APT Malware features and statistics

An Advanced Persistent Threat (APT) is a stealthy computer network threat actor, nation state, state-sponsored group or non-state sponsored groups conducting large-scale targeted intrusions for specific goals, which gains unauthorized access to a computer network and remains undetected for an extended period.

The data reported here are the result of a processing based on static analysis techniques performed on 29GB of malware samples attributed to APT groups, followed by a correlation process. The sample group is limited to PE Portable executable. The data in JSON format are available on the github repository.

Attribution is a very complex issue. Information published here may be wrong, outdated, or may change based on evolving information.

Sample sources: VX-Underground

ALL DOCUMENTS AND THE INFORMATION CONTAINED THEREIN ARE PROVIDED ON AN "AS IS" BASIS

Project: Andrea Cristaldi GitHub, Linkedin, Cybersec4

This work is licensed under a Creative Commons Attribution 4.0 International License.

APT Malware features and statistics

Samples

2010-2022
PE Portable Executable
29GB of data analysed using static analysis techniques
Here, the sample list

Go to APTMap

About APTMalware

Filesizes

DLL Imports

Filetypes



ID Filetype Count
1 / 1

Certificates (publisher and company)



ID Certificate Count
1 / 1

Sections



ID Name Count
1 / 1

Resource type



ID Type Count
1 / 1

DLL Imports



ID DLL Count
1 / 1

Function Imports



ID Function Count
1 / 1

Function Exports



ID Function Count
1 / 1

Function call sequences (>=3)



ID Functions Count
1 / 1

Strings

>5 chars AND >= 30 related samples, excluding DLL and DLL function names used by the same sample.



ID String Count
1 / 1