aptnotes / data Goto Github PK
View Code? Open in Web Editor NEWAPTnotes data
APTnotes data
Please fill out the information below
Release date: (08/08/2016)
Vendor: Kaspersky
Link: https://securelist.com/analysis/publications/75533/faq-the-projectsauron-apt/
PDF: https://securelist.com/files/2016/07/The-ProjectSauron-APT_research_KL.pdf
Group:
Other:
Release date: (04/21/2016)
Vendor: TrendMicro
PDF: (Appendix) http://documents.trendmicro.com/assets/appendix_looking-into-a-cyber-attack-facilitator-in-the-netherlands.pdf
Group:
Other:
Release date: (06/02/2016)
Vendor: FireEye
Link: https://www.fireeye.com/blog/threat-research/2016/06/irongate_ics_malware.html
PDF:
Group:
Other: Irongate, ICS
Release date: (06/09/2016)
Vendor: Clearskysec
Link: http://www.clearskysec.com/dustysky2/
PDF: http://www.clearskysec.com/wp-content/uploads/2016/06/Operation-DustySky2_-6.2016_TLP_White.pdf
Group: Molerats
Other: Indicators - http://www.clearskysec.com/wp-content/uploads/2016/06/DusySky2-indicators.xlsx
Release date: (06/28/2016)
Vendor: Palo Alto (Unit 42)
Link: http://researchcenter.paloaltonetworks.com/2016/06/unit42-prince-of-persia-game-over/
PDF:
Group: Unknown
Other: Infy
Please fill out the information below
Release date: (11/16/2015)
Vendor: Microsoft
Link:
Group: APT28
Other:
Release date: (05/23/2016)
Vendor: Govcert.ch
PDF:
Group:
Other:
Please fill out the information below
Release date: (08/06/2016)
Vendor: Forcepoint
Link: https://blogs.forcepoint.com/security-labs/monsoon-analysis-apt-campaign
Group:
IOCs: https://otx.alienvault.com/pulse/57abd06e151d8a0134cbb0bb/
Please fill out the information below
Release date: (04/26/2016)
Vendor: Microsoft
Link: https://blogs.technet.microsoft.com/mmpc/2016/04/26/digging-deep-for-platinum/
Group: ?
Other:
Release date: (7/7/2016)
Vendor: Cymmetria
Link: https://www.cymmetria.com/patchwork-targeted-attack
PDF: https://s3-us-west-2.amazonaws.com/cymmetria-blog/public/Unveiling_Patchwork.pdf
Group:
Other:
IOCs - https://raw.githubusercontent.com/CymmetriaResearch/CymmetriaResearch/master/Patchwork/IOCs/IOCs.csv
Please fill out the information below
Release date: (06/17/2016)
Vendor: Kaspersky
Link: https://securelist.com/blog/research/75100/operation-daybreak/
PDF:
Group: ScarCruft
Other:
The date format in the CSV (and JSON) is inconsistent. It should be (mm/dd/yyyy).
Work on the implementation of tagging mechanism within the table and json contexts
Release date: (05/27/2016)
Vendor: Trend Micro
PDF:
Group:
Other: IXESHE Derivative IHEATE
Please fill out the information below
Title: The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender
Release date: (08/24/2016)
Vendor: CitizenLab
Link: https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/
PDF:
Group: NSO Group
Other:
Release date: (7/1/2016)
Vendor: ESET
PDF:
Group:
Other: SBDH toolkit
Hashes:
1345b6189441cd1ed9036ef098adf12746ecf7cb
15b956feee0fa42f89c67ca568a182c348e20ead
f2a1e4b58c9449776bd69f62a8f2ba7a72580da2
7f32cae8d6821fd50de571c40a8342acaf858541
5DDBDD3CF632F7325D6C261BCC516627D772381A
4B94E8A10C5BCA43797283ECD24DF24421E411D2
D2E9EB26F3212D96E341E4CBA7483EF46DF8A1BE
09C56B14DB3785033C8FDEC41F7EA9497350EDAE
Please fill out the information below
Release date: (06/20/2016)
Vendor: Fidelis
Link: http://www.threatgeek.com/2016/06/dnc_update.html
PDF:
Group: CozyBear, FancyBear
Other:
Release date: (7/8/2016)
Vendor: Kaspersky
Link: https://securelist.com/blog/research/75328/the-dropping-elephant-actor/
PDF:
Group: Dropping Elephant (aka: “Chinastrats” and “Patchwork“)
Other:
Please fill out the information below
Release date: (08/03/2016)
Vendor: EFF
Link: https://www.eff.org/files/2016/08/03/i-got-a-letter-from-the-government.pdf
PDF:
Group:
Other:
Release date: (06/03/2016)
Vendor: FireEye
Link: https://www.fireeye.com/blog/threat-research/2016/06/apt_group_sends_spea.html
PDF:
Group: suspected Pakistan-based APT group
Other:
On May 18, 2016, FireEye Labs observed a suspected Pakistan-based APT group sending spear phishing emails to Indian government officials. This threat actor has been active for several years and conducting suspected intelligence collection operations against South Asian political and military targets.
Release date: (09/28/2016)
Vendor: Threat Connect
Link: https://www.threatconnect.com/blog/russia-hacks-bellingcat-mh17-investigation/
PDF:
Group: APT28 (Sofacy)
Other:
ThreatConnect reviews activity targeting Bellingcat, a key contributor in the MH17 investigation.
Please fill out the information below
Release date: (08/02/2016)
Vendor: CitizenLab
Link: https://citizenlab.org/2016/08/group5-syria/
PDF:
Group:
Other:
Please fill out the information below
Release date: (06/23/2016)
Vendor: Palo Alto
PDF:
Group:Scarlet Mimic
Other:
Release date: (09/17/2015)
Vendor: F-Secure
Link: https://labsblog.f-secure.com/2015/09/17/the-dukes-7-years-of-russian-cyber-espionage/
PDF: https://www.f-secure.com/documents/996508/1030745/dukes_whitepaper.pdf
Group: Dukes
Other:
https://app.box.com/s/ipsg0t3krs811gesknvxrdsqhsknbydj
SHA-1: c02195e501548fc9b8e2e13673a7e12e1af9e207
Please fill out the information below
Release date: (07/07/2016)
Vendor: Proofpoint
Link: https://www.proofpoint.com/us/threat-insight/post/nettraveler-apt-targets-russian-european-interests
PDF:
Group: NetTraveler
Other:
Please fill out the information below
Release date: (06/09/2016)
Vendor: Microsoft
Link:
PDF:
Group: DarkHotel (Kaspersky), DUBNIUM(MS)
Other:
Release date: (05/25/2016)
Vendor: Kaspersky
Link: https://securelist.com/analysis/publications/74828/cve-2015-2545-overview-of-current-threats/
PDF: N/A
Group: Platinum (also known as TwoForOne), APT16, EvilPost, SPIVY, Danti and SVCMONDR, Danti
Other: CVE-2015-2545 usage
Release date: (05/06/2016)
Vendor: PWC
Link: http://pwc.blogs.com/cyber_security_updates/2016/05/exploring-cve-2015-2545-and-its-users.html
PDF:
Group: Danti
Other: Exploring CVE-2015-2545 and its users
I'm writing a script to download all of the pdfs for local viewing. I noticed that all of the SHA-1 hashes of the downloaded files didn't match those in the csv and json files.
Sample:
PaloAlto_PrinceofPersiaGameOver(06-28-2016).pdf
Reported SHA-1: 3f92bfbfdb0fee7eda8613fc3a6ff515ffceb972
Calculated SHA-1: 88c16ea6054c620b3d322e74b9a565570ba9ec89
Bitdefender_Pacifier-APT(7-1-2016).pdf
Reported SHA-1: 6289dff2cbd2750c76517007989483922179fa40
Calculated SHA-1: 7092c099c42701a17292c0fbcc4573a5f302975c
Cymmetria_Unveiling-Patchwork(Jul-7-16).pdf
Reported SHA-1: 955ddb4453827e2c1664f2924e75b21fb0c0496d
Calculated SHA-1: 557a6c573ea2b6f89d7ebe3d4947ec2672ae757e
ESET_targeting-Central-and-EasternEurope(07-01-2016).pdf
Reported SHA-1: 8d9af4bb8b4bafcb9e58ab21e1419abd2eed46b2
Calculated SHA-1: 1cb7178f8cbb5733e30d9301e4be3e1efcb9d2dd
JPCERT_AsruexShortcutFiles(06-30-2016).pdf
Reported SHA-1: 0ddd9b23aaa773615e7d6392969d40b332e0c85f
Calculated SHA-1: 7b312a852aaa0156d09d61dd0bc0212ff3d30420
Proofpoint_NetTraveler-TargetsRussianEuropean(07-07-2016).pdf
Reported SHA-1: d647ecd9a694447bc8ee9096f425ba29d93f7fb7
Calculated SHA-1: d95b55d084c7bf68d7a6dcc3275a56a01753f135
Kaspersky_DroppingElephant(07-08-2016).pdf
Reported SHA-1: e0606a9e6a785d942b50d281d87550dc03d3666e
Calculated SHA-1: 354393d7471b6895e55373b3f96991267bd694c6
I deleted all of the files and ran the code again. This time I got different /incorrect SHA-1 hashes.
PaloAlto_PrinceofPersiaGameOver(06-28-2016).pdf
Reported SHA-1: 3f92bfbfdb0fee7eda8613fc3a6ff515ffceb972
Calculated SHA-1: b4518eb101c228e815ed6707eaa3988d3c9f731d
Bitdefender_Pacifier-APT(7-1-2016).pdf
Reported SHA-1: 6289dff2cbd2750c76517007989483922179fa40
Calculated SHA-1: 83e791a84ea77977e466514996fd3268c5ed8ba6
Cymmetria_Unveiling-Patchwork(Jul-7-16).pdf
Reported SHA-1: 955ddb4453827e2c1664f2924e75b21fb0c0496d
Calculated SHA-1: 378aed8b08e92e45d111fd51173cb6ac50edc2a2
ESET_targeting-Central-and-EasternEurope(07-01-2016).pdf
Reported SHA-1: 8d9af4bb8b4bafcb9e58ab21e1419abd2eed46b2
Calculated SHA-1: a0aff4e9e78fe99a358d520a4091328c8271d353
JPCERT_AsruexShortcutFiles(06-30-2016).pdf
Reported SHA-1: 0ddd9b23aaa773615e7d6392969d40b332e0c85f
Calculated SHA-1: 9b9fbcd9da3874154fa406f82d19c76272d153d4
Proofpoint_NetTraveler-TargetsRussianEuropean(07-07-2016).pdf
Reported SHA-1: d647ecd9a694447bc8ee9096f425ba29d93f7fb7
Calculated SHA-1: 6b4fbf8d178569a1c6afdd0c4812ce051374ffac
Kaspersky_DroppingElephant(07-08-2016).pdf
Reported SHA-1: e0606a9e6a785d942b50d281d87550dc03d3666e
Calculated SHA-1: 6e323df8f1cf1fe33edfffe91f5ac88b6693091b
Is box watermarking the downloads to make them each unique? Are there instructions on how to download these files "correctly" so hashes match? If the hashes are never going to match, you might not want to include them at all in the data files.
Release date: (7/1/2016)
Vendor: Bitdefender
Link:
Group: Pacifier
Other:
Please fill out the information below
Release date: (06/14/2016)
Vendor: CrowdStrike
Link: https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/
PDF:
Group: Cozy Bear & Fancy Bear
Other:
Release date: (05/23/2016)
Vendor: FireEye
Link: https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html
PDF: https://www.readability.com/articles/mtchcryk
Group:
Other: TARGETED ATTACKS AGAINST BANKS IN THE MIDDLE EAST
Release date: (09/26/2016)
Vendor: PAN (Unit 42)
Link: http://researchcenter.paloaltonetworks.com/2016/09/unit42-sofacys-komplex-os-x-trojan/
PDF:
Group: Sofacy (APT28)
Other:
Please fill out the information below
Release date: 05/17/2016
Vendor: Fox It Security
Link: https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp-white.pdf
PDF: fox-it_mofang_threatreport_tlp-white.pdf
Group: Mofang
Other:
Please fill out the information below
Release date: (04/22/2016)
Vendor: Cylance
Link: https://blog.cylance.com/the-ghost-dragon
PDF: Attached
Group: N/A
Other: Gh0st RAT
Release date: (05/24/2016)
Vendor: Palo Alto
PDF:
Group: Wekby
Other:
Please fill out the information below
Release date: (06/21/2016)
Vendor: ESET
Link:
Group: APT28
Other:
Please fill out the information below
Release date: (09/06/2016)
Vendor: Symantec
Link: http://www.symantec.com/connect/blogs/buckeye-cyberespionage-group-shifts-gaze-us-hong-kong
PDF: Attached
Group: APT3
Other: Pirpi
Buckeye cyberespionage group shifts gaze from US to Hong Kong - Symantec.pdf
Release date: (09/18/2016)
Vendor: Cyberkov Security
Link: https://cyberkov.com/hunting-libyan-scorpions/
PDF: https://cyberkov.com/wp-content/uploads/2016/09/Hunting-Libyan-Scorpions-EN.pdf
Group: Libyan Scorpions
Other:
https://cyberkov.com/wp-content/uploads/2016/09/Libyan-Scorpions-IoCs.xlsx
Please fill out the information below
Release date: (06/16/2016)
Vendor: Dell SecureWorks
Link: https://www.secureworks.com/research/threat-group-4127-targets-hillary-clinton-presidential-campaign
PDF:
Group: APT28
Other:
Release date: (05/02/2016)
Vendor: Palo Alto
PDF:
Group:
Other:
{'Date': 'X',
'Filename': 'fireeye-china-chopper-report',
'Link': 'https://app.box.com/s/yvk5tr8poletupw82biic0ucpvynvoyj',
'SHA-1': '8a3a657ac02569c1324ade4cca562ae8c5781f94',
'Source': 'FireEye',
'Title': 'The Little Malware That Could: Detecting And Defeating The China Chopper Web Shell',
'Year': '2013'}
{'Date': 'X',
'Filename': '2q-report-on-targeted-attack-campaigns',
'Link': 'https://app.box.com/s/bwgb7uhh6p4bdkyvlw94dpq19tq0fvbv',
'SHA-1': 'f69e4d23674d06ee459d2abbecc5f3f4cbd58047',
'Source': 'Trend Micro',
'Title': '2Q Report On Targeted Attack Campaigns',
'Year': '2013'}
{'Date': 'X',
'Filename': 'energy-at-risk',
'Link': 'https://app.box.com/s/z7lwte5v91lz2rkfywd9s1grnqeuy1fk',
'SHA-1': 'f03931c7214e71f4bfcc6a5008acb3f4bb1cb0e3',
'Source': 'KPMG',
'Title': 'Energy At Risk: A Study Of It Security In The Energy And Natural Resources Industry',
'Year': '2013'}
{'Date': 'X',
'Filename': 'AdversaryIntelligenceReport_DeepPanda_0 (1)',
'Link': 'https://app.box.com/s/6po2pgedkjf4br5p7tm51go7p5g3z6g3',
'SHA-1': '1d53861aafea11d9a60e798b90d623c8e7c7b9e7',
'Source': 'Crowdstrike',
'Title': 'Deep Panda',
'Year': '2014'}
Release date: (05/29/2016)
Vendor: Citizen Lab
Link: https://citizenlab.org/2016/05/stealth-falcon/
PDF: N/A
Group: Stealth Falcon
Other:
Please fill out the information below
Release date: (06/30/2016)
Vendor: JPCert
Link: http://blog.jpcert.or.jp/2016/06/asruex-malware-infecting-through-shortcut-files.html
PDF:
Group: DarkHotel
Other:
Release date: (05/23/2016)
Vendor: Palo Alto (Unit 42)
PDF: N/A
Group:
Other: Operation Ke3chang
The note was published in 2013, but is listed twice in both the CSV and JSON files.
NYTimes_Attackers_Evolve_Quickly,Survival Of The Fittest: New York Times Attackers Evolve Quickly,FireEye,https://app.box.com/s/fkg2mxeqpb2ivx9neyz6bseopy1dfg5p,5f17e7b886d2388ffc134157dd1b66aa65372b59,08/12/2013,2013
NYTimes_Attackers_Evolve_Quickly,Survival Of The Fittest: New York Times Attackers Evolve Quickly,FireEye,https://app.box.com/s/fkg2mxeqpb2ivx9neyz6bseopy1dfg5p,5f17e7b886d2388ffc134157dd1b66aa65372b59,08/12/2014,2014
Release date: (06/14/2016)
Vendor: Palo Alto
PDF:
Group: APT28, Sofacy
Other:
httpss://app.box.com/s/a086wzo5lwibw0dl7ri0kt7d0b51u299 should be https://app.box.com/s/a086wzo5lwibw0dl7ri0kt7d0b51u299 (one s) in both the CSV and JSON files.
Would it be possible to provide static direct download links along with the current ones, so that it be possible to parse the csv/json on new pushes and auto grab pdfs as they are added to the list.
Release date: (08/30/2016)
Vendor: HP
PDF:
Group:
Other: “9002 RAT” -- a second building on the left
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.