Disrupting FlyingYeti's campaign targeting Ukraine
Tags
country: Russia Ukraine
maec-delivery-vectors: Watering Hole
attack-pattern: Data Dns - T1071.004 Dns - T1590.002 Dynamic Dns - T1311 Dynamic Dns - T1333 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Mshta - T1218.005 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Tool - T1588.002 Mshta - T1170 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 8053e87a-34b1-45b0-bf20-9b3d3c805560
Fingerprint 948487190336c7c8
Analysis status DONE
Considered CTI value 2
Text language
Published May 30, 2024, 1 p.m.
Added to db Oct. 1, 2024, 12:59 p.m.
Last updated Nov. 17, 2024, 7:44 p.m.
Headline Home
Title Disrupting FlyingYeti's campaign targeting Ukraine
Detected Hints/Tags/Attributes 84/3/50
Source URLs
Redirection Url
Details Source https://www.cloudflare.com/threat-intelligence/research/report/disrupting-flyingyetis-campaign-targeting-ukrainev/
URL Provider
Details Provider Source level domain
Details cloudflare.com www.cloudflare.com
Attributes
Details Type #Events CTI Value
Details CERT Ukraine 2 
UAC-0149
Details CVE 133 
cve-2023-38831
Details Domain 1 
komunalka.github.io
Details Domain 1 
www.komunalka.ua
Details Domain 1 
worker-polished-union-f396.vqu89698.workers.dev
Details Domain 291 
raw.githubusercontent.com
Details Domain 1 
postdock.serveftp.com
Details Domain 1 
komunalka.ua
Details Domain 5 
pixeldrain.com
Details Domain 1 
1014.filemail.com
Details Domain 21 
github.io
Details Domain 32 
file.name
Details Domain 228 
system.io
Details Domain 4127 
github.com
Details Domain 8 
canarytokens.com
Details File 1 
рахунок.docx
Details File 1 
invoice.docx
Details File 1 
жкп.rar
Details File 1 
services.rar
Details File 1 
оплату.pdf
Details File 2 
debt.rar
Details File 4 
payment.pdf
Details File 1 
послуги.docx
Details File 2 
services.docx
Details File 1 
користувача.docx
Details File 2 
agreement.docx
Details File 2125 
cmd.exe
Details File 47 
winrar.exe
Details File 226 
certutil.exe
Details File 456 
mshta.exe
Details File 63 
bitsadmin.exe
Details File 1 
flyingyeti.rar
Details File 1 
24.docx
Details File 1 
payments.js
Details File 816 
index.html
Details md5 1 
19e25456c2996ded3e29577b609de54a
Details md5 1 
2bef90dad8f868cdad795c18df05a79b
Details md5 1 
a3d82455433c8ad11715865826cf18f6
Details Url 1 
https://komunalka.github.io
Details Url 1 
https://www.komunalka.ua
Details Url 7 
https://raw.githubusercontent.com
Details Url 1 
https://pixeldrain.com/api/file/zajxwffx?download=one
Details Url 1 
https://1014.filemail.com/api/file/get?filekey=
Details Url 1 
https://github.com/komunalka/komunalka.github.io
Details Url 1 
https://worker-polished-union-f396.vqu89698.workers.dev
Details Url 1 
https://raw.githubusercontent.com/kudoc8989/project/main/заборгованість
Details Url 1 
https://1014.filemail.com/api/file/get?filekey=e_8s1henm5rzhy_jpn6nlgf4uap533vrxzgxjxh1gzbvqzvmp
Details Url 1 
https://pixeldrain.com/api/file/zajxwffx?download=
Details Url 1 
http://canarytokens.com/stuff/tags/ni1cknk2yq3xfcw2al3efs37m/payments.js
Details Url 1 
http://canarytokens.com/stuff/terms/images/k22r2dnjrvjsm