← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
LitterDrifter: A New USB Propagating Worm from Gamaredon
WHITE Gamaredon cryptocti 2023-11-19 Modified: 2023-12-19
80
IOCs
HIGH VOLUME
Russian state-sponsored hackers are using a USB worm to spread sensitive information to targets in Ukraine, according to security firm Check Point. and a series of reports from around the world, including one from Ukraine.
cyber security newscyber newscyber security news todaycyber security updatescyber updateshacker newshacking newssoftware vulnerabilitycyber attacksdata breachransomware malwarehow to hacknetwork securityinformation securitythe hacker newscomputer securitylitterdrifterukrainegamaredoncheck pointncscccertuaremcos ratserviceusb propagatingaqua blizzardjunefebruarytwitterremcosip addressc2 moduledeobfuscoderspreader modulewmi queryc2 channelspreader
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
LitterDrifter Remcos Deobfuscoder Spreader
Indicators of Compromise (80)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
CVE CVE-2023-38831 2023-11-19
FileHash-MD5 1c49d04fc0eb8c9de9f2f6d661826d24 2023-11-19
FileHash-MD5 2239800bfc8fdfddf78229f2eb8a7b95 2023-11-19
FileHash-MD5 49d1f9ce1d0f6dfa94ad9b0548384b3a 2023-11-19
FileHash-MD5 4c2431e5f868228c1f286fca1033d221 2023-11-19
FileHash-MD5 579f1883cdfd8534167e773341e27990 2023-11-19
FileHash-MD5 8096dfaa954113242011e0d7aaaebffd 2023-11-19
FileHash-MD5 86d28664fc7332eafb788a44ac82a5ed 2023-11-19
FileHash-MD5 9d9851d672293dfd8354081fd0263c13 2023-11-19
FileHash-MD5 cbeaedfa84b02a2bd41a70fa92a46c36 2023-11-19
FileHash-MD5 cdae1c55ec154cd6cef4954519564c01 2023-11-19
FileHash-SHA1 07280b08c53885cd33b4f0bdf6784242babe64fe SHA1 of 49d1f9ce1d0f6dfa94ad9b0548384b3a 2023-11-19
FileHash-SHA1 0a5f9007bc3ea7ece981a26726eefa4fbf4a39d1 SHA1 of 86d28664fc7332eafb788a44ac82a5ed 2023-11-19
FileHash-SHA1 39c25d1dd04a5503fd8c4a8203d9221fca387124 SHA1 of cbeaedfa84b02a2bd41a70fa92a46c36 2023-11-19
FileHash-SHA1 4c6fba17cbe9c9ba4d2820159446f6a5f4af2130 SHA1 of 4c2431e5f868228c1f286fca1033d221 2023-11-19
FileHash-SHA1 9f1ad0df8ebe5f397f9ebacb392af4da3e023cea SHA1 of 9d9851d672293dfd8354081fd0263c13 2023-11-19
FileHash-SHA1 b0398a6e41cbf05acdd7ace05ab6a823fbe80eb8 SHA1 of 579f1883cdfd8534167e773341e27990 2023-11-19
FileHash-SHA1 b96ab51e8c7810c150fcc68eb6711b1f79678d46 SHA1 of cdae1c55ec154cd6cef4954519564c01 2023-11-19
FileHash-SHA1 d07ca2500a5ff834bce1ac0fe99fbf20a3615cf3 SHA1 of 2239800bfc8fdfddf78229f2eb8a7b95 2023-11-19
FileHash-SHA1 fa7a9c86744c233efa9289e919ec1ebb66e1ee84 SHA1 of 8096dfaa954113242011e0d7aaaebffd 2023-11-19
FileHash-SHA1 ff5ac794e1bf88bae9facd903f9f0d7c71d3a213 SHA1 of 1c49d04fc0eb8c9de9f2f6d661826d24 2023-11-19
FileHash-SHA256 0afc3ea3b44cd706064b8f16111c7cd9ed26a3037c32d5d4a028e8115022ec62 SHA256 of 2239800bfc8fdfddf78229f2eb8a7b95 2023-11-19
FileHash-SHA256 1f9ca09a38fc04d4335decd496ebbf3eaaff5b988950509d498863e6f0e33ea1 SHA256 of 579f1883cdfd8534167e773341e27990 2023-11-19
FileHash-SHA256 35fa55d2ff474823944ab67941256ff5c50dfb90bc01bab03307acc40a1c49eb SHA256 of 86d28664fc7332eafb788a44ac82a5ed 2023-11-19
FileHash-SHA256 3847eec2194dff08e78cb53f4f82e21279f2404e75141a6c49587174ed778e0c SHA256 of 4c2431e5f868228c1f286fca1033d221 2023-11-19
FileHash-SHA256 3d7bdd9de01215c4b94db5775ce33ee065ede42d766e91fd71de2d9e838b1bca SHA256 of 1c49d04fc0eb8c9de9f2f6d661826d24 2023-11-19
FileHash-SHA256 460722fa203c44c22763d3e0584a069bd8869c1d64d5088de9991e6d691dc3f9 SHA256 of cdae1c55ec154cd6cef4954519564c01 2023-11-19
FileHash-SHA256 50f5e8f673915508d2add406f1c72de5112a01a1b3fdd41b314029c796a7d754 SHA256 of 8096dfaa954113242011e0d7aaaebffd 2023-11-19
FileHash-SHA256 775aee4485146790107a435fdb548f397ddb5fa31bc72a20e67e0d8973103855 SHA256 of 9d9851d672293dfd8354081fd0263c13 2023-11-19
FileHash-SHA256 81f7360302e4dcc3e315ac51b0ab1945004809cad1e622ad7a7452889dad3bd7 SHA256 of cbeaedfa84b02a2bd41a70fa92a46c36 2023-11-19
FileHash-SHA256 dcfa6e2ee9d3abad0db0e3091e547e3e6f14392878ab743f1710fa880ea23385 SHA256 of 49d1f9ce1d0f6dfa94ad9b0548384b3a 2023-11-19
domain absorbeni.ru 2023-11-19
domain acaenaso.ru 2023-11-19
domain aethionemaso.ru 2023-11-19
domain ahmozpi.ru 2023-11-19
domain andamanos.ru 2023-11-19
domain arabianos.ru 2023-11-19
domain atonpi.ru 2023-11-19
domain aychobanpo.ru 2023-11-19
domain ayzakpo.ru 2023-11-19
domain badrupi.ru 2023-11-19
domain barakapi.ru 2023-11-19
domain boskatrem.ru 2023-11-19
domain brudimar.ru 2023-11-19
domain credomched.ru 2023-11-19
domain crisiumbi.ru 2023-11-19
domain dakareypa.ru 2023-11-19
domain decorous.ru 2023-11-19
domain dumerilipi.ru 2023-11-19
domain gayado.ru 2023-11-19
domain geminiso.ru 2023-11-19
domain heartbreaking.ru 2023-11-19
domain hoanzo.ru 2023-11-19
domain judicious.ru 2023-11-19
domain karoanpa.ru 2023-11-19
domain lamentable.ru 2023-11-19
domain lestemps.ru 2023-11-19
domain nahtizi.ru 2023-11-19
domain nebtoizi.ru 2023-11-19
domain nubiumbi.ru 2023-11-19
domain ozaharso.ru 2023-11-19
domain procellarumbi.ru 2023-11-19
domain quyenzo.ru 2023-11-19
domain ragibpo.ru 2023-11-19
domain raidla.ru 2023-11-19
domain ramizla.ru 2023-11-19
domain sabirpo.ru 2023-11-19
domain samiseto.ru 2023-11-19
domain squeamish.ru 2023-11-19
domain suizibel.ru 2023-11-19
domain superficial.ru 2023-11-19
domain talehgi.ru 2023-11-19
domain triticumos.ru 2023-11-19
domain undesirable.ru 2023-11-19
domain urdevont.ru 2023-11-19
domain valefgo.ru 2023-11-19
domain vasifgo.ru 2023-11-19
domain vilaverde.ru 2023-11-19
domain vloperang.ru 2023-11-19
domain zerodems.ru 2023-11-19
References (2)
↗ https://thehackernews.com/2023/11/russian-cyber-espionage-group-deploys.html ↗ https://research.checkpoint.com/2023/malware-spotlight-into-the-trash-analyzing-litterdrifter/