EnvyScout

Description

EnvyScout is a dropper that has been used by APT29 since at least 2021.

Names

Name
EnvyScout
ROOTSAW

Category

Malware

Type

• Dropper

Information

• https://mrtiepolo.medium.com/sophisticated-apt29-campaign-abuses-notion-api-to-target-the-european-commission-200188059f58
• https://blogs.blackberry.com/en/2023/03/nobelium-targets-eu-governments-assisting-ukraine
• https://go.recordedfuture.com/hubfs/reports/cta-2022-0503.pdf
• https://www.mandiant.com/resources/blog/apt29-evolving-diplomatic-phishing
• https://blog.bushidotoken.net/2022/06/overview-of-russian-gru-and-svr.html
• https://unit42.paloaltonetworks.com/cloaked-ursa-online-storage-services-campaigns/
• https://www.sekoia.io/en/nobeliums-envyscout-infection-chain-goes-in-the-registry-targeting-embassies/
• https://cert.pl/posts/2023/04/kampania-szpiegowska-apt29/
• https://cert-agid.gov.it/news/il-malware-envyscout-apt29-e-stato-veicolato-anche-in-italia/
• https://www.incibe-cert.es/sites/default/files/contenidos/estudios/doc/incibe-cert_estudio_analisis_nobelium_2022_v1.pdf
• https://www.mandiant.com/resources/blog/apt29-wineloader-german-political-parties

Mitre Attack

• https://attack.mitre.org/software/S0634

Malpedia

• https://malpedia.caad.fkie.fraunhofer.de/details/win.envyscout

Other Information

Uuid

821512eb-4755-42b8-a70e-b8fd6053e839

Last Card Change

2024-04-22