otx.alienvault.com
Open in
urlscan Pro
99.86.4.57
Public Scan
URL:
https://otx.alienvault.com/pulse/6271515a185bd4d50784f4f5/edit?utm_userid=swimlanecyou&utm_content=email&utm_campaign=new_p...
Submission: On May 03 via api from US — Scanned from DE
Submission: On May 03 via api from US — Scanned from DE
Form analysis
0 forms found in the DOMText Content
× * Browse * Scan Endpoints * Create Pulse * Submit Sample * API Integration * Login | Sign Up All * Login | Sign Up * Share Actions Subscribers (185452) Suggest Edit Clone Embed Download Report Spam UAC-0056 CYBERATTACK USING GRAPHSTEEL AND GRIMPLANT MALWARE AND COVID-19 * Created 2 hours ago by AlienVault * Public * TLP: White The Governmental Computer Emergency Response Team of Ukraine CERT-UA received an email from the coordinating entity with an attachment in the form of an XLS-document "Aid request COVID-19-04_5_22.xls", which contains a macro. If the macro is activated, the latter will decode the payload located in the hidden sheet of the document, as well as create a disk and run the Go bootloader. In the future, malware GraphSteel (compilation date: 2022-04-21) and GrimPlant will be downloaded and executed on the computer. Reference: https://cert.gov.ua/article/39882 Tags: graphsteel, grimplant Adversary: UAC-0056 Targeted Country: Ukraine Att&ck IDs: T1566.001 - Spearphishing Attachment , T1137.001 - Office Template Macros Endpoint Security Scan your endpoints for IOCs from this Pulse! Learn more * Indicators of Compromise (16) * Related Pulses (8) * Comments (0) * History (0) COMMENTS You must be logged in to leave a comment. Refresh Comments * © Copyright 2022 AlienVault, Inc. * Legal * Status