├── 101 ├── Yara.md └── pics │ └── Yara │ ├── asm.png │ ├── cyber.png │ ├── dot1.png │ ├── dot2.png │ └── regex.png ├── Additional Analysis ├── Dridex │ └── 2020-05-01 │ │ ├── Analysis.md │ │ ├── IOC-Dridex_2020_05_01.csv │ │ ├── IOC-Dridex_2020_05_01.json │ │ ├── Mitre-Dridex_2020_05_01.json │ │ └── Pictures │ │ └── Killchain.png ├── Images │ └── Ransomware │ │ ├── POC │ │ ├── loader │ │ │ └── 1.png │ │ └── psm │ │ │ ├── 1.png │ │ │ ├── 2.png │ │ │ ├── 3.png │ │ │ └── 4.png │ │ └── ftcode │ │ └── macro │ │ ├── 1.png │ │ └── 2.png ├── Magecart │ └── 2020-06-02 │ │ ├── Analysis.md │ │ ├── CSV │ │ └── IOC-Magecart-2020-06-02.csv │ │ └── JSON │ │ ├── IOC-Magecart-2020-06-02.json │ │ └── MITRE-Magecart-2020-06-02.json ├── Neutrino │ ├── Analysis_2020-02-08.md │ ├── Json │ │ ├── IOC.json │ │ └── TTPs.json │ ├── Pictures │ │ └── cyberkill.PNG │ └── Yara │ │ └── Yara_Neutrino.yar ├── New_tendencies.md ├── RUYK │ └── 2020-10-27 │ │ ├── Analysis.md │ │ └── Pictures │ │ ├── Files.png │ │ ├── Process.png │ │ ├── Str.png │ │ └── WOL.png ├── RagnarLocker │ └── 2020-08-08 │ │ ├── Analysis.md │ │ ├── CSV │ │ ├── FilesMSIInfos.csv │ │ └── IOC_RagnarLocker_2020-08-08.csv │ │ ├── JSON │ │ └── IOC_RagnarLocker_2020-08-08.json │ │ └── Pictures │ │ ├── AutoLogon.png │ │ ├── Config.png │ │ ├── EntryRagnar.png │ │ ├── ExecBAT.png │ │ ├── Files.png │ │ ├── GenerateListFiles.png │ │ ├── InfoOS.png │ │ ├── InitExec.png │ │ ├── Injectshellcode.png │ │ ├── InstallTools.png │ │ ├── NAT.png │ │ ├── Path.png │ │ ├── Payload.png │ │ ├── ProcessEncrypt.png │ │ ├── Properties.png │ │ ├── QueryKey.png │ │ ├── Ransomware.png │ │ ├── ReleaseMiniXP.png │ │ ├── RunKey.png │ │ ├── Salsa.png │ │ ├── TargetDir.png │ │ ├── Timeline.png │ │ ├── Volumes.png │ │ ├── batchedit.png │ │ ├── entry0.png │ │ ├── process_key.png │ │ └── timefiles.png ├── Terraloader │ ├── 02-01-20 │ │ ├── Analysis.md │ │ ├── Document.txt │ │ ├── Json │ │ │ ├── IOC.json │ │ │ └── MitreAttack.json │ │ └── pictures │ │ │ ├── Terraloader.png │ │ │ └── cyber.png │ ├── 2020-04-12 │ │ ├── Analysis.md │ │ ├── CSV │ │ │ └── IOC_Terraloader_2020-04_12.csv │ │ ├── JSON │ │ │ ├── IOC_Terraloader_2020-04_12.json │ │ │ └── Mitre-Terraloader_2020_04-12.json │ │ └── Pictures │ │ │ ├── Resume.png │ │ │ ├── killchain.png │ │ │ ├── layer1.png │ │ │ ├── layer2.png │ │ │ └── tool.png │ └── 2021-03-25 │ │ ├── Analysis.md │ │ ├── JSON │ │ ├── IOC-Terraloader-2021-03-27.json │ │ └── Mitre-Terraloader_2021_03-26.json │ │ └── Pictures │ │ ├── CompParseDLL.png │ │ ├── CyberKillChain.png │ │ ├── Duplicated.png │ │ ├── WritePayload.png │ │ ├── hunting.png │ │ └── lure.png ├── Unknown │ ├── 2020-04-27 │ │ ├── Analysis.md │ │ ├── CSV │ │ │ └── IOC-Unknown_2020_04-27.csv │ │ ├── Json │ │ │ ├── IOC-Unknown_2020_04-27.json │ │ │ └── Mitre-Unknown_2020_04-27.json │ │ ├── Lure │ │ │ ├── Lure-bank.txt │ │ │ └── Lure-healthcare.txt │ │ └── Pictures │ │ │ └── killchain.png │ ├── 2020-05-12 │ │ ├── Analysis.md │ │ ├── CSV │ │ │ ├── Hunt_IOC_Samples.csv │ │ │ └── IOC-JS-Loader_2020_05_16.csv │ │ ├── JSON │ │ │ ├── IOC-JS-Loader_2020_05_16.json │ │ │ └── Mitre-JS-Loader_2020_05_16.json │ │ ├── Pictures │ │ │ ├── comp_algo.png │ │ │ ├── comp_algo2.png │ │ │ ├── comp_code.png │ │ │ ├── cyberkill.png │ │ │ ├── hunting.png │ │ │ ├── obfuscation_hex.PNG │ │ │ ├── panel.png │ │ │ ├── panel2.png │ │ │ └── trad_command.png │ │ └── code │ │ │ └── modern_loader.cs │ └── 2020-06-22 │ │ ├── Analysis.md │ │ ├── CSV │ │ └── IOC-FTcode-2020-06-22.csv │ │ ├── JSON │ │ ├── IOC-FTcode-2020-06-22.json │ │ └── MITRE-Ftcode-2020-06-22.json │ │ └── Pictures │ │ ├── CompVersion.png │ │ ├── Company.png │ │ ├── JMTHMail.png │ │ ├── Mail.png │ │ └── cyberkill.png └── UnknownTA │ └── 2020-09-07 │ ├── Analysis.md │ ├── CSV │ ├── IOC.csv │ └── TTPsHunting.csv │ ├── JSON │ ├── IOC.json │ └── MITRE.json │ └── Pictures │ ├── CheckPE.png │ ├── CutterShellcode.png │ ├── ExecuteScript.png │ ├── ExecuteShell.png │ ├── ExpFlags.png │ ├── Headers.png │ ├── OpenSection.png │ ├── PEDump.png │ ├── Post.png │ ├── Process.png │ ├── PushConfig.png │ ├── TTPs.png │ ├── Zip.png │ └── postEng.png ├── AgentJan2020 ├── DiskInfos.png ├── DllRegisterServer.png ├── GetDiskSInfos.png └── SendDataToC2.png ├── AgentJune2020 ├── ExecuteActions.png ├── Obfus.png ├── PowerRef.png └── PowershellRunner.png ├── China └── APT │ ├── APT27 │ └── 2020-11-17 │ │ ├── Analysis.md │ │ ├── Pictures │ │ ├── Encrypt.png │ │ ├── callgraph_main.png │ │ └── slide.PNG │ │ └── Yara │ │ └── APT_APT_27_Nov_2020_1.yar │ ├── Antlion │ ├── Notes_Antlion.md │ └── pic │ │ ├── Match1.png │ │ ├── Match2.png │ │ ├── Match3.png │ │ └── Match4.png │ ├── Chimera │ ├── Analysis.md │ ├── CSV │ │ └── Database.csv │ └── Pictures │ │ ├── APT19CHeader.png │ │ ├── APT19_Header.png │ │ ├── APT19vsChimera.png │ │ ├── ChimeraCHeader.png │ │ ├── Chimera_Header.png │ │ ├── EICARAPT19.png │ │ ├── IP_Chimera.png │ │ ├── InfosCS.png │ │ ├── InitComToC2.png │ │ ├── InitListSamples.png │ │ ├── InitListSamples2.png │ │ ├── MatchsSign.png │ │ ├── PEHeader.png │ │ ├── Rule.png │ │ ├── Sign.png │ │ ├── StringsAPT19.png │ │ ├── entry0Custom.png │ │ ├── entryCS.png │ │ ├── sym_beacon_x64_dll_ReflectiveLoader.png │ │ └── sym_metsrv_dll_buffer_from_file.png │ ├── IceFog │ └── 6-11-19 │ │ ├── Analysis.md │ │ ├── JSON │ │ └── Mitre_TTPs.json │ │ ├── Pictures │ │ ├── CVE.PNG │ │ └── Cyber.PNG │ │ └── Yara_Rule_IceFog_Nov19.yar │ └── Unknown │ └── 20-08-19 │ ├── Images │ ├── Cyberkillchain.png │ ├── IP.PNG │ ├── Liks.PNG │ ├── Loader │ │ ├── RegKey.png │ │ ├── RegStatus.png │ │ └── RichEdit.png │ ├── USvisit.png │ ├── domain.png │ ├── eset │ │ ├── Cert.png │ │ ├── CreateService.png │ │ ├── change status.png │ │ ├── config.png │ │ └── crypto.png │ └── hijack │ │ ├── alloc.png │ │ ├── command.PNG │ │ └── virtualprotect.png │ └── Malware analysis 20-08-19.md ├── Comp.png ├── CyberKill.png ├── Indian └── APT │ ├── Donot │ └── 17-09-19 │ │ ├── IOC_Donot_25-09-19.json │ │ ├── Images │ │ ├── 1 │ │ │ ├── CLSID.png │ │ │ ├── EFILE-Disk1.png │ │ │ ├── EFILE-EnvVar.PNG │ │ │ ├── EFILE-Infos1.PNG │ │ │ ├── EFILE-Infos2.PNG │ │ │ ├── EFILE-Infos3.PNG │ │ │ ├── EFILE-Mod1.PNG │ │ │ ├── EFILE-Mod2.PNG │ │ │ ├── EFILE-Mutex.PNG │ │ │ ├── HexPK.PNG │ │ │ ├── InjTemp.PNG │ │ │ └── RTFInfo.PNG │ │ ├── 2 │ │ │ ├── RTFInfo.png │ │ │ └── Template.png │ │ ├── 3 │ │ │ ├── Anti-sandbox.PNG │ │ │ ├── Hijack.png │ │ │ ├── Infos.PNG │ │ │ ├── Inj.PNG │ │ │ ├── Main.png │ │ │ ├── RTFInfo.PNG │ │ │ ├── VirtualProtect.PNG │ │ │ ├── WriteFile.PNG │ │ │ └── connect.PNG │ │ ├── 4 │ │ │ ├── UAC.PNG │ │ │ ├── inj.PNG │ │ │ ├── js.PNG │ │ │ └── rtfinfos.PNG │ │ ├── 5 │ │ │ ├── Inj.png │ │ │ └── RTFinfos.png │ │ ├── China.jpg │ │ ├── Iran.png │ │ ├── Up.PNG │ │ ├── back.png │ │ ├── cyber.png │ │ ├── cyber2.png │ │ ├── date.png │ │ ├── netWine.png │ │ ├── op.png │ │ └── res.png │ │ └── Malware analysis.md │ ├── Patchwork │ ├── 2020-07-23 │ │ ├── Analysis.md │ │ ├── JSON │ │ │ └── MITRE-Patchwork-2020-07-23.json │ │ ├── Pictures │ │ │ ├── Articles │ │ │ │ ├── 1.png │ │ │ │ ├── 2.png │ │ │ │ ├── 3.png │ │ │ │ ├── 4.png │ │ │ │ └── silk.png │ │ │ ├── Badnews │ │ │ │ ├── Feed.png │ │ │ │ ├── Index.png │ │ │ │ ├── Mirror.png │ │ │ │ └── URL.png │ │ │ ├── BozokRAT │ │ │ │ ├── Actions.png │ │ │ │ ├── CheckConnect.png │ │ │ │ ├── CheckPresenceSoftware.png │ │ │ │ ├── InitFile.png │ │ │ │ ├── InitFileParser.png │ │ │ │ ├── SendToC2.png │ │ │ │ ├── SubLib.png │ │ │ │ ├── XOR.png │ │ │ │ ├── matchalgo1.png │ │ │ │ └── matchalgo2.png │ │ │ ├── Code.png │ │ │ ├── Docs │ │ │ │ ├── BannerCOVID.png │ │ │ │ ├── BannerNat.png │ │ │ │ └── Website.png │ │ │ ├── EFS.png │ │ │ ├── Pushdo │ │ │ │ └── LoadConnect.png │ │ │ ├── Resume.png │ │ │ ├── VT.png │ │ │ └── cyberkill.png │ │ └── Yara │ │ │ └── Yara_Patchwork_July_2020_1.yar │ └── 27-08-19 │ │ ├── IOC_Patchwork_09-09-19.json │ │ ├── Images │ │ ├── Cyber.png │ │ ├── Event1.png │ │ ├── Event2.PNG │ │ ├── Exploit.png │ │ ├── Version.PNG │ │ ├── bin1-CreateThread.png │ │ ├── bin1-String.PNG │ │ ├── bin2-AllocProcess.png │ │ ├── bin2-CheckDebug.png │ │ ├── bin2-CheckException.png │ │ ├── bin2-Entrypoint.png │ │ ├── bin2-Explorer.png │ │ └── bin2-call.png │ │ └── Malware analysis 27-08-19.md │ └── SideWinder │ ├── 11-10-2019 │ ├── Analysis.md │ ├── IOC-SideWinder-14-10-19.json │ └── Pictures │ │ └── October 2019 │ │ ├── CyberKill.png │ │ ├── dll1.PNG │ │ ├── eventchina1.png │ │ ├── eventchina2.png │ │ ├── ext1.png │ │ ├── ext2.png │ │ ├── extunsed.png │ │ ├── jspay1.PNG │ │ ├── jspay2.PNG │ │ ├── jspay3.PNG │ │ ├── obj.PNG │ │ └── whois.png │ └── 25-12-19 │ ├── JSON │ ├── IOC.json │ └── MITRE_ref.json │ ├── Pictures │ ├── Cyber.png │ ├── RTF_objects.PNG │ ├── comC2.PNG │ ├── exploit.png │ ├── know_GRAPH.png │ ├── leg_cert_EFS_keys.png │ ├── leg_load_EFS_keys.png │ ├── obj1.PNG │ ├── obj2.PNG │ └── whois.PNG │ ├── Ressources │ └── content_Policy_on_Embedded_Systems.txt │ ├── Yara │ └── Yara_Rule_SideWinder_Dec19.yar │ └── analysis.md ├── Iran └── APT │ ├── APT33 │ └── 16-11-19 │ │ ├── Analysis APT33.md │ │ ├── Analysis │ │ ├── Info-1.PNG │ │ ├── Info-2.PNG │ │ ├── Site-1.png │ │ ├── Site-2.png │ │ ├── VBE -1.png │ │ ├── cyber.PNG │ │ ├── job.png │ │ ├── know-APT33.png │ │ ├── old-1.PNG │ │ └── old-2.PNG │ │ ├── IOC-APT33-18-11-19.json │ │ ├── MITRE-APT33-18-11-19.json │ │ └── YARA_Rule_APT33_Nov_2019.yar │ └── Muddywater │ └── 2020-07-02 │ ├── Analysis.md │ ├── CSV │ ├── IOC-Muddywater-2020-07-02.csv │ ├── Metadata.csv │ └── Tokens.csv │ ├── JSON │ ├── IOC-Muddywater-2020-07-02.json │ └── MITRE-Muddywater-2020-07-02.json │ ├── Pictures │ ├── AgentJan2020 │ │ ├── DiskInfos.png │ │ ├── DllRegisterServer.png │ │ ├── GetDiskSInfos.png │ │ └── SendDataToC2.png │ ├── AgentJune2020 │ │ ├── ExecuteActions.png │ │ ├── Obfus.png │ │ ├── PowerRef.png │ │ └── PowershellRunner.png │ ├── Comp.png │ ├── CyberKill.png │ ├── Maldocs │ │ ├── ArticleUNRWA.png │ │ ├── ArticleUNRWA2.png │ │ ├── CyberDefense.png │ │ ├── IPReport.png │ │ ├── US.png │ │ ├── US1.png │ │ ├── conf_golf1.png │ │ ├── conf_golf2.png │ │ └── unrwa.png │ ├── Muddy.png │ ├── NSIS │ │ ├── Exec.png │ │ ├── LoadExec.png │ │ └── entry0.png │ └── Timestamp.png │ └── Yara │ └── Yara_Rule_APT_Muddywater_June_2020_1.yar ├── Muddy.png ├── NSIS ├── Exec.png ├── LoadExec.png └── entry0.png ├── North Korea └── APT │ ├── APT37 │ └── 2020-04-23 │ │ ├── Analysis.md │ │ ├── CSV │ │ └── IOC-Konni_2020_04-23.csv │ │ ├── JSON │ │ ├── IOC-Konni_2020_04-23.json │ │ └── Mitre-Konni_2020_04-23.json │ │ └── Pictures │ │ ├── elevate_loader.png │ │ ├── entry_loader.png │ │ └── killchain.png │ ├── Kimsuky │ └── 2020-03-20 │ │ ├── Analysis.md │ │ ├── JSON │ │ ├── IOC-Kimsuky-2020-03-20.json │ │ └── Mitre-Kimsuky-2020-03-20.json │ │ ├── Pictures │ │ ├── Graph_power.PNG │ │ └── domain.png │ │ └── Rules │ │ └── Yara_Rule_Kimsuky_2020_03_20.yar │ └── Lazarus │ ├── 2020-05-05 │ ├── Analysis.md │ ├── CSV │ │ └── IOC-Lazarus_2020_05_05.csv │ ├── JSON │ │ ├── IOC-Lazarus_2020_05_05.json │ │ └── Mitre-Lazarus_2020_05_05.json │ ├── Pictures │ │ ├── Boeing.png │ │ ├── Cover-BAE.png │ │ ├── Cover-Lockheed.png │ │ ├── Error_builder.png │ │ ├── Get-DiskInfo.png │ │ ├── Get-Infos.png │ │ ├── Lockheed.png │ │ ├── Persistence.png │ │ ├── PushHeader.png │ │ ├── ROK-AIR-1.png │ │ ├── ROK-AIR-2.png │ │ ├── ROK-Navy.png │ │ ├── ROK-Tank.png │ │ ├── SendData.png │ │ ├── Version.PNG │ │ ├── event.png │ │ ├── killchain.png │ │ └── process.png │ └── Yara │ │ └── Lazarus_MACH-O_RAT_Dacls_May_2020_1.yar │ └── 23-10-19 │ ├── Analysis │ ├── 27-10-19-Maldoc1 │ │ ├── Maldoc-VBA-1.PNG │ │ └── Maldoc-VBA-2.PNG │ ├── 27-10-19-Maldoc2 │ │ ├── Mal_Command.PNG │ │ ├── Mal_entry.png │ │ ├── Mal_option.png │ │ ├── Mal_version.PNG │ │ ├── Mal_version2.PNG │ │ ├── Maldoc-VBA-1.PNG │ │ └── Maldoc-VBA-2.PNG │ ├── 27-10-19 │ │ ├── MAL-Cert.png │ │ ├── Maldoc_VBA_1.png │ │ ├── Maldoc_VBA_2.png │ │ ├── Maldoc_VBA_3.png │ │ ├── Maldoc_VBA_4.png │ │ ├── Maldoc_VBA_5.png │ │ ├── Maldoc_cover.png │ │ ├── mal_deletekey.png │ │ ├── mal_disk.png │ │ ├── mal_getimage.png │ │ ├── mal_getinfos.png │ │ ├── mal_getscreenshot.png │ │ ├── mal_keyboard.png │ │ ├── mal_process.png │ │ ├── mal_pushkey.png │ │ ├── mal_pushpersistence.png │ │ ├── mal_systeminfos.png │ │ └── mal_writeKey.PNG │ ├── 29-10-19 │ │ ├── Art.PNG │ │ ├── Exp-Data.PNG │ │ ├── Exp-Pass.png │ │ ├── Mal-Actions-1.png │ │ ├── Mal-Get-History-1.png │ │ ├── Mal-Get-History-2.png │ │ ├── Mal-Get-Mac.png │ │ ├── Mal-GetDisks.png │ │ ├── Mal-StealActions.png │ │ ├── Noref.png │ │ ├── Ref.png │ │ ├── SQLite-Version-string.PNG │ │ ├── SQLite-Version.PNG │ │ └── log.png │ ├── CTI.png │ ├── HWP │ │ ├── Doc.PNG │ │ ├── EPS.PNG │ │ ├── HWP-cert.png │ │ ├── HWP-whois.png │ │ ├── mal_Options.png │ │ ├── mal_address.png │ │ ├── mal_anti-debug.png │ │ ├── mal_disks.png │ │ ├── mal_finfFile.png │ │ ├── mal_gettime.png │ │ ├── mal_pushguid.png │ │ └── mal_sysinfo.png │ ├── cyber │ │ ├── cyber-HAL.PNG │ │ ├── cyber-Nuclear.PNG │ │ └── cyber-power.PNG │ └── march 2019 │ │ ├── Mal-Pushdata.png │ │ ├── Mal-ReplyDown.png │ │ ├── Mal-ReplyExec.png │ │ ├── Mal-ReplyOtherShellCmd.png │ │ ├── Mal-Replycmd.png │ │ ├── Mal-StartSession.png │ │ ├── Mal-destroysession.png │ │ ├── Mal-main.png │ │ ├── Mal-mainloop.png │ │ ├── Mal-replydie.png │ │ ├── Mal-weboptions.png │ │ ├── Mal-xor.png │ │ ├── Maldoc-VBA-1.PNG │ │ ├── Maldoc-VBA-2.PNG │ │ └── functionscom.PNG │ ├── Json │ ├── CES2020.json │ ├── DTrack.json │ ├── HAL.json │ ├── OSX-Powershell.json │ └── Others_Dtrack.json │ ├── YARA_Rule_Lazarus_October_2019.yar │ └── analysis.md ├── Pakistan └── APT │ ├── Gorgon │ ├── 09-09-19 │ │ ├── IOC_Gorgon_09-9-19.json │ │ ├── Images │ │ │ ├── Bin-Keyboard.PNG │ │ │ ├── Cyberkillchain.png │ │ │ ├── Hagga_again.PNG │ │ │ ├── LoaderL2P.png │ │ │ ├── LoaderL2P1-1.png │ │ │ ├── LoaderL2P1-2.png │ │ │ ├── LoaderL2P1-2C.png │ │ │ ├── LoaderL2P2-1.png │ │ │ ├── Macro2.PNG │ │ │ ├── bin-BMP.png │ │ │ ├── bin_Data.png │ │ │ ├── bin_wallets.png │ │ │ ├── lastedit.PNG │ │ │ ├── loader1.PNG │ │ │ ├── loader1close.PNG │ │ │ ├── macro1.png │ │ │ ├── panel.png │ │ │ ├── redirect1.PNG │ │ │ ├── redirect2.PNG │ │ │ ├── second account.PNG │ │ │ └── site.PNG │ │ └── Malware analysis 09-09-19.md │ └── 23-08-19 │ │ ├── IOC_Gorgon_25-08-19.json │ │ ├── Images │ │ ├── Bitlyclicks.png │ │ ├── FakeC2domains.png │ │ ├── Frombook │ │ │ ├── CheckPE.png │ │ │ ├── choicenav.png │ │ │ ├── chrome.png │ │ │ ├── config.png │ │ │ ├── dec.png │ │ │ └── useragent.png │ │ ├── Loader stage 1 │ │ │ ├── Unescape1.PNG │ │ │ ├── Unescape3.PNG │ │ │ └── VBcodefinal.PNG │ │ ├── Loader stage 2 │ │ │ ├── Unescape3.PNG │ │ │ └── VBcodefinal.PNG │ │ ├── Loader subPaste │ │ │ ├── confStrings.png │ │ │ ├── confuserExref.png │ │ │ ├── layer2tab.PNG │ │ │ ├── run.png │ │ │ ├── tab.PNG │ │ │ └── unpack.png │ │ ├── Macro │ │ │ ├── Samefunctions.PNG │ │ │ └── macroCode.png │ │ ├── cyber.PNG │ │ └── cyberfrom.PNG │ │ └── Malware analysis 25-08-19.md │ └── Transparent Tribe │ └── 22-01-20 │ ├── Content_Decoy.txt │ ├── analysis.md │ ├── json │ ├── Mitre-APT36-22-01-20.json │ └── ioc.json │ ├── picture │ ├── cyber.png │ └── lure.png │ └── yara │ └── YARA_Rule_APT36_Jan_2020.yar ├── README.md ├── Russia ├── APT │ └── Gamaredon │ │ ├── 06-08-19 │ │ ├── IOC_Gamaredon_06-08-19.json │ │ ├── Images │ │ │ ├── CMDdetails.png │ │ │ ├── RAR │ │ │ │ ├── CMDextractfile.png │ │ │ │ ├── Info.PNG │ │ │ │ ├── InfoSys.PNG │ │ │ │ ├── LNKFILE.png │ │ │ │ ├── Window.png │ │ │ │ ├── Writefile.PNG │ │ │ │ └── runas.png │ │ │ ├── VBS.png │ │ │ ├── WGET │ │ │ │ ├── FTP.png │ │ │ │ ├── Progressbar.png │ │ │ │ ├── Proxy.png │ │ │ │ ├── listalogo.png │ │ │ │ └── strings.png │ │ │ ├── cyber.png │ │ │ ├── ip.png │ │ │ ├── obstool.png │ │ │ └── powershell.png │ │ └── Malware analysis 06-08-19.md │ │ ├── 09-09-19 │ │ ├── IOC_Gamaredon_09-09-19.json │ │ ├── Images │ │ │ ├── Remote.png │ │ │ ├── cmdfile.png │ │ │ ├── ps1file.png │ │ │ └── vbsfile.png │ │ └── New samples with the same TTPs from the August campaign.md │ │ └── 16-08-19 │ │ ├── IOC_Gamaredon_16-08-19.json │ │ ├── Images │ │ ├── CMD.PNG │ │ ├── IP.png │ │ ├── SFX.png │ │ ├── command.PNG │ │ ├── cyber.PNG │ │ └── query.PNG │ │ └── Malware analysis 16-08-19.md └── Cybercriminal group │ └── FIN7 │ └── 16-10-19 │ ├── Analysis.md │ ├── Code │ └── FIN7.js │ ├── IOC-FIN7-16-10-19.json │ └── Pictures │ ├── CyberKill.png │ ├── IPinfo.png │ ├── Macro.png │ ├── layer1.png │ ├── layer2 - decode.png │ ├── layer2 - dnsext.png │ ├── layer2 - id.png │ ├── layer2 - key.png │ ├── layer2 - main.png │ ├── layer2 - ns.png │ └── layer2 - send.png ├── Timestamp.png ├── Unknown ├── APT-C-37 │ └── 26-08-19 │ │ ├── APT-C-37 analysis.md │ │ ├── IOC_APT-C-37_04-09-19.json │ │ └── Images │ │ ├── 3fb1c19ecfe9c11d779b8dae397cd781b64c56ef.21349-ela.png │ │ ├── EDOYGWjWsAAsfM1.jpg large.jpg │ │ ├── EDOYGiAXsAEA4Kq.jpg large.jpg │ │ ├── FirstAnal.png │ │ ├── Post.PNG │ │ ├── VBScode.png │ │ ├── aa18205de56e2cbe15471c3cc1530e587ab975a0.35923-ela-600.png │ │ ├── bits.PNG │ │ ├── c654ede55e275431042d32334f8cfd3a5526cb72.196671-600.png │ │ ├── c654ede55e275431042d32334f8cfd3a5526cb72.196671-ela.png │ │ ├── code.vb │ │ ├── codeRAT.png │ │ ├── content.png │ │ ├── contentold.png │ │ ├── cyber.PNG │ │ ├── decStr.png │ │ ├── declayer.png │ │ ├── decodeJS.png │ │ ├── dirfunc.PNG │ │ ├── downfunc.PNG │ │ ├── encodeJS.png │ │ ├── exitfunc.PNG │ │ ├── fnVYrkD1.png │ │ ├── geZ6pXr1.png │ │ ├── infofunc.PNG │ │ ├── infolast.png │ │ ├── lay1dec.png │ │ ├── layer2.png │ │ ├── listdrivesfunc.PNG │ │ ├── lnk.PNG │ │ ├── lnkfile.png │ │ ├── matchcode.PNG │ │ ├── oIdfwmrN.png │ │ ├── onelinerJS.png │ │ ├── parents.png │ │ ├── postfunc.PNG │ │ ├── processfunc.PNG │ │ ├── rule.png │ │ ├── secAnal.png │ │ ├── spotted.png │ │ ├── strings.png │ │ ├── upfunc.PNG │ │ └── zoomdebug.PNG └── Unknown phishing group │ ├── Analysis_29-09-2019.md │ ├── IOC │ └── IOC_01-10-19.json │ ├── Images │ ├── Bank │ │ ├── LAY11.png │ │ ├── LAY12.png │ │ ├── config.png │ │ └── infos.png │ └── TNT │ │ ├── Cyber.PNG │ │ ├── TNT layer 1.png │ │ ├── config.png │ │ ├── infos.png │ │ ├── mail.png │ │ ├── persistence.png │ │ ├── persistence_pay.png │ │ └── switch.png │ └── code │ ├── layer2_Bank.js │ └── layer2_TnT.js ├── cybercriminal groups ├── FIN7 │ ├── 2021-08-24 │ │ ├── Analysis.md │ │ ├── Pictures │ │ │ └── Pcap.png │ │ └── code │ │ │ ├── DecoderRequests.js │ │ │ ├── layer1.js │ │ │ ├── layer2.js │ │ │ └── layer3.js │ └── 2021-09-07 │ │ ├── FIN7.md │ │ └── Pictures │ │ ├── 1.png │ │ ├── 10.png │ │ ├── 11.png │ │ ├── 12.png │ │ ├── 13.png │ │ ├── 14.png │ │ ├── 15.png │ │ ├── 2.png │ │ ├── 3.png │ │ ├── 4.png │ │ ├── 5.png │ │ ├── 6.png │ │ ├── 7.png │ │ ├── 8.png │ │ └── 9.png └── TA505 │ └── 04-10-2019 │ ├── IOC_TA505_07-10-19.json │ ├── Images │ ├── Autoopen.PNG │ ├── Intel │ │ ├── ID.PNG │ │ ├── Links.PNG │ │ ├── domain1.PNG │ │ └── domain2.PNG │ ├── Module1-1.PNG │ ├── Module1-2.PNG │ ├── Module2-1.PNG │ ├── Module2-2.PNG │ ├── Module3.PNG │ ├── Test.PNG │ ├── cyber.png │ ├── implant │ │ ├── connect.PNG │ │ ├── detectsize.PNG │ │ ├── getinfos.PNG │ │ ├── pushmemory.PNG │ │ └── virt.PNG │ └── userform.PNG │ └── Malware Analysis 04-10-2019.md └── offshore APT organization ├── Bitter └── 27-08-19 │ ├── IOC_Bitter_31-08-19.json │ ├── Images │ ├── CorExitProcess.PNG │ ├── Cyber.png │ ├── Entry.png │ ├── Extref.png │ ├── GetProcname.PNG │ ├── HexRTF.png │ ├── IPloc.jpg │ ├── Icon.PNG │ ├── Osdetails.png │ ├── PointerDATA.png │ ├── Wordversion.png │ ├── algo.png │ ├── dec.png │ ├── decstr.png │ ├── infowhois.png │ ├── loc.png │ ├── mat1.PNG │ ├── mat2.PNG │ ├── persistence.png │ ├── query.png │ ├── redirect.png │ ├── res.png │ ├── send.png │ ├── str.png │ └── trace.png │ ├── Malware analysis 31-08-19.md │ ├── YARA_Rule_Bitter_Variant1_August_2019.txt │ └── decrypt │ ├── Readme.md │ ├── Result.png │ └── decrypt.ps1 └── DangerousPassword └── 2020-04-02 ├── Analysis.md ├── CSV └── IOC_DangerousPassword_2020-04_02.csv ├── JSON ├── IOC_DangerousPassword_2020-04_02.json └── Mitre-DangerousPassword_2020_04-02.json └── Pictures ├── Lnk_File.png └── killchain.png /101/Yara.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/101/Yara.md -------------------------------------------------------------------------------- /101/pics/Yara/asm.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/101/pics/Yara/asm.png -------------------------------------------------------------------------------- /101/pics/Yara/cyber.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/101/pics/Yara/cyber.png -------------------------------------------------------------------------------- /101/pics/Yara/dot1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/101/pics/Yara/dot1.png -------------------------------------------------------------------------------- /101/pics/Yara/dot2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/101/pics/Yara/dot2.png -------------------------------------------------------------------------------- /101/pics/Yara/regex.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/101/pics/Yara/regex.png -------------------------------------------------------------------------------- /Additional Analysis/Dridex/2020-05-01/Analysis.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Dridex/2020-05-01/Analysis.md -------------------------------------------------------------------------------- /Additional Analysis/Dridex/2020-05-01/IOC-Dridex_2020_05_01.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Dridex/2020-05-01/IOC-Dridex_2020_05_01.csv -------------------------------------------------------------------------------- /Additional Analysis/Dridex/2020-05-01/IOC-Dridex_2020_05_01.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Dridex/2020-05-01/IOC-Dridex_2020_05_01.json -------------------------------------------------------------------------------- /Additional Analysis/Dridex/2020-05-01/Mitre-Dridex_2020_05_01.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Dridex/2020-05-01/Mitre-Dridex_2020_05_01.json -------------------------------------------------------------------------------- /Additional Analysis/Dridex/2020-05-01/Pictures/Killchain.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Dridex/2020-05-01/Pictures/Killchain.png -------------------------------------------------------------------------------- /Additional Analysis/Images/Ransomware/POC/loader/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Images/Ransomware/POC/loader/1.png -------------------------------------------------------------------------------- /Additional Analysis/Images/Ransomware/POC/psm/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Images/Ransomware/POC/psm/1.png -------------------------------------------------------------------------------- /Additional Analysis/Images/Ransomware/POC/psm/2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Images/Ransomware/POC/psm/2.png -------------------------------------------------------------------------------- /Additional Analysis/Images/Ransomware/POC/psm/3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Images/Ransomware/POC/psm/3.png -------------------------------------------------------------------------------- /Additional Analysis/Images/Ransomware/POC/psm/4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Images/Ransomware/POC/psm/4.png -------------------------------------------------------------------------------- /Additional Analysis/Images/Ransomware/ftcode/macro/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Images/Ransomware/ftcode/macro/1.png -------------------------------------------------------------------------------- /Additional Analysis/Images/Ransomware/ftcode/macro/2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Images/Ransomware/ftcode/macro/2.png -------------------------------------------------------------------------------- /Additional Analysis/Magecart/2020-06-02/Analysis.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Magecart/2020-06-02/Analysis.md -------------------------------------------------------------------------------- /Additional Analysis/Magecart/2020-06-02/CSV/IOC-Magecart-2020-06-02.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Magecart/2020-06-02/CSV/IOC-Magecart-2020-06-02.csv -------------------------------------------------------------------------------- /Additional Analysis/Magecart/2020-06-02/JSON/IOC-Magecart-2020-06-02.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Magecart/2020-06-02/JSON/IOC-Magecart-2020-06-02.json -------------------------------------------------------------------------------- /Additional Analysis/Magecart/2020-06-02/JSON/MITRE-Magecart-2020-06-02.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Magecart/2020-06-02/JSON/MITRE-Magecart-2020-06-02.json -------------------------------------------------------------------------------- /Additional Analysis/Neutrino/Analysis_2020-02-08.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Neutrino/Analysis_2020-02-08.md -------------------------------------------------------------------------------- /Additional Analysis/Neutrino/Json/IOC.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Neutrino/Json/IOC.json -------------------------------------------------------------------------------- /Additional Analysis/Neutrino/Json/TTPs.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Neutrino/Json/TTPs.json -------------------------------------------------------------------------------- /Additional Analysis/Neutrino/Pictures/cyberkill.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Neutrino/Pictures/cyberkill.PNG -------------------------------------------------------------------------------- /Additional Analysis/Neutrino/Yara/Yara_Neutrino.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Neutrino/Yara/Yara_Neutrino.yar -------------------------------------------------------------------------------- /Additional Analysis/New_tendencies.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/New_tendencies.md -------------------------------------------------------------------------------- /Additional Analysis/RUYK/2020-10-27/Analysis.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/RUYK/2020-10-27/Analysis.md -------------------------------------------------------------------------------- /Additional Analysis/RUYK/2020-10-27/Pictures/Files.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/RUYK/2020-10-27/Pictures/Files.png -------------------------------------------------------------------------------- /Additional Analysis/RUYK/2020-10-27/Pictures/Process.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/RUYK/2020-10-27/Pictures/Process.png -------------------------------------------------------------------------------- /Additional Analysis/RUYK/2020-10-27/Pictures/Str.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/RUYK/2020-10-27/Pictures/Str.png -------------------------------------------------------------------------------- /Additional Analysis/RUYK/2020-10-27/Pictures/WOL.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/RUYK/2020-10-27/Pictures/WOL.png -------------------------------------------------------------------------------- /Additional Analysis/RagnarLocker/2020-08-08/Analysis.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/RagnarLocker/2020-08-08/Analysis.md -------------------------------------------------------------------------------- /Additional Analysis/RagnarLocker/2020-08-08/CSV/FilesMSIInfos.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/RagnarLocker/2020-08-08/CSV/FilesMSIInfos.csv -------------------------------------------------------------------------------- /Additional Analysis/RagnarLocker/2020-08-08/Pictures/AutoLogon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/RagnarLocker/2020-08-08/Pictures/AutoLogon.png -------------------------------------------------------------------------------- /Additional Analysis/RagnarLocker/2020-08-08/Pictures/Config.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/RagnarLocker/2020-08-08/Pictures/Config.png -------------------------------------------------------------------------------- /Additional Analysis/RagnarLocker/2020-08-08/Pictures/EntryRagnar.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/RagnarLocker/2020-08-08/Pictures/EntryRagnar.png -------------------------------------------------------------------------------- /Additional Analysis/RagnarLocker/2020-08-08/Pictures/ExecBAT.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/RagnarLocker/2020-08-08/Pictures/ExecBAT.png -------------------------------------------------------------------------------- /Additional Analysis/RagnarLocker/2020-08-08/Pictures/Files.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/RagnarLocker/2020-08-08/Pictures/Files.png -------------------------------------------------------------------------------- /Additional Analysis/RagnarLocker/2020-08-08/Pictures/GenerateListFiles.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/RagnarLocker/2020-08-08/Pictures/GenerateListFiles.png -------------------------------------------------------------------------------- /Additional Analysis/RagnarLocker/2020-08-08/Pictures/InfoOS.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/RagnarLocker/2020-08-08/Pictures/InfoOS.png -------------------------------------------------------------------------------- /Additional Analysis/RagnarLocker/2020-08-08/Pictures/InitExec.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/RagnarLocker/2020-08-08/Pictures/InitExec.png -------------------------------------------------------------------------------- /Additional Analysis/RagnarLocker/2020-08-08/Pictures/Injectshellcode.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/RagnarLocker/2020-08-08/Pictures/Injectshellcode.png -------------------------------------------------------------------------------- /Additional Analysis/RagnarLocker/2020-08-08/Pictures/InstallTools.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/RagnarLocker/2020-08-08/Pictures/InstallTools.png -------------------------------------------------------------------------------- /Additional Analysis/RagnarLocker/2020-08-08/Pictures/NAT.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/RagnarLocker/2020-08-08/Pictures/NAT.png -------------------------------------------------------------------------------- /Additional Analysis/RagnarLocker/2020-08-08/Pictures/Path.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/RagnarLocker/2020-08-08/Pictures/Path.png -------------------------------------------------------------------------------- /Additional Analysis/RagnarLocker/2020-08-08/Pictures/Payload.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/RagnarLocker/2020-08-08/Pictures/Payload.png -------------------------------------------------------------------------------- /Additional Analysis/RagnarLocker/2020-08-08/Pictures/ProcessEncrypt.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/RagnarLocker/2020-08-08/Pictures/ProcessEncrypt.png -------------------------------------------------------------------------------- /Additional Analysis/RagnarLocker/2020-08-08/Pictures/Properties.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/RagnarLocker/2020-08-08/Pictures/Properties.png -------------------------------------------------------------------------------- /Additional Analysis/RagnarLocker/2020-08-08/Pictures/QueryKey.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/RagnarLocker/2020-08-08/Pictures/QueryKey.png -------------------------------------------------------------------------------- /Additional Analysis/RagnarLocker/2020-08-08/Pictures/Ransomware.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/RagnarLocker/2020-08-08/Pictures/Ransomware.png -------------------------------------------------------------------------------- /Additional Analysis/RagnarLocker/2020-08-08/Pictures/ReleaseMiniXP.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/RagnarLocker/2020-08-08/Pictures/ReleaseMiniXP.png -------------------------------------------------------------------------------- /Additional Analysis/RagnarLocker/2020-08-08/Pictures/RunKey.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/RagnarLocker/2020-08-08/Pictures/RunKey.png -------------------------------------------------------------------------------- /Additional Analysis/RagnarLocker/2020-08-08/Pictures/Salsa.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/RagnarLocker/2020-08-08/Pictures/Salsa.png -------------------------------------------------------------------------------- /Additional Analysis/RagnarLocker/2020-08-08/Pictures/TargetDir.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/RagnarLocker/2020-08-08/Pictures/TargetDir.png -------------------------------------------------------------------------------- /Additional Analysis/RagnarLocker/2020-08-08/Pictures/Timeline.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/RagnarLocker/2020-08-08/Pictures/Timeline.png -------------------------------------------------------------------------------- /Additional Analysis/RagnarLocker/2020-08-08/Pictures/Volumes.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/RagnarLocker/2020-08-08/Pictures/Volumes.png -------------------------------------------------------------------------------- /Additional Analysis/RagnarLocker/2020-08-08/Pictures/batchedit.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/RagnarLocker/2020-08-08/Pictures/batchedit.png -------------------------------------------------------------------------------- /Additional Analysis/RagnarLocker/2020-08-08/Pictures/entry0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/RagnarLocker/2020-08-08/Pictures/entry0.png -------------------------------------------------------------------------------- /Additional Analysis/RagnarLocker/2020-08-08/Pictures/process_key.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/RagnarLocker/2020-08-08/Pictures/process_key.png -------------------------------------------------------------------------------- /Additional Analysis/RagnarLocker/2020-08-08/Pictures/timefiles.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/RagnarLocker/2020-08-08/Pictures/timefiles.png -------------------------------------------------------------------------------- /Additional Analysis/Terraloader/02-01-20/Analysis.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Terraloader/02-01-20/Analysis.md -------------------------------------------------------------------------------- /Additional Analysis/Terraloader/02-01-20/Document.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Terraloader/02-01-20/Document.txt -------------------------------------------------------------------------------- /Additional Analysis/Terraloader/02-01-20/Json/IOC.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Terraloader/02-01-20/Json/IOC.json -------------------------------------------------------------------------------- /Additional Analysis/Terraloader/02-01-20/Json/MitreAttack.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Terraloader/02-01-20/Json/MitreAttack.json -------------------------------------------------------------------------------- /Additional Analysis/Terraloader/02-01-20/pictures/Terraloader.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Terraloader/02-01-20/pictures/Terraloader.png -------------------------------------------------------------------------------- /Additional Analysis/Terraloader/02-01-20/pictures/cyber.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Terraloader/02-01-20/pictures/cyber.png -------------------------------------------------------------------------------- /Additional Analysis/Terraloader/2020-04-12/Analysis.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Terraloader/2020-04-12/Analysis.md -------------------------------------------------------------------------------- /Additional Analysis/Terraloader/2020-04-12/CSV/IOC_Terraloader_2020-04_12.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Terraloader/2020-04-12/CSV/IOC_Terraloader_2020-04_12.csv -------------------------------------------------------------------------------- /Additional Analysis/Terraloader/2020-04-12/Pictures/Resume.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Terraloader/2020-04-12/Pictures/Resume.png -------------------------------------------------------------------------------- /Additional Analysis/Terraloader/2020-04-12/Pictures/killchain.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Terraloader/2020-04-12/Pictures/killchain.png -------------------------------------------------------------------------------- /Additional Analysis/Terraloader/2020-04-12/Pictures/layer1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Terraloader/2020-04-12/Pictures/layer1.png -------------------------------------------------------------------------------- /Additional Analysis/Terraloader/2020-04-12/Pictures/layer2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Terraloader/2020-04-12/Pictures/layer2.png -------------------------------------------------------------------------------- /Additional Analysis/Terraloader/2020-04-12/Pictures/tool.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Terraloader/2020-04-12/Pictures/tool.png -------------------------------------------------------------------------------- /Additional Analysis/Terraloader/2021-03-25/Analysis.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Terraloader/2021-03-25/Analysis.md -------------------------------------------------------------------------------- /Additional Analysis/Terraloader/2021-03-25/Pictures/CompParseDLL.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Terraloader/2021-03-25/Pictures/CompParseDLL.png -------------------------------------------------------------------------------- /Additional Analysis/Terraloader/2021-03-25/Pictures/CyberKillChain.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Terraloader/2021-03-25/Pictures/CyberKillChain.png -------------------------------------------------------------------------------- /Additional Analysis/Terraloader/2021-03-25/Pictures/Duplicated.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Terraloader/2021-03-25/Pictures/Duplicated.png -------------------------------------------------------------------------------- /Additional Analysis/Terraloader/2021-03-25/Pictures/WritePayload.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Terraloader/2021-03-25/Pictures/WritePayload.png -------------------------------------------------------------------------------- /Additional Analysis/Terraloader/2021-03-25/Pictures/hunting.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Terraloader/2021-03-25/Pictures/hunting.png -------------------------------------------------------------------------------- /Additional Analysis/Terraloader/2021-03-25/Pictures/lure.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Terraloader/2021-03-25/Pictures/lure.png -------------------------------------------------------------------------------- /Additional Analysis/Unknown/2020-04-27/Analysis.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Unknown/2020-04-27/Analysis.md -------------------------------------------------------------------------------- /Additional Analysis/Unknown/2020-04-27/CSV/IOC-Unknown_2020_04-27.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Unknown/2020-04-27/CSV/IOC-Unknown_2020_04-27.csv -------------------------------------------------------------------------------- /Additional Analysis/Unknown/2020-04-27/Json/IOC-Unknown_2020_04-27.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Unknown/2020-04-27/Json/IOC-Unknown_2020_04-27.json -------------------------------------------------------------------------------- /Additional Analysis/Unknown/2020-04-27/Json/Mitre-Unknown_2020_04-27.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Unknown/2020-04-27/Json/Mitre-Unknown_2020_04-27.json -------------------------------------------------------------------------------- /Additional Analysis/Unknown/2020-04-27/Lure/Lure-bank.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Unknown/2020-04-27/Lure/Lure-bank.txt -------------------------------------------------------------------------------- /Additional Analysis/Unknown/2020-04-27/Lure/Lure-healthcare.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Unknown/2020-04-27/Lure/Lure-healthcare.txt -------------------------------------------------------------------------------- /Additional Analysis/Unknown/2020-04-27/Pictures/killchain.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Unknown/2020-04-27/Pictures/killchain.png -------------------------------------------------------------------------------- /Additional Analysis/Unknown/2020-05-12/Analysis.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Unknown/2020-05-12/Analysis.md -------------------------------------------------------------------------------- /Additional Analysis/Unknown/2020-05-12/CSV/Hunt_IOC_Samples.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Unknown/2020-05-12/CSV/Hunt_IOC_Samples.csv -------------------------------------------------------------------------------- /Additional Analysis/Unknown/2020-05-12/CSV/IOC-JS-Loader_2020_05_16.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Unknown/2020-05-12/CSV/IOC-JS-Loader_2020_05_16.csv -------------------------------------------------------------------------------- /Additional Analysis/Unknown/2020-05-12/JSON/IOC-JS-Loader_2020_05_16.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Unknown/2020-05-12/JSON/IOC-JS-Loader_2020_05_16.json -------------------------------------------------------------------------------- /Additional Analysis/Unknown/2020-05-12/JSON/Mitre-JS-Loader_2020_05_16.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Unknown/2020-05-12/JSON/Mitre-JS-Loader_2020_05_16.json -------------------------------------------------------------------------------- /Additional Analysis/Unknown/2020-05-12/Pictures/comp_algo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Unknown/2020-05-12/Pictures/comp_algo.png -------------------------------------------------------------------------------- /Additional Analysis/Unknown/2020-05-12/Pictures/comp_algo2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Unknown/2020-05-12/Pictures/comp_algo2.png -------------------------------------------------------------------------------- /Additional Analysis/Unknown/2020-05-12/Pictures/comp_code.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Unknown/2020-05-12/Pictures/comp_code.png -------------------------------------------------------------------------------- /Additional Analysis/Unknown/2020-05-12/Pictures/cyberkill.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Unknown/2020-05-12/Pictures/cyberkill.png -------------------------------------------------------------------------------- /Additional Analysis/Unknown/2020-05-12/Pictures/hunting.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Unknown/2020-05-12/Pictures/hunting.png -------------------------------------------------------------------------------- /Additional Analysis/Unknown/2020-05-12/Pictures/obfuscation_hex.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Unknown/2020-05-12/Pictures/obfuscation_hex.PNG -------------------------------------------------------------------------------- /Additional Analysis/Unknown/2020-05-12/Pictures/panel.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Unknown/2020-05-12/Pictures/panel.png -------------------------------------------------------------------------------- /Additional Analysis/Unknown/2020-05-12/Pictures/panel2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Unknown/2020-05-12/Pictures/panel2.png -------------------------------------------------------------------------------- /Additional Analysis/Unknown/2020-05-12/Pictures/trad_command.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Unknown/2020-05-12/Pictures/trad_command.png -------------------------------------------------------------------------------- /Additional Analysis/Unknown/2020-05-12/code/modern_loader.cs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Unknown/2020-05-12/code/modern_loader.cs -------------------------------------------------------------------------------- /Additional Analysis/Unknown/2020-06-22/Analysis.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Unknown/2020-06-22/Analysis.md -------------------------------------------------------------------------------- /Additional Analysis/Unknown/2020-06-22/CSV/IOC-FTcode-2020-06-22.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Unknown/2020-06-22/CSV/IOC-FTcode-2020-06-22.csv -------------------------------------------------------------------------------- /Additional Analysis/Unknown/2020-06-22/JSON/IOC-FTcode-2020-06-22.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Unknown/2020-06-22/JSON/IOC-FTcode-2020-06-22.json -------------------------------------------------------------------------------- /Additional Analysis/Unknown/2020-06-22/JSON/MITRE-Ftcode-2020-06-22.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Unknown/2020-06-22/JSON/MITRE-Ftcode-2020-06-22.json -------------------------------------------------------------------------------- /Additional Analysis/Unknown/2020-06-22/Pictures/CompVersion.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Unknown/2020-06-22/Pictures/CompVersion.png -------------------------------------------------------------------------------- /Additional Analysis/Unknown/2020-06-22/Pictures/Company.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Unknown/2020-06-22/Pictures/Company.png -------------------------------------------------------------------------------- /Additional Analysis/Unknown/2020-06-22/Pictures/JMTHMail.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Unknown/2020-06-22/Pictures/JMTHMail.png -------------------------------------------------------------------------------- /Additional Analysis/Unknown/2020-06-22/Pictures/Mail.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Unknown/2020-06-22/Pictures/Mail.png -------------------------------------------------------------------------------- /Additional Analysis/Unknown/2020-06-22/Pictures/cyberkill.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/Unknown/2020-06-22/Pictures/cyberkill.png -------------------------------------------------------------------------------- /Additional Analysis/UnknownTA/2020-09-07/Analysis.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/UnknownTA/2020-09-07/Analysis.md -------------------------------------------------------------------------------- /Additional Analysis/UnknownTA/2020-09-07/CSV/IOC.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/UnknownTA/2020-09-07/CSV/IOC.csv -------------------------------------------------------------------------------- /Additional Analysis/UnknownTA/2020-09-07/CSV/TTPsHunting.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/UnknownTA/2020-09-07/CSV/TTPsHunting.csv -------------------------------------------------------------------------------- /Additional Analysis/UnknownTA/2020-09-07/JSON/IOC.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/UnknownTA/2020-09-07/JSON/IOC.json -------------------------------------------------------------------------------- /Additional Analysis/UnknownTA/2020-09-07/JSON/MITRE.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/UnknownTA/2020-09-07/JSON/MITRE.json -------------------------------------------------------------------------------- /Additional Analysis/UnknownTA/2020-09-07/Pictures/CheckPE.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/UnknownTA/2020-09-07/Pictures/CheckPE.png -------------------------------------------------------------------------------- /Additional Analysis/UnknownTA/2020-09-07/Pictures/CutterShellcode.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/UnknownTA/2020-09-07/Pictures/CutterShellcode.png -------------------------------------------------------------------------------- /Additional Analysis/UnknownTA/2020-09-07/Pictures/ExecuteScript.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/UnknownTA/2020-09-07/Pictures/ExecuteScript.png -------------------------------------------------------------------------------- /Additional Analysis/UnknownTA/2020-09-07/Pictures/ExecuteShell.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/UnknownTA/2020-09-07/Pictures/ExecuteShell.png -------------------------------------------------------------------------------- /Additional Analysis/UnknownTA/2020-09-07/Pictures/ExpFlags.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/UnknownTA/2020-09-07/Pictures/ExpFlags.png -------------------------------------------------------------------------------- /Additional Analysis/UnknownTA/2020-09-07/Pictures/Headers.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/UnknownTA/2020-09-07/Pictures/Headers.png -------------------------------------------------------------------------------- /Additional Analysis/UnknownTA/2020-09-07/Pictures/OpenSection.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/UnknownTA/2020-09-07/Pictures/OpenSection.png -------------------------------------------------------------------------------- /Additional Analysis/UnknownTA/2020-09-07/Pictures/PEDump.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/UnknownTA/2020-09-07/Pictures/PEDump.png -------------------------------------------------------------------------------- /Additional Analysis/UnknownTA/2020-09-07/Pictures/Post.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/UnknownTA/2020-09-07/Pictures/Post.png -------------------------------------------------------------------------------- /Additional Analysis/UnknownTA/2020-09-07/Pictures/Process.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/UnknownTA/2020-09-07/Pictures/Process.png -------------------------------------------------------------------------------- /Additional Analysis/UnknownTA/2020-09-07/Pictures/PushConfig.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/UnknownTA/2020-09-07/Pictures/PushConfig.png -------------------------------------------------------------------------------- /Additional Analysis/UnknownTA/2020-09-07/Pictures/TTPs.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/UnknownTA/2020-09-07/Pictures/TTPs.png -------------------------------------------------------------------------------- /Additional Analysis/UnknownTA/2020-09-07/Pictures/Zip.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/UnknownTA/2020-09-07/Pictures/Zip.png -------------------------------------------------------------------------------- /Additional Analysis/UnknownTA/2020-09-07/Pictures/postEng.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Additional Analysis/UnknownTA/2020-09-07/Pictures/postEng.png -------------------------------------------------------------------------------- /AgentJan2020/DiskInfos.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/AgentJan2020/DiskInfos.png -------------------------------------------------------------------------------- /AgentJan2020/DllRegisterServer.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/AgentJan2020/DllRegisterServer.png -------------------------------------------------------------------------------- /AgentJan2020/GetDiskSInfos.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/AgentJan2020/GetDiskSInfos.png -------------------------------------------------------------------------------- /AgentJan2020/SendDataToC2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/AgentJan2020/SendDataToC2.png -------------------------------------------------------------------------------- /AgentJune2020/ExecuteActions.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/AgentJune2020/ExecuteActions.png -------------------------------------------------------------------------------- /AgentJune2020/Obfus.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/AgentJune2020/Obfus.png -------------------------------------------------------------------------------- /AgentJune2020/PowerRef.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/AgentJune2020/PowerRef.png -------------------------------------------------------------------------------- /AgentJune2020/PowershellRunner.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/AgentJune2020/PowershellRunner.png -------------------------------------------------------------------------------- /China/APT/APT27/2020-11-17/Analysis.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/APT27/2020-11-17/Analysis.md -------------------------------------------------------------------------------- /China/APT/APT27/2020-11-17/Pictures/Encrypt.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/APT27/2020-11-17/Pictures/Encrypt.png -------------------------------------------------------------------------------- /China/APT/APT27/2020-11-17/Pictures/callgraph_main.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/APT27/2020-11-17/Pictures/callgraph_main.png -------------------------------------------------------------------------------- /China/APT/APT27/2020-11-17/Pictures/slide.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/APT27/2020-11-17/Pictures/slide.PNG -------------------------------------------------------------------------------- /China/APT/APT27/2020-11-17/Yara/APT_APT_27_Nov_2020_1.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/APT27/2020-11-17/Yara/APT_APT_27_Nov_2020_1.yar -------------------------------------------------------------------------------- /China/APT/Antlion/Notes_Antlion.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/Antlion/Notes_Antlion.md -------------------------------------------------------------------------------- /China/APT/Antlion/pic/Match1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/Antlion/pic/Match1.png -------------------------------------------------------------------------------- /China/APT/Antlion/pic/Match2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/Antlion/pic/Match2.png -------------------------------------------------------------------------------- /China/APT/Antlion/pic/Match3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/Antlion/pic/Match3.png -------------------------------------------------------------------------------- /China/APT/Antlion/pic/Match4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/Antlion/pic/Match4.png -------------------------------------------------------------------------------- /China/APT/Chimera/Analysis.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/Chimera/Analysis.md -------------------------------------------------------------------------------- /China/APT/Chimera/CSV/Database.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/Chimera/CSV/Database.csv -------------------------------------------------------------------------------- /China/APT/Chimera/Pictures/APT19CHeader.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/Chimera/Pictures/APT19CHeader.png -------------------------------------------------------------------------------- /China/APT/Chimera/Pictures/APT19_Header.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/Chimera/Pictures/APT19_Header.png -------------------------------------------------------------------------------- /China/APT/Chimera/Pictures/APT19vsChimera.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/Chimera/Pictures/APT19vsChimera.png -------------------------------------------------------------------------------- /China/APT/Chimera/Pictures/ChimeraCHeader.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/Chimera/Pictures/ChimeraCHeader.png -------------------------------------------------------------------------------- /China/APT/Chimera/Pictures/Chimera_Header.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/Chimera/Pictures/Chimera_Header.png -------------------------------------------------------------------------------- /China/APT/Chimera/Pictures/EICARAPT19.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/Chimera/Pictures/EICARAPT19.png -------------------------------------------------------------------------------- /China/APT/Chimera/Pictures/IP_Chimera.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/Chimera/Pictures/IP_Chimera.png -------------------------------------------------------------------------------- /China/APT/Chimera/Pictures/InfosCS.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/Chimera/Pictures/InfosCS.png -------------------------------------------------------------------------------- /China/APT/Chimera/Pictures/InitComToC2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/Chimera/Pictures/InitComToC2.png -------------------------------------------------------------------------------- /China/APT/Chimera/Pictures/InitListSamples.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/Chimera/Pictures/InitListSamples.png -------------------------------------------------------------------------------- /China/APT/Chimera/Pictures/InitListSamples2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/Chimera/Pictures/InitListSamples2.png -------------------------------------------------------------------------------- /China/APT/Chimera/Pictures/MatchsSign.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/Chimera/Pictures/MatchsSign.png -------------------------------------------------------------------------------- /China/APT/Chimera/Pictures/PEHeader.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/Chimera/Pictures/PEHeader.png -------------------------------------------------------------------------------- /China/APT/Chimera/Pictures/Rule.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/Chimera/Pictures/Rule.png -------------------------------------------------------------------------------- /China/APT/Chimera/Pictures/Sign.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/Chimera/Pictures/Sign.png -------------------------------------------------------------------------------- /China/APT/Chimera/Pictures/StringsAPT19.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/Chimera/Pictures/StringsAPT19.png -------------------------------------------------------------------------------- /China/APT/Chimera/Pictures/entry0Custom.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/Chimera/Pictures/entry0Custom.png -------------------------------------------------------------------------------- /China/APT/Chimera/Pictures/entryCS.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/Chimera/Pictures/entryCS.png -------------------------------------------------------------------------------- /China/APT/Chimera/Pictures/sym_beacon_x64_dll_ReflectiveLoader.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/Chimera/Pictures/sym_beacon_x64_dll_ReflectiveLoader.png -------------------------------------------------------------------------------- /China/APT/Chimera/Pictures/sym_metsrv_dll_buffer_from_file.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/Chimera/Pictures/sym_metsrv_dll_buffer_from_file.png -------------------------------------------------------------------------------- /China/APT/IceFog/6-11-19/Analysis.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/IceFog/6-11-19/Analysis.md -------------------------------------------------------------------------------- /China/APT/IceFog/6-11-19/JSON/Mitre_TTPs.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/IceFog/6-11-19/JSON/Mitre_TTPs.json -------------------------------------------------------------------------------- /China/APT/IceFog/6-11-19/Pictures/CVE.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/IceFog/6-11-19/Pictures/CVE.PNG -------------------------------------------------------------------------------- /China/APT/IceFog/6-11-19/Pictures/Cyber.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/IceFog/6-11-19/Pictures/Cyber.PNG -------------------------------------------------------------------------------- /China/APT/IceFog/6-11-19/Yara_Rule_IceFog_Nov19.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/IceFog/6-11-19/Yara_Rule_IceFog_Nov19.yar -------------------------------------------------------------------------------- /China/APT/Unknown/20-08-19/Images/Cyberkillchain.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/Unknown/20-08-19/Images/Cyberkillchain.png -------------------------------------------------------------------------------- /China/APT/Unknown/20-08-19/Images/IP.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/Unknown/20-08-19/Images/IP.PNG -------------------------------------------------------------------------------- /China/APT/Unknown/20-08-19/Images/Liks.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/Unknown/20-08-19/Images/Liks.PNG -------------------------------------------------------------------------------- /China/APT/Unknown/20-08-19/Images/Loader/RegKey.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/Unknown/20-08-19/Images/Loader/RegKey.png -------------------------------------------------------------------------------- /China/APT/Unknown/20-08-19/Images/Loader/RegStatus.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/Unknown/20-08-19/Images/Loader/RegStatus.png -------------------------------------------------------------------------------- /China/APT/Unknown/20-08-19/Images/Loader/RichEdit.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/Unknown/20-08-19/Images/Loader/RichEdit.png -------------------------------------------------------------------------------- /China/APT/Unknown/20-08-19/Images/USvisit.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/Unknown/20-08-19/Images/USvisit.png -------------------------------------------------------------------------------- /China/APT/Unknown/20-08-19/Images/domain.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/Unknown/20-08-19/Images/domain.png -------------------------------------------------------------------------------- /China/APT/Unknown/20-08-19/Images/eset/Cert.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/Unknown/20-08-19/Images/eset/Cert.png -------------------------------------------------------------------------------- /China/APT/Unknown/20-08-19/Images/eset/CreateService.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/Unknown/20-08-19/Images/eset/CreateService.png -------------------------------------------------------------------------------- /China/APT/Unknown/20-08-19/Images/eset/change status.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/Unknown/20-08-19/Images/eset/change status.png -------------------------------------------------------------------------------- /China/APT/Unknown/20-08-19/Images/eset/config.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/Unknown/20-08-19/Images/eset/config.png -------------------------------------------------------------------------------- /China/APT/Unknown/20-08-19/Images/eset/crypto.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/Unknown/20-08-19/Images/eset/crypto.png -------------------------------------------------------------------------------- /China/APT/Unknown/20-08-19/Images/hijack/alloc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/Unknown/20-08-19/Images/hijack/alloc.png -------------------------------------------------------------------------------- /China/APT/Unknown/20-08-19/Images/hijack/command.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/Unknown/20-08-19/Images/hijack/command.PNG -------------------------------------------------------------------------------- /China/APT/Unknown/20-08-19/Images/hijack/virtualprotect.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/Unknown/20-08-19/Images/hijack/virtualprotect.png -------------------------------------------------------------------------------- /China/APT/Unknown/20-08-19/Malware analysis 20-08-19.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/China/APT/Unknown/20-08-19/Malware analysis 20-08-19.md -------------------------------------------------------------------------------- /Comp.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Comp.png -------------------------------------------------------------------------------- /CyberKill.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/CyberKill.png -------------------------------------------------------------------------------- /Indian/APT/Donot/17-09-19/IOC_Donot_25-09-19.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Donot/17-09-19/IOC_Donot_25-09-19.json -------------------------------------------------------------------------------- /Indian/APT/Donot/17-09-19/Images/1/CLSID.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Donot/17-09-19/Images/1/CLSID.png -------------------------------------------------------------------------------- /Indian/APT/Donot/17-09-19/Images/1/EFILE-Disk1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Donot/17-09-19/Images/1/EFILE-Disk1.png -------------------------------------------------------------------------------- /Indian/APT/Donot/17-09-19/Images/1/EFILE-EnvVar.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Donot/17-09-19/Images/1/EFILE-EnvVar.PNG -------------------------------------------------------------------------------- /Indian/APT/Donot/17-09-19/Images/1/EFILE-Infos1.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Donot/17-09-19/Images/1/EFILE-Infos1.PNG -------------------------------------------------------------------------------- /Indian/APT/Donot/17-09-19/Images/1/EFILE-Infos2.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Donot/17-09-19/Images/1/EFILE-Infos2.PNG -------------------------------------------------------------------------------- /Indian/APT/Donot/17-09-19/Images/1/EFILE-Infos3.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Donot/17-09-19/Images/1/EFILE-Infos3.PNG -------------------------------------------------------------------------------- /Indian/APT/Donot/17-09-19/Images/1/EFILE-Mod1.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Donot/17-09-19/Images/1/EFILE-Mod1.PNG -------------------------------------------------------------------------------- /Indian/APT/Donot/17-09-19/Images/1/EFILE-Mod2.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Donot/17-09-19/Images/1/EFILE-Mod2.PNG -------------------------------------------------------------------------------- /Indian/APT/Donot/17-09-19/Images/1/EFILE-Mutex.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Donot/17-09-19/Images/1/EFILE-Mutex.PNG -------------------------------------------------------------------------------- /Indian/APT/Donot/17-09-19/Images/1/HexPK.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Donot/17-09-19/Images/1/HexPK.PNG -------------------------------------------------------------------------------- /Indian/APT/Donot/17-09-19/Images/1/InjTemp.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Donot/17-09-19/Images/1/InjTemp.PNG -------------------------------------------------------------------------------- /Indian/APT/Donot/17-09-19/Images/1/RTFInfo.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Donot/17-09-19/Images/1/RTFInfo.PNG -------------------------------------------------------------------------------- /Indian/APT/Donot/17-09-19/Images/2/RTFInfo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Donot/17-09-19/Images/2/RTFInfo.png -------------------------------------------------------------------------------- /Indian/APT/Donot/17-09-19/Images/2/Template.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Donot/17-09-19/Images/2/Template.png -------------------------------------------------------------------------------- /Indian/APT/Donot/17-09-19/Images/3/Anti-sandbox.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Donot/17-09-19/Images/3/Anti-sandbox.PNG -------------------------------------------------------------------------------- /Indian/APT/Donot/17-09-19/Images/3/Hijack.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Donot/17-09-19/Images/3/Hijack.png -------------------------------------------------------------------------------- /Indian/APT/Donot/17-09-19/Images/3/Infos.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Donot/17-09-19/Images/3/Infos.PNG -------------------------------------------------------------------------------- /Indian/APT/Donot/17-09-19/Images/3/Inj.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Donot/17-09-19/Images/3/Inj.PNG -------------------------------------------------------------------------------- /Indian/APT/Donot/17-09-19/Images/3/Main.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Donot/17-09-19/Images/3/Main.png -------------------------------------------------------------------------------- /Indian/APT/Donot/17-09-19/Images/3/RTFInfo.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Donot/17-09-19/Images/3/RTFInfo.PNG -------------------------------------------------------------------------------- /Indian/APT/Donot/17-09-19/Images/3/VirtualProtect.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Donot/17-09-19/Images/3/VirtualProtect.PNG -------------------------------------------------------------------------------- /Indian/APT/Donot/17-09-19/Images/3/WriteFile.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Donot/17-09-19/Images/3/WriteFile.PNG -------------------------------------------------------------------------------- /Indian/APT/Donot/17-09-19/Images/3/connect.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Donot/17-09-19/Images/3/connect.PNG -------------------------------------------------------------------------------- /Indian/APT/Donot/17-09-19/Images/4/UAC.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Donot/17-09-19/Images/4/UAC.PNG -------------------------------------------------------------------------------- /Indian/APT/Donot/17-09-19/Images/4/inj.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Donot/17-09-19/Images/4/inj.PNG -------------------------------------------------------------------------------- /Indian/APT/Donot/17-09-19/Images/4/js.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Donot/17-09-19/Images/4/js.PNG -------------------------------------------------------------------------------- /Indian/APT/Donot/17-09-19/Images/4/rtfinfos.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Donot/17-09-19/Images/4/rtfinfos.PNG -------------------------------------------------------------------------------- /Indian/APT/Donot/17-09-19/Images/5/Inj.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Donot/17-09-19/Images/5/Inj.png -------------------------------------------------------------------------------- /Indian/APT/Donot/17-09-19/Images/5/RTFinfos.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Donot/17-09-19/Images/5/RTFinfos.png -------------------------------------------------------------------------------- /Indian/APT/Donot/17-09-19/Images/China.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Donot/17-09-19/Images/China.jpg -------------------------------------------------------------------------------- /Indian/APT/Donot/17-09-19/Images/Iran.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Donot/17-09-19/Images/Iran.png -------------------------------------------------------------------------------- /Indian/APT/Donot/17-09-19/Images/Up.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Donot/17-09-19/Images/Up.PNG -------------------------------------------------------------------------------- /Indian/APT/Donot/17-09-19/Images/back.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Donot/17-09-19/Images/back.png -------------------------------------------------------------------------------- /Indian/APT/Donot/17-09-19/Images/cyber.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Donot/17-09-19/Images/cyber.png -------------------------------------------------------------------------------- /Indian/APT/Donot/17-09-19/Images/cyber2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Donot/17-09-19/Images/cyber2.png -------------------------------------------------------------------------------- /Indian/APT/Donot/17-09-19/Images/date.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Donot/17-09-19/Images/date.png -------------------------------------------------------------------------------- /Indian/APT/Donot/17-09-19/Images/netWine.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Donot/17-09-19/Images/netWine.png -------------------------------------------------------------------------------- /Indian/APT/Donot/17-09-19/Images/op.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Donot/17-09-19/Images/op.png -------------------------------------------------------------------------------- /Indian/APT/Donot/17-09-19/Images/res.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Donot/17-09-19/Images/res.png -------------------------------------------------------------------------------- /Indian/APT/Donot/17-09-19/Malware analysis.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Donot/17-09-19/Malware analysis.md -------------------------------------------------------------------------------- /Indian/APT/Patchwork/2020-07-23/Analysis.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/2020-07-23/Analysis.md -------------------------------------------------------------------------------- /Indian/APT/Patchwork/2020-07-23/JSON/MITRE-Patchwork-2020-07-23.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/2020-07-23/JSON/MITRE-Patchwork-2020-07-23.json -------------------------------------------------------------------------------- /Indian/APT/Patchwork/2020-07-23/Pictures/Articles/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/2020-07-23/Pictures/Articles/1.png -------------------------------------------------------------------------------- /Indian/APT/Patchwork/2020-07-23/Pictures/Articles/2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/2020-07-23/Pictures/Articles/2.png -------------------------------------------------------------------------------- /Indian/APT/Patchwork/2020-07-23/Pictures/Articles/3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/2020-07-23/Pictures/Articles/3.png -------------------------------------------------------------------------------- /Indian/APT/Patchwork/2020-07-23/Pictures/Articles/4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/2020-07-23/Pictures/Articles/4.png -------------------------------------------------------------------------------- /Indian/APT/Patchwork/2020-07-23/Pictures/Articles/silk.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/2020-07-23/Pictures/Articles/silk.png -------------------------------------------------------------------------------- /Indian/APT/Patchwork/2020-07-23/Pictures/Badnews/Feed.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/2020-07-23/Pictures/Badnews/Feed.png -------------------------------------------------------------------------------- /Indian/APT/Patchwork/2020-07-23/Pictures/Badnews/Index.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/2020-07-23/Pictures/Badnews/Index.png -------------------------------------------------------------------------------- /Indian/APT/Patchwork/2020-07-23/Pictures/Badnews/Mirror.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/2020-07-23/Pictures/Badnews/Mirror.png -------------------------------------------------------------------------------- /Indian/APT/Patchwork/2020-07-23/Pictures/Badnews/URL.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/2020-07-23/Pictures/Badnews/URL.png -------------------------------------------------------------------------------- /Indian/APT/Patchwork/2020-07-23/Pictures/BozokRAT/Actions.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/2020-07-23/Pictures/BozokRAT/Actions.png -------------------------------------------------------------------------------- /Indian/APT/Patchwork/2020-07-23/Pictures/BozokRAT/CheckConnect.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/2020-07-23/Pictures/BozokRAT/CheckConnect.png -------------------------------------------------------------------------------- /Indian/APT/Patchwork/2020-07-23/Pictures/BozokRAT/CheckPresenceSoftware.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/2020-07-23/Pictures/BozokRAT/CheckPresenceSoftware.png -------------------------------------------------------------------------------- /Indian/APT/Patchwork/2020-07-23/Pictures/BozokRAT/InitFile.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/2020-07-23/Pictures/BozokRAT/InitFile.png -------------------------------------------------------------------------------- /Indian/APT/Patchwork/2020-07-23/Pictures/BozokRAT/InitFileParser.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/2020-07-23/Pictures/BozokRAT/InitFileParser.png -------------------------------------------------------------------------------- /Indian/APT/Patchwork/2020-07-23/Pictures/BozokRAT/SendToC2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/2020-07-23/Pictures/BozokRAT/SendToC2.png -------------------------------------------------------------------------------- /Indian/APT/Patchwork/2020-07-23/Pictures/BozokRAT/SubLib.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/2020-07-23/Pictures/BozokRAT/SubLib.png -------------------------------------------------------------------------------- /Indian/APT/Patchwork/2020-07-23/Pictures/BozokRAT/XOR.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/2020-07-23/Pictures/BozokRAT/XOR.png -------------------------------------------------------------------------------- /Indian/APT/Patchwork/2020-07-23/Pictures/BozokRAT/matchalgo1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/2020-07-23/Pictures/BozokRAT/matchalgo1.png -------------------------------------------------------------------------------- /Indian/APT/Patchwork/2020-07-23/Pictures/BozokRAT/matchalgo2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/2020-07-23/Pictures/BozokRAT/matchalgo2.png -------------------------------------------------------------------------------- /Indian/APT/Patchwork/2020-07-23/Pictures/Code.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/2020-07-23/Pictures/Code.png -------------------------------------------------------------------------------- /Indian/APT/Patchwork/2020-07-23/Pictures/Docs/BannerCOVID.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/2020-07-23/Pictures/Docs/BannerCOVID.png -------------------------------------------------------------------------------- /Indian/APT/Patchwork/2020-07-23/Pictures/Docs/BannerNat.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/2020-07-23/Pictures/Docs/BannerNat.png -------------------------------------------------------------------------------- /Indian/APT/Patchwork/2020-07-23/Pictures/Docs/Website.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/2020-07-23/Pictures/Docs/Website.png -------------------------------------------------------------------------------- /Indian/APT/Patchwork/2020-07-23/Pictures/EFS.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/2020-07-23/Pictures/EFS.png -------------------------------------------------------------------------------- /Indian/APT/Patchwork/2020-07-23/Pictures/Pushdo/LoadConnect.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/2020-07-23/Pictures/Pushdo/LoadConnect.png -------------------------------------------------------------------------------- /Indian/APT/Patchwork/2020-07-23/Pictures/Resume.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/2020-07-23/Pictures/Resume.png -------------------------------------------------------------------------------- /Indian/APT/Patchwork/2020-07-23/Pictures/VT.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/2020-07-23/Pictures/VT.png -------------------------------------------------------------------------------- /Indian/APT/Patchwork/2020-07-23/Pictures/cyberkill.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/2020-07-23/Pictures/cyberkill.png -------------------------------------------------------------------------------- /Indian/APT/Patchwork/2020-07-23/Yara/Yara_Patchwork_July_2020_1.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/2020-07-23/Yara/Yara_Patchwork_July_2020_1.yar -------------------------------------------------------------------------------- /Indian/APT/Patchwork/27-08-19/IOC_Patchwork_09-09-19.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/27-08-19/IOC_Patchwork_09-09-19.json -------------------------------------------------------------------------------- /Indian/APT/Patchwork/27-08-19/Images/Cyber.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/27-08-19/Images/Cyber.png -------------------------------------------------------------------------------- /Indian/APT/Patchwork/27-08-19/Images/Event1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/27-08-19/Images/Event1.png -------------------------------------------------------------------------------- /Indian/APT/Patchwork/27-08-19/Images/Event2.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/27-08-19/Images/Event2.PNG -------------------------------------------------------------------------------- /Indian/APT/Patchwork/27-08-19/Images/Exploit.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/27-08-19/Images/Exploit.png -------------------------------------------------------------------------------- /Indian/APT/Patchwork/27-08-19/Images/Version.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/27-08-19/Images/Version.PNG -------------------------------------------------------------------------------- /Indian/APT/Patchwork/27-08-19/Images/bin1-CreateThread.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/27-08-19/Images/bin1-CreateThread.png -------------------------------------------------------------------------------- /Indian/APT/Patchwork/27-08-19/Images/bin1-String.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/27-08-19/Images/bin1-String.PNG -------------------------------------------------------------------------------- /Indian/APT/Patchwork/27-08-19/Images/bin2-AllocProcess.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/27-08-19/Images/bin2-AllocProcess.png -------------------------------------------------------------------------------- /Indian/APT/Patchwork/27-08-19/Images/bin2-CheckDebug.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/27-08-19/Images/bin2-CheckDebug.png -------------------------------------------------------------------------------- /Indian/APT/Patchwork/27-08-19/Images/bin2-CheckException.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/27-08-19/Images/bin2-CheckException.png -------------------------------------------------------------------------------- /Indian/APT/Patchwork/27-08-19/Images/bin2-Entrypoint.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/27-08-19/Images/bin2-Entrypoint.png -------------------------------------------------------------------------------- /Indian/APT/Patchwork/27-08-19/Images/bin2-Explorer.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/27-08-19/Images/bin2-Explorer.png -------------------------------------------------------------------------------- /Indian/APT/Patchwork/27-08-19/Images/bin2-call.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/27-08-19/Images/bin2-call.png -------------------------------------------------------------------------------- /Indian/APT/Patchwork/27-08-19/Malware analysis 27-08-19.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/Patchwork/27-08-19/Malware analysis 27-08-19.md -------------------------------------------------------------------------------- /Indian/APT/SideWinder/11-10-2019/Analysis.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/SideWinder/11-10-2019/Analysis.md -------------------------------------------------------------------------------- /Indian/APT/SideWinder/11-10-2019/IOC-SideWinder-14-10-19.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/SideWinder/11-10-2019/IOC-SideWinder-14-10-19.json -------------------------------------------------------------------------------- /Indian/APT/SideWinder/11-10-2019/Pictures/October 2019/CyberKill.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/SideWinder/11-10-2019/Pictures/October 2019/CyberKill.png -------------------------------------------------------------------------------- /Indian/APT/SideWinder/11-10-2019/Pictures/October 2019/dll1.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/SideWinder/11-10-2019/Pictures/October 2019/dll1.PNG -------------------------------------------------------------------------------- /Indian/APT/SideWinder/11-10-2019/Pictures/October 2019/eventchina1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/SideWinder/11-10-2019/Pictures/October 2019/eventchina1.png -------------------------------------------------------------------------------- /Indian/APT/SideWinder/11-10-2019/Pictures/October 2019/eventchina2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/SideWinder/11-10-2019/Pictures/October 2019/eventchina2.png -------------------------------------------------------------------------------- /Indian/APT/SideWinder/11-10-2019/Pictures/October 2019/ext1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/SideWinder/11-10-2019/Pictures/October 2019/ext1.png -------------------------------------------------------------------------------- /Indian/APT/SideWinder/11-10-2019/Pictures/October 2019/ext2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/SideWinder/11-10-2019/Pictures/October 2019/ext2.png -------------------------------------------------------------------------------- /Indian/APT/SideWinder/11-10-2019/Pictures/October 2019/extunsed.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/SideWinder/11-10-2019/Pictures/October 2019/extunsed.png -------------------------------------------------------------------------------- /Indian/APT/SideWinder/11-10-2019/Pictures/October 2019/jspay1.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/SideWinder/11-10-2019/Pictures/October 2019/jspay1.PNG -------------------------------------------------------------------------------- /Indian/APT/SideWinder/11-10-2019/Pictures/October 2019/jspay2.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/SideWinder/11-10-2019/Pictures/October 2019/jspay2.PNG -------------------------------------------------------------------------------- /Indian/APT/SideWinder/11-10-2019/Pictures/October 2019/jspay3.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/SideWinder/11-10-2019/Pictures/October 2019/jspay3.PNG -------------------------------------------------------------------------------- /Indian/APT/SideWinder/11-10-2019/Pictures/October 2019/obj.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/SideWinder/11-10-2019/Pictures/October 2019/obj.PNG -------------------------------------------------------------------------------- /Indian/APT/SideWinder/11-10-2019/Pictures/October 2019/whois.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/SideWinder/11-10-2019/Pictures/October 2019/whois.png -------------------------------------------------------------------------------- /Indian/APT/SideWinder/25-12-19/JSON/IOC.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/SideWinder/25-12-19/JSON/IOC.json -------------------------------------------------------------------------------- /Indian/APT/SideWinder/25-12-19/JSON/MITRE_ref.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/SideWinder/25-12-19/JSON/MITRE_ref.json -------------------------------------------------------------------------------- /Indian/APT/SideWinder/25-12-19/Pictures/Cyber.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/SideWinder/25-12-19/Pictures/Cyber.png -------------------------------------------------------------------------------- /Indian/APT/SideWinder/25-12-19/Pictures/RTF_objects.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/SideWinder/25-12-19/Pictures/RTF_objects.PNG -------------------------------------------------------------------------------- /Indian/APT/SideWinder/25-12-19/Pictures/comC2.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/SideWinder/25-12-19/Pictures/comC2.PNG -------------------------------------------------------------------------------- /Indian/APT/SideWinder/25-12-19/Pictures/exploit.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/SideWinder/25-12-19/Pictures/exploit.png -------------------------------------------------------------------------------- /Indian/APT/SideWinder/25-12-19/Pictures/know_GRAPH.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/SideWinder/25-12-19/Pictures/know_GRAPH.png -------------------------------------------------------------------------------- /Indian/APT/SideWinder/25-12-19/Pictures/leg_cert_EFS_keys.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/SideWinder/25-12-19/Pictures/leg_cert_EFS_keys.png -------------------------------------------------------------------------------- /Indian/APT/SideWinder/25-12-19/Pictures/leg_load_EFS_keys.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/SideWinder/25-12-19/Pictures/leg_load_EFS_keys.png -------------------------------------------------------------------------------- /Indian/APT/SideWinder/25-12-19/Pictures/obj1.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/SideWinder/25-12-19/Pictures/obj1.PNG -------------------------------------------------------------------------------- /Indian/APT/SideWinder/25-12-19/Pictures/obj2.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/SideWinder/25-12-19/Pictures/obj2.PNG -------------------------------------------------------------------------------- /Indian/APT/SideWinder/25-12-19/Pictures/whois.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/SideWinder/25-12-19/Pictures/whois.PNG -------------------------------------------------------------------------------- /Indian/APT/SideWinder/25-12-19/Yara/Yara_Rule_SideWinder_Dec19.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/SideWinder/25-12-19/Yara/Yara_Rule_SideWinder_Dec19.yar -------------------------------------------------------------------------------- /Indian/APT/SideWinder/25-12-19/analysis.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Indian/APT/SideWinder/25-12-19/analysis.md -------------------------------------------------------------------------------- /Iran/APT/APT33/16-11-19/Analysis APT33.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/APT33/16-11-19/Analysis APT33.md -------------------------------------------------------------------------------- /Iran/APT/APT33/16-11-19/Analysis/Info-1.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/APT33/16-11-19/Analysis/Info-1.PNG -------------------------------------------------------------------------------- /Iran/APT/APT33/16-11-19/Analysis/Info-2.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/APT33/16-11-19/Analysis/Info-2.PNG -------------------------------------------------------------------------------- /Iran/APT/APT33/16-11-19/Analysis/Site-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/APT33/16-11-19/Analysis/Site-1.png -------------------------------------------------------------------------------- /Iran/APT/APT33/16-11-19/Analysis/Site-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/APT33/16-11-19/Analysis/Site-2.png -------------------------------------------------------------------------------- /Iran/APT/APT33/16-11-19/Analysis/VBE -1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/APT33/16-11-19/Analysis/VBE -1.png -------------------------------------------------------------------------------- /Iran/APT/APT33/16-11-19/Analysis/cyber.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/APT33/16-11-19/Analysis/cyber.PNG -------------------------------------------------------------------------------- /Iran/APT/APT33/16-11-19/Analysis/job.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/APT33/16-11-19/Analysis/job.png -------------------------------------------------------------------------------- /Iran/APT/APT33/16-11-19/Analysis/know-APT33.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/APT33/16-11-19/Analysis/know-APT33.png -------------------------------------------------------------------------------- /Iran/APT/APT33/16-11-19/Analysis/old-1.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/APT33/16-11-19/Analysis/old-1.PNG -------------------------------------------------------------------------------- /Iran/APT/APT33/16-11-19/Analysis/old-2.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/APT33/16-11-19/Analysis/old-2.PNG -------------------------------------------------------------------------------- /Iran/APT/APT33/16-11-19/IOC-APT33-18-11-19.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/APT33/16-11-19/IOC-APT33-18-11-19.json -------------------------------------------------------------------------------- /Iran/APT/APT33/16-11-19/MITRE-APT33-18-11-19.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/APT33/16-11-19/MITRE-APT33-18-11-19.json -------------------------------------------------------------------------------- /Iran/APT/APT33/16-11-19/YARA_Rule_APT33_Nov_2019.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/APT33/16-11-19/YARA_Rule_APT33_Nov_2019.yar -------------------------------------------------------------------------------- /Iran/APT/Muddywater/2020-07-02/Analysis.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/Muddywater/2020-07-02/Analysis.md -------------------------------------------------------------------------------- /Iran/APT/Muddywater/2020-07-02/CSV/IOC-Muddywater-2020-07-02.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/Muddywater/2020-07-02/CSV/IOC-Muddywater-2020-07-02.csv -------------------------------------------------------------------------------- /Iran/APT/Muddywater/2020-07-02/CSV/Metadata.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/Muddywater/2020-07-02/CSV/Metadata.csv -------------------------------------------------------------------------------- /Iran/APT/Muddywater/2020-07-02/CSV/Tokens.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/Muddywater/2020-07-02/CSV/Tokens.csv -------------------------------------------------------------------------------- /Iran/APT/Muddywater/2020-07-02/JSON/IOC-Muddywater-2020-07-02.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/Muddywater/2020-07-02/JSON/IOC-Muddywater-2020-07-02.json -------------------------------------------------------------------------------- /Iran/APT/Muddywater/2020-07-02/JSON/MITRE-Muddywater-2020-07-02.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/Muddywater/2020-07-02/JSON/MITRE-Muddywater-2020-07-02.json -------------------------------------------------------------------------------- /Iran/APT/Muddywater/2020-07-02/Pictures/AgentJan2020/DiskInfos.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/Muddywater/2020-07-02/Pictures/AgentJan2020/DiskInfos.png -------------------------------------------------------------------------------- /Iran/APT/Muddywater/2020-07-02/Pictures/AgentJan2020/DllRegisterServer.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/Muddywater/2020-07-02/Pictures/AgentJan2020/DllRegisterServer.png -------------------------------------------------------------------------------- /Iran/APT/Muddywater/2020-07-02/Pictures/AgentJan2020/GetDiskSInfos.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/Muddywater/2020-07-02/Pictures/AgentJan2020/GetDiskSInfos.png -------------------------------------------------------------------------------- /Iran/APT/Muddywater/2020-07-02/Pictures/AgentJan2020/SendDataToC2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/Muddywater/2020-07-02/Pictures/AgentJan2020/SendDataToC2.png -------------------------------------------------------------------------------- /Iran/APT/Muddywater/2020-07-02/Pictures/AgentJune2020/ExecuteActions.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/Muddywater/2020-07-02/Pictures/AgentJune2020/ExecuteActions.png -------------------------------------------------------------------------------- /Iran/APT/Muddywater/2020-07-02/Pictures/AgentJune2020/Obfus.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/Muddywater/2020-07-02/Pictures/AgentJune2020/Obfus.png -------------------------------------------------------------------------------- /Iran/APT/Muddywater/2020-07-02/Pictures/AgentJune2020/PowerRef.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/Muddywater/2020-07-02/Pictures/AgentJune2020/PowerRef.png -------------------------------------------------------------------------------- /Iran/APT/Muddywater/2020-07-02/Pictures/AgentJune2020/PowershellRunner.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/Muddywater/2020-07-02/Pictures/AgentJune2020/PowershellRunner.png -------------------------------------------------------------------------------- /Iran/APT/Muddywater/2020-07-02/Pictures/Comp.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/Muddywater/2020-07-02/Pictures/Comp.png -------------------------------------------------------------------------------- /Iran/APT/Muddywater/2020-07-02/Pictures/CyberKill.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/Muddywater/2020-07-02/Pictures/CyberKill.png -------------------------------------------------------------------------------- /Iran/APT/Muddywater/2020-07-02/Pictures/Maldocs/ArticleUNRWA.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/Muddywater/2020-07-02/Pictures/Maldocs/ArticleUNRWA.png -------------------------------------------------------------------------------- /Iran/APT/Muddywater/2020-07-02/Pictures/Maldocs/ArticleUNRWA2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/Muddywater/2020-07-02/Pictures/Maldocs/ArticleUNRWA2.png -------------------------------------------------------------------------------- /Iran/APT/Muddywater/2020-07-02/Pictures/Maldocs/CyberDefense.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/Muddywater/2020-07-02/Pictures/Maldocs/CyberDefense.png -------------------------------------------------------------------------------- /Iran/APT/Muddywater/2020-07-02/Pictures/Maldocs/IPReport.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/Muddywater/2020-07-02/Pictures/Maldocs/IPReport.png -------------------------------------------------------------------------------- /Iran/APT/Muddywater/2020-07-02/Pictures/Maldocs/US.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/Muddywater/2020-07-02/Pictures/Maldocs/US.png -------------------------------------------------------------------------------- /Iran/APT/Muddywater/2020-07-02/Pictures/Maldocs/US1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/Muddywater/2020-07-02/Pictures/Maldocs/US1.png -------------------------------------------------------------------------------- /Iran/APT/Muddywater/2020-07-02/Pictures/Maldocs/conf_golf1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/Muddywater/2020-07-02/Pictures/Maldocs/conf_golf1.png -------------------------------------------------------------------------------- /Iran/APT/Muddywater/2020-07-02/Pictures/Maldocs/conf_golf2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/Muddywater/2020-07-02/Pictures/Maldocs/conf_golf2.png -------------------------------------------------------------------------------- /Iran/APT/Muddywater/2020-07-02/Pictures/Maldocs/unrwa.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/Muddywater/2020-07-02/Pictures/Maldocs/unrwa.png -------------------------------------------------------------------------------- /Iran/APT/Muddywater/2020-07-02/Pictures/Muddy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/Muddywater/2020-07-02/Pictures/Muddy.png -------------------------------------------------------------------------------- /Iran/APT/Muddywater/2020-07-02/Pictures/NSIS/Exec.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/Muddywater/2020-07-02/Pictures/NSIS/Exec.png -------------------------------------------------------------------------------- /Iran/APT/Muddywater/2020-07-02/Pictures/NSIS/LoadExec.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/Muddywater/2020-07-02/Pictures/NSIS/LoadExec.png -------------------------------------------------------------------------------- /Iran/APT/Muddywater/2020-07-02/Pictures/NSIS/entry0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/Muddywater/2020-07-02/Pictures/NSIS/entry0.png -------------------------------------------------------------------------------- /Iran/APT/Muddywater/2020-07-02/Pictures/Timestamp.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/Muddywater/2020-07-02/Pictures/Timestamp.png -------------------------------------------------------------------------------- /Iran/APT/Muddywater/2020-07-02/Yara/Yara_Rule_APT_Muddywater_June_2020_1.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Iran/APT/Muddywater/2020-07-02/Yara/Yara_Rule_APT_Muddywater_June_2020_1.yar -------------------------------------------------------------------------------- /Muddy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Muddy.png -------------------------------------------------------------------------------- /NSIS/Exec.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/NSIS/Exec.png -------------------------------------------------------------------------------- /NSIS/LoadExec.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/NSIS/LoadExec.png -------------------------------------------------------------------------------- /NSIS/entry0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/NSIS/entry0.png -------------------------------------------------------------------------------- /North Korea/APT/APT37/2020-04-23/Analysis.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/APT37/2020-04-23/Analysis.md -------------------------------------------------------------------------------- /North Korea/APT/APT37/2020-04-23/CSV/IOC-Konni_2020_04-23.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/APT37/2020-04-23/CSV/IOC-Konni_2020_04-23.csv -------------------------------------------------------------------------------- /North Korea/APT/APT37/2020-04-23/JSON/IOC-Konni_2020_04-23.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/APT37/2020-04-23/JSON/IOC-Konni_2020_04-23.json -------------------------------------------------------------------------------- /North Korea/APT/APT37/2020-04-23/JSON/Mitre-Konni_2020_04-23.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/APT37/2020-04-23/JSON/Mitre-Konni_2020_04-23.json -------------------------------------------------------------------------------- /North Korea/APT/APT37/2020-04-23/Pictures/elevate_loader.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/APT37/2020-04-23/Pictures/elevate_loader.png -------------------------------------------------------------------------------- /North Korea/APT/APT37/2020-04-23/Pictures/entry_loader.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/APT37/2020-04-23/Pictures/entry_loader.png -------------------------------------------------------------------------------- /North Korea/APT/APT37/2020-04-23/Pictures/killchain.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/APT37/2020-04-23/Pictures/killchain.png -------------------------------------------------------------------------------- /North Korea/APT/Kimsuky/2020-03-20/Analysis.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Kimsuky/2020-03-20/Analysis.md -------------------------------------------------------------------------------- /North Korea/APT/Kimsuky/2020-03-20/JSON/IOC-Kimsuky-2020-03-20.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Kimsuky/2020-03-20/JSON/IOC-Kimsuky-2020-03-20.json -------------------------------------------------------------------------------- /North Korea/APT/Kimsuky/2020-03-20/JSON/Mitre-Kimsuky-2020-03-20.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Kimsuky/2020-03-20/JSON/Mitre-Kimsuky-2020-03-20.json -------------------------------------------------------------------------------- /North Korea/APT/Kimsuky/2020-03-20/Pictures/Graph_power.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Kimsuky/2020-03-20/Pictures/Graph_power.PNG -------------------------------------------------------------------------------- /North Korea/APT/Kimsuky/2020-03-20/Pictures/domain.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Kimsuky/2020-03-20/Pictures/domain.png -------------------------------------------------------------------------------- /North Korea/APT/Kimsuky/2020-03-20/Rules/Yara_Rule_Kimsuky_2020_03_20.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Kimsuky/2020-03-20/Rules/Yara_Rule_Kimsuky_2020_03_20.yar -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/2020-05-05/Analysis.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/2020-05-05/Analysis.md -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/2020-05-05/CSV/IOC-Lazarus_2020_05_05.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/2020-05-05/CSV/IOC-Lazarus_2020_05_05.csv -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/2020-05-05/JSON/IOC-Lazarus_2020_05_05.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/2020-05-05/JSON/IOC-Lazarus_2020_05_05.json -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/2020-05-05/JSON/Mitre-Lazarus_2020_05_05.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/2020-05-05/JSON/Mitre-Lazarus_2020_05_05.json -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/2020-05-05/Pictures/Boeing.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/2020-05-05/Pictures/Boeing.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/2020-05-05/Pictures/Cover-BAE.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/2020-05-05/Pictures/Cover-BAE.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/2020-05-05/Pictures/Cover-Lockheed.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/2020-05-05/Pictures/Cover-Lockheed.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/2020-05-05/Pictures/Error_builder.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/2020-05-05/Pictures/Error_builder.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/2020-05-05/Pictures/Get-DiskInfo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/2020-05-05/Pictures/Get-DiskInfo.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/2020-05-05/Pictures/Get-Infos.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/2020-05-05/Pictures/Get-Infos.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/2020-05-05/Pictures/Lockheed.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/2020-05-05/Pictures/Lockheed.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/2020-05-05/Pictures/Persistence.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/2020-05-05/Pictures/Persistence.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/2020-05-05/Pictures/PushHeader.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/2020-05-05/Pictures/PushHeader.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/2020-05-05/Pictures/ROK-AIR-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/2020-05-05/Pictures/ROK-AIR-1.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/2020-05-05/Pictures/ROK-AIR-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/2020-05-05/Pictures/ROK-AIR-2.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/2020-05-05/Pictures/ROK-Navy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/2020-05-05/Pictures/ROK-Navy.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/2020-05-05/Pictures/ROK-Tank.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/2020-05-05/Pictures/ROK-Tank.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/2020-05-05/Pictures/SendData.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/2020-05-05/Pictures/SendData.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/2020-05-05/Pictures/Version.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/2020-05-05/Pictures/Version.PNG -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/2020-05-05/Pictures/event.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/2020-05-05/Pictures/event.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/2020-05-05/Pictures/killchain.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/2020-05-05/Pictures/killchain.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/2020-05-05/Pictures/process.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/2020-05-05/Pictures/process.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19-Maldoc1/Maldoc-VBA-1.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19-Maldoc1/Maldoc-VBA-1.PNG -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19-Maldoc1/Maldoc-VBA-2.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19-Maldoc1/Maldoc-VBA-2.PNG -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19-Maldoc2/Mal_Command.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19-Maldoc2/Mal_Command.PNG -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19-Maldoc2/Mal_entry.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19-Maldoc2/Mal_entry.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19-Maldoc2/Mal_option.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19-Maldoc2/Mal_option.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19-Maldoc2/Mal_version.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19-Maldoc2/Mal_version.PNG -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19-Maldoc2/Mal_version2.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19-Maldoc2/Mal_version2.PNG -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19-Maldoc2/Maldoc-VBA-1.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19-Maldoc2/Maldoc-VBA-1.PNG -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19-Maldoc2/Maldoc-VBA-2.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19-Maldoc2/Maldoc-VBA-2.PNG -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19/MAL-Cert.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19/MAL-Cert.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19/Maldoc_VBA_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19/Maldoc_VBA_1.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19/Maldoc_VBA_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19/Maldoc_VBA_2.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19/Maldoc_VBA_3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19/Maldoc_VBA_3.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19/Maldoc_VBA_4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19/Maldoc_VBA_4.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19/Maldoc_VBA_5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19/Maldoc_VBA_5.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19/Maldoc_cover.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19/Maldoc_cover.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19/mal_deletekey.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19/mal_deletekey.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19/mal_disk.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19/mal_disk.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19/mal_getimage.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19/mal_getimage.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19/mal_getinfos.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19/mal_getinfos.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19/mal_getscreenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19/mal_getscreenshot.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19/mal_keyboard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19/mal_keyboard.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19/mal_process.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19/mal_process.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19/mal_pushkey.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19/mal_pushkey.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19/mal_pushpersistence.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19/mal_pushpersistence.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19/mal_systeminfos.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19/mal_systeminfos.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19/mal_writeKey.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/27-10-19/mal_writeKey.PNG -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/29-10-19/Art.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/29-10-19/Art.PNG -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/29-10-19/Exp-Data.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/29-10-19/Exp-Data.PNG -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/29-10-19/Exp-Pass.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/29-10-19/Exp-Pass.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/29-10-19/Mal-Actions-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/29-10-19/Mal-Actions-1.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/29-10-19/Mal-Get-History-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/29-10-19/Mal-Get-History-1.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/29-10-19/Mal-Get-History-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/29-10-19/Mal-Get-History-2.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/29-10-19/Mal-Get-Mac.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/29-10-19/Mal-Get-Mac.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/29-10-19/Mal-GetDisks.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/29-10-19/Mal-GetDisks.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/29-10-19/Mal-StealActions.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/29-10-19/Mal-StealActions.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/29-10-19/Noref.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/29-10-19/Noref.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/29-10-19/Ref.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/29-10-19/Ref.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/29-10-19/SQLite-Version-string.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/29-10-19/SQLite-Version-string.PNG -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/29-10-19/SQLite-Version.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/29-10-19/SQLite-Version.PNG -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/29-10-19/log.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/29-10-19/log.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/CTI.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/CTI.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/HWP/Doc.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/HWP/Doc.PNG -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/HWP/EPS.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/HWP/EPS.PNG -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/HWP/HWP-cert.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/HWP/HWP-cert.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/HWP/HWP-whois.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/HWP/HWP-whois.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/HWP/mal_Options.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/HWP/mal_Options.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/HWP/mal_address.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/HWP/mal_address.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/HWP/mal_anti-debug.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/HWP/mal_anti-debug.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/HWP/mal_disks.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/HWP/mal_disks.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/HWP/mal_finfFile.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/HWP/mal_finfFile.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/HWP/mal_gettime.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/HWP/mal_gettime.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/HWP/mal_pushguid.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/HWP/mal_pushguid.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/HWP/mal_sysinfo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/HWP/mal_sysinfo.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/cyber/cyber-HAL.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/cyber/cyber-HAL.PNG -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/cyber/cyber-Nuclear.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/cyber/cyber-Nuclear.PNG -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/cyber/cyber-power.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/cyber/cyber-power.PNG -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/march 2019/Mal-Pushdata.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/march 2019/Mal-Pushdata.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/march 2019/Mal-ReplyDown.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/march 2019/Mal-ReplyDown.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/march 2019/Mal-ReplyExec.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/march 2019/Mal-ReplyExec.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/march 2019/Mal-Replycmd.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/march 2019/Mal-Replycmd.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/march 2019/Mal-StartSession.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/march 2019/Mal-StartSession.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/march 2019/Mal-destroysession.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/march 2019/Mal-destroysession.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/march 2019/Mal-main.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/march 2019/Mal-main.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/march 2019/Mal-mainloop.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/march 2019/Mal-mainloop.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/march 2019/Mal-replydie.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/march 2019/Mal-replydie.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/march 2019/Mal-weboptions.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/march 2019/Mal-weboptions.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/march 2019/Mal-xor.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/march 2019/Mal-xor.png -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/march 2019/Maldoc-VBA-1.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/march 2019/Maldoc-VBA-1.PNG -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/march 2019/Maldoc-VBA-2.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/march 2019/Maldoc-VBA-2.PNG -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Analysis/march 2019/functionscom.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Analysis/march 2019/functionscom.PNG -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Json/CES2020.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Json/CES2020.json -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Json/DTrack.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Json/DTrack.json -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Json/HAL.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Json/HAL.json -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Json/OSX-Powershell.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Json/OSX-Powershell.json -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/Json/Others_Dtrack.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/Json/Others_Dtrack.json -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/YARA_Rule_Lazarus_October_2019.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/YARA_Rule_Lazarus_October_2019.yar -------------------------------------------------------------------------------- /North Korea/APT/Lazarus/23-10-19/analysis.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/North Korea/APT/Lazarus/23-10-19/analysis.md -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/09-09-19/IOC_Gorgon_09-9-19.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/09-09-19/IOC_Gorgon_09-9-19.json -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/09-09-19/Images/Bin-Keyboard.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/09-09-19/Images/Bin-Keyboard.PNG -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/09-09-19/Images/Cyberkillchain.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/09-09-19/Images/Cyberkillchain.png -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/09-09-19/Images/Hagga_again.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/09-09-19/Images/Hagga_again.PNG -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/09-09-19/Images/LoaderL2P.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/09-09-19/Images/LoaderL2P.png -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/09-09-19/Images/LoaderL2P1-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/09-09-19/Images/LoaderL2P1-1.png -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/09-09-19/Images/LoaderL2P1-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/09-09-19/Images/LoaderL2P1-2.png -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/09-09-19/Images/LoaderL2P1-2C.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/09-09-19/Images/LoaderL2P1-2C.png -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/09-09-19/Images/LoaderL2P2-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/09-09-19/Images/LoaderL2P2-1.png -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/09-09-19/Images/Macro2.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/09-09-19/Images/Macro2.PNG -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/09-09-19/Images/bin-BMP.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/09-09-19/Images/bin-BMP.png -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/09-09-19/Images/bin_Data.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/09-09-19/Images/bin_Data.png -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/09-09-19/Images/bin_wallets.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/09-09-19/Images/bin_wallets.png -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/09-09-19/Images/lastedit.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/09-09-19/Images/lastedit.PNG -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/09-09-19/Images/loader1.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/09-09-19/Images/loader1.PNG -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/09-09-19/Images/loader1close.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/09-09-19/Images/loader1close.PNG -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/09-09-19/Images/macro1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/09-09-19/Images/macro1.png -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/09-09-19/Images/panel.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/09-09-19/Images/panel.png -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/09-09-19/Images/redirect1.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/09-09-19/Images/redirect1.PNG -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/09-09-19/Images/redirect2.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/09-09-19/Images/redirect2.PNG -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/09-09-19/Images/second account.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/09-09-19/Images/second account.PNG -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/09-09-19/Images/site.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/09-09-19/Images/site.PNG -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/09-09-19/Malware analysis 09-09-19.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/09-09-19/Malware analysis 09-09-19.md -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/23-08-19/IOC_Gorgon_25-08-19.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/23-08-19/IOC_Gorgon_25-08-19.json -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/23-08-19/Images/Bitlyclicks.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/23-08-19/Images/Bitlyclicks.png -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/23-08-19/Images/FakeC2domains.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/23-08-19/Images/FakeC2domains.png -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/23-08-19/Images/Frombook/CheckPE.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/23-08-19/Images/Frombook/CheckPE.png -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/23-08-19/Images/Frombook/choicenav.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/23-08-19/Images/Frombook/choicenav.png -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/23-08-19/Images/Frombook/chrome.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/23-08-19/Images/Frombook/chrome.png -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/23-08-19/Images/Frombook/config.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/23-08-19/Images/Frombook/config.png -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/23-08-19/Images/Frombook/dec.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/23-08-19/Images/Frombook/dec.png -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/23-08-19/Images/Frombook/useragent.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/23-08-19/Images/Frombook/useragent.png -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/23-08-19/Images/Loader stage 1/Unescape1.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/23-08-19/Images/Loader stage 1/Unescape1.PNG -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/23-08-19/Images/Loader stage 1/Unescape3.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/23-08-19/Images/Loader stage 1/Unescape3.PNG -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/23-08-19/Images/Loader stage 1/VBcodefinal.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/23-08-19/Images/Loader stage 1/VBcodefinal.PNG -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/23-08-19/Images/Loader stage 2/Unescape3.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/23-08-19/Images/Loader stage 2/Unescape3.PNG -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/23-08-19/Images/Loader stage 2/VBcodefinal.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/23-08-19/Images/Loader stage 2/VBcodefinal.PNG -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/23-08-19/Images/Loader subPaste/confStrings.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/23-08-19/Images/Loader subPaste/confStrings.png -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/23-08-19/Images/Loader subPaste/confuserExref.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/23-08-19/Images/Loader subPaste/confuserExref.png -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/23-08-19/Images/Loader subPaste/layer2tab.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/23-08-19/Images/Loader subPaste/layer2tab.PNG -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/23-08-19/Images/Loader subPaste/run.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/23-08-19/Images/Loader subPaste/run.png -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/23-08-19/Images/Loader subPaste/tab.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/23-08-19/Images/Loader subPaste/tab.PNG -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/23-08-19/Images/Loader subPaste/unpack.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/23-08-19/Images/Loader subPaste/unpack.png -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/23-08-19/Images/Macro/Samefunctions.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/23-08-19/Images/Macro/Samefunctions.PNG -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/23-08-19/Images/Macro/macroCode.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/23-08-19/Images/Macro/macroCode.png -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/23-08-19/Images/cyber.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/23-08-19/Images/cyber.PNG -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/23-08-19/Images/cyberfrom.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/23-08-19/Images/cyberfrom.PNG -------------------------------------------------------------------------------- /Pakistan/APT/Gorgon/23-08-19/Malware analysis 25-08-19.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Gorgon/23-08-19/Malware analysis 25-08-19.md -------------------------------------------------------------------------------- /Pakistan/APT/Transparent Tribe/22-01-20/Content_Decoy.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Transparent Tribe/22-01-20/Content_Decoy.txt -------------------------------------------------------------------------------- /Pakistan/APT/Transparent Tribe/22-01-20/analysis.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Transparent Tribe/22-01-20/analysis.md -------------------------------------------------------------------------------- /Pakistan/APT/Transparent Tribe/22-01-20/json/Mitre-APT36-22-01-20.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Transparent Tribe/22-01-20/json/Mitre-APT36-22-01-20.json -------------------------------------------------------------------------------- /Pakistan/APT/Transparent Tribe/22-01-20/json/ioc.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Transparent Tribe/22-01-20/json/ioc.json -------------------------------------------------------------------------------- /Pakistan/APT/Transparent Tribe/22-01-20/picture/cyber.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Transparent Tribe/22-01-20/picture/cyber.png -------------------------------------------------------------------------------- /Pakistan/APT/Transparent Tribe/22-01-20/picture/lure.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Transparent Tribe/22-01-20/picture/lure.png -------------------------------------------------------------------------------- /Pakistan/APT/Transparent Tribe/22-01-20/yara/YARA_Rule_APT36_Jan_2020.yar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Pakistan/APT/Transparent Tribe/22-01-20/yara/YARA_Rule_APT36_Jan_2020.yar -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/README.md -------------------------------------------------------------------------------- /Russia/APT/Gamaredon/06-08-19/IOC_Gamaredon_06-08-19.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/APT/Gamaredon/06-08-19/IOC_Gamaredon_06-08-19.json -------------------------------------------------------------------------------- /Russia/APT/Gamaredon/06-08-19/Images/CMDdetails.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/APT/Gamaredon/06-08-19/Images/CMDdetails.png -------------------------------------------------------------------------------- /Russia/APT/Gamaredon/06-08-19/Images/RAR/CMDextractfile.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/APT/Gamaredon/06-08-19/Images/RAR/CMDextractfile.png -------------------------------------------------------------------------------- /Russia/APT/Gamaredon/06-08-19/Images/RAR/Info.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/APT/Gamaredon/06-08-19/Images/RAR/Info.PNG -------------------------------------------------------------------------------- /Russia/APT/Gamaredon/06-08-19/Images/RAR/InfoSys.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/APT/Gamaredon/06-08-19/Images/RAR/InfoSys.PNG -------------------------------------------------------------------------------- /Russia/APT/Gamaredon/06-08-19/Images/RAR/LNKFILE.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/APT/Gamaredon/06-08-19/Images/RAR/LNKFILE.png -------------------------------------------------------------------------------- /Russia/APT/Gamaredon/06-08-19/Images/RAR/Window.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/APT/Gamaredon/06-08-19/Images/RAR/Window.png -------------------------------------------------------------------------------- /Russia/APT/Gamaredon/06-08-19/Images/RAR/Writefile.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/APT/Gamaredon/06-08-19/Images/RAR/Writefile.PNG -------------------------------------------------------------------------------- /Russia/APT/Gamaredon/06-08-19/Images/RAR/runas.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/APT/Gamaredon/06-08-19/Images/RAR/runas.png -------------------------------------------------------------------------------- /Russia/APT/Gamaredon/06-08-19/Images/VBS.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/APT/Gamaredon/06-08-19/Images/VBS.png -------------------------------------------------------------------------------- /Russia/APT/Gamaredon/06-08-19/Images/WGET/FTP.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/APT/Gamaredon/06-08-19/Images/WGET/FTP.png -------------------------------------------------------------------------------- /Russia/APT/Gamaredon/06-08-19/Images/WGET/Progressbar.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/APT/Gamaredon/06-08-19/Images/WGET/Progressbar.png -------------------------------------------------------------------------------- /Russia/APT/Gamaredon/06-08-19/Images/WGET/Proxy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/APT/Gamaredon/06-08-19/Images/WGET/Proxy.png -------------------------------------------------------------------------------- /Russia/APT/Gamaredon/06-08-19/Images/WGET/listalogo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/APT/Gamaredon/06-08-19/Images/WGET/listalogo.png -------------------------------------------------------------------------------- /Russia/APT/Gamaredon/06-08-19/Images/WGET/strings.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/APT/Gamaredon/06-08-19/Images/WGET/strings.png -------------------------------------------------------------------------------- /Russia/APT/Gamaredon/06-08-19/Images/cyber.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/APT/Gamaredon/06-08-19/Images/cyber.png -------------------------------------------------------------------------------- /Russia/APT/Gamaredon/06-08-19/Images/ip.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/APT/Gamaredon/06-08-19/Images/ip.png -------------------------------------------------------------------------------- /Russia/APT/Gamaredon/06-08-19/Images/obstool.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/APT/Gamaredon/06-08-19/Images/obstool.png -------------------------------------------------------------------------------- /Russia/APT/Gamaredon/06-08-19/Images/powershell.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/APT/Gamaredon/06-08-19/Images/powershell.png -------------------------------------------------------------------------------- /Russia/APT/Gamaredon/06-08-19/Malware analysis 06-08-19.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/APT/Gamaredon/06-08-19/Malware analysis 06-08-19.md -------------------------------------------------------------------------------- /Russia/APT/Gamaredon/09-09-19/IOC_Gamaredon_09-09-19.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/APT/Gamaredon/09-09-19/IOC_Gamaredon_09-09-19.json -------------------------------------------------------------------------------- /Russia/APT/Gamaredon/09-09-19/Images/Remote.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/APT/Gamaredon/09-09-19/Images/Remote.png -------------------------------------------------------------------------------- /Russia/APT/Gamaredon/09-09-19/Images/cmdfile.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/APT/Gamaredon/09-09-19/Images/cmdfile.png -------------------------------------------------------------------------------- /Russia/APT/Gamaredon/09-09-19/Images/ps1file.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/APT/Gamaredon/09-09-19/Images/ps1file.png -------------------------------------------------------------------------------- /Russia/APT/Gamaredon/09-09-19/Images/vbsfile.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/APT/Gamaredon/09-09-19/Images/vbsfile.png -------------------------------------------------------------------------------- /Russia/APT/Gamaredon/16-08-19/IOC_Gamaredon_16-08-19.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/APT/Gamaredon/16-08-19/IOC_Gamaredon_16-08-19.json -------------------------------------------------------------------------------- /Russia/APT/Gamaredon/16-08-19/Images/CMD.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/APT/Gamaredon/16-08-19/Images/CMD.PNG -------------------------------------------------------------------------------- /Russia/APT/Gamaredon/16-08-19/Images/IP.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/APT/Gamaredon/16-08-19/Images/IP.png -------------------------------------------------------------------------------- /Russia/APT/Gamaredon/16-08-19/Images/SFX.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/APT/Gamaredon/16-08-19/Images/SFX.png -------------------------------------------------------------------------------- /Russia/APT/Gamaredon/16-08-19/Images/command.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/APT/Gamaredon/16-08-19/Images/command.PNG -------------------------------------------------------------------------------- /Russia/APT/Gamaredon/16-08-19/Images/cyber.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/APT/Gamaredon/16-08-19/Images/cyber.PNG -------------------------------------------------------------------------------- /Russia/APT/Gamaredon/16-08-19/Images/query.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/APT/Gamaredon/16-08-19/Images/query.PNG -------------------------------------------------------------------------------- /Russia/APT/Gamaredon/16-08-19/Malware analysis 16-08-19.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/APT/Gamaredon/16-08-19/Malware analysis 16-08-19.md -------------------------------------------------------------------------------- /Russia/Cybercriminal group/FIN7/16-10-19/Analysis.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/Cybercriminal group/FIN7/16-10-19/Analysis.md -------------------------------------------------------------------------------- /Russia/Cybercriminal group/FIN7/16-10-19/Code/FIN7.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/Cybercriminal group/FIN7/16-10-19/Code/FIN7.js -------------------------------------------------------------------------------- /Russia/Cybercriminal group/FIN7/16-10-19/IOC-FIN7-16-10-19.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/Cybercriminal group/FIN7/16-10-19/IOC-FIN7-16-10-19.json -------------------------------------------------------------------------------- /Russia/Cybercriminal group/FIN7/16-10-19/Pictures/CyberKill.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/Cybercriminal group/FIN7/16-10-19/Pictures/CyberKill.png -------------------------------------------------------------------------------- /Russia/Cybercriminal group/FIN7/16-10-19/Pictures/IPinfo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/Cybercriminal group/FIN7/16-10-19/Pictures/IPinfo.png -------------------------------------------------------------------------------- /Russia/Cybercriminal group/FIN7/16-10-19/Pictures/Macro.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/Cybercriminal group/FIN7/16-10-19/Pictures/Macro.png -------------------------------------------------------------------------------- /Russia/Cybercriminal group/FIN7/16-10-19/Pictures/layer1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/Cybercriminal group/FIN7/16-10-19/Pictures/layer1.png -------------------------------------------------------------------------------- /Russia/Cybercriminal group/FIN7/16-10-19/Pictures/layer2 - decode.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/Cybercriminal group/FIN7/16-10-19/Pictures/layer2 - decode.png -------------------------------------------------------------------------------- /Russia/Cybercriminal group/FIN7/16-10-19/Pictures/layer2 - dnsext.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/Cybercriminal group/FIN7/16-10-19/Pictures/layer2 - dnsext.png -------------------------------------------------------------------------------- /Russia/Cybercriminal group/FIN7/16-10-19/Pictures/layer2 - id.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/Cybercriminal group/FIN7/16-10-19/Pictures/layer2 - id.png -------------------------------------------------------------------------------- /Russia/Cybercriminal group/FIN7/16-10-19/Pictures/layer2 - key.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/Cybercriminal group/FIN7/16-10-19/Pictures/layer2 - key.png -------------------------------------------------------------------------------- /Russia/Cybercriminal group/FIN7/16-10-19/Pictures/layer2 - main.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/Cybercriminal group/FIN7/16-10-19/Pictures/layer2 - main.png -------------------------------------------------------------------------------- /Russia/Cybercriminal group/FIN7/16-10-19/Pictures/layer2 - ns.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/Cybercriminal group/FIN7/16-10-19/Pictures/layer2 - ns.png -------------------------------------------------------------------------------- /Russia/Cybercriminal group/FIN7/16-10-19/Pictures/layer2 - send.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Russia/Cybercriminal group/FIN7/16-10-19/Pictures/layer2 - send.png -------------------------------------------------------------------------------- /Timestamp.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Timestamp.png -------------------------------------------------------------------------------- /Unknown/APT-C-37/26-08-19/APT-C-37 analysis.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/APT-C-37/26-08-19/APT-C-37 analysis.md -------------------------------------------------------------------------------- /Unknown/APT-C-37/26-08-19/IOC_APT-C-37_04-09-19.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/APT-C-37/26-08-19/IOC_APT-C-37_04-09-19.json -------------------------------------------------------------------------------- /Unknown/APT-C-37/26-08-19/Images/EDOYGWjWsAAsfM1.jpg large.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/APT-C-37/26-08-19/Images/EDOYGWjWsAAsfM1.jpg large.jpg -------------------------------------------------------------------------------- /Unknown/APT-C-37/26-08-19/Images/EDOYGiAXsAEA4Kq.jpg large.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/APT-C-37/26-08-19/Images/EDOYGiAXsAEA4Kq.jpg large.jpg -------------------------------------------------------------------------------- /Unknown/APT-C-37/26-08-19/Images/FirstAnal.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/APT-C-37/26-08-19/Images/FirstAnal.png -------------------------------------------------------------------------------- /Unknown/APT-C-37/26-08-19/Images/Post.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/APT-C-37/26-08-19/Images/Post.PNG -------------------------------------------------------------------------------- /Unknown/APT-C-37/26-08-19/Images/VBScode.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/APT-C-37/26-08-19/Images/VBScode.png -------------------------------------------------------------------------------- /Unknown/APT-C-37/26-08-19/Images/bits.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/APT-C-37/26-08-19/Images/bits.PNG -------------------------------------------------------------------------------- /Unknown/APT-C-37/26-08-19/Images/code.vb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/APT-C-37/26-08-19/Images/code.vb -------------------------------------------------------------------------------- /Unknown/APT-C-37/26-08-19/Images/codeRAT.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/APT-C-37/26-08-19/Images/codeRAT.png -------------------------------------------------------------------------------- /Unknown/APT-C-37/26-08-19/Images/content.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/APT-C-37/26-08-19/Images/content.png -------------------------------------------------------------------------------- /Unknown/APT-C-37/26-08-19/Images/contentold.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/APT-C-37/26-08-19/Images/contentold.png -------------------------------------------------------------------------------- /Unknown/APT-C-37/26-08-19/Images/cyber.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/APT-C-37/26-08-19/Images/cyber.PNG -------------------------------------------------------------------------------- /Unknown/APT-C-37/26-08-19/Images/decStr.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/APT-C-37/26-08-19/Images/decStr.png -------------------------------------------------------------------------------- /Unknown/APT-C-37/26-08-19/Images/declayer.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/APT-C-37/26-08-19/Images/declayer.png -------------------------------------------------------------------------------- /Unknown/APT-C-37/26-08-19/Images/decodeJS.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/APT-C-37/26-08-19/Images/decodeJS.png -------------------------------------------------------------------------------- /Unknown/APT-C-37/26-08-19/Images/dirfunc.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/APT-C-37/26-08-19/Images/dirfunc.PNG -------------------------------------------------------------------------------- /Unknown/APT-C-37/26-08-19/Images/downfunc.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/APT-C-37/26-08-19/Images/downfunc.PNG -------------------------------------------------------------------------------- /Unknown/APT-C-37/26-08-19/Images/encodeJS.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/APT-C-37/26-08-19/Images/encodeJS.png -------------------------------------------------------------------------------- /Unknown/APT-C-37/26-08-19/Images/exitfunc.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/APT-C-37/26-08-19/Images/exitfunc.PNG -------------------------------------------------------------------------------- /Unknown/APT-C-37/26-08-19/Images/fnVYrkD1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/APT-C-37/26-08-19/Images/fnVYrkD1.png -------------------------------------------------------------------------------- /Unknown/APT-C-37/26-08-19/Images/geZ6pXr1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/APT-C-37/26-08-19/Images/geZ6pXr1.png -------------------------------------------------------------------------------- /Unknown/APT-C-37/26-08-19/Images/infofunc.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/APT-C-37/26-08-19/Images/infofunc.PNG -------------------------------------------------------------------------------- /Unknown/APT-C-37/26-08-19/Images/infolast.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/APT-C-37/26-08-19/Images/infolast.png -------------------------------------------------------------------------------- /Unknown/APT-C-37/26-08-19/Images/lay1dec.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/APT-C-37/26-08-19/Images/lay1dec.png -------------------------------------------------------------------------------- /Unknown/APT-C-37/26-08-19/Images/layer2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/APT-C-37/26-08-19/Images/layer2.png -------------------------------------------------------------------------------- /Unknown/APT-C-37/26-08-19/Images/listdrivesfunc.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/APT-C-37/26-08-19/Images/listdrivesfunc.PNG -------------------------------------------------------------------------------- /Unknown/APT-C-37/26-08-19/Images/lnk.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/APT-C-37/26-08-19/Images/lnk.PNG -------------------------------------------------------------------------------- /Unknown/APT-C-37/26-08-19/Images/lnkfile.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/APT-C-37/26-08-19/Images/lnkfile.png -------------------------------------------------------------------------------- /Unknown/APT-C-37/26-08-19/Images/matchcode.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/APT-C-37/26-08-19/Images/matchcode.PNG -------------------------------------------------------------------------------- /Unknown/APT-C-37/26-08-19/Images/oIdfwmrN.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/APT-C-37/26-08-19/Images/oIdfwmrN.png -------------------------------------------------------------------------------- /Unknown/APT-C-37/26-08-19/Images/onelinerJS.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/APT-C-37/26-08-19/Images/onelinerJS.png -------------------------------------------------------------------------------- /Unknown/APT-C-37/26-08-19/Images/parents.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/APT-C-37/26-08-19/Images/parents.png -------------------------------------------------------------------------------- /Unknown/APT-C-37/26-08-19/Images/postfunc.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/APT-C-37/26-08-19/Images/postfunc.PNG -------------------------------------------------------------------------------- /Unknown/APT-C-37/26-08-19/Images/processfunc.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/APT-C-37/26-08-19/Images/processfunc.PNG -------------------------------------------------------------------------------- /Unknown/APT-C-37/26-08-19/Images/rule.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/APT-C-37/26-08-19/Images/rule.png -------------------------------------------------------------------------------- /Unknown/APT-C-37/26-08-19/Images/secAnal.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/APT-C-37/26-08-19/Images/secAnal.png -------------------------------------------------------------------------------- /Unknown/APT-C-37/26-08-19/Images/spotted.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/APT-C-37/26-08-19/Images/spotted.png -------------------------------------------------------------------------------- /Unknown/APT-C-37/26-08-19/Images/strings.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/APT-C-37/26-08-19/Images/strings.png -------------------------------------------------------------------------------- /Unknown/APT-C-37/26-08-19/Images/upfunc.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/APT-C-37/26-08-19/Images/upfunc.PNG -------------------------------------------------------------------------------- /Unknown/APT-C-37/26-08-19/Images/zoomdebug.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/APT-C-37/26-08-19/Images/zoomdebug.PNG -------------------------------------------------------------------------------- /Unknown/Unknown phishing group/Analysis_29-09-2019.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/Unknown phishing group/Analysis_29-09-2019.md -------------------------------------------------------------------------------- /Unknown/Unknown phishing group/IOC/IOC_01-10-19.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/Unknown phishing group/IOC/IOC_01-10-19.json -------------------------------------------------------------------------------- /Unknown/Unknown phishing group/Images/Bank/LAY11.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/Unknown phishing group/Images/Bank/LAY11.png -------------------------------------------------------------------------------- /Unknown/Unknown phishing group/Images/Bank/LAY12.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/Unknown phishing group/Images/Bank/LAY12.png -------------------------------------------------------------------------------- /Unknown/Unknown phishing group/Images/Bank/config.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/Unknown phishing group/Images/Bank/config.png -------------------------------------------------------------------------------- /Unknown/Unknown phishing group/Images/Bank/infos.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/Unknown phishing group/Images/Bank/infos.png -------------------------------------------------------------------------------- /Unknown/Unknown phishing group/Images/TNT/Cyber.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/Unknown phishing group/Images/TNT/Cyber.PNG -------------------------------------------------------------------------------- /Unknown/Unknown phishing group/Images/TNT/TNT layer 1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/Unknown phishing group/Images/TNT/TNT layer 1.png -------------------------------------------------------------------------------- /Unknown/Unknown phishing group/Images/TNT/config.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/Unknown phishing group/Images/TNT/config.png -------------------------------------------------------------------------------- /Unknown/Unknown phishing group/Images/TNT/infos.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/Unknown phishing group/Images/TNT/infos.png -------------------------------------------------------------------------------- /Unknown/Unknown phishing group/Images/TNT/mail.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/Unknown phishing group/Images/TNT/mail.png -------------------------------------------------------------------------------- /Unknown/Unknown phishing group/Images/TNT/persistence.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/Unknown phishing group/Images/TNT/persistence.png -------------------------------------------------------------------------------- /Unknown/Unknown phishing group/Images/TNT/persistence_pay.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/Unknown phishing group/Images/TNT/persistence_pay.png -------------------------------------------------------------------------------- /Unknown/Unknown phishing group/Images/TNT/switch.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/Unknown phishing group/Images/TNT/switch.png -------------------------------------------------------------------------------- /Unknown/Unknown phishing group/code/layer2_Bank.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/Unknown phishing group/code/layer2_Bank.js -------------------------------------------------------------------------------- /Unknown/Unknown phishing group/code/layer2_TnT.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/Unknown/Unknown phishing group/code/layer2_TnT.js -------------------------------------------------------------------------------- /cybercriminal groups/FIN7/2021-08-24/Analysis.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/cybercriminal groups/FIN7/2021-08-24/Analysis.md -------------------------------------------------------------------------------- /cybercriminal groups/FIN7/2021-08-24/Pictures/Pcap.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/cybercriminal groups/FIN7/2021-08-24/Pictures/Pcap.png -------------------------------------------------------------------------------- /cybercriminal groups/FIN7/2021-08-24/code/DecoderRequests.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/cybercriminal groups/FIN7/2021-08-24/code/DecoderRequests.js -------------------------------------------------------------------------------- /cybercriminal groups/FIN7/2021-08-24/code/layer1.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/cybercriminal groups/FIN7/2021-08-24/code/layer1.js -------------------------------------------------------------------------------- /cybercriminal groups/FIN7/2021-08-24/code/layer2.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/cybercriminal groups/FIN7/2021-08-24/code/layer2.js -------------------------------------------------------------------------------- /cybercriminal groups/FIN7/2021-08-24/code/layer3.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/cybercriminal groups/FIN7/2021-08-24/code/layer3.js -------------------------------------------------------------------------------- /cybercriminal groups/FIN7/2021-09-07/FIN7.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/cybercriminal groups/FIN7/2021-09-07/FIN7.md -------------------------------------------------------------------------------- /cybercriminal groups/FIN7/2021-09-07/Pictures/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/cybercriminal groups/FIN7/2021-09-07/Pictures/1.png -------------------------------------------------------------------------------- /cybercriminal groups/FIN7/2021-09-07/Pictures/10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/cybercriminal groups/FIN7/2021-09-07/Pictures/10.png -------------------------------------------------------------------------------- /cybercriminal groups/FIN7/2021-09-07/Pictures/11.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/cybercriminal groups/FIN7/2021-09-07/Pictures/11.png -------------------------------------------------------------------------------- /cybercriminal groups/FIN7/2021-09-07/Pictures/12.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/cybercriminal groups/FIN7/2021-09-07/Pictures/12.png -------------------------------------------------------------------------------- /cybercriminal groups/FIN7/2021-09-07/Pictures/13.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/cybercriminal groups/FIN7/2021-09-07/Pictures/13.png -------------------------------------------------------------------------------- /cybercriminal groups/FIN7/2021-09-07/Pictures/14.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/cybercriminal groups/FIN7/2021-09-07/Pictures/14.png -------------------------------------------------------------------------------- /cybercriminal groups/FIN7/2021-09-07/Pictures/15.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/cybercriminal groups/FIN7/2021-09-07/Pictures/15.png -------------------------------------------------------------------------------- /cybercriminal groups/FIN7/2021-09-07/Pictures/2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/cybercriminal groups/FIN7/2021-09-07/Pictures/2.png -------------------------------------------------------------------------------- /cybercriminal groups/FIN7/2021-09-07/Pictures/3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/cybercriminal groups/FIN7/2021-09-07/Pictures/3.png -------------------------------------------------------------------------------- /cybercriminal groups/FIN7/2021-09-07/Pictures/4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/cybercriminal groups/FIN7/2021-09-07/Pictures/4.png -------------------------------------------------------------------------------- /cybercriminal groups/FIN7/2021-09-07/Pictures/5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/cybercriminal groups/FIN7/2021-09-07/Pictures/5.png -------------------------------------------------------------------------------- /cybercriminal groups/FIN7/2021-09-07/Pictures/6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/cybercriminal groups/FIN7/2021-09-07/Pictures/6.png -------------------------------------------------------------------------------- /cybercriminal groups/FIN7/2021-09-07/Pictures/7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/cybercriminal groups/FIN7/2021-09-07/Pictures/7.png -------------------------------------------------------------------------------- /cybercriminal groups/FIN7/2021-09-07/Pictures/8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/cybercriminal groups/FIN7/2021-09-07/Pictures/8.png -------------------------------------------------------------------------------- /cybercriminal groups/FIN7/2021-09-07/Pictures/9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/cybercriminal groups/FIN7/2021-09-07/Pictures/9.png -------------------------------------------------------------------------------- /cybercriminal groups/TA505/04-10-2019/IOC_TA505_07-10-19.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/cybercriminal groups/TA505/04-10-2019/IOC_TA505_07-10-19.json -------------------------------------------------------------------------------- /cybercriminal groups/TA505/04-10-2019/Images/Autoopen.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/cybercriminal groups/TA505/04-10-2019/Images/Autoopen.PNG -------------------------------------------------------------------------------- /cybercriminal groups/TA505/04-10-2019/Images/Intel/ID.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/cybercriminal groups/TA505/04-10-2019/Images/Intel/ID.PNG -------------------------------------------------------------------------------- /cybercriminal groups/TA505/04-10-2019/Images/Intel/Links.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/cybercriminal groups/TA505/04-10-2019/Images/Intel/Links.PNG -------------------------------------------------------------------------------- /cybercriminal groups/TA505/04-10-2019/Images/Intel/domain1.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/cybercriminal groups/TA505/04-10-2019/Images/Intel/domain1.PNG -------------------------------------------------------------------------------- /cybercriminal groups/TA505/04-10-2019/Images/Intel/domain2.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/cybercriminal groups/TA505/04-10-2019/Images/Intel/domain2.PNG -------------------------------------------------------------------------------- /cybercriminal groups/TA505/04-10-2019/Images/Module1-1.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/cybercriminal groups/TA505/04-10-2019/Images/Module1-1.PNG -------------------------------------------------------------------------------- /cybercriminal groups/TA505/04-10-2019/Images/Module1-2.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/cybercriminal groups/TA505/04-10-2019/Images/Module1-2.PNG -------------------------------------------------------------------------------- /cybercriminal groups/TA505/04-10-2019/Images/Module2-1.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/cybercriminal groups/TA505/04-10-2019/Images/Module2-1.PNG -------------------------------------------------------------------------------- /cybercriminal groups/TA505/04-10-2019/Images/Module2-2.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/cybercriminal groups/TA505/04-10-2019/Images/Module2-2.PNG -------------------------------------------------------------------------------- /cybercriminal groups/TA505/04-10-2019/Images/Module3.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/cybercriminal groups/TA505/04-10-2019/Images/Module3.PNG -------------------------------------------------------------------------------- /cybercriminal groups/TA505/04-10-2019/Images/Test.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/cybercriminal groups/TA505/04-10-2019/Images/Test.PNG -------------------------------------------------------------------------------- /cybercriminal groups/TA505/04-10-2019/Images/cyber.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/cybercriminal groups/TA505/04-10-2019/Images/cyber.png -------------------------------------------------------------------------------- /cybercriminal groups/TA505/04-10-2019/Images/implant/connect.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/cybercriminal groups/TA505/04-10-2019/Images/implant/connect.PNG -------------------------------------------------------------------------------- /cybercriminal groups/TA505/04-10-2019/Images/implant/detectsize.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/cybercriminal groups/TA505/04-10-2019/Images/implant/detectsize.PNG -------------------------------------------------------------------------------- /cybercriminal groups/TA505/04-10-2019/Images/implant/getinfos.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/cybercriminal groups/TA505/04-10-2019/Images/implant/getinfos.PNG -------------------------------------------------------------------------------- /cybercriminal groups/TA505/04-10-2019/Images/implant/pushmemory.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/cybercriminal groups/TA505/04-10-2019/Images/implant/pushmemory.PNG -------------------------------------------------------------------------------- /cybercriminal groups/TA505/04-10-2019/Images/implant/virt.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/cybercriminal groups/TA505/04-10-2019/Images/implant/virt.PNG -------------------------------------------------------------------------------- /cybercriminal groups/TA505/04-10-2019/Images/userform.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/cybercriminal groups/TA505/04-10-2019/Images/userform.PNG -------------------------------------------------------------------------------- /cybercriminal groups/TA505/04-10-2019/Malware Analysis 04-10-2019.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/cybercriminal groups/TA505/04-10-2019/Malware Analysis 04-10-2019.md -------------------------------------------------------------------------------- /offshore APT organization/Bitter/27-08-19/IOC_Bitter_31-08-19.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/offshore APT organization/Bitter/27-08-19/IOC_Bitter_31-08-19.json -------------------------------------------------------------------------------- /offshore APT organization/Bitter/27-08-19/Images/CorExitProcess.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/offshore APT organization/Bitter/27-08-19/Images/CorExitProcess.PNG -------------------------------------------------------------------------------- /offshore APT organization/Bitter/27-08-19/Images/Cyber.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/offshore APT organization/Bitter/27-08-19/Images/Cyber.png -------------------------------------------------------------------------------- /offshore APT organization/Bitter/27-08-19/Images/Entry.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/offshore APT organization/Bitter/27-08-19/Images/Entry.png -------------------------------------------------------------------------------- /offshore APT organization/Bitter/27-08-19/Images/Extref.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/offshore APT organization/Bitter/27-08-19/Images/Extref.png -------------------------------------------------------------------------------- /offshore APT organization/Bitter/27-08-19/Images/GetProcname.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/offshore APT organization/Bitter/27-08-19/Images/GetProcname.PNG -------------------------------------------------------------------------------- /offshore APT organization/Bitter/27-08-19/Images/HexRTF.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/offshore APT organization/Bitter/27-08-19/Images/HexRTF.png -------------------------------------------------------------------------------- /offshore APT organization/Bitter/27-08-19/Images/IPloc.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/offshore APT organization/Bitter/27-08-19/Images/IPloc.jpg -------------------------------------------------------------------------------- /offshore APT organization/Bitter/27-08-19/Images/Icon.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/offshore APT organization/Bitter/27-08-19/Images/Icon.PNG -------------------------------------------------------------------------------- /offshore APT organization/Bitter/27-08-19/Images/Osdetails.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/offshore APT organization/Bitter/27-08-19/Images/Osdetails.png -------------------------------------------------------------------------------- /offshore APT organization/Bitter/27-08-19/Images/PointerDATA.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/offshore APT organization/Bitter/27-08-19/Images/PointerDATA.png -------------------------------------------------------------------------------- /offshore APT organization/Bitter/27-08-19/Images/Wordversion.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/offshore APT organization/Bitter/27-08-19/Images/Wordversion.png -------------------------------------------------------------------------------- /offshore APT organization/Bitter/27-08-19/Images/algo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/offshore APT organization/Bitter/27-08-19/Images/algo.png -------------------------------------------------------------------------------- /offshore APT organization/Bitter/27-08-19/Images/dec.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/offshore APT organization/Bitter/27-08-19/Images/dec.png -------------------------------------------------------------------------------- /offshore APT organization/Bitter/27-08-19/Images/decstr.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/offshore APT organization/Bitter/27-08-19/Images/decstr.png -------------------------------------------------------------------------------- /offshore APT organization/Bitter/27-08-19/Images/infowhois.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/offshore APT organization/Bitter/27-08-19/Images/infowhois.png -------------------------------------------------------------------------------- /offshore APT organization/Bitter/27-08-19/Images/loc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/offshore APT organization/Bitter/27-08-19/Images/loc.png -------------------------------------------------------------------------------- /offshore APT organization/Bitter/27-08-19/Images/mat1.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/offshore APT organization/Bitter/27-08-19/Images/mat1.PNG -------------------------------------------------------------------------------- /offshore APT organization/Bitter/27-08-19/Images/mat2.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/offshore APT organization/Bitter/27-08-19/Images/mat2.PNG -------------------------------------------------------------------------------- /offshore APT organization/Bitter/27-08-19/Images/persistence.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/offshore APT organization/Bitter/27-08-19/Images/persistence.png -------------------------------------------------------------------------------- /offshore APT organization/Bitter/27-08-19/Images/query.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/offshore APT organization/Bitter/27-08-19/Images/query.png -------------------------------------------------------------------------------- /offshore APT organization/Bitter/27-08-19/Images/redirect.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/offshore APT organization/Bitter/27-08-19/Images/redirect.png -------------------------------------------------------------------------------- /offshore APT organization/Bitter/27-08-19/Images/res.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/offshore APT organization/Bitter/27-08-19/Images/res.png -------------------------------------------------------------------------------- /offshore APT organization/Bitter/27-08-19/Images/send.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/offshore APT organization/Bitter/27-08-19/Images/send.png -------------------------------------------------------------------------------- /offshore APT organization/Bitter/27-08-19/Images/str.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/offshore APT organization/Bitter/27-08-19/Images/str.png -------------------------------------------------------------------------------- /offshore APT organization/Bitter/27-08-19/Images/trace.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/offshore APT organization/Bitter/27-08-19/Images/trace.png -------------------------------------------------------------------------------- /offshore APT organization/Bitter/27-08-19/Malware analysis 31-08-19.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/offshore APT organization/Bitter/27-08-19/Malware analysis 31-08-19.md -------------------------------------------------------------------------------- /offshore APT organization/Bitter/27-08-19/decrypt/Readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/offshore APT organization/Bitter/27-08-19/decrypt/Readme.md -------------------------------------------------------------------------------- /offshore APT organization/Bitter/27-08-19/decrypt/Result.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/offshore APT organization/Bitter/27-08-19/decrypt/Result.png -------------------------------------------------------------------------------- /offshore APT organization/Bitter/27-08-19/decrypt/decrypt.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/offshore APT organization/Bitter/27-08-19/decrypt/decrypt.ps1 -------------------------------------------------------------------------------- /offshore APT organization/DangerousPassword/2020-04-02/Analysis.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/offshore APT organization/DangerousPassword/2020-04-02/Analysis.md -------------------------------------------------------------------------------- /offshore APT organization/DangerousPassword/2020-04-02/Pictures/Lnk_File.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/offshore APT organization/DangerousPassword/2020-04-02/Pictures/Lnk_File.png -------------------------------------------------------------------------------- /offshore APT organization/DangerousPassword/2020-04-02/Pictures/killchain.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/HEAD/offshore APT organization/DangerousPassword/2020-04-02/Pictures/killchain.png --------------------------------------------------------------------------------