CAMPAGNES D'ATTAQUES DU MODE OPÉRATOIRE APT28 DEPUIS 2021
Common Information
| Type | Value |
|---|---|
| UUID | 88cec47b-78a0-40da-a13d-7b99b932429a |
| Fingerprint | 08b62bfd2e5a8b057182768f16ed9436d88bc801cf2c0ed24b0787ce4725efa7 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Oct. 25, 2023, 6:02 p.m. |
| Added to db | March 10, 2024, 3:23 a.m. |
| Last updated | Aug. 31, 2024, 4:52 a.m. |
| Headline | CAMPAGNES D'ATTAQUES DU MODE OPÉRATOIRE APT28 DEPUIS 2021 |
| Title | CAMPAGNES D'ATTAQUES DU MODE OPÉRATOIRE APT28 DEPUIS 2021 |
| Detected Hints/Tags/Attributes | 113/3/153 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://www.cert.ssi.gouv.fr/uploads/CERTFR-2023-CTI-009.pdf |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CERT Ukraine | 19 | UAC-0028 |
|
| Details | CVE | 176 | cve-2023-23397 |
|
| Details | CVE | 172 | cve-2022-30190 |
|
| Details | CVE | 24 | cve-2020-12641 |
|
| Details | CVE | 48 | cve-2020-35730 |
|
| Details | CVE | 24 | cve-2021-44026 |
|
| Details | CVE | 71 | cve-2020-0688 |
|
| Details | CVE | 10 | cve-2020-17144 |
|
| Details | CVE | 43 | cve-2023-24880 |
|
| Details | Domain | 7 | mocky.io |
|
| Details | Domain | 13 | mockbin.org |
|
| Details | Domain | 1 | goldenloafuae.com |
|
| Details | Domain | 1 | regencyservice.in |
|
| Details | Domain | 1 | 4ginfosource.com |
|
| Details | Domain | 1 | bplanka.com |
|
| Details | Domain | 1 | ukwwfze.com |
|
| Details | Domain | 1 | bhpcapital.com |
|
| Details | Domain | 1 | tsc-me.com |
|
| Details | Domain | 1 | hbclife.in |
|
| Details | Domain | 2 | wizzsolutions.com |
|
| Details | Domain | 1 | egymatec.ae |
|
| Details | Domain | 1 | vanadrink.com |
|
| Details | Domain | 1 | islandsailors.com |
|
| Details | Domain | 1 | neocities.org |
|
| Details | Domain | 6 | frge.io |
|
| Details | Domain | 1 | tinyhost.fr |
|
| Details | Domain | 4 | pipedream.com |
|
| Details | Domain | 50 | webhook.site |
|
| Details | Domain | 66 | www.malwarebytes.com |
|
| Details | Domain | 83 | cert.gov.ua |
|
| Details | Domain | 78 | socradar.io |
|
| Details | Domain | 58 | blog.sekoia.io |
|
| Details | Domain | 49 | ukr.net |
|
| Details | Domain | 11 | services.google.com |
|
| Details | Domain | 47 | go.recordedfuture.com |
|
| Details | Domain | 6 | blog.cluster25.duskrise.com |
|
| Details | Domain | 36 | media.defense.gov |
|
| Details | Domain | 29 | www.trellix.com |
|
| Details | Domain | 13 | securityscorecard.com |
|
| Details | Domain | 397 | www.microsoft.com |
|
| Details | Domain | 98 | www.ncsc.gov.uk |
|
| Details | Domain | 65 | www.cert.ssi.gouv.fr |
|
| Details | Domain | 604 | www.trendmicro.com |
|
| Details | Domain | 2 | cyber.gouv.fr |
|
| Details | Domain | 4 | cert.ssi.gouv.fr |
|
| Details | Domain | 207 | learn.microsoft.com |
|
| Details | Domain | 32 | lolbas-project.github.io |
|
| Details | Domain | 4 | www.loldrivers.io |
|
| Details | Domain | 14 | ssi.gouv.fr |
|
| Details | 1 | maint@goldenloafuae.com |
||
| Details | 1 | accounts@regencyservice.in |
||
| Details | 1 | franch1.lanka@bplanka.com |
||
| Details | 1 | mdelafuente@ukwwfze.com |
||
| Details | 1 | karina@bhpcapital.com |
||
| Details | 1 | m.salim@tsc-me.com |
||
| Details | 1 | ashoke.kumar@hbclife.in |
||
| Details | 1 | jayan@wizzsolutions.com |
||
| Details | 1 | m.yasser@egymatec.ae |
||
| Details | 1 | commercial@vanadrink.com |
||
| Details | 1 | m.nash@islandsailors.com |
||
| Details | 2 | cert-fr@ssi.gouv.fr |
||
| Details | File | 69 | comsvcs.dll |
|
| Details | File | 59 | ntdsutil.exe |
|
| Details | File | 226 | certutil.exe |
|
| Details | File | 1 | gcat_threathorizons_full_nov2021.pdf |
|
| Details | File | 5 | cta-2023-0620.pdf |
|
| Details | File | 1 | campaign_uooo158036-21.pdf |
|
| Details | File | 1 | office-compromised.html |
|
| Details | File | 2 | advisory_apt28-exploits-known-vulnerability.pdf |
|
| Details | File | 141 | www.cer |
|
| Details | File | 1 | a-strategy.html |
|
| Details | File | 1 | thunderous-noise.html |
|
| Details | md5 | 3 | 9f4172d554bb9056c8ba28e32c606b1e |
|
| Details | md5 | 3 | 3d4362e8fe86d2f33acb3e15f1dad341 |
|
| Details | md5 | 1 | f60350585fbfc5dc968f45c6ef4e434d |
|
| Details | md5 | 1 | 92e22b7e96aca3f9d733ca609ab0b589 |
|
| Details | md5 | 1 | 43a0441b35b3db061cde412541f4d1e1 |
|
| Details | md5 | 1 | 9a97c56c9ea6d9ebde0968580ea28ea9 |
|
| Details | md5 | 1 | e68cbd4930e2781e0c1b19eb72ec0936 |
|
| Details | md5 | 1 | b21dde4c19e2f6fc08a922e25de38cf5 |
|
| Details | md5 | 1 | b5d82be5813c7dacbd97ef5df073b260 |
|
| Details | md5 | 3 | 2bb4c6b32d077c0f80cda1006da90365 |
|
| Details | md5 | 1 | 238334590d0f62d2a089bd87ad71b730 |
|
| Details | md5 | 1 | 7ee19e6bd9f55ebc0dd6413c68346de6 |
|
| Details | md5 | 1 | 3b698278f225f1e5bace9d177a1a95e0 |
|
| Details | md5 | 1 | ce65c51078b7c69a6f50b0b37a36293f |
|
| Details | md5 | 1 | 65fdbc35bc8c3a2f0e872dbbfd32c7a7 |
|
| Details | IPv4 | 7 | 5.199.162.132 |
|
| Details | IPv4 | 7 | 101.255.119.42 |
|
| Details | IPv4 | 7 | 213.32.252.221 |
|
| Details | IPv4 | 7 | 168.205.200.55 |
|
| Details | IPv4 | 7 | 185.132.17.160 |
|
| Details | IPv4 | 3 | 69.51.2.106 |
|
| Details | IPv4 | 7 | 113.160.234.229 |
|
| Details | IPv4 | 6 | 85.195.206.7 |
|
| Details | IPv4 | 5 | 61.14.68.33 |
|
| Details | IPv4 | 5 | 24.142.165.2 |
|
| Details | IPv4 | 3 | 42.98.5.225 |
|
| Details | MITRE ATT&CK Techniques | 4 | T1597 |
|
| Details | MITRE ATT&CK Techniques | 49 | T1110.003 |
|
| Details | MITRE ATT&CK Techniques | 12 | T1110.004 |
|
| Details | MITRE ATT&CK Techniques | 44 | T1212 |
|
| Details | MITRE ATT&CK Techniques | 11 | T1587.004 |
|
| Details | MITRE ATT&CK Techniques | 17 | T1584.005 |
|
| Details | MITRE ATT&CK Techniques | 19 | T1586.002 |
|
| Details | MITRE ATT&CK Techniques | 59 | T1588.002 |
|
| Details | MITRE ATT&CK Techniques | 21 | T1583.006 |
|
| Details | MITRE ATT&CK Techniques | 409 | T1566 |
|
| Details | MITRE ATT&CK Techniques | 542 | T1190 |
|
| Details | MITRE ATT&CK Techniques | 306 | T1078 |
|
| Details | MITRE ATT&CK Techniques | 104 | T1505.003 |
|
| Details | MITRE ATT&CK Techniques | 86 | T1136 |
|
| Details | MITRE ATT&CK Techniques | 20 | T1546.015 |
|
| Details | MITRE ATT&CK Techniques | 173 | T1003.001 |
|
| Details | MITRE ATT&CK Techniques | 67 | T1003.003 |
|
| Details | MITRE ATT&CK Techniques | 492 | T1105 |
|
| Details | MITRE ATT&CK Techniques | 40 | T1528 |
|
| Details | MITRE ATT&CK Techniques | 125 | T1555.003 |
|
| Details | MITRE ATT&CK Techniques | 99 | T1539 |
|
| Details | Threat Actor Identifier - APT | 783 | APT28 |
|
| Details | Url | 1 | https://www.malwarebytes.com/blog/threat-intelligence/2022/06/russias-apt28-uses- |
|
| Details | Url | 1 | https://cert.gov.ua/article/341128. |
|
| Details | Url | 1 | https://cert.gov.ua/article/40106. |
|
| Details | Url | 1 | https://socradar.io/microsoft-fixes-exploited-zero-days-in-march-patch-tuesday-cve- |
|
| Details | Url | 1 | https://blog.sekoia.io/apt28- |
|
| Details | Url | 1 | https://cert.gov.ua/article/5105791. |
|
| Details | Url | 1 | https://cert.gov.ua/article/37788. |
|
| Details | Url | 2 | https://cert.gov.ua/article/4492467. |
|
| Details | Url | 1 | https://services.google.com/fh/files/misc/gcat_threathorizons_full_nov2021.pdf |
|
| Details | Url | 5 | https://go.recordedfuture.com/hubfs/reports/cta-2023-0620.pdf |
|
| Details | Url | 1 | https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear- |
|
| Details | Url | 1 | https://blog.cluster25.duskrise.com/2021/06/03/a-not-so-fancy-game-apt28-skinnyboy. |
|
| Details | Url | 1 | https://media.defense.gov/2021/jul/01/2002753896/-1/-1/1/csa_gru_global_brute_force_ |
|
| Details | Url | 1 | https://www.trellix.com/en-gb/about/newsroom/stories/threat-labs/prime-ministers- |
|
| Details | Url | 1 | https://securityscorecard.com/research/apt28s-stealer-called-credomap/. |
|
| Details | Url | 1 | https://www.microsoft.com/en-us/security/blog/2020/09/10/strontium-detecting-new- |
|
| Details | Url | 2 | https://www.ncsc.gov.uk/files/advisory_apt28-exploits-known-vulnerability.pdf |
|
| Details | Url | 1 | https://www.cert.ssi.gouv.fr/alerte/certfr-2023-ale-002/. |
|
| Details | Url | 1 | https://www.microsoft.com/en-us/security/blog/2023/03/24/guidance-for-investigating- |
|
| Details | Url | 1 | https://www.trendmicro.com/en_us/research/20/l/pawn-storm-lack-of-sophistication-as- |
|
| Details | Url | 1 | https://www.trellix.com/en-us/about/newsroom/stories/research/growling-bears-make- |
|
| Details | Url | 1 | https://cert.gov.ua/article/5702579. |
|
| Details | Url | 1 | https://cyber.gouv.fr/ebios-rm. |
|
| Details | Url | 1 | https://cyber.gouv.fr/guide-authentification. |
|
| Details | Url | 1 | https://cyber.gouv.fr/guide-interconnexion-si-internet. |
|
| Details | Url | 1 | https://cyber.gouv.fr/guide-windows-restrictions-logicielles. |
|
| Details | Url | 1 | https://cyber.gouv.fr/guide-journalisation. |
|
| Details | Url | 1 | https://cyber.gouv.fr/guide-journalisation-windows. |
|
| Details | Url | 1 | https://cert.ssi.gouv.fr/dur/certfr-2020-dur-001/. |
|
| Details | Url | 1 | https://cert.ssi.gouv.fr/dur/certfr-2021-dur-001/. |
|
| Details | Url | 1 | https://learn.microsoft.com/en-us/windows/security/application-security/application- |
|
| Details | Url | 1 | https://lolbas-project.github.io/. |
|
| Details | Url | 2 | https://www.loldrivers.io/. |