Malware Analysis IOC of APT task


New Member
Thread author
May 22, 2022
I am new to cybersecurity and I have a task to solve.
I should create an open .ioc file containing indicators of APT29 or APT39. (I should have minimum 5 indicator types).
My resource is
Could you help me where i can find reports containing IOC of APTs or some guide for the task.
(I found some information about IOC in, but its not enough)
  • Like
Reactions: Nevi and Jack


Level 85
Honorary Member
Top Poster
Content Creator
Malware Hunter
Aug 17, 2014
That may does help you, IOC related to APT29. As usual, you have to scroll down until the end of this report below...
1326932d63485e299ba8e03bfcd23057f7897c3ae0d26ed1235c4fb108adb105 TrailBlazer SHA256
2a3b660e19b56dad92ba45dd164d300e9bd9c3b17736004878f45ee23a0177acGoldMax SHA256
  • StellarParticle is a campaign tracked by CrowdStrike as related to the SUNSPOT implant from the SolarWinds intrusion in December 2020 and associated with COZY BEAR (aka APT29, “The Dukes”).
  • The StellarParticle campaign has continued against multiple organizations, with COZY BEAR using novel tools and techniques to complete their objectives, as identified by CrowdStrike incident responders and the CrowdStrike Intelligence team.
  • Browser cookie theft and Microsoft Service Principal manipulation are two of the novel techniques and tools leveraged in the StellarParticle campaign and are discussed in this blog.
  • Two sophisticated malware families were placed on victim systems in mid-2019: a Linux variant of GoldMax and a new implant dubbed TrailBlazer.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.