APT29 WellMess COVID Vaccine Targeting
SVR APT29 campaign targeting COVID-19 vaccine research organisations in UK, US and Canada using WellMess and WellMail malware.
Start date
1 July 2020
End date
—
Techniques
19
Attributed actors
Techniques (19)
command-and-control5
T1573.001Symmetric Cryptography
T1573.002Asymmetric Cryptography
T1105Ingress Tool Transfer
T1071.001Web Protocols
T1090.003Multi-hop Proxy
discovery3
T1057Process Discovery
T1082System Information Discovery
T1083File and Directory Discovery
execution3
T1059.001PowerShell
T1053.005Scheduled Task
T1059.004Unix Shell
exfiltration1
T1041Exfiltration Over C2 Channel
initial-access3
T1078Valid Accounts
T1133External Remote Services
T1190Exploit Public-Facing Application
persistence4
T1078Valid Accounts
T1547.001Registry Run Keys / Startup Folder
T1133External Remote Services
T1053.005Scheduled Task
privilege-escalation3
T1078Valid Accounts
T1547.001Registry Run Keys / Startup Folder
T1053.005Scheduled Task
stealth4
T1078Valid Accounts
T1140Deobfuscate/Decode Files or Information
T1070.004File Deletion
T1027Obfuscated Files or Information
Indicators of compromise
No IOCs linked to this campaign yet.