René's URL Explorer Experiment


Title: GitHub - labssec/APTnotes: Various public documents, whitepapers and articles about APT campaigns

Open Graph Title: GitHub - labssec/APTnotes: Various public documents, whitepapers and articles about APT campaigns

X Title: GitHub - labssec/APTnotes: Various public documents, whitepapers and articles about APT campaigns

Description: Various public documents, whitepapers and articles about APT campaigns - labssec/APTnotes

Open Graph Description: Various public documents, whitepapers and articles about APT campaigns - labssec/APTnotes

X Description: Various public documents, whitepapers and articles about APT campaigns - labssec/APTnotes

Opengraph URL: https://github.com/labssec/APTnotes

X: @github

direct link

Domain: patch-diff.githubusercontent.com

route-pattern/:user_id/:repository
route-controllerfiles
route-actiondisambiguate
fetch-noncev2:90d4f7fb-58f0-7ec4-fe96-36cebeb6cd72
current-catalog-service-hashf3abb0cc802f3d7b95fc8762b94bdcb13bf39634c40c357301c4aa1d67a256fb
request-id9640:1D70A4:BE4729:102DE5F:6971CCB9
html-safe-nonce4d55c2926edec258c6068a34024d77a41036af8f8df32407579d868d4fb53db7
visitor-payloadeyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiI5NjQwOjFENzBBNDpCRTQ3Mjk6MTAyREU1Rjo2OTcxQ0NCOSIsInZpc2l0b3JfaWQiOiI4ODI5NDY3ODU2MzY2MzM3ODUiLCJyZWdpb25fZWRnZSI6ImlhZCIsInJlZ2lvbl9yZW5kZXIiOiJpYWQifQ==
visitor-hmac62fb35ee48fa6a0566e0927b9be651d0b1c1d81c5846c379e1e5e1c10e061181
hovercard-subject-tagrepository:59284030
github-keyboard-shortcutsrepository,copilot
google-site-verificationApib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I
octolytics-urlhttps://collector.github.com/github/collect
analytics-location//
fb:app_id1401488693436528
apple-itunes-appapp-id=1477376905, app-argument=https://github.com/labssec/APTnotes
twitter:imagehttps://opengraph.githubassets.com/3d5ab7ac5fa2f329db1d95c012cd0c4c8bf2f5eb9633dfcc358b3bda4d65d300/labssec/APTnotes
twitter:cardsummary_large_image
og:imagehttps://opengraph.githubassets.com/3d5ab7ac5fa2f329db1d95c012cd0c4c8bf2f5eb9633dfcc358b3bda4d65d300/labssec/APTnotes
og:image:altVarious public documents, whitepapers and articles about APT campaigns - labssec/APTnotes
og:image:width1200
og:image:height600
og:site_nameGitHub
og:typeobject
hostnamegithub.com
expected-hostnamegithub.com
None7476eb4140129667a7530d10cfb7688f701883e35a4dcaa4673e3ec599af5199
turbo-cache-controlno-preview
go-importgithub.com/labssec/APTnotes git https://github.com/labssec/APTnotes.git
octolytics-dimension-user_id19488470
octolytics-dimension-user_loginlabssec
octolytics-dimension-repository_id59284030
octolytics-dimension-repository_nwolabssec/APTnotes
octolytics-dimension-repository_publictrue
octolytics-dimension-repository_is_forktrue
octolytics-dimension-repository_parent_id13110052
octolytics-dimension-repository_parent_nwokbandla/APTnotes
octolytics-dimension-repository_network_root_id13110052
octolytics-dimension-repository_network_root_nwokbandla/APTnotes
turbo-body-classeslogged-out env-production page-responsive
disable-turbofalse
browser-stats-urlhttps://api.github.com/_private/browser/stats
browser-errors-urlhttps://api.github.com/_private/browser/errors
release2cc0827c872b538cd08371730242ae4951d2d61a
ui-targetfull
theme-color#1e2327
color-schemelight dark

Links:

Skip to contenthttps://patch-diff.githubusercontent.com/labssec/APTnotes#start-of-content
https://patch-diff.githubusercontent.com/
Sign in https://patch-diff.githubusercontent.com/login?return_to=https%3A%2F%2Fgithub.com%2Flabssec%2FAPTnotes
GitHub CopilotWrite better code with AIhttps://github.com/features/copilot
GitHub SparkBuild and deploy intelligent appshttps://github.com/features/spark
GitHub ModelsManage and compare promptshttps://github.com/features/models
MCP RegistryNewIntegrate external toolshttps://github.com/mcp
ActionsAutomate any workflowhttps://github.com/features/actions
CodespacesInstant dev environmentshttps://github.com/features/codespaces
IssuesPlan and track workhttps://github.com/features/issues
Code ReviewManage code changeshttps://github.com/features/code-review
GitHub Advanced SecurityFind and fix vulnerabilitieshttps://github.com/security/advanced-security
Code securitySecure your code as you buildhttps://github.com/security/advanced-security/code-security
Secret protectionStop leaks before they starthttps://github.com/security/advanced-security/secret-protection
Why GitHubhttps://github.com/why-github
Documentationhttps://docs.github.com
Bloghttps://github.blog
Changeloghttps://github.blog/changelog
Marketplacehttps://github.com/marketplace
View all featureshttps://github.com/features
Enterpriseshttps://github.com/enterprise
Small and medium teamshttps://github.com/team
Startupshttps://github.com/enterprise/startups
Nonprofitshttps://github.com/solutions/industry/nonprofits
App Modernizationhttps://github.com/solutions/use-case/app-modernization
DevSecOpshttps://github.com/solutions/use-case/devsecops
DevOpshttps://github.com/solutions/use-case/devops
CI/CDhttps://github.com/solutions/use-case/ci-cd
View all use caseshttps://github.com/solutions/use-case
Healthcarehttps://github.com/solutions/industry/healthcare
Financial serviceshttps://github.com/solutions/industry/financial-services
Manufacturinghttps://github.com/solutions/industry/manufacturing
Governmenthttps://github.com/solutions/industry/government
View all industrieshttps://github.com/solutions/industry
View all solutionshttps://github.com/solutions
AIhttps://github.com/resources/articles?topic=ai
Software Developmenthttps://github.com/resources/articles?topic=software-development
DevOpshttps://github.com/resources/articles?topic=devops
Securityhttps://github.com/resources/articles?topic=security
View all topicshttps://github.com/resources/articles
Customer storieshttps://github.com/customer-stories
Events & webinarshttps://github.com/resources/events
Ebooks & reportshttps://github.com/resources/whitepapers
Business insightshttps://github.com/solutions/executive-insights
GitHub Skillshttps://skills.github.com
Documentationhttps://docs.github.com
Customer supporthttps://support.github.com
Community forumhttps://github.com/orgs/community/discussions
Trust centerhttps://github.com/trust-center
Partnershttps://github.com/partners
GitHub SponsorsFund open source developershttps://github.com/sponsors
Security Labhttps://securitylab.github.com
Maintainer Communityhttps://maintainers.github.com
Acceleratorhttps://github.com/accelerator
Archive Programhttps://archiveprogram.github.com
Topicshttps://github.com/topics
Trendinghttps://github.com/trending
Collectionshttps://github.com/collections
Enterprise platformAI-powered developer platformhttps://github.com/enterprise
GitHub Advanced SecurityEnterprise-grade security featureshttps://github.com/security/advanced-security
Copilot for BusinessEnterprise-grade AI featureshttps://github.com/features/copilot/copilot-business
Premium SupportEnterprise-grade 24/7 supporthttps://github.com/premium-support
Pricinghttps://github.com/pricing
Search syntax tipshttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
documentationhttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
Sign in https://patch-diff.githubusercontent.com/login?return_to=https%3A%2F%2Fgithub.com%2Flabssec%2FAPTnotes
Sign up https://patch-diff.githubusercontent.com/signup?ref_cta=Sign+up&ref_loc=header+logged+out&ref_page=%2F%3Cuser-name%3E%2F%3Crepo-name%3E&source=header-repo&source_repo=labssec%2FAPTnotes
Reloadhttps://patch-diff.githubusercontent.com/labssec/APTnotes
Reloadhttps://patch-diff.githubusercontent.com/labssec/APTnotes
Reloadhttps://patch-diff.githubusercontent.com/labssec/APTnotes
labssec https://patch-diff.githubusercontent.com/labssec
APTnoteshttps://patch-diff.githubusercontent.com/labssec/APTnotes
kbandla/APTnoteshttps://patch-diff.githubusercontent.com/kbandla/APTnotes
Notifications https://patch-diff.githubusercontent.com/login?return_to=%2Flabssec%2FAPTnotes
Fork 0 https://patch-diff.githubusercontent.com/login?return_to=%2Flabssec%2FAPTnotes
Star 0 https://patch-diff.githubusercontent.com/login?return_to=%2Flabssec%2FAPTnotes
0 stars https://patch-diff.githubusercontent.com/labssec/APTnotes/stargazers
884 forks https://patch-diff.githubusercontent.com/labssec/APTnotes/forks
Branches https://patch-diff.githubusercontent.com/labssec/APTnotes/branches
Tags https://patch-diff.githubusercontent.com/labssec/APTnotes/tags
Activity https://patch-diff.githubusercontent.com/labssec/APTnotes/activity
Star https://patch-diff.githubusercontent.com/login?return_to=%2Flabssec%2FAPTnotes
Notifications https://patch-diff.githubusercontent.com/login?return_to=%2Flabssec%2FAPTnotes
Code https://patch-diff.githubusercontent.com/labssec/APTnotes
Pull requests 0 https://patch-diff.githubusercontent.com/labssec/APTnotes/pulls
Actions https://patch-diff.githubusercontent.com/labssec/APTnotes/actions
Projects 0 https://patch-diff.githubusercontent.com/labssec/APTnotes/projects
Wiki https://patch-diff.githubusercontent.com/labssec/APTnotes/wiki
Security Uh oh! There was an error while loading. Please reload this page. https://patch-diff.githubusercontent.com/labssec/APTnotes/security
Please reload this pagehttps://patch-diff.githubusercontent.com/labssec/APTnotes
Insights https://patch-diff.githubusercontent.com/labssec/APTnotes/pulse
Code https://patch-diff.githubusercontent.com/labssec/APTnotes
Pull requests https://patch-diff.githubusercontent.com/labssec/APTnotes/pulls
Actions https://patch-diff.githubusercontent.com/labssec/APTnotes/actions
Projects https://patch-diff.githubusercontent.com/labssec/APTnotes/projects
Wiki https://patch-diff.githubusercontent.com/labssec/APTnotes/wiki
Security https://patch-diff.githubusercontent.com/labssec/APTnotes/security
Insights https://patch-diff.githubusercontent.com/labssec/APTnotes/pulse
Brancheshttps://patch-diff.githubusercontent.com/labssec/APTnotes/branches
Tagshttps://patch-diff.githubusercontent.com/labssec/APTnotes/tags
https://patch-diff.githubusercontent.com/labssec/APTnotes/branches
https://patch-diff.githubusercontent.com/labssec/APTnotes/tags
389 Commitshttps://patch-diff.githubusercontent.com/labssec/APTnotes/commits/master/
https://patch-diff.githubusercontent.com/labssec/APTnotes/commits/master/
2008https://patch-diff.githubusercontent.com/labssec/APTnotes/tree/master/2008
2008https://patch-diff.githubusercontent.com/labssec/APTnotes/tree/master/2008
2009https://patch-diff.githubusercontent.com/labssec/APTnotes/tree/master/2009
2009https://patch-diff.githubusercontent.com/labssec/APTnotes/tree/master/2009
2010https://patch-diff.githubusercontent.com/labssec/APTnotes/tree/master/2010
2010https://patch-diff.githubusercontent.com/labssec/APTnotes/tree/master/2010
2011https://patch-diff.githubusercontent.com/labssec/APTnotes/tree/master/2011
2011https://patch-diff.githubusercontent.com/labssec/APTnotes/tree/master/2011
2012https://patch-diff.githubusercontent.com/labssec/APTnotes/tree/master/2012
2012https://patch-diff.githubusercontent.com/labssec/APTnotes/tree/master/2012
2013https://patch-diff.githubusercontent.com/labssec/APTnotes/tree/master/2013
2013https://patch-diff.githubusercontent.com/labssec/APTnotes/tree/master/2013
2014https://patch-diff.githubusercontent.com/labssec/APTnotes/tree/master/2014
2014https://patch-diff.githubusercontent.com/labssec/APTnotes/tree/master/2014
2015https://patch-diff.githubusercontent.com/labssec/APTnotes/tree/master/2015
2015https://patch-diff.githubusercontent.com/labssec/APTnotes/tree/master/2015
2016https://patch-diff.githubusercontent.com/labssec/APTnotes/tree/master/2016
2016https://patch-diff.githubusercontent.com/labssec/APTnotes/tree/master/2016
docshttps://patch-diff.githubusercontent.com/labssec/APTnotes/tree/master/docs
docshttps://patch-diff.githubusercontent.com/labssec/APTnotes/tree/master/docs
historicalhttps://patch-diff.githubusercontent.com/labssec/APTnotes/tree/master/historical
historicalhttps://patch-diff.githubusercontent.com/labssec/APTnotes/tree/master/historical
.gitignorehttps://patch-diff.githubusercontent.com/labssec/APTnotes/blob/master/.gitignore
.gitignorehttps://patch-diff.githubusercontent.com/labssec/APTnotes/blob/master/.gitignore
APTnotes_summary.csvhttps://patch-diff.githubusercontent.com/labssec/APTnotes/blob/master/APTnotes_summary.csv
APTnotes_summary.csvhttps://patch-diff.githubusercontent.com/labssec/APTnotes/blob/master/APTnotes_summary.csv
README.mdhttps://patch-diff.githubusercontent.com/labssec/APTnotes/blob/master/README.md
README.mdhttps://patch-diff.githubusercontent.com/labssec/APTnotes/blob/master/README.md
contributors.mdhttps://patch-diff.githubusercontent.com/labssec/APTnotes/blob/master/contributors.md
contributors.mdhttps://patch-diff.githubusercontent.com/labssec/APTnotes/blob/master/contributors.md
papers.mdhttps://patch-diff.githubusercontent.com/labssec/APTnotes/blob/master/papers.md
papers.mdhttps://patch-diff.githubusercontent.com/labssec/APTnotes/blob/master/papers.md
READMEhttps://patch-diff.githubusercontent.com/labssec/APTnotes
https://patch-diff.githubusercontent.com/labssec/APTnotes#apt-notes
https://github.com/aptnotes/datahttps://github.com/aptnotes/data
https://gitter.im/kbandla/APTnotes?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge
https://patch-diff.githubusercontent.com/labssec/APTnotes#contributing
Readabilityhttps://readability.com/
Clearlyhttps://evernote.com/clearly/
contributorshttps://github.com/kbandla/APTnotes/blob/master/contributors.md
https://patch-diff.githubusercontent.com/labssec/APTnotes#papers
papershttps://github.com/kbandla/APTnotes/blob/master/papers.md
https://patch-diff.githubusercontent.com/labssec/APTnotes#2015
APT28 Under the Scope - A Journey into Exfiltrating Intelligence and Government Informationhttp://download.bitdefender.com/resources/media/materials/white-papers/en/Bitdefender_In-depth_analysis_of_APT28%E2%80%93The_Political_Cyber-Espionage.pdf
Packrat: Seven Years of a South American Threat Actorhttps://citizenlab.org/2015/12/packrat-report/
Iran-based attackers use back door threats to spy on Middle Eastern targetshttp://www.symantec.com/connect/blogs/iran-based-attackers-use-back-door-threats-spy-middle-eastern-targets
Financial Threat Group Targets Volume Boot Recordhttps://www.fireeye.com/blog/threat-research/2015/12/fin1-targets-boot-record.html
China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outletshttps://www.fireeye.com/blog/threat-research/2015/11/china-based-threat.html
Attack Campaign on the Government of Thailand Delivers Bookworm Trojanhttp://researchcenter.paloaltonetworks.com/2015/11/attack-campaign-on-the-government-of-thailand-delivers-bookworm-trojan/
Sakula Reloadedhttp://www.crowdstrike.com/blog/sakula-reloaded/
WitchCoven: Exploiting Web Analytics to Ensnare Victimshttps://www2.fireeye.com/rs/848-DID-242/images/rpt-witchcoven.pdf
Bookworm Trojan: A Model of Modular Architecturehttp://researchcenter.paloaltonetworks.com/2015/11/bookworm-trojan-a-model-of-modular-architecture/
Rocket Kitten: A Campaign With 9 Liveshttp://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdf
Targeted Malware Attacks against NGO Linked to Attacks on Burmese Government Websiteshttps://citizenlab.org/2015/10/targeted-attacks-ngo-burma/
Project Camerashy: Closing The Aperture On China's Unit 78020https://www.threatconnect.com/camerashy/
The Dukes: 7 Years of Russian Espionagehttps://www.f-secure.com/documents/996508/1030745/dukes_whitepaper.pdf
Operation Iron Tigerhttp://newsroom.trendmicro.com/blog/operation-iron-tiger-attackers-shift-east-asia-united-states
Targeted Attack Distributes PlugX in Russiahttps://www.proofpoint.com/us/threat-insight/post/PlugX-in-Russia
Satellite Turla: APT Command and Control in the Skyhttps://securelist.com/blog/research/72081/satellite-turla-apt-command-and-control-in-the-sky/
The Spy Kittens Are Back: Rocket Kitten 2https://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-the-spy-kittens-are-back.pdf
PlugX Threat Activity in Myanmarhttp://pages.arbornetworks.com/rs/082-KNA-087/images/ASERT%20Threat%20Intelligence%20Brief%202015-05%20PlugX%20Threat%20Activity%20in%20Myanmar.pdf
New activity of the Blue Termite APThttps://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/
New Internet Explorer zero-day exploited in Hong Kong attackshttp://www.symantec.com/connect/blogs/new-internet-explorer-zero-day-exploited-hong-kong-attacks
Poison Ivy and Links to an Extended PlugX Campaignhttp://www.cyintanalysis.com/threat-analysis-poison-ivy-and-links-to-an-extended-plugx-campaign/
Threat Group-3390 Targets Organizations for Cyberespionagehttp://www.secureworks.com/cyber-threat-intelligence/threats/threat-group-3390-targets-organizations-for-cyberespionage/
Terracotta VPN: Enabler of Advanced Threat Anonymityhttps://blogs.rsa.com/terracotta-vpn-enabler-of-advanced-threat-anonymity/
Operation Potao Expresshttp://www.welivesecurity.com/2015/07/30/operation-potao-express/
IOChttps://github.com/eset/malware-ioc/tree/master/potao
Black Vine: Formidable cyberespionage group targeted aerospace, healthcare since 2012http://www.symantec.com/connect/blogs/black-vine-formidable-cyberespionage-group-targeted-aerospace-healthcare-2012
HAMMERTOSS: Stealthy Tactics Define a Russian Cyber Threat Grouphttps://www.fireeye.com/blog/threat-research/2015/07/hammertoss_stealthy.html
PoisonIvy adapts to communicate through Authentication Proxieshttp://blog.jpcert.or.jp/2015/07/poisonivy-adapts-to-communicate-through-authentication-proxies.html
Duke APT group's latest tools: cloud services and Linux supporthttps://www.f-secure.com/weblog/archives/00002822.html
China Hacks the Peace Palace: All Your EEZ’s Are Belong to Ushttp://www.threatconnect.com/news/china-hacks-the-peace-palace-all-your-eezs-are-belong-to-us/
Watering Hole Attack on Aerospace Firm Exploits CVE-2015-5122 to Install IsSpace Backdoorhttp://researchcenter.paloaltonetworks.com/2015/07/watering-hole-attack-on-aerospace-firm-exploits-cve-2015-5122-to-install-isspace-backdoor/
Tracking MiniDionis: CozyCar’s New Ride Is Related to Seadukehttp://researchcenter.paloaltonetworks.com/2015/07/tracking-minidionis-cozycars-new-ride-is-related-to-seaduke/
"Forkmeiamfamous": Seaduke, latest weapon in the Duke armoryhttp://www.symantec.com/connect/blogs/forkmeiamfamous-seaduke-latest-weapon-duke-armory
Butterfly: Corporate spies out for financial gainhttp://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/butterfly-corporate-spies-out-for-financial-gain.pdf
Wild Neutron – Economic espionage threat actor returns with new trickshttps://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/
APT Group Wekby Leveraging Adobe Flash Exploit CVE-2015-5119http://www.volexity.com/blog/?p=158
Dino – the latest spying malware from an allegedly French espionage group analyzedhttp://www.welivesecurity.com/2015/06/30/dino-spying-malware-analyzed
APT on Taiwan - insight into advances of adversary TTPshttp://blog.dragonthreatlabs.com/2015/07/dtl-06282015-01-apt-on-taiwan-insight.html
Operation Clandestine Wolf – Adobe Flash Zero-Day in APT3 Phishing Campaignhttps://www.fireeye.com/blog/threat-research/2015/06/operation-clandestine-wolf-adobe-flash-zero-day.html
UnFIN4ished Business (FIN4)http://pwc.blogs.com/cyber_security_updates/2015/06/unfin4ished-business.html
Winnti targeting pharmaceutical companieshttps://securelist.com/blog/research/70991/games-are-over/
Operation Lotus Bloomhttps://www.paloaltonetworks.com/resources/research/unit42-operation-lotus-blossom.html
Targeted Attacks against Tibetan and Hong Kong Groups Exploiting CVE-2014-4114https://citizenlab.org/2015/06/targeted-attacks-against-tibetan-and-hong-kong-groups-exploiting-cve-2014-4114/
Afghan Government Compromise: Browser Bewarehttp://www.volexity.com/blog/?p=134
The_Mystery_of_Duqu_2_0https://securelist.com/files/2015/06/The_Mystery_of_Duqu_2_0_a_sophisticated_cyberespionage_actor_returns.pdf
IOChttps://securelist.com/files/2015/06/7c6ce6b6-fee1-4b7b-b5b5-adaff0d8022f.ioc
Yarahttps://securelist.com/files/2015/06/Duqu_2_Yara_rules.pdf
Crysys Lab - Duqu 2.0http://blog.crysys.hu/2015/06/duqu-2-0/
Blue Thermite targeting Japan (CloudyOmega)http://internet.watch.impress.co.jp/docs/news/20150604_705541.html
Thamar Reservoirhttp://www.clearskysec.com/thamar-reservoir/
OceanLotusReporthttp://blogs.360.cn/blog/oceanlotus-apt/
Grabit and the RATshttps://securelist.com/blog/research/70087/grabit-and-the-rats/
Analysis On Apt-To-Be Attack That Focusing On China's Government Agency'http://www.antiy.net/p/analysis-on-apt-to-be-attack-that-focusing-on-chinas-government-agency/
Dissecting-Linux/Moosehttp://www.welivesecurity.com/wp-content/uploads/2015/05/Dissecting-LinuxMoose.pdf
The Naikon APT and the MsnMM Campaignshttps://securelist.com/blog/research/70029/the-naikon-apt-and-the-msnmm-campaigns/
Operation 'Oil Tanker'http://www.pandasecurity.com/mediacenter/src/uploads/2015/05/oil-tanker-en.pdf
Cmstar Downloader: Lurid and Enfal’s New Cousinhttp://researchcenter.paloaltonetworks.com/2015/05/cmstar-downloader-lurid-and-enfals-new-cousin/
Operation Tropic Trooperhttp://blog.trendmicro.com/trendlabs-security-intelligence/operation-tropic-trooper-old-vulnerabilities-still-pack-a-punch/
The Naikon APThttps://securelist.com/analysis/publications/69953/the-naikon-apt/
SPEAR: A Threat Actor Resurfaceshttp://blog.cylance.com/spear-a-threat-actor-resurfaces
root9B Uncovers Planned Sofacy Cyber Attack Targeting Several International and Domestic Financial Institutionshttp://www.prnewswire.com/news-releases/root9b-uncovers-planned-sofacy-cyber-attack-targeting-several-international-and-domestic-financial-institutions-300081634.html
Dissecting the Krakenhttps://blog.gdatasoftware.com/blog/article/dissecting-the-kraken.html
Attacks against Israeli & Palestinian interestshttp://pwc.blogs.com/cyber_security_updates/2015/04/attacks-against-israeli-palestinian-interests.html
CozyDukehttps://www.f-secure.com/documents/996508/1030745/CozyDuke
The CozyDuke APThttp://securelist.com/blog/69731/the-cozyduke-apt
Sofacy II – Same Sofacy, Different Dayhttp://pwc.blogs.com/cyber_security_updates/2015/04/the-sofacy-plot-thickens.html
Operation RussianDoll: Adobe & Windows Zero-Day Exploits Likely Leveraged by Russia’s APT28 in Highly-Targeted Attackhttps://www.fireeye.com/blog/threat-research/2015/04/probable_apt28_useo.html
Operation Pawn Storm Ramps Up its Activities; Targets NATO, White Househttp://blog.trendmicro.com/trendlabs-security-intelligence/operation-pawn-storm-ramps-up-its-activities-targets-nato-white-house
The Chronicles of the Hellsing APT: the Empire Strikes Backhttp://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsing-apt-the-empire-strikes-back/
APT 30 and the Mechanics of a Long-Running Cyber Espionage Operationhttps://www.fireeye.com/blog/threat-research/2015/04/apt_30_and_the_mecha.html
Volatile Cedar – Analysis of a Global Cyber Espionage Campaignhttp://blog.checkpoint.com/2015/03/31/volatilecedar/
Rocket Kitten Showing Its Claws: Operation Woolen-GoldFish and the GHOLE campaignhttp://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/operation-woolen-goldfish-when-kittens-go-phishing
Inside the EquationDrug Espionage Platformhttp://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/
Tibetan Uprising Day Malware Attackshttps://citizenlab.org/2015/03/tibetan-uprising-day-malware-attacks/
Is Babar a Bunny?https://www.f-secure.com/weblog/archives/00002794.html
Animals in the APT Farmhttp://securelist.com/blog/research/69114/animals-in-the-apt-farm/
Casper Malware: After Babar and Bunny, Another Espionage Cartoonhttp://www.welivesecurity.com/2015/03/05/casper-malware-babar-bunny-another-espionage-cartoon
A deeper look into Scanboxhttp://pwc.blogs.com/cyber_security_updates/2015/02/a-deeper-look-into-scanbox.html
The Anthem Hack: All Roads Lead to Chinahttp://www.threatconnect.com/news/the-anthem-hack-all-roads-lead-to-china/
Southeast Asia: An Evolving Cyber Threat Landscapehttps://www.fireeye.com/content/dam/fireeye-www/current-threats/pdfs/rpt-southeast-asia-threat-landscape.pdf
PlugX goes to the registry (and India)http://blogs.sophos.com/2015/02/25/sophoslabs-research-uncovers-new-developments-in-plugx-apt-malware/
Babar: espionage software finally found and put under the microscopehttps://blog.gdatasoftware.com/blog/article/babar-espionage-software-finally-found-and-put-under-the-microscope.html
Shooting Elephantshttps://drive.google.com/file/d/0B9Mrr-en8FX4dzJqLWhDblhseTA/view
Desert Falcons APThttps://securelist.com/blog/research/68817/the-desert-falcons-targeted-attacks/
A Fanny Equation: "I am your father, Stuxnet"http://securelist.com/blog/research/68787/a-fanny-equation-i-am-your-father-stuxnet/
Operation Arid Viperhttp://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/operation-arid-viper-bypassing-the-iron-dome
The Carbanak APThttps://securelist.com/blog/research/68732/the-great-bank-robbery-the-carbanak-apt/
Equation: The Death Star of Malware Galaxyhttps://securelist.com/blog/research/68750/equation-the-death-star-of-malware-galaxy/
CrowdStrike Global Threat Intel Report for 2014http://go.crowdstrike.com/rs/281-OBQ-266/images/ReportGlobalThreatIntelligence.pdf
Pawn Storm Update: iOS Espionage App Foundhttp://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-update-ios-espionage-app-found/
Behind the Syrian Conflict’s Digital Frontlineshttps://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-behind-the-syria-conflict.pdf
Analysis of PlugX Variant - P2P PlugX http://blog.jpcert.or.jp/.s/2015/01/analysis-of-a-r-ff05.html
Backdoor.Winnti attackers and Trojan.Skelkyhttp://www.symantec.com/connect/blogs/backdoorwinnti-attackers-have-skeleton-their-closet
Comparing the Regin module 50251 and the "Qwerty" keyloggerhttp://securelist.com/blog/research/68525/comparing-the-regin-module-50251-and-the-qwerty-keylogger/
Regin's Hopscotch and Legspinhttp://securelist.com/blog/research/68438/an-analysis-of-regins-hopscotch-and-legspin/
Scarab attackers Russian targetshttp://www.symantec.com/connect/blogs/scarab-attackers-took-aim-select-russian-targets-2012
IOCshttp://www.symantec.com/content/en/us/enterprise/media/security_response/docs/Scarab_IOCs_January_2015.txt
The Waterbug attack grouphttp://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/waterbug-attack-group.pdf
Reversing the Inception APT malwarehttps://www.bluecoat.com/security-blog/2015-01-20/reversing-inception-apt-malware
Analysis of Project Cobrahttps://blog.gdatasoftware.com/blog/article/analysis-of-project-cobra.html
Evolution of Agent.BTZ to ComRAThttps://blog.gdatasoftware.com/blog/article/evolution-of-sophisticated-spyware-from-agentbtz-to-comrat.html
Skeleton Key Malware Analysishttp://www.secureworks.com/cyber-threat-intelligence/threats/skeleton-key-malware-analysis/
Hong Kong SWC attackhttp://blog.dragonthreatlabs.com/2015/01/dtl-12012015-01-hong-kong-swc-attack.html
https://patch-diff.githubusercontent.com/labssec/APTnotes#2014
Anunak: APT against financial institutionshttp://www.group-ib.com/files/Anunak_APT_against_financial_institutions.pdf
Operation Poisoned Helmandhttp://www.threatconnect.com/news/operation-poisoned-helmand/
TA14-353A: Targeted Destructive Malware (wiper)https://www.us-cert.gov/ncas/alerts/TA14-353A
Malware Attack Targeting Syrian ISIS Criticshttps://citizenlab.org/2014/12/malware-attack-targeting-syrian-isis-critics/
Wiper Malware – A Detection Deep Divehttp://blogs.cisco.com/security/talos/wiper-malware
Bots, Machines, and the Matrixhttp://www.fidelissecurity.com/sites/default/files/FTA_1014_Bots_Machines_and_the_Matrix.pdf
Vinself now with steganographyhttp://blog.cybersecurity-airbusds.com/post/2014/12/Vinself
South Korea MBR Wiperhttp://asec.ahnlab.com/1015
W64/Regin, Stage #1https://www.f-secure.com/documents/996508/1030745/w64_regin_stage_1.pdf
W32/Regin, Stage #1https://www.f-secure.com/documents/996508/1030745/w32_regin_stage_1.pdf
Cloud Atlas: RedOctober APThttp://securelist.com/blog/research/68083/cloud-atlas-redoctober-apt-is-back-in-style/
The Inception Frameworkhttps://www.bluecoat.com/security-blog/2014-12-09/blue-coat-exposes-%E2%80%9C-inception-framework%E2%80%9D-very-sophisticated-layered-malware
The 'Penquin' Turlahttp://securelist.com/blog/research/67962/the-penquin-turla-2/
Operation Cleaver: The Notepad Fileshttp://blog.cylance.com/operation-cleaver-the-notepad-files
Operation Cleaverhttp://www.cylance.com/operation-cleaver/
IOCshttp://www.cylance.com/assets/Cleaver/cleaver.yar
FIN4: Stealing Insider Information for an Advantage in Stock Trading?https://www.fireeye.com/blog/threat-research/2014/11/fin4_stealing_insid.html
Deep Panda Uses Sakula Malwarehttp://blog.crowdstrike.com/ironman-deep-panda-uses-sakula-malware-target-organizations-multiple-sectors/
https://firstlook.org/theintercept/2014/11/24/secret-regin-malware-belgacom-nsa-gchq/https://firstlook.org/theintercept/2014/11/24/secret-regin-malware-belgacom-nsa-gchq/
Kaspersky's report on The Regin Platformhttp://securelist.com/blog/research/67741/regin-nation-state-ownage-of-gsm-networks/
Symantec's report on Reginhttp://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance
Operation Double Taphttps://www.fireeye.com/blog/threat-research/2014/11/operation_doubletap.html
IOCshttps://github.com/fireeye/iocs/tree/master/APT3
EvilBunny: Suspect #4http://0x1338.blogspot.co.uk/2014/11/hunting-bunnies.html
Roaming Tiger (Slides)http://2014.zeronights.ru/assets/files/slides/roaming_tiger_zeronights_2014.pdf
OnionDuke: APT Attacks Via the Tor Networkhttp://www.f-secure.com/weblog/archives/00002764.html
Operation CloudyOmega: Ichitaro 0-day targeting Japanhttp://www.symantec.com/connect/blogs/operation-cloudyomega-ichitaro-zero-day-and-ongoing-cyberespionage-campaign-targeting-japan
Korplug military targeted attacks: Afghanistan & Tajikistanhttp://www.welivesecurity.com/2014/11/12/korplug-military-targeted-attacks-afghanistan-tajikistan/
The Uroburos case- Agent.BTZ’s successor, ComRAThttp://blog.gdatasoftware.com/blog/article/the-uroburos-case-new-sophisticated-rat-identified.html
The Darkhotel APT - A Story of Unusual Hospitalityhttps://securelist.com/blog/research/66779/the-darkhotel-apt/
Operation Poisoned Handover: Unveiling Ties Between APT Activity in Hong Kong’s Pro-Democracy Movementhttp://www.fireeye.com/blog/technical/2014/11/operation-poisoned-handover-unveiling-ties-between-apt-activity-in-hong-kongs-pro-democracy-movement.html
New observations on BlackEnergy2 APT activityhttps://securelist.com/blog/research/67353/be2-custom-plugins-router-abuse-and-target-profiles/
Operation TooHashhttps://blog.gdatasoftware.com/blog/article/operation-toohash-how-targeted-attacks-work.html
The Rotten Tomato Campaignhttp://blogs.sophos.com/2014/10/30/the-rotten-tomato-campaign-new-sophoslabs-research-on-apts/
Group 72, Opening the ZxShellhttp://blogs.cisco.com/talos/opening-zxshell/
APT28 - A Window Into Russia's Cyber Espionage Operationshttps://www.fireeye.com/resources/pdfs/apt28.pdf
Micro-Targeted Malvertising via Real-time Ad Biddinghttp://www.invincea.com/wp-content/uploads/2014/10/Micro-Targeted-Malvertising-WP-10-27-14-1.pdf
ScanBox framework – who’s affected, and who’s using it?http://pwc.blogs.com/cyber_security_updates/2014/10/scanbox-framework-whos-affected-and-whos-using-it-1.html
Full Disclosure of Havex Trojans - ICS Havex backdoorshttp://www.netresec.com/?page=Blog&month=2014-10&post=Full-Disclosure-of-Havex-Trojans
LeoUncia and OrcaRathttp://blog.airbuscybersecurity.com/post/2014/10/LeoUncia-and-OrcaRat
Modified Tor Binarieshttp://www.leviathansecurity.com/blog/the-case-of-the-modified-binaries/
Sofacy Phishing by PWChttp://pwc.blogs.com/files/tactical-intelligence-bulletin---sofacy-phishing-.pdf
Operation Pawn Storm: The Red in SEDNIThttp://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-operation-pawn-storm.pdf
OrcaRAT - A whale of a talehttp://pwc.blogs.com/cyber_security_updates/2014/10/orcarat-a-whale-of-a-tale.html
Sandworm - CVE-2104-4114http://www.isightpartners.com/2014/10/cve-2014-4114/
Group 72 (Axiom)http://blogs.cisco.com/security/talos/threat-spotlight-group-72/
Derusbi Preliminary Analysishttp://www.novetta.com/wp-content/uploads/2014/11/Derusbi.pdf
Hikit Preliminary Analysishttp://www.novetta.com/wp-content/uploads/2014/11/HiKit.pdf
ZoxPNG Preliminary Analysishttp://www.novetta.com/wp-content/uploads/2014/11/ZoxPNG.pdf
Democracy in Hong Kong Under Attackhttp://www.volexity.com/blog/?p=33
New indicators for APT group Nitrohttp://researchcenter.paloaltonetworks.com/2014/10/new-indicators-compromise-apt-group-nitro-uncovered/
BlackEnergy & Quedaghhttps://www.f-secure.com/documents/996508/1030745/blackenergy_whitepaper.pdf
Aided Frame, Aided Direction (Sunshop Digital Quartermaster)http://www.fireeye.com/blog/technical/2014/09/aided-frame-aided-direction-because-its-a-redirect.html
Ukraine and Poland Targeted by BlackEnergy (video)https://www.youtube.com/watch?v=I77CGqQvPE4
Watering Hole Attacks using Poison Ivy by "th3bug" grouphttp://researchcenter.paloaltonetworks.com/2014/09/recent-watering-hole-attacks-attributed-apt-group-th3bug-using-poison-ivy/
COSMICDUKE: Cosmu with a twist of MiniDukehttp://www.f-secure.com/documents/996508/1030745/cosmicduke_whitepaper.pdf
Chinese intrusions into key defense contractorshttp://www.armed-services.senate.gov/press-releases/sasc-investigation-finds-chinese-intrusions-into-key-defense-contractors
Operation Quantum Entanglementhttp://www.fireeye.com/resources/pdfs/white-papers/fireeye-operation-quantum-entanglement.pdf
When Governments Hack Opponents: A Look at Actors and Technologyhttps://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-marczak.pdf
videohttps://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/marczak
Targeted Threat Index: Characterizingand Quantifying Politically-MotivatedTargeted Malwarehttps://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-hardy.pdf
videohttps://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/hardy
Gholee – a “Protective Edge” themed spear phishing campaignhttp://www.clearskysec.com/gholee-a-protective-edge-themed-spear-phishing-campaign/
Forced to Adapt: XSLCmd Backdoor Now on OS Xhttp://www.fireeye.com/blog/technical/malware-research/2014/09/forced-to-adapt-xslcmd-backdoor-now-on-os-x.html
Darwin’s Favorite APT Group (APT12)http://www.fireeye.com/blog/technical/botnet-activities-research/2014/09/darwins-favorite-apt-group-2.html
Syrian Malware Team Uses BlackWorm for Attackshttp://www.fireeye.com/blog/technical/2014/08/connecting-the-dots-syrian-malware-team-uses-blackworm-for-attacks.html
Scanbox: A Reconnaissance Framework Used with Watering Hole Attackshttps://www.alienvault.com/open-threat-exchange/blog/scanbox-a-reconnaissance-framework-used-on-watering-hole-attacks
North Korea’s cyber threat landscapehttp://h30499.www3.hp.com/hpeb/attachments/hpeb/off-by-on-software-security-blog/388/2/HPSR%20SecurityBriefing_Episode16_NorthKorea.pdf
NetTraveler APT Gets a Makeover for 10th Birthdayhttps://securelist.com/blog/research/66272/nettraveler-apt-gets-a-makeover-for-10th-birthday/
Vietnam APT Campaignhttp://blog.malwaremustdie.org/2014/08/another-country-sponsored-malware.html
El Machetehttps://securelist.com/blog/research/66108/el-machete/
The Syrian Malware House of Cardshttps://securelist.com/blog/research/66051/the-syrian-malware-house-of-cards/
A Look at Targeted Attacks Through the Lense of an NGOhttp://www.mpi-sws.org/~stevens/pubs/sec14.pdf
New York Times Attackers Evolve Quickly (Aumlib/Ixeshe/APT12)http://www.fireeye.com/blog/technical/2013/08/survival-of-the-fittest-new-york-times-attackers-evolve-quickly.html
The Epic Turla Operation Appendixhttps://securelist.com/files/2014/08/KL_Epic_Turla_Technical_Appendix_20140806.pdf
Operation Poisoned Hurricanehttp://www.fireeye.com/blog/technical/targeted-attack/2014/08/operation-poisoned-hurricane.html
Operation Arachnophobiahttp://threatc.s3-website-us-east-1.amazonaws.com/?/arachnophobia
Sidewinder Targeted Attack Against Androidhttp://www.fireeye.com/resources/pdfs/fireeye-sidewinder-targeted-attack.pdf
Energetic Bear/Crouching Yeti Appendixhttp://25zbkz3k00wn2tp5092n6di7b5k.wpengine.netdna-cdn.com/files/2014/07/Kaspersky_Lab_crouching_yeti_appendixes_eng_final.pdf
Energetic Bear/Crouching Yetihttps://kasperskycontenthub.com/securelist/files/2014/07/EB-YetiJuly2014-Public.pdf
Sayad (Flying Kitten) Analysis & IOCshttp://vinsula.com/2014/07/20/sayad-flying-kitten-infostealer-malware/
Pitty Tigerhttp://bitbucket.cassidiancybersecurity.com/whitepapers/downloads/Pitty%20Tiger%20Final%20Report.pdf
TR-25 Analysis - Turla / Pfinet / Snake/ Uroburoshttp://www.circl.lu/pub/tr-25/
Deep Pandashttp://blog.crowdstrike.com/deep-thought-chinese-targeting-national-security-think-tanks/
Anatomy of the Attack: Zombie Zerohttp://www.trapx.com/wp-content/uploads/2014/07/TrapX_ZOMBIE_Report_Final.pdf
Dragonfly: Cyberespionage Attacks Against Energy Suppliershttp://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/Dragonfly_Threat_Against_Western_Energy_Suppliers.pdf
Embassy of Greece Beijinghttp://thegoldenmessenger.blogspot.de/2014/06/blitzanalysis-embassy-of-greece-beijing.html
Putter Pandahttp://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf
Illuminating The Etumbot APT Backdoor (APT12)http://www.arbornetworks.com/asert/wp-content/uploads/2014/06/ASERT-Threat-Intelligence-Brief-2014-07-Illuminating-Etumbot-APT.pdf
Molerats, Here for Spring!https://www.fireeye.com/blog/threat-research/2014/06/molerats-here-for-spring.html
RAT in jar: A phishing campaign using Unrecomhttp://www.fidelissecurity.com/sites/default/files/FTA_1013_RAT_in_a_jar.pdf
Miniduke Twitter C&Chttp://www.welivesecurity.com/2014/05/20/miniduke-still-duking/
CrowdStrike's report on Flying Kittenhttp://blog.crowdstrike.com/cat-scratch-fever-crowdstrike-tracks-newly-reported-iranian-actor-flying-kitten/
Operation Saffron Rose (aka Flying Kitten)http://www.fireeye.com/resources/pdfs/fireeye-operation-saffron-rose.pdf
Targeted Attacks, Stolen Certificates, and the Shiqiang Ganghttps://blogs.mcafee.com/mcafee-labs/stolen-certificates-shiqiang-gang/
CVE-2014-1776: Operation Clandestine Foxhttps://www.fireeye.com/blog/threat-research/2014/05/operation-clandestine-fox-now-attacking-windows-xp-using-recently-discovered-ie-vulnerability.html
Russian spyware Turlahttp://www.reuters.com/article/2014/03/07/us-russia-cyberespionage-insight-idUSBREA260YI20140307
Snake Campaign & Cyber Espionage Toolkithttp://info.baesystemsdetica.com/rs/baesystems/images/snake_whitepaper.pdf
The Siesta Campaignhttp://blog.trendmicro.com/trendlabs-security-intelligence/the-siesta-campaign-a-new-targeted-attack-awakens/
Uroburos: Highly complex espionage software with Russian rootshttps://public.gdatasoftware.com/Web/Content/INT/Blog/2014/02_2014/documents/GData_Uroburos_RedPaper_EN_v1.pdf
Gathering in the Middle East, Operation STTEAMhttp://www.fidelissecurity.com/sites/default/files/FTA%201012%20STTEAM%20Final.pdf
Mo' Shells Mo' Problems - Deep Panda Web Shellshttp://www.crowdstrike.com/blog/mo-shells-mo-problems-deep-panda-web-shells/
Operation GreedyWonk: Multiple Economic and Foreign Policy Sites Compromised, Serving Up Flash Zero-Day Exploithttp://www.fireeye.com/blog/technical/targeted-attack/2014/02/operation-greedywonk-multiple-economic-and-foreign-policy-sites-compromised-serving-up-flash-zero-day-exploit.html
XtremeRAT: Nuisance or Threat?http://www.fireeye.com/blog/technical/2014/02/xtremerat-nuisance-or-threat.html
The Monju Incidenthttp://contextis.com/resources/blog/context-threat-intelligence-monju-incident/
Operation SnowMan: DeputyDog Actor Compromises US Veterans of Foreign Wars Websitehttp://www.fireeye.com/blog/technical/cyber-exploits/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html
Unveiling "Careto" - The Masked APThttp://www.securelist.com/en/downloads/vlpdfs/unveilingthemask_v1.0.pdf
Intruder File Report- Sneakernet Trojanhttp://www.fidelissecurity.com/sites/default/files/FTA%201011%20Follow%20UP.pdf
Shell_Crew (Deep Panda)http://www.emc.com/collateral/white-papers/h12756-wp-shell-crew.pdf
“New'CDTO:'A'Sneakernet'Trojan'Solutionhttp://www.fidelissecurity.com/sites/default/files/FTA%201001%20FINAL%201.15.14.pdf
The Icefog APT Hits US Targets With Java Backdoorhttps://www.securelist.com/en/blog/208214213/The_Icefog_APT_Hits_US_Targets_With_Java_Backdoor
Targeted attacks against the Energy Sectorhttp://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/targeted_attacks_against_the_energy_sector.pdf
PlugX: some uncovered pointshttp://blog.cassidiancybersecurity.com/2014/01/plugx-some-uncovered-points.html
https://patch-diff.githubusercontent.com/labssec/APTnotes#2013
Detecting and Defeating the China Chopper Web Shellhttp://www.fireeye.com/resources/pdfs/fireeye-china-chopper-report.pdf
Deep Pandahttp://www.crowdstrike.com/sites/default/files/AdversaryIntelligenceReport_DeepPanda_0.pdf
ETSO APT Attacks Analysishttp://image.ahnlab.com/global/upload/download/documents/1401223631603288.pdf
Operation "Ke3chang"http://www.fireeye.com/resources/pdfs/fireeye-operation-ke3chang.pdf
njRAT, The Saga Continueshttp://www.fidelissecurity.com/files/files/FTA%201010%20-%20njRAT%20The%20Saga%20Continues.pdf
Supply Chain Analysishttp://www.fireeye.com/resources/pdfs/fireeye-malware-supply-chain.pdf
Operation Ephemeral Hydra: IE Zero-Day Linked to DeputyDog Uses Diskless Methodhttp://www.fireeye.com/blog/technical/cyber-exploits/2013/11/operation-ephemeral-hydra-ie-zero-day-linked-to-deputydog-uses-diskless-method.html
Terminator RAThttp://www.fireeye.com/blog/technical/malware-research/2013/10/evasive-tactics-terminator-rat.html
FakeM RAThttp://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-fakem-rat.pdf
World War C: State of affairs in the APT worldhttps://www.fireeye.com/blog/threat-research/2013/09/new-fireeye-report-world-war-c.html
The 'ICEFROG' APT: A Tale of cloak and three daggershttp://www.securelist.com/en/downloads/vlpdfs/icefog.pdf
Hidden Lynx - Professional Hackers for Hirehttp://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/hidden_lynx.pdf
Operation DeputyDog: Zero-Day (CVE-2013-3893) Attack Against Japanese Targetshttp://www.fireeye.com/blog/technical/cyber-exploits/2013/09/operation-deputydog-zero-day-cve-2013-3893-attack-against-japanese-targets.html
The "Kimsuky" Operationhttps://securelist.com/analysis/57915/the-kimsuky-operation-a-north-korean-apt/
Feature: EvilGrab Campaign Targets Diplomatic Agencieshttp://about-threats.trendmicro.com/cloud-content/us/ent-primers/pdf/2q-report-on-targeted-attack-campaigns.pdf
Operation Molerats: Middle East Cyber Attacks Using Poison Ivyhttp://www.fireeye.com/blog/technical/2013/08/operation-molerats-middle-east-cyber-attacks-using-poison-ivy.html
POISON IVY: Assessing Damage and Extracting Intelligencehttp://www.fireeye.com/resources/pdfs/fireeye-poison-ivy-report.pdf
ByeBye Shell and the targeting of Pakistanhttps://community.rapid7.com/community/infosec/blog/2013/08/19/byebye-and-the-targeting-of-pakistan
Surtr: Malware Family Targeting the Tibetan Communityhttps://citizenlab.org/2013/08/surtr-malware-family-targeting-the-tibetan-community/
Where There is Smoke, There is Fire: South Asian Cyber Espionage Heats Uphttp://www.threatconnect.com/news/where-there-is-smoke-there-is-fire-south-asian-cyber-espionage-heats-up/
APT Attacks on Indian Cyber Spacehttp://g0s.org/wp-content/uploads/2013/downloads/Inside_Report_by_Infosec_Consortium.pdf
Operation Hangover - Unveiling an Indian Cyberattack Infrastructurehttp://normanshark.com/wp-content/uploads/2013/08/NS-Unveiling-an-Indian-Cyberattack-Infrastructure_FINAL_Web.pdf
Blackhat: In-Depth Analysis of Escalated APT Attacks (Lstudio,Elirks)https://media.blackhat.com/us-13/US-13-Yarochkin-In-Depth-Analysis-of-Escalated-APT-Attacks-Slides.pdf
videohttps://www.youtube.com/watch?v=SoFVRsvh8s0
Secrets of the Comfoo Mastershttp://www.secureworks.com/cyber-threat-intelligence/threats/secrets-of-the-comfoo-masters/
PlugX revisited: "Smoaler"http://sophosnews.files.wordpress.com/2013/07/sophosszappanosplugxrevisitedintroducingsmoaler-rev1.pdf
Dark Seoul Cyber Attack: Could it be worse?http://cisak.perpika.kr/wp-content/uploads/2013/07/2013-08.pdf
Targeted Campaign Steals Credentials in Gulf States and Caribbeanhttps://blogs.mcafee.com/mcafee-labs/targeted-campaign-steals-credentials-in-gulf-states-and-caribbean
njRAT Uncoveredhttp://threatgeek.typepad.com/files/fta-1009---njrat-uncovered-1.pdf
A Call to Harm: New Malware Attacks Target the Syrian Oppositionhttps://citizenlab.org/wp-content/uploads/2013/07/19-2013-acalltoharm.pdf
Trojan.APT.Seinup Hitting ASEANhttp://www.fireeye.com/blog/technical/malware-research/2013/06/trojan-apt-seinup-hitting-asean.html
KeyBoy, Targeted Attacks against Vietnam and Indiahttps://community.rapid7.com/community/infosec/blog/2013/06/07/keyboy-targeted-attacks-against-vietnam-and-india
The NetTraveller (aka 'Travnet')http://www.securelist.com/en/downloads/vlpdfs/kaspersky-the-net-traveler-part1-final.pdf
Crude Faux: An analysis of cyber conflict within the oil & gas industrieshttps://www.cerias.purdue.edu/assets/pdf/bibtex_archive/2013-9.pdf
The Chinese Malware Complexes: The Maudi Surveillance Operationhttps://bluecoat.com/documents/download/2c832f0f-45d2-4145-bdb7-70fc78c22b0f&ei=ZGP-VMCbMsuxggSThYDgDg&usg=AFQjCNFjXSkn_AIiXge1X9oWZHzQOiNDJw&sig2=B6e2is0sCnGEbLPL9q0eZg&bvm=bv.87611401,d.eXY
TR-14 - Analysis of a stage 3 Miniduke malware samplehttp://www.circl.lu/pub/tr-14/
Operation Hangoverhttps://www.bluecoat.com/security-blog/2013-05-20/hangover-report
Operation Hangoverhttp://normanshark.com/pdf/Norman_HangOver%20report_Executive%20Summary_042513.pdf
MiniDuke - The Final Cuthttp://labs.bitdefender.com/2013/04/miniduke-the-final-cut
New Targeted Attack On Taiwanese Government & Tibetan Activists Open Up a Can Of Worms - GrayPigeon, Hangame & Shiqiang ganghttps://www.fireeye.com/blog/threat-research/2013/04/new-targeted-attack-on-taiwanese-government-tibetan-activists-open-up-a-can-of-worms-graypigeon-hangame-shiqiang-gang.html
"Winnti" More than just a gamehttp://www.securelist.com/en/downloads/vlpdfs/winnti-more-than-just-a-game-130410.pdf
Trojan.APT.BaneChanthttp://www.fireeye.com/blog/technical/malware-research/2013/04/trojan-apt-banechant-in-memory-trojan-that-observes-for-multiple-mouse-clicks.html
TR-12 - Analysis of a PlugX malware variant used for targeted attackshttp://www.circl.lu/pub/tr-12/
APT1: technical backstage (Terminator/Fakem RAT)http://www.malware.lu/assets/files/articles/RAP002_APT1_Technical_backstage.1.0.pdf
Darkseoul/Jokra Analysis And Recoveryhttp://www.fidelissecurity.com/sites/default/files/FTA%201008%20-%20Darkseoul-Jokra%20Analysis%20and%20Recovery.pdf
The TeamSpy Crew Attackshttp://securelist.com/blog/incidents/35520/the-teamspy-crew-attacks-abusing-teamviewer-for-cyberespionage-8/
Dissecting Operation Troyhttp://www.mcafee.com/sg/resources/white-papers/wp-dissecting-operation-troy.pdf
Safe: A Targeted Threathttp://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-safe-a-targeted-threat.pdf
You Only Click Twice: FinFisher’s Global Proliferationhttps://citizenlab.org/wp-content/uploads/2013/07/15-2013-youonlyclicktwice.pdf
Miniduke: Indicators v1http://www.crysys.hu/miniduke/miniduke_indicators_public.pdf
The MiniDuke Mystery: PDF 0-day Government Spy Assembler 0x29A Micro Backdoorhttps://www.securelist.com/en/downloads/vlpdfs/themysteryofthepdf0-dayassemblermicrobackdoor.pdf
Stuxnet 0.5: The Missing Linkhttp://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/stuxnet_0_5_the_missing_link.pdf
Comment Crew: Indicators of Compromisehttp://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/comment_crew_indicators_of_compromise.pdf
Mandiant APT1 Reporthttp://intelreport.mandiant.com/Mandiant_APT1_Report.pdf
Targeted cyber attacks: examples and challenges aheadhttp://www.ait.ac.at/uploads/media/Presentation_Targeted-Attacks_EN.pdf
Operation Red Octoberhttps://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/24000/PD24250/en_US/McAfee_Labs_Threat_Advisory_Exploit_Operation_Red_Oct.pdf
Red October Diplomatic Cyber Attacks Investigationhttp://securelist.com/analysis/publications/36740/red-october-diplomatic-cyber-attacks-investigation
The Red October Campaignhttps://securelist.com/blog/incidents/57647/the-red-october-campaign
https://patch-diff.githubusercontent.com/labssec/APTnotes#2012
Systematic cyber attacks against Israeli and Palestinian targets going on for a yearhttp://cyber-peace.org/wp-content/uploads/2014/01/Cyberattack_against_Israeli_and_Palestinian_targets.pdf
RECOVERING FROM SHAMOONhttp://www.fidelissecurity.com/sites/default/files/FTA%201007%20-%20Shamoon.pdf
Trojan.Taidoor: Targeting Think Tankshttp://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/trojan_taidoor-targeting_think_tanks.pdf
Matasano notes on DarkComet, Bandook, CyberGate and Xtreme RAThttp://matasano.com/research/PEST-CONTROL.pdf
The Mirage Campaignhttp://www.secureworks.com/cyber-threat-intelligence/threats/the-mirage-campaign/
The VOHO Campaign: An in depth analysishttp://blogsdev.rsa.com/wp-content/uploads/VOHO_WP_FINAL_READY-FOR-Publication-09242012_AC.pdf
IEXPLORE RAThttps://citizenlab.org/wp-content/uploads/2012/09/IEXPL0RE_RAT.pdf
The Elderwood Projecthttp://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-elderwood-project.pdf
Gauss: Abnormal Distributionhttp://kasperskycontenthub.com/wp-content/uploads/sites/43/vlpdfs/kaspersky-lab-gauss.pdf
The Madi Campaignhttps://securelist.com/analysis/36609/the-madi-infostealers-a-detailed-analysis/
From Bahrain With Love: FinFisher’s Spy Kit Exposed?https://citizenlab.org/2012/07/from-bahrain-with-love-finfishers-spy-kit-exposed/
Wired article on DarkComet creatorhttp://www.wired.com/2012/07/dark-comet-syrian-spy-tool/
Advanced Social Engineering for the Distribution of LURK Malwarehttps://citizenlab.org/wp-content/uploads/2012/07/10-2012-recentobservationsintibet.pdf
sKyWIper (Flame/Flamer)http://www.crysys.hu/skywiper/skywiper.pdf
IXESHE An APT Campaignhttp://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_ixeshe.pdf
Analysis of Flamer C&C Serverhttp://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_flamer_newsforyou.pdf
The Shiqiang Ganghttps://web.archive.org/web/20121030064334/http://blogs.norman.com/2012/security-research/the-shiqiang-gang
OSX.SabPub & Confirmed Mac APT attackshttp://securelist.com/blog/incidents/33208/new-version-of-osx-sabpub-confirmed-mac-apt-attacks-19/
Anatomy of a Gh0st RAThttp://www.mcafee.com/us/resources/white-papers/foundstone/wp-know-your-digital-enemy.pdf
Luckycat Reduxhttp://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_luckycat_redux.pdf
From Georgia, with Lovehttp://blog.eset.com/2012/03/21/win32georbot-information-stealing-trojan-botnet-from-georgia-with-love
CERT Georgia: Georbot Botnethttp://dea.gov.ge/uploads/CERT%20DOCS/Cyber%20Espionage.pdf
Reversing DarkComet RAT's cryptohttp://www.arbornetworks.com/asert/wp-content/uploads/2012/07/Crypto-DarkComet-Report.pdf
Crouching Tiger, Hidden Dragon, Stolen Datahttp://www.contextis.com/services/research/white-papers/crouching-tiger-hidden-dragon-stolen-data/
The Sin Digoo Affairhttp://www.secureworks.com/cyber-threat-intelligence/threats/sindigoo/
Command and Control in the Fifth Domainhttp://www.commandfive.com/papers/C5_APT_C2InTheFifthDomain.pdf
The HeartBeat APThttp://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_the-heartbeat-apt-campaign.pdf
https://patch-diff.githubusercontent.com/labssec/APTnotes#2011
Palebot trojan harvests Palestinian online credentialshttps://web.archive.org/web/20130308090454/http://blogs.norman.com/2011/malware-detection-team/palebot-trojan-harvests-palestinian-online-credentials
The Nitro Attacks: Stealing Secrets from the Chemical Industryhttp://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the_nitro_attacks.pdf
Duqu Trojan Questions and Answershttp://www.secureworks.com/cyber-threat-intelligence/threats/duqu/
Alleged APT Intrusion Set: "1.php" Grouphttp://www.zscaler.com/pdf/technicalbriefs/tb_advanced_persistent_threats.pdf
The "LURID" Downloaderhttp://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_dissecting-lurid-apt.pdf
SK Hack by an Advanced Persistent Threathttp://www.commandfive.com/papers/C5_APT_SKHack.pdf
The RSA Hackhttp://www.fidelissecurity.com/sites/default/files/FTA1001-The_RSA_Hack.pdf
HTran and the Advanced Persistent Threathttp://www.secureworks.com/cyber-threat-intelligence/threats/htran/
Operation Shady rat : Vanityhttp://www.vanityfair.com/culture/features/2011/09/operation-shady-rat-201109
Operation Shady RAThttp://www.mcafee.com/us/resources/white-papers/wp-operation-shady-rat.pdf
Stuxnet Under the Microscopehttp://www.eset.com/us/resources/white-papers/Stuxnet_Under_the_Microscope.pdf
Night Dragon Specific Protection Measures for Considerationhttp://www.nerc.com/pa/rrm/bpsa/Alerts%20DL/2011%20Alerts/A-2011-02-18-01%20Night%20Dragon%20Attachment%201.pdf
Global Energy Cyberattacks: Night Dragonhttp://www.mcafee.com/us/resources/white-papers/wp-global-energy-cyberattacks-night-dragon.pdf
https://patch-diff.githubusercontent.com/labssec/APTnotes#2010
The Stuxnet Computer Worm: Harbinger of an Emerging Warfare Capability http://www.fas.org/sgp/crs/natsec/R41524.pdf
W32.Stuxnet Dossierhttp://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf
The "MSUpdater" Trojan And Ongoing Targeted Attackshttp://www.seculert.com/reports/MSUpdaterTrojanWhitepaper.pdf
Shadows in the cloud: Investigating Cyber Espionage 2.0http://www.nartv.org/mirror/shadows-in-the-cloud.pdf
In-depth Analysis of Hydraqhttp://www.totaldefense.com/Core/DownloadDoc.aspx?documentID=1052
How Can I Tell if I Was Infected By Aurora? (IOCs)http://www.crowdstrike.com/sites/default/files/AdversaryIntelligenceReport_DeepPanda_0.pdf
HB Gary Threat Report: Operation Aurorahttp://hbgary.com/sites/default/files/publications/WhitePaper%20HBGary%20Threat%20Report,%20Operation%20Aurora.pdf
Case Study: Operation Aurora - Triumfanthttp://www.triumfant.com/pdfs/Case_Study_Operation_Aurora_V11.pdf
Operation Aurora Detect, Diagnose, Respondhttp://albertsblog.stickypatch.org/files/3/5/1/4/7/282874-274153/Aurora_HBGARY_DRAFT.pdf
McAfee Labs: Combating Aurorahttps://kc.mcafee.com/resources/sites/MCAFEE/content/live/CORP_KNOWLEDGEBASE/67000/KB67957/en_US/Combating%20Threats%20-%20Operation%20Aurora.pdf
The Command Structure of the Aurora Botnet - Damballahttps://www.damballa.com/downloads/r_pubs/Aurora_Botnet_Command_Structure.pdf
Operation Aurorahttp://en.wikipedia.org/wiki/Operation_Aurora
https://patch-diff.githubusercontent.com/labssec/APTnotes#2009
Tracking GhostNethttp://www.nartv.org/mirror/ghostnet.pdf
Impact of Alleged Russian Cyber Attackshttps://www.baltdefcol.org/files/files/documents/Research/BSDR2009/1_%20Ashmore%20-%20Impact%20of%20Alleged%20Russian%20Cyber%20Attacks%20.pdf
https://patch-diff.githubusercontent.com/labssec/APTnotes#2008
Agent.BTZhttp://www.wired.com/dangerroom/2008/11/army-bans-usb-d/
China's Electronic Long-Range Reconnaissancehttp://fmso.leavenworth.army.mil/documents/chinas-electronic.pdf
How China will use cyber warfare to leapfrog in military competitivenesshttp://www.international-relations.com/CM8-1/Cyberwar.pdf
Russian Invasion of Georgia Russian Cyberwar on Georgiahttp://www.mfa.gov.ge/files/556_10535_798405_Annex87_CyberAttacks.pdf
https://patch-diff.githubusercontent.com/labssec/APTnotes#2006
"Wicked Rose" and the NCPH Hacking Grouphttp://krebsonsecurity.com/wp-content/uploads/2012/11/WickedRose_andNCPH.pdf
Readme https://patch-diff.githubusercontent.com/labssec/APTnotes#readme-ov-file
Please reload this pagehttps://patch-diff.githubusercontent.com/labssec/APTnotes
Activityhttps://patch-diff.githubusercontent.com/labssec/APTnotes/activity
0 starshttps://patch-diff.githubusercontent.com/labssec/APTnotes/stargazers
1 watchinghttps://patch-diff.githubusercontent.com/labssec/APTnotes/watchers
0 forkshttps://patch-diff.githubusercontent.com/labssec/APTnotes/forks
Report repository https://patch-diff.githubusercontent.com/contact/report-content?content_url=https%3A%2F%2Fgithub.com%2Flabssec%2FAPTnotes&report=labssec+%28user%29
Releaseshttps://patch-diff.githubusercontent.com/labssec/APTnotes/releases
Packages 0https://patch-diff.githubusercontent.com/users/labssec/packages?repo_name=APTnotes
https://github.com
Termshttps://docs.github.com/site-policy/github-terms/github-terms-of-service
Privacyhttps://docs.github.com/site-policy/privacy-policies/github-privacy-statement
Securityhttps://github.com/security
Statushttps://www.githubstatus.com/
Communityhttps://github.community/
Docshttps://docs.github.com/
Contacthttps://support.github.com?tags=dotcom-footer

Viewport: width=device-width

URLs of crawlers that visited me.