Shuckworm Targets Foreign Military Mission Based in Ukraine

April 10, 2025, 8:12 p.m.

Description

Russian-linked cyber-espionage group Shuckworm appears to be targeting a Western military mission based in Ukraine, according to research by Symantec and its partner, the UK-based security firm.

External References

https://www.security.com/threat-intelligence/shuckworm-ukraine-gammasteel
https://otx.alienvault.com/pulse/67f82020a26d2eb2bb6d4f1e
Tags
powershell
infostealer
ukraine
c server
gamaredon
shuckworm
2025-04-10
gammasteel
desktop folder
armageddon

Date

  • Created: April 10, 2025, 7:46 p.m.
  • Published: April 10, 2025, 7:46 p.m.
  • Modified: April 10, 2025, 8:12 p.m.

Indicators

  • 714aeb3d778bbd03d0c9eaa827ae8c91199ef07d916405b7f4acd470f9a2a437
  • 85.92.111.12
  • 64.23.190.235
  • 45.61.166.43
  • 165.232.153.27
  • 159.223.50.199
  • 139.59.136.192
  • 107.189.19.218
  • 107.189.19.137
  • www.phlovel.ru
  • https://surfing-programmer-morris-mortality.trycloudflare.com
  • https://nav-ni-furnished-handy.trycloudflare.com
  • https://des-cinema-democrat-san.trycloudflare.com/server
  • https://areas-apps-civic-loving.trycloudflare.com
  • https://85.92.111.12
  • http://64.23.190.235/getinfo.php.
  • sleep.crudoes.ru
  • terry-training-springer-engagement.trycloudflare.com
  • surfing-programmer-morris-mortality.trycloudflare.com
  • representatives-liable-sight-tigers.trycloudflare.com
  • sick-netherlands-alumni-electric.trycloudflare.com
  • score-adams-coastal-moreover.trycloudflare.com
  • promptly-allows-pendant-close.trycloudflare.com
  • presents-turner-cir-hollow.trycloudflare.com
  • reflection-tomorrow-brook-dakota.trycloudflare.com
  • position.crudoes.ru
  • pdt-throwing-pod-places.trycloudflare.com
  • phpbb-zealand-hop-magnetic.trycloudflare.com
  • pays-habitat-florists-virtually.trycloudflare.com
  • over-function-foo-school.trycloudflare.com
  • obj-sudan-quote-aw.trycloudflare.com
  • nav-ni-furnished-handy.trycloudflare.com
  • missouri-itunes-recognize-adds.trycloudflare.com
  • nail-employed-icon-pre.trycloudflare.com
  • jon-shopzilla-canada-analytical.trycloudflare.com
  • hints-heated-terrain-poem.trycloudflare.com
  • jet-therapy-cape-correctly.trycloudflare.com
  • ff-susan-config-mod.trycloudflare.com
  • fee-ss-launch-remedies.trycloudflare.com
  • farming-alternatively-velvet-warming.trycloudflare.com
  • eddie-lewis-exercises-conventions.trycloudflare.com
  • distributors-marble-saddam-much.trycloudflare.com
  • detector-excluded-knowledgestorm-two.trycloudflare.com
  • des-cinema-democrat-san.trycloudflare.com
  • der-grande-transmitted-benchmark.trycloudflare.com
  • convergence-suffering-reel-ingredients.trycloudflare.com
  • criterion-receipt-proceeds-fate.trycloudflare.com
  • cables-tension-bronze-hans.trycloudflare.com
  • boxes-harvest-cameroon-uniform.trycloudflare.com
  • beverly-cups-soft-concentrate.trycloudflare.com
  • belongs-tells-sum-harvest.trycloudflare.com
  • argentina-references-rapid-selecting.trycloudflare.com
  • areas-apps-civic-loving.trycloudflare.com
  • affects-periodic-explorer-broadband.trycloudflare.com
  • acquisition-gray-advertisements-trained.trycloudflare.com
  • abraham-lc-happened-ericsson.trycloudflare.com
Download all indicators here!

Attack Patterns

  • GammaSteel
  • Gamaredon Group

Additional Informations

  • Ukraine