← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Possible New APT29 Malware
WHITE CozyDuke AlienVault 2018-11-15 Modified: 2019-01-17
39
IOCs
MEDIUM VOLUME
FireEye devices detected intrusion attempts against multiple industries, including think tank, law enforcement, media, U.S. military, imagery, transportation, pharmaceutical, national government, and defense contracting.
dukesapt29cozyduke
Indicators of Compromise (3 / 39 total)
All URL domain FileHash-SHA256 email FileHash-MD5 FileHash-SHA1
TYPEINDICATORDESCRIPTIONCREATED
email vleger@tutanota.com 2018-11-15
email 0245@northshorehealthgm.org 2018-11-20
email dosonedrivenotifications-svct-mailboxe36625aaa85747214aa50342836a2315aaa36928202aa46271691a8255aaa15382822aa25821925a0245@northshorehealthgm.org 2018-11-20
References (4)
↗ https://twitter.com/DrunkBinary/status/1063075530180886529 ↗ https://twitter.com/FireEye/status/1063107895401857026 ↗ https://www.fireeye.com/blog/threat-research/2018/11/not-so-cozy-an-uncomfortable-examination-of-a-suspected-apt29-phishing-campaign.html ↗ https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/analysis-of-cyberattack-on-u-s-think-tanks-non-profits-public-sector-by-unidentified-attackers/