Skip to content

Latest commit

 

History

History
262 lines (240 loc) · 23.4 KB

README.md

File metadata and controls

262 lines (240 loc) · 23.4 KB

Threat INTel Reports

Archive of publicly available threat/cybercrime INTel reports (mostly APT Reports but not limited to). Useful as a reference when you emulate threat actors on a daily basis. Please create an issue if I'm missing a relevant Report.

Note: If you are looking for every type of publicly available documents and notes related to APTs have a look at APTnotes and aptnotes. Unfortunately the way they store and sort their data doesn't work for me anymore.

2017

Title Month Source
APT28: A WINDOW INTO RUSSIAS CYBER ESPIONAGE OPERATIONS? Jan FireEye
APT28: At the center of the storm. Russia strategically evolves its cyber operations Jan FireEeye
APT28 Under the Scope A Journey into Exfiltrating Intelligence and Government Information Feb BitDefender
KingSlayer A Supply chain attack Feb RSA
Enhanced Analysis of GRIZZLY STEPPE Activity Feb US-CERT
Dissecting the APT28 Mac OS X Payload Feb Bitdefender
From Shamoon to StoneDrill Mar Kaspersky
LAZARUS UNDER THE HOOD Apr Kaspersky
Appendix B: Moonlight Maze Technical Report Apr Kaspersky
Callisto Group Apr F-Secure
McAfee Labs Threats Report Apr McAfee

2016

Title Month Source
Analyzing a New Variant of BlackEnergy 3 Likely Insider-Based Execution Jan SentinelOne
Operation Dusty Sky Jan ClearSky
Uncovering the Seven Pointed Dagger Jan Arbor Networks
Know Your Enemies 2.0: A Primer on Advanced Persistent Threat Groups Feb ICIT
Operation Duststorm Feb Cylance
peration Blockbuster Feb Novetta
From Seoul to Sony Feb Blue Coat
The Four Element Sword Engagement Apr Arbor Networks
PLATINUM Targeted attacks in South and Southeast Asia Apr Microsoft
Mofang: A politically motivated information stealing adversary May FoxIT
Operation Groundbait:Analysis of a surveillance toolkit May Kaspersky
APT Case RUAG Technical Report May Melani GovCERT
Operation DustySky Part 2 Jun ClearSky
Visiting The Bear Den A Journey in the Land of Cyber-Espionage Jun ESET
Pacifier APT Jul Bitdefender
Unveiling Patchwork the Copy Paste APT Jul Cymmetria
Operation Manul Aug EFF
Moonsoon - Analysis of an APT Campaign Aug Forcepoint
The ProjectSauron APT Aug Kaspersky
Carbanak Oracle Breach Aug VISA
Visa Alert and Update on the Oracle Breach Aug VISA
Ego Market When Greed for Fame Benefits Large-Scale Botnets Sep GoSecure
Hunting Libyan Scorpions Sep Cyberkov
En Route with Sednit Part 1: Approaching the Target Oct ESET
En Route with Sednit Part 2: Observing the Comings and Goings Oct ESET
En Route with Sednit Part 3: A Mysterious Downloader Oct ESET
Rootkit analysis Use case on HideDRV Oct Sekoia
Wave your false flags! Deception tactics muddying attribution in targeted attacks Oct Kaspersky
When The Lights Went Out: Ukraine Cybersecurity Threat Briefing Nov BAH
PROMETHIUM and NEODYMIUM: Parallel zero-day attacks targeting individuals in Europe Dec Microsoft
Use of Fancy Bear Android Malware tracking of Ukrainian Artillery Units Dec Crowdstrike
GRIZZLY STEPPE - Russian Malicious Cyber Activity Dec FBI

2015

Title Month Source
Insight In To A Strategic Web Compromise And Attack Campaign Against Hong Kong Infrastructure Jan Dragon Threat Labs
The Waterbug Attack Group Jan Symantec
CARBANAK APT THE GREAT BANK ROBBERY Feb Kaspersky
Behind The Syrian Conflict's Digital Front Lines Feb FireEye
The Desert Falcons Targeted Attacks Feb Kaspersky
Southeast Asia: An Evolving Cyber Threat Landscape Feb FireEye
Operation Arid Viper: Bypassing The Iron Dome Feb Trend Micro
Plugx Goes To The Registry And India Feb Sophos
ScanBox II Feb PWC
Crowdstrike Global Threat Intel Report Feb Crowdstrike
Equation Group: Questions And Answers Feb Kaspersky
Shooting Elephants Feb CIRCL Luxembourg
Tibetan Uprising Day Malware Attacks Mar The Citizen Lab
Operation Woolen-Goldfish When Kittens Go Phishing Mar Trend Micro
Volatile Cedar Threat Intelligence And Research Mar5 Check Point
HACKING THE STREET? FIN4 LIKELY PLAYING THE MARKET Apr FireEye
APT30 And The Mechanics Of A Long-Running Cyber Espionage Operation Apr FireEye
Sofacy II Same Sofacy, Different Day Apr PWC
CozyDuke Apr F-Secure
Dissecting Linux/Moose The Analysis of a Linux Router-based Worm Hungry for Social Networks May ESET
Operation Tropic Trooper: Relying On Tried-And-Tested Flaws To Infiltrate Secret Keepers May Trend Micro
Oceanlotus APT-C-00 May SkyEye
APT28 Targets Financial Markets: Zero Day Hashes Released May Root9b
Analysis On APT-To-Be Attack That Focusing On China's Government Agency May Antiy CERT
The Msnmm Campaigns: The Earliest Naikon APT Campaigns May Kaspersky
Operation Oil Tanker: The Phantom Menace May PandaLabs
Duqu 2.0: A Comparison To Duqu Jun CrySyS Lab
Operation Lotusblossom Jun PaloAlto
An Iranian Cyber-Attack Campaign Against Targets In The Middle East Jun ClearSky
The Duqu 2.0 Technical Details Jun Kaspersky
Insight in to advances of adversary tactics, techniques and procedures through analysis of an attack against an organisation in the Asia Pacific region Jun Dragon Threat Labs
Target Attacks Against Tibetan And Hong Kong Groups Exploiting CVE-2014-4114 Jun The Citizen Lab
Operation Potao Express: Analysis Of A Cyber-Espionage Toolkit Jul ESET
The Black Vine Cyberespionage Group Jul Symantec
HAMMERTOSS: Stealthy Tactics Define a Russian Cyber Threat Group Jul FireEye
Butterfly: Corporate Spies Out For Financial Gain Jul Symantec
RSA Research Terracotta VPN: Enabler Of Advanced Threat Anonymity Aug RSA
THE DUKES: 7 years of Russian cyberespionage Sep F-Secure
RUSSIAN FINANCIAL CYBERCRIME: HOW IT WORKS Nov Kaspersky
CopyKittens Attack Group Nov ClearSky

2014

Title Month Source
Targeted Attacks Against The Energy Sector Jan Symantec
Emerging Threat Profile Shell_Crew Jan RSA
New Cdto: A Sneakernet Trojan Solution Jan Fidelis
Intruder File Report- Sneakernet Trojan Jan Fidelis
Uroburos Highly Complex Espionage Software With Russian Roots Feb GDATA
Unveiling Careto - The Masked Apt Feb Kaspersky
Gathering In The Middle East, Operation Stteam Feb Fidelis
The Monju Incident Feb Context
Snake Campaign & Cyber Espionage Toolkit Mar BAE
Deep Panda May Crowdstrike
Operation Saffron Rose May FireEye
Rat In A Jar: A Phishing Campaign Using Unrecom May Fidelis
Illuminating The Etumbot Apt Backdoor Jun Arbor
Putter Panda Jun Crowdstrike
Anatomy Of The Attack: Zombie Zero Jun Trapx
Dragonfly: Cyberespionage Attacks Against Energy Suppliers Jun Symantec
Police Story: Hacking Team Government Surveillance Malware Jun The Citizen Lab
Energetic Bear _ Crouching Yeti Jul Kaspersky
The Eye Of The Tiger (Pitty Tiger) Jul Airbus
Crouching Yeti: Appendixes Jul Kaspersky
Operation Arachnophobia Caught In The Spider's Web Aug Threat Connect
Sidewinder Targeted Attack Against Android In The Golden Age Of Ad Libraries Aug FireEye
Profiling An Enigma: The Mystery Of North Korea's Cyber Threat Landscape Aug HP
The Epic Turla Operation: Solving Some Of The Mysteries Of Snake/Uroboros Aug Kaspersky
Syrian Malware, The Ever-Evolving Threat Aug Kaspersky
Cosmicduke Cosmu With A Twist Of Miniduke Sep F-Secure
Operation Quantum Entanglement Sep FireEye
BLACKENERGY & QUEDAGH The convergence of crimeware and APT attacks Oct F-Secure
Sofacy Phishing Oct PWC
Operation Pawn Storm Using Decoys to Evade Detection Oct Trend Micro
Hikit Analysis Oct Novetta
Apt28: A Window Into Russia's Cyber Espionage Operations Oct FireEye
Micro-Targeted Malvertising Via Real-Time Ad Bidding Oct Invincea
The Rotten Tomato Campaign Oct Sophos
Zoxpng Analysis Oct Novetta
Operation Toohash How Targeted Attacks Work Oct GDATA
The Darkhotel Apt A Story Of Unusual Hospitality Nov Kaspersky
Darkhotel Indicators Of Compromise Nov Kaspersky
Derusbi (Server Variant) Analysis Nov Novetta
Evil Bunny: Suspect #4 Nov Marion
The Regin Platform Nation-State Ownership Of Gsm Networks Nov Kaspersky
Regin: Top-Tier Espionage Tool Enables Stealthy Surveillance Nov Symantec
Anunak: Apt Against Financial Institutions Dec FoxIT
The Inception Framework: Cloud-Hosted Apt Dec Blue Coat
Operation Cleaver Dec Cylance
Bots, Machines, And The Matrix Dec Fidelis
Hacking The Street? Fin4 Likely Playing The Market Dec FireEye
W32/Regin, Stage #1 Dec F-Secure
W64/Regin, Stage #1 Dec F-Secure

2013

Title Month Source
"Red October" Diplomatic Cyber Attacks Investigation Jan Kaspersky
The Icefog Apt: A Tale Of Cloak And Three Daggers Jan Kaspersky
A closer look at MiniDuke Feb BitDefender
Stuxnet 0.5: The Missing Link Feb Symantec
The Miniduke Mystery: Pdf 0-Day Government Spy Assembler 0X29A Micro Backdoor Feb Kaspersky
Miniduke: Indicators Feb CrySyS Lab
Apt1 Exposing One Of China's Cyber Espionage Units Feb Mandiant
Command And Control In The Fifth Domain Feb Command Five Pty Ltd
Comment Crew: Indicators Of Compromise Feb Symantec
Dissecting Operation Troy: Cyberespionage In South Korea Mar McAfee
The Teamspy Story - Abusing Teamviewer In Cyberespionage Campaigns Mar Kaspersky
Analysis Of A Plugx Variant (Plugx Version 7.0) Mar CIRCL
You Only Click Twice: Finfisher's Global Proliferation Mar Citizen Lab
Apt1: Technical Backstage Mar itrust
Safe A Targeted Threat Mar Trend Micro
Winnti: More Than Just A Game Apr Kaspersky
Analysis Of A Stage 3 Miniduke Sample May CIRCL
Operation Hangover - Unveiling An Indian Cyberattack Infrastructure May Norman
The Chinese Malware Complexes: The Maudi Surveillance Operation Jun Norman
A Call To Harm: New Malware Attacks Target The Syrian Opposition Jun Citizen Lab
Crude Faux: An Analysis Of Cyber Conflict Within The Oil & Gas Industries Jun Cerias
Njrat Uncovered Jun Fidelis
The Nettraveler (Aka Travnet) Jun Kaspersky
The Plugx Malware Revisited: Introducing Smoaler Jul Sophos
Operation Hangover - Unveiling An Indian Cyberattack Infrastructure (Appendix) Aug FIXME
The Little Malware That Could: Detecting And Defeating The China Chopper Web Shell Aug FireEye
Inside Report _ Apt Attacks On Indian Cyber Space Aug Infosec Consorcium
Poison Ivy: Assessing Damage And Extracting Intelligence Aug FireEye
2Q Report On Targeted Attack Campaigns Sep Trend Micro
Hidden Lynx: Professional Hackers For Hire Sep Symantec
World War C: Understanding Nation-State Motives Behind Today's Advanced Cyber Attacks Sep FireEye
Fakem Rat: Malware Disguised As Windows Messenger And Yahoo! Messenger Oct Trend Micro
Supply Chain Analysis: From Quartermaster To Sunshopfireeye Nov FireEye
Energy At Risk: A Study Of It Security In The Energy And Natural Resources Industry Dec KPMG
Etso Apt Attacks Analysis Dec AHNLAB
Operation Ke3Chang Targeted Attacks Against Ministries Of Foreign Affairs Dec FireEye
"Njrat", The Saga Continues Dec Fidelis

2012

Title Month Source
The Heartbeat Apt Campaign Jan Trend Micro
Crouching Tiger, Hidden Dragon, Stolen Data Mar Context
Skywiper (A.K.A. Flame A.K.A. Flamer): A Complex Malware For Targeted Attacks Mar CrySyS Lab
Luckycat Redux: Inside An Apt Campaign With Multiple Targets In India And Japan Mar Trend Micro
Have I Got Newsforyou: Analysis Of Flamer C&C Server May Symantec
Ixeshe An Apt Campaign May Trend Micro
Pest Control: Taming The Rats Jun Matasano
From Bahrain With Love: Finfisher Spy Kit Exposed? Jul Citizen Lab
Recent Observations In Tibet-Related Information Operations: Advanced Social Engineering For The Distribution Of Lurk Malware Jul Citizen Lab
Iexpl0Re Rat Aug Citizen Lab
Gauss: Abnormal Distribution Aug Kaspersky
The Voho Campaign: An In Depth Analysis Aug RSA
The Elderwood Project Sep Symantec
Trojan.Taidoor: Targeting Think Tanks Oct Symantec
Recovering From Shamoon Nov Fidelis
Systematic Cyber Attacks Against Israeli And Palestinian Targets Going On For A Year Nov Norman
The Many Faces Of Gh0St Rat: Plotting The Connections Between Malware Attacks Nov Norman

2011

Title Month Source
W32.Stuxnet Dossier Feb Symantec
Global Energy Cyberattacks: Night Dragon Feb McAfee
Stuxnet Under the Microscope Apr ESET
Advanced Persistent Threats: A Decade in Review Jun Command Five Pty Ltd
The Lurid Downloader Aug Trend Micro
Revealed: Operation Shady Rat Aug McAfee
Enter the Cyber-dragon Sep Vanity Fair
SK Hack by an Advanced Persistent Threat Sep Command Five Pty Ltd
Alleged APT Intrusion Set: "1.php" Group Oct Zscaler
The Nitro Attacks: Stealing Secrets From The Chemical Industry Oct Symantec

2010

Title Month Source
The Command Structure Of The Aurora Botnet Jan Damballa
Operation Aurora: Detect, Diagnose, Respond Jan HBGary
Operation Aurora Feb HBGary
Combating Aurora Jan McAfee
In-Depth Analysis Of Hydraq: The Face Of Cyberwar Enemies Unfolds Mar CA
Shadows In The Cloud: Investigating Cyber Espionage 2.0 Apr Shadowserver
The Msupdater Trojan And Ongoing Targeted Attacks Sep Zscaler

2009

Title Month Source
Tracking GhostNet: Investigating a Cyber Espionage Network Mar TheSecDevGroup
DECLAWING THE DRAGON: WHY THE U.S. MUST COUNTER CHINESE CYBER-WARRIORS Jun NA
Capability of the People\92s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation Oct Northrop Grumman
Russian Cyberwar on Georgia Nov georgiaupdate.gov.ge

References