diff --git a/2013/2013.04.21.MiniDuke/miniduke_indicators_public.pdf b/2013/2013.02.27.MiniDuke_Indicators/miniduke_indicators_public.pdf similarity index 100% rename from 2013/2013.04.21.MiniDuke/miniduke_indicators_public.pdf rename to 2013/2013.02.27.MiniDuke_Indicators/miniduke_indicators_public.pdf diff --git a/2013/themysteryofthepdf0-dayassemblermicrobackdoor.pdf b/2013/2013.02.27.MiniDuke_Mystery/themysteryofthepdf0-dayassemblermicrobackdoor.pdf similarity index 100% rename from 2013/themysteryofthepdf0-dayassemblermicrobackdoor.pdf rename to 2013/2013.02.27.MiniDuke_Mystery/themysteryofthepdf0-dayassemblermicrobackdoor.pdf diff --git a/2013/15-2013-youonlyclicktwice.pdf b/2013/2013.03.13.FinFisher/15-2013-youonlyclicktwice.pdf similarity index 100% rename from 2013/15-2013-youonlyclicktwice.pdf rename to 2013/2013.03.13.FinFisher/15-2013-youonlyclicktwice.pdf diff --git a/2013/Safe-a-targeted-threat.pdf b/2013/2013.03.17.Targeted_Threat/Safe-a-targeted-threat.pdf similarity index 100% rename from 2013/Safe-a-targeted-threat.pdf rename to 2013/2013.03.17.Targeted_Threat/Safe-a-targeted-threat.pdf diff --git a/2013/dissecting-operation-troy.pdf b/2013/2013.03.20.Operation_Troy/dissecting-operation-troy.pdf similarity index 100% rename from 2013/dissecting-operation-troy.pdf rename to 2013/2013.03.20.Operation_Troy/dissecting-operation-troy.pdf diff --git a/2013/theteamspystory_final_t2.pdf b/2013/2013.03.20.TeamSpy_Crew/theteamspystory_final_t2.pdf similarity index 100% rename from 2013/theteamspystory_final_t2.pdf rename to 2013/2013.03.20.TeamSpy_Crew/theteamspystory_final_t2.pdf diff --git a/2013/2013.03.21.Darkseoul/FTA 1008 - Darkseoul-Jokra Analysis and Recovery.pdf b/2013/2013.03.21.Darkseoul/FTA 1008 - Darkseoul-Jokra Analysis and Recovery.pdf new file mode 100644 index 0000000..e3fcc07 Binary files /dev/null and b/2013/2013.03.21.Darkseoul/FTA 1008 - Darkseoul-Jokra Analysis and Recovery.pdf differ diff --git a/2013/MiniDuke_Paper_Final.pdf b/2013/2013.04.21.MiniDuke/MiniDuke_Paper_Final.pdf similarity index 100% rename from 2013/MiniDuke_Paper_Final.pdf rename to 2013/2013.04.21.MiniDuke/MiniDuke_Paper_Final.pdf diff --git a/README.md b/README.md index ff39fa4..ad6cce1 100644 --- a/README.md +++ b/README.md @@ -678,13 +678,13 @@ APT28 group](http://csecybsec.com/download/zlab/20180713_CSE_APT28_X-Agent_Op-Ro * Apr 01 - [Trojan.APT.BaneChant](http://www.fireeye.com/blog/technical/malware-research/2013/04/trojan-apt-banechant-in-memory-trojan-that-observes-for-multiple-mouse-clicks.html) * Mar 28 - [TR-12 - Analysis of a PlugX malware variant used for targeted attacks](http://www.circl.lu/pub/tr-12/) * Mar 27 - [APT1: technical backstage (Terminator/Fakem RAT)](http://www.malware.lu/assets/files/articles/RAP002_APT1_Technical_backstage.1.0.pdf) -* Mar 21 - [Darkseoul/Jokra Analysis And Recovery](http://www.fidelissecurity.com/sites/default/files/FTA%201008%20-%20Darkseoul-Jokra%20Analysis%20and%20Recovery.pdf) -* Mar 20 - [The TeamSpy Crew Attacks](http://securelist.com/blog/incidents/35520/the-teamspy-crew-attacks-abusing-teamviewer-for-cyberespionage-8/) -* Mar 20 - [Dissecting Operation Troy](http://www.mcafee.com/sg/resources/white-papers/wp-dissecting-operation-troy.pdf) -* Mar 17 - [Safe: A Targeted Threat](http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-safe-a-targeted-threat.pdf) -* Mar 13 - [You Only Click Twice: FinFisher’s Global Proliferation](https://citizenlab.org/wp-content/uploads/2013/07/15-2013-youonlyclicktwice.pdf) -* Feb 27 - [Miniduke: Indicators v1](http://www.crysys.hu/miniduke/miniduke_indicators_public.pdf) -* Feb 27 - [The MiniDuke Mystery: PDF 0-day Government Spy Assembler 0x29A Micro Backdoor](https://www.securelist.com/en/downloads/vlpdfs/themysteryofthepdf0-dayassemblermicrobackdoor.pdf) +* Mar 21 - [[Fidelis Cybersecurity] Darkseoul/Jokra Analysis And Recovery](http://www.fidelissecurity.com/sites/default/files/FTA%201008%20-%20Darkseoul-Jokra%20Analysis%20and%20Recovery.pdf) +* Mar 20 - [[Kaspersky] The TeamSpy Crew Attacks](http://securelist.com/blog/incidents/35520/the-teamspy-crew-attacks-abusing-teamviewer-for-cyberespionage-8/) | [Local](../../blob/master/2013/2013.03.20.TeamSpy_Crew) +* Mar 20 - [[McAfee] Dissecting Operation Troy](http://www.mcafee.com/sg/resources/white-papers/wp-dissecting-operation-troy.pdf) | [Local](../../blob/master/2013/2013.03.20.Operation_Troy) +* Mar 17 - [[TrendMicro] Safe: A Targeted Threat](http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-safe-a-targeted-threat.pdf) | [Local](../../blob/master/2013/2013.03.17.Targeted_Threat) +* Mar 13 - [[Citizenlab] You Only Click Twice: FinFisher’s Global Proliferation](https://citizenlab.org/wp-content/uploads/2013/07/15-2013-youonlyclicktwice.pdf) | [Local](../../blob/master/2013/2013.03.13.FinFisher) +* Feb 27 - [[Crysis] Miniduke: Indicators v1](http://www.crysys.hu/miniduke/miniduke_indicators_public.pdf) | [Local](../../blob/master/2013/2013.02.27.MiniDuke_Indicators) +* Feb 27 - [[Kaspersky] The MiniDuke Mystery: PDF 0-day Government Spy Assembler 0x29A Micro Backdoor](https://www.securelist.com/en/downloads/vlpdfs/themysteryofthepdf0-dayassemblermicrobackdoor.pdf) | [Local](../../blob/master/2013/2013.02.27.MiniDuke_Mystery) * Feb 26 - [[Symantec] Stuxnet 0.5: The Missing Link](http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/stuxnet_0_5_the_missing_link.pdf) | [Local](../../blob/master/2013/2013.02.26.Stuxnet_0.5) * Feb 22 - [[Symantec] Comment Crew: Indicators of Compromise](http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/comment_crew_indicators_of_compromise.pdf) | [Local](../../blob/master/2013/2013.02.22.Comment_Crew) * Feb 18 - [[Fireeye] Mandiant APT1 Report](http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf) | [Local](../../blob/master/2013/2013.02.18.APT1)