2018-02-20 A Slice of 2017 Sofacy Activity

📃Title: A Slice of 2017 Sofacy Activity
📅Date: 2018-02-20
🔗References:

• https://securelist.com/a-slice-of-2017-sofacy-activity/83930/

🔖Rectifyq Taxonomies:

• relevancy: 🔴 Highly Relevant
• category: ⚔Threat
• sub-category: TA-profile
• target: targeted
• MY-relevancy: relevant

🔖MISP Galaxies:

• producer Kaspersky
• threat-actor APT28
• malpedia=“Zebrocy (AutoIT)”
• target-information=“Australia”
• target-information=“Bosnia and Herzegovina”
• target-information=“China”
• target-information=“Finland”
• target-information=“Germany”
• target-information=“India”
• target-information=“Kazakhstan”
• target-information=“Lithuania”
• target-information=“Malaysia”
• target-information=“Mongolia”
• target-information=“Saudi Arabia”
• target-information=“South Africa”
• target-information=“Sweden”
• target-information=“Turkey”
• target-information=“Ukraine”
• target-information=“United Kingdom”
• target-information=“United States”
• sector=“Engineering”
• sector=“Government, Administration”
• sector=“Industrial”
• sector=“NGO”
• mitre-attack-pattern=[]

MISP event uuid: 8b442a0f-02e2-4f4a-a9f3-961ebfd751ae

Indicator of Compromise (IoCs)

type,value,comment
md5, 8f9f697aa6697acee70336f66f295837, 'No sample in VT\r\nLast check:06/05/2025'
md5, 1a4b9a6b321da199aa6d10180e889313, 'No sample in VT\r\nLast check:06/05/2025'
md5, 57601d717fcf358220340675f8d63c8a, 'No sample in VT\r\nLast check:06/05/2025'
md5, 85cd38f9e2c9397a18013a8921841a04, 'No sample in VT\r\nLast check:06/05/2025'
md5, aa2aac4606405d61c7e53140d35d7671, 'No sample in VT\r\nLast check:06/05/2025'
md5, 16e1ca26bc66e30bfa52f8a08846613d, 'No sample in VT\r\nLast check:06/05/2025'
md5, 237e6dcbc6af50ef5f5211818522c463, 'No sample in VT\r\nLast check:06/05/2025'
md5, b6f77273cbde76896a36e32b0c0540e1, 'No sample in VT\r\nLast check:06/05/2025'
md5, 139c9ac0776804714ebe8b8d35a04641, 'No sample in VT\r\nLast check:06/05/2025'
md5, 9a975e0ddd32c0deef1318c485358b20, 'No sample in VT\r\nLast check:06/05/2025'
md5, 529424eae07677834a770aaa431e6c54, 'No sample in VT\r\nLast check:06/05/2025'
md5, 4cafde8fa7d9e67194d4edd4f2adb92b, 'No sample in VT\r\nLast check:06/05/2025'
md5, 86b607fe63c76b3d808f84969cb1a781, 'No sample in VT\r\nLast check:06/05/2025'
domain, nethostnet.com, ''
domain, hostsvcnet.com, ''
domain, etcrem.net, ''
domain, movieultimate.com, ''
domain, newfilmts.com, ''
domain, fastdataexchange.org, ''
domain, liveweatherview.com, ''
domain, analyticsbar.org, ''
domain, analyticstest.net, ''
domain, lifeofmentalservice.com, ''
domain, meteost.com, ''
domain, righttopregnantpower.com, ''
domain, kiteim.org, ''
domain, adobe-flash-updates.org, ''
domain, generalsecurityscan.com, ''
domain, globalresearching.org, ''
domain, lvueton.com, ''
domain, audiwheel.com, ''
domain, online-reggi.com, ''
domain, fsportal.net, ''
domain, netcorpscanprotect.com, ''
domain, mvband.net, ''
domain, mvtband.net, ''
domain, viters.org, ''
domain, treepastwillingmoment.com, ''
domain, sendmevideo.org, ''
domain, satellitedeluxpanorama.com, ''
domain, ppcodecs.com, ''
domain, encoder-info.tk, ''
domain, wmdmediacodecs.com, ''
domain, postlkwarn.com, ''
domain, shcserv.com, ''
domain, versiontask.com, ''
domain, webcdelivery.com, ''
domain, miropc.org, ''
domain, securityprotectingcorp.com, ''
domain, uniquecorpind.com, ''
domain, appexsrv.net, ''
domain, adobeupgradeflash.com, ''

Full IOCs available in Rectifyq's MISP```