diff --git a/2024/2024.02.13.Water_Hydra/CVE-2024-21412_ Water Hydra Targets Traders with Microsoft Defender SmartScreen Zero-Day.pdf b/2024/2024.02.13.Water_Hydra/CVE-2024-21412_ Water Hydra Targets Traders with Microsoft Defender SmartScreen Zero-Day.pdf
new file mode 100644
index 0000000..1f15d43
Binary files /dev/null and b/2024/2024.02.13.Water_Hydra/CVE-2024-21412_ Water Hydra Targets Traders with Microsoft Defender SmartScreen Zero-Day.pdf differ
diff --git a/2024/2024.02.13.Water_Hydra/ioc-list-water-hydra-cve-2024-21412.txt b/2024/2024.02.13.Water_Hydra/ioc-list-water-hydra-cve-2024-21412.txt
new file mode 100644
index 0000000..24aaaa9
--- /dev/null
+++ b/2024/2024.02.13.Water_Hydra/ioc-list-water-hydra-cve-2024-21412.txt
@@ -0,0 +1,258 @@
+CVE-2024-21412: Water Hydra Targets Traders with Windows Defender SmartScreen Zero-Day
+=======================================================================================
+Indicators of Compromise
+=======================================================================================
+
+[URL]
+hxxp[://]84[.]32[.]189[.]74
+hxxp[://]84[.]32[.]189[.]74/xampp/
+hxxp[://]84[.]32[.]189[.]74/webdav/
+hxxps[://]fxbulls[.]ru
+hxxps[://]fxbulls[.]ru/wp-content/uploads
+hxxps[://]fxbulls[.]ru/wp-content/uploads/2023/12/photo_2023-12-29[.]jpg[.]htm
+hxxps[://]fxbulls[.]ru/wp-content/uploads/2023/12/photo_2023-12-29[.]jpg[.]html
+hxxps[://]84[.]32[.]189[.]74@0[.]0[.]0[.]80/fxbulls/net/2[.]url
+
+hxxp[://]84[.]32[.]189[.]74/fxbulls
+hxxp[://]84[.]32[.]189[.]74/fxbulls/pictures
+hxxp[://]84[.]32[.]189[.]74/fxbulls/pictures/photo_2023-12-29[.]jpg[.]url
+hxxp[://]84[.]32[.]189[.]74/fxbulls/pictures/Thumbs[.]db 
+hxxp[://]84[.]32[.]189[.]74/fxbulls/pictures/2[.]url 
+hxxp[://]84[.]32[.]189[.]74/fxbulls/pictures/a2[.]zip 
+hxxp[://]84[.]32[.]189[.]74/fxbulls/pictures/a2[.]zip/a2[.]cmd
+hxxp[://]84[.]32[.]189[.]74/fxbulls/pictures/a2[.]zip
+hxxp[://]84[.]32[.]189[.]74/fxbulls/pictures/b3[.]dll
+hxxp[://]84[.]32[.]189[.]74/fxbulls/pictures/7z[.]dll
+hxxp[://]84[.]32[.]189[.]74/fxbulls/pictures/7z[.]exe
+hxxp[://]84[.]32[.]189[.]74/fxbulls/pictures/photo_2023-12-29s[.]jpg
+hxxp[://]84[.]32[.]189[.]74/fxbulls/pictures/My2[.]zip
+
+hxxp[://]84[.]32[.]189[.]74/fxbulls
+hxxp[://]84[.]32[.]189[.]74/fxbulls/images
+hxxp[://]84[.]32[.]189[.]74/fxbulls/images/photo_2023-12-29[.]jpg[.]url
+hxxp[://]84[.]32[.]189[.]74/fxbulls/images/Thumbs[.]db 
+hxxp[://]84[.]32[.]189[.]74/fxbulls/images/2[.]url 
+hxxp[://]84[.]32[.]189[.]74/fxbulls/images/a2[.]zip 
+hxxp[://]84[.]32[.]189[.]74/fxbulls/images/a2[.]zip/a2[.]cmd
+hxxp[://]84[.]32[.]189[.]74/fxbulls/images/a2[.]zip
+hxxp[://]84[.]32[.]189[.]74/fxbulls/images/b3[.]dll
+hxxp[://]84[.]32[.]189[.]74/fxbulls/images/7z[.]dll
+hxxp[://]84[.]32[.]189[.]74/fxbulls/images/7z[.]exe
+hxxp[://]84[.]32[.]189[.]74/fxbulls/images/photo_2023-12-29s[.]jpg
+hxxp[://]84[.]32[.]189[.]74/fxbulls/images/My2[.]zip
+
+hxxp[://]84[.]32[.]189[.]74/fxbulls/net
+hxxp[://]84[.]32[.]189[.]74/fxbulls/net/photo_2023-12-29[.]jpg[.]url
+hxxp[://]84[.]32[.]189[.]74/fxbulls/net/Thumbs[.]db 
+hxxp[://]84[.]32[.]189[.]74/fxbulls/net/2[.]url 
+hxxp[://]84[.]32[.]189[.]74/fxbulls/net/a2[.]zip 
+hxxp[://]84[.]32[.]189[.]74/fxbulls/net/a2[.]zip/a2[.]cmd
+hxxp[://]84[.]32[.]189[.]74/fxbulls/net/a2[.]zip
+hxxp[://]84[.]32[.]189[.]74/fxbulls/net/b3[.]dll
+hxxp[://]84[.]32[.]189[.]74/fxbulls/net/7z[.]dll
+hxxp[://]84[.]32[.]189[.]74/fxbulls/net/7z[.]exe
+hxxp[://]84[.]32[.]189[.]74/fxbulls/net/photo_2023-12-29s[.]jpg
+hxxp[://]84[.]32[.]189[.]74/fxbulls/net/My2[.]zip
+
+hxxp[://]84[.]32[.]189[.]74/underwall/docs
+hxxp[://]84[.]32[.]189[.]74/underwall/docs/7z.zip
+hxxp[://]84[.]32[.]189[.]74/underwall/docs/passport.jpg.url
+hxxp[://]84[.]32[.]189[.]74/underwall/docs/warop.url
+hxxp[://]84[.]32[.]189[.]74/underwall/expand
+hxxp[://]84[.]32[.]189[.]74/underwall/expand/7z.zip
+hxxp[://]84[.]32[.]189[.]74/underwall/expand/photo_2023-12-26.jpg.url
+hxxp[://]84[.]32[.]189[.]74/underwall/expand/warop.url
+hxxp[://]84[.]32[.]189[.]74/underwall/society
+hxxp[://]84[.]32[.]189[.]74/underwall/society/7z.zip
+hxxp[://]84[.]32[.]189[.]74/underwall/society/photo_2023-12-26.jpg.url
+hxxp[://]84[.]32[.]189[.]74/underwall/society/warop.url
+
+[PATHS]
+/fxbulls
+/fxbulls/pictures
+/fxbulls/pictures/photo_2023-12-29[.]jpg[.]url
+/fxbulls/pictures/Thumbs[.]db 
+/fxbulls/pictures/2[.]url 
+/fxbulls/pictures/a2[.]zip 
+/fxbulls/pictures/a2[.]zip/a2[.]cmd
+/fxbulls/pictures/a2[.]zip
+/fxbulls/pictures/b3[.]dll
+/fxbulls/pictures/7z[.]dll
+/fxbulls/pictures/7z[.]exe
+/fxbulls/pictures/photo_2023-12-29s[.]jpg
+/fxbulls/pictures/My2[.]zip
+
+/fxbulls
+/fxbulls/images
+/fxbulls/images/photo_2023-12-29[.]jpg[.]url
+/fxbulls/images/Thumbs[.]db 
+/fxbulls/images/2[.]url 
+/fxbulls/images/a2[.]zip 
+/fxbulls/images/a2[.]zip/a2[.]cmd
+/fxbulls/images/a2[.]zip
+/fxbulls/images/b3[.]dll
+/fxbulls/images/7z[.]dll
+/fxbulls/images/7z[.]exe
+/fxbulls/images/photo_2023-12-29s[.]jpg
+/fxbulls/images/My2[.]zip
+
+/fxbulls/net
+/fxbulls/net/photo_2023-12-29[.]jpg[.]url
+/fxbulls/net/Thumbs[.]db 
+/fxbulls/net/2[.]url 
+/fxbulls/net/a2[.]zip 
+/fxbulls/net/a2[.]zip/a2[.]cmd
+/fxbulls/net/a2[.]zip
+/fxbulls/net/b3[.]dll
+/fxbulls/net/7z[.]dll
+/fxbulls/net/7z[.]exe
+/fxbulls/net/photo_2023-12-29s[.]jpg
+/fxbulls/net/My2[.]zip
+
+/underwall/docs
+/underwall/docs/7z.zip
+/underwall/docs/passport.jpg.url
+/underwall/docs/warop.url
+
+/underwall/expand
+/underwall/expand/7z.zip
+/underwall/expand/photo_2023-12-26.jpg.url
+/underwall/expand/warop.url
+
+/underwall/society
+/underwall/society/7z.zip
+/underwall/society/photo_2023-12-26.jpg.url
+/underwall/society/warop.url
+
+[DOMAINS]
+fxbulls[.]ru
+87iavv[.]com
+unfawjelesst322[.]com
+p2oaviwt39ui[.]com
+
+[WEBDAV]
+\\84[.]32[.]189[.]74@80
+
+\\84[.]32[.]189[.]74@80
+\\84[.]32[.]189[.]74@80\pictures
+\\84[.]32[.]189[.]74@80\pictures\photo_2023-12-29[.]jpg[.]url
+\\84[.]32[.]189[.]74@80\pictures\Thumbs[.]db 
+\\84[.]32[.]189[.]74@80\pictures\2[.]url 
+\\84[.]32[.]189[.]74@80\pictures\a2[.]zip 
+\\84[.]32[.]189[.]74@80\pictures\a2[.]zip\a2[.]cmd
+\\84[.]32[.]189[.]74@80\pictures\a2[.]zip
+\\84[.]32[.]189[.]74@80\pictures\b3[.]dll
+\\84[.]32[.]189[.]74@80\pictures\7z[.]dll
+\\84[.]32[.]189[.]74@80\pictures\7z[.]exe
+\\84[.]32[.]189[.]74@80\pictures\photo_2023-12-29s[.]jpg
+\\84[.]32[.]189[.]74@80\pictures\My2[.]zip
+
+\\84[.]32[.]189[.]74@80
+\\84[.]32[.]189[.]74@80\images
+\\84[.]32[.]189[.]74@80\images\photo_2023-12-29[.]jpg[.]url
+\\84[.]32[.]189[.]74@80\images\Thumbs[.]db 
+\\84[.]32[.]189[.]74@80\images\2[.]url 
+\\84[.]32[.]189[.]74@80\images\a2[.]zip 
+\\84[.]32[.]189[.]74@80\images\a2[.]zip\a2[.]cmd
+\\84[.]32[.]189[.]74@80\images\a2[.]zip
+\\84[.]32[.]189[.]74@80\images\b3[.]dll
+\\84[.]32[.]189[.]74@80\images\7z[.]dll
+\\84[.]32[.]189[.]74@80\images\7z[.]exe
+\\84[.]32[.]189[.]74@80\images\photo_2023-12-29s[.]jpg
+\\84[.]32[.]189[.]74@80\images\My2[.]zip
+
+\\84[.]32[.]189[.]74@80\net
+\\84[.]32[.]189[.]74@80\net\photo_2023-12-29[.]jpg[.]url
+\\84[.]32[.]189[.]74@80\net\Thumbs[.]db 
+\\84[.]32[.]189[.]74@80\net\2[.]url 
+\\84[.]32[.]189[.]74@80\net\a2[.]zip 
+\\84[.]32[.]189[.]74@80\net\a2[.]zip\a2[.]cmd
+\\84[.]32[.]189[.]74@80\net\a2[.]zip
+\\84[.]32[.]189[.]74@80\net\b3[.]dll
+\\84[.]32[.]189[.]74@80\net\7z[.]dll
+\\84[.]32[.]189[.]74@80\net\7z[.]exe
+\\84[.]32[.]189[.]74@80\net\photo_2023-12-29s[.]jpg
+\\84[.]32[.]189[.]74@80\net\My2[.]zip
+
+\\84[.]32[.]189[.]74@80\docs
+\\84[.]32[.]189[.]74@80\docs\7z[.]zip
+\\84[.]32[.]189[.]74@80\docs\passport[.]jpg[.]url
+\\84[.]32[.]189[.]74@80\docs\warop[.]url
+
+\\84[.]32[.]189[.]74@80\expand
+\\84[.]32[.]189[.]74@80\expand\7z[.]zip
+\\84[.]32[.]189[.]74@80\expand\photo_2023-12-26[.]jpg[.]url
+\\84[.]32[.]189[.]74@80\expand\warop[.]url
+
+\\84[.]32[.]189[.]74@80\society
+\\84[.]32[.]189[.]74@80\society\7z[.]zip
+\\84[.]32[.]189[.]74@80\society\photo_2023-12-26[.]jpg[.]url
+\\84[.]32[.]189[.]74@80\society\warop[.]url
+
+[IP ADDRESSES]
+84[.]32[.]189[.]74
+179[.]43[.]172[.]127
+179[.]43[.]172[.]191
+64[.]31[.]63[.]70
+64[.]31[.]63[.]194
+
+[FILES]									[DETECTION NAME]
+1458a762332676f7807ab45f8f236c22a1a7bb0c21fcd8c779f972f2446a11d0	Trojan.HTML.CVE202421412.A
+758c6364ab560fbeff2bfa8712a2e09132d85d0bf6918e6acc79fe12f5b71ec3	Trojan.HTML.CVE202421412.A
+77d685e29c3dbe75fa8a82c69c68c731a09904020a76145ca27aeaf0058455cd	Trojan.HTML.CVE202421412.A
+b36dc329a5dc766c2645d5f5b6cdaa9542ec3b0aa1bc13dc1f899ce6d95d59fb	Trojan.HTML.CVE202421412.A
+d895fff3c909ea2eb6624fc5f154c924fe0af51c6c899fd9093dc3cd27a5dad2	Trojan.HTML.CVE202421412.A
+008e57d62caa8cfa991f5519eabe3f15d79799b81ba8cc6b67cde6da0dbffdab	Trojan.Win32.CVE202421412.A
+087878208755420d5d7ae2eb6a84482768cb8972732911ac16096cd0c95fa0f7	Trojan.Win32.CVE202421412.A
+1115e4bed3949493d8ab184e5c42f047355f13b9bf91c1621acb7971a148bea2	Trojan.Win32.CVE202421412.A
+18b1dc2e00245cb017ebdedfe63881929d7542eeffa8f42ee0ad20cc2ebf181a 	Trojan.Win32.CVE202421412.A
+1956bcd3df47e76b2e9f396514f072311563d092ae02509f817c488567749998	Trojan.Win32.CVE202421412.A
+1fbc621a71578cb22d4e3a0feec68735321358a3aeb18adbe4a20630c7f788b8	Trojan.Win32.CVE202421412.A
+39fb9fb06910f1133f3b23c523a5139f61d243380802b0670a664473d00e1fa9	Trojan.Win32.CVE202421412.A
+3e420ce1dc1a8503f48815b880381dd23206e08be2474d151f1353df7df2d796	Trojan.Win32.CVE202421412.A
+4201ab8c0c4cf0f01f5a25d8e4e7221634776b5bad8c3faad5ad819ec58619ad	Trojan.Win32.CVE202421412.A
+58b0f5da4a53e956b35e77f55ced641291a596e16067b1dab6ac54d9cb6a52a5	Trojan.Win32.CVE202421412.A
+5b16ac1edb747053ee5a085ab826c61218c5b471eaa04f2471dc2e80b5621023	Trojan.Win32.CVE202421412.A
+5c85a0fe230d351b35da364c797cc95557f5dcceec034eb648e1805237c7203b	Trojan.Win32.CVE202421412.A
+5f4ef55201080ef3a62b0fbdc4c27e0ccdf4041f41c04471f35b127ff6515405	Trojan.Win32.CVE202421412.A
+61de01bc154b1118caacfed3839c996a795d6c21c2efbf1da6b926414f5d182d	Trojan.Win32.CVE202421412.A
+65cc5594b307c2ac4e3c251aeae68dedf7d1f24ba3b0d7ab5ad3623e8a9fc865	Trojan.Win32.CVE202421412.A
+6793e0fbc2def9173bf8e2a6c1aa357ba7fc3e32dc1cf81107677166f175c890	Trojan.Win32.CVE202421412.A
+6bec457f83d0d98f6f6ea1243c2327e012db38fb61680f6bd68dbab0dc07170a	Trojan.Win32.CVE202421412.A
+7058ae0f02e116b38536ee1ec20f47645aecf761361b5a5e85de2961f3cc88c6	Trojan.Win32.CVE202421412.A
+70b4c2d696a24a5ae2f5e5095dc44e68b4605e4690c8a49930194ee87eb80252 	Trojan.Win32.CVE202421412.A
+73922ab0d048b45a01f13ba967f1423bc6cd6cc711f8e7d00a4cf2b1d3646f4e	Trojan.Win32.CVE202421412.A
+761fa42bc4cc5332a640c7389240324242981176ca1626e4267cc8a00cf9545f	Trojan.Win32.CVE202421412.A
+88bb1df99e02021801b08beeff87ec3ceb9e16c42f62904c5ac04c1a26213a48	Trojan.Win32.CVE202421412.A
+941cf63028bf8314bc7114a088f4d1f1dd995bec4a4b7c51fda34fbb3528667f	Trojan.Win32.CVE202421412.A
+a45e0ea5a17ba6f3a2ce7258f6cc81c6f93f37873b49218a25ec638987da6f96	Trojan.Win32.CVE202421412.A
+a5096c4624a523a660242e3451c2f4d644431a35098e36b724fab9f7d88d145d	Trojan.Win32.CVE202421412.A
+a9633da58719f07159702101474b6ba78f2ffee28b3f7ebda3feb36db4e2d0e9	Trojan.Win32.CVE202421412.A
+b0ab19986ab1297870854980f1287f1a4b8d003c540773a6c04fb3565e5701ee	Trojan.Win32.CVE202421412.A
+b350a787c19a756c0824e14eec7e9d746450d1aafb28a5d15209ec9f34c58129	Trojan.Win32.CVE202421412.A
+b738e92afc95cba819aa7aebfad459de38743c478e9e8b8f29f9919697b495b0 	Trojan.Win32.CVE202421412.A
+b8b6b6d98b7ea689f0c33d55a06afcf20482b25c51929ca9a1b302374290b337	Trojan.Win32.CVE202421412.A
+babbd9c94dedb94be8baac2ddc5b4714c44a8d0c60d49c0dc91708784bc0d57f	Trojan.Win32.CVE202421412.A
+bbdf52481bd1a15710d75b89240c7a360450e2f4f00ba2cb140affba79ebec94	Trojan.Win32.CVE202421412.A
+c86ba0da732e1fa1f06549d3ebc5ae6ae091199e95930681ac2a9152a8834184	Trojan.Win32.CVE202421412.A
+d6000a19198b8b9719fc17f7c06366e542802a8e7e232ba731b72c31226cc890	Trojan.Win32.CVE202421412.A
+d81e7d95004441ea4f5344215232db57f48579bf335c7ba4ed7f6ec6f9136ed0	Trojan.Win32.CVE202421412.A
+db1bc70c0d0c7121f1d4422a6fcd0e0668d9da786affb52dd77852641e425710	Trojan.Win32.CVE202421412.A
+ddda5737b2c3207d72d728bf40709a7296c31e7c50951dcad441f4707581ccb1	Trojan.Win32.CVE202421412.A
+e1b903eba88b920909876442306e1160eed9b69c69a05ea370cba2121e305ba1	Trojan.Win32.CVE202421412.A
+e49a7d9083b2e448274d117405c39b0c1b2c0c20ab5195bdf94aaeda7cc113d7	Trojan.Win32.CVE202421412.A
+f44964c8fdf6dbdb21c141df61b45467bba5a4482f7ab19fd6f1841fdb791f2a	Trojan.Win32.CVE202421412.A
+f6b01df60d526f1de530230724d41b482adfff81084a1872bb97c316b76e45e3	Trojan.Win32.CVE202421412.A
+f701f500d348b63f3250239cd8305a8b38230e67d74456f3333c6efeeef85bbb	Trojan.Win32.CVE202421412.A
+fb67be10a5a8b26ca86f8f79935ddd4a5b40379bb6d0af21d23f56af14bb2a90	Trojan.Win32.CVE202421412.A
+4307a067db6b6abd852441e6d70de29c3bd0e4d6a68f0449b403401518b7e037 	Trojan.Win32.CVE202421412.B
+69fc5bed55acf559035f2c5550bf8807236b580f8e2db88966b3fc80c83914d3 	Trojan.Win32.CVE202421412.B
+4c43b4575063d50ca5668e45a434aaf288970c89e8a4414812560ee787307f58 	Trojan.Win32.CVE202421412.B
+135cfefe353ca57d24cfb7326f6cf99085f8af7d1785f5967b417985e8a1153c	Trojan.Win32.DARKME.A
+252351cb1fb743379b4072903a5f6c5d29774bf1957defd9a7e19890b3f84146	Trojan.Win32.DARKME.A
+594e7f7f09a943efc7670edb0926516cfb3c6a0c0036ac1b2370ce3791bf2978	Trojan.Win32.DARKME.A
+6e825a6eb4725b82bd534ab62d3f6f37082b7dbc89062541ee1307ecd5a5dd49	Trojan.Win32.DARKME.A
+71d0a889b106350be47f742495578d7f5dbde4fb36e2e464c3d64c839b1d02bc	Trojan.Win32.DARKME.A
+b69d36e90686626a16b79fa7b0a60d5ebfd17de8ada813105b3a351d40422feb	Trojan.Win32.DARKME.A
+bf9c3218f5929dfeccbbdc0ef421282921d6cbc06f270209b9868fc73a080b8c	Trojan.Win32.DARKME.A
+dc1b15e48b68e9670bf3038e095f4afb4b0d8a68b84ae6c05184af7f3f5ecf54	Trojan.Win32.DARKME.A
diff --git a/README.md b/README.md
index aef88b8..fba2bc1 100644
--- a/README.md
+++ b/README.md
@@ -30,6 +30,7 @@ Please fire issue to me if any lost APT/Malware events/campaigns.
 
 
 ## 2024
+* Feb 13 - [[Trend Micro] CVE-2024-21412: Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day](https://www.trendmicro.com/en_us/research/24/b/cve202421412-water-hydra-targets-traders-with-windows-defender-s.html) | [:closed_book:](../../blob/master/2024/2024.02.13.Water_Hydra)
 * Jan 25 - [[KrCERT/CC] Lazarus Group’s Large-scale Threats
 via Watering Hole and Financial Software](https://jsac.jpcert.or.jp/archive/2024/pdf/JSAC2024_1_6_dongwook-kim_seulgi-lee_en.pdf) | [:closed_book:](../../blob/master/2024/2024.01.25.Lazarus_Group)
 * Jan 24 - [[itochuci] The Endless Struggle Against APT10: Insights from LODEINFO](https://blog-en.itochuci.co.jp/entry/2024/01/24/134100) | [:closed_book:](../../blob/master/2024/2024.01.24.APT10_LODEINFO)