Pulse Detail — Threat Intelligence

PULSE NAME

Gamaredon uses Strait of Hormuz Themed Phishing Document

WHITE Gamaredon Group AlienVault 2019-07-26 Modified: 2019-08-13

229

IOCs

HIGH VOLUME

↓ CSV ↓ JSON

russia

MITRE ATT&CK & Malware Families

MALWARE FAMILIES

Pteranodon

Indicators of Compromise (229)

All URL FileHash-SHA256 domain hostname FileHash-MD5 FileHash-SHA1

TYPE	INDICATOR	DESCRIPTION	CREATED
URL	http://macros5.space/	—	2019-07-26
URL	https://macros5.space/	—	2019-07-26
URL	http://libre1.space/	—	2019-07-26
URL	https://libre1.space/	—	2019-07-26
URL	http://libre-exel.site/VATOFJCFWL_40A3C5B8/	—	2019-07-26
URL	http://libre-exel.site/VATOFJCFWL_40A3C5B8/setup.exe	—	2019-07-26
URL	http://libre-exel.site/XXFUNRINQT_40A3C5B8/	—	2019-07-26
URL	http://libre-exel.site/XXFUNRINQT_40A3C5B8/setup.exe	—	2019-07-26
URL	http://bitsadmin10.space/	—	2019-07-26
URL	https://bitsadmin10.space/	—	2019-07-26
URL	http://bitsadmin3.space/OKHFJRTBLZO_40A3C5B8/	—	2019-07-26
URL	http://bitsadmin3.space/OKHFJRTBLZO_40A3C5B8/setup.exe	—	2019-07-26
URL	http://bitsadmin3.space/TPERFAJTYEK_40A3C5B8/	—	2019-07-26
URL	http://bitsadmin3.space/TPERFAJTYEK_40A3C5B8/setup.exe	—	2019-07-26
URL	http://bitsadmin3.space/VEAILMBOPRD_40A3C5B8/	—	2019-07-26
URL	http://bitsadmin3.space/VEAILMBOPRD_40A3C5B8/setup.exe	—	2019-07-26
URL	http://bitsadmin8.space/	—	2019-07-26
URL	https://bitsadmin8.space/	—	2019-07-26
URL	http://macros4.space/	—	2019-07-26
URL	https://macros4.space/	—	2019-07-26
URL	http://bitsadmin7.space/	—	2019-07-26
URL	https://bitsadmin7.space/	—	2019-07-26
URL	http://macros1.space/	—	2019-07-26
URL	https://macros1.space/	—	2019-07-26
URL	http://bitsadmin2.space/	—	2019-07-26
URL	http://bitsadmin2.space/XXFUNRINQT_40A3C5B8/	—	2019-07-26
URL	http://bitsadmin2.space/XXFUNRINQT_40A3C5B8/setup.exe	—	2019-07-26
URL	https://bitsadmin2.space/	—	2019-07-26
URL	http://zombieland.info/list.php	—	2019-07-26
URL	https://zombieland.info/	—	2019-07-26
URL	http://bitsadmin4.space/	—	2019-07-26
URL	https://bitsadmin4.space/	—	2019-07-26
URL	http://libre5.space/	—	2019-07-26
URL	https://libre5.space/	—	2019-07-26
URL	http://macros2.space/	—	2019-07-26
URL	https://macros2.space/	—	2019-07-26
URL	http://wifc.website/	—	2019-07-26
URL	http://wifc.website/RJSAKQVRWGL_40A3C5B8/ExelCreate_v.701E9CFA.sms	—	2019-07-26
URL	http://macros3.space/	—	2019-07-26
URL	https://macros3.space/	—	2019-07-26
URL	http://libre-360.site/WScript.Network_0/setup.exe	—	2019-07-26
URL	http://libre-360.site/lqwf3yyebkn-pc_88fdb972/setup.exe	—	2019-07-26
URL	http://libre-office.site/2fvjiu_400cd510/	—	2019-07-26
URL	http://libre-office.site/2fvjiu_400cd510/setup.exe	—	2019-07-26
URL	http://libre-office.site/qarolns_5DEEDFB2/	—	2019-07-26
URL	http://libre-office.site/qarolns_5DEEDFB2/setup.exe	—	2019-07-26
URL	http://xakep.fun/	—	2019-07-26
URL	http://bitsadmin6.space/	—	2019-07-26
URL	https://bitsadmin6.space/	—	2019-07-26
URL	http://libre-word.site/JOHNSON-PC_EC07C162/	—	2019-07-26
URL	http://libre-word.site/JOHNSON-PC_EC07C162/setup.exe	—	2019-07-26
URL	http://libre-ppt.site/VATOFJCFWL_40A3C5B8/	—	2019-07-26
URL	http://libre-ppt.site/VATOFJCFWL_40A3C5B8/setup.exe	—	2019-07-26
URL	http://certificate-verif.ddns.net/	—	2019-07-26
URL	http://certificate-verif.ddns.net/OKHFJRTBLZO_40A3C5B8/get.php	—	2019-07-26
URL	http://certificate-verif.ddns.net/TCMIHEIJKMUTCIX_40A3C5B8/get.php	—	2019-07-26
URL	http://certificate-verif.ddns.net/TPERFAJTYEK_40A3C5B8/get.php	—	2019-07-26
URL	http://www.wordmacros.space/	—	2019-07-26
FileHash-SHA256	388bfcc8e7980302d6d68be36e51bfc39d41be9e2fae4a354420451d7f97b3a0	—	2019-07-26
FileHash-SHA256	a8c0eb8febad4a4354369719a8cd08cc3644ae3fa9c230c7670be6b4bddc5e7a	—	2019-07-26
FileHash-SHA256	68047abb8c7141e0203864e41106b805e78ae36719d32e2cc117ec53363697a9	—	2019-07-26
FileHash-SHA256	7c8a9ad1e5ef691a6042cc81b7eca40fb8dc19a5fbc020222136472066285fb9	—	2019-07-26
FileHash-SHA256	9c8def2c9d2478be94fba8f77abd3b361d01b9a37cb866a994e76abeb0bf971f	—	2019-07-26
FileHash-SHA256	b171ba5ebe33674726144595d33c9649b26dc3be26a3061934ec4d37e755a944	—	2019-07-26
FileHash-SHA256	1cb5d0774760f28e28bfb753532c2276aa12920a3535f0b24e20ef5599ecb02b	—	2019-07-26
FileHash-SHA256	9975328ea55d7106ac034d23103886b659423d453d24d3408fb3a64e04ccd636	—	2019-07-26
FileHash-SHA256	cfa58e51ad5ce505480bfc3009fc4f16b900de7b5c78fdd2c6d6c420e0096f6b	—	2019-07-26
FileHash-SHA256	5931f5f77ffd2b42360293b0dca87414b898d299d143ab32176d7f88b1a8ed25	—	2019-07-26
FileHash-SHA256	61df6ec56d1bba329ce40d2ebcc8b83f68dc1856dc7a07b44277555f308b3974	—	2019-07-26
FileHash-SHA256	8d74276b17b574e1f0fa7a6989ba319871c6fa4af1a401332a0826a0e0a08e49	—	2019-07-26
FileHash-SHA256	79fd962eb0c256f32786dab4d42cb416f6c1e6766bf0e2dcafdf5ffa2c5e61c1	—	2019-07-26
FileHash-SHA256	189315e986eb577821e432c744c86991debd36c9bb2f124a79b1e94221222456	—	2019-07-26
FileHash-SHA256	6cdf2f4b0142bfd86781dad7364016af7a07710ceaebebd5c082e3b2465fef25	—	2019-07-26
FileHash-SHA256	ac8898650a19bc13ed52019d2349dc92d56bfe0549f9bae945ab8a9b14d2efe5	—	2019-07-26
domain	wordmacros.space	—	2019-07-26
domain	haker.space	—	2019-07-26
domain	wifa.website	—	2019-07-26
domain	libdan.site	—	2019-07-26
domain	libdag.site	—	2019-07-26
domain	overwatch.host	—	2019-07-26
domain	macros5.space	—	2019-07-26
domain	libre-exel.site	—	2019-07-26
domain	overload.website	—	2019-07-26
domain	libre1.space	—	2019-07-26
domain	libdal.site	—	2019-07-26
domain	bitsadmin10.space	—	2019-07-26
domain	libre3.space	—	2019-07-26
domain	wifu.space	—	2019-07-26
domain	fix-template.site	—	2019-07-26
domain	bitsadmin3.space	—	2019-07-26
domain	overload.space	—	2019-07-26
domain	cyberworld.website	—	2019-07-26
domain	bitsadmin8.space	—	2019-07-26
domain	libda.site	—	2019-07-26
domain	wify.space	—	2019-07-26
domain	libdam.site	—	2019-07-26
domain	wifo.host	—	2019-07-26
domain	libdas.site	—	2019-07-26
domain	libre4.space	—	2019-07-26
domain	libdak.site	—	2019-07-26
domain	dilana.space	—	2019-07-26
domain	bitsbitsa.space	—	2019-07-26
domain	libdab.site	—	2019-07-26
domain	bits-tor.space	—	2019-07-26
domain	macros4.space	—	2019-07-26
domain	gameworld.website	—	2019-07-26
domain	xakep.website	—	2019-07-26
domain	bitsadmin7.space	—	2019-07-26
domain	haker.host	—	2019-07-26
domain	furion.space	—	2019-07-26
domain	orlean.space	—	2019-07-26
domain	macros1.space	—	2019-07-26
domain	wifa.space	—	2019-07-26
domain	wifc.space	—	2019-07-26
domain	libdac.site	—	2019-07-26
domain	bitsadmin2.space	—	2019-07-26
domain	bitsbitsi.space	—	2019-07-26
domain	libdad.site	—	2019-07-26
domain	gameland.website	—	2019-07-26
domain	rainak.space	—	2019-07-26
domain	wifo.website	—	2019-07-26
domain	zombieland.info	—	2019-07-26
domain	bitsadmin4.space	—	2019-07-26
domain	libdadi.site	—	2019-07-26
domain	libre5.space	—	2019-07-26
domain	bits-tor.fun	—	2019-07-26
domain	wifc.host	—	2019-07-26
domain	bitsbitsl.space	—	2019-07-26
domain	wifb.website	—	2019-07-26
domain	macros2.space	—	2019-07-26
domain	libdah.site	—	2019-07-26
domain	libdade.site	—	2019-07-26
domain	bitsbitsk.space	—	2019-07-26
domain	librerty.space	—	2019-07-26
domain	haker.website	—	2019-07-26
domain	drovka.space	—	2019-07-26
domain	bitsbitsc.space	—	2019-07-26
domain	wifu.website	—	2019-07-26
domain	wify.website	—	2019-07-26
domain	wifc.website	—	2019-07-26
domain	niam.space	—	2019-07-26
domain	zombieland.host	—	2019-07-26
domain	wayto.host	—	2019-07-26
domain	advansed-template.site	—	2019-07-26
domain	bits-tor.website	—	2019-07-26
domain	bits-tor.host	—	2019-07-26
domain	bitsbitsb.space	—	2019-07-26
domain	libressimo.space	—	2019-07-26
domain	wifb.space	—	2019-07-26
domain	cyberworld.host	—	2019-07-26
domain	gameland.space	—	2019-07-26
domain	macros3.space	—	2019-07-26
domain	libre-360.site	—	2019-07-26
domain	gameworld.space	—	2019-07-26
domain	libdado.site	—	2019-07-26
domain	riki.space	—	2019-07-26
domain	wifo.space	—	2019-07-26
domain	bitsadmin9.space	—	2019-07-26
domain	libre-office.site	—	2019-07-26
domain	bitsadmin5.space	—	2019-07-26
domain	bitsadmin6.space	—	2019-07-26
domain	libre-word.site	—	2019-07-26
domain	xakep.fun	—	2019-07-26
domain	libdaf.site	—	2019-07-26
domain	libre-ppt.site	—	2019-07-26
domain	libre2.space	—	2019-07-26
hostname	www.wifo.site	—	2019-07-26
hostname	www.bits-tor.site	—	2019-07-26
hostname	www.wifu.site	—	2019-07-26
hostname	certificate-verif.ddns.net	—	2019-07-26
hostname	redict.ddns.net	—	2019-07-26
hostname	www.wifx.site	—	2019-07-26
hostname	www.wifb.site	—	2019-07-26
hostname	www.wifc.site	—	2019-07-26
hostname	www.haker.fun	—	2019-07-26
hostname	www.wordmacros.space	—	2019-07-26
hostname	www.wifa.site	—	2019-07-26
FileHash-MD5	e6c7740e22a800c4fd5bad5e3e530f91	—	2019-07-26
FileHash-SHA1	a8031f74110fe9f284747fa5e3ec085b2708e049	—	2019-07-26
URL	http://cresed.asia/	—	2019-08-13
URL	http://wizartopen.ddns.net/	—	2019-08-13
FileHash-SHA256	044e14f9a6766d116646914829282fe78784b55d031224a99b1ca68eb099bf30	—	2019-08-13
FileHash-SHA256	49d967385e4e3a059fab5d6e5a844f7195ab9cf535ce075f5ba296d51036b710	—	2019-08-13
FileHash-SHA256	6e4989a1b4625042e66c2e92500238ca9b2ed7f6d34d51ecb0c6f9c183e59e96	—	2019-08-13
FileHash-SHA256	88b4d7f38d475aaaae4a72b402e65b6dc32cad6411cddff35e025826da08a5f4	—	2019-08-13
FileHash-SHA256	8a644b1c8173745bf5909c4b53b39a66bd6a45673a2e10ae88b6990a96a77348	—	2019-08-13
FileHash-SHA256	909a9e67517a49ac10e8859c2efa5a613166f2a36ec8761905e4b5a8c3a90f57	—	2019-08-13
FileHash-SHA256	bfc8f56c28efa2a07844c6f9ff33556de0baf052b5ced421c9bb04a94f3ded0f	—	2019-08-13
FileHash-SHA256	c58168ca5ee709da20355ccd447f760d3fb6b63f372bd4344e0c824cfbc55ff1	—	2019-08-13
FileHash-SHA256	c9084f9a3aa3d15cad1a9a2c3d0a5d0293841b0826a3c4d22f7034391dfe2087	—	2019-08-13
FileHash-SHA256	ded4ea9f386226d93f2b5cd2af253bb8e33ca69cb130f5facba7545f142b6e1e	—	2019-08-13
URL	http://rnbo-ua.ddns.net/	—	2019-08-13
FileHash-SHA256	736adc67142592c219e75419a78b86ba52b6d147e42f75ae1ed8206da9536088	—	2019-08-13
FileHash-SHA256	d5436b7748fffbcac86998da0fb38c9e8ba6ec574b20efb3d018d075825f4889	—	2019-08-13
URL	http://const-gov.ddns.net	—	2019-08-13
URL	http://const-gov.ddns.net/	—	2019-08-13
FileHash-SHA256	ace916f03f8f7445f0f919c9e9500e27ac694ed3c66199072dea04e706edf3d1	—	2019-08-13
FileHash-SHA256	268c8c226cfa3d3a70c1bb4f35aea54e121a104fdaf76314470c1928a4d7a7ee	—	2019-08-13
FileHash-SHA256	61ce6592fa00a587533845b6ab972fffe39010ee05ae2b34a72b17b4d8e55bc6	—	2019-08-13
FileHash-SHA256	d0c58e37541e8b386ea5a01a639f9e0f02d2e8b37984fcc8acd26a7c8a3d1df1	—	2019-08-13
URL	http://shell-create.ddns.net/	—	2019-08-13
URL	http://bitclass.ddns.net/	—	2019-08-13
FileHash-SHA256	10870f58694919abf68d2cae9f63e4bd5e4f59c1343f7c931885a6b2cc2ee17d	—	2019-08-13
FileHash-SHA256	2a6be10950d6883e6826071485844a6fc4818a6830b6f45ae44c4a8feda72aa5	—	2019-08-13
FileHash-SHA256	3a14d02011ca6c37207a3c11a7c5ac93787dbefb4c561fd654512cc3cb380bc3	—	2019-08-13
FileHash-SHA256	4135bf3786dba27c3ee75f8a6eb0e3e2f260ef108465d27720ab65730640260c	—	2019-08-13
FileHash-SHA256	46770e537f8d4d609b29a90f23a11ade40363245c70a1be51a7e69fd232c79ba	—	2019-08-13
FileHash-SHA256	5b8cfae6aea55fd11e1fa5ada91efd6aa6693df49a26cd2eb2a03c397541a9e6	—	2019-08-13
FileHash-SHA256	ae906b2f8a59f157cb79bd3bd738a704ae470a2c181f862c8db630974c9ecbfa	—	2019-08-13
FileHash-SHA256	bc77242ce4f7893ff731052bfdd950e6e6104ca89ced3568ff3ec3355b5cc26d	—	2019-08-13
URL	http://clusb.ddns.net/	—	2019-08-13
domain	cresed.asia	—	2019-08-13
domain	subscriber.site	—	2019-08-13
FileHash-SHA256	02013f0c6767eb7f0538510ba6ede0103e797fa7b9bc2733d00e3710702fdf1c	—	2019-08-13
FileHash-SHA256	f403033cd5e71cb437d84ec8ac5e2979fc59ea72030e5739ef1559f76295de3f	—	2019-08-13
FileHash-SHA256	d54efc2084b5fe74ac4c03a1b6d85b28fb18623b5fded7f6a055e0c6d22bf9e3	—	2019-08-13
FileHash-SHA256	648557137c9e644ee203980d6695897fecb25cde049db45b5da580d142c121b5	—	2019-08-13
FileHash-SHA256	bc39db24919b69e80bfb534204f4441a162ca336379bf9eb66b038e039889aac	—	2019-08-13
hostname	wizartopen.ddns.net	—	2019-08-13
hostname	usbcruizer.ddns.net	—	2019-08-13
hostname	rnbo-ua.ddns.net	—	2019-08-13
hostname	bitclass.ddns.net	—	2019-08-13
hostname	getclass.ddns.net	—	2019-08-13
hostname	const-gov.ddns.net	—	2019-08-13
hostname	shell-create.ddns.net	—	2019-08-13
hostname	luksclass.ddns.net	—	2019-08-13
hostname	clusb.ddns.net	—	2019-08-13
hostname	luksvery.ddns.net	—	2019-08-13
hostname	cretors.ddns.net	—	2019-08-13

References (1)

↗ https://twitter.com/Arkbird_SOLG/status/1154587261595475968