← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
AA23-347A Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally
WHITE AA23-347A Russian Foreign Intelligence Service healeywap 2023-12-19 Modified: 2024-01-18
73
IOCs
HIGH VOLUME
he Federal Bureau of Investigation (FBI), US Cybersecurity & Infrastructure Security Agency (CISA), National Security Agency (NSA), Polish Military Counterintelligence Service (SKW), CERT Polska (CERT.PL), and the UK's National Cyber Security Centre (NCSC) assess Russian Foreign Intelligence Service (SVR) cyber actors—also known as Advanced Persistent Threat 29 (APT 29), the Dukes, CozyBear, and NOBELIUM/Midnight Blizzard—are exploiting CVE-2023-42793 at a large scale, targeting servers hosting JetBrains TeamCity software since September 2023. The information is derived from collaborative ongoing mitigation efforts by the authoring agencies of this CSA
cyboxcommontitleindicatorstixhashbehaviorattackpatternsfileobjhashessimplehashvalueexecutionpersistenceservicecozybearpowershellshell
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (21 / 73 total)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 00c912fd20e1a0f79884377a29a9624e MD5 of 19f1ef66e449cf2a2b0283dbb756850cca396114286e1485e35e6c672c9c3641 2023-12-19
FileHash-MD5 0d1cd6a6b7279c8c30554718858545a4 MD5 of d724728344fcf3812a0664a80270f7b4980b82342449a8c5a2fa510e10600443 2023-12-19
FileHash-MD5 23448eba3f5f7267b810080bcb04110f MD5 of ebe231c90fad02590fc56d5840acc63b90312b0e2fee7da3c7606027ed92600e 2023-12-19
FileHash-MD5 2d8e4f38b36c334d0a32a7324832501d MD5 of f6f11ad2cd2b0cf95ed42324876bee1d83e01775 2023-12-19
FileHash-MD5 347b4f985414ca9f78bbbbff002e3ec6 MD5 of a4b03f1e981ccdd7e08e786c72283d5551671edf 2023-12-19
FileHash-MD5 46125424b4982c6ae17af821dedb9bfb MD5 of 18192bb4aaa1b72104be4d26460b55f31ca65baf 2023-12-19
FileHash-MD5 462076d3998d6a9acc170245808dac4f MD5 of b53e27c79eed8531b1e05827ace2362603fb9f77f53cee2e34940d570217cbf7 2023-12-19
FileHash-MD5 484617c0e2a1d6f7e95f121717e11768 MD5 of c7b01242d2e15c3da0f45b8adec4e6913e534849cde16a2a6c480045e03fbee4 2023-12-19
FileHash-MD5 5a782bc5f0d63540b666f6a07e116d81 MD5 of 281bb0dadc789b89f7ae30d5f4bdeae57c66b0e1 2023-12-19
FileHash-MD5 5ba4f88f92415a420b61d8fbe5205db2 MD5 of 219fb90d2e88a2197a9e08b0e7811e2e0bd23d59233287587ccc4642c2cf3d67 2023-12-19
FileHash-MD5 69538d033ae3309f0652ae815506fcec MD5 of 2df317b8a408d2ad5c94b9de6f20bbef03e46066 2023-12-19
FileHash-MD5 73494d133b528b19c8f1888697115d59 MD5 of f6194121e1540c3553273709127dfa1daab96b0acfab6e92548bfb4059913c69 2023-12-19
FileHash-MD5 760ada04a2b937dd81684807597b27c0 MD5 of 92c7693e82a90d08249edeafbca6533fed81b62e9e056dec34c24756e0a130a6 2023-12-19
FileHash-MD5 88357c8115dcb7e7cfb8fe30c99fe4a2 MD5 of c832462c15c8041191f190f7a88d25089d57f78e97161c3003d68d0cc2c4baa3 2023-12-19
FileHash-MD5 98a082e95628b51307343581cfb7eac7 MD5 of d4411f70e0dcc2f88d74ae7251d51c6676075f6f 2023-12-19
FileHash-MD5 9e181ace0d294148fbff5b2b45c0f3f4 MD5 of 1e74cf0223d57fd846e171f4a58790280d4593df1f23132044076560a5455ff8 2023-12-19
FileHash-MD5 a26349d2f6d4aeb629ceabd13eef6385 MD5 of c40a8006a7b1f10b1b42fdd8d6d0f434be503fb3400fb948ac9ab8ddfa5b78a0 2023-12-19
FileHash-MD5 b1cc96c1533d901d248d65289a127ea2 MD5 of 18101518eae3eec6ebe453de4c4c380160774d7c3ed5c79e1813013ac1bb0b93 2023-12-19
FileHash-MD5 c996d7971c49252c582171d9380360f2 MD5 of c948ae14761095e4d76b55d9de86412258be7afd 2023-12-19
FileHash-MD5 cd6f6b6a05cd94839beaae7f59b4d6dd MD5 of 4bf1915785d7c6e0987eb9c15857f7ac67dc365177a1707b14822131d43a6166 2023-12-19
FileHash-MD5 df6da9b86835eacbda212e5ab9d77c68 MD5 of c37c109171f32456bbe57b8676cc533091e387e6ba733fbaa01175c43cfb6ebd 2023-12-19