Git Product home page Git Product logo

cyber-operations's Introduction

                           %%%%%#########%%%%%                              
                    ###%%%%##                 &%%%                          
               (#####%%          /.. .,,,,&      .%%                        
           //((###            . ...**//((... ,     %%                       
       ***//((               (..***//((...*#,,,     %%                      
   *******                  #(#./((((#......,%#(     %                      
    *****                   @%##....#%%%%%,,%#((     %                      
      ****//                 %%%%,,%%%%%%%**/((     #                       
         *//((#*               %%,%%%%%##((((      %                        
            ((####%               ,((((((/                                  
               #####%%#,                                         **         
                   ##%%%#####                              //**             
                        %%%%#########%.          ######((/                  
                               %%%%%#%%%%%%%%%#####                         
                               
                              by Curated Intelligence

Ukraine-Cyber-Operations

Curated Intelligence is working with analysts from around the world to provide useful information to organisations in Ukraine looking for additional free threat intelligence. Slava Ukraini. Glory to Ukraine. (Blog | Twitter | LinkedIn)

Analyst Comments:

Threat Reports

Date Source Threat(s) URL
14 JAN SSU Ukraine Website Defacements ssu.gov.ua
15 JAN Microsoft WhisperGate wiper microsoft.com
31 JAN Symantec Gamaredon/Shuckworm/PrimitiveBear (FSB) symantec-enterprise-blogs.security.com
2 FEB RaidForums Access broker "GodLevel" offering Ukrainain algricultural exchange RaidForums [not linked]
2 FEB CERT-UA UAC-0056 using SaintBot and OutSteel malware cert.gov.ua
3 FEB PAN Unit42 Gamaredon/Shuckworm/PrimitiveBear (FSB) unit42.paloaltonetworks.com
4 FEB Microsoft Gamaredon/Shuckworm/PrimitiveBear (FSB) microsoft.com
8 FEB NSFOCUS Lorec53 nsfocusglobal.com
15 FEB CERT-UA DDoS attacks against the name server of government websites as well as Oschadbank (State Savings Bank) & Privatbank (largest commercial bank). False SMS and e-mails to create panic cert.gov.ua
23 FEB The Daily Beast Ukrainian troops receive threatening SMS messages thedailybeast.com
23 FEB UK NCSC Sandworm/VoodooBear (GRU) ncsc.gov.uk
23 FEB SentinelLabs HermeticWiper sentinelone.com
24 FEB ESET HermeticWiper welivesecurity.com
24 FEB Symantec HermeticWiper symantec-enterprise-blogs.security.com
24 FEB Cisco Talos HermeticWiper blog.talosintelligence.com
24 FEB Zscaler HermeticWiper zscaler.com
24 FEB CronUp Data broker "FreeCvilian" offering multiple .gov.ua twitter.com/1ZRR4H
24 FEB RaidForums Data broker "Featherine" offering diia.gov.ua RaidForums [not linked]
24 FEB DomainTools Unknown scammers twitter.com/SecuritySnacks
25 FEB @500mk500 Gamaredon/Shuckworm/PrimitiveBear (FSB) twitter.com/500mk500
25 FEB @500mk500 Gamaredon/Shuckworm/PrimitiveBear (FSB) twitter.com/500mk500
25 FEB Microsoft HermeticWiper gist.github.com
25 FEB 360 NetLab DDoS (Mirai, Gafgyt, IRCbot, Ripprbot, Moobot) blog.netlab.360.com
25 FEB Conti [themselves] Conti ransomware, BazarLoader Conti News .onion [not linked]
25 FEB CoomingProject [themselves] Data Hostage Group CoomingProject Telegram [not linked]
25 FEB CERT-UA UNC1151/Ghostwriter (Belarus MoD) CERT-UA Facebook
25 FEB Sekoia UNC1151/Ghostwriter (Belarus MoD) twitter.com/sekoia_io
25 FEB @jaimeblascob UNC1151/Ghostwriter (Belarus MoD) twitter.com/jaimeblasco
25 FEB RISKIQ UNC1151/Ghostwriter (Belarus MoD) community.riskiq.com
25 FEB MalwareHunterTeam Unknown phishing twitter.com/malwrhunterteam
25 FEB ESET Unknown scammers twitter.com/ESETresearch
25 FEB BitDefender Unknown scammers blog.bitdefender.com
25 FEB SSSCIP Ukraine Unkown phishing twitter.com/dsszzi
25 FEB RaidForums Data broker "NetSec" offering FSB (likely SMTP accounts) RaidForums [not linked]
25 FEB Zscaler PartyTicket decoy ransomware zscaler.com
25 FEB INCERT GIE Cyclops Blink, HermeticWiper linkedin.com [Login Required]
25 FEB Proofpoint UNC1151/Ghostwriter (Belarus MoD) twitter.com/threatinsight
26 FEB BBC Journalist A fake Telegram account claiming to be President Zelensky is posting dubious messages twitter.com/shayan86
26 FEB CERT-UA UNC1151/Ghostwriter (Belarus MoD) CERT_UA Facebook
26 FEB MHT and TRMLabs Unknown scammers, linked to ransomware twitter.com/joes_mcgill
26 FEB US CISA WhisperGate wiper, HermeticWiper cisa.gov
26 FEB Bloomberg Destructive malware (possibly HermeticWiper) deployed at Ukrainian Ministry of Internal Affairs & data stolen from Ukrainian telecommunications networks bloomberg.com
26 FEB Vice Prime Minister of Ukraine IT ARMY of Ukraine created to crowdsource offensive operations against Russian infrastructure twitter.com/FedorovMykhailo
26 FEB Yoroi HermeticWiper yoroi.company
27 FEB LockBit [themselves] LockBit ransomware LockBit .onion [not linked]
27 FEB ALPHV [themselves] ALPHV ransomware vHUMINT [closed source]
27 FEB Mēris Botnet [themselves] DDoS attacks vHUMINT [closed source]

Access Brokers

Date Source Threat(s) Source
23 JAN RaidForums Access broker "Mont4na" offering UkrFerry RaidForums [not linked]
23 JAN RaidForums Access broker "Mont4na" offering PrivatBank RaidForums [not linked]
24 JAN RaidForums Access broker "Mont4na" offering DTEK RaidForums [not linked]
27 FEB KelvinSecurity Sharing list of IP cameras in Ukraine vHUMINT [closed source]

Data Brokers

Threat Actor Type Observation Validated Relevance Source
aguyinachair UA data sharing PII DB of ukraine.com (shared as part of a generic compilation) No TA discussion in past 90 days ELeaks Forum [not linked]
an3key UA data sharing DB of Ministry of Communities and Territories Development of Ukraine (minregion[.]gov[.]ua) No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
an3key UA data sharing DB of Ukrainian Ministry of Internal Affairs (wanted[.]mvs[.]gov[.]ua) No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
CorelDraw UA data sharing PII DB (40M) of PrivatBank customers (privatbank[.]ua) No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
CorelDraw UA data sharing DB of "border crossing" DBs of DPR and LPR No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
CorelDraw UA data sharing PII DB (7.5M) of Ukrainian passports No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
CorelDraw UA data sharing PII DB of Ukrainian car registration, license plates, Ukrainian traffic police records No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
CorelDraw UA data sharing PII DB (2.1M) of Ukrainian citizens No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
CorelDraw UA data sharing PII DB (28M) of Ukrainian citizens (passports, drivers licenses, photos) No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
CorelDraw UA data sharing PII DB (1M) of Ukrainian postal/courier service customers (novaposhta[.]ua) No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
CorelDraw UA data sharing PII DB (10M) of Ukrainian telecom customers (vodafone[.]ua) No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
CorelDraw UA data sharing PII DB (3M) of Ukrainian telecom customers (lifecell[.]ua) No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
CorelDraw UA data sharing PII DB (13M) of Ukrainian telecom customers (kyivstar[.]ua) No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
danieltx51 UA data sharing DB of Ministry of Foreign Affairs of Ukraine (mfa[.]gov[.]ua) No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
DueDiligenceCIS UA data sharing PII DB (63M) of Ukrainian citizens (name, DOB, birth country, phone, TIN, passport, family, etc) No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
Featherine UA data sharing DB of Ukrainian 'Diia' e-Governance Portal for Ministry of Digital Transformation of Ukraine No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
FreeCivilian UA data sharing DB of Ministry for Internal Affairs of Ukraine public data search engine (wanted[.]mvs[.]gov[.]ua) No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
FreeCivilian UA data sharing DB of Ministry for Communities and Territories Development of Ukraine (minregion[.]gov[.]ua) No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
FreeCivilian UA data sharing DB of Motor Insurance Bureau of Ukraine (mtsbu[.]ua) No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
FreeCivilian UA data sharing PII DB of Ukrainian digital-medicine provider (medstar[.]ua) No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
FreeCivilian UA data sharing DB of ticket.kyivcity.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of id.kyivcity.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of my.kyivcity.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of portal.kyivcity.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of anti-violence-map.msp.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of dopomoga.msp.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of e-services.msp.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of edu.msp.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of education.msp.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of ek-cbi.msp.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of mail.msp.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of portal-gromady.msp.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of web-minsoc.msp.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of wcs-wim.dsbt.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of bdr.mvs.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of motorsich.com No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of dsns.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of mon.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of minagro.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of zt.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of kmu.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of mvs.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of dsbt.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of forest.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of nkrzi.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of dabi.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of comin.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of dp.dpss.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of esbu.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of mms.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of mova.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of mspu.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of nads.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of reintegration.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of sies.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of sport.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of mepr.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of mfa.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of va.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of mtu.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of cg.mvs.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of ch-tmo.mvs.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of cp.mvs.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of cpd.mvs.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of hutirvilnij-mrc.mvs.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of dndekc.mvs.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of visnyk.dndekc.mvs.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of dpvs.hsc.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of odk.mvs.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of e-driver[.]hsc[.]gov[.]ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of wanted[.]mvs[.]gov[.]ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of minregeion[.]gov[.]ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of health[.]mia[.]solutions No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of mtsbu[.]ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of motorsich[.]com No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of kyivcity[.]com No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of bdr[.]mvs[.]gov[.]ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of gkh[.]in[.]ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of kmu[.]gov[.]ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of mon[.]gov[.]ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of minagro[.]gov[.]ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of mfa[.]gov[.]ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
Intel_Data UA data sharing PII DB (56M) of Ukrainian Citizens No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
Kristina UA data sharing DB of Ukrainian National Police (mvs[.]gov[.]ua) No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
NetSec UA data sharing PII DB (53M) of Ukrainian citizens No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
Psycho_Killer UA data sharing PII DB (56M) of Ukrainian Citizens No TA discussion in past 90 days Exploit Forum .onion [not linked]
Sp333 UA data sharing PII DB of Ukrainian and Russian interpreters, translators, and tour guides No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
Vaticano UA data sharing DB of Ukrainian 'Diia' e-Governance Portal for Ministry of Digital Transformation of Ukraine [copy] No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
Vaticano UA data sharing DB of Ministry for Communities and Territories Development of Ukraine (minregion[.]gov[.]ua) [copy] No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]

Vendor Support

Vendor Offering URL
Dragos Access to Dragos service if from US/UK/ANZ and in need of ICS cybersecurity support twitter.com/RobertMLee
GreyNoise Any and all Ukrainian emails registered to GreyNoise have been upgraded to VIP which includes full, uncapped enterprise access to all GreyNoise products twitter.com/Andrew___Morris
Recorded Future Providing free intelligence-driven insights, perspectives, and mitigation strategies as the situation in Ukraine evolves recordedfuture.com
Flashpoint Free Access to Flashpoint’s Latest Threat Intel on Ukraine go.flashpoint-intel.com
ThreatABLE A Ukraine tag for free threat intelligence feed that's more highly curated to cyber twitter.com/threatable
Orange IOCs related to Russia-Ukraine 2022 conflict extracted from our Datalake Threat Intelligence platform. github.com/Orange-Cyberdefense
FSecure F-Secure FREEDOME VPN is now available for free in all of Ukraine twitter.com/FSecure
Multiple vendors List of vendors offering their services to Ukraine for free, put together by @chrisculling docs.google.com/spreadsheets
Mandiant Free threat intelligence, webinar and guidance for defensive measures relevant to the situation in Ukraine. mandiant.com
Starlink Satellite internet constellation operated by SpaceX providing satellite Internet access coverage to Ukraine twitter.com/elonmus

Vetted OSINT Sources

Handle Affiliation
@KyivIndependent English-language journalism in Ukraine
@IAPonomarenko Defense reporter with The Kyiv Independent
@KyivPost English-language journalism in Ukraine
@Shayan86 BBC World News Disinformation journalist
@Liveuamap Live Universal Awareness Map (“Liveuamap”) independent global news and information site
@DAlperovitch The Alperovitch Institute for Cybersecurity Studies, Founder & Former CTO of CrowdStrike
@COUPSURE OSINT investigator for Centre for Information Resilience
@netblocks London-based Internet's Observatory

Miscellaneous Resources

Source URL Content
PowerOutages.com https://poweroutage.com/ua Tracking PowerOutages across Ukraine
Monash IP Observatory https://twitter.com/IP_Observatory Tracking IP address outages across Ukraine
Project Owl Discord https://discord.com/invite/projectowl Tracking foreign policy, geopolitical events, military and governments, using a Discord-based crowdsourced approach, with a current emphasis on Ukraine and Russia

cyber-operations's People

Contributors

bushidouk avatar crypto-cypher avatar jgmsoftware avatar ocbrollingpaper avatar rpigu-i avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.