otx.alienvault.com Open in urlscan Pro
99.86.4.57  Public Scan

Form analysis
0 forms found in the DOM

Text Content

×

   
 * Browse
 * Scan Endpoints
 * Create Pulse
 * Submit Sample
 * API Integration
   
   
 * Login | Sign Up
   

All
   
 * Login | Sign Up
   
 * 
   


Share
Actions
Subscribers (185452)
Suggest Edit
Clone
Embed
Download
Report Spam



UAC-0056 CYBERATTACK USING GRAPHSTEEL AND GRIMPLANT MALWARE AND COVID-19

   
 * Created 2 hours ago by AlienVault
 * Public
 * TLP: White

The Governmental Computer Emergency Response Team of Ukraine CERT-UA received an
email from the coordinating entity with an attachment in the form of an
XLS-document "Aid request COVID-19-04_5_22.xls", which contains a macro. If the
macro is activated, the latter will decode the payload located in the hidden
sheet of the document, as well as create a disk and run the Go bootloader. In
the future, malware GraphSteel (compilation date: 2022-04-21) and GrimPlant will
be downloaded and executed on the computer.

Reference:
https://cert.gov.ua/article/39882
Tags:
graphsteel, grimplant
Adversary:
UAC-0056
Targeted Country:
Ukraine
Att&ck IDs:
T1566.001 - Spearphishing Attachment , T1137.001 - Office Template Macros

Endpoint Security
Scan your endpoints for IOCs from this Pulse!
Learn more
 * Indicators of Compromise (16)
 * Related Pulses (8)
 * Comments (0)
 * History (0)


COMMENTS

You must be logged in to leave a comment.

Refresh Comments

 * © Copyright 2022 AlienVault, Inc.
   
 * Legal
   
 * Status