From b89c9215942e712ec81a280dcca4650a5e14a43d Mon Sep 17 00:00:00 2001
From: blackorbird <14833213+blackorbird@users.noreply.github.com>
Date: Thu, 29 Aug 2024 16:49:03 +0800
Subject: [PATCH] Update readme.md

---
 summary/2024/readme.md | 143 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 143 insertions(+)

diff --git a/summary/2024/readme.md b/summary/2024/readme.md
index 1612788..81ea97f 100644
--- a/summary/2024/readme.md
+++ b/summary/2024/readme.md
@@ -1,3 +1,146 @@
+2024 MID OF YEAR
+
+[1]https://mp.weixin.qq.com/s/Mflg1NZVrHC6JuVm0rW6GQ
+[2]https://asec.ahnlab.com/ko/62771/
+[3]https://asec.ahnlab.com/ko/65495/
+[4]https://mp.weixin.qq.com/s/84lUaNSGo4lhQlpnCVUHfQ
+[5]https://www.chainalysis.com/blog/2024-crypto-money-laundering/
+[6]https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day/
+[7]https://decoded.avast.io/luiginocamastra/from-byovd-to-a-0-day-unveiling-advanced-exploits-in-cyber-recruiting-scams/
+[8]https://mp.weixin.qq.com/s/kKNkTAlUpLL2skXq3TcBfw
+[9]https://asec.ahnlab.com/ko/61666/
+[10]https://asec.ahnlab.com/ko/62117/
+[11]https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/springtail-kimsuky-backdoor-espionage
+[12]https://mp.weixin.qq.com/s/Pog2WXQ8uZTTZKybJFy1Ow
+[13]https://mp.weixin.qq.com/s/YhaEq6ogz3p5OQO_PyI-OQ
+[14]https://www.securonix.com/blog/securonix-threat-research-security-advisory-new-deepgosu-attack-campaign/
+[15]https://www.genians.co.kr/blog/threat_intelligence/dropbox
+[16]https://mp.weixin.qq.com/s/7vnxz8dYmWf7Z8Cmaa8sVg
+[17]https://www.kroll.com/en/insights/publications/cyber/screenconnect-vulnerability-exploited-to-deploy-babyshark
+[18]https://www.genians.co.kr/blog/threat_intelligence/webinar-apt
+[19]https://www.sentinelone.com/labs/a-glimpse-into-future-scarcruft-campaigns-attackers-gather-strategic-intelligence-and-target-cybersecurity-professionals/
+[20]https://mp.weixin.qq.com/s/yzd0aVq2wzi-v-eB73F6lQ
+[21]https://mp.weixin.qq.com/s/BOTyH6YTmVzhVInhTlzXww
+[22]https://mp.weixin.qq.com/s/JBX6AGPPGEPzo4SqcN9n9A
+[23]https://mp.weixin.qq.com/s/3GhWv3wsiAIZTClDBJxG-g
+[24]https://mp.weixin.qq.com/s/K-FUaffQx4g6d_hweXxCTg
+[25]https://www.nextron-systems.com/2024/03/22/unveiling-kamikakabot-malware-analysis/
+[26]https://www.group-ib.com/blog/dark-pink-apt/
+[27]https://mp.weixin.qq.com/s/eFxoX3cwpPee5z2_3G3wXw
+[28]https://mp.weixin.qq.com/s/_gBnAlghd3gbP-PQ5M-7yQ
+[29]https://mp.weixin.qq.com/s/wR7IgBmEuqqGQ9SCAV39Uw
+[30]https://www.welivesecurity.com/en/eset-research/vajraspy-patchwork-espionage-apps/
+[31]https://mp.weixin.qq.com/s/SAt5NU-hCbS0D6jI8gkkFQ
+[32]https://mp.weixin.qq.com/s/I_s5HrRWdbTW99B99udl1w
+[33]https://mp.weixin.qq.com/s/ENDm2bVzw89TlkljZYFdbw
+[34]https://www.sentinelone.com/labs/capratube-remix-transparent-tribes-android-spyware-targeting-gamers-weapons-enthusiasts/
+[35]https://mp.weixin.qq.com/s/NBFwjxnm2yIwPfMn87vbRQ
+[36]https://blogs.blackberry.com/en/2024/05/transparent-tribe-targets-indian-government-defense-and-aerospace-sectors
+[37]https://mp.weixin.qq.com/s/FT7xvyGdk-WaB9nfYWPMUg
+[38]https://www.seqrite.com/blog/pakistani-apts-escalate-attacks-on-indian-gov-seqrite-labs-unveils-threats-and-connections/
+[39]https://cyble.com/blog/the-overlapping-cyber-strategies-of-transparent-tribe-and-sidecopy-against-india/
+[40]https://mp.weixin.qq.com/s/Uf708Khax2rJaUhNo1Mz1Q
+[41]https://www.trendmicro.com/en_us/research/24/a/pawn-storm-uses-brute-force-and-stealth.html
+[42]https://www.microsoft.com/en-us/security/blog/2024/04/22/analyzing-forest-blizzards-custom-post-compromise-tool-for-exploiting-cve-2022-38028-to-obtain-credentials/
+[43]https://go.recordedfuture.com/hubfs/reports/CTA-RU-2024-0530.pdf
+[44]https://www.trendmicro.com/en_us/research/24/e/router-roulette.html
+[45]https://www.ic3.gov/Media/News/2024/240227.pdf
+[46]https://www.clearskysec.com/wp-content/uploads/2024/02/DoppelgangerNG_ClearSky.pdf
+[47]https://securityintelligence.com/x-force/itg05-leverages-malware-arsenal/
+[48]https://cert.pl/posts/2024/05/apt28-kampania/
+[49]https://labs.withsecure.com/publications/kapeka
+[50]https://www.sentinelone.com/labs/acidpour-new-embedded-wiper-variant-of-acidrain-appears-in-ukraine/
+[51]https://cert.gov.ua/article/6278706
+[52]https://cloud.google.com/blog/topics/threat-intelligence/apt44-unearthing-sandworm
+[53]https://blog.talosintelligence.com/tinyturla-ng-tooling-and-c2/
+[54]https://blog.talosintelligence.com/tinyturla-full-kill-chain/
+[55]https://www.welivesecurity.com/en/eset-research/moon-backdoors-lunar-landing-diplomatic-missions/
+[56]https://www.mandiant.com/resources/blog/apt29-wineloader-german-political-parties
+[57]https://blogs.blackberry.com/en/2024/04/fin7-targets-the-united-states-automotive-industry
+[58]https://www.esentire.com/blog/fin7-uses-trusted-brands-and-sponsored-google-ads-to-distribute-msix-payloads
+[59]https://www.microsoft.com/en-us/security/blog/2024/01/17/new-ttps-observed-in-mint-sandstorm-campaign-targeting-high-profile-individuals-at-universities-and-research-orgs/
+[60]https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
+[61]https://www.deepinstinct.com/blog/darkbeatc2-the-latest-muddywater-attack-framework
+[62]https://harfanglab.io/en/insidethelab/muddywater-rmm-campaign/
+[63]https://x.com/MsftSecIntel/status/1737895717870440609
+[64]https://www.nextron-systems.com/2024/01/29/analysis-of-falsefont-backdoor-used-by-peach-sandstorm-threat-actor/
+[65]https://unit42.paloaltonetworks.com/curious-serpens-falsefont-backdoor/#post-133071-_re5lfhtpycch
+[66]https://www.welivesecurity.com/en/eset-research/arid-viper-poisons-android-apps-with-aridspy/
+[67]https://www.esentire.com/blog/blind-eagles-north-american-journey
+[68]https://mp.weixin.qq.com/s/tPVw-fbu3pQvKTYMzxb4Bw
+[69]https://blog.talosintelligence.com/starry-addax/
+[70]https://blog.eclecticiq.com/operation-flightnight-indian-government-entities-and-energy-sector-targeted-by-cyber-espionage-campaign
+[71]https://www.huntandhackett.com/blog/turkish-espionage-campaigns
+[72]https://arcticwolf.com/resources/blog/follow-on-extortion-campaign-targeting-victims-of-akira-and-royal-ransomware/
+[73]https://www.securonix.com/blog/securonix-threat-research-security-advisory-new-returgence-attack-campaign-turkish-hackers-target-mssql-servers-to-deliver-domain-wide-mimic-ransomware/
+[74]https://blog.talosintelligence.com/decryptor-babuk-tortilla/
+[75]https://unit42.paloaltonetworks.com/medusa-ransomware-escalation-new-leak-site/
+[76]https://asec.ahnlab.com/en/60440/
+[77]https://mp.weixin.qq.com/s/Css8y2rPykyNPrLkJNq9ig
+[78]https://asec.ahnlab.com/ko/60744/
+[79]https://mp.weixin.qq.com/s/XV0x10YV-Wrs1ZI6tNHjLA
+[80]https://www.trendmicro.com/en_us/research/24/a/kasseika-ransomware-deploys-byovd-attacks-abuses-psexec-and-expl.html
+[81]https://www.fortinet.com/blog/threat-research/phobos-ransomware-variant-launches-attack-faust
+[82]https://www.fortinet.com/blog/threat-research/ransomware-roundup-albabat
+[83]https://blog.morphisec.com/akira-ransomware-prevention-and-analysis
+[84]https://www.fortinet.com/blog/threat-research/ransomware-roundup-abyss-locker
+[85]https://www.trendmicro.com/en_us/research/24/b/threat-actor-groups-including-black-basta-are-exploiting-recent-.html
+[86]https://www.trendmicro.com/en_us/research/24/c/multistage-ra-world-ransomware.html
+[87]https://blog.talosintelligence.com/ghostsec-ghostlocker2-ransomware/
+[88]https://www.facct.ru/blog/shadow-ransomware/
+[89]https://medium.com/@Intel_Ops/phobos-ransomware-analysing-associated-infrastructure-used-by-8base-646560302a8d
+[90]https://mp.weixin.qq.com/s/8dIxwYN3v4U7y9IECPxa7g
+[91]https://mp.weixin.qq.com/s/fxYSDH9NrcRkE_QFgHVIiw
+[92]https://blog.sonicwall.com/en-us/2024/03/new-multi-stage-stopcrypt-ransomware/
+[93]https://www.trendmicro.com/en_us/research/24/c/teamcity-vulnerability-exploits-lead-to-jasmin-ransomware.html
+[94]https://cert.360.cn/report/detail?id=65fceeb4c09f255b91b17f11
+[95]https://www.trendmicro.com/en_us/research/24/c/agenda-ransomware-propagates-to-vcenters-and-esxi-via-custom-pow.html
+[96]https://mp.weixin.qq.com/s/_KuFPPs6XFOICNpRjzn5AA
+[97]https://www.stormshield.com/news/technical-analysis-of-ransomware-crypt888
+[98]https://www.netskope.com/blog/netskope-threat-coverage-evil-ant-ransomware
+[99]https://asec.ahnlab.com/ko/64345/
+[100]https://mp.weixin.qq.com/s/ewo2Lp5arhun3dM94Pcsrw
+[101]https://thedfirreport.com/2024/04/29/from-icedid-to-dagon-locker-ransomware-in-29-days/
+[102]https://cert.360.cn/report/detail?id=663c203cc09f255b91b17fd9
+[103]https://cyble.com/blog/in-the-shadow-of-venus-trinity-ransomwares-covert-ties/
+[104]https://blog.sekoia.io/mallox-ransomware-affiliate-leverages-purecrypter-in-microsoft-sql-exploitation-campaigns/
+[105]https://www.proofpoint.com/us/blog/threat-insight/security-brief-millions-messages-distribute-lockbit-black-ransomware
+[106]https://www.microsoft.com/en-us/security/blog/2024/05/15/threat-actors-misusing-quick-assist-in-social-engineering-attacks-leading-to-ransomware/
+[107]https://www.sentinelone.com/blog/ikaruz-red-team-hacktivist-group-leverages-ransomware-for-attention-not-profit/
+[108]https://securelist.com/ransomware-abuses-bitlocker/112643/
+[109]https://cyble.com/blog/ransomware-menace-amplifies-for-vulnerable-industrial-control-systems-heightened-threats-to-critical-infrastructure/
+[110]https://arcticwolf.com/resources/blog/lost-in-the-fog-a-new-ransomware-threat/
+[111]https://symantec-enterprise-blogs.security.com/threat-intelligence/ransomhub-knight-ransomware
+[112]https://www.trendmicro.com/en_us/research/24/f/targetcompany-s-linux-variant-targets-esxi-environments.html
+[113]https://www.fortinet.com/blog/threat-research/ransomware-roundup-shinra-and-limpopo-ransomware
+[114]https://www.cadosecurity.com/blog/from-dormant-to-dangerous-p2pinfect-evolves-to-deploy-new-ransomware-and-cryptominer
+[115]https://mp.weixin.qq.com/s/xXUBLE43ZZorfVd62FWm4g
+[116]https://mp.weixin.qq.com/s/-vvj2RHNNkCxruLlMpfyrA
+[117]https://mp.weixin.qq.com/s/vvvCl1yv3JF6FPXRXT5F3A
+[118]https://www.secrss.com/articles/52018
+[119]https://www.antiy.cn/research/notice&report/research_report/TrojanControl_Analysis.html
+[120]https://mp.weixin.qq.com/s/hQhAVWEykfd2bP2vTRdwsw
+[121]https://mp.weixin.qq.com/s/UZ557zX-pr428e6d4jO5jw
+[122]https://mp.weixin.qq.com/s/rHGwLo6XBGHKSObSCD3u1Q
+[123]https://cert.360.cn/report/detail?id=6603e9fec09f255b91b17f3f
+[124]https://mp.weixin.qq.com/s/ui_BU1OhIP0--FXT-b6uLg
+[125]https://www.antiy.cn/research/notice&report/research_report/SwimSnake_Analysis_202404.html
+[126]https://mp.weixin.qq.com/s/XK_UE0uLS26SB_clMqFO4w
+[127]https://mp.weixin.qq.com/s/Qe_5k8US7nyZHEHLshmlBg
+[128]https://mp.weixin.qq.com/s/TbiOIATW-Qn2uWImGoEagw
+[129]https://mp.weixin.qq.com/s/tNofW88EQAIZXjkCrjp8kw
+[130]https://mp.weixin.qq.com/s/dIuE6sXutFQ5GS5l6yMqwA
+[131]https://www.antiy.cn/research/notice&report/research_report/SwimSnake_Analysis_202406.html
+[132]https://blog.xlab.qianxin.com/unveiling-the-mystery-of-bigpanzi/
+[133]https://ti.qianxin.com/blog/articles/Analysis-of-Recent-OneinStack-Supply-Chain-Poisoning-Event-CN/
+[134]https://mp.weixin.qq.com/s/R0kn5STsiwIUhIqVRwnNxw
+[135]https://www.antiy.cn/research/notice&report/research_report/DarkMozzie.html
+[136]https://mp.weixin.qq.com/s/7h5rMLnv16uh27RoVrDmCw
+[137]https://mp.weixin.qq.com/s/MEQp4I1Ilrxf91etb0yZyQ
+[138]https://mp.weixin.qq.com/s/OheNN_iR_ATCkOkyK8FLAg
+[139]https://mp.weixin.qq.com/s/yF48xZcWb4S5aMfMchrxwg
+
+
 Happy New Year!
 
 2023 YEAR IN REVIEW