HOME _ .. .. u dF dF 88Nu. u. uL .. x. . u. u. '88bu. .u . .u . u. x. . u. u. '88bu. '88888.o888c .@88b @88R .@88k z88u x@88k u@88c. '*88888bu .u .d88B :@8c uL .d88B :@8c ...ue888b .@88k z88u x@88k u@88c. '*88888bu ^8888 8888 '"Y888k/"*P ~"8888 ^8888 ^"8888""8888" ^"*8888N ud8888. ="8888f8888r .ue888Nc.. ="8888f8888r 888R Y888r ~"8888 ^8888 ^"8888""8888" ^"*8888N 8888 8888 Y888L 8888 888R 8888 888R beWE "888L :888'8888. 4888>'88" d88E`"888E` 4888>'88" 888R I888> 8888 888R 8888 888R beWE "888L 8888 8888 8888 8888 888R 8888 888R 888E 888E d888 '88%" 4888> ' 888E 888E 4888> ' 888R I888> 8888 888R 8888 888R 888E 888E 8888 8888 `888N 8888 888R 8888 888R 888E 888E 8888.+" 4888> 888E 888E 4888> 888R I888> 8888 888R 8888 888R 888E 888E .8888b.888P .u./"888& 8888 ,888B . 8888 888R 888E 888F 8888L .d888L .+ 888E 888E .d888L .+ u8888cJ888 8888 ,888B . 8888 888R 888E 888F ^Y8888*"" d888" Y888*" "8888Y 8888" "*88*" 8888" .888N..888 '8888c. .+ ^"8888*" 888& .888E ^"8888*" "*888*P" "8888Y 8888" "*88*" 8888" .888N..888 `Y" ` "Y Y" `Y" 'YP "" 'Y" `"888*"" "88888% "Y" *888" 888& "Y" 'Y" `Y" 'YP "" 'Y" `"888*"" "" "YP' `" "888E "" .dWi `88E 4888~ J8% ^"===*"` archive | code | zines | papers | apt collection | samples | supporters | contact
APT Papers
Pre-2010
2010 2010.01.01/Case Study Operation Aurora 2010.01.27/Operation Aurora Detect Diagnose Respond 2010.02.10/WhitePaper HBGary Threat Report, Operation Aurora 2010.03.14/Hydraq- In Depth Analysis 2010.04.06/Shadows in the cloud 2010.09.06/MSUpdater Trojan 2010.09.30/W32.Stuxnet Dossier 2010.12.09/The Stuxnet Computer Worm
2011 2011.02.10/Global Energy Cyberattacks - Night Dragon 2011.02.18/Night Dragon Specific Protection Measures for Consideration 2011.04.20/Stuxnet Under the Microscope 2011.06.01/Advanced Persistent Threats- A decade in review 2011.08.02/Operation Shady Rat 2011.08.03/HTran 2011.08.04/Operation Shady RAT 2011.09.09/The RSA Hack 2011.09.11/SK Hack 2011.09.22/The LURID Downloader 2011.10.12/Alleged APT Intrusion Set 1.php Group 2011.10.26/Duqu Trojan Questions and Answers 2011.10.26/Stuxnet , Duqu - The Evolution of Drivers 2011.10.31/The Nitro Attacks - Stealing secrets from the Chemical Industry 2011.11.15/Ghost RAT- Many faces 2011.12.08/Palebot trojan
2012 2012.01.03/The HeartBeat APT Campaign 2012.02.03/Command and Control in the Fifth Domain 2012.02.29/The Sin Digoo Affair 2012.03.12/Whitepaper - Crouching Tiger, Hidden Dragon, Stolen Data 2012.03.13/Crypto -Dark Comet 2012.03.26/LuckyCat Redux 2012.04.10/Anatomy of Ghost RAT 2012.04.16/OSX SabPub 2012.05.18/Flamer C & C Server 2012.05.22/Ixeshe 2012.05.31/Skywiper 2012.07.10/Tibet Lurk 2012.07.11/Dark Comet 2012.07.25/Fin Fisher's Spy Kit 2012.07.27/The Madi Infostealers 2012.08.09/Gauss 2012.08.18/The taidoor campaign 2012.09.06/The elderwood project 2012.09.07/IEXPL0RE RAT 2012.09.12/The VOHO Campaign 2012.09.18/The Mirage Campaign 2012.10.08/Pest Control 2012.10.27/Trojan Taidoor 2012.10.31/Cyber Espionage Against Georgian Government 2012.11.00/Wicked Rose & NCPH Hacking Group 2012.11.01/Shamoon 2012.11.03/Cyberattack against Israeli and Palestinian targets
2013 NA/FireEye-Terminator_RAT NA/Operation Ephemeral Hydra NA/World War C NA/Ke3chang NA/Dark Seoul Cyberattack NA/Secrets of the Comfoo Masters NA/nJ RAT NA/Command and Control in the Fifth Domain NA/Operation Saffron Rose NA/Chopping packets Decoding China Chopper Web Shell using SSL NA/China Chopper Web Shell NA/China Chopper NA/nJ RAT uncovered NA/Poison Ivy NA/Deep Panda NA/Byebye Shell NA/Kimsuky NA/ETSO APT Attacks Analysis NA/Supply Chain Analysis NA/2Q Report on Targeted Campaigns NA/Plugx Smoaler NA/Surtr Malware Tibetan NA/Hidden lynx NA/Operation Molerats NA/Operation Deputy Dog NA/India Pak Tranchulas NA/Icefog APT NA/Energy at risk NA/APT Attacks on Indian Cyber Space 2013.01.14/Red October Diplomatic Cyber Attacks Investigation 2013.01.14/RedOctober 2013.01.14/RedOctober Detail 2013.01.14/Red October Detailed Malware Description 1 First Stage of Attack 2013.01.14/Red October Detailed Malware Description 2 Second Stage of Attack 2013.01.14/Red October Detailed Malware Description 3 Second Stage of Attack 2013.01.14/Red October Detailed Malware Description 4 Second Stage of Attack 2013.01.14/Red October Detailed Malware Description 5 Second Stage of Attack 2013.01.18/McAfee Labs Threat Advisory Exploit Operation Red Oct 2013.02.12/Targeted Cyber Attacks 2013.02.18/APT 1 2013.02.22/Comment Crew 2013.02.26/Stuxnet 0.5 2013.02.27/Miniduck Mystery 2013.02.27/Miniduke Indicators 2013.03.13/FinFisher 2013.03.17/Safe - A targeted threat 2013.03.20/The teamspy story 2013.03.20/Operation Troy 2013.03.21/Darkseoul - Jokra Analysis and Recovery 2013.03.27/APT1 - Technical backstage 2013.03.28/PlugX Variant 2013.04.01/Trojan APT Bane Chant 2013.04.13/Winnti 2013.04.21/Mini Duke 2013.05.16/Targeted information stealing attacks in South Asia use email signed binaries 2013.05.20/OperationHangOver - Executive Summary 2013.05.20/Mini Duke Analysis 2013.05.20/Unveiling an Indian Cyberattack Infrastructure - appendixes 2013.05.20/Unveiling an Indian Cyberattack Infrastructure 2013.05.20/Operation Hangover 2013.06.00/Maudi Surveillance Operation 2013.06.01/Crude Faux 2013.06.04/The NET Traveller 2013.06.07/Key Boy 2013.06.18/Trojan APT Seinup 2013.06.21/Syrian Attack 2013.09.06/Evasive Tactics Taidoor 2013.10.24/Evasive Tactics - Terminator RAT 2013.10.24/Fakem RAT 2013.12.20/ETSO APT Attacks Analysis
2014 NA/Illuminating the Etumbot APT Backdoor NA/TR-25 Analysis - Turla - Pfinet - Snake- Uroburos NA/The 'Penquin' Turla NA/Operation Arachnophobia NA/New Indicators of Compromise for APT Group Nitro Uncovered NA/Democracy in Hong Kong Under Attack NA/Putter Panda NA/BLACKENERGY & QUEDAGH NA/Scanbox NA/Invincea NA/Targeted Attacks Against the Energy Sector NA/Hikit Analysis NA/ZoxPNG Analysis NA/The Rotten Tomato Campaign NA/THE REGIN PLATFORM NA/Uroburos NA/When Governments Hack Opponents: A Look at Actors and Technology NA/Dragonfly: Cyberespionage Attacks Against Energy Suppliers NA/The Epic Turla Operation NA/Embassy of Greece Beijing - Compromise NA/BlackEnergy2 - Plugins - Router NA/TOOHASH NA/The Monju Incident NA/Regin: Top-tier espionage tool enables stealthy surveillance NA/Energetic Bear – Crouching Yeti NA/Cat Scratch Fever: CrowdStrike Tracks Newly Reported Iranian Actor as FLYING KITTEN NA/Operation Poisoned Handover NA/FIN4 LIKELY PLAYING THE MARKET NA/SAFFRON ROSE NA/The mystery of North Korea’s cyber threat landscape NA/Forced to Adapt: XSLCmd Backdoor Now on OS X NA/Analysis of Chinese MITM on Google NA/Targeted Threat Index: Characterizing and Quantifying Politically-Motivated Targeted Malware NA/Aided Frame - Aided Direction (Because it’s a redirect) NA/Full Disclosure of Havex Trojans NA/El Machete NA/ScanBox framework NA/Zombie!Zero NA/Operation Poisoned Hurricane NA/OPERATION QUANTUM ENTANGLEMENT NA/XtremeRAT: Nuisance or Threat NA/Threat Spotlight: Group 72 NA/COSMICDUKE NA/Snake NA/Derusbi (Server Variant) Analysis NA/DEEP PANDA NA/SIDEWINDER NA/New CDTO: A Sneakernet Trojan Solution NA/NetTraveler APT Gets a Makeover for 10th Birthday NA/Cloud Atlas: RedOctober APT is back in style NA/The Uroburos case: new sophisticated RAT identified NA/LeoUncia and OrcaRat NA/OrcaRAT NA/APT 28: A Window into Russia’s Cyber Espionage Operations NA/Survival of the Fittest: New York Times Attackers Evolve Quickly NA/Korplug military targeted attacks: Afghanistan & Tajikistan NA/Miniduke still duking it out NA/Darwin’s Favorite APT Group 2014.01.21/RSA Incident Response: Emerging Threat Profile Shell_Crew 2014.02.11/Unveiling “Careto” - The Masked APT 2014.02.13/Operation SnowMan 2014.02.20/Operation GreedyWonk 2014.02.20/Mo’ Shells Mo’ Problems – File List Stacking 2014.02.20/Mo' Shells Mo' Problems - Deep Panda Web Shells 2014.02.20/Mo’ Shells Mo’ Problems – Web Server Log Analysis 2014.02.20/Mo’ Shells Mo’ Problems – Network Detection 2014.02.25/The French Connection 2014.03.06/The Siesta Campaign: A New Cybercrime Operation Awakens 2014.03.12/A Detailed Examination of the Siesta Campaign 2014.05.28/NEWSCASTER: An Iranian Threat Within Social Networks 2014.05.28/Iranian Hackers Targeted US Officials in Elaborate Social Media Attack Operation 2014.07.07/Deep in Thought: Chinese Targeting of National Security Think Tanks 2014.07.11/The Eye of the Tiger Part 2 2014.07.11/Pitty_Tiger_Final_Report 2014.07.20/Sayad (Flying Kitten) Infostealer 2014.07.29/Threat Group-3279 Targets the Video Game Industry 2014.08.13/A Look at Targeted Attacks Through the Lense of an NGO 2014.08.18/Syrian Malware, the ever-evolving threat 2014.08.18/The Syrian Malware House of Cards 2014.10.22/Operation Pawn Storm 2014.11.10/DARKHOTEL IOC 2014.11.10/The Darkhotel APT 2014.11.13/Operation CloudyOmega 2014.11.14/OnionDuke 2014.11.20/EvilBunny 2014.11.21/Operation DoubleTap 2014.11.24/I am Ironman: DEEP PANDA Uses Sakula Malware to Target Organizations in Multiple Sectors 2014.12.02/Operation Cleaver 2014.12.03/Operation Cleaver: The Notepad Files 2014.12.09/The Inception Framework: Cloud-hosted APT 2014.12.10/W32.Regin Stage 1 2014.12.10(1)/W64.Regin Stage 1 2014.12.12(1)/Vinself now with steganography 2014.12.17/Wiper Malware 2014.12.18/Malware Attack Targeting Syrian ISIS Critics 2014.12.19/Alert (TA14-353A) 2014.12.21/Operation Poisoned Helmand 2014.12.22/Anunak: APT against financial institutions
2015 2015.01.11/Hong Kong SWC Attack 2015.01.12/Skeleton Key Analysis 2015.01.15/Agent.BTZ to ComRAT 2015.01.20/Project Cobra 2015.01.20/Inception APT Analysis 2015.01.22/Regin Hopscotch Legspin 2015.01.22/Scarab Russian 2015.01.22/WaterBug Attack 2015.01.27/Qwerty Keylogger 2015.01.29/Trojan Skelky 2015.01.29/P2P PlugX 2015.02.02/Behind the syria conflict 2015.02.04/PawnStorm 2015.02.10/Global Threat Intel Report 2015.02.16/Carbanak APT 2015.02.16/Equation group questions and answers 2015.02.16/Star of the malware galaxy 2015.02.16/Operation arid viper 2015.02.17/Desert Falcons APT 2015.02.17/A Fanny Equation 2015.02.18/Babar 2015.02.18/Shooting Elephants 2015.02.24/Scanbox 2015.02.25/Plugx goes to the registry and india 2015.02.25/Southeast asia threat landscape 2015.02.27/the anthem hack all roads lead to china 2015.02.27/The Anthem Hack All Roads Lead to China - ThreatConnect Enterprise Threat Intelligence Platform 2015.02.27/Anthem hack all roads lead to China 2015.03.05/Casper Malware 2015.03.06/Animals in the APT Farm 2015.03.06/Babar or Bunny 2015.03.10/Tibetan Uprising Day Malware Attacks 2015.03.11/Equation Drug 2015.03.19/Goldfish Phishing 2015.03.31/Volatile Cedar 2015.04.12/APT 30 2015.04.15/The Chronicles of the Hellsing APT 2015.04.15/Indicators of Compormise Hellsing 2015.04.16/Operation Pawn S 2015.04.18/Operation RussianDoll 2015.04.20/Sofacy II 2015.04.21/The CozyDuke APT 2015.04.22/CozyDuke 2015.04.27/Attacks against Israeli & Palestinian interests 2015.05.05/Attacks on France TV5 Monde 2015.05.07/Kraken 2015.05.12/APT 28 2015.05.12/Apt 28 2015.05.13/Cylance SPEAR Team 2015.05.14/The Naikon APT 2015.05.14(1)/Operation Tropic Trooper 2015.05.18/Cmstar Downloader 2015.05.19/Operation oil tanker 2015.05.21/TheNaikonAPT-MsnMM1 2015.05.21/TheNaikonAPT-MsnMM2 2015.05.26/Dissecting-LinuxMoose 2015.05.27/ANALYSIS ON APT-TO-BE ATTACK THAT FOCUSING ON CHINAS GOVERNMENT AGENCY 2015.05.27/Black Energy 2015.05.28/Grabit 2015.05.29/Ocean Lotus 2015.06.03/Thamar Reservoir 2015.06.04/Blue Termite 2015.06.09/Duqu 2.0 Win32K Exploit 2015.06.10/The Mystery of Duqu 2.0 2015.06.10/Duqu 2.0 Yara rules 2015.06.10/Duqu 2.0 2015.06.12/Afghan Government Compromise - Browser Beware 2015.06.15/Targeted Attacks against Tibetan and Hong Kong Groups Exploiting CVE-2014-4114 2015.06.16/Operation Lotus Blossom 2015.06.22/Winnti targeting pharmaceutical companies 2015.06.24/Unfinished Business 2015.06.26/Operation Clandestine Wolf 2015.06.26/OperationClandestineWolf 2015.06.28/APT on Taiwan 2015.06.30/Dino 2015.07.08/APT CVE-2015-5119 2015.07.08/Wild Neutron 2015.07.09/Butterfly 2015.07.10/APT group ups targets us gov 2015.07.13/Forkmeiam famous - Sea Duke 2015.07.13/Demonstrating Hustle 2015.07.14/Mini Dionis 2015.07.14/How pawn storms java zero day was used 2015.07.20/Watering Hole Aerospace CVE-2015-5122 IsSpace 2015.07.20/China Peace Palace 2015.07.22/Duke cloud Linux 2015.07.27/Apt29-Hammertoss 2015.07.28/Black Vine 2015.07.30/Operation Potao Express 2015.08.04/Terracotta VPN 2015.08.05/threat group - 3390 2015.08.08/Poison Ivy 2015.08.10/HTExploit Telemetry 2015.08.10/HT Exploit Topology. 2015.08.19/New Internet Explorer zero-day exploited in Hong Kong attacks 2015.08.20/Blue termite 2015.08.20/PlugX Threat Activity in Myanmar 2015.09.01/Rocket Kitten 2015.09.08/Musical chairs gh0st Malware 2015.09.08/Musical Chairs - gh0st Malware 2015.09.09/Satellite Turla APT 2015.09.09/Satellite Turla APT Command and Control in the Sky 2015.09.15/PlugX in Russia 2015.09.15/PlugX 2015.09.16/The Shadow Knows 2015.09.17/Operation Iron Tiger Appendix 2015.09.17/Operation Iron Tiger 2015.09.17/Dukes 2015.09.23/Project CameraShy 2015.10.03/Webmail Server APT 2015.10.05/threat identification 2015.10.15/Fin Fishers 2015.10.16/NGO Burmese Govt 2015.11.04/Evoling Threats 2015.11.09/Rocket Kitten 2015.11.10/Bookworm Trojan 2015.11.17/Pinpointing Targets Exploiting Web Analytics To Ensnare Victims 2015.11.18/Sakula Reloaded 2015.11.18/tdrop 2 2015.11.18/Amballa discovers new toolset 2015.11.18/Russian financial cybercrime 2015.11.18/Destover 2015.11.19/Emdivi 2015.11.19/Revealing the attack operations targeting Japan 2015.11.23/Prototype nation 2015.11.23/Prototype Nation - The Chinese Cybercriminal Underground in 2015 2015.11.23/Glass RAT 2015.11.23/Copy Kittens 2015.11.24/Bookworm Trojan 2015.11.30/Ponmocup 2015.12.01/China Based Threat Groups 2015.12.04/Sofacy APT 2015.12.07/Iran Based Attackers 2015.12.07/Fin1 targets boot record 2015.12.08/Packrat 2015.12.08/Packrat report 2015.12.13/Elise 2015.12.15/Newcomers in the Derusbi family 2015.12.16/operation black atlas part 2 tools and malware used and how to detect them 2015.12.16/Operation Black Atlas - Indicators_of_Compromise 2015.12.16/operation black atlas 2015.12.16/Operation Black Atlas - Technical Brief 2015.12.17/APT 28 2015.12.16/Inocnationcampaign 2015.12.18/Operation Lotus Blossom 2015.12.20/The EPS Awakens 2015.12.22/BBSRAT Roaming Tiger
2016
2017
2018
2019
2020
APT samples
APT1 | Comment Crew | [China’s People’s Liberation Army (PLA)] About: APT1 | Comment Crew Report: Mandiant: Exposing One of China’s Cyber Espionage Units
APT3 | Gothic Panda | [People's Republic of China] About: APT3 | Gothic Panda | UPS Team Report: Symantec: Buckeye: Espionage Outfit Used Equation Group Tools Prior to Shadow BrokersLeak Sample: Buckeye
APT-C-23 | AridViper [Arab Republic of Egypt] About: APT-C-23 | AridViper Report: TrendMicro: Espionage Campaign Sphinx Goes Mobile With Anubis Spy Sample: Frozen Cell
APT28 | Fancy Bear | Sofacy Group | [Russian Federation] About: Fancy Bear | APT28 | Sofacy Group Article: Homeland Security: Enhanced Analysis of GRIZZLY STEPPE Article: Palo Alto: New Go Variant of Zebrocy Article: ESET Datasheet Lojax Article: ZLAB: Operation Roman Holiday APT28 Group Article: McAfee: Threat Group APT28 Slips Office Malware into Doc Citing NYC Terror Attack Article: ESET: Sednit Part 1: Approaching The Target Article: ESET: Sednit Part 2: Observing The Comings And Goings Article: ESET: Sednit Part 3: A Mysterious Downloader Article: APT28: A Window Into Russias Cyber Espionage Operations Article: APT28: At The Center Of The Storm Article: BitDefender: APT28 Under The Scope Article: BitDefender: Dissecting The APT28 MacOSX Payload Samples: APT28 Collection General: APT28.01bca6481a3a55dc5de5bfa4124bba47d37018d8ee93e5dbb80a60a14f243889.bin APT28.121407a9bced8297fbbdfb76ae79f16fe9fa0574deee21a44dfb56d5b1deb999.bin APT28.1aa4ad5a3f8929d61f559df656c84326d1fe0ca82a4be299fa758a26e14b1b27.bin APT28.5b52bc196bfc207d43eedfe585df96fcfabbdead087ff79fcdcdd4d08c7806db.bin APT28.ActConv.dll.a5b68575ac4fbe83c23ff991ad0d5389f51a2aef71ee3c2277985c68361cf1cc APT28.bin.1de6d9db409bef73e3585fc08f98b30e2757ec87830e6f84ba85c39210aa962b APT28.Cannon.bin.aeaca9985b50ebe1db0fcda9b3fbf02275d17737b748963b63c14da3e988d801 APT28.CannonImplant.bin.aeaca9985b50ebe1db0fcda9b3fbf02275d17737b748963b63c14da3e988d801 APT28.CTLNetwork.bin.dea3a99388e9c962de9ea1008ff35bc2dc66f67a911451e7b501183e360bb95e APT28.Esert.dll.fd39d2837b30e7233bc54598ff51bdc2f8c418fa5b94dea2cadb24cf40f395e5 APT28.FancyImplant.bin.044f8ab501090fd77ae6e9ebf57e7fba9041be7ab986ce58f38583f4839a5126 APT28.GoVariantImplant.bin.93680d34d798a22c618c96dec724517829ec3aad71215213a2dcb1eb190ff9fa APT28.GRIZZLYSTEPPE.40ae43b7d6c413becc92b07076fa128b875c8dbb4da7c036639eccf5a9fc784f APT28.GRIZZLYSTEPPE.4845761c9bed0563d0aa83613311191e075a9b58861e80392914d61a21bad976 APT28.Implant.bin.489a1b13b5ec415f24bc4f1b4ed6c6e0bdc50ae95513645a839655bc75d4d9d6 APT28.MacOSKomplexFancyBear.bin.96a19a90caa41406b632a2046f3a39b5579fbf730aca2357f84bf23f2cbc1fd3 APT28.npmproxy.dll.b40909ac0b70b7bd82465dfc7761a6b4e0df55b894dd42290e3f72cb4280fa44 APT28.TaskRec.e2bea753318d715dfc2f186c49ae3e9c404d0f5df52e959ea546f78a3624bc3b APT28.Unknown.Scanpass.bin.e05de3e4a03369192856a167f2865eab3062a102b23bfdde5c0f622b39cd159a APT28.wmsApplication.exe.6f2589be92c2d0fa6050e52fbedb967c2590a8abbc4a9459fb7f78bc52407195 Lojax: 430cbf950f9cea3f77374145f488a104f4ab664edca448effacbf2f8ba01b901 7ea33696c91761e95697549e0b0f84db2cf4033216cd16c3264b10daa31f598c 81e96c07e6c9cb02f72c0943a42ff9f8f09a09c508f8bbaa1142a9ee4f1326cf c28ad61fc748c08e8714cb247e741b736ebf0d9dfbcc3579f66fe3168326f61 d0e9f0c79da838bd71a1c4ba6c5c9382569941dc38e7fa2c92009b364673d498 Lojack.bin.6d626c7f661b8cc477569e8e89bfe578770fca332beefea1ee49c20def97226e Lojack.dll.bin.aa5b25c969234e5c9a8e3aa7aefb9444f2cc95247b5b52ef83bf4a68032980ae 060448ffd71fe2edbb5fe7c6298ad2b077e57fa6ed6d4250fbd799dd85488843 0860f29226069a732f988cb70ea6d51057d204d421bb709b8e759376b0c4d201 27dd9de09e22efa2ef12e9e2f462fa9da83684bdb4ec900dd86439c5758107d9 37f15647c26d475db805048d6592aa153533ac5f4373145c75e24012a51ad9f8 500f426f98d4c00d29825f976b9457a274aed781a560a60e89cba4805cd47186 539cdc37c34eebb28a74f0dceeee0331e6ac6f4682e55fddd69d6f9de7ab9b77 634795a3acbae8964bb31e3ebed7f29208844978a512fc26a8b9a51901f9cab9 a97b1a792f7b53929a1c01bad9fc2bd606a15e8e32755daa15570e356baa0112 dcbfd12321fa7c4fa9a72486ced578fdc00dcee79e6d95aa481791f044a55af3 eb4e174db15646f71cb1d2c471e5794a8429ca29369c8eff6042122cc6dc6845 XTunnel: XAgent64.bin.fd39d2837b30e7233bc54598ff51bdc2f8c418fa5b94dea2cadb24cf40f395e5 X-AgentTrojan.bin.b814fdbb7cfe6e5192fe1126835b903354d75bfb15a6c262ccc2caf13a8ce4b6 XTunnel.4845761c9bed0563d0aa83613311191e075a9b58861e80392914d61a21bad976 XTunnel.be2e58669dbdec916f7aaaf4d7c55d866c4f38ac290812b10d680d943bb5b757 XTunnelImplant.854a522a113b6413ff4db5f0ba0aec98cba3c5ef386311660f6dabab26f6aa14 Zeka: Zeka.Apt.6.10.2018.c6e95fb89df8e84eb21b3ce6b8947ce2 Zeka.Implant.07.21.2018.8c2f9832b38b4c10f3b5b7924379d599 Zeka.Implant.11.06.2018.1bcf064650aef06d83484d991bdf6750 ZekapabImplant.07.30.2018.d1755976a6f7e1cbf21132ac4fdcf553
APT32 | OceanLotus | [Vietnam] About: OceanLotus | APT32 Report: The SpyRATs of OceanLotus Report: OceanLotus: macOS malware update Report: ESET: OceanLotus: Old techniques, new backdoor Report: OceanLotus Steganography: Malware Analysis White Paper Report: 腾讯安全我“海莲花”(OceanLotus) 2019年针对中国攻击活动汇总 Report: APT32: OceanLotus (CN) Sample: OceanLotus Samples General: Denis.a17d4568ad5f745d36fc17846d3e0edf63d4e3c9fccb9861579e957f7a560217 Denis.bdb83301a470d202480274df161638f83f8f26e7dda131a11b89a5a3d8259c73 Korplug.4ce7c9e9ca6f785921921de4d0b75c5436cd0d760ac71ddb30b8c5a610ae34dd Salgorea.06dec0082eac094dc0b4b3de8854f190f1d3112dada0d414d9a085a0ee309199 wwlib.dll_000176573_c__programdata_Intel.dll.dbc48b33e2ee74c33394834d1f7a71beddaac5ec1840e7765e10c3cac0f7e8ee wwlib.dll_000176573_c__programdata_Offices.dll.6d027be0919c64131edb7c06d514cddfb2213da51267bef626085314fb3f82ef APKs: framaroot-xpro.apk.1da8576c8e67c5f283ac841eb9a958e8507262e205be592edee0406359ef75f6 TOS_Multi_Backup_V1.1.apk.2be1718b4d55f80444223c4cccfc782aeaf27769354fa1661b1257a29475a07e Unnamed.015d5b3d5d2e968a36dfec32dfaba68a83807d7ab3a683c7123b716fc7024668 Unnamed.1253f09102312bb5e61782d9ff71f41d489fdc4f8a67f1bc27787e4bbdb26684 Unnamed.12d6e46e9ce5156404f6df86c7f6e5991d3e59c44c137c44642c7f758a733b27 Unnamed.17d16530c9e5504dd216bca083ec5435f9fa705600526dec48c51ab5b89cd699 Unnamed.44bbeb4031b186e01f422dc09e16412accd3e799420f2de3881395e755574b9a Unnamed.49450b20434db9806e2a6742990561103a38fbf425e4cbba7bc573c152ba9c10 Unnamed.4abc3eece7f22cf5f4b4bb1b9a3aea504ba8946ba87c3f1ab0e64dfdfc1206b4 Unnamed.4c3a3e1ce7cd76e9f54235583d7d8ad773cdd6c840f884e2e532d075cdab2e0a Unnamed.5b60293edc32bd8413a8ee998e8580649900bfb53b630ed7f719215e1c3ea0b4 Unnamed.5d5141f296440289f9c6262f9fed60b7fb88b71f5b0a1e3640df707edbfb8e89 Unnamed.60553e12285d2ce48fd6bff1fcb29d16946132159fad7d71cdb1eea57eb2e229 Unnamed.733fca200a35031f9933c8ddf19b17de4244f4f8ea51ee038515c547ec9d7958 Unnamed.7d65714bc3661a7c3c38da4f285c630cd47a57f6fbe1b90b84eb326c71e6ef75 Unnamed.8363d20b7e0ed942b0f281b1eadeb8bd0baf120ce2f85f06d9c5f5524a2da60a Unnamed.8e18fcf528161509a04791473b6fa16982f0ec787909fcc7cafc7a8a28f3b23a Unnamed.938d934eba3a32a5466e7ad42cd8b3a8fd9f761d77e79e2b3a2fee8d68f313be Unnamed.ab84c15b254d101bb5b49d9017b2cb67a21efdf14bc8f4d5fef9fc1a27aadf93 Unnamed.b463cd0623e6a054aab95551821559b264f516630ed730bf4b5fe69fc558a338 Unnamed.bdcd8e89ebf8c24096981bc8d4c5b6bbf5f6b09399b97fa7484a67052c5973e8 Unnamed.d2c94a079624e30fa0297d675ed960f58be2b4fabca68a0886b253391e41ca45 Unnamed.e1808c00f13ea67a19b58f5a724743cc2bac01986e134ee236ba7a2aae319d78 Unnamed.f39c8e05175725547888c1e485a6fa90dc030f2e1c987277a7ebbc68fe7aa98b Unnamed.Jar.192e059ead09d51992197b659f1ae90144a175d1b84570588712b360e76cd1b2
APT33 | APT34 | APT 39 | [Islamic Republic of Iran] About: APT33 Report: GReAT: From Shamoon to StoneDrill Sample: Shamoon 2.0 | StoneDrill About: APT34 Report: Researchers Link GreenBug Cyber Spy Group to Shamoon Sample: Greenbug About: FireEye: APT39 Report: Security Intelligence: Observations of ITG07 Cyber Operations Sample: Operation ITG07
APT37 | Reaper | [Democratic People's Republic of Korea] About: APT37 | Reaper Report: Intezer: APT37: Final1stspy Reaping the Free Milk Sample: Final1stSpy
Equation Group | [United States of America] About: Equation Group Paper: GReAT: From Houston with Love Sample: From Houston with Love Report: VirusTotal Report Sample: DoubleFantasy Variant Paper: GReAT: The Death Star of Malware Galaxy Sample: Equation Drug Installer Sample: Equation Laser Sample: Fanny Sample: Grayfish Sample: Grok Sample: SD_IP_CF.dll (Unnamed Variant) Sample: TripleFantasy Article: Wikipedia: Flame (Malware) Sample: Flame | Flamer | Skyswiper Article: GReAT: Equation Group Questions and Answers Sample: HDD Firmware Operation
Lazarus Group | [Democratic People's Republic of Korea] About: Lazarus Group Report: McAfee: Operation Sharpshooter Sample: SharpShooter Report: GReAT: MATA: Multi-platform targeted malware framework Sample: Linux + MacOS MATA Samples 7222020 Sample: Windows MATA Samples Windows
Transparent Tribe | [Islamic Republic of Pakistan] About: Transparent Tribe Report: GReAT: Transparent Tribe: Evolution analysis Sample: Crimson Rat
Platinum Group | [Unknown Origin] About: Platinum Group Report: GReAT: Titanium: the Platinum group strikes again Sample: Titanium
Sandworm Team | Voodoo Bear | [Russian Federation] About: Sandworm Team Report: Malpedia: BlackEnergy Sample: Black Energy Report: ESET: GreyEnergy: A Successor to BlackEnergy Sample: GreyEnergy
Turla Group | Venomous Bear | [Russian Federation] About: Turla Group Report: Malpedia: Kazuar RAT Sample: Kazuar RAT
Sidewinder APT | [Republic of India]
[Unknown Group] | [Unknown Origin] Report: GReAT: MosaicRegressor: Lurking in the Shadows of UEFI Sample: MosaicRegressor UEFI modules Report: GReAT: OlympicDestroyer is here to trick the industry Sample: Olympic Destroyer Report: US Department of Homeland Security: Chinese Remote Access Trojan: TAIDOOR Sample: Chinese Remote Access Trojan: TAIDOOR Report: GReAT: APT Slingshot Sample: Slingshot Report: GReAT: Operation ShadowHammer: a high-profile supply chain attack Sample: ShadowHammer Report: The Mystery of Duqu 2.0: a sophisticated cyberespionage actor returns Sample: Doqu Dropper Report: More evil: A deep look at Evilnum and its toolset Sample: PyVil Report: GReAT: Dark Tequila Añejo Sample: DarkTequila Report: VirusTotal Report Sample: Slothful Media