Pulse Detail — Threat Intelligence

PULSE NAME

Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally | CISA

WHITE Diplomatic Orbiter AlienVault 2023-12-13 Modified: 2024-01-12

IOCs

MEDIUM VOLUME

Russia's foreign intelligence service (SVR) is targeting servers hosting TeamCity software, according to the CISA Cybersecurity and Infrastructure Security Agency (CISA), a US government agency that oversees cyber security.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1003 T1020 T1027 T1033 T1036 T1041 T1046 T1047 T1049 T1053 T1055 T1057 T1059 T1068 T1098 T1190 T1203 T1210 T1505 T1547 T1555 T1558 T1562 T1564 T1567 T1568 T1572 T1574 T1590 T1592 T1531 T1140 T1550 T1195 T1102

MALWARE FAMILIES

GraphicalProton SVR Cyber

Indicators of Compromise (38)

All URL CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 YARA domain

TYPE	INDICATOR	DESCRIPTION	CREATED
URL	https://matclick.com/wp-query.php	—	2023-12-13
CVE	CVE-2023-26360	—	2023-12-13
CVE	CVE-2023-42793	—	2023-12-13
FileHash-MD5	2d8e4f38b36c334d0a32a7324832501d	MD5 of 01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd	2023-12-13
FileHash-MD5	c996d7971c49252c582171d9380360f2	MD5 of 0296e2ce999e67c76352613a718e11516fe1b0efc3ffdb8918fc999dd76a73a5	2023-12-13
FileHash-SHA1	c948ae14761095e4d76b55d9de86412258be7afd	SHA1 of 0296e2ce999e67c76352613a718e11516fe1b0efc3ffdb8918fc999dd76a73a5	2023-12-13
FileHash-SHA1	f6f11ad2cd2b0cf95ed42324876bee1d83e01775	SHA1 of 01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd	2023-12-13
FileHash-SHA256	01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd	—	2023-12-13
FileHash-SHA256	01b5f7094de0b2c6f8e28aa9a2ded678c166d615530e595621e692a9c0240732	—	2023-12-13
FileHash-SHA256	0296e2ce999e67c76352613a718e11516fe1b0efc3ffdb8918fc999dd76a73a5	—	2023-12-13
FileHash-SHA256	18101518eae3eec6ebe453de4c4c380160774d7c3ed5c79e1813013ac1bb0b93	—	2023-12-13
FileHash-SHA256	19f1ef66e449cf2a2b0283dbb756850cca396114286e1485e35e6c672c9c3641	—	2023-12-13
FileHash-SHA256	1e74cf0223d57fd846e171f4a58790280d4593df1f23132044076560a5455ff8	—	2023-12-13
FileHash-SHA256	219fb90d2e88a2197a9e08b0e7811e2e0bd23d59233287587ccc4642c2cf3d67	—	2023-12-13
FileHash-SHA256	34c8f155601a3948ddb0d60b582cfe87de970d443cc0e05df48b1a1ad2e42b5e	—	2023-12-13
FileHash-SHA256	4bf1915785d7c6e0987eb9c15857f7ac67dc365177a1707b14822131d43a6166	—	2023-12-13
FileHash-SHA256	4ee70128c70d646c5c2a9a17ad05949cb1fbf1043e9d671998812b2dce75cf0f	—	2023-12-13
FileHash-SHA256	620d2bf14fe345eef618fdd1dac242b3a0bb65ccb75699fe00f7c671f2c1d869	—	2023-12-13
FileHash-SHA256	773f0102720af2957859d6930cd09693824d87db705b3303cef9ee794375ce13	—	2023-12-13
FileHash-SHA256	7b666b978dbbe7c032cef19a90993e8e4922b743ee839632bfa6d99314ea6c53	—	2023-12-13
FileHash-SHA256	8afb71b7ce511b0bce642f46d6fc5dd79fad86a58223061b684313966efef9c7	—	2023-12-13
FileHash-SHA256	92c7693e82a90d08249edeafbca6533fed81b62e9e056dec34c24756e0a130a6	—	2023-12-13
FileHash-SHA256	950adbaf66ab214de837e6f1c00921c501746616a882ea8c42f1bad5f9b6eff4	—	2023-12-13
FileHash-SHA256	971f0ced6c42dd2b6e3ea3e6c54d0081cf9b06e79a38c2ede3a2c5228c27a6dc	—	2023-12-13
FileHash-SHA256	b53e27c79eed8531b1e05827ace2362603fb9f77f53cee2e34940d570217cbf7	—	2023-12-13
FileHash-SHA256	c37c109171f32456bbe57b8676cc533091e387e6ba733fbaa01175c43cfb6ebd	—	2023-12-13
FileHash-SHA256	c40a8006a7b1f10b1b42fdd8d6d0f434be503fb3400fb948ac9ab8ddfa5b78a0	—	2023-12-13
FileHash-SHA256	c7b01242d2e15c3da0f45b8adec4e6913e534849cde16a2a6c480045e03fbee4	—	2023-12-13
FileHash-SHA256	c832462c15c8041191f190f7a88d25089d57f78e97161c3003d68d0cc2c4baa3	—	2023-12-13
FileHash-SHA256	cb83e5cb264161c28de76a44d0edb450745e773d24bec5869d85f69633e44dcf	—	2023-12-13
FileHash-SHA256	cd3584d61c2724f927553770924149bb51811742a461146b15b34a26c92cad43	—	2023-12-13
FileHash-SHA256	d724728344fcf3812a0664a80270f7b4980b82342449a8c5a2fa510e10600443	—	2023-12-13
FileHash-SHA256	ebe231c90fad02590fc56d5840acc63b90312b0e2fee7da3c7606027ed92600e	—	2023-12-13
FileHash-SHA256	f1b40e6e5a7cbc22f7a0bd34607b13e7e3493b8aad7431c47f1366f0256e23eb	—	2023-12-13
FileHash-SHA256	f6194121e1540c3553273709127dfa1daab96b0acfab6e92548bfb4059913c69	—	2023-12-13
YARA	ddf91c104a3cf2d2af6d44e213c97524f5286fc8	—	2023-12-13
domain	matclick.com	—	2023-12-13
domain	poetpages.com	—	2023-12-13

References (1)

↗ https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a