diff --git a/2018/2018.04.27.OceanLotus_new_malware/CN_OceanLotus_new_malware.pdf b/2018/2018.04.27.OceanLotus_new_malware/CN_OceanLotus_new_malware.pdf new file mode 100644 index 0000000..64a30bb Binary files /dev/null and b/2018/2018.04.27.OceanLotus_new_malware/CN_OceanLotus_new_malware.pdf differ diff --git a/2018/2018.04.27.OceanLotus_new_malware/samples/9c37215fb07f2f6b42b054e91b4be5cfa3b3921c886049995ba10299f1eebca4.zip b/2018/2018.04.27.OceanLotus_new_malware/samples/9c37215fb07f2f6b42b054e91b4be5cfa3b3921c886049995ba10299f1eebca4.zip new file mode 100644 index 0000000..db79139 Binary files /dev/null and b/2018/2018.04.27.OceanLotus_new_malware/samples/9c37215fb07f2f6b42b054e91b4be5cfa3b3921c886049995ba10299f1eebca4.zip differ diff --git a/2018/2018.04.27.OceanLotus_new_malware/samples/e5c766ad580b5bc5f74acc8d2f5dd028c11495d2ce503de7c7a294f94583849d.zip b/2018/2018.04.27.OceanLotus_new_malware/samples/e5c766ad580b5bc5f74acc8d2f5dd028c11495d2ce503de7c7a294f94583849d.zip new file mode 100644 index 0000000..72b2ac5 Binary files /dev/null and b/2018/2018.04.27.OceanLotus_new_malware/samples/e5c766ad580b5bc5f74acc8d2f5dd028c11495d2ce503de7c7a294f94583849d.zip differ diff --git a/README.md b/README.md index d2a5250..96459e0 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,7 @@ Please fire issue to me if any lost APT/Malware events/campaigns. ## 2018 +* Apr 27 - [[Tencent] (CN) OceanLotus new malware analysis](https://s.tencent.com/research/report/471.html) | [Local](../../blob/master/2018/2018.04.27.OceanLotus_new_malware) * Apr 26 - [[CISCO] GravityRAT - The Two-Year Evolution Of An APT Targeting India](https://blog.talosintelligence.com/2018/04/gravityrat-two-year-evolution-of-apt.html) | [Local](../../blob/master/2018/2018.04.26.GravityRAT) * Apr 24 - [[FireEye] Metamorfo Campaigns Targeting Brazilian Users](https://www.fireeye.com/blog/threat-research/2018/04/metamorfo-campaign-targeting-brazilian-users.html) | [Local](../../blob/master/2018/2018.04.24.metamorfo-campaign) * Apr 24 - [[McAfee] Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide](https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/) | [Local](../../blob/master/2018/2018.04.24.Operation_GhostSecret) @@ -92,7 +93,7 @@ Please fire issue to me if any lost APT/Malware events/campaigns. * Nov 07 - [[McAfee] Threat Group APT28 Slips Office Malware into Doc Citing NYC Terror Attack](https://securingtomorrow.mcafee.com/mcafee-labs/apt28-threat-group-adopts-dde-technique-nyc-attack-theme-in-latest-campaign/#sf151634298) | [Local](../../blob/master/2017/2017.11.07.APT28_Slips_Office_Malware) * Nov 07 - [[Symantec] Sowbug: Cyber espionage group targets South American and Southeast Asian governments](https://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-south-american-and-southeast-asian-governments) | [Local](../../blob/master/2017/2017.11.07.sowbug-cyber-espionage-group-targets) * Nov 06 - [[Trend Micro] ChessMaster’s New Strategy: Evolving Tools and Tactics](http://blog.trendmicro.com/trendlabs-security-intelligence/chessmasters-new-strategy-evolving-tools-tactics/) | [Local](../../blob/master/2017/2017.11.06.ChessMaster_New_Strategy) -* Nov 06 - [[Volexity] OceanLotus Blossoms: Mass Digital Surveillance and Attacks Targeting ASEAN, Asian Nations, the Media, Human Rights Groups, and Civil Society](https://www.volexity.com/blog/2017/11/06/oceanlotus-blossoms-mass-digital-surveillance-and-exploitation-of-asean-nations-the-media-human-rights-and-civil-society/) | [Local](../../blob/master/2017/2017.11.06.oceanlotus-blossomsk) +* Nov 06 - [[Volexity] OceanLotus Blossoms: Mass Digital Surveillance and Attacks Targeting ASEAN, Asian Nations, the Media, Human Rights Groups, and Civil Society](https://www.volexity.com/blog/2017/11/06/oceanlotus-blossoms-mass-digital-surveillance-and-exploitation-of-asean-nations-the-media-human-rights-and-civil-society/) | [Local](../../blob/master/2017/2017.11.06.oceanlotus-blossomsk) * Nov 02 - [[PwC] The KeyBoys are back in town](http://www.pwc.co.uk/issues/cyber-security-data-privacy/research/the-keyboys-are-back-in-town.html) | [Local](../../blob/master/2017/2017.11.02.KeyBoys_are_back) * Nov 02 - [[Clearsky] LeetMX – a Yearlong Cyber-Attack Campaign Against Targets in Latin America](http://www.clearskysec.com/leetmx/) | [Local](../../blob/master/2017/2017.11.02.LeetMX) * Nov 02 - [[RISKIQ] New Insights into Energetic Bear’s Watering Hole Attacks on Turkish Critical Infrastructure](https://www.riskiq.com/blog/labs/energetic-bear/) | [Local](../../blob/master/2017/2017.11.02.Energetic_Bear_on_Turkish_Critical_Infrastructure)