An Inside Look at the Infrastructure Behind the Russian APT Gamaredon Group
Tags
country: Russia
attack-pattern: Data Model Domain Generation Algorithms - T1637.001 Domain Generation Algorithms - T1568.002 Domain Generation Algorithms - T1520 Domain Generation Algorithms - T1483 Domains - T1583.001 Domains - T1584.001 Dynamic Dns - T1311 Dynamic Dns - T1333 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001
Show in Graph
Common Information
Type Value
UUID c05e832a-5d2c-4294-9627-0a89356501d3
Fingerprint b419b5d324108701
Analysis status DONE
Considered CTI value 0
Text language
Published Feb. 7, 2019, 7:29 p.m.
Added to db Sept. 26, 2022, 9:31 a.m.
Last updated Sept. 1, 2024, 6:33 a.m.
Headline An Inside Look at the Infrastructure Behind the Russian APT Gamaredon Group
Title An Inside Look at the Infrastructure Behind the Russian APT Gamaredon Group
Detected Hints/Tags/Attributes 24/2/12
Source URLs
Redirection Url
Details Source https://blog.threatstop.com/russian-apt-gamaredon-group
URL Provider
Details Provider Source level domain
Details threatstop.com blog.threatstop.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
torrent-stel.space
Details Domain 1 
splin-body.site
Details Domain 1 
splin-body1.site
Details Domain 1 
splin-upd.site
Details Domain 1 
torrent-updates.ddns.net
Details Domain 1 
splin-upd1.site
Details Domain 1 
torrent-supd.space
Details Domain 1 
www.torrent-supd.space
Details File 1 
spr_update.php
Details sha256 1 
cbd0b2cb5c35a0c88494f10304213d494f3c220b6d5efb6c7cb8fb66f3267632
Details IPv4 1 
185.248.100.121
Details IPv4 1 
195.88.208.196