Alerts and Advisories

Advisory: Indicators of compromise for malware used by APT28

Created:  04 Oct 2018
Updated:  17 Oct 2018
This is a technical advisory on the threat actor APT28, written for the network defender community. It provides an overview of the actor and information about associated malware and tooling, with indicators of compromise and signatures that can be used to detect potential presence of the actor on a network. It concludes with mitigation guidelines for protecting networks against activity by APT28 and other hostile actors.


Advanced Persistent Threat group, APT28 (also known as Fancy Bear, Pawn Storm, the Sednit Gang and Sofacy), is a highly skilled threat actor. APT28 has previously used tools including X-Tunnel, X-Agent and CompuTrace to penetrate target networks. The signatures and Indicators of Compromise (IoCs) included in this advisory will assist in detecting the presence of APT28 malware on your platforms and networks.

Download the advisory here, or alternatively use the Download tab at the top of the page.


PDF, 297.16KB

This file may not be suitable for users of assistive technology.

APT28 advisory

Was this information helpful?

We need your feedback to improve this content.

Yes No