← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
The Russian Shadow in Eastern Europe: Ukrainian MOD Campaign
WHITE Gamaredon AlienVault 2019-04-24 Modified: 2019-04-25
19
IOCs
MEDIUM VOLUME
Few days after the publication of our technical article related to the evidence of possible APT28 interference in the Ukrainian elections, we spotted another signal of a sneakier on-going operation. This campaign, instead, seems to be linked to another Russian hacking group: Gamaredon. The Gamaredon APT was first spotted in 2013 and in 2015, when researchers at LookingGlass shared the details of a cyber espionage operation tracked as Operation Armageddon, targeting other Ukrainian entities. Their “special attention” on Eastern European countries was also confirmed by CERT-UA, the Ukrainian Computer Emergency Response Team.
russia
Indicators of Compromise (19)
All FileHash-SHA256 URL hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 603c92b4385a32c9fc0b88da600d2dc19e46174201fa016965ffda9fd957ed38 2019-04-24
FileHash-SHA256 5e16a71c7b99cb2780c31af34b268b78525b2b8fed55ff9e7bd4db8b1ba66f90 2019-04-24
FileHash-SHA256 c5d6e014af6136132b0f7400e5c826c5185611ea540e977426bfa3bda4ac75e6 2019-04-24
FileHash-SHA256 653a4205fa4bb7c58ef1513cac4172398fd5d65cab78bef7ced2d2e828a1e4b5 2019-04-24
FileHash-SHA256 61a611e3be93a6b0511ee11a26fedcb6a96ba1101f31afe5cf7b9abffeb5ab28 2019-04-24
FileHash-SHA256 956fbaafb5f59e8c7e67b04647d0973d57c5949aa47eec8e9e20c20709512074 2019-04-24
FileHash-SHA256 41a6e54e7ac2d488151d2b40055f3d7cacce7fb53e9d33c1e3effd4fce801410 2019-04-24
FileHash-SHA256 fc6cbf19331033ae758ca91fe6bab1539793b6153b10a0a7d61f60bdfc4bc791 2019-04-24
FileHash-SHA256 a49dc86dc9ae36313a36cbe2c7b712eebebe923971e29aeab564d8d1cef699bb 2019-04-24
FileHash-SHA256 73450f87d92805582eb38023adba363c13f833389e0e9768d9232c598dc6e2cc 2019-04-24
FileHash-SHA256 18cd658fac1dd52a75b4eb6558d06dfe5be0e4db7078d72f663c44507449168c 2019-04-24
FileHash-SHA256 e1e31702aad4bd7557a05906eb3004e9a72d77aa57e448379bee9a350cbba657 2019-04-24
FileHash-SHA256 da4f9588a891662fc0a687fd584a0cc9acb5ec28b409614581d27cfdd56f4470 2019-04-24
FileHash-SHA256 54fd3a8b57afb73919275f6208e758256ac0054eccb1afb8184427d243a9f8b9 2019-04-24
URL http://bitwork.ddns.net 2019-04-24
URL http://librework.ddns.net 2019-04-24
hostname librework.ddns.net 2019-04-24
hostname bitwork.ddns.net 2019-04-24
hostname lisingrout.ddns.net 2019-04-25
References (1)
↗ https://blog.yoroi.company/research/the-russian-shadow-in-eastern-europe-ukrainian-mod-campaign/