{
	"id": "8d362bdd-3b78-4c8a-b817-08642c6b429a",
	"created_at": "2026-04-06T00:14:41.4207Z",
	"updated_at": "2026-04-10T13:11:26.280394Z",
	"deleted_at": null,
	"sha1_hash": "23cafa01c3e13fe4999ebf42997a45347b029a62",
	"title": "Shuckworm Continues Cyber-Espionage Attacks Against Ukraine",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 52903,
	"plain_text": "Shuckworm Continues Cyber-Espionage Attacks Against Ukraine\r\nBy About the Author\r\nArchived: 2026-04-05 15:37:28 UTC\r\nb5066b868c7ddbe0d41ee1526d76914f732ed7ce75ccf69caaefe0fed1c9182c\r\ndepended.exehxxp://92.242.62.131/wordpress.php?is=\r\n[REDACTED]32d24fc67ab84789cd000c22ea377d8c80bcbc27784366a425da2d1874439d09 deputy.exe\r\n40183c41395eccd076a6baf0c16a6c6e7e44f6f6d6366ef885228144f631a9a6\r\ndessert.exehtxxp://78.40.219.12/load.php?individual=\r\n[REDACTED]14061ecc1c870bc941a39451cd6e90c4ec575bbc05c1f2b1362e0d374dc0c06e deep-thinking.exe\r\nhxxp://89.223.65.220/cunning.phpff3e78c8994d3cc1b5c7545ebd5e1dcbab430167f1c3333f4ddad509d06176ed\r\ndemanded.exehxxp://78.40.219.12/cache.php?induce=\r\n[REDACTED]d9b7644923d2250ba6ea374a05f1d7054cc5704a61f196420670412eb79d1d4e deep-versed.exe\r\nhxxp://168.119.228.72/crawled.php53be28a251260e4f6d818a0dcae30280b5db6f1791780bb9bac0633523bf3ac3\r\ndeep-vaulted.exe c561b862934f329f2f524bb019b24f8bd729c00cf8bea5135a6e51148d5d9208 deepmouthed.nls\r\n5c18878e6d36906f9349ea404f0e3fa0e4b4432e663b3d58a738510b3e3c08e2 deermeat.fly\r\n93d8940cde9e12c2a6ab7a13d5ff0973b907ebecf524b18742746a17209c8e3e avidemux.mov\r\nae9e9634a1354f5ee89f838f4297f3d38378db17fac73bf2c59cbdd86ea7812c deering.docx\r\nd83d9fa9cb38abd66e13f4d3b3b6b647facd9ffe28d766685744c6a92e6409b1 deep-thinking.doc\r\nc590724cd5e5813cb43f85a1c89fdc128241398cd677974202524f969813071c deep-sided.fly\r\n5b61e385d9f2801953a6149a6e63bc3790dc686f147e91163584c7833dd3d7b1 deep-thoughted.ppt\r\n18d9744147bde7d2cd4322391f9ee5fa828b4b23ba669e87a71d39ee84fb1278 deck.lnk\r\n223c55ede1303d47b8516546ee2536cce8539d761790fd3b9657ba5bd869040e departed.lnk\r\n2afa203a5589ce0e6c01868b7203edc2fa8faa9c9227d717533cf7e156408e28 deep-six.doc\r\n218b41eabe00c38f42aa51732ac922a43dfab9375ee6db33227a4a66e2c10798 desired.dat\r\na7955a8ed1a3c4634aed8a353038e5ac39412a88481f453c56c9b9cf7479c342 avsvideoeditor.m3u\r\n02c41bddd087522ce60f9376e499dcee6259853dcb50ddad70cb3ef8dd77c200 deep-sunken.exe\r\n43d4d4eeac6ced784911ac4d6b24768d7875347a7d018850d8ee79aaef664286 depart.dat\r\n28f8653c8bf051d19be31b6be9ac00d0220b845757f747358ab116684707fa7a deprive.dat\r\nef6073f7372b4774849db8c64a1b33bd473d3ba10ecadbf4f08575b1d8f06c30 descend.dat\r\n73d5bb5d4dfbdfe0fe845c9bfea06739cc767021b50327ddb4ef040940fed22f deerbrook.ppt\r\n64c291658a2bcba368c87967fd72fabfe0532e4092b4934e91e80cca16ae036d\r\ndeserted.exehxxp://188.225.86.146/load.php?insurance=\r\n[REDACTED]a078871d89d3f8d22ed77dc331000529a0598f27cf56c6eda32943a9ee8a952c descend.dat\r\nfa1821b75cc3931a49cead2242a1b0c8976c1e1d4e7425a80e294e8ddc976061 defy.dat\r\nbc469ecc8ed888e3965377d5eb133c97faacabd1fe0ff49ab8d777ba57c16fd3 demand.dat\r\nf2492a8000e0187a733f86dcf3a13206199e3354a86609967fb572e1079feee2 declare.dat\r\n2f2cad1c9ca8c17aa5bc126df43bfc14dcba3f278d41151bf847278ba1ec940c deep-grown.exe\r\nf216bafa84123bacaabdf4ad622eb80d0e2d8425fd8937dc100d65bdc1af725e deep-musing.mp3\r\nhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine\r\nPage 1 of 7\n\nf10fea8314f0c904b00b2d10cee1d1320bab7afa36220fb9c9953e3382e62bc4 deep-versed.exe\r\nhxxp://188.225.45.240/crawled.php7e703586f6ae3b8c4c0086f5a00254c00debf0273525e4cea216497fe7fcf144\r\ndesolate.dat 50e9f2472966d469807c36b3d464e6bf2cf99b98b00cc62e4edda7180bac061b depended.dat\r\nfce3b4af6b891ee95c1819a1d9ace13b9be20fd50e25ecc3b18b8cb06419f0cb defined.dat\r\nb1c5659bca42a57a8c9408153126eb60cd88168650d747885e3903e051cad023 demonstrate.dat\r\n5e579ac1dae325b86ed964ea00926e902a6d32a7d37d8eed4b40db7caed303f6 deerbrook.docx\r\n55d8fd4e56523725ad11ccacfb618324360c658c5f44c4f157df6a569cb0277b destroyed.dat\r\nb6874d2b8ff8c925960ee7e686aecca6a9fc8ab92e5db66fa110da0430ee0edc declined.dat\r\n5f9bc1ff8ab3d0ced84262a7f8f70d12a5077761eed33540300f809427153f67 defeat.dat\r\n676dd5c0f2cf64b726c69d448fd585e72ac747b808fdfb0dd6a3a32d93607ab5 deceive.dat\r\nbbf7220635908afede0eebc7e83ba2eb836526490d16b15305cacb96f65d6e6d deserter.dat\r\n8a2dfe7f8dcc65b1fcfc0e22d21a6846f682c948da4e887a844d54745d85d316 deepness.ini\r\ne427595a3dd2dc501adb4c083308e4900a13ca571e99117e7939964423ef744a decidedly.dat\r\n89f7d574e51a5ab58296c854ab1889fc6dc2556e8d204ce4b338775b934ad9a8 decorate.lnk\r\n6f4367872de08e9d087f6e8ab874db053eee0cc3aefc80d08f6cf98de7cefd2c deep-thinking.exe\r\nhxxp://37.77.105.102/cunning.php091a1d5b947382d5e95f7e0177e92970618b72f5bb396c2f400fdd496a95c4dc\r\ndeliverance.lnk 78c4fcbd6d12c72fcf132b280c0641ea15566d07b779d37cf2c770c8eae941a2 depth.lnk\r\n521d7daa30ee393c9d5f7ce7f0ecb2d59c6698080932c247752768ae876ffd4a definite.lnk\r\na707e779e5b228f670ed09777ccacfb75af8a36c34323af7790290d70bca0083 deepwater.avi\r\nf59b8a22ee610741acdce9a9cec37b63b0684493dd292323c522fdca72afd1b9\r\ndefender.exehxxp://87.249.54.15/load.php?intelligent=\r\n[REDACTED]5aba3e24b78100834563aa08385ffc7068a241b9bdd99b11a4f527d79f65b4fe\r\ndeparture.exehxxp://92.53.97.112/index.php?irresponsibility=\r\n[REDACTED]41b1e90461b5738deade6858a626c44ba9050b3ea425dc8092ca0d84daddb236 deerberry.exe\r\nhxxp://217.25.94.152/customer.phpad1f796b3590fcee4aeecb321e45481cac5bc022500da2bdc79f768d08081a29\r\ndeerskin.exe\r\nhxxp://188.225.58.51/craft.php6cd7b58ae6036ccbb8a3f9d28239b26da30d60bbcd710c9ffbec4c88a6b602d4\r\ndependent.lnk 1c0110a4f862b54196676c4a77250ea5a5e1ec5be48071f794227769bd25e8de film.exe\r\nhxxp://188.225.25.7/WHATSAAP.php83e631e396dc33b9b05d9d829ba19a20c4b821be35bf081494a79851f2e00dbe\r\ndense.lnk 5271f59f0983382ac3e615265a904d044f8e3825c3d60b3d39a6e9a14bb3e780 deep-versed.exe\r\nhxxp://89.223.120.224/crawled.php86f4ca8ea0fc981c804f1e87147aa2c55f73ddfbc2b0be602af240fad6b36b36\r\ndecision.txt b449513b9eeaace805518125def9edf11b63567701a9275b6dd1bddf831f035f deep-revolving.fly\r\nae05bb40000bc961ce901c082c3c2adb8bd9d8c4cf3f1addc4e75db6c498479a demanded.txt\r\n5dec1de8357b7f1868e62d7c8df8163e3e4ba49ec8c127418affd9c53b85201b film.exe\r\nhxxp://188.225.47.250/WHATSAAP.phpecc9619c534fbaa2f6c630597a58d307badee1ea0a393c10c8c43aa11b65d01b\r\ndecisive.dat f46638bb3b63178b3b0bab886f643b791733178bd5e06fad19e86da978286c52 delightful.lnk\r\nea22414a4a9bed4bcaf8917a25ac853deb150feb693acc78b1ed8ae07cc2ac27 despair.dat\r\n23a3481740118ae04af1699b7c02e9e450ff965d2ec72324481d5cd051394989 decoy.dat\r\n05f1560026ad88eeb6c038239c87057743d942dbc6b64b14526e13d0415768dc defense.dat\r\necadbc36c2ccab444df9b0ff59bcf5592e61d50b87c07fe1d82342058b6aa261 defined.dat\r\ne4afb1d75061ec13d1988bc4990b352cf2a7d474133c3474fd0c3c2e0672fca0 descent.dat\r\nf9259ff9c86927dcf987123ec193e1270b00ae62b7ad6f2757b5689451be0b8a desperate.dat\r\nhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine\r\nPage 2 of 7\n\n9bdb4c7a5072e64446a851829d1303e123d5d8300b99b5c1de382765e7b06eb3 designer.dat\r\n0d4b8e244f19a009cee50252f81da4a2f481da9ddb9b204ef61448d56340c137\r\ndescend.exehxxp://87.249.53.178/set.php?ingratitude=\r\n[REDACTED]82d04cdef87ace65ccf20b3f2623b0115e3413334f681616c67b7f402fad66e0\r\ndesolate.exehxxp://87.249.53.116/cache.php?insane=\r\n[REDACTED]b63c8fcebf1a419c560b84c5e652fe7235c60473a8a1750d2f1307c05e7a6669 delivery.dat\r\n518370ed9b1a507a0e86e82e2bf8a267251691bce822d4b1419f93563937ebad\r\ndelivery.exehxxp://87.249.53.216/sys.php?indoors=\r\n[REDACTED]f14ce6142a54878e5dccbfda83b27bc861b57e1be61d5a669a2875a048516e73 deserves.dat\r\n4de8d004ce3d223a67b89cfa45e837a9f90ce13408215e9c98d5b04820c64088\r\ndelivery.exehxxp://87.249.53.216/sys.php?indoors=\r\n[REDACTED]d26b381e0eb69f5f96cc909103c30976aeba493c6b74e62454ce056c468d18b7 decay.lnk\r\ncdd8844fd9a2680066c4c8730e72a243c3526711664d63414f006a051cd8562a derived.lnk\r\n27a96808f70808396af5c7cfd8e4a5084f2d2f9ccd83637084db05c2325d2832 deserted.lnk\r\nab2547a7b8603c232b226c4c6c8a5696803997a275d46d4d668d35da695b45fc\r\ndeserted.exehxxp://188.225.86.146/load.php?insurance=\r\n[REDACTED]605b252e70e37bc187d19984b38be26832b6957ad003799c82f973924b506c44 deed.lnk\r\nc8110e4ecc260eef020253f0f572a2de038fabf6ba48754cbc67bdd7043f938d deceive.lnk\r\na2075d2c8e274f0976e3541c80809dd602eb9fcc9159a86dca85fd411d79bc7c deprive.lnk\r\n94d273d8f09e20151e39616cafa4d366aa340165930c9d688f58eb408dd7ec1e\r\ndeclared.exehxxp://87.249.44.220/get.php?indignant=\r\n[REDACTED]556151454abeec6ed615489b451d963075cb3ef0b3a17d36d6e0fa81816fe646 declared.lnk\r\nf6fe720f10737e0fdce27de90bdff3f63948c4b05f74b86b11f9b4439e0943d3 delusion.lnk\r\n6ebe07be97ebfb3ff1646bb9f76f7837b81b47b3e5e0707e86b48be5a12fee33 film.exe\r\nhxxp://87.249.49.13/WHATSAAP.php9ac8ad208c37d0176d2b449cfa175e21881b2b37980a716ab6ba591921da8f6f\r\ndense.lnk 5bf5532a1eef0e8b4e648cb0ce392e48d1a5af35c7a6ceedc4464821ff40278c\r\ndetachment.exehxxp://87.249.44.41/time.php?italian=\r\n[REDACTED]0ace5efc8f17a927bf8c82cc5458c9e25730bf48de36b036a75de241f326d581 deploy.lnk\r\n16a89b871c1570c651f019b82367d00b99b0c11cddd90851839956a5dfc6a1b0 deficiency.lnk\r\n1fcf5b775296efe4eadeb39ac04119632f682b76df7b06127946fde5a89f744d detachment.lnk\r\nfcd99df8b7c2774fe2c6163303494bf8f163dcd0d0195bdfe5c2870ddc4b54ad mediatv.mov\r\nb55e0dd02e6131465ac31bfb24aa82a72e183b3b6750d0b891a14a193965c918\r\ndecency.exehxxp://89.223.125.10/time.php?incline=\r\n[REDACTED]612fc508dc63c4c4f8b033c1f5bb2120804263a8949df661b0e3e99e0a8952f5 videotv.m3u Custom\r\nVBS backdoor - Pterodoeb5d54ac8a551f6d5c325cf8b0466834bfa0a68e897ed7282b49663058f53daa\r\ndepended.lnk 3a4f3a39d32715a57c9985690a3fea76140ba832a1bfbb0c6aa3b6270661e12c derived.exe\r\n17b278045a8814170e06d7532e17b831bede8d968ee1a562ca2e9e9b9634c286\r\nderived.exehxxp://188.225.86.146/index.php?initial=\r\n[REDACTED]cadc319a0b08c0403de65f2464789ce027bc5b3ec7e515389047e5b2c447b375 desperately.lnk\r\nde85c2b7f4b773721f7ce87480a7d6fc2ce11c3ba15b6c7adfc29ca84cf1425b detachment.exe\r\ndb3a6f57c76cbc0ca5bd8c1602ca99a311da76e816ad30a15eab22b65b3590bb detachment.lnk\r\n220825ea411ee933315688fbe1af74287bb0703803e514e7f78423d81584581e decisive.dat\r\nhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine\r\nPage 3 of 7\n\n19e471cd9e5ec3b896bf57215974e463dfe6c15cdb2ef8fde61b21a045cb8fe0 defender.dat\r\n57e3e630fa503d93c5847a22f84d5a3129a618f2cdf048837acce94a78204675\r\ndefender.exehxxp://87.249.54.15/load.php?intelligent=\r\n[REDACTED]91411cb1aaf5d5cac6a11278b6235882d27b74bfaed681b278460113ba8f2b89 decide.lnk\r\n734949521e503e6d5d8409f084dd4a26103693a221f2a0e6e643a45f509f07c5 departure.lnk\r\n7f68c1f2e3583f0007659a7f70e3291d0f490eb7eea79955214b224649a1cd37 deity.lnk\r\n49aff7b65ed83c30bb04c7db936d64d5fbead7fdb6db54bb93b5f9b59a8f4eee declared.lnk\r\nd28efce81bb2bd547354861566aea5f02e23e68fbcb4629b3a7ffb763f934256 decent.lnk\r\necec9a36436d41a68a01b91066e5c4d4752fa0282a743628580d179d3bf2358d demolition.lnk\r\n65b9958a72670e8fb8e3edb6d937b020db7e88b02b574704ec9ceae68c4a4e98 deserter.lnk\r\n715973fe6c2bdb98d9c01546345bb66d7dbb83606b66bded271302aac00eeb6e deceived.lnk\r\n7e8cd3cc9010e8d55943a491ad3e915f32c6f623fa7a62b247a5d545dfff6fd8 designed.lnk\r\n47a436b71078dcb85f24dc16e2b7fcb61229f0282a5330ce4f3ddb37a3479801 deerflies.fly\r\nb02a9f20395664f01fd75e7dc2b46a8ddda73221a9d796de5729953d3b3452ee dene.lnk\r\n7188b9e542ab521e23dae4fb4dca88f3f1eb642d20c853f822861e0d19af326b deerberry.exe\r\nhxxp://89.223.67.33/customer.php646f6d84d81d833e1162e56c81c3659f724e7b0801c04abe35492b5e50165663\r\ndeny.lnk 44ef2dde18f13cd5f25f7489c72610eedd56e3f4aa3ba1030f549892f43871e0\r\ndeny.exehxxp://89.223.67.223/cache.php?increasing=\r\n[REDACTED]0a7dd7fbb1ea338aa5c77d19855adaf9864c7a542b68a2818318169b41edb463 delusion.lnk\r\neef073bf432192d1cc0abb5afac8027f8a954b1fa1e8ca0c0b6cbeb31de54d35 delusion.exe\r\nc5a955b3e71defd69804e101709fdf2b62443ebf944ac00933e77bf43dc44327 deliberate.txt\r\n7be21cd8a700a40c00abe025bb605cc7fbfe799a7465aad755370ba2b808e806 dessert.txt\r\nad5759e59dde3338a7c352417331a2faf1465c20205aa865fd474060f7bac8c7\r\ndepended.exehxxp://92.242.62.131/wordpress.php?is=\r\n[REDACTED]e7c2db5122a8ac7629c958d1f0d8a4df32c51e5da3be434ba0035c679aac7bce\r\ndepended.exehxxp://92.242.62.131/wordpress.php?is=\r\n[REDACTED]233924d215d4fcbfbf96b8379a684f6519dd7f217bf54087ca38e23d2f7f6840\r\ndepended.exehxxp://92.242.62.131/wordpress.php?is=\r\n[REDACTED]94a78d5dce553832d61b59e0dda9ef2c33c10634ba4af3acb7fb7cf43be17a5b\r\ndepended.exehxxp://92.242.62.131/wordpress.php?is=\r\n[REDACTED]6a64a8e2202db7f3a77d32b4852b71acf620f96580ca015e8bff8f5a09622032\r\ndepended.exehxxp://92.242.62.131/wordpress.php?is=\r\n[REDACTED]103a6245294ddabf46efe6a13ebf4bb60e922663ce47003411b57f8bfc413e60\r\ndepended.exehxxp://92.242.62.131/wordpress.php?is=\r\n[REDACTED]afb0f54d41dd85157f32b36d0039bf788268847b8609771918c9e28c90184081 deer.lnk\r\n6aaec1520d036cb403592f937d1ce1f57b09baca440def7cbe9740a874252030 delirium.lnk\r\nd93f7fb038abdb8481e6de0008eaf501508c33c7aca8f40fdd384a7b309b31df deserves.lnk\r\n85c14f4a7580623f967b9e9f7120a14bd3291f2177298e6bcb32e234af9bb2a8 smycwtexsedfcwu.wsf\r\nb2c4a9242b8dda270b7742b026812011b733fd7aff12d7f4a242678ee954ed8b depend.lnk\r\nf313221677a7bca63d199ff2e1945866e70d535849d0d64b50b784ecd65a143c\r\ndeputy.exehxxp://94.228.126.157/cache.php?income=\r\n[REDACTED]cf7d5172dc578138725bcc50bf30a82ad09db0ee7d78c6301de10bdfe8108bc8\r\nhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine\r\nPage 4 of 7\n\ndeputy.exehxxp://94.228.126.157/cache.php?income=\r\n[REDACTED]f933791dfb9ea729e75937923690fe86e69e25b17d85aaa12ace29b0657bcf29\r\ndeputy.exehxxp://94.228.126.157/cache.php?income=\r\n[REDACTED]6e96621992288bf003be750b29f48bfdea324d9dfdb4951f0fa0de5070d301df defensive.lnk\r\n33d511a761a663863426dc41499f7d851e9824678ed7d7f481dc4dd680bad9de departed.lnk\r\n47fc29821791bb47ce2e9aebb4ee997b163ea2e6988674d84895ee80baa966f0 deity.lnk\r\n583741d4b693d5af79cda7fc534ce2d404074a10e1efe0010c62339da4a26afd dessert.lnk\r\n989362e61facd0a0d4d9edccb7e67e8fe23b639fb67a533f2518d799be150cbc denote.lnk\r\nf8a90cd8727c9dfad3f850e7195af719a12e4c66f57dcf2671f20b550e0d6578 depart.lnk\r\n557ec4e0314c9f84fa49f9a01287d22d5c3885648a2194fdf9cdbf42356e65a6 delirium.lnk\r\n412a761d6040f097390e4f04b619908856cebc79c76231b5838a96a3b6570b76 denote.lnk\r\n8a4613a05c7dc8c47e8af2fa8244d0f944e8a9230c56c4979e39112a945c415e delicious.lnk\r\nebe0d2bc31e6ab5a5be89bb08f902d3abfa73e4c05ccba7f3f527114f5b82003 demanded.lnk\r\n56331bbea28b502cf83c93bb4cb51d0ba67a175d7faa6b5725526574e7040961 delighted.lnk\r\ncf2ef8f895721d0a2479199bd5ed106f5d504b7d42d7cff65e38b8118299ca48 destitute.lnk\r\n8d501ff6fd5559c6a842bd559cd3a3a96a24846c1bc28137b6625f8d65e8e007 decimal.lnk\r\n13cbf286f1c0739b692cb729db517b092dcb11f8291d5a6ea3595bc382821939 design.lnk\r\ne1fbce179add6e9dc9b58219e14d8bc64f2c8fc979a3c3be97ba14e7f9df2a75 desperate.lnk\r\n6a9fc79e1b1afb091acf3c6c7797061e64f9ee3d5c3bae8c369f77b5f1caa38d default.lnk\r\n7f7a7a3fce9c07b82c55f19119c5d9d9a7da70a24d2a6f73d3727fcfdda502e6 destroyer.lnk\r\n4139524d2b3a350913e96a778cdcc41dfaa08542f59bef8ecc12b66a726c549c deceptive.lnk\r\n6593ff4fe7cea48b838d7cad59a6c65bb1554957fda3d218ff6c073cc80ce9a4 decency.lnk\r\na9bfa4dd1547341d4d2ba29bbec4603e1dda312d2ab56ee4bb313c75e50969dc departments.lnk\r\nbf49e3c80274d3cbda9ea2a60df93c6d38b44ee5cbaa268d9999cb02406f5226 depended.lnk\r\na21ed6591dcd2a38d3e9f26b8cf36197704a5507da3dd14fee95fbf247bc9eba\r\ndepended.exehxxp://92.242.62.131/wordpress.php?is=\r\n[REDACTED]b8960abbdd1526fcaf23beaf30483fc43bf3686fba7edc2a9e833b3c8517f5b0 webmedia.m3u\r\n00aa1fa6e40954f9e2128bc2c2322ffbffc6c8ecfa169efe60285c6c379c6351\r\ndepended.exehxxp://92.242.62.131/wordpress.php?is=\r\n[REDACTED]cd1812e376834efd129a8acc8d840eab498bc4f5955adbf2069620e3f084dce9 tvplaylist.mov\r\n8662d61e6a53184e6b179c23784a01fd5766539e67d6d9150a60902f2939df4c depart.lnk\r\nc65c23de51fbd99621f8473c632e4637994deeae73f599296efb8c7b7d00bae7 destruction.lnk\r\ne1671159e4dd5f2095960a042a20e1c7e188697ef88856063f97dfc8cf8739da defiance.lnk\r\n2c89dab8f7974bf40ae57a4daea817d46fa470df803fcf6e435a2e2cec94068a deputy.lnk\r\n32d24fc67ab84789cd000c22ea377d8c80bcbc27784366a425da2d1874439d09 deputy.exe\r\n62ecf284fd96e9307f7b6bfac3108a3b93cbe76cb15bd325c5b072ff05e9fcf7\r\ndeputy.exehxxp://94.228.126.157/cache.php?income=\r\n[REDACTED]1ea3881d5d03214d6b7e37fb7b10221ef51782080a24cc3e275f42a3c1ea99c1 planeta.exe\r\nhxxp://94.228.126.157/DRIVERS.phpb56531e7fbb4477743f31eda6abef8699f505350b958ba936b9ed94d48a4fa6b\r\nplaneta.exe\r\nhvp://89.223.125.10/DRIVERS.php7cefcf45949e651e583eadacd0c0ae29d23e5440d30eb9f44e2302894c58e713\r\ndelicious.lnk 356140d3c25d86a1ff14a5a34ed99da9398d473241dedb2d1f6413588b347ce2 deployment.lnk\r\nhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine\r\nPage 5 of 7\n\n0bfe7d56dcfb616156fc3069a721a97d403f903aaa996cc95bd433fafb74caa4 planeta.exe\r\nhxxp://89.223.125.10/DRIVERS.phpcb98673e0253dbb8d8f66a982599a02d2539a28d2bfd62e34ffd32df61c34277\r\ndelicate.exehxxp://89.223.125.10/set.php?invaluable=\r\n[REDACTED]23dd82d729e5f6e40bbf1fc7d2afa593d7f84982d39f938fb706d31b3697134e delicate.lnk\r\ncfe679cb37b64f96cc5dcaaa660dccb6dd725989197c9de71c89ed541e6da1c8 deer.lnk\r\n09631b2779858e05b39656940b392db85d627ca5fa525f177159677fc70efa39 decency.lnk\r\n1eacf997ad8ee80f414e6b314337042e457d3eed15f6ebd3281960eec2fd35c5 deputy.lnk\r\n7c5909f6ae4e30ed1bd8625571790d7dc8d721da1bc1f9aaaf7fa464a4541ea4 delivered.lnk\r\n46c9937a0b2dceecb78e3e02526a1c8ac6a21d3460b1af52c1e1b996f14a3442 decidedly.lnk\r\n24543fdb4a5cca5d93a9ffc052c9b0c15ce23999d70cfafa05e59cc31627bce5 deployment.lnk\r\nb7bd622b279d3d3927daa64c7c9bc97887d85fccf360d46158e1c01c96bb6cb5 deliver.lnk\r\nead73958ddba93afc032bdf8ee997510548447a41f3a3dc5a8005a9cb11dced8 deputy.lnk\r\n49dc7b4ae49deedd74e08760e9723cdea4c61286bd3a98149ea9abdf6b81befb dene.lnk\r\ne42a68db9a99b11f97ea2f3ed890cb113b560acf268d1364166152416f61cc16 deliberately.lnk\r\nd546e63f4d4922f0eeeed4203991384a503182fa735c4d779ddc111f04926ecf degree.lnk\r\n9b8d589cd1799935d8cd23852abdd8a055612538536f8b90221351f97d6802aa dedicate.lnk\r\nb46e872375b3c910fb589ab75bf130f7e276c4bcd913705a140ac76d9d373c9e\r\ndeerbrook.ppta20e38bacc979a5aa18f1954df1a2c0558ba23cdc1503af0ad1021c330f1e455\r\ndefiant.exe817901df616c77dd1e5694e3d75aebb3a52464c23a06820517108c74edd07fbc deep-versed.nlsfd9a9dd9c73088d1ffdea85540ee671d8abb6b5ab37d66a760b2350951c784d0\r\nz4z05jn4.egf.exe1ddc9b873fe4f4c8cf8978b6b1bb0e4d9dc07e60ba188ac6a5ad8f162d2a1e8f deep-green.exef6c56a51c1f0139036e80a517a6634d4d87d05cce17c4ca5adc1055b42bf03aa deep-green.exede5a53a3b75e3e730755af09e3cacb7e6d171fc9b1853a7200e5dfb9044ab20a deep-green.exed15a7e69769f4727f7b522995a17a0206ac9450cfb0dfe1fc98fd32272ee5ba7 deep-green.exe45f8a037bf622bbee8ea50e069ffd74f8ffcb2273b3d3a1bd961b5f725de04a0 BAT\r\nfilee78a4ac2af9e94e7ae2c8e8d7099c6449562dc78cd3ce325e7d70da58773740c PE\r\nfile966474abe018536e7224466129b9351a4bd850270f66fbfa206c1279c4f2a04a Text file -\r\nhateful.ico58075401e25cfe4a3abf6864860fc846ec313dc1add20d686990f0d626f2a597 VBS file -\r\nsaviour.ico119f9f69e6fa1f02c1940d1d222ecf67d739c7d240b5ac8d7ec862998fee064d PE file -\r\n2444.tmpd68688e9316c2712a27bd4bbd5e3ed762fb39bd34f1811ce4c0f0ca0480effb5 BAT file -\r\n32161.cmdd8a01f69840c07ace6ae33e2f76e832c22d4513c07e252b6730b6de51c2e4385 PE file -\r\nMSRC4Plugin_for_sc.dsm99c9440a84cdc428ce140de901452eb334faec49f1f6258acdde1ddcbb34376e key file -\r\nrc4.keye9b97d421e01a808bf62e8eb4534c1fc91c7158e1faac57dd7450f285a31041c INI file -\r\nUltraVNC.ini0632bc84e157bfce9a3d0600997faa21e4edb77865f67f598c7ca52f2f351e83 VBS file -\r\nhateful.txtdb49fe96714ebd9707e5cd31e7f366016e45926ff577cce9c34a73ee1b6efcf9 VBS file -\r\n8528.txt98fd1d7dad30f0e68ff190f3891dfef262029f700b75e1958545fd580b0a4a2d VBS file -\r\nscatter.rar476e78c8777a6e344177c71953b27c27b4b572985e70e8a8594ff8b86bf66aa3 Text file -\r\nsavagely.rar33d30cc71324c24c74d7575d7bfaebd578607122cc581f093267a9c511da044b HTA file -\r\nprocexp.hta4b86b7902adda55a9672c41bdfd6eff0ff3d6aa6a5accf8cf2b029e17d9cb25a PE\r\nfile7f97d312d6d7515ecfe7b787a0211c9e8702687e3611e38095d4f16212d75f42 BAT filedeep-pitched.enarto.ruarianat.rudeep-toned.chehalo.ruiruto.rudeer-lick.chehalo.ru\r\nhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine\r\nPage 6 of 7\n\nSource: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine\r\nhttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine\r\nPage 7 of 7",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA",
		"MISPGALAXY",
		"MITRE",
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine"
	],
	"report_names": [
		"shuckworm-gamaredon-espionage-ukraine"
	],
	"threat_actors": [
		{
			"id": "81bd7107-6b2d-45c9-9eea-1843d4b9b308",
			"created_at": "2022-10-25T15:50:23.320841Z",
			"updated_at": "2026-04-10T02:00:05.356444Z",
			"deleted_at": null,
			"main_name": "Gamaredon Group",
			"aliases": [
				"Gamaredon Group",
				"IRON TILDEN",
				"Primitive Bear",
				"ACTINIUM",
				"Armageddon",
				"Shuckworm",
				"DEV-0157",
				"Aqua Blizzard"
			],
			"source_name": "MITRE:Gamaredon Group",
			"tools": [
				"QuietSieve",
				"Pteranodon",
				"Remcos",
				"PowerPunch"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "d5156b55-5d7d-4fb2-836f-861d2e868147",
			"created_at": "2023-01-06T13:46:38.557326Z",
			"updated_at": "2026-04-10T02:00:03.023048Z",
			"deleted_at": null,
			"main_name": "Gamaredon Group",
			"aliases": [
				"ACTINIUM",
				"DEV-0157",
				"Blue Otso",
				"G0047",
				"IRON TILDEN",
				"PRIMITIVE BEAR",
				"Shuckworm",
				"UAC-0010",
				"BlueAlpha",
				"Trident Ursa",
				"Winterflounder",
				"Aqua Blizzard",
				"Actinium"
			],
			"source_name": "MISPGALAXY:Gamaredon Group",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "61940e18-8f90-4ecc-bc06-416c54bc60f9",
			"created_at": "2022-10-25T16:07:23.659529Z",
			"updated_at": "2026-04-10T02:00:04.703976Z",
			"deleted_at": null,
			"main_name": "Gamaredon Group",
			"aliases": [
				"Actinium",
				"Aqua Blizzard",
				"Armageddon",
				"Blue Otso",
				"BlueAlpha",
				"Callisto",
				"DEV-0157",
				"G0047",
				"Iron Tilden",
				"Operation STEADY#URSA",
				"Primitive Bear",
				"SectorC08",
				"Shuckworm",
				"Trident Ursa",
				"UAC-0010",
				"UNC530",
				"Winterflounder"
			],
			"source_name": "ETDA:Gamaredon Group",
			"tools": [
				"Aversome infector",
				"BoneSpy",
				"DessertDown",
				"DilongTrash",
				"DinoTrain",
				"EvilGnome",
				"FRAUDROP",
				"Gamaredon",
				"GammaDrop",
				"GammaLoad",
				"GammaSteel",
				"Gussdoor",
				"ObfuBerry",
				"ObfuMerry",
				"PlainGnome",
				"PowerPunch",
				"Pteranodon",
				"Pterodo",
				"QuietSieve",
				"Remcos",
				"RemcosRAT",
				"Remote Manipulator System",
				"Remvio",
				"Resetter",
				"RuRAT",
				"SUBTLE-PAWS",
				"Socmer",
				"UltraVNC"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "236a8303-bf12-4787-b6d0-549b44271a19",
			"created_at": "2024-06-04T02:03:07.966137Z",
			"updated_at": "2026-04-10T02:00:03.706923Z",
			"deleted_at": null,
			"main_name": "IRON TILDEN",
			"aliases": [
				"ACTINIUM ",
				"Aqua Blizzard ",
				"Armageddon",
				"Blue Otso ",
				"BlueAlpha ",
				"Dancing Salome ",
				"Gamaredon",
				"Gamaredon Group",
				"Hive0051 ",
				"Primitive Bear ",
				"Shuckworm ",
				"Trident Ursa ",
				"UAC-0010 ",
				"UNC530 ",
				"WinterFlounder "
			],
			"source_name": "Secureworks:IRON TILDEN",
			"tools": [
				"Pterodo"
			],
			"source_id": "Secureworks",
			"reports": null
		}
	],
	"ts_created_at": 1775434481,
	"ts_updated_at": 1775826686,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/23cafa01c3e13fe4999ebf42997a45347b029a62.pdf",
		"text": "https://archive.orkl.eu/23cafa01c3e13fe4999ebf42997a45347b029a62.txt",
		"img": "https://archive.orkl.eu/23cafa01c3e13fe4999ebf42997a45347b029a62.jpg"
	}
}