← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
State-sponsored Attack Groups Capitalise on Russia-Ukraine War for Cyber Espionage - Check Point Research
WHITE El Machete CyberHunter_NL 2022-04-05 Modified: 2022-05-05
99
IOCs
HIGH VOLUME
State-sponsored cyber-espionage groups around the world are using the ongoing Russia-Ukraine war as a bait for their operations, according to research by Check Point Research, a leading security firm.
golangdnstcphttpblogspotadobe.msiel machetelyceumc serverukrainepythonapt groupmiddle eastdnsdigsaudi arabianicaraguac communicationsidewinderdarkkremlinkeyloggeragentvirustotalimpactdecoycve201711882webdl
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Golang DNS TCP HTTP Adobe.msi BlogSpot
Indicators of Compromise (99)
All hostname URL domain FileHash-MD5 FileHash-SHA1 FileHash-SHA256 CVE YARA
TYPEINDICATORDESCRIPTIONCREATED
hostname asymmetricfile.blogspot.com 2022-04-05
hostname postinfomatico.blogspot.com 2022-04-05
hostname intelligent-archimedes.51-79-62-98.plesk.page 2022-04-05
hostname great-jepsen.51-79-62-98.plesk.page 2022-04-05
URL https://great-jepsen.51-79-62-98.plesk.page/MKS/w3/Adobe.msi 2022-04-05
URL https://postinfomatico.blogspot.com 2022-04-05
URL https://asymmetricfile.blogspot.com 2022-04-05
URL https://Intelligent-archimedes.51-79-62-98.plesk.page/x3/Uu-3.php 2022-04-05
domain cyberclub.one 2022-04-05
FileHash-MD5 14d3040db6d97f13250c438e2acb64ac MD5 of ed09da9d48afe918f9c7f72fe4466167e2f127a28a7641ba80d6165e82f48431 2022-04-05
FileHash-SHA1 c66d5875b5db70aad23c868449c3cabbf5d90d0f SHA1 of ed09da9d48afe918f9c7f72fe4466167e2f127a28a7641ba80d6165e82f48431 2022-04-05
FileHash-SHA256 ed09da9d48afe918f9c7f72fe4466167e2f127a28a7641ba80d6165e82f48431 2022-04-05
FileHash-MD5 8199f14502e80581000bd5b3bda250ee 2022-04-05
FileHash-MD5 bcb465cc2257e5777bab431690ca5039 2022-04-05
FileHash-MD5 d79687676d2d152aec4143c852bdbc4a 2022-04-05
FileHash-SHA1 0bc47b1044d1c795ab6cb9d51003e13ade567c6d SHA1 of 8199f14502e80581000bd5b3bda250ee 2022-04-05
FileHash-SHA1 5a0f97b4aa465f64e6d8f640c2ccb36b400fc68c SHA1 of d79687676d2d152aec4143c852bdbc4a 2022-04-05
FileHash-SHA1 8f6a891d5de2afefc2c9c6ce2747fe6daedaefeb SHA1 of bcb465cc2257e5777bab431690ca5039 2022-04-05
FileHash-SHA256 5f0e0f0abc28ccc1911533fd035e984b4183eb9838bb41c1f6589de84a617ca6 SHA256 of d79687676d2d152aec4143c852bdbc4a 2022-04-05
FileHash-SHA256 ba73116c7cf6faf3aa97b497cf7472b2a115a3b5ad7ad85f7919ff81a1ff2b9a SHA256 of 8199f14502e80581000bd5b3bda250ee 2022-04-05
FileHash-SHA256 d41fb37b5f32eb817801156d04df1384a2b9ad77deb6974ac73d212710e4f551 SHA256 of bcb465cc2257e5777bab431690ca5039 2022-04-05
CVE CVE-2017-11882 2022-04-05
FileHash-MD5 13814a190f61b36aff24d6aa1de56fe2 2022-04-05
FileHash-MD5 1a5489147a888c4f5f32e97ffcb01733 2022-04-05
FileHash-MD5 1c444ebeba24dcba8628b7dfe5fec7c6 2022-04-05
FileHash-MD5 214011a0d57b1d8238532be4f6414f58 2022-04-05
FileHash-MD5 23d174e6a0905fd59b2613d5ac106261 2022-04-05
FileHash-MD5 2adef8c6699b0791a7636e8071e434fa MD5 of 7115580f8235a0bbce61e8af79c3ed5cbe46900912eb0765ccaee82213a9275e 2022-04-05
FileHash-MD5 2bc2abefc1a721908bc805894b62227d 2022-04-05
FileHash-MD5 37a1514a7a5f9b2c6786096129a30721 2022-04-05
FileHash-MD5 37fe608983d4b06a5549247f0e16bc11 2022-04-05
FileHash-MD5 53542ec51daf61fba2d26fe91b7d701f 2022-04-05
FileHash-MD5 5916e5189ef0050dfcc3cc19382d08d5 2022-04-05
FileHash-MD5 6aeca48c9090b301b3fdf9da4382c882 2022-04-05
FileHash-MD5 73bddd5f1a0847ae5f5d55e7d9c177f6 2022-04-05
FileHash-MD5 8044dc6078b003698d6e1cbbd22a9ea6 2022-04-05
FileHash-MD5 85ca334f87667bd7fa0c47ae6149353e 2022-04-05
FileHash-MD5 8b01dec07856a67db0e0d849bc84fd9e 2022-04-05
FileHash-MD5 8d51fbb90ad5942cd1a5a6534bd9d1d7 2022-04-05
FileHash-MD5 9fb86915db1b7c00f1a4587de4e052de 2022-04-05
FileHash-MD5 9fcad8f97eeae10f7a222eca94cb9a5f 2022-04-05
FileHash-MD5 a437f997d45bc14e76d0f2482f572a34 2022-04-05
FileHash-MD5 a5cdd225208381e2ecc6d820dce5c8b8 MD5 of c6c794348d17d40c544487154ca72e8e6199b670f804ee25d7bcd9ff884d67b1 2022-04-05
FileHash-MD5 a5dbfd729b6fd64a6c4fd77a3e356989 2022-04-05
FileHash-MD5 bbc955b1289b4f90fdfb8906606597e9 MD5 of f765b0b6e4a34eb95c6f0ddf058bc88d5ef9ec2b11a5f3504d1673f4f69aceca 2022-04-05
FileHash-MD5 c41ffcbd933039bb6981d05b4c4c673e 2022-04-05
FileHash-MD5 ce186cda677f0120cfdb308803b8e8d8 2022-04-05
FileHash-MD5 d962dd55fde800d972a156f5c63a6243 2022-04-05
FileHash-MD5 e03c7e3e8957ede592de07d3dca247b7 2022-04-05
FileHash-MD5 f3b395661cc663c1baad41b439622071 2022-04-05
FileHash-MD5 f72768f352994ecce3b9e5109fe93eec 2022-04-05
FileHash-MD5 f8c29040122cf892190bcf3665975d2f 2022-04-05
FileHash-MD5 f9fd9e32cb04c4fc93e65f48562ecad3 2022-04-05
FileHash-SHA1 08fd3f4cdcb6e4c3cb28935c41781e5fe84bf0c6 SHA1 of 13814a190f61b36aff24d6aa1de56fe2 2022-04-05
FileHash-SHA1 4900ce4dbad498ed8245bbc5c1abadbf89180032 SHA1 of c6c794348d17d40c544487154ca72e8e6199b670f804ee25d7bcd9ff884d67b1 2022-04-05
FileHash-SHA1 6811b418c052baec7e74260e36e6e3cd34b202b0 SHA1 of f765b0b6e4a34eb95c6f0ddf058bc88d5ef9ec2b11a5f3504d1673f4f69aceca 2022-04-05
FileHash-SHA1 adf0479481869f31d9e691cec3dc96689dc5bee9 SHA1 of 7115580f8235a0bbce61e8af79c3ed5cbe46900912eb0765ccaee82213a9275e 2022-04-05
FileHash-SHA1 d65b0cbc3fab280d20c9c60e769e62041f3dd9b9 SHA1 of a5dbfd729b6fd64a6c4fd77a3e356989 2022-04-05
FileHash-SHA256 221292a9f77f1a16fa0a7ed41b0eedbd312475dd9a5104c7923ed7889ea0f292 SHA256 of 13814a190f61b36aff24d6aa1de56fe2 2022-04-05
FileHash-SHA256 4c22116b68732f8fe9e2fb5e56e9ff798f30805f9008e4f7a4be1e1c830162b8 2022-04-05
FileHash-SHA256 65e48c986d185d156999adc762d7bff84ddbf44851419d66c2985a2ccc2e072d 2022-04-05
FileHash-SHA256 7115580f8235a0bbce61e8af79c3ed5cbe46900912eb0765ccaee82213a9275e 2022-04-05
FileHash-SHA256 7ea7cae7dd6353831359179f4834ac4c2e9022659e205ca8506f372aad63f629 2022-04-05
FileHash-SHA256 8e1360cc27e95fc47924d9ba3ef84cb8fa9e142cfd16e1503c5277d0c16ae241 2022-04-05
FileHash-SHA256 907ccb541d0066d36701310e86e1d2b61448178d1d36f6748af0b3163ca273ac 2022-04-05
FileHash-SHA256 964f04355d636c596e9b622f589d87c5818aa0ac9666012ed62b7819d2220c7a SHA256 of a5dbfd729b6fd64a6c4fd77a3e356989 2022-04-05
FileHash-SHA256 96b33df5720901b4f2fc6fb810b6eca994fb8b2ff0edc0aa456195a7c9115615 2022-04-05
FileHash-SHA256 a26751cde843d44506ccece87d6347ede5071703bfd63fb12f8982eae7aaf3dd 2022-04-05
FileHash-SHA256 a5f0af1124f7abf06e712a2bfb4f1104ee0df179343020577959339617db69b3 2022-04-05
FileHash-SHA256 b9bf3e9725696331916e32e5936111e1166867b1d2d3ab05e46b9fff8679cf8f 2022-04-05
FileHash-SHA256 bb4b04eff1b5154d23b2636fc55222e4f27c654777f348edee47c920e457835e 2022-04-05
FileHash-SHA256 c6c794348d17d40c544487154ca72e8e6199b670f804ee25d7bcd9ff884d67b1 2022-04-05
FileHash-SHA256 ca4182fbaf3f02d9b428f7e851d5a679d6dcfceafabb245cff155b48d9c09307 2022-04-05
FileHash-SHA256 caac5087528dde6839481133737de12af973080184b2aa0b2eb35af88875adbb 2022-04-05
FileHash-SHA256 da81697353fe3238920a8c2c4cbbf25a298b3e3414f988ece0cf7afb73e3e0a5 2022-04-05
FileHash-SHA256 e27f75c4e4e74bff20270ec0f2bd41a4b54c121bcb811451a67c831dba1e4c03 2022-04-05
FileHash-SHA256 e2c67e495166be1b97134e67b2326e1b800d3d4d8dba4bc61fd3f8eb3a92d612 2022-04-05
FileHash-SHA256 e3718adaca6eafeba6ff171669210cb55a3b8babf3b78072cc513273b99a7639 2022-04-05
FileHash-SHA256 e60ea877d008e61cb625b4f8b2d712ce9289892f7e799dbb1030301e2db4b0ac 2022-04-05
FileHash-SHA256 ebbcc2075fcb0ba18d43475b8454c51b35bb65e1ed323b657ea7d9651e98074d 2022-04-05
FileHash-SHA256 f765b0b6e4a34eb95c6f0ddf058bc88d5ef9ec2b11a5f3504d1673f4f69aceca 2022-04-05
URL http://31.207.44.72:8080 2022-04-05
URL http://8.0.26.0 2022-04-05
URL https://correomindefensagobvemyspace.com/kolomenskoye/Adobe.msi 2022-04-05
URL https://solutionconect.online/uu2/x3/JavaOracle.msi 6468ac9f9bca964f3910fc967b80781c1c8634300e36f95ae49056d91a2734bf 2022-04-05
YARA 1013a68fbb3b4f05cf2b1e642071f1c3f8e9af88 2022-04-05
YARA 2d79e75d58d14de341a5ef5218821ba729942288 2022-04-05
YARA 4f4f2f449c71b90c76a5fe54b8eea285865378e0 2022-04-05
YARA 55f0494861a4064ca532817cc19b5b506ab254f6 2022-04-05
YARA dca1f1581a0c6fe7647e710ba4ef035308523823 2022-04-05
domain correomindefensagobvemyspace.com 2022-04-05
domain kpt-pk.net 2022-04-05
domain main.download 2022-04-05
domain news-reporter.xyz 2022-04-05
domain news-spot.live 2022-04-05
domain news-spot.xyz 2022-04-05
domain science-news.live 2022-04-05
domain solutionconect.online 2022-04-05
hostname maritimepakistan.kpt-pk.net 2022-04-05
References (1)
↗ https://research.checkpoint.com/2022/state-sponsored-attack-groups-capitalise-on-russia-ukraine-war-for-cyber-espionage/