Pulse Detail — Threat Intelligence

PULSE NAME

Backchannel Diplomacy: APT29’s Rapidly Evolving Diplomatic Phishing Operations

WHITE APT29 AlienVault 2023-09-25 Modified: 2023-10-03

124

IOCs

HIGH VOLUME

APT29’s pace of operations and emphasis on Ukraine increased in the first half of 2023 as Kyiv launched its counteroffensive, pointing to the SVR’s central role in collecting intelligence concerning the current pivotal phase of the war.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1012 T1027 T1030 T1036 T1053 T1055 T1057 T1059 T1070 T1071 T1082 T1083 T1087 T1102 T1105 T1112 T1133 T1140 T1204 T1497 T1518 T1566 T1571 T1573 T1583 T1584 T1588 T1608 T1547 T1127

Indicators of Compromise (124)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 YARA domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	0032b8eabdc41e01923fabca5fe8a06b	—	2023-09-25
FileHash-MD5	0065cffe5a1c6a33900b781835aa9693	—	2023-09-25
FileHash-MD5	036ab9f19b63d44aaccf0f965df9434c	—	2023-09-25
FileHash-MD5	0b0707ce90548f0c8b952138fff62742	—	2023-09-25
FileHash-MD5	0be11b4f34ede748892ea49e473d82db	—	2023-09-25
FileHash-MD5	0d5b12c50173a176b0a8ba5a97a831d8	—	2023-09-25
FileHash-MD5	129da1e7c8613fd8c2843d9ec191e30e	—	2023-09-25
FileHash-MD5	1485b591e654327c1d032a901940b149	—	2023-09-25
FileHash-MD5	166f7269c2a69d8d1294a753f9e53214	—	2023-09-25
FileHash-MD5	16d489cc5a91e7dbe74d1c9399534eac	—	2023-09-25
FileHash-MD5	1aee5bf23edb7732fd0e6b2c61a959ce	—	2023-09-25
FileHash-MD5	1c0059d976795ceded7c1dd706e74bd1	—	2023-09-25
FileHash-MD5	1d54c487e6c8a08517fdb8efedfcd459	—	2023-09-25
FileHash-MD5	1ec49b2cb9d4ba265678359e117809b8	—	2023-09-25
FileHash-MD5	1ed822cc08ba08413c4a60023e0d590c	—	2023-09-25
FileHash-MD5	1f21f9948b412f0198f928ed3266786b	—	2023-09-25
FileHash-MD5	22adbffd1dbf3e13d036f936049a2e98	—	2023-09-25
FileHash-MD5	295527e2e38da97167979ade004de880	—	2023-09-25
FileHash-MD5	301a7273418bceaa3fb15b15f69dd32a	—	2023-09-25
FileHash-MD5	33312f16fd5b88470a0e7560954ae459	—	2023-09-25
FileHash-MD5	38719acc6254b7ff70dc8a7723bd8e92	—	2023-09-25
FileHash-MD5	3f57258dce31ba0c80002130b8657b2b	—	2023-09-25
FileHash-MD5	41944bb155ecf70193245d8c3485dd2e	—	2023-09-25
FileHash-MD5	4355851b6fcf2d44e3fd47f47a5e9502	—	2023-09-25
FileHash-MD5	4a13138e1f38b2817a63417d67038429	—	2023-09-25
FileHash-MD5	4b0921979d3054d9f0dad48e9560b9ca	—	2023-09-25
FileHash-MD5	4c00d883444c78f19c3a1af191614491	—	2023-09-25
FileHash-MD5	4f744666d2a2dc95419208c61e42f163	—	2023-09-25
FileHash-MD5	50f57a4a4bf2c4b504954a36d48c99e7	—	2023-09-25
FileHash-MD5	53270b3968004cb48dac1a1b239ed23d	—	2023-09-25
FileHash-MD5	556857ccb27b527e05415eb6d443aee1	—	2023-09-25
FileHash-MD5	5569fb4e9140974a80b4b7587b026913	—	2023-09-25
FileHash-MD5	595d8ea258ef8d8ec70b0e8a740e903c	—	2023-09-25
FileHash-MD5	5bcf04c0fb0f62fc5f4b83789477a699	—	2023-09-25
FileHash-MD5	5e1389b494edc86e17ff1783ed6b9d37	—	2023-09-25
FileHash-MD5	5ff4831ee70c07e33c1bbe091840d5ee	—	2023-09-25
FileHash-MD5	62b2031f8988105efdf473bdfedd07f5	—	2023-09-25
FileHash-MD5	68cc826c2c58cb74abe3e5ef2123102c	—	2023-09-25
FileHash-MD5	6b41c60c24916e3c32acd90bbd7b92f9	—	2023-09-25
FileHash-MD5	78062da99751c0a520ca4ac9fa59af73	—	2023-09-25
FileHash-MD5	7a5988423f731d8b36d01926e715dd11	—	2023-09-25
FileHash-MD5	800f766f728a4418b0c682a867673341	—	2023-09-25
FileHash-MD5	84b078d4a9e6e2a03e8ae1eca072dc83	—	2023-09-25
FileHash-MD5	854e5c592e93b69b8ab08dbc8a0b673f	—	2023-09-25
FileHash-MD5	880120da2f075155524430ceab7c058e	—	2023-09-25
FileHash-MD5	9159d3c58c5d970ed25c2db9c9487d7a	—	2023-09-25
FileHash-MD5	9685dae9ed8d2bf13b66593c1d7cd2eb	—	2023-09-25
FileHash-MD5	9e42b22d66f0fe0fae24af219773ac87	—	2023-09-25
FileHash-MD5	9e51506816ad620c9e6474c52a9004a6	—	2023-09-25
FileHash-MD5	a3067a0262e651e94329869f43a51722	—	2023-09-25
FileHash-MD5	ac78497929569682133e02dec9b67870	—	2023-09-25
FileHash-MD5	aec65c1e6a6f9b3782174c192780f5b4	—	2023-09-25
FileHash-MD5	b051e8efb40c2c435d77f3be77c59488	—	2023-09-25
FileHash-MD5	b12a4b8ec485ad9f9c4cae1e25a35db8	—	2023-09-25
FileHash-MD5	b1820abc3a1ce2d32af04c18f9d2bfc3	—	2023-09-25
FileHash-MD5	b382d0f8b130cd1804782d400a4d4f55	—	2023-09-25
FileHash-MD5	b4141aa8d234137f0b9549a448158a95	—	2023-09-25
FileHash-MD5	b48a16fdf890283cac7484ef0911a1f2	—	2023-09-25
FileHash-MD5	bc4b0bd5da76b683cc28849b1eed504d	—	2023-09-25
FileHash-MD5	c60aa80e0e58c2758f0bac037ec16dca	—	2023-09-25
FileHash-MD5	d67f83dcda6d01bedf08a51df7415d14	—	2023-09-25
FileHash-MD5	d6986d991c41afcc2e71fc30bde851d1	—	2023-09-25
FileHash-MD5	db2d9d2704d320ecbd606a8720c22559	—	2023-09-25
FileHash-MD5	dbc9223af733d0140be136cf32a990d9	—	2023-09-25
FileHash-MD5	dd2e5debb0ae8b8bccac5c1fbef6bb5a	—	2023-09-25
FileHash-MD5	dfbdd308e22898f680b6c2c8eb052fb5	—	2023-09-25
FileHash-MD5	e306333093eaf198f4d416d25a40784a	—	2023-09-25
FileHash-MD5	eccf100bc3d6e901f17a0eced5752ca7	—	2023-09-25
FileHash-MD5	eeded26943a7b2fdef7608fb21bbfd66	—	2023-09-25
FileHash-MD5	efe86302838ad2ab091540f4e0f7b75a	—	2023-09-25
FileHash-MD5	f089fd7204552aec41f64b1eb6b03eda	—	2023-09-25
FileHash-MD5	f4ef5672af889429d95f111ea65ff490	—	2023-09-25
FileHash-MD5	fc47284181f2bb6785e91c9b92710d78	—	2023-09-25
FileHash-MD5	fc53c75289309ffb7f65a3513e7519eb	—	2023-09-25
FileHash-MD5	ffce57940b0257a72db4969565cbcebc	—	2023-09-25
FileHash-SHA1	15d9b5a0d442e9dccf1e0f0ded34f7b6014c47b6	SHA1 of 0be11b4f34ede748892ea49e473d82db	2023-09-25
FileHash-SHA1	1615e1f0413086d0fe82e4a4756535645ddd99ea	SHA1 of 854e5c592e93b69b8ab08dbc8a0b673f	2023-09-25
FileHash-SHA1	1a1ca670117c3c3478ec414d74d3c315fd321b3a	SHA1 of 556857ccb27b527e05415eb6d443aee1	2023-09-25
FileHash-SHA1	1c3484db28964f43ee9587bc0260d86ac7e7cc0c	SHA1 of 9e51506816ad620c9e6474c52a9004a6	2023-09-25
FileHash-SHA1	29bab281b479fd972cbceb7cbae39ca62de3ddc4	SHA1 of 129da1e7c8613fd8c2843d9ec191e30e	2023-09-25
FileHash-SHA1	58353e513c91cff6bbf350a52b58a232302f6339	SHA1 of f4ef5672af889429d95f111ea65ff490	2023-09-25
FileHash-SHA1	5e58f3ce5b42d1b3c1658bdc9db5b27b4993a3cf	SHA1 of 50f57a4a4bf2c4b504954a36d48c99e7	2023-09-25
FileHash-SHA1	61da2d2655c84d0cde2f2f3192cd377924c31798	SHA1 of 62b2031f8988105efdf473bdfedd07f5	2023-09-25
FileHash-SHA1	6363481bdc4362bb54234009fa30fa1cfd79cca8	SHA1 of 53270b3968004cb48dac1a1b239ed23d	2023-09-25
FileHash-SHA1	7c983eeac2f60abaaf49bc349dfb7079b716d6a3	SHA1 of fc53c75289309ffb7f65a3513e7519eb	2023-09-25
FileHash-SHA1	b260d80fa81885d63565773480ca1e436ab657a0	SHA1 of b1820abc3a1ce2d32af04c18f9d2bfc3	2023-09-25
FileHash-SHA1	da9288360f9be5adc9004b194674f6486c1277e8	SHA1 of 301a7273418bceaa3fb15b15f69dd32a	2023-09-25
FileHash-SHA1	dd3064f22d73f62ef71e0f18d732790726606f36	SHA1 of b48a16fdf890283cac7484ef0911a1f2	2023-09-25
FileHash-SHA1	ec40177987b0f31cf69a608564e8ea423419850b	SHA1 of 0032b8eabdc41e01923fabca5fe8a06b	2023-09-25
FileHash-SHA1	fa71d067f8187a023334c5503e66fd9be2b73698	SHA1 of 5e1389b494edc86e17ff1783ed6b9d37	2023-09-25
FileHash-SHA1	fdc29d3caac12ab8978761bd4bbbd5a13158cee9	SHA1 of dfbdd308e22898f680b6c2c8eb052fb5	2023-09-25
FileHash-SHA256	0dd55a234be8e3e07b0eb19f47abe594295889564ce6a9f6e8cc4d3997018839	SHA256 of 854e5c592e93b69b8ab08dbc8a0b673f	2023-09-25
FileHash-SHA256	19442634bc2e0bfa6d08b7be333a351b932a517a1002c0e1c49fea8381372a6e	SHA256 of dfbdd308e22898f680b6c2c8eb052fb5	2023-09-25
FileHash-SHA256	302c0d553c9e7f2561864d79022b780a53ec0a5927e8962d883b88dde249d044	SHA256 of fc53c75289309ffb7f65a3513e7519eb	2023-09-25
FileHash-SHA256	311e9c8cf6d0b295074ffefaa9f277cb1f806343be262c59f88fbdf6fe242517	SHA256 of 556857ccb27b527e05415eb6d443aee1	2023-09-25
FileHash-SHA256	38f8b8036ed2a0b5abb8fbf264ee6fd2b82dcd917f60d9f1d8f18d07c26b1534	SHA256 of 53270b3968004cb48dac1a1b239ed23d	2023-09-25
FileHash-SHA256	59e5b2a7a3903e4fb9a23174b655adb75eb490625ddb126ef29446e47de4099f	SHA256 of 301a7273418bceaa3fb15b15f69dd32a	2023-09-25
FileHash-SHA256	60d96d8d3a09f822ded0a3c84194a5d88ed62a979cbb6378545b45b04353bb37	SHA256 of 129da1e7c8613fd8c2843d9ec191e30e	2023-09-25
FileHash-SHA256	62ce8e1489a8b87539792c07179faf1db1b46caa39b55902a4d82dcec44d72ae	SHA256 of 62b2031f8988105efdf473bdfedd07f5	2023-09-25
FileHash-SHA256	6c55195f025fb895f9d0ec3edbf58bc0aa46c43eeb246cfb88eef1ae051171b3	SHA256 of b1820abc3a1ce2d32af04c18f9d2bfc3	2023-09-25
FileHash-SHA256	7a9d27006887464220c456cc1cdbcf7766bc8fd760114b79b04a7e3fef73b33a	SHA256 of f4ef5672af889429d95f111ea65ff490	2023-09-25
FileHash-SHA256	7fc9e830756e23aa4b050f4ceaeb2a83cd71cfc0145392a0bc03037af373066b	SHA256 of 5e1389b494edc86e17ff1783ed6b9d37	2023-09-25
FileHash-SHA256	a8ae10b43cbf4e3344e0184b33a699b19a29866bc1e41201ace1a995e8ca3149	SHA256 of 9e51506816ad620c9e6474c52a9004a6	2023-09-25
FileHash-SHA256	ae79aa17e6f3cc8e816e32335738b61b343e78c20abb8ae044adfeac5d97bf70	SHA256 of 0be11b4f34ede748892ea49e473d82db	2023-09-25
FileHash-SHA256	b6d26c5b2b2300fa8bf784919638ba849805896cf969c5c330668b350907c148	SHA256 of 50f57a4a4bf2c4b504954a36d48c99e7	2023-09-25
FileHash-SHA256	c62199ef9c2736d15255f5deaa663158a7bb3615ba9262eb67e3f4adada14111	SHA256 of 0032b8eabdc41e01923fabca5fe8a06b	2023-09-25
FileHash-SHA256	d7bda5e39327fe12b0c1f42c8e27787f177a352f8eebafbe35d3e790724eceff	SHA256 of b48a16fdf890283cac7484ef0911a1f2	2023-09-25
YARA	0c6066c71fef8c472b98b4dc42b98b2f5302532d	Detects the deobfuscation algorithm and rc4 from STATICNOISE	2023-09-25
YARA	2fc6dd4a248d402145d3a631764570e1da18f4ea	Searches for the custom chaskey implementation	2023-09-25
YARA	30fdf6337a01168eaa7d68a1bc4e5aa32faf9c23	Detects the RC4 encryption algorithm used in MUSKYBEAT	2023-09-25
YARA	3157669431e690b2859c67bc99068f14f07be39b	Detects the structure of the Donut loader	2023-09-25
YARA	7ebbfde758b21b31ae20ee24856247a00e09635e	Detects Shellcode RDI projects from https://github.com/monoxgas/sRDI/blob/master/ShellcodeRDI	2023-09-25
domain	gavice.ng	—	2023-09-25
domain	inovaoftalmologia.com.br	—	2023-09-25
domain	kegas.id	—	2023-09-25
domain	kitaeri.com	—	2023-09-25
domain	parquesanrafael.cl	—	2023-09-25
domain	resetlocations.com	—	2023-09-25
domain	sgrfh.org.pk	—	2023-09-25
domain	sgrhf.org.pk	—	2023-09-25
domain	sharpledge.com	—	2023-09-25
domain	simplesalsamix.com	—	2023-09-25
domain	sylvio.com.br	—	2023-09-25
hostname	www.willyminiatures.com	—	2023-09-25

References (1)

↗ https://www.mandiant.com/resources/blog/apt29-evolving-diplomatic-phishing