Pulse Detail — Threat Intelligence

PULSE NAME

Calisto show interests into entities involved in Ukraine war support

WHITE Calisto AlienVault 2022-12-07 Modified: 2022-12-07

IOCs

HIGH VOLUME

An investigation by security company SEKOIA.IO has identified a Russian-nexus intrusion set, suspected to be targeting military and strategic research sectors such as NATO entities and a Ukraine-based defense contractor.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1553 T1566 T1566 T1204

MALWARE FAMILIES

Calisto

Indicators of Compromise (85)

All domain

TYPE	INDICATOR	DESCRIPTION	CREATED
domain	access-confirmation.com	—	2022-12-07
domain	allow-access.com	—	2022-12-07
domain	antibots-service.com	—	2022-12-07
domain	apicomcloud.com	—	2022-12-07
domain	as-mvd.ru	—	2022-12-07
domain	attach-docs.com	—	2022-12-07
domain	attach-update.com	—	2022-12-07
domain	blueskynetwork-drive.com	—	2022-12-07
domain	blueskynetwork-shared.com	—	2022-12-07
domain	botguard-checker.com	—	2022-12-07
domain	botguard-web.com	—	2022-12-07
domain	challenge-identifier.com	—	2022-12-07
domain	challenge-share.com	—	2022-12-07
domain	checker-bot.com	—	2022-12-07
domain	cija-docs.com	—	2022-12-07
domain	cija-drive.com	—	2022-12-07
domain	cloud-safety.online	—	2022-12-07
domain	cloud-us.online	—	2022-12-07
domain	default-dns.online	—	2022-12-07
domain	disk-previewer.com	—	2022-12-07
domain	dns-cache.online	—	2022-12-07
domain	dns-challenge.com	—	2022-12-07
domain	dns-cookie.com	—	2022-12-07
domain	dns-mvd.ru	—	2022-12-07
domain	docs-cache.online	—	2022-12-07
domain	docs-collector.com	—	2022-12-07
domain	docs-shared.online	—	2022-12-07
domain	docs-storage-ltd.com	—	2022-12-07
domain	docs-viewer.online	—	2022-12-07
domain	docs-web.online	—	2022-12-07
domain	document-guard.com	—	2022-12-07
domain	document-sender.com	—	2022-12-07
domain	drive-control.com	—	2022-12-07
domain	drive-defender.com	—	2022-12-07
domain	drive-global-ordnance.com	—	2022-12-07
domain	drive-globalordnance.com	—	2022-12-07
domain	drive-information.com	—	2022-12-07
domain	drive-previewer.com	—	2022-12-07
domain	drive-us.online	—	2022-12-07
domain	dtgruelle-drive.com	—	2022-12-07
domain	dtgruelle-us.com	—	2022-12-07
domain	encompass-drive.com	—	2022-12-07
domain	encompass-shared.com	—	2022-12-07
domain	filter-bot.com	—	2022-12-07
domain	global-ordnance-drive.com	—	2022-12-07
domain	goweb-protect.com	—	2022-12-07
domain	goweb-service.com	—	2022-12-07
domain	guard-checker.com	—	2022-12-07
domain	hd-centre-drive.com	—	2022-12-07
domain	hd-docs-share.com	—	2022-12-07
domain	hypertexttech.com	—	2022-12-07
domain	hypertextttech.com	—	2022-12-07
domain	land-of-service.com	—	2022-12-07
domain	live-identifier.com	—	2022-12-07
domain	mvd-cloud.ru	—	2022-12-07
domain	mvd-redir.ru	—	2022-12-07
domain	network-storage-ltd.com	—	2022-12-07
domain	nonviolent-conflict-service.com	—	2022-12-07
domain	nonviolent-conflict-storage.com	—	2022-12-07
domain	online-word.com	—	2022-12-07
domain	preview-docs.com	—	2022-12-07
domain	preview-docs.online	—	2022-12-07
domain	protectedshields-storage.com	—	2022-12-07
domain	protection-web-app.com	—	2022-12-07
domain	proxycrioisolation.com	—	2022-12-07
domain	redir-document.com	—	2022-12-07
domain	response-collector.com	—	2022-12-07
domain	response-filter.com	—	2022-12-07
domain	response-mvd.ru	—	2022-12-07
domain	response-redir.com	—	2022-12-07
domain	safe-proof.com	—	2022-12-07
domain	sangrail-ltd.com	—	2022-12-07
domain	sangrail-share.com	—	2022-12-07
domain	selector-drafts.online	—	2022-12-07
domain	share-drive-ua.com	—	2022-12-07
domain	soaringeagle-drive.com	—	2022-12-07
domain	storage-service.online	—	2022-12-07
domain	threatcenterofreaserch.com	—	2022-12-07
domain	threatcenterofresearch.com	—	2022-12-07
domain	transfer-dns.com	—	2022-12-07
domain	transfer-record.com	—	2022-12-07
domain	umo-drive.com	—	2022-12-07
domain	umopl-drive.com	—	2022-12-07
domain	umopl.com	—	2022-12-07
domain	webview-service.com	—	2022-12-07

References (1)

↗ https://blog.sekoia.io/calisto-show-interests-into-entities-involved-in-ukraine-war-support/