Snippets
# creates a README.md with generated/clickable links from APTnotes.csv
# for https://github.com/aptnotes/data by alexander hanel
import csv
with open("README.md", "rb") as readme:
text = readme.read()
output = "##Links\n"
year = None
with open("APTnotes.csv", "rb") as csv_file:
reader = csv.DictReader(csv_file, delimiter=',')
for row in reader:
if year is None or year != row['Year']:
year = row['Year']
output += "\n###%s\n\n" % (year)
temp_line = " - [%s](%s) - Source: %s\n" % (row["Title"], row["Link"], row["Source"])
output += temp_line
search_text = "#How can I help?"
offset = text.find(search_text)
temp_text = text[:offset] + "\n" + output + "\n" + text[offset:]
with open("README.md", "wb") as out:
out.write(temp_text)
Scroll down to Links to see all the generate links.
#What is it? APTnotes is a repository of publicly-available papers and blogs (sorted by year) related to malicious campaigns/activity/software that have been associated with vendor-defined APT (Advanced Persistent Threat) groups and/or tool-sets.
#Who birthed this brain child? This repo was created by Kiran Bandla
David Westcott does things on occasion...
#Where's that data? In the original repo, we maintained an ongoing README with links to all of the reports in some form (we tried) order. We also stored all of the reports in year named folders within the repo itself (we ran out of room).
To solve the storage problem, we have moved everything over to Box (thanks Box, kisses). In order to maintain chronological order (and our sanity) we have migrated to CSV and JSON summary file(s).
#How can I download all the reports from Box? Our current interim fix for this (shout out to @Taskr) can be found within this issue: https://github.com/aptnotes/data/issues/50
##APTnotes.csv APTnotes.csv This a CSV summary file used to keep track of all the goodness
###Format
Filename | Title | Source | Link | SHA-1 | Date | Year |
---|---|---|---|---|---|---|
Name of the file | Title of the report | Vendor | Box Link to the report | SHA-1 of report | Date of report release | Year of release |
##APTnotes.json APTnotes.json -- This is a converted version of the CSV format
###Format Example
[{"sha1": "3e6399a4b608bbd99dd81bd2be4cd49731362b5e", "Title": "How China Will Use Cyber Warfare", "Filename": "Fritz_HOW-CHINA-WILL-USE-CYBER-WARFARE(Oct-01-08)", "Source": "Jason Fritz", "Link": "https://app.box.com/s/696xnzy1an3jbm3b212y5n8xieirbemd", "Year": "2008", "Date": "10/1/08"},
##Links
###2008
- How China Will Use Cyber Warfare - Source: Jason Fritz
- Russian Cyberwar On Georgia - Source: Georgia Gov
###2009
- Impact Of Alleged Russian Cyber Attack - Source: William C. Ashmore
- Tracking Ghostnet: Investigating A Cyber Espionage Network - Source: Information Warfare Monitor
###2010
- Case Study: Operation Aurora - Source: Triumfant
- The Command Structure Of The Aurora Botnet - Source: Damballa
- Combating Aurora - Source: McAfee
- Operation Aurora: Detect, Diagnose, Respond - Source: HBGary
- Operation Aurora - Source: HBGary
- How Can I Tell If I Was Infected By Aurora? - Source: McAfee
- In-Depth Analysis Of Hydraq: The Face Of Cyberwar Enemies Unfolds - Source: CA
- Shadows In The Cloud: Investigating Cyber Espionage 2.0 - Source: Shadowserver, Information warfare monitor
- The Msupdater Trojan And Ongoing Targeted Attacks - Source: Seculert, Zscaler
###2011
- W32.Stuxnet Dossier - Source: Symantec
- Global Energy Cyberattacks: Night Dragon - Source: McAfee
- Night Dragon: Specific Protection Measures For Consideration - Source: NERC
- Stuxnet Under The Microscope - Source: ESET
- Advanced Persistent Threats: A Decade In Review - Source: Command Five Pty Ltd
- Operation Shady Rat: Unprecedented Cyber-Espionage Campaign And Intellectual-Property Bonanza - Source: Vanity Fair
- Htran And The Advanced Persistent Threat - Source: Dell Secureworks
- Revealed: Operation Shady Rat - Source: McAfee
- The Lurid Downloader - Source: Trend Micro
- Sk Hack By An Advanced Persistent Threat - Source: Command Five Pty Ltd
- Alleged Apt Intrusion Set: 1.Php Group - Source: Zscaler, ThreatLabz
- Duqu Trojan Questions And Answers - Source: Dell Secureworks
- The Nitro Attacks: Stealing Secrets From The Chemical Industry - Source: Symantec
- Palebot Trojan Harvests Palestinian Online Credentials - Source: Norman
- Stuxnet/Duqu: The Evolution Of Drivers - Source: Kaspersky
###2012
- The Heartbeat Apt Campaign - Source: Trend Micro
- The Sin Digoo Affair - Source: Dell Secureworks
- Crouching Tiger, Hidden Dragon, Stolen Data - Source: Contextis
- It'S Not The End Of The World: Darkcomet Misses By A Mile - Source: Arbor Networks
- Luckycat Redux: Inside An Apt Campaign With Multiple Targets In India And Japan - Source: Trend Micro
- The Luckycat Hackers - Source: Symantec
- New Version Of Osx.Sabpub & Confirmed Mac Apt Attacks - Source: Kaspersky
- Have I Got Newsforyou: Analysis Of Flamer C&C Server - Source: Symantec
- Ixeshe An Apt Campaign - Source: Trend Micro
- Skywiper (A.K.A. Flame A.K.A. Flamer): A Complex Malware For Targeted Attacks - Source: CrySyS, BME
- Pest Control: Taming The Rats - Source: Matasano
- Recent Observations In Tibet-Related Information Operations: Advanced Social Engineering For The Distribution Of Lurk Malware - Source: Citizen Lab
- From Bahrain With Love: Finfisher Spy Kit Exposed? - Source: Citizen Lab
- The 'Madi' Infostealers - A Detailed Analysis - Source: Kaspersky
- Gauss: Abnormal Distribution - Source: Kaspersky
- The Voho Campaign: An In Depth Analysis - Source: RSA
- The Mirage Campaign - Source: Dell Secureworks
- The Elderwood Project - Source: Symantec
- Iexpl0Re Rat - Source: Citizen Lab
- Trojan.Taidoor: Targeting Think Tanks - Source: Symantec
- "Wicked Rose" And The Ncph Hacking Group - Source: iDefense
- Recovering From Shamoon - Source: Fidelis
- Systematic Cyber Attacks Against Israeli And Palestinian Targets Going On For A Year - Source: Norman
- The Many Faces Of Gh0St Rat: Plotting The Connections Between Malware Attacks - Source: Norman
###2013
- The "Red October" Campaign - An Advanced Cyber Espionage Network Targeting Diplomatic And Government Agencies - Source: Kaspersky
- "Red October" Diplomatic Cyber Attacks Investigation - Source: Kaspersky
- The Icefog Apt: A Tale Of Cloak And Three Daggers - Source: Kaspersky
- Operation Red October - Source: McAfee
- Operation Beebus - Source: FireEye
- Command And Control In The Fifth Domain - Source: Command Five Pty Ltd
- Targeted Cyber Attacks: Examples And Challenges Ahead - Source: CrySyS
- Apt1 Exposing One Of China's Cyber Espionage Units - Source: Mandiant
- Comment Crew: Indicators Of Compromise - Source: Symantec
- Stuxnet 0.5: The Missing Link - Source: Symantec
- The Miniduke Mystery: Pdf 0-Day Government Spy Assembler 0X29A Micro Backdoor - Source: Kaspersky
- Miniduke: Indicators - Source: CrySyS, BME
- You Only Click Twice: Finfisher's Global Proliferation - Source: Citizen Lab
- Safe A Targeted Threat - Source: Trend Micro
- The Teamspy Story - Abusing Teamviewer In Cyberespionage Campaigns - Source: Kaspersky
- Dissecting Operation Troy: Cyberespionage In South Korea - Source: McAfee
- Apt1: Technical Backstage - Source: Malware.lu, itrust
- Analysis Of A Plugx Variant (Plugx Version 7.0) - Source: CIRCL
- Trojan.Apt.Banechant: In-Memory Trojan That Observes For Multiple Mouse Clicks - Source: FireEye
- A Closer Look At Miniduke - Source: Bitdefender
- Winnti: More Than Just A Game - Source: Kaspersky
- The Mutter Backdoor: Operation Beebus with New Targets - Source: Fireeye
###2014
- Deep Panda - Source: Crowdstrike
###2013
- Operation Hangover - Unveiling An Indian Cyberattack Infrastructure - Source: Norman, Shadowserver
- Operation Hangover |Executive Summary - Source: Norman
- Analysis Of A Stage 3 Miniduke Sample - Source: CIRCL
- The Chinese Malware Complexes: The Maudi Surveillance Operation - Source: Norman
- Crude Faux: An Analysis Of Cyber Conflict Within The Oil & Gas Industries - Source: CERIAS
- The Nettraveler (Aka Travnet) - Source: Kaspersky
- Keyboy, Targeted Attacks Against Vietnam And India - Source: Rapid7
- Trojan.Apt.Seinup Hitting Asean - Source: FireEye
- A Call To Harm: New Malware Attacks Target The Syrian Opposition - Source: Citizen Lab
- Njrat Uncovered - Source: Fidelis
- Hunting The Shadows: In Depth Analysis Of Escalated Apt Attacks - Source: Xecure, Academia Sinica
- Dark Seoul Cyber Attack: Could It Be Worse? - Source: Dongseo University
- The Plugx Malware Revisited: Introducing Smoaler - Source: Sophos
- Secrets Of The Comfoo Masters - Source: Dell Secureworks
- Operation Hangover - Unveiling An Indian Cyberattack Infrastructure (Appendix) - Source: Norman
- Inside Report _ Apt Attacks On Indian Cyber Space - Source: Infosec Consortium
- Surtr: Malware Family Targeting The Tibetan Community - Source: Citizen Lab
- Where There Is Smoke, There Is Fire: South Asian Cyber Espionage Heats Up - Source: ThreatConnect
- The Little Malware That Could: Detecting And Defeating The China Chopper Web Shell - Source: FireEye
- Survival Of The Fittest: New York Times Attackers Evolve Quickly - Source: FireEye
- Byebye Shell And The Targeting Of Pakistan - Source: Rapid7
- Poison Ivy: Assessing Damage And Extracting Intelligence - Source: FireEye
- Operation Molerats - Source: FireEye
- Operation Ephemeral Hydra: Ie Zero-Day Linked To Deputydog Uses Diskless Method - Source: FireEye
- The "Kimsuky" Operation: A North Korean Apt? - Source: Kaspersky
- Operation Deputydog: Zero-Day (Cve-2013-3893) Attack Against Japanese Targets - Source: FireEye
- Hidden Lynx: Professional Hackers For Hire - Source: Symantec
- 2Q Report On Targeted Attack Campaigns - Source: Trend Micro
- World War C: Understanding Nation-State Motives Behind Today's Advanced Cyber Attacks - Source: FireEye
- Fakem Rat: Malware Disguised As Windows Messenger And Yahoo! Messenger - Source: Trend Micro
- Evasive Tactics: Terminator Rat - Source: FireEye
- Supply Chain Analysis: From Quartermaster To Sunshopfireeye - Source: FireEye
- "Njrat", The Saga Continues - Source: Fidelis
- Operation Ke3Chang Targeted Attacks Against Ministries Of Foreign Affairs - Source: FireEye
- Etso Apt Attacks Analysis - Source: AhnLab
- Energy At Risk: A Study Of It Security In The Energy And Natural Resources Industry - Source: KPMG
###2014
- Targeted Attacks Against The Energy Sector - Source: Symantec
- New Cdto: A Sneakernet Trojan Solution - Source: Fidelis
- Emerging Threat Profile Shell_Crew - Source: RSA
- Intruder File Report- Sneakernet Trojan - Source: Fidelis
- Unveiling Careto - The Masked Apt - Source: Kaspersky
- Operation Snowman: Deputydog Actor Compromises Us Veterans Of Foreign Wars Website - Source: FireEye
- Xtremerat: Nuisance Or Threat? - Source: FireEye
- The Monju Incident - Source: Context
- Operation Greedywonk: Multiple Economic And Foreign Policy Sites Compromised, Serving Up Flash Zero-Day Exploit - Source: FireEye
- Mo' Shells Mo' Problems - Deep Panda Web Shells - Source: Crowdstrike
- Gathering In The Middle East, Operation Stteam - Source: Fidelis
- The French Connection: French Aerospace-Focused CVE-2014-0322 Attack Shares Similarities with 2012 Capstone Turbine Activity - Source: Crowdstrike
- Uroburos Highly Complex Espionage Software With Russian Roots - Source: Gdata
- The Siesta Campaign: A New Cybercrime Operation Awakens - Source: Trend Micro
- Snake Campaign & Cyber Espionage Toolkit - Source: BAE Systems
- Suspected Russian Spyware Turla Targets Europe, United States - Source: Reuters
- New Zero-Day Exploit Targeting Internet Explorer Versions 9 Through 11 Identified In Targeted Attacks - Source: FireEye
- Operation Saffron Rose - Source: FireEye
- Cat Scratch Fever: Crowdstrike Tracks Newly Reported Iranian Actor As Flying Kitten - Source: Crowdstrike
- Miniduke Still Duking It Out - Source: ESET
- Rat In A Jar: A Phishing Campaign Using Unrecom - Source: Fidelis
- Illuminating The Etumbot Apt Backdoor - Source: Arbor Networks
- Putter Panda - Source: Crowdstrike
- Anatomy Of The Attack: Zombie Zero - Source: Trapx
- #9 Blitzanalysis: Embassy Of Greece Beijing - Compromise - Source: R136a1
- Dragonfly: Cyberespionage Attacks Against Energy Suppliers - Source: Symantec
- Tr-25 Analysis - Turla / PNet / Snake/ Uroburos - Source: CIRCL
- The Eye Of The Tiger (Pitty Tiger) - Source: Airbus
- Sayad (Flying Kitten) Infostealer: Is This The Work Of The Iranian Ajax Security Team? - Source: Vinsula
- Crouching Yeti: Appendixes - Source: Kaspersky
- Energetic Bear _ Crouching Yeti - Source: Kaspersky
- Syrian Malware, The Ever-Evolving Threat - Source: Kaspersky
- Gholee Protective Edge Themed Spear Phishing Campaign - Source: Clearsky
- Sidewinder Targeted Attack Against Android In The Golden Age Of Ad Libraries - Source: FireEye
- Operation Arachnophobia Caught In The Spider's Web - Source: ThreatConnect
- Operation Poisoned Hurricane - Source: FireEye
- The Epic Turla Operation: Solving Some Of The Mysteries Of Snake/Uroboros - Source: Kaspersky
- El Machete - Source: Kaspersky
- Nettraveler Apt Gets A Makeover For 10Th Birthday - Source: Kaspersky
- Profiling An Enigma: The Mystery Of North Korea's Cyber Threat Landscape - Source: HP
- Scanbox: A Reconnaissance Framework Used With Watering Hole Attacks - Source: Alienvault
- Connecting The Dots: Syrian Malware Team Uses Blackworm For Attacks - Source: FireEye
- Darwin's Favorite Apt Group - Source: FireEye
- Forced To Adapt: Xslcmd Backdoor Now On Os X - Source: FireEye
- Analysis Of Chinese Mitm On Google - Source: Netresec
- When Governments Hack Opponents: A Look At Actors And Technology - Source: Usenix Conference
- Targeted Threat Index: Characterizing And Quantifying Politically-Motivated Targeted Malware - Source: Usenix Conference
- Operation Quantum Entanglement - Source: FireEye
- Cosmicduke Cosmu With A Twist Of Miniduke - Source: F-Secure
- Recent Watering Hole Attacks Attributed To Apt Group Th3Bug Using Poison Ivy - Source: Palo Alto
- Blackenergy & Quedagh: The Convergence Of Crimeware And Apt Attacks - Source: F-Secure
- Aided Frame, Aided Direction (Because It's A Redirect) - Source: FireEye
- New Indicators Of Compromise For Apt Group Nitro Uncovered - Source: Palo Alto
- Democracy In Hong Kong Under Attack - Source: Volexity
- Zoxpng Analysis - Source: Novetta
- Russian Cyber Espionage Campaign - Sandworm Team - Source: iSight Partners
- Hikit Analysis - Source: Novetta
- Threat Spotlight: Group 72 - Source: Cisco
- Orcarat - A Whale Of A Tale - Source: PWC
- Tactical Intelligence Bulletin Sofacy Phishing - Source: PWC
- Operation Pawn Storm Using Decoys To Evade Detection - Source: Trend Micro
- Modified Binaries Tor - Source: Joshua Pitts
- Leouncia And Orcarat - Source: Airbus
- Scanbox Framework: Who's Affected, And Who's Using It? - Source: PWC
- Micro-Targeted Malvertising Via Real-Time Ad Bidding - Source: Invincea
- Full Disclosure Of Havex Trojans - Source: Netresec
- Threat Spotlight: Group 72, Opening The Zxshell - Source: Cisco
- Apt28: A Window Into Russia's Cyber Espionage Operations - Source: FireEye
- The Rotten Tomato Campaign - Source: Sophos
- Operation Toohash How Targeted Attacks Work - Source: Gdata
- Operation Poisoned Handover: Unveiling Ties Between Apt Activity In Hong Kong's Pro-Democracy Movement - Source: FireEye
- Be2 Custom Plugins, Router Abuse, And Target Profiles - Source: Kaspersky
- Darkhotel Indicators Of Compromise - Source: Kaspersky
- The Darkhotel Apt A Story Of Unusual Hospitality - Source: Kaspersky
- The Uroburos Case: New Sophisticated Rat Identified - Source: Gdata
- Korplug Military Targeted Attacks: Afghanistan & Tajikistan - Source: ESET
- Operation Cloudyomega: Ichitaro Zero-Day And Ongoing Cyberespionage Campaign Targeting Japan - Source: Symantec
- Roaming Tiger - Source: ESET
- Onionduke: Apt Attacks Via The Tor Network - F-Secure Weblog : News From The Lab - Source: F-Secure
- Derusbi (Server Variant) Analysis - Source: Novetta
- Evil Bunny: Suspect #4 - Source: Marion Marschalek
- Operation Double Tap - Source: FireEye
- Regin: Top-Tier Espionage Tool Enables Stealthy Surveillance - Source: Symantec
- Secret Malware In European Union Attack Linked To U.S. And British Intelligence - Source: The Intercept
- The Regin Platform Nation-State Ownership Of Gsm Networks - Source: Kaspersky
- I Am Ironman: Deep Panda Uses Sakula Malware To Target Organizations In Multiple Sectors - Source: Crowdstrike
- Hacking The Street? Fin4 Likely Playing The Market - Source: FireEye
- Operation Cleaver: The Notepad Files - Source: Cylance
- The 'Penquin' Turla - Source: Kaspersky
- The Inception Framework: Cloud-Hosted Apt - Source: Bluecoat
- W64/Regin, Stage #1 - Source: F-Secure
- W32/Regin, Stage #1 - Source: F-Secure
- Vulnerability, Malicious Code Appeared In The Mbr Destruction Function Using Hangul File - Source: AhnLab
- Cloud Atlas: Redoctober Apt Is Back In Style - Source: Kaspersky
- Vinself Now With Steganography - Source: Airbus
- Bots, Machines, And The Matrix - Source: Fidelis
- Wiper Malware _ A Detection Deep Dive - Source: Cisco
- Malware Attack Targeting Syrian Isis Critics - Source: Citizen Lab, Cyber Arabs
- Alert (Ta14-353A) Targeted Destructive Malware - Source: US-CERT
- Operation Poisoned Helmand - Source: ThreatConnect
- Anunak: Apt Against Financial Institutions - Source: Group-IB, FOX-IT
###2015
- Skeleton Key Malware Analysis - Source: Dell Secureworks
- Insight In To A Strategic Web Compromise And Attack Campaign Against Hong Kong Infrastructure - Source: Dragon Threat Labs
- Evolution Of Sophisticated Spyware: From Agent.Btz To Comrat - Source: Gdata
- Analysis Of Project Cobra - Source: Gdata
- Reversing The Inception APT Malware - Source: Bluecoat
- The Waterbug Attack Group - Source: Symantec
- Scarab Attackers Took Aim At Select Russian Targets Since 2012 - Source: Symantec
- An Analysis Of Regin's Hopscotch And Legspin - Source: Kaspersky
- Analysis Of A Recent Plugx Variant - P2P Plugx - Source: JPCERT
- Backdoor.Winnti Attackers Have A Skeleton In Their Closet? - Source: Symantec
- Behind The Syrian Conflict's Digital Front Lines - Source: FireEye
- Pawn Storm Update: Ios Espionage App Found - Source: Trend Micro
- Global Threat Intel Report - Source: Crowdstrike
- Operation Arid Viper: Bypassing The Iron Dome - Source: Trend Micro
- Equation Group: Questions And Answers - Source: Kaspersky
- Carbanak APT The Great Bank Robbery - Source: Kaspersky
- The Desert Falcons Targeted Attacks - Source: Kaspersky
- Shooting Elephants - Source: Netzpolitik
- Scanbox Ii - Source: PWC
- Southeast Asia: An Evolving Cyber Threat Landscape - Source: FireEye, Singtel
- Plugx Goes To The Registry (And India) - Source: Sophos
- The Anthem Hack: All Roads Lead To China - Source: ThreatConnect
- Tibetan Uprising Day Malware Attacks - Source: Citizen Lab
- Inside The Equationdrug Espionage Platform - Source: Kaspersky
- Operation Woolen-Goldfish When Kittens Go Phishing - Source: Trend Micro
- Volatile Cedar Threat Intelligence And Research - Source: Checkpoint
- RSA Incident Response: An APT Case Study - Source: RSA
- APT30 And The Mechanics Of A Long-Running Cyber Espionage Operation - Source: FireEye
- The Chronicles Of The Hellsing APT: The Empire Strikes Back - Source: Kaspersky
- Hellsing Indicators Of Compromise - Source: Kaspersky
- Operation Russiandoll: Adobe & Windows ZeroDay Exploits Likely leveraged By Russia's APT28 - Source: FireEye
- Sofacy II_ Same Sofacy, Different Day - Source: PWC
- The Cozyduke APT - Source: Kaspersky
- Cozyduke - Source: F-Secure
- Operation Clandestine Wolf _ Adobe Flash Zero-Day In APT3 Phishing Campaign - Source: FireEye
- Attacks Against Israeli & Palestinian Interests - Source: PWC
- Targeted Attack on France's TV5Monde - Source: Ahnlab
- Dissecting The Kraken - Source: Gdata
- APT28 Targets Financial Markets: Zero Day Hashes Released - Source: root9b
- Cylance Spear Team: A Threat Actor Resurfaces - Source: Cylance
- Operation Tropic Trooper: Relying On Tried-And-Tested Flaws To Infiltrate Secret Keepers - Source: Trend Micro
- Cmstar Downloader: Lurid And Enfal's New Cousin - Source: Palo Alto
- Operation Oil Tanker: The Phantom Menace - Source: Pandalabs
- The Msnmm Campaigns: The Earliest Naikon APT Campaigns - Source: Kaspersky
- Dissecting Linux/Moose: The Analysis Of A Linux Router-Based Worm Hungry For Social Networks - Source: ESET
- Analysis On APT-To-Be Attack That Focusing On China's Government Agency - Source: Antiy CERT
- Grabit And The Rats - Source: Kaspersky
- Oceanlotus - Source: SkyEye
- An Iranian Cyber-Attack Campaign Against Targets In The Middle East - Source: Clearsky
- Blue Termite (Internet Watch) - Source: Kaspersky
- Duqu 2.0: A Comparison To Duqu - Source: CrySyS Lab
- The Duqu 2.0 Technical Details - Source: Kaspersky
- The Naikon APT: Tracking Down Geo-Political Intelligence Across APAC, One Nation At A Time - Source: Kaspersky
- Target Attacks Against Tibetan And Hong Kong Groups Exploiting CVE-2014-4114 - Source: Citizen Lab
- Operation Lotusblossom - Source: Palo Alto
- Games Are Over: Winnti Is Now Targeting Pharmaceutical Companies - Source: Kaspersky
- Unfin4Ished Business - Source: PWC
- Dino: The Latest Spying Malware From An Allegedly French Espionage Group Analyzed - Source: ESET
- Wild Neutron _ Economic Espionage Threat Actor Returns With New Tricks - Source: Kaspersky
- Butterfly: Corporate Spies Out For Financial Gain - Source: Symantec
- "Forkmeiamfamous": Seaduke, Latest Weapon In The Duke Armory - Source: Symantec
- Tracking Minidionis: Cozycar's New Ride Is Related To Seaduke - Source: Palo Alto
- Watering Hole Attack On Aerospace Firm Exploits CVE-2015-5122 To Install Isspace Backdoor - Source: Palo Alto
- China Hacks The Peace Palace: All Your Eez's Are Belong To Us - Source: ThreatConnect
- Duke APT Group's Latest Tools: Cloud Services And Linux Support - Source: F-Secure
- Hammertoss: Stealthy Tactics Define A Russian Cyber Threat Group - Source: FireEye
- The Black Vine Cyberespionage Group - Source: Symantec
- Operation Potao Express: Analysis Of A Cyber-Espionage Toolkit - Source: ESET
- RSA Research Terracotta VPN: Enabler Of Advanced Threat Anonymity - Source: RSA
- Threat Group-3390 Targets Organizations For Cyberespionage - Source: Dell Secureworks
- Carbanak is packing new guns - Source: ESET
- THE DUKES: 7 years of Russian cyberespionage - Source: F-Secure
- Pay No Attention to the Server Behind the Proxy: Mapping FinFisher's Continuing Proliferation - Source: Citizen Lab
- Rocket Kitten: A Campaign With 9 Lives - Source: Checkpoint
- Microsoft Security Intelligence Report (Volume 19) - Source: Microsoft
- PEERING INTO GLASSRAT: A Zero Detection Trojan from China - Source: RSA
- Iran-based attackers use back door threats to spy on Middle Eastern targets - Source: Symantec
- Evolution of Cyber Threats in the Corporate Sector - Source: Kaspersky
- Dissecting the Malware Involved in the INOCNATION Campaign - Source: Fidelis
- BBSRAT Attacks Targeting Russian Organizations Linked to Roaming Tiger - Source: Palo Alto
- ELISE: Security Through Obesity - Source: PWC
###2016
- BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry - Source: ESET
- Operation Dusty Sky - Source: Clearsky
- Operation Dusty Sky (indicators) - Source: Clearsky
- Uncovering the Seven Pointed Dagger - Source: Arbor Networks
- RESEARCH SPOTLIGHT: NEEDLES IN A HAYSTACK - Source: Cisco
- Scarlet Mimic - Source: Palo Alto
- BlackEnergy APT Attacks in Ukraine employ spearphishing with Word documents - Source: Kaspersky
- Emissary Trojan Changelog: Did Operation Lotus Blossom Cause It To Evolve - Source: Palo Alto
- T9000: Advanced Modular Backdoor Uses Complex Anti Analysis Techniques - Source: Palo Alto
- Attack On French Diplomat Linked To Operation Lotus Blossom - Source: Palo Alto
- Know Your Enemies 2.0: A Primer on Advanced Persistent Threat Groups - Source: ICIT
- Poseidon Group - Source: Kaspersky
- A Look Into Fysbis: Sofacy's Linux Backdoor - Source: Palo Alto
- Operation Duststorm - Source: Cylance
- Operation Blockbuster - Source: Novetta
- FROM SEOUL TO SONY: THE HISTORY OF THE DARKSEOUL GROUP AND THE SONY INTRUSION MALWARE DESTOVER - Source: Bluecoat
- Operation Transparent Tribe - Source: Proofpoint
- Shifting Tactics Tracking Changes In Years Long Espionage Campaign Against Tibetans - Source: Citizen Lab
- Suckfly: Revealing the secret life of your code signing certificates - Source: Symantec
- Taiwan Presidential Election: A Case Study on Thematic Targeting - Source: PWC
- The Four Element Sword Engagement - Source: Arbor
- Between Hong Kong and Burma: Tracking UP007 and SLServer Espionage Campaign - Source: Citizen Lab
- Looking Into a Cyber-Attack Facilitator in the Netherlands - Source: Trend Micro
- Looking Into a Cyber-Attack Facilitator in the Netherlands (Appendix) - Source: Trend Micro
- The Ghost Dragon - Source: Cylance
- PLATINUM Targeted attacks in South and Southeast Asia - Source: Microsoft
- Turbo Twist: Two 64-bit Derusbi Strains Converge - Source: Fidelis
- Prince of Persia: Infy Malware Active In Decade of Targeted Attacks - Source: Palo Alto
- Exploring CVE-2015-2545 and its users - Source: PWC
- Mofang: A politically motivated information stealing adversary - Source: Fox-IT
- Operation Groundbait:Analysis of a surveillance toolkit - Source: ESET
- Indian organizations targeted in Suckfly attacks - Source: Symantec
- Operation C-Major Actors Also Used Android BlackBerry Mobile Spyware Against Targets - Source: Trend Micro
- Targeted Attacks against Banks in the Middle East - Source: FireEye
- APT Case RUAG Technical Report - Source: GovCERT.ch
- Operation Ke3chang Resurfaces With New TidePool Malware - Source: Palo Alto
- New Wekby Attacks Use DNS Requests As Command and Control Mechanism - Source: Palo Alto
- CVE-2015-2545: overview of current threats - Source: Kaspersky
- IXESHE Derivative IHEATE Targets Users in America - Source: Trend Micro
- Stealth Falcon - Source: Citizen Lab
- IRONGATE ICS Malware: Nothing to See Here...Masking Malicious Activity on SCADA Systems - Source: FireEye
- APT Group Sends Spear Phishing Emails to Indian Government Officials - Source: FireEye
- Apt Group Sends Spear Phishing Emails To Indian Government Officials - Source: FireEye
- Bears in the Midst: Intrusion into the Democratic National Committee - Source: Crowdstrike
- Operation DustySky Part 2 - Source: Clearsky
- Operation DustySky Part 2 Indicators - Source: Clearsky
- Reverse-engineering DUBNIUM - Source: Microsoft
- New Sofacy Attacks Against US Government Agency - Source: Palo Alto
- Group5: Syria and the Iranian Connection - Source: Citizen Lab
- Threat Group-4127 Targets Hillary Clinton Presidential Campaign - Source: Secureworks
- Threat Group 4127 Targets Hillary Clinton Presidential Campaign - Source: Dell Secureworks
- Flash zero-day exploit deployed by the ScarCruft APT Group - Source: Kaspersky
- Reverse-engineering DUBNIUM's Flash-targeting exploit - Source: Microsoft
- Findings from Analysis of DNC Intrusion Malware - Source: Fidelis
- Visiting The Bear Den A Journey in the Land of (Cyber-)Espionage - Source: ESET
- Tracking Elirks Variants in Japan: Similarities to Previous Attacks - Source: Palo Alto
- Prince of Persia Game Over - Source: Palo Alto
- Asruex: Malware Infecting through Shortcut Files - Source: JPCERT
- Pacifier APT - Source: Bitdefender
- Espionage toolkit targeting Central and Eastern Europe uncovered - Source: ESET
- Unveiling Patchwork the Copy Paste APT - Source: Cymmetria
- NetTraveler APT Targets Russian, European Interests - Source: ProofPoint
- The Dropping Elephant - aggressive cyber-espionage in the Asian region - Source: Kaspersky
- Operation Manul - Source: EFF
- Moonsoon - Analysis of an APT Campaign - Source: Forcepoint
- The ProjectSauron APT - Source: Kaspersky
- Carbanak Oracle Breach - Source: Visa
- Visa Alert and Update on the Oracle Breach - Source: Brian Krebs
- The Million Dollar Dissident: NSO Group's iPhone Zero-Days used against a UAE Human Rights Defender - Source: Citizen Lab
- Buckeye cyberespionage group shifts gaze from US to Hong Kong - Source: Symantec
- Hunting Libyan Scorpions - Source: Cyberkov Security
- Sofacy's Komplex OS X Trojan - Source: Palo Alto
- Belling the BEAR - Source: ThreatConnect
- On the StrongPity Waterhole Attacks Targeting Italian and Belgian Encryption Users - Source: Kaspersky
- Wave your false flags! Deception tactics muddying attribution in targeted attacks - Source: Kaspersky
- En Route with Sednit Part 1: Approaching the Target - Source: ESET
- En Route with Sednit Part 2: Observing the Comings and Goings - Source: ESET
- Houdini's Magic Reappearance - Source: Palo Alto Networks
- Moonlight - Targeted attacks in the Middle East - Source: Vectra Networks
- BITTER: A Targeted attack against Pakistan - Source: Forcepoint
- En Route with Sednit Part 3: A Mysterious Downloader - Source: ESET
- BLACKGEAR Espionage Campaign Evolves, Adds Japan To Target List - Source: Trend Micro
- When The Lights Went Out: Ukraine Cybersecurity Threat Briefing - Source: Booz Allen
- PowerDuke: Widespread Post-Election Spear Phishing Campaigns Targeting Think Tanks and NGOs - Source: Volexity
- New Carbanak / Anunak Attack Methodology - Source: Trustwave
- It's Parliamentary: KeyBoy and the targeting of the Tibetan Community - Source: Citizen Lab
- Malware Actors Using Nic Cyber Security Themed Spear Phishing To Target Indian Government Organizations - Source: Cysinfo
- PROMETHIUM and NEODYMIUM: Parallel zero-day attacks targeting individuals in Europe - Source: Microsoft
- Use of Fancy Bear Android Malware tracking of Ukrainian Artillery Units - Source: Crowdstrike
- GRIZZLY STEPPE - Russian Malicious Cyber Activity - Source: US-CERT
#How can I help?
There are multiple ways to get a report added:
* Notify us via Twitter using the hash tag #aptnotes
* Example: new report by vendor on this group - link #aptnotes
* Reach out to us directly
* @aptnotes
* Create a new issue on Github including the data you want added (using the default issue template)
* We created an issue template to take the guesswork out of things
* If the document is only available in HTML, print a "clean" version (e.g. with Readability, Clearly, or similar) to PDF
#Why do we do it? Like almost every open-source project, this is a labor of love. There are so many reports out there, and they either get lost in the mix or taken down before you get a chance to read them. This is our effort to:
- 1. Make sure these lovely reports get consumed
- 2. Ensure the people of #DFIR #infosec know what's out there
- 3. Hopefully add some context to the chaos
#How is this data being utilized? At present (that we know of...) these current projects consume this repo and make magical things happen:
#Thank You This project would not be where it is without the people that have helped along the way, thank you contributors
Comments (1)
You can clone a snippet to your computer for local editing. Learn more.
goodreads.com/user/show/177488397-editsiz-serverler twitch.tv/editsizserverler behance.net/editsizserverl instapaper.com/p/14184805 coub.com/metin2-pvpserverler myanimelist.net/profile/editsizserverler worldcosplay.net/member/1754620 onmogul.com/editsiz-serverler metin2pvpserverler.hashnode.dev/metin2-pvp-serverler gaiaonline.com/profiles/editsizserverler/46656672/ leetcode.com/editsizserverler/ coolors.co/u/editsiz_serverler unsplash.com/@editsizserverler metin2-pvp-serverler.jimdosite.com/ zazzle.com/mbr/238039878416461152 brownbook.net/business/52637466/metin2-pvp-serverler community.tubebuddy.com/index.php?members/205346/#about reedsy.com/discovery/user/editsizserverler hackerearth.com/@editsizserverlerorg wakelet.com/wake/7OIcdWsbjqXHh82vRa9ZZ peatix.com/user/21877725/view penzu.com/public/eef09aac2dcbfc71 experiment.com/users/eeditsizserverler pearltrees.com/editsizserverler wefunder.com/editsizserverler imageevent.com/editsizserverler ourclass.mn.co/members/23696284 friendtalk.mn.co/members/23696354 slides.com/editsizserverler roosterteeth.com/g/user/EditsizServerler/activity opencollective.com/editsiz-serverler pastelink.net/erd7vohi fairygodboss.com/users/profile/48WIpe-gxe/editsizserverler codingame.com/profile/e076eaf315403d3ed090624d8cdccc234708506 jigsawplanet.com/editsizserverler?viewas=3d85ff6a3ee9 jsfiddle.net/editsizserverler/x0sorwL5/6/ jsfiddle.net/editsizserverler/x0sorwL5/7/ jsfiddle.net/editsizserverler/x0sorwL5/8/ jsfiddle.net/editsizserverler/x0sorwL5/9/ jsfiddle.net/editsizserverler/x0sorwL5/10/ jsfiddle.net/editsizserverler/x0sorwL5/11/ jsfiddle.net/editsizserverler/x0sorwL5/12/ jsfiddle.net/editsizserverler/x0sorwL5/13/ jsfiddle.net/editsizserverler/x0sorwL5/14/ jsfiddle.net/editsizserverler/x0sorwL5/15/ jsfiddle.net/editsizserverler/x0sorwL5/16/ jsfiddle.net/editsizserverler/x0sorwL5/17/ jsfiddle.net/editsizserverler/x0sorwL5/18/ jsfiddle.net/editsizserverler/x0sorwL5/19/ jsfiddle.net/editsizserverler/x0sorwL5/20/ jsfiddle.net/editsizserverler/x0sorwL5/21/ jsfiddle.net/editsizserverler/x0sorwL5/22/ jsfiddle.net/editsizserverler/x0sorwL5/23/ jsfiddle.net/editsizserverler/x0sorwL5/24/ jsfiddle.net/editsizserverler/x0sorwL5/25/ jsfiddle.net/editsizserverler/x0sorwL5/26/ jsfiddle.net/editsizserverler/x0sorwL5/27/ jsfiddle.net/editsizserverler/x0sorwL5/28/ jsfiddle.net/editsizserverler/x0sorwL5/29/ jsfiddle.net/editsizserverler/x0sorwL5/30/ jsfiddle.net/editsizserverler/x0sorwL5/31/ jsfiddle.net/editsizserverler/x0sorwL5/32/ jsfiddle.net/editsizserverler/x0sorwL5/33/ jsfiddle.net/editsizserverler/x0sorwL5/34/ jsfiddle.net/editsizserverler/x0sorwL5/35/ jsfiddle.net/editsizserverler/x0sorwL5/36/ jsfiddle.net/editsizserverler/x0sorwL5/37/ jsfiddle.net/editsizserverler/x0sorwL5/38/ jsfiddle.net/editsizserverler/x0sorwL5/39/ jsfiddle.net/editsizserverler/x0sorwL5/40/ jsfiddle.net/editsizserverler/x0sorwL5/41/ jsfiddle.net/editsizserverler/x0sorwL5/42/ jsfiddle.net/editsizserverler/x0sorwL5/43/ jsfiddle.net/editsizserverler/x0sorwL5/44/ jsfiddle.net/editsizserverler/x0sorwL5/45/ jsfiddle.net/editsizserverler/x0sorwL5/46/ jsfiddle.net/editsizserverler/x0sorwL5/47/ jsfiddle.net/editsizserverler/x0sorwL5/48/ jsfiddle.net/editsizserverler/x0sorwL5/49/ jsfiddle.net/editsizserverler/x0sorwL5/50/ jsfiddle.net/editsizserverler/x0sorwL5/51/ jsfiddle.net/editsizserverler/x0sorwL5/52/ jsfiddle.net/editsizserverler/x0sorwL5/53/ jsfiddle.net/editsizserverler/x0sorwL5/54/ jsfiddle.net/editsizserverler/x0sorwL5/55/ jsfiddle.net/editsizserverler/x0sorwL5/56/ jsfiddle.net/editsizserverler/x0sorwL5/57/ jsfiddle.net/editsizserverler/x0sorwL5/58/ jsfiddle.net/editsizserverler/x0sorwL5/59/ jsfiddle.net/editsizserverler/x0sorwL5/60/ jsfiddle.net/editsizserverler/x0sorwL5/61/ jsfiddle.net/editsizserverler/x0sorwL5/62/ jsfiddle.net/editsizserverler/x0sorwL5/63/ jsfiddle.net/editsizserverler/x0sorwL5/64/ jsfiddle.net/editsizserverler/x0sorwL5/65/ jsfiddle.net/editsizserverler/x0sorwL5/66/ jsfiddle.net/editsizserverler/x0sorwL5/67/ jsfiddle.net/editsizserverler/x0sorwL5/68/ jsfiddle.net/editsizserverler/x0sorwL5/69/ jsfiddle.net/editsizserverler/x0sorwL5/70/ jsfiddle.net/editsizserverler/x0sorwL5/71/ jsfiddle.net/editsizserverler/x0sorwL5/72/ jsfiddle.net/editsizserverler/x0sorwL5/73/ jsfiddle.net/editsizserverler/x0sorwL5/74/ jsfiddle.net/editsizserverler/x0sorwL5/75/ jsfiddle.net/editsizserverler/x0sorwL5/76/ jsfiddle.net/editsizserverler/x0sorwL5/77/ jsfiddle.net/editsizserverler/x0sorwL5/78/ jsfiddle.net/editsizserverler/x0sorwL5/79/ jsfiddle.net/editsizserverler/x0sorwL5/80/ jsfiddle.net/editsizserverler/x0sorwL5/81/ jsfiddle.net/editsizserverler/x0sorwL5/82/ jsfiddle.net/editsizserverler/x0sorwL5/83/ jsfiddle.net/editsizserverler/x0sorwL5/84/ jsfiddle.net/editsizserverler/x0sorwL5/85/ jsfiddle.net/editsizserverler/x0sorwL5/86/ jsfiddle.net/editsizserverler/x0sorwL5/87/ jsfiddle.net/editsizserverler/x0sorwL5/88/ jsfiddle.net/editsizserverler/x0sorwL5/89/ jsfiddle.net/editsizserverler/x0sorwL5/90/ jsfiddle.net/editsizserverler/x0sorwL5/91/ jsfiddle.net/editsizserverler/x0sorwL5/92/ jsfiddle.net/editsizserverler/x0sorwL5/93/ jsfiddle.net/editsizserverler/x0sorwL5/94/ jsfiddle.net/editsizserverler/x0sorwL5/95/ jsfiddle.net/editsizserverler/x0sorwL5/96/ jsfiddle.net/editsizserverler/x0sorwL5/97/ jsfiddle.net/editsizserverler/x0sorwL5/98/ jsfiddle.net/editsizserverler/x0sorwL5/99/ jsfiddle.net/editsizserverler/x0sorwL5/100/ intensedebate.com/people/johnhenry2233 pxhere.com/en/photographer-me/4238660 longisland.com/profile/editsizserverler/ metin2-pvp-serverler.webflow.io/ anyflip.com/homepage/gwyra/preview pinshape.com/users/4109032-editsizserverlerorg allmyfaves.com/editsizserverler pexels.com/tr-tr/@editsiz-serverler-1225707393/ slideserve.com/editsizserverler archive.org/details/@editsizserverler divephotoguide.com/user/editsizserverler/ metal-archives.com/users/editsizserverler band.us/band/94702101 camp-fire.jp/profile/editsizserverler subscribe.ru/author/31420877 my.desktopnexus.com/blogamca/journal/metin2-pvp-serverler-49878/ replit.com/@editsizserverle fliphtml5.com/tr/homepage/pspuy/editsizserverlerorg/ free-ebooks.net/profile/1562629/editsiz-serverler qooh.me/editsizsrvl pubhtml5.com/homepage/exapj/ zzb.bz/Ib8s8 australian-school-holidays.mn.co/members/23780373 metin2pvpserverler.gallery.ru/ justpaste.it/eoa85 profile.hatena.ne.jp/editsizserverler/ indiegogo.com/individuals/37682987 taz.de/ list.ly/editsizserverlerorg/lists mypaper.pchome.com.tw/tomasvanek/post/1381781942 mypaper.pchome.com.tw/tomasvanek/post/1381781943 metin2pvpserverler.mystrikingly.com/ ted.com/profiles/46748800 play.eslgaming.com/player/20056929/ metin2pvpserverler.threadless.com/about knowyourmeme.com/users/editsiz-serverler active.popsugar.com/@editsizserverler/profile sitetanitimlari.seesaa.net/article/503120781.html sitetanitimlari.seesaa.net/article/502999078.html sitetanitimlari.seesaa.net/article/502585593.html sitetanitimlari.seesaa.net/article/502585551.html sitetanitimlari.seesaa.net/article/502585519.html sitetanitimlari.seesaa.net/article/502585492.html sitetanitimlari.seesaa.net/article/502585455.html sitetanitimlari.seesaa.net/article/498056830.html filmizle2018.blog.fc2.com/blog-entry-21.html filmizle2018.blog.fc2.com/blog-entry-26.html filmizle2018.blog.fc2.com/blog-entry-31.html ameblo.jp/sitetanitimlari/entry-12787859138.html connect.garmin.com/modern/profile/97fe48da-7177-4ae0-bf0e-34fbe1334538 reddit.com/user/uflee/ agario.buzzsprout.com/2066066/14949093-metin2 linkedin.com/posts/okeyoyna_metin2-ejderhalar-merhaba-metin2-oyununa-activity-7171861395326582784-UlrI/ linkedin.com/pulse/metin2-pvp-serverler-listeleri-okey-oyna-jyhpf/ blogger.com/profile/15166393869257970818 draft.blogger.com/profile/15166393869257970818 instagram.com/realokey/ blogger.com/profile/05227574979353865473 draft.blogger.com/profile/05227574979353865473 tumblr.com/onlineokey twitter.com/mt2org twitch.tv/okeyoynaa pinterest.com/a99io/ google.com/url?q=https://www.okeyoyna.com vimeo.com/846733433 wordpress.com/tr/forums/topic/metin2-pvp-tanirim-scpriti/ dailymotion.com/video/x8e47pq gravatar.com/realokey grepo.travelcarma.com/okeyoyna/okey-oyna beatstars.com/zaferozkel okeyoyunu.mystrikingly.com/ gamblingtherapy.org/user/okeyoyna public.tableau.com/app/profile/okey.oyna/vizzes okeyoyna.amebaownd.com/posts/53051499 wefunder.com/okey sovren.media/u/okeyoyna/ lazi.vn/user/okeyoyna gravatar.com/realokey soundcloud.com/okey-oyna okey-oyna.webflow.io/ guides.co/g/okey-oyna/372469 flickr.com/people/200607646@N08/ my.desktopnexus.com/realokey giantbomb.com/profile/okeyoyna/ giantbomb.com/profile/okeyoyna/blog/ encinitas.bubblelife.com/community/okey_oyna sites.bubblelife.com/users/okeyoynacom_a31336 fanart-central.net/user/okeyoyna/profile klse.i3investor.com/web/cube/blog/okeyoyna globalcatalog.com/okeyoyna.tr articlesjust4you.com/members/okeyoyna/ issuu.com/realokey audiomack.com/okeyoynacom/song/dj-okey-oyna-dii-kartal audiomack.com/okeyoynacom gitlab.nic.cz/okeyoyna ameblo.jp/okeyoyna/entry-12849563639.html ameblo.jp/okeyoyna/ profile.ameba.jp/ameba/okeyoyna nintendo-master.com/profil/okeyoyna band.us/band/94698085 pastelink.net/192agg8x pastelink.net/sxqkqqcx pastelink.net/do4ziud7 pastelink.net/9ebiqvd9 pastelink.net/urv9w3xn agario.buzzsprout.com/2066066/14949093-metin2 reverbnation.com/okeyoynacom disqus.com/by/efehanzkel/about/ hub.docker.com/u/okeyoyna tinhte.vn/members/okey-oyna.3017475/ openhumans.net/member/okeyoyna/ research.openhumans.org/member/okeyoyna/ openhumans.com/member/okeyoyna/ portfolium.com/okeyoyna anobii.com/en/0152c9fb8c9e13a07a/profile/activity gitlab.ifam.edu.br/okeyoyna peatix.com/group/16198815 peatix.com/user/21949084/view rapidapi.com/okeyoynacom/api/demo-project85460/details zillow.com/profile/okeyoynacom/ pinterest.com/a99io/ pinterest.ph/a99io/ pinterest.com/a99io/ pinterest.com.mx/a99io/ pinterest.it/a99io/ pinterest.fr/a99io/ pinterest.ca/a99io/ pinterest.jp/a99io/ pinterest.co.uk/a99io/ pinterest.de/a99io/ pinterest.es/a99io/ se.pinterest.com/a99io/ tr.pinterest.com/a99io/ ru.pinterest.com/a99io/ id.pinterest.com/a99io/ cs.pinterest.com/a99io/ es.pinterest.com/a99io/ pl.pinterest.com/a99io/ pt.pinterest.com/a99io/ br.pinterest.com/a99io/ co.pinterest.com/a99io/ nl.pinterest.com/a99io/ se.pinterest.com/a99io/ at.pinterest.com/a99io/ dk.pinterest.com/a99io/ in.pinterest.com/a99io/ ro.pinterest.com/a99io/ sk.pinterest.com/a99io/ fi.pinterest.com/a99io/ ar.pinterest.com/a99io/ freelance.habr.com/freelancers/okeyoyna 500px.com/p/okeyoyna?view=photos