Created
March 30, 2023 10:29
-
-
Save tylermneher/1a63071f7f4eb831a8163e12b4ed2b00 to your computer and use it in GitHub Desktop.
Example APT Reports Pulled from OTX
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| title | reference | created | |
|---|---|---|---|
| Continued PassCV Malware | https://drive.google.com/file/d/1pzZT7Stig6i8hTqjxUUgxDSmGEJ7W9ak/view | 2018-08-06 | |
| Blackgear Cyberespionage Campaign Resurfaces Abuses Social Media for C and C Communication | https://blog.trendmicro.com/trendlabs-security-intelligence/blackgear-cyberespionage-campaign-resurfaces-abuses-social-media-for-cc-communication/ | 2018-07-18 | |
| Golden Rat long-term espionage campaign in Syria is still ongoing | http://csecybsec.com/download/zlab/20180723_CSE_APT27_Syria_v1.pdf | 2018-07-23 | |
| Chinese Espionage Group TEMP.Periscope Targets Cambodia Ahead of July 2018 Elections and Reveals Broad Operations Globally | https://www.fireeye.com/blog/threat-research/2018/07/chinese-espionage-group-targets-cambodia-ahead-of-elections.html | 2018-07-11 | |
| Certificates stolen from Taiwanese tech-companies misused in Plead malware campaign | https://www.welivesecurity.com/2018/07/09/certificates-stolen-taiwanese-tech-companies-plead-malware-campaign/ | 2018-07-09 | |
| NavRAT Uses US-North Korea Summit As Decoy For Attacks In South Korea | https://blog.talosintelligence.com/2018/05/navrat.html?m=1 | 2018-06-01 | |
| Continued Manuscrypt Attacks | http://sfkino.tistory.com/62 | 2018-08-06 | |
| Turla Actors using Copied Cars.com Content | https://twitter.com/9bplus/status/1024714362244739073?s=21 | 2018-08-06 | |
| New Threat Actor Group DarkHydrus Targets Middle East Government | https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/ | 2018-07-28 | |
| A Persistent Campaign Targeting CIS Countries with SOCKSBOT | https://www.accenture.com/t00010101T000000Z__w__/gb-en/_acnmedia/PDF-83/Accenture-Goldfin-Security-Alert.pdf | 2018-08-03 | |
| The Gorgon Group: Slithering Between Nation State and Cybercrime | https://researchcenter.paloaltonetworks.com/2018/08/unit42-gorgon-group-slithering-nation-state-cybercrime/ | 2018-08-02 | |
| On the Hunt for FIN7 | https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html | 2018-08-01 | |
| DOKKAEBI: Documents of Korean and Evil Binary | http://www.fsec.or.kr/user/bbs/fsec/21/13/bbsDataView/1063.do | 2018-08-01 | |
| Multiple Cobalt Campaigns | https://blog.talosintelligence.com/2018/07/multiple-cobalt-personality-disorder.html | 2018-07-31 | |
| Micropsia Malware | https://blog.radware.com/security/2018/07/micropsia-malware/ | 2018-07-27 | |
| Advanced Mobile Malware Campaign in India uses Malicious MDM - Part 2 | https://blog.talosintelligence.com/2018/07/Mobile-Malware-Campaign-uses-Malicious-MDM-Part2.html | 2018-07-25 | |
| Analysis of the latest attack activities of APT-C-35 organization | https://ti.360.net/blog/articles/latest-activity-of-apt-c-35/ | 2018-07-26 | |
| High alert against malicious code attacks in Vietnam | http://vietnaminsider.vn/high-alert-against-malicious-code-attacks-in-vietnam/ | 2018-07-25 | |
| Leafminer: New Espionage Campaigns Targeting Middle Eastern Regions | https://www.symantec.com/blogs/threat-intelligence/leafminer-espionage-middle-east | 2018-07-25 | |
| OilRig Targets Technology Service Provider and Government Agency with QUADAGENT | https://researchcenter.paloaltonetworks.com/2018/07/unit42-oilrig-targets-technology-service-provider-government-agency-quadagent/ | 2018-07-25 | |
| Trickbot Spreading via SMB | https://researchcenter.paloaltonetworks.com/2018/07/unit42-malware-team-malspam-pushing-emotet-trickbot/ | 2018-07-18 | |
| New Andariel Reconnaissance Tactics Hint At Next Targets | https://blog.trendmicro.com/trendlabs-security-intelligence/new-andariel-reconnaissance-tactics-hint-at-next-targets/ | 2018-07-17 | |
| Sidewinder APT | https://s.tencent.com/research/report/479.html | 2018-07-16 | |
| Fancy Bear domains | https://www.threatconnect.com/whats-in-a-name-server/ | 2016-07-07 | |
| APT Attack In the Middle East: The Big Bang | https://research.checkpoint.com/apt-attack-middle-east-big-bang/ | 2018-07-09 | |
| Hamas Android Malware Targeting Israeli Soldiers | https://www.clearskysec.com/glancelove/ | 2018-07-03 | |
| Operation Red Gambler | http://image.ahnlab.com/file_upload/asecissue_files/ASEC%20REPORT_vol.91.pdf | 2018-07-03 | |
| KingKong.dll - Recent PoisonIvy and PlugX variants targeting South East Asia | http://stnmt.bacninh.gov.vn/documents/57412/11672469/420-STTTT.pdf | 2017-08-07 | |
| Tick Group Weaponized Secure USB Drives to Target Air-Gapped Critical Systems | https://researchcenter.paloaltonetworks.com/2018/06/unit42-tick-group-weaponized-secure-usb-drives-target-air-gapped-critical-systems/ | 2018-06-22 | |
| Charming Kitten Watering Holes | https://twitter.com/ClearskySec/status/1006445262003494913 | 2018-06-21 | |
| LuckyMouse hits national data center to organize country-level waterholing campaign | https://securelist.com/luckymouse-hits-national-data-center/86083/ | 2018-06-15 | |
| Another Potential MuddyWater Campaign uses Powershell-based PRB-Backdoor | https://blog.trendmicro.com/trendlabs-security-intelligence/another-potential-muddywater-campaign-uses-powershell-based-prb-backdoor/ | 2018-06-15 | |
| MirageFox: APT15 Resurfaces With New Tools Based On Old Ones | https://www.intezer.com/miragefox-apt15-resurfaces-with-new-tools-based-on-old-ones/ | 2018-06-14 | |
| DMI Connect.doc - QUADAGENT | https://twitter.com/ClearskySec/status/1004749887966244865 | 2018-06-07 | |
| Patchwork APT Group Targets US Think Tanks | https://www.volexity.com/blog/2018/06/07/patchwork-apt-group-targets-us-think-tanks/ | 2018-06-07 | |
| Lojack Becomes a Double-Agent | https://asert.arbornetworks.com/lojack-becomes-a-double-agent/amp/ | 2018-05-01 | |
| North Korea Bitten By Bitcoin Bug | https://www.proofpoint.com/sites/default/files/pfpt-us-wp-north-korea-bitten-by-bitcoin-bug.pdf | 2017-12-20 | |
| Footprints of Fin7 | https://www.icebrg.io/blog/footprints-of-fin7-iocs | 2017-08-10 | |
| Analysis of APT attack on Operation Onezero | http://blog.alyac.co.kr/1710 | 2018-05-29 | |
| Joanap Backdoor Trojan and Brambul Server Message Block Worm | https://www.us-cert.gov/ncas/alerts/TA18-149A | 2018-05-29 | |
| Turla Mosquito: A shift towards more generic tools | https://www.welivesecurity.com/2018/05/22/turla-mosquito-shift-towards-generic-tools/ | 2018-05-22 | |
| Clearing the MuddyWater - Analysis of new MuddyWater Samples | https://sec0wn.blogspot.ae/2018/05/clearing-muddywater-analysis-of-new.html | 2018-05-08 | |
| Digitial Threats Against Human Rights Defenders in Pakistan | https://www.amnesty.org/download/Documents/ASA3383662018ENGLISH.PDF | 2018-05-15 | |
| APT10 Using Cobalt Strike | https://www.lac.co.jp/lacwatch/people/20180521_001638.html | 2018-05-21 | |
| An Intelligence Report on the Winnti Umbrella and Associated State-Sponsored Attackers | https://401trg.pw/burning-umbrella/ | 2018-05-04 | |
| Finfisher Changes Tactics to Hook Critics | https://www.accessnow.org/cms/assets/uploads/2018/05/FinFisher-changes-tactics-to-hook-critics-AN.pdf | 2018-05-15 | |
| Continued DarkHotel Activity | https://ti.360.net/blog/articles/analysis-of-darkhotel/ | 2018-05-08 | |
| Innaput Actors Utilize Remote Access Trojan Since 2016 Presumably Targeting Victim Files | https://www.arbornetworks.com/blog/asert/innaput-actors-utilize-remote-access-trojan-since-2016-presumably-targeting-victim-files/ | 2018-04-05 | |
| HenBox: Inside the Coop | https://researchcenter.paloaltonetworks.com/2018/04/unit42-henbox-inside-coop/ | 2018-04-27 | |
| Operation Starcruiser - a state-based APT group | http://blog.alyac.co.kr/1653 | 2018-04-25 | |
| Attack Seeks to Steal Data Worldwide | https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide | 2018-04-25 | |
| New Targeted Attack in the Middle East by APT34 a Suspected Iranian Threat Group Using CVE-2017-11882 Exploit | https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html | 2017-12-07 | |
| Sednit update: Analysis of Zebrocy | https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy/ | 2018-04-24 | |
| Energetic Bear/Crouching Yeti: attacks on servers | https://securelist.com/energetic-bear-crouching-yeti/85345/ | 2018-04-23 | |
| Operation Baby Coin | http://viruslab.tistory.com/4144 | 2018-04-19 | |
| Decoding network data from a Gh0st RAT variant | https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/april/decoding-network-data-from-a-gh0st-rat-variant/ | 2018-04-17 | |
| FIN7 Group Uses JavaScript and Stealer DLL Variant in New Attacks | http://blog.talosintelligence.com/2017/09/fin7-stealer.html | 2017-09-27 | |
| Continued White Elephant Spearphishes | http://stock.jrj.com.cn/2018/03/31000024362600.shtml | 2018-04-11 | |
| Reaper Group Updated Mobile Arsenal | https://researchcenter.paloaltonetworks.com/2018/04/unit42-reaper-groups-updated-mobile-arsenal/ | 2018-04-06 | |
| Hostile state actors compromising UK organisations with focus on engineering and industrial control companies | https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control | 2018-04-05 | |
| Jaff Ransomware and Suspicious PDF Delivery | https://blogs.forcepoint.com/security-labs/jaff-enters-ransomware-scene-locky-style | 2017-05-12 | |
| Privileges and Credentials: Phished at the Request of Counsel | https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html | 2017-06-06 | |
| Operation Iron Tiger | http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-operation-iron-tiger.pdf | 2015-09-16 | |
| Turla group using Neuron and Nautilus tools alongside Snake malware | https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20group%20using%20Neuron%20and%20Nautilus%20tools%20alongside%20Snake%20malware_0.pdf | 2017-11-23 | |
| Spying on North Korean Defectors | https://github.com/comaeio/OPCDE/blob/master/2018/DPRK's%20eyes%20on%20mobile%20Spying%20on%20North%20Korean%20Defectors%20-%20Inhee%20Han%20%26%20Jaewon%20Min/DPRK_EYES_ON_MOBILE(OPCDE2018)-FINAL.PDF | 2018-04-10 | |
| New MacOS Backdoor Linked to OceanLotus Found | https://blog.trendmicro.com/trendlabs-security-intelligence/new-macos-backdoor-linked-to-oceanlotus-found/ | 2018-04-04 | |
| Lazarus Group Targets More Cryptocurrency Exchanges and FinTech Companies | http://www.intezer.com/lazarus-group-targets-more-cryptocurrency-exchanges-and-fintech-companies/ | 2018-03-28 | |
| Fancy Bear Infrastructure | https://www.threatconnect.com/blog/using-fancy-bear-ssl-certificate-information-to-identify-their-infrastructure/ | 2018-03-27 | |
| Dridex Banking Trojan Returns Leverages New UAC Bypass Method | https://www.flashpoint-intel.com/blog-dridex-banking-trojan-returns/ | 2017-01-26 | |
| FancyBear Exploits NYC Terrorism Fears In Latest Spear Phishing Campaign | https://medium.com/@0x736A/fancybear-exploits-nyc-terrorism-fears-in-latest-spear-phishing-campaign-22672e9aeeda | 2017-11-28 | |
| Glupteba is no longer part of Windigo | https://www.welivesecurity.com/2018/03/22/glupteba-no-longer-windigo/ | 2018-03-22 | |
| 2018 Sofacy Activity | https://securelist.com/masha-and-these-bears/84311/ | 2018-03-09 | |
| Updated Cloud Hopper Indicators of Compromise | https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html | 2017-04-10 | |
| Chinese Group (TEMP.Periscope) Targeting U.S Engineering and Maritime Industries | https://www.fireeye.com/blog/threat-research/2018/03/suspected-chinese-espionage-group-targeting-maritime-and-engineering-industries.html | 2018-03-16 | |
| Tropic Troopers New Strategy | https://blog.trendmicro.com/trendlabs-security-intelligence/tropic-trooper-new-strategy/ | 2018-03-14 | |
| Iranian Threat Group Updates Tactics Techniques and Procedures in Spear Phishing Campaign | https://www.fireeye.com/blog/threat-research/2018/03/iranian-threat-group-updates-ttps-in-spear-phishing-campaign.html | 2018-03-14 | |
| Updated MuddyWater activity | https://sec0wn.blogspot.com/2018/02/burping-on-muddywater.html | 2018-03-13 | |
| OceanLotus Old techniques new backdoor | https://www.welivesecurity.com/wp-content/uploads/2018/03/ESET_OceanLotus.pdf | 2018-03-13 | |
| Leaked source code for Ammyy Admin turned into FlawedAmmyy RAT | https://www.proofpoint.com/us/threat-insight/post/leaked-source-code-ammyy-admin-turned-flawedammyy-rat | 2018-03-12 | |
| APT15 is alive and strong: An analysis of RoyalCli and RoyalDNS | https://raw.githubusercontent.com/nccgroup/Royal_APT/master/signatures/apt15.yara | 2018-03-10 | |
| New traces of Hacking Team in the wild | https://www.welivesecurity.com/2018/03/09/new-traces-hacking-team-wild/ | 2018-03-09 | |
| Hidden Cobra Targets Turkish Financial Sector With New Bankshot Implant | https://securingtomorrow.mcafee.com/mcafee-labs/hidden-cobra-targets-turkish-financial-sector-new-bankshot-implant/ | 2018-03-09 | |
| Donot Team Leverages New Modular Malware Framework in South Asia | https://www.arbornetworks.com/blog/asert/donot-team-leverages-new-modular-malware-framework-south-asia/ | 2018-03-09 | |
| The Slingshot APT | https://s3-eu-west-1.amazonaws.com/khub-media/wp-content/uploads/sites/43/2018/03/09133534/The-Slingshot-APT_report_ENG_final.pdf | 2018-03-09 | |
| Patchwork Continues to Deliver BADNEWS to the Indian Subcontinent | https://researchcenter.paloaltonetworks.com/2018/03/unit42-patchwork-continues-deliver-badnews-indian-subcontinent/ | 2018-03-08 | |
| Malware TSCookie | http://blog.jpcert.or.jp/2018/03/malware-tscooki-7aa0.html | 2018-03-06 | |
| Spear-phishing campaign leveraging on MSXSL | https://reaqta.com/2018/03/spear-phishing-campaign-leveraging-msxsl/ | 2018-03-03 | |
| Operation Honeybee a Malicious Document Campaign Targeting Humanitarian Aid Groups | https://securingtomorrow.mcafee.com/mcafee-labs/mcafee-uncovers-operation-honeybee-malicious-document-campaign-targeting-humanitarian-aid-groups/ | 2018-03-02 | |
| Chafer: Latest Attacks Reveal Heightened Ambitions | https://www.symantec.com/blogs/threat-intelligence/chafer-latest-attacks-reveal-heightened-ambitions | 2018-02-28 | |
| A Slice of 2017 Sofacy Activity | https://securelist.com/a-slice-of-2017-sofacy-activity/83930/ | 2018-02-20 | |
| SamSam Ransomware Campaigns | https://www.secureworks.com/research/samsam-ransomware-campaigns | 2018-02-15 | |
| WannaCry linked Lazarus indicators | https://www.symantec.com/security_response/writeup.jsp?docid=2017-052206-5950-99 | 2017-05-24 | |
| Turla group using update Neuron malware | https://www.ncsc.gov.uk/alerts/turla-group-malware#quicktabs-alert_tabs2 | 2018-01-18 | |
| Deciphering Confucius Cyberespionage Operations | https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confucius-cyberespionage-operations/ | 2018-02-13 | |
| Lazarus Resurfaces Targets Global Banks and Bitcoin Users | https://securingtomorrow.mcafee.com/mcafee-labs/lazarus-resurfaces-targets-global-banks-bitcoin-users/ | 2018-02-12 | |
| Continued attacks against Korea by Kimsuky | http://blog.alyac.co.kr/1536 | 2018-02-12 | |
| Flash 0 Day In The Wild | http://blog.talosintelligence.com/2018/02/group-123-goes-wild.html | 2018-02-02 | |
| A New Version of North Korean Ransomware Hermes Has Emerged | http://www.intezer.com/another-distraction-new-version-north-korean-ransomware-hermes/ | 2018-02-09 | |
| Sofacy targeting Romanian Embassy | https://twitter.com/ClearskySec/status/960924755355369472 | 2018-02-08 | |
| Continued targeting of crypto-currencies in South Korea | http://blog.alyac.co.kr/1527 | 2018-02-05 | |
| Flash Player Zero-Day Attack Deployed by Korean Messenger Application | http://blog.alyac.co.kr/1521 | 2018-02-02 | |
| Smominru Monero mining botnet making millions for operators | https://www.proofpoint.com/us/threat-insight/post/smominru-monero-mining-botnet-making-millions-operators | 2018-02-02 | |
| Operation PZCHAO | https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-inside-a-highly-specialized-espionage-infrastructure/ | 2018-02-02 | |
| Operation Arabian Night Attack Group Global Expansion | http://blog.alyac.co.kr/1519 | 2018-01-31 | |
| Comnie Continues to Target Organizations in East Asia | https://researchcenter.paloaltonetworks.com/2018/01/unit42-comnie-continues-target-organizations-east-asia/ | 2018-01-31 | |
| VERMIN: Quasar RAT and Custom Malware Used In Ukraine | https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/ | 2018-01-29 | |
| Targeted Attacks on Central Management Systems | http://global.ahnlab.com/global/upload/download/asecreport/ASEC%20REPORT_vol.89_ENG.pdf | 2018-01-26 | |
| OilRig uses RGDoor IIS Backdoor on Targets in the Middle East | https://researchcenter.paloaltonetworks.com/2018/01/unit42-oilrig-uses-rgdoor-iis-backdoor-targets-middle-east/ | 2018-01-25 | |
| Denis and Co. IsmDoor | https://securelist.com/denis-and-company/83671/ | 2018-01-25 | |
| Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors | https://www.us-cert.gov/ncas/alerts/TA17-293A | 2017-10-21 | |
| Lazarus Campaign Targeting Cryptocurrencies Reveals Remote Controller Tool an Evolved RATANKBA and More | https://blog.trendmicro.com/trendlabs-security-intelligence/lazarus-campaign-targeting-cryptocurrencies-reveals-remote-controller-tool-evolved-ratankba/ | 2018-01-24 | |
| Duping Doping Domains | https://www.threatconnect.com/blog/duping-doping-domains/ | 2018-01-11 | |
| Dark Caracal malware linked to Lebanon | https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf | 2018-01-18 | |
| First Activities of Cobalt Group in 2018: Spear-phishing Russian Banks | https://www.riskiq.com/blog/labs/cobalt-group-spear-phishing-russian-banks/ | 2018-01-17 | |
| North Korea Targeted South Korean Cryptocurrency Users and Exchange in Late 2017 Campaign | https://go.recordedfuture.com/hubfs/reports/cta-2018-0116-appendix.pdf | 2018-01-16 | |
| Continued Hangover Activity | https://www.gov.il/he/Departments/publications/reports/rand | 2017-11-21 | |
| Korea In The Crosshairs | http://blog.talosintelligence.com/2018/01/korea-in-crosshairs.html | 2018-01-16 | |
| PowerStager Analysis | https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/ | 2018-01-12 | |
| Update on Pawn Storm: New Targets and Politically Motivated Campaigns | http://blog.trendmicro.com/trendlabs-security-intelligence/update-pawn-storm-new-targets-politically-motivated-campaigns/ | 2018-01-12 | |
| North Korean Defectors and Journalists Targeted Using Social Networks and KakaoTalk | https://securingtomorrow.mcafee.com/mcafee-labs/north-korean-defectors-journalists-targeted-using-social-networks-kakaotalk/ | 2018-01-11 | |
| Diplomats in Eastern Europe bitten by a Turla mosquito | https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf | 2018-01-09 | |
| The Carbanak Fin7 Syndicate | https://www.rsa.com/content/dam/en/white-paper/the-carbanak-fin7-syndicate.pdf | 2017-11-23 | |
| Recent Incident Reportedly Targeting Saudi Arabia With Links To Greenbug and OilRig Actors | https://www.ci-project.org/blog/2017/9/11/incident-report-recent-incident-reportedly-targeting-saudi-arabia-with-links-to-greenbug-and-oilrig-actors | 2017-09-11 | |
| Further Gaza Cybergang Activity | http://www.freebuf.com/vuls/142970.html | 2017-08-09 | |
| Untangling the Patchwork Cyberespionage Group | https://documents.trendmicro.com/assets/appendix-untangling-the-patchwork-cyberespionage-group.pdf | 2017-12-11 | |
| Master Channel: The Boleto Mestre Campaign Targets Brazil | https://researchcenter.paloaltonetworks.com/2017/12/unit42-master-channel-the-boleto-mestre-campaign-targets-brazil/ | 2017-12-07 | |
| Disrupting Gamarue | https://www.welivesecurity.com/2017/12/04/eset-takes-part-global-operation-disrupt-gamarue/ | 2017-12-06 | |
| Ethiopian Dissidents targeted with commercial spyware | https://citizenlab.ca/2017/12/champing-cyberbit-ethiopian-dissidents-targeted-commercial-spyware/ | 2017-12-06 | |
| Flying Kitten to Rocket Kitten | https://iranthreats.github.io/resources/attribution-flying-rocket-kitten/ | 2017-12-05 | |
| Iranian cyber espionage against HBO human rights activists academic researchers and media outlets | http://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf | 2017-12-05 | |
| Attacks against South Korean Bitcoin companies | http://blog.alyac.co.kr/1430 | 2017-12-05 | |
| Persistent drive-by cryptomining coming to a browser near you | https://blog.malwarebytes.com/cybercrime/2017/11/persistent-drive-by-cryptomining-coming-to-a-browser-near-you/ | 2017-11-30 | |
| APT3 Uncovered: The code evolution of Pirpi | https://recon.cx/2017/montreal/resources/slides/RECON-MTL-2017-evolution_of_pirpi.pdf | 2017-11-27 | |
| A dive into MuddyWater APT targeting Middle-East | https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/ | 2017-11-29 | |
| ROKRAT Reloaded | http://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.html | 2017-11-28 | |
| Continued Molerats Activity | https://docs.google.com/document/d/1oYX3uN6KxIX_StzTH0s0yFNNoHDnV8VgmVqU5WoeErc | 2017-11-14 | |
| A New Mirai Variant is Spreading Quickly on Port 23 and 2323 | http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quickly-on-port-23-and-2323-en/ | 2017-11-27 | |
| Continued HeartBeat APT activity | https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32/Bioazih | 2017-11-24 | |
| Iranian Threat Agent Greenbug Impersonates Israeli High-Tech and Cyber Security Companies | http://www.clearskysec.com/greenbug/ | 2017-10-24 | |
| The New and Improved macOS Backdoor from OceanLotus | https://researchcenter.paloaltonetworks.com/2017/06/unit42-new-improved-macos-backdoor-oceanlotus/ | 2017-06-22 | |
| Operation Blockbuster Goes Mobile | https://researchcenter.paloaltonetworks.com/2017/11/unit42-operation-blockbuster-goes-mobile/ | 2017-11-21 | |
| New Banking Trojan IcedID | http://securityintelligence.com/new-banking-trojan-icedid-discovered-by-ibm-x-force-research | 2017-11-13 | |
| New Malware with Ties to SunOrcal Discovered | https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-ties-to-sunorcal-discovered/ | 2017-11-12 | |
| ChessMasters New Strategy: Evolving Tools and Tactics | http://blog.trendmicro.com/trendlabs-security-intelligence/chessmasters-new-strategy-evolving-tools-tactics/ | 2017-11-11 | |
| Daserf Backdoor Now Using Steganography | http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-butler-daserf-backdoor-now-using-steganography/ | 2017-11-08 | |
| Sowbug: Cyber espionage group targets South American and Southeast Asian governments | https://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-south-american-and-southeast-asian-governments | 2017-11-07 | |
| Threat Group APT28 Slips Office Malware into Doc Citing NYC Terror Attack | https://securingtomorrow.mcafee.com/mcafee-labs/apt28-threat-group-adopts-dde-technique-nyc-attack-theme-in-latest-campaign/ | 2017-11-07 | |
| OceanLotus Blossoms: Mass Digital Surveillance | https://www.volexity.com/blog/2017/11/06/oceanlotus-blossoms-mass-digital-surveillance-and-exploitation-of-asean-nations-the-media-human-rights-and-civil-society/ | 2017-11-06 | |
| Fancy Bear Pens the Worst Blog Posts Ever | https://www.threatconnect.com/blog/fancy-bear-leverages-blogspot/ | 2017-11-02 | |
| Targeted Phishing Attacks Point Leader to Threat Actors Repository | https://researchcenter.paloaltonetworks.com/2017/10/unit42-tracking-subaat-targeted-phishing-attacks-point-leader-threat-actors-repository/ | 2017-10-27 | |
| Cyber Conflict Decoy Document Used In Real Cyber Conflict | http://blog.talosintelligence.com/2017/10/cyber-conflict-decoy-document.html | 2017-10-22 | |
| BadPatch | https://researchcenter.paloaltonetworks.com/2017/10/unit42-badpatch/ | 2017-10-20 | |
| An Update on Winnti | https://401trg.pw/an-update-on-winnti/ | 2017-10-17 | |
| Leviathan: Espionage actor spearphishes maritime and defense targets | https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets | 2017-10-17 | |
| Taiwan Heist - Lazarus Tools and Ransomware | http://baesystemsai.blogspot.co.uk/2017/10/taiwan-heist-lazarus-tools.html | 2017-10-17 | |
| BlackOasis APT and new targeted attacks leveraging zero-day exploit | https://securelist.com/blackoasis-apt-and-new-targeted-attacks-leveraging-zero-day-exploit/82732/ | 2017-10-16 | |
| OilRig Group Steps Up Attacks with New Delivery Documents and New Injector Trojan | https://researchcenter.paloaltonetworks.com/2017/10/unit42-oilrig-group-steps-attacks-new-delivery-documents-new-injector-trojan/ | 2017-10-09 | |
| Turla Macro Maldoc - Embassy of the republic of kazakhstan theme | https://twitter.com/JohnLaTwC/status/915590893155098629 | 2017-10-05 | |
| The Potential for Increased Financially-Motivated North Korean Cyber Operations in the Face of Increasing International Pressure | https://www.ci-project.org/blog/2017/10/1/h8ybw9lv70jigavhu46dexrlrhmow2 | 2017-10-03 | |
| Fake eFax delivers Trickbot banking trojan | https://myonlinesecurity.co.uk/fake-efax-delivers-trickbot-banking-trojan/ | 2017-08-16 | |
| Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors | https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html | 2017-09-20 | |
| CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY | https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute-finspy.html | 2017-09-13 | |
| ThreatConnect Reviews Potential Fancy Bear Activity Targeting the French Election Runoff | https://www.threatconnect.com/blog/activity-targeting-french-election/ | 2017-04-27 | |
| Dragonfly: Western energy sector targeted by sophisticated attack group | https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group | 2017-09-06 | |
| HoeflerText Popups Targeting Google Chrome Users Now Push RAT Malware | https://researchcenter.paloaltonetworks.com/2017/09/unit42-hoeflertext-popups-targeting-google-chrome-users-now-pushing-rat-malware/ | 2017-09-01 | |
| Locky ransomware adds anti sandbox feature | https://blog.malwarebytes.com/threat-analysis/2017/08/locky-ransomware-adds-anti-sandbox-feature/ | 2017-09-01 | |
| VENOM Linux rootkit | https://security.web.cern.ch/security/venom.shtml | 2017-01-17 | |
| Sofacys Komplex OS X Trojan | http://researchcenter.paloaltonetworks.com/2016/09/unit42-sofacys-komplex-os-x-trojan/ | 2016-09-26 | |
| The Digital Plagiarist Campaign: TelePorting the Carbanak Crew to a New Dimension | https://www.tr1adx.net/intel/TIB-00002.html | 2017-01-09 | |
| Carbanak Group Targets Financial Orgs in the Middle East | https://www.proofpoint.com/sites/default/files/proofpoint-threat-insight-carbanak-group-en.pdf | 2016-03-16 | |
| Carbanak gang is back and packing new guns | http://www.welivesecurity.com/2015/09/08/carbanak-gang-is-back-and-packing-new-guns/ | 2015-09-08 | |
| Signed POS malware - Carbanak | http://blog.trendmicro.com/trendlabs-security-intelligence/signed-pos-malware-used-in-pre-holiday-attacks-linked-to-targeted-attacks/ | 2015-02-21 | |
| Carbanak | http://securelist.com/files/2015/02/Carbanak_APT_eng.pdf | 2015-02-20 | |
| Attacks against Polish banks | https://niebezpiecznik.pl/post/jak-przeprowadzono-atak-na-knf-i-polskie-banki-oraz-kto-jeszcze-byl-na-celowniku-przestepcow/ | 2017-02-08 | |
| Analysis of Malware Used in Watering-Hole Attacks Against Polish Financial Institutions | https://blog.cyber4sight.com/2017/02/technical-analysis-watering-hole-attacks-against-financial-institutions/ | 2017-02-22 | |
| Korean MalDoc Drops Evil New Years Presents | http://blog.talosintelligence.com/2017/02/korean-maldoc.html | 2017-02-23 | |
| Introducing WhiteBear | https://securelist.com/introducing-whitebear/81638/ | 2017-08-30 | |
| Gazing at Gazer - Turlas new second stage backdoor | https://www.welivesecurity.com/wp-content/uploads/2017/08/eset-gazer.pdf | 2017-08-30 | |
| Recent ISMAgent Samples and Infrastructure by Iranian Threat Group GreenBug | http://www.clearskysec.com/ismagent/ | 2017-08-28 | |
| Operation RAT Cook: Chinese APT actors use fake Game of Thrones leaks as lures | https://www.proofpoint.com/us/threat-insight/post/operation-rat-cook-chinese-apt-actors-use-fake-game-thrones-leaks-lures | 2017-08-28 | |
| Satellite Turla: APT Command and Control in the Sky | https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-control-in-the-sky/ | 2015-09-09 | |
| APT28 DOMAINS (REPORT) | https://github.com/fireeye/iocs/tree/master/APT28 | 2015-04-24 | |
| Operation RussianDoll | 2015-04-20 | ||
| CozyDuke F-Secure report | 2015-04-23 | ||
| The CozyDuke APT | 2015-04-22 | ||
| Multiple Chinese APT Groups Quickly Use Flash Zero-Day | https://www.fireeye.com/blog/threat-research/2015/07/demonstrating_hustle.html | 2015-07-14 | |
| APT Group UPS Targets US Government with HT Flash Exploit | http://researchcenter.paloaltonetworks.com/2015/07/apt-group-ups-targets-us-government-with-hacking-team-flash-exploit/ | 2015-07-11 | |
| Attack on French Diplomat Linked to Operation Lotus Blossom | http://researchcenter.paloaltonetworks.com/2015/12/attack-on-french-diplomat-linked-to-operation-lotus-blossom/ | 2015-12-18 | |
| APT Group Wekby Leveraging Adobe Flash Exploit | http://www.volexity.com/blog/?p=158 | 2015-07-09 | |
| BlackEnergy Attacks | http://cert.gov.ua/?p=2464 | 2016-01-18 | |
| China-based Cyber Threat Group Targets Hong Kong Media Outlets | https://www.fireeye.com/blog/threat-research/2015/11/china-based-threat.html | 2015-12-01 | |
| Patchwork cyberespionage group expands targets from governments to wide range of industries | http://www.symantec.com/connect/blogs/patchwork-cyberespionage-group-expands-targets-governments-wide-range-industries | 2016-07-26 | |
| Operation DustySky | http://www.clearskysec.com/dustysky/ | 2016-01-07 | |
| Operation BlockBuster unveils the actors behind the Sony attacks | http://www.operationblockbuster.com/ | 2016-02-24 | |
| Intrusion into the Democratic National Committee | https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/ | 2016-06-14 | |
| Sandworm Team Leverage CVE-2014-4114 Zero-Day | http://www.isightpartners.com/2014/10/cve-2014-4114/ | 2015-06-05 | |
| OPERATION LOTUS BLOSSOM | https://www.paloaltonetworks.com/resources/research/unit42-operation-lotus-blossom.html | 2015-06-16 | |
| APT30 | https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf | 2015-04-27 | |
| New Attacks Linked to C0d0s0 Group | http://researchcenter.paloaltonetworks.com/2016/01/new-attacks-linked-to-c0d0s0-group/ | 2016-01-23 | |
| Hellsing APT | https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsing-apt-the-empire-strikes-back/ | 2015-04-20 | |
| Emissary Trojan/ Operation Lotus Blossom Update | http://researchcenter.paloaltonetworks.com/2016/02/emissary-trojan-changelog-did-operation-lotus-blossom-cause-it-to-evolve/ | 2016-02-03 | |
| Operation Cleaver | http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf | 2014-12-02 | |
| Threat Group-3390 Targets Organizations for Cyberespionage | http://www.secureworks.com/cyber-threat-intelligence/threats/threat-group-3390-targets-organizations-for-cyberespionage/ | 2015-08-05 | |
| An analysis of exploit supply chains and digital quartermasters | http://blog.shadowserver.org/2015/08/10/the-italian-connection-an-analysis-of-exploit-supply-chains-and-digital-quartermasters/ | 2015-08-10 | |
| Scarlet Mimic: Espionage Campaign Targets Minority Activists | http://researchcenter.paloaltonetworks.com/2016/01/scarlet-mimic-years-long-espionage-targets-minority-activists/ | 2016-01-25 | |
| Rocket Kitten: A campaign with 9 lives | http://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdf | 2015-11-09 | |
| Detecting Datper Malware from Proxy Logs | http://blog.jpcert.or.jp/2017/08/detecting-datper-malware-from-proxy-logs.html | 2017-08-21 | |
| Turla APT actor refreshes KopiLuwak JavaScript backdoor for use in G20-themed attack | https://www.proofpoint.com/us/threat-insight/post/turla-apt-actor-refreshes-kopiluwak-javascript-backdoor-use-g20-themed-attack | 2017-08-18 | |
| The Blockbuster Saga Continues | https://researchcenter.paloaltonetworks.com/2017/08/unit42-blockbuster-saga-continues/ | 2017-08-14 | |
| APT28 Targets Hospitality Sector Presents Threat to Travelers | https://www.fireeye.com/blog/threat-research/2017/08/apt28-targets-hospitality-sector.html | 2017-08-11 | |
| Cobalt Group using Petya themed spearphish topics | https://cys-centrum.com/ru/news/activity_of_cobalt_summer_2017 | 2017-08-09 | |
| Backdoor.Rifelku | https://www.symantec.com/security_response/earthlink_writeup.jsp?docid=2016-022411-5754-99 | 2017-08-08 | |
| Spoofed HMRC Company Excel Documents delivers Trickbot | https://myonlinesecurity.co.uk/another-spoofed-hmrc-company-excel-documents-delivers-trickbot/#U1 | 2017-08-08 | |
| Turla PNG Dropper | https://www.carbonblack.com/2017/08/07/threat-analysis-carbon-black-threat-research-dissects-png-dropper/ | 2017-08-07 | |
| OilRig uses ISMDoor variant; Possibly Linked to Greenbug Threat Group | https://researchcenter.paloaltonetworks.com/2017/07/unit42-oilrig-uses-ismdoor-variant-possibly-linked-greenbug-threat-group/ | 2017-07-27 | |
| Reviewing the Magnitude exploit kit redirection chain | https://blog.malwarebytes.com/cybercrime/2017/08/enemy-at-the-gates-reviewing-the-magnitude-exploit-kit-redirection-chain/ | 2017-08-03 | |
| The Retefe Saga | https://www.govcert.admin.ch/blog/33/the-retefe-saga | 2017-08-03 | |
| Ride the Lightning: Infy returns as Foudre | https://researchcenter.paloaltonetworks.com/2017/08/unit42-prince-persia-ride-lightning-infy-returns-foudre/ | 2017-08-01 | |
| Fin7 Carbanak using Bateleur JScript Backdoor | https://www.proofpoint.com/us/threat-insight/post/fin7carbanak-threat-actor-unleashes-bateleur-jscript-backdoor | 2017-08-01 | |
| New Arid Viper Activity | https://twitter.com/eyalsela/status/882497460102365185 | 2017-07-05 | |
| Karagany.B | https://www.symantec.com/security_response/writeup.jsp?docid=2017-073103-3836-99 | 2017-07-31 | |
| Emotet Delivery | https://myonlinesecurity.co.uk/emotet-geodo-delivered-via-fake-invoices-using-updated-word-docs-with-encoded-sections/ | 2017-07-31 | |
| New SamSam Ransomware samples | https://twitter.com/demonslay335/status/876940273212895234 | 2017-06-21 | |
| Platinum.A Malware | http://www.virusradar.com/en/Win32_Platinum.A/description | 2017-07-31 | |
| Iranian Espionage using Fake Personas | https://twitter.com/eyalsela/status/891258209469595650 | 2017-07-29 | |
| HackingTeam back for your Androids | http://rednaga.io/2016/11/14/hackingteam_back_for_your_androids/ | 2016-11-15 | |
| Shamoon is back | http://researchcenter.paloaltonetworks.com/2016/11/unit42-shamoon-2-return-disttrack-wiper/ | 2016-12-01 | |
| Turlas watering hole campaign: An updated Firefox extension abusing Instagram | https://www.welivesecurity.com/2017/06/06/turlas-watering-hole-campaign-updated-firefox-extension-abusing-instagram/ | 2017-06-06 | |
| New Carbanak / Anunak Attack Methodology | https://www.trustwave.com/Resources/SpiderLabs-Blog/New-Carbanak-/-Anunak-Attack-Methodology/?page=1&year=0&month=0 | 2016-11-15 | |
| Report on North Korean cyber attacks (Campaign Rifle) | http://www.fsec.or.kr/common/proc/fsec/bbs/21/fileDownLoad/1235.do | 2017-07-27 | |
| Operation Wilted Tulip | http://www.clearskysec.com/wp-content/uploads/2017/07/Operation_Wilted_Tulip.pdf | 2017-07-25 | |
| New KrBanker Samples | http://blog.nsfocus.net/blackmoon-bank-trojan-sample-technical-analysis-report/ | 2017-05-18 | |
| En Route with Sednit | http://www.welivesecurity.com/2016/10/20/new-eset-research-paper-puts-sednit-under-the-microscope/ | 2016-10-20 | |
| Dridex Malspam | http://www.malware-traffic-analysis.net/2017/03/30/index2.html | 2017-04-11 | |
| Geocities hosting APT PoisonIvy via PowerSploit | http://blog.0day.jp/p/english-report-of-fhappi-freehosting.html?m=1 | 2017-03-17 | |
| Recent PlugX Samples | https://www.hybrid-analysis.com/sample/788e91b3eaa67ec6f755c9c2afc682b830282b110cc17a9fadbe78cd147e751e?environmentId=100 | 2017-06-08 | |
| Flying Dragon Eye: Uyghur Themed Threat Activity | https://www.arbornetworks.com/blog/asert/wp-content/uploads/2016/11/TLP-WHITE-Flying-Dragon-Eye-Uyghur-Themed-Threat-Activity.pdf | 2016-11-01 | |
| Packrat: Seven Years of a South American Threat Actor | https://github.com/citizenlab/malware-signatures/blob/master/packrat/domains.csv | 2015-12-09 | |
| WannaCry Indicators | https://ghostbin.com/paste/xgvdv | 2017-05-12 | |
| The return of Locky with fake invoice emails | https://myonlinesecurity.co.uk/the-return-of-locky-with-fake-invoice-emails/ | 2017-06-21 | |
| Petya Returns as Goldeneye Strikes Germany | https://blog.cylance.com/petya-returns-as-goldeneye-strikes-germany | 2016-12-13 | |
| China Targeting South China Seas Nations | 2015-05-01 | ||
| Continued GreenBug/Shamoon attacks against Saudi Arabia | https://twitter.com/eyalsela/status/885893685325574144 | 2017-07-19 | |
| Magic Hound Campaign Attacks Saudi Targets | http://researchcenter.paloaltonetworks.com/2017/02/unit42-magic-hound-campaign-attacks-saudi-targets/ | 2017-02-16 | |
| Odinaff: New Trojan used in high level financial attacks | http://www.symantec.com/connect/blogs/odinaff-new-trojan-used-high-level-financial-attacks | 2016-10-11 | |
| Shell Crew Variant StreamEx | https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar | 2017-02-09 | |
| The Naikon APT | https://securelist.com/analysis/publications/69953/the-naikon-apt/ | 2015-05-14 | |
| Real News Fake Flash Mac OS X Users Targeted | https://www.volexity.com/blog/2017/07/24/real-news-fake-flash-mac-os-x-users-targeted/ | 2017-07-25 | |
| Ursnif Variant using Mouse Movement for Evasion | https://blogs.forcepoint.com/security-labs/ursnif-variant-found-using-mouse-movement-decryption-and-evasion | 2017-07-25 | |
| Tick Group Continues Attacks | https://researchcenter.paloaltonetworks.com/2017/07/unit42-tick-group-continues-attacks/ | 2017-07-25 | |
| The dawn of nation state digital espionage | https://securelist.com/files/2017/04/Penquins_Moonlit_Maze_AppendixB.pdf | 2017-04-10 | |
| New PoSeidon / FindPOS incidents | https://www.riskanalytics.com/blog/post.php?s=2017-07-07-coming-to-a-break-room-near-you-point-of-sale-malware | 2017-07-10 | |
| Greenbugs DNS-isms | https://www.arbornetworks.com/blog/asert/greenbugs-dns-isms/ | 2017-05-01 | |
| Putter Panda activity | http://blog.cylance.com/puttering-into-the-future | 2016-01-13 | |
| Tracking Elirks Variants in Japan: Similarities to Previous Attacks | http://researchcenter.paloaltonetworks.com/2016/06/unit42-tracking-elirks-variants-in-japan-similarities-to-previous-attacks/ | 2016-06-24 | |
| CARBANAK GROUP USES GOOGLE FOR MALWARE COMMAND-AND-CONTROL | https://blogs.forcepoint.com/security-labs/carbanak-group-uses-google-malware-command-and-control | 2017-01-19 | |
| How Cyber Propaganda Influenced Politics in 2016 | https://documents.trendmicro.com/assets/Appendix_how-cyber-propaganda-influenced-politics-in-2016.pdf | 2017-03-30 | |
| Recent Winnti Infrastructure and Samples | http://www.clearskysec.com/winnti/ | 2017-07-18 | |
| Carbon Paper: Peering into Turlas second stage backdoor | https://www.welivesecurity.com/2017/03/30/carbon-paper-peering-turlas-second-stage-backdoor/ | 2017-03-30 | |
| Terracotta VPN: Enabler of Advanced Threat Anonymity | https://blogs.rsa.com/wp-content/uploads/2015/08/Terracotta-VPN-Report-Final-8-3.pdf | 2015-08-04 | |
| XAgentOSX: Sofacys XAgent macOS Tool | http://researchcenter.paloaltonetworks.com/2017/02/unit42-xagentosx-sofacys-xagent-macos-tool/ | 2017-02-15 | |
| Digital Attack on German Parliament | https://netzpolitik.org/2015/digital-attack-on-german-parliament-investigative-report-on-the-hack-of-the-left-party-infrastructure-in-bundestag/ | 2015-06-26 | |
| Babar APT | http://feedproxy.google.com/~r/GDataSecurityBlog/~3/z08Ffq28vyg/babar-espionage-software-finally-found-and-put-under-the-microscope.html | 2015-02-20 | |
| From Shamoon to StoneDrill | https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/ | 2017-03-06 | |
| Unit 42 Technical Analysis: Seaduke | http://researchcenter.paloaltonetworks.com/2015/07/unit-42-technical-analysis-seaduke/ | 2015-07-14 | |
| Strider: Cyberespionage group turns eye of Sauron on targets | http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets | 2016-08-08 | |
| OilRig alert by IL-CERT | https://cert.gov.il/Updates/Alerts/SiteAssets/CERT-IL-ALERT-W-120.pdf | 2017-04-26 | |
| Duke APT group's latest tools: cloud services and Linux support | https://www.f-secure.com/weblog/archives/00002822.html | 2015-07-22 | |
| Chinese Threat Group Targeted High-profile Turkish Organizations | https://www.secureworks.com/blog/chinese-threat-group-targeted-turkish-organizations | 2017-06-27 | |
| Asruex: Malware Infecting through Shortcut Files | http://blog.jpcert.or.jp/2016/06/asruex-malware-infecting-through-shortcut-files.html | 2016-10-14 | |
| Dino - allegedly French espionage | http://www.welivesecurity.com/2015/06/30/dino-spying-malware-analyzed/ | 2015-06-30 | |
| Similarities Between Carbanak and FIN7 Malware Suggest Actors Are Closely Related | https://blog.cyber4sight.com/2017/04/similarities-between-carbanak-and-fin7-malware-suggest-actors-are-closely-related/ | 2017-04-28 | |
| APT29 Domain Fronting With TOR | https://www.fireeye.com/blog/threat-research/2017/03/ | 2017-03-27 | |
| Peering into GlassRAT | https://blogs.rsa.com/peering-into-glassrat/ | 2015-11-23 | |
| Operation Dust Storm | https://www.cylance.com/hubfs/2015_cylance_website/assets/operation-dust-storm/Op_Dust_Storm_Report.pdf?t=1456244940728 | 2016-02-23 | |
| APT32 and the Threat to Global Corporations | https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html | 2017-05-14 | |
| BAIJIU: New Malware Abuses Popular Japanese Web Hosting Service | https://www.cylance.com/en_us/blog/baijiu.html | 2017-05-12 | |
| Operation Molerats: Middle East Cyber Attacks Using Poison Ivy | https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-east-cyber-attacks-using-poison-ivy.html | 2015-05-01 | |
| BBSRAT Attacks Targeting Russian Organizations | http://researchcenter.paloaltonetworks.com/2015/12/bbsrat-attacks-targeting-russian-organizations-linked-to-roaming-tiger/ | 2015-12-23 | |
| FIN7 Evolution and the Phishing LNK | https://www.fireeye.com/blog/threat-research/2017/04/fin7-phishing-lnk.html | 2017-04-24 | |
| Dridex Campaigns Hitting Millions of Recipients Using Unpatched Microsoft Zero-Day | https://www.proofpoint.com/us/threat-insight/post/dridex-campaigns-millions-recipients-unpatched-microsoft-zero-day | 2017-04-11 | |
| Snake: Coming soon in Mac OS X flavour | https://blog.fox-it.com/2017/05/03/snake-coming-soon-in-mac-os-x-flavour/ | 2017-05-03 | |
| EPS Processing Zero-Days Exploited by Multiple Threat Actors | https://www.fireeye.com/blog/threat-research/2017/05/eps-processing-zero-days.html | 2017-05-09 | |
| El Machete Malware Attacks Cut Through LATAM | https://www.cylance.com/en_us/blog/el-machete-malware-attacks-cut-through-latam.html | 2017-03-22 | |
| The EyePyramid attacks | https://securelist.com/blog/incidents/77098/the-eyepyramid-attacks/ | 2017-01-12 | |
| Spear Phishing attacks hits industrial companies | https://ics-cert.kaspersky.com/2016/12/16/spear-phishing-attack-hits-industrial-companies/ | 2016-12-17 | |
| Red Leaves Implant - overview | https://github.com/nccgroup/Cyber-Defence/blob/master/Technical%20Notes/Red%20Leaves/Source/Red%20Leaves%20technical%20note%20v1.0.md | 2017-04-10 | |
| Iranian threat agent OilRig delivers digitally signed malware impersonate University of Oxford | http://www.clearskysec.com/oilrig/ | 2017-01-05 | |
| The Full Shamoon How the Devastating Malware Was Inserted Into Networks | https://securityintelligence.com/the-full-shamoon-how-the-devastating-malware-was-inserted-into-networks/ | 2017-03-13 | |
| Sandworm to Blacken: The SCADA Connection | http://blog.trendmicro.com/trendlabs-security-intelligence/sandworm-to-blacken-the-scada-connection/ | 2015-06-05 | |
| MONSOON APT campaign activity 7-6-2017 | https://community.rsa.com/community/products/netwitness/blog/2017/07/10/active-monsoon-apt-campaign-on-7-6-2017 | 2017-07-10 | |
| Delphi Used To Score Against Palestine | http://blog.talosintelligence.com/2017/06/palestine-delphi.html | 2017-06-19 | |
| Investigation Into Mexican Mass Disappearance Targeted with NSO Spyware | https://citizenlab.org/2017/07/mexico-disappearances-nso/ | 2017-07-10 | |
| Operation Desert Eagle | https://mymalwareparty.blogspot.co.uk/2017/07/operation-desert-eagle.html | 2017-07-07 | |
| BRONZE UNION Cyberespionage Persists Despite Disclosures | https://www.secureworks.com/research/bronze-union | 2017-07-07 | |
| New KONNI Campaign References North Korean Missile Capabilities | http://blog.talosintelligence.com/2017/07/konni-references-north-korean-missile-capabilities.html | 2017-07-07 | |
| Analysis of Petya delivery via MeDoc AutoUpdates | https://www.welivesecurity.com/2017/07/04/analysis-of-telebots-cunning-backdoor/ | 2017-07-04 | |
| TeleBots are back: Supply-chain attacks against Ukraine | https://www.welivesecurity.com/2017/06/30/telebots-back-supply-chain-attacks-against-ukraine/ | 2017-06-30 | |
| Forbes.com Waterhole Attack | http://www.invincea.com/2015/02/chinese-espionage-campaign-compromises-forbes/ | 2015-02-11 | |
| Paranoid PlugX | https://researchcenter.paloaltonetworks.com/2017/06/unit42-paranoid-plugx/ | 2017-06-27 | |
| Locky Downloaders - njdshf73 | https://www.hybrid-analysis.com/sample/a61ffe978bc37907f1173e4434512415021f295bd8d278c41ecfb22ec6c8ff11?environmentId=100 | 2017-06-27 | |
| Reckless Exploit: Mexican Journalists Lawyers and a Child Targeted with NSO Spyware | https://citizenlab.org/2017/06/reckless-exploit-mexico-nso/ | 2017-06-19 | |
| SHELLTEA + POSLURP MALWARE | https://www.root9b.com/sites/default/files/whitepapers/PoS%20Malware%20ShellTea%20PoSlurp.pdf | 2017-06-19 | |
| Book of Eli: African targeted attacks | http://www.welivesecurity.com/2016/09/22/libya-malware-analysis/ | 2016-09-25 | |
| New version of Hworm being used within multiple attacks | http://researchcenter.paloaltonetworks.com/2016/10/unit42-houdinis-magic-reappearance/ | 2016-10-25 | |
| BITTER: A TARGETED ATTACK AGAINST PAKISTAN | https://blogs.forcepoint.com/security-labs/bitter-targeted-attack-against-pakistan | 2016-10-24 | |
| SamSa Ransomware | http://researchcenter.paloaltonetworks.com/2016/12/unit42-samsa-ransomware-attacks-year-review/ | 2016-12-09 | |
| MM CORE IN-MEMORY BACKDOOR RETURNS AS "BIGBOSS" AND "SILLYGOOSE" | https://blogs.forcepoint.com/security-labs/mm-core-memory-backdoor-returns-bigboss-and-sillygoose | 2017-01-05 | |
| Second Wave of Shamoon 2 Attacks Identified | http://researchcenter.paloaltonetworks.com/2017/01/unit42-second-wave-shamoon-2-attacks-identified/ | 2017-01-11 | |
| NEW VARIANT OF PLOUTUS ATM MALWARE OBSERVED IN THE WILD IN LATIN AMERICA | https://www.fireeye.com/blog/threat-research/2017/01/new_ploutus_variant.html | 2017-01-12 | |
| Without Necurs Locky Struggles | http://blog.talosintel.com/2017/01/locky-struggles.html | 2017-01-21 | |
| A Whale of a Tale: HummingBad Returns | http://blog.checkpoint.com/2017/01/23/hummingbad-returns/ | 2017-01-24 | |
| Oops they did it again: APT Targets Russia and Belarus with ZeroT and PlugX | https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx | 2017-02-03 | |
| From RTF to Cobalt Strike passing via Flash | https://zairon.wordpress.com/2017/02/05/from-rtf-to-cobalt-strike-passing-via-flash/ | 2017-02-06 | |
| Operation Kingphish: Uncovering a Campaign of Cyber Attacks against Civil Society in Qatar and Nepal | https://medium.com/amnesty-insights/operation-kingphish-uncovering-a-campaign-of-cyber-attacks-against-civil-society-in-qatar-and-aa40c9e08852#.cly4mg1g8 | 2017-02-14 | |
| Deep Dive On The DragonOK Rambo Backdoor | http://www.morphick.com/resources/news/deep-dive-dragonok-rambo-backdoor | 2017-02-15 | |
| Breaking The Weakest Link Of The Strongest Chain | https://securelist.com/blog/incidents/77562/breaking-the-weakest-link-of-the-strongest-chain/ | 2017-02-16 | |
| menuPass Returns with New Malware and New Attacks | http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-malware-new-attacks-japanese-academics-organizations/ | 2017-02-21 | |
| Spear Phishing Techniques Used in Attacks Targeting the Mongolian Government | https://www.fireeye.com/blog/threat-research/2017/02/spear_phishing_techn.html | 2017-02-23 | |
| New targeted attack against Saudi Arabia Government | https://blog.malwarebytes.com/cybercrime/social-engineering-cybercrime/2017/03/new-targeted-attack-saudi-arabia-government/ | 2017-03-24 | |
| Trochilus and New MoonWind RATs Used In Attack Against Thai Organizations | http://researchcenter.paloaltonetworks.com/2017/03/unit42-trochilus-rat-new-moonwind-rat-used-attack-thai-utility-organizations/ | 2017-03-30 | |
| (APT-C-23) TO THE PAKISTANI AND THE UNITED STATES | http://zhuiri.360.cn/report/index.php/2017/03/09/twotailedscorpion/ | 2017-04-10 | |
| Cardinal RAT Active for Over Two Years | http://researchcenter.paloaltonetworks.com/2017/04/unit42-cardinal-rat-active-two-years/ | 2017-04-20 | |
| Modified Zyklon and plugins from India | http://blog.talosintelligence.com/2017/05/modified-zyklon-and-plugins-from-india.html | 2017-05-23 | |
| Threat Spotlight: The Return of Qakbot Malware | https://www.cylance.com/en_us/blog/threat-spotlight-the-return-of-qakbot-malware.html | 2017-05-24 | |
| Necurs Botnet Fuels Massive Spam Campaigns Spreading Jaff Ransomware | https://www.flashpoint-intel.com/wp-content/uploads/2017/06/Flashpoint-Jaff-Ransomware-IOCs-June17.pdf | 2017-06-08 | |
| Will Astrum Fill the Vacuum in the Exploit Kit Landscape? | http://blog.trendmicro.com/trendlabs-security-intelligence/astrum-exploit-kit-abuses-diffie-hellman-key-exchange/ | 2017-05-18 | |
| New Kasper samples | https://www.hybrid-analysis.com/sample/6a48b5211b622ffe49ae4e32ada72bb4d9db40576513cc549d406b148b446422?environmentId=100 | 2017-06-13 | |
| 2016 Phishing campaign targeting election officials | https://theintercept.com/2017/06/05/top-secret-nsa-report-details-russian-hacking-effort-days-before-2016-election/ | 2017-06-07 | |
| Winnti Abuses GitHub for CC Communications | http://blog.trendmicro.com/trendlabs-security-intelligence/winnti-abuses-github/ | 2017-03-22 | |
| Trojan.Rochim | https://www.symantec.com/security_response/writeup.jsp?docid=2017-060603-1139-99 | 2017-06-08 | |
| Threat actors leverage EternalBlue exploit to deliver non-WannaCry payloads | https://www.fireeye.com/blog/threat-research/2017/05/threat-actors-leverage-eternalblue-exploit-to-deliver-non-wannacry-payloads.html | 2017-06-02 | |
| The Gamaredon Group Toolset Evolution | http://researchcenter.paloaltonetworks.com/2017/02/unit-42-title-gamaredon-group-toolset-evolution/?adbsc=social70398906&adbid=836356242436055042&adbpl=tw&adbpr=4487645412 | 2017-02-28 | |
| New StreamEx Malware Samples | https://attack.mitre.org/wiki/Software/S0142 | 2017-05-18 | |
| WanaCrypt0r Ransomworm | https://baesystemsai.blogspot.co.uk/2017/05/wanacrypt0r-ransomworm.html | 2017-05-17 | |
| The Blockbuster Sequel | http://researchcenter.paloaltonetworks.com/2017/04/unit42-the-blockbuster-sequel/ | 2017-05-16 | |
| Kazuar: Multiplatform Espionage Backdoor with API Access | http://researchcenter.paloaltonetworks.com/2017/05/unit42-kazuar-multiplatform-espionage-backdoor-api-access/ | 2017-05-03 | |
| KONNI: A Malware Under The Radar For Years | http://blog.talosintelligence.com/2017/05/konni-malware-under-radar-for-years.html | 2017-05-03 | |
| Carbanak attacks against Chipotle Baja Fresh and Ruby Tuesday | https://www.cyberscoop.com/chipotle-hack-fin7-carbanak-baja-fresh-ruby-tuesday/ | 2017-05-03 | |
| Iranian Fileless Attack Infiltrates Israeli Organizations | http://blog.morphisec.com/iranian-fileless-cyberattack-on-israel-word-vulnerability | 2017-04-30 | |
| APT Targets Financial Analysts with CVE-2017-0199 | https://www.proofpoint.com/us/threat-insight/post/apt-targets-financial-analysts | 2017-04-28 | |
| OilRig Actors Provide a Glimpse into Development and Testing Efforts | http://researchcenter.paloaltonetworks.com/2017/04/unit42-oilrig-actors-provide-glimpse-development-testing-efforts/ | 2017-04-27 | |
| Two Years of Pawn Storm | https://documents.trendmicro.com/assets/wp/wp-two-years-of-pawn-storm.pdf | 2017-04-25 | |
| Potential Sofacy campaign against Presidential Candidate Macron | https://www.threatcrowd.org/ip.php?ip=185.156.173.105 | 2017-04-24 | |
| Of Pigs and Malware: Examining a Possible Member of the Winnti Group | http://blog.trendmicro.com/trendlabs-security-intelligence/pigs-malware-examining-possible-member-winnti-group/ | 2017-04-19 | |
| Callisto Group | https://www.f-secure.com/documents/996508/1030745/callisto-group | 2017-04-13 | |
| Unraveling the Lamberts Toolkit | https://securelist.com/blog/research/77990/unraveling-the-lamberts-toolkit/ | 2017-04-11 | |
| The Blockbuster Sequel | http://researchcenter.paloaltonetworks.com/2017/04/unit42-the-blockbuster-sequel/ | 2017-04-10 | |
| OilRig Campaign Analysis | https://logrhythm.com/pdfs/threat-research/logrhythm-labs-oilrig-campaign-analysis.pdf | 2017-03-31 | |
| Jerusalem Post and other Israeli websites compromise by Iranian threat actor CopyKitten | http://www.clearskysec.com/copykitten-jpost/ | 2017-03-30 | |
| Shamoon 2 Delivering Disttrack | http://researchcenter.paloaltonetworks.com/2017/03/unit42-shamoon-2-delivering-disttrack/ | 2017-03-27 | |
| Ploutus-D Malware turns ATMs into IoT Devices | https://www.zingbox.com/blog/ploutus-d-malware-turns-atms-into-iot-devices/ | 2017-03-23 | |
| APT10 Indicators | https://www.lac.co.jp/lacwatch/people/20170223_001224.html | 2017-03-21 | |
| Modrunner Backdoor | https://www.symantec.com/security_response/writeup.jsp?docid=2017-031519-0428-99&tabid=2 | 2017-03-17 | |
| Operation BugDrop | https://cyberx-labs.com/en/blog/operation-bugdrop-cyberx-discovers-large-scale-cyber-reconnaissance-operation/ | 2017-02-21 | |
| A Guide to the RTM Banking Trojan | http://www.welivesecurity.com/wp-content/uploads/2017/02/Read-The-Manual.pdf | 2017-03-13 | |
| Operation Armageddon | 2015-04-29 | ||
| Indian organizations targeted in Suckfly attacks | http://www.symantec.com/connect/blogs/indian-organizations-targeted-suckfly-attacks | 2016-05-17 | |
| Years-long espionage campaign against Tibetans | https://citizenlab.org/2016/03/shifting-tactics/ | 2016-03-10 | |
| Chinese Actors attacks on US Government and EU Media | http://researchcenter.paloaltonetworks.com/2015/09/chinese-actors-use-3102-malware-in-attacks-on-us-government-and-eu-media/ | 2015-09-23 | |
| Attackers target dozens of global banks with new malware | http://www.symantec.com/connect/blogs/attackers-target-dozens-global-banks-new-malware-0 | 2017-02-13 | |
| TeamXRat: Brazilian cybercrime meets ransomware | https://securelist.com/blog/research/76153/teamxrat-brazilian-cybercrime-meets-ransomware/ | 2016-09-29 | |
| TDrop2 Attacks Suggest Dark Seoul Attackers Return | http://researchcenter.paloaltonetworks.com/2015/11/tdrop2-attacks-suggest-dark-seoul-attackers-return/ | 2015-11-19 | |
| EVASIVE MANEUVERS BY THE WEKBY GROUP | https://www.threatstream.com/blog/evasive-maneuvers-the-wekby-group-attempts-to-evade-analysis-via-custom-rop-packing-and-dns-covert | 2015-07-09 | |
| 9002 RAT -- a second building on the left | http://community.hpe.com/t5/Security-Research/9002-RAT-a-second-building-on-the-left/ba-p/6894315 | 2016-08-31 | |
| Conference Invite used as a Lure by Operation Lotus Blossom Actors | http://researchcenter.paloaltonetworks.com/2016/10/unit42-psa-conference-invite-used-lure-operation-lotus-blossom-actors/ | 2016-10-28 | |
| Winnti is now targeting pharmaceutical companies | https://securelist.com/blog/research/70991/games-are-over/ | 2015-06-22 | |
| Buckeye cyberespionage group shifts gaze from US to Hong Kong | http://www.symantec.com/connect/blogs/buckeye-cyberespionage-group-shifts-gaze-us-hong-kong | 2016-09-14 | |
| CNACOM - Open Source Exploitation via Strategic Web Compromise | https://www.zscaler.com/blogs/research/cnacom-open-source-exploitation-strategic-web-compromise | 2016-12-08 | |
| THE DUKES: 7 years of Russian cyberespionage | https://www.f-secure.com/documents/996508/1030745/dukes_whitepaper.pdf | 2015-09-17 | |
| The Sofacy plot thickens | 2015-04-21 | ||
| Latest Flash Exploit Used in Pawn Storm | http://blog.trendmicro.com/trendlabs-security-intelligence/latest-flash-exploit-used-in-pawn-storm-circumvents-mitigation-techniques/ | 2015-10-19 | |
| STRONTIUM: A profile of a persistent and motivated adversary | http://download.microsoft.com/download/4/4/C/44CDEF0E-7924-4787-A56A-16261691ACE3/Microsoft_Security_Intelligence_Report_Volume_19_English.pdf | 2015-11-19 | |
| Sofacy APT hits high profile targets | https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/ | 2015-12-04 | |
| Sednit Downloader DOWNDELPH | https://github.com/eset/malware-ioc/blob/master/sednit/part3.adoc | 2016-10-27 | |
| Fancy Bear Tracking of Ukrainian Field Artillery Units | https://www.crowdstrike.com/blog/danger-close-fancy-bear-tracking-ukrainian-field-artillery-units/ | 2016-12-22 | |
| Finding Hackingteam code in Russian malware | https://objective-see.com/blog/blog_0x18.html | 2017-02-22 | |
| Satellite Turla infrastructure | https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-control-in-the-sky/ | 2016-08-17 | |
| The curious case of a reconnaissance campaign targeting ministry and embassy sites | https://blogs.forcepoint.com/security-labs/curious-case-reconnaissance-campaign-targeting-ministry-and-embassy-sites | 2017-02-08 | |
| Dridexs Cold War: Enter AtomBombing | https://securityintelligence.com/dridexs-cold-war-enter-atombombing/ | 2017-03-01 | |
| The Deception Project: A New Japanese-Centric Threat | https://www.cylance.com/en_us/blog/the-deception-project-a-new-japanese-centric-threat.html | 2017-02-27 | |
| IKITTENS: IRANIAN ACTOR RESURFACES WITH MALWARE FOR MAC (MACDOWNLOADER) | https://iranthreats.github.io/resources/macdownloader-macos-malware/ | 2017-02-06 | |
| Downeks and Quasar RAT Used in Recent Targeted Attacks Against Governments | http://researchcenter.paloaltonetworks.com/2017/01/unit42-downeks-and-quasar-rat-used-in-recent-targeted-attacks-against-governments/ | 2017-01-31 | |
| Spearphishing campaign targeting Japan - ChChes/APT10 | http://csirt.ninja/?p=1103 | 2017-01-26 | |
| Greenbug cyberespionage group targeting Middle East possible links to Shamoon | https://www.symantec.com/connect/blogs/greenbug-cyberespionage-group-targeting-middle-east-possible-links-shamoon | 2017-01-23 | |
| DragonOK Updates Toolset and Targets Multiple Geographic Regions | http://researchcenter.paloaltonetworks.com/2017/01/unit42-dragonok-updates-toolset-targets-multiple-geographic-regions/ | 2017-01-05 | |
| TeleBots: Analyzing disruptive KillDisk attacks | http://www.welivesecurity.com/2016/12/13/rise-telebots-analyzing-disruptive-killdisk-attacks/ | 2016-12-20 | |
| StrongPity Waterhole Attacks Targeting Italian and Belgian Encryption Users | https://www.microsoft.com/en-us/security/portal/threat/encyclopedia/Entry.aspx?Name=Backdoor:Win32/Maptrepol.A | 2016-10-10 | |
| Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy | http://researchcenter.paloaltonetworks.com/2016/11/unit42-tropic-trooper-targets-taiwanese-government-and-fossil-fuel-provider-with-poison-ivy/ | 2016-11-23 | |
| Pawn Storm Ramps Up Spear-phishing Before Zero-Days Get Patched | http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-ramps-up-spear-phishing-before-zero-days-get-patched/ | 2016-11-09 | |
| DealersChoice is Sofacy Flash Player Exploit Platform | http://researchcenter.paloaltonetworks.com/2016/10/unit42-dealerschoice-sofacys-flash-player-exploit-platform/ | 2016-10-18 | |
| Cyberattack targeted Japan nuclear lab | https://www.u-toyama.ac.jp/news/2016/doc/1011.pdf | 2016-10-14 | |
| TARGETED ATTACKS AGAINST BANKS IN THE MIDDLE EAST | https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html | 2016-05-23 | |
| OilRig Malware Campaign Updates Toolset and Expands Targets | http://researchcenter.paloaltonetworks.com/2016/10/unit42-oilrig-malware-campaign-updates-toolset-and-expands-targets/ | 2016-10-05 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment