TeamCity Intrusion Saga: APT29 Suspected Among the Attackers ...

C45-2023-12-14-7

Indicators of Compromise (IOC) List

Indicator of Compromise (IOC)	Date Published	IOC Type
CVE-2023-42793	14/12/2023	CVE
016d696c4c964f47580f21a1219f6c878264a7a0	14/12/2023	SHA-1
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\Userlist to the registry path. This prevented the new account from being displayed on the GUI login screen. Mitigation Monitor executed commands and arguments that could be used to add a new user and subsequently hide it from login screens. Advanced EDR solutions like FortiEDR can be used to monitor for associated registry changes. Windows advanced logs can be ingested into SIEM to monitor these activities. Fortinet Security Fabric Controls	14/12/2023	Win_Registry
HKLM\SYSTEM	14/12/2023	Win_Registry
HKLM\SAM	14/12/2023	Win_Registry
18192bb4aaa1b72104be4d26460b55f31ca65baf	14/12/2023	SHA-1
f836173805a8c4d4ee319fdefe4a5e92f3f55f32	14/12/2023	SHA-1
2df317b8a408d2ad5c94b9de6f20bbef03e46066	14/12/2023	SHA-1
d3a19eb3db9f7fe8d984e124da95a4c1cafa332e	14/12/2023	SHA-1
8f5780056107dbc2bb59d63f454d8523091ddde2	14/12/2023	SHA-1
51aa6e5186ede77545e99b14b8f7e8180a0c6933	14/12/2023	SHA-1
ada02e4442daa69427a2815a8819f3a1285ad772	14/12/2023	SHA-1
3a32e516c037c37f7bf83171e167511ba53870a7	14/12/2023	SHA-1
bcbadf744954660f9a46324649eda6a14d724cbc	14/12/2023	SHA-1
682b9ac9448707024985ad54476acfbf642a03b9	14/12/2023	SHA-1
b2829fd893f26cb513018c4e03428f1ef5915da0	14/12/2023	SHA-1
4fed3d5de4df20d961831be6194b9d595b943bc9	14/12/2023	SHA-1
e3a34930e5a814db0b5d0ac7c313cfb1c294b39e	14/12/2023	SHA-1
d88fbe100874149e0059203fc1873958cde569deae66e1d934083006a4d5a258	14/12/2023	SHA-256
5ce062f210e1a5026cb53e9949865312ee477e3c	14/12/2023	SHA-1
a4b03f1e981ccdd7e08e786c72283d5551671edf	14/12/2023	SHA-1
5d3b03d7e74e7c378b25f53d1fc3605776edbcaf	14/12/2023	SHA-1
a66d76d86448965e57d7be96a57529c497e4b99d	14/12/2023	SHA-1
c7f2137331105686aa4eb39bcfe1bae23fa19956	14/12/2023	SHA-1
d5cc1f2549fa138a931ad43d5d81d3a367c0de6e	14/12/2023	SHA-1
abc50465a4b4108765a6cd6006c772fabd048458	14/12/2023	SHA-1
103.76.128.34	14/12/2023	IPv4
ed6c18c49a8bde1170c97698aeb1b85292a1967d	14/12/2023	SHA-1
167.114.3.69	14/12/2023	IPv4
38860565592ce018b415ecd72bc2fb1a0742702c	14/12/2023	SHA-1
281bb0dadc789b89f7ae30d5f4bdeae57c66b0e1	14/12/2023	SHA-1
d4411f70e0dcc2f88d74ae7251d51c6676075f6f	14/12/2023	SHA-1
45.133.7.124	14/12/2023	IPv4
92.38.177.14	14/12/2023	IPv4
45.133.7.154	14/12/2023	IPv4
194.38.22.53	14/12/2023	IPv4
128.199.207.131	14/12/2023	IPv4
195.246.120.4	14/12/2023	IPv4
20.222.6.225	14/12/2023	IPv4
212.113.106.100	14/12/2023	IPv4
45.138.16.63	14/12/2023	IPv4
45.133.7.156	14/12/2023	IPv4
103.89.13.155	14/12/2023	IPv4
104.207.152.236	14/12/2023	IPv4
167.179.75.213	14/12/2023	IPv4
45.133.7.129	14/12/2023	IPv4
43.248.34.77	14/12/2023	IPv4
74.207.242.113	14/12/2023	IPv4
154.26.133.111	14/12/2023	IPv4

Download as CSV

View Report >>