Pulse Detail — Threat Intelligence

PULSE NAME

Possible New APT29 Malware

WHITE CozyDuke AlienVault 2018-11-15 Modified: 2019-01-17

IOCs

MEDIUM VOLUME

FireEye devices detected intrusion attempts against multiple industries, including think tank, law enforcement, media, U.S. military, imagery, transportation, pharmaceutical, national government, and defense contracting.

Indicators of Compromise (4 / 39 total)

All URL domain FileHash-SHA256 email FileHash-MD5 FileHash-SHA1

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-SHA1	8e928c550e5d44fb31ef8b6f3df2e914acd66873	—	2018-12-03
FileHash-SHA1	9858d5cb2a6614be3c48e33911bf9f7978b441bf	—	2018-12-03
FileHash-SHA1	cd92f19d3ad4ec50f6d19652af010fe07dca55e1	—	2018-12-03
FileHash-SHA1	e431261c63f94a174a1308defccc674dabbe3609	—	2018-12-03

References (4)

↗ https://twitter.com/DrunkBinary/status/1063075530180886529 ↗ https://twitter.com/FireEye/status/1063107895401857026 ↗ https://www.fireeye.com/blog/threat-research/2018/11/not-so-cozy-an-uncomfortable-examination-of-a-suspected-apt29-phishing-campaign.html ↗ https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/analysis-of-cyberattack-on-u-s-think-tanks-non-profits-public-sector-by-unidentified-attackers/