Giter Site home page Giter Site logo

threat-intel's Introduction

Threat INTel Reports

Archive of publicly available threat/cybercrime INTel reports (mostly APT Reports but not limited to). Useful as a reference when you emulate threat actors on a daily basis. Please create an issue if I'm missing a relevant Report.

Note: If you are looking for every type of publicly available documents and notes related to APTs have a look at APTnotes and aptnotes. Unfortunately the way they store and sort their data doesn't work for me anymore.

2017

Title Month Source
APT28: A Window into Russias Cyber Espionage Operations? Jan FireEye
APT28: At the center of the storm. Russia strategically evolves its cyber operations Jan FireEeye
APT28 Under the Scope A Journey into Exfiltrating Intelligence and Government Information Feb BitDefender
KingSlayer A Supply chain attack Feb RSA
Nile Phish: Large-Scale Phishing Campaign Targeting Egyptian Civil Society Feb The Citizen Lab
Bitter Sweet: Supporters of Mexico's Soda Tax Targeted With NSO Exploit Links Feb The Citizen Lab
Enhanced Analysis of GRIZZLY STEPPE Activity Feb US-CERT
Dissecting the APT28 Mac OS X Payload Feb Bitdefender
Read The Manual A guide to the RTM Banking Trojan Feb ESET
Trends in Android Ransomware Feb ESET
From Shamoon to StoneDrill Mar Kaspersky
Lazarus Under the Hood Apr Kaspersky
Appendix B: Moonlight Maze Technical Report Apr Kaspersky
Callisto Group Apr F-Secure
McAfee Labs Threats Report Apr McAfee
Intrusions Affecting Multiple Victims Across Multiple Sectors Apr US-CERT
Two Years of Pawn Storm Examining an Increasingly Relevant Threat May Trend Micro
Sednit adds two zero-day exploits using Trumps attack on Syria as a decoy May ESET
Evolution of the GOLD EVERGREEN Threat Group May SecureWorks
Bachosens: Highly-skilled petty cyber criminal with lofty ambitions targeting large organizations May Symantec
Lazarus: History of mysterious group behind infamous cyber attacks May Symantec
Operation Bachosens: A detailed look into a long-running cyber crime campaign May Symantec
Sednit adds two zero-day exploits using Trumps attack on Syria as a decoy May ESET
Tainted Leaks: Disinformation and Phishing With a Russian Nexus May The Citizen Lab
Lazarus Arisen - full report May Group IB
Lazarus Arisen - article May Group IB
CrashOverride: Analysis of the Threat to Electric Grid Operations Jun Dragos
Behind the CARBANAK Backdoor Jun FireEye
Bahamut Pursuing a Cyber Espionage Actor in the Middle East Jun Collin and Claudio
WIN32/INDUSTROYER A new threat for industrial control systems Jun ESET
FIN10 Anatomy of a Cyber Extortion Operation Jun FireEye
Everything we know about GoldenEye Jul BitDefender
Living off the land and fileless attack techniques Jul Symantec
State of Cybersecurity in Asia-Pacific Jul PaloAlto
Operation Wilted Tulip Jul ClearSky & Trend Micro
Intelligence Games in the Power Grid Sep Treadstone 71

2016

Title Month Source
Analyzing a New Variant of BlackEnergy 3 Likely Insider-Based Execution Jan SentinelOne
Operation Dusty Sky Jan ClearSky
Know Your Enemies 2.0: A Primer on Advanced Persistent Threat Groups Feb ICIT
Operation Duststorm Feb Cylance
peration Blockbuster Feb Novetta
From Seoul to Sony Feb Blue Coat
The Four-Element Sword Engagement: Ongoing APT Targeting of Tibetan, Hong Kong, and Taiwanese Interests Mar Arbor Networks
The Four Element Sword Engagement Apr Arbor Networks
Between Hong Kong and Burma: Tracking UP007 and SLServer Espionage Campaigns Apr The Citizen Lab
PLATINUM Targeted attacks in South and Southeast Asia Apr Microsoft
Follow the money: Dissecting the operations of the cyber crime group FIN6 Apr FireEye
Mofang: A politically motivated information stealing adversary May FoxIT
Operation Groundbait:Analysis of a surveillance toolkit May ESET
APT Case RUAG Technical Report May Melani GovCERT
Keep Calm and (Dont) Enable Macros: A New Threat Actor Targets UAE Dissidents May The Citizen Lab
Operation DustySky Part 2 Jun ClearSky
Visiting The Bear Den A Journey in the Land of Cyber-Espionage Jun ESET
REDLINE DRAWN China recalculates its use of cyber espionage Jun FireEye
in the Middle East
Pacifier APT Jul Bitdefender
Unveiling Patchwork the Copy Paste APT Jul Cymmetria
Operation Manul Aug EFF
Monsoon - Analysis of an APT Campaign Aug Forcepoint
Group5: Syria and the Iranian Connection Aug The Citizen Lab
The ProjectSauron APT Aug Kaspersky
Carbanak Oracle Breach Aug VISA
The Million Dollar Dissident: NSO Group's iPhone Zero-Days used against a UAE Human Rights Defender Aug The Citizen Lab
Visa Alert and Update on the Oracle Breach Aug VISA
Ego Market When Greed for Fame Benefits Large-Scale Botnets Sep GoSecure
Hunting Libyan Scorpions Sep Cyberkov
En Route with Sednit Part 1: Approaching the Target Oct ESET
En Route with Sednit Part 2: Observing the Comings and Goings Oct ESET
En Route with Sednit Part 3: A Mysterious Downloader Oct ESET
Rootkit analysis Use case on HideDRV Oct Sekoia
Wave your false flags! Deception tactics muddying attribution in targeted attacks Oct Kaspersky
When The Lights Went Out: Ukraine Cybersecurity Threat Briefing Nov BAH
PROMETHIUM and NEODYMIUM: Parallel zero-day attacks targeting individuals in Europe Dec Microsoft
Use of Fancy Bear Android Malware tracking of Ukrainian Artillery Units Dec Crowdstrike
GRIZZLY STEPPE - Russian Malicious Cyber Activity Dec FBI

2015

Title Month Source
Insight In To A Strategic Web Compromise And Attack Campaign Against Hong Kong Infrastructure Jan Dragon Threat Labs
The Waterbug Attack Group Jan Symantec
CARBANAK APT THE GREAT BANK ROBBERY Feb Kaspersky
Behind The Syrian Conflict's Digital Front Lines Feb FireEye
The Desert Falcons Targeted Attacks Feb Kaspersky
Southeast Asia: An Evolving Cyber Threat Landscape Feb FireEye
Operation Arid Viper: Bypassing The Iron Dome Feb Trend Micro
Plugx Goes To The Registry And India Feb Sophos
ScanBox II Feb PWC
Crowdstrike Global Threat Intel Report Feb Crowdstrike
Equation Group: Questions And Answers Feb Kaspersky
Shooting Elephants Feb CIRCL Luxembourg
Tibetan Uprising Day Malware Attacks Mar The Citizen Lab
Operation Woolen-Goldfish When Kittens Go Phishing Mar Trend Micro
Volatile Cedar Threat Intelligence And Research Mar Check Point
Hacking Team Reloaded? US-Based Ethiopian Journalists Again Targeted with Spyware Mar The Citizen Lab
HACKING THE STREET? FIN4 LIKELY PLAYING THE MARKET Apr FireEye
APT30 And The Mechanics Of A Long-Running Cyber Espionage Operation Apr FireEye
Sofacy II Same Sofacy, Different Day Apr PWC
China's Great Cannon Apr The Citizen Lab
CozyDuke Apr F-Secure
Dissecting Linux/Moose The Analysis of a Linux Router-based Worm Hungry for Social Networks May ESET
Operation Tropic Trooper: Relying On Tried-And-Tested Flaws To Infiltrate Secret Keepers May Trend Micro
Oceanlotus APT-C-00 May SkyEye
APT28 Targets Financial Markets: Zero Day Hashes Released May Root9b
Analysis On APT-To-Be Attack That Focusing On China's Government Agency May Antiy CERT
The Msnmm Campaigns: The Earliest Naikon APT Campaigns May Kaspersky
Operation Oil Tanker: The Phantom Menace May PandaLabs
Thamar Reservoir An Iranian cyber - attack campaign against targets in the Middle East Jun ClearSky
Duqu 2.0: A Comparison To Duqu Jun CrySyS Lab
Operation Lotusblossom Jun PaloAlto
An Iranian Cyber-Attack Campaign Against Targets In The Middle East Jun ClearSky
The Duqu 2.0 Technical Details Jun Kaspersky
Insight in to advances of adversary tactics, techniques and procedures through analysis of an attack against an organisation in the Asia Pacific region Jun Dragon Threat Labs
Target Attacks Against Tibetan And Hong Kong Groups Exploiting CVE-2014-4114 Jun The Citizen Lab
Operation Potao Express: Analysis Of A Cyber-Espionage Toolkit Jul ESET
The Black Vine Cyberespionage Group Jul Symantec
HAMMERTOSS: Stealthy Tactics Define a Russian Cyber Threat Group Jul FireEye
Butterfly: Corporate Spies Out For Financial Gain Jul Symantec
RSA Research Terracotta VPN: Enabler Of Advanced Threat Anonymity Aug RSA
What we know about the South Korea NIS's use of Hacking Team's RCS Aug The Citizen Lab
London Calling: Two-Factor Authentication Phishing From Iran Aug The Citizen Lab
THE DUKES: 7 years of Russian cyberespionage Sep F-Secure
The Spy Kittens Are Back: Rocket Kitten 2 Sep Trend Micro
Proactive Threat Identification Neutralizes Remote Access Trojan Efficacy Sep Recorded Future
Pay No Attention to the Server Behind the Proxy: Mapping FinFisher's Continuing Proliferation Oct The Citizen Lab
Targeted Malware Attacks against NGO Linked to Attacks on Burmese Government Websites Oct The Citizen Lab
RUSSIAN FINANCIAL CYBERCRIME: HOW IT WORKS Nov Kaspersky
CopyKittens Attack Group Nov ClearSky
ROCKET KITTEN: A Campaign with 9 lives Nov Check Point
Operation Iron Tiger: Exploring Chinese Cyber-Espionage Attacks on United States Defense Contractors Dec Trend Micro

2014

Title Month Source
Targeted Attacks Against The Energy Sector Jan Symantec
Emerging Threat Profile Shell_Crew Jan RSA
New Cdto: A Sneakernet Trojan Solution Jan Fidelis
Intruder File Report- Sneakernet Trojan Jan Fidelis
Uroburos Highly Complex Espionage Software With Russian Roots Feb GDATA
Unveiling Careto - The Masked Apt Feb Kaspersky
Mapping Hacking Teams Untraceable Spyware Feb The Citizen Lab
Gathering In The Middle East, Operation Stteam Feb Fidelis
The Monju Incident Feb Context
Hacking Team and the Targeting of Ethiopian Journalists Feb The Citizen Lab
Hacking Team's US Nexus Mar The Citizen Lab
Snake Campaign & Cyber Espionage Toolkit Mar BAE
Maliciously Repackaged Psiphon Found Mar The Citizen Lab
Deep Panda May Crowdstrike
Operation Saffron Rose May FireEye
Rat In A Jar: A Phishing Campaign Using Unrecom May Fidelis
Illuminating The Etumbot Apt Backdoor Jun Arbor
Putter Panda Jun Crowdstrike
Anatomy Of The Attack: Zombie Zero Jun Trapx
Dragonfly: Cyberespionage Attacks Against Energy Suppliers Jun Symantec
Police Story: Hacking Team Government Surveillance Malware Jun The Citizen Lab
Energetic Bear _ Crouching Yeti Jul Kaspersky
The Eye Of The Tiger (Pitty Tiger) Jul Airbus
Crouching Yeti: Appendixes Jul Kaspersky
Operation Arachnophobia Caught In The Spider's Web Aug Threat Connect
Sidewinder Targeted Attack Against Android In The Golden Age Of Ad Libraries Aug FireEye
Profiling An Enigma: The Mystery Of North Korea's Cyber Threat Landscape Aug HP
The Epic Turla Operation: Solving Some Of The Mysteries Of Snake/Uroboros Aug Kaspersky
Syrian Malware, The Ever-Evolving Threat Aug Kaspersky
Cosmicduke Cosmu With A Twist Of Miniduke Sep F-Secure
Operation Quantum Entanglement Sep FireEye
BLACKENERGY & QUEDAGH The convergence of crimeware and APT attacks Oct F-Secure
Sofacy Phishing Oct PWC
Operation Pawn Storm Using Decoys to Evade Detection Oct Trend Micro
Hikit Analysis Oct Novetta
Apt28: A Window Into Russia's Cyber Espionage Operations Oct FireEye
Micro-Targeted Malvertising Via Real-Time Ad Bidding Oct Invincea
The Rotten Tomato Campaign Oct Sophos
Zoxpng Analysis Oct Novetta
Operation Toohash How Targeted Attacks Work Oct GDATA
The Darkhotel Apt A Story Of Unusual Hospitality Nov Kaspersky
Darkhotel Indicators Of Compromise Nov Kaspersky
Derusbi (Server Variant) Analysis Nov Novetta
Evil Bunny: Suspect #4 Nov Marion
The Regin Platform Nation-State Ownership Of Gsm Networks Nov Kaspersky
Regin: Top-Tier Espionage Tool Enables Stealthy Surveillance Nov Symantec
Anunak: Apt Against Financial Institutions Dec FoxIT
The Inception Framework: Cloud-Hosted Apt Dec Blue Coat
Operation Cleaver Dec Cylance
Bots, Machines, And The Matrix Dec Fidelis
Hacking The Street? Fin4 Likely Playing The Market Dec FireEye
W32/Regin, Stage #1 Dec F-Secure
W64/Regin, Stage #1 Dec F-Secure
Malware Attacks Targeting Syrian ISIS Critics Dec The Citizen Lab

2013

Title Month Source
"Red October" Diplomatic Cyber Attacks Investigation Jan Kaspersky
The Icefog Apt: A Tale Of Cloak And Three Daggers Jan Kaspersky
A closer look at MiniDuke Feb BitDefender
Stuxnet 0.5: The Missing Link Feb Symantec
The Miniduke Mystery: Pdf 0-Day Government Spy Assembler 0X29A Micro Backdoor Feb Kaspersky
Miniduke: Indicators Feb CrySyS Lab
Apt1 Exposing One Of China's Cyber Espionage Units Feb Mandiant
Command And Control In The Fifth Domain Feb Command Five Pty Ltd
Comment Crew: Indicators Of Compromise Feb Symantec
APT1s GLASSES: Watching a Human Rights Organization Feb The Citizen Lab
Dissecting Operation Troy: Cyberespionage In South Korea Mar McAfee
The Teamspy Story - Abusing Teamviewer In Cyberespionage Campaigns Mar Kaspersky
Analysis Of A Plugx Variant (Plugx Version 7.0) Mar CIRCL
You Only Click Twice: Finfisher's Global Proliferation Mar The Citizen Lab
Apt1: Technical Backstage Mar itrust
Safe A Targeted Threat Mar Trend Micro
Winnti: More Than Just A Game Apr Kaspersky
For Their Eyes Only: The Commercialization of Digital Spying Apr The Citizen Lab
Permission to Spy: An Analysis of Android Malware Targeting Tibetans Apr The Citizen Lab
Analysis Of A Stage 3 Miniduke Sample May CIRCL
Operation Hangover - Unveiling An Indian Cyberattack Infrastructure May Norman
The Chinese Malware Complexes: The Maudi Surveillance Operation Jun Norman
A Call To Harm: New Malware Attacks Target The Syrian Opposition Jun The Citizen Lab
Crude Faux: An Analysis Of Cyber Conflict Within The Oil & Gas Industries Jun Cerias
Njrat Uncovered Jun Fidelis
The Nettraveler (Aka Travnet) Jun Kaspersky
The Plugx Malware Revisited: Introducing Smoaler Jul Sophos
Operation Hangover - Unveiling An Indian Cyberattack Infrastructure (Appendix) Aug FIXME
The Little Malware That Could: Detecting And Defeating The China Chopper Web Shell Aug FireEye
Inside Report _ Apt Attacks On Indian Cyber Space Aug Infosec Consorcium
Surtr: Malware Family Targeting the Tibetan Community Aug The Citizen Lab
Poison Ivy: Assessing Damage And Extracting Intelligence Aug FireEye
2Q Report On Targeted Attack Campaigns Sep Trend Micro
Hidden Lynx: Professional Hackers For Hire Sep Symantec
World War C: Understanding Nation-State Motives Behind Today's Advanced Cyber Attacks Sep FireEye
Fakem Rat: Malware Disguised As Windows Messenger And Yahoo! Messenger Oct Trend Micro
Targeted Threats Index Oct The Citizen Lab
Supply Chain Analysis: From Quartermaster To Sunshopfireeye Nov FireEye
Energy At Risk: A Study Of It Security In The Energy And Natural Resources Industry Dec KPMG
Etso Apt Attacks Analysis Dec AHNLAB
Operation Ke3Chang Targeted Attacks Against Ministries Of Foreign Affairs Dec FireEye
"Njrat" The Saga Continues Dec Fidelis
Quantum of Surveillance: Familiar Actors and Possible False Flags in Syrian Malware Campaigns Dec The Citizen Lab

2012

Title Month Source
The Heartbeat Apt Campaign Jan Trend Micro
Crouching Tiger, Hidden Dragon, Stolen Data Mar Context
Skywiper (A.K.A. Flame A.K.A. Flamer): A Complex Malware For Targeted Attacks Mar CrySyS Lab
Luckycat Redux: Inside An Apt Campaign With Multiple Targets In India And Japan Mar Trend Micro
Have I Got Newsforyou: Analysis Of Flamer C&C Server May Symantec
Ixeshe An Apt Campaign May Trend Micro
Pest Control: Taming The Rats Jun Matasano
Spoofing the European Parliament: Analysis of the Repurposing of Legitimate Content in Targeted Malware Attacks Jun The Citizen Lab
Syrian Activists Targeted with BlackShades Spy Software Jun The Citizen Lab
From Bahrain With Love: Finfisher Spy Kit Exposed? Jul The Citizen Lab
Recent Observations In Tibet-Related Information Operations: Advanced Social Engineering For The Distribution Of Lurk Malware Jul The Citizen Lab
Iexpl0Re Rat Aug The Citizen Lab
Gauss: Abnormal Distribution Aug Kaspersky
The SmartPhone Who Loved Me: FinFisher Goes Mobile Aug The Citizen Lab
The Voho Campaign: An In Depth Analysis Aug RSA
The Elderwood Project Sep Symantec
Backdoors are Forever: Hacking Team and the Targeting of Dissent Oct The Citizen Lab
Trojan.Taidoor: Targeting Think Tanks Oct Symantec
Recovering From Shamoon Nov Fidelis
Systematic Cyber Attacks Against Israeli And Palestinian Targets Going On For A Year Nov Norman
The Many Faces Of Gh0St Rat: Plotting The Connections Between Malware Attacks Nov Norman

2011

Title Month Source
W32.Stuxnet Dossier Feb Symantec
Global Energy Cyberattacks: Night Dragon Feb McAfee
Stuxnet Under the Microscope Apr ESET
Advanced Persistent Threats: A Decade in Review Jun Command Five Pty Ltd
The Lurid Downloader Aug Trend Micro
Revealed: Operation Shady Rat Aug McAfee
Enter the Cyber-dragon Sep Vanity Fair
SK Hack by an Advanced Persistent Threat Sep Command Five Pty Ltd
Alleged APT Intrusion Set: "1.php" Group Oct Zscaler
The Nitro Attacks: Stealing Secrets From The Chemical Industry Oct Symantec

2010

Title Month Source
The Command Structure Of The Aurora Botnet Jan Damballa
Operation Aurora: Detect, Diagnose, Respond Jan HBGary
Operation Aurora Feb HBGary
Combating Aurora Jan McAfee
In-Depth Analysis Of Hydraq: The Face Of Cyberwar Enemies Unfolds Mar CA
Shadows In The Cloud: Investigating Cyber Espionage 2.0 Apr Shadowserver
The Msupdater Trojan And Ongoing Targeted Attacks Sep Zscaler

2009

Title Month Source
Tracking GhostNet: Investigating a Cyber Espionage Network Mar TheSecDevGroup
DECLAWING THE DRAGON: WHY THE U.S. MUST COUNTER CHINESE CYBER-WARRIORS Jun NA
Capability of the People\92s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation Oct Northrop Grumman
Russian Cyberwar on Georgia Nov georgiaupdate.gov.ge

References

threat-intel's People

Contributors

fdiskyou avatar shutupandhax avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.