[ { "id": 466052267, "name": "bug-free-memory", "full_name": "Nate0634034090\/bug-free-memory", "owner": { "login": "Nate0634034090", "id": 95479220, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/95479220?v=4", "html_url": "https:\/\/github.com\/Nate0634034090" }, "html_url": "https:\/\/github.com\/Nate0634034090\/bug-free-memory", "description": " ​![​logo​](https:\/\/github.com\/curated-intel\/Ukraine-Cyber-Operations\/blob\/main\/ci-logo.png) ​#​ ​Ukraine-Cyber-Operations ​Curated Intelligence is working with analysts from around the world to provide useful information to organisations in Ukraine looking for additional free threat intelligence. Slava Ukraini. Glory to Ukraine. ([​Blog​](https:\/\/www.curatedintel.org\/2021\/08\/welcome.html) | [​Twitter​](https:\/\/twitter.com\/CuratedIntel) | [​LinkedIn​](https:\/\/www.linkedin.com\/company\/curatedintelligence\/)) ​![​timeline​](https:\/\/github.com\/curated-intel\/Ukraine-Cyber-Operations\/blob\/main\/uacyberopsv2.png) ​![​cyberwar​](https:\/\/github.com\/curated-intel\/Ukraine-Cyber-Operations\/blob\/main\/Russia-Ukraine%20Cyberwar.png) ​###​ ​Analyst Comments: ​-​ 2022-02-25 ​  ​-​ Creation of the initial repository to help organisations in Ukraine ​  ​-​ Added [​Threat Reports​](https:\/\/github.com\/curated-intel\/Ukraine-Cyber-Operations#threat-reports) section ​  ​-​ Added [​Vendor Support​](https:\/\/github.com\/curated-intel\/Ukraine-Cyber-Operations#vendor-support) section ​-​ 2022-02-26 ​  ​-​ Additional resources, chronologically ordered (h\/t Orange-CD) ​  ​-​ Added [​Vetted OSINT Sources​](https:\/\/github.com\/curated-intel\/Ukraine-Cyber-Operations#vetted-osint-sources) section  ​  ​-​ Added [​Miscellaneous Resources​](https:\/\/github.com\/curated-intel\/Ukraine-Cyber-Operations#miscellaneous-resources) section ​-​ 2022-02-27 ​  ​-​ Additional threat reports have been added ​  ​-​ Added [​Data Brokers​](https:\/\/github.com\/curated-intel\/Ukraine-Cyber-Operations\/blob\/main\/README.md#data-brokers) section ​  ​-​ Added [​Access Brokers​](https:\/\/github.com\/curated-intel\/Ukraine-Cyber-Operations\/blob\/main\/README.md#access-brokers) section ​-​ 2022-02-28 ​  ​-​ Added Russian Cyber Operations Against Ukraine Timeline by ETAC ​  ​-​ Added Vetted and Contextualized [​Indicators of Compromise (IOCs)​](https:\/\/github.com\/curated-intel\/Ukraine-Cyber-Operations\/blob\/main\/ETAC_Vetted_UkraineRussiaWar_IOCs.csv) by ETAC ​-​ 2022-03-01 ​  ​-​ Additional threat reports and resources have been added ​-​ 2022-03-02 ​  ​-​ Additional [​Indicators of Compromise (IOCs)​](https:\/\/github.com\/curated-intel\/Ukraine-Cyber-Operations\/blob\/main\/ETAC_Vetted_UkraineRussiaWar_IOCs.csv#L2011) have been added ​  ​-​ Added vetted [​YARA rule collection​](https:\/\/github.com\/curated-intel\/Ukraine-Cyber-Operations\/tree\/main\/yara) from the Threat Reports by ETAC ​  ​-​ Added loosely-vetted [​IOC Threat Hunt Feeds​](https:\/\/github.com\/curated-intel\/Ukraine-Cyber-Operations\/tree\/main\/KPMG-Egyde_Ukraine-Crisis_Feeds\/MISP-CSV_MediumConfidence_Filtered) by KPMG-Egyde CTI (h\/t [​0xDISREL​](https:\/\/twitter.com\/0xDISREL)) ​    ​-​ IOCs shared by these feeds are ​`LOW-TO-MEDIUM CONFIDENCE`​ we strongly recommend NOT adding them to a blocklist ​    ​-​ These could potentially be used for ​`THREAT HUNTING`​ and could be added to a ​`WATCHLIST` ​    ​-​ IOCs are generated in ​`MISP COMPATIBLE`​ CSV format ​-​ 2022-03-03 ​  ​-​ Additional threat reports and vendor support resources have been added ​  ​-​ Updated [​Log4Shell IOC Threat Hunt Feeds​](https:\/\/github.com\/curated-intel\/Log4Shell-IOCs\/tree\/main\/KPMG_Log4Shell_Feeds) by KPMG-Egyde CTI; not directly related to Ukraine, but still a widespread vulnerability. ​  ​-​ Added diagram of Russia-Ukraine Cyberwar Participants 2022 by ETAC ​  ​-​ Additional [​Indicators of Compromise (IOCs)​](https:\/\/github.com\/curated-intel\/Ukraine-Cyber-Operations\/blob\/main\/ETAC_Vetted_UkraineRussiaWar_IOCs.csv#L2042) have been added ​####​ ​`Threat Reports` ​| Date | Source | Threat(s) | URL | ​| --- | --- | --- | --- | ​| 14 JAN | SSU Ukraine | Website Defacements | [ssu.gov.ua](https:\/\/ssu.gov.ua\/novyny\/sbu-rozsliduie-prychetnist-rosiiskykh-spetssluzhb-do-sohodnishnoi-kiberataky-na-orhany-derzhavnoi-vlady-ukrainy)| ​| 15 JAN | Microsoft | WhisperGate wiper (DEV-0586) | [microsoft.com](https:\/\/www.microsoft.com\/security\/blog\/2022\/01\/15\/destructive-malware-targeting-ukrainian-organizations\/) | ​| 19 JAN | Elastic | WhisperGate wiper (Operation BleedingBear) | [elastic.github.io](https:\/\/elastic.github.io\/security-research\/malware\/2022\/01\/01.operation-bleeding-bear\/article\/) | ​| 31 JAN | Symantec | Gamaredon\/Shuckworm\/PrimitiveBear (FSB) | [symantec-enterprise-blogs.security.com](https:\/\/symantec-enterprise-blogs.security.com\/blogs\/threat-intelligence\/shuckworm-gamaredon-espionage-ukraine) | ​| 2 FEB | RaidForums | Access broker \"GodLevel\" offering Ukrainain algricultural exchange | RaidForums [not linked] | ​| 2 FEB | CERT-UA | UAC-0056 using SaintBot and OutSteel malware | [cert.gov.ua](https:\/\/cert.gov.ua\/article\/18419) | ​| 3 FEB | PAN Unit42 | Gamaredon\/Shuckworm\/PrimitiveBear (FSB) | [unit42.paloaltonetworks.com](https:\/\/unit42.paloaltonetworks.com\/gamaredon-primitive-bear-ukraine-update-2021\/) | ​| 4 FEB | Microsoft | Gamaredon\/Shuckworm\/PrimitiveBear (FSB) | [microsoft.com](https:\/\/www.microsoft.com\/security\/blog\/2022\/02\/04\/actinium-targets-ukrainian-organizations\/) | ​| 8 FEB | NSFOCUS | Lorec53 (aka UAC-0056, EmberBear, BleedingBear) | [nsfocusglobal.com](https:\/\/nsfocusglobal.com\/apt-retrospection-lorec53-an-active-russian-hack-group-launched-phishing-attacks-against-georgian-government) | ​| 15 FEB | CERT-UA | DDoS attacks against the name server of government websites as well as Oschadbank (State Savings Bank) & Privatbank (largest commercial bank). False SMS and e-mails to create panic | [cert.gov.ua](https:\/\/cert.gov.ua\/article\/37139) | ​| 23 FEB | The Daily Beast | Ukrainian troops receive threatening SMS messages | [thedailybeast.com](https:\/\/www.thedailybeast.com\/cyberattacks-hit-websites-and-psy-ops-sms-messages-targeting-ukrainians-ramp-up-as-russia-moves-into-ukraine) | ​| 23 FEB | UK NCSC | Sandworm\/VoodooBear (GRU) | [ncsc.gov.uk](https:\/\/www.ncsc.gov.uk\/files\/Joint-Sandworm-Advisory.pdf) | ​| 23 FEB | SentinelLabs | HermeticWiper | [sentinelone.com]( https:\/\/www.sentinelone.com\/labs\/hermetic-wiper-ukraine-under-attack\/ ) | ​| 24 FEB | ESET | HermeticWiper | [welivesecurity.com](https:\/\/www.welivesecurity.com\/2022\/02\/24\/hermeticwiper-new-data-wiping-malware-hits-ukraine\/) | ​| 24 FEB | Symantec | HermeticWiper, PartyTicket ransomware, CVE-2021-1636, unknown webshell | [symantec-enterprise-blogs.security.com](https:\/\/symantec-enterprise-blogs.security.com\/blogs\/threat-intelligence\/ukraine-wiper-malware-russia) | ​| 24 FEB | Cisco Talos | HermeticWiper | [blog.talosintelligence.com](https:\/\/blog.talosintelligence.com\/2022\/02\/threat-advisory-hermeticwiper.html) | ​| 24 FEB | Zscaler | HermeticWiper | [zscaler.com](https:\/\/www.zscaler.com\/blogs\/security-research\/hermetic-wiper-resurgence-targeted-attacks-ukraine) | ​| 24 FEB | Cluster25 | HermeticWiper | [cluster25.io](https:\/\/cluster25.io\/2022\/02\/24\/ukraine-analysis-of-the-new-disk-wiping-malware\/) | ​| 24 FEB | CronUp | Data broker \"FreeCivilian\" offering multiple .gov.ua | [twitter.com\/1ZRR4H](https:\/\/twitter.com\/1ZRR4H\/status\/1496931721052311557)| ​| 24 FEB | RaidForums | Data broker \"Featherine\" offering diia.gov.ua | RaidForums [not linked] | ​| 24 FEB | DomainTools | Unknown scammers | [twitter.com\/SecuritySnacks](https:\/\/twitter.com\/SecuritySnacks\/status\/1496956492636905473?s=20&t=KCIX_1Ughc2Fs6Du-Av0Xw) | ​| 25 FEB | @500mk500 | Gamaredon\/Shuckworm\/PrimitiveBear (FSB) | [twitter.com\/500mk500](https:\/\/twitter.com\/500mk500\/status\/1497339266329894920?s=20&t=opOtwpn82ztiFtwUbLkm9Q) | ​| 25 FEB | @500mk500 | Gamaredon\/Shuckworm\/PrimitiveBear (FSB) | [twitter.com\/500mk500](https:\/\/twitter.com\/500mk500\/status\/1497208285472215042)| ​| 25 FEB | Microsoft | HermeticWiper | [gist.github.com](https:\/\/gist.github.com\/fr0gger\/7882fde2b1b271f9e886a4a9b6fb6b7f) | ​| 25 FEB | 360 NetLab | DDoS (Mirai, Gafgyt, IRCbot, Ripprbot, Moobot) | [blog.netlab.360.com](https:\/\/blog.netlab.360.com\/some_details_of_the_ddos_attacks_targeting_ukraine_and_russia_in_recent_days\/) | ​| 25 FEB | Conti [themselves] | Conti ransomware, BazarLoader | Conti News .onion [not linked] | ​| 25 FEB | CoomingProject [themselves] | Data Hostage Group | CoomingProject Telegram [not linked] | ​| 25 FEB | CERT-UA | UNC1151\/Ghostwriter (Belarus MoD) | [CERT-UA Facebook](https:\/\/facebook.com\/story.php?story_fbid=312939130865352&id=100064478028712)| ​| 25 FEB | Sekoia | UNC1151\/Ghostwriter (Belarus MoD) | [twitter.com\/sekoia_io](https:\/\/twitter.com\/sekoia_io\/status\/1497239319295279106) | ​| 25 FEB | @jaimeblascob | UNC1151\/Ghostwriter (Belarus MoD) | [twitter.com\/jaimeblasco](https:\/\/twitter.com\/jaimeblascob\/status\/1497242668627370009)| ​| 25 FEB | RISKIQ | UNC1151\/Ghostwriter (Belarus MoD) | [community.riskiq.com](https:\/\/community.riskiq.com\/article\/e3a7ceea\/) | ​| 25 FEB | MalwareHunterTeam | Unknown phishing | [twitter.com\/malwrhunterteam](https:\/\/twitter.com\/malwrhunterteam\/status\/1497235270416097287) | ​| 25 FEB | ESET | Unknown scammers | [twitter.com\/ESETresearch](https:\/\/twitter.com\/ESETresearch\/status\/1497194165561659394) | ​| 25 FEB | BitDefender | Unknown scammers | [blog.bitdefender.com](https:\/\/blog.bitdefender.com\/blog\/hotforsecurity\/cybercriminals-deploy-spam-campaign-as-tens-of-thousands-of-ukrainians-seek-refuge-in-neighboring-countries\/) | ​| 25 FEB | SSSCIP Ukraine | Unkown phishing | [twitter.com\/dsszzi](https:\/\/twitter.com\/dsszzi\/status\/1497103078029291522) | ​| 25 FEB | RaidForums | Data broker \"NetSec\"  offering FSB (likely SMTP accounts) | RaidForums [not linked] | ​| 25 FEB | Zscaler | PartyTicket decoy ransomware | [zscaler.com](https:\/\/www.zscaler.com\/blogs\/security-research\/technical-analysis-partyticket-ransomware) | ​| 25 FEB | INCERT GIE | Cyclops Blink, HermeticWiper | [linkedin.com](https:\/\/www.linkedin.com\/posts\/activity-6902989337210740736-XohK) [Login Required] | ​| 25 FEB | Proofpoint | UNC1151\/Ghostwriter (Belarus MoD) | [twitter.com\/threatinsight](https:\/\/twitter.com\/threatinsight\/status\/1497355737844133895?s=20&t=Ubi0tb_XxGCbHLnUoQVp8w) | ​| 25 FEB | @fr0gger_ | HermeticWiper capabilities Overview | [twitter.com\/fr0gger_](https:\/\/twitter.com\/fr0gger_\/status\/1497121876870832128?s=20&t=_296n0bPeUgdXleX02M9mg) ​| 26 FEB | BBC Journalist | A fake Telegram account claiming to be President Zelensky is posting dubious messages | [twitter.com\/shayan86](https:\/\/twitter.com\/shayan86\/status\/1497485340738785283?s=21) | ​| 26 FEB | CERT-UA | UNC1151\/Ghostwriter (Belarus MoD) | [CERT_UA Facebook](https:\/\/facebook.com\/story.php?story_fbid=313517477474184&id=100064478028712) | ​| 26 FEB | MHT and TRMLabs | Unknown scammers, linked to ransomware | [twitter.com\/joes_mcgill](https:\/\/twitter.com\/joes_mcgill\/status\/1497609555856932864?s=20&t=KCIX_1Ughc2Fs6Du-Av0Xw) | ​| 26 FEB | US CISA | WhisperGate wiper, HermeticWiper | [cisa.gov](https:\/\/www.cisa.gov\/uscert\/ncas\/alerts\/aa22-057a) | ​| 26 FEB | Bloomberg | Destructive malware (possibly HermeticWiper) deployed at Ukrainian Ministry of Internal Affairs & data stolen from Ukrainian telecommunications networks | [bloomberg.com](https:\/\/www.bloomberg.com\/news\/articles\/2022-02-26\/hackers-destroyed-data-at-key-ukraine-agency-before-invasion?sref=ylv224K8) | ​| 26 FEB | Vice Prime Minister of Ukraine | IT ARMY of Ukraine created to crowdsource offensive operations against Russian infrastructure | [twitter.com\/FedorovMykhailo](https:\/\/twitter.com\/FedorovMykhailo\/status\/1497642156076511233) | ​| 26 FEB | Yoroi | HermeticWiper | [yoroi.company](https:\/\/yoroi.company\/research\/diskkill-hermeticwiper-a-disruptive-cyber-weapon-targeting-ukraines-critical-infrastructures) | ​| 27 FEB | LockBit [themselves] | LockBit ransomware | LockBit .onion [not linked] |  ​| 27 FEB | ALPHV [themselves] | ALPHV ransomware | vHUMINT [closed source] | ​| 27 FEB | Mēris Botnet [themselves] | DDoS attacks | vHUMINT [closed source] | ​| 28 FEB | Horizon News [themselves] | Leak of China's Censorship Order about Ukraine | [TechARP](https:\/\/www-techarp-com.cdn.ampproject.org\/c\/s\/www.techarp.com\/internet\/chinese-media-leaks-ukraine-censor\/?amp=1)| ​| 28 FEB | Microsoft | FoxBlade (aka HermeticWiper) | [Microsoft](https:\/\/blogs.microsoft.com\/on-the-issues\/2022\/02\/28\/ukraine-russia-digital-war-cyberattacks\/?preview_id=65075) | ​| 28 FEB | @heymingwei | Potential BGP hijacks attempts against Ukrainian Internet Names Center | [https:\/\/twitter.com\/heymingwei](https:\/\/twitter.com\/heymingwei\/status\/1498362715198263300?s=20&t=Ju31gTurYc8Aq_yZMbvbxg) | ​| 28 FEB | @cyberknow20 | Stormous ransomware targets Ukraine Ministry of Foreign Affairs | [twitter.com\/cyberknow20](https:\/\/twitter.com\/cyberknow20\/status\/1498434090206314498?s=21) |  ​| 1 MAR | ESET | IsaacWiper and HermeticWizard | [welivesecurity.com](https:\/\/www.welivesecurity.com\/2022\/03\/01\/isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine\/) | ​| 1 MAR | Proofpoint | Ukrainian armed service member's email compromised and sent malspam containing the SunSeed malware (likely TA445\/UNC1151\/Ghostwriter) | [proofpoint.com](https:\/\/www.proofpoint.com\/us\/blog\/threat-insight\/asylum-ambuscade-state-actor-uses-compromised-private-ukrainian-military-emails) | ​| 1 MAR | Elastic | HermeticWiper | [elastic.github.io](https:\/\/elastic.github.io\/security-research\/intelligence\/2022\/03\/01.hermeticwiper-targets-ukraine\/article\/) | ​| 1 MAR | CrowdStrike | PartyTicket (aka HermeticRansom), DriveSlayer (aka HermeticWiper) | [CrowdStrike](https:\/\/www.crowdstrike.com\/blog\/how-to-decrypt-the-partyticket-ransomware-targeting-ukraine\/) | ​| 2 MAR | Zscaler | DanaBot operators launch DDoS attacks against the Ukrainian Ministry of Defense | [zscaler.com](https:\/\/www.zscaler.com\/blogs\/security-research\/danabot-launches-ddos-attack-against-ukrainian-ministry-defense) | ​| 3 MAR | @ShadowChasing1 | Gamaredon\/Shuckworm\/PrimitiveBear (FSB) | [twitter.com\/ShadowChasing1](https:\/\/twitter.com\/ShadowChasing1\/status\/1499361093059153921) | ​| 3 MAR | @vxunderground | News website in Poland was reportedly compromised and the threat actor uploaded anti-Ukrainian propaganda | [twitter.com\/vxunderground](https:\/\/twitter.com\/vxunderground\/status\/1499374914758918151?s=20&t=jyy9Hnpzy-5P1gcx19bvIA) | ​| 3 MAR | @kylaintheburgh | Russian botnet on Twitter is pushing \"#istandwithputin\" and \"#istandwithrussia\" propaganda (in English) | [twitter.com\/kylaintheburgh](https:\/\/twitter.com\/kylaintheburgh\/status\/1499350578371067906?s=21) | ​| 3 MAR | @tracerspiff | UNC1151\/Ghostwriter (Belarus MoD) | [twitter.com](https:\/\/twitter.com\/tracerspiff\/status\/1499444876810854408?s=21) | ​####​ ​`Access Brokers` ​| Date | Threat(s) | Source | ​| --- | --- | --- | ​| 23 JAN | Access broker \"Mont4na\" offering UkrFerry | RaidForums [not linked] | ​| 23 JAN | Access broker \"Mont4na\" offering PrivatBank | RaidForums [not linked] | ​| 24 JAN | Access broker \"Mont4na\" offering DTEK | RaidForums [not linked] | ​| 27 FEB | KelvinSecurity Sharing list of IP cameras in Ukraine | vHUMINT [closed source] | ​| 28 FEB | \"w1nte4mute\" looking to buy access to UA and NATO countries (likely ransomware affiliate) | vHUMINT [closed source] | ​####​ ​`Data Brokers` ​| Threat Actor    | Type            | Observation                                                                                               | Validated | Relevance                     | Source                                                     | ​| --------------- | --------------- | --------------------------------------------------------------------------------------------------------- | --------- | ----------------------------- | ---------------------------------------------------------- | ​| aguyinachair    | UA data sharing | PII DB of ukraine.com (shared as part of a generic compilation)                                           | No        | TA discussion in past 90 days | ELeaks Forum \\[not linked\\]                                | ​| an3key          | UA data sharing | DB of Ministry of Communities and Territories Development of Ukraine (minregion\\[.\\]gov\\[.\\]ua)           | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| an3key          | UA data sharing | DB of Ukrainian Ministry of Internal Affairs (wanted\\[.\\]mvs\\[.\\]gov\\[.\\]ua)                              | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| CorelDraw       | UA data sharing | PII DB (40M) of PrivatBank customers (privatbank\\[.\\]ua)                                                  | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| CorelDraw       | UA data sharing | DB of \"border crossing\" DBs of DPR and LPR                                                                | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| CorelDraw       | UA data sharing | PII DB (7.5M) of Ukrainian passports                                                                      | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| CorelDraw       | UA data sharing | PII DB of Ukrainian car registration, license plates, Ukrainian traffic police records                    | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| CorelDraw       | UA data sharing | PII DB (2.1M) of Ukrainian citizens                                                                       | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| CorelDraw       | UA data sharing | PII DB (28M) of Ukrainian citizens (passports, drivers licenses, photos)                                  | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| CorelDraw       | UA data sharing | PII DB (1M) of Ukrainian postal\/courier service customers (novaposhta\\[.\\]ua)                             | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| CorelDraw       | UA data sharing | PII DB (10M) of Ukrainian telecom customers (vodafone\\[.\\]ua)                                             | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| CorelDraw       | UA data sharing | PII DB (3M) of Ukrainian telecom customers (lifecell\\[.\\]ua)                                              | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| CorelDraw       | UA data sharing | PII DB (13M) of Ukrainian telecom customers (kyivstar\\[.\\]ua)                                             | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| danieltx51      | UA data sharing | DB of Ministry of Foreign Affairs of Ukraine (mfa\\[.\\]gov\\[.\\]ua)                                         | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| DueDiligenceCIS | UA data sharing | PII DB (63M) of Ukrainian citizens (name, DOB, birth country, phone, TIN, passport, family, etc)          | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| Featherine      | UA data sharing | DB of Ukrainian 'Diia' e-Governance Portal for Ministry of Digital Transformation of Ukraine              | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| FreeCivilian    | UA data sharing | DB of Ministry for Internal Affairs of Ukraine public data search engine (wanted\\[.\\]mvs\\[.\\]gov\\[.\\]ua)  | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| FreeCivilian    | UA data sharing | DB of Ministry for Communities and Territories Development of Ukraine (minregion\\[.\\]gov\\[.\\]ua)          | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| FreeCivilian    | UA data sharing | DB of Motor Insurance Bureau of Ukraine (mtsbu\\[.\\]ua)                                                    | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| FreeCivilian    | UA data sharing | PII DB of Ukrainian digital-medicine provider (medstar\\[.\\]ua)                                            | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| FreeCivilian    | UA data sharing | DB of ticket.kyivcity.gov.ua                                                                              | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of id.kyivcity.gov.ua                                                                                  | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of my.kyivcity.gov.ua                                                                                  | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of portal.kyivcity.gov.ua                                                                              | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of anti-violence-map.msp.gov.ua                                                                        | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of dopomoga.msp.gov.ua                                                                                 | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of e-services.msp.gov.ua                                                                               | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of edu.msp.gov.ua                                                                                      | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of education.msp.gov.ua                                                                                | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of ek-cbi.msp.gov.ua                                                                                   | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of mail.msp.gov.ua                                                                                     | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of portal-gromady.msp.gov.ua                                                                           | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of web-minsoc.msp.gov.ua                                                                               | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of wcs-wim.dsbt.gov.ua                                                                                 | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of bdr.mvs.gov.ua                                                                                      | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of motorsich.com                                                                                       | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of dsns.gov.ua                                                                                         | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of mon.gov.ua                                                                                          | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of minagro.gov.ua                                                                                      | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of zt.gov.ua                                                                                           | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of kmu.gov.ua                                                                                          | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of mvs.gov.ua                                                                                          | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of dsbt.gov.ua                                                                                         | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of forest.gov.ua                                                                                       | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of nkrzi.gov.ua                                                                                        | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of dabi.gov.ua                                                                                         | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of comin.gov.ua                                                                                        | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of dp.dpss.gov.ua                                                                                      | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of esbu.gov.ua                                                                                         | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of mms.gov.ua                                                                                          | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of mova.gov.ua                                                                                         | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of mspu.gov.ua                                                                                         | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of nads.gov.ua                                                                                         | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of reintegration.gov.ua                                                                                | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of sies.gov.ua                                                                                         | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of sport.gov.ua                                                                                        | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of mepr.gov.ua                                                                                         | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of mfa.gov.ua                                                                                          | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of va.gov.ua                                                                                           | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of mtu.gov.ua                                                                                          | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of cg.mvs.gov.ua                                                                                       | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of ch-tmo.mvs.gov.ua                                                                                   | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of cp.mvs.gov.ua                                                                                       | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of cpd.mvs.gov.ua                                                                                      | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of hutirvilnij-mrc.mvs.gov.ua                                                                          | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of dndekc.mvs.gov.ua                                                                                   | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of visnyk.dndekc.mvs.gov.ua                                                                            | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of dpvs.hsc.gov.ua                                                                                     | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of odk.mvs.gov.ua                                                                                      | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of e-driver\\[.\\]hsc\\[.\\]gov\\[.\\]ua                                                                     | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of wanted\\[.\\]mvs\\[.\\]gov\\[.\\]ua                                                                       | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of minregeion\\[.\\]gov\\[.\\]ua                                                                           | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of health\\[.\\]mia\\[.\\]solutions                                                                        | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of mtsbu\\[.\\]ua                                                                                        | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of motorsich\\[.\\]com                                                                                   | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of kyivcity\\[.\\]com                                                                                    | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of bdr\\[.\\]mvs\\[.\\]gov\\[.\\]ua                                                                          | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of gkh\\[.\\]in\\[.\\]ua                                                                                   | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of kmu\\[.\\]gov\\[.\\]ua                                                                                  | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of mon\\[.\\]gov\\[.\\]ua                                                                                  | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of minagro\\[.\\]gov\\[.\\]ua                                                                              | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| FreeCivilian    | UA data sharing | DB of mfa\\[.\\]gov\\[.\\]ua                                                                                  | No        | TA discussion in past 90 days | FreeCivilian .onion \\[not linked\\]                         | ​| Intel\\_Data     | UA data sharing | PII DB (56M) of Ukrainian Citizens                                                                        | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| Kristina        | UA data sharing | DB of Ukrainian National Police (mvs\\[.\\]gov\\[.\\]ua)                                                      | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| NetSec          | UA data sharing | PII DB (53M) of Ukrainian citizens                                                                        | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| Psycho\\_Killer  | UA data sharing | PII DB (56M) of Ukrainian Citizens                                                                        | No        | TA discussion in past 90 days | Exploit Forum .onion \\[not linked\\]                        | ​| Sp333           | UA data sharing | PII DB of Ukrainian and Russian interpreters, translators, and tour guides                                | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| Vaticano        | UA data sharing | DB of Ukrainian 'Diia' e-Governance Portal for Ministry of Digital Transformation of Ukraine \\[copy\\]     | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​| Vaticano        | UA data sharing | DB of Ministry for Communities and Territories Development of Ukraine (minregion\\[.\\]gov\\[.\\]ua) \\[copy\\] | No        | TA discussion in past 90 days | RaidForums \\[not linked; site hijacked since UA invasion\\] | ​####​ ​`Vendor Support` ​| Vendor | Offering | URL | ​| --- | --- | --- | ​| Dragos | Access to Dragos service if from US\/UK\/ANZ and in need of ICS cybersecurity support | [twitter.com\/RobertMLee](https:\/\/twitter.com\/RobertMLee\/status\/1496862093588455429) | ​| GreyNoise |  Any and all `Ukrainian` emails registered to GreyNoise have been upgraded to VIP which includes full, uncapped enterprise access to all GreyNoise products | [twitter.com\/Andrew___Morris](https:\/\/twitter.com\/Andrew___Morris\/status\/1496923545712091139) | ​| Recorded Future | Providing free intelligence-driven insights, perspectives, and mitigation strategies as the situation in Ukraine evolves| [recordedfuture.com](https:\/\/www.recordedfuture.com\/ukraine\/) | ​| Flashpoint | Free Access to Flashpoint’s Latest Threat Intel on Ukraine | [go.flashpoint-intel.com](https:\/\/go.flashpoint-intel.com\/trial\/access\/30days) | ​| ThreatABLE | A Ukraine tag for free threat intelligence feed that's more highly curated to cyber| [twitter.com\/threatable](https:\/\/twitter.com\/threatable\/status\/1497233721803644950) | ​| Orange | IOCs related to Russia-Ukraine 2022 conflict extracted from our Datalake Threat Intelligence platform. | [github.com\/Orange-Cyberdefense](https:\/\/github.com\/Orange-Cyberdefense\/russia-ukraine_IOCs)| ​| FSecure | F-Secure FREEDOME VPN is now available for free in all of Ukraine | [twitter.com\/FSecure](https:\/\/twitter.com\/FSecure\/status\/1497248407303462960) | ​| Multiple vendors | List of vendors offering their services to Ukraine for free, put together by [@chrisculling](https:\/\/twitter.com\/chrisculling\/status\/1497023038323404803) | [docs.google.com\/spreadsheets](https:\/\/docs.google.com\/spreadsheets\/d\/18WYY9p1_DLwB6dnXoiiOAoWYD8X0voXtoDl_ZQzjzUQ\/edit#gid=0) | ​| Mandiant | Free threat intelligence, webinar and guidance for defensive measures relevant to the situation in Ukraine. | [mandiant.com](https:\/\/www.mandiant.com\/resources\/insights\/ukraine-crisis-resource-center) | ​| Starlink | Satellite internet constellation operated by SpaceX providing satellite Internet access coverage to Ukraine | [twitter.com\/elonmusk](https:\/\/twitter.com\/elonmusk\/status\/1497701484003213317) | ​| Romania DNSC | Romania’s DNSC – in partnership with Bitdefender – will provide technical consulting, threat intelligence and, free of charge, cybersecurity technology to any business, government institution or private citizen of Ukraine for as long as it is necessary. | [Romania's DNSC Press Release](https:\/\/dnsc.ro\/citeste\/press-release-dnsc-and-bitdefender-work-together-in-support-of-ukraine)| ​| BitDefender | Access to Bitdefender technical consulting, threat intelligence and both consumer and enterprise cybersecurity technology | [bitdefender.com\/ukraine\/](https:\/\/www.bitdefender.com\/ukraine\/) | ​| NameCheap | Free anonymous hosting and domain name registration to any anti-Putin anti-regime and protest websites for anyone located within Russia and Belarus | [twitter.com\/Namecheap](https:\/\/twitter.com\/Namecheap\/status\/1498998414020861953) | ​| Avast | Free decryptor for PartyTicket ransomware | [decoded.avast.io](https:\/\/decoded.avast.io\/threatresearch\/help-for-ukraine-free-decryptor-for-hermeticransom-ransomware\/) |  ​####​ ​`Vetted OSINT Sources` ​| Handle | Affiliation | ​| --- | --- | ​| [@KyivIndependent](https:\/\/twitter.com\/KyivIndependent) | English-language journalism in Ukraine | ​| [@IAPonomarenko](https:\/\/twitter.com\/IAPonomarenko) | Defense reporter with The Kyiv Independent | ​| [@KyivPost](https:\/\/twitter.com\/KyivPost) | English-language journalism in Ukraine | ​| [@Shayan86](https:\/\/twitter.com\/Shayan86) | BBC World News Disinformation journalist | ​| [@Liveuamap](https:\/\/twitter.com\/Liveuamap) | Live Universal Awareness Map (“Liveuamap”) independent global news and information site | ​| [@DAlperovitch](https:\/\/twitter.com\/DAlperovitch) | The Alperovitch Institute for Cybersecurity Studies, Founder & Former CTO of CrowdStrike | ​| [@COUPSURE](https:\/\/twitter.com\/COUPSURE) | OSINT investigator for Centre for Information Resilience | ​| [@netblocks](https:\/\/twitter.com\/netblocks) | London-based Internet's Observatory | ​####​ ​`Miscellaneous Resources` ​| Source | URL | Content | ​| --- | --- | --- | ​| PowerOutages.com | https:\/\/poweroutage.com\/ua | Tracking PowerOutages across Ukraine | ​| Monash IP Observatory | https:\/\/twitter.com\/IP_Observatory | Tracking IP address outages across Ukraine | ​| Project Owl Discord | https:\/\/discord.com\/invite\/projectowl | Tracking foreign policy, geopolitical events, military and governments, using a Discord-based crowdsourced approach, with a current emphasis on Ukraine and Russia | ​| russianwarchatter.info | https:\/\/www.russianwarchatter.info\/ | Known Russian Military Radio Frequencies |", "fork": false, "created_at": "2022-03-04T09:00:59Z", "updated_at": "2023-05-16T12:27:56Z", "pushed_at": "2022-03-04T09:03:14Z", "stargazers_count": 2, "watchers_count": 2, "has_discussions": false, "forks_count": 0, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", "forks": 0, "watchers": 2, "score": 0 } ]