Malware Analysis IOC of APT task

D

didodid

New Member
Thread author
May 22, 2022
1
Hello,
I am new to cybersecurity and I have a task to solve.
I should create an open .ioc file containing indicators of APT29 or APT39. (I should have minimum 5 indicator types).
My resource is https://www.fireeye.com/services/freeware/ioc-editor.html
Could you help me where i can find reports containing IOC of APTs or some guide for the task.
(I found some information about IOC in Mandiant.com, but its not enough)
 
  • Like
Reactions: Nevi and Jack
silversurfer

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,171
That may does help you, IOC related to APT29. As usual, you have to scroll down until the end of this report below...
IndicatorDetails
1326932d63485e299ba8e03bfcd23057f7897c3ae0d26ed1235c4fb108adb105 TrailBlazer SHA256
2a3b660e19b56dad92ba45dd164d300e9bd9c3b17736004878f45ee23a0177acGoldMax SHA256
Click to expand...
  • StellarParticle is a campaign tracked by CrowdStrike as related to the SUNSPOT implant from the SolarWinds intrusion in December 2020 and associated with COZY BEAR (aka APT29, “The Dukes”).
  • The StellarParticle campaign has continued against multiple organizations, with COZY BEAR using novel tools and techniques to complete their objectives, as identified by CrowdStrike incident responders and the CrowdStrike Intelligence team.
  • Browser cookie theft and Microsoft Service Principal manipulation are two of the novel techniques and tools leveraged in the StellarParticle campaign and are discussed in this blog.
  • Two sophisticated malware families were placed on victim systems in mid-2019: a Linux variant of GoldMax and a new implant dubbed TrailBlazer.
Click to expand...
www.crowdstrike.com

StellarParticle Campaign: Novel Tactics and Techniques | CrowdStrike

This blog discusses the StellarParticle campaign and the novel tactics and techniques used in supply chain attacks observed by CrowdStrike incident responders.
www.crowdstrike.com www.crowdstrike.com
 
  • Like
Reactions: vtqhtr413, Nevi, didodid and 1 other person

Similar threads

Lymphocyte
    • Like
Security News North Korean hackers linked to defense sector supply-chain attack
Replies
0
Views
1,226
Security News
Lymphocyte
Lymphocyte
Bot
    • Like
    • HaHa
    • Applause
New Update Introducing Norton Genie!
Replies
6
Views
1,316
Norton
Jengo
Jengo
Bot
    • Like
Releasing Windows 11 Build 22621.1776 to the Release Preview Channel
Replies
0
Views
487
Windows 11
Bot
Bot

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top