Pulse Detail — Threat Intelligence

PULSE NAME

LitterDrifter - A New USB Propagating Worm from Gamaredon

WHITE cryptocti 2023-11-18 Modified: 2023-12-18

129

IOCs

HIGH VOLUME

litterdrifter gamaredon ip address c2 module deobfuscoder spreader module wmi query check point ukraine c2 channel service

Indicators of Compromise (129)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain email hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	1536ec56d69cc7e9aebb8fbd0d3277c4	—	2023-11-18
FileHash-MD5	1c49d04fc0eb8c9de9f2f6d661826d24	—	2023-11-18
FileHash-MD5	1da0bf901ae15a9a8aef89243516c818	—	2023-11-18
FileHash-MD5	2239800bfc8fdfddf78229f2eb8a7b95	—	2023-11-18
FileHash-MD5	24a6ddba4e8a55e330a1224f5c46080d	—	2023-11-18
FileHash-MD5	2996a70d09fff69f209051ce75a9b4f8	—	2023-11-18
FileHash-MD5	42bc36d5debc21dff3559870ff300c4e	—	2023-11-18
FileHash-MD5	495b118d11ceae029d186ffdbb157614	—	2023-11-18
FileHash-MD5	49d1f9ce1d0f6dfa94ad9b0548384b3a	—	2023-11-18
FileHash-MD5	4c2431e5f868228c1f286fca1033d221	—	2023-11-18
FileHash-MD5	579f1883cdfd8534167e773341e27990	—	2023-11-18
FileHash-MD5	6349dd85d9549f333117a84946972d06	—	2023-11-18
FileHash-MD5	769f464fa505add7a477ad95407afec3	—	2023-11-18
FileHash-MD5	78850bbef776551ca830317fb244b086	—	2023-11-18
FileHash-MD5	7e16efc0ae8da69273621889fadeefd8	—	2023-11-18
FileHash-MD5	8096dfaa954113242011e0d7aaaebffd	—	2023-11-18
FileHash-MD5	83500309a878370722bc40c7b83e83e3	—	2023-11-18
FileHash-MD5	86d28664fc7332eafb788a44ac82a5ed	—	2023-11-18
FileHash-MD5	88aba3f2d526b0ba3db9bc3dfee7db39	—	2023-11-18
FileHash-MD5	96db6240acb1a3fca8add7c4f9472aa5	—	2023-11-18
FileHash-MD5	9d9851d672293dfd8354081fd0263c13	—	2023-11-18
FileHash-MD5	bbb464b327ad259ad5de7ce3e85a4081	—	2023-11-18
FileHash-MD5	cbeaedfa84b02a2bd41a70fa92a46c36	—	2023-11-18
FileHash-MD5	cdae1c55ec154cd6cef4954519564c01	—	2023-11-18
FileHash-MD5	e8a348fd628fc485fa30cca106958f78	—	2023-11-18
FileHash-MD5	ecf55f471a5fda7ffc89b4018f2f5edc	—	2023-11-18
FileHash-SHA1	0464c64f0665542b0c6a5684701da8a8e5c97603	SHA1 of 42bc36d5debc21dff3559870ff300c4e	2023-11-18
FileHash-SHA1	07280b08c53885cd33b4f0bdf6784242babe64fe	SHA1 of 49d1f9ce1d0f6dfa94ad9b0548384b3a	2023-11-18
FileHash-SHA1	0a5f9007bc3ea7ece981a26726eefa4fbf4a39d1	SHA1 of 86d28664fc7332eafb788a44ac82a5ed	2023-11-18
FileHash-SHA1	1c88b202bc5611b41fb019e1c8441197d47f0514	SHA1 of 88aba3f2d526b0ba3db9bc3dfee7db39	2023-11-18
FileHash-SHA1	2ed0a276e84bec5707f03ac1383b4ee00a50019c	SHA1 of 495b118d11ceae029d186ffdbb157614	2023-11-18
FileHash-SHA1	39c25d1dd04a5503fd8c4a8203d9221fca387124	SHA1 of cbeaedfa84b02a2bd41a70fa92a46c36	2023-11-18
FileHash-SHA1	3ec2a76dad86d1bef1f0b56d57754deb896448bb	SHA1 of 83500309a878370722bc40c7b83e83e3	2023-11-18
FileHash-SHA1	4c6fba17cbe9c9ba4d2820159446f6a5f4af2130	SHA1 of 4c2431e5f868228c1f286fca1033d221	2023-11-18
FileHash-SHA1	7c14636d49d8c33e34f911080e509f0ba6d0d806	SHA1 of 96db6240acb1a3fca8add7c4f9472aa5	2023-11-18
FileHash-SHA1	9f1ad0df8ebe5f397f9ebacb392af4da3e023cea	SHA1 of 9d9851d672293dfd8354081fd0263c13	2023-11-18
FileHash-SHA1	a8d029daa23810f072e70633eedc14a449457b17	SHA1 of 1da0bf901ae15a9a8aef89243516c818	2023-11-18
FileHash-SHA1	ab1715ff015a074ca20db26773ba6e57287b17a3	SHA1 of bbb464b327ad259ad5de7ce3e85a4081	2023-11-18
FileHash-SHA1	b0398a6e41cbf05acdd7ace05ab6a823fbe80eb8	SHA1 of 579f1883cdfd8534167e773341e27990	2023-11-18
FileHash-SHA1	b96ab51e8c7810c150fcc68eb6711b1f79678d46	SHA1 of cdae1c55ec154cd6cef4954519564c01	2023-11-18
FileHash-SHA1	d07ca2500a5ff834bce1ac0fe99fbf20a3615cf3	SHA1 of 2239800bfc8fdfddf78229f2eb8a7b95	2023-11-18
FileHash-SHA1	dde025472535b16f153899786d7f63fbe748ca43	SHA1 of 1536ec56d69cc7e9aebb8fbd0d3277c4	2023-11-18
FileHash-SHA1	e1e46550f77b4cc2560668865d68169f5a641601	SHA1 of 6349dd85d9549f333117a84946972d06	2023-11-18
FileHash-SHA1	f90fc607e2423483fea6a5b255d896f3b1f447e4	SHA1 of 2996a70d09fff69f209051ce75a9b4f8	2023-11-18
FileHash-SHA1	fa7a9c86744c233efa9289e919ec1ebb66e1ee84	SHA1 of 8096dfaa954113242011e0d7aaaebffd	2023-11-18
FileHash-SHA1	ff5ac794e1bf88bae9facd903f9f0d7c71d3a213	SHA1 of 1c49d04fc0eb8c9de9f2f6d661826d24	2023-11-18
FileHash-SHA256	04d09ab77533339a066c2e5f3edd52a698d917acc6bd9b6e5427763bbeb5fa05	SHA256 of 1536ec56d69cc7e9aebb8fbd0d3277c4	2023-11-18
FileHash-SHA256	06cc87d4ccfa98fb2815c39fdf6faf03d781469b281e5567fd790b680861c8b2	—	2023-11-18
FileHash-SHA256	0afc3ea3b44cd706064b8f16111c7cd9ed26a3037c32d5d4a028e8115022ec62	SHA256 of 2239800bfc8fdfddf78229f2eb8a7b95	2023-11-18
FileHash-SHA256	1c4a509e0115d4065be82ea37dfe260bc7a7297c4973cc988d4d9a46438edca1	SHA256 of 96db6240acb1a3fca8add7c4f9472aa5	2023-11-18
FileHash-SHA256	1f9ca09a38fc04d4335decd496ebbf3eaaff5b988950509d498863e6f0e33ea1	SHA256 of 579f1883cdfd8534167e773341e27990	2023-11-18
FileHash-SHA256	2ce640749819e27d457827eede4d14abbf65981cd716ef25d9489b7eeba314d2	—	2023-11-18
FileHash-SHA256	35fa55d2ff474823944ab67941256ff5c50dfb90bc01bab03307acc40a1c49eb	SHA256 of 86d28664fc7332eafb788a44ac82a5ed	2023-11-18
FileHash-SHA256	3847eec2194dff08e78cb53f4f82e21279f2404e75141a6c49587174ed778e0c	SHA256 of 4c2431e5f868228c1f286fca1033d221	2023-11-18
FileHash-SHA256	3cfb6514e51f40a4c325e04a35c174af4dab95167019e6aa36a2c422e35d7b72	SHA256 of 6349dd85d9549f333117a84946972d06	2023-11-18
FileHash-SHA256	3d7bdd9de01215c4b94db5775ce33ee065ede42d766e91fd71de2d9e838b1bca	SHA256 of 1c49d04fc0eb8c9de9f2f6d661826d24	2023-11-18
FileHash-SHA256	3e446429af9c953c69f13697d3ab6af47eab1331faa9c4abc32d01f9695199ad	SHA256 of 1da0bf901ae15a9a8aef89243516c818	2023-11-18
FileHash-SHA256	460722fa203c44c22763d3e0584a069bd8869c1d64d5088de9991e6d691dc3f9	SHA256 of cdae1c55ec154cd6cef4954519564c01	2023-11-18
FileHash-SHA256	4bd8ec1e82fdea9d8d24f1e7a133d409aa941e13fcc7b6ce1889bed3b7a0afbc	—	2023-11-18
FileHash-SHA256	50f5e8f673915508d2add406f1c72de5112a01a1b3fdd41b314029c796a7d754	SHA256 of 8096dfaa954113242011e0d7aaaebffd	2023-11-18
FileHash-SHA256	5d6bfb8fd1102273ef489060219293f8da796d07e8b2872efbda55050512b71f	—	2023-11-18
FileHash-SHA256	668ef6c539a86d33a2ffbf8f1e0fa5397afe1d2aabbfa366d518c0f118b0f192	SHA256 of 83500309a878370722bc40c7b83e83e3	2023-11-18
FileHash-SHA256	6a6f71cf5cfeb8698987aa3e826b19ef05be3f0112c46d79b366feb914340335	—	2023-11-18
FileHash-SHA256	75af5df8c980b8d72aab973933ed70eccdce1615bddd9529b2c15464eb5a453a	SHA256 of bbb464b327ad259ad5de7ce3e85a4081	2023-11-18
FileHash-SHA256	770e54488ef69cd5d02ff481cacbede1dff0fad5a1665f7c5e3dbd550a4489ce	SHA256 of 2996a70d09fff69f209051ce75a9b4f8	2023-11-18
FileHash-SHA256	775aee4485146790107a435fdb548f397ddb5fa31bc72a20e67e0d8973103855	SHA256 of 9d9851d672293dfd8354081fd0263c13	2023-11-18
FileHash-SHA256	81f7360302e4dcc3e315ac51b0ab1945004809cad1e622ad7a7452889dad3bd7	SHA256 of cbeaedfa84b02a2bd41a70fa92a46c36	2023-11-18
FileHash-SHA256	8eeea77585849de67402bbaffc5f7a66f9e027c700ec7d258d1cfbff5d7a2a1a	SHA256 of 495b118d11ceae029d186ffdbb157614	2023-11-18
FileHash-SHA256	a470c7e184f7277f00a4c6e523f57e0786c1c0c73688f7a0ab8e9e10fdb00742	—	2023-11-18
FileHash-SHA256	a4d5382438138f679073396bca73dc4f6bc39420966944f4fea8a9ab4087d004	—	2023-11-18
FileHash-SHA256	ca363d5155e40b0d4ff5ebed7d267273cda4a20bfcdab95e6c18a39a33afc5b8	SHA256 of 88aba3f2d526b0ba3db9bc3dfee7db39	2023-11-18
FileHash-SHA256	dcfa6e2ee9d3abad0db0e3091e547e3e6f14392878ab743f1710fa880ea23385	SHA256 of 49d1f9ce1d0f6dfa94ad9b0548384b3a	2023-11-18
FileHash-SHA256	eec902a61886198a8e48ac862fabeecd628f2fa4122b78a0d7d6ee5c256ae724	—	2023-11-18
FileHash-SHA256	f4a7d9cdff19143a60cf4799d1b606b0d9ce64baacbd67fb1822e407bd1ea4d4	SHA256 of 42bc36d5debc21dff3559870ff300c4e	2023-11-18
FileHash-SHA256	f78ee3005ca9f0e78a9dd136fc69afe7c06d69d1fc6218bc9e7eb3adec045977	—	2023-11-18
domain	absorbeni.ru	—	2023-11-18
domain	acaenaso.ru	—	2023-11-18
domain	aethionemaso.ru	—	2023-11-18
domain	ahmozpi.ru	—	2023-11-18
domain	andamanos.ru	—	2023-11-18
domain	arabianos.ru	—	2023-11-18
domain	atonpi.ru	—	2023-11-18
domain	aychobanpo.ru	—	2023-11-18
domain	ayzakpo.ru	—	2023-11-18
domain	badrupi.ru	—	2023-11-18
domain	barakapi.ru	—	2023-11-18
domain	boskatrem.ru	—	2023-11-18
domain	brudimar.ru	—	2023-11-18
domain	credomched.ru	—	2023-11-18
domain	crisiumbi.ru	—	2023-11-18
domain	dakareypa.ru	—	2023-11-18
domain	davincigroup.online	—	2023-11-18
domain	decorous.ru	—	2023-11-18
domain	dumerilipi.ru	—	2023-11-18
domain	gayado.ru	—	2023-11-18
domain	geminiso.ru	—	2023-11-18
domain	groupdavinci.online	—	2023-11-18
domain	heartbreaking.ru	—	2023-11-18
domain	hoanzo.ru	—	2023-11-18
domain	judicious.ru	—	2023-11-18
domain	karoanpa.ru	—	2023-11-18
domain	lamentable.ru	—	2023-11-18
domain	lestemps.ru	—	2023-11-18
domain	nahtizi.ru	—	2023-11-18
domain	nebtoizi.ru	—	2023-11-18
domain	nubiumbi.ru	—	2023-11-18
domain	ozaharso.ru	—	2023-11-18
domain	procellarumbi.ru	—	2023-11-18
domain	quyenzo.ru	—	2023-11-18
domain	ragibpo.ru	—	2023-11-18
domain	raidla.ru	—	2023-11-18
domain	ramizla.ru	—	2023-11-18
domain	sabirpo.ru	—	2023-11-18
domain	samiseto.ru	—	2023-11-18
domain	squeamish.ru	—	2023-11-18
domain	suizibel.ru	—	2023-11-18
domain	superficial.ru	—	2023-11-18
domain	talehgi.ru	—	2023-11-18
domain	triticumos.ru	—	2023-11-18
domain	undesirable.ru	—	2023-11-18
domain	urdevont.ru	—	2023-11-18
domain	valefgo.ru	—	2023-11-18
domain	vasifgo.ru	—	2023-11-18
domain	vilaverde.ru	—	2023-11-18
domain	vloperang.ru	—	2023-11-18
domain	zerodems.ru	—	2023-11-18
email	info@davincigroup.online	—	2023-11-18
hostname	d287-206-123-149-139.ngrok-free.app	—	2023-11-18
email	a.menmedov@outlook.com	—	2023-11-18

References (1)

↗ November 18th, 2023 - CryptoGen Cyber Threat Intelligence Advisory #3600 - LitterDrifter - A New USB Propagating Worm from Gamaredon.pdf