ioc[.]one - OSINT Cyber Threat Intelligence Database

Rewterz Threat Alert – Russia-linked Gamaredon APT Threat Actors Target Ukraine With Default Word Template Hijacker – Active IOCs - Rewterz

Tags

country:	Russia Ukraine
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Remote Desktop Protocol - T1021.001 Template Injection - T1221 Tool - T1588.002 Vulnerabilities - T1588.006 Powershell - T1086 Remote Desktop Protocol - T1076

Show in Graph

Common Information

Type	Value
UUID	dd7135b7-4815-44a9-aa2c-e4bb4a2e5a7b
Fingerprint	55520e51a96cf48
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 17, 2022, 12:11 p.m.
Added to db	Dec. 19, 2024, 10:49 a.m.
Last updated	Dec. 19, 2024, 10:50 a.m.
Headline	Rewterz Threat Alert – Russia-linked Gamaredon APT Threat Actors Target Ukraine With Default Word Template Hijacker – Active IOCs
Title	Rewterz Threat Alert – Russia-linked Gamaredon APT Threat Actors Target Ukraine With Default Word Template Hijacker – Active IOCs - Rewterz
Detected Hints/Tags/Attributes	47/3/25

Source URLs

	Redirection	Url
Details	Source	https://www.rewterz.com/rewterz-news/rewterz-threat-alert-russia-linked-gamaredon-apt-threat-actors-target-ukraine-with-default-word-template-hijacker-active-iocs

URL Provider

Details	Provider	Source level domain
Details	rewterz.com	www.rewterz.com

Attributes

Details	Type	#Events	Value
Details	Domain	7	xsph.ru
Details	Domain	5	system.it
Details	Domain	8	a0698649.xsph.ru
Details	File	6	gammaload.ps1
Details	md5	1	5b27e1b4fc98cbcd497dba9e33d6ed0a
Details	md5	1	d640767781188fa608b5fec293c2bc5b
Details	sha1	1	8244f815a9858a92d09ffd5c8e874d35c7f80001
Details	sha1	1	ce201e552998f24730bd105ddbebd41efcb3d08e
Details	sha256	2	abb6aab63b29610dbc0a6d634b6777ff0a2a2b61c5f60bd09b0c3aa3919fa00d
Details	sha256	2	30761d0a9b08c69cfdd135c69a537aef0df516b097cd9d6a0d9528bc907f4ddd
Details	IPv4	2	45.63.94.49
Details	IPv4	2	165.22.215.30
Details	IPv4	2	149.28.99.187
Details	IPv4	2	45.63.79.134
Details	IPv4	2	140.82.58.157
Details	IPv4	2	139.180.172.67
Details	IPv4	1	141.164.45.236
Details	IPv4	2	95.179.167.182
Details	IPv4	2	159.223.235.224
Details	IPv4	2	157.245.99.132
Details	IPv4	2	194.180.174.73
Details	Url	2	http://159.223.235.224/crab/crevice.elg
Details	Url	2	http://a0698649.xsph.ru/preparations/band.xml
Details	Url	2	http://157.245.99.132/get.php
Details	Url	2	http://194.180.174.73/1.txt