Categories
Cyberwar IOC

Latest Indicators of compromise for malware used by APT28

Advanced Persistent Threat group, APT28 (also known as Fancy Bear, Pawn Storm, the Sednit Gang and Sofacy), is a highly skilled threat actor, best known for its disruptive cyber activity against the US Democratic National Committee (DNC) and the French channel TV5 Monde.

The PDF

This is a technical advisory on the threat actor APT28, written for the network defender community.

Example of the Snort rules provided in the PDF

It provides an overview of the actor and information about associated malware and tooling, with indicators of compromise and signatures that can be used to detect potential presence of the actor on a network.

It concludes with mitigation guidelines for protecting networks against activity by APT28 and other hostile actors.

Download the PDF which contains the APT28 Indicators of Compromise

NCSC_APT28_v2

Source of the IOC:

  • https://www.ncsc.gov.uk/alerts/indicators-compromise-malware-used-apt28

By CWZ

Founder of Cyberwarzone.com.