SentinelOne Detects Pteranodon, by Gamaredon Group

Gamaredon Group is a threat group that has been active since at least 2013 and has targeted individuals likely involved in the Ukrainian government.
Tools used by Gamaredon Group:
– Remote File Copy – Capable of downloading and executing additional payloads
– Scripting – Various batch scripts to establish C2, download additional files, and conduct other functions.
– Peripheral Device Discovery – Gamaredon Group tools contained an application to check the performance of USB flash drives.
– Data from Removable Media – File stealer, can steal data from newly connected logical volumes on a system, including USB drives.
– Exfiltration Over Command and Control Channel – A Gamaredon Group file stealer transfers collected files to a hardcoded C2 server.
– Standard Application Layer Protocol – A file stealer can communicate over HTTP for C2.
– System Information Discovery – A file stealer can gather the victim’s computer name and drive serial numbers to send to a C2 server.
– System Owner/User Discovery – A file stealer can gather the victim’s username to submit to a C2 server.
For more info on SentinelOne, visit https://www.sentinelone.com/platform/

-~-