← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
TeleBots are back: Supply-chain attacks against Ukraine
WHITE TeleBots AlienVault 2017-06-30 Modified: 2017-06-30
33
IOCs
MEDIUM VOLUME
The latest Petya-like outbreak has gathered a lot of attention from the media. However, it should be noted that this was not an isolated incident: this is the latest in a series of similar attacks in Ukraine. This blogpost reveals many details about the Diskcoder.C (aka ExPetr, PetrWrap, Petya, or NotPetya) outbreak and related information about previously unpublished attacks.
BlackEnergyRussiaSandwormUkraineWiperRansomware
Indicators of Compromise (33)
All domain hostname FileHash-SHA1
TYPEINDICATORDESCRIPTIONCREATED
domain bankstat.kiev.ua 2017-06-30
domain transfinance.com.ua 2017-06-30
hostname www.capital-investing.com.ua 2017-06-30
FileHash-SHA1 00141a5f0b269ce182b7c4ac06c10dea93c91664 2017-06-30
FileHash-SHA1 1557e59985faab8ee3630641378d232541a8f6f9 2017-06-30
FileHash-SHA1 1c69f2f7dee471b1369bf2036b94fdc8e4eda03e 2017-06-30
FileHash-SHA1 271023936a084f52fec50130755a41cd17d6b3b1 2017-06-30
FileHash-SHA1 31098779ce95235fed873ff32bb547fff02ac2f5 2017-06-30
FileHash-SHA1 34f917aaba5684fbe56d3c57d48ef2a1aa7cf06d 2017-06-30
FileHash-SHA1 38e2855e11e353cedf9a8a4f2f2747f1c5c07fcf 2017-06-30
FileHash-SHA1 4134ae8f447659b465b294c131842009173a786b 2017-06-30
FileHash-SHA1 4cea7e552c82fa986a8d99f9df0ea04802c5ab5d 2017-06-30
FileHash-SHA1 4eaac7cfbaade00bb526e6b52c43a45aa13fd82b 2017-06-30
FileHash-SHA1 5251edd77d46511100fef7ebae10f633c1c5fc53 2017-06-30
FileHash-SHA1 56c03d8e43f50568741704aee482704a4f5005ad 2017-06-30
FileHash-SHA1 698474a332580464d04162e6a75b89de030aa768 2017-06-30
FileHash-SHA1 759dcddda26cf2cc61628611cf14cfabe4c27423 2017-06-30
FileHash-SHA1 77c1c31ad4b9ebf5db77cc8b9fe9782350294d70 2017-06-30
FileHash-SHA1 91d955d6ac6264fbd4324db2202f68d097deb241 2017-06-30
FileHash-SHA1 9c694094bcbeb6e87cd8dd03b80b48ac1041adc9 2017-06-30
FileHash-SHA1 a4f2ff043693828a46321ccb11c5513f73444e34 2017-06-30
FileHash-SHA1 af07ab5950d35424b1eccc3dd0eebc05ae7ddb5e 2017-06-30
FileHash-SHA1 bdd2ecf290406b8a09eb01016c7658a283c407c3 2017-06-30
FileHash-SHA1 cf7b558726527551cdd94d71f7f21e2757ecd109 2017-06-30
FileHash-SHA1 d297281c2bf03ce2de2359f0ce68f16317bf0a86 2017-06-30
FileHash-SHA1 d2c8d76b1b97ae4cb57d0d8be739586f82043dbd 2017-06-30
FileHash-SHA1 d7fb7927e19e483cd0f58a8ad4277686b2669831 2017-06-30
FileHash-SHA1 dcf47141069aecf6291746d4cdf10a6482f2ee2b 2017-06-30
FileHash-SHA1 eaedc201d83328af6a77af3b1e7c4cac65c05a88 2017-06-30
FileHash-SHA1 ee275908790f63afcd58e6963dc255a54fd7512a 2017-06-30
FileHash-SHA1 ee9dc32621f52edc857394e4f509c7d2559da26b 2017-06-30
FileHash-SHA1 f4068e3528d7232ccc016975c89937b3c54ad0d1 2017-06-30
FileHash-SHA1 fc68089d1a7dfb2eb4644576810068f7f451d5aa 2017-06-30
References (1)
↗ https://www.welivesecurity.com/2017/06/30/telebots-back-supply-chain-attacks-against-ukraine/