APT28 BeardShell Signal Campaign
APT28 campaign delivering malicious documents via Signal messenger deploying BeardShell and SlimAgent malware against Ukrainian government targets. Attributed by CERT-UA as UAC-0001.
Start date
1 March 2024
End date
—
Techniques
16
Attributed actors
Techniques (16)
collection1
T1113Screen Capture
command-and-control3
T1573.001Symmetric Cryptography
T1105Ingress Tool Transfer
T1071.001Web Protocols
defense-impairment1
T1574.002DLL Side-Loading
discovery2
T1082System Information Discovery
T1083File and Directory Discovery
execution2
T1059.003Windows Command Shell
T1059.001PowerShell
exfiltration1
T1041Exfiltration Over C2 Channel
initial-access1
T1566.001Spearphishing Attachment
persistence2
T1547.001Registry Run Keys / Startup Folder
T1574.002DLL Side-Loading
privilege-escalation3
T1547.001Registry Run Keys / Startup Folder
T1574.002DLL Side-Loading
T1055Process Injection
stealth4
T1140Deobfuscate/Decode Files or Information
T1070.004File Deletion
T1055Process Injection
T1027Obfuscated Files or Information
Indicators of compromise
No IOCs linked to this campaign yet.