ioc[.]one - OSINT Cyber Threat Intelligence Database

Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive

Tags

cmtmf-attack-pattern:	Native Code
country:	Egypt Brazil Czechia Japan Portugal Russia Ukraine United Kingdom United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Cloud Services - T1021.007 Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Email Account - T1087.003 Html Smuggling - T1027.006 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002

Show in Graph

Common Information

Type	Value
UUID	cd1867d3-fcbd-42da-850d-c593c65b060e
Fingerprint	ac240b198fab4fc1
Analysis status	DONE
Considered CTI value	2
Text language
Published	July 19, 2022, 10 a.m.
Added to db	Sept. 11, 2022, 12:31 p.m.
Last updated	Nov. 17, 2024, 10:40 p.m.
Headline	Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive
Title	Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive
Detected Hints/Tags/Attributes	99/4/47

Source URLs

	Redirection	Url
Details	Source	https://unit42.paloaltonetworks.com/cloaked-ursa-online-storage-services-campaigns/

URL Provider

Details	Provider	Source level domain
Details	paloaltonetworks.com	unit42.paloaltonetworks.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	256	✔	Unit 42	https://unit42.paloaltonetworks.com/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	67	www.dropbox.com
Details	Domain	2	wethe6and9.ca
Details	Domain	3	porodicno.ba
Details	Domain	1	console.save
Details	Domain	1	477421423157-doqkohd8ihvnpgtsnbld4e4kd1lbs01b.apps.googleusercontent.com
Details	Domain	27	seznam.cz
Details	Domain	1	891757970989-9ejifbns5l2to04dtp4uofsi1jtuuftk.apps.googleusercontent.com
Details	Domain	40	dropbox.com
Details	Domain	2	crossfity.com
Details	Domain	2	techspaceinfo.com
Details	Email	2	matysovi@seznam.cz
Details	File	5	agenda.pdf
Details	File	5	agenda.html
Details	File	1	agenda.iso
Details	File	1	agenda.exe
Details	File	185	shell32.dll
Details	File	2126	cmd.exe
Details	File	3	wcchromenativemessaginghost.exe
Details	File	69	vcruntime140.dll
Details	File	1	vctool140.dll
Details	File	16	cabinet.dll
Details	File	1	vcruntime14.dll
Details	File	3	enum.reg
Details	sha256	1	a0bdd8a82103f045935c83cb2186524ff3fc2d1324907d9bd644ea5cefacbaaf
Details	sha256	1	f9b10323b120d8b12e72f74261e9e51a4780ac65f09967d7f4a4f4a8eabc6f4c
Details	sha256	1	ce9802b22a37ae26c02b1f2c3225955a7667495fce5b106113434ab5a87ae28a
Details	sha256	1	347715f967da5debfb01d3ba2ede6922801c24988c8e6ea2541e370ded313c8b
Details	sha256	1	cbe92abb2e275770fdff2e9187dee07cce1961b13c0eda94237aceeb06eefbbd
Details	sha256	1	de06cf27884440f51614a41623a4b84e0cb3082d6564ee352f6a4d8cf9d92ec5
Details	sha256	1	0ed71b0f4f83590cca66c0c9e9524a0c01d7a44cf06467c3ae588c1fe5b13118
Details	sha256	1	a018f4d5245fd775a17dc8437ad55c2f74fb6152dd4fdf16709a60df2a063fff
Details	sha256	1	9230457e7b1ab614f0306e4aaaf08f1f79c11f897f635230aa4149ccfd090a3d
Details	sha256	1	fba3a311a4c0a283753b5a0cdcadd3fe19f5a1174f03cb966f14d04bbf3d73ee
Details	sha256	1	09f0ea9b239385eb22f794dcecaec1273be87f3f118a2da067551778971ca677
Details	sha256	1	56cffe5e224acbe5a7e19446238e5bb9110d9200b6b1ea8b552984d802b71547
Details	sha256	1	295452a87c0fbb48eb87be9de061ab4e938194a3fe909d4bcb9bd6ff40b8b2f0
Details	sha256	1	bc9ad574c42bc7b123baaafb3325ce2185e92e46979b2faaddd4bc80ddfac88a
Details	sha256	1	761ed73512cb4392b98c84a34d3439240a73e389f09c2b4a8f0cce6a212f529c
Details	sha256	1	4c1ed0f6470d0bbe1ca4447981430e8ceb1157d818656be9c8a992c56c10b541
Details	IPv4	8	2.5.8.0
Details	IPv4	1	77.75.78.212
Details	IPv4	2	185.47.128.39
Details	IPv4	2	31.31.74.79
Details	Threat Actor Identifier - APT	665	APT29
Details	Windows Registry Key	47	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Details	Windows Registry Key	1	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdate
Details	Windows Registry Key	1	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AgendaE