← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Russian-Backed Gamaredon's Spyware Variants
WHITE BITSecurity 2023-02-02 Modified: 2023-03-04
173
IOCs
HIGH VOLUME
"UAC-0010 group's ongoing activity is characterized by a multi-step download approach and executing payloads of the spyware used to maintain control over infected hosts," the SCPC said. "For now, the UAC-0010 group uses GammaLoad and GammaSteel spyware in their campaigns." GammaLoad is a VBScript dropper malware engineered to download next-stage VBScript from a remote server. GammaSteel is a PowerShell script that's capable of conducting reconnaissance and executing additional commands. The goal of the attacks is geared more towards espionage and information theft rather than sabotage, the agency noted. The SCPC also emphasized the "insistent" evolution of the group's tactics by redeveloping its malware toolset to stay under the radar, calling Gamaredon a "key cyber threat."
appdatapublicuserprofilegetrandomusernameoutstringnullnol nopxorbytenewobjecttoolsmsctfmonitorpathpowershell
Indicators of Compromise (45 / 173 total)
All FileHash-MD5 FileHash-SHA256 URL domain hostname FileHash-SHA1
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 136bd98383e5b3e06b63f2d7c72a3d4d 2023-02-02
FileHash-MD5 1bba824db40a7ce52313ed76b55ac5fd 2023-02-02
FileHash-MD5 20531cf42e4f44a96c4aeb4cd7e2d70e 2023-02-02
FileHash-MD5 3376d2b5e6f99d68824b93bad33e4884 2023-02-02
FileHash-MD5 396606ccd506b565d8590cae99be4950 2023-02-02
FileHash-MD5 54cfc650263a61a5c372dd8b4fa6e9e5 2023-02-02
FileHash-MD5 66d7796b61ddac70f748cbc1ff26dfef 2023-02-02
FileHash-MD5 6c6fbdd3dcf6919d6d2aff8065892b2c 2023-02-02
FileHash-MD5 7622a8f0bb0b97e17e186758f730af2d 2023-02-02
FileHash-MD5 7d200a3eb82b9b3c60daa0866f9b6db9 2023-02-02
FileHash-MD5 7e5ea867d5f4ed45dd26e304cef98678 2023-02-02
FileHash-MD5 7f0270c87e1d14d95c51cd303dbab195 2023-02-02
FileHash-MD5 82e0e0838c6c8abf103d4e5dab78b703 2023-02-02
FileHash-MD5 83b3fd87ee87be5708326f99d4db3bbd 2023-02-02
FileHash-MD5 859278e356de512859cd5bb94d09e9e4 2023-02-02
FileHash-MD5 897c859e25576146f4e03329f076bd40 2023-02-02
FileHash-MD5 904803767f7d3c8f2f947f40f8ba6272 2023-02-02
FileHash-MD5 94031409d9f552e174dcc66e2b3bd45b 2023-02-02
FileHash-MD5 9428c3fb7d4ae783a348561d5fa7b39e 2023-02-02
FileHash-MD5 949d29f97c11abeab41075bf2a6e9dfd 2023-02-02
FileHash-MD5 9da690670ff22a610f632251538888c4 2023-02-02
FileHash-MD5 9db94f4c9dba8adb2c13f1962c1fcaa6 2023-02-02
FileHash-MD5 a1b63c92db35c90e1058813919446c21 2023-02-02
FileHash-MD5 a34a506a965669daf00075c5a22f7187 2023-02-02
FileHash-MD5 a73326f0373131fdd4814b9fc67c7e34 2023-02-02
FileHash-MD5 afa8f2b0ea413c568549360e8dfebe0a 2023-02-02
FileHash-MD5 b6840f52a5c655d22c70f14333238409 2023-02-02
FileHash-MD5 b8686b1038a1f4c162c1f0454169fec8 2023-02-02
FileHash-MD5 c5ab39da6f015a26edb916a0e37b9d57 2023-02-02
FileHash-MD5 db5606f0010bb7fdc1e10174055b0f93 2023-02-02
FileHash-MD5 dc7266e0eed4a67e1bea6e044c114387 2023-02-02
FileHash-MD5 df887652a92d1103d5131aa68757b2cc 2023-02-02
FileHash-MD5 e45eeb97da3155179fb1c626ae930eda 2023-02-02
FileHash-MD5 ea8c0a9bccd9fd91b78e06a2a58b559b 2023-02-02
FileHash-MD5 f046e20e2429a47194cf7cb76db1dfd2 2023-02-02
FileHash-MD5 ffb49d24a6691bdb3f5f58a632ac4447 2023-02-02
FileHash-MD5 42b6b2533135574ac8a2027df465b295 2023-02-02
FileHash-MD5 4d549fa15eadeefd30f5269a2b3995c4 2023-02-02
FileHash-MD5 4d6eac0b0dd1adc47d81b163d03e5f4b 2023-02-02
FileHash-MD5 6fe2a60e3f4c15c60128562d006696b6 2023-02-02
FileHash-MD5 7ffb80d87ab0fe5e2c7f7338ec22a7b0 2023-02-02
FileHash-MD5 93beb3454664314826a843ae28befe96 2023-02-02
FileHash-MD5 9997462826c26ab82a29e1c0712bbbb5 2023-02-02
FileHash-MD5 a03cb9a28fa5ce72354e1556731a68d4 2023-02-02
FileHash-MD5 ed7bb4cc6dd1079efbe4bc3ceffd4250 2023-02-02
References (2)
↗ https://cert.gov.ua/article/1229152 ↗ https://cert.gov.ua/article/3761023