close
Gartner Report:
Innovation Insight for
Security Orchestration,
Automation and Response DOWNLOAD NOW

Fysbis: Sharing New Sofacy APT Indicators

We have developed TIPpers, which are incidents the ThreatConnect Research team flags for your awareness, so your organization can take decisive action.

TIPper: Additional malicious domains consistent with Sofacy targeting efforts

This incident involves 198.105.125.0/24 Infrastructure Analysis. ThreatConnect conducted additional passive DNS analysis of a net range recently reported in a Palo Alto 12 February blog post "A Look Into Fysbis: Sofacy's Linux Backdoor."  The Russian Sofacy Advanced Persistent Threat (APT) group uses this net range for command and control (C2) nodes.  ThreatConnect identified additional malicious domains as well as suspicious typosquatting domains consistent with Sofacy targeting efforts.  

For additional details, current ThreatConnect users can access this incident by selecting this LINK or search for incident "20160212C" in the ThreatConnect Platform.

If you do not have a ThreatConnect account, click HERE to access our Free Edition as well as 30-day access to our Subscriber Community.  ThreatConnect's Free Edition allows you to establish a basic threat intelligence practice, collaborate with your internal team, protect your organization with open source threat data, bulk import cyberthreat indicators, contribute to the ThreatConnect Community, and receive support and validation from outside researchers and analysts also using the platform.  The Subscriber Community includes timely notification of threat incidents identified by the ThreatConnect Research team, an exclusive service offered at no additional charge to paying customers.

ABOUT THE AUTHOR

The ThreatConnect Research Team: is an elite group of globally-acknowledged cybersecurity experts, dedicated to tracking down existing and emerging cyber threats. We scrutinize trends, technology and socio-political motivators to develop comprehensive knowledge of the cyber landscape. Then, we share what we’ve learned so that you can protect your organization, and your team can take precise action against threats.