AA24-249A: Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure

Severity: lowType: unknown

AI Analysis

Technical Summary

This threat intelligence report details ongoing cyber operations attributed to Russian military cyber actors, specifically linked to the GRU (Russian Federation). These actors are targeting critical infrastructure sectors in the United States and globally, including Europe. The campaign involves a range of sophisticated attack patterns as indicated by numerous referenced STIX 2.1 attack pattern identifiers, which typically encompass tactics such as initial access, credential access, lateral movement, command and control, and impact techniques. Although the specific vulnerabilities or exploits used are not detailed, the focus on critical infrastructure suggests targeting of industrial control systems (ICS), operational technology (OT), and key network assets that support essential services. The threat is characterized by persistent and strategic cyber espionage and potential disruption activities aimed at undermining critical services. The lack of patch availability and known exploits in the wild indicates that the threat may rely on custom tools, zero-day exploits, or complex intrusion methods rather than widely known vulnerabilities. The severity is currently assessed as low by the source, but this may reflect the current observed impact rather than the potential risk. The threat actors’ use of multiple attack patterns and targeting of critical infrastructure highlights the potential for significant operational disruption, data exfiltration, or sabotage if successful. The intelligence certainty is moderate (50%), indicating some confidence in attribution and activity but with incomplete details. Overall, this represents a strategic cyber threat from a nation-state actor with significant capabilities and intent to impact critical infrastructure globally, including European organizations.

Potential Impact

For European organizations, particularly those operating critical infrastructure such as energy grids, transportation networks, telecommunications, and water treatment facilities, this threat poses a significant risk. Successful intrusions could lead to operational disruptions, data breaches, loss of service availability, and potential physical damage to infrastructure components. The geopolitical context of Russian cyber operations increases the likelihood of targeted attacks against European countries aligned with U.S. and NATO interests. Disruption or espionage in critical infrastructure could have cascading effects on national security, economic stability, and public safety. Additionally, the complexity and persistence of these actors mean that detection and remediation may be challenging, increasing the potential duration and impact of an incident. Even though the current severity is rated low, the strategic targeting and potential for escalation mean European organizations should treat this threat seriously and prioritize defensive measures.

Mitigation Recommendations

European organizations should implement a multi-layered defense strategy tailored to critical infrastructure environments. Specific recommendations include: 1) Conducting comprehensive threat hunting and network monitoring focused on detecting tactics, techniques, and procedures (TTPs) associated with Russian military cyber actors, leveraging threat intelligence feeds and STIX indicators where available. 2) Enhancing segmentation between IT and OT networks to limit lateral movement opportunities. 3) Applying strict access controls and multi-factor authentication (MFA) for all remote and privileged access, especially for critical systems. 4) Implementing anomaly detection systems capable of identifying unusual network traffic or command and control communications. 5) Regularly updating and patching all systems where possible, and employing virtual patching or compensating controls when patches are unavailable. 6) Conducting regular incident response exercises simulating nation-state attacks to improve readiness. 7) Collaborating with national cybersecurity agencies and sharing intelligence within sector-specific Information Sharing and Analysis Centers (ISACs). 8) Reviewing and hardening supply chain security to prevent compromise via third-party vendors. These measures go beyond generic advice by focusing on the specific threat actor’s known behaviors and the critical infrastructure context.

Affected Countries

Germany, France, United Kingdom, Italy, Netherlands, Poland, Belgium, Sweden, Norway, Finland

Indicators of Compromise

hash: 59da31da4db1aa5f9a5c7c0c151422c8
hash: ddec2d79f460a881849037336ba8968f
hash: 64b9feeccf6c183b9f7138f8fc53acbb
hash: 993f01861aff306df44e6475f7886f37
hash: 143594597130e301499e5940a5fb798a
hash: 6a4fca88ee36fecc5113e188cc39d25c
hash: 56e0446a6d7175a0d09110bc483ddbed
hash: 2128361d8aaae1225d50c9add32006a1
hash: b32e14a9b7de6c92cd16758fa6e23346
hash: 7fe7f33d9b5dbdf3d032d2a10e39f283
hash: f34f60375bebad861a35b7c4bb0fa1c8
hash: cd62d4a178705b2b90a8babd8613df93
hash: e1a15bc13157134f542cd9c55c742460
hash: 791a81f31a8e7090a7d5417451e09efa
hash: a1b509254a0a1daa7e00d279ec974461
hash: 5c9e2195d10375b746b6717fdb47b5b9
hash: aecb57e20d2c0b0d9fece2cbcbcc3459
hash: 80f0ee332a452172533ad8863bb3bc63
hash: 2b39eab325906b0a3ab7e584c3d67349
hash: b7c1a8d39f46eaf52be90e24565dd6b0
hash: d06761b2cff86035a4838110ed6ab622
hash: d40195a444526eafb0db56d95bf8655d
hash: 7234da8ceafbe6586469f18c03cc1832
hash: 1c85c0d044ac837e8939564afac1eb32
hash: 58e879213d81333b628434ba4aeb2751
hash: 562c337b8caca330da2ea6ae07ee5db6
hash: 422437f326b8dbe30cc5f103bde31f26
hash: d034fe4c71b16b6d331886c24fef2751
url: https://cdn.discordapp.com/attachments/945968593030496269/945970446149509130/Client.exe
url: https://cdn.discordapp.com/attachments/888408190625128461/895633952247799858/n.lashevychdirekcy.atom.gov.ua.zip
url: dns.test658324901domain.me
ip: 81.17.24.130
url: https://nssm.cc
url: https://3proxy.ru
ip: 194.26.29.251
ip: 194.26.29.84
ip: 185.245.85.251
ip: 185.245.84.227
ip: 179.43.189.218
ip: 179.43.187.47
ip: 179.43.175.108
ip: 179.43.175.38
ip: 179.43.162.55
ip: 179.43.133.202
ip: 154.21.20.82
ip: 112.132.218.45
ip: 112.51.253.153
ip: 90.131.156.107
ip: 79.124.8.66
ip: 46.101.242.222
ip: 5.226.139.66
hash: 1cac5c0cb8801e8730447023270d8d56
hash: a9c9c0be8eca3b575c24da0fcf1af1a9
hash: af277ae0fbf6cc20f887696ea4756d46
hash: 9d7ab8b0aa669125d9a5adc4f46c56f3
hash: 755dac7edd17fbf5b5c449dd06c02e14
hash: 251f3a4757d9e4de0499cc30c0bc00a9
hash: 28d571ddb5c04d065dfe1be9604663ba
hash: ca43a241042b5fcc305393765ae18e69
hash: 1e22d64f263e8ea4b2d37dcd9b7c3012
hash: b0d0a23766fa64ece9315f37b28bb4c0
hash: 94bf96b76c2a092de8962496ce35deaf
hash: 4e9c55c6fe25d61ca4394de794546fab
hash: 3ccf799ff208981349cee4fb1a1cf88c
hash: 96964aed18f65a7acae632f358a093f6
hash: 09a2d85e809d36bff82bd5ab773980a3
hash: 5eaa7e812733a5c8cda734fab2f752d5
hash: 569c1d31f4c7ec7701d8e4e51b59fe85
hash: 246f31c86bbbe7f65c0126cf4a1a947a
hash: 0a2affa6d895baab087b84e93145da35
hash: 3fe96ff4a5ef0f5346ce645a2a893597
hash: 540ee8e39150c539fea582b0e77be7b0
hash: d43446b4a22a597b93b559821ee5ac9b
hash: 69e58c5ee69f5e5e8a58f4afdd59adfe
hash: dea3ae8225913dd98148fc86cfc3bcbe
hash: 246d9f9831b125ea7e6ef21bc4c8a0ca
hash: e21fe98cc8866c0eeecf3549ebcec751
hash: 41871fef433d7b4b89fd226fe3a1a2c0
hash: 9f11e915be5c0d02a3130329cf032a28
hash: 03af632aa6f87bf9dd4364ee3b612cbb
hash: d0b00a6c83ce810ec2763af17e8ab1c4
hash: 77aa3f342a0d69fda67c853bcc004d48
hash: 5d063eecd894d3d523875bc82ef6f319
hash: 9935a86108e3ae3f72cd15817601dcc6
hash: 552d9b79cc544fc6c3e8aa204dd00811
hash: ad0ca738aa6c987e4ee1a87ff2b8acd5
hash: 4c19aeecbfca13b8a199703d8b8284b9
hash: cee5acbfef7e76f52f40b8ae95199c50
hash: 54a9fa9eb337a3b5ca7b0fa4553e439d
hash: 95cf2a5a24b0d33d621bb8995d5826bc
hash: 343b140977b3f9b227e7e5f82b0fadb5
hash: 981160dee6cd25fb181e54eca7ff7c22
hash: 6c152774f6894407075e6f0a2859bbae
hash: 6859fe5a3eead00a563cd93efcc6ea96
hash: 99305ce01cc2d0f58cd226efb2de893f
hash: d6b41747cb035c4c2b08790cd57f0626
hash: 6e1394938c2fecad2d4f5b3bcf357ec0
hash: de276cf07ccffa18d7ffc35281bca910
hash: 7d3b529db1bd896d9fd877b85cafdc64
hash: 9b2924c727aa3a061906321a66c9050c
hash: 2b2509c6ee46d6327f2f1c9a75122d15
hash: 32db8abce1618e60441f5c7cf4be0d22
hash: 332b7f6662e28e3577bd1b269904b940
hash: 1934e2ebc64d41e37ef53ea0c075e974
hash: 0e6374042b33d78329149a6189a7cb46
hash: cc4a9db6f250114e26d8d9ba6ab46bc9
hash: da4d81f9ef3b25ea09f34481d923dd9d
hash: 77675a24040f10c85112d9a219d5f1c7
hash: 85afdef18d65b0518d709a5a324ea57a
hash: e2cc52273d56ed66c800a726760c1ed0
hash: a5494ffd9efb7c3df59c527076a05e62
hash: 0dc5ac12f7690db15c99eaabc11b129c
hash: 9657c2ef6ed5229740b125df9ca6c915
hash: 673586594242d99ab02118595e457297
hash: 8a2ba7f9cb6f65edf65dbe579907551e
hash: af85885a74cfe099676af542dcdc5741
hash: c265188fdadddb648629e8060601dca7
hash: 683546b9171a1ea284a96d1b45d1d823
hash: 3bcff990faacbebb8fb470dfe03e2543
hash: 47f4534da421daf8089cf34d53f6bb6e
hash: d8c04ecd646a1f8537a59f63518ef3c6
hash: 601c12596dfea84c2113ae5ee59a52ec
hash: fa97dbe84ce7717b754795fa89f13dce
hash: 2e035360971a817b854d7d5a2b008717
hash: 875f9200b49db08c33962b0a6bd05ab9
hash: f8ffd1eab6223e31b15d0fd6c3c0472e
hash: 0adc2530cf348c0a3d53a680291a3d67
hash: d973210977957209f255b58eb1715b12
hash: 7e0c42d33921a89724424f17c97037bd
hash: e4634ef9bfe7b598b857ad997445b239
hash: 911c7e82f32f78577dcd725a7adb114d
hash: 5c3b0040e2dece6e17093ae607b79044
hash: fc418fdda06ce5982153766dcefb71d9
hash: 9152c9de57b5647ee4ab3dff551dc8dd
hash: 5b884f15dc9b072d7bbad9ec2b249f38
hash: ffa68749aa3fc6495e2c49b01d964339
hash: 1220b580cef1bf22351e271773945d20
hash: 8cfef66b390f08bdbfd940922cf51650
hash: a66b3b22a3619f739b197d0d443b700c
hash: 032f5642d4fb2fdd74e6f20a13c57746
hash: c9d1677f4f89b95b41591b23a1dc1a63
hash: fba76f4eb2e7a2eb17193bebe290a198
hash: 0e03103e8110785156105946e48ea9e0
hash: 8d3d4d702ba6b4be2766a41bfe5ff76e
hash: 2b5f159f022109a8de1bc5dd9e3138a0
hash: 19cb20c4e7dbfe15c1aa284752d0fecb
hash: 4bce4831b1dd71f19c55b3e3b5e99856
hash: eef2363744345741e09fe5380eeb4df3
hash: f4f4e55a00d2f3a433c9e5624285ac1c
hash: df4f856f783d23fb01af1e0e64bc0e20
hash: 7a70d5fbbafe3454b76e3ad2f009618f
hash: 4d8343c40be53d6521244fe74393d937
hash: de1bf141976776becd376a0dac400df6
hash: 2ca6bcf16ee4293a771a1cf7b7b9ee49
hash: a905d620717f75751aa94ceb88995dbc
hash: 955e4c198ee58e40fe92cb74ceefdf00
hash: 5f4df6dd8e644d59eaf182e500b5e7bf
hash: 8633bd2bbbb5da22c3f8751150186c42
hash: 08dfebc04eb61c9a6d87b6524c1c0f2e
hash: f73d203bdf924658fd6edf3444c93a50
hash: 7f84263fd24f783ff72d5ae91011b558
hash: 4074798a621232dc448b65db7b1fdd66
ip: 179.43.142.42
domain: interlinks.top
ip: 179.43.176.60
hash: 7c8cb5598e724d34384cce7402b11f0e
hash: 78c855a088924e92a7f60d661c3d1845
url: https://cdn.discordapp.com/attachments/928503440139771947/930108637681184768/Tbopbh.jpg
domain: 3237.site
domain: smm2021.net
ip: 111.111.111.111
ip: 45.141.87.11
ip: 194.26.29.95
ip: 194.26.29.98
domain: nssm.cc
ip: 62.173.140.223
domain: 3proxy.ru
hash: f772f5c65d65412f61ef5f2660e33ceb
hash: 892be61f0cf68425e42efda9aa31f0e14bc963b5
hash: eab7c6ef336c0fe2e0d15e2ccfe851f7ee172bdc14cee2d25e1c245e9034279d
hash: afbb9459d4a0f60d7ffb3b3532d11bc2
hash: 91f7690be7d36bde7537193987610848289e0f56
hash: 3c02aeeb57d3c64feae109f50a89774111a443142859891bae4fb2f469fa0466
hash: 29d83f29c0b0a0b7499e71e7d5cb713f
hash: d33f12dbcdd427c527a8285fd9ab0c848051288b
hash: fd4a5398e55beacb2315687a75af5aa15b776b5d36b9800a1792ede3955616c2
hash: 9b1191f1ceddf312b0d609cd929c6631
hash: 0dd61a16c625c49ffefaf4ce24cabf9a074028a06640d9bbb804f735ff56dfa3
hash: de85ca91e1e8100a619de1c25112f1a5
hash: d2d96f0d819abd771617e806994effc180c7438c
hash: 489ab4819830d231c3fc3572c5386cad9d18773a8121373ea8174de981cc9166
hash: 5a537673c34933fc854fbfb65477a686
hash: 7070b7e9d537c96a2218b3907b05af2d7378661c
hash: 35feefe6bd2b982cb1a5d4c1d094e8665c51752d0a6f7e3cae546d770c280f3a
hash: 764f691b2168e8b3b6f9fb6582e2f819
hash: aa79afbf82b06cda268664b7c83900d8f7a33e0f0071facba0b3d8f7a68ce56a
hash: eac0ae655d344c25ff467a929790885c
hash: b9e64b58d7746cb1d3bed20405ef34d097af08c809d8dad10b9296b0bebb2b0b
hash: 6154760e602bd71192d93f72fbdb486e
hash: 50566fdea2f4b8a3466427f9c6798dabe2587823
hash: bc2e7451995e188f50581efb2b564dfbc5b593f57f7b52072eeba235a0861670
hash: 394e056cb6cb732dfd5e0d45d3dae938
hash: 731dab83ef1d02203db64fbefbe59f3791db1e21
hash: aa212493331277dd28a8b9b2f535c7b719ff9c6d4ccad121fd0a59dcb78697d9
hash: dd2431b1f858b4ca14a4ea05fb8c4a06
hash: c3181fd7cb463893fc73974acc0016605d90ef6c
hash: a05f2999844495bffb3405b1db2d1927e5237e61d71edb599a5fa64e3e575856
hash: 58dc7c9577ff90a046359ca255c0c9f4
hash: f6acdc16c695c3c219116aea3d585efedcafdab5
hash: d3a80ce2fded8144d347ee0b42c18ff6ad8cb386c3a2fc884ef2348afe7633c9
hash: 869742fb9db71fdb66f00528fe2966ec
hash: db370ee79d9b4bd44e07f425d7b06beffc8bdded
hash: 7f8d4a36d05b60f0dd986a3bbde1be34b10a2d80297d1ae28d3fdaaa914fb8bf
hash: 9345425cf07b4c39a80cd8540e08bfde
hash: 2e113050a81bbd0774db7e86fad4abd44e5b6ec2
hash: 4ff07f308da5b18f4a71ef09eea3f3c968683c93e8aa55d3f03975207e3b19ce
hash: 9c695be3703194fdb71c212a0832bcf3
hash: 88c76d31b046227d82f94db87697b25e482eb398
hash: 3de02a782987b4463e02dda90df57a06fb0022eb8840a17c4c812631705ebf7c
hash: 9606b4720a0e73ef1f00505a11aab2f7
hash: 27c176bbd3e254d5e46ccb865d29c8c166ba4a9f
hash: a5833236a73c66add109c8b53adda6f998bf92d63955fa06787d66d670d7889e
hash: d33f608f561096be24cba91797e0da2f
hash: 90fa56e79765d27d35706d028d32dc5be7efb623
hash: c27a3b0ffaba2258d66d595c5478f12ee8a107cd590132a4a72d8bfdaf486fc1
hash: dc795cb9290b1bc0b7fb1ce9d6ae7c93
hash: 5fbd9bd73040d7a2cac0fc21d2fe29ebe57fb597
hash: 887936dc1db271c6970ca78f25c4eb62d3816761b675db2cf4a46645c98a5fd9
hash: b85538f665fdb6c8d9a74f2df7369832
hash: fb83899dc633c59a8473a3048c9aacce7e1bf8d8
hash: b72e8c0e4291e85ad683d6dcba449f18eacd31e8e5395c7064dcb05077db4a06
hash: 618d62dd95fd9aeb855fe2ef1403dce5
hash: b5e3e65cd6b09b17d4819a1379dde7db3e33813b
hash: fae14137605c6a173eaca1e89ad92961e6cb2b66b924087f2f109c0ab38a0d71
hash: 3907c7fbd4148395284d8e6e3c1dba5d
hash: a67205dc84ec29eb71bb259b19c1a1783865c0fc
hash: 34ca75a8c190f20b8a7596afeb255f2228cb2467bd210b2637965b61ac7ea907
file: Ofewufeiy.dll
size-in-bytes: 438272
hash: 8744cec7547b1e73705c10a264e28e08
hash: d4851eb90fc4ba627b6ce633c40852b963a1b555
hash: b7b76f3fe12e12b8d1d34dcd1a53ab18223ec10a5a7549b2db4cde5d84c8970d
file: de1f9d1f0336ddcff832ad3900acd2f1
hash: de1f9d1f0336ddcff832ad3900acd2f1
hash: 7631b43feb02fb8dc97401e82a1ec5c7d970a055
hash: 2880f3c707dff1de85e6b9a7e7154648e2e1df535647c0917e8fb4ea0fe9fd20
file: de1f9d1f0336ddcff832ad3900acd2f1_reversed_974e7c0b3660fbf18f29eac059f85ac0
size-in-bytes: 1772032
hash: 974e7c0b3660fbf18f29eac059f85ac0
hash: 80abdc5c36eb4a2745783e6590a13d92497c8513
hash: 163932f1d39d2ae140bcf89aee6d514f65902ce8b4d46c7061c1cc94eb2a25b2
hash: 17fc12902f4769af3a9271eb4e2dacce
hash: 9a4a1581cc3971579574f837e110f3bd6d529dab
hash: 29ae7b30ed8394c509c561f6117ea671ec412da50d435099756bbb257fafb10b
hash: 6eed4ee0cc57126e9a096ab9905f471c
hash: 4f06d376648def0bb8a325e70046a5030d2cb1d1
hash: db5a204a34969f60fe4a653f51d64eee024dbf018edea334e8b3df780eda846f
file: Frkmlkdkdubkznbkmcf.dll
size-in-bytes: 280064
hash: e61518ae9454a563b8f842286bbdb87b
hash: 82d29b52e35e7938e7ee610c04ea9daaf5e08e90
hash: 9ef7dbd3da51332a78eff19146d21c82957821e464e8133e9594a07d716d892d
file: Tbopbh.jpg
size-in-bytes: 280064
hash: b3370eb3c5ef6c536195b3bea0120929
hash: b2d863fc444b99c479859ad7f012b840f896172e
hash: 923eb77b3c9e11d6c56052318c119c1a22d11ab71675e6b95d05eeb73d1accd6
file: stage2.exe
file: Tbopbh.exe
file: stage2.exe; Tbopbh.exe
hash: 14c8482f302b5e81e3fa1b18a509289d
hash: 16525cb2fd86dce842107eb1ba6174b23f188537
hash: dcbbae5a1c61dbbbb7dcd6dc5dd1eb1169f5329958d38b58c3fd9384081c9b78
file: stage1.exe
hash: 5d5c99a08a7d927346ca2dafa7973fc1
hash: 189166d382c73c242ba45889d57980548d4ba37e
hash: a196c6b8ffcb97ffb276d04f354696e2391311db3841ae16c8c9f56f36a38e92
hash: 896e0f54fc67d72d94b40d7885f10c51
hash: 5d60c8507ac9b840a13ffdf19e3315a3e14de66a
hash: 5e0f28bd2d49b73e96a87f5c20283ebe030f4bb39b3107d4d68015dce862991d
file: AA24-249A-Russian-Military-Cyber-Actors-Target-US-and-Global-Critical-Infrastructure.stix_.json
text: 2.1
link: https://www.cisa.gov/sites/default/files/2024-09/aa24-249a-russian-military-cyber-actors-target-us-and-global-critical-infrastructure.pdf
text: Russian Military Cyber Actors Target US and Global Critical Infrastructure
text: Alert
file: aa24-249a-russian-military-cyber-actors-target-us-and-global-critical-infrastructure.pdf
link: https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-249a
text: The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) assess that cyber actors affiliated with the Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155) are responsible for computer network operations against global targets for the purposes of espionage, sabotage, and reputational harm since at least 2020. GRU Unit 29155 cyber actors began deploying the destructive WhisperGate malware against multiple Ukrainian victim organizations as early as January 13, 2022. These cyber actors are separate from other known and more established GRU-affiliated cyber groups, such as Unit 26165 and Unit 74455.
text: Russian Military Cyber Actors Target US and Global Critical Infrastructure
text: Alert

AA24-249A: Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure

Severity: low

Type: unknown

AA24-249A: Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Germany, France, United Kingdom, Italy, Netherlands, Poland, Belgium, Sweden, Norway, Finland

Indicators of Compromise

hash: 59da31da4db1aa5f9a5c7c0c151422c8
hash: ddec2d79f460a881849037336ba8968f
hash: 64b9feeccf6c183b9f7138f8fc53acbb
hash: 993f01861aff306df44e6475f7886f37
hash: 143594597130e301499e5940a5fb798a
hash: 6a4fca88ee36fecc5113e188cc39d25c
hash: 56e0446a6d7175a0d09110bc483ddbed
hash: 2128361d8aaae1225d50c9add32006a1
hash: b32e14a9b7de6c92cd16758fa6e23346
hash: 7fe7f33d9b5dbdf3d032d2a10e39f283
hash: f34f60375bebad861a35b7c4bb0fa1c8
hash: cd62d4a178705b2b90a8babd8613df93
hash: e1a15bc13157134f542cd9c55c742460
hash: 791a81f31a8e7090a7d5417451e09efa
hash: a1b509254a0a1daa7e00d279ec974461
hash: 5c9e2195d10375b746b6717fdb47b5b9
hash: aecb57e20d2c0b0d9fece2cbcbcc3459
hash: 80f0ee332a452172533ad8863bb3bc63
hash: 2b39eab325906b0a3ab7e584c3d67349
hash: b7c1a8d39f46eaf52be90e24565dd6b0
hash: d06761b2cff86035a4838110ed6ab622
hash: d40195a444526eafb0db56d95bf8655d
hash: 7234da8ceafbe6586469f18c03cc1832
hash: 1c85c0d044ac837e8939564afac1eb32
hash: 58e879213d81333b628434ba4aeb2751
hash: 562c337b8caca330da2ea6ae07ee5db6
hash: 422437f326b8dbe30cc5f103bde31f26
hash: d034fe4c71b16b6d331886c24fef2751
url: https://cdn.discordapp.com/attachments/945968593030496269/945970446149509130/Client.exe
url: https://cdn.discordapp.com/attachments/888408190625128461/895633952247799858/n.lashevychdirekcy.atom.gov.ua.zip
url: dns.test658324901domain.me
ip: 81.17.24.130
url: https://nssm.cc
url: https://3proxy.ru
ip: 194.26.29.251
ip: 194.26.29.84
ip: 185.245.85.251
ip: 185.245.84.227
ip: 179.43.189.218
ip: 179.43.187.47
ip: 179.43.175.108
ip: 179.43.175.38
ip: 179.43.162.55
ip: 179.43.133.202
ip: 154.21.20.82
ip: 112.132.218.45
ip: 112.51.253.153
ip: 90.131.156.107
ip: 79.124.8.66
ip: 46.101.242.222
ip: 5.226.139.66
hash: 1cac5c0cb8801e8730447023270d8d56
hash: a9c9c0be8eca3b575c24da0fcf1af1a9
hash: af277ae0fbf6cc20f887696ea4756d46
hash: 9d7ab8b0aa669125d9a5adc4f46c56f3
hash: 755dac7edd17fbf5b5c449dd06c02e14
hash: 251f3a4757d9e4de0499cc30c0bc00a9
hash: 28d571ddb5c04d065dfe1be9604663ba
hash: ca43a241042b5fcc305393765ae18e69
hash: 1e22d64f263e8ea4b2d37dcd9b7c3012
hash: b0d0a23766fa64ece9315f37b28bb4c0
hash: 94bf96b76c2a092de8962496ce35deaf
hash: 4e9c55c6fe25d61ca4394de794546fab
hash: 3ccf799ff208981349cee4fb1a1cf88c
hash: 96964aed18f65a7acae632f358a093f6
hash: 09a2d85e809d36bff82bd5ab773980a3
hash: 5eaa7e812733a5c8cda734fab2f752d5
hash: 569c1d31f4c7ec7701d8e4e51b59fe85
hash: 246f31c86bbbe7f65c0126cf4a1a947a
hash: 0a2affa6d895baab087b84e93145da35
hash: 3fe96ff4a5ef0f5346ce645a2a893597
hash: 540ee8e39150c539fea582b0e77be7b0
hash: d43446b4a22a597b93b559821ee5ac9b
hash: 69e58c5ee69f5e5e8a58f4afdd59adfe
hash: dea3ae8225913dd98148fc86cfc3bcbe
hash: 246d9f9831b125ea7e6ef21bc4c8a0ca
hash: e21fe98cc8866c0eeecf3549ebcec751
hash: 41871fef433d7b4b89fd226fe3a1a2c0
hash: 9f11e915be5c0d02a3130329cf032a28
hash: 03af632aa6f87bf9dd4364ee3b612cbb
hash: d0b00a6c83ce810ec2763af17e8ab1c4
hash: 77aa3f342a0d69fda67c853bcc004d48
hash: 5d063eecd894d3d523875bc82ef6f319
hash: 9935a86108e3ae3f72cd15817601dcc6
hash: 552d9b79cc544fc6c3e8aa204dd00811
hash: ad0ca738aa6c987e4ee1a87ff2b8acd5
hash: 4c19aeecbfca13b8a199703d8b8284b9
hash: cee5acbfef7e76f52f40b8ae95199c50
hash: 54a9fa9eb337a3b5ca7b0fa4553e439d
hash: 95cf2a5a24b0d33d621bb8995d5826bc
hash: 343b140977b3f9b227e7e5f82b0fadb5
hash: 981160dee6cd25fb181e54eca7ff7c22
hash: 6c152774f6894407075e6f0a2859bbae
hash: 6859fe5a3eead00a563cd93efcc6ea96
hash: 99305ce01cc2d0f58cd226efb2de893f
hash: d6b41747cb035c4c2b08790cd57f0626
hash: 6e1394938c2fecad2d4f5b3bcf357ec0
hash: de276cf07ccffa18d7ffc35281bca910
hash: 7d3b529db1bd896d9fd877b85cafdc64
hash: 9b2924c727aa3a061906321a66c9050c
hash: 2b2509c6ee46d6327f2f1c9a75122d15
hash: 32db8abce1618e60441f5c7cf4be0d22
hash: 332b7f6662e28e3577bd1b269904b940
hash: 1934e2ebc64d41e37ef53ea0c075e974
hash: 0e6374042b33d78329149a6189a7cb46
hash: cc4a9db6f250114e26d8d9ba6ab46bc9
hash: da4d81f9ef3b25ea09f34481d923dd9d
hash: 77675a24040f10c85112d9a219d5f1c7
hash: 85afdef18d65b0518d709a5a324ea57a
hash: e2cc52273d56ed66c800a726760c1ed0
hash: a5494ffd9efb7c3df59c527076a05e62
hash: 0dc5ac12f7690db15c99eaabc11b129c
hash: 9657c2ef6ed5229740b125df9ca6c915
hash: 673586594242d99ab02118595e457297
hash: 8a2ba7f9cb6f65edf65dbe579907551e
hash: af85885a74cfe099676af542dcdc5741
hash: c265188fdadddb648629e8060601dca7
hash: 683546b9171a1ea284a96d1b45d1d823
hash: 3bcff990faacbebb8fb470dfe03e2543
hash: 47f4534da421daf8089cf34d53f6bb6e
hash: d8c04ecd646a1f8537a59f63518ef3c6
hash: 601c12596dfea84c2113ae5ee59a52ec
hash: fa97dbe84ce7717b754795fa89f13dce
hash: 2e035360971a817b854d7d5a2b008717
hash: 875f9200b49db08c33962b0a6bd05ab9
hash: f8ffd1eab6223e31b15d0fd6c3c0472e
hash: 0adc2530cf348c0a3d53a680291a3d67
hash: d973210977957209f255b58eb1715b12
hash: 7e0c42d33921a89724424f17c97037bd
hash: e4634ef9bfe7b598b857ad997445b239
hash: 911c7e82f32f78577dcd725a7adb114d
hash: 5c3b0040e2dece6e17093ae607b79044
hash: fc418fdda06ce5982153766dcefb71d9
hash: 9152c9de57b5647ee4ab3dff551dc8dd
hash: 5b884f15dc9b072d7bbad9ec2b249f38
hash: ffa68749aa3fc6495e2c49b01d964339
hash: 1220b580cef1bf22351e271773945d20
hash: 8cfef66b390f08bdbfd940922cf51650
hash: a66b3b22a3619f739b197d0d443b700c
hash: 032f5642d4fb2fdd74e6f20a13c57746
hash: c9d1677f4f89b95b41591b23a1dc1a63
hash: fba76f4eb2e7a2eb17193bebe290a198
hash: 0e03103e8110785156105946e48ea9e0
hash: 8d3d4d702ba6b4be2766a41bfe5ff76e
hash: 2b5f159f022109a8de1bc5dd9e3138a0
hash: 19cb20c4e7dbfe15c1aa284752d0fecb
hash: 4bce4831b1dd71f19c55b3e3b5e99856
hash: eef2363744345741e09fe5380eeb4df3
hash: f4f4e55a00d2f3a433c9e5624285ac1c
hash: df4f856f783d23fb01af1e0e64bc0e20
hash: 7a70d5fbbafe3454b76e3ad2f009618f
hash: 4d8343c40be53d6521244fe74393d937
hash: de1bf141976776becd376a0dac400df6
hash: 2ca6bcf16ee4293a771a1cf7b7b9ee49
hash: a905d620717f75751aa94ceb88995dbc
hash: 955e4c198ee58e40fe92cb74ceefdf00
hash: 5f4df6dd8e644d59eaf182e500b5e7bf
hash: 8633bd2bbbb5da22c3f8751150186c42
hash: 08dfebc04eb61c9a6d87b6524c1c0f2e
hash: f73d203bdf924658fd6edf3444c93a50
hash: 7f84263fd24f783ff72d5ae91011b558
hash: 4074798a621232dc448b65db7b1fdd66
ip: 179.43.142.42
domain: interlinks.top
ip: 179.43.176.60
hash: 7c8cb5598e724d34384cce7402b11f0e
hash: 78c855a088924e92a7f60d661c3d1845
url: https://cdn.discordapp.com/attachments/928503440139771947/930108637681184768/Tbopbh.jpg
domain: 3237.site
domain: smm2021.net
ip: 111.111.111.111
ip: 45.141.87.11
ip: 194.26.29.95
ip: 194.26.29.98
domain: nssm.cc
ip: 62.173.140.223
domain: 3proxy.ru
hash: f772f5c65d65412f61ef5f2660e33ceb
hash: 892be61f0cf68425e42efda9aa31f0e14bc963b5
hash: eab7c6ef336c0fe2e0d15e2ccfe851f7ee172bdc14cee2d25e1c245e9034279d
hash: afbb9459d4a0f60d7ffb3b3532d11bc2
hash: 91f7690be7d36bde7537193987610848289e0f56
hash: 3c02aeeb57d3c64feae109f50a89774111a443142859891bae4fb2f469fa0466
hash: 29d83f29c0b0a0b7499e71e7d5cb713f
hash: d33f12dbcdd427c527a8285fd9ab0c848051288b
hash: fd4a5398e55beacb2315687a75af5aa15b776b5d36b9800a1792ede3955616c2
hash: 9b1191f1ceddf312b0d609cd929c6631
hash: 0dd61a16c625c49ffefaf4ce24cabf9a074028a06640d9bbb804f735ff56dfa3
hash: de85ca91e1e8100a619de1c25112f1a5
hash: d2d96f0d819abd771617e806994effc180c7438c
hash: 489ab4819830d231c3fc3572c5386cad9d18773a8121373ea8174de981cc9166
hash: 5a537673c34933fc854fbfb65477a686
hash: 7070b7e9d537c96a2218b3907b05af2d7378661c
hash: 35feefe6bd2b982cb1a5d4c1d094e8665c51752d0a6f7e3cae546d770c280f3a
hash: 764f691b2168e8b3b6f9fb6582e2f819
hash: aa79afbf82b06cda268664b7c83900d8f7a33e0f0071facba0b3d8f7a68ce56a
hash: eac0ae655d344c25ff467a929790885c
hash: b9e64b58d7746cb1d3bed20405ef34d097af08c809d8dad10b9296b0bebb2b0b
hash: 6154760e602bd71192d93f72fbdb486e
hash: 50566fdea2f4b8a3466427f9c6798dabe2587823
hash: bc2e7451995e188f50581efb2b564dfbc5b593f57f7b52072eeba235a0861670
hash: 394e056cb6cb732dfd5e0d45d3dae938
hash: 731dab83ef1d02203db64fbefbe59f3791db1e21
hash: aa212493331277dd28a8b9b2f535c7b719ff9c6d4ccad121fd0a59dcb78697d9
hash: dd2431b1f858b4ca14a4ea05fb8c4a06
hash: c3181fd7cb463893fc73974acc0016605d90ef6c
hash: a05f2999844495bffb3405b1db2d1927e5237e61d71edb599a5fa64e3e575856
hash: 58dc7c9577ff90a046359ca255c0c9f4
hash: f6acdc16c695c3c219116aea3d585efedcafdab5
hash: d3a80ce2fded8144d347ee0b42c18ff6ad8cb386c3a2fc884ef2348afe7633c9
hash: 869742fb9db71fdb66f00528fe2966ec
hash: db370ee79d9b4bd44e07f425d7b06beffc8bdded
hash: 7f8d4a36d05b60f0dd986a3bbde1be34b10a2d80297d1ae28d3fdaaa914fb8bf
hash: 9345425cf07b4c39a80cd8540e08bfde
hash: 2e113050a81bbd0774db7e86fad4abd44e5b6ec2
hash: 4ff07f308da5b18f4a71ef09eea3f3c968683c93e8aa55d3f03975207e3b19ce
hash: 9c695be3703194fdb71c212a0832bcf3
hash: 88c76d31b046227d82f94db87697b25e482eb398
hash: 3de02a782987b4463e02dda90df57a06fb0022eb8840a17c4c812631705ebf7c
hash: 9606b4720a0e73ef1f00505a11aab2f7
hash: 27c176bbd3e254d5e46ccb865d29c8c166ba4a9f
hash: a5833236a73c66add109c8b53adda6f998bf92d63955fa06787d66d670d7889e
hash: d33f608f561096be24cba91797e0da2f
hash: 90fa56e79765d27d35706d028d32dc5be7efb623
hash: c27a3b0ffaba2258d66d595c5478f12ee8a107cd590132a4a72d8bfdaf486fc1
hash: dc795cb9290b1bc0b7fb1ce9d6ae7c93
hash: 5fbd9bd73040d7a2cac0fc21d2fe29ebe57fb597
hash: 887936dc1db271c6970ca78f25c4eb62d3816761b675db2cf4a46645c98a5fd9
hash: b85538f665fdb6c8d9a74f2df7369832
hash: fb83899dc633c59a8473a3048c9aacce7e1bf8d8
hash: b72e8c0e4291e85ad683d6dcba449f18eacd31e8e5395c7064dcb05077db4a06
hash: 618d62dd95fd9aeb855fe2ef1403dce5
hash: b5e3e65cd6b09b17d4819a1379dde7db3e33813b
hash: fae14137605c6a173eaca1e89ad92961e6cb2b66b924087f2f109c0ab38a0d71
hash: 3907c7fbd4148395284d8e6e3c1dba5d
hash: a67205dc84ec29eb71bb259b19c1a1783865c0fc
hash: 34ca75a8c190f20b8a7596afeb255f2228cb2467bd210b2637965b61ac7ea907
file: Ofewufeiy.dll
size-in-bytes: 438272
hash: 8744cec7547b1e73705c10a264e28e08
hash: d4851eb90fc4ba627b6ce633c40852b963a1b555
hash: b7b76f3fe12e12b8d1d34dcd1a53ab18223ec10a5a7549b2db4cde5d84c8970d
file: de1f9d1f0336ddcff832ad3900acd2f1
hash: de1f9d1f0336ddcff832ad3900acd2f1
hash: 7631b43feb02fb8dc97401e82a1ec5c7d970a055
hash: 2880f3c707dff1de85e6b9a7e7154648e2e1df535647c0917e8fb4ea0fe9fd20
file: de1f9d1f0336ddcff832ad3900acd2f1_reversed_974e7c0b3660fbf18f29eac059f85ac0
size-in-bytes: 1772032
hash: 974e7c0b3660fbf18f29eac059f85ac0
hash: 80abdc5c36eb4a2745783e6590a13d92497c8513
hash: 163932f1d39d2ae140bcf89aee6d514f65902ce8b4d46c7061c1cc94eb2a25b2
hash: 17fc12902f4769af3a9271eb4e2dacce
hash: 9a4a1581cc3971579574f837e110f3bd6d529dab
hash: 29ae7b30ed8394c509c561f6117ea671ec412da50d435099756bbb257fafb10b
hash: 6eed4ee0cc57126e9a096ab9905f471c
hash: 4f06d376648def0bb8a325e70046a5030d2cb1d1
hash: db5a204a34969f60fe4a653f51d64eee024dbf018edea334e8b3df780eda846f
file: Frkmlkdkdubkznbkmcf.dll
size-in-bytes: 280064
hash: e61518ae9454a563b8f842286bbdb87b
hash: 82d29b52e35e7938e7ee610c04ea9daaf5e08e90
hash: 9ef7dbd3da51332a78eff19146d21c82957821e464e8133e9594a07d716d892d
file: Tbopbh.jpg
size-in-bytes: 280064
hash: b3370eb3c5ef6c536195b3bea0120929
hash: b2d863fc444b99c479859ad7f012b840f896172e
hash: 923eb77b3c9e11d6c56052318c119c1a22d11ab71675e6b95d05eeb73d1accd6
file: stage2.exe
file: Tbopbh.exe
file: stage2.exe; Tbopbh.exe
hash: 14c8482f302b5e81e3fa1b18a509289d
hash: 16525cb2fd86dce842107eb1ba6174b23f188537
hash: dcbbae5a1c61dbbbb7dcd6dc5dd1eb1169f5329958d38b58c3fd9384081c9b78
file: stage1.exe
hash: 5d5c99a08a7d927346ca2dafa7973fc1
hash: 189166d382c73c242ba45889d57980548d4ba37e
hash: a196c6b8ffcb97ffb276d04f354696e2391311db3841ae16c8c9f56f36a38e92
hash: 896e0f54fc67d72d94b40d7885f10c51
hash: 5d60c8507ac9b840a13ffdf19e3315a3e14de66a
hash: 5e0f28bd2d49b73e96a87f5c20283ebe030f4bb39b3107d4d68015dce862991d
file: AA24-249A-Russian-Military-Cyber-Actors-Target-US-and-Global-Critical-Infrastructure.stix_.json
text: 2.1
link: https://www.cisa.gov/sites/default/files/2024-09/aa24-249a-russian-military-cyber-actors-target-us-and-global-critical-infrastructure.pdf
text: Russian Military Cyber Actors Target US and Global Critical Infrastructure
text: Alert
file: aa24-249a-russian-military-cyber-actors-target-us-and-global-critical-infrastructure.pdf
link: https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-249a
text: The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) assess that cyber actors affiliated with the Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155) are responsible for computer network operations against global targets for the purposes of espionage, sabotage, and reputational harm since at least 2020. GRU Unit 29155 cyber actors began deploying the destructive WhisperGate malware against multiple Ukrainian victim organizations as early as January 13, 2022. These cyber actors are separate from other known and more established GRU-affiliated cyber groups, such as Unit 26165 and Unit 74455.
text: Russian Military Cyber Actors Target US and Global Critical Infrastructure
text: Alert

Source: CIRCL OSINT Feed

Published: Fri Sep 06 2024

AA24-249A: Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure

Low

Published: Fri Sep 06 2024 (09/06/2024, 00:00:00 UTC)

Source: CIRCL OSINT Feed

Vendor/Project: tlp

Product: white

Description

AA24-249A: Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure

AI-Powered Analysis

AILast updated: 06/27/2025, 11:37:06 UTC

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Need more detailed analysis?Get Pro

Pro Feature

For access to advanced analysis and higher rate limits, contact root@offseq.com

Technical Details

Uuid: d67bfbe0-e01d-4e2e-8a56-214805d85aee
Original Timestamp: 1725608935

Indicators of Compromise

Hash

Value	Description	Copy
hash59da31da4db1aa5f9a5c7c0c151422c8	—
hashddec2d79f460a881849037336ba8968f	—
hash64b9feeccf6c183b9f7138f8fc53acbb	—
hash993f01861aff306df44e6475f7886f37	—
hash143594597130e301499e5940a5fb798a	—
hash6a4fca88ee36fecc5113e188cc39d25c	—
hash56e0446a6d7175a0d09110bc483ddbed	—
hash2128361d8aaae1225d50c9add32006a1	—
hashb32e14a9b7de6c92cd16758fa6e23346	—
hash7fe7f33d9b5dbdf3d032d2a10e39f283	—
hashf34f60375bebad861a35b7c4bb0fa1c8	—
hashcd62d4a178705b2b90a8babd8613df93	—
hashe1a15bc13157134f542cd9c55c742460	—
hash791a81f31a8e7090a7d5417451e09efa	—
hasha1b509254a0a1daa7e00d279ec974461	—
hash5c9e2195d10375b746b6717fdb47b5b9	—
hashaecb57e20d2c0b0d9fece2cbcbcc3459	—
hash80f0ee332a452172533ad8863bb3bc63	—
hash2b39eab325906b0a3ab7e584c3d67349	—
hashb7c1a8d39f46eaf52be90e24565dd6b0	—
hashd06761b2cff86035a4838110ed6ab622	—
hashd40195a444526eafb0db56d95bf8655d	—
hash7234da8ceafbe6586469f18c03cc1832	—
hash1c85c0d044ac837e8939564afac1eb32	—
hash58e879213d81333b628434ba4aeb2751	—
hash562c337b8caca330da2ea6ae07ee5db6	—
hash422437f326b8dbe30cc5f103bde31f26	—
hashd034fe4c71b16b6d331886c24fef2751	—
hash1cac5c0cb8801e8730447023270d8d56	—
hasha9c9c0be8eca3b575c24da0fcf1af1a9	—
hashaf277ae0fbf6cc20f887696ea4756d46	—
hash9d7ab8b0aa669125d9a5adc4f46c56f3	—
hash755dac7edd17fbf5b5c449dd06c02e14	—
hash251f3a4757d9e4de0499cc30c0bc00a9	—
hash28d571ddb5c04d065dfe1be9604663ba	—
hashca43a241042b5fcc305393765ae18e69	—
hash1e22d64f263e8ea4b2d37dcd9b7c3012	—
hashb0d0a23766fa64ece9315f37b28bb4c0	—
hash94bf96b76c2a092de8962496ce35deaf	—
hash4e9c55c6fe25d61ca4394de794546fab	—
hash3ccf799ff208981349cee4fb1a1cf88c	—
hash96964aed18f65a7acae632f358a093f6	—
hash09a2d85e809d36bff82bd5ab773980a3	—
hash5eaa7e812733a5c8cda734fab2f752d5	—
hash569c1d31f4c7ec7701d8e4e51b59fe85	—
hash246f31c86bbbe7f65c0126cf4a1a947a	—
hash0a2affa6d895baab087b84e93145da35	—
hash3fe96ff4a5ef0f5346ce645a2a893597	—
hash540ee8e39150c539fea582b0e77be7b0	—
hashd43446b4a22a597b93b559821ee5ac9b	—
hash69e58c5ee69f5e5e8a58f4afdd59adfe	—
hashdea3ae8225913dd98148fc86cfc3bcbe	—
hash246d9f9831b125ea7e6ef21bc4c8a0ca	—
hashe21fe98cc8866c0eeecf3549ebcec751	—
hash41871fef433d7b4b89fd226fe3a1a2c0	—
hash9f11e915be5c0d02a3130329cf032a28	—
hash03af632aa6f87bf9dd4364ee3b612cbb	—
hashd0b00a6c83ce810ec2763af17e8ab1c4	—
hash77aa3f342a0d69fda67c853bcc004d48	—
hash5d063eecd894d3d523875bc82ef6f319	—
hash9935a86108e3ae3f72cd15817601dcc6	—
hash552d9b79cc544fc6c3e8aa204dd00811	—
hashad0ca738aa6c987e4ee1a87ff2b8acd5	—
hash4c19aeecbfca13b8a199703d8b8284b9	—
hashcee5acbfef7e76f52f40b8ae95199c50	—
hash54a9fa9eb337a3b5ca7b0fa4553e439d	—
hash95cf2a5a24b0d33d621bb8995d5826bc	—
hash343b140977b3f9b227e7e5f82b0fadb5	—
hash981160dee6cd25fb181e54eca7ff7c22	—
hash6c152774f6894407075e6f0a2859bbae	—
hash6859fe5a3eead00a563cd93efcc6ea96	—
hash99305ce01cc2d0f58cd226efb2de893f	—
hashd6b41747cb035c4c2b08790cd57f0626	—
hash6e1394938c2fecad2d4f5b3bcf357ec0	—
hashde276cf07ccffa18d7ffc35281bca910	—
hash7d3b529db1bd896d9fd877b85cafdc64	—
hash9b2924c727aa3a061906321a66c9050c	—
hash2b2509c6ee46d6327f2f1c9a75122d15	—
hash32db8abce1618e60441f5c7cf4be0d22	—
hash332b7f6662e28e3577bd1b269904b940	—
hash1934e2ebc64d41e37ef53ea0c075e974	—
hash0e6374042b33d78329149a6189a7cb46	—
hashcc4a9db6f250114e26d8d9ba6ab46bc9	—
hashda4d81f9ef3b25ea09f34481d923dd9d	—
hash77675a24040f10c85112d9a219d5f1c7	—
hash85afdef18d65b0518d709a5a324ea57a	—
hashe2cc52273d56ed66c800a726760c1ed0	—
hasha5494ffd9efb7c3df59c527076a05e62	—
hash0dc5ac12f7690db15c99eaabc11b129c	—
hash9657c2ef6ed5229740b125df9ca6c915	—
hash673586594242d99ab02118595e457297	—
hash8a2ba7f9cb6f65edf65dbe579907551e	—
hashaf85885a74cfe099676af542dcdc5741	—
hashc265188fdadddb648629e8060601dca7	—
hash683546b9171a1ea284a96d1b45d1d823	—
hash3bcff990faacbebb8fb470dfe03e2543	—
hash47f4534da421daf8089cf34d53f6bb6e	—
hashd8c04ecd646a1f8537a59f63518ef3c6	—
hash601c12596dfea84c2113ae5ee59a52ec	—
hashfa97dbe84ce7717b754795fa89f13dce	—
hash2e035360971a817b854d7d5a2b008717	—
hash875f9200b49db08c33962b0a6bd05ab9	—
hashf8ffd1eab6223e31b15d0fd6c3c0472e	—
hash0adc2530cf348c0a3d53a680291a3d67	—
hashd973210977957209f255b58eb1715b12	—
hash7e0c42d33921a89724424f17c97037bd	—
hashe4634ef9bfe7b598b857ad997445b239	—
hash911c7e82f32f78577dcd725a7adb114d	—
hash5c3b0040e2dece6e17093ae607b79044	—
hashfc418fdda06ce5982153766dcefb71d9	—
hash9152c9de57b5647ee4ab3dff551dc8dd	—
hash5b884f15dc9b072d7bbad9ec2b249f38	—
hashffa68749aa3fc6495e2c49b01d964339	—
hash1220b580cef1bf22351e271773945d20	—
hash8cfef66b390f08bdbfd940922cf51650	—
hasha66b3b22a3619f739b197d0d443b700c	—
hash032f5642d4fb2fdd74e6f20a13c57746	—
hashc9d1677f4f89b95b41591b23a1dc1a63	—
hashfba76f4eb2e7a2eb17193bebe290a198	—
hash0e03103e8110785156105946e48ea9e0	—
hash8d3d4d702ba6b4be2766a41bfe5ff76e	—
hash2b5f159f022109a8de1bc5dd9e3138a0	—
hash19cb20c4e7dbfe15c1aa284752d0fecb	—
hash4bce4831b1dd71f19c55b3e3b5e99856	—
hasheef2363744345741e09fe5380eeb4df3	—
hashf4f4e55a00d2f3a433c9e5624285ac1c	—
hashdf4f856f783d23fb01af1e0e64bc0e20	—
hash7a70d5fbbafe3454b76e3ad2f009618f	—
hash4d8343c40be53d6521244fe74393d937	—
hashde1bf141976776becd376a0dac400df6	—
hash2ca6bcf16ee4293a771a1cf7b7b9ee49	—
hasha905d620717f75751aa94ceb88995dbc	—
hash955e4c198ee58e40fe92cb74ceefdf00	—
hash5f4df6dd8e644d59eaf182e500b5e7bf	—
hash8633bd2bbbb5da22c3f8751150186c42	—
hash08dfebc04eb61c9a6d87b6524c1c0f2e	—
hashf73d203bdf924658fd6edf3444c93a50	—
hash7f84263fd24f783ff72d5ae91011b558	—
hash4074798a621232dc448b65db7b1fdd66	—
hash7c8cb5598e724d34384cce7402b11f0e	—
hash78c855a088924e92a7f60d661c3d1845	—
hashf772f5c65d65412f61ef5f2660e33ceb	—
hash892be61f0cf68425e42efda9aa31f0e14bc963b5	—
hasheab7c6ef336c0fe2e0d15e2ccfe851f7ee172bdc14cee2d25e1c245e9034279d	—
hashafbb9459d4a0f60d7ffb3b3532d11bc2	—
hash91f7690be7d36bde7537193987610848289e0f56	—
hash3c02aeeb57d3c64feae109f50a89774111a443142859891bae4fb2f469fa0466	—
hash29d83f29c0b0a0b7499e71e7d5cb713f	—
hashd33f12dbcdd427c527a8285fd9ab0c848051288b	—
hashfd4a5398e55beacb2315687a75af5aa15b776b5d36b9800a1792ede3955616c2	—
hash9b1191f1ceddf312b0d609cd929c6631	—
hash0dd61a16c625c49ffefaf4ce24cabf9a074028a06640d9bbb804f735ff56dfa3	—
hashde85ca91e1e8100a619de1c25112f1a5	—
hashd2d96f0d819abd771617e806994effc180c7438c	—
hash489ab4819830d231c3fc3572c5386cad9d18773a8121373ea8174de981cc9166	—
hash5a537673c34933fc854fbfb65477a686	—
hash7070b7e9d537c96a2218b3907b05af2d7378661c	—
hash35feefe6bd2b982cb1a5d4c1d094e8665c51752d0a6f7e3cae546d770c280f3a	—
hash764f691b2168e8b3b6f9fb6582e2f819	—
hashaa79afbf82b06cda268664b7c83900d8f7a33e0f0071facba0b3d8f7a68ce56a	—
hasheac0ae655d344c25ff467a929790885c	—
hashb9e64b58d7746cb1d3bed20405ef34d097af08c809d8dad10b9296b0bebb2b0b	—
hash6154760e602bd71192d93f72fbdb486e	—
hash50566fdea2f4b8a3466427f9c6798dabe2587823	—
hashbc2e7451995e188f50581efb2b564dfbc5b593f57f7b52072eeba235a0861670	—
hash394e056cb6cb732dfd5e0d45d3dae938	—
hash731dab83ef1d02203db64fbefbe59f3791db1e21	—
hashaa212493331277dd28a8b9b2f535c7b719ff9c6d4ccad121fd0a59dcb78697d9	—
hashdd2431b1f858b4ca14a4ea05fb8c4a06	—
hashc3181fd7cb463893fc73974acc0016605d90ef6c	—
hasha05f2999844495bffb3405b1db2d1927e5237e61d71edb599a5fa64e3e575856	—
hash58dc7c9577ff90a046359ca255c0c9f4	—
hashf6acdc16c695c3c219116aea3d585efedcafdab5	—
hashd3a80ce2fded8144d347ee0b42c18ff6ad8cb386c3a2fc884ef2348afe7633c9	—
hash869742fb9db71fdb66f00528fe2966ec	—
hashdb370ee79d9b4bd44e07f425d7b06beffc8bdded	—
hash7f8d4a36d05b60f0dd986a3bbde1be34b10a2d80297d1ae28d3fdaaa914fb8bf	—
hash9345425cf07b4c39a80cd8540e08bfde	—
hash2e113050a81bbd0774db7e86fad4abd44e5b6ec2	—
hash4ff07f308da5b18f4a71ef09eea3f3c968683c93e8aa55d3f03975207e3b19ce	—
hash9c695be3703194fdb71c212a0832bcf3	—
hash88c76d31b046227d82f94db87697b25e482eb398	—
hash3de02a782987b4463e02dda90df57a06fb0022eb8840a17c4c812631705ebf7c	—
hash9606b4720a0e73ef1f00505a11aab2f7	—
hash27c176bbd3e254d5e46ccb865d29c8c166ba4a9f	—
hasha5833236a73c66add109c8b53adda6f998bf92d63955fa06787d66d670d7889e	—
hashd33f608f561096be24cba91797e0da2f	—
hash90fa56e79765d27d35706d028d32dc5be7efb623	—
hashc27a3b0ffaba2258d66d595c5478f12ee8a107cd590132a4a72d8bfdaf486fc1	—
hashdc795cb9290b1bc0b7fb1ce9d6ae7c93	—
hash5fbd9bd73040d7a2cac0fc21d2fe29ebe57fb597	—
hash887936dc1db271c6970ca78f25c4eb62d3816761b675db2cf4a46645c98a5fd9	—
hashb85538f665fdb6c8d9a74f2df7369832	—
hashfb83899dc633c59a8473a3048c9aacce7e1bf8d8	—
hashb72e8c0e4291e85ad683d6dcba449f18eacd31e8e5395c7064dcb05077db4a06	—
hash618d62dd95fd9aeb855fe2ef1403dce5	—
hashb5e3e65cd6b09b17d4819a1379dde7db3e33813b	—
hashfae14137605c6a173eaca1e89ad92961e6cb2b66b924087f2f109c0ab38a0d71	—
hash3907c7fbd4148395284d8e6e3c1dba5d	—
hasha67205dc84ec29eb71bb259b19c1a1783865c0fc	—
hash34ca75a8c190f20b8a7596afeb255f2228cb2467bd210b2637965b61ac7ea907	—
hash8744cec7547b1e73705c10a264e28e08	—
hashd4851eb90fc4ba627b6ce633c40852b963a1b555	—
hashb7b76f3fe12e12b8d1d34dcd1a53ab18223ec10a5a7549b2db4cde5d84c8970d	—
hashde1f9d1f0336ddcff832ad3900acd2f1	—
hash7631b43feb02fb8dc97401e82a1ec5c7d970a055	—
hash2880f3c707dff1de85e6b9a7e7154648e2e1df535647c0917e8fb4ea0fe9fd20	—
hash974e7c0b3660fbf18f29eac059f85ac0	—
hash80abdc5c36eb4a2745783e6590a13d92497c8513	—
hash163932f1d39d2ae140bcf89aee6d514f65902ce8b4d46c7061c1cc94eb2a25b2	—
hash17fc12902f4769af3a9271eb4e2dacce	—
hash9a4a1581cc3971579574f837e110f3bd6d529dab	—
hash29ae7b30ed8394c509c561f6117ea671ec412da50d435099756bbb257fafb10b	—
hash6eed4ee0cc57126e9a096ab9905f471c	—
hash4f06d376648def0bb8a325e70046a5030d2cb1d1	—
hashdb5a204a34969f60fe4a653f51d64eee024dbf018edea334e8b3df780eda846f	—
hashe61518ae9454a563b8f842286bbdb87b	—
hash82d29b52e35e7938e7ee610c04ea9daaf5e08e90	—
hash9ef7dbd3da51332a78eff19146d21c82957821e464e8133e9594a07d716d892d	—
hashb3370eb3c5ef6c536195b3bea0120929	—
hashb2d863fc444b99c479859ad7f012b840f896172e	—
hash923eb77b3c9e11d6c56052318c119c1a22d11ab71675e6b95d05eeb73d1accd6	—
hash14c8482f302b5e81e3fa1b18a509289d	—
hash16525cb2fd86dce842107eb1ba6174b23f188537	—
hashdcbbae5a1c61dbbbb7dcd6dc5dd1eb1169f5329958d38b58c3fd9384081c9b78	—
hash5d5c99a08a7d927346ca2dafa7973fc1	—
hash189166d382c73c242ba45889d57980548d4ba37e	—
hasha196c6b8ffcb97ffb276d04f354696e2391311db3841ae16c8c9f56f36a38e92	—
hash896e0f54fc67d72d94b40d7885f10c51	—
hash5d60c8507ac9b840a13ffdf19e3315a3e14de66a	—
hash5e0f28bd2d49b73e96a87f5c20283ebe030f4bb39b3107d4d68015dce862991d	—

Url

Value	Description	Copy
urlhttps://cdn.discordapp.com/attachments/945968593030496269/945970446149509130/Client.exe	—
urlhttps://cdn.discordapp.com/attachments/888408190625128461/895633952247799858/n.lashevychdirekcy.atom.gov.ua.zip	—
urldns.test658324901domain.me	—
urlhttps://nssm.cc	—
urlhttps://3proxy.ru	—
urlhttps://cdn.discordapp.com/attachments/928503440139771947/930108637681184768/Tbopbh.jpg	—

Ip

Value	Description	Copy
ip81.17.24.130	—
ip194.26.29.251	—
ip194.26.29.84	—
ip185.245.85.251	—
ip185.245.84.227	—
ip179.43.189.218	—
ip179.43.187.47	—
ip179.43.175.108	—
ip179.43.175.38	—
ip179.43.162.55	—
ip179.43.133.202	—
ip154.21.20.82	—
ip112.132.218.45	—
ip112.51.253.153	—
ip90.131.156.107	—
ip79.124.8.66	—
ip46.101.242.222	—
ip5.226.139.66	—
ip179.43.142.42	—
ip179.43.176.60	—
ip111.111.111.111	—
ip45.141.87.11	—
ip194.26.29.95	—
ip194.26.29.98	—
ip62.173.140.223	—

Domain

Value	Description	Copy
domaininterlinks.top	—
domain3237.site	—
domainsmm2021.net	—
domainnssm.cc	—
domain3proxy.ru	—

File

Value	Description	Copy
fileOfewufeiy.dll	—
filede1f9d1f0336ddcff832ad3900acd2f1	—
filede1f9d1f0336ddcff832ad3900acd2f1_reversed_974e7c0b3660fbf18f29eac059f85ac0	—
fileFrkmlkdkdubkznbkmcf.dll	—
fileTbopbh.jpg	—
filestage2.exe	—
fileTbopbh.exe	—
filestage2.exe; Tbopbh.exe	—
filestage1.exe	—
fileAA24-249A-Russian-Military-Cyber-Actors-Target-US-and-Global-Critical-Infrastructure.stix_.json	—
fileaa24-249a-russian-military-cyber-actors-target-us-and-global-critical-infrastructure.pdf	—

Size in-bytes

Value	Description	Copy
size-in-bytes438272	—
size-in-bytes1772032	—
size-in-bytes280064	—
size-in-bytes280064	—

Text

Value	Description	Copy
text2.1	—
textRussian Military Cyber Actors Target US and Global Critical Infrastructure	—
textAlert	—
textThe Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) assess that cyber actors affiliated with the Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155) are responsible for computer network operations against global targets for the purposes of espionage, sabotage, and reputational harm since at least 2020. GRU Unit 29155 cyber actors began deploying the destructive WhisperGate malware against multiple Ukrainian victim organizations as early as January 13, 2022. These cyber actors are separate from other known and more established GRU-affiliated cyber groups, such as Unit 26165 and Unit 74455.	—
textRussian Military Cyber Actors Target US and Global Critical Infrastructure	—
textAlert	—

Link

Value	Description	Copy
linkhttps://www.cisa.gov/sites/default/files/2024-09/aa24-249a-russian-military-cyber-actors-target-us-and-global-critical-infrastructure.pdf	—
linkhttps://www.cisa.gov/news-events/cybersecurity-advisories/aa24-249a	—

Threat ID: 68367c04182aa0cae230feac

Added to database: 5/28/2025, 2:59:16 AM

Last enriched: 6/27/2025, 11:37:06 AM

Last updated: 8/18/2025, 7:46:35 AM

Related Threats

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

AA24-249A: Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

Affected Countries

Indicators of Compromise

AA24-249A: Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure

Description

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Affected Countries

Technical Details

Indicators of Compromise

Hash

Url

Ip

Domain

File

Size in-bytes

Text

Link

Related Threats

ThreatFox IOCs for 2025-08-17

ThreatFox IOCs for 2025-08-16

ThreatFox IOCs for 2025-08-15

ThreatFox IOCs for 2025-08-14

ThreatFox IOCs for 2025-08-13

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility