ioc[.]one - OSINT Cyber Threat Intelligence Database

Renewed APT29 Phishing Campaign Against European Diplomats

Tags

country:	Russia
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Dll Side-Loading - T1574.002 Domains - T1583.001 Domains - T1584.001 Malicious Link - T1204.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Dll Side-Loading - T1073 Rundll32 - T1085

Show in Graph

Common Information

Type	Value
UUID	1f08ea78-cbba-462e-895e-781244b8211d
Fingerprint	a454c819793f2fa0
Analysis status	DONE
Considered CTI value	2
Text language
Published	April 15, 2025, 1:05 p.m.
Added to db	April 15, 2025, 3:14 p.m.
Last updated	April 17, 2025, 11:17 p.m.
Headline	Renewed APT29 Phishing Campaign Against European Diplomats
Title	Renewed APT29 Phishing Campaign Against European Diplomats
Detected Hints/Tags/Attributes	71/3/32

Source URLs

	Redirection	Url
Details	Source	https://malware.news/t/renewed-apt29-phishing-campaign-against-european-diplomats/93193

URL Provider

Details	Provider	Source level domain
Details	malware.news	malware.news

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	158	✔	Malware Analysis, News and Indicators - Latest topics	https://malware.news/latest.rss	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	5	bakenhof.com
Details	Domain	5	silry.com
Details	Domain	5	wine.zip
Details	Domain	4	ophibre.com
Details	Domain	4	bravecup.com
Details	Domain	168	research.checkpoint.com
Details	File	6	wine.zip
Details	File	5	wine.exe
Details	File	11	appvisvsubsystems64.dll
Details	File	5	ppcore.dll
Details	File	1179	rundll32.exe
Details	File	2	c:\users\user\appdata\local\powerpnt\wine.exe
Details	File	12	blog.php
Details	File	15	vmtools.dll
Details	File	89	view.php
Details	File	3	inva.php
Details	File	3	invb.php
Details	sha256	2	e55c854d77279ed516579b91315783edd776ac0ff81ea4cc5b2b0811cf40aa63
Details	sha256	4	653db3b63bb0e8c2db675cd047b737cefebb1c955bd99e7a93899e2144d34358
Details	sha256	4	420d20cddfaada4e96824a9184ac695800764961bad7654a6a6c3fe9b1b74b9a
Details	sha256	3	85484716a369b0bc2391b5f20cf11e4bd65497a34e7a275532b729573d6ef15e
Details	sha256	3	78a810e47e288a6aff7ffbaf1f20144d2b317a1618bba840d42405cddc4cff41
Details	sha256	4	d931078b63d94726d4be5dc1a00324275b53b935b77d3eed1712461f0c180164
Details	sha256	4	24c079b24851a5cc8f61565176bbf1157b9d5559c642e31139ab8d76bbb320f8
Details	sha256	4	adfe0ef4ef181c4b19437100153e9fe7aed119f5049e5489a36692757460b9f8
Details	IPv4	6	132.0.0.0
Details	Threat Actor Identifier - APT	911	APT29
Details	Url	3	https://ophibre.com/blog.php
Details	Url	3	https://bravecup.com/view.php
Details	Url	3	https://silry.com/inva.php
Details	Url	3	https://bakenhof.com/invb.php
Details	Url	1	https://research.checkpoint.com/2025/apt29-phishing-campaign