1. The introduction of
When using machine learning and deep learning to do computer security research, the analysis of real samples is very important.
APT is advanced Persistent Threat. It refers to a type of Internet spy campaign that is well planned, uses advanced techniques (e.g. 0day), and runs over a long period of time (patiently). It is usually a country – to – country attack.
Such samples are difficult to obtain, making them difficult to study.
2. 3500 APT samples
Some 3,500 samples have been uploaded to Github, which can be downloaded here: github.com/cyber-resea…
Github also lists the APT Group from which the samples come, and overviet. CSV writes the analysis report from which the samples come in detail.
There is no doubt that this is a valuable material for study and research.
3. The APT
We can have a comprehensive understanding of APT by referring to the Global Advanced Persistent Threat (APT) 2019 Research Report in Reference 1. Also from his sample behavior analysis chapter, we can see the behavior of APT on mobile terminal:
- Get keyboard input
- Obtaining Call Records
- Get GPS information
- To get the recording
From the analysis of APT samples in Reference 2, we can see the behavior of APT on PC side:
- Get screen shots
- Recording keyboard input
- Upload a file
- Obtaining System Information
It can be summarized as APT sample behavior, mainly SPY behavior.
reference
-
- www.secrss.com/articles/17…
-
- www.freebuf.com/articles/sy…
The original published another blog: since the author blog.csdn.net/ybdesire/ar…