Threat Brief: Ongoing Russia and Ukraine Cyber Conflict
Tags
country: Japan Ukraine
attack-pattern: Data Datasets Models Installutil - T1218.004 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Visual Basic - T1059.005 Installutil - T1118 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 37a00ec1-38e7-490c-97f5-1f1d108efd6a
Fingerprint 85b5287ddb370057
Analysis status DONE
Considered CTI value 0
Text language
Published Jan. 20, 2022, 8:30 p.m.
Added to db Sept. 26, 2022, 9:33 a.m.
Last updated Nov. 17, 2024, 10:40 p.m.
Headline Threat Brief: Ongoing Russia and Ukraine Cyber Conflict
Title Threat Brief: Ongoing Russia and Ukraine Cyber Conflict
Detected Hints/Tags/Attributes 68/2/18
Source URLs
Redirection Url
Details Source https://unit42.paloaltonetworks.com/ukraine-cyber-conflict-cve-2021-32648-whispergate/
Details Source https://unit42.paloaltonetworks.com/ukraine-cyber-conflict-cve-2021-32648-whispergate/#whispergate-malware-family
URL Provider
Details Provider Source level domain
Details paloaltonetworks.com unit42.paloaltonetworks.com
Attributes
Details Type #Events CTI Value
Details CVE 8 
cve-2021-32648
Details Domain 112 
cdn.discordapp.com
Details File 17 
user.php
Details File 16 
stage1.exe
Details File 20 
stage2.exe
Details File 12 
tbopbh.jpg
Details File 83 
installutil.exe
Details File 1208 
powershell.exe
Details File 9 
nmddfrqqrbyjeygggda.vbs
Details File 376 
wscript.exe
Details File 11 
advancedrun.exe
Details File 23 
c:\windows\system32\sc.exe
Details File 2126 
cmd.exe
Details File 76 
ping.exe
Details File 2 
%temp%\installutil.exe
Details IPv4 9 
111.111.111.111
Details Deprecated Microsoft Threat Actor Naming Taxonomy (Groups in development) 51 
DEV-0586
Details Url 5 
https://cdn.discordapp.com/attachments/928503440139771947/930108637681184768/tbopbh.jpg