admin/APT_REPORT
1
0
Fork 0
mirror of https://github.com/blackorbird/APT_REPORT.git synced 2025-06-02 03:30:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update README.MD

Browse Source
This commit is contained in:
blackorbird 2022-03-25 09:59:08 +08:00 committed by GitHub
parent cd14d3f26e
commit 5dfaecac1b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 128 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

128
summary/2022/README.MD
View File

@ -3,3 +3,131 @@ threat summary report
Spam and phishing in 2021
https://securelist.com/spam-and-phishing-in-2021/105713/
list:
1. https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/
2. https://www.bleepingcomputer.com/news/security/lazarus-hackers-target-researchers-with-trojanized-ida-pro/
3. https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/
4. https://blogs.jpcert.or.jp/en/2021/01/Lazarus_malware2.html
5. http://blog.nsfocus.net/stumpzarus-apt-lazarus/
6. https://blog.malwarebytes.com/awareness/2021/02/north-korean-hackers-charged-with-1-3-billion-of-cyberheists/
7. https://securelist.com/lazarus-threatneedle/100803/
8. https://blog.sygnia.co/lazarus-groups-mata-framework-leveraged-to-deploy-tflower-ransomware?hsLang=en
9. https://blogs.jpcert.or.jp/en/2021/03/Lazarus_malware3.html
10. https://www.welivesecurity.com/2021/04/08/are-you-afreight-dark-watch-out-vyveva-new-lazarus-backdoor/
11. https://blog.group-ib.com/btc_changer
12. https://blog.malwarebytes.com/threat-intelligence/2021/04/lazarus-apt-conceals-malicious-code-within-bmp-file-to-drop-its-rat/
13. https://www.estsecurity.com/enterprise/security-center/notice/view/59449?category-id=
14. https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/lazarus-recruitment/
15. https://ti.qianxin.com/blog/articles/Analysis-of-attacks-by-Lazarus-using-Daewoo-shipyard-as-bait/
16. https://mp.weixin.qq.com/s/MBH8ACSTfC6UGzf2h1BuhA
17. https://cybersecurity.att.com/blogs/labs-research/lazarus-campaign-ttps-and-evolution
18. https://ti.qianxin.com/blog/articles/Lazarus'-Recent-Attack-Campaign-Targeting-Blockchain-Finance-and-Energy-Sectors/
19. https://securelist.com/apt-trends-report-q3-2021/104708/
20. https://usa.kaspersky.com/about/press-releases/2021_apt-actor-lazarus-attacks-defense-industry-develops-supply-chain-attack-capabilities
21. https://asec.ahnlab.com/ko/28527/
22. https://twitter.com/esetresearch/status/1458438155149922312
23. https://mp.weixin.qq.com/s/ZMnO3Q6MAxafmOOO2cQMfw
24. https://www.nknews.org/pro/dprk-hackers-use-south-korean-servers-and-google-drive-to-hide-malware-attack/
25. https://blog.alyac.co.kr/3489
26. https://blog.alyac.co.kr/3525
27. https://blog.alyac.co.kr/3536
28. https://blog.alyac.co.kr/3550
29. https://www.estsecurity.com/enterprise/security-center/notice/view/22734?category-id=5
30. https://blog.alyac.co.kr/3624
31. https://apt.360.cn/report/apts/171.html
32. https://ti.qianxin.com/blog/articles/Analysis-on-the-attack-activities-of-Kimsuky-APT-using-the-Foreign-Ministry-of-South-Korea-as-bait/
33. https://blog.malwarebytes.com/threat-intelligence/2021/06/kimsuky-apt-continues-to-target-south-korean-government-using-appleseed-backdoor/
34. https://www.freebuf.com/articles/paper/278762.html
35. https://mp.weixin.qq.com/s/y4TGzrhr2rvVk5EAca91hA
36. https://asec.ahnlab.com/ko/25351/
37. https://www.freebuf.com/articles/paper/281985.html
38. https://mp.weixin.qq.com/s/BvP00a-33OOmbcdwDkeqeg
39. https://www.boannews.com/media/view.asp?idx=99543
40. https://www.boannews.com/media/view.asp?idx=99543
41. https://inquest.net/blog/2021/08/23/kimsuky-espionage-campaign
42. https://blog.alyac.co.kr/4130
43. https://asec.ahnlab.com/ko/27166/
44. https://mp.weixin.qq.com/s/sautIOi__PCf4Y_tfdj1zg
45. https://blog.talosintelligence.com/2021/11/kimsuky-abuses-blogs-delivers-malware.html%EF%BB%BF
46. https://blog.malwarebytes.com/threat-analysis/2021/01/retrohunting-apt37-north-korean-apt-used-vba-self-decode-technique-to-inject-rokrat/
47. https://www.volexity.com/blog/2021/08/17/north-korean-apt-inkysquid-infects-victims-using-browser-exploits/
48. https://blog.malwarebytes.com/threat-intelligence/2021/08/new-variant-of-konni-malware-used-in-campaign-targetting-russia/
49. https://www.volexity.com/blog/2021/08/24/north-korean-bluelight-special-inkysquid-deploys-rokrat/
50. https://securelist.com/scarcruft-surveilling-north-korean-defectors-and-human-rights-activists/105074/
51. https://mp.weixin.qq.com/s/nyxZFXgrtm2-tBiV3-wiMg
52. https://www.anomali.com/blog/primitive-bear-gamaredon-targets-ukraine-with-timely-themes
53. https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/
54. https://blog.netlab.360.com/rotajakiro_vs_oceanlotus_cn/
55. https://ti.qianxin.com/blog/articles/Operation-OceanStorm:The-OceanLotus-hidden-under-the-abyss-of-the-deep/
56. https://www.amnestyusa.org/reports/vietnamese-activists-targeted-by-notorious-hacking-group/
57. https://mp.weixin.qq.com/s/WnKc0JbjA5_IsjPFSzFoYA
58. https://mp.weixin.qq.com/s/NUjR3qVE0PJXULgGc3Edow
59. https://mp.weixin.qq.com/s/8nP27nQKD_6OE-igggFDww
60. https://www.4hou.com/posts/2Drj
61. https://ti.qianxin.com/blog/articles/%22operation-magichm%22:CHM-file-release-and-subsequent-operation-of-BITTER-organization/
62. https://ti.qianxin.com/blog/articles/Donot-uses-Google-Drive-to-distribute-malware/
63. https://ti.qianxin.com/blog/articles/Analysis-of-the-Donot-group's-attack-campaign-using-RTF-template-injection-against-the-neighbourhood/
64. https://mp.weixin.qq.com/s/RC1S7yrYT-o9oyPHkPE-ow
65. https://ti.qianxin.com/blog/articles/Sidecopy-dual-platform-weapon/
66. https://mp.weixin.qq.com/s/C09P0al1nhsyyujHRp0FAw
67. https://ti.dbappsecurity.com.cn/blog/articles/2021/02/10/windows-kernel-zero-day-exploit-is-used-by-bitter-apt-in-targeted-attack-cn/
68. https://resources.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict
69. https://www.antiy.com/response/20210222.html
70. https://mp.weixin.qq.com/s/ELYDvdMiiy4FZ3KpmAddZQ
71. https://blog.cyble.com/2021/04/21/donot-team-apt-group-is-back-to-using-old-malicious-patterns/
72. https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html
73. https://ti.qianxin.com/blog/articles/SideWinder-arsenal-update:Analysis-of-attack-activity-against-Pakistan-using-foreign-policy/
74. https://ti.qianxin.com/blog/articles/Analysis-of-the-APT-Group-Donot's-Attack-Campaign-Using-the-Impact-of-the-Afghan-Withdrawal-as-Bait/
75. https://ti.qianxin.com/blog/articles/Analysis-of-recent-attacks-by-Transparent-Tribe-using-Indian-Defense-Ministry-meeting-minutes-as-bait/
76. https://www.trendmicro.com/en_us/research/21/h/confucius-uses-pegasus-spyware-related-lures-to-target-pakistani.html
77. https://mp.weixin.qq.com/s/_LHJYgf6l9uFYMN23fUQAA
78. https://mp.weixin.qq.com/s/AhxP5HmROtMsFBiUxj0cFg
79. https://blog.cyble.com/2021/09/14/apt-group-targets-indian-defense-officials-through-enhanced-ttps/
80. https://www.amnesty.org/en/latest/news/2021/10/togo-activist-targeted-with-spyware-by-notorious-hacker-group/
81. https://ti.qianxin.com/blog/articles/Analysis-of-BITTER-APT-Group-for-the-Military-Industry-New-Attack-Activity/
82. https://mp.weixin.qq.com/s/CGHDuJAb4dav_th25yYpWA
83. https://mp.weixin.qq.com/s/MQgEVZVqQmcyOXVlEgpezA
84. http://blog.nsfocus.net/apt-sidecopy/
85. https://blog.malwarebytes.com/threat-intelligence/2021/12/sidecopy-apt-connecting-lures-to-victims-payloads-to-infrastructure/
86. https://ti.qianxin.com/blog/articles/SideCopy-APT-Group-Takes-Advantage-of-the-Fire/
87. https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf
88. https://unit42.paloaltonetworks.com/ironnetinjector
89. https://ti.qianxin.com/blog/articles/Analysis-of-attack-activities-of-APT28-using-high-carbon-ferrochrome-manufacturer-registration-form-as-bait/
90. https://blog.talosintelligence.com/2021/02/gamaredonactivities.html
91. https://www.mimecast.com/incident-report/
92. https://www.spiegel.de/politik/deutschland/russischer-hack-erneute-attacke-hack-auf-bundestag-sieben-abgeordnete-betroffen-a-75e1adbe-4462-4e30-bd94-96796aed6b8a
93. https://www.anomali.com/blog/primitive-bear-gamaredon-targets-ukraine-with-timely-themes
94. https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/
95. https://msrc-blog.microsoft.com/2021/06/25/new-nobelium-activity/
96. https://www.version2.dk/artikel/danmarks-nationalbank-hacket-led-verdens-mest-sofistikerede-hackerangreb-1092886
97. https://mp.weixin.qq.com/s/bJrEwoq4QkDJvEk_ThvueQ
98. https://www.bloomberg.com/news/articles/2021-07-06/russian-state-hackers-breached-republican-national-committee
99. https://www.zscaler.com/blogs/security-research/cloudfall-targets-researchers-and-scientists-invited-international-military
100. https://blog.talosintelligence.com/2021/09/tinyturla.html
101. https://services.google.com/fh/files/misc/gcat_threathorizons_full_nov2021.pdf
102. http://blog.nsfocus.net/solarwinds-foggyweb/
103. https://ti.qianxin.com/blog/articles/MKLG-Operation:Analysis-of-attacks-against-the-Middle-East-for-several-years/
104. https://ti.qianxin.com/blog/articles/SnowLeopard:Surveillance-activities-against-Pakistani-users-disclosed/
105. https://ti.qianxin.com/blog/articles/PyMICROPSIA-New-Trojan-for-AridViper/
106. https://ti.qianxin.com/blog/articles/PROMETHIUM-forged-NotePad++-installation-package-attack-campaign/
107. https://ti.qianxin.com/blog/articles/Molerats-Latest-Mobile-Attack-Tracking-Disclosure/
108. https://blog.certfa.com/posts/charming-kitten-christmas-gift/
109. https://www.anomali.com/blog/probable-iranian-cyber-actors-static-kitten-conducting-cyberespionage-campaign-targeting-uae-and-kuwait-government-agencies
110. https://ti.qianxin.com/blog/articles/MKLG-Operation:Analysis-of-attacks-against-the-Middle-East-for-several-years/
111. https://research.checkpoint.com/2021/irans-apt34-returns-with-an-updated-arsenal/
112. https://about.fb.com/wp-content/uploads/2021/04/Technical-threat-report-Arid-Viper-April-2021.pdf
113. https://mp.weixin.qq.com/s/o_EVjBVN2sQ1q7cl4rUXoQ
114. https://www.trendmicro.com/en_us/research/21/g/strongpity-apt-group-deploys-android-malware-for-the-first-time.html
115. https://ti.qianxin.com/blog/articles/SnowLeopard:Surveillance-activities-against-Pakistani-users-disclosed/
116. https://securelist.com/lyceum-group-reborn/104586/
117. https://ti.qianxin.com/blog/articles/APT-Q-63-Attack-Targeting-Palestinian-Areas-Using-Election-Information-as-Bait/
118. https://ti.qianxin.com/blog/articles/PROMETHIUM-forged-NotePad++-installation-package-attack-campaign/
119. https://ti.qianxin.com/blog/articles/PyMICROPSIA-New-Trojan-for-AridViper/
120. https://ti.qianxin.com/blog/articles/Operation-EICAR:-Targeted-hunting-activities-for-the-securities-and-finance-industry/
121. https://ti.qianxin.com/blog/articles/APT-Q-12-Attack-the-Trade-Industry/
122. https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/new-apt-group-chamelgang/#id0
123. https://research.checkpoint.com/2021/indra-hackers-behind-recent-attacks-on-iran/