Attempted cyberattacks on military systems using mobile malware
Sept. 10, 2024, 8:24 a.m.
Description
The report details attempts by threat actors to compromise smartphones and tablets belonging to military personnel by distributing malicious APK files disguised as legitimate software for military systems like GRISELDA and "Eyes". The malware, named HYDRA and a modified version of "Eyes", was designed to steal authentication data, GPS coordinates, and other sensitive information. The report emphasizes the importance of mobile device security and provides indicators of compromise, including file hashes, email addresses, IP addresses, and domain names associated with the attacks. It also highlights the collaboration between various Ukrainian cybersecurity teams in detecting and analyzing these incidents.
Tags
Date
- Created: Sept. 10, 2024, 8:11 a.m.
- Published: Sept. 10, 2024, 8:11 a.m.
- Modified: Sept. 10, 2024, 8:24 a.m.
Indicators
- c8c5d2e0d2a29417c4a89c55c4a0e452b948b1429418eda84be725774504a35c
- 852fb97e23fe551c4a962ea752b19c5479e91d9c637f31589bdd79f91c8216bf
- 61e5651c5bba683bcf93e27a040d6c5fd64399dab6d59d834518a6aadde18954
- 28f07bdcafaebb2c37d206649022ccbe2938b0381d7febfe0b8154292dd04f39
- 79.137.80.206
- 31.134.121.63
- 185.27.134.57
- 152.89.198.76
- 185.27.134.204
- http://griselda.co.ua/file/griselda.apk
- http://griselda.co.ua/download
- http://152.89.198.76/
- vasilyi1997@proton.me
- iniqestgoclued@proton.me
- griselda-edu.com.ua
Attack Patterns
- 9002 RAT
- McRat
- HydraQ
- HidraQ
- Homux
- HomeUnix
- MdmBot
- Roarur
- Hydraq - S0203
- Aurora
- T1042
- T1139
- T1201
- T1585
- T1217
- T1525
- T1030
- T1608
- T1064
- T1518
- T1036
- T1195
- T1133
- T1072
- T1059
Additional Informations
- Ukraine