← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Cyber ​​attack of UAC-0010 group (Armageddon) on state organizations of Ukraine
WHITE Gamaredon Group AlienVault 2022-04-08 Modified: 2022-05-08
34
IOCs
MEDIUM VOLUME
The Governmental Team for Response to Computer Emergencies of Ukraine CERT-UA received an e-mail from the coordinating subject with the subject "№1275 from 07.04.2022", containing the HTML file of the same name, the opening of which will lead to the creation of an archive on the computer " 1275_07.04.2022.rar ". The latter contains an LNK file "On the facts of persecution and murder of prosecutors by the Russian military in the temporarily occupied territories.lnk", the opening of which will lead to the download and launch of the payload.
GamaredonArmageddonUAC-0010Primitive Beargeopolitical conflict
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (5 / 34 total)
All domain URL email hostname FileHash-MD5 FileHash-SHA256
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 16868c4fadd1d4874bcb32c6fa80123b 2022-04-08
FileHash-MD5 1cce0fb426cd2bd3182c544af19e9c61 2022-04-08
FileHash-MD5 b4f22ee176ab9f579cad79c85c18a72a 2022-04-08
FileHash-MD5 cde5cb3f8bb1d520a52d7e279155fc39 2022-04-08
FileHash-MD5 d6fe6243a9b4293db6384f22524ff709 2022-04-08
References (1)
↗ https://cert.gov.ua/article/39386