otx.alienvault.com Open in urlscan Pro
13.225.4.60  Public Scan

Form analysis
0 forms found in the DOM

Text Content

×
Loading...
   
 * Browse
 * Scan Endpoints
 * Create Pulse
 * Submit Sample
 * API Integration
   
   
 * Login | Sign Up
   

All
   
 * Login | Sign Up
   
 * 
   

Share
Actions
Subscribers (277985)
Suggest Edit
Clone
Embed
Download
Report Spam



ARMAGEDDON IS MORE THAN A GRAMMY-NOMINATED ALBUM

   
 * Created 22 hours ago by AlienVault
 * Public
 * TLP: White

This report details a Russia-linked threat actor targeting Ukraine, employing
various obfuscation techniques. The malicious activity involves dropping a
compressed file disguised as a RAR archive, which fetches a remote image likely
for tracking execution. The payload employs mshta.exe to execute remote content
and leverages LNK files with crafted filenames. The techniques suggest an effort
to evade detection and hamper analysis.

Reference:
https://blog.strikeready.com/blog/armageddon-is-more-than-a-grammy-nominated-album/
Tags:
russia, ukraine, geopolitics
Adversary:
UNC530
Targeted Country:
Ukraine
Att&ck IDs:
T1560.001 - Archive via Utility , T1059.007 - JavaScript , T1036.005 - Match
Legitimate Name or Location , T1204.002 - Malicious File , T1219 - Remote Access
Software , T1036.004 - Masquerade Task or Service , T1059.001 - PowerShell ,
T1027 - Obfuscated Files or Information , T1197 - BITS Jobs , T1071.001 - Web
Protocols , T1105 - Ingress Tool Transfer

Endpoint Security
Scan your endpoints for IOCs from this Pulse!
Learn more
 * Indicators of Compromise (102)
 * Related Pulses (1)
 * Comments (0)
 * History (0)

IPv4 (9)URL (33)FileHash-SHA256 (60)

TYPES OF INDICATORS

Moldova (6)United States (1)Romania (2)

THREAT INFRASTRUCTURE

Show
10 25 50 100
entries
Search:

Loading
type

indicator

Role

title

Added

Active

related Pulses


No Entries Found


COMMENTS

You must be logged in to leave a comment.

Refresh Comments

 * © Copyright 2024 LevelBlue, Inc.
   
 * Legal
   
 * Status