MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-26 08:47:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

[threat-actors] Add UAC-0154

Browse source
This commit is contained in:
Mathieu4141 2024-09-09 08:18:23 -07:00
parent 47983fed20
commit 4fc5c37d08
1 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
clusters/threat-actor.json
View file

@ -16591,6 +16591,16 @@
}, },
"uuid": "5a00ccdb-7987-4563-af4f-e368af8406df", "uuid": "5a00ccdb-7987-4563-af4f-e368af8406df",
"value": "UNC4536" "value": "UNC4536"
},
{
"description": "UAC-0154 is a threat actor orchestrating the STARK#VORTEX phishing campaign, specifically targeting Ukraines military. They employ a Microsoft Help file containing obfuscated JavaScript as a lure, disguised as a manual for Pilot-in-Command Drones, to deliver the MerlinAgent malware. This PowerShell-based RAT is heavily obfuscated and downloads a payload from a remote server, enabling full control over compromised systems. The group initially targeted Ukrainian entities using military-themed documents sent via email to @ukr.net addresses.",
"meta": {
"refs": [
"https://www.securonix.com/blog/securonix-threat-labs-monthly-intelligence-insights-september-2023/"
]
},
"uuid": "8356805a-5612-449c-9fdc-cbe536c1f392",
"value": "UAC-0154"
} }
], ],
"version": 313 "version": 313