Giter Club home page Giter Club logo

ukraine-intel's Introduction

Ukraine-Intel

Tracking intelligence related to the conflict in Ukraine. Analysts and consultants in security will see a rise in attacks related to the conflict, either directed at Ukraine and their places of business, or attacks against those that align with Ukraine.

Current Active Threats

Name Type Information IOCs/Report
WhisperGate Malware https://www.zdnet.com/article/cisa-fbi-warn-us-orgs-of-whispergate-and-hermeticwiper-malware/ https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
HermeticWiper Malware https://www.zdnet.com/article/cisa-fbi-warn-us-orgs-of-whispergate-and-hermeticwiper-malware/ https://www.cisa.gov/uscert/ncas/alerts/aa22-057a
Phishing Multiple Phishing Campaigns https://twitter.com/selenalarson/status/1498799190624796673
CyclopsBlink Malware https://www.securitymagazine.com/articles/97145-russian-malware-cyclops-blink-exposed
Conti Gang https://mobile.twitter.com/vxunderground/status/1498060366445613056
CoomingProject Gang https://mobile.twitter.com/darktracer_int/status/1497283943460077570
Gamaredon Gang https://unit42.paloaltonetworks.com/gamaredon-primitive-bear-ukraine-update-2021/
Mirai Botnet https://twitter.com/blackorbird/status/1497141052838330369
Gafgyt Botnet https://threatpost.com/gafgyt-botnet-ddos-mirai/165424/
IRCBot Botnet https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win32/IRCbot
Ripprbot Botnet https://blog.netlab.360.com/some_details_of_the_ddos_attacks_targeting_ukraine_and_russia_in_recent_days/
Moobot Botnet https://www.bleepingcomputer.com/news/security/moobot-botnet-spreading-via-hikvision-camera-vulnerability/
PartyTicket Ransomware https://www.zscaler.com/blogs/security-research/technical-analysis-partyticket-ransomware
Lockbit Ransomware https://www.kaspersky.com/resource-center/threats/lockbit-ransomware
ALPHV Ransomware https://www.varonis.com/blog/alphv-blackcat-ransomware
FoxBlade Malware https://www.zdnet.com/article/microsoft-finds-foxblade-malware-on-ukrainian-systems-removing-rt-from-windows-app-store/
IsaacWiper & HermeticWizard Wiper and Worm https://www.welivesecurity.com/2022/03/01/isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine/
SunSeed Malware https://www.proofpoint.com/us/blog/threat-insight/asylum-ambuscade-state-actor-uses-compromised-private-ukrainian-military-emails?utm_source=social_organic&utm_social_network=twitter&utm_campaign=ThreatInsight&utm_post_id=723c05c8-c092-42ac-b748-8fffd1431b08
Pteredo Backdoor https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/backdoor.win32.pterodo.a calendas[.]ru, rebairaouf[.]ddns[.]net, krashand[.]ru
QuietSieve Malware https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:MSIL/QuietSieve.Gen!dha&threatId=-2147156097
PowerPunch Malware https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDropper:Win32/PowerPunch.A!dha&threatId=-2147173278
DessertDown Malware https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader:VBS/DessertDown.A!dha&threatId=-2147156954
DinoTrain Malware https://www.microsoft.com/security/blog/2022/02/04/actinium-targets-ukrainian-organizations/
DilongTrash Malware https://www.microsoft.com/security/blog/2022/02/04/actinium-targets-ukrainian-organizations/
ObfuBerry/Merry Malware https://www.microsoft.com/security/blog/2022/02/04/actinium-targets-ukrainian-organizations/
Zatoichi Disinformation
Stormous Ransomware
Sandworm
Cyberghost
The Red Bandits
Free Civilian

OSINT Trackers

Curated Intel is working with analysts to track and keep OSINT on the threats related to the Ukraine conflict. AMAZING information can be found in there repo: https://github.com/curated-intel/Ukraine-Cyber-Operations

Indicators of Compromise

Equinix Threat Analysis Center has uploaded IOCs seen in attacks to Curated Intel's repo:

https://github.com/curated-intel/Ukraine-Cyber-Operations/blob/main/ETAC_Vetted_UkraineRussiaWar_IOCs.csv

IBM X-Force Collections of Intelligence:

https://exchange.xforce.ibmcloud.com/collection/UkraineRussia-Conflict-56ed5d53e7aeca5d1624be2d181f7d0a https://exchange.xforce.ibmcloud.com/malware-analysis/guid:592fda25771f2a9c0dc94d4043257ec2 https://exchange.xforce.ibmcloud.com/threat-group/guid:28d5c141467b2a2f92d18aca0ad76024 https://exchange.xforce.ibmcloud.com/threat-group/guid:1383523fa178da67e63f82264c2ad37f https://exchange.xforce.ibmcloud.com/threat-group/guid:85be023f589688341de37d71be99d798 https://exchange.xforce.ibmcloud.com/threat-group/guid:3cc42121df36b9703df51cc789321862 https://exchange.xforce.ibmcloud.com/threat-group/guid:8c0ed7139978add8d1c83105f4fa27a8 https://exchange.xforce.ibmcloud.com/threat-group/guid:22a30b968ce67213af1723a0652fe6b7 https://exchange.xforce.ibmcloud.com/threat-group/guid:93f4db107b3c311b703ab0096928c5bc https://exchange.xforce.ibmcloud.com/threats/guid:098be7a539cfebbacac9696434417d97 https://exchange.xforce.ibmcloud.com/threats/guid:7916c17dae2b8f3da718399638e5734a https://exchange.xforce.ibmcloud.com/threats/guid:2771d8a337ce162ce2ad018ff178ecd4 https://exchange.xforce.ibmcloud.com/threats/guid:d4dbb8b84cc42d34147ca77a14721192 https://exchange.xforce.ibmcloud.com/threats/guid:f5c68bfeb7578ab174b63e4ccdfe72a5 https://exchange.xforce.ibmcloud.com/threats/guid:fd3be8474b07bae9fa0a9cf4a74dd4cc https://exchange.xforce.ibmcloud.com/threats/guid:a763c1c0b28ddbc1090fac19fdb48863 https://exchange.xforce.ibmcloud.com/threats/guid:cdd7d03de44042d008e66d807197c1a1

Actinium IOCs:

https://community.riskiq.com/article/b62bac8b/indicators

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.