Trusted Design

Exploring Bergard: Old Malware with New Tricks

概要

The Bergard Trojan and the C0d0so group that made it famous with the November 2014 watering hole attack [1] via Forbes.com have received renewed attention recently, with other researchers [2] potentially linking emerging tools and recent attacks to the group. Proofpoint researchers conducted a historical analysis of samples related to this research and uncovered new malware variants and likely origins and methods of infection. Many of these samples have not been discussed publicly and several have very little or no anti-virus coverage. The analysis that follows is of completed, historical attacks as well as an extremely recent and ongoing attack, providing insight into the volume and timeline of infections, as well as a timeline for attacker-initiated actions using a novel malware family.

Created: 2026-02-23

Indicators

• hostname - css.advicdesign.com -
• hostname - www.xjjboss.com -
• FileHash-MD5 - 16652d4213991ae58e268ae03a4c4e97 -
• FileHash-MD5 - 2123c5c24d8c06a10807458630751ded -
• hostname - mail-ru.3322.org -
• hostname - padview.chickenkiller.com -
• hostname - pluslinkera.appspot.com -
• hostname - ras-ru.eatuo.com -
• hostname - f1a9d91a738041a8.appspot.com -
• FileHash-MD5 - 2c7bad4f4a4df3025aa1345db27c7408 -
• FileHash-MD5 - b5c32b44961c7400bd08bc4ca12a83a1 -
• hostname - www.supermanbox.org -
• hostname - mail-news.eicp.net -
• hostname - f5310cff818ea0e7.appspot.com -
• hostname - www.jbossas.org -
• FileHash-MD5 - 135d00ece30efd46cf279645771f6f92 -
• hostname - ras-ru.oicp.net -
• FileHash-MD5 - 2161c859b21c1b4b430774df0837da9d -
• hostname - ria-ru.xicp.net -
• FileHash-MD5 - feb0a1aa99f086401109b3fcea6d2feb -
• FileHash-MD5 - 40a00b89365c739950140697a6474286 -
• hostname - www.svsk.net -
• FileHash-MD5 - 4979e819d3ffbea81c7111fb515c1c76 -
• FileHash-MD5 - 495877d3c5066ef80184ba53079067cb -
• FileHash-MD5 - 26e863f917da0b3f7a48304eb6d1b1d3 -
• FileHash-MD5 - 5c36e8d5beee7fbc0377db59071b9980 -
• FileHash-MD5 - 9fc086b05787fb2e6c201de63e6e0698 -
• FileHash-MD5 - e8e70c707e7b2411056074781d405e3f -
• FileHash-MD5 - a4fe7449dae9a1a38497069c2a574309 -
• FileHash-MD5 - f6de770ad52015f18d0a2344815e408d -
• FileHash-MD5 - e5274ff02184a304d45d42ca953148ce -
• FileHash-MD5 - 5d806ec66b172734a65f04d8588ef8f8 -
• FileHash-MD5 - 5d0dbadf8ef50fb6c18ac4b0ea1b5562 -
• FileHash-MD5 - d778f8d822376ccd4d2e9dd7f2f0f947 -
• FileHash-MD5 - c684507f37a207ffe8a67afdaf4adcc1 -
• hostname - web01.kruul.com -
• YARA - 919586a586112769532ec71eb5857e435e143494 -
• hostname - corpnt.crabdance.com -
• FileHash-MD5 - 6b7cfb983a2dc2338b89cbadd837c801 -
• hostname - host02.jacosb.com -
• hostname - www.microsoft-cache.com -
• hostname - www.office365e.com -
• FileHash-MD5 - 7ddf02a5afaab8e03ebd9af04b76603a -
• FileHash-MD5 - 9d863756a69401765252f5133023240c -
• FileHash-MD5 - ac2f55cefd715937e9584752b706712b -
• hostname - www.ukoffering.com -
• FileHash-MD5 - b06a3a9744e9d4c059422e7ad729ef90 -
• FileHash-MD5 - cd8c2bb644496d46bf1e91ad8a8f882b -
• FileHash-MD5 - d31cc850e8e5a373e081ac8226c12183 -
• FileHash-MD5 - ab108484b1e75f5562525145cecb4f4a -
• FileHash-MD5 - 1cb673679f37b6a3f482bb59b52423ab -
• hostname - lic03.verhosts.com -
• FileHash-MD5 - 7c2890024f574a8b902b5d8ea8b63a0c -
• FileHash-MD5 - 5029b0d6f6621bf8e8f524fcea69d2b8 -
• FileHash-MD5 - a0e157729a765dcdb92d9a28b0a4025d -

類似Pulses

• Lazarus group: Operation Blockbuster (score: 0.64)
• New Attacks Linked to C0d0s0 Group (score: 0.63)
• Aggressive Malware Pushers: Prolific Cyber Surfers Beware (score: 0.61)
• 09-11-2016 Multiple Malware Sources and hashes (score: 0.60)
• The Curious Case of an Unknown Trojan Targeting German-Speaking Users (score: 0.60)

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

---

← Pulse一覧に戻る