What's new arround internet
Last one
Src
Date (GMT)
Titre
Description
Tags
Stories
Notes
2017-04-05 22:57:33
Part II. APT29 Russian APT including Fancy Bear
(
lien direct
)
This is the second part of Russian APT series."APT29 - The Dukes Cozy Bear: APT29 is threat group that has been attributed to the Russian government and has operated since at least 2008.1210 This group reportedly compromised the Democratic National Committee starting in the summer of 2015" (src.
Mitre ATT&CK
)Please see the first post here:
Russian APT - APT28 collection of samples including OSX XAgent
I highly recommend reading and studying these resources first:
Mitre ATT&CK
2017-03
Disinformation. A Primer In Russian Active Measures And Influence Campaigns. Hearings before the Select Committee on Intelligence, March 2017
2014-08 Mikko Hipponen. Governments as Malware Authors. Presentation ppt.
2016.
No Easy Breach: Challenges and Lessons from an Epic Investigation. Mandiant. Matthew Dunwoody, Nick Carr. Video
Beyond 'Cyber War': Russia's Use of Strategic Cyber Espionage and Information Operations in Ukraine.
NATO Cooperative Cyber Defence Centre of Excellence/ Fireeye - Jen WeedonList of References (and samples mentioned) listed from oldest to newest:
2012-02 FSecure. COZYDUKE
2013-02_Crysys_Miniduke Indicators
2013-04_Bitdefender_A Closer Look at MiniDuke
2014-04 FSecure_Targeted Attacks and Ukraine
2014-05_FSecure.Miniduke still duking it out
2014-07_Kaspersky_Miniduke is back_Nemesis Gemina and the Botgen Studio
2014-07_Kaspersky_The MiniDuke Mystery PDF 0-day
2014-11_FSecure_OnionDuke APT Attacks Via the Tor Network
2014_FSecure_Cosmicduke Cosmu with a twist of MiniDuke
2015-04_Kaspersky_CozyDuke-CozyBear
APT 29
APT 28
2017-03-31 02:03:28
Part I. Russian APT - APT28 collection of samples including OSX XAgent
(
lien direct
)
This post is for all of you, Russian malware lovers/haters. Analyze it all to your heart's content. Prove or disprove Russian hacking in general or DNC hacking in particular, or find that "400 lb hacker" or nail another country altogether. You can also have fun and exercise your malware analysis skills without any political agenda.
The post contains malware samples analyzed in the APT28 reports linked below. I will post APT29 and others later.Read about groups and types of targeted threats here:
Mitre ATT&CK
List of References (and samples mentioned) listed from oldest to newest:
APT28_2011-09_Telus_Trojan.Win32.Sofacy.A
APT28_2014-08_MhtMS12-27_Prevenity
APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.Operations
APT28_2014-10_Telus_Coreshell.A
APT28_2014-10_TrendMicro Operation Pawn Storm
.
Using Decoys to Evade Detection
APT28_2015-07_Digital Attack on German Parliament
APT28_2015-07_ESET_Sednit_meet_Hacking
APT28_2015-07_Telus_Trojan-Downloader.Win32.Sofacy.B
APT28_2015-09_Root9_APT28_Technical_Followup
APT28_2015-09_SFecure_Sofacy-recycles-carberp-and-metasploit-code
APT28_2015-10_New Adobe Flash Zero-Day Used in Pawn Storm
APT28_2015-10_Root9_APT28_targets Financial Markets
APT28_2015-12_Bitdefender_In-depth_anal
APT 29
APT 28
1
We have: 2 articles.
Last update at: 2024-07-21 18:08:06
See our sources.
My email:
To see everything: