According to static analysis we might build YARA rules to identify specific set of binaries. If we classify those binaries as “related to APT” we might extract from tons of binaries the ones that match classified YARA rules and that could be related to APTs. So here we are ! The following table represents a set of binaries which hit classified YARA rules related to APTs. Of course we might have false positives for mainly two reasons: (i) It’s only static analysis. If you run those Samples on live SandBox you might discover unattended behaviour. (ii) No human analysis. This is the result of a mere algorithms, no human interacted and checked those results.

NB: if you needs more detail, you should copy the desired hash and paste it on the search box in this page (WoW, Copy-n-Paste what a stupid action ! Why? … Due to API power consumption on query aggregation … in other words I would need a bigger VPS).

Potential Analyzed APT Groups TOP 30 (updated every 24h)

Potential Analyzed APT Groups (updated every 24h)

Potential iAnalyzed APT Hashes (updated every 24h)

APTs sha256