Renewed APT29 Phishing Campaign Against European Diplomats - Check Point Research
Tags
country: Russia
maec-delivery-vectors: Watering Hole
attack-pattern: Data Dll Side-Loading - T1574.002 Domains - T1583.001 Domains - T1584.001 Malicious Link - T1204.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Dll Side-Loading - T1073 Rundll32 - T1085
Show in Graph
Common Information
Type Value
UUID d8b6cfec-ed38-4af1-bf3e-5554ba55ad27
Fingerprint a5548819791f2fa0
Analysis status DONE
Considered CTI value 2
Text language
Published April 15, 2025, 1 p.m.
Added to db April 15, 2025, 3:11 p.m.
Last updated April 27, 2025, 9:19 p.m.
Headline Renewed APT29 Phishing Campaign Against European Diplomats
Title Renewed APT29 Phishing Campaign Against European Diplomats - Check Point Research
Detected Hints/Tags/Attributes 70/3/30
Source URLs
Redirection Url
Details Source https://research.checkpoint.com/2025/apt29-phishing-campaign/
URL Provider
Details Provider Source level domain
Details checkpoint.com research.checkpoint.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 515 Check Point Research https://research.checkpoint.com/feed/ 2024-09-01 15:09
Attributes
Details Type #Events CTI Value
Details Domain 10 
bakenhof.com
Details Domain 10 
silry.com
Details Domain 10 
wine.zip
Details Domain 6 
ophibre.com
Details Domain 7 
bravecup.com
Details File 12 
wine.zip
Details File 11 
wine.exe
Details File 14 
appvisvsubsystems64.dll
Details File 11 
ppcore.dll
Details File 1193 
rundll32.exe
Details File 3 
c:\users\user\appdata\local\powerpnt\wine.exe
Details File 13 
blog.php
Details File 18 
vmtools.dll
Details File 92 
view.php
Details File 4 
inva.php
Details File 4 
invb.php
Details sha256 3 
e55c854d77279ed516579b91315783edd776ac0ff81ea4cc5b2b0811cf40aa63
Details sha256 6 
653db3b63bb0e8c2db675cd047b737cefebb1c955bd99e7a93899e2144d34358
Details sha256 6 
420d20cddfaada4e96824a9184ac695800764961bad7654a6a6c3fe9b1b74b9a
Details sha256 5 
85484716a369b0bc2391b5f20cf11e4bd65497a34e7a275532b729573d6ef15e
Details sha256 5 
78a810e47e288a6aff7ffbaf1f20144d2b317a1618bba840d42405cddc4cff41
Details sha256 6 
d931078b63d94726d4be5dc1a00324275b53b935b77d3eed1712461f0c180164
Details sha256 6 
24c079b24851a5cc8f61565176bbf1157b9d5559c642e31139ab8d76bbb320f8
Details sha256 6 
adfe0ef4ef181c4b19437100153e9fe7aed119f5049e5489a36692757460b9f8
Details IPv4 7 
132.0.0.0
Details Threat Actor Identifier - APT 930 
APT29
Details Url 5 
https://ophibre.com/blog.php
Details Url 6 
https://bravecup.com/view.php
Details Url 5 
https://silry.com/inva.php
Details Url 5 
https://bakenhof.com/invb.php