/master/2016/2016.01.28.BlackEnergy_APT)
* Jan 27 - [[Fidelis] Dissecting the Malware Involved in the INOCNATION Campaign](https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_FINAL.pdf) | [:closed_book:](../../blob/master/2016/2016.01.27.Hi-Zor.RAT)
* Jan 26 - [[SentinelOne] Analyzing a New Variant of BlackEnergy 3](https://www.sentinelone.com/wp-content/uploads/2016/01/BlackEnergy3_WP_012716_1c.pdf) | [:closed_book:](../../blob/master/2016/2016.01.26.BlackEnergy3)
* Jan 24 - [[Palo Alto Networks] Scarlet Mimic: Years-Long Espionage Campaign Targets Minority Activists](http://researchcenter.paloaltonetworks.com/2016/01/scarlet-mimic-years-long-espionage-targets-minority-activists/) | [:closed_book:](../../blob/master/2016/2016.01.24_Scarlet_Minic)
* Jan 21 - [[Palo Alto Networks] NetTraveler Spear-Phishing Email Targets Diplomat of Uzbekistan](http://researchcenter.paloaltonetworks.com/2016/01/nettraveler-spear-phishing-email-targets-diplomat-of-uzbekistan/) | [:closed_book:](../../blob/master/2016/2016.01.21.NetTraveler_Uzbekistan)
* Jan 19 - [[360] 2015 APT Annual Report](https://ti.360.com/upload/report/file/2015.APT.Annual_Report.pdf) | [:closed_book:](../../blob/master/2016/2016.01.19.360_APT_Report)
* Jan 14 - [[CISCO] RESEARCH SPOTLIGHT: NEEDLES IN A HAYSTACK](http://blog.talosintel.com/2016/01/haystack.html#more) | [:closed_book:](../../blob/master/2016/2016.01.14_Cisco_Needles_in_a_Haystack)
* Jan 14 - [[Symantec] The Waterbug attack group](https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/waterbug-attack-group.pdf) | [:closed_book:](../../blob/master/2016/2016.01.14.The.Waterbug.Attack.Group/)
* Jan 07 - [[Clearsky] Operation DustySky](http://www.clearskysec.com/wp-content/uploads/2016/01/Operation%20DustySky_TLP_WHITE.pdf) | [:closed_book:](../../blob/master/2016/2016.01.07.Operation_DustySky)
* Jan 07 - [[CISCO] RIGGING COMPROMISE - RIG EXPLOIT KIT](http://blog.talosintel.com/2016/01/rigging-compromise.html) | [:closed_book:](../../blob/master/2016/2016.01.07.rigging-compromise)
* Jan 03 - [[ESET] BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry](http://www.welivesecurity.com/2016/01/03/blackenergy-sshbeardoor-details-2015-attacks-ukrainian-news-media-electric-industry/) | [:closed_book:](../../blob/master/2016/2016.01.03.BlackEnergy_Ukrainian)
2017-02-11 07:00:00 +00:00
## 2015
2019-08-14 09:38:24 +00:00
* Dec 23 - [[PwC] ELISE: Security Through Obesity](http://pwc.blogs.com/cyber_security_updates/2015/12/elise-security-through-obesity.html) | [:closed_book:](../../blob/master/2015/2015.12.13.ELISE)
* Dec 22 - [[Palo Alto Networks] BBSRAT Attacks Targeting Russian Organizations Linked to Roaming Tiger](http://researchcenter.paloaltonetworks.com/2015/12/bbsrat-attacks-targeting-russian-organizations-linked-to-roaming-tiger/) | [:closed_book:](../../blob/master/2015/2015.12.22.BBSRAT_Roaming_Tiger)
* Dec 20 - [[FireEye] The EPS Awakens - Part 2](https://www.fireeye.com/blog/threat-research/2015/12/the-eps-awakens-part-two.html) | [:closed_book:](../../blob/master/2015/2015.12.20.EPS_Awakens_Part_II)
* Dec 18 - [[Palo Alto Networks] Attack on French Diplomat Linked to Operation Lotus Blossom](http://researchcenter.paloaltonetworks.com/2015/12/attack-on-french-diplomat-linked-to-operation-lotus-blossom/) | [:closed_book:](../../blob/master/2015/2015.12.18.Attack_on_Frence_Diplomat_Linked_To_Operation_Lotus_Blossom)
* Dec 16 - [[Bitdefender] APT28 Under the Scope - A Journey into Exfiltrating Intelligence and Government Information](http://download.bitdefender.com/resources/media/materials/white-papers/en/Bitdefender_In-depth_analysis_of_APT28%E2%80%93The_Political_Cyber-Espionage.pdf) | [:closed_book:](../../blob/master/2015/2015.12.17.APT28_Under_The_Scope)
* Dec 16 - [[Trend Micro] Operation Black Atlas, Part 2: Tools and Malware Used and How to Detect Them](http://documents.trendmicro.com/assets/Operation_Black%20Atlas_Technical_Brief.pdf) | [:closed_book:](../../blob/master/2015/2015.12.16.INOCNATION.Campaign)
* Dec 16 - [[Fidelis] Dissecting the Malware Involved in the INOCNATION Campaign](https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_FINAL.pdf) | [:closed_book:](../../blob/master/2015/2015.12.16.INOCNATION.Campaign)
* Dec 15 - [[AirBus] Newcomers in the Derusbi family](http://blog.airbuscybersecurity.com/post/2015/11/Newcomers-in-the-Derusbi-family) | [:closed_book:](../../blob/master/2015/2015.12.15.Newcomers_in_the_Derusbi_family)
* Dec 08 - [[Citizen Lab] Packrat: Seven Years of a South American Threat Actor](https://citizenlab.org/2015/12/packrat-report/) | [:closed_book:](../../blob/master/2015/2015.12.08.Packrat)
* Dec 07 - [[FireEye] Financial Threat Group Targets Volume Boot Record](https://www.fireeye.com/blog/threat-research/2015/12/fin1-targets-boot-record.html) | [:closed_book:](../../blob/master/2015/2015.12.07.Thriving_Beyond_The_Operating_System)
* Dec 07 - [[Symantec] Iran-based attackers use back door threats to spy on Middle Eastern targets](http://www.symantec.com/connect/blogs/iran-based-attackers-use-back-door-threats-spy-middle-eastern-targets) | [:closed_book:](../../blob/master/2015/2015.12.07.Iran-based)
* Dec 04 - [[Kaspersky] Sofacy APT hits high profile targets with updated toolset](https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/) | [:closed_book:](../../blob/master/2015/2015.12.04.Sofacy_APT)
* Dec 01 - [[FireEye] China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets](https://www.fireeye.com/blog/threat-research/2015/11/china-based-threat.html) | [:closed_book:](../../blob/master/2015/2015.12.01.China-based_Cyber_Threat_Group_Uses_Dropbox_for_Malware_Communications_and_Targets_Hong_Kong_Media_Outlets)
* Nov 30 - [[FOX-IT] Ponmocup A giant hiding in the shadows](https://foxitsecurity.files.wordpress.com/2015/12/foxit-whitepaper_ponmocup_1_1.pdf) | [:closed_book:](../../blob/master/2015/2015.11.30.Ponmocup)
* Nov 24 - [[Palo Alto Networks] Attack Campaign on the Government of Thailand Delivers Bookworm Trojan](http://researchcenter.paloaltonetworks.com/2015/11/attack-campaign-on-the-government-of-thailand-delivers-bookworm-trojan/) | [:closed_book:](../../blob/master/2015/2015.11.24.Attack_Campaign_on_the_Government_of_Thailand_Delivers_Bookworm_Trojan)
* Nov 23 - [[Minerva Labs, ClearSky] CopyKittens Attack Group](https://s3-eu-west-1.amazonaws.com/minervaresearchpublic/CopyKittens/CopyKittens.pdf) | [:closed_book:](../../blob/master/2015/2015.11.23.CopyKittens_Attack_Group)
* Nov 23 - [[RSA] PEERING INTO GLASSRAT](https://blogs.rsa.com/wp-content/uploads/2015/11/GlassRAT-final.pdf) | [:closed_book:](../../blob/master/2015/2015.11.23.PEERING_INTO_GLASSRAT)
* Nov 23 - [[Trend Micro] Prototype Nation: The Chinese Cybercriminal Underground in 2015](http://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/prototype-nation-the-chinese-cybercriminal-underground-in-2015/?utm_source=siblog&utm_medium=referral&amp;utm_campaign=2015-cn-ug) | [:closed_book:](../../blob/master/2015/2015.11.23.Prototype_Nation_The_Chinese_Cybercriminal_Underground_in_2015)
* Nov 19 - [[Kaspersky] Russian financial cybercrime: how it works](https://securelist.com/analysis/publications/72782/russian-financial-cybercrime-how-it-works/) | [:closed_book:](../../blob/master/2015/2015.11.18.Russian_financial_cybercrime_how_it_works)
* Nov 19 - [[JPCERT] Decrypting Strings in Emdivi](http://blog.jpcert.or.jp/2015/11/decrypting-strings-in-emdivi.html) | [:closed_book:](../../blob/master/2015/2015.11.19.decrypting-strings-in-emdivi)
* Nov 18 - [[Palo Alto Networks] TDrop2 Attacks Suggest Dark Seoul Attackers Return](http://researchcenter.paloaltonetworks.com/2015/11/tdrop2-attacks-suggest-dark-seoul-attackers-return/) | [:closed_book:](../../blob/master/2015/2015.11.18.tdrop2)
* Nov 18 - [[CrowdStrike] Sakula Reloaded](http://blog.crowdstrike.com/sakula-reloaded/) | [:closed_book:](../../blob/master/2015/2015.11.18.Sakula_Reloaded)
* Nov 18 - [[Damballa] Damballa discovers new toolset linked to Destover Attackers arsenal helps them to broaden attack surface](https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2015/2015.11.18.Destover/amballa-discovers-new-toolset-linked-to-destover-attackers-arsenal-helps-them-to-broaden-attack-surface.pdf) | [:closed_book:](../../blob/master/2015/2015.11.18.Destover)
* Nov 16 - [[FireEye] WitchCoven: Exploiting Web Analytics to Ensnare Victims](https://www2.fireeye.com/threat-intel-report-WITCHCOVEN.html) | [:closed_book:](../../blob/master/2015/2015.11.17.Pinpointing_Targets_Exploiting_Web_Analytics_to_Ensnare_Victims)
* Nov 10 - [[Palo Alto Networks] Bookworm Trojan: A Model of Modular Architecture](http://researchcenter.paloaltonetworks.com/2015/11/bookworm-trojan-a-model-of-modular-architecture/) | [:closed_book:](../../blob/master/2015/2015.11.10.bookworm-trojan-a-model-of-modular-architecture)
* Nov 09 - [[Check Point] Rocket Kitten: A Campaign With 9 Lives](http://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdf) | [:closed_book:](../../blob/master/2015/2015.11.09.Rocket_Kitten_A_Campaign_With_9_Lives)
* Nov 04 - [[RSA] Evolving Threats:dissection of a CyberEspionage attack](http://www.rsaconference.com/writable/presentations/file_upload/cct-w08_evolving-threats-dissection-of-a-cyber-espionage-attack.pdf) | [:closed_book:](../../blob/master/2015/2015.11.04_Evolving_Threats)
* Oct 16 - [[Citizen Lab] Targeted Malware Attacks against NGO Linked to Attacks on Burmese Government Websites](https://citizenlab.org/2015/10/targeted-attacks-ngo-burma/)(https://otx.alienvault.com/pulse/5621208f4637f21ecf2aac36/) | [:closed_book:](../../blob/master/2015/2015.10.16.NGO_Burmese_Government)
* Oct 15 - [[Citizen Lab] Pay No Attention to the Server Behind the Proxy: Mapping FinFishers Continuing Proliferation](https://citizenlab.org/2015/10/mapping-finfishers-continuing-proliferation/) | [:closed_book:](../../blob/master/2015/2015.10.15.FinFisher_Continuing)
* Oct 05 - [[Recorded Future] Proactive Threat Identification Neutralizes Remote Access Trojan Efficacy](http://go.recordedfuture.com/hubfs/reports/threat-identification.pdf) | [:closed_book:](../../blob/master/2015/2015.10.05.Proactive_Threat_Identification)
* Oct 03 - [[Cybereason] Webmail Server APT: A New Persistent Attack Methodology Targeting Microsoft Outlook Web Application (OWA)](http://go.cybereason.com/rs/996-YZT-709/images/Cybereason-Labs-Analysis-Webmail-Sever-APT.pdf) | [:closed_book:](../../blob/master/2015/2015.10.03.Webmail_Server_APT)
* Sep 23 - [[ThreatConnect] PROJECT CAMERASHY: CLOSING THE APERTURE ON CHINAS UNIT 78020](https://www.threatconnect.com/camerashy-intro/) | [PDF](https://cdn2.hubspot.net/hubfs/454298/Project_CAMERASHY_ThreatConnect_Copyright_2015.pdf) | [:closed_book:](../../blob/master/2015/2015.09.23.CAMERASHY_ThreatConnect)
* Sep 17 - [[F-SECURE] The Dukes 7 Years of Russian Cyber Espionage](https://labsblog.f-secure.com/2015/09/17/the-dukes-7-years-of-russian-cyber-espionage/) - [PDF](https://www.f-secure.com/documents/996508/1030745/dukes_whitepaper.pdf) | [:closed_book:](../../blob/master/2015/2015.09.17.duke_russian)
* Sep 16 - [[Proofpoint] The shadow knows: Malvertising campaigns use domain shadowing to pull in Angler EK](https://www.proofpoint.com/us/threat-insight/post/The-Shadow-Knows) | [:closed_book:](../../blob/master/2015/2015.09.16.The-Shadow-Knows)
* Sep 16 - [[Trend Micro] Operation Iron Tiger: How China-Based Actors Shifted Attacks from APAC to US Targets](http://newsroom.trendmicro.com/blog/operation-iron-tiger-attackers-shift-east-asia-united-states) | [IOC](https://otx.alienvault.com/pulse/55f9910967db8c6fb35179bd/) | [:closed_book:](../../blob/master/2015/2015.09.17.Operation_Iron_Tiger)
* Sep 15 - [[Proofpoint] In Pursuit of Optical Fibers and Troop Intel: Targeted Attack Distributes PlugX in Russia](https://www.proofpoint.com/us/threat-insight/post/PlugX-in-Russia) | [:closed_book:](../../blob/master/2015/2015.09.15.PlugX_in_Russia)
2020-10-08 09:11:24 +00:00
* Sep 09 - [[Trend Micro] Shadow Force Uses DLL Hijacking, Targets South Korean Company](https://blog.trendmicro.com/trendlabs-security-intelligence/shadow-force-uses-dll-hijacking-targets-south-korean-company/) | [:closed_book:](../../blob/master/2015/2015.09.09.Shadow_Force)
2019-08-14 09:38:24 +00:00
* Sep 09 - [[Kaspersky] Satellite Turla: APT Command and Control in the Sky](https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-control-in-the-sky/) | [:closed_book:](../../blob/master/2015/2015.09.09.satellite-turla-apt)
* Sep 08 - [[Palo Alto Networks] Musical Chairs: Multi-Year Campaign Involving New Variant of Gh0st Malware](http://researchcenter.paloaltonetworks.com/2015/09/musical-chairs-multi-year-campaign-involving-new-variant-of-gh0st-malware/) | [:closed_book:](../../blob/master/2015/2015.09.08.Musical_Chairs_Gh0st_Malware)
* Sep 01 - [[Trend Micro, Clearsky] The Spy Kittens Are Back: Rocket Kitten 2](http://www.trendmicro.tw/vinfo/us/security/news/cyber-attacks/rocket-kitten-continues-attacks-on-middle-east-targets) | [PDF](http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-the-spy-kittens-are-back.pdf) | [:closed_book:](../../blob/master/2015/2015.09.01.Rocket_Kitten_2)
* Aug 20 - [[Arbor] PlugX Threat Activity in Myanmar](http://pages.arbornetworks.com/rs/082-KNA-087/images/ASERT%20Threat%20Intelligence%20Brief%202015-05%20PlugX%20Threat%20Activity%20in%20Myanmar.pdf) | [:closed_book:](../../blob/master/2015/2015.08.20.PlugX_Threat_Activity_in_Myanmar)
* Aug 20 - [[Kaspersky] New activity of the Blue Termite APT](https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/) | [:closed_book:](../../blob/master/2015/2015.08.20.new-activity-of-the-blue-termite-apt)
* Aug 19 - [[Symantec] New Internet Explorer zero-day exploited in Hong Kong attacks](http://www.symantec.com/connect/blogs/new-internet-explorer-zero-day-exploited-hong-kong-attacks) | [:closed_book:](../../blob/master/2015/2015.08.19.new-internet-explorer-zero-day-exploited-hong-kong-attacks)
* Aug 10 - [[ShadowServer] The Italian Connection: An analysis of exploit supply chains and digital quartermasters](http://blog.shadowserver.org/2015/08/10/the-italian-connection-an-analysis-of-exploit-supply-chains-and-digital-quartermasters/) | [:closed_book:](../../blob/master/2015/2015.08.10.The_Italian_Connection_An_analysis_of_exploit_supply_chains_and_digital_quartermasters)
* Aug 08 - [[Cyint] Threat Analysis: Poison Ivy and Links to an Extended PlugX Campaign](http://www.cyintanalysis.com/threat-analysis-poison-ivy-and-links-to-an-extended-plugx-campaign/) | [:closed_book:](../../blob/master/2015/2015.08.08.Poison_Ivy_and_Links_to_an_Extended_PlugX_Campaign)
* Aug 05 - [[Dell] Threat Group-3390 Targets Organizations for Cyberespionage](http://www.secureworks.com/cyber-threat-intelligence/threats/threat-group-3390-targets-organizations-for-cyberespionage/) | [:closed_book:](../../blob/master/2015/2015.08.05.Threat_Group-3390)
* Aug 04 - [[RSA] Terracotta VPN: Enabler of Advanced Threat Anonymity](https://blogs.rsa.com/terracotta-vpn-enabler-of-advanced-threat-anonymity/) | [:closed_book:](../../blob/master/2015/2015.08.04.Terracotta_VPN)
* Jul 30 - [[ESET] Operation Potao Express](http://www.welivesecurity.com/2015/07/30/operation-potao-express/) | [IOC](https://github.com/eset/malware-ioc/tree/master/potao) | [:closed_book:](../../blob/master/2015/2015.07.30.Operation-Potao-Express)
* Jul 28 - [[Symantec] Black Vine: Formidable cyberespionage group targeted aerospace, healthcare since 2012](http://www.symantec.com/connect/blogs/black-vine-formidable-cyberespionage-group-targeted-aerospace-healthcare-2012) | [:closed_book:](../../blob/master/2015/2015.07.28.Black_Vine)
* Jul 27 - [[FireEye] HAMMERTOSS: Stealthy Tactics Define a Russian Cyber Threat Group](https://www.fireeye.com/blog/threat-research/2015/07/hammertoss_stealthy.html) | [:closed_book:](../../blob/master/2015/2015.07.27.HAMMERTOSS)
* Jul 22 - [[F-SECURE] Duke APT group's latest tools: cloud services and Linux support](https://www.f-secure.com/weblog/archives/00002822.html) | [:closed_book:](../../blob/master/2015/2015.07.22.Duke_APT_groups_latest_tools)
* Jul 20 - [[ThreatConnect] China Hacks the Peace Palace: All Your EEZs Are Belong to Us](http://www.threatconnect.com/news/china-hacks-the-peace-palace-all-your-eezs-are-belong-to-us/) | [:closed_book:](../../blob/master/2015/2015.07.20.China_Peace_Palace)
* Jul 20 - [[Palo Alto Networks] Watering Hole Attack on Aerospace Firm Exploits CVE-2015-5122 to Install IsSpace Backdoor](http://researchcenter.paloaltonetworks.com/2015/07/watering-hole-attack-on-aerospace-firm-exploits-cve-2015-5122-to-install-isspace-backdoor/) | [:closed_book:](../../blob/master/2015/2015.07.20.IsSpace_Backdoor)
* Jul 14 - [[Palo Alto Networks] Tracking MiniDionis: CozyCars New Ride Is Related to Seaduke](http://researchcenter.paloaltonetworks.com/2015/07/tracking-minidionis-cozycars-new-ride-is-related-to-seaduke/) | [:closed_book:](../../blob/master/2015/2015.07.14.tracking-minidionis-cozycars)
* Jul 14 - [[Trend Micro] An In-Depth Look at How Pawn Storms Java Zero-Day Was Used](http://blog.trendmicro.com/trendlabs-security-intelligence/an-in-depth-look-at-how-pawn-storms-java-zero-day-was-used/) | [:closed_book:](../../blob/master/2015/2015.07.14.How_Pawn_Storm_Java_Zero-Day_Was_Used)
* Jul 13 - [[Symantec] "Forkmeiamfamous": Seaduke, latest weapon in the Duke armory](http://www.symantec.com/connect/blogs/forkmeiamfamous-seaduke-latest-weapon-duke-armory) | [:closed_book:](../../blob/master/2015/2015.07.13.Forkmeiamfamous)
* Jul 13 - [[FireEye] Demonstrating Hustle, Chinese APT Groups Quickly Use Zero-Day Vulnerability CVE-2015-5119 Following Hacking Team Leak](https://www.fireeye.com/blog/threat-research/2015/07/demonstrating_hustle.html) | [:closed_book:](../../blob/master/2015/2015.07.13.Demonstrating_Hustle)
* Jul 10 - [[Palo Alto Networks] APT Group UPS Targets US Government with Hacking Team Flash Exploit](http://researchcenter.paloaltonetworks.com/2015/07/apt-group-ups-targets-us-government-with-hacking-team-flash-exploit/) | [:closed_book:](../../blob/master/2015/2015.07.10.APT_Group_UPS_Targets_US_Government)
* Jul 09 - [[Symantec] Butterfly: Corporate spies out for financial gain](http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/butterfly-corporate-spies-out-for-financial-gain.pdf) | [:closed_book:](../../blob/master/2015/2015.07.09.Butterfly)
* Jul 08 - [[Kaspersky] Wild Neutron Economic espionage threat actor returns with new tricks](https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/) | [:closed_book:](../../blob/master/2015/2015.07.08.Wild_Neutron)
* Jul 08 - [[Volexity] APT Group Wekby Leveraging Adobe Flash Exploit (CVE-2015-5119)](http://www.volexity.com/blog/?p=158) | [:closed_book:](../../blob/master/2015/2015.07.08.APT_CVE-2015-5119)
* Jun 30 - [[ESET] Dino the latest spying malware from an allegedly French espionage group analyzed](http://www.welivesecurity.com/2015/06/30/dino-spying-malware-analyzed) | [:closed_book:](../../blob/master/2015/2015.06.30.dino-spying-malware-analyzed)
* Jun 28 - [[Dragon Threat Labs] APT on Taiwan - insight into advances of adversary TTPs](http://blog.dragonthreatlabs.com/2015/07/dtl-06282015-01-apt-on-taiwan-insight.html) | [:closed_book:](../../blob/master/2015/2015.06.28.APT_on_Taiwan)
* Jun 26 - [[FireEye] Operation Clandestine Wolf Adobe Flash Zero-Day in APT3 Phishing Campaign](https://www.fireeye.com/blog/threat-research/2015/06/operation-clandestine-wolf-adobe-flash-zero-day.html) | [:closed_book:](../../blob/master/2015/2015.06.26.operation-clandestine-wolf)
* Jun 24 - [[PwC] UnFIN4ished Business (FIN4)](http://pwc.blogs.com/cyber_security_updates/2015/06/unfin4ished-business.html) | [:closed_book:](../../blob/master/2015/2015.06.24.unfin4ished-business)
* Jun 22 - [[Kaspersky] Winnti targeting pharmaceutical companies](https://securelist.com/blog/research/70991/games-are-over/) | [:closed_book:](../../blob/master/2015/2015.06.22.Winnti_targeting_pharmaceutical_companies)
* Jun 16 - [[Palo Alto Networks] Operation Lotus Bloom](https://www.paloaltonetworks.com/resources/research/unit42-operation-lotus-blossom.html) | [:closed_book:](../../blob/master/2015/2015.06.16.operation-lotus-blossom)
* Jun 15 - [[Citizen Lab] Targeted Attacks against Tibetan and Hong Kong Groups Exploiting CVE-2014-4114](https://citizenlab.org/2015/06/targeted-attacks-against-tibetan-and-hong-kong-groups-exploiting-cve-2014-4114/) | [:closed_book:](../../blob/master/2015/2015.06.15.Targeted-Attacks-against-Tibetan-and-Hong-Kong-Groups)
* Jun 12 - [[Volexity] Afghan Government Compromise: Browser Beware](http://www.volexity.com/blog/?p=134) | [:closed_book:](../../blob/master/2015/2015.06.12.Afghan_Government_Compromise)
* Jun 10 - [[Kaspersky] The_Mystery_of_Duqu_2_0](https://securelist.com/files/2015/06/The_Mystery_of_Duqu_2_0_a_sophisticated_cyberespionage_actor_returns.pdf) [IOC](https://securelist.com/files/2015/06/7c6ce6b6-fee1-4b7b-b5b5-adaff0d8022f.ioc) [Yara](https://securelist.com/files/2015/06/Duqu_2_Yara_rules.pdf) | [:closed_book:](../../blob/master/2015/2015.06.10.The_Mystery_of_Duqu_2_0)
2019-08-29 05:01:02 +00:00
* Jun 10 - [[Crysys] Duqu 2.0](http://blog.crysys.hu/2015/06/duqu-2-0/) | [:closed_book:](../../blob/master/2015/2015.06.10.Duqu_2.0)
2019-08-14 09:38:24 +00:00
* Jun 09 - [[Microsoft] Duqu 2.0 Win32k Exploit Analysis](https://www.virusbtn.com/pdf/conference_slides/2015/OhFlorio-VB2015.pdf) | [:closed_book:](../../blob/master/2015/2015.06.09.Duqu_2.0_Win32k_Exploit_Analysis)
* Jun 04 - [[JP Internet Watch] Blue Thermite targeting Japan (CloudyOmega)](http://internet.watch.impress.co.jp/docs/news/20150604_705541.html) | [:closed_book:](../../blob/master/2015/2015.06.09.Duqu_2.0_Win32k_Exploit_Analysis)
* Jun 03 - [[ClearSky] Thamar Reservoir](http://www.clearskysec.com/thamar-reservoir/) | [:closed_book:](../../blob/master/2015/2015.06.03.thamar-reservoir)
* May 29 - [[360] OceanLotusReport](http://blogs.360.cn/blog/oceanlotus-apt/) | [:closed_book:](../../blob/master/2015/2015.05.29.OceanLotus)
* May 28 - [[Kaspersky] Grabit and the RATs](https://securelist.com/blog/research/70087/grabit-and-the-rats/) | [:closed_book:](../../blob/master/2015/2015.05.28.grabit-and-the-rats)
* May 27 - [[Antiy Labs] Analysis On Apt-To-Be Attack That Focusing On China's Government Agency'](http://www.antiy.net/p/analysis-on-apt-to-be-attack-that-focusing-on-chinas-government-agency/) | [:closed_book:](../../blob/master/2015/2015.05.27.APT_to_be)
* May 27 - [[CyberX] BlackEnergy 3 Exfiltration of Data in ICS Networks](http://cyberx-labs.com/wp-content/uploads/2015/05/BlackEnergy-CyberX-Report_27_May_2015_FINAL.pdf) | [:closed_book:](../../blob/master/2015/2015.05.27.BlackEnergy3)
* May 26 - [[ESET] Dissecting-Linux/Moose](http://www.welivesecurity.com/wp-content/uploads/2015/05/Dissecting-LinuxMoose.pdf) | [:closed_book:](../../blob/master/2015/2015.05.26.LinuxMoose)
* May 21 - [[Kaspersky] The Naikon APT and the MsnMM Campaigns](https://securelist.com/blog/research/70029/the-naikon-apt-and-the-msnmm-campaigns/) | [:closed_book:](../../blob/master/2015/2015.05.21.Naikon_APT)
* May 19 - [[Panda] Operation 'Oil Tanker'](http://www.pandasecurity.com/mediacenter/src/uploads/2015/05/oil-tanker-en.pdf) | [:closed_book:](../../blob/master/2015/2015.05.19.Operation_Oil_Tanker)
* May 18 - [[Palo Alto Networks] Cmstar Downloader: Lurid and Enfals New Cousin](http://researchcenter.paloaltonetworks.com/2015/05/cmstar-downloader-lurid-and-enfals-new-cousin/) | [:closed_book:](../../blob/master/2015/2015.05.18.Cmstar)
* May 14 - [[Trend Micro] Operation Tropic Trooper](http://blog.trendmicro.com/trendlabs-security-intelligence/operation-tropic-trooper-old-vulnerabilities-still-pack-a-punch/) | [:closed_book:](../../blob/master/2015/2015.05.14.Operation_Tropic_Trooper)
* May 14 - [[Kaspersky] The Naikon APT](https://securelist.com/analysis/publications/69953/the-naikon-apt/) | [:closed_book:](../../blob/master/2015/2015.05.14.Naikon_APT)
* May 13 - [[Cylance] SPEAR: A Threat Actor Resurfaces](http://blog.cylance.com/spear-a-threat-actor-resurfaces) | [:closed_book:](../../blob/master/2015/2015.05.13.Spear_Threat)
* May 12 - [[PR Newswire] root9B Uncovers Planned Sofacy Cyber Attack Targeting Several International and Domestic Financial Institutions](http://www.prnewswire.com/news-releases/root9b-uncovers-planned-sofacy-cyber-attack-targeting-several-international-and-domestic-financial-institutions-300081634.html) | [:closed_book:](../../blob/master/2015/2015.05.12.Sofacy_root9B)
2019-08-29 05:01:02 +00:00
* May 07 - [[G DATA] Dissecting the Kraken](https://blog.gdatasoftware.com/blog/article/dissecting-the-kraken.html) | [:closed_book:](../../blob/master/2015/2015.05.07.Kraken)
2019-08-14 09:38:24 +00:00
* May 05 - [[Ahnlab] Targeted attack on Frances TV5Monde](http://global.ahnlab.com/global/upload/download/documents/1506306551185339.pdf) | [:closed_book:](../../blob/master/2015/2015.05.05.Targeted_attack_on_France_TV5Monde)
* Apr 27 - [[PWC] Attacks against Israeli & Palestinian interests](http://pwc.blogs.com/cyber_security_updates/2015/04/attacks-against-israeli-palestinian-interests.html) | [:closed_book:](../../blob/master/2015/2015.04.27.Attacks_Israeli_Palestinian)
* Apr 22 - [[F-SECURE] CozyDuke](https://www.f-secure.com/documents/996508/1030745/CozyDuke) | [:closed_book:](../../blob/master/2015/2015.04.22.CozyDuke)
* Apr 21 - [[Kaspersky] The CozyDuke APT](http://securelist.com/blog/69731/the-cozyduke-apt) | [:closed_book:](../../blob/master/2015/2015.04.21.CozyDuke_APT)
* Apr 20 - [[PWC] Sofacy II Same Sofacy, Different Day](http://pwc.blogs.com/cyber_security_updates/2015/04/the-sofacy-plot-thickens.html) | [:closed_book:](../../blob/master/2015/2015.04.20.Sofacy_II)
* Apr 18 - [[FireEye] Operation RussianDoll: Adobe & Windows Zero-Day Exploits Likely Leveraged by Russias APT28 in Highly-Targeted Attack](https://www.fireeye.com/blog/threat-research/2015/04/probable_apt28_useo.html) | [:closed_book:](../../blob/master/2015/2015.04.18.Operation_RussianDoll)
* Apr 16 - [[Trend Micro] Operation Pawn Storm Ramps Up its Activities; Targets NATO, White House](http://blog.trendmicro.com/trendlabs-security-intelligence/operation-pawn-storm-ramps-up-its-activities-targets-nato-white-house) | [:closed_book:](../../blob/master/2015/2015.04.16.Operation_Pawn_Storm)
* Apr 15 - [[Kaspersky] The Chronicles of the Hellsing APT: the Empire Strikes Back](http://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsing-apt-the-empire-strikes-back/) | [:closed_book:](../../blob/master/2015/2015.04.15.Hellsing_APT)
* Apr 12 - [[FireEye] APT 30 and the Mechanics of a Long-Running Cyber Espionage Operation](https://www.fireeye.com/blog/threat-research/2015/04/apt_30_and_the_mecha.html) | [:closed_book:](../../blob/master/2015/2015.04.12.APT30)
* Mar 31 - [[CheckPoint] Volatile Cedar Analysis of a Global Cyber Espionage Campaign](http://blog.checkpoint.com/2015/03/31/volatilecedar/) | [:closed_book:](../../blob/master/2015/2015.03.31.Volatile_Cedar)
* Mar 19 - [[Trend Micro] Rocket Kitten Showing Its Claws: Operation Woolen-GoldFish and the GHOLE campaign](http://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/operation-woolen-goldfish-when-kittens-go-phishing) | [:closed_book:](../../blob/master/2015/2015.03.19.Goldfish_Phishing)
* Mar 11 - [[Kaspersky] Inside the EquationDrug Espionage Platform](http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/) | [:closed_book:](../../blob/master/2015/2015.03.11.EquationDrug)
* Mar 10 - [[Citizen Lab] Tibetan Uprising Day Malware Attacks](https://citizenlab.org/2015/03/tibetan-uprising-day-malware-attacks/) | [:closed_book:](../../blob/master/2015/2015.03.10.Tibetan_Uprising)
* Mar 06 - [[F-SECURE] Is Babar a Bunny?](https://www.f-secure.com/weblog/archives/00002794.html) | [:closed_book:](../../blob/master/2015/2015.03.06.Babar_or_Bunny)
* Mar 06 - [[Kaspersky] Animals in the APT Farm](https://securelist.com/animals-in-the-apt-farm/69114/) | [:closed_book:](../../blob/master/2015/2015.03.06.Animals_APT_Farm)
* Mar 05 - [[ESET] Casper Malware: After Babar and Bunny, Another Espionage Cartoon](http://www.welivesecurity.com/2015/03/05/casper-malware-babar-bunny-another-espionage-cartoon) | [:closed_book:](../../blob/master/2015/2015.03.05.Casper_Malware)
* Feb 24 - [[PWC] A deeper look into Scanbox](http://pwc.blogs.com/cyber_security_updates/2015/02/a-deeper-look-into-scanbox.html) | [:closed_book:](../../blob/master/2015/2015.02.24.Deeper_Scanbox)
* Feb 27 - [[ThreatConnect] The Anthem Hack: All Roads Lead to China](http://www.threatconnect.com/news/the-anthem-hack-all-roads-lead-to-china/) | [:closed_book:](../../blob/master/2015/2015.02.27.The_Anthem_Hack_All_Roads_Lead_to_China)
* Feb 25 - [[FireEye] Southeast Asia: An Evolving Cyber Threat Landscape](https://www.fireeye.com/content/dam/FireEye-www/current-threats/pdfs/rpt-southeast-asia-threat-landscape.pdf) | [:closed_book:](../../blob/master/2015/2015.02.25.Southeast_Asia_Threat_Landscape)
* Feb 25 - [[Sophos] PlugX goes to the registry (and India)](http://blogs.sophos.com/2015/02/25/sophoslabs-research-uncovers-new-developments-in-plugx-apt-malware/) | [:closed_book:](../../blob/master/2015/2015.02.25.PlugX_to_registry)
* Feb 18 - [[G DATA] Babar: espionage software finally found and put under the microscope](https://blog.gdatasoftware.com/blog/article/babar-espionage-software-finally-found-and-put-under-the-microscope.html) | [:closed_book:](../../blob/master/2015/2015.02.18.Babar)
* Feb 18 - [[CIRCL Luxembourg] Shooting Elephants](https://drive.google.com/file/d/0B9Mrr-en8FX4dzJqLWhDblhseTA/view) | [:closed_book:](../../blob/master/2015/2015.02.18.Shooting_Elephants)
* Feb 17 - [[Kaspersky] Desert Falcons APT](https://securelist.com/blog/research/68817/the-desert-falcons-targeted-attacks/) | [:closed_book:](../../blob/master/2015/2015.02.17.Desert_Falcons_APT)
* Feb 17 - [[Kaspersky] A Fanny Equation: "I am your father, Stuxnet"](http://securelist.com/blog/research/68787/a-fanny-equation-i-am-your-father-stuxnet/) | [:closed_book:](../../blob/master/2015/2015.02.17.A_Fanny_Equation)
* Feb 16 - [[Trend Micro] Operation Arid Viper](http://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/operation-arid-viper-bypassing-the-iron-dome) | [:closed_book:](../../blob/master/2015/2015.02.16.Operation_Arid_Viper)
* Feb 16 - [[Kaspersky] The Carbanak APT](https://securelist.com/blog/research/68732/the-great-bank-robbery-the-carbanak-apt/) | [:closed_book:](../../blob/master/2015/2015.02.16.Carbanak.APT)
* Feb 16 - [[Kaspersky] Equation: The Death Star of Malware Galaxy](https://securelist.com/blog/research/68750/equation-the-death-star-of-malware-galaxy/) | [:closed_book:](../../blob/master/2015/2015.02.16.equation-the-death-star)
* Feb 10 - [[CrowdStrike] CrowdStrike Global Threat Intel Report for 2014](http://go.crowdstrike.com/rs/crowdstrike/images/GlobalThreatIntelReport.pdf) | [:closed_book:](../../blob/master/2015/2015.02.10.CrowdStrike_GlobalThreatIntelReport_2014)
* Feb 04 - [[Trend Micro] Pawn Storm Update: iOS Espionage App Found](http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-update-ios-espionage-app-found/) | [:closed_book:](../../blob/master/2015/2015.02.04.Pawn_Storm_Update_iOS_Espionage)
* Feb 02 - [[FireEye] Behind the Syrian Conflicts Digital Frontlines](https://www.fireeye.com/content/dam/FireEye-www/global/en/current-threats/pdfs/rpt-behind-the-syria-conflict.pdf) | [:closed_book:](../../blob/master/2015/2015.02.02.behind-the-syria-conflict)
* Jan 29 - [[JPCERT] Analysis of PlugX Variant - P2P PlugX ](http://blog.jpcert.or.jp/.s/2015/01/analysis-of-a-r-ff05.html) | [:closed_book:](../../blob/master/2015/2015.01.29.P2P_PlugX)
* Jan 29 - [[Symantec] Backdoor.Winnti attackers and Trojan.Skelky](http://www.symantec.com/connect/blogs/backdoorwinnti-attackers-have-skeleton-their-closet) | [:closed_book:](../../blob/master/2015/2015.01.29.Backdoor.Winnti_attackers)
* Jan 27 - [[Kaspersky] Comparing the Regin module 50251 and the "Qwerty" keylogger](http://securelist.com/blog/research/68525/comparing-the-regin-module-50251-and-the-qwerty-keylogger/) | [:closed_book:](../../blob/master/2015/2015.01.27.QWERTY_keylog_Regin_compare)
* Jan 22 - [[Kaspersky] Regin's Hopscotch and Legspin](http://securelist.com/blog/research/68438/an-analysis-of-regins-hopscotch-and-legspin/) | [:closed_book:](../../blob/master/2015/2015.01.22.Regin_Hopscotch_and_Legspin)
* Jan 22 - [[Symantec] Scarab attackers Russian targets](http://www.symantec.com/connect/blogs/scarab-attackers-took-aim-select-russian-targets-2012) | [IOCs](http://www.symantec.com/content/en/us/enterprise/media/security_response/docs/Scarab_IOCs_January_2015.txt) | [:closed_book:](../../blob/master/2015/2015.01.22.Scarab_attackers_Russian_targets)
* Jan 22 - [[Symantec] The Waterbug attack group](http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/waterbug-attack-group.pdf) | [:closed_book:](../../blob/master/2015/2015.01.22.Waterbug.group)
* Jan 20 - [[BlueCoat] Reversing the Inception APT malware](https://www.bluecoat.com/security-blog/2015-01-20/reversing-inception-apt-malware) | [:closed_book:](../../blob/master/2015/2015.01.20.Reversing_the_Inception_APT_malware)
* Jan 20 - [[G DATA] Analysis of Project Cobra](https://blog.gdatasoftware.com/blog/article/analysis-of-project-cobra.html) | [:closed_book:](../../blob/master/2015/2015.01.20.Project_Cobra)
* Jan 15 - [[G DATA] Evolution of Agent.BTZ to ComRAT](https://blog.gdatasoftware.com/blog/article/evolution-of-sophisticated-spyware-from-agentbtz-to-comrat.html) | [:closed_book:](../../blob/master/2015/2015.01.15.Evolution_of_Agent.BTZ_to_ComRAT)
* Jan 12 - [[Dell] Skeleton Key Malware Analysis](http://www.secureworks.com/cyber-threat-intelligence/threats/skeleton-key-malware-analysis/) | [:closed_book:](../../blob/master/2015/2015.01.12.skeleton-key-malware-analysis)
* Jan 11 - [[Dragon Threat Labs] Hong Kong SWC attack](http://blog.dragonthreatlabs.com/2015/01/dtl-12012015-01-hong-kong-swc-attack.html) | [:closed_book:](../../blob/master/2015/2015.01.11.Hong_Kong_SWC_Attack)
2017-02-11 07:00:00 +00:00
## 2014
2019-08-14 09:38:24 +00:00
* Dec 22 - [[Group-IB] Anunak: APT against financial institutions](http://www.group-ib.com/files/Anunak_APT_against_financial_institutions.pdf) | [:closed_book:](../../blob/master/2014/2014.12.22.Anunak_APT)
* Dec 21 - [[ThreatConnect] Operation Poisoned Helmand](http://www.threatconnect.com/news/operation-poisoned-helmand/) | [:closed_book:](../../blob/master/2014/2014.12.21.Operation_Poisoned_Helmand)
* Dec 19 - [[US-CERT] TA14-353A: Targeted Destructive Malware (wiper)](https://www.us-cert.gov/ncas/alerts/TA14-353A) | [:closed_book:](../../blob/master/2014/2014.12.19.Targeted_Destructive_Malware)
* Dec 18 - [[Citizen Lab] Malware Attack Targeting Syrian ISIS Critics](https://citizenlab.org/2014/12/malware-attack-targeting-syrian-isis-critics/) | [:closed_book:](../../blob/master/2014/2014.12.18.Syrian_ISIS_Critics)
* Dec 17 - [[CISCO] Wiper Malware A Detection Deep Dive](http://blogs.cisco.com/security/talos/wiper-malware) | [:closed_book:](../../blob/master/2014/2014.12.17.Wiper_Malware_Deep_Dive)
* Dec 12 - [[Fidelis] Bots, Machines, and the Matrix](http://www.fidelissecurity.com/sites/default/files/FTA_1014_Bots_Machines_and_the_Matrix.pdf) | [:closed_book:](../../blob/master/2014/2014.12.12.Bots_Machines_and_the_Matrix)
* Dec 12 - [[AirBus] Vinself now with steganography](http://blog.cybersecurity-airbusds.com/post/2014/12/Vinself) | [:closed_book:](../../blob/master/2014/2014.12.12.Vinself)
2017-02-11 07:00:00 +00:00
* Dec 10 - [South Korea MBR Wiper](http://asec.ahnlab.com/1015)
2019-08-16 02:24:05 +00:00
* Dec 10 - [[F-Secure] W64/Regin, Stage #1](https://www.f-secure.com/documents/996508/1030745/w64_regin_stage_1.pdf) | [:closed_book:](../../blob/master/2014/2014.12.10.W64_Regin)
* Dec 10 - [[F-Secure] W32/Regin, Stage #1](https://www.f-secure.com/documents/996508/1030745/w32_regin_stage_1.pdf) | [:closed_book:](../../blob/master/2014/2014.12.10_W32_Regin)
2017-02-11 07:00:00 +00:00
* Dec 10 - [Cloud Atlas: RedOctober APT](http://securelist.com/blog/research/68083/cloud-atlas-redoctober-apt-is-back-in-style/)
2019-08-29 05:01:02 +00:00
* Dec 09 - [[BlueCoat] The Inception Framework](https://www.bluecoat.com/security-blog/2014-12-09/blue-coat-exposes-%E2%80%9C-inception-framework%E2%80%9D-very-sophisticated-layered-malware) | [:closed_book:](../../blob/master//2014/2014.12.09_The_Inception_Framework)
2017-02-11 07:00:00 +00:00
* Dec 08 - [The 'Penquin' Turla](http://securelist.com/blog/research/67962/the-penquin-turla-2/)
2019-08-14 09:38:24 +00:00
* Dec 03 - [Operation Cleaver: The Notepad Files](http://blog.cylance.com/operation-cleaver-the-notepad-files) | [:closed_book:](../../blob/master//2014/2014.12.03_operation-cleaver-the-notepad-files)
* Dec 02 - [Operation Cleaver](http://cdn2.hubspot.net/hubfs/270968/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf) | [IOCs](http://www.cylance.com/assets/Cleaver/cleaver.yar) | [:closed_book:](../../blob/master//2014/2014.12.02.Operation_Cleaver)
2017-02-11 07:00:00 +00:00
* Nov 30 - [FIN4: Stealing Insider Information for an Advantage in Stock Trading?](https://www.fireeye.com/blog/threat-research/2014/11/fin4_stealing_insid.html)
2019-08-14 09:38:24 +00:00
* Nov 24 - [Deep Panda Uses Sakula Malware](http://blog.crowdstrike.com/ironman-deep-panda-uses-sakula-malware-target-organizations-multiple-sectors/) | [:closed_book:](../../blob/master//2014/2014.11.24.Ironman)
2017-02-11 07:00:00 +00:00
* Nov 24 - [TheIntercept's report on The Regin Platform](https://firstlook.org/theintercept/2014/11/24/secret-regin-malware-belgacom-nsa-gchq/)
* Nov 24 - [Kaspersky's report on The Regin Platform](http://securelist.com/blog/research/67741/regin-nation-state-ownage-of-gsm-networks/)
* Nov 23 - [Symantec's report on Regin](http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance)
2019-08-14 09:38:24 +00:00
* Nov 21 - [[FireEye] Operation Double Tap](https://www.fireeye.com/blog/threat-research/2014/11/operation_doubletap.html) | [IOCs](https://github.com/FireEye/iocs/tree/master/APT3) | [:closed_book:](../../blob/master//2014/2014.11.21.Operation_Double_Tap)
2019-08-16 02:24:05 +00:00
* Nov 20 - [[] EvilBunny: Suspect #4](http://0x1338.blogspot.co.uk/2014/11/hunting-bunnies.html) | [:closed_book:](../../blob/master//2014/2014.11.20.EvilBunny)
* Nov 14 - [[] Roaming Tiger (Slides)](http://2014.zeronights.ru/assets/files/slides/roaming_tiger_zeronights_2014.pdf) | [:closed_book:](../../blob/master//2014/2014.11.14.Roaming_Tiger)
* Nov 14 - [[F-Secure] OnionDuke: APT Attacks Via the Tor Network](http://www.f-secure.com/weblog/archives/00002764.html) | [:closed_book:](../../blob/master//2014/2014.11.14.OnionDuke)
* Nov 13 - [[Symantec] Operation CloudyOmega: Ichitaro 0-day targeting Japan](http://www.symantec.com/connect/blogs/operation-cloudyomega-ichitaro-zero-day-and-ongoing-cyberespionage-campaign-targeting-japan) | [:closed_book:](../../blob/master//2014/2014.11.13.Operation_CloudyOmega)
2018-04-13 03:45:23 +00:00
* Nov 12 - [[ESET] Korplug military targeted attacks: Afghanistan & Tajikistan](http://www.welivesecurity.com/2014/11/12/korplug-military-targeted-attacks-afghanistan-tajikistan/)
2017-02-11 07:00:00 +00:00
* Nov 11 - [The Uroburos case- Agent.BTZs successor, ComRAT](http://blog.gdatasoftware.com/blog/article/the-uroburos-case-new-sophisticated-rat-identified.html)
2019-08-16 02:24:05 +00:00
* Nov 10 - [[Kaspersky] The Darkhotel APT - A Story of Unusual Hospitality](https://securelist.com/blog/research/66779/the-darkhotel-apt/) | [:closed_book:](../../blob/master//2014/2014.11.10.Darkhotel)
2017-02-11 07:00:00 +00:00
* Nov 03 - [Operation Poisoned Handover: Unveiling Ties Between APT Activity in Hong Kongs Pro-Democracy Movement](http://www.fireeye.com/blog/technical/2014/11/operation-poisoned-handover-unveiling-ties-between-apt-activity-in-hong-kongs-pro-democracy-movement.html)
* Nov 03 - [New observations on BlackEnergy2 APT activity](https://securelist.com/blog/research/67353/be2-custom-plugins-router-abuse-and-target-profiles/)
* Oct 31 - [Operation TooHash](https://blog.gdatasoftware.com/blog/article/operation-toohash-how-targeted-attacks-work.html)
* Oct 30 - [The Rotten Tomato Campaign](http://blogs.sophos.com/2014/10/30/the-rotten-tomato-campaign-new-sophoslabs-research-on-apts/)
* Oct 28 - [Group 72, Opening the ZxShell](http://blogs.cisco.com/talos/opening-zxshell/)
* Oct 28 - [APT28 - A Window Into Russia's Cyber Espionage Operations](https://www.fireeye.com/resources/pdfs/apt28.pdf)
* Oct 27 - [Micro-Targeted Malvertising via Real-time Ad Bidding](http://www.invincea.com/wp-content/uploads/2014/10/Micro-Targeted-Malvertising-WP-10-27-14-1.pdf)
* Oct 27 - [ScanBox framework whos affected, and whos using it?](http://pwc.blogs.com/cyber_security_updates/2014/10/scanbox-framework-whos-affected-and-whos-using-it-1.html)
* Oct 27 - [Full Disclosure of Havex Trojans - ICS Havex backdoors](http://www.netresec.com/?page=Blog&month=2014-10&post=Full-Disclosure-of-Havex-Trojans)
* Oct 24 - [LeoUncia and OrcaRat](http://blog.airbuscybersecurity.com/post/2014/10/LeoUncia-and-OrcaRat)
* Oct 23 - [Modified Tor Binaries](http://www.leviathansecurity.com/blog/the-case-of-the-modified-binaries/)
* Oct 22 - [Sofacy Phishing by PWC](http://pwc.blogs.com/files/tactical-intelligence-bulletin---sofacy-phishing-.pdf)
2019-08-16 02:24:05 +00:00
* Oct 22 - [[Trend Micro] Operation Pawn Storm: The Red in SEDNIT](http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-operation-pawn-storm.pdf) | [:closed_book:](../../blob/master//2014/2014.10.22.Operation_Pawn_Storm)
2017-02-11 07:00:00 +00:00
* Oct 20 - [OrcaRAT - A whale of a tale](http://pwc.blogs.com/cyber_security_updates/2014/10/orcarat-a-whale-of-a-tale.html)
* Oct 14 - [Sandworm - CVE-2104-4114](http://www.isightpartners.com/2014/10/cve-2014-4114/)
* Oct 14 - [Group 72 (Axiom)](http://blogs.cisco.com/security/talos/threat-spotlight-group-72/)
* Oct 14 - [Derusbi Preliminary Analysis](http://www.novetta.com/wp-content/uploads/2014/11/Derusbi.pdf)
* Oct 14 - [Hikit Preliminary Analysis](http://www.novetta.com/wp-content/uploads/2014/11/HiKit.pdf)
* Oct 14 - [ZoxPNG Preliminary Analysis](http://www.novetta.com/wp-content/uploads/2014/11/ZoxPNG.pdf)
* Oct 09 - [Democracy in Hong Kong Under Attack](http://www.volexity.com/blog/?p=33)
* Oct 03 - [New indicators for APT group Nitro](http://researchcenter.paloaltonetworks.com/2014/10/new-indicators-compromise-apt-group-nitro-uncovered/)
* Sep 26 - [BlackEnergy & Quedagh](https://www.f-secure.com/documents/996508/1030745/blackenergy_whitepaper.pdf)
* Sep 26 - [Aided Frame, Aided Direction (Sunshop Digital Quartermaster)](http://www.fireeye.com/blog/technical/2014/09/aided-frame-aided-direction-because-its-a-redirect.html)
* Sep 23 - [Ukraine and Poland Targeted by BlackEnergy (video)](https://www.youtube.com/watch?v=I77CGqQvPE4)
* Sep 19 - [Watering Hole Attacks using Poison Ivy by "th3bug" group](http://researchcenter.paloaltonetworks.com/2014/09/recent-watering-hole-attacks-attributed-apt-group-th3bug-using-poison-ivy/)
* Sep 18 - [COSMICDUKE: Cosmu with a twist of MiniDuke](http://www.f-secure.com/documents/996508/1030745/cosmicduke_whitepaper.pdf)
* Sep 17 - [Chinese intrusions into key defense contractors](http://www.armed-services.senate.gov/press-releases/sasc-investigation-finds-chinese-intrusions-into-key-defense-contractors)
2018-12-23 06:31:50 +00:00
* Sep 10 - [Operation Quantum Entanglement](http://www.fireeye.com/resources/pdfs/white-papers/FireEye-operation-quantum-entanglement.pdf)
2017-02-11 07:00:00 +00:00
* Sep 08 - [When Governments Hack Opponents: A Look at Actors and Technology](https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-marczak.pdf) [video](https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/marczak)
* Sep 08 - [Targeted Threat Index: Characterizingand Quantifying Politically-MotivatedTargeted Malware](https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-hardy.pdf) [video](https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/hardy)
2019-08-14 09:38:24 +00:00
* Sep 04 - [Gholee a “Protective Edge” themed spear phishing campaign](http://www.clearskysec.com/gholee-a-protective-edge-themed-spear-phishing-campaign/) | [:closed_book:](../../blob/master//2014/2014.09.04.Gholee)
2017-02-11 07:00:00 +00:00
* Sep 04 - [Forced to Adapt: XSLCmd Backdoor Now on OS X](http://www.fireeye.com/blog/technical/malware-research/2014/09/forced-to-adapt-xslcmd-backdoor-now-on-os-x.html)
* Sep 03 - [Darwins Favorite APT Group (APT12)](http://www.fireeye.com/blog/technical/botnet-activities-research/2014/09/darwins-favorite-apt-group-2.html)
* Aug 29 - [Syrian Malware Team Uses BlackWorm for Attacks](http://www.fireeye.com/blog/technical/2014/08/connecting-the-dots-syrian-malware-team-uses-blackworm-for-attacks.html)
* Aug 28 - [Scanbox: A Reconnaissance Framework Used with Watering Hole Attacks](https://www.alienvault.com/open-threat-exchange/blog/scanbox-a-reconnaissance-framework-used-on-watering-hole-attacks)
* Aug 27 - [North Koreas cyber threat landscape](http://h30499.www3.hp.com/hpeb/attachments/hpeb/off-by-on-software-security-blog/388/2/HPSR%20SecurityBriefing_Episode16_NorthKorea.pdf)
* Aug 27 - [NetTraveler APT Gets a Makeover for 10th Birthday](https://securelist.com/blog/research/66272/nettraveler-apt-gets-a-makeover-for-10th-birthday/)
* Aug 25 - [Vietnam APT Campaign](http://blog.malwaremustdie.org/2014/08/another-country-sponsored-malware.html)
* Aug 20 - [El Machete](https://securelist.com/blog/research/66108/el-machete/)
2019-08-14 09:38:24 +00:00
* Aug 18 - [The Syrian Malware House of Cards](https://securelist.com/blog/research/66051/the-syrian-malware-house-of-cards/) | [:closed_book:](../../blob/master//2014/2014.08.18.Syrian_Malware_House_of_Cards)
* Aug 13 - [A Look at Targeted Attacks Through the Lense of an NGO](http://www.mpi-sws.org/~stevens/pubs/sec14.pdf) | [:closed_book:](../../blob/master//2014/2014.08.13.TargetAttack.NGO)
2017-02-11 07:00:00 +00:00
* Aug 12 - [New York Times Attackers Evolve Quickly (Aumlib/Ixeshe/APT12)](http://www.fireeye.com/blog/technical/2013/08/survival-of-the-fittest-new-york-times-attackers-evolve-quickly.html)
* Aug 07 - [The Epic Turla Operation Appendix](https://securelist.com/files/2014/08/KL_Epic_Turla_Technical_Appendix_20140806.pdf)
* Aug 06 - [Operation Poisoned Hurricane](http://www.fireeye.com/blog/technical/targeted-attack/2014/08/operation-poisoned-hurricane.html)
* Aug 05 - [Operation Arachnophobia](http://threatc.s3-website-us-east-1.amazonaws.com/?/arachnophobia)
2018-12-23 06:31:50 +00:00
* Aug 04 - [Sidewinder Targeted Attack Against Android](http://www.fireeye.com/resources/pdfs/FireEye-sidewinder-targeted-attack.pdf)
2017-02-11 07:00:00 +00:00
* Jul 31 - [Energetic Bear/Crouching Yeti Appendix](http://25zbkz3k00wn2tp5092n6di7b5k.wpengine.netdna-cdn.com/files/2014/07/Kaspersky_Lab_crouching_yeti_appendixes_eng_final.pdf)
* Jul 31 - [Energetic Bear/Crouching Yeti](https://kasperskycontenthub.com/securelist/files/2014/07/EB-YetiJuly2014-Public.pdf)
2019-08-14 09:38:24 +00:00
* Jul 29 - [[Dell] Threat Group-3279 Targets the Video Game Industry](https://www.secureworks.com/research/threat-group-3279-targets-the-video-game-industry) | [:closed_book:](../../blob/master/2014/2014.07.29.Threat_Group-3279_Targets_the_Video_Game_Industry)
2019-08-16 02:24:05 +00:00
* Jul 20 - [[Vinsula] Sayad (Flying Kitten) Analysis & IOCs](http://vinsula.com/2014/07/20/sayad-flying-kitten-infostealer-malware/) | [:closed_book:](../../blob/master/2014/2014.07.20.Flying_Kitten)
2019-08-14 09:38:24 +00:00
* Jul 11 - [Pitty Tiger](https://bitbucket.org/cybertools/whitepapers/downloads/Pitty%20Tiger%20Final%20Report.pdf) | [:closed_book:](../../blob/master/2014/2014.07.11.Pitty_Tiger)
2017-02-11 07:00:00 +00:00
* Jul 10 - [TR-25 Analysis - Turla / Pfinet / Snake/ Uroburos](http://www.circl.lu/pub/tr-25/)
2019-08-14 09:38:24 +00:00
* Jul 07 - [Deep Pandas, Deep in Thought: Chinese Targeting of National Security Think Tanks](http://blog.crowdstrike.com/deep-thought-chinese-targeting-national-security-think-tanks/) | [:closed_book:](../../blob/master/2014/2014.07.07.Deep_in_Thought)
2017-02-11 07:00:00 +00:00
* Jun 10 - [Anatomy of the Attack: Zombie Zero](http://www.trapx.com/wp-content/uploads/2014/07/TrapX_ZOMBIE_Report_Final.pdf)
* Jun 30 - [Dragonfly: Cyberespionage Attacks Against Energy Suppliers](http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/Dragonfly_Threat_Against_Western_Energy_Suppliers.pdf)
* Jun 20 - [Embassy of Greece Beijing](http://thegoldenmessenger.blogspot.de/2014/06/blitzanalysis-embassy-of-greece-beijing.html)
* Jun 09 - [Putter Panda](http://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf)
* Jun 06 - [Illuminating The Etumbot APT Backdoor (APT12)](http://www.arbornetworks.com/asert/wp-content/uploads/2014/06/ASERT-Threat-Intelligence-Brief-2014-07-Illuminating-Etumbot-APT.pdf)
2019-08-14 09:38:24 +00:00
* May 28 - [NewsCaster_An_Iranian_Threat_Within_Social_Networks](https://www.isightpartners.com/2014/05/newscaster-iranian-threat-inside-social-media/) | [:closed_book:](../../blob/master/2014/2014.05.28.NewsCaster_An_Iranian_Threat_Within_Social_Networks)
2017-02-11 07:00:00 +00:00
* May 21 - [RAT in jar: A phishing campaign using Unrecom](http://www.fidelissecurity.com/sites/default/files/FTA_1013_RAT_in_a_jar.pdf)
* May 20 - [Miniduke Twitter C&C](http://www.welivesecurity.com/2014/05/20/miniduke-still-duking/)
* May 13 - [CrowdStrike's report on Flying Kitten](http://blog.crowdstrike.com/cat-scratch-fever-crowdstrike-tracks-newly-reported-iranian-actor-flying-kitten/)
2018-12-23 06:31:50 +00:00
* May 13 - [Operation Saffron Rose (aka Flying Kitten)](http://www.fireeye.com/resources/pdfs/FireEye-operation-saffron-rose.pdf)
2017-02-11 07:00:00 +00:00
* Apr 26 - [CVE-2014-1776: Operation Clandestine Fox](https://www.fireeye.com/blog/threat-research/2014/05/operation-clandestine-fox-now-attacking-windows-xp-using-recently-discovered-ie-vulnerability.html)
2019-08-14 09:38:24 +00:00
* Mar 12 - [[FireEye] A Detailed Examination of the Siesta Campaign](https://www.fireeye.com/blog/threat-research/2014/03/a-detailed-examination-of-the-siesta-campaign.html)| [:closed_book:](../../blob/master/2014/2014.03.12.Detailed_Siesta_Campaign)
2017-02-11 07:00:00 +00:00
* Mar 08 - [Russian spyware Turla](http://www.reuters.com/article/2014/03/07/us-russia-cyberespionage-insight-idUSBREA260YI20140307)
* Mar 07 - [Snake Campaign & Cyber Espionage Toolkit](http://info.baesystemsdetica.com/rs/baesystems/images/snake_whitepaper.pdf)
2019-08-14 09:38:24 +00:00
* Mar 06 - [[Trend Micro] The Siesta Campaign](http://blog.trendmicro.com/trendlabs-security-intelligence/the-siesta-campaign-a-new-targeted-attack-awakens/) | [:closed_book:](../../blob/master/2014/2014.03.06.The_Siesta_Campaign)
2017-02-11 07:00:00 +00:00
* Feb 28 - [Uroburos: Highly complex espionage software with Russian roots](https://public.gdatasoftware.com/Web/Content/INT/Blog/2014/02_2014/documents/GData_Uroburos_RedPaper_EN_v1.pdf)
2019-08-14 09:38:24 +00:00
* Feb 25 - [The French Connection: French Aerospace-Focused CVE-2014-0322 Attack Shares Similarities with 2012 Capstone Turbine Activity](http://blog.crowdstrike.com/french-connection-french-aerospace-focused-cve-2014-0322-attack-shares-similarities-2012/) | [:closed_book:](../../blob/master/2014/2014.02.25.The_French_Connection)
2017-02-11 07:00:00 +00:00
* Feb 23 - [Gathering in the Middle East, Operation STTEAM](http://www.fidelissecurity.com/sites/default/files/FTA%201012%20STTEAM%20Final.pdf)
2019-08-14 09:38:24 +00:00
* Feb 20 - [Mo' Shells Mo' Problems - Deep Panda Web Shells](http://www.crowdstrike.com/blog/mo-shells-mo-problems-deep-panda-web-shells/) | [:closed_book:](../../blob/master/2014/2014.02.20.deep-panda-webshells)
* Feb 20 - [[FireEye] Operation GreedyWonk: Multiple Economic and Foreign Policy Sites Compromised, Serving Up Flash Zero-Day Exploit](http://www.fireeye.com/blog/technical/targeted-attack/2014/02/operation-greedywonk-multiple-economic-and-foreign-policy-sites-compromised-serving-up-flash-zero-day-exploit.html) | [:closed_book:](../../blob/master/2014/2014.02.20.Operation_GreedyWonk)
2017-02-11 07:00:00 +00:00
* Feb 19 - [XtremeRAT: Nuisance or Threat?](http://www.fireeye.com/blog/technical/2014/02/xtremerat-nuisance-or-threat.html)
* Feb 19 - [The Monju Incident](http://contextis.com/resources/blog/context-threat-intelligence-monju-incident/)
2019-08-16 02:24:05 +00:00
* Feb 13 - [[FireEye] Operation SnowMan: DeputyDog Actor Compromises US Veterans of Foreign Wars Website](http://www.fireeye.com/blog/technical/cyber-exploits/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html) | [:closed_book:](../../blob/master/2014/2014.02.13_Operation_SnowMan)
* Feb 11 - [[Kaspersky] Unveiling "Careto" - The Masked APT](http://www.securelist.com/en/downloads/vlpdfs/unveilingthemask_v1.0.pdf) | [:closed_book:](../../blob/master/2014/2014.02.11_Careto_APT)
2017-02-11 07:00:00 +00:00
* Jan 31 - [Intruder File Report- Sneakernet Trojan](http://www.fidelissecurity.com/sites/default/files/FTA%201011%20Follow%20UP.pdf)
2019-08-14 09:38:24 +00:00
* Jan 21 - [[RSA] Shell_Crew (Deep Panda)](http://www.emc.com/collateral/white-papers/h12756-wp-shell-crew.pdf) | [:closed_book:](../../blob/master/2014/2014.01.21.Shell_Crew)
2017-02-11 07:00:00 +00:00
* Jan 15 - [“New'CDTO:'A'Sneakernet'Trojan'Solution](http://www.fidelissecurity.com/sites/default/files/FTA%201001%20FINAL%201.15.14.pdf)
* Jan 14 - [The Icefog APT Hits US Targets With Java Backdoor](https://www.securelist.com/en/blog/208214213/The_Icefog_APT_Hits_US_Targets_With_Java_Backdoor)
* Jan 13 - [Targeted attacks against the Energy Sector](http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/targeted_attacks_against_the_energy_sector.pdf)
* Jan 06 - [PlugX: some uncovered points](http://blog.cassidiancybersecurity.com/2014/01/plugx-some-uncovered-points.html)
## 2013
2019-08-14 09:38:24 +00:00
* ??? ?? - [THE LITTLE MALWARE THAT COULD: Detecting and Defeating the China Chopper Web Shell](https://www.fireeye.com/content/dam/FireEye-www/global/en/current-threats/pdfs/rpt-china-chopper.pdf) | [:closed_book:](../../blob/master/2013/2013.China_Chopper_Web_Shell)
* ??? ?? - [Deep Panda](http://www.crowdstrike.com/sites/default/files/AdversaryIntelligenceReport_DeepPanda_0.pdf) (OFFLINE) | [:closed_book:](../../blob/master//2013/2013.Deep.Panda)
* ??? ?? - [[Fireeye] OPERATION SAFFRON ROSE](https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-operation-saffron-rose.pdf) | [:closed_book:](../../blob/master/2013/2013.OPERATION_SAFFRON_ROSE)
* Dec 20 - [ETSO APT Attacks Analysis](http://image.ahnlab.com/global/upload/download/documents/1401223631603288.pdf) | [:closed_book:](../../blob/master//2013/2013.12.20.ETSO)
2018-12-23 06:31:50 +00:00
* Dec 11 - [Operation "Ke3chang"](http://www.fireeye.com/resources/pdfs/FireEye-operation-ke3chang.pdf)
2017-02-11 07:00:00 +00:00
* Dec 02 - [njRAT, The Saga Continues](http://www.fidelissecurity.com/files/files/FTA%201010%20-%20njRAT%20The%20Saga%20Continues.pdf)
2019-02-14 03:35:07 +00:00
* Nov 11 - [[FireEye] Supply Chain Analysis](http://www.fireeye.com/resources/pdfs/FireEye-malware-supply-chain.pdf)
* Nov 10 - [[FireEye] Operation Ephemeral Hydra: IE Zero-Day Linked to DeputyDog Uses Diskless Method](http://www.fireeye.com/blog/technical/cyber-exploits/2013/11/operation-ephemeral-hydra-ie-zero-day-linked-to-deputydog-uses-diskless-method.html)
2019-08-14 09:38:24 +00:00
* Oct 24 - [[FireEye] Terminator RAT](https://www.fireeye.com/blog/threat-research/2013/10/evasive-tactics-terminator-rat.html) or [FakeM RAT](http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-fakem-rat.pdf) | [:closed_book:](../../blob/master//2013/2013.10.24)
2019-02-14 03:35:07 +00:00
* Sep 30 - [[FireEye] World War C: State of affairs in the APT world](https://www.fireeye.com/blog/threat-research/2013/09/new-FireEye-report-world-war-c.html)
2017-02-11 07:00:00 +00:00
* Sep 25 - [The 'ICEFROG' APT: A Tale of cloak and three daggers](http://www.securelist.com/en/downloads/vlpdfs/icefog.pdf)
* Sep 17 - [Hidden Lynx - Professional Hackers for Hire](http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/hidden_lynx.pdf)
* Sep 13 - [Operation DeputyDog: Zero-Day (CVE-2013-3893) Attack Against Japanese Targets](http://www.fireeye.com/blog/technical/cyber-exploits/2013/09/operation-deputydog-zero-day-cve-2013-3893-attack-against-japanese-targets.html)
* Sep 11 - [The "Kimsuky" Operation](https://securelist.com/analysis/57915/the-kimsuky-operation-a-north-korean-apt/)
2019-08-29 05:01:02 +00:00
* Sep 06 - [Evasive Tactics: Taidoor](https://www.fireeye.com/blog/threat-research/2013/09/evasive-tactics-taidoor-3.html) | [:closed_book:](../../blob/master//2013/2013.09.06.EvasiveTactics_Taidoor)
2017-02-11 07:00:00 +00:00
* Sep ?? - [Feature: EvilGrab Campaign Targets Diplomatic Agencies](http://about-threats.trendmicro.com/cloud-content/us/ent-primers/pdf/2q-report-on-targeted-attack-campaigns.pdf)
* Aug 23 - [Operation Molerats: Middle East Cyber Attacks Using Poison Ivy](http://www.fireeye.com/blog/technical/2013/08/operation-molerats-middle-east-cyber-attacks-using-poison-ivy.html)
2018-12-23 06:31:50 +00:00
* Aug 21 - [POISON IVY: Assessing Damage and Extracting Intelligence](http://www.fireeye.com/resources/pdfs/FireEye-poison-ivy-report.pdf)
2017-02-11 07:00:00 +00:00
* Aug 19 - [ByeBye Shell and the targeting of Pakistan](https://community.rapid7.com/community/infosec/blog/2013/08/19/byebye-and-the-targeting-of-pakistan)
* Aug 02 - [Surtr: Malware Family Targeting the Tibetan Community](https://citizenlab.org/2013/08/surtr-malware-family-targeting-the-tibetan-community/)
* Aug 02 - [Where There is Smoke, There is Fire: South Asian Cyber Espionage Heats Up](http://www.threatconnect.com/news/where-there-is-smoke-there-is-fire-south-asian-cyber-espionage-heats-up/)
* Aug ?? - [APT Attacks on Indian Cyber Space](http://g0s.org/wp-content/uploads/2013/downloads/Inside_Report_by_Infosec_Consortium.pdf)
* Aug ?? - [Operation Hangover - Unveiling an Indian Cyberattack Infrastructure](http://normanshark.com/wp-content/uploads/2013/08/NS-Unveiling-an-Indian-Cyberattack-Infrastructure_FINAL_Web.pdf)
* Jul 31 - [Blackhat: In-Depth Analysis of Escalated APT Attacks (Lstudio,Elirks)](https://media.blackhat.com/us-13/US-13-Yarochkin-In-Depth-Analysis-of-Escalated-APT-Attacks-Slides.pdf), [video](https://www.youtube.com/watch?v=SoFVRsvh8s0)
* Jul 31 - [Secrets of the Comfoo Masters](http://www.secureworks.com/cyber-threat-intelligence/threats/secrets-of-the-comfoo-masters/)
* Jul 15 - [PlugX revisited: "Smoaler"](http://sophosnews.files.wordpress.com/2013/07/sophosszappanosplugxrevisitedintroducingsmoaler-rev1.pdf)
* Jul 09 - [Dark Seoul Cyber Attack: Could it be worse?](http://cisak.perpika.kr/wp-content/uploads/2013/07/2013-08.pdf)
* Jun 30 - [Targeted Campaign Steals Credentials in Gulf States and Caribbean](https://blogs.mcafee.com/mcafee-labs/targeted-campaign-steals-credentials-in-gulf-states-and-caribbean)
* Jun 28 - [njRAT Uncovered](http://threatgeek.typepad.com/files/fta-1009---njrat-uncovered-1.pdf)
2019-11-27 09:14:23 +00:00
* Jun 21 - [[Citizen Lab] A Call to Harm: New Malware Attacks Target the Syrian Opposition](https://citizenlab.org/wp-content/uploads/2013/07/19-2013-acalltoharm.pdf) | [:closed_book:](../../blob/master/2013/2013.06.21.Syrian_Attack)
* Jun 18 - [[FireEye] Trojan.APT.Seinup Hitting ASEAN](http://www.fireeye.com/blog/technical/malware-research/2013/06/trojan-apt-seinup-hitting-asean.html) | [:closed_book:](../../blob/master/2013/2013.06.18.APT_Seinup)
* Jun 07 - [[Rapid7] KeyBoy, Targeted Attacks against Vietnam and India](https://community.rapid7.com/community/infosec/blog/2013/06/07/keyboy-targeted-attacks-against-vietnam-and-india) | [:closed_book:](../../blob/master/2013/2013.06.07.KeyBoy_APT)
* Jun 04 - [[Kaspersky] The NetTraveller (aka 'Travnet')](http://www.securelist.com/en/downloads/vlpdfs/kaspersky-the-net-traveler-part1-final.pdf) | [:closed_book:](../../blob/master/2013/2013.06.04.NetTraveller)
* Jun 01 - [[Purdue] Crude Faux: An analysis of cyber conflict within the oil & gas industries](https://www.cerias.purdue.edu/assets/pdf/bibtex_archive/2013-9.pdf) | [:closed_book:](../../blob/master/2013/2013.06.01.cyber_conflict_Oil_Gas)
2019-11-27 08:57:29 +00:00
* Jun ?? - [[BlueCoat] The Chinese Malware Complexes: The Maudi Surveillance Operation](https://bluecoat.com/documents/download/2c832f0f-45d2-4145-bdb7-70fc78c22b0f&ei=ZGP-VMCbMsuxggSThYDgDg&usg=AFQjCNFjXSkn_AIiXge1X9oWZHzQOiNDJw&sig2=B6e2is0sCnGEbLPL9q0eZg&bvm=bv.87611401,d.eXY) | [:closed_book:](../../blob/master/2013/2013.06.00.Maudi_Surveillance_Operation)
2019-08-14 09:38:24 +00:00
* May 30 - [[CIRCL] TR-14 - Analysis of a stage 3 Miniduke malware sample](http://www.circl.lu/pub/tr-14/) | [:closed_book:](../../blob/master/2013/2013.05.20.Miniduke.Analysis)
* May 20 - [[Norman] OPERATION HANGOVER: Unveiling an Indian Cyberattack Infrastructure](http://www.thecre.com/fnews/wp-content/uploads/2013/05/Unveiling_an_Indian_Cyberattack_Infrastructure.pdf) | [:closed_book:](../../blob/master/2013/2013.05.20.Operation_Hangover)
* May 16 - [[ESET] Targeted information stealing attacks in South Asia use email, signed binaries](https://www.welivesecurity.com/2013/05/16/targeted-threat-pakistan-india/) | [:closed_book:](../../blob/master/2013/2013.05.16.targeted-threat-pakistan-india)
* Apr 21 - [[Bitdefender] MiniDuke - The Final Cut](http://labs.bitdefender.com/2013/04/miniduke-the-final-cut) | [:closed_book:](../../blob/master/2013/2013.04.21.MiniDuke)
* Apr 13 - [[Kaspersky] "Winnti" More than just a game](http://www.securelist.com/en/downloads/vlpdfs/winnti-more-than-just-a-game-130410.pdf) | [:closed_book:](../../blob/master/2013/2013.04.13.Winnti)
2019-11-27 09:14:23 +00:00
* Apr 01 - [[FireEye] Trojan.APT.BaneChant](http://www.fireeye.com/blog/technical/malware-research/2013/04/trojan-apt-banechant-in-memory-trojan-that-observes-for-multiple-mouse-clicks.html) | [:closed_book:](../../blob/master/2013/2013.04.01.APT_BaneChant)
2019-11-27 08:57:29 +00:00
* Mar 28 - [[Circl] TR-12 - Analysis of a PlugX malware variant used for targeted attacks](http://www.circl.lu/pub/tr-12/) | [:closed_book:](../../blob/master/2013/2013.03.28.TR-12_PlugX_malware)
* Mar 27 - [[malware.lu] APT1: technical backstage (Terminator/Fakem RAT)](http://www.malware.lu/assets/files/articles/RAP002_APT1_Technical_backstage.1.0.pdf) | [:closed_book:](../../blob/master/2013/2013.03.27.APT1_technical_backstage)
2019-08-14 09:38:24 +00:00
* Mar 21 - [[Fidelis] Darkseoul/Jokra Analysis And Recovery](https://old.fidelissecurity.com/sites/default/files/FTA%201008%20-%20Darkseoul-Jokra%20Analysis%20and%20Recovery.pdf) | [:closed_book:](../../blob/master/2013/2013.03.21.Darkseoul)
* Mar 20 - [[Kaspersky] The TeamSpy Crew Attacks](http://securelist.com/blog/incidents/35520/the-teamspy-crew-attacks-abusing-teamviewer-for-cyberespionage-8/) | [:closed_book:](../../blob/master/2013/2013.03.20.TeamSpy_Crew)
* Mar 20 - [[McAfee] Dissecting Operation Troy](http://www.mcafee.com/sg/resources/white-papers/wp-dissecting-operation-troy.pdf) | [:closed_book:](../../blob/master/2013/2013.03.20.Operation_Troy)
* Mar 17 - [[Trend Micro] Safe: A Targeted Threat](http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-safe-a-targeted-threat.pdf) | [:closed_book:](../../blob/master/2013/2013.03.17.Targeted_Threat)
* Mar 13 - [[Citizen lab] You Only Click Twice: FinFishers Global Proliferation](https://citizenlab.org/wp-content/uploads/2013/07/15-2013-youonlyclicktwice.pdf) | [:closed_book:](../../blob/master/2013/2013.03.13.FinFisher)
2019-08-29 05:01:02 +00:00
* Feb 27 - [[Crysys] Miniduke: Indicators v1](http://www.crysys.hu/miniduke/miniduke_indicators_public.pdf) | [:closed_book:](../../blob/master/2013/2013.02.27.MiniDuke_Indicators)
2019-08-14 09:38:24 +00:00
* Feb 27 - [[Kaspersky] The MiniDuke Mystery: PDF 0-day Government Spy Assembler 0x29A Micro Backdoor](https://www.securelist.com/en/downloads/vlpdfs/themysteryofthepdf0-dayassemblermicrobackdoor.pdf) | [:closed_book:](../../blob/master/2013/2013.02.27.MiniDuke_Mystery)
* Feb 26 - [[Symantec] Stuxnet 0.5: The Missing Link](http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/stuxnet_0_5_the_missing_link.pdf) | [:closed_book:](../../blob/master/2013/2013.02.26.Stuxnet_0.5)
* Feb 22 - [[Symantec] Comment Crew: Indicators of Compromise](http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/comment_crew_indicators_of_compromise.pdf) | [:closed_book:](../../blob/master/2013/2013.02.22.Comment_Crew)
* Feb 18 - [[FireEye] Mandiant APT1 Report](http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf) | [:closed_book:](../../blob/master/2013/2013.02.18.APT1)
* Feb 12 - [[AIT] Targeted cyber attacks: examples and challenges ahead](http://www.ait.ac.at/uploads/media/Presentation_Targeted-Attacks_EN.pdf) | [:closed_book:](../../blob/master/2013/2013.02.12.Targeted-Attacks)
* Jan 18 - [[McAfee] Operation Red October](https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/24000/PD24250/en_US/McAfee_Labs_Threat_Advisory_Exploit_Operation_Red_Oct.pdf) | [:closed_book:](../../blob/master/2013/2013.01.18.Operation_Red_Oct)
* Jan 14 - [[Kaspersky] The Red October Campaign](https://securelist.com/blog/incidents/57647/the-red-october-campaign) | [:closed_book:](../../blob/master/2013/2013.01.14.Red_October_Campaign)
2017-02-11 07:00:00 +00:00
## 2012
2019-11-27 08:31:48 +00:00
* Nov ?? - [[KrebsonSecurity] "Wicked Rose" and the NCPH Hacking Group](https://krebsonsecurity.com/wp-content/uploads/2012/11/WickedRose_andNCPH.pdf) | [:closed_book:](../../blob/master/2012/2012.11.00_Wicked_Rose)
* Nov 03 - [[CyberPeace] Systematic cyber attacks against Israeli and Palestinian targets going on for a year](http://cyber-peace.org/wp-content/uploads/2014/01/Cyberattack_against_Israeli_and_Palestinian_targets.pdf) | [:closed_book:](../../blob/master/2012/2012.11.03.Israeli_and_Palestinian_Attack)
* Nov 01 - [[Fidelis] RECOVERING FROM SHAMOON](http://www.fidelissecurity.com/sites/default/files/FTA%201007%20-%20Shamoon.pdf) | [:closed_book:](../../blob/master/2012/2012.11.01.RECOVERING_FROM_SHAMOON)
* Oct 31 - [[DEA] CYBER ESPIONAGE Against Georgian Government (Georbot Botnet)](http://dea.gov.ge/uploads/CERT%20DOCS/Cyber%20Espionage.pdf) | [:closed_book:](../../blob/master/2012/2012.10.31.CYBER_ESPIONAGE_Georbot_Botnet)
* Oct 27 - [[Symantec] Trojan.Taidoor: Targeting Think Tanks](http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/trojan_taidoor-targeting_think_tanks.pdf) | [:closed_book:](../../blob/master/2012/2012.10.27.Taidoor)
* Oct 08 - [[Matasano] pest control: taming the rats](http://matasano.com/research/PEST-CONTROL.pdf) | [:closed_book:](../../blob/master/2012/2012.10.08.Pest_Control)
* Sep 18 - [[Dell] The Mirage Campaign](http://www.secureworks.com/cyber-threat-intelligence/threats/the-mirage-campaign/) | [:closed_book:](../../blob/master/2012/2012.09.18.Mirage_Campaign)
* Sep 12 - [[RSA] The VOHO Campaign: An in depth analysis](http://blogsdev.rsa.com/wp-content/uploads/VOHO_WP_FINAL_READY-FOR-Publication-09242012_AC.pdf) | [:closed_book:](../../blob/master/2012/2012.09.12.VOHO_Campaign)
* Sep 07 - [[Citizen lab] IEXPLORE RAT](https://citizenlab.org/wp-content/uploads/2012/09/IEXPL0RE_RAT.pdf) | [:closed_book:](../../blob/master/2012/2012.09.07.IEXPLORE_RAT)
* Sep 06 - [[Symantec] The Elderwood Project](http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-elderwood-project.pdf) | [:closed_book:](../../blob/master/2012/2012.09.06.Elderwood)
* Aug 18 - [[Trend Micro] The Taidoor Campaign AN IN-DEPTH ANALYSIS ](http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_the_taidoor_campaign.pdf) | [:closed_book:](../../blob/master/2012/2012.08.18.Taidoor_Campaign)
2019-08-14 09:38:24 +00:00
* Aug 09 - [[Kaspersky] Gauss: Abnormal Distribution](http://kasperskycontenthub.com/wp-content/uploads/sites/43/vlpdfs/kaspersky-lab-gauss.pdf) | [:closed_book:](../../blob/master/2012/2012.08.09.Gauss)
* Jul 27 - [[Kaspersky] The Madi Campaign](https://securelist.com/analysis/36609/the-madi-infostealers-a-detailed-analysis/) | [:closed_book:](../../blob/master/2012/2012.07.27.Madi_Campaign)
* Jul 25 - [[Citizen lab] From Bahrain With Love: FinFishers Spy Kit Exposed?](https://citizenlab.org/2012/07/from-bahrain-with-love-finfishers-spy-kit-exposed/) | [:closed_book:](../../blob/master/2012/2012.07.25.FinFisher_Spy_Kit)
* Jul 11 - [[Wired] Wired article on DarkComet creator](http://www.wired.com/2012/07/dark-comet-syrian-spy-tool/) | [:closed_book:](../../blob/master/2012/2012.07.11.DarkComet_Creator)
* Jul 10 - [[Citizenlab] Advanced Social Engineering for the Distribution of LURK Malware](https://citizenlab.org/wp-content/uploads/2012/07/10-2012-recentobservationsintibet.pdf) | [:closed_book:](../../blob/master/2012/2012.07.10.SE_LURK_Malware)
* May 31 - [[Crysys] sKyWIper (Flame/Flamer)](http://www.crysys.hu/skywiper/skywiper.pdf) | [:closed_book:](../../blob/master/2012/2012.05.31.Flame_sKyWIper)
* May 22 - [[Trend Micro] IXESHE An APT Campaign](http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_ixeshe.pdf) | [:closed_book:](../../blob/master/2012/2012.05.22.IXESHE)
* May 18 - [[Symantec] Analysis of Flamer C&C Server](http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_flamer_newsforyou.pdf) | [:closed_book:](../../blob/master/2012/2012.05.18.Flamer_CnC)
* Apr 16 - [[Kaspersky] OSX.SabPub & Confirmed Mac APT attacks](http://securelist.com/blog/incidents/33208/new-version-of-osx-sabpub-confirmed-mac-apt-attacks-19/) | [:closed_book:](../../blob/master/2012/2012.04.16.OSX.SabPub)
* Apr 10 - [[McAfee] Anatomy of a Gh0st RAT](http://www.mcafee.com/us/resources/white-papers/foundstone/wp-know-your-digital-enemy.pdf) | [:closed_book:](../../blob/master/2012/2012.04.10.Gh0st_RAT)
* Mar 26 - [[Trend Micro] Luckycat Redux](http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_luckycat_redux.pdf) | [:closed_book:](../../blob/master/2012/2012.03.26.Luckycat_Redux)
* Mar 13 - [[Arbor] Reversing DarkComet RAT's crypto](http://www.arbornetworks.com/asert/wp-content/uploads/2012/07/Crypto-DarkComet-Report.pdf) | [:closed_book:](../../blob/master/2012/2012.03.13.DarkComet_RAT)
* Mar 12 - [[contextis] Crouching Tiger, Hidden Dragon, Stolen Data](http://www.contextis.com/services/research/white-papers/crouching-tiger-hidden-dragon-stolen-data/) | [:closed_book:](../../blob/master/2012/2012.03.12.Crouching_Tiger)
* Feb 29 - [[Dell] The Sin Digoo Affair](http://www.secureworks.com/cyber-threat-intelligence/threats/sindigoo/) | [:closed_book:](../../blob/master/2012/2012.02.29.Sin_Digoo_Affair)
* Feb 03 - [[CommandFive] Command and Control in the Fifth Domain](http://www.commandfive.com/papers/C5_APT_C2InTheFifthDomain.pdf) | [:closed_book:](../../blob/master/2012/2012.02.03.Fifth_Domain_CnC)
* Jan 03 - [[Trend Micro] The HeartBeat APT](http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_the-heartbeat-apt-campaign.pdf) | [:closed_book:](../../blob/master/2012/2012.01.03.HeartBeat_APT)
2017-02-11 07:00:00 +00:00
## 2011
2019-08-14 09:38:24 +00:00
* Dec 08 - [[Norman] Palebot trojan harvests Palestinian online credentials](https://web.archive.org/web/20130308090454/http://blogs.norman.com/2011/malware-detection-team/palebot-trojan-harvests-palestinian-online-credentials) | [:closed_book:](../../blob/master/2011/2011.12.08.Palebot_Trojan)
2019-11-27 08:31:48 +00:00
* Nov 15 - [[Norman] The many faces of Gh0st Rat](http://download01.norman.no/documents/ThemanyfacesofGh0stRat.pdf) | [:closed_book:](../../blob/master/2011/2011.11.15.Many_Faces_Gh0st_Rat)
2019-08-14 09:38:24 +00:00
* Oct 31 - [[Symantec] The Nitro Attacks: Stealing Secrets from the Chemical Industry](http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the_nitro_attacks.pdf) | [:closed_book:](../../blob/master/2011/2011.10.31.Nitro)
* Oct 26 - [[Dell] Duqu Trojan Questions and Answers](http://www.secureworks.com/cyber-threat-intelligence/threats/duqu/) | [:closed_book:](../../blob/master/2011/2011.10.26.Duqu)
* Oct 12 - [[Zscaler] Alleged APT Intrusion Set: "1.php" Group](http://www.zscaler.com/pdf/technicalbriefs/tb_advanced_persistent_threats.pdf) | [:closed_book:](../../blob/master/2011/2011.10.12.1.php.group)
* Sep 22 - [[Trend Micro] The "LURID" Downloader](http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_dissecting-lurid-apt.pdf) | [:closed_book:](../../blob/master/2011/2011.09.22.LURID_Downloader)
* Sep 11 - [[CommandFive] SK Hack by an Advanced Persistent Threat](http://www.commandfive.com/papers/C5_APT_SKHack.pdf) | [:closed_book:](../../blob/master/2011/2011.09.11.SK_Hack)
* Sep 09 - [[Fidelis] The RSA Hack](http://www.fidelissecurity.com/sites/default/files/FTA1001-The_RSA_Hack.pdf) | [:closed_book:](../../blob/master/2011/2011.09.09.RSA_Hack)
* Aug 04 - [[McAfee] Operation Shady RAT](http://www.mcafee.com/us/resources/white-papers/wp-operation-shady-rat.pdf) | [:closed_book:](../../blob/master/2011/2011.08.04.Operation_Shady_RAT)
* Aug 03 - [[Dell] HTran and the Advanced Persistent Threat](http://www.secureworks.com/cyber-threat-intelligence/threats/htran/) | [:closed_book:](../../blob/master/2011/2011.08.03.HTran)
* Aug 02 - [[vanityfair] Operation Shady rat : Vanity](http://www.vanityfair.com/culture/features/2011/09/operation-shady-rat-201109) | [:closed_book:](../../blob/master/2011/2011.08.02.Operation_Shady_RAT_Vanity)
* Jun ?? - [[CommandFive] Advanced Persistent Threats:A Decade in Review]() | [:closed_book:](../../blob/master/2011/2011.06.APT)
* Apr 20 - [[ESET] Stuxnet Under the Microscope](http://www.eset.com/us/resources/white-papers/Stuxnet_Under_the_Microscope.pdf) | [:closed_book:](../../blob/master/2011/2011.04.20.Stuxnet)
* Feb 18 - [[NERC] Night Dragon Specific Protection Measures for Consideration](http://www.nerc.com/pa/rrm/bpsa/Alerts%20DL/2011%20Alerts/A-2011-02-18-01%20Night%20Dragon%20Attachment%201.pdf) | [:closed_book:](../../blob/master/2011/2011.02.18.Night_Dragon.Specific)
* Feb 10 - [[McAfee] Global Energy Cyberattacks: Night Dragon](http://www.mcafee.com/us/resources/white-papers/wp-global-energy-cyberattacks-night-dragon.pdf) | [:closed_book:](../../blob/master/2011/2011.02.10.Night_Dragon)
2017-02-11 07:00:00 +00:00
## 2010
2019-08-14 09:38:24 +00:00
* Dec 09 - [[CRS] The Stuxnet Computer Worm: Harbinger of an Emerging Warfare Capability ](http://www.fas.org/sgp/crs/natsec/R41524.pdf) | [:closed_book:](../../blob/master/2010/2010.12.09.Stuxnet_Worm)
* Sep 30 - [[Symantec] W32.Stuxnet Dossier](http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf) | [:closed_book:](../../blob/master/2010/2010.09.30.W32.Stuxnet_Dossier)
* Sep 03 - [[Seculert] The "MSUpdater" Trojan And Ongoing Targeted Attacks](http://www.seculert.com/reports/MSUpdaterTrojanWhitepaper.pdf) | [:closed_book:](../../blob/master/2010/2010.09.03.MSUpdater.Trojan)
2019-08-29 05:01:02 +00:00
* Apr 06 - [[ShadowServer] Shadows in the cloud: Investigating Cyber Espionage 2.0](http://www.nartv.org/mirror/shadows-in-the-cloud.pdf) | [:closed_book:](../../blob/master/2010/2010.04.06.Shadows_in_the_cloud)
2019-08-14 09:38:24 +00:00
* Mar 14 - [[CA] In-depth Analysis of Hydraq](http://www.totaldefense.com/Core/DownloadDoc.aspx?documentID=1052) | [:closed_book:](../../blob/master/2010/2010.03.14.Hydraq)
* Feb 10 - [[HB Gary] Threat Report: Operation Aurora](http://hbgary.com/sites/default/files/publications/WhitePaper%20HBGary%20Threat%20Report,%20Operation%20Aurora.pdf) | [:closed_book:](../../blob/master/2010/2010.02.10.Threat_Report_Operation_Aurora)
* Jan ?? - [[Triumfant] Case Study: Operation Aurora](http://www.triumfant.com/pdfs/Case_Study_Operation_Aurora_V11.pdf) | [:closed_book:](../../blob/master/2010/2010.01.Case_Study_Operation_Aurora)
* Jan 27 - [[Alberts] Operation Aurora Detect, Diagnose, Respond](http://albertsblog.stickypatch.org/files/3/5/1/4/7/282874-274153/Aurora_HBGARY_DRAFT.pdf) | [:closed_book:](../../blob/master/2010/2010.01.27.Operation_Aurora_Detect_Diagnose_Respond)
* Jan 26 - [[McAfee] How Can I Tell if I Was Infected By Aurora? (IOCs)]() | [:closed_book:](../../blob/master/2010/2010.01.26.Operation_Aurora_IoC)
* Jan 20 - [[McAfee] Combating Aurora](https://kc.mcafee.com/resources/sites/MCAFEE/content/live/CORP_KNOWLEDGEBASE/67000/KB67957/en_US/Combating%20Threats%20-%20Operation%20Aurora.pdf)| [:closed_book:](../../blob/master/2010/2010.01.20.Combating_Aurora)
* Jan 13 - [[Damballa] The Command Structure of the Aurora Botnet](https://www.damballa.com/downloads/r_pubs/Aurora_Botnet_Command_Structure.pdf) | [:closed_book:](../../blob/master/2010/2010.01.13.Aurora_Botnet)
* Jan 12 - [[Google] Operation Aurora](http://en.wikipedia.org/wiki/Operation_Aurora) | [:closed_book:](../../blob/master/2010/2010.01.12.Operation_Aurora)
2017-02-11 07:00:00 +00:00
## 2009
2019-08-14 10:05:03 +00:00
* Oct 19 - [[Northrop Grumman] Capability of the Peoples Republic of China to Conduct Cyber Warfare and Computer Network Exploitation ](https://nsarchive2.gwu.edu//NSAEBB/NSAEBB424/docs/Cyber-030.pdf) | [:closed_book:](../../blob/master/2009/2009.10.19.Capability_China_Cyber_Warfare)
2019-08-14 09:38:24 +00:00
* Mar 29 - [[TheSecDevGroup] Tracking GhostNet](http://www.nartv.org/mirror/ghostnet.pdf) | [:closed_book:](../../blob/master/2009/2009.03.29.GhostNet)
* Jan 18 - [[Baltic] Impact of Alleged Russian Cyber Attacks](https://www.baltdefcol.org/files/files/documents/Research/BSDR2009/1_%20Ashmore%20-%20Impact%20of%20Alleged%20Russian%20Cyber%20Attacks%20.pdf) | [:closed_book:](../../blob/master/2009/2009.01.18.Russian_Cyber_Attacks)
2017-02-11 07:00:00 +00:00
## 2008
2019-08-14 10:05:03 +00:00
* ??? - [[Culture Mandala] HOW CHINA WILL USE CYBER WARFARE TO LEAPFROG IN MILITARY COMPETITIVENESS ](http://www.international-relations.com/CM8-1/Cyberwar.pdf) | [:closed_book:](../../blob/master/2008/2008.HOW_CHINA_WILL_USE_CYBER_WARFARE)
* ??? - [[Military Review]](https://www.armyupress.army.mil/Portals/7/military-review/Archives/English/MilitaryReview_20081231_art009.pdf)| [:closed_book:](../../blob/master/2008/2008.CHINA_CHINA_CYBER_WARFARE)
2019-08-14 09:38:24 +00:00
* Nov 19 - [[Wired] Agent.BTZ](http://www.wired.com/dangerroom/2008/11/army-bans-usb-d/) | [:closed_book:](../../blob/master/2008/2008.11.19.UNDER_WORM_ASSAULT)
* Nov 04 - [[DTIC] China's Electronic Long-Range Reconnaissance](http://www.dtic.mil/dtic/tr/fulltext/u2/a492659.pdf) | [:closed_book:](../../blob/master/2008/2008.11.04.China_Electornic_Long_Range_Reconnaissance)
* Oct 02 - [[Culture Mandala] How China will use cyber warfare to leapfrog in military competitiveness](http://www.international-relations.com/CM8-1/Cyberwar.pdf) | [:closed_book:](../../blob/master/2008/2008.10.02.China_Cyber_Warfare)
* Aug 10 - [[Georgia] Russian Invasion of Georgia Russian Cyberwar on Georgia](http://georgiaupdate.gov.ge/doc/10006922/CYBERWAR-%20fd_2_.pdf) | [:closed_book:](../../blob/master/2008/2008.08.10.Russian_Cyberwar_on_Georgia)
2017-02-11 07:00:00 +00:00
## 2006
2019-08-14 09:38:24 +00:00
* [[Krebs on Security] "Wicked Rose" and the NCPH Hacking Group](http://krebsonsecurity.com/wp-content/uploads/2012/11/WickedRose_andNCPH.pdf) | [:closed_book:](../../blob/master/2006/2006.Wicked_Rose)
2019-02-12 03:31:39 +00:00
## Report
2020-12-02 05:09:29 +00:00
### ESET
2020-12-02 05:21:00 +00:00
:small_orange_diamond: Oct 18 2020 - [[ESET] 2020 Q3 Threat Report](https://www.welivesecurity.com/2020/10/28/eset-threat-report-q32020/) | [:closed_book:](../../blob/master/Report/ESET/ESET_Threat_Report_Q32020.pdf)<br>
:small_orange_diamond: Jul 29 2020 - [[ESET] 2020 Q2 Threat Report](https://www.welivesecurity.com/2020/07/29/eset-threat-report-q22020/) | [:closed_book:](../../blob/master/Report/ESET/ESET_Threat_Report_Q22020.pdf) <br>
:small_orange_diamond: Apr 2020 - [[ESET] 2020 Q1 Threat Report](https://www.welivesecurity.com/wp-content/uploads/2020/04/ESET_Threat_Report_Q12020.pdf) | [:closed_book:](../../blob/master/Report/ESET/ESET_Threat_Report_Q12020.pdf) <br>
### Kaspersky
:small_orange_diamond: Nov 04 2020 - [[Kaspersky] APT trends report Q3 2020](https://securelist.com/apt-trends-report-q3-2020/99204/) | [:closed_book:](../../blob/master/Report/Kaspersky/APT_trends_report_Q3_2020_Securelist.pdf) <br>
:small_orange_diamond: July 29 2020 - [[Kaspersky] APT trends report Q2 2020](https://securelist.com/apt-trends-report-q2-2020/97937/) | [:closed_book:](../../blob/master/Report/Kaspersky/APT_trends_report_Q2_2020_Securelist.pdf) <br>
:small_orange_diamond: Aug 01 2019 - [[Kaspersky] APT trends report Q2 2019](https://securelist.com/apt-trends-report-q2-2019/91897/) | [:closed_book:](../../blob/master/Report/Kaspersky/APT_trends_report_Q2_2019_Securelist.pdf) <br>
:small_orange_diamond: Apr 30 2019 - [[Kaspersky] APT trends report Q1 2019](https://securelist.com/apt-trends-report-q1-2019/90643/) | [:closed_book:](../../blob/master/Report/Kaspersky/APT_trends_report_Q1_2019_Securelist.pdf) <br>
2020-12-02 05:44:51 +00:00
### FireEye
:small_orange_diamond: Feb 20 2020 - [[FireEye] M-Trends 2020](https://content.fireeye.com/m-trends/rpt-m-trends-2020) | [:closed_book:](../../blob/master/Report/FireEye/mtrends-2020.pdf) <br>
:small_orange_diamond: Mar 04 2019 - [[FireEye] M-Trends 2019](https://content.fireeye.com/m-trends/rpt-m-trends-2019) | [:closed_book:](../../blob/master/Report/FireEye/rpt-mtrends-2019.pdf) <br>
### AhnLab
:small_orange_diamond: Q3 2020 - [[AhnLab] ASEC Report Q3 2020](https://global.ahnlab.com/global/upload/download/asecreport/ASEC%20REPORT_vol.100_ENG.pdf) | [:closed_book:](../../blob/master/Report/AhnLab/ASEC_REPORT_vol.100_ENG.pdf) <br>
:small_orange_diamond: Q2 2020 - [[AhnLab] ASEC Report Q2 2020](https://global.ahnlab.com/global/upload/download/asecreport/ASEC%20REPORT_vol.99_ENG.pdf) | [:closed_book:](../../blob/master/Report/AhnLab/ASEC_REPORT_vol.99_ENG.pdf) <br>
:small_orange_diamond: Q1 2020 - [[AhnLab] ASEC Report Q1 2020](https://global.ahnlab.com/global/upload/download/asecreport/ASEC%20REPORT_vol.98_ENG.pdf) | [:closed_book:](../../blob/master/Report/AhnLab/ASEC_REPORT_vol.98_ENG.pdf) <br>
:small_orange_diamond: Q4 2019 - [[AhnLab] ASEC Report Q4 2019](https://global.ahnlab.com/global/upload/download/asecreport/ASEC%20REPORT_vol.97_ENG.pdf) | [:closed_book:](../../blob/master/Report/AhnLab/ASEC_REPORT_vol.97_ENG.pdf) <br>
:small_orange_diamond: Q3 2019 - [[AhnLab] ASEC Report Q3 2019](https://global.ahnlab.com/global/upload/download/asecreport/ASEC%20REPORT_vol.96_ENG.pdf) | [:closed_book:](../../blob/master/Report/AhnLab/ASEC_REPORT_vol.96_ENG.pdf) <br>
:small_orange_diamond: Q2 2019 - [[AhnLab] ASEC Report Q2 2019](https://global.ahnlab.com/global/upload/download/asecreport/ASEC%20REPORT_vol.95_ENG.pdf) | [:closed_book:](../../blob/master/Report/AhnLab/ASEC_REPORT_vol.95_ENG.pdf) <br>
:small_orange_diamond: Q1 2019 - [[AhnLab] ASEC Report Q1 2019](https://global.ahnlab.com/global/upload/download/asecreport/ASEC%20REPORT_vol.94_ENG.pdf) | [:closed_book:](../../blob/master/Report/AhnLab/ASEC_REPORT_vol.94_ENG.pdf) <br>
2020-12-02 06:19:41 +00:00
### Group-IB
:small_orange_diamond: Nov 24 2020 - [[Group-IB] Hi-Tech Crime Trends 2020-2021](https://www.group-ib.com/resources/threat-research/2020-report.html) | [:closed_book:](../../blob/master/Report/Group-IB/Group-IB_Hi-Tech_Crime_Trends_2019-2020_en.pdf) <br>
:small_orange_diamond: Nov 29 2019 - [[Group-IB] Hi-Tech Crime Trends 2019-2020](https://www.group-ib.com/resources/threat-research/2019-report.html) | [:closed_book:](../../blob/master/Report/Group-IB/Group-IB_Hi-Tech_Crime_Trends_2020-2021_en.pdf) <br>
2020-12-02 07:17:01 +00:00
### PTSecurity
:small_orange_diamond: Q2 2020 - [[PTSecurity] Cybersecurity threatscape Q2 2020](https://www.ptsecurity.com/upload/corporate/ww-en/analytics/cybersecurity-threatscape-2020-q2-eng.pdf) | [:closed_book:](../../blob/master/Report/PTSecurity/cybersecurity-threatscape-2020-q2-eng.pdf) <br>
:small_orange_diamond: Q1 2020 - [[PTSecurity] Cybersecurity threatscape Q1 2020](https://www.ptsecurity.com/upload/corporate/ww-en/analytics/cybersecurity-threatscape-2020-q1-eng.pdf) | [:closed_book:](../../blob/master/Report/PTSecurity/cybersecurity-threatscape-2020-q1-eng.pdf) <br>
:small_orange_diamond: Q4 2019 - [[PTSecurity] Cybersecurity threatscape Q3 2019](https://www.ptsecurity.com/upload/corporate/ww-en/analytics/cybersecurity-threatscape-2019-q4-eng.pdf) | [:closed_book:](../../blob/master/Report/PTSecurity/cybersecurity-threatscape-2019-q4-eng.pdf) <br>
:small_orange_diamond: Q3 2019 - [[PTSecurity] Cybersecurity threatscape Q3 2019](https://www.ptsecurity.com/upload/corporate/ww-en/analytics/cybersecurity-threatscape-2019-q3-eng.pdf) | [:closed_book:](../../blob/master/Report/PTSecurity/cybersecurity-threatscape-2019-q3-eng.pdf) <br>
:small_orange_diamond: Q2 2019 - [[PTSecurity] Cybersecurity threatscape Q2 2019](https://www.ptsecurity.com/upload/corporate/ww-en/analytics/Cybersecurity-threatscape-2019-Q2-eng.pdf) | [:closed_book:](../../blob/master/Report/PTSecurity/Cybersecurity-threatscape-2019-Q2-eng.pdf) <br>
:small_orange_diamond: Q1 2019 - [[PTSecurity] Cybersecurity threatscape Q1 2019](https://www.ptsecurity.com/upload/corporate/ww-en/analytics/Cybersecurity-threatscape-2019-Q1-eng.pdf) | [:closed_book:](../../blob/master/Report/PTSecurity/Cybersecurity-threatscape-2019-Q1-eng.pdf) <br>
### ENISA
:small_orange_diamond: Oct 20 2020 - [[ENISA] ENISA Threat Landscape 2020 - Main Incidents](https://www.enisa.europa.eu/publications/enisa-threat-landscape-2020-main-incidents) | [:closed_book:](../../blob/master/Report/ENISA/ETL2020_Incidents_A4.pdf) <br>
:small_orange_diamond: Jan 28 2019 - [[ENISA] ENISA Threat Landscape Report 2018](https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-2018) | [:closed_book:](../../blob/master/Report/ENISA/ENISA_Threat_Landscape_2018.pdf) <br>
### CrowdStrike
:small_orange_diamond: Mar 03 2020 - [[CrowdStrike] 2020 GLOBAL THREAT REPORT](https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf) | [:closed_book:](../../blob/master/Report/CrowdStrike/Report2020CrowdStrikeGlobalThreatReport.pdf) <br>
:small_orange_diamond: Feb 19 2019 - [[CrowdStrike] 2019 GLOBAL THREAT REPORT](https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2019GlobalThreatReport.pdf?lb_email=&utm_source=Marketo&utm_medium=Web&utm_campaign=Threat_Report_2019) | [:closed_book:](../../blob/master/Report/CrowdStrike/Report2019GlobalThreatReport.pdf) <br>
### QianXin
:small_orange_diamond: Jun 29 2020 - [[QianXin] APT threat report 2020 1H CN version](https://ti.qianxin.com/uploads/2020/06/29/e4663b4f11f01e5ec8a1a5d91a71dc72.pdf) | [:closed_book:](../../blob/master/Report/QianXin/2020.06.29_APT_threat_report_2020_1H_CN_version.pdf) <br>
:small_orange_diamond: Feb 02 2019 - [[QianXin] APT threat report 2019 CN version](https://ti.qianxin.com/uploads/2020/02/13/cb78386a082f465f259b37dae5df4884.pdf) | [:closed_book:](../../blob/master/Report/QianXin/2020.02.22_APT_threat_report_2019_CN_version.pdf) <br>
### Tencent
:small_orange_diamond: Mar 05 2020 - [[Tencent] [CN] 2019 APT Summary Report](http://pc1.gtimg.com/softmgr/files/apt_report_2019.pdf) | [:closed_book:](../../blob/master/Report/Tencent/apt_report_2019.CN_Version.pdf) <br>
:small_orange_diamond: Jan 03 2019 - [[Tencent] [CN] 2018 APT Summary Report](https://www.freebuf.com/articles/network/193420.html) | [:closed_book:](../../blob/master/Report/Tencent/2019.01.03.Tencent_APT_Summary_report_2018_CN_Version.pdf) <br>
### Verizon
2020-12-02 08:47:02 +00:00
:small_orange_diamond: Nov 16 2020 - [[Verizon] Cyber-Espionage Report 2020-2021](https://www.infopoint-security.de/media/2020-2021-cyber-espionage-report.pdf) | [:closed_book:](../../blob/master/Report/Verizon/2020-2021-cyber-espionage-report.pdf) <br>
2020-12-02 08:32:49 +00:00
### Sophos
:small_orange_diamond: Nov 18 2020 - [[Sophos] SOPHOS 2021 THREAT REPORT](https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophos-2021-threat-report.pdf) | [:closed_book:](../../blob/master/Report/Sophos/sophos-2021-threat-report.pdf) <br>
:small_orange_diamond: Dec 02 2019 - [[Sophos] SOPHOS 2020 THREAT REPORT](https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/sophoslabs-uncut-2020-threat-report.pdf) | [:closed_book:](../../blob/master/Report/Sophos/sophoslabs-uncut-2020-threat-report.pdf) <br>
2020-12-02 05:09:29 +00:00
### Other
2020-12-02 08:45:43 +00:00
:small_orange_diamond: Nov 18 2020 - [[KELA] Zooming into Darknet Threats Targeting Japanese Organizations](https://ke-la.com/zooming-into-darknet-threats-targeting-jp-orgs-kela/) | [:closed_book:](../../blob/master/Report/2020.11.18_Zooming_into_Darknet_Threats_Targeting_Japanese_Organizations/) <br>
:small_orange_diamond: Nov 04 2020 - [[WEF] Partnership against
2020-11-21 10:05:17 +00:00
Cybercrime](http://www3.weforum.org/docs/WEF_Partnership_against_Cybercrime_report_2020.pdf) | [:closed_book:](../../blob/master/Report/2020.11.04_-_WorldEconomicForum_-_Partnership_against_Cybercrime/) <br>
2020-12-02 08:45:43 +00:00
:small_orange_diamond: May 01 2020 - [[Macnia Networks, TeamT5] 2019 H2 APT Report](https://www.macnica.net/file/mpressioncss_ta_report_2019_4.pdf) | [:closed_book:](../../blob/master/Report/2019.H2_macnica_TeamT5) <br>
2019-08-14 09:38:24 +00:00
:small_orange_diamond: Feb 02 2019 - [[threatinte] Threat Intel Reads January 2019](https://threatintel.eu/2019/02/02/threat-intel-reads-january-2019/) | [:closed_book:](../../blob/master/Report/2019.02.02.Threat_Intel_Reads_January_2019) <br>
:small_orange_diamond: Feb 2019 - [[SWISSCOM] Targeted Attacks: Cyber Security Report 2019](https://www.swisscom.ch/content/dam/swisscom/en/about/company/portrait/network/security/documents/security-report-2019.pdf) | [:closed_book:](../../blob/master/Report/2019.02.Targeted_Attacks) <br>
:small_orange_diamond: Jan 30 2019 - [[Dragos] Webinar Summary: Uncovering ICS Threat Activity Groups](https://dragos.com/blog/industry-news/webinar-summary-uncovering-ics-threat-activity-groups/) | [:closed_book:](../../blob/master/Report/2019.01.30.Uncovering_ICS_Threat_Activity_Groups) <br>
:small_orange_diamond: Jan 15 2019 - [[Hackmageddon] 2018: A Year of Cyber Attacks](https://www.hackmageddon.com/2019/01/15/2018-a-year-of-cyber-attacks/) | [:closed_book:](../../blob/master/Report/2019.01.15.2018-a-year-of-cyber-attacks) <br>
:small_orange_diamond: Jan 09 2019 - [[360] [CN] 2018 APT Summary Report](https://www.freebuf.com/articles/paper/193553.html) | [:closed_book:](../../blob/master/Report/2019.01.09.360_APT_Summary_report_2018_CN_Version) <br>
2019-08-14 09:46:36 +00:00
:small_orange_diamond: Jan 07 2019 - [[Medium] APT_chronicles_december_2018_edition](https://medium.com/@z3roTrust/the-apt-chronicles-december-2018-edition-e3e5125ffcd2) | [:closed_book:](../../blob/master/Report/2019.01.07.APT_chronicles_december_2018_edition) <br>
2020-09-07 07:29:21 +00:00
:small_orange_diamond: Sep 07 2020 - [[SWIFT & BAE] Follow the Money](https://www.swift.com/sites/default/files/files/swift_bae_report_Follow-The%20Money.pdf) | [:closed_book:](../../blob/master/Report/2020.09.07_Follow_the_Money) <br>
2020-12-02 08:32:49 +00:00
2019-02-12 03:31:39 +00:00
2019-03-14 08:03:13 +00:00