2019-01-28: APT28 XTunnel Backdoor

Event ID 1040 UUID 5c500809-453c-4245-83e1-435c950d210f  Creator org CIRCL Owner org LUNCHBOX Creator user admin@admin.test Protected Event (experimental)   Event is in unprotected mode. Tags misp-galaxy:mitre-enterprise-attack-intrusion-set=”APT28″x misp-galaxy:mitre-enterprise-attack-relationship=”APT28 (G0007) uses XTunnel (S0117)”x misp-galaxy:mitre-enterprise-attack-relationship=”APT28 uses XTunnel”x misp-galaxy:mitre-intrusion-set=”APT28″x misp-galaxy:mitre-mobile-attack-intrusion-set=”APT28″x misp-galaxy:mitre-enterprise-attack-malware=”XTunnel”x misp-galaxy:mitre-malware=”XTunnel”x ecsirt:intrusions=”backdoor”x veris:action:malware:variety=”Backdoor”x ms-caro-malware:malware-type=”Backdoor”x ms-caro-malware-full:malware-type=”Backdoor”x type:OSINTx osint:lifetime=”perpetual”x osint:certainty=”50″x tlp:whitex osint:source-type=”microblog-post”x    Date 2019-01-29 Threat Level Low Analysis Initial Distribution All communities    Published Yes 2022-08-17 16:57:52 #Attributes 20 (5 Objects) First recorded change 2019-01-29 08:37:40 Last change 2019-01-29 … Read more

OSINT – Russia’s APT28 uses fear of nuclear war to spread Follina docs in Ukraine

Event ID 1250 UUID 3410ad13-ef34-48c9-bc6f-b1b111a30e06  Creator org CIRCL Owner org LUNCHBOX Creator user admin@admin.test Protected Event (experimental)   Event is in unprotected mode. Tags type:OSINTx osint:lifetime=”perpetual”x tlp:whitex    Date 2022-06-23 Threat Level Medium Analysis Completed Distribution All communities    Published Yes 2022-08-17 17:18:47 #Attributes 101 (10 Objects) First recorded change 2022-06-23 13:08:58 Last change 2022-06-23 13:24:07 Modification map Sightings 0 (0) – … Read more