Flying in the clouds: APT31 renews its attacks on Russian companies through cloud storage
Tags
cmtmf-attack-pattern: Automated Exfiltration Boot Or Logon Autostart Execution Develop Capabilities Masquerading Obfuscated Files Or Information
country: Russia
maec-delivery-vectors: Watering Hole
attack-pattern: Data Archive Collected Data - T1560 Archive Collected Data - T1532 Boot Or Logon Autostart Execution - T1547 Cloud Services - T1021.007 Code Signing - T1553.002 Code Signing Certificates - T1587.002 Code Signing Certificates - T1588.003 Develop Capabilities - T1587 Dll Side-Loading - T1574.002 Encrypted Channel - T1521 Encrypted Channel - T1573 Exfiltration Over C2 Channel - T1646 Hijack Execution Flow - T1625 Hijack Execution Flow - T1574 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Obfuscated Files Or Information - T1406 Non-Standard Encoding - T1132.002 Phishing - T1660 Phishing - T1566 Registry Run Keys / Startup Folder - T1547.001 Server - T1583.004 Server - T1584.004 Standard Encoding - T1132.001 Symmetric Cryptography - T1521.001 Symmetric Cryptography - T1573.001 Template Injection - T1221 Web Service - T1481 Automated Exfiltration - T1020 Code Signing - T1116 Data Encoding - T1132 Data Obfuscation - T1001 Deobfuscate/Decode Files Or Information - T1140 Dll Side-Loading - T1073 Exfiltration Over Command And Control Channel - T1041 Masquerading - T1036 Modify Registry - T1112 Standard Non-Application Layer Protocol - T1095 Obfuscated Files Or Information - T1027 Registry Run Keys / Start Folder - T1060 Web Service - T1102 User Execution - T1204 Masquerading User Execution
Show in Graph
Common Information
Type Value
UUID 1a11ced6-3f55-4a15-96e5-ee1115b486e6
Fingerprint a43419c3896f1bd3
Analysis status DONE
Considered CTI value 2
Text language
Published Oct. 17, 2024, midnight
Added to db Oct. 17, 2024, 11:27 a.m.
Last updated Nov. 17, 2024, 6:56 p.m.
Headline Get in touch
Title Flying in the clouds: APT31 renews its attacks on Russian companies through cloud storage
Detected Hints/Tags/Attributes 114/4/100
Source URLs
Redirection Url
Details Source https://global.ptsecurity.com/analytics/pt-esc-threat-intelligence/apt31-cloud-attacks
URL Provider
Details Provider Source level domain
Details ptsecurity.com global.ptsecurity.com
Attributes
Details Type #Events CTI Value
Details Domain 8 
cloud-api.yandex.net
Details Domain 1 
ramblercloud.com
Details Domain 1 
portal.super-encrypt.com
Details Domain 1 
super-encrypt.com
Details Domain 1 
portal.intranet-rsnet.com
Details Domain 1 
intranet-rsnet.com
Details Domain 1 
p1.offline-microsoft.com
Details Domain 1 
offline-microsoft.com
Details Domain 1 
cdn.microsoft-official.com
Details Domain 1 
microsoft-official.com
Details Domain 1 
yandexpro.net
Details File 5 
list.docx
Details File 42 
msvcr100.dll
Details File 34 
winhttp.dll
Details File 2 
wtsapi.dll
Details File 2 
a.psd
Details File 2 
b.psd
Details File 2125 
cmd.exe
Details File 748 
kernel32.dll
Details File 1 
dot1xtray.exe
Details File 6 
msvcr110.dll
Details File 2 
qip.exe
Details File 1 
aim.exe
Details File 4 
icq.exe
Details File 41 
wtsapi32.dll
Details File 1 
тестирования.doc
Details File 1 
заседании.doc
Details File 1 
справка.doc
Details File 2 
payload_1.bin
Details File 1 
5ehn6vctt.dll
Details File 40 
libcef.dll
Details File 1 
рассылки.pdf
Details File 1 
материал-20220210.exe
Details md5 1 
5897e67e491a9d8143f6d45803bc8ac8
Details md5 1 
91965ee08504eeb01e76e17007497852
Details md5 1 
0c1e1fd94383efc5a3de8f0117c154b2
Details md5 1 
85f8bfb3b859a35e342e35d7c35e8746
Details md5 1 
0c993a406be04b806222a130fb5a18e8
Details md5 1 
dfaa28a53310a43031e406ff927a6866
Details md5 1 
0c4540f659d3942a28f158bce7be1143
Details md5 1 
1d65ef16d1f161ae3faa5ed7896734cd
Details md5 1 
176d11c9bafac6153f728d8afb692f6f
Details md5 1 
50eb199e188594a42262a5bbea260470
Details md5 1 
c89eaa7f40fc75f9a34e0f0a3b59b88b
Details md5 1 
640e6ecad629bd33c09ccec52f4aa6da
Details md5 1 
11010e139010697a94a8feb3704519f9
Details md5 1 
099c7d85d0d26a31469465d333329778
Details md5 1 
8b4c1f0ff1cee413f5f2999fa21f94f9
Details sha1 1 
d91ffc6d48f79e0b55918fb73365b9fca37c9efa
Details sha1 1 
fd05e69d1f094b3a28bb5ae2a936607aa0db3866
Details sha1 1 
3785d9c4bdf6812f753d93b70781d3db68141ce7
Details sha1 1 
ff5e78218198dd5ca5dc2eb46ec8afdd1b6260e9
Details sha1 1 
49307f1091251dd7a498cf69d0465ddd59859cf8
Details sha1 1 
c694e99f8690114c77a6099856d61a3cd4cd814d
Details sha1 1 
d1cc0f861f162dfbf9df1493fe861d02b80483f6
Details sha1 1 
144493b13df06bab3f290b260b997b71164a25f7
Details sha1 1 
ef0f61c32a3ae2494000f36a700a151c8b10c134
Details sha1 1 
af33573bc8e507875acdb3db52bcfea13bb1286e
Details sha1 1 
f3c600ba1d1d0cb1f3383805dbcac19e9423bdcb
Details sha1 1 
584fd63ab925c532cf40818886487714b3de317e
Details sha1 1 
52999153cc7d3a3771a8ee9b8e55f913829109a7
Details sha1 1 
d25a68289fc1268d7c548787373a6235895716fb
Details sha1 1 
97e19f67a8d6af78c181f05198aa7d200b243ea5
Details sha256 1 
8148aeef6995c99c6f93ebce65b60bf57109914c45aa86d26a5cdc6ad8bba634
Details sha256 1 
d7c1668c903a92f20bdeaee0f6e94b2ef3fefd700ca8daa4c4ff34a26f1323af
Details sha256 1 
aee1bf1f7e70f5cbd34a59b312573a6c7e34b1e412e4518a55a5b14af2102063
Details sha256 1 
a56003dc199224113e9c85b0edb2197d4a4af91b15e7d0710873e2ef848c3221
Details sha256 1 
256d3065de2345a6beff9458ad0b519bed8363ac0b984247768bd788e633e371
Details sha256 1 
4a5e9ab0e65e08ceb2adb2d150abb620684e98d79483b6c9f786c56c95fea573
Details sha256 1 
37e259d6564071807b7b4266ed1dd8bf2059f3e7f438b8487dd0149e5e0487ec
Details sha256 1 
0a5fb4a480b1748dc7f963a491a9aa32ff8c8fed01bea0cfd250a5ef01654eb3
Details sha256 1 
ea9429fa66ba14b99ff756b8497ccbd3403437d4150eaed6c5c0fe4a3cdf78a8
Details sha256 1 
0afeef5a4ac1b0bc778e66a1420587697dbfdb87d74a0b935db69b7d804089c4
Details sha256 1 
98b5cfa14dd805e1172b36415c71730fa3454ffbaababc7d4c7b1fcfb47dfbd7
Details sha256 1 
add70042c65cd683925936aa04c79a8644e40dd93aa5ff1913bf533457daccf3
Details sha256 1 
c2b769f40b1ec2ee57e4d36f545d6de93bbd54d2514347fb54cc20b1bfb9ca97
Details sha256 1 
c3382ebff9dcd0e8776820f70faaa8cd4c0c93578444e5cfe3720e0b232fa6d8
Details sha256 1 
f49999f1d7327921e63097b4f90f437a0122361676b73a81f0ff2b681b1dd8de
Details MITRE ATT&CK Techniques 409 
T1566
Details MITRE ATT&CK Techniques 420 
T1204
Details MITRE ATT&CK Techniques 96 
T1587.001
Details MITRE ATT&CK Techniques 16 
T1587.002
Details MITRE ATT&CK Techniques 380 
T1547.001
Details MITRE ATT&CK Techniques 164 
T1574
Details MITRE ATT&CK Techniques 504 
T1140
Details MITRE ATT&CK Techniques 348 
T1036
Details MITRE ATT&CK Techniques 550 
T1112
Details MITRE ATT&CK Techniques 627 
T1027
Details MITRE ATT&CK Techniques 157 
T1560
Details MITRE ATT&CK Techniques 75 
T1001
Details MITRE ATT&CK Techniques 159 
T1095
Details MITRE ATT&CK Techniques 130 
T1573.001
Details MITRE ATT&CK Techniques 99 
T1132.001
Details MITRE ATT&CK Techniques 40 
T1132.002
Details MITRE ATT&CK Techniques 149 
T1102
Details MITRE ATT&CK Techniques 102 
T1020
Details MITRE ATT&CK Techniques 422 
T1041
Details Threat Actor Identifier - APT 166 
APT31
Details Url 1 
https://cloud-api.yandex.net:443/v1/disk/resources?path=
Details Url 1 
https://cloud-api.yandex.net/v1/disk/resources/download?path=desktop-im5nm8r/a.psd