Pulse Detail — Threat Intelligence

PULSE NAME

A Slice of 2017 Sofacy Activity

WHITE Sofacy AlienVault 2018-02-20 Modified: 2018-02-20

IOCs

HIGH VOLUME

Sofacy, also known as APT28, Fancy Bear, and Tsar Team, is a highly active and prolific APT. From their high volume 0day deployment to their innovative and broad malware set, Sofacy is one of the top groups that we monitor, report, and protect against. 2017 was not any different in this regard.

Indicators of Compromise (39 / 96 total)

All domain FileHash-MD5 CVE

TYPE	INDICATOR	DESCRIPTION	CREATED
domain	adobe-flash-updates.org	—	2018-02-20
domain	adobeupgradeflash.com	—	2018-02-20
domain	analyticsbar.org	—	2018-02-20
domain	analyticstest.net	—	2018-02-20
domain	appexsrv.net	—	2018-02-20
domain	audiwheel.com	—	2018-02-20
domain	encoder-info.tk	—	2018-02-20
domain	etcrem.net	—	2018-02-20
domain	fastdataexchange.org	—	2018-02-20
domain	fsportal.net	—	2018-02-20
domain	generalsecurityscan.com	—	2018-02-20
domain	globalresearching.org	—	2018-02-20
domain	hostsvcnet.com	—	2018-02-20
domain	kiteim.org	—	2018-02-20
domain	lifeofmentalservice.com	—	2018-02-20
domain	liveweatherview.com	—	2018-02-20
domain	lvueton.com	—	2018-02-20
domain	meteost.com	—	2018-02-20
domain	miropc.org	—	2018-02-20
domain	movieultimate.com	—	2018-02-20
domain	mvband.net	—	2018-02-20
domain	mvtband.net	—	2018-02-20
domain	netcorpscanprotect.com	—	2018-02-20
domain	nethostnet.com	—	2018-02-20
domain	newfilmts.com	—	2018-02-20
domain	online-reggi.com	—	2018-02-20
domain	postlkwarn.com	—	2018-02-20
domain	ppcodecs.com	—	2018-02-20
domain	righttopregnantpower.com	—	2018-02-20
domain	satellitedeluxpanorama.com	—	2018-02-20
domain	securityprotectingcorp.com	—	2018-02-20
domain	sendmevideo.org	—	2018-02-20
domain	shcserv.com	—	2018-02-20
domain	treepastwillingmoment.com	—	2018-02-20
domain	uniquecorpind.com	—	2018-02-20
domain	versiontask.com	—	2018-02-20
domain	viters.org	—	2018-02-20
domain	webcdelivery.com	—	2018-02-20
domain	wmdmediacodecs.com	—	2018-02-20

References (1)

↗ https://securelist.com/a-slice-of-2017-sofacy-activity/83930/