Convert Figma logo to code with AI

CyberMonitor logoAPT_CyberCriminal_Campagin_Collections

APT & CyberCriminal Campaign Collection

3,663
922
3,663
0

Top Related Projects

YARA signature and IOC database for my scanners and tools

Various public documents, whitepapers and articles about APT campaigns

1,647

APTnotes data

A curated list of Awesome Threat Intelligence resources

Quick Overview

The CyberMonitor/APT_CyberCriminal_Campagin_Collections repository is a comprehensive collection of various reports and analyses on Advanced Persistent Threat (APT) groups and cybercriminal campaigns. It serves as a centralized resource for cybersecurity professionals, researchers, and enthusiasts to access information about different threat actors and their activities.

Pros

  • Extensive collection of reports from various sources, providing a wide range of information on APT groups and cybercriminal campaigns
  • Regular updates with new reports and analyses, keeping the information current and relevant
  • Well-organized structure, making it easy to navigate and find specific information about different threat actors
  • Open-source nature allows for community contributions and improvements

Cons

  • Lack of standardized format for reports, which may make it challenging to compare information across different sources
  • Potential for information overload due to the large volume of reports and analyses
  • Possibility of outdated information in older reports if not regularly reviewed and updated
  • Reliance on external sources for content, which may lead to inconsistencies in quality and depth of information

Note: As this is not a code library, the code example and quick start sections have been omitted.

Competitor Comparisons

YARA signature and IOC database for my scanners and tools

Pros of signature-base

  • More actively maintained with frequent updates
  • Includes YARA rules for threat detection
  • Offers a wider range of detection capabilities beyond APT campaigns

Cons of signature-base

  • Focuses primarily on signatures and detection rules, less on comprehensive threat intelligence
  • May require more technical expertise to utilize effectively

Code Comparison

signature-base (YARA rule example):

rule SUSP_LNK_SmallFile_with_PowerShell_Feb23 {
   meta:
      description = "Detects suspicious small LNK files with PowerShell commands"
      author = "Florian Roth"
      reference = "https://twitter.com/klrgrz/status/1628333394803589120?s=12&t=F_A1YnqWqzFKx9Ls1kJ-CQ"
      date = "2023-02-22"
      score = 65
   strings:
      $s1 = "powershell" ascii nocase
   condition:
      uint16(0) == 0x004c and filesize < 4KB and $s1
}

APT_CyberCriminal_Campagin_Collections (Threat intelligence example):

APT28
https://attack.mitre.org/groups/G0007/
Fancy Bear, Pawn Storm, Sofacy Group, Sednit, STRONTIUM, Tsar Team, Threat Group-4127, TG-4127
Russia

Summary

While signature-base offers more technical detection capabilities with YARA rules and frequent updates, APT_CyberCriminal_Campagin_Collections provides a broader overview of threat actors and campaigns. The choice between the two depends on the specific needs of the user, whether they require detailed detection rules or comprehensive threat intelligence.

Various public documents, whitepapers and articles about APT campaigns

Pros of APTnotes

  • More structured organization with CSV files for easy data parsing
  • Includes a wider range of APT-related information, not limited to specific campaigns
  • Regularly updated with new entries and reports

Cons of APTnotes

  • Less focused on specific APT groups and campaigns
  • Lacks detailed descriptions and context for each entry
  • Does not provide direct links to original source materials

Code Comparison

APTnotes uses CSV files for data storage:

Date,Title,Source,Link,Description
2019-01-15,"APT10: Operation Cloud Hopper",PwC,https://example.com/report.pdf,"Analysis of APT10 campaign targeting MSPs"

APT_CyberCriminal_Campagin_Collections uses markdown files for organization:

# APT10 (MenuPass)

- [Operation Cloud Hopper](https://example.com/report.pdf) - PwC (2019-01-15)
  - Analysis of APT10 campaign targeting Managed Service Providers (MSPs)

Both repositories serve as valuable resources for cybersecurity professionals and researchers interested in Advanced Persistent Threats (APTs) and cyber campaigns. APTnotes offers a more comprehensive collection with easier data parsing, while APT_CyberCriminal_Campagin_Collections provides a more focused approach on specific APT groups and campaigns with better context and organization.

1,647

APTnotes data

Pros of aptnotes/data

  • More structured data format, using CSV files for easy parsing and analysis
  • Includes additional metadata fields like submission date and source
  • Regularly updated with new threat reports and indicators

Cons of aptnotes/data

  • Smaller collection of reports compared to APT_CyberCriminal_Campagin_Collections
  • Less focus on specific APT groups and campaigns
  • Limited to English language reports

Code comparison

APT_CyberCriminal_Campagin_Collections:

[No specific code structure, primarily markdown files with links]

aptnotes/data:

Date,Year,Title,Source,Link,SHA-1
2019-01-15,2019,"APT10: Operation Cloud Hopper",FireEye,https://www.fireeye.com/blog/threat-research/2019/01/apt10-cloud-hopper-campaign.html,abc123...

The APT_CyberCriminal_Campagin_Collections repository primarily consists of markdown files with links to reports, while aptnotes/data uses a structured CSV format for easier data processing and analysis. The CSV format in aptnotes/data allows for quick filtering and sorting of threat reports based on various attributes.

While APT_CyberCriminal_Campagin_Collections offers a broader range of reports and focuses on specific APT groups, aptnotes/data provides a more structured approach with additional metadata. Both repositories serve as valuable resources for threat intelligence researchers and analysts, each with its own strengths and limitations.

A curated list of Awesome Threat Intelligence resources

Pros of awesome-threat-intelligence

  • More comprehensive and well-organized, covering a wider range of threat intelligence resources
  • Regularly updated with contributions from the community
  • Includes tools, frameworks, and platforms in addition to raw data sources

Cons of awesome-threat-intelligence

  • Less focused on specific APT and cybercriminal campaigns
  • May be overwhelming for users looking for targeted information on specific threat actors
  • Requires more time to navigate and find relevant information due to its breadth

Code comparison

While both repositories are primarily collections of links and resources, they don't contain significant code. However, the structure of their README files differs:

awesome-threat-intelligence:

## Table of Contents

- [Sources](#sources)
- [Formats](#formats)
- [Frameworks & Platforms](#frameworks--platforms)
- [Tools](#tools)

APT_CyberCriminal_Campagin_Collections:

# APT & CyberCriminals Campaign Collection
This is a collection of APT and CyberCriminals campaigns. Please fire an issue if you want to add or update any collection.

## Collection

The awesome-threat-intelligence repository has a more structured and detailed table of contents, while APT_CyberCriminal_Campagin_Collections focuses on a simple list of campaigns.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

APT & Cybercriminals Campaign Collection

This is collections of APT and cybercriminals campaign. Please fire issue to me if any lost APT/Malware events/campaigns.

🤷The password of malware samples could be 'virus' or 'infected'

URL to PDF Tool

Reference Resources

:small_blue_diamond: kbandla
:small_blue_diamond: APTnotes
:small_blue_diamond: Florian Roth - APT Groups
:small_blue_diamond: Attack Wiki
:small_blue_diamond: threat-INTel
:small_blue_diamond: targetedthreats
:small_blue_diamond: Raw Threat Intelligence
:small_blue_diamond: APT search
:small_blue_diamond: APT Sample by 0xffff0800 (https://iec56w4ibovnb4wc.onion.si/)
:small_blue_diamond: APT Map
:small_blue_diamond: sapphirex00 - Threat-Hunting
:small_blue_diamond: APTSimulator
:small_blue_diamond: MITRE Att&CK: Group
:small_blue_diamond: APT_REPORT collected by @blackorbird
:small_blue_diamond: Analysis of malware and Cyber Threat Intel of APT and cybercriminals groups
:small_blue_diamond: APT_Digital_Weapon
:small_blue_diamond: vx-underground
:small_blue_diamond: StrangerealIntel-EternalLiberty

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2006

Report

SentinelOne

:small_orange_diamond: 2024 - [SentinelOne] WatchTower 2023 Intelligence-Driven Threat Hunting | :closed_book:

Red Canary

:small_orange_diamond: 2021 - [Red_Canary] 2021 Threat Detection Report | :closed_book:

NSA

:small_orange_diamond: Jan 08 2021 - [NSA] 2020 Cybersecurity Year in Review report | :closed_book:

Objective-See

:small_orange_diamond: Jan 01 2024 - [Objective-See] The Mac Malware of 2023 | :closed_book:
:small_orange_diamond: Jan 01 2023 - [Objective-See] The Mac Malware of 2022 | :closed_book:
:small_orange_diamond: Jan 01 2022 - [Objective-See] The Mac Malware of 2021 | :closed_book:
:small_orange_diamond: Jan 04 2021 - [Objective-See] The Mac Malware of 2020 | :closed_book:

ESET

:small_orange_diamond: Q3 2023 - [ESET] 2023 Q2-Q3 APT Activity Report | :closed_book:
:small_orange_diamond: Jun 2022 - [ESET] ESET Threat Report T1 2022 | :closed_book:
:small_orange_diamond: Feb 09 2022 - [ESET] ESET Threat Report T3 2021 | :closed_book:
:small_orange_diamond: Sep 30 2021 - [ESET] ESET Threat Report T2 2021 | :closed_book:
:small_orange_diamond: Jun 03 2021 - [ESET] ESET Threat Report T1 2021 | :closed_book:
:small_orange_diamond: Oct 18 2020 - [ESET] 2020 Q3 Threat Report | :closed_book:
:small_orange_diamond: Jul 29 2020 - [ESET] 2020 Q2 Threat Report | :closed_book:
:small_orange_diamond: Apr 2020 - [ESET] 2020 Q1 Threat Report | :closed_book:

Kaspersky

:small_orange_diamond: Apr 27 2022 - [Kaspersky] APT trends report Q2 2022 | :closed_book:
:small_orange_diamond: Jul 29 2021 - [Kaspersky] APT trends report Q2 2021 | :closed_book:
:small_orange_diamond: Apr 27 2021 - [Kaspersky] APT trends report Q1 2021 | :closed_book:
:small_orange_diamond: Nov 04 2020 - [Kaspersky] APT trends report Q3 2020 | :closed_book:
:small_orange_diamond: July 29 2020 - [Kaspersky] APT trends report Q2 2020 | :closed_book:
:small_orange_diamond: Aug 01 2019 - [Kaspersky] APT trends report Q2 2019 | :closed_book:
:small_orange_diamond: Apr 30 2019 - [Kaspersky] APT trends report Q1 2019 | :closed_book:

FireEye

:small_orange_diamond: Apr 15 2021 - [FireEye] M-Trends 2021 | :closed_book:
:small_orange_diamond: Feb 20 2020 - [FireEye] M-Trends 2020 | :closed_book:
:small_orange_diamond: Mar 04 2019 - [FireEye] M-Trends 2019 | :closed_book:

AhnLab

:small_orange_diamond: Q2 2021 - [AhnLab] ASEC Report Q2 2021 | :closed_book:
:small_orange_diamond: Q1 2021 - [AhnLab] ASEC Report Q1 2021 | :closed_book:
:small_orange_diamond: Q4 2020 - [AhnLab] ASEC Report Q4 2020 | :closed_book:
:small_orange_diamond: Q3 2020 - [AhnLab] ASEC Report Q3 2020 | :closed_book:
:small_orange_diamond: Q2 2020 - [AhnLab] ASEC Report Q2 2020 | :closed_book:
:small_orange_diamond: Q1 2020 - [AhnLab] ASEC Report Q1 2020 | :closed_book:
:small_orange_diamond: Q4 2019 - [AhnLab] ASEC Report Q4 2019 | :closed_book:
:small_orange_diamond: Q3 2019 - [AhnLab] ASEC Report Q3 2019 | :closed_book:
:small_orange_diamond: Q2 2019 - [AhnLab] ASEC Report Q2 2019 | :closed_book:
:small_orange_diamond: Q1 2019 - [AhnLab] ASEC Report Q1 2019 | :closed_book:

Group-IB

:small_orange_diamond: Nov 24 2020 - [Group-IB] Hi-Tech Crime Trends 2020-2021 | :closed_book:
:small_orange_diamond: Nov 29 2019 - [Group-IB] Hi-Tech Crime Trends 2019-2020 | :closed_book:

PTSecurity

:small_orange_diamond: Q1 2021 - [PTSecurity] Cybersecurity threatscape Q1 2021 | :closed_book:
:small_orange_diamond: Q4 2020 - [PTSecurity] Cybersecurity threatscape Q4 2020 | :closed_book:
:small_orange_diamond: Q3 2020 - [PTSecurity] Cybersecurity threatscape Q3 2020 | :closed_book:
:small_orange_diamond: Q2 2020 - [PTSecurity] Cybersecurity threatscape Q2 2020 | :closed_book:
:small_orange_diamond: Q1 2020 - [PTSecurity] Cybersecurity threatscape Q1 2020 | :closed_book:
:small_orange_diamond: Q4 2019 - [PTSecurity] Cybersecurity threatscape Q4 2019 | :closed_book:
:small_orange_diamond: Q3 2019 - [PTSecurity] Cybersecurity threatscape Q3 2019 | :closed_book:
:small_orange_diamond: Q2 2019 - [PTSecurity] Cybersecurity threatscape Q2 2019 | :closed_book:
:small_orange_diamond: Q1 2019 - [PTSecurity] Cybersecurity threatscape Q1 2019 | :closed_book:

ENISA

:small_orange_diamond: Oct 20 2020 - [ENISA] ENISA Threat Landscape 2020 - Main Incidents | :closed_book:
:small_orange_diamond: Jan 28 2019 - [ENISA] ENISA Threat Landscape Report 2018 | :closed_book:

CrowdStrike

:small_orange_diamond: Sep 14 2021 - [CrowdStrike] nowhere to hide: 2021 Threat Hunting Report | :closed_book:
:small_orange_diamond: Feb 24 2021 - [CrowdStrike] 2021 GLOBAL THREAT REPORT | :closed_book:
:small_orange_diamond: Mar 03 2020 - [CrowdStrike] 2020 GLOBAL THREAT REPORT | :closed_book:
:small_orange_diamond: Feb 19 2019 - [CrowdStrike] 2019 GLOBAL THREAT REPORT | :closed_book:

QianXin

:small_orange_diamond: Jun 29 2020 - [QianXin] APT threat report 2020 1H CN version | :closed_book:
:small_orange_diamond: Feb 02 2019 - [QianXin] APT threat report 2019 CN version | :closed_book:

Tencent

:small_orange_diamond: Mar 05 2020 - [Tencent] [CN] 2019 APT Summary Report | :closed_book:
:small_orange_diamond: Jan 03 2019 - [Tencent] [CN] 2018 APT Summary Report | :closed_book:

Verizon

:small_orange_diamond: Nov 16 2020 - [Verizon] Cyber-Espionage Report 2020-2021 | :closed_book:

Sophos

:small_orange_diamond: Nov 18 2020 - [Sophos] SOPHOS 2021 THREAT REPORT | :closed_book:
:small_orange_diamond: Dec 02 2019 - [Sophos] SOPHOS 2020 THREAT REPORT | :closed_book:

360

:small_orange_diamond: Oct xx 2021 - [360] Global APT Research Report for the first half of 2021 | :closed_book:

Microsoft

:small_orange_diamond: Oct xx 2021 - [Microsoft] Microsoft Digital Defense Report October 2021 | :closed_book:

Other

:small_orange_diamond: Nov 18 2020 - [KELA] Zooming into Darknet Threats Targeting Japanese Organizations | :closed_book:
:small_orange_diamond: Nov 04 2020 - [WEF] Partnership against Cybercrime | :closed_book:
:small_orange_diamond: May 01 2020 - [Macnia Networks, TeamT5] 2019 H2 APT Report | :closed_book:
:small_orange_diamond: Feb 02 2019 - [threatinte] Threat Intel Reads – January 2019 | :closed_book:
:small_orange_diamond: Feb 2019 - [SWISSCOM] Targeted Attacks: Cyber Security Report 2019 | :closed_book:
:small_orange_diamond: Jan 30 2019 - [Dragos] Webinar Summary: Uncovering ICS Threat Activity Groups | :closed_book:
:small_orange_diamond: Jan 15 2019 - [Hackmageddon] 2018: A Year of Cyber Attacks | :closed_book:
:small_orange_diamond: Jan 09 2019 - [360] [CN] 2018 APT Summary Report | :closed_book:
:small_orange_diamond: Jan 07 2019 - [Medium] APT_chronicles_december_2018_edition | :closed_book:
:small_orange_diamond: Sep 07 2020 - [SWIFT & BAE] Follow the Money | :closed_book: