Merge branch 'master' into master

2024-06-28 09:51:38 +00:00 · 2020-11-27 17:40:00 +08:00 · 2020-11-27 17:40:00 +08:00 · 8aa0ec95fe
commit 8aa0ec95fe
parent d616e23055 2dc329674a
4 changed files with 2 additions and 0 deletions
--- a/2020/2020.08.24_DeathStalker/Lifting
+++ b/2020/2020.08.24_DeathStalker/Lifting
--- a/2020/2020.10.26.ShadowPad_APT_backdoor_PlugX/Study_of_the_ShadowPad_APT_backdoor_and_its_relation_to_PlugX_en
+++ b/2020/2020.10.26.ShadowPad_APT_backdoor_PlugX/Study_of_the_ShadowPad_APT_backdoor_and_its_relation_to_PlugX_en
--- a/2020/2020.11.23.Clop_Campaign/[S2W
+++ b/2020/2020.11.23.Clop_Campaign/[S2W
--- a/README.md
+++ b/README.md
@ -43,6 +43,7 @@ Please fire issue to me if any lost APT/Malware events/campaigns.
 * Nov 01 - [[Cyberstanc] A look into APT36's (Transparent Tribe) tradecraft](https://cyberstanc.com/blog/a-look-into-apt36-transparent-tribe/) | [:closed_book:](../../blob/master/2020/2020.11.01.Transparent_Tribe_APT)
 * Oct 27 - [[US-CERT] North Korean Advanced Persistent Threat
 Focus: Kimsuky](https://us-cert.cisa.gov/sites/default/files/publications/TLP-WHITE_AA20-301A_North_Korean_APT_Focus_Kimsuky.pdf) | [:closed_book:](../../blob/master/2020/2020.10.27_AA20-301A.North_Korean_APT)
+* Oct 26 - [[DrWeb] Study of the ShadowPad APT backdoor and its relation to PlugX](https://news.drweb.com/show/?i=14048&lng=en) | [:closed_book:](../../blob/master/2020/2020.10.26.ShadowPad_APT_backdoor_PlugX)
 * Oct 23 - [[360] APT-C-44 NAFox](https://blogs.360.cn/post/APT-C-44.html) | [:closed_book:](../../blob/master/2020/2020.10.23.APT-C-44_NAFox)
 * Oct 22 - [[WeiXin] Bitter CHM](https://mp.weixin.qq.com/s/9O4nZV-LNHuBy2ihg2XeIw) | [:closed_book:](../../blob/master/2020/2020.10.22.Bitter_CHM_APT)
 * Oct 19 - [[TrendMicro] Operation Earth Kitsune: Tracking SLUB’s Current Operations](https://www.trendmicro.com/vinfo/hk-en/security/news/cyber-attacks/operation-earth-kitsune-tracking-slub-s-current-operations) | [:closed_book:](../../blob/master/2020/2020.10.19_-_Operation_Earth_Kitsune_-_Tracking_SLUBs_current_operations/2020.10.19_-_Operation_Earth_Kitsune_-_Tracking_SLUBs_current_operations.pdf)
@ -66,6 +67,7 @@ Focus: Kimsuky](https://us-cert.cisa.gov/sites/default/files/publications/TLP-WH
 * Sep 01 - [[proofpoint] Chinese APT TA413 Resumes Targeting of Tibet Following COVID-19 Themed Economic Espionage Campaign Delivering Sepulcher Malware Targeting Europe](https://www.proofpoint.com/us/blog/threat-insight/chinese-apt-ta413-resumes-targeting-tibet-following-covid-19-themed-economic) | [:closed_book:](../../blob/master/2020/2020.09.01.Chinese_APT_TA413)
 * Aug 27 - [[ClearSky] The Kittens Are Back in Town 3](https://www.clearskysec.com/the-kittens-are-back-in-town-3/) | [:closed_book:](../../blob/master/2020/2020.08.27.Kittens_Are_Back)
 * Aug 28 - [[Kaspersky] Transparent Tribe: Evolution analysis, part 2](https://securelist.com/transparent-tribe-part-2/98233/) | [:closed_book:](../../blob/master/2020/2020.08.28_Transparent_Tribe)
+* Aug 24 - [[Kaspersky] Lifting the veil on DeathStalker, a mercenary triumvirate](https://securelist.com/deathstalker-mercenary-triumvirate/98177/) | [:closed_book:](../../blob/master/2020/2020.08.24_DeathStalker)
 * Aug 20 - [[CertFR] DEVELOPMENT OF THE ACTIVITY OF THE TA505 CYBERCRIMINAL GROUP](https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-009.pdf) | [:closed_book:](../../blob/master/2020/2020.08.20_DEVELOPMENT_TA505)
 * Aug 20 - [[Bitdefender] More Evidence of APT Hackers-for-Hire Used for Industrial Espionage](https://labs.bitdefender.com/2020/08/apt-hackers-for-hire-used-for-industrial-espionage/) | [:closed_book:](../../blob/master/2020/2020.08.20_APT_Hackers_for_Hire)
 * Aug 18 - [[F-Secure] LAZARUS GROUP CAMPAIGN TARGETING THE CRYPTOCURRENCY VERTICAL](https://labs.f-secure.com/assets/BlogFiles/f-secureLABS-tlp-white-lazarus-threat-intel-report2.pdf) | [:closed_book:](../../blob/master/2020/2020.08.18.LAZARUS_GROUP)