%%%%%#########%%%%%                              
                    ###%%%%##                 &%%%                          
               (#####%%          /.. .,,,,&      .%%                        
           //((###            . ...**//((... ,     %%                       
       ***//((               (..***//((...*#,,,     %%                      
   *******                  #(#./((((#......,%#(     %                      
    *****                   @%##....#%%%%%,,%#((     %                      
      ****//                 %%%%,,%%%%%%%**/((     #                       
         *//((#*               %%,%%%%%##((((      %                        
            ((####%               ,((((((/                                  
               #####%%#,                                         **         
                   ##%%%#####                              //**             
                        %%%%#########%.          ######((/                  
                               %%%%%#%%%%%%%%%#####                         
                               
                              by Curated Intelligence      

Ukraine-Cyber-Operations

Curated Intelligence is working with analysts from around the world to provide useful information to organisations in Ukraine looking for additional free threat intelligence. Slava Ukraini. Glory to Ukraine. (Blog | Twitter | LinkedIn)

Analyst Comments:

• 2022-02-25
  • Creation of the initial repository to help organisations in Ukraine

Threat Reports

Source	Threat(s)	URL
Symantec	Gamaredon/Shuckworm/PrimitiveBear	symantec-enterprise-blogs.security.com
PAN Unit42	Gamaredon/Shuckworm/PrimitiveBear (FSB)	unit42.paloaltonetworks.com
CERT-UA	UAC-0056 using SaintBot and OutSteel malware	cert.gov.ua
NSFOCUS	Lorec53	nsfocusglobal.com
UK NCSC	Sanworm/VoodooBear (GRU)	ncsc.gov.uk
ESET	HermeticWiper	welivesecurity.com
Symantec	HermeticWiper	symantec-enterprise-blogs.security.com
SentinelLabs	HermeticWiper	sentinelone.com
Cisco Talos	HermeticWiper	blog.talosintelligence.com
Zscaler	HermeticWiper	zscaler.com
360 NetLab	DDoS (Mirai, Gafgyt, IRCbot, Ripprbot, Moobot)	blog.netlab.360.com
Conti [themselves]	Conti ransomware, BazarLoader	Conti News .onion [not linked]
CoomingProject [themselves]	Data Hostage Group	CoomingProject Telegram [not linked]
CERT-UA	UNC1151/Ghostwriter (Belarus MoD)	CERT-UA Facebook
Sekoia	UNC1151/Ghostwriter (Belarus MoD)	twitter.com/sekoia_io
@jaimeblascob	UNC1151/Ghostwriter (Belarus MoD)	twitter.com/jaimeblasco
MalwareHunterTeam	Unknown phishing	twitter.com/malwrhunterteam
ESET	Unkown scammers	twitter.com/ESETresearch
SSSCIP Ukraine	Unkown phishing	twitter.com/dsszzi
CronUp	Data broker "FreeCvilian" offering multiple .gov.ua	twitter.com/1ZRR4H
RaidForums	Data broker "Mont4na" offering PrivatBank	RaidForums [not linked]
RaidForums	Data broker "NetSec" offering FSB (likely SMTP accounts)	RaidForums [not linked]
Telegraph	Unknown cyberattack on NVIDIA	telegraph.co.uk
Zscaler	PartyTicket	zscaler.com

Vendor Support

Vendor	Offering	URL
Dragos	Access to Dragos service if from US/UK/ANZ and in need of ICS cybersecurity support	twitter.com/RobertMLee
GreyNoise	Any and all Ukrainian emails registered to GreyNoise have been upgraded to VIP which includes full, uncapped enterprise access to all GreyNoise products	twitter.com/Andrew___Morris
Recorded Future	Providing free intelligence-driven insights, perspectives, and mitigation strategies as the situation in Ukraine evolves	recordedfuture.com
Flashpoint	Free Access to Flashpoint’s Latest Threat Intel on Ukraine	go.flashpoint-intel.com
ThreatABLE	A Ukraine tag for free threat intelligence feed that's more highly curated to cyber	twitter.com/threatable
Orange	IOCs related to Russia-Ukraine 2022 conflict extracted from our Datalake Threat Intelligence platform.	github.com/Orange-Cyberdefense
FSecure	F-Secure FREEDOME VPN is now available for free in all of Ukraine	twitter.com/FSecure