APT28 and Upcoming Elections: evidence of possible interference - Yoroi
Tags
| country: | Czechia Russia Ukraine |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Code Repositories - T1213.003 Code Repositories - T1593.003 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Software - T1592.002 Tool - T1588.002 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | 89d52d9d-adcf-4b53-9a04-8bc0854959a8 |
| Fingerprint | bc006d130da10fa5 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | April 12, 2019, 2:47 p.m. |
| Added to db | Jan. 18, 2023, 9:10 p.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | APT28 and Upcoming Elections: evidence of possible interference |
| Title | APT28 and Upcoming Elections: evidence of possible interference - Yoroi |
| Detected Hints/Tags/Attributes | 70/3/10 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | functiondiscovery.net |
|
| Details | File | 67 | get.php |
|
| Details | sha256 | 2 | 8a35b6ecdf43f42dbf1e77235d6017faa70d9c68930bdc891d984a89d895c1e7 |
|
| Details | sha256 | 1 | 8cccdce85beca7b7dc805a7f048fcd1bc8f7614dd7e13c2986a9fa5dfbbbbdf9 |
|
| Details | sha256 | 3 | e259df89e065c4162b273ebb18b75ea153f9bafe30a8c6610204ccf5e3f4ebcd |
|
| Details | Threat Actor Identifier - APT | 783 | APT28 |
|
| Details | Url | 1 | https://functiondiscovery.net:8443/admin/get.php |
|
| Details | Url | 1 | https://functiondiscovery.net |
|
| Details | Windows Registry Key | 4 | HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging |
|
| Details | Yara rule | 1 | rule possible_APT28_ukraine_election_document {
meta:
description = "Yara rule for ukraine_election_document"
author = "Cybaze - Yoroi ZLab"
last_updated = "2019-04-10"
tlp = "white"
category = "informational"
strings:
$a1 = { F6 EC 18 27 58 C5 1E CB 36 B0 79 }
$a2 = { 50 4B 03 04 14 00 06 }
$b = "[Content_Types].xml"
condition:
all of them
} |