[threat-actors] Add UAC-0149

This commit is contained in:
Mathieu4141 2024-04-22 07:48:44 -07:00
parent 337c21be5b
commit 2de3357ec0

View file

@ -15896,6 +15896,17 @@
},
"uuid": "ee8b8fc4-59f4-4442-a4e6-3686d09c6509",
"value": "UTA0218"
},
{
"description": "UAC-0149 is a threat actor targeting the Armed Forces of Ukraine with COOKBOX malware. They use obfuscation techniques like character encoding and base64 encoding to evade detection. The group leverages dynamic DNS services and Cloudflare Workers for their C2 infrastructure.",
"meta": {
"refs": [
"https://socprime.com/blog/uac-0149-attack-detection-hackers-launch-a-targeted-attack-against-the-armed-forces-of-ukraine-as-cert-ua-reports/",
"https://cert.gov.ua/article/6277849"
]
},
"uuid": "f5f6d4eb-1ec3-494e-807d-5b767122f9b2",
"value": "UAC-0149"
}
],
"version": 307