← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
The Dukes aren’t back — they never left
WHITE Dukes AlienVault 2019-10-17 Modified: 2019-10-17
94
IOCs
HIGH VOLUME
It is exceptionally rare for a well-documented threat actor, previously implicated in very high-profile attacks, to stay completely under the radar for several years. Yet, in the last three years that is what APT group the Dukes (aka APT29 and Cozy Bear) has done. Despite being well known as one of the groups to hack the Democratic National Committee in the run-up to the 2016 US election, the Dukes has received little subsequent attention. The last documented campaign attributed to them is a phishing campaign against the Norwegian government that dates back to January 2017
Dukes
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
MiniDuke
Indicators of Compromise (18 / 94 total)
All domain FileHash-SHA256 URL hostname FileHash-MD5 FileHash-SHA1
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 153d19bf9fd09973df56a32a534122a3f7735dbeaecff7b294a93c01707b3bfa 2019-10-17
FileHash-SHA256 a8c966b211b7f674af5a1541b65b45e52b15f772927c71160741e656519dde36 2019-10-17
FileHash-SHA256 9b33ec7f5e615a6556f147b611425d3ca4a8879ce746d4a8cb62adf4c7f76029 2019-10-17
FileHash-SHA256 0be57d1244fefc679feb7aa9996e539481be7b8f4c9246817f81caa8c2f61a57 2019-10-17
FileHash-SHA256 9da31189cd6b4ca840ba84cc5c9d01a89c69e04cdaeb55b77d4588f993f76bfc 2019-10-17
FileHash-SHA256 ba48e087c070c711b25d1d86b354b559081cb4059c4e992dd1835861b5dbed1a 2019-10-17
FileHash-SHA256 a8f8e93a3426f76260d10e168dc587ed82a90e773cd750dad58a6be29031fd8b 2019-10-17
FileHash-SHA256 40632efe4d505cad53746150ee3f7e356f67f6e79079ed73a0d31311912037f1 2019-10-17
FileHash-SHA256 4f2e0453bc7505affb517b78c7c3804a79affe74d5fa947c1762d8631cc6a155 2019-10-17
FileHash-SHA256 f9d338ed8fc57b36275efaff4387d2450c4eac57f4d2d8367111ed7d9f2b168d 2019-10-17
FileHash-SHA256 57ce5b1dd5666a075f0491f864087dc00f5cde45e7d23db1fcc4ba8fd0e91ac0 2019-10-17
FileHash-SHA256 5b8467a9a89d83d721d28fb45fbe0ce53a9ee284b7aad93bff178ed6ea26247a 2019-10-17
FileHash-SHA256 b53a3d03e86bb17b58a5b2be337b4da821816524659befa966df67b3b9017943 2019-10-17
FileHash-SHA256 ba08468d8847c9c62325dd266491e8da917caa8e710cf5b662debfc6fa8ca1c2 2019-10-17
FileHash-SHA256 a95449f7c7c1ea5359bd76f25f57b89802d94f649ba059b910d8e46d9a914fcf 2019-10-17
FileHash-SHA256 9fed53548c8b517134797f760729ff23dfc0c645bc46833ff414b7bc68aca8f0 2019-10-17
FileHash-SHA256 6057b19975818ff4487ee62d5341834c53ab80a507949a52422ab37c7c46b7a1 2019-10-17
FileHash-SHA256 f5a66707f51c21f0acf18243245a4902d4df62a9506bcf69938433bb1e0d4517 2019-10-17
References (1)
↗ https://www.welivesecurity.com/wp-content/uploads/2019/10/ESET_Operation_Ghost_Dukes.pdf