The post contains malware samples analyzed in the APT28 reports linked below. I will post APT29 and others later.
List of References (and samples mentioned) listed from oldest to newest:
- APT28_2011-09_Telus_Trojan.Win32.Sofacy.A
- APT28_2014-08_MhtMS12-27_Prevenity
- APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.Operations
- APT28_2014-10_Telus_Coreshell.A
- APT28_2014-10_TrendMicro Operation Pawn Storm. Using Decoys to Evade Detection
- APT28_2015-07_Digital Attack on German Parliament
- APT28_2015-07_ESET_Sednit_meet_Hacking
- APT28_2015-07_Telus_Trojan-Downloader.Win32.Sofacy.B
- APT28_2015-09_Root9_APT28_Technical_Followup
- APT28_2015-09_SFecure_Sofacy-recycles-carberp-and-metasploit-code
- APT28_2015-10_New Adobe Flash Zero-Day Used in Pawn Storm
- APT28_2015-10_Root9_APT28_targets Financial Markets
- APT28_2015-12_Bitdefender_In-depth_analysis_of_APT28–The_Political_Cyber-Espionage
- APT28_2015-12_Kaspersky_Sofacy APT hits high profile targets
- APT28_2015_06_Microsoft_Security_Intelligence_Report_V19
- APT28_2016-02_PaloAlto_Fysbis Sofacy Linux Backdoor
- APT29_2016-06_Crowdstrike_Bears in the Midst Intrusion into the Democratic National Committee << DNC (NOTE: this is APT29)
- APT28_2016-07_Invincea_Tunnel of Gov DNC Hack and the Russian XTunnel
- APT28_2016-10_ESET_Observing the Comings and Goings
- APT28_2016-10_ESET_Sednit A Mysterious Downloader
- APT28_2016-10_ESET_Sednit Approaching the Target
- APT28_2016-10_Sekoia_Rootkit analysisUse case on HideDRV
- APT28_2017-02_Bitdefender_OSX_XAgent << OSX XAgent
Download
Download sets (matching research listed above). Email me if you need the passwordDownload all files/folders listed (72MB)