/APT_REPORT

Interesting apt report collection and some special ioc express

Primary LanguagePython

APT_REPORT collected by @blackorbird https://twitter.com/blackorbird

Interesting apt report collection

Group123

▶ group123 APT organization, 'Operation High Expert' https://blog.alyac.co.kr/2226 (April 2 , 2019)

▶ Rocketman APT Campaign Returned to Operation Holiday Wiper https://blog.alyac.co.kr/2089 (Jan 23, 2019)

▶ 'Operation Blackbird', the mobile invasion of the ' https://blog.alyac.co.kr/2035 (Dec 13, 2018)

▶ group123 'Operation Korean Sword' is underway https://blog.alyac.co.kr/1985 (Nov. 16, 2018)

▶ group123 Group's latest APT campaign - 'Operation Rocket Man' https://blog.alyac.co.kr/1853 (Aug. 22, 2018)

▶ group123, Flash Player Zero-Day (CVE-2018-4878) Attack Attention https://blog.alyac.co.kr/1521 (Feb 02, 2018)

▶ 'group123' group 'survey on the total number of discovery of separated families in North and South' https://blog.alyac.co.kr/1767 (July 28, 2014)

▶ Rocketman APT campaign, 'Operation Golden Bird' https://blog.alyac.co.kr/2205 (March 20, 2013)

▶ Korea In The Crosshairs https://blog.talosintelligence.com/2018/01/korea-in-crosshairs.html (Jan 16, 2018)

▶FreeMilk: A Highly Targeted Spear Phishing Campaign https://unit42.paloaltonetworks.com/unit42-freemilk-highly-targeted-spear-phishing-campaign/ (Oct 5, 2017)

baby related kimsuky

▶Operation Giant Baby, a giant threat (March 28, 2019) https://blog.alyac.co.kr/2223

▶ Malicious code installed with coin purse program(Alibaba) (March 15, 2019) https://asec.ahnlab.com/1209

▶ New BabyShark Malware Targets U.S. National Security Think Tanks (Feb. 22, 2019) https://unit42.paloaltonetworks.com/new-babyshark-malware-targets-u-s-national-security-think-tanks/

▶ Korea's latest APT attack, Operation Mystery Baby Attention! (Feb 11, 2018) https://blog.alyac.co.kr/1963

▶ Returned to Korea as Operation Baby Coin, APT attacker, overseas target in 2010 (Apr. 19, 2014) https://blog.alyac.co.kr/1640

kimsuky

▶ Analysis of "Smoke Screen" in APT campaign aimed at Korea and America (April 17 , 2019) https://blog.alyac.co.kr/2243

▶ Kimsuky Organization, Operation Stealth Power Silence Operation (April 3 , 2019) https://blog.alyac.co.kr/2234

▶ Kimsuky Organization, Watering Hole Started "Operation Low Kick"(March 21, 2019) https://blog.alyac.co.kr/2209

Oceanlotus

▶ OceanLotus Steganography Malware Analysis White Paper (April 2 , 2019) https://threatvector.cylance.com/en_us/home/report-oceanlotus-apt-group-leveraging-steganography.html

▶OceanLotus: macOS malware update(April 9 , 2019) https://www.welivesecurity.com/2019/04/09/oceanlotus-macos-malware-update/

APT28

▶ CB TAU Threat Intelligence Notification: Hunting APT28 Downloaders (April 5 , 2019) https://www.carbonblack.com/2019/04/05/cb-threat-intelligence-notification-hunting-apt28-downloaders/

Fin6

▶ Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware(April 5 , 2019) https://www.fireeye.com/blog/threat-research/2019/04/pick-six-intercepting-a-fin6-intrusion.html

tick

▶ tick group new campaign, attack north korean and japan https://www.ahnlab.com/kr/site/securityinfo/secunews/secuNewsView.do?curPage=1&menu_dist=2&seq=28186 (April 1 , 2019)

Winnti

▶ bayer-says-has-detected-contained-cyber-attack (April 5 , 2019)

https://www.reuters.com/article/us-bayer-cyber/bayer-says-has-detected-contained-cyber-attack-idUSKCN1RG0NN

https://www.tagesschau.de/inland/hackerangriff-bayer-101.html

londonblue (Nigeria)

▶ Evolving Tactics: London Blue Starts Spoofing Target Domains (April 4 , 2019) PDF is in the folder https://www.agari.com/email-security-blog/london-blue-evolving-tactics/