Part II. APT29 Russian APT including Fancy Bear

This is the second part of Russian APT series.

"APT29 - The Dukes Cozy Bear: APT29 is threat group that has been attributed to the Russian government and has operated since at least 2008.1210 This group reportedly compromised the Democratic National Committee starting in the summer of 2015" (src.  Mitre ATT&CK)

Please see the first post here: Russian APT - APT28 collection of samples including OSX XAgent




I highly recommend reading and studying these resources first:

1. Mitre ATT&CK
2. 2017-03 Disinformation. A Primer In Russian Active Measures And Influence Campaigns. Hearings before the   Select Committee on Intelligence, March 2017
3. 2014-08 Mikko Hipponen. Governments as Malware Authors. Presentation ppt.
4. 2016. No Easy Breach: Challenges and Lessons from an Epic Investigation. Mandiant. Matthew Dunwoody, Nick Carr. Video
5. Beyond ‘Cyber War’: Russia’s Use of Strategic Cyber Espionage and Information Operations in Ukraine. NATO Cooperative Cyber Defence Centre of Excellence/ Fireeye - Jen Weedon

List of References (and samples mentioned) listed from oldest to newest:

1. 2012-02 FSecure. COZYDUKE
2. 2013-02_Crysys_Miniduke Indicators
3. 2013-04_Bitdefender_A Closer Look at MiniDuke
4. 2014-04 FSecure_Targeted Attacks and Ukraine
5. 2014-05_FSecure.Miniduke still duking it out
6. 2014-07_Kaspersky_Miniduke is back_Nemesis Gemina and the Botgen Studio
7. 2014-07_Kaspersky_The MiniDuke Mystery PDF 0-day
8. 2014-11_FSecure_OnionDuke APT Attacks Via the Tor Network
9. 2014_FSecure_Cosmicduke Cosmu with a twist of MiniDuke
10. 2015-04_Kaspersky_CozyDuke-CozyBear
11. 2015-07_FSecure_Duke APT Groups Latest Tools Cloud Services and Linux Support
12. 2015-07_Fireeye_Hammertoss_Stealthy_tactics_define_Russian_Cyber
13. 2015-07_Kaspersky_Minidionis one more APT with a usage of cloud drives
14. 2015-07_PaloAlto_Tracking_MiniDionis
15. 2015-07_Palo_Alto_Unit 42 Technical Analysis Seaduke
16. 2015-07_Symantec_Seaduke latest weapon in the Duke armory
17. 2015-08_Prevenity Stealing data from public institutions
18. 2015-09_FSecure_THE DUKES7 years of Russian cyberespionage
19. 2016-06_Crowdstrike_Bears in the Midst Intrusion into the Democratic National Committee
20. 2016-11_Volexity_PowerDukePostElection
21. 2016-12_Chris_Grizzly SteppeLighting up Like A Christmas Tree
22. 2017-03 Fireeye APT29 Domain Fronting With TOR
23. Fancy Bear source code 

Download

Download sets (matching research listed above). Email me if you need the password
          Download all files/folders listed (MB)

DeepEnd Research: Analysis of Trump's secret server story

 We posted our take on the Trump's server story. If you have any feedback or corrections, send me an email (see my blog profile on Contagio or DeepEnd Research)

Analysis of Trump's secret server story...