Pulse Detail — Threat Intelligence

PULSE NAME

APT31 renews its attacks on Russian companies through cloud storage

WHITE APT31 AlienVault 2022-08-12 Modified: 2022-08-12

IOCs

HIGH VOLUME

A guide to the latest developments in the fight against cyber-thieves APT31, who are believed to be targeting Russian companies through cloud storage, as well as providing security services for the energy sector.

APT31 Cloud

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1204 T1566 T1587.001 T1587.002 T1547.001 T1574 T1140 T1036 T1112 T1027 T1560 T1001 T1095 T1573.001 T1132.001 T1132.002 T1102 T1020 T1041

MALWARE FAMILIES

YaRAT

Indicators of Compromise (15 / 55 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	099c7d85d0d26a31469465d333329778	MD5 of d25a68289fc1268d7c548787373a6235895716fb	2022-08-12
FileHash-MD5	0c1e1fd94383efc5a3de8f0117c154b2	—	2022-08-12
FileHash-MD5	0c4540f659d3942a28f158bce7be1143	MD5 of d1cc0f861f162dfbf9df1493fe861d02b80483f6	2022-08-12
FileHash-MD5	0c993a406be04b806222a130fb5a18e8	MD5 of 49307f1091251dd7a498cf69d0465ddd59859cf8	2022-08-12
FileHash-MD5	11010e139010697a94a8feb3704519f9	—	2022-08-12
FileHash-MD5	176d11c9bafac6153f728d8afb692f6f	—	2022-08-12
FileHash-MD5	1d65ef16d1f161ae3faa5ed7896734cd	—	2022-08-12
FileHash-MD5	50eb199e188594a42262a5bbea260470	—	2022-08-12
FileHash-MD5	5897e67e491a9d8143f6d45803bc8ac8	—	2022-08-12
FileHash-MD5	640e6ecad629bd33c09ccec52f4aa6da	—	2022-08-12
FileHash-MD5	85f8bfb3b859a35e342e35d7c35e8746	MD5 of ff5e78218198dd5ca5dc2eb46ec8afdd1b6260e9	2022-08-12
FileHash-MD5	8b4c1f0ff1cee413f5f2999fa21f94f9	MD5 of 97e19f67a8d6af78c181f05198aa7d200b243ea5	2022-08-12
FileHash-MD5	91965ee08504eeb01e76e17007497852	—	2022-08-12
FileHash-MD5	c89eaa7f40fc75f9a34e0f0a3b59b88b	—	2022-08-12
FileHash-MD5	dfaa28a53310a43031e406ff927a6866	—	2022-08-12

References (1)

↗ https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/apt31-cloud-attacks/