• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Qakbot (Qbot) Malware – Active IOCs
February 17, 2022
Rewterz Threat Advisory – CVE-2022-22945 – VMware NSX Data Center for vSphere Vulnerability
February 18, 2022

Rewterz Threat Alert – APT29 aka Nobelium – Active IOCs

February 18, 2022

Severity

High

Analysis Summary

APT29 is linked to Russia’s Foreign Intelligence Service (SVR). They have been targeting government networks in Europe and NATO member nations, research institutes, and think tanks since at least 2008. APT29 focuses on a single target, launching a payload in the first stage that investigates the area while establishing persistence. Also, the notorious Solar Wind attacks in 2020 were carried out by this group. In 2014, the APT29 group attacked commercial and government enterprises in Germany, Uzbekistan, South Korea, and the United States, including the US State Department and the White House.

They have also attacked many vaccine manufacturers in an attempt to undermine the Coronavirus pandemic response process. APT29 is also known as Nobelium, Dukes, Cozy Duke, EuroAPT, CozyBear, CozyCar, Office Monkeys, SeaDuke, Hammer Toss, Iron Hemlock, and Grizzly Steppe.

Image

Impact

  • Information Theft and Espionage
  • Exposure of Sensitive Data

Indicators of Compromise

Filename

  • Covid[.]html
  • Covid[.]iso
  • DeleteDateConnectionPosition[.]dll

MD5

  • 628799f1f8146038b488c9ed06799b93
  • 97fa94e60ccc91dcc6e5ee2848f48415
  • 37ea95f7fa8fb51446c18f9f3aa63df3

SHA-256

  • a896c2d16cadcdedd10390c3af3399361914db57bde1673e46180244e806a1d0
  • 3cb0d2cff9db85c8e816515ddc380ea73850846317b0bb73ea6145c026276948
  • 6ee1e629494d7b5138386d98bd718b010ee774fe4a4c9d0e069525408bb7b1f7

SHA-1

  • 5e52239e678018fc3c726e6cb946b9106a23d03d
  • 76700821e8604b4ff271ff2ec75e89d43a50e6ef
  • 246d49892298b850a8854b3bbdbbe516147f6fdd

Remediation

  • Block the threat indicators at their respective controls.
  • Search for IOCs in your environment.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.