← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Analysis of the APT-C-53 (Gamaredon) organization's attack operations.
WHITE APT-C-53 PetrP.73 2025-06-05 Modified: 2025-07-05
90
IOCs
HIGH VOLUME
APT-C-53, also known as Gamaredon, is a persistent advanced persistent threat group that has been operational since 2013, primarily targeting government and military sectors to acquire intelligence. Recent activities indicate that Gamaredon is not diminishing despite ongoing disclosures of its methodologies by security vendors; rather, it appears to be escalating its attacks. The group predominantly utilizes malicious VBS scripts characterized by high obfuscation techniques, including code fragmentation and Base64 encoding, to enhance its evasion tactics. A notable aspect of their strategy involves using military-related themes in social engineering attempts, which helps lower the vigilance of potential victims and increases the likelihood of successful malware execution.
publictempappdatawindowsresponbygamaredonwindowsdetectwindowstelegrahttpsaptc53gamaredonocwstwz5hzuforcookie
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (90)
All domain FileHash-MD5 URL hostname
TYPEINDICATORDESCRIPTIONCREATED
domain trycloudflare.com 2025-06-05
FileHash-MD5 60d49d1dce771612aa87b885db493147 2025-06-05
URL http://des-cinema-democrat-san.trycloudflare.com/history 2025-06-05
URL http://mit-walking-endorsed-lc.trycloudflare.com/restringent 2025-06-05
URL https://des-cinema-democrat-san.trycloudflare.com/history 2025-06-05
URL https://des-cinema-democrat-san.trycloudflare.com/history/24-03-2025/index/blocked?=XyZ3Q.html 2025-06-05
URL https://mit-walking-endorsed-lc.trycloudflare.com/restringent 2025-06-05
domain areyouall.ru 2025-06-05
domain estaca.ru 2025-06-05
domain vergadol.ru 2025-06-05
hostname colony-fog-participating-estimates.trycloudflare.com 2025-06-05
hostname des-cinema-democrat-san.trycloudflare.com 2025-06-05
hostname mit-walking-endorsed-lc.trycloudflare.com 2025-06-05
hostname type.estaca.ru 2025-06-05
URL https://vergadol.ru/5/30/2025.id/sausage.Ll2drUH.html 2025-06-05
URL https://vergadol.ru/jS3Z3g2sgRyiUG5xE@.news/base&represent=blocked&hot=execution.id.js 2025-06-05
URL https://des-cinema-democrat-san.trycloudflare.com/server 2025-06-05
hostname back.eraste.com 2025-06-05
hostname dewanodexd.martinstore.my.id 2025-06-05
domain eraste.com 2025-06-05
hostname sshws.timebackup.laju.me 2025-06-05
hostname timebackup.laju.me 2025-06-05
hostname 22setrequestheader.estaca.ru 2025-06-05
hostname 26mid.estaca.ru 2025-06-05
hostname 27redim.estaca.ru 2025-06-05
hostname 31mid.estaca.ru 2025-06-05
hostname 42redim.estaca.ru 2025-06-05
hostname 47redim.estaca.ru 2025-06-05
hostname 54redim.estaca.ru 2025-06-05
hostname 56redim.estaca.ru 2025-06-05
hostname 59getfile.estaca.ru 2025-06-05
hostname 74redim.estaca.ru 2025-06-05
hostname 75then.estaca.ru 2025-06-05
hostname 8getobject.estaca.ru 2025-06-05
hostname 90redim.estaca.ru 2025-06-05
hostname openastextstream.estaca.ru 2025-06-05
URL http://47redim.estaca.ru 2025-06-05
URL http://54redim.estaca.ru 2025-06-05
URL http://54redim.estaca.ru/ 2025-06-05
URL http://74redim.estaca.ru 2025-06-05
URL http://75then.estaca.ru 2025-06-05
URL http://89mid.estaca.ru 2025-06-05
URL http://90redim.estaca.ru 2025-06-05
URL http://openastextstream.estaca.ru 2025-06-05
URL https://27redim.estaca.ru 2025-06-05
URL https://47redim.estaca.ru/ 2025-06-05
URL https://54redim.estaca.ru 2025-06-05
URL https://56redim.estaca.ru 2025-06-05
URL https://56redim.estaca.ru/ 2025-06-05
URL https://59getfile.estaca.ru 2025-06-05
URL https://74redim.estaca.ru 2025-06-05
URL https://89mid.estaca.ru 2025-06-05
URL https://8getobject.estaca.ru 2025-06-05
URL https://90redim.estaca.ru 2025-06-05
URL https://each.estaca.ru/ 2025-06-05
URL https://openastextstream.estaca.ru 2025-06-05
hostname awesome-average-atomic-cloud.trycloudflare.com 2025-06-05
hostname balance-between-hollywood-juice.trycloudflare.com 2025-06-05
hostname denied-reproduce-designed-dedicated.trycloudflare.com 2025-06-05
hostname erik-isa-paradise-sheep.trycloudflare.com 2025-06-05
hostname falling-conflict-bc-trusts.trycloudflare.com 2025-06-05
hostname hamburg-slovenia-sentences-edgar.trycloudflare.com 2025-06-05
hostname monitors-water-coupled-quickly.trycloudflare.com 2025-06-05
hostname norton-died-const-descending.trycloudflare.com 2025-06-05
hostname opened-concepts-chevrolet-accommodate.trycloudflare.com 2025-06-05
hostname sweden-cycling-statewide-spectacular.trycloudflare.com 2025-06-05
hostname talks-odd-fusion-t.trycloudflare.com 2025-06-05
hostname trademark-apple-indoor-enquiries.trycloudflare.com 2025-06-05
URL http://az-equivalent-partner-boot.trycloudflare.com/ 2025-06-05
URL http://bold-accepts-wide-te.trycloudflare.com 2025-06-05
URL http://deaths-fin-choice-reseller.trycloudflare.com/ 2025-06-05
URL http://ep-chose-blanket-cheats.trycloudflare.com/ 2025-06-05
URL http://integration-previous-brilliant-true.trycloudflare.com/ 2025-06-05
URL http://martial-fat-wyoming-um.trycloudflare.com/ 2025-06-05
URL http://mouth-couples-linux-patio.trycloudflare.com/ 2025-06-05
URL http://toy-fixed-nato-were.trycloudflare.com/codes/speckin2/web/captcha.php 2025-06-05
URL https://az-equivalent-partner-boot.trycloudflare.com/ 2025-06-05
URL https://bold-accepts-wide-te.trycloudflare.com 2025-06-05
URL https://charlie-hardwood-courses-warrant.trycloudflare.com/login.html 2025-06-05
URL https://counts-shed-mouth-builds.trycloudflare.com/ 2025-06-05
URL https://deluxe-sku-san-lm.trycloudflare.com/ 2025-06-05
URL https://dig-gratuit-shift-recognize.trycloudflare.com/ 2025-06-05
URL https://excited-polyphonic-towers-sentence.trycloudflare.com/ 2025-06-05
URL https://italy-behavior-malaysia-peru.trycloudflare.com/login.html 2025-06-05
URL https://position-equivalent-ringtones-experiments.trycloudflare.com/login.html 2025-06-05
URL https://sagem-stone-monster-labour.trycloudflare.com/ 2025-06-05
URL https://so-workflow-harm-una.trycloudflare.com/ 2025-06-05
URL https://xml-changelog-coalition-thomas.trycloudflare.com/ 2025-06-05
hostname dev.eraste.com 2025-06-05
hostname front.eraste.com 2025-06-05
References (1)
↗ https://mp.weixin.qq.com/s?__biz=MzUyMjk4NzExMA==&mid=2247506191&idx=1&sn=89db49b84b7462bbf8731dbcc787e8c4&chksm=f9c1ea06ceb6631006eec73a1129db88dcbce705fd5bbfefe4eba48b5d4db5ed5017e34c9669&scene=178&cur_album_id=1955835290309230595&search_click_id=&poc_token=HGZOQWijOCtBLbeOZNmKXb_11l0WZ77aAMufwFqO