2013 fix. part 2

2024-06-25 00:10:26 +00:00 · 2020-12-22 15:46:05 +08:00 · 2020-12-22 15:46:05 +08:00 · 38a2838188
commit 38a2838188
parent 028cca7d28
32 changed files with 55 additions and 29 deletions
--- a/2013/2013.00.00.APT_Attacks_on_Indian_Cyber_Space/Inside_Report_by_Infosec_Consortium.pdf
+++ b/2013/2013.00.00.APT_Attacks_on_Indian_Cyber_Space/Inside_Report_by_Infosec_Consortium.pdf
--- a/2013/2013.00.00.Dark_Seoul_Cyber_Attack/Dark_Seoul_Cyberattack.pdf
+++ b/2013/2013.00.00.Dark_Seoul_Cyber_Attack/Dark_Seoul_Cyberattack.pdf
--- a/2013/2013.00.00.Deep.Panda/crowdstrike-deep-panda-report.pdf
+++ b/2013/2013.00.00.Deep.Panda/crowdstrike-deep-panda-report.pdf
--- a/2013/2013.00.00.OPERATION_SAFFRON_ROSE/rpt-operation-saffron-rose.pdf
+++ b/2013/2013.00.00.OPERATION_SAFFRON_ROSE/rpt-operation-saffron-rose.pdf
--- a/2013/2013.01.02.SUPPLY_CHAIN_ANALYSIS/fireeye-malware-supply-chain.pdf
+++ b/2013/2013.01.02.SUPPLY_CHAIN_ANALYSIS/fireeye-malware-supply-chain.pdf
--- a/2013/2013.07.01.Gulf_States_APT/kashifali.ca-Targeted
+++ b/2013/2013.07.01.Gulf_States_APT/kashifali.ca-Targeted
--- a/2013/2013.07.15.PlugX_Smoaler/Plugx_Smoaler.pdf
+++ b/2013/2013.07.15.PlugX_Smoaler/Plugx_Smoaler.pdf
--- a/2013/2013.07.31.Hunting_the_Shadows/US-13-Yarochkin-In-Depth-Analysis-of-Escalated-APT-Attacks-Slides.pdf
+++ b/2013/2013.07.31.Hunting_the_Shadows/US-13-Yarochkin-In-Depth-Analysis-of-Escalated-APT-Attacks-Slides.pdf
--- a/2013/2013.07.31.ecrets_of_the_Comfoo_Masters/Secrets_of_the_Comfoo_Masters.pdf
+++ b/2013/2013.07.31.ecrets_of_the_Comfoo_Masters/Secrets_of_the_Comfoo_Masters.pdf
--- a/2013/2013.08.02.Smoke_Fire_South_Asian_Cyber_Espionage/India_Pak_Tranchulas.pdf
+++ b/2013/2013.08.02.Smoke_Fire_South_Asian_Cyber_Espionage/India_Pak_Tranchulas.pdf
--- a/2013/2013.08.02.Surtr_Targeting_Tibetan/Surtr_Malware_Tibetan.pdf
+++ b/2013/2013.08.02.Surtr_Targeting_Tibetan/Surtr_Malware_Tibetan.pdf
--- a/2013/2013.08.19.ByeBye_Shell/ByeBye_Shell_target.pdf
+++ b/2013/2013.08.19.ByeBye_Shell/ByeBye_Shell_target.pdf
--- a/2013/2013.08.21.POISON_IVY/LICENSE
+++ b/2013/2013.08.21.POISON_IVY/LICENSE
@ -0,0 +1,23 @@
+Copyright (c) 2013, FireEye, Inc.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+  Redistributions of source code must retain the above copyright notice, this
+  list of conditions and the following disclaimer.
+
+  Redistributions in binary form must reproduce the above copyright notice, this
+  list of conditions and the following disclaimer in the documentation and/or
+  other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
+ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
--- a/2013/2013.08.21.POISON_IVY/PIVY-Appendix.pdf
+++ b/2013/2013.08.21.POISON_IVY/PIVY-Appendix.pdf
--- a/2013/2013.08.21.POISON_IVY/PIVY-Calamine-HOWTO.mp4
+++ b/2013/2013.08.21.POISON_IVY/PIVY-Calamine-HOWTO.mp4
--- a/2013/2013.08.21.POISON_IVY/PIVY-Graph.mtgx
+++ b/2013/2013.08.21.POISON_IVY/PIVY-Graph.mtgx
--- a/2013/2013.08.21.POISON_IVY/README.md
+++ b/2013/2013.08.21.POISON_IVY/README.md
@ -0,0 +1,4 @@
+pivy-report
+===========
+
+Poison Ivy Appendix/Extras
--- a/2013/2013.08.21.POISON_IVY/rpt-poison-ivy.pdf
+++ b/2013/2013.08.21.POISON_IVY/rpt-poison-ivy.pdf
--- a/2013/2013.08.23.Operation_Molerats/fireeye.com-Operation
+++ b/2013/2013.08.23.Operation_Molerats/fireeye.com-Operation
--- a/2013/2013.09.11.Kimsuky_Operation/Kimsuky.pdf
+++ b/2013/2013.09.11.Kimsuky_Operation/Kimsuky.pdf
--- a/2013/2013.09.19.EvilGrab/2q-report-on-targeted-attack-campaigns.pdf
+++ b/2013/2013.09.19.EvilGrab/2q-report-on-targeted-attack-campaigns.pdf
--- a/2013/2013.09.21.Operation_DeputyDog/Operation_DeputyDog.pdf
+++ b/2013/2013.09.21.Operation_DeputyDog/Operation_DeputyDog.pdf
--- a/2013/2013.10.24.FakeM_RAT/wp-fakem-rat.pdf
+++ b/2013/2013.10.24.FakeM_RAT/wp-fakem-rat.pdf
--- a/2013/2013.10.24/evasive-tactics-terminator-rat.html.pdf
+++ b/2013/2013.10.24/evasive-tactics-terminator-rat.html.pdf
--- a/2013/2013.10.25.Terminator_RAT/FireEye-Terminator_RAT.pdf
+++ b/2013/2013.10.25.Terminator_RAT/FireEye-Terminator_RAT.pdf
--- a/2013/2013.11.10.Operation_Ephemeral_Hydra/Operation_EphemeralHydra.pdf
+++ b/2013/2013.11.10.Operation_Ephemeral_Hydra/Operation_EphemeralHydra.pdf
--- a/2013/2013.12.02.njRAT_Saga_Continues/FTA
+++ b/2013/2013.12.02.njRAT_Saga_Continues/FTA
--- a/2013/2013.12.20.ETSO/1401223631603288.pdf
+++ b/2013/2013.12.20.ETSO/1401223631603288.pdf
--- a/2013/2013.12.20.ETSO/ETSO_APT_Attacks_Analysis.pdf
+++ b/2013/2013.12.20.ETSO/ETSO_APT_Attacks_Analysis.pdf
--- a/2013/C5_APT_C2InTheFifthDomain.pdf
+++ b/2013/C5_APT_C2InTheFifthDomain.pdf
--- a/2013/Operation_Molerats.pdf
+++ b/2013/Operation_Molerats.pdf
--- a/README.md
+++ b/README.md
@ -1049,43 +1049,41 @@ APT28 group](http://csecybsec.com/download/zlab/20180713_CSE_APT28_X-Agent_Op-Ro
 * Jan 06 - [PlugX: some uncovered points](http://blog.cassidiancybersecurity.com/2014/01/plugx-some-uncovered-points.html)

 ## 2013
+* XXX XX - [[CERT-ISAC] Inside Report – APT Attacks on Indian Cyber Space]() | [:closed_book:](../../blob/master/2013/2013.00.00.APT_Attacks_on_Indian_Cyber_Space)
 * XXX XX - [[KPMG] Energy at Risk: A Study of IT Security in the Energy and Natural Resources Industry]() | [:closed_book:](../../blob/master/2013/2013.00.00.Energy_at_Risk)
 * XXX XX - [[FireEye] THE LITTLE MALWARE THAT COULD: Detecting and Defeating the China Chopper Web Shell](https://www.fireeye.com/content/dam/FireEye-www/global/en/current-threats/pdfs/rpt-china-chopper.pdf) | [:closed_book:](../../blob/master/2013/2013.00.00.China_Chopper_Web_Shell)
-* ??? ?? - [Deep Panda](http://www.crowdstrike.com/sites/default/files/AdversaryIntelligenceReport_DeepPanda_0.pdf) (OFFLINE) | [:closed_book:](../../blob/master//2013/2013.Deep.Panda)
-* ??? ?? - [[Fireeye] OPERATION SAFFRON ROSE](https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-operation-saffron-rose.pdf) | [:closed_book:](../../blob/master/2013/2013.OPERATION_SAFFRON_ROSE)
+* XXX XX - [[CrowdStrike] Deep Panda](http://www.crowdstrike.com/sites/default/files/AdversaryIntelligenceReport_DeepPanda_0.pdf) | [:closed_book:](../../blob/master/2013/2013.00.00.Deep.Panda)
+* XXX XX - [[CISAK] Dark Seoul Cyber Attack: Could it be worse?](http://cisak.perpika.kr/2013/wp-content/uploads/2013/06/Accepted-Papers.xlsx) | [:closed_book:](../../blob/master/2013/2013.00.00.Dark_Seoul_Cyber_Attack)
+* XXX XX - [[Fireeye] OPERATION SAFFRON ROSE](https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-operation-saffron-rose.pdf) | [:closed_book:](../../blob/master/2013/2013.00.00.OPERATION_SAFFRON_ROSE)
 * Dec 20 - [ETSO APT Attacks Analysis](http://image.ahnlab.com/global/upload/download/documents/1401223631603288.pdf) | [:closed_book:](../../blob/master/2013/2013.12.20.ETSO)
 * Dec 12 - [[FireEye] Operation Ke3chang: Targeted Attacks Against Ministries of Foreign Affairs](https://www.fireeye.com/blog/executive-perspective/2013/12/operation-ke3chang-targeted-attacks-against-ministries-of-foreign-affairs.html) | [:closed_book:](../../blob/master/2013/2013.12.12.Operation_Ke3chang)
-* Dec 11 - [Operation "Ke3chang"](http://www.fireeye.com/resources/pdfs/FireEye-operation-ke3chang.pdf)
-* Dec 02 - [njRAT, The Saga Continues](http://www.fidelissecurity.com/files/files/FTA%201010%20-%20njRAT%20The%20Saga%20Continues.pdf)
-* Nov 11 - [[FireEye] Supply Chain Analysis](http://www.fireeye.com/resources/pdfs/FireEye-malware-supply-chain.pdf)
-* Nov 10 - [[FireEye] Operation Ephemeral Hydra: IE Zero-Day Linked to DeputyDog Uses Diskless Method](http://www.fireeye.com/blog/technical/cyber-exploits/2013/11/operation-ephemeral-hydra-ie-zero-day-linked-to-deputydog-uses-diskless-method.html)
-* Oct 24 - [[FireEye] Terminator RAT](https://www.fireeye.com/blog/threat-research/2013/10/evasive-tactics-terminator-rat.html) or [FakeM RAT](http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-fakem-rat.pdf) | [:closed_book:](../../blob/master//2013/2013.10.24)
-* Sep 30 - [[FireEye] World War C: State of affairs in the APT world](https://www.fireeye.com/blog/threat-research/2013/09/new-FireEye-report-world-war-c.html)
-* Sep 25 - [The 'ICEFROG' APT: A Tale of cloak and three daggers](http://www.securelist.com/en/downloads/vlpdfs/icefog.pdf) | [:closed_book:](../../blob/master//2013/2013.09.25.ICEFROG_APT)
-* Sep 17 - [Hidden Lynx - Professional Hackers for Hire](http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/hidden_lynx.pdf) | [:closed_book:](../../blob/master//2013/2013.09.17.Hidden_Lynx)
-* Sep 13 - [Operation DeputyDog: Zero-Day (CVE-2013-3893) Attack Against Japanese Targets](http://www.fireeye.com/blog/technical/cyber-exploits/2013/09/operation-deputydog-zero-day-cve-2013-3893-attack-against-japanese-targets.html)
-* Sep 11 - [The "Kimsuky" Operation](https://securelist.com/analysis/57915/the-kimsuky-operation-a-north-korean-apt/)
-* Sep 06 - [Evasive Tactics: Taidoor](https://www.fireeye.com/blog/threat-research/2013/09/evasive-tactics-taidoor-3.html) | [:closed_book:](../../blob/master//2013/2013.09.06.EvasiveTactics_Taidoor)
-* Sep ?? - [Feature: EvilGrab Campaign Targets Diplomatic Agencies](http://about-threats.trendmicro.com/cloud-content/us/ent-primers/pdf/2q-report-on-targeted-attack-campaigns.pdf)
-* Aug 23 - [Operation Molerats: Middle East Cyber Attacks Using Poison Ivy](http://www.fireeye.com/blog/technical/2013/08/operation-molerats-middle-east-cyber-attacks-using-poison-ivy.html)
-* Aug 21 - [POISON IVY: Assessing Damage and Extracting Intelligence](http://www.fireeye.com/resources/pdfs/FireEye-poison-ivy-report.pdf)
-* Aug 19 - [ByeBye Shell and the targeting of Pakistan](https://community.rapid7.com/community/infosec/blog/2013/08/19/byebye-and-the-targeting-of-pakistan)
-* Aug 02 - [Surtr: Malware Family Targeting the Tibetan Community](https://citizenlab.org/2013/08/surtr-malware-family-targeting-the-tibetan-community/)
-* Aug 02 - [Where There is Smoke, There is Fire: South Asian Cyber Espionage Heats Up](http://www.threatconnect.com/news/where-there-is-smoke-there-is-fire-south-asian-cyber-espionage-heats-up/)
-* Aug ?? - [APT Attacks on Indian Cyber Space](http://g0s.org/wp-content/uploads/2013/downloads/Inside_Report_by_Infosec_Consortium.pdf)
-* Aug ?? - [Operation Hangover - Unveiling an Indian Cyberattack Infrastructure](http://normanshark.com/wp-content/uploads/2013/08/NS-Unveiling-an-Indian-Cyberattack-Infrastructure_FINAL_Web.pdf)
-* Jul 31 - [Blackhat: In-Depth Analysis of Escalated APT Attacks (Lstudio,Elirks)](https://media.blackhat.com/us-13/US-13-Yarochkin-In-Depth-Analysis-of-Escalated-APT-Attacks-Slides.pdf), [video](https://www.youtube.com/watch?v=SoFVRsvh8s0)
-* Jul 31 - [Secrets of the Comfoo Masters](http://www.secureworks.com/cyber-threat-intelligence/threats/secrets-of-the-comfoo-masters/)
-* Jul 15 - [PlugX revisited: "Smoaler"](http://sophosnews.files.wordpress.com/2013/07/sophosszappanosplugxrevisitedintroducingsmoaler-rev1.pdf)
-* Jul 09 - [Dark Seoul Cyber Attack: Could it be worse?](http://cisak.perpika.kr/wp-content/uploads/2013/07/2013-08.pdf)
-* Jun 30 - [Targeted Campaign Steals Credentials in Gulf States and Caribbean](https://blogs.mcafee.com/mcafee-labs/targeted-campaign-steals-credentials-in-gulf-states-and-caribbean)
-* Jun 28 - [njRAT Uncovered](http://threatgeek.typepad.com/files/fta-1009---njrat-uncovered-1.pdf) | [:closed_book:](../../blob/master//2013/2013.06.28.njRAT_Uncovered)
+* Dec 02 - [[Fidelis] njRAT, The Saga Continues](http://www.fidelissecurity.com/files/files/FTA%201010%20-%20njRAT%20The%20Saga%20Continues.pdf) | [:closed_book:](../../blob/master/2013/2013.12.02.njRAT_Saga_Continues)
+* Nov 10 - [[FireEye] Operation Ephemeral Hydra: IE Zero-Day Linked to DeputyDog Uses Diskless Method](http://www.fireeye.com/blog/technical/cyber-exploits/2013/11/operation-ephemeral-hydra-ie-zero-day-linked-to-deputydog-uses-diskless-method.html) | [:closed_book:](../../blob/master/2013/2013.11.10.Operation_Ephemeral_Hydra)
+* Oct 25 - [[FireEye] Evasive Tactics: Terminator RAT](https://www.fireeye.com/blog/threat-research/2013/10/evasive-tactics-terminator-rat.html) | [:closed_book:](../../blob/master/2013/2013.10.25.Terminator_RAT)
+* Oct 24 - [[Trend Micro] FakeM RAT](http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-fakem-rat.pdf) | [:closed_book:](../../blob/master/2013/2013.10.24.FakeM_RAT)
+* Sep 25 - [[Kaspersky] The 'ICEFROG' APT: A Tale of cloak and three daggers](http://www.securelist.com/en/downloads/vlpdfs/icefog.pdf) | [:closed_book:](../../blob/master//2013/2013.09.25.ICEFROG_APT)
+* Sep 21 - [[FireEye] Operation DeputyDog: Zero-Day (CVE-2013-3893) Attack Against Japanese Targets](https://www.fireeye.com/blog/threat-research/2013/09/operation-deputydog-zero-day-cve-2013-3893-attack-against-japanese-targets.html) | [:closed_book:](../../blob/master/2013/2013.09.21.Operation_DeputyDog)
+* Sep 19 - [[Trend Micro] 2Q 2013 Report on Targeted Attack Campaigns: A Look Into EvilGrab](https://www.trendmicro.tw/vinfo/hk/security/news/cyber-attacks/2q-2013-report-on-targeted-attack-campaigns-a-look-into-evilgrab) | [:closed_book:](../../blob/master/2013/2013.09.19.EvilGrab)
+* Sep 17 - [[Symantec] Hidden Lynx - Professional Hackers for Hire](http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/hidden_lynx.pdf) | [:closed_book:](../../blob/master/2013/2013.09.17.Hidden_Lynx)
+* Sep 11 - [[Kaspersky] The "Kimsuky" Operation](https://securelist.com/analysis/57915/the-kimsuky-operation-a-north-korean-apt/) | [:closed_book:](../../blob/master/2013/2013.09.11.Kimsuky_Operation)
+* Sep 06 - [[FireEye] Evasive Tactics: Taidoor](https://www.fireeye.com/blog/threat-research/2013/09/evasive-tactics-taidoor-3.html) | [:closed_book:](../../blob/master/2013/2013.09.06.EvasiveTactics_Taidoor)
+* Aug 23 - [[FireEye] Operation Molerats: Middle East Cyber Attacks Using Poison Ivy](http://www.fireeye.com/blog/technical/2013/08/operation-molerats-middle-east-cyber-attacks-using-poison-ivy.html) | [:closed_book:](../../blob/master/2013/2013.08.23.Operation_Molerats)
+* Aug 21 - [[FireEye] POISON IVY: Assessing Damage and Extracting Intelligence](http://www.fireeye.com/resources/pdfs/FireEye-poison-ivy-report.pdf) | [:closed_book:](../../blob/master/2013/2013.08.21.POISON_IVY)
+* Aug 19 - [[Rapid7] ByeBye Shell and the targeting of Pakistan](https://community.rapid7.com/community/infosec/blog/2013/08/19/byebye-and-the-targeting-of-pakistan) | [:closed_book:](../../blob/master/2013/2013.08.19.ByeBye_Shell)
+* Aug 02 - [[CitizenLab] Surtr: Malware Family Targeting the Tibetan Community](https://citizenlab.org/2013/08/surtr-malware-family-targeting-the-tibetan-community/) | [:closed_book:](../../blob/master/2013/2013.08.02.Surtr_Targeting_Tibetan)
+* Aug 02 - [[ThreatConnect] Where There is Smoke, There is Fire: South Asian Cyber Espionage Heats Up](http://www.threatconnect.com/news/where-there-is-smoke-there-is-fire-south-asian-cyber-espionage-heats-up/) | [:closed_book:](../../blob/master/2013/2013.08.02.Smoke_Fire_South_Asian_Cyber_Espionage)
+* Jul 31 - [[BlackHat] Hunting the Shadows: In Depth Analysis of Escalated APT Attacks](https://media.blackhat.com/us-13/US-13-Yarochkin-In-Depth-Analysis-of-Escalated-APT-Attacks-Slides.pdf) | [:closed_book:](../../blob/master/2013/2013.07.31.Hunting_the_Shadows)
+* Jul 31 - [[Dell] Secrets of the Comfoo Masters](http://www.secureworks.com/cyber-threat-intelligence/threats/secrets-of-the-comfoo-masters/) | [:closed_book:](../../blob/master/2013/2013.07.31.ecrets_of_the_Comfoo_Masters)
+* Jul 15 - [[Sophos] The PlugX malware revisited:
+introducing “Smoaler”](http://sophosnews.files.wordpress.com/2013/07/sophosszappanosplugxrevisitedintroducingsmoaler-rev1.pdf) | [:closed_book:](../../blob/master/2013/2013.07.15.PlugX_Smoaler)
+* Jul 01 - [[McAfee] Targeted Campaign Steals Credentials in Gulf States and Caribbean](hhttps://www.kashifali.ca/2013/07/01/targeted-campaign-steals-credentials-in-gulf-states-and-caribbean/) | [:closed_book:](../../blob/master/2013/2013.07.01.Gulf_States_APT)
+* Jun 28 - [[ThreatGeek] njRAT Uncovered](http://threatgeek.typepad.com/files/fta-1009---njrat-uncovered-1.pdf) | [:closed_book:](../../blob/master//2013/2013.06.28.njRAT_Uncovered)
 * Jun 21 - [[Citizen Lab] A Call to Harm: New Malware Attacks Target the Syrian Opposition](https://citizenlab.org/wp-content/uploads/2013/07/19-2013-acalltoharm.pdf) | [:closed_book:](../../blob/master/2013/2013.06.21.Syrian_Attack)
 * Jun 18 - [[FireEye] Trojan.APT.Seinup Hitting ASEAN](http://www.fireeye.com/blog/technical/malware-research/2013/06/trojan-apt-seinup-hitting-asean.html) | [:closed_book:](../../blob/master/2013/2013.06.18.APT_Seinup)
 * Jun 07 - [[Rapid7] KeyBoy, Targeted Attacks against Vietnam and India](https://community.rapid7.com/community/infosec/blog/2013/06/07/keyboy-targeted-attacks-against-vietnam-and-india) | [:closed_book:](../../blob/master/2013/2013.06.07.KeyBoy_APT)
 * Jun 04 - [[Kaspersky] The NetTraveller (aka 'Travnet')](http://www.securelist.com/en/downloads/vlpdfs/kaspersky-the-net-traveler-part1-final.pdf) | [:closed_book:](../../blob/master/2013/2013.06.04.NetTraveller)
 * Jun 01 - [[Purdue] Crude Faux: An analysis of cyber conflict within the oil & gas industries](https://www.cerias.purdue.edu/assets/pdf/bibtex_archive/2013-9.pdf) | [:closed_book:](../../blob/master/2013/2013.06.01.cyber_conflict_Oil_Gas)
-* Jun ?? - [[BlueCoat] The Chinese Malware Complexes: The Maudi Surveillance Operation](https://bluecoat.com/documents/download/2c832f0f-45d2-4145-bdb7-70fc78c22b0f&ei=ZGP-VMCbMsuxggSThYDgDg&usg=AFQjCNFjXSkn_AIiXge1X9oWZHzQOiNDJw&sig2=B6e2is0sCnGEbLPL9q0eZg&bvm=bv.87611401,d.eXY) | [:closed_book:](../../blob/master/2013/2013.06.00.Maudi_Surveillance_Operation)
+* Jun XX - [[BlueCoat] The Chinese Malware Complexes: The Maudi Surveillance Operation](https://bluecoat.com/documents/download/2c832f0f-45d2-4145-bdb7-70fc78c22b0f&ei=ZGP-VMCbMsuxggSThYDgDg&usg=AFQjCNFjXSkn_AIiXge1X9oWZHzQOiNDJw&sig2=B6e2is0sCnGEbLPL9q0eZg&bvm=bv.87611401,d.eXY) | [:closed_book:](../../blob/master/2013/2013.06.00.Maudi_Surveillance_Operation)
 * May 30 - [[CIRCL] TR-14 - Analysis of a stage 3 Miniduke malware sample](http://www.circl.lu/pub/tr-14/) | [:closed_book:](../../blob/master/2013/2013.05.20.Miniduke.Analysis)
 * May 20 - [[Norman] OPERATION HANGOVER: Unveiling an Indian Cyberattack Infrastructure](http://www.thecre.com/fnews/wp-content/uploads/2013/05/Unveiling_an_Indian_Cyberattack_Infrastructure.pdf) | [:closed_book:](../../blob/master/2013/2013.05.20.Operation_Hangover)
 * May 16 - [[ESET] Targeted information stealing attacks in South Asia use email, signed binaries](https://www.welivesecurity.com/2013/05/16/targeted-threat-pakistan-india/) | [:closed_book:](../../blob/master/2013/2013.05.16.targeted-threat-pakistan-india)
@ -1108,7 +1106,7 @@ APT28 group](http://csecybsec.com/download/zlab/20180713_CSE_APT28_X-Agent_Op-Ro
 * Feb 12 - [[AIT] Targeted cyber attacks: examples and challenges ahead](http://www.ait.ac.at/uploads/media/Presentation_Targeted-Attacks_EN.pdf) | [:closed_book:](../../blob/master/2013/2013.02.12.Targeted-Attacks)
 * Jan 18 - [[McAfee] Operation Red October](https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/24000/PD24250/en_US/McAfee_Labs_Threat_Advisory_Exploit_Operation_Red_Oct.pdf) | [:closed_book:](../../blob/master/2013/2013.01.18.Operation_Red_Oct)
 * Jan 14 - [[Kaspersky] The Red October Campaign](https://securelist.com/blog/incidents/57647/the-red-october-campaign) | [:closed_book:](../../blob/master/2013/2013.01.14.Red_October_Campaign)
-* Jan 02 - [[FireEye] SUPPLY CHAIN ANALYSIS: From Quartermaster to SunshopFireEye](https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-malware-supply-chain.pdf) | [:closed_book:](../../blob/master/2013/2013.01.12.SUPPLY_CHAIN_ANALYSIS)
+* Jan 02 - [[FireEye] SUPPLY CHAIN ANALYSIS: From Quartermaster to SunshopFireEye](https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-malware-supply-chain.pdf) | [:closed_book:](../../blob/master/2013/2013.01.02.SUPPLY_CHAIN_ANALYSIS)

 ## 2012
 * Nov ?? - [[KrebsonSecurity] "Wicked Rose" and the NCPH Hacking Group](https://krebsonsecurity.com/wp-content/uploads/2012/11/WickedRose_andNCPH.pdf) | [:closed_book:](../../blob/master/2012/2012.11.00_Wicked_Rose)
@ -1122,6 +1120,7 @@ APT28 group](http://csecybsec.com/download/zlab/20180713_CSE_APT28_X-Agent_Op-Ro
 * Sep 12 - [[RSA] The VOHO Campaign: An in depth analysis](http://blogsdev.rsa.com/wp-content/uploads/VOHO_WP_FINAL_READY-FOR-Publication-09242012_AC.pdf) | [:closed_book:](../../blob/master/2012/2012.09.12.VOHO_Campaign)
 * Sep 07 - [[Citizen lab] IEXPLORE RAT](https://citizenlab.org/wp-content/uploads/2012/09/IEXPL0RE_RAT.pdf) | [:closed_book:](../../blob/master/2012/2012.09.07.IEXPLORE_RAT)
 * Sep 06 - [[Symantec] The Elderwood Project](http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-elderwood-project.pdf)  | [:closed_book:](../../blob/master/2012/2012.09.06.Elderwood)
+* Aug 19 - [[Rapid7] ByeBye Shell and the targeting of Pakistan](https://blog.rapid7.com/2013/08/19/byebye-and-the-targeting-of-pakistan/) | [:closed_book:](../../blob/master/2012/2012.08.19.ByeBye_Shell)
 * Aug 18 - [[Trend Micro] The Taidoor Campaign AN IN-DEPTH ANALYSIS ](http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_the_taidoor_campaign.pdf) | [:closed_book:](../../blob/master/2012/2012.08.18.Taidoor_Campaign)
 * Aug 09 - [[Kaspersky] Gauss: Abnormal Distribution](http://kasperskycontenthub.com/wp-content/uploads/sites/43/vlpdfs/kaspersky-lab-gauss.pdf) | [:closed_book:](../../blob/master/2012/2012.08.09.Gauss)
 * Jul 27 - [[Kaspersky] The Madi Campaign](https://securelist.com/analysis/36609/the-madi-infostealers-a-detailed-analysis/) | [:closed_book:](../../blob/master/2012/2012.07.27.Madi_Campaign)