diff --git a/2018/2018.08.28.CeidPageLock/ceidpagelock-a-chinese-rootkit.pdf b/2018/2018.08.28.CeidPageLock/ceidpagelock-a-chinese-rootkit.pdf new file mode 100644 index 0000000..0fe64ae Binary files /dev/null and b/2018/2018.08.28.CeidPageLock/ceidpagelock-a-chinese-rootkit.pdf differ diff --git a/2018/2018.08.28.CeidPageLock/hash.txt b/2018/2018.08.28.CeidPageLock/hash.txt new file mode 100644 index 0000000..9265692 --- /dev/null +++ b/2018/2018.08.28.CeidPageLock/hash.txt @@ -0,0 +1,3 @@ +C7A5241567B504F2DF18D085A4DDE559 +F7CAF6B189466895D0508EEB8FC25948 +1A179E3A93BF3B59738CBE7BB25F72AB diff --git a/2018/2018.08.28.CeidPageLock/samples/63af0d8406daba7eed8f713f3f429aec34cf7314f59870d00a5277959b482062.zip b/2018/2018.08.28.CeidPageLock/samples/63af0d8406daba7eed8f713f3f429aec34cf7314f59870d00a5277959b482062.zip new file mode 100644 index 0000000..1e3ccac Binary files /dev/null and b/2018/2018.08.28.CeidPageLock/samples/63af0d8406daba7eed8f713f3f429aec34cf7314f59870d00a5277959b482062.zip differ diff --git a/2018/2018.08.28.CeidPageLock/samples/e262ff88d7759a44d1aae01c5d31c6826113409973573a4ba12b9ab017289221.zip b/2018/2018.08.28.CeidPageLock/samples/e262ff88d7759a44d1aae01c5d31c6826113409973573a4ba12b9ab017289221.zip new file mode 100644 index 0000000..e4e648c Binary files /dev/null and b/2018/2018.08.28.CeidPageLock/samples/e262ff88d7759a44d1aae01c5d31c6826113409973573a4ba12b9ab017289221.zip differ diff --git a/README.md b/README.md index b4523ad..43c156f 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,7 @@ Please fire issue to me if any lost APT/Malware events/campaigns. * [APT search](https://cse.google.com/cse/publicurl?cx=003248445720253387346:turlh5vi4xc) ## 2018 +* Aug 28 - [[CheckPoint] CeidPageLock: A Chinese RootKit](https://research.checkpoint.com/ceidpagelock-a-chinese-rootkit/) | [Local](../../blob/master/2018/2018.08.28.CeidPageLock) * Aug 23 - [[Kaspersky] Operation AppleJeus: Lazarus hits cryptocurrency exchange with fake installer and macOS malware](https://securelist.com/operation-applejeus/87553/) | [Local](../../blob/master/2018/2018.08.23.Operation_AppleJeus) * Aug 21 - [[ESET] TURLA OUTLOOK BACKDOOR](https://www.welivesecurity.com/wp-content/uploads/2018/08/Eset-Turla-Outlook-Backdoor.pdf) | [Local](../../blob/master/2018/2018.08.21.Operation_Red_Signature) * Aug 21 - [[TrendMicro] Supply Chain Attack Operation Red Signature Targets South Korean Organizations](https://blog.trendmicro.com/trendlabs-security-intelligence/supply-chain-attack-operation-red-signature-targets-south-korean-organizations) | [Local](../../blob/master/2018/2018.08.21.Operation_Red_Signature)