otx.alienvault.com
Open in
urlscan Pro
99.86.7.26
Public Scan
URL:
https://otx.alienvault.com/pulse/62447349bb47469dc05fc26b?utm_userid=swimlanecyou&utm_medium=inproduct&utm_source=otx&utm_c...
Submission: On March 30 via api from US — Scanned from DE
Submission: On March 30 via api from US — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
× * Browse * Scan Endpoints * Create Pulse * Submit Sample * API Integration * Login | Sign Up All * Login | Sign Up * Share Actions Subscribers (181188) Suggest Edit Clone Embed Download Report Spam UAC-0056 CYBERATTACK ON UKRAINIAN AUTHORITIES USING GRAPHSTEEL AND GRIMPLANT MALWARE * Created 49 minutes ago by AlienVault * Public * TLP: White The Governmental Computer Emergency Response Team of Ukraine CERT-UA received information on the distribution of e-mails on the topic "Wage arrears" among government agencies of Ukraine. Attached to the letter is the document "Wage arrears.xls", which contains legitimate statistics and macros. At the same time, hex-coded data has been added to the mentioned document as an attachment. The macro, after activation, will decode the data, create the EXE-file "Base-Update.exe" on the computer and execute it. Reference: https://cert.gov.ua/article/38374 Tags: ukraine, geopolitical conflict, GraphSteel, GrimPlant Adversary: UAC-0056 Targeted Country: Ukraine Malware Families: GrimPlant , GraphSteel Att&ck IDs: T1036 - Masquerading , T1001 - Data Obfuscation , T1137.001 - Office Template Macros , T1407 - Download New Code at Runtime , T1193 - Spearphishing Attachment Endpoint Security Scan your endpoints for IOCs from this Pulse! Learn more * Indicators of Compromise (15) * Related Pulses (1) * Comments (0) * History (0) IPv4 (1)FileHash-SHA256 (5)URL (4)FileHash-MD5 (5) TYPES OF INDICATORS United States (1) THREAT INFRASTRUCTURE Show 10 25 50 100 entries Search: type indicator Role title Added Active related Pulses FileHash-SHA256c1afb561cd5363ac5826ce7a72f0055b400b86bd7524da43474c94bc480d7effMar 30, 2022, 3:12:10 PM1 FileHash-SHA2569e9fa8b3b0a59762b429853a36674608df1fa7d7f7140c8fccd7c1946070995aMar 30, 2022, 3:12:10 PM1 FileHash-SHA2568ffe7f2eeb0cbfbe158b77bbff3e0055d2ef7138f481b4fac8ade6bfb9b2b0a1Mar 30, 2022, 3:12:10 PM1 FileHash-SHA25699a2b79a4231806d4979aa017ff7e8b804d32bfe9dcc0958d403dfe06bdd0532Mar 30, 2022, 3:12:10 PM1 FileHash-SHA256c83d8b36402639ea3f1ad5d48edc1a22005923aee1c1826afabe27cb3989baa3Mar 30, 2022, 3:12:10 PM1 FileHash-MD5da305627acf63792acb02afaf83d94d1Mar 30, 2022, 3:12:10 PM1 FileHash-MD506124da5b4d6ef31dbfd7a6094fc52a6Mar 30, 2022, 3:12:10 PM1 FileHash-MD536ff9ec87c458d6d76b2afbd5120dfaeMar 30, 2022, 3:12:10 PM1 FileHash-MD54a5de4784a6005aa8a19fb0889f1947aMar 30, 2022, 3:12:10 PM1 FileHash-MD56b413beb61e46241481f556bb5cdb69cMar 30, 2022, 3:12:10 PM1 SHOWING 1 TO 10 OF 15 ENTRIES 1 2 Next COMMENTS You must be logged in to leave a comment. Refresh Comments * © Copyright 2022 AlienVault, Inc. * Legal * Status