A forum for reverse engineering, OS internals and malware analysis 

Red October / Cloud Atlas APT

Forum for completed malware requests.

Red October / Cloud Atlas APT

 #24880  by NoSense
 Fri Jan 09, 2015 6:25 am
I'm looking for one or more of the following malware samples:

Known files names:
  • FT - Ukraine Russia's new art of war.doc
  • Катастрофа малайзийского лайнера.doc
  • Diplomatic Car for Sale.doc
  • МВКСИ.doc
  • Organigrama Gobierno Rusia.doc
  • Фото.doc
  • Информационное письмо.doc
  • Форма заявки (25-26.09.14).doc
  • Информационное письмо.doc
  • Письмо_Руководителям.doc
  • Прилож.doc
  • Car for sale.doc
  • Af-Pak and Central Asia's security issues.doc
Known MD5 hash:
  • E211C2BAD9A83A6A4247EC3959E2A730 - qPd0aKJu.vbs
  • DECF56296C50BD3AE10A49747573A346 - bicorporate
  • D171DB37EF28F42740644F4028BCF727 - ctfmonrn.dll
  • f4e15c1c2c95c651423dbb4cbe6c8fd5 - bicorporate.dll
  • 649ff144aea6796679f8f9a1e9f51479 - fundamentive.dll
  • 40e70f7f5d9cb1a669f8d8f306113485 - papersaving.dll
  • 58db8f33a9cdd321d9525d1e68c06456 - previliges.dll
  • f5476728deb53fe2fa98e6a33577a9da - steinheimman.dll

I'm also still looking for Red October APT campaign plugins, so far I've been able only to analyze the dropper and one of the plugins, if any of you know where I can find more modules I would be more than happy to thank him, if you don't thanks anyway ^-^
  • 5447848f3a5fdaf97c498190ed501620
  • 1b840c5b45cd015f51010e12938b528a
  • 65820769534fec10958573d1c8a545a8
  • e36b94cd608e3dfdf82b4e64d1e40681
  • a2fe73d01fd766584a0c54c971a0448a
  • 7b669c32e6ee2c65bec5e09024fc5415
  • b7327bfa4a101a21f0cc1b366aa8e107
  • a39fa7340b2f1d7b42342b3e2f06df71
  • cd170625655424149573c88c59716cc4
  • f60436b984962e741b81720ea604ad27
  • 2cf23cd8a7f85529576ba6c759f8cf37
  • 9bb32272be87a4dde8c8b05f49ded9f7
  • ed72b6150e9fbc8f71e61dfea682a303
  • f6e1637e04b33a3e0c57ab355d3e677e
  • fa66821fd895b3814e501b804176ef98
  • 3538fea2c2f9a7117a6a919c87112731
  • a008d1ec659c3758e95bc3f0aafbe3a5
  • 68d72e12c402038195175b568b3dd0bb
  • 4b62cc78508b46d74cdd172dc493ec8a
  • 09e75477e03a968eead17a28d8aef0ce
  • 10603f7ec89c3472b238e9342f5ba62b
  • C196e32764dc698bb88714adfb874667
  • 0fe600e06a69ccebbb5baf6c9f5f51a6
  • c3a50d78669cd58b2cd4e38e30c1e986
  • 298c4562c8463bed3039ff2d12669adc
  • 1f91b25d0893d4e1b0418ffeb21f1f03
  • 521b45d21b4b2fc48f7ab29ab222d6ee
  • 7883b174ce69ffed41d3aea54855ff97
  • 3975b42d9bb39741e988f78020edeb44
  • 224c382316be4be7e0009f08b84cd91e
  • 100e53ee8fbeb4546b31eb7e0aad8752
  • b9568a91d6f6b0904de8b2e9d9a2d32c
  • f0eaec0b25afc24a416810fe46242590
  • 865ba7958efe7e54501dcf2c19dcd99e
  • 9572cc04fd442027cfd61178bdf73c0c
  • feba0bbead1a810c223cf8252b529d65
  • 4aabfd510ef66e066946087617638090
  • 1d124d06666cfa6b33768f1147208b9c
  • 260ad160972ca6bc071b7cb518a9b5fa
  • ab72d7ed99c3c18f2582b6e9cd5ec875
  • ef6751567cbf7c92cd3880fc7aa425c9
  • 56c06123e34dcc8a8e464da9acd852bb
  • a6d549d7c90c412a20fc9e7abc829eb5
  • be6f3c214d2a579728fc3537c6454f8c
  • 0883d6533aa4fb0e40a6e48a66ea84d4
  • c3e70e9b50cd3f6cfcd0ac75a60b3464
  • 75b824c5a6a9b950ccbdaee577fe964b
  • 9bb26fb5179db8515cdc81cb9f40387d
  • d9851c67bfeec5cc37db99be07061857
  • 07999110cab8c6558be11684d2c02793
  • 9d5bb8f9441d31148bf4f190e27764cc
  • ecd7bec9522e64df7b179b512e71c154
  • 5e215b9272e4a0ff0d9725ac94bd1541
  • 9a9dbd2a398fda91167169b0866047d1
  • 4355f29680630980cf732e46306a39ce
  • d4d959bffa33b0e3076421a02e69f13b
  • f2bb34acdebcbbd335e6cc2816a0c5f0
  • ca25ca44ef0106c4080415f1c2090400
  • 83ee5deb488d58d924134781e76c416c
  • 9aa8f3ed12ef1003d24c771af69879f8
  • 19cc111e41d804f20e5f65c6d0a48953
  • acfc7040304b19422ba0a1278b4d9c48
  • a515279eee527f7d20f82ef673308151
  • 51d5f5a5c7de6a175e269236c2c574b0
  • bbe23b8baec0afbd54154820f4a9d7ea
  • 6abd3d906ebd0e6bf4fb8d00273fdc66
  • b9114882ed3a184f8a58284f3fe57cb0
  • 657f0f4f6183cd2e87fdfd8a88f927c9
  • 900ab792a9dc9ae35c821cce98164d81
  • 18bd71030b18f3bc93d08b650ae0d43d
  • 187adc0380142c61224c53eac9a70955
  • 78f2c84fefe80bc84361c40d2bbd0501
  • b2c60688dc2de4dd4de1f393ae59e317
  • 3b4125c8dc55ae54fa244a8fdcea8bc9
  • 760333093fbcc38f6b8d7e1667d192b8
  • ffd4096c5d2a2a4801ac6e8ab250a0d0
  • 92b6b580f1d2e5409a6feb5c8883de2b
  • daf244aacbac081693b914a4a1486fa5
  • 2b08ae138fd27ba62b7ea1e35d38b56f
  • 48c4e2386cbae6a71b4eccab21ead6e5
  • a39636c2fb253ae9ff7b7c0294abf8ac
  • f27870dd7bfa952636850a76205f4ba3
  • c64343fad7c1f98a8342bd29829fcdf1
  • 58fbcf7d9146eba51c22e91bdf7128d0
  • 5c563e849ec86a542daf492b31dde2bb
  • 4c205fc9c7dbd95316f9ed5aafa34712
  • b0e2f3c972477e750d5adbed3650ae81
  • 33bda0e77b840809e66e12d020e054c5
  • 3cb7318ed40239f7219d86343a17b54b
  • dfcce19f2852db652071088bf9461b4a
  • 6079a0746e76c1090dc110e08de645e2
  • 57897c997c699135b9460c0be7a4b27e
  • ecc7a5ef3f5e92f0c7da0bef8d392b5f
  • 43C0BA45BE45CA20ED014A8298104716
  • 1294af519b9e6a521294607c8c1b3d27
  • AE693C43E40F0DE9DE9FA2D950003ABF
  • 09fd8e1f2936a97df477a5e8552fe360
  • 6FE7EB4E59448E197BDFAE87247F3AE6
  • ED5FF814B10ED25946623A7EC2C0A682
  • 37B443893551C1537D00FD247E3C9A78
  • 06ebdde6a600a65e9e65ba7c63f139fa
  • b49232652748ab677a944bd4d4650603
  • 51900a2bb1202225aabc2ee5a64dbe42
  • 7ade5d2a88c1eeefe47b501b19c383ef
  • 595e29a21ecaa4dfcb3a5db18401a9a8
  • ee2e21a45a018c6faa68332a32c65ddd
  • 339b8bc0f6e5ee4ca2bc2109f5de0b38
  • 76e1d54a890befed31a369ce40b44ee6
  • 6ebcb0b7f9cca7cecebbd683685cb705
  • 70bee4d4141e6d963aa72a0da08b6683
  • 09b4f1e0c03d7dbdac402df4c0625167
  • 797541f87e2e3a9a0754a097772f3192
  • d41d8cd98f00b204e9800998ecf8427e
  • 93638cbba11d52b933d5da553048899e
  • 06ff2157f98f312ceaa19cbef996660d
  • 54c86037d2650630718180f24ce6f9d2
  • 4af92c1758158644e50ddf32d9a74501
  • e4c84caaf52b42d9615d2b35acda271a
  • 135eab2135cb589c655d75bc25921d8c
  • da2ff3b983e24a49603d4ab61b0f05c3
  • ea1e4cdf4072fd19fb97df2b7d88055a
  • 95914229c080a998b33d7dbcb199b231
  • 8bcd66ce8904e87f5cdfc1ad5b071ccb
  • 931391d484ff56b0a142f64ee47aff88
  • 163CEE95FA3EF1469030F0BFEC0EB64C
  • CC0F35631D7F69EB087F31754FA9635A
  • E8711B9DBB3E7A6FBC1DF70F7131520C
  • 469F4B81A01B1577531812385CAC827E
  • E8711B9DBB3E7A6FBC1DF70F7131520C
  • A8B8F616FFD94D34E4E188657A5C8BA7
  • E461B07E2A11ED13DDC0F27162545DE1
  • C9686F76F827D8B16C434C84FDF9BE06
  • B6F2D2D27A91D99AB396AD7A4B4937DE
  • AC83001F4228D92F1457E5841792EAC1
  • AC83001F4228D92F1457E5841792EAC1
(damn, I hate you Red October for your endless list of plugins and variants)

Other threads in this forum with some useful samples (for anyone else interested in this APT): Reports by Securelist:
 Return to “Completed Malware Requests”