← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Evolution of Russian APT29 – New Attacks and Techniques Uncovered
WHITE AlienVault 2023-07-26 Modified: 2024-03-06
25
IOCs
MEDIUM VOLUME
When it comes to exceptionally sophisticated malware attacks, APT29 stands at the forefront. The SolarWinds breach marked only the beginning of persistent malware attacks carried out by the threat actor. Since the attack on SolarWinds, the APT has relentlessly persisted in its attacks on governments, defense entities, critical manufacturing organizations, and IT service providers. Their latest attacks involve exploiting lesser-known Windows features and specifically targeting diplomats stationed in Ukraine.
apt29lab52avertiumukrainemagicwebnatosolarwindssnowyamberhalfrigquarterrigcobalt strikeorionteammimikatzransomware
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (25)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain
TYPEINDICATORDESCRIPTIONCREATED
CVE CVE-2021-31207 2023-07-26
CVE CVE-2021-34473 2023-07-26
CVE CVE-2021-34523 2023-07-26
CVE CVE-2022-30170 2023-07-26
FileHash-MD5 31867eb002d468df6ed7267d3db66a63 MD5 of b422ba73f389ae5ef9411cf4484c840c7c82f2731c6324db0b24b6f87ce8477d 2023-07-26
FileHash-MD5 b1820abc3a1ce2d32af04c18f9d2bfc3 MD5 of 6c55195f025fb895f9d0ec3edbf58bc0aa46c43eeb246cfb88eef1ae051171b3 2023-07-26
FileHash-MD5 d2b2f086bf9241954435caecc3ea851e MD5 of e7c49758bae63c83d251cacbfada7c09af0c3038e8ff755c4c04f916385805d8 2023-07-26
FileHash-MD5 f29083f25d876bbc245a1f977169f8c2 MD5 of a61b35a9a9650396223bb82aad02c0ec1f1bb44b 2023-07-26
FileHash-SHA1 2194c9d88a3f90ace25733dad8a3dad004dc0e4e SHA1 of b422ba73f389ae5ef9411cf4484c840c7c82f2731c6324db0b24b6f87ce8477d 2023-07-26
FileHash-SHA1 a61b35a9a9650396223bb82aad02c0ec1f1bb44b 2023-07-26
FileHash-SHA1 b260d80fa81885d63565773480ca1e436ab657a0 SHA1 of 6c55195f025fb895f9d0ec3edbf58bc0aa46c43eeb246cfb88eef1ae051171b3 2023-07-26
FileHash-SHA1 e16d41f69f5dbcffd39b9a6c1f8b5b5eda7f6651 SHA1 of e7c49758bae63c83d251cacbfada7c09af0c3038e8ff755c4c04f916385805d8 2023-07-26
FileHash-SHA256 4875a9c4af3044db281c5dc02e5386c77f331e3b92e5ae79ff9961d8cd1f7c4f 2023-07-26
FileHash-SHA256 59e5b2a7a3903e4fb9a23174b655adb75eb490625ddb126ef29446e47de4099f 2023-07-26
FileHash-SHA256 5f6219ade8e0577545b9f13afd28f6d6e991326f3c427d671d1c1765164b0d57 2023-07-26
FileHash-SHA256 6c55195f025fb895f9d0ec3edbf58bc0aa46c43eeb246cfb88eef1ae051171b3 2023-07-26
FileHash-SHA256 7fc9e830756e23aa4b050f4ceaeb2a83cd71cfc0145392a0bc03037af373066b 2023-07-26
FileHash-SHA256 966e070a52de1c51976f6ea1fc48ec77f6b89f4bf5e5007650755e9cd0d73281 SHA256 of a61b35a9a9650396223bb82aad02c0ec1f1bb44b 2023-07-26
FileHash-SHA256 a8ae10b43cbf4e3344e0184b33a699b19a29866bc1e41201ace1a995e8ca3149 2023-07-26
FileHash-SHA256 af1922c665e9be6b29a5e3d0d3ac5916ae1fc74ac2fe9931e5273f3c4043f395 2023-07-26
FileHash-SHA256 b422ba73f389ae5ef9411cf4484c840c7c82f2731c6324db0b24b6f87ce8477d 2023-07-26
FileHash-SHA256 d7bda5e39327fe12b0c1f42c8e27787f177a352f8eebafbe35d3e790724eceff 2023-07-26
FileHash-SHA256 e7c49758bae63c83d251cacbfada7c09af0c3038e8ff755c4c04f916385805d8 2023-07-26
URL https://kefas.id/search/s.php 2023-07-26
domain kefas.id 2023-07-26
References (1)
↗ https://www.avertium.com/resources/threat-reports/evolution-of-russian-apt29-new-attacks-and-techniques-uncovered