← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
GREYVIBE Threat Actor: TTPs, Malware, and Infrastructure Analysis.
WHITE PetrP.73 2026-05-30 Modified: 2026-05-30
165
IOCs
HIGH VOLUME
GREYVIBE is a cyber threat actor identified by WithSecure, primarily targeting Ukraine and entities related to Ukraine since August 2025. The group's activities show significant overlaps in their attack infrastructure and operational methodologies, which indicate a persistent campaign aligned with Russian state interests, especially in the context of the Russia-Ukraine war. GREYVIBE's operations have been characterized by the use of various attack vectors, including spear-phishing emails, fake captcha pages, and fraudulent websites impersonating Ukrainian organizations. These methods have facilitated the distribution of malware, predominantly custom-developed variants like PhantomRelay, FallSpy, and LegionRelay.
researchwhitepapermohammad kazem hassan nejad2026powershellfallspylegionrelaylookvalpslookvaljsjavascriptdaylightteasoupandroid spywareaugusttelegramdronelinkprincessclubphantomrelayv1greyvibedomain namephantommailsha256domaindevelopmentphantomclickclub siteteamskongtukeaprilnsisserviceimpacket
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
LegionRelay DroneLink PrincessClub PhantomRelayV1 LOOKVALJS GREYVIBE
Indicators of Compromise (14 / 165 total)
All domain FileHash-MD5 FileHash-SHA1 FileHash-SHA256 IPv4 URL hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 11b47e3a02edac898638b1906774210d 2026-05-30
FileHash-MD5 1282a7a5833dfa560457c8a638a3249c MD5 of 93111e523c38d98247a78a0d1d9ae163e9874acb70721f6fe0bf451c62fff283 2026-05-30
FileHash-MD5 412196c2f6850998f9681341711aa863 MD5 of e8d0943042e34a37ae8d79aeb4f9a2fa07b4a37955af2b0cc0e232b79c2e72f3 2026-05-30
FileHash-MD5 67bc37d94b09c7a59d4fd7e224c6c5bc MD5 of c823a315c2c78d2fd345c9b38bb7fc31a8cbff96c534ce9cc66c4e54bc7935a2 2026-05-30
FileHash-MD5 77f27ffccd75fc39ea003cbde32c624b MD5 of bcb9e99021f88b9720a667d737a3ddd7d5b9f963ac3cae6d26e74701e406dcdc 2026-05-30
FileHash-MD5 79079afa75880100a942d13fe4068a98 MD5 of 7db11cf6a0417d5e20cd6720687ba86045b2fb758a7b585a49f572df2dc40c5e 2026-05-30
FileHash-MD5 842d96f208b567e58c5656017fb67df6 MD5 of 07d9deaace25d90fc91b31849dfc12b2fc3ac5ca90e317cfa165fe1d3553eead 2026-05-30
FileHash-MD5 9fc82b8881add8b216465a8ad0a571ed MD5 of b0c07b265c9d9046038ffa48d5b8e17b8ba0791503beba85196cdbe0ac2fcb27 2026-05-30
FileHash-MD5 a680f027bcd9069544338fdab6f09210 MD5 of 40f9399ea067d69c0985aecdc54beddbcb585d7f660606e5bb4be981811c28ba 2026-05-30
FileHash-MD5 b07df2ae78be6085bdce1206edaaecd6 MD5 of 48a371a3973983a9bdb395cb33d6fce68d75b41d4bfd86d3f923cff79b545efc 2026-05-30
FileHash-MD5 bc94232f50e19965cb3f1bc1fc5e8f9d MD5 of 476334f9254ef0277b3462b6086655f38358a983b95991cfe4dcdd787740906a 2026-05-30
FileHash-MD5 d40111f212eabc073a17006777a98633 MD5 of e9634032df81334e9e960ab8b88ff05a0f7ec9c034dc012f816f09e23c18d41b 2026-05-30
FileHash-MD5 e99f402c58c5bab5aa5894e95ead0818 MD5 of ccc7f039e1afd55fe8bc767ae688e71e66f162aba0c0d1650face02f15e9c7d0 2026-05-30
FileHash-MD5 f4d1aebb42054472c547d965dcba6a06 MD5 of 87b8abb05c7ee5642a5e801e7825dfa5ee4c1393ac998e87470ab53cc75e1842 2026-05-30
References (1)
↗ https://labs.withsecure.com/publications/greyvibe