← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Evolution of Russian APT29 – New Attacks and Techniques Uncovered
WHITE AlienVault 2023-07-26 Modified: 2024-03-06
25
IOCs
MEDIUM VOLUME
When it comes to exceptionally sophisticated malware attacks, APT29 stands at the forefront. The SolarWinds breach marked only the beginning of persistent malware attacks carried out by the threat actor. Since the attack on SolarWinds, the APT has relentlessly persisted in its attacks on governments, defense entities, critical manufacturing organizations, and IT service providers. Their latest attacks involve exploiting lesser-known Windows features and specifically targeting diplomats stationed in Ukraine.
apt29lab52avertiumukrainemagicwebnatosolarwindssnowyamberhalfrigquarterrigcobalt strikeorionteammimikatzransomware
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (4 / 25 total)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 31867eb002d468df6ed7267d3db66a63 MD5 of b422ba73f389ae5ef9411cf4484c840c7c82f2731c6324db0b24b6f87ce8477d 2023-07-26
FileHash-MD5 b1820abc3a1ce2d32af04c18f9d2bfc3 MD5 of 6c55195f025fb895f9d0ec3edbf58bc0aa46c43eeb246cfb88eef1ae051171b3 2023-07-26
FileHash-MD5 d2b2f086bf9241954435caecc3ea851e MD5 of e7c49758bae63c83d251cacbfada7c09af0c3038e8ff755c4c04f916385805d8 2023-07-26
FileHash-MD5 f29083f25d876bbc245a1f977169f8c2 MD5 of a61b35a9a9650396223bb82aad02c0ec1f1bb44b 2023-07-26
References (1)
↗ https://www.avertium.com/resources/threat-reports/evolution-of-russian-apt29-new-attacks-and-techniques-uncovered