Curated Intelligence is working with analysts from around the world to provide useful information to organisations in Ukraine looking for additional free threat intelligence. Slava Ukraini. Glory to Ukraine. (Blog | Twitter | LinkedIn)
-
-
-
- Contextualized Indicators of Compromise (IOCs) by ETAC
(Last updated 25 March 2022) - Contextualized CERT-UA IOCs - see here
(Last updated 28 March 2022) - Vetted YARA rule collection by ETAC
(Last updated 4 April 2022) - Graphic of a Timeline of Russia-Ukraine Cyberwar
(Last updated 14 March 2022) - Graphic of a Map of Russia-Ukraine Cyberwar
(Last updated 3 March 2022)
- Contextualized Indicators of Compromise (IOCs) by ETAC
-
- Added loosely-vetted IOC Threat Hunt Feeds (h/t 0xDISREL)
(Last updated 7 April 2022) - IOCs shared by these feeds are
LOW-TO-MEDIUM CONFIDENCEwe strongly recommend NOT adding them to a blocklist - These could potentially be used for
THREAT HUNTINGand could be added to aWATCHLIST - IOCs are generated in
MISP COMPATIBLECSV format - Additional Threat Hunt Feed for recently registered Ukrainian domain names (h/t DomainTools)
- Additional Threat Hunt Feed for threat groups targeting Ukraine (h/t RecordedFuture)
- Ukrainain organizations offered by Access and Data Brokers on underground forums
- Added loosely-vetted IOC Threat Hunt Feeds (h/t 0xDISREL)
| Vendor | Offering | URL |
|---|---|---|
| Dragos | Access to Dragos service if from US/UK/ANZ and in need of ICS cybersecurity support | twitter.com/RobertMLee |
| GreyNoise | Any and all Ukrainian emails registered to GreyNoise have been upgraded to VIP which includes full, uncapped enterprise access to all GreyNoise products. There is a landing page for GreyNoise data at https://www.greynoise.io/viz/pulse |
twitter.com/Andrew___Morris |
| Recorded Future | Providing free intelligence-driven insights, perspectives, and mitigation strategies as the situation in Ukraine evolves | recordedfuture.com |
| Flashpoint | Free Access to Flashpoint’s Latest Threat Intel on Ukraine | go.flashpoint-intel.com |
| ThreatABLE | A Ukraine tag for free threat intelligence feed that's more highly curated to cyber | twitter.com/threatable |
| Orange | IOCs related to Russia-Ukraine 2022 conflict extracted from our Datalake Threat Intelligence platform. | github.com/Orange-Cyberdefense |
| FSecure | F-Secure FREEDOME VPN is now available for free in all of Ukraine | twitter.com/FSecure |
| Multiple vendors | List of vendors offering their services to Ukraine for free, put together by @chrisculling | docs.google.com/spreadsheets |
| Mandiant | Free threat intelligence, webinar and guidance for defensive measures relevant to the situation in Ukraine. | mandiant.com |
| Starlink | Satellite internet constellation operated by SpaceX providing satellite Internet access coverage to Ukraine | twitter.com/elonmusk |
| Romania DNSC | Romania’s DNSC – in partnership with Bitdefender – will provide technical consulting, threat intelligence and, free of charge, cybersecurity technology to any business, government institution or private citizen of Ukraine for as long as it is necessary. | Romania's DNSC Press Release |
| BitDefender | Access to Bitdefender technical consulting, threat intelligence and both consumer and enterprise cybersecurity technology | bitdefender.com/ukraine/ |
| NameCheap | Free anonymous hosting and domain name registration to any anti-Putin anti-regime and protest websites for anyone located within Russia and Belarus | twitter.com/Namecheap |
| Avast | Free decryptor for PartyTicket ransomware | decoded.avast.io |
| Recorded Future | Insikt Group’s list of indicators of compromise associated with threat actors and malware related to the Russian cyber actions against Ukraine | recordedfuture.com |
| CybelAngel | CybelAngel offers its services to interested NGOs active in the war at no cost, to minimize the risks of their missions being interrupted by cyber attacks. CybelAngel also offers Ukrainian companies an assessment of their digital exposure in the region at no charge. | cybelangel.com |
| Malware Patrol | Free 6 months DNS Firewall service subscription for Ukraine-based companies and goverment entities | www.linkedin.com |
| UnderDefense | UnderDefense is providing Managed Detection & Response services and incident repsonse support for Ukrainian critical infrastructure & government consulting in cybersecurity | underdefense.com |
| Handle | Affiliation |
|---|---|
| @KyivIndependent | English-language journalism in Ukraine |
| @IAPonomarenko | Defense reporter with The Kyiv Independent |
| @KyivPost | English-language journalism in Ukraine |
| @Shayan86 | BBC World News Disinformation journalist |
| @Liveuamap | Live Universal Awareness Map (“Liveuamap”) independent global news and information site |
| @DAlperovitch | The Alperovitch Institute for Cybersecurity Studies, Founder & Former CTO of CrowdStrike |
| @COUPSURE | OSINT investigator for Centre for Information Resilience |
| @netblocks | London-based Internet's Observatory |
| Source | URL | Content |
|---|---|---|
| PowerOutages.com | https://poweroutage.com/ua | Tracking PowerOutages across Ukraine |
| Monash IP Observatory | https://twitter.com/IP_Observatory | Tracking IP address outages across Ukraine |
| Project Owl Discord | https://discord.com/invite/projectowl | Tracking foreign policy, geopolitical events, military and governments, using a Discord-based crowdsourced approach, with a current emphasis on Ukraine and Russia |
| russianwarchatter.info | https://www.russianwarchatter.info/ | Known Russian Military Radio Frequencies |
| UT CREEES | https://liberalarts.utexas.edu | Compiled resources to help understand the Russian invasion of Ukraine, with links to resources, action items, and academic sources |
| Telegram | https://t.me/s/itarmyofukraine2022 | IT ARMY of Ukraine |
| Telegram | https://t.me/s/cert_ua | Computer Emergency Response Team (CERT) of Ukraine |
| CERT-UA | https://cert.gov.ua/articles | Computer Emergency Response Team (CERT) of Ukraine |
| Telegram | https://t.me/SBUkr | Security Service of Ukraine (SBU) |
| https://twitter.com/dsszzi | State Service of Special Communications and Information Protection of Ukraine | |
| Telegram | https://t.me/DIUkraine | The Main Intelligence Directorate of Ukraine |
| Telegram | https://t.me/UA_National_Police | The National Police of Ukraine |
| Telegram | https://t.me/spravdi | Center for Strategic Communications and Information Security of Ukraine |
| Telegram | https://t.me/verkhovnaradaukrainy | Verkhovna Rada of Ukraine |
| Telegram | https://t.me/DPSUkr | State Border Guard Service of Ukraine |
| Telegram | https://t.me/CenterCounteringDisinformation | Countering Disinformation Center under the NSDC of Ukraine |
| Telegram | https://t.me/CinCAFU | Commander-in-Chief of the Armed Forces of Ukraine |
Curated Intel does not support, encourage, partake, or condone hacking, attacking or targeting users of any kind. This information is clearly meant to help cybersecurity teams supporting Ukraine still doing their jobs while dealing with the Russian invasion.