Mirrors
/
APT_CyberCriminal_Campagin_Collections
mirror of https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections
6
0
Fork 0
Code Issues Projects Releases Wiki Activity

2020.07.17.DRIDEX

This commit is contained in:
cybermonitor 2021-01-07 15:17:51 +08:00
parent 240d392c89
commit bd31e5896a
11 changed files with 10 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
2014/FTA 1001 FINAL 1.15.14.pdf → 2014/2014.01.15.Sneakernet_Trojan/FTA 1001 FINAL 1.15.14.pdf
View File

0
2014/FTA 1011 Follow UP.pdf → 2014/2014.01.31.Sneakernet_Trojan/FTA 1011 Follow UP.pdf
View File

0
2014/FTA 1012 STTEAM Final.pdf → 2014/2014.02.23.Operation_STTEAM/FTA 1012 STTEAM Final.pdf
View File

0
2014/FTA_1013_RAT_in_a_jar.pdf → 2014/2014.05.21.Unrecom_Rat/FTA_1013_RAT_in_a_jar.pdf
View File

0
2014/Dragonfly_Threat_Against_Western_Energy_Suppliers.pdf → 2014/2014.06.30.Dragonfly/Dragonfly_Threat_Against_Western_Energy_Suppliers.pdf
View File

0
2014/El_Machete.pdf → 2014/2014.08.20.El_Machete/El_Machete.pdf
View File

0
2014/Derusbi_Server_Analysis-Final.pdf → 2014/2014.10.14.Derusbi_Analysis/Derusbi_Server_Analysis-Final.pdf
View File

0
2014/GDATA_TooHash_CaseStudy_102014_EN_v1.pdf → 2014/2014.10.31.Operation_TooHash/GDATA_TooHash_CaseStudy_102014_EN_v1.pdf
View File

BIN
2014/FTA_1013_RAT_in_a_jar.pdf.1
View File

Binary file not shown.

BIN
2020/2020.07.17.DRIDEX/CERTFR-2020-CTI-008.pdf Normal file
View File

Binary file not shown.

19
README.md
View File

@ -113,6 +113,7 @@ Focus: Kimsuky](https://us-cert.cisa.gov/sites/default/files/publications/TLP-WH
* Jul 28 - [[Group-IB] JOLLY ROGERS PATRONS](https://www.group-ib.com/resources/threat-research/black-jack.html) | [:closed_book:](../../blob/master/2020/2020.07.28.black-jack)
* Jul 22 - [[Palo Alto Network] OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory](https://unit42.paloaltonetworks.com/oilrig-novel-c2-channel-steganography/) | [:closed_book:](../../blob/master/2020/2020.07.22.OilRig_Middle_Eastern_Telecommunication)
* Jul 22 - [[Kaspersky] MATA: Multi-platform targeted malware framework](https://securelist.com/mata-multi-platform-targeted-malware-framework/97746/) | [:closed_book:](../../blob/master/2020/2020.07.22_MATA_APT)
* Jul 17 - [[CERT-FR] THE MALWARE DRIDEX: ORIGINS AND USES](https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-008.pdf) | [:closed_book:](../../blob/master/2020/2020.07.17.DRIDEX)
* Jul 16 - [[NCSC] Advisory: APT29 targets COVID-19 vaccine development](https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development) | [:closed_book:](../../blob/master/2020/2020.07.16.apt29-targets-covid-19-vaccine-development)
* Jul 15 - [[F-Secure] THE FAKE CISCO: Hunting for backdoors in Counterfeit Cisco devices](https://labs.f-secure.com/assets/BlogFiles/2020-07-the-fake-cisco.pdf) | [:closed_book:](../../blob/master/2020/2020.07.15_the_Fake_CISCO)
* Jul 14 - [[Tesly] TURLA / VENOMOUS BEAR UPDATES ITS ARSENAL: “NEWPASS” APPEARS ON THE APT THREAT SCENE](https://www.telsy.com/turla-venomous-bear-updates-its-arsenal-newpass-appears-on-the-apt-threat-scene/) | [:closed_book:](../../blob/master/2020/2020.07.14_Turla_VENOMOUS_BEAR)
@ -979,7 +980,7 @@ APT28 group](http://csecybsec.com/download/zlab/20180713_CSE_APT28_X-Agent_Op-Ro
* Nov 10 - [[Kaspersky] The Darkhotel APT - A Story of Unusual Hospitality](https://securelist.com/blog/research/66779/the-darkhotel-apt/) | [:closed_book:](../../blob/master/2014/2014.11.10.Darkhotel)
* Nov 03 - [[FireEye] Operation Poisoned Handover: Unveiling Ties Between APT Activity in Hong Kongs Pro-Democracy Movement](http://www.fireeye.com/blog/technical/2014/11/operation-poisoned-handover-unveiling-ties-between-apt-activity-in-hong-kongs-pro-democracy-movement.html) | [:closed_book:](../../blob/master/2014/2014.11.03.Operation_Poisoned_Handover)
* Nov 03 - [New observations on BlackEnergy2 APT activity](https://securelist.com/blog/research/67353/be2-custom-plugins-router-abuse-and-target-profiles/)
* Oct 31 - [Operation TooHash](https://blog.gdatasoftware.com/blog/article/operation-toohash-how-targeted-attacks-work.html)
* Oct 31 - [[GData] Operation TooHash](https://blog.gdatasoftware.com/blog/article/operation-toohash-how-targeted-attacks-work.html) | [:closed_book:](../../blob/master/2014/2014.10.31.Operation_TooHash)
* Oct 30 - [[Sophos] The Rotten Tomato Campaign](http://blogs.sophos.com/2014/10/30/the-rotten-tomato-campaign-new-sophoslabs-research-on-apts/) | [:closed_book:](../../blob/master/2014/2014.10.30.Rotten_Tomato_Campaign)
* Oct 28 - [[CISCO] Group 72, Opening the ZxShell](http://blogs.cisco.com/talos/opening-zxshell/) | [:closed_book:](../../blob/master/2014/2014.10.28.Group_72_ZxShell)
* Oct 28 - [[FireEye] APT28 - A Window Into Russia's Cyber Espionage Operations](https://www.fireeye.com/resources/pdfs/apt28.pdf) | [:closed_book:](../../blob/master/2014/2014.10.28.APT28)
@ -993,7 +994,7 @@ APT28 group](http://csecybsec.com/download/zlab/20180713_CSE_APT28_X-Agent_Op-Ro
* Oct 20 - [[PWC] OrcaRAT - A whale of a tale](http://pwc.blogs.com/cyber_security_updates/2014/10/orcarat-a-whale-of-a-tale.html) | [:closed_book:](../../blob/master/2014/2014.10.20.OrcaRAT_tale)
* Oct 14 - [[iSightPartners] Sandworm - CVE-2104-4114](http://www.isightpartners.com/2014/10/cve-2014-4114/) | [:closed_book:](../../blob/master/2014/2014.10.14.Sandworm)
* Oct 14 - [[CISCO] Group 72](http://blogs.cisco.com/security/talos/threat-spotlight-group-72/) | [:closed_book:](../../blob/master/2014/2014.10.14.Group_72)
* Oct 14 - [Derusbi Preliminary Analysis](http://www.novetta.com/wp-content/uploads/2014/11/Derusbi.pdf)
* Oct 14 - [[Novetta] Derusbi Preliminary Analysis](http://www.novetta.com/wp-content/uploads/2014/11/Derusbi.pdf) | [:closed_book:](../../blob/master/2014/2014.10.14.Derusbi_Analysis)
* Oct 14 - [[Novetta] Hikit Preliminary Analysis](http://www.novetta.com/wp-content/uploads/2014/11/HiKit.pdf) | [:closed_book:](../../blob/master/2014/2014.10.14.Hikit_Preliminary_Analysis)
* Oct 14 - [[Novetta] ZoxPNG Preliminary Analysis](http://www.novetta.com/wp-content/uploads/2014/11/ZoxPNG.pdf) | [:closed_book:](../../blob/master/2014/2014.10.14.ZoxPNG)
* Oct 09 - [Democracy in Hong Kong Under Attack](http://www.volexity.com/blog/?p=33)
@ -1015,7 +1016,7 @@ APT28 group](http://csecybsec.com/download/zlab/20180713_CSE_APT28_X-Agent_Op-Ro
* Aug 27 - [North Koreas cyber threat landscape](http://h30499.www3.hp.com/hpeb/attachments/hpeb/off-by-on-software-security-blog/388/2/HPSR%20SecurityBriefing_Episode16_NorthKorea.pdf)
* Aug 27 - [[Kaspersky] NetTraveler APT Gets a Makeover for 10th Birthday](https://securelist.com/blog/research/66272/nettraveler-apt-gets-a-makeover-for-10th-birthday/) | [:closed_book:](../../blob/master/2014/2014.08.27.NetTraveler)
* Aug 25 - [Vietnam APT Campaign](http://blog.malwaremustdie.org/2014/08/another-country-sponsored-malware.html)
* Aug 20 - [El Machete](https://securelist.com/blog/research/66108/el-machete/)
* Aug 20 - [[Kaspersky] El Machete](https://securelist.com/blog/research/66108/el-machete/) | [:closed_book:](../../blob/master/2014/2014.08.20.El_Machete)
* Aug 18 - [[Kaspersky] The Syrian Malware House of Cards](https://securelist.com/blog/research/66051/the-syrian-malware-house-of-cards/) | [:closed_book:](../../blob/master/2014/2014.08.18.Syrian_Malware_House_of_Cards)
* Aug 16 - [[HP] Profiling an enigma: The mystery of North Koreas cyber threat landscape](https://time.com/wp-content/uploads/2014/12/hpsr_securitybriefing_episode16_northkorea.pdf) | [:closed_book:](../../blob/master/2014/2014.08.16.North_Korea_cyber_threat_landscape)
* Aug 13 - [[USENIX] A Look at Targeted Attacks Through the Lense of an NGO](http://www.mpi-sws.org/~stevens/pubs/sec14.pdf) | [:closed_book:](../../blob/master/2014/2014.08.13.TargetAttack.NGO)
@ -1030,13 +1031,13 @@ APT28 group](http://csecybsec.com/download/zlab/20180713_CSE_APT28_X-Agent_Op-Ro
* Jul 11 - [Pitty Tiger](https://bitbucket.org/cybertools/whitepapers/downloads/Pitty%20Tiger%20Final%20Report.pdf) | [:closed_book:](../../blob/master/2014/2014.07.11.Pitty_Tiger)
* Jul 10 - [[CIRCL] TR-25 Analysis - Turla / Pfinet / Snake/ Uroburos](http://www.circl.lu/pub/tr-25/) | [:closed_book:](../../blob/master/2014/2014.07.10.Turla_Pfinet_Snake_Uroburos)
* Jul 07 - [Deep Pandas, Deep in Thought: Chinese Targeting of National Security Think Tanks](http://blog.crowdstrike.com/deep-thought-chinese-targeting-national-security-think-tanks/) | [:closed_book:](../../blob/master/2014/2014.07.07.Deep_in_Thought)
* Jun 10 - [[TrapX] Anatomy of the Attack: Zombie Zero](http://www.trapx.com/wp-content/uploads/2014/07/TrapX_ZOMBIE_Report_Final.pdf) | [:closed_book:](../../blob/master/2014/2014.07.10.Zombie_Zero)
* Jun 30 - [Dragonfly: Cyberespionage Attacks Against Energy Suppliers](http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/Dragonfly_Threat_Against_Western_Energy_Suppliers.pdf)
* Jul 10 - [[TrapX] Anatomy of the Attack: Zombie Zero](http://www.trapx.com/wp-content/uploads/2014/07/TrapX_ZOMBIE_Report_Final.pdf) | [:closed_book:](../../blob/master/2014/2014.07.10.Zombie_Zero)
* Jun 30 - [[Symantec] Dragonfly: Cyberespionage Attacks Against Energy Suppliers](http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/Dragonfly_Threat_Against_Western_Energy_Suppliers.pdf) | [:closed_book:](../../blob/master/2014/2014.06.30.Dragonfly)
* Jun 20 - [Embassy of Greece Beijing](http://thegoldenmessenger.blogspot.de/2014/06/blitzanalysis-embassy-of-greece-beijing.html)
* Jun 09 - [[CrowdStrike] Putter Panda](http://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf) | [:closed_book:](../../blob/master/2014/2014.06.09.Putter_Panda)
* Jun 06 - [Illuminating The Etumbot APT Backdoor (APT12)](http://www.arbornetworks.com/asert/wp-content/uploads/2014/06/ASERT-Threat-Intelligence-Brief-2014-07-Illuminating-Etumbot-APT.pdf)
* May 28 - [NewsCaster_An_Iranian_Threat_Within_Social_Networks](https://www.isightpartners.com/2014/05/newscaster-iranian-threat-inside-social-media/) | [:closed_book:](../../blob/master/2014/2014.05.28.NewsCaster_An_Iranian_Threat_Within_Social_Networks)
* May 21 - [RAT in jar: A phishing campaign using Unrecom](http://www.fidelissecurity.com/sites/default/files/FTA_1013_RAT_in_a_jar.pdf)
* May 21 - [[Fidelis] RAT in jar: A phishing campaign using Unrecom](http://www.fidelissecurity.com/sites/default/files/FTA_1013_RAT_in_a_jar.pdf) | [:closed_book:](../../blob/master/2014/2014.05.21.Unrecom_Rat)
* May 20 - [[ESET] Miniduke Twitter C&C](http://www.welivesecurity.com/2014/05/20/miniduke-still-duking/) | [:closed_book:](../../blob/master/2014/2014.05.20.Miniduke_Twitter_CnC)
* May 13 - [CrowdStrike's report on Flying Kitten](http://blog.crowdstrike.com/cat-scratch-fever-crowdstrike-tracks-newly-reported-iranian-actor-flying-kitten/)
* May 13 - [[FireEye] Operation Saffron Rose (aka Flying Kitten)](http://www.fireeye.com/resources/pdfs/FireEye-operation-saffron-rose.pdf) | [:closed_book:](../../blob/master/2014/2014.05.13.Operation_Saffron_Rose)
@ -1047,16 +1048,16 @@ APT28 group](http://csecybsec.com/download/zlab/20180713_CSE_APT28_X-Agent_Op-Ro
* Mar 06 - [[Trend Micro] The Siesta Campaign](http://blog.trendmicro.com/trendlabs-security-intelligence/the-siesta-campaign-a-new-targeted-attack-awakens/) | [:closed_book:](../../blob/master/2014/2014.03.06.The_Siesta_Campaign)
* Feb 28 - [[GData] Uroburos: Highly complex espionage software with Russian roots](https://public.gdatasoftware.com/Web/Content/INT/Blog/2014/02_2014/documents/GData_Uroburos_RedPaper_EN_v1.pdf) | [:closed_book:](../../blob/master/2014/2014.02.28.Uroburos)
* Feb 25 - [The French Connection: French Aerospace-Focused CVE-2014-0322 Attack Shares Similarities with 2012 Capstone Turbine Activity](http://blog.crowdstrike.com/french-connection-french-aerospace-focused-cve-2014-0322-attack-shares-similarities-2012/) | [:closed_book:](../../blob/master/2014/2014.02.25.The_French_Connection)
* Feb 23 - [Gathering in the Middle East, Operation STTEAM](http://www.fidelissecurity.com/sites/default/files/FTA%201012%20STTEAM%20Final.pdf)
* Feb 23 - [[Fidelis] Gathering in the Middle East, Operation STTEAM](http://www.fidelissecurity.com/sites/default/files/FTA%201012%20STTEAM%20Final.pdf) | [:closed_book:](../../blob/master/2014/2014.02.23.Operation_STTEAM)
* Feb 20 - [Mo' Shells Mo' Problems - Deep Panda Web Shells](http://www.crowdstrike.com/blog/mo-shells-mo-problems-deep-panda-web-shells/) | [:closed_book:](../../blob/master/2014/2014.02.20.deep-panda-webshells)
* Feb 20 - [[FireEye] Operation GreedyWonk: Multiple Economic and Foreign Policy Sites Compromised, Serving Up Flash Zero-Day Exploit](http://www.fireeye.com/blog/technical/targeted-attack/2014/02/operation-greedywonk-multiple-economic-and-foreign-policy-sites-compromised-serving-up-flash-zero-day-exploit.html) | [:closed_book:](../../blob/master/2014/2014.02.20.Operation_GreedyWonk)
* Feb 19 - [[FireEye] XtremeRAT: Nuisance or Threat?](http://www.fireeye.com/blog/technical/2014/02/xtremerat-nuisance-or-threat.html) | [:closed_book:](../../blob/master/2014/2014.02.19.XtremeRAT)
* Feb 19 - [[Context Information Security] The Monju Incident](http://contextis.com/resources/blog/context-threat-intelligence-monju-incident/) | [:closed_book:](../../blob/master/2014/2014.02.19.Monju_Incident)
* Feb 13 - [[FireEye] Operation SnowMan: DeputyDog Actor Compromises US Veterans of Foreign Wars Website](http://www.fireeye.com/blog/technical/cyber-exploits/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html) | [:closed_book:](../../blob/master/2014/2014.02.13_Operation_SnowMan)
* Feb 11 - [[Kaspersky] Unveiling "Careto" - The Masked APT](http://www.securelist.com/en/downloads/vlpdfs/unveilingthemask_v1.0.pdf) | [:closed_book:](../../blob/master/2014/2014.02.11_Careto_APT)
* Jan 31 - [Intruder File Report- Sneakernet Trojan](http://www.fidelissecurity.com/sites/default/files/FTA%201011%20Follow%20UP.pdf)
* Jan 31 - [[Fidelis] Intruder File Report- Sneakernet Trojan](http://www.fidelissecurity.com/sites/default/files/FTA%201011%20Follow%20UP.pdf) | [:closed_book:](../../blob/master/2014/2014.01.31.Sneakernet_Trojan)
* Jan 21 - [[RSA] Shell_Crew (Deep Panda)](http://www.emc.com/collateral/white-papers/h12756-wp-shell-crew.pdf) | [:closed_book:](../../blob/master/2014/2014.01.21.Shell_Crew)
* Jan 15 - [“New'CDTO:'A'Sneakernet'Trojan'Solution](http://www.fidelissecurity.com/sites/default/files/FTA%201001%20FINAL%201.15.14.pdf)
* Jan 15 - [[Fidelis] New CDTO: A Sneakernet Trojan Solution](http://www.fidelissecurity.com/sites/default/files/FTA%201001%20FINAL%201.15.14.pdf) | [:closed_book:](../../blob/master/2014/2014.01.15.Sneakernet_Trojan)
* Jan 14 - [The Icefog APT Hits US Targets With Java Backdoor](https://www.securelist.com/en/blog/208214213/The_Icefog_APT_Hits_US_Targets_With_Java_Backdoor)
* Jan 13 - [[Symantec] Targeted attacks against the Energy Sector](http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/targeted_attacks_against_the_energy_sector.pdf) | [:closed_book:](../../blob/master/2014/2014.01.13.Targeted_Attacks_Energy_Sector)
* Jan 06 - [PlugX: some uncovered points](http://blog.cassidiancybersecurity.com/2014/01/plugx-some-uncovered-points.html)