_ .. .. u dF dF 88Nu. u. uL .. x. . u. u. '88bu. .u . .u . u. x. . u. u. '88bu. '88888.o888c .@88b @88R .@88k z88u x@88k u@88c. '*88888bu .u .d88B :@8c uL .d88B :@8c ...ue888b .@88k z88u x@88k u@88c. '*88888bu ^8888 8888 '"Y888k/"*P ~"8888 ^8888 ^"8888""8888" ^"*8888N ud8888. ="8888f8888r .ue888Nc.. ="8888f8888r 888R Y888r ~"8888 ^8888 ^"8888""8888" ^"*8888N 8888 8888 Y888L 8888 888R 8888 888R beWE "888L :888'8888. 4888>'88" d88E`"888E` 4888>'88" 888R I888> 8888 888R 8888 888R beWE "888L 8888 8888 8888 8888 888R 8888 888R 888E 888E d888 '88%" 4888> ' 888E 888E 4888> ' 888R I888> 8888 888R 8888 888R 888E 888E 8888 8888 `888N 8888 888R 8888 888R 888E 888E 8888.+" 4888> 888E 888E 4888> 888R I888> 8888 888R 8888 888R 888E 888E .8888b.888P .u./"888& 8888 ,888B . 8888 888R 888E 888F 8888L .d888L .+ 888E 888E .d888L .+ u8888cJ888 8888 ,888B . 8888 888R 888E 888F ^Y8888*"" d888" Y888*" "8888Y 8888" "*88*" 8888" .888N..888 '8888c. .+ ^"8888*" 888& .888E ^"8888*" "*888*P" "8888Y 8888" "*88*" 8888" .888N..888 `Y" ` "Y Y" `Y" 'YP "" 'Y" `"888*"" "88888% "Y" *888" 888& "Y" 'Y" `Y" 'YP "" 'Y" `"888*"" "" "YP' `" "888E "" .dWi `88E 4888~ J8% ^"===*"`
archive | code | zines | papers | threat collection | apt collection | samples | supporters | contact
 ______     ______   ______   ______    
/\  __ \   /\  == \ /\__  _\ /\  ___\   
\ \  __ \  \ \  _-/ \/_/\ \/ \ \___  \  
 \ \_\ \_\  \ \_\      \ \_\  \/\_____\ 
  \/_/\/_/   \/_/       \/_/   \/_____/ 
2010 2010.01.01/Case Study Operation Aurora 2010.01.27/Operation Aurora Detect Diagnose Respond 2010.02.10/WhitePaper HBGary Threat Report, Operation Aurora 2010.03.14/Hydraq- In Depth Analysis 2010.04.06/Shadows in the cloud 2010.09.06/MSUpdater Trojan 2010.09.30/W32.Stuxnet Dossier 2010.12.09/The Stuxnet Computer Worm
2011 2011.02.10/Global Energy Cyberattacks - Night Dragon 2011.02.18/Night Dragon Specific Protection Measures for Consideration 2011.04.20/Stuxnet Under the Microscope 2011.06.01/Advanced Persistent Threats- A decade in review 2011.08.02/Operation Shady Rat 2011.08.03/HTran 2011.08.04/Operation Shady RAT 2011.09.09/The RSA Hack 2011.09.11/SK Hack 2011.09.22/The LURID Downloader 2011.10.12/Alleged APT Intrusion Set 1.php Group 2011.10.26/Duqu Trojan Questions and Answers 2011.10.26/Stuxnet , Duqu - The Evolution of Drivers 2011.10.31/The Nitro Attacks - Stealing secrets from the Chemical Industry 2011.11.15/Ghost RAT- Many faces 2011.12.08/Palebot trojan
2012 2012.01.03/The HeartBeat APT Campaign 2012.02.03/Command and Control in the Fifth Domain 2012.02.29/The Sin Digoo Affair 2012.03.12/Whitepaper - Crouching Tiger, Hidden Dragon, Stolen Data 2012.03.13/Crypto -Dark Comet 2012.03.26/LuckyCat Redux 2012.04.10/Anatomy of Ghost RAT 2012.04.16/OSX SabPub 2012.05.18/Flamer C & C Server 2012.05.22/Ixeshe 2012.05.31/Skywiper 2012.07.10/Tibet Lurk 2012.07.11/Dark Comet 2012.07.25/Fin Fisher's Spy Kit 2012.07.27/The Madi Infostealers 2012.08.09/Gauss 2012.08.18/The taidoor campaign 2012.09.06/The elderwood project 2012.09.07/IEXPL0RE RAT 2012.09.12/The VOHO Campaign 2012.09.18/The Mirage Campaign 2012.10.08/Pest Control 2012.10.27/Trojan Taidoor 2012.10.31/Cyber Espionage Against Georgian Government 2012.11.00/Wicked Rose & NCPH Hacking Group 2012.11.01/Shamoon 2012.11.03/Cyberattack against Israeli and Palestinian targets
2013 NA/FireEye-Terminator_RAT NA/Operation Ephemeral Hydra NA/World War C NA/Ke3chang NA/Dark Seoul Cyberattack NA/Secrets of the Comfoo Masters NA/nJ RAT NA/Operation Saffron Rose NA/Chopping packets Decoding China Chopper Web Shell using SSL NA/China Chopper Web Shell NA/China Chopper NA/nJ RAT uncovered NA/Poison Ivy NA/Deep Panda NA/Byebye Shell NA/Kimsuky NA/ETSO APT Attacks Analysis NA/Supply Chain Analysis NA/2Q Report on Targeted Campaigns NA/Plugx Smoaler NA/Surtr Malware Tibetan NA/Hidden lynx NA/Operation Molerats NA/Operation Deputy Dog NA/India Pak Tranchulas NA/Icefog APT NA/Energy at risk NA/APT Attacks on Indian Cyber Space 2013.01.14/Red October Diplomatic Cyber Attacks Investigation 2013.01.14/RedOctober 2013.01.14/RedOctober Detail 2013.01.14/Red October Detailed Malware Description 1 First Stage of Attack 2013.01.14/Red October Detailed Malware Description 2 Second Stage of Attack 2013.01.14/Red October Detailed Malware Description 3 Second Stage of Attack 2013.01.14/Red October Detailed Malware Description 4 Second Stage of Attack 2013.01.14/Red October Detailed Malware Description 5 Second Stage of Attack 2013.01.18/McAfee Labs Threat Advisory Exploit Operation Red Oct 2013.02.12/Targeted Cyber Attacks 2013.02.18/APT 1 2013.02.22/Comment Crew 2013.02.26/Stuxnet 0.5 2013.02.27/Miniduck Mystery 2013.02.27/Miniduke Indicators 2013.03.13/FinFisher 2013.03.17/Safe - A targeted threat 2013.03.20/The teamspy story 2013.03.20/Operation Troy 2013.03.21/Darkseoul - Jokra Analysis and Recovery 2013.03.27/APT1 - Technical backstage 2013.03.28/PlugX Variant 2013.04.01/Trojan APT Bane Chant 2013.04.13/Winnti 2013.04.21/Mini Duke 2013.05.16/Targeted information stealing attacks in South Asia use email signed binaries 2013.05.20/OperationHangOver - Executive Summary 2013.05.20/Mini Duke Analysis 2013.05.20/Unveiling an Indian Cyberattack Infrastructure - appendixes 2013.05.20/Unveiling an Indian Cyberattack Infrastructure 2013.05.20/Operation Hangover 2013.06.00/Maudi Surveillance Operation 2013.06.01/Crude Faux 2013.06.04/The NET Traveller 2013.06.07/Key Boy 2013.06.18/Trojan APT Seinup 2013.06.21/Syrian Attack 2013.09.06/Evasive Tactics Taidoor 2013.10.24/Evasive Tactics - Terminator RAT 2013.10.24/Fakem RAT 2013.12.20/ETSO APT Attacks Analysis
2014 NA/Illuminating the Etumbot APT Backdoor NA/TR-25 Analysis - Turla - Pfinet - Snake- Uroburos NA/The 'Penquin' Turla NA/Operation Arachnophobia NA/New Indicators of Compromise for APT Group Nitro Uncovered NA/Democracy in Hong Kong Under Attack NA/Putter Panda NA/BLACKENERGY & QUEDAGH NA/Scanbox NA/Invincea NA/Targeted Attacks Against the Energy Sector NA/Hikit Analysis NA/ZoxPNG Analysis NA/The Rotten Tomato Campaign NA/THE REGIN PLATFORM NA/Uroburos NA/When Governments Hack Opponents: A Look at Actors and Technology NA/Dragonfly: Cyberespionage Attacks Against Energy Suppliers NA/The Epic Turla Operation NA/Embassy of Greece Beijing - Compromise NA/BlackEnergy2 - Plugins - Router NA/TOOHASH NA/The Monju Incident NA/Regin: Top-tier espionage tool enables stealthy surveillance NA/Energetic Bear – Crouching Yeti NA/Cat Scratch Fever: CrowdStrike Tracks Newly Reported Iranian Actor as FLYING KITTEN NA/Operation Poisoned Handover NA/FIN4 LIKELY PLAYING THE MARKET NA/SAFFRON ROSE NA/The mystery of North Korea’s cyber threat landscape NA/Forced to Adapt: XSLCmd Backdoor Now on OS X NA/Analysis of Chinese MITM on Google NA/Targeted Threat Index: Characterizing and Quantifying Politically-Motivated Targeted Malware NA/Aided Frame - Aided Direction (Because it’s a redirect) NA/Full Disclosure of Havex Trojans NA/El Machete NA/ScanBox framework NA/Zombie!Zero NA/Operation Poisoned Hurricane NA/OPERATION QUANTUM ENTANGLEMENT NA/XtremeRAT: Nuisance or Threat NA/Threat Spotlight: Group 72 NA/COSMICDUKE NA/Snake NA/Derusbi (Server Variant) Analysis NA/DEEP PANDA NA/SIDEWINDER NA/New CDTO: A Sneakernet Trojan Solution NA/NetTraveler APT Gets a Makeover for 10th Birthday NA/Cloud Atlas: RedOctober APT is back in style NA/The Uroburos case: new sophisticated RAT identified NA/LeoUncia and OrcaRat NA/OrcaRAT NA/APT 28: A Window into Russia’s Cyber Espionage Operations NA/Survival of the Fittest: New York Times Attackers Evolve Quickly NA/Korplug military targeted attacks: Afghanistan & Tajikistan NA/Miniduke still duking it out NA/Darwin’s Favorite APT Group 2014.01.21/RSA Incident Response: Emerging Threat Profile Shell_Crew 2014.02.11/Unveiling “Careto” - The Masked APT 2014.02.13/Operation SnowMan 2014.02.20/Operation GreedyWonk 2014.02.20/Mo’ Shells Mo’ Problems – File List Stacking 2014.02.20/Mo' Shells Mo' Problems - Deep Panda Web Shells 2014.02.20/Mo’ Shells Mo’ Problems – Web Server Log Analysis 2014.02.20/Mo’ Shells Mo’ Problems – Network Detection 2014.02.25/The French Connection 2014.03.06/The Siesta Campaign: A New Cybercrime Operation Awakens 2014.03.12/A Detailed Examination of the Siesta Campaign 2014.05.28/NEWSCASTER: An Iranian Threat Within Social Networks 2014.05.28/Iranian Hackers Targeted US Officials in Elaborate Social Media Attack Operation 2014.07.07/Deep in Thought: Chinese Targeting of National Security Think Tanks 2014.07.11/The Eye of the Tiger Part 2 2014.07.11/Pitty_Tiger_Final_Report 2014.07.20/Sayad (Flying Kitten) Infostealer 2014.07.29/Threat Group-3279 Targets the Video Game Industry 2014.08.13/A Look at Targeted Attacks Through the Lense of an NGO 2014.08.18/Syrian Malware, the ever-evolving threat 2014.08.18/The Syrian Malware House of Cards 2014.10.22/Operation Pawn Storm 2014.11.10/DARKHOTEL IOC 2014.11.10/The Darkhotel APT 2014.11.13/Operation CloudyOmega 2014.11.14/OnionDuke 2014.11.20/EvilBunny 2014.11.21/Operation DoubleTap 2014.11.24/I am Ironman: DEEP PANDA Uses Sakula Malware to Target Organizations in Multiple Sectors 2014.12.02/Operation Cleaver 2014.12.03/Operation Cleaver: The Notepad Files 2014.12.09/The Inception Framework: Cloud-hosted APT 2014.12.10/W32.Regin Stage 1 2014.12.10(1)/W64.Regin Stage 1 2014.12.12(1)/Vinself now with steganography 2014.12.17/Wiper Malware 2014.12.18/Malware Attack Targeting Syrian ISIS Critics 2014.12.19/Alert (TA14-353A) 2014.12.21/Operation Poisoned Helmand 2014.12.22/Anunak: APT against financial institutions
2015 2015.01.11/Hong Kong SWC Attack 2015.01.12/Skeleton Key Analysis 2015.01.15/Agent.BTZ to ComRAT 2015.01.20/Project Cobra 2015.01.20/Inception APT Analysis 2015.01.22/Regin Hopscotch Legspin 2015.01.22/Scarab Russian 2015.01.22/WaterBug Attack 2015.01.27/Qwerty Keylogger 2015.01.29/Trojan Skelky 2015.01.29/P2P PlugX 2015.02.02/Behind the syria conflict 2015.02.04/PawnStorm 2015.02.10/Global Threat Intel Report 2015.02.16/Carbanak APT 2015.02.16/Equation group questions and answers 2015.02.16/Star of the malware galaxy 2015.02.16/Operation arid viper 2015.02.17/Desert Falcons APT 2015.02.17/A Fanny Equation 2015.02.18/Babar 2015.02.18/Shooting Elephants 2015.02.24/Scanbox 2015.02.25/Plugx goes to the registry and india 2015.02.25/Southeast asia threat landscape 2015.02.27/the anthem hack all roads lead to china 2015.02.27/The Anthem Hack All Roads Lead to China - ThreatConnect Enterprise Threat Intelligence Platform 2015.02.27/Anthem hack all roads lead to China 2015.03.05/Casper Malware 2015.03.06/Animals in the APT Farm 2015.03.06/Babar or Bunny 2015.03.10/Tibetan Uprising Day Malware Attacks 2015.03.11/Equation Drug 2015.03.19/Goldfish Phishing 2015.03.31/Volatile Cedar 2015.04.12/APT 30 2015.04.15/The Chronicles of the Hellsing APT 2015.04.15/Indicators of Compormise Hellsing 2015.04.16/Operation Pawn S 2015.04.18/Operation RussianDoll 2015.04.20/Sofacy II 2015.04.21/The CozyDuke APT 2015.04.22/CozyDuke 2015.04.27/Attacks against Israeli & Palestinian interests 2015.05.05/Attacks on France TV5 Monde 2015.05.07/Kraken 2015.05.12/APT 28 2015.05.12/Apt 28 2015.05.13/Cylance SPEAR Team 2015.05.14/The Naikon APT 2015.05.14(1)/Operation Tropic Trooper 2015.05.18/Cmstar Downloader 2015.05.19/Operation oil tanker 2015.05.21/TheNaikonAPT-MsnMM1 2015.05.21/TheNaikonAPT-MsnMM2 2015.05.26/Dissecting-LinuxMoose 2015.05.27/ANALYSIS ON APT-TO-BE ATTACK THAT FOCUSING ON CHINAS GOVERNMENT AGENCY 2015.05.27/Black Energy 2015.05.28/Grabit 2015.05.29/Ocean Lotus 2015.06.03/Thamar Reservoir 2015.06.04/Blue Termite 2015.06.09/Duqu 2.0 Win32K Exploit 2015.06.10/The Mystery of Duqu 2.0 2015.06.10/Duqu 2.0 Yara rules 2015.06.10/Duqu 2.0 2015.06.12/Afghan Government Compromise - Browser Beware 2015.06.15/Targeted Attacks against Tibetan and Hong Kong Groups Exploiting CVE-2014-4114 2015.06.16/Operation Lotus Blossom 2015.06.22/Winnti targeting pharmaceutical companies 2015.06.24/Unfinished Business 2015.06.26/Operation Clandestine Wolf 2015.06.26/OperationClandestineWolf 2015.06.28/APT on Taiwan 2015.06.30/Dino 2015.07.08/APT CVE-2015-5119 2015.07.08/Wild Neutron 2015.07.09/Butterfly 2015.07.10/APT group ups targets us gov 2015.07.13/Forkmeiam famous - Sea Duke 2015.07.13/Demonstrating Hustle 2015.07.14/Mini Dionis 2015.07.14/How pawn storms java zero day was used 2015.07.20/Watering Hole Aerospace CVE-2015-5122 IsSpace 2015.07.20/China Peace Palace 2015.07.22/Duke cloud Linux 2015.07.27/Apt29-Hammertoss 2015.07.28/Black Vine 2015.07.30/Operation Potao Express 2015.08.04/Terracotta VPN 2015.08.05/threat group - 3390 2015.08.08/Poison Ivy 2015.08.10/HTExploit Telemetry 2015.08.10/HT Exploit Topology. 2015.08.19/New Internet Explorer zero-day exploited in Hong Kong attacks 2015.08.20/Blue termite 2015.08.20/PlugX Threat Activity in Myanmar 2015.09.01/Rocket Kitten 2015.09.08/Musical chairs gh0st Malware 2015.09.08/Musical Chairs - gh0st Malware 2015.09.09/Satellite Turla APT 2015.09.09/Satellite Turla APT Command and Control in the Sky 2015.09.15/PlugX in Russia 2015.09.15/PlugX 2015.09.16/The Shadow Knows 2015.09.17/Operation Iron Tiger Appendix 2015.09.17/Operation Iron Tiger 2015.09.17/Dukes 2015.09.23/Project CameraShy 2015.10.03/Webmail Server APT 2015.10.05/threat identification 2015.10.15/Fin Fishers 2015.10.16/NGO Burmese Govt 2015.11.04/Evoling Threats 2015.11.09/Rocket Kitten 2015.11.10/Bookworm Trojan 2015.11.17/Pinpointing Targets Exploiting Web Analytics To Ensnare Victims 2015.11.18/Sakula Reloaded 2015.11.18/tdrop 2 2015.11.18/Amballa discovers new toolset 2015.11.18/Russian financial cybercrime 2015.11.18/Destover 2015.11.19/Emdivi 2015.11.19/Revealing the attack operations targeting Japan 2015.11.23/Prototype nation 2015.11.23/Prototype Nation - The Chinese Cybercriminal Underground in 2015 2015.11.23/Glass RAT 2015.11.23/Copy Kittens 2015.11.24/Bookworm Trojan 2015.11.30/Ponmocup 2015.12.01/China Based Threat Groups 2015.12.04/Sofacy APT 2015.12.07/Iran Based Attackers 2015.12.07/Fin1 targets boot record 2015.12.08/Packrat 2015.12.08/Packrat report 2015.12.13/Elise 2015.12.15/Newcomers in the Derusbi family 2015.12.16/operation black atlas part 2 tools and malware used and how to detect them 2015.12.16/Operation Black Atlas - Indicators_of_Compromise 2015.12.16/operation black atlas 2015.12.16/Operation Black Atlas - Technical Brief 2015.12.17/APT 28 2015.12.16/Inocnationcampaign 2015.12.18/Operation Lotus Blossom 2015.12.20/The EPS Awakens 2015.12.22/BBSRAT Roaming Tiger
2016 2016.01.03/Black Energy 2016.01.07/Operation DustySky 2016.01.07/Rigging Compromise 2016.01.14/Waterbug Attack Group 2016.01.14/Cisco HayStack 2016.01.19/Apt 2015 2016.01.19/APT 2015 2016.01.21/nettraveler 2016.01.21/NetTraveler 2016.01.24/Scarlet Minic 2016.01.26/BlackEnergy 2016.01.27/Dissecting the malware in inocnation campaign 2016.01.27/Hi ZOR RAT 2016.01.28/Black Energy APT 2016.01.29/Kasidet & Dridex 2016.01.29/Tinbapore Attack 2016.02.01/Massive Admedia Adverting iFrame Infection 2016.02.01/URL Zone 2016.02.03/Emissary Trojan 2016.02.04/Advanced Modular Backdoor 2016.02.08/Know your enemies 2016.02.09/Poseidon 2016.02.09/Poseidon’s APT Boutique 2016.02.11/india pakistan cyber rivalry 2016.02.12/Fysbis Sofacy Linux Backdoor 2016.02.23/Dust Storm Infographic 2016.02.23/Operation Dust Storm 2016.02.24/Operation Blockbuster Destructive Malware Report 2016.02.24/Operation Blockbuster Ex Summary 2016.02.24/Operation Blockbuster Loaders Installers and Uninstallers Report 2016.02.24/Operation Blockbuster RAT and Staging Report 2016.02.24/Operation Blockbuster Report 2016.02.24/Operation Blockbuster Tools Report 2016.02.29/Turbo Campaign Derusbi 2016.03.01/Operation Transparent Tribe 2016.03.03/BlackEnergy 2016.03.08/APT C 03 2016.03.08/onion dog a 3 year old apt 2016.03.08/Operation onion dog 2016.03.09/Operation Russian Doll 2016.03.10/Shifting Tactics 2016.03.14/Carbanak Cybercrime Group 2016.03.15/SuckFly 2016.03.17/Taiwan Presidential Election A Case Study on Thematic Targeting 2016.03.17/taiwant election targetting 2016.03.18/Attack on Ukraine Power Grid 2016.03.23/Operation C Major 2016.03.25/Project M 2016.04.12/Targeted attacks in South and Southeast Asia 2016.04.15/Pandas & Bears 2016.04.18/Between Hong Kong and Burma Tracking UP007 and SLServer Espionage Campaigns 2016.04.18/UP007 2016.04.21/New Poison Ivy 2016.04.21/teaching an old rat new tricks 2016.04.22/The Ghost Dragon 2016.04.26/Iran opens a new front 2016.04.26/New Poison Ivy Activity Targeting Myanmar, Asian Countries 2016.04.26/New Poison Ivy 2016.04.27/Repackaging Open Source Beef 2016.05.02/goznym malware 2016.05.02/prince of persia infy malware 2016.05.05/Jaku Botnet Campaign 2016.05.06/exploring cve-2015-2545 2016.05.09/Using honeypots & diamond model for ics threat analysis 2016.05.10/tinypos abaddonpos ties to tinyloader 2016.05.10/tinyPOS tinyloader 2016.05.17/indian organizations targeted suckfly attacks 2016.05.17/Mofang 2016.05.18/Operation Groundbait 2016.05.22/Operation Ke3chang 2016.05.22/Targeted attacks against banks in middle east 2016.05.23/RUAG 2016.05.24/New Wekby Attacks 2016.05.25/cve-2015-2545 2016.05.26/Oilrig Campaign 2016.05.27/ixeshe derivative iheate targets users in america 2016.06.02/fastPOS 2016.06.02/fastPOS 2016.06.09/Operation- Dusty Sky II 2016.06.16/Bears in the Midst Intrusion into the Democratic National Committee » 2016.06.16/bears midst intrusion democratic national-committee 2016.06.16/DNC networks 2016.06.16/threat group-4127 2016.06.17/Operation Daybreak 2016.06.21/RPT China 2016.06.21/the curious case of an unknown trojan targeting german speaking users 2016.06.21/the curious case of an unknown-trojan targeting german speaking users 2016.06.21/visiting the bear den recon 2016 calvet campos dupuy 2016.06.23/tracking elirks variants 2016.06.26/Nigerian cybercriminals target high impact industries in India 2016.06.26/Lotus Blosson Campaign 2016.06.28/Attack tool investigation 2016.06.28/prince or persia game over 2016.06.28/unit42 prince of persia game over 2016.06.29/Monsoon Analysis 2016.06.30/Asruex 2016.07.01/Pacifier APT 2016.07.01/SBDH toolkit targeting central eastern europe uncovered 2016.07.03/HummingBad 2016.07.07/nettraveler apt targets russian european interests 2016.07.07/Unveiling Patchwork 2016.07.08/The Dropping Elephant 2016.07.12/nanhaishu 2016.07.13/Furtim's 2016.07.13/Furtim- The Ultra-Cautious Malware 2016.07.13/furtims parent 2016.07.21/Hide & Seek 2016.07.21/APT-C-15 2016.07.21/Sphinx 2016.07.26/attack delivers 9002 trojan through google drive 2016.07.28/Dynasty 2016.08.02/Group 5 syria 2016.08.02/group5-syria 2016.08.03/Operation Manul 2016.08.04/Russian APT Toolkits 2016.08.06/APT-C-09 2016.08.06/APT-C-09 2016.08.07/strider 2016.08.07/Symantec Remsec IOCs 2016.08.08/Monsoon Analysis 2016.08.08/ProjectSauron 2016.08.08/The ProjectSauron APT IOCs 2016.08.08/The ProjectSauron APT research 2016.08.08/The ProjectSauron APT Technical Analysis 2016.08.11/Iran And The Soft War For Internet-Dominance 2016.08.16/Aveo 2016.08.17/Operation Ghoul 2016.08.19/Russian Cyber Operations On Steroids 2016.08.24/million dollar dissident iphone zero day nso group uae 2016.08.25/pegasus technical analysis 2016.09.01/human rights impersonation malware 2016.09.01/Iran And The Soft War For Internet Dominance 2016.09.06/Buckeye 2016.09.14/mile tea 2016.09.18/Hunting Libyan Scorpions AR 2016.09.18/Hunting Libyan Scorpions EN 2016.09.18/Hunting Libyan Scorpions 2016.09.26/sofacys komplex os x trojan 2016.09.28/Confucius Says 2016.09.28/Russia Hacks Bellingcat MH17 Investigation 2016.09.29/China & Cyber Attitudes Strategies Organisation 2016.10.03/StrongPity 2016.10.05/Wave your false flag 2016.10.16/A tale of two targets 2016.10.20/Sednit 2016.10.25/Houdini.s.Magic.Reappearance 2016.10.25/Sednit 2016.10.26/Moonlight 2016.10.27/blackgear 2016.10.27/BLACKGEAR 2016.10.27/Sednit 2016.10.31/emissary trojan 2016.10.31/Emissary Trojan 2016.11.03/Ukraine Cybersecurity Threat Briefing 2016.11.09/Houdini's RAT 2016.11.09/houdinis-rat 2016.11.22/tropic trooper 2016.11.30/nic cyber security themed 2016.12.13/Telebots 2016.12.15/Microsoft Security Intelligence Report
2017 2017.01.05/Iranian Fileless Attack Infiltrates Israeli Organizations 2017.01.05/Iranian Threat Agent OilRig 2017.01.09/Shamoon 2017.01.11/APT28 2017.01.12/The “EyePyramid” Attacks 2017.01.15/Bear Spotting 2017.01.18/Operation Grand Mars 2017.01.19/Uri Attack 2017.01.25/German Industrial Attacks 2017.01.30/Downeks & quasar rat 2017.02.02/PlugX 2017.02.03/Kingslayer 2017.02.03/Several Polish banks hacked 2017.02.10/Cyber Attack Targeting Indian Navy 2017.02.10/Grizzly Steppe 2017.02.12/Lazarus 2017.02.14/Operation Kingphish 2017.02.15/DragonOK Rambo Backdoor 2017.02.15/Pupy RAT 2017.02.15/Magic Hound 2017.02.15/The full Shamoon 2017.02.16/Technical analysis of recent attacks against Polish banks 2017.02.17/chches malware 2017.02.20/lazarus false flag malware 2017.02.21/additional insights shamoon2 2017.02.22/spear phishing mongolian govt 2017.02.23/APT 28 2017.02.27/The Gamaredon Group Toolset Evolution 2017.02.28/AtomBombing -Brand New Code Injection for Windows 2017.02.28/AtomBombing 2017.02.28/Dridex's Cold War Enter AtomBombing 2017.03.06/Report - Shamoon , StoneDrill 2017.03.08/Targeted Attack Campaigns with Multi-Variate Malware Observed in the Cloud 2017.03.14/Operation Electric Powder 2017.03.15/FHAPPI Campaign 2017.04.05/KASPERAGENT and MICROPSIA 2017.04.06/Cloud Hopper 2017.04.06/Operation cloud hopper 2017.04.10/Longhorn 2017.04.11/Unraveling the Lamberts Toolkit 2017.04.13/callisto group 2017.04.27/iranian fileless cyberattack on israel 2017.05.03/kazuar 2017.05.03/Konni 2017.05.14/APT-32 2017.05.24/operation cobalt kitty 2017.05.30/Lazarus 2017.06.12/CrashOverride 2017.06.12/Industroyer 2017.06.13/Hidden Cobra 2017.06.14/KASPERAGENT 2017.06.15/North Korea Cyber Activity 2017.06.18/Evolution of pirpi 2017.06.19/ShellTea PoSlurp 2017.06.22/Blacktech 2017.06.22/Ocean Lotus 2017.06.26/threat group 4127 2017.06.30/From BlackEnergy to ExPetr 2017.06.30/TeleBots 2017.07.05/Insider Information 2017.07.06/Operation Desert Eagle 2017.07.10/emmental 2017.07.11/winnti evolution going open source 2017.07.18/Inexsmar 2017.07.18/Inexsmar 2017.07.18/Winnti 2017.07.24/Tick Group 2017.07.27/chessmaster cyber espionage campaign 2017.07.27/chessmaster 2017.07.27/Oilrig 2017.07.27/Operation Wilted Tulip 2017.08.01/Cobalt Group 2017.08.08/APT Trends report Q2 2017 2017.08.11/APT-28 2017.08.15/Notepad and Chthonic 2017.08.17/Turla APT 2017.08.18/Russian Bank Offices 2017.08.25/Operation Rat Cook 2017.08.30/Gazer 2017.08.30/WhiteBear 2017.09.06/Dragonfly 2017.09.06/Dragonfly 2 2017.09.06/intelligence games in the power grid 2017.09.06/intelligence-games-in-the-power-grid 2017.09.12/CVE 2017-8759 2017.09.18/CCleanup 2017.09.18/Cloud Atlas 2017.09.20/Aurora Operation CCleaner 2017.09.20/CCleaner -C2 2017.09.28/Belarus CMSTAR Trojan 2017.09.XX/APT3 2017.10.02/Aurora Operation CCleaner 2017.10.10/Post Soviet Bank Heists 2017.10.12/Bronze Butler 2017.10.16/BlackOasis 2017.10.16/Leviathan 2017.10.16/Taiwan Heist 2017.10.19/Operation PZCHAO 2017.10.24/Greenbug 2017.10.27/Bahamaut Revisited 2017.10.30/Gaza Cybergang 2017.10.31/Night of the Devil 2017.11.02/New Insights into Energetic Bear's Attacks on Turkish Critical Infrastructure 2017.11.02/Inpage Exploits 2017.11.02/Keyboys 2017.11.02/LeetMX 2017.11.06/Chess Master 2017.11.06/oceanlotus 2017.11.07/APT-28 2017.11.07/Sowbug 2017.11.10/new malware with ties to sunorcal discovered 2017.11.14/muddying the water targeted attacks 2017.11.22/MuddyWater APT 2017.12.04/Carnabak 2017.12.04/The Shadows of ghosts 2017.12.05/Charming Kitten 2017.12.07/APT 34 2017.12.11/Money Taker 2017.12.11/Patchwork APT 2017.12.11/Patchwork APT 2017.12.14/attackers deploy new ics attack framework triton 2017.12.17/Operation Dragonfly Analysis 2017.12.19/north korea bitten by bitcoin bug 2017.12.19/north korea bitten by bitcoin bug
2018 2018.01.04/Iran Cyber Threat Carnegie 2018.01.06/Pyeong Olympics 2018.01.07/operation dustysky 2018.01.07/Operation DustySky 2018.01.09/Turla Mosquito 2018.01.09/turla 2018.01.11/North Korean Defectors and Journalists Targeted 2018.01.12/Pawn Storm Update 2018.01.15/New killdisk 2018.01.16/Korea in crosshairs 2018.01.16/north korea cryptocurrency campaign 2018.01.16/Skygofree 2018.01.16/Skygofree 2018.01.18/Dark Caracal 2018.01.18/Turla Neuron Malware 2018.01.24/Lazarus 2018.01.25/Oilrg 2018.01.26/Top hat campaign 2018.01.27/Dragonfish 2018.01.29/PoriewSpy India 2018.01.29/VERMIN - Quasar RAT and Custom Malware Used In Ukraine 2018.01.30/APT-32 2018.01.31/Comnie 2018.02.01/Operation Pzchao 2018.02.02/Gold Dragon 2018.02.07/VBS Campaign 2018.02.13/deciphering confucius 2018.02.13/Lotus Blossom 2018.02.20/APT-37 2018.02.20/APT37 2018.02.20/Sofacy 2018.02.20/Musical Chairs Playing Tetris 2018.02.21/Tempting Cedar spyware 2018.02.28/Chafer 2018.02.28/Sofacy Attacks Multiple Government Entities 2018.03.01/MuddyWater 2018.03.02/Operation Honeybee 2018.03.05/ComboJack 2018.03.06/Slingshot 2018.03.07/Patchwork 2018.03.08/Donot Team 2018.03.08/Hidden Cobra 2018.03.08/olympic destroyer 2018.03.08/Territorial Dispute 2018.03.09/apt-15 2018.03.09/APT15 2018.03.09/masha and these bears 2018.03.09/new traces hacking team wild 2018.03.09/Sandvine’s PacketLogic Devices APT 2018.03.12/MuddyWater 2018.03.13/therapeutic postmortem of connected medicine 2018.03.13/BlackTDS 2018.03.13/Iranian threat group 2018.03.13/OceanLotus 2018.03.14/Inception Framework 2018.03.14/Tropic Trooper’s New Strategy 2018.03.15/Russian Government Cyber Activity 2018.03.23/Targeted Attacks on South Korean Org 2018.03.27/Panda Banker Zeros 2018.03.29/ChessMaster 2018.03.31/NavRAT 2018.04.04/Oceanlotus 2018.04.12/Operation Parliament 2018.04.17/Iron Tiger Gh0st RAT Variant 2018.04.23/energetic bear 2018.04.23/Hogfish 2018.04.23/orangeworm 2018.04.24/metamorfo campaign 2018.04.24/operation ghostsecret 2018.04.24/sednit 2018.04.26/GravityRAT 2018.04.27/Ocean Lotus 2018.05.03/Burning Umbrella 2018.05.03/Red eyes hacking group 2018.05.03/whos who in the zoo 2018.05.03/ZooPark 2018.05.09/cve-2018-8174 2018.05.09/Iran's hacker hiearchy exposed 2018.05.22/the destruction of APT3 2018.05.22/turla mosquito 2018.05.23/Confucius 2018.05.23/VPNFilter 2018.05.29/Iron 2018.06.06/operation prowli 2018.06.06/Sofacy 2018.06.06/vpnfilter 2018.06.07/adobe flash zero day targeted attack 2018.06.07/Patchwork 2018.06.07/totally tubular treatise on triton and tristation 2018.06.13/luckymouse 2018.06.14/Muddywater 2018.06.14/MirageFox - APT15 2018.06.19/olympic destroyer 2018.06.20/Thrip 2018.06.22/Tick Group 2018.06.23/Andariel Group 2018.06.26/Rancor 2018.06.xx/Operation Red Gambler 2018.07.08/Big bang 2018.07.08/Hussarini 2018.07.09/certificates stolen taiwanese tech 2018.07.12/MDM - India 2018.07.13/Operation Roman Holiday 2018.07.16/New Andariel 2018.07.23/APT-27 2018.07.27/Dark Hydrus 2018.07.31/APT Side Winder 2018.07.31/Bisonal Malware 2018.08.01/Malicious document targets Vietnamese officials 2018.08.02/Goblin Panda 2018.08.02/Goldfin 2018.08.02/Gorgon Group 2018.08.09/North Korea Malware Families 2018.08.16/Chinese Cyberrespionage Tshinghua University 2018.08.21/Operation Red Signature 2018.08.21/Turla Outlook Backdoor 2018.08.23/Operation AppleJeus 2018.08.28/CeidPageLock 2018.08.29/Bahamut Confucius and Patchwork 2018.08.29/The Urpage Connection to Bahamut Confucius and Patchwork 2018.08.30/Cobalt Group 2018.08.30/Hidden Bee 2018.08.30/Stone Panda 2018.08.30/WindShift APT 2018.09.04/Oilrig 2018.09.04/Silence 2018.09.07/Domestic Kitten 2018.09.07/Goblin Panda targets Cambodia 2018.09.07/Targeted Attack on Indian Ministry of External Affairs using Crimson RAT 2018.09.10/LuckyMouse 2018.09.13/APT10 Targeting Japanese Corporations Using Updated TTPs 2018.09.19/Green Spot APT 2018.09.20/Poison Trumpet Vine Operation 2018.09.27/LoJax 2018.10.03/APT-38 2018.10.10/MuddyWater 2018.10.11/Gallmaker 2018.10.15/Octopus 2018.10.17/Grey Energy 2018.10.17/GreyEnergy 2018.10.17/Ocean Lotus Spy RATs 2018.10.17/MartyMcFly 2018.10.17/MartyMcFly Malware - Targeting Naval Industry 2018.10.18/APT Sidewinder 2018.10.18/Datper Bronze Butler 2018.10.18/Operation Oceansalt 2018.10.19/Dark Pulsar 2018.11.01/Outlaw Group 2018.11.05/Inception 2018.11.08/How the Lazarus Group is Emptying Millions from ATMs 2018.11.13/Temp Periscope 2018.11.19/APT 29 2018.11.20/Lazarus 2018.11.27/DNSpionage Campaign 2018.11.28/MuddyWater-Operations in Lebanon & Oman 2018.11.28/Tropic Trooper Microsoft 2018.11.29/Attacking Pakistan by exploiting InPage - EN 2018.11.30/Muddywater 2018.11.xx/The Hunt for 3ve 2018.12.11/Poking the Bear 2018.12.12/Donot Group 2018.12.12/Operation Sharpshooter 2018.12.13/The Return of The Charming Kitten 2018.12.13/Shamoon 3 2018.12.13/Tiledeb Shadow Brokers 2018.12.18/URSNIF, EMOTET, DRIDEX and BitPaymer Gangs Linked by a Similar Loader 2018.12.20/Wind Shift 2018.12.27/The Enigmatic Roma225 Campaign 2018.12.28/Goblin Panda
2019 2019.01.16/Dark Hydrus 2019.01.16/DarkHydrus 2019.01.17/Rocke 2019.01.18/DarkHydrus 2019.01.18/WIRTE Group 2019.01.24/GandCrab and Ursnif Campaign 2019.01.30/Chafer 2019.01.30/Operation Kitty Phishing 2019.01.30/Orcus rat 2019.02.01/OceanLotus 2019.02.05/Analyzing Digital Quartermasters 2019.02.06/APT 10 2019.02.06/APT10 2019.02.14/Molerats APT 2019.02.14/Molerats 2019.02.18/APT C 36 Colombian 2019.02.20/Lazarus 2019.02.20/LAZARUS 2019.02.25/APT 10 2019.02.26/The Arsenal Behind the Australian Parliament Hack 2019.02.27/A Peek into BRONZE UNION’s Toolbox 2019.02.28/RIK Group 2019.03.04/APT 40 2019.03.06/Operation Pistacchietto 2019.03.06/Whitefly 2019.03.06/taidoor analysis 2019.03.07/SLUB Backdoor 2019.03.08/Supply Chain 2019.03.11/Gaming Industry Asia 2019.03.12/Operation Comando 2019.03.13/DMSniff POS Malware 2019.03.13/GlitchPOS Pos Malware 2019.03.13/Operation Sheep 2019.03.22/LUCKY ELEPHANT 2019.03.25/Operation Shadow Hammer 2019.03.27/Elfin 2019.03.28/Desktop , Mobile Phishing Campaign 2019.03.28/Above Us Only Stars 2019.03.28/Threat Actor Group using UAC Bypass Module to run BAT File 2019.04.02/OceanLotus 2019.04.10/The Muddy Waters 2019.04.10/Operation Sneaky Pastes 2019.04.10/Project TajMahal 2019.04.17/Aggah Campaign 2019.04.17/Operation Sea Turtle 2019.04.19/Ocean Lotus 2019.04.22/FINTEAM 2019.04.23/Operation Shadow Hammer 2019.04.24/TA 505 2019.04.30/SectorB06 2019.05.03/ZooPark 2019.05.07/ATMitch 2019.05.07/Buckeye 2019.05.07/Turla Light Neuron 2019.05.08/FIN7.5 2019.05.08/OceanLotus 2019.05.09/Iranian APT Leak 2019.05.11/Chinese APT Vietnamese 2019.05.13/Scar Cruft Bluetooth 2019.05.15/Winnti 2019.05.18/Operation BlackLion 2019.05.19/HiddenWasp 2019.05.22/Zebrocy land 2019.05.24/APT 10 2019.05.27/APT-C-38 2019.05.27/APT-C-38 2019.05.28/Emissary Panda 2019.05.29/TA 505 2019.05.29/Turla PowerShell 2019.05.30/ATM Malware 2019.06.03/Zebrocy 2019.06.04/APT Blueprint 2019.06.05/scattered canary 2019.06.10/Muddy Waters 2019.06.10/MuddyWater 2019.06.11/fishwrap group 2019.06.11/Fishwrap 2019.06.12/Threat Group Cards 2019.06.20/OceanLotus 2019.06.21/Waterbug 2019.06.25/MuddyC3 2019.06.25/Operation Soft Cell 2019.06.26/Iranian to Saudi 2019.06.27/ShadowGate 2019.07.01/Open Lotus 2019.07.01/Operation Tripoli 2019.07.03/CVE-2018-0798 2019.07.04/newsbeef apt 2019.07.04/Latest Spam Campaigns from TA505 Now Using New Malware Tools Gelup and FlowerPippi 2019.07.04/TA 505 2019.07.04/TA 505 2019.07.09/Sea turtle 2019.07.11/Buhtrap group 2019.07.15/SWEED 2019.07.16/SLUB 2019.07.17/EvilGnome 2019.07.17/Strong Pity Operations 2019.07.18/APT 34 2019.07.18/Okrum and Ketrican 2019.07.18/Proyecto RAT Colombian 2019.07.18/Proyecto RAT 2019.07.24/Operation Lag Time IT 2019.07.24/Resurgent Iron Liberty 2019.07.24/Winnti 2019.08.05/MACHETE 2019.08.05/Sharpening the Machete 2019.08.05/Latest Trickbot Campaign Delivered via Highly Obfuscated JS File 2019.08.07/APT 41 2019.08.07/APT41 2019.08.08/BITTER APT 2019.08.12/Cloud Atlas Activity 2019.08.14/Balkans Campaign 2019.08.20/Chinese APT 2019.08.21/The Gamaredon Group 2019.08.21/Silence 2.0 2019.08.22/Operation Task Masters 2019.08.26/APT-C-09 2019.08.27/China Chopper 2019.08.27/LYCEUM Threat Group 2019.08.27/APT Patchwork 2019.08.27/TA505 2019.08.29/Threat Actor ITG08 2019.08.29/Heatstroke Campaign 2019.08.29/SectorJ04 2019.08.29/Tick Tock 2019.08.31/Bitter APT 2019.09.04/Glupteba Campaign 2019.09.05/UPSynergy 2019.09.06/BITTER APT 2019.09.09/Thrip 2019.09.11/RANCOR APT 2019.09.15/Kittens 2019.09.18/Magecart Skimming Attack 2019.09.18/Tortoiseshell Group 2019.09.24/DeadlyKiss 2019.09.24/Tortoiseshell 2019.09.24/Russia APT Ecosystem 2019.09.26/Chinese APT Hackers Attack Windows Users via FakeNarrator Malware 2019.09.30/HELO Winnti 2019.10.01/New Adwind Campaign targets US Petroleum Industry 2019.10.01/KovCoreG Malvertising Campaign 2019.10.01/KovCoreG-Malvertising-Campaign 2019.10.01/New Fileless Botnet Novter Distributed by KovCoreG Malvertising Campaign 2019.10.03/PKPLUG 2019.10.04/GEOST BOTNET 2019.10.07/Charming Kittens 2019.10.07/Kittens 2019.10.07/Mustang Panda 2019.10.07/Supply Chain Attacks 2019.10.09/FIN 6 2019.10.10/Attor 2019.10.10/ESET - Attor 2019.10.10/FIN 7 2019.10.10/Winnti 2019.10.14/Emotet External SOC 2019.10.14/winnti 2019.10.14/TURBINE PANDA 2019.10.15/Lowkey 2019.10.17/Operation Ghost 2019.10.21/Winnti Group’s skip-2.0_ A Microsoft SQL Server backdoor 2019.10.21/Geost Botnet 2019.10.28/SWEED 2019.10.31/Calypso APT 2019.10.31/MESSAGETAP 2019.11.04/Higaisa APT 2019.11.04/APT 38 2019.11.05/LAZARUS GAZE APT38 2019.11.08/Platinum Group 2019.11.1/Operation Wizard Opium 2019.11.12/TA 505 2019.11.13/APT 33 2019.11.20/APT-C-34 2019.11.20/Lazarus 2019.11.21/Registers as “Default Print Monitor”, but is a malicious downloader. Meet DePriMon 2019.11.25/Do not Team 2019.11.26/Dexpot 2019.11.28/RevengeHotels 2019.11.29/Operation ENDTRADE 2019.12.03/Threat Actor Targeting Hong Kong Pro-Democracy Figures 2019.12.04/Kurdish Coder Campaign 2019.12.04/Zero Cleare 2019.12.06/Cosmic Banker campaign 2019.12.10/TrickBot Planeswalker 2019.12.11/Waterbear 2019.12.11/Anchor IOCs 2019.12.11/Dropping Anchor 2019.12.12/Drilling Deep 2019.12.12/GALLIUM 2019.12.12/Operation Gamework 2019.12.16/My kings 2019.12.17/Dacls RAT 2019.12.17/Dacls, the Dual platform RAT 2019.12.17/Rancor 2019.12.19/Operation Wacao 2019.12.26/Trojan Lampion 2019.12.29/BRONZE PRESIDENT Targets NGOs
APT01 APT01 Samples
APT03 APT03 / Gothic Panda Samples
APT10 APT10 Samples
APT19 APT19 Samples
APT21 APT21 Samples
APT28 APT28 Samples
APT29 APT29 Samples
APT30 APT30 Samples
APT32 / OceanLotus OceanLotus
APT33 Greenbug Shamoon
APT34 APT34 Sample
APT37 Final 1st Spy
APT41 APT41 Samples
APTC01 APT-C-01 Samples
APTC23 Frozen Cell
APTC36 APT-C-36 Samples
ATMitch ATMitch Samples
Blue Mockingbird Blue Mockingbird Samples
BronzeButler BronzeButler Samples
CeidPagelock CeidPagelock Samples
ChaferGroup Chafer Group Samples
CobaltGroup CobaltGroup Samples
Comnie Comnie Samples
Cycldek Cycldek Samples
DarkHalo / SolarWind Breach DarkHalo / SolarWind Samples + FireEye Tools + False Positives
DarkHotel DarkHotel Samples
DarkHydrus DarkHydrus Samples
DarkTequila DarkTequila Samples
Doqu Doqu Dropper
DustSquad Octopus
DustStorm DustStorm
Elirks Elirks
Energetic Bear Energetic Bear Samples
Equation Group Equation Group Samples
EvilGnome EvilGnome Samples
EvilNum PyVil
FASTCash FASTCash Samples
Gold Dragon Gold Dragon Samples
Gorgon Group Gorgon Group Samples
Grandoreiro Grandoreiro Samples
HiddenBee HiddenBee Samples
Kimsuky Kimsuky Samples
Kobalos Kobalos Samples
Lazarus Group Lazarus Samples
LightSpy LightSpy Samples
MalwareVPNFilter MalwareVPNFilter Samples
MartyMcFly MartyMcFly Samples
MosaicRegressor MosaicRegressor Samples
MuddyWater MuddyWater Samples
Nanhaishu Nanhaishu
NightScout Operation Nightscout samples
Octopus Octopus Samples
Pacifer Pacifer
Platinum Group Titanium
ProjectSauron ProjectSauron
QuarterMaster QuarterMaster Samples
Rocke Rocke Samples
ShadowHammer ShadowHammer Samples
Shamoon Shamoon Samples
Slingshot Slingshot Samples
Slothful Media SlothfulMedia Samples
Taidoor Taidoor Samples
Thrip Thrip Samples
Transparent Tribe Crimson RAT
Turla Group Turla Samples
UP007 UP007
Unit1937CN Unit1937CN Samples
Vermin Vermin Samples
Voodoo Bear BlackEnergy Bin Implants Grey Energy OlympicDestroyer
WannaCry WannaCry Samples