ioc[.]one - OSINT Cyber Threat Intelligence Database

Indicators of Compromise for Malware used by APT28

Show in Graph

Common Information

Type	Value
UUID	490f85c9-355d-4a7e-8dd0-0331b2b21453
Fingerprint	0c1ad275459a1b0738b1cc0a9caa815062719641414740e5bddff518f7307c0c
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 3, 2018, 4:12 p.m.
Added to db	April 14, 2024, 1:24 a.m.
Last updated	Aug. 31, 2024, 3:52 a.m.
Headline	Indicators of Compromise for Malware used by APT28
Title	Indicators of Compromise for Malware used by APT28
Detected Hints/Tags/Attributes	69/3/123

Source URLs

	Redirection	Url
Details	Source	https://www.thecssc.com/wp-content/uploads/2018/10/4OctoberIOC-APT28-malware-advisory.pdf

URL Provider

Details	Provider	Source level domain
Details	thecssc.com	www.thecssc.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	malaytravelgroup.com
Details	Domain	1	worldimagebucket.com
Details	Domain	1	fundseats.com
Details	Domain	1	globaltechengineers.org
Details	Domain	1	beststreammusic.com
Details	Domain	1	thepiratecinemaclub.org
Details	Domain	1	coindmarket.com
Details	Domain	1	creekcounty.net
Details	Domain	1	virtsvc.com
Details	Domain	1	moderntips.org
Details	Domain	1	daysheduler.org
Details	Domain	1	escochart.com
Details	Domain	1	loungecinemaclub.com
Details	Domain	1	genericnetworkaddress.com
Details	Domain	1	bulgariatripholidays.com
Details	Domain	1	georgia-travel.org
Details	Domain	1	bbcweather.org
Details	Domain	1	politicweekend.com
Details	Domain	1	truefashionnews.com
Details	Domain	1	protonhardstorage.com
Details	Domain	1	moldtravelgroup.com
Details	Domain	1	iboxmit.com
Details	Domain	1	brownvelocity.org
Details	Domain	1	pointtk.com
Details	Domain	1	narrowpass.net
Details	Domain	1	powernoderesources.com
Details	Domain	1	topcinemaclub.com
Details	Domain	119	yandex.ru
Details	Domain	2	namequery.com
Details	Domain	1	dnssearch.org
Details	Domain	1	fnbcorporate.co.za
Details	Domain	1	picturecrawling.com
Details	Domain	98	www.ncsc.gov.uk
Details	Domain	1	www.iad.gov
Details	Domain	5	www.asd.gov.au
Details	File	2	chost.exe
Details	File	1	msoutlook.dll
Details	File	3	outlook.dll
Details	File	1	gpu.dll
Details	File	1	lncstnt.exe
Details	File	2	+.tmp
Details	File	1	and-defenses.cfm
Details	File	1	securing-powershell.htm
Details	md5	1	8dbe37dfb0d498f96fb7f1e09e9e5c8f
Details	md5	1	5086989639aed17227b8d6b041ef3163
Details	sha1	1	46e2957e699fae6de1a212dd98ba4e2bb969497d
Details	sha1	1	c53930772beb2779d932655d6c3de5548810af3d
Details	sha1	1	fa695e88c87843ca0ba9fc04b176899ff90e9ac5
Details	sha1	1	046a8adc2ef0f68107e96babc59f41b6f0a57803
Details	sha1	1	913ac13ff245baeff843a99dc2cbc1ff5f8c025c
Details	sha1	1	b758c7775d9bcdc0473fc2e738b32f05b464b175
Details	sha1	1	3e7dfe9a8d5955a825cb51cb6eec0cd07c569b41
Details	IPv4	1	139.5.177.205
Details	IPv4	1	80.255.6.15
Details	IPv4	1	89.34.111.107
Details	IPv4	1	86.106.131.229
Details	IPv4	1	139.5.177.206
Details	IPv4	1	185.181.102.203
Details	IPv4	1	185.181.102.204
Details	IPv4	3	169.239.129.31
Details	IPv4	1	213.252.247.112
Details	IPv4	1	185.86.148.15
Details	IPv4	1	89.45.67.110
Details	IPv4	1	185.86.150.205
Details	IPv4	1	193.37.255.10
Details	IPv4	1	195.12.50.171
Details	IPv4	1	51.38.128.110
Details	IPv4	1	185.144.83.124
Details	IPv4	1	185.216.35.10
Details	IPv4	1	185.94.192.122
Details	IPv4	1	185.216.35.7
Details	IPv4	1	103.253.41.124
Details	IPv4	1	185.189.112.195
Details	IPv4	1	185.230.124.246
Details	IPv4	1	87.120.254.106
Details	IPv4	1	77.81.98.122
Details	IPv4	1	89.34.111.132
Details	IPv4	1	46.21.147.55
Details	IPv4	1	103.208.86.57
Details	IPv4	1	185.128.24.104
Details	IPv4	1	145.239.67.8
Details	IPv4	1	185.210.219.250
Details	IPv4	1	86.105.9.174
Details	IPv4	1	185.86.151.2
Details	IPv4	1	46.21.147.76
Details	IPv4	1	46.21.147.71
Details	IPv4	1	162.208.10.66
Details	IPv4	2	185.86.151.104
Details	IPv4	2	185.86.149.116
Details	IPv4	2	86.106.131.54
Details	IPv4	1	185.181.102.201
Details	IPv4	1	179.43.158.20
Details	IPv4	1	85.204.124.77
Details	IPv4	2	185.86.148.184
Details	IPv4	1	185.183.107.40
Details	IPv4	2	185.94.191.65
Details	IPv4	1	94.177.12.150
Details	IPv4	1	54.37.104.106
Details	IPv4	2	93.113.131.103
Details	IPv4	1	169.239.129.121
Details	IPv4	1	169.239.128.133
Details	IPv4	1	23.163.0.59
Details	IPv4	1	86.105.1.123
Details	IPv4	1	185.86.149.218
Details	IPv4	1	185.145.128.80
Details	IPv4	1	89.37.226.106
Details	IPv4	1	94.177.12.238
Details	IPv4	1	176.223.111.243
Details	IPv4	1	172.104.21.26
Details	IPv4	1	188.241.68.118
Details	IPv4	1	89.45.67.153
Details	IPv4	2	185.25.50.93
Details	IPv4	1	45.124.132.127
Details	Threat Actor Identifier - APT	783	APT28
Details	Url	1	https://www.ncsc.gov.uk/guidance/mitigating-malware
Details	Url	1	https://www.ncsc.gov.uk/guidance/preventing-lateral-
Details	Url	1	https://www.ncsc.gov.uk/guidance/eud-security-guidance-windows-10-1703.
Details	Url	1	https://www.iad.gov/iad/library/ia-guidance/security-tips/powershell-security-risks-
Details	Url	1	https://www.asd.gov.au/publications/protect/securing-powershell.htm
Details	Url	1	https://www.ncsc.gov.uk/guidance/end-user-device-security
Details	Url	1	https://www.ncsc.gov.uk/guidance/macro-security-microsoft-office
Details	Url	5	https://www.ncsc.gov.uk/phishing
Details	Url	1	https://www.ncsc.gov.uk/guidance/introduction-logging-security-purposes