mirror of
https://github.com/valitydev/APT_CyberCriminal_Campagin_Collections.git
synced 2024-11-06 16:55:28 +00:00
902 lines
195 KiB
Markdown
902 lines
195 KiB
Markdown
# APT & CyberCriminal Campaign Collection
|
||
|
||
This is a collection of APT and CyberCriminal campaigns.
|
||
Please fire issue to me if any lost APT/Malware events/campaigns.
|
||
|
||
🤷The password of malware samples could be 'virus' or 'infected'
|
||
|
||
## URL to PDF Tool
|
||
* [Print Friendly & PDF](https://www.printfriendly.com/)
|
||
|
||
## Reference Resources
|
||
:small_blue_diamond: [kbandla](https://github.com/kbandla/APTnotes) <br>
|
||
:small_blue_diamond: [APTnotes](https://github.com/aptnotes/data) <br>
|
||
:small_blue_diamond: [Florian Roth - APT Groups](https://docs.google.com/spreadsheets/u/0/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/pubhtml) <br>
|
||
:small_blue_diamond: [Attack Wiki](https://attack.mitre.org/wiki/Groups) <br>
|
||
:small_blue_diamond: [threat-INTel](https://github.com/fdiskyou/threat-INTel) <br>
|
||
:small_blue_diamond: [targetedthreats](https://github.com/botherder/targetedthreats/wiki/Reports) <br>
|
||
:small_blue_diamond: [Raw Threat Intelligence](https://docs.google.com/document/d/1oYX3uN6KxIX_StzTH0s0yFNNoHDnV8VgmVqU5WoeErc/edit) <br>
|
||
:small_blue_diamond: [APT search](https://cse.google.com/cse/publicurl?cx=003248445720253387346:turlh5vi4xc) <br>
|
||
:small_blue_diamond: [APT Sample by 0xffff0800](http://0xffff0800.ddns.net/Library/) (https://iec56w4ibovnb4wc.onion.si/) <br>
|
||
:small_blue_diamond: [APT Map](https://aptmap.netlify.com/) <br>
|
||
:small_blue_diamond: [sapphirex00 - Threat-Hunting](https://github.com/sapphirex00/Threat-Hunting) <br>
|
||
:small_blue_diamond: [APTSimulator](https://github.com/NextronSystems/APTSimulator) <br>
|
||
:small_blue_diamond: [MITRE Att&CK: Group](https://attack.mitre.org/groups/) <br>
|
||
:small_blue_diamond: [APT_REPORT collected by @blackorbird](https://github.com/blackorbird/APT_REPORT) <br>
|
||
|
||
## 2019
|
||
* Aug 08 - [[Anomali] Suspected BITTER APT Continues Targeting Government of China and Chinese Organizations](https://www.anomali.com/blog/suspected-bitter-apt-continues-targeting-government-of-china-and-chinese-organizations) | [:closed_book:](../../blob/master/2019/2019.08.08.BITTER_APT)
|
||
* Aug 07 - [[FireEye] APT41: A Dual Espionage and Cyber Crime Operation](https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html) | [:closed_book:](../../blob/master/2019/2019.08.07.APT41)
|
||
* Aug 05 - [[ESET] Sharpening the Machete](https://www.welivesecurity.com/2019/08/05/sharpening-machete-cyberespionage/) | [:closed_book:](../../blob/master/2019/2019.08.05.Sharpening_the_Machete)
|
||
* Aug 01 - [[Anity] Analysis of the Attack of Mobile Devices by OceanLotus](https://www.antiy.net/p/analysis-of-the-attack-of-mobile-devices-by-oceanlotus/) | [:closed_book:](../../blob/master/2019/2019.08.01.Mobile_OceanLotus)
|
||
* Jul 24 - [[] Attacking the Heart of the German Industry](https://web.br.de/interaktiv/winnti/english/) | [:closed_book:](../../blob/master/2019/2019.07.24.Winnti_German)
|
||
* Jul 24 - [[ProofPoint] Chinese APT “Operation LagTime IT” Targets Government Information Technology Agencies in Eastern Asia](https://www.proofpoint.com/us/threat-insight/post/chinese-apt-operation-lagtime-it-targets-government-information-technology) | [:closed_book:](../../blob/master/2019/2019.07.24.Operation_LagTime_IT)
|
||
* Jul 18 - [[FireEye] Hard Pass: Declining APT34’s Invite to Join Their Professional Network](https://www.fireeye.com/blog/threat-research/2019/07/hard-pass-declining-apt34-invite-to-join-their-professional-network.html) | [:closed_book:](../../blob/master/2019/2019.07.18.APT34_Hard_Pass)
|
||
* Jul 18 - [[Trend Micro] Spam Campaign Targets Colombian Entities with Custom-made ‘Proyecto RAT,’ Uses Email Service YOPmail for C&C](https://blog.trendmicro.com/trendlabs-security-intelligence/spam-campaign-targets-colombian-entities-with-custom-proyecto-rat-email-service-yopmail-for-cc/) | [:closed_book:](../../blob/master/2019/2019.07.18.Proyecto_RAT_Colombian)
|
||
* Jul 18 - [[ESET] OKRUM AND KETRICAN: AN OVERVIEW OF RECENT KE3CHANG GROUP ACTIVITY ](https://www.welivesecurity.com/2019/07/18/okrum-ke3chang-targets-diplomatic-missions/) | [:closed_book:](../../blob/master/2019/2019.07.18.Okrum)
|
||
* Jul 17 - [[Intezer] EvilGnome: Rare Malware Spying on Linux Desktop Users](https://www.intezer.com/blog-evilgnome-rare-malware-spying-on-linux-desktop-users/) | [:closed_book:](../../blob/master/2019/2019.07.17.EvilGnome)
|
||
* Jul 16 - [[Trend Micro] SLUB Gets Rid of GitHub, Intensifies Slack Use](https://blog.trendmicro.com/trendlabs-security-intelligence/slub-gets-rid-of-github-intensifies-slack-use/) | [:closed_book:](../../blob/master/2019/2019.07.16.SLUB)
|
||
* Jul 15 - [[CISCO] SWEED: Exposing years of Agent Tesla campaigns](https://blog.talosintelligence.com/2019/07/sweed-agent-tesla.html) | [:closed_book:](../../blob/master/2019/2019.07.15.SWEED)
|
||
* Jul 11 - [[ESET] Buhtrap group uses zero‑day in latest espionage campaigns](https://www.welivesecurity.com/2019/07/11/buhtrap-zero-day-espionage-campaigns/) | [:closed_book:](../../blob/master/2019/2019.07.11.Buhtrap_Group)
|
||
* Jul 09 - [[CISCO] Sea Turtle keeps on swimming, finds new victims, DNS hijacking techniques](https://blog.talosintelligence.com/2019/07/sea-turtle-keeps-on-swimming.html) | [:closed_book:](../../blob/master/2019/2019.07.09.SeaTurtle_swimming)
|
||
* Jul 04 - [[Kaspersky] Twas the night before](https://securelist.com/twas-the-night-before/91599/) | [:closed_book:](../../blob/master/2019/2019.07.04.NewsBeef_APT)
|
||
* Jul 04 - [[Trend Micro] Latest Spam Campaigns from TA505 Now Using New Malware Tools Gelup and FlowerPippi](https://blog.trendmicro.com/trendlabs-security-intelligence/latest-spam-campaigns-from-ta505-now-using-new-malware-tools-gelup-and-flowerpippi/) | [:closed_book:](../../blob/master/2019/2019.07.04.TA505_Gelup_FlowerPippi)
|
||
* Jul 03 - [[Anomali] Multiple Chinese Threat Groups Exploiting CVE-2018-0798 Equation Editor Vulnerability Since Late 2018](https://www.anomali.com/blog/multiple-chinese-threat-groups-exploiting-cve-2018-0798-equation-editor-vulnerability-since-late-2018) | [:closed_book:](../../blob/master/2019/2019.07.03.Chinese_APT_CVE-2018-0798)
|
||
* Jul 01 - [[Check Point] Operation Tripoli](https://research.checkpoint.com/operation-tripoli/) | [:closed_book:](../../blob/master/2019/2019.07.01.Operation_Tripoli)
|
||
* Jul 01 - [[Cylance] Threat Spotlight: Ratsnif - New Network Vermin from OceanLotus](https://threatvector.cylance.com/en_us/home/threat-spotlight-ratsnif-new-network-vermin-from-oceanlotus.html) | [:closed_book:](../../blob/master/2019/2019.07.01.OceanLotus_Ratsnif)
|
||
* Jun 26 - [[Recorded Future] Iranian Threat Actor Amasses Large Cyber Operations Infrastructure Network to Target Saudi Organizations](https://go.recordedfuture.com/hubfs/reports/cta-2019-0626.pdf) | [:closed_book:](../../blob/master/2019/2019.06.26.Iranian_to_Saudi)
|
||
* Jun 25 - [[Qianxin] Analysis of MuddyC3, a New Weapon Used by MuddyWater](https://ti.qianxin.com/blog/articles/analysis-of-muddyc3-a-new-weapon-used-by-muddywater/) | [:closed_book:](../../blob/master/2019/2019.06.25.MuddyC3)
|
||
* Jun 21 - [[Symantec] Waterbug: Espionage Group Rolls Out Brand-New Toolset in Attacks Against Governments](https://www.symantec.com/blogs/threat-intelligence/waterbug-espionage-governments) | [:closed_book:](../../blob/master/2019/2019.06.21.Waterbug)
|
||
* Jun 20 - [[Qianxin] New Approaches Utilized by OceanLotus to Target An Environmental Group in Vietnam](https://ti.qianxin.com/blog/articles/english-version-of-new-approaches-utilized-by-oceanLotus-to-target-vietnamese-environmentalist/) | [:closed_book:](../../blob/master/2019/2019.06.20.OceanLotus_New_Approaches)
|
||
* Jun 12 - [[ThaiCERT] Threat Group Cards: A Threat Actor Encyclopedia](https://www.dropbox.com/s/ds0ra0c8odwsv3m/Threat%20Group%20Cards.pdf?dl) | [:closed_book:](../../blob/master/2019/2019.06.12.Threat_Group_Cards)
|
||
* Jun 10 - [[Trend Micro] MuddyWater Resurfaces, Uses Multi-Stage Backdoor POWERSTATS V3 and New Post-Exploitation Tools](https://blog.trendmicro.com/trendlabs-security-intelligence/muddywater-resurfaces-uses-multi-stage-backdoor-powerstats-v3-and-new-post-exploitation-tools/) | [:closed_book:](../../blob/master/2019/2019.06.10.MuddyWater_Resurfaces)
|
||
* Jun 05 - [[Agari] Scattered Canary The Evolution and Inner Workings of a West African Cybercriminal Startup Turned BEC Enterprise](https://www.agari.com/cyber-intelligence-research/whitepapers/scattered-canary.pdf) | [:closed_book:](../../blob/master/2019/2019.06.05.Scattered_Canary)
|
||
* Jun 04 - [[Bitdefender] An APT Blueprint: Gaining New Visibility into Financial Threats](https://www.bitdefender.com/files/News/CaseStudies/study/262/Bitdefender-WhitePaper-An-APT-Blueprint-Gaining-New-Visibility-into-Financial-Threats-interactive.pdf) | [:closed_book:](../../blob/master/2019/2019.06.04.APT_Blueprint)
|
||
* Jun 03 - [[Kaspersky] Zebrocy’s Multilanguage Malware Salad](https://securelist.com/zebrocys-multilanguage-malware-salad/90680/) | [:closed_book:](../../blob/master/2019/2019.06.03.Zebrocy)
|
||
* May 30 - [[CISCO] 10 years of virtual dynamite: A high-level retrospective of ATM malware](https://blog.talosintelligence.com/2019/05/10-years-of-virtual-dynamite.html) | [:closed_book:](../../blob/master/2019/2019.05.30.10_Years_ATM_Malware)
|
||
* May 29 - [[ESET] A dive into Turla PowerShell usage](https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/) | [:closed_book:](../../blob/master/2019/2019.05.29.Turla_PowerShell)
|
||
* May 29 - [[Yoroi] TA505 is Expanding its Operations](https://blog.yoroi.company/research/ta505-is-expanding-its-operations/) | [:closed_book:](../../blob/master/2019/2019.05.29.TA505)
|
||
* May 28 - [[Palo Alto Network] Emissary Panda Attacks Middle East Government Sharepoint Servers](https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/) | [:closed_book:](../../blob/master/2019/2019.05.28.Emissary_Panda)
|
||
* May 27 - [[360] APT-C-38](http://blogs.360.cn/post/analysis-of-APT-C-38.html) | [:closed_book:](../../blob/master/2019/2019.05.27.APT-C-38)
|
||
* May 24 - [[ENSILO] UNCOVERING NEW ACTIVITY BY APT10](https://blog.ensilo.com/uncovering-new-activity-by-apt10) | [:closed_book:](../../blob/master/2019/2019.05.24_APT10_New_Activity)
|
||
* May 22 - [[ESET] A journey to Zebrocy land](https://www.welivesecurity.com/2019/05/22/journey-zebrocy-land/) | [:closed_book:](../../blob/master/2019/2019.05.22.Zebrocy_Land)
|
||
* May 19 - [[Intezer] HiddenWasp Malware Stings Targeted Linux Systems](https://www.intezer.com/blog-hiddenwasp-malware-targeting-linux-systems/) | [:closed_book:](../../blob/master/2019/2019.05.19.HiddenWasp_Linux)
|
||
* May 18 - [[ADLab] Operation_BlackLion](https://www.secrss.com/articles/10745) | [:closed_book:](../../blob/master/2019/2019.05.18.Operation_BlackLion)
|
||
* May 15 - [[Chronicle] Winnti: More than just Windows and Gates](https://medium.com/chronicle-blog/winnti-more-than-just-windows-and-gates-e4f03436031a) | [:closed_book:](../../blob/master/2019/2019.05.15.Winnti_More)
|
||
* May 13 - [[Kapsersky] ScarCruft continues to evolve, introduces Bluetooth harvester](https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/) | [:closed_book:](../../blob/master/2019/2019.05.13.ScarCruft_Bluetooth)
|
||
* May 11 - [[Sebdraven] Chinese Actor APT target Ministry of Justice Vietnamese](https://medium.com/@Sebdraven/chineses-actor-apt-target-ministry-of-justice-vietnamese-14f13cc1c906) | [:closed_book:](../../blob/master/2019/2019.05.11.Chinese_APT_Vietnamese)
|
||
* May 09 - [[Clearsky] Iranian Nation-State APT Groups – “Black Box” Leak](https://www.clearskysec.com/wp-content/uploads/2019/05/Iranian-Nation-State-APT-Leak-Analysis-and-Overview.pdf) | [:closed_book:](../../blob/master/2019/2019.05.09.Iranian_APT_Leak)
|
||
* May 08 - [[Kaspersky] FIN7.5: the infamous cybercrime rig “FIN7” continues its activities](https://securelist.com/fin7-5-the-infamous-cybercrime-rig-fin7-continues-its-activities/90703/) | [:closed_book:](../../blob/master/2019/2019.05.08.Fin7.5)
|
||
* May 08 - [[QiAnXin] OceanLotus’ Attacks to Indochinese Peninsula: Evolution of Targets, Techniques and Procedure
|
||
](https://ti.qianxin.com/blog/articles/oceanlotus-attacks-to-indochinese-peninsula-evolution-of-targets-techniques-and-procedure/) | [:closed_book:](../../blob/master/2019/2019.05.08.OceanLotus)
|
||
* May 07 - [[Yoroi] ATMitch: New Evidence Spotted In The Wild](https://blog.yoroi.company/research/atmitch-new-evidence-spotted-in-the-wild/) | [:closed_book:](../../blob/master/2019/2019.05.07.ATMitch)
|
||
* May 07 - [[ESET] Turla LightNeuron: An email too far](https://www.welivesecurity.com/wp-content/uploads/2019/05/ESET-LightNeuron.pdf) | [:closed_book:](../../blob/master/2019/2019.05.07.Turla_LightNeuron)
|
||
* May 07 - [[Symantec] Buckeye: Espionage Outfit Used Equation Group Tools Prior to Shadow Brokers Leak](https://www.symantec.com/blogs/threat-intelligence/buckeye-windows-zero-day-exploit) | [:closed_book:](../../blob/master/2019/2019.05.07.Buckeye)
|
||
* May 03 - [[Kaspersky] Who’s who in the Zoo Cyberespionage operation targets Android users in the Middle East](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/05/24122414/ZooPark_for_public_final_edited.pdf) | [:closed_book:](../../blob/master/2019/2019.05.03.ZooPark)
|
||
* Apr 30 - [[ThreatRecon] SectorB06 using Mongolian language in lure document](https://threatrecon.nshc.net/2019/04/30/sectorb06-using-mongolian-language-in-lure-document/) | [:closed_book:](../../blob/master/2019/2019.04.30.SectorB06_Mongolian)
|
||
* Apr 24 - [[CyberInt] legit remote admin tools turn into threat actors' tools](https://e.cyberint.com/hubfs/Report%20Legit%20Remote%20Access%20Tools%20Turn%20Into%20Threat%20Actors%20Tools/CyberInt_Legit%20Remote%20Access%20Tools%20Turn%20Into%20Threat%20Actors%27%20Tools_Report.pdf) | [:closed_book:](../../blob/master/2019/2019.04.24.TA505_Abusing_Legit_Remote_Admin_Tool)
|
||
* Apr 23 - [[Kaspersky] Operation ShadowHammer: a high-profile supply chain attack](https://securelist.com/operation-shadowhammer-a-high-profile-supply-chain-attack/90380/) | [:closed_book:](../../blob/master/2019/2019.04.23.Operation_ShadowHammer)
|
||
* Apr 22 - [[CheckPoint] FINTEAM: Trojanized TeamViewer Against Government Targets](https://research.checkpoint.com/finteam-trojanized-teamviewer-against-government-targets/) | [:closed_book:](../../blob/master/2019/2019.04.22.FINTEAM)
|
||
* Apr 19 - [[MalwareBytes] “Funky malware format” found in Ocean Lotus sample](https://blog.malwarebytes.com/threat-analysis/2019/04/funky-malware-format-found-in-ocean-lotus-sample/) | [:closed_book:](../../blob/master/2019/2019.04.19.Funky_malware_format)
|
||
* Apr 17 - [[Palo Alto Network] Aggah Campaign: Bit.ly, BlogSpot, and Pastebin Used for C2 in Large Scale Campaign](https://unit42.paloaltonetworks.com/aggah-campaign-bit-ly-blogspot-and-pastebin-used-for-c2-in-large-scale-campaign/) | [:closed_book:](../../blob/master/2019/2019.04.17.Aggah_Campaign)
|
||
* Apr 17 - [[CISCO] DNS Hijacking Abuses Trust In Core Internet Service](https://blog.talosintelligence.com/2019/04/seaturtle.html) | [:closed_book:](../../blob/master/2019/2019.04.17.Operation_Sea_Turtle)
|
||
* Apr 10 - [[CheckPoint] The Muddy Waters of APT Attacks](https://research.checkpoint.com/the-muddy-waters-of-apt-attacks/) | [:closed_book:](../../blob/master/2019/2019.04.10.Muddy_Waters)
|
||
* Apr 10 - [[Kaspersky] Project TajMahal – a sophisticated new APT framework](https://securelist.com/project-tajmahal/90240/) | [:closed_book:](../../blob/master/2019/2019.04.10.Project_TajMahal)
|
||
* Apr 10 - [[Kaspersky] Gaza Cybergang Group1, operation SneakyPastes](https://securelist.com/gaza-cybergang-group1-operation-sneakypastes/90068/) | [:closed_book:](../../blob/master/2019/2019.04.10.Operation_SneakyPastes)
|
||
* Apr 02 - [[Cylance] OceanLotus Steganography](https://threatvector.cylance.com/en_us/home/report-oceanlotus-apt-group-leveraging-steganography.html) | [:closed_book:](../../blob/master/2019/2019.04.02.OceanLotus_Steganography)
|
||
* Mar 28 - [[Trend Micro] Desktop, Mobile Phishing Campaign Targets South Korean Websites, Steals Credentials Via Watering Hole](https://blog.trendmicro.com/trendlabs-security-intelligence/desktop-mobile-phishing-campaign-targets-south-korean-websites-steals-credentials-via-watering-hole/) | [:closed_book:](../../blob/master/2019/2019.03.28.Desktop_Mobile_Phishing_Campaign)
|
||
* Mar 28 - [[C4ADS] Above Us Only Stars: Exposing GPS Spoofing in Russia and Syria](https://static1.squarespace.com/static/566ef8b4d8af107232d5358a/t/5c99488beb39314c45e782da/1553549492554/Above+Us+Only+Stars.pdf) | [:closed_book:](../../blob/master/2019/2019.03.28.Exposing_GPS_Spoofing_in_Russia_and_Syria)
|
||
* Mar 28 - [[ThreatRecon] Threat Actor Group using UAC Bypass Module to run BAT File](https://threatrecon.nshc.net/2019/03/28/threat-actor-group-using-uac-bypass-module-to-run-bat-file/) | [:closed_book:](../../blob/master/2019/2019.03.28.UAC_Bypass_BAT_APT)
|
||
* Mar 27 - [[Symantec] Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.](https://www.symantec.com/blogs/threat-intelligence/elfin-apt33-espionage) | [:closed_book:](../../blob/master/2019/2019.03.27.Elfin)
|
||
* Mar 25 - [[Kaspersky] Operation ShadowHammer](https://securelist.com/operation-shadowhammer/89992/) | [:closed_book:](../../blob/master/2019/2019.03.25.Operation_ShadowHammer)
|
||
* Mar 22 - [[Netscout] LUCKY ELEPHANT CAMPAIGN MASQUERADING](https://www.netscout.com/blog/asert/lucky-elephant-campaign-masquerading) | [:closed_book:](../../blob/master/2019/2019.03.22.LUCKY_ELEPHANT)
|
||
* Mar 13 - [[CISCO] GlitchPOS: New PoS malware for sale](https://blog.talosintelligence.com/2019/03/glitchpos-new-pos-malware-for-sale.html) | [:closed_book:](../../blob/master/2019/2019.03.13.GlitchPOS_POS_Malware)
|
||
* Mar 13 - [[FlashPoint] ‘DMSniff’ POS Malware Actively Leveraged to Target Small-, Medium-Sized Businesses](https://www.flashpoint-intel.com/blog/dmsniff-pos-malware-actively-leveraged-target-medium-sized-businesses/) | [:closed_book:](../../blob/master/2019/2019.03.13.DMSniff_POS_Malware)
|
||
* Mar 13 - [[CheckPoint] Operation Sheep: Pilfer-Analytics SDK in Action](https://research.checkpoint.com/operation-sheep-pilfer-analytics-sdk-in-action/) | [:closed_book:](../../blob/master/2019/2019.03.13.Operation_Sheep)
|
||
* Mar 12 - [[Pala Alto Network] Operation Comando: How to Run a Cheap and Effective Credit Card Business](https://unit42.paloaltonetworks.com/operation-comando-or-how-to-run-a-cheap-and-effective-credit-card-business/) | [:closed_book:](../../blob/master/2019/2019.03.12.Operation_Comando)
|
||
* Mar 11 - [[ESET] Gaming industry still in the scope of attackers in Asia](https://www.welivesecurity.com/2019/03/11/gaming-industry-scope-attackers-asia/) | [:closed_book:](../../blob/master/2019/2019.03.11.Gaming-Industry.Asia)
|
||
* Mar 08 - [[Resecurity] Supply Chain – The Major Target of Cyberespionage Groups](https://resecurity.com/blog/supply-chain-the-major-target-of-cyberespionage-groups/) | [:closed_book:](../../blob/master/2019/2019.03.08.Supply_Chain_Groups)
|
||
* Mar 07 - [[Trend Micro] New SLUB Backdoor Uses GitHub, Communicates via Slack](https://blog.trendmicro.com/trendlabs-security-intelligence/new-slub-backdoor-uses-github-communicates-via-slack/) | [:closed_book:](../../blob/master/2019/2019.03.07.SLUB_Backdoor)
|
||
* Mar 06 - [[Cybaze-Yoroi Z-LAB] Operation Pistacchietto](https://blog.yoroi.company/research/op-pistacchietto-an-italian-job/) | [:closed_book:](../../blob/master/2019/2019.03.06.Operation_Pistacchietto)
|
||
* Mar 06 - [[NTT] Targeted attack using Taidoor Analysis report](https://www.nttsecurity.com/docs/librariesprovider3/resources/taidoor%E3%82%92%E7%94%A8%E3%81%84%E3%81%9F%E6%A8%99%E7%9A%84%E5%9E%8B%E6%94%BB%E6%92%83%E8%A7%A3%E6%9E%90%E3%83%AC%E3%83%9D%E3%83%BC%E3%83%88_v1) | [:closed_book:](../../blob/master/2019/2019.03.06_Taidoor_Analysis)
|
||
* Mar 06 - [[Symantec] Whitefly: Espionage Group has Singapore in Its Sights](https://www.symantec.com/blogs/threat-intelligence/whitefly-espionage-singapore) | [:closed_book:](../../blob/master/2019/2019.03.06.Whitefly)
|
||
* Mar 04 - [[FireEye] APT40: Examining a China-Nexus Espionage Actor](https://www.fireeye.com/blog/threat-research/2019/03/apt40-examining-a-china-nexus-espionage-actor.html) | [:closed_book:](../../blob/master/2019/2019.03.04.APT40)
|
||
* Feb 27 - [[Dell] A Peek into BRONZE UNION’s Toolbox](https://www.secureworks.com/research/a-peek-into-bronze-unions-toolbox) | [:closed_book:](../../blob/master/2019/2019.02.27.BRONZE_UNION_Toolbox)
|
||
* Feb 26 - [[Cybaze-Yoroi Z-LAB] The Arsenal Behind the Australian Parliament Hack](https://blog.yoroi.company/research/the-arsenal-behind-the-australian-parliament-hack/) | [:closed_book:](../../blob/master/2019/2019.02.26.Australian_Parliament_Hack)
|
||
* Feb 25 - [[CarbonBlack] Defeating Compiler Level Obfuscations Used in APT10 Malware](https://www.carbonblack.com/2019/02/25/defeating-compiler-level-obfuscations-used-in-apt10-malware/) | [:closed_book:](../../blob/master/2019/2019.02.25.APT10_Defeating_Compiler_Level)
|
||
* Feb 20 - [[SecureSoft] IT IS IDENTIFIED ATTACKS OF THE CIBERCRIMINAL LAZARUS GROUP DIRECTED TO ORGANIZATIONS IN RUSSIA](http://securitysummitperu.com/articulos/se-identifico-ataques-del-grupo-cibercriminal-lazarus-dirigidos-a-organizaciones-en-rusia/) | [:closed_book:](../../blob/master/2019/2019.02.20.LAZARUS_to_RUSSIA)
|
||
* Feb 18 - [[360] APT-C-36: Continuous Attacks Targeting Colombian Government Institutions and Corporations](https://ti.360.net/blog/articles/apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en/) | [:closed_book:](../../blob/master/2019/2019.02.18.APT-C-36.Colombian)
|
||
* Feb 14 - [[360] Suspected Molerats' New Attack in the Middle East](https://ti.360.net/blog/articles/suspected-molerats-new-attack-in-the-middle-east-en/) | [:closed_book:](../../blob/master/2019/2019.02.14.Molerats_APT)
|
||
* Feb 06 - [[Recorded Future] APT10 Targeted Norwegian MSP and US Companies in Sustained Campaign](https://www.recordedfuture.com/apt10-cyberespionage-campaign/) | [:closed_book:](../../blob/master/2019/2019.02.06.APT10_Sustained_Campaign)
|
||
* Feb 05 - [[Anomali Labs] Analyzing Digital Quartermasters in Asia – Do Chinese and Indian APTs Have a Shared Supply Chain?](https://www.anomali.com/blog/analyzing-digital-quartermasters-in-asia-do-chinese-and-indian-apts-have-a-shared-supply-chain) | [:closed_book:](../../blob/master/2019/2019.02.05.China_India_APT_shared)
|
||
* Feb 01 - [[Palo Alto Network] Tracking OceanLotus’ new Downloader, KerrDown](https://unit42.paloaltonetworks.com/tracking-oceanlotus-new-downloader-kerrdown/) | [:closed_book:](../../blob/master/2019/2019.02.01.OceanLotus_KerrDown)
|
||
* Jan 30 - [[Kaspersky] Chafer used Remexi malware to spy on Iran-based foreign diplomatic entities](https://securelist.com/chafer-used-remexi-malware/89538/) | [:closed_book:](../../blob/master/2019/2019.01.30.Chafer_APT_Spy_Iran)
|
||
* Jan 30 - [[NSHC] The Double Life of SectorA05 Nesting in Agora (Operation Kitty Phishing](https://threatrecon.nshc.net/2019/01/30/operation-kitty-phishing) | [:closed_book:](../../blob/master/2019/2019.01.30.Operation_Kitty_Phishing)
|
||
* Jan 30 - [[Morphisec] NEW CAMPAIGN DELIVERS ORCUS RAT](http://blog.morphisec.com/new-campaign-delivering-orcus-rat) | [:closed_book:](../../blob/master/2019/2019.01.30.ORCUS_RAT)
|
||
* Jan 24 - [[Carbon Black] GandCrab and Ursnif Campaign](https://www.carbonblack.com/2019/01/24/carbon-black-tau-threatsight-analysis-gandcrab-and-ursnif-campaign/) | [:closed_book:](../../blob/master/2019/2019.01.24.GandCrab_and_Ursnif)
|
||
* Jan 18 - [[Palo Alto Network] DarkHydrus delivers new Trojan that can use Google Drive for C2 communications](https://unit42.paloaltonetworks.com/darkhydrus-delivers-new-trojan-that-can-use-google-drive-for-c2-communications/) | [:closed_book:](../../blob/master/2019/2019.01.18.DarkHydrus)
|
||
* Jan 17 - [[Palo Alto Network] Malware Used by “Rocke” Group Evolves to Evade Detection by Cloud Security Products](https://unit42.paloaltonetworks.com/malware-used-by-rocke-group-evolves-to-evade-detection-by-cloud-security-products/) | [:closed_book:](../../blob/master/2019/2019.01.17.Rocke_Group)
|
||
* Jan 16 - [[360] Latest Target Attack of DarkHydruns Group Against Middle East](https://ti.360.net/blog/articles/latest-target-attack-of-darkhydruns-group-against-middle-east-en/) | [:closed_book:](../../blob/master/2019/2019.01.16.DarkHydruns)
|
||
|
||
## 2018
|
||
* Dec 28 - [[Medium] Goblin Panda changes the dropper and reuses the old infrastructure](https://medium.com/@Sebdraven/goblin-panda-changes-the-dropper-and-reused-the-old-infrastructure-a35915f3e37a) | [:closed_book:](../../blob/master/2018/2018.12.28.Goblin_Panda)
|
||
* Dec 27 - [[Cybaze-Yoroi ZLab] The Enigmatic “Roma225” Campaign](https://blog.yoroi.company/research/the-enigmatic-roma225-campaign/) | [:closed_book:](../../blob/master/2018/2018.12.27.Roma225_Campaign)
|
||
* Dec 20 - [[Objective-See] Middle East Cyber-Espionage: analyzing WindShift's implant: OSX.WindTail](https://objective-see.com/blog/blog_0x3B.html)| [:closed_book:](../../blob/master/2018/2018.12.20.WindShift_Middle_East)
|
||
* Dec 18 - [[Trend Micro] URSNIF, EMOTET, DRIDEX and BitPaymer Gangs Linked by a Similar Loader](https://blog.trendmicro.com/trendlabs-security-intelligence/ursnif-emotet-dridex-and-bitpaymer-gangs-linked-by-a-similar-loader/) | [:closed_book:](../../blob/master/2018/2018.12.18.ursnif-emotet-dridex-and-bitpaymer-gangs)
|
||
* Dec 13 - [[Certfa] The Return of The Charming Kitten](https://blog.certfa.com/posts/the-return-of-the-charming-kitten/) | [:closed_book:](../../blob/master/2018/2018.12.13.Charming_Kitten_Return)
|
||
* Dec 13 - [[Trend Micro] Tildeb: Analyzing the 18-year-old Implant from the Shadow Brokers’ Leak](https://documents.trendmicro.com/assets/tech-brief-tildeb-analyzing-the-18-year-old-implant-from-the-shadow-brokers-leak.pdf) | [:closed_book:](../../blob/master/2018/2018.12.13.Tildeb_Shadow_Brokers)
|
||
* Dec 13 - [[Palo Alto Networks] Shamoon 3 Targets Oil and Gas Organization](https://unit42.paloaltonetworks.com/shamoon-3-targets-oil-gas-organization/) | [:closed_book:](../../blob/master/2018/2018.12.13.Shamoon_3)
|
||
* Dec 12 - [[McAfee] ‘Operation Sharpshooter’ Targets Global Defense, Critical Infrastructure](https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-sharpshooter.pdf) | [:closed_book:](../../blob/master/2018/2018.12.12.Operation_Sharpshooter)
|
||
* Dec 12 - [[360] Donot (APT-C-35) Group Is Targeting Pakistani Businessman Working In China](https://ti.360.net/blog/articles/donot-group-is-targeting-pakistani-businessman-working-in-china-en/) | [:closed_book:](../../blob/master/2018/2018.12.12.Donot_Group)
|
||
* Dec 11 - [[Cylance] Poking the Bear: Three-Year Campaign Targets Russian Critical Infrastructure](https://threatvector.cylance.com/en_us/home/poking-the-bear-three-year-campaign-targets-russian-critical-infrastructure.html) | [:closed_book:](../../blob/master/2018/2018.12.11.Poking_the_Bear)
|
||
* Nov ?? - [[Google] The Hunt for 3ve](https://services.google.com/fh/files/blogs/3ve_google_whiteops_whitepaper_final_nov_2018.pdf) | [:closed_book:](../../blob/master/2018/2018.11.The_Hunt_for_3ve)
|
||
* Nov 30 - [[Trend Micro] New PowerShell-based Backdoor Found in Turkey, Strikingly Similar to MuddyWater Tools](https://blog.trendmicro.com/trendlabs-security-intelligence/new-powershell-based-backdoor-found-in-turkey-strikingly-similar-to-muddywater-tools/) | [:closed_book:](../../blob/master/2018/2018.11.30.MuddyWater_Turkey)
|
||
* Nov 29 - [[360] Analysis Of Targeted Attack Against Pakistan By Exploiting InPage Vulnerability And Related APT Groups](https://ti.360.net/blog/articles/analysis-of-targeted-attack-against-pakistan-by-exploiting-inpage-vulnerability-and-related-apt-groups-english/) | [:closed_book:](../../blob/master/2018/2018.11.29.Attack_Pakistan_By_Exploiting_InPage)
|
||
* Nov 28 - [[Microsoft] Windows Defender ATP device risk score exposes new cyberattack, drives Conditional access to protect networks](https://cloudblogs.microsoft.com/microsoftsecure/2018/11/28/windows-defender-atp-device-risk-score-exposes-new-cyberattack-drives-conditional-access-to-protect-networks/) | [:closed_book:](../../blob/master/2018/2018.11.28.Tropic_Trooper_microsoft)
|
||
* Nov 28 - [[Clearsky] MuddyWater Operations in Lebanon and Oman](https://www.clearskysec.com/wp-content/uploads/2018/11/MuddyWater-Operations-in-Lebanon-and-Oman.pdf) | [:closed_book:](../../blob/master/2018/2018.11.28.MuddyWater-Operations-in-Lebanon-and-Oman)
|
||
* Nov 27 - [[CISCO] DNSpionage Campaign Targets Middle East](https://blog.talosintelligence.com/2018/11/dnspionage-campaign-targets-middle-east.html) | [:closed_book:](../../blob/master/2018/2018.11.27.dnspionage-campaign-targets-middle-east)
|
||
* Nov 20 - [[Trend Micro] Lazarus Continues Heists, Mounts Attacks on Financial Organizations in Latin America](https://blog.trendmicro.com/trendlabs-security-intelligence/lazarus-continues-heists-mounts-attacks-on-financial-organizations-in-latin-america/) | [:closed_book:](../../blob/master/2018/2018.11.20.lazarus-in-latin-america)
|
||
* Nov 19 - [[FireEye] Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign](https://www.fireeye.com/blog/threat-research/2018/11/not-so-cozy-an-uncomfortable-examination-of-a-suspected-apt29-phishing-campaign.html) | [:closed_book:](../../blob/master/2018/2018.11.19.APT29_Phishing)
|
||
* Nov 13 - [[RecordedFuture] Chinese Threat Actor TEMP.Periscope Targets UK-Based Engineering Company Using Russian APT Techniques ](https://go.recordedfuture.com/hubfs/reports/cta-2018-1113.pdf) | [:closed_book:](../../blob/master/2018/2018.11.13.China.TEMP.Periscope.Using.Russian_APT)
|
||
* Nov 08 - [[Symantec] FASTCash: How the Lazarus Group is Emptying Millions from ATMs](https://www.symantec.com/blogs/threat-intelligence/fastcash-lazarus-atm-malware) | [:closed_book:](../../blob/master/2018/2018.11.08.FASTCash)
|
||
* Oct 19 - [[Kaspersky] DarkPulsar](https://securelist.com/darkpulsar/88199/) | [:closed_book:](../../blob/master/2018/2018.10.19.DarkPulsar)
|
||
* Oct 18 - [[Medium] APT Sidewinder changes theirs TTPs to install their backdoor](https://medium.com/@Sebdraven/apt-sidewinder-changes-theirs-ttps-to-install-their-backdoor-f92604a2739) | [:closed_book:](../../blob/master/2018/2018.10.18.APT_Sidewinder_changes)
|
||
* Oct 18 - [[CISCO] Tracking Tick Through Recent Campaigns Targeting East Asia](https://blog.talosintelligence.com/2018/10/tracking-tick-through-recent-campaigns.html) | [:closed_book:](../../blob/master/2018/2018.10.18.Datper_Bronze_Butler)
|
||
* Oct 18 - [[McAfee] Operation Oceansalt Attacks South Korea, U.S. and Canada with Source Code from Chinese Hacker Group](https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-oceansalt.pdf) | [:closed_book:](../../blob/master/2018/2018.10.18.Operation_Oceansalt)
|
||
* Oct 17 - [[Cylance] The SpyRATs of OceanLotus: Malware Analysis White Paper](https://www.cylance.com/content/dam/cylance-web/en-us/resources/knowledge-center/resource-library/reports/SpyRATsofOceanLotusMalwareWhitePaper.pdf) | [:closed_book:](../../blob/master/2018/2018.10.17.OceanLotus_SpyRATs)
|
||
* Oct 17 - [[ESET] GreyEnergy: Updated arsenal of one of the most dangerous threat actors](https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/) | [:closed_book:](../../blob/master/2018/2018.10.17.GreyEnergy)
|
||
* Oct 17 - [[Yoroi] Cyber-Espionage Campaign Targeting the Naval Industry (“MartyMcFly”)](https://blog.yoroi.company/?p=1829) | [:closed_book:](../../blob/master/2018/2018.10.17.Targeting_the_Naval_Industry)
|
||
* Oct 15 - [[Kaspersky] Octopus-infested seas of Central Asia](https://securelist.com/octopus-infested-seas-of-central-asia/88200/) | [:closed_book:](../../blob/master/2018/2018.10.15.Octopus_Central_Asia)
|
||
* Oct 11 - [[Symantec] Gallmaker: New Attack Group Eschews Malware to Live off the Land](https://www.symantec.com/blogs/threat-intelligence/gallmaker-attack-group) | [:closed_book:](../../blob/master/2018/2018.10.11.Gallmaker)
|
||
* Oct 10 - [[Kaspersky] MuddyWater expands operations](https://securelist.com/muddywater/88059/) | [:closed_book:](../../blob/master/2018/2018.10.10.MuddyWater_expands)
|
||
* Oct 03 - [[FireEye] APT38: Details on New North Korean Regime-Backed Threat Group](https://content.fireeye.com/apt/rpt-apt38) | [:closed_book:](../../blob/master/2018/2018.10.03.APT38)
|
||
* Sep 27 - [[ESET] LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group](https://www.welivesecurity.com/wp-content/uploads/2018/09/ESET-LoJax.pdf) | [:closed_book:](../../blob/master/2018/2018.09.27.LoJax)
|
||
* Sep 20 - [[360] (Non-English) (CN) PoisonVine](https://ti.360.net/uploads/2018/09/20/6f8ad451646c9eda1f75c5d31f39f668.pdf) | [:closed_book:](../../blob/master/2018/2018.09.20.Poison_Trumpet_Vine_Operation)
|
||
* Sep 13 - [[FireEye] APT10 Targeting Japanese Corporations Using Updated TTPs](https://www.fireeye.com/blog/threat-research/2018/09/apt10-targeting-japanese-corporations-using-updated-ttps.html) | [:closed_book:](../../blob/master/2018/2018.09.13.APT10_Targeting_Japanese)
|
||
* Sep 10 - [[Kaspersky] LuckyMouse signs malicious NDISProxy driver with certificate of Chinese IT company](https://securelist.com/luckymouse-ndisproxy-driver/87914) | [:closed_book:](../../blob/master/2018/2018.09.07.Goblin_Panda_targets_Cambodia)
|
||
* Sep 07 - [[CheckPoint] Domestic Kitten: An Iranian Surveillance Operation](https://research.checkpoint.com/domestic-kitten-an-iranian-surveillance-operation/) | [:closed_book:](../../blob/master/2018/2018.09.07.Domestic_Kitten)
|
||
* Sep 07 - [[Medium] Goblin Panda targets Cambodia sharing capacities with another Chinese group hackers Temp Periscope](https://medium.com/@Sebdraven/goblin-panda-targets-cambodia-sharing-capacities-with-another-chinese-group-hackers-temp-periscope-7871382ffcc0) | [:closed_book:](../../blob/master/2018/2018.08.28.CeidPageLock)
|
||
* Sep 04 - [[Palo Alto Network] OilRig Targets a Middle Eastern Government and Adds Evasion Techniques to OopsIE](https://researchcenter.paloaltonetworks.com/2018/09/unit42-oilrig-targets-middle-eastern-government-adds-evasion-techniques-oopsie/) | [:closed_book:](../../blob/master/2018/2018.09.04.OilRig_Targets_Middle_Eastern)
|
||
* Aug 30 - [[Malwarebytes] Reversing malware in a custom format: Hidden Bee elements](https://blog.malwarebytes.com/threat-analysis/2018/08/reversing-malware-in-a-custom-format-hidden-bee-elements/) | [:closed_book:](../../blob/master/2018/2018.08.30.Hidden_Bee_Custom_format)
|
||
* Aug 30 - [[Crowdstrike] Two Birds, One STONE PANDA](https://www.crowdstrike.com/blog/two-birds-one-stone-panda/) | [:closed_book:](../../blob/master/2018/2018.08.30.Stone_Panda)
|
||
* Aug 30 - [[Arbor] Double the Infection, Double the Fun](https://asert.arbornetworks.com/double-the-infection-double-the-fun/) | [:closed_book:](../../blob/master/2018/2018.08.30.Cobalt_Group_Fun)
|
||
* Aug 30 - [[Dark Matter] COMMSEC: The Trails of WINDSHIFT APT](https://gsec.hitb.org/materials/sg2018/D1%20COMMSEC%20-%20In%20the%20Trails%20of%20WINDSHIFT%20APT%20-%20Taha%20Karim.pdf) | [:closed_book:](../../blob/master/2018/2018.08.30.WINDSHIFT_APT)
|
||
* Aug 29 - [[Trend Micro] The Urpage Connection to Bahamut, Confucius and Patchwork](https://blog.trendmicro.com/trendlabs-security-intelligence/the-urpage-connection-to-bahamut-confucius-and-patchwork/) | [:closed_book:](../../blob/master/2018/2018.08.29.Bahamut_Confucius_Patchwork)
|
||
* Aug 28 - [[CheckPoint] CeidPageLock: A Chinese RootKit](https://research.checkpoint.com/ceidpagelock-a-chinese-rootkit/) | [:closed_book:](../../blob/master/2018/2018.08.28.CeidPageLock)
|
||
* Aug 23 - [[Kaspersky] Operation AppleJeus: Lazarus hits cryptocurrency exchange with fake installer and macOS malware](https://securelist.com/operation-applejeus/87553/) | [:closed_book:](../../blob/master/2018/2018.08.23.Operation_AppleJeus)
|
||
* Aug 21 - [[ESET] TURLA OUTLOOK BACKDOOR](https://www.welivesecurity.com/wp-content/uploads/2018/08/Eset-Turla-Outlook-Backdoor.pdf) | [:closed_book:](../../blob/master/2018/2018.08.21.Operation_Red_Signature)
|
||
* Aug 21 - [[Trend Micro] Supply Chain Attack Operation Red Signature Targets South Korean Organizations](https://blog.trendmicro.com/trendlabs-security-intelligence/supply-chain-attack-operation-red-signature-targets-south-korean-organizations) | [:closed_book:](../../blob/master/2018/2018.08.21.Operation_Red_Signature)
|
||
* Aug 16 - [[Recorded Future] Chinese Cyberespionage Originating From Tsinghua University Infrastructure](https://go.recordedfuture.com/hubfs/reports/cta-2018-0816.pdf) | [:closed_book:](../../blob/master/2018/2018.08.16.Chinese_Cyberespionage_Tsinghua_University)
|
||
* Aug 09 - [[McAfee] Examining Code Reuse Reveals Undiscovered Links Among North Korea’s Malware Families](https://securingtomorrow.mcafee.com/mcafee-labs/examining-code-reuse-reveals-undiscovered-links-among-north-koreas-malware-families/) | [:closed_book:](../../blob/master/2018/2018.08.09.north-koreas-malware-families)
|
||
* Aug 02 - [[Accenture] Goldfin Security Alert](https://www.accenture.com/us-en/blogs/blogs-goldfin-security-alert) | [:closed_book:](../../blob/master/2018/2018.08.02.Goldfin_Security_Alert)
|
||
* Aug 02 - [[Palo Alto Network] The Gorgon Group: Slithering Between Nation State and Cybercrime](https://researchcenter.paloaltonetworks.com/2018/08/unit42-gorgon-group-slithering-nation-state-cybercrime/) | [:closed_book:](../../blob/master/2018/2018.08.02.Gorgon_Group)
|
||
* Aug 02 - [[Medium] Goblin Panda against the Bears](https://medium.com/@Sebdraven/gobelin-panda-against-the-bears-1f462d00e3a4) | [:closed_book:](../../blob/master/2018/2018.08.02.Goblin_Panda)
|
||
* Aug 01 - [[Medium] Malicious document targets Vietnamese officials](https://medium.com/@Sebdraven/malicious-document-targets-vietnamese-officials-acb3b9d8b80a) | [:closed_book:](../../blob/master/2018/2018.08.01.Vietnamese_officials_Targets)
|
||
* Jul 31 - [[Palo Alto Network] Bisonal Malware Used in Attacks Against Russia and South Korea](https://researchcenter.paloaltonetworks.com/2018/07/unit42-bisonal-malware-used-attacks-russia-south-korea/) | [:closed_book:](../../blob/master/2018/2018.07.31.bisonal-malware-used-attacks-russia-south-korea)
|
||
* Jul 31 - [[Medium] Malicious document targets Vietnamese officials](https://medium.com/@Sebdraven/malicious-document-targets-vietnamese-officials-acb3b9d8b80a) | [:closed_book:](../../blob/master/2018/2018.07.31.APT_SideWinder_Malicious_Doc)
|
||
* Jul 27 - [[Palo Alto Network] New Threat Actor Group DarkHydrus Targets Middle East Government](https://unit42.paloaltonetworks.com/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/) | [:closed_book:](../../blob/master/2018/2018.07.27.DarkHydrus)
|
||
* Jul 23 - [[CSE] APT27: A long-term espionage campaign in Syria](http://csecybsec.com/download/zlab/20180723_CSE_APT27_Syria_v1.pdf) | [:closed_book:](../../blob/master/2018/2018.07.23_APT27_Syria)
|
||
* Jul 16 - [[Trend Micro] New Andariel Reconnaissance Tactics Hint At Next Targets](https://blog.trendmicro.com/trendlabs-security-intelligence/new-andariel-reconnaissance-tactics-hint-at-next-targets/) | [:closed_book:](../../blob/master/2018/2018.07.16.new-andariel)
|
||
* Jul 13 - [[CSE] Operation Roman Holiday – Hunting the Russian
|
||
APT28 group](http://csecybsec.com/download/zlab/20180713_CSE_APT28_X-Agent_Op-Roman%20Holiday-Report_v6_1.pdf) | [:closed_book:](../../blob/master/2018/2018.07.13.Operation_Roman_Holiday)
|
||
* Jul 12 - [[CISCO] Advanced Mobile Malware Campaign in India uses Malicious MDM](https://blog.talosintelligence.com/2018/07/Mobile-Malware-Campaign-uses-Malicious-MDM.html) | [:closed_book:](../../blob/master/2018/2018.07.12.Advanced_Mobile_Malware_Campaign_in_India)
|
||
* Jul 09 - [[ESET] Certificates stolen from Taiwanese tech-companies misused in Plead malware campaign](https://www.welivesecurity.com/2018/07/09/certificates-stolen-taiwanese-tech-companies-plead-malware-campaign/) | [:closed_book:](../../blob/master/2018/2018.07.09.certificates-stolen-taiwanese-tech-companies-plead-malware-campaign)
|
||
* Jul 08 - [[CheckPoint] APT Attack In the Middle East: The Big Bang](https://research.checkpoint.com/apt-attack-middle-east-big-bang/) | [:closed_book:](../../blob/master/2018/2018.07.08.Big_Bang)
|
||
* Jul 08 - [[Fortinet] Hussarini – Targeted Cyber Attack in the Philippines](https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html) | [:closed_book:](../../blob/master/2018/2018.07.08.Hussarini)
|
||
* Jun XX - [[Ahnlab] Operation Red Gambler](http://image.ahnlab.com/file_upload/asecissue_files/ASEC%20REPORT_vol.91.pdf) | [:closed_book:](../../blob/master/2018/2018.06.xx.Operation_Red_Gambler)
|
||
* Jun 26 - [[Palo Alto Networks] RANCOR: Targeted Attacks in South East Asia Using PLAINTEE and DDKONG Malware Families](https://researchcenter.paloaltonetworks.com/2018/06/unit42-rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/) | [:closed_book:](../../blob/master/2018/2018.06.26.RANCOR)
|
||
* Jun 23 - [[Ahnlab] Full Discloser of Andariel,A Subgroup of Lazarus Threat Group](https://global.ahnlab.com/global/upload/download/techreport/[AhnLab]Andariel_a_Subgroup_of_Lazarus%20(3).pdf) | [:closed_book:](../../blob/master/2018/2018.06.23.Andariel_Group)
|
||
* Jun 20 - [[Symantec] Thrip: Espionage Group Hits Satellite, Telecoms, and Defense Companies](https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets) | [:closed_book:](../../blob/master/2018/2018.06.20.thrip-hits-satellite-telecoms-defense-targets)
|
||
* Jun 19 - [[Kaspersky] Olympic Destroyer is still alive](https://securelist.com/olympic-destroyer-is-still-alive/86169/) | [:closed_book:](../../blob/master/2018/2017.06.19.olympic-destroyer-is-still-alive)
|
||
* Jun 14 - [[Trend Micro] Another Potential MuddyWater Campaign uses Powershell-based PRB-Backdoor](https://blog.trendmicro.com/trendlabs-security-intelligence/another-potential-muddywater-campaign-uses-powershell-based-prb-backdoor/) | [:closed_book:](../../blob/master/2018/2018.06.14.another-potential-muddywater-campaign)
|
||
* Jun 14 - [[intezer] MirageFox: APT15 Resurfaces With New Tools Based On Old Ones](https://www.intezer.com/miragefox-apt15-resurfaces-with-new-tools-based-on-old-ones/) | [:closed_book:](../../blob/master/2018/2018.06.14.MirageFox_APT15)
|
||
* Jun 13 - [[Kaspersky] LuckyMouse hits national data center to organize country-level waterholing campaign](https://securelist.com/luckymouse-hits-national-data-center/86083/) | [:closed_book:](../../blob/master/2018/2018.06.13.LuckyMouse)
|
||
* Jun 07 - [[Volexity] Patchwork APT Group Targets US Think Tanks](https://www.volexity.com/blog/2018/06/07/patchwork-apt-group-targets-us-think-tanks/) | [:closed_book:](../../blob/master/2018/2018.06.07.patchwork-apt-group-targets-us-think-tanks)
|
||
* Jun 07 - [[ICEBRG] ADOBE FLASH ZERO-DAY LEVERAGED FOR TARGETED ATTACK IN MIDDLE EAST](https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack) | [:closed_book:](../../blob/master/2018/2018.06.07.dobe-flash-zero-day-targeted-attack)
|
||
* Jun 07 - [[FireEye] A Totally Tubular Treatise on TRITON and TriStation](https://www.fireeye.com/blog/threat-research/2018/06/totally-tubular-treatise-on-triton-and-tristation.html) | [:closed_book:](../../blob/master/2018/2018.06.07.Totally_Tubular_Treatise_on_TRITON_TriStation)
|
||
* Jun 06 - [[CISCO] VPNFilter Update - VPNFilter exploits endpoints, targets new devices](https://blog.talosintelligence.com/2018/06/vpnfilter-update.html) | [:closed_book:](../../blob/master/2018/2018.06.06.vpnfilter-update)
|
||
* Jun 06 - [[GuardiCore] OPERATION PROWLI: MONETIZING 40,000 VICTIM MACHINES](https://www.guardicore.com/2018/06/operation-prowli-traffic-manipulation-cryptocurrency-mining/) | [:closed_book:](../../blob/master/2018/2018.06.06.OPERATION_PROWLI)
|
||
* Jun 06 - [[Palo Alto Networks] Sofacy Group’s Parallel Attacks](https://researchcenter.paloaltonetworks.com/2018/06/unit42-sofacy-groups-parallel-attacks/) | [:closed_book:](../../blob/master/2018/2018.06.06.sofacy-groups-parallel-attacks)
|
||
* May 31 - [[CISCO] NavRAT Uses US-North Korea Summit As Decoy For Attacks In South Korea](https://blog.talosintelligence.com/2018/05/navrat.html) | [:closed_book:](../../blob/master/2018/2018.03.31.NavRAT_Uses_US-North_Korea_Summit_As_Decoy)
|
||
* May 29 - [[intezer] Iron Cybercrime Group Under The Scope](https://www.intezer.com/iron-cybercrime-group-under-the-scope-2/) | [:closed_book:](../../blob/master/2018/2018.05.29.iron-cybercrime-group)
|
||
* May 23 - [[CISCO] New VPNFilter malware targets at least 500K networking devices worldwide](https://blog.talosintelligence.com/2018/05/VPNFilter.html) | [:closed_book:](../../blob/master/2018/2018.05.23.New_VPNFilter)
|
||
* May 23 - [[Ahnlab] Andariel Group Trend Report](http://download.ahnlab.com/kr/site/library/[Report]Andariel_Threat_Group.pdf) | [:closed_book:](../../blob/master/2018/2018.05.23.Andariel_Group)
|
||
* May 23 - [[Trend Micro] Confucius Update: New Tools and Techniques, Further Connections with Patchwork](https://blog.trendmicro.com/trendlabs-security-intelligence/confucius-update-new-tools-and-techniques-further-connections-with-patchwork/) | [:closed_book:](../../blob/master/2018/2018.05.23.Confucius_Update)
|
||
* May 22 - [[Intrusiontruth] The destruction of APT3](https://intrusiontruth.wordpress.com/2018/05/22/the-destruction-of-apt3/) | [:closed_book:](../../blob/master/2018/2018.05.22.The_destruction_of_APT3)
|
||
* May 22 - [[ESET] Turla Mosquito: A shift towards more generic tools](https://www.welivesecurity.com/2018/05/22/turla-mosquito-shift-towards-generic-tools/) | [:closed_book:](../../blob/master/2018/2018.05.22.Turla_Mosquito)
|
||
* May 09 - [[Recorded Future] Iran’s Hacker Hierarchy Exposed](https://go.recordedfuture.com/hubfs/reports/cta-2018-0509.pdf) | [:closed_book:](../../blob/master/2018/2018.05.09.Iran_Hacker_Hierarchy_Exposed)
|
||
* May 09 - [[360] Analysis of CVE-2018-8174 VBScript 0day and APT actor related to Office targeted attack](http://blogs.360.cn/blog/cve-2018-8174-en/) | [:closed_book:](../../blob/master/2018/2018.05.09.APT-C-06_CVE-2018-8174)
|
||
* May 03 - [[ProtectWise] Burning Umbrella](https://github.com/401trg/detections/raw/master/pdfs/20180503_Burning_Umbrella.pdf) | [:closed_book:](../../blob/master/2018/2018.05.03.Burning_Umbrella)
|
||
* May 03 - [[Kaspersky] Who’s who in the Zoo: Cyberespionage operation targets Android users in the Middle East](https://securelist.com/whos-who-in-the-zoo/85394/) | [:closed_book:](../../blob/master/2018/2018.05.03.whos-who-in-the-zoo)
|
||
* May 03 - [[Ahnlab] Detailed Analysis of Red Eyes Hacking Group](https://global.ahnlab.com/global/upload/download/techreport/[AhnLab]%20Red_Eyes_Hacking_Group_Report%20(1).pdf) | [:closed_book:](../../blob/master/2018/2018.05.03.Red_Eyes_Hacking_Group)
|
||
* Apr 27 - [[Tencent] OceanLotus new malware analysis](https://s.tencent.com/research/report/471.html) | [:closed_book:](../../blob/master/2018/2018.04.27.OceanLotus_new_malware)
|
||
* Apr 26 - [[CISCO] GravityRAT - The Two-Year Evolution Of An APT Targeting India](https://blog.talosintelligence.com/2018/04/gravityrat-two-year-evolution-of-apt.html) | [:closed_book:](../../blob/master/2018/2018.04.26.GravityRAT)
|
||
* Apr 24 - [[FireEye] Metamorfo Campaigns Targeting Brazilian Users](https://www.fireeye.com/blog/threat-research/2018/04/metamorfo-campaign-targeting-brazilian-users.html) | [:closed_book:](../../blob/master/2018/2018.04.24.metamorfo-campaign)
|
||
* Apr 24 - [[McAfee] Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide](https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/) | [:closed_book:](../../blob/master/2018/2018.04.24.Operation_GhostSecret)
|
||
* Apr 24 - [[ESET] Sednit update: Analysis of Zebrocy](https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy/) | [:closed_book:](../../blob/master/2018/2018.04.24.sednit-update-analysis-zebrocy)
|
||
* Apr 23 - [[Accenture] HOGFISH REDLEAVES CAMPAIGN](https://www.accenture.com/t20180423T055005Z__w__/us-en/_acnmedia/PDF-76/Accenture-Hogfish-Threat-Analysis.pdf) | [:closed_book:](../../blob/master/2018/2018.04.23.HOGFISH_REDLEAVES_CAMPAIGN)
|
||
* Apr 23 - [[Symantec] New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia](https://www.symantec.com/blogs/threat-intelligence/orangeworm-targets-healthcare-us-europe-asia) | [:closed_book:](../../blob/master/2018/2018.04.23.New_Orangeworm)
|
||
* Apr 23 - [[Kaspersky] Energetic Bear/Crouching Yeti: attacks on servers](https://securelist.com/energetic-bear-crouching-yeti/85345/) | [:closed_book:](../../blob/master/2018/2018.04.23.energetic-bear-crouching-yeti)
|
||
* Apr 17 - [[NCCGroup] Decoding network data from a Gh0st RAT variant](https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/april/decoding-network-data-from-a-gh0st-rat-variant) | [:closed_book:](../../blob/master/2018.04.17.Iron_Tiger_Gh0st_RAT_variant)
|
||
* Apr 12 - [[Kaspersky] Operation Parliament, who is doing what?](https://securelist.com/operation-parliament-who-is-doing-what/85237/) | [:closed_book:](../../blob/master/2018/2018.04.12.operation-parliament)
|
||
* Apr 04 - [[Trend Micro] New MacOS Backdoor Linked to OceanLotus Found](https://blog.trendmicro.com/trendlabs-security-intelligence/new-macos-backdoor-linked-to-oceanlotus-found/) | [:closed_book:](../../blob/master/2018/2018.04.04.MacOS_Backdoor_OceanLotus)
|
||
* Mar 29 - [[Trend Micro] ChessMaster Adds Updated Tools to Its Arsenal](https://blog.trendmicro.com/trendlabs-security-intelligence/chessmaster-adds-updated-tools-to-its-arsenal/) | [:closed_book:](../../blob/master/2018/2018.03.29.ChessMaster_Adds_Updated_Tools)
|
||
* Mar 27 - [[Arbor] Panda Banker Zeros in on Japanese Targets](https://www.arbornetworks.com/blog/asert/panda-banker-zeros-in-on-japanese-targets/) | [:closed_book:](../../blob/master/2018/2018.03.27.panda-banker-zeros-in-on-japanese-targets)
|
||
* Mar 23 - [[Ahnlab] Targeted Attacks on South Korean Organizations](http://global.ahnlab.com/global/upload/download/techreport/Tech_Report_Malicious_Hancom.pdf) | [:closed_book:](../../blob/master/2018/2018.03.23.Targeted_Attacks_on_South_Korean_Organizations)
|
||
* Mar 15 - [[US-CERT] Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors](https://www.us-cert.gov/ncas/alerts/TA18-074A) | [:closed_book:](../../blob/master/2018/2018.03.15.Russian_Government_Cyber_Activity_TA18-074A)
|
||
* Mar 14 - [[Symantec] Inception Framework: Alive and Well, and Hiding Behind Proxies](https://www.symantec.com/blogs/threat-intelligence/inception-framework-hiding-behind-proxies) | [:closed_book:](../../blob/master/2018/2018.03.14.Inception_Framework)
|
||
* Mar 14 - [[Trend Micro] Tropic Trooper’s New Strategy](https://blog.trendmicro.com/trendlabs-security-intelligence/tropic-trooper-new-strategy/) | [:closed_book:](../../blob/master/2018/2018.03.14.tropic-trooper-new-strategy)
|
||
* Mar 13 - [[FireEye] Iranian Threat Group Updates Tactics, Techniques and Procedures in Spear Phishing Campaign](https://www.fireeye.com/blog/threat-research/2018/03/iranian-threat-group-updates-ttps-in-spear-phishing-campaign.html) | [:closed_book:](../../blob/master/2018/2018.03.13.Iranian-threat-group)
|
||
* Mar 13 - [[Kaspersky] Time of death? A therapeutic postmortem of connected medicine](https://securelist.com/time-of-death-connected-medicine/84315/) | [:closed_book:](../../blob/master/2018/2018.03.13.A_therapeutic_postmortem_of_connected_medicine)
|
||
* Mar 13 - [[Proofpoint] Drive-by as a service: BlackTDS](https://www.proofpoint.com/us/threat-insight/post/drive-service-blacktds) | [:closed_book:](../../blob/master/2018/2018.03.13.BlackTDS)
|
||
* Mar 13 - [[ESET] OceanLotus: Old techniques, new backdoor](https://www.welivesecurity.com/wp-content/uploads/2018/03/ESET_OceanLotus.pdf) | [:closed_book:](../../blob/master/2018/2018.03.13.OceanLotus_Old_techniques_new_backdoor)
|
||
* Mar 12 - [[Trend Micro] Campaign Possibly Connected to “MuddyWater” Surfaces in the Middle East and Central Asia](https://blog.trendmicro.com/trendlabs-security-intelligence/campaign-possibly-connected-muddywater-surfaces-middle-east-central-asia/) | [:closed_book:](../../blob/master/2018/2018.03.12.MuddyWater_Middle_East_and_Central_Asia)
|
||
* Mar 09 - [[Kaspersky] Masha and these Bears 2018 Sofacy Activity](https://securelist.com/masha-and-these-bears/84311/) | [:closed_book:](../../blob/master/2018/2018.03.09.masha-and-these-bears)
|
||
* Mar 09 - [[NCC] APT15 is alive and strong: An analysis of RoyalCli and RoyalDNS](https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/march/apt15-is-alive-and-strong-an-analysis-of-royalcli-and-royaldns/?Year=2018&Month=3) | [:closed_book:](../../blob/master/2018/2018.03.09.APT15_is_alive_and_strong)
|
||
* Mar 09 - [[ESET] New traces of Hacking Team in the wild](https://www.welivesecurity.com/2018/03/09/new-traces-hacking-team-wild/) | [:closed_book:](../../blob/master/2018/2018.03.09.new-traces-hacking-team-wild)
|
||
* Mar 08 - [[McAfee] Hidden Cobra Targets Turkish Financial Sector With New Bankshot Implant](https://securingtomorrow.mcafee.com/mcafee-labs/hidden-cobra-targets-turkish-financial-sector-new-bankshot-implant/) | [:closed_book:](../../blob/master/2018/2018.03.08.hidden-cobra-targets-turkish-financial)
|
||
* Mar 08 - [[Kaspersky] OlympicDestroyer is here to trick the industry](https://securelist.com/olympicdestroyer-is-here-to-trick-the-industry/84295/) | [:closed_book:](../../blob/master/2018/2018.03.08.olympicdestroyer-is-here-to-trick-the-industry)
|
||
* Mar 08 - [[Arbor] Donot Team Leverages New Modular Malware Framework in South Asia](https://www.arbornetworks.com/blog/asert/donot-team-leverages-new-modular-malware-framework-south-asia/) | [:closed_book:](../../blob/master/2018/2018.03.08.donot-team-leverages-new-modular)
|
||
* Mar 08 - [[Crysis] Territorial Dispute – NSA’s perspective on APT landscape](https://www.crysys.hu/files/tedi/ukatemicrysys_territorialdispute.pdf) | [:closed_book:](../../blob/master/2018/2018.03.08.Territorial_Dispute)
|
||
* Mar 07 - [[Palo Alto Networks] Patchwork Continues to Deliver BADNEWS to the Indian Subcontinent](https://researchcenter.paloaltonetworks.com/2018/03/unit42-patchwork-continues-deliver-badnews-indian-subcontinent/) | [:closed_book:](../../blob/master/2018/2018.03.07.patchwork-continues-deliver-badnews-indian-subcontinent)
|
||
* Mar 06 - [[Kaspersky] The Slingshot APT](https://s3-eu-west-1.amazonaws.com/khub-media/wp-content/uploads/sites/43/2018/03/09133534/The-Slingshot-APT_report_ENG_final.pdf) | [:closed_book:](../../blob/master/2018/2018.03.06.The-Slingshot-APT)
|
||
* Mar 05 - [[Palo Alto Networks] Sure, I’ll take that! New ComboJack Malware Alters Clipboards to Steal Cryptocurrency](https://researchcenter.paloaltonetworks.com/2018/03/unit42-sure-ill-take-new-combojack-malware-alters-clipboards-steal-cryptocurrency/) | [:closed_book:](../../blob/master/2018/2018.03.05.New_ComboJack_Malware)
|
||
* Mar 02 - [[McAfee] McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups](https://securingtomorrow.mcafee.com/mcafee-labs/mcafee-uncovers-operation-honeybee-malicious-document-campaign-targeting-humanitarian-aid-groups/) | [:closed_book:](../../blob/master/2018/2018.03.02.Operation_Honeybee)
|
||
* Mar 01 - [[Security 0wnage] A Quick Dip into MuddyWater's Recent Activity](https://sec0wn.blogspot.tw/2018/03/a-quick-dip-into-muddywaters-recent.html) | [:closed_book:](../../blob/master/2018/2018.03.01.a-quick-dip-into-muddywaters-recent)
|
||
* Feb 28 - [[Palo Alto Networks] Sofacy Attacks Multiple Government Entities](https://researchcenter.paloaltonetworks.com/2018/02/unit42-sofacy-attacks-multiple-government-entities/) | [:closed_book:](../../blob/master/2018/2018.02.28.sofacy-attacks-multiple-government-entities)
|
||
* Feb 28 - [[Symantec] Chafer: Latest Attacks Reveal Heightened Ambitions](https://www.symantec.com/blogs/threat-intelligence/chafer-latest-attacks-reveal-heightened-ambitions) | [:closed_book:](../../blob/master/2018/2018.02.28.Chafer_Latest_Attacks_Reveal)
|
||
* Feb 21 - [[Avast] Avast tracks down Tempting Cedar Spyware](https://blog.avast.com/avast-tracks-down-tempting-cedar-spyware) | [:closed_book:](../../blob/master/2018/2018.02.21.Tempting_Cedar)
|
||
* Feb 20 - [[Arbor] Musical Chairs Playing Tetris](https://www.arbornetworks.com/blog/asert/musical-chairs-playing-tetris/) | [:closed_book:](../../blob/master/2018/2018.02.20.musical-chairs-playing-tetris)
|
||
* Feb 20 - [[Kaspersky] A Slice of 2017 Sofacy Activity](https://securelist.com/a-slice-of-2017-sofacy-activity/83930/) | [:closed_book:](../../blob/master/2018/2018.02.20.a-slice-of-2017-sofacy-activity)
|
||
* Feb 20 - [[FireEye] APT37 (Reaper): The Overlooked North Korean Actor](https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf) | [:closed_book:](../../blob/master/2018/2018.02.20.APT37)
|
||
* Feb 13 - [[Trend Micro] Deciphering Confucius’ Cyberespionage Operations](https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confucius-cyberespionage-operations/) | [:closed_book:](../../blob/master/2018/2018.02.13.deciphering-confucius)
|
||
* Feb 13 - [[RSA] Lotus Blossom Continues ASEAN Targeting](https://community.rsa.com/community/products/netwitness/blog/2018/02/13/lotus-blossom-continues-asean-targeting) | [:closed_book:](../../blob/master/2018/2018.02.13.Lotus-Blossom-Continues)
|
||
* Feb 07 - [[CISCO] Targeted Attacks In The Middle East](http://blog.talosintelligence.com/2018/02/targeted-attacks-in-middle-east.html) | [:closed_book:](../../blob/master/2018/2018.02.07.targeted-attacks-in-middle-east_VBS_CAMPAIGN)
|
||
* Feb 02 - [[McAfee] Gold Dragon Widens Olympics Malware Attacks, Gains Permanent Presence on Victims’ Systems](https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malware-attacks-gains-permanent-presence-on-victims-systems/) | [:closed_book:](../../blob/master/2018/2018.02.02.gold-dragon-widens-olympics-malware)
|
||
* Feb 01 - [[Bitdefender] Operation PZChao: a possible return of the Iron Tiger APT](https://labs.bitdefender.com/2018/02/operation-pzchao-a-possible-return-of-the-iron-tiger-apt/) | [:closed_book:](../../blob/master/2018/2018.02.01.operation-pzchao)
|
||
* Jan 30 - [[Palo Alto Networks] Comnie Continues to Target Organizations in East Asia](https://researchcenter.paloaltonetworks.com/2018/01/unit42-comnie-continues-target-organizations-east-asia/) | [:closed_book:](../../blob/master/2018/2018.01.31.Comnie_Continues_to_Target_Organizations_in_East_Asia)
|
||
* Jan 30 - [[RSA] APT32 Continues ASEAN Targeting](https://community.rsa.com/community/products/netwitness/blog/2018/01/30/apt32-continues-asean-targeting) | [:closed_book:](../../blob/master/2018/2018.01.30.APT32_Continues_ASEAN_Targeting)
|
||
* Jan 29 - [[Trend Micro] Hacking Group Spies on Android Users in India Using PoriewSpy](https://blog.trendmicro.com/trendlabs-security-intelligence/hacking-group-spies-android-users-india-using-poriewspy/) | [:closed_book:](../../blob/master/2018/2018.01.29.PoriewSpy.India)
|
||
* Jan 29 - [[Palo Alto Networks] VERMIN: Quasar RAT and Custom Malware Used In Ukraine](https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/) | [:closed_book:](../../blob/master/2018/2018.01.29.VERMIN_Quasar_RAT_and_Custom_Malware_Used_In_Ukraine)
|
||
* Jan 27 - [[Accenture] DRAGONFISH DELIVERS NEW FORM OF ELISE MALWARE TARGETING ASEAN DEFENCE MINISTERS’ MEETING AND ASSOCIATES](https://www.accenture.com/t20180127T003755Z__w__/us-en/_acnmedia/PDF-46/Accenture-Security-Dragonfish-Threat-Analysis.pdf) | [:closed_book:](../../blob/master/2018/2018.01.27.DRAGONFISH)
|
||
* Jan 26 - [[Palo Alto Networks] The TopHat Campaign: Attacks Within The Middle East Region Using Popular Third-Party Services](https://researchcenter.paloaltonetworks.com/2018/01/unit42-the-tophat-campaign-attacks-within-the-middle-east-region-using-popular-third-party-services/) | [:closed_book:](../../blob/master/2018/2018.01.26.TopHat_Campaign)
|
||
* Jan 25 - [[Palo Alto Networks] OilRig uses RGDoor IIS Backdoor on Targets in the Middle East](https://researchcenter.paloaltonetworks.com/2018/01/unit42-oilrig-uses-rgdoor-iis-backdoor-targets-middle-east/) | [:closed_book:](../../blob/master/2018/2018.01.25.oilrig_Middle_East)
|
||
* Jan 24 - [[Trend Micro] Lazarus Campaign Targeting Cryptocurrencies Reveals Remote Controller Tool, an Evolved RATANKBA, and More](https://blog.trendmicro.com/trendlabs-security-intelligence/lazarus-campaign-targeting-cryptocurrencies-reveals-remote-controller-tool-evolved-ratankba/) | [:closed_book:](../../blob/master/2018/2018.01.24.lazarus-campaign-targeting-cryptocurrencies)
|
||
* Jan 18 - [[NCSC] Turla group update Neuron malware](https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20Neuron%20Malware%20Update.pdf) | [:closed_book:](../../blob/master/2018/2018.01.18.Turla_group_update_Neuron_malware)
|
||
* Jan 17 - [[Lookout] Dark Caracal](https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf) | [:closed_book:](../../blob/master/2018/2018.01.18.Dark_Caracal)
|
||
* Jan 16 - [[Kaspersky] Skygofree: Following in the footsteps of HackingTeam](https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/) | [:closed_book:](../../blob/master/2018/2018.01.16.skygofree)
|
||
* Jan 16 - [[Recorded Future] North Korea Targeted South Korean Cryptocurrency Users and Exchange in Late 2017 Campaign](https://www.recordedfuture.com/north-korea-cryptocurrency-campaign/) | [:closed_book:](../../blob/master/2018/2018.01.16.north-korea-cryptocurrency-campaign)
|
||
* Jan 16 - [[CISCO] Korea In The Crosshairs](http://blog.talosintelligence.com/2018/01/korea-in-crosshairs.html) | [:closed_book:](../../blob/master/2018/2018.01.16.korea-in-crosshairs)
|
||
* Jan 15 - [[Trend Micro] New KillDisk Variant Hits Financial Organizations in Latin America](https://blog.trendmicro.com/trendlabs-security-intelligence/new-killdisk-variant-hits-financial-organizations-in-latin-america/) | [:closed_book:](../../blob/master/2018/2018.01.15.new-killdisk-variant-hits-financial-organizations-in-latin-america)
|
||
* Jan 12 - [[Trend Micro] Update on Pawn Storm: New Targets and Politically Motivated Campaigns](http://blog.trendmicro.com/trendlabs-security-intelligence/update-pawn-storm-new-targets-politically-motivated-campaigns/?utm_campaign=shareaholic&utm_medium=twitter&utm_source=socialnetwork) | [:closed_book:](../../blob/master/2018/2018.01.12.update-pawn-storm-new-targets-politically)
|
||
* Jan 11 - [[McAfee] North Korean Defectors and Journalists Targeted Using Social Networks and KakaoTalk](https://securingtomorrow.mcafee.com/mcafee-labs/north-korean-defectors-journalists-targeted-using-social-networks-kakaotalk/) | [:closed_book:](../../blob/master/2018/2018.01.11.North_Korean_Defectors_and_Journalists_Targeted)
|
||
* Jan 09 - [[ESET] Diplomats in Eastern Europe bitten by a Turla mosquito](https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf) | [:closed_book:](../../blob/master/2018/2018.01.09.Turla_Mosquito)
|
||
* Jan 07 - [[Clearsky] Operation DustySky](http://www.clearskysec.com/dustysky/) | [:closed_book:](../../blob/master/2018/2018.01.07.Operation_DustySky)
|
||
* Jan 06 - [[McAfee] Malicious Document Targets Pyeongchang Olympics](https://securingtomorrow.mcafee.com/mcafee-labs/malicious-document-targets-pyeongchang-olympics/) | [:closed_book:](../../blob/master/2018/2018.01.06.malicious-document-targets-pyeongchang-olympics)
|
||
* Jan 04 - [[Carnegie] Iran’s Cyber Threat: Espionage, Sabotage, and Revenge](http://carnegieendowment.org/files/Iran_Cyber_Final_Full_v2.pdf) | [:closed_book:](../../blob/master/2018/2018.01.04.Iran_Cyber_Threat_Carnegie)
|
||
|
||
## 2017
|
||
* Dec 19 - [[Proofpoint] North Korea Bitten by Bitcoin Bug: Financially motivated campaigns reveal new dimension of the Lazarus Group](https://www.proofpoint.com/us/threat-insight/post/north-korea-bitten-bitcoin-bug-financially-motivated-campaigns-reveal-new) | [:closed_book:](../../blob/master/2017/2017.12.19.North_Korea_Bitten_by_Bitcoin_Bug)
|
||
* Dec 17 - [[McAfee] Operation Dragonfly Analysis Suggests Links to Earlier Attacks](https://securingtomorrow.mcafee.com/mcafee-labs/operation-dragonfly-analysis-suggests-links-to-earlier-attacks/) | [:closed_book:](../../blob/master/2017/2017.12.17.operation-dragonfly-analysis-suggests-links-to-earlier-attacks)
|
||
* Dec 14 - [[FireEye] Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure](https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html) | [:closed_book:](../../blob/master/2017/2017.12.14.attackers-deploy-new-ics-attack-framework-triton)
|
||
* Dec 11 - [[Group-IB] MoneyTaker, revealed after 1.5 years of silent operations.](https://www.group-ib.com/resources/reports/money-taker.html) | [:closed_book:](../../blob/master/2017/2017.12.11.MoneyTaker)
|
||
* Dec 11 - [[Trend Micro] Untangling the Patchwork Cyberespionage Group](http://blog.trendmicro.com/trendlabs-security-intelligence/untangling-the-patchwork-cyberespionage-group/) | [:closed_book:](../../blob/master/2017/2017.12.11.Patchwork_APT)
|
||
* Dec 07 - [[FireEye] New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit](https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html) | [:closed_book:](../../blob/master/2017/2017.12.07.New_Targeted_Attack_in_the_Middle_East_by_APT34)
|
||
* Dec 05 - [[ClearSky] Charming Kitten: Iranian Cyber Espionage Against Human Rights Activists, Academic Researchers and Media Outlets – And the HBO Hacker Connection](http://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf) | [:closed_book:](../../blob/master/2017/2017.12.05.Charming_Kitten)
|
||
* Dec 04 - [[RSA] The Shadows of Ghosts: Inside the Response of a Unique Carbanak Intrusion](https://community.rsa.com/community/products/netwitness/blog/2017/12/04/anatomy-of-an-attack-carbanak) | [:closed_book:](../../blob/master/2017/2017.12.04.The_Shadows_of_Ghosts)
|
||
* Nov 22 - [[REAQTA] A dive into MuddyWater APT targeting Middle-East](https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/) | [:closed_book:](../../blob/master/2017/2017.11.22.MuddyWater_APT)
|
||
* Nov 14 - [[Palo Alto Networks] Muddying the Water: Targeted Attacks in the Middle East](https://researchcenter.paloaltonetworks.com/2017/11/2017.11.14.Muddying_the_Water) | [:closed_book:](../../blob/master/2017/2017.11.14.Muddying_the_Water)
|
||
* Nov 10 - [[Palo Alto Networks] New Malware with Ties to SunOrcal Discovered](https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-ties-to-sunorcal-discovered/) | [:closed_book:](../../blob/master/2017/2017.11.10.New_Malware_with_Ties_to_SunOrcal_Discovered)
|
||
* Nov 07 - [[McAfee] Threat Group APT28 Slips Office Malware into Doc Citing NYC Terror Attack](https://securingtomorrow.mcafee.com/mcafee-labs/apt28-threat-group-adopts-dde-technique-nyc-attack-theme-in-latest-campaign/#sf151634298) | [:closed_book:](../../blob/master/2017/2017.11.07.APT28_Slips_Office_Malware)
|
||
* Nov 07 - [[Symantec] Sowbug: Cyber espionage group targets South American and Southeast Asian governments](https://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-south-american-and-southeast-asian-governments) | [:closed_book:](../../blob/master/2017/2017.11.07.sowbug-cyber-espionage-group-targets)
|
||
* Nov 06 - [[Trend Micro] ChessMaster’s New Strategy: Evolving Tools and Tactics](http://blog.trendmicro.com/trendlabs-security-intelligence/chessmasters-new-strategy-evolving-tools-tactics/) | [:closed_book:](../../blob/master/2017/2017.11.06.ChessMaster_New_Strategy)
|
||
* Nov 06 - [[Volexity] OceanLotus Blossoms: Mass Digital Surveillance and Attacks Targeting ASEAN, Asian Nations, the Media, Human Rights Groups, and Civil Society](https://www.volexity.com/blog/2017/11/06/oceanlotus-blossoms-mass-digital-surveillance-and-exploitation-of-asean-nations-the-media-human-rights-and-civil-society/) | [:closed_book:](../../blob/master/2017/2017.11.06.oceanlotus-blossomsk)
|
||
* Nov 02 - [[Palo Alto Networks] Recent InPage Exploits Lead to Multiple Malware Families](https://unit42.paloaltonetworks.com/unit42-recent-inpage-exploits-lead-multiple-malware-families/) | [:closed_book:](../../blob/master/2017/2017.11.02.InPage_Exploits)
|
||
* Nov 02 - [[PwC] The KeyBoys are back in town](http://www.pwc.co.uk/issues/cyber-security-data-privacy/research/the-keyboys-are-back-in-town.html) | [:closed_book:](../../blob/master/2017/2017.11.02.KeyBoys_are_back)
|
||
* Nov 02 - [[Clearsky] LeetMX – a Yearlong Cyber-Attack Campaign Against Targets in Latin America](http://www.clearskysec.com/leetmx/) | [:closed_book:](../../blob/master/2017/2017.11.02.LeetMX)
|
||
* Nov 02 - [[RISKIQ] New Insights into Energetic Bear’s Watering Hole Attacks on Turkish Critical Infrastructure](https://www.riskiq.com/blog/labs/energetic-bear/) | [:closed_book:](../../blob/master/2017/2017.11.02.Energetic_Bear_on_Turkish_Critical_Infrastructure)
|
||
* Oct 31 - [[Cybereason] Night of the Devil: Ransomware or wiper? A look into targeted attacks in Japan using MBR-ONI](https://www.cybereason.com/blog/night-of-the-devil-ransomware-or-wiper-a-look-into-targeted-attacks-in-japan) | [:closed_book:](../../blob/master/2017/2017.10.31.MBR-ONI.Japan)
|
||
* Oct 30 - [[Kaspersky] Gaza Cybergang – updated activity in 2017](https://securelist.com/gaza-cybergang-updated-2017-activity/82765/) | [:closed_book:](../../blob/master/2017/2017.10.30.Gaza_Cybergang)
|
||
* Oct 27 - [[Bellingcat] Bahamut Revisited, More Cyber Espionage in the Middle East and South Asia](https://www.bellingcat.com/resources/case-studies/2017/10/27/bahamut-revisited-cyber-espionage-middle-east-south-asia/) | [:closed_book:](../../blob/master/2017/2017.10.27.bahamut-revisited)
|
||
* Oct 24 - [[ClearSky] Iranian Threat Agent Greenbug Impersonates Israeli High-Tech and Cyber Security Companies](http://www.clearskysec.com/greenbug/) | [:closed_book:](../../blob/master/2017/2017.10.02.Aurora_Operation_CCleaner_II)
|
||
* Oct 19 - [[Bitdefender] Operation PZCHAO](https://download.bitdefender.com/resources/files/News/CaseStudies/study/185/Bitdefender-Business-2017-WhitePaper-PZCHAO-crea2452-en-EN-GenericUse.pdf) | [:closed_book:](../../blob/master/2017/2017.10.19.Operation_PZCHAO)
|
||
* Oct 16 - [[BAE Systems] Taiwan Heist: Lazarus Tools And Ransomware](https://baesystemsai.blogspot.kr/2017/10/taiwan-heist-lazarus-tools.html) | [:closed_book:](../../blob/master/2017/2017.10.16.Taiwan-Heist)
|
||
* Oct 16 - [[Kaspersky] BlackOasis APT and new targeted attacks leveraging zero-day exploit](https://securelist.com/blackoasis-apt-and-new-targeted-attacks-leveraging-zero-day-exploit/82732/) | [:closed_book:](../../blob/master/2017/2017.10.16.BlackOasis_APT)
|
||
* OCt 16 - [[Proofpoint] Leviathan: Espionage actor spearphishes maritime and defense targets](https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets) | [:closed_book:](../../blob/master/2017/2017.10.16.Leviathan)
|
||
* Oct 12 - [[Dell] BRONZE BUTLER Targets Japanese Enterprises](https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses) | [:closed_book:](../../blob/master/2017/2017.10.12.BRONZE_BUTLER)
|
||
* Oct 10 - [[Trustwave] Post Soviet Bank Heists](https://www.trustwave.com/Resources/Library/Documents/Post-Soviet-Bank-Heists/) | [:closed_book:](../../blob/master/2017/2017.10.02.Aurora_Operation_CCleaner_II)
|
||
* Oct 02 - [[intezer] Evidence Aurora Operation Still Active Part 2: More Ties Uncovered Between CCleaner Hack & Chinese Hackers]() | [:closed_book:](../../blob/master/2017/2017.10.02.Aurora_Operation_CCleaner_II)
|
||
* Sep XX - [[MITRE] APT3 Adversary Emulation Plan](https://attack.mitre.org/w/img_auth.php/6/6c/APT3_Adversary_Emulation_Plan.pdf) | [:closed_book:](../../blob/master/2017/2017.09.XX.APT3_Adversary_Emulation_Plan)
|
||
* Sep 28 - [[Palo Alto Networks] Threat Actors Target Government of Belarus Using CMSTAR Trojan](https://researchcenter.paloaltonetworks.com/2017/09/unit42-threat-actors-target-government-belarus-using-cmstar-trojan/) | [:closed_book:](../../blob/master/2017/2017.09.28.Belarus_CMSTAR_Trojan)
|
||
* Sep 20 - [[intezer] Evidence Aurora Operation Still Active: Supply Chain Attack Through CCleaner](http://www.intezer.com/evidence-aurora-operation-still-active-supply-chain-attack-through-ccleaner/) | [:closed_book:](../../blob/master/2017/2017.09.20.Aurora_Operation_CCleaner)
|
||
* Sep 20 - [[FireEye] Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware](https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html) | [:closed_book:](../../blob/master/2017/2017.09.20.apt33-insights-into-iranian-cyber-espionage)
|
||
* Sep 20 - [[CISCO] CCleaner Command and Control Causes Concern](http://blog.talosintelligence.com/2017/09/ccleaner-c2-concern.html) | [:closed_book:](../../blob/master/2017/2017.09.18.CCleanup)
|
||
* Sep 18 - [[CISCO] CCleanup: A Vast Number of Machines at Risk](http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html) | [:closed_book:](../../blob/master/2017/2017.09.18.CCleanup)
|
||
* Sep 12 - [[FireEye] FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY](https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute-finspy.html) | [:closed_book:](../../blob/master/2017/2017.09.12.FINSPY_CVE-2017-8759)
|
||
* Sep 06 - [[Symantec] Dragonfly: Western energy sector targeted by sophisticated attack group](https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group) | [:closed_book:](../../blob/master/2017/2017.09.06.dragonfly-western-energy-sector-targeted-sophisticated-attack-group)
|
||
* Sep 06 - [[Treadstone 71] Intelligence Games in the Power Grid](https://treadstone71llc.files.wordpress.com/2017/09/intelligence-games-in-the-power-grid-2016.pdf) | [:closed_book:](../../blob/master/2017/2017.09.06.intelligence-games-in-the-power-grid-2016)
|
||
* Aug 30 - [[ESET] Gazing at Gazer: Turla’s new second stage backdoor](https://www.welivesecurity.com/2017/08/30/eset-research-cyberespionage-gazer/) | [:closed_book:](../../blob/master/2017/2017.08.30.Gazing_at_Gazer)
|
||
* Aug 30 - [[Kaspersky] Introducing WhiteBear](https://securelist.com/introducing-whitebear/81638/) | [:closed_book:](../../blob/master/2017/2017.08.30.Introducing_WhiteBear)
|
||
* Aug 25 - [[Proofpoint] Operation RAT Cook: Chinese APT actors use fake Game of Thrones leaks as lures](https://www.proofpoint.com/us/threat-insight/post/operation-rat-cook-chinese-apt-actors-use-fake-game-thrones-leaks-lures) | [:closed_book:](../../blob/master/2017/2017.08.25.operation-rat-cook)
|
||
* Aug 18 - [[RSA] Russian Bank Offices Hit with Broad Phishing Wave](https://community.rsa.com/community/products/netwitness/blog/2017/08/18/russian-bank-offices-hit-with-broad-phishing-wave) | [:closed_book:](../../blob/master/2017/2017.08.18.Russian_Bank_Offices_Hit)
|
||
* Aug 17 - [[Proofpoint] Turla APT actor refreshes KopiLuwak JavaScript backdoor for use in G20-themed attack](https://www.proofpoint.com/us/threat-insight/post/turla-apt-actor-refreshes-kopiluwak-javascript-backdoor-use-g20-themed-attack) | [:closed_book:](../../blob/master/2017/2017.08.17.turla-apt-actor-refreshes-kopiluwak-javascript-backdoor)
|
||
* Aug 15 - [[Palo Alto Networks] The Curious Case of Notepad and Chthonic: Exposing a Malicious Infrastructure](https://researchcenter.paloaltonetworks.com/2017/08/unit42-the-curious-case-of-notepad-and-chthonic-exposing-a-malicious-infrastructure/) | [:closed_book:](../../blob/master/2017/2017.08.15.Notepad_and_Chthonic)
|
||
* Aug 11 - [[FireEye] APT28 Targets Hospitality Sector, Presents Threat to Travelers](https://www.fireeye.com/blog/threat-research/2017/08/apt28-targets-hospitality-sector.html) | [:closed_book:](../../blob/master/2017/2017.08.11.apt28-targets-hospitality-sector)
|
||
* Aug 08 - [[Kaspersky] APT Trends report Q2 2017](https://securelist.com/apt-trends-report-q2-2017/79332/) | [:closed_book:](../../blob/master/2017/2017.08.08.APT_Trends_Report_2017Q2)
|
||
* Aug 01 - [[Positive Research] Cobalt strikes back: an evolving multinational threat to finance](http://blog.ptsecurity.com/2017/08/cobalt-group-2017-cobalt-strikes-back.html) | [:closed_book:](../../blob/master/2017/2017.08.01.cobalt-group-2017-cobalt-strikes-back)
|
||
* Jul 27 - [[Trend Micro] ChessMaster Makes its Move: A Look into the Campaign’s Cyberespionage Arsenal](http://blog.trendmicro.com/trendlabs-security-intelligence/chessmaster-cyber-espionage-campaign/) | [:closed_book:](../../blob/master/2017/2017.07.27.chessmaster-cyber-espionage-campaign)
|
||
* Jul 27 - [[Palo Alto Networks] OilRig Uses ISMDoor Variant; Possibly Linked to Greenbug Threat Group](https://researchcenter.paloaltonetworks.com/2017/07/unit42-oilrig-uses-ismdoor-variant-possibly-linked-greenbug-threat-group/) | [:closed_book:](../../blob/master/2017/2017.07.27.oilrig-uses-ismdoor-variant-possibly-linked-greenbug-threat-group)
|
||
* Jul 27 - [[Clearsky, Trend Micro] Operation Wilted Tulip](http://www.clearskysec.com/wp-content/uploads/2017/07/Operation_Wilted_Tulip.pdf) | [:closed_book:](../../blob/master/2017/2017.07.27.Operation_Wilted_Tulip)
|
||
* Jul 24 - [[Palo Alto Networks] “Tick” Group Continues Attacks](https://researchcenter.paloaltonetworks.com/2017/07/unit42-tick-group-continues-attacks/) | [:closed_book:](../../blob/master/2017/2017.07.24.Tick_group)
|
||
* Jul 18 - [[Clearsky] Recent Winnti Infrastructure and Samples](http://www.clearskysec.com/winnti/) | [:closed_book:](../../blob/master/2017/2017.07.18.winnti)
|
||
* Jul 18 - [[Bitdefender] Inexsmar: An unusual DarkHotel campaign](https://labs.bitdefender.com/wp-content/uploads/downloads/inexsmar-an-unusual-darkhotel-campaign/) | [:closed_book:](../../blob/master/2017/2017.07.18.Inexsmar)
|
||
* Jul 11 - [[ProtectWise] Winnti Evolution - Going Open Source](https://www.protectwise.com/blog/winnti-evolution-going-open-source.html) | [:closed_book:](../../blob/master/2017/2017.07.11.winnti-evolution-going-open-source)
|
||
* Jul 10 - [[Trend Micro] OSX Malware Linked to Operation Emmental Hijacks User Network Traffic](http://blog.trendmicro.com/trendlabs-security-intelligence/osx_dok-mac-malware-emmental-hijacks-user-network-traffic/) | [:closed_book:](../../blob/master/2017/2017.07.10.osx_dok-mac-malware-emmental-hijacks-user-network-traffic)
|
||
* Jul 06 - [[Malware Party] Operation Desert Eagle](http://mymalwareparty.blogspot.tw/2017/07/operation-desert-eagle.html) | [:closed_book:](../../blob/master/2017/2017.07.06.Operation_Desert_Eagle)
|
||
* Jul 05 - [[Citizen Lab] Insider Information: An intrusion campaign targeting Chinese language news sites](https://citizenlab.org/2017/07/insider-information-an-intrusion-campaign-targeting-chinese-language-news-sites/) | [:closed_book:](../../blob/master/2017/2017.07.05.insider-information)
|
||
* Jun 30 - [[ESET] TeleBots are back: supply-chain attacks against Ukraine](https://www.welivesecurity.com/2017/06/30/telebots-back-supply-chain-attacks-against-ukraine/) | [:closed_book:](../../blob/master/2017/2017.06.30.telebots-back-supply-chain)
|
||
* Jun 30 - [[Kaspersky] From BlackEnergy to ExPetr](https://securelist.com/from-blackenergy-to-expetr/78937/) | [:closed_book:](../../blob/master/2017/2017.06.30.From_BlackEnergy_to_ExPetr)
|
||
* Jun 26 - [[Dell] Threat Group-4127 Targets Google Accounts](https://www.secureworks.com/research/threat-group-4127-targets-google-accounts) | [:closed_book:](../../blob/master/2017/2017.06.26.Threat_Group-4127)
|
||
* Jun 22 - [[Palo Alto Networks] The New and Improved macOS Backdoor from OceanLotus](https://www.secureworks.com/research/threat-group-4127-targets-google-accounts) | [:closed_book:](../../blob/master/2017/2017.06.22.new-improved-macos-backdoor-oceanlotus)
|
||
* Jun 22 - [[Trend Micro] Following the Trail of BlackTech’s Cyber Espionage Campaigns](http://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blacktech-cyber-espionage-campaigns/) | [:closed_book:](../../blob/master/2017/2017.06.22.following-trail-blacktech-cyber-espionage-campaigns)
|
||
* Jun 19 - [[root9B] SHELLTEA + POSLURP MALWARE: memory resident point-of-sale malware attacks industry](https://www.root9b.com/sites/default/files/whitepapers/PoS%20Malware%20ShellTea%20PoSlurp_0.pdf) | [:closed_book:](../../blob/master/2017/2017.06.19.SHELLTEA_POSLURP_MALWARE)
|
||
* Jun 18 - [[Palo Alto Networks] APT3 Uncovered: The code evolution of Pirpi](https://recon.cx/2017/montreal/resources/slides/RECON-MTL-2017-evolution_of_pirpi.pdf) | [:closed_book:](../../blob/master/2017/2017.06.18.APT3_Uncovered_The_code_evolution_of_Pirpi)
|
||
* Jun 15 - [[Recorded Future] North Korea Is Not Crazy](https://www.recordedfuture.com/north-korea-cyber-activity/) | [:closed_book:](../../blob/master/2017/2017.06.15.north-korea-cyber-activity)
|
||
* Jun 14 - [[ThreatConnect] KASPERAGENT Malware Campaign resurfaces in the run up to May Palestinian Authority Elections](https://www.threatconnect.com/blog/kasperagent-malware-campaign/) | [:closed_book:](../../blob/master/2017/2017.06.14.KASPERAGENT)
|
||
* Jun 13 - [[US-CERT] HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure](https://www.us-cert.gov/ncas/alerts/TA17-164A) | [:closed_book:](../../blob/master/2017/2017.06.13.HIDDEN_COBRA)
|
||
* Jun 12 - [[Dragos] CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations](https://dragos.com/blog/crashoverride/CrashOverride-01.pdf) | [:closed_book:](../../blob/master/2017/2017.06.12.CRASHOVERRIDE)
|
||
* Jun 12 - [[ESET] WIN32/INDUSTROYER A new threat for industrial control systems](https://www.welivesecurity.com/wp-content/uploads/2017/06/Win32_Industroyer.pdf) | [:closed_book:](../../blob/master/2017/2017.06.12.INDUSTROYER)
|
||
* May 30 - [[Group-IB] Lazarus Arisen: Architecture, Techniques and Attribution](http://www.group-ib.com/lazarus.html) | [:closed_book:](../../blob/master/2017/2017.05.30.Lazarus_Arisen)
|
||
* May 24 - [[Cybereason] OPERATION COBALT KITTY: A LARGE-SCALE APT IN ASIA CARRIED OUT BY THE OCEANLOTUS GROUP](https://www.cybereason.com/blog/operation-cobalt-kitty-apt) | [:closed_book:](../../blob/master/2017/2017.05.24.OPERATION_COBALT_KITTY)
|
||
* May 14 - [[FireEye] Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations](https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html) | [:closed_book:](../../blob/master/2017/2017.05.14.cyber-espionage-apt32)
|
||
* May 03 - [[Palo Alto Networks] Kazuar: Multiplatform Espionage Backdoor with API Access](http://researchcenter.paloaltonetworks.com/2017/05/unit42-kazuar-multiplatform-espionage-backdoor-api-acces) | [:closed_book:](../../blob/master/2017/2017.05.03.kazuar-multiplatform-espionage-backdoor-api-access)
|
||
* May 03 - [[CISCO] KONNI: A Malware Under The Radar For Years](http://blog.talosintelligence.com/2017/05/konni-malware-under-radar-for-years.html) | [:closed_book:](../../blob/master/2017/konni-malware-under-radar-for-years)
|
||
* Apr 27 - [[Morphisec] Iranian Fileless Attack Infiltrates Israeli Organizations](http://blog.morphisec.com/iranian-fileless-cyberattack-on-israel-word-vulnerability) | [:closed_book:](../../blob/master/2017/2017.04.27.iranian-fileless-cyberattack-on-israel-word-vulnerability)
|
||
* Apr 13 - [[F-SECURE] Callisto Group](https://www.f-secure.com/documents/996508/1030745/callisto-group) | [:closed_book:](../../blob/master/2017/2017.04.13.callisto-group)
|
||
* Apr 06 - [[PwC] Operation Cloud Hopper](https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-report-final-v4.pdf) | [:closed_book:](../../blob/master/2017/2017.04.06.Operation_Cloud_Hopper)
|
||
* Apr 05 - [[Palo Alto Networks, Clearsky] Targeted Attacks in the Middle East Using KASPERAGENT and MICROPSIA](https://researchcenter.paloaltonetworks.com/2017/04/unit42-targeted-attacks-middle-east-using-kasperagent-micropsia/) | [:closed_book:](../../blob/master/2017/2017.04.05.KASPERAGENT_and_MICROPSIA)
|
||
* Mar 15 - [[JPCERT] FHAPPI Campaign](http://blog.0day.jp/p/english-report-of-fhappi-freehosting.html) | [:closed_book:](../../blob/master/2017/2017.03.15.FHAPPI_Campaign)
|
||
* Mar 14 - [[Clearsky] Operation Electric Powder – Who is targeting Israel Electric Company?](http://www.clearskysec.com/iec/) | [:closed_book:](../../blob/master/2017/2017.03.14.Operation_Electric_Powder)
|
||
* Mar 06 - [[Kaspersky] From Shamoon to StoneDrill](https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/) | [:closed_book:](../../blob/master/2017/2017.03.06.from-shamoon-to-stonedrill)
|
||
* Feb 28 - [[IBM] Dridex’s Cold War: Enter AtomBombing](https://securityintelligence.com/dridexs-cold-war-enter-atombombing/) | [:closed_book:](../../blob/master/2017/2017.02.28.dridexs-cold-war-enter-atombombing)
|
||
* Feb 27 - [[Palo Alto Networks] The Gamaredon Group Toolset Evolution](http://researchcenter.paloaltonetworks.com/2017/02/unit-42-title-gamaredon-group-toolset-evolution/) | [:closed_book:](../../blob/master/2017/2017.02.27.gamaredon-group-toolset-evolution/)
|
||
* Feb 23 - [[Bitdefender] Dissecting the APT28 Mac OS X Payload](https://download.bitdefender.com/resources/files/News/CaseStudies/study/143/Bitdefender-Whitepaper-APT-Mac-A4-en-EN-web.pdf) | [:closed_book:](../../blob/master/2017/2017.02.23.APT28_Mac_OS_X_Payload)
|
||
* Feb 22 - [[FireEye] Spear Phishing Techniques Used in Attacks Targeting the Mongolian Government](https://www.fireeye.com/blog/threat-research/2017/02/spear_phishing_techn.html) | [:closed_book:](../../blob/master/2017/2017.02.22.Spear_Phishing_Mongolian_Government)
|
||
* Feb 21 - [[Arbor] Additional Insights on Shamoon2](https://www.arbornetworks.com/blog/asert/additional-insights-on-shamoon2/) | [:closed_book:](../../blob/master/2017/2017.02.21.Additional_Insights_on_Shamoon2)
|
||
* Feb 20 - [[BAE Systems] azarus' False Flag Malware](http://baesystemsai.blogspot.tw/2017/02/lazarus-false-flag-malware.html) | [:closed_book:](../../blob/master/2017/2017.02.20.Lazarus_False_Flag_Malware)
|
||
* Feb 17 - [[JPCERT] ChChes - Malware that Communicates with C&C Servers Using Cookie Headers](http://blog.jpcert.or.jp/2017/02/chches-malware--93d6.html) | [:closed_book:](../../blob/master/2017/2017.02.17.chches-malware)
|
||
* Feb 16 - [[BadCyber] Technical analysis of recent attacks against Polish banks](https://badcyber.com/technical-analysis-of-recent-attacks-against-polish-banks/) | [:closed_book:](../../blob/master/2017/2017.02.16.Technical_analysis_Polish_banks)
|
||
* Feb 15 - [[Morphick] Deep Dive On The DragonOK Rambo Backdoor](http://www.morphick.com/resources/news/deep-dive-dragonok-rambo-backdoor) | [:closed_book:](../../blob/master/2017/2017.02.15.deep-dive-dragonok-rambo-backdoor)
|
||
* Feb 15 - [[IBM] The Full Shamoon: How the Devastating Malware Was Inserted Into Networks](https://securityintelligence.com/the-full-shamoon-how-the-devastating-malware-was-inserted-into-networks/) | [:closed_book:](../../blob/master/2017/2017.02.15.the-full-shamoon)
|
||
* Feb 15 - [[Dell] Iranian PupyRAT Bites Middle Eastern Organizations](https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations) | [:closed_book:](../../blob/master/2017/2017.02.15.iranian-pupyrat-bites-middle-eastern-organizations)
|
||
* Feb 15 - [[Palo Alto Networks] Magic Hound Campaign Attacks Saudi Targets](http://researchcenter.paloaltonetworks.com/2017/02/unit42-magic-hound-campaign-attacks-saudi-targets/) | [:closed_book:](../../blob/master/2017/2017.02.15.magic-hound-campaign)
|
||
* Feb 14 - [[Medium] Operation Kingphish: Uncovering a Campaign of Cyber Attacks against Civil Society in Qatar and Nepal](https://medium.com/amnesty-insights/operation-kingphish-uncovering-a-campaign-of-cyber-attacks-against-civil-society-in-qatar-and-aa40c9e08852#.cly4mg1g8) | [:closed_book:](../../blob/master/2017/2017.02.14.Operation_Kingphish)
|
||
* Feb 12 - [[BAE Systems] Lazarus & Watering-Hole Attacks](https://baesystemsai.blogspot.tw/2017/02/lazarus-watering-hole-attacks.html) | [:closed_book:](../../blob/master/2017/2017.02.12.lazarus-watering-hole-attacks)
|
||
* Feb 10 - [[Cysinfo] Cyber Attack Targeting Indian Navy's Submarine And Warship Manufacturer](https://cysinfo.com/cyber-attack-targeting-indian-navys-submarine-warship-manufacturer/) | [:closed_book:](../../blob/master/2017/2017.02.10.cyber-attack-targeting-indian-navys-submarine-warship-manufacturer)
|
||
* Feb 10 - [[DHS] Enhanced Analysis of GRIZZLY STEPPE Activity](https://www.us-cert.gov/sites/default/files/publications/AR-17-20045_Enhanced_Analysis_of_GRIZZLY_STEPPE_Activity.pdf) | [:closed_book:](../../blob/master/2017/2017.02.10.Enhanced_Analysis_of_GRIZZLY_STEPPE)
|
||
* Feb 03 - [[RSA] KingSlayer A Supply chain attack](https://www.rsa.com/content/dam/pdfs/2-2017/kingslayer-a-supply-chain-attack.pdf) | [:closed_book:](../../blob/master/2017/2017.02.03.kingslayer-a-supply-chain-attack)
|
||
* Feb 03 - [[BadCyber] Several Polish banks hacked, information stolen by unknown attackers](https://badcyber.com/several-polish-banks-hacked-information-stolen-by-unknown-attackers/) | [:closed_book:](../../blob/master/2017/2017.02.03.several-polish-banks-hacked)
|
||
* Feb 02 - [[Proofpoint] Oops, they did it again: APT Targets Russia and Belarus with ZeroT and PlugX](https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx) | [:closed_book:](../../blob/master/2017/2017.02.02.APT_Targets_Russia_and_Belarus_with_ZeroT_and_PlugX)
|
||
* Jan 30 - [[Palo Alto Networks] Downeks and Quasar RAT Used in Recent Targeted Attacks Against Governments](http://researchcenter.paloaltonetworks.com/2017/01/unit42-downeks-and-quasar-rat-used-in-recent-targeted-attacks-against-governments/) | [:closed_book:](../../blob/master/2017/2017.01.30.downeks-and-quasar-rat-used-in-recent-targeted-attacks-against-governments)
|
||
* Jan 25 - [[Microsoft] Detecting threat actors in recent German industrial attacks with Windows Defender ATP](https://cloudblogs.microsoft.com/microsoftsecure/2017/01/25/detecting-threat-actors-in-recent-german-industrial-attacks-with-windows-defender-atp/?source=mmpc) | [:closed_book:](../../blob/master/2017/2017.01.25.german-industrial-attacks)
|
||
* Jan 19 - [[Cysinfo] URI Terror Attack & Kashmir Protest Themed Spear Phishing Emails Targeting Indian Embassies And Indian Ministry Of External Affairs](https://cysinfo.com/uri-terror-attack-spear-phishing-emails-targeting-indian-embassies-and-indian-mea/) | [:closed_book:](../../blob/master/2017/2017.01.19.uri-terror-attack)
|
||
* Jan 18 - [[Trustwave] Operation Grand Mars: Defending Against Carbanak Cyber Attacks](https://www.trustwave.com/Resources/Library/Documents/Operation-Grand-Mars--Defending-Against-Carbanak-Cyber-Attacks/) | [:closed_book:](../../blob/master/2017/2017.01.18.Operation-Grand-Mars)
|
||
* Jan 15 - [[tr1adx] Bear Spotting Vol. 1: Russian Nation State Targeting of Government and Military Interests](https://www.tr1adx.net/intel/TIB-00003.html) | [:closed_book:](../../blob/master/2017/2017.01.15.Bear_Spotting_Vol.1)
|
||
* Jan 12 - [[Kaspersky] The “EyePyramid” attacks](https://securelist.com/blog/incidents/77098/the-eyepyramid-attacks/) | [:closed_book:](../../blob/master/2017/2017.01.12.EyePyramid.attacks)
|
||
* Jan 11 - [[FireEye] APT28: AT THE CENTER OF THE STORM](https://www.fireeye.com/blog/threat-research/2017/01/apt28_at_the_center.html) | [:closed_book:](../../blob/master/2017/2017.01.11.apt28_at_the_center)
|
||
* Jan 09 - [[Palo Alto Networks] Second Wave of Shamoon 2 Attacks Identified](http://researchcenter.paloaltonetworks.com/2017/01/unit42-second-wave-shamoon-2-attacks-identified/) | [:closed_book:](../../blob/master/2017/2017.01.09.second-wave-shamoon-2-attacks-identified)
|
||
* Jan 05 - [[Clearsky] Iranian Threat Agent OilRig Delivers Digitally Signed Malware, Impersonates University of Oxford](http://www.clearskysec.com/oilrig/) | [:closed_book:](../../blob/master/2017/2017.01.05.Iranian_Threat_Agent_OilRig)
|
||
|
||
## 2016
|
||
* Dec 15 - [[Microsoft] PROMETHIUM and NEODYMIUM APT groups on Turkish citizens living in Turkey and various other European countries.](http://download.microsoft.com/download/E/B/0/EB0F50CC-989C-4B66-B7F6-68CD3DC90DE3/Microsoft_Security_Intelligence_Report_Volume_21_English.pdf) | [:closed_book:](../../blob/master/2016/2016.12.15.PROMETHIUM_and_NEODYMIUM)
|
||
* Dec 13 - [[ESET] The rise of TeleBots: Analyzing disruptive KillDisk attacks](http://www.welivesecurity.com/2016/12/13/rise-telebots-analyzing-disruptive-killdisk-attacks/) | [:closed_book:](../../blob/master/2016/2016.12.13.rise-telebots-analyzing-disruptive-killdisk-attacks)
|
||
* Nov 30 - [[Cysinfo] MALWARE ACTORS USING NIC CYBER SECURITY THEMED SPEAR PHISHING TO TARGET INDIAN GOVERNMENT ORGANIZATIONS](https://cysinfo.com/malware-actors-using-nic-cyber-security-themed-spear-phishing-target-indian-government-organizations/) | [:closed_book:](../../blob/master/2016/2016.11.30.nic-cyber-security-themed)
|
||
* Nov 22 - [[Palo Alto Networks] Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy](http://researchcenter.paloaltonetworks.com/2016/11/unit42-tropic-trooper-targets-taiwanese-government-and-fossil-fuel-provider-with-poison-ivy/) | [:closed_book:](../../blob/master/2016/2016.11.22.tropic-trooper-targets-taiwanese-government-and-fossil-fuel-provider-with-poison-ivy)
|
||
* Nov 09 - [[Fidelis] Down the H-W0rm Hole with Houdini's RAT](https://www.fidelissecurity.com/threatgeek/2016/11/down-h-w0rm-hole-houdinis-rat) | [:closed_book:](../../blob/master/2016/2016.11.09_down-the-h-w0rm-hole-with-houdinis-rat)
|
||
* Nov 03 - [[Booz Allen] When The Lights Went Out: Ukraine Cybersecurity Threat Briefing](http://www.boozallen.com/content/dam/boozallen/documents/2016/09/ukraine-report-when-the-lights-went-out.pdf) | [:closed_book:](../../blob/master/2016/2016.11.03.Ukraine_Cybersecurity_Threat_Briefing)
|
||
* Oct 31 - [[Palo Alto Networks] Emissary Trojan Changelog: Did Operation Lotus Blossom Cause It to Evolve?](http://researchcenter.paloaltonetworks.com/2016/02/emissary-trojan-changelog-did-operation-lotus-blossom-cause-it-to-evolve/) | [:closed_book:](../../blob/master/2016/2016.10.31.Emissary_Trojan_Changelog)
|
||
* Oct 27 - [[ESET] En Route with Sednit Part 3: A Mysterious Downloader](http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part3.pdf) | [:closed_book:](../../blob/master/2016/2016.10.27.En_Route_Part3)
|
||
* Oct 27 - [[Trend Micro] BLACKGEAR Espionage Campaign Evolves, Adds Japan To Target List](http://blog.trendmicro.com/trendlabs-security-intelligence/blackgear-espionage-campaign-evolves-adds-japan-target-list/) | [:closed_book:](../../blob/master/2016/2016.10.27.BLACKGEAR_Espionage_Campaign_Evolves)
|
||
* Oct 26 - [[Vectra Networks] Moonlight – Targeted attacks in the Middle East](http://blog.vectranetworks.com/blog/moonlight-middle-east-targeted-attacks) | [:closed_book:](../../blob/master/2016/2016.10.26.Moonlight_Middle_East)
|
||
* Oct 25 - [[Palo Alto Networks] Houdini’s Magic Reappearance](http://researchcenter.paloaltonetworks.com/2016/10/unit42-houdinis-magic-reappearance/) | [:closed_book:](../../blob/master/2016/2016.10.25.Houdini_Magic_Reappearance)
|
||
* Oct 25 - [[ESET] En Route with Sednit Part 2: Lifting the lid on Sednit: A closer look at the software it uses](http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf) | [:closed_book:](../../blob/master/2016/2016.10.25.Lifting_the_lid_on_Sednit)
|
||
* Oct 20 - [[ESET] En Route with Sednit Part 1: Approaching the Target](http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part1.pdf) | [:closed_book:](../../blob/master/2016/2016.10.20.En_Route_with_Sednit)
|
||
* Oct 17 - [[ThreatConnect] ThreatConnect identifies Chinese targeting of two companies. Economic espionage or military intelligence? ](https://www.threatconnect.com/blog/threatconnect-discovers-chinese-apt-activity-in-europe/) | [:closed_book:](../../blob/master/2016/2016.10.16.A_Tale_of_Two_Targets)
|
||
* Oct 05 - [[Kaspersky] Wave your false flags](https://securelist.com/files/2016/10/Bartholomew-GuerreroSaade-VB2016.pdf) | [:closed_book:](../../blob/master/2016/2016.10.05_Wave_Your_False_flag)
|
||
* Oct 03 - [[Kaspersky] On the StrongPity Waterhole Attacks Targeting Italian and Belgian Encryption Users](https://securelist.com/blog/research/76147/on-the-strongpity-waterhole-attacks-targeting-italian-and-belgian-encryption-users/) | [:closed_book:](../../blob/master/2016/2016.10.03.StrongPity)
|
||
* Sep 29 - [[NATO CCD COE] China and Cyber: Attitudes, Strategies, Organisation](https://ccdcoe.org/sites/default/files/multimedia/pdf/CS_organisation_CHINA_092016.pdf) | [:closed_book:](../../blob/master/2016/2016.09.29.China_and_Cyber_Attitudes_Strategies_Organisation)
|
||
* Sep 28 - [[Palo Alto Networks] Confucius Says…Malware Families Get Further By Abusing Legitimate Websites](https://unit42.paloaltonetworks.com/unit42-confucius-says-malware-families-get-further-by-abusing-legitimate-websites/) | [:closed_book:](../../blob/master/2016/2016.09.28.Confucius_Says)
|
||
* Sep 28 - [[ThreatConnect] Belling the BEAR: russia-hacks-bellingcat-mh17-investigation](https://www.threatconnect.com/blog/russia-hacks-bellingcat-mh17-investigation/) | [:closed_book:](../../blob/master/2016/2016.09.28.russia-hacks-bellingcat-mh17-investigation)
|
||
* Sep 26 - [[Palo Alto Networks] Sofacy’s ‘Komplex’ OS X Trojan](http://researchcenter.paloaltonetworks.com/2016/09/unit42-sofacys-komplex-os-x-trojan/) | [:closed_book:](../../blob/master/2016/2016.09.26_Sofacy_Komplex_OSX_Trojan)
|
||
* Sep 18 - [[Cyberkov] Hunting Libyan Scorpions](https://cyberkov.com/wp-content/uploads/2016/09/Hunting-Libyan-Scorpions-EN.pdf) | [:closed_book:](../../blob/master/2016/2016.09.18.Hunting-Libyan-Scorpions)
|
||
* Sep 14 - [[Palo Alto Networks] MILE TEA: Cyber Espionage Campaign Targets Asia Pacific Businesses and Government Agencies](http://researchcenter.paloaltonetworks.com/2016/09/mile-tea-cyber-espionage-campaign-targets-asia-pacific-businesses-and-government-agencies/) | [:closed_book:](../../blob/master/2016/2016.09.14.MILE_TEA)
|
||
* Sep 06 - [[Symantec] Buckeye cyberespionage group shifts gaze from US to Hong Kong](http://www.symantec.com/connect/blogs/buckeye-cyberespionage-group-shifts-gaze-us-hong-kong) | [:closed_book:](../../blob/master/2016/2016.09.06.buckeye-cyberespionage-group-shifts-gaze-us-hong-kong)
|
||
* Sep 01 - [[IRAN THREATS] MALWARE POSING AS HUMAN RIGHTS ORGANIZATIONS AND COMMERCIAL SOFTWARE TARGETING IRANIANS, FOREIGN POLICY INSTITUTIONS AND MIDDLE EASTERN COUNTRIES](https://iranthreats.github.io/resources/human-rights-impersonation-malware/) | [:closed_book:](../../blob/master/2016/2016.09.01.human-rights-impersonation-malware)
|
||
* Aug 25 - [[Lookout] Technical Analysis of Pegasus Spyware](https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf) | [:closed_book:](../../blob/master/2016/2016.08.25.lookout-pegasus-technical-analysis)
|
||
* Aug 24 - [[Citizen Lab] The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender](https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/) | [:closed_book:](../../blob/master/2016/2016.08.24.million-dollar-dissident-iphone-zero-day-nso-group-uae)
|
||
* Aug 19 - [[ThreatConnect] Russian Cyber Operations on Steroids](https://www.threatconnect.com/blog/fancy-bear-anti-doping-agency-phishing/) | [:closed_book:](../../blob/master/2016/2016.08.19.fancy-bear-anti-doping-agency-phishing)
|
||
* Aug 17 - [[Kaspersky] Operation Ghoul: targeted attacks on industrial and engineering organizations](https://securelist.com/blog/research/75718/operation-ghoul-targeted-attacks-on-industrial-and-engineering-organizations/) | [:closed_book:](../../blob/master/2016/2016.08.17_operation-ghoul)
|
||
* Aug 16 - [[Palo Alto Networks] Aveo Malware Family Targets Japanese Speaking Users](http://researchcenter.paloaltonetworks.com/2016/08/unit42-aveo-malware-family-targets-japanese-speaking-users/) | [:closed_book:](../../blob/master/2016/2016.08.16.aveo-malware-family-targets-japanese)
|
||
* Aug 11 - [[IRAN THREATS] Iran and the Soft War for Internet Dominance](https://iranthreats.github.io/us-16-Guarnieri-Anderson-Iran-And-The-Soft-War-For-Internet-Dominance-paper.pdf) | [:closed_book:](../../blob/master/2016/2016.08.11.Iran-And-The-Soft-War-For-Internet-Dominance)
|
||
* Aug 08 - [[Forcepoint] MONSOON](https://blogs.forcepoint.com/security-labs/monsoon-analysis-apt-campaign) | [:closed_book:](../../blob/master/2016/2016.08.08.monsoon-analysis-apt-campaign)
|
||
* Aug 08 - [[Kaspersky] ProjectSauron: top level cyber-espionage platform covertly extracts encrypted government comms](https://securelist.com/analysis/publications/75533/faq-the-projectsauron-apt/) | [:closed_book:](../../blob/master/2016/2016.08.08.ProjectSauron)
|
||
* Aug 07 - [[Symantec] Strider: Cyberespionage group turns eye of Sauron on targets](http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets) | [:closed_book:](../../blob/master/2016/2016.08.07.Strider_Cyberespionage_group_turns_eye_of_Sauron_on_targets)
|
||
* Aug 06 - [[360] APT-C-09](http://www.nsoad.com/Article/Network-security/20160806/269.html) | [:closed_book:](../../blob/master/2016/2016.08.06.APT-C-09)
|
||
* Aug 04 - [[Recorded Future] Running for Office: Russian APT Toolkits Revealed](https://www.recordedfuture.com/russian-apt-toolkits/) | [:closed_book:](../../blob/master/2016/2016.08.04.russian-apt-toolkits)
|
||
* Aug 03 - [[EFF] Operation Manul: I Got a Letter From the Government the Other Day...Unveiling a Campaign of Intimidation, Kidnapping, and Malware in Kazakhstan](https://www.eff.org/files/2016/08/03/i-got-a-letter-from-the-government.pdf) | [:closed_book:](../../blob/master/2016/2016.08.03.i-got-a-letter-from-the-government)
|
||
* Aug 02 - [[Citizen Lab] Group5: Syria and the Iranian Connection](https://citizenlab.org/2016/08/group5-syria/) | [:closed_book:](../../blob/master/2016/2016.08.02.group5-syria)
|
||
* Jul 28 - [[ICIT] China’s Espionage Dynasty](http://icitech.org/wp-content/uploads/2016/07/ICIT-Brief-China-Espionage-Dynasty.pdf) | [:closed_book:](../../blob/master/2016/2016.07.28.China_Espionage_Dynasty)
|
||
* Jul 26 - [[Palo Alto Networks] Attack Delivers ‘9002’ Trojan Through Google Drive](http://researchcenter.paloaltonetworks.com/2016/07/unit-42-attack-delivers-9002-trojan-through-google-drive/) | [:closed_book:](../../blob/master/2016/2016.07.26.Attack_Delivers_9002_Trojan_Through_Google_Drive)
|
||
* Jul 21 - [[360] Sphinx (APT-C-15) Targeted cyber-attack in the Middle East](https://ti.360.com/upload/report/file/rmsxden20160721.pdf) | [:closed_book:](../../blob/master/2016/2016.07.21.Sphinx_Targeted_cyber-attack_in_the_Middle_East)
|
||
* Jul 21 - [[RSA] Hide and Seek: How Threat Actors Respond in the Face of Public Exposure](https://www.rsaconference.com/writable/presentations/file_upload/tta1-f04_hide-and-seek-how-threat-actors-respond-in-the-face-of-public-exposure.pdf) | [:closed_book:](../../blob/master/2016/2016.07.21.Hide_and_Seek)
|
||
* Jul 13 - [[SentinelOne] State-Sponsored SCADA Malware targeting European Energy Companies](https://sentinelone.com/blogs/sfg-furtims-parent/) | [:closed_book:](../../blob/master/2016/2016.07.13.State-Sponsored_SCADA_Malware_targeting_European_Energy_Companies)
|
||
* Jul 12 - [[F-SECURE] NanHaiShu: RATing the South China Sea](https://www.f-secure.com/documents/996508/1030745/nanhaishu_whitepaper.pdf) | [:closed_book:](../../blob/master/2016/2016.07.12.NanHaiShu_RATing_the_South_China_Sea)
|
||
* Jul 08 - [[Kaspersky] The Dropping Elephant – aggressive cyber-espionage in the Asian region](https://securelist.com/blog/research/75328/the-dropping-elephant-actor/) | [:closed_book:](../../blob/master/2016/2016.07.08.The_Dropping_Elephant)
|
||
* Jul 07 - [[Proofpoint] NetTraveler APT Targets Russian, European Interests](https://www.proofpoint.com/us/threat-insight/post/nettraveler-apt-targets-russian-european-interests) | [:closed_book:](../../blob/master/2016/2016.07.07.nettraveler-apt-targets-russian-european-interests)
|
||
* Jul 07 - [[Cymmetria] UNVEILING PATCHWORK: THE COPY-PASTE APT](https://www.cymmetria.com/wp-content/uploads/2016/07/Unveiling-Patchwork.pdf) | [:closed_book:](../../blob/master/2016/2016.07.07.UNVEILING_PATCHWORK)
|
||
* Jul 03 - [[Check Point] From HummingBad to Worse ](http://blog.checkpoint.com/wp-content/uploads/2016/07/HummingBad-Research-report_FINAL-62916.pdf) | [:closed_book:](../../blob/master/2016/2016.07.03_From_HummingBad_to_Worse)
|
||
* Jul 01 - [[Bitdefender] Pacifier APT](http://download.bitdefender.com/resources/files/News/CaseStudies/study/115/Bitdefender-Whitepaper-PAC-A4-en-EN1.pdf) | [:closed_book:](../../blob/master/2016/2016.07.01.Bitdefender_Pacifier_APT)
|
||
* Jul 01 - [[ESET] Espionage toolkit targeting Central and Eastern Europe uncovered](http://www.welivesecurity.com/2016/07/01/espionage-toolkit-targeting-central-eastern-europe-uncovered/) | [:closed_book:](../../blob/master/2016/2016.07.01.SBDH_toolkit_targeting_Central_and_Eastern_Europe)
|
||
* Jun 30 - [[JPCERT] Asruex: Malware Infecting through Shortcut Files](http://blog.jpcert.or.jp/2016/06/asruex-malware-infecting-through-shortcut-files.html) | [:closed_book:](../../blob/master/2016/2016.06.30.Asruex)
|
||
* Jun 29 - [[Proofpoint] MONSOON – ANALYSIS OF AN APT CAMPAIGN](https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-security-labs-monsoon-analysis-report.pdf) | [:closed_book:](../../blob/master/2016/2016.06.29.MonSoon)
|
||
* Jun 28 - [[Palo Alto Networks] Prince of Persia – Game Over](http://researchcenter.paloaltonetworks.com/2016/06/unit42-prince-of-persia-game-over/) | [:closed_book:](../../blob/master/2016/2016.06.28.prince-of-persia-game-over)
|
||
* Jun 28 - [[JPCERT] (Japan)Attack Tool Investigation](https://www.jpcert.or.jp/research/20160628ac-ir_research.pdf) | [:closed_book:](../../blob/master/2016/2016.06.28.Attack_Tool_Investigation)
|
||
* Jun 26 - [[Trend Micro] The State of the ESILE/Lotus Blossom Campaign](http://blog.trendmicro.com/trendlabs-security-intelligence/the-state-of-the-esilelotus-blossom-campaign/) | [:closed_book:](../../blob/master/2016/2016.06.26.The_State_of_the_ESILE_Lotus_Blossom_Campaign)
|
||
* Jun 26 - [[Cylance] Nigerian Cybercriminals Target High-Impact Industries in India via Pony](https://blog.cylance.com/threat-update-nigerian-cybercriminals-target-high-impact-indian-industries-via-pony) | [:closed_book:](../../blob/master/2016/2016.06.26.Nigerian_Cybercriminals_Target_High_Impact_Industries_in_India)
|
||
* Jun 23 - [[Palo Alto Networks] Tracking Elirks Variants in Japan: Similarities to Previous Attacks](http://researchcenter.paloaltonetworks.com/2016/06/unit42-tracking-elirks-variants-in-japan-similarities-to-previous-attacks/) | [:closed_book:](../../blob/master/2016/2016.06.23.Tracking_Elirks_Variants_in_Japan)
|
||
* Jun 21 - [[Fortinet] The Curious Case of an Unknown Trojan Targeting German-Speaking Users](https://blog.fortinet.com/2016/06/21/the-curious-case-of-an-unknown-trojan-targeting-german-speaking-users) | [:closed_book:](../../blob/master/2016/2016.06.21.Unknown_Trojan_Targeting_German_Speaking_Users)
|
||
* Jun 21 - [[FireEye] Redline Drawn: China Recalculates Its Use of Cyber Espionage]( https://www.fireeye.com/content/dam/FireEye-www/current-threats/pdfs/rpt-china-espionage.pdf) | [:closed_book:](../../blob/master/2016/2016.06.21.Redline_Drawn_China_Recalculates_Its_Use_of_Cyber_Espionage)
|
||
* Jun 21 - [[ESET] Visiting The Bear Den](http://www.welivesecurity.com/wp-content/uploads/2016/06/visiting_the_bear_den_recon_2016_calvet_campos_dupuy-1.pdf) | [:closed_book:](../../blob/master/2016/2016.06.21.visiting_the_bear_den_recon_2016_calvet_campos_dupuy)
|
||
* Jun 17 - [[Kaspersky] Operation Daybreak](https://securelist.com/operation-daybreak/75100/) | [:closed_book:](../../blob/master/2016/2016.06.17.Operation_Daybreak)
|
||
* Jun 16 - [[Dell] Threat Group-4127 Targets Hillary Clinton Presidential Campaign](https://www.secureworks.com/research/threat-group-4127-targets-hillary-clinton-presidential-campaign) | [:closed_book:](../../blob/master/2016/2016.06.16.DNC)
|
||
* Jun 15 - [[CrowdStrike] Bears in the Midst: Intrusion into the Democratic National Committee](https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/) | [:closed_book:](../../blob/master/2016/2016.06.09.Operation_DustySky_II/)
|
||
* Jun 09 - [[Clearsky] Operation DustySky Part 2](http://www.clearskysec.com/wp-content/uploads/2016/06/Operation-DustySky2_-6.2016_TLP_White.pdf) | [:closed_book:](../../blob/master/2016/2016.06.09.Operation_DustySky_II/)
|
||
* Jun 02 - [[Trend Micro] FastPOS: Quick and Easy Credit Card Theft](http://documents.trendmicro.com/assets/fastPOS-quick-and-easy-credit-card-theft.pdf) | [:closed_book:](../../blob/master/2016/2016.06.02.fastpos-quick-and-easy-credit-card-theft/)
|
||
* May 27 - [[Trend Micro] IXESHE Derivative IHEATE Targets Users in America](http://blog.trendmicro.com/trendlabs-security-intelligence/ixeshe-derivative-iheate-targets-users-america/) | [:closed_book:](../../blob/master/2016/2016.05.27.IXESHE_Derivative_IHEATE_Targets_Users_in_America/)
|
||
* May 26 - [[Palo Alto Networks] The OilRig Campaign: Attacks on Saudi Arabian Organizations Deliver Helminth Backdoor](http://researchcenter.paloaltonetworks.com/2016/05/the-oilrig-campaign-attacks-on-saudi-arabian-organizations-deliver-helminth-backdoor/) | [:closed_book:](../../blob/master/2016/2016.05.26.OilRig_Campaign/)
|
||
* May 25 - [[Kaspersky] CVE-2015-2545: overview of current threats](https://securelist.com/analysis/publications/74828/cve-2015-2545-overview-of-current-threats/) | [:closed_book:](../../blob/master/2016/2016.05.25.CVE-2015-2545/)
|
||
* May 24 - [[Palo Alto Networks] New Wekby Attacks Use DNS Requests As Command and Control Mechanism](http://researchcenter.paloaltonetworks.com/2016/05/unit42-new-wekby-attacks-use-dns-requests-as-command-and-control-mechanism/) | [:closed_book:](../../blob/master/2016/2016.05.24.New_Wekby_Attacks)
|
||
* May 23 - [[MELANI:GovCERT] APT Case RUAG Technical Report](https://www.melani.admin.ch/dam/melani/en/dokumente/2016/technical%20report%20ruag.pdf.download.pdf/Report_Ruag-Espionage-Case.pdf) | [:closed_book:](../../blob/master/2016/2016.05.23.APT_Case_RUAG)
|
||
* May 22 - [[FireEye] TARGETED ATTACKS AGAINST BANKS IN THE MIDDLE EAST](https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html) | [:closed_book:](../../blob/master/2016/2016.05.22.Targeted_Attacks_Against_Banks_in_Middle_East)
|
||
* May 22 - [[Palo Alto Networks] Operation Ke3chang Resurfaces With New TidePool Malware](http://researchcenter.paloaltonetworks.com/2016/05/operation-ke3chang-resurfaces-with-new-tidepool-malware/) | [:closed_book:](../../blob/master/2016/2016.05.22.Operation_Ke3chang_Resurfaces_With_New_TidePool_Malware/)
|
||
* May 18 - [[ESET] Operation Groundbait: Analysis of a surveillance toolkit](http://www.welivesecurity.com/wp-content/uploads/2016/05/Operation-Groundbait.pdf) | [:closed_book:](../../blob/master/2016/2016.05.18.Operation_Groundbait/)
|
||
* May 17 - [[FOX-IT] Mofang: A politically motivated information stealing adversary](https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp-white.pdf) | [:closed_book:](../../blob/master/2016/2016.05.17.Mofang)
|
||
* May 17 - [[Symantec] Indian organizations targeted in Suckfly attacks](http://www.symantec.com/connect/ko/blogs/indian-organizations-targeted-suckfly-attacks) | [:closed_book:](../../blob/master/2016/2016.05.17.Indian_organizations_targeted_in_Suckfly_attacks/)
|
||
* May 10 - [[Trend Micro] Backdoor as a Software Suite: How TinyLoader Distributes and Upgrades PoS Threats](http://blog.trendmicro.com/trendlabs-security-intelligence/how-tinyloader-distributes-and-upgrades-pos-threats/) | [paper](http://documents.trendmicro.com/assets/tinypos-abaddonpos-ties-to-tinyloader.pdf) | [:closed_book:](../../blob/master/2016/2016.05.10.tinyPOS_tinyloader/)
|
||
* May 09 - [[CMU SEI] Using Honeynets and the Diamond Model for ICS Threat Analysis](http://resources.sei.cmu.edu/asset_files/TechnicalReport/2016_005_001_454247.pdf) | [:closed_book:](../../blob/master/2016/2016.05.09_ICS_Threat_Analysis/)
|
||
* May 06 - [[PwC] Exploring CVE-2015-2545 and its users](http://pwc.blogs.com/cyber_security_updates/2016/05/exploring-cve-2015-2545-and-its-users.html) | [:closed_book:](../../blob/master/2016/2016.05.06_Exploring_CVE-2015-2545/)
|
||
* May 05 - [[Forcepoint] Jaku: an on-going botnet campaign](https://www.forcepoint.com/sites/default/files/resources/files/report_jaku_analysis_of_botnet_campaign_en_0.pdf) | [:closed_book:](../../blob/master/2016/2016.05.05_Jaku_botnet_campaign/)
|
||
* May 02 - [[Team Cymru] GOZNYM MALWARE target US, AT, DE ](https://blog.team-cymru.org/2016/05/goznym-malware/) | [:closed_book:](../../blob/master/2016/2016.05.02.GOZNYM_MALWARE)
|
||
* May 02 - [[Palo Alto Networks] Prince of Persia: Infy Malware Active In Decade of Targeted Attacks](http://researchcenter.paloaltonetworks.com/2016/05/prince-of-persia-infy-malware-active-in-decade-of-targeted-attacks/) | [:closed_book:](../../blob/master/2016/2016.05.02.Prince_of_Persia_Infy_Malware/)
|
||
* Apr 27 - [[Kaspersky] Repackaging Open Source BeEF for Tracking and More](https://securelist.com/blog/software/74503/freezer-paper-around-free-meat/) | [:closed_book:](../../blob/master/2016/2016.04.27.Repackaging_Open_Source_BeEF)
|
||
* Apr 26 - [[Financial Times] Cyber warfare: Iran opens a new front](http://www.ft.com/intl/cms/s/0/15e1acf0-0a47-11e6-b0f1-61f222853ff3.html#axzz478cZz3ao) | [:closed_book:](../../blob/master/2016/2016.04.26.Iran_Opens_a_New_Front/)
|
||
* Apr 26 - [[Arbor] New Poison Ivy Activity Targeting Myanmar, Asian Countries](https://www.arbornetworks.com/blog/asert/recent-poison-iv/) | [:closed_book:](../../blob/master/2016/2016.04.26.New_Poison_Ivy_Activity_Targeting_Myanmar_Asian_Countries/)
|
||
* Apr 22 - [[Cylance] The Ghost Dragon](https://blog.cylance.com/the-ghost-dragon) | [:closed_book:](../../blob/master/2016/2016.04.22.the-ghost-dragon)
|
||
* Apr 21 - [[SentinelOne] Teaching an old RAT new tricks](https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/) | [:closed_book:](../../blob/master/2016/2016.04.21.Teaching_an_old_RAT_new_tricks/)
|
||
* Apr 21 - [[Palo Alto Networks] New Poison Ivy RAT Variant Targets Hong Kong Pro-Democracy Activists](http://researchcenter.paloaltonetworks.com/2016/04/unit42-new-poison-ivy-rat-variant-targets-hong-kong-pro-democracy-activists/) | [:closed_book:](../../blob/master/2016/2016.04.21.New_Poison_Ivy_RAT_Variant_Targets_Hong_Kong/)
|
||
* Apr 18 - [[Citizen Lab] Between Hong Kong and Burma: Tracking UP007 and SLServer Espionage Campaigns](https://citizenlab.org/2016/04/between-hong-kong-and-burma/) | [:closed_book:](../../blob/master/2016/2016.04.18.UP007/)
|
||
* Apr 15 - [[SANS] Detecting and Responding Pandas and Bears](http://files.sans.org/summit/Threat_Hunting_Incident_Response_Summit_2016/PDFs/Detecting-and-Responding-to-Pandas-and-Bears-Christopher-Scott-CrowdStrike-and-Wendi-Whitmore-IBM.pdf) | [:closed_book:](../../blob/master/2016/2016.04.15.pandas_and_bears/)
|
||
* Apr 12 - [[Microsoft] PLATINUM: Targeted attacks in South and Southeast Asia](http://download.microsoft.com/download/2/2/5/225BFE3E-E1DE-4F5B-A77B-71200928D209/Platinum%20feature%20article%20-%20Targeted%20attacks%20in%20South%20and%20Southeast%20Asia%20April%202016.pdf) | [:closed_book:](../../blob/master/2016/2016.04.12.PLATINUM_Targeted_attacks_in_South_and_Southeast_Asia/)
|
||
* Mar 25 - [[Palo Alto Networks] ProjectM: Link Found Between Pakistani Actor and Operation Transparent Tribe](http://researchcenter.paloaltonetworks.com/2016/03/unit42-projectm-link-found-between-pakistani-actor-and-operation-transparent-tribe/?utm_medium=email&utm_source=Adobe%20Campaign&utm_campaign=Unit%2042%20Blog%20Updates%2031Mar16) | [:closed_book:](../../blob/master/2016/2016.03.25.ProjectM/)
|
||
* Mar 23 - [[Trend Micro] Operation C-Major: Information Theft Campaign Targets Military Personnel in India](http://blog.trendmicro.com/trendlabs-security-intelligence/indian-military-personnel-targeted-by-information-theft-campaign/) | [:closed_book:](../../blob/master/2016/2016.03.23.Operation_C_Major/)
|
||
* Mar 18 - [[SANS] Analysis of the Cyber Attack on the Ukrainian Power Grid: Defense Use Case](https://ics.sans.org/media/E-ISAC_SANS_Ukraine_DUC_5.pdf) | [:closed_book:](../../blob/master/2016/2016.03.18.Analysis_of_the_Cyber_Attack_on_the_Ukrainian_Power_Grid/)
|
||
* Mar 17 - [[PwC] Taiwan Presidential Election: A Case Study on Thematic Targeting](http://pwc.blogs.com/cyber_security_updates/2016/03/taiwant-election-targetting.html) | [:closed_book:](../../blob/master/2016/2016.03.17.Taiwan-election-targetting/)
|
||
* Mar 15 - [[Symantec] Suckfly: Revealing the secret life of your code signing certificates](http://www.symantec.com/connect/blogs/suckfly-revealing-secret-life-your-code-signing-certificates) | [:closed_book:](../../blob/master/2016/2016.03.15.Suckfly)
|
||
* Mar 14 - [[Proofpoint] Bank robbery in progress: New attacks from Carbanak group target banks in Middle East and US](https://www.proofpoint.com/us/threat-insight/post/carbanak-cybercrime-group-targets-executives-of-financial-organizations-in-middle-east) | [:closed_book:](../../blob/master/2016/2016.03.14.Carbanak_cybercrime_group)
|
||
* Mar 10 - [[Citizen Lab] Shifting Tactics: Tracking changes in years-long espionage campaign against Tibetans](https://citizenlab.org/2016/03/shifting-tactics/) | [:closed_book:](../../blob/master/2016/2016.03.10.shifting-tactics)
|
||
* Mar 09 - [[FireEye] LESSONS FROM OPERATION RUSSIANDOLL](https://www.fireeye.com/blog/threat-research/2016/03/lessons-from-operation-russian-doll.html) | [:closed_book:](../../blob/master/2016/2016.03.09.Operation_RussianDoll)
|
||
* Mar 08 - [[360] Operation OnionDog: A 3 Year Old APT Focused On the Energy and Transportation Industries in Korean-language Countries](http://www.prnewswire.com/news-releases/onion-dog-a-3-year-old-apt-focused-on-the-energy-and-transportation-industries-in-korean-language-countries-is-exposed-by-360-300232441.html) | [:closed_book:](../../blob/master/2016/2016.03.08.OnionDog)
|
||
* Mar 03 - [[Recorded Future] Shedding Light on BlackEnergy With Open Source Intelligence](https://www.recordedfuture.com/blackenergy-malware-analysis/) | [:closed_book:](../../blob/master/2016/2016.03.03.Shedding_Light_BlackEnergy)
|
||
* Mar 01 - [[Proofpoint] Operation Transparent Tribe - APT Targeting Indian Diplomatic and Military Interests](https://www.proofpoint.com/us/threat-insight/post/Operation-Transparent-Tribe) | [:closed_book:](../../blob/master/2016/2016.03.01.Operation_Transparent_Tribe/)
|
||
* Feb 29 - [[Fidelis] The Turbo Campaign, Featuring Derusbi for 64-bit Linux](https://www.fidelissecurity.com/sites/default/files/TA_Fidelis_Turbo_1602_0.pdf) | [:closed_book:](../../blob/master/2016/2016.02.24.Operation_Blockbuster)
|
||
* Feb 24 - [[NOVETTA] Operation Blockbuster](https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf) | [:closed_book:](../../blob/master/2016/2016.02.24.Operation_Blockbuster)
|
||
* Feb 23 - [[Cylance] OPERATION DUST STORM](https://www.cylance.com/hubfs/2015_cylance_website/assets/operation-dust-storm/Op_Dust_Storm_Report.pdf?t=1456355696065) | [:closed_book:](../../blob/master/2016/2016.02.23.Operation_Dust_Storm)
|
||
* Feb 12 - [[Palo Alto Networks] A Look Into Fysbis: Sofacy’s Linux Backdoor](http://researchcenter.paloaltonetworks.com/2016/02/a-look-into-fysbis-sofacys-linux-backdoor/) | [:closed_book:](../../blob/master/2016/2016.02.12.Fysbis_Sofacy_Linux_Backdoor)
|
||
* Feb 11 - [[Recorded Future] Hacktivism: India vs. Pakistan](https://www.recordedfuture.com/india-pakistan-cyber-rivalry/) | [:closed_book:](../../blob/master/2016/2016.02.11.Hacktivism_India_vs_Pakistan)
|
||
* Feb 09 - [[Kaspersky] Poseidon Group: a Targeted Attack Boutique specializing in global cyber-espionage](https://securelist.com/blog/research/73673/poseidon-group-a-targeted-attack-boutique-specializing-in-global-cyber-espionage/) | [:closed_book:](../../blob/master/2016/2016.02.09_Poseidon_APT_Boutique)
|
||
* Feb 08 - [[ICIT] Know Your Enemies 2.0: A Primer on Advanced Persistent Threat Groups](http://icitech.org/know-your-enemies-2-0/) | [:closed_book:](../../blob/master/2016/2016.02.08.Know_Your_Enemies_2.0)
|
||
* Feb 04 - [[Palo Alto Networks] T9000: Advanced Modular Backdoor Uses Complex Anti-Analysis Techniques](http://researchcenter.paloaltonetworks.com/2016/02/t9000-advanced-modular-backdoor-uses-complex-anti-analysis-techniques/) | [:closed_book:](../../blob/master/2016/2016.02.04_PaloAlto_T9000-Advanced-Modular-Backdoor)
|
||
* Feb 03 - [[Palo Alto Networks] Emissary Trojan Changelog: Did Operation Lotus Blossom Cause It to Evolve?](http://researchcenter.paloaltonetworks.com/2016/02/emissary-trojan-changelog-did-operation-lotus-blossom-cause-it-to-evolve/) | [:closed_book:](../../blob/master/2016.02.03.Emissary_Trojan_Changelog)
|
||
* Feb 01 - [[Sucuri] Massive Admedia/Adverting iFrame Infection](https://blog.sucuri.net/2016/02/massive-admedia-iframe-javascript-infection.html) | [:closed_book:](../../blob/master/2016/2016.02.01.Massive_Admedia_Adverting_iFrame_Infection)
|
||
* Feb 01 - [[IBM] Organized Cybercrime Big in Japan: URLZone Now on the Scene](https://securityintelligence.com/organized-cybercrime-big-in-japan-urlzone-now-on-the-scene/) | [:closed_book:](../../blob/master/2016/2016.02.01.URLzone_Team)
|
||
* Jan 29 - [[F5] Tinbapore: Millions of Dollars at Risk](https://devcentral.f5.com/d/tinbapore-millions-of-dollars-at-risk?download=true) | [:closed_book:](../../blob/master/2016/2016.01.29.Tinbapore_Attack)
|
||
* Jan 29 - [[Zscaler] Malicious Office files dropping Kasidet and Dridex](http://research.zscaler.com/2016/01/malicious-office-files-dropping-kasidet.html) | [:closed_book:](../../blob/master/2016/2016.01.29.Malicious_Office_files_dropping_Kasidet_and_Dridex)
|
||
* Jan 28 - [[Kaspersky] BlackEnergy APT Attacks in Ukraine employ spearphishing with Word documents](https://securelist.com/blog/research/73440/blackenergy-apt-attacks-in-ukraine-employ-spearphishing-with-word-documents/) | [:closed_book:](../../blob/master/2016/2016.01.28.BlackEnergy_APT)
|
||
* Jan 27 - [[Fidelis] Dissecting the Malware Involved in the INOCNATION Campaign](https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_FINAL.pdf) | [:closed_book:](../../blob/master/2016/2016.01.27.Hi-Zor.RAT)
|
||
* Jan 26 - [[SentinelOne] Analyzing a New Variant of BlackEnergy 3](https://www.sentinelone.com/wp-content/uploads/2016/01/BlackEnergy3_WP_012716_1c.pdf) | [:closed_book:](../../blob/master/2016/2016.01.26.BlackEnergy3)
|
||
* Jan 24 - [[Palo Alto Networks] Scarlet Mimic: Years-Long Espionage Campaign Targets Minority Activists](http://researchcenter.paloaltonetworks.com/2016/01/scarlet-mimic-years-long-espionage-targets-minority-activists/) | [:closed_book:](../../blob/master/2016/2016.01.24_Scarlet_Minic)
|
||
* Jan 21 - [[Palo Alto Networks] NetTraveler Spear-Phishing Email Targets Diplomat of Uzbekistan](http://researchcenter.paloaltonetworks.com/2016/01/nettraveler-spear-phishing-email-targets-diplomat-of-uzbekistan/) | [:closed_book:](../../blob/master/2016/2016.01.21.NetTraveler_Uzbekistan)
|
||
* Jan 19 - [[360] 2015 APT Annual Report](https://ti.360.com/upload/report/file/2015.APT.Annual_Report.pdf) | [:closed_book:](../../blob/master/2016/2016.01.19.360_APT_Report)
|
||
* Jan 14 - [[CISCO] RESEARCH SPOTLIGHT: NEEDLES IN A HAYSTACK](http://blog.talosintel.com/2016/01/haystack.html#more) | [:closed_book:](../../blob/master/2016/2016.01.14_Cisco_Needles_in_a_Haystack)
|
||
* Jan 14 - [[Symantec] The Waterbug attack group](https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/waterbug-attack-group.pdf) | [:closed_book:](../../blob/master/2016/2016.01.14.The.Waterbug.Attack.Group/)
|
||
* Jan 07 - [[Clearsky] Operation DustySky](http://www.clearskysec.com/wp-content/uploads/2016/01/Operation%20DustySky_TLP_WHITE.pdf) | [:closed_book:](../../blob/master/2016/2016.01.07.Operation_DustySky)
|
||
* Jan 07 - [[CISCO] RIGGING COMPROMISE - RIG EXPLOIT KIT](http://blog.talosintel.com/2016/01/rigging-compromise.html) | [:closed_book:](../../blob/master/2016/2016.01.07.rigging-compromise)
|
||
* Jan 03 - [[ESET] BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry](http://www.welivesecurity.com/2016/01/03/blackenergy-sshbeardoor-details-2015-attacks-ukrainian-news-media-electric-industry/) | [:closed_book:](../../blob/master/2016/2016.01.03.BlackEnergy_Ukrainian)
|
||
|
||
## 2015
|
||
* Dec 23 - [[PwC] ELISE: Security Through Obesity](http://pwc.blogs.com/cyber_security_updates/2015/12/elise-security-through-obesity.html) | [:closed_book:](../../blob/master/2015/2015.12.13.ELISE)
|
||
* Dec 22 - [[Palo Alto Networks] BBSRAT Attacks Targeting Russian Organizations Linked to Roaming Tiger](http://researchcenter.paloaltonetworks.com/2015/12/bbsrat-attacks-targeting-russian-organizations-linked-to-roaming-tiger/) | [:closed_book:](../../blob/master/2015/2015.12.22.BBSRAT_Roaming_Tiger)
|
||
* Dec 20 - [[FireEye] The EPS Awakens - Part 2](https://www.fireeye.com/blog/threat-research/2015/12/the-eps-awakens-part-two.html) | [:closed_book:](../../blob/master/2015/2015.12.20.EPS_Awakens_Part_II)
|
||
* Dec 18 - [[Palo Alto Networks] Attack on French Diplomat Linked to Operation Lotus Blossom](http://researchcenter.paloaltonetworks.com/2015/12/attack-on-french-diplomat-linked-to-operation-lotus-blossom/) | [:closed_book:](../../blob/master/2015/2015.12.18.Attack_on_Frence_Diplomat_Linked_To_Operation_Lotus_Blossom)
|
||
* Dec 16 - [[Bitdefender] APT28 Under the Scope - A Journey into Exfiltrating Intelligence and Government Information](http://download.bitdefender.com/resources/media/materials/white-papers/en/Bitdefender_In-depth_analysis_of_APT28%E2%80%93The_Political_Cyber-Espionage.pdf) | [:closed_book:](../../blob/master/2015/2015.12.17.APT28_Under_The_Scope)
|
||
* Dec 16 - [[Trend Micro] Operation Black Atlas, Part 2: Tools and Malware Used and How to Detect Them](http://documents.trendmicro.com/assets/Operation_Black%20Atlas_Technical_Brief.pdf) | [:closed_book:](../../blob/master/2015/2015.12.16.INOCNATION.Campaign)
|
||
* Dec 16 - [[Fidelis] Dissecting the Malware Involved in the INOCNATION Campaign](https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_FINAL.pdf) | [:closed_book:](../../blob/master/2015/2015.12.16.INOCNATION.Campaign)
|
||
* Dec 15 - [[AirBus] Newcomers in the Derusbi family](http://blog.airbuscybersecurity.com/post/2015/11/Newcomers-in-the-Derusbi-family) | [:closed_book:](../../blob/master/2015/2015.12.15.Newcomers_in_the_Derusbi_family)
|
||
* Dec 08 - [[Citizen Lab] Packrat: Seven Years of a South American Threat Actor](https://citizenlab.org/2015/12/packrat-report/) | [:closed_book:](../../blob/master/2015/2015.12.08.Packrat)
|
||
* Dec 07 - [[FireEye] Financial Threat Group Targets Volume Boot Record](https://www.fireeye.com/blog/threat-research/2015/12/fin1-targets-boot-record.html) | [:closed_book:](../../blob/master/2015/2015.12.07.Thriving_Beyond_The_Operating_System)
|
||
* Dec 07 - [[Symantec] Iran-based attackers use back door threats to spy on Middle Eastern targets](http://www.symantec.com/connect/blogs/iran-based-attackers-use-back-door-threats-spy-middle-eastern-targets) | [:closed_book:](../../blob/master/2015/2015.12.07.Iran-based)
|
||
* Dec 04 - [[Kaspersky] Sofacy APT hits high profile targets with updated toolset](https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/) | [:closed_book:](../../blob/master/2015/2015.12.04.Sofacy_APT)
|
||
* Dec 01 - [[FireEye] China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets](https://www.fireeye.com/blog/threat-research/2015/11/china-based-threat.html) | [:closed_book:](../../blob/master/2015/2015.12.01.China-based_Cyber_Threat_Group_Uses_Dropbox_for_Malware_Communications_and_Targets_Hong_Kong_Media_Outlets)
|
||
* Nov 30 - [[FOX-IT] Ponmocup A giant hiding in the shadows](https://foxitsecurity.files.wordpress.com/2015/12/foxit-whitepaper_ponmocup_1_1.pdf) | [:closed_book:](../../blob/master/2015/2015.11.30.Ponmocup)
|
||
* Nov 24 - [[Palo Alto Networks] Attack Campaign on the Government of Thailand Delivers Bookworm Trojan](http://researchcenter.paloaltonetworks.com/2015/11/attack-campaign-on-the-government-of-thailand-delivers-bookworm-trojan/) | [:closed_book:](../../blob/master/2015/2015.11.24.Attack_Campaign_on_the_Government_of_Thailand_Delivers_Bookworm_Trojan)
|
||
* Nov 23 - [[Minerva Labs, ClearSky] CopyKittens Attack Group](https://s3-eu-west-1.amazonaws.com/minervaresearchpublic/CopyKittens/CopyKittens.pdf) | [:closed_book:](../../blob/master/2015/2015.11.23.CopyKittens_Attack_Group)
|
||
* Nov 23 - [[RSA] PEERING INTO GLASSRAT](https://blogs.rsa.com/wp-content/uploads/2015/11/GlassRAT-final.pdf) | [:closed_book:](../../blob/master/2015/2015.11.23.PEERING_INTO_GLASSRAT)
|
||
* Nov 23 - [[Trend Micro] Prototype Nation: The Chinese Cybercriminal Underground in 2015](http://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/prototype-nation-the-chinese-cybercriminal-underground-in-2015/?utm_source=siblog&utm_medium=referral&utm_campaign=2015-cn-ug) | [:closed_book:](../../blob/master/2015/2015.11.23.Prototype_Nation_The_Chinese_Cybercriminal_Underground_in_2015)
|
||
* Nov 19 - [[Kaspersky] Russian financial cybercrime: how it works](https://securelist.com/analysis/publications/72782/russian-financial-cybercrime-how-it-works/) | [:closed_book:](../../blob/master/2015/2015.11.18.Russian_financial_cybercrime_how_it_works)
|
||
* Nov 19 - [[JPCERT] Decrypting Strings in Emdivi](http://blog.jpcert.or.jp/2015/11/decrypting-strings-in-emdivi.html) | [:closed_book:](../../blob/master/2015/2015.11.19.decrypting-strings-in-emdivi)
|
||
* Nov 18 - [[Palo Alto Networks] TDrop2 Attacks Suggest Dark Seoul Attackers Return](http://researchcenter.paloaltonetworks.com/2015/11/tdrop2-attacks-suggest-dark-seoul-attackers-return/) | [:closed_book:](../../blob/master/2015/2015.11.18.tdrop2)
|
||
* Nov 18 - [[CrowdStrike] Sakula Reloaded](http://blog.crowdstrike.com/sakula-reloaded/) | [:closed_book:](../../blob/master/2015/2015.11.18.Sakula_Reloaded)
|
||
* Nov 18 - [[Damballa] Damballa discovers new toolset linked to Destover Attacker’s arsenal helps them to broaden attack surface](https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2015/2015.11.18.Destover/amballa-discovers-new-toolset-linked-to-destover-attackers-arsenal-helps-them-to-broaden-attack-surface.pdf) | [:closed_book:](../../blob/master/2015/2015.11.18.Destover)
|
||
* Nov 16 - [[FireEye] WitchCoven: Exploiting Web Analytics to Ensnare Victims](https://www2.fireeye.com/threat-intel-report-WITCHCOVEN.html) | [:closed_book:](../../blob/master/2015/2015.11.17.Pinpointing_Targets_Exploiting_Web_Analytics_to_Ensnare_Victims)
|
||
* Nov 10 - [[Palo Alto Networks] Bookworm Trojan: A Model of Modular Architecture](http://researchcenter.paloaltonetworks.com/2015/11/bookworm-trojan-a-model-of-modular-architecture/) | [:closed_book:](../../blob/master/2015/2015.11.10.bookworm-trojan-a-model-of-modular-architecture)
|
||
* Nov 09 - [[Check Point] Rocket Kitten: A Campaign With 9 Lives](http://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdf) | [:closed_book:](../../blob/master/2015/2015.11.09.Rocket_Kitten_A_Campaign_With_9_Lives)
|
||
* Nov 04 - [[RSA] Evolving Threats:dissection of a CyberEspionage attack](http://www.rsaconference.com/writable/presentations/file_upload/cct-w08_evolving-threats-dissection-of-a-cyber-espionage-attack.pdf) | [:closed_book:](../../blob/master/2015/2015.11.04_Evolving_Threats)
|
||
* Oct 16 - [[Citizen Lab] Targeted Malware Attacks against NGO Linked to Attacks on Burmese Government Websites](https://citizenlab.org/2015/10/targeted-attacks-ngo-burma/)(https://otx.alienvault.com/pulse/5621208f4637f21ecf2aac36/) | [:closed_book:](../../blob/master/2015/2015.10.16.NGO_Burmese_Government)
|
||
* Oct 15 - [[Citizen Lab] Pay No Attention to the Server Behind the Proxy: Mapping FinFisher’s Continuing Proliferation](https://citizenlab.org/2015/10/mapping-finfishers-continuing-proliferation/) | [:closed_book:](../../blob/master/2015/2015.10.15.FinFisher_Continuing)
|
||
* Oct 05 - [[Recorded Future] Proactive Threat Identification Neutralizes Remote Access Trojan Efficacy](http://go.recordedfuture.com/hubfs/reports/threat-identification.pdf) | [:closed_book:](../../blob/master/2015/2015.10.05.Proactive_Threat_Identification)
|
||
* Oct 03 - [[Cybereason] Webmail Server APT: A New Persistent Attack Methodology Targeting Microsoft Outlook Web Application (OWA)](http://go.cybereason.com/rs/996-YZT-709/images/Cybereason-Labs-Analysis-Webmail-Sever-APT.pdf) | [:closed_book:](../../blob/master/2015/2015.10.03.Webmail_Server_APT)
|
||
* Sep 23 - [[ThreatConnect] PROJECT CAMERASHY: CLOSING THE APERTURE ON CHINA’S UNIT 78020](https://www.threatconnect.com/camerashy-intro/) | [PDF](https://cdn2.hubspot.net/hubfs/454298/Project_CAMERASHY_ThreatConnect_Copyright_2015.pdf) | [:closed_book:](../../blob/master/2015/2015.09.23.CAMERASHY_ThreatConnect)
|
||
* Sep 17 - [[F-SECURE] The Dukes 7 Years of Russian Cyber Espionage](https://labsblog.f-secure.com/2015/09/17/the-dukes-7-years-of-russian-cyber-espionage/) - [PDF](https://www.f-secure.com/documents/996508/1030745/dukes_whitepaper.pdf) | [:closed_book:](../../blob/master/2015/2015.09.17.duke_russian)
|
||
* Sep 16 - [[Proofpoint] The shadow knows: Malvertising campaigns use domain shadowing to pull in Angler EK](https://www.proofpoint.com/us/threat-insight/post/The-Shadow-Knows) | [:closed_book:](../../blob/master/2015/2015.09.16.The-Shadow-Knows)
|
||
* Sep 16 - [[Trend Micro] Operation Iron Tiger: How China-Based Actors Shifted Attacks from APAC to US Targets](http://newsroom.trendmicro.com/blog/operation-iron-tiger-attackers-shift-east-asia-united-states) | [IOC](https://otx.alienvault.com/pulse/55f9910967db8c6fb35179bd/) | [:closed_book:](../../blob/master/2015/2015.09.17.Operation_Iron_Tiger)
|
||
* Sep 15 - [[Proofpoint] In Pursuit of Optical Fibers and Troop Intel: Targeted Attack Distributes PlugX in Russia](https://www.proofpoint.com/us/threat-insight/post/PlugX-in-Russia) | [:closed_book:](../../blob/master/2015/2015.09.15.PlugX_in_Russia)
|
||
* Sep 09 - [[Kaspersky] Satellite Turla: APT Command and Control in the Sky](https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-control-in-the-sky/) | [:closed_book:](../../blob/master/2015/2015.09.09.satellite-turla-apt)
|
||
* Sep 08 - [[Palo Alto Networks] Musical Chairs: Multi-Year Campaign Involving New Variant of Gh0st Malware](http://researchcenter.paloaltonetworks.com/2015/09/musical-chairs-multi-year-campaign-involving-new-variant-of-gh0st-malware/) | [:closed_book:](../../blob/master/2015/2015.09.08.Musical_Chairs_Gh0st_Malware)
|
||
* Sep 01 - [[Trend Micro, Clearsky] The Spy Kittens Are Back: Rocket Kitten 2](http://www.trendmicro.tw/vinfo/us/security/news/cyber-attacks/rocket-kitten-continues-attacks-on-middle-east-targets) | [PDF](http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-the-spy-kittens-are-back.pdf) | [:closed_book:](../../blob/master/2015/2015.09.01.Rocket_Kitten_2)
|
||
* Aug 20 - [[Arbor] PlugX Threat Activity in Myanmar](http://pages.arbornetworks.com/rs/082-KNA-087/images/ASERT%20Threat%20Intelligence%20Brief%202015-05%20PlugX%20Threat%20Activity%20in%20Myanmar.pdf) | [:closed_book:](../../blob/master/2015/2015.08.20.PlugX_Threat_Activity_in_Myanmar)
|
||
* Aug 20 - [[Kaspersky] New activity of the Blue Termite APT](https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/) | [:closed_book:](../../blob/master/2015/2015.08.20.new-activity-of-the-blue-termite-apt)
|
||
* Aug 19 - [[Symantec] New Internet Explorer zero-day exploited in Hong Kong attacks](http://www.symantec.com/connect/blogs/new-internet-explorer-zero-day-exploited-hong-kong-attacks) | [:closed_book:](../../blob/master/2015/2015.08.19.new-internet-explorer-zero-day-exploited-hong-kong-attacks)
|
||
* Aug 10 - [[ShadowServer] The Italian Connection: An analysis of exploit supply chains and digital quartermasters](http://blog.shadowserver.org/2015/08/10/the-italian-connection-an-analysis-of-exploit-supply-chains-and-digital-quartermasters/) | [:closed_book:](../../blob/master/2015/2015.08.10.The_Italian_Connection_An_analysis_of_exploit_supply_chains_and_digital_quartermasters)
|
||
* Aug 08 - [[Cyint] Threat Analysis: Poison Ivy and Links to an Extended PlugX Campaign](http://www.cyintanalysis.com/threat-analysis-poison-ivy-and-links-to-an-extended-plugx-campaign/) | [:closed_book:](../../blob/master/2015/2015.08.08.Poison_Ivy_and_Links_to_an_Extended_PlugX_Campaign)
|
||
* Aug 05 - [[Dell] Threat Group-3390 Targets Organizations for Cyberespionage](http://www.secureworks.com/cyber-threat-intelligence/threats/threat-group-3390-targets-organizations-for-cyberespionage/) | [:closed_book:](../../blob/master/2015/2015.08.05.Threat_Group-3390)
|
||
* Aug 04 - [[RSA] Terracotta VPN: Enabler of Advanced Threat Anonymity](https://blogs.rsa.com/terracotta-vpn-enabler-of-advanced-threat-anonymity/) | [:closed_book:](../../blob/master/2015/2015.08.04.Terracotta_VPN)
|
||
* Jul 30 - [[ESET] Operation Potao Express](http://www.welivesecurity.com/2015/07/30/operation-potao-express/) | [IOC](https://github.com/eset/malware-ioc/tree/master/potao) | [:closed_book:](../../blob/master/2015/2015.07.30.Operation-Potao-Express)
|
||
* Jul 28 - [[Symantec] Black Vine: Formidable cyberespionage group targeted aerospace, healthcare since 2012](http://www.symantec.com/connect/blogs/black-vine-formidable-cyberespionage-group-targeted-aerospace-healthcare-2012) | [:closed_book:](../../blob/master/2015/2015.07.28.Black_Vine)
|
||
* Jul 27 - [[FireEye] HAMMERTOSS: Stealthy Tactics Define a Russian Cyber Threat Group](https://www.fireeye.com/blog/threat-research/2015/07/hammertoss_stealthy.html) | [:closed_book:](../../blob/master/2015/2015.07.27.HAMMERTOSS)
|
||
* Jul 22 - [[F-SECURE] Duke APT group's latest tools: cloud services and Linux support](https://www.f-secure.com/weblog/archives/00002822.html) | [:closed_book:](../../blob/master/2015/2015.07.22.Duke_APT_groups_latest_tools)
|
||
* Jul 20 - [[ThreatConnect] China Hacks the Peace Palace: All Your EEZ’s Are Belong to Us](http://www.threatconnect.com/news/china-hacks-the-peace-palace-all-your-eezs-are-belong-to-us/) | [:closed_book:](../../blob/master/2015/2015.07.20.China_Peace_Palace)
|
||
* Jul 20 - [[Palo Alto Networks] Watering Hole Attack on Aerospace Firm Exploits CVE-2015-5122 to Install IsSpace Backdoor](http://researchcenter.paloaltonetworks.com/2015/07/watering-hole-attack-on-aerospace-firm-exploits-cve-2015-5122-to-install-isspace-backdoor/) | [:closed_book:](../../blob/master/2015/2015.07.20.IsSpace_Backdoor)
|
||
* Jul 14 - [[Palo Alto Networks] Tracking MiniDionis: CozyCar’s New Ride Is Related to Seaduke](http://researchcenter.paloaltonetworks.com/2015/07/tracking-minidionis-cozycars-new-ride-is-related-to-seaduke/) | [:closed_book:](../../blob/master/2015/2015.07.14.tracking-minidionis-cozycars)
|
||
* Jul 14 - [[Trend Micro] An In-Depth Look at How Pawn Storm’s Java Zero-Day Was Used](http://blog.trendmicro.com/trendlabs-security-intelligence/an-in-depth-look-at-how-pawn-storms-java-zero-day-was-used/) | [:closed_book:](../../blob/master/2015/2015.07.14.How_Pawn_Storm_Java_Zero-Day_Was_Used)
|
||
* Jul 13 - [[Symantec] "Forkmeiamfamous": Seaduke, latest weapon in the Duke armory](http://www.symantec.com/connect/blogs/forkmeiamfamous-seaduke-latest-weapon-duke-armory) | [:closed_book:](../../blob/master/2015/2015.07.13.Forkmeiamfamous)
|
||
* Jul 13 - [[FireEye] Demonstrating Hustle, Chinese APT Groups Quickly Use Zero-Day Vulnerability CVE-2015-5119 Following Hacking Team Leak](https://www.fireeye.com/blog/threat-research/2015/07/demonstrating_hustle.html) | [:closed_book:](../../blob/master/2015/2015.07.13.Demonstrating_Hustle)
|
||
* Jul 10 - [[Palo Alto Networks] APT Group UPS Targets US Government with Hacking Team Flash Exploit](http://researchcenter.paloaltonetworks.com/2015/07/apt-group-ups-targets-us-government-with-hacking-team-flash-exploit/) | [:closed_book:](../../blob/master/2015/2015.07.10.APT_Group_UPS_Targets_US_Government)
|
||
* Jul 09 - [[Symantec] Butterfly: Corporate spies out for financial gain](http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/butterfly-corporate-spies-out-for-financial-gain.pdf) | [:closed_book:](../../blob/master/2015/2015.07.09.Butterfly)
|
||
* Jul 08 - [[Kaspersky] Wild Neutron – Economic espionage threat actor returns with new tricks](https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/) | [:closed_book:](../../blob/master/2015/2015.07.08.Wild_Neutron)
|
||
* Jul 08 - [[Volexity] APT Group Wekby Leveraging Adobe Flash Exploit (CVE-2015-5119)](http://www.volexity.com/blog/?p=158) | [:closed_book:](../../blob/master/2015/2015.07.08.APT_CVE-2015-5119)
|
||
* Jun 30 - [[ESET] Dino – the latest spying malware from an allegedly French espionage group analyzed](http://www.welivesecurity.com/2015/06/30/dino-spying-malware-analyzed) | [:closed_book:](../../blob/master/2015/2015.06.30.dino-spying-malware-analyzed)
|
||
* Jun 28 - [[Dragon Threat Labs] APT on Taiwan - insight into advances of adversary TTPs](http://blog.dragonthreatlabs.com/2015/07/dtl-06282015-01-apt-on-taiwan-insight.html) | [:closed_book:](../../blob/master/2015/2015.06.28.APT_on_Taiwan)
|
||
* Jun 26 - [[FireEye] Operation Clandestine Wolf – Adobe Flash Zero-Day in APT3 Phishing Campaign](https://www.fireeye.com/blog/threat-research/2015/06/operation-clandestine-wolf-adobe-flash-zero-day.html) | [:closed_book:](../../blob/master/2015/2015.06.26.operation-clandestine-wolf)
|
||
* Jun 24 - [[PwC] UnFIN4ished Business (FIN4)](http://pwc.blogs.com/cyber_security_updates/2015/06/unfin4ished-business.html) | [:closed_book:](../../blob/master/2015/2015.06.24.unfin4ished-business)
|
||
* Jun 22 - [[Kaspersky] Winnti targeting pharmaceutical companies](https://securelist.com/blog/research/70991/games-are-over/) | [:closed_book:](../../blob/master/2015/2015.06.22.Winnti_targeting_pharmaceutical_companies)
|
||
* Jun 16 - [[Palo Alto Networks] Operation Lotus Bloom](https://www.paloaltonetworks.com/resources/research/unit42-operation-lotus-blossom.html) | [:closed_book:](../../blob/master/2015/2015.06.16.operation-lotus-blossom)
|
||
* Jun 15 - [[Citizen Lab] Targeted Attacks against Tibetan and Hong Kong Groups Exploiting CVE-2014-4114](https://citizenlab.org/2015/06/targeted-attacks-against-tibetan-and-hong-kong-groups-exploiting-cve-2014-4114/) | [:closed_book:](../../blob/master/2015/2015.06.15.Targeted-Attacks-against-Tibetan-and-Hong-Kong-Groups)
|
||
* Jun 12 - [[Volexity] Afghan Government Compromise: Browser Beware](http://www.volexity.com/blog/?p=134) | [:closed_book:](../../blob/master/2015/2015.06.12.Afghan_Government_Compromise)
|
||
* Jun 10 - [[Kaspersky] The_Mystery_of_Duqu_2_0](https://securelist.com/files/2015/06/The_Mystery_of_Duqu_2_0_a_sophisticated_cyberespionage_actor_returns.pdf) [IOC](https://securelist.com/files/2015/06/7c6ce6b6-fee1-4b7b-b5b5-adaff0d8022f.ioc) [Yara](https://securelist.com/files/2015/06/Duqu_2_Yara_rules.pdf) | [:closed_book:](../../blob/master/2015/2015.06.10.The_Mystery_of_Duqu_2_0)
|
||
* Jun 10 - [[Crysys Lab] Duqu 2.0](http://blog.crysys.hu/2015/06/duqu-2-0/) | [:closed_book:](../../blob/master/2015/2015.06.10.Duqu_2.0)
|
||
* Jun 09 - [[Microsoft] Duqu 2.0 Win32k Exploit Analysis](https://www.virusbtn.com/pdf/conference_slides/2015/OhFlorio-VB2015.pdf) | [:closed_book:](../../blob/master/2015/2015.06.09.Duqu_2.0_Win32k_Exploit_Analysis)
|
||
* Jun 04 - [[JP Internet Watch] Blue Thermite targeting Japan (CloudyOmega)](http://internet.watch.impress.co.jp/docs/news/20150604_705541.html) | [:closed_book:](../../blob/master/2015/2015.06.09.Duqu_2.0_Win32k_Exploit_Analysis)
|
||
* Jun 03 - [[ClearSky] Thamar Reservoir](http://www.clearskysec.com/thamar-reservoir/) | [:closed_book:](../../blob/master/2015/2015.06.03.thamar-reservoir)
|
||
* May 29 - [[360] OceanLotusReport](http://blogs.360.cn/blog/oceanlotus-apt/) | [:closed_book:](../../blob/master/2015/2015.05.29.OceanLotus)
|
||
* May 28 - [[Kaspersky] Grabit and the RATs](https://securelist.com/blog/research/70087/grabit-and-the-rats/) | [:closed_book:](../../blob/master/2015/2015.05.28.grabit-and-the-rats)
|
||
* May 27 - [[Antiy Labs] Analysis On Apt-To-Be Attack That Focusing On China's Government Agency'](http://www.antiy.net/p/analysis-on-apt-to-be-attack-that-focusing-on-chinas-government-agency/) | [:closed_book:](../../blob/master/2015/2015.05.27.APT_to_be)
|
||
* May 27 - [[CyberX] BlackEnergy 3 – Exfiltration of Data in ICS Networks](http://cyberx-labs.com/wp-content/uploads/2015/05/BlackEnergy-CyberX-Report_27_May_2015_FINAL.pdf) | [:closed_book:](../../blob/master/2015/2015.05.27.BlackEnergy3)
|
||
* May 26 - [[ESET] Dissecting-Linux/Moose](http://www.welivesecurity.com/wp-content/uploads/2015/05/Dissecting-LinuxMoose.pdf) | [:closed_book:](../../blob/master/2015/2015.05.26.LinuxMoose)
|
||
* May 21 - [[Kaspersky] The Naikon APT and the MsnMM Campaigns](https://securelist.com/blog/research/70029/the-naikon-apt-and-the-msnmm-campaigns/) | [:closed_book:](../../blob/master/2015/2015.05.21.Naikon_APT)
|
||
* May 19 - [[Panda] Operation 'Oil Tanker'](http://www.pandasecurity.com/mediacenter/src/uploads/2015/05/oil-tanker-en.pdf) | [:closed_book:](../../blob/master/2015/2015.05.19.Operation_Oil_Tanker)
|
||
* May 18 - [[Palo Alto Networks] Cmstar Downloader: Lurid and Enfal’s New Cousin](http://researchcenter.paloaltonetworks.com/2015/05/cmstar-downloader-lurid-and-enfals-new-cousin/) | [:closed_book:](../../blob/master/2015/2015.05.18.Cmstar)
|
||
* May 14 - [[Trend Micro] Operation Tropic Trooper](http://blog.trendmicro.com/trendlabs-security-intelligence/operation-tropic-trooper-old-vulnerabilities-still-pack-a-punch/) | [:closed_book:](../../blob/master/2015/2015.05.14.Operation_Tropic_Trooper)
|
||
* May 14 - [[Kaspersky] The Naikon APT](https://securelist.com/analysis/publications/69953/the-naikon-apt/) | [:closed_book:](../../blob/master/2015/2015.05.14.Naikon_APT)
|
||
* May 13 - [[Cylance] SPEAR: A Threat Actor Resurfaces](http://blog.cylance.com/spear-a-threat-actor-resurfaces) | [:closed_book:](../../blob/master/2015/2015.05.13.Spear_Threat)
|
||
* May 12 - [[PR Newswire] root9B Uncovers Planned Sofacy Cyber Attack Targeting Several International and Domestic Financial Institutions](http://www.prnewswire.com/news-releases/root9b-uncovers-planned-sofacy-cyber-attack-targeting-several-international-and-domestic-financial-institutions-300081634.html) | [:closed_book:](../../blob/master/2015/2015.05.12.Sofacy_root9B)
|
||
* May 07 - [[G Data] Dissecting the Kraken](https://blog.gdatasoftware.com/blog/article/dissecting-the-kraken.html) | [:closed_book:](../../blob/master/2015/2015.05.07.Kraken)
|
||
* May 05 - [[Ahnlab] Targeted attack on France’s TV5Monde](http://global.ahnlab.com/global/upload/download/documents/1506306551185339.pdf) | [:closed_book:](../../blob/master/2015/2015.05.05.Targeted_attack_on_France_TV5Monde)
|
||
* Apr 27 - [[PWC] Attacks against Israeli & Palestinian interests](http://pwc.blogs.com/cyber_security_updates/2015/04/attacks-against-israeli-palestinian-interests.html) | [:closed_book:](../../blob/master/2015/2015.04.27.Attacks_Israeli_Palestinian)
|
||
* Apr 22 - [[F-SECURE] CozyDuke](https://www.f-secure.com/documents/996508/1030745/CozyDuke) | [:closed_book:](../../blob/master/2015/2015.04.22.CozyDuke)
|
||
* Apr 21 - [[Kaspersky] The CozyDuke APT](http://securelist.com/blog/69731/the-cozyduke-apt) | [:closed_book:](../../blob/master/2015/2015.04.21.CozyDuke_APT)
|
||
* Apr 20 - [[PWC] Sofacy II – Same Sofacy, Different Day](http://pwc.blogs.com/cyber_security_updates/2015/04/the-sofacy-plot-thickens.html) | [:closed_book:](../../blob/master/2015/2015.04.20.Sofacy_II)
|
||
* Apr 18 - [[FireEye] Operation RussianDoll: Adobe & Windows Zero-Day Exploits Likely Leveraged by Russia’s APT28 in Highly-Targeted Attack](https://www.fireeye.com/blog/threat-research/2015/04/probable_apt28_useo.html) | [:closed_book:](../../blob/master/2015/2015.04.18.Operation_RussianDoll)
|
||
* Apr 16 - [[Trend Micro] Operation Pawn Storm Ramps Up its Activities; Targets NATO, White House](http://blog.trendmicro.com/trendlabs-security-intelligence/operation-pawn-storm-ramps-up-its-activities-targets-nato-white-house) | [:closed_book:](../../blob/master/2015/2015.04.16.Operation_Pawn_Storm)
|
||
* Apr 15 - [[Kaspersky] The Chronicles of the Hellsing APT: the Empire Strikes Back](http://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsing-apt-the-empire-strikes-back/) | [:closed_book:](../../blob/master/2015/2015.04.15.Hellsing_APT)
|
||
* Apr 12 - [[FireEye] APT 30 and the Mechanics of a Long-Running Cyber Espionage Operation](https://www.fireeye.com/blog/threat-research/2015/04/apt_30_and_the_mecha.html) | [:closed_book:](../../blob/master/2015/2015.04.12.APT30)
|
||
* Mar 31 - [[CheckPoint] Volatile Cedar – Analysis of a Global Cyber Espionage Campaign](http://blog.checkpoint.com/2015/03/31/volatilecedar/) | [:closed_book:](../../blob/master/2015/2015.03.31.Volatile_Cedar)
|
||
* Mar 19 - [[Trend Micro] Rocket Kitten Showing Its Claws: Operation Woolen-GoldFish and the GHOLE campaign](http://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/operation-woolen-goldfish-when-kittens-go-phishing) | [:closed_book:](../../blob/master/2015/2015.03.19.Goldfish_Phishing)
|
||
* Mar 11 - [[Kaspersky] Inside the EquationDrug Espionage Platform](http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/) | [:closed_book:](../../blob/master/2015/2015.03.11.EquationDrug)
|
||
* Mar 10 - [[Citizen Lab] Tibetan Uprising Day Malware Attacks](https://citizenlab.org/2015/03/tibetan-uprising-day-malware-attacks/) | [:closed_book:](../../blob/master/2015/2015.03.10.Tibetan_Uprising)
|
||
* Mar 06 - [[F-SECURE] Is Babar a Bunny?](https://www.f-secure.com/weblog/archives/00002794.html) | [:closed_book:](../../blob/master/2015/2015.03.06.Babar_or_Bunny)
|
||
* Mar 06 - [[Kaspersky] Animals in the APT Farm](https://securelist.com/animals-in-the-apt-farm/69114/) | [:closed_book:](../../blob/master/2015/2015.03.06.Animals_APT_Farm)
|
||
* Mar 05 - [[ESET] Casper Malware: After Babar and Bunny, Another Espionage Cartoon](http://www.welivesecurity.com/2015/03/05/casper-malware-babar-bunny-another-espionage-cartoon) | [:closed_book:](../../blob/master/2015/2015.03.05.Casper_Malware)
|
||
* Feb 24 - [[PWC] A deeper look into Scanbox](http://pwc.blogs.com/cyber_security_updates/2015/02/a-deeper-look-into-scanbox.html) | [:closed_book:](../../blob/master/2015/2015.02.24.Deeper_Scanbox)
|
||
* Feb 27 - [[ThreatConnect] The Anthem Hack: All Roads Lead to China](http://www.threatconnect.com/news/the-anthem-hack-all-roads-lead-to-china/) | [:closed_book:](../../blob/master/2015/2015.02.27.The_Anthem_Hack_All_Roads_Lead_to_China)
|
||
* Feb 25 - [[FireEye] Southeast Asia: An Evolving Cyber Threat Landscape](https://www.fireeye.com/content/dam/FireEye-www/current-threats/pdfs/rpt-southeast-asia-threat-landscape.pdf) | [:closed_book:](../../blob/master/2015/2015.02.25.Southeast_Asia_Threat_Landscape)
|
||
* Feb 25 - [[Sophos] PlugX goes to the registry (and India)](http://blogs.sophos.com/2015/02/25/sophoslabs-research-uncovers-new-developments-in-plugx-apt-malware/) | [:closed_book:](../../blob/master/2015/2015.02.25.PlugX_to_registry)
|
||
* Feb 18 - [[G DATA] Babar: espionage software finally found and put under the microscope](https://blog.gdatasoftware.com/blog/article/babar-espionage-software-finally-found-and-put-under-the-microscope.html) | [:closed_book:](../../blob/master/2015/2015.02.18.Babar)
|
||
* Feb 18 - [[CIRCL Luxembourg] Shooting Elephants](https://drive.google.com/file/d/0B9Mrr-en8FX4dzJqLWhDblhseTA/view) | [:closed_book:](../../blob/master/2015/2015.02.18.Shooting_Elephants)
|
||
* Feb 17 - [[Kaspersky] Desert Falcons APT](https://securelist.com/blog/research/68817/the-desert-falcons-targeted-attacks/) | [:closed_book:](../../blob/master/2015/2015.02.17.Desert_Falcons_APT)
|
||
* Feb 17 - [[Kaspersky] A Fanny Equation: "I am your father, Stuxnet"](http://securelist.com/blog/research/68787/a-fanny-equation-i-am-your-father-stuxnet/) | [:closed_book:](../../blob/master/2015/2015.02.17.A_Fanny_Equation)
|
||
* Feb 16 - [[Trend Micro] Operation Arid Viper](http://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/operation-arid-viper-bypassing-the-iron-dome) | [:closed_book:](../../blob/master/2015/2015.02.16.Operation_Arid_Viper)
|
||
* Feb 16 - [[Kaspersky] The Carbanak APT](https://securelist.com/blog/research/68732/the-great-bank-robbery-the-carbanak-apt/) | [:closed_book:](../../blob/master/2015/2015.02.16.Carbanak.APT)
|
||
* Feb 16 - [[Kaspersky] Equation: The Death Star of Malware Galaxy](https://securelist.com/blog/research/68750/equation-the-death-star-of-malware-galaxy/) | [:closed_book:](../../blob/master/2015/2015.02.16.equation-the-death-star)
|
||
* Feb 10 - [[CrowdStrike] CrowdStrike Global Threat Intel Report for 2014](http://go.crowdstrike.com/rs/crowdstrike/images/GlobalThreatIntelReport.pdf) | [:closed_book:](../../blob/master/2015/2015.02.10.CrowdStrike_GlobalThreatIntelReport_2014)
|
||
* Feb 04 - [[Trend Micro] Pawn Storm Update: iOS Espionage App Found](http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-update-ios-espionage-app-found/) | [:closed_book:](../../blob/master/2015/2015.02.04.Pawn_Storm_Update_iOS_Espionage)
|
||
* Feb 02 - [[FireEye] Behind the Syrian Conflict’s Digital Frontlines](https://www.fireeye.com/content/dam/FireEye-www/global/en/current-threats/pdfs/rpt-behind-the-syria-conflict.pdf) | [:closed_book:](../../blob/master/2015/2015.02.02.behind-the-syria-conflict)
|
||
* Jan 29 - [[JPCERT] Analysis of PlugX Variant - P2P PlugX ](http://blog.jpcert.or.jp/.s/2015/01/analysis-of-a-r-ff05.html) | [:closed_book:](../../blob/master/2015/2015.01.29.P2P_PlugX)
|
||
* Jan 29 - [[Symantec] Backdoor.Winnti attackers and Trojan.Skelky](http://www.symantec.com/connect/blogs/backdoorwinnti-attackers-have-skeleton-their-closet) | [:closed_book:](../../blob/master/2015/2015.01.29.Backdoor.Winnti_attackers)
|
||
* Jan 27 - [[Kaspersky] Comparing the Regin module 50251 and the "Qwerty" keylogger](http://securelist.com/blog/research/68525/comparing-the-regin-module-50251-and-the-qwerty-keylogger/) | [:closed_book:](../../blob/master/2015/2015.01.27.QWERTY_keylog_Regin_compare)
|
||
* Jan 22 - [[Kaspersky] Regin's Hopscotch and Legspin](http://securelist.com/blog/research/68438/an-analysis-of-regins-hopscotch-and-legspin/) | [:closed_book:](../../blob/master/2015/2015.01.22.Regin_Hopscotch_and_Legspin)
|
||
* Jan 22 - [[Symantec] Scarab attackers Russian targets](http://www.symantec.com/connect/blogs/scarab-attackers-took-aim-select-russian-targets-2012) | [IOCs](http://www.symantec.com/content/en/us/enterprise/media/security_response/docs/Scarab_IOCs_January_2015.txt) | [:closed_book:](../../blob/master/2015/2015.01.22.Scarab_attackers_Russian_targets)
|
||
* Jan 22 - [[Symantec] The Waterbug attack group](http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/waterbug-attack-group.pdf) | [:closed_book:](../../blob/master/2015/2015.01.22.Waterbug.group)
|
||
* Jan 20 - [[BlueCoat] Reversing the Inception APT malware](https://www.bluecoat.com/security-blog/2015-01-20/reversing-inception-apt-malware) | [:closed_book:](../../blob/master/2015/2015.01.20.Reversing_the_Inception_APT_malware)
|
||
* Jan 20 - [[G DATA] Analysis of Project Cobra](https://blog.gdatasoftware.com/blog/article/analysis-of-project-cobra.html) | [:closed_book:](../../blob/master/2015/2015.01.20.Project_Cobra)
|
||
* Jan 15 - [[G DATA] Evolution of Agent.BTZ to ComRAT](https://blog.gdatasoftware.com/blog/article/evolution-of-sophisticated-spyware-from-agentbtz-to-comrat.html) | [:closed_book:](../../blob/master/2015/2015.01.15.Evolution_of_Agent.BTZ_to_ComRAT)
|
||
* Jan 12 - [[Dell] Skeleton Key Malware Analysis](http://www.secureworks.com/cyber-threat-intelligence/threats/skeleton-key-malware-analysis/) | [:closed_book:](../../blob/master/2015/2015.01.12.skeleton-key-malware-analysis)
|
||
* Jan 11 - [[Dragon Threat Labs] Hong Kong SWC attack](http://blog.dragonthreatlabs.com/2015/01/dtl-12012015-01-hong-kong-swc-attack.html) | [:closed_book:](../../blob/master/2015/2015.01.11.Hong_Kong_SWC_Attack)
|
||
|
||
## 2014
|
||
* Dec 22 - [[Group-IB] Anunak: APT against financial institutions](http://www.group-ib.com/files/Anunak_APT_against_financial_institutions.pdf) | [:closed_book:](../../blob/master/2014/2014.12.22.Anunak_APT)
|
||
* Dec 21 - [[ThreatConnect] Operation Poisoned Helmand](http://www.threatconnect.com/news/operation-poisoned-helmand/) | [:closed_book:](../../blob/master/2014/2014.12.21.Operation_Poisoned_Helmand)
|
||
* Dec 19 - [[US-CERT] TA14-353A: Targeted Destructive Malware (wiper)](https://www.us-cert.gov/ncas/alerts/TA14-353A) | [:closed_book:](../../blob/master/2014/2014.12.19.Targeted_Destructive_Malware)
|
||
* Dec 18 - [[Citizen Lab] Malware Attack Targeting Syrian ISIS Critics](https://citizenlab.org/2014/12/malware-attack-targeting-syrian-isis-critics/) | [:closed_book:](../../blob/master/2014/2014.12.18.Syrian_ISIS_Critics)
|
||
* Dec 17 - [[CISCO] Wiper Malware – A Detection Deep Dive](http://blogs.cisco.com/security/talos/wiper-malware) | [:closed_book:](../../blob/master/2014/2014.12.17.Wiper_Malware_Deep_Dive)
|
||
* Dec 12 - [[Fidelis] Bots, Machines, and the Matrix](http://www.fidelissecurity.com/sites/default/files/FTA_1014_Bots_Machines_and_the_Matrix.pdf) | [:closed_book:](../../blob/master/2014/2014.12.12.Bots_Machines_and_the_Matrix)
|
||
* Dec 12 - [[AirBus] Vinself now with steganography](http://blog.cybersecurity-airbusds.com/post/2014/12/Vinself) | [:closed_book:](../../blob/master/2014/2014.12.12.Vinself)
|
||
* Dec 10 - [South Korea MBR Wiper](http://asec.ahnlab.com/1015)
|
||
* Dec 10 - [W64/Regin, Stage #1](https://www.f-secure.com/documents/996508/1030745/w64_regin_stage_1.pdf)
|
||
* Dec 10 - [W32/Regin, Stage #1](https://www.f-secure.com/documents/996508/1030745/w32_regin_stage_1.pdf)
|
||
* Dec 10 - [Cloud Atlas: RedOctober APT](http://securelist.com/blog/research/68083/cloud-atlas-redoctober-apt-is-back-in-style/)
|
||
* Dec 09 - [The Inception Framework](https://www.bluecoat.com/security-blog/2014-12-09/blue-coat-exposes-%E2%80%9C-inception-framework%E2%80%9D-very-sophisticated-layered-malware)
|
||
* Dec 08 - [The 'Penquin' Turla](http://securelist.com/blog/research/67962/the-penquin-turla-2/)
|
||
* Dec 03 - [Operation Cleaver: The Notepad Files](http://blog.cylance.com/operation-cleaver-the-notepad-files) | [:closed_book:](../../blob/master//2014/2014.12.03_operation-cleaver-the-notepad-files)
|
||
* Dec 02 - [Operation Cleaver](http://cdn2.hubspot.net/hubfs/270968/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf) | [IOCs](http://www.cylance.com/assets/Cleaver/cleaver.yar) | [:closed_book:](../../blob/master//2014/2014.12.02.Operation_Cleaver)
|
||
* Nov 30 - [FIN4: Stealing Insider Information for an Advantage in Stock Trading?](https://www.fireeye.com/blog/threat-research/2014/11/fin4_stealing_insid.html)
|
||
* Nov 24 - [Deep Panda Uses Sakula Malware](http://blog.crowdstrike.com/ironman-deep-panda-uses-sakula-malware-target-organizations-multiple-sectors/) | [:closed_book:](../../blob/master//2014/2014.11.24.Ironman)
|
||
* Nov 24 - [TheIntercept's report on The Regin Platform](https://firstlook.org/theintercept/2014/11/24/secret-regin-malware-belgacom-nsa-gchq/)
|
||
* Nov 24 - [Kaspersky's report on The Regin Platform](http://securelist.com/blog/research/67741/regin-nation-state-ownage-of-gsm-networks/)
|
||
* Nov 23 - [Symantec's report on Regin](http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance)
|
||
* Nov 21 - [[FireEye] Operation Double Tap](https://www.fireeye.com/blog/threat-research/2014/11/operation_doubletap.html) | [IOCs](https://github.com/FireEye/iocs/tree/master/APT3) | [:closed_book:](../../blob/master//2014/2014.11.21.Operation_Double_Tap)
|
||
* Nov 20 - [EvilBunny: Suspect #4](http://0x1338.blogspot.co.uk/2014/11/hunting-bunnies.html)
|
||
* Nov 14 - [Roaming Tiger (Slides)](http://2014.zeronights.ru/assets/files/slides/roaming_tiger_zeronights_2014.pdf)
|
||
* Nov 14 - [OnionDuke: APT Attacks Via the Tor Network](http://www.f-secure.com/weblog/archives/00002764.html)
|
||
* Nov 13 - [Operation CloudyOmega: Ichitaro 0-day targeting Japan](http://www.symantec.com/connect/blogs/operation-cloudyomega-ichitaro-zero-day-and-ongoing-cyberespionage-campaign-targeting-japan)
|
||
* Nov 12 - [[ESET] Korplug military targeted attacks: Afghanistan & Tajikistan](http://www.welivesecurity.com/2014/11/12/korplug-military-targeted-attacks-afghanistan-tajikistan/)
|
||
* Nov 11 - [The Uroburos case- Agent.BTZ’s successor, ComRAT](http://blog.gdatasoftware.com/blog/article/the-uroburos-case-new-sophisticated-rat-identified.html)
|
||
* Nov 10 - [The Darkhotel APT - A Story of Unusual Hospitality](https://securelist.com/blog/research/66779/the-darkhotel-apt/)
|
||
* Nov 03 - [Operation Poisoned Handover: Unveiling Ties Between APT Activity in Hong Kong’s Pro-Democracy Movement](http://www.fireeye.com/blog/technical/2014/11/operation-poisoned-handover-unveiling-ties-between-apt-activity-in-hong-kongs-pro-democracy-movement.html)
|
||
* Nov 03 - [New observations on BlackEnergy2 APT activity](https://securelist.com/blog/research/67353/be2-custom-plugins-router-abuse-and-target-profiles/)
|
||
* Oct 31 - [Operation TooHash](https://blog.gdatasoftware.com/blog/article/operation-toohash-how-targeted-attacks-work.html)
|
||
* Oct 30 - [The Rotten Tomato Campaign](http://blogs.sophos.com/2014/10/30/the-rotten-tomato-campaign-new-sophoslabs-research-on-apts/)
|
||
* Oct 28 - [Group 72, Opening the ZxShell](http://blogs.cisco.com/talos/opening-zxshell/)
|
||
* Oct 28 - [APT28 - A Window Into Russia's Cyber Espionage Operations](https://www.fireeye.com/resources/pdfs/apt28.pdf)
|
||
* Oct 27 - [Micro-Targeted Malvertising via Real-time Ad Bidding](http://www.invincea.com/wp-content/uploads/2014/10/Micro-Targeted-Malvertising-WP-10-27-14-1.pdf)
|
||
* Oct 27 - [ScanBox framework – who’s affected, and who’s using it?](http://pwc.blogs.com/cyber_security_updates/2014/10/scanbox-framework-whos-affected-and-whos-using-it-1.html)
|
||
* Oct 27 - [Full Disclosure of Havex Trojans - ICS Havex backdoors](http://www.netresec.com/?page=Blog&month=2014-10&post=Full-Disclosure-of-Havex-Trojans)
|
||
* Oct 24 - [LeoUncia and OrcaRat](http://blog.airbuscybersecurity.com/post/2014/10/LeoUncia-and-OrcaRat)
|
||
* Oct 23 - [Modified Tor Binaries](http://www.leviathansecurity.com/blog/the-case-of-the-modified-binaries/)
|
||
* Oct 22 - [Sofacy Phishing by PWC](http://pwc.blogs.com/files/tactical-intelligence-bulletin---sofacy-phishing-.pdf)
|
||
* Oct 22 - [Operation Pawn Storm: The Red in SEDNIT](http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-operation-pawn-storm.pdf)
|
||
* Oct 20 - [OrcaRAT - A whale of a tale](http://pwc.blogs.com/cyber_security_updates/2014/10/orcarat-a-whale-of-a-tale.html)
|
||
* Oct 14 - [Sandworm - CVE-2104-4114](http://www.isightpartners.com/2014/10/cve-2014-4114/)
|
||
* Oct 14 - [Group 72 (Axiom)](http://blogs.cisco.com/security/talos/threat-spotlight-group-72/)
|
||
* Oct 14 - [Derusbi Preliminary Analysis](http://www.novetta.com/wp-content/uploads/2014/11/Derusbi.pdf)
|
||
* Oct 14 - [Hikit Preliminary Analysis](http://www.novetta.com/wp-content/uploads/2014/11/HiKit.pdf)
|
||
* Oct 14 - [ZoxPNG Preliminary Analysis](http://www.novetta.com/wp-content/uploads/2014/11/ZoxPNG.pdf)
|
||
* Oct 09 - [Democracy in Hong Kong Under Attack](http://www.volexity.com/blog/?p=33)
|
||
* Oct 03 - [New indicators for APT group Nitro](http://researchcenter.paloaltonetworks.com/2014/10/new-indicators-compromise-apt-group-nitro-uncovered/)
|
||
* Sep 26 - [BlackEnergy & Quedagh](https://www.f-secure.com/documents/996508/1030745/blackenergy_whitepaper.pdf)
|
||
* Sep 26 - [Aided Frame, Aided Direction (Sunshop Digital Quartermaster)](http://www.fireeye.com/blog/technical/2014/09/aided-frame-aided-direction-because-its-a-redirect.html)
|
||
* Sep 23 - [Ukraine and Poland Targeted by BlackEnergy (video)](https://www.youtube.com/watch?v=I77CGqQvPE4)
|
||
* Sep 19 - [Watering Hole Attacks using Poison Ivy by "th3bug" group](http://researchcenter.paloaltonetworks.com/2014/09/recent-watering-hole-attacks-attributed-apt-group-th3bug-using-poison-ivy/)
|
||
* Sep 18 - [COSMICDUKE: Cosmu with a twist of MiniDuke](http://www.f-secure.com/documents/996508/1030745/cosmicduke_whitepaper.pdf)
|
||
* Sep 17 - [Chinese intrusions into key defense contractors](http://www.armed-services.senate.gov/press-releases/sasc-investigation-finds-chinese-intrusions-into-key-defense-contractors)
|
||
* Sep 10 - [Operation Quantum Entanglement](http://www.fireeye.com/resources/pdfs/white-papers/FireEye-operation-quantum-entanglement.pdf)
|
||
* Sep 08 - [When Governments Hack Opponents: A Look at Actors and Technology](https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-marczak.pdf) [video](https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/marczak)
|
||
* Sep 08 - [Targeted Threat Index: Characterizingand Quantifying Politically-MotivatedTargeted Malware](https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-hardy.pdf) [video](https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/hardy)
|
||
* Sep 04 - [Gholee – a “Protective Edge” themed spear phishing campaign](http://www.clearskysec.com/gholee-a-protective-edge-themed-spear-phishing-campaign/) | [:closed_book:](../../blob/master//2014/2014.09.04.Gholee)
|
||
* Sep 04 - [Forced to Adapt: XSLCmd Backdoor Now on OS X](http://www.fireeye.com/blog/technical/malware-research/2014/09/forced-to-adapt-xslcmd-backdoor-now-on-os-x.html)
|
||
* Sep 03 - [Darwin’s Favorite APT Group (APT12)](http://www.fireeye.com/blog/technical/botnet-activities-research/2014/09/darwins-favorite-apt-group-2.html)
|
||
* Aug 29 - [Syrian Malware Team Uses BlackWorm for Attacks](http://www.fireeye.com/blog/technical/2014/08/connecting-the-dots-syrian-malware-team-uses-blackworm-for-attacks.html)
|
||
* Aug 28 - [Scanbox: A Reconnaissance Framework Used with Watering Hole Attacks](https://www.alienvault.com/open-threat-exchange/blog/scanbox-a-reconnaissance-framework-used-on-watering-hole-attacks)
|
||
* Aug 27 - [North Korea’s cyber threat landscape](http://h30499.www3.hp.com/hpeb/attachments/hpeb/off-by-on-software-security-blog/388/2/HPSR%20SecurityBriefing_Episode16_NorthKorea.pdf)
|
||
* Aug 27 - [NetTraveler APT Gets a Makeover for 10th Birthday](https://securelist.com/blog/research/66272/nettraveler-apt-gets-a-makeover-for-10th-birthday/)
|
||
* Aug 25 - [Vietnam APT Campaign](http://blog.malwaremustdie.org/2014/08/another-country-sponsored-malware.html)
|
||
* Aug 20 - [El Machete](https://securelist.com/blog/research/66108/el-machete/)
|
||
* Aug 18 - [The Syrian Malware House of Cards](https://securelist.com/blog/research/66051/the-syrian-malware-house-of-cards/) | [:closed_book:](../../blob/master//2014/2014.08.18.Syrian_Malware_House_of_Cards)
|
||
* Aug 13 - [A Look at Targeted Attacks Through the Lense of an NGO](http://www.mpi-sws.org/~stevens/pubs/sec14.pdf) | [:closed_book:](../../blob/master//2014/2014.08.13.TargetAttack.NGO)
|
||
* Aug 12 - [New York Times Attackers Evolve Quickly (Aumlib/Ixeshe/APT12)](http://www.fireeye.com/blog/technical/2013/08/survival-of-the-fittest-new-york-times-attackers-evolve-quickly.html)
|
||
* Aug 07 - [The Epic Turla Operation Appendix](https://securelist.com/files/2014/08/KL_Epic_Turla_Technical_Appendix_20140806.pdf)
|
||
* Aug 06 - [Operation Poisoned Hurricane](http://www.fireeye.com/blog/technical/targeted-attack/2014/08/operation-poisoned-hurricane.html)
|
||
* Aug 05 - [Operation Arachnophobia](http://threatc.s3-website-us-east-1.amazonaws.com/?/arachnophobia)
|
||
* Aug 04 - [Sidewinder Targeted Attack Against Android](http://www.fireeye.com/resources/pdfs/FireEye-sidewinder-targeted-attack.pdf)
|
||
* Jul 31 - [Energetic Bear/Crouching Yeti Appendix](http://25zbkz3k00wn2tp5092n6di7b5k.wpengine.netdna-cdn.com/files/2014/07/Kaspersky_Lab_crouching_yeti_appendixes_eng_final.pdf)
|
||
* Jul 31 - [Energetic Bear/Crouching Yeti](https://kasperskycontenthub.com/securelist/files/2014/07/EB-YetiJuly2014-Public.pdf)
|
||
* Jul 29 - [[Dell] Threat Group-3279 Targets the Video Game Industry](https://www.secureworks.com/research/threat-group-3279-targets-the-video-game-industry) | [:closed_book:](../../blob/master/2014/2014.07.29.Threat_Group-3279_Targets_the_Video_Game_Industry)
|
||
* Jul 20 - [Sayad (Flying Kitten) Analysis & IOCs](http://vinsula.com/2014/07/20/sayad-flying-kitten-infostealer-malware/)
|
||
* Jul 11 - [Pitty Tiger](https://bitbucket.org/cybertools/whitepapers/downloads/Pitty%20Tiger%20Final%20Report.pdf) | [:closed_book:](../../blob/master/2014/2014.07.11.Pitty_Tiger)
|
||
* Jul 10 - [TR-25 Analysis - Turla / Pfinet / Snake/ Uroburos](http://www.circl.lu/pub/tr-25/)
|
||
* Jul 07 - [Deep Pandas, Deep in Thought: Chinese Targeting of National Security Think Tanks](http://blog.crowdstrike.com/deep-thought-chinese-targeting-national-security-think-tanks/) | [:closed_book:](../../blob/master/2014/2014.07.07.Deep_in_Thought)
|
||
* Jun 10 - [Anatomy of the Attack: Zombie Zero](http://www.trapx.com/wp-content/uploads/2014/07/TrapX_ZOMBIE_Report_Final.pdf)
|
||
* Jun 30 - [Dragonfly: Cyberespionage Attacks Against Energy Suppliers](http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/Dragonfly_Threat_Against_Western_Energy_Suppliers.pdf)
|
||
* Jun 20 - [Embassy of Greece Beijing](http://thegoldenmessenger.blogspot.de/2014/06/blitzanalysis-embassy-of-greece-beijing.html)
|
||
* Jun 09 - [Putter Panda](http://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf)
|
||
* Jun 06 - [Illuminating The Etumbot APT Backdoor (APT12)](http://www.arbornetworks.com/asert/wp-content/uploads/2014/06/ASERT-Threat-Intelligence-Brief-2014-07-Illuminating-Etumbot-APT.pdf)
|
||
* May 28 - [NewsCaster_An_Iranian_Threat_Within_Social_Networks](https://www.isightpartners.com/2014/05/newscaster-iranian-threat-inside-social-media/) | [:closed_book:](../../blob/master/2014/2014.05.28.NewsCaster_An_Iranian_Threat_Within_Social_Networks)
|
||
* May 21 - [RAT in jar: A phishing campaign using Unrecom](http://www.fidelissecurity.com/sites/default/files/FTA_1013_RAT_in_a_jar.pdf)
|
||
* May 20 - [Miniduke Twitter C&C](http://www.welivesecurity.com/2014/05/20/miniduke-still-duking/)
|
||
* May 13 - [CrowdStrike's report on Flying Kitten](http://blog.crowdstrike.com/cat-scratch-fever-crowdstrike-tracks-newly-reported-iranian-actor-flying-kitten/)
|
||
* May 13 - [Operation Saffron Rose (aka Flying Kitten)](http://www.fireeye.com/resources/pdfs/FireEye-operation-saffron-rose.pdf)
|
||
* Apr 26 - [CVE-2014-1776: Operation Clandestine Fox](https://www.fireeye.com/blog/threat-research/2014/05/operation-clandestine-fox-now-attacking-windows-xp-using-recently-discovered-ie-vulnerability.html)
|
||
* Mar 12 - [[FireEye] A Detailed Examination of the Siesta Campaign](https://www.fireeye.com/blog/threat-research/2014/03/a-detailed-examination-of-the-siesta-campaign.html)| [:closed_book:](../../blob/master/2014/2014.03.12.Detailed_Siesta_Campaign)
|
||
* Mar 08 - [Russian spyware Turla](http://www.reuters.com/article/2014/03/07/us-russia-cyberespionage-insight-idUSBREA260YI20140307)
|
||
* Mar 07 - [Snake Campaign & Cyber Espionage Toolkit](http://info.baesystemsdetica.com/rs/baesystems/images/snake_whitepaper.pdf)
|
||
* Mar 06 - [[Trend Micro] The Siesta Campaign](http://blog.trendmicro.com/trendlabs-security-intelligence/the-siesta-campaign-a-new-targeted-attack-awakens/) | [:closed_book:](../../blob/master/2014/2014.03.06.The_Siesta_Campaign)
|
||
* Feb 28 - [Uroburos: Highly complex espionage software with Russian roots](https://public.gdatasoftware.com/Web/Content/INT/Blog/2014/02_2014/documents/GData_Uroburos_RedPaper_EN_v1.pdf)
|
||
* Feb 25 - [The French Connection: French Aerospace-Focused CVE-2014-0322 Attack Shares Similarities with 2012 Capstone Turbine Activity](http://blog.crowdstrike.com/french-connection-french-aerospace-focused-cve-2014-0322-attack-shares-similarities-2012/) | [:closed_book:](../../blob/master/2014/2014.02.25.The_French_Connection)
|
||
* Feb 23 - [Gathering in the Middle East, Operation STTEAM](http://www.fidelissecurity.com/sites/default/files/FTA%201012%20STTEAM%20Final.pdf)
|
||
* Feb 20 - [Mo' Shells Mo' Problems - Deep Panda Web Shells](http://www.crowdstrike.com/blog/mo-shells-mo-problems-deep-panda-web-shells/) | [:closed_book:](../../blob/master/2014/2014.02.20.deep-panda-webshells)
|
||
* Feb 20 - [[FireEye] Operation GreedyWonk: Multiple Economic and Foreign Policy Sites Compromised, Serving Up Flash Zero-Day Exploit](http://www.fireeye.com/blog/technical/targeted-attack/2014/02/operation-greedywonk-multiple-economic-and-foreign-policy-sites-compromised-serving-up-flash-zero-day-exploit.html) | [:closed_book:](../../blob/master/2014/2014.02.20.Operation_GreedyWonk)
|
||
* Feb 19 - [XtremeRAT: Nuisance or Threat?](http://www.fireeye.com/blog/technical/2014/02/xtremerat-nuisance-or-threat.html)
|
||
* Feb 19 - [The Monju Incident](http://contextis.com/resources/blog/context-threat-intelligence-monju-incident/)
|
||
* Feb 13 - [Operation SnowMan: DeputyDog Actor Compromises US Veterans of Foreign Wars Website](http://www.fireeye.com/blog/technical/cyber-exploits/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html)
|
||
* Feb 11 - [Unveiling "Careto" - The Masked APT](http://www.securelist.com/en/downloads/vlpdfs/unveilingthemask_v1.0.pdf)
|
||
* Jan 31 - [Intruder File Report- Sneakernet Trojan](http://www.fidelissecurity.com/sites/default/files/FTA%201011%20Follow%20UP.pdf)
|
||
* Jan 21 - [[RSA] Shell_Crew (Deep Panda)](http://www.emc.com/collateral/white-papers/h12756-wp-shell-crew.pdf) | [:closed_book:](../../blob/master/2014/2014.01.21.Shell_Crew)
|
||
* Jan 15 - [“New'CDTO:'A'Sneakernet'Trojan'Solution](http://www.fidelissecurity.com/sites/default/files/FTA%201001%20FINAL%201.15.14.pdf)
|
||
* Jan 14 - [The Icefog APT Hits US Targets With Java Backdoor](https://www.securelist.com/en/blog/208214213/The_Icefog_APT_Hits_US_Targets_With_Java_Backdoor)
|
||
* Jan 13 - [Targeted attacks against the Energy Sector](http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/targeted_attacks_against_the_energy_sector.pdf)
|
||
* Jan 06 - [PlugX: some uncovered points](http://blog.cassidiancybersecurity.com/2014/01/plugx-some-uncovered-points.html)
|
||
|
||
## 2013
|
||
* ??? ?? - [THE LITTLE MALWARE THAT COULD: Detecting and Defeating the China Chopper Web Shell](https://www.fireeye.com/content/dam/FireEye-www/global/en/current-threats/pdfs/rpt-china-chopper.pdf) | [:closed_book:](../../blob/master/2013/2013.China_Chopper_Web_Shell)
|
||
* ??? ?? - [Deep Panda](http://www.crowdstrike.com/sites/default/files/AdversaryIntelligenceReport_DeepPanda_0.pdf) (OFFLINE) | [:closed_book:](../../blob/master//2013/2013.Deep.Panda)
|
||
* ??? ?? - [[Fireeye] OPERATION SAFFRON ROSE](https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-operation-saffron-rose.pdf) | [:closed_book:](../../blob/master/2013/2013.OPERATION_SAFFRON_ROSE)
|
||
* Dec 20 - [ETSO APT Attacks Analysis](http://image.ahnlab.com/global/upload/download/documents/1401223631603288.pdf) | [:closed_book:](../../blob/master//2013/2013.12.20.ETSO)
|
||
* Dec 11 - [Operation "Ke3chang"](http://www.fireeye.com/resources/pdfs/FireEye-operation-ke3chang.pdf)
|
||
* Dec 02 - [njRAT, The Saga Continues](http://www.fidelissecurity.com/files/files/FTA%201010%20-%20njRAT%20The%20Saga%20Continues.pdf)
|
||
* Nov 11 - [[FireEye] Supply Chain Analysis](http://www.fireeye.com/resources/pdfs/FireEye-malware-supply-chain.pdf)
|
||
* Nov 10 - [[FireEye] Operation Ephemeral Hydra: IE Zero-Day Linked to DeputyDog Uses Diskless Method](http://www.fireeye.com/blog/technical/cyber-exploits/2013/11/operation-ephemeral-hydra-ie-zero-day-linked-to-deputydog-uses-diskless-method.html)
|
||
* Oct 24 - [[FireEye] Terminator RAT](https://www.fireeye.com/blog/threat-research/2013/10/evasive-tactics-terminator-rat.html) or [FakeM RAT](http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-fakem-rat.pdf) | [:closed_book:](../../blob/master//2013/2013.10.24)
|
||
* Sep 30 - [[FireEye] World War C: State of affairs in the APT world](https://www.fireeye.com/blog/threat-research/2013/09/new-FireEye-report-world-war-c.html)
|
||
* Sep 25 - [The 'ICEFROG' APT: A Tale of cloak and three daggers](http://www.securelist.com/en/downloads/vlpdfs/icefog.pdf)
|
||
* Sep 17 - [Hidden Lynx - Professional Hackers for Hire](http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/hidden_lynx.pdf)
|
||
* Sep 13 - [Operation DeputyDog: Zero-Day (CVE-2013-3893) Attack Against Japanese Targets](http://www.fireeye.com/blog/technical/cyber-exploits/2013/09/operation-deputydog-zero-day-cve-2013-3893-attack-against-japanese-targets.html)
|
||
* Sep 11 - [The "Kimsuky" Operation](https://securelist.com/analysis/57915/the-kimsuky-operation-a-north-korean-apt/)
|
||
* Sep 06 - [Evasive Tactics: Taidoor](https://www.fireeye.com/blog/threat-research/2013/09/evasive-tactics-taidoor-3.html) | | [:closed_book:](../../blob/master//2013/2013.09.06.EvasiveTactics_Taidoor)
|
||
* Sep ?? - [Feature: EvilGrab Campaign Targets Diplomatic Agencies](http://about-threats.trendmicro.com/cloud-content/us/ent-primers/pdf/2q-report-on-targeted-attack-campaigns.pdf)
|
||
* Aug 23 - [Operation Molerats: Middle East Cyber Attacks Using Poison Ivy](http://www.fireeye.com/blog/technical/2013/08/operation-molerats-middle-east-cyber-attacks-using-poison-ivy.html)
|
||
* Aug 21 - [POISON IVY: Assessing Damage and Extracting Intelligence](http://www.fireeye.com/resources/pdfs/FireEye-poison-ivy-report.pdf)
|
||
* Aug 19 - [ByeBye Shell and the targeting of Pakistan](https://community.rapid7.com/community/infosec/blog/2013/08/19/byebye-and-the-targeting-of-pakistan)
|
||
* Aug 02 - [Surtr: Malware Family Targeting the Tibetan Community](https://citizenlab.org/2013/08/surtr-malware-family-targeting-the-tibetan-community/)
|
||
* Aug 02 - [Where There is Smoke, There is Fire: South Asian Cyber Espionage Heats Up](http://www.threatconnect.com/news/where-there-is-smoke-there-is-fire-south-asian-cyber-espionage-heats-up/)
|
||
* Aug ?? - [APT Attacks on Indian Cyber Space](http://g0s.org/wp-content/uploads/2013/downloads/Inside_Report_by_Infosec_Consortium.pdf)
|
||
* Aug ?? - [Operation Hangover - Unveiling an Indian Cyberattack Infrastructure](http://normanshark.com/wp-content/uploads/2013/08/NS-Unveiling-an-Indian-Cyberattack-Infrastructure_FINAL_Web.pdf)
|
||
* Jul 31 - [Blackhat: In-Depth Analysis of Escalated APT Attacks (Lstudio,Elirks)](https://media.blackhat.com/us-13/US-13-Yarochkin-In-Depth-Analysis-of-Escalated-APT-Attacks-Slides.pdf), [video](https://www.youtube.com/watch?v=SoFVRsvh8s0)
|
||
* Jul 31 - [Secrets of the Comfoo Masters](http://www.secureworks.com/cyber-threat-intelligence/threats/secrets-of-the-comfoo-masters/)
|
||
* Jul 15 - [PlugX revisited: "Smoaler"](http://sophosnews.files.wordpress.com/2013/07/sophosszappanosplugxrevisitedintroducingsmoaler-rev1.pdf)
|
||
* Jul 09 - [Dark Seoul Cyber Attack: Could it be worse?](http://cisak.perpika.kr/wp-content/uploads/2013/07/2013-08.pdf)
|
||
* Jun 30 - [Targeted Campaign Steals Credentials in Gulf States and Caribbean](https://blogs.mcafee.com/mcafee-labs/targeted-campaign-steals-credentials-in-gulf-states-and-caribbean)
|
||
* Jun 28 - [njRAT Uncovered](http://threatgeek.typepad.com/files/fta-1009---njrat-uncovered-1.pdf)
|
||
* Jun 21 - [A Call to Harm: New Malware Attacks Target the Syrian Opposition](https://citizenlab.org/wp-content/uploads/2013/07/19-2013-acalltoharm.pdf)
|
||
* Jun 18 - [Trojan.APT.Seinup Hitting ASEAN](http://www.fireeye.com/blog/technical/malware-research/2013/06/trojan-apt-seinup-hitting-asean.html)
|
||
* Jun 07 - [KeyBoy, Targeted Attacks against Vietnam and India](https://community.rapid7.com/community/infosec/blog/2013/06/07/keyboy-targeted-attacks-against-vietnam-and-india)
|
||
* Jun 04 - [The NetTraveller (aka 'Travnet')](http://www.securelist.com/en/downloads/vlpdfs/kaspersky-the-net-traveler-part1-final.pdf)
|
||
* Jun 01 - [Crude Faux: An analysis of cyber conflict within the oil & gas industries](https://www.cerias.purdue.edu/assets/pdf/bibtex_archive/2013-9.pdf)
|
||
* Jun ?? - [The Chinese Malware Complexes: The Maudi Surveillance Operation](https://bluecoat.com/documents/download/2c832f0f-45d2-4145-bdb7-70fc78c22b0f&ei=ZGP-VMCbMsuxggSThYDgDg&usg=AFQjCNFjXSkn_AIiXge1X9oWZHzQOiNDJw&sig2=B6e2is0sCnGEbLPL9q0eZg&bvm=bv.87611401,d.eXY)
|
||
* May 30 - [[CIRCL] TR-14 - Analysis of a stage 3 Miniduke malware sample](http://www.circl.lu/pub/tr-14/) | [:closed_book:](../../blob/master/2013/2013.05.20.Miniduke.Analysis)
|
||
* May 20 - [[Norman] OPERATION HANGOVER: Unveiling an Indian Cyberattack Infrastructure](http://www.thecre.com/fnews/wp-content/uploads/2013/05/Unveiling_an_Indian_Cyberattack_Infrastructure.pdf) | [:closed_book:](../../blob/master/2013/2013.05.20.Operation_Hangover)
|
||
* May 16 - [[ESET] Targeted information stealing attacks in South Asia use email, signed binaries](https://www.welivesecurity.com/2013/05/16/targeted-threat-pakistan-india/) | [:closed_book:](../../blob/master/2013/2013.05.16.targeted-threat-pakistan-india)
|
||
* Apr 21 - [[Bitdefender] MiniDuke - The Final Cut](http://labs.bitdefender.com/2013/04/miniduke-the-final-cut) | [:closed_book:](../../blob/master/2013/2013.04.21.MiniDuke)
|
||
* Apr 13 - [[Kaspersky] "Winnti" More than just a game](http://www.securelist.com/en/downloads/vlpdfs/winnti-more-than-just-a-game-130410.pdf) | [:closed_book:](../../blob/master/2013/2013.04.13.Winnti)
|
||
* Apr 01 - [Trojan.APT.BaneChant](http://www.fireeye.com/blog/technical/malware-research/2013/04/trojan-apt-banechant-in-memory-trojan-that-observes-for-multiple-mouse-clicks.html)
|
||
* Mar 28 - [TR-12 - Analysis of a PlugX malware variant used for targeted attacks](http://www.circl.lu/pub/tr-12/)
|
||
* Mar 27 - [APT1: technical backstage (Terminator/Fakem RAT)](http://www.malware.lu/assets/files/articles/RAP002_APT1_Technical_backstage.1.0.pdf)
|
||
* Mar 21 - [[Fidelis] Darkseoul/Jokra Analysis And Recovery](https://old.fidelissecurity.com/sites/default/files/FTA%201008%20-%20Darkseoul-Jokra%20Analysis%20and%20Recovery.pdf) | [:closed_book:](../../blob/master/2013/2013.03.21.Darkseoul)
|
||
* Mar 20 - [[Kaspersky] The TeamSpy Crew Attacks](http://securelist.com/blog/incidents/35520/the-teamspy-crew-attacks-abusing-teamviewer-for-cyberespionage-8/) | [:closed_book:](../../blob/master/2013/2013.03.20.TeamSpy_Crew)
|
||
* Mar 20 - [[McAfee] Dissecting Operation Troy](http://www.mcafee.com/sg/resources/white-papers/wp-dissecting-operation-troy.pdf) | [:closed_book:](../../blob/master/2013/2013.03.20.Operation_Troy)
|
||
* Mar 17 - [[Trend Micro] Safe: A Targeted Threat](http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-safe-a-targeted-threat.pdf) | [:closed_book:](../../blob/master/2013/2013.03.17.Targeted_Threat)
|
||
* Mar 13 - [[Citizen lab] You Only Click Twice: FinFisher’s Global Proliferation](https://citizenlab.org/wp-content/uploads/2013/07/15-2013-youonlyclicktwice.pdf) | [:closed_book:](../../blob/master/2013/2013.03.13.FinFisher)
|
||
* Feb 27 - [[Crysis] Miniduke: Indicators v1](http://www.crysys.hu/miniduke/miniduke_indicators_public.pdf) | [:closed_book:](../../blob/master/2013/2013.02.27.MiniDuke_Indicators)
|
||
* Feb 27 - [[Kaspersky] The MiniDuke Mystery: PDF 0-day Government Spy Assembler 0x29A Micro Backdoor](https://www.securelist.com/en/downloads/vlpdfs/themysteryofthepdf0-dayassemblermicrobackdoor.pdf) | [:closed_book:](../../blob/master/2013/2013.02.27.MiniDuke_Mystery)
|
||
* Feb 26 - [[Symantec] Stuxnet 0.5: The Missing Link](http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/stuxnet_0_5_the_missing_link.pdf) | [:closed_book:](../../blob/master/2013/2013.02.26.Stuxnet_0.5)
|
||
* Feb 22 - [[Symantec] Comment Crew: Indicators of Compromise](http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/comment_crew_indicators_of_compromise.pdf) | [:closed_book:](../../blob/master/2013/2013.02.22.Comment_Crew)
|
||
* Feb 18 - [[FireEye] Mandiant APT1 Report](http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf) | [:closed_book:](../../blob/master/2013/2013.02.18.APT1)
|
||
* Feb 12 - [[AIT] Targeted cyber attacks: examples and challenges ahead](http://www.ait.ac.at/uploads/media/Presentation_Targeted-Attacks_EN.pdf) | [:closed_book:](../../blob/master/2013/2013.02.12.Targeted-Attacks)
|
||
* Jan 18 - [[McAfee] Operation Red October](https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/24000/PD24250/en_US/McAfee_Labs_Threat_Advisory_Exploit_Operation_Red_Oct.pdf) | [:closed_book:](../../blob/master/2013/2013.01.18.Operation_Red_Oct)
|
||
* Jan 14 - [[Kaspersky] The Red October Campaign](https://securelist.com/blog/incidents/57647/the-red-october-campaign) | [:closed_book:](../../blob/master/2013/2013.01.14.Red_October_Campaign)
|
||
|
||
## 2012
|
||
* Nov 03 - [[CyberPeace] Systematic cyber attacks against Israeli and Palestinian targets going on for a year](http://cyber-peace.org/wp-content/uploads/2014/01/Cyberattack_against_Israeli_and_Palestinian_targets.pdf)
|
||
* Nov 01 - [[Fidelis] RECOVERING FROM SHAMOON](http://www.fidelissecurity.com/sites/default/files/FTA%201007%20-%20Shamoon.pdf)
|
||
* Oct 31 - [[DEA] CYBER ESPIONAGE Against Georgian Government (Georbot Botnet)](http://dea.gov.ge/uploads/CERT%20DOCS/Cyber%20Espionage.pdf)
|
||
* Oct 27 - [[Symantec] Trojan.Taidoor: Targeting Think Tanks](http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/trojan_taidoor-targeting_think_tanks.pdf)
|
||
* Oct 08 - [[Matasano] Matasano notes on DarkComet, Bandook, CyberGate and Xtreme RAT](http://matasano.com/research/PEST-CONTROL.pdf)
|
||
* Sep 18 - [[Dell] The Mirage Campaign](http://www.secureworks.com/cyber-threat-intelligence/threats/the-mirage-campaign/)
|
||
* Sep 12 - [[RSA] The VOHO Campaign: An in depth analysis](http://blogsdev.rsa.com/wp-content/uploads/VOHO_WP_FINAL_READY-FOR-Publication-09242012_AC.pdf)
|
||
* Sep 07 - [[Citizen lab] IEXPLORE RAT](https://citizenlab.org/wp-content/uploads/2012/09/IEXPL0RE_RAT.pdf)
|
||
* Sep 06 - [[Symantec] The Elderwood Project](http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-elderwood-project.pdf)
|
||
* Aug 18 - [[Trend Micro] The Taidoor Campaign AN IN-DEPTH ANALYSIS ](http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_the_taidoor_campaign.pdf) | [:closed_book:](../../blob/master//2012/2012.08.18.Taidoor_Campaign)
|
||
* Aug 09 - [[Kaspersky] Gauss: Abnormal Distribution](http://kasperskycontenthub.com/wp-content/uploads/sites/43/vlpdfs/kaspersky-lab-gauss.pdf) | [:closed_book:](../../blob/master/2012/2012.08.09.Gauss)
|
||
* Jul 27 - [[Kaspersky] The Madi Campaign](https://securelist.com/analysis/36609/the-madi-infostealers-a-detailed-analysis/) | [:closed_book:](../../blob/master/2012/2012.07.27.Madi_Campaign)
|
||
* Jul 25 - [[Citizen lab] From Bahrain With Love: FinFisher’s Spy Kit Exposed?](https://citizenlab.org/2012/07/from-bahrain-with-love-finfishers-spy-kit-exposed/) | [:closed_book:](../../blob/master/2012/2012.07.25.FinFisher_Spy_Kit)
|
||
* Jul 11 - [[Wired] Wired article on DarkComet creator](http://www.wired.com/2012/07/dark-comet-syrian-spy-tool/) | [:closed_book:](../../blob/master/2012/2012.07.11.DarkComet_Creator)
|
||
* Jul 10 - [[Citizenlab] Advanced Social Engineering for the Distribution of LURK Malware](https://citizenlab.org/wp-content/uploads/2012/07/10-2012-recentobservationsintibet.pdf) | [:closed_book:](../../blob/master/2012/2012.07.10.SE_LURK_Malware)
|
||
* May 31 - [[Crysys] sKyWIper (Flame/Flamer)](http://www.crysys.hu/skywiper/skywiper.pdf) | [:closed_book:](../../blob/master/2012/2012.05.31.Flame_sKyWIper)
|
||
* May 22 - [[Trend Micro] IXESHE An APT Campaign](http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_ixeshe.pdf) | [:closed_book:](../../blob/master/2012/2012.05.22.IXESHE)
|
||
* May 18 - [[Symantec] Analysis of Flamer C&C Server](http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_flamer_newsforyou.pdf) | [:closed_book:](../../blob/master/2012/2012.05.18.Flamer_CnC)
|
||
* Apr 16 - [[Kaspersky] OSX.SabPub & Confirmed Mac APT attacks](http://securelist.com/blog/incidents/33208/new-version-of-osx-sabpub-confirmed-mac-apt-attacks-19/) | [:closed_book:](../../blob/master/2012/2012.04.16.OSX.SabPub)
|
||
* Apr 10 - [[McAfee] Anatomy of a Gh0st RAT](http://www.mcafee.com/us/resources/white-papers/foundstone/wp-know-your-digital-enemy.pdf) | [:closed_book:](../../blob/master/2012/2012.04.10.Gh0st_RAT)
|
||
* Mar 26 - [[Trend Micro] Luckycat Redux](http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_luckycat_redux.pdf) | [:closed_book:](../../blob/master/2012/2012.03.26.Luckycat_Redux)
|
||
* Mar 13 - [[Arbor] Reversing DarkComet RAT's crypto](http://www.arbornetworks.com/asert/wp-content/uploads/2012/07/Crypto-DarkComet-Report.pdf) | [:closed_book:](../../blob/master/2012/2012.03.13.DarkComet_RAT)
|
||
* Mar 12 - [[contextis] Crouching Tiger, Hidden Dragon, Stolen Data](http://www.contextis.com/services/research/white-papers/crouching-tiger-hidden-dragon-stolen-data/) | [:closed_book:](../../blob/master/2012/2012.03.12.Crouching_Tiger)
|
||
* Feb 29 - [[Dell] The Sin Digoo Affair](http://www.secureworks.com/cyber-threat-intelligence/threats/sindigoo/) | [:closed_book:](../../blob/master/2012/2012.02.29.Sin_Digoo_Affair)
|
||
* Feb 03 - [[CommandFive] Command and Control in the Fifth Domain](http://www.commandfive.com/papers/C5_APT_C2InTheFifthDomain.pdf) | [:closed_book:](../../blob/master/2012/2012.02.03.Fifth_Domain_CnC)
|
||
* Jan 03 - [[Trend Micro] The HeartBeat APT](http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_the-heartbeat-apt-campaign.pdf) | [:closed_book:](../../blob/master/2012/2012.01.03.HeartBeat_APT)
|
||
|
||
## 2011
|
||
* Dec 08 - [[Norman] Palebot trojan harvests Palestinian online credentials](https://web.archive.org/web/20130308090454/http://blogs.norman.com/2011/malware-detection-team/palebot-trojan-harvests-palestinian-online-credentials) | [:closed_book:](../../blob/master/2011/2011.12.08.Palebot_Trojan)
|
||
* Oct 31 - [[Symantec] The Nitro Attacks: Stealing Secrets from the Chemical Industry](http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the_nitro_attacks.pdf) | [:closed_book:](../../blob/master/2011/2011.10.31.Nitro)
|
||
* Oct 26 - [[Dell] Duqu Trojan Questions and Answers](http://www.secureworks.com/cyber-threat-intelligence/threats/duqu/) | [:closed_book:](../../blob/master/2011/2011.10.26.Duqu)
|
||
* Oct 12 - [[Zscaler] Alleged APT Intrusion Set: "1.php" Group](http://www.zscaler.com/pdf/technicalbriefs/tb_advanced_persistent_threats.pdf) | [:closed_book:](../../blob/master/2011/2011.10.12.1.php.group)
|
||
* Sep 22 - [[Trend Micro] The "LURID" Downloader](http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_dissecting-lurid-apt.pdf) | [:closed_book:](../../blob/master/2011/2011.09.22.LURID_Downloader)
|
||
* Sep 11 - [[CommandFive] SK Hack by an Advanced Persistent Threat](http://www.commandfive.com/papers/C5_APT_SKHack.pdf) | [:closed_book:](../../blob/master/2011/2011.09.11.SK_Hack)
|
||
* Sep 09 - [[Fidelis] The RSA Hack](http://www.fidelissecurity.com/sites/default/files/FTA1001-The_RSA_Hack.pdf) | [:closed_book:](../../blob/master/2011/2011.09.09.RSA_Hack)
|
||
* Aug 04 - [[McAfee] Operation Shady RAT](http://www.mcafee.com/us/resources/white-papers/wp-operation-shady-rat.pdf) | [:closed_book:](../../blob/master/2011/2011.08.04.Operation_Shady_RAT)
|
||
* Aug 03 - [[Dell] HTran and the Advanced Persistent Threat](http://www.secureworks.com/cyber-threat-intelligence/threats/htran/) | [:closed_book:](../../blob/master/2011/2011.08.03.HTran)
|
||
* Aug 02 - [[vanityfair] Operation Shady rat : Vanity](http://www.vanityfair.com/culture/features/2011/09/operation-shady-rat-201109) | [:closed_book:](../../blob/master/2011/2011.08.02.Operation_Shady_RAT_Vanity)
|
||
* Jun ?? - [[CommandFive] Advanced Persistent Threats:A Decade in Review]() | [:closed_book:](../../blob/master/2011/2011.06.APT)
|
||
* Apr 20 - [[ESET] Stuxnet Under the Microscope](http://www.eset.com/us/resources/white-papers/Stuxnet_Under_the_Microscope.pdf) | [:closed_book:](../../blob/master/2011/2011.04.20.Stuxnet)
|
||
* Feb 18 - [[NERC] Night Dragon Specific Protection Measures for Consideration](http://www.nerc.com/pa/rrm/bpsa/Alerts%20DL/2011%20Alerts/A-2011-02-18-01%20Night%20Dragon%20Attachment%201.pdf) | [:closed_book:](../../blob/master/2011/2011.02.18.Night_Dragon.Specific)
|
||
* Feb 10 - [[McAfee] Global Energy Cyberattacks: Night Dragon](http://www.mcafee.com/us/resources/white-papers/wp-global-energy-cyberattacks-night-dragon.pdf) | [:closed_book:](../../blob/master/2011/2011.02.10.Night_Dragon)
|
||
|
||
## 2010
|
||
* Dec 09 - [[CRS] The Stuxnet Computer Worm: Harbinger of an Emerging Warfare Capability ](http://www.fas.org/sgp/crs/natsec/R41524.pdf) | [:closed_book:](../../blob/master/2010/2010.12.09.Stuxnet_Worm)
|
||
* Sep 30 - [[Symantec] W32.Stuxnet Dossier](http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf) | [:closed_book:](../../blob/master/2010/2010.09.30.W32.Stuxnet_Dossier)
|
||
* Sep 03 - [[Seculert] The "MSUpdater" Trojan And Ongoing Targeted Attacks](http://www.seculert.com/reports/MSUpdaterTrojanWhitepaper.pdf) | [:closed_book:](../../blob/master/2010/2010.09.03.MSUpdater.Trojan)
|
||
* Apr 06 - [[Shadowserver] Shadows in the cloud: Investigating Cyber Espionage 2.0](http://www.nartv.org/mirror/shadows-in-the-cloud.pdf) | [:closed_book:](../../blob/master/2010/2010.04.06.Shadows_in_the_cloud)
|
||
* Mar 14 - [[CA] In-depth Analysis of Hydraq](http://www.totaldefense.com/Core/DownloadDoc.aspx?documentID=1052) | [:closed_book:](../../blob/master/2010/2010.03.14.Hydraq)
|
||
* Feb 10 - [[HB Gary] Threat Report: Operation Aurora](http://hbgary.com/sites/default/files/publications/WhitePaper%20HBGary%20Threat%20Report,%20Operation%20Aurora.pdf) | [:closed_book:](../../blob/master/2010/2010.02.10.Threat_Report_Operation_Aurora)
|
||
* Jan ?? - [[Triumfant] Case Study: Operation Aurora](http://www.triumfant.com/pdfs/Case_Study_Operation_Aurora_V11.pdf) | [:closed_book:](../../blob/master/2010/2010.01.Case_Study_Operation_Aurora)
|
||
* Jan 27 - [[Alberts] Operation Aurora Detect, Diagnose, Respond](http://albertsblog.stickypatch.org/files/3/5/1/4/7/282874-274153/Aurora_HBGARY_DRAFT.pdf) | [:closed_book:](../../blob/master/2010/2010.01.27.Operation_Aurora_Detect_Diagnose_Respond)
|
||
* Jan 26 - [[McAfee] How Can I Tell if I Was Infected By Aurora? (IOCs)]() | [:closed_book:](../../blob/master/2010/2010.01.26.Operation_Aurora_IoC)
|
||
* Jan 20 - [[McAfee] Combating Aurora](https://kc.mcafee.com/resources/sites/MCAFEE/content/live/CORP_KNOWLEDGEBASE/67000/KB67957/en_US/Combating%20Threats%20-%20Operation%20Aurora.pdf)| [:closed_book:](../../blob/master/2010/2010.01.20.Combating_Aurora)
|
||
* Jan 13 - [[Damballa] The Command Structure of the Aurora Botnet](https://www.damballa.com/downloads/r_pubs/Aurora_Botnet_Command_Structure.pdf) | [:closed_book:](../../blob/master/2010/2010.01.13.Aurora_Botnet)
|
||
* Jan 12 - [[Google] Operation Aurora](http://en.wikipedia.org/wiki/Operation_Aurora) | [:closed_book:](../../blob/master/2010/2010.01.12.Operation_Aurora)
|
||
|
||
## 2009
|
||
* Mar 29 - [[TheSecDevGroup] Tracking GhostNet](http://www.nartv.org/mirror/ghostnet.pdf) | [:closed_book:](../../blob/master/2009/2009.03.29.GhostNet)
|
||
* Jan 18 - [[Baltic] Impact of Alleged Russian Cyber Attacks](https://www.baltdefcol.org/files/files/documents/Research/BSDR2009/1_%20Ashmore%20-%20Impact%20of%20Alleged%20Russian%20Cyber%20Attacks%20.pdf) | [:closed_book:](../../blob/master/2009/2009.01.18.Russian_Cyber_Attacks)
|
||
|
||
## 2008
|
||
* Nov 19 - [[Wired] Agent.BTZ](http://www.wired.com/dangerroom/2008/11/army-bans-usb-d/) | [:closed_book:](../../blob/master/2008/2008.11.19.UNDER_WORM_ASSAULT)
|
||
* Nov 04 - [[DTIC] China's Electronic Long-Range Reconnaissance](http://www.dtic.mil/dtic/tr/fulltext/u2/a492659.pdf) | [:closed_book:](../../blob/master/2008/2008.11.04.China_Electornic_Long_Range_Reconnaissance)
|
||
* Oct 02 - [[Culture Mandala] How China will use cyber warfare to leapfrog in military competitiveness](http://www.international-relations.com/CM8-1/Cyberwar.pdf) | [:closed_book:](../../blob/master/2008/2008.10.02.China_Cyber_Warfare)
|
||
* Aug 10 - [[Georgia] Russian Invasion of Georgia Russian Cyberwar on Georgia](http://georgiaupdate.gov.ge/doc/10006922/CYBERWAR-%20fd_2_.pdf) | [:closed_book:](../../blob/master/2008/2008.08.10.Russian_Cyberwar_on_Georgia)
|
||
|
||
## 2006
|
||
* [[Krebs on Security] "Wicked Rose" and the NCPH Hacking Group](http://krebsonsecurity.com/wp-content/uploads/2012/11/WickedRose_andNCPH.pdf) | [:closed_book:](../../blob/master/2006/2006.Wicked_Rose)
|
||
|
||
## Report
|
||
:small_orange_diamond: Aug 01 2019 - [[Kaspersky] APT trends report Q2 2019](https://securelist.com/apt-trends-report-q2-2019/91897/) | [:closed_book:](../../blob/master/Report/2019.08.01.APT_Report_Q2_2019) <br>
|
||
:small_orange_diamond: Apr 30 2019 - [[Kaspersky] APT trends report Q1 2019](https://securelist.com/apt-trends-report-q1-2019/90643/) | [:closed_book:](../../blob/master/Report/2019.04.30.APT_Report_Q1_2019) <br>
|
||
:small_orange_diamond: Mar 04 2019 - [[FireEye] M-Trends 2019](https://content.fireeye.com/m-trends/rpt-m-trends-2019) | [:closed_book:](../../blob/master/Report/2019.03.04.M-Trends_2019) <br>
|
||
:small_orange_diamond: Feb 02 2019 - [[threatinte] Threat Intel Reads – January 2019](https://threatintel.eu/2019/02/02/threat-intel-reads-january-2019/) | [:closed_book:](../../blob/master/Report/2019.02.02.Threat_Intel_Reads_January_2019) <br>
|
||
:small_orange_diamond: Feb 2019 - [[SWISSCOM] Targeted Attacks: Cyber Security Report 2019](https://www.swisscom.ch/content/dam/swisscom/en/about/company/portrait/network/security/documents/security-report-2019.pdf) | [:closed_book:](../../blob/master/Report/2019.02.Targeted_Attacks) <br>
|
||
:small_orange_diamond: Jan 30 2019 - [[Dragos] Webinar Summary: Uncovering ICS Threat Activity Groups](https://dragos.com/blog/industry-news/webinar-summary-uncovering-ics-threat-activity-groups/) | [:closed_book:](../../blob/master/Report/2019.01.30.Uncovering_ICS_Threat_Activity_Groups) <br>
|
||
:small_orange_diamond: Jan 28 2019 - [[ENISA] ENISA Threat Landscape Report 2018](https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-2018) | [:closed_book:](../../blob/master/Report/2019.01.28.ENISA_Threat_Landscape_Report_2018) <br>
|
||
:small_orange_diamond: Jan 15 2019 - [[Hackmageddon] 2018: A Year of Cyber Attacks](https://www.hackmageddon.com/2019/01/15/2018-a-year-of-cyber-attacks/) | [:closed_book:](../../blob/master/Report/2019.01.15.2018-a-year-of-cyber-attacks) <br>
|
||
:small_orange_diamond: Jan 09 2019 - [[360] [CN] 2018 APT Summary Report](https://www.freebuf.com/articles/paper/193553.html) | [:closed_book:](../../blob/master/Report/2019.01.09.360_APT_Summary_report_2018_CN_Version) <br>
|
||
:small_orange_diamond: Jan 07 2019 - [[Medium] APT_chronicles_december_2018_edition](https://medium.com/@z3roTrust/the-apt-chronicles-december-2018-edition-e3e5125ffcd2) | [:closed_book:](../../blob/master/Report/2019.01.07.APT_chronicles_december_2018_edition) <br>
|
||
:small_orange_diamond: Jan 03 2019 - [[Tencent] [CN] 2018 APT Summary Report](https://www.freebuf.com/articles/network/193420.html) | [:closed_book:](../../blob/master/Report/2019.01.03.Tencent_APT_Summary_report_2018_CN_Version) <br>
|
||
|
||
|
||
|