← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Secret Message: Steganography Tricks of TA558 Group in Cyber Attacks on Enterprises in Russia and Belarus
WHITE TA558 Tr1sa111 2025-01-16 Modified: 2025-01-16
108
IOCs
HIGH VOLUME
cve-2017-11882remcosagent teslamalwarephishingrussiasteganographybelarussocial engineering
MITRE ATT&CK & Malware Families
MALWARE FAMILIES
Agent Tesla - S0331 Remcos
Indicators of Compromise (17 / 108 total)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain email hostname
TYPEINDICATORDESCRIPTIONCREATED
URL http://139.144.212.135/222/GST.xn--txt-to0a 2025-01-16
URL http://139.144.212.135/sbi/microsoftupdationgoingformicrftofficeupgradingtonewmsofficeprotoecoltoreducethesystemwrking.doc. 2025-01-16
URL http://en0.de/serverrrrr 2025-01-16
URL http://isols.co/zXTgU 2025-01-16
URL http://l-to.com/ru7285wa 2025-01-16
URL http://qr-in.com/HDYwZbx 2025-01-16
URL http://shtu.be/e79171 2025-01-16
URL http://tau.id/0vzd8 2025-01-16
URL http://tau.id/34x8c 2025-01-16
URL http://tau.id/c9izr 2025-01-16
URL http://tau.id/y3kre 2025-01-16
URL http://tau.id/ze87s 2025-01-16
URL http://tt.vg/IsjCX 2025-01-16
URL http://tt.vg/PqPsi 2025-01-16
URL https://cyble.com/blog/threat-actor-employs-powershell-backed-steganography-in-recent-spam-campaigns/ 2025-01-16
URL https://www.autosmtp.com 2025-01-16
URL https://www.metabaseq.com/ta588/ 2025-01-16
References (1)
↗ https://www.facct.ru/blog/ta558/