APT29

MITRE G0016Also known as Cozy Bear
Reports
4
First seen
Oct 1
Last seen
Jun 4
Motivation
Espionage, credential_theft, espionage

Top ATT&CK techniques

T1566 Phishing ×3T1005 Data from Local System ×2T1071 Application Layer Protocol ×2T1547 Boot or Logon Autostart Execution ×2T1041 Exfiltration Over C2 Channel ×2T1498 Network Denial of Service ×2T1190 Exploit Public-Facing Application ×2T1055 Process Injection ×2T1059 Command and Scripting Interpreter ×1T1087 Account Discovery ×1T1059.001 PowerShell ×1T1561 Disk Wipe ×1

Indicators

cve ×10domain ×3url ×3

Indicator values are available on Pro and via the API.

Associated CVEs

Recent reports

This page shows data on a 7-day delay. Free accounts get the full delayed feed; real-time reports, indicators, and the API start at $29/mo.