← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
A Slice of 2017 Sofacy Activity
WHITE Sofacy AlienVault 2018-02-20 Modified: 2018-02-20
96
IOCs
HIGH VOLUME
Sofacy, also known as APT28, Fancy Bear, and Tsar Team, is a highly active and prolific APT. From their high volume 0day deployment to their innovative and broad malware set, Sofacy is one of the top groups that we monitor, report, and protect against. 2017 was not any different in this regard.
sofacynatozebrocycentral asiagamefishapt28xagentdelphiukrainecoreshellwestern unionasiafancy bearaptkaspersky
Indicators of Compromise (96)
All domain FileHash-MD5 CVE
TYPEINDICATORDESCRIPTIONCREATED
domain adobe-flash-updates.org 2018-02-20
domain adobeupgradeflash.com 2018-02-20
domain analyticsbar.org 2018-02-20
domain analyticstest.net 2018-02-20
domain appexsrv.net 2018-02-20
domain audiwheel.com 2018-02-20
domain encoder-info.tk 2018-02-20
domain etcrem.net 2018-02-20
domain fastdataexchange.org 2018-02-20
domain fsportal.net 2018-02-20
domain generalsecurityscan.com 2018-02-20
domain globalresearching.org 2018-02-20
domain hostsvcnet.com 2018-02-20
domain kiteim.org 2018-02-20
domain lifeofmentalservice.com 2018-02-20
domain liveweatherview.com 2018-02-20
domain lvueton.com 2018-02-20
domain meteost.com 2018-02-20
domain miropc.org 2018-02-20
domain movieultimate.com 2018-02-20
domain mvband.net 2018-02-20
domain mvtband.net 2018-02-20
domain netcorpscanprotect.com 2018-02-20
domain nethostnet.com 2018-02-20
domain newfilmts.com 2018-02-20
domain online-reggi.com 2018-02-20
domain postlkwarn.com 2018-02-20
domain ppcodecs.com 2018-02-20
domain righttopregnantpower.com 2018-02-20
domain satellitedeluxpanorama.com 2018-02-20
domain securityprotectingcorp.com 2018-02-20
domain sendmevideo.org 2018-02-20
domain shcserv.com 2018-02-20
domain treepastwillingmoment.com 2018-02-20
domain uniquecorpind.com 2018-02-20
domain versiontask.com 2018-02-20
domain viters.org 2018-02-20
domain webcdelivery.com 2018-02-20
domain wmdmediacodecs.com 2018-02-20
FileHash-MD5 02b79c468c38c4312429a499fa4f6c81 2018-02-20
FileHash-MD5 0b32e65caf653d77cab2a866ee2d9dbc 2018-02-20
FileHash-MD5 116d2fc1665ce7524826a624be0ded1c 2018-02-20
FileHash-MD5 139c9ac0776804714ebe8b8d35a04641 2018-02-20
FileHash-MD5 1421419d1be31f1f9ea60e8ed87277db 2018-02-20
FileHash-MD5 16e1ca26bc66e30bfa52f8a08846613d 2018-02-20
FileHash-MD5 1a4b9a6b321da199aa6d10180e889313 2018-02-20
FileHash-MD5 1c6f8eba504f2f429abf362626545c79 2018-02-20
FileHash-MD5 20ff290b8393f006eaf4358f09f13e99 2018-02-20
FileHash-MD5 2163a33330ae5786d3e984db09b2d9d2 2018-02-20
FileHash-MD5 237e6dcbc6af50ef5f5211818522c463 2018-02-20
FileHash-MD5 27faa10d1bec1a25f66e88645c695016 2018-02-20
FileHash-MD5 296c956fe429cedd1b64b78e66797122 2018-02-20
FileHash-MD5 2f04b8eb993ca4a3d98607824a10acfb 2018-02-20
FileHash-MD5 34dc9a69f33ba93e631cd5048d9f2624 2018-02-20
FileHash-MD5 4b02dfdfd44df3c88b0ca8c2327843a4 2018-02-20
FileHash-MD5 4cafde8fa7d9e67194d4edd4f2adb92b 2018-02-20
FileHash-MD5 504182aaa5575bb38bf584839beb6d51 2018-02-20
FileHash-MD5 529424eae07677834a770aaa431e6c54 2018-02-20
FileHash-MD5 57601d717fcf358220340675f8d63c8a 2018-02-20
FileHash-MD5 5882a8dd4446abd137c05d2451b85fea 2018-02-20
FileHash-MD5 62deab0e5d61d6bf9e0ba83d9e1d7e2b 2018-02-20
FileHash-MD5 647edddf61954822ddb7ab3341f9a6c5 2018-02-20
FileHash-MD5 66b4fb539806ce27be184b6735584339 2018-02-20
FileHash-MD5 82f06d7157dd28a75f1fbb47728aea25 2018-02-20
FileHash-MD5 842454b48f5f800029946b1555fba7fc 2018-02-20
FileHash-MD5 85cd38f9e2c9397a18013a8921841a04 2018-02-20
FileHash-MD5 86b607fe63c76b3d808f84969cb1a781 2018-02-20
FileHash-MD5 88009adca35560810ec220544e4fb6aa 2018-02-20
FileHash-MD5 8c3f5f1fff999bc783062dd50357be79 2018-02-20
FileHash-MD5 8f9f697aa6697acee70336f66f295837 2018-02-20
FileHash-MD5 953c7321c4959655fdd53302550ce02d 2018-02-20
FileHash-MD5 9a975e0ddd32c0deef1318c485358b20 2018-02-20
FileHash-MD5 9b10685b774a783eabfecdb6119a8aa3 2018-02-20
FileHash-MD5 9fe3a0fb3304d749aeed2c3e2e5787eb 2018-02-20
FileHash-MD5 aa2aac4606405d61c7e53140d35d7671 2018-02-20
FileHash-MD5 aa34fb2e5849bff4144a1c98a8158970 2018-02-20
FileHash-MD5 aced5525ba0d4f44ffd01c4db2730a34 2018-02-20
FileHash-MD5 b137c809e3bf11f2f5d867a6f4215f95 2018-02-20
FileHash-MD5 b1d1a2c64474d2f6e7a5db71ccbafa31 2018-02-20
FileHash-MD5 b6f77273cbde76896a36e32b0c0540e1 2018-02-20
FileHash-MD5 b88633376fbb144971dcb503f72fd192 2018-02-20
FileHash-MD5 b924ff83d9120d934bb49a7a2e3c4292 2018-02-20
FileHash-MD5 bed5bc0a8aae2662ea5d2484f80c1760 2018-02-20
FileHash-MD5 c789ec7537e300411d523aef74407a5e 2018-02-20
FileHash-MD5 cdb58c2999eeda58a9d0c70f910d1195 2018-02-20
FileHash-MD5 d4a5d44184333442f5015699c2b8af28 2018-02-20
FileHash-MD5 d6f2bf2066e053e58fe8bcd39cb2e9ad 2018-02-20
FileHash-MD5 d79a21970cad03e22440ea66bd85931f 2018-02-20
FileHash-MD5 e228cd74103dc069663bb87d4f22d7d5 2018-02-20
FileHash-MD5 e8e1fcf757fe06be13bead43eaa1338c 2018-02-20
FileHash-MD5 ede5d82bb6775a9b1659dccb699fadcb 2018-02-20
FileHash-MD5 f62182cf0ab94b3c97b0261547dfc6cf 2018-02-20
FileHash-MD5 f6b2ef4daf1b78802548d3e6d4de7ba7 2018-02-20
FileHash-MD5 f8e92d8b5488ea76c40601c8f1a08790 2018-02-20
CVE CVE-2017-0263 2018-02-20
CVE CVE-2017-0262 2018-02-20
References (1)
↗ https://securelist.com/a-slice-of-2017-sofacy-activity/83930/