Beware #NOBELIUM (aka #APT29) – a sophisticated, Russian state-sponsored threat actor targeting EU governments helping Ukraine.
https://blogs.blackberry.com/en/2023/03/nobelium-targets-eu-governments-assisting-ukraine?utm_content=cyber&utm_medium=social
New sample #Gamaredon. Low detection on VT.
5001878474bb580531b83dfb56ec1e44
IoC:
http[:]//lunch.reins69.ziyafat[.]ru/USER-ПК/almond/almond/prime[.]asp
A malicious doc on the name of Colombian GOV spread as a fake lawsuit and enforced collection.
@dimitribest
4a69b0a3796dd688d57e11658ac1058c <doc
9792c84f24e1492cc4d179523fdfcb9d < vbs
1e989e84f5967d84f40acabaad3395de < Njrat
IoCs:
hxxps://cdn.discordapp.com/attachments/1047544891632259145/1047971566543179936/2dode8002[.]vbs
hxxps://cdn.discordapp.com/attachments/1047543449777344516/1047971253056708729/2dode8002[.]txt
135d1da64932e6f858f7136f8c2b339f
#Ransomware #LockBit It spreads through maldocs attacking organizations in South Korea. The distribution of documents began this morning. A multistage payload is being used.
@dimitribest
IoCs>
0f6f88e208d1052616288a1f7a1374cd
6e8ddb57ec2d8e9d137a70fe642f1324
9f80a3584dd2c3c44b307f0c0a6ca1e6
4b6a088568f7293969566b7bdaf58741
0b7db133b3ca40c8d81180b20a0cd523
2Stage:
hxxps://transfer.sh/get/KgHDsr/s3g53o[.]dotm
d110002b1fc1ffb8265e0b10f9e05013
FinalPayload:>
hxxps://transfer.sh/get/JQJU3c/fdrsetrgh[.]exe
fe5101b50e92a923d74cc6f0f4225539
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst