{ "id": "2b77ea94-269c-4c15-a768-75eb900f88ba", "created_at": "2026-04-06T00:09:21.602284Z", "updated_at": "2026-04-10T03:33:56.43918Z", "deleted_at": null, "sha1_hash": "4e64aacde5e8faa746dd051fc3935ac8585cef03", "title": "Interactive Mapping of APT-C-23 - Check Point Research", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 34190, "plain_text": "Interactive Mapping of APT-C-23 - Check Point Research\r\nBy Dexter Eugenio\r\nPublished: 2018-08-27 · Archived: 2026-04-05 20:32:48 UTC\r\nResearch by: Aseel Kayal\r\nLast month, we investigated the renewal of a targeted attack against the Palestinian Authority, attributed to the\r\nAPT-C-23 threat group. Although this campaign was initially discovered in early 2017, it is still active today and\r\nhas been using both desktop and mobile attack vectors throughout the past year.\r\nDubbed by Check Point Research as the ‘Big Bang APT’, due to its use of character names from the famous Big\r\nBang Theory sitcom, the latest resurgence we discovered was certainly not the only one keen on using TV\r\nreferences. In fact, since its early days this has been a peculiar aspect of the constantly changing campaign with\r\ncertain elements of the campaign often referring to actors and characters from well-known TV shows.\r\nIn order to monitor the evolution of this campaign and the similarities between its components, we have created a\r\nvisualization of the C\u0026C domains from all the generations of this attack, the reports they came from, and the\r\nconnections between them.\r\nClick here for the interactive Map.\r\nThis map keeps track of insights provided by different security vendors, and has been updated to include newer\r\nindicators of compromise that were found after we published our own research. So far, we were able to collect\r\napproximately 100 unique domains that were used by malware samples at different points in time.\r\nIt seems that whoever is behind this is not only making sure that they are releasing more advanced malware with\r\nstronger capabilities, but are also making drastic changes to the campaign’s infrastructure in an attempt to evade\r\ndetection by security vendors.\r\nGo to the interactive map\u003e\u003e\r\nSource: https://web.archive.org/web/20230604112435/https://research.checkpoint.com/2018/interactive-mapping-of-apt-c-23/\r\nhttps://web.archive.org/web/20230604112435/https://research.checkpoint.com/2018/interactive-mapping-of-apt-c-23/\r\nPage 1 of 1", "extraction_quality": 1, "language": "EN", "sources": [ "MITRE" ], "references": [ "https://web.archive.org/web/20230604112435/https://research.checkpoint.com/2018/interactive-mapping-of-apt-c-23/" ], "report_names": [ "interactive-mapping-of-apt-c-23" ], "threat_actors": [ { "id": "9198aefa-3da6-4605-bb52-923df20a7fce", "created_at": "2023-01-06T13:46:38.766848Z", "updated_at": "2026-04-10T02:00:03.093153Z", "deleted_at": null, "main_name": "The Big Bang", "aliases": [], "source_name": "MISPGALAXY:The Big Bang", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "9ff60d4d-153b-4ed5-a2f7-18a21d2fa05d", "created_at": "2022-10-25T16:07:23.539852Z", "updated_at": "2026-04-10T02:00:04.647734Z", "deleted_at": null, "main_name": "Desert Falcons", "aliases": [ "APT-C-23", "ATK 66", "Arid Viper", "Niobium", "Operation Arid Viper", "Operation Bearded Barbie", "Operation Rebound", "Pinstripe Lightning", "Renegade Jackal", "TAG-63", "TAG-CT1", "Two-tailed Scorpion" ], "source_name": "ETDA:Desert Falcons", "tools": [ "AridSpy", "Barb(ie) Downloader", "BarbWire", "Desert Scorpion", "FrozenCell", "GlanceLove", "GnatSpy", "KasperAgent", "Micropsia", "PyMICROPSIA", "SpyC23", "Viper RAT", "ViperRAT", "VolatileVenom", "WinkChat", "android.micropsia" ], "source_id": "ETDA", "reports": null }, { "id": "b1979c55-037a-415f-b0a3-cab7933f5cd4", "created_at": "2024-04-24T02:00:49.561432Z", "updated_at": "2026-04-10T02:00:05.416794Z", "deleted_at": null, "main_name": "APT-C-23", "aliases": [ "APT-C-23", "Arid Viper", "Desert Falcon", "TAG-63", "Grey Karkadann", "Big Bang APT", "Two-tailed Scorpion" ], "source_name": "MITRE:APT-C-23", "tools": [ "Micropsia" ], "source_id": "MITRE", "reports": null }, { "id": "929d794b-0e1d-4d10-93a6-29408a527cc2", "created_at": "2023-01-06T13:46:38.70844Z", "updated_at": "2026-04-10T02:00:03.075002Z", "deleted_at": null, "main_name": "AridViper", "aliases": [ "Desert Falcon", "Arid Viper", "APT-C-23", "Bearded Barbie", "Two-tailed Scorpion" ], "source_name": "MISPGALAXY:AridViper", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "e5cad6bf-fa91-4128-ba0d-2bf3ff3c6c6b", "created_at": "2025-08-07T02:03:24.53077Z", "updated_at": "2026-04-10T02:00:03.680525Z", "deleted_at": null, "main_name": "ALUMINUM SARATOGA", "aliases": [ "APT-C-23", "Arid Viper", "Desert Falcon", "Extreme Jackal ", "Gaza Cybergang", "Molerats ", "Operation DustySky ", "TA402" ], "source_name": "Secureworks:ALUMINUM SARATOGA", "tools": [ "BlackShades", "BrittleBush", "DarkComet", "LastConn", "Micropsia", "NimbleMamba", "PoisonIvy", "QuasarRAT", "XtremeRat" ], "source_id": "Secureworks", "reports": null }, { "id": "35b3e533-7483-4f07-894e-2bb3ac855207", "created_at": "2025-08-07T02:03:24.540035Z", "updated_at": "2026-04-10T02:00:03.69627Z", "deleted_at": null, "main_name": "ALUMINUM SHADYSIDE", "aliases": [ "APT-C-23 ", "Arid Viper ", "Desert Falcon " ], "source_name": "Secureworks:ALUMINUM SHADYSIDE", "tools": [ "Micropsia", "SpyC23" ], "source_id": "Secureworks", "reports": null }, { "id": "f7d9b02d-d294-422b-adf7-4b3adfac9d9a", "created_at": "2022-10-25T16:07:23.392241Z", "updated_at": "2026-04-10T02:00:04.577887Z", "deleted_at": null, "main_name": "The Big Bang", "aliases": [], "source_name": "ETDA:The Big Bang", "tools": [ "Micropsia" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434161, "ts_updated_at": 1775792036, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/4e64aacde5e8faa746dd051fc3935ac8585cef03.pdf", "text": "https://archive.orkl.eu/4e64aacde5e8faa746dd051fc3935ac8585cef03.txt", "img": "https://archive.orkl.eu/4e64aacde5e8faa746dd051fc3935ac8585cef03.jpg" } }