admin/APT_REPORT
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update readme.md

Browse Source
This commit is contained in:
blackorbird
2024-08-29 16:49:03 +08:00
committed by GitHub
parent 342c3312da
commit b89c921594
1 changed files with 143 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

143
summary/2024/readme.md
View File

@@ -1,3 +1,146 @@
2024 MID OF YEAR
[1]https://mp.weixin.qq.com/s/Mflg1NZVrHC6JuVm0rW6GQ
[2]https://asec.ahnlab.com/ko/62771/
[3]https://asec.ahnlab.com/ko/65495/
[4]https://mp.weixin.qq.com/s/84lUaNSGo4lhQlpnCVUHfQ
[5]https://www.chainalysis.com/blog/2024-crypto-money-laundering/
[6]https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day/
[7]https://decoded.avast.io/luiginocamastra/from-byovd-to-a-0-day-unveiling-advanced-exploits-in-cyber-recruiting-scams/
[8]https://mp.weixin.qq.com/s/kKNkTAlUpLL2skXq3TcBfw
[9]https://asec.ahnlab.com/ko/61666/
[10]https://asec.ahnlab.com/ko/62117/
[11]https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/springtail-kimsuky-backdoor-espionage
[12]https://mp.weixin.qq.com/s/Pog2WXQ8uZTTZKybJFy1Ow
[13]https://mp.weixin.qq.com/s/YhaEq6ogz3p5OQO_PyI-OQ
[14]https://www.securonix.com/blog/securonix-threat-research-security-advisory-new-deepgosu-attack-campaign/
[15]https://www.genians.co.kr/blog/threat_intelligence/dropbox
[16]https://mp.weixin.qq.com/s/7vnxz8dYmWf7Z8Cmaa8sVg
[17]https://www.kroll.com/en/insights/publications/cyber/screenconnect-vulnerability-exploited-to-deploy-babyshark
[18]https://www.genians.co.kr/blog/threat_intelligence/webinar-apt
[19]https://www.sentinelone.com/labs/a-glimpse-into-future-scarcruft-campaigns-attackers-gather-strategic-intelligence-and-target-cybersecurity-professionals/
[20]https://mp.weixin.qq.com/s/yzd0aVq2wzi-v-eB73F6lQ
[21]https://mp.weixin.qq.com/s/BOTyH6YTmVzhVInhTlzXww
[22]https://mp.weixin.qq.com/s/JBX6AGPPGEPzo4SqcN9n9A
[23]https://mp.weixin.qq.com/s/3GhWv3wsiAIZTClDBJxG-g
[24]https://mp.weixin.qq.com/s/K-FUaffQx4g6d_hweXxCTg
[25]https://www.nextron-systems.com/2024/03/22/unveiling-kamikakabot-malware-analysis/
[26]https://www.group-ib.com/blog/dark-pink-apt/
[27]https://mp.weixin.qq.com/s/eFxoX3cwpPee5z2_3G3wXw
[28]https://mp.weixin.qq.com/s/_gBnAlghd3gbP-PQ5M-7yQ
[29]https://mp.weixin.qq.com/s/wR7IgBmEuqqGQ9SCAV39Uw
[30]https://www.welivesecurity.com/en/eset-research/vajraspy-patchwork-espionage-apps/
[31]https://mp.weixin.qq.com/s/SAt5NU-hCbS0D6jI8gkkFQ
[32]https://mp.weixin.qq.com/s/I_s5HrRWdbTW99B99udl1w
[33]https://mp.weixin.qq.com/s/ENDm2bVzw89TlkljZYFdbw
[34]https://www.sentinelone.com/labs/capratube-remix-transparent-tribes-android-spyware-targeting-gamers-weapons-enthusiasts/
[35]https://mp.weixin.qq.com/s/NBFwjxnm2yIwPfMn87vbRQ
[36]https://blogs.blackberry.com/en/2024/05/transparent-tribe-targets-indian-government-defense-and-aerospace-sectors
[37]https://mp.weixin.qq.com/s/FT7xvyGdk-WaB9nfYWPMUg
[38]https://www.seqrite.com/blog/pakistani-apts-escalate-attacks-on-indian-gov-seqrite-labs-unveils-threats-and-connections/
[39]https://cyble.com/blog/the-overlapping-cyber-strategies-of-transparent-tribe-and-sidecopy-against-india/
[40]https://mp.weixin.qq.com/s/Uf708Khax2rJaUhNo1Mz1Q
[41]https://www.trendmicro.com/en_us/research/24/a/pawn-storm-uses-brute-force-and-stealth.html
[42]https://www.microsoft.com/en-us/security/blog/2024/04/22/analyzing-forest-blizzards-custom-post-compromise-tool-for-exploiting-cve-2022-38028-to-obtain-credentials/
[43]https://go.recordedfuture.com/hubfs/reports/CTA-RU-2024-0530.pdf
[44]https://www.trendmicro.com/en_us/research/24/e/router-roulette.html
[45]https://www.ic3.gov/Media/News/2024/240227.pdf
[46]https://www.clearskysec.com/wp-content/uploads/2024/02/DoppelgangerNG_ClearSky.pdf
[47]https://securityintelligence.com/x-force/itg05-leverages-malware-arsenal/
[48]https://cert.pl/posts/2024/05/apt28-kampania/
[49]https://labs.withsecure.com/publications/kapeka
[50]https://www.sentinelone.com/labs/acidpour-new-embedded-wiper-variant-of-acidrain-appears-in-ukraine/
[51]https://cert.gov.ua/article/6278706
[52]https://cloud.google.com/blog/topics/threat-intelligence/apt44-unearthing-sandworm
[53]https://blog.talosintelligence.com/tinyturla-ng-tooling-and-c2/
[54]https://blog.talosintelligence.com/tinyturla-full-kill-chain/
[55]https://www.welivesecurity.com/en/eset-research/moon-backdoors-lunar-landing-diplomatic-missions/
[56]https://www.mandiant.com/resources/blog/apt29-wineloader-german-political-parties
[57]https://blogs.blackberry.com/en/2024/04/fin7-targets-the-united-states-automotive-industry
[58]https://www.esentire.com/blog/fin7-uses-trusted-brands-and-sponsored-google-ads-to-distribute-msix-payloads
[59]https://www.microsoft.com/en-us/security/blog/2024/01/17/new-ttps-observed-in-mint-sandstorm-campaign-targeting-high-profile-individuals-at-universities-and-research-orgs/
[60]https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel
[61]https://www.deepinstinct.com/blog/darkbeatc2-the-latest-muddywater-attack-framework
[62]https://harfanglab.io/en/insidethelab/muddywater-rmm-campaign/
[63]https://x.com/MsftSecIntel/status/1737895717870440609
[64]https://www.nextron-systems.com/2024/01/29/analysis-of-falsefont-backdoor-used-by-peach-sandstorm-threat-actor/
[65]https://unit42.paloaltonetworks.com/curious-serpens-falsefont-backdoor/#post-133071-_re5lfhtpycch
[66]https://www.welivesecurity.com/en/eset-research/arid-viper-poisons-android-apps-with-aridspy/
[67]https://www.esentire.com/blog/blind-eagles-north-american-journey
[68]https://mp.weixin.qq.com/s/tPVw-fbu3pQvKTYMzxb4Bw
[69]https://blog.talosintelligence.com/starry-addax/
[70]https://blog.eclecticiq.com/operation-flightnight-indian-government-entities-and-energy-sector-targeted-by-cyber-espionage-campaign
[71]https://www.huntandhackett.com/blog/turkish-espionage-campaigns
[72]https://arcticwolf.com/resources/blog/follow-on-extortion-campaign-targeting-victims-of-akira-and-royal-ransomware/
[73]https://www.securonix.com/blog/securonix-threat-research-security-advisory-new-returgence-attack-campaign-turkish-hackers-target-mssql-servers-to-deliver-domain-wide-mimic-ransomware/
[74]https://blog.talosintelligence.com/decryptor-babuk-tortilla/
[75]https://unit42.paloaltonetworks.com/medusa-ransomware-escalation-new-leak-site/
[76]https://asec.ahnlab.com/en/60440/
[77]https://mp.weixin.qq.com/s/Css8y2rPykyNPrLkJNq9ig
[78]https://asec.ahnlab.com/ko/60744/
[79]https://mp.weixin.qq.com/s/XV0x10YV-Wrs1ZI6tNHjLA
[80]https://www.trendmicro.com/en_us/research/24/a/kasseika-ransomware-deploys-byovd-attacks-abuses-psexec-and-expl.html
[81]https://www.fortinet.com/blog/threat-research/phobos-ransomware-variant-launches-attack-faust
[82]https://www.fortinet.com/blog/threat-research/ransomware-roundup-albabat
[83]https://blog.morphisec.com/akira-ransomware-prevention-and-analysis
[84]https://www.fortinet.com/blog/threat-research/ransomware-roundup-abyss-locker
[85]https://www.trendmicro.com/en_us/research/24/b/threat-actor-groups-including-black-basta-are-exploiting-recent-.html
[86]https://www.trendmicro.com/en_us/research/24/c/multistage-ra-world-ransomware.html
[87]https://blog.talosintelligence.com/ghostsec-ghostlocker2-ransomware/
[88]https://www.facct.ru/blog/shadow-ransomware/
[89]https://medium.com/@Intel_Ops/phobos-ransomware-analysing-associated-infrastructure-used-by-8base-646560302a8d
[90]https://mp.weixin.qq.com/s/8dIxwYN3v4U7y9IECPxa7g
[91]https://mp.weixin.qq.com/s/fxYSDH9NrcRkE_QFgHVIiw
[92]https://blog.sonicwall.com/en-us/2024/03/new-multi-stage-stopcrypt-ransomware/
[93]https://www.trendmicro.com/en_us/research/24/c/teamcity-vulnerability-exploits-lead-to-jasmin-ransomware.html
[94]https://cert.360.cn/report/detail?id=65fceeb4c09f255b91b17f11
[95]https://www.trendmicro.com/en_us/research/24/c/agenda-ransomware-propagates-to-vcenters-and-esxi-via-custom-pow.html
[96]https://mp.weixin.qq.com/s/_KuFPPs6XFOICNpRjzn5AA
[97]https://www.stormshield.com/news/technical-analysis-of-ransomware-crypt888
[98]https://www.netskope.com/blog/netskope-threat-coverage-evil-ant-ransomware
[99]https://asec.ahnlab.com/ko/64345/
[100]https://mp.weixin.qq.com/s/ewo2Lp5arhun3dM94Pcsrw
[101]https://thedfirreport.com/2024/04/29/from-icedid-to-dagon-locker-ransomware-in-29-days/
[102]https://cert.360.cn/report/detail?id=663c203cc09f255b91b17fd9
[103]https://cyble.com/blog/in-the-shadow-of-venus-trinity-ransomwares-covert-ties/
[104]https://blog.sekoia.io/mallox-ransomware-affiliate-leverages-purecrypter-in-microsoft-sql-exploitation-campaigns/
[105]https://www.proofpoint.com/us/blog/threat-insight/security-brief-millions-messages-distribute-lockbit-black-ransomware
[106]https://www.microsoft.com/en-us/security/blog/2024/05/15/threat-actors-misusing-quick-assist-in-social-engineering-attacks-leading-to-ransomware/
[107]https://www.sentinelone.com/blog/ikaruz-red-team-hacktivist-group-leverages-ransomware-for-attention-not-profit/
[108]https://securelist.com/ransomware-abuses-bitlocker/112643/
[109]https://cyble.com/blog/ransomware-menace-amplifies-for-vulnerable-industrial-control-systems-heightened-threats-to-critical-infrastructure/
[110]https://arcticwolf.com/resources/blog/lost-in-the-fog-a-new-ransomware-threat/
[111]https://symantec-enterprise-blogs.security.com/threat-intelligence/ransomhub-knight-ransomware
[112]https://www.trendmicro.com/en_us/research/24/f/targetcompany-s-linux-variant-targets-esxi-environments.html
[113]https://www.fortinet.com/blog/threat-research/ransomware-roundup-shinra-and-limpopo-ransomware
[114]https://www.cadosecurity.com/blog/from-dormant-to-dangerous-p2pinfect-evolves-to-deploy-new-ransomware-and-cryptominer
[115]https://mp.weixin.qq.com/s/xXUBLE43ZZorfVd62FWm4g
[116]https://mp.weixin.qq.com/s/-vvj2RHNNkCxruLlMpfyrA
[117]https://mp.weixin.qq.com/s/vvvCl1yv3JF6FPXRXT5F3A
[118]https://www.secrss.com/articles/52018
[119]https://www.antiy.cn/research/notice&report/research_report/TrojanControl_Analysis.html
[120]https://mp.weixin.qq.com/s/hQhAVWEykfd2bP2vTRdwsw
[121]https://mp.weixin.qq.com/s/UZ557zX-pr428e6d4jO5jw
[122]https://mp.weixin.qq.com/s/rHGwLo6XBGHKSObSCD3u1Q
[123]https://cert.360.cn/report/detail?id=6603e9fec09f255b91b17f3f
[124]https://mp.weixin.qq.com/s/ui_BU1OhIP0--FXT-b6uLg
[125]https://www.antiy.cn/research/notice&report/research_report/SwimSnake_Analysis_202404.html
[126]https://mp.weixin.qq.com/s/XK_UE0uLS26SB_clMqFO4w
[127]https://mp.weixin.qq.com/s/Qe_5k8US7nyZHEHLshmlBg
[128]https://mp.weixin.qq.com/s/TbiOIATW-Qn2uWImGoEagw
[129]https://mp.weixin.qq.com/s/tNofW88EQAIZXjkCrjp8kw
[130]https://mp.weixin.qq.com/s/dIuE6sXutFQ5GS5l6yMqwA
[131]https://www.antiy.cn/research/notice&report/research_report/SwimSnake_Analysis_202406.html
[132]https://blog.xlab.qianxin.com/unveiling-the-mystery-of-bigpanzi/
[133]https://ti.qianxin.com/blog/articles/Analysis-of-Recent-OneinStack-Supply-Chain-Poisoning-Event-CN/
[134]https://mp.weixin.qq.com/s/R0kn5STsiwIUhIqVRwnNxw
[135]https://www.antiy.cn/research/notice&report/research_report/DarkMozzie.html
[136]https://mp.weixin.qq.com/s/7h5rMLnv16uh27RoVrDmCw
[137]https://mp.weixin.qq.com/s/MEQp4I1Ilrxf91etb0yZyQ
[138]https://mp.weixin.qq.com/s/OheNN_iR_ATCkOkyK8FLAg
[139]https://mp.weixin.qq.com/s/yF48xZcWb4S5aMfMchrxwg
Happy New Year!
2023 YEAR IN REVIEW