diff --git a/2017/2017.10.24.greenbug/Greenbug.pdf b/2017/2017.10.24.greenbug/Greenbug.pdf new file mode 100644 index 0000000..147168a Binary files /dev/null and b/2017/2017.10.24.greenbug/Greenbug.pdf differ diff --git a/README.md b/README.md index 5326608..b9db72f 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,7 @@ Please fire issue to me if any lost of APT/Malware events/campaigns. * [targetedthreats](https://github.com/botherder/targetedthreats/wiki/Reports) ## 2017 +* Oct 24 - [[ClearSky] Iranian Threat Agent Greenbug Impersonates Israeli High-Tech and Cyber Security Companies](http://www.clearskysec.com/greenbug/) | [Local](../../blob/master/2017/2017.10.02.Aurora_Operation_CCleaner_II) * Oct 16 - [[BAE Systems] Taiwan Heist: Lazarus Tools And Ransomware](https://baesystemsai.blogspot.kr/2017/10/taiwan-heist-lazarus-tools.html) | [Local](../../blob/master/2017/2017.10.16.BlackOasis_APT) * Oct 16 - [[Kaspersky] BlackOasis APT and new targeted attacks leveraging zero-day exploit](https://securelist.com/blackoasis-apt-and-new-targeted-attacks-leveraging-zero-day-exploit/82732/) | [Local](../../blob/master/2017/2017.10.16.Taiwan-Heist) * Oct 02 - [[intezer] Evidence Aurora Operation Still Active Part 2: More Ties Uncovered Between CCleaner Hack & Chinese Hackers]() | [Local](../../blob/master/2017/2017.10.02.Aurora_Operation_CCleaner_II) @@ -29,7 +30,7 @@ Please fire issue to me if any lost of APT/Malware events/campaigns. * Aug 01 - [[Positive Research] Cobalt strikes back: an evolving multinational threat to finance](http://blog.ptsecurity.com/2017/08/cobalt-group-2017-cobalt-strikes-back.html) | [Local](../../blob/master/2017/2017.08.01.cobalt-group-2017-cobalt-strikes-back) * Jul 27 - [[Trend Micro] ChessMaster Makes its Move: A Look into the Campaign’s Cyberespionage Arsenal](http://blog.trendmicro.com/trendlabs-security-intelligence/chessmaster-cyber-espionage-campaign/) | [Local](../../blob/master/2017/2017.07.27.chessmaster-cyber-espionage-campaign) * Jul 27 - [[Palo Alto Networks] OilRig Uses ISMDoor Variant; Possibly Linked to Greenbug Threat Group](https://researchcenter.paloaltonetworks.com/2017/07/unit42-oilrig-uses-ismdoor-variant-possibly-linked-greenbug-threat-group/) | [Local](../../blob/master/2017/2017.07.27.oilrig-uses-ismdoor-variant-possibly-linked-greenbug-threat-group) -* Jul 27 - [Operation Wilted Tulip](http://www.clearskysec.com/wp-content/uploads/2017/07/Operation_Wilted_Tulip.pdf) | [Local](../../blob/master/2017/2017.07.27.Operation_Wilted_Tulip) +* Jul 27 - [[Clearsky, TrendMicro] Operation Wilted Tulip](http://www.clearskysec.com/wp-content/uploads/2017/07/Operation_Wilted_Tulip.pdf) | [Local](../../blob/master/2017/2017.07.27.Operation_Wilted_Tulip) * Jul 24 - [“Tick” Group Continues Attacks](https://researchcenter.paloaltonetworks.com/2017/07/unit42-tick-group-continues-attacks/) | [Local](../../blob/master/2017/2017.07.24.Tick_group) * Jul 18 - [Recent Winnti Infrastructure and Samples](http://www.clearskysec.com/winnti/) | [Local](../../blob/master/2017/2017.07.18.winnti) * Jul 11 - [Winnti Evolution - Going Open Source](https://www.protectwise.com/blog/winnti-evolution-going-open-source.html) | [Local](../../blob/master/2017/2017.07.11.winnti-evolution-going-open-source)