HOME _ .. .. u dF dF 88Nu. u. uL .. x. . u. u. '88bu. .u . .u . u. x. . u. u. '88bu. '88888.o888c .@88b @88R .@88k z88u x@88k u@88c. '*88888bu .u .d88B :@8c uL .d88B :@8c ...ue888b .@88k z88u x@88k u@88c. '*88888bu ^8888 8888 '"Y888k/"*P ~"8888 ^8888 ^"8888""8888" ^"*8888N ud8888. ="8888f8888r .ue888Nc.. ="8888f8888r 888R Y888r ~"8888 ^8888 ^"8888""8888" ^"*8888N 8888 8888 Y888L 8888 888R 8888 888R beWE "888L :888'8888. 4888>'88" d88E`"888E` 4888>'88" 888R I888> 8888 888R 8888 888R beWE "888L 8888 8888 8888 8888 888R 8888 888R 888E 888E d888 '88%" 4888> ' 888E 888E 4888> ' 888R I888> 8888 888R 8888 888R 888E 888E 8888 8888 `888N 8888 888R 8888 888R 888E 888E 8888.+" 4888> 888E 888E 4888> 888R I888> 8888 888R 8888 888R 888E 888E .8888b.888P .u./"888& 8888 ,888B . 8888 888R 888E 888F 8888L .d888L .+ 888E 888E .d888L .+ u8888cJ888 8888 ,888B . 8888 888R 888E 888F ^Y8888*"" d888" Y888*" "8888Y 8888" "*88*" 8888" .888N..888 '8888c. .+ ^"8888*" 888& .888E ^"8888*" "*888*P" "8888Y 8888" "*88*" 8888" .888N..888 `Y" ` "Y Y" `Y" 'YP "" 'Y" `"888*"" "88888% "Y" *888" 888& "Y" 'Y" `Y" 'YP "" 'Y" `"888*"" "" "YP' `" "888E "" .dWi `88E 4888~ J8% ^"===*"` archive | code | zines | papers | apt collection | samples | translations | supporters | contact
APT1 | Comment Crew | [China’s People’s Liberation Army (PLA)] About: APT1 | Comment Crew Report: Mandiant: Exposing One of China’s Cyber Espionage Units
APT3 | Gothic Panda | [People's Republic of China] About: APT3 | Gothic Panda | UPS Team Report: Symantec: Buckeye: Espionage Outfit Used Equation Group Tools Prior to Shadow BrokersLeak Sample: Buckeye
APT-C-23 | AridViper [Arab Republic of Egypt] About: APT-C-23 | AridViper Report: TrendMicro: Espionage Campaign Sphinx Goes Mobile With Anubis Spy Sample: Frozen Cell
APT28 | Fancy Bear | Sofacy Group | [Russian Federation] About: Fancy Bear | APT28 | Sofacy Group Article: Homeland Security: Enhanced Analysis of GRIZZLY STEPPE Sample: GRIZZLY STEPPE Sample: XTunnel Report: VirusTotal Report Sample: TaskRec.Variant Report: VirusTotal Report Sample: USCYBERCOM ALERT APT28 Article: Palo Alto: New Go Variant of Zebrocy Sample: Zebrocy 8.2018 Sample: Zebrocy X.2019 Sample: Zebrocy 12.2018 Sample: Zeka Article: ESET Datasheet Lojax Sample: LoJax
APT32 | OceanLotus | [Vietnam] About: OceanLotus | APT32 Report: The SpyRATs of OceanLotus Sample: OceanLotus Samples
APT33 | APT34 | APT 39 | [Islamic Republic of Iran] About: APT33 Report: GReAT: From Shamoon to StoneDrill Sample: Shamoon 2.0 | StoneDrill About: APT34 Report: Researchers Link GreenBug Cyber Spy Group to Shamoon Sample: Greenbug About: FireEye: APT39 Report: Security Intelligence: Observations of ITG07 Cyber Operations Sample: Operation ITG07
APT37 | Reaper | [Democratic People's Republic of Korea] About: APT37 | Reaper Report: Intezer: APT37: Final1stspy Reaping the Free Milk Sample: Final1stSpy
Equation Group | [United States of America] About: Equation Group Paper: GReAT: From Houston with Love Sample: From Houston with Love Report: VirusTotal Report Sample: DoubleFantasy Variant Paper: GReAT: The Death Star of Malware Galaxy Sample: Equation Drug Installer Sample: Equation Laser Sample: Fanny Sample: Grayfish Sample: Grok Sample: SD_IP_CF.dll (Unnamed Variant) Sample: TripleFantasy Article: Wikipedia: Flame (Malware) Sample: Flame | Flamer | Skyswiper Article: GReAT: Equation Group Questions and Answers Sample: HDD Firmware Operation
Lazarus Group | [Democratic People's Republic of Korea] About: Lazarus Group Report: McAfee: Operation Sharpshooter Sample: SharpShooter Report: GReAT: MATA: Multi-platform targeted malware framework Sample: Linux + MacOS MATA Samples 7222020 Sample: Windows MATA Samples Windows
Transparent Tribe | [Islamic Republic of Pakistan] About: Transparent Tribe Report: GReAT: Transparent Tribe: Evolution analysis Sample: Crimson Rat
Platinum Group | [Unknown Origin] About: Platinum Group Report: GReAT: Titanium: the Platinum group strikes again Sample: Titanium
Sandworm Team | Voodoo Bear | [Russian Federation] About: Sandworm Team Report: Malpedia: BlackEnergy Sample: Black Energy Report: ESET: GreyEnergy: A Successor to BlackEnergy Sample: GreyEnergy
Turla Group | Venomous Bear | [Russian Federation] About: Turla Group Report: Malpedia: Kazuar RAT Sample: Kazuar RAT
Sidewinder APT | [Republic of India]
[Unknown Group] | [Unknown Origin] Report: GReAT: OlympicDestroyer is here to trick the industry Sample: Olympic Destroyer Report: US Department of Homeland Security: Chinese Remote Access Trojan: TAIDOOR Sample: Chinese Remote Access Trojan: TAIDOOR Report: GReAT: APT Slingshot Sample: Slingshot Report: GReAT: Operation ShadowHammer: a high-profile supply chain attack Sample: ShadowHammer Report: The Mystery of Duqu 2.0: a sophisticated cyberespionage actor returns Sample: Doqu Dropper Report: More evil: A deep look at Evilnum and its toolset Sample: PyVil Report: GReAT: Dark Tequila Añejo Sample: DarkTequila