admin/APT_REPORT
1
0
Fork 0
mirror of https://github.com/blackorbird/APT_REPORT.git synced 2025-06-12 02:04:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
APT_REPORT/README.md
blackorbird dca87639bc
Update README.md
2021-05-08 18:26:30 +08:00

217 lines
7.3 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# APT_REPORT collected by @blackorbird https://twitter.com/blackorbird
Interesting apt report & sample & malware & technology & intellegence collection
# APT Group for country
## Sample
### Group123
▶ScarCruft continues to evolve, introduces Bluetooth harvester
https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/
(May 13, 2019)
▶Group123 Attempts to attack 'printing paper' APT disguised as a guide to organization and conferences
https://blog.alyac.co.kr/2287
(May 2 , 2019)
▶Group123, APT attack impersonating Unification Ministry, spread malicious code to Google Drive
https://blog.alyac.co.kr/2268
(April 22 , 2019)
▶ group123 APT organization, 'Operation High Expert'
https://blog.alyac.co.kr/2226
(April 2 , 2019)
▶ Rocketman APT Campaign Returned to Operation Holiday Wiper
https://blog.alyac.co.kr/2089
(Jan 23, 2019)
▶ 'Operation Blackbird', the mobile invasion of the '
https://blog.alyac.co.kr/2035
(Dec 13, 2018)
▶ group123 'Operation Korean Sword' is underway
https://blog.alyac.co.kr/1985
(Nov. 16, 2018)
▶ group123 Group's latest APT campaign - 'Operation Rocket Man'
https://blog.alyac.co.kr/1853
(Aug. 22, 2018)
▶ group123, Flash Player Zero-Day (CVE-2018-4878) Attack Attention
https://blog.alyac.co.kr/1521
(Feb 02, 2018)
▶ 'group123' group 'survey on the total number of discovery of separated families in North and South'
https://blog.alyac.co.kr/1767
(July 28, 2014)
▶ Rocketman APT campaign, 'Operation Golden Bird'
https://blog.alyac.co.kr/2205
(March 20, 2013)
▶ Korea In The Crosshairs
https://blog.talosintelligence.com/2018/01/korea-in-crosshairs.html
(Jan 16, 2018)
▶FreeMilk: A Highly Targeted Spear Phishing Campaign
https://unit42.paloaltonetworks.com/unit42-freemilk-highly-targeted-spear-phishing-campaign/
(Oct 5, 2017)
### baby related kimsuky
▶BabyShark Malware Part Two Attacks Continue Using KimJongRAT and PCRat (April 26, 2019)
https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/
▶Operation Giant Baby, a giant threat (March 28, 2019)
https://blog.alyac.co.kr/2223
▶ Malicious code installed with coin purse program(Alibaba) (March 15, 2019)
https://asec.ahnlab.com/1209
▶ New BabyShark Malware Targets U.S. National Security Think Tanks (Feb. 22, 2019)
https://unit42.paloaltonetworks.com/new-babyshark-malware-targets-u-s-national-security-think-tanks/
▶ Korea's latest APT attack, Operation Mystery Baby Attention! (Feb 11, 2018)
https://blog.alyac.co.kr/1963
▶ Returned to Korea as Operation Baby Coin, APT attacker, overseas target in 2010 (Apr. 19, 2014)
https://blog.alyac.co.kr/1640
### kimsuky
▶Kimsuky, Blue House Green Support / Sangchunjae Estimate
https://blog.alyac.co.kr/2645
▶Kimsuky, cyber security bureau Cryptographic Cases (May 28 , 2019)
https://blog.alyac.co.kr/2338
▶Kimsuky, Korea Cryptographic Exchange Event Impersonation APT Attack (May 28 , 2019)
https://blog.alyac.co.kr/2336
▶Kimsuky 'Fake striker' APT campaign aimed at Korea (May 20 , 2019)
https://blog.alyac.co.kr/2315
▶ Analysis of "Smoke Screen" in APT campaign aimed at Korea and America (April 17 , 2019)
https://blog.alyac.co.kr/2243
▶ Encrypted APT attack, Kimsuky organization's 'smoke screen' PART 2 (May 13 , 2019)
https://blog.alyac.co.kr/2299
▶ Kimsuky Organization, Operation Stealth Power Silence Operation (April 3 , 2019)
https://blog.alyac.co.kr/2234
▶ Kimsuky Organization, Watering Hole Started "Operation Low Kick"(March 21, 2019)
https://blog.alyac.co.kr/2209
### Jaku
▶ SiliVaccine: Inside North Koreas Anti-Virus (May 1, 2018)
https://research.checkpoint.com/silivaccine-a-look-inside-north-koreas-anti-virus/
### Lazarus
▶Lazarus Group Goes 'Fileless'an implant w/ remote download & in-memory execution
https://objective-see.com/blog/blog_0x51.html
▶LAZARUS APT TARGETS MAC USERS WITH POISONED WORD DOCUMENT
https://www.sentinelone.com/blog/lazarus-apt-targets-mac-users-poisoned-word-document/
### Konni
▶Konni's APT Group conducts attacks with Russian-North Korean trade and economic investment documents
https://blog.alyac.co.kr/2535
▶APT Campaign 'Konni' & 'Kimsuky' find commonality in organizations (June 10, 2019)
https://blog.alyac.co.kr/2347
▶Korean Kusa Konni Organization, Blue Sky Utilizing 'Amadey' Russia Botnet (May 16, 2019)
https://blog.alyac.co.kr/2308
▶The Konni APT Campaign and 'Operation Hunter Adonis' (Jan 1 ,2019)
https://blog.alyac.co.kr/2061
### Oceanlotus
▶Threat Spotlight: Ratsnif - New Network Vermin from OceanLotus (July 1, 2019)
https://threatvector.cylance.com/en_us/home/threat-spotlight-ratsnif-new-network-vermin-from-oceanlotus.html
▶Analysis report on the attack on mobile devices by Oceanlotus (May 24, 2019)
https://mp.weixin.qq.com/s/L-tCvLPOOMhP0ndgdqhkNQ
▶ Oceanlotus in the first quarter of 2019 for the attack technology of China.(April 24, 2019)
https://mp.weixin.qq.com/s/xPsEXp2J5IE7wNSMEVC24A
▶ Deobfuscating APT32 Flow Graphs with Cutter and Radare2 (April 24, 2019)
https://research.checkpoint.com/deobfuscating-apt32-flow-graphs-with-cutter-and-radare2/
▶ OceanLotus Steganography Malware Analysis White Paper (April 2 , 2019)
https://threatvector.cylance.com/en_us/home/report-oceanlotus-apt-group-leveraging-steganography.html
▶OceanLotus: macOS malware update(April 9 , 2019)
https://www.welivesecurity.com/2019/04/09/oceanlotus-macos-malware-update/
### APT28
▶ CB TAU Threat Intelligence Notification: Hunting APT28 Downloaders (April 5 , 2019)
https://www.carbonblack.com/2019/04/05/cb-threat-intelligence-notification-hunting-apt28-downloaders/
### Turla
▶ A dive into Turla PowerShell usage (May 29 , 2019)
https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/
### tick
▶ tick group new campaign, attack north korean and japan
https://www.ahnlab.com/kr/site/securityinfo/secunews/secuNewsView.do?curPage=1&menu_dist=2&seq=28186
(April 1 , 2019)
### Winnti
▶ bayer-says-has-detected-contained-cyber-attack (April 5 , 2019)
https://www.reuters.com/article/us-bayer-cyber/bayer-says-has-detected-contained-cyber-attack-idUSKCN1RG0NN
https://www.tagesschau.de/inland/hackerangriff-bayer-101.html
## Middle East Asia
### Muddywater
▶ Recent MuddyWater-associated BlackWater campaign shows signs of new anti-detection techniques(May 20,2019)
https://blog.talosintelligence.com/2019/05/recent-muddywater-associated-blackwater.html
### ZooPark
▶ APT-C-38 attack activity revealed (May 27,2019)
http://blogs.360.cn/post/analysis-of-APT-C-38.html
# APT Group for finance
### CARBANAK
▶ CARBANAK Week Part One: A Rare Occurrence (April 22, 2019)
https://www.fireeye.com/blog/threat-research/2019/04/carbanak-week-part-one-a-rare-occurrence.html
### londonblue (Nigeria)
▶ Evolving Tactics: London Blue Starts Spoofing Target Domains (April 4 , 2019)
PDF is in the folder
https://www.agari.com/email-security-blog/london-blue-evolving-tactics/
### Fin6
▶ Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware(April 5 , 2019)
https://www.fireeye.com/blog/threat-research/2019/04/pick-six-intercepting-a-fin6-intrusion.html
### Fin7
▶ On the Hunt for FIN7: Pursuing an Enigmatic and Evasive Global Criminal Operation (August 01, 2018)
https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html
Reference in New Issue View Git Blame Copy Permalink