/APT_REPORTS

This repository contains a collection of reports and documents related to various Advanced Persistent Threat (APT) groups, with a specific focus on Iranian APT activities. These reports provide detailed analysis, incident reports, and findings on the tactics, techniques, and procedures (TTPs) employed by these threat actors.

APT Report Collection

This repository contains a collection of reports and documents related to various Advanced Persistent Threat (APT) groups, with a specific focus on Iranian APT activities. These reports provide detailed analysis, incident reports, and findings on the tactics, techniques, and procedures (TTPs) employed by these threat actors.

Contents

  1. Cobalt Mirage Ransomware Group Steps Up Its Game in 2022 - ATTACK Simulator.pdf

    • Overview: This report details the activities of the Cobalt Mirage ransomware group, highlighting their tactics and significant campaigns throughout 2022.
    • Key Points:
      • Ransomware operations evolution.
      • New attack vectors.
      • Mitigation strategies.

  2. Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021 - Microsoft Security Blog.pdf

    • Overview: A presentation by Microsoft's Security and Threat Intelligence Center (MSTIC) at CyberWarCon 2021, discussing the evolving trends in Iranian threat actor activities.
    • Key Points:
      • Evolution of threat actors.
      • Significant case studies.
      • Defensive measures and best practices.

  3. Exchange Exploit Leads to Domain Wide Ransomware.pdf

    • Overview: This report covers the exploitation of vulnerabilities in Microsoft Exchange, leading to widespread ransomware infections.
    • Key Points:
      • Details on the Exchange vulnerabilities.
      • Methods of ransomware deployment.
      • Incident response strategies.

  4. Iranian APT Group Phosphorus Targets Medical Researchers _ Decipher.pdf

    • Overview: An analysis of the Iranian APT group Phosphorus, specifically their targeting of medical researchers.
    • Key Points:
      • Espionage activities.
      • Targeted industries and sectors.
      • Recommended protective actions.

  5. Iranian Hackers Leveraging BitLocker and DiskCryptor in Ransomware Attacks.pdf

    • Overview: A report on how Iranian hackers are using BitLocker and DiskCryptor to carry out ransomware attacks.
    • Key Points:
      • Techniques involving BitLocker and DiskCryptor.
      • Attack patterns.
      • Security recommendations.

  6. Log4j2 In The Wild _ Iranian-Aligned Threat Actor TunnelVision Actively Exploiting VMware Horizon - SentinelOne.pdf

    • Overview: SentinelOne's report on the exploitation of Log4j2 vulnerabilities by the Iranian-aligned threat actor known as TunnelVision.
    • Key Points:
      • Log4j2 exploitation methods.
      • Impact on VMware Horizon.
      • Defensive recommendations.

  7. PowerLess Trojan_ Iranian APT Phosphorus Adds New PowerShell Backdoor for Espionage.pdf

    • Overview: Analysis of the PowerLess Trojan, a new PowerShell backdoor used by the Iranian APT group Phosphorus for espionage.
    • Key Points:
      • Malware capabilities.
      • Espionage techniques.
      • Threat actor profiling.

  8. AA21-321A-Iranian Government-Sponsored APT Actors Exploiting Vulnerabilities_1.pdf

    • Overview: A government advisory on the exploitation of known vulnerabilities by Iranian government-sponsored APT actors.
    • Key Points:
      • Specific vulnerabilities targeted.
      • Government-issued advisories.
      • Mitigation strategies.

  9. APT35 Automates Initial Access Using ProxyShell.pdf

    • Overview: Details on how APT35 automates initial access using ProxyShell vulnerabilities.
    • Key Points:
      • Automation techniques.
      • ProxyShell exploitation.
      • Initial access methods.

  10. APT35 exploits Log4j vulnerability to distribute new modular PowerShell toolkit - Check Point Research.pdf

    • Overview: Check Point Research report on APT35's exploitation of Log4j vulnerabilities to distribute a new modular PowerShell toolkit.
    • Key Points:
      • Log4j exploitation.
      • PowerShell toolkit features.
      • Threat analysis.

  11. COBALT MIRAGE conducts ransomware operations in U.S. _ Secureworks.pdf

    • Overview: Secureworks' report on COBALT MIRAGE's ransomware operations in the United States.
    • Key Points:
      • Ransomware campaign details.
      • Targeted U.S. entities.
      • Mitigation strategies.

ToDo

  • Add more recent reports and findings.
  • Summarize key findings in a more detailed executive summary.
  • Implement a categorization system for easier navigation.
  • Enhance visual presentation with charts and graphs.
  • Include a section for recommended tools and resources.

Contribution

We welcome contributions from the community to expand and improve this repository. To contribute:

  1. Fork the repository.
  2. Create a new branch (git checkout -b feature/your-feature).
  3. Commit your changes (git commit -am 'Add new feature').
  4. Push to the branch (git push origin feature/your-feature).
  5. Create a new Pull Request.

Please ensure your contributions adhere to the project's coding standards and are well-documented.

Usage

These reports are intended for cybersecurity professionals, researchers, and anyone interested in understanding the activities of APT groups, particularly those affiliated with Iran. Each document provides insights and detailed analysis to help in identifying and mitigating threats.

Contact

For further information or collaboration opportunities, please contact 4stalkers@protonmail.com.

Donation:

[Binance_ID:271854090]

Buy Me a Coffee: Buy Me a Coffee

Ba9chich : ba9chich.com/UL-Tunisia

[Pray for peace to 🇵🇸]

PS Image