← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Malware Spotlight - Into the Trash: Analyzing LitterDrifter
WHITE Gamaredon AlienVault 2023-11-17 Modified: 2023-11-17
69
IOCs
HIGH VOLUME
The LitterDrifter worm is written in VBS and has two main functionalities: automatic spreading over USB drives, and communication with a broad, flexible set of command-and-control servers. These features are implemented in a manner that aligns with the group’s goals, effectively maintaining a persistent command and control (C2) channel across a wide array of targets. LitterDrifter seems to be an evolution of a previously reported activity tying Gamaredon group to a propagating USB Powershell worm.
litterdriftergamaredonwmi queryspreaderdeobfuscodergeopolitical conflict
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Deobfuscoder LitterDrifter
Indicators of Compromise (69)
All FileHash-MD5 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 1c49d04fc0eb8c9de9f2f6d661826d24 2023-11-17
FileHash-MD5 2239800bfc8fdfddf78229f2eb8a7b95 2023-11-17
FileHash-MD5 49d1f9ce1d0f6dfa94ad9b0548384b3a 2023-11-17
FileHash-MD5 4c2431e5f868228c1f286fca1033d221 2023-11-17
FileHash-MD5 579f1883cdfd8534167e773341e27990 2023-11-17
FileHash-MD5 8096dfaa954113242011e0d7aaaebffd 2023-11-17
FileHash-MD5 86d28664fc7332eafb788a44ac82a5ed 2023-11-17
FileHash-MD5 9d9851d672293dfd8354081fd0263c13 2023-11-17
FileHash-MD5 cbeaedfa84b02a2bd41a70fa92a46c36 2023-11-17
FileHash-MD5 cdae1c55ec154cd6cef4954519564c01 2023-11-17
domain absorbeni.ru 2023-11-17
domain acaenaso.ru 2023-11-17
domain aethionemaso.ru 2023-11-17
domain ahmozpi.ru 2023-11-17
domain andamanos.ru 2023-11-17
domain arabianos.ru 2023-11-17
domain atonpi.ru 2023-11-17
domain aychobanpo.ru 2023-11-17
domain ayzakpo.ru 2023-11-17
domain badrupi.ru 2023-11-17
domain barakapi.ru 2023-11-17
domain boskatrem.ru 2023-11-17
domain brudimar.ru 2023-11-17
domain credomched.ru 2023-11-17
domain crisiumbi.ru 2023-11-17
domain dakareypa.ru 2023-11-17
domain decorous.ru 2023-11-17
domain dumerilipi.ru 2023-11-17
domain gayado.ru 2023-11-17
domain geminiso.ru 2023-11-17
domain heartbreaking.ru 2023-11-17
domain hoanzo.ru 2023-11-17
domain judicious.ru 2023-11-17
domain karoanpa.ru 2023-11-17
domain lamentable.ru 2023-11-17
domain lestemps.ru 2023-11-17
domain nahtizi.ru 2023-11-17
domain nebtoizi.ru 2023-11-17
domain nubiumbi.ru 2023-11-17
domain ozaharso.ru 2023-11-17
domain procellarumbi.ru 2023-11-17
domain quyenzo.ru 2023-11-17
domain ragibpo.ru 2023-11-17
domain raidla.ru 2023-11-17
domain ramizla.ru 2023-11-17
domain sabirpo.ru 2023-11-17
domain samiseto.ru 2023-11-17
domain squeamish.ru 2023-11-17
domain suizibel.ru 2023-11-17
domain superficial.ru 2023-11-17
domain talehgi.ru 2023-11-17
domain triticumos.ru 2023-11-17
domain undesirable.ru 2023-11-17
domain urdevont.ru 2023-11-17
domain valefgo.ru 2023-11-17
domain vasifgo.ru 2023-11-17
domain vilaverde.ru 2023-11-17
domain vloperang.ru 2023-11-17
domain zerodems.ru 2023-11-17
FileHash-MD5 1536ec56d69cc7e9aebb8fbd0d3277c4 2023-11-17
FileHash-MD5 1da0bf901ae15a9a8aef89243516c818 2023-11-17
FileHash-MD5 2996a70d09fff69f209051ce75a9b4f8 2023-11-17
FileHash-MD5 42bc36d5debc21dff3559870ff300c4e 2023-11-17
FileHash-MD5 495b118d11ceae029d186ffdbb157614 2023-11-17
FileHash-MD5 6349dd85d9549f333117a84946972d06 2023-11-17
FileHash-MD5 83500309a878370722bc40c7b83e83e3 2023-11-17
FileHash-MD5 88aba3f2d526b0ba3db9bc3dfee7db39 2023-11-17
FileHash-MD5 96db6240acb1a3fca8add7c4f9472aa5 2023-11-17
FileHash-MD5 bbb464b327ad259ad5de7ce3e85a4081 2023-11-17
References (1)
↗ https://research.checkpoint.com/2023/malware-spotlight-into-the-trash-analyzing-litterdrifter/