← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
How an APT technique turns to be a public Red Team Project
WHITE APT29 AlienVault 2023-09-07 Modified: 2023-09-07
18
IOCs
MEDIUM VOLUME
A report by Yoroi's Malware ZLab and Palo Alto Networks explores the art of DLL Sideloading, as well as the evolving tactics of the APT29 cyber-espionage team.
dll sideloadingapt29iso archivelibrariesapiscobaltstrikeshellcode
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (18)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 YARA
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 ee40900d2f4734d607f0b46bd9640c2b MD5 of ffd5114ffb3a2f66757cecb2fb0079cceaa42a4b42ded566e76b7d58b4effac5 2023-09-07
FileHash-MD5 f0181a5b756ab85fdcd535f82d35ed4f MD5 of 2d866ccf2b24e3b922abb3d3980c2ed752d86b6c017bc2bf7a1c209aa9464643 2023-09-07
FileHash-SHA1 01364e95c575a4b37fa35f5576d70cf420f9ec18 SHA1 of ffd5114ffb3a2f66757cecb2fb0079cceaa42a4b42ded566e76b7d58b4effac5 2023-09-07
FileHash-SHA1 fe1573ade35d70b74e04baba95fe29f4ef22c53f SHA1 of 2d866ccf2b24e3b922abb3d3980c2ed752d86b6c017bc2bf7a1c209aa9464643 2023-09-07
FileHash-SHA256 17494a7687c8e57be6fcd486bc34aaa120105729196474ccffd078d8aa256f87 2023-09-07
FileHash-SHA256 2d866ccf2b24e3b922abb3d3980c2ed752d86b6c017bc2bf7a1c209aa9464643 2023-09-07
FileHash-SHA256 4240201a9d957a01676ab7165d112d03c7dbdba7b34778407e7b73344b3fd158 2023-09-07
FileHash-SHA256 5e352c8f55ed9be1142b09e13df7b3efac7ea9e6173b6792d9a5c44dedc3a4ee 2023-09-07
FileHash-SHA256 664b8fbd825db53ccfc5712f7cd54c71bf53f0791b1bd42af8517729653ae7ae 2023-09-07
FileHash-SHA256 6f08ce39072bdacf4a98578ca6b508b68b2c78ed2a378c73a1c87595f9d0c591 2023-09-07
FileHash-SHA256 a855012a9e198837eae04295de56d28e9258da1e933c56805b39b1f8d0d03c56 2023-09-07
FileHash-SHA256 bcc7c41209afcf67858b3ef80f0afa1eabf2e4faadcaa23bacc9aa5d57b9d836 2023-09-07
FileHash-SHA256 c8ca2199aabae9af5c59e658d11a41f76af4576204c23bf5762825171c56e5e8 2023-09-07
FileHash-SHA256 dda686d6fda52c6ab3c084b7024cfc68dba60ae2143a1095659b795f84cf2329 2023-09-07
FileHash-SHA256 f62e0ec08b15f9a4f3178c77ad540bd7369d1341472fdcbc88aecc0ed29c0387 2023-09-07
FileHash-SHA256 ffd5114ffb3a2f66757cecb2fb0079cceaa42a4b42ded566e76b7d58b4effac5 2023-09-07
YARA 02214c0c7ee94e8efebd3bebe6f788ef3390d8a9 Rule for OneDriveUpdate DLL Repackage 2023-09-07
YARA 311372f5957d95231e50389495c6dc506c57aea4 Rule for OneDriveUpdate EXE Repackage 2023-09-07
References (1)
↗ https://yoroi.company/research/how-an-apt-technique-turns-to-be-a-public-red-team-project/