Pulse Detail — Threat Intelligence

PULSE NAME

Backchannel Diplomacy: APT29’s Rapidly Evolving Diplomatic Phishing Operations

WHITE APT29 AlienVault 2023-09-25 Modified: 2023-10-03

124

IOCs

HIGH VOLUME

APT29’s pace of operations and emphasis on Ukraine increased in the first half of 2023 as Kyiv launched its counteroffensive, pointing to the SVR’s central role in collecting intelligence concerning the current pivotal phase of the war.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1012 T1027 T1030 T1036 T1053 T1055 T1057 T1059 T1070 T1071 T1082 T1083 T1087 T1102 T1105 T1112 T1133 T1140 T1204 T1497 T1518 T1566 T1571 T1573 T1583 T1584 T1588 T1608 T1547 T1127

Indicators of Compromise (16 / 124 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 YARA domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-SHA1	15d9b5a0d442e9dccf1e0f0ded34f7b6014c47b6	SHA1 of 0be11b4f34ede748892ea49e473d82db	2023-09-25
FileHash-SHA1	1615e1f0413086d0fe82e4a4756535645ddd99ea	SHA1 of 854e5c592e93b69b8ab08dbc8a0b673f	2023-09-25
FileHash-SHA1	1a1ca670117c3c3478ec414d74d3c315fd321b3a	SHA1 of 556857ccb27b527e05415eb6d443aee1	2023-09-25
FileHash-SHA1	1c3484db28964f43ee9587bc0260d86ac7e7cc0c	SHA1 of 9e51506816ad620c9e6474c52a9004a6	2023-09-25
FileHash-SHA1	29bab281b479fd972cbceb7cbae39ca62de3ddc4	SHA1 of 129da1e7c8613fd8c2843d9ec191e30e	2023-09-25
FileHash-SHA1	58353e513c91cff6bbf350a52b58a232302f6339	SHA1 of f4ef5672af889429d95f111ea65ff490	2023-09-25
FileHash-SHA1	5e58f3ce5b42d1b3c1658bdc9db5b27b4993a3cf	SHA1 of 50f57a4a4bf2c4b504954a36d48c99e7	2023-09-25
FileHash-SHA1	61da2d2655c84d0cde2f2f3192cd377924c31798	SHA1 of 62b2031f8988105efdf473bdfedd07f5	2023-09-25
FileHash-SHA1	6363481bdc4362bb54234009fa30fa1cfd79cca8	SHA1 of 53270b3968004cb48dac1a1b239ed23d	2023-09-25
FileHash-SHA1	7c983eeac2f60abaaf49bc349dfb7079b716d6a3	SHA1 of fc53c75289309ffb7f65a3513e7519eb	2023-09-25
FileHash-SHA1	b260d80fa81885d63565773480ca1e436ab657a0	SHA1 of b1820abc3a1ce2d32af04c18f9d2bfc3	2023-09-25
FileHash-SHA1	da9288360f9be5adc9004b194674f6486c1277e8	SHA1 of 301a7273418bceaa3fb15b15f69dd32a	2023-09-25
FileHash-SHA1	dd3064f22d73f62ef71e0f18d732790726606f36	SHA1 of b48a16fdf890283cac7484ef0911a1f2	2023-09-25
FileHash-SHA1	ec40177987b0f31cf69a608564e8ea423419850b	SHA1 of 0032b8eabdc41e01923fabca5fe8a06b	2023-09-25
FileHash-SHA1	fa71d067f8187a023334c5503e66fd9be2b73698	SHA1 of 5e1389b494edc86e17ff1783ed6b9d37	2023-09-25
FileHash-SHA1	fdc29d3caac12ab8978761bd4bbbd5a13158cee9	SHA1 of dfbdd308e22898f680b6c2c8eb052fb5	2023-09-25

References (1)

↗ https://www.mandiant.com/resources/blog/apt29-evolving-diplomatic-phishing