Mirrors
/
APT_CyberCriminal_Campagin_Collections
mirror of https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections
6
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix

This commit is contained in:
cybermonitor 2020-12-23 12:25:06 +08:00
parent 5a9380dcd7
commit a114329bb8
17 changed files with 23 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
2014/The_Monju_Incident.pdf → 2014/2014.02.19.Monju_Incident/The_Monju_Incident.pdf
View File

0
2014/XtremeRAT_fireeye.pdf → 2014/2014.02.19.XtremeRAT/XtremeRAT_fireeye.pdf
View File

0
2014/fireeye-operation-saffron-rose.pdf → 2014/2014.05.13.Operation_Saffron_Rose/fireeye-operation-saffron-rose.pdf
View File

0
2014/circl-tr25-analysis-turla-pfinet-snake-uroburos.pdf → 2014/2014.07.10.Turla_Pfinet_Snake_Uroburos/circl-tr25-analysis-turla-pfinet-snake-uroburos.pdf
View File

0
2014/TrapX_ZOMBIE_Report_Final.pdf → 2014/2014.07.10.Zombie_Zero/TrapX_ZOMBIE_Report_Final.pdf
View File

0
2014/fireeye-sidewinder-targeted-attack.pdf → 2014/2014.08.04.Sidewinder_GoldenAge/fireeye-sidewinder-targeted-attack.pdf
View File

0
2014/ThreatConnect_Operation_Arachnophobia_Report.pdf → 2014/2014.08.05.Operation_Arachnophobia/ThreatConnect_Operation_Arachnophobia_Report.pdf
View File

0
2014/The_Epic_Turla_Operation.pdf → 2014/2014.08.07.Epic_Turla_Operation_Appendix/The_Epic_Turla_Operation.pdf
View File

0
2014/XSLCmd_OSX.pdf → 2014/2014.09.04.XSLCmd_OSX/XSLCmd_OSX.pdf
View File

0
2014/fireeye-operation-quantum-entanglement.pdf → 2014/2014.09.10.Operation_Quantum_Entanglement/fireeye-operation-quantum-entanglement.pdf
View File

0
2014/cosmicduke_whitepaper.pdf → 2014/2014.09.18.COSMICDUKE/cosmicduke_whitepaper.pdf
View File

0
2014/blackenergy_whitepaper.pdf → 2014/2014.09.26.BlackEnergy_Quedagh/blackenergy_whitepaper.pdf
View File

0
2014/ZoxPNG_Full_Analysis-Final.pdf → 2014/2014.10.14.ZoxPNG/ZoxPNG_Full_Analysis-Final.pdf
View File

0
2014/apt28.pdf → 2014/2014.10.28.APT28/apt28.pdf
View File

0
2014/The_Uroburos_case.pdf → 2014/2014.11.11.ComRAT/The_Uroburos_case.pdf
View File

0
2014/Turla_2_Penquin.pdf → 2014/2014.12.08.Penquin_Turla/Turla_2_Penquin.pdf
View File

46
README.md
View File

@ -948,8 +948,8 @@ APT28 group](http://csecybsec.com/download/zlab/20180713_CSE_APT28_X-Agent_Op-Ro
* Dec 10 - [[F-Secure] W64/Regin, Stage #1](https://www.f-secure.com/documents/996508/1030745/w64_regin_stage_1.pdf) | [:closed_book:](../../blob/master/2014/2014.12.10.W64_Regin)
* Dec 10 - [[F-Secure] W32/Regin, Stage #1](https://www.f-secure.com/documents/996508/1030745/w32_regin_stage_1.pdf) | [:closed_book:](../../blob/master/2014/2014.12.10_W32_Regin)
* Dec 10 - [Cloud Atlas: RedOctober APT](http://securelist.com/blog/research/68083/cloud-atlas-redoctober-apt-is-back-in-style/)
* Dec 09 - [[BlueCoat] The Inception Framework](https://www.bluecoat.com/security-blog/2014-12-09/blue-coat-exposes-%E2%80%9C-inception-framework%E2%80%9D-very-sophisticated-layered-malware) | [:closed_book:](../../blob/master//2014/2014.12.09_The_Inception_Framework)
* Dec 08 - [The 'Penquin' Turla](http://securelist.com/blog/research/67962/the-penquin-turla-2/)
* Dec 09 - [[BlueCoat] The Inception Framework](https://www.bluecoat.com/security-blog/2014-12-09/blue-coat-exposes-%E2%80%9C-inception-framework%E2%80%9D-very-sophisticated-layered-malware) | [:closed_book:](../../blob/master/2014/2014.12.09_The_Inception_Framework)
* Dec 08 - [[Kaspersky] The 'Penquin' Turla](http://securelist.com/blog/research/67962/the-penquin-turla-2/) | [:closed_book:](../../blob/master/2014/2014.12.08.Penquin_Turla)
* Dec 03 - [[Cylance] Operation Cleaver: The Notepad Files](http://blog.cylance.com/operation-cleaver-the-notepad-files) | [:closed_book:](../../blob/master/2014/2014.12.03_operation-cleaver-the-notepad-files)
* Dec 02 - [Operation Cleaver](http://cdn2.hubspot.net/hubfs/270968/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf) | [IOCs](http://www.cylance.com/assets/Cleaver/cleaver.yar) | [:closed_book:](../../blob/master//2014/2014.12.02.Operation_Cleaver)
* Nov 30 - [[FireEye] FIN4: Stealing Insider Information for an Advantage in Stock Trading?](https://www.fireeye.com/blog/threat-research/2014/11/fin4_stealing_insid.html) | [:closed_book:](../../blob/master/2014/2014.11.30.FIN4)
@ -959,18 +959,18 @@ APT28 group](http://csecybsec.com/download/zlab/20180713_CSE_APT28_X-Agent_Op-Ro
* Nov 24 - [[Symantec] Regin: Top-tier espionage tool enables stealthy surveillance](http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance) | [:closed_book:](../../blob/master/2014/2014.11.24.Regin_Top-tier_espionage)
* Nov 21 - [[FireEye] Operation Double Tap](https://www.fireeye.com/blog/threat-research/2014/11/operation_doubletap.html) | [IOCs](https://github.com/FireEye/iocs/tree/master/APT3) | [:closed_book:](../../blob/master//2014/2014.11.21.Operation_Double_Tap)
* Nov 20 - [[] EvilBunny: Suspect #4](http://0x1338.blogspot.co.uk/2014/11/hunting-bunnies.html) | [:closed_book:](../../blob/master//2014/2014.11.20.EvilBunny)
* Nov 14 - [[] Roaming Tiger (Slides)](http://2014.zeronights.ru/assets/files/slides/roaming_tiger_zeronights_2014.pdf) | [:closed_book:](../../blob/master//2014/2014.11.14.Roaming_Tiger)
* Nov 14 - [[F-Secure] OnionDuke: APT Attacks Via the Tor Network](http://www.f-secure.com/weblog/archives/00002764.html) | [:closed_book:](../../blob/master//2014/2014.11.14.OnionDuke)
* Nov 13 - [[Symantec] Operation CloudyOmega: Ichitaro 0-day targeting Japan](http://www.symantec.com/connect/blogs/operation-cloudyomega-ichitaro-zero-day-and-ongoing-cyberespionage-campaign-targeting-japan) | [:closed_book:](../../blob/master//2014/2014.11.13.Operation_CloudyOmega)
* Nov 14 - [[] Roaming Tiger (Slides)](http://2014.zeronights.ru/assets/files/slides/roaming_tiger_zeronights_2014.pdf) | [:closed_book:](../../blob/master/2014/2014.11.14.Roaming_Tiger)
* Nov 14 - [[F-Secure] OnionDuke: APT Attacks Via the Tor Network](http://www.f-secure.com/weblog/archives/00002764.html) | [:closed_book:](../../blob/master/2014/2014.11.14.OnionDuke)
* Nov 13 - [[Symantec] Operation CloudyOmega: Ichitaro 0-day targeting Japan](http://www.symantec.com/connect/blogs/operation-cloudyomega-ichitaro-zero-day-and-ongoing-cyberespionage-campaign-targeting-japan) | [:closed_book:](../../blob/master/2014/2014.11.13.Operation_CloudyOmega)
* Nov 12 - [[ESET] Korplug military targeted attacks: Afghanistan & Tajikistan](http://www.welivesecurity.com/2014/11/12/korplug-military-targeted-attacks-afghanistan-tajikistan/)
* Nov 11 - [The Uroburos case- Agent.BTZs successor, ComRAT](http://blog.gdatasoftware.com/blog/article/the-uroburos-case-new-sophisticated-rat-identified.html)
* Nov 11 - [[GDATA] The Uroburos case- Agent.BTZs successor, ComRAT](http://blog.gdatasoftware.com/blog/article/the-uroburos-case-new-sophisticated-rat-identified.html) | [:closed_book:](../../blob/master/2014/2014.11.11.ComRAT)
* Nov 10 - [[Kaspersky] The Darkhotel APT - A Story of Unusual Hospitality](https://securelist.com/blog/research/66779/the-darkhotel-apt/) | [:closed_book:](../../blob/master/2014/2014.11.10.Darkhotel)
* Nov 03 - [Operation Poisoned Handover: Unveiling Ties Between APT Activity in Hong Kongs Pro-Democracy Movement](http://www.fireeye.com/blog/technical/2014/11/operation-poisoned-handover-unveiling-ties-between-apt-activity-in-hong-kongs-pro-democracy-movement.html)
* Nov 03 - [New observations on BlackEnergy2 APT activity](https://securelist.com/blog/research/67353/be2-custom-plugins-router-abuse-and-target-profiles/)
* Oct 31 - [Operation TooHash](https://blog.gdatasoftware.com/blog/article/operation-toohash-how-targeted-attacks-work.html)
* Oct 30 - [[Sophos] The Rotten Tomato Campaign](http://blogs.sophos.com/2014/10/30/the-rotten-tomato-campaign-new-sophoslabs-research-on-apts/) | [:closed_book:](../../blob/master/2014/2014.10.30.Rotten_Tomato_Campaign)
* Oct 28 - [Group 72, Opening the ZxShell](http://blogs.cisco.com/talos/opening-zxshell/)
* Oct 28 - [APT28 - A Window Into Russia's Cyber Espionage Operations](https://www.fireeye.com/resources/pdfs/apt28.pdf)
* Oct 28 - [[FireEye] APT28 - A Window Into Russia's Cyber Espionage Operations](https://www.fireeye.com/resources/pdfs/apt28.pdf) | [:closed_book:](../../blob/master/2014/2014.10.28.APT28)
* Oct 27 - [Micro-Targeted Malvertising via Real-time Ad Bidding](http://www.invincea.com/wp-content/uploads/2014/10/Micro-Targeted-Malvertising-WP-10-27-14-1.pdf)
* Oct 27 - [[PWC] ScanBox framework whos affected, and whos using it?](http://pwc.blogs.com/cyber_security_updates/2014/10/scanbox-framework-whos-affected-and-whos-using-it-1.html) | [:closed_book:](../../blob/master/2014/2014.10.27.ScanBox_framework)
* Oct 27 - [Full Disclosure of Havex Trojans - ICS Havex backdoors](http://www.netresec.com/?page=Blog&month=2014-10&post=Full-Disclosure-of-Havex-Trojans)
@ -983,20 +983,20 @@ APT28 group](http://csecybsec.com/download/zlab/20180713_CSE_APT28_X-Agent_Op-Ro
* Oct 14 - [Group 72 (Axiom)](http://blogs.cisco.com/security/talos/threat-spotlight-group-72/)
* Oct 14 - [Derusbi Preliminary Analysis](http://www.novetta.com/wp-content/uploads/2014/11/Derusbi.pdf)
* Oct 14 - [Hikit Preliminary Analysis](http://www.novetta.com/wp-content/uploads/2014/11/HiKit.pdf)
* Oct 14 - [ZoxPNG Preliminary Analysis](http://www.novetta.com/wp-content/uploads/2014/11/ZoxPNG.pdf)
* Oct 14 - [[Novetta] ZoxPNG Preliminary Analysis](http://www.novetta.com/wp-content/uploads/2014/11/ZoxPNG.pdf) | [:closed_book:](../../blob/master/2014/2014.10.14.ZoxPNG)
* Oct 09 - [Democracy in Hong Kong Under Attack](http://www.volexity.com/blog/?p=33)
* Oct 03 - [New indicators for APT group Nitro](http://researchcenter.paloaltonetworks.com/2014/10/new-indicators-compromise-apt-group-nitro-uncovered/)
* Sep 26 - [BlackEnergy & Quedagh](https://www.f-secure.com/documents/996508/1030745/blackenergy_whitepaper.pdf)
* Sep 26 - [[F-Secure] BlackEnergy & Quedagh](https://www.f-secure.com/documents/996508/1030745/blackenergy_whitepaper.pdf) | [:closed_book:](../../blob/master/2014/2014.09.26.BlackEnergy_Quedagh)
* Sep 26 - [Aided Frame, Aided Direction (Sunshop Digital Quartermaster)](http://www.fireeye.com/blog/technical/2014/09/aided-frame-aided-direction-because-its-a-redirect.html)
* Sep 23 - [Ukraine and Poland Targeted by BlackEnergy (video)](https://www.youtube.com/watch?v=I77CGqQvPE4)
* Sep 19 - [[Palo Alto Networks] Watering Hole Attacks using Poison Ivy by "th3bug" group](http://researchcenter.paloaltonetworks.com/2014/09/recent-watering-hole-attacks-attributed-apt-group-th3bug-using-poison-ivy/) | [:closed_book:](../../blob/master/2014/2014.09.19.th3bug_Poison_Ivy)
* Sep 18 - [COSMICDUKE: Cosmu with a twist of MiniDuke](http://www.f-secure.com/documents/996508/1030745/cosmicduke_whitepaper.pdf)
* Sep 18 - [[F-Secure] COSMICDUKE: Cosmu with a twist of MiniDuke](http://www.f-secure.com/documents/996508/1030745/cosmicduke_whitepaper.pdf) | [:closed_book:](../../blob/master/2014/2014.09.18.COSMICDUKE)
* Sep 17 - [Chinese intrusions into key defense contractors](http://www.armed-services.senate.gov/press-releases/sasc-investigation-finds-chinese-intrusions-into-key-defense-contractors)
* Sep 10 - [Operation Quantum Entanglement](http://www.fireeye.com/resources/pdfs/white-papers/FireEye-operation-quantum-entanglement.pdf)
* Sep 10 - [[FireEye] Operation Quantum Entanglement](http://www.fireeye.com/resources/pdfs/white-papers/FireEye-operation-quantum-entanglement.pdf) | [:closed_book:](../../blob/master/2014/2014.09.10.Operation_Quantum_Entanglement)
* Sep 08 - [[Usenix] When Governments Hack Opponents: A Look at Actors and Technology](https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-marczak.pdf) [video](https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/marczak) | [:closed_book:](../../blob/master/2014/2014.09.08.When_Governments_Hack_Opponents)
* Sep 08 - [[Usenix] Targeted Threat Index: Characterizingand Quantifying Politically-MotivatedTargeted Malware](https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-hardy.pdf) [video](https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/hardy) | [:closed_book:](../../blob/master/2014/2014.09.08.Targeted_Threat_Index)
* Sep 04 - [Gholee a “Protective Edge” themed spear phishing campaign](http://www.clearskysec.com/gholee-a-protective-edge-themed-spear-phishing-campaign/) | [:closed_book:](../../blob/master//2014/2014.09.04.Gholee)
* Sep 04 - [Forced to Adapt: XSLCmd Backdoor Now on OS X](http://www.fireeye.com/blog/technical/malware-research/2014/09/forced-to-adapt-xslcmd-backdoor-now-on-os-x.html)
* Sep 04 - [Gholee a “Protective Edge” themed spear phishing campaign](http://www.clearskysec.com/gholee-a-protective-edge-themed-spear-phishing-campaign/) | [:closed_book:](../../blob/master/2014/2014.09.04.Gholee)
* Sep 04 - [[FireEye] Forced to Adapt: XSLCmd Backdoor Now on OS X](http://www.fireeye.com/blog/technical/malware-research/2014/09/forced-to-adapt-xslcmd-backdoor-now-on-os-x.html)| [:closed_book:](../../blob/master/2014/2014.09.04.XSLCmd_OSX)
* Sep 03 - [Darwins Favorite APT Group (APT12)](http://www.fireeye.com/blog/technical/botnet-activities-research/2014/09/darwins-favorite-apt-group-2.html)
* Aug 29 - [Syrian Malware Team Uses BlackWorm for Attacks](http://www.fireeye.com/blog/technical/2014/08/connecting-the-dots-syrian-malware-team-uses-blackworm-for-attacks.html)
* Aug 28 - [Scanbox: A Reconnaissance Framework Used with Watering Hole Attacks](https://www.alienvault.com/open-threat-exchange/blog/scanbox-a-reconnaissance-framework-used-on-watering-hole-attacks)
@ -1004,21 +1004,21 @@ APT28 group](http://csecybsec.com/download/zlab/20180713_CSE_APT28_X-Agent_Op-Ro
* Aug 27 - [NetTraveler APT Gets a Makeover for 10th Birthday](https://securelist.com/blog/research/66272/nettraveler-apt-gets-a-makeover-for-10th-birthday/)
* Aug 25 - [Vietnam APT Campaign](http://blog.malwaremustdie.org/2014/08/another-country-sponsored-malware.html)
* Aug 20 - [El Machete](https://securelist.com/blog/research/66108/el-machete/)
* Aug 18 - [The Syrian Malware House of Cards](https://securelist.com/blog/research/66051/the-syrian-malware-house-of-cards/) | [:closed_book:](../../blob/master//2014/2014.08.18.Syrian_Malware_House_of_Cards)
* Aug 13 - [A Look at Targeted Attacks Through the Lense of an NGO](http://www.mpi-sws.org/~stevens/pubs/sec14.pdf) | [:closed_book:](../../blob/master//2014/2014.08.13.TargetAttack.NGO)
* Aug 18 - [The Syrian Malware House of Cards](https://securelist.com/blog/research/66051/the-syrian-malware-house-of-cards/) | [:closed_book:](../../blob/master/2014/2014.08.18.Syrian_Malware_House_of_Cards)
* Aug 13 - [A Look at Targeted Attacks Through the Lense of an NGO](http://www.mpi-sws.org/~stevens/pubs/sec14.pdf) | [:closed_book:](../../blob/master/2014/2014.08.13.TargetAttack.NGO)
* Aug 12 - [New York Times Attackers Evolve Quickly (Aumlib/Ixeshe/APT12)](http://www.fireeye.com/blog/technical/2013/08/survival-of-the-fittest-new-york-times-attackers-evolve-quickly.html)
* Aug 07 - [The Epic Turla Operation Appendix](https://securelist.com/files/2014/08/KL_Epic_Turla_Technical_Appendix_20140806.pdf)
* Aug 07 - [[Kaspersky] The Epic Turla Operation Appendix](https://securelist.com/files/2014/08/KL_Epic_Turla_Technical_Appendix_20140806.pdf) | [:closed_book:](../../blob/master/2014/2014.08.07.Epic_Turla_Operation_Appendix)
* Aug 06 - [Operation Poisoned Hurricane](http://www.fireeye.com/blog/technical/targeted-attack/2014/08/operation-poisoned-hurricane.html)
* Aug 05 - [Operation Arachnophobia](http://threatc.s3-website-us-east-1.amazonaws.com/?/arachnophobia)
* Aug 04 - [Sidewinder Targeted Attack Against Android](http://www.fireeye.com/resources/pdfs/FireEye-sidewinder-targeted-attack.pdf)
* Aug 05 - [[ThreatConnect] Operation Arachnophobia](http://threatc.s3-website-us-east-1.amazonaws.com/?/arachnophobia) | [:closed_book:](../../blob/master/2014/2014.08.05.Operation_Arachnophobia)
* Aug 04 - [[FireEye] SIDEWINDER TARGETED ATTACK AGAINST ANDROID IN THE GOLDEN AGE OF AD LIBRARIES](http://www.fireeye.com/resources/pdfs/FireEye-sidewinder-targeted-attack.pdf) | [:closed_book:](../../blob/master/2014/2014.08.04.Sidewinder_GoldenAge)
* Jul 31 - [Energetic Bear/Crouching Yeti Appendix](http://25zbkz3k00wn2tp5092n6di7b5k.wpengine.netdna-cdn.com/files/2014/07/Kaspersky_Lab_crouching_yeti_appendixes_eng_final.pdf)
* Jul 31 - [Energetic Bear/Crouching Yeti](https://kasperskycontenthub.com/securelist/files/2014/07/EB-YetiJuly2014-Public.pdf)
* Jul 29 - [[Dell] Threat Group-3279 Targets the Video Game Industry](https://www.secureworks.com/research/threat-group-3279-targets-the-video-game-industry) | [:closed_book:](../../blob/master/2014/2014.07.29.Threat_Group-3279_Targets_the_Video_Game_Industry)
* Jul 20 - [[Vinsula] Sayad (Flying Kitten) Analysis & IOCs](http://vinsula.com/2014/07/20/sayad-flying-kitten-infostealer-malware/) | [:closed_book:](../../blob/master/2014/2014.07.20.Flying_Kitten)
* Jul 11 - [Pitty Tiger](https://bitbucket.org/cybertools/whitepapers/downloads/Pitty%20Tiger%20Final%20Report.pdf) | [:closed_book:](../../blob/master/2014/2014.07.11.Pitty_Tiger)
* Jul 10 - [TR-25 Analysis - Turla / Pfinet / Snake/ Uroburos](http://www.circl.lu/pub/tr-25/)
* Jul 10 - [[CIRCL] TR-25 Analysis - Turla / Pfinet / Snake/ Uroburos](http://www.circl.lu/pub/tr-25/) | [:closed_book:](../../blob/master/2014/2014.07.10.Turla_Pfinet_Snake_Uroburos)
* Jul 07 - [Deep Pandas, Deep in Thought: Chinese Targeting of National Security Think Tanks](http://blog.crowdstrike.com/deep-thought-chinese-targeting-national-security-think-tanks/) | [:closed_book:](../../blob/master/2014/2014.07.07.Deep_in_Thought)
* Jun 10 - [Anatomy of the Attack: Zombie Zero](http://www.trapx.com/wp-content/uploads/2014/07/TrapX_ZOMBIE_Report_Final.pdf)
* Jun 10 - [[TrapX] Anatomy of the Attack: Zombie Zero](http://www.trapx.com/wp-content/uploads/2014/07/TrapX_ZOMBIE_Report_Final.pdf) | [:closed_book:](../../blob/master/2014/2014.07.10.Zombie_Zero)
* Jun 30 - [Dragonfly: Cyberespionage Attacks Against Energy Suppliers](http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/Dragonfly_Threat_Against_Western_Energy_Suppliers.pdf)
* Jun 20 - [Embassy of Greece Beijing](http://thegoldenmessenger.blogspot.de/2014/06/blitzanalysis-embassy-of-greece-beijing.html)
* Jun 09 - [[CrowdStrike] Putter Panda](http://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf) | [:closed_book:](../../blob/master/2014/2014.06.09.Putter_Panda)
@ -1027,7 +1027,7 @@ APT28 group](http://csecybsec.com/download/zlab/20180713_CSE_APT28_X-Agent_Op-Ro
* May 21 - [RAT in jar: A phishing campaign using Unrecom](http://www.fidelissecurity.com/sites/default/files/FTA_1013_RAT_in_a_jar.pdf)
* May 20 - [Miniduke Twitter C&C](http://www.welivesecurity.com/2014/05/20/miniduke-still-duking/)
* May 13 - [CrowdStrike's report on Flying Kitten](http://blog.crowdstrike.com/cat-scratch-fever-crowdstrike-tracks-newly-reported-iranian-actor-flying-kitten/)
* May 13 - [Operation Saffron Rose (aka Flying Kitten)](http://www.fireeye.com/resources/pdfs/FireEye-operation-saffron-rose.pdf)
* May 13 - [[FireEye] Operation Saffron Rose (aka Flying Kitten)](http://www.fireeye.com/resources/pdfs/FireEye-operation-saffron-rose.pdf) | [:closed_book:](../../blob/master/2014/2014.05.13.Operation_Saffron_Rose)
* Apr 26 - [CVE-2014-1776: Operation Clandestine Fox](https://www.fireeye.com/blog/threat-research/2014/05/operation-clandestine-fox-now-attacking-windows-xp-using-recently-discovered-ie-vulnerability.html)
* Mar 12 - [[FireEye] A Detailed Examination of the Siesta Campaign](https://www.fireeye.com/blog/threat-research/2014/03/a-detailed-examination-of-the-siesta-campaign.html) | [:closed_book:](../../blob/master/2014/2014.03.12.Detailed_Siesta_Campaign)
* Mar 08 - [Russian spyware Turla](http://www.reuters.com/article/2014/03/07/us-russia-cyberespionage-insight-idUSBREA260YI20140307)
@ -1038,8 +1038,8 @@ APT28 group](http://csecybsec.com/download/zlab/20180713_CSE_APT28_X-Agent_Op-Ro
* Feb 23 - [Gathering in the Middle East, Operation STTEAM](http://www.fidelissecurity.com/sites/default/files/FTA%201012%20STTEAM%20Final.pdf)
* Feb 20 - [Mo' Shells Mo' Problems - Deep Panda Web Shells](http://www.crowdstrike.com/blog/mo-shells-mo-problems-deep-panda-web-shells/) | [:closed_book:](../../blob/master/2014/2014.02.20.deep-panda-webshells)
* Feb 20 - [[FireEye] Operation GreedyWonk: Multiple Economic and Foreign Policy Sites Compromised, Serving Up Flash Zero-Day Exploit](http://www.fireeye.com/blog/technical/targeted-attack/2014/02/operation-greedywonk-multiple-economic-and-foreign-policy-sites-compromised-serving-up-flash-zero-day-exploit.html) | [:closed_book:](../../blob/master/2014/2014.02.20.Operation_GreedyWonk)
* Feb 19 - [XtremeRAT: Nuisance or Threat?](http://www.fireeye.com/blog/technical/2014/02/xtremerat-nuisance-or-threat.html)
* Feb 19 - [The Monju Incident](http://contextis.com/resources/blog/context-threat-intelligence-monju-incident/)
* Feb 19 - [[FireEye] XtremeRAT: Nuisance or Threat?](http://www.fireeye.com/blog/technical/2014/02/xtremerat-nuisance-or-threat.html) | [:closed_book:](../../blob/master/2014/2014.02.19.XtremeRAT)
* Feb 19 - [[Context Information Security] The Monju Incident](http://contextis.com/resources/blog/context-threat-intelligence-monju-incident/) | [:closed_book:](../../blob/master/2014/2014.02.19.Monju_Incident)
* Feb 13 - [[FireEye] Operation SnowMan: DeputyDog Actor Compromises US Veterans of Foreign Wars Website](http://www.fireeye.com/blog/technical/cyber-exploits/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html) | [:closed_book:](../../blob/master/2014/2014.02.13_Operation_SnowMan)
* Feb 11 - [[Kaspersky] Unveiling "Careto" - The Masked APT](http://www.securelist.com/en/downloads/vlpdfs/unveilingthemask_v1.0.pdf) | [:closed_book:](../../blob/master/2014/2014.02.11_Careto_APT)
* Jan 31 - [Intruder File Report- Sneakernet Trojan](http://www.fidelissecurity.com/sites/default/files/FTA%201011%20Follow%20UP.pdf)