← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
LitterDrifter: A New USB Propagating Worm from Gamaredon
WHITE Gamaredon cryptocti 2023-11-19 Modified: 2023-12-19
80
IOCs
HIGH VOLUME
Russian state-sponsored hackers are using a USB worm to spread sensitive information to targets in Ukraine, according to security firm Check Point. and a series of reports from around the world, including one from Ukraine.
cyber security newscyber newscyber security news todaycyber security updatescyber updateshacker newshacking newssoftware vulnerabilitycyber attacksdata breachransomware malwarehow to hacknetwork securityinformation securitythe hacker newscomputer securitylitterdrifterukrainegamaredoncheck pointncscccertuaremcos ratserviceusb propagatingaqua blizzardjunefebruarytwitterremcosip addressc2 moduledeobfuscoderspreader modulewmi queryc2 channelspreader
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
LitterDrifter Remcos Deobfuscoder Spreader
Indicators of Compromise (10 / 80 total)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 1c49d04fc0eb8c9de9f2f6d661826d24 2023-11-19
FileHash-MD5 2239800bfc8fdfddf78229f2eb8a7b95 2023-11-19
FileHash-MD5 49d1f9ce1d0f6dfa94ad9b0548384b3a 2023-11-19
FileHash-MD5 4c2431e5f868228c1f286fca1033d221 2023-11-19
FileHash-MD5 579f1883cdfd8534167e773341e27990 2023-11-19
FileHash-MD5 8096dfaa954113242011e0d7aaaebffd 2023-11-19
FileHash-MD5 86d28664fc7332eafb788a44ac82a5ed 2023-11-19
FileHash-MD5 9d9851d672293dfd8354081fd0263c13 2023-11-19
FileHash-MD5 cbeaedfa84b02a2bd41a70fa92a46c36 2023-11-19
FileHash-MD5 cdae1c55ec154cd6cef4954519564c01 2023-11-19
References (2)
↗ https://thehackernews.com/2023/11/russian-cyber-espionage-group-deploys.html ↗ https://research.checkpoint.com/2023/malware-spotlight-into-the-trash-analyzing-litterdrifter/