This post is for all of you, Russian malware lovers/haters. Analyze it all to your heart’s content. Prove or disprove Russian hacking in general or DNC hacking in particular, or find that “400 lb hacker” or nail another country altogether. You can also have fun and exercise your malware analysis skills without any political agenda.
The post contains malware samples analyzed in the APT28 reports linked below. I will post APT29 and others later.
Read about groups and types of targeted threats here: Mitre ATT&CK
List of References (and samples mentioned) listed from oldest to newest:
- APT28_2011-09_Telus_Trojan.Win32.Sofacy.A
- APT28_2014-08_MhtMS12-27_Prevenity
- APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.Operations
- APT28_2014-10_Telus_Coreshell.A
- APT28_2014-10_TrendMicro Operation Pawn Storm. Using Decoys to Evade Detection
- APT28_2015-07_Digital Attack on German Parliament
- APT28_2015-07_ESET_Sednit_meet_Hacking
- APT28_2015-07_Telus_Trojan-Downloader.Win32.Sofacy.B
- APT28_2015-09_Root9_APT28_Technical_Followup
- APT28_2015-09_SFecure_Sofacy-recycles-carberp-and-metasploit-code
- APT28_2015-10_New Adobe Flash Zero-Day Used in Pawn Storm
- APT28_2015-10_Root9_APT28_targets Financial Markets
- APT28_2015-12_Bitdefender_In-depth_analysis_of_APT28–The_Political_Cyber-Espionage
- APT28_2015-12_Kaspersky_Sofacy APT hits high profile targets
- APT28_2015_06_Microsoft_Security_Intelligence_Report_V19
- APT28_2016-02_PaloAlto_Fysbis Sofacy Linux Backdoor
- APT29_2016-06_Crowdstrike_Bears in the Midst Intrusion into the Democratic National Committee << DNC (NOTE: this is APT29)
- APT28_2016-07_Invincea_Tunnel of Gov DNC Hack and the Russian XTunnel
- APT28_2016-10_ESET_Observing the Comings and Goings
- APT28_2016-10_ESET_Sednit A Mysterious Downloader
- APT28_2016-10_ESET_Sednit Approaching the Target
- APT28_2016-10_Sekoia_Rootkit analysisUse case on HideDRV
- APT28_2017-02_Bitdefender_OSX_XAgent << OSX XAgent
Download
Download sets (matching research listed above). Email me if you need the password
Download all files/folders listed (72MB)
| Parent Folder | File Name (SHA1) | MD5 Checksum | SHA256 Checksum |
|---|---|---|---|
| APT28 | APT28_2011-09_Telus_Trojan.Win32.Sofacy.A | ||
| APT28_2011-09_Telus_Trojan.Win32.Sofacy.A | 28F21E96E0722DD6FC7D6E1275F352BD060ADE0D | 1e217668d89b480ad42e230e8c2c4d97 | 1feb41c4a64a7588d1e8e02497627654e9d031e7020d010541d8a8626447dbe9 |
| APT28_2011-09_Telus_Trojan.Win32.Sofacy.A | 72CFD996957BDE06A02B0ADB2D66D8AA9C25BF37 | ed7f6260dec470e81dafb0e63bafb5ae | 7313eaf95a8a8b4c206b9afe306e7c0675a21999921a71a5a16456894571d21d |
| APT28_2011-09_Telus_Trojan.Win32.Sofacy.A | AC6B465A13370F87CF57929B7CFD1E45C3694585 | e1554b931affb3cd2edc90bc58028078 | 5ab8ef93fdeaac9af258845ab52c24d31140c8fffc5fdcf465529c8e00c508ac |
| APT28_2011-09_Telus_Trojan.Win32.Sofacy.A | C01B02CCC86ACBD9B266B09D2B693CB39A2C6809 | 9e4817f7bf36a61b363e0911cc0f08b9 | 31a0906b0d8b07167129e134009dc307c2d92522da5709e52b67d3c5a70adf93 |
| APT28 | APT28_2014-08_MhtMS12-27_Prevenity | ||
| APT28_2014-08_MhtMS12-27_Prevenity | 33EEC0D1AE550FB33874EDCE0138F485538BB21B__.mht_ | d3de5b8500453107d6d152b3c8506935 | 55038c4326964f480fd2160b6b2a7aff9e980270d7765418937b3daeb4e8281 4 |
| APT28_2014-08_MhtMS12-27_Prevenity | 8DEF0A554F19134A5DB3D2AE949F9500CE3DD2CE_filee.dll_ | 16a6c56ba458ec718b4e9bc8f9f10785 | ce554d57333bdbccebb5e2e8d16a304947981e48ea2a5cc3d5f4ced7c1f56df3 |
| APT28_2014-08_MhtMS12-27_Prevenity | A8551397E1F1A2C0148E6EADCB56FA35EE6009CA_coreshell.dll_ | 48656a93f9ba39410763a2196aabc67f | c8087186a215553d2f95c68c03398e17e67517553f6e9a8adc906faa51bce946 |
| APT28_2014-08_MhtMS12-27_Prevenity | E338A57C35A4732BBB5F738E2387C1671A002BCB_advstorshell.dll_ | d7a625779df56d874871bb632f3e3106 | 11097a7a3336e0ab124fa921b94e3d51c4e9e4424e140e96127bfcf1c10ef110 |
| APT28 | APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.Operations | ||
| APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.Operations | 367D40465FD1633C435B966FA9B289188AA444BC__tmp64.dat_ | 791428601ad12b9230b9ace4f2138713 | 29cc2e69f65b9ce5fe04eb9b65942b2dabf48e41770f0a49eb698271b99d2787 |
| APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.Operations | 6316258CA5BA2D85134AD7427F24A8A51CE4815B_coreshell.dll_ | da2a657dc69d7320f2ffc87013f257ad | d54173be095b688016528f18dc97f2d583efcf5ce562ec766afc0b294eb51ac7 |
| APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.Operations | 682E49EFA6D2549147A21993D64291BFA40D815A_coreshell.dll_ | 3b0ecd011500f61237c205834db0e13a | 7f6f9645499f5840b59fb59525343045abf91bc57183aae459dca98dc8216965 |
| APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.Operations | 85522190958C82589FA290C0835805F3D9A2F8D6_coreshell.dll_ | 8b92fe86c5b7a9e34f433a6fbac8bc3a | 03ed773bde6c6a1ac3b24bde6003322df8d41d3d1c85109b8669c430b58d2f69 |
| APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.Operations | A8551397E1F1A2C0148E6EADCB56FA35EE6009CA_coreshell.dll_ | 48656a93f9ba39410763a2196aabc67f | c8087186a215553d2f95c68c03398e17e67517553f6e9a8adc906faa51bce946 |
| APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.Operations | CF3220C867B81949D1CE2B36446642DE7894C6DC_coreshell.dll_ | 5882fda97fdf78b47081cc4105d44f7c | 744f2a1e1a62dff2a8d5bd273304a4d21ee37a3c9b0bdcffeeca50374bd10a39 |
| APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.Operations | D87B310AA81AE6254FFF27B7D57F76035F544073_coreshell.dll_ | 272f0fde35dbdfccbca1e33373b3570d | 423a0799efe41b28a8b765fa505699183c8278d5a7bf07658b3bd507bfa5346f |
| APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.Operations | D9C53ADCE8C35EC3B1E015EC8011078902E6800B_coreshell.dll_ | 1259c4fe5efd9bf07fc4c78466f2dd09 | 102b0158bcd5a8b64de44d9f765193dd80df1504e398ce52d37b7c8c33f2552a |
| APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.Operations | E2450DFFA675C61AA43077B25B12851A910EEEB6_ coreshell.dll_ | 9eebfebe3987fec3c395594dc57a0c4c | e6d09ce32cc62b6f17279204fac1771a6eb35077bb79471115e8dfed2c86cd75 |
| APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.Operations | ED48EF531D96E8C7360701DA1C57E2FF13F12405_coreshell.dll_ | ead4ec18ebce6890d20757bb9f5285b1 | 7695f20315f84bb1d940149b17dd58383210ea3498450b45fefa22a450e79683 |
| APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.Operations | F5B3E98C6B5D65807DA66D50BD5730D35692174D_asdfasdf.dat_ | 8c4fa713c5e2b009114adda758adc445 | d58f2a799552aff8358e9c63a4345ea971b27edd14b8eac825db30a8321d1a7a |
| APT28 | APT28_2014-10_Telus_Coreshell.A | ||
| APT28_2014-10_Telus_Coreshell.A | D87B310AA81AE6254FFF27B7D57F76035F544073_coreshell.dll_ | 272f0fde35dbdfccbca1e33373b3570d | 423a0799efe41b28a8b765fa505699183c8278d5a7bf07658b3bd507bfa5346f |
| APT28 | APT28_2014-10_TrendMicro Operation Pawn Storm | ||
| APT28_2014-10_TrendMicro Operation Pawn Storm | 0A3E6607D5E9C59C712106C355962B11DA2902FC_Case2_S.vbs_exe_ | db9edafbadd71c7a3a0f0aec1b216a92 | b3d624c4287795a7fbddd617f57705153d30f5f4c4d2d1fec349ac2812c3a8a0 |
| APT28_2014-10_TrendMicro Operation Pawn Storm | 0E12C8AB9B89B6EB6BAF16C4B3BBF9530067963F_Case2_Military CooperationDecoy.doc_ | 7fcf20302404f644fb07fe9d4fe9ac84 | 77166146463b9124e075f3a7925075f969974e32746c78d022ba99f578b9f0bb |
| APT28_2014-10_TrendMicro Operation Pawn Storm | 14BEEB0FC5C8C887D0435009730B6370BF94BC93_Case5Payload2_netids.dll_ | 35717cd78ce713067a5037286cf91c3e | 1b3dd8aaafd750aa85185dc52672b26d67d662796847d7cbb01a35b565e74d35 |
| APT28_2014-10_TrendMicro Operation Pawn Storm | 3814EEC8C45FC4313A9C7F65CE882A7899CF0405_Case4_NetIds.dll_ | a24552843b9fedd7d0084e1eb1dd6e35 | 966660738c9e3ec103c2f8fe361c8ac20647cacaa5153197fa1917e9da99082e |
| APT28_2014-10_TrendMicro Operation Pawn Storm | 4B8806FE8E0CB49E4AA5D8F87766415A2DB1E9A9_Case2dropper_cryptmodule.exe_ | 41e14894f4ad9494e0359ee5bb3d9745 | 684f4b9ea61e14a15e82cac25076c5afe2d30e3dad7ce0b1b375b24d81135c37 |
| APT28_2014-10_TrendMicro Operation Pawn Storm | 550ABD71650BAEA05A0071C4E084A803CB413C31_Case2_skype.exe_ | 7276d1dab1125f59604252159e0c529c | 81f0f5fcb3cb8a63e8a3713b4107b89d888cb722cb6c7586c7fcdb45f5310174 |
| APT28_2014-10_TrendMicro Operation Pawn Storm | 55318328511961EC339DFDDCA0443068DCCE9CD2_Case3_conhost.dll_ | f1704aaf08cd66a2ac6cf8810c9e07c2 | 74bdd9c250b0f4f27c0ecfeca967f53b35265c785d67406cc5e981a807d741bd |
| APT28_2014-10_TrendMicro Operation Pawn Storm | 5A452E7248A8D3745EF53CF2B1F3D7D8479546B9_Case3_netui.dll_keylog | aa3e6af90c144112a1ad0c19bdf873ff | 4536650c9c5e5e1bb57d9bedf7f9a543d6f09addf857f0d802fb64e437b6844a |
| APT28_2014-10_TrendMicro Operation Pawn Storm | 6ADA11C71A5176A82A8898680ED1EAA4E79B9BC3_Case1_Letter to IAEA.pdf_decoy | 76d3eb8c2bed4f2588e22b8d0984af86 | b0f1f553a847f3244f434541edbf26904e2de18cca8db8f861ea33bb70942b61 |
| APT28_2014-10_TrendMicro Operation Pawn Storm | 6B875661A74C4673AE6EE89ACC5CB6927CA5FD0D_Case2Payload2_ netids.dll_ | 42bc93c0caddf07fce919d126a6e378f | 9392776d6d8e697468ab671b43dce2b7baf97057b53bd3517ecd77a081eff67d |
| APT28_2014-10_TrendMicro Operation Pawn Storm | 72CFD996957BDE06A02B0ADB2D66D8AA9C25BF37_Case1_saver.scr_ | ed7f6260dec470e81dafb0e63bafb5ae | 7313eaf95a8a8b4c206b9afe306e7c0675a21999921a71a5a16456894571d21d |
| APT28_2014-10_TrendMicro Operation Pawn Storm | 78D28072FDABF0B5AAC5E8F337DC768D07B63E1E_Case5_IDF_Spokesperson_Terror_Attack_011012.doc_ | 1ac15db72e6d4440f0b4f710a516b165 | 0cccb9d951ba888c0c37bb0977fbb3682c09f9df1b537eede5a1601e744a01ad |
| APT28_2014-10_TrendMicro Operation Pawn Storm | 7FBB5A2E46FACD3EE0C945F324414210C2199FFB_Case5payload_saver.scr_ | c16b07f7590a8620a8f0f687b0bd8bd8 | cb630234494f2424d8e158c6471f0b6d0643abbdf2f3e378bc2f68c9e7bca9eb |
| APT28_2014-10_TrendMicro Operation Pawn Storm | 88F7E271E54C127912DB4DB49E37D93AEA8A49C9_Case3_download_msmvs.exe_ | 66f368cab3d5e64475a91f636c87af15 | e8ac9acc6fa3283276bbb77cff2b54d963066659b65e48cd8803a2007839af25 |
| APT28_2014-10_TrendMicro Operation Pawn Storm | 8DEF0A554F19134A5DB3D2AE949F9500CE3DD2CE_Case6_dropper_filee.dll_ | 16a6c56ba458ec718b4e9bc8f9f10785 | ce554d57333bdbccebb5e2e8d16a304947981e48ea2a5cc3d5f4ced7c1f56df3 |
| APT28_2014-10_TrendMicro Operation Pawn Storm | 956D1A36055C903CB570890DA69DEABAACB5A18A_Case2_International Military.rtf_ | d994b9780b69f611284e22033e435edb | 342e1f591ab45fcca6cee7f5da118a99dce463e222c03511c3f1288ac2cf82c8 |
| APT28_2014-10_TrendMicro Operation Pawn Storm | 9C622B39521183DD71ED2A174031CA1 59BEB6479_Case3_conhost.dll__ |
d4e99548832b6999f00e8d223c6fabbd | d5debe5d88e76a409b9bc3f69a02a7497d333934d66f6aaa30eb22e45b81a9ab |
| APT28_2014-10_TrendMicro Operation Pawn Storm | A8551397E1F1A2C0148E6EADCB56FA35EE6009CA_Case6_Coreshell.dll_ | 48656a93f9ba39410763a2196aabc67f | c8087186a215553d2f95c68c03398e17e67517553f6e9a8adc906faa51bce946 |
| APT28_2014-10_TrendMicro Operation Pawn Storm | A90921C182CB90807102EF402719EE8060910345_Case4_APEC Media list 2013 Part1.xls_ | aeebfc9eb9031e423797a5af1985242d | e8d3f1e4e0d7c19e195d92be5cb6b3617a0496554c892e93b66a75c411745c05 |
| APT28_2014-10_TrendMicro Operation Pawn Storm | AC6B465A13370F87CF57929B7CFD1E45C3694585_Case4Payload_dw20.t_ | e1554b931affb3cd2edc90bc58028078 | 5ab8ef93fdeaac9af258845ab52c24d31140c8fffc5fdcf465529c8e00c508ac |
| APT28_2014-10_TrendMicro Operation Pawn Storm | B3098F99DB1F80E27AEC0C9A5A625AEDAAB5899A_APEC Media list 2013 Part2.xls_decoy | bebb3675cfa4adaba7822cc8c39f55bf | 8fc4fe966ef4e7ecf635283a6fa6bacd8586ee8f0d4d39c6faffd49d60b01cb9 |
| APT28_2014-10_TrendMicro Operation Pawn Storm | BC58A8550C53689C8148B021C917FB4AEEC62AC1_Case5Payload_install.exe_ | c43edb579e43aaeb6f0c0703f84e43f7 | 7dd063acdfb00509b3b06718b39ae53e2ff2fc080094145ce138abb1f2253de4 |
| APT28_2014-10_TrendMicro Operation Pawn Storm | C5CE5B7D10ACCB04A4E45C3A4DCF10D16B192E2F_Case1Payload_netids.dll_ | 85c80d01661f88ec556579e772a5a3db | 461f5340f9ea47344f86bb7302fbaaa0567605134ec880eef34fa9b40926eb70 |
| APT28_2014-10_TrendMicro Operation Pawn Storm | D0AA4F3229FCD9A57E9E4F08860F3CC48C983ADDml.rtf | a24d2f5258f8a0c3bddd1b5636b0ec57 | 992caa9e8de503fb304f97d1ab0b92202d2efb0d1353d19ce7bec512faf76491 |
| APT28_2014-10_TrendMicro Operation Pawn Storm | DAE7FAA1725DB8192AD711D759B13F8195A18821_Case6_MH17.doc_decoy | 388594cd1bef96121be291880b22041a | adf344f12633ab0738d25e38f40c6adc9199467838ec14428413b1264b1bf540 |
| APT28_2014-10_TrendMicro Operation Pawn Storm | E338A57C35A4732BBB5F738E2387C1671A002BCB_Case6_advstoreshell.dll_ | d7a625779df56d874871bb632f3e3106 | 11097a7a3336e0ab124fa921b94e3d51c4e9e4424e140e96127bfcf1c10ef110 |
| APT28_2014-10_TrendMicro Operation Pawn Storm | F542C5F9259274D94360013D14FFBECC43AAE552_Case5Decoy_IDF_Spokesperson_Terror_Attack_011012.doc_ | 77aa465744061b4b725f73848aebdff6 | 91f750f422fd3ff361fabca02901830ef3f6e5829f6e8db9c1f518a1a3cac08c |
| APT28_2014-10_TrendMicro Operation Pawn Storm | wp-operation-pawn-storm.pdf | ce254486b02be740488c0ab3278956fd | 9b8495ff1d023e3ae7aed799f02d9cf24422a38dfb9ed37c0bdc65da55b4ee42 |
| APT28 | APT28_2015-07_Digital Attack on German Parliament | ||
| APT28_2015-07_Digital Attack on German Parliament | 0450AAF8ED309CA6BAF303837701B5B23AAC6F05_servicehost.dll_ | 800af1c9d341b846a856a1e686be6a3e | 566ab945f61be016bfd9e83cc1b64f783b9b8deb891e6d504d3442bc8281b092 |
| APT28_2015-07_Digital Attack on German Parliament | CDEEA936331FCDD8158C876E9D23539F8976C305_exe_ | 5e70a5c47c6b59dae7faf0f2d62b28b3 | 730a0e3daf0b54f065bdd2ca427fbe10e8d4e28646a5dc40cbcfb15e1702ed9a |
| APT28_2015-07_Digital Attack on German Parliament | Digital Attack on German Parliament_ Investigative Report on the Hack of the Left Party Infrastructure in Bundestag _ netzpolitik.pdf | 28d4cc2a378633e0ad6f3306cc067c43 | e83e2185f9e1a5dbc550914dcbc7a4d0f8b30a577ddb4cd8a0f36ac024a68aa0 |
| APT28_2015-07_Digital Attack on German Parliament | F46F84E53263A33E266AAE520CB2C1BD0A73354E_winexesvc.exe_ | 77e7fb6b56c3ece4ef4e93b6dc608be0 | 5130f600cd9a9cdc82d4bad938b20cbd2f699aadb76e7f3f1a93602330d9997d |
| APT28 | APT28_2015-07_ESET_Sednit_meet_Hacking | ||
| APT28_2015-07_ESET_Sednit_meet_Hacking | 51B0E3CD6360D50424BF776B3CD673DD45FD0F97.exe_ | 973e0c922eb07aad530d8a1de19c7755 | 7c4101caf833aa9025fec4f04a637c049c929459ad3e4023ba27ac72bde7638d |
| APT28_2015-07_ESET_Sednit_meet_Hacking | B8B3F53CA2CD64BD101CB59C6553F6289A72D9BBdll_ | dcf6906a9a0c970bcd93f451b9b7932a | 9a527274f99865a7d70487fe22e62f692f8b239d6cb80816b919734c7c741584 |
| APT28_2015-07_ESET_Sednit_meet_Hacking | D43FD6579AB8B9C40524CC8E4B7BD05BE6674F6C_warfsgfdydcikf.mkv.swf_ | 557f8d4c6f8b386c32001def807dc715 | 84ad945d1ab58591efb21b863320f533c53b2398a1bc690d221e1c1c77fa27ff |
| APT28 | APT28_2015-07_Telus_Trojan-Downloader.Win32.Sofacy.B | ||
| APT28_2015-07_Telus_Trojan-Downloader.Win32.Sofacy.B | B8B3F53CA2CD64BD101CB59C6553F6289A72D9BB.dll_ | dcf6906a9a0c970bcd93f451b9b7932a | 9a527274f99865a7d70487fe22e62f692f8b239d6cb80816b919734c7c741584 |
| APT28 | APT28_2015-09_Root9_APT28_Technical_Followup | ||
| APT28_2015-09_Root9_APT28_Technical_Followup | 0450AAF8ED309CA6BAF303837701B5B23AAC6F05_servicehost.dll_ | 800af1c9d341b846a856a1e686be6a3e | 566ab945f61be016bfd9e83cc1b64f783b9b8deb891e6d504d3442bc8281b092 |
| APT28_2015-09_Root9_APT28_Technical_Followup | CDEEA936331FCDD8158C876E9D23539F8976C305_exe_ | 5e70a5c47c6b59dae7faf0f2d62b28b3 | 730a0e3daf0b54f065bdd2ca427fbe10e8d4e28646a5dc40cbcfb15e1702ed9a |
| APT28_2015-09_Root9_APT28_Technical_Followup | F46F84E53263A33E266AAE520CB2C1BD0A73354E_winexesvc.exe_ | 77e7fb6b56c3ece4ef4e93b6dc608be0 | 5130f600cd9a9cdc82d4bad938b20cbd2f699aadb76e7f3f1a93602330d9997d |
| APT28 | APT28_2015-09_SFecure_Sofacy-recycles-carberp-and-metasploit-code | ||
| APT28_2015-09_SFecure_Sofacy-recycles-carberp-and-metasploit-code | Dlls | ||
| Dlls | 21835AAFE6D46840BB697E8B0D4AAC06DEC44F5B | 211b7100fd799e9eaabeb13cfa446231 | 3d13f2e5b241168005425b15410556bcf26d04078da6b2ef42bc0c2be7654bf8 |
| Dlls | 3B52046DD7E1D5684EABBD9038B651726714AB69 | d535c3fc5f0f98e021bea0d6277d2559 | d4525abc9dd2b7ab7f0c22e58a0117980039afdf15bed04bb0c637cd41fbfb9d |
| Dlls | 5C3E709517F41FEBF03109FA9D597F2CCC495956 | ac75fd7d79e64384b9c4053b37e5623f | 0ac7b666814fd016b3d21d7812f4a272104511f90ca666fa13e9fb6cefa603c7 |
| Dlls | 7319A2751BD13B2364031F1E69035ACFC4FD4D18 | c0d1762561f8c2f812d868a3939d23f0 | 8325cd6e26fb39cf7a08787e771a6cf708e0b45350d1ea239982af06db90804f |
| Dlls | 9FC43E32C887B7697BF6D6933E9859D29581EAD0 | a3c757af9e7a9a60e235d08d54740fbc | bf28267386a010197a50b65f24e815aa527f2adbc53c609d2b2a4f999a639413 |
| Dlls | AC61A299F81D1CFF4EA857AFD1B323724AAC3F04 | acf8cda38b0d1b6a0d3664a0e33deb96 | 638e7ca68643d4b01432f0ecaaa0495b805cc3cccc17a753b0fa511d94a22bdd |
| Dlls | B8B3F53CA2CD64BD101CB59C6553F6289A72D9BB | dcf6906a9a0c970bcd93f451b9b7932a | 9a527274f99865a7d70487fe22e62f692f8b239d6cb80816b919734c7c741584 |
| Dlls | D3AA282B390A5CB29D15A97E0A046305038DBEFE | 18efc091b431c39d3e59be445429a7bc | eae782130b06d95f3373ff7d5c0977a8019960bdf80614c1aa7e324dc350428a |
| Dlls | D85E44D386315B0258847495BE1711450AC02D9F | c4ffab85d84b494e1c450819a0e9c7db | 500fa112a204b6abb365101013a17749ce83403c30cd37f7c6f94e693c2d492f |
| Dlls | ED9F3E5E889D281437B945993C6C2A80C60FDEDC | 2dfc90375a09459033d430d046216d22 | 261b0a5912965ea95b8ae02aae1e761a61f9ad3a9fb85ef781e62013d6a21368 |
| Dlls | F7608EF62A45822E9300D390064E667028B75DEA | 75f71713a429589e87cf2656107d2bfc | b6fff95a74f9847f1a4282b38f14 8d80e4684d9c35d9ae79fad813d5dc0fd7a9 |
| APT28_2015-09_SFecure_Sofacy-recycles-carberp-and-metasploit-code | Droppers | ||
| Droppers | 015425010BD4CF9D511F7FCD0FC17FC17C23EEC1 | c2a0344a2bbb29d9b56d378386afcbed | 63d0b28114f6277b901132bc1cc1f541a594ee72f27d95653c54e1b73382a5f6 |
| Droppers | 4FAE67D3988DA117608A7548D9029CADDBFB3EBF | c6a80316ea97218df11e11125337233a | b0b3f0d6e6c593e2a2046833080574f98566c48a1eda865b2e110cd41bf31a31 |
| Droppers | 51B0E3CD6360D50424BF776B3CD673DD45FD0F97 | 973e0c922eb07aad530d8a1de19c7755 | 7c4101caf833aa9025fec4f04a637c049c929459ad3e4023ba27ac72bde7638d |
| Droppers | 63D1D33E7418DAF200DC4660FC9A59492DDD50D9 | 2d4eaa0331abbc6d867f5f979b2c890d | b4f755c91c2790f4ab9bac4ee60725132323e13a2688f3d8939ae9ed4793d014 |
| Droppers | B4A515EF9DE037F18D96B9B0E48271180F5725B7 | afe09fb5a2b97f9e119f70292092604e | d93f22d46090bfc19ef51963a781eeb864390c66d9347e86e03bba25a1fc29c5 |
| Droppers | B7788AF2EF073D7B3FB84086496896E7404E625E | eda061c497ba73441994a30e36f55b1d | b1800cb1d4b755e05b0fca251b8c6da96bb85f8042f2d755b7f607cbeef58db8 |
| Droppers | B8AABE12502F7D55AE332905ACEE80A10E3BC399 | 91381cd82cdd5f52bbc7b30d34cb8d83 | 1a09ce8a9210d2530d6ce1d59bfae2ac617ac89558cdcdcac15392d176e70c8d |
| Droppers | F3D50C1F7D5F322C1A1F9A72FF122CAC990881EE | 77089c094c0f2c15898ff0f021945148 | eb6620442c3ab327f3ccff1cc6d63d6ffe7729186f7e8ac1dbbbfddd971528f0 |
| APT28 | APT28_2015-10_New Adobe Flash Zero-Day Used in Pawn Storm | ||
| APT28_2015-10_New Adobe Flash Zero-Day Used in Pawn Storm | 2DF498F32D8BAD89D0D6D30275C19127763D5568763D5568.swf_ | 6ca857721be6fff26b10867c99bd8c80 | b4064721d911e9606edf366173325945f9e940e489101e7d0747103c0e905126 |
| APT28_2015-10_New Adobe Flash Zero-Day Used in Pawn Storm | A5FCA59A2FAE0A12512336CA1B78F857AFC06445AFC06445_ mgswizap.dll_ | f1d3447a2bff56646478b0adb7d0451c | 5a414a39851c4e22d4f9383211dfc080e16e2caffd90fa06dcbe51d11fdb0d6c |
| APT28 | APT28_2015-10_Root9_APT28_targets Financial Markets | ||
| APT28_2015-10_Root9_APT28_targets Financial Markets | 0450AAF8ED309CA6BAF303837701B5B23AAC6F05_servicehost.dll_ | 800af1c9d341b846a856a1e686be6a3e | 566ab945f61be016bfd9e83cc1b64f783b9b8deb891e6d504d3442bc8281b092 |
| APT28_2015-10_Root9_APT28_targets Financial Markets | F325970FD24BB088F1BEFDAE5788152329E26BF3_SupUpNvidia.exe_ | 0369620eb139c3875a62e36bb7abdae8 | b1f2d461856bb6f2760785ee1af1a33c71f84986edf7322d3e9bd974ca95f92d |
| APT28 | APT28_2015-12_Bitdefender_In-depth_analysis_of_APT28—The_Political_Cyber-Espionage | ||
| APT28_2015-12_Bitdefender_In-depth_analysis_of_APT28—The_Political_Cyber-Espionage | Bitdefender_In-depth_analysis_of_APT28—The_Political_Cyber-Espionage.pdf | 1a5d89f6fd3f1ed5f4e76084b0fa7806 | a76b1ec9d196b5c071992486d096ad475226e92b6db06c351e3a4ad4e4949248 |
| APT28_2015-12_Bitdefender_In-depth_analysis_of_APT28—The_Political_Cyber-Espionage | CB796F2986700DF9CE7D8F8D7A3F47F2EB4DF682_xp.exe_APT28 | 78450806e56b1f224d00455efcd04ce3 | b29a16ec907997e523f97e77b885d4a8c19cb81b1abf6ee51eee54f37eecf3ff |
| APT28_2015-12_Bitdefender_In-depth_analysis_of_APT28—The_Political_Cyber-Espionage | F080E509C988A9578862665B4FCF1E4BF8D77C3E_Linux.Fysbis.A_ksysdefd_elf_APT28 | 075b6695ab63f36af65f7ffd45cccd39 | 02c7cf55fd5c5809ce2dce56085ba43795f2480423a4256537bfdfda0df85592 |
| APT28_2015-12_Bitdefender_In-depth_analysis_of_APT28—The_Political_Cyber-Espionage | SIMILAR | ||
| SIMILAR | 356d03f6975f443d6db6c5069d778af9_exe_ | 356d03f6975f443d6db6c5069d778af9 | 3f14fc9c29763da76dcbc8a2aaa61658781d1b215ee322a0ebfa554d8658d22b |
| SIMILAR | 78450806e56b1f224d00455efcd04ce3_xp.exe_APT28 | 78450806e56b1f224d00455efcd04ce3 | b29a16ec907997e523f97e77b885d4a8c19cb81b1abf6ee51eee54f37eecf3ff |
| SIMILAR | e49bce75070a7a3c63a7cebb699342b3_CVE-2014-4076_tan.exe_ | e49bce75070a7a3c63a7cebb699342b3 | 16d49a40333f584b19606733b4deef1b9ecace2c32950010ad1450b44ce3716e |
| APT28 | APT28_2015-12_Kaspersky_Sofacy APT hits high profile targets | ||
| APT28_2015-12_Kaspersky_Sofacy APT hits high profile targets | 1A4F39C0262822B0623213B8ED3F56DEE0117CD59_tf394kv.dll_ | 8c4d896957c36ec4abeb07b2802268b9 | 6cd30c85dd8a64ca529c6eab98a757fb326de639a39b597414d5340285ba91c6 |
| APT28_2015-12_Kaspersky_Sofacy APT hits high profile targets | 1A4F39C0262822B0623213B8ED3F56DEE0117CD5_tf394kv.dll_ | 8c4d896957c36ec4abeb07b2802268b9 | 6cd30c85dd8a64ca529c6eab98a757fb326de639a39b597414d5340285ba91c6 |
| APT28_2015-12_Kaspersky_Sofacy APT hits high profile targets | 314EF7909CA0ED3A744D2F59AB5AC8B8AE259319.dll_(4.3)AZZYimplants-USBStealer | f6f88caf49a3e32174387cacfa144a89 | e917166adf6e1135444f327d8fff6ec6c6a8606d65dda4e24c2f416d23b69d45 |
| APT28_2015-12_Kaspersky_Sofacy APT hits high profile targets | 3E2E245B635B04F006A0044388BD968DF9C3238C_IGFSRVC.dll_USBStealer | ce151285e8f0e7b2b90162ba171a4b90 | 4e4606313c423b681e11110ca5ed3a2b2632ec6c556b7ab9642372ae709555f3 |
| APT28_2015-12_Kaspersky_Sofacy APT hits high profile targets | 776C04A10BDEEC9C10F51632A589E2C52AABDF48_USBGuard.exe_ | 8cb08140ddb00ac373d29d37657a03cc | 690b483751b890d487bb63712e5e79fca3903a5623f22416db29a0193dc10527 |
| APT28_2015-12_Kaspersky_Sofacy APT hits high profile targets | AF86743852CC9DF557B62485715AF4C6D73644D3_AZZY4.3installer | c3ae4a37094ecfe95c2badecf40bf5bb | 67ecc3b8c6057090c7982883e8d9d0389a8a8f6e8b00f9e9b73c45b008241322 |
| APT28_2015-12_Kaspersky_Sofacy APT hits high profile targets | C78FCAE030A66F388BF8CEA569422F5A79B7B96C_tmpdt.tmp_(4.3)AZZYimplant | ce8b99df8642c065b6af43fde1f786a3 | 1bab1a3e0e501d3c14652ecf60870e483ed4e90e500987c35489f17a44fef26c |
| APT28_2015-12_Kaspersky_Sofacy APT hits high profile targets | C78FCAE030A66F388BF8CEA569422F5A79B7B96C_tmpdt.tmp__ | ce8b99df8642c065b6af43fde1f786a3 | 1bab1a3e0e501d3c14652ecf60870e483ed4e90e500987c35489f17a44fef26c |
| APT28_2015-12_Kaspersky_Sofacy APT hits high profile targets | E251B3EB1449F7016DF78D113571BEA57F92FC36c_servicehost.dll_USBStealer | 8b238931a7f64fddcad3057a96855f6c | 92dcb0d8394d0df1064e68d90cd90a6ae5863e91f194cbaac85ec21c202f581f |
| APT28_2015-12_Kaspersky_Sofacy APT hits high profile targets | E3B7704D4C887B40A9802E0695BAE379358F3BA0_Stand-aloneAZZYbackdoor | a96f4b8ac7aa9dbf4624424b7602d4f7 | a9dc96d45702538c2086a749ba2fb467ba8d8b603e513bdef62a024dfeb124cb |
| APT28_2015-12_Kaspersky_Sofacy APT hits high profile targets | F325970FD24BB088F1BEFDAE5788152329E26BF3_SupUpNvidia.exe_USBStealer | 0369620eb139c3875a62e36bb7abdae8 | b1f2d461856bb6f2760785ee1af1a33c71f84986edf7322d3e9bd974ca95f92d |
| APT28 | APT28_2015_06_Microsoft_Security_Intelligence_Report_V19 | ||
| APT28_2015_06_Microsoft_Security_Intelligence_Report_V19 | 0450AAF8ED309CA6BAF303837701B5B23AAC6F05_servicehost.dll_ | 800af1c9d341b846a856a1e686be6a3e | 566ab945f61be016bfd9e83cc1b64f783b9b8deb891e6d504d3442bc8281b092 |
| APT28_2015_06_Microsoft_Security_Intelligence_Report_V19 | 1535D85BEE8A9ADB52E8179AF20983FB0558CCB3.exe_ | 4ac8d16ff796e825625ad186 1546e2e8 |
8c488b029188e3280ed3614346575a4a390e0dda002bca08c0335210a6202949 |
| APT28 | APT28_2016-02_PaloAlto_Fysbis Sofacy Linux Backdoor | ||
| APT28_2016-02_PaloAlto_Fysbis Sofacy Linux Backdoor | 9444D2B29C6401BC7C2D14F071B11EC9014AE040_Fysbis_elf_ | 364ff454dcf00420cff13a57bcb78467 | 8bca0031f3b691421cb15f9c6e71ce193355d2d8cf2b190438b6962761d0c6bb |
| APT28_2016-02_PaloAlto_Fysbis Sofacy Linux Backdoor | A Look Into Fysbis_ Sofacy’s Linux Backdoor – Palo Alto Networks Blog.pdf | 9a6b771c934415f74a203e0dfab9edbe | 1b6c3e6ef673f14536ff8d7c2bf18f9358a9a7f8962a24e2255f54ac451af86c |
| APT28_2016-02_PaloAlto_Fysbis Sofacy Linux Backdoor | ECDDA7ACA5C805E5BE6E0AB2017592439DE7E32C_ksysdefd_elf | e107c5c84ded6cd9391aede7f04d64c8 | fd8b2ea9a2e8a67e4cb3904b49c789d57ed9b1ce5bebfe54fe3d98214d6a0f61 |
| APT28_2016-02_PaloAlto_Fysbis Sofacy Linux Backdoor | F080E509C988A9578862665B4FCF1E4BF8D77C3E | 075b6695ab63f36af65f7ffd45cccd39 | 02c7cf55fd5c5809ce2dce56085ba43795f2480423a4256537bfdfda0df85592 |
| APT29 | APT29_2016-06_Crowdstrike_Bears in the Midst Intrusion into the Democratic National Committee | ||
| APT29_2016-06_Crowdstrike_Bears in the Midst Intrusion into the Democratic National Committee | 0B3852AE641DF8ADA629E245747062F889B26659.exe_ | cc9e6578a47182a941a478b276320e06 | fd39d2837b30e7233bc54598ff51bdc2f8c418fa5b94dea2cadb24cf40f395e5 |
| APT29_2016-06_Crowdstrike_Bears in the Midst Intrusion into the Democratic National Committee | 74C190CD0C42304720C686D50F8184AC3FADDBE9.exe_ | 19172b9210295518ca52e93a29cfe8f4 | 40ae43b7d6c413becc92b07076fa128b875c8dbb4da7c036639eccf5a9fc784f |
| APT29_2016-06_Crowdstrike_Bears in the Midst Intrusion into the Democratic National Committee | Bears in the Midst_ Intrusion into the Democratic National Committee ».pdf | dd5e31f9d323e6c3e09e367e6bd0e7b1 | 2d815b11f3b916bdc27b049402f5f1c024cffe2318a4f27ebfa3b8a9fffe2880 |
| APT29_2016-06_Crowdstrike_Bears in the Midst Intrusion into the Democratic National Committee | CB872EDD1F532C10D0167C99530A65C4D4532A1E.exe_ | ce227ae503e166b77bf46b6c8f5ee4da | b101cd29e18a515753409ae86ce68a4cedbe0d640d385eb24b9bbb69cf8186ae |
| APT29_2016-06_Crowdstrike_Bears in the Midst Intrusion into the Democratic National Committee | E2B98C594961AAE731B0CCEE5F9607080EC57197_pagemgr.exe_ | 004b55a66b3a86a1ce0a0b9b69b95976 | 6c1bce76f4d2358656132b6b1d471571820688ccdbaca0d86d0ca082b9390536 |
| APT29_2016-06_Crowdstrike_Bears in the Midst Intrusion into the Democratic National Committee | F09780BA9EB7F7426F93126BC198292F5106424B_VmUpgradeHelper.exe_ | 9e7053a4b6c9081220a694ec93211b4e | 4845761c9bed0563d0aa83613311191e075a9b58861e80392914d61a21bad976 |
| APT28 | APT28_2016-07_Invincea_Tunnel of Gov DNC Hack and the Russian XTunnel | ||
| APT28_2016-07_Invincea_Tunnel of Gov DNC Hack and the Russian XTunnel | E2101519714F8A4056A9DE18443BC6E8A1F1B977_PortMapClient.exe_ | ad44a7c5e18e9958dda66ccfc406cd44 | b81b10bdf4f29347979ea8a1715cbfc560e3452ba9fffcc33cd19a3dc47083a4 |
| APT28_2016-07_Invincea_Tunnel of Gov DNC Hack and the Russian XTunnel | F09780BA9EB7F7426F93126BC198292F5106424B_VmUpgradeHelper.exe_ | 9e7053a4b6c9081220a694ec93211b4e | 4845761c9bed0563d0aa83613311191e075a9b58861e80392914d61a21bad976 |
| APT28_2016-07_Invincea_Tunnel of Gov DNC Hack and the Russian XTunnel | Tunnel of Gov_ DNC Hack and the Russian XTunnel _ Invincea.pdf | b1b88f78c2f4393d437da4ce743ac5e8 | fb0cb4527efc48c90a2cd3e9e46ce59eaa280c85c50d7b680c98bb159c27881d |
| APT28 | APT28_2016-10_ESET_Observing the Comings and Goings | ||
| APT28_2016-10_ESET_Observing the Comings and Goings | eset-sednit-part-2.pdf | c3c278991ad051fbace1e2f3a4c20998 | f9ed13d5aa43c74287a936bf52772080fc26b5c62a805e19abceb20ef08ea5ff |
| APT28_2016-10_ESET_Observing the Comings and Goings | Sedreco-dropper | ||
| Sedreco-dropper | 4F895DB287062A4EE1A2C5415900B56E2CF15842 | 5363e5cc28687b7dd71f1e257eab2d5d | d403ded7c4acfffe8dc2a3ad8fb848f08388b4c3452104f6970835913d92166c |
| Sedreco-dropper | 87F45E82EDD63EF05C41D18AEDDEAC00C49F1AEE | 9617f3948b1886ebc95689c02d2cf264 | 378ef276eeaa4a29dab46d114710fc14ba0a9f964f6d949bcbc5ed3267579892 |
| Sedreco-dropper | 8EE6CEC34070F20FD8AD4BB202A5B08AEA22ABFA | 30cda69cf82637dfa2ffdc803bf2aead | 20ac1420eade0bdb464cd9f6d26a84094271b252c0650a7853721d8e928f6e6c |
| Sedreco-dropper | 9E779C8B68780AC860920FCB4A8E700D97F084EF | f686304cff9b35ea0d7647820ab525ba | 2c81023a146d2b5003d2b0c617ebf2eb1501dc6e55fc6326e834f05f5558c0ec |
| Sedreco-dropper | C23F18DE9779C4F14A3655823F235F8E221D0F6A | 9f82abbaebc1093a187f1887df2cf926 | ec2f14916e0b52fb727111962dff9846839137968e32269a82288aee9f227bd4 |
| Sedreco-dropper | E034E0D9AD069BAB5A6E68C1517C15665ABE67C9 | 6a24be8f61bcd789622dc55ebb7db90b | fb3a3339e2ba82cb3dcdc43d0e49e7b8a26ced3a587f5ee15a256aee062e6e05 |
| Sedreco-dropper | E17615331BDCE4AFA45E4912BDCC989EACF284BC | 5e93cf87040cf225ab5b5b9f9f0a0d03 | 6bbec6b2927325891cc008d3378d30941fe9d21e5c9bd6459e8e3ba8c78833c2 |
| APT28_2016-10_ESET_Observing the Comings and Goings | Sedreco_payload | ||
| Sedreco_payload | 04301B59C6EB71DB2F701086B617A98C6E026872 | cf30b7550f04a9372c3257c9b5cff3e9 | 37bf2c811842972314956434449fd294e793b43c1a7b37cfe41af4fcc07d329d |
| Sedreco_payload | 11AF174294EE970AC7FD177746D23CDC8FFB92D7 | 9422ca55f7fca4449259d8878ede5e47 | ba1c02aa6c12794a33c4742e62cbda3c17def08732f3fbaeb801f1806770b9a0 |
| Sedreco_payload | E3B7704D4C887B40A9802E0695BAE379358F3BA0 | a96f4b8ac7aa9dbf4624424b7602d4f7 | a9dc96d45702538c2086a749ba2fb467ba8d8b603e513bdef62a024dfeb124cb |
| APT28_2016-10_ESET_Observing the Comings and Goings | XAgent-LIN | ||
| XAgent-LIN | 7E33A52E53E85DDB1DC8DC300E6558735ACF10CE | fd8d1b48f91864dc5acb429a49932ca3 | dd8facad6c0626b6c94e1cc891698d4982782a5564aae696a218c940b7b8d084 |
| XAgent-LIN | 9444D2B29C6401BC7C2D14F071B11EC9014AE040 | 364ff454dcf00420cff13a57bcb78467 | 8bca0031f3b691421cb15f9c6e71ce193355d2d8cf2b190438b6962761d0c6bb |
| XAgent-LIN | ECDDA7ACA5C805E5BE6E0AB2017592439DE7E32C | e107c5c84ded6cd9391aede7f04d64c8 | fd8b2ea9a2e8a67e4cb3904b49c789d57ed9b1ce5bebfe54fe3d98214d6a0f61 |
| XAgent-LIN | F080E509C988A9578862665B4FCF1E4BF8D77C3E | 075b6695ab63f36af65f7ffd45cccd39 | 02c7cf55fd5c5809ce2dce56085ba43795f2480423a4256537bfdfda0df85592 |
| APT28_2016-10_ESET_Observing the Comings and Goings | XAgent-WIN | ||
| XAgent-WIN | 072933FA35B585511003F36E3885563E1B55D55A | 99b93cfcff258eb49e7af603d779a146 | c19d266af9e33dae096e45e7624ab3a3f642c8de580e902fec9dac11bcb8d3fd |
| XAgent-WIN | 082141F1C24FB49981CC70A9ED50CDA582EE04DD | 7a055cbe6672f77b2271c1cb8e2670b8 | 99d3f03fc6f048c74e58da6fb7ea1e831ba31d58194ad2463a7a6cd55da5f96b |
| XAgent-WIN | 08C4D755F14FD6DF76EC86DA6EAB1B5574DFBAFD | 26ac59dab32f6246e1ce3da7506d48fa | 5f6b2a0d1d966fc4f1ed292b46240767f4acb06c13512b0061b434ae2a692fa1 |
| XAgent-WIN | 0F04DAD5194F97BB4F1808DF19196B04B4AEE1B8 | 8b6d824619e993f74973eedfaf18be78 | 972e907a901 a7716f3b8f9651eadd65a0ce09bbc78a1ceacff6f52056af8e8f4 |
| XAgent-WIN | 3403519FA3EDE4D07FB4C05D422A9F8C026CEDBF | 113cc4a88fd28ea4398e312093a6a4d5 | ddab96e4a8e909065e05c4b6a73ba351ea45ad4806258f41ac3cecbcae8671a6 |
| XAgent-WIN | 499FF777C88AEACBBAA47EDDE183C944AC7E91D2 | ea726d3e8f6516807366584f3c5b5e2a | 82c4e9bc100533482a15a1d756d55e1a604d330eff8fbc0e13c4b166ac2c9bd3 |
| XAgent-WIN | 4B74C90C9D9CE7668AA9EB09978C1D8D4DFDA24A | 409848dabfd110f4d373dd0a97ff708e | 24e11c80f1d4c1e9db654d54cc784db6b5f4a126f9fe5e26c269fdc4009c8f29 |
| XAgent-WIN | 4BC32A3894F64B4BE931FF20390712B4EC605488 | 57cc08213ab8b6d4a538e4568d00a123 | b23193bff95c4e65af0c9848036eb80ef006503a78be842e921035f8d77eb5de |
| XAgent-WIN | 5F05A8CB6FEF24A91B3BD6C137B23AB3166F39AE | 9ca6ead1384953d787487d399c23cb41 | 07393ac2e890772f70adf9e8d3aa07ab2f98e2726e3be275276dadd00daf5fc6 |
| XAgent-WIN | 71636E025FA308FC5B8065136F3DD692870CB8A4 | 96ed0a7976e57ae0bb79dcbd67e39743 | ea957d663dbc0b28844f6aa7dfdc5ac0110a4004ac46c87d0f1aa943ef253cfe |
| XAgent-WIN | 780AA72F0397CB6C2A78536201BD9DB4818FA02A | effd7b2411975447fd36603445b380c7 | d0e019229493a1cfb3ffc918a2d8ffcbaee31f9132293c95b1f8c1fd6d595054 |
| XAgent-WIN | A70ED3AE0BC3521E743191259753BE945972118B | 9a66142acfc7739f78c23ab1252db45b | 715f69916db9ff8fedf6630307f4ebb84aae6653fd0e593036517c5040d84dbe |
| XAgent-WIN | BAA4C177A53CFA5CC103296B07B62565E1C7799F | 9d1a09bb98bf1ee31f390b60b0cf724d | dea4e560017b4da05e8fd0a03ba74239723349934ee8fbd201a79be1ecf1c32d |
| XAgent-WIN | C18EDCBA2C31533B7CDB6649A970DCE397F4B13C | 4265f6e8cc545b925912867ec8af2f11 | fc2dbfda41860b2385314c87e81f1ebb4f9ae1106b697e019841d8c3bf402570 |
| XAgent-WIN | C2E8C584D5401952AF4F1DB08CF4B6016874DDAC | 078755389b98d17788eb5148e23109a6 | 54c4ce98970a44f92be748ebda9fcfb7b30e08d98491e7735be6dd287189cea3 |
| XAgent-WIN | D00AC5498D0735D5AE0DEA42A1F477CF8B8B0826 | 12a9fff59de1663dec1b45ea2ede22f5 | 68065abd6482405614d245537600ea60857c6ec9febac4870486b5227589d35c |
| XAgent-WIN | D0DB619A7A160949528D46D20FC0151BF9775C32 | ee64d3273f9b4d80020c24edcbbf961e | e031299fa1381b40c660b8cd831bb861654f900a1e2952b1a76bedf140972a81 |
| XAgent-WIN | E816EC78462B5925A1F3EF3CDB3CAC6267222E72 | 404eb3f7554392e85e56aed414db8455 | 94c220653ea7421c60e3eafd753a9ae9d69b475d61230f2f403789d326309c24 |
| XAgent-WIN | F1EE563D44E2B1020B7A556E080159F64F3FD699 | 58ca9243d35e529499dd17d27642b419 | bebe0be0cf8349706b2feb789572e035955209d5bf5d5fea0e5d29a7fbfdc7c4 |
| APT28_2016-10_ESET_Observing the Comings and Goings | Xtunnel | ||
| Xtunnel | 0450AAF8ED309CA6BAF303837701B5B23AAC6F05 | 800af1c9d341b846a856a1e686be6a3e | 566ab945f61be016bfd9e83cc1b64f783b9b8deb891e6d504d3442bc8281b092 |
| Xtunnel | 067913B28840E926BF3B4BFAC95291C9114D3787 | 02522ce47a8db9544f8877dace7e0833 | d2a6064429754571682f475b6b67f36526f1573d846182aab3516c2637fa1e81 |
| Xtunnel | 1535D85BEE8A9ADB52E8179AF20983FB0558CCB3 | 4ac8d16ff796e825625ad1861546e2e8 | 8c488b029188e3280ed3614346575a4a390e0dda002bca08c0335210a6202949 |
| Xtunnel | 42DEE38929A93DFD45C39045708C57DA15D7586C | ae4ded48da0766d237ce2262202c3c96 | a2c9041ee1918523e67dbaf1c514f98609d4dbe451ba08657653bb41946fc89d |
| Xtunnel | 8F4F0EDD5FB3737914180FF28ED0E9CCA25BF4CC | e766e048bd222cfd2b9cc1bf24125dac | 1289ee3d29967f491542c0bdeff6974aad6b37932e91ff9c746fb220d5edb407 |
| Xtunnel | 982D9241147AAACF795174A9DAB0E645CF56B922 | 0ebfac6dba63ff8b35cbd374ef33323a | c9ef265fc0a174f3033ff21b8f0274224eb7154dca97f15cba598952be2fbace |
| Xtunnel | 99B454262DC26B081600E844371982A49D334E5E | ac3e087e43be67bdc674747c665b46c2 | a979c5094f75548043a22b174aa10e1f2025371bd9e1249679f052b168e194b3 |
| Xtunnel | C637E01F50F5FBD2160B191F6371C5DE2AC56DE4 | b2dc7c29cbf8d71d1dd57b474f1e04b9 | c6a9db52a3855d980a7f383dbe2fb70300a12b7a3a4f0a995e2ebdef769eaaca |
| Xtunnel | C91B192F4CD47BA0C8E49BE438D035790FF85E70 | 672b8d14d1d3e97c24baf69d50937afc | 1c8869abf756e77e1b6d7d0ad5ca8f1cdce1a111315c3703e212fb3db174a6d5 |
| Xtunnel | CDEEA936331FCDD8158C876E9D23539F8976C305 | 5e70a5c47c6b59dae7faf0f2d62b28b3 | 730a0e3daf0b54f065bdd2ca427fbe10e8d4e28646a5dc40cbcfb15e1702ed9a |
| Xtunnel | DB731119FCA496064F8045061033A5976301770D | 34651f2df01b956f1989da4b3ea40338 | 60ee6fdca66444bdc2e4b00dc67a1b0fdee5a3cd9979815e0aab9ce6435262c6 |
| Xtunnel | DE3946B83411489797232560DB838A802370EA71 | 1d1287d4a3ba5d02cca91f51863db738 | 4dd8ab2471337a56b431433b7e8db2a659dc5d9dc5481b4209c4cddd07d6dc2b |
| Xtunnel | E945DE27EBFD1BAF8E8D2A81F4FB0D4523D85D6A | cd1c521b6ae08fc97e3d69f242f00f9e | d2e947a39714478983764b270985d2529ff682ffec9ebac792158353caf90ed3 |
| APT28 | APT28_2016-10_ESET_Sednit A Mysterious Downloader | ||
| APT28_2016-10_ESET_Sednit A Mysterious Downloader | 1CC2B6B208B7687763659AEB5DCB76C5C2FBBF26.scr_ | 006b418307c534754f055436a91848aa | 6507caba5835cad645ae80a081b98284032e286d97dabb98bbfeb76c3d51a094 |
| APT28_2016-10_ESET_Sednit A Mysterious Downloader | 49ACBA812894444C634B034962D46F986E0257CF.exe_ | 23ae20329174d44ebc8dbfa9891c6260 | 3e23201e6c52470e73a92af2ded12e6a5d1ad39538f41e762ca1c4b8d93c6d8d |
| APT28_2016-10_ESET_Sednit A Mysterious Downloader | 4C9C7C4FD83EDAF7EC80687A7A957826DE038DD7.exe_ | 0eefeaf2fb78ebc49e7beba505da273d | 6ccc375923a00571dffca613a036f77a9fc1ee22d1fddffb90ab7adfbb6b75f1 |
| APT28_2016-10_ESET_Sednit A Mysterious Downloader | 4F92D364CE871C1AEBBF3C5D2445C296EF535632.exe_ | 9227678b90869c5a67a05defcaf21dfb | 79a508ba42247ddf92accbf5987b1ffc7ba20cd11806d332979d8a8fe85abb04 |
| APT28_2016-10_ESET_Sednit A Mysterious Downloader | 516EC3584073A1C05C0D909B8B6C15ECB10933F1.exe_ | 607a7401962eaf78b93676c9f5ca6a26 | ecd2c8e79554f226b69bed7357f61c75f1f1a42f1010d7baa72abe661a6c0587 |
| APT28_2016-10_ESET_Sednit A Mysterious Downloader | 593D0EB95227E41D299659842395E76B55AA048D.exe_ | 6cd2c953102792b738664d69ce41e080 | a13aa88c32eb020071c2c92f5364fd98f6dead7bcf71320731f05cd0a34a59db |
| APT28_2016-10_ESET_Sednit A Mysterious Downloader | 593D0EB95227E41D299659842395E76B55AA048D_dll_ | 6cd2c953102792b738664d69ce41e080 | a13aa88c32eb020071c2c92f5364fd98f6dead7bcf71320731f05cd0a34a59db |
| APT28_2016-10_ESET_Sednit A Mysterious Downloader | 5C132AE63E3B41F7B2385740B9109B473856A6A5.dll_ | 94ebc9ef5565f98b1aa1e97c6d35c2e0 | cfc60d5db3bfb4ec462d5e4bd5222f04d7383d2c1aec1dc2a23e3c74a166a93d |
| APT28_2016-10_ESET_Sednit A Mysterious Downloader | 5FC4D555CA7E0536D18043977602D421A6FD65F9.exe_ | 81d9649612b05829476854bde71b8c3f | 1faf645c2b43cd78cc70df6bcbcd95e38f19d16ca2101de0b6a8fc31cac24c37 |
| APT28_2016-10_ESET_Sednit A Mysterious Downloader | 669A02E330F5AFC55A3775C4C6959B3F9E9965CF.exe_ | a0f212fd0f103ca8beaf8362f74903a2 | a50cb9ce1f01ea335c95870484903734ba9cd732e7b3db16cd962878bac3a767 |
| APT28_2016-10_ESET_Sednit A Mysterious Downloader | 6CAA48CD9532DA4CABD6994F62B8211AB9672D9E_bk.exe_ | 9df2ddb2631ff5439c34f80ace40cd29 | f18fe2853ef0d4898085cc5581ae35b83fc6d1c46563dbc8da1b79ef9ef678eb |
| APT28_2016-10_ESET_Se dnit A Mysterious Downloader |
7394EA20C3D510C938EF83A2D0195B767CD99ED7_x32.dll_ | d70f4e9d55698f69c5f63b1a2e1507eb | 471fbdc52b501dfe6275a32f89a8a6b02a2aa9a0e70937f5de610b4185334668 |
| APT28_2016-10_ESET_Sednit A Mysterious Downloader | 9F3AB8779F2B81CAE83F62245AFB124266765939.exe_ | 3430bf72d2694e428a73c84d5ac4a4b9 | b1900cb7d1216d1dbc19b4c6c8567d48215148034a41913cc6e59958445aebde |
| APT28_2016-10_ESET_Sednit A Mysterious Downloader | E8ACA4B0CFE509783A34FF908287F98CAB968D9E.exe_ | 991ffdbf860756a4589164de26dd7ccf | 44e8d3ffa0989176e62b8462b3d14ad38ede5f859fd3d5eb387050f751080aa2 |
| APT28_2016-10_ESET_Sednit A Mysterious Downloader | EE788901CD804965F1CD00A0AFC713C8623430C4.exe_ | 93c589e9eaf3272bc0349d605b85c566 | f9c0303d07800ed7cba1394cd326bbe8f49c7c5e0e062be59a9749f6c51c6e69 |
| APT28_2016-10_ESET_Sednit A Mysterious Downloader | EE788901CD804965F1CD00A0AFC713C8623430C46.exe_ | 93c589e9eaf3272bc0349d605b85c566 | f9c0303d07800ed7cba1394cd326bbe8f49c7c5e0e062be59a9749f6c51c6e69 |
| APT28_2016-10_ESET_Sednit A Mysterious Downloader | eset-sednit-part3.pdf | a7b4e01335aac544a12c6f88aab80cd9 | 2c7a60963b94b6fc924abdcb19da4d32f35c86cdfe2277b0081cd02c72435b48 |
| APT28 | APT28_2016-10_ESET_Sednit Approaching the Target | ||
| APT28_2016-10_ESET_Sednit Approaching the Target | 015425010BD4CF9D511F7FCD0FC17FC17C23EEC1 | c2a0344a2bbb29d9b56d378386afcbed | 63d0b28114f6277b901132bc1cc1f541a594ee72f27d95653c54e1b73382a5f6 |
| APT28_2016-10_ESET_Sednit Approaching the Target | 0F7893E2647A7204DBF4B72E50678545573C3A10 | 35283c2e60a3cba6734f4f98c443d11f | da43d39c749c121e99bba00ce809ca63794df3f704e7ad4077094abde4cf2a73 |
| APT28_2016-10_ESET_Sednit Approaching the Target | 10686CC4E46CF3FFBDEB71DD565329A80787C439 | d7c471729bc124babf32945eb5706eb6 | bc8fec92eee715e77c762693f1ae2bbcd6a3f3127f1226a847a8efdc272e2cbc |
| APT28_2016-10_ESET_Sednit Approaching the Target | 17661A04B4B150A6F70AFDABE3FD9839CC56BEE8 | a579d53a1d29684de6d2c0cbabd525c5 | 6562e2ac60afa314cd463f771fcfb8be70f947f6e2b314b0c48187eebb33dd82 |
| APT28_2016-10_ESET_Sednit Approaching the Target | 21835AAFE6D46840BB697E8B0D4AAC06DEC44F5B | 211b7100fd799e9eaabeb13cfa446231 | 3d13f2e5b241168005425b15410556bcf26d04078da6b2ef42bc0c2be7654bf8 |
| APT28_2016-10_ESET_Sednit Approaching the Target | 2663EB655918C598BE1B2231D7C018D8350A0EF9 | 540e4a7a28ca1514e53c2564993d8d87 | 31dd3e3c05fabbfeafbcb7f5616dba30bbb2b1fc77dba6f0250a2c3270c0dd6b |
| APT28_2016-10_ESET_Sednit Approaching the Target | 2C86A6D6E9915A7F38D119888EDE60B38AB1D69D | 56e011137b9678f1fcc54f9372198bae | 69d5123a277dc1f618be5edcc95938a0df148c856d2e1231a07e2743bd683e01 |
| APT28_2016-10_ESET_Sednit Approaching the Target | 351C3762BE9948D01034C69ACED97628099A90B0 | 83cf67a5d2e68f9c00fbbe6d7d9203bf | 853dbbba09e2463c45c0ad913d15d67d15792d888f81b4908b2216859342aa04 |
| APT28_2016-10_ESET_Sednit Approaching the Target | 3956CFE34566BA8805F9B1FE0D2639606A404CD4 | dffb22a1a6a757443ab403d61e760f0c | 0356f5fa9907ea060a7d6964e65f019896deb1c7e303b7ba04da1458dc73a842 |
| APT28_2016-10_ESET_Sednit Approaching the Target | 4D5E923351F52A9D5C94EE90E6A00E6FCED733EF | 6159c094a663a171efd531b23a46716d | e00eaf295a28f5497dbb5cb8f647537b6e55dd66613505389c24e658d150972c |
| APT28_2016-10_ESET_Sednit Approaching the Target | 4FAE67D3988DA117608A7548D9029CADDBFB3EBF | c6a80316ea97218df11e11125337233a | b0b3f0d6e6c593e2a2046833080574f98566c48a1eda865b2e110cd41bf31a31 |
| APT28_2016-10_ESET_Sednit Approaching the Target | 51B0E3CD6360D50424BF776B3CD673DD45FD0F97 | 973e0c922eb07aad530d8a1de19c7755 | 7c4101caf833aa9025fec4f04a637c049c929459ad3e4023ba27ac72bde7638d |
| APT28_2016-10_ESET_Sednit Approaching the Target | 51E42368639D593D0AE2968BD2849DC20735C071 | dfc836e035cb6c43ce26ed870f61d7e8 | 13468ebe5d47d57d62777043c80784cbf475fb2de1df4546a307807bd2376b45 |
| APT28_2016-10_ESET_Sednit Approaching the Target | 5C3E709517F41FEBF03109FA9D597F2CCC495956 | ac75fd7d79e64384b9c4053b37e5623f | 0ac7b666814fd016b3d21d7812f4a272104511f90ca666fa13e9fb6cefa603c7 |
| APT28_2016-10_ESET_Sednit Approaching the Target | 63D1D33E7418DAF200DC4660FC9A59492DDD50D9 | 2d4eaa0331abbc6d867f5f979b2c890d | b4f755c91c2790f4ab9bac4ee60725132323e13a2688f3d8939ae9ed4793d014 |
| APT28_2016-10_ESET_Sednit Approaching the Target | 69D8CA2A02241A1F88A525617CF18971C99FB63B | ed601bbd4dd0e267afb0be840cb27c90 | 4c52957270e63efa4b81a1c6551c706b82951f019b682219096e67182a727eab |
| APT28_2016-10_ESET_Sednit Approaching the Target | 6FB3FD8C2580C84314B14510944700144A9E31DF | f7ee38ca49cd4ae35824ce5738b6e587 | 63911ebce691c4b7c9582f37f63f6f439d2ce56e992bfbdcf812132512e753eb |
| APT28_2016-10_ESET_Sednit Approaching the Target | 80DCA565807FA69A75A7DD278CEF1DAAEE34236E | 9863f1efc5274b3d449b5b7467819d28 | 0abda721c4f1ca626f5d8bd2ce186aa98b197ca68d53e81cf152c32230345071 |
| APT28_2016-10_ESET_Sednit Approaching the Target | 842B0759B5796979877A2BAC82A33500163DED67 | 291af793767f5c5f2dc9c6d44f1bfb59 | f50791f9909c542e4abb5e3f760c896995758a832b0699c23ca54b579a9f2108 |
| APT28_2016-10_ESET_Sednit Approaching the Target | 8F99774926B2E0BF85E5147AACA8BBBBCC5F1D48 | c2988e3e4f70d5901b234ff1c1363dcc | 69940a20ab9abb31a03fcefe6de92a16ed474bbdff3288498851afc12a834261 |
| APT28_2016-10_ESET_Sednit Approaching the Target | 90C3B756B1BB849CBA80994D445E96A9872D0CF5 | 21d63e99ed7dcd8baec74e6ce65c9ef3 | dfa8a85e26c07a348a854130c652dcc6d29b203ee230ce0603c83d9f11bbcacc |
| APT28_2016-10_ESET_Sednit Approaching the Target | 99F927F97838EB47C1D59500EE9155ADB55B806A | 07c8a0a792a5447daf08ac32d1e283e8 | 8f0674cb85f28b2619a6e0ddc74ce71e92ce4c3162056ef65ff2777104d20109 |
| APT28_2016-10_ESET_Sednit Approaching the Target | 9FC43E32C887B7697BF6D6933E9859D29581EAD0 | a3c757af9e7a9a60e235d08d54740fbc | bf28267386a010197a50b65f24e815aa527f2adbc53c609d2b2a4f999a639413 |
| APT28_2016-10_ESET_Sednit Approaching the Target | A43EF43F3C3DB76A4A9CA8F40F7B2C89888F0399 | 7c2b1de614a9664103b6ff7f3d73f83d | c2551c4e6521ac72982cb952503a2e6f016356e02ee31dea36c713141d4f3785 |
| APT28_2016-10_ESET_Sednit Approaching the Target | A5FCA59A2FAE0A12512336CA1B78F857AFC06445 | f1d3447a2bff56646478b0adb7d0451c | 5a414a39851c4e22d4f9383211dfc080e16e2caffd90fa06dcbe51d11fdb0d6c |
| APT28_2016-10_ESET_Sednit Approaching the Target | A857BCCF4CC5C15B60667ECD865112999E1E56BA | 0c334645a4c12513020aaabc3b78ef9f | e1b1143c0003c6905227df37d40aacbaecc2be8b9d86547650fe11bd47ca6989 |
| APT28_2016-10_ESET_Sednit Approaching the Target | B4A515EF9DE037F18D96B9B0E48271180F5725B7 | afe09fb5a2b97f9e119f70292092604e | d93f22d46090bfc19ef51963a781eeb864390c66d9347e86e03bba25a1fc29c5 |
| APT28_2016-10_ESET_Sednit Approaching the Target | B7788AF2EF073D7B3FB84086496896E7404E625E | eda061c497ba73441994a30e36f55b1d | b1800cb1d4b755e05b0fca251b8c6da96bb85f8042f2d755b7f607cbeef58db8 |
| APT28_2016-10_ESET_Sednit Approaching the Target | B8AABE12502F7D55AE332905ACEE80A10E3BC399 | 91381cd82cdd5f52bbc7b30d34cb8d83 | 1a09ce8a9210d2530d6ce1d59bfae2ac617ac89558cdcdcac15392d176e70c8d |
| APT28_2016-10_ESET_Sednit Approaching the Target | C1EAE93785C9CB917CFB260D3 ABF6432C6FDAF4D |
732fbf0a4ceb10e9a2254af59ae4f880 | 6236a1bdd76ed90659a36f58b3e073623c34c6436d26413c8eca95f3266cc6fc |
| APT28_2016-10_ESET_Sednit Approaching the Target | C2E8C584D5401952AF4F1DB08CF4B6016874DDAC | 078755389b98d17788eb5148e23109a6 | 54c4ce98970a44f92be748ebda9fcfb7b30e08d98491e7735be6dd287189cea3 |
| APT28_2016-10_ESET_Sednit Approaching the Target | C345A85C01360F2833752A253A5094FF421FC839 | 1219318522fa28252368f58f36820ac2 | fbd5c2cf1c1f17402cc313fe3266b097a46e08f48b971570ef4667fbfd6b7301 |
| APT28_2016-10_ESET_Sednit Approaching the Target | D3AA282B390A5CB29D15A97E0A046305038DBEFE | 18efc091b431c39d3e59be445429a7bc | eae782130b06d95f3373ff7d5c0977a8019960bdf80614c1aa7e324dc350428a |
| APT28_2016-10_ESET_Sednit Approaching the Target | D85E44D386315B0258847495BE1711450AC02D9F | c4ffab85d84b494e1c450819a0e9c7db | 500fa112a204b6abb365101013a17749ce83403c30cd37f7c6f94e693c2d492f |
| APT28_2016-10_ESET_Sednit Approaching the Target | D9989A46D590EBC792F14AA6FEC30560DFE931B1 | 8b031fce1d0c38d6b4c68d52b2764c7e | 4bcd11142d5b9f96730715905152a645a1bf487921dd65618c354281512a4ae7 |
| APT28_2016-10_ESET_Sednit Approaching the Target | E5FB715A1C70402774EE2C518FB0E4E9CD3FDCFF | 072c692783c67ea56da9de0a53a60d11 | c431ae04c79ade56e1902094acf51e5bf6b54d65363dfa239d59f31c27989fde |
| APT28_2016-10_ESET_Sednit Approaching the Target | E742B917D3EF41992E67389CD2FE2AAB0F9ACE5B | 7764499bb1c4720d0f1d302f15be792c | 63047199037892f66dc083420e2fc60655a770756848c1f07adc2eb7d4a385d0 |
| APT28_2016-10_ESET_Sednit Approaching the Target | ED9F3E5E889D281437B945993C6C2A80C60FDEDC | 2dfc90375a09459033d430d046216d22 | 261b0a5912965ea95b8ae02aae1e761a61f9ad3a9fb85ef781e62013d6a21368 |
| APT28_2016-10_ESET_Sednit Approaching the Target | F024DBAB65198467C2B832DE9724CB70E24AF0DD | 7b1bfd7c1866040e8f618fe67b93bea5 | df47a939809f925475bc19804319652635848b8f346fb7dfd8c95c620595fe9f |
| APT28_2016-10_ESET_Sednit Approaching the Target | F3D50C1F7D5F322C1A1F9A72FF122CAC990881EE | 77089c094c0f2c15898ff0f021945148 | eb6620442c3ab327f3ccff1cc6d63d6ffe7729186f7e8ac1dbbbfddd971528f0 |
| APT28_2016-10_ESET_Sednit Approaching the Target | F7608EF62A45822E9300D390064E667028B75DEA | 75f71713a429589e87cf2656107d2bfc | b6fff95a74f9847f1a4282b38f148d80e4684d9c35d9ae79fad813d5dc0fd7a9 |
| APT28_2016-10_ESET_Sednit Approaching the Target | eset-sednit-part1.pdf | bae0221feefb37e6b81f5ca893864743 | b31b27aa0808aea5b0e8823ecb07402c0c2bbf6818a22457e146c97f685162b4 |
| APT28 | APT28_2016-10_Sekoia_Rootkit analysisUse case on HideDRV | ||
| APT28_2016-10_Sekoia_Rootkit analysisUse case on HideDRV | 83E54CB97644DE7084126E702937F8C3A2486A2F_fsflt.sys_ | f8c8f6456c5a52ef24aa426e6b121685 | 4bfe2216ee63657312af1b2507c8f2bf362fdf1d63c88faba397e880c2e39430 |
| APT28_2016-10_Sekoia_Rootkit analysisUse case on HideDRV | 9F3AB8779F2B81CAE83F62245AFB124266765939_fsflt.1 | 3430bf72d2694e428a73c84d5ac4a4b9 | b1900cb7d1216d1dbc19b4c6c8567d48215148034a41913cc6e59958445aebde |
| APT28 | APT28_2017-02_Bitdefender_OSX_XAgent | ||
| APT28_2017-02_Bitdefender_OSX_XAgent | 70A1C4ED3A09A44A41D54C4FD4B409A5FC3159F6_XAgent_OSX | 4fe4b9560e99e33dabca553e2eeee510 | 2a854997a44f4ba7e307d408ea2d9c1d84dde035c5dab830689aa45c5b5746ea |