Skip to content

Instantly share code, notes, and snippets.

@chrisdoman

chrisdoman/Reports.csv

Last active April 18, 2024 10:48
Show Gist options
  • Star 4 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save chrisdoman/8894bf81432dee432a4f3fec92697e94 to your computer and use it in GitHub Desktop.
Save chrisdoman/8894bf81432dee432a4f3fec92697e94 to your computer and use it in GitHub Desktop.
Download ZIP
Example APT Reports Pulled from OTX
Raw
Reports.csv
title reference created
Continued PassCV Malware https://drive.google.com/file/d/1pzZT7Stig6i8hTqjxUUgxDSmGEJ7W9ak/view 2018-08-06
Blackgear Cyberespionage Campaign Resurfaces Abuses Social Media for C and C Communication https://blog.trendmicro.com/trendlabs-security-intelligence/blackgear-cyberespionage-campaign-resurfaces-abuses-social-media-for-cc-communication/ 2018-07-18
Golden Rat long-term espionage campaign in Syria is still ongoing http://csecybsec.com/download/zlab/20180723_CSE_APT27_Syria_v1.pdf 2018-07-23
Chinese Espionage Group TEMP.Periscope Targets Cambodia Ahead of July 2018 Elections and Reveals Broad Operations Globally https://www.fireeye.com/blog/threat-research/2018/07/chinese-espionage-group-targets-cambodia-ahead-of-elections.html 2018-07-11
Certificates stolen from Taiwanese tech-companies misused in Plead malware campaign https://www.welivesecurity.com/2018/07/09/certificates-stolen-taiwanese-tech-companies-plead-malware-campaign/ 2018-07-09
NavRAT Uses US-North Korea Summit As Decoy For Attacks In South Korea https://blog.talosintelligence.com/2018/05/navrat.html?m=1 2018-06-01
Continued Manuscrypt Attacks http://sfkino.tistory.com/62 2018-08-06
Turla Actors using Copied Cars.com Content https://twitter.com/9bplus/status/1024714362244739073?s=21 2018-08-06
New Threat Actor Group DarkHydrus Targets Middle East Government https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/ 2018-07-28
A Persistent Campaign Targeting CIS Countries with SOCKSBOT https://www.accenture.com/t00010101T000000Z__w__/gb-en/_acnmedia/PDF-83/Accenture-Goldfin-Security-Alert.pdf 2018-08-03
The Gorgon Group: Slithering Between Nation State and Cybercrime https://researchcenter.paloaltonetworks.com/2018/08/unit42-gorgon-group-slithering-nation-state-cybercrime/ 2018-08-02
On the Hunt for FIN7 https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html 2018-08-01
DOKKAEBI: Documents of Korean and Evil Binary http://www.fsec.or.kr/user/bbs/fsec/21/13/bbsDataView/1063.do 2018-08-01
Multiple Cobalt Campaigns https://blog.talosintelligence.com/2018/07/multiple-cobalt-personality-disorder.html 2018-07-31
Micropsia Malware https://blog.radware.com/security/2018/07/micropsia-malware/ 2018-07-27
Advanced Mobile Malware Campaign in India uses Malicious MDM - Part 2 https://blog.talosintelligence.com/2018/07/Mobile-Malware-Campaign-uses-Malicious-MDM-Part2.html 2018-07-25
Analysis of the latest attack activities of APT-C-35 organization https://ti.360.net/blog/articles/latest-activity-of-apt-c-35/ 2018-07-26
High alert against malicious code attacks in Vietnam http://vietnaminsider.vn/high-alert-against-malicious-code-attacks-in-vietnam/ 2018-07-25
Leafminer: New Espionage Campaigns Targeting Middle Eastern Regions https://www.symantec.com/blogs/threat-intelligence/leafminer-espionage-middle-east 2018-07-25
OilRig Targets Technology Service Provider and Government Agency with QUADAGENT https://researchcenter.paloaltonetworks.com/2018/07/unit42-oilrig-targets-technology-service-provider-government-agency-quadagent/ 2018-07-25
Trickbot Spreading via SMB https://researchcenter.paloaltonetworks.com/2018/07/unit42-malware-team-malspam-pushing-emotet-trickbot/ 2018-07-18
New Andariel Reconnaissance Tactics Hint At Next Targets https://blog.trendmicro.com/trendlabs-security-intelligence/new-andariel-reconnaissance-tactics-hint-at-next-targets/ 2018-07-17
Sidewinder APT https://s.tencent.com/research/report/479.html 2018-07-16
Fancy Bear domains https://www.threatconnect.com/whats-in-a-name-server/ 2016-07-07
APT Attack In the Middle East: The Big Bang https://research.checkpoint.com/apt-attack-middle-east-big-bang/ 2018-07-09
Hamas Android Malware Targeting Israeli Soldiers https://www.clearskysec.com/glancelove/ 2018-07-03
Operation Red Gambler http://image.ahnlab.com/file_upload/asecissue_files/ASEC%20REPORT_vol.91.pdf 2018-07-03
KingKong.dll - Recent PoisonIvy and PlugX variants targeting South East Asia http://stnmt.bacninh.gov.vn/documents/57412/11672469/420-STTTT.pdf 2017-08-07
Tick Group Weaponized Secure USB Drives to Target Air-Gapped Critical Systems https://researchcenter.paloaltonetworks.com/2018/06/unit42-tick-group-weaponized-secure-usb-drives-target-air-gapped-critical-systems/ 2018-06-22
Charming Kitten Watering Holes https://twitter.com/ClearskySec/status/1006445262003494913 2018-06-21
LuckyMouse hits national data center to organize country-level waterholing campaign https://securelist.com/luckymouse-hits-national-data-center/86083/ 2018-06-15
Another Potential MuddyWater Campaign uses Powershell-based PRB-Backdoor https://blog.trendmicro.com/trendlabs-security-intelligence/another-potential-muddywater-campaign-uses-powershell-based-prb-backdoor/ 2018-06-15
MirageFox: APT15 Resurfaces With New Tools Based On Old Ones https://www.intezer.com/miragefox-apt15-resurfaces-with-new-tools-based-on-old-ones/ 2018-06-14
DMI Connect.doc - QUADAGENT https://twitter.com/ClearskySec/status/1004749887966244865 2018-06-07
Patchwork APT Group Targets US Think Tanks https://www.volexity.com/blog/2018/06/07/patchwork-apt-group-targets-us-think-tanks/ 2018-06-07
Lojack Becomes a Double-Agent https://asert.arbornetworks.com/lojack-becomes-a-double-agent/amp/ 2018-05-01
North Korea Bitten By Bitcoin Bug https://www.proofpoint.com/sites/default/files/pfpt-us-wp-north-korea-bitten-by-bitcoin-bug.pdf 2017-12-20
Footprints of Fin7 https://www.icebrg.io/blog/footprints-of-fin7-iocs 2017-08-10
Analysis of APT attack on Operation Onezero http://blog.alyac.co.kr/1710 2018-05-29
Joanap Backdoor Trojan and Brambul Server Message Block Worm https://www.us-cert.gov/ncas/alerts/TA18-149A 2018-05-29
Turla Mosquito: A shift towards more generic tools https://www.welivesecurity.com/2018/05/22/turla-mosquito-shift-towards-generic-tools/ 2018-05-22
Clearing the MuddyWater - Analysis of new MuddyWater Samples https://sec0wn.blogspot.ae/2018/05/clearing-muddywater-analysis-of-new.html 2018-05-08
Digitial Threats Against Human Rights Defenders in Pakistan https://www.amnesty.org/download/Documents/ASA3383662018ENGLISH.PDF 2018-05-15
APT10 Using Cobalt Strike https://www.lac.co.jp/lacwatch/people/20180521_001638.html 2018-05-21
An Intelligence Report on the Winnti Umbrella and Associated State-Sponsored Attackers https://401trg.pw/burning-umbrella/ 2018-05-04
Finfisher Changes Tactics to Hook Critics https://www.accessnow.org/cms/assets/uploads/2018/05/FinFisher-changes-tactics-to-hook-critics-AN.pdf 2018-05-15
Continued DarkHotel Activity https://ti.360.net/blog/articles/analysis-of-darkhotel/ 2018-05-08
Innaput Actors Utilize Remote Access Trojan Since 2016 Presumably Targeting Victim Files https://www.arbornetworks.com/blog/asert/innaput-actors-utilize-remote-access-trojan-since-2016-presumably-targeting-victim-files/ 2018-04-05
HenBox: Inside the Coop https://researchcenter.paloaltonetworks.com/2018/04/unit42-henbox-inside-coop/ 2018-04-27
Operation Starcruiser - a state-based APT group http://blog.alyac.co.kr/1653 2018-04-25
Attack Seeks to Steal Data Worldwide https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide 2018-04-25
New Targeted Attack in the Middle East by APT34 a Suspected Iranian Threat Group Using CVE-2017-11882 Exploit https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html 2017-12-07
Sednit update: Analysis of Zebrocy https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy/ 2018-04-24
Energetic Bear/Crouching Yeti: attacks on servers https://securelist.com/energetic-bear-crouching-yeti/85345/ 2018-04-23
Operation Baby Coin http://viruslab.tistory.com/4144 2018-04-19
Decoding network data from a Gh0st RAT variant https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/april/decoding-network-data-from-a-gh0st-rat-variant/ 2018-04-17
FIN7 Group Uses JavaScript and Stealer DLL Variant in New Attacks http://blog.talosintelligence.com/2017/09/fin7-stealer.html 2017-09-27
Continued White Elephant Spearphishes http://stock.jrj.com.cn/2018/03/31000024362600.shtml 2018-04-11
Reaper Group Updated Mobile Arsenal https://researchcenter.paloaltonetworks.com/2018/04/unit42-reaper-groups-updated-mobile-arsenal/ 2018-04-06
Hostile state actors compromising UK organisations with focus on engineering and industrial control companies https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control 2018-04-05
Jaff Ransomware and Suspicious PDF Delivery https://blogs.forcepoint.com/security-labs/jaff-enters-ransomware-scene-locky-style 2017-05-12
Privileges and Credentials: Phished at the Request of Counsel https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html 2017-06-06
Operation Iron Tiger http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-operation-iron-tiger.pdf 2015-09-16
Turla group using Neuron and Nautilus tools alongside Snake malware https://www.ncsc.gov.uk/content/files/protected_files/article_files/Turla%20group%20using%20Neuron%20and%20Nautilus%20tools%20alongside%20Snake%20malware_0.pdf 2017-11-23
Spying on North Korean Defectors https://github.com/comaeio/OPCDE/blob/master/2018/DPRK's%20eyes%20on%20mobile%20Spying%20on%20North%20Korean%20Defectors%20-%20Inhee%20Han%20%26%20Jaewon%20Min/DPRK_EYES_ON_MOBILE(OPCDE2018)-FINAL.PDF 2018-04-10
New MacOS Backdoor Linked to OceanLotus Found https://blog.trendmicro.com/trendlabs-security-intelligence/new-macos-backdoor-linked-to-oceanlotus-found/ 2018-04-04
Lazarus Group Targets More Cryptocurrency Exchanges and FinTech Companies http://www.intezer.com/lazarus-group-targets-more-cryptocurrency-exchanges-and-fintech-companies/ 2018-03-28
Fancy Bear Infrastructure https://www.threatconnect.com/blog/using-fancy-bear-ssl-certificate-information-to-identify-their-infrastructure/ 2018-03-27
Dridex Banking Trojan Returns Leverages New UAC Bypass Method https://www.flashpoint-intel.com/blog-dridex-banking-trojan-returns/ 2017-01-26
FancyBear Exploits NYC Terrorism Fears In Latest Spear Phishing Campaign https://medium.com/@0x736A/fancybear-exploits-nyc-terrorism-fears-in-latest-spear-phishing-campaign-22672e9aeeda 2017-11-28
Glupteba is no longer part of Windigo https://www.welivesecurity.com/2018/03/22/glupteba-no-longer-windigo/ 2018-03-22
2018 Sofacy Activity https://securelist.com/masha-and-these-bears/84311/ 2018-03-09
Updated Cloud Hopper Indicators of Compromise https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html 2017-04-10
Chinese Group (TEMP.Periscope) Targeting U.S Engineering and Maritime Industries https://www.fireeye.com/blog/threat-research/2018/03/suspected-chinese-espionage-group-targeting-maritime-and-engineering-industries.html 2018-03-16
Tropic Troopers New Strategy https://blog.trendmicro.com/trendlabs-security-intelligence/tropic-trooper-new-strategy/ 2018-03-14
Iranian Threat Group Updates Tactics Techniques and Procedures in Spear Phishing Campaign https://www.fireeye.com/blog/threat-research/2018/03/iranian-threat-group-updates-ttps-in-spear-phishing-campaign.html 2018-03-14
Updated MuddyWater activity https://sec0wn.blogspot.com/2018/02/burping-on-muddywater.html 2018-03-13
OceanLotus Old techniques new backdoor https://www.welivesecurity.com/wp-content/uploads/2018/03/ESET_OceanLotus.pdf 2018-03-13
Leaked source code for Ammyy Admin turned into FlawedAmmyy RAT https://www.proofpoint.com/us/threat-insight/post/leaked-source-code-ammyy-admin-turned-flawedammyy-rat 2018-03-12
APT15 is alive and strong: An analysis of RoyalCli and RoyalDNS https://raw.githubusercontent.com/nccgroup/Royal_APT/master/signatures/apt15.yara 2018-03-10
New traces of Hacking Team in the wild https://www.welivesecurity.com/2018/03/09/new-traces-hacking-team-wild/ 2018-03-09
Hidden Cobra Targets Turkish Financial Sector With New Bankshot Implant https://securingtomorrow.mcafee.com/mcafee-labs/hidden-cobra-targets-turkish-financial-sector-new-bankshot-implant/ 2018-03-09
Donot Team Leverages New Modular Malware Framework in South Asia https://www.arbornetworks.com/blog/asert/donot-team-leverages-new-modular-malware-framework-south-asia/ 2018-03-09
The Slingshot APT https://s3-eu-west-1.amazonaws.com/khub-media/wp-content/uploads/sites/43/2018/03/09133534/The-Slingshot-APT_report_ENG_final.pdf 2018-03-09
Patchwork Continues to Deliver BADNEWS to the Indian Subcontinent https://researchcenter.paloaltonetworks.com/2018/03/unit42-patchwork-continues-deliver-badnews-indian-subcontinent/ 2018-03-08
Malware TSCookie http://blog.jpcert.or.jp/2018/03/malware-tscooki-7aa0.html 2018-03-06
Spear-phishing campaign leveraging on MSXSL https://reaqta.com/2018/03/spear-phishing-campaign-leveraging-msxsl/ 2018-03-03
Operation Honeybee a Malicious Document Campaign Targeting Humanitarian Aid Groups https://securingtomorrow.mcafee.com/mcafee-labs/mcafee-uncovers-operation-honeybee-malicious-document-campaign-targeting-humanitarian-aid-groups/ 2018-03-02
Chafer: Latest Attacks Reveal Heightened Ambitions https://www.symantec.com/blogs/threat-intelligence/chafer-latest-attacks-reveal-heightened-ambitions 2018-02-28
A Slice of 2017 Sofacy Activity https://securelist.com/a-slice-of-2017-sofacy-activity/83930/ 2018-02-20
SamSam Ransomware Campaigns https://www.secureworks.com/research/samsam-ransomware-campaigns 2018-02-15
WannaCry linked Lazarus indicators https://www.symantec.com/security_response/writeup.jsp?docid=2017-052206-5950-99 2017-05-24
Turla group using update Neuron malware https://www.ncsc.gov.uk/alerts/turla-group-malware#quicktabs-alert_tabs2 2018-01-18
Deciphering Confucius Cyberespionage Operations https://blog.trendmicro.com/trendlabs-security-intelligence/deciphering-confucius-cyberespionage-operations/ 2018-02-13
Lazarus Resurfaces Targets Global Banks and Bitcoin Users https://securingtomorrow.mcafee.com/mcafee-labs/lazarus-resurfaces-targets-global-banks-bitcoin-users/ 2018-02-12
Continued attacks against Korea by Kimsuky http://blog.alyac.co.kr/1536 2018-02-12
Flash 0 Day In The Wild http://blog.talosintelligence.com/2018/02/group-123-goes-wild.html 2018-02-02
A New Version of North Korean Ransomware Hermes Has Emerged http://www.intezer.com/another-distraction-new-version-north-korean-ransomware-hermes/ 2018-02-09
Sofacy targeting Romanian Embassy https://twitter.com/ClearskySec/status/960924755355369472 2018-02-08
Continued targeting of crypto-currencies in South Korea http://blog.alyac.co.kr/1527 2018-02-05
Flash Player Zero-Day Attack Deployed by Korean Messenger Application http://blog.alyac.co.kr/1521 2018-02-02
Smominru Monero mining botnet making millions for operators https://www.proofpoint.com/us/threat-insight/post/smominru-monero-mining-botnet-making-millions-operators 2018-02-02
Operation PZCHAO https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-inside-a-highly-specialized-espionage-infrastructure/ 2018-02-02
Operation Arabian Night Attack Group Global Expansion http://blog.alyac.co.kr/1519 2018-01-31
Comnie Continues to Target Organizations in East Asia https://researchcenter.paloaltonetworks.com/2018/01/unit42-comnie-continues-target-organizations-east-asia/ 2018-01-31
VERMIN: Quasar RAT and Custom Malware Used In Ukraine https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/ 2018-01-29
Targeted Attacks on Central Management Systems http://global.ahnlab.com/global/upload/download/asecreport/ASEC%20REPORT_vol.89_ENG.pdf 2018-01-26
OilRig uses RGDoor IIS Backdoor on Targets in the Middle East https://researchcenter.paloaltonetworks.com/2018/01/unit42-oilrig-uses-rgdoor-iis-backdoor-targets-middle-east/ 2018-01-25
Denis and Co. IsmDoor https://securelist.com/denis-and-company/83671/ 2018-01-25
Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors https://www.us-cert.gov/ncas/alerts/TA17-293A 2017-10-21
Lazarus Campaign Targeting Cryptocurrencies Reveals Remote Controller Tool an Evolved RATANKBA and More https://blog.trendmicro.com/trendlabs-security-intelligence/lazarus-campaign-targeting-cryptocurrencies-reveals-remote-controller-tool-evolved-ratankba/ 2018-01-24
Duping Doping Domains https://www.threatconnect.com/blog/duping-doping-domains/ 2018-01-11
Dark Caracal malware linked to Lebanon https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf 2018-01-18
First Activities of Cobalt Group in 2018: Spear-phishing Russian Banks https://www.riskiq.com/blog/labs/cobalt-group-spear-phishing-russian-banks/ 2018-01-17
North Korea Targeted South Korean Cryptocurrency Users and Exchange in Late 2017 Campaign https://go.recordedfuture.com/hubfs/reports/cta-2018-0116-appendix.pdf 2018-01-16
Continued Hangover Activity https://www.gov.il/he/Departments/publications/reports/rand 2017-11-21
Korea In The Crosshairs http://blog.talosintelligence.com/2018/01/korea-in-crosshairs.html 2018-01-16
PowerStager Analysis https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/ 2018-01-12
Update on Pawn Storm: New Targets and Politically Motivated Campaigns http://blog.trendmicro.com/trendlabs-security-intelligence/update-pawn-storm-new-targets-politically-motivated-campaigns/ 2018-01-12
North Korean Defectors and Journalists Targeted Using Social Networks and KakaoTalk https://securingtomorrow.mcafee.com/mcafee-labs/north-korean-defectors-journalists-targeted-using-social-networks-kakaotalk/ 2018-01-11
Diplomats in Eastern Europe bitten by a Turla mosquito https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf 2018-01-09
The Carbanak Fin7 Syndicate https://www.rsa.com/content/dam/en/white-paper/the-carbanak-fin7-syndicate.pdf 2017-11-23
Recent Incident Reportedly Targeting Saudi Arabia With Links To Greenbug and OilRig Actors https://www.ci-project.org/blog/2017/9/11/incident-report-recent-incident-reportedly-targeting-saudi-arabia-with-links-to-greenbug-and-oilrig-actors 2017-09-11
Further Gaza Cybergang Activity http://www.freebuf.com/vuls/142970.html 2017-08-09
Untangling the Patchwork Cyberespionage Group https://documents.trendmicro.com/assets/appendix-untangling-the-patchwork-cyberespionage-group.pdf 2017-12-11
Master Channel: The Boleto Mestre Campaign Targets Brazil https://researchcenter.paloaltonetworks.com/2017/12/unit42-master-channel-the-boleto-mestre-campaign-targets-brazil/ 2017-12-07
Disrupting Gamarue https://www.welivesecurity.com/2017/12/04/eset-takes-part-global-operation-disrupt-gamarue/ 2017-12-06
Ethiopian Dissidents targeted with commercial spyware https://citizenlab.ca/2017/12/champing-cyberbit-ethiopian-dissidents-targeted-commercial-spyware/ 2017-12-06
Flying Kitten to Rocket Kitten https://iranthreats.github.io/resources/attribution-flying-rocket-kitten/ 2017-12-05
Iranian cyber espionage against HBO human rights activists academic researchers and media outlets http://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf 2017-12-05
Attacks against South Korean Bitcoin companies http://blog.alyac.co.kr/1430 2017-12-05
Persistent drive-by cryptomining coming to a browser near you https://blog.malwarebytes.com/cybercrime/2017/11/persistent-drive-by-cryptomining-coming-to-a-browser-near-you/ 2017-11-30
APT3 Uncovered: The code evolution of Pirpi https://recon.cx/2017/montreal/resources/slides/RECON-MTL-2017-evolution_of_pirpi.pdf 2017-11-27
A dive into MuddyWater APT targeting Middle-East https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/ 2017-11-29
ROKRAT Reloaded http://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.html 2017-11-28
Continued Molerats Activity https://docs.google.com/document/d/1oYX3uN6KxIX_StzTH0s0yFNNoHDnV8VgmVqU5WoeErc 2017-11-14
A New Mirai Variant is Spreading Quickly on Port 23 and 2323 http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quickly-on-port-23-and-2323-en/ 2017-11-27
Continued HeartBeat APT activity https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32/Bioazih 2017-11-24
Iranian Threat Agent Greenbug Impersonates Israeli High-Tech and Cyber Security Companies http://www.clearskysec.com/greenbug/ 2017-10-24
The New and Improved macOS Backdoor from OceanLotus https://researchcenter.paloaltonetworks.com/2017/06/unit42-new-improved-macos-backdoor-oceanlotus/ 2017-06-22
Operation Blockbuster Goes Mobile https://researchcenter.paloaltonetworks.com/2017/11/unit42-operation-blockbuster-goes-mobile/ 2017-11-21
New Banking Trojan IcedID http://securityintelligence.com/new-banking-trojan-icedid-discovered-by-ibm-x-force-research 2017-11-13
New Malware with Ties to SunOrcal Discovered https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-ties-to-sunorcal-discovered/ 2017-11-12
ChessMasters New Strategy: Evolving Tools and Tactics http://blog.trendmicro.com/trendlabs-security-intelligence/chessmasters-new-strategy-evolving-tools-tactics/ 2017-11-11
Daserf Backdoor Now Using Steganography http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-butler-daserf-backdoor-now-using-steganography/ 2017-11-08
Sowbug: Cyber espionage group targets South American and Southeast Asian governments https://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-south-american-and-southeast-asian-governments 2017-11-07
Threat Group APT28 Slips Office Malware into Doc Citing NYC Terror Attack https://securingtomorrow.mcafee.com/mcafee-labs/apt28-threat-group-adopts-dde-technique-nyc-attack-theme-in-latest-campaign/ 2017-11-07
OceanLotus Blossoms: Mass Digital Surveillance https://www.volexity.com/blog/2017/11/06/oceanlotus-blossoms-mass-digital-surveillance-and-exploitation-of-asean-nations-the-media-human-rights-and-civil-society/ 2017-11-06
Fancy Bear Pens the Worst Blog Posts Ever https://www.threatconnect.com/blog/fancy-bear-leverages-blogspot/ 2017-11-02
Targeted Phishing Attacks Point Leader to Threat Actors Repository https://researchcenter.paloaltonetworks.com/2017/10/unit42-tracking-subaat-targeted-phishing-attacks-point-leader-threat-actors-repository/ 2017-10-27
Cyber Conflict Decoy Document Used In Real Cyber Conflict http://blog.talosintelligence.com/2017/10/cyber-conflict-decoy-document.html 2017-10-22
BadPatch https://researchcenter.paloaltonetworks.com/2017/10/unit42-badpatch/ 2017-10-20
An Update on Winnti https://401trg.pw/an-update-on-winnti/ 2017-10-17
Leviathan: Espionage actor spearphishes maritime and defense targets https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets 2017-10-17
Taiwan Heist - Lazarus Tools and Ransomware http://baesystemsai.blogspot.co.uk/2017/10/taiwan-heist-lazarus-tools.html 2017-10-17
BlackOasis APT and new targeted attacks leveraging zero-day exploit https://securelist.com/blackoasis-apt-and-new-targeted-attacks-leveraging-zero-day-exploit/82732/ 2017-10-16
OilRig Group Steps Up Attacks with New Delivery Documents and New Injector Trojan https://researchcenter.paloaltonetworks.com/2017/10/unit42-oilrig-group-steps-attacks-new-delivery-documents-new-injector-trojan/ 2017-10-09
Turla Macro Maldoc - Embassy of the republic of kazakhstan theme https://twitter.com/JohnLaTwC/status/915590893155098629 2017-10-05
The Potential for Increased Financially-Motivated North Korean Cyber Operations in the Face of Increasing International Pressure https://www.ci-project.org/blog/2017/10/1/h8ybw9lv70jigavhu46dexrlrhmow2 2017-10-03
Fake eFax delivers Trickbot banking trojan https://myonlinesecurity.co.uk/fake-efax-delivers-trickbot-banking-trojan/ 2017-08-16
Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html 2017-09-20
CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute-finspy.html 2017-09-13
ThreatConnect Reviews Potential Fancy Bear Activity Targeting the French Election Runoff https://www.threatconnect.com/blog/activity-targeting-french-election/ 2017-04-27
Dragonfly: Western energy sector targeted by sophisticated attack group https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group 2017-09-06
HoeflerText Popups Targeting Google Chrome Users Now Push RAT Malware https://researchcenter.paloaltonetworks.com/2017/09/unit42-hoeflertext-popups-targeting-google-chrome-users-now-pushing-rat-malware/ 2017-09-01
Locky ransomware adds anti sandbox feature https://blog.malwarebytes.com/threat-analysis/2017/08/locky-ransomware-adds-anti-sandbox-feature/ 2017-09-01
VENOM Linux rootkit https://security.web.cern.ch/security/venom.shtml 2017-01-17
Sofacys Komplex OS X Trojan http://researchcenter.paloaltonetworks.com/2016/09/unit42-sofacys-komplex-os-x-trojan/ 2016-09-26
The Digital Plagiarist Campaign: TelePorting the Carbanak Crew to a New Dimension https://www.tr1adx.net/intel/TIB-00002.html 2017-01-09
Carbanak Group Targets Financial Orgs in the Middle East https://www.proofpoint.com/sites/default/files/proofpoint-threat-insight-carbanak-group-en.pdf 2016-03-16
Carbanak gang is back and packing new guns http://www.welivesecurity.com/2015/09/08/carbanak-gang-is-back-and-packing-new-guns/ 2015-09-08
Signed POS malware - Carbanak http://blog.trendmicro.com/trendlabs-security-intelligence/signed-pos-malware-used-in-pre-holiday-attacks-linked-to-targeted-attacks/ 2015-02-21
Carbanak http://securelist.com/files/2015/02/Carbanak_APT_eng.pdf 2015-02-20
Attacks against Polish banks https://niebezpiecznik.pl/post/jak-przeprowadzono-atak-na-knf-i-polskie-banki-oraz-kto-jeszcze-byl-na-celowniku-przestepcow/ 2017-02-08
Analysis of Malware Used in Watering-Hole Attacks Against Polish Financial Institutions https://blog.cyber4sight.com/2017/02/technical-analysis-watering-hole-attacks-against-financial-institutions/ 2017-02-22
Korean MalDoc Drops Evil New Years Presents http://blog.talosintelligence.com/2017/02/korean-maldoc.html 2017-02-23
Introducing WhiteBear https://securelist.com/introducing-whitebear/81638/ 2017-08-30
Gazing at Gazer - Turlas new second stage backdoor https://www.welivesecurity.com/wp-content/uploads/2017/08/eset-gazer.pdf 2017-08-30
Recent ISMAgent Samples and Infrastructure by Iranian Threat Group GreenBug http://www.clearskysec.com/ismagent/ 2017-08-28
Operation RAT Cook: Chinese APT actors use fake Game of Thrones leaks as lures https://www.proofpoint.com/us/threat-insight/post/operation-rat-cook-chinese-apt-actors-use-fake-game-thrones-leaks-lures 2017-08-28
Satellite Turla: APT Command and Control in the Sky https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-control-in-the-sky/ 2015-09-09
APT28 DOMAINS (REPORT) https://github.com/fireeye/iocs/tree/master/APT28 2015-04-24
Operation RussianDoll 2015-04-20
CozyDuke F-Secure report 2015-04-23
The CozyDuke APT 2015-04-22
Multiple Chinese APT Groups Quickly Use Flash Zero-Day https://www.fireeye.com/blog/threat-research/2015/07/demonstrating_hustle.html 2015-07-14
APT Group UPS Targets US Government with HT Flash Exploit http://researchcenter.paloaltonetworks.com/2015/07/apt-group-ups-targets-us-government-with-hacking-team-flash-exploit/ 2015-07-11
Attack on French Diplomat Linked to Operation Lotus Blossom http://researchcenter.paloaltonetworks.com/2015/12/attack-on-french-diplomat-linked-to-operation-lotus-blossom/ 2015-12-18
APT Group Wekby Leveraging Adobe Flash Exploit http://www.volexity.com/blog/?p=158 2015-07-09
BlackEnergy Attacks http://cert.gov.ua/?p=2464 2016-01-18
China-based Cyber Threat Group Targets Hong Kong Media Outlets https://www.fireeye.com/blog/threat-research/2015/11/china-based-threat.html 2015-12-01
Patchwork cyberespionage group expands targets from governments to wide range of industries http://www.symantec.com/connect/blogs/patchwork-cyberespionage-group-expands-targets-governments-wide-range-industries 2016-07-26
Operation DustySky http://www.clearskysec.com/dustysky/ 2016-01-07
Operation BlockBuster unveils the actors behind the Sony attacks http://www.operationblockbuster.com/ 2016-02-24
Intrusion into the Democratic National Committee https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/ 2016-06-14
Sandworm Team Leverage CVE-2014-4114 Zero-Day http://www.isightpartners.com/2014/10/cve-2014-4114/ 2015-06-05
OPERATION LOTUS BLOSSOM https://www.paloaltonetworks.com/resources/research/unit42-operation-lotus-blossom.html 2015-06-16
APT30 https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf 2015-04-27
New Attacks Linked to C0d0s0 Group http://researchcenter.paloaltonetworks.com/2016/01/new-attacks-linked-to-c0d0s0-group/ 2016-01-23
Hellsing APT https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsing-apt-the-empire-strikes-back/ 2015-04-20
Emissary Trojan/ Operation Lotus Blossom Update http://researchcenter.paloaltonetworks.com/2016/02/emissary-trojan-changelog-did-operation-lotus-blossom-cause-it-to-evolve/ 2016-02-03
Operation Cleaver http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf 2014-12-02
Threat Group-3390 Targets Organizations for Cyberespionage http://www.secureworks.com/cyber-threat-intelligence/threats/threat-group-3390-targets-organizations-for-cyberespionage/ 2015-08-05
An analysis of exploit supply chains and digital quartermasters http://blog.shadowserver.org/2015/08/10/the-italian-connection-an-analysis-of-exploit-supply-chains-and-digital-quartermasters/ 2015-08-10
Scarlet Mimic: Espionage Campaign Targets Minority Activists http://researchcenter.paloaltonetworks.com/2016/01/scarlet-mimic-years-long-espionage-targets-minority-activists/ 2016-01-25
Rocket Kitten: A campaign with 9 lives http://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdf 2015-11-09
Detecting Datper Malware from Proxy Logs http://blog.jpcert.or.jp/2017/08/detecting-datper-malware-from-proxy-logs.html 2017-08-21
Turla APT actor refreshes KopiLuwak JavaScript backdoor for use in G20-themed attack https://www.proofpoint.com/us/threat-insight/post/turla-apt-actor-refreshes-kopiluwak-javascript-backdoor-use-g20-themed-attack 2017-08-18
The Blockbuster Saga Continues https://researchcenter.paloaltonetworks.com/2017/08/unit42-blockbuster-saga-continues/ 2017-08-14
APT28 Targets Hospitality Sector Presents Threat to Travelers https://www.fireeye.com/blog/threat-research/2017/08/apt28-targets-hospitality-sector.html 2017-08-11
Cobalt Group using Petya themed spearphish topics https://cys-centrum.com/ru/news/activity_of_cobalt_summer_2017 2017-08-09
Backdoor.Rifelku https://www.symantec.com/security_response/earthlink_writeup.jsp?docid=2016-022411-5754-99 2017-08-08
Spoofed HMRC Company Excel Documents delivers Trickbot https://myonlinesecurity.co.uk/another-spoofed-hmrc-company-excel-documents-delivers-trickbot/#U1 2017-08-08
Turla PNG Dropper https://www.carbonblack.com/2017/08/07/threat-analysis-carbon-black-threat-research-dissects-png-dropper/ 2017-08-07
OilRig uses ISMDoor variant; Possibly Linked to Greenbug Threat Group https://researchcenter.paloaltonetworks.com/2017/07/unit42-oilrig-uses-ismdoor-variant-possibly-linked-greenbug-threat-group/ 2017-07-27
Reviewing the Magnitude exploit kit redirection chain https://blog.malwarebytes.com/cybercrime/2017/08/enemy-at-the-gates-reviewing-the-magnitude-exploit-kit-redirection-chain/ 2017-08-03
The Retefe Saga https://www.govcert.admin.ch/blog/33/the-retefe-saga 2017-08-03
Ride the Lightning: Infy returns as Foudre https://researchcenter.paloaltonetworks.com/2017/08/unit42-prince-persia-ride-lightning-infy-returns-foudre/ 2017-08-01
Fin7 Carbanak using Bateleur JScript Backdoor https://www.proofpoint.com/us/threat-insight/post/fin7carbanak-threat-actor-unleashes-bateleur-jscript-backdoor 2017-08-01
New Arid Viper Activity https://twitter.com/eyalsela/status/882497460102365185 2017-07-05
Karagany.B https://www.symantec.com/security_response/writeup.jsp?docid=2017-073103-3836-99 2017-07-31
Emotet Delivery https://myonlinesecurity.co.uk/emotet-geodo-delivered-via-fake-invoices-using-updated-word-docs-with-encoded-sections/ 2017-07-31
New SamSam Ransomware samples https://twitter.com/demonslay335/status/876940273212895234 2017-06-21
Platinum.A Malware http://www.virusradar.com/en/Win32_Platinum.A/description 2017-07-31
Iranian Espionage using Fake Personas https://twitter.com/eyalsela/status/891258209469595650 2017-07-29
HackingTeam back for your Androids http://rednaga.io/2016/11/14/hackingteam_back_for_your_androids/ 2016-11-15
Shamoon is back http://researchcenter.paloaltonetworks.com/2016/11/unit42-shamoon-2-return-disttrack-wiper/ 2016-12-01
Turlas watering hole campaign: An updated Firefox extension abusing Instagram https://www.welivesecurity.com/2017/06/06/turlas-watering-hole-campaign-updated-firefox-extension-abusing-instagram/ 2017-06-06
New Carbanak / Anunak Attack Methodology https://www.trustwave.com/Resources/SpiderLabs-Blog/New-Carbanak-/-Anunak-Attack-Methodology/?page=1&year=0&month=0 2016-11-15
Report on North Korean cyber attacks (Campaign Rifle) http://www.fsec.or.kr/common/proc/fsec/bbs/21/fileDownLoad/1235.do 2017-07-27
Operation Wilted Tulip http://www.clearskysec.com/wp-content/uploads/2017/07/Operation_Wilted_Tulip.pdf 2017-07-25
New KrBanker Samples http://blog.nsfocus.net/blackmoon-bank-trojan-sample-technical-analysis-report/ 2017-05-18
En Route with Sednit http://www.welivesecurity.com/2016/10/20/new-eset-research-paper-puts-sednit-under-the-microscope/ 2016-10-20
Dridex Malspam http://www.malware-traffic-analysis.net/2017/03/30/index2.html 2017-04-11
Geocities hosting APT PoisonIvy via PowerSploit http://blog.0day.jp/p/english-report-of-fhappi-freehosting.html?m=1 2017-03-17
Recent PlugX Samples https://www.hybrid-analysis.com/sample/788e91b3eaa67ec6f755c9c2afc682b830282b110cc17a9fadbe78cd147e751e?environmentId=100 2017-06-08
Flying Dragon Eye: Uyghur Themed Threat Activity https://www.arbornetworks.com/blog/asert/wp-content/uploads/2016/11/TLP-WHITE-Flying-Dragon-Eye-Uyghur-Themed-Threat-Activity.pdf 2016-11-01
Packrat: Seven Years of a South American Threat Actor https://github.com/citizenlab/malware-signatures/blob/master/packrat/domains.csv 2015-12-09
WannaCry Indicators https://ghostbin.com/paste/xgvdv 2017-05-12
The return of Locky with fake invoice emails https://myonlinesecurity.co.uk/the-return-of-locky-with-fake-invoice-emails/ 2017-06-21
Petya Returns as Goldeneye Strikes Germany https://blog.cylance.com/petya-returns-as-goldeneye-strikes-germany 2016-12-13
China Targeting South China Seas Nations 2015-05-01
Continued GreenBug/Shamoon attacks against Saudi Arabia https://twitter.com/eyalsela/status/885893685325574144 2017-07-19
Magic Hound Campaign Attacks Saudi Targets http://researchcenter.paloaltonetworks.com/2017/02/unit42-magic-hound-campaign-attacks-saudi-targets/ 2017-02-16
Odinaff: New Trojan used in high level financial attacks http://www.symantec.com/connect/blogs/odinaff-new-trojan-used-high-level-financial-attacks 2016-10-11
Shell Crew Variant StreamEx https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar 2017-02-09
The Naikon APT https://securelist.com/analysis/publications/69953/the-naikon-apt/ 2015-05-14
Real News Fake Flash Mac OS X Users Targeted https://www.volexity.com/blog/2017/07/24/real-news-fake-flash-mac-os-x-users-targeted/ 2017-07-25
Ursnif Variant using Mouse Movement for Evasion https://blogs.forcepoint.com/security-labs/ursnif-variant-found-using-mouse-movement-decryption-and-evasion 2017-07-25
Tick Group Continues Attacks https://researchcenter.paloaltonetworks.com/2017/07/unit42-tick-group-continues-attacks/ 2017-07-25
The dawn of nation state digital espionage https://securelist.com/files/2017/04/Penquins_Moonlit_Maze_AppendixB.pdf 2017-04-10
New PoSeidon / FindPOS incidents https://www.riskanalytics.com/blog/post.php?s=2017-07-07-coming-to-a-break-room-near-you-point-of-sale-malware 2017-07-10
Greenbugs DNS-isms https://www.arbornetworks.com/blog/asert/greenbugs-dns-isms/ 2017-05-01
Putter Panda activity http://blog.cylance.com/puttering-into-the-future 2016-01-13
Tracking Elirks Variants in Japan: Similarities to Previous Attacks http://researchcenter.paloaltonetworks.com/2016/06/unit42-tracking-elirks-variants-in-japan-similarities-to-previous-attacks/ 2016-06-24
CARBANAK GROUP USES GOOGLE FOR MALWARE COMMAND-AND-CONTROL https://blogs.forcepoint.com/security-labs/carbanak-group-uses-google-malware-command-and-control 2017-01-19
How Cyber Propaganda Influenced Politics in 2016 https://documents.trendmicro.com/assets/Appendix_how-cyber-propaganda-influenced-politics-in-2016.pdf 2017-03-30
Recent Winnti Infrastructure and Samples http://www.clearskysec.com/winnti/ 2017-07-18
Carbon Paper: Peering into Turlas second stage backdoor https://www.welivesecurity.com/2017/03/30/carbon-paper-peering-turlas-second-stage-backdoor/ 2017-03-30
Terracotta VPN: Enabler of Advanced Threat Anonymity https://blogs.rsa.com/wp-content/uploads/2015/08/Terracotta-VPN-Report-Final-8-3.pdf 2015-08-04
XAgentOSX: Sofacys XAgent macOS Tool http://researchcenter.paloaltonetworks.com/2017/02/unit42-xagentosx-sofacys-xagent-macos-tool/ 2017-02-15
Digital Attack on German Parliament https://netzpolitik.org/2015/digital-attack-on-german-parliament-investigative-report-on-the-hack-of-the-left-party-infrastructure-in-bundestag/ 2015-06-26
Babar APT http://feedproxy.google.com/~r/GDataSecurityBlog/~3/z08Ffq28vyg/babar-espionage-software-finally-found-and-put-under-the-microscope.html 2015-02-20
From Shamoon to StoneDrill https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/ 2017-03-06
Unit 42 Technical Analysis: Seaduke http://researchcenter.paloaltonetworks.com/2015/07/unit-42-technical-analysis-seaduke/ 2015-07-14
Strider: Cyberespionage group turns eye of Sauron on targets http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets 2016-08-08
OilRig alert by IL-CERT https://cert.gov.il/Updates/Alerts/SiteAssets/CERT-IL-ALERT-W-120.pdf 2017-04-26
Duke APT group's latest tools: cloud services and Linux support https://www.f-secure.com/weblog/archives/00002822.html 2015-07-22
Chinese Threat Group Targeted High-profile Turkish Organizations https://www.secureworks.com/blog/chinese-threat-group-targeted-turkish-organizations 2017-06-27
Asruex: Malware Infecting through Shortcut Files http://blog.jpcert.or.jp/2016/06/asruex-malware-infecting-through-shortcut-files.html 2016-10-14
Dino - allegedly French espionage http://www.welivesecurity.com/2015/06/30/dino-spying-malware-analyzed/ 2015-06-30
Similarities Between Carbanak and FIN7 Malware Suggest Actors Are Closely Related https://blog.cyber4sight.com/2017/04/similarities-between-carbanak-and-fin7-malware-suggest-actors-are-closely-related/ 2017-04-28
APT29 Domain Fronting With TOR https://www.fireeye.com/blog/threat-research/2017/03/ 2017-03-27
Peering into GlassRAT https://blogs.rsa.com/peering-into-glassrat/ 2015-11-23
Operation Dust Storm https://www.cylance.com/hubfs/2015_cylance_website/assets/operation-dust-storm/Op_Dust_Storm_Report.pdf?t=1456244940728 2016-02-23
APT32 and the Threat to Global Corporations https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html 2017-05-14
BAIJIU: New Malware Abuses Popular Japanese Web Hosting Service https://www.cylance.com/en_us/blog/baijiu.html 2017-05-12
Operation Molerats: Middle East Cyber Attacks Using Poison Ivy https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-east-cyber-attacks-using-poison-ivy.html 2015-05-01
BBSRAT Attacks Targeting Russian Organizations http://researchcenter.paloaltonetworks.com/2015/12/bbsrat-attacks-targeting-russian-organizations-linked-to-roaming-tiger/ 2015-12-23
FIN7 Evolution and the Phishing LNK https://www.fireeye.com/blog/threat-research/2017/04/fin7-phishing-lnk.html 2017-04-24
Dridex Campaigns Hitting Millions of Recipients Using Unpatched Microsoft Zero-Day https://www.proofpoint.com/us/threat-insight/post/dridex-campaigns-millions-recipients-unpatched-microsoft-zero-day 2017-04-11
Snake: Coming soon in Mac OS X flavour https://blog.fox-it.com/2017/05/03/snake-coming-soon-in-mac-os-x-flavour/ 2017-05-03
EPS Processing Zero-Days Exploited by Multiple Threat Actors https://www.fireeye.com/blog/threat-research/2017/05/eps-processing-zero-days.html 2017-05-09
El Machete Malware Attacks Cut Through LATAM https://www.cylance.com/en_us/blog/el-machete-malware-attacks-cut-through-latam.html 2017-03-22
The EyePyramid attacks https://securelist.com/blog/incidents/77098/the-eyepyramid-attacks/ 2017-01-12
Spear Phishing attacks hits industrial companies https://ics-cert.kaspersky.com/2016/12/16/spear-phishing-attack-hits-industrial-companies/ 2016-12-17
Red Leaves Implant - overview https://github.com/nccgroup/Cyber-Defence/blob/master/Technical%20Notes/Red%20Leaves/Source/Red%20Leaves%20technical%20note%20v1.0.md 2017-04-10
Iranian threat agent OilRig delivers digitally signed malware impersonate University of Oxford http://www.clearskysec.com/oilrig/ 2017-01-05
The Full Shamoon How the Devastating Malware Was Inserted Into Networks https://securityintelligence.com/the-full-shamoon-how-the-devastating-malware-was-inserted-into-networks/ 2017-03-13
Sandworm to Blacken: The SCADA Connection http://blog.trendmicro.com/trendlabs-security-intelligence/sandworm-to-blacken-the-scada-connection/ 2015-06-05
MONSOON APT campaign activity 7-6-2017 https://community.rsa.com/community/products/netwitness/blog/2017/07/10/active-monsoon-apt-campaign-on-7-6-2017 2017-07-10
Delphi Used To Score Against Palestine http://blog.talosintelligence.com/2017/06/palestine-delphi.html 2017-06-19
Investigation Into Mexican Mass Disappearance Targeted with NSO Spyware https://citizenlab.org/2017/07/mexico-disappearances-nso/ 2017-07-10
Operation Desert Eagle https://mymalwareparty.blogspot.co.uk/2017/07/operation-desert-eagle.html 2017-07-07
BRONZE UNION Cyberespionage Persists Despite Disclosures https://www.secureworks.com/research/bronze-union 2017-07-07
New KONNI Campaign References North Korean Missile Capabilities http://blog.talosintelligence.com/2017/07/konni-references-north-korean-missile-capabilities.html 2017-07-07
Analysis of Petya delivery via MeDoc AutoUpdates https://www.welivesecurity.com/2017/07/04/analysis-of-telebots-cunning-backdoor/ 2017-07-04
TeleBots are back: Supply-chain attacks against Ukraine https://www.welivesecurity.com/2017/06/30/telebots-back-supply-chain-attacks-against-ukraine/ 2017-06-30
Forbes.com Waterhole Attack http://www.invincea.com/2015/02/chinese-espionage-campaign-compromises-forbes/ 2015-02-11
Paranoid PlugX https://researchcenter.paloaltonetworks.com/2017/06/unit42-paranoid-plugx/ 2017-06-27
Locky Downloaders - njdshf73 https://www.hybrid-analysis.com/sample/a61ffe978bc37907f1173e4434512415021f295bd8d278c41ecfb22ec6c8ff11?environmentId=100 2017-06-27
Reckless Exploit: Mexican Journalists Lawyers and a Child Targeted with NSO Spyware https://citizenlab.org/2017/06/reckless-exploit-mexico-nso/ 2017-06-19
SHELLTEA + POSLURP MALWARE https://www.root9b.com/sites/default/files/whitepapers/PoS%20Malware%20ShellTea%20PoSlurp.pdf 2017-06-19
Book of Eli: African targeted attacks http://www.welivesecurity.com/2016/09/22/libya-malware-analysis/ 2016-09-25
New version of Hworm being used within multiple attacks http://researchcenter.paloaltonetworks.com/2016/10/unit42-houdinis-magic-reappearance/ 2016-10-25
BITTER: A TARGETED ATTACK AGAINST PAKISTAN https://blogs.forcepoint.com/security-labs/bitter-targeted-attack-against-pakistan 2016-10-24
SamSa Ransomware http://researchcenter.paloaltonetworks.com/2016/12/unit42-samsa-ransomware-attacks-year-review/ 2016-12-09
MM CORE IN-MEMORY BACKDOOR RETURNS AS "BIGBOSS" AND "SILLYGOOSE" https://blogs.forcepoint.com/security-labs/mm-core-memory-backdoor-returns-bigboss-and-sillygoose 2017-01-05
Second Wave of Shamoon 2 Attacks Identified http://researchcenter.paloaltonetworks.com/2017/01/unit42-second-wave-shamoon-2-attacks-identified/ 2017-01-11
NEW VARIANT OF PLOUTUS ATM MALWARE OBSERVED IN THE WILD IN LATIN AMERICA https://www.fireeye.com/blog/threat-research/2017/01/new_ploutus_variant.html 2017-01-12
Without Necurs Locky Struggles http://blog.talosintel.com/2017/01/locky-struggles.html 2017-01-21
A Whale of a Tale: HummingBad Returns http://blog.checkpoint.com/2017/01/23/hummingbad-returns/ 2017-01-24
Oops they did it again: APT Targets Russia and Belarus with ZeroT and PlugX https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx 2017-02-03
From RTF to Cobalt Strike passing via Flash https://zairon.wordpress.com/2017/02/05/from-rtf-to-cobalt-strike-passing-via-flash/ 2017-02-06
Operation Kingphish: Uncovering a Campaign of Cyber Attacks against Civil Society in Qatar and Nepal https://medium.com/amnesty-insights/operation-kingphish-uncovering-a-campaign-of-cyber-attacks-against-civil-society-in-qatar-and-aa40c9e08852#.cly4mg1g8 2017-02-14
Deep Dive On The DragonOK Rambo Backdoor http://www.morphick.com/resources/news/deep-dive-dragonok-rambo-backdoor 2017-02-15
Breaking The Weakest Link Of The Strongest Chain https://securelist.com/blog/incidents/77562/breaking-the-weakest-link-of-the-strongest-chain/ 2017-02-16
menuPass Returns with New Malware and New Attacks http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-malware-new-attacks-japanese-academics-organizations/ 2017-02-21
Spear Phishing Techniques Used in Attacks Targeting the Mongolian Government https://www.fireeye.com/blog/threat-research/2017/02/spear_phishing_techn.html 2017-02-23
New targeted attack against Saudi Arabia Government https://blog.malwarebytes.com/cybercrime/social-engineering-cybercrime/2017/03/new-targeted-attack-saudi-arabia-government/ 2017-03-24
Trochilus and New MoonWind RATs Used In Attack Against Thai Organizations http://researchcenter.paloaltonetworks.com/2017/03/unit42-trochilus-rat-new-moonwind-rat-used-attack-thai-utility-organizations/ 2017-03-30
(APT-C-23) TO THE PAKISTANI AND THE UNITED STATES http://zhuiri.360.cn/report/index.php/2017/03/09/twotailedscorpion/ 2017-04-10
Cardinal RAT Active for Over Two Years http://researchcenter.paloaltonetworks.com/2017/04/unit42-cardinal-rat-active-two-years/ 2017-04-20
Modified Zyklon and plugins from India http://blog.talosintelligence.com/2017/05/modified-zyklon-and-plugins-from-india.html 2017-05-23
Threat Spotlight: The Return of Qakbot Malware https://www.cylance.com/en_us/blog/threat-spotlight-the-return-of-qakbot-malware.html 2017-05-24
Necurs Botnet Fuels Massive Spam Campaigns Spreading Jaff Ransomware https://www.flashpoint-intel.com/wp-content/uploads/2017/06/Flashpoint-Jaff-Ransomware-IOCs-June17.pdf 2017-06-08
Will Astrum Fill the Vacuum in the Exploit Kit Landscape? http://blog.trendmicro.com/trendlabs-security-intelligence/astrum-exploit-kit-abuses-diffie-hellman-key-exchange/ 2017-05-18
New Kasper samples https://www.hybrid-analysis.com/sample/6a48b5211b622ffe49ae4e32ada72bb4d9db40576513cc549d406b148b446422?environmentId=100 2017-06-13
2016 Phishing campaign targeting election officials https://theintercept.com/2017/06/05/top-secret-nsa-report-details-russian-hacking-effort-days-before-2016-election/ 2017-06-07
Winnti Abuses GitHub for CC Communications http://blog.trendmicro.com/trendlabs-security-intelligence/winnti-abuses-github/ 2017-03-22
Trojan.Rochim https://www.symantec.com/security_response/writeup.jsp?docid=2017-060603-1139-99 2017-06-08
Threat actors leverage EternalBlue exploit to deliver non-WannaCry payloads https://www.fireeye.com/blog/threat-research/2017/05/threat-actors-leverage-eternalblue-exploit-to-deliver-non-wannacry-payloads.html 2017-06-02
The Gamaredon Group Toolset Evolution http://researchcenter.paloaltonetworks.com/2017/02/unit-42-title-gamaredon-group-toolset-evolution/?adbsc=social70398906&adbid=836356242436055042&adbpl=tw&adbpr=4487645412 2017-02-28
New StreamEx Malware Samples https://attack.mitre.org/wiki/Software/S0142 2017-05-18
WanaCrypt0r Ransomworm https://baesystemsai.blogspot.co.uk/2017/05/wanacrypt0r-ransomworm.html 2017-05-17
The Blockbuster Sequel http://researchcenter.paloaltonetworks.com/2017/04/unit42-the-blockbuster-sequel/ 2017-05-16
Kazuar: Multiplatform Espionage Backdoor with API Access http://researchcenter.paloaltonetworks.com/2017/05/unit42-kazuar-multiplatform-espionage-backdoor-api-access/ 2017-05-03
KONNI: A Malware Under The Radar For Years http://blog.talosintelligence.com/2017/05/konni-malware-under-radar-for-years.html 2017-05-03
Carbanak attacks against Chipotle Baja Fresh and Ruby Tuesday https://www.cyberscoop.com/chipotle-hack-fin7-carbanak-baja-fresh-ruby-tuesday/ 2017-05-03
Iranian Fileless Attack Infiltrates Israeli Organizations http://blog.morphisec.com/iranian-fileless-cyberattack-on-israel-word-vulnerability 2017-04-30
APT Targets Financial Analysts with CVE-2017-0199 https://www.proofpoint.com/us/threat-insight/post/apt-targets-financial-analysts 2017-04-28
OilRig Actors Provide a Glimpse into Development and Testing Efforts http://researchcenter.paloaltonetworks.com/2017/04/unit42-oilrig-actors-provide-glimpse-development-testing-efforts/ 2017-04-27
Two Years of Pawn Storm https://documents.trendmicro.com/assets/wp/wp-two-years-of-pawn-storm.pdf 2017-04-25
Potential Sofacy campaign against Presidential Candidate Macron https://www.threatcrowd.org/ip.php?ip=185.156.173.105 2017-04-24
Of Pigs and Malware: Examining a Possible Member of the Winnti Group http://blog.trendmicro.com/trendlabs-security-intelligence/pigs-malware-examining-possible-member-winnti-group/ 2017-04-19
Callisto Group https://www.f-secure.com/documents/996508/1030745/callisto-group 2017-04-13
Unraveling the Lamberts Toolkit https://securelist.com/blog/research/77990/unraveling-the-lamberts-toolkit/ 2017-04-11
The Blockbuster Sequel http://researchcenter.paloaltonetworks.com/2017/04/unit42-the-blockbuster-sequel/ 2017-04-10
OilRig Campaign Analysis https://logrhythm.com/pdfs/threat-research/logrhythm-labs-oilrig-campaign-analysis.pdf 2017-03-31
Jerusalem Post and other Israeli websites compromise by Iranian threat actor CopyKitten http://www.clearskysec.com/copykitten-jpost/ 2017-03-30
Shamoon 2 Delivering Disttrack http://researchcenter.paloaltonetworks.com/2017/03/unit42-shamoon-2-delivering-disttrack/ 2017-03-27
Ploutus-D Malware turns ATMs into IoT Devices https://www.zingbox.com/blog/ploutus-d-malware-turns-atms-into-iot-devices/ 2017-03-23
APT10 Indicators https://www.lac.co.jp/lacwatch/people/20170223_001224.html 2017-03-21
Modrunner Backdoor https://www.symantec.com/security_response/writeup.jsp?docid=2017-031519-0428-99&tabid=2 2017-03-17
Operation BugDrop https://cyberx-labs.com/en/blog/operation-bugdrop-cyberx-discovers-large-scale-cyber-reconnaissance-operation/ 2017-02-21
A Guide to the RTM Banking Trojan http://www.welivesecurity.com/wp-content/uploads/2017/02/Read-The-Manual.pdf 2017-03-13
Operation Armageddon 2015-04-29
Indian organizations targeted in Suckfly attacks http://www.symantec.com/connect/blogs/indian-organizations-targeted-suckfly-attacks 2016-05-17
Years-long espionage campaign against Tibetans https://citizenlab.org/2016/03/shifting-tactics/ 2016-03-10
Chinese Actors attacks on US Government and EU Media http://researchcenter.paloaltonetworks.com/2015/09/chinese-actors-use-3102-malware-in-attacks-on-us-government-and-eu-media/ 2015-09-23
Attackers target dozens of global banks with new malware http://www.symantec.com/connect/blogs/attackers-target-dozens-global-banks-new-malware-0 2017-02-13
TeamXRat: Brazilian cybercrime meets ransomware https://securelist.com/blog/research/76153/teamxrat-brazilian-cybercrime-meets-ransomware/ 2016-09-29
TDrop2 Attacks Suggest Dark Seoul Attackers Return http://researchcenter.paloaltonetworks.com/2015/11/tdrop2-attacks-suggest-dark-seoul-attackers-return/ 2015-11-19
EVASIVE MANEUVERS BY THE WEKBY GROUP https://www.threatstream.com/blog/evasive-maneuvers-the-wekby-group-attempts-to-evade-analysis-via-custom-rop-packing-and-dns-covert 2015-07-09
9002 RAT -- a second building on the left http://community.hpe.com/t5/Security-Research/9002-RAT-a-second-building-on-the-left/ba-p/6894315 2016-08-31
Conference Invite used as a Lure by Operation Lotus Blossom Actors http://researchcenter.paloaltonetworks.com/2016/10/unit42-psa-conference-invite-used-lure-operation-lotus-blossom-actors/ 2016-10-28
Winnti is now targeting pharmaceutical companies https://securelist.com/blog/research/70991/games-are-over/ 2015-06-22
Buckeye cyberespionage group shifts gaze from US to Hong Kong http://www.symantec.com/connect/blogs/buckeye-cyberespionage-group-shifts-gaze-us-hong-kong 2016-09-14
CNACOM - Open Source Exploitation via Strategic Web Compromise https://www.zscaler.com/blogs/research/cnacom-open-source-exploitation-strategic-web-compromise 2016-12-08
THE DUKES: 7 years of Russian cyberespionage https://www.f-secure.com/documents/996508/1030745/dukes_whitepaper.pdf 2015-09-17
The Sofacy plot thickens 2015-04-21
Latest Flash Exploit Used in Pawn Storm http://blog.trendmicro.com/trendlabs-security-intelligence/latest-flash-exploit-used-in-pawn-storm-circumvents-mitigation-techniques/ 2015-10-19
STRONTIUM: A profile of a persistent and motivated adversary http://download.microsoft.com/download/4/4/C/44CDEF0E-7924-4787-A56A-16261691ACE3/Microsoft_Security_Intelligence_Report_Volume_19_English.pdf 2015-11-19
Sofacy APT hits high profile targets https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/ 2015-12-04
Sednit Downloader DOWNDELPH https://github.com/eset/malware-ioc/blob/master/sednit/part3.adoc 2016-10-27
Fancy Bear Tracking of Ukrainian Field Artillery Units https://www.crowdstrike.com/blog/danger-close-fancy-bear-tracking-ukrainian-field-artillery-units/ 2016-12-22
Finding Hackingteam code in Russian malware https://objective-see.com/blog/blog_0x18.html 2017-02-22
Satellite Turla infrastructure https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-control-in-the-sky/ 2016-08-17
The curious case of a reconnaissance campaign targeting ministry and embassy sites https://blogs.forcepoint.com/security-labs/curious-case-reconnaissance-campaign-targeting-ministry-and-embassy-sites 2017-02-08
Dridexs Cold War: Enter AtomBombing https://securityintelligence.com/dridexs-cold-war-enter-atombombing/ 2017-03-01
The Deception Project: A New Japanese-Centric Threat https://www.cylance.com/en_us/blog/the-deception-project-a-new-japanese-centric-threat.html 2017-02-27
IKITTENS: IRANIAN ACTOR RESURFACES WITH MALWARE FOR MAC (MACDOWNLOADER) https://iranthreats.github.io/resources/macdownloader-macos-malware/ 2017-02-06
Downeks and Quasar RAT Used in Recent Targeted Attacks Against Governments http://researchcenter.paloaltonetworks.com/2017/01/unit42-downeks-and-quasar-rat-used-in-recent-targeted-attacks-against-governments/ 2017-01-31
Spearphishing campaign targeting Japan - ChChes/APT10 http://csirt.ninja/?p=1103 2017-01-26
Greenbug cyberespionage group targeting Middle East possible links to Shamoon https://www.symantec.com/connect/blogs/greenbug-cyberespionage-group-targeting-middle-east-possible-links-shamoon 2017-01-23
DragonOK Updates Toolset and Targets Multiple Geographic Regions http://researchcenter.paloaltonetworks.com/2017/01/unit42-dragonok-updates-toolset-targets-multiple-geographic-regions/ 2017-01-05
TeleBots: Analyzing disruptive KillDisk attacks http://www.welivesecurity.com/2016/12/13/rise-telebots-analyzing-disruptive-killdisk-attacks/ 2016-12-20
StrongPity Waterhole Attacks Targeting Italian and Belgian Encryption Users https://www.microsoft.com/en-us/security/portal/threat/encyclopedia/Entry.aspx?Name=Backdoor:Win32/Maptrepol.A 2016-10-10
Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy http://researchcenter.paloaltonetworks.com/2016/11/unit42-tropic-trooper-targets-taiwanese-government-and-fossil-fuel-provider-with-poison-ivy/ 2016-11-23
Pawn Storm Ramps Up Spear-phishing Before Zero-Days Get Patched http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-ramps-up-spear-phishing-before-zero-days-get-patched/ 2016-11-09
DealersChoice is Sofacy Flash Player Exploit Platform http://researchcenter.paloaltonetworks.com/2016/10/unit42-dealerschoice-sofacys-flash-player-exploit-platform/ 2016-10-18
Cyberattack targeted Japan nuclear lab https://www.u-toyama.ac.jp/news/2016/doc/1011.pdf 2016-10-14
TARGETED ATTACKS AGAINST BANKS IN THE MIDDLE EAST https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html 2016-05-23
OilRig Malware Campaign Updates Toolset and Expands Targets http://researchcenter.paloaltonetworks.com/2016/10/unit42-oilrig-malware-campaign-updates-toolset-and-expands-targets/ 2016-10-05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment