← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
New spear phishing campaign targets Russian dissidents | Malwarebytes Labs
WHITE CyberHunter_NL 2022-03-30 Modified: 2022-04-25
29
IOCs
MEDIUM VOLUME
A new spear phishing campaign targeting Russian dissidents has been identified by Malwarebytes, a security firm that monitors cyber attacks in Ukraine and the Middle East, and has identified a number of new threats.
quasarcobalt strikecablesspowershell ratministrycommunicationsrussiartf fileukrainecve202140444supervisionmass mediafederationpowershellscarabformbookquasar ratservice
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
PowerShell Rat Cabless Cobalt Strike Quasar
Indicators of Compromise (29)
All domain CVE FileHash-SHA256 URL hostname
TYPEINDICATORDESCRIPTIONCREATED
domain mosreg.ru 2022-03-30
domain ukr.net 2022-03-30
domain mvd.ru 2022-03-30
domain cap.ru 2022-03-30
domain bk.ru 2022-03-30
CVE CVE-2017-0199 2022-03-30
CVE CVE-2021-40444 2022-03-30
FileHash-SHA256 38f2b578a9da463f555614e9ca9036337dad0af4e03d89faf09b4227f035db20 2022-03-30
FileHash-SHA256 4e1304f4589a706c60f1f367d804afecd3e08b08b7d5e6bd8c93384f0917385c 2022-03-30
FileHash-SHA256 9d4640bde3daf44cc4258eb5f294ca478306aa5268c7d314fc5019cf783041f0 2022-03-30
FileHash-SHA256 b19af42ff8cf0f68e520a88f40ffd76f53a27dffa33b313fe22192813d383e1e 2022-03-30
FileHash-SHA256 c7dd490adb297b7f529950778b5a426e8068ea2df58be5d8fd49fe55b5331e28 2022-03-30
FileHash-SHA256 d4eaf26969848d8027df7c8c638754f55437c0937fbf97d0d24cd20dd92ca66d 2022-03-30
URL http://wallpaper.skin/office/updates/GtkjdsjkyLkjhsTYhdsd/exploit.html 2022-03-30
URL http://wallpaper.skin/office/updates/GtkjdsjkyLkjhsTYhdsd/putty.exe 2022-03-30
URL http://wallpaper.skin/office/updates/GtkjdsjkyLkjhsTYhdsd/putty.exe' 2022-03-30
URL http://wikipedia-book.vote/async/newtab_ogb 2022-03-30
domain 38edu.ru 2022-03-30
domain astrobl.ru 2022-03-30
domain digital-ministry.ru 2022-03-30
domain minobr-altai.ru 2022-03-30
domain stavminobr.ru 2022-03-30
domain swordoke.com 2022-03-30
domain wallpaper.skin 2022-03-30
domain wikipedia-book.vote 2022-03-30
hostname 66.fskn.gov.ru 2022-03-30
hostname minobrnauki.gov.ru 2022-03-30
hostname mo.udmr.ru 2022-03-30
hostname mon.alania.gov.ru 2022-03-30
References (1)
↗ https://blog.malwarebytes.com/threat-intelligence/2022/03/new-spear-phishing-campaign-targets-russian-dissidents/