- Notifications
You must be signed in to change notification settings - Fork543
Interesting APT Report Collection And Some Special IOCs
blackorbird/APT_REPORT
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
APT_REPORT collected by @blackorbirdhttps://x.com/blackorbird
Interesting apt report & sample & malware & technology & intellegence collection
Threat Actor Groups Tracked by Palo Alto Networks Unit 42
https://unit42.paloaltonetworks.com/threat-actor-groups-tracked-by-palo-alto-networks-unit-42/
▶ScarCruft continues to evolve, introduces Bluetooth harvesterhttps://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/(May 13, 2019)
▶Group123 Attempts to attack 'printing paper' APT disguised as a guide to organization and conferenceshttps://blog.alyac.co.kr/2287(May 2 , 2019)
▶Group123, APT attack impersonating Unification Ministry, spread malicious code to Google Drivehttps://blog.alyac.co.kr/2268(April 22 , 2019)
▶ group123 APT organization, 'Operation High Expert'https://blog.alyac.co.kr/2226(April 2 , 2019)
▶ Rocketman APT Campaign Returned to Operation Holiday Wiperhttps://blog.alyac.co.kr/2089(Jan 23, 2019)
▶ 'Operation Blackbird', the mobile invasion of the 'https://blog.alyac.co.kr/2035(Dec 13, 2018)
▶ group123 'Operation Korean Sword' is underwayhttps://blog.alyac.co.kr/1985(Nov. 16, 2018)
▶ group123 Group's latest APT campaign - 'Operation Rocket Man'https://blog.alyac.co.kr/1853(Aug. 22, 2018)
▶ group123, Flash Player Zero-Day (CVE-2018-4878) Attack Attentionhttps://blog.alyac.co.kr/1521(Feb 02, 2018)
▶ 'group123' group 'survey on the total number of discovery of separated families in North and South'https://blog.alyac.co.kr/1767(July 28, 2014)
▶ Rocketman APT campaign, 'Operation Golden Bird'https://blog.alyac.co.kr/2205(March 20, 2013)
▶ Korea In The Crosshairshttps://blog.talosintelligence.com/2018/01/korea-in-crosshairs.html(Jan 16, 2018)
▶FreeMilk: A Highly Targeted Spear Phishing Campaignhttps://unit42.paloaltonetworks.com/unit42-freemilk-highly-targeted-spear-phishing-campaign/(Oct 5, 2017)
▶BabyShark Malware Part Two – Attacks Continue Using KimJongRAT and PCRat (April 26, 2019)https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/
▶Operation Giant Baby, a giant threat (March 28, 2019)https://blog.alyac.co.kr/2223
▶ Malicious code installed with coin purse program(Alibaba) (March 15, 2019)https://asec.ahnlab.com/1209
▶ New BabyShark Malware Targets U.S. National Security Think Tanks (Feb. 22, 2019)https://unit42.paloaltonetworks.com/new-babyshark-malware-targets-u-s-national-security-think-tanks/
▶ Korea's latest APT attack, Operation Mystery Baby Attention! (Feb 11, 2018)https://blog.alyac.co.kr/1963
▶ Returned to Korea as Operation Baby Coin, APT attacker, overseas target in 2010 (Apr. 19, 2014)https://blog.alyac.co.kr/1640
▶Kimsuky, Blue House Green Support / Sangchunjae Estimatehttps://blog.alyac.co.kr/2645
▶Kimsuky, cyber security bureau Cryptographic Cases (May 28 , 2019)https://blog.alyac.co.kr/2338
▶Kimsuky, Korea Cryptographic Exchange Event Impersonation APT Attack (May 28 , 2019)https://blog.alyac.co.kr/2336
▶Kimsuky 'Fake striker' APT campaign aimed at Korea (May 20 , 2019)https://blog.alyac.co.kr/2315
▶ Analysis of "Smoke Screen" in APT campaign aimed at Korea and America (April 17 , 2019)https://blog.alyac.co.kr/2243
▶ Encrypted APT attack, Kimsuky organization's 'smoke screen' PART 2 (May 13 , 2019)https://blog.alyac.co.kr/2299
▶ Kimsuky Organization, Operation Stealth Power Silence Operation (April 3 , 2019)https://blog.alyac.co.kr/2234
▶ Kimsuky Organization, Watering Hole Started "Operation Low Kick"(March 21, 2019)https://blog.alyac.co.kr/2209
▶ SiliVaccine: Inside North Korea’s Anti-Virus (May 1, 2018)https://research.checkpoint.com/silivaccine-a-look-inside-north-koreas-anti-virus/
▶Lazarus Group Goes 'Fileless',an implant w/ remote download & in-memory executionhttps://objective-see.com/blog/blog_0x51.html
▶LAZARUS APT TARGETS MAC USERS WITH POISONED WORD DOCUMENThttps://www.sentinelone.com/blog/lazarus-apt-targets-mac-users-poisoned-word-document/
▶Konni's APT Group conducts attacks with Russian-North Korean trade and economic investment documentshttps://blog.alyac.co.kr/2535
▶APT Campaign 'Konni' & 'Kimsuky' find commonality in organizations (June 10, 2019)https://blog.alyac.co.kr/2347
▶Korean Kusa Konni Organization, Blue Sky Utilizing 'Amadey' Russia Botnet (May 16, 2019)https://blog.alyac.co.kr/2308
▶The Konni APT Campaign and 'Operation Hunter Adonis' (Jan 1 ,2019)https://blog.alyac.co.kr/2061
▶Threat Spotlight: Ratsnif - New Network Vermin from OceanLotus (July 1, 2019)https://threatvector.cylance.com/en_us/home/threat-spotlight-ratsnif-new-network-vermin-from-oceanlotus.html
▶Analysis report on the attack on mobile devices by Oceanlotus (May 24, 2019)
https://mp.weixin.qq.com/s/L-tCvLPOOMhP0ndgdqhkNQ
▶ Oceanlotus in the first quarter of 2019 for the attack technology of China.(April 24, 2019)https://mp.weixin.qq.com/s/xPsEXp2J5IE7wNSMEVC24A
▶ Deobfuscating APT32 Flow Graphs with Cutter and Radare2 (April 24, 2019)https://research.checkpoint.com/deobfuscating-apt32-flow-graphs-with-cutter-and-radare2/
▶ OceanLotus Steganography Malware Analysis White Paper (April 2 , 2019)https://threatvector.cylance.com/en_us/home/report-oceanlotus-apt-group-leveraging-steganography.html
▶OceanLotus: macOS malware update(April 9 , 2019)
https://www.welivesecurity.com/2019/04/09/oceanlotus-macos-malware-update/
▶ CB TAU Threat Intelligence Notification: Hunting APT28 Downloaders (April 5 , 2019)https://www.carbonblack.com/2019/04/05/cb-threat-intelligence-notification-hunting-apt28-downloaders/
▶ A dive into Turla PowerShell usage (May 29 , 2019)https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/
▶ tick group new campaign, attack north korean and japanhttps://www.ahnlab.com/kr/site/securityinfo/secunews/secuNewsView.do?curPage=1&menu_dist=2&seq=28186(April 1 , 2019)
▶ bayer-says-has-detected-contained-cyber-attack (April 5 , 2019)
https://www.tagesschau.de/inland/hackerangriff-bayer-101.html
▶ Recent MuddyWater-associated BlackWater campaign shows signs of new anti-detection techniques(May 20,2019)
https://blog.talosintelligence.com/2019/05/recent-muddywater-associated-blackwater.html
▶ APT-C-38 attack activity revealed (May 27,2019)http://blogs.360.cn/post/analysis-of-APT-C-38.html
▶ CARBANAK Week Part One: A Rare Occurrence (April 22, 2019)https://www.fireeye.com/blog/threat-research/2019/04/carbanak-week-part-one-a-rare-occurrence.html
▶ Evolving Tactics: London Blue Starts Spoofing Target Domains (April 4 , 2019)PDF is in the folderhttps://www.agari.com/email-security-blog/london-blue-evolving-tactics/
▶ Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware(April 5 , 2019)https://www.fireeye.com/blog/threat-research/2019/04/pick-six-intercepting-a-fin6-intrusion.html
▶ On the Hunt for FIN7: Pursuing an Enigmatic and Evasive Global Criminal Operation (August 01, 2018)https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html
About
Interesting APT Report Collection And Some Special IOCs
Topics
Resources
Uh oh!
There was an error while loading.Please reload this page.
Stars
Watchers
Forks
Releases
Packages0
Uh oh!
There was an error while loading.Please reload this page.
Contributors2
Uh oh!
There was an error while loading.Please reload this page.