Gamaredon hackers start stealing data 30 minutes after a breach - RedPacket Security
Tags
country: Russia Ukraine
attack-pattern: Data Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Mshta - T1218.005 Powershell - T1059.001 Mshta - T1170 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 7416ef8f-fd43-407c-912f-ff3565a1a379
Fingerprint c1010e539c6786e1
Analysis status DONE
Considered CTI value 1
Text language
Published July 16, 2023, 5:01 a.m.
Added to db July 16, 2023, 8:35 a.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline RedPacket Security
Title Gamaredon hackers start stealing data 30 minutes after a breach - RedPacket Security
Detected Hints/Tags/Attributes 36/2/5
Source URLs
Redirection Url
Details Source https://www.redpacketsecurity.com/gamaredon-hackers-start-stealing-data-minutes-after-a-breach/
URL Provider
Details Provider Source level domain
Details redpacketsecurity.com www.redpacketsecurity.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 361 RedPacket Security https://www.redpacketsecurity.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CERT Ukraine 40 
UAC-0010
Details File 456 
mshta.exe
Details File 376 
wscript.exe
Details File 155 
cscript.exe
Details File 1208 
powershell.exe