Pulse Detail — Threat Intelligence

PULSE NAME

Shuckworm Targets Foreign Military Mission Based in Ukraine

WHITE Shuckworm Tr1sa111 2025-04-14 Modified: 2025-05-10

IOCs

MEDIUM VOLUME

↓ CSV ↓ JSON

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1091 T1054 T1547

MALWARE FAMILIES

GammaSteel

Indicators of Compromise (48)

All FileHash-SHA256 URL hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-SHA256	714aeb3d778bbd03d0c9eaa827ae8c91199ef07d916405b7f4acd470f9a2a437	—	2025-04-14
URL	http://64.23.190.235/getinfo.php.	—	2025-04-14
URL	https://85.92.111.12	—	2025-04-14
URL	https://areas-apps-civic-loving.trycloudflare.com	—	2025-04-14
URL	https://des-cinema-democrat-san.trycloudflare.com/server	—	2025-04-14
URL	https://nav-ni-furnished-handy.trycloudflare.com	—	2025-04-14
URL	https://surfing-programmer-morris-mortality.trycloudflare.com	—	2025-04-14
hostname	abraham-lc-happened-ericsson.trycloudflare.com	—	2025-04-14
hostname	acquisition-gray-advertisements-trained.trycloudflare.com	—	2025-04-14
hostname	affects-periodic-explorer-broadband.trycloudflare.com	—	2025-04-14
hostname	areas-apps-civic-loving.trycloudflare.com	—	2025-04-14
hostname	argentina-references-rapid-selecting.trycloudflare.com	—	2025-04-14
hostname	belongs-tells-sum-harvest.trycloudflare.com	—	2025-04-14
hostname	beverly-cups-soft-concentrate.trycloudflare.com	—	2025-04-14
hostname	boxes-harvest-cameroon-uniform.trycloudflare.com	—	2025-04-14
hostname	cables-tension-bronze-hans.trycloudflare.com	—	2025-04-14
hostname	convergence-suffering-reel-ingredients.trycloudflare.com	—	2025-04-14
hostname	criterion-receipt-proceeds-fate.trycloudflare.com	—	2025-04-14
hostname	der-grande-transmitted-benchmark.trycloudflare.com	—	2025-04-14
hostname	des-cinema-democrat-san.trycloudflare.com	—	2025-04-14
hostname	detector-excluded-knowledgestorm-two.trycloudflare.com	—	2025-04-14
hostname	distributors-marble-saddam-much.trycloudflare.com	—	2025-04-14
hostname	eddie-lewis-exercises-conventions.trycloudflare.com	—	2025-04-14
hostname	farming-alternatively-velvet-warming.trycloudflare.com	—	2025-04-14
hostname	fee-ss-launch-remedies.trycloudflare.com	—	2025-04-14
hostname	ff-susan-config-mod.trycloudflare.com	—	2025-04-14
hostname	hints-heated-terrain-poem.trycloudflare.com	—	2025-04-14
hostname	jet-therapy-cape-correctly.trycloudflare.com	—	2025-04-14
hostname	jon-shopzilla-canada-analytical.trycloudflare.com	—	2025-04-14
hostname	missouri-itunes-recognize-adds.trycloudflare.com	—	2025-04-14
hostname	nail-employed-icon-pre.trycloudflare.com	—	2025-04-14
hostname	nav-ni-furnished-handy.trycloudflare.com	—	2025-04-14
hostname	obj-sudan-quote-aw.trycloudflare.com	—	2025-04-14
hostname	over-function-foo-school.trycloudflare.com	—	2025-04-14
hostname	pays-habitat-florists-virtually.trycloudflare.com	—	2025-04-14
hostname	pdt-throwing-pod-places.trycloudflare.com	—	2025-04-14
hostname	phpbb-zealand-hop-magnetic.trycloudflare.com	—	2025-04-14
hostname	position.crudoes.ru	—	2025-04-14
hostname	presents-turner-cir-hollow.trycloudflare.com	—	2025-04-14
hostname	promptly-allows-pendant-close.trycloudflare.com	—	2025-04-14
hostname	reflection-tomorrow-brook-dakota.trycloudflare.com	—	2025-04-14
hostname	representatives-liable-sight-tigers.trycloudflare.com	—	2025-04-14
hostname	score-adams-coastal-moreover.trycloudflare.com	—	2025-04-14
hostname	sick-netherlands-alumni-electric.trycloudflare.com	—	2025-04-14
hostname	sleep.crudoes.ru	—	2025-04-14
hostname	surfing-programmer-morris-mortality.trycloudflare.com	—	2025-04-14
hostname	terry-training-springer-engagement.trycloudflare.com	—	2025-04-14
hostname	www.phlovel.ru	—	2025-04-14

References (1)

↗ https://www.security.com/threat-intelligence/shuckworm-ukraine-gammasteel