Skip to content
/ Ukraine-Cyber-Operations Public
forked from curated-intel/Ukraine-Cyber-Operations

Curated Intelligence is working with analysts from around the world to provide useful information to organisations in Ukraine looking for additional free threat intelligence. Slava Ukraini. Glory to Ukraine.

www.curatedintel.org/
3 stars 91 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

cogsec-collaborative/Ukraine-Cyber-Operations

BranchesTags
 
 

Repository files navigation

logo

Ukraine-Cyber-Operations

Curated Intelligence is working with analysts from around the world to provide useful information to organisations in Ukraine looking for additional free threat intelligence. Slava Ukraini. Glory to Ukraine. (Blog | Twitter | LinkedIn)

timeline

cyberwar

Analyst Comments:

  • 2022-02-25
  • 2022-02-26
  • 2022-02-27
  • 2022-02-28
  • 2022-03-01
    • Additional threat reports and resources have been added
  • 2022-03-02
    • Additional Indicators of Compromise (IOCs) have been added
    • Added vetted YARA rule collection from the Threat Reports by ETAC
    • Added loosely-vetted IOC Threat Hunt Feeds by KPMG-Egyde CTI (h/t 0xDISREL)
      • IOCs shared by these feeds are LOW-TO-MEDIUM CONFIDENCE we strongly recommend NOT adding them to a blocklist
      • These could potentially be used for THREAT HUNTING and could be added to a WATCHLIST
      • IOCs are generated in MISP COMPATIBLE CSV format
  • 2022-03-03
    • Additional threat reports and vendor support resources have been added
    • Updated Log4Shell IOC Threat Hunt Feeds by KPMG-Egyde CTI; not directly related to Ukraine, but still a widespread vulnerability.
    • Added diagram of Russia-Ukraine Cyberwar Participants 2022 by ETAC
    • Additional Indicators of Compromise (IOCs) have been added
  • 2022-03-04
    • Additional Threat Hunt Feed for recently registered Ukrainian domain names (h/t DomainTools)

Threat Reports

Date Source Threat(s) URL
14 JAN SSU Ukraine Website Defacements ssu.gov.ua
15 JAN Microsoft WhisperGate wiper (DEV-0586) microsoft.com
19 JAN Elastic WhisperGate wiper (Operation BleedingBear) elastic.github.io
31 JAN Symantec Gamaredon/Shuckworm/PrimitiveBear (FSB) symantec-enterprise-blogs.security.com
2 FEB RaidForums Access broker "GodLevel" offering Ukrainain algricultural exchange RaidForums [not linked]
2 FEB CERT-UA UAC-0056 using SaintBot and OutSteel malware cert.gov.ua
3 FEB PAN Unit42 Gamaredon/Shuckworm/PrimitiveBear (FSB) unit42.paloaltonetworks.com
4 FEB Microsoft Gamaredon/Shuckworm/PrimitiveBear (FSB) microsoft.com
8 FEB NSFOCUS Lorec53 (aka UAC-0056, EmberBear, BleedingBear) nsfocusglobal.com
15 FEB CERT-UA DDoS attacks against the name server of government websites as well as Oschadbank (State Savings Bank) & Privatbank (largest commercial bank). False SMS and e-mails to create panic cert.gov.ua
23 FEB The Daily Beast Ukrainian troops receive threatening SMS messages thedailybeast.com
23 FEB UK NCSC Sandworm/VoodooBear (GRU) ncsc.gov.uk
23 FEB SentinelLabs HermeticWiper sentinelone.com
24 FEB ESET HermeticWiper welivesecurity.com
24 FEB Symantec HermeticWiper, PartyTicket ransomware, CVE-2021-1636, unknown webshell symantec-enterprise-blogs.security.com
24 FEB Cisco Talos HermeticWiper blog.talosintelligence.com
24 FEB Zscaler HermeticWiper zscaler.com
24 FEB Cluster25 HermeticWiper cluster25.io
24 FEB CronUp Data broker "FreeCivilian" offering multiple .gov.ua twitter.com/1ZRR4H
24 FEB RaidForums Data broker "Featherine" offering diia.gov.ua RaidForums [not linked]
24 FEB DomainTools Unknown scammers twitter.com/SecuritySnacks
25 FEB @500mk500 Gamaredon/Shuckworm/PrimitiveBear (FSB) twitter.com/500mk500
25 FEB @500mk500 Gamaredon/Shuckworm/PrimitiveBear (FSB) twitter.com/500mk500
25 FEB Microsoft HermeticWiper gist.github.com
25 FEB 360 NetLab DDoS (Mirai, Gafgyt, IRCbot, Ripprbot, Moobot) blog.netlab.360.com
25 FEB Conti [themselves] Conti ransomware, BazarLoader Conti News .onion [not linked]
25 FEB CoomingProject [themselves] Data Hostage Group CoomingProject Telegram [not linked]
25 FEB CERT-UA UNC1151/Ghostwriter (Belarus MoD) CERT-UA Facebook
25 FEB Sekoia UNC1151/Ghostwriter (Belarus MoD) twitter.com/sekoia_io
25 FEB @jaimeblascob UNC1151/Ghostwriter (Belarus MoD) twitter.com/jaimeblasco
25 FEB RISKIQ UNC1151/Ghostwriter (Belarus MoD) community.riskiq.com
25 FEB MalwareHunterTeam Unknown phishing twitter.com/malwrhunterteam
25 FEB ESET Unknown scammers twitter.com/ESETresearch
25 FEB BitDefender Unknown scammers blog.bitdefender.com
25 FEB SSSCIP Ukraine Unkown phishing twitter.com/dsszzi
25 FEB RaidForums Data broker "NetSec" offering FSB (likely SMTP accounts) RaidForums [not linked]
25 FEB Zscaler PartyTicket decoy ransomware zscaler.com
25 FEB INCERT GIE Cyclops Blink, HermeticWiper linkedin.com [Login Required]
25 FEB Proofpoint UNC1151/Ghostwriter (Belarus MoD) twitter.com/threatinsight
25 FEB @fr0gger_ HermeticWiper capabilities Overview twitter.com/fr0gger_
25 FEB Netskope HermeticWiper analysis netskope.com
26 FEB BBC Journalist A fake Telegram account claiming to be President Zelensky is posting dubious messages twitter.com/shayan86
26 FEB CERT-UA UNC1151/Ghostwriter (Belarus MoD) CERT_UA Facebook
26 FEB MHT and TRMLabs Unknown scammers, linked to ransomware twitter.com/joes_mcgill
26 FEB US CISA WhisperGate wiper, HermeticWiper cisa.gov
26 FEB Bloomberg Destructive malware (possibly HermeticWiper) deployed at Ukrainian Ministry of Internal Affairs & data stolen from Ukrainian telecommunications networks bloomberg.com
26 FEB Vice Prime Minister of Ukraine IT ARMY of Ukraine created to crowdsource offensive operations against Russian infrastructure twitter.com/FedorovMykhailo
26 FEB Yoroi HermeticWiper yoroi.company
27 FEB LockBit [themselves] LockBit ransomware LockBit .onion [not linked]
27 FEB ALPHV [themselves] ALPHV ransomware vHUMINT [closed source]
27 FEB Mēris Botnet [themselves] DDoS attacks vHUMINT [closed source]
28 FEB Horizon News [themselves] Leak of China's Censorship Order about Ukraine TechARP
28 FEB Microsoft FoxBlade (aka HermeticWiper) Microsoft
28 FEB @heymingwei Potential BGP hijacks attempts against Ukrainian Internet Names Center https://twitter.com/heymingwei
28 FEB @cyberknow20 Stormous ransomware targets Ukraine Ministry of Foreign Affairs twitter.com/cyberknow20
1 MAR ESET IsaacWiper and HermeticWizard welivesecurity.com
1 MAR Proofpoint Ukrainian armed service member's email compromised and sent malspam containing the SunSeed malware (likely TA445/UNC1151/Ghostwriter) proofpoint.com
1 MAR Elastic HermeticWiper elastic.github.io
1 MAR CrowdStrike PartyTicket (aka HermeticRansom), DriveSlayer (aka HermeticWiper) CrowdStrike
2 MAR Zscaler DanaBot operators launch DDoS attacks against the Ukrainian Ministry of Defense zscaler.com
2 MAR Infoblox Ukrainian Support Fraud blogs.infoblox.com
3 MAR @ShadowChasing1 Gamaredon/Shuckworm/PrimitiveBear (FSB) twitter.com/ShadowChasing1
3 MAR @vxunderground News website in Poland was reportedly compromised and the threat actor uploaded anti-Ukrainian propaganda twitter.com/vxunderground
3 MAR @kylaintheburgh Russian botnet on Twitter is pushing "#istandwithputin" and "#istandwithrussia" propaganda (in English) twitter.com/kylaintheburgh
3 MAR @tracerspiff UNC1151/Ghostwriter (Belarus MoD) twitter.com
3 MAR Trustwave Gorenie Fundraising Email Scams trustwave.com
3 MAR Trend Micro Prominent Cyber Attacks in Russia-Ukraine Conflict Trend Micro
4 MAR Interfax CERT-UA warns about mass mailings of malicious software Interfax

Access Brokers

Date Threat(s) Source
23 JAN Access broker "Mont4na" offering UkrFerry RaidForums [not linked]
23 JAN Access broker "Mont4na" offering PrivatBank RaidForums [not linked]
24 JAN Access broker "Mont4na" offering DTEK RaidForums [not linked]
27 FEB KelvinSecurity Sharing list of IP cameras in Ukraine vHUMINT [closed source]
28 FEB "w1nte4mute" looking to buy access to UA and NATO countries (likely ransomware affiliate) vHUMINT [closed source]

Data Brokers

Threat Actor Type Observation Validated Relevance Source
aguyinachair UA data sharing PII DB of ukraine.com (shared as part of a generic compilation) No TA discussion in past 90 days ELeaks Forum [not linked]
an3key UA data sharing DB of Ministry of Communities and Territories Development of Ukraine (minregion[.]gov[.]ua) No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
an3key UA data sharing DB of Ukrainian Ministry of Internal Affairs (wanted[.]mvs[.]gov[.]ua) No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
CorelDraw UA data sharing PII DB (40M) of PrivatBank customers (privatbank[.]ua) No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
CorelDraw UA data sharing DB of "border crossing" DBs of DPR and LPR No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
CorelDraw UA data sharing PII DB (7.5M) of Ukrainian passports No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
CorelDraw UA data sharing PII DB of Ukrainian car registration, license plates, Ukrainian traffic police records No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
CorelDraw UA data sharing PII DB (2.1M) of Ukrainian citizens No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
CorelDraw UA data sharing PII DB (28M) of Ukrainian citizens (passports, drivers licenses, photos) No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
CorelDraw UA data sharing PII DB (1M) of Ukrainian postal/courier service customers (novaposhta[.]ua) No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
CorelDraw UA data sharing PII DB (10M) of Ukrainian telecom customers (vodafone[.]ua) No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
CorelDraw UA data sharing PII DB (3M) of Ukrainian telecom customers (lifecell[.]ua) No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
CorelDraw UA data sharing PII DB (13M) of Ukrainian telecom customers (kyivstar[.]ua) No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
danieltx51 UA data sharing DB of Ministry of Foreign Affairs of Ukraine (mfa[.]gov[.]ua) No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
DueDiligenceCIS UA data sharing PII DB (63M) of Ukrainian citizens (name, DOB, birth country, phone, TIN, passport, family, etc) No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
Featherine UA data sharing DB of Ukrainian 'Diia' e-Governance Portal for Ministry of Digital Transformation of Ukraine No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
FreeCivilian UA data sharing DB of Ministry for Internal Affairs of Ukraine public data search engine (wanted[.]mvs[.]gov[.]ua) No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
FreeCivilian UA data sharing DB of Ministry for Communities and Territories Development of Ukraine (minregion[.]gov[.]ua) No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
FreeCivilian UA data sharing DB of Motor Insurance Bureau of Ukraine (mtsbu[.]ua) No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
FreeCivilian UA data sharing PII DB of Ukrainian digital-medicine provider (medstar[.]ua) No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
FreeCivilian UA data sharing DB of ticket.kyivcity.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of id.kyivcity.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of my.kyivcity.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of portal.kyivcity.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of anti-violence-map.msp.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of dopomoga.msp.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of e-services.msp.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of edu.msp.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of education.msp.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of ek-cbi.msp.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of mail.msp.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of portal-gromady.msp.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of web-minsoc.msp.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of wcs-wim.dsbt.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of bdr.mvs.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of motorsich.com No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of dsns.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of mon.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of minagro.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of zt.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of kmu.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of mvs.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of dsbt.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of forest.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of nkrzi.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of dabi.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of comin.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of dp.dpss.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of esbu.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of mms.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of mova.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of mspu.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of nads.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of reintegration.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of sies.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of sport.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of mepr.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of mfa.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of va.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of mtu.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of cg.mvs.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of ch-tmo.mvs.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of cp.mvs.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of cpd.mvs.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of hutirvilnij-mrc.mvs.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of dndekc.mvs.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of visnyk.dndekc.mvs.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of dpvs.hsc.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of odk.mvs.gov.ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of e-driver[.]hsc[.]gov[.]ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of wanted[.]mvs[.]gov[.]ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of minregeion[.]gov[.]ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of health[.]mia[.]solutions No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of mtsbu[.]ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of motorsich[.]com No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of kyivcity[.]com No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of bdr[.]mvs[.]gov[.]ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of gkh[.]in[.]ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of kmu[.]gov[.]ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of mon[.]gov[.]ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of minagro[.]gov[.]ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
FreeCivilian UA data sharing DB of mfa[.]gov[.]ua No TA discussion in past 90 days FreeCivilian .onion [not linked]
Intel_Data UA data sharing PII DB (56M) of Ukrainian Citizens No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
Kristina UA data sharing DB of Ukrainian National Police (mvs[.]gov[.]ua) No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
NetSec UA data sharing PII DB (53M) of Ukrainian citizens No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
Psycho_Killer UA data sharing PII DB (56M) of Ukrainian Citizens No TA discussion in past 90 days Exploit Forum .onion [not linked]
Sp333 UA data sharing PII DB of Ukrainian and Russian interpreters, translators, and tour guides No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
Vaticano UA data sharing DB of Ukrainian 'Diia' e-Governance Portal for Ministry of Digital Transformation of Ukraine [copy] No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]
Vaticano UA data sharing DB of Ministry for Communities and Territories Development of Ukraine (minregion[.]gov[.]ua) [copy] No TA discussion in past 90 days RaidForums [not linked; site hijacked since UA invasion]

Vendor Support

Vendor Offering URL
Dragos Access to Dragos service if from US/UK/ANZ and in need of ICS cybersecurity support twitter.com/RobertMLee
GreyNoise Any and all Ukrainian emails registered to GreyNoise have been upgraded to VIP which includes full, uncapped enterprise access to all GreyNoise products twitter.com/Andrew___Morris
Recorded Future Providing free intelligence-driven insights, perspectives, and mitigation strategies as the situation in Ukraine evolves recordedfuture.com
Flashpoint Free Access to Flashpoint’s Latest Threat Intel on Ukraine go.flashpoint-intel.com
ThreatABLE A Ukraine tag for free threat intelligence feed that's more highly curated to cyber twitter.com/threatable
Orange IOCs related to Russia-Ukraine 2022 conflict extracted from our Datalake Threat Intelligence platform. github.com/Orange-Cyberdefense
FSecure F-Secure FREEDOME VPN is now available for free in all of Ukraine twitter.com/FSecure
Multiple vendors List of vendors offering their services to Ukraine for free, put together by @chrisculling docs.google.com/spreadsheets
Mandiant Free threat intelligence, webinar and guidance for defensive measures relevant to the situation in Ukraine. mandiant.com
Starlink Satellite internet constellation operated by SpaceX providing satellite Internet access coverage to Ukraine twitter.com/elonmusk
Romania DNSC Romania’s DNSC – in partnership with Bitdefender – will provide technical consulting, threat intelligence and, free of charge, cybersecurity technology to any business, government institution or private citizen of Ukraine for as long as it is necessary. Romania's DNSC Press Release
BitDefender Access to Bitdefender technical consulting, threat intelligence and both consumer and enterprise cybersecurity technology bitdefender.com/ukraine/
NameCheap Free anonymous hosting and domain name registration to any anti-Putin anti-regime and protest websites for anyone located within Russia and Belarus twitter.com/Namecheap
Avast Free decryptor for PartyTicket ransomware decoded.avast.io
Recorded Future Insikt Group’s list of indicators of compromise associated with threat actors and malware related to the Russian cyber actions against Ukraine recordedfuture.com

Vetted OSINT Sources

Handle Affiliation
@KyivIndependent English-language journalism in Ukraine
@IAPonomarenko Defense reporter with The Kyiv Independent
@KyivPost English-language journalism in Ukraine
@Shayan86 BBC World News Disinformation journalist
@Liveuamap Live Universal Awareness Map (“Liveuamap”) independent global news and information site
@DAlperovitch The Alperovitch Institute for Cybersecurity Studies, Founder & Former CTO of CrowdStrike
@COUPSURE OSINT investigator for Centre for Information Resilience
@netblocks London-based Internet's Observatory

Miscellaneous Resources

Source URL Content
PowerOutages.com https://poweroutage.com/ua Tracking PowerOutages across Ukraine
Monash IP Observatory https://twitter.com/IP_Observatory Tracking IP address outages across Ukraine
Project Owl Discord https://discord.com/invite/projectowl Tracking foreign policy, geopolitical events, military and governments, using a Discord-based crowdsourced approach, with a current emphasis on Ukraine and Russia
russianwarchatter.info https://www.russianwarchatter.info/ Known Russian Military Radio Frequencies

About

Curated Intelligence is working with analysts from around the world to provide useful information to organisations in Ukraine looking for additional free threat intelligence. Slava Ukraini. Glory to Ukraine.

www.curatedintel.org/

Resources

Readme
Activity
Custom properties

Stars

3 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • YARA 100.0%