← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Energy and Power Sector Cyber Threat Intel - Key Insights (May 2022)
In May, an updated version of the ArguePatch malware loader was used in the Industroyer2 attack against a Ukrainian energy provider. It was used in several attack campaigns such as data wiping malware, CaddyWiper. The group behind the attacks was Sandworm APT group that regularly updates its arsenal for campaigns targeting Ukraine.
Other Major Incidents
To target Russia, the Anonymous collective regularly targeted Russia with cyberattacks. The attacks were aimed at the state’s institutions and business entities. An e-mail was discovered using a tactic where the message was delivered to a coffee company in Ukraine that was seemingly sent by an oil provider in Saudi Arabia. Pretending to be a purchase order, a PDF file image was shown in the body of the email, a link to an ISO file (GuLoader). The fluctuations in the energy market motivated the attackers to use exploit the global interest.
MITRE ATT&CK & Malware Families
MALWARE FAMILIES
ArguePatch
Indicators of Compromise (33)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | 1938380a81a23b8b1100de8403b583a7 | MD5 of 1724a0a3c9c73f4d8891f988b5035effce8d897ed42336a92e2c9bc7d9ee7f5a | 2022-06-27 | |
| FileHash-MD5 | 3229e8c4150b5e43f836643ec9428865 | — | 2022-06-27 | |
| FileHash-MD5 | 487196ecd966622d96bd5ff5d6e39f00 | MD5 of 4a1b6b30209c35ab180fa675a769e3285f54597963dd0bb29f7adb686ba88b79 | 2022-06-27 | |
| FileHash-MD5 | 73561d9a331c1d8a334ec48dfd94db99 | MD5 of bcdf0bd8142a4828c61e775686c9892d89893ed0f5093bdc70bde3e48d04ab99 | 2022-06-27 | |
| FileHash-MD5 | 97ad7f3ed815c0528b070941be903d07 | — | 2022-06-27 | |
| FileHash-MD5 | 9ec8468dd4a81b0b35c499b31e67375e | MD5 of cda9310715b7a12f47b7c134260d5ff9200c147fc1d05f030e507e57e3582327 | 2022-06-27 | |
| FileHash-MD5 | b0ea835219ad8e9199a1193d5de8cfc2 | MD5 of 796362bd0304e305ad120576b6a8fb6721108752 | 2022-06-27 | |
| FileHash-MD5 | b63b9929b8f214c4e8dcff7956c87277 | MD5 of fc0e6f2effbfa287217b8930ab55b7a77bb86dbd923c0e8150551627138c9caa | 2022-06-27 | |
| FileHash-MD5 | c012417c6e5d2210fbe0bc36a79d577b | MD5 of 14d52119459ef12be3a2f9a3a6578ee3255580f679b1b54de0990b6ba403b0fe | 2022-06-27 | |
| FileHash-MD5 | fbe32784c073e341fc57d175a913905c | — | 2022-06-27 | |
| FileHash-MD5 | fc94d6d184bce05194888f5e968a4934 | MD5 of c4debff9c0ec8a56aea5cd97215c6c906bd475ea8bd521fb9a346a4c992a0448 | 2022-06-27 | |
| FileHash-SHA1 | 041ef39a95c810daf4f02f80e3e858175bb1902e | SHA1 of 14d52119459ef12be3a2f9a3a6578ee3255580f679b1b54de0990b6ba403b0fe | 2022-06-27 | |
| FileHash-SHA1 | 13aa2b7c1dad663462efc0a88d64770d2bc5dc4d | SHA1 of fc0e6f2effbfa287217b8930ab55b7a77bb86dbd923c0e8150551627138c9caa | 2022-06-27 | |
| FileHash-SHA1 | 3cdbc19bc4f12d8d00b81380f7a2504d08074c15 | SHA1 of bcdf0bd8142a4828c61e775686c9892d89893ed0f5093bdc70bde3e48d04ab99 | 2022-06-27 | |
| FileHash-SHA1 | 6fa04992c0624c7aa3ca80da6a30e6de91226a16 | SHA1 of cda9310715b7a12f47b7c134260d5ff9200c147fc1d05f030e507e57e3582327 | 2022-06-27 | |
| FileHash-SHA1 | 796362bd0304e305ad120576b6a8fb6721108752 | — | 2022-06-27 | |
| FileHash-SHA1 | 8f68717be50c0ad2eadd130d90fac316b6505650 | SHA1 of c4debff9c0ec8a56aea5cd97215c6c906bd475ea8bd521fb9a346a4c992a0448 | 2022-06-27 | |
| FileHash-SHA1 | 9ce1491ce69809f92ae1fe8d4c0783bd1d11fbe7 | SHA1 of 1724a0a3c9c73f4d8891f988b5035effce8d897ed42336a92e2c9bc7d9ee7f5a | 2022-06-27 | |
| FileHash-SHA1 | c7d86cbb53e2d271353bc2d6d0bfebfc78d20869 | SHA1 of 4a1b6b30209c35ab180fa675a769e3285f54597963dd0bb29f7adb686ba88b79 | 2022-06-27 | |
| FileHash-SHA256 | 14d52119459ef12be3a2f9a3a6578ee3255580f679b1b54de0990b6ba403b0fe | — | 2022-06-27 | |
| FileHash-SHA256 | 1724a0a3c9c73f4d8891f988b5035effce8d897ed42336a92e2c9bc7d9ee7f5a | — | 2022-06-27 | |
| FileHash-SHA256 | 43d07f28b7b699f43abd4f695596c15a90d772bfbd6029c8ee7bc5859c2b0861 | — | 2022-06-27 | |
| FileHash-SHA256 | 4a1b6b30209c35ab180fa675a769e3285f54597963dd0bb29f7adb686ba88b79 | — | 2022-06-27 | |
| FileHash-SHA256 | 7062403bccacc7c0b84d27987b204777f6078319c3f4caa361581825c1a94e87 | — | 2022-06-27 | |
| FileHash-SHA256 | 87ca2b130a8ec91d0c9c0366b419a0fce3cb6a935523d900918e634564b88028 | — | 2022-06-27 | |
| FileHash-SHA256 | 8f096e3b5ecd2aca35794a85f8b76093b3968a8737e87e8008710b4014c779e3 | SHA256 of 796362bd0304e305ad120576b6a8fb6721108752 | 2022-06-27 | |
| FileHash-SHA256 | bcdf0bd8142a4828c61e775686c9892d89893ed0f5093bdc70bde3e48d04ab99 | — | 2022-06-27 | |
| FileHash-SHA256 | c4debff9c0ec8a56aea5cd97215c6c906bd475ea8bd521fb9a346a4c992a0448 | — | 2022-06-27 | |
| FileHash-SHA256 | cda9310715b7a12f47b7c134260d5ff9200c147fc1d05f030e507e57e3582327 | — | 2022-06-27 | |
| FileHash-SHA256 | fc0e6f2effbfa287217b8930ab55b7a77bb86dbd923c0e8150551627138c9caa | — | 2022-06-27 | |
| URL | http://bounceclick.live/VVB/COrg_RYGGqN229.binb | — | 2022-06-27 | |
| domain | bounceclick.live | — | 2022-06-27 | |
| domain | zoneofzenith.com | — | 2022-06-27 |