GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → aptnotes → Data

aptnotes / Data

APTnotes data

Labels

analysismalwareapt

Projects that are alternatives of or similar to Data

rhino
Agile Sandbox for analyzing Windows, Linux and macOS malware and execution behaviors
Stars: ✭ 49 (-95.65%)
Mutual labels:  analysis, malware
LOLBAS222
APT || Execution || Launch || APTs || ( Authors harr0ey, bohops )
Stars: ✭ 100 (-91.12%)
Mutual labels:  apt, malware
yara-exporter
Exporting MISP event attributes to yara rules usable with Thor apt scanner
Stars: ✭ 22 (-98.05%)
Mutual labels:  apt, analysis
Flashmingo
Automatic analysis of SWF files based on some heuristics. Extensible via plugins.
Stars: ✭ 115 (-89.79%)
Mutual labels:  analysis, malware
ips-bph-framework
BLACKPHENIX is an open source malware analysis automation framework composed of services, scripts, plug-ins, and tools and is based on a Command-and-Control (C&C) architecture
Stars: ✭ 21 (-98.13%)
Mutual labels:  analysis, malware
Qiling
Qiling Advanced Binary Emulation Framework
Stars: ✭ 2,816 (+150.09%)
Mutual labels:  analysis, malware
cerberus research
Research tools for analysing Cerberus banking trojan.
Stars: ✭ 110 (-90.23%)
Mutual labels:  analysis, malware
flashmingo
Automatic analysis of SWF files based on some heuristics. Extensible via plugins.
Stars: ✭ 117 (-89.61%)
Mutual labels:  analysis, malware
MalScan
A Simple PE File Heuristics Scanners
Stars: ✭ 41 (-96.36%)
Mutual labels:  analysis, malware
Windows-APT-Warfare
著作《Windows APT Warfare:惡意程式前線戰術指南》各章節技術實作之原始碼內容
Stars: ✭ 241 (-78.6%)
Mutual labels:  apt, malware
Illuminatejs
IlluminateJS is a static JavaScript deobfuscator
Stars: ✭ 96 (-91.47%)
Mutual labels:  analysis, malware
Manalyze
A static analyzer for PE executables.
Stars: ✭ 701 (-37.74%)
Mutual labels:  analysis, malware
Php Malware Analysis
Deobfuscation and analysis of PHP malware captured by a WordPress honey pot
Stars: ✭ 82 (-92.72%)
Mutual labels:  analysis, malware
Elfparser
Cross Platform ELF analysis
Stars: ✭ 228 (-79.75%)
Mutual labels:  analysis, malware
Apt
APT || Execution || Launch || APTs || ( Authors harr0ey, bohops )
Stars: ✭ 83 (-92.63%)
Mutual labels:  apt, malware
Automated-Malware-Analysis-List
My personal Automated Malware Analysis Sandboxes and Services
Stars: ✭ 20 (-98.22%)
Mutual labels:  analysis, malware
Binee
Binee: binary emulation environment
Stars: ✭ 408 (-63.77%)
Mutual labels:  analysis, malware
Locky
Stars: ✭ 61 (-94.58%)
Mutual labels:  analysis, malware
Sentello
Sentello is python script that simulates the anti-evasion and anti-analysis techniques used by malware.
Stars: ✭ 54 (-95.2%)
Mutual labels:  malware
Flowkit
FlowKit: Flowminder CDR analytics toolkit
Stars: ✭ 60 (-94.67%)
Mutual labels:  analysis
View All Similar Projects ➔

What is it?

APTnotes is a repository of publicly-available papers and blogs (sorted by year) related to malicious campaigns/activity/software that have been associated with vendor-defined APT (Advanced Persistent Threat) groups and/or tool-sets.

Where's that data?

In the original repo, we maintained an ongoing README with links to all of the reports in some form (we tried) order. We also stored all of the reports in year named folders within the repo itself (we ran out of room).

To solve the storage problem, we have moved everything over to Box (thanks Box!). In order to maintain chronological order (and our sanity) we have migrated to CSV and JSON summary file(s).

How can I download all the reports from Box?

Use one of the scripts within this repo: https://github.com/aptnotes/tools

APTnotes.csv

APTnotes.csv This a CSV summary file used to keep track of all the data

Format

Filename Title Source Link SHA-1 Date Year
Name of the file Title of the report Vendor Box Link to the report SHA-1 of report Date of report release Year of release

APTnotes.json

APTnotes.json -- This is a converted version of the CSV format

Format

Example

[{"sha1": "3e6399a4b608bbd99dd81bd2be4cd49731362b5e", "Title": "How China Will Use Cyber Warfare", "Filename": "Fritz_HOW-CHINA-WILL-USE-CYBER-WARFARE(Oct-01-08)", "Source": "Jason Fritz", "Link": "https://app.box.com/s/696xnzy1an3jbm3b212y5n8xieirbemd", "Year": "2008", "Date": "10/1/08"},

How can I help?

There are multiple ways to get a report added:

  • Notify us via Twitter using the hash tag #aptnotes
    • Example: new report by vendor on this group - link #aptnotes
  • Reach out to us directly
  • Create a new issue on Github including the data you want added (using the default issue template)
    • We created an issue template to take the guesswork out of things
      • If the document is only available in HTML, print a "clean" version (e.g. with Print Friendly or similar) to PDF

Why do we do it?

Like almost every open-source project, this is a labor of love. There are so many reports out there, and they either get lost in the mix or taken down before you get a chance to read them. This is our effort to:

  • 1. Make sure these lovely reports get consumed
  • 2. Ensure the people of #DFIR #infosec know what's out there
  • 3. Hopefully add some context to the chaos

How is this data being utilized?

At present (that we know of...) these current projects consume this repo and make magical things happen:

Thank You

This project would not be where it is without the people that have helped along the way, thank you contributors

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].