Transparency Myanmar

transparency.myanmar@gmail.com



 This post is for all of you, Russian malware lovers/haters. Analyze it all to your heart's content. Prove or disprove Russian hacking in general or DNC hacking in particular, or find that "400 lb hacker" or  nail another country altogether.  You can also have fun and exercise your malware analysis skills without any political agenda.



The post contains malware samples analyzed in the APT28 reports linked below. I will post APT29 and others later.




Read about groups and types of targeted threats here: Mitre ATT&CK

List of References (and samples mentioned) listed from oldest to newest:

  1. APT28_2011-09_Telus_Trojan.Win32.Sofacy.A
  2. APT28_2014-08_MhtMS12-27_Prevenity
  3. APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.Operations
  4. APT28_2014-10_Telus_Coreshell.A
  5. APT28_2014-10_TrendMicro Operation Pawn StormUsing Decoys to Evade Detection
  6. APT28_2015-07_Digital Attack on German Parliament
  7. APT28_2015-07_ESET_Sednit_meet_Hacking
  8. APT28_2015-07_Telus_Trojan-Downloader.Win32.Sofacy.B
  9. APT28_2015-09_Root9_APT28_Technical_Followup
  10. APT28_2015-09_SFecure_Sofacy-recycles-carberp-and-metasploit-code
  11. APT28_2015-10_New Adobe Flash Zero-Day Used in Pawn Storm
  12. APT28_2015-10_Root9_APT28_targets Financial Markets
  13. APT28_2015-12_Bitdefender_In-depth_analysis_of_APT28–The_Political_Cyber-Espionage
  14. APT28_2015-12_Kaspersky_Sofacy APT hits high profile targets
  15. APT28_2015_06_Microsoft_Security_Intelligence_Report_V19
  16. APT28_2016-02_PaloAlto_Fysbis Sofacy Linux Backdoor
  17. APT29_2016-06_Crowdstrike_Bears in the Midst Intrusion into the Democratic National Committee << DNC (NOTE: this is APT29)
  18. APT28_2016-07_Invincea_Tunnel of Gov DNC Hack and the Russian XTunnel
  19. APT28_2016-10_ESET_Observing the Comings and Goings
  20. APT28_2016-10_ESET_Sednit A Mysterious Downloader
  21. APT28_2016-10_ESET_Sednit Approaching the Target
  22. APT28_2016-10_Sekoia_Rootkit analysisUse case on HideDRV
  23. APT28_2017-02_Bitdefender_OSX_XAgent  << OSX XAgent



Download


Download sets (matching research listed above). Email me if you need the password
          Download all files/folders listed (72MB)



Sample list



Parent FolderFile Name (SHA1)MD5 ChecksumSHA256 Checksum
APT28APT28_2011-09_Telus_Trojan.Win32.Sofacy.A
APT28_2011-09_Telus_Trojan.Win32.Sofacy.A28F21E96E0722DD6FC7D6E1275F352BD060ADE0D1e217668d89b480ad42e230e8c2c4d971feb41c4a64a7588d1e8e02497627654e9d031e7020d010541d8a8626447dbe9
APT28_2011-09_Telus_Trojan.Win32.Sofacy.A72CFD996957BDE06A02B0ADB2D66D8AA9C25BF37ed7f6260dec470e81dafb0e63bafb5ae7313eaf95a8a8b4c206b9afe306e7c0675a21999921a71a5a16456894571d21d
APT28_2011-09_Telus_Trojan.Win32.Sofacy.AAC6B465A13370F87CF57929B7CFD1E45C3694585e1554b931affb3cd2edc90bc580280785ab8ef93fdeaac9af258845ab52c24d31140c8fffc5fdcf465529c8e00c508ac
APT28_2011-09_Telus_Trojan.Win32.Sofacy.AC01B02CCC86ACBD9B266B09D2B693CB39A2C68099e4817f7bf36a61b363e0911cc0f08b931a0906b0d8b07167129e134009dc307c2d92522da5709e52b67d3c5a70adf93
APT28APT28_2014-08_MhtMS12-27_Prevenity
APT28_2014-08_MhtMS12-27_Prevenity33EEC0D1AE550FB33874EDCE0138F485538BB21B__.mht_d3de5b8500453107d6d152b3c850693555038c4326964f480fd2160b6b2a7aff9e980270d7765418937b3daeb4e82814
APT28_2014-08_MhtMS12-27_Prevenity8DEF0A554F19134A5DB3D2AE949F9500CE3DD2CE_filee.dll_16a6c56ba458ec718b4e9bc8f9f10785ce554d57333bdbccebb5e2e8d16a304947981e48ea2a5cc3d5f4ced7c1f56df3
APT28_2014-08_MhtMS12-27_PrevenityA8551397E1F1A2C0148E6EADCB56FA35EE6009CA_coreshell.dll_48656a93f9ba39410763a2196aabc67fc8087186a215553d2f95c68c03398e17e67517553f6e9a8adc906faa51bce946
APT28_2014-08_MhtMS12-27_PrevenityE338A57C35A4732BBB5F738E2387C1671A002BCB_advstorshell.dll_d7a625779df56d874871bb632f3e310611097a7a3336e0ab124fa921b94e3d51c4e9e4424e140e96127bfcf1c10ef110
APT28APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.Operations
APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.Operations367D40465FD1633C435B966FA9B289188AA444BC__tmp64.dat_791428601ad12b9230b9ace4f213871329cc2e69f65b9ce5fe04eb9b65942b2dabf48e41770f0a49eb698271b99d2787
APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.Operations6316258CA5BA2D85134AD7427F24A8A51CE4815B_coreshell.dll_da2a657dc69d7320f2ffc87013f257add54173be095b688016528f18dc97f2d583efcf5ce562ec766afc0b294eb51ac7
APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.Operations682E49EFA6D2549147A21993D64291BFA40D815A_coreshell.dll_3b0ecd011500f61237c205834db0e13a7f6f9645499f5840b59fb59525343045abf91bc57183aae459dca98dc8216965
APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.Operations85522190958C82589FA290C0835805F3D9A2F8D6_coreshell.dll_8b92fe86c5b7a9e34f433a6fbac8bc3a03ed773bde6c6a1ac3b24bde6003322df8d41d3d1c85109b8669c430b58d2f69
APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.OperationsA8551397E1F1A2C0148E6EADCB56FA35EE6009CA_coreshell.dll_48656a93f9ba39410763a2196aabc67fc8087186a215553d2f95c68c03398e17e67517553f6e9a8adc906faa51bce946
APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.OperationsCF3220C867B81949D1CE2B36446642DE7894C6DC_coreshell.dll_5882fda97fdf78b47081cc4105d44f7c744f2a1e1a62dff2a8d5bd273304a4d21ee37a3c9b0bdcffeeca50374bd10a39
APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.OperationsD87B310AA81AE6254FFF27B7D57F76035F544073_coreshell.dll_272f0fde35dbdfccbca1e33373b3570d423a0799efe41b28a8b765fa505699183c8278d5a7bf07658b3bd507bfa5346f
APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.OperationsD9C53ADCE8C35EC3B1E015EC8011078902E6800B_coreshell.dll_1259c4fe5efd9bf07fc4c78466f2dd09102b0158bcd5a8b64de44d9f765193dd80df1504e398ce52d37b7c8c33f2552a
APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.OperationsE2450DFFA675C61AA43077B25B12851A910EEEB6_ coreshell.dll_9eebfebe3987fec3c395594dc57a0c4ce6d09ce32cc62b6f17279204fac1771a6eb35077bb79471115e8dfed2c86cd75
APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.OperationsED48EF531D96E8C7360701DA1C57E2FF13F12405_coreshell.dll_ead4ec18ebce6890d20757bb9f5285b17695f20315f84bb1d940149b17dd58383210ea3498450b45fefa22a450e79683
APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.OperationsF5B3E98C6B5D65807DA66D50BD5730D35692174D_asdfasdf.dat_8c4fa713c5e2b009114adda758adc445d58f2a799552aff8358e9c63a4345ea971b27edd14b8eac825db30a8321d1a7a
APT28APT28_2014-10_Telus_Coreshell.A
APT28_2014-10_Telus_Coreshell.AD87B310AA81AE6254FFF27B7D57F76035F544073_coreshell.dll_272f0fde35dbdfccbca1e33373b3570d423a0799efe41b28a8b765fa505699183c8278d5a7bf07658b3bd507bfa5346f
APT28APT28_2014-10_TrendMicro Operation Pawn Storm
APT28_2014-10_TrendMicro Operation Pawn Storm0A3E6607D5E9C59C712106C355962B11DA2902FC_Case2_S.vbs_exe_db9edafbadd71c7a3a0f0aec1b216a92b3d624c4287795a7fbddd617f57705153d30f5f4c4d2d1fec349ac2812c3a8a0
APT28_2014-10_TrendMicro Operation Pawn Storm0E12C8AB9B89B6EB6BAF16C4B3BBF9530067963F_Case2_Military CooperationDecoy.doc_7fcf20302404f644fb07fe9d4fe9ac8477166146463b9124e075f3a7925075f969974e32746c78d022ba99f578b9f0bb
APT28_2014-10_TrendMicro Operation Pawn Storm14BEEB0FC5C8C887D0435009730B6370BF94BC93_Case5Payload2_netids.dll_35717cd78ce713067a5037286cf91c3e1b3dd8aaafd750aa85185dc52672b26d67d662796847d7cbb01a35b565e74d35
APT28_2014-10_TrendMicro Operation Pawn Storm3814EEC8C45FC4313A9C7F65CE882A7899CF0405_Case4_NetIds.dll_a24552843b9fedd7d0084e1eb1dd6e35966660738c9e3ec103c2f8fe361c8ac20647cacaa5153197fa1917e9da99082e
APT28_2014-10_TrendMicro Operation Pawn Storm4B8806FE8E0CB49E4AA5D8F87766415A2DB1E9A9_Case2dropper_cryptmodule.exe_41e14894f4ad9494e0359ee5bb3d9745684f4b9ea61e14a15e82cac25076c5afe2d30e3dad7ce0b1b375b24d81135c37
APT28_2014-10_TrendMicro Operation Pawn Storm550ABD71650BAEA05A0071C4E084A803CB413C31_Case2_skype.exe_7276d1dab1125f59604252159e0c529c81f0f5fcb3cb8a63e8a3713b4107b89d888cb722cb6c7586c7fcdb45f5310174
APT28_2014-10_TrendMicro Operation Pawn Storm55318328511961EC339DFDDCA0443068DCCE9CD2_Case3_conhost.dll_f1704aaf08cd66a2ac6cf8810c9e07c274bdd9c250b0f4f27c0ecfeca967f53b35265c785d67406cc5e981a807d741bd
APT28_2014-10_TrendMicro Operation Pawn Storm5A452E7248A8D3745EF53CF2B1F3D7D8479546B9_Case3_netui.dll_keylogaa3e6af90c144112a1ad0c19bdf873ff4536650c9c5e5e1bb57d9bedf7f9a543d6f09addf857f0d802fb64e437b6844a
APT28_2014-10_TrendMicro Operation Pawn Storm6ADA11C71A5176A82A8898680ED1EAA4E79B9BC3_Case1_Letter to IAEA.pdf_decoy76d3eb8c2bed4f2588e22b8d0984af86b0f1f553a847f3244f434541edbf26904e2de18cca8db8f861ea33bb70942b61
APT28_2014-10_TrendMicro Operation Pawn Storm6B875661A74C4673AE6EE89ACC5CB6927CA5FD0D_Case2Payload2_ netids.dll_42bc93c0caddf07fce919d126a6e378f9392776d6d8e697468ab671b43dce2b7baf97057b53bd3517ecd77a081eff67d
APT28_2014-10_TrendMicro Operation Pawn Storm72CFD996957BDE06A02B0ADB2D66D8AA9C25BF37_Case1_saver.scr_ed7f6260dec470e81dafb0e63bafb5ae7313eaf95a8a8b4c206b9afe306e7c0675a21999921a71a5a16456894571d21d
APT28_2014-10_TrendMicro Operation Pawn Storm78D28072FDABF0B5AAC5E8F337DC768D07B63E1E_Case5_IDF_Spokesperson_Terror_Attack_011012.doc_1ac15db72e6d4440f0b4f710a516b1650cccb9d951ba888c0c37bb0977fbb3682c09f9df1b537eede5a1601e744a01ad
APT28_2014-10_TrendMicro Operation Pawn Storm7FBB5A2E46FACD3EE0C945F324414210C2199FFB_Case5payload_saver.scr_c16b07f7590a8620a8f0f687b0bd8bd8cb630234494f2424d8e158c6471f0b6d0643abbdf2f3e378bc2f68c9e7bca9eb
APT28_2014-10_TrendMicro Operation Pawn Storm88F7E271E54C127912DB4DB49E37D93AEA8A49C9_Case3_download_msmvs.exe_66f368cab3d5e64475a91f636c87af15e8ac9acc6fa3283276bbb77cff2b54d963066659b65e48cd8803a2007839af25
APT28_2014-10_TrendMicro Operation Pawn Storm8DEF0A554F19134A5DB3D2AE949F9500CE3DD2CE_Case6_dropper_filee.dll_16a6c56ba458ec718b4e9bc8f9f10785ce554d57333bdbccebb5e2e8d16a304947981e48ea2a5cc3d5f4ced7c1f56df3
APT28_2014-10_TrendMicro Operation Pawn Storm956D1A36055C903CB570890DA69DEABAACB5A18A_Case2_International Military.rtf_d994b9780b69f611284e22033e435edb342e1f591ab45fcca6cee7f5da118a99dce463e222c03511c3f1288ac2cf82c8
APT28_2014-10_TrendMicro Operation Pawn Storm9C622B39521183DD71ED2A174031CA159BEB6479_Case3_conhost.dll__d4e99548832b6999f00e8d223c6fabbdd5debe5d88e76a409b9bc3f69a02a7497d333934d66f6aaa30eb22e45b81a9ab
APT28_2014-10_TrendMicro Operation Pawn StormA8551397E1F1A2C0148E6EADCB56FA35EE6009CA_Case6_Coreshell.dll_48656a93f9ba39410763a2196aabc67fc8087186a215553d2f95c68c03398e17e67517553f6e9a8adc906faa51bce946
APT28_2014-10_TrendMicro Operation Pawn StormA90921C182CB90807102EF402719EE8060910345_Case4_APEC Media list 2013 Part1.xls_aeebfc9eb9031e423797a5af1985242de8d3f1e4e0d7c19e195d92be5cb6b3617a0496554c892e93b66a75c411745c05
APT28_2014-10_TrendMicro Operation Pawn StormAC6B465A13370F87CF57929B7CFD1E45C3694585_Case4Payload_dw20.t_e1554b931affb3cd2edc90bc580280785ab8ef93fdeaac9af258845ab52c24d31140c8fffc5fdcf465529c8e00c508ac
APT28_2014-10_TrendMicro Operation Pawn StormB3098F99DB1F80E27AEC0C9A5A625AEDAAB5899A_APEC Media list 2013 Part2.xls_decoybebb3675cfa4adaba7822cc8c39f55bf8fc4fe966ef4e7ecf635283a6fa6bacd8586ee8f0d4d39c6faffd49d60b01cb9
APT28_2014-10_TrendMicro Operation Pawn StormBC58A8550C53689C8148B021C917FB4AEEC62AC1_Case5Payload_install.exe_c43edb579e43aaeb6f0c0703f84e43f77dd063acdfb00509b3b06718b39ae53e2ff2fc080094145ce138abb1f2253de4
APT28_2014-10_TrendMicro Operation Pawn StormC5CE5B7D10ACCB04A4E45C3A4DCF10D16B192E2F_Case1Payload_netids.dll_85c80d01661f88ec556579e772a5a3db461f5340f9ea47344f86bb7302fbaaa0567605134ec880eef34fa9b40926eb70
APT28_2014-10_TrendMicro Operation Pawn StormD0AA4F3229FCD9A57E9E4F08860F3CC48C983ADDml.rtfa24d2f5258f8a0c3bddd1b5636b0ec57992caa9e8de503fb304f97d1ab0b92202d2efb0d1353d19ce7bec512faf76491
APT28_2014-10_TrendMicro Operation Pawn StormDAE7FAA1725DB8192AD711D759B13F8195A18821_Case6_MH17.doc_decoy388594cd1bef96121be291880b22041aadf344f12633ab0738d25e38f40c6adc9199467838ec14428413b1264b1bf540
APT28_2014-10_TrendMicro Operation Pawn StormE338A57C35A4732BBB5F738E2387C1671A002BCB_Case6_advstoreshell.dll_d7a625779df56d874871bb632f3e310611097a7a3336e0ab124fa921b94e3d51c4e9e4424e140e96127bfcf1c10ef110
APT28_2014-10_TrendMicro Operation Pawn StormF542C5F9259274D94360013D14FFBECC43AAE552_Case5Decoy_IDF_Spokesperson_Terror_Attack_011012.doc_77aa465744061b4b725f73848aebdff691f750f422fd3ff361fabca02901830ef3f6e5829f6e8db9c1f518a1a3cac08c
APT28_2014-10_TrendMicro Operation Pawn Stormwp-operation-pawn-storm.pdfce254486b02be740488c0ab3278956fd9b8495ff1d023e3ae7aed799f02d9cf24422a38dfb9ed37c0bdc65da55b4ee42
APT28APT28_2015-07_Digital Attack on German Parliament
APT28_2015-07_Digital Attack on German Parliament0450AAF8ED309CA6BAF303837701B5B23AAC6F05_servicehost.dll_800af1c9d341b846a856a1e686be6a3e566ab945f61be016bfd9e83cc1b64f783b9b8deb891e6d504d3442bc8281b092
APT28_2015-07_Digital Attack on German ParliamentCDEEA936331FCDD8158C876E9D23539F8976C305_exe_5e70a5c47c6b59dae7faf0f2d62b28b3730a0e3daf0b54f065bdd2ca427fbe10e8d4e28646a5dc40cbcfb15e1702ed9a
APT28_2015-07_Digital Attack on German ParliamentDigital Attack on German Parliament_ Investigative Report on the Hack of the Left Party Infrastructure in Bundestag _ netzpolitik.pdf28d4cc2a378633e0ad6f3306cc067c43e83e2185f9e1a5dbc550914dcbc7a4d0f8b30a577ddb4cd8a0f36ac024a68aa0
APT28_2015-07_Digital Attack on German ParliamentF46F84E53263A33E266AAE520CB2C1BD0A73354E_winexesvc.exe_77e7fb6b56c3ece4ef4e93b6dc608be05130f600cd9a9cdc82d4bad938b20cbd2f699aadb76e7f3f1a93602330d9997d
APT28APT28_2015-07_ESET_Sednit_meet_Hacking
APT28_2015-07_ESET_Sednit_meet_Hacking51B0E3CD6360D50424BF776B3CD673DD45FD0F97.exe_973e0c922eb07aad530d8a1de19c77557c4101caf833aa9025fec4f04a637c049c929459ad3e4023ba27ac72bde7638d
APT28_2015-07_ESET_Sednit_meet_HackingB8B3F53CA2CD64BD101CB59C6553F6289A72D9BBdll_dcf6906a9a0c970bcd93f451b9b7932a9a527274f99865a7d70487fe22e62f692f8b239d6cb80816b919734c7c741584
APT28_2015-07_ESET_Sednit_meet_HackingD43FD6579AB8B9C40524CC8E4B7BD05BE6674F6C_warfsgfdydcikf.mkv.swf_557f8d4c6f8b386c32001def807dc71584ad945d1ab58591efb21b863320f533c53b2398a1bc690d221e1c1c77fa27ff
APT28APT28_2015-07_Telus_Trojan-Downloader.Win32.Sofacy.B
APT28_2015-07_Telus_Trojan-Downloader.Win32.Sofacy.BB8B3F53CA2CD64BD101CB59C6553F6289A72D9BB.dll_dcf6906a9a0c970bcd93f451b9b7932a9a527274f99865a7d70487fe22e62f692f8b239d6cb80816b919734c7c741584
APT28APT28_2015-09_Root9_APT28_Technical_Followup
APT28_2015-09_Root9_APT28_Technical_Followup0450AAF8ED309CA6BAF303837701B5B23AAC6F05_servicehost.dll_800af1c9d341b846a856a1e686be6a3e566ab945f61be016bfd9e83cc1b64f783b9b8deb891e6d504d3442bc8281b092
APT28_2015-09_Root9_APT28_Technical_FollowupCDEEA936331FCDD8158C876E9D23539F8976C305_exe_5e70a5c47c6b59dae7faf0f2d62b28b3730a0e3daf0b54f065bdd2ca427fbe10e8d4e28646a5dc40cbcfb15e1702ed9a
APT28_2015-09_Root9_APT28_Technical_FollowupF46F84E53263A33E266AAE520CB2C1BD0A73354E_winexesvc.exe_77e7fb6b56c3ece4ef4e93b6dc608be05130f600cd9a9cdc82d4bad938b20cbd2f699aadb76e7f3f1a93602330d9997d
APT28APT28_2015-09_SFecure_Sofacy-recycles-carberp-and-metasploit-code
APT28_2015-09_SFecure_Sofacy-recycles-carberp-and-metasploit-codeDlls
Dlls21835AAFE6D46840BB697E8B0D4AAC06DEC44F5B211b7100fd799e9eaabeb13cfa4462313d13f2e5b241168005425b15410556bcf26d04078da6b2ef42bc0c2be7654bf8
Dlls3B52046DD7E1D5684EABBD9038B651726714AB69d535c3fc5f0f98e021bea0d6277d2559d4525abc9dd2b7ab7f0c22e58a0117980039afdf15bed04bb0c637cd41fbfb9d
Dlls5C3E709517F41FEBF03109FA9D597F2CCC495956ac75fd7d79e64384b9c4053b37e5623f0ac7b666814fd016b3d21d7812f4a272104511f90ca666fa13e9fb6cefa603c7
Dlls7319A2751BD13B2364031F1E69035ACFC4FD4D18c0d1762561f8c2f812d868a3939d23f08325cd6e26fb39cf7a08787e771a6cf708e0b45350d1ea239982af06db90804f
Dlls9FC43E32C887B7697BF6D6933E9859D29581EAD0a3c757af9e7a9a60e235d08d54740fbcbf28267386a010197a50b65f24e815aa527f2adbc53c609d2b2a4f999a639413
DllsAC61A299F81D1CFF4EA857AFD1B323724AAC3F04acf8cda38b0d1b6a0d3664a0e33deb96638e7ca68643d4b01432f0ecaaa0495b805cc3cccc17a753b0fa511d94a22bdd
DllsB8B3F53CA2CD64BD101CB59C6553F6289A72D9BBdcf6906a9a0c970bcd93f451b9b7932a9a527274f99865a7d70487fe22e62f692f8b239d6cb80816b919734c7c741584
DllsD3AA282B390A5CB29D15A97E0A046305038DBEFE18efc091b431c39d3e59be445429a7bceae782130b06d95f3373ff7d5c0977a8019960bdf80614c1aa7e324dc350428a
DllsD85E44D386315B0258847495BE1711450AC02D9Fc4ffab85d84b494e1c450819a0e9c7db500fa112a204b6abb365101013a17749ce83403c30cd37f7c6f94e693c2d492f
DllsED9F3E5E889D281437B945993C6C2A80C60FDEDC2dfc90375a09459033d430d046216d22261b0a5912965ea95b8ae02aae1e761a61f9ad3a9fb85ef781e62013d6a21368
DllsF7608EF62A45822E9300D390064E667028B75DEA75f71713a429589e87cf2656107d2bfcb6fff95a74f9847f1a4282b38f148d80e4684d9c35d9ae79fad813d5dc0fd7a9
APT28_2015-09_SFecure_Sofacy-recycles-carberp-and-metasploit-codeDroppers
Droppers015425010BD4CF9D511F7FCD0FC17FC17C23EEC1c2a0344a2bbb29d9b56d378386afcbed63d0b28114f6277b901132bc1cc1f541a594ee72f27d95653c54e1b73382a5f6
Droppers4FAE67D3988DA117608A7548D9029CADDBFB3EBFc6a80316ea97218df11e11125337233ab0b3f0d6e6c593e2a2046833080574f98566c48a1eda865b2e110cd41bf31a31
Droppers51B0E3CD6360D50424BF776B3CD673DD45FD0F97973e0c922eb07aad530d8a1de19c77557c4101caf833aa9025fec4f04a637c049c929459ad3e4023ba27ac72bde7638d
Droppers63D1D33E7418DAF200DC4660FC9A59492DDD50D92d4eaa0331abbc6d867f5f979b2c890db4f755c91c2790f4ab9bac4ee60725132323e13a2688f3d8939ae9ed4793d014
DroppersB4A515EF9DE037F18D96B9B0E48271180F5725B7afe09fb5a2b97f9e119f70292092604ed93f22d46090bfc19ef51963a781eeb864390c66d9347e86e03bba25a1fc29c5
DroppersB7788AF2EF073D7B3FB84086496896E7404E625Eeda061c497ba73441994a30e36f55b1db1800cb1d4b755e05b0fca251b8c6da96bb85f8042f2d755b7f607cbeef58db8
DroppersB8AABE12502F7D55AE332905ACEE80A10E3BC39991381cd82cdd5f52bbc7b30d34cb8d831a09ce8a9210d2530d6ce1d59bfae2ac617ac89558cdcdcac15392d176e70c8d
DroppersF3D50C1F7D5F322C1A1F9A72FF122CAC990881EE77089c094c0f2c15898ff0f021945148eb6620442c3ab327f3ccff1cc6d63d6ffe7729186f7e8ac1dbbbfddd971528f0
APT28APT28_2015-10_New Adobe Flash Zero-Day Used in Pawn Storm
APT28_2015-10_New Adobe Flash Zero-Day Used in Pawn Storm2DF498F32D8BAD89D0D6D30275C19127763D5568763D5568.swf_6ca857721be6fff26b10867c99bd8c80b4064721d911e9606edf366173325945f9e940e489101e7d0747103c0e905126
APT28_2015-10_New Adobe Flash Zero-Day Used in Pawn StormA5FCA59A2FAE0A12512336CA1B78F857AFC06445AFC06445_ mgswizap.dll_f1d3447a2bff56646478b0adb7d0451c5a414a39851c4e22d4f9383211dfc080e16e2caffd90fa06dcbe51d11fdb0d6c
APT28APT28_2015-10_Root9_APT28_targets Financial Markets
APT28_2015-10_Root9_APT28_targets Financial Markets0450AAF8ED309CA6BAF303837701B5B23AAC6F05_servicehost.dll_800af1c9d341b846a856a1e686be6a3e566ab945f61be016bfd9e83cc1b64f783b9b8deb891e6d504d3442bc8281b092
APT28_2015-10_Root9_APT28_targets Financial MarketsF325970FD24BB088F1BEFDAE5788152329E26BF3_SupUpNvidia.exe_0369620eb139c3875a62e36bb7abdae8b1f2d461856bb6f2760785ee1af1a33c71f84986edf7322d3e9bd974ca95f92d
APT28APT28_2015-12_Bitdefender_In-depth_analysis_of_APT28â€"The_Political_Cyber-Espionage
APT28_2015-12_Bitdefender_In-depth_analysis_of_APT28â€"The_Political_Cyber-EspionageBitdefender_In-depth_analysis_of_APT28â€"The_Political_Cyber-Espionage.pdf1a5d89f6fd3f1ed5f4e76084b0fa7806a76b1ec9d196b5c071992486d096ad475226e92b6db06c351e3a4ad4e4949248
APT28_2015-12_Bitdefender_In-depth_analysis_of_APT28â€"The_Political_Cyber-EspionageCB796F2986700DF9CE7D8F8D7A3F47F2EB4DF682_xp.exe_APT2878450806e56b1f224d00455efcd04ce3b29a16ec907997e523f97e77b885d4a8c19cb81b1abf6ee51eee54f37eecf3ff
APT28_2015-12_Bitdefender_In-depth_analysis_of_APT28â€"The_Political_Cyber-EspionageF080E509C988A9578862665B4FCF1E4BF8D77C3E_Linux.Fysbis.A_ksysdefd_elf_APT28075b6695ab63f36af65f7ffd45cccd3902c7cf55fd5c5809ce2dce56085ba43795f2480423a4256537bfdfda0df85592
APT28_2015-12_Bitdefender_In-depth_analysis_of_APT28â€"The_Political_Cyber-EspionageSIMILAR
SIMILAR356d03f6975f443d6db6c5069d778af9_exe_356d03f6975f443d6db6c5069d778af93f14fc9c29763da76dcbc8a2aaa61658781d1b215ee322a0ebfa554d8658d22b
SIMILAR78450806e56b1f224d00455efcd04ce3_xp.exe_APT2878450806e56b1f224d00455efcd04ce3b29a16ec907997e523f97e77b885d4a8c19cb81b1abf6ee51eee54f37eecf3ff
SIMILARe49bce75070a7a3c63a7cebb699342b3_CVE-2014-4076_tan.exe_e49bce75070a7a3c63a7cebb699342b316d49a40333f584b19606733b4deef1b9ecace2c32950010ad1450b44ce3716e
APT28APT28_2015-12_Kaspersky_Sofacy APT hits high profile targets
APT28_2015-12_Kaspersky_Sofacy APT hits high profile targets1A4F39C0262822B0623213B8ED3F56DEE0117CD59_tf394kv.dll_8c4d896957c36ec4abeb07b2802268b96cd30c85dd8a64ca529c6eab98a757fb326de639a39b597414d5340285ba91c6
APT28_2015-12_Kaspersky_Sofacy APT hits high profile targets1A4F39C0262822B0623213B8ED3F56DEE0117CD5_tf394kv.dll_8c4d896957c36ec4abeb07b2802268b96cd30c85dd8a64ca529c6eab98a757fb326de639a39b597414d5340285ba91c6
APT28_2015-12_Kaspersky_Sofacy APT hits high profile targets314EF7909CA0ED3A744D2F59AB5AC8B8AE259319.dll_(4.3)AZZYimplants-USBStealerf6f88caf49a3e32174387cacfa144a89e917166adf6e1135444f327d8fff6ec6c6a8606d65dda4e24c2f416d23b69d45
APT28_2015-12_Kaspersky_Sofacy APT hits high profile targets3E2E245B635B04F006A0044388BD968DF9C3238C_IGFSRVC.dll_USBStealerce151285e8f0e7b2b90162ba171a4b904e4606313c423b681e11110ca5ed3a2b2632ec6c556b7ab9642372ae709555f3
APT28_2015-12_Kaspersky_Sofacy APT hits high profile targets776C04A10BDEEC9C10F51632A589E2C52AABDF48_USBGuard.exe_8cb08140ddb00ac373d29d37657a03cc690b483751b890d487bb63712e5e79fca3903a5623f22416db29a0193dc10527
APT28_2015-12_Kaspersky_Sofacy APT hits high profile targetsAF86743852CC9DF557B62485715AF4C6D73644D3_AZZY4.3installerc3ae4a37094ecfe95c2badecf40bf5bb67ecc3b8c6057090c7982883e8d9d0389a8a8f6e8b00f9e9b73c45b008241322
APT28_2015-12_Kaspersky_Sofacy APT hits high profile targetsC78FCAE030A66F388BF8CEA569422F5A79B7B96C_tmpdt.tmp_(4.3)AZZYimplantce8b99df8642c065b6af43fde1f786a31bab1a3e0e501d3c14652ecf60870e483ed4e90e500987c35489f17a44fef26c
APT28_2015-12_Kaspersky_Sofacy APT hits high profile targetsC78FCAE030A66F388BF8CEA569422F5A79B7B96C_tmpdt.tmp__ce8b99df8642c065b6af43fde1f786a31bab1a3e0e501d3c14652ecf60870e483ed4e90e500987c35489f17a44fef26c
APT28_2015-12_Kaspersky_Sofacy APT hits high profile targetsE251B3EB1449F7016DF78D113571BEA57F92FC36c_servicehost.dll_USBStealer8b238931a7f64fddcad3057a96855f6c92dcb0d8394d0df1064e68d90cd90a6ae5863e91f194cbaac85ec21c202f581f
APT28_2015-12_Kaspersky_Sofacy APT hits high profile targetsE3B7704D4C887B40A9802E0695BAE379358F3BA0_Stand-aloneAZZYbackdoora96f4b8ac7aa9dbf4624424b7602d4f7a9dc96d45702538c2086a749ba2fb467ba8d8b603e513bdef62a024dfeb124cb
APT28_2015-12_Kaspersky_Sofacy APT hits high profile targetsF325970FD24BB088F1BEFDAE5788152329E26BF3_SupUpNvidia.exe_USBStealer0369620eb139c3875a62e36bb7abdae8b1f2d461856bb6f2760785ee1af1a33c71f84986edf7322d3e9bd974ca95f92d
APT28APT28_2015_06_Microsoft_Security_Intelligence_Report_V19
APT28_2015_06_Microsoft_Security_Intelligence_Report_V190450AAF8ED309CA6BAF303837701B5B23AAC6F05_servicehost.dll_800af1c9d341b846a856a1e686be6a3e566ab945f61be016bfd9e83cc1b64f783b9b8deb891e6d504d3442bc8281b092
APT28_2015_06_Microsoft_Security_Intelligence_Report_V191535D85BEE8A9ADB52E8179AF20983FB0558CCB3.exe_4ac8d16ff796e825625ad1861546e2e88c488b029188e3280ed3614346575a4a390e0dda002bca08c0335210a6202949
APT28APT28_2016-02_PaloAlto_Fysbis Sofacy Linux Backdoor
APT28_2016-02_PaloAlto_Fysbis Sofacy Linux Backdoor9444D2B29C6401BC7C2D14F071B11EC9014AE040_Fysbis_elf_364ff454dcf00420cff13a57bcb784678bca0031f3b691421cb15f9c6e71ce193355d2d8cf2b190438b6962761d0c6bb
APT28_2016-02_PaloAlto_Fysbis Sofacy Linux BackdoorA Look Into Fysbis_ Sofacy’s Linux Backdoor - Palo Alto Networks Blog.pdf9a6b771c934415f74a203e0dfab9edbe1b6c3e6ef673f14536ff8d7c2bf18f9358a9a7f8962a24e2255f54ac451af86c
APT28_2016-02_PaloAlto_Fysbis Sofacy Linux BackdoorECDDA7ACA5C805E5BE6E0AB2017592439DE7E32C_ksysdefd_elfe107c5c84ded6cd9391aede7f04d64c8fd8b2ea9a2e8a67e4cb3904b49c789d57ed9b1ce5bebfe54fe3d98214d6a0f61