One Article Review
| Source |  Contagio |
|---|---|
| Identifiant | 358910 |
| Date de publication | 2017-04-05 22:57:33 (vue: 2017-04-05 22:57:33) |
| Titre | Part II. APT29 Russian APT including Fancy Bear |
| Texte |  This is the second part of Russian APT series."APT29 - The Dukes Cozy Bear: APT29 is threat group that has been attributed to the Russian government and has operated since at least 2008.1210 This group reportedly compromised the Democratic National Committee starting in the summer of 2015" (src. Mitre ATT&CK)Please see the first post here: Russian APT - APT28 collection of samples including OSX XAgentI highly recommend reading and studying these resources first:Mitre ATT&CK2017-03 Disinformation. A Primer In Russian Active Measures And Influence Campaigns. Hearings before the Select Committee on Intelligence, March 20172014-08 Mikko Hipponen. Governments as Malware Authors. Presentation ppt.2016. No Easy Breach: Challenges and Lessons from an Epic Investigation. Mandiant. Matthew Dunwoody, Nick Carr. VideoBeyond 'Cyber War': Russia's Use of Strategic Cyber Espionage and Information Operations in Ukraine. NATO Cooperative Cyber Defence Centre of Excellence/ Fireeye - Jen WeedonList of References (and samples mentioned) listed from oldest to newest:2012-02 FSecure. COZYDUKE2013-02_Crysys_Miniduke Indicators2013-04_Bitdefender_A Closer Look at MiniDuke2014-04 FSecure_Targeted Attacks and Ukraine2014-05_FSecure.Miniduke still duking it out2014-07_Kaspersky_Miniduke is back_Nemesis Gemina and the Botgen Studio2014-07_Kaspersky_The MiniDuke Mystery PDF 0-day2014-11_FSecure_OnionDuke APT Attacks Via the Tor Network2014_FSecure_Cosmicduke Cosmu with a twist of MiniDuke2015-04_Kaspersky_CozyDuke-CozyBear |
| Envoyé | Oui |
| Condensat | download mitre 03 disinformation 038 06cca401a1049ae2fbb4f00aac720136081a9def7150ffd17d6c794b10609fd3463bebe0810bbf241162699a53779113apt29 0cdf55626e56ffbf1b198beb4f6ed55959b62e650a437032886e1cc74dd7cdf0abab5ee6bc85fb4aa18568733aa89370apt29 0cdf55626e56ffbf1b198beb4f6ed55959b62e650a437032886e1cc74dd7cdf0abab5ee6bc85fb4aa18568733aa89370document 1210 1a262a7bfecd981d7874633f41ea5de8099524703c250d1d1a16288dbd2f425d6cd0491f608e207a82f239b39bb26b7eapt29 1a42acbdb285a7fba17f95068822ea4e4464c945c88ac9a4a22e86f0922f18c164e87f26c3f3fa054eb488fdd7d4bfc8apt29 2008 20111c658719e6dedb929a6d85359c59682d91b97f3b8ef8ebc8bbd06e06927e7b38090c026f8fca77e209e69c056b042cb7apt29 2012 2013 2014 2015 2016 2017 20172014 270ca8368cd4216b1813281d3efe485d2ae4cc6834e3679e99fc93d2f5fba02167a31cf5b68a5a9ca7aa1a4b9f7cb4aeapt29apt29 2a5d6ad8ad82c266fda96e076335a50807ed2d1aceab5f54df4acca63b5d269842d49521e13bab5e652237667c7eef261apt29 2aabd78ef11926d7b562fd0d91e68ad3f9ff78669e4b251ac1e31076eaf420bee6f2060dbc926cc33603f893658ca86capt29 31b3069cef380b4bf85e75a8885bcee82f39dee2ee608e39917cc022d9aae399959e967a2dd70d83b81785a98bd9ed36apt29 3335f0461e5472803f4b19b706eaf4b54538af0a76fecc6e45e6d45c22618c52ba89bf596a0b68dd2d4d2358fb5c86efsamples68ce4c0324f03976247ff48803a7d988f9f9f43f 3668b018b4bb080d1875aee346e3650a5b21100b828b77758bfd6495c924e71f8bbd890c78d07067928bd7beccae087eapt29 37486 3852 3d3363598f87c78826c859077606e51401468b1d3e089985a4ed255b6594d24863cfd94a647329c631e4f4e52759f8a9apt29 3f301758aa3d5d123a9ddbad1890853b8a844864e62650905fc438f6291fa64ae2d3822054cc8354c44a923d5364905eapt29 3f301758aa3d5d123a9ddbad1890853b8a844864e62650905fc438f6291fa64ae2d3822054cc8354c44a923d5364905edocument 5463 57a1f0658712ee7b3a724b6d07e97259bc5625c674f08cca18e73eb661eed0182ef16e27983098cf1c61892ca621d60bapt29 57c627d68e156676d08bfc0829b943316119c92f5b5cb2cd953925e17ceb4a02a9007029dd27a35d44b116ff9718f814samples5cc807f80f14bc4a1d6036865e50d576200dfd2e 617ba99be8a7d0771628344d209e9d8a9f918fb741e951a10e68ce6874b839aef5a26d60486db31e509f8dcaa13acec5apt29 628d4f33bd604203d25dbc6a5bb35b90fe744a5b2d07de396a8b3fe97155fc64e350b76d88db36c619cd941279987dc5 6761106f816313394a653db5172dc48737ceea0922d1177a9de74f4858678acf6afd22706489fcca35a509bca9688cb7apt29 6b08ff05b50dd89d81e2aa47554aa5e64c663f1b23d44283bbd2693ffb03a3864ad4455deb079a4f5c94d92be53a88cdapt29 7f6bca4f08c63e597bed969f5b729c5665fa52f632e4e83ff83120c7df6b90291025a76d5daeb183e814ec0b3bd2bd4eapt29 7fce89d5e3d59d8e849d55d604b70a6f2d5afec034705d2dc398f01c100636d51eb446f459f1c2602512fd26e86368e4apt29 81f1af277010cb78755f08dfcc379ca6ac30321be90e85f7eb1ce7e211b91fed1d1f15b5d3235b9c1e0dad683538cc8eapt29 83f57f0116a3b3d69ef7b1dbe9943801fdd7e8582ef8d7a23f269653435582cfe924ca9b2db34af63af5e57d1f3e09c2apt29 84137c8e7509a0e9cf7ff71ba060cdb5e745fc57f816b2b507406ce1c0ec47f8f84d8f5efeaf327c657723c897522c83apt29apt29 8670710bc9477431a01a576b6b5c1b2a1233cca912fb61873c7388f299a4a1b78054e681941beb31f0a48f8c6d7a182bapt29 88292d7181514fda5390292d73da28d4784d1ebd1faccec27f98970cc266859eaf5676da1c451e3304fb55435d8c8473apt29 88292d7181514fda5390292d73da28d4784d1ebd1faccec27f98970cc266859eaf5676da1c451e3304fb55435d8c8473document 8b3050a95e3ce00424b85f6e9cc3ccec6412ea144bb0b8f7d32becda26cd1549825fd7b282f1f96319e5f4000e3d4618apt29apt29 90bd910ee161b71c7a37ac642f910059ff9edb92ee8125519aa1eea60cab9999bcd4caa87b891882caddc73a2a5ae9cfapt29 93176df76e351b3ea829e0e6c6832bdf950c8f9dbec3a2a1603f9202408cf49ea5a9573c7296e5940a42581cbd6fc8c2apt29 95b3ec0a4e539efaa1faa3d4e25d51de7fd72a36f7e0e6e0a8bc777fc9ed41e0a6d5526c98bc95a09e189531cf7e70d5apt29 9ad55b83f2eec0c19873a770b0c86a2f7cdb9c2e8b6ca7f0a683a39c0bdadc7a512cff5d8264fdec012c541fd19c0522apt29 9e3f3b5e9ece79102d257e8cf982e09e8d86c0985530271618a342579afd1a9ecb27dfb080866e3b888bd3e45e1eb8f5apt29 a25ec7749b2de12c2a86167afa88a4dd3eb86b7b067c296ef53e4857a74e09f12c2b84b666fc130d1f58aec18bc74b0dapt29apt29 a8e700492e113f73558131d94bc9ae2fef4a4319b9c37c1f05a4cbfb136c0eaf4a05476028d40a2a6bb07afc567f0f88samplesd5dcf445830c54af145c0dfeaebf28f8ec780eb5 about above action active all alto amd amd |
| Tags | |
| Stories | APT 29 APT 28 |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.