Rectifyq📃Title: A Slice of 2017 Sofacy Activity
📅Date: 2018-02-20
🔗References:
🔖Rectifyq Taxonomies:
- relevancy: 🔴 Highly Relevant
- category: ⚔Threat
- sub-category: TA-profile
- target: targeted
- MY-relevancy: relevant
🔖MISP Galaxies:
- producer= Kaspersky
- threat-actor= APT28
- malpedia=“Zebrocy (AutoIT)”
- target-information=“Australia”
- target-information=“Bosnia and Herzegovina”
- target-information=“China”
- target-information=“Finland”
- target-information=“Germany”
- target-information=“India”
- target-information=“Kazakhstan”
- target-information=“Lithuania”
- target-information=“Malaysia”
- target-information=“Mongolia”
- target-information=“Saudi Arabia”
- target-information=“South Africa”
- target-information=“Sweden”
- target-information=“Turkey”
- target-information=“Ukraine”
- target-information=“United Kingdom”
- target-information=“United States”
- sector=“Engineering”
- sector=“Government, Administration”
- sector=“Industrial”
- sector=“NGO”
- mitre-attack-pattern=[]
MISP event uuid: 8b442a0f-02e2-4f4a-a9f3-961ebfd751ae
Indicator of Compromise (IoCs)
type,value,comment
md5, 842454b48f5f800029946b1555fba7fc, ''
md5, d4a5d44184333442f5015699c2b8af28, ''
md5, 1421419d1be31f1f9ea60e8ed87277db, ''
md5, b1d1a2c64474d2f6e7a5db71ccbafa31, ''
md5, 953c7321c4959655fdd53302550ce02d, ''
md5, 02b79c468c38c4312429a499fa4f6c81, ''
md5, f8e92d8b5488ea76c40601c8f1a08790, ''
md5, 66b4fb539806ce27be184b6735584339, ''
md5, e8e1fcf757fe06be13bead43eaa1338c, ''
md5, b137c809e3bf11f2f5d867a6f4215f95, ''
md5, 88009adca35560810ec220544e4fb6aa, ''
md5, 2163a33330ae5786d3e984db09b2d9d2, ''
md5, b88633376fbb144971dcb503f72fd192, ''
md5, 9b10685b774a783eabfecdb6119a8aa3, ''
md5, aa34fb2e5849bff4144a1c98a8158970, ''
md5, aced5525ba0d4f44ffd01c4db2730a34, ''
md5, b924ff83d9120d934bb49a7a2e3c4292, ''
md5, cdb58c2999eeda58a9d0c70f910d1195, ''
md5, d6f2bf2066e053e58fe8bcd39cb2e9ad, ''
md5, 34dc9a69f33ba93e631cd5048d9f2624, ''
md5, 1c6f8eba504f2f429abf362626545c79, ''
md5, e228cd74103dc069663bb87d4f22d7d5, ''
md5, bed5bc0a8aae2662ea5d2484f80c1760, ''
md5, 8c3f5f1fff999bc783062dd50357be79, ''
md5, 5882a8dd4446abd137c05d2451b85fea, ''
md5, 296c956fe429cedd1b64b78e66797122, ''
md5, 82f06d7157dd28a75f1fbb47728aea25, ''
md5, f6b2ef4daf1b78802548d3e6d4de7ba7, ''
md5, ede5d82bb6775a9b1659dccb699fadcb, ''
md5, 116d2fc1665ce7524826a624be0ded1c, ''
md5, 20ff290b8393f006eaf4358f09f13e99, ''
md5, 4b02dfdfd44df3c88b0ca8c2327843a4, ''
md5, c789ec7537e300411d523aef74407a5e, ''
md5, 0b32e65caf653d77cab2a866ee2d9dbc, ''
md5, 27faa10d1bec1a25f66e88645c695016, ''
md5, 647edddf61954822ddb7ab3341f9a6c5, ''
md5, 2f04b8eb993ca4a3d98607824a10acfb, ''
md5, 9fe3a0fb3304d749aeed2c3e2e5787eb, ''
md5, 62deab0e5d61d6bf9e0ba83d9e1d7e2b, ''
md5, f62182cf0ab94b3c97b0261547dfc6cf, ''
md5, 504182aaa5575bb38bf584839beb6d51, ''
md5, d79a21970cad03e22440ea66bd85931f, ''
md5, 8f9f697aa6697acee70336f66f295837, 'No sample in VT\r\nLast check:06/05/2025'
md5, 1a4b9a6b321da199aa6d10180e889313, 'No sample in VT\r\nLast check:06/05/2025'
md5, 57601d717fcf358220340675f8d63c8a, 'No sample in VT\r\nLast check:06/05/2025'
md5, 85cd38f9e2c9397a18013a8921841a04, 'No sample in VT\r\nLast check:06/05/2025'
md5, aa2aac4606405d61c7e53140d35d7671, 'No sample in VT\r\nLast check:06/05/2025'
md5, 16e1ca26bc66e30bfa52f8a08846613d, 'No sample in VT\r\nLast check:06/05/2025'
md5, 237e6dcbc6af50ef5f5211818522c463, 'No sample in VT\r\nLast check:06/05/2025'
md5, b6f77273cbde76896a36e32b0c0540e1, 'No sample in VT\r\nLast check:06/05/2025'
md5, 139c9ac0776804714ebe8b8d35a04641, 'No sample in VT\r\nLast check:06/05/2025'
md5, 9a975e0ddd32c0deef1318c485358b20, 'No sample in VT\r\nLast check:06/05/2025'
md5, 529424eae07677834a770aaa431e6c54, 'No sample in VT\r\nLast check:06/05/2025'
md5, 4cafde8fa7d9e67194d4edd4f2adb92b, 'No sample in VT\r\nLast check:06/05/2025'
md5, 86b607fe63c76b3d808f84969cb1a781, 'No sample in VT\r\nLast check:06/05/2025'
domain, nethostnet.com, ''
domain, hostsvcnet.com, ''
domain, etcrem.net, ''
domain, movieultimate.com, ''
domain, newfilmts.com, ''
domain, fastdataexchange.org, ''
domain, liveweatherview.com, ''
domain, analyticsbar.org, ''
domain, analyticstest.net, ''
domain, lifeofmentalservice.com, ''
domain, meteost.com, ''
domain, righttopregnantpower.com, ''
domain, kiteim.org, ''
domain, adobe-flash-updates.org, ''
domain, generalsecurityscan.com, ''
domain, globalresearching.org, ''
domain, lvueton.com, ''
domain, audiwheel.com, ''
domain, online-reggi.com, ''
domain, fsportal.net, ''
domain, netcorpscanprotect.com, ''
domain, mvband.net, ''
domain, mvtband.net, ''
domain, viters.org, ''
domain, treepastwillingmoment.com, ''
domain, sendmevideo.org, ''
domain, satellitedeluxpanorama.com, ''
domain, ppcodecs.com, ''
domain, encoder-info.tk, ''
domain, wmdmediacodecs.com, ''
domain, postlkwarn.com, ''
domain, shcserv.com, ''
domain, versiontask.com, ''
domain, webcdelivery.com, ''
domain, miropc.org, ''
domain, securityprotectingcorp.com, ''
domain, uniquecorpind.com, ''
domain, appexsrv.net, ''
domain, adobeupgradeflash.com, ''
Full IOCs available in Rectifyq’s MISP