IOC Radar
TLP:WHITE24 IOCs

GhostShell (MB-0009): Targeting Ukraine’s UAV Operations and Defense Supply Chain

SS
Synaptic Systems
Published June 22, 2026Original Report

Threat Actors

Malware Families

Diamond Model

SOCIAL AXISTECHNOLOGY AXISADVERSARYGamaredonINFRASTRUCTUREhttps://cloudaxis.cc/…cdnexpress.cc86.54.25.2CAPABILITYCobalt StrikeMetasploitVidarVICTIMunknown
Adversary(1)
Infrastructure(4)
Capability(3)
Victim

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise24

TypeIndicatorConfidenceScoreFirst Seen
SHA256423c98b9a8ad09bbb0aa24e86c23095ef6a26e30b3db07358927929d2fb2ecb3
file-hashintel-blogmalware
Medium
53
Jun 23, 26
URLhttps://cloudaxis.cc/gsmft/yueu/fkvqld/tvqqwh/ushu/122.exe
intel-blogmalwarenetwork
High
58
Jun 23, 26
SHA256e4d377b339f96c69c3001b854b22decae41883bd31f2f5a8c20f57d931ae0b44
file-hashintel-blogmalware
Medium
53
Jun 23, 26
SHA256c83272741d42a7aa738fbad85e21d0565e50cbf3b72f32b835c225965b3cc207
botnetfile-hashintel-blog
High
86
Jun 22, 26
SHA111145a2322aa5595d27e25cc977ad1b53ce88dcd
file-hashintel-blogmalware
Medium
53
Jun 23, 26
SHA256cff6007dbb9826d0a08865f47a71b31e90c5067c637ac863e360315da984f107
aptespionageexploit
Medium
53
Jun 23, 26
CVECVE-2025-8088
aptespionageexploit
High
61
Jun 2, 26
SHA256ab5681266f70af7df24383f15de876e411fc18e35cb6f24603b12f580b05ccb3
botnetfile-hashintel-blog
High
86
Jun 22, 26
SHA256a8dfa5a35f30c1789ce08b7e16660423bb1545fc8ec7411d24cfd41d1439bb45
file-hashintel-blogmalware
Medium
53
Jun 23, 26
SHA2568de34006dafd990853a45cbe9aaab4ee18c8cd4c1ad0a98fe71f8d63cd60db25
file-hashintel-blogmalware
High
86
Jun 22, 26
SHA256c91874dc34e991e614060d6f16da7d4680e5eb7d36fba489644863f4c6c8cf66
file-hashintel-blogmalware
Medium
53
Jun 23, 26
SHA25659842745dafd1537c3e2187f82fae7791e646a74251fe20d6c8ebaadf5720880
file-hashintel-blogmalware
Medium
53
Jun 23, 26
SHA256a938b7291dbdcdcadb67d560b94bfee366e7f97f06d6f666b25e298c442d8542
file-hashintel-blogmalware
Medium
53
Jun 23, 26
CVECVE-2025-6218
aptespionageexploit
High
61
Jun 2, 26
SHA256b1834634820ae696f0514ca2b6723061f115857232306e573f4d115bc6ead012
c2file-hashintel-blog
High
86
Jun 22, 26
Domaincdnexpress.cc
intel-blogmalwarenetwork
High
58
Jun 23, 26
IP86.54.25.2
aptespionageintel-blog
High
58
Jun 23, 26
URLhttps://cloudaxis.cc/gsmft/yueu/fkvqld/tvqqwh/ushu/update.exe
intel-blogmalwarenetwork
High
58
Jun 23, 26
SHA2563ec6c91d68b416381ac9f6310a9e011f4060369c63416021864a6d5b91e97dc4
file-hashintel-blogmalware
Medium
53
Jun 23, 26
SHA25628f58061348a1c54fa6e7ff6618630259618d4afdf78514d5fccfc993797cdff
botnetfile-hashintel-blog
High
86
Jun 21, 26
SHA25654218a8f2d1acc5d1beb576b970bb5333a4b78b05493754d2d1457ebf22a0ac1
file-hashintel-blogmalware
Medium
53
Jun 23, 26
MD5df587c58c82d7cfb41d966d2fe21cecb
aptespionageexploit
Medium
53
Jun 23, 26
SHA2561d6f3e8583ce84b892097a03b0d4525850f8d3c59dea56482f17e5c44422dc89
file-hashintel-blogmalware
Medium
53
Jun 23, 26
SHA256c5c458a7b1bdfa3cbffdbcd0791912ff19267ad2808a5266a9975b22a53e73e0
file-hashintel-blogmalware
Medium
53
Jun 23, 26

IOC Relationship Graph

IOC Relationship Graph24 total IOCs
SHA256URLSHA1CVEDomainIPMD5
SHA25616URL2CVE2SHA11Domain1IP1MD51Actors1Malware3REPORTGhostShell (MB-0009): TargGamaredonCobalt StrikeMetasploitVidar
scroll to zoom · drag to pan · click IOC to open