In close coordination with the Security Service of Ukraine, USCYBERCOM’s Cyber National Mission Force is disclosing these indicators of compromise. In the last few months, the Security Service of Ukraine discovered several types of malware in their country, and have analyzed the samples and identified IOCs. The IOCs included 20 novel indicators in various formats.
We are publicly uploading these IOCs to highlight the potential compromises and provide additional context to our industry counterparts.
Our Ukrainian partners are actively sharing malicious activity they find with us to bolster collective cyber security, just as we are sharing with them. We continue to have a strong partnership in cybersecurity between our two nations.
Why IOCs matter: IOCs are evidence of possible intrusions on a host system or network, and act as digital forensics for network defenders of a potential breach. IOCs implementation enables users to search and identify malware within that host system or network. Malware has a specific behavior that can be identified with the implementation of IOCs. Additionally, the file hash is a quick way to look for the malware, because if the file is the same as the malware, it will have the same hash.
CISA encourages users and administrators to review U.S. Cyber Command’s press release, Cyber National Mission Force discloses IOCs from Ukrainian networks, as well as their VirusTotal and GitHub pages for more information. See Mandiant’s report, Evacuation and Humanitarian Documents used to Spear Phish Ukrainian Entities, for additional information.