high_confidence

C0021

[C0021](https://attack.mitre.org/campaigns/C0021) was a spearphishing campaign conducted in November 2018 that targeted public sector institutions, non-governmental organizations (NGOs), educational institutions, and private-sector corporations in the oil and gas, chemical, and hospitality industries. The majority of targets were located in the US, particularly in and around Washington D.C., with other targets located in Europe, Hong Kong, India, and Canada. [C0021](https://attack.mitre.org/campaigns/C0021)'s technical artifacts, tactics, techniques, and procedures (TTPs), and targeting overlap with previous suspected [APT29](https://attack.mitre.org/groups/G0016) activity.(Citation: Microsoft Unidentified Dec 2018)(Citation: FireEye APT29 Nov 2018)

Start date

1 November 2018

End date

1 November 2018

Techniques

Attributed actors

APT29· primary

Techniques (15)

command-and-control4

T1573.002Asymmetric Cryptography

T1095Non-Application Layer Protocol

T1105Ingress Tool Transfer

T1071.001Web Protocols

execution2

T1059.001PowerShell

T1204.001Malicious Link

initial-access1

T1566.002Spearphishing Link

resource-development4

T1588.002Tool

T1608.001Upload Malware

T1583.001Domains

T1584.001Domains

stealth4

T1027.009Embedded Payloads

T1140Deobfuscate/Decode Files or Information

T1027.010Command Obfuscation

T1218.011Rundll32

Indicators of compromise

No IOCs linked to this campaign yet.