← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Malware Spotlight - Into the Trash: Analyzing LitterDrifter - Check Point Research
WHITE Gamaredon CyberHunter_NL 2023-11-20 Modified: 2023-12-20
79
IOCs
HIGH VOLUME
The LitterDrifter worm, developed by the Russian espionage group Gamaredon, propagates over USB drives and maintains a broad command and control channel to a wide set of command-and-control servers.
litterdriftergamaredonip addressc2 moduledeobfuscoderspreader modulewmi querycheck pointukrainec2 channelservicespreader
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Deobfuscoder Spreader LitterDrifter
Indicators of Compromise (10 / 79 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 07280b08c53885cd33b4f0bdf6784242babe64fe SHA1 of 49d1f9ce1d0f6dfa94ad9b0548384b3a 2023-11-20
FileHash-SHA1 0a5f9007bc3ea7ece981a26726eefa4fbf4a39d1 SHA1 of 86d28664fc7332eafb788a44ac82a5ed 2023-11-20
FileHash-SHA1 39c25d1dd04a5503fd8c4a8203d9221fca387124 SHA1 of cbeaedfa84b02a2bd41a70fa92a46c36 2023-11-20
FileHash-SHA1 4c6fba17cbe9c9ba4d2820159446f6a5f4af2130 SHA1 of 4c2431e5f868228c1f286fca1033d221 2023-11-20
FileHash-SHA1 9f1ad0df8ebe5f397f9ebacb392af4da3e023cea SHA1 of 9d9851d672293dfd8354081fd0263c13 2023-11-20
FileHash-SHA1 b0398a6e41cbf05acdd7ace05ab6a823fbe80eb8 SHA1 of 579f1883cdfd8534167e773341e27990 2023-11-20
FileHash-SHA1 b96ab51e8c7810c150fcc68eb6711b1f79678d46 SHA1 of cdae1c55ec154cd6cef4954519564c01 2023-11-20
FileHash-SHA1 d07ca2500a5ff834bce1ac0fe99fbf20a3615cf3 SHA1 of 2239800bfc8fdfddf78229f2eb8a7b95 2023-11-20
FileHash-SHA1 fa7a9c86744c233efa9289e919ec1ebb66e1ee84 SHA1 of 8096dfaa954113242011e0d7aaaebffd 2023-11-20
FileHash-SHA1 ff5ac794e1bf88bae9facd903f9f0d7c71d3a213 SHA1 of 1c49d04fc0eb8c9de9f2f6d661826d24 2023-11-20
References (1)
↗ https://research.checkpoint.com/2023/malware-spotlight-into-the-trash-analyzing-litterdrifter/