Today > | 13 High | 29 Medium | 8 Low vulnerabilities   -   You can now download lists of IOCs here!

Disrupting FlyingYeti's campaign targeting Ukraine

May 31, 2024, 12:33 p.m.

Description

This report details Cloudforce One's real-time effort to detect, deny, degrade, disrupt, and delay a phishing campaign by the Russia-aligned threat actor FlyingYeti targeting Ukraine. The campaign aimed to capitalize on anxiety over potential loss of housing and utilities by enticing targets to open malicious files containing the COOKBOX malware. Cloudforce One's mitigations prolonged the operational timeline from days to weeks, hindering the actor's objectives.

Date

Published: May 31, 2024, 12:19 p.m.

Created: May 31, 2024, 12:19 p.m.

Modified: May 31, 2024, 12:33 p.m.

Indicators

e0d65e2d36afd3db1b603f10e0488cee3f58ade24d8abc6bee240314d8696708

a0a294f85c8a19be048ffcc05ede6fd5a7ac5e2f0032a3ca0050dc1ae960c314

915721b94e3dffa6cef3664532b586be6cf989fec923b26c62fdaf201ee81d2c

79a9740f5e5ea4aa2157d9d96df34ee49a32e2d386fe55fedfd1aa33e151c06d

19e25456c2996ded3e29577b609de54a2bef90dad8f868cdad795c18df05a79b

0cca8f795c7a81d33d36d5204fcd9bc73bdc2af7de315c1449cbc3551ef4fb59

https://www.komunalka.ua

postdock.serveftp.com

Attack Patterns

COOKBOX

FlyingYeti

T1588.003

T1568.003

T1588.001

T1218.010

T1053.005

T1204.001

T1059.001

T1027.005

T1083

T1566

CVE-2023-38831

Additional Informations

Government

Ukraine