← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Evolution of Russian APT29 – New Attacks and Techniques Uncovered
WHITE AlienVault 2023-07-26 Modified: 2024-03-06
25
IOCs
MEDIUM VOLUME
When it comes to exceptionally sophisticated malware attacks, APT29 stands at the forefront. The SolarWinds breach marked only the beginning of persistent malware attacks carried out by the threat actor. Since the attack on SolarWinds, the APT has relentlessly persisted in its attacks on governments, defense entities, critical manufacturing organizations, and IT service providers. Their latest attacks involve exploiting lesser-known Windows features and specifically targeting diplomats stationed in Ukraine.
apt29lab52avertiumukrainemagicwebnatosolarwindssnowyamberhalfrigquarterrigcobalt strikeorionteammimikatzransomware
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (4 / 25 total)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 2194c9d88a3f90ace25733dad8a3dad004dc0e4e SHA1 of b422ba73f389ae5ef9411cf4484c840c7c82f2731c6324db0b24b6f87ce8477d 2023-07-26
FileHash-SHA1 a61b35a9a9650396223bb82aad02c0ec1f1bb44b 2023-07-26
FileHash-SHA1 b260d80fa81885d63565773480ca1e436ab657a0 SHA1 of 6c55195f025fb895f9d0ec3edbf58bc0aa46c43eeb246cfb88eef1ae051171b3 2023-07-26
FileHash-SHA1 e16d41f69f5dbcffd39b9a6c1f8b5b5eda7f6651 SHA1 of e7c49758bae63c83d251cacbfada7c09af0c3038e8ff755c4c04f916385805d8 2023-07-26
References (1)
↗ https://www.avertium.com/resources/threat-reports/evolution-of-russian-apt29-new-attacks-and-techniques-uncovered