Trusted Design

The CozyDuke APT

概要

CozyDuke (aka CozyBear, CozyCar or "Office Monkeys") is a threat actor that became increasingly active in the 2nd half of 2014 and hit a variety of targets. The White House and Department of State are two of the most spectacular known victims.

Created: 2026-02-23

Indicators

• URL - 210.59.2.20:443/search.php -
• FileHash-MD5 - 59704bc8bedef32709ab1128734aa846 -
• FileHash-MD5 - 3d3363598f87c78826c859077606e514 -
• FileHash-MD5 - 93176df76e351b3ea829e0e6c6832bdf -
• URL - www.seccionpolitica.com.ar:80/galeria/index.php -
• URL - 200.125.142.11:443/news.php -
• FileHash-MD5 - 98a6484533fa12a9ba6b1bd9df1899dc -
• URL - 208.75.241.246:443/msearch.php -
• URL - 209.40.72.2:443/plugins/fsearch.php -
• URL - www.getiton.hants.org.uk:80/themes/front/img/ajax.php -
• FileHash-MD5 - 95b3ec0a4e539efaa1faa3d4e25d51de -
• FileHash-MD5 - 08709ef0e3d467ce843af4deb77d74d5 -
• FileHash-MD5 - 8670710bc9477431a01a576b6b5c1b2a -
• FileHash-MD5 - 57a1f0658712ee7b3a724b6d07e97259 -
• FileHash-MD5 - e0b6f0d368c81a0fb197774d0072f759 -
• FileHash-MD5 - 68271df868f462c06e24a896a9494225 -
• URL - http://www.sanjosemaristas.com/app/index.php -
• FileHash-MD5 - b5553645fe819a93aafe2894da13dae7 -
• URL - 200.119.128.45:443/mobile.php -
• FileHash-MD5 - 2aabd78ef11926d7b562fd0d91e68ad3 -
• FileHash-MD5 - f16dff8ec8702518471f637eb5313ab2 -
• URL - http://209.200.83.43/ajax/profile.php -
• URL - 203.156.161.49:443/plugins/twitter.php -
• URL - http://209.200.83.43/ajax/index.php -
• FileHash-MD5 - c8eb6040fd02d77660d19057a38ff769 -
• FileHash-MD5 - 83f57f0116a3b3d69ef7b1dbe9943801 -
• URL - http://209.200.83.43/ajax/error.php -
• URL - 202.76.237.216:443/search.php -
• FileHash-MD5 - acffb2823fc655637657dcbd25f35af8 -
• FileHash-MD5 - 5d8835982d8bfc8b047eb47322436c8a -
• FileHash-MD5 - fd8e27f820bdbdf6cb80a46c67fd978a -
• URL - http://209.200.83.43/ajax/online.php -
• FileHash-MD5 - 1a262a7bfecd981d7874633f41ea5de8 -
• URL - 208.77.177.24:443/fsearch.php -
• FileHash-MD5 - 90bd910ee161b71c7a37ac642f910059 -
• FileHash-MD5 - 6761106f816313394a653db5172dc487 -
• FileHash-MD5 - bc626c8f11ed753f33ad1c0fe848d898 -
• FileHash-MD5 - d543904651b180fd5e4dc1584e639b5e -
• URL - http://209.200.83.43/ajax/search.php -
• FileHash-MD5 - 7688be226b946e231e0cd36e6b708d20 -
• FileHash-MD5 - d596827d48a3ff836545b3a999f2c3e3 -
• FileHash-MD5 - f2b05e6b01be3b6cb14e9068e7a66fc1 -
• FileHash-MD5 - 62c4ce93050e48d623569c7dcc4d0278 -
• URL - http://209.200.83.43/ajax/loader.php -
• URL - 200.125.133.28:443/search.php -
• FileHash-MD5 - 9e3f3b5e9ece79102d257e8cf982e09e -
• FileHash-MD5 - eb22b99d44223866e24872d80a4ddefd -
• URL - http://209.200.83.43/ajax/api.php -
• URL - 202.206.232.20:443/rss.php -
• URL - http://209.200.83.43/ajax/links.php -
• URL - 183.78.169.5:443/search.php -
• FileHash-MD5 - 9ad55b83f2eec0c19873a770b0c86a2f -
• FileHash-MD5 - f58a4369b8176edbde4396dc977c9008 -
• FileHash-MD5 - a5d6ad8ad82c266fda96e076335a5080 -
• FileHash-MD5 - 4152e79e3dbde55dcf3fc2014700a022 -
• FileHash-MD5 - 1a42acbdb285a7fba17f95068822ea4e -
• FileHash-MD5 - 2e0361fd73f60c76c69806205307ccac -
• FileHash-MD5 - 7f6bca4f08c63e597bed969f5b729c56 -
• URL - 121.193.130.170:443/wp-ajax.php -
• FileHash-MD5 - d7af9a4010c75af6756a603fd6aef5a4 -
• URL - 201.76.51.10:443/plugins/json.php -

類似Pulses

• CozyDuke F-Secure report (score: 0.46)
• CozyCar’s New Ride Is Related to Seaduke (score: 0.46)
• Sofacy APT hits high profile targets with updated toolset (score: 0.40)
• Rehashed RAT Used in APT Campaign Against Vietnamese Organizations | Fortinet Blog (score: 0.39)
• RATs, Hackers and Rihanna (score: 0.39)

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

---

← Pulse一覧に戻る