├── .gitattributes ├── Intelligence ├── CVE-2020-5902 │ ├── bypass-iocs.md │ └── f5-ip-user-agents.csv ├── CVE-2021-44228 │ ├── README.md │ ├── all-jars-and-classes │ │ ├── md5sum.txt │ │ ├── sha1sum.txt │ │ └── sha256sum.txt │ └── modified-classes │ │ ├── md5sum.txt │ │ ├── sha1sum.txt │ │ └── sha256sum.txt ├── Exchange │ ├── 2013-CumulativeUpdate23 │ │ ├── MD5 │ │ ├── SHA1 │ │ └── SHA256 │ ├── 2016-CumulativeUpdate12 │ │ ├── ISOSHA256.txt │ │ ├── MD5 │ │ ├── SHA1 │ │ └── SHA2 │ ├── 2016-CumulativeUpdate19 │ │ ├── MD5 │ │ ├── SHA1 │ │ └── SHA256 │ ├── 2019-CumulativeUpdate1 │ │ ├── ISOSHA256.txt │ │ ├── MD5 │ │ ├── SHA1 │ │ └── SHA2 │ ├── 2019-CumulativeUpdate2 │ │ ├── ISOSHA256.txt │ │ ├── MD5 │ │ ├── SHA1 │ │ └── SHA2 │ ├── 2019-CumulativeUpdate3-filelist │ │ └── filelist.txt │ ├── 2019-CumulativeUpdate3 │ │ ├── ISOSHA256.txt │ │ ├── MD5 │ │ ├── SHA1 │ │ └── SHA2 │ ├── 2019-CumulativeUpdate4 │ │ ├── ISOSHA256.txt │ │ ├── MD5 │ │ ├── SHA1 │ │ └── SHA2 │ ├── 2019-CumulativeUpdate5 │ │ ├── ISOSHA256.txt │ │ ├── MD5 │ │ ├── SHA1 │ │ └── SHA2 │ ├── 2019-CumulativeUpdate6 │ │ ├── ISOSHA256.txt │ │ ├── MD5 │ │ ├── SHA1 │ │ └── SHA2 │ ├── 2019-CumulativeUpdate7 │ │ ├── ISOSHA256.txt │ │ ├── MD5 │ │ ├── SHA1 │ │ └── SHA2 │ ├── 2019-CumulativeUpdate8 │ │ ├── ISOSHA256.txt │ │ ├── MD5 │ │ ├── SHA1 │ │ └── SHA2 │ ├── 2019-OrigRelease │ │ ├── ISOSHA256.txt │ │ ├── MD5 │ │ ├── SHA1 │ │ └── SHA2 │ ├── README.md │ └── md5check.bat └── Honeypot-Data │ └── 2020-F5-and-Citrix │ ├── f5-honeypot-csv-release.csv │ └── f5-honeypot-release.tar.gz ├── README.md ├── Scripts ├── chafer │ ├── chafer_generate_bytes.py │ ├── filenames_generator.py │ ├── folder_generation.py │ ├── rc4chafer.py │ └── update_key.py ├── emissary_panda_registry │ ├── LICENSE │ ├── README.md │ ├── ep_registry_search.py │ └── requirements.txt ├── gh0st_variant_c2 │ ├── decrypt_gh0st_variant.py │ └── example_c2.pcap ├── poison_ivy_api_name_fix.py ├── poison_ivy_string_decrypt.py ├── quasar │ └── quasar_decrypter.py ├── rokrat │ ├── Rokrat_checksum.py │ ├── strings.py │ ├── strings2.py │ └── strings3.py ├── shadowhammer │ └── shadowhammer_payload_decrypter.py ├── triage_apt10_loader.py └── turla_image_decoder │ ├── .gitignore │ ├── LICENSE.txt │ ├── README.md │ ├── TurlaImageDecoder.sln │ └── TurlaImageDecoder │ ├── TurlaImageDecoder.cpp │ ├── TurlaImageDecoder.vcxproj │ ├── TurlaImageDecoder.vcxproj.filters │ ├── pe_res_parser.cpp │ ├── pe_res_parser.h │ ├── peparser.c │ └── peparser.h ├── Signatures ├── suricata │ ├── 2017_04_ole2link_0day.txt │ ├── 2017_04_red_leaves.txt │ ├── 2017_09_monero_malware.txt │ ├── 2019_05_rdp_cve_2019_0708.txt │ └── 2021_03_cve_2021_22986.txt └── yara │ ├── authenticode_anomalies.yara │ ├── badwinmail.yara │ ├── package_manager.yara │ ├── red_leaves.yara │ └── sakula.yara ├── Technical Notes ├── Neutrino-EK │ ├── Flash Exploit Kit technical note.pdf │ ├── Output │ │ ├── Neutrino-Output.7z │ │ └── Readme.txt │ ├── Scripts │ │ ├── Uncompress.cs │ │ ├── decode_escape.py │ │ ├── decrypt_sc.py │ │ ├── deobfuscate_strings.vbs │ │ ├── fingerprint_deobfuscate_string.py │ │ ├── fingerprint_rebuild_dictionary.py │ │ ├── get_names_from_bytecode.py │ │ ├── neutrino.py │ │ ├── script_replace_strings.py │ │ ├── stage1_decrypt.py │ │ ├── stage1_deobfuscate.py │ │ ├── stage1_replace.py │ │ ├── stage2_decompress.py │ │ └── stage2_decrypt.py │ └── Source │ │ ├── Flash Exploit Kit technical note.md │ │ └── images │ │ ├── ConvolutionFilter_u2f.png │ │ ├── as2swf.png │ │ ├── chrome_v.png │ │ ├── config.png │ │ ├── cve_2016_4117.png │ │ ├── escape_bad_characters.png │ │ ├── fingerprint_indented_js.png │ │ ├── fingerprint_obfuscated_js.png │ │ ├── fingerprint_renamed.png │ │ ├── fingerprint_tools.png │ │ ├── fingerprinting_log.png │ │ ├── fingerprinting_nolog.png │ │ ├── flash_standalone.png │ │ ├── jpexs_fail.png │ │ ├── li32_overflow.png │ │ ├── ncc-logo.jpg │ │ ├── nw22_modification.png │ │ ├── nw22_sa_execution.png │ │ ├── nw24_modification.png │ │ ├── obfuscated_vbscript.png │ │ ├── pcode.png │ │ ├── stage1-encodeURI_fail.png │ │ ├── stage1-escape_log.png │ │ ├── stage1-trace_log.png │ │ ├── stage1_jpexs.png │ │ ├── stage1_trace.png │ │ ├── stage1_trace_escape.png │ │ ├── stage1_z_function.png │ │ ├── stage2_flashdevelop.png │ │ ├── stage2_jpexs.png │ │ ├── summary.png │ │ └── vb_script.png ├── Office zero-day (April 2017) │ ├── 2017-04 Office OLE2Link zero-day v0.4.md │ └── 2017-04 Office OLE2Link zero-day v0.4.pdf ├── Red Leaves │ ├── Red Leaves technical note v1.0.pdf │ └── Source │ │ └── Red Leaves technical note v1.0.md └── Sakula │ ├── Sakula technical note 1.0.pdf │ ├── Sakula technical note 1.1.pdf │ ├── Source │ ├── Sakula technical note 1.1.md │ └── images │ │ ├── dropper-graph.pdf │ │ ├── embedded-data-tttttttt.png │ │ ├── kaspersky-signed-binary.png │ │ ├── msi-cert.png │ │ ├── msi-dll-certificate-table.png │ │ ├── msi-dll-lordpe.png │ │ ├── msi-dll-signature.png │ │ ├── msi-no-cert.png │ │ └── xor-xrefs.png │ └── Work │ ├── ExtractFiles.py │ ├── README.md │ └── Sakula technical note - IDA databases.7z └── Tools ├── chafer_config_decrypter ├── LICENSE └── chafer_decrypter.cpp └── ursnif_config_dumper ├── LICENSE ├── TitanEngine.dll ├── TitanEngine.h └── ursnif_dumper.cpp /.gitattributes: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/.gitattributes -------------------------------------------------------------------------------- /Intelligence/CVE-2020-5902/bypass-iocs.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/CVE-2020-5902/bypass-iocs.md -------------------------------------------------------------------------------- /Intelligence/CVE-2020-5902/f5-ip-user-agents.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/CVE-2020-5902/f5-ip-user-agents.csv -------------------------------------------------------------------------------- /Intelligence/CVE-2021-44228/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/CVE-2021-44228/README.md -------------------------------------------------------------------------------- /Intelligence/CVE-2021-44228/all-jars-and-classes/md5sum.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/CVE-2021-44228/all-jars-and-classes/md5sum.txt -------------------------------------------------------------------------------- /Intelligence/CVE-2021-44228/all-jars-and-classes/sha1sum.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/CVE-2021-44228/all-jars-and-classes/sha1sum.txt -------------------------------------------------------------------------------- /Intelligence/CVE-2021-44228/all-jars-and-classes/sha256sum.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/CVE-2021-44228/all-jars-and-classes/sha256sum.txt -------------------------------------------------------------------------------- /Intelligence/CVE-2021-44228/modified-classes/md5sum.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/CVE-2021-44228/modified-classes/md5sum.txt -------------------------------------------------------------------------------- /Intelligence/CVE-2021-44228/modified-classes/sha1sum.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/CVE-2021-44228/modified-classes/sha1sum.txt -------------------------------------------------------------------------------- /Intelligence/CVE-2021-44228/modified-classes/sha256sum.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/CVE-2021-44228/modified-classes/sha256sum.txt -------------------------------------------------------------------------------- /Intelligence/Exchange/2013-CumulativeUpdate23/MD5: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2013-CumulativeUpdate23/MD5 -------------------------------------------------------------------------------- /Intelligence/Exchange/2013-CumulativeUpdate23/SHA1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2013-CumulativeUpdate23/SHA1 -------------------------------------------------------------------------------- /Intelligence/Exchange/2013-CumulativeUpdate23/SHA256: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2013-CumulativeUpdate23/SHA256 -------------------------------------------------------------------------------- /Intelligence/Exchange/2016-CumulativeUpdate12/ISOSHA256.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2016-CumulativeUpdate12/ISOSHA256.txt -------------------------------------------------------------------------------- /Intelligence/Exchange/2016-CumulativeUpdate12/MD5: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2016-CumulativeUpdate12/MD5 -------------------------------------------------------------------------------- /Intelligence/Exchange/2016-CumulativeUpdate12/SHA1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2016-CumulativeUpdate12/SHA1 -------------------------------------------------------------------------------- /Intelligence/Exchange/2016-CumulativeUpdate12/SHA2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2016-CumulativeUpdate12/SHA2 -------------------------------------------------------------------------------- /Intelligence/Exchange/2016-CumulativeUpdate19/MD5: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2016-CumulativeUpdate19/MD5 -------------------------------------------------------------------------------- /Intelligence/Exchange/2016-CumulativeUpdate19/SHA1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2016-CumulativeUpdate19/SHA1 -------------------------------------------------------------------------------- /Intelligence/Exchange/2016-CumulativeUpdate19/SHA256: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2016-CumulativeUpdate19/SHA256 -------------------------------------------------------------------------------- /Intelligence/Exchange/2019-CumulativeUpdate1/ISOSHA256.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2019-CumulativeUpdate1/ISOSHA256.txt -------------------------------------------------------------------------------- /Intelligence/Exchange/2019-CumulativeUpdate1/MD5: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2019-CumulativeUpdate1/MD5 -------------------------------------------------------------------------------- /Intelligence/Exchange/2019-CumulativeUpdate1/SHA1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2019-CumulativeUpdate1/SHA1 -------------------------------------------------------------------------------- /Intelligence/Exchange/2019-CumulativeUpdate1/SHA2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2019-CumulativeUpdate1/SHA2 -------------------------------------------------------------------------------- /Intelligence/Exchange/2019-CumulativeUpdate2/ISOSHA256.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2019-CumulativeUpdate2/ISOSHA256.txt -------------------------------------------------------------------------------- /Intelligence/Exchange/2019-CumulativeUpdate2/MD5: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2019-CumulativeUpdate2/MD5 -------------------------------------------------------------------------------- /Intelligence/Exchange/2019-CumulativeUpdate2/SHA1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2019-CumulativeUpdate2/SHA1 -------------------------------------------------------------------------------- /Intelligence/Exchange/2019-CumulativeUpdate2/SHA2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2019-CumulativeUpdate2/SHA2 -------------------------------------------------------------------------------- /Intelligence/Exchange/2019-CumulativeUpdate3-filelist/filelist.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2019-CumulativeUpdate3-filelist/filelist.txt -------------------------------------------------------------------------------- /Intelligence/Exchange/2019-CumulativeUpdate3/ISOSHA256.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2019-CumulativeUpdate3/ISOSHA256.txt -------------------------------------------------------------------------------- /Intelligence/Exchange/2019-CumulativeUpdate3/MD5: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2019-CumulativeUpdate3/MD5 -------------------------------------------------------------------------------- /Intelligence/Exchange/2019-CumulativeUpdate3/SHA1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2019-CumulativeUpdate3/SHA1 -------------------------------------------------------------------------------- /Intelligence/Exchange/2019-CumulativeUpdate3/SHA2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2019-CumulativeUpdate3/SHA2 -------------------------------------------------------------------------------- /Intelligence/Exchange/2019-CumulativeUpdate4/ISOSHA256.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2019-CumulativeUpdate4/ISOSHA256.txt -------------------------------------------------------------------------------- /Intelligence/Exchange/2019-CumulativeUpdate4/MD5: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2019-CumulativeUpdate4/MD5 -------------------------------------------------------------------------------- /Intelligence/Exchange/2019-CumulativeUpdate4/SHA1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2019-CumulativeUpdate4/SHA1 -------------------------------------------------------------------------------- /Intelligence/Exchange/2019-CumulativeUpdate4/SHA2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2019-CumulativeUpdate4/SHA2 -------------------------------------------------------------------------------- /Intelligence/Exchange/2019-CumulativeUpdate5/ISOSHA256.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2019-CumulativeUpdate5/ISOSHA256.txt -------------------------------------------------------------------------------- /Intelligence/Exchange/2019-CumulativeUpdate5/MD5: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2019-CumulativeUpdate5/MD5 -------------------------------------------------------------------------------- /Intelligence/Exchange/2019-CumulativeUpdate5/SHA1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2019-CumulativeUpdate5/SHA1 -------------------------------------------------------------------------------- /Intelligence/Exchange/2019-CumulativeUpdate5/SHA2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2019-CumulativeUpdate5/SHA2 -------------------------------------------------------------------------------- /Intelligence/Exchange/2019-CumulativeUpdate6/ISOSHA256.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2019-CumulativeUpdate6/ISOSHA256.txt -------------------------------------------------------------------------------- /Intelligence/Exchange/2019-CumulativeUpdate6/MD5: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2019-CumulativeUpdate6/MD5 -------------------------------------------------------------------------------- /Intelligence/Exchange/2019-CumulativeUpdate6/SHA1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2019-CumulativeUpdate6/SHA1 -------------------------------------------------------------------------------- /Intelligence/Exchange/2019-CumulativeUpdate6/SHA2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2019-CumulativeUpdate6/SHA2 -------------------------------------------------------------------------------- /Intelligence/Exchange/2019-CumulativeUpdate7/ISOSHA256.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2019-CumulativeUpdate7/ISOSHA256.txt -------------------------------------------------------------------------------- /Intelligence/Exchange/2019-CumulativeUpdate7/MD5: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2019-CumulativeUpdate7/MD5 -------------------------------------------------------------------------------- /Intelligence/Exchange/2019-CumulativeUpdate7/SHA1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2019-CumulativeUpdate7/SHA1 -------------------------------------------------------------------------------- /Intelligence/Exchange/2019-CumulativeUpdate7/SHA2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2019-CumulativeUpdate7/SHA2 -------------------------------------------------------------------------------- /Intelligence/Exchange/2019-CumulativeUpdate8/ISOSHA256.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2019-CumulativeUpdate8/ISOSHA256.txt -------------------------------------------------------------------------------- /Intelligence/Exchange/2019-CumulativeUpdate8/MD5: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2019-CumulativeUpdate8/MD5 -------------------------------------------------------------------------------- /Intelligence/Exchange/2019-CumulativeUpdate8/SHA1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2019-CumulativeUpdate8/SHA1 -------------------------------------------------------------------------------- /Intelligence/Exchange/2019-CumulativeUpdate8/SHA2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2019-CumulativeUpdate8/SHA2 -------------------------------------------------------------------------------- /Intelligence/Exchange/2019-OrigRelease/ISOSHA256.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2019-OrigRelease/ISOSHA256.txt -------------------------------------------------------------------------------- /Intelligence/Exchange/2019-OrigRelease/MD5: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2019-OrigRelease/MD5 -------------------------------------------------------------------------------- /Intelligence/Exchange/2019-OrigRelease/SHA1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2019-OrigRelease/SHA1 -------------------------------------------------------------------------------- /Intelligence/Exchange/2019-OrigRelease/SHA2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/2019-OrigRelease/SHA2 -------------------------------------------------------------------------------- /Intelligence/Exchange/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/README.md -------------------------------------------------------------------------------- /Intelligence/Exchange/md5check.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Exchange/md5check.bat -------------------------------------------------------------------------------- /Intelligence/Honeypot-Data/2020-F5-and-Citrix/f5-honeypot-csv-release.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Honeypot-Data/2020-F5-and-Citrix/f5-honeypot-csv-release.csv -------------------------------------------------------------------------------- /Intelligence/Honeypot-Data/2020-F5-and-Citrix/f5-honeypot-release.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Intelligence/Honeypot-Data/2020-F5-and-Citrix/f5-honeypot-release.tar.gz -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/README.md -------------------------------------------------------------------------------- /Scripts/chafer/chafer_generate_bytes.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Scripts/chafer/chafer_generate_bytes.py -------------------------------------------------------------------------------- /Scripts/chafer/filenames_generator.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Scripts/chafer/filenames_generator.py -------------------------------------------------------------------------------- /Scripts/chafer/folder_generation.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Scripts/chafer/folder_generation.py -------------------------------------------------------------------------------- /Scripts/chafer/rc4chafer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Scripts/chafer/rc4chafer.py -------------------------------------------------------------------------------- /Scripts/chafer/update_key.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Scripts/chafer/update_key.py -------------------------------------------------------------------------------- /Scripts/emissary_panda_registry/LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Scripts/emissary_panda_registry/LICENSE -------------------------------------------------------------------------------- /Scripts/emissary_panda_registry/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Scripts/emissary_panda_registry/README.md -------------------------------------------------------------------------------- /Scripts/emissary_panda_registry/ep_registry_search.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Scripts/emissary_panda_registry/ep_registry_search.py -------------------------------------------------------------------------------- /Scripts/emissary_panda_registry/requirements.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Scripts/emissary_panda_registry/requirements.txt -------------------------------------------------------------------------------- /Scripts/gh0st_variant_c2/decrypt_gh0st_variant.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Scripts/gh0st_variant_c2/decrypt_gh0st_variant.py -------------------------------------------------------------------------------- /Scripts/gh0st_variant_c2/example_c2.pcap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Scripts/gh0st_variant_c2/example_c2.pcap -------------------------------------------------------------------------------- /Scripts/poison_ivy_api_name_fix.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Scripts/poison_ivy_api_name_fix.py -------------------------------------------------------------------------------- /Scripts/poison_ivy_string_decrypt.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Scripts/poison_ivy_string_decrypt.py -------------------------------------------------------------------------------- /Scripts/quasar/quasar_decrypter.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Scripts/quasar/quasar_decrypter.py -------------------------------------------------------------------------------- /Scripts/rokrat/Rokrat_checksum.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Scripts/rokrat/Rokrat_checksum.py -------------------------------------------------------------------------------- /Scripts/rokrat/strings.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Scripts/rokrat/strings.py -------------------------------------------------------------------------------- /Scripts/rokrat/strings2.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Scripts/rokrat/strings2.py -------------------------------------------------------------------------------- /Scripts/rokrat/strings3.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Scripts/rokrat/strings3.py -------------------------------------------------------------------------------- /Scripts/shadowhammer/shadowhammer_payload_decrypter.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Scripts/shadowhammer/shadowhammer_payload_decrypter.py -------------------------------------------------------------------------------- /Scripts/triage_apt10_loader.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Scripts/triage_apt10_loader.py -------------------------------------------------------------------------------- /Scripts/turla_image_decoder/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Scripts/turla_image_decoder/.gitignore -------------------------------------------------------------------------------- /Scripts/turla_image_decoder/LICENSE.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Scripts/turla_image_decoder/LICENSE.txt -------------------------------------------------------------------------------- /Scripts/turla_image_decoder/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Scripts/turla_image_decoder/README.md -------------------------------------------------------------------------------- /Scripts/turla_image_decoder/TurlaImageDecoder.sln: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Scripts/turla_image_decoder/TurlaImageDecoder.sln -------------------------------------------------------------------------------- /Scripts/turla_image_decoder/TurlaImageDecoder/TurlaImageDecoder.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Scripts/turla_image_decoder/TurlaImageDecoder/TurlaImageDecoder.cpp -------------------------------------------------------------------------------- /Scripts/turla_image_decoder/TurlaImageDecoder/TurlaImageDecoder.vcxproj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Scripts/turla_image_decoder/TurlaImageDecoder/TurlaImageDecoder.vcxproj -------------------------------------------------------------------------------- /Scripts/turla_image_decoder/TurlaImageDecoder/TurlaImageDecoder.vcxproj.filters: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Scripts/turla_image_decoder/TurlaImageDecoder/TurlaImageDecoder.vcxproj.filters -------------------------------------------------------------------------------- /Scripts/turla_image_decoder/TurlaImageDecoder/pe_res_parser.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Scripts/turla_image_decoder/TurlaImageDecoder/pe_res_parser.cpp -------------------------------------------------------------------------------- /Scripts/turla_image_decoder/TurlaImageDecoder/pe_res_parser.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Scripts/turla_image_decoder/TurlaImageDecoder/pe_res_parser.h -------------------------------------------------------------------------------- /Scripts/turla_image_decoder/TurlaImageDecoder/peparser.c: -------------------------------------------------------------------------------- 1 | #include "peparser.h" -------------------------------------------------------------------------------- /Scripts/turla_image_decoder/TurlaImageDecoder/peparser.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Scripts/turla_image_decoder/TurlaImageDecoder/peparser.h -------------------------------------------------------------------------------- /Signatures/suricata/2017_04_ole2link_0day.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Signatures/suricata/2017_04_ole2link_0day.txt -------------------------------------------------------------------------------- /Signatures/suricata/2017_04_red_leaves.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Signatures/suricata/2017_04_red_leaves.txt -------------------------------------------------------------------------------- /Signatures/suricata/2017_09_monero_malware.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Signatures/suricata/2017_09_monero_malware.txt -------------------------------------------------------------------------------- /Signatures/suricata/2019_05_rdp_cve_2019_0708.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Signatures/suricata/2019_05_rdp_cve_2019_0708.txt -------------------------------------------------------------------------------- /Signatures/suricata/2021_03_cve_2021_22986.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Signatures/suricata/2021_03_cve_2021_22986.txt -------------------------------------------------------------------------------- /Signatures/yara/authenticode_anomalies.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Signatures/yara/authenticode_anomalies.yara -------------------------------------------------------------------------------- /Signatures/yara/badwinmail.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Signatures/yara/badwinmail.yara -------------------------------------------------------------------------------- /Signatures/yara/package_manager.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Signatures/yara/package_manager.yara -------------------------------------------------------------------------------- /Signatures/yara/red_leaves.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Signatures/yara/red_leaves.yara -------------------------------------------------------------------------------- /Signatures/yara/sakula.yara: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Signatures/yara/sakula.yara -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Flash Exploit Kit technical note.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Flash Exploit Kit technical note.pdf -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Output/Neutrino-Output.7z: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Output/Neutrino-Output.7z -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Output/Readme.txt: -------------------------------------------------------------------------------- 1 | The password for the 7z archive is: malware 2 | -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Scripts/Uncompress.cs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Scripts/Uncompress.cs -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Scripts/decode_escape.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Scripts/decode_escape.py -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Scripts/decrypt_sc.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Scripts/decrypt_sc.py -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Scripts/deobfuscate_strings.vbs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Scripts/deobfuscate_strings.vbs -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Scripts/fingerprint_deobfuscate_string.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Scripts/fingerprint_deobfuscate_string.py -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Scripts/fingerprint_rebuild_dictionary.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Scripts/fingerprint_rebuild_dictionary.py -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Scripts/get_names_from_bytecode.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Scripts/get_names_from_bytecode.py -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Scripts/neutrino.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Scripts/neutrino.py -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Scripts/script_replace_strings.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Scripts/script_replace_strings.py -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Scripts/stage1_decrypt.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Scripts/stage1_decrypt.py -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Scripts/stage1_deobfuscate.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Scripts/stage1_deobfuscate.py -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Scripts/stage1_replace.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Scripts/stage1_replace.py -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Scripts/stage2_decompress.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Scripts/stage2_decompress.py -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Scripts/stage2_decrypt.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Scripts/stage2_decrypt.py -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Source/Flash Exploit Kit technical note.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Source/Flash Exploit Kit technical note.md -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Source/images/ConvolutionFilter_u2f.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Source/images/ConvolutionFilter_u2f.png -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Source/images/as2swf.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Source/images/as2swf.png -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Source/images/chrome_v.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Source/images/chrome_v.png -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Source/images/config.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Source/images/config.png -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Source/images/cve_2016_4117.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Source/images/cve_2016_4117.png -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Source/images/escape_bad_characters.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Source/images/escape_bad_characters.png -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Source/images/fingerprint_indented_js.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Source/images/fingerprint_indented_js.png -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Source/images/fingerprint_obfuscated_js.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Source/images/fingerprint_obfuscated_js.png -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Source/images/fingerprint_renamed.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Source/images/fingerprint_renamed.png -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Source/images/fingerprint_tools.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Source/images/fingerprint_tools.png -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Source/images/fingerprinting_log.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Source/images/fingerprinting_log.png -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Source/images/fingerprinting_nolog.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Source/images/fingerprinting_nolog.png -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Source/images/flash_standalone.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Source/images/flash_standalone.png -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Source/images/jpexs_fail.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Source/images/jpexs_fail.png -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Source/images/li32_overflow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Source/images/li32_overflow.png -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Source/images/ncc-logo.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Source/images/ncc-logo.jpg -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Source/images/nw22_modification.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Source/images/nw22_modification.png -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Source/images/nw22_sa_execution.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Source/images/nw22_sa_execution.png -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Source/images/nw24_modification.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Source/images/nw24_modification.png -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Source/images/obfuscated_vbscript.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Source/images/obfuscated_vbscript.png -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Source/images/pcode.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Source/images/pcode.png -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Source/images/stage1-encodeURI_fail.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Source/images/stage1-encodeURI_fail.png -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Source/images/stage1-escape_log.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Source/images/stage1-escape_log.png -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Source/images/stage1-trace_log.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Source/images/stage1-trace_log.png -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Source/images/stage1_jpexs.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Source/images/stage1_jpexs.png -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Source/images/stage1_trace.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Source/images/stage1_trace.png -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Source/images/stage1_trace_escape.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Source/images/stage1_trace_escape.png -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Source/images/stage1_z_function.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Source/images/stage1_z_function.png -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Source/images/stage2_flashdevelop.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Source/images/stage2_flashdevelop.png -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Source/images/stage2_jpexs.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Source/images/stage2_jpexs.png -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Source/images/summary.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Source/images/summary.png -------------------------------------------------------------------------------- /Technical Notes/Neutrino-EK/Source/images/vb_script.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Neutrino-EK/Source/images/vb_script.png -------------------------------------------------------------------------------- /Technical Notes/Office zero-day (April 2017)/2017-04 Office OLE2Link zero-day v0.4.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Office zero-day (April 2017)/2017-04 Office OLE2Link zero-day v0.4.md -------------------------------------------------------------------------------- /Technical Notes/Office zero-day (April 2017)/2017-04 Office OLE2Link zero-day v0.4.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Office zero-day (April 2017)/2017-04 Office OLE2Link zero-day v0.4.pdf -------------------------------------------------------------------------------- /Technical Notes/Red Leaves/Red Leaves technical note v1.0.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Red Leaves/Red Leaves technical note v1.0.pdf -------------------------------------------------------------------------------- /Technical Notes/Red Leaves/Source/Red Leaves technical note v1.0.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Red Leaves/Source/Red Leaves technical note v1.0.md -------------------------------------------------------------------------------- /Technical Notes/Sakula/Sakula technical note 1.0.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Sakula/Sakula technical note 1.0.pdf -------------------------------------------------------------------------------- /Technical Notes/Sakula/Sakula technical note 1.1.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Sakula/Sakula technical note 1.1.pdf -------------------------------------------------------------------------------- /Technical Notes/Sakula/Source/Sakula technical note 1.1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Sakula/Source/Sakula technical note 1.1.md -------------------------------------------------------------------------------- /Technical Notes/Sakula/Source/images/dropper-graph.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Sakula/Source/images/dropper-graph.pdf -------------------------------------------------------------------------------- /Technical Notes/Sakula/Source/images/embedded-data-tttttttt.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Sakula/Source/images/embedded-data-tttttttt.png -------------------------------------------------------------------------------- /Technical Notes/Sakula/Source/images/kaspersky-signed-binary.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Sakula/Source/images/kaspersky-signed-binary.png -------------------------------------------------------------------------------- /Technical Notes/Sakula/Source/images/msi-cert.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Sakula/Source/images/msi-cert.png -------------------------------------------------------------------------------- /Technical Notes/Sakula/Source/images/msi-dll-certificate-table.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Sakula/Source/images/msi-dll-certificate-table.png -------------------------------------------------------------------------------- /Technical Notes/Sakula/Source/images/msi-dll-lordpe.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Sakula/Source/images/msi-dll-lordpe.png -------------------------------------------------------------------------------- /Technical Notes/Sakula/Source/images/msi-dll-signature.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Sakula/Source/images/msi-dll-signature.png -------------------------------------------------------------------------------- /Technical Notes/Sakula/Source/images/msi-no-cert.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Sakula/Source/images/msi-no-cert.png -------------------------------------------------------------------------------- /Technical Notes/Sakula/Source/images/xor-xrefs.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Sakula/Source/images/xor-xrefs.png -------------------------------------------------------------------------------- /Technical Notes/Sakula/Work/ExtractFiles.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Sakula/Work/ExtractFiles.py -------------------------------------------------------------------------------- /Technical Notes/Sakula/Work/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Sakula/Work/README.md -------------------------------------------------------------------------------- /Technical Notes/Sakula/Work/Sakula technical note - IDA databases.7z: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Technical Notes/Sakula/Work/Sakula technical note - IDA databases.7z -------------------------------------------------------------------------------- /Tools/chafer_config_decrypter/LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Tools/chafer_config_decrypter/LICENSE -------------------------------------------------------------------------------- /Tools/chafer_config_decrypter/chafer_decrypter.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Tools/chafer_config_decrypter/chafer_decrypter.cpp -------------------------------------------------------------------------------- /Tools/ursnif_config_dumper/LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Tools/ursnif_config_dumper/LICENSE -------------------------------------------------------------------------------- /Tools/ursnif_config_dumper/TitanEngine.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Tools/ursnif_config_dumper/TitanEngine.dll -------------------------------------------------------------------------------- /Tools/ursnif_config_dumper/TitanEngine.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Tools/ursnif_config_dumper/TitanEngine.h -------------------------------------------------------------------------------- /Tools/ursnif_config_dumper/ursnif_dumper.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nccgroup/Cyber-Defence/HEAD/Tools/ursnif_config_dumper/ursnif_dumper.cpp --------------------------------------------------------------------------------