Pulse Detail — Threat Intelligence

PULSE NAME

APT31 renews its attacks on Russian companies through cloud storage

WHITE APT31 AlienVault 2022-08-12 Modified: 2022-08-12

IOCs

HIGH VOLUME

A guide to the latest developments in the fight against cyber-thieves APT31, who are believed to be targeting Russian companies through cloud storage, as well as providing security services for the energy sector.

APT31 Cloud

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1204 T1566 T1587.001 T1587.002 T1547.001 T1574 T1140 T1036 T1112 T1027 T1560 T1001 T1095 T1573.001 T1132.001 T1132.002 T1102 T1020 T1041

MALWARE FAMILIES

YaRAT

Indicators of Compromise (15 / 55 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-SHA256	0a5fb4a480b1748dc7f963a491a9aa32ff8c8fed01bea0cfd250a5ef01654eb3	—	2022-08-12
FileHash-SHA256	0afeef5a4ac1b0bc778e66a1420587697dbfdb87d74a0b935db69b7d804089c4	—	2022-08-12
FileHash-SHA256	256d3065de2345a6beff9458ad0b519bed8363ac0b984247768bd788e633e371	SHA256 of 49307f1091251dd7a498cf69d0465ddd59859cf8	2022-08-12
FileHash-SHA256	37e259d6564071807b7b4266ed1dd8bf2059f3e7f438b8487dd0149e5e0487ec	SHA256 of d1cc0f861f162dfbf9df1493fe861d02b80483f6	2022-08-12
FileHash-SHA256	4a5e9ab0e65e08ceb2adb2d150abb620684e98d79483b6c9f786c56c95fea573	—	2022-08-12
FileHash-SHA256	8148aeef6995c99c6f93ebce65b60bf57109914c45aa86d26a5cdc6ad8bba634	—	2022-08-12
FileHash-SHA256	98b5cfa14dd805e1172b36415c71730fa3454ffbaababc7d4c7b1fcfb47dfbd7	—	2022-08-12
FileHash-SHA256	a56003dc199224113e9c85b0edb2197d4a4af91b15e7d0710873e2ef848c3221	SHA256 of ff5e78218198dd5ca5dc2eb46ec8afdd1b6260e9	2022-08-12
FileHash-SHA256	add70042c65cd683925936aa04c79a8644e40dd93aa5ff1913bf533457daccf3	—	2022-08-12
FileHash-SHA256	aee1bf1f7e70f5cbd34a59b312573a6c7e34b1e412e4518a55a5b14af2102063	—	2022-08-12
FileHash-SHA256	c2b769f40b1ec2ee57e4d36f545d6de93bbd54d2514347fb54cc20b1bfb9ca97	—	2022-08-12
FileHash-SHA256	c3382ebff9dcd0e8776820f70faaa8cd4c0c93578444e5cfe3720e0b232fa6d8	SHA256 of d25a68289fc1268d7c548787373a6235895716fb	2022-08-12
FileHash-SHA256	d7c1668c903a92f20bdeaee0f6e94b2ef3fefd700ca8daa4c4ff34a26f1323af	—	2022-08-12
FileHash-SHA256	ea9429fa66ba14b99ff756b8497ccbd3403437d4150eaed6c5c0fe4a3cdf78a8	—	2022-08-12
FileHash-SHA256	f49999f1d7327921e63097b4f90f437a0122361676b73a81f0ff2b681b1dd8de	SHA256 of 97e19f67a8d6af78c181f05198aa7d200b243ea5	2022-08-12

References (1)

↗ https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/apt31-cloud-attacks/