← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
UDPGangster Campaigns Target Multiple Countries
WHITE PetrP.73 2025-12-06 Modified: 2026-01-05
17
IOCs
MEDIUM VOLUME
The UDPGangster campaigns reveal the use of advanced delivery methods and sophisticated evasion techniques associated with the MuddyWater threat actor group. Primarily, these campaigns utilize macro-based delivery mechanisms, which are often embedded in documents as a means to initiate attacks. The phishing emails employed in these campaigns impersonate credible sources such as the Turkish Republic of Northern Cyprus Ministry of Foreign Affairs. Recipients are lured to an online seminar on "Presidential Elections and Results," with the emails containing attachments named seminer.doc and http://seminer.zip. The sender’s address is crafted to closely resemble an official communication, and the content is presented in formal Turkish to lend authenticity.
threat researchfortiguard labs threat researchfortinetfortimailfortigateudpgangsterisraelazerbaijanturkeyforticlientfortiedrfortisandboxserviceteam
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (17)
All URL hostname FileHash-MD5 FileHash-SHA1 FileHash-SHA256
TYPEINDICATORDESCRIPTIONCREATED
URL https://reminders.trahum.org/Scheduled_Internet_Outages.doc 2025-12-06
hostname reminders.trahum.org 2025-12-06
FileHash-MD5 a9235540208fa6a25614c24a59e19199 MD5 of 7ea4b307e84c8b32c0220eca13155a4cf66617241f96b8af26ce2db8115e3d53 2025-12-06
FileHash-SHA1 7bb0d162bbaa462c516502d1db56818d24ad825f SHA1 of 7ea4b307e84c8b32c0220eca13155a4cf66617241f96b8af26ce2db8115e3d53 2025-12-06
FileHash-SHA256 01b1073cb0480af3bde735f559898774e1a563e06f9fe56ec3845ea960da0f3c 2025-12-06
FileHash-SHA256 13d36f3011ed372ad4ec4ace41a6dee52361f221161192cb49c08974c86d160e 2025-12-06
FileHash-SHA256 232e979493da5329012022d3121300a4b00f813d5b0ecc98fdc3278d8f4e5a48 2025-12-06
FileHash-SHA256 3d3fbd586f61043ff04ab0369b913a161c0159425fb269d52b7d8d8a14838ece 2025-12-06
FileHash-SHA256 44deab99e22340fc654494cc4af2b2c27ef1942c6fea6eace9fb94ce7855c0ca 2025-12-06
FileHash-SHA256 7ea4b307e84c8b32c0220eca13155a4cf66617241f96b8af26ce2db8115e3d53 2025-12-06
FileHash-SHA256 b552e1ca3482ad4b37b1a50717ac577e1961d0be368b49fa1e4e462761ae6eeb 2025-12-06
FileHash-SHA256 b7276cad88103bdb3666025cf9e206b9fb3e66a6d934b66923150d7f23573b60 2025-12-06
FileHash-SHA256 bca7d23b072a2799d124977fdb8384325b30bb1d731741d84a1dfc5e3cf6ac26 2025-12-06
FileHash-SHA256 d177cf65a17bffcd152c5397600950fc0f81f00990ab8a43d352f9a7238428a1 2025-12-06
FileHash-SHA256 e84a5878ea14aa7e2c39d04ea7259d7a4ed7f666c67453a93b28358ccce57bc5 2025-12-06
FileHash-SHA256 fc4a7eed5cb18c52265622ac39a5cef31eec101c898b4016874458d2722ec430 2025-12-06
URL http://reminders.trahum.org 2025-12-06
References (1)
↗ https://www.fortinet.com/blog/threat-research/udpgangster-campaigns-target-multiple-countries