Gamaredon hackers start stealing data 30 minutes after a breach
Tags
country: Russia Ukraine
attack-pattern: Data Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Mshta - T1218.005 Powershell - T1059.001 Mshta - T1170 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID d3d2788a-efb4-40d8-8622-4b2d8c88ef7e
Fingerprint c4000e5b9c6787e3
Analysis status DONE
Considered CTI value 1
Text language
Published July 15, 2023, midnight
Added to db July 15, 2023, 6:29 p.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline Gamaredon hackers start stealing data 30 minutes after a breach
Title Gamaredon hackers start stealing data 30 minutes after a breach
Detected Hints/Tags/Attributes 34/2/5
Source URLs
Redirection Url
Details Source https://www.bleepingcomputer.com/news/security/gamaredon-hackers-start-stealing-data-30-minutes-after-a-breach/
URL Provider
Details Provider Source level domain
Details bleepingcomputer.com www.bleepingcomputer.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 163 https://media.cert.europa.eu/rss?type=category&id=Malware&language=en&duplicates=false 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CERT Ukraine 40 
UAC-0010
Details File 456 
mshta.exe
Details File 376 
wscript.exe
Details File 155 
cscript.exe
Details File 1208 
powershell.exe