aptnotes / data Goto Github PK
View Code? Open in Web Editor NEWAPTnotes data
data's People
Contributors
Stargazers
Watchers
Forkers
lucabongiorni rkornmeyer inigma117 benwend to4kawa shalekesan cy-fir 971sec c0den wflk wujike somethingnew2-0 vaginessa seth1002 lingnutter ssdtfarm tidyhuang japaks slietz bkmi-zz lxqlx lokitm hxp2k6 olemoudi caidongyun comthit alessiodallapiazza damnya superf0sh o-mdr cr2zyivan sunqiang123 la5la 11x256 crazykid199 mcburrlin hackmycontrolsystem beerandgin blackjacktoken zoni171 evilino cosrah xtiankisutsa madkoala googlebest dfirgeek olivierh59500 quikilr mxavierc kuggaa securitywarrior joinbaijun hoangcuongflp avgirl tmcmil vnhacker1337 vinay166 bryant1410 pentestify su1ph3r joelsimmons1 ryanfakir angelzwing subzero-997 cheviz caoyunzhu itys guardianrg karthikkumar41 liorpe romannamor9 geirskjo siriusanalyst kata85 aln7 shyant primmus glenndaguru tardummy01 hbxc0re jmroberson inuo091 guiying212 beyondcy nettao zldww2011 shebisabeen epsilonsolutions stanleygoo p4rs3r juntian1983 lukw00heck lovemonkey257 akju annie201 dx2048 sonnyl1992 nithish spawankumar michaeldaviedata's Issues
[Kaspersky] ProjectSauron
Please fill out the information below
Release date: (08/08/2016)
Vendor: Kaspersky
Link: https://securelist.com/analysis/publications/75533/faq-the-projectsauron-apt/
PDF: https://securelist.com/files/2016/07/The-ProjectSauron-APT_research_KL.pdf
Group:
Other:
Add Trend Report: Looking Into a Cyber-Attack Facilitator in the Netherlands
Release date: (04/21/2016)
Vendor: TrendMicro
PDF: (Appendix) http://documents.trendmicro.com/assets/appendix_looking-into-a-cyber-attack-facilitator-in-the-netherlands.pdf
Group:
Other:
Add FireEye blog covering IronGate
Release date: (06/02/2016)
Vendor: FireEye
Link: https://www.fireeye.com/blog/threat-research/2016/06/irongate_ics_malware.html
PDF:
Group:
Other: Irongate, ICS
Add Clearsky report: Operation-DustySky2
Release date: (06/09/2016)
Vendor: Clearskysec
Link: http://www.clearskysec.com/dustysky2/
PDF: http://www.clearskysec.com/wp-content/uploads/2016/06/Operation-DustySky2_-6.2016_TLP_White.pdf
Group: Molerats
Other: Indicators - http://www.clearskysec.com/wp-content/uploads/2016/06/DusySky2-indicators.xlsx
Add Unit42 Prince of Persia Game Over Blog
Release date: (06/28/2016)
Vendor: Palo Alto (Unit 42)
Link: http://researchcenter.paloaltonetworks.com/2016/06/unit42-prince-of-persia-game-over/
PDF:
Group: Unknown
Other: Infy
Strontium
Please fill out the information below
Release date: (11/16/2015)
Vendor: Microsoft
Link:
Group: APT28
Other:
Add Gov CERT CH Ruag report
Release date: (05/23/2016)
Vendor: Govcert.ch
PDF:
Group:
Other:
[Forcepoint] MONSOON
Please fill out the information below
Release date: (08/06/2016)
Vendor: Forcepoint
Link: https://blogs.forcepoint.com/security-labs/monsoon-analysis-apt-campaign
Group:
IOCs: https://otx.alienvault.com/pulse/57abd06e151d8a0134cbb0bb/
PLATINUM
Please fill out the information below
Release date: (04/26/2016)
Vendor: Microsoft
Link: https://blogs.technet.microsoft.com/mmpc/2016/04/26/digging-deep-for-platinum/
Group: ?
Other:
Add Cymmetria Patchwork Report
Release date: (7/7/2016)
Vendor: Cymmetria
Link: https://www.cymmetria.com/patchwork-targeted-attack
PDF: https://s3-us-west-2.amazonaws.com/cymmetria-blog/public/Unveiling_Patchwork.pdf
Group:
Other:
IOCs - https://raw.githubusercontent.com/CymmetriaResearch/CymmetriaResearch/master/Patchwork/IOCs/IOCs.csv
Operation Daybreak
Please fill out the information below
Release date: (06/17/2016)
Vendor: Kaspersky
Link: https://securelist.com/blog/research/75100/operation-daybreak/
PDF:
Group: ScarCruft
Other:
Fix date format in the CSV
The date format in the CSV (and JSON) is inconsistent. It should be (mm/dd/yyyy).
Implement tagging
Work on the implementation of tagging mechanism within the table and json contexts
Add new Trend report: IXESHE Derivative IHEATE Targets Users in America
Release date: (05/27/2016)
Vendor: Trend Micro
PDF:
Group:
Other: IXESHE Derivative IHEATE
[CitizenLab] The Million Dollar Dissident
Please fill out the information below
Title: The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender
Release date: (08/24/2016)
Vendor: CitizenLab
Link: https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/
PDF:
Group: NSO Group
Other:
Add ESET SBDH report
Release date: (7/1/2016)
Vendor: ESET
PDF:
Group:
Other: SBDH toolkit
Hashes:
1345b6189441cd1ed9036ef098adf12746ecf7cb
15b956feee0fa42f89c67ca568a182c348e20ead
f2a1e4b58c9449776bd69f62a8f2ba7a72580da2
7f32cae8d6821fd50de571c40a8342acaf858541
5DDBDD3CF632F7325D6C261BCC516627D772381A
4B94E8A10C5BCA43797283ECD24DF24421E411D2
D2E9EB26F3212D96E341E4CBA7483EF46DF8A1BE
09C56B14DB3785033C8FDEC41F7EA9497350EDAE
Findings from Analysis of DNC Intrusion Malware
Please fill out the information below
Release date: (06/20/2016)
Vendor: Fidelis
Link: http://www.threatgeek.com/2016/06/dnc_update.html
PDF:
Group: CozyBear, FancyBear
Other:
Add Kaspersky Dropping Elephant Blog Post
Release date: (7/8/2016)
Vendor: Kaspersky
Link: https://securelist.com/blog/research/75328/the-dropping-elephant-actor/
PDF:
Group: Dropping Elephant (aka: “Chinastrats” and “Patchwork“)
Other:
[EFF] Operation Manul
Please fill out the information below
Release date: (08/03/2016)
Vendor: EFF
Link: https://www.eff.org/files/2016/08/03/i-got-a-letter-from-the-government.pdf
PDF:
Group:
Other:
Add FireEye report: APT GROUP SENDS SPEAR PHISHING EMAILS TO INDIAN GOVERNMENT OFFICIALS
Release date: (06/03/2016)
Vendor: FireEye
Link: https://www.fireeye.com/blog/threat-research/2016/06/apt_group_sends_spea.html
PDF:
Group: suspected Pakistan-based APT group
Other:
On May 18, 2016, FireEye Labs observed a suspected Pakistan-based APT group sending spear phishing emails to Indian government officials. This threat actor has been active for several years and conducting suspected intelligence collection operations against South Asian political and military targets.
TC: Belling the BEAR
Release date: (09/28/2016)
Vendor: Threat Connect
Link: https://www.threatconnect.com/blog/russia-hacks-bellingcat-mh17-investigation/
PDF:
Group: APT28 (Sofacy)
Other:
ThreatConnect reviews activity targeting Bellingcat, a key contributor in the MH17 investigation.
[CitizenLab] Group5: Syria and the Iranian Connection
Please fill out the information below
Release date: (08/02/2016)
Vendor: CitizenLab
Link: https://citizenlab.org/2016/08/group5-syria/
PDF:
Group:
Other:
Tracking Elirks Variants in Japan: Similarities to Previous Attacks
Please fill out the information below
Release date: (06/23/2016)
Vendor: Palo Alto
PDF:
Group:Scarlet Mimic
Other:
Add F-Secure Dukes Report
Release date: (09/17/2015)
Vendor: F-Secure
Link: https://labsblog.f-secure.com/2015/09/17/the-dukes-7-years-of-russian-cyber-espionage/
PDF: https://www.f-secure.com/documents/996508/1030745/dukes_whitepaper.pdf
Group: Dukes
Other:
https://app.box.com/s/ipsg0t3krs811gesknvxrdsqhsknbydj
SHA-1: c02195e501548fc9b8e2e13673a7e12e1af9e207
NetTraveler APT Targets Russian, European Interests
Please fill out the information below
Release date: (07/07/2016)
Vendor: Proofpoint
Link: https://www.proofpoint.com/us/threat-insight/post/nettraveler-apt-targets-russian-european-interests
PDF:
Group: NetTraveler
Other:
DUBNIUM
Please fill out the information below
Release date: (06/09/2016)
Vendor: Microsoft
Link:
- https://blogs.technet.microsoft.com/mmpc/2016/06/09/reverse-engineering-dubnium-2/
- https://blogs.technet.microsoft.com/mmpc/2016/06/20/reverse-engineering-dubniums-flash-targeting-exploit/
PDF:
Group: DarkHotel (Kaspersky), DUBNIUM(MS)
Other:
Add Kaspersky report on "CVE-2015-2545: overview of current threats usage"
Release date: (05/25/2016)
Vendor: Kaspersky
Link: https://securelist.com/analysis/publications/74828/cve-2015-2545-overview-of-current-threats/
PDF: N/A
Group: Platinum (also known as TwoForOne), APT16, EvilPost, SPIVY, Danti and SVCMONDR, Danti
Other: CVE-2015-2545 usage
Add PWC cve-2015-2545 report
Release date: (05/06/2016)
Vendor: PWC
Link: http://pwc.blogs.com/cyber_security_updates/2016/05/exploring-cve-2015-2545-and-its-users.html
PDF:
Group: Danti
Other: Exploring CVE-2015-2545 and its users
SHA-1 hashes don't match what is listed, change everytime
I'm writing a script to download all of the pdfs for local viewing. I noticed that all of the SHA-1 hashes of the downloaded files didn't match those in the csv and json files.
Sample:
PaloAlto_PrinceofPersiaGameOver(06-28-2016).pdf
Reported SHA-1: 3f92bfbfdb0fee7eda8613fc3a6ff515ffceb972
Calculated SHA-1: 88c16ea6054c620b3d322e74b9a565570ba9ec89
Bitdefender_Pacifier-APT(7-1-2016).pdf
Reported SHA-1: 6289dff2cbd2750c76517007989483922179fa40
Calculated SHA-1: 7092c099c42701a17292c0fbcc4573a5f302975c
Cymmetria_Unveiling-Patchwork(Jul-7-16).pdf
Reported SHA-1: 955ddb4453827e2c1664f2924e75b21fb0c0496d
Calculated SHA-1: 557a6c573ea2b6f89d7ebe3d4947ec2672ae757e
ESET_targeting-Central-and-EasternEurope(07-01-2016).pdf
Reported SHA-1: 8d9af4bb8b4bafcb9e58ab21e1419abd2eed46b2
Calculated SHA-1: 1cb7178f8cbb5733e30d9301e4be3e1efcb9d2dd
JPCERT_AsruexShortcutFiles(06-30-2016).pdf
Reported SHA-1: 0ddd9b23aaa773615e7d6392969d40b332e0c85f
Calculated SHA-1: 7b312a852aaa0156d09d61dd0bc0212ff3d30420
Proofpoint_NetTraveler-TargetsRussianEuropean(07-07-2016).pdf
Reported SHA-1: d647ecd9a694447bc8ee9096f425ba29d93f7fb7
Calculated SHA-1: d95b55d084c7bf68d7a6dcc3275a56a01753f135
Kaspersky_DroppingElephant(07-08-2016).pdf
Reported SHA-1: e0606a9e6a785d942b50d281d87550dc03d3666e
Calculated SHA-1: 354393d7471b6895e55373b3f96991267bd694c6
I deleted all of the files and ran the code again. This time I got different /incorrect SHA-1 hashes.
PaloAlto_PrinceofPersiaGameOver(06-28-2016).pdf
Reported SHA-1: 3f92bfbfdb0fee7eda8613fc3a6ff515ffceb972
Calculated SHA-1: b4518eb101c228e815ed6707eaa3988d3c9f731d
Bitdefender_Pacifier-APT(7-1-2016).pdf
Reported SHA-1: 6289dff2cbd2750c76517007989483922179fa40
Calculated SHA-1: 83e791a84ea77977e466514996fd3268c5ed8ba6
Cymmetria_Unveiling-Patchwork(Jul-7-16).pdf
Reported SHA-1: 955ddb4453827e2c1664f2924e75b21fb0c0496d
Calculated SHA-1: 378aed8b08e92e45d111fd51173cb6ac50edc2a2
ESET_targeting-Central-and-EasternEurope(07-01-2016).pdf
Reported SHA-1: 8d9af4bb8b4bafcb9e58ab21e1419abd2eed46b2
Calculated SHA-1: a0aff4e9e78fe99a358d520a4091328c8271d353
JPCERT_AsruexShortcutFiles(06-30-2016).pdf
Reported SHA-1: 0ddd9b23aaa773615e7d6392969d40b332e0c85f
Calculated SHA-1: 9b9fbcd9da3874154fa406f82d19c76272d153d4
Proofpoint_NetTraveler-TargetsRussianEuropean(07-07-2016).pdf
Reported SHA-1: d647ecd9a694447bc8ee9096f425ba29d93f7fb7
Calculated SHA-1: 6b4fbf8d178569a1c6afdd0c4812ce051374ffac
Kaspersky_DroppingElephant(07-08-2016).pdf
Reported SHA-1: e0606a9e6a785d942b50d281d87550dc03d3666e
Calculated SHA-1: 6e323df8f1cf1fe33edfffe91f5ac88b6693091b
Is box watermarking the downloads to make them each unique? Are there instructions on how to download these files "correctly" so hashes match? If the hashes are never going to match, you might not want to include them at all in the data files.
Add Bitdefender Pacifier APT Report
Release date: (7/1/2016)
Vendor: Bitdefender
Link:
Group: Pacifier
Other:
CrowdStrike's report on Cozy & Fancy bear
Please fill out the information below
Release date: (06/14/2016)
Vendor: CrowdStrike
Link: https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/
PDF:
Group: Cozy Bear & Fancy Bear
Other:
Add FireEye blog: TARGETED ATTACKS AGAINST BANKS IN THE MIDDLE EAST
Release date: (05/23/2016)
Vendor: FireEye
Link: https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html
PDF: https://www.readability.com/articles/mtchcryk
Group:
Other: TARGETED ATTACKS AGAINST BANKS IN THE MIDDLE EAST
Sofacy’s ‘Komplex’ OS X Trojan
Release date: (09/26/2016)
Vendor: PAN (Unit 42)
Link: http://researchcenter.paloaltonetworks.com/2016/09/unit42-sofacys-komplex-os-x-trojan/
PDF:
Group: Sofacy (APT28)
Other:
Mofang: A politically motivated information stealing adversary
Please fill out the information below
Release date: 05/17/2016
Vendor: Fox It Security
Link: https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp-white.pdf
PDF: fox-it_mofang_threatreport_tlp-white.pdf
Group: Mofang
Other:
The Ghost Dragon - Cylance
Please fill out the information below
Release date: (04/22/2016)
Vendor: Cylance
Link: https://blog.cylance.com/the-ghost-dragon
PDF: Attached
Group: N/A
Other: Gh0st RAT
Add Unit42 report on Wekby DNS request C2
Release date: (05/24/2016)
Vendor: Palo Alto
PDF:
Group: Wekby
Other:
Visiting The Bear Den
Please fill out the information below
Release date: (06/21/2016)
Vendor: ESET
Link:
Group: APT28
Other:
Buckeye cyberespionage group shifts gaze from US to Hong Kong
Please fill out the information below
Release date: (09/06/2016)
Vendor: Symantec
Link: http://www.symantec.com/connect/blogs/buckeye-cyberespionage-group-shifts-gaze-us-hong-kong
PDF: Attached
Group: APT3
Other: Pirpi
Buckeye cyberespionage group shifts gaze from US to Hong Kong - Symantec.pdf
Hunting Libyan Scorpions - Cyberkov Security
Release date: (09/18/2016)
Vendor: Cyberkov Security
Link: https://cyberkov.com/hunting-libyan-scorpions/
PDF: https://cyberkov.com/wp-content/uploads/2016/09/Hunting-Libyan-Scorpions-EN.pdf
Group: Libyan Scorpions
Other:
https://cyberkov.com/wp-content/uploads/2016/09/Libyan-Scorpions-IoCs.xlsx
Threat Group-4127
Please fill out the information below
Release date: (06/16/2016)
Vendor: Dell SecureWorks
Link: https://www.secureworks.com/research/threat-group-4127-targets-hillary-clinton-presidential-campaign
PDF:
Group: APT28
Other:
Add Unit42 blog - Prince of Persia: Infy Malware Active In Decade of Targeted Attacks
Release date: (05/02/2016)
Vendor: Palo Alto
PDF:
Group:
Other:
Missing dates for some entries
{'Date': 'X',
'Filename': 'fireeye-china-chopper-report',
'Link': 'https://app.box.com/s/yvk5tr8poletupw82biic0ucpvynvoyj',
'SHA-1': '8a3a657ac02569c1324ade4cca562ae8c5781f94',
'Source': 'FireEye',
'Title': 'The Little Malware That Could: Detecting And Defeating The China Chopper Web Shell',
'Year': '2013'}
{'Date': 'X',
'Filename': '2q-report-on-targeted-attack-campaigns',
'Link': 'https://app.box.com/s/bwgb7uhh6p4bdkyvlw94dpq19tq0fvbv',
'SHA-1': 'f69e4d23674d06ee459d2abbecc5f3f4cbd58047',
'Source': 'Trend Micro',
'Title': '2Q Report On Targeted Attack Campaigns',
'Year': '2013'}
{'Date': 'X',
'Filename': 'energy-at-risk',
'Link': 'https://app.box.com/s/z7lwte5v91lz2rkfywd9s1grnqeuy1fk',
'SHA-1': 'f03931c7214e71f4bfcc6a5008acb3f4bb1cb0e3',
'Source': 'KPMG',
'Title': 'Energy At Risk: A Study Of It Security In The Energy And Natural Resources Industry',
'Year': '2013'}
{'Date': 'X',
'Filename': 'AdversaryIntelligenceReport_DeepPanda_0 (1)',
'Link': 'https://app.box.com/s/6po2pgedkjf4br5p7tm51go7p5g3z6g3',
'SHA-1': '1d53861aafea11d9a60e798b90d623c8e7c7b9e7',
'Source': 'Crowdstrike',
'Title': 'Deep Panda',
'Year': '2014'}
Add Citizen Lab Stealth Falcon Report
Release date: (05/29/2016)
Vendor: Citizen Lab
Link: https://citizenlab.org/2016/05/stealth-falcon/
PDF: N/A
Group: Stealth Falcon
Other:
Asruex: Malware Infecting through Shortcut Files
Please fill out the information below
Release date: (06/30/2016)
Vendor: JPCert
Link: http://blog.jpcert.or.jp/2016/06/asruex-malware-infecting-through-shortcut-files.html
PDF:
Group: DarkHotel
Other:
Add Unit42 Report on operation ke3chang resurfaces
Release date: (05/23/2016)
Vendor: Palo Alto (Unit 42)
PDF: N/A
Group:
Other: Operation Ke3chang
Double listed report
The note was published in 2013, but is listed twice in both the CSV and JSON files.
NYTimes_Attackers_Evolve_Quickly,Survival Of The Fittest: New York Times Attackers Evolve Quickly,FireEye,https://app.box.com/s/fkg2mxeqpb2ivx9neyz6bseopy1dfg5p,5f17e7b886d2388ffc134157dd1b66aa65372b59,08/12/2013,2013
NYTimes_Attackers_Evolve_Quickly,Survival Of The Fittest: New York Times Attackers Evolve Quickly,FireEye,https://app.box.com/s/fkg2mxeqpb2ivx9neyz6bseopy1dfg5p,5f17e7b886d2388ffc134157dd1b66aa65372b59,08/12/2014,2014
Add Unit42 Sofacy blog
Release date: (06/14/2016)
Vendor: Palo Alto
PDF:
Group: APT28, Sofacy
Other:
Fix URL
httpss://app.box.com/s/a086wzo5lwibw0dl7ri0kt7d0b51u299 should be https://app.box.com/s/a086wzo5lwibw0dl7ri0kt7d0b51u299 (one s) in both the CSV and JSON files.
Box Static download links.
Would it be possible to provide static direct download links along with the current ones, so that it be possible to parse the csv/json on new pushes and auto grab pdfs as they are added to the list.
Add HPE 9002 RAT report
Release date: (08/30/2016)
Vendor: HP
PDF:
Group:
Other: “9002 RAT” -- a second building on the left
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.