Rewterz Threat Alert – BlueBravo, A Russian APT, Employs GraphicalProton Backdoor to Target Diplomatic Entities – Active IOCs - Rewterz
Tags
| country: | Russia Ukraine |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Software - T1592.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 1b59b271-02c3-46a7-b9de-936bb8b06c3e |
| Fingerprint | a7908969aa77cec5 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Aug. 1, 2023, 8:05 a.m. |
| Added to db | Dec. 19, 2024, 4:44 a.m. |
| Last updated | Dec. 22, 2024, 5:34 p.m. |
| Headline | Rewterz Threat Alert – BlueBravo, A Russian APT, Employs GraphicalProton Backdoor to Target Diplomatic Entities – Active IOCs |
| Title | Rewterz Threat Alert – BlueBravo, A Russian APT, Employs GraphicalProton Backdoor to Target Diplomatic Entities – Active IOCs - Rewterz |
| Detected Hints/Tags/Attributes | 55/3/51 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 5 | cve-2023-26139 |
|
| Details | Domain | 3 | te-as.no |
|
| Details | Domain | 3 | easym6.com |
|
| Details | Domain | 3 | remcolours.com |
|
| Details | Domain | 7 | simplesalsamix.com |
|
| Details | Domain | 5 | sylvio.com.br |
|
| Details | Domain | 3 | reidao.com |
|
| Details | Domain | 3 | mightystake.com |
|
| Details | Domain | 5 | sharpledge.com |
|
| Details | Domain | 3 | fondoftravel.com |
|
| Details | File | 995 | node.js |
|
| Details | md5 | 1 | 1b371d33e9b5acfa78a478d289b62988 |
|
| Details | md5 | 1 | 0e4e30fe797e02f3f18892b24a6b3087 |
|
| Details | md5 | 1 | 71d92d610cc7d43aabe67cc9c95e9673 |
|
| Details | md5 | 1 | 237e0b3d73022a5bbef796e04943c7c8 |
|
| Details | md5 | 1 | 57770c738da83088a809887396a3871c |
|
| Details | md5 | 1 | 6852a33758758e9f472ff56531eceb4d |
|
| Details | md5 | 1 | 138504507a362e6fce66926748c307c9 |
|
| Details | md5 | 3 | e306333093eaf198f4d416d25a40784a |
|
| Details | md5 | 3 | 4c00d883444c78f19c3a1af191614491 |
|
| Details | md5 | 3 | 68cc826c2c58cb74abe3e5ef2123102c |
|
| Details | md5 | 3 | 9685dae9ed8d2bf13b66593c1d7cd2eb |
|
| Details | md5 | 3 | dd2e5debb0ae8b8bccac5c1fbef6bb5a |
|
| Details | md5 | 3 | 5bcf04c0fb0f62fc5f4b83789477a699 |
|
| Details | sha1 | 1 | a68d5ff30a25cf033061a74e8c8a34721bcc65a0 |
|
| Details | sha1 | 1 | e4846460539e51e3e0f9398b8c215d5bc39e70fe |
|
| Details | sha1 | 1 | f2b87d3a692b7597bdcee8151e5960fc5959dc7b |
|
| Details | sha1 | 1 | e6e37fb4aaa2c45bb6cbc2ebc89a5fd722176f0a |
|
| Details | sha1 | 1 | f38fd42c2646301053618a2cf87fd52c41ff2ed7 |
|
| Details | sha1 | 1 | 6d1a3abcb1d27ea40b046701e02351b1c4841e26 |
|
| Details | sha1 | 1 | 28891e267e320d38b570437ff283abce6cc19d55 |
|
| Details | sha1 | 1 | fd45d69af00fdff334515523aad22bbd15b4981d |
|
| Details | sha1 | 1 | a88cb3524246ff1a0c7e6a2afa1d28989b5cfc7f |
|
| Details | sha1 | 1 | cd1558626e38b1d12332de4e12104c7e57466e55 |
|
| Details | sha1 | 1 | fbcc038644cd9a564902e8ff681063cb1a80538c |
|
| Details | sha1 | 1 | 28a5dbdf03612d0725ab6756e0f2e9a6cad8e889 |
|
| Details | sha1 | 1 | dcf27c3002f343ef6cafb732c2f779ea1aaa0ce5 |
|
| Details | sha256 | 3 | 9da5339a5a7519b8b639418ea34c9a95f11892732036278b14dbbf4810fec7a3 |
|
| Details | sha256 | 3 | 22b037f0a42579b45530bed196dd2b47fd4d4dffb8daa2738581287932794954 |
|
| Details | sha256 | 3 | b84d6a12bb1756b69791e725b0e3d7a962888b31a8188de225805717c299c086 |
|
| Details | sha256 | 3 | aff3d7f9ebfdbe69c65b8441a911b539b344f2708e5cef498f10e13290e90c91 |
|
| Details | sha256 | 4 | c71ec48a59631bfa3f33383c1f25719e95e5a80936d913ab3bfe2feb172c1c5e |
|
| Details | sha256 | 3 | 385973e7777081c81cfe236fcc8b3ebf5e4ae04f16030d525535f6cfe38cae7b |
|
| Details | sha256 | 3 | becbd20a19bab555b92d471b30b8159dfa709e9bc417e5d42d72c94546d9e61c |
|
| Details | sha256 | 5 | 79a1402bc77aa2702dc5dca660ca0d1bf08a2923e0a1018da70e7d7c31d9417f |
|
| Details | sha256 | 3 | 640a08b52623cd8702de066f1f9a6923b18283fc2656137cd9c584da1e07775c |
|
| Details | sha256 | 3 | 6f37579d445639c7dfebb4927fe7f6ea70d25d1127f9d9b5078f8ccd4da36127 |
|
| Details | sha256 | 3 | 0e22e6a1dc529008d62287cfddaed53c7f4cc698feec144f00c92594dc76d036 |
|
| Details | sha256 | 3 | 02ce47bd766f7489c6326c30351eb9b365f9997de1b2f92924d130fa07e0d82c |
|
| Details | sha256 | 3 | c5209127e65b0465c8a707ca127b067aa8756c1138bd0d3636f71bfbe8fd9bda |
|
| Details | Threat Actor Identifier - APT | 806 | APT29 |