This repository contains tools used by 401trg.
Our public PGP Key can be found here.
| Published | Post | Utilities |
|---|---|---|
| May 03, 2018 | Burning Umbrella: An Intelligence Report on the Winnti Umbrella and Associated State-Sponsored Attackers | |
| Apr 02, 2018 | Building a Data Lake for Threat Research | |
| Feb 22, 2018 | Analysis of Active Satori Botnet Infections | |
| Dec 20, 2017 | An Introduction to SMB for Network Security Analysts | |
| Nov 28, 2017 | Triaging Large Packet Captures - Methods for Extracting & Analyzing Domains | popularDomains.py |
| Nov 14, 2017 | Using Emerging Threats Suricata Ruleset to Scan PCAP | suricata_et_rule_update.py |
| Nov 01, 2017 | Exposing a Phishing Kit | |
| Oct 26, 2017 | Large Scale IRCbot Infection Attempts | |
| Oct 16, 2017 | An Update on Winnti | |
| Oct 10, 2017 | Turla Watering Hole Campaigns 2016/2017 | |
| Oct 02, 2017 | Identifying and Triaging DNS Traffic on Your Network | |
| Sept 28, 2017 | Triaging Large Packet Captures - 4 Key TShark Commands to Start Your Investigation | |
| Jul 11, 2017 | Winnti (LEAD/APT17) Evolution - Going Open Source |
All data is provided under Apache License, Version 2.0 which can be found here.