Fancy Bear APT28 Adversary Simulation
Tags
maec-delivery-vectors: | Watering Hole |
attack-pattern: | Data Exploits - T1587.004 Exploits - T1588.005 Server - T1583.004 Server - T1584.004 |
Common Information
Type | Value |
---|---|
UUID | f70fb67f-8c20-42f3-80e4-854fe559d00b |
Fingerprint | 8cc92db9ea2c3d45 |
Analysis status | DONE |
Considered CTI value | 1 |
Text language | |
Published | Dec. 23, 2024, 7:26 p.m. |
Added to db | Dec. 23, 2024, 9:06 p.m. |
Last updated | Dec. 24, 2024, 3:48 p.m. |
Headline | Fancy Bear APT28 Adversary Simulation |
Title | Fancy Bear APT28 Adversary Simulation |
Detected Hints/Tags/Attributes | 42/2/12 |
Source URLs
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 167 | ✔ | Cybersecurity on Medium | https://medium.com/feed/tag/cybersecurity | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | CVE | 131 | cve-2021-40444 |
|
Details | Domain | 32 | www.trellix.com |
|
Details | Domain | 4721 | github.com |
|
Details | File | 3 | dfsvc.dll |
|
Details | File | 2 | stager.dll |
|
Details | File | 1 | dlldownloader.dll |
|
Details | File | 7 | 5.dat |
|
Details | File | 8 | 4.dat |
|
Details | Github username | 3 | lockedbyte |
|
Details | Threat Actor Identifier - APT | 917 | APT28 |
|
Details | Url | 1 | https://www.trellix.com/blogs/research/prime-ministers-office-compromised |
|
Details | Url | 2 | https://github.com/lockedbyte/cve-2021-40444 |