{ "name": "Shuckworm Targets Foreign Military Mission Based in Ukraine", "slug": "shuckworm-targets-foreign-military-mission-based-in-ukraine", "description": "Russian-linked cyber-espionage group Shuckworm appears to be targeting a Western military mission based in Ukraine, according to research by Symantec and its partner, the UK-based security firm.", "published": "2025-04-10T17:46:39+00:00", "created_at": "2025-04-10T17:46:39+00:00", "modified_at": "2025-04-10T18:12:07+00:00", "created_at_opencti": "2025-04-10T17:46:39+00:00", "author": "", "confidence": null, "report_types": [], "labels": [], "tags": [ "2025-04-10", "armageddon", "c server", "desktop folder", "gamaredon", "gammasteel", "infostealer", "powershell", "shuckworm", "ukraine" ], "related_entities": { "observables": [ { "id": "", "name": "85.92.111.12" }, { "id": "", "name": "64.23.190.235" }, { "id": "", "name": "45.61.166.43" }, { "id": "", "name": "165.232.153.27" }, { "id": "", "name": "159.223.50.199" }, { "id": "", "name": "139.59.136.192" }, { "id": "", "name": "107.189.19.218" }, { "id": "", "name": "107.189.19.137" }, { "id": "", "name": "www.phlovel.ru" }, { "id": "", "name": "https://surfing-programmer-morris-mortality.trycloudflare.com" }, { "id": "", "name": "https://nav-ni-furnished-handy.trycloudflare.com" }, { "id": "", "name": "https://des-cinema-democrat-san.trycloudflare.com/server" }, { "id": "", "name": "https://areas-apps-civic-loving.trycloudflare.com" }, { "id": "", "name": "https://85.92.111.12" }, { "id": "", "name": "http://64.23.190.235/getinfo.php." }, { "id": "", "name": "sleep.crudoes.ru" }, { "id": "", "name": "terry-training-springer-engagement.trycloudflare.com" }, { "id": "", "name": "surfing-programmer-morris-mortality.trycloudflare.com" }, { "id": "", "name": "representatives-liable-sight-tigers.trycloudflare.com" }, { "id": "", "name": "sick-netherlands-alumni-electric.trycloudflare.com" }, { "id": "", "name": "score-adams-coastal-moreover.trycloudflare.com" }, { "id": "", "name": "promptly-allows-pendant-close.trycloudflare.com" }, { "id": "", "name": "presents-turner-cir-hollow.trycloudflare.com" }, { "id": "", "name": "reflection-tomorrow-brook-dakota.trycloudflare.com" }, { "id": "", "name": "position.crudoes.ru" }, { "id": "", "name": "pdt-throwing-pod-places.trycloudflare.com" }, { "id": "", "name": "phpbb-zealand-hop-magnetic.trycloudflare.com" }, { "id": "", "name": "pays-habitat-florists-virtually.trycloudflare.com" }, { "id": "", "name": "over-function-foo-school.trycloudflare.com" }, { "id": "", "name": "obj-sudan-quote-aw.trycloudflare.com" }, { "id": "", "name": "nav-ni-furnished-handy.trycloudflare.com" }, { "id": "", "name": "missouri-itunes-recognize-adds.trycloudflare.com" }, { "id": "", "name": "nail-employed-icon-pre.trycloudflare.com" }, { "id": "", "name": "jon-shopzilla-canada-analytical.trycloudflare.com" }, { "id": "", "name": "hints-heated-terrain-poem.trycloudflare.com" }, { "id": "", "name": "jet-therapy-cape-correctly.trycloudflare.com" }, { "id": "", "name": "ff-susan-config-mod.trycloudflare.com" }, { "id": "", "name": "fee-ss-launch-remedies.trycloudflare.com" }, { "id": "", "name": "farming-alternatively-velvet-warming.trycloudflare.com" }, { "id": "", "name": "eddie-lewis-exercises-conventions.trycloudflare.com" }, { "id": "", "name": "distributors-marble-saddam-much.trycloudflare.com" }, { "id": "", "name": "detector-excluded-knowledgestorm-two.trycloudflare.com" }, { "id": "", "name": "des-cinema-democrat-san.trycloudflare.com" }, { "id": "", "name": "der-grande-transmitted-benchmark.trycloudflare.com" }, { "id": "", "name": "convergence-suffering-reel-ingredients.trycloudflare.com" }, { "id": "", "name": "criterion-receipt-proceeds-fate.trycloudflare.com" }, { "id": "", "name": "cables-tension-bronze-hans.trycloudflare.com" }, { "id": "", "name": "boxes-harvest-cameroon-uniform.trycloudflare.com" }, { "id": "", "name": "beverly-cups-soft-concentrate.trycloudflare.com" }, { "id": "", "name": "belongs-tells-sum-harvest.trycloudflare.com" }, { "id": "", "name": "argentina-references-rapid-selecting.trycloudflare.com" }, { "id": "", "name": "areas-apps-civic-loving.trycloudflare.com" }, { "id": "", "name": "affects-periodic-explorer-broadband.trycloudflare.com" }, { "id": "", "name": "acquisition-gray-advertisements-trained.trycloudflare.com" }, { "id": "", "name": "abraham-lc-happened-ericsson.trycloudflare.com" }, { "id": "", "name": "714aeb3d778bbd03d0c9eaa827ae8c91199ef07d916405b7f4acd470f9a2a437" } ], "malware": [ { "id": "5c02be82-58f2-4b43-b0c5-2e11cc731109", "name": "GammaSteel", "slug": "gammasteel" } ], "intrusion_sets": [ { "id": "8af52407-3bbc-48bf-81ef-80524df928eb", "name": "Gamaredon Group", "slug": "gamaredon-group" } ], "attack_patterns": [ { "id": "a0ffa8a8-8380-445f-b7a7-caeff3a83b65", "name": "T1054" }, { "id": "926a888c-190c-4efb-ab6b-f9d7e6a0fc54", "name": "T1547" } ], "others": [ { "id": "", "name": "Ukraine" } ] }, "external_refs": [ "https://www.security.com/threat-intelligence/shuckworm-ukraine-gammasteel", "https://otx.alienvault.com/pulse/67f82020a26d2eb2bb6d4f1e" ] }