← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Backchannel Diplomacy: APT29’s Rapidly Evolving Diplomatic Phishing Operations
WHITE APT29 AlienVault 2023-09-25 Modified: 2023-10-03
124
IOCs
HIGH VOLUME
APT29’s pace of operations and emphasis on Ukraine increased in the first half of 2023 as Kyiv launched its counteroffensive, pointing to the SVR’s central role in collecting intelligence concerning the current pivotal phase of the war.
APT29JavaScriptWindows shortcutBEACONBRC4
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (16 / 124 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 YARA domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 0dd55a234be8e3e07b0eb19f47abe594295889564ce6a9f6e8cc4d3997018839 SHA256 of 854e5c592e93b69b8ab08dbc8a0b673f 2023-09-25
FileHash-SHA256 19442634bc2e0bfa6d08b7be333a351b932a517a1002c0e1c49fea8381372a6e SHA256 of dfbdd308e22898f680b6c2c8eb052fb5 2023-09-25
FileHash-SHA256 302c0d553c9e7f2561864d79022b780a53ec0a5927e8962d883b88dde249d044 SHA256 of fc53c75289309ffb7f65a3513e7519eb 2023-09-25
FileHash-SHA256 311e9c8cf6d0b295074ffefaa9f277cb1f806343be262c59f88fbdf6fe242517 SHA256 of 556857ccb27b527e05415eb6d443aee1 2023-09-25
FileHash-SHA256 38f8b8036ed2a0b5abb8fbf264ee6fd2b82dcd917f60d9f1d8f18d07c26b1534 SHA256 of 53270b3968004cb48dac1a1b239ed23d 2023-09-25
FileHash-SHA256 59e5b2a7a3903e4fb9a23174b655adb75eb490625ddb126ef29446e47de4099f SHA256 of 301a7273418bceaa3fb15b15f69dd32a 2023-09-25
FileHash-SHA256 60d96d8d3a09f822ded0a3c84194a5d88ed62a979cbb6378545b45b04353bb37 SHA256 of 129da1e7c8613fd8c2843d9ec191e30e 2023-09-25
FileHash-SHA256 62ce8e1489a8b87539792c07179faf1db1b46caa39b55902a4d82dcec44d72ae SHA256 of 62b2031f8988105efdf473bdfedd07f5 2023-09-25
FileHash-SHA256 6c55195f025fb895f9d0ec3edbf58bc0aa46c43eeb246cfb88eef1ae051171b3 SHA256 of b1820abc3a1ce2d32af04c18f9d2bfc3 2023-09-25
FileHash-SHA256 7a9d27006887464220c456cc1cdbcf7766bc8fd760114b79b04a7e3fef73b33a SHA256 of f4ef5672af889429d95f111ea65ff490 2023-09-25
FileHash-SHA256 7fc9e830756e23aa4b050f4ceaeb2a83cd71cfc0145392a0bc03037af373066b SHA256 of 5e1389b494edc86e17ff1783ed6b9d37 2023-09-25
FileHash-SHA256 a8ae10b43cbf4e3344e0184b33a699b19a29866bc1e41201ace1a995e8ca3149 SHA256 of 9e51506816ad620c9e6474c52a9004a6 2023-09-25
FileHash-SHA256 ae79aa17e6f3cc8e816e32335738b61b343e78c20abb8ae044adfeac5d97bf70 SHA256 of 0be11b4f34ede748892ea49e473d82db 2023-09-25
FileHash-SHA256 b6d26c5b2b2300fa8bf784919638ba849805896cf969c5c330668b350907c148 SHA256 of 50f57a4a4bf2c4b504954a36d48c99e7 2023-09-25
FileHash-SHA256 c62199ef9c2736d15255f5deaa663158a7bb3615ba9262eb67e3f4adada14111 SHA256 of 0032b8eabdc41e01923fabca5fe8a06b 2023-09-25
FileHash-SHA256 d7bda5e39327fe12b0c1f42c8e27787f177a352f8eebafbe35d3e790724eceff SHA256 of b48a16fdf890283cac7484ef0911a1f2 2023-09-25
References (1)
↗ https://www.mandiant.com/resources/blog/apt29-evolving-diplomatic-phishing