From 9374a35c477b8338d974aaef0e02f24be07f8b75 Mon Sep 17 00:00:00 2001
From: BushidoToken <59974887+BushidoUK@users.noreply.github.com>
Date: Fri, 18 Mar 2022 11:36:47 +0000
Subject: [PATCH] Create CERT-UA_IOCs.csv

---
 ETAC_IOCs/CERT-UA_IOCs.csv | 82 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 82 insertions(+)
 create mode 100644 ETAC_IOCs/CERT-UA_IOCs.csv

diff --git a/ETAC_IOCs/CERT-UA_IOCs.csv b/ETAC_IOCs/CERT-UA_IOCs.csv
new file mode 100644
index 0000000..7626be2
--- /dev/null
+++ b/ETAC_IOCs/CERT-UA_IOCs.csv
@@ -0,0 +1,82 @@
+Type,Indicator,Context,Source,
+email,jowhar@xintongwood.club,Mailbox leveraged by Russian APTs,hxxps://www.facebook[.]com/UACERT/posts/317539153738683,
+email,babu.d@tvsrubber.com,Mailbox leveraged by Russian APTs,hxxps://www.facebook[.]com/UACERT/posts/317539153738683,
+email,citi.in.pm@xerago.com,Mailbox leveraged by Russian APTs,hxxps://www.facebook[.]com/UACERT/posts/317539153738683,
+email,dean.ds@msruas.ac.in,Mailbox leveraged by Russian APTs,hxxps://www.facebook[.]com/UACERT/posts/317539153738683,
+email,in-nonciti.basupport@xerago.com,Mailbox leveraged by Russian APTs,hxxps://www.facebook[.]com/UACERT/posts/317539153738683,
+email,info@empiink.com,Mailbox leveraged by Russian APTs,hxxps://www.facebook[.]com/UACERT/posts/317539153738683,
+email,narayanababu.py.ph@msruas.ac.in,Mailbox leveraged by Russian APTs,hxxps://www.facebook[.]com/UACERT/posts/317539153738683,
+email,nshcorp@nshcorp.in,Mailbox leveraged by Russian APTs,hxxps://www.facebook[.]com/UACERT/posts/317539153738683,
+email,omars@salecharter.net,Mailbox leveraged by Russian APTs,hxxps://www.facebook[.]com/UACERT/posts/317539153738683,
+email,pooja.fa@msruas.ac.in,Mailbox leveraged by Russian APTs,hxxps://www.facebook[.]com/UACERT/posts/317539153738683,
+email,productionbelgavi@hodekindia.com,Mailbox leveraged by Russian APTs,hxxps://www.facebook[.]com/UACERT/posts/317539153738683,
+email,purchase2@hitechelastomers.com,Mailbox leveraged by Russian APTs,hxxps://www.facebook[.]com/UACERT/posts/317539153738683,
+email,qs@gsengint.com,Mailbox leveraged by Russian APTs,hxxps://www.facebook[.]com/UACERT/posts/317539153738683,
+email,rakesh.ict@msruas.ac.in,Mailbox leveraged by Russian APTs,hxxps://www.facebook[.]com/UACERT/posts/317539153738683,
+email,roopa.tsld@msruas.ac.in,Mailbox leveraged by Russian APTs,hxxps://www.facebook[.]com/UACERT/posts/317539153738683,
+email,sec.ls@msruas.ac.in,Mailbox leveraged by Russian APTs,hxxps://www.facebook[.]com/UACERT/posts/317539153738683,
+email,systeam@xerago.com,Mailbox leveraged by Russian APTs,hxxps://www.facebook[.]com/UACERT/posts/317539153738683,
+email,vaishnavi.kj@tvsrubber.com,Mailbox leveraged by Russian APTs,hxxps://www.facebook[.]com/UACERT/posts/317539153738683,
+email,muthuprakash.b@tvsrubber.com,Mailbox leveraged by Russian APTs,hxxps://www.facebook[.]com/UACERT/posts/317482093744389,
+URL,hxxp://consumerspanel[.]frge.io/,Phishing page targeting Ukraine,hxxps://www.facebook[.]com/UACERT/posts/317482093744389,
+Domain,consumerspanel[.]frge.io,Phishing page targeting Ukraine,hxxps://www.facebook[.]com/UACERT/posts/317482093744389,
+MD5,65237e705e842da0a891c222e57fe095,microbackdoor.dll (MicroBackdoor),hxxps://cert.gov.ua/article/37626,
+URL,hxxps://cdn.discordapp.com/attachments/947916997713358890/949948174636830761/one.exe,UAC-0056 group,hxxps://cert.gov.ua/article/37704,
+URL,hxxps://cdn.discordapp.com/attachments/947916997713358890/949948174838165524/dropper.exe,UAC-0056 group,hxxps://cert.gov.ua/article/37705,
+URL,hxxps://cdn.discordapp.com/attachments/947916997713358890/949978571680673802/cesdf.exe,UAC-0056 group,hxxps://cert.gov.ua/article/37706,
+IPv4,156.146.50.5,UAC-0056 group,hxxps://cert.gov.ua/article/37707,
+MD5,15c525b74b7251cfa1f7c471975f3f95,(Go downloader) UAC-0056 group,hxxps://cert.gov.ua/article/37708,
+MD5,2fdf9f3a25e039a41e743e19550d4040,(Discord downloader) UAC-0056 group,hxxps://cert.gov.ua/article/37709,
+MD5,4f11abdb96be36e3806bada5b8b2b8f8,(GrimPlant) UAC-0056 group,hxxps://cert.gov.ua/article/37710,
+MD5,9ad4a2dfd4cb49ef55f2acd320659b83,(Discord downloader) UAC-0056 group,hxxps://cert.gov.ua/article/37711,
+MD5,9ea3aaaeb15a074cd617ee1dfdda2c26,(GraphSteel) UAC-0056 group,hxxps://cert.gov.ua/article/37712,
+MD5,aa5e8268e741346c76ebfd1f27941a14,(Cobalt Strike Beacon) UAC-0056 group,hxxps://cert.gov.ua/article/37713,
+MD5,b8b7a10dcc0dad157191620b5d4e5312,UAC-0056 group,hxxps://cert.gov.ua/article/37714,
+MD5,c8bf238641621212901517570e96fae7,(Go downloader) UAC-0056 group,hxxps://cert.gov.ua/article/37715,
+MD5,ca9290709843584aecbd6564fb978bd6,(bait document) UAC-0056 group,hxxps://cert.gov.ua/article/37716,
+MD5,cf204319f7397a6a31ecf76c9531a549,(bait document) UAC-0056 group,hxxps://cert.gov.ua/article/37717,
+IPv4,45.84.0.116,UAC-0056 group,hxxps://cert.gov.ua/article/37718,
+URL,hxxp://45.84.0.116:443/c,UAC-0056 group,hxxps://cert.gov.ua/article/37719,
+URL,hxxp://45.84.0.116:443/i,UAC-0056 group,hxxps://cert.gov.ua/article/37720,
+URL,hxxp://45.84.0.116:443/m,UAC-0056 group,hxxps://cert.gov.ua/article/37721,
+URL,hxxp://45.84.0.116:443/p,UAC-0056 group,hxxps://cert.gov.ua/article/37722,
+URL,hxxps://forkscenter.fr/BitdefenderWindowsUpdatePackage.exe,UAC-0056 group,hxxps://cert.gov.ua/article/37723,
+URL,hxxps://forkscenter.fr/Sdghrt_umrj6/wisw.exe,UAC-0056 group,hxxps://cert.gov.ua/article/37724,
+URL,hxxps://nirsoft.me/nEDFzTtoCbUfp9BtSZlaq6ql8v6yYb/avp/amznussraps/,UAC-0056 group,hxxps://cert.gov.ua/article/37725,
+URL,hxxps://nirsoft.me/s/2MYmbwpSJLZRAtXRgNTAUjJSH6SSoicLPIrQl/field-keywords/,UAC-0056 group,hxxps://cert.gov.ua/article/37726,
+domain,forkscenter.fr,UAC-0056 group,hxxps://cert.gov.ua/article/37727,
+domain,nirsoft.me,UAC-0056 group,hxxps://cert.gov.ua/article/37728,
+URL,hxxps://tinyurl[.]com/2p8kpb9v,UAC-0028 group,hxxps://cert.gov.ua/article/37788,
+Hostname,panelunregistertle-348.frge[.]io,UAC-0028 group,hxxps://cert.gov.ua/article/37788,
+Hostname,eo9p1d2bfmioiot.m.pipedream[.]net,UAC-0028 group,hxxps://cert.gov.ua/article/37788,
+Hostname,eoiw8lhjwuc3sh2.m.pipedream[.]net,UAC-0028 group,hxxps://cert.gov.ua/article/37788,
+MD5,00a54a6496734d87dab6685aa90588f8,UAC-0020 group,hxxps://cert.gov.ua/article/37818,
+MD5,1c2c41a5a5f89eccafea6e34183d5db9,UAC-0020 group,hxxps://cert.gov.ua/article/37819,
+MD5,32343f2a6b8ac9b6587e2e07989362ab,UAC-0020 group,hxxps://cert.gov.ua/article/37820,
+MD5,3ed8263abe009c19c4af8706d52060f8,UAC-0020 group,hxxps://cert.gov.ua/article/37821,
+MD5,5db4313b8dbb9204f8f98f2c129fd734,UAC-0020 group,hxxps://cert.gov.ua/article/37822,
+MD5,67274bdd5c9537affbd51567f4ba8d5f,UAC-0020 group,hxxps://cert.gov.ua/article/37823,
+MD5,75e1ce42e0892ed04a43e3b68afdbc07,UAC-0020 group,hxxps://cert.gov.ua/article/37824,
+MD5,993415425b61183dd3f900d9b81ac57f,UAC-0020 group,hxxps://cert.gov.ua/article/37825,
+MD5,adebdc32ef35209fb142d44050928083,UAC-0020 group,hxxps://cert.gov.ua/article/37826,
+MD5,baf502b4b823b6806cc91e2c1dd07613,UAC-0020 group,hxxps://cert.gov.ua/article/37827,
+MD5,d0632ef34514bbb0f675c59e6ecca717,UAC-0020 group,hxxps://cert.gov.ua/article/37828,
+MD5,d34dbbd28775b2c3a0b55d86d418f293,UAC-0020 group,hxxps://cert.gov.ua/article/37829,
+MD5,e08d7c4daa45beca5079870251e50236,UAC-0020 group,hxxps://cert.gov.ua/article/37830,
+MD5,ecc7bb2e4672b958bd82fe9ec9cfab14,UAC-0020 group,hxxps://cert.gov.ua/article/37831,
+MD5,f0197bbb56465b5e2f1f17876c0da5ba,UAC-0020 group,hxxps://cert.gov.ua/article/37832,
+IPv4,176.119.2.212,UAC-0020 group,hxxps://cert.gov.ua/article/37817,
+IPv4,176.119.2.214,UAC-0020 group,hxxps://cert.gov.ua/article/37833,
+IPv4,176.119.5.194,UAC-0020 group,hxxps://cert.gov.ua/article/37834,
+IPv4,176.119.5.195,UAC-0020 group,hxxps://cert.gov.ua/article/37835,
+URL,http://176.119.2.212/web/t/data.out,UAC-0020 group,hxxps://cert.gov.ua/article/37836,
+URL,http://176.119.5.195/k9otb49xq,UAC-0020 group,hxxps://cert.gov.ua/article/37816,
+URL,http://getmod.host/DSGb3Y3X,UAC-0020 group,hxxps://cert.gov.ua/article/37837,
+URL,http://getmod.host/OcthdaLm,UAC-0020 group,hxxps://cert.gov.ua/article/37838,
+URL,http://getmod.host/ThlAHy3S,UAC-0020 group,hxxps://cert.gov.ua/article/37839,
+URL,http://getmod.host/25s2mh,UAC-0020 group,hxxps://cert.gov.ua/article/37815,
+domain,getmod.host,UAC-0020 group,hxxps://cert.gov.ua/article/37840,
+domain,meteolink.host,UAC-0020 group,hxxps://cert.gov.ua/article/37841,
+domain,netbin.host,UAC-0020 group,hxxps://cert.gov.ua/article/37842,
+domain,stormpredictor.host,UAC-0020 group,hxxps://cert.gov.ua/article/37843,
+domain,syncapp.host,UAC-0020 group,hxxps://cert.gov.ua/article/37844,