locsec/Ukraine-Cyber-Operations
1
Форкнуть 0
Код Задачи Запросы на слияние Действия Пакеты Проекты Релизы Вики Активность
Ukraine-Cyber-Operations/ETAC_IOCs/CERT-UA_IOCs.csv
BushidoToken 106755ead8
Update CERT-UA_IOCs.csv
2022-03-28 21:36:07 +01:00

152 строки
15 KiB
CSV
Исходник Постоянная ссылка Ответственный История

Type,Indicator,Context,Source,
email,jowhar@xintongwood.club,Mailbox leveraged by Russian APTs,hxxps://www.facebook[.]com/UACERT/posts/317539153738683,
email,babu.d@tvsrubber.com,Mailbox leveraged by Russian APTs,hxxps://www.facebook[.]com/UACERT/posts/317539153738683,
email,citi.in.pm@xerago.com,Mailbox leveraged by Russian APTs,hxxps://www.facebook[.]com/UACERT/posts/317539153738683,
email,dean.ds@msruas.ac.in,Mailbox leveraged by Russian APTs,hxxps://www.facebook[.]com/UACERT/posts/317539153738683,
email,in-nonciti.basupport@xerago.com,Mailbox leveraged by Russian APTs,hxxps://www.facebook[.]com/UACERT/posts/317539153738683,
email,info@empiink.com,Mailbox leveraged by Russian APTs,hxxps://www.facebook[.]com/UACERT/posts/317539153738683,
email,narayanababu.py.ph@msruas.ac.in,Mailbox leveraged by Russian APTs,hxxps://www.facebook[.]com/UACERT/posts/317539153738683,
email,nshcorp@nshcorp.in,Mailbox leveraged by Russian APTs,hxxps://www.facebook[.]com/UACERT/posts/317539153738683,
email,omars@salecharter.net,Mailbox leveraged by Russian APTs,hxxps://www.facebook[.]com/UACERT/posts/317539153738683,
email,pooja.fa@msruas.ac.in,Mailbox leveraged by Russian APTs,hxxps://www.facebook[.]com/UACERT/posts/317539153738683,
email,productionbelgavi@hodekindia.com,Mailbox leveraged by Russian APTs,hxxps://www.facebook[.]com/UACERT/posts/317539153738683,
email,purchase2@hitechelastomers.com,Mailbox leveraged by Russian APTs,hxxps://www.facebook[.]com/UACERT/posts/317539153738683,
email,qs@gsengint.com,Mailbox leveraged by Russian APTs,hxxps://www.facebook[.]com/UACERT/posts/317539153738683,
email,rakesh.ict@msruas.ac.in,Mailbox leveraged by Russian APTs,hxxps://www.facebook[.]com/UACERT/posts/317539153738683,
email,roopa.tsld@msruas.ac.in,Mailbox leveraged by Russian APTs,hxxps://www.facebook[.]com/UACERT/posts/317539153738683,
email,sec.ls@msruas.ac.in,Mailbox leveraged by Russian APTs,hxxps://www.facebook[.]com/UACERT/posts/317539153738683,
email,systeam@xerago.com,Mailbox leveraged by Russian APTs,hxxps://www.facebook[.]com/UACERT/posts/317539153738683,
email,vaishnavi.kj@tvsrubber.com,Mailbox leveraged by Russian APTs,hxxps://www.facebook[.]com/UACERT/posts/317539153738683,
email,muthuprakash.b@tvsrubber.com,Mailbox leveraged by Russian APTs,hxxps://www.facebook[.]com/UACERT/posts/317482093744389,
URL,hxxp://consumerspanel[.]frge.io/,Phishing page targeting Ukraine,hxxps://www.facebook[.]com/UACERT/posts/317482093744389,
Domain,consumerspanel[.]frge.io,Phishing page targeting Ukraine,hxxps://www.facebook[.]com/UACERT/posts/317482093744389,
MD5,65237e705e842da0a891c222e57fe095,microbackdoor.dll (MicroBackdoor),hxxps://cert.gov.ua/article/37626,
URL,hxxps://cdn.discordapp.com/attachments/947916997713358890/949948174636830761/one.exe,UAC-0056 group,hxxps://cert.gov.ua/article/37704,
URL,hxxps://cdn.discordapp.com/attachments/947916997713358890/949948174838165524/dropper.exe,UAC-0056 group,hxxps://cert.gov.ua/article/37704,
URL,hxxps://cdn.discordapp.com/attachments/947916997713358890/949978571680673802/cesdf.exe,UAC-0056 group,hxxps://cert.gov.ua/article/37704,
IPv4,156.146.50.5,UAC-0056 group,hxxps://cert.gov.ua/article/37704,
MD5,15c525b74b7251cfa1f7c471975f3f95,(Go downloader) UAC-0056 group,hxxps://cert.gov.ua/article/37708,
MD5,2fdf9f3a25e039a41e743e19550d4040,(Discord downloader) UAC-0056 group,hxxps://cert.gov.ua/article/37708,
MD5,4f11abdb96be36e3806bada5b8b2b8f8,(GrimPlant) UAC-0056 group,hxxps://cert.gov.ua/article/37708,
MD5,9ad4a2dfd4cb49ef55f2acd320659b83,(Discord downloader) UAC-0056 group,hxxps://cert.gov.ua/article/37708,
MD5,9ea3aaaeb15a074cd617ee1dfdda2c26,(GraphSteel) UAC-0056 group,hxxps://cert.gov.ua/article/37708,
MD5,aa5e8268e741346c76ebfd1f27941a14,(Cobalt Strike Beacon) UAC-0056 group,hxxps://cert.gov.ua/article/37708,
MD5,b8b7a10dcc0dad157191620b5d4e5312,UAC-0056 group,hxxps://cert.gov.ua/article/377108,
MD5,c8bf238641621212901517570e96fae7,(Go downloader) UAC-0056 group,hxxps://cert.gov.ua/article/37708,
MD5,ca9290709843584aecbd6564fb978bd6,(bait document) UAC-0056 group,hxxps://cert.gov.ua/article/37708,
MD5,cf204319f7397a6a31ecf76c9531a549,(bait document) UAC-0056 group,hxxps://cert.gov.ua/article/37708,
IPv4,45.84.0.116,UAC-0056 group,hxxps://cert.gov.ua/article/37708,
URL,hxxp://45.84.0.116:443/c,UAC-0056 group,hxxps://cert.gov.ua/article/37708,
URL,hxxp://45.84.0.116:443/i,UAC-0056 group,hxxps://cert.gov.ua/article/37708,
URL,hxxp://45.84.0.116:443/m,UAC-0056 group,hxxps://cert.gov.ua/article/37708,
URL,hxxp://45.84.0.116:443/p,UAC-0056 group,hxxps://cert.gov.ua/article/37708,
URL,hxxps://forkscenter.fr/BitdefenderWindowsUpdatePackage.exe,UAC-0056 group,hxxps://cert.gov.ua/article/37708,
URL,hxxps://forkscenter.fr/Sdghrt_umrj6/wisw.exe,UAC-0056 group,hxxps://cert.gov.ua/article/37708,
URL,hxxps://nirsoft.me/nEDFzTtoCbUfp9BtSZlaq6ql8v6yYb/avp/amznussraps/,UAC-0056 group,hxxps://cert.gov.ua/article/37708,
URL,hxxps://nirsoft.me/s/2MYmbwpSJLZRAtXRgNTAUjJSH6SSoicLPIrQl/field-keywords/,UAC-0056 group,hxxps://cert.gov.ua/article/37708,
domain,forkscenter.fr,UAC-0056 group,hxxps://cert.gov.ua/article/37708,
domain,nirsoft.me,UAC-0056 group,hxxps://cert.gov.ua/article/37708,
URL,hxxps://tinyurl[.]com/2p8kpb9v,UAC-0028 group,hxxps://cert.gov.ua/article/37788,
Hostname,panelunregistertle-348.frge[.]io,UAC-0028 group,hxxps://cert.gov.ua/article/37788,
Hostname,eo9p1d2bfmioiot.m.pipedream[.]net,UAC-0028 group,hxxps://cert.gov.ua/article/37788,
Hostname,eoiw8lhjwuc3sh2.m.pipedream[.]net,UAC-0028 group,hxxps://cert.gov.ua/article/37788,
MD5,00a54a6496734d87dab6685aa90588f8,UAC-0020 group,hxxps://cert.gov.ua/article/37818,
MD5,1c2c41a5a5f89eccafea6e34183d5db9,UAC-0020 group,hxxps://cert.gov.ua/article/37818,
MD5,32343f2a6b8ac9b6587e2e07989362ab,UAC-0020 group,hxxps://cert.gov.ua/article/37818,
MD5,3ed8263abe009c19c4af8706d52060f8,UAC-0020 group,hxxps://cert.gov.ua/article/37818,
MD5,5db4313b8dbb9204f8f98f2c129fd734,UAC-0020 group,hxxps://cert.gov.ua/article/37818,
MD5,67274bdd5c9537affbd51567f4ba8d5f,UAC-0020 group,hxxps://cert.gov.ua/article/37818,
MD5,75e1ce42e0892ed04a43e3b68afdbc07,UAC-0020 group,hxxps://cert.gov.ua/article/37818,
MD5,993415425b61183dd3f900d9b81ac57f,UAC-0020 group,hxxps://cert.gov.ua/article/37818,
MD5,adebdc32ef35209fb142d44050928083,UAC-0020 group,hxxps://cert.gov.ua/article/37818,
MD5,baf502b4b823b6806cc91e2c1dd07613,UAC-0020 group,hxxps://cert.gov.ua/article/37818,
MD5,d0632ef34514bbb0f675c59e6ecca717,UAC-0020 group,hxxps://cert.gov.ua/article/37818,
MD5,d34dbbd28775b2c3a0b55d86d418f293,UAC-0020 group,hxxps://cert.gov.ua/article/37818,
MD5,e08d7c4daa45beca5079870251e50236,UAC-0020 group,hxxps://cert.gov.ua/article/37818,
MD5,ecc7bb2e4672b958bd82fe9ec9cfab14,UAC-0020 group,hxxps://cert.gov.ua/article/37818,
MD5,f0197bbb56465b5e2f1f17876c0da5ba,UAC-0020 group,hxxps://cert.gov.ua/article/37818,
IPv4,176.119.2.212,UAC-0020 group,hxxps://cert.gov.ua/article/37815,
IPv4,176.119.2.214,UAC-0020 group,hxxps://cert.gov.ua/article/37815,
IPv4,176.119.5.194,UAC-0020 group,hxxps://cert.gov.ua/article/37815,
IPv4,176.119.5.195,UAC-0020 group,hxxps://cert.gov.ua/article/37815,
URL,http://176.119.2.212/web/t/data.out,UAC-0020 group,hxxps://cert.gov.ua/article/37815,
URL,http://176.119.5.195/k9otb49xq,UAC-0020 group,hxxps://cert.gov.ua/article/37815,
URL,http://getmod.host/DSGb3Y3X,UAC-0020 group,hxxps://cert.gov.ua/article/37815,
URL,http://getmod.host/OcthdaLm,UAC-0020 group,hxxps://cert.gov.ua/article/37815,
URL,http://getmod.host/ThlAHy3S,UAC-0020 group,hxxps://cert.gov.ua/article/37815,
URL,http://getmod.host/25s2mh,UAC-0020 group,hxxps://cert.gov.ua/article/37815,
domain,getmod.host,UAC-0020 group,hxxps://cert.gov.ua/article/37815,
domain,meteolink.host,UAC-0020 group,hxxps://cert.gov.ua/article/37815,
domain,netbin.host,UAC-0020 group,hxxps://cert.gov.ua/article/37815,
domain,stormpredictor.host,UAC-0020 group,hxxps://cert.gov.ua/article/37815,
domain,syncapp.host,UAC-0020 group,hxxps://cert.gov.ua/article/37815,
URL,hxxp://45.95.11.34:88/get.php,UAC-0035 (InvisiMole),hxxps://cert.gov.ua/article/37829,
FileHash-MD5,03f12262a2846ebbce989aca5cec74a7,UAC-0035 (InvisiMole),hxxps://cert.gov.ua/article/37829,
FileHash-MD5,5fb6202b8273a6a4cda73cee3f88ce1a,UAC-0035 (InvisiMole),hxxps://cert.gov.ua/article/37829,
FileHash-MD5,72ed59f0d293ceede46bd69a09322f30,UAC-0035 (InvisiMole),hxxps://cert.gov.ua/article/37829,
FileHash-MD5,cd1a425e1ac6bc029fb4418523e43e88,UAC-0035 (InvisiMole),hxxps://cert.gov.ua/article/37829,
FileHash-MD5,dfb5a03f56769e3d1195bdfe6bb62070,UAC-0035 (InvisiMole),hxxps://cert.gov.ua/article/37829,
FileHash-SHA256,090997b4691f1a155187a181dbf54aec034eafc7b9344016867fe50da15829df,UAC-0035 (InvisiMole),hxxps://cert.gov.ua/article/37829,
FileHash-SHA256,4df873ea077bdbfe5389d30b5b0d0ad4a3fa663af4a4109859b61eb7f6099fc8,UAC-0035 (InvisiMole),hxxps://cert.gov.ua/article/37829,
FileHash-SHA256,5e06d688ac955b351c3ced0083dc7e372e447458e6604fd82ac118a6ac8e553c,UAC-0035 (InvisiMole),hxxps://cert.gov.ua/article/37829,
FileHash-SHA256,6b721ab9f73718c393aca2b9ad06f45b09dbfb23d105ca5872d8df7515ae14c4,UAC-0035 (InvisiMole),hxxps://cert.gov.ua/article/37829,
FileHash-SHA256,fd72080eca622fa3d9573b43c86a770f7467f3354225118ab2634383bd7b42eb,UAC-0035 (InvisiMole),hxxps://cert.gov.ua/article/37829,
IPv4,45.95.11.34,UAC-0035 (InvisiMole),hxxps://cert.gov.ua/article/37829,
URL,hxxp://45.95.11.34:3000/test,UAC-0035 (InvisiMole),hxxps://cert.gov.ua/article/37829,
URL,hxxp://45.95.11.34:88/_[A-Z0-9],UAC-0035 (InvisiMole),hxxps://cert.gov.ua/article/37829,
URL,hxxp://45.95.11.34:88/get.php?a=We4Qu6,UAC-0035 (InvisiMole),hxxps://cert.gov.ua/article/37829,
FileHash-MD5,36dc2a5bab2665c88ce407d270954d04,UAC-0088 DoubleZero,hxxps://cert.gov.ua/article/38088,
FileHash-MD5,7d20fa01a703afa8907e50417d27b0a4,UAC-0088 DoubleZero,hxxps://cert.gov.ua/article/38088,
FileHash-MD5,989c5de8ce5ca07cc2903098031c7134,UAC-0088 DoubleZero,hxxps://cert.gov.ua/article/38088,
FileHash-MD5,b4f0ca61ab0c55a542f32bd4e66a7dc2,UAC-0088 DoubleZero,hxxps://cert.gov.ua/article/38088,
FileHash-SHA256,30b3cbe8817ed75d8221059e4be35d5624bd6b5dc921d4991a7adc4c3eb5de4a,UAC-0088 DoubleZero,hxxps://cert.gov.ua/article/38088,
FileHash-SHA256,3b2e708eaa4744c76a633391cf2c983f4a098b46436525619e5ea44e105355fe,UAC-0088 DoubleZero,hxxps://cert.gov.ua/article/38088,
FileHash-SHA256,8dd8b9bd94de1e72f0c400c5f32dcefc114cc0a5bf14b74ba6edc19fd4aeb2a5,UAC-0088 DoubleZero,hxxps://cert.gov.ua/article/38088,
FileHash-SHA256,d897f07ae6f42de8f35e2b05f5ef5733d7ec599d5e786d3225e66ca605a48f53,UAC-0088 DoubleZero,hxxps://cert.gov.ua/article/38088,
URL,hxxps://product2020.mrbasic.com:8080,UAC-0026 HeaderTip,hxxps://cert.gov.ua/article/38097,
hostname,product2020.mrbasic[.]com,UAC-0026 HeaderTip,hxxps://cert.gov.ua/article/38097,
FileHash-MD5,13612c99a38b2b07575688c9758b72cc,UAC-0026 HeaderTip,hxxps://cert.gov.ua/article/38097,
FileHash-MD5,1aba36f72685c12e60fb0922b606417c,UAC-0026 HeaderTip,hxxps://cert.gov.ua/article/38097,
FileHash-MD5,1af894a5f23713b557c23078809ed01c,UAC-0026 HeaderTip,hxxps://cert.gov.ua/article/38097,
FileHash-MD5,3293ba0e2eaefbe5a7c3d26d0752326e,UAC-0026 HeaderTip,hxxps://cert.gov.ua/article/38097,
FileHash-MD5,4fb630f9c5422271bdd4deb94a1e74f4,UAC-0026 HeaderTip,hxxps://cert.gov.ua/article/38097,
FileHash-MD5,9c22548f843221cc35de96d475148ecf,UAC-0026 HeaderTip,hxxps://cert.gov.ua/article/38097,
FileHash-SHA256,042271aadf2191749876fc99997d0e6bdd3b89159e7ab8cd11a9f13ae65fa6b1,UAC-0026 HeaderTip,hxxps://cert.gov.ua/article/38097,
FileHash-SHA256,63a218d3fc7c2f7fcadc0f6f907f326cc86eb3f8cf122704597454c34c141cf1,UAC-0026 HeaderTip,hxxps://cert.gov.ua/article/38097,
FileHash-SHA256,830c6ead1d972f0f41362f89a50f41d869e8c22ea95804003d2811c3a09c3160,UAC-0026 HeaderTip,hxxps://cert.gov.ua/article/38097,
FileHash-SHA256,839e968aa5a6691929b4d65a539c2261f4ecd1c504a8ba52abbfbac0774d6fa3,UAC-0026 HeaderTip,hxxps://cert.gov.ua/article/38097,
FileHash-SHA256,a2ffd62a500abbd157e46f4caeb91217738297709362ca2c23b0c2d117c7df38,UAC-0026 HeaderTip,hxxps://cert.gov.ua/article/38097,
FileHash-SHA256,c0962437a293b1e1c2702b98d935e929456ab841193da8b257bd4ab891bf9f69,UAC-0026 HeaderTip,hxxps://cert.gov.ua/article/38097,
URL,hxxp://ao3[.]hmgo[.]pw/tags/Akihabara@TODEEP/works,UAC-0051 (UNC1151),hxxps://cert.gov.ua/article/38155,
URL,hxxp://ao3[.]hmgo[.]pw/tags/Akihabara@TODEEP/works/update,UAC-0051 (UNC1151),hxxps://cert.gov.ua/article/38155,
URL,hxxp://ao3[.]hmgo[.]pw,UAC-0051 (UNC1151),hxxps://cert.gov.ua/article/38155,
URL,hxxps://ao3[.]hmgo[.]pw,UAC-0051 (UNC1151),hxxps://cert.gov.ua/article/38155,
FileHash-MD5,1365b82e7da0968e97c095d8bd9166dd,UAC-0051 (UNC1151),hxxps://cert.gov.ua/article/38155,
FileHash-MD5,18e73cc3d5eda742530ba3fef59e3943,UAC-0051 (UNC1151),hxxps://cert.gov.ua/article/38155,
FileHash-MD5,3303286735a07ae5d14db9c12843d44e,UAC-0051 (UNC1151),hxxps://cert.gov.ua/article/38155,
FileHash-MD5,4a78df33d4f987103dc0c0f3a302b8cb,UAC-0051 (UNC1151),hxxps://cert.gov.ua/article/38155,
FileHash-MD5,b5525108912ee8d5f1519f1b552723e8,UAC-0051 (UNC1151),hxxps://cert.gov.ua/article/38155,
FileHash-MD5,b724ff750dff495e6634ddf0f1263844,UAC-0051 (UNC1151),hxxps://cert.gov.ua/article/38155,
FileHash-MD5,bcdab4ae622811f699765bfb9cb909d2,UAC-0051 (UNC1151),hxxps://cert.gov.ua/article/38155,
FileHash-MD5,e4b54ee2f0068762179e7e514d90bf16,UAC-0051 (UNC1151),hxxps://cert.gov.ua/article/38155,
FileHash-SHA256,37e644deee0add76bac9c5121355a03a459b1a97917383765bf3df94e9af7e29,UAC-0051 (UNC1151),hxxps://cert.gov.ua/article/38155,
FileHash-SHA256,59ed536e1955e310f321435d43ca8b60cb3746514f3c3ea951d43633cacbe7bc,UAC-0051 (UNC1151),hxxps://cert.gov.ua/article/38155,
FileHash-SHA256,6149680c8541980d46c17681e37e4751e2baca1d13ee648b8188dfb24bf56f7c,UAC-0051 (UNC1151),hxxps://cert.gov.ua/article/38155,
FileHash-SHA256,7cf3f758b2abb303dec89736dfd55c38309a21aec2d83d3d4e590f9538fc5f15,UAC-0051 (UNC1151),hxxps://cert.gov.ua/article/38155,
FileHash-SHA256,c14fce93183dc4173be02b2a48d1ed06b43656c7b6d5a290d9948b6947df9033,UAC-0051 (UNC1151),hxxps://cert.gov.ua/article/38155,
FileHash-SHA256,d324d7f30984931176ff878a81c7c1f4f979ad3d759c7f33427bba10d9deb1f6,UAC-0051 (UNC1151),hxxps://cert.gov.ua/article/38155,
FileHash-SHA256,f98e1e61c84a5ed098e7481ab339e2881195f4d1b101c92b81113eb7ff56e63d,UAC-0051 (UNC1151),hxxps://cert.gov.ua/article/38155,
FileHash-SHA256,fbabc4e5a6470606fc64c39c182b5a7a71f8fa96f50c67725d52abf184f75fd4,UAC-0051 (UNC1151),hxxps://cert.gov.ua/article/38155,
domain,dhdhk0k34[.]com,UAC-0051 (UNC1151),hxxps://cert.gov.ua/article/38155,
domain,hmgo[.]pw,UAC-0051 (UNC1151),hxxps://cert.gov.ua/article/38155,
hostname,ao3[.]hmgo[.]pw,UAC-0051 (UNC1151),hxxps://cert.gov.ua/article/38155,
hostname,webdavml07[.]bplaced[.]net,UAC-0010 (Gamaredon),hxxps://cert.gov.ua/article/38371,
FileHash-MD5,55cafceba527c3e68852b1af071929c0,UAC-0010 (Gamaredon),hxxps://cert.gov.ua/article/38371,
FileHash-MD5,5d29da2285390164a0a7d80e6ed23da7,UAC-0010 (Gamaredon),hxxps://cert.gov.ua/article/38371,
FileHash-MD5,878c30bdefb1b76ea10823a6d5a32f89,UAC-0010 (Gamaredon),hxxps://cert.gov.ua/article/38371,
FileHash-MD5,eda76ae28628c64d9e12a86adef6dc69,UAC-0010 (Gamaredon),hxxps://cert.gov.ua/article/38371,
FileHash-SHA256,13eaa638d071e7dc124cf982b8777c6ef50a3d9dc8c57d22d23abe1bae5560f5,UAC-0010 (Gamaredon),hxxps://cert.gov.ua/article/38371,
FileHash-SHA256,78b492e211e91b1ef9a4bcd5ba80c9572545d5f3f63d3071e3253dcec3a5d97c,UAC-0010 (Gamaredon),hxxps://cert.gov.ua/article/38371,
FileHash-SHA256,bab351b5f19ecaa24eaa438dd93decd5587e0b441fc43b78893ca2e207b2cb2f,UAC-0010 (Gamaredon),hxxps://cert.gov.ua/article/38371,
FileHash-SHA256,c50972c11ffd1da9e0ed670b99296f75ec52933699790285d050c0654c21fda3,UAC-0010 (Gamaredon),hxxps://cert.gov.ua/article/38371,
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку