← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Possible New APT29 Malware
WHITE CozyDuke AlienVault 2018-11-15 Modified: 2019-01-17
39
IOCs
MEDIUM VOLUME
FireEye devices detected intrusion attempts against multiple industries, including think tank, law enforcement, media, U.S. military, imagery, transportation, pharmaceutical, national government, and defense contracting.
dukesapt29cozyduke
Indicators of Compromise (5 / 39 total)
All URL domain FileHash-SHA256 email FileHash-MD5 FileHash-SHA1
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 1cc77858e5f3513a051a8cf2895891eebe52fdd604017b55030fed0d63cf3faf 2018-11-15
FileHash-SHA256 2cea2a1f53dac3f4fff156eacc2ecc8e98b1a64f0f5b5ee1c42c69d9a226c55c 2018-11-15
FileHash-SHA256 e2945268c976f8dc33ba9a8d1a804f00cff46aabc01cd3196651322a71863b87 2018-11-15
FileHash-SHA256 bb192911340e7df8560360c7acd92a7bd8e1c055e19955a2f572cd0b4ca5eb75 2018-11-16
FileHash-SHA256 b77ff307ea74a3ab41c92036aea4a049b3c2e69b12a857d26910e535544dfb05 2018-11-16
References (4)
↗ https://twitter.com/DrunkBinary/status/1063075530180886529 ↗ https://twitter.com/FireEye/status/1063107895401857026 ↗ https://www.fireeye.com/blog/threat-research/2018/11/not-so-cozy-an-uncomfortable-examination-of-a-suspected-apt29-phishing-campaign.html ↗ https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/analysis-of-cyberattack-on-u-s-think-tanks-non-profits-public-sector-by-unidentified-attackers/