Pulse Detail — Threat Intelligence

PULSE NAME

Continued activity by Gamaredon Group

WHITE Gamaredon Group AlienVault 2019-04-30 Modified: 2019-04-30

IOCs

MEDIUM VOLUME

↓ CSV ↓ JSON

Continued attacks linked to Russian group of attackers, primarily targeting Ukraine.

Pteredon russia

Indicators of Compromise (43)

All domain FileHash-SHA256 URL hostname FileHash-MD5 FileHash-SHA1

TYPE	INDICATOR	DESCRIPTION	CREATED
domain	microsoft-usb.site	—	2019-04-30
domain	bitsadmin2.space	—	2019-04-30
domain	microsoft-analise.site	—	2019-04-30
domain	bitsadmin1.space	—	2019-04-30
domain	bitsadmin3.space	—	2019-04-30
domain	microsoft-bits.site	—	2019-04-30
domain	microsoft-macros.site	—	2019-04-30
domain	bitsadmin.space	—	2019-04-30
domain	bitsadmin4.space	—	2019-04-30
domain	bitsadmin5.space	—	2019-04-30
domain	bitsadmin6.space	—	2019-04-30
domain	wordmacros.space	—	2019-04-30
domain	microsoft-office.site	—	2019-04-30
domain	bitsadmin10.space	—	2019-04-30
domain	attach.website	—	2019-04-30
FileHash-SHA256	2c6ab7f2758d8434b2eb768a59cea82779f0fa2964d5f25a3cbd4369bf43eefd	—	2019-04-30
FileHash-SHA256	6b5f4aea458fb737e213714b3dda51f31b03ccb53a6a0501ee608c1bfd0cebb7	—	2019-04-30
FileHash-SHA256	bca3470926f0e4203750873d89c9a181fd3bc22f037e09722fe72ff750175b38	—	2019-04-30
FileHash-SHA256	597350ea9f2efb2a6c385572f08aed54c779ac5379d16632ab40125059ce0613	—	2019-04-30
FileHash-SHA256	c291eae9176c86985159e94baf7d2acf330b52afd4873b6fccaf8d74658e20ae	—	2019-04-30
FileHash-SHA256	438fb85108f6bdd5d8167f14e28adf816fa91091c21673d01e0e6f5ba68c6328	—	2019-04-30
FileHash-SHA256	8e6112bee2334a3d690fb16253bffd57b9733a2fb931b28657d3a6aaee042336	—	2019-04-30
FileHash-SHA256	2a03efe1647f728696c625184ca8cab7c9d133dc7a1ebf5526482d76b269b9e1	—	2019-04-30
FileHash-SHA256	c4944fa64c80f36491704be92c881dfa0460ab6e260498e83a02bc09b7ee0605	—	2019-04-30
FileHash-SHA256	0e07c107268275557f421bb6a21af41b2491841095251d4eeac10ca478005333	—	2019-04-30
URL	http://wordqueshion.ddns.net	—	2019-04-30
URL	http://bitqueshions.ddns.net/VBCCSB-PC_CC5D85EE/setup.exe.	—	2019-04-30
hostname	winrouts.ddns.net	—	2019-04-30
hostname	lisingrout.ddns.net	—	2019-04-30
hostname	workusb.ddns.net	—	2019-04-30
hostname	gamework.ddns.net	—	2019-04-30
hostname	librework.ddns.net	—	2019-04-30
hostname	usbqueshions.ddns.net	—	2019-04-30
hostname	telemetriya.hopto.org	—	2019-04-30
hostname	torrent-videos.ddns.net	—	2019-04-30
hostname	wordqueshion.ddns.net	—	2019-04-30
hostname	bitqueshions.ddns.net	—	2019-04-30
hostname	bitwork.ddns.net	—	2019-04-30
hostname	workan.ddns.net	—	2019-04-30
FileHash-MD5	4238285f4d34944c7bb7ebb4a2ccceeb	—	2019-04-30
FileHash-MD5	8d4d133df52a4fe07833e80627b67cc6	—	2019-04-30
FileHash-SHA1	1b61a43dfe68a4c381e1ab8d02bd3a65857a874a	—	2019-04-30
FileHash-SHA1	0e2175a8f6328e1f020350bbb1edcb690b78fd17	—	2019-04-30

References (1)

↗ https://x.threatbook.cn/nodev4/vb4/article?threatInfoID=1417