ioc[.]one - OSINT Cyber Threat Intelligence Database

UNC2452 Merged into APT29 | Russia-Based Espionage Group

Tags

cmtmf-attack-pattern:	Application Layer Protocol Supply Chain Compromise Trusted Relationship
country:	Russia
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data /Etc/Passwd And /Etc/Shadow - T1003.008 Additional Cloud Credentials - T1098.001 Application Access Token - T1550.001 Application Access Token - T1527 Application Layer Protocol - T1437 Archive Via Utility - T1560.001 Clear Windows Event Logs - T1070.001 Cloud Service Discovery - T1526 Code Repositories - T1213.003 Code Repositories - T1593.003 Compromise Software Supply Chain - T1195.002 Compromise Software Supply Chain - T1474.003 Credentials - T1589.001 Credentials In Files - T1552.001 Data From Local System - T1533 Dcsync - T1003.006 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Dns - T1071.004 Dns - T1590.002 Domain Fronting - T1090.004 Domain Generation Algorithms - T1637.001 Domain Generation Algorithms - T1568.002 Domain Generation Algorithms - T1520 Domain Generation Algorithms - T1483 Execution Guardrails - T1480 Execution Guardrails - T1627 Exfiltration Over Web Service - T1567 Exfiltration To Code Repository - T1567.001 Group Policy Preferences - T1552.006 Impersonation - T1656 Indicator Removal From Tools - T1027.005 Indicator Removal On Host - T1630 Internet Connection Discovery - T1016.001 Internet Connection Discovery - T1422.001 Javascript - T1059.007 Kerberoasting - T1558.003 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Match Legitimate Name Or Location - T1036.005 Match Legitimate Name Or Location - T1655.001 Network Service Scanning - T1423 Mshta - T1218.005 Multi-Factor Authentication - T1556.006 Multi-Hop Proxy - T1090.003 Non-Standard Port - T1509 Non-Standard Port - T1571 Ntds - T1003.003 Password Managers - T1555.005 Password Spraying - T1110.003 Path Interception By Search Order Hijacking - T1574.008 Phishing - T1660 Phishing - T1566 Portable Executable Injection - T1055.002 Private Keys - T1552.004 Remote Email Collection - T1114.002 Rundll32 - T1218.011 Saml Tokens - T1606.002 Server - T1583.004 Server - T1584.004 Sharepoint - T1213.002 Shortcut Modification - T1547.009 Steal Or Forge Kerberos Tickets - T1558 Steganography - T1001.002 Steganography - T1406.001 Steganography - T1027.003 Supply Chain Compromise - T1474 Symmetric Cryptography - T1521.001 Symmetric Cryptography - T1573.001 Timestomp - T1070.006 Token Impersonation/Theft - T1134.001 Trust Modification - T1484.002 Time Based Evasion - T1497.003 Virtual Private Server - T1583.003 Virtual Private Server - T1584.003 Tool - T1588.002 Vulnerabilities - T1588.006 Web Cookies - T1606.001 Account Manipulation - T1098 Standard Application Layer Protocol - T1071 Connection Proxy - T1090 Credentials In Files - T1081 Data From Local System - T1005 Data From Network Shared Drive - T1039 Data Staged - T1074 Data Transfer Size Limits - T1030 Domain Fronting - T1172 Indicator Removal On Host - T1070 Indicator Removal From Tools - T1066 Kerberoasting - T1208 Mshta - T1170 Two-Factor Authentication Interception - T1111 Multi-Hop Proxy - T1188 Network Service Scanning - T1046 Private Keys - T1145 Rundll32 - T1085 Shortcut Modification - T1023 Supply Chain Compromise - T1195 Timestomp - T1099 Trusted Relationship - T1199 Indicator Removal On Host Network Service Scanning Supply Chain Compromise

Show in Graph

Common Information

Type	Value
UUID	0cd1faa7-405a-4e68-92f6-21c5d49d3e56
Fingerprint	4c05cd5b0f2296e1
Analysis status	DONE
Considered CTI value	2
Text language
Published	April 27, 2022, midnight
Added to db	Nov. 9, 2023, 12:20 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Assembling the Russian Nesting Doll: UNC2452 Merged into APT29
Title	UNC2452 Merged into APT29 \| Russia-Based Espionage Group
Detected Hints/Tags/Attributes	203/4/57

Source URLs

	Redirection	Url
Details	Source	https://www.mandiant.com/resources/blog/unc2452-merged-into-apt29

URL Provider

Details	Provider	Source level domain
Details	mandiant.com	www.mandiant.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	330	✔	Threat Intelligence	https://www.mandiant.com/resources/blog/rss.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Mandiant Uncategorized Groups	97	UNC2452
Details	MITRE ATT&CK Techniques	62	T1583.003
Details	MITRE ATT&CK Techniques	36	T1195.002
Details	MITRE ATT&CK Techniques	52	T1199
Details	MITRE ATT&CK Techniques	93	T1059.007
Details	MITRE ATT&CK Techniques	112	T1098
Details	MITRE ATT&CK Techniques	15	T1098.001
Details	MITRE ATT&CK Techniques	30	T1547.009
Details	MITRE ATT&CK Techniques	6	T1574.008
Details	MITRE ATT&CK Techniques	40	T1055.002
Details	MITRE ATT&CK Techniques	44	T1134.001
Details	MITRE ATT&CK Techniques	13	T1484.002
Details	MITRE ATT&CK Techniques	26	T1027.003
Details	MITRE ATT&CK Techniques	42	T1027.005
Details	MITRE ATT&CK Techniques	183	T1036.005
Details	MITRE ATT&CK Techniques	247	T1070
Details	MITRE ATT&CK Techniques	92	T1070.001
Details	MITRE ATT&CK Techniques	93	T1070.006
Details	MITRE ATT&CK Techniques	59	T1218.005
Details	MITRE ATT&CK Techniques	119	T1218.011
Details	MITRE ATT&CK Techniques	48	T1480
Details	MITRE ATT&CK Techniques	57	T1497.003
Details	MITRE ATT&CK Techniques	10	T1550.001
Details	MITRE ATT&CK Techniques	298	T1562.001
Details	MITRE ATT&CK Techniques	67	T1003.003
Details	MITRE ATT&CK Techniques	27	T1003.006
Details	MITRE ATT&CK Techniques	15	T1003.008
Details	MITRE ATT&CK Techniques	49	T1110.003
Details	MITRE ATT&CK Techniques	25	T1111
Details	MITRE ATT&CK Techniques	89	T1552.001
Details	MITRE ATT&CK Techniques	26	T1552.004
Details	MITRE ATT&CK Techniques	8	T1552.006
Details	MITRE ATT&CK Techniques	8	T1555.005
Details	MITRE ATT&CK Techniques	27	T1558
Details	MITRE ATT&CK Techniques	36	T1558.003
Details	MITRE ATT&CK Techniques	14	T1606.001
Details	MITRE ATT&CK Techniques	11	T1606.002
Details	MITRE ATT&CK Techniques	42	T1016.001
Details	MITRE ATT&CK Techniques	168	T1046
Details	MITRE ATT&CK Techniques	12	T1526
Details	MITRE ATT&CK Techniques	534	T1005
Details	MITRE ATT&CK Techniques	67	T1039
Details	MITRE ATT&CK Techniques	67	T1074
Details	MITRE ATT&CK Techniques	21	T1114.002
Details	MITRE ATT&CK Techniques	16	T1213.002
Details	MITRE ATT&CK Techniques	9	T1213.003
Details	MITRE ATT&CK Techniques	116	T1560.001
Details	MITRE ATT&CK Techniques	444	T1071
Details	MITRE ATT&CK Techniques	52	T1071.004
Details	MITRE ATT&CK Techniques	48	T1090.003
Details	MITRE ATT&CK Techniques	25	T1568.002
Details	MITRE ATT&CK Techniques	115	T1571
Details	MITRE ATT&CK Techniques	130	T1573.001
Details	MITRE ATT&CK Techniques	36	T1030
Details	MITRE ATT&CK Techniques	126	T1567
Details	MITRE ATT&CK Techniques	7	T1567.001
Details	Threat Actor Identifier - APT	665	APT29