cyber-research / aptmalware Goto Github PK
View Code? Open in Web Editor NEWAPT Malware Dataset Containing over 3,500 State-Sponsored Malware Samples
APT Malware Dataset Containing over 3,500 State-Sponsored Malware Samples
Two samples were incorrectly assigned to FancyBear (APT28), although they were attributed to CozyBear (APT29) according to the CrowdStrike article (see table below) that served as ground truth for the blog post referenced in the cyber-research dataset.
6c1bce76f4d2358656132b6b1d471571820688ccdbaca0d86d0ca082b9390536
b101cd29e18a515753409ae86ce68a4cedbe0d640d385eb24b9bbb69cf8186ae
In fact, the blog post incorrectly lists CozyBear (APT29) as creator of all file hashes mentioned in the CrowdStrike article including the hash of the threat intelligence report itself (see image below), even though only two samples belong to CozyBear (APT29) and three to FancyBear (APT28).
The file hash of the threat intelligence report was erroneously included in the cyber-research dataset, presumably because the report was also uploaded to VirusTotal as a PDF, so it was probably assumed that it is a real malware sample (despite no AV labels it as malicious).
In the same blog post, nine more threat intelligence reports could be found, eight of which are included in the dataset although they have no or only one detection (false positive) on VirusTotal.
1b6c3e6ef673f14536ff8d7c2bf18f9358a9a7f8962a24e2255f54ac451af86c
9b8495ff1d023e3ae7aed799f02d9cf24422a38dfb9ed37c0bdc65da55b4ee42
a76b1ec9d196b5c071992486d096ad475226e92b6db06c351e3a4ad4e4949248
b31b27aa0808aea5b0e8823ecb07402c0c2bbf6818a22457e146c97f685162b4
f9ed13d5aa43c74287a936bf52772080fc26b5c62a805e19abceb20ef08ea5ff
2c7a60963b94b6fc924abdcb19da4d32f35c86cdfe2277b0081cd02c72435b48
fb0cb4527efc48c90a2cd3e9e46ce59eaa280c85c50d7b680c98bb159c27881d
b0f1f553a847f3244f434541edbf26904e2de18cca8db8f861ea33bb70942b61
e83e2185f9e1a5dbc550914dcbc7a4d0f8b30a577ddb4cd8a0f36ac024a68aa0
(currently not on VT and in dataset)Furthermore, cyber-research assigned the DarkHotel APT to North Korea, although the campaign has been attributed to South Korea by various security researchers (see references on Malpedia).
I created a pull request #2 proposing the following changes:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.