HOME _ .. .. u dF dF 88Nu. u. uL .. x. . u. u. '88bu. .u . .u . u. x. . u. u. '88bu. '88888.o888c .@88b @88R .@88k z88u x@88k u@88c. '*88888bu .u .d88B :@8c uL .d88B :@8c ...ue888b .@88k z88u x@88k u@88c. '*88888bu ^8888 8888 '"Y888k/"*P ~"8888 ^8888 ^"8888""8888" ^"*8888N ud8888. ="8888f8888r .ue888Nc.. ="8888f8888r 888R Y888r ~"8888 ^8888 ^"8888""8888" ^"*8888N 8888 8888 Y888L 8888 888R 8888 888R beWE "888L :888'8888. 4888>'88" d88E`"888E` 4888>'88" 888R I888> 8888 888R 8888 888R beWE "888L 8888 8888 8888 8888 888R 8888 888R 888E 888E d888 '88%" 4888> ' 888E 888E 4888> ' 888R I888> 8888 888R 8888 888R 888E 888E 8888 8888 `888N 8888 888R 8888 888R 888E 888E 8888.+" 4888> 888E 888E 4888> 888R I888> 8888 888R 8888 888R 888E 888E .8888b.888P .u./"888& 8888 ,888B . 8888 888R 888E 888F 8888L .d888L .+ 888E 888E .d888L .+ u8888cJ888 8888 ,888B . 8888 888R 888E 888F ^Y8888*"" d888" Y888*" "8888Y 8888" "*88*" 8888" .888N..888 '8888c. .+ ^"8888*" 888& .888E ^"8888*" "*888*P" "8888Y 8888" "*88*" 8888" .888N..888 `Y" ` "Y Y" `Y" 'YP "" 'Y" `"888*"" "88888% "Y" *888" 888& "Y" 'Y" `Y" 'YP "" 'Y" `"888*"" "" "YP' `" "888E "" .dWi `88E 4888~ J8% ^"===*"` archive | code | zines | papers | apt collection | samples | supporters | contact
APT1 | Comment Crew | [China’s People’s Liberation Army (PLA)] About: APT1 | Comment Crew Report: Mandiant: Exposing One of China’s Cyber Espionage Units
APT3 | Gothic Panda | [People's Republic of China] About: APT3 | Gothic Panda | UPS Team Report: Symantec: Buckeye: Espionage Outfit Used Equation Group Tools Prior to Shadow BrokersLeak Sample: Buckeye
APT-C-23 | AridViper [Arab Republic of Egypt] About: APT-C-23 | AridViper Report: TrendMicro: Espionage Campaign Sphinx Goes Mobile With Anubis Spy Sample: Frozen Cell
APT28 | Fancy Bear | Sofacy Group | [Russian Federation] About: Fancy Bear | APT28 | Sofacy Group Article: Homeland Security: Enhanced Analysis of GRIZZLY STEPPE Article: Palo Alto: New Go Variant of Zebrocy Article: ESET Datasheet Lojax Article: ZLAB: Operation Roman Holiday APT28 Group Article: McAfee: Threat Group APT28 Slips Office Malware into Doc Citing NYC Terror Attack Article: ESET: Sednit Part 1: Approaching The Target Article: ESET: Sednit Part 2: Observing The Comings And Goings Article: ESET: Sednit Part 3: A Mysterious Downloader Article: APT28: A Window Into Russias Cyber Espionage Operations Article: APT28: At The Center Of The Storm Article: BitDefender: APT28 Under The Scope Article: BitDefender: Dissecting The APT28 MacOSX Payload Samples: APT28 Collection General: APT28.01bca6481a3a55dc5de5bfa4124bba47d37018d8ee93e5dbb80a60a14f243889.bin APT28.121407a9bced8297fbbdfb76ae79f16fe9fa0574deee21a44dfb56d5b1deb999.bin APT28.1aa4ad5a3f8929d61f559df656c84326d1fe0ca82a4be299fa758a26e14b1b27.bin APT28.5b52bc196bfc207d43eedfe585df96fcfabbdead087ff79fcdcdd4d08c7806db.bin APT28.ActConv.dll.a5b68575ac4fbe83c23ff991ad0d5389f51a2aef71ee3c2277985c68361cf1cc APT28.bin.1de6d9db409bef73e3585fc08f98b30e2757ec87830e6f84ba85c39210aa962b APT28.Cannon.bin.aeaca9985b50ebe1db0fcda9b3fbf02275d17737b748963b63c14da3e988d801 APT28.CannonImplant.bin.aeaca9985b50ebe1db0fcda9b3fbf02275d17737b748963b63c14da3e988d801 APT28.CTLNetwork.bin.dea3a99388e9c962de9ea1008ff35bc2dc66f67a911451e7b501183e360bb95e APT28.Esert.dll.fd39d2837b30e7233bc54598ff51bdc2f8c418fa5b94dea2cadb24cf40f395e5 APT28.FancyImplant.bin.044f8ab501090fd77ae6e9ebf57e7fba9041be7ab986ce58f38583f4839a5126 APT28.GoVariantImplant.bin.93680d34d798a22c618c96dec724517829ec3aad71215213a2dcb1eb190ff9fa APT28.GRIZZLYSTEPPE.40ae43b7d6c413becc92b07076fa128b875c8dbb4da7c036639eccf5a9fc784f APT28.GRIZZLYSTEPPE.4845761c9bed0563d0aa83613311191e075a9b58861e80392914d61a21bad976 APT28.Implant.bin.489a1b13b5ec415f24bc4f1b4ed6c6e0bdc50ae95513645a839655bc75d4d9d6 APT28.MacOSKomplexFancyBear.bin.96a19a90caa41406b632a2046f3a39b5579fbf730aca2357f84bf23f2cbc1fd3 APT28.npmproxy.dll.b40909ac0b70b7bd82465dfc7761a6b4e0df55b894dd42290e3f72cb4280fa44 APT28.TaskRec.e2bea753318d715dfc2f186c49ae3e9c404d0f5df52e959ea546f78a3624bc3b APT28.Unknown.Scanpass.bin.e05de3e4a03369192856a167f2865eab3062a102b23bfdde5c0f622b39cd159a APT28.wmsApplication.exe.6f2589be92c2d0fa6050e52fbedb967c2590a8abbc4a9459fb7f78bc52407195 Lojax: 430cbf950f9cea3f77374145f488a104f4ab664edca448effacbf2f8ba01b901 7ea33696c91761e95697549e0b0f84db2cf4033216cd16c3264b10daa31f598c 81e96c07e6c9cb02f72c0943a42ff9f8f09a09c508f8bbaa1142a9ee4f1326cf c28ad61fc748c08e8714cb247e741b736ebf0d9dfbcc3579f66fe3168326f61 d0e9f0c79da838bd71a1c4ba6c5c9382569941dc38e7fa2c92009b364673d498 Lojack.bin.6d626c7f661b8cc477569e8e89bfe578770fca332beefea1ee49c20def97226e Lojack.dll.bin.aa5b25c969234e5c9a8e3aa7aefb9444f2cc95247b5b52ef83bf4a68032980ae 060448ffd71fe2edbb5fe7c6298ad2b077e57fa6ed6d4250fbd799dd85488843 0860f29226069a732f988cb70ea6d51057d204d421bb709b8e759376b0c4d201 27dd9de09e22efa2ef12e9e2f462fa9da83684bdb4ec900dd86439c5758107d9 37f15647c26d475db805048d6592aa153533ac5f4373145c75e24012a51ad9f8 500f426f98d4c00d29825f976b9457a274aed781a560a60e89cba4805cd47186 539cdc37c34eebb28a74f0dceeee0331e6ac6f4682e55fddd69d6f9de7ab9b77 634795a3acbae8964bb31e3ebed7f29208844978a512fc26a8b9a51901f9cab9 a97b1a792f7b53929a1c01bad9fc2bd606a15e8e32755daa15570e356baa0112 dcbfd12321fa7c4fa9a72486ced578fdc00dcee79e6d95aa481791f044a55af3 eb4e174db15646f71cb1d2c471e5794a8429ca29369c8eff6042122cc6dc6845 XTunnel: XAgent64.bin.fd39d2837b30e7233bc54598ff51bdc2f8c418fa5b94dea2cadb24cf40f395e5 X-AgentTrojan.bin.b814fdbb7cfe6e5192fe1126835b903354d75bfb15a6c262ccc2caf13a8ce4b6 XTunnel.4845761c9bed0563d0aa83613311191e075a9b58861e80392914d61a21bad976 XTunnel.be2e58669dbdec916f7aaaf4d7c55d866c4f38ac290812b10d680d943bb5b757 XTunnelImplant.854a522a113b6413ff4db5f0ba0aec98cba3c5ef386311660f6dabab26f6aa14 Zeka: Zeka.Apt.6.10.2018.c6e95fb89df8e84eb21b3ce6b8947ce2 Zeka.Implant.07.21.2018.8c2f9832b38b4c10f3b5b7924379d599 Zeka.Implant.11.06.2018.1bcf064650aef06d83484d991bdf6750 ZekapabImplant.07.30.2018.d1755976a6f7e1cbf21132ac4fdcf553
APT32 | OceanLotus | [Vietnam] About: OceanLotus | APT32 Report: The SpyRATs of OceanLotus Report: OceanLotus: macOS malware update Report: ESET: OceanLotus: Old techniques, new backdoor Report: OceanLotus Steganography: Malware Analysis White Paper Report: 腾讯安全我“海莲花”(OceanLotus) 2019年针对中国攻击活动汇总 Report: APT32: OceanLotus (CN) Sample: OceanLotus Samples General: Denis.a17d4568ad5f745d36fc17846d3e0edf63d4e3c9fccb9861579e957f7a560217 Denis.bdb83301a470d202480274df161638f83f8f26e7dda131a11b89a5a3d8259c73 Korplug.4ce7c9e9ca6f785921921de4d0b75c5436cd0d760ac71ddb30b8c5a610ae34dd Salgorea.06dec0082eac094dc0b4b3de8854f190f1d3112dada0d414d9a085a0ee309199 wwlib.dll_000176573_c__programdata_Intel.dll.dbc48b33e2ee74c33394834d1f7a71beddaac5ec1840e7765e10c3cac0f7e8ee wwlib.dll_000176573_c__programdata_Offices.dll.6d027be0919c64131edb7c06d514cddfb2213da51267bef626085314fb3f82ef APKs: framaroot-xpro.apk.1da8576c8e67c5f283ac841eb9a958e8507262e205be592edee0406359ef75f6 TOS_Multi_Backup_V1.1.apk.2be1718b4d55f80444223c4cccfc782aeaf27769354fa1661b1257a29475a07e Unnamed.015d5b3d5d2e968a36dfec32dfaba68a83807d7ab3a683c7123b716fc7024668 Unnamed.1253f09102312bb5e61782d9ff71f41d489fdc4f8a67f1bc27787e4bbdb26684 Unnamed.12d6e46e9ce5156404f6df86c7f6e5991d3e59c44c137c44642c7f758a733b27 Unnamed.17d16530c9e5504dd216bca083ec5435f9fa705600526dec48c51ab5b89cd699 Unnamed.44bbeb4031b186e01f422dc09e16412accd3e799420f2de3881395e755574b9a Unnamed.49450b20434db9806e2a6742990561103a38fbf425e4cbba7bc573c152ba9c10 Unnamed.4abc3eece7f22cf5f4b4bb1b9a3aea504ba8946ba87c3f1ab0e64dfdfc1206b4 Unnamed.4c3a3e1ce7cd76e9f54235583d7d8ad773cdd6c840f884e2e532d075cdab2e0a Unnamed.5b60293edc32bd8413a8ee998e8580649900bfb53b630ed7f719215e1c3ea0b4 Unnamed.5d5141f296440289f9c6262f9fed60b7fb88b71f5b0a1e3640df707edbfb8e89 Unnamed.60553e12285d2ce48fd6bff1fcb29d16946132159fad7d71cdb1eea57eb2e229 Unnamed.733fca200a35031f9933c8ddf19b17de4244f4f8ea51ee038515c547ec9d7958 Unnamed.7d65714bc3661a7c3c38da4f285c630cd47a57f6fbe1b90b84eb326c71e6ef75 Unnamed.8363d20b7e0ed942b0f281b1eadeb8bd0baf120ce2f85f06d9c5f5524a2da60a Unnamed.8e18fcf528161509a04791473b6fa16982f0ec787909fcc7cafc7a8a28f3b23a Unnamed.938d934eba3a32a5466e7ad42cd8b3a8fd9f761d77e79e2b3a2fee8d68f313be Unnamed.ab84c15b254d101bb5b49d9017b2cb67a21efdf14bc8f4d5fef9fc1a27aadf93 Unnamed.b463cd0623e6a054aab95551821559b264f516630ed730bf4b5fe69fc558a338 Unnamed.bdcd8e89ebf8c24096981bc8d4c5b6bbf5f6b09399b97fa7484a67052c5973e8 Unnamed.d2c94a079624e30fa0297d675ed960f58be2b4fabca68a0886b253391e41ca45 Unnamed.e1808c00f13ea67a19b58f5a724743cc2bac01986e134ee236ba7a2aae319d78 Unnamed.f39c8e05175725547888c1e485a6fa90dc030f2e1c987277a7ebbc68fe7aa98b Unnamed.Jar.192e059ead09d51992197b659f1ae90144a175d1b84570588712b360e76cd1b2
APT33 | APT34 | APT 39 | [Islamic Republic of Iran] About: APT33 Report: GReAT: From Shamoon to StoneDrill Sample: Shamoon 2.0 | StoneDrill About: APT34 Report: Researchers Link GreenBug Cyber Spy Group to Shamoon Sample: Greenbug About: FireEye: APT39 Report: Security Intelligence: Observations of ITG07 Cyber Operations Sample: Operation ITG07
APT37 | Reaper | [Democratic People's Republic of Korea] About: APT37 | Reaper Report: Intezer: APT37: Final1stspy Reaping the Free Milk Sample: Final1stSpy
Equation Group | [United States of America] About: Equation Group Paper: GReAT: From Houston with Love Sample: From Houston with Love Report: VirusTotal Report Sample: DoubleFantasy Variant Paper: GReAT: The Death Star of Malware Galaxy Sample: Equation Drug Installer Sample: Equation Laser Sample: Fanny Sample: Grayfish Sample: Grok Sample: SD_IP_CF.dll (Unnamed Variant) Sample: TripleFantasy Article: Wikipedia: Flame (Malware) Sample: Flame | Flamer | Skyswiper Article: GReAT: Equation Group Questions and Answers Sample: HDD Firmware Operation
Lazarus Group | [Democratic People's Republic of Korea] About: Lazarus Group Report: McAfee: Operation Sharpshooter Sample: SharpShooter Report: GReAT: MATA: Multi-platform targeted malware framework Sample: Linux + MacOS MATA Samples 7222020 Sample: Windows MATA Samples Windows
Transparent Tribe | [Islamic Republic of Pakistan] About: Transparent Tribe Report: GReAT: Transparent Tribe: Evolution analysis Sample: Crimson Rat
Platinum Group | [Unknown Origin] About: Platinum Group Report: GReAT: Titanium: the Platinum group strikes again Sample: Titanium
Sandworm Team | Voodoo Bear | [Russian Federation] About: Sandworm Team Report: Malpedia: BlackEnergy Sample: Black Energy Report: ESET: GreyEnergy: A Successor to BlackEnergy Sample: GreyEnergy
Turla Group | Venomous Bear | [Russian Federation] About: Turla Group Report: Malpedia: Kazuar RAT Sample: Kazuar RAT
Sidewinder APT | [Republic of India]
[Unknown Group] | [Unknown Origin] Report: GReAT: MosaicRegressor: Lurking in the Shadows of UEFI Sample: MosaicRegressor UEFI modules Report: GReAT: OlympicDestroyer is here to trick the industry Sample: Olympic Destroyer Report: US Department of Homeland Security: Chinese Remote Access Trojan: TAIDOOR Sample: Chinese Remote Access Trojan: TAIDOOR Report: GReAT: APT Slingshot Sample: Slingshot Report: GReAT: Operation ShadowHammer: a high-profile supply chain attack Sample: ShadowHammer Report: The Mystery of Duqu 2.0: a sophisticated cyberespionage actor returns Sample: Doqu Dropper Report: More evil: A deep look at Evilnum and its toolset Sample: PyVil Report: GReAT: Dark Tequila Añejo Sample: DarkTequila Report: VirusTotal Report Sample: Slothful Media