DDE Command Execution malware samples

Here are a few samples related to the recent DDE Command execution

DDE Macro-less Command Execution Vulnerability

 Download. Email me if you need the password  (updated sample pack)

Part II. APT29 Russian APT including Fancy Bear

This is the second part of Russian APT series.
"APT29 - The Dukes Cozy Bear: APT29 is threat group that has been attributed to the Russian government and has operated since at least 2008.1210 This group reportedly compromised the Democratic National Committee starting in the summer of 2015" (src.  Mitre ATT&CK)

Please see the first post here: Russian APT - APT28 collection of samples including OSX XAgent
Download (matching research listed above). Email me if you need the password 
Fancy_Bear_sourcecode (also on Github)

Malware Inventory (work in progress)

DeepEnd Research: Analysis of Trump's secret server story

 We posted our take on the Trump's server story. If you have any feedback or corrections, send me an email (see my blog profile on Contagio or DeepEnd Research)

Analysis of Trump's secret server story...

Part I. Russian APT - APT28 collection of samples including OSX XAgent

 This post is for all of you, Russian malware lovers/haters. Analyze it all to your heart's content. Prove or disprove Russian hacking in general or DNC hacking in particular, or find that "400 lb hacker" or  nail another country altogether.  You can also have fun and exercise your malware analysis skills without any political agenda.

The post contains malware samples analyzed in the APT28 reports linked below. I will post APT29 and others later.

Read about groups and types of targeted threats here: Mitre ATT&CK

List of References (and samples mentioned) listed from oldest to newest:

1. APT28_2011-09_Telus_Trojan.Win32.Sofacy.A
2. APT28_2014-08_MhtMS12-27_Prevenity
3. APT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.Operations
4. APT28_2014-10_Telus_Coreshell.A
5. APT28_2014-10_TrendMicro Operation Pawn Storm. Using Decoys to Evade Detection
6. APT28_2015-07_Digital Attack on German Parliament
7. APT28_2015-07_ESET_Sednit_meet_Hacking
8. APT28_2015-07_Telus_Trojan-Downloader.Win32.Sofacy.B
9. APT28_2015-09_Root9_APT28_Technical_Followup
10. APT28_2015-09_SFecure_Sofacy-recycles-carberp-and-metasploit-code
11. APT28_2015-10_New Adobe Flash Zero-Day Used in Pawn Storm
12. APT28_2015-10_Root9_APT28_targets Financial Markets
13. APT28_2015-12_Bitdefender_In-depth_analysis_of_APT28–The_Political_Cyber-Espionage
14. APT28_2015-12_Kaspersky_Sofacy APT hits high profile targets
15. APT28_2015_06_Microsoft_Security_Intelligence_Report_V19
16. APT28_2016-02_PaloAlto_Fysbis Sofacy Linux Backdoor
17. APT29_2016-06_Crowdstrike_Bears in the Midst Intrusion into the Democratic National Committee << DNC (NOTE: this is APT29)
18. APT28_2016-07_Invincea_Tunnel of Gov DNC Hack and the Russian XTunnel
19. APT28_2016-10_ESET_Observing the Comings and Goings
20. APT28_2016-10_ESET_Sednit A Mysterious Downloader
21. APT28_2016-10_ESET_Sednit Approaching the Target
22. APT28_2016-10_Sekoia_Rootkit analysisUse case on HideDRV
23. APT28_2017-02_Bitdefender_OSX_XAgent  << OSX XAgent

Download

Download sets (matching research listed above). Email me if you need the password
          Download all files/folders listed (72MB)

Sample list