ioc[.]one - OSINT Cyber Threat Intelligence Database

Shuckworm: Inside Russia’s Relentless Cyber Campaign Against Ukraine

Tags

country:	Russia Ukraine
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Dns - T1071.004 Dns - T1590.002 Html Smuggling - T1027.006 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Visual Basic - T1059.005 Tool - T1588.002 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	be56abce-e005-4f5d-9e42-5ad01e191a91
Fingerprint	7623ad9185318fe1
Analysis status	DONE
Considered CTI value	2
Text language
Published	June 15, 2023, midnight
Added to db	Aug. 15, 2023, 2:14 a.m.
Last updated	Nov. 17, 2024, 10:40 p.m.
Headline	Shuckworm: Inside Russia’s Relentless Cyber Campaign Against Ukraine
Title	Shuckworm: Inside Russia’s Relentless Cyber Campaign Against Ukraine
Detected Hints/Tags/Attributes	70/3/232

Source URLs

	Redirection	Url
Details	Source	https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-russia-ukraine-military
Details	Source	https://symantec-enterprise-blogs.security.com/threat-intelligence/shuckworm-russia-ukraine-military

URL Provider

Details	Provider	Source level domain
Details	security.com	symantec-enterprise-blogs.security.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	233	✔	Broadcom Software Blogs	https://sed-cms.broadcom.com/rss/v1/blogs/rss.xml/221	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	1	deprive.wow
Details	Domain	5	foto.safe
Details	Domain	372	wscript.shell
Details	Domain	13	shortcut.save
Details	Domain	339	system.net
Details	Domain	1	coridas.ru
Details	Domain	1	drive.name
Details	Domain	228	system.io
Details	File	2	shtasks.exe
Details	File	376	wscript.exe
Details	File	1	porn_video.rtf
Details	File	2	do_not_delete.rtf
Details	File	2	evidence.rtf
Details	File	2126	cmd.exe
Details	File	5	foto.safe
Details	File	7	shortcut.ico
Details	File	12	c:\windows\system32\shell32.dll
Details	File	13	shortcut.tar
Details	File	1208	powershell.exe
Details	File	1205	index.php
Details	File	1	sleep.php
Details	File	1	account.rtf
Details	File	2	account_card.rtf
Details	File	1	application.rtf
Details	File	2	bank_accоunt.rtf
Details	File	1	blank_cap.rtf
Details	File	1	trip.rtf
Details	File	2	compromising_evidence.rtf
Details	File	1	conduct.rtf
Details	File	1	cuprovod.rtf
Details	File	1	dsk.rtf
Details	File	1	encouragement.rtf
Details	File	1	form_new.rtf
Details	File	3	instructions.rtf
Details	File	1	journey.mdb
Details	File	1	to.rtf
Details	File	2	login_password.docx
Details	File	1	login_password.rtf
Details	File	1	mobilization.rtf
Details	File	1	my_documents.rtf
Details	File	2	my_photos.rtf
Details	File	1	not_delete.rtf
Details	File	1	on_account.rtf
Details	File	2	order.rtf
Details	File	1	petition.rtf
Details	File	1	pornography.rtf
Details	File	2	pornophoto.rtf
Details	File	1	proceedings.rtf
Details	File	1	project_sheet.rtf
Details	File	7	report.docx
Details	File	4	report.rtf
Details	File	1	report_note.rtf
Details	File	1	request.rtf
Details	File	1	resolution.rtf
Details	File	3	secret.rtf
Details	File	1	secretly.rtf
Details	File	1	service.docx
Details	File	1	service.rtf
Details	File	1	sources.rtf
Details	File	1	support.rtf
Details	File	2	weapons_list.rtf
Details	sha256	1	f7a6ae1b3a866b7e031f60d5d22d218f99edfe754ef262f449ed3271d6306192
Details	sha256	1	31e60a361509b60e7157756d6899058213140c3b116a7e91207248e5f41a096b
Details	sha256	1	c62dd5b6036619ced5de3a340c1bb2c9d9564bc5c48e25496466a36ecd00db30
Details	sha256	1	c6f6838afcb177ea9dda624100ce95549cee93d9a7c8a6d131ae2359cabd82c8
Details	sha256	1	3393fbdb0057399a7e04e61236c987176c1498c12cd869dc0676ada859617137
Details	sha256	1	3458cec74391baf583fbc5db3b62f1ce106e6cffeebd0978ec3d51cebf3d6601
Details	sha256	1	acc2b78ce1c0fc806663e3258135cdb4fed60682454ab0646897e3f240690bb8
Details	sha256	1	28358a4a6acdcdfc6d41ea642220ef98c63b9c3ef2268449bb02d2e2e71e7c01
Details	sha256	1	2aee8bb2a953124803bc42e5c42935c92f87030b65448624f51183bf00dd1581
Details	sha256	1	dbd03444964e9fcbd582eb4881a3ff65d9513ccc08bd32ff9a61c89ad9cc9d87
Details	sha256	1	a615c41bcf81dd14b8240a7cafb3c7815b48bb63842f7356731ade5c81054df5
Details	sha256	1	91d42a959c5e4523714cc589b426fa83aaeb9228364218046f36ff10c4834b86
Details	sha256	1	7d6264ce74e298c6d58803f9ebdb4a40b4ce909d02fd62f54a1f8d682d73519a
Details	IPv4	1	45.76.141.166
Details	IPv4	1	159.223.112.245
Details	IPv4	1	140.82.56.186
Details	IPv4	1	159.203.164.194
Details	IPv4	1	45.32.94.58
Details	IPv4	1	45.95.232.33
Details	IPv4	1	139.59.109.100
Details	IPv4	1	164.92.245.246
Details	IPv4	1	45.32.101.6
Details	IPv4	1	140.82.18.48
Details	IPv4	1	216.128.140.45
Details	IPv4	1	146.190.127.238
Details	IPv4	1	207.148.74.68
Details	IPv4	2	195.133.88.19
Details	IPv4	1	146.190.60.230
Details	IPv4	1	84.32.190.137
Details	IPv4	1	206.189.154.168
Details	IPv4	1	188.166.4.128
Details	IPv4	1	104.248.54.250
Details	IPv4	1	165.227.76.84
Details	IPv4	1	66.42.104.158
Details	IPv4	1	161.35.95.47
Details	IPv4	1	149.28.125.56
Details	IPv4	1	143.198.50.118
Details	IPv4	1	66.42.126.121
Details	IPv4	1	64.227.72.210
Details	IPv4	1	81.19.140.147
Details	IPv4	1	165.232.77.197
Details	IPv4	1	146.190.117.209
Details	IPv4	1	134.122.51.47
Details	IPv4	1	143.198.152.232
Details	IPv4	2	140.82.47.181
Details	IPv4	1	159.223.102.109
Details	IPv4	1	170.64.188.146
Details	IPv4	1	155.138.194.244
Details	IPv4	1	45.32.88.90
Details	IPv4	1	89.185.84.32
Details	IPv4	1	64.226.84.229
Details	IPv4	1	206.189.14.94
Details	IPv4	1	24.199.84.132
Details	IPv4	1	45.32.41.115
Details	IPv4	1	84.32.188.69
Details	IPv4	1	206.189.128.172
Details	IPv4	1	170.64.168.228
Details	IPv4	1	161.35.238.148
Details	IPv4	1	170.64.138.138
Details	IPv4	1	178.128.86.43
Details	IPv4	1	206.81.28.5
Details	IPv4	1	178.128.231.180
Details	IPv4	1	45.77.115.67
Details	IPv4	1	136.244.65.253
Details	IPv4	1	143.244.190.199
Details	IPv4	1	159.65.176.121
Details	IPv4	1	192.248.154.154
Details	IPv4	1	209.97.175.128
Details	IPv4	1	147.182.240.58
Details	IPv4	1	146.190.212.239
Details	IPv4	1	143.198.135.132
Details	IPv4	1	45.76.202.102
Details	IPv4	1	142.93.108.1
Details	IPv4	1	46.101.127.147
Details	IPv4	1	134.209.0.136
Details	IPv4	1	138.68.110.19
Details	IPv4	1	167.99.215.50
Details	IPv4	1	161.35.232.118
Details	IPv4	1	88.216.210.3
Details	IPv4	1	165.227.121.87
Details	IPv4	1	165.227.48.59
Details	IPv4	1	108.61.211.250
Details	IPv4	1	89.185.84.48
Details	IPv4	1	167.172.69.123
Details	IPv4	1	89.185.84.50
Details	IPv4	1	206.189.0.134
Details	IPv4	1	68.183.200.0
Details	IPv4	1	178.128.16.170
Details	IPv4	1	95.179.144.161
Details	IPv4	1	164.92.222.8
Details	IPv4	1	45.95.233.80
Details	IPv4	1	78.141.239.24
Details	IPv4	1	149.28.181.232
Details	IPv4	1	24.199.107.218
Details	IPv4	1	45.32.184.140
Details	IPv4	1	167.172.20.159
Details	IPv4	1	84.32.190.31
Details	IPv4	1	164.92.185.60
Details	IPv4	1	84.32.131.38
Details	IPv4	1	137.184.178.46
Details	IPv4	1	206.189.149.103
Details	IPv4	1	157.245.176.123
Details	IPv4	1	45.95.232.92
Details	IPv4	1	45.95.232.29
Details	IPv4	1	170.64.150.90
Details	IPv4	1	89.185.84.45
Details	IPv4	1	140.82.16.120
Details	IPv4	1	84.32.185.136
Details	IPv4	1	134.122.43.175
Details	IPv4	1	195.133.88.55
Details	IPv4	1	84.32.191.147
Details	IPv4	1	78.141.238.136
Details	IPv4	1	45.82.13.84
Details	IPv4	1	159.65.248.0
Details	IPv4	1	84.32.34.69
Details	IPv4	1	170.64.146.194
Details	IPv4	1	45.82.13.22
Details	IPv4	1	45.82.13.23
Details	IPv4	1	134.209.33.42
Details	IPv4	1	199.247.8.115
Details	IPv4	1	84.32.128.239
Details	IPv4	1	173.199.70.238
Details	IPv4	1	138.68.174.177
Details	IPv4	1	178.128.213.177
Details	IPv4	1	143.110.180.68
Details	IPv4	1	167.172.144.127
Details	IPv4	1	165.232.165.42
Details	IPv4	1	45.95.232.51
Details	IPv4	1	149.28.98.149
Details	IPv4	1	104.156.230.193
Details	IPv4	1	104.248.86.158
Details	IPv4	1	134.209.182.221
Details	IPv4	1	139.59.60.191
Details	IPv4	1	140.82.11.60
Details	IPv4	1	140.82.50.37
Details	IPv4	1	143.198.53.203
Details	IPv4	1	147.182.250.33
Details	IPv4	1	149.28.130.189
Details	IPv4	1	157.245.69.118
Details	IPv4	1	158.247.204.242
Details	IPv4	1	159.223.23.23
Details	IPv4	1	164.92.72.212
Details	IPv4	1	165.22.72.74
Details	IPv4	1	165.232.120.169
Details	IPv4	1	167.172.58.96
Details	IPv4	1	167.71.67.58
Details	IPv4	1	170.64.136.186
Details	IPv4	1	170.64.140.214
Details	IPv4	1	170.64.156.98
Details	IPv4	1	178.128.228.252
Details	IPv4	1	188.166.176.39
Details	IPv4	1	188.166.7.140
Details	IPv4	1	193.149.176.26
Details	IPv4	1	202.182.116.135
Details	IPv4	1	202.182.98.100
Details	IPv4	1	206.189.80.216
Details	IPv4	1	207.148.72.173
Details	IPv4	1	31.129.22.46
Details	IPv4	1	31.129.22.48
Details	IPv4	1	31.129.22.50
Details	IPv4	1	45.32.117.62
Details	IPv4	1	45.32.158.96
Details	IPv4	1	45.32.62.100
Details	IPv4	1	45.95.232.74
Details	IPv4	1	5.199.161.29
Details	IPv4	1	64.227.64.163
Details	IPv4	1	78.153.139.7
Details	IPv4	1	84.32.131.47
Details	IPv4	1	84.32.188.13
Details	IPv4	1	95.179.245.185
Details	IPv4	1	216.128.178.248