{
  "name": "Hellhounds: Operation Lahat",
  "slug": "hellhounds-operation-lahat",
  "description": "A group called Hellhounds has continued attacking Russian organizations into 2024 using various techniques to compromise infrastructure. Research shows malware toolkit development began in 2019. The group maintains presence inside critical organizations for years. Although based on open-source projects, malware is modified to bypass defenses. The earliest Windows and Linux samples are from 2019 and 2021. Encryption and obfuscation are used. Foothold gained via system services. Main C2 method is DNS tunneling. At least 48 confirmed victims, focused on public sector and IT contractors. Victims likely compromised via supply chain attacks and trusted relationships.",
  "published": "2024-05-28T09:28:44+00:00",
  "created_at": "2024-05-28T09:28:44+00:00",
  "modified_at": "2024-05-28T10:01:05+00:00",
  "created_at_opencti": "2024-05-28T09:28:44+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-05-28",
    "apt",
    "operation lahat",
    "russia"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "31.184.204.42"
      },
      {
        "id": "",
        "name": "c.glb-ru.info"
      },
      {
        "id": "",
        "name": "nsdps.cc"
      },
      {
        "id": "",
        "name": "net-sensors.net"
      },
      {
        "id": "",
        "name": "dw-filter.com"
      },
      {
        "id": "",
        "name": "rcsmf100.net"
      },
      {
        "id": "",
        "name": "maxpatrol.net"
      },
      {
        "id": "",
        "name": "wmssh.com"
      },
      {
        "id": "",
        "name": "claudfront.net"
      },
      {
        "id": "",
        "name": "ae76fcf9b0c7740ff2e7be88acd0d4354ac08ea0"
      },
      {
        "id": "",
        "name": "6758df1ae1f88ce553e3eb76f95625c075978734"
      },
      {
        "id": "",
        "name": "fd7298c3be42560f7a7e78903cc7ad5db3a14185eafc76a5bdac9bd2f2bf6bfc"
      },
      {
        "id": "",
        "name": "f466ecd2edc5481853f1e4613cf49dd5bd075e246436ad28b3558c2fd4069aca"
      },
      {
        "id": "",
        "name": "f1aa7cb84e515e6d4818531ecb6cf9241338c68ebcb93e181ab9dfebb6be9123"
      },
      {
        "id": "",
        "name": "f11afd0d02e936e56aad7e5e86f3bc6781a1c67c4abb98fe7b3d831e8d67e312"
      },
      {
        "id": "",
        "name": "ee8dd2626a4465f49f6d4aaf3b6d3735ca938e5e289304ba0664e4c9fb957672"
      },
      {
        "id": "",
        "name": "e67c5731bed1e4d8c7947a6f474a161237ca9d795f8e86927b2faf1a17c94a79"
      },
      {
        "id": "",
        "name": "e42e43e01e2ca96562fa67e58a4d539fcaf50054e631dd259351f95c69672288"
      },
      {
        "id": "",
        "name": "e38dcc222f770a4d11be0bd31b6d22f69a9f5bce8306c1c96390a0701647c1f3"
      },
      {
        "id": "",
        "name": "e27d1bab901c1bb414d0849c5c132faa8c7c6a61357d9627a7d2785270034793"
      },
      {
        "id": "",
        "name": "e19dc185e99cfdc0c25f18fb34ffabff2a4877d6d5843e4c67c05ce182f9780e"
      },
      {
        "id": "",
        "name": "dd83e7b5788588d3a6b806ce0e5ad4acc0343c99548a342bfca9d54ea64625e3"
      },
      {
        "id": "",
        "name": "d9a8151aff9d1c061826a9812ed9a6600805c74a519df333513fd4a79d2d4e61"
      },
      {
        "id": "",
        "name": "d89671386dd794996e7fbf57645a6ab8d40dc5d0d634ca9deec235ae31f5c500"
      },
      {
        "id": "",
        "name": "d53fe08be9391ed668cdbcccecc4736e9d0e5dbc7cecbd32a7df21487d593232"
      },
      {
        "id": "",
        "name": "d59fcb3e138b9eea0d70a1127f7b9d927f381a133720cae0c4fd5fc803e4b9dd"
      },
      {
        "id": "",
        "name": "c67f28a2b85b0b242c2337f8717f9ddda13d471648ea56eccaaf92750b0da4dc"
      },
      {
        "id": "",
        "name": "cb1993e26580d51a6676890b87e4b3c9a2f8562815a291d9829988f00d616683"
      },
      {
        "id": "",
        "name": "c620742a863ab20ad0f211bf0e7a1be0725f2682af96db15c1a0d610875dd613"
      },
      {
        "id": "",
        "name": "bca6da159bbf6af3ba6adfdb4f1da0e855c6ed2ac9076c98bcc702169dbeab40"
      },
      {
        "id": "",
        "name": "b3538ce6d66a8a104f15a3431914da7214b54d1de2594f4ee536a6e7372ed664"
      },
      {
        "id": "",
        "name": "b21e9a3581497eafbd92a45b670b9e6f18aa09f8375ed8ebb03a199d531b2d39"
      },
      {
        "id": "",
        "name": "ae6c7656a973c797ad8c3a344da99fbca8452c471d26900a2300364ddeb959b9"
      },
      {
        "id": "",
        "name": "a03e2ca143e867a99e2bc73bd4e5c2dd078a9f671aa0a4ce9611a8bc39a769e2"
      },
      {
        "id": "",
        "name": "9d9097e76b04b8e4e53e366a215a6debd8ada6efd0102694bf518da373d25e82"
      },
      {
        "id": "",
        "name": "9a977571296ae1548c32df94be75eec2a414798bee7064b0bf44859e886a0cfa"
      },
      {
        "id": "",
        "name": "9a96c7b0595f628027c4f4caeece475ef742c420adf2fde8df934c6ce6481fb5"
      },
      {
        "id": "",
        "name": "9517212c7f840355ec02f71eb5e4ec87ae869d4b0a8bdd52331677433cca66bf"
      },
      {
        "id": "",
        "name": "83a29477939ba8e70f8f401da1fefbaad17b155c194c35a2b328530038b3539b"
      },
      {
        "id": "",
        "name": "834d7a3ccd82dd51ead09f18d9e466f6b5cb79d3054d12e3c3771e0477e0bc75"
      },
      {
        "id": "",
        "name": "82746a68612661c699ff2998502c9a252d52f76284a6c623d5c7f45d97dcefba"
      },
      {
        "id": "",
        "name": "8184a41a1275751c018a7433f1a48a8eb2f271d8f8fef98a90b70926f2755754"
      },
      {
        "id": "",
        "name": "7f55c71e064c000906afad1ff649d5c2d3fb6d61d7e84338c9ecf95b4958c7a4"
      },
      {
        "id": "",
        "name": "75bf7d3aae0ed409c2c7e4f9b15e49d2f8dac6f9ecc27219d837e806894fe2a0"
      },
      {
        "id": "",
        "name": "6da74c7e2bf3d77ac2f2cfddd114d27d08d01c2131d05d36e9c54de1c2565b2b"
      },
      {
        "id": "",
        "name": "6cb2979aa1fddd42df2ba596f705ce9bbdb2ec246649218d598d779769857c21"
      },
      {
        "id": "",
        "name": "66b7ce1c90ade1556469c4b9ef868bc6da2faea63987fbbfa4fa320723760a4e"
      },
      {
        "id": "",
        "name": "64af32f631c4ace6604ee84e2875c3393a54a0e8ad838a85833c086757d343fe"
      },
      {
        "id": "",
        "name": "5ab7025a477fba68821be7cd3b425b74a5adcccbddbfe90dbce9bbb028cca4c4"
      },
      {
        "id": "",
        "name": "5264dcb00fd0e7261f95173e44df2023d9842c61befd3a3e5a1677d187331576"
      },
      {
        "id": "",
        "name": "510da6d88ae4dd51d62796023a18b39db08a016ee4ee7178b1afdc91c58f9e1e"
      },
      {
        "id": "",
        "name": "4d30fd05c3bdac792e0a011892e2cad02818436484e81b6de6a02928149bc92d"
      },
      {
        "id": "",
        "name": "49cda974e0f9fdf1a99c76ab1f02c501cd720700efcc303e05dfb7d1e71f0d16"
      },
      {
        "id": "",
        "name": "494c857b3abe11ab66024c605648dfeb23804d554e32b0411215d83b1bde4434"
      },
      {
        "id": "",
        "name": "33e9020a2d6e6604ac0abafaa9427738937a282d3e418723e4857519c9bf99bc"
      },
      {
        "id": "",
        "name": "31b21de71f2162e8da1be8483f3a5d019b0c817832bc11a9f307b6b36821ca54"
      },
      {
        "id": "",
        "name": "30fd37421f35748b2adb1a45e71e77c38c4b4ebb6854112520bc27726a5d4424"
      },
      {
        "id": "",
        "name": "30617ff59db71da76e05828bf8eaf4c92553044bcf81870743cb35e1b482b1d8"
      },
      {
        "id": "",
        "name": "2c726b0bee65f2290c233f84139baf9dfee736d46978f42fcf8033215c1ccd19"
      },
      {
        "id": "",
        "name": "299a7888e960b7be5b7dc75e3a4bfd0c38f0f0e7313b630dcca62b6093794535"
      },
      {
        "id": "",
        "name": "25ff8d416a4158c7401f6c23e040c592ff29855da83ea67340342a3dfacd99a5"
      },
      {
        "id": "",
        "name": "1b8b4be020d3350d025c7a245eb0d7166ff2c329dc92af175ef0499cba583071"
      },
      {
        "id": "",
        "name": "1b7d26b2547ceb7f44dc9cabeb54d9c0c90b1ffb354dd1da711e269710f5d75c"
      },
      {
        "id": "",
        "name": "18d4a3a92b24b2ad75115a44fe2727081316eca346499a4aa00aa13713cf00cb"
      },
      {
        "id": "",
        "name": "121ab168fd3d59f83d127eb6a049e67ffdea9a3d4cdc6044f92116f4b1beb26d"
      },
      {
        "id": "",
        "name": "106436a4fafe00112b19b1374456c1746b988950b71d700680088d74494e4936"
      },
      {
        "id": "",
        "name": "0eb2c98d14fce41db0ac9352484438fc40489d6f40c915b659ecc84342aa83a6"
      },
      {
        "id": "",
        "name": "0d6d89023c7e4d72d8c68d5d7308eb2a58286a0ecc2ddcbe325d78f6b2149680"
      },
      {
        "id": "",
        "name": "07fe71b256c1c913b0f3e3fa67e53d21a3d1f499beb4e550597f5743797a77c4"
      },
      {
        "id": "",
        "name": "07dfb5b3e666400469fa451cdca5f29a346a5c9036e00c6587ef2b3b43631f10"
      },
      {
        "id": "",
        "name": "04241c476f7ff0b86987dbc74f7f236d1bd1fcc05896ad704bd8c152920e2ee9"
      },
      {
        "id": "",
        "name": "025d91fa1609138b30d9f95da41800aa5633913a8598ae54e95f0bc92cab2820"
      },
      {
        "id": "",
        "name": "00625fe8a6573f1774bfd9d58ba4a73d2c6307126271aa9accda89cd4b7270a9"
      }
    ],
    "malware": [
      {
        "id": "legacy:malware:fbffc9d6547a37ea",
        "name": "DecoyDog",
        "slug": "decoydog"
      },
      {
        "id": "legacy:malware:e7896b82b9fcccbb",
        "name": "Sliver",
        "slug": "sliver"
      }
    ],
    "intrusion_sets": [
      {
        "id": "ba58545b-b4ec-4020-8b3e-56dd050664ac",
        "name": "Hellhounds",
        "slug": "hellhounds"
      }
    ],
    "attack_patterns": [
      {
        "id": "4bbdf41c-817c-448a-9513-aaea6bfbe8b4",
        "name": "T1568"
      },
      {
        "id": "5e3b3612-8bf8-46e1-943e-b4c1524bef11",
        "name": "T1587"
      },
      {
        "id": "3bcbd7d0-6c9a-4d9b-8c71-ae338737bea1",
        "name": "T1480"
      },
      {
        "id": "8598a502-2b24-4c8a-8ec3-45179f49e5b7",
        "name": "T1199"
      },
      {
        "id": "fc699aef-8931-4a79-8f79-9651be9abd50",
        "name": "T1021"
      },
      {
        "id": "70616b2f-4019-4963-b758-5d9f6f20e201",
        "name": "T1082"
      },
      {
        "id": "dc342445-1b78-48b4-aa06-89ed2ad7c28e",
        "name": "T1071"
      },
      {
        "id": "af9ed2e3-4663-4723-beab-c606ddc312e0",
        "name": "T1543"
      },
      {
        "id": "7d7ac733-6442-416f-8669-c302dd0843b9",
        "name": "T1036"
      },
      {
        "id": "0156fcda-e385-4662-b388-086c3e16feec",
        "name": "T1140"
      },
      {
        "id": "0c836307-129e-4ff7-a532-180c633cacba",
        "name": "T1027"
      },
      {
        "id": "c1e3fabe-9e8b-4e8f-a1f8-bf23e234e770",
        "name": "T1485"
      },
      {
        "id": "0b2b1ecd-d52e-492a-af08-050954bc03e5",
        "name": "T1056"
      },
      {
        "id": "6c8f8a40-2746-4a37-86bd-81e82afa6e62",
        "name": "T1190"
      },
      {
        "id": "9f11a241-9abc-4c57-95dd-33955ab08826",
        "name": "T1078"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "Russian Federation"
      }
    ]
  },
  "external_refs": [
    "https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/hellhounds-operation-lahat-part-2/",
    "https://otx.alienvault.com/pulse/6655bfed1aa29eeef5f3379b"
  ]
}