-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdate_mapping.json
515 lines (515 loc) · 54.8 KB
/
date_mapping.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
{
"https://www.proofpoint.com/sites/default/files/proofpoint-operation-transparent-tribe-threat-insight-en.pdf": "01.03.2016",
"https://adversary.crowdstrike.com/en-US/adversary/mythic-leopard/": null,
"https://www.secureworks.com/research/threat-profiles/copper-fieldstone": null,
"https://www.secureworks.com/research/threat-profiles/bronze-huntley": null,
"https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-operation-saffron-rose.pdf": "404",
"https://www.secureworks.com/research/threat-profiles/gold-cabin": null,
"https://security.web.cern.ch/advisories/windigo/windigo.shtml": null,
"https://cdn-cybersecurity.att.com/docs/global-perspective-of-the-sidewinder-apt.pdf": "404",
"https://www.secureworks.com/research/threat-profiles/gold-southfield": null,
"https://redcanary.com/blog/blue-mockingbird-cryptominer/": "07.05.2020",
"https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/whitefly-espionage-singapore": "08.07.2018",
"https://blog.talosintelligence.com/2018/08/rocke-champion-of-monero-miners.html": "30.08.2018",
"https://securelist.com/darkvishnya/89169/": "06.12.2018",
"https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp-white.pdf": "27.05.2016",
"https://us-cert.cisa.gov/ncas/alerts/aa20-302a": "02.11.2020",
"https://www.fireeye.com/blog/threat-research/2019/01/a-nasty-trick-from-credential-theft-malware-to-business-disruption.html": "10.01.2019",
"https://www.crowdstrike.com/blog/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomware/": "10.01.2019",
"https://www.crowdstrike.com/blog/timelining-grim-spiders-big-game-hunting-tactics/": "30.05.2019",
"https://www.fireeye.com/blog/threat-research/2020/10/kegtap-and-singlemalt-with-a-ransomware-chaser.html": "08.11.2021",
"https://www.crowdstrike.com/blog/wizard-spider-adversary-update/": "16.10.2020",
"https://unit42.paloaltonetworks.com/unit42-inception-attackers-target-europe-year-old-office-vulnerability/": "05.11.2018",
"https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/inception-framework-hiding-behind-proxies": "14.03.2018",
"https://securelist.com/cloud-atlas-redoctober-apt-is-back-in-style/68083/": "10.12.2014",
"https://web.archive.org/web/20190625182633if_/https://ti.360.net/blog/articles/apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en/": null,
"https://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blacktech-cyber-espionage-campaigns/": "22.06.2017",
"https://www.ironnet.com/blog/china-cyber-attacks-the-current-threat-landscape": "26.10.2021",
"https://www.reuters.com/article/us-taiwan-cyber-china/taiwan-says-china-behind-cyberattacks-on-government-agencies-emails-idUSKCN25F0JK": "18.08.2020",
"https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt": "08.05.2019",
"https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf": "02.03.2020",
"https://www.mandiant.com/sites/default/files/2022-02/rt-apt41-dual-operation.pdf": "23.02.2022",
"https://www.group-ib.com/blog/colunmtk-apt41/": "10.06.2021",
"https://threatvector.cylance.com/en_us/home/el-machete-malware-attacks-cut-through-latam.html": "22.03.2017",
"https://securelist.com/el-machete/66108/": "20.08.2014",
"https://www.welivesecurity.com/wp-content/uploads/2019/08/ESET_Machete.pdf": "09.08.2019",
"https://blog.360totalsecurity.com/en/apt-c-43-steals-venezuelan-military-secrets-to-provide-intelligence-support-for-the-reactionaries-hpreact-campaign/": "25.09.2020",
"https://global.ahnlab.com/global/upload/download/techreport/%5BAnalysis_Report%5DOperation%20Kabar%20Cobra.pdf": "09.04.2019",
"https://blog.alyac.co.kr/2234": "03.04.2019",
"https://asert.arbornetworks.com/stolen-pencil-campaign-targets-academia/": "05.12.2018",
"https://blog.alyac.co.kr/attachment/cfile5.uf@99A0CD415CB67E210DCEB3.pdf": "17.04.2019",
"https://www.zdnet.com/article/cyber-espionage-group-uses-chrome-extension-to-infect-victims/": "05.12.2018",
"https://us-cert.cisa.gov/ncas/alerts/aa20-301a": "27.10.2020",
"https://www.cybereason.com/blog/back-to-the-future-inside-the-kimsuky-kgh-spyware-suite": "02.11.2020",
"https://blog.malwarebytes.com/threat-analysis/2021/06/kimsuky-apt-continues-to-target-south-korean-government-using-appleseed-backdoor/": "01.06.2021",
"https://securelist.com/the-kimsuky-operation-a-north-korean-apt/57915/": "11.09.2013",
"https://threatconnect.com/blog/kimsuky-phishing-operations-putting-in-work/": "08.05.2000",
"https://www.bitdefender.com/blog/labs/luminousmoth-plugx-file-exfiltration-and-persistence-revisited": "21.07.2021",
"https://securelist.com/apt-luminousmoth/103332/": "14.07.2021",
"https://assets.sentinelone.com/sentinellabs22/metador#page=1": "22.09.2022",
"https://www.microsoft.com/en-us/security/blog/2021/11/16/evolving-trends-in-iranian-threat-actor-activity-mstic-presentation-at-cyberwarcon-2021": "16.11.2021",
"https://blog.google/threat-analysis-group/exposing-initial-access-broker-ties-conti/": "17.03.2022",
"https://research.checkpoint.com/2021/mosesstaff-targeting-israeli-companies/": "15.11.2021",
"https://www.cybereason.com/blog/research/strifewater-rat-iranian-apt-moses-staff-adds-new-trojan-to-ransomware-operations": "01.02.2022",
"https://www.malwarebytes.com/blog/news/2021/12/sidecopy-apt-connecting-lures-to-victims-payloads-to-infrastructure": "02.12.2021",
"https://www.sentinelone.com/labs/aoqin-dragon-newly-discovered-chinese-linked-apt-has-been-quietly-spying-on-organizations-for-10-years/": "09.06.2022",
"https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf": "17.01.2022",
"https://www.recordedfuture.com/chinese-group-tag-22-targets-nepal-philippines-taiwan": "08.07.2021",
"https://www.microsoft.com/security/blog/2022/06/02/exposing-polonium-activity-and-infrastructure-targeting-israeli-organizations/": "02.06.2022",
"https://www.bbc.com/news/technology-60953527": "01.04.2022",
"https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/": "22.03.2022",
"https://unit42.paloaltonetworks.com/lapsus-group/": "24.03.2022",
"https://www.crowdstrike.com/blog/who-is-ember-bear/": "30.03.2022",
"https://www.mandiant.com/resources/russia-invasion-ukraine-retaliation": "04.03.2022",
"https://unit42.paloaltonetworks.com/ukraine-targeted-outsteel-saintbot/": "25.02.2022",
"https://www.forcepoint.com/blog/x-labs/bitter-targeted-attack-against-pakistan": "21.10.2016",
"https://blog.talosintelligence.com/2022/05/bitter-apt-adds-bangladesh-to-their.html": "11.05.2022",
"https://www.crowdstrike.com/blog/overwatch-exposes-aquatic-panda-in-possession-of-log-4-shell-exploit-tools/": "29.12.2021",
"https://www.trendmicro.com/en_us/research/18/b/deciphering-confucius-cyberespionage-operations.html": "13.02.2018",
"https://www.trendmicro.com/en_us/research/21/h/confucius-uses-pegasus-spyware-related-lures-to-target-pakistani.html": "17.08.2021",
"https://www.uptycs.com/blog/confucius-apt-deploys-warzone-rat": "12.01.2021",
"https://www.malwarebytes.com/resources/files/2021/02/lazyscripter.pdf": "24.02.2021",
"https://cybersecurity.att.com/blogs/labs-research/teamtnt-with-new-campaign-aka-chimaera": "08.09.2021",
"https://www.cadosecurity.com/team-tnt-the-first-crypto-mining-worm-to-steal-aws-credentials/": "16.08.2020",
"https://unit42.paloaltonetworks.com/hildegard-malware-teamtnt/": "03.02.2021",
"https://documents.trendmicro.com/assets/white_papers/wp-tracking-the-activities-of-teamTNT.pdf": "15.07.2021",
"https://www.intezer.com/blog/cloud-security/attackers-abusing-legitimate-cloud-monitoring-tools-to-conduct-cyber-attacks/": "08.09.2020",
"https://www.intezer.com/wp-content/uploads/2021/09/TeamTNT-Cryptomining-Explosion.pdf": "06.09.2021",
"https://blog.aquasec.com/container-security-tnt-container-attack": "25.08.2020",
"https://unit42.paloaltonetworks.com/black-t-cryptojacking-variant/": "05.10.2020",
"https://www.lacework.com/blog/taking-teamtnt-docker-images-offline/": "25.05.2021",
"http://download.ahnlab.com/global/brochure/%5BAnalysis%5DAndariel_Group.pdf": "05.09.2019",
"https://www.trendmicro.com/en_us/research/18/g/new-andariel-reconnaissance-tactics-hint-at-next-targets.html": "16.07.2018",
"https://adversary.crowdstrike.com/en-US/adversary/silent-chollima/": "08.05.2009",
"http://www.issuemakerslab.com/research3/": "01.05.2017",
"https://home.treasury.gov/news/press-releases/sm774": "13.09.2019",
"https://securelist.com/ferocious-kitten-6-years-of-covert-surveillance-in-iran/102806/": "16.06.2021",
"https://thehackernews.com/2021/07/indigozebra-apt-hacking-campaign.html": "01.07.2021",
"https://research.checkpoint.com/2021/indigozebra-apt-continues-to-attack-central-asia-with-evolving-tools/": "01.07.2021",
"https://securelist.com/apt-trends-report-q2-2017/79332/": "08.08.2017",
"https://www.welivesecurity.com/2021/06/10/backdoordiplomacy-upgrading-quarian-turian/": "10.06.2021",
"https://securelist.com/transparent-tribe-part-1/98127/": "20.08.2020",
"https://unit42.paloaltonetworks.com/unit42-projectm-link-found-between-pakistani-actor-and-operation-transparent-tribe/": "25.03.2016",
"https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html": "13.05.2021",
"https://www.virusbulletin.com/uploads/pdf/conference_slides/2018/Cherepanov-VB2018-Octopus.pdf": "29.10.2019",
"https://securelist.com/octopus-infested-seas-of-central-asia/88200/": "15.10.2018",
"https://www.securityweek.com/russia-linked-hackers-target-diplomatic-entities-central-asia": "16.10.2018",
"https://securityaffairs.co/wordpress/77165/apt/russia-linked-apt-dustsquad.html": "16.10.2018",
"https://securelist.com/cactuspete-apt-groups-updated-bisonal-backdoor/97962/": "13.08.2020",
"https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/": "10.03.2021",
"https://arstechnica.com/information-technology/2017/04/researchers-claim-china-trying-to-hack-south-korea-missile-defense-efforts/": "21.04.2017",
"https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp_the-heartbeat-apt-campaign.pdf?": "01.05.2023",
"https://blog.talosintelligence.com/2020/03/bisonal-10-years-of-play.html": "05.03.2020",
"https://vb2020.vblocalhost.com/uploads/VB2020-06.pdf": "22.09.2020",
"https://www.crowdstrike.com/blog/adversaries-targeting-the-manufacturing-industry/": "14.07.2020",
"https://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdf": "09.11.2015",
"https://documents.trendmicro.com/assets/wp/wp-operation-woolen-goldfish.pdf": "19.03.2015",
"https://iranthreats.github.io/resources/attribution-flying-rocket-kitten/": "05.12.2017",
"https://www.crowdstrike.com/blog/cat-scratch-fever-crowdstrike-tracks-newly-reported-iranian-actor-flying-kitten/": "13.05.2014",
"https://www.anomali.com/blog/china-based-apt-mustang-panda-targets-minority-groups-public-and-private-sector-organizations": "07.10.2019",
"https://www.secureworks.com/research/bronze-president-targets-ngos": "29.12.2019",
"https://go.recordedfuture.com/hubfs/reports/cta-2020-0728.pdf": "28.07.2020",
"https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-june-mustang-panda/": "15.06.2018",
"https://www.proofpoint.com/us/blog/threat-insight/ta416-goes-ground-and-returns-golang-plugx-malware-loader": "23.11.2020",
"https://www.proofpoint.com/us/blog/threat-insight/good-bad-and-web-bug-ta416-increases-operational-tempo-against-european": "07.03.2022",
"https://blogs.microsoft.com/on-the-issues/2020/09/10/cyberattacks-us-elections-trump-biden/": "10.09.2020",
"https://research.checkpoint.com/2021/the-story-of-jian/": "22.02.2021",
"https://unit42.paloaltonetworks.com/valak-evolution/": "24.07.2020",
"https://unit42.paloaltonetworks.com/ta551-shathak-icedid/": "07.01.2021",
"https://blog.malwarebytes.com/threat-analysis/2020/06/higaisa/": "04.06.2020",
"https://www.zscaler.com/blogs/security-research/return-higaisa-apt": "11.06.2020",
"https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/covid-19-and-new-year-greetings-the-higaisa-group/": "04.06.2020",
"https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/": "02.03.2021",
"https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/": "02.03.2021",
"https://www.welivesecurity.com/2014/03/18/operation-windigo-the-vivisection-of-a-large-linux-server-side-credential-stealing-malware-campaign/": "18.03.2014",
"https://www.clearskysec.com/wp-content/uploads/2021/01/Lebanese-Cedar-APT.pdf": "28.01.2021",
"https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2015/03/20082004/volatile-cedar-technical-report.pdf": "30.03.2015",
"https://www.justice.gov/usao-sdny/press-release/file/1045781/download": "01.05.2023",
"https://info.phishlabs.com/blog/silent-librarian-more-to-the-story-of-the-iranian-mabna-institute-indictment": "26.03.2018",
"https://blog.malwarebytes.com/malwarebytes-news/2020/10/silent-librarian-apt-phishing-attack/": "14.10.2020",
"https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta407-silent-librarian": "14.10.2019",
"https://www.secureworks.com/blog/back-to-school-cobalt-dickens-targets-universities": "24.08.2018",
"https://www.secureworks.com/blog/cobalt-dickens-goes-back-to-school-again": "11.09.2019",
"https://cybleinc.com/2020/09/26/sidewinder-apt-targets-with-futuristic-tactics-and-techniques/": "26.09.2020",
"https://securelist.com/apt-trends-report-q1-2018/85280/": "12.04.2018",
"https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/": "09.07.2020",
"https://www.crowdstrike.com/blog/big-game-hunting-the-evolution-of-indrik-spider-from-dridex-wire-fraud-to-bitpaymer-targeted-ransomware/": "14.11.2018",
"https://www.crowdstrike.com/blog/hades-ransomware-successor-to-indrik-spiders-wastedlocker/": "17.03.2021",
"https://home.treasury.gov/news/press-releases/sm845": "05.12.2019",
"https://www.clearskysec.com/wp-content/uploads/2020/12/Pay2Kitten.pdf": "17.12.2020",
"https://cycraft.com/download/CyCraft-Whitepaper-Chimera_V4.1.pdf": "05.01.2021",
"https://us-cert.cisa.gov/ncas/alerts/aa20-259a": "429",
"https://www.clearskysec.com/fox-kitten/": "429",
"https://www.dragos.com/threat/parisite/": "30.05.2020",
"https://www.crowdstrike.com/blog/who-is-pioneer-kitten/": "31.08.2020",
"https://www.secureworks.com/research/revil-sodinokibi-ransomware": "24.09.2019",
"https://www.crowdstrike.com/blog/the-evolution-of-revil-ransomware-and-pinchy-spider/": "06.07.2021",
"https://www.secureworks.com/blog/revil-the-gandcrab-connection": "24.09.2019",
"https://research.nccgroup.com/2021/01/12/abusing-cloud-services-to-fly-under-the-radar/": "12.01.2021",
"https://objective-see.com/blog/blog_0x3B.html": "20.12.2018",
"https://brica.de/alerts/alert/public/1255063/kimsuky-unveils-apt-campaign-smoke-screen-aimed-at-korea-and-america/": "404",
"https://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers": "25.06.2019",
"https://www.microsoft.com/security/blog/2019/12/12/gallium-targeting-global-telecom/": "12.12.2019",
"https://unit42.paloaltonetworks.com/pingpull-gallium/": "13.06.2022",
"https://www.fsec.or.kr/user/bbs/fsec/163/344/bbsDataView/1382.do?page=1&column=&search=&searchSDate=&searchEDate=&bbsDataCategory=": "18.04.2019",
"https://securityintelligence.com/posts/ta505-continues-to-infect-networks-with-sdbbot-rat/": "14.04.2020",
"https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta505-dridex-globeimposter": "27.09.2017",
"https://www.proofpoint.com/us/threat-insight/post/ta505-shifts-times": "08.06.2018",
"https://www.proofpoint.com/us/threat-insight/post/servhelper-and-flawedgrace-new-malware-introduced-ta505": "09.01.2019",
"https://research.nccgroup.com/2020/11/18/ta505-a-brief-history-of-their-time/": "18.11.2020",
"https://securelist.com/the-silence/83009/": "01.11.2017",
"https://cyberforensicator.com/2019/01/20/silence-dissecting-malicious-chm-files-and-performing-forensic-analysis/": "20.01.2019",
"https://lab52.io/blog/wirte-group-attacking-the-middle-east/": "02.04.2019",
"https://securelist.com/wirtes-campaign-in-the-middle-east-living-off-the-land-since-at-least-2019/105044": "01.10.2019",
"https://www.cylance.com/content/dam/cylance-web/en-us/resources/knowledge-center/resource-library/reports/WhiteCompanyOperationShaheenReport.pdf?_ga=2.161661948.1943296560.1555683782-1066572390.1555511517": "08.05.2012",
"https://dragos.com/resource/xenotime/": "30.05.2020",
"https://www.fireeye.com/blog/threat-research/2018/10/triton-attribution-russian-government-owned-lab-most-likely-built-tools.html": "23.10.2018",
"https://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.html": "10.04.2019",
"https://pylos.co/2019/04/12/a-xenotime-to-remember-veles-in-the-wild/": "12.04.2019",
"https://home.treasury.gov/news/press-releases/sm1127": "17.09.2020",
"https://www.justice.gov/opa/pr/department-justice-and-partner-departments-and-agencies-conduct-coordinated-actions-disrupt": "429",
"https://www.fireeye.com/content/dam/fireeye-www/blog/files/TRITON_Appendix_C.html": "530",
"https://www.iranwatch.org/sites/default/files/public-intelligence-alert.pdf": "18.09.2020",
"https://www.fireeye.com/blog/threat-research/2019/01/apt39-iranian-cyber-espionage-group-focused-on-personal-information.html": "29.01.2019",
"https://www.darkreading.com/attacks-breaches/iran-ups-its-traditional-cyber-espionage-tradecraft/d/d-id/1333764": "30.01.2019",
"https://www.symantec.com/connect/blogs/iran-based-attackers-use-back-door-threats-spy-middle-eastern-targets": "01.05.2023",
"https://www.fireeye.com/blog/threat-research/2014/11/fin4_stealing_insid.html": "01.11.2014",
"https://www2.fireeye.com/WBNR-14Q4NAMFIN4.html": "08.04.2022",
"https://www.mandiant.com/sites/default/files/2021-09/rpt-fin4.pdf": "30.11.2014",
"https://www.symantec.com/blogs/threat-intelligence/gallmaker-attack-group": "10.10.2018",
"https://www.paloaltonetworks.com/apps/pan/public/downloadResource?pagePath=/content/pan/en_US/resources/whitepapers/unit42-silverterrier-rise-of-nigerian-business-email-compromise": "01.05.2023",
"https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/Unit_42/silverterrier-next-evolution-in-nigerian-cybercrime.pdf": "18.10.2016",
"https://us-cert.cisa.gov/ncas/alerts/aa20-239a": "24.10.2020",
"https://content.fireeye.com/apt/rpt-apt38": "04.12.2015",
"https://www.justice.gov/opa/pr/three-north-korean-military-hackers-indicted-wide-ranging-scheme-commit-cyberattacks-and": "17.02.2021",
"https://securelist.com/lazarus-under-the-hood/77908/": "03.04.2017",
"https://www.secureworks.com/research/threat-profiles/nickel-gladstone": null,
"https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-april-stardust-chollima/": "06.04.2018",
"https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf": "10.03.2021",
"https://blog.trendmicro.com/trendlabs-security-intelligence/tropic-trooper-new-strategy/": "14.03.2018",
"https://researchcenter.paloaltonetworks.com/2016/11/unit42-tropic-trooper-targets-taiwanese-government-and-fossil-fuel-provider-with-poison-ivy/": "22.11.2016",
"https://documents.trendmicro.com/assets/Tech-Brief-Tropic-Trooper-s-Back-USBferry-Attack-Targets-Air-gapped-Environments.pdf": "07.05.2020",
"https://www.crowdstrike.com/blog/on-demand-webcast-crowdstrike-experts-on-covid-19-cybersecurity-challenges-and-recommendations/": "07.04.2020",
"https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf": "17.01.2018",
"https://researchcenter.paloaltonetworks.com/2018/08/unit42-gorgon-group-slithering-nation-state-cybercrime/": "02.08.2018",
"https://researchcenter.paloaltonetworks.com/2018/06/unit42-rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/": "26.06.2018",
"https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets": "19.06.2018",
"https://www.symantec.com/blogs/threat-intelligence/orangeworm-targets-healthcare-us-europe-asia": "08.01.2015",
"https://www.accenture.com/us-en/blogs/cyber-defense/iran-based-lyceum-campaigns": "09.11.2021",
"https://www.clearskysec.com/siamesekitten/": "17.08.2021",
"https://dragos.com/resource/hexane/": "30.05.2020",
"https://vblocalhost.com/uploads/VB2021-Kayal-etal.pdf": "17.09.2021",
"https://www.secureworks.com/blog/lyceum-takes-center-stage-in-middle-east-campaign": "27.08.2019",
"https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/": "27.07.2018",
"https://pan-unit42.github.io/playbook_viewer/": null,
"https://www.dragos.com/blog/20180802Raspite.html": "30.05.2020",
"https://www.symantec.com/blogs/threat-intelligence/leafminer-espionage-middle-east": "25.07.2018",
"https://crowdstrike.lookbookhq.com/global-threat-report-2018-web/cs-2018-global-threat-report": "404",
"https://www.secureworks.com/blog/cybercriminals-increasingly-trying-to-ensnare-the-big-financial-fish": "27.09.2018",
"https://www.europol.europa.eu/newsroom/news/mastermind-behind-eur-1-billion-cyber-bank-robbery-arrested-in-spain": "26.03.2018",
"https://blog.morphisec.com/cobalt-gang-2.0": "08.10.2018",
"https://web.archive.org/web/20190508170630/https://www.riskiq.com/blog/labs/cobalt-strike/": "28.11.2017",
"https://web.archive.org/web/20190508170147/https://www.riskiq.com/blog/labs/cobalt-group-spear-phishing-russian-banks/": "16.01.2018",
"https://www.group-ib.com/blog/cobalt": "15.08.2017",
"https://www.proofpoint.com/us/threat-insight/post/microsoft-word-intruder-integrates-cve-2017-0199-utilized-cobalt-group-target": "01.06.2017",
"https://www.ptsecurity.com/upload/corporate/ww-en/analytics/Cobalt-Snatch-eng.pdf": "16.12.2016",
"https://www.ptsecurity.com/upload/corporate/ww-en/analytics/Cobalt-2017-eng.pdf": "16.08.2017",
"https://blog.talosintelligence.com/2018/07/multiple-cobalt-personality-disorder.html": "01.07.2018",
"https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html": "06.06.2017",
"https://www.darkreading.com/attacks-breaches/chinese-hacking-group-codoso-team-uses-forbescom-as-watering-hole-/d/d-id/1319059": "10.02.2015",
"https://www.fireeye.com/current-threats/apt-groups.html#apt19": "15.01.2019",
"https://researchcenter.paloaltonetworks.com/2016/01/new-attacks-linked-to-c0d0s0-group/": "22.01.2016",
"https://web.archive.org/web/20171017072306/https://icitech.org/icit-brief-chinas-espionage-dynasty-economic-death-by-a-thousand-cuts/": null,
"https://web.archive.org/web/20170923102302/https://www.fireeye.com/blog/threat-research/2017/06/obfuscation-in-the-wild.html": "01.06.2017",
"https://www.fireeye.com/blog/threat-research/2016/05/windows-zero-day-payment-cards.html": "11.05.2016",
"http://securityaffairs.co/wordpress/8528/hacking/elderwood-project-who-is-behind-op-aurora-and-ongoing-attacks.html": "09.09.2012",
"https://web.archive.org/web/20190717233006/http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-elderwood-project.pdf": "24.09.2012",
"https://www.csmonitor.com/USA/2012/0914/Stealing-US-business-secrets-Experts-ID-two-huge-cyber-gangs-in-China": "14.09.2012",
"https://securelist.com/blackoasis-apt-and-new-targeted-attacks-leveraging-zero-day-exploit/82732/": "16.10.2017",
"https://www.cyberscoop.com/middle-eastern-hacking-group-using-finfisher-malware-conduct-international-espionage/": "16.10.2017",
"https://www.clearskysec.com/wp-content/uploads/2018/11/MuddyWater-Operations-in-Lebanon-and-Oman.pdf": "28.11.2018",
"https://www.clearskysec.com/wp-content/uploads/2019/06/Clearsky-Iranian-APT-group-%E2%80%98MuddyWater%E2%80%99-Adds-Exploits-to-Their-Arsenal.pdf": "06.06.2019",
"https://www.cybercom.mil/Media/News/Article/2897570/iranian-intel-cyber-suite-of-malware-uses-open-source-tools/": "12.01.2022",
"https://www.cisa.gov/uscert/ncas/alerts/aa22-055a": "24.02.2022",
"https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-targeted-attacks-in-the-middle-east/": "14.11.2017",
"https://blog.talosintelligence.com/2022/01/iranian-apt-muddywater-targets-turkey.html": "31.01.2022",
"https://www.anomali.com/blog/probable-iranian-cyber-actors-static-kitten-conducting-cyberespionage-campaign-targeting-uae-and-kuwait-government-agencies": "10.02.2021",
"https://www.trendmicro.com/en_us/research/21/c/earth-vetala---muddywater-continues-to-target-organizations-in-t.html": "05.03.2021",
"https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/": "01.11.2017",
"https://www.fireeye.com/blog/threat-research/2018/03/iranian-threat-group-updates-ttps-in-spear-phishing-campaign.html": "13.03.2018",
"https://www.symantec.com/blogs/threat-intelligence/seedworm-espionage-group": "10.12.2018",
"https://www.accenture.com/us-en/blogs/cyber-defense/mudcarps-focus-on-submarine-technologies": "05.12.2022",
"https://www.crowdstrike.com/blog/two-birds-one-stone-panda/": "30.08.2018",
"https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets": "16.10.2017",
"https://www.microsoft.com/security/blog/2020/09/24/gadolinium-detecting-empires-cloud/": "24.09.2020",
"https://us-cert.cisa.gov/ncas/alerts/aa21-200a": "20.07.2021",
"https://www.fireeye.com/blog/threat-research/2018/03/suspected-chinese-espionage-group-targeting-maritime-and-engineering-industries.html": "01.03.2018",
"https://www.fireeye.com/blog/threat-research/2019/03/apt40-examining-a-china-nexus-espionage-actor.html": "15.11.2021",
"https://www.secureworks.com/research/threat-profiles/bronze-mohawk": null,
"https://www.brighttalk.com/webcast/10703/275683": "21.09.2017",
"https://www.microsoft.com/security/blog/2020/06/18/inside-microsoft-threat-protection-mapping-attack-chains-from-cloud-to-endpoint/": "18.06.2020",
"https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html": "20.09.2017",
"https://www.symantec.com/blogs/threat-intelligence/elfin-apt33-espionage": null,
"https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf": "02.07.2020",
"https://securelist.com/operation-daybreak/75100/": "17.06.2016",
"https://blog.talosintelligence.com/2018/01/korea-in-crosshairs.html": "16.01.2018",
"https://adversary.crowdstrike.com/en-US/adversary/ricochet-chollima/": null,
"https://www.volexity.com/blog/2021/08/17/north-korean-apt-inkysquid-infects-victims-using-browser-exploits/": "17.08.2021",
"https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/": "13.05.2019",
"https://www.proofpoint.com/us/threat-insight/post/apt-targets-financial-analysts": "27.04.2017",
"https://download.microsoft.com/download/2/2/5/225BFE3E-E1DE-4F5B-A77B-71200928D209/Platinum%20feature%20article%20-%20Targeted%20attacks%20in%20South%20and%20Southeast%20Asia%20April%202016.pdf": "26.04.2016",
"https://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-south-american-and-southeast-asian-governments": "03.05.2023",
"http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-butler-daserf-backdoor-now-using-steganography/": "07.11.2017",
"https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses": "12.10.2017",
"https://documents.trendmicro.com/assets/pdf/Operation-ENDTRADE-TICK-s-Multi-Stage-Backdoors-for-Attacking-Industries-and-Stealing-Classified-Data.pdf": "05.12.2019",
"https://www.symantec.com/connect/blogs/tick-cyberespionage-group-zeros-japan": "28.04.2016",
"https://blogs.microsoft.com/on-the-issues/2019/03/27/new-steps-to-protect-customers-from-hacking/": "27.03.2019",
"https://blogs.microsoft.com/on-the-issues/2020/10/28/cyberattacks-phosphorus-t20-munich-security-conference/": "28.10.2020",
"https://blog.certfa.com/posts/charming-kitten-christmas-gift/": "08.01.2021",
"https://research.checkpoint.com/2022/apt35-exploits-log4j-vulnerability-to-distribute-new-modular-powershell-toolkit/": "11.01.2022",
"http://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf": "05.12.2017",
"https://www.clearskysec.com/wp-content/uploads/2019/10/The-Kittens-Are-Back-in-Town-2-1.pdf": "16.10.2019",
"https://www.clearskysec.com/wp-content/uploads/2020/08/The-Kittens-are-Back-in-Town-3.pdf": "27.08.2020",
"https://www.eweek.com/security/newscaster-threat-uses-social-media-for-intelligence-gathering": "29.05.2014",
"https://researchcenter.paloaltonetworks.com/2017/02/unit42-magic-hound-campaign-attacks-saudi-targets/": "15.02.2017",
"https://www.fireeye.com/content/dam/collateral/en/mtrends-2018.pdf": "530",
"https://www.proofpoint.com/us/blog/threat-insight/operation-spoofedscholars-conversation-ta453": "13.07.2021",
"https://www.proofpoint.com/us/blog/threat-insight/badblood-ta453-targets-us-and-israeli-medical-research-personnel-credential": "30.03.2021",
"https://www.secureworks.com/research/threat-profiles/cobalt-illusion": null,
"https://noticeofpleadings.com/phosphorus/files/Complaint.pdf": "15.03.2019",
"https://securityintelligence.com/posts/new-research-exposes-iranian-threat-group-operations/": "16.07.2020",
"http://www.clearskysec.com/wp-content/uploads/2017/07/Operation_Wilted_Tulip.pdf": "09.08.2017",
"http://www.clearskysec.com/copykitten-jpost/": "30.03.2017",
"https://s3-eu-west-1.amazonaws.com/minervaresearchpublic/CopyKittens/CopyKittens.pdf": "403",
"https://blogs.technet.microsoft.com/mmpc/2016/12/14/twin-zero-day-attacks-promethium-and-neodymium-target-individuals-in-europe/": "14.12.2016",
"http://download.microsoft.com/download/E/B/0/EB0F50CC-989C-4B66-B7F6-68CD3DC90DE3/Microsoft_Security_Intelligence_Report_Volume_21_English.pdf": "23.02.2017",
"https://blog.talosintelligence.com/2020/06/promethium-extends-with-strongpity3.html": "29.06.2020",
"https://www.bitdefender.com/files/News/CaseStudies/study/353/Bitdefender-Whitepaper-StrongPity-APT.pdf": "15.06.2020",
"https://www2.fireeye.com/WBNR-Are-you-ready-to-respond.html": "22.08.2019",
"https://www.youtube.com/watch?v=fevGZs0EQu8": "07.10.2016",
"https://www.darkreading.com/analytics/prolific-cybercrime-gang-favors-legit-login-credentials/d/d-id/1322645?": "14.10.2015",
"https://www2.fireeye.com/rs/848-DID-242/images/rpt-fin10.pdf": "15.06.2017",
"https://research.checkpoint.com/2021/irans-apt34-returns-with-an-updated-arsenal/": "08.04.2021",
"http://www.clearskysec.com/oilrig/": "05.01.2017",
"http://researchcenter.paloaltonetworks.com/2016/05/the-oilrig-campaign-attacks-on-saudi-arabian-organizations-deliver-helminth-backdoor/": "26.05.2016",
"http://researchcenter.paloaltonetworks.com/2017/04/unit42-oilrig-actors-provide-glimpse-development-testing-efforts/": "27.04.2017",
"http://researchcenter.paloaltonetworks.com/2016/10/unit42-oilrig-malware-campaign-updates-toolset-and-expands-targets/": "04.10.2016",
"https://researchcenter.paloaltonetworks.com/2018/07/unit42-oilrig-targets-technology-service-provider-government-agency-quadagent/": "25.07.2018",
"https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-november-helix-kitten/": "27.11.2018",
"https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html": "07.12.2017",
"https://www.secureworks.com/research/threat-profiles/cobalt-gypsy": null,
"https://pan-unit42.github.io/playbook_viewer/?pb=evasive-serpens": null,
"https://www.amnestyusa.org/wp-content/uploads/2021/02/Click-and-Bait_Vietnamese-Human-Rights-Defenders-Targeted-with-Spyware-Attacks.pdf": "17.02.2021",
"https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html": "14.05.2017",
"https://www.cybereason.com/blog/operation-cobalt-kitty-apt": "24.05.2017",
"https://www.welivesecurity.com/2019/03/20/fake-or-fake-keeping-up-with-oceanlotus-decoys/": "20.03.2019",
"https://www.welivesecurity.com/2018/03/13/oceanlotus-ships-new-backdoor/": "13.03.2018",
"https://www.volexity.com/blog/2017/11/06/oceanlotus-blossoms-mass-digital-surveillance-and-exploitation-of-asean-nations-the-media-human-rights-and-civil-society/": "06.11.2017",
"https://www.welivesecurity.com/wp-content/uploads/2017/02/Read-The-Manual.pdf": "17.02.2017",
"https://www.welivesecurity.com/2020/06/11/gamaredon-group-grows-its-game/": "11.06.2020",
"https://blog.trendmicro.com/trendlabs-security-intelligence/gamaredon-apt-group-use-covid-19-lure-in-campaigns/": "17.04.2020",
"https://researchcenter.paloaltonetworks.com/2017/02/unit-42-title-gamaredon-group-toolset-evolution/": "27.02.2017",
"https://www.microsoft.com/security/blog/2022/02/04/actinium-targets-ukrainian-organizations/": "04.02.2022",
"https://www.secureworks.com/research/threat-profiles/iron-tilden": null,
"https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine": "31.01.2022",
"https://www.bleepingcomputer.com/news/security/ukraine-links-members-of-gamaredon-hacker-group-to-russian-fsb/": "04.11.2021",
"https://unit42.paloaltonetworks.com/gamaredon-primitive-bear-ukraine-update-2021/": "03.02.2022",
"https://www.fireeye.com/blog/threat-research/2017/06/behind-the-carbanak-backdoor.html": "12.06.2017",
"https://www.fireeye.com/blog/threat-research/2017/04/fin7-phishing-lnk.html": "24.04.2017",
"https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html": "01.08.2018",
"https://www.secureworks.com/research/threat-profiles/gold-niagara": "08.03.2022",
"https://www.fireeye.com/blog/threat-research/2017/05/fin7-shim-databases-persistence.html": "03.05.2017",
"http://blog.morphisec.com/fin7-attacks-restaurant-industry": "09.06.2017",
"https://www.crowdstrike.com/blog/carbon-spider-embraces-big-game-hunting-part-1/": "30.08.2021",
"https://web.archive.org/web/20180808125108/https:/www.fireeye.com/blog/threat-research/2017/03/fin7_spear_phishing.html": "01.03.2017",
"https://securityintelligence.com/posts/ransomware-2020-attack-trends-new-techniques-affecting-organizations-worldwide/": "28.09.2020",
"http://web.archive.org/web/20220810112638/https:/www.accenture.com/t20180423T055005Z_w_/se-en/_acnmedia/PDF-76/Accenture-Hogfish-Threat-Analysis.pdf": "20.04.2018",
"https://www.slideshare.net/CrowdStrike/crowd-casts-monthly-you-have-an-adversary-problem": "16.10.2013",
"https://www.fireeye.com/blog/threat-research/2017/04/apt10_menupass_grou.html": "01.04.2017",
"https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-poison-ivy.pdf": "500",
"https://www.fireeye.com/blog/threat-research/2018/09/apt10-targeting-japanese-corporations-using-updated-ttps.html": "13.09.2018",
"http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-malware-new-attacks-japanese-academics-organizations/": "16.02.2017",
"https://web.archive.org/web/20220224041316/https:/www.pwc.co.uk/cyber-security/pdf/cloud-hopper-report-final-v4.pdf": "04.04.2017",
"https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-japan-espionage": null,
"https://www.justice.gov/opa/pr/two-chinese-hackers-associated-ministry-state-security-charged-global-computer-intrusion": "20.12.2018",
"https://www.justice.gov/opa/page/file/1122671/download": "01.05.2023",
"http://www.symantec.com/connect/blogs/suckfly-revealing-secret-life-your-code-signing-certificates": "15.03.2016",
"https://401trg.github.io/pages/burning-umbrella.html": "09.05.2018",
"https://securelist.com/winnti-more-than-just-a-game/37029/": "429",
"https://web.archive.org/web/20150412223949/http://www.novetta.com/wp-content/uploads/2015/04/novetta_winntianalysis.pdf": "06.04.2015",
"https://securelist.com/games-are-over/70991/": "22.06.2015",
"https://citizenlab.ca/2016/08/group5-syria/": "02.08.2016",
"http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets": "08.08.2016",
"https://securelist.com/faq-the-projectsauron-apt/75533/": "08.08.2016",
"https://securelist.com/files/2016/07/The-ProjectSauron-APT_research_KL.pdf": "09.08.2016",
"https://web.archive.org/web/20180825085952/https://s3-us-west-2.amazonaws.com/cymmetria-blog/public/Unveiling_Patchwork.pdf": "19.07.2016",
"http://enterprise-manage.norman.c.bitbit.net/resources/files/Unveiling_an_Indian_Cyberattack_Infrastructure.pdf": "404",
"http://www.symantec.com/connect/blogs/patchwork-cyberespionage-group-expands-targets-governments-wide-range-industries": "02.05.2023",
"https://unit42.paloaltonetworks.com/updated-backconfig-malware-targeting-government-and-military-organizations/": "11.05.2020",
"https://securelist.com/the-dropping-elephant-actor/75328/": "08.07.2016",
"https://researchcenter.paloaltonetworks.com/2018/03/unit42-patchwork-continues-deliver-badnews-indian-subcontinent/": "07.03.2018",
"https://documents.trendmicro.com/assets/tech-brief-untangling-the-patchwork-cyberespionage-group.pdf": "10.10.2018",
"https://www.volexity.com/blog/2018/06/07/patchwork-apt-group-targets-us-think-tanks/": "07.06.2018",
"https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-security-labs-monsoon-analysis-report.pdf": "09.08.2016",
"http://www.symantec.com/connect/blogs/indian-organizations-targeted-suckfly-attacks": "17.05.2016",
"https://citizenlab.org/2016/05/stealth-falcon/": "29.05.2016",
"https://www2.fireeye.com/rs/848-DID-242/images/rpt-fin6.pdf": "15.04.2016",
"https://www.fireeye.com/blog/threat-research/2019/04/pick-six-intercepting-a-fin6-intrusion.html": "05.04.2019",
"https://securityintelligence.com/posts/itg08-aka-fin6-partners-with-trickbot-gang-uses-anchor-framework/": "07.04.2020",
"https://securityintelligence.com/posts/more_eggs-anyone-threat-actor-itg08-strikes-again/": "29.08.2019",
"https://securelist.com/apt-style-bank-robberies-increase-with-metel-gcman-and-carbanak-2-0-attacks/73638/": "08.02.2016",
"https://www.cisa.gov/uscert/ncas/alerts/aa20-296a#revisions": "28.02.2022",
"https://www.justice.gov/opa/pr/four-russian-government-employees-charged-two-historical-hacking-campaigns-targeting-critical": "24.03.2022",
"https://www.dragos.com/threat/dymalloy/": "30.05.2020",
"http://fortune.com/2017/09/06/hack-energy-grid-symantec/": "06.09.2017",
"https://www.mandiant.com/resources/ukraine-crisis-cyber-threats": "20.01.2022",
"https://www.secureworks.com/research/mcmd-malware-analysis": "24.07.2019",
"https://www.secureworks.com/research/resurgent-iron-liberty-targeting-energy-sector": "24.07.2019",
"https://www.secureworks.com/research/updated-karagany-malware-targets-energy-sector": "24.07.2019",
"https://vblocalhost.com/uploads/VB2021-Slowik.pdf": "24.06.2021",
"https://docs.broadcom.com/doc/dragonfly_threat_against_western_energy_suppliers": "18.06.2014",
"https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=7382dce7-0260-4782-84cc-890971ed3f17&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments": "30.06.2014",
"https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/dragonfly-energy-sector-cyber-attacks": "09.05.2011",
"https://www.gov.uk/government/publications/russias-fsb-malign-cyber-activity-factsheet/russias-fsb-malign-activity-factsheet": "05.04.2022",
"https://www.justice.gov/opa/page/file/1098481/download": "03.10.2018",
"https://www.dragos.com/resource/electrum/": "30.05.2020",
"https://blog-assets.f-secure.com/wp-content/uploads/2019/10/15163408/BlackEnergy_Quedagh.pdf": "24.09.2014",
"https://www.fireeye.com/blog/threat-research/2016/01/ukraine-and-sandworm-team.html": "07.01.2016",
"https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-january-voodoo-bear/": "29.01.2018",
"https://www.microsoft.com/en-us/security/blog/2022/10/14/new-prestige-ransomware-impacts-organizations-in-ukraine-and-poland/": "14.10.2022",
"https://www.infosecurity-magazine.com/news/microsoft-zero-day-traced-russian/": "14.10.2014",
"https://www.ncsc.gov.uk/news/ncsc-supports-sandworm-advisory": "28.05.2020",
"https://2017-2021.state.gov/the-united-states-condemns-russian-cyber-attack-against-the-country-of-georgia//index.html": "20.02.2020",
"https://www.justice.gov/opa/press-release/file/1328521/download": "01.05.2023",
"https://www.secureworks.com/research/threat-profiles/iron-viking": "28.06.2017",
"https://www.gov.uk/government/news/uk-exposes-series-of-russian-cyber-attacks-against-olympic-and-paralympic-games": "19.10.2020",
"https://securelist.com/poseidon-group-a-targeted-attack-boutique-specializing-in-global-cyber-espionage/73673/": "09.02.2016",
"https://web.archive.org/web/20210723190317/https://adversary.crowdstrike.com/en-US/adversary/labyrinth-chollima/": "03.05.2023",
"https://www.secureworks.com/about/press/media-alert-secureworks-discovers-north-korean-cyber-threat-group-lazarus-spearphishing": "15.12.2017",
"https://blogs.microsoft.com/on-the-issues/2017/12/19/microsoft-facebook-disrupt-zinc-malware-attack-protect-customers-internet-ongoing-cyberthreats/": "19.12.2017",
"https://www.us-cert.gov/ncas/alerts/TA17-164A": "13.06.2017",
"https://www.us-cert.gov/ncas/analysis-reports/AR19-100A": "10.04.2019",
"https://web.archive.org/web/20160226161828/https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf": "01.02.2016",
"http://researchcenter.paloaltonetworks.com/2016/01/scarlet-mimic-years-long-espionage-targets-minority-activists/": "24.01.2016",
"http://www.secureworks.com/resources/blog/living-off-the-land/": "28.05.2015",
"https://www.secureworks.com/research/bronze-union": "27.06.2017",
"https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage": "05.08.2015",
"https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/": "28.05.2019",
"http://arstechnica.com/security/2015/08/newly-discovered-chinese-hacking-group-hacked-100-websites-to-use-as-watering-holes/": "05.08.2015",
"https://thehackernews.com/2018/06/chinese-watering-hole-attack.html": "14.06.2018",
"https://securelist.com/luckymouse-hits-national-data-center/86083/": "13.06.2018",
"https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html": "09.04.2021",
"https://documents.trendmicro.com/assets/white_papers/wp-uncovering-DRBcontrol.pdf": "18.02.2020",
"https://research.nccgroup.com/2018/05/18/emissary-panda-a-potential-new-malicious-tool/": "18.05.2018",
"http://www.secureworks.com/resources/blog/where-you-at-indicators-of-lateral-movement-using-at-exe-on-windows-7-systems/": "02.09.2014",
"https://www.threatstream.com/blog/evasive-maneuvers-the-wekby-group-attempts-to-evade-analysis-via-custom-rop": "06.07.2015",
"https://www.anomali.com/blog/evasive-maneuvers-the-wekby-group-attempts-to-evade-analysis-via-custom-rop": "06.07.2015",
"https://www2.fireeye.com/rs/fireye/images/APT17_Report.pdf": "14.05.2015",
"http://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf": "09.06.2014",
"http://blog.cylance.com/puttering-into-the-future": "12.01.2016",
"https://web.archive.org/web/20151226205946/https://www.fireeye.com/blog/threat-research/2015/12/the-eps-awakens-part-two.html": "01.12.2015",
"https://www.fireeye.com/blog/threat-research/2015/06/operation-clandestine-wolf-adobe-flash-zero-day.html": "23.06.2015",
"https://www.recordedfuture.com/chinese-mss-behind-apt3/": "17.05.2017",
"https://www.fireeye.com/blog/threat-research/2014/11/operation_doubletap.html": "21.11.2014",
"http://www.symantec.com/connect/blogs/buckeye-cyberespionage-group-shifts-gaze-us-hong-kong": "06.09.2016",
"http://pwc.blogs.com/cyber_security_updates/2015/07/pirpi-scanbox.html": "01.07.2015",
"https://www.clearskysec.com/wp-content/uploads/2016/01/Operation%20DustySky_TLP_WHITE.pdf": "07.01.2016",
"http://www.clearskysec.com/wp-content/uploads/2016/06/Operation-DustySky2_-6.2016_TLP_White.pdf": "08.06.2016",
"https://securelist.com/gaza-cybergang-group1-operation-sneakypastes/90068/": "10.04.2019",
"https://www.cybereason.com/hubfs/dam/collateral/reports/Molerats-in-the-Cloud-New-Malware-Arsenal-Abuses-Cloud-Platforms-in-Middle-East-Espionage-Campaign.pdf": "09.12.2020",
"https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-east-cyber-attacks-using-poison-ivy.html": "01.08.2013",
"https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08064459/Equation_group_questions_and_answers.pdf": "24.02.2015",
"http://cdn2.hubspot.net/hubfs/454298/Project_CAMERASHY_ThreatConnect_Copyright_2015.pdf": "404",
"https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07205555/TheNaikonAPT-MsnMM1.pdf": "29.05.2015",
"https://securelist.com/the-naikon-apt/69953/": "14.05.2015",
"https://www.fireeye.com/blog/threat-research/2015/11/china-based-threat.html": "01.12.2015",
"https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/": "05.06.2020",
"https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/": "14.12.2020",
"https://www.crowdstrike.com/blog/sunspot-malware-technical-analysis/": "11.01.2021",
"https://www.crowdstrike.com/blog/observations-from-the-stellarparticle-campaign/": "27.01.2022",
"https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf": "29.12.2016",
"https://www.fireeye.com/blog/threat-research/2018/11/not-so-cozy-an-uncomfortable-examination-of-a-suspected-apt29-phishing-campaign.html": "04.11.2021",
"https://www.f-secure.com/documents/996508/1030745/dukes_whitepaper.pdf": "26.03.2020",
"https://www.welivesecurity.com/wp-content/uploads/2019/10/ESET_Operation_Ghost_Dukes.pdf": "09.10.2019",
"https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html": "13.12.2020",
"https://labs.sentinelone.com/noblebaron-new-poisoned-installers-could-be-used-in-supply-chain-attacks/": "01.06.2021",
"https://www.microsoft.com/security/blog/2018/12/03/analysis-of-cyberattack-on-u-s-think-tanks-non-profits-public-sector-by-unidentified-attackers/": "03.12.2018",
"https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/": "27.05.2021",
"https://msrc-blog.microsoft.com/2021/06/25/new-nobelium-activity/": "01.06.2021",
"https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/": "28.05.2021",
"https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware/": "04.03.2021",
"https://www.ncsc.gov.uk/files/Advisory-APT29-targets-COVID-19-vaccine-development-V1-1.pdf": "16.07.2020",
"https://www.ncsc.gov.uk/files/Advisory-further-TTPs-associated-with-SVR-cyber-actors.pdf": "07.05.2021",
"https://media.defense.gov/2021/Apr/15/2002621240/-1/-1/0/CSA_SVR_TARGETS_US_ALLIES_UOO13234021.PDF/CSA_SVR_TARGETS_US_ALLIES_UOO13234021.PDF": "15.04.2021",
"https://www.pwc.co.uk/issues/cyber-security-services/insights/wellmess-analysis-command-control.html": "17.08.2020",
"https://www.pwc.co.uk/issues/cyber-security-services/insights/cleaning-up-after-wellmess.html": "16.07.2020",
"http://www.secureworks.com/research/threat-profiles/iron-hemlock": "400",
"https://www.secureworks.com/research/threat-profiles/iron-ritual": null,
"https://www.gov.uk/government/news/russia-uk-and-us-expose-global-campaigns-of-malign-activity-by-russian-intelligence-services": "15.04.2021",
"https://www.gov.uk/government/news/russia-uk-exposes-russian-involvement-in-solarwinds-cyber-compromise": "15.04.2021",
"https://www.ncsc.gov.uk/news/uk-and-us-call-out-russia-for-solarwinds-compromise": null,
"https://unit42.paloaltonetworks.com/solarstorm-supply-chain-attack-timeline/": "23.12.2020",
"https://www.whitehouse.gov/briefing-room/statements-releases/2021/04/15/fact-sheet-imposing-costs-for-harmful-foreign-activities-by-the-russian-government/": "15.04.2021",
"https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf": "15.04.2015",
"https://securelist.com/darkhotels-attacks-in-2015/71713/": "10.08.2015",
"https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08070903/darkhotel_kl_07.11.pdf": "14.11.2014",
"https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWxPuf": "10.09.2020",
"https://www.microsoft.com/security/blog/2016/07/14/reverse-engineering-dubnium-stage-2-payload-analysis/": "14.07.2016",
"https://www.microsoft.com/security/blog/2016/06/20/reverse-engineering-dubniums-flash-targeting-exploit/": "20.06.2016",
"https://www.microsoft.com/security/blog/2016/06/09/reverse-engineering-dubnium-2/": "09.06.2016",
"https://airbus-cyber-security.com/the-eye-of-the-tiger/": "01.02.2022",
"https://www.fireeye.com/blog/threat-research/2014/07/spy-of-the-tiger.html": "01.07.2014",
"https://www.accenture.com/us-en/blogs/cyber-defense/turla-belugasturgeon-compromises-government-entity": "28.10.2020",
"https://blog.talosintelligence.com/2021/09/tinyturla.html": "21.09.2021",
"https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf": "05.01.2018",
"https://www.welivesecurity.com/wp-content/uploads/2017/08/eset-gazer.pdf": "29.08.2017",
"https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/": "29.05.2019",
"https://securelist.com/introducing-whitebear/81638/": "30.08.2017",
"https://securelist.com/the-epic-turla-operation/65545/": "07.08.2014",
"https://www.leonardo.com/documents/20142/10868623/Malware+Technical+Insight+_Turla+%E2%80%9CPenquin_x64%E2%80%9D.pdf": "28.05.2020",
"https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-march-venomous-bear/": null,
"http://www.secureworks.com/research/threat-profiles/iron-hunter": "400",
"https://www.threatminer.org/report.php?q=waterbug-attack-group.pdf&y=2015#gsc.tab=0&gsc.q=waterbug-attack-group.pdf&gsc.page=1": null,
"https://web.archive.org/web/20200424075623/https:/www.crowdstrike.com/blog/deep-thought-chinese-targeting-national-security-think-tanks/": "20.03.2022",
"https://web.archive.org/web/20170823094836/http:/www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-black-vine-cyberespionage-group.pdf": "06.08.2015",
"https://www.rsa.com/content/dam/en/white-paper/rsa-incident-response-emerging-threat-profile-shell-crew.pdf": "500",
"https://www.threatconnect.com/the-anthem-hack-all-roads-lead-to-china/": "27.02.2015",
"https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08064518/Carbanak_APT_eng.pdf": "24.02.2015",
"https://www.secureworks.com/research/threat-profiles/gold-kingswood?filter=item-financial-gain": "27.09.2018",
"https://www.fox-it.com/en/news/blog/anunak-aka-carbanak-update/": "12.06.2017",
"https://www.accenture.com/t20181129T203820Z__w__/us-en/_acnmedia/PDF-90/Accenture-snakemackerel-delivers-zekapab-malware.pdf#zoom=50": "24.01.2021",
"https://www.welivesecurity.com/2019/05/22/journey-zebrocy-land/": "22.05.2019",
"http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part3.pdf": "14.10.2016",
"https://researchcenter.paloaltonetworks.com/2018/03/unit42-sofacy-uses-dealerschoice-target-european-government-agency/": "15.03.2018",
"https://www2.fireeye.com/rs/848-DID-242/images/APT28-Center-of-Storm-2017.pdf": "10.01.2017",
"https://web.archive.org/web/20151022204649/https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-apt28.pdf": "27.10.2014",
"https://arstechnica.com/information-technology/2018/07/from-bitly-to-x-agent-how-gru-hackers-targeted-the-2016-presidential-election/": "27.07.2018",
"https://www.trendmicro.com/en_us/research/20/l/pawn-storm-lack-of-sophistication-as-a-strategy.html": "17.12.2020",
"https://securelist.com/a-slice-of-2017-sofacy-activity/83930/": "20.02.2018",
"https://securelist.com/sofacy-apt-hits-high-profile-targets-with-updated-toolset/72924/": "04.12.2015",
"https://researchcenter.paloaltonetworks.com/2018/06/unit42-sofacy-groups-parallel-attacks/": "06.06.2018",
"https://blog.talosintelligence.com/2017/10/cyber-conflict-decoy-document.html": "22.10.2017",
"https://www.microsoft.com/security/blog/2020/09/10/strontium-detecting-new-patters-credential-harvesting/": "10.09.2020",
"https://msrc-blog.microsoft.com/2019/08/05/corporate-iot-a-path-to-intrusion/": "01.08.2019",
"https://www.justice.gov/file/1080281/download": "13.07.2018",
"https://media.defense.gov/2021/Jul/01/2002753896/-1/-1/1/CSA_GRU_GLOBAL_BRUTE_FORCE_CAMPAIGN_UOO158036-21.PDF": "01.07.2021",
"https://media.defense.gov/2020/Aug/13/2002476465/-1/-1/0/CSA_DROVORUB_RUSSIAN_GRU_MALWARE_AUG_2020.PDF": "13.08.2020",
"https://www.secureworks.com/research/threat-group-4127-targets-hillary-clinton-presidential-campaign": "16.06.2016",
"https://www.secureworks.com/research/iron-twilight-supports-active-measures": "30.03.2017",
"https://www.secureworks.com/research/threat-profiles/iron-twilight": null,
"https://www.symantec.com/blogs/election-security/apt28-espionage-military-government": null,
"https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf": "500",
"http://www.crowdstrike.com/blog/whois-numbered-panda/": "29.03.2013",
"https://www.fireeye.com/blog/threat-research/2014/09/darwins-favorite-apt-group-2.html": "03.09.2014",
"https://www.microsoft.com/security/blog/2021/12/06/nickel-targeting-government-organizations-across-latin-america-and-europe": "06.12.2021",
"https://web.archive.org/web/20180615122133/https://www.intezer.com/miragefox-apt15-resurfaces-with-new-tools-based-on-old-ones/": "14.06.2018",
"https://research.nccgroup.com/2018/03/10/apt15-is-alive-and-strong-an-analysis-of-royalcli-and-royaldns/": "10.03.2018",
"https://www.mandiant.com/resources/operation-ke3chang-targeted-attacks-against-ministries-of-foreign-affairs": null,
"https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-operation-ke3chang.pdf": "500",
"https://web.archive.org/web/20200302085133/https://www.cylance.com/content/dam/cylance/pages/operation-cleaver/Cylance_Operation_Cleaver_Report.pdf": "05.04.2016",
"http://www.secureworks.com/cyber-threat-intelligence/threats/suspected-iran-based-hacker-group-creates-network-of-fake-linkedin-profiles/": "07.10.2015",
"https://www.fireeye.com/blog/threat-research/2014/09/the-path-to-mass-producing-cyber-attacks.html": "01.09.2014",
"http://blogs.cisco.com/security/talos/threat-spotlight-group-72": "14.10.2014",
"https://web.archive.org/web/20230115144216/http://www.novetta.com/wp-content/uploads/2014/11/Executive_Summary-Final_1.pdf": "01.11.2014",
"https://dragos.com/resource/allanite/": "30.05.2020"
}