The CozyDuke APT
Tags
Common Information
| Type | Value |
|---|---|
| UUID | a37990fe-5f2e-4fc8-918d-f0e921de5f20 |
| Fingerprint | 3c08921a200d046c |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | April 21, 2015, 8:50 p.m. |
| Added to db | Jan. 18, 2023, 9:40 p.m. |
| Last updated | Nov. 17, 2024, 9:42 p.m. |
| Headline | The CozyDuke APT |
| Title | The CozyDuke APT |
| Detected Hints/Tags/Attributes | 88/3/105 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | diplomacy.pl |
|
| Details | Domain | 6 | video.zip |
|
| Details | Domain | 1 | www.sanjosemaristas.com |
|
| Details | Domain | 1 | www.getiton.hants.org.uk |
|
| Details | Domain | 1 | www.seccionpolitica.com.ar |
|
| Details | File | 1 | diplomacy.pl |
|
| Details | File | 6 | video.zip |
|
| Details | File | 3 | monkeys.exe |
|
| Details | File | 9 | player.exe |
|
| Details | File | 3 | amdhcp32.dll |
|
| Details | File | 3 | aticaldd.dll |
|
| Details | File | 2 | atiumdag.dll |
|
| Details | File | 2 | racss.dat |
|
| Details | File | 1018 | rundll32.exe |
|
| Details | File | 1 | amdocl_as32.exe |
|
| Details | File | 1 | dataati_subsystemamdocl_as32.exe |
|
| Details | File | 1 | dataati_subsystematiumdag.dll |
|
| Details | File | 1205 | index.php |
|
| Details | File | 3 | settings.db |
|
| Details | File | 1 | sdfg3d.db |
|
| Details | File | 1 | cmd_task.dll |
|
| Details | File | 1 | screenshot_task.dll |
|
| Details | File | 1 | conf.xml |
|
| Details | File | 1 | dcom_amdocl_ld_api_.raw |
|
| Details | File | 1 | last_amdpcom_subsystem_.max |
|
| Details | File | 5 | 7.txt |
|
| Details | File | 3 | cache.dll |
|
| Details | File | 5 | chromeupdate.exe |
|
| Details | File | 6 | links.php |
|
| Details | File | 47 | api.php |
|
| Details | File | 13 | error.php |
|
| Details | File | 41 | profile.php |
|
| Details | File | 4 | online.php |
|
| Details | File | 7 | loader.php |
|
| Details | File | 61 | search.php |
|
| Details | File | 1 | show.dll |
|
| Details | File | 1 | usercache.dll |
|
| Details | File | 15 | update.dll |
|
| Details | File | 10 | 8.zip |
|
| Details | File | 1 | doc853.pdf |
|
| Details | File | 1 | droppedhppscan854.pdf |
|
| Details | File | 1 | 3852.pdf |
|
| Details | File | 1 | 5463.pdf |
|
| Details | File | 3 | wp-ajax.php |
|
| Details | File | 5 | mobile.php |
|
| Details | File | 24 | news.php |
|
| Details | File | 3 | json.php |
|
| Details | File | 8 | rss.php |
|
| Details | File | 3 | twitter.php |
|
| Details | File | 1 | msearch.php |
|
| Details | File | 1 | fsearch.php |
|
| Details | File | 38 | ajax.php |
|
| Details | md5 | 1 | 68271df868f462c06e24a896a9494225 |
|
| Details | md5 | 3 | 95b3ec0a4e539efaa1faa3d4e25d51de |
|
| Details | md5 | 3 | 2aabd78ef11926d7b562fd0d91e68ad3 |
|
| Details | md5 | 3 | 3d3363598f87c78826c859077606e514 |
|
| Details | md5 | 3 | 6761106f816313394a653db5172dc487 |
|
| Details | md5 | 3 | d596827d48a3ff836545b3a999f2c3e3 |
|
| Details | md5 | 3 | bc626c8f11ed753f33ad1c0fe848d898 |
|
| Details | md5 | 1 | 4152e79e3dbde55dcf3fc2014700a022 |
|
| Details | md5 | 1 | 59704bc8bedef32709ab1128734aa846 |
|
| Details | md5 | 1 | 5d8835982d8bfc8b047eb47322436c8a |
|
| Details | md5 | 1 | e0b6f0d368c81a0fb197774d0072f759 |
|
| Details | md5 | 3 | c8eb6040fd02d77660d19057a38ff769 |
|
| Details | md5 | 1 | 2e0361fd73f60c76c69806205307ccac |
|
| Details | md5 | 3 | 9e3f3b5e9ece79102d257e8cf982e09e |
|
| Details | md5 | 3 | 62c4ce93050e48d623569c7dcc4d0278 |
|
| Details | md5 | 3 | a5d6ad8ad82c266fda96e076335a5080 |
|
| Details | md5 | 3 | 93176df76e351b3ea829e0e6c6832bdf |
|
| Details | md5 | 3 | 7688be226b946e231e0cd36e6b708d20 |
|
| Details | md5 | 3 | fd8e27f820bdbdf6cb80a46c67fd978a |
|
| Details | md5 | 3 | 9ad55b83f2eec0c19873a770b0c86a2f |
|
| Details | md5 | 3 | f16dff8ec8702518471f637eb5313ab2 |
|
| Details | md5 | 3 | 8670710bc9477431a01a576b6b5c1b2a |
|
| Details | md5 | 3 | f58a4369b8176edbde4396dc977c9008 |
|
| Details | md5 | 3 | 83f57f0116a3b3d69ef7b1dbe9943801 |
|
| Details | md5 | 3 | b5553645fe819a93aafe2894da13dae7 |
|
| Details | md5 | 3 | acffb2823fc655637657dcbd25f35af8 |
|
| Details | md5 | 3 | 1a42acbdb285a7fba17f95068822ea4e |
|
| Details | md5 | 3 | d543904651b180fd5e4dc1584e639b5e |
|
| Details | md5 | 1 | d7af9a4010c75af6756a603fd6aef5a4 |
|
| Details | md5 | 3 | f2b05e6b01be3b6cb14e9068e7a66fc1 |
|
| Details | md5 | 3 | 57a1f0658712ee7b3a724b6d07e97259 |
|
| Details | md5 | 3 | eb22b99d44223866e24872d80a4ddefd |
|
| Details | md5 | 3 | 90bd910ee161b71c7a37ac642f910059 |
|
| Details | md5 | 3 | 1a262a7bfecd981d7874633f41ea5de8 |
|
| Details | md5 | 3 | 98a6484533fa12a9ba6b1bd9df1899dc |
|
| Details | md5 | 3 | 7f6bca4f08c63e597bed969f5b729c56 |
|
| Details | md5 | 3 | 08709ef0e3d467ce843af4deb77d74d5 |
|
| Details | IPv4 | 2 | 209.200.83.43 |
|
| Details | IPv4 | 1 | 121.193.130.170 |
|
| Details | IPv4 | 1 | 183.78.169.5 |
|
| Details | IPv4 | 1 | 200.119.128.45 |
|
| Details | IPv4 | 1 | 200.125.133.28 |
|
| Details | IPv4 | 1 | 200.125.142.11 |
|
| Details | IPv4 | 1 | 201.76.51.10 |
|
| Details | IPv4 | 1 | 202.206.232.20 |
|
| Details | IPv4 | 1 | 202.76.237.216 |
|
| Details | IPv4 | 1 | 203.156.161.49 |
|
| Details | IPv4 | 1 | 208.75.241.246 |
|
| Details | IPv4 | 1 | 209.40.72.2 |
|
| Details | IPv4 | 1 | 210.59.2.20 |
|
| Details | IPv4 | 1 | 208.77.177.24 |
|
| Details | Threat Actor Identifier - APT | 783 | APT28 |
|
| Details | Url | 1 | http://www.sanjosemaristas.com/app/index.php?{a01ba0ad |