Description
The report details attempts by threat actors to compromise smartphones and tablets belonging to military personnel by distributing malicious APK files disguised as legitimate software for military systems like GRISELDA and "Eyes". The malware, named HYDRA and a modified version of "Eyes", was designed to steal authentication data, GPS coordinates, and other sensitive information. The report emphasizes the importance of mobile device security and provides indicators of compromise, including file hashes, email addresses, IP addresses, and domain names associated with the attacks. It also highlights the collaboration between various Ukrainian cybersecurity teams in detecting and analyzing these incidents.
Date
| Published | Created | Modified |
|---|---|---|
| Sept. 10, 2024, 8:11 a.m. | Sept. 10, 2024, 8:11 a.m. | Sept. 10, 2024, 8:24 a.m. |
Indicators
c8c5d2e0d2a29417c4a89c55c4a0e452b948b1429418eda84be725774504a35c
852fb97e23fe551c4a962ea752b19c5479e91d9c637f31589bdd79f91c8216bf
61e5651c5bba683bcf93e27a040d6c5fd64399dab6d59d834518a6aadde18954
28f07bdcafaebb2c37d206649022ccbe2938b0381d7febfe0b8154292dd04f39
79.137.80.206
31.134.121.63
185.27.134.57
152.89.198.76
185.27.134.204
http://griselda.co.ua/file/griselda.apk
http://griselda.co.ua/download
http://152.89.198.76/
vasilyi1997@proton.me
iniqestgoclued@proton.me
Attack Patterns
9002 RAT
McRat
HydraQ
HidraQ
Homux
HomeUnix
MdmBot
Roarur
Hydraq - S0203
Aurora
T1042
T1139
T1201
T1585
T1217
T1525
T1030
T1608
T1064
T1518
T1036
T1195
T1133
T1072
T1059
Additional Informations
Ukraine