Rewterz Threat Alert – APT28 (FancyBear) Attacks on NATO and Central Asian Targets - Rewterz
Common Information
Type Value
UUID d22dc6f1-d180-4a21-8ae5-412c43469af2
Fingerprint 9fb4828ded974649
Analysis status DONE
Considered CTI value 2
Text language
Published Oct. 27, 2020, 3:44 p.m.
Added to db Dec. 19, 2024, 6:51 a.m.
Last updated Dec. 23, 2024, 9:07 p.m.
Headline Rewterz Threat Alert – APT28 (FancyBear) Attacks on NATO and Central Asian Targets
Title Rewterz Threat Alert – APT28 (FancyBear) Attacks on NATO and Central Asian Targets - Rewterz
Detected Hints/Tags/Attributes 32/2/53
Attributes
Details Type #Events CTI Value
Details Domain 66
vb.net
Details File 2
c:\users\purple\appdata\roaming\controller\scrssl.exe
Details md5 4
b66c2aa25d1f9056f09d0a158d20faef
Details md5 2
fafd702197d758ce2687706336750660
Details md5 3
d5e45a9db7f739979105e000d042f1fe
Details md5 2
c74aa42b41ec44571a3f4e167b01c53c
Details md5 2
93150535f9dcd9f7e169e255264c787a
Details md5 1
d21a025e6ba0db784abb1d086b67d3df
Details md5 2
98e304e28a51acd92a363346c2b02b2f
Details md5 2
72552ef22b484f8868dab10b0f605779
Details md5 2
573247af55b015d48ab7f6d7d0d6f1db
Details md5 1
8103bffc16f8fb3e55028a62e1a004f8
Details md5 2
a14c1fd7b59b34515e6a8a286114c48f
Details md5 3
855005fee45e71c36a466527c7fad62f
Details md5 2
c4a0448925980eacbd22c2dd4869a1c7
Details md5 1
009f073f66b24677cf7ad66818fe4509
Details md5 2
3792380fd7512cc2ec9b28a686edb0e9
Details sha1 2
537224111b8e5bdce214d408c07774894ae3ea24
Details sha1 1
bad14008dfcb7ea3b86e4568e4c1c707c88ab20e
Details sha1 2
99c6c6fb3ff79680f8cefeaee0b019993e05fa0d
Details sha1 1
57bd3192b98c610c53de79f40efe93efa96e6d58
Details sha1 1
bef9c4e3eac1062d0271e25b4b36d404bf3b3636
Details sha1 1
c9fba83b6a918ccf8aeb3b5522ee28e0065aaa92
Details sha1 1
3dc62f224d812a3a958fa766ff6d175579856743
Details sha1 2
40ef7b08f271cee4482f01b820d1c54e0fdf9d89
Details sha1 1
9b717d50ee312b4841b919fcbe5c129610980b03
Details sha1 1
77857a6a78f87fd2871ab3077e87e006eaff54e7
Details sha1 2
d7bf3ea3966f0399acfc3886ec66a7ca4d1675bf
Details sha1 2
bfe3e62770c8a4479d19ee4208410199b7484924
Details sha1 1
c76b54eecba442f800d899f2da4a7b5a8d8595be
Details sha1 1
da1df0dbfe05486e518ed73b567e4b1635638f5a
Details sha1 1
6306fdf3d5bdde6a354fc6329541bf43f118cab1
Details sha256 2
e6e19633ba4572b49b47525b5a873132dfeb432f075fbba29831f1bc59d5885d
Details sha256 1
468b11cbd5710e6a2c7b9ff9409f8310f1cd59707e39b73cf21cb690cca8b287
Details sha256 3
aac3b1221366cf7e4421bdd555d0bc33d4b92d6f65fa58c1bb4d8474db883fec
Details sha256 1
d61350d77b7762bfe9ecb1d0a660c69d9854192ab69967743c3d86cd2623b7f9
Details sha256 1
1c12cf14d3dbdefd069635d57673258839bf95407674bea01f8d8f9801560dde
Details sha256 1
d3fe567f183be17370a7a3f034ba2722c760d34e6b40aace4a2b606294373efb
Details sha256 1
7f698295230f59c7ca8193322eb48d71cd203f3675139f2da99e326589bfdad3
Details sha256 4
6449d0cb1396d6feba7fb9e25fb20e9a0a5ef3e8623332844458d73057cf04a1
Details sha256 1
07e0b509288c501c57cc8f11b88ac8c06e379b01b74cd910d93cfdff1f9dd7ec
Details sha256 3
eb81c1be62f23ac7700c70d866e84f5bc354f88e6f7d84fd65374f84e252e76b
Details sha256 3
fae335a465bb9faac24c58304a199f3bf9bb1b0bd07b05b18e2be6b9e90d72e6
Details sha256 4
d5d9210ef49c6780016536b0863cc50f6de03f73e70c2af46cc3cff0e2bf9353
Details sha256 1
e39aa9b3c9b95311fe951541f733972858fe724fb5265247f2b6b37ff97356ef
Details sha256 1
45bf0e2037b43478e39a06ab23ac5d7a7156c37f8dc38e8da482078bdfe672c5
Details sha256 1
3c93800b31bf6c2897ce2d8ce363c33f3a9cf468adfaa5b0c507de6084970b49
Details IPv4 2
31.7.62.103
Details IPv4 5
194.32.78.245
Details Threat Actor Identifier - APT-C 10
APT-C-20
Details Threat Actor Identifier - APT 917
APT28
Details Url 2
http://31.7.62.103/tleaw.php
Details Url 2
http://194.32.78.245//protect/get-upd-id.php