Pulse Detail — Threat Intelligence

PULSE NAME

GREYVIBE Threat Actor: TTPs, Malware, and Infrastructure Analysis.

WHITE PetrP.73 2026-05-30 Modified: 2026-05-30

165

IOCs

HIGH VOLUME

GREYVIBE is a cyber threat actor identified by WithSecure, primarily targeting Ukraine and entities related to Ukraine since August 2025. The group's activities show significant overlaps in their attack infrastructure and operational methodologies, which indicate a persistent campaign aligned with Russian state interests, especially in the context of the Russia-Ukraine war. GREYVIBE's operations have been characterized by the use of various attack vectors, including spear-phishing emails, fake captcha pages, and fraudulent websites impersonating Ukrainian organizations. These methods have facilitated the distribution of malware, predominantly custom-developed variants like PhantomRelay, FallSpy, and LegionRelay.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1005 T1016 T1021.001 T1027 T1041 T1059.001 T1059.003 T1059.007 T1071.001 T1082

MALWARE FAMILIES

LegionRelay DroneLink PrincessClub PhantomRelayV1 LOOKVALJS GREYVIBE

Indicators of Compromise (165)

All domain FileHash-MD5 FileHash-SHA1 FileHash-SHA256 IPv4 URL hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
domain	frontforce.org	—	2026-05-30
FileHash-MD5	11b47e3a02edac898638b1906774210d	—	2026-05-30
FileHash-MD5	1282a7a5833dfa560457c8a638a3249c	MD5 of 93111e523c38d98247a78a0d1d9ae163e9874acb70721f6fe0bf451c62fff283	2026-05-30
FileHash-MD5	412196c2f6850998f9681341711aa863	MD5 of e8d0943042e34a37ae8d79aeb4f9a2fa07b4a37955af2b0cc0e232b79c2e72f3	2026-05-30
FileHash-MD5	67bc37d94b09c7a59d4fd7e224c6c5bc	MD5 of c823a315c2c78d2fd345c9b38bb7fc31a8cbff96c534ce9cc66c4e54bc7935a2	2026-05-30
FileHash-MD5	77f27ffccd75fc39ea003cbde32c624b	MD5 of bcb9e99021f88b9720a667d737a3ddd7d5b9f963ac3cae6d26e74701e406dcdc	2026-05-30
FileHash-MD5	79079afa75880100a942d13fe4068a98	MD5 of 7db11cf6a0417d5e20cd6720687ba86045b2fb758a7b585a49f572df2dc40c5e	2026-05-30
FileHash-MD5	842d96f208b567e58c5656017fb67df6	MD5 of 07d9deaace25d90fc91b31849dfc12b2fc3ac5ca90e317cfa165fe1d3553eead	2026-05-30
FileHash-MD5	9fc82b8881add8b216465a8ad0a571ed	MD5 of b0c07b265c9d9046038ffa48d5b8e17b8ba0791503beba85196cdbe0ac2fcb27	2026-05-30
FileHash-MD5	a680f027bcd9069544338fdab6f09210	MD5 of 40f9399ea067d69c0985aecdc54beddbcb585d7f660606e5bb4be981811c28ba	2026-05-30
FileHash-MD5	b07df2ae78be6085bdce1206edaaecd6	MD5 of 48a371a3973983a9bdb395cb33d6fce68d75b41d4bfd86d3f923cff79b545efc	2026-05-30
FileHash-MD5	bc94232f50e19965cb3f1bc1fc5e8f9d	MD5 of 476334f9254ef0277b3462b6086655f38358a983b95991cfe4dcdd787740906a	2026-05-30
FileHash-MD5	d40111f212eabc073a17006777a98633	MD5 of e9634032df81334e9e960ab8b88ff05a0f7ec9c034dc012f816f09e23c18d41b	2026-05-30
FileHash-MD5	e99f402c58c5bab5aa5894e95ead0818	MD5 of ccc7f039e1afd55fe8bc767ae688e71e66f162aba0c0d1650face02f15e9c7d0	2026-05-30
FileHash-MD5	f4d1aebb42054472c547d965dcba6a06	MD5 of 87b8abb05c7ee5642a5e801e7825dfa5ee4c1393ac998e87470ab53cc75e1842	2026-05-30
FileHash-SHA1	0987ff3f22cfc118f42c4bbac34e1760d36f2f28	SHA1 of b0c07b265c9d9046038ffa48d5b8e17b8ba0791503beba85196cdbe0ac2fcb27	2026-05-30
FileHash-SHA1	19533a73486a90f8a17b10b37777eda641943838	SHA1 of 7db11cf6a0417d5e20cd6720687ba86045b2fb758a7b585a49f572df2dc40c5e	2026-05-30
FileHash-SHA1	2760046d59b382466fbdd1c770b0eeacdc03285f	SHA1 of ccc7f039e1afd55fe8bc767ae688e71e66f162aba0c0d1650face02f15e9c7d0	2026-05-30
FileHash-SHA1	2971f1235d8417a5bf271133915da26f1c958bb2	SHA1 of e8d0943042e34a37ae8d79aeb4f9a2fa07b4a37955af2b0cc0e232b79c2e72f3	2026-05-30
FileHash-SHA1	2cf4f4c383c494826cda355306eb95e92214472a	SHA1 of 476334f9254ef0277b3462b6086655f38358a983b95991cfe4dcdd787740906a	2026-05-30
FileHash-SHA1	360d71eff7392b958321dc61e7f39fe7f44200ce	SHA1 of e9634032df81334e9e960ab8b88ff05a0f7ec9c034dc012f816f09e23c18d41b	2026-05-30
FileHash-SHA1	49eb11064dedc2cc016d4e8692a289762d71cf2c	SHA1 of 93111e523c38d98247a78a0d1d9ae163e9874acb70721f6fe0bf451c62fff283	2026-05-30
FileHash-SHA1	5ac660ecbbde66ba9d46f37f9ddbc904e4c5d9e8	SHA1 of bcb9e99021f88b9720a667d737a3ddd7d5b9f963ac3cae6d26e74701e406dcdc	2026-05-30
FileHash-SHA1	65104dd762b8a5060e06178acd3ff6ab7e9f0613	SHA1 of 40f9399ea067d69c0985aecdc54beddbcb585d7f660606e5bb4be981811c28ba	2026-05-30
FileHash-SHA1	84ac1d9d0fb5fa8c23e06f92732d093489dccf16	SHA1 of 87b8abb05c7ee5642a5e801e7825dfa5ee4c1393ac998e87470ab53cc75e1842	2026-05-30
FileHash-SHA1	8b69a06e86ec120126fd07a2c32b2b7cbd485ca6	SHA1 of 48a371a3973983a9bdb395cb33d6fce68d75b41d4bfd86d3f923cff79b545efc	2026-05-30
FileHash-SHA1	8dd05a497f61164bad5c1cec44afc34e83086b3f	SHA1 of c823a315c2c78d2fd345c9b38bb7fc31a8cbff96c534ce9cc66c4e54bc7935a2	2026-05-30
FileHash-SHA1	9d3a0c7c7859cb71902c61b7664a925781b08ebf	SHA1 of 07d9deaace25d90fc91b31849dfc12b2fc3ac5ca90e317cfa165fe1d3553eead	2026-05-30
FileHash-SHA256	0005c16f04ce7d5a1a9966069f4a291de5506e77490926d7fb177efa677fe588	—	2026-05-30
FileHash-SHA256	03beb07ce116a2a69f360dd3fab8c3aa55bb42ce580d43f1924642874e388efe	—	2026-05-30
FileHash-SHA256	07d9deaace25d90fc91b31849dfc12b2fc3ac5ca90e317cfa165fe1d3553eead	—	2026-05-30
FileHash-SHA256	08eba15964cae61156a99d7ac33eedebdd6e9f3465dc77b5d8dc17dbedc2194a	—	2026-05-30
FileHash-SHA256	18db95f2ae20a4ea86b3296f409eb3fc1131d2758c5bfdbda16a424a64e97d18	—	2026-05-30
FileHash-SHA256	1b916c486ec621fb66bd4521dddad5df69bd35c4b76a980c0b924babf566cb84	—	2026-05-30
FileHash-SHA256	1d69523a20b9c1180bba6a2cc9959d555e2ee9e78440fd79cfbaf31ad35a09fc	—	2026-05-30
FileHash-SHA256	1e20e95b351a5bd26a3dcf1ead8cab133e3e473d2912b6e2ff285a09e855b60f	—	2026-05-30
FileHash-SHA256	26d1a616b9332c34f1884ed000751833a9d9d17fb737e637636bf4acb4339a22	—	2026-05-30
FileHash-SHA256	286de17c2e8017241bee12b0935ed5e1e5d5216f4311be781ca1a69ad81188b3	—	2026-05-30
FileHash-SHA256	296932373f9c54fcf4eb285f81a17b1b93c5a96e5ff6dfa097b4d8c4b8f53b81	—	2026-05-30
FileHash-SHA256	2a18935e758d6a0f5bc5ebb8e43da0d1fb0cb57f7be5ab7eb050e82a51bdc5b5	—	2026-05-30
FileHash-SHA256	2abb318455960b446d034967c8403ec4339ba248b946f02cb1307ed7e6f4e327	—	2026-05-30
FileHash-SHA256	35f3f1ead293ecc14ab03c96b0505c444b6cd0e7a48b4d099b53c8fe91cafc5e	—	2026-05-30
FileHash-SHA256	40f9399ea067d69c0985aecdc54beddbcb585d7f660606e5bb4be981811c28ba	—	2026-05-30
FileHash-SHA256	42464c188cb8116b63938b3236504ec4ae31c7cadb9063085b30dd468d88860f	—	2026-05-30
FileHash-SHA256	476334f9254ef0277b3462b6086655f38358a983b95991cfe4dcdd787740906a	—	2026-05-30
FileHash-SHA256	48a371a3973983a9bdb395cb33d6fce68d75b41d4bfd86d3f923cff79b545efc	—	2026-05-30
FileHash-SHA256	4e6f85802d365751fa25c7014002ae44329a2d037d7b21f4bc34091b0c01b7b7	—	2026-05-30
FileHash-SHA256	5115eca388860371d994457793f3a3c2c3d106da48ca12ecccb9432522c56cc3	—	2026-05-30
FileHash-SHA256	51b92c81a44f5d242519032c56601d3ee3f5699112d8fbf40323b825dfa9feda	—	2026-05-30
FileHash-SHA256	5e6c5b6604d88f044bff53b6576f7b15046baa666fa72bafe62069a8b9e9452f	—	2026-05-30
FileHash-SHA256	62b585f36d4b14fa1e036feed692267aa098e7fc6cabb468a07997a025309299	—	2026-05-30
FileHash-SHA256	63047083db26ec6a8aa2d0d008ca4c067855a952a89f9e3e878b2215e26841cf	—	2026-05-30
FileHash-SHA256	687629ca9dc5b9b4bdf6c06fb1405449638b905f3a0c08bccac1c519ef22964d	—	2026-05-30
FileHash-SHA256	78773eb9738bc3306a56bf39adc8212226479c24af8bf453be9d57103a91a904	—	2026-05-30
FileHash-SHA256	7ac06aaf0cdc1c1f0f14b0e8ccc550f9df20e79f3ce321207ec7a1867d6227ef	—	2026-05-30
FileHash-SHA256	7db11cf6a0417d5e20cd6720687ba86045b2fb758a7b585a49f572df2dc40c5e	—	2026-05-30
FileHash-SHA256	87b8abb05c7ee5642a5e801e7825dfa5ee4c1393ac998e87470ab53cc75e1842	—	2026-05-30
FileHash-SHA256	89e052bd182df8de5960784c663f962d44e058c8920a437f54ab75d03a7da3bd	—	2026-05-30
FileHash-SHA256	8a7401444dd7c85b36ff7b1d0b36c5953692ef32dbeac7642fb7c1034bd8a726	—	2026-05-30
FileHash-SHA256	908619929db75b0d2592ba6fb0a65be6c894592907c83f664f3b130108d98d6a	—	2026-05-30
FileHash-SHA256	920e8a8e06a1559ba0b4a1be5f6c290ed8e305fd130675ceadc655c79c1cb369	—	2026-05-30
FileHash-SHA256	93111e523c38d98247a78a0d1d9ae163e9874acb70721f6fe0bf451c62fff283	—	2026-05-30
FileHash-SHA256	9b7008c43814c7bf18375774bd2ed5f3bda9316dbef20b7e086fe921838f1186	—	2026-05-30
FileHash-SHA256	9e443d773df5adf0ab9e622bb8179ce899f46b2166f2faa09d54a4622a9ac5cc	—	2026-05-30
FileHash-SHA256	a1a67fbceac6b3b840893e375da5c449d0dacb22b4a914c5ff9827d42c991758	—	2026-05-30
FileHash-SHA256	a695a70c2efd11e1daa93997c1aaf976a205476839f553f2c8e64fb73123b853	—	2026-05-30
FileHash-SHA256	b0c07b265c9d9046038ffa48d5b8e17b8ba0791503beba85196cdbe0ac2fcb27	—	2026-05-30
FileHash-SHA256	b189b6099e6ad190fd67e0dfa41f0adf29f75bb46d541dce6d4d4c632b58d42f	—	2026-05-30
FileHash-SHA256	bc43504669966b0add6e4ec12022626126b80b8ee8d57ae95a953ee74d8df702	—	2026-05-30
FileHash-SHA256	bcb9e99021f88b9720a667d737a3ddd7d5b9f963ac3cae6d26e74701e406dcdc	—	2026-05-30
FileHash-SHA256	bd3f35b91bf83427e953d4cf531a0ee4b5ec9fc76b91700274effe0eba22510f	—	2026-05-30
FileHash-SHA256	c716dabe228f89e58835d2c93dbaa5719dc77f62c9e84f3e3d54ef82ded621e1	—	2026-05-30
FileHash-SHA256	c823a315c2c78d2fd345c9b38bb7fc31a8cbff96c534ce9cc66c4e54bc7935a2	—	2026-05-30
FileHash-SHA256	c9dfd29fba3eb8a3325faea0be46c41dfe2b44cdee94ae65658c4b0a9b85ffc7	—	2026-05-30
FileHash-SHA256	cbaf6cdb2acbd293d7e58cabe41449027a28b84223ba88f19e4463ec4176dad0	—	2026-05-30
FileHash-SHA256	ccc7f039e1afd55fe8bc767ae688e71e66f162aba0c0d1650face02f15e9c7d0	—	2026-05-30
FileHash-SHA256	d60dd96ef92b43e2e4f955dd76448fc320c3f8445b661d9a4a3c40caca0aa8a5	—	2026-05-30
FileHash-SHA256	d63cdac3e3623ae3072393f33a658537af71ded3109aacb3006f45cc7c94de05	—	2026-05-30
FileHash-SHA256	d814564ab8b905c3b9b7a42e757228d9d30f8ffd4fa6b3c48f4aa7e2b1e44594	—	2026-05-30
FileHash-SHA256	d9810fa6aa59864ceef509ed551da85fce31d69cfcd78f2f8b146c761387370e	—	2026-05-30
FileHash-SHA256	db05db462a0e8ba40c656dd0b8bd11f6fdc85895b54904df1dc83bb0609e2ff2	—	2026-05-30
FileHash-SHA256	db1776cc96cb89c3bb39314363ae8476fea3421877214f362005d1ed59574c10	—	2026-05-30
FileHash-SHA256	dec9c0213e1259c5aa5f86f6fef2c73e87c6a2c01773e2e99b8e1a0dd2eb149f	—	2026-05-30
FileHash-SHA256	e1f86fe0d103979da38a2be7fe3bf1d3eb63c5b60b5b952e02334559396a72b6	—	2026-05-30
FileHash-SHA256	e67a883595e95d357f92c2ab6cd34d4708e5ee711861c59192d9c23d7d20d0c7	—	2026-05-30
FileHash-SHA256	e81af6ae6862d905d8634a1f6e0a8893ba28e3ce61d12ccac020ef6fae802e8b	—	2026-05-30
FileHash-SHA256	e8d0943042e34a37ae8d79aeb4f9a2fa07b4a37955af2b0cc0e232b79c2e72f3	—	2026-05-30
FileHash-SHA256	e8ff33344b9aef15df02e03f4a5d8459b520d18011e39c179e19c629171122a5	—	2026-05-30
FileHash-SHA256	e9634032df81334e9e960ab8b88ff05a0f7ec9c034dc012f816f09e23c18d41b	—	2026-05-30
FileHash-SHA256	eb2c32b3d1aed95266b0b75704d4570b37b2d77e6c5d8401122ef4daf762f186	—	2026-05-30
FileHash-SHA256	ee144c883784c635ef84e0ae6a12b03553c1fd65646621f22d08511bd3e6d42a	—	2026-05-30
FileHash-SHA256	ee87fae14e3cc64d894f0a677af8832f8669f11853374c18b7110df1fc52f4e5	—	2026-05-30
FileHash-SHA256	f56170fc141e2fce7449a01af9bda7b22b8909b6c8eaf698e5a149e3da75eeac	—	2026-05-30
FileHash-SHA256	f79b9d14b93d4c509386684f2aeebe53ab088e704b38b359db3ee7991942aec6	—	2026-05-30
FileHash-SHA256	f8fd89b4d0d2608dbdf6e79282b7dc3fa3bef9b199a0dd02f15660cd02c73361	—	2026-05-30
IPv4	188.124.59.120	CC=CZ ASN=AS51248 host-telecom.com s.r.o.	2026-05-30
IPv4	193.233.23.81	CC=RU ASN=AS51659 llc baxet	2026-05-30
IPv4	194.87.108.110	CC=NL ASN=AS211252 delis llc	2026-05-30
IPv4	194.87.128.243	CC=DE ASN=AS211252 delis llc	2026-05-30
IPv4	74.112.102.120	CC=CA ASN=ASNone	2026-05-30
IPv4	89.125.189.118	CC=IE ASN=AS25441 imagine communications group limited	2026-05-30
IPv4	89.125.189.85	CC=IE ASN=AS25441 imagine communications group limited	2026-05-30
IPv4	89.37.185.60	CC=RO ASN=AS39527 cycomm communications srl	2026-05-30
IPv4	91.149.221.124	CC=PL ASN=AS398343 baxet group inc.	2026-05-30
URL	https://share.secureinfo.eu/get/ypMXMG58xH/Матеріали_конференції_доп.zip	—	2026-05-30
URL	https://storage.vlasiuk.kiev.ua/SW90D0qhta/матеріали_конференції.zip	—	2026-05-30
URL	https://www.4sync.com/web/directDownload/tcqtmocL/MyE7HPqt.11b47e3a02edac898638b1906774210d	—	2026-05-30
domain	aerobionix.com	—	2026-05-30
domain	artsselection.com	—	2026-05-30
domain	bluelagoonaenterprise.com	—	2026-05-30
domain	bsnowcommunications.com	—	2026-05-30
domain	centrenergo.ua	—	2026-05-30
domain	chiselworksenterprise.com	—	2026-05-30
domain	clubprincess.click	—	2026-05-30
domain	doct0rsim.com	—	2026-05-30
domain	emballeplus.com	—	2026-05-30
domain	emovietheater.com	—	2026-05-30
domain	fasterscommunications.com	—	2026-05-30
domain	flyskyenterprise.com	—	2026-05-30
domain	goodhillsenterprise.com	—	2026-05-30
domain	halungroup.com	—	2026-05-30
domain	heltaskeltahenterprise.com	—	2026-05-30
domain	highfleetenterprise.com	—	2026-05-30
domain	intrawld.com	—	2026-05-30
domain	ironbrave.online	—	2026-05-30
domain	j4jobspk.com	—	2026-05-30
domain	jackscommunications.com	—	2026-05-30
domain	kentfiresafe.com	—	2026-05-30
domain	khanvas.com	—	2026-05-30
domain	lapas.live	—	2026-05-30
domain	maxolutions243.com	—	2026-05-30
domain	meadowsantiques.com	—	2026-05-30
domain	neuromancersolutionsenterprise.icu	—	2026-05-30
domain	newequipmentsolutions.com	—	2026-05-30
domain	newrentalsenterprise.com	—	2026-05-30
domain	newsolutionsxsenterprise.icu	—	2026-05-30
domain	newstarcommunity.com	—	2026-05-30
domain	nycpartnersenterprise.com	—	2026-05-30
domain	princess-mens-club.com	—	2026-05-30
domain	princess-mens.click	—	2026-05-30
domain	princess-mens.fun	—	2026-05-30
domain	princessclub.best	—	2026-05-30
domain	princessclub.click	—	2026-05-30
domain	princessclub.cyou	—	2026-05-30
domain	princessclub.online	—	2026-05-30
domain	prosearium.net	—	2026-05-30
domain	red-viper.com	—	2026-05-30
domain	resutato.com	—	2026-05-30
domain	robotic-toys.com	—	2026-05-30
domain	routinesyscheckup.com	—	2026-05-30
domain	saidozdemir.com	—	2026-05-30
domain	seahorsemethod.com	—	2026-05-30
domain	serotoninenterprise.com	—	2026-05-30
domain	thirdmetrics.com	—	2026-05-30
domain	tucsonanimalallergy.com	—	2026-05-30
domain	ukrbezpeka.online	—	2026-05-30
domain	ukrguard.org	—	2026-05-30
domain	ukrvarta.online	—	2026-05-30
domain	xpertlearninghub.com	—	2026-05-30
domain	zeftasarim.com	—	2026-05-30
domain	zoomconference.click	—	2026-05-30
hostname	edbo.work.gd	—	2026-05-30
hostname	share.secureinfo.eu	—	2026-05-30
hostname	storage.vlasiuk.kiev.ua	—	2026-05-30
hostname	www.4sync.com	—	2026-05-30

References (1)

↗ https://labs.withsecure.com/publications/greyvibe