← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
CozyCar’s New Ride Is Related to Seaduke
WHITE APT 29 AlienVault 2015-07-14 Modified: 2017-08-24
34
IOCs
MEDIUM VOLUME
Unit 42 has uncovered a new campaign from the CozyDuke threat actors, aka CozyCar [1], leveraging malware that appears to be related to the Seaduke malware described earlier this week by Symantec. [2]
aptcozycarseadukecozydukemalwareminiDionispaloalto
Indicators of Compromise (34)
All domain hostname FileHash-MD5
TYPEINDICATORDESCRIPTIONCREATED
domain kane-consulting.net 2017-08-24
domain redbluffchamber.com 2017-08-24
domain illuminatistudios.net 2017-08-24
hostname ff.whitebirchpaper.com 2017-08-24
hostname betawebservices.ntnonline.com 2017-08-24
hostname extranet.qualityplanning.com 2017-08-24
hostname staff.shasta.com 2017-08-24
hostname secure.hgl.com 2017-08-24
hostname edadmin.kearsney.com 2017-08-24
FileHash-MD5 c8b49b42e6ebb6b977ce7001b6bd96c8 2017-08-24
FileHash-MD5 0f9534b63cb7af1e3aa34839d7d6e632 2017-08-24
FileHash-MD5 70f5574e4e7ad360f4f5c2117a7a1ca7 2017-08-24
FileHash-MD5 01039a95e0a14767784acc8f07035935 2017-08-24
FileHash-MD5 3195110045f64a3c83fc3e043c46d253 2017-08-24
FileHash-MD5 26bd36cc57e30656363ca89910579f63 2017-08-24
FileHash-MD5 030da7510113c28ee68df8a19c643bb0 2017-08-24
FileHash-MD5 719cf63a3922953ceaca6fb4dbed6584 2017-08-24
FileHash-MD5 b55628a605a5dfb5005c44220ae03b8a 2017-08-24
FileHash-MD5 3a04a5d7ed785daa16f4ebfd3acf0867 2017-08-24
FileHash-MD5 ca770a4c9881afcd610aad30aa53f651 2017-08-24
FileHash-MD5 e00bf9b8261410744c10ae3fe2ce9049 2017-08-24
FileHash-MD5 b0a9a175e2407352214b2d005253bc0c 2017-08-24
FileHash-MD5 1dd593ad084e1526c8facce834b0e124 2017-08-24
FileHash-MD5 24083e6186bc773cd9c2e70a49309763 2017-08-24
FileHash-MD5 98613ecb3afde5fc48ca4204f8363f1d 2017-08-24
FileHash-MD5 4cbd9a0832dcf23867b092de37c10d9d 2017-08-24
FileHash-MD5 42ffc84c6381a18b1f6d000b94c74b09 2017-08-24
FileHash-MD5 51ea28f4f3fa794d5b207475897b1eef 2017-08-24
FileHash-MD5 f8cb10b2ee8af6c5555e9cf3701b845f 2017-08-24
FileHash-MD5 9018fa0826f237342471895f315dbf39 2017-08-24
FileHash-MD5 a9c045c401afb9766e2ca838dc6f47a4 2017-08-24
FileHash-MD5 2e64131c0426a18c1c363ec69ae6b5f2 2017-08-24
FileHash-MD5 e07ef8ffe965ec8b72041ddf9527cac4 2017-08-24
FileHash-MD5 f415470b9f0edc1298b1f6ae75dfaf31 2017-08-24
References (1)
↗ http://researchcenter.paloaltonetworks.com/2015/07/tracking-minidionis-cozycars-new-ride-is-related-to-seaduke/