blackorbird/APT_REPORT blackorbird/APT_REPORT

  • Stars
    star
    2,145
  • Rank 21,376 (Top 0.5 %)
  • Language
    Python
  • Created over 5 years ago
  • Updated 6 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
blackorbird/APT_REPORT
github

blackorbird

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Interesting APT Report Collection And Some Special IOC

APT_REPORT collected by @blackorbird https://twitter.com/blackorbird

Interesting apt report & sample & malware & technology & intellegence collection

APT Group for country

Sample

Group123

â–¶ScarCruft continues to evolve, introduces Bluetooth harvester https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/ (May 13, 2019)

â–¶Group123 Attempts to attack 'printing paper' APT disguised as a guide to organization and conferences https://blog.alyac.co.kr/2287 (May 2 , 2019)

â–¶Group123, APT attack impersonating Unification Ministry, spread malicious code to Google Drive https://blog.alyac.co.kr/2268 (April 22 , 2019)

â–¶ group123 APT organization, 'Operation High Expert' https://blog.alyac.co.kr/2226 (April 2 , 2019)

â–¶ Rocketman APT Campaign Returned to Operation Holiday Wiper https://blog.alyac.co.kr/2089 (Jan 23, 2019)

â–¶ 'Operation Blackbird', the mobile invasion of the ' https://blog.alyac.co.kr/2035 (Dec 13, 2018)

â–¶ group123 'Operation Korean Sword' is underway https://blog.alyac.co.kr/1985 (Nov. 16, 2018)

â–¶ group123 Group's latest APT campaign - 'Operation Rocket Man' https://blog.alyac.co.kr/1853 (Aug. 22, 2018)

â–¶ group123, Flash Player Zero-Day (CVE-2018-4878) Attack Attention https://blog.alyac.co.kr/1521 (Feb 02, 2018)

â–¶ 'group123' group 'survey on the total number of discovery of separated families in North and South' https://blog.alyac.co.kr/1767 (July 28, 2014)

â–¶ Rocketman APT campaign, 'Operation Golden Bird' https://blog.alyac.co.kr/2205 (March 20, 2013)

â–¶ Korea In The Crosshairs https://blog.talosintelligence.com/2018/01/korea-in-crosshairs.html (Jan 16, 2018)

â–¶FreeMilk: A Highly Targeted Spear Phishing Campaign https://unit42.paloaltonetworks.com/unit42-freemilk-highly-targeted-spear-phishing-campaign/ (Oct 5, 2017)

baby related kimsuky

▶BabyShark Malware Part Two – Attacks Continue Using KimJongRAT and PCRat (April 26, 2019) https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/

â–¶Operation Giant Baby, a giant threat (March 28, 2019) https://blog.alyac.co.kr/2223

â–¶ Malicious code installed with coin purse program(Alibaba) (March 15, 2019) https://asec.ahnlab.com/1209

â–¶ New BabyShark Malware Targets U.S. National Security Think Tanks (Feb. 22, 2019) https://unit42.paloaltonetworks.com/new-babyshark-malware-targets-u-s-national-security-think-tanks/

â–¶ Korea's latest APT attack, Operation Mystery Baby Attention! (Feb 11, 2018) https://blog.alyac.co.kr/1963

â–¶ Returned to Korea as Operation Baby Coin, APT attacker, overseas target in 2010 (Apr. 19, 2014) https://blog.alyac.co.kr/1640

kimsuky

â–¶Kimsuky, Blue House Green Support / Sangchunjae Estimate https://blog.alyac.co.kr/2645

â–¶Kimsuky, cyber security bureau Cryptographic Cases (May 28 , 2019) https://blog.alyac.co.kr/2338

â–¶Kimsuky, Korea Cryptographic Exchange Event Impersonation APT Attack (May 28 , 2019) https://blog.alyac.co.kr/2336

â–¶Kimsuky 'Fake striker' APT campaign aimed at Korea (May 20 , 2019) https://blog.alyac.co.kr/2315

â–¶ Analysis of "Smoke Screen" in APT campaign aimed at Korea and America (April 17 , 2019) https://blog.alyac.co.kr/2243

â–¶ Encrypted APT attack, Kimsuky organization's 'smoke screen' PART 2 (May 13 , 2019) https://blog.alyac.co.kr/2299

â–¶ Kimsuky Organization, Operation Stealth Power Silence Operation (April 3 , 2019) https://blog.alyac.co.kr/2234

â–¶ Kimsuky Organization, Watering Hole Started "Operation Low Kick"(March 21, 2019) https://blog.alyac.co.kr/2209

Jaku

▶ SiliVaccine: Inside North Korea’s Anti-Virus (May 1, 2018) https://research.checkpoint.com/silivaccine-a-look-inside-north-koreas-anti-virus/

Lazarus

▶Lazarus Group Goes 'Fileless',an implant w/ remote download & in-memory execution https://objective-see.com/blog/blog_0x51.html

â–¶LAZARUS APT TARGETS MAC USERS WITH POISONED WORD DOCUMENT https://www.sentinelone.com/blog/lazarus-apt-targets-mac-users-poisoned-word-document/

Konni

â–¶Konni's APT Group conducts attacks with Russian-North Korean trade and economic investment documents https://blog.alyac.co.kr/2535

â–¶APT Campaign 'Konni' & 'Kimsuky' find commonality in organizations (June 10, 2019) https://blog.alyac.co.kr/2347

â–¶Korean Kusa Konni Organization, Blue Sky Utilizing 'Amadey' Russia Botnet (May 16, 2019) https://blog.alyac.co.kr/2308

â–¶The Konni APT Campaign and 'Operation Hunter Adonis' (Jan 1 ,2019) https://blog.alyac.co.kr/2061

Oceanlotus

â–¶Threat Spotlight: Ratsnif - New Network Vermin from OceanLotus (July 1, 2019) https://threatvector.cylance.com/en_us/home/threat-spotlight-ratsnif-new-network-vermin-from-oceanlotus.html

â–¶Analysis report on the attack on mobile devices by Oceanlotus (May 24, 2019)

https://mp.weixin.qq.com/s/L-tCvLPOOMhP0ndgdqhkNQ

â–¶ Oceanlotus in the first quarter of 2019 for the attack technology of China.(April 24, 2019) https://mp.weixin.qq.com/s/xPsEXp2J5IE7wNSMEVC24A

â–¶ Deobfuscating APT32 Flow Graphs with Cutter and Radare2 (April 24, 2019) https://research.checkpoint.com/deobfuscating-apt32-flow-graphs-with-cutter-and-radare2/

â–¶ OceanLotus Steganography Malware Analysis White Paper (April 2 , 2019) https://threatvector.cylance.com/en_us/home/report-oceanlotus-apt-group-leveraging-steganography.html

â–¶OceanLotus: macOS malware update(April 9 , 2019)

https://www.welivesecurity.com/2019/04/09/oceanlotus-macos-malware-update/

APT28

â–¶ CB TAU Threat Intelligence Notification: Hunting APT28 Downloaders (April 5 , 2019) https://www.carbonblack.com/2019/04/05/cb-threat-intelligence-notification-hunting-apt28-downloaders/

Turla

â–¶ A dive into Turla PowerShell usage (May 29 , 2019) https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/

tick

â–¶ tick group new campaign, attack north korean and japan https://www.ahnlab.com/kr/site/securityinfo/secunews/secuNewsView.do?curPage=1&menu_dist=2&seq=28186 (April 1 , 2019)

Winnti

â–¶ bayer-says-has-detected-contained-cyber-attack (April 5 , 2019)

https://www.reuters.com/article/us-bayer-cyber/bayer-says-has-detected-contained-cyber-attack-idUSKCN1RG0NN

https://www.tagesschau.de/inland/hackerangriff-bayer-101.html

Middle East Asia

Muddywater

â–¶ Recent MuddyWater-associated BlackWater campaign shows signs of new anti-detection techniques(May 20,2019)

https://blog.talosintelligence.com/2019/05/recent-muddywater-associated-blackwater.html

ZooPark

â–¶ APT-C-38 attack activity revealed (May 27,2019) http://blogs.360.cn/post/analysis-of-APT-C-38.html

APT Group for finance

CARBANAK

â–¶ CARBANAK Week Part One: A Rare Occurrence (April 22, 2019) https://www.fireeye.com/blog/threat-research/2019/04/carbanak-week-part-one-a-rare-occurrence.html

londonblue (Nigeria)

â–¶ Evolving Tactics: London Blue Starts Spoofing Target Domains (April 4 , 2019) PDF is in the folder https://www.agari.com/email-security-blog/london-blue-evolving-tactics/

Fin6

â–¶ Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware(April 5 , 2019) https://www.fireeye.com/blog/threat-research/2019/04/pick-six-intercepting-a-fin6-intrusion.html

Fin7

â–¶ On the Hunt for FIN7: Pursuing an Enigmatic and Evasive Global Criminal Operation (August 01, 2018) https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html

More Repositories

1

Certificate_IOC_Collection

7
star
2

Software

4
star
3

threat

3
star
4

blackorbird

3
star
5

IPv6_IOC_Collection

IPv6_IOC_Collection (malware use)
2
star
6

VPS_IP_IOC

2
star
7

Malware

2
star