Pulse Detail — Threat Intelligence

PULSE NAME

NOBELIUM Uses Poland's Ambassador’s Visit to the U.S. to Target EU Governments Assisting Ukraine

WHITE Nobelium AlienVault 2023-03-18 Modified: 2023-04-17

IOCs

MEDIUM VOLUME

BlackBerry researchers have observed a new campaign by the Russian state-sponsored threat group, known as APT29, targeting European Union countries and their diplomatic systems, including that of Poland's ambassador to the United States.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1106 T1189 T1199 T1027 T1102 T1204 T1547 T1566 T1584

Indicators of Compromise (22)

All URL FileHash-MD5 FileHash-SHA1 FileHash-SHA256 YARA

TYPE	INDICATOR	DESCRIPTION	CREATED
URL	https://literaturaelsalvador.com/Schedule.html	—	2023-03-18
URL	https://literaturaelsalvador.com/Instructions.html	—	2023-03-18
FileHash-MD5	38b05aa4b5ba651ba95f7173c5145270	—	2023-03-18
FileHash-MD5	67a6774fbc01eb838db364d4aa946a98	MD5 of 21a0b617431850a9ea2698515c277cbd95de4e59c493d0d8f194f3808eb16354	2023-03-18
FileHash-MD5	82ecb8474efe5fedcb8f57b8aafa93d2	MD5 of 4d92a4cecb62d237647a20d2cdfd944d5a29c1a14b274d729e9c8ccca1f0b68b	2023-03-18
FileHash-MD5	89f716d32461880cd0359ffbb902f06e	—	2023-03-18
FileHash-MD5	8d5c0f69c1caa29f8990fbc440ab3388	—	2023-03-18
FileHash-MD5	cf36bf564fbb7d5ec4cec9b0f185f6c9	MD5 of e957326b2167fa7ccd508cbf531779a28bfce75eb2635ab81826a522979aeb98	2023-03-18
FileHash-MD5	e0cb8157e6791390463714b38158195a	—	2023-03-18
FileHash-MD5	e693777a3a85583a1bbbd569415be09c	—	2023-03-18
FileHash-SHA1	2a0478a22d27f7af98786e873b6c85c4ae2e3b2e	SHA1 of 21a0b617431850a9ea2698515c277cbd95de4e59c493d0d8f194f3808eb16354	2023-03-18
FileHash-SHA1	3fd43de3c9f7609c52da71c1fc4c01ce0b5ac74c	SHA1 of 4d92a4cecb62d237647a20d2cdfd944d5a29c1a14b274d729e9c8ccca1f0b68b	2023-03-18
FileHash-SHA1	8eb64670c10505322d45f6114bc9f7de0826e3a1	SHA1 of e957326b2167fa7ccd508cbf531779a28bfce75eb2635ab81826a522979aeb98	2023-03-18
FileHash-SHA256	21a0b617431850a9ea2698515c277cbd95de4e59c493d0d8f194f3808eb16354	—	2023-03-18
FileHash-SHA256	3a489ef91058620951cb185ec548b67f2b8d047e6fdb7638645ec092fc89a835	—	2023-03-18
FileHash-SHA256	4d92a4cecb62d237647a20d2cdfd944d5a29c1a14b274d729e9c8ccca1f0b68b	—	2023-03-18
FileHash-SHA256	505f1e5aed542e8bfdb0052bbe8d3a2a9b08fc66ae49efbc9d9188a44c3870ed	—	2023-03-18
FileHash-SHA256	c1ebaee855b5d9b67657f45d6d764f3c1e46c1fa6214329a3b51d14eba336256	—	2023-03-18
FileHash-SHA256	dbb39c2f143265ad86946d1c016226b0e01614af35a2c666afa44ac43b76b276	—	2023-03-18
FileHash-SHA256	dffaefaabbcf6da029f927e67e38c0d1e6271bf998040cfd6d8c50a4eff639df	—	2023-03-18
FileHash-SHA256	e957326b2167fa7ccd508cbf531779a28bfce75eb2635ab81826a522979aeb98	—	2023-03-18
YARA	f7959f465becdc25d20f452cbd5d5759ea4a702e	Yara rule based on code NOBELIUM_SpyDLL_March2023	2023-03-18

References (1)

↗ https://blogs.blackberry.com/en/2023/03/nobelium-targets-eu-governments-assisting-ukraine