{"id":19654740,"url":"https://github.com/ditekshen/back-in-2017","last_synced_at":"2026-05-10T13:01:05.107Z","repository":{"id":242016706,"uuid":"806408349","full_name":"ditekshen/back-in-2017","owner":"ditekshen","description":"The Kill Chain Evolution of a Middle Eastern Threat Actor Intelligence from Seventeen Months of Deception and Analysis of Politically Targeted Malware Attacks","archived":false,"fork":false,"pushed_at":"2024-05-31T05:50:48.000Z","size":15596,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-10T00:30:25.415Z","etag":null,"topics":["android","attack","clamav","deception","houdini","kill-chain","malware","memory-forensics","meterpreter","middle-east","mitre-attack","political","python","scoute-elite","sigma","threat-actors","threat-intelligence","yara"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ditekshen.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-05-27T06:31:41.000Z","updated_at":"2024-06-14T06:05:54.000Z","dependencies_parsed_at":"2024-05-31T07:04:27.601Z","dependency_job_id":null,"html_url":"https://github.com/ditekshen/back-in-2017","commit_stats":null,"previous_names":["ditekshen/back-in-2017"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ditekshen%2Fback-in-2017","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ditekshen%2Fback-in-2017/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ditekshen%2Fback-in-2017/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ditekshen%2Fback-in-2017/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ditekshen","download_url":"https://codeload.github.com/ditekshen/back-in-2017/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240963065,"owners_count":19885574,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["android","attack","clamav","deception","houdini","kill-chain","malware","memory-forensics","meterpreter","middle-east","mitre-attack","political","python","scoute-elite","sigma","threat-actors","threat-intelligence","yara"],"created_at":"2024-11-11T15:18:11.218Z","updated_at":"2026-05-10T13:01:00.061Z","avatar_url":"https://github.com/ditekshen.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# back-in-2017\n### The Kill Chain Evolution of a Middle Eastern Threat Actor - Intelligence from Seventeen Months of Deception and Analysis of Politically Targeted Malware Attacks\n\nIn 2017, when I was still learning my way, I tracked and deceived a threat actor for 17 months, until my cover was eventually blown. At the time, coinciding with several geopolitical crises, my evaluation of the potential consequences of publishing the report had higher risk than I, or the people around me, would tolerate. The report was never published.\n\nWhile this was personal work, I tried to implement enterprise quality incident response, analysis, forensics, and documentation. Some of the authored detection was added to https://github.com/ditekshen/detection.\n\nThis is an anonymized and unedited - since then - version of that report. The data in the report may still be valuable and relevant from a hoslistic attack progression point of view.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fditekshen%2Fback-in-2017","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fditekshen%2Fback-in-2017","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fditekshen%2Fback-in-2017/lists"}