← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
The Gamaredon Group: A TTP Profile Analysis
WHITE Gamaredon Group AlienVault 2019-08-22 Modified: 2019-10-14
54
IOCs
HIGH VOLUME
FortiGuard Labs recently discovered a fresh malicious campaign being run by the Gamaredon Group possibly targeting Ukrainian law enforcement and government agencies. We decided to provide an analysis of the current campaign, particularly focusing on the tools and methods used by these malicious actors to try to understand their methodologies and what resources are needed to launch these types of attacks. Additional IOCs have been added to this pulse from Alien Labs telemetry.
Indicators of Compromise (54)
All FileHash-SHA256 URL hostname domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 183d19bed31957604ceaa8187626ff93ceb37c1ac0e775bdd2fa978b51a7a694 2019-08-22
FileHash-SHA256 41a6e54e7ac2d488151d2b40055f3d7cacce7fb53e9d33c1e3effd4fce801410 2019-08-22
FileHash-SHA256 54fd3a8b57afb73919275f6208e758256ac0054eccb1afb8184427d243a9f8b9 2019-08-22
FileHash-SHA256 61a611e3be93a6b0511ee11a26fedcb6a96ba1101f31afe5cf7b9abffeb5ab28 2019-08-22
FileHash-SHA256 653a4205fa4bb7c58ef1513cac4172398fd5d65cab78bef7ced2d2e828a1e4b5 2019-08-22
FileHash-SHA256 956fbaafb5f59e8c7e67b04647d0973d57c5949aa47eec8e9e20c20709512074 2019-08-22
FileHash-SHA256 ffc438d33f45ea56935f2bb6fca29e71862ecafb8b7e69ea19abd6df2d255075 2019-08-22
FileHash-SHA256 46638ca3be6cdbd302e84c26bf14bfda6ed0c1353808914b40246c40fdb5b8ed 2019-08-22
FileHash-SHA256 5b2c7b05368d825a4f3b10d74074d0803234f918166436d3e48ef7f9faf66461 2019-08-22
FileHash-SHA256 92b474f037796e67cd2f36199a95c9feff46af7e58f4d528567f3f0a857132bf 2019-08-22
FileHash-SHA256 257f7f67c59ec8f3837c7e4c99b1dc20c5cd0273bd940beef46d5e641393be37 2019-08-22
FileHash-SHA256 6b5f4aea458fb737e213714b3dda51f31b03ccb53a6a0501ee608c1bfd0cebb7 2019-08-22
FileHash-SHA256 d2bbecda830821ed3a00737c67fecb7985d612af58a31a1ee8488ad0409ed23b 2019-08-22
FileHash-SHA256 79fd962eb0c256f32786dab4d42cb416f6c1e6766bf0e2dcafdf5ffa2c5e61c1 2019-08-22
FileHash-SHA256 18cd658fac1dd52a75b4eb6558d06dfe5be0e4db7078d72f663c44507449168c 2019-08-22
FileHash-SHA256 0a6aae425a5e36f68b5da69157d2df4e7d836933adfd0696c389097ecb4a0fd7 2019-08-22
FileHash-SHA256 258ecb059c15178caed309a4861421d9f2436e70fb36fb1bf05e95d8d8d7c7e3 2019-08-22
FileHash-SHA256 e1e31702aad4bd7557a05906eb3004e9a72d77aa57e448379bee9a350cbba657 2019-08-22
FileHash-SHA256 3b50342b6cd96f400fbf7f00098a7dfcc9561037e4aa0bad8cfeafbb6f17923b 2019-08-22
FileHash-SHA256 3725f82661852d89874a3748302bbf27990d25fc10d28831f1ad35a6c6d3b4bd 2019-08-22
FileHash-SHA256 c7bed1150d1b8b3b97454d1e47b6c246fffc471dd03d5a1d094bdf2d807b8e5e 2019-08-22
FileHash-SHA256 04ed2ad4fa67c8abd635d34017c3d04813690a91282a0446c0505b2af97ce48b 2019-08-22
FileHash-SHA256 842612d1afdf78cb8893018f3aeeec7df9f5f0ab245fe8e6d6b28519d0787937 2019-08-22
FileHash-SHA256 5e16a71c7b99cb2780c31af34b268b78525b2b8fed55ff9e7bd4db8b1ba66f90 2019-08-22
FileHash-SHA256 995e6e0f90c58c82744545bf133b8c4c17decbe851953b0ffe5b21d625cade7d 2019-08-22
FileHash-SHA256 7ba638e8a53e6d1713b8f045c27170ef4a75c88197c57fffe227ca2ab05271e7 2019-08-22
FileHash-SHA256 bc39db24919b69e80bfb534204f4441a162ca336379bf9eb66b038e039889aac 2019-08-22
FileHash-SHA256 a67167f363c2501d6a1436e5f8c12693d7cf9d2f3ca1f71b21c292f041f91c7a 2019-08-22
URL http://wifu.site 2019-08-22
URL http://usbqueshions.ddns.net 2019-08-22
URL http://bits-tor.site 2019-08-22
URL http://bits-tor.host 2019-08-22
URL http://librework.ddns.net 2019-08-22
URL http://lisingrout.ddns.net 2019-08-22
URL http://wifc.website 2019-08-22
hostname librework.ddns.net 2019-08-22
hostname usbqueshions.ddns.net 2019-08-22
hostname lisingrout.ddns.net 2019-08-22
domain bits-tor.site 2019-08-26
domain wifc.website 2019-08-26
domain wifu.site 2019-08-26
domain bits-tor.host 2019-08-26
FileHash-SHA256 6e2e9f4384e6f462914d106a3f46fb17b00628c5f29a6007a557ed69d4515953 2019-09-11
hostname list-sert.ddns.net 2019-09-11
FileHash-SHA256 4869962606eaf5f066751d4cbd7b77cb2a5702e485e320e8a3f19c89e6e200fd 2019-09-11
FileHash-SHA256 a94b4e7ecd9482b0e610b2521727715d1d401d775617512514bdd2e0b9351e06 2019-09-11
FileHash-SHA256 f403033cd5e71cb437d84ec8ac5e2979fc59ea72030e5739ef1559f76295de3f 2019-09-11
FileHash-SHA256 61ce6592fa00a587533845b6ab972fffe39010ee05ae2b34a72b17b4d8e55bc6 2019-09-11
FileHash-SHA256 268c8c226cfa3d3a70c1bb4f35aea54e121a104fdaf76314470c1928a4d7a7ee 2019-09-11
FileHash-SHA256 63bbf3a5ddfb637aea0deaf39aca470f5d58820894c4df6000e57110847e5b5a 2019-09-11
FileHash-SHA256 2c7108e206292eec27f694360a33d9383ee55367ee85cb8bfb272d8169159943 2019-09-16
hostname temppost.ddns.net 2019-09-16
hostname office-constructor.ddns.net 2019-09-30
FileHash-SHA256 e5734d088a934cfb120ce9f61e6e840e45711bb9d453ecf78be398a41d501850 2019-10-14
References (1)
↗ https://www.fortinet.com/blog/threat-research/gamaredon-group-ttp-profile-analysis.html