Spearphishing Attack Uses COVID-21 Lure to Target Ukrainian Government | FortiGuard Labs
Tags
country: Russia United States Of America
maec-delivery-vectors: Watering Hole
attack-pattern: Data Data From Local System - T1533 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Execution Guardrails - T1480 Execution Guardrails - T1627 Exploits - T1587.004 Exploits - T1588.005 File And Directory Discovery - T1420 File Deletion - T1070.004 File Deletion - T1630.002 Ip Addresses - T1590.005 Malicious File - T1204.002 Malicious Link - T1204.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Spearphishing Link - T1566.002 Spearphishing Link - T1598.003 Windows Command Shell - T1059.003 Web Protocols - T1071.001 Web Protocols - T1437.001 Data From Local System - T1005 Exploitation For Client Execution - T1203 File And Directory Discovery - T1083 File Deletion - T1107 Powershell - T1086 Spearphishing Link - T1192
Show in Graph
Common Information
Type Value
UUID fcef126a-6497-40d8-bb05-78150cac8fec
Fingerprint b5b0add32435a649
Analysis status DONE
Considered CTI value 2
Text language
Published May 3, 2021, midnight
Added to db Sept. 11, 2022, 12:38 p.m.
Last updated Nov. 17, 2024, 10:40 p.m.
Headline Spearphishing Attack Uses COVID-21 Lure to Target Ukrainian Government
Title Spearphishing Attack Uses COVID-21 Lure to Target Ukrainian Government | FortiGuard Labs
Detected Hints/Tags/Attributes 110/3/65
Source URLs
Redirection Url
Details Source https://www.fortinet.com/blog/threat-research/spearphishing-attack-uses-covid-21-lure-to-target-ukrainian-government
URL Provider
Details Provider Source level domain
Details fortinet.com www.fortinet.com
Attributes
Details Type #Events CTI Value
Details Domain 3 
8003659902.space
Details Domain 12 
gov.ua
Details Domain 1 
redirect.co.ua
Details Domain 2 
2215.site
Details Domain 1 
update-av.zip
Details Domain 42 
rambler.ru
Details Domain 1 
1017.site
Details Domain 1 
1202.site
Details Domain 1 
29572459487545-4543543-543534255-454-35432524-5243523-234543.xyz
Details Domain 1 
2115.site
Details Email 2 
fed****kar@rambler.ru
Details Email 1 
kun*******1969@rambler.ru
Details File 2126 
cmd.exe
Details File 2 
%temp%\windowsupdate.exe
Details File 26 
windowsupdate.exe
Details File 3 
newcovid-21.zip
Details File 10 
index.txt
Details File 101 
gate.php
Details CVE 375 
cve-2017-11882
Details Domain 11 
state.gov
Details Domain 1 
cut.ly
Details Domain 1 
2330.site
Details Domain 3 
newcovid-21.zip
Details Domain 2 
name4050.com
Details Domain 317 
bit.ly
Details Domain 4 
name1d.site
Details Domain 81 
blog.malwarebytes.com
Details Domain 5 
smm2021.net
Details Domain 3 
8003659902.site
Details File 3 
covid-21.doc
Details File 1 
update-av.exe
Details md5 1 
44697AAD796C0D82C1ADBEE15FD1266B
Details md5 1 
D377C71F7DF1C515705EB6B0CC745F7D
Details md5 1 
9AE3D8BA1311AF690523AEB2E69BB469
Details md5 1 
E4855693722DE3856421B1B6920BA54D
Details sha256 2 
c33a905e513005cee9071ed10933b8e6a11be2335755660e3f7b2adf554f704a
Details sha256 2 
9803e65afa5b8eef0b6f7ced42ebd15f979889b791b8eadfc98e7f102853451a
Details sha256 2 
89da9a4a5c26b7818e5660b33941b45c8838fa7cfa15685adfe83ff84463799a
Details sha256 2 
0e1e2f87699a24d1d7b0d984c3622971028a0cafaf665c791c70215f76c7c8fe
Details IPv4 1 
95.143.218.55
Details IPv4 1 
31.31.205.163
Details IPv4 1 
195.128.123.215
Details IPv4 1 
185.195.27.112
Details IPv4 2 
176.113.115.133
Details IPv4 3 
31.42.185.63
Details MITRE ATT&CK Techniques 183 
T1566.002
Details MITRE ATT&CK Techniques 460 
T1059.001
Details MITRE ATT&CK Techniques 333 
T1059.003
Details MITRE ATT&CK Techniques 245 
T1203
Details MITRE ATT&CK Techniques 106 
T1204.001
Details MITRE ATT&CK Techniques 48 
T1480
Details MITRE ATT&CK Techniques 297 
T1070.004
Details MITRE ATT&CK Techniques 585 
T1083
Details MITRE ATT&CK Techniques 534 
T1005
Details MITRE ATT&CK Techniques 442 
T1071.001
Details Url 1 
https://cut.ly/lchx2ga
Details Url 1 
http://2330.site/newcovid-21.zip
Details Url 1 
http://2330.site/soft/08042021.exe
Details Url 1 
http://name4050.com:8080/upld
Details Url 1 
http://bit.ly/3rqulnp.
Details Url 1 
http://name1d.site/index.txt
Details Url 1 
http://31.42.185.63:8080/upld/.
Details Url 1 
https://blog.malwarebytes.com/threat-analysis/2021/04/a-deep-dive-into-saint-bot-downloader
Details Url 3 
http://smm2021.net/wp-adm/gate.php
Details Url 1 
http://2215.site/soft2/update-av.zip