← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
The CozyDuke APT
WHITE APT 29 AlienVault 2015-04-22 Modified: 2017-08-24
61
IOCs
HIGH VOLUME
CozyDuke (aka CozyBear, CozyCar or "Office Monkeys") is a threat actor that became increasingly active in the 2nd half of 2014 and hit a variety of targets. The White House and Department of State are two of the most spectacular known victims.
cozydukeoniondukec2cosmicdukeminidukewindowskaspersky labcozybearapt
Indicators of Compromise (61)
All URL FileHash-MD5
TYPEINDICATORDESCRIPTIONCREATED
URL 210.59.2.20:443/search.php 2015-04-22
URL 202.206.232.20:443/rss.php 2015-04-22
URL 208.75.241.246:443/msearch.php 2015-04-22
URL 200.125.133.28:443/search.php 2015-04-22
URL www.getiton.hants.org.uk:80/themes/front/img/ajax.php 2015-04-22
URL 202.76.237.216:443/search.php 2015-04-22
URL 203.156.161.49:443/plugins/twitter.php 2015-04-22
URL www.seccionpolitica.com.ar:80/galeria/index.php 2015-04-22
URL 200.119.128.45:443/mobile.php 2015-04-22
URL 209.40.72.2:443/plugins/fsearch.php 2015-04-22
URL 121.193.130.170:443/wp-ajax.php 2015-04-22
URL 183.78.169.5:443/search.php 2015-04-22
URL 201.76.51.10:443/plugins/json.php 2015-04-22
URL 200.125.142.11:443/news.php 2015-04-22
URL 208.77.177.24:443/fsearch.php 2015-04-22
URL http://209.200.83.43/ajax/search.php 2017-08-24
URL http://www.sanjosemaristas.com/app/index.php 2017-08-24
URL http://209.200.83.43/ajax/error.php 2017-08-24
URL http://209.200.83.43/ajax/index.php 2017-08-24
URL http://209.200.83.43/ajax/links.php 2017-08-24
URL http://209.200.83.43/ajax/api.php 2017-08-24
URL http://209.200.83.43/ajax/profile.php 2017-08-24
URL http://209.200.83.43/ajax/online.php 2017-08-24
URL http://209.200.83.43/ajax/loader.php 2017-08-24
FileHash-MD5 5d8835982d8bfc8b047eb47322436c8a 2017-08-24
FileHash-MD5 2e0361fd73f60c76c69806205307ccac 2017-08-24
FileHash-MD5 b5553645fe819a93aafe2894da13dae7 2017-08-24
FileHash-MD5 f16dff8ec8702518471f637eb5313ab2 2017-08-24
FileHash-MD5 1a262a7bfecd981d7874633f41ea5de8 2017-08-24
FileHash-MD5 90bd910ee161b71c7a37ac642f910059 2017-08-24
FileHash-MD5 59704bc8bedef32709ab1128734aa846 2017-08-24
FileHash-MD5 d596827d48a3ff836545b3a999f2c3e3 2017-08-24
FileHash-MD5 f58a4369b8176edbde4396dc977c9008 2017-08-24
FileHash-MD5 4152e79e3dbde55dcf3fc2014700a022 2017-08-24
FileHash-MD5 d7af9a4010c75af6756a603fd6aef5a4 2017-08-24
FileHash-MD5 6761106f816313394a653db5172dc487 2017-08-24
FileHash-MD5 9e3f3b5e9ece79102d257e8cf982e09e 2017-08-24
FileHash-MD5 3d3363598f87c78826c859077606e514 2017-08-24
FileHash-MD5 eb22b99d44223866e24872d80a4ddefd 2017-08-24
FileHash-MD5 f2b05e6b01be3b6cb14e9068e7a66fc1 2017-08-24
FileHash-MD5 95b3ec0a4e539efaa1faa3d4e25d51de 2017-08-24
FileHash-MD5 7688be226b946e231e0cd36e6b708d20 2017-08-24
FileHash-MD5 1a42acbdb285a7fba17f95068822ea4e 2017-08-24
FileHash-MD5 57a1f0658712ee7b3a724b6d07e97259 2017-08-24
FileHash-MD5 fd8e27f820bdbdf6cb80a46c67fd978a 2017-08-24
FileHash-MD5 d543904651b180fd5e4dc1584e639b5e 2017-08-24
FileHash-MD5 8670710bc9477431a01a576b6b5c1b2a 2017-08-24
FileHash-MD5 7f6bca4f08c63e597bed969f5b729c56 2017-08-24
FileHash-MD5 9ad55b83f2eec0c19873a770b0c86a2f 2017-08-24
FileHash-MD5 83f57f0116a3b3d69ef7b1dbe9943801 2017-08-24
FileHash-MD5 a5d6ad8ad82c266fda96e076335a5080 2017-08-24
FileHash-MD5 2aabd78ef11926d7b562fd0d91e68ad3 2017-08-24
FileHash-MD5 e0b6f0d368c81a0fb197774d0072f759 2017-08-24
FileHash-MD5 93176df76e351b3ea829e0e6c6832bdf 2017-08-24
FileHash-MD5 acffb2823fc655637657dcbd25f35af8 2017-08-24
FileHash-MD5 08709ef0e3d467ce843af4deb77d74d5 2017-08-24
FileHash-MD5 68271df868f462c06e24a896a9494225 2017-08-24
FileHash-MD5 98a6484533fa12a9ba6b1bd9df1899dc 2017-08-24
FileHash-MD5 c8eb6040fd02d77660d19057a38ff769 2017-08-24
FileHash-MD5 62c4ce93050e48d623569c7dcc4d0278 2017-08-24
FileHash-MD5 bc626c8f11ed753f33ad1c0fe848d898 2017-08-24