← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Cloaked Ursa (APT29) Hackers Use Trusted Online Storage Services
WHITE APT29 AlienVault 2022-07-20 Modified: 2022-08-19
22
IOCs
MEDIUM VOLUME
Organizations around the world rely on the use of trusted, reliable online storage services – such as DropBox and Google Drive – to conduct day-to-day operations. However, our latest research shows that threat actors are finding ways to take advantage of that trust to make their attacks extremely difficult to detect and prevent. The latest campaigns conducted by an advanced persistent threat (APT) that we track as Cloaked Ursa (also known as APT29, Nobelium or Cozy Bear) demonstrate sophistication and the ability to rapidly integrate popular cloud storage services to avoid detection.
APT29Cloaked UrsaNobeliumCozy BearEnvyScout
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
EnvyScout Cobalt Strike
Indicators of Compromise (22)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 c825e55012a3d236e4eca7b005b44fff MD5 of 761ed73512cb4392b98c84a34d3439240a73e389f09c2b4a8f0cce6a212f529c 2022-07-20
FileHash-MD5 f51a8644e97007417e3ef3a61991e293 MD5 of ce9802b22a37ae26c02b1f2c3225955a7667495fce5b106113434ab5a87ae28a 2022-07-20
FileHash-SHA1 74aa26e237c651e1bc2d26874c36598e86c89f00 SHA1 of ce9802b22a37ae26c02b1f2c3225955a7667495fce5b106113434ab5a87ae28a 2022-07-20
FileHash-SHA1 f90af8b1e558576f4adb49c2fd114d1fe1d1cb7d SHA1 of 761ed73512cb4392b98c84a34d3439240a73e389f09c2b4a8f0cce6a212f529c 2022-07-20
FileHash-SHA256 09f0ea9b239385eb22f794dcecaec1273be87f3f118a2da067551778971ca677 2022-07-20
FileHash-SHA256 0ed71b0f4f83590cca66c0c9e9524a0c01d7a44cf06467c3ae588c1fe5b13118 2022-07-20
FileHash-SHA256 295452a87c0fbb48eb87be9de061ab4e938194a3fe909d4bcb9bd6ff40b8b2f0 2022-07-20
FileHash-SHA256 347715f967da5debfb01d3ba2ede6922801c24988c8e6ea2541e370ded313c8b 2022-07-20
FileHash-SHA256 4c1ed0f6470d0bbe1ca4447981430e8ceb1157d818656be9c8a992c56c10b541 2022-07-20
FileHash-SHA256 56cffe5e224acbe5a7e19446238e5bb9110d9200b6b1ea8b552984d802b71547 2022-07-20
FileHash-SHA256 761ed73512cb4392b98c84a34d3439240a73e389f09c2b4a8f0cce6a212f529c 2022-07-20
FileHash-SHA256 9230457e7b1ab614f0306e4aaaf08f1f79c11f897f635230aa4149ccfd090a3d 2022-07-20
FileHash-SHA256 a018f4d5245fd775a17dc8437ad55c2f74fb6152dd4fdf16709a60df2a063fff 2022-07-20
FileHash-SHA256 a0bdd8a82103f045935c83cb2186524ff3fc2d1324907d9bd644ea5cefacbaaf 2022-07-20
FileHash-SHA256 bc9ad574c42bc7b123baaafb3325ce2185e92e46979b2faaddd4bc80ddfac88a 2022-07-20
FileHash-SHA256 cbe92abb2e275770fdff2e9187dee07cce1961b13c0eda94237aceeb06eefbbd 2022-07-20
FileHash-SHA256 ce9802b22a37ae26c02b1f2c3225955a7667495fce5b106113434ab5a87ae28a 2022-07-20
FileHash-SHA256 de06cf27884440f51614a41623a4b84e0cb3082d6564ee352f6a4d8cf9d92ec5 2022-07-20
FileHash-SHA256 f9b10323b120d8b12e72f74261e9e51a4780ac65f09967d7f4a4f4a8eabc6f4c 2022-07-20
FileHash-SHA256 fba3a311a4c0a283753b5a0cdcadd3fe19f5a1174f03cb966f14d04bbf3d73ee 2022-07-20
domain crossfity.com 2022-07-20
domain techspaceinfo.com 2022-07-20
References (1)
↗ https://unit42.paloaltonetworks.com/cloaked-ursa-online-storage-services-campaigns/