US-CERT's references ‘malware’ used by APT28 & APT29 several times. Anyone know where I can get the exact malware samples they analyzed?https://twitter.com/USCERT_gov/status/814556607585497089 …
-
-
Replying to @jeremiahg
Can't you get the samples from VirusTotal via their hashes?
1 reply 0 retweets 0 likes -
Replying to @VessOnSecurity
I hope. Want to try work backwards to obtain a sample? from NCCIC’s docs, let’s find just one...
1 reply 0 retweets 1 like -
Replying to @jeremiahg
I don't have access to the VirusTotal samples. But there are only a couple of dozen malware hashes in the document (rest is IPs).
1 reply 0 retweets 0 likes -
Replying to @VessOnSecurity @jeremiahg
A couple of the hashes refer to the same things. (Who is the idiot who prepared this report anyway?!)
1 reply 0 retweets 1 like -
Replying to @VessOnSecurity @jeremiahg
Every single one of the malicious programs is known to VirusTotal. Here are the links: http://pastebin.com/2VVgRVJD
1 reply 1 retweet 2 likes -
Replying to @VessOnSecurity
I did exactly the same work, but judging by the dates, it looks like they were all added on Dec 29/30. And yah, no samples!
1 reply 0 retweets 1 like -
Replying to @jeremiahg
I could try asking my contacts in the industry, but it will take a few days.
1 reply 0 retweets 0 likes -
Replying to @VessOnSecurity
If you could, that’d be great. I’m trying to locate samples myself other ways as well.
1 reply 0 retweets 0 likes -
Replying to @jeremiahg
In fact, perhaps
@taviso could find them for you? Google owns VT and it is my understanding that he has access to the stuff.1 reply 0 retweets 0 likes
I can't, but you can apply for intelligence access here https://www.virustotal.com/en/about/contact/ …
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.