jueves, 21 de mayo de 2020

Part I. Russian APT - APT28 Collection Of Samples Including OSX XAgent



 This post is for all of you, Russian malware lovers/haters. Analyze it all to your heart's content. Prove or disprove Russian hacking in general or DNC hacking in particular, or find that "400 lb hacker" or  nail another country altogether.  You can also have fun and exercise your malware analysis skills without any political agenda.



The post contains malware samples analyzed in the APT28 reports linked below. I will post APT29 and others later.




Read about groups and types of targeted threats here: Mitre ATT&CK

List of References (and samples mentioned) listed from oldest to newest:

  1. APT28_2011-09_Telus_Trojan.Win32.Sofacy.A
  2. APT28_2014-08_MhtMS12-27_Prevenity
  3. APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.Operations
  4. APT28_2014-10_Telus_Coreshell.A
  5. APT28_2014-10_TrendMicro Operation Pawn StormUsing Decoys to Evade Detection
  6. APT28_2015-07_Digital Attack on German Parliament
  7. APT28_2015-07_ESET_Sednit_meet_Hacking
  8. APT28_2015-07_Telus_Trojan-Downloader.Win32.Sofacy.B
  9. APT28_2015-09_Root9_APT28_Technical_Followup
  10. APT28_2015-09_SFecure_Sofacy-recycles-carberp-and-metasploit-code
  11. APT28_2015-10_New Adobe Flash Zero-Day Used in Pawn Storm
  12. APT28_2015-10_Root9_APT28_targets Financial Markets
  13. APT28_2015-12_Bitdefender_In-depth_analysis_of_APT28–The_Political_Cyber-Espionage
  14. APT28_2015-12_Kaspersky_Sofacy APT hits high profile targets
  15. APT28_2015_06_Microsoft_Security_Intelligence_Report_V19
  16. APT28_2016-02_PaloAlto_Fysbis Sofacy Linux Backdoor
  17. APT29_2016-06_Crowdstrike_Bears in the Midst Intrusion into the Democratic National Committee << DNC (NOTE: this is APT29)
  18. APT28_2016-07_Invincea_Tunnel of Gov DNC Hack and the Russian XTunnel
  19. APT28_2016-10_ESET_Observing the Comings and Goings
  20. APT28_2016-10_ESET_Sednit A Mysterious Downloader
  21. APT28_2016-10_ESET_Sednit Approaching the Target
  22. APT28_2016-10_Sekoia_Rootkit analysisUse case on HideDRV
  23. APT28_2017-02_Bitdefender_OSX_XAgent  << OSX XAgent



Download


Download sets (matching research listed above). Email me if you need the password
          Download all files/folders listed (72MB)



Sample list



Parent FolderFile Name (SHA1)MD5 ChecksumSHA256 Checksum
APT28APT28_2011-09_Telus_Trojan.Win32.Sofacy.A
APT28_2011-09_Telus_Trojan.Win32.Sofacy.A28F21E96E0722DD6FC7D6E1275F352BD060ADE0D1e217668d89b480ad42e230e8c2c4d971feb41c4a64a7588d1e8e02497627654e9d031e7020d010541d8a8626447dbe9
APT28_2011-09_Telus_Trojan.Win32.Sofacy.A72CFD996957BDE06A02B0ADB2D66D8AA9C25BF37ed7f6260dec470e81dafb0e63bafb5ae7313eaf95a8a8b4c206b9afe306e7c0675a21999921a71a5a16456894571d21d
APT28_2011-09_Telus_Trojan.Win32.Sofacy.AAC6B465A13370F87CF57929B7CFD1E45C3694585e1554b931affb3cd2edc90bc580280785ab8ef93fdeaac9af258845ab52c24d31140c8fffc5fdcf465529c8e00c508ac
APT28_2011-09_Telus_Trojan.Win32.Sofacy.AC01B02CCC86ACBD9B266B09D2B693CB39A2C68099e4817f7bf36a61b363e0911cc0f08b931a0906b0d8b07167129e134009dc307c2d92522da5709e52b67d3c5a70adf93
APT28APT28_2014-08_MhtMS12-27_Prevenity
APT28_2014-08_MhtMS12-27_Prevenity33EEC0D1AE550FB33874EDCE0138F485538BB21B__.mht_d3de5b8500453107d6d152b3c850693555038c4326964f480fd2160b6b2a7aff9e980270d7765418937b3daeb4e82814
APT28_2014-08_MhtMS12-27_Prevenity8DEF0A554F19134A5DB3D2AE949F9500CE3DD2CE_filee.dll_16a6c56ba458ec718b4e9bc8f9f10785ce554d57333bdbccebb5e2e8d16a304947981e48ea2a5cc3d5f4ced7c1f56df3
APT28_2014-08_MhtMS12-27_PrevenityA8551397E1F1A2C0148E6EADCB56FA35EE6009CA_coreshell.dll_48656a93f9ba39410763a2196aabc67fc8087186a215553d2f95c68c03398e17e67517553f6e9a8adc906faa51bce946
APT28_2014-08_MhtMS12-27_PrevenityE338A57C35A4732BBB5F738E2387C1671A002BCB_advstorshell.dll_d7a625779df56d874871bb632f3e310611097a7a3336e0ab124fa921b94e3d51c4e9e4424e140e96127bfcf1c10ef110
APT28APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.Operations
APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.Operations367D40465FD1633C435B966FA9B289188AA444BC__tmp64.dat_791428601ad12b9230b9ace4f213871329cc2e69f65b9ce5fe04eb9b65942b2dabf48e41770f0a49eb698271b99d2787
APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.Operations6316258CA5BA2D85134AD7427F24A8A51CE4815B_coreshell.dll_da2a657dc69d7320f2ffc87013f257add54173be095b688016528f18dc97f2d583efcf5ce562ec766afc0b294eb51ac7
APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.Operations682E49EFA6D2549147A21993D64291BFA40D815A_coreshell.dll_3b0ecd011500f61237c205834db0e13a7f6f9645499f5840b59fb59525343045abf91bc57183aae459dca98dc8216965
APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.Operations85522190958C82589FA290C0835805F3D9A2F8D6_coreshell.dll_8b92fe86c5b7a9e34f433a6fbac8bc3a03ed773bde6c6a1ac3b24bde6003322df8d41d3d1c85109b8669c430b58d2f69
APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.OperationsA8551397E1F1A2C0148E6EADCB56FA35EE6009CA_coreshell.dll_48656a93f9ba39410763a2196aabc67fc8087186a215553d2f95c68c03398e17e67517553f6e9a8adc906faa51bce946
APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.OperationsCF3220C867B81949D1CE2B36446642DE7894C6DC_coreshell.dll_5882fda97fdf78b47081cc4105d44f7c744f2a1e1a62dff2a8d5bd273304a4d21ee37a3c9b0bdcffeeca50374bd10a39
APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.OperationsD87B310AA81AE6254FFF27B7D57F76035F544073_coreshell.dll_272f0fde35dbdfccbca1e33373b3570d423a0799efe41b28a8b765fa505699183c8278d5a7bf07658b3bd507bfa5346f
APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.OperationsD9C53ADCE8C35EC3B1E015EC8011078902E6800B_coreshell.dll_1259c4fe5efd9bf07fc4c78466f2dd09102b0158bcd5a8b64de44d9f765193dd80df1504e398ce52d37b7c8c33f2552a
APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.OperationsE2450DFFA675C61AA43077B25B12851A910EEEB6_ coreshell.dll_9eebfebe3987fec3c395594dc57a0c4ce6d09ce32cc62b6f17279204fac1771a6eb35077bb79471115e8dfed2c86cd75
APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.OperationsED48EF531D96E8C7360701DA1C57E2FF13F12405_coreshell.dll_ead4ec18ebce6890d20757bb9f5285b17695f20315f84bb1d940149b17dd58383210ea3498450b45fefa22a450e79683
APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.OperationsF5B3E98C6B5D65807DA66D50BD5730D35692174D_asdfasdf.dat_8c4fa713c5e2b009114adda758adc445d58f2a799552aff8358e9c63a4345ea971b27edd14b8eac825db30a8321d1a7a
APT28APT28_2014-10_Telus_Coreshell.A
APT28_2014-10_Telus_Coreshell.AD87B310AA81AE6254FFF27B7D57F76035F544073_coreshell.dll_272f0fde35dbdfccbca1e33373b3570d423a0799efe41b28a8b765fa505699183c8278d5a7bf07658b3bd507bfa5346f
APT28APT28_2014-10_TrendMicro Operation Pawn Storm
APT28_2014-10_TrendMicro Operation Pawn Storm0A3E6607D5E9C59C712106C355962B11DA2902FC_Case2_S.vbs_exe_db9edafbadd71c7a3a0f0aec1b216a92b3d624c4287795a7fbddd617f57705153d30f5f4c4d2d1fec349ac2812c3a8a0
APT28_2014-10_TrendMicro Operation Pawn Storm0E12C8AB9B89B6EB6BAF16C4B3BBF9530067963F_Case2_Military CooperationDecoy.doc_7fcf20302404f644fb07fe9d4fe9ac8477166146463b9124e075f3a7925075f969974e32746c78d022ba99f578b9f0bb
APT28_2014-10_TrendMicro Operation Pawn Storm14BEEB0FC5C8C887D0435009730B6370BF94BC93_Case5Payload2_netids.dll_35717cd78ce713067a5037286cf91c3e1b3dd8aaafd750aa85185dc52672b26d67d662796847d7cbb01a35b565e74d35
APT28_2014-10_TrendMicro Operation Pawn Storm3814EEC8C45FC4313A9C7F65CE882A7899CF0405_Case4_NetIds.dll_a24552843b9fedd7d0084e1eb1dd6e35966660738c9e3ec103c2f8fe361c8ac20647cacaa5153197fa1917e9da99082e
APT28_2014-10_TrendMicro Operation Pawn Storm4B8806FE8E0CB49E4AA5D8F87766415A2DB1E9A9_Case2dropper_cryptmodule.exe_41e14894f4ad9494e0359ee5bb3d9745684f4b9ea61e14a15e82cac25076c5afe2d30e3dad7ce0b1b375b24d81135c37
APT28_2014-10_TrendMicro Operation Pawn Storm550ABD71650BAEA05A0071C4E084A803CB413C31_Case2_skype.exe_7276d1dab1125f59604252159e0c529c81f0f5fcb3cb8a63e8a3713b4107b89d888cb722cb6c7586c7fcdb45f5310174
APT28_2014-10_TrendMicro Operation Pawn Storm55318328511961EC339DFDDCA0443068DCCE9CD2_Case3_conhost.dll_f1704aaf08cd66a2ac6cf8810c9e07c274bdd9c250b0f4f27c0ecfeca967f53b35265c785d67406cc5e981a807d741bd
APT28_2014-10_TrendMicro Operation Pawn Storm5A452E7248A8D3745EF53CF2B1F3D7D8479546B9_Case3_netui.dll_keylogaa3e6af90c144112a1ad0c19bdf873ff4536650c9c5e5e1bb57d9bedf7f9a543d6f09addf857f0d802fb64e437b6844a
APT28_2014-10_TrendMicro Operation Pawn Storm6ADA11C71A5176A82A8898680ED1EAA4E79B9BC3_Case1_Letter to IAEA.pdf_decoy76d3eb8c2bed4f2588e22b8d0984af86b0f1f553a847f3244f434541edbf26904e2de18cca8db8f861ea33bb70942b61
APT28_2014-10_TrendMicro Operation Pawn Storm6B875661A74C4673AE6EE89ACC5CB6927CA5FD0D_Case2Payload2_ netids.dll_42bc93c0caddf07fce919d126a6e378f9392776d6d8e697468ab671b43dce2b7baf97057b53bd3517ecd77a081eff67d
APT28_2014-10_TrendMicro Operation Pawn Storm72CFD996957BDE06A02B0ADB2D66D8AA9C25BF37_Case1_saver.scr_ed7f6260dec470e81dafb0e63bafb5ae7313eaf95a8a8b4c206b9afe306e7c0675a21999921a71a5a16456894571d21d
APT28_2014-10_TrendMicro Operation Pawn Storm78D28072FDABF0B5AAC5E8F337DC768D07B63E1E_Case5_IDF_Spokesperson_Terror_Attack_011012.doc_1ac15db72e6d4440f0b4f710a516b1650cccb9d951ba888c0c37bb0977fbb3682c09f9df1b537eede5a1601e744a01ad
APT28_2014-10_TrendMicro Operation Pawn Storm7FBB5A2E46FACD3EE0C945F324414210C2199FFB_Case5payload_saver.scr_c16b07f7590a8620a8f0f687b0bd8bd8cb630234494f2424d8e158c6471f0b6d0643abbdf2f3e378bc2f68c9e7bca9eb
APT28_2014-10_TrendMicro Operation Pawn Storm88F7E271E54C127912DB4DB49E37D93AEA8A49C9_Case3_download_msmvs.exe_66f368cab3d5e64475a91f636c87af15e8ac9acc6fa3283276bbb77cff2b54d963066659b65e48cd8803a2007839af25
APT28_2014-10_TrendMicro Operation Pawn Storm8DEF0A554F19134A5DB3D2AE949F9500CE3DD2CE_Case6_dropper_filee.dll_16a6c56ba458ec718b4e9bc8f9f10785ce554d57333bdbccebb5e2e8d16a304947981e48ea2a5cc3d5f4ced7c1f56df3
APT28_2014-10_TrendMicro Operation Pawn Storm956D1A36055C903CB570890DA69DEABAACB5A18A_Case2_International Military.rtf_d994b9780b69f611284e22033e435edb342e1f591ab45fcca6cee7f5da118a99dce463e222c03511c3f1288ac2cf82c8
APT28_2014-10_TrendMicro Operation Pawn Storm9C622B39521183DD71ED2A174031CA159BEB6479_Case3_conhost.dll__d4e99548832b6999f00e8d223c6fabbdd5debe5d88e76a409b9bc3f69a02a7497d333934d66f6aaa30eb22e45b81a9ab
APT28_2014-10_TrendMicro Operation Pawn StormA8551397E1F1A2C0148E6EADCB56FA35EE6009CA_Case6_Coreshell.dll_48656a93f9ba39410763a2196aabc67fc8087186a215553d2f95c68c03398e17e67517553f6e9a8adc906faa51bce946
APT28_2014-10_TrendMicro Operation Pawn StormA90921C182CB90807102EF402719EE8060910345_Case4_APEC Media list 2013 Part1.xls_aeebfc9eb9031e423797a5af1985242de8d3f1e4e0d7c19e195d92be5cb6b3617a0496554c892e93b66a75c411745c05
APT28_2014-10_TrendMicro Operation Pawn StormAC6B465A13370F87CF57929B7CFD1E45C3694585_Case4Payload_dw20.t_e1554b931affb3cd2edc90bc580280785ab8ef93fdeaac9af258845ab52c24d31140c8fffc5fdcf465529c8e00c508ac
APT28_2014-10_TrendMicro Operation Pawn StormB3098F99DB1F80E27AEC0C9A5A625AEDAAB5899A_APEC Media list 2013 Part2.xls_decoybebb3675cfa4adaba7822cc8c39f55bf8fc4fe966ef4e7ecf635283a6fa6bacd8586ee8f0d4d39c6faffd49d60b01cb9
APT28_2014-10_TrendMicro Operation Pawn StormBC58A8550C53689C8148B021C917FB4AEEC62AC1_Case5Payload_install.exe_c43edb579e43aaeb6f0c0703f84e43f77dd063acdfb00509b3b06718b39ae53e2ff2fc080094145ce138abb1f2253de4
APT28_2014-10_TrendMicro Operation Pawn StormC5CE5B7D10ACCB04A4E45C3A4DCF10D16B192E2F_Case1Payload_netids.dll_85c80d01661f88ec556579e772a5a3db461f5340f9ea47344f86bb7302fbaaa0567605134ec880eef34fa9b40926eb70
APT28_2014-10_TrendMicro Operation Pawn StormD0AA4F3229FCD9A57E9E4F08860F3CC48C983ADDml.rtfa24d2f5258f8a0c3bddd1b5636b0ec57992caa9e8de503fb304f97d1ab0b92202d2efb0d1353d19ce7bec512faf76491
APT28_2014-10_TrendMicro Operation Pawn StormDAE7FAA1725DB8192AD711D759B13F8195A18821_Case6_MH17.doc_decoy388594cd1bef96121be291880b22041aadf344f12633ab0738d25e38f40c6adc9199467838ec14428413b1264b1bf540
APT28_2014-10_TrendMicro Operation Pawn StormE338A57C35A4732BBB5F738E2387C1671A002BCB_Case6_advstoreshell.dll_d7a625779df56d874871bb632f3e310611097a7a3336e0ab124fa921b94e3d51c4e9e4424e140e96127bfcf1c10ef110
APT28_2014-10_TrendMicro Operation Pawn StormF542C5F9259274D94360013D14FFBECC43AAE552_Case5Decoy_IDF_Spokesperson_Terror_Attack_011012.doc_77aa465744061b4b725f73848aebdff691f750f422fd3ff361fabca02901830ef3f6e5829f6e8db9c1f518a1a3cac08c
APT28_2014-10_TrendMicro Operation Pawn Stormwp-operation-pawn-storm.pdfce254486b02be740488c0ab3278956fd9b8495ff1d023e3ae7aed799f02d9cf24422a38dfb9ed37c0bdc65da55b4ee42
APT28APT28_2015-07_Digital Attack on German Parliament
APT28_2015-07_Digital Attack on German Parliament0450AAF8ED309CA6BAF303837701B5B23AAC6F05_servicehost.dll_800af1c9d341b846a856a1e686be6a3e566ab945f61be016bfd9e83cc1b64f783b9b8deb891e6d504d3442bc8281b092
APT28_2015-07_Digital Attack on German ParliamentCDEEA936331FCDD8158C876E9D23539F8976C305_exe_5e70a5c47c6b59dae7faf0f2d62b28b3730a0e3daf0b54f065bdd2ca427fbe10e8d4e28646a5dc40cbcfb15e1702ed9a
APT28_2015-07_Digital Attack on German ParliamentDigital Attack on German Parliament_ Investigative Report on the Hack of the Left Party Infrastructure in Bundestag _ netzpolitik.pdf28d4cc2a378633e0ad6f3306cc067c43e83e2185f9e1a5dbc550914dcbc7a4d0f8b30a577ddb4cd8a0f36ac024a68aa0
APT28_2015-07_Digital Attack on German ParliamentF46F84E53263A33E266AAE520CB2C1BD0A73354E_winexesvc.exe_77e7fb6b56c3ece4ef4e93b6dc608be05130f600cd9a9cdc82d4bad938b20cbd2f699aadb76e7f3f1a93602330d9997d
APT28APT28_2015-07_ESET_Sednit_meet_Hacking
APT28_2015-07_ESET_Sednit_meet_Hacking51B0E3CD6360D50424BF776B3CD673DD45FD0F97.exe_973e0c922eb07aad530d8a1de19c77557c4101caf833aa9025fec4f04a637c049c929459ad3e4023ba27ac72bde7638d
APT28_2015-07_ESET_Sednit_meet_HackingB8B3F53CA2CD64BD101CB59C6553F6289A72D9BBdll_dcf6906a9a0c970bcd93f451b9b7932a9a527274f99865a7d70487fe22e62f692f8b239d6cb80816b919734c7c741584
APT28_2015-07_ESET_Sednit_meet_HackingD43FD6579AB8B9C40524CC8E4B7BD05BE6674F6C_warfsgfdydcikf.mkv.swf_557f8d4c6f8b386c32001def807dc71584ad945d1ab58591efb21b863320f533c53b2398a1bc690d221e1c1c77fa27ff
APT28APT28_2015-07_Telus_Trojan-Downloader.Win32.Sofacy.B
APT28_2015-07_Telus_Trojan-Downloader.Win32.Sofacy.BB8B3F53CA2CD64BD101CB59C6553F6289A72D9BB.dll_dcf6906a9a0c970bcd93f451b9b7932a9a527274f99865a7d70487fe22e62f692f8b239d6cb80816b919734c7c741584
APT28APT28_2015-09_Root9_APT28_Technical_Followup
APT28_2015-09_Root9_APT28_Technical_Followup0450AAF8ED309CA6BAF303837701B5B23AAC6F05_servicehost.dll_800af1c9d341b846a856a1e686be6a3e566ab945f61be016bfd9e83cc1b64f783b9b8deb891e6d504d3442bc8281b092
APT28_2015-09_Root9_APT28_Technical_FollowupCDEEA936331FCDD8158C876E9D23539F8976C305_exe_5e70a5c47c6b59dae7faf0f2d62b28b3730a0e3daf0b54f065bdd2ca427fbe10e8d4e28646a5dc40cbcfb15e1702ed9a
APT28_2015-09_Root9_APT28_Technical_FollowupF46F84E53263A33E266AAE520CB2C1BD0A73354E_winexesvc.exe_77e7fb6b56c3ece4ef4e93b6dc608be05130f600cd9a9cdc82d4bad938b20cbd2f699aadb76e7f3f1a93602330d9997d
APT28APT28_2015-09_SFecure_Sofacy-recycles-carberp-and-metasploit-code
APT28_2015-09_SFecure_Sofacy-recycles-carberp-and-metasploit-codeDlls
Dlls21835AAFE6D46840BB697E8B0D4AAC06DEC44F5B211b7100fd799e9eaabeb13cfa4462313d13f2e5b241168005425b15410556bcf26d04078da6b2ef42bc0c2be7654bf8
Dlls3B52046DD7E1D5684EABBD9038B651726714AB69d535c3fc5f0f98e021bea0d6277d2559d4525abc9dd2b7ab7f0c22e58a0117980039afdf15bed04bb0c637cd41fbfb9d
Dlls5C3E709517F41FEBF03109FA9D597F2CCC495956ac75fd7d79e64384b9c4053b37e5623f0ac7b666814fd016b3d21d7812f4a272104511f90ca666fa13e9fb6cefa603c7
Dlls7319A2751BD13B2364031F1E69035ACFC4FD4D18c0d1762561f8c2f812d868a3939d23f08325cd6e26fb39cf7a08787e771a6cf708e0b45350d1ea239982af06db90804f
Dlls9FC43E32C887B7697BF6D6933E9859D29581EAD0a3c757af9e7a9a60e235d08d54740fbcbf28267386a010197a50b65f24e815aa527f2adbc53c609d2b2a4f999a639413
DllsAC61A299F81D1CFF4EA857AFD1B323724AAC3F04acf8cda38b0d1b6a0d3664a0e33deb96638e7ca68643d4b01432f0ecaaa0495b805cc3cccc17a753b0fa511d94a22bdd
DllsB8B3F53CA2CD64BD101CB59C6553F6289A72D9BBdcf6906a9a0c970bcd93f451b9b7932a9a527274f99865a7d70487fe22e62f692f8b239d6cb80816b919734c7c741584
DllsD3AA282B390A5CB29D15A97E0A046305038DBEFE18efc091b431c39d3e59be445429a7bceae782130b06d95f3373ff7d5c0977a8019960bdf80614c1aa7e324dc350428a
DllsD85E44D386315B0258847495BE1711450AC02D9Fc4ffab85d84b494e1c450819a0e9c7db500fa112a204b6abb365101013a17749ce83403c30cd37f7c6f94e693c2d492f
DllsED9F3E5E889D281437B945993C6C2A80C60FDEDC2dfc90375a09459033d430d046216d22261b0a5912965ea95b8ae02aae1e761a61f9ad3a9fb85ef781e62013d6a21368
DllsF7608EF62A45822E9300D390064E667028B75DEA75f71713a429589e87cf2656107d2bfcb6fff95a74f9847f1a4282b38f148d80e4684d9c35d9ae79fad813d5dc0fd7a9
APT28_2015-09_SFecure_Sofacy-recycles-carberp-and-metasploit-codeDroppers
Droppers015425010BD4CF9D511F7FCD0FC17FC17C23EEC1c2a0344a2bbb29d9b56d378386afcbed63d0b28114f6277b901132bc1cc1f541a594ee72f27d95653c54e1b73382a5f6
Droppers4FAE67D3988DA117608A7548D9029CADDBFB3EBFc6a80316ea97218df11e11125337233ab0b3f0d6e6c593e2a2046833080574f98566c48a1eda865b2e110cd41bf31a31
Droppers51B0E3CD6360D50424BF776B3CD673DD45FD0F97973e0c922eb07aad530d8a1de19c77557c4101caf833aa9025fec4f04a637c049c929459ad3e4023ba27ac72bde7638d
Droppers63D1D33E7418DAF200DC4660FC9A59492DDD50D92d4eaa0331abbc6d867f5f979b2c890db4f755c91c2790f4ab9bac4ee60725132323e13a2688f3d8939ae9ed4793d014
DroppersB4A515EF9DE037F18D96B9B0E48271180F5725B7afe09fb5a2b97f9e119f70292092604ed93f22d46090bfc19ef51963a781eeb864390c66d9347e86e03bba25a1fc29c5
DroppersB7788AF2EF073D7B3FB84086496896E7404E625Eeda061c497ba73441994a30e36f55b1db1800cb1d4b755e05b0fca251b8c6da96bb85f8042f2d755b7f607cbeef58db8
DroppersB8AABE12502F7D55AE332905ACEE80A10E3BC39991381cd82cdd5f52bbc7b30d34cb8d831a09ce8a9210d2530d6ce1d59bfae2ac617ac89558cdcdcac15392d176e70c8d
DroppersF3D50C1F7D5F322C1A1F9A72FF122CAC990881EE77089c094c0f2c15898ff0f021945148eb6620442c3ab327f3ccff1cc6d63d6ffe7729186f7e8ac1dbbbfddd971528f0
APT28APT28_2015-10_New Adobe Flash Zero-Day Used in Pawn Storm
APT28_2015-10_New Adobe Flash Zero-Day Used in Pawn Storm2DF498F32D8BAD89D0D6D30275C19127763D5568763D5568.swf_6ca857721be6fff26b10867c99bd8c80b4064721d911e9606edf366173325945f9e940e489101e7d0747103c0e905126
APT28_2015-10_New Adobe Flash Zero-Day Used in Pawn StormA5FCA59A2FAE0A12512336CA1B78F857AFC06445AFC06445_ mgswizap.dll_f1d3447a2bff56646478b0adb7d0451c5a414a39851c4e22d4f9383211dfc080e16e2caffd90fa06dcbe51d11fdb0d6c
APT28APT28_2015-10_Root9_APT28_targets Financial Markets
APT28_2015-10_Root9_APT28_targets Financial Markets0450AAF8ED309CA6BAF303837701B5B23AAC6F05_servicehost.dll_800af1c9d341b846a856a1e686be6a3e566ab945f61be016bfd9e83cc1b64f783b9b8deb891e6d504d3442bc8281b092
APT28_2015-10_Root9_APT28_targets Financial MarketsF325970FD24BB088F1BEFDAE5788152329E26BF3_SupUpNvidia.exe_0369620eb139c3875a62e36bb7abdae8b1f2d461856bb6f2760785ee1af1a33c71f84986edf7322d3e9bd974ca95f92d
APT28APT28_2015-12_Bitdefender_In-depth_analysis_of_APT28â€"The_Political_Cyber-Espionage
APT28_2015-12_Bitdefender_In-depth_analysis_of_APT28â€"The_Political_Cyber-EspionageBitdefender_In-depth_analysis_of_APT28â€"The_Political_Cyber-Espionage.pdf1a5d89f6fd3f1ed5f4e76084b0fa7806a76b1ec9d196b5c071992486d096ad475226e92b6db06c351e3a4ad4e4949248
APT28_2015-12_Bitdefender_In-depth_analysis_of_APT28â€"The_Political_Cyber-EspionageCB796F2986700DF9CE7D8F8D7A3F47F2EB4DF682_xp.exe_APT2878450806e56b1f224d00455efcd04ce3b29a16ec907997e523f97e77b885d4a8c19cb81b1abf6ee51eee54f37eecf3ff
APT28_2015-12_Bitdefender_In-depth_analysis_of_APT28â€"The_Political_Cyber-EspionageF080E509C988A9578862665B4FCF1E4BF8D77C3E_Linux.Fysbis.A_ksysdefd_elf_APT28075b6695ab63f36af65f7ffd45cccd3902c7cf55fd5c5809ce2dce56085ba43795f2480423a4256537bfdfda0df85592
APT28_2015-12_Bitdefender_In-depth_analysis_of_APT28â€"The_Political_Cyber-EspionageSIMILAR
SIMILAR356d03f6975f443d6db6c5069d778af9_exe_356d03f6975f443d6db6c5069d778af93f14fc9c29763da76dcbc8a2aaa61658781d1b215ee322a0ebfa554d8658d22b
SIMILAR78450806e56b1f224d00455efcd04ce3_xp.exe_APT2878450806e56b1f224d00455efcd04ce3b29a16ec907997e523f97e77b885d4a8c19cb81b1abf6ee51eee54f37eecf3ff
SIMILARe49bce75070a7a3c63a7cebb699342b3_CVE-2014-4076_tan.exe_e49bce75070a7a3c63a7cebb699342b316d49a40333f584b19606733b4deef1b9ecace2c32950010ad1450b44ce3716e
APT28APT28_2015-12_Kaspersky_Sofacy APT hits high profile targets
APT28_2015-12_Kaspersky_Sofacy APT hits high profile targets1A4F39C0262822B0623213B8ED3F56DEE0117CD59_tf394kv.dll_8c4d896957c36ec4abeb07b2802268b96cd30c85dd8a64ca529c6eab98a757fb326de639a39b597414d5340285ba91c6
APT28_2015-12_Kaspersky_Sofacy APT hits high profile targets1A4F39C0262822B0623213B8ED3F56DEE0117CD5_tf394kv.dll_8c4d896957c36ec4abeb07b2802268b96cd30c85dd8a64ca529c6eab98a757fb326de639a39b597414d5340285ba91c6
APT28_2015-12_Kaspersky_Sofacy APT hits high profile targets314EF7909CA0ED3A744D2F59AB5AC8B8AE259319.dll_(4.3)AZZYimplants-USBStealerf6f88caf49a3e32174387cacfa144a89e917166adf6e1135444f327d8fff6ec6c6a8606d65dda4e24c2f416d23b69d45
APT28_2015-12_Kaspersky_Sofacy APT hits high profile targets3E2E245B635B04F006A0044388BD968DF9C3238C_IGFSRVC.dll_USBStealerce151285e8f0e7b2b90162ba171a4b904e4606313c423b681e11110ca5ed3a2b2632ec6c556b7ab9642372ae709555f3
APT28_2015-12_Kaspersky_Sofacy APT hits high profile targets776C04A10BDEEC9C10F51632A589E2C52AABDF48_USBGuard.exe_8cb08140ddb00ac373d29d37657a03cc690b483751b890d487bb63712e5e79fca3903a5623f22416db29a0193dc10527
APT28_2015-12_Kaspersky_Sofacy APT hits high profile targetsAF86743852CC9DF557B62485715AF4C6D73644D3_AZZY4.3installerc3ae4a37094ecfe95c2badecf40bf5bb67ecc3b8c6057090c7982883e8d9d0389a8a8f6e8b00f9e9b73c45b008241322
APT28_2015-12_Kaspersky_Sofacy APT hits high profile targetsC78FCAE030A66F388BF8CEA569422F5A79B7B96C_tmpdt.tmp_(4.3)AZZYimplantce8b99df8642c065b6af43fde1f786a31bab1a3e0e501d3c14652ecf60870e483ed4e90e500987c35489f17a44fef26c
APT28_2015-12_Kaspersky_Sofacy APT hits high profile targetsC78FCAE030A66F388BF8CEA569422F5A79B7B96C_tmpdt.tmp__ce8b99df8642c065b6af43fde1f786a31bab1a3e0e501d3c14652ecf60870e483ed4e90e500987c35489f17a44fef26c
APT28_2015-12_Kaspersky_Sofacy APT hits high profile targetsE251B3EB1449F7016DF78D113571BEA57F92FC36c_servicehost.dll_USBStealer8b238931a7f64fddcad3057a96855f6c92dcb0d8394d0df1064e68d90cd90a6ae5863e91f194cbaac85ec21c202f581f
APT28_2015-12_Kaspersky_Sofacy APT hits high profile targetsE3B7704D4C887B40A9802E0695BAE379358F3BA0_Stand-aloneAZZYbackdoora96f4b8ac7aa9dbf4624424b7602d4f7a9dc96d45702538c2086a749ba2fb467ba8d8b603e513bdef62a024dfeb124cb
APT28_2015-12_Kaspersky_Sofacy APT hits high profile targetsF325970FD24BB088F1BEFDAE5788152329E26BF3_SupUpNvidia.exe_USBStealer0369620eb139c3875a62e36bb7abdae8b1f2d461856bb6f2760785ee1af1a33c71f84986edf7322d3e9bd974ca95f92d
APT28APT28_2015_06_Microsoft_Security_Intelligence_Report_V19
APT28_2015_06_Microsoft_Security_Intelligence_Report_V190450AAF8ED309CA6BAF303837701B5B23AAC6F05_servicehost.dll_800af1c9d341b846a856a1e686be6a3e566ab945f61be016bfd9e83cc1b64f783b9b8deb891e6d504d3442bc8281b092
APT28_2015_06_Microsoft_Security_Intelligence_Report_V191535D85BEE8A9ADB52E8179AF20983FB0558CCB3.exe_4ac8d16ff796e825625ad1861546e2e88c488b029188e3280ed3614346575a4a390e0dda002bca08c0335210a6202949
APT28APT28_2016-02_PaloAlto_Fysbis Sofacy Linux Backdoor
APT28_2016-02_PaloAlto_Fysbis Sofacy Linux Backdoor9444D2B29C6401BC7C2D14F071B11EC9014AE040_Fysbis_elf_364ff454dcf00420cff13a57bcb784678bca0031f3b691421cb15f9c6e71ce193355d2d8cf2b190438b6962761d0c6bb
APT28_2016-02_PaloAlto_Fysbis Sofacy Linux BackdoorA Look Into Fysbis_ Sofacy’s Linux Backdoor - Palo Alto Networks Blog.pdf9a6b771c934415f74a203e0dfab9edbe1b6c3e6ef673f14536ff8d7c2bf18f9358a9a7f8962a24e2255f54ac451af86c
APT28_2016-02_PaloAlto_Fysbis Sofacy Linux BackdoorECDDA7ACA5C805E5BE6E0AB2017592439DE7E32C_ksysdefd_elfe107c5c84ded6cd9391aede7f04d64c8fd8b2ea9a2e8a67e4cb3904b49c789d57ed9b1ce5bebfe54fe3d98214d6a0f61
APT28_2016-02_PaloAlto_Fysbis Sofacy Linux BackdoorF080E509C988A9578862665B4FCF1E4BF8D77C3E075b6695ab63f36af65f7ffd45cccd3902c7cf55fd5c5809ce2dce56085ba43795f2480423a4256537bfdfda0df85592
APT29 APT29_2016-06_Crowdstrike_Bears in the Midst Intrusion into the Democratic National Committee
APT29_2016-06_Crowdstrike_Bears in the Midst Intrusion into the Democratic National Committee0B3852AE641DF8ADA629E245747062F889B26659.exe_cc9e6578a47182a941a478b276320e06fd39d2837b30e7233bc54598ff51bdc2f8c418fa5b94dea2cadb24cf40f395e5
APT29_2016-06_Crowdstrike_Bears in the Midst Intrusion into the Democratic National Committee74C190CD0C42304720C686D50F8184AC3FADDBE9.exe_19172b9210295518ca52e93a29cfe8f440ae43b7d6c413becc92b07076fa128b875c8dbb4da7c036639eccf5a9fc784f
APT29_2016-06_Crowdstrike_Bears in the Midst Intrusion into the Democratic National CommitteeBears in the Midst_ Intrusion into the Democratic National Committee ».pdfdd5e31f9d323e6c3e09e367e6bd0e7b12d815b11f3b916bdc27b049402f5f1c024cffe2318a4f27ebfa3b8a9fffe2880
APT29_2016-06_Crowdstrike_Bears in the Midst Intrusion into the Democratic National CommitteeCB872EDD1F532C10D0167C99530A65C4D4532A1E.exe_ce227ae503e166b77bf46b6c8f5ee4dab101cd29e18a515753409ae86ce68a4cedbe0d640d385eb24b9bbb69cf8186ae
APT29_2016-06_Crowdstrike_Bears in the Midst Intrusion into the Democratic National CommitteeE2B98C594961AAE731B0CCEE5F9607080EC57197_pagemgr.exe_004b55a66b3a86a1ce0a0b9b69b959766c1bce76f4d2358656132b6b1d471571820688ccdbaca0d86d0ca082b9390536
APT29_2016-06_Crowdstrike_Bears in the Midst Intrusion into the Democratic National CommitteeF09780BA9EB7F7426F93126BC198292F5106424B_VmUpgradeHelper.exe_9e7053a4b6c9081220a694ec93211b4e4845761c9bed0563d0aa83613311191e075a9b58861e80392914d61a21bad976
APT28APT28_2016-07_Invincea_Tunnel of Gov DNC Hack and the Russian XTunnel
APT28_2016-07_Invincea_Tunnel of Gov DNC Hack and the Russian XTunnelE2101519714F8A4056A9DE18443BC6E8A1F1B977_PortMapClient.exe_ad44a7c5e18e9958dda66ccfc406cd44b81b10bdf4f29347979ea8a1715cbfc560e3452ba9fffcc33cd19a3dc47083a4
APT28_2016-07_Invincea_Tunnel of Gov DNC Hack and the Russian XTunnelF09780BA9EB7F7426F93126BC198292F5106424B_VmUpgradeHelper.exe_9e7053a4b6c9081220a694ec93211b4e4845761c9bed0563d0aa83613311191e075a9b58861e80392914d61a21bad976
APT28_2016-07_Invincea_Tunnel of Gov DNC Hack and the Russian XTunnelTunnel of Gov_ DNC Hack and the Russian XTunnel _ Invincea.pdfb1b88f78c2f4393d437da4ce743ac5e8fb0cb4527efc48c90a2cd3e9e46ce59eaa280c85c50d7b680c98bb159c27881d
APT28APT28_2016-10_ESET_Observing the Comings and Goings
APT28_2016-10_ESET_Observing the Comings and Goingseset-sednit-part-2.pdfc3c278991ad051fbace1e2f3a4c20998f9ed13d5aa43c74287a936bf52772080fc26b5c62a805e19abceb20ef08ea5ff
APT28_2016-10_ESET_Observing the Comings and GoingsSedreco-dropper
Sedreco-dropper4F895DB287062A4EE1A2C5415900B56E2CF158425363e5cc28687b7dd71f1e257eab2d5dd403ded7c4acfffe8dc2a3ad8fb848f08388b4c3452104f6970835913d92166c
Sedreco-dropper87F45E82EDD63EF05C41D18AEDDEAC00C49F1AEE9617f3948b1886ebc95689c02d2cf264378ef276eeaa4a29dab46d114710fc14ba0a9f964f6d949bcbc5ed3267579892
Sedreco-dropper8EE6CEC34070F20FD8AD4BB202A5B08AEA22ABFA30cda69cf82637dfa2ffdc803bf2aead20ac1420eade0bdb464cd9f6d26a84094271b252c0650a7853721d8e928f6e6c
Sedreco-dropper9E779C8B68780AC860920FCB4A8E700D97F084EFf686304cff9b35ea0d7647820ab525ba2c81023a146d2b5003d2b0c617ebf2eb1501dc6e55fc6326e834f05f5558c0ec
Sedreco-dropperC23F18DE9779C4F14A3655823F235F8E221D0F6A9f82abbaebc1093a187f1887df2cf926ec2f14916e0b52fb727111962dff9846839137968e32269a82288aee9f227bd4
Sedreco-dropperE034E0D9AD069BAB5A6E68C1517C15665ABE67C96a24be8f61bcd789622dc55ebb7db90bfb3a3339e2ba82cb3dcdc43d0e49e7b8a26ced3a587f5ee15a256aee062e6e05
Sedreco-dropperE17615331BDCE4AFA45E4912BDCC989EACF284BC5e93cf87040cf225ab5b5b9f9f0a0d036bbec6b2927325891cc008d3378d30941fe9d21e5c9bd6459e8e3ba8c78833c2
APT28_2016-10_ESET_Observing the Comings and GoingsSedreco_payload
Sedreco_payload04301B59C6EB71DB2F701086B617A98C6E026872cf30b7550f04a9372c3257c9b5cff3e937bf2c811842972314956434449fd294e793b43c1a7b37cfe41af4fcc07d329d
Sedreco_payload11AF174294EE970AC7FD177746D23CDC8FFB92D79422ca55f7fca4449259d8878ede5e47ba1c02aa6c12794a33c4742e62cbda3c17def08732f3fbaeb801f1806770b9a0
Sedreco_payloadE3B7704D4C887B40A9802E0695BAE379358F3BA0a96f4b8ac7aa9dbf4624424b7602d4f7a9dc96d45702538c2086a749ba2fb467ba8d8b603e513bdef62a024dfeb124cb
APT28_2016-10_ESET_Observing the Comings and GoingsXAgent-LIN
XAgent-LIN7E33A52E53E85DDB1DC8DC300E6558735ACF10CEfd8d1b48f91864dc5acb429a49932ca3dd8facad6c0626b6c94e1cc891698d4982782a5564aae696a218c940b7b8d084
XAgent-LIN9444D2B29C6401BC7C2D14F071B11EC9014AE040364ff454dcf00420cff13a57bcb784678bca0031f3b691421cb15f9c6e71ce193355d2d8cf2b190438b6962761d0c6bb
XAgent-LINECDDA7ACA5C805E5BE6E0AB2017592439DE7E32Ce107c5c84ded6cd9391aede7f04d64c8fd8b2ea9a2e8a67e4cb3904b49c789d57ed9b1ce5bebfe54fe3d98214d6a0f61
XAgent-LINF080E509C988A9578862665B4FCF1E4BF8D77C3E075b6695ab63f36af65f7ffd45cccd3902c7cf55fd5c5809ce2dce56085ba43795f2480423a4256537bfdfda0df85592
APT28_2016-10_ESET_Observing the Comings and GoingsXAgent-WIN
XAgent-WIN072933FA35B585511003F36E3885563E1B55D55A99b93cfcff258eb49e7af603d779a146c19d266af9e33dae096e45e7624ab3a3f642c8de580e902fec9dac11bcb8d3fd
XAgent-WIN082141F1C24FB49981CC70A9ED50CDA582EE04DD7a055cbe6672f77b2271c1cb8e2670b899d3f03fc6f048c74e58da6fb7ea1e831ba31d58194ad2463a7a6cd55da5f96b
XAgent-WIN08C4D755F14FD6DF76EC86DA6EAB1B5574DFBAFD26ac59dab32f6246e1ce3da7506d48fa5f6b2a0d1d966fc4f1ed292b46240767f4acb06c13512b0061b434ae2a692fa1
XAgent-WIN0F04DAD5194F97BB4F1808DF19196B04B4AEE1B88b6d824619e993f74973eedfaf18be78972e907a901a7716f3b8f9651eadd65a0ce09bbc78a1ceacff6f52056af8e8f4
XAgent-WIN3403519FA3EDE4D07FB4C05D422A9F8C026CEDBF113cc4a88fd28ea4398e312093a6a4d5ddab96e4a8e909065e05c4b6a73ba351ea45ad4806258f41ac3cecbcae8671a6
XAgent-WIN499FF777C88AEACBBAA47EDDE183C944AC7E91D2ea726d3e8f6516807366584f3c5b5e2a82c4e9bc100533482a15a1d756d55e1a604d330eff8fbc0e13c4b166ac2c9bd3
XAgent-WIN4B74C90C9D9CE7668AA9EB09978C1D8D4DFDA24A409848dabfd110f4d373dd0a97ff708e24e11c80f1d4c1e9db654d54cc784db6b5f4a126f9fe5e26c269fdc4009c8f29
XAgent-WIN4BC32A3894F64B4BE931FF20390712B4EC60548857cc08213ab8b6d4a538e4568d00a123b23193bff95c4e65af0c9848036eb80ef006503a78be842e921035f8d77eb5de
XAgent-WIN5F05A8CB6FEF24A91B3BD6C137B23AB3166F39AE9ca6ead1384953d787487d399c23cb4107393ac2e890772f70adf9e8d3aa07ab2f98e2726e3be275276dadd00daf5fc6
XAgent-WIN71636E025FA308FC5B8065136F3DD692870CB8A496ed0a7976e57ae0bb79dcbd67e39743ea957d663dbc0b28844f6aa7dfdc5ac0110a4004ac46c87d0f1aa943ef253cfe
XAgent-WIN780AA72F0397CB6C2A78536201BD9DB4818FA02Aeffd7b2411975447fd36603445b380c7d0e019229493a1cfb3ffc918a2d8ffcbaee31f9132293c95b1f8c1fd6d595054
XAgent-WINA70ED3AE0BC3521E743191259753BE945972118B9a66142acfc7739f78c23ab1252db45b715f69916db9ff8fedf6630307f4ebb84aae6653fd0e593036517c5040d84dbe
XAgent-WINBAA4C177A53CFA5CC103296B07B62565E1C7799F9d1a09bb98bf1ee31f390b60b0cf724ddea4e560017b4da05e8fd0a03ba74239723349934ee8fbd201a79be1ecf1c32d
XAgent-WINC18EDCBA2C31533B7CDB6649A970DCE397F4B13C4265f6e8cc545b925912867ec8af2f11fc2dbfda41860b2385314c87e81f1ebb4f9ae1106b697e019841d8c3bf402570
XAgent-WINC2E8C584D5401952AF4F1DB08CF4B6016874DDAC078755389b98d17788eb5148e23109a654c4ce98970a44f92be748ebda9fcfb7b30e08d98491e7735be6dd287189cea3
XAgent-WIND00AC5498D0735D5AE0DEA42A1F477CF8B8B082612a9fff59de1663dec1b45ea2ede22f568065abd6482405614d245537600ea60857c6ec9febac4870486b5227589d35c
XAgent-WIND0DB619A7A160949528D46D20FC0151BF9775C32ee64d3273f9b4d80020c24edcbbf961ee031299fa1381b40c660b8cd831bb861654f900a1e2952b1a76bedf140972a81
XAgent-WINE816EC78462B5925A1F3EF3CDB3CAC6267222E72404eb3f7554392e85e56aed414db845594c220653ea7421c60e3eafd753a9ae9d69b475d61230f2f403789d326309c24
XAgent-WINF1EE563D44E2B1020B7A556E080159F64F3FD69958ca9243d35e529499dd17d27642b419bebe0be0cf8349706b2feb789572e035955209d5bf5d5fea0e5d29a7fbfdc7c4
APT28_2016-10_ESET_Observing the Comings and GoingsXtunnel
Xtunnel0450AAF8ED309CA6BAF303837701B5B23AAC6F05800af1c9d341b846a856a1e686be6a3e566ab945f61be016bfd9e83cc1b64f783b9b8deb891e6d504d3442bc8281b092
Xtunnel067913B28840E926BF3B4BFAC95291C9114D378702522ce47a8db9544f8877dace7e0833d2a6064429754571682f475b6b67f36526f1573d846182aab3516c2637fa1e81
Xtunnel1535D85BEE8A9ADB52E8179AF20983FB0558CCB34ac8d16ff796e825625ad1861546e2e88c488b029188e3280ed3614346575a4a390e0dda002bca08c0335210a6202949
Xtunnel42DEE38929A93DFD45C39045708C57DA15D7586Cae4ded48da0766d237ce2262202c3c96a2c9041ee1918523e67dbaf1c514f98609d4dbe451ba08657653bb41946fc89d
Xtunnel8F4F0EDD5FB3737914180FF28ED0E9CCA25BF4CCe766e048bd222cfd2b9cc1bf24125dac1289ee3d29967f491542c0bdeff6974aad6b37932e91ff9c746fb220d5edb407
Xtunnel982D9241147AAACF795174A9DAB0E645CF56B9220ebfac6dba63ff8b35cbd374ef33323ac9ef265fc0a174f3033ff21b8f0274224eb7154dca97f15cba598952be2fbace
Xtunnel99B454262DC26B081600E844371982A49D334E5Eac3e087e43be67bdc674747c665b46c2a979c5094f75548043a22b174aa10e1f2025371bd9e1249679f052b168e194b3
XtunnelC637E01F50F5FBD2160B191F6371C5DE2AC56DE4b2dc7c29cbf8d71d1dd57b474f1e04b9c6a9db52a3855d980a7f383dbe2fb70300a12b7a3a4f0a995e2ebdef769eaaca
XtunnelC91B192F4CD47BA0C8E49BE438D035790FF85E70672b8d14d1d3e97c24baf69d50937afc1c8869abf756e77e1b6d7d0ad5ca8f1cdce1a111315c3703e212fb3db174a6d5
XtunnelCDEEA936331FCDD8158C876E9D23539F8976C3055e70a5c47c6b59dae7faf0f2d62b28b3730a0e3daf0b54f065bdd2ca427fbe10e8d4e28646a5dc40cbcfb15e1702ed9a
XtunnelDB731119FCA496064F8045061033A5976301770D34651f2df01b956f1989da4b3ea4033860ee6fdca66444bdc2e4b00dc67a1b0fdee5a3cd9979815e0aab9ce6435262c6
XtunnelDE3946B83411489797232560DB838A802370EA711d1287d4a3ba5d02cca91f51863db7384dd8ab2471337a56b431433b7e8db2a659dc5d9dc5481b4209c4cddd07d6dc2b
XtunnelE945DE27EBFD1BAF8E8D2A81F4FB0D4523D85D6Acd1c521b6ae08fc97e3d69f242f00f9ed2e947a39714478983764b270985d2529ff682ffec9ebac792158353caf90ed3
APT28APT28_2016-10_ESET_Sednit A Mysterious Downloader
APT28_2016-10_ESET_Sednit A Mysterious Downloader1CC2B6B208B7687763659AEB5DCB76C5C2FBBF26.scr_006b418307c534754f055436a91848aa6507caba5835cad645ae80a081b98284032e286d97dabb98bbfeb76c3d51a094
APT28_2016-10_ESET_Sednit A Mysterious Downloader49ACBA812894444C634B034962D46F986E0257CF.exe_23ae20329174d44ebc8dbfa9891c62603e23201e6c52470e73a92af2ded12e6a5d1ad39538f41e762ca1c4b8d93c6d8d
APT28_2016-10_ESET_Sednit A Mysterious Downloader4C9C7C4FD83EDAF7EC80687A7A957826DE038DD7.exe_0eefeaf2fb78ebc49e7beba505da273d6ccc375923a00571dffca613a036f77a9fc1ee22d1fddffb90ab7adfbb6b75f1
APT28_2016-10_ESET_Sednit A Mysterious Downloader4F92D364CE871C1AEBBF3C5D2445C296EF535632.exe_9227678b90869c5a67a05defcaf21dfb79a508ba42247ddf92accbf5987b1ffc7ba20cd11806d332979d8a8fe85abb04
APT28_2016-10_ESET_Sednit A Mysterious Downloader516EC3584073A1C05C0D909B8B6C15ECB10933F1.exe_607a7401962eaf78b93676c9f5ca6a26ecd2c8e79554f226b69bed7357f61c75f1f1a42f1010d7baa72abe661a6c0587
APT28_2016-10_ESET_Sednit A Mysterious Downloader593D0EB95227E41D299659842395E76B55AA048D.exe_6cd2c953102792b738664d69ce41e080a13aa88c32eb020071c2c92f5364fd98f6dead7bcf71320731f05cd0a34a59db
APT28_2016-10_ESET_Sednit A Mysterious Downloader593D0EB95227E41D299659842395E76B55AA048D_dll_6cd2c953102792b738664d69ce41e080a13aa88c32eb020071c2c92f5364fd98f6dead7bcf71320731f05cd0a34a59db
APT28_2016-10_ESET_Sednit A Mysterious Downloader5C132AE63E3B41F7B2385740B9109B473856A6A5.dll_94ebc9ef5565f98b1aa1e97c6d35c2e0cfc60d5db3bfb4ec462d5e4bd5222f04d7383d2c1aec1dc2a23e3c74a166a93d
APT28_2016-10_ESET_Sednit A Mysterious Downloader5FC4D555CA7E0536D18043977602D421A6FD65F9.exe_81d9649612b05829476854bde71b8c3f1faf645c2b43cd78cc70df6bcbcd95e38f19d16ca2101de0b6a8fc31cac24c37
APT28_2016-10_ESET_Sednit A Mysterious Downloader669A02E330F5AFC55A3775C4C6959B3F9E9965CF.exe_a0f212fd0f103ca8beaf8362f74903a2a50cb9ce1f01ea335c95870484903734ba9cd732e7b3db16cd962878bac3a767
APT28_2016-10_ESET_Sednit A Mysterious Downloader6CAA48CD9532DA4CABD6994F62B8211AB9672D9E_bk.exe_9df2ddb2631ff5439c34f80ace40cd29f18fe2853ef0d4898085cc5581ae35b83fc6d1c46563dbc8da1b79ef9ef678eb
APT28_2016-10_ESET_Sednit A Mysterious Downloader7394EA20C3D510C938EF83A2D0195B767CD99ED7_x32.dll_d70f4e9d55698f69c5f63b1a2e1507eb471fbdc52b501dfe6275a32f89a8a6b02a2aa9a0e70937f5de610b4185334668
APT28_2016-10_ESET_Sednit A Mysterious Downloader9F3AB8779F2B81CAE83F62245AFB124266765939.exe_3430bf72d2694e428a73c84d5ac4a4b9b1900cb7d1216d1dbc19b4c6c8567d48215148034a41913cc6e59958445aebde
APT28_2016-10_ESET_Sednit A Mysterious DownloaderE8ACA4B0CFE509783A34FF908287F98CAB968D9E.exe_991ffdbf860756a4589164de26dd7ccf44e8d3ffa0989176e62b8462b3d14ad38ede5f859fd3d5eb387050f751080aa2
APT28_2016-10_ESET_Sednit A Mysterious DownloaderEE788901CD804965F1CD00A0AFC713C8623430C4.exe_93c589e9eaf3272bc0349d605b85c566f9c0303d07800ed7cba1394cd326bbe8f49c7c5e0e062be59a9749f6c51c6e69
APT28_2016-10_ESET_Sednit A Mysterious DownloaderEE788901CD804965F1CD00A0AFC713C8623430C46.exe_93c589e9eaf3272bc0349d605b85c566f9c0303d07800ed7cba1394cd326bbe8f49c7c5e0e062be59a9749f6c51c6e69
APT28_2016-10_ESET_Sednit A Mysterious Downloadereset-sednit-part3.pdfa7b4e01335aac544a12c6f88aab80cd92c7a60963b94b6fc924abdcb19da4d32f35c86cdfe2277b0081cd02c72435b48
APT28APT28_2016-10_ESET_Sednit Approaching the Target
APT28_2016-10_ESET_Sednit Approaching the Target015425010BD4CF9D511F7FCD0FC17FC17C23EEC1c2a0344a2bbb29d9b56d378386afcbed63d0b28114f6277b901132bc1cc1f541a594ee72f27d95653c54e1b73382a5f6
APT28_2016-10_ESET_Sednit Approaching the Target0F7893E2647A7204DBF4B72E50678545573C3A1035283c2e60a3cba6734f4f98c443d11fda43d39c749c121e99bba00ce809ca63794df3f704e7ad4077094abde4cf2a73
APT28_2016-10_ESET_Sednit Approaching the Target10686CC4E46CF3FFBDEB71DD565329A80787C439d7c471729bc124babf32945eb5706eb6bc8fec92eee715e77c762693f1ae2bbcd6a3f3127f1226a847a8efdc272e2cbc
APT28_2016-10_ESET_Sednit Approaching the Target17661A04B4B150A6F70AFDABE3FD9839CC56BEE8a579d53a1d29684de6d2c0cbabd525c56562e2ac60afa314cd463f771fcfb8be70f947f6e2b314b0c48187eebb33dd82
APT28_2016-10_ESET_Sednit Approaching the Target21835AAFE6D46840BB697E8B0D4AAC06DEC44F5B211b7100fd799e9eaabeb13cfa4462313d13f2e5b241168005425b15410556bcf26d04078da6b2ef42bc0c2be7654bf8
APT28_2016-10_ESET_Sednit Approaching the Target2663EB655918C598BE1B2231D7C018D8350A0EF9540e4a7a28ca1514e53c2564993d8d8731dd3e3c05fabbfeafbcb7f5616dba30bbb2b1fc77dba6f0250a2c3270c0dd6b
APT28_2016-10_ESET_Sednit Approaching the Target2C86A6D6E9915A7F38D119888EDE60B38AB1D69D56e011137b9678f1fcc54f9372198bae69d5123a277dc1f618be5edcc95938a0df148c856d2e1231a07e2743bd683e01
APT28_2016-10_ESET_Sednit Approaching the Target351C3762BE9948D01034C69ACED97628099A90B083cf67a5d2e68f9c00fbbe6d7d9203bf853dbbba09e2463c45c0ad913d15d67d15792d888f81b4908b2216859342aa04
APT28_2016-10_ESET_Sednit Approaching the Target3956CFE34566BA8805F9B1FE0D2639606A404CD4dffb22a1a6a757443ab403d61e760f0c0356f5fa9907ea060a7d6964e65f019896deb1c7e303b7ba04da1458dc73a842
APT28_2016-10_ESET_Sednit Approaching the Target4D5E923351F52A9D5C94EE90E6A00E6FCED733EF6159c094a663a171efd531b23a46716de00eaf295a28f5497dbb5cb8f647537b6e55dd66613505389c24e658d150972c
APT28_2016-10_ESET_Sednit Approaching the Target4FAE67D3988DA117608A7548D9029CADDBFB3EBFc6a80316ea97218df11e11125337233ab0b3f0d6e6c593e2a2046833080574f98566c48a1eda865b2e110cd41bf31a31
APT28_2016-10_ESET_Sednit Approaching the Target51B0E3CD6360D50424BF776B3CD673DD45FD0F97973e0c922eb07aad530d8a1de19c77557c4101caf833aa9025fec4f04a637c049c929459ad3e4023ba27ac72bde7638d
APT28_2016-10_ESET_Sednit Approaching the Target51E42368639D593D0AE2968BD2849DC20735C071dfc836e035cb6c43ce26ed870f61d7e813468ebe5d47d57d62777043c80784cbf475fb2de1df4546a307807bd2376b45
APT28_2016-10_ESET_Sednit Approaching the Target5C3E709517F41FEBF03109FA9D597F2CCC495956ac75fd7d79e64384b9c4053b37e5623f0ac7b666814fd016b3d21d7812f4a272104511f90ca666fa13e9fb6cefa603c7
APT28_2016-10_ESET_Sednit Approaching the Target63D1D33E7418DAF200DC4660FC9A59492DDD50D92d4eaa0331abbc6d867f5f979b2c890db4f755c91c2790f4ab9bac4ee60725132323e13a2688f3d8939ae9ed4793d014
APT28_2016-10_ESET_Sednit Approaching the Target69D8CA2A02241A1F88A525617CF18971C99FB63Bed601bbd4dd0e267afb0be840cb27c904c52957270e63efa4b81a1c6551c706b82951f019b682219096e67182a727eab
APT28_2016-10_ESET_Sednit Approaching the Target6FB3FD8C2580C84314B14510944700144A9E31DFf7ee38ca49cd4ae35824ce5738b6e58763911ebce691c4b7c9582f37f63f6f439d2ce56e992bfbdcf812132512e753eb
APT28_2016-10_ESET_Sednit Approaching the Target80DCA565807FA69A75A7DD278CEF1DAAEE34236E9863f1efc5274b3d449b5b7467819d280abda721c4f1ca626f5d8bd2ce186aa98b197ca68d53e81cf152c32230345071
APT28_2016-10_ESET_Sednit Approaching the Target842B0759B5796979877A2BAC82A33500163DED67291af793767f5c5f2dc9c6d44f1bfb59f50791f9909c542e4abb5e3f760c896995758a832b0699c23ca54b579a9f2108
APT28_2016-10_ESET_Sednit Approaching the Target8F99774926B2E0BF85E5147AACA8BBBBCC5F1D48c2988e3e4f70d5901b234ff1c1363dcc69940a20ab9abb31a03fcefe6de92a16ed474bbdff3288498851afc12a834261
APT28_2016-10_ESET_Sednit Approaching the Target90C3B756B1BB849CBA80994D445E96A9872D0CF521d63e99ed7dcd8baec74e6ce65c9ef3dfa8a85e26c07a348a854130c652dcc6d29b203ee230ce0603c83d9f11bbcacc
APT28_2016-10_ESET_Sednit Approaching the Target99F927F97838EB47C1D59500EE9155ADB55B806A07c8a0a792a5447daf08ac32d1e283e88f0674cb85f28b2619a6e0ddc74ce71e92ce4c3162056ef65ff2777104d20109
APT28_2016-10_ESET_Sednit Approaching the Target9FC43E32C887B7697BF6D6933E9859D29581EAD0a3c757af9e7a9a60e235d08d54740fbcbf28267386a010197a50b65f24e815aa527f2adbc53c609d2b2a4f999a639413
APT28_2016-10_ESET_Sednit Approaching the TargetA43EF43F3C3DB76A4A9CA8F40F7B2C89888F03997c2b1de614a9664103b6ff7f3d73f83dc2551c4e6521ac72982cb952503a2e6f016356e02ee31dea36c713141d4f3785
APT28_2016-10_ESET_Sednit Approaching the TargetA5FCA59A2FAE0A12512336CA1B78F857AFC06445f1d3447a2bff56646478b0adb7d0451c5a414a39851c4e22d4f9383211dfc080e16e2caffd90fa06dcbe51d11fdb0d6c
APT28_2016-10_ESET_Sednit Approaching the TargetA857BCCF4CC5C15B60667ECD865112999E1E56BA0c334645a4c12513020aaabc3b78ef9fe1b1143c0003c6905227df37d40aacbaecc2be8b9d86547650fe11bd47ca6989
APT28_2016-10_ESET_Sednit Approaching the TargetB4A515EF9DE037F18D96B9B0E48271180F5725B7afe09fb5a2b97f9e119f70292092604ed93f22d46090bfc19ef51963a781eeb864390c66d9347e86e03bba25a1fc29c5
APT28_2016-10_ESET_Sednit Approaching the TargetB7788AF2EF073D7B3FB84086496896E7404E625Eeda061c497ba73441994a30e36f55b1db1800cb1d4b755e05b0fca251b8c6da96bb85f8042f2d755b7f607cbeef58db8
APT28_2016-10_ESET_Sednit Approaching the TargetB8AABE12502F7D55AE332905ACEE80A10E3BC39991381cd82cdd5f52bbc7b30d34cb8d831a09ce8a9210d2530d6ce1d59bfae2ac617ac89558cdcdcac15392d176e70c8d
APT28_2016-10_ESET_Sednit Approaching the TargetC1EAE93785C9CB917CFB260D3ABF6432C6FDAF4D732fbf0a4ceb10e9a2254af59ae4f8806236a1bdd76ed90659a36f58b3e073623c34c6436d26413c8eca95f3266cc6fc
APT28_2016-10_ESET_Sednit Approaching the TargetC2E8C584D5401952AF4F1DB08CF4B6016874DDAC078755389b98d17788eb5148e23109a654c4ce98970a44f92be748ebda9fcfb7b30e08d98491e7735be6dd287189cea3
APT28_2016-10_ESET_Sednit Approaching the TargetC345A85C01360F2833752A253A5094FF421FC8391219318522fa28252368f58f36820ac2fbd5c2cf1c1f17402cc313fe3266b097a46e08f48b971570ef4667fbfd6b7301
APT28_2016-10_ESET_Sednit Approaching the TargetD3AA282B390A5CB29D15A97E0A046305038DBEFE18efc091b431c39d3e59be445429a7bceae782130b06d95f3373ff7d5c0977a8019960bdf80614c1aa7e324dc350428a
APT28_2016-10_ESET_Sednit Approaching the TargetD85E44D386315B0258847495BE1711450AC02D9Fc4ffab85d84b494e1c450819a0e9c7db500fa112a204b6abb365101013a17749ce83403c30cd37f7c6f94e693c2d492f
APT28_2016-10_ESET_Sednit Approaching the TargetD9989A46D590EBC792F14AA6FEC30560DFE931B18b031fce1d0c38d6b4c68d52b2764c7e4bcd11142d5b9f96730715905152a645a1bf487921dd65618c354281512a4ae7
APT28_2016-10_ESET_Sednit Approaching the TargetE5FB715A1C70402774EE2C518FB0E4E9CD3FDCFF072c692783c67ea56da9de0a53a60d11c431ae04c79ade56e1902094acf51e5bf6b54d65363dfa239d59f31c27989fde
APT28_2016-10_ESET_Sednit Approaching the TargetE742B917D3EF41992E67389CD2FE2AAB0F9ACE5B7764499bb1c4720d0f1d302f15be792c63047199037892f66dc083420e2fc60655a770756848c1f07adc2eb7d4a385d0
APT28_2016-10_ESET_Sednit Approaching the TargetED9F3E5E889D281437B945993C6C2A80C60FDEDC2dfc90375a09459033d430d046216d22261b0a5912965ea95b8ae02aae1e761a61f9ad3a9fb85ef781e62013d6a21368
APT28_2016-10_ESET_Sednit Approaching the TargetF024DBAB65198467C2B832DE9724CB70E24AF0DD7b1bfd7c1866040e8f618fe67b93bea5df47a939809f925475bc19804319652635848b8f346fb7dfd8c95c620595fe9f
APT28_2016-10_ESET_Sednit Approaching the TargetF3D50C1F7D5F322C1A1F9A72FF122CAC990881EE77089c094c0f2c15898ff0f021945148eb6620442c3ab327f3ccff1cc6d63d6ffe7729186f7e8ac1dbbbfddd971528f0
APT28_2016-10_ESET_Sednit Approaching the TargetF7608EF62A45822E9300D390064E667028B75DEA75f71713a429589e87cf2656107d2bfcb6fff95a74f9847f1a4282b38f148d80e4684d9c35d9ae79fad813d5dc0fd7a9
APT28_2016-10_ESET_Sednit Approaching the Targeteset-sednit-part1.pdfbae0221feefb37e6b81f5ca893864743b31b27aa0808aea5b0e8823ecb07402c0c2bbf6818a22457e146c97f685162b4
APT28APT28_2016-10_Sekoia_Rootkit analysisUse case on HideDRV
APT28_2016-10_Sekoia_Rootkit analysisUse case on HideDRV83E54CB97644DE7084126E702937F8C3A2486A2F_fsflt.sys_f8c8f6456c5a52ef24aa426e6b1216854bfe2216ee63657312af1b2507c8f2bf362fdf1d63c88faba397e880c2e39430
APT28_2016-10_Sekoia_Rootkit analysisUse case on HideDRV9F3AB8779F2B81CAE83F62245AFB124266765939_fsflt.13430bf72d2694e428a73c84d5ac4a4b9b1900cb7d1216d1dbc19b4c6c8567d48215148034a41913cc6e59958445aebde
APT28APT28_2017-02_Bitdefender_OSX_XAgent
APT28_2017-02_Bitdefender_OSX_XAgent70A1C4ED3A09A44A41D54C4FD4B409A5FC3159F6_XAgent_OSX4fe4b9560e99e33dabca553e2eeee5102a854997a44f4ba7e307d408ea2d9c1d84dde035c5dab830689aa45c5b5746ea
Related posts

Publicado por en

No hay comentarios:

Publicar un comentario

Suscribirse a: Enviar comentarios (Atom)