Home

Awesome

malware-indicators

This repository includes all malware indicators that were found during the course of Citizen Lab investigations. Each directory corresponds to a single Citizen Lab report as seen below.

Reports

DirectoryLinkPublished
202006_DarkBasinDark Basin: Uncovering a Massive Hack-For-Hire OperationJune 9, 2020
201909_MissingLinkMISSING LINK: Tibetan Groups Targeted with Mobile ExploitsSept 24, 2019
201905_EndlessMayflyBurned After Reading: Endless Mayfly’s Ephemeral Disinformation CampaignMay 14, 2019
201810_TheKingdomCameToCanadaThe Kingdom Came to Canada: How Saudi-Linked Digital Espionage Reached Canadian SoilOct 1, 2018
201808_FamiliarFeelingFamiliar Feeling: A Malware Campaign Targeting the Tibetan Diaspora ResurfacesAug 8, 2018
201803_BadTrafficBad Traffic: Sandvine’s PacketLogic Devices Used to Deploy Government Spyware in Turkey and Redirect Egyptian Users to Affiliate Ads?Mar 8, 2018
201801_SpyingOnABudgetSpying on a Budget: Inside a Phishing Operation with Targets in the Tibetan CommunityJan 30, 2018
201712_CyberbitChamping at the Cyberbit: Ethiopian Dissidents Targeted with New Commercial SpywareDec 6, 2017
201707_InsiderInfoInsider Information: An intrusion campaign targeting Chinese language news sitesJul 5, 2017
201706_RecklessReduxReckless Redux: Senior Mexican Legislators and Politicians Targeted with NSO SpywareJun 29, 2017
201706_RecklessExploitReckless Exploit: Mexican Journalists, Lawyers, and a Child Targeted with NSO SpywareJun 19, 2017
201705_TaintedLeaksTainted Leaks: Disinformation and Phishing With a Russian NexusMay 25, 2017
201702_NilePhishNile Phish: Large-Scale Phishing Campaign Targeting Egyptian Civil SocietyFeb 2, 2017
201611_KeyBoyIt’s Parliamentary: KeyBoy and the targeting of the Tibetan CommunityNov 11, 2016
201608_NSO_Group"The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender"Aug 24, 2016
201608_Group5"Group5: Syria and the Iranian Connection"Aug 2, 2016
201605_Stealth_Falcon"Keep Calm and (Don’t) Enable Macros: A New Threat Actor Targets UAE Dissidents"May 29, 2016
201604_UP007_SLServerBetween Hong Kong and Burma: Tracking UP007 and SLServer Espionage CampaignsApr 18, 2016
201603_Shifting_TacticsShifting Tactics: Tracking changes in years-long espionage campaign against TibetansMar 10, 2016
201512_PackRAT"Packrat: Seven Years of a South American Threat Actor"Dec 8, 2015
201510_NGO_BurmaTargeted Malware Attacks against NGO Linked to Attacks on Burmese Government WebsitesOct 16, 2015
201411_Communities@RiskCommunities @ Risk: Targeted Digital Threats Against Civil Society.Nov 11, 2014

Yara signatures can be found here

Formats

The indicators are provided in the following formats.

License

All data is provided under Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International and available in full here and summarized here