From e4cb9cc9aa7ac4e27247a680f69cff767fc827a2 Mon Sep 17 00:00:00 2001 From: Robert Haist Date: Tue, 27 Dec 2022 17:57:51 +0100 Subject: [PATCH] Fixes for PYPDF2 --- index.csv | 1533 +++++++++++++++++++++++++++++++++++++++ index/generate_index.py | 15 +- 2 files changed, 1541 insertions(+), 7 deletions(-) diff --git a/index.csv b/index.csv index 4957565..20f157a 100755 --- a/index.csv +++ b/index.csv @@ -1 +1,1534 @@ Published,SHA-1,Filename,Download URL +0001-01-01,725568c41fa9f1d7e8a2226e71e5b2a39fd08121,C5_APT_ADecadeInReview,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2011/2011.06.APT/C5_APT_ADecadeInReview.pdf +0001-01-01,940615997789ceefea673c8a248829338c6ed7b0,crowdstrike-deep-panda-report,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.00.00.Deep.Panda/crowdstrike-deep-panda-report.pdf +2008-08-10,2fbd7813367fad45e7fd1922381a05e27b0e9673,CYBERWAR-fd_2_,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2008/2008.08.10.Russian_Cyberwar_on_Georgia/CYBERWAR-fd_2_.pdf +2008-10-02,3e6399a4b608bbd99dd81bd2be4cd49731362b5e,Cyberwar,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2008/2008.10.02.China_Cyber_Warfare/Cyberwar.pdf +2008-11-04,21ff0c24d2c1f9fc3ffbd7c5f12d0ba62674954e,a492659,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2008/2008.11.04.China_Electornic_Long_Range_Reconnaissance/a492659.pdf +2008-11-04,3cb34c41fbc409d992dcab6a1655076494ffcf58,chinas-electronic,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2008/2008.CHINA_CHINA_CYBER_WARFARE/chinas-electronic.pdf +2008-11-19,5d9541526e38d6ff91775c82f5e98090064d6fc9,army-bans-usb-d,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2008/2008.11.19.UNDER_WORM_ASSAULT/army-bans-usb-d.pdf +2009-01-18,b0f5f77865f24c5064f78ed7cd30bbdf2c111945,Ashmore - Impact of Alleged Russian Cyber Attacks ,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2009/2009.01.18.Russian_Cyber_Attacks/Ashmore%20-%20Impact%20of%20Alleged%20Russian%20Cyber%20Attacks%20.pdf +2009-03-29,28dd92f598e7d8987d8236767856c70be4f7e85f,ghostnet,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2009/2009.03.29.GhostNet/ghostnet.pdf +2009-06-18,f56db4d90d6d5aa8f3bf52b1239cdbe41d6a4268,DECLAWING THE DRAGON,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/historical/2009/DECLAWING%20THE%20DRAGON.pdf +2009-10-19,53094d0eb6013f0ec9691444d1b2bdd80e9b718d,Cyber-030,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2009/2009.10.19.Capability_China_Cyber_Warfare/Cyber-030.pdf +2010-01-12,751384456df3630063f0b2a0a39868d468092f65,Operation Aurora,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2010/2010.01.12.Operation_Aurora/Operation%20Aurora.pdf +2010-01-13,9a7a1d3f7719c02dced8633ac0bf43d6e9ec7a1b,Aurora_Botnet_Command_Structure,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2010/2010.01.13.Aurora_Botnet/Aurora_Botnet_Command_Structure.pdf +2010-01-20,52123660be8b8cad9d46244f669f2cfd96101750,Combating Threats - Operation Aurora,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2010/2010.01.20.Combating_Aurora/Combating%20Threats%20-%20Operation%20Aurora.pdf +2010-01-26,1001e5c45200e0f138e9e9d508afc31c475d6ce7,how_can_u_tell_Aurora,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2010/2010.01.26.Operation_Aurora_IoC/how_can_u_tell_Aurora.pdf +2010-01-27,3494bd514034f0658ec66b2f515cd9a60c51a8e7,Aurora_HBGARY_DRAFT,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2010/2010.01.27.Operation_Aurora_Detect_Diagnose_Respond/Aurora_HBGARY_DRAFT.pdf +2010-02-10,4d9c8ecae38f217729cf8a9df934e7cc5de2ae1a,"WhitePaper HBGary Threat Report, Operation Aurora",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2010/2010.02.10.Threat_Report_Operation_Aurora/WhitePaper%20HBGary%20Threat%20Report%2C%20Operation%20Aurora.pdf +2010-03-14,6eb3094ecab54a8b80932f4bec263696f849ca77,in-depth_analysis_of_hydraq_final_231538,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2010/2010.03.14.Hydraq/in-depth_analysis_of_hydraq_final_231538.pdf +2010-04-06,8a982bc5c8303440faa4d5672a38bb7a613c382b,shadows-in-the-cloud,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2010/2010.04.06.Shadows_in_the_cloud/shadows-in-the-cloud.pdf +2010-09-03,c7d0387067ba747e3a3d9b43b7349d7888bf574e,MSUpdaterTrojanWhitepaper,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2010/2010.09.03.MSUpdater.Trojan/MSUpdaterTrojanWhitepaper.pdf +2010-09-21,510f1b2342f3ca3dd24179821eb451488d6e9722,Case_Study_Operation_Aurora_V11,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2010/2010.01.Case_Study_Operation_Aurora/Case_Study_Operation_Aurora_V11.pdf +2010-09-30,93c9ad9c9d9e1d882d56d8ceb1aa684d147d0a78,w32_stuxnet_dossier,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2010/2010.09.30.W32.Stuxnet_Dossier/w32_stuxnet_dossier.pdf +2010-12-09,87f9c1bed271cc832c0fed2ddcde55e72f9801dd,R41524,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2010/2010.12.09.Stuxnet_Worm/R41524.pdf +2011-02-10,e0fce95ccdb9c400f2dd3859ebe268f5bc7877ce,wp-global-energy-cyberattacks-night-dragon,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2011/2011.02.10.Night_Dragon/wp-global-energy-cyberattacks-night-dragon.pdf +2011-02-18,1fe534fe68fe1a93ef2b536f1365219653b560ee,Alerts DL-2011 Alerts-A-2011-02-18-01 Night Dragon Attachment 1,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2011/2011.02.18.Night_Dragon.Specific/Alerts%20DL-2011%20Alerts-A-2011-02-18-01%20Night%20Dragon%20Attachment%201.pdf +2011-04-13,c35971b70eec914e14691b17b531aedc1f142217,CyberEspionage,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/historical/2011/CyberEspionage.pdf +2011-04-20,4c1b1b0da537c482d359bf75435cb8abb1df7093,Stuxnet_Under_the_Microscope,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2011/2011.04.20.Stuxnet/Stuxnet_Under_the_Microscope.pdf +2011-06-23,db15d399006eb4b59465463484b85071881a89f6,vol7no2Ball,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/historical/2011/vol7no2Ball.pdf +2011-08-02,254132938c6ff6eeaa5e3b1e8d8d506472c028b7,shady_rat_vanity,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2011/2011.08.02.Operation_Shady_RAT_Vanity/shady_rat_vanity.pdf +2011-08-03,1461452398e57d541209eb6bc29e0743369b373b,HTran_and_the_Advanced_Persistent_Threat,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2011/2011.08.03.HTran/HTran_and_the_Advanced_Persistent_Threat.pdf +2011-08-04,deb92a55dffa951697d3367750df2cf8e4480f8f,wp-operation-shady-rat,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2011/2011.08.04.Operation_Shady_RAT/wp-operation-shady-rat.pdf +2011-09-09,83564e2939b4f62a4ff82c435adba86699cfc753,FTA1001-The_RSA_Hack,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2011/2011.09.09.RSA_Hack/FTA1001-The_RSA_Hack.pdf +2011-09-11,2b98220caf158d1c4f6d72abbc379899e35edc4d,C5_APT_SKHack,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2011/2011.09.11.SK_Hack/C5_APT_SKHack.pdf +2011-09-22,23f1f9e5771be71725fa19487da59f6779f5ee3f,wp_dissecting-lurid-apt,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2011/2011.09.22.LURID_Downloader/wp_dissecting-lurid-apt.pdf +2011-10-03,2be5fe12ee54448d9e5dfa943ebcfcf44a115181,enter-the-cyberdragon,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/historical/2011/enter-the-cyberdragon.pdf +2011-10-12,fd81d98729029a483e0c5c69d908ab96014edbe5,tb_advanced_persistent_threats,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2011/2011.10.12.1.php.group/tb_advanced_persistent_threats.pdf +2011-10-26,c59b324139b965677a9933f7435b5ac34ca40126,Duqu_Trojan_Questions_and_Answers,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2011/2011.10.26.Duqu/Duqu_Trojan_Questions_and_Answers.pdf +2011-10-26,f4231f388207b578c46b126e14d5ed4f9b405424,Evolution_Drivers_Duqu_Stuxnet,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2011/2011.10.26.Duqu/Evolution_Drivers_Duqu_Stuxnet.pdf +2011-10-31,f26ddf5c622dd52fc46cd46813c9552a08214587,the_nitro_attacks,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2011/2011.10.31.Nitro/the_nitro_attacks.pdf +2011-11-15,02e2959da1d4522c2d94ffbc7a1871470b2f7912,Faces_Ghost_RAT,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2011/2011.11.15.Many_Faces_Gh0st_Rat/Faces_Ghost_RAT.pdf +2011-12-08,b0ac3fce955bb8361b98a791919d639b18877d56,Palebot_Palestinian_credentials,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2011/2011.12.08.Palebot_Trojan/Palebot_Palestinian_credentials.pdf +2012-01-03,a486fb5b0b485796f0b2d1248c948e7c64c6b49a,wp_the-heartbeat-apt-campaign,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2012/2012.01.03.HeartBeat_APT/wp_the-heartbeat-apt-campaign.pdf +2012-02-03,f8b1d371008a2108bb7ded054b7b0b7cdc4d5295,C5_APT_C2InTheFifthDomain,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2012/2012.02.03.Fifth_Domain_CnC/C5_APT_C2InTheFifthDomain.pdf +2012-02-29,771d703ce533bea8dbece799705ce8e61717a8a5,The_Sin_Digoo_Affair,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2012/2012.02.29.Sin_Digoo_Affair/The_Sin_Digoo_Affair.pdf +2012-03-12,75c240fb4334b2307b56c336284acad112e40063,Crouching_tiger_hidden_dragon,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2012/2012.03.12.Crouching_Tiger/Crouching_tiger_hidden_dragon.pdf +2012-03-13,50511389957f7c2e0127031d8633724ae05354f3,Crypto-DarkComet-Report,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2012/2012.03.13.DarkComet_RAT/Crypto-DarkComet-Report.pdf +2012-03-26,bdb218fdc0cce0bc57f77a9a1e6d3cc7e81b55f9,wp_luckycat_redux,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2012/2012.03.26.Luckycat_Redux/wp_luckycat_redux.pdf +2012-04-10,5dba7529dfdcd435578dad0c219da02da54b28a0,Know Your Digital Enemy,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2012/2012.04.10.Gh0st_RAT/Know%20Your%20Digital%20Enemy.pdf +2012-04-16,0b792ff94ca71eeb71aba780286f7c4bf9f75b40,OSX_SabPub,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2012/2012.04.16.OSX.SabPub/OSX_SabPub.pdf +2012-05-18,0120f4f065c62bcd218bbc21bc729bd3645adf14,w32_flamer_newsforyou,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2012/2012.05.18.Flamer_CnC/w32_flamer_newsforyou.pdf +2012-05-22,c00b7449b733f070c148c5b6c0a4df087a3f34f1,wp_ixeshe,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2012/2012.05.22.IXESHE/wp_ixeshe.pdf +2012-05-31,6e4df95a65ad848c8192c7c76ed35d622764cab3,skywiper,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2012/2012.05.31.Flame_sKyWIper/skywiper.pdf +2012-07-10,61c047476369c5069e39f3d06825d847d924d216,Tibet_Lurk,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2012/2012.07.10.SE_LURK_Malware/Tibet_Lurk.pdf +2012-07-11,983e09b7e903852529a53e7973fa8b91ac818ec2,dark-comet-syrian-spy-tool,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2012/2012.07.11.DarkComet_Creator/dark-comet-syrian-spy-tool.pdf +2012-07-25,6d0de3e44a012f45a7b56a9862d1d67ef8bfd7e8,From-Bahrain-With-Love-FinFishers-Spy-Kit-Exposed,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2012/2012.07.25.FinFisher_Spy_Kit/From-Bahrain-With-Love-FinFishers-Spy-Kit-Exposed.pdf +2012-07-27,51b16ee4bb04d663a4c67e23e3d3bf816ae12207,The_Madi_Infostealers,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2012/2012.07.27.Madi_Campaign/The_Madi_Infostealers.pdf +2012-08-09,4c9c37199b1e1da37d0dae56f7a6469e0b0a4c6e,kaspersky-lab-gauss,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2012/2012.08.09.Gauss/kaspersky-lab-gauss.pdf +2012-08-18,5fc09310938d289541ffe01a218ae644abe2495d,wp_the_taidoor_campaign,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2012/2012.08.18.Taidoor_Campaign/wp_the_taidoor_campaign.pdf +2012-08-19,2ca545418f9fefe1c4dd96feeeff256adbb97e6f,ByeBye Shell and the targeting of Pakistan,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2012/2012.08.19.ByeBye_Shell/ByeBye%20Shell%20and%20the%20targeting%20of%20Pakistan.pdf +2012-09-06,ce7a662c0f822536e6beff4856f701d28137c8e1,the-elderwood-project,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2012/2012.09.06.Elderwood/the-elderwood-project.pdf +2012-09-07,bd6f3f93d3c87e78149d766b2613ed9e18bc2620,IEXPL0RE_RAT,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2012/2012.09.07.IEXPLORE_RAT/IEXPL0RE_RAT.pdf +2012-09-12,759e45d0b495ec23949b3324fd543df7e450afdc,VOHO_WP_FINAL_READY-FOR-Publication-09242012_AC,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2012/2012.09.12.VOHO_Campaign/VOHO_WP_FINAL_READY-FOR-Publication-09242012_AC.pdf +2012-09-18,cfd4451a15223fdf667285b12a8829a4b409495a,The_Mirage_Campaign,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2012/2012.09.18.Mirage_Campaign/The_Mirage_Campaign.pdf +2012-10-08,203258819d7fbffdfae2c5df96d71254a2816ca6,PEST-CONTROL,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2012/2012.10.08.Pest_Control/PEST-CONTROL.pdf +2012-10-27,c32627e18128fbf249a084272310996d1b794bb5,trojan_taidoor-targeting_think_tanks,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2012/2012.10.27.Taidoor/trojan_taidoor-targeting_think_tanks.pdf +2012-10-31,340b8d20ea5489bf3cfbe390dacc01237f11034b,Cyber_Espionage_Against_Georgian_Government,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2012/2012.10.31.CYBER_ESPIONAGE_Georbot_Botnet/Cyber_Espionage_Against_Georgian_Government.pdf +2012-11-01,4477f8bb9e82fa99d4c0f1d57720f5856b8ee9f8,FTA 1007 - Shamoon,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2012/2012.11.01.RECOVERING_FROM_SHAMOON/FTA%201007%20-%20Shamoon.pdf +2012-11-03,299a326641766c588a04f990927f795ecc31726f,Cyberattack_against_Israeli_and_Palestinian_targets,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2012/2012.11.03.Israeli_and_Palestinian_Attack/Cyberattack_against_Israeli_and_Palestinian_targets.pdf +2012-11-13,5276375276d632b9a43037ef9a99221b81cb1a61,fireeye-poison-ivy-report,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2012/2012.11.13.Poison_Ivy/fireeye-poison-ivy-report.pdf +2012-11-13,e802d6f06085f22242a66b06c785315e1c63c070,WickedRose_andNCPH,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2006/2006.Wicked_Rose/WickedRose_andNCPH.pdf +2013-01-02,7ddab1f54ef0ba0a48efdb7ca39ddcc82f0a84d6,fireeye-malware-supply-chain,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.01.02.SUPPLY_CHAIN_ANALYSIS/fireeye-malware-supply-chain.pdf +2013-01-14,10c2d6c60b4a34422a12c7583624c4764b815ba6,securelist.com-Red October Detailed Malware Description 3 Second Stage of Attack,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.01.14.Red_October_Campaign/securelist.com-Red%20October%20Detailed%20Malware%20Description%203%20Second%20Stage%20of%20Attack.pdf +2013-01-14,89cfdc989240721e191029bc3636aabaddaa84b8,securelist.com-Red October Detailed Malware Description 1 First Stage of Attack,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.01.14.Red_October_Campaign/securelist.com-Red%20October%20Detailed%20Malware%20Description%201%20First%20Stage%20of%20Attack.pdf +2013-01-14,9fd39a98ef48a12695acf4bc6e1c595055c471eb,securelist.com-Red October Detailed Malware Description 5 Second Stage of Attack,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.01.14.Red_October_Campaign/securelist.com-Red%20October%20Detailed%20Malware%20Description%205%20Second%20Stage%20of%20Attack.pdf +2013-01-14,b64a571a29d1c2cfc40b6b6cef50a95e6ce3b455,Securelist_RedOctober,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.01.14.Red_October_Campaign/Securelist_RedOctober.pdf +2013-01-14,c38d19048cb7d66480d4e12c61fc0c3c8ebbc78d,securelist.com-Red October Detailed Malware Description 4 Second Stage of Attack,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.01.14.Red_October_Campaign/securelist.com-Red%20October%20Detailed%20Malware%20Description%204%20Second%20Stage%20of%20Attack.pdf +2013-01-14,caaf84ec5a1f8b12a1d849660e25bf304baec135,securelist.com-Red October Diplomatic Cyber Attacks Investigation,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.01.14.Red_October_Campaign/securelist.com-Red%20October%20Diplomatic%20Cyber%20Attacks%20Investigation.pdf +2013-01-14,e2b327a479a7e3c4fa7a3a34782bf7bca51f597d,securelist.com-Red October Detailed Malware Description 2 Second Stage of Attack,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.01.14.Red_October_Campaign/securelist.com-Red%20October%20Detailed%20Malware%20Description%202%20Second%20Stage%20of%20Attack.pdf +2013-01-14,f9e75ac3b51ec2dd195a2fd82743530f9534dd40,Securelist_RedOctober_Detail,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.01.14.Red_October_Campaign/Securelist_RedOctober_Detail.pdf +2013-01-18,b6217ea7fe6b4dd5e27b2a1b4b84432db2e1b2f3,McAfee_Labs_Threat_Advisory_Exploit_Operation_Red_Oct,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.01.18.Operation_Red_Oct/McAfee_Labs_Threat_Advisory_Exploit_Operation_Red_Oct.pdf +2013-02-12,100df21fed6fcf08b0982cfdf55463608613a2e2,Presentation_Targeted-Attacks_EN,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.02.12.Targeted-Attacks/Presentation_Targeted-Attacks_EN.pdf +2013-02-18,3974687624eb85cdcf1fc9ccfb68eea052971e84,Mandiant_APT1_Report,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.02.18.APT1/Mandiant_APT1_Report.pdf +2013-02-22,349984643361273d5d3b638e369c45cbb409676c,comment_crew_indicators_of_compromise,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.02.22.Comment_Crew/comment_crew_indicators_of_compromise.pdf +2013-02-26,712311f4cacd476100c7ef037e3accc740558920,stuxnet_0_5_the_missing_link,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.02.26.Stuxnet_0.5/stuxnet_0_5_the_missing_link.pdf +2013-02-27,2d3fb67fd870f192c38bd8e51344d45645794623,miniduke_indicators_public,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.02.27.MiniDuke_Indicators/miniduke_indicators_public.pdf +2013-02-27,c6dff7f0864e36e3dcc1be12747d26fb8072b52c,themysteryofthepdf0-dayassemblermicrobackdoor,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.02.27.MiniDuke_Mystery/themysteryofthepdf0-dayassemblermicrobackdoor.pdf +2013-03-13,e33abbd24c9cbb57b3b4a97df165766e1fb42eeb,15-2013-youonlyclicktwice,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.03.13.FinFisher/15-2013-youonlyclicktwice.pdf +2013-03-17,334b4ee90a30c9ab9dcc6e3596f15f0dcb02486d,Safe-a-targeted-threat,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.03.17.Targeted_Threat/Safe-a-targeted-threat.pdf +2013-03-20,57a17587785f54a103ea970277bd7c4cc179a82c,theteamspystory_final_t2,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.03.20.TeamSpy_Crew/theteamspystory_final_t2.pdf +2013-03-20,c6ce890a544b01e5dafd4add9326b4178424c4e2,dissecting-operation-troy,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.03.20.Operation_Troy/dissecting-operation-troy.pdf +2013-03-21,c0d85dfff9ce55913cea8ed1d04b0a7e17336636,FTA 1008 - Darkseoul-Jokra Analysis and Recovery,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.03.21.Darkseoul/FTA%201008%20-%20Darkseoul-Jokra%20Analysis%20and%20Recovery.pdf +2013-03-27,26353a7703ce0b186450134a5321ac37d1405380,RAP002_APT1_Technical_backstage.1.0,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.03.27.APT1_technical_backstage/RAP002_APT1_Technical_backstage.1.0.pdf +2013-03-28,875abf02dad2a434d708e495ffc8afe4b2500aae,tr-12-circl-plugx-analysis-v1,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.03.28.TR-12_PlugX_malware/tr-12-circl-plugx-analysis-v1.pdf +2013-04-01,85ef5daf99603da833a32245fd120028829a666f,Trojan.APT.BaneChant,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.04.01.APT_BaneChant/Trojan.APT.BaneChant.pdf +2013-04-07,5ff5d49650b4fa5988f435f60434744a7bcaee48,fireeye-wwc-report,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.04.07_WORLD_WAR_C/fireeye-wwc-report.pdf +2013-04-07,ba88d1caa77dba3b80228a524cdd60a872d0d06b,fireeye-wwc-report_en,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.04.07_WORLD_WAR_C/fireeye-wwc-report_en.pdf +2013-04-13,3a34d6152f2d287f58e67a03d96408b74d5c470e,winnti-more-than-just-a-game-130410,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.04.13.Winnti/winnti-more-than-just-a-game-130410.pdf +2013-04-21,d88b186085918e2039514caa21a4017aafc556d1,MiniDuke_Paper_Final,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.04.21.MiniDuke/MiniDuke_Paper_Final.pdf +2013-05-16,ac49429483d9005f38f5202b77e8bf79c524e22b,welivesecurity.com-Targeted information stealing attacks in South Asia use email signed binaries,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.05.16.targeted-threat-pakistan-india/welivesecurity.com-Targeted%20information%20stealing%20attacks%20in%20South%20Asia%20use%20email%20signed%20binaries.pdf +2013-05-20,aae01ca44ca11f33692bcfd9a20e36105ddfa2b9,NS-Unveiling-an-Indian-Cyberattack-Infrastructure_FINAL_Web,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.05.20.Operation_Hangover/NS-Unveiling-an-Indian-Cyberattack-Infrastructure_FINAL_Web.pdf +2013-05-20,dd9dacb6b9bc34a2410f9c8fb3a5f04fdce77f29,circl-analysisreport-miniduke-stage3-public,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.05.20.Miniduke.Analysis/circl-analysisreport-miniduke-stage3-public.pdf +2013-05-20,e2631efe178d16691329f27a853a41a48387bfc4,Norman_HangOver report_Executive Summary_042513,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.05.20.Operation_Hangover/Norman_HangOver%20report_Executive%20Summary_042513.pdf +2013-05-20,e380c69559eec4bdcef286fd56ebf86f35d640d1,Unveiling_an_Indian_Cyberattack_Infrastructure,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.05.20.Operation_Hangover/Unveiling_an_Indian_Cyberattack_Infrastructure.pdf +2013-05-20,ffdfed40c5b1e08a6469c2f38e6a51347a37dd1b,Unveiling an Indian Cyberattack Infrastructure - appendixes,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.05.20.Operation_Hangover/Unveiling%20an%20Indian%20Cyberattack%20Infrastructure%20-%20appendixes.pdf +2013-06-01,31d750b3565b65c43533a87bf7aa72c41258f9a0,2013-9,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.06.01.cyber_conflict_Oil_Gas/2013-9.pdf +2013-06-04,4fd06d33aa1a087709277eb71d204e2fbf8b9243,kaspersky-the-net-traveler-part1-final,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.06.04.NetTraveller/kaspersky-the-net-traveler-part1-final.pdf +2013-06-07,9a2de0730e62aa24cdff1d1920b9535d1795be7e,KeyBoy_Vietnam_India,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.06.07.KeyBoy_APT/KeyBoy_Vietnam_India.pdf +2013-06-18,c6e80e76bca03538a2dfd2aac2e4120fdab6f4fc,Trojan.APT.Seinup,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.06.18.APT_Seinup/Trojan.APT.Seinup.pdf +2013-06-21,283e853a69cddd4b59b35fcc2a75205b1deb9b69,19-2013-acalltoharm,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.06.21.Syrian_Attack/19-2013-acalltoharm.pdf +2013-06-28,214daebe12ae36a91e13c83e820bb2e20b560828,fta-1009---njrat-uncovered-1,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.06.28.njRAT_Uncovered/fta-1009---njrat-uncovered-1.pdf +2013-06-28,d4c015f0cc390e3c632face2a66323cd7c4b3afe,Dark_Seoul_Cyberattack,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.00.00.Dark_Seoul_Cyber_Attack/Dark_Seoul_Cyberattack.pdf +2013-07-01,11b8d957363188bd334bd88b1f5630abc263523b,kashifali.ca-Targeted Campaign Steals Credentials in Gulf States and Caribbean,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.07.01.Gulf_States_APT/kashifali.ca-Targeted%20Campaign%20Steals%20Credentials%20in%20Gulf%20States%20and%20Caribbean.pdf +2013-07-15,9a7978041e795b788d86c52a477160dae296413b,Plugx_Smoaler,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.07.15.PlugX_Smoaler/Plugx_Smoaler.pdf +2013-07-25,14a7756b3080f5f71723cd1f49392f71f5cef4f1,energy-at-risk,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.00.00.Energy_at_Risk/energy-at-risk.pdf +2013-07-31,05f1beceab73155d552a5ee919aebc4c8e92c609,US-13-Yarochkin-In-Depth-Analysis-of-Escalated-APT-Attacks-Slides,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.07.31.Hunting_the_Shadows/US-13-Yarochkin-In-Depth-Analysis-of-Escalated-APT-Attacks-Slides.pdf +2013-07-31,86061f7d1994ebb7b8b7eb640b041fb1342adac5,Secrets_of_the_Comfoo_Masters,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.07.31.ecrets_of_the_Comfoo_Masters/Secrets_of_the_Comfoo_Masters.pdf +2013-08-02,665c6ace0a9175735f6cdb656e79287f5a53e072,India_Pak_Tranchulas,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.08.02.Smoke_Fire_South_Asian_Cyber_Espionage/India_Pak_Tranchulas.pdf +2013-08-02,6b624d6d80b412a10260344f244ed93e3718e003,Surtr_Malware_Tibetan,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.08.02.Surtr_Targeting_Tibetan/Surtr_Malware_Tibetan.pdf +2013-08-06,886b0ab831a5084de7d80355b7578a9a9999fc88,Inside_Report_by_Infosec_Consortium,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.00.00.APT_Attacks_on_Indian_Cyber_Space/Inside_Report_by_Infosec_Consortium.pdf +2013-08-19,4b6cc1420b5d641564c9895882a5ba97d18137be,ByeBye_Shell_target,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.08.19.ByeBye_Shell/ByeBye_Shell_target.pdf +2013-08-21,0f1f4905addf483d71c42d0e59bd97f762559b80,PIVY-Appendix,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.08.21.POISON_IVY/PIVY-Appendix.pdf +2013-08-21,1b76c3788fd81d1f5acacb1cfb429e08cad98e1c,rpt-poison-ivy,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.08.21.POISON_IVY/rpt-poison-ivy.pdf +2013-08-23,9b5acf068da8b4a28ff995eaf542d798b58eabef,fireeye.com-Operation Molerats Middle East Cyber Attacks Using Poison Ivy,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.08.23.Operation_Molerats/fireeye.com-Operation%20Molerats%20Middle%20East%20Cyber%20Attacks%20Using%20Poison%20Ivy.pdf +2013-09-06,52d49ad4a638382c49d28dce427c5723ebd8abd3,evasive-tactics-taidoor-3,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.09.06.EvasiveTactics_Taidoor/evasive-tactics-taidoor-3.pdf +2013-09-11,64f98d4c515e31f68c6e7fdf442753a6af8c0bee,Kimsuky,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.09.11.Kimsuky_Operation/Kimsuky.pdf +2013-09-17,e4aa40ce1a865021e0b178a4c444126743335d32,hidden_lynx,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.09.17.Hidden_Lynx/hidden_lynx.pdf +2013-09-19,f69e4d23674d06ee459d2abbecc5f3f4cbd58047,2q-report-on-targeted-attack-campaigns,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.09.19.EvilGrab/2q-report-on-targeted-attack-campaigns.pdf +2013-09-21,21a5b79498a242f6869649cb808d02366dba6e89,Operation_DeputyDog,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.09.21.Operation_DeputyDog/Operation_DeputyDog.pdf +2013-09-25,751d00dab0fac4c2b0d1c140e9897fb99a399be1,icefog,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.09.25.ICEFROG_APT/icefog.pdf +2013-10-24,a899d6713da1b9da8aa77cb3db5360b4e8574b5c,wp-fakem-rat,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.10.24.FakeM_RAT/wp-fakem-rat.pdf +2013-10-25,9a4dcfa7178cccc6283a92bc768be1374eb347f9,FireEye-Terminator_RAT,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.10.25.Terminator_RAT/FireEye-Terminator_RAT.pdf +2013-11-10,1bf6c5eaaf996f463b25837c15b400c895862419,Operation_EphemeralHydra,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.11.10.Operation_Ephemeral_Hydra/Operation_EphemeralHydra.pdf +2013-11-14,8a3a657ac02569c1324ade4cca562ae8c5781f94,fireeye-china-chopper-report,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.00.00.China_Chopper_Web_Shell/fireeye-china-chopper-report.pdf +2013-12-02,a8f9bc957ae0ee7e38a2cefb83afff0b1bd68422,FTA 1010 - njRAT The Saga Continues,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.12.02.njRAT_Saga_Continues/FTA%201010%20-%20njRAT%20The%20Saga%20Continues.pdf +2013-12-11,902c5b2eb9cb486171b24ca60681aea5eecdb270,NormanShark-MaudiOperation,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.06.00.Maudi_Surveillance_Operation/NormanShark-MaudiOperation.pdf +2013-12-12,b670b7a7904baded891a4c6e7afe692998989668,fireeye-operation-ke3chang,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.12.12.Operation_Ke3chang/fireeye-operation-ke3chang.pdf +2013-12-20,dc92b79b353eb0e47e71216f3fa1f0c6167e29e7,ETSO_APT_Attacks_Analysis,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.12.20.ETSO/ETSO_APT_Attacks_Analysis.pdf +2014-01-06,c2858ffd02ad542ed014c93de03d1dda17a65ca9,airbus-cyber-security.com-PlugX some uncovered points,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.01.06.PlugX/airbus-cyber-security.com-PlugX%20some%20uncovered%20points.pdf +2014-01-13,8421ef67d1e6dcc277f07f39f86e21fd89cf1d5a,targeted_attacks_against_the_energy_sector,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.01.13.Targeted_Attacks_Energy_Sector/targeted_attacks_against_the_energy_sector.pdf +2014-01-14,3cf67c051ba29f706367860714b2c7ce56889ea6,securelist.com-The Icefog APT Hits US Targets With Java Backdoor,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.01.14.Icefog_APT/securelist.com-The%20Icefog%20APT%20Hits%20US%20Targets%20With%20Java%20Backdoor.pdf +2014-01-15,9767abff87b137695ab8481729ed7130499a0c80,FTA 1001 FINAL 1.15.14,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.01.15.Sneakernet_Trojan/FTA%201001%20FINAL%201.15.14.pdf +2014-01-21,ec6771a81e830f50c2d54b26dc0f6a642439ee09,h12756-wp-shell-crew,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.01.21.Shell_Crew/h12756-wp-shell-crew.pdf +2014-01-31,036b1154d4cc2de08dc647eb743c6b4c9d860902,FTA 1011 Follow UP,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.01.31.Sneakernet_Trojan/FTA%201011%20Follow%20UP.pdf +2014-02-11,1e4c8aef818d7d0e950974b6c9d2a792969e3a94,unveilingthemask_v1.0,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.02.11_Careto_APT/unveilingthemask_v1.0.pdf +2014-02-13,114583db8690cd01c60d5758dbe2e2dc1e96fb25,Operation_SnowMan,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.02.13_Operation_SnowMan/Operation_SnowMan.pdf +2014-02-19,186d7913fe80c35a06e76a5c8fd08520f43b4246,XtremeRAT_fireeye,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.02.19.XtremeRAT/XtremeRAT_fireeye.pdf +2014-02-19,9b66a35bea35d963d1ff07cab2a3914b38e24257,The_Monju_Incident,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.02.19.Monju_Incident/The_Monju_Incident.pdf +2014-02-20,4b2a0cb6ff2c622a8b31608757008a9a225cf796,Mo' Shells Mo' Problems - Network Detection »,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.02.20.deep-panda-webshells/Mo%27%20Shells%20Mo%27%20Problems%20-%20Network%20Detection%20%C2%BB.pdf +2014-02-20,76a6ea858e3524682ad3ee30251003228db50fb3,deep-panda-webshells,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.02.20.deep-panda-webshells/deep-panda-webshells.pdf +2014-02-20,7bd2229f4908ae1cd6b4e19c21d709948c3616ed,Mo' Shells Mo' Problems - Web Server Log Analysis »,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.02.20.deep-panda-webshells/Mo%27%20Shells%20Mo%27%20Problems%20-%20Web%20Server%20Log%20Analysis%20%C2%BB.pdf +2014-02-20,c7afca26feabcb0374cbbe2cee010696212d4f85,Mo' Shells Mo' Problems - File List Stacking »,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.02.20.deep-panda-webshells/Mo%27%20Shells%20Mo%27%20Problems%20-%20File%20List%20Stacking%20%C2%BB.pdf +2014-02-20,e162b0015a753a6d85a13296e601c31271868b1f,Operation_GreedyWonk,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.02.20.Operation_GreedyWonk/Operation_GreedyWonk.pdf +2014-02-23,d31648d83d04cc22669f21fa92ee48345e76e062,FTA 1012 STTEAM Final,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.02.23.Operation_STTEAM/FTA%201012%20STTEAM%20Final.pdf +2014-02-25,6337243d45dc72d75d01f74a699b6a240cbbc8f3,french-connection-french-aerospace-focused-cve-2014-0322-attack-shares-similarities-2012,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.02.25.The_French_Connection/french-connection-french-aerospace-focused-cve-2014-0322-attack-shares-similarities-2012.pdf +2014-02-28,917691a4f8af50a09926f97bf1be2e0cb71f8c68,GData_Uroburos_RedPaper_EN_v1,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.02.28.Uroburos/GData_Uroburos_RedPaper_EN_v1.pdf +2014-03-06,1e1f0c599eb1c22360cb9bf8bc30399050e3764b,The_Siesta_Campaign,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.03.06.The_Siesta_Campaign/The_Siesta_Campaign.pdf +2014-03-07,0849ce1f0272c4604d47e464ab56cad0b5b60263,snake_whitepaper,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.03.07.Snake_Campaign/snake_whitepaper.pdf +2014-03-08,94d04c5da4ed33cd78d033ad371aa8472e53d701,Reuters_Turla,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.03.08.Russian_spyware_Turla/Reuters_Turla.pdf +2014-03-12,ca792ed076f91a730d524c06b9224ee0c47908c0,a-detailed-examination-of-the-siesta-campaign,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.03.12.Detailed_Siesta_Campaign/a-detailed-examination-of-the-siesta-campaign.pdf +2014-04-26,829bf301061a9a6358c233ca5aa459439fc0aec8,Op_Clandestine_Fox,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.04.26.Operation_Clandestine_Fox/Op_Clandestine_Fox.pdf +2014-05-13,41c3f02fe289ddb0d0c5a010f5865b58da939b1c,fireeye-operation-saffron-rose,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.05.13.Operation_Saffron_Rose/fireeye-operation-saffron-rose.pdf +2014-05-13,e743ba5074212801ce09ee640730028ab8f41d48,CrowdStrike_Flying_Kitten,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.05.13.Flying.Kitten/CrowdStrike_Flying_Kitten.pdf +2014-05-20,91c2cdb099060388dd93b0e440a3ff4dff5fd622,Miniduke_twitter,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.05.20.Miniduke_Twitter_CnC/Miniduke_twitter.pdf +2014-05-21,b1e45b08bfa1db986e1e643291d250a0cda1988c,FTA_1013_RAT_in_a_jar,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.05.21.Unrecom_Rat/FTA_1013_RAT_in_a_jar.pdf +2014-05-28,21b1c09cef5d6e3b56b8ffe97b7717075914ea4d,newscaster-iranian-threat-inside-social-media,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.05.28.NewsCaster_An_Iranian_Threat_Within_Social_Networks/newscaster-iranian-threat-inside-social-media.pdf +2014-05-28,385401637a142e78aec0978f29971c6d35e74e97,file-2581720763-pdf,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.05.28.NewsCaster_An_Iranian_Threat_Within_Social_Networks/file-2581720763-pdf.pdf +2014-05-28,7dc9b7bbe8ba2d0ca2579d6ca1a60d84c1773a07,Iranian Hackers Targeted US Officials in Elaborate Social Media Attack Operation _ SecurityWeek,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.05.28.NewsCaster_An_Iranian_Threat_Within_Social_Networks/Iranian%20Hackers%20Targeted%20US%20Officials%20in%20Elaborate%20Social%20Media%20Attack%20Operation%20_%20SecurityWeek.pdf +2014-06-06,51bb16ba51be3c144ac9e09a68732cbe0bb785d5,ASERT-Threat-Intelligence-Brief-2014-07-Illuminating-Etumbot-APT,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.06.06.Etumbot_APT_Backdoor/ASERT-Threat-Intelligence-Brief-2014-07-Illuminating-Etumbot-APT.pdf +2014-06-09,ddadffb91053c4d19590e2035c8eeed14fceca60,putter-panda,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.06.09.Putter_Panda/putter-panda.pdf +2014-06-20,292359e869860f8308c2cf789986fe7c12502553,Compromise_Greece_Beijing,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.06.20.Embassy_of_Greece_Beijing/Compromise_Greece_Beijing.pdf +2014-06-30,1856b8232153c3cc879662288b34b4a660586a9a,Dragonfly_Threat_Against_Western_Energy_Suppliers,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.06.30.Dragonfly/Dragonfly_Threat_Against_Western_Energy_Suppliers.pdf +2014-07-07,1d53861aafea11d9a60e798b90d623c8e7c7b9e7,AdversaryIntelligenceReport_DeepPanda_0,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.07.07.Deep_in_Thought/AdversaryIntelligenceReport_DeepPanda_0.pdf +2014-07-07,f9e86e04d2b5c8a28ec4e69ec9f8ea15c46892ad,Deep in Thought_ Chinese Targeting of National Security Think Tanks »,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.07.07.Deep_in_Thought/Deep%20in%20Thought_%20Chinese%20Targeting%20of%20National%20Security%20Think%20Tanks%20%C2%BB.pdf +2014-07-10,7f3e46c42095721ba79b1a47e26e662eb7492057,circl-tr25-analysis-turla-pfinet-snake-uroburos,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.07.10.Turla_Pfinet_Snake_Uroburos/circl-tr25-analysis-turla-pfinet-snake-uroburos.pdf +2014-07-10,bd1794d152f04add2aef937826a9cf949c4b25ab,TrapX_ZOMBIE_Report_Final,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.07.10.Zombie_Zero/TrapX_ZOMBIE_Report_Final.pdf +2014-07-11,5526b79c5b9c4b25689cd3dcb8799a510d7e668e,The-Eye-of-the-Tiger2,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.07.11.Pitty_Tiger/The-Eye-of-the-Tiger2.pdf +2014-07-11,d5a6d2366c4973f06e95bb1201747d0175321952,Pitty_Tiger_Final_Report,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.07.11.Pitty_Tiger/Pitty_Tiger_Final_Report.pdf +2014-07-20,591cef00735f510079e0fe4bd0067ca0150fd004,Sayad_Flying_Kitten_analysis,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.07.20.Flying_Kitten/Sayad_Flying_Kitten_analysis.pdf +2014-07-29,45dd6ce01a6507712481dd428663f5fad1753466,group-3279-targets-the-video-game-industry,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.07.29.Threat_Group-3279_Targets_the_Video_Game_Industry/group-3279-targets-the-video-game-industry.pdf +2014-07-31,142d4447504e30012d98fea16831f2363c62c5ca,EB-YetiJuly2014-Public,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.07.31.Energetic_Bear/EB-YetiJuly2014-Public.pdf +2014-07-31,a53ce340535461cc92e274f7c5bfb0d8653d5087,Kaspersky_Lab_crouching_yeti_appendixes_eng_final,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.07.31.Energetic_Bear/Kaspersky_Lab_crouching_yeti_appendixes_eng_final.pdf +2014-08-04,0e5301e830d7b19600b2d110115d7c0f0ab86b02,fireeye-sidewinder-targeted-attack,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.08.04.Sidewinder_GoldenAge/fireeye-sidewinder-targeted-attack.pdf +2014-08-05,2a38d54d1d345d079325d3180c5f0eb8f5d60f8a,ThreatConnect_Operation_Arachnophobia_Report,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.08.05.Operation_Arachnophobia/ThreatConnect_Operation_Arachnophobia_Report.pdf +2014-08-06,73f54d632b5616db3a5977c1514640e19279c056,Operation_Poisoned_Hurricane,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.08.06.Operation_Poisoned_Hurricane/Operation_Poisoned_Hurricane.pdf +2014-08-07,63e36939c3f90c4ca9d492b03cf04d9f03a4ec2f,KL_Epic_Turla_Technical_Appendix_20140806,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.08.07.Epic_Turla_Operation_Appendix/KL_Epic_Turla_Technical_Appendix_20140806.pdf +2014-08-07,cecdff97a0dc514f5075029538a42f1cb4036210,The_Epic_Turla_Operation,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.08.07.Epic_Turla_Operation_Appendix/The_Epic_Turla_Operation.pdf +2014-08-12,5f17e7b886d2388ffc134157dd1b66aa65372b59,NYTimes_Attackers_Evolve_Quickly,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.08.12.New_York_Times_Attackers/NYTimes_Attackers_Evolve_Quickly.pdf +2014-08-13,34c2b718869354a588ee602f41be77e553346c5d,sec14-paper-blond,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.08.13.TargetAttack.NGO/sec14-paper-blond.pdf +2014-08-13,bd899a1e63cdbe03e2e42e4b3f8c91f426a1e2cd,rpt-operation-saffron-rose,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.00.00.OPERATION_SAFFRON_ROSE/rpt-operation-saffron-rose.pdf +2014-08-13,fe2f8d32688a104ca4e6ba595f647dfa479ece44,Targeted_Attacks_Lense_NGO,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.08.13.TargetAttack.NGO/Targeted_Attacks_Lense_NGO.pdf +2014-08-16,194656e774aaacb86ae2c48f0c894e82ec68a833,HPSR SecurityBriefing_Episode16_NorthKorea,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.08.16.North_Korea_cyber_threat_landscape/HPSR%20SecurityBriefing_Episode16_NorthKorea.pdf +2014-08-18,5ceee60079796aa518c5e490feaca4a0d78c031b,KL_report_syrian_malware,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.08.18.Syrian_Malware_House_of_Cards/KL_report_syrian_malware.pdf +2014-08-18,c37138f865175952f8b96ea057aa1c9a2cb207cc,The Syrian Malware House of Cards - Securelist,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.08.18.Syrian_Malware_House_of_Cards/The%20Syrian%20Malware%20House%20of%20Cards%20-%20Securelist.pdf +2014-08-20,2bf418f3786cd274b9031a2297313f044054bdfd,El_Machete,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.08.20.El_Machete/El_Machete.pdf +2014-08-25,81af95b9c1e39a49440ea901f059dd19bbac158c,blog.malwaremustdie.org-Another country-sponsored malware Vietnam APT Campaign,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.08.25.Vietnam_APT/blog.malwaremustdie.org-Another%20country-sponsored%20malware%20Vietnam%20APT%20Campaign.pdf +2014-08-27,c264921f168c1cf344cd493d10aeebf92f80fb0c,NetTraveler_Makeover_10th_Birthday,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.08.27.NetTraveler/NetTraveler_Makeover_10th_Birthday.pdf +2014-08-28,28c56a1e795cd404308274424d10edcc3e9b4339,Alienvault_Scanbox,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.08.28.Scanbox_Framework_Watering_Hole_Attack/Alienvault_Scanbox.pdf +2014-08-29,543e0df8b308a9383f86d4314d93b5a2e718bd42,Syrian_Malware_Team_BlackWorm,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.08.29.BlackWorm_Syrian/Syrian_Malware_Team_BlackWorm.pdf +2014-08-30,eda271027851f85761cc18cfc766b99e298a28d8,rpt-china-chopper,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2013/2013.00.00.China_Chopper_Web_Shell/rpt-china-chopper.pdf +2014-09-03,c24ba893644a149a1f05432c392a716251dca72f,Darwin_fav_APT_Group,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.09.03.Darwin_APT/Darwin_fav_APT_Group.pdf +2014-09-04,850ce69b276f4726de382eabcffa8cb8d68cecfc,Chinese_MITM_Google,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.09.04.Analysis_of_Chinese_MITM_on_Google/Chinese_MITM_Google.pdf +2014-09-04,b4c64e64f6309c0f424cdf0cdf449576f36cee16,XSLCmd_OSX,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.09.04.XSLCmd_OSX/XSLCmd_OSX.pdf +2014-09-04,d78156c4a19f70d219ed76526769d4d5f141a4ed,Gholee_Protective_Edge_themed_spear_phishing_campaign,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.09.04.Gholee/Gholee_Protective_Edge_themed_spear_phishing_campaign.pdf +2014-09-08,2cfbb7b89a5e220b21bbf64161dc880c1b644017,sec14-paper-marczak,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.09.08.When_Governments_Hack_Opponents/sec14-paper-marczak.pdf +2014-09-08,7aa450d7e2b43175590a1ee2c94f5342152cfc56,sec14-paper-hardy,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.09.08.Targeted_Threat_Index/sec14-paper-hardy.pdf +2014-09-10,bf937bb2315901541521f00abce8d441d272da16,fireeye-operation-quantum-entanglement,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.09.10.Operation_Quantum_Entanglement/fireeye-operation-quantum-entanglement.pdf +2014-09-17,01805ba02d4a62aaa891260cf3f7f5f3704935e7,SASC_Cyberreport_091714,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.09.17.Chinese_APT_defense_contractors/SASC_Cyberreport_091714.pdf +2014-09-17,1f89e8ba75a9e4d5d957fadc71074bfe1d53b2a9,armed-services.senate.gov-Press Release Press United States Commitee on Armed Services,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.09.17.Chinese_APT_defense_contractors/armed-services.senate.gov-Press%20Release%20%20Press%20%20United%20States%20Commitee%20on%20Armed%20Services.pdf +2014-09-18,f726486a5cc1e42d2030b07d56f87983814226c7,cosmicduke_whitepaper,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.09.18.COSMICDUKE/cosmicduke_whitepaper.pdf +2014-09-19,7fc85f6c70527da8b2c4e6a32e1d4e18c007fcb6,th3bug_Watering_Hole_PoisonIvy,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.09.19.th3bug_Poison_Ivy/th3bug_Watering_Hole_PoisonIvy.pdf +2014-09-26,83adcb352168b2d345155cf4ec7bbc876bb89849,Aided_Frame_Aided_Direction,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.09.26.Aided_Frame_Aided_Direction/Aided_Frame_Aided_Direction.pdf +2014-09-26,efd7b3a3a2bf6e3976411347dc9101fea70c9405,blackenergy_whitepaper,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.09.26.BlackEnergy_Quedagh/blackenergy_whitepaper.pdf +2014-10-03,bc4cef4cabbcf83dbc1c72f736acb6207b260216,PAN_Nitro,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.10.03.Nitro_APT/PAN_Nitro.pdf +2014-10-09,9439561abc998b7f0f733142bc44f717b2615374,Democracy_HongKong_Under_Attack,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.10.09.Democracy_Hong_Kong_Under_Attack/Democracy_HongKong_Under_Attack.pdf +2014-10-14,20dd2aaae24812d78cd1c5e32c68b7998e00e0ca,Group_72,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.10.14.Group_72/Group_72.pdf +2014-10-14,5c4415913a16a0331600816bb4cf8a1954e743dd,Hikit_Analysis-Final,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.10.14.Hikit_Preliminary_Analysis/Hikit_Analysis-Final.pdf +2014-10-14,cccc6053fa78cef9f8a28efdaa07c8cfa6a73cc2,Sandworm_briefing2,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.10.14.Sandworm/Sandworm_briefing2.pdf +2014-10-14,d246e3075bbd31f04b2a6efb53ad7d9e9faa0e96,Derusbi_Server_Analysis-Final,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.10.14.Derusbi_Analysis/Derusbi_Server_Analysis-Final.pdf +2014-10-14,d24ff42b2d02ba406d46f3912f1f7bd2d38b6113,ZoxPNG_Full_Analysis-Final,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.10.14.ZoxPNG/ZoxPNG_Full_Analysis-Final.pdf +2014-10-20,13a055fe7be7e55dcce0035eaf1990fbe8406c98,OrcaRAT,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.10.20.OrcaRAT_tale/OrcaRAT.pdf +2014-10-22,4ff4b93665664603623bc7001e3ca961b8b78b9f,wp-operation-pawn-storm,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.10.22.Operation_Pawn_Storm/wp-operation-pawn-storm.pdf +2014-10-22,643c7e975121b4614156fc4f29de09b4fd1f0026,tactical-intelligence-bulletin---sofacy-phishing-,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.10.22.Sofacy_Phishing/tactical-intelligence-bulletin---sofacy-phishing-.pdf +2014-10-23,c0708a3efcf32d02cfb5348f87fe140ae6f470e8,Modified_Binaries_Tor,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.10.23.Modified_Binaries/Modified_Binaries_Tor.pdf +2014-10-23,ffac1bcec0a990cdf9e995766efd19b473e4785a,leviathansecurity.com-The Case of the Modified Binaries,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.10.23.Modified_Binaries/leviathansecurity.com-The%20Case%20of%20the%20Modified%20Binaries.pdf +2014-10-24,4bd6fa0c0a85f9041cecd54d722decdb4e817fe0,LeoUncia_OrcaRat,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.10.24.LeoUncia_and_OrcaRat/LeoUncia_OrcaRat.pdf +2014-10-27,20fa586304cbbfaf23453c1bbe7033de398bd9fb,Micro-Targeted-Malvertising-WP-10-27-14-1,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.10.27.Micro-Targeted_Malvertising/Micro-Targeted-Malvertising-WP-10-27-14-1.pdf +2014-10-27,50b165c213697facb2410591c3ddf772b95fc805,ICS_Havex_backdoors,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.10.27.Havex_Trojans/ICS_Havex_backdoors.pdf +2014-10-27,c264d97adeb81f59b0642de9a782f6fe545ed062,pwc_ScanBox_framework,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.10.27.ScanBox_framework/pwc_ScanBox_framework.pdf +2014-10-28,116309e7121bc8b0e66e4166c06f7b818e1d3629,Group72_Opening_ZxShell,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.10.28.Group_72_ZxShell/Group72_Opening_ZxShell.pdf +2014-10-28,1d9b39654f8c7678b3e2c30e378b2e14021b5d44,apt28,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.10.28.APT28/apt28.pdf +2014-10-30,23f0de5e628eccdfc670412485653f3662ab5594,sophos-rotten-tomato-campaign,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.10.30.Rotten_Tomato_Campaign/sophos-rotten-tomato-campaign.pdf +2014-10-31,85fcdce7427c13906658f1835acaef7103c22ad3,GDATA_TooHash_CaseStudy_102014_EN_v1,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.10.31.Operation_TooHash/GDATA_TooHash_CaseStudy_102014_EN_v1.pdf +2014-11-03,15daf73d022246964c2938a889361aba40e7d08b,BlackEnergy2_Plugins_Router,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.11.03.BlackEnergy2_APT/BlackEnergy2_Plugins_Router.pdf +2014-11-03,40674e70c595d30f19b2c2636ed7d9dc6b146e8e,Operation_Poisoned_Handover,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.11.03.Operation_Poisoned_Handover/Operation_Poisoned_Handover.pdf +2014-11-10,abddcfeac71a991c480810c82d7e972c74251329,darkhotelappendixindicators_kl,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.11.10.Darkhotel/darkhotelappendixindicators_kl.pdf +2014-11-10,dc84757c3d42d2a384b2022e50addce8eb1dd0df,darkhotelappendixindicators_kl_1.1,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.11.10.Darkhotel/darkhotelappendixindicators_kl_1.1.pdf +2014-11-10,dfd64e9a601283c76ae3f28875166695dc354a21,darkhotel_kl_07.11,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.11.10.Darkhotel/darkhotel_kl_07.11.pdf +2014-11-11,96173322b936132aa4cdc0328e4a247d40ae5152,The_Uroburos_case,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.11.11.ComRAT/The_Uroburos_case.pdf +2014-11-12,b336dd349c5b4620f04d98b90282c7ae900a3a42,Korplug_Afghanistan_Tajikistan,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.11.12.Korplug/Korplug_Afghanistan_Tajikistan.pdf +2014-11-13,a4520f8f85d13aa469ff3e1b6d333e4c9a290e7a,Operation_CloudyOmega_Ichitaro,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.11.13.Operation_CloudyOmega/Operation_CloudyOmega_Ichitaro.pdf +2014-11-14,9d116269da44e22cc6f1496570bb4d56f7cc277b,roaming_tiger_zeronights_2014,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.11.14.Roaming_Tiger/roaming_tiger_zeronights_2014.pdf +2014-11-14,c50a95070633ecc76898b9f16ded848414747156,OnionDuke_Tor,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.11.14.OnionDuke/OnionDuke_Tor.pdf +2014-11-20,814556f1a03e93364f4dc54555cb27549288e061,EvilBunny_Suspect4_v1.0,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.11.20.EvilBunny/EvilBunny_Suspect4_v1.0.pdf +2014-11-21,e8fcb14805853185b36093119094085f0f7f86a2,OperationDoubleTap,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.11.21.Operation_Double_Tap/OperationDoubleTap.pdf +2014-11-24,02be2ef6587e940656cde835354d0073c4dce232,DEEP_PANDA_Sakula,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.11.24.Ironman/DEEP_PANDA_Sakula.pdf +2014-11-24,40f76477ba1f453b341743b53113ebd705c1bb75,regin-analysis,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.11.24.Regin_Top-tier_espionage/regin-analysis.pdf +2014-11-24,50be553c398b512ddd9741a0ab0350dccd600a3b,Regin_The_Intercept,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.11.24.Regin_TheIntercept/Regin_The_Intercept.pdf +2014-11-24,5bbf6a633076473dc4b2afb6d166c8caa84463e4,Kaspersky_Lab_whitepaper_Regin_platform_eng,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.11.24.Regin_Platform/Kaspersky_Lab_whitepaper_Regin_platform_eng.pdf +2014-11-24,6f37ce8764f92cb554d200a8cebfd5da1b8a4119,ironman-deep-panda-uses-sakula-malware-target-organizations-multiple-sectors,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.11.24.Ironman/ironman-deep-panda-uses-sakula-malware-target-organizations-multiple-sectors.pdf +2014-11-30,e5e09d247f5d25d7c960a3ef3231cef9d59a2b61,rpt-fin4,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.11.30.FIN4/rpt-fin4.pdf +2014-12-02,eab03ae476c002161e00411d136b311a6b434745,Cylance_Operation_Cleaver_Report,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.12.02.Operation_Cleaver/Cylance_Operation_Cleaver_Report.pdf +2014-12-05,741f2f131cf70bb62cd9ba3a4a298b12a5a74877,blogs.blackberry.com-Operation Cleaver The Notepad Files,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.12.05.Operation_Cleaver/blogs.blackberry.com-Operation%20Cleaver%20The%20Notepad%20Files.pdf +2014-12-08,dc20be49cbcecaf38bde2105a54580eb96605c25,Turla_2_Penquin,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.12.08.Penquin_Turla/Turla_2_Penquin.pdf +2014-12-09,975c44773b456562f9ab5f9986c2102a21b618bd,bcs_wp_InceptionReport_EN_v12914,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.12.09_The_Inception_Framework/bcs_wp_InceptionReport_EN_v12914.pdf +2014-12-10,62d5fdb316ad5b0c5e3afb5919785df4c557f25b,w32_regin_stage_1,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.12.10.W32_Regin/w32_regin_stage_1.pdf +2014-12-10,a9970d82d1b539ee63838619fcb9aaaae5f0c51d,CloudAtlas_RedOctober_APT,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.12.10.RedOctober_APT/CloudAtlas_RedOctober_APT.pdf +2014-12-10,c5355707644b6948069345e2e8bac429e39f882d,w64_regin_stage_1,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.12.10.W64_Regin/w64_regin_stage_1.pdf +2014-12-10,fefd7ff6b2b254bd2e05784b51758c5d90acc06f,korea_power_plant_wiper,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.12.10_South_Korea_MBR_Wiper/korea_power_plant_wiper.pdf +2014-12-12,92f526d9a5e14080fdbec90ba2385617bbf19a10,FTA_1014_Bots_Machines_and_the_Matrix,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.12.12.Bots_Machines_and_the_Matrix/FTA_1014_Bots_Machines_and_the_Matrix.pdf +2014-12-12,ae90917c7abe0c38ae289be9589f04c6fa7184c0,Vinself_steganography,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.12.12.Vinself/Vinself_steganography.pdf +2014-12-17,f7db20ae4b3f4784a3b4ac346424872858370a18,Wiper_Malware,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.12.17.Wiper_Malware_Deep_Dive/Wiper_Malware.pdf +2014-12-18,d0f24df94063d28e13c08fd2aeb9522034da3dea,Targeting_Syrian_ISIS_Critics,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.12.18.Syrian_ISIS_Critics/Targeting_Syrian_ISIS_Critics.pdf +2014-12-19,0e575c64a7603a1709b1ae37e286f420128d2096,TA14-353A_wiper,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.12.19.Targeted_Destructive_Malware/TA14-353A_wiper.pdf +2014-12-21,1a4508469960b248ba713cecf34653c59fd460f1,operation-poisoned-helmand,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.12.21.Operation_Poisoned_Helmand/operation-poisoned-helmand.pdf +2014-12-22,c1b7c2bec86e8edf8bba650c6fa506319198e3c3,Anunak_APT_against_financial_institutions,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2014/2014.12.22.Anunak_APT/Anunak_APT_against_financial_institutions.pdf +2015-01-11,2aa6e47d8b9549b8ca2ea62db6384bb4db682bcf,DTL-12012015-01,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.01.11.Hong_Kong_SWC_Attack/DTL-12012015-01.pdf +2015-01-12,28f35f4b95e66030cf2a330bae394bbf8805b34f,Skeleton_Key_Analysis,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.01.12.skeleton-key-malware-analysis/Skeleton_Key_Analysis.pdf +2015-01-15,cde02057689886c29438815cbeed8ebe860a0ab2,Agent.BTZ_to_ComRAT,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.01.15.Evolution_of_Agent.BTZ_to_ComRAT/Agent.BTZ_to_ComRAT.pdf +2015-01-20,486a65ba17141147d3d9fff2a0c26109edf78fab,Inception_APT_Analysis_Bluecoat,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.01.20.Reversing_the_Inception_APT_malware/Inception_APT_Analysis_Bluecoat.pdf +2015-01-20,6df16b7ff93a44fcbec3b656645631b864175bcf,Project_Cobra_Analysis,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.01.20.Project_Cobra/Project_Cobra_Analysis.pdf +2015-01-22,247676579b83264faf32e171f9187bbdbb057c7f,Scarab_Russian,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.01.22.Scarab_attackers_Russian_targets/Scarab_Russian.pdf +2015-01-22,630eea3f1bc9158570c53d70fc70b31003305f5c,Regin_Hopscotch_Legspin,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.01.22.Regin_Hopscotch_and_Legspin/Regin_Hopscotch_Legspin.pdf +2015-01-22,d6b2e4dba3b801252a62e0dade5c8ab71d2eefb1,waterbug-attack-group,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.01.22.Waterbug.group/waterbug-attack-group.pdf +2015-01-27,54c39c3b9a25c6fd9e4b8ed7ea672a095d2af31e,Comparing_Regin_Qwerty,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.01.27.QWERTY_keylog_Regin_compare/Comparing_Regin_Qwerty.pdf +2015-01-29,c9a33400ab60741ff0c77a9829f3e04cfe39f2d2,Backdoor.Winnti_Trojan.Skelky,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.01.29.Backdoor.Winnti_attackers/Backdoor.Winnti_Trojan.Skelky.pdf +2015-01-29,d2e17e228e02df878f807b112f78afdc13cc6bca,P2P_PlugX_Analysis,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.01.29.P2P_PlugX/P2P_PlugX_Analysis.pdf +2015-02-02,4751fe686fb4e305ef49296f46ac33139114232b,rpt-behind-the-syria-conflict,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.02.02.behind-the-syria-conflict/rpt-behind-the-syria-conflict.pdf +2015-02-04,4e645016b3627272cceb28a3b8bbba536eb9a6b4,PawnStorm_iOS,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.02.04.Pawn_Storm_Update_iOS_Espionage/PawnStorm_iOS.pdf +2015-02-10,86f4a308b99a2a9cb335dc06457dd09399c05a29,GlobalThreatIntelReport,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.02.10.CrowdStrike_GlobalThreatIntelReport_2014/GlobalThreatIntelReport.pdf +2015-02-16,2eaf12b4859972d4017f16086f98412e16da9c95,blog_equation-the-death-star,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.02.16.equation-the-death-star/blog_equation-the-death-star.pdf +2015-02-16,41aa5bd1ed03d80650a89de3649d051f900b958b,Equation_group_questions_and_answers,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.02.16.equation-the-death-star/Equation_group_questions_and_answers.pdf +2015-02-16,9134d57a818f98608a53b53dcfb520716d9eb1c3,operation-arid-viper-whitepaper-en,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.02.16.Operation_Arid_Viper/operation-arid-viper-whitepaper-en.pdf +2015-02-16,99af231600ee8fd83b4b4fb057429e60cd9d21c4,Carbanak_APT_eng,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.02.16.Carbanak.APT/Carbanak_APT_eng.pdf +2015-02-17,0f4d8ba248dde47b514161014a57885aed084ce2,The-Desert-Falcons-targeted-attacks,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.02.17.Desert_Falcons_APT/The-Desert-Falcons-targeted-attacks.pdf +2015-02-17,b99e4faf6dc5b027f0dd9e649811c4bb5fe513d8,A_Fanny_Equation,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.02.17.A_Fanny_Equation/A_Fanny_Equation.pdf +2015-02-18,c8f384ae75119626032d4b42f34e883269dbf2a4,Elephantosis,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.02.18.Shooting_Elephants/Elephantosis.pdf +2015-02-18,e44dcd9329e0bb93b2daf2d3a0e77165ccc6f860,24270-babar-espionage-software-finally-found-and-put-under-the-microscope,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.02.18.Babar/24270-babar-espionage-software-finally-found-and-put-under-the-microscope.pdf +2015-02-24,c73cbb8fa22e16920e3cbf51226f3fd8010d38bb,cto-tib-20150223-01a,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.02.24.Deeper_Scanbox/cto-tib-20150223-01a.pdf +2015-02-25,7c69db91f21ee20f7abcb4d95f21c4a17bfa6d17,rpt-southeast-asia-threat-landscape,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.02.25.Southeast_Asia_Threat_Landscape/rpt-southeast-asia-threat-landscape.pdf +2015-02-25,fc1d350810c19c94b1f3642fa08f50bf914ab821,plugx-goes-to-the-registry-and-india,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.02.25.PlugX_to_registry/plugx-goes-to-the-registry-and-india.pdf +2015-02-27,326f9133be497ec98132e9d6744ac26481a3d1c2,The Anthem Hack_ All Roads Lead to China - ThreatConnect _ Enterprise Threat Intelligence Platform,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.02.27.The_Anthem_Hack_All_Roads_Lead_to_China/The%20Anthem%20Hack_%20All%20Roads%20Lead%20to%20China%20-%20ThreatConnect%20_%20Enterprise%20Threat%20Intelligence%20Platform.pdf +2015-02-27,40559d68f1a3d25639408209de18d8ee395ae08a,Anthem_hack_all_roads_lead_to_China,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.02.27.The_Anthem_Hack_All_Roads_Lead_to_China/Anthem_hack_all_roads_lead_to_China.pdf +2015-02-27,476ebf5380941f81e9d22e9a012bae5638e1a985,the-anthem-hack-all-roads-lead-to-china,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.02.27.The_Anthem_Hack_All_Roads_Lead_to_China/the-anthem-hack-all-roads-lead-to-china.pdf +2015-03-05,12c4cc9d9a59aadcd01aa2282a6c99da8bcd18ab,casper-malware-babar-bunny-another-espionage-cartoon,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.03.05.Casper_Malware/casper-malware-babar-bunny-another-espionage-cartoon.pdf +2015-03-06,1b7639b4f1cff257684654926bd2a9b3c5a6d8e1,Babar_or_Bunny,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.03.06.Babar_or_Bunny/Babar_or_Bunny.pdf +2015-03-06,e9498a24509614d88c38311f45c1550eff79f8f5,Animals in the APT Farm,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.03.06.Animals_APT_Farm/Animals%20in%20the%20APT%20Farm.pdf +2015-03-10,d17fdf8935e094b2a34cde539abc85eec3533941,Tibetan-Uprising-Day-Malware-Attacks_websitepdf,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.03.10.Tibetan_Uprising/Tibetan-Uprising-Day-Malware-Attacks_websitepdf.pdf +2015-03-11,a9a89dbd99ed439abcfced111affc69f9728fc7a,Inside_EquationDrug_Espionage_Platform,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.03.11.EquationDrug/Inside_EquationDrug_Espionage_Platform.pdf +2015-03-19,73a8169eff8f50cefe587c1097d67fb45e71a046,wp-operation-woolen-goldfish,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.03.19.Goldfish_Phishing/wp-operation-woolen-goldfish.pdf +2015-03-30,b3ad6d13b10de19e232342610370c47ac9083d0d,2015.03.30.crowdstrike.chopping-packets-decoding-china-chopper-web-shell-traffic-over-ssl,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.03.30.Decoding_China_Chopper/2015.03.30.crowdstrike.chopping-packets-decoding-china-chopper-web-shell-traffic-over-ssl.pdf +2015-03-31,7cd5b12fa38705e254296133991410754f1678ab,volatile-cedar-technical-report,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.03.31.Volatile_Cedar/volatile-cedar-technical-report.pdf +2015-04-12,1b83984e2c9515c59885bc0078e3b1bed5d513b2,rpt-apt30,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.04.12.APT30/rpt-apt30.pdf +2015-04-15,3991aeb7aa51f81e0742f06b833b055aae662bf9,The Chronicles of the Hellsing APT_ the Empire Strikes Back - Securelist,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.04.15.Hellsing_APT/The%20Chronicles%20of%20the%20Hellsing%20APT_%20the%20Empire%20Strikes%20Back%20-%20Securelist.pdf +2015-04-15,5b22b494cfe329c352948530cb19b6dc5067ca44,Indicators_of_Compormise_Hellsing,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.04.15.Hellsing_APT/Indicators_of_Compormise_Hellsing.pdf +2015-04-18,3bd10169fc704a20a702c3fc61633d68843f195c,Operation RussianDoll,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.04.18.Operation_RussianDoll/Operation%20RussianDoll.pdf +2015-04-20,417a791693f2554ee1ec94564467168ea58e2cfb,cto-tib-20150420-01a,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.04.20.Sofacy_II/cto-tib-20150420-01a.pdf +2015-04-21,46f4a7b1ec66e3aa1f6a93d64d9a4d3363621636,The CozyDuke APT - Securelist,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.04.21.CozyDuke_APT/The%20CozyDuke%20APT%20-%20Securelist.pdf +2015-04-22,7f0cdde2b33261a9a35446bb2cb51c310539fa50,CozyDuke,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.04.22.CozyDuke/CozyDuke.pdf +2015-04-27,2babeca1ce5aff70f24684cd80ed45ef43ec9a17,Attacks against Israeli & Palestinian interests - Cyber security updates,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.04.27.Attacks_Israeli_Palestinian/Attacks%20against%20Israeli%20%26%20Palestinian%20interests%20-%20Cyber%20security%20updates.pdf +2015-05-05,b6aec94a79b7af64566cf734ef2a703c3d670e1c,1506306551185339,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.05.05.Targeted_attack_on_France_TV5Monde/1506306551185339.pdf +2015-05-07,c478f5c474609cc5401648c0a55213f3a7137344,Dissecting-the-Kraken,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.05.07.Kraken/Dissecting-the-Kraken.pdf +2015-05-12,3bda90269f9a49360befe7f9a00f832c57af89c2,FSOFACY,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.05.12.Sofacy_root9B/FSOFACY.pdf +2015-05-12,82255ad9b0682b0a091f92d129c0aefd5b7d96cd,R9b_FSOFACY_0,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.05.12.Sofacy_root9B/R9b_FSOFACY_0.pdf +2015-05-13,2c19d922bfa84a0205d9142124caaa51dc2021f5,Cylance SPEAR Team_ A Threat Actor Resurfaces,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.05.13.Spear_Threat/Cylance%20SPEAR%20Team_%20A%20Threat%20Actor%20Resurfaces.pdf +2015-05-14,93b3ec0cec9636d7815424be3030ae54c2eb79b5,wp-operation-tropic-trooper,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.05.14.Operation_Tropic_Trooper/wp-operation-tropic-trooper.pdf +2015-05-14,af489e7e52483efe28d8f20f15be5d1dbae62a55,The Naikon APT - Securelist,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.05.14.Naikon_APT/The%20Naikon%20APT%20-%20Securelist.pdf +2015-05-18,155c112f73a973ecf710fab5caa6434212275d81,CmstarDownloader_Lurid_Enfal_Cousin,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.05.18.Cmstar/CmstarDownloader_Lurid_Enfal_Cousin.pdf +2015-05-19,538701feeead706e34d24cf2b831071ac2f600cb,oil-tanker-en,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.05.19.Operation_Oil_Tanker/oil-tanker-en.pdf +2015-05-21,7e03e711a841cd0eb1b6fc7446b2a069ada19f2a,TheNaikonAPT-MsnMM1,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.05.21.Naikon_APT/TheNaikonAPT-MsnMM1.pdf +2015-05-21,b91ed59b5aea02b712f1ea974fb4cf171ea8ba44,TheNaikonAPT-MsnMM2,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.05.21.Naikon_APT/TheNaikonAPT-MsnMM2.pdf +2015-05-26,198195bf91a009bdf666d630230d86b7b1d60bb9,Dissecting-LinuxMoose,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.05.26.LinuxMoose/Dissecting-LinuxMoose.pdf +2015-05-27,29ceb2ee71d540a7f3f2a496b2e726b2779f485b,BlackEnergy-CyberX-Report_27_May_2015_FINAL,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.05.27.BlackEnergy3/BlackEnergy-CyberX-Report_27_May_2015_FINAL.pdf +2015-05-27,34c0983b58ba25a4a3066ae9871b12b2958af506,antiy.net-ANALYSIS ON APT-TO-BE ATTACK THAT FOCUSING ON CHINAS GOVERNMENT AGENCY,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.05.27.APT_to_be/antiy.net-ANALYSIS%20ON%20APT-TO-BE%20ATTACK%20THAT%20FOCUSING%20ON%20CHINAS%20GOVERNMENT%20AGENCY.pdf +2015-05-27,42917d2bb4535fc6369cdd68bf82b7e7d28ebadf,ANALYSIS-ON-APT-TO-BE-ATTACK-THAT-FOCUSING-ON-CHINAS-GOVERNMENT-AGENCY-,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.05.27.APT_to_be/ANALYSIS-ON-APT-TO-BE-ATTACK-THAT-FOCUSING-ON-CHINAS-GOVERNMENT-AGENCY-.pdf +2015-05-28,4855ba957702d0393cb7ade531b46625426d9192,Grabit,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.05.28.grabit-and-the-rats/Grabit.pdf +2015-05-29,98e849a6be7fb956f5b17a183a2e00048f3bab25,OceanLotusReport,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.05.29.OceanLotus/OceanLotusReport.pdf +2015-06-03,a0c391fec9b1faa80a0c713bd6aa37a7129adda7,Thamar-Reservoir,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.06.03.thamar-reservoir/Thamar-Reservoir.pdf +2015-06-04,fee0f49a312915de5c41ebdd1eaf8aefacde1eaf,BlueTermite_Japan,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.06.04.Blue_Thermite_targeting_Japan/BlueTermite_Japan.pdf +2015-06-09,19c98e87f5cfd25fc91b0fbbd1c684e81a276c44,OhFlorio-VB2015,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.06.09.Duqu_2.0_Win32k_Exploit_Analysis/OhFlorio-VB2015.pdf +2015-06-10,6c4fcf640dfbedbdddb724e69d0ed84319b0cf6e,duqu2_crysys,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.06.10.Duqu_2.0/duqu2_crysys.pdf +2015-06-10,f96b39177a6d371bbcc749781c9591738b4ac5d2,Duqu_2_Yara_rules,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.06.10.The_Mystery_of_Duqu_2_0/Duqu_2_Yara_rules.pdf +2015-06-10,fe05831d3dc661e418f969045f0087ba642fb27b,The_Mystery_of_Duqu_2_0_a_sophisticated_cyberespionage_actor_returns,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.06.10.The_Mystery_of_Duqu_2_0/The_Mystery_of_Duqu_2_0_a_sophisticated_cyberespionage_actor_returns.pdf +2015-06-12,355d59c0f3e480734acb72f26f16f717d2984e6c,Afghan Government Compromise_ Browser Beware _ Volexity Blog,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.06.12.Afghan_Government_Compromise/Afghan%20Government%20Compromise_%20Browser%20Beware%20_%20Volexity%20Blog.pdf +2015-06-15,154083bd059ac6bb001e247f7e03d6189fa93362,Targeted-Attacks-against-Tibetan-and-Hong-Kong-Groups-Exploiting-CVE-2014-4114,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.06.15.Targeted-Attacks-against-Tibetan-and-Hong-Kong-Groups/Targeted-Attacks-against-Tibetan-and-Hong-Kong-Groups-Exploiting-CVE-2014-4114.pdf +2015-06-16,3bcbddd61cc7df02fad5bdc692e956bac590fe98,unit42-operation-lotus-blossom,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.06.16.operation-lotus-blossom/unit42-operation-lotus-blossom.pdf +2015-06-22,8b870691f84547afc34c08c494f92a21f6d1dc3e,winnti_pharmaceutical,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.06.22.Winnti_targeting_pharmaceutical_companies/winnti_pharmaceutical.pdf +2015-06-24,5414153144f453be553af09c69bb1300c7678f79,UnFIN4ished_Business_pwd,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.06.24.unfin4ished-business/UnFIN4ished_Business_pwd.pdf +2015-06-26,0aada2f7f4fb4955eb21b3f10cf6edf1523f1d0c,Operation Clandestine Wolf,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.06.26.operation-clandestine-wolf/Operation%20Clandestine%20Wolf.pdf +2015-06-26,da36e8623013f441bc3dd841e695ceb1f03db496,OperationClandestineWolf,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.06.26.operation-clandestine-wolf/OperationClandestineWolf.pdf +2015-06-28,1199aef590d01265442e28cf5727240f2f37ae25,DTL-06282015-01,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.06.28.APT_on_Taiwan/DTL-06282015-01.pdf +2015-06-30,fdf388b793a73c47a7caab35a5c4645c83c0931a,Dino – the latest spying malware from an allegedly French espionage group analyzed,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.06.30.dino-spying-malware-analyzed/Dino%20%E2%80%93%20the%20latest%20spying%20malware%20from%20an%20allegedly%20French%20espionage%20group%20analyzed.pdf +2015-07-08,a73fcc0ce6923f3a6ce537ec8214cb7b539fe343,WildNeutron_Economic_espionage,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.07.08.Wild_Neutron/WildNeutron_Economic_espionage.pdf +2015-07-08,d76a268a20027c5f56e67b2743ac747a466c257e,APT Group Wekby Leveraging Adobe Flash Exploit (CVE-2015-5119) _ Volexity Blog,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.07.08.APT_CVE-2015-5119/APT%20Group%20Wekby%20Leveraging%20Adobe%20Flash%20Exploit%20%28CVE-2015-5119%29%20_%20Volexity%20Blog.pdf +2015-07-09,bf41e63f1493152c0d82f2b800099fc4170ea9f1,butterfly-corporate-spies-out-for-financial-gain,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.07.09.Butterfly/butterfly-corporate-spies-out-for-financial-gain.pdf +2015-07-10,3e337d629d17d73fd95d44b7e09777c4e59a5e4d,apt.group.ups,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.07.10.APT_Group_UPS_Targets_US_Government/apt.group.ups.pdf +2015-07-13,006d625ab23c5f9d849608506c77d45afec4c720,Forkmeiamfamous_SeaDuke,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.07.13.Forkmeiamfamous/Forkmeiamfamous_SeaDuke.pdf +2015-07-13,786d57e8532c1fcad5493bccd75e16f10cd45774,Demonstrating_Hustle,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.07.13.Demonstrating_Hustle/Demonstrating_Hustle.pdf +2015-07-14,2fd37e0616a93fb94131cddecbb40e976de62364,an-in-depth-look-at-how-pawn-storms-java-zero-day-was-used,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.07.14.How_Pawn_Storm_Java_Zero-Day_Was_Used/an-in-depth-look-at-how-pawn-storms-java-zero-day-was-used.pdf +2015-07-14,d2e6c0c6d2e8dc72677482b8b4271568a3b2a9b9,MiniDionis_CozyCar_Seaduke,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.07.14.tracking-minidionis-cozycars/MiniDionis_CozyCar_Seaduke.pdf +2015-07-20,13feea5bb8a1f837e3772daf151e343086061f6a,WateringHole_Aerospace_CVE-2015-5122_IsSpace,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.07.20.IsSpace_Backdoor/WateringHole_Aerospace_CVE-2015-5122_IsSpace.pdf +2015-07-20,4aa116bc762a0e2ac8ad635799c2a1acc49de6c4,China_Peace_Palace,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.07.20.China_Peace_Palace/China_Peace_Palace.pdf +2015-07-22,8ee4f88f4734adc592190027018a461471e8204a,Duke_cloud_Linux,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.07.22.Duke_APT_groups_latest_tools/Duke_cloud_Linux.pdf +2015-07-27,05763e7c36f1120b89cedba2c39ab4680b8ba28f,apt29-hammertoss-stealthy-tactics-define-a,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.07.27.HAMMERTOSS/apt29-hammertoss-stealthy-tactics-define-a.pdf +2015-07-28,758520009778853bd186c8527b1cd73ee373ca36,the-black-vine-cyberespionage-group,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.07.28.Black_Vine/the-black-vine-cyberespionage-group.pdf +2015-07-30,18e19f0aa8caf36fbb424ab650f87bb192d3434a,Operation-Potao-Express_final_v2,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.07.30.Operation-Potao-Express/Operation-Potao-Express_final_v2.pdf +2015-07-30,1ca6b256b4926edad36b545b8809b2c64d917252,blog,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.07.30.Operation-Potao-Express/blog.pdf +2015-08-04,e820638a0c4690636ebac596e0bbc040308aa040,Terracotta-VPN-Report-Final-8-3,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.08.04.Terracotta_VPN/Terracotta-VPN-Report-Final-8-3.pdf +2015-08-05,2e7bfba595146d0274eaf32479cb7ea8eebda153,threat-group-3390-targets-organizations-for-cyberespionage,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.08.05.Threat_Group-3390/threat-group-3390-targets-organizations-for-cyberespionage.pdf +2015-08-08,a850834f5ff8253d70a709a3d18b3cbfc05ce27c,Threat Analysis_ Poison Ivy and Links to an Extended PlugX Campaign – CYINT Analysis,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.08.08.Poison_Ivy_and_Links_to_an_Extended_PlugX_Campaign/Threat%20Analysis_%20Poison%20Ivy%20and%20Links%20to%20an%20Extended%20PlugX%20Campaign%20%E2%80%93%20CYINT%20Analysis.pdf +2015-08-10,e92d19e7054c2d384d2afac5027e9fae5ea51596,HTExploitTelemetry,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.08.10.The_Italian_Connection_An_analysis_of_exploit_supply_chains_and_digital_quartermasters/HTExploitTelemetry.pdf +2015-08-19,68f5e800be94213b5fec499754aef6fe60ef13fe,New Internet Explorer zero-day exploited in Hong Kong attacks,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.08.19.new-internet-explorer-zero-day-exploited-hong-kong-attacks/New%20Internet%20Explorer%20zero-day%20exploited%20in%20Hong%20Kong%20attacks.pdf +2015-08-20,9035c1a0e8ec5b4eb632c0feb39a86600dce7d26,ASERT Threat Intelligence Brief 2015-05 PlugX Threat Activity in Myanmar,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.08.20.PlugX_Threat_Activity_in_Myanmar/ASERT%20Threat%20Intelligence%20Brief%202015-05%20PlugX%20Threat%20Activity%20in%20Myanmar.pdf +2015-08-20,9723b822bb83020963b2b2557da56ca1ba6e46f9,new-activity-of-the-blue-termite-apt,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.08.20.new-activity-of-the-blue-termite-apt/new-activity-of-the-blue-termite-apt.pdf +2015-09-01,2674d8703caf59d5b8062acc90e403814ec94621,wp-the-spy-kittens-are-back,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.09.01.Rocket_Kitten_2/wp-the-spy-kittens-are-back.pdf +2015-09-08,9db00858876ae2129cd45a55d40b1b4521fc8659,musical-chairs-multi-year-campaign-involving-new-variant-of-gh0st-malware,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.09.08.Musical_Chairs_Gh0st_Malware/musical-chairs-multi-year-campaign-involving-new-variant-of-gh0st-malware.pdf +2015-09-08,f58b5c078576477b032cdf476cd1668268dc53fa,PaloAlto.musical-chairs-multi-year-campaign-involving-new-variant-of-gh0st-malware,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.09.08.musical-chairs-multi-year-campaign-involving-new-variant-of-gh0st-malware/PaloAlto.musical-chairs-multi-year-campaign-involving-new-variant-of-gh0st-malware.pdf +2015-09-09,1cc6d8e2ad98b3b816c39ef19da2c0eeb561050a,"Shadow Force Uses DLL Hijacking, Targets South Korean Company",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.09.09.Shadow_Force/Shadow%20Force%20Uses%20DLL%20Hijacking%2C%20Targets%20South%20Korean%20Company.pdf +2015-09-09,320456d541590567eec647d887462186ba90e979,Satellite Turla_ APT Command and Control in the Sky - Securelist,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.09.09.satellite-turla-apt/Satellite%20Turla_%20APT%20Command%20and%20Control%20in%20the%20Sky%20-%20Securelist.pdf +2015-09-09,e5ec56a71fc2cf4ac1381c6ae48cc86708cb3f8e,Satellite-turla-apt-command-and-control-in-the-sky,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.09.09.satellite-turla-apt/Satellite-turla-apt-command-and-control-in-the-sky.pdf +2015-09-15,11ce27412676f3584b8e9abefc629e2b90735056,In Pursuit of Optical Fibers and Troop Intel_ Targeted Attack Distributes PlugX in Russia _ Proofpoint,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.09.15.PlugX_in_Russia/In%20Pursuit%20of%20Optical%20Fibers%20and%20Troop%20Intel_%20Targeted%20Attack%20Distributes%20PlugX%20in%20Russia%20_%20Proofpoint.pdf +2015-09-15,328800f27b160b88263e7b1d2de48b35c5f25b8d,PlugX-in-Russia,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.09.15.PlugX_in_Russia/PlugX-in-Russia.pdf +2015-09-16,8804946664547376b49229749d7c162df44e80e6,The-Shadow-Knows,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.09.16.The-Shadow-Knows/The-Shadow-Knows.pdf +2015-09-17,3e45a371a5d1ada49c0e193372e3e1fe12191049,Operation Iron Tiger Appendix,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.09.17.Operation_Iron_Tiger/Operation%20Iron%20Tiger%20Appendix.pdf +2015-09-17,5ee4cfb8802fd6a2dc6d936357a6ce16878778cf,wp-operation-iron-tiger,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.09.17.Operation_Iron_Tiger/wp-operation-iron-tiger.pdf +2015-09-17,c02195e501548fc9b8e2e13673a7e12e1af9e207,dukes_whitepaper,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.09.17.duke_russian/dukes_whitepaper.pdf +2015-09-23,dbd710751a6c32ba91401fb5e5623f46b4d2475f,Project_CAMERASHY_ThreatConnect_Copyright_2015,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.09.23.CAMERASHY_ThreatConnect/Project_CAMERASHY_ThreatConnect_Copyright_2015.pdf +2015-10-03,1116413c96b35c3c8f3d404bdabbec46b375eaaa,Cybereason-Labs-Analysis-Webmail-Sever-APT,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.10.03.Webmail_Server_APT/Cybereason-Labs-Analysis-Webmail-Sever-APT.pdf +2015-10-05,980ab92472c6de302ade77423ce09abe58a258bc,threat-identification,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.10.05.Proactive_Threat_Identification/threat-identification.pdf +2015-10-15,92d59c195d0c98a3ef1f583c7eee995a0e85e27f,Mapping FinFisher’s Continuing Proliferation,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.10.15.FinFisher_Continuing/Mapping%20FinFisher%E2%80%99s%20Continuing%20Proliferation.pdf +2015-10-16,4e3ce763a2de0b448556aed46fdb89a361f38f53,2015.10.targeted-attacks-ngo-burma,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.10.16.NGO_Burmese_Government/2015.10.targeted-attacks-ngo-burma.pdf +2015-11-04,4911b137926b6b17044141527980cdb9e4a9cb13,cct-w08_evolving-threats-dissection-of-a-cyber-espionage-attack,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.11.04_Evolving_Threats/cct-w08_evolving-threats-dissection-of-a-cyber-espionage-attack.pdf +2015-11-09,523ae1be152df2a4d1de51ee2b3e7f23cad62628,rocket-kitten-report,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.11.09.Rocket_Kitten_A_Campaign_With_9_Lives/rocket-kitten-report.pdf +2015-11-10,3133729b5af2ecd6657c814c0d7c73a3157427db,bookworm-trojan-a-model-of-modular-architecture,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.11.10.bookworm-trojan-a-model-of-modular-architecture/bookworm-trojan-a-model-of-modular-architecture.pdf +2015-11-17,4da43deb6f7dede89080d4b4adaae53a2c371aa5,rpt-witchcoven,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.11.17.Pinpointing_Targets_Exploiting_Web_Analytics_to_Ensnare_Victims/rpt-witchcoven.pdf +2015-11-18,1ffa0aaf1e29ef02734e49bfab41c4ec18b3b839,Russian financial cybercrime_ how it works - Securelist,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.11.18.Russian_financial_cybercrime_how_it_works/Russian%20financial%20cybercrime_%20how%20it%20works%20-%20Securelist.pdf +2015-11-18,abac715cbc6d033fdb588a36f3e9eaa9535d102b,Kaspersky_Lab_cybercrime_underground_report_eng_v1_0,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.11.18.Russian_financial_cybercrime_how_it_works/Kaspersky_Lab_cybercrime_underground_report_eng_v1_0.pdf +2015-11-18,d95f10b2f4711a2f0b410ad5218a49f0a80e8c13,amballa-discovers-new-toolset-linked-to-destover-attackers-arsenal-helps-them-to-broaden-attack-surface,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.11.18.Destover/amballa-discovers-new-toolset-linked-to-destover-attackers-arsenal-helps-them-to-broaden-attack-surface.pdf +2015-11-18,e204f491c98755fe0239112758a0938409dce32a,tdrop2-attacks-suggest-dark-seoul-attackers-return,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.11.18.tdrop2/tdrop2-attacks-suggest-dark-seoul-attackers-return.pdf +2015-11-18,e3ecbc1fbfa46fc8d2b34639b831ea3b82110aba,sakula-reloaded,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.11.18.Sakula_Reloaded/sakula-reloaded.pdf +2015-11-18,fbb18bcb00080008184c6e99c378a8da721b43bf,Damballa discovers new toolset linked to Destover,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.11.18.Destover/Damballa%20discovers%20new%20toolset%20linked%20to%20Destover.pdf +2015-11-19,4bfa7e0065fdcedaee712fcf08200bc0233aea09,ecrypting-strings-in-emdivi,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.11.19.decrypting-strings-in-emdivi/ecrypting-strings-in-emdivi.pdf +2015-11-19,7ac406637241a341e0130e3b485f1cc3b8e22a96,20151028_codeblue_apt-en,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.11.19.decrypting-strings-in-emdivi/20151028_codeblue_apt-en.pdf +2015-11-23,1d72a50b38ee4b5f57684726cef957f61ae6d2f2,GlassRAT-final,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.11.23.PEERING_INTO_GLASSRAT/GlassRAT-final.pdf +2015-11-23,551f1437e2589d5b0111a28db3fafa707822b759,wp-prototype-nation,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.11.23.Prototype_Nation_The_Chinese_Cybercriminal_Underground_in_2015/wp-prototype-nation.pdf +2015-11-23,78f88b00380fd4e888325439ab2591babda98fcc,Prototype Nation_ The Chinese Cybercriminal Underground in 2015 - Security News - Trend Micro USA,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.11.23.Prototype_Nation_The_Chinese_Cybercriminal_Underground_in_2015/Prototype%20Nation_%20The%20Chinese%20Cybercriminal%20Underground%20in%202015%20-%20Security%20News%20-%20Trend%20Micro%20USA.pdf +2015-11-23,8d0db1c4358b552084b1f8d504179651c6ceb1d2,CopyKittens,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.11.23.CopyKittens_Attack_Group/CopyKittens.pdf +2015-11-24,9d9a127ad42f4328a56d631d15816ba71e18f98c,attack-campaign-on-the-government-of-thailand-delivers-bookworm-trojan,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.11.24.Attack_Campaign_on_the_Government_of_Thailand_Delivers_Bookworm_Trojan/attack-campaign-on-the-government-of-thailand-delivers-bookworm-trojan.pdf +2015-11-30,c27c1daaa60de3381a7cb11975bef88fa05c2449,foxit-whitepaper_ponmocup_1_1,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.11.30.Ponmocup/foxit-whitepaper_ponmocup_1_1.pdf +2015-12-01,4b28cc1844c1f6218a71d3231c5f5e70d7c68709,china.based.threat,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.12.01.China-based_Cyber_Threat_Group_Uses_Dropbox_for_Malware_Communications_and_Targets_Hong_Kong_Media_Outlets/china.based.threat.pdf +2015-12-04,ec90ba5cd623542dbdbce8d65095c2a27e64fb08,sofacy-apt-hits-high-profile-targets-with-updated-toolset,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.12.04.Sofacy_APT/sofacy-apt-hits-high-profile-targets-with-updated-toolset.pdf +2015-12-07,421d41eafe972ca46b53ba82a260817dd3599d11,iran-based-attackers-use-back-door-threats-spy-middle-eastern-targets,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.12.07.Iran-based/iran-based-attackers-use-back-door-threats-spy-middle-eastern-targets.pdf +2015-12-07,924193affc6bcd25cc2d9b1b952a8c8dcf068669,fin1-targets-boot-record,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.12.07.Thriving_Beyond_The_Operating_System/fin1-targets-boot-record.pdf +2015-12-08,0732f30d54b0bb6bd260dd3e34889bc6ec89c5ec,Packrat_ Seven Years of a South American Threat Actor,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.12.08.Packrat/Packrat_%20Seven%20Years%20of%20a%20South%20American%20Threat%20Actor.pdf +2015-12-08,1473bc708f2ad4a5e2402b2d343a51271fac6c0e,packrat-report,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.12.08.Packrat/packrat-report.pdf +2015-12-13,8a5dd7e1cb4e277dbdf8323aeda0d79dce182249,elise-security-through-obesity.html,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.12.13.ELISE/elise-security-through-obesity.html.pdf +2015-12-15,7c3654eb098d9b484c2d342af5375580b6073594,Newcomers-in-the-Derusbi-family,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.12.15.Newcomers_in_the_Derusbi_family/Newcomers-in-the-Derusbi-family.pdf +2015-12-16,227c9942df3a8902726be7eb618334e1253aa9d5,operation-black-atlas-part-2-tools-and-malware-used-and-how-to-detect-them,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.12.16.Operation_Black_Atlas/operation-black-atlas-part-2-tools-and-malware-used-and-how-to-detect-them.pdf +2015-12-16,aae628909f813e344b30470fae5d2a26619c4706,Operation Black Atlas_Indicators_of_Compromise,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.12.16.Operation_Black_Atlas/Operation%20Black%20Atlas_Indicators_of_Compromise.pdf +2015-12-16,bd57cd05f1940487913c3fc7f85d3d09710a9631,operation-black-atlas-endangers-in-store-card-payments-and-smbs-worldwide-switches-between-blackpos-and-other-tools,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.12.16.Operation_Black_Atlas/operation-black-atlas-endangers-in-store-card-payments-and-smbs-worldwide-switches-between-blackpos-and-other-tools.pdf +2015-12-16,cd02ced2b0c1a7ed91e9d631ad45f001fa71a837,Operation_Black Atlas_Technical_Brief,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.12.16.Operation_Black_Atlas/Operation_Black%20Atlas_Technical_Brief.pdf +2015-12-16,e10651d3a6223055e95464f0023b549cdf7ca00c,FTA_1020_Fidelis_Inocnation_FINAL,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.12.16.INOCNATION.Campaign/FTA_1020_Fidelis_Inocnation_FINAL.pdf +2015-12-17,78bb54f4e5308d18e178c64a6f3a54710fdb2ee3,Bitdefender_In-depth_analysis_of_APT28__The_Political_Cyber-Espionage,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.12.17.APT28_Under_The_Scope/Bitdefender_In-depth_analysis_of_APT28__The_Political_Cyber-Espionage.pdf +2015-12-18,b2e67b0e7e9ca99cc9a37f0d1b7603fdf0365a53,attack-on-french-diplomat-linked-to-operation-lotus-blossom,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.12.18.Attack_on_Frence_Diplomat_Linked_To_Operation_Lotus_Blossom/attack-on-french-diplomat-linked-to-operation-lotus-blossom.pdf +2015-12-20,57511f2a45c751e73814b4b9514a1bcc9e93ea72,The_EPS_Awakens_Part_2,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.12.20.EPS_Awakens_Part_II/The_EPS_Awakens_Part_2.pdf +2015-12-22,2f04db722b7a212df65723b9685e3dc6afaaa66c,bbsrat-attacks-targeting-russian-organizations-linked-to-roaming-tiger,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2015/2015.12.22.BBSRAT_Roaming_Tiger/bbsrat-attacks-targeting-russian-organizations-linked-to-roaming-tiger.pdf +2016-01-03,da87ca80af9057fe2d153e11f3f4a372a86fc314,blackenergy-sshbeardoor-details-2015-attacks-ukrainian-news-media-electric-industry,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.01.03.BlackEnergy_Ukrainian/blackenergy-sshbeardoor-details-2015-attacks-ukrainian-news-media-electric-industry.pdf +2016-01-06,2a81d693b62fe82d6df0383996437c5d265e9527,potential-sample-of-malware-from-the-ukrainian-cyber-attack-uncovered,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.01.03.BlackEnergy_Ukrainian/Reference/potential-sample-of-malware-from-the-ukrainian-cyber-attack-uncovered.pdf +2016-01-06,7a2059db840f1a3746ab3247e15a5ee1798f1f32,LM3-LipovskyCherepanov.xml,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.01.03.BlackEnergy_Ukrainian/Reference/LM3-LipovskyCherepanov.xml.pdf +2016-01-06,91fbf836bbacd644060ed694aa4931b03af7865d,blackenergy-trojan-strikes-again-attacks-ukrainian-electric-power-industry,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.01.03.BlackEnergy_Ukrainian/Reference/blackenergy-trojan-strikes-again-attacks-ukrainian-electric-power-industry.pdf +2016-01-06,922b5960bc4dcc0dc784146b7882f79052ca510a,back-in-blackenergy-2014,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.01.03.BlackEnergy_Ukrainian/Reference/back-in-blackenergy-2014.pdf +2016-01-06,a70f56b79c409eda422a519e3b6c81ec05c7e8d2,uisgcon11_2015#pic-5,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.01.03.BlackEnergy_Ukrainian/Reference/uisgcon11_2015%23pic-5.pdf +2016-01-06,c3f1b24b4eb6691187cf923ba839b1c48393a6c7,blackenergy-sshbeardoor-details-2015-attacks-ukrainian-news-media-electric-industry,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.01.03.BlackEnergy_Ukrainian/Reference/blackenergy-sshbeardoor-details-2015-attacks-ukrainian-news-media-electric-industry.pdf +2016-01-07,4ad3de7edfcae1dee973b3e016c9145916591122,operation-dustysky-notes,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.01.07.Operation_DustySky/operation-dustysky-notes.pdf +2016-01-07,9b7bf2d6c4a10dac7483c618562e701f42c1dc32,Operation DustySky_TLP_WHITE,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.01.07.Operation_DustySky/Operation%20DustySky_TLP_WHITE.pdf +2016-01-07,f34ec411f0ce10f854e5a8c4ca90c9569217409b,rigging-compromise.html,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.01.07.rigging-compromise/rigging-compromise.html.pdf +2016-01-14,2b6972b475a33a12f66e069d490eccf8a5dd2990,Cisco_haystack.2016.01.14,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.01.14_Cisco_Needles_in_a_Haystack/Cisco_haystack.pdf.2016.01.14.pdf +2016-01-14,db5431a5c9b6ac0af2d3d12e00a30b755fe6306f,waterbug-attack-group,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.01.14.The.Waterbug.Attack.Group/waterbug-attack-group.pdf +2016-01-19,1daa7fd401a37b65528f168a9818289fb214d1d1,[CN]_2015.APT.Annual_Report,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.01.19.360_APT_Report/%5BCN%5D_2015.APT.Annual_Report.pdf +2016-01-19,98ee40523e822c8aeeaffdf884edbad833549fac,news_长期窃取我国敏感数据,29个海外黑客组织被曝光_科技_中国网,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.01.19.360_APT_Report/news_%E9%95%BF%E6%9C%9F%E7%AA%83%E5%8F%96%E6%88%91%E5%9B%BD%E6%95%8F%E6%84%9F%E6%95%B0%E6%8D%AE%EF%BC%8C29%E4%B8%AA%E6%B5%B7%E5%A4%96%E9%BB%91%E5%AE%A2%E7%BB%84%E7%BB%87%E8%A2%AB%E6%9B%9D%E5%85%89_%E7%A7%91%E6%8A%80_%E4%B8%AD%E5%9B%BD%E7%BD%91.pdf +2016-01-21,1cd7c6502a22702e4e05e1708ce2662534cb3e32,NetTraveler Spear-Phishing Email Targets Diplomat of Uzbekistan - Palo Alto Networks BlogPalo Alto Networks Blog,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.01.21.NetTraveler_Uzbekistan/NetTraveler%20Spear-Phishing%20Email%20Targets%20Diplomat%20of%20Uzbekistan%20-%20Palo%20Alto%20Networks%20BlogPalo%20Alto%20Networks%20Blog.pdf +2016-01-21,a1b9d5a178a30f272b3f420a9b2263eac2c73e35,nettraveler-spear-phishing-email-targets-diplomat-of-uzbekistan,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.01.21.NetTraveler_Uzbekistan/nettraveler-spear-phishing-email-targets-diplomat-of-uzbekistan.pdf +2016-01-24,bab618563431881dd8cadb10c02ed3dbfc300526,scarlet-mimic-years-long-espionage-targets-minority-activists,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.01.24_Scarlet_Minic/scarlet-mimic-years-long-espionage-targets-minority-activists.pdf +2016-01-26,a48cb6e2961d49d209196adbac1d95ebe21a5a56,BlackEnergy3_WP_012716_1c,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.01.26.BlackEnergy3/BlackEnergy3_WP_012716_1c.pdf +2016-01-27,4b1ca2728629ffb86d2ce7277859e25ed0986f93,introducing-hi-zor-rat.html,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.01.27.Hi-Zor.RAT/introducing-hi-zor-rat.html.pdf +2016-01-28,68f5083717325073aaa3ef57a371aac9f30ef6fb,blackenergy-apt-attacks-in-ukraine-employ-spearphishing-with-word-documents,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.01.28.BlackEnergy_APT/blackenergy-apt-attacks-in-ukraine-employ-spearphishing-with-word-documents.pdf +2016-01-29,547c04be6d9ef7f6c4df1bc978b101526a9948e4,ICS-ALERT-14-281-01B,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.01.28.BlackEnergy_APT/reference/ICS-ALERT-14-281-01B.pdf +2016-01-29,5ff49fde7468addf7495dc60efc9406bde48504f,malicious-office-files-dropping-kasidet.html,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.01.29.Malicious_Office_files_dropping_Kasidet_and_Dridex/malicious-office-files-dropping-kasidet.html.pdf +2016-01-29,85cdd12f93381a1bd387a09fd7098f867582c3ad,be2-extraordinary-plugins-siemens-targeting-dev-fails,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.01.28.BlackEnergy_APT/reference/be2-extraordinary-plugins-siemens-targeting-dev-fails.pdf +2016-01-29,9de94ac2dac8cd0497a39b89715ce97dcd44859f,Right_Sector,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.01.28.BlackEnergy_APT/reference/Right_Sector.pdf +2016-01-29,acfe355fe7c189c5e3ef42cdd17edced2f3c362c,RFBU,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.01.28.BlackEnergy_APT/reference/RFBU.pdf +2016-01-29,ba23484ae4d43db724584427b5628802e827dd1c,F5SOC_Tinbapore_Attack_January2016_29,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.01.29.Tinbapore_Attack/F5SOC_Tinbapore_Attack_January2016_29.pdf +2016-01-29,d466adab80818c8f035824081706038eceb8d04f,black_energy_2_3,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.01.28.BlackEnergy_APT/reference/black_energy_2_3.pdf +2016-01-29,ec503a9fa1206124e53d35eaba1c9d1a0d780202,be2-custom-plugins-router-abuse-and-target-profiles,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.01.28.BlackEnergy_APT/reference/be2-custom-plugins-router-abuse-and-target-profiles.pdf +2016-01-29,fdfff8084e578e20f5dd8528b04aa144e87b4719,black-ddos,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.01.28.BlackEnergy_APT/reference/black-ddos.pdf +2016-02-01,80a3f2c1c1f9dec104874cb59b14207f35e806bc,organized-cybercrime-big-in-japan-urlzone-now-on-the-scene,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.02.01.URLzone_Team/organized-cybercrime-big-in-japan-urlzone-now-on-the-scene.pdf +2016-02-01,86b8c909afd63ec436249037400dd59428798f1d,massive-admedia-iframe-javascript-infection.html,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.02.01.Massive_Admedia_Adverting_iFrame_Infection/massive-admedia-iframe-javascript-infection.html.pdf +2016-02-03,1f2eee38b44ad3e9fdd50b4845af7b9ec98c244c,emissary-trojan-changelog-did-operation-lotus-blossom-cause-it-to-evolve,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.02.03.Emissary_Trojan_Changelog/emissary-trojan-changelog-did-operation-lotus-blossom-cause-it-to-evolve.pdf +2016-02-04,d5e47cedc99e7eafd495003e6bd0b79eb44d4f8d,PaloAlto_t9000-advanced-modular-backdoor-uses-complex-anti-analysis-techniques.2016.02.04,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.02.04_PaloAlto_T9000-Advanced-Modular-Backdoor/PaloAlto_t9000-advanced-modular-backdoor-uses-complex-anti-analysis-techniques.2016.02.04.pdf +2016-02-08,6cc38d03649b53205ea47fad7672a39480be93ab,ICIT-Brief-Know-Your-Enemies-2.0,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.02.08.Know_Your_Enemies_2.0/ICIT-Brief-Know-Your-Enemies-2.0.pdf +2016-02-09,1d8767400696eec436e4e8442643ba50311205df,poseidon-group-a-targeted-attack-boutique-specializing-in-global-cyber-espionage,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.02.09_Poseidon_APT_Boutique/poseidon-group-a-targeted-attack-boutique-specializing-in-global-cyber-espionage.pdf +2016-02-09,92ccadd2258b3a2801458db14b235035d89745df,5165,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.02.09_Poseidon_APT_Boutique/5165.pdf +2016-02-11,f9e4f3da9e28916ef7b2493a6aa41768ec683831,india-pakistan-cyber-rivalry,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.02.11.Hacktivism_India_vs_Pakistan/india-pakistan-cyber-rivalry.pdf +2016-02-12,2e975acb1a64ea43e5079ee6ee89374392813786,a-look-into-fysbis-sofacys-linux-backdoor,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.02.12.Fysbis_Sofacy_Linux_Backdoor/a-look-into-fysbis-sofacys-linux-backdoor.pdf +2016-02-23,606f656561781dba6fdef666ece6a0cc24709f01,Op_Dust_Storm_Report,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.02.23.Operation_Dust_Storm/Op_Dust_Storm_Report.pdf +2016-02-23,cd75c4d77910a44416d71df6ad3164120827b33a,Dust_Storm_Infographic_v4,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.02.23.Operation_Dust_Storm/Dust_Storm_Infographic_v4.pdf +2016-02-24,058540094f2591abb7de917954dcb886cc1697ce,Operation-Blockbuster-Loaders-Installers-and-Uninstallers-Report,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.02.24.Operation_Blockbuster/Operation-Blockbuster-Loaders-Installers-and-Uninstallers-Report.pdf +2016-02-24,297c9413278d615cf2ca7ded8a0f3ef10f739cac,Operation-Blockbuster-Tools-Report,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.02.24.Operation_Blockbuster/Operation-Blockbuster-Tools-Report.pdf +2016-02-24,5a5139532e0fdcc76ed9b216d03e33fc27949bc5,Operation-Blockbuster-Destructive-Malware-Report,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.02.24.Operation_Blockbuster/Operation-Blockbuster-Destructive-Malware-Report.pdf +2016-02-24,5f86309e6544994a45536b0450cf1f5adef67296,Operation-Blockbuster-RAT-and-Staging-Report,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.02.24.Operation_Blockbuster/Operation-Blockbuster-RAT-and-Staging-Report.pdf +2016-02-24,5fe924adedb40c296bb2efc63473d10cd0a7d10f,Operation-Blockbuster-Report,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.02.24.Operation_Blockbuster/Operation-Blockbuster-Report.pdf +2016-02-24,edbc948346ecc8640bed0d82b2a64b0e859996c4,Operation-Blockbuster-Ex-Summary,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.02.24.Operation_Blockbuster/Operation-Blockbuster-Ex-Summary.pdf +2016-02-29,01fda1bcf39d3c6bc88434cca97aff08db32819b,TA_Fidelis_Turbo_1602_0,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.02.29.Turbo_Campaign_Derusbi/TA_Fidelis_Turbo_1602_0.pdf +2016-03-01,80bc090bee98e2117da088598e03c075e679e21d,proofpoint-operation-transparent-tribe-threat-insight-en,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.03.01.Operation_Transparent_Tribe/proofpoint-operation-transparent-tribe-threat-insight-en.pdf +2016-03-03,a65f73c4e0e9d915526cf1c04db5714da4128e13,blackenergy-malware-analysis,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.03.03.Shedding_Light_BlackEnergy/blackenergy-malware-analysis.pdf +2016-03-08,713d32d4ae8127bf6561c2a57889d4e52d035a0f,[CN]Operation_OnionDog,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.03.08.OnionDog/%5BCN%5DOperation_OnionDog.pdf +2016-03-08,840c190b2e0b88ba64935b320a1b3162d6e264ba,onion-dog-a-3-year-old-apt,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.03.08.OnionDog/onion-dog-a-3-year-old-apt.pdf +2016-03-08,df5f02460e3c9645924403b70b2a38154f58c506,APT-C-03-en,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.03.08.OnionDog/APT-C-03-en.pdf +2016-03-09,8f6d47d7261f87a25b93801d2dc76b52358c6cf6,wp-mandiant-matryoshka-mining,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.03.09.Operation_RussianDoll/wp-mandiant-matryoshka-mining.pdf +2016-03-10,5be1878cef91b9f144933f3953afeaa2a17fc9f2,shifting-tactics,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.03.10.shifting-tactics/shifting-tactics.pdf +2016-03-14,65fc9d406cde5d3458817e0c2da702ed7f7f4eaa,proofpoint-threat-insight-carbanak-group-en,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.03.14.Carbanak_cybercrime_group/proofpoint-threat-insight-carbanak-group-en.pdf +2016-03-15,e9ab559e5495f776e3ec2ffb46e648fa3b173a5c,suckfly-revealing-secret-life-your-code-signing-certificates,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.03.15.Suckfly/suckfly-revealing-secret-life-your-code-signing-certificates.pdf +2016-03-17,8aa740814d15ee3e321a86fcab71765e542794ab,taiwant-election-targetting.html,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.03.17.Taiwan-election-targetting/taiwant-election-targetting.html.pdf +2016-03-17,b039fa56126220d8df26a5ad6853a884bd76581e,PWC_Taiwan-Presidential-Election-A-Case-Study-on-Thematic-Targeting(Mar-17-2016),https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.03.17.Taiwan-election-targetting/PWC_Taiwan-Presidential-Election-A-Case-Study-on-Thematic-Targeting%28Mar-17-2016%29.pdf +2016-03-18,8d21ac4f42533126c4449c10c3ae6f5709d319f2,E-ISAC_SANS_Ukraine_DUC_5,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.03.18.Analysis_of_the_Cyber_Attack_on_the_Ukrainian_Power_Grid/E-ISAC_SANS_Ukraine_DUC_5.pdf +2016-03-23,3e3f781f7abac6c9472b8aa4775bbed5957b715b,Indian-military-personnel-targeted-by-information-theft-campaign-cmajor,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.03.23.Operation_C_Major/Indian-military-personnel-targeted-by-information-theft-campaign-cmajor.pdf +2016-03-25,e336a05540dd41d5eae8633116db965c10329f22,unit42-projectm-link-found-between-pakistani-actor-and-operation-transparent-tribe,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.03.25.ProjectM/unit42-projectm-link-found-between-pakistani-actor-and-operation-transparent-tribe.pdf +2016-04-12,8f9ced352ae35a97e06c0066ee2092b28b5f32d8,Platinum feature article - Targeted attacks in South and Southeast Asia April 2016,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.04.12.PLATINUM_Targeted_attacks_in_South_and_Southeast_Asia/Platinum%20feature%20article%20-%20Targeted%20attacks%20in%20South%20and%20Southeast%20Asia%20April%202016.pdf +2016-04-15,b9edbab15b408d13e9e0847827122b76a311b016,Detecting-and-Responding-to-Pandas-and-Bears-Christopher-Scott-CrowdStrike-and-Wendi-Whitmore-IBM,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.04.15.pandas_and_bears/Detecting-and-Responding-to-Pandas-and-Bears-Christopher-Scott-CrowdStrike-and-Wendi-Whitmore-IBM.pdf +2016-04-18,83c44bc6c5c139084cb2e734de308eb26a3c357e,between-hong-kong-and-burma,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.04.18.UP007/between-hong-kong-and-burma.pdf +2016-04-18,b76678677495b10baf122ba531f6957e9dd0b292,Between Hong Kong and Burma_ Tracking UP007 and SLServer Espionage Campaigns - The Citizen Lab,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.04.18.UP007/Between%20Hong%20Kong%20and%20Burma_%20Tracking%20UP007%20and%20SLServer%20Espionage%20Campaigns%20-%20The%20Citizen%20Lab.pdf +2016-04-21,21e5175d1dd3c2c2b628898401956c7bf5bde38c,teaching-an-old-rat-new-tricks,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.04.21.Teaching_an_old_RAT_new_tricks/teaching-an-old-rat-new-tricks.pdf +2016-04-21,a119cd353c04867a79f19297b85442b17c8ca590,unit42-new-poison-ivy-rat-variant-targets-hong-kong-pro-democracy-activists,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.04.21.New_Poison_Ivy_RAT_Variant_Targets_Hong_Kong/unit42-new-poison-ivy-rat-variant-targets-hong-kong-pro-democracy-activists.pdf +2016-04-22,f6b48254bf81462009a584a052101dfb6df596ce,The.Ghost.Dragon.-.Cylance,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.04.22.the-ghost-dragon/The.Ghost.Dragon.-.Cylance.pdf +2016-04-26,19a24110ffa0758f2a47a48d5bedb2d47851db29,Cyber warfare_ Iran opens a new front - FT,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.04.26.Iran_Opens_a_New_Front/Cyber%20warfare_%20Iran%20opens%20a%20new%20front%20-%20FT.pdf +2016-04-26,6ac77c488da30f6bd13cdac0d70ce285148a3eec,recent-poison-iv,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.04.26.New_Poison_Ivy_Activity_Targeting_Myanmar_Asian_Countries/recent-poison-iv.pdf +2016-04-26,87d857d7ce1ab46f4ad8808067b2f7cd43ac8fb2,"New Poison Ivy Activity Targeting Myanmar, Asian Countries",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.04.26.New_Poison_Ivy_Activity_Targeting_Myanmar_Asian_Countries/New%20Poison%20Ivy%20Activity%20Targeting%20Myanmar%2C%20Asian%20Countries.pdf +2016-04-27,f110830417b2cd564f2f0e00eedb20e43ea20d50,Freezer Paper around Free Meat - Securelist,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.04.27.Repackaging_Open_Source_BeEF/Freezer%20Paper%20around%20Free%20Meat%20-%20Securelist.pdf +2016-05-02,7a436c3b70a5cb5dcbc0112a8b2858e5ce3cefe4,goznym-malware,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.05.02.GOZNYM_MALWARE/goznym-malware.pdf +2016-05-02,a5b61e0e469c7dcdb6e359c1a03d927f35c43bb8,prince-of-persia-infy-malware-active-in-decade-of-targeted-attacks,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.05.02.Prince_of_Persia_Infy_Malware/prince-of-persia-infy-malware-active-in-decade-of-targeted-attacks.pdf +2016-05-05,6a5001adf44feb6d08eb65ca04370476188965cd,report_jaku_analysis_of_botnet_campaign_en_0,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.05.05_Jaku_botnet_campaign/report_jaku_analysis_of_botnet_campaign_en_0.pdf +2016-05-06,31e6f8ce651cb77a2cf4250c7150e35aee99e76f,exploring-cve-2015-2545-and-its-users.html,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.05.06_Exploring_CVE-2015-2545/exploring-cve-2015-2545-and-its-users.html.pdf +2016-05-09,ad88223032e7cb6b373a458e6472870a7ca69e37,2016_005_001_454247,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.05.09_ICS_Threat_Analysis/2016_005_001_454247.pdf +2016-05-10,0b125a7674213282cbcfd782d7c8d3fdf0ac1e3d,tinyPOS_tinyloader,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.05.10.tinyPOS_tinyloader/tinyPOS_tinyloader.pdf +2016-05-10,d491a0602abb0061170b4170a0b74a3b71062a74,tinypos-abaddonpos-ties-to-tinyloader,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.05.10.tinyPOS_tinyloader/tinypos-abaddonpos-ties-to-tinyloader.pdf +2016-05-17,599a53807cd15839de2fcbc8e8a7ea75152a2383,indian-organizations-targeted-suckfly-attacks,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.05.17.Indian_organizations_targeted_in_Suckfly_attacks/indian-organizations-targeted-suckfly-attacks.pdf +2016-05-17,ffa66796bd7c7f077c31285e6563ccb522b7e9b1,fox-it_mofang_threatreport_tlp-white,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.05.17.Mofang/fox-it_mofang_threatreport_tlp-white.pdf +2016-05-18,5938181ed1aec8281f229581f38f37f78eb24821,Operation-Groundbait,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.05.18.Operation_Groundbait/Operation-Groundbait.pdf +2016-05-22,09f34e4bf6d1b7503863ac6ae0c0a010e605a3b0,targeted_attacksaga.html,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.05.22.Targeted_Attacks_Against_Banks_in_Middle_East/targeted_attacksaga.html.pdf +2016-05-22,d31c752ecc9b9369d410b5689060365bcbb65a42,operation-ke3chang-resurfaces-with-new-tidepool-malware,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.05.22.Operation_Ke3chang_Resurfaces_With_New_TidePool_Malware/operation-ke3chang-resurfaces-with-new-tidepool-malware.pdf +2016-05-23,dbee63b0f8cd29139b4d12b867e3a80de139c0df,Report_Ruag-Espionage-Case,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.05.23.APT_Case_RUAG/Report_Ruag-Espionage-Case.pdf +2016-05-24,d0791b89c61a793f6d07d7cccc098be64f4f3c73,unit42-new-wekby-attacks-use-dns-requests-as-command-and-control-mechanism,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.05.24.New_Wekby_Attacks/unit42-new-wekby-attacks-use-dns-requests-as-command-and-control-mechanism.pdf +2016-05-25,d79781d4bad287b82dfa7e8cd6b3481c12df2c65,cve-2015-2545-overview-of-current-threats,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.05.25.CVE-2015-2545/cve-2015-2545-overview-of-current-threats.pdf +2016-05-26,ff756612875a76ff69cdf480637f35ba45d94313,the-oilrig-campaign-attacks-on-saudi-arabian-organizations-deliver-helminth-backdoor,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.05.26.OilRig_Campaign/the-oilrig-campaign-attacks-on-saudi-arabian-organizations-deliver-helminth-backdoor.pdf +2016-05-27,8ed7f4f236b73e01de575bf7716453bcfcba7f91,ixeshe-derivative-iheate-targets-users-america,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.05.27.IXESHE_Derivative_IHEATE_Targets_Users_in_America/ixeshe-derivative-iheate-targets-users-america.pdf +2016-06-02,4251b34749fd27da6bd56898978f6e058da24c89,TrendLabs Security Intelligence BlogFastPOS_ Quick and Easy Credit Card Theft - TrendLabs Security Intelligence Blog,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.06.02.fastpos-quick-and-easy-credit-card-theft/TrendLabs%20Security%20Intelligence%20BlogFastPOS_%20Quick%20and%20Easy%20Credit%20Card%20Theft%20-%20TrendLabs%20Security%20Intelligence%20Blog.pdf +2016-06-02,e7b813995e0231585bdcb88b80a61b8278967292,fastPOS-quick-and-easy-credit-card-theft (1),https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.06.02.fastpos-quick-and-easy-credit-card-theft/fastPOS-quick-and-easy-credit-card-theft%20%281%29.pdf +2016-06-09,a00dc576f03496351c6ec2989aac2a26891c4cff,Operation-DustySky2_-6.2016_TLP_White,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.06.09.Operation_DustySky_II/Operation-DustySky2_-6.2016_TLP_White.pdf +2016-06-16,2542ff73863727ad3151ca1feadc01d18024f9a3,cf006cb4-316e-11e6-8ff7-7b6c1998b7a0_story.html,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.06.16.Threat_Group-4127_Targets_Hillary_Clinton_Presidential_Campaign/cf006cb4-316e-11e6-8ff7-7b6c1998b7a0_story.html.pdf +2016-06-16,4266eae02e5de05ace3dd04bcc32516f087fb6a7,bears-midst-intrusion-democratic-national-committee,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.06.16.DNC/bears-midst-intrusion-democratic-national-committee.pdf +2016-06-16,f3781f5c5f8fec7c251964019fe0fbf4465a020b,threat-group-4127-targets-hillary-clinton-presidential-campaign,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.06.16.Threat_Group-4127_Targets_Hillary_Clinton_Presidential_Campaign/threat-group-4127-targets-hillary-clinton-presidential-campaign.pdf +2016-06-16,fece91ff2b729e25f30229b2c9fb43e4a4089dc3,Bears in the Midst_ Intrusion into the Democratic National Committee »,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.06.16.DNC/Bears%20in%20the%20Midst_%20Intrusion%20into%20the%20Democratic%20National%20Committee%20%C2%BB.pdf +2016-06-17,3342a5172b2ecde86762dd35f61057006dbb7448,Operation Daybreak,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.06.17.Operation_Daybreak/Operation%20Daybreak.pdf +2016-06-21,572942e17d84b8ba92393deae0689d96f71a02bb,rpt-china-espionage,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.06.21.Redline_Drawn_China_Recalculates_Its_Use_of_Cyber_Espionage/rpt-china-espionage.pdf +2016-06-21,98985054ab8d3b6c232132f1957fefc4ba01c7a6,visiting_the_bear_den_recon_2016_calvet_campos_dupuy-1,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.06.21.visiting_the_bear_den_recon_2016_calvet_campos_dupuy/visiting_the_bear_den_recon_2016_calvet_campos_dupuy-1.pdf +2016-06-21,a2b5632453fc7c70f07c1d331c54c610fa64c146,the-curious-case-of-an-unknown-trojan-targeting-german-speaking-users,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.06.21.Unknown_Trojan_Targeting_German_Speaking_Users/the-curious-case-of-an-unknown-trojan-targeting-german-speaking-users.pdf +2016-06-21,ffa89bc1898a8f9569a69480d8f95ca59220d511,the-curious-case-of-an-unknown-trojan-targeting-german-speaking-users_2,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.06.21.Unknown_Trojan_Targeting_German_Speaking_Users/the-curious-case-of-an-unknown-trojan-targeting-german-speaking-users_2.pdf +2016-06-23,ef8b8170c53ea9a06f702ff07684ec51e0bc8a40,unit42-tracking-elirks-variants-in-japan-similarities-to-previous-attacks,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.06.23.Tracking_Elirks_Variants_in_Japan/unit42-tracking-elirks-variants-in-japan-similarities-to-previous-attacks.pdf +2016-06-26,57b1fe8ffc1077abb782decf7a1a902338d17d8f,the-state-of-the-esilelotus-blossom-campaign,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.06.26.The_State_of_the_ESILE_Lotus_Blossom_Campaign/the-state-of-the-esilelotus-blossom-campaign.pdf +2016-06-26,6dec5ce81f1dbdbd7af97b4d5b1013422fc96534,threat-update-nigerian-cybercriminals-target-high-impact-indian-industries-via-pony,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.06.26.Nigerian_Cybercriminals_Target_High_Impact_Industries_in_India/threat-update-nigerian-cybercriminals-target-high-impact-indian-industries-via-pony.pdf +2016-06-28,12a79e8f73c77e470971f742f420a4f2f604b02e,unit42-prince-of-persia-game-over,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.06.28.prince-of-persia-game-over/unit42-prince-of-persia-game-over.pdf +2016-06-28,4c492341f41d25aa5caff7ef05f20a75a77828ea,ref_researchers-disrupt-iranian-cyberespionage-campaign,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.06.28.prince-of-persia-game-over/ref_researchers-disrupt-iranian-cyberespionage-campaign.pdf +2016-06-28,a7d161c9d48d00ad93a8e6ad2a907e35619d59f5,20160628ac-ir_research,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.06.28.Attack_Tool_Investigation/20160628ac-ir_research.pdf +2016-06-30,e23eeb26d7468c2ff516ac170bfea387aa75d396,asruex-malware-infecting-through-shortcut-files.html,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.06.30.Asruex/asruex-malware-infecting-through-shortcut-files.html.pdf +2016-07-01,6289dff2cbd2750c76517007989483922179fa40,Bitdefender-Whitepaper-PAC-A4-en-EN1,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.07.01.Bitdefender_Pacifier_APT/Bitdefender-Whitepaper-PAC-A4-en-EN1.pdf +2016-07-01,8fdd96ab4d0e95802cac838cb8221b93da24d1f2,espionage-toolkit-targeting-central-eastern-europe-uncovered,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.07.01.SBDH_toolkit_targeting_Central_and_Eastern_Europe/espionage-toolkit-targeting-central-eastern-europe-uncovered.pdf +2016-07-03,38547a8c4e19d82f9ea9424f33b87de8d3b48fb6,HummingBad-Research-report_FINAL-62916,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.07.03_From_HummingBad_to_Worse/HummingBad-Research-report_FINAL-62916.pdf +2016-07-07,727b9ed2242c7c62e18b721db3678c5d29df42e6,Unveiling-Patchwork,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.07.07.UNVEILING_PATCHWORK/Unveiling-Patchwork.pdf +2016-07-07,c931257dcbda322fa1a28021d3454b1110aec308,nettraveler-apt-targets-russian-european-interests,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.07.07.nettraveler-apt-targets-russian-european-interests/nettraveler-apt-targets-russian-european-interests.pdf +2016-07-08,ddbce0dd2907394801bd17ce8ecaf50ac0401ed2,The Dropping Elephant actor - Securelist,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.07.08.The_Dropping_Elephant/The%20Dropping%20Elephant%20actor%20-%20Securelist.pdf +2016-07-12,a2d672d0e620a3060792ca67fecc5bfe2720df50,nanhaishu_whitepaper,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.07.12.NanHaiShu_RATing_the_South_China_Sea/nanhaishu_whitepaper.pdf +2016-07-13,34a7432982599a2adcdf264e58e7a593213e1a92,SFG_ Furtim's Parent,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.07.13.State-Sponsored_SCADA_Malware_targeting_European_Energy_Companies/SFG_%20Furtim%27s%20Parent.pdf +2016-07-13,807e0c662c79a8f4095d4934e004846d711d578e,sfg-furtims-parent,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.07.13.State-Sponsored_SCADA_Malware_targeting_European_Energy_Companies/sfg-furtims-parent.pdf +2016-07-13,b928b0a2e0c93ccfbb1590bc0f4460a9389089ce,Furtim_ The Ultra-Cautious Malware,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.07.13.State-Sponsored_SCADA_Malware_targeting_European_Energy_Companies/Furtim_%20The%20Ultra-Cautious%20Malware.pdf +2016-07-21,21b8768b4a631b50c13f20d5668f12e237835874,(Chinese)rmshixdAPT-C-15-20160630,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.07.21.Sphinx_Targeted_cyber-attack_in_the_Middle_East/%28Chinese%29rmshixdAPT-C-15-20160630.pdf +2016-07-21,f47efbaa0ca27a61c1eb8801e50393ff2fc991a5,tta1-f04_hide-and-seek-how-threat-actors-respond-in-the-face-of-public-exposure,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.07.21.Hide_and_Seek/tta1-f04_hide-and-seek-how-threat-actors-respond-in-the-face-of-public-exposure.pdf +2016-07-21,f6e55a0b55a2f10bd2de7c9b37882faf4b8fd568,rmsxden20160721,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.07.21.Sphinx_Targeted_cyber-attack_in_the_Middle_East/rmsxden20160721.pdf +2016-07-26,37563d47952e48cc0223c8d8d1b84a24ba1f83b9,unit-42-attack-delivers-9002-trojan-through-google-drive,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.07.26.Attack_Delivers_9002_Trojan_Through_Google_Drive/unit-42-attack-delivers-9002-trojan-through-google-drive.pdf +2016-07-28,172d40de660b80ca939daaacc2fafc6222768e71,ICIT-Brief-China-Espionage-Dynasty,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.07.28.China_Espionage_Dynasty/ICIT-Brief-China-Espionage-Dynasty.pdf +2016-08-02,3939d4a4048e0ad0e4416e32763c8f69dc83af56,Group5_ Syria and the Iranian Connection - The Citizen Lab,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.08.02.group5-syria/Group5_%20Syria%20and%20the%20Iranian%20Connection%20-%20The%20Citizen%20Lab.pdf +2016-08-02,514d58015cd8abe0f9d65a85100dded872d707f8,group5-syria,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.08.02.group5-syria/group5-syria.pdf +2016-08-03,cf6fad700146b469d54f47c1541a84bb0dc08bc6,i-got-a-letter-from-the-government,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.08.03.i-got-a-letter-from-the-government/i-got-a-letter-from-the-government.pdf +2016-08-04,312cecf6f6b163671637a87ce08b2d6645c0c58e,Running for Office_ Russian APT Toolkits Revealed,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.08.04.russian-apt-toolkits/Running%20for%20Office_%20Russian%20APT%20Toolkits%20Revealed.pdf +2016-08-06,1e76a31e0437eaf70fd8cb3408a6da8f07b76deb,[CN]_APT-C-09_report,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.08.06.APT-C-09/%5BCN%5D_APT-C-09_report.pdf +2016-08-06,fc24eb10e1af16744360738351528a688100844f,[CN]_APT-C-09,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.08.06.APT-C-09/%5BCN%5D_APT-C-09.pdf +2016-08-07,20e3289035437c6b1465bb8b16da9b5795106a9a,strider-cyberespionage-group-turns-eye-sauron-targets,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.08.07.Strider_Cyberespionage_group_turns_eye_of_Sauron_on_targets/strider-cyberespionage-group-turns-eye-sauron-targets.pdf +2016-08-07,a7a8df94dc6cbbd33eadbb9e39538aa6fe78e798,Symantec_Remsec_IOCs,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.08.07.Strider_Cyberespionage_group_turns_eye_of_Sauron_on_targets/Symantec_Remsec_IOCs.pdf +2016-08-08,684be4d1e962fbc2514e79dae62b9667b6fccc49,ProjectSauron_ top level cyber-espionage platform covertly extracts encrypted government comms - Securelist,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.08.08.ProjectSauron/ProjectSauron_%20top%20level%20cyber-espionage%20platform%20covertly%20extracts%20encrypted%20government%20comms%20-%20Securelist.pdf +2016-08-08,6c8608b8efbca2ab69d8406d7d561e67cd7f9df8,The-ProjectSauron-APT_Technical_Analysis_KL,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.08.08.ProjectSauron/The-ProjectSauron-APT_Technical_Analysis_KL.pdf +2016-08-08,a510a638576efbbd0eb7b5fa7dbce838ddde290b,The-ProjectSauron-APT_research_KL,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.08.08.ProjectSauron/The-ProjectSauron-APT_research_KL.pdf +2016-08-08,b910f06ecd66d0a297e2043369b82a29cf770eee,forcepoint-security-labs-monsoon-analysis-report,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.08.08.monsoon-analysis-apt-campaign/forcepoint-security-labs-monsoon-analysis-report.pdf +2016-08-08,bf2d4ed4b28658d9cb3d5f8787b264395d729961,The-ProjectSauron-APT_IOCs_KL,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.08.08.ProjectSauron/The-ProjectSauron-APT_IOCs_KL.pdf +2016-08-11,12503011cfce27ed282658baa893fa8791d27965,us-16-Guarnieri-Anderson-Iran-And-The-Soft-War-For-Internet-Dominance-paper,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.08.11.Iran-And-The-Soft-War-For-Internet-Dominance/us-16-Guarnieri-Anderson-Iran-And-The-Soft-War-For-Internet-Dominance-paper.pdf +2016-08-16,48fef28b947c6068d84cc19ce4148036da4543c7,unit42-aveo-malware-family-targets-japanese-speaking-users,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.08.16.aveo-malware-family-targets-japanese/unit42-aveo-malware-family-targets-japanese-speaking-users.pdf +2016-08-17,f562ca8ebe092d83ce673dee5343f728da333782,Operation Ghoul_ targeted attacks on industrial and engineering organizations - Securelist,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.08.17_operation-ghoul/Operation%20Ghoul_%20targeted%20attacks%20on%20industrial%20and%20engineering%20organizations%20-%20Securelist.pdf +2016-08-19,1cb7f7b4f59a8f06892dfb692be6adf5366c1488,Russian_Cyber_Operations_On_Steroids,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.08.19.fancy-bear-anti-doping-agency-phishing/Russian_Cyber_Operations_On_Steroids.pdf +2016-08-24,e7b604381d8c80c06acf01daef346539f9cc8e1e,million-dollar-dissident-iphone-zero-day-nso-group-uae,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.08.24.million-dollar-dissident-iphone-zero-day-nso-group-uae/million-dollar-dissident-iphone-zero-day-nso-group-uae.pdf +2016-08-25,99f8d948b133c10f03dc642ffdefc72ec6ef4cf5,lookout-pegasus-technical-analysis,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.08.25.lookout-pegasus-technical-analysis/lookout-pegasus-technical-analysis.pdf +2016-09-01,58b20802df0d91b67bc29bce5ccb50a90b723cd0,human-rights-impersonation-malware,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.09.01.human-rights-impersonation-malware/human-rights-impersonation-malware.pdf +2016-09-06,36cc8f9d42465b2ac2681772862e21ecb2eaa137,Buckeye.cyberespionage.group.shifts.gaze.from.US.to.Hong.Kong.-.Symantec,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.09.06.buckeye-cyberespionage-group-shifts-gaze-us-hong-kong/Buckeye.cyberespionage.group.shifts.gaze.from.US.to.Hong.Kong.-.Symantec.pdf +2016-09-14,2f19f28899cc89c7b74a4b9c646a1b0d6d59e3df,mile-tea-cyber-espionage-campaign-targets-asia-pacific-businesses-and-government-agencies,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.09.14.MILE_TEA/mile-tea-cyber-espionage-campaign-targets-asia-pacific-businesses-and-government-agencies.pdf +2016-09-18,528e04eea263ae76084664f0c77f51ab500f50b3,Hunting Libyan Scorpions _ Cyberkov _ Professional Cybersecurity & Consultation Firm_,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.09.18.Hunting-Libyan-Scorpions/Hunting%20Libyan%20Scorpions%20_%20Cyberkov%20_%20Professional%20Cybersecurity%20%26%20Consultation%20Firm_.pdf +2016-09-18,9030bce0306febd7e94fd047d480512583889389,Hunting-Libyan-Scorpions-EN,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.09.18.Hunting-Libyan-Scorpions/Hunting-Libyan-Scorpions-EN.pdf +2016-09-18,a46df8cb683eda75ffe801ea611ae44201f1bc71,Hunting-Libyan-Scorpions-AR,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.09.18.Hunting-Libyan-Scorpions/Hunting-Libyan-Scorpions-AR.pdf +2016-09-26,3f02cc3588ec839349ff8abd3eaa358f4f286580,unit42-sofacys-komplex-os-x-trojan,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.09.26_Sofacy_Komplex_OSX_Trojan/unit42-sofacys-komplex-os-x-trojan.pdf +2016-09-28,85b30d108bfd5951bb93730c2656346a967cbe21,Confucius Says...Malware Families Get Further By Abusing Legitimate Websites,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.09.28.Confucius_Says/Confucius%20Says...Malware%20Families%20Get%20Further%20By%20Abusing%20Legitimate%20Websites.pdf +2016-09-28,86c06d806c6a2f7fc9e863098cbe616aab222773,Russia Hacks Bellingcat MH17 Investigation _ ThreatConnect,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.09.28.russia-hacks-bellingcat-mh17-investigation/Russia%20Hacks%20Bellingcat%20MH17%20Investigation%20_%20ThreatConnect.pdf +2016-09-29,7b989c73b32583b752456c92556d654d3b6ce1b8,CS_organisation_CHINA_092016 (1),https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.09.29.China_and_Cyber_Attitudes_Strategies_Organisation/CS_organisation_CHINA_092016%20%281%29.pdf +2016-10-03,b0a928c9b7bb1c8dfb4da791e5e928550d521478,On the StrongPity Waterhole Attacks - Securelist,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.10.03.StrongPity/On%20the%20StrongPity%20Waterhole%20Attacks%20-%20Securelist.pdf +2016-10-05,12ecd2809c35c574672cb2b1b22323aa9de1d69a,Bartholomew-GuerreroSaade-VB2016,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.10.05_Wave_Your_False_flag/Bartholomew-GuerreroSaade-VB2016.pdf +2016-10-16,4812e3e7c965cf14148feb5c4b2cb583612972a8,threatconnect-discovers-chinese-apt-activity-in-europe,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.10.16.A_Tale_of_Two_Targets/threatconnect-discovers-chinese-apt-activity-in-europe.pdf +2016-10-20,aa59479dccb863926ace7d5a6d87e356eb9dad4a,eset-sednit-part1,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.10.20.En_Route_with_Sednit/eset-sednit-part1.pdf +2016-10-25,56fa70aae3ab16acfba094af1896d186038ad134,Houdini.s.Magic.Reappearance.-.Palo.Alto.Networks.Blog,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.10.25.Houdini_Magic_Reappearance/Houdini.s.Magic.Reappearance.-.Palo.Alto.Networks.Blog.pdf +2016-10-25,6f1dfb7fc2367f5787b076deb44f37704a682caa,eset-sednit-part-2,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.10.25.Lifting_the_lid_on_Sednit/eset-sednit-part-2.pdf +2016-10-26,19e5a53b85457ad6aef593e18e190a7d6bcaa704,moonlight-middle-east-targeted-attacks,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.10.26.Moonlight_Middle_East/moonlight-middle-east-targeted-attacks.pdf +2016-10-27,2cd04b3b878180782e8467c2cbe69d301a0d98ec,eset-sednit-part3,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.10.27.En_Route_Part3/eset-sednit-part3.pdf +2016-10-27,bd52c0809e379a7dabdb35fcbb07d077f10a6edc,BLACKGEAR.Espionage.Campaign.Evolves.-.Trend.Micro,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.10.27.BLACKGEAR_Espionage_Campaign_Evolves/BLACKGEAR.Espionage.Campaign.Evolves.-.Trend.Micro.pdf +2016-10-27,c7f1af600ea574490820cb2d86c1585a4908623d,"TrendLabs Security Intelligence BlogBLACKGEAR Espionage Campaign Evolves, Adds Japan To Target List - TrendLabs Security Intelligence Blog",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.10.27.BLACKGEAR_Espionage_Campaign_Evolves/TrendLabs%20Security%20Intelligence%20BlogBLACKGEAR%20Espionage%20Campaign%20Evolves%2C%20Adds%20Japan%20To%20Target%20List%20-%20TrendLabs%20Security%20Intelligence%20Blog.pdf +2016-10-31,3773109fc3b0607f90b13d91f3c57da2b6aa618d,Emissary Trojan Changelog_ Did Operation Lotus Blossom Cause It to Evolve_ - Palo Alto Networks Blog,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.10.31.Emissary_Trojan_Changelog/Emissary%20Trojan%20Changelog_%20Did%20Operation%20Lotus%20Blossom%20Cause%20It%20to%20Evolve_%20-%20Palo%20Alto%20Networks%20Blog.pdf +2016-10-31,72b119031cde0a78ff6f778c6b8670f4d1f86b16,emissary-trojan-changelog-did-operation-lotus-blossom-cause-it-to-evolve,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.10.31.Emissary_Trojan_Changelog/emissary-trojan-changelog-did-operation-lotus-blossom-cause-it-to-evolve.pdf +2016-11-03,6a6ad533b71fd64fc9dd4948e920a0992f637302,ukraine-report-when-the-lights-went-out,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.11.03.Ukraine_Cybersecurity_Threat_Briefing/ukraine-report-when-the-lights-went-out.pdf +2016-11-09,0640ebb4e8649c9ae93cb0bba624deb30bbebc8e,Down the H-W0rm Hole with Houdini's RAT - Threat Geek,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.11.09_down-the-h-w0rm-hole-with-houdinis-rat/Down%20the%20H-W0rm%20Hole%20with%20Houdini%27s%20RAT%20-%20Threat%20Geek.pdf +2016-11-09,6c7dc24ad7b53bb6cf0d606ba7537b7360f9b727,down-the-h-w0rm-hole-with-houdinis-rat.html,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.11.09_down-the-h-w0rm-hole-with-houdinis-rat/down-the-h-w0rm-hole-with-houdinis-rat.html.pdf +2016-11-22,ef9fb290ad2bef98cd50f966dd8228714d0f68a0,tropic-trooper-targets-taiwanese,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.11.22.tropic-trooper-targets-taiwanese-government-and-fossil-fuel-provider-with-poison-ivy/tropic-trooper-targets-taiwanese.pdf +2016-11-30,c1bcbdc216cbfe9228a31997a2d5da6abdb27699,nic-cyber-security-themed-spear-phishing-target-indian-government-organizations,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.11.30.nic-cyber-security-themed/nic-cyber-security-themed-spear-phishing-target-indian-government-organizations.pdf +2016-12-13,cce1f08c2f7f6a358b948a78a99be0f833563795,rise-telebots-analyzing-disruptive-killdisk-attacks,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.12.13.rise-telebots-analyzing-disruptive-killdisk-attacks/rise-telebots-analyzing-disruptive-killdisk-attacks.pdf +2016-12-15,d784a99302475c2a1bcc39fe42097d7d1908acc7,Microsoft_Security_Intelligence_Report_Volume_21_English,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2016/2016.12.15.PROMETHIUM_and_NEODYMIUM/Microsoft_Security_Intelligence_Report_Volume_21_English.pdf +2017-01-05,6cde19e1a9cff481845a16d962f1807c03d8fa1f,Iranian Fileless Attack Infiltrates Israeli Organizations,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.01.05.Iranian_Threat_Agent_OilRig/Iranian%20Fileless%20Attack%20Infiltrates%20Israeli%20Organizations.pdf +2017-01-05,bc1f173e272722c900afb3bbba0c7bd44f4c9a19,"Iranian Threat Agent OilRig Delivers Digitally Signed Malware, Impersonates University of Oxford _ ClearSky Cybersecurity",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.01.05.Iranian_Threat_Agent_OilRig/Iranian%20Threat%20Agent%20OilRig%20Delivers%20Digitally%20Signed%20Malware%2C%20Impersonates%20University%20of%20Oxford%20_%20ClearSky%20Cybersecurity.pdf +2017-01-09,f4216af597c0aa584753043e1c6821a3fa668137,unit42-second-wave-shamoon-2-attacks-identified,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.01.09.second-wave-shamoon-2-attacks-identified/unit42-second-wave-shamoon-2-attacks-identified.pdf +2017-01-11,f5eb271671c7a2def034329d77843ac296266b0c,APT28-Center-of-Storm-2017,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.01.11.apt28_at_the_center/APT28-Center-of-Storm-2017.pdf +2017-01-12,3bd94e429da7b43099a2d041deb5b68e6d426ac3,The “EyePyramid” Attacks - Securelist,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.01.12.EyePyramid.attacks/The%20%E2%80%9CEyePyramid%E2%80%9D%20Attacks%20-%20Securelist.pdf +2017-01-15,010660f48c09725d25425216de0d985a62837ff2,[tr1adx]_ Intel,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.01.15.Bear_Spotting_Vol.1/%5Btr1adx%5D_%20Intel.pdf +2017-01-18,d24be75959478224c4010d195a3db784a9dc56ca,Operation Grand Mars,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.01.18.Operation-Grand-Mars/Operation%20Grand%20Mars.pdf +2017-01-19,1bc8aa72a26fa5236943b01a6a34704417419332,Kashmir_Protest_Themed,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.01.19.uri-terror-attack/Kashmir_Protest_Themed.pdf +2017-01-25,48d86b7a5c92c445dc1903dcf9f20fceb9f49ca5,etecting-threat-actors-in-recent-german-industrial-attacks-with-windows-defender-atp,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.01.25.german-industrial-attacks/etecting-threat-actors-in-recent-german-industrial-attacks-with-windows-defender-atp.pdf +2017-01-30,b95f46cb8ba0cd021950a6afcd2599ce9ba370cd,unit42-downeks-and-quasar-rat-used-in-recent-targeted-attacks-against-governments,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.01.30.downeks-and-quasar-rat-used-in-recent-targeted-attacks-against-governments/unit42-downeks-and-quasar-rat-used-in-recent-targeted-attacks-against-governments.pdf +2017-02-02,0963171828af8106b91aab81cb9ed2006275f0e5,APT-targets-russia-belarus-zerot-plugx,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.02.02.APT_Targets_Russia_and_Belarus_with_ZeroT_and_PlugX/APT-targets-russia-belarus-zerot-plugx.pdf +2017-02-03,74962bac9526b55dfcd0c6690b2980f7483e587b,kingslayer-a-supply-chain-attack,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.02.03.kingslayer-a-supply-chain-attack/kingslayer-a-supply-chain-attack.pdf +2017-02-03,deeba3d9eb8775ebcbd74616bf4dce178fbf8b2f,"Several Polish banks hacked, information stolen by unknown attackers – BadCyber",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.02.03.several-polish-banks-hacked/Several%20Polish%20banks%20hacked%2C%20information%20stolen%20by%20unknown%20attackers%20%E2%80%93%20BadCyber.pdf +2017-02-10,7f8c3d1d34755bd52f850bad0bc2dc1db6783661,AR-17-20045_Enhanced_Analysis_of_GRIZZLY_STEPPE_Activity,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.02.10.Enhanced_Analysis_of_GRIZZLY_STEPPE/AR-17-20045_Enhanced_Analysis_of_GRIZZLY_STEPPE_Activity.pdf +2017-02-10,bb761cada9851eb8e5c157b11dabf4f79bb58067,Cyber_Attack_Targeting_Indian_Navy,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.02.10.cyber-attack-targeting-indian-navys-submarine-warship-manufacturer/Cyber_Attack_Targeting_Indian_Navy.pdf +2017-02-12,9b1e2f1d16bae995ad260ee499f0836c601807ee,lazarus-watering-hole-attacks.html,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.02.12.lazarus-watering-hole-attacks/lazarus-watering-hole-attacks.html.pdf +2017-02-14,0cf03f3cf71ebd7edc4aa9996fa43138624bd302,Operation Kingphish_ Uncovering a Campaign of Cyber Attacks against Civil Society in Qatar and… – Amnesty Insights – Medium,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.02.14.Operation_Kingphish/Operation%20Kingphish_%20Uncovering%20a%20Campaign%20of%20Cyber%20Attacks%20against%20Civil%20Society%20in%20Qatar%20and%E2%80%A6%20%E2%80%93%20Amnesty%20Insights%20%E2%80%93%20Medium.pdf +2017-02-15,1997a46afb1d791a45ff71cce472b5c90b4631af,the-full-shamoon-how-the-devastating-malware-was-inserted-into-networks,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.02.15.the-full-shamoon/the-full-shamoon-how-the-devastating-malware-was-inserted-into-networks.pdf +2017-02-15,5dc3430cb566bde8ba4dbd49b3b209b0a435e30d,unit42-magic-hound-campaign-attacks-saudi-targets,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.02.15.magic-hound-campaign/unit42-magic-hound-campaign-attacks-saudi-targets.pdf +2017-02-15,6eaba42a64f8c2e1868e6edf441fffe082a4959d,Deep Dive on the DragonOK Rambo Backdoor _ Morphick Cyber Security,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.02.15.deep-dive-dragonok-rambo-backdoor/Deep%20Dive%20on%20the%20DragonOK%20Rambo%20Backdoor%20_%20Morphick%20Cyber%20Security.pdf +2017-02-15,b9a73685d0d59c0b8103e2890250b550c7ac2b96,iranian-pupyrat-bites-middle-eastern-organizations,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.02.15.iranian-pupyrat-bites-middle-eastern-organizations/iranian-pupyrat-bites-middle-eastern-organizations.pdf +2017-02-16,a6c62ce04ae30424f380773023950d94455fc349,Technical analysis of recent attacks against Polish banks – BadCyber,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.02.16.Technical_analysis_Polish_banks/Technical%20analysis%20of%20recent%20attacks%20against%20Polish%20banks%20%E2%80%93%20BadCyber.pdf +2017-02-17,62d2eb6112d88baf0b14302e12e31425265ccb74,chches-malware--93d6.html,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.02.17.chches-malware/chches-malware--93d6.html.pdf +2017-02-20,9072321a018c8810d71002113c3b3f4a0873e676,lazarus-false-flag-malware.html,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.02.20.Lazarus_False_Flag_Malware/lazarus-false-flag-malware.html.pdf +2017-02-21,9bc78d8d0e54e6bed8370304f3ce4c81826f0eda,additional-insights-shamoon2,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.02.21.Additional_Insights_on_Shamoon2/additional-insights-shamoon2.pdf +2017-02-22,15a0e44be3330d20b64852a04cad695dc699bd8c,spear_phishing_techn.html,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.02.22.Spear_Phishing_Mongolian_Government/spear_phishing_techn.html.pdf +2017-02-23,d206b485a42c611ed9fe6a0b1a3ed086e954bd30,Bitdefender-Whitepaper-APT-Mac-A4-en-EN-web,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.02.23.APT28_Mac_OS_X_Payload/Bitdefender-Whitepaper-APT-Mac-A4-en-EN-web.pdf +2017-02-27,7c7567206d222546376079a19c07b615d9538cf3,The Gamaredon Group Toolset Evolution - Palo Alto Networks Blog,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.02.27.gamaredon-group-toolset-evolution/The%20Gamaredon%20Group%20Toolset%20Evolution%20-%20Palo%20Alto%20Networks%20Blog.pdf +2017-02-28,841e63f842029a2a45047edee7312cae9a3e1353,AtomBombing_ Brand New Code Injection for Windows - Breaking Malware,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.02.28.dridexs-cold-war-enter-atombombing/AtomBombing_%20Brand%20New%20Code%20Injection%20for%20Windows%20-%20Breaking%20Malware.pdf +2017-02-28,8b3ebc21903c070ac70264bd8dd7ecd681e9b78e,Dridex's Cold War_ Enter AtomBombing,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.02.28.dridexs-cold-war-enter-atombombing/Dridex%27s%20Cold%20War_%20Enter%20AtomBombing.pdf +2017-02-28,8ffce0fd5ec946cbb5da03a5a0f2796525aa600a,AtomBombing_ A Code Injection that Bypasses Current Security Solutions,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.02.28.dridexs-cold-war-enter-atombombing/AtomBombing_%20A%20Code%20Injection%20that%20Bypasses%20Current%20Security%20Solutions.pdf +2017-03-06,59a92a3bd0a359bb6353578ab1a241fc50529225,Report_Shamoon_StoneDrill_final,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.03.06.from-shamoon-to-stonedrill/Report_Shamoon_StoneDrill_final.pdf +2017-03-08,f8e850c0d5b3db84e2271da13afb043d2c55819d,Targeted Attack Campaigns with Multi-Variate Malware Observed in the Cloud - Netskope,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.03.08.Targeted_Attack_Campaigns/Targeted%20Attack%20Campaigns%20with%20Multi-Variate%20Malware%20Observed%20in%20the%20Cloud%20-%20Netskope.pdf +2017-03-14,73e541a765c5634ef9beb3ff02cbce03387eb322,Operation_Electric_Powder,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.03.14.Operation_Electric_Powder/Operation_Electric_Powder.pdf +2017-03-15,61d6c5357eb7d3f894947eca04307396beb7d77f,english-report-of-fhappi-freehosting,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.03.15.FHAPPI_Campaign/english-report-of-fhappi-freehosting.pdf +2017-04-05,b2f76581b1f81deb6f482301f120bf103dfee7fe,Targeted Attacks in the Middle East Using KASPERAGENT and MICROPSIA - Palo Alto Networks Blog,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.04.05.KASPERAGENT_and_MICROPSIA/Targeted%20Attacks%20in%20the%20Middle%20East%20Using%20KASPERAGENT%20and%20MICROPSIA%20-%20Palo%20Alto%20Networks%20Blog.pdf +2017-04-06,21fa3482e808cc32ef762131560c8889b1bb641e,cloud-hopper-report-final-v4,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.04.06.Operation_Cloud_Hopper/cloud-hopper-report-final-v4.pdf +2017-04-06,363c1f74cffd26d777fc13bc99276a8874da4828,cloud-hopper-report-final-upda_72977,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.04.06.Operation_Cloud_Hopper/cloud-hopper-report-final-upda_72977.pdf +2017-04-10,d4ac9a7d29ae849228c231d4a329a0de75db03f5,Longhorn_ Tools used by cyberespionage group linked to Vault 7,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.04.10_Longhorn/Longhorn_%20Tools%20used%20by%20cyberespionage%20group%20linked%20to%20Vault%207.pdf +2017-04-11,fc7f3b5e0274380f2dcbf1314e416156782749b2,Unraveling the Lamberts Toolkit,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.04.11.Lamberts_Toolkit/Unraveling%20the%20Lamberts%20Toolkit.pdf +2017-04-13,749fcb8711afe06402e0a97903bfe2b4073bacc6,callisto-group,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.04.13.callisto-group/callisto-group.pdf +2017-04-27,8e2d9ead7e25aea7ce175ae4ce6c753961695de2,iranian-fileless-cyberattack-on-israel,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.04.27.iranian-fileless-cyberattack-on-israel-word-vulnerability/iranian-fileless-cyberattack-on-israel.pdf +2017-05-03,576a6743910be6c4f9ed71ab63e9d9f20665e1a7,kazuar,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.05.03.kazuar-multiplatform-espionage-backdoor-api-access/kazuar.pdf +2017-05-03,ada599ed6529fb13552b715d63fc150dc439d2bd,konni-malware-under-radar-for-years.html,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.05.03.konni-malware-under-radar-for-years/konni-malware-under-radar-for-years.html.pdf +2017-05-14,f8e9e357ff59df2cdcb81b18271e8f544663cd0e,cyber-espionage-apt32,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.05.14.cyber-espionage-apt32/cyber-espionage-apt32.pdf +2017-05-24,cffa0201901e5c88040f4b3688b60bb3a11c3f76,operation-cobalt-kitty,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.05.24.OPERATION_COBALT_KITTY/operation-cobalt-kitty.pdf +2017-05-30,63539ba31b08519f49476e7d509f0b1a9b2445d0,Group-IB_Lazarus,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.05.30.Lazarus_Arisen/Group-IB_Lazarus.pdf +2017-06-12,9e6f9b8b5b22c32c1ec5d53ed1992f8f83013140,Win32_Industroyer,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.06.12.INDUSTROYER/Win32_Industroyer.pdf +2017-06-12,f86cc703b475135372a6639e12d4651121e23fff,CrashOverride-01,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.06.12.CRASHOVERRIDE/CrashOverride-01.pdf +2017-06-13,975f32de446850319102be1462f9c232c9a9a716,TA17-164A,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.06.13.HIDDEN_COBRA/TA17-164A.pdf +2017-06-14,6e20a79dbcbfb4449a38878bc5652538b6ac6c7f,KASPERAGENT,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.06.14.KASPERAGENT/KASPERAGENT.pdf +2017-06-15,9d01db23f6ca3a44838c7ece1e023878807c9b35,North Korea Is Not Crazy,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.06.15.north-korea-cyber-activity/North%20Korea%20Is%20Not%20Crazy.pdf +2017-06-18,4bae883feddc4e8b1c2593c848b7f434b125b6e4,RECON-MTL-2017-evolution_of_pirpi,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.06.18.APT3_Uncovered_The_code_evolution_of_Pirpi/RECON-MTL-2017-evolution_of_pirpi.pdf +2017-06-19,259bf1dfeb4a1f9edec3b8fedc85bb07d74fa18b,PoS Malware ShellTea PoSlurp_0,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.06.19.SHELLTEA_POSLURP_MALWARE/PoS%20Malware%20ShellTea%20PoSlurp_0.pdf +2017-06-22,7c07a6c907e151bfdb785f4ada9de8e1e6d8d003,TrendLabs Security Intelligence BlogFollowing the Trail of BlackTech’s Cyber Espionage Campaigns - TrendLabs Security Intelligence Blog,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.06.22.following-trail-blacktech-cyber-espionage-campaigns/TrendLabs%20Security%20Intelligence%20BlogFollowing%20the%20Trail%20of%20BlackTech%E2%80%99s%20Cyber%20Espionage%20Campaigns%20-%20TrendLabs%20Security%20Intelligence%20Blog.pdf +2017-06-22,d3b5aa6085c4ed0c90681c8cbd1d680cb5cff17a,unit42-new-improved-macos-backdoor-oceanlotus,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.06.22.new-improved-macos-backdoor-oceanlotus/unit42-new-improved-macos-backdoor-oceanlotus.pdf +2017-06-22,df18330841082d967b74c11762561c16666ed9a2,following-trail-blacktech-cyber-espionage-campaigns,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.06.22.following-trail-blacktech-cyber-espionage-campaigns/following-trail-blacktech-cyber-espionage-campaigns.pdf +2017-06-26,d6bc0def8943d25eaef9486fd352eec104b6ea6c,threat-group-4127-targets-google-accounts,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.06.26.Threat_Group-4127/threat-group-4127-targets-google-accounts.pdf +2017-06-30,a00e87b7c84b238136e6b7e03faa7032a1f1462b,From BlackEnergy to ExPetr - Securelist,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.06.30.From_BlackEnergy_to_ExPetr/From%20BlackEnergy%20to%20ExPetr%20-%20Securelist.pdf +2017-06-30,e3f17c26a1e9baf918a27b23ed3e6b7e972f0fb1,TeleBots are back_ supply-chain attacks against Ukraine,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.06.30.telebots-back-supply-chain/TeleBots%20are%20back_%20supply-chain%20attacks%20against%20Ukraine.pdf +2017-07-05,8f18178e7e830fe97544869badff8d42441ac398,Insider_Information,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.07.05.insider-information/Insider_Information.pdf +2017-07-06,a732599e776cfca3ffcd998b07d4e2b489ca639b,operation-desert-eagle.html,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.07.06.Operation_Desert_Eagle/operation-desert-eagle.html.pdf +2017-07-10,2af1cf8ac72832ec56cd0f4b6de1e7c4ebb64709,osx_dok-mac-malware-emmental-hijacks-user-network-traffic,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.07.10.osx_dok-mac-malware-emmental-hijacks-user-network-traffic/osx_dok-mac-malware-emmental-hijacks-user-network-traffic.pdf +2017-07-11,affa81ab17dd8a0e884e10a393b7027a4e6a580c,winnti-evolution-going-open-source.html,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.07.11.winnti-evolution-going-open-source/winnti-evolution-going-open-source.html.pdf +2017-07-18,39e53915de468512258066c3ae2875770bd68c45,Bitdefender-Whitepaper-Inexsmar-A4-en-EN,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.07.18.Inexsmar/Bitdefender-Whitepaper-Inexsmar-A4-en-EN.pdf +2017-07-18,4b6319176b1caca3eac47744e74716aafa8e7e3a,Recent Winnti Infrastructure and Samples _ ClearSky Cybersecurity,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.07.18.winnti/Recent%20Winnti%20Infrastructure%20and%20Samples%20_%20ClearSky%20Cybersecurity.pdf +2017-07-18,5fe96500781232a5b174eaedd85e81a6bbcebebf,blog Inexsmar,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.07.18.Inexsmar/blog%20Inexsmar.pdf +2017-07-24,511167edf95430fe5f3fb8ec664fd8c00ee5053c,unit42-tick-group-continues-attacks,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.07.24.Tick_group/unit42-tick-group-continues-attacks.pdf +2017-07-27,05208f1ec08dcce22f2e0a99eaa27310a108d869,Operation_Wilted_Tulip (1),https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.07.27.Operation_Wilted_Tulip/Operation_Wilted_Tulip%20%281%29.pdf +2017-07-27,4746babb3e6b979dac62ea0ecb213c93bd06b04d,chessmaster-cyber-espionage-campaign,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.07.27.chessmaster-cyber-espionage-campaign/chessmaster-cyber-espionage-campaign.pdf +2017-07-27,e09481571961cea9b0f3153c97c5c16038e1401d,unit42-oilrig-uses-ismdoor-variant-possibly-linked-greenbug-threat-group,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.07.27.oilrig-uses-ismdoor-variant-possibly-linked-greenbug-threat-group/unit42-oilrig-uses-ismdoor-variant-possibly-linked-greenbug-threat-group.pdf +2017-07-27,e93db24a29cac99be5fef3ba7cde258776b68eef,Appendix,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.07.27.chessmaster-cyber-espionage-campaign/Appendix.pdf +2017-08-01,6d975a5497a8214758417eadb9a5d2fb79e40cb1,cobalt-group-2017-cobalt-strikes-back.html,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.08.01.cobalt-group-2017-cobalt-strikes-back/cobalt-group-2017-cobalt-strikes-back.html.pdf +2017-08-08,6b92046c8fb69c2eba71325a808f9b5772e76ae7,APT Trends report Q2 2017,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.08.08.APT_Trends_Report_2017Q2/APT%20Trends%20report%20Q2%202017.pdf +2017-08-11,96183f8abeab7d62d5db6f2d4761766d05ec4507,apt28-targets-hospitality-sector.html,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.08.11.apt28-targets-hospitality-sector/apt28-targets-hospitality-sector.html.pdf +2017-08-15,18fcefcdc2861109df40b7d4f89c88f01153ebe6,Notepad_and_Chthonic,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.08.15.Notepad_and_Chthonic/Notepad_and_Chthonic.pdf +2017-08-17,480311eaa22f578ef695b43791d9f76754f77af1,Turla_APT,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.08.17.turla-apt-actor-refreshes-kopiluwak-javascript-backdoor/Turla_APT.pdf +2017-08-18,c42879e3e3393f1cd6a716273d4eee1b023029bd,Russian-Bank-Offices,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.08.18.Russian_Bank_Offices_Hit/Russian-Bank-Offices.pdf +2017-08-25,ee48407bd11f46dcc700d8d43e1eedfd49e8ef3d,operation-rat-cook-chinese-apt-actors-use-fake-game-thrones-leaks-lures,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.08.25.operation-rat-cook/operation-rat-cook-chinese-apt-actors-use-fake-game-thrones-leaks-lures.pdf +2017-08-30,2c5e1689900d6f92ec985be4f9f1df9f9b52de30,eset-gazer,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.08.30.Gazing_at_Gazer/eset-gazer.pdf +2017-08-30,c6ae240fe72e85a0e413aefda3bd980ade0df153,Introducing WhiteBear - Securelist,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.08.30.Introducing_WhiteBear/Introducing%20WhiteBear%20-%20Securelist.pdf +2017-09-06,1ed7aca75422d01c464e9786e6a156d1fb6e7720,Dragonfly_ Western energy sector targeted by sophisticated attack group _ Symantec Connect Community,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.09.06.dragonfly-western-energy-sector-targeted-sophisticated-attack-group/Dragonfly_%20Western%20energy%20sector%20targeted%20by%20sophisticated%20attack%20group%20_%20Symantec%20Connect%20Community.pdf +2017-09-06,29e1e27c9564c0a7b52481295a83b1b8482393dc,blog Dragonfly 2,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.09.06.intelligence-games-in-the-power-grid-2016/blog%20Dragonfly%202.pdf +2017-09-06,cbcdc4cb1305cfea35df9364e347f2989cc435c9,intelligence-games-in-the-power-grid-2016,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.09.06.intelligence-games-in-the-power-grid-2016/intelligence-games-in-the-power-grid-2016.pdf +2017-09-12,4216dbf87e7728c248780b5abf6a455435562107,zero-day-used-to-distribute-finspy.html,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.09.12.FINSPY_CVE-2017-8759/zero-day-used-to-distribute-finspy.html.pdf +2017-09-18,ad56b26eb6144508b32feb518a73707a99247c03,CCleanup,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.09.18.CCleanup/CCleanup.pdf +2017-09-18,fa92c0e06a7469a3dab6a34d37528bc173d517eb,An (un)documented Word feature abused by attackers _ Securelist,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.09.18.Windows_branch_of_the_Cloud_Atlas/An%20%28un%29documented%20Word%20feature%20abused%20by%20attackers%20_%20Securelist.pdf +2017-09-20,5180b9f4648bda9dbcecb6d60bcd1213a1ebf97c,CCleaner_C2,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.09.20.CCleanup_C2/CCleaner_C2.pdf +2017-09-20,a39f0d00e020ea4eb9e104a3aeed959c01bf8306,Insights into Iranian Cyber Espionage_ APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware « Threat Research Blog _ FireEye Inc,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.09.20.apt33-insights-into-iranian-cyber-espionage/Insights%20into%20Iranian%20Cyber%20Espionage_%20APT33%20Targets%20Aerospace%20and%20Energy%20Sectors%20and%20has%20Ties%20to%20Destructive%20Malware%20%C2%AB%20Threat%20Research%20Blog%20_%20FireEye%20Inc.pdf +2017-09-20,f5cadff536797504676152ebb92faeeb32539406,Aurora_Operation_CCleaner,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.09.20.Aurora_Operation_CCleaner/Aurora_Operation_CCleaner.pdf +2017-09-28,2de8ba6f7036c042204203b326a2d4b28596b5a4,Threat Actors Target Government of Belarus Using CMSTAR Trojan,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.09.28.Belarus_CMSTAR_Trojan/Threat%20Actors%20Target%20Government%20of%20Belarus%20Using%20CMSTAR%20Trojan.pdf +2017-10-02,07798378a61e5b51e15ec24e0c28cdfba50fedf1,Aurora_Operation_CCleaner_II,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.10.02.Aurora_Operation_CCleaner_II/Aurora_Operation_CCleaner_II.pdf +2017-10-10,c11ac6a6b4d8b2e45afa90658104f92d3315d229,TW SpiderLabs Advanced Brief_Post-Soviet Bank Heists_PDF,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.10.10.Post-Soviet-Bank-Heists/TW%20SpiderLabs%20Advanced%20Brief_Post-Soviet%20Bank%20Heists_PDF.pdf +2017-10-12,ca5db110c6eff4afde63016823a546599e49dba6,bronze-butler-targets-japanese-businesses,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.10.12.BRONZE_BUTLER/bronze-butler-targets-japanese-businesses.pdf +2017-10-16,0d98f0605864ff868915aebe136216db46d997d6,Leviathan_Espionage_actor,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.10.16.Leviathan/Leviathan_Espionage_actor.pdf +2017-10-16,0d9aab08a0ef223d0fba363b8c2ed4d0093ee291,BAESytems_Taiwan-Heist-Lazarus-Tools-Ransomware(10-16-2017),https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.10.16.Taiwan-Heist/BAESytems_Taiwan-Heist-Lazarus-Tools-Ransomware%2810-16-2017%29.pdf +2017-10-16,ed0376c06e97bf7f9887dcbf789e165d52f70070,BlackOasis,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.10.16.BlackOasis_APT/BlackOasis.pdf +2017-10-19,67d5b56d384ebc3eff678ca4a3544fcbcfd48e6e,Bitdefender-Business-2017-WhitePaper-PZCHAO-crea2452-en-EN-GenericUse,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.10.19.Operation_PZCHAO/Bitdefender-Business-2017-WhitePaper-PZCHAO-crea2452-en-EN-GenericUse.pdf +2017-10-24,2d3ca80570c9425fec0b86e8788672b51c05d798,Greenbug,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.10.24.greenbug/Greenbug.pdf +2017-10-27,a7aeb82c38c24d916f743f63d8dd3a44245f8824,"bellingcat - Bahamut Revisited, More Cyber Espionage in the Middle East and South Asia - bellingcat",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.10.27.bahamut-revisited/bellingcat%20-%20Bahamut%20Revisited%2C%20More%20Cyber%20Espionage%20in%20the%20Middle%20East%20and%20South%20Asia%20-%20bellingcat.pdf +2017-10-30,8fa264721c32e66ec94ceb77645c22edbffc9259,Gaza Cybergang - updated activity in 2017_ - Securelist,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.10.30.Gaza_Cybergang/Gaza%20Cybergang%20-%20updated%20activity%20in%202017_%20-%20Securelist.pdf +2017-10-31,c88964f86dee3dddad544afaa958f19d5b078700,Night_of_the_Devil,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.10.31.MBR-ONI.Japan/Night_of_the_Devil.pdf +2017-11-02,3e8197de6b5d3ee28900addba58d37693ab48c35,New Insights into Energetic Bear's Attacks on Turkish Critical Infrastructure,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.11.02.Energetic_Bear_on_Turkish_Critical_Infrastructure/New%20Insights%20into%20Energetic%20Bear%27s%20Attacks%20on%20Turkish%20Critical%20Infrastructure.pdf +2017-11-02,7cc47ac6e2afeaccc7f6b81e7aee36a98b2fcc08,LeetMX - a Yearlong Cyber-Attack Campaign Against Targets in Latin America - ClearSky Cyber Security,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.11.02.LeetMX/LeetMX%20-%20a%20Yearlong%20Cyber-Attack%20Campaign%20Against%20Targets%20in%20Latin%20America%20-%20ClearSky%20Cyber%20Security.pdf +2017-11-02,8a525f0a9399a4c2a02e14d9bdaa98992be9c07d,Recent InPage Exploits Lead to Multiple Malware Families,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.11.02.InPage_Exploits/Recent%20InPage%20Exploits%20Lead%20to%20Multiple%20Malware%20Families.pdf +2017-11-02,f7b0f598b3b294086661de8ff38a25cffd626845,The KeyBoys are back in town,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.11.02.KeyBoys_are_back/The%20KeyBoys%20are%20back%20in%20town.pdf +2017-11-06,7c2f93f1fbe764ff94de5e5d5f29daea4a512956,chessmasters-new-strategy-evolving-tools-tactics,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.11.06.ChessMaster_New_Strategy/chessmasters-new-strategy-evolving-tools-tactics.pdf +2017-11-06,b14204853e9ec3f569a4783e38ce7edc945a9eaf,oceanlotus-blossoms,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.11.06.oceanlotus-blossoms/oceanlotus-blossoms.pdf +2017-11-07,1df3af6ed515b55238da5e596ff5b0aa4b6e3a82,Threat_Group_APT28_Slips_Office_Malware,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.11.07.APT28_Slips_Office_Malware/Threat_Group_APT28_Slips_Office_Malware.pdf +2017-11-07,54217b0c066f77f19aeb47d323c9606ece22ffab,sowbug-cyber-espionage-group,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.11.07.sowbug-cyber-espionage-group-targets/sowbug-cyber-espionage-group.pdf +2017-11-10,02a66278756c7c3a068d5eff9bc05f3ae9a836cd,unit42-new-malware-with-ties-to-sunorcal-discovered,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.11.10.New_Malware_with_Ties_to_SunOrcal_Discovered/unit42-new-malware-with-ties-to-sunorcal-discovered.pdf +2017-11-14,f9210ad09b22553ea32f550d032385a6a93a6214,muddying-the-water-targeted-attacks,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.11.14.Muddying_the_Water/muddying-the-water-targeted-attacks.pdf +2017-11-22,391659a97773a0330bafdee3af6fdbcfeaa11280,muddywater-apt-targeting-middle-east,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.11.22.MuddyWater_APT/muddywater-apt-targeting-middle-east.pdf +2017-12-04,3b669818816e3d888b2546bc75ac0f44782f7faf,paper_the-shadows-of-ghosts-carbanak-report,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.12.04.The_Shadows_of_Ghosts/paper_the-shadows-of-ghosts-carbanak-report.pdf +2017-12-04,bb99d7c51232dc5abfdad6c5771ce784405d95d7,blog_anatomy-of-an-attack-carbanak,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.12.04.The_Shadows_of_Ghosts/blog_anatomy-of-an-attack-carbanak.pdf +2017-12-05,bba8af0fe4254863c86aafeedb7d86f7af7b0e99,Charming_Kitten_2017,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.12.05.Charming_Kitten/Charming_Kitten_2017.pdf +2017-12-07,4e20c78a1ab7fbd0140472388e206f0efbee8c26,targeted-attack-in-middle-east-by-apt34.html,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.12.07.New_Targeted_Attack_in_the_Middle_East_by_APT34/targeted-attack-in-middle-east-by-apt34.html.pdf +2017-12-11,7a57e05aab003604657afa1bb06af954004215c7,Group-IB_MoneyTaker_report,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.12.11.MoneyTaker/Group-IB_MoneyTaker_report.pdf +2017-12-11,a6d08e61d4a12fe4914671ba3550e95ad61691f2,appendix-untangling-the-patchwork-cyberespionage-group,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.12.11.Patchwork_APT/appendix-untangling-the-patchwork-cyberespionage-group.pdf +2017-12-11,dafed0f2a46c513004287c96588d3be3b7ae513a,tech-brief-untangling-the-patchwork-cyberespionage-group,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.12.11.Patchwork_APT/tech-brief-untangling-the-patchwork-cyberespionage-group.pdf +2017-12-14,a6c087f2a4264e891068021c52dc954aba7c64b3,attackers-deploy-new-ics-attack-framework-triton.html,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.12.14.attackers-deploy-new-ics-attack-framework-triton/attackers-deploy-new-ics-attack-framework-triton.html.pdf +2017-12-17,8a146c79ec045eee3b72971c2285b63f28ec4407,Operation_Dragonfly_Analysis,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.12.17.operation-dragonfly-analysis-suggests-links-to-earlier-attacks/Operation_Dragonfly_Analysis.pdf +2017-12-19,ce6ea1a9d82cec62a78fbaa5a04afe54c0167101,blog,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.12.19.North_Korea_Bitten_by_Bitcoin_Bug/blog.pdf +2017-12-19,d8ba9a371c7dc7e6608b92e8a671b82191d6c67a,pfpt-us-wp-north-korea-bitten-by-bitcoin-bug,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.12.19.North_Korea_Bitten_by_Bitcoin_Bug/pfpt-us-wp-north-korea-bitten-by-bitcoin-bug.pdf +2018-01-04,4f9469a732dd8c2d32c8a2b017e9378e95e40611,Iran_Cyber_Final_Full_v2,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.01.04.Iran_Cyber_Threat_Carnegie/Iran_Cyber_Final_Full_v2.pdf +2018-01-06,891959666596264d8f2bd7b309e8321b67d86844,Malicious Document Targets Pyeongchang Olympics _ McAfee Blogs,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.01.06.malicious-document-targets-pyeongchang-olympics/Malicious%20Document%20Targets%20Pyeongchang%20Olympics%20_%20McAfee%20Blogs.pdf +2018-01-09,345ecd81d3f862caf8de882514c6c4e01ddcc048,blog,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.01.09.Turla_Mosquito/blog.pdf +2018-01-09,64ee9966b41640d4a8477e2bf5ad288422dd0829,ESET_Turla_Mosquito,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.01.09.Turla_Mosquito/ESET_Turla_Mosquito.pdf +2018-01-11,612116140e5b452ec1053a6017401f125a8c9375,North_Korean_Defectors_and_Journalists_Targeted,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.01.11.North_Korean_Defectors_and_Journalists_Targeted/North_Korean_Defectors_and_Journalists_Targeted.pdf +2018-01-12,71cf247af339cad51681bf1b3e5ad9702b92d676,Pawn_Storm_Update_2018.Jan,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.01.12.update-pawn-storm-new-targets-politically/Pawn_Storm_Update_2018.Jan.pdf +2018-01-15,ee187d05c2c5fc97fd78d9dbd18477c3eed8702b,New_killdisk,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.01.15.new-killdisk-variant-hits-financial-organizations-in-latin-america/New_killdisk.pdf +2018-01-16,12c62600afe97d1309bc920524391e9ab9f4b01e,APT3_Adversary_Emulation_Plan,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2017/2017.09.XX.APT3_Adversary_Emulation_Plan/APT3_Adversary_Emulation_Plan.pdf +2018-01-16,586b976b5f81e93b76cf48534c9da8ec239e7b0b,korea-in-crosshairs.html,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.01.16.korea-in-crosshairs/korea-in-crosshairs.html.pdf +2018-01-16,691670cb4b4edb4b77c1215538a4a88c9933182d,cta-2018-0116,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.01.16.north-korea-cryptocurrency-campaign/cta-2018-0116.pdf +2018-01-16,910813be6275d9db2a482a92c26eddae3786bc34,Skygofree_appendix_eng,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.01.16.skygofree/Skygofree_appendix_eng.pdf +2018-01-16,a72a88d6a9cc5739aad7802ffb6b29f63af16bc4,Skygofree_ Following in the footsteps of HackingTeam - Securelist,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.01.16.skygofree/Skygofree_%20Following%20in%20the%20footsteps%20of%20HackingTeam%20-%20Securelist.pdf +2018-01-18,a91289e835991b389e01254492d0fe84aeb21752,Turla Neuron Malware Update,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.01.18.Turla_group_update_Neuron_malware/Turla%20Neuron%20Malware%20Update.pdf +2018-01-18,d5c605fd42adb5312d17a54d246d8178a6a9094c,Lookout_Dark-Caracal_srr_20180118_us_v.1.0,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.01.18.Dark_Caracal/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf +2018-01-24,84890f780369eac214755f96faa225aa8d855a4c,Lazarus_Campaign_Targeting_Cryptocurrencies,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.01.24.lazarus-campaign-targeting-cryptocurrencies/Lazarus_Campaign_Targeting_Cryptocurrencies.pdf +2018-01-25,15ca73fd7d7d91a93d1d31c372977ded81ce4098,unit42-oilrig-uses-rgdoor-iis-backdoor-targets-middle-east,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.01.25.oilrig_Middle_East/unit42-oilrig-uses-rgdoor-iis-backdoor-targets-middle-east.pdf +2018-01-26,8c10db53c54a7b7fd8644cfd7e2bc8da4edb4d37,unit42-the-tophat-campaign-attacks-within-the-middle-east-region-using-popular-third-party-services,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.01.26.TopHat_Campaign/unit42-the-tophat-campaign-attacks-within-the-middle-east-region-using-popular-third-party-services.pdf +2018-01-27,70fae1539b2e714ac6876d64dacbead9671fc003,Accenture-Security-Dragonfish-Threat-Analysis,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.01.27.DRAGONFISH/Accenture-Security-Dragonfish-Threat-Analysis.pdf +2018-01-29,0bece4337b4372e52cf6b23dd4f9da12f8175fa7,VERMIN_ Quasar RAT and Custom Malware Used In Ukraine,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.01.29.VERMIN_Quasar_RAT_and_Custom_Malware_Used_In_Ukraine/VERMIN_%20Quasar%20RAT%20and%20Custom%20Malware%20Used%20In%20Ukraine.pdf +2018-01-29,bde5a789f1778ea6abc0c03231e448bdac2e378f,PoriewSpy.India,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.01.29.PoriewSpy.India/PoriewSpy.India.pdf +2018-01-30,a98b3a495b906d5e966dd4afa536b736030aaa35,apt32-continues-asean-targeting,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.01.30.APT32_Continues_ASEAN_Targeting/apt32-continues-asean-targeting.pdf +2018-01-31,a2425e6cac6127d7c43e5135ede2b9cc7fdb2543,unit42-comnie-continues-target-organizations-east-asia,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.01.31.Comnie_Continues_to_Target_Organizations_in_East_Asia/unit42-comnie-continues-target-organizations-east-asia.pdf +2018-02-02,43d4c021682681ff6061a74b794744f74ef5bea2,Gold_Dragon_Olympics,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.02.02.gold-dragon-widens-olympics-malware/Gold_Dragon_Olympics.pdf +2018-02-07,6a573fc0b111b0a65146d74cd956ecea94561f6d,Targeted-attacks,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.02.07.targeted-attacks-in-middle-east_VBS_CAMPAIGN/Targeted-attacks.pdf +2018-02-13,1a0cdfb6c8a5518e7e5f24a70f125e7bc0442e9f,deciphering-confucius,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.02.13.deciphering-confucius/deciphering-confucius.pdf +2018-02-13,c38fc4d7de7c5546e9395c0399ea02441da355b2,Lotus Blossom Continues ASEAN Targeting,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.02.13.Lotus-Blossom-Continues/Lotus%20Blossom%20Continues%20ASEAN%20Targeting.pdf +2018-02-20,0e701c174ea21495258d3070c2092ae2c1071ab3,APT37.blog,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.02.20.APT37/APT37.blog.pdf +2018-02-20,64b4473af2ffaf520043f90f688735a53e8860b7,A Slice of 2017 Sofacy Activity - Securelist,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.02.20.a-slice-of-2017-sofacy-activity/A%20Slice%20of%202017%20Sofacy%20Activity%20-%20Securelist.pdf +2018-02-20,8742755080062ec87eb6ae0059fd7925cde83a9b,rpt_APT37,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.02.20.APT37/rpt_APT37.pdf +2018-02-20,ba3b8e6a764ce36c0826bbc39a5012caf7048ecb,Musical Chairs Playing Tetris,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.02.20.musical-chairs-playing-tetris/Musical%20Chairs%20Playing%20Tetris.pdf +2018-02-21,19b2258d841699869a494c3752d0f7ec9b1ba3d2,Avast tracks down Tempting Cedar Spyware,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.02.21.Tempting_Cedar/Avast%20tracks%20down%20Tempting%20Cedar%20Spyware.pdf +2018-02-28,68ea1b735d59a6f13e33b91b7c43d399919d9d69,Chafer_ Latest Attacks Reveal Heightened Ambitions _ Symantec Blogs,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.02.28.Chafer_Latest_Attacks_Reveal/Chafer_%20Latest%20Attacks%20Reveal%20Heightened%20Ambitions%20_%20Symantec%20Blogs.pdf +2018-02-28,c8e577f6df534895f4b9e25a8da67a7b32d381af,Sofacy Attacks Multiple Government Entities,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.02.28.sofacy-attacks-multiple-government-entities/Sofacy%20Attacks%20Multiple%20Government%20Entities.pdf +2018-03-01,3aa1366f97a1345531af82567897baeef7624dd3,MuddyWater's Recent Activity,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.03.01.a-quick-dip-into-muddywaters-recent/MuddyWater%27s%20Recent%20Activity.pdf +2018-03-02,1948c9c82dd21358b57d1bcf962fe704bbac6b20,Operation_Honeybee,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.03.02.Operation_Honeybee/Operation_Honeybee.pdf +2018-03-05,991be81293e8d94a7cd79741bf18005158ff319b,New_ComboJack_Steal_Cryptocurrency,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.03.05.New_ComboJack_Malware/New_ComboJack_Steal_Cryptocurrency.pdf +2018-03-06,42bc3ed806d32f12e7fcb224aa184abfda49d079,The-Slingshot-APT_report_ENG_final,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.03.06.The-Slingshot-APT/The-Slingshot-APT_report_ENG_final.pdf +2018-03-07,128ea779dec6b3799b81e1536db23b51dbab67ce,patchwork-continues-deliver-badnews,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.03.07.patchwork-continues-deliver-badnews-indian-subcontinent/patchwork-continues-deliver-badnews.pdf +2018-03-08,a6a5420dfb31ba77269ecf7fec57c2524308f131,Donot Team in South Asia,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.03.08.donot-team-leverages-new-modular/Donot%20Team%20in%20South%20Asia.pdf +2018-03-08,d103eb6b97caa34ba67ed9ed9eb588acb7409e1e,ukatemicrysys_territorialdispute,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.03.08.Territorial_Dispute/ukatemicrysys_territorialdispute.pdf +2018-03-08,e742065989523b8a47ec060eeb8337b3ecb6695d,olympicdestroyer,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.03.08.olympicdestroyer-is-here-to-trick-the-industry/olympicdestroyer.pdf +2018-03-08,f73b8c4566e4f8c356e28c091e4eb5956ef7172a,hidden-cobra-targets-turkish-financial-sector-new-bankshot-implant,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.03.08.hidden-cobra-targets-turkish-financial/hidden-cobra-targets-turkish-financial-sector-new-bankshot-implant.pdf +2018-03-09,2ce1536757accf7b76da6cc2900300e702ac7f3a,New tools uncovered from hacking group APT15,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.03.09.APT15_is_alive_and_strong/New%20tools%20uncovered%20from%20hacking%20group%20APT15.pdf +2018-03-09,57eb61b0d2d2e8b62ea44f6ce4e108e85d9facb6,BAD TRAFFIC_ Sandvine’s PacketLogic Devices Used to Deploy Government Spyware in Turkey and Redirect Egyptian Users to Affiliate Ads_,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.03.09.Sandvine_PacketLogic_Devices_APT/BAD%20TRAFFIC_%20Sandvine%E2%80%99s%20PacketLogic%20Devices%20Used%20to%20Deploy%20Government%20Spyware%20in%20Turkey%20and%20Redirect%20Egyptian%20Users%20to%20Affiliate%20Ads_.pdf +2018-03-09,7dcaea7c97091bd953bfb58e83ee329c92ba04d6,new-traces-hacking-team-wild,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.03.09.new-traces-hacking-team-wild/new-traces-hacking-team-wild.pdf +2018-03-09,f4024179748d1abc9e6bfe6e2f0536fc42003b91,An analysis of RoyalCli and RoyalDNS,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.03.09.APT15_is_alive_and_strong/An%20analysis%20of%20RoyalCli%20and%20RoyalDNS.pdf +2018-03-09,fb43da79eb861c4678fb04c4614436d73db8deeb,masha-and-these-bears,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.03.09.masha-and-these-bears/masha-and-these-bears.pdf +2018-03-12,723fc308e141c4e6ea7b1b4d1730a4de4eae19d0,MuddyWater_Middle_East_and_Central_Asia,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.03.12.MuddyWater_Middle_East_and_Central_Asia/MuddyWater_Middle_East_and_Central_Asia.pdf +2018-03-13,1229852bbb049d1ed9c63e41a02d089b288328cf,iranian-threat-group-updates-ttps-in-spear-phishing-campaign,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.03.13.Iranian-threat-group/iranian-threat-group-updates-ttps-in-spear-phishing-campaign.pdf +2018-03-13,81a85270e8e412603a86d7226cbd9407306d0a2c,BlackTDS,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.03.13.BlackTDS/BlackTDS.pdf +2018-03-13,86b083b7b5a796325b9d99291fbece2c71bf2b70,therapeutic_postmortem_of_connected_medicine,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.03.13.A_therapeutic_postmortem_of_connected_medicine/therapeutic_postmortem_of_connected_medicine.pdf +2018-03-13,cc77d1604a80c26bfb1846a84a27dea99278242b,ESET_OceanLotus,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.03.13.OceanLotus_Old_techniques_new_backdoor/ESET_OceanLotus.pdf +2018-03-14,4965ed073067deeb6e8d354301e6f9923fb2687e,Tropic Trooper’s New Strategy,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.03.14.tropic-trooper-new-strategy/Tropic%20Trooper%E2%80%99s%20New%20Strategy.pdf +2018-03-14,740dfa57dee188f7e1e086b5ba87ddef5460ce4e,"Inception Framework_ Alive and Well, and Hiding Behind Proxies _ Symantec Blogs",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.03.14.Inception_Framework/Inception%20Framework_%20Alive%20and%20Well%2C%20and%20Hiding%20Behind%20Proxies%20_%20Symantec%20Blogs.pdf +2018-03-15,1b0b1d53362b0a5210164197a7132e4ae3aa5749,Russian_Government_Cyber_Activity,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.03.15.Russian_Government_Cyber_Activity_TA18-074A/Russian_Government_Cyber_Activity.pdf +2018-03-23,5e759d952b6255cad781503243d2dc75cba479f9,Tech_Report_Malicious_Hancom,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.03.23.Targeted_Attacks_on_South_Korean_Organizations/Tech_Report_Malicious_Hancom.pdf +2018-03-27,077153aaf5a20fe602dad41b71b2602183f81849,Panda Banker Zeros,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.03.27.panda-banker-zeros-in-on-japanese-targets/Panda%20Banker%20Zeros.pdf +2018-03-29,5afff604991deb7f3ab7d035f5b4090011c4a10c,ChessMaster Adds Updated Tools to Its Arsenal,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.03.29.ChessMaster_Adds_Updated_Tools/ChessMaster%20Adds%20Updated%20Tools%20to%20Its%20Arsenal.pdf +2018-03-31,f3aa0853f78397774f0a44b0fec343256c3c9567,NavRAT,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.03.31.NavRAT_Uses_US-North_Korea_Summit_As_Decoy/NavRAT.pdf +2018-04-04,1f4fb94a88d7ad303157e3a5ce3d5ec33833a3bf,MacOS_Backdoor_OceanLotus,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.04.04.MacOS_Backdoor_OceanLotus/MacOS_Backdoor_OceanLotus.pdf +2018-04-12,f0d3b63788e00dc8682feae721a4df8d7471fc85,Operation-Parliament,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.04.12.operation-parliament/Operation-Parliament.pdf +2018-04-17,36f3657d3cc0cf94d1287e49874008e839c9151a,nccgroup.trust-Decoding network data from a Gh0st RAT variant,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.04.17.Iron_Tiger_Gh0st_RAT_variant/nccgroup.trust-Decoding%20network%20data%20from%20a%20Gh0st%20RAT%20variant.pdf +2018-04-23,059fd3de304083e79ca083605aff7cf58d9b17cb,energetic-bear-crouching,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.04.23.energetic-bear-crouching-yeti/energetic-bear-crouching.pdf +2018-04-23,95344b8198280e7ccdf0f148a812f3a6afa0ffa4,orangeworm-targets-healthcare-us-europe-asia,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.04.23.New_Orangeworm/orangeworm-targets-healthcare-us-europe-asia.pdf +2018-04-23,ca851ce01b6f9c123af07bd5c41d267b5f0c49ce,Accenture-Hogfish-Threat-Analysis,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.04.23.HOGFISH_REDLEAVES_CAMPAIGN/Accenture-Hogfish-Threat-Analysis.pdf +2018-04-24,4e0284460cc68c0fdf80a26c55a9f54d790e0432,sednit-update-analysis-zebrocy_,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.04.24.sednit-update-analysis-zebrocy/sednit-update-analysis-zebrocy_.pdf +2018-04-24,6470021efdeb316fd19cb16537ce9102ed7e59d1,operation-ghostsecret,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.04.24.Operation_GhostSecret/operation-ghostsecret.pdf +2018-04-24,9e3057bfa16352f56a7d026fac330e3a1487b861,metamorfo-campaign-targeting-brazilian-users_html,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.04.24.metamorfo-campaign/metamorfo-campaign-targeting-brazilian-users_html.pdf +2018-04-26,e135ed30a2ce96d99b5227e77e0ed65fb2655158,GravityRAT,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.04.26.GravityRAT/GravityRAT.pdf +2018-04-27,251139b66d8a6e68a38000d1e05befd26bf535ca,[CN]_OceanLotus_new_malware,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.04.27.OceanLotus_new_malware/%5BCN%5D_OceanLotus_new_malware.pdf +2018-05-03,149418e27ac9b1965b9ab713c26dc4671a207e70,Red_Eyes_Hacking_Group_Report,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.05.03.Red_Eyes_Hacking_Group/Red_Eyes_Hacking_Group_Report.pdf +2018-05-03,65dbdb2c06922707a0979295c9645c71cf0d2963,20180503_Burning_Umbrella,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.05.03.Burning_Umbrella/20180503_Burning_Umbrella.pdf +2018-05-03,8a8e334f804ece05996db6dbe8c055991cca013e,ZooPark_for_public_final_edit,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.05.03.whos-who-in-the-zoo/ZooPark_for_public_final_edit.pdf +2018-05-03,dbc9026e9f8f76b9cac91b86dd97780f81d8e9ae,blog_whos-who-in-the-zoo,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.05.03.whos-who-in-the-zoo/blog_whos-who-in-the-zoo.pdf +2018-05-09,5d18ef46d4a6927bdfd56840ec2ed1fc29bf22df,cta-2018-0509,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.05.09.Iran_Hacker_Hierarchy_Exposed/cta-2018-0509.pdf +2018-05-09,5ebc5e943ec07f77f1c8bd72772cb77f96fac565,blogs_360_cn_blog_cve-2018-8174-en_,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.05.09.APT-C-06_CVE-2018-8174/blogs_360_cn_blog_cve-2018-8174-en_.pdf +2018-05-22,04146a1e3e7dd4d5e3e2fbd5b0fe8f06720a6a6b,turla-mosquito-shift-towards-generic-tools,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.05.22.Turla_Mosquito/turla-mosquito-shift-towards-generic-tools.pdf +2018-05-22,6fa8f171b0c54e32f84947822529ec3577304030,The_destruction_of_APT3,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.05.22.The_destruction_of_APT3/The_destruction_of_APT3.pdf +2018-05-23,3935d58c55bf257dff7b3c263f60e35ea2ab736c,VPNFilter,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.05.23.New_VPNFilter/VPNFilter.pdf +2018-05-23,c49e6365631d1feafe04dcbfdc7baac5c049d43f,Confucius_Update,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.05.23.Confucius_Update/Confucius_Update.pdf +2018-05-29,879ec150de81d3f3408badccc873146e9722c828,iron-cybercrime-group-under-the-scope-2,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.05.29.iron-cybercrime-group/iron-cybercrime-group-under-the-scope-2.pdf +2018-06-06,2691cc0a9f42e4f472935f28a6606b4f9f2345b4,vpnfilter-update,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.06.06.vpnfilter-update/vpnfilter-update.pdf +2018-06-06,2add24d5de90473d4953c4634e8c06e4d96194c1,operation-prowli-traffic-manipulation-cryptocurrency-mining,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.06.06.OPERATION_PROWLI/operation-prowli-traffic-manipulation-cryptocurrency-mining.pdf +2018-06-06,897566b9fcbdf30e026ba61172ccb56766948a4a,sofacy-groups-parallel-attacks,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.06.06.sofacy-groups-parallel-attacks/sofacy-groups-parallel-attacks.pdf +2018-06-07,36c8db6ae5dbc1534364202bd3dafe4f812d5ab7,adobe-flash-zero-day-targeted-attack,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.06.07.dobe-flash-zero-day-targeted-attack/adobe-flash-zero-day-targeted-attack.pdf +2018-06-07,c58320595990b936d91523bd64c8b40fe6869d5d,patchwork-apt-group-targets-us-think-tanks,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.06.07.patchwork-apt-group-targets-us-think-tanks/patchwork-apt-group-targets-us-think-tanks.pdf +2018-06-07,d721478a2354fb695d2f066e276e69ad5d1eaf73,totally-tubular-treatise-on-triton-and-tristation,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.06.07.Totally_Tubular_Treatise_on_TRITON_TriStation/totally-tubular-treatise-on-triton-and-tristation.pdf +2018-06-13,035f7ce343df0a51728acb98c5fd196fad498092,luckymouse-hits-national-data-center,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.06.13.LuckyMouse/luckymouse-hits-national-data-center.pdf +2018-06-14,30247dcb727eaa945d77ffc1f1daf9304691a849,miragefox-apt15-resurfaces-with-new-tools-based-on-old-ones,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.06.14.MirageFox_APT15/miragefox-apt15-resurfaces-with-new-tools-based-on-old-ones.pdf +2018-06-14,ed2e653577bfc48e3354a65f006bce987454a0a2,another-potential-muddywater-campaign-uses-powershell-based-prb-backdoor,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.06.14.another-potential-muddywater-campaign/another-potential-muddywater-campaign-uses-powershell-based-prb-backdoor.pdf +2018-06-15,411a7ffe8c11fbe9edd49575bcf4e94270e3b7be,Mustang Panda _ Threat Actor Profile _ CrowdStrike,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.06.15.Mustang_Panda/Mustang%20Panda%20_%20Threat%20Actor%20Profile%20_%20CrowdStrike.pdf +2018-06-19,267c3ec477cc853b163bb41a8fd82cdf6c51f4db,olympic-destroyer,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.06.19.olympic-destroyer-is-still-alive/olympic-destroyer.pdf +2018-06-20,0e8b74584de702a9c0fa48f65e3f19b97537642e,thrip-hits-satellite-telecoms-defense-targets,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.06.20.thrip-hits-satellite-telecoms-defense-targets/thrip-hits-satellite-telecoms-defense-targets.pdf +2018-06-22,dd16552805b96e7cafc27d7edcd05e15014e4091,Tick Group Weaponized Secure USB Drives to Target Air-Gapped Critical Systems,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.06.22.Iick.Group-weaponized-secure-usb/Tick%20Group%20Weaponized%20Secure%20USB%20Drives%20to%20Target%20Air-Gapped%20Critical%20Systems.pdf +2018-06-23,ef3dd05bee369a7cfb633d03e0545097845a73bc,[AhnLab]Andariel_a_Subgroup_of_Lazarus (3),https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.06.23.Andariel_Group/%5BAhnLab%5DAndariel_a_Subgroup_of_Lazarus%20%283%29.pdf +2018-06-25,b4e7f944cadd35119444c6c346a5ab01023bfd43,[KR]_ASEC_REPORT_vol.91,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.06.xx.Operation_Red_Gambler/%5BKR%5D_ASEC_REPORT_vol.91.pdf +2018-06-26,dc7912fdc23452e38d28768ce42a18c17f17ebce,rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families_,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.06.26.RANCOR/rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families_.pdf +2018-07-08,1ef1ae557b1ed60177dc52891e7248e714a6fa68,apt-attack-middle-east-big-bang,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.07.08.Big_Bang/apt-attack-middle-east-big-bang.pdf +2018-07-08,af6cf2581e3ae03234ddda2ad04cc1065498279e,hussarini---targeted-cyber-attack-in-the-philippines,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.07.08.Hussarini/hussarini---targeted-cyber-attack-in-the-philippines.pdf +2018-07-09,f53aa3d8c7b6f9185fd3d7957aeb4d6cd1192ffb,certificates-stolen-taiwanese-tech,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.07.09.certificates-stolen-taiwanese-tech-companies-plead-malware-campaign/certificates-stolen-taiwanese-tech.pdf +2018-07-12,032acfce8fe08469434ef3752263665844e620e6,MDM_India,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.07.12.Advanced_Mobile_Malware_Campaign_in_India/MDM_India.pdf +2018-07-13,e5a45010194433a959766fec55f99aed226abb59,20180713_CSE_APT28_X-Agent_Op-Roman Holiday-Report_v6_1,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.07.13.Operation_Roman_Holiday/20180713_CSE_APT28_X-Agent_Op-Roman%20Holiday-Report_v6_1.pdf +2018-07-16,9ec73a98fdbceb783f5061a0da13d34e1c5a5745,new-andariel-reconnaissance-tactics-hint-at-next-targets,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.07.16.new-andariel/new-andariel-reconnaissance-tactics-hint-at-next-targets.pdf +2018-07-23,840074e9139ef478efa15583e254af3d947577e1,20180723_CSE_APT27_Syria_v1,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.07.23_APT27_Syria/20180723_CSE_APT27_Syria_v1.pdf +2018-07-27,e8a3316d1aa5c9c81aa0fe685014ac3a3f6c66a2,New Threat Actor Group DarkHydrus Targets Middle East Government,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.07.27.DarkHydrus/New%20Threat%20Actor%20Group%20DarkHydrus%20Targets%20Middle%20East%20Government.pdf +2018-07-31,06a70ab2849fb7fe98adf961d33e8e419dc5f81f,bisonal-malware-used-attacks-russia-south-korea,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.07.31.bisonal-malware-used-attacks-russia-south-korea/bisonal-malware-used-attacks-russia-south-korea.pdf +2018-07-31,2036f6c6c100cf783e8bf0e95046196e5ba188c1,malicious-document-targets-vietnamese-officials,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.07.31.APT_SideWinder_Malicious_Doc/malicious-document-targets-vietnamese-officials.pdf +2018-08-01,4fe9b6b9623341caa9ef78300626c8d15758955d,Malicious document targets Vietnamese officials,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.08.01.Vietnamese_officials_Targets/Malicious%20document%20targets%20Vietnamese%20officials.pdf +2018-08-02,40aa0ef5a5f3a7318de9208871684cfa5f188c70,Goblin_Panda_against_Bears,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.08.02.Goblin_Panda/Goblin_Panda_against_Bears.pdf +2018-08-02,4a22ceafcbdd3e8b7a349e8c80792be8377ff4d2,The Gorgon Group Slithering Between Nation State and Cybercrime,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.08.02.Gorgon_Group/The%20Gorgon%20Group%20Slithering%20Between%20Nation%20State%20and%20Cybercrime.pdf +2018-08-02,75e144bb2f67929f91e7565ad9a75464d2fba7f7,Accenture-Goldfin-Security-Alert-1,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.08.02.Goldfin_Security_Alert/Accenture-Goldfin-Security-Alert-1.pdf +2018-08-09,b2c6738adde90a2abbbb24a07102e46bc8f26b2e,examining-code-reuse-reveals-undiscovered-links-among-north-koreas-malware-families,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.08.09.north-koreas-malware-families/examining-code-reuse-reveals-undiscovered-links-among-north-koreas-malware-families.pdf +2018-08-16,330121e6427cfb64f61b8494eb8cdce572b57698,cta-2018-0816,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.08.16.Chinese_Cyberespionage_Tsinghua_University/cta-2018-0816.pdf +2018-08-21,57849370296edd38929812a6832edeacaf56685e,supply-chain-attack-operation-red-signature-targets-south-korean-organizations,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.08.21.Operation_Red_Signature/supply-chain-attack-operation-red-signature-targets-south-korean-organizations.pdf +2018-08-21,c2ec1036a969d9b8e470e0b1bcaf88069a058b98,Eset-Turla-Outlook-Backdoor,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.08.21.Turla.Outlook.Backdoor/Eset-Turla-Outlook-Backdoor.pdf +2018-08-23,1efa2d8bbe61fed9c3f97f5dbdb65566f3e2024d,Operation_AppleJeus,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.08.23.Operation_AppleJeus/Operation_AppleJeus.pdf +2018-08-28,ecc2daeb3c747d13f4f94c6058df8564a1474ca3,ceidpagelock-a-chinese-rootkit,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.08.28.CeidPageLock/ceidpagelock-a-chinese-rootkit.pdf +2018-08-29,1614224bb566bb4c8e82501440d26fb707108757,The Urpage Connection to Bahamut Confucius and Patchwork,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.08.29.Bahamut_Confucius_Patchwork/The%20Urpage%20Connection%20to%20Bahamut%20Confucius%20and%20Patchwork.pdf +2018-08-29,b6c547c6d2911413cd04f4e8a5f218097c6b3a28,Appendix-TheUrpageConnectiontoBahamutConfuciusandPatchwork,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.08.29.Bahamut_Confucius_Patchwork/Appendix-TheUrpageConnectiontoBahamutConfuciusandPatchwork.pdf +2018-08-30,0e7109f06710132f6e6db736a9628fd394412204,Two Birds One STONE PANDA,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.08.30.Stone_Panda/Two%20Birds%20One%20STONE%20PANDA.pdf +2018-08-30,3a8b95623bfbca0404372fe5d4a9fa89dbfa3aa8,In the Trails of WINDSHIFT APT,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.08.30.WINDSHIFT_APT/In%20the%20Trails%20of%20WINDSHIFT%20APT.pdf +2018-08-30,b36210fbdd48447cc39ec77e317f1f3ec43b8ae6,Reversing malware in a custom format_ Hidden Bee elements,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.08.30.Hidden_Bee_Custom_format/Reversing%20malware%20in%20a%20custom%20format_%20Hidden%20Bee%20elements.pdf +2018-08-30,b6d1d7e93428e9ee1d8ce9ca8d21cad84c983077,Double the Infection Double the Fun,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.08.30.Cobalt_Group_Fun/Double%20the%20Infection%20Double%20the%20Fun.pdf +2018-09-04,a5209b418cad0bcc8212683bef7ee75db512b59b,oilrig-targets-middle-eastern-government-adds-evasion-techniques-oopsie,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.09.04.OilRig_Targets_Middle_Eastern/oilrig-targets-middle-eastern-government-adds-evasion-techniques-oopsie.pdf +2018-09-04,ab329ec81cc6bbc20a38b69ae91c1327a390ecd5,silence_moving-into-the-darkside,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.09.04.Silence/silence_moving-into-the-darkside.pdf +2018-09-07,05ded0be2899badb166a94ef2855569121c60a82,Targeted Attack on Indian Ministry of External Affairs using Crimson RAT,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.09.07.indian-ministry_crimson-rat/Targeted%20Attack%20on%20Indian%20Ministry%20of%20External%20Affairs%20using%20Crimson%20RAT.pdf +2018-09-07,5cd0e57ee8d76d9ee8e08467a2811b888b20bbb5,Goblin_Panda_targets_Cambodia,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.09.07.Goblin_Panda_targets_Cambodia/Goblin_Panda_targets_Cambodia.pdf +2018-09-07,6bc74c0f6105d807ef6fa586a562f016460a802f,Domestic Kitten An Iranian Surveillance Operation,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.09.07.Domestic_Kitten/Domestic%20Kitten%20An%20Iranian%20Surveillance%20Operation.pdf +2018-09-10,02a54821df905cc36b4d7433febead45a7881633,LuckyMouse,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.09.10.LuckyMouse/LuckyMouse.pdf +2018-09-13,cd622003433b7744a621fc95a1902e3df81c3059,APT10 Targeting Japanese Corporations Using Updated TTPs,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.09.13.APT10_Targeting_Japanese/APT10%20Targeting%20Japanese%20Corporations%20Using%20Updated%20TTPs.pdf +2018-09-19,d46f8f9f955dae7486b9c9b96c533ebb56a739b9,20180919,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.09.19.Green_Spot_APT/20180919.pdf +2018-09-20,667f1379170388a9984c24154da1507f02b5fd19,CN_APT-C-01,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.09.20.Poison_Trumpet_Vine_Operation/CN_APT-C-01.pdf +2018-09-27,c1d45e9e295ef68265aaab4d84c14f89109ea3cd,ESET-LoJax,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.09.27.LoJax/ESET-LoJax.pdf +2018-10-03,37e523977a82a5bf0f8cff84b5b183efc266d133,rpt-apt38-2018-web_v4,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.10.03.APT38/rpt-apt38-2018-web_v4.pdf +2018-10-10,cd799bccd0560735d3c5bb4efb7b95bcdc392ad1,MuddyWater expands operations,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.10.10.MuddyWater_expands/MuddyWater%20expands%20operations.pdf +2018-10-11,d26e508ee0247d9cb909e0fe9cd542488c0396fa,Gallmaker New Attack Group Eschews Malware to Live off the Land,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.10.11.Gallmaker/Gallmaker%20New%20Attack%20Group%20Eschews%20Malware%20to%20Live%20off%20the%20Land.pdf +2018-10-15,86b482a16690c51947f30b16dbe692dba2850897,Russian-language actor exploits hype over Telegram ban in Central Asia,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.10.15.Octopus_Central_Asia/Russian-language%20actor%20exploits%20hype%20over%20Telegram%20ban%20in%20Central%20Asia.pdf +2018-10-17,279f5467a697ab8ea2ecc9a896ac005b7f525721,blog_GreyEnergy_Updated,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.10.17.GreyEnergy/blog_GreyEnergy_Updated.pdf +2018-10-17,3b2d947a0db2be931e548b29e8f0604494cc4766,SpyRATsofOceanLotusMalwareWhitePaper,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.10.17.OceanLotus_SpyRATs/SpyRATsofOceanLotusMalwareWhitePaper.pdf +2018-10-17,4bb6d80c828654e3bff8610397c39d440371cbf3,MartyMcFly Malware_ Targeting Naval Industry,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.10.17_MartyMcFly_Targeting_Naval_Industry/MartyMcFly%20Malware_%20Targeting%20Naval%20Industry.pdf +2018-10-17,b8a1f025fec78996380d3e1045fea11c877610e2,Cyber-Espionage Campaign Targeting the Naval Industry MartyMcFly,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.10.17.Targeting_the_Naval_Industry/Cyber-Espionage%20Campaign%20Targeting%20the%20Naval%20Industry%20MartyMcFly.pdf +2018-10-17,e374781848bd51add20e73f9dab3e0559e4db342,ESET_GreyEnergy,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.10.17.GreyEnergy/ESET_GreyEnergy.pdf +2018-10-18,1bf64f3fe87c916e250e3c9058d7de553e1cbbd2,rp-operation-oceansalt,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.10.18.Operation_Oceansalt/rp-operation-oceansalt.pdf +2018-10-18,9867f20bf345ae417068e4e248f3ca610679ab67,Tracking Tick Through Recent Campaigns Targeting East Asia,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.10.18.Datper_Bronze_Butler/Tracking%20Tick%20Through%20Recent%20Campaigns%20Targeting%20East%20Asia.pdf +2018-10-18,ad122d87969c575dd5e33baa8fb1d9c81ba87a37,APT Sidewinder changes theirs TTPs to install their backdoor,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.10.18.APT_Sidewinder_changes/APT%20Sidewinder%20changes%20theirs%20TTPs%20to%20install%20their%20backdoor.pdf +2018-10-19,f6d34d11a7ff08fe70d0597bc5c9170c6bd0d1a0,DarkPulsar,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.10.19.DarkPulsar/DarkPulsar.pdf +2018-11-01,e484a67cc8eea37971aca97bbd9b4a82f33d6867,Perl-Based Shellbot Looks to Target Organizations via C&C - TrendLabs Security Intelligence Blog,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.11.01_Outlaw_group/Perl-Based%20Shellbot%20Looks%20to%20Target%20Organizations%20via%20C%26C%20-%20TrendLabs%20Security%20Intelligence%20Blog.pdf +2018-11-05,edb93a3ba0243acaaff29dc0534fcd8c51485210,Inception Attackers Target Europe with Year-old Office Vulnerability,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.11.05.Inception_Attackers_Target_Europe/Inception%20Attackers%20Target%20Europe%20with%20Year-old%20Office%20Vulnerability.pdf +2018-11-08,28bff667e0ace1f45ae14494dc87eb0bec7706b1,FASTCash How the Lazarus Group is Emptying Millions from ATMs,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.11.08.FASTCash/FASTCash%20How%20the%20Lazarus%20Group%20is%20Emptying%20Millions%20from%20ATMs.pdf +2018-11-13,e1df7c52e9fd6492e4f03cfbc92c38e8cfbab629,cta-2018-1113,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.11.13.China.TEMP.Periscope.Using.Russian_APT/cta-2018-1113.pdf +2018-11-19,ad4a68888093e0ce4d64f65aa14740dae5e72267,not-so-cozy-an-uncomfortable-examination-of-a-suspected-apt29-phishing-campaign,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.11.19.APT29_Phishing/not-so-cozy-an-uncomfortable-examination-of-a-suspected-apt29-phishing-campaign.pdf +2018-11-20,132278dbc802a2ada7f65716e8838627bee0e34e,blog.trendmicro.com-Lazarus Continues Heists Mounts Attacks on Financial Organizations in Latin America,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.11.20.lazarus-in-latin-america/blog.trendmicro.com-Lazarus%20Continues%20Heists%20Mounts%20Attacks%20on%20Financial%20Organizations%20in%20Latin%20America.pdf +2018-11-26,c10757263570d6941a5f0ca2b5b6923271b54eb8,3ve_google_whiteops_whitepaper_final_nov_2018,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.11.The_Hunt_for_3ve/3ve_google_whiteops_whitepaper_final_nov_2018.pdf +2018-11-27,5217218444c642545031eaaabe9a0dd0f8dc4644,DNSpionage Campaign Targets Middle East,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.11.27.dnspionage-campaign-targets-middle-east/DNSpionage%20Campaign%20Targets%20Middle%20East.pdf +2018-11-28,31a8d8375950c344cb78209108b22421c173c360,MuddyWater-Operations-in-Lebanon-and-Oman,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.11.28.MuddyWater-Operations-in-Lebanon-and-Oman/MuddyWater-Operations-in-Lebanon-and-Oman.pdf +2018-11-28,35e08265a41e32c77ebe08160d03ce089538a540,Tropic_Trooper_microsoft,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.11.28.Tropic_Trooper_microsoft/Tropic_Trooper_microsoft.pdf +2018-11-29,acc670862c4fc12a28385b0c4438d1e32fd917ed,EN_version,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.11.29.Attack_Pakistan_By_Exploiting_InPage/EN_version.pdf +2018-11-29,eeb029f9c371d643f873c820de334e46f7bf65b1,CN_version,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.11.29.Attack_Pakistan_By_Exploiting_InPage/CN_version.pdf +2018-11-30,23c0a1812535edbe41637784380ff52e7f9fb777,PowerShell-based Backdoor Found in Turkey Strikingly Similar to MuddyWater Tools,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.11.30.MuddyWater_Turkey/PowerShell-based%20Backdoor%20Found%20in%20Turkey%20Strikingly%20Similar%20to%20MuddyWater%20Tools.pdf +2018-12-11,a8dce1d441f06cebb3143ab16b50b4e227334433,Poking the Bear Three-Year Campaign Targets Russian Critical Infrastructure,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.12.11.Poking_the_Bear/Poking%20the%20Bear%20Three-Year%20Campaign%20Targets%20Russian%20Critical%20Infrastructure.pdf +2018-12-12,2998cd09a78c8243fbeea94dc6735e8fef7a81f4,Donot_Group,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.12.12.Donot_Group/Donot_Group.pdf +2018-12-12,47f5e50b6f18b96f012420b536a1ff120f74c45f,rp-operation-sharpshooter,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.12.12.Operation_Sharpshooter/rp-operation-sharpshooter.pdf +2018-12-13,26d05e39aa461719fe2b2cf00ac510e976374624,The Return of The Charming Kitten,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.12.13.Charming_Kitten_Return/The%20Return%20of%20The%20Charming%20Kitten.pdf +2018-12-13,9aaded6d8c889c00bb1f185c511815ecdaba7c29,Shamoon 3 Targets Oil and Gas Organization,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.12.13.Shamoon_3/Shamoon%203%20Targets%20Oil%20and%20Gas%20Organization.pdf +2018-12-13,e0e24015e1791320e5e81cd74aa57d88d4f5ef08,tech-brief-tildeb-analyzing-the-18-year-old-implant-from-the-shadow-brokers-leak,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.12.13.Tildeb_Shadow_Brokers/tech-brief-tildeb-analyzing-the-18-year-old-implant-from-the-shadow-brokers-leak.pdf +2018-12-18,eb626a52cbeb7c4a61000db8969ff6b7b0b3fdb4,"URSNIF, EMOTET, DRIDEX and BitPaymer Gangs Linked by a Similar Loader",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.12.18.ursnif-emotet-dridex-and-bitpaymer-gangs/URSNIF%2C%20EMOTET%2C%20DRIDEX%20and%20BitPaymer%20Gangs%20Linked%20by%20a%20Similar%20Loader.pdf +2018-12-20,3e599de2f9e4fcf383811d108da149e929ac811e,analyzing WindShift implant OSX.WindTail,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.12.20.WindShift_Middle_East/analyzing%20WindShift%20implant%20OSX.WindTail.pdf +2018-12-27,758d6fbdac76f237dea044f336fc70cdadc5ccdc,The Enigmatic Roma225 Campaign,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.12.27.Roma225_Campaign/The%20Enigmatic%20Roma225%20Campaign.pdf +2018-12-28,2373a41ce9dd7c86d4491d978fddf887d9a1fc87,Goblin Panda changes the dropper and reuses the old infrastructure,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2018/2018.12.28.Goblin_Panda/Goblin%20Panda%20changes%20the%20dropper%20and%20reuses%20the%20old%20infrastructure.pdf +2019-01-07,bf6386b0b06d481f5a8ae83e4147602a801a722a,The APT Chronicles_December 2018nbspedition,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/2019.01.07.APT_chronicles_december_2018_edition/The%20APT%20Chronicles_December%202018nbspedition.pdf +2019-01-09,962b31ff9078b4fee4cc8c01a10526e988094227,2018 APT Summary Report CN version,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/2019.01.09.360_APT_Summary_report_2018_CN_Version/2018%20APT%20Summary%20Report%20CN%20version.pdf +2019-01-15,ac2bcbe0818c394ec66612060f81d4f6860ade30,2018_ A Year of Cyber Attacks – HACKMAGEDDON,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/2019.01.15.2018-a-year-of-cyber-attacks/2018_%20A%20Year%20of%20Cyber%20Attacks%20%E2%80%93%20HACKMAGEDDON.pdf +2019-01-15,d6591e1135863c0b593212b46cd3886c79431371,2018 Master Table,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/2019.01.15.2018-a-year-of-cyber-attacks/2018%20Master%20Table.pdf +2019-01-16,ca53a7cbf0df4fedcd284d8879c1b04273b46371,darkhydruns-group-against-middle-east-cn,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.01.16.DarkHydruns/darkhydruns-group-against-middle-east-cn.pdf +2019-01-16,d1eece026635773310f0aa00e05898db7853dab0,darkhydruns-group-against-middle-east-en,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.01.16.DarkHydruns/darkhydruns-group-against-middle-east-en.pdf +2019-01-17,878dfa6ec75c711215f74a8761c62bd1fbbcf130,Malware Used by Rocke Group Evolves to Evade Detection by Cloud Security Products,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.01.17.Rocke_Group/Malware%20Used%20by%20Rocke%20Group%20Evolves%20to%20Evade%20Detection%20by%20Cloud%20Security%20Products.pdf +2019-01-18,3dfeb09452c6e80bcde7e900ed00034245bc7e98,DarkHydrus delivers new Trojan that can use Google Drive for C2 communications,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.01.18.DarkHydrus/DarkHydrus%20delivers%20new%20Trojan%20that%20can%20use%20Google%20Drive%20for%20C2%20communications.pdf +2019-01-18,9242d06642b234904eae8d1d9535e8b97a7ac902,[Lab52] WIRTE Group attacking the Middle East,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.01.18.WIRTE_Group_attacking_the_Middle_East/%5BLab52%5D%20WIRTE%20Group%20attacking%20the%20Middle%20East.pdf +2019-01-24,4873e2465fc56fca681074f5069788baa80841fb,GandCrab and Ursnif Campaign,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.01.24.GandCrab_and_Ursnif/GandCrab%20and%20Ursnif%20Campaign.pdf +2019-01-24,64827e1bc8da8e53ee871703e5844d4e7e36a504,ENISA_Threat_Landscape_2018,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/ENISA/ENISA_Threat_Landscape_2018.pdf +2019-01-30,6d3e9e4aedd2b19d03cec69e62ea1a21dfc109c2,dragos.com-Webinar Summary Uncovering ICS Threat Activity Groups,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/2019.01.30.Uncovering_ICS_Threat_Activity_Groups/dragos.com-Webinar%20Summary%20Uncovering%20ICS%20Threat%20Activity%20Groups.pdf +2019-01-30,78015d4cfa050ab7bb0c91c85832826ad622c699,dragosactivitygroupswebinarfinal-190122171111,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/2019.01.30.Uncovering_ICS_Threat_Activity_Groups/dragosactivitygroupswebinarfinal-190122171111.pdf +2019-01-30,9707e48b8b7bdca8d17e74292142a5a4dd344f64,Chafer used Remexi malware to spy on Iran-based foreign diplomatic entities,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.01.30.Chafer_APT_Spy_Iran/Chafer%20used%20Remexi%20malware%20to%20spy%20on%20Iran-based%20foreign%20diplomatic%20entities.pdf +2019-01-30,bcbf65db4d9ef65d3e835ba3ad2823bac5116cd7,New Campaign delivers orcus rat,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.01.30.ORCUS_RAT/New%20Campaign%20delivers%20orcus%20rat.pdf +2019-01-30,ed0a08898e6dbfeda9f312589c6fbb3e8cdd6d8c,Operation_Kitty_Phishing,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.01.30.Operation_Kitty_Phishing/Operation_Kitty_Phishing.pdf +2019-02-01,31aeff98e5ecc985d570f5b88204900aba65a6cd,OceanLotus_KerrDown,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.02.01.OceanLotus_KerrDown/OceanLotus_KerrDown.pdf +2019-02-02,dc4c90680a3172d00bf5ec6c025aab587c55f7b2,Threat_Intel_Reads_January_2019,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/2019.02.02.Threat_Intel_Reads_January_2019/Threat_Intel_Reads_January_2019.pdf +2019-02-05,b8827637dc77db1c5fbe8b5f83ca0e517cfe6742,Analyzing Digital Quartermasters in Asia Do Chinese and Indian APTs Have a Shared Supply Chain,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.02.05.China_India_APT_shared/Analyzing%20Digital%20Quartermasters%20in%20Asia%20%20Do%20Chinese%20and%20Indian%20APTs%20Have%20a%20Shared%20Supply%20Chain.pdf +2019-02-06,06cd0e5cf1092f8950dd6736f684ad5d4c9c4d63,APT10 Targeted Norwegian MSP and US Companies in Sustained Campaign,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.02.06.APT10_Sustained_Campaign/APT10%20Targeted%20Norwegian%20MSP%20and%20US%20Companies%20in%20Sustained%20Campaign.pdf +2019-02-06,87f5158d77ea898b705d34760578696818ed5ad8,cta-2019-0206,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.02.06.APT10_Sustained_Campaign/cta-2019-0206.pdf +2019-02-12,0f2ab054007a34b73bcaa8f0fffe93d0854903ea,2019.01.03.Tencent_APT_Summary_report_2018_CN_Version,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/Tencent/2019.01.03.Tencent_APT_Summary_report_2018_CN_Version.pdf +2019-02-14,b5eb1493e06e786d1bb670970292444aca01b0eb,suspected-molerats-new-attack-in-the-middle-east-cn,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.02.14.Molerats_APT/suspected-molerats-new-attack-in-the-middle-east-cn.pdf +2019-02-14,d0b189531bfd952480d2453dc52fae166f5e2d38,suspected-molerats-new-attack-in-the-middle-east-en,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.02.14.Molerats_APT/suspected-molerats-new-attack-in-the-middle-east-en.pdf +2019-02-18,e92cedebb135ec0a3c3eb63be47e1b1ac7684868,apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.02.18.APT-C-36.Colombian/apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en.pdf +2019-02-20,43107b5d8f5782f17154718c9ba4de0487bcfc8e,LAZARUS GROUP DIRECTED TO ORGANIZATIONS IN RUSSIA_google_translate,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.02.20.LAZARUS_to_RUSSIA/LAZARUS%20GROUP%20DIRECTED%20TO%20ORGANIZATIONS%20IN%20RUSSIA_google_translate.pdf +2019-02-20,ac9f460fc3837cd78ae7f801a5879186e0fe486d,SE IDENTIFICÓ ATAQUES DEL GRUPO CIBERCRIMINAL LAZARUS DIRIGIDOS A ORGANIZACIONES EN RUSIA,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.02.20.LAZARUS_to_RUSSIA/SE%20IDENTIFIC%C3%93%20ATAQUES%20DEL%20GRUPO%20CIBERCRIMINAL%20LAZARUS%20DIRIGIDOS%20A%20ORGANIZACIONES%20EN%20RUSIA.pdf +2019-02-25,e8da32324db0d8ffd0eefdaf2b3e68ed75920bd4,Defeating Compiler-Level Obfuscations Used in APT10 Malware,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.02.25.APT10_Defeating_Compiler_Level/Defeating%20Compiler-Level%20Obfuscations%20Used%20in%20APT10%20Malware.pdf +2019-02-26,ed64dc87623be86dd2022c5e54468c28ba346579,The Arsenal Behind the Australian Parliament Hack,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.02.26.Australian_Parliament_Hack/The%20Arsenal%20Behind%20the%20Australian%20Parliament%20Hack.pdf +2019-02-27,fe1ecb3fe582b44e53db1af17692b656a85e7a71,A Peek into BRONZE UNION’s Toolbox,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.02.27.BRONZE_UNION_Toolbox/A%20Peek%20into%20BRONZE%20UNION%E2%80%99s%20Toolbox.pdf +2019-02-28,1e1e10f905ed8c228a9f2d12da860c7f7defa1f1,"Ransomware, Trojan and Miner together against “PIK-Group”",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.02.28_RIK_Group/Ransomware%2C%20Trojan%20and%20Miner%20together%20against%20%E2%80%9CPIK-Group%E2%80%9D.pdf +2019-03-03,7b5e4cedebc4e632266e8ecfcd590e44472600f2,rpt-mtrends-2019,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/FireEye/rpt-mtrends-2019.pdf +2019-03-04,6c3b0f70362d993f6d48d87bcb2013a237ab4dc0,APT40 Examining a China-Nexus Espionage Actor APT40 Examining a China-Nexus Espionage Actor,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.03.04.APT40/APT40%20Examining%20a%20China-Nexus%20Espionage%20Actor%20%20APT40%20Examining%20a%20China-Nexus%20Espionage%20Actor.pdf +2019-03-06,85447c9971470c2e679bb3d87d2244d1e75bf208,Whitefly_ Espionage Group has Singapore in Its Sights,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.03.06.Whitefly/Whitefly_%20Espionage%20Group%20has%20Singapore%20in%20Its%20Sights.pdf +2019-03-06,b458794cf9d35847c92bd2b231e52e85eb228ae2,taidoor_analysis_jp,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.03.06_Taidoor_Analysis/taidoor_analysis_jp.pdf +2019-03-06,fc4dc028e5a66d4b050a04ab4216843f0c4ee2f2,Operation_Pistacchietto,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.03.06.Operation_Pistacchietto/Operation_Pistacchietto.pdf +2019-03-07,ad73a0c600d6ad86f41a78f57fd76aa2d62192f4,security-report-2019,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/2019.02.Targeted_Attacks/security-report-2019.pdf +2019-03-07,d5fb10e16b4f2346fe2fcbeac9f8f2beccc914e3,New SLUB Backdoor Uses GitHub Communicates via Slack,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.03.07.SLUB_Backdoor/New%20SLUB%20Backdoor%20Uses%20GitHub%20Communicates%20via%20Slack.pdf +2019-03-08,edbd146351a40f307247b887b8f95e625cb62336,Supply Chain – The Major Target of Cyberespionage Groups,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.03.08.Supply_Chain_Groups/Supply%20Chain%20%E2%80%93%20The%20Major%20Target%20of%20Cyberespionage%20Groups.pdf +2019-03-11,ad4f0b93e90f4b08ed4fd3087fcee922b799caf9,Gaming-Industry.Asia,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.03.11.Gaming-Industry.Asia/Gaming-Industry.Asia.pdf +2019-03-12,0a2d87f6690cff2fee583b3cdb44a2bf10c0dd6a,Operation_Comando,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.03.12.Operation_Comando/Operation_Comando.pdf +2019-03-13,0402511221158a29056e8ec6f9337fe40fec18c7,Operation_Sheep,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.03.13.Operation_Sheep/Operation_Sheep.pdf +2019-03-13,33b3a24e5f3bbb9d99289fa01f2cdab26d21b7a6,DMSniff_POS_Malware,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.03.13.DMSniff_POS_Malware/DMSniff_POS_Malware.pdf +2019-03-13,6180b9b0b136037f8cc95d9d536cd7d3aaecf9c9,GlitchPOS_New_Pos_Malwre_for_sale,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.03.13.GlitchPOS_POS_Malware/GlitchPOS_New_Pos_Malwre_for_sale.pdf +2019-03-13,7a817b1dd112b073102b2ca818c1b5ffb66dd6a2,Report2019GlobalThreatReport,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/CrowdStrike/Report2019GlobalThreatReport.pdf +2019-03-22,ea7913a00bfc6a4a9e71a5a3c2f251f67fe8c423,LUCKY ELEPHANT Campaign Masquerading,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.03.22.LUCKY_ELEPHANT/LUCKY%20ELEPHANT%20Campaign%20Masquerading.pdf +2019-03-25,49542f14b3ca6ec343864ac390278b879c443272,Operation ShadowHammer,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.03.25.Operation_ShadowHammer/Operation%20ShadowHammer.pdf +2019-03-27,6feab33a7a268f5e3b6facf38d46d0db42cfb664,Elfin Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and US,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.03.27.Elfin/Elfin%20Relentless%20Espionage%20Group%20Targets%20Multiple%20Organizations%20in%20Saudi%20Arabia%20and%20US.pdf +2019-03-28,04a318c39f4453a0ccab6901c8558035fb28c88e,"Desktop, Mobile Phishing Campaign Targets South Korean Websites, Steals Credentials Via Watering Hole",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.03.28.Desktop_Mobile_Phishing_Campaign/Desktop%2C%20Mobile%20Phishing%20Campaign%20Targets%20South%20Korean%20Websites%2C%20Steals%20Credentials%20Via%20Watering%20Hole.pdf +2019-03-28,a402f58c3fec03e316f0a32a06f8d27e1139e91f,Above+Us+Only+Stars,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.03.28.Exposing_GPS_Spoofing_in_Russia_and_Syria/Above%2BUs%2BOnly%2BStars.pdf +2019-03-28,bc9559486d50da1b8b146b9e79eac54a3f687ad9,Threat Actor Group using UAC Bypass Module to run BAT File,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.03.28.UAC_Bypass_BAT_APT/Threat%20Actor%20Group%20using%20UAC%20Bypass%20Module%20to%20run%20BAT%20File.pdf +2019-03-29,b65c2bd1f50ac2172ba00b59e1dc08750f7d7089,Group-IB_js-sniffers,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/Group-IB/Group-IB_js-sniffers.pdf +2019-04-02,6645296c925133446d4e213a547235692761d5c2,OceanLotus-Steganography-Malware-Analysis-White-Paper,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.04.02.OceanLotus_Steganography/OceanLotus-Steganography-Malware-Analysis-White-Paper.pdf +2019-04-10,3480bf45d133f7d3ba136459a553b7e31d0a7945,ASEC_REPORT_vol.94_ENG,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/AhnLab/ASEC_REPORT_vol.94_ENG.pdf +2019-04-10,6b072f25aa4a4e3071a95d5a0fd24db526982ab5,Gaza Cybergang Group1 operation SneakyPastes,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.04.10.Operation_SneakyPastes/Gaza%20Cybergang%20Group1%20operation%20SneakyPastes.pdf +2019-04-10,c3cd4cdd06ff5b16a71e70b7553ccf9f8e6b7398,Project TajMahal,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.04.10.Project_TajMahal/Project%20TajMahal.pdf +2019-04-10,dbc6091818e127de82037d85aacb7c481c4f5cf9,The Muddy Waters of APT Attacks,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.04.10.Muddy_Waters/The%20Muddy%20Waters%20of%20APT%20Attacks.pdf +2019-04-17,63d59610f60df26243e333a3b55f0b24e4b277ce,DNS Hijacking Abuses Trust In Core Internet Service,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.04.17.Operation_Sea_Turtle/DNS%20Hijacking%20Abuses%20Trust%20In%20Core%20Internet%20Service.pdf +2019-04-17,85bcaafddb3ff5885c24b6c80dbb6a400225c7e7,"Aggah Campaign_ Bit.ly, BlogSpot, and Pastebin Used for C2 in Large Scale Campaign",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.04.17.Aggah_Campaign/Aggah%20Campaign_%20Bit.ly%2C%20BlogSpot%2C%20and%20Pastebin%20Used%20for%20C2%20in%20Large%20Scale%20Campaign.pdf +2019-04-19,0acc6bd7228fe5a1b059de2ba51e76cbe9717fc4,Funky malware format found in Ocean Lotus sample,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.04.19.Funky_malware_format/Funky%20malware%20format%20found%20in%20Ocean%20Lotus%20sample.pdf +2019-04-22,0a977831b7d744518f28166129f70d575f59c706,FINTEAM Trojanized TeamViewer Against Government Targets,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.04.22.FINTEAM/FINTEAM%20Trojanized%20TeamViewer%20Against%20Government%20Targets.pdf +2019-04-23,abc7a05c68aa39ac904c0f59a30c583f7c379da0,Operation ShadowHammer,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.04.23.Operation_ShadowHammer/Operation%20ShadowHammer.pdf +2019-04-24,caac870b8cbd272994634d3816596b7cffaf3a65,CyberInt_Legit Remote Access Tools Turn Into Threat Actors' Tools_Report,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.04.24.TA505_Abusing_Legit_Remote_Admin_Tool/CyberInt_Legit%20Remote%20Access%20Tools%20Turn%20Into%20Threat%20Actors%27%20Tools_Report.pdf +2019-04-30,ebffba8a872949b48dfccc012ab5ddb43e72ec32,SectorB06 using Mongolian language in lure document,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.04.30.SectorB06_Mongolian/SectorB06%20using%20Mongolian%20language%20in%20lure%20document.pdf +2019-05-03,2a4e1461e95a6686cc8674c594d657864af2fdd4,ZooPark_for_public_final_edited,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.05.03.ZooPark/ZooPark_for_public_final_edited.pdf +2019-05-07,2a04fb97ff89595bc49dd71a7246402e3b355cc6,ATMitch_ New Evidence Spotted In The Wild,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.05.07.ATMitch/ATMitch_%20New%20Evidence%20Spotted%20In%20The%20Wild.pdf +2019-05-07,44ea6ae12ca986a5d64d3207c7aa4fb3cf33559f,ESET-LightNeuron,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.05.07.Turla_LightNeuron/ESET-LightNeuron.pdf +2019-05-07,cc79d68f7bbad680581f53cc4a797e27ff7f2d6d,Buckeye_ Espionage Outfit Used Equation Group Tools Prior to Shadow Brokers Leak,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.05.07.Buckeye/Buckeye_%20Espionage%20Outfit%20Used%20Equation%20Group%20Tools%20Prior%20to%20Shadow%20Brokers%20Leak.pdf +2019-05-08,30c64f7061efd41ebb2621201ff7bcda966b9bf4,FIN7.5_ the infamous cybercrime rig “FIN7” continues its activities,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.05.08.Fin7.5/FIN7.5_%20the%20infamous%20cybercrime%20rig%20%E2%80%9CFIN7%E2%80%9D%20continues%20its%20activities.pdf +2019-05-08,619395650b3c940cb49565b2d3ec3f720aab829c,OceanLotus Attacks to Indochinese Peninsula,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.05.08.OceanLotus/OceanLotus%20Attacks%20to%20Indochinese%20Peninsula.pdf +2019-05-09,ce32030f97d19ef396191e8fe995c48d22e5d345,Iranian-Nation-State-APT-Leak-Analysis-and-Overview,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.05.09.Iranian_APT_Leak/Iranian-Nation-State-APT-Leak-Analysis-and-Overview.pdf +2019-05-11,41c70ebe7812a4294dd57b68c88f759a5e0ce383,Chineses Actor APT target Ministry of Justice Vietnamese,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.05.11.Chinese_APT_Vietnamese/Chineses%20Actor%20APT%20target%20Ministry%20of%20Justice%20Vietnamese.pdf +2019-05-13,9d46bb706eb0d5d43dc905423023e9aff6991c55,"ScarCruft continues to evolve, introduces Bluetooth harvester _ Securelist",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.05.13.ScarCruft_Bluetooth/ScarCruft%20continues%20to%20evolve%2C%20introduces%20Bluetooth%20harvester%20_%20Securelist.pdf +2019-05-13,bde94f1f14bf4eab0c2e31a11b49fe9876052b8b,APT_trends_report_Q1_2019_Securelist,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/Kaspersky/APT_trends_report_Q1_2019_Securelist.pdf +2019-05-15,62d22fd778d5bf335028f9386e92f8b9aa9811a3,Winnti_ More than just Windows and Gates,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.05.15.Winnti_More/Winnti_%20More%20than%20just%20Windows%20and%20Gates.pdf +2019-05-18,8dd85d0b058d6c9b1690bf6fb27664580cb3bf8a,Operation_BlackLion_CN_Version,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.05.18.Operation_BlackLion/Operation_BlackLion_CN_Version.pdf +2019-05-19,c8ff7fe5837302a788e0d7f6c3fa24c05085399f,HiddenWasp Malware Stings Targeted Linux Systems,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.05.19.HiddenWasp_Linux/HiddenWasp%20Malware%20Stings%20Targeted%20Linux%20Systems.pdf +2019-05-22,292a82b4d699244f339dfa66e7e8d0f7661a2c8f,A journey to Zebrocy land,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.05.22.Zebrocy_Land/A%20journey%20to%20Zebrocy%20land.pdf +2019-05-24,fe7fcff34a36daaf1e988c0f20d828109848738f,Uncovering New Activity By APT10,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.05.24_APT10_New_Activity/Uncovering%20New%20Activity%20By%20APT10.pdf +2019-05-27,2efff1ec551ea165c19822b678c4d3368f066159,APT-C-38_cn,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.05.27.APT-C-38/APT-C-38_cn.pdf +2019-05-27,3c39c3b63249d38e1637d2d0a47edb52c25276bf,APT-C-38_en_google_translate,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.05.27.APT-C-38/APT-C-38_en_google_translate.pdf +2019-05-28,9ddcf2053edf7a3ec8fb74ab679878d82c6641e7,Emissary Panda Attacks Middle East Government Sharepoint Servers,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.05.28.Emissary_Panda/Emissary%20Panda%20Attacks%20Middle%20East%20Government%20Sharepoint%20Servers.pdf +2019-05-29,3aaa08c08ae5f7adadadc35a1e4302dc943be6c2,TA505 is Expanding its Operations,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.05.29.TA505/TA505%20is%20Expanding%20its%20Operations.pdf +2019-05-29,a6ba7a30e00dec1c0341a901572825a60753e53b,A dive into Turla PowerShell usage,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.05.29.Turla_PowerShell/A%20dive%20into%20Turla%20PowerShell%20usage.pdf +2019-05-30,76e14cfaa39d05af8d921b02aab1016b5d998f1a,Talos Blog __ Cisco Talos Intelligence Group - Comprehensive Threat Intelligence_ 10 years of virtual dynamite_ A high-level retrospective of ATM malware,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.05.30.10_Years_ATM_Malware/Talos%20Blog%20__%20Cisco%20Talos%20Intelligence%20Group%20-%20Comprehensive%20Threat%20Intelligence_%2010%20years%20of%20virtual%20dynamite_%20A%20high-level%20retrospective%20of%20ATM%20malware.pdf +2019-06-03,7a66214339c20e72e3fe442504e81a8b552f6a2b,Zebrocy Multilanguage Malware Salad,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.06.03.Zebrocy/Zebrocy%20Multilanguage%20Malware%20Salad.pdf +2019-06-04,1d2a2587e69517b4af1af2aca67f3048e624583c,An-APT-Blueprint-Gaining-New-Visibility-into-Financial-Threats-interactive,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.06.04.APT_Blueprint/An-APT-Blueprint-Gaining-New-Visibility-into-Financial-Threats-interactive.pdf +2019-06-05,da5367c9a88967ac55d056236f865d9f220995be,scattered-canary,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.06.05.Scattered_Canary/scattered-canary.pdf +2019-06-10,65d6629d404ee56e787d34e1220ebb9fc59e3733,Threat Spotlight_ MenuPass_QuasarRAT Backdoor,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.06.10.MenuPass_QuasarRAT_Backdoor/Threat%20Spotlight_%20MenuPass_QuasarRAT%20Backdoor.pdf +2019-06-10,ae3f5f3ef2ca2f5e90c1909b47566255452291ed,wp_new_muddywater_findings_uncovered,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.06.10.MuddyWater_Resurfaces/wp_new_muddywater_findings_uncovered.pdf +2019-06-10,f09b15eefe23d664f889c7ffcfd4fb1be6667ff7,blog_new_muddywater_findings_uncovered,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.06.10.MuddyWater_Resurfaces/blog_new_muddywater_findings_uncovered.pdf +2019-06-11,400e04bf19bcfa10af7df51240f27bab15f12644,The Discovery of Fishwrap_ A New Social Media Information Operation Methodology,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.06.11.Fishwrap_Group/The%20Discovery%20of%20Fishwrap_%20A%20New%20Social%20Media%20Information%20Operation%20Methodology.pdf +2019-06-11,e9a48a1a62bc4d489aad6ebc74effcd32185c39a,cta-2019-0612,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.06.11.Fishwrap_Group/cta-2019-0612.pdf +2019-06-12,995f3a4bce373530924a55e84cc574ee6d3fcfbf,Threat Group Cards,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.06.12.Threat_Group_Cards/Threat%20Group%20Cards.pdf +2019-06-20,2b11ea5b0277264f527bfaff62e4ae5510b7521a,OceanLotus,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.06.20.OceanLotus_New_Approaches/OceanLotus.pdf +2019-06-21,59a715d0a7248235ea9291d0ff374cc9036ce956,Waterbug_ Espionage Group Rolls Out Brand-New Toolset in Attacks Against Governments,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.06.21.Waterbug/Waterbug_%20Espionage%20Group%20Rolls%20Out%20Brand-New%20Toolset%20in%20Attacks%20Against%20Governments.pdf +2019-06-25,a2c44d6f87fc6ec9067b543489eda3e5212a92f6,MuddyC3,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.06.25.MuddyC3/MuddyC3.pdf +2019-06-25,fa04b0ea75e68099ee012da02872f9138b6362c0,Operation Soft Cell_ A Worldwide Campaign Against Telecommunications Providers,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.06.25.Operation_Soft_Cell/Operation%20Soft%20Cell_%20A%20Worldwide%20Campaign%20Against%20Telecommunications%20Providers.pdf +2019-06-26,34e9bd7aa78ee059a78b0575dfe21ef50cc8714a,ASEC_REPORT_vol.95_ENG,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/AhnLab/ASEC_REPORT_vol.95_ENG.pdf +2019-06-26,de735ed34de84f6101fb2a90f36d69f0fd90ba6e,cta-2019-0626,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.06.26.Iranian_to_Saudi/cta-2019-0626.pdf +2019-06-27,f48dd456559ef8f158786535e70c8fb86f193086,ShadowGate Returns to Worldwide Operations With Evolved Greenflash Sundown Exploit Kit,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.06.27.ShadowGate_Returns/ShadowGate%20Returns%20to%20Worldwide%20Operations%20With%20Evolved%20Greenflash%20Sundown%20Exploit%20Kit.pdf +2019-07-01,ac7434961a98d0994f352e917c30b1bf118cbb7f,New Network Vermin from OceanLotus,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.07.01.OceanLotus_Ratsnif/New%20Network%20Vermin%20from%20OceanLotus.pdf +2019-07-01,af54e77fd3be3089a4cb100c87b57243eeb33c5c,Operation Tripoli ,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.07.01.Operation_Tripoli/Operation%20Tripoli%20.pdf +2019-07-03,b2d41d9df27085f0362d6ce402bd438191e44611,Multiple Chinese Threat Groups Exploiting CVE-2018-0798 Equation Editor Vulnerability Since Late 2018,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.07.03.Chinese_APT_CVE-2018-0798/Multiple%20Chinese%20Threat%20Groups%20Exploiting%20CVE-2018-0798%20Equation%20Editor%20Vulnerability%20Since%20Late%202018.pdf +2019-07-04,04da12e4c212bd727bc80d7fd34b99a99fbc01f0,Twas the night before,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.07.04.NewsBeef_APT/Twas%20the%20night%20before.pdf +2019-07-04,64aaf1f5805a05b764dce466e56b95d949384d3d,Latest Spam Campaigns from TA505 Now Using New Malware Tools Gelup and FlowerPippi,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.07.04.TA505_Gelup_FlowerPippi/Latest%20Spam%20Campaigns%20from%20TA505%20Now%20Using%20New%20Malware%20Tools%20Gelup%20and%20FlowerPippi.pdf +2019-07-04,a082ec5024c8f285011e9287fa2b4c65dc13f784,Tech-Brief-Latest-Spam-Campaigns-from-TA505-Now-Using-New-Malware-Tools-Gelup-and-FlowerPippi,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.07.04.TA505_Gelup_FlowerPippi/Tech-Brief-Latest-Spam-Campaigns-from-TA505-Now-Using-New-Malware-Tools-Gelup-and-FlowerPippi.pdf +2019-07-04,ca8b92328e1e85f3aa6e210d755b2304a7ac92c5,Appendix-Latest-Spam-Campaigns-from-TA505-Now-Using-New-Malware-Tools-Gelup-and-FlowerPippi,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.07.04.TA505_Gelup_FlowerPippi/Appendix-Latest-Spam-Campaigns-from-TA505-Now-Using-New-Malware-Tools-Gelup-and-FlowerPippi.pdf +2019-07-09,395d694e53af9f7d880ea552184d73da10113932,"Sea Turtle keeps on swimming, finds new victims, DNS hijacking techniques",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.07.09.SeaTurtle_swimming/Sea%20Turtle%20keeps%20on%20swimming%2C%20finds%20new%20victims%2C%20DNS%20hijacking%20techniques.pdf +2019-07-11,93a54e05256a696ca20d04ad96cac47ff217fe46,Buhtrap group uses zero‑day in latest espionage campaigns,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.07.11.Buhtrap_Group/Buhtrap%20group%20uses%20zero%E2%80%91day%20in%20latest%20espionage%20campaigns.pdf +2019-07-15,f70124b7928375bd7bcfaacfc82a3ce0c2f915b9,Comprehensive Threat Intelligence_ SWEED_ Exposing years of Agent Tesla campaigns,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.07.15.SWEED/Comprehensive%20Threat%20Intelligence_%20SWEED_%20Exposing%20years%20of%20Agent%20Tesla%20campaigns.pdf +2019-07-16,55126780b716d34c5c6008e532a90033d711b9ce,"SLUB Gets Rid of GitHub, Intensifies Slack Use",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.07.16.SLUB/SLUB%20Gets%20Rid%20of%20GitHub%2C%20Intensifies%20Slack%20Use.pdf +2019-07-17,d7d64b499ca32d365e725759c7954e2402245243,Newly identified StrongPity operations _ AT&T Alien Labs,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.07.17.StrongPity_operations/Newly%20identified%20StrongPity%20operations%20_%20AT%26T%20Alien%20Labs.pdf +2019-07-17,e5e69cfd5429be15882d043f1938318d889b9f13,EvilGnome_ Rare Malware Spying on Desktop Users,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.07.17.EvilGnome/EvilGnome_%20Rare%20Malware%20Spying%20on%20Desktop%20Users.pdf +2019-07-18,0dad2641edd25884332561da5c6f489ad7f03287,Appendix_Spam_Campaign_Targets_Colombian_Entities_with_Custom_made_Proyecto_RAT_Uses_Email_Service_YOPmail_for_C&C,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.07.18.Proyecto_RAT_Colombian/Appendix_Spam_Campaign_Targets_Colombian_Entities_with_Custom_made_Proyecto_RAT_Uses_Email_Service_YOPmail_for_C%26C.pdf +2019-07-18,358d09240838bd7382a6ee58371630ba664417f3,ESET_Okrum_and_Ketrican,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.07.18.Okrum/ESET_Okrum_and_Ketrican.pdf +2019-07-18,ab5a3d917c59c67a94fde5589a312a8e6ad8226b,Hard Pass_ Declining APT34’s Invite to Join Their Professional Network,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.07.18.APT34_Hard_Pass/Hard%20Pass_%20Declining%20APT34%E2%80%99s%20Invite%20to%20Join%20Their%20Professional%20Network.pdf +2019-07-18,d1a406b5f3f4da0e835a7a2615a75c39dc97625e,Spam Campaign Targets Colombian Entities with Custom-made Proyecto RAT,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.07.18.Proyecto_RAT_Colombian/Spam%20Campaign%20Targets%20Colombian%20Entities%20with%20Custom-made%20Proyecto%20RAT.pdf +2019-07-24,1ed4d23f831d5a39400067baba7180048ed14bcc,Chinese_APT_Operation_LagTime_IT,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.07.24.Operation_LagTime_IT/Chinese_APT_Operation_LagTime_IT.pdf +2019-07-24,a5d4f0b2aee94d71881c40b25ef7e195397c1238,Winnti_ Attacking the Heart of the German Industry,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.07.24.Winnti_German/Winnti_%20Attacking%20the%20Heart%20of%20the%20German%20Industry.pdf +2019-07-24,e4772882fe35af3650068b0665a2d12c24999e51,Resurgent Iron Liberty Targeting Energy Sector,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.07.24.Resurgent_Iron_Liberty/Resurgent%20Iron%20Liberty%20Targeting%20Energy%20Sector.pdf +2019-08-05,652b8faba79ef2ce0319b32a248f5119df2becea,MACHETE_JUST_GOT_SHARPER,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.08.05.Sharpening_the_Machete/MACHETE_JUST_GOT_SHARPER.pdf +2019-08-05,c7a8c2597269ab369b4f0527056f9bb13c65a2a6,blog_Sharpening the Machete,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.08.05.Sharpening_the_Machete/blog_Sharpening%20the%20Machete.pdf +2019-08-05,fd101f08963e1a83893fb0b6d4c9a87fa767366f,Latest Trickbot Campaign Delivered via Highly Obfuscated JS File ,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.08.05.Trickbot_Obfuscated_JS/Latest%20Trickbot%20Campaign%20Delivered%20via%20Highly%20Obfuscated%20JS%20File%20.pdf +2019-08-07,019a477a367638a85bdbe72d36a1b44c227f5311,report_APT41,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.08.07.APT41/report_APT41.pdf +2019-08-07,b8d1d27753e223c940bd1e4e3da2ceaa9aa5c798,blog_APT41,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.08.07.APT41/blog_APT41.pdf +2019-08-08,8941ac19c6806e460c52e06bca9091a528747bfe,APT_trends_report_Q2_2019_Securelist,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/Kaspersky/APT_trends_report_Q2_2019_Securelist.pdf +2019-08-08,9ec45ba171c3e3e0553aa587c0ea245ee641e624,Suspected BITTER APT Continues Targeting Government of China and Chinese Organizations _ Anomali,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.08.08.BITTER_APT/Suspected%20BITTER%20APT%20Continues%20Targeting%20Government%20of%20China%20and%20Chinese%20Organizations%20_%20Anomali.pdf +2019-08-12,24908852ae8e0ddf8bd67d2357d3666c12a5cf65,Recent Cloud Atlas activity _ Securelist,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.08.12.Cloud_Atlas_activity/Recent%20Cloud%20Atlas%20activity%20_%20Securelist.pdf +2019-08-14,36044243987dace8e439a54a8d4fce6f3508126a,"In the Balkans, businesses are under fire from a double‑barreled weapon",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.08.14.Balkans_Campaign/In%20the%20Balkans%2C%20businesses%20are%20under%20fire%20from%20a%20double%E2%80%91barreled%20weapon.pdf +2019-08-19,67440565b692e876ec56665cf26abff2be2a9019,Cybersecurity-threatscape-2019-Q1-eng,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/PTSecurity/Cybersecurity-threatscape-2019-Q1-eng.pdf +2019-08-20,1480230e06960862b7e019f750647ddc9d5d9954,CyberThreatIntel_Malware analysis 20-08-19.md at master · StrangerealIntel_CyberThreatIntel,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.08.20.unknown_Chinese_APT/CyberThreatIntel_Malware%20analysis%2020-08-19.md%20at%20master%20%C2%B7%20StrangerealIntel_CyberThreatIntel.pdf +2019-08-21,49745a6ffd7b522f125c3fd57068a6071f3ddb98,Cybersecurity-threatscape-2019-Q2-eng,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/PTSecurity/Cybersecurity-threatscape-2019-Q2-eng.pdf +2019-08-21,bb4b9c2d558621a3feee2b00f4edcec0448646ed,silence_2.0.going_global,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.08.21.Silence_2.0/silence_2.0.going_global.pdf +2019-08-21,cfaa2dfdf88f75f5a6d8587bbb80d8080290e999,The Gamaredon Group_ A TTP Profile Analysis,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.08.21.Gamaredon_Group/The%20Gamaredon%20Group_%20A%20TTP%20Profile%20Analysis.pdf +2019-08-22,8e6ded91de2f0755c2dabc9576cbd97d62535c68,Operation-Taskmasters-2019-eng,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.08.22.Operation_TaskMasters/Operation-Taskmasters-2019-eng.pdf +2019-08-26,6f061c5514738986949d75a81905dc4556e27605,APT-C-09,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.08.26.APT-C-09/APT-C-09.pdf +2019-08-27,07056592eb633d1fb9a42b38da28d3fd2fcc5c95,China Chopper still active 9 years later,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.08.27.China_Chopper/China%20Chopper%20still%20active%209%20years%20later.pdf +2019-08-27,588b19b571321e82e811aaf1179803da45f8c6cf,Cyber Threat Group LYCEUM Takes Center Stage in Middle East Campaign,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.08.27.LYCEUM_threat_group/Cyber%20Threat%20Group%20LYCEUM%20Takes%20Center%20Stage%20in%20Middle%20East%20Campaign.pdf +2019-08-27,9ced6cf135cc62446e18b0fb170b3b6fe8441047,TA505 At It Again_ Variety is the Spice of ServHelper and FlawedAmmyy,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.08.27.TA505_Again/TA505%20At%20It%20Again_%20Variety%20is%20the%20Spice%20of%20ServHelper%20and%20FlawedAmmyy.pdf +2019-08-27,b9e9c9068ccf57ff43360db27a1e992a313c7514,Malware analysis about sample of APT Patchwork,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.08.27.Patchwork_Malware_Analysis/Malware%20analysis%20about%20sample%20of%20APT%20Patchwork.pdf +2019-08-29,61ab7b454558c8b432bda47f784667aa11f5a074,SectorJ04 Group’s Increased Activity in 2019,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.08.29.SectorJ04_2019/SectorJ04%20Group%E2%80%99s%20Increased%20Activity%20in%202019.pdf +2019-08-29,bcbd65daf124728e6731e0decb7b4e01b64864dc,Heatstroke Campaign Uses Multistage Phishing Attack to Steal PayPal and Credit Card Information,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.08.29.Heatstroke_Campaign/Heatstroke%20Campaign%20Uses%20Multistage%20Phishing%20Attack%20to%20Steal%20PayPal%20and%20Credit%20Card%20Information.pdf +2019-08-29,e1ba4c5db4982f4aac36cea2429be505196f7ff9,tickgroupavar201920191111chaminseokpublish-191126231730,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.08.29_Tick_Tock/tickgroupavar201920191111chaminseokpublish-191126231730.pdf +2019-08-29,f7e0afcb7fd22d35bb6ca3bd665f830c2991b713,"More_eggs, Anyone_ Threat Actor ITG08 Strikes Again",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.08.29.FIN6_ITG08/More_eggs%2C%20Anyone_%20Threat%20Actor%20ITG08%20Strikes%20Again.pdf +2019-08-31,ce6de200409d558d88c026c9ab087ed1c836db28,Bitter_APT_Malware_analysis,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.08.31.Bitter_APT_Malware_analysis/Bitter_APT_Malware_analysis.pdf +2019-09-04,8cde271eb5fe7b54b667ee88368518c7b2fdbacc,Glupteba Campaign Hits Network Routers and Updates C&C Servers with Data from Bitcoin Transactions,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.09.04.Glupteba_Campaign/Glupteba%20Campaign%20Hits%20Network%20Routers%20and%20Updates%20C%26C%20Servers%20with%20Data%20from%20Bitcoin%20Transactions.pdf +2019-09-05,5b6bccee4b358c195ea7d80c118d6e9a793f3ed7,UPSynergy_ Chinese-American Spy vs. Spy Story,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.09.05.UPSynergy/UPSynergy_%20Chinese-American%20Spy%20vs.%20Spy%20Story.pdf +2019-09-06,cf011cca773f812145c8e81d8f1bade04e716732,BITTER APT_ Not So Sweet,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.09.06.BITTER_APT_Not_So_Sweet/BITTER%20APT_%20Not%20So%20Sweet.pdf +2019-09-09,537bd87d34bbeab8077bb7e199475a9dffa9f58f,Thrip_ Ambitious Attacks Against High Level Targets Continue,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.09.09.Thrip/Thrip_%20Ambitious%20Attacks%20Against%20High%20Level%20Targets%20Continue.pdf +2019-09-11,a873e9f1ba1904911a92497f949b9b10c701d931,RANCOR APT_ Suspected targeted attacks against South East Asia,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.09.11.RANCOR_APT/RANCOR%20APT_%20Suspected%20targeted%20attacks%20against%20South%20East%20Asia.pdf +2019-09-15,453956dd602ee94ea82c44135308783d153507ba,The-Kittens-Are-Back-in-Town-Charming-Kitten-2019,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.09.15_Kittens_back/The-Kittens-Are-Back-in-Town-Charming-Kitten-2019.pdf +2019-09-18,1932e05dd6ba26e752fb89960c24fee7afe7a42b,Magecart Skimming Attack Targets Mobile Users of Hotel Chain Booking Websites,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.09.18.Magecart_Hotel_Chain_Booking/Magecart%20Skimming%20Attack%20Targets%20Mobile%20Users%20of%20Hotel%20Chain%20Booking%20Websites.pdf +2019-09-18,5d08b29ec4f76e1a6bce6d1507de01df1b188666,Tortoiseshell Group Targets IT Providers in Saudi Arabia in Probable Supply Chain Attacks,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.09.18.Tortoiseshell-APT/Tortoiseshell%20Group%20Targets%20IT%20Providers%20in%20Saudi%20Arabia%20in%20Probable%20Supply%20Chain%20Attacks.pdf +2019-09-24,a713bdf75154084b9f6841ace63fa1919bf504e0,DeadlyKiss_TAAR,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.09.24.DeadlyKiss_APT/DeadlyKiss_TAAR.pdf +2019-09-24,d1592835be4b0370146d53603f6eddd0681131a3,Mapping the connections inside Russia APT Ecosystem,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.09.24_Russia_APT_Ecosystem/Mapping%20the%20connections%20inside%20Russia%20APT%20Ecosystem.pdf +2019-09-24,e4129398913943732e62a603877b9bb70b998fd9,How Tortoiseshell created a fake veteran hiring website to host malware,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.09.24_New_Tortoiseshell/How%20Tortoiseshell%20created%20a%20fake%20veteran%20hiring%20website%20to%20host%20malware.pdf +2019-09-26,4231fdbb3b27a90a81d25f8bd60bff7904e910f8,Chinese APT Hackers Attack Windows Users via FakeNarrator Malware,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.09.26_China_APT_FakeNarrator_To_PcShare/Chinese%20APT%20Hackers%20Attack%20Windows%20Users%20via%20FakeNarrator%20Malware.pdf +2019-09-30,3b57873600b96e7474e6aa88f6c924dd81775b41,HELO Winnti_ Attack or Scan,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.09.30_HELO_Winnti/HELO%20Winnti_%20Attack%20or%20Scan.pdf +2019-10-01,095871915af386b3addb87036dfca584473b283c,New Fileless Botnet Novter Distributed by KovCoreG Malvertising Campaign,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.10.01.kovcoreg-malvertising-campaign/New%20Fileless%20Botnet%20Novter%20Distributed%20by%20KovCoreG%20Malvertising%20Campaign.pdf +2019-10-01,4169a4d2143afaf8d91eda2397dbbe34c294fdb4,Tech-Brief-New-Fileless-Botnet-Novter-Distributed-by-KovCoreG-Malvertising-Campaign,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.10.01.kovcoreg-malvertising-campaign/Tech-Brief-New-Fileless-Botnet-Novter-Distributed-by-KovCoreG-Malvertising-Campaign.pdf +2019-10-01,880e01c8cadd72f8318f79d5c95cc57556b69c56,New Adwind Campaign targets US Petroleum Industry,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.10.01.Adwind_Campaign_US_Petroleum_Industry/New%20Adwind%20Campaign%20targets%20US%20Petroleum%20Industry.pdf +2019-10-01,c7a5dcf44c6e0f1f8eb0048caf82f9c436558d73,Appendix-New-Fileless-Botnet-Novter-Distributed-by-KovCoreG-Malvertising-Campaign,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.10.01.kovcoreg-malvertising-campaign/Appendix-New-Fileless-Botnet-Novter-Distributed-by-KovCoreG-Malvertising-Campaign.pdf +2019-10-03,0c794545e8fa5eba2e1e806d9817b85ea12cdd88,PKPLUG_ Chinese Cyber Espionage Group Attacking Asia,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.10.03.PKPLUG/PKPLUG_%20Chinese%20Cyber%20Espionage%20Group%20Attacking%20Asia.pdf +2019-10-04,d9104f80cde5ce7667b3acbab40b38f6d2079f00,VB2019-Garcia-etal,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.10.04.GEOST_BOTNET/VB2019-Garcia-etal.pdf +2019-10-07,426093a99e7a45aa88da697cd1503fb3a5fd745d,"The Kittens Are Back in Town 2 - Charming Kitten Campaign Keeps Going on, Using New Impersonation Methods - ClearSky Cyber Security",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.10.07.Charming_Kitten_Back_in_Town_2/The%20Kittens%20Are%20Back%20in%20Town%202%20-%20Charming%20Kitten%20Campaign%20Keeps%20Going%20on%2C%20Using%20New%20Impersonation%20Methods%20-%20ClearSky%20Cyber%20Security.pdf +2019-10-07,93a3c3b7f8285726b22ead392e71b3e1626f7d10,The-Kittens-Are-Back-in-Town-2,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.10.07.Charming_Kitten_Back_in_Town_2/The-Kittens-Are-Back-in-Town-2.pdf +2019-10-07,bf791907d880bddae90894ed89b4b453d0c11498,CERTFR-2019-CTI-005,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.10.07.Supply_Chain_Attacks/CERTFR-2019-CTI-005.pdf +2019-10-07,d7541e81aea48ec49932896620416f0dd9f9dfde,"China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.10.07.Panda_minority-groups/China-Based%20APT%20Mustang%20Panda%20Targets%20Minority%20Groups%2C%20Public%20and%20Private%20Sector%20Organizations.pdf +2019-10-09,9e96e893e70535aacbc087d16f73a909fd2602d9,FIN6 Compromised E-commerce Platform via Magecart to Inject Credit Card Skimmers Into Thousands of Online Shops,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.10.09_FIN6_Magecart/FIN6%20Compromised%20E-commerce%20Platform%20via%20Magecart%20to%20Inject%20Credit%20Card%20Skimmers%20Into%20Thousands%20of%20Online%20Shops.pdf +2019-10-10,23e4d67dd76553f78f40f1a30aef6bd88ca7200e,Mahalo_FIN7,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.10.10.Fin7/Mahalo_FIN7.pdf +2019-10-10,6b2579a0886d2a14bb3f4a86cb5f18782da63fe3,ASEC_REPORT_vol.96_ENG,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/AhnLab/ASEC_REPORT_vol.96_ENG.pdf +2019-10-10,bbb2512ccf7681d73faa6a447fdbda1fb5da9b2d,"ESET discovers Attor, a spy platform with curious GSM fingerprinting _ WeLiveSecurity",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.10.10.Attor_GSM_fingerprinting_spy_platform/ESET%20discovers%20Attor%2C%20a%20spy%20platform%20with%20curious%20GSM%20fingerprinting%20_%20WeLiveSecurity.pdf +2019-10-10,dc342c30cc53686416204d97ceb44156f1ecf5e8,ESET_Attor,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.10.10.Attor_GSM_fingerprinting_spy_platform/ESET_Attor.pdf +2019-10-10,fa008c2924f69b019af1924b429744d76ca11e1f,ESET_Winnti,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.10.10.Winnti_Group/ESET_Winnti.pdf +2019-10-14,c0061604b409cad311414bd47b97ba6ec79bb642,winnti_EN,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.10.14.From_tweet_to_rootkit/winnti_EN.pdf +2019-10-14,d30068cc3f5856ba52df3b019e5eaa8653e22d77,huge-fan-of-your-work-intelligence-report,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.10.14.TURBINE_PANDA/huge-fan-of-your-work-intelligence-report.pdf +2019-10-14,eb99c745139bd6e46e81745dfd72e41325a02ad4,Is Emotet gang targeting companies with external SOC,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.10.14.Emotet_external_SOC/Is%20Emotet%20gang%20targeting%20companies%20with%20external%20SOC.pdf +2019-10-15,0511740e527c025858aa577e7b6b198f28e2a1ac,LOWKEY_ Hunting for the Missing Volume Serial ID,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.10.15.LOWKEY/LOWKEY_%20Hunting%20for%20the%20Missing%20Volume%20Serial%20ID.pdf +2019-10-17,d6f66a51549b7c2090135e8cb8c40a68c152018d,ESET_Operation_Ghost_Dukes,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.10.17.Operation_Ghost/ESET_Operation_Ghost_Dukes.pdf +2019-10-21,152af7cf47b0d2a89e2415d2d44acf4a50e15f4c,VB2019-Garcia-etal,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.10.21_Geost_botnet/VB2019-Garcia-etal.pdf +2019-10-21,7f98a609e1dcd3f69a822d3636c28f7a9e2dd105,Winnti Group’s skip‑2.0_ A Microsoft SQL Server backdoor,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.10.21.Winnti_skip_2.0/Winnti%20Group%E2%80%99s%20skip%E2%80%912.0_%20A%C2%A0Microsoft%20SQL%20Server%20backdoor.pdf +2019-10-28,29d8473954434c405b838e895f2adfd734dd215b,SWEED Targeting Precision Engineering Companies in Italy,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.10.28_SWEED_Italy/SWEED%20Targeting%20Precision%20Engineering%20Companies%20in%20Italy.pdf +2019-10-31,cb3f46cb9def5b9bc1185e5fd60d390f77dc3834,MESSAGETAP_ Who’s Reading Your Text Messages,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.10.31.MESSAGETAP/MESSAGETAP_%20Who%E2%80%99s%20Reading%20Your%20Text%20Messages.pdf +2019-10-31,fa36f2632e6b9ff400f8b3ad9539f3bf4a586dec,calypso-apt-2019-eng,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.10.31.Calypso_APT/calypso-apt-2019-eng.pdf +2019-11-04,d043d2ce37e8e5a249f59e30eb2608801a3a3f30,Is Lazarus_APT38 Targeting Critical Infrastructures _ – Marco Ramilli Web Corner,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.11.04.Lazarus_APT38/Is%20Lazarus_APT38%20Targeting%20Critical%20Infrastructures%20_%20%E2%80%93%20Marco%20Ramilli%20Web%20Corner.pdf +2019-11-04,f17a8bf210b805556ebaa1488ab937d8a035d27d,(cn)_higaisa_apt_report,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.11.04.Higaisa_APT/%28cn%29_higaisa_apt_report.pdf +2019-11-05,8b90e283d66e6e3222641f09269ad28eda4127bf,LAZARUS_GAZE_APT38,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.11.05.LAZARUS_GAZE/LAZARUS_GAZE_APT38.pdf +2019-11-08,80b06f28ee5e364f47ca3a290b160b2de61bcc0f,Titanium_ the Platinum group strikes again,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.11.08_Titanium_Action_Platinum_group/Titanium_%20the%20Platinum%20group%20strikes%20again.pdf +2019-11-08,9d6dcfc9a673613fdafe7d967945a0a97308de19,Massive malicious campaign by FakeSecurity JS-sniffer,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.11.08_FakeSecurity_JS-sniffer/Massive%20malicious%20campaign%20by%20FakeSecurity%20JS-sniffer.pdf +2019-11-12,3836ed16ed8e861c19344558cb4bd40b6d3b6415,TA-505 Cybercrime on System Integrator Companies,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.11.12_TA-505_On_SI/TA-505%20Cybercrime%20on%20System%20Integrator%20Companies.pdf +2019-11-13,91c0a6c0cd95b42991ea7981be1bec29974df17f,sophoslabs-uncut-2020-threat-report,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/Sophos/sophoslabs-uncut-2020-threat-report.pdf +2019-11-13,fe8df78646bee14a74f2f88f76bdda52a611f8b6,More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.11.13.APT33_Extreme%EF%BC%BFNarrow_Targeting/More%20than%20a%20Dozen%20Obfuscated%20APT33%20Botnets%20Used%20for%20Extreme%20Narrow%20Targeting.pdf +2019-11-20,192be8ca1c779e40ef93e950065e84f5d900161e,APT-C-34.cn,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.11.20.Golden_Eagle_APT-C-34/APT-C-34.cn.pdf +2019-11-20,cf1750865234a5840d529a498a5fa1107d79fe64,Mac Backdoor Linked to Lazarus Targets Korean Users,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.11.20.Mac_Lazarus/Mac%20Backdoor%20Linked%20to%20Lazarus%20Targets%20Korean%20Users.pdf +2019-11-21,f9ec0ec31ccab12f99b03f09a0882b3d30a3365a,"Registers as “Default Print Monitor”, but is a malicious downloader. Meet DePriMon",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.11.21.DePriMon/Registers%20as%20%E2%80%9CDefault%20Print%20Monitor%E2%80%9D%2C%20but%20is%20a%20malicious%20downloader.%20Meet%20DePriMon.pdf +2019-11-25,688771ff7a16425f001508bbb46242248d74545e,Studying Donot Team,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.11.25_Donot_Team/Studying%20Donot%20Team.pdf +2019-11-25,7c4c067c4853d72e3c561eaf388d8494f57c514c,cybersecurity-threatscape-2019-q3-eng,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/PTSecurity/cybersecurity-threatscape-2019-q3-eng.pdf +2019-11-26,6226f5e623d80ddcce349e617498a339d78927d0,Insights from one year of tracking a polymorphic threat,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.11.26.Dexphot/Insights%20from%20one%20year%20of%20tracking%20a%20polymorphic%20threat.pdf +2019-11-28,27c033bcdacc4271b9bd9b08714026ad3832ac73,RevengeHotels_ cybercrime targeting hotel front desks worldwide,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.11.28.RevengeHotels/RevengeHotels_%20cybercrime%20targeting%20hotel%20front%20desks%20worldwide.pdf +2019-11-29,502c37a11fc85045efc1cc7ab019875aba9906a8,Operation-ENDTRADE-TICK-s-Multi-Stage-Backdoors-for-Attacking-Industries-and-Stealing-Classified-Data,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.11.29.Operation_ENDTRADE/Operation-ENDTRADE-TICK-s-Multi-Stage-Backdoors-for-Attacking-Industries-and-Stealing-Classified-Data.pdf +2019-11-29,626f179b5bfca66c6cd149ca061c9717dca2c03d,Group-IB_Hi-Tech_Crime_Trends_2019-2020,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/Group-IB/Group-IB_Hi-Tech_Crime_Trends_2019-2020.pdf +2019-12-03,2e3173ba71b32d02b261f61e1194feccfd8ed085,Threat Actor Targeting Hong Kong Pro-Democracy Figures,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.12.03.Hong_Kong_Pro-Democracy/Threat%20Actor%20Targeting%20Hong%20Kong%20Pro-Democracy%20Figures.pdf +2019-12-04,843e820608adc7a51abb9a74a689d4c3bdb92d75,Obfuscation Tools Found in the Capesand Exploit Kit Possibly Used in “KurdishCoder” Campaign,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.12.04.KurdishCoder_Campaign/Obfuscation%20Tools%20Found%20in%20the%20Capesand%20Exploit%20Kit%20Possibly%20Used%20in%20%E2%80%9CKurdishCoder%E2%80%9D%20Campaign.pdf +2019-12-04,a93d869bc0d4893c042f91e40e777d72db92a77e,New_Destructive_Wiper_ZeroCleare_Final_,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.12.04.ZeroCleare/New_Destructive_Wiper_ZeroCleare_Final_.pdf +2019-12-06,b1ec8d737865e2e7feba57c220bd62290a93ed67,Cosmic Banker campaign is still active revealing link with Banload malware,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.12.06.Cosmic_Banker_campaign/Cosmic%20Banker%20campaign%20is%20still%20active%20revealing%20link%20with%20Banload%20malware.pdf +2019-12-09,0db3e90a27d93efb360e8e0eee9ac0421a09f233,Group-IB_Hi-Tech_Crime_Trends_2019-2020_en,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/Group-IB/Group-IB_Hi-Tech_Crime_Trends_2019-2020_en.pdf +2019-12-10,8acef95af9d674a45608198eb5e80dc7ab65617f,sentinel-one-sentine-6,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.12.10_TrickBot_Planeswalker/sentinel-one-sentine-6.pdf +2019-12-11,322a9344111331462baab10d055d78f7055b3c4f,Chrome 0-day exploit CVE-2019-13720 used in Operation WizardOpium ,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.11.1.Operation_WizardOpium/Chrome%200-day%20exploit%20CVE-2019-13720%20used%20in%20Operation%20WizardOpium%20.pdf +2019-12-11,69bf39301d6e5df6314314995c021963c7f18c94,Dropping Anchor_ From a TrickBot Infection to the Discovery of the Anchor Malware,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.12.11_DROPPING_ANCHOR/Dropping%20Anchor_%20From%20a%20TrickBot%20Infection%20to%20the%20Discovery%20of%20the%20Anchor%20Malware.pdf +2019-12-11,f69b318bff05a1abc62c42a01b120a1e2e54d665,"Waterbear is Back, Uses API Hooking to Evade Security Product Detection",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.12.11.Waterbear_Back/Waterbear%20is%20Back%2C%20Uses%20API%20Hooking%20to%20Evade%20Security%20Product%20Detection.pdf +2019-12-11,fed1378dbf09119779790de36b53cffcc6bfae5b,Anchor IOCs,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.12.11_DROPPING_ANCHOR/Anchor%20IOCs.pdf +2019-12-12,3d4b6ef9ea3d3d64c174b6eaf85434ffa4af8d61,cta-2019-1212,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.12.12.Operation_Gamework/cta-2019-1212.pdf +2019-12-12,54840544c79d24dace32a7a4caa8678036b4f7e7,GALLIUM_ Targeting global telecom,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.12.12.GALLIUM/GALLIUM_%20Targeting%20global%20telecom.pdf +2019-12-12,5af7b3313dafaf307421e6de17add21c894cb59c,wp-drilling-deep-a-look-at-cyberattacks-on-the-oil-and-gas-industry,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.12.12.Drilling_Deep/wp-drilling-deep-a-look-at-cyberattacks-on-the-oil-and-gas-industry.pdf +2019-12-16,58b815814e28d00219c6b4dec546c23c6a6f2162,sophoslabs-uncut-mykings-report,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.12.16.MyKings/sophoslabs-uncut-mykings-report.pdf +2019-12-17,17c168147b6c7d7b313a6a014ae6bdb153e778e8,"Dacls, the Dual platform RAT",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.12.17.Dacls_RAT/Dacls%2C%20the%20Dual%20platform%20RAT.pdf +2019-12-17,c95263e812d3e831061753ff3d432e50b1c4c571,"CN_Dacls, the Dual platform RAT",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.12.17.Dacls_RAT/CN_Dacls%2C%20the%20Dual%20platform%20RAT.pdf +2019-12-17,e54539e7a87e229b70384bd20943c2afd689445c,Rancor_ Cyber Espionage Group Uses New Custom Malware to Attack Southeast Asia,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.12.17.Rancor/Rancor_%20Cyber%20Espionage%20Group%20Uses%20New%20Custom%20Malware%20to%20Attack%20Southeast%20Asia.pdf +2019-12-19,85ddad10bbd8e93e8de1bfedee6563ce5f0c6f96,201912_Report_Operation_Wacao,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.12.19.Operation_Wocao/201912_Report_Operation_Wacao.pdf +2019-12-26,53ef5f11eca852b962543eb4c172ae012456be72,Targeting Portugal_ A new trojan 'Lampion' has spread using template emails from the Portuguese Government Finance & Tax,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.12.26.Trojan-Lampion/Targeting%20Portugal_%20A%20new%20trojan%20%27Lampion%27%20has%20spread%20using%20template%20emails%20from%20the%20Portuguese%20Government%20Finance%20%26%20Tax.pdf +2019-12-29,1a37382df05d162c04564b538f7bd0229f1f8e7e,BRONZE PRESIDENT Targets NGOs,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2019/2019.12.29_BRONZE_PRESIDENT_NGO/BRONZE%20PRESIDENT%20Targets%20NGOs.pdf +2020-01-01,8fc0ccc71a8dc6fec2584ed73ffe8fbef5b43e74,[CN]_SideWinder_APT,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.01.01.SideWinder_APT/%5BCN%5D_SideWinder_APT.pdf +2020-01-06,0663cef97989f69df67f59cab5071d3b4ef742f1,"First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.01.06.SideWinder_Google_Play/First%20Active%20Attack%20Exploiting%20CVE-2019-2215%20Found%20on%20Google%20Play%2C%20Linked%20to%20SideWinder%20APT%20Group.pdf +2020-01-07,9df38c6e2d7d8347a0e922df462f20049f16a797,Iranian Cyber Response to Death of IRGC Head Would Likely Use Reported TTPs and Previous Access,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.01.07_Iranian_Cyber_Response/Iranian%20Cyber%20Response%20to%20Death%20of%20IRGC%20Head%20Would%20Likely%20Use%20Reported%20TTPs%20and%20Previous%20Access.pdf +2020-01-07,bfa9143ed25f03e8a3273a392583de3292d64e35,Saudi-Arabia-CNA-report,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.01.07_Destructive_Attack_DUSTMAN/Saudi-Arabia-CNA-report.pdf +2020-01-08,8d45b1a37d3fc6784fa2f55d4fde6f10e19802c5,Operation AppleJeus Sequel,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.01.08_Operation_AppleJeus_Sequel/Operation%20AppleJeus%20Sequel.pdf +2020-01-09,0ca55a185d1faaa2c0b3576999faad5147eccc76,NA-EL-Threat-Perspective-2019,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.01.09.NA-EL-Threat-Perspective/NA-EL-Threat-Perspective-2019.pdf +2020-01-13,441f48b969b4448c18c6382282db8ac548f8a3e5,APT27 ZXShell RootKit module updates,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.01.13.APT27_ZxShell_RootKit/APT27%20ZXShell%20RootKit%20module%20updates.pdf +2020-01-13,587a7a2e1f2251135b851ad40fdf13359efa9b63,Reviving MuddyC3 Used by MuddyWater (IRAN) APT,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.01.13.muddyc3.Revived/Reviving%20MuddyC3%20Used%20by%20MuddyWater%20%28IRAN%29%20APT.pdf +2020-01-16,1036c13f75483a87237103247da0b9e99e16fee6,JSAC2020_3_takai_jp,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/other/JSAC2020_3_takai_jp.pdf +2020-01-16,59e37b1b95367583cc5cc181fee309b96f786fd0,JhoneRAT_ Cloud based python RAT targeting Middle Eastern countries,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.01.16.JhoneRAT/JhoneRAT_%20Cloud%20based%20python%20RAT%20targeting%20Middle%20Eastern%20countries.pdf +2020-01-20,cd96b74b284193b21abeadedfc64e2257545d9db,ASEC_REPORT_vol.97_ENG,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/AhnLab/ASEC_REPORT_vol.97_ENG.pdf +2020-01-22,a83f4b160e2543812bf9ee048af1d8ce27aaa730,200122_IBM_X-Force_IRIS_ZeroCleare_Paper,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.01.xx.ZeroCleare_Wiper/200122_IBM_X-Force_IRIS_ZeroCleare_Paper.pdf +2020-01-31,33e67d5669920778611140f7b293a4d807de35e5,welivesecurity.com-Winnti Group targeting universities in Hong Kong,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.01.31.Winnti_universities_in_HK/welivesecurity.com-Winnti%20Group%20targeting%20universities%20in%20Hong%20Kong.pdf +2020-02-03,653171288c2d534959efd7c9060e178593465be9,Actors Still Exploiting SharePoint Vulnerability to Attack Middle East Government Organizations,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.02.03.SharePoint_Vulnerability_Middle_East/Actors%20Still%20Exploiting%20SharePoint%20Vulnerability%20to%20Attack%20Middle%20East%20Government%20Organizations.pdf +2020-02-10,fad082e169f6f4bca710eef792f0711c6a9d98cc,"Outlaw Updates Kit to Kill Older Miner Versions, Targets More Systems",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.02.10_Outlaw_Updates/Outlaw%20Updates%20Kit%20to%20Kill%20Older%20Miner%20Versions%2C%20Targets%20More%20Systems.pdf +2020-02-12,d6b452fe46682f1bd964eb8cae720076bf30c592,2020.02.22_APT_threat_report_2019_CN_version,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/QianXin/2020.02.22_APT_threat_report_2019_CN_version.pdf +2020-02-13,b2c9a2d88fe19485808d261e58a2fca4dbbf27ed,"New Cyber Espionage Campaigns Targeting Palestinians - Part 2_ The Discovery of the New, Mysterious Pierogi Backdoor",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.02.13.PIEROGI_BACKDOOR_APT/New%20Cyber%20Espionage%20Campaigns%20Targeting%20Palestinians%20-%20Part%202_%20The%20Discovery%20of%20the%20New%2C%20Mysterious%20Pierogi%20Backdoor.pdf +2020-02-17,73bf0529f33594669d849df43de2d78a38eab8cc,ClearSky-Fox-Kitten-Campaign-v1,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.02.17_Fox_Kitten_Campaign/ClearSky-Fox-Kitten-Campaign-v1.pdf +2020-02-17,916b7687b6d0a73686f1515fe228b1c4ff95122a,CLAMBLING - A New Backdoor Base On Dropbox (EN),https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.02.17_CLAMBLING_Dropbox_Backdoor/CLAMBLING%20-%20A%20New%20Backdoor%20Base%20On%20Dropbox%20%28EN%29.pdf +2020-02-17,bead11e2acc0a0690136d7963bb52e8fd93bb80b,Cyberwarfare_ A deep dive into the latest Gamaredon Espionage Campaign,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.02.17.Cyberwarfare_Gamaredon_Campaign/Cyberwarfare_%20A%20deep%20dive%20into%20the%20latest%20Gamaredon%20Espionage%20Campaign.pdf +2020-02-18,0e43d375e0d1f9ce30a9df30b8c2c27d21df5d83,wp-uncovering-DRBcontrol,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.02.18_Operation_DRBControl/wp-uncovering-DRBcontrol.pdf +2020-02-19,8a127514c633f3298d1eedc3ee1d7d439648950e,Lexfo-WhitePaper-The_Lazarus_Constellation,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.02.19_The_Lazarus_Constellation/Lexfo-WhitePaper-The_Lazarus_Constellation.pdf +2020-02-21,ea7ee7903aac206a471642078ade87af0d183c68,[KR]Analysis Report_MyKings Botnet,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.02.21_MyKings_Botnet/%5BKR%5DAnalysis%20Report_MyKings%20Botnet.pdf +2020-02-22,e786a69583d446ea26e7151b0a534b539b7d5fc3,Weaponizing a Lazarus Group Implant,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.02.22_Lazarus_Group_Weaponizing/Weaponizing%20a%20Lazarus%20Group%20Implant.pdf +2020-02-25,5689d93fa60e88759d1b0d9a23674a43caf87717,CloudSnooper_report,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.02.25_Cloud_Snooper/CloudSnooper_report.pdf +2020-02-28,6683391f26af54d6c995a4df80fbde6419638cdc,Nortrom_Lion_APT_CN_version,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.02.28_Nortrom_Lion_APT/Nortrom_Lion_APT_CN_version.pdf +2020-03-02,ab9e7ac7d48f727dab0986a1672f60c1a7d8dec2,apt34-aka-oilrig-attacks-lebanon-government-entities-with-maildropper-implant,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.03.02_APT34_MAILDROPPER/apt34-aka-oilrig-attacks-lebanon-government-entities-with-maildropper-implant.pdf +2020-03-02,fed84094f8bd8822542b76820b569235ff6cd98a,Report2020CrowdStrikeGlobalThreatReport,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/CrowdStrike/Report2020CrowdStrikeGlobalThreatReport.pdf +2020-03-03,126e1841bb7a5c0b9b0208b01605328402e30a97,mtrends-2020,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/FireEye/mtrends-2020.pdf +2020-03-03,79e7ff150be9c0d28ed50f410f2a3d682e172898,The North Korean Kimsuky APT keeps threatening South Korea evolving its TTPs,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.03.03_Kimsuky_APT/The%20North%20Korean%20Kimsuky%20APT%20keeps%20threatening%20South%20Korea%20evolving%20its%20TTPs.pdf +2020-03-03,ec7d70f1abbdff4227a39b98306a490085cb5bf6,New Perl Botnet (Tuyul) Found with Possible Indonesian Attribution,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.03.03_Tuyul_Botnet_Indonesian/New%20Perl%20Botnet%20%28Tuyul%29%20Found%20with%20Possible%20Indonesian%20Attribution.pdf +2020-03-05,43c98642ad0f9f099ab7d61a0b1433fa4e852dc1,apt_report_2019.CN_Version,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/Tencent/apt_report_2019.CN_Version.pdf +2020-03-05,96d1ff403eb0306a6afce709bc54b16480635775,Guildma_ The Devil drives electric _ WeLiveSecurity,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.03.05_Guildma/Guildma_%20The%20Devil%20drives%20electric%20_%20WeLiveSecurity.pdf +2020-03-05,ae511e37067348208579e7fcf8da0389626b2044,Dissecting Geost_ Exposing the Anatomy of the Android Trojan Targeting Russian Banks - TrendLabs Security Intelligence Blog,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.03.05_Dissecting_Geost/Dissecting%20Geost_%20Exposing%20the%20Anatomy%20of%20the%20Android%20Trojan%20Targeting%20Russian%20Banks%20-%20TrendLabs%20Security%20Intelligence%20Blog.pdf +2020-03-10,00108e5f5e785cd5df1012deee919fe1a9cf0db1,njRat IOCs,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.03.10.WHO_HACKING_THE_HACKERS/njRat%20IOCs.pdf +2020-03-10,865d88a8d0c6bf1dff0accd241bc1f06a7f22616,Who's Hacking the Hackers_ No Honor Among Thieves,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.03.10.WHO_HACKING_THE_HACKERS/Who%27s%20Hacking%20the%20Hackers_%20No%20Honor%20Among%20Thieves.pdf +2020-03-10,e685607aac68a580c1feed8dc1bb21fc567ee414,2020_03_Threat_Alert_Hacking_the_Hackers,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.03.10.WHO_HACKING_THE_HACKERS/2020_03_Threat_Alert_Hacking_the_Hackers.pdf +2020-03-11,9fafe6bd3615077295cfb7cc07059df42e187c14,Operation Overtrap Targets Japanese Online Banking Users Via Bottle Exploit Kit and Brand-New Cinobi Banking Trojan,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.03.11.Operation_Overtrap/Operation%20Overtrap%20Targets%20Japanese%20Online%20Banking%20Users%20Via%20Bottle%20Exploit%20Kit%20and%20Brand-New%20Cinobi%20Banking%20Trojan.pdf +2020-03-11,daa952eb7f9cd9f938255053657d4e8a9271d6c5,Tech Brief_Operation Overtrap Targets Japanese Online Banking Users,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.03.11.Operation_Overtrap/Tech%20Brief_Operation%20Overtrap%20Targets%20Japanese%20Online%20Banking%20Users.pdf +2020-03-12,40347605cbd5510bb0371309456dc1805780c368,Vicious Panda_ The COVID Campaign - Check Point Research,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.03.12_Vicious_Panda/Vicious%20Panda_%20The%20COVID%20Campaign%20-%20Check%20Point%20Research.pdf +2020-03-12,44034bcbd317f83aba6172387eae7fb102e0926b,Two-tailed_scorpion_CN_version,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.03.12_Two-tailed_scorpion/Two-tailed_scorpion_CN_version.pdf +2020-03-12,68b971b44c01fa3821825e239cf6b227673106ea,Tracking Turla_ New backdoor delivered via Armenian watering holes _ WeLiveSecurity,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.03.12_Tracking_Turla/Tracking%20Turla_%20New%20backdoor%20delivered%20via%20Armenian%20watering%20holes%20_%20WeLiveSecurity.pdf +2020-03-13,1f00e902bb6c10ff50389d6cc9075d156cf0986d,cybersecurity-threatscape-2019-q4-eng,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/PTSecurity/cybersecurity-threatscape-2019-q4-eng.pdf +2020-03-15,ca7fb7c0312305d20e41bff716082169ff5f5a01,"APT36 jumps on the coronavirus bandwagon, delivers Crimson RAT _ Malwarebytes Labs",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.03.15_APT36_Crimson_RAT/APT36%20jumps%20on%20the%20coronavirus%20bandwagon%2C%20delivers%20Crimson%20RAT%20_%20Malwarebytes%20Labs.pdf +2020-03-19,6c96e61b7ed93841857c6737b7a84650b39403ad,wp-pawn-storm-in-2019,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.03.19_Probing_Pawn_Storm/wp-pawn-storm-in-2019.pdf +2020-03-24,d71ad8ea9e4809433ec87615aafbc7e20e77b9a4,WildPressure targets industrial-related entities in the Middle East _ Securelist,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.03.24_WildPressure/WildPressure%20targets%20industrial-related%20entities%20in%20the%20Middle%20East%20_%20Securelist.pdf +2020-03-24,f516eade0319946e52c88ee6f44b01aa8e832fd2,Operation Poisoned News_ Hong Kong Users Targeted With Mobile Malware via Local News Links - TrendLabs Security Intelligence Blog,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.03.24_Operation_Poisoned_News/Operation%20Poisoned%20News_%20Hong%20Kong%20Users%20Targeted%20With%20Mobile%20Malware%20via%20Local%20News%20Links%20-%20TrendLabs%20Security%20Intelligence%20Blog.pdf +2020-03-25,60cdab19b8f87a9d3b1aa0dde91f9cf945cbfb76,This Is Not a Test_ APT41 Initiates Global Intrusion Campaign Using Multiple Exploits _ FireEye Inc,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.03.25_APT41-initiates-global-intrusion-campaign/This%20Is%C2%A0Not%20a%20Test_%20APT41%20Initiates%20Global%20Intrusion%20Campaign%20Using%20Multiple%20Exploits%20_%20FireEye%20Inc.pdf +2020-03-26,cf105922040421377abdd120f6ba2b9772fdd40d,iOS exploit chain deploys “LightSpy” feature-rich malware _ Securelist,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.03.26_LightSpy_TwoSail_Junk_APT/iOS%20exploit%20chain%20deploys%20%E2%80%9CLightSpy%E2%80%9D%20feature-rich%20malware%20_%20Securelist.pdf +2020-03-30,b262e09517bd3bf9abb0c19c20ef8fddb2b0012d,Operation Spy Cloud_eng,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.03.30_Spy_Cloud_Operation/Operation%20Spy%20Cloud_eng.pdf +2020-04-07,36aa13f198fbad89f10281c4f5fe9ce7e41ec495,report-bb-decade-of-the-rats,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.04.07_Decade_of_the_RATs/report-bb-decade-of-the-rats.pdf +2020-04-07,969ec8174de828cf9016983138f6b929d2e2b9bd,200407-MWB-COVID-White-Paper_Final,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.04.07_APTs_COVID-19/200407-MWB-COVID-White-Paper_Final.pdf +2020-04-07,f6199ae7db7a2adfc28fa8b751fec7a88639fca2,New Ursnif campaign_ a shift from PowerShell to Mshta,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.04.07_New_Ursnif_Campaign/New%20Ursnif%20campaign_%20a%20shift%20from%20PowerShell%20to%20Mshta.pdf +2020-04-08,742c783578c5461b8f2caa921dcc5a39c7f976d5,ASEC_REPORT_vol.98_ENG,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/AhnLab/ASEC_REPORT_vol.98_ENG.pdf +2020-04-15,2841ceea5cc8310669b24e4bba16f7bd9a1eb804,Nation-state Mobile Malware Targets Syrians with COVID-19 Lures,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.04.15_COVID-19_Lures_Syrians/Nation-state%20Mobile%20Malware%20Targets%20Syrians%20with%20COVID-19%20Lures.pdf +2020-04-15,6a5077e6dac44c1ba63d36b7562496996f56032a,[TLP-White]20200415 Chimera_V4.1,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.04.15_Chimera_APT/%5BTLP-White%5D20200415%20Chimera_V4.1.pdf +2020-04-16,3aeba28cf0cbea7e4f635139516e5a3ab0b3966e,White Ops _ Inside the Largest Connected TV Botnet Attack,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.04.16_ICEBUCKET_TV_Bot_Attack/White%20Ops%20_%20Inside%20the%20Largest%20Connected%20TV%20Botnet%20Attack.pdf +2020-04-16,a7ef251336a636626f97a4ebbedc6894c67481b4,"Exposing Modular Adware_ How DealPly, IsErIk, and ManageX Persist in Systems - TrendLabs Security Intelligence Blog",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.04.16_Exposing_Modular_Adware/Exposing%20Modular%20Adware_%20How%20DealPly%2C%20IsErIk%2C%20and%20ManageX%20Persist%20in%20Systems%20-%20TrendLabs%20Security%20Intelligence%20Blog.pdf +2020-04-17,ed8af7aaa54ed27c726f0ca8f2c9377b4dfd534e,Gamaredon APT Group Use Covid-19 Lure in Campaigns - TrendLabs Security Intelligence Blog,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.04.17_Gamaredon_APT_Covid-19/Gamaredon%20APT%20Group%20Use%20Covid-19%20Lure%20in%20Campaigns%20-%20TrendLabs%20Security%20Intelligence%20Blog.pdf +2020-04-20,1936abcedd5c269851436ed6e042df7db8b618e1,WINNTI GROUP_ Insights From the Past,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.04.20_Winnti_from_the_past/WINNTI%20GROUP_%20Insights%20From%20the%20Past.pdf +2020-04-21,1df98e647d64ef01bdc29e2530e611effe5e895b,Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.04.21.evil-eye-threat-actor/Evil%20Eye%20Threat%20Actor%20Resurfaces%20with%20iOS%20Exploit%20and%20Updated%20Implant.pdf +2020-04-24,61251cc065cb364dbba4585d1d97b0d81062cfc1,PoshC2_APT_jp,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.04.24_PoshC2_APT/PoshC2_APT_jp.pdf +2020-04-27,8f7f8c91758763e2adc955d2d1170b324e314a74,ESET_Threat_Report_Q12020,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/ESET/ESET_Threat_Report_Q12020.pdf +2020-04-28,690050958d76252df27f19728b3608a3f9011a15,yoroi.company-Outlaw is Back a New Crypto-Botnet Targets European Organizations,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.04.28_Outlaw_is_Back/yoroi.company-Outlaw%20is%20Back%20a%20New%20Crypto-Botnet%20Targets%20European%20Organizations.pdf +2020-04-28,d72c4c798984d38fd23124d3c5adff2a0ac65262,Grandoreiro_ How engorged can an EXE get_ _ WeLiveSecurity,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.04.28.Grandoreiro/Grandoreiro_%20How%20engorged%20can%20an%20EXE%20get_%20_%20WeLiveSecurity.pdf +2020-04-29,992959657614e0598cdac414b7796dc37b6eab0d,cta-2020-0429,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.04.29.Chinese_Influence_Operations_Taiwanese_Elections_Hong_Kong_Protests/cta-2020-0429.pdf +2020-05-05,8f5591c1ec9f6b2911112c53dc551374a00b66c3,Nazar_ Spirits of the Past - Check Point Research,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.05.05.Nazar_APT/Nazar_%20Spirits%20of%20the%20Past%20-%20Check%20Point%20Research.pdf +2020-05-06,38e2947b2131a0e1cf3ac0868dad5f6c0c3a034e,Prevailion Blog_ Phantom in the Command Shell,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.05.06_Phantom_EVILNUM/Prevailion%20Blog_%20Phantom%20in%20the%20Command%20Shell.pdf +2020-05-06,801eb85445d0e1a4ecec311846bdfe2435400d2c,LeeryTurtleThreatReport_05_20,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.05.06_Leery_Turtle/LeeryTurtleThreatReport_05_20.pdf +2020-05-07,140f905caba9014a29fed5a5dcf1be7b6102969b,Naikon APT_ Cyber Espionage Reloaded - Check Point Research,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.05.07_Naikon_APT_Reloaded/Naikon%20APT_%20Cyber%20Espionage%20Reloaded%20-%20Check%20Point%20Research.pdf +2020-05-07,d9e41bb3cd7ad22a358930b9eb53495e4409803a,Blue Mockingbird activity mines Monero cryptocurrency,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.05.07_Blue_Mockingbird/Blue%20Mockingbird%20activity%20mines%20Monero%20cryptocurrency.pdf +2020-05-11,b2eab25e33718c6f5114a4260c41b22d96938842,zscaler.com-Attack on Indian Government Financial Institutions,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.05.11.JsOutProx_RAT_Targeted_Attacks/zscaler.com-Attack%20on%20Indian%20Government%20Financial%20Institutions.pdf +2020-05-11,d0acc76ee3510cbde8145e5c7d83e42f8b863123,Updated BackConfig Malware Targeting Government and Military Organizations in South Asia,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.05.11_BackConfig_South_Asia/Updated%20BackConfig%20Malware%20Targeting%20Government%20and%20Military%20Organizations%20in%20South%20Asia.pdf +2020-05-12,ed6a7415fce176c79774be3de06ba77aca1084ff,Tropic Trooper’s Back_ USBferry Attack Targets Air-gapped Environments - TrendLabs Security Intelligence Blog,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.05.12.Tropic_Trooper_Back/Tropic%20Trooper%E2%80%99s%20Back_%20USBferry%20Attack%20Targets%20Air-gapped%20Environments%20-%20TrendLabs%20Security%20Intelligence%20Blog.pdf +2020-05-13,efee6cb22f537f81daeba1c34ca6a42030567d2e,Ramsay_ A cyber‑espionage toolkit tailored for air‑gapped networks _ WeLiveSecurity,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.05.13.Ramsay/Ramsay_%20A%20cyber%E2%80%91espionage%20toolkit%20tailored%20for%20air%E2%80%91gapped%20networks%20_%20WeLiveSecurity.pdf +2020-05-14,005000464a9f344017647ae24c95407f58b0187d,RATicate_ an attacker’s waves of information-stealing malware – Sophos News,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.05.14.RATicate/RATicate_%20an%20attacker%E2%80%99s%20waves%20of%20information-stealing%20malware%20%E2%80%93%20Sophos%20News.pdf +2020-05-14,0c2e280bc8a52ed683fa6e5c85d6bbea835ac067,COMpfun authors spoof visa application with HTTP status-based Trojan _ Securelist,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.05.14.COMpfun/COMpfun%20authors%20spoof%20visa%20application%20with%20HTTP%20status-based%20Trojan%20_%20Securelist.pdf +2020-05-14,16c81da78979a1a9feb92d07aadc89061cfea4d3,Mikroceen_ Spying backdoor leveraged in high‑profile networks in Central Asia _ WeLiveSecurity,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.05.14.Mikroceen/Mikroceen_%20Spying%20backdoor%20leveraged%20in%20high%E2%80%91profile%20networks%20in%20Central%20Asia%20_%20WeLiveSecurity.pdf +2020-05-14,6d5fedda30e086a09d6be72c89e2721e84f7a07c,Vendetta-new-threat-actor-from-Europe,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.05.14.Vendetta_APT/Vendetta-new-threat-actor-from-Europe.pdf +2020-05-14,6e668df891d5f95a31c04a5d6ea344b856ebceb9,dl-20200511-lolsnif-appendix-a-en,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.05.14.LOLSnif/dl-20200511-lolsnif-appendix-a-en.pdf +2020-05-14,75e4bbb86baca9834df9a238120a9dcff82c2c46,APT Group Planted Backdoors Targeting High Profile Networks in Central Asia - Avast Threat Labs,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.05.14.Central_Asia_APT/APT%20Group%20Planted%20Backdoors%20Targeting%20High%20Profile%20Networks%20in%20Central%20Asia%20-%20Avast%20Threat%20Labs.pdf +2020-05-14,e76e58648d529f7171fe87500cfe5b8ce2813e0b,Cybersecurity_ Tool leaks are very interesting occurrences in cyber security. _ Deutsche Telekom,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.05.14.LOLSnif/Cybersecurity_%20Tool%20leaks%20are%20very%20interesting%20occurrences%20in%20cyber%20security.%20_%20Deutsche%20Telekom.pdf +2020-05-14,ec57814179f082e30a8f4aa2a76ae9a5b393eb92,dl-20200511-lolsnif-appendix-b-en,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.05.14.LOLSnif/dl-20200511-lolsnif-appendix-b-en.pdf +2020-05-18,c3540b25293ee33d44c189ce1946a445c6b5964a,APT-C-23.cn,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.05.18_APT-C-23/APT-C-23.cn.pdf +2020-05-19,1784a9f7457b052811e96d6467f1b6f32fa29a7a,Sophisticated Espionage Group Turns Attention to Telecom Providers in South Asia _ Symantec Blogs,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.05.19.Greenbug_South_Asia/Sophisticated%20Espionage%20Group%20Turns%20Attention%20to%20Telecom%20Providers%20in%20South%20Asia%20_%20Symantec%20Blogs.pdf +2020-05-21,0953a87a680ee134d2a8eaedec907f5c27028f32,No “Game over” for the Winnti Group _ WeLiveSecurity,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.05.21.No_Game_Over_Winnti/No%20%E2%80%9CGame%20over%E2%80%9D%20for%20the%20Winnti%20Group%20_%20WeLiveSecurity.pdf +2020-05-21,b2960938fa9e99613d211c440e2ee48c55c5648f,Intezer - The Evolution of APT15's Codebase 2020,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.05.21.APT15_Codebase_2020/Intezer%20-%20The%20Evolution%20of%20APT15%27s%20Codebase%202020.pdf +2020-05-21,e1693e54076e904e62f120e99f71dfb2d221caa5,Bitdefender-Whitepaper-Chafer-creat4491-en-EN-interactive,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.05.21.Iranian_Chafer_APT/Bitdefender-Whitepaper-Chafer-creat4491-en-EN-interactive.pdf +2020-05-25,a34f8a68f18d5f0fab426f07d5c837e63e7b8ffc,mpressioncss_ta_report_2019_4,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/2019.H2_macnica_TeamT5/mpressioncss_ta_report_2019_4.pdf +2020-05-26,7bcdfae2ef025893a57007a928a4c633f6beea1d,ESET_Turla_ComRAT,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.05.26_From_Agent.BTZ_to_ComRAT/ESET_Turla_ComRAT.pdf +2020-05-28,e76e32e631c965b225e1e3eae6ba3d480a01d3a7,The zero-day exploits of Operation WizardOpium _ Securelist,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.05.28_Operation_WizardOpium/The%20zero-day%20exploits%20of%20Operation%20WizardOpium%20_%20Securelist.pdf +2020-05-29,16809dc5ccb7ad44158fdfaba10439aa3fdef9f6,Russian Cyber Attack Campaigns and Actors - Threat Research,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.05.29_russian-cyber-attack-campaigns-and-actors/Russian%20Cyber%20Attack%20Campaigns%20and%20Actors%20-%20Threat%20Research.pdf +2020-06-01,03c57228e99df9e0536038c7fe3bf74f77fd4377,Cryptocurrency-Miners-XMRig-Based-CoinMiner-by-Blue-Mockingbird-Group,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.06.01.Blue_Mockingbird_Group/Cryptocurrency-Miners-XMRig-Based-CoinMiner-by-Blue-Mockingbird-Group.pdf +2020-06-03,5687700fffca8bb7c37d2ac6ea7b375916a4907b,Cycldek_ Bridging the (air) gap _ Securelist,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.06.03.Cycldek/Cycldek_%20Bridging%20the%20%28air%29%20gap%20_%20Securelist.pdf +2020-06-03,a95b65c51aa3655e486a5b843d4ffdddbe375eb5,New LNK attack tied to Higaisa APT discovered - Malwarebytes Labs _ Malwarebytes Labs,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.06.03.Higaisa_APT/New%20LNK%20attack%20tied%20to%20Higaisa%20APT%20discovered%20-%20Malwarebytes%20Labs%20_%20Malwarebytes%20Labs.pdf +2020-06-08,1c6623db3c2b89f3d02c27dbfe556fa16d2787a2,"GuLoader_ No, CloudEyE. - Check Point Research",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.06.08.GuLoader_CloudEyE/GuLoader_%20No%2C%20CloudEyE.%20-%20Check%20Point%20Research.pdf +2020-06-08,77eba65a1f4e631d789ce46a273cbbf91e03ea04,TA410_ The Group Behind LookBack Attacks Against U.S. Utilities Sector Returns with New Malware _ Proofpoint US,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.06.08.TA410/TA410_%20The%20Group%20Behind%20LookBack%20Attacks%20Against%20U.S.%20Utilities%20Sector%20Returns%20with%20New%20Malware%20_%20Proofpoint%20US.pdf +2020-06-11,07f675fbe36baae92e4ba5f2e87aeb80a9022b3a,Gamaredon group grows its game _ WeLiveSecurity,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.06.11.Gamaredon_group/Gamaredon%20group%20grows%20its%20game%20_%20WeLiveSecurity.pdf +2020-06-11,d7eb46c7b708a6638eaec45c8707a7f171daef5a,New Android Spyware ActionSpy Revealed via Phishing Attacks from Earth Empusa - TrendLabs Security Intelligence Blog,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.06.11.Earth_Empusa/New%20Android%20Spyware%20ActionSpy%20Revealed%20via%20Phishing%20Attacks%20from%20Earth%20Empusa%20-%20TrendLabs%20Security%20Intelligence%20Blog.pdf +2020-06-15,e4c9189b12b624d00aebddce020dc21235824382,India_ Human Rights Defenders Targeted by a Coordinated Spyware Operation _ Amnesty International,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.06.15.india-human-rights-defenders-targeted/India_%20Human%20Rights%20Defenders%20Targeted%20by%20a%20Coordinated%20Spyware%20Operation%20_%20Amnesty%20International.pdf +2020-06-16,8eb01ca0fecc1b0f5ce51c40907e4299f6819d58,Cobalt tactics and tools update,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.06.16.Cobalt_Update/Cobalt%20tactics%20and%20tools%20update.pdf +2020-06-17,166f227840f32bab3de2bcf6ebae6a7f8821e2a8,Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature - Malwarebytes Labs _ Malwarebytes Labs,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.06.17.malleable-c2-feature_APT/Multi-stage%20APT%20attack%20drops%20Cobalt%20Strike%20using%20Malleable%20C2%20feature%20-%20Malwarebytes%20Labs%20_%20Malwarebytes%20Labs.pdf +2020-06-17,4374926cb1aae28c30d3737c3c12d001f6b3531a,ESET_Operation_Interception,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.06.17.Operation_Interception/ESET_Operation_Interception.pdf +2020-06-17,bf1e6d61f88eae47312b6fe8208fa32a7f12caea,AcidBox_ Rare Malware Repurposing Turla Group Exploit Targeted Russian Organizations,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.06.17.AcidBox/AcidBox_%20Rare%20Malware%20Repurposing%20Turla%20Group%20Exploit%20Targeted%20Russian%20Organizations.pdf +2020-06-18,b74baf46be77a5cf227622de8617e50b80573388,mpressioncss_ta_report_2019_4_en,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/2019.H2_macnica_TeamT5/mpressioncss_ta_report_2019_4_en.pdf +2020-06-18,ecbed95d0006c27f040e1e371a8bc71084ae425d,ESET_InvisiMole,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.06.18.InvisiMole_hidden_arsenal/ESET_InvisiMole.pdf +2020-06-19,0ae2875e3f06b901197455731e0ebe814e144e32,Targeted Attack Leverages India-China Border Dispute,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.06.19.India-China_Border_Dispute_APT/Targeted%20Attack%20Leverages%20India-China%20Border%20Dispute.pdf +2020-06-23,b31245aa28777ce928ce0325c7a77db3a42edc1a,WastedLocker_ A New Ransomware Variant Developed By The Evil Corp Group – NCC Group Research,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.06.23.WastedLocker_Evil_Corp_Group/WastedLocker_%20A%20New%20Ransomware%20Variant%20Developed%20By%20The%20Evil%20Corp%20Group%20%E2%80%93%20NCC%20Group%20Research.pdf +2020-06-24,3f653faebd179cd80f6cf9900894d675d733f1eb,BRONZE VINEWOOD Targets Supply Chains _ Secureworks,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.06.24.BRONZE_VINEWOOD/BRONZE%20VINEWOOD%20Targets%20Supply%20Chains%20_%20Secureworks.pdf +2020-06-25,6d040ce46d5e965b3307831e8e60e579f717b533,Leviathan APT campaign in 2020 Malaysian political crisis _ Elastic Blog,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.06.25.Malaysian-focused-APT_campaign/Leviathan%20APT%20campaign%20in%202020%20Malaysian%20political%20crisis%20_%20Elastic%20Blog.pdf +2020-06-26,5e6cfc1c4120b7e4816fb45ed6d4df1716020c90,WastedLocker_ Symantec Identifies Wave of Attacks Against U.S. Organizations _ Symantec Blogs,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.06.26_WastedLocker_Attack/WastedLocker_%20Symantec%20Identifies%20Wave%20of%20Attacks%20Against%20U.S.%20Organizations%20_%20Symantec%20Blogs.pdf +2020-06-28,0951da302792eca3f8f5bc739e2416f085a4545d,2020.06.29_APT_threat_report_2020_1H_CN_version,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/QianXin/2020.06.29_APT_threat_report_2020_1H_CN_version.pdf +2020-06-29,fd80d881cea6a3b5f1c67d95e923993c5f54c56e,Talos Blog __ Cisco Talos Intelligence Group - Comprehensive Threat Intelligence_ PROMETHIUM extends global reach with StrongPity3 APT,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.06.29.PROMETHIUM_StrongPity3_APT/Talos%20Blog%20__%20Cisco%20Talos%20Intelligence%20Group%20-%20Comprehensive%20Threat%20Intelligence_%20PROMETHIUM%20extends%20global%20reach%20with%20StrongPity3%20APT.pdf +2020-06-30,29cc78207bc8dd6dddcd9d7a0cb70ba9fd44ac64,Bitdefender-Whitepaper-StrongPity-APT,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.06.30_StrongPity_APT/Bitdefender-Whitepaper-StrongPity-APT.pdf +2020-07-01,072401ca621f892b99161ba98326a82ece2a24da,lookout-uyghur-malware-tr-us,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.07.01.Mobile_APT_Uyghurs/lookout-uyghur-malware-tr-us.pdf +2020-07-02,61e28d6bfe21e4e27c946ef0478ad222e6903063,ASEC_REPORT_vol.99_ENG,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/AhnLab/ASEC_REPORT_vol.99_ENG.pdf +2020-07-03,290ed6fd6340d563fe2220d47bb80c349952683d,cybersecurity-threatscape-2020-q1-eng,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/PTSecurity/cybersecurity-threatscape-2020-q1-eng.pdf +2020-07-06,fd213cf3ad977d04889c1f4bf9d36023270f12fe,North Korean hackers are skimming US and European shoppers – Sansec,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.07.06_North_Korean_Magecart/North%20Korean%20hackers%20are%20skimming%20US%20and%20European%20shoppers%20%E2%80%93%20Sansec.pdf +2020-07-08,4af9052cde27fa68791ba498e8ca4b2d8632933b,TA410,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.07.08.TA410/TA410.pdf +2020-07-08,84838de308f10054250e737881e8882ed3115a9e,"Copy cat of APT Sidewinder _. In tweeter this weekend,@Timele9527… _ by Sebdraven _ Medium",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.07.08.Copy_Cat_of_Sidewinder/Copy%20cat%20of%20APT%20Sidewinder%20_.%20In%20tweeter%20this%20weekend%2C%40Timele9527%E2%80%A6%20_%20by%20Sebdraven%20_%20Medium.pdf +2020-07-08,9f8dda7367cccce4857167350a81827265457f12,Operation ‘Honey Trap’_ APT36 Targets Defense Organizations in India,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.07.08_Operation_Honey_Trap/Operation%20%E2%80%98Honey%20Trap%E2%80%99_%20APT36%20Targets%20Defense%20Organizations%20in%20India.pdf +2020-07-09,60542b63d4ebd6481f237c64553920cb3ee53897,acid-agari-cosmic-lynx,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.07.09_Cosmic_Lynx/acid-agari-cosmic-lynx.pdf +2020-07-09,b2431a336059c7dca596d6f2195b08f084129dc6,More evil_ A deep look at Evilnum and its toolset _ WeLiveSecurity,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.07.09_Evilnum_Toolset/More%20evil_%20A%20deep%20look%20at%20Evilnum%20and%20its%20toolset%20_%20WeLiveSecurity.pdf +2020-07-09,f65700a01bce110e78a4426f2691de3ce3d1dad5,IoCs,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.07.09_Evilnum_Toolset/IoCs.pdf +2020-07-12,2450a3838805875b48de2c1092cc6438b8ab3497,SideWinder_APT_2020_H1_CN_version,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.07.12_SideWinder_2020_H1/SideWinder_APT_2020_H1_CN_version.pdf +2020-07-14,19cf361089a302524207249a3c86c2a390ce19a4,Turla _ Venomous Bear updates its arsenal_ _NewPass_ appears on the APT threat scene - Telsy,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.07.14_Turla_VENOMOUS_BEAR/Turla%20_%20Venomous%20Bear%20updates%20its%20arsenal_%20_NewPass_%20appears%20on%20the%20APT%20threat%20scene%20-%20Telsy.pdf +2020-07-14,555840514267ef3183af84b886b7e25da4bd41aa,Welcome Chat as a secure messaging app_ Nothing could be further from the truth _ WeLiveSecurity,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.07.14_Molerats_Middle_East_APT/Welcome%20Chat%20as%20a%20secure%20messaging%20app_%20Nothing%20could%20be%20further%20from%20the%20truth%20_%20WeLiveSecurity.pdf +2020-07-15,b733176571839bd9bce34d91e7c5cdbf62c7529e,2020-07-the-fake-cisco,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.07.15_the_Fake_CISCO/2020-07-the-fake-cisco.pdf +2020-07-16,c37c39a715b7dabb3b71b2bcb720b4b1d6b55381,Advisory-APT29-targets-COVID-19-vaccine-development,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.07.16.apt29-targets-covid-19-vaccine-development/Advisory-APT29-targets-COVID-19-vaccine-development.pdf +2020-07-17,135a6f7d72166abc72a0fc691651c47eb0ed1b5e,CERTFR-2020-CTI-008,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.07.17.DRIDEX/CERTFR-2020-CTI-008.pdf +2020-07-20,7ff8651fcdf8d0213257d3bf05b729b9c11d34b1,Study_of_the_APT_attacks_on_state_institutions_in_Kazakhstan_and_Kyrgyzstan_en,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.07.20.APT_attacks_Kazakhstan_Kyrgyzstan/Study_of_the_APT_attacks_on_state_institutions_in_Kazakhstan_and_Kyrgyzstan_en.pdf +2020-07-22,11dec46f1e037a4be8fdb1c7308385776697b456,OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.07.22.OilRig_Middle_Eastern_Telecommunication/OilRig%20Targets%20Middle%20Eastern%20Telecommunications%20Organization%20and%20Adds%20Novel%20C2%20Channel%20with%20Steganography%20to%20Its%20Inventory.pdf +2020-07-22,1b63cf401d94eb2778d2fbdb6355cd4f7ab8eda6,MATA_ Multi-platform targeted malware framework _ Securelist,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.07.22_MATA_APT/MATA_%20Multi-platform%20targeted%20malware%20framework%20_%20Securelist.pdf +2020-07-28,59031d3fff5445b8aa9f1384206288dba535f3c6,cta-2020-0728,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.07.28.RedDelta_APT/cta-2020-0728.pdf +2020-07-28,7af26b2a4e7823c399ebcc9adc62e927110a538a,Group-IB_PATRIOT_EN,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.07.28.black-jack/Group-IB_PATRIOT_EN.pdf +2020-07-29,52d8a01e7f751445ce92fe22444fa00c0d26b8d6,ESET_Threat_Report_Q22020,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/ESET/ESET_Threat_Report_Q22020.pdf +2020-07-29,9270d79d9568ff5effdec6b1bcdfae2b35122ee3,mcafee.com-Operation 노스 스타 North Star A Job Offer Thats Too Good to be True,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.07.29.Operation_North_Star/mcafee.com-Operation%20%EB%85%B8%EC%8A%A4%20%EC%8A%A4%ED%83%80%20North%20Star%20A%20Job%20Offer%20Thats%20Too%20Good%20to%20be%20True.pdf +2020-07-31,4e5462be50d05ec0016c0ac96ac1b1cb1820bce4,APT_trends_report_Q2_2020_Securelist,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/Kaspersky/APT_trends_report_Q2_2020_Securelist.pdf +2020-08-03,4fa97bcbbda216a683c7b1b4105870086422bc8a,MAR-10292089-1.v2 – Chinese Remote Access Trojan_ TAIDOOR _ CISA,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.08.03.TAIDOOR/MAR-10292089-1.v2%20%E2%80%93%20Chinese%20Remote%20Access%20Trojan_%20TAIDOOR%20_%20CISA.pdf +2020-08-10,0a1374273e78f5de1ee2df446cdfad6326cc09ff,Gorgon APT targeting MSME sector in India,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.08.10.Gorgon_APT/Gorgon%20APT%20targeting%20MSME%20sector%20in%20India.pdf +2020-08-12,4dd82280ab1b8286e7a15a6712d8aa51cea5717e,Internet Explorer and Windows zero-day exploits used in Operation PowerFall _ Securelist,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.08.12.Operation_PowerFall/Internet%20Explorer%20and%20Windows%20zero-day%20exploits%20used%20in%20Operation%20PowerFall%20_%20Securelist.pdf +2020-08-13,5a2a35f3dd63f115ffccd50ac18f25aa545b2476,CactusPete APT group’s updated Bisonal backdoor _ Securelist,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.08.13.CactusPete_APT/CactusPete%20APT%20group%E2%80%99s%20updated%20Bisonal%20backdoor%20_%20Securelist.pdf +2020-08-13,dbd58d46b251bb8850045e8a0c9588fb480f5ad7,Dream-Job-Campaign,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.08.13.Operation_Dream_Job/Dream-Job-Campaign.pdf +2020-08-18,ae100f502bae1c22ccbaafc930363da92fee7af6,f-secureLABS-tlp-white-lazarus-threat-intel-report2,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.08.18.LAZARUS_GROUP/f-secureLABS-tlp-white-lazarus-threat-intel-report2.pdf +2020-08-20,2be29c83661be962010cd1b651bc30358270d37f,Bitdefender-PR-Whitepaper-APTHackers-creat4740-en-EN-GenericUse,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.08.20_APT_Hackers_for_Hire/Bitdefender-PR-Whitepaper-APTHackers-creat4740-en-EN-GenericUse.pdf +2020-08-20,d26eee9aaf68c944c7b606a24e527a22d8f044e9,CERTFR-2020-CTI-009,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.08.20_DEVELOPMENT_TA505/CERTFR-2020-CTI-009.pdf +2020-08-24,15d4cbcd158a1d481d50df98c0bab7c7320b9204,"Lifting the veil on DeathStalker, a mercenary triumvirate _ Securelist",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.08.24_DeathStalker/Lifting%20the%20veil%20on%20DeathStalker%2C%20a%20mercenary%20triumvirate%20_%20Securelist.pdf +2020-08-27,9773d73d8f5fa7731c250b8c5a120c7d2f122737,The-Kittens-are-Back-in-Town-3,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.08.27.Kittens_Are_Back/The-Kittens-are-Back-in-Town-3.pdf +2020-08-28,1e67a31a1b58037730ec5c2658f08cf7e341f22a,"Transparent Tribe_ Evolution analysis, part 2 _ Securelist",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.08.28_Transparent_Tribe/Transparent%20Tribe_%20Evolution%20analysis%2C%20part%202%20_%20Securelist.pdf +2020-09-01,c58ac19d02322eb584b9a933873258b4bb46c63d,Chinese APT TA413 Resumes Targeting of Tibet Following COVID-19 Themed Economic Espionage Campaign Delivering Sepulcher Malware Targeting Europe _ Proofpoint US,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.09.01.Chinese_APT_TA413/Chinese%20APT%20TA413%20Resumes%20Targeting%20of%20Tibet%20Following%20COVID-19%20Themed%20Economic%20Espionage%20Campaign%20Delivering%20Sepulcher%20Malware%20Targeting%20Europe%20_%20Proofpoint%20US.pdf +2020-09-03,481ea2b17f84432633e8539b6d0bdda62084a18b,cybersecurity-threatscape-2020-q2-eng,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/PTSecurity/cybersecurity-threatscape-2020-q2-eng.pdf +2020-09-03,7f81e670c66b8e8bbbe5cb52544526cb18ee432c,Evilnum IOCs,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.09.03.Evilnum_Pyvil/Evilnum%20IOCs.pdf +2020-09-03,a61dd692af601982998502a3f199395a118ed59b,No Rest for the Wicked_ Evilnum Unleashes PyVil RAT,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.09.03.Evilnum_Pyvil/No%20Rest%20for%20the%20Wicked_%20Evilnum%20Unleashes%20PyVil%20RAT.pdf +2020-09-07,8cd6e584044556e5548bdefff08e2cf2c9bb5ecf,swift_bae_report_Follow-The Money,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/2020.09.07_Follow_the_Money/swift_bae_report_Follow-The%20Money.pdf +2020-09-08,31e082a1ca4f7e12ac0cc0a32185d5c7c55752e6,TeamTNT activity targets Weave Scope deployments - Microsoft Tech Community - 1645968,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.09.08.TeamTNT_Weave-Scope/TeamTNT%20activity%20targets%20Weave%20Scope%20deployments%20-%20Microsoft%20Tech%20Community%20-%201645968.pdf +2020-09-11,6370087a176d2e536888fde5dfd0478d2675ead6,2020.09.11_Talos_-_The_art_and_science_of_detecting_Cobalt_Strike,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.09.11_Talos_-_The_art_and_science_of_detecting_Cobalt_Strike/2020.09.11_Talos_-_The_art_and_science_of_detecting_Cobalt_Strike.pdf +2020-09-16,e31ec8645ecd065f317e9b6ac0f0e83849c1ecc9,Partners in crime_ North Koreans and elite Russian-speaking cybercriminals - Intel 471,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.09.16.Partners_in_crime/Partners%20in%20crime_%20North%20Koreans%20and%20elite%20Russian-speaking%20cybercriminals%20-%20Intel%20471.pdf +2020-09-17,93d561129091d822ec1d402a359e7dedb472766d,69da886eecc7087e9dac2d3ea4c66ba8,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.09.17.Operation_Tibbar/69da886eecc7087e9dac2d3ea4c66ba8.pdf +2020-09-21,656646baa87275b8a967c07f218e65abad2dc05c,Talos_Cobalt_Strike,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.09.21.coverage-strikes-back-cobalt-strike-paper/Talos_Cobalt_Strike.pdf +2020-09-22,e08daeb493b2dd368eaf56261dc50d1a320c1a54,APT28 Delivers Zebrocy Malware Campaign Using NATO Theme as Lure,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.09.22.APT28_Zebrocy_Malware_Campaign/APT28%20Delivers%20Zebrocy%20Malware%20Campaign%20Using%20NATO%20Theme%20as%20Lure.pdf +2020-09-23,a1bdc13886c38c08ab612c67fa129cf822a0c586,Seqrite-WhitePaper-Operation-SideCopy,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.09.23.Operation_SideCopy/Seqrite-WhitePaper-Operation-SideCopy.pdf +2020-09-24,b68432d09718bec3dcd78a55d09dc826f249f425,Microsoft Security—detecting empires in the cloud - Microsoft Security,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.09.24.Empires_in_the_Cloud/Microsoft%20Security%E2%80%94detecting%20empires%20in%20the%20cloud%20-%20Microsoft%20Security.pdf +2020-09-25,37b32bf2d55a94ac7991302ba9b19f19cd4ea4dc,"German-made FinSpy spyware found in Egypt, and Mac and Linux versions revealed _ Amnesty International",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.09.25.Finspy_in_Egypt/German-made%20FinSpy%20spyware%20found%20in%20Egypt%2C%20and%20Mac%20and%20Linux%20versions%20revealed%20_%20Amnesty%20International.pdf +2020-09-25,a77cbdde77e4f422afa752f5300c4c61227a9713,apt-c-43-steals-venezuelan-military-secrets-to-provide-intelligence-support-for-the-reactionaries-hpreact-campaign,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.09.25.APT-C-43_HpReact_campaign/apt-c-43-steals-venezuelan-military-secrets-to-provide-intelligence-support-for-the-reactionaries-hpreact-campaign.pdf +2020-09-29,57e8d714b5d438ce9e92de0b265e73d7e9f44956,"Palmerworm_ Espionage Gang Targets the Media, Finance, and Other Sectors _ Symantec Blogs",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.09.29.Palmerworm/Palmerworm_%20Espionage%20Gang%20Targets%20the%20Media%2C%20Finance%2C%20and%20Other%20Sectors%20_%20Symantec%20Blogs.pdf +2020-09-29,964d1402954f35daa80c32477d96673bd3e8d9e3,2020.09.29_ShadowPad - new activity from the Winnti group,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.09.29_ShadowPad_-_new_activity_from_the_Winnti_group/2020.09.29_ShadowPad%20-%20new%20activity%20from%20the%20Winnti%20group.pdf +2020-09-30,c19c3cf6fc7f11ece1d8db1f0eaf19dd9017d91a,APT‑C‑23 group evolves its Android spyware _ WeLiveSecurity,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.09.30.APT%E2%80%91C%E2%80%9123_Android/APT%E2%80%91C%E2%80%9123%20group%20evolves%20its%20Android%20spyware%20_%20WeLiveSecurity.pdf +2020-10-05,293d6da465b3568edeba3f01e6b51ab5c504bce8,2020.10.05_-_MosaicRegressor_Lurking_in_the_Shadows_of_UEFI_Securelist_2020,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.10.05.MosaicRegressor_Lurking_in_the_Shadows_of_UEFI/2020.10.05_-_MosaicRegressor_Lurking_in_the_Shadows_of_UEFI_Securelist_2020.pdf +2020-10-06,e00bdad5093bbd5ef5d5b949edfbb5e7d2a0d668,Release the Kraken_ Fileless APT attack abuses Windows Error Reporting service,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.10.06.Kraken_Fileless_APT/Release%20the%20Kraken_%20Fileless%20APT%20attack%20abuses%20Windows%20Error%20Reporting%20service.pdf +2020-10-07,9782e6360e97367764f28ad9eeb6a2b7bb830e3e,report-spark-bahamut,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.10.07.Massive_Hack-For-Hire_Group/report-spark-bahamut.pdf +2020-10-12,dd71e034b730cc673712b1c34759f6d8a08e85d7,ASEC_REPORT_vol.100_ENG,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/AhnLab/ASEC_REPORT_vol.100_ENG.pdf +2020-10-13,f439ee14595e3a11b2bbf3180d48149a4148309f,Blood_Rubia_APT_CN_version,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.10.13.Operation_Rubia_cordifolia/Blood_Rubia_APT_CN_version.pdf +2020-10-14,8406efff010535b5b3970c90f1c66c48cd42a334,Silent Librarian APT right on schedule for 20_21 academic year - Malwarebytes Labs _ Malwarebytes Labs,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.10.14.Silent_Librarian_APT/Silent%20Librarian%20APT%20right%20on%20schedule%20for%2020_21%20academic%20year%20-%20Malwarebytes%20Labs%20_%20Malwarebytes%20Labs.pdf +2020-10-15,7b40403abebcff1c0adfca8446cf0470c96d6caf,2020.10.15_Operation_Quicksand_MuddyWater’s_Offensive_Attack_Against_Israeli,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.10.15_Operation_Quicksand_MuddyWater%E2%80%99s_Offensive_Attack_Against_Israeli/2020.10.15_Operation_Quicksand_MuddyWater%E2%80%99s_Offensive_Attack_Against_Israeli.pdf +2020-10-19,4a1e9f829eb2f169cfa22e8ee29bf346b07002a4,ETL2020_Incidents_A4,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/ENISA/ETL2020_Incidents_A4.pdf +2020-10-19,caf252729256e6060cdd1a1b79c1601bbb9e57f5,2020.10.19_-_Operation_Earth_Kitsune_-_Tracking_SLUBs_current_operations,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.10.19_-_Operation_Earth_Kitsune_-_Tracking_SLUBs_current_operations/2020.10.19_-_Operation_Earth_Kitsune_-_Tracking_SLUBs_current_operations.pdf +2020-10-22,a64d2206e1e103ad29c72db4046f85bd46769eb7,Bitter_CHM_APT_CN,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.10.22.Bitter_CHM_APT/Bitter_CHM_APT_CN.pdf +2020-10-23,b373caf73601a0d9b85ac7ddf32b5bafd7fac08b,APT-C-44_CN_Version,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.10.23.APT-C-44_NAFox/APT-C-44_CN_Version.pdf +2020-10-26,77cb524019f00c62291b56c239af3b64cde985e3,Study_of_the_ShadowPad_APT_backdoor_and_its_relation_to_PlugX_en (1),https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.10.26.ShadowPad_APT_backdoor_PlugX/Study_of_the_ShadowPad_APT_backdoor_and_its_relation_to_PlugX_en%20%281%29.pdf +2020-10-27,63c7af76b7bf400f15d027af6c64e7713b031fc3,ESET_Threat_Report_Q32020,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/ESET/ESET_Threat_Report_Q32020.pdf +2020-10-27,e9982868ab5e1049d2681d5f26b52b6d3cfc90aa,TLP-WHITE_AA20-301A_North_Korean_APT_Focus_Kimsuky,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.10.27_AA20-301A.North_Korean_APT/TLP-WHITE_AA20-301A_North_Korean_APT_Focus_Kimsuky.pdf +2020-11-01,ff7e1ff5b450cfab95e1d2efeed6173e6f752658,cyberstanc.com-A look into APT36s Transparent Tribe tradecraft,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.11.01.Transparent_Tribe_APT/cyberstanc.com-A%20look%20into%20APT36s%20Transparent%20Tribe%20tradecraft.pdf +2020-11-02,060d5bead69abda2843568e023e2da9b79f30728,fireeye.com-Live off the Land How About Bringing Your Own Island An Overview of UNC1945,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.11.02.UNC1945/fireeye.com-Live%20off%20the%20Land%20How%20About%20Bringing%20Your%20Own%20Island%20An%20Overview%20of%20UNC1945.pdf +2020-11-04,5740fa2785845008e0ca6e3116cd9e545ec8712f,2020.11.04_-_WorldEconomicForum_-_Partnership_against_Cybercrime,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/2020.11.04_-_WorldEconomicForum_-_Partnership_against_Cybercrime/2020.11.04_-_WorldEconomicForum_-_Partnership_against_Cybercrime.pdf +2020-11-04,9adac60dfdae3acfe01e9d105fc0e50e7e80ea62,APT_trends_report_Q3_2020_Securelist,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/Kaspersky/APT_trends_report_Q3_2020_Securelist.pdf +2020-11-04,ad4a25b8d51c674cc7cc87ce0a38d119214203aa,A new APT uses DLL side-loads to “KilllSomeOne” – Sophos News,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.11.04.KilllSomeOne_DLL_APT/A%20new%20APT%20uses%20DLL%20side-loads%20to%20%E2%80%9CKilllSomeOne%E2%80%9D%20%E2%80%93%20Sophos%20News.pdf +2020-11-06,f20e6d7993156865b1b6d4d17c8a61f4cbfdf197,OceanLotus_ Extending Cyber Espionage Operations Through Fake Websites _ Volexity,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.11.06.OceanLotus_Fake_Websites/OceanLotus_%20Extending%20Cyber%20Espionage%20Operations%20Through%20Fake%20Websites%20_%20Volexity.pdf +2020-11-10,34ca92f2cf9d17f44a084b1dfd89861416010109,cta-2020-1110,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.11.10.APT32_Cambodian/cta-2020-1110.pdf +2020-11-11,69abc992873b860e8f7677b252223232e89c759d,2020-2021-cyber-espionage-report,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/Verizon/2020-2021-cyber-espionage-report.pdf +2020-11-12,0059d38480ba7bf97b0eca30fe489c3a41d8862e,"Hungry for data, ModPipe backdoor hits POS software used in hospitality sector _ WeLiveSecurity",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.11.12.ModPipe_POS_Hospitality-Sector/Hungry%20for%20data%2C%20ModPipe%20backdoor%20hits%20POS%20software%20used%20in%20hospitality%20sector%20_%20WeLiveSecurity.pdf +2020-11-12,5352306527c9f9cbd00390846f430f159d9e6797,Jupyter Infostealer WEB,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.11.12.Jupyter_InfoStealer/Jupyter%20Infostealer%20WEB.pdf +2020-11-12,d6c8819c55c41b32b1d1d75fff4346407609acf2,The CostaRicto Campaign_ Cyber-Espionage Outsourced,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.11.12.CostaRicto_Campaign/The%20CostaRicto%20Campaign_%20Cyber-Espionage%20Outsourced.pdf +2020-11-12,e9f32f7b199787f8b8bb42c90054f2db6a1fee0f,Cisco Talos Intelligence Group - Comprehensive Threat Intelligence_ CRAT wants to plunder your endpoints,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.11.12.CRAT_Lazarus/Cisco%20Talos%20Intelligence%20Group%20-%20Comprehensive%20Threat%20Intelligence_%20CRAT%20wants%20to%20plunder%20your%20endpoints.pdf +2020-11-16,04f2e7dae2a99039549957795de625810f0e2698,Bitdefender-Whitepaper-Chinese-APT,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.11.16.Chinese_APT_South_Eastern_Asian/Bitdefender-Whitepaper-Chinese-APT.pdf +2020-11-16,5c1c65e34650e0d891d23fbf362a7f160db8fe67,TA505_ A Brief History Of Their Time – Fox-IT International blog,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.11.16.TA505_History/TA505_%20A%20Brief%20History%20Of%20Their%20Time%20%E2%80%93%20Fox-IT%20International%20blog.pdf +2020-11-17,297670f9a872410bddc852a030f4a7ec518e167f,11-2020-Chaes-e-commerce-malware-research,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.11.17.CHAES/11-2020-Chaes-e-commerce-malware-research.pdf +2020-11-17,757fa642dccef50a0d9c00f12de89e57d136b796,Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign _ Symantec Blogs,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.11.17.Cicada_Japan/Japan-Linked%20Organizations%20Targeted%20in%20Long-Running%20and%20Sophisticated%20Attack%20Campaign%20_%20Symantec%20Blogs.pdf +2020-11-17,be07f4c6382c69d62fb14a5886575b3bec1de53d,chaes-malware-iocs,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.11.17.CHAES/chaes-malware-iocs.pdf +2020-11-18,1b8684ab53b5ee732bfb95dab91fbbae3da45700,sophos-2021-threat-report,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/Sophos/sophos-2021-threat-report.pdf +2020-11-18,30d80fc2ff785b0dffdd99d24cec6b35e6555674,2020.11.18_Zooming_into_Darknet_Threats_Targeting_Japanese_Organizations,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/2020.11.18_Zooming_into_Darknet_Threats_Targeting_Japanese_Organizations/2020.11.18_Zooming_into_Darknet_Threats_Targeting_Japanese_Organizations.pdf +2020-11-19,657a7e2583a1f3590740eb6935202c5ebe94ecdb,2020.11.19_-_Cybereason_vs_MedusaLocker_Ransomware,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.11.19.MedusaLocker_Ransomware/2020.11.19_-_Cybereason_vs_MedusaLocker_Ransomware.pdf +2020-11-23,0e1716828670b5518cfa19c9a31b7c61002a1042,Group-IB_Hi-Tech_Crime_Trends_2020-2021_en,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/Group-IB/Group-IB_Hi-Tech_Crime_Trends_2020-2021_en.pdf +2020-11-23,680326f4ffb2f446f27f40fb66eaaae9fd0254fd,[S2W LAB] Analysis of Clop Ransomware suspiciously related to the Recent Incident (English),https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.11.23.Clop_Campaign/%5BS2W%20LAB%5D%20Analysis%20of%20Clop%20Ransomware%20suspiciously%20related%20to%20the%20Recent%20Incident%20%28English%29.pdf +2020-11-26,507f014ec7d5d00cdfe894e9f4a8e5d6363aa73f,Bandook_ Signed & Delivered - Check Point Research,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.11.26.Bandook/Bandook_%20Signed%20%26%20Delivered%20-%20Check%20Point%20Research.pdf +2020-11-27,ad2ea5b4d217a569389d450ff52aa167961484cb,Investigation with a twist_ an accidental APT attack and averted data destruction,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.11.27.Twist_APT27/Investigation%20with%20a%20twist_%20an%20accidental%20APT%20attack%20and%20averted%20data%20destruction.pdf +2020-11-30,15fe81e24bfbb3b20b2deddd8beeb6c137956a79,Threat actor leverages coin miner techniques to stay under the radar – here’s how to spot them - Microsoft Security,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.11.30.BISMUTH_CoinMiner/Threat%20actor%20leverages%20coin%20miner%20techniques%20to%20stay%20under%20the%20radar%20%E2%80%93%20here%E2%80%99s%20how%20to%20spot%20them%20-%20Microsoft%20Security.pdf +2020-11-30,5e45c51ac37f98d5a77773448007d5c2d47b28f6,yoroi.company-Shadows From the Past Threaten Italian Enterprises,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.11.30.UNC1945/yoroi.company-Shadows%20From%20the%20Past%20Threaten%20Italian%20Enterprises.pdf +2020-12-01,49b601dfe0bb2b946424d96bdd31c63cb0ea2c03,Red_Kangaroo,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.12.01.Operation_RED_KANGAROO/Red_Kangaroo.pdf +2020-12-01,ee81cf429cf7d9d2f535e00a6f041e70be4364ba,AA20-336A-APT_Actors_Targeting_US_ThinkTanks,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.12.01.APT_US_Think_Tanks/AA20-336A-APT_Actors_Targeting_US_ThinkTanks.pdf +2020-12-02,201269ab296c57608c21f5dc2db15738b73409da,Turla Crutch_ Keeping the “back door” open _ WeLiveSecurity,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.12.02.Turla_Crutch/Turla%20Crutch_%20Keeping%20the%20%E2%80%9Cback%20door%E2%80%9D%20open%20_%20WeLiveSecurity.pdf +2020-12-03,721bc070ec4a33f0c6aa17606e76d04ccfb80b21,ATR_82599-1,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.12.03.Adversary_Tracking_Report/ATR_82599-1.pdf +2020-12-07,13c7d3da1d1cec27f6bf4730227557837d0191da,The footprints of Raccoon_ a story about operators of JS-sniffer FakeSecurity distributing Raccoon stealer,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.12.07.FakeSecurity/The%20footprints%20of%20Raccoon_%20a%20story%20about%20operators%20of%20JS-sniffer%20FakeSecurity%20distributing%20Raccoon%20stealer.pdf +2020-12-09,5fbc6d29a61db83e0aaa5262e68751d0fc91aae7,"SideWinder Uses South Asian Issues for Spear Phishing, Mobile Attacks",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.12.09.SideWinder/SideWinder%20Uses%20South%20Asian%20Issues%20for%20Spear%20Phishing%2C%20Mobile%20Attacks.pdf +2020-12-09,731f807cbab23d94b4fb3b2fab99a2ff6ff0394a,Russian APT Uses COVID-19 Lures to Deliver Zebrocy - Intezer,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.12.09.Sofacy_APT/Russian%20APT%20Uses%20COVID-19%20Lures%20to%20Deliver%20Zebrocy%20-%20Intezer.pdf +2020-12-13,46758aa98959fdc1ae34dd3ef0ab1303879cc692,fireeye.com-Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With ,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.12.13.SolarWinds_Supply_Chain_SUNBURST_Backdoor/fireeye.com-Highly%20Evasive%20Attacker%20Leverages%20SolarWinds%20Supply%20Chain%20to%20Compromise%20Multiple%20Global%20Victims%20With%20.pdf +2020-12-15,0a6463f3c8f788c5b69d1a93c941fd3d9e3b5a44,Microsoft_Digital_Defense_Report_2020_September,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/Microsoft/Microsoft_Digital_Defense_Report_2020_September.pdf +2020-12-15,33f5db26e70ff659285215cfe24da89b0ee44f78,ThreatReport-Lazarus,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.12.15.Lazarus_Campaign/ThreatReport-Lazarus.pdf +2020-12-15,d1e6ea484caee3d4a6caba94f056bfb1ec350303,APT-C-47_ClickOnce_Operation.CN_version,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.12.15.APT-C-47_ClickOnce/APT-C-47_ClickOnce_Operation.CN_version.pdf +2020-12-16,75609cca39e6bd39390f11e23753c951fd5f0f7e,Mapping out AridViper Infrastructure Using Augury’s Malware Module – Team Cymru,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.12.16.AridViper_Augury/Mapping%20out%20AridViper%20Infrastructure%20Using%20Augury%E2%80%99s%20Malware%20Module%20%E2%80%93%20Team%20Cymru.pdf +2020-12-17,22d4bacae3cb4eda41d3b3ddf44843e8c5902db8,Operation SignSight_ Supply‑chain attack against a certification authority in Southeast Asia _ WeLiveSecurity,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.12.17.Operation_SignSight/Operation%20SignSight_%20Supply%E2%80%91chain%20attack%20against%20a%20certification%20authority%20in%20Southeast%20Asia%20_%20WeLiveSecurity.pdf +2020-12-17,a4f055f4aa7f38e5a81e9d28e6a1d929d2f6842a,Pay2Kitten,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.12.17.Pay2Kitten/Pay2Kitten.pdf +2020-12-19,f1a02cdc30e256d40d50aa8939f9aa79313324b7,blog.vincss.net-RE018-1 Analyzing new malware of China Panda hacker group used to attack supply chain against Vietnam,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.12.19.Panda_Vietnam/blog.vincss.net-RE018-1%20Analyzing%20new%20malware%20of%20China%20Panda%20hacker%20group%20used%20to%20attack%20supply%20chain%20against%20Vietnam.pdf +2020-12-22,50fa2057d9ebe2ccb52a3d0bda82abf3ec5e8e2b,blog.truesec.com-Collaboration between FIN7 and the RYUK group a Truesec Investigation,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.12.22.FIN7_RYUK/blog.truesec.com-Collaboration%20between%20FIN7%20and%20the%20RYUK%20group%20a%20Truesec%20Investigation.pdf +2020-12-22,613c7e31ab44b8c0329a518b3d89d5860d68c1cc,Cybersecurity_threatscape-2020-Q3.ENG,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/PTSecurity/Cybersecurity_threatscape-2020-Q3.ENG.pdf +2020-12-23,5543aa9877bbed56afcfcb5423aeff3ac8f22a78,securelist.com-Lazarus covets COVID-19-related intelligence,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.12.23.Lazarus_COVID-19/securelist.com-Lazarus%20covets%20COVID-19-related%20intelligence.pdf +2020-12-29,c16375fdd9f0f4b81b76df0c4f0d09967d040ab7,Revenge RAT targeting users in South America,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2020.12.29.Revenge_RAT/Revenge%20RAT%20targeting%20users%20in%20South%20America.pdf +2021-01-04,14665d7d4810b9592c7da1d219d6d44f35aac6dd,nao-sec.org-Royal Road ReDive,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.01.04.Royal_Road_ReDive/nao-sec.org-Royal%20Road%20ReDive.pdf +2021-01-04,433f0b9bf25b149d226eee3c3405805cbcae3ad0,research.checkpoint.com-Stopping Serial Killer Catching the Next Strike,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.01.04.Dridex_Next_Strike/research.checkpoint.com-Stopping%20Serial%20Killer%20Catching%20the%20Next%20Strike.pdf +2021-01-04,449c50fa76fa2545a649262dfe8fff05b2fcedf3,APT27+turns+to+ransomware,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.01.04.APT27_Ransomware/APT27%2Bturns%2Bto%2Bransomware.pdf +2021-01-04,9abf08d5f161141853b1ecf23b0b35d6839adb64,[Morphisec]_The_Evolution_of_the_FIN7_JssLoader,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.01.04.Carbanak_evolution_of_FIN7_JssLoader/%5BMorphisec%5D_The_Evolution_of_the_FIN7_JssLoader.pdf +2021-01-05,425780581a76b844dce4c8817d1878171f138507,quointelligence.eu-ReconHellcat Uses NIST Theme as Lure To Deliver New BlackSoul Malware,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.01.05.ReconHellcat_APT_BlackSoul_Malware/quointelligence.eu-ReconHellcat%20Uses%20NIST%20Theme%20as%20Lure%20To%20Deliver%20New%20BlackSoul%20Malware.pdf +2021-01-05,7ea2f0f7fad95346ee6624677767693dceca75ce,trendmicro.com-Earth Wendigo Injects JavaScript Backdoor for Mailbox Exfiltration,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.01.05.Earth_Wendigo_Mailbox_Exfiltration/trendmicro.com-Earth%20Wendigo%20Injects%20JavaScript%20Backdoor%20for%20Mailbox%20Exfiltration.pdf +2021-01-06,9dafe61a944ded91b92124368c6095997beaa6c3,blog.talosintelligence.com-A Deep Dive into Lokibot Infection Chain,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.01.06.Lokibot_Infection_Chain/blog.talosintelligence.com-A%20Deep%20Dive%20into%20Lokibot%20Infection%20Chain.pdf +2021-01-06,bdd99082714507efe1e61cb50369f0bcdf2f729f,blog.malwarebytes.com-Retrohunting APT37 North Korean APT used VBA self decode technique to inject RokRat,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.01.06.APT37_North_Korean_APT_RokRat/blog.malwarebytes.com-Retrohunting%20APT37%20North%20Korean%20APT%20used%20VBA%20self%20decode%20technique%20to%20inject%20RokRat.pdf +2021-01-07,791e4be4ccaf81a83beea4fc815af9e572222ef2,BrunHilda_DaaS,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.01.07.Brunhilda_DaaS_Malware/BrunHilda_DaaS.pdf +2021-01-08,2e84ade1e1bea56ea53967234f083557877053c8,Charming Kitten’s Christmas Gift - Certfa Lab,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.01.08.Charming_Kitten_Christmas_Gift/Charming%20Kitten%E2%80%99s%20Christmas%20Gift%20-%20Certfa%20Lab.pdf +2021-01-11,0749d18014ca22469e3ded51cbdca9f836e6f52b,SUNSPOT Malware A Technical Analysis,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.01.11.SUNSPOT/SUNSPOT%20Malware%20A%20Technical%20Analysis.pdf +2021-01-11,07ed9ccef8f3b0e30efe4c9110a73c5d537b6003,ASEC_REPORT_vol.101_ENG,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/AhnLab/ASEC_REPORT_vol.101_ENG.pdf +2021-01-11,08046eda34296ae9856dbe879fa7529af2448279,crowdstrike.com-SUNSPOT An Implant in the Build Process,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2021.01.11.SUNSPOT/crowdstrike.com-SUNSPOT%20An%20Implant%20in%20the%20Build%20Process.pdf +2021-01-11,61a27be290976447f72c35a58fb1b76481b08adb,unit42.paloaltonetworks.com-xHunt Campaign New BumbleBee Webshell and SSH Tunnels Used for Lateral Movement,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2021.01.11.xHunt_Campaign/unit42.paloaltonetworks.com-xHunt%20Campaign%20New%20BumbleBee%20Webshell%20and%20SSH%20Tunnels%20Used%20for%20Lateral%20Movement.pdf +2021-01-11,9077800dc0e2dbbb57d9c9a90a3619c68d718b13,securelist.com-Sunburst backdoor code overlaps with Kazuar,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.01.11.Sunburst_Kazuar/securelist.com-Sunburst%20backdoor%20%20code%20overlaps%20with%20Kazuar.pdf +2021-01-11,d236226592ada17c3181d9c1eb42f6f6ca52f9bc,xHunt Campaign_ New BumbleBee Webshell and SSH Tunnels Used for Lateral Movement,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.01.11.xHunt_Campaign/xHunt%20Campaign_%20New%20BumbleBee%20Webshell%20and%20SSH%20Tunnels%20Used%20for%20Lateral%20Movement.pdf +2021-01-12,d5cf4e80ac62b5e17eaf837484b6e99c5a7e1c34,research.nccgroup.com-Abusing cloud services to fly under the radar,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.01.12.Abusing_cloud_services_Chimera/research.nccgroup.com-Abusing%20cloud%20services%20to%20fly%20under%20the%20radar.pdf +2021-01-12,e53b5732b76f4478577c591d9baec717e35adc3b,welivesecurity.com-Operation Spalax Targeted malware attacks in Colombia,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.01.12.Operation_Spalax/welivesecurity.com-Operation%20Spalax%20Targeted%20malware%20attacks%20in%20Colombia.pdf +2021-01-12,ec83db1b099ad2e211b9633f66ebed82f8bb93e5,yoroi.company-Opening STEELCORGI A Sophisticated APT Swiss Army Knife,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.01.12.STEELCORGI/yoroi.company-Opening%20STEELCORGI%20A%20Sophisticated%20APT%20Swiss%20Army%20Knife.pdf +2021-01-14,df2b0c38d578d431b4b112be019a28af408c96dd,ptsecurity.com-Higaisa or Winnti APT41 backdoors old and new,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.01.14.Higaisa_or_Winnti_APT41/ptsecurity.com-Higaisa%20or%20Winnti%20APT41%20backdoors%20old%20and%20new.pdf +2021-01-20,0aca0b66d032d240ffcc074bc43e57cefb835967,Commonly Known Tools Used by Lazarus - JPCERT_CC Eyes _ JPCERT Coordination Center official Blog,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.01.20.Commonly_Known_Tools_Lazarus/Commonly%20Known%20Tools%20Used%20by%20Lazarus%20-%20JPCERT_CC%20Eyes%20_%20JPCERT%20Coordination%20Center%20official%20Blog.pdf +2021-01-20,9dfed529039907f4bb300d0281839de2de0a0058,A Deep Dive Into Patchwork APT Group _ Cyble,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.01.20.Deep_Dive_Patchwork/A%20Deep%20Dive%20Into%20Patchwork%20APT%20Group%20_%20Cyble.pdf +2021-01-25,701322599004ff14f9ec088b3b910f9e28c0eef7,A detailed analysis of ELMER Backdoor used by APT16 – CYBER GEEKS,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.01.25.APT16_Elmer_backdoor/A%20detailed%20analysis%20of%20ELMER%20Backdoor%20used%20by%20APT16%20%E2%80%93%20CYBER%20GEEKS.pdf +2021-01-28,f379aa885d52567de38ad7ffe6be90aca2140f56,Lebanese-Cedar-APT,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.01.28.Lebanese_Cedar_APT/Lebanese-Cedar-APT.pdf +2021-01-31,1dfd4cd9d9a5cd3d9749a98852ba36d6eb0b865d,JSAC2021_202_niwa-yanagishita_en,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.01.31.A41APT/JSAC2021_202_niwa-yanagishita_en.pdf +2021-02-01,1776a3f9f29651f6de2f458c0a14afb79c3bfb81,VinCSS Blog_ [RE020] ElephantRAT (Kunming version)_ our latest discovered RAT of Panda and the similarities with recently Smanager RAT,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.02.01.ElephantRAT/VinCSS%20Blog_%20%5BRE020%5D%20ElephantRAT%20%28Kunming%20version%29_%20our%20latest%20discovered%20RAT%20of%20Panda%20and%20the%20similarities%20with%20recently%20Smanager%20RAT.pdf +2021-02-01,2306d03d7e80ab6e90c753e55ed363904371a6ff,blog.vincss.net-RE020 ElephantRAT Kunming version our latest discovered RAT of Panda and the similarities with recent,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2021.02.01.ElephantRAT/blog.vincss.net-RE020%20ElephantRAT%20Kunming%20version%20our%20latest%20discovered%20RAT%20of%20Panda%20and%20the%20similarities%20with%20recent.pdf +2021-02-01,aaf0f41c26fc8122eed39c863ef7a586f4024808,operation-nightscout-supply-chain-attack-online-gaming-asia,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.02.01.Operation_NightScout/operation-nightscout-supply-chain-attack-online-gaming-asia.pdf +2021-02-02,b3337c0f3226c009089da347f58b0611411dfbed,ESET_Kobalos,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.02.02.Kobalos/ESET_Kobalos.pdf +2021-02-03,b075b3490db2935c09d7b942e2c1ae079cf0a29f,Hildegard_ New TeamTNT Malware Targeting Kubernetes,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.02.03.Hildegard/Hildegard_%20New%20TeamTNT%20Malware%20Targeting%20Kubernetes.pdf +2021-02-08,bcc2ff0e9e6bfbc5b2d54610dede3be8a49f1331,research.checkpoint.com-Domestic Kitten An Inside Look at the Iranian Surveillance Operations,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.02.08.Domestic_Kitten/research.checkpoint.com-Domestic%20Kitten%20%20An%20Inside%20Look%20at%20the%20Iranian%20Surveillance%20Operations.pdf +2021-02-09,cd98ff1cf9217495ce3ccc27c189298278841548,unit42.paloaltonetworks.com-BendyBear Novel Chinese Shellcode Linked With Cyber Espionage Group BlackTech,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.02.09.BendyBear/unit42.paloaltonetworks.com-BendyBear%20Novel%20Chinese%20Shellcode%20Linked%20With%20Cyber%20Espionage%20Group%20BlackTech.pdf +2021-02-10,96d826302a7efc3ed7d0d5aec99c9cfc1646e4fe,blog.lookout.com-Lookout Discovers Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2021.02.10.Confucius_India-Pakistan/blog.lookout.com-Lookout%20Discovers%20Novel%20Confucius%20APT%20Android%20Spyware%20Linked%20to%20India-Pakistan%20Conflict.pdf +2021-02-10,f44953a930898e647b8220eec076c1274ca34851,Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.02.10.Confucius_India-Pakistan/Novel%20Confucius%20APT%20Android%20Spyware%20Linked%20to%20India-Pakistan%20Conflict.pdf +2021-02-17,4b91d90ea50514d038257a729599bddfa7a16bbb,Confucius APT Android Spyware Targets Pakistani and Other South Asian Regions — Cyble,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.02.17.Confucius_Pakistani_South_Asian/Confucius%20APT%20Android%20Spyware%20Targets%20Pakistani%20and%20Other%20South%20Asian%20Regions%20%E2%80%94%20Cyble.pdf +2021-02-17,7f777067bb7c374bc58a37819c510788819ab46c,cybleinc.com-Confucius APT Android Spyware Targets Pakistani and Other South Asian Regions,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2020/2021.02.17.Confucius_Pakistani_South_Asian/cybleinc.com-Confucius%20APT%20Android%20Spyware%20Targets%20Pakistani%20and%20Other%20South%20Asian%20Regions.pdf +2021-02-22,98742dcad26eb4051bba977be4fe8bd6c6b140b1,research.checkpoint.com-The Story of Jian How APT31 Stole and Used an Unknown Equation Group 0-Day,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.02.22.APT31_Equation_Group/research.checkpoint.com-The%20Story%20of%20Jian%20%20How%20APT31%20Stole%20and%20Used%20an%20Unknown%20Equation%20Group%200-Day.pdf +2021-02-23,9bef91678930a7bf4f38419db200a2abb277f839,The_CrowdStrike_2021_Global_Threat_Report,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/CrowdStrike/The_CrowdStrike_2021_Global_Threat_Report.pdf +2021-02-24,830252fd24ee5a302d2ac6d9dc1e6842e3efbed1,LazyScripter,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.02.24.LazyScripter/LazyScripter.pdf +2021-02-24,aad302df572c61e3f31f09ceac912cc6b4cf2e9f,amnesty.org-Click and Bait Vietnamese Human Rights Defenders Targeted with Spyware Attacks,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.02.24.Click_and_Bait/amnesty.org-Click%20and%20Bait%20Vietnamese%20Human%20Rights%20Defenders%20Targeted%20with%20Spyware%20Attacks.pdf +2021-02-25,42da0553f984992fca55238adb710a7a8c081816,greatidea_A41_v1.0,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.02.25.A41APT/greatidea_A41_v1.0.pdf +2021-02-25,6a688916cf8672f92df48613cd092add20cb383d,proofpoint.com-TA413 Leverages New FriarFox Browser Extension to Target the Gmail Accounts of Global Tibetan Organiz,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.02.25.TA413_FriarFox/proofpoint.com-TA413%20Leverages%20New%20FriarFox%20Browser%20Extension%20to%20Target%20the%20Gmail%20Accounts%20of%20Global%20Tibetan%20Organiz.pdf +2021-02-25,e505382d8c12eda7c13df2094de433d304c69a20,kaspersky-ics-cert-lazarus-targets-defense-industry-with-threatneedle-en-20210225,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.02.25.Lazarus_ThreatNeedle/kaspersky-ics-cert-lazarus-targets-defense-industry-with-threatneedle-en-20210225.pdf +2021-03-02,71b7670f7c8e59dbaea64acb39a796862c6b05c1,Operation Exchange Marauder_ Active Exploitation of Multiple Zero-Day Microsoft Exchange Vulnerabilities _ Volexity,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.03.02.Operation_Exchange_Marauder/Operation%20Exchange%20Marauder_%20Active%20Exploitation%20of%20Multiple%20Zero-Day%20Microsoft%20Exchange%20Vulnerabilities%20_%20Volexity.pdf +2021-03-02,ecc7718e285eba15ee5c9d610dc10fed75227bf3,HAFNIUM targeting Exchange Servers with 0-day exploits - Microsoft Security,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.03.02.HAFNIUM_APT/HAFNIUM%20targeting%20Exchange%20Servers%20with%200-day%20exploits%20-%20Microsoft%20Security.pdf +2021-03-10,412f70c02f7582ed56e48d5ab2fb62d5fc37c064,Bitdefender-PR-Whitepaper-BADHATCH-creat5237-en-EN,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.03.10.FIN8_BADHATCH_Toolkit/Bitdefender-PR-Whitepaper-BADHATCH-creat5237-en-EN.pdf +2021-03-10,b2470335bf38bddcffac494b053edf80751d74d9,Linux Backdoor RedXOR Likely Operated by Chinese Nation-State,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.03.10.RedXOR/Linux%20Backdoor%20RedXOR%20Likely%20Operated%20by%20Chinese%20Nation-State.pdf +2021-03-18,9807dbe836d414e2b78de88142d0e49c409fd310,SilverFish_TLPWHITE,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.03.18.SilverFish_Group/SilverFish_TLPWHITE.pdf +2021-03-23,1397cd7b11ebd6527ce6b71e5d37716717fdf4cd,"Websites Hosting Cracks Spread Malware, Adware",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.03.23.CopperStealer/Websites%20Hosting%20Cracks%20Spread%20Malware%2C%20Adware.pdf +2021-03-30,6da3d044daff6bb24ef18b3e013b1f17c3548dbf,BadBlood_ TA453 Targets US and Israeli Medical Research Personnel in Credential Phishing Campaigns _ Proofpoint US,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.03.30.BadBlood_TA453/BadBlood_%20TA453%20Targets%20US%20and%20Israeli%20Medical%20Research%20Personnel%20in%20Credential%20Phishing%20Campaigns%20_%20Proofpoint%20US.pdf +2021-03-30,7c8a47dad5440202660007a31618e4f85d0d86fe,APT10_ sophisticated multi-layered loader Ecipekac discovered in A41APT campaign _ Securelist,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.03.30.APT10/APT10_%20sophisticated%20multi-layered%20loader%20Ecipekac%20discovered%20in%20A41APT%20campaign%20_%20Securelist.pdf +2021-03-30,d08c90184d768b25306806f66ca829a24c8a6c38,2021-Threat-Detection-Report,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/2021-Threat-Detection-Report.pdf +2021-04-06,6de388bbce11428b2491f5c5de501303b50770ce,Threat Group Uses Voice Changing Software in Espionage Attempt - Cado Security _ Cloud Native Digital Forensics,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.04.06.APT-C-23_Voice_Changing/Threat%20Group%20Uses%20Voice%20Changing%20Software%20in%20Espionage%20Attempt%20-%20Cado%20Security%20_%20Cloud%20Native%20Digital%20Forensics.pdf +2021-04-07,865a943119a51537413db6f558af76559237a1ee,Cisco Talos Intelligence Group - Comprehensive Threat Intelligence_ Sowing Discord_ Reaping the benefits of collaboration app abuse,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.04.07.Sowing_Discord/Cisco%20Talos%20Intelligence%20Group%20-%20Comprehensive%20Threat%20Intelligence_%20Sowing%20Discord_%20Reaping%20the%20benefits%20of%20collaboration%20app%20abuse.pdf +2021-04-08,358418d6665af6173055b08fad48e56540c50190,Iran’s APT34 Returns with an Updated Arsenal - Check Point Research,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.04.08.APT34_Returns/Iran%E2%80%99s%20APT34%20Returns%20with%20an%20Updated%20Arsenal%20-%20Check%20Point%20Research.pdf +2021-04-08,fa51e4fc31413cc11e93b0245b93dc0dd36b07ce,"(Are you) afreight of the dark_ Watch out for Vyveva, new Lazarus backdoor _ WeLiveSecurity",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.04.08.Vyveva_Lazarus/%28Are%20you%29%20afreight%20of%20the%20dark_%20Watch%20out%20for%20Vyveva%2C%20new%20Lazarus%20backdoor%20_%20WeLiveSecurity.pdf +2021-04-09,01d5f589f56547de69752f135d32c6723a4b3055,Iron Tiger APT Updates Toolkit With Evolved SysUpdate Malware,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.04.09.Iron_Tiger_SysUpdate/Iron%20Tiger%20APT%20Updates%20Toolkit%20With%20Evolved%20SysUpdate%20Malware.pdf +2021-04-12,f1e5b814ff4ee85f0be263cdc4a7048fad658933,rpt-mtrends-2021,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/FireEye/rpt-mtrends-2021.pdf +2021-04-12,f1e5b814ff4ee85f0be263cdc4a7048fad658933,mtrends-2021,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/FireEye/mtrends-2021.pdf +2021-04-13,5cac1187b758faac5a0874c199b4ff928590b8ed,"eSentire _ Hackers Flood the Web with 100,000 Malicious Pages,…",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.04.13.Hackers_Flood/eSentire%20_%20Hackers%20Flood%20the%20Web%20with%20100%2C000%20Malicious%20Pages%2C%E2%80%A6.pdf +2021-04-13,61cbc94ba10fa02aa103a45c681a5cf52c74b402,Zero-day vulnerability in Desktop Window Manager (CVE-2021-28310) used in the wild _ Securelist,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.04.13.CVE-2021-28310_APT/Zero-day%20vulnerability%20in%20Desktop%20Window%20Manager%20%28CVE-2021-28310%29%20used%20in%20the%20wild%20_%20Securelist.pdf +2021-04-13,9e6dbde54289974038d5b36e40163761b444361f,ASEC_REPORT_vol.102_ENG,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/AhnLab/ASEC_REPORT_vol.102_ENG.pdf +2021-04-19,ee00fbe1a7e991856e9ef3da7601dc010aacdeba,2021.04.19.A_Deep_Dive_into_Zebrocys_Dropper_Docs,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.04.19.A_Deep_Dive_into_Zebrocys_Dropper_Docs/2021.04.19.A_Deep_Dive_into_Zebrocys_Dropper_Docs.pdf +2021-04-19,f577c784cc04ad513072b1b02e4d3c9f9399c10a,2021.04.19.Lazarus_APT_conceals_malicious_code_within_BMP_image_to_drop_its_RAT,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.04.19.Lazarus_APT_conceals_malicious_code_within_BMP_image_to_drop_its_RAT/2021.04.19.Lazarus_APT_conceals_malicious_code_within_BMP_image_to_drop_its_RAT.pdf +2021-04-20,2df18ace43029121d0bc039c517739e3a76e0d1b,Check Your Pulse_ Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day _ FireEye Inc,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.04.20.APT_Pulse_Secure_Zero-Day/Check%20Your%20Pulse_%20Suspected%20APT%20Actors%20Leverage%20Authentication%20Bypass%20Techniques%20and%20Pulse%20Secure%20Zero-Day%20_%20FireEye%20Inc.pdf +2021-04-23,c0a6c1d076397e18a94880fea00e416b94d2d263,Bitdefender-PR-Whitepaper-NAIKON-creat5397-en-EN,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.04.23.NAIKON/Bitdefender-PR-Whitepaper-NAIKON-creat5397-en-EN.pdf +2021-04-23,c6737d903675ae6e4ae9531ee6dab7b1a0cd3126,APT35 ‘Charming Kitten' discovered in a pre-infected environment _ Blog _ Darktrace,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.04.23.Charming_Kitten/APT35%20%E2%80%98Charming%20Kitten%27%20discovered%20in%20a%20pre-infected%20environment%20_%20Blog%20_%20Darktrace.pdf +2021-04-27,e89c63fb8f2b2e868b4e3159ae6a70671399e48e,Lazarus Group Recruitment_ Threat Hunters vs Head Hunters,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.04.27.Lazarus_Group_Recruitment/Lazarus%20Group%20Recruitment_%20Threat%20Hunters%20vs%20Head%20Hunters.pdf +2021-04-28,4847ac85009d57c2f3b32022f5da496afbe97663,Water Pamola Attacked Online Shops Via Malicious Orders,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.04.28.Water_Pamola/Water%20Pamola%20Attacked%20Online%20Shops%20Via%20Malicious%20Orders.pdf +2021-04-28,84aa89ff766bcd002bf1a6641157aed3388547f5,unc1151-ghostwriter-update-report,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.04.28.Ghostwriter_UNC1151/unc1151-ghostwriter-update-report.pdf +2021-04-28,dbedc67e6cb865b41f475841e723d3742e41e9b4,APT_trends_report_Q1_2021_Securelist,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/Kaspersky/APT_trends_report_Q1_2021_Securelist.pdf +2021-05-01,cbf2c8b08c7445c3b7dfbbb4d2d07b5ce1b6d709,MuddyWater Binder Project Part 1,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.05.01.MuddyWater_Binder_1/MuddyWater%20Binder%20Project%20Part%201.pdf +2021-05-01,e68c113ca98d90157913ad4c7d6820d0935616d3,CryptoCore-Lazarus-Clearsky,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.05.01.CryptoCore-Lazarus/CryptoCore-Lazarus-Clearsky.pdf +2021-05-06,4b06da80d998f2b02afb361cbecf02c1b9c62ce8,Operation TunnelSnake _ Securelist,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.05.06.Operation_TunnelSnake/Operation%20TunnelSnake%20_%20Securelist.pdf +2021-05-06,ee72d1a177d77e14ae5ce7ce612abd4f0d121cbe,Cybersecurity_threatscape-2020-Q4_eng,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/PTSecurity/Cybersecurity_threatscape-2020-Q4_eng.pdf +2021-05-07,54e368656f8c1ec2ea9279668731bc1563ac0c93,Advisory Further TTPs associated with SVR cyber actors,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.05.07.SVR_TTPs/Advisory%20Further%20TTPs%20associated%20with%20SVR%20cyber%20actors.pdf +2021-05-07,c09e4404fe00745c657cdbdaf5b1b65d3cf11403,MuddyWater Binder Project Part 2,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.05.07.MuddyWater_Binder_2/MuddyWater%20Binder%20Project%20Part%202.pdf +2021-05-13,ec6a5ea95cca0fdb10be0bfbd44c95b2e2ad12a4,blog.talosintelligence.com-Transparent Tribe APT expands its Windows malware arsenal,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.05.13.Transparent_Tribe_APT/blog.talosintelligence.com-Transparent%20Tribe%20APT%20expands%20its%20Windows%20malware%20arsenal.pdf +2021-05-25,8f99e28d978b22cfe04a25286d94b10b5b89a9fc,evol-agrius,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.05.25.AGRIUSAuthor/evol-agrius.pdf +2021-05-27,714b97855b6bca61266ae5a43f01443c5ab49570,New sophisticated email-based attack from NOBELIUM - Microsoft Security,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.05.27.NOBELIUM_New/New%20sophisticated%20email-based%20attack%20from%20NOBELIUM%20-%20Microsoft%20Security.pdf +2021-05-28,158c584a037e8a315ce4089356c213174c46baf4,Breaking down NOBELIUM’s latest early-stage toolset - Microsoft Security,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.05.28.NOBELIUM_toolset/Breaking%20down%20NOBELIUM%E2%80%99s%20latest%20early-stage%20toolset%20-%20Microsoft%20Security.pdf +2021-06-01,3253a930ea63c726f582ec4b7476553e47bf28e2,eset_threat_report_t12021,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/ESET/eset_threat_report_t12021.pdf +2021-06-03,06d0aec6c9a8aa4ef0a72f17d82006471f34d427,SharpPanda_ Chinese APT Group Targets Southeast Asian Government With Previously Unknown Backdoor - Check Point Research,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.06.03.SharpPanda_APT/SharpPanda_%20Chinese%20APT%20Group%20Targets%20Southeast%20Asian%20Government%20With%20Previously%20Unknown%20Backdoor%20-%20Check%20Point%20Research.pdf +2021-06-08,ac0591591ca8eabd198c118d307d5626e635c0dc,PuzzleMaker attacks with Chrome zero-day exploit chain _ Securelist,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.06.08.PuzzleMaker_APT/PuzzleMaker%20attacks%20with%20Chrome%20zero-day%20exploit%20chain%20_%20Securelist.pdf +2021-06-10,fa1a699f09e9631b4bb88974ac2535b4972e59a9,Big airline heist_ APT41 likely behind massive supply chain attack,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.06.10.Big_airline_heist/Big%20airline%20heist_%20APT41%20likely%20behind%20massive%20supply%20chain%20attack.pdf +2021-06-16,3ef10b0ab15e09aa93d78ade0cdc1d316b4849c2,Ferocious Kitten_ 6 years of covert surveillance in Iran _ Securelist,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.06.16.Ferocious_Kitten/Ferocious%20Kitten_%206%20years%20of%20covert%20surveillance%20in%20Iran%20_%20Securelist.pdf +2021-06-24,d063937814ba93ea91211bfad9050a8e791634be,Operation Eagle Eye – Securifera,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.06.24.Operation_Eagle_Eye/Operation%20Eagle%20Eye%20%E2%80%93%20Securifera.pdf +2021-06-25,1c47b10138d1717b816ffba852e939cacda13cd2,Cybersecurity_threats_2021-Q1-eng,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/PTSecurity/Cybersecurity_threats_2021-Q1-eng.pdf +2021-07-01,1e0588628d0a59185f79dcd422a3c0b9e0ec4a19,IndigoZebra APT continues to attack Central Asia with evolving tools - Check Point Research,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.07.01.IndigoZebra_APT/IndigoZebra%20APT%20continues%20to%20attack%20Central%20Asia%20with%20evolving%20tools%20-%20Check%20Point%20Research.pdf +2021-07-05,592860ae544200835fbe47e24e2f8120260064f6,Tracking Cobalt Strike_ A Trend Micro Vision One Investigation,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.07.05.cobalt_strike_tracking/Tracking%20Cobalt%20Strike_%20A%20Trend%20Micro%20Vision%20One%20Investigation.pdf +2021-07-06,47b5872e770ab60fbb0567c160ebd2fd71de9d5a,Lazarus campaign TTPs and evolution _ AT&T Alien Labs,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.07.06.Lazarus_TTPs_evolution/Lazarus%20campaign%20TTPs%20and%20evolution%20_%20AT%26T%20Alien%20Labs.pdf +2021-07-09,134f2e202dfedcb1bc0cf378237b52aebfdf6bce,BIOPASS RAT New Malware Sniffs Victims via Live Streaming,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.07.09.BIOPASS_RAT/BIOPASS%20RAT%20New%20Malware%20Sniffs%20Victims%20via%20Live%20Streaming.pdf +2021-07-12,c8c216936ab67e42fe240e50ae1e0edb42c445c9,#NoFilter_ Exposing the Tactics of Instagram Account Hackers,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.07.12.NoFilter/%23NoFilter_%20Exposing%20the%20Tactics%20of%20Instagram%20Account%20Hackers.pdf +2021-07-13,d8f51b768c2767132210757a41aa0068c0edcaeb,ASEC_REPORT_vol.103_ENG,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/AhnLab/ASEC_REPORT_vol.103_ENG.pdf +2021-07-14,4929da9c7a9f48feec74f9e95942cc4bcae558e1,How we protect users from 0-day attacks,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.07.14.Candiru_0Day/How%20we%20protect%20users%20from%200-day%20attacks.pdf +2021-07-19,0f3bf0752bfd0844fdd3d4b2a306b8532155d44e,CSA_TTPs-of-Indicted-APT40-Actors-Associated-with-China-MSS-Hainan-State-Security-Department,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.07.19.APT40_TTP/CSA_TTPs-of-Indicted-APT40-Actors-Associated-with-China-MSS-Hainan-State-Security-Department.pdf +2021-07-20,d89fd3072ca54b3027546576a3d11ec24b6af17e,wp-tracking-the-activities-of-teamTNT,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.07.20.Tracking.TeamTNT/wp-tracking-the-activities-of-teamTNT.pdf +2021-07-26,1d8afcb0a27dd36ac103ce50236577d9b066b01c,FM 3-12 Cyberspace Operations and Electromagnetic Warfare 20,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/FM%203-12%20Cyberspace%20Operations%20and%20Electromagnetic%20Warfare%2020.pdf +2021-07-27,742607b5902b16a84a818c26fa5c7919d7642639,THOR_ Previously Unseen PlugX Variant Deployed During Microsoft Exchange Server Attacks by PKPLUG Group,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.07.27.THOR_PKPLUG_Group/THOR_%20Previously%20Unseen%20PlugX%20Variant%20Deployed%20During%20Microsoft%20Exchange%20Server%20Attacks%20by%20PKPLUG%20Group.pdf +2021-07-28,6fa5641b366ea3cb82097902227cd9a6c2682607,I Knew You Were Trouble_ TA456 Targets Defense Contractor with Alluring Social Media Persona _ Proofpoint US,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.07.28.TA456/I%20Knew%20You%20Were%20Trouble_%20TA456%20Targets%20Defense%20Contractor%20with%20Alluring%20Social%20Media%20Persona%20_%20Proofpoint%20US.pdf +2021-08-02,73ab28174d255e1168f7f37a1059e7724c030081,TG1021 - Praying Mantis Threat Actor,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.08.02.TG1021_Praying_Mantis/TG1021%20-%20Praying%20Mantis%20Threat%20Actor.pdf +2021-08-03,11ceeb439a68322cf4e558528e7c1c1c07650b26,DeadRinger_ Exposing Chinese Threat Actors Targeting Major Telcos,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.08.03.DeadRinger/DeadRinger_%20Exposing%20Chinese%20Threat%20Actors%20Targeting%20Major%20Telcos.pdf +2021-08-03,836d38706da0649008cfec7363adb8afdd865e65,"APT31 new dropper. Target destinations_ Mongolia, Russia, the U.S., and elsewhere",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.08.03.APT31_new_dropper/APT31%20new%20dropper.%20Target%20destinations_%20Mongolia%2C%20Russia%2C%20the%20U.S.%2C%20and%20elsewhere.pdf +2021-08-03,baeb67b65db49abaa6006edff1ab3c2027f6646a,A step-by-step analysis of the new malware used by APT28_Sofacy called SkinnyBoy – CYBER GEEKS,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.08.03.SKINNYBOY/A%20step-by-step%20analysis%20of%20the%20new%20malware%20used%20by%20APT28_Sofacy%20called%20SkinnyBoy%20%E2%80%93%20CYBER%20GEEKS.pdf +2021-08-03,f75539e7eea8d63a92a7c27b1bc5ba7f36cb73c7,The Art of Cyberwarfare,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.08.03.Chinese_APTs_attackRussia/The%20Art%20of%20Cyberwarfare.pdf +2021-08-09,a1c41f7fdb6f7c8fb6b716eadb1ed38acc825e56,Cinobi Banking Trojan Targets Users of Cryptocurrency Exchanges with New Malvertising Campaign,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.08.09.Cinobi_Banking_Trojan/Cinobi%20Banking%20Trojan%20Targets%20Users%20of%20Cryptocurrency%20Exchanges%20with%20New%20Malvertising%20Campaign.pdf +2021-08-10,543a366fa1fa63ff8f723bacbdd87cc8fb645c15,UNC215_ Spotlight on a Chinese Espionage Campaign in Israel _ FireEye Inc,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.08.10.UNC215_Chinese_Israel/UNC215_%20Spotlight%20on%20a%20Chinese%20Espionage%20Campaign%20in%20Israel%20_%20FireEye%20Inc.pdf +2021-08-12,cd1679b297d1649491047771ba3a048192e577c7,Uncovering Tetris – a Full Surveillance Kit Running in your Browser – imp0rtp3,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.08.12.Full-Surveillance-Kit-China/Uncovering%20Tetris%20%E2%80%93%20a%20Full%20Surveillance%20Kit%20Running%20in%20your%20Browser%20%E2%80%93%20imp0rtp3.pdf +2021-08-14,757ef48a54cef102a118185232edaf29063efa2d,Indra — Hackers Behind Recent Attacks on Iran - Check Point Research,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.08.14.Indra_Iran/Indra%20%E2%80%94%20Hackers%20Behind%20Recent%20Attacks%20on%20Iran%20-%20Check%20Point%20Research.pdf +2021-08-17,0ac0607c1ca7b3c37963078ca00d7b42678b7bdb,volexity.com-North Korean APT InkySquid Infects Victims Using Browser Exploits,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.08.17.NK_APT_InkySquid/volexity.com-North%20Korean%20APT%20InkySquid%20Infects%20Victims%20Using%20Browser%20Exploits.pdf +2021-08-17,8aa09365daf1885aba46f3f46d07582ae06754d9,Confucius Uses Pegasus Spyware-related Lures to Target Pakistani Military,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.08.17.Confucius_Pegasus/Confucius%20Uses%20Pegasus%20Spyware-related%20Lures%20to%20Target%20Pakistani%20Military.pdf +2021-08-17,baedafd5738f76de4cf76381afc917cb0facd962,2021.08.17_new_iranian_campaign_by_Siamesekitten,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.08.17_new_iranian_campaign_by_Siamesekitten/2021.08.17_new_iranian_campaign_by_Siamesekitten.pdf +2021-08-19,beca2ea7c71252aff71f45e5a6aedce2cadbc9f0,Shadowpad,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.08.19.ShadowPad/Shadowpad.pdf +2021-08-24,82faf0f8be075ee1f3efaba5089fd9962328811f,volexity.com-North Korean BLUELIGHT Special InkySquid Deploys RokRAT,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.08.24.NK_APT_InkySquid_RokRAT/volexity.com-North%20Korean%20BLUELIGHT%20Special%20InkySquid%20Deploys%20RokRAT.pdf +2021-08-24,f5ba5f8240569e08da4796deb95b89ee1340d03d,wp-earth-baku-an-apt-group-targeting-indo-pacific-countries,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.08.24.Earth_Baku_Returns/wp-earth-baku-an-apt-group-targeting-indo-pacific-countries.pdf +2021-08-25,2f7a1368b3927bfbb7aea55aa173425cea798e5b,Bitdefender-PR-Whitepaper-FIN8-creat5619-en-EN,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.08.25.FIN8_Sardonic_Backdoor/Bitdefender-PR-Whitepaper-FIN8-creat5619-en-EN.pdf +2021-09-02,1eb5501d5d7378576a757794de2b1731cedfca98,North Korean Cyberattacks A Dangerous and Evolving Threat 2,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/North%20Korean%20Cyberattacks%20%20A%20Dangerous%20and%20Evolving%20Threat%202.pdf +2021-09-07,56752df9972f7695f87fffc0f0278cf16135a776,Report2021ThreatHunting,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/CrowdStrike/Report2021ThreatHunting.pdf +2021-09-08,7d10596b5dd3375e6100b3370438a9fb9dc8e7a8,"Pro-PRC Influence Campaign Expands to Dozens of Social Media Platforms, Websites, and Forums in at Least Seven Languages, Attempted to Physically Mobilize Protesters in the U.S. _ FireEye Inc",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.09.08.Pro-PRC_Campaign/Pro-PRC%20Influence%20Campaign%20Expands%20to%20Dozens%20of%20Social%20Media%20Platforms%2C%20Websites%2C%20and%20Forums%20in%20at%20Least%20Seven%20Languages%2C%20Attempted%20to%20Physically%20Mobilize%20Protesters%20in%20the%20U.S.%20_%20FireEye%20Inc.pdf +2021-09-11,d512fa27b8b1196c05cc32f4a9752c5913579e90,APT_trends_report_Q2_2021_Securelist,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/Kaspersky/APT_trends_report_Q2_2021_Securelist.pdf +2021-09-13,2e715005ca1bc480ffaf2a75a4bfc1651c3fb015,APT-C-36 Updates Its Long-term Spam Campaign Against South American Entities With Commodity RATs,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.09.13.APT-C-36_South_American/APT-C-36%20Updates%20Its%20Long-term%20Spam%20Campaign%20Against%20South%20American%20Entities%20With%20Commodity%20RATs.pdf +2021-09-14,f6800cab68f7c1b95614a48cacd45ec079c32bd9,Operation ‘Harvest’_ A Deep Dive into a Long-term Campaign _ McAfee Blogs,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.09.14.Operation_Harvest/Operation%20%E2%80%98Harvest%E2%80%99_%20A%20Deep%20Dive%20into%20a%20Long-term%20Campaign%20_%20McAfee%20Blogs.pdf +2021-09-20,c129b2753a0240db809636501db41d413003b583,FY21_Microsoft_Digital_Defense_Report,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/Microsoft/FY21_Microsoft_Digital_Defense_Report.pdf +2021-09-23,0acf53ba83aaabb027f6e37905690e36bf7ef6e4,FamousSparrow_ A suspicious hotel guest _ WeLiveSecurity,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.09.23.FamousSparrow/FamousSparrow_%20A%C2%A0suspicious%20hotel%20guest%20_%20WeLiveSecurity.pdf +2021-09-23,1502a5da6914b420e3ffa6fe507419a692951970,eset_threat_report_t22021,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/ESET/eset_threat_report_t22021.pdf +2021-09-27,36a2f04f55d02b967222faad2d629f6c1296007a,FoggyWeb_ Targeted NOBELIUM malware leads to persistent backdoor _ Microsoft Security Blog,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.09.27.FoggyWeb/FoggyWeb_%20Targeted%20NOBELIUM%20malware%20leads%20to%20persistent%20backdoor%20_%20Microsoft%20Security%20Blog.pdf +2021-09-30,2d2c53b46c2c454a93aa1902a1940c973f8196de,GhostEmperor_technical-details_PDF_eng,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.09.30.GhostEmperor/GhostEmperor_technical-details_PDF_eng.pdf +2021-10-04,b29056a7d71a0119d0296a203efe53692c584726,Malware Gh0stTimes Used by BlackTech - JPCERT_CC Eyes _ JPCERT Coordination Center official Blog,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.10.04.Gh0stTimes_BlackTech/Malware%20Gh0stTimes%20Used%20by%20BlackTech%20-%20JPCERT_CC%20Eyes%20_%20JPCERT%20Coordination%20Center%20official%20Blog.pdf +2021-10-05,c838b993057ccdeb6cbfa25d879f891e995d1a2e,UEFI threats moving to the ESP_ Introducing ESPecter bootkit _ WeLiveSecurity,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.10.05.ESPecter_bootkit/UEFI%20threats%20moving%20to%20the%20ESP_%20Introducing%20ESPecter%20bootkit%20_%20WeLiveSecurity.pdf +2021-10-06,bab9bb00d8257cc19a6053d24e649884cebcec3a,Operation GhostShell_ Novel RAT Targets Global Aerospace and Telecoms Firms,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.10.06.Operation_GhostShell/Operation%20GhostShell_%20Novel%20RAT%20Targets%20Global%20Aerospace%20and%20Telecoms%20Firms.pdf +2021-10-12,01a8aab8c3dae6852f09ec151cf7afb6d1cfcc77,MysterySnail attacks with Windows zero-day _ Securelist,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.10.12.MysterySnail/MysterySnail%20attacks%20with%20Windows%20zero-day%20_%20Securelist.pdf +2021-10-14,3e9e42157b00624ac9d5537837bc12139694be04,Analyzing Email Services Abused for Business Email Compromise,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.10.14.BEC_groups/Analyzing%20Email%20Services%20Abused%20for%20Business%20Email%20Compromise.pdf +2021-10-15,cff106c8ed7c8f625ed5c4deca151a7a385b5997,Global_APT_Research_Report_for_the_first_half_of_2021-360,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/360/Global_APT_Research_Report_for_the_first_half_of_2021-360.pdf +2021-10-18,a23d0adf9427966cbd9a55d0d7a34b1046d1cd1e,Harvester_ Nation-state-backed group uses new toolset to target victims in South Asia _ Symantec Blogs,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.10.18.Harvester_South_Asia/Harvester_%20Nation-state-backed%20group%20uses%20new%20toolset%20to%20target%20victims%20in%20South%20Asia%20_%20Symantec%20Blogs.pdf +2021-10-19,2e682dca2ba1ed2bf2ac50d0d07f22c9b6bb0359,"Whatta TA_ TA505 Ramps Up Activity, Delivers New FlawedGrace Variant _ Proofpoint US",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.10.19.TA505_New_FlawedGrace/Whatta%20TA_%20TA505%20Ramps%20Up%20Activity%2C%20Delivers%20New%20FlawedGrace%20Variant%20_%20Proofpoint%20US.pdf +2021-10-19,98fe112857885dc84909b66d652305b9ff09952d,LightBasin_A-Roaming-Threat-to-Telecommunications-Companies_CrowdStrike,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.10.19.UNC1945_LightBasin/LightBasin_A-Roaming-Threat-to-Telecommunications-Companies_CrowdStrike.pdf +2021-10-19,dfa5c713e19a1e537fb24955675433f4c22b3b05,PurpleFox Adds New Backdoor That Uses WebSockets,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.10.19.PurpleFox/PurpleFox%20Adds%20New%20Backdoor%20That%20Uses%20WebSockets.pdf +2021-10-25,80d5d6464f2feb2ff8096841057b5d2bc4214cc5,AfricanCyberthreatAssessment_ENGLISH,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/AfricanCyberthreatAssessment_ENGLISH.pdf +2021-10-26,4ef2ac990d902dd57573c84d2a9e32073419be36,Malware WinDealer used by LuoYu Attack Group - JPCERT_CC Eyes _ JPCERT Coordination Center official Blog,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.10.26.WinDealer_LuoYu_Group/Malware%20WinDealer%20used%20by%20LuoYu%20Attack%20Group%20-%20JPCERT_CC%20Eyes%20_%20JPCERT%20Coordination%20Center%20official%20Blog.pdf +2021-10-26,a57364b181e963fb578604b96c8e8c076fd18c79,CERTFR-2021-CTI-009,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/CERTFR-2021-CTI-009.pdf +2021-10-28,177ddb0153c6749da6258bf5cc2f9770214452d3,Solarmarker_v2,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/Solarmarker_v2.pdf +2021-11-04,ee64c5385df7e65c33cbb7de8f802e279ab0a8c9,Technical report Armagedon,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.11.04.Gamaredon_Armageddon_Group/Technical%20report%20Armagedon.pdf +2021-11-08,d12903008af0fa50b26f425731eac32f8cd70bd2,TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access – NCC Group Research,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.11.08.TA505_SolarWinds/TA505%20exploits%20SolarWinds%20Serv-U%20vulnerability%20%28CVE-2021-35211%29%20for%20initial%20access%20%E2%80%93%20NCC%20Group%20Research.pdf +2021-11-10,ccc5f2d73b1912c88f9d513670b361b7da83d9ad,wp-void-balaur-tracking-a-cybermercenarys-activities (1),https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.11.10.Void_Balaur/wp-void-balaur-tracking-a-cybermercenarys-activities%20%281%29.pdf +2021-11-11,ac3bc9d76279d5e7f01938bc9f93086aa946ddf0,Analyzing a watering hole campaign using macOS exploits,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.11.11.watering_hole_macOS_exploits/Analyzing%20a%20watering%20hole%20campaign%20using%20macOS%20exploits.pdf +2021-11-15,423f5a4c910cbb9c0c31136fa8ffbbf9dcafd0e2,FINDING BEACONS IN THE DARK 1650728751599,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/FINDING%20BEACONS%20IN%20THE%20DARK%201650728751599.pdf +2021-11-16,1f6daa02e5a9289aae807988f9f4dc3248fac1fb,Strategic web compromises in the Middle East with a pinch of Candiru _ WeLiveSecurity,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.11.16.Pinch_of_Candiru/Strategic%20web%20compromises%20in%20the%20Middle%20East%20with%20a%20pinch%20of%20Candiru%20_%20WeLiveSecurity.pdf +2021-11-16,b2e4b4c6640dcfb1be4198cff0caee607843c149,"UNC1151 Assessed with High Confidence to have Links to Belarus, Ghostwriter Campaign Aligned with Belarusian Government Interests _ Mandiant",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.11.16.UNC1151/UNC1151%20Assessed%20with%20High%20Confidence%20to%20have%20Links%20to%20Belarus%2C%20Ghostwriter%20Campaign%20Aligned%20with%20Belarusian%20Government%20Interests%20_%20Mandiant.pdf +2021-11-16,f7ab89e669d11e63e8f62a6fdb63127078fe0f23,UNC1151_Assessed-with-High-Confidence-to-have-Links-to-Belarus_Mandiant,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.11.16.UNC1115_Ghostwriter_Campaign/UNC1151_Assessed-with-High-Confidence-to-have-Links-to-Belarus_Mandiant.pdf +2021-11-18,9b0f4bbb3f0258b6bccef43be37e95125b747904,TA406_triple-threat-N-Korea-aligned-TA406-steals-scams-spies_Proofpoint,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.11.18.TA406_North_Korea_aligned/TA406_triple-threat-N-Korea-aligned-TA406-steals-scams-spies_Proofpoint.pdf +2021-11-29,70c9ebf707682ca2311e3cedf264f4e7c66d7a15,Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.11.29.Safib_Assistant/Campaign%20Abusing%20Legitimate%20Remote%20Administrator%20Tools%20Uses%20Fake%20Cryptocurrency%20Websites.pdf +2021-12-03,50ca1906cdc6559901f61b79f22ed57f47937e04,conti-cyber-attack-on-the-hse-full-report,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.12.03.Conti_Attack_HSE/conti-cyber-attack-on-the-hse-full-report.pdf +2021-12-07,8d9d36d5a0f7e1b3367f0058888e59aae58ff855,FIN13_ A Cybercriminal Threat Actor Focused on Mexico _ Mandiant,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.12.07.FIN13/FIN13_%20A%20Cybercriminal%20Threat%20Actor%20Focused%20on%20Mexico%20_%20Mandiant.pdf +2021-12-11,91ae6d339296f9d85396d9aa2c1f279f2b05eb6b,eset_jumping_the_air_gap_wp,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.12.11.Jumping_the_air_gap/eset_jumping_the_air_gap_wp.pdf +2021-12-16,8e156a0a92cb4ed04111ced57054bf79b491cea1,New DarkHotel APT attack chain identified _ Zscaler,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.12.16.New_DarkHotel_APT/New%20DarkHotel%20APT%20attack%20chain%20identified%20_%20Zscaler.pdf +2021-12-19,011d85f9602c8af14d9cf5bb0721633c1702f8bc,EN-BlackTech_2021,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2021/2021.12.19.BlackTech_APT/EN-BlackTech_2021.pdf +2022-01-03,9a4bfa953645a026d375321eef37b893847d80ad,Konni_targeting_Russian_diplomatic_sector,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.01.03.KONNI_Targets_Russian_Diplomatic/Konni_targeting_Russian_diplomatic_sector.pdf +2022-01-05,f40128c46ba46871e88e231615d3f220c133324f,Sygnia- Elephant Beetle_Jan2022,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.01.05.Elephant_Beetle/Sygnia-%20Elephant%20Beetle_Jan2022.pdf +2022-01-07,bc53a0db10794ce970ffd5d1c22e71f580e6eaed,Patchwork_Patchwork-APT-caught-in-its-own-web_MalwarebytesLabs,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.01.07.Patchwork_APT_India/Patchwork_Patchwork-APT-caught-in-its-own-web_MalwarebytesLabs.pdf +2022-01-17,870bca331eac48550c2b19d5e931cf673abe8d9b,technical-brief-delving-deep-an-analysis-of-earth-lusca-operations,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.01.17.Earth_Lucsa/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf +2022-01-20,5430c0dc9b0469443f1725e7e8a42febadb0b31b,MoonBounce_ the dark side of UEFI firmware _ Securelist,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.01.20.MoonBounce/MoonBounce_%20the%20dark%20side%20of%20UEFI%20firmware%20_%20Securelist.pdf +2022-01-25,08fff1030cceb4ca9a10bf788cf477017a5bae9c,Prime Minister’s Office Compromised_ Details of Recent Espionage Campaign,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.01.25.Prime_Minister_Compromised/Prime%20Minister%E2%80%99s%20Office%20Compromised_%20Details%20of%20Recent%20Espionage%20Campaign.pdf +2022-01-27,2bdc78b3bc56515322135f0dc78c058db89ef411,"North Korea's Lazarus APT leverages Windows Update client, GitHub in latest campaign _ Malwarebytes Labs",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.01.27.Lazarus_APT/North%20Korea%27s%20Lazarus%20APT%20leverages%20Windows%20Update%20client%2C%20GitHub%20in%20latest%20campaign%20_%20Malwarebytes%20Labs.pdf +2022-01-27,aec95bd02681262700b32b383e13345b29859bae,APT29_StellarParticle-Campaing_CrowdStrike,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.01.27.APT29_StellarParticle/APT29_StellarParticle-Campaing_CrowdStrike.pdf +2022-01-31,70b68051e0086125427abed0851380433dc93108,Shuckworm_APT,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.01.31.Shuckworm_APT/Shuckworm_APT.pdf +2022-01-31,e58ce98ef061a0c2dd538e2fe1cc6dc9df402285,"Cisco Talos Intelligence Group - Comprehensive Threat Intelligence_ Iranian APT MuddyWater targets Turkish users via malicious PDFs, executables",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.01.31.MuddyWater_Turkish/Cisco%20Talos%20Intelligence%20Group%20-%20Comprehensive%20Threat%20Intelligence_%20Iranian%20APT%20MuddyWater%20targets%20Turkish%20users%20via%20malicious%20PDFs%2C%20executables.pdf +2022-02-01,34ba9f0c1b7b234a95ae5d96fc574e97551a9b85,PowerLess Trojan_ Iranian APT Phosphorus Adds New PowerShell Backdoor for Espionage,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.02.01.Phosphorus_APT/PowerLess%20Trojan_%20Iranian%20APT%20Phosphorus%20Adds%20New%20PowerShell%20Backdoor%20for%20Espionage.pdf +2022-02-03,5c32c243e75a98bcbff60ec9678f6c4eb28881ce,Antlion_ Chinese APT Uses Custom Backdoor to Target Financial Institutions in Taiwan _ Symantec Blogs,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.02.03.Antlion_APT/Antlion_%20Chinese%20APT%20Uses%20Custom%20Backdoor%20to%20Target%20Financial%20Institutions%20in%20Taiwan%20_%20Symantec%20Blogs.pdf +2022-02-08,f72eb3b283f282c8ab825f3924c0341fb50d0f73,eset_threat_report_t32021,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/ESET/eset_threat_report_t32021.pdf +2022-02-14,70c4e5d03aad858ada2452ff6faff202aa1401e1,Report2022GTR,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/CrowdStrike/Report2022GTR.pdf +2022-02-15,f0c6e1af701bfce2c62c66ae7e5845455f64ca81,ShadowPad Malware Analysis _ Secureworks,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.02.15_ShadowPad/ShadowPad%20Malware%20Analysis%20_%20Secureworks.pdf +2022-02-23,5c61980e67a35be135305a23a49801e89fa14780,(Ex)Change of Pace_ UNC2596 Observed Leveraging Vulnerabilities to Deploy Cuba Ransomware _ Mandiant,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.02.23.UNC2596/%28Ex%29Change%20of%20Pace_%20UNC2596%20Observed%20Leveraging%20Vulnerabilities%20to%20Deploy%20Cuba%20Ransomware%20_%20Mandiant.pdf +2022-02-23,b6a45bf5c338924a200e7c67eef4c3601dce0c9e,The_Bvp47_a_top-tier_backdoor_of_us_nsa_equation_group.en,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.02.23.Bvp47/The_Bvp47_a_top-tier_backdoor_of_us_nsa_equation_group.en.pdf +2022-03-01,248c00716584d84cbf66e6d19a4b27f28ee27c79,Asylum Ambuscade_ State Actor Uses Compromised Private Ukrainian Military Emails to Target European Governments and Refugee Movement _ Proofpoint US,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.03.01.Asylum_Ambuscade/Asylum%20Ambuscade_%20State%20Actor%20Uses%20Compromised%20Private%20Ukrainian%20Military%20Emails%20to%20Target%20European%20Governments%20and%20Refugee%20Movement%20_%20Proofpoint%20US.pdf +2022-03-07,cba4918a039ac19c5340c399f8828ee819275303,"The Good, the Bad, and the Web Bug_ TA416 Increases Operational Tempo Against European Governments as Conflict in Ukraine Escalates _ Proofpoint US",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.03.07.TA416/The%20Good%2C%20the%20Bad%2C%20and%20the%20Web%20Bug_%20TA416%20Increases%20Operational%20Tempo%20Against%20European%20Governments%20as%20Conflict%20in%20Ukraine%20Escalates%20_%20Proofpoint%20US.pdf +2022-03-08,3774add8772159cc87d60efe57e72ba435e7051b,New RURansom Wiper Targets Russia,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.03.08.RURansom_Wiper/New%20RURansom%20Wiper%20Targets%20Russia.pdf +2022-03-17,09c4f8ef3fced7f59e58ed7b506dcd2fb2a94fdc,Cyclops Blink Sets Sights on Asus Routers,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.03.17.Cyclops_Blink_Voodoo_Bear/Cyclops%20Blink%20Sets%20Sights%20on%20Asus%20Routers.pdf +2022-03-17,e908e25d6553b35b8e87f04fe92f53d2dd6df732,Appendix_Cyclops Blink Sets Sights on ASUS Routers,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.03.17.Cyclops_Blink_Voodoo_Bear/Appendix_Cyclops%20Blink%20Sets%20Sights%20on%20ASUS%20Routers.pdf +2022-03-23,551dbf96ed7bedc5778b2bd0f0e873c14a7e842b,"Mustang Panda’s Hodur_ Old tricks, new Korplug variant _ WeLiveSecurity",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.03.23.Mustang_Panda/Mustang%20Panda%E2%80%99s%20Hodur_%20Old%20tricks%2C%20new%20Korplug%20variant%20_%20WeLiveSecurity.pdf +2022-03-23,c848df52070b8baac8ccb65d4a223c2370e75469,telecom_research_en,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.03.23.Kazakhstan_APT/telecom_research_en.pdf +2022-03-30,ea6ce067a3a25f585984e9931b76131e254fc714,New Milestones for Deep Panda_ Log4Shell and Digitally Signed Fire Chili Rootkits,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.03.30.Deep_Panda_New_Milestones/New%20Milestones%20for%20Deep%20Panda_%20Log4Shell%20and%20Digitally%20Signed%20Fire%20Chili%20Rootkits.pdf +2022-05-02,67f46c74653725c4e385c800f438eb8fd8805d05,UNC3524_ Eye Spy on Your Email _ Mandiant,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.05.02.UNC3524/UNC3524_%20Eye%20Spy%20on%20Your%20Email%20_%20Mandiant.pdf +2022-05-04,77b0b2d59915c9eb27318d061597a0706796cb02,APT_trends_report_Q2_2022_Securelist,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/Kaspersky/APT_trends_report_Q2_2022_Securelist.pdf +2022-05-05,9f57b345740588ac3769383ddc70ab3fe8abea8c,Cisco Talos Intelligence Group - Comprehensive Threat Intelligence_ Mustang Panda deploys a new wave of malware targeting Europe,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.05.05.Mustang_Panda_Europe/Cisco%20Talos%20Intelligence%20Group%20-%20Comprehensive%20Threat%20Intelligence_%20Mustang%20Panda%20deploys%20a%20new%20wave%20of%20malware%20targeting%20Europe.pdf +2022-05-11,5f8c3de2c2e101c15d9c8fd9c86ca4cfcaeba07b,Cisco Talos Intelligence Group - Comprehensive Threat Intelligence_ Bitter APT adds Bangladesh to their targets,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.05.11.Bitter_APT_Bangladesh/Cisco%20Talos%20Intelligence%20Group%20-%20Comprehensive%20Threat%20Intelligence_%20Bitter%20APT%20adds%20Bangladesh%20to%20their%20targets.pdf +2022-05-12,f36b4d4ba9a966e066d94ad15a9cc11e1c22ef1a,Threat Thursday_ Malware Rebooted - How Industroyer2 Takes Aim at Ukraine Infrastructure,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.05.12.Industroyer2_Ukraine/Threat%20Thursday_%20Malware%20Rebooted%20-%20How%20Industroyer2%20Takes%20Aim%20at%20Ukraine%20Infrastructure.pdf +2022-05-19,a1b1ab94940c4ef9fc2694b8f65bed6de440e4f7,Twisted Panda_ Chinese APT espionage operation against Russian’s state-owned defense institutes - Check Point Research,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.05.19.Twisted_Panda/Twisted%20Panda_%20Chinese%20APT%20espionage%20operation%20against%20Russian%E2%80%99s%20state-owned%20defense%20institutes%20-%20Check%20Point%20Research.pdf +2022-05-26,cae0df518ba65cdec37a220a4e608c6e68eebe9c,eset_threat_report_t12022,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/ESET/eset_threat_report_t12022.pdf +2022-06-02,d05cfc990ee1f6ffe97aa7b07ea130da7a161476,WinDealer dealing on the side _ Securelist,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.06.02.WinDealer/WinDealer%20dealing%20on%20the%20side%20_%20Securelist.pdf +2022-06-21,d2665a6a8b82c1d4842965e79b469abe56101a2b,ToddyCat_ Unveiling an unknown APT actor attacking high-profile entities in Europe and Asia _ Securelist,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.06.21.ToddyCat_APT/ToddyCat_%20Unveiling%20an%20unknown%20APT%20actor%20attacking%20high-profile%20entities%20in%20Europe%20and%20Asia%20_%20Securelist.pdf +2022-06-27,d947eca0780ae2be64623d792989115f95b9929b,Attacks on industrial control systems using ShadowPad _ Kaspersky ICS CERT,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.06.27.ShadowPad_ICS/Attacks%20on%20industrial%20control%20systems%20using%20ShadowPad%20_%20Kaspersky%20ICS%20CERT.pdf +2022-06-27,fb8c120e618cddb8c89a2a5469d7b9983a45b703,Overview of Russian GRU and SVR Cyberespionage Campaigns 1H 2022,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/Report/Overview%20of%20Russian%20GRU%20and%20SVR%20Cyberespionage%20Campaigns%201H%202022.pdf +2022-07-25,e2ace107f8d2140b86150d76edd08cd1e14cfe56,CosmicStrand_ the discovery of a sophisticated UEFI firmware rootkit _ Securelist,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.07.25.CosmicStrand/CosmicStrand_%20the%20discovery%20of%20a%20sophisticated%20UEFI%20firmware%20rootkit%20_%20Securelist.pdf +2022-07-26,90c27a9a4c8b09ba026c6a112738dd7eb5fe3477,"Old cat, new tricks, bad habits",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.07.26.Charming_Kitten_APT/Old%20cat%2C%20new%20tricks%2C%20bad%20habits.pdf +2022-08-12,d44d93c12fce2403517bf53705dfd78dbb61ae51,LuckyMouse uses a backdoored Electron app to target MacOS - SEKOIA.IO Blog,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.08.12.LuckyMouse/LuckyMouse%20uses%20a%20backdoored%20Electron%20app%20to%20target%20MacOS%20-%20SEKOIA.IO%20Blog.pdf +2022-08-12,e93fbf3bc680023e383c1179424f054b94a7e86f,"Iron Tiger Compromises Chat Application Mimi, Targets Windows, Mac, and Linux Users",https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.08.12.Iron_Tiger_Mimi/Iron%20Tiger%20Compromises%20Chat%20Application%20Mimi%2C%20Targets%20Windows%2C%20Mac%2C%20and%20Linux%20Users.pdf +2022-09-08,0903ff6d3b598d56dc8806ebcbd48aa27a1f5df4,BRONZE PRESIDENT Targets Government Officials _ Secureworks,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.09.08.BRONZE_PRESIDENT/BRONZE%20PRESIDENT%20Targets%20Government%20Officials%20_%20Secureworks.pdf +2022-09-28,59781a33093ab92e108580f0006aadd07ba58d21,VB2022-Exploit-archaeology-a-forensic-history-of-in-the-wild-NSO-Group-exploits,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.09.28.EXPLOIT_ARCHAEOLOGY/VB2022-Exploit-archaeology-a-forensic-history-of-in-the-wild-NSO-Group-exploits.pdf +2022-10-04,9374ad6e92811e2ace3e0a9b78e3ebcd5b2c4295,wp-the-rise-of-earth-aughisky,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.10.04.Rise_Earth_Aughisky/wp-the-rise-of-earth-aughisky.pdf +2022-10-04,a986298519a3a053e642717bb5888ef8d18abe04,IOCs-the-rise-of-earth-aughisky-tracking-the-campaigns-taidoor-started,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.10.04.Rise_Earth_Aughisky/IOCs-the-rise-of-earth-aughisky-tracking-the-campaigns-taidoor-started.pdf +2022-10-06,314c39ce253f68d062df9f0d9d641527da672101,Mustang Panda Abuses Legitimate Apps to Target Myanmar Based Victims,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.10.06.Mustang_Panda_Myanmar/Mustang%20Panda%20Abuses%20Legitimate%20Apps%20to%20Target%20Myanmar%20Based%20Victims.pdf +2022-11-02,d6178c8c86d3dac48ddf678e2abf3d3235d91bad,RomCom Threat Actor Abuses KeePass and SolarWinds to Target Ukraine and Potentially the United Kingdom,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.11.02.RomCom_Ukraine_UK/RomCom%20Threat%20Actor%20Abuses%20KeePass%20and%20SolarWinds%20to%20Target%20Ukraine%20and%20Potentially%20the%20United%20Kingdom.pdf +2022-12-02,7f9b8506b73078f6b437f402197deadcb15e46e3,Blowing Cobalt Strike Out of the Water With Memory Analysis,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.12.02.Cobalt_Strike_Out_of_the_Water/Blowing%20Cobalt%20Strike%20Out%20of%20the%20Water%20With%20Memory%20Analysis.pdf +2022-12-05,9c2e050959ee0d8e7e979b09b0d9674e2277cd15,Message from Recorded Future,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.12.05.TAG-53_Russia/Message%20from%20Recorded%20Future.pdf +2022-12-06,20abcd71b5293e4c97768dd337b4260a88efcc7c,Mustang Panda Uses the Russian-Ukrainian War to Attack Europe and Asia Pacific Targets,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.12.06.Mustang_Panda/Mustang%20Panda%20Uses%20the%20Russian-Ukrainian%20War%20to%20Attack%20Europe%20and%20Asia%20Pacific%20Targets.pdf +2022-12-07,4d042f2898173264f3791050861eb0b4313213fe,Internet Explorer 0-day exploited by North Korean actor APT37,https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/raw/master/2022/2022.12.07.APT37_0Day/Internet%20Explorer%200-day%20exploited%20by%20North%20Korean%20actor%20APT37.pdf diff --git a/index/generate_index.py b/index/generate_index.py index bae0c7d..90529da 100755 --- a/index/generate_index.py +++ b/index/generate_index.py @@ -33,18 +33,19 @@ def index_report(path: str): # Get the published date from the path name if possible published_raw = DATE_REGEX.match(os.path.basename(os.path.dirname(path))) - pypdf = PyPDF2.PdfFileReader(open(path, "rb"), strict=False) + pypdf = PyPDF2.PdfReader(open(path, "rb"), strict=False) if published_raw == None or (".00" in published_raw.group(0)): logging.debug(f"no published date for report: {path}") - if pypdf.isEncrypted: + if pypdf.is_encrypted: pypdf.decrypt("") try: - cdate_raw = pypdf.documentInfo["/CreationDate"] - cdate_clean = cdate_raw.replace("'", "").replace("D:", "")[:8] - cadate_parsed = datetime.strptime(cdate_clean, "%Y%m%d") - published = cadate_parsed.date() + cdate = pypdf.metadata.creation_date + if cdate != None: + published = pypdf.metadata.creation_date.date() + else: + published = datetime.min.date() except (KeyError, ValueError, PdfReadError) as derr: logging.error(f"no date for report: {path} | {derr}") return @@ -67,7 +68,7 @@ def process_reports(path: str): if not filepath.endswith(".pdf"): continue try: - PyPDF2.PdfFileReader(open(full_path, "rb")) + PyPDF2.PdfReader(open(full_path, "rb")) rel_dir = os.path.relpath(path, os.getcwd()) rel_file = os.path.join(rel_dir, filepath) report_list.append(rel_file)