Pulse Detail — Threat Intelligence

PULSE NAME

APT29 Hackers Use GRAPELOADER in New Attack Against European Diplomats

WHITE APT29, arringtont 2025-04-16 Modified: 2025-04-16

IOCs

MEDIUM VOLUME

Russian-linked hackers are targeting European governments and government officials in a targeted phishing campaign using a new toolkit, according to research by security firm Check Point Research and the International Institute for Strategic Studies.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1574 T1547 T1566

MALWARE FAMILIES

WINELOADER

Indicators of Compromise (19)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	943d896645d1e6b6706c7bbb6966f0e5	MD5 of adfe0ef4ef181c4b19437100153e9fe7aed119f5049e5489a36692757460b9f8	2025-04-16
FileHash-MD5	a89b9bdf5f28f4380f383ee199401bdc	MD5 of 653db3b63bb0e8c2db675cd047b737cefebb1c955bd99e7a93899e2144d34358	2025-04-16
FileHash-MD5	e025fa8354968f298af3f6ef2f22d7d3	MD5 of d931078b63d94726d4be5dc1a00324275b53b935b77d3eed1712461f0c180164	2025-04-16
FileHash-MD5	e06fbace9c2297e47e6bf991f2681b2b	MD5 of 420d20cddfaada4e96824a9184ac695800764961bad7654a6a6c3fe9b1b74b9a	2025-04-16
FileHash-SHA1	476ff48b27b94f10f96c2d7fc2ba6dbb0bb51669	SHA1 of adfe0ef4ef181c4b19437100153e9fe7aed119f5049e5489a36692757460b9f8	2025-04-16
FileHash-SHA1	56248469a7c079c4174f6c8351b48294bd7a57e0	SHA1 of 420d20cddfaada4e96824a9184ac695800764961bad7654a6a6c3fe9b1b74b9a	2025-04-16
FileHash-SHA1	5a3bd2f12875098bd06b9f5a5a9405d9cf3af837	SHA1 of 653db3b63bb0e8c2db675cd047b737cefebb1c955bd99e7a93899e2144d34358	2025-04-16
FileHash-SHA1	b4221c83a3fffe7bc358dfc613c3e58fcc522a23	SHA1 of d931078b63d94726d4be5dc1a00324275b53b935b77d3eed1712461f0c180164	2025-04-16
FileHash-SHA256	24c079b24851a5cc8f61565176bbf1157b9d5559c642e31139ab8d76bbb320f8	—	2025-04-16
FileHash-SHA256	420d20cddfaada4e96824a9184ac695800764961bad7654a6a6c3fe9b1b74b9a	—	2025-04-16
FileHash-SHA256	653db3b63bb0e8c2db675cd047b737cefebb1c955bd99e7a93899e2144d34358	—	2025-04-16
FileHash-SHA256	adfe0ef4ef181c4b19437100153e9fe7aed119f5049e5489a36692757460b9f8	—	2025-04-16
FileHash-SHA256	d931078b63d94726d4be5dc1a00324275b53b935b77d3eed1712461f0c180164	—	2025-04-16
URL	https://bravecup.com/view.php	—	2025-04-16
URL	https://ophibre.com/blog.php	—	2025-04-16
domain	bakenhof.com	—	2025-04-16
domain	bravecup.com	—	2025-04-16
domain	ophibre.com	—	2025-04-16
domain	silry.com	—	2025-04-16

References (1)

↗ https://gbhackers.com/apt29-hackers-use-grapeloade/