
Graphiron Threat From Nodaria(UAC-0056) To Ukraine
GraphironNodariaUAC-0056SaintBearEmber Bear
The Russia-linked Nodaria group has installed a new threat, using a wide variety of information from infected computers to play.The Nodaria espionage group (aka UAC-0056) is using a new combination of information stealing malware against browsing in Ukraine. The malware (Infostealer.Graphiron) was designed to gather a wide variety of information written in Go from the infected computer, including system information, credentials, screen content, and files.
Indicators of Compromise
confirmation-request.infoSOCRadar2023-05-02
xbeta.onlineSOCRadar2023-05-02
emailreques-secure.infoSOCRadar2023-05-02
chasereques-secure09.infoSOCRadar2023-05-02
secure-transmmisions.infoSOCRadar2023-05-02
transfer-currently.infoSOCRadar2023-05-02
eumr.siteSOCRadar2023-05-02
shell.runSOCRadar2023-05-02
nirsoft.meSOCRadar2023-05-02
secure09-authrequest.infoSOCRadar2023-05-02
permission-online.infoSOCRadar2023-05-02
blue-escorts.comSOCRadar2023-05-02
forkscenter.frSOCRadar2023-05-02
helponline-auth.infoSOCRadar2023-05-02
APT Groups1
SaintBearRussian Federation
UNC2589TA471Nascent UrsaNodariaEmber BearSaintBearFROZENVISTAUAC-0056Storm-0587Lorec53
Campaign Guidance
Remediation, mitigation, notes, history and related intelligence
Remediations
- Deploy appropriate hardware that can handle known attack types and use the options that are in the hardware that would protect network resources. Again, while bolstering resources will not prevent a DDoS attack from happening, doing so will lessen the impact of an attack.
- Opt for DDoS prevention providers who can implement cloud scrubbing services for attack traffic to remove most of the problematic traffic before it ever hits a victim’s network.
- Keep your website’s content management systems (CMS) up to date.
- Use the latest available version of any active plugins.
- Restrict access to the website management pages.
Reports & References2
Observed Countries4
GE (719)
KG (473)
RU (378)
UA (717)