ADVANCED PERSISTENT THREAT profile
Common Information
| Type | Value |
|---|---|
| UUID | 41bb7b0c-2797-452d-bb6b-667f25677e76 |
| Fingerprint | 88650776769ac34af3c227982ab8d7302122c3ca8d235fa1c0aace9db8d9f904 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | March 2, 2023, 6:11 p.m. |
| Added to db | May 14, 2024, 9:21 p.m. |
| Last updated | Aug. 31, 2024, 8:47 a.m. |
| Headline | ADVANCED PERSISTENT THREAT profile |
| Title | ADVANCED PERSISTENT THREAT profile |
| Detected Hints/Tags/Attributes | 252/4/94 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 11 | cve-2020-10148 |
|
| Details | Domain | 118 | sekoia.io |
|
| Details | Domain | 105 | web.archive.org |
|
| Details | Domain | 11 | blog.f-secure.com |
|
| Details | Domain | 45 | www.whitehouse.gov |
|
| Details | Domain | 172 | www.crowdstrike.com |
|
| Details | Domain | 469 | www.cisa.gov |
|
| Details | Domain | 1 | www.valisluureamet.ee |
|
| Details | Domain | 403 | securelist.com |
|
| Details | Domain | 49 | home.treasury.gov |
|
| Details | Domain | 262 | www.welivesecurity.com |
|
| Details | Domain | 36 | www.volexity.com |
|
| Details | Domain | 80 | www.eset.com |
|
| Details | Domain | 3 | ecfr.eu |
|
| Details | Domain | 397 | www.microsoft.com |
|
| Details | Domain | 98 | www.secureworks.com |
|
| Details | Domain | 36 | www.gao.gov |
|
| Details | Domain | 39 | www.wsj.com |
|
| Details | Domain | 6 | www.mimecast.com |
|
| Details | Domain | 110 | doi.org |
|
| Details | Domain | 4 | eurepoc.eu |
|
| Details | Domain | 2 | www.eurepoc.eu |
|
| Details | 2 | contact@eurepoc.eu |
||
| Details | File | 7 | rpt-apt29-hammertoss.pdf |
|
| Details | File | 1 | secure_dukes_whitepaper.pdf |
|
| Details | File | 3 | sector.pdf |
|
| Details | File | 4 | apt-groups.html |
|
| Details | File | 1 | with%20svr%20cyber%20actors.pdf |
|
| Details | File | 1 | 2018-en.pdf |
|
| Details | File | 3 | eset_operation_ghost_dukes.pdf |
|
| Details | File | 1 | _putins_hydra_inside_the_russian_intelligence_services_1513.pdf |
|
| Details | File | 1 | -20210507.htm |
|
| Details | File | 1 | 20201214.htm |
|
| Details | File | 1 | gao-22-104746.pdf |
|
| Details | Mandiant Uncategorized Groups | 97 | UNC2452 |
|
| Details | Threat Actor Identifier - APT | 665 | APT29 |
|
| Details | Threat Actor Identifier - APT | 783 | APT28 |
|
| Details | Url | 1 | https://web.archive.org/web/20230213100918/https://blog.f-secure.com/podcast-dukes-apt29 |
|
| Details | Url | 1 | https://web.archive.org/web/20221207170022/https://www2.fireeye.com/rs/848-did-242/images/rpt-apt29-hammertoss.pdf |
|
| Details | Url | 1 | https://web.archive.org/web/20220529110050/https://www.crowdstrike.com/blog/bear-hunting-tracking-cozybear-backdoors |
|
| Details | Url | 1 | https://web.archive.org/web/20230203041243/https://www.whitehouse.gov/briefing-room/statements- |
|
| Details | Url | 1 | https://web.archive.org/web/20221015121127/http://www.gov.uk/government/news/russia-uk-and-us-expose-global- |
|
| Details | Url | 1 | https://web.archive.org/web/20230202135005/https://www.crowdstrike.com/blog/bears-midst-intrusion- |
|
| Details | Url | 1 | https://web.archive.org/web/20220922142638/https://nos.nl/nieuwsuur/artikel/2213767-dutch-intelligence-first- |
|
| Details | Url | 1 | https://web.archive.org/web/20230128051344/http://blog-assets.f-secure.com/wp-content/uploads/2020/03/18122307/f- |
|
| Details | Url | 1 | https://web.archive.org/web/20221116160510/https://symantec.broadcom.com/hubfs/attacks-against-government- |
|
| Details | Url | 1 | https://web.archive.org/web/20230213152334/https://www.ncsc.gov.uk/news/uk-and-allies-expose-russian-attacks-on- |
|
| Details | Url | 1 | https://web.archive.org/web/20221227065208/https://www.mandiant.com/resources/blog/unc2452-merged-into-apt29 |
|
| Details | Url | 1 | https://web.archive.org/web/20220901070815/https://adversary.crowdstrike.com/en-us/adversary/cozy-bear |
|
| Details | Url | 1 | https://web.archive.org/web/20221225152021/https://www.kaspersky.com/enterprise-security/mitre/apt29 |
|
| Details | Url | 1 | https://web.archive.org/web/20230213154641/https://edition.cnn.com/2015/03/10/politics/state-department-hack-worst- |
|
| Details | Url | 1 | https://web.archive.org/web/20230213160002/https://www.fireeye.de/current-threats/apt-groups.html#groups |
|
| Details | Url | 1 | https://web.archive.org/web/20230116024834/https://www.mandiant.com/resources/blog/evasive-attacker-leverages- |
|
| Details | Url | 1 | https://web.archive.org/web/20221217211912/https://www.cisa.gov/uscert/ncas/alerts/aa22-011a |
|
| Details | Url | 1 | https://web.archive.org/web/20221218001943/https://www.ncsc.gov.uk/files/advisory%20further%20ttps%20associated%20 |
|
| Details | Url | 1 | https://web.archive.org/web/20221206115839/https://quointelligence.eu/2021/04/us-sanctions-against-russias- |
|
| Details | Url | 1 | https://web.archive.org/web/20230202133006/https://www.valisluureamet.ee/doc/raport/2018-en.pdf |
|
| Details | Url | 1 | https://web.archive.org/web/20230213164540/https://securelist.com/sunburst-backdoor-kazuar/99981 |
|
| Details | Url | 1 | https://web.archive.org/web/20230202161319/https://home.treasury.gov/news/press-releases/jy0127 |
|
| Details | Url | 1 | https://web.archive.org/web/20230213165605/https://www.welivesecurity.com/wp- |
|
| Details | Url | 1 | https://web.archive.org/web/20230213165928/https://www.techtarget.com/whatis/feature/solarwinds-hack- |
|
| Details | Url | 1 | https://web.archive.org/web/20230212021017/https://www.techtarget.com/searchsecurity/news/252523950/russian-cyber- |
|
| Details | Url | 1 | https://web.archive.org/web/20230213170450/https://unit42.paloaltonetworks.com/cloaked-ursa-online-storage- |
|
| Details | Url | 1 | https://web.archive.org/web/20230201233601/https://www.microsoft.com/en-us/security/blog/2021/11/10/the- |
|
| Details | Url | 1 | https://web.archive.org/web/20230213202117/https://www.secureworks.com/research/threat-profiles/iron-ritual |
|
| Details | Url | 1 | https://web.archive.org/web/20221208032006/http://www.volexity.com/blog/tag/dukes |
|
| Details | Url | 1 | https://web.archive.org/web/20230213202243/https://www.eset.com/in/about/newsroom/press- |
|
| Details | Url | 1 | https://web.archive.org/web/20230122005142/https://www.mandiant.com/resources/blog/apt29-continues-targeting- |
|
| Details | Url | 1 | https://web.archive.org/web/20230214105303/https://ecfr.eu/wp-content/uploads/ecfr_169_- |
|
| Details | Url | 1 | https://web.archive.org/web/20230202161250/https://cepa.org/web/20230202161250/https://cepa.org/comprehensive- |
|
| Details | Url | 1 | https://web.archive.org/web/20230214110520/https://www.sekoia.io/en/resources/glossary/apt29-aka-nobelium-cozy-bear |
|
| Details | Url | 1 | https://web.archive.org/web/20230214111353/https://www.mandiant.com/resources/blog/apt29-windows-credential- |
|
| Details | Url | 1 | https://web.archive.org/web/20230214111654/https://www.volexity.com/blog/2020/12/14/dark-halo-leverages- |
|
| Details | Url | 1 | https://web.archive.org/web/20230214111943/https://www.volexity.com/blog/2016/11/09/powerduke- |
|
| Details | Url | 1 | https://web.archive.org/web/20230214112214/https://www.whitehouse.gov/briefing-room/presidential- |
|
| Details | Url | 1 | https://web.archive.org/web/20230214112545/https://www.theguardian.com/world/2021/jul/15/kremlin-papers-appear-to- |
|
| Details | Url | 1 | https://web.archive.org/web/20230214113212/https://home.treasury.gov/news/press- |
|
| Details | Url | 1 | https://web.archive.org/web/20131217102330/https://www.securelist.com/en/blog/208194129/the_miniduke_mystery_pdf |
|
| Details | Url | 1 | https://web.archive.org/web/20230222151224/https://www.cisa.gov/uscert/ncas/analysis-reports/ar21-027a |
|
| Details | Url | 1 | https://web.archive.org/web/20230222151254/https://www.microsoft.com/en- |
|
| Details | Url | 1 | https://web.archive.org/web/20220928153502/https://www.secureworks.com/blog/supernova-web-shell- |
|
| Details | Url | 1 | https://web.archive.org/web/20230222152125/https://unit42.paloaltonetworks.com/unit42-kazuar-multiplatform-espionage- |
|
| Details | Url | 1 | https://web.archive.org/web/20230222152413/https://www.sec.gov/archives/edgar/data/1739942/000173994221000076/swi |
|
| Details | Url | 1 | https://web.archive.org/web/2/https://www.sec.gov/ix?doc= |
|
| Details | Url | 1 | https://web.archive.org/web/20221217234133/https://www.gao.gov/assets/gao-22-104746.pdf |
|
| Details | Url | 1 | https://web.archive.org/web/20230222172324/https://www.cbsnews.com/news/solarwinds-hack-russia-cyberattack-60- |
|
| Details | Url | 1 | https://web.archive.org/web/20230222172723/https://www.wsj.com/articles/hack-suggests-new-scope- |
|
| Details | Url | 1 | https://web.archive.org/web/20230222172725/https://blogs.microsoft.com/on-the-issues/2020/12/17/cyberattacks- |
|
| Details | Url | 1 | https://web.archive.org/web/20230222173054/https://www.securityweek.com/more-cybersecurity-firms-confirm-being-hit- |
|
| Details | Url | 1 | https://web.archive.org/web/20230222173139/https://www.crowdstrike.com/blog/crowdstrike- |
|
| Details | Url | 1 | https://web.archive.org/web/20230213162955/https://www.mimecast.com/incident-report |
|
| Details | Url | 1 | https://web.archive.org/web/20230222173123/https://msrc.microsoft.com/blog/2021/02/microsoft-internal-solorigate- |
|
| Details | Url | 1 | https://web.archive.org/web/20230222173200/https://www.mandiant.com/resources/blog/unauthorized-access-of-fireeye- |
|
| Details | Url | 1 | https://doi.org/10.7802/2494 |