MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-22 23:07:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

[threat-actors] Add UAC-0194

Browse source
This commit is contained in:
Mathieu4141 2024-11-15 03:42:18 -08:00
parent e41f6aec42
commit 7ad7d3605a
1 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
clusters/threat-actor.json
View file

@ -17389,6 +17389,17 @@
}, },
"uuid": "84bf7b38-e120-44c9-bfdd-82740593a6c6", "uuid": "84bf7b38-e120-44c9-bfdd-82740593a6c6",
"value": "APT73" "value": "APT73"
},
{
"description": "UAC-0194 is a Russian threat actor linked to the exploitation of the Windows zero-day CVE-2024-43451, which was used in attacks against Ukrainian organizations. The group delivered phishing emails containing .url files that, when interacted with, exploited the vulnerability to facilitate the installation of additional payloads, including the SparkRAT trojan. They also exploited the Server Message Block protocol for NTLM hash exfiltration. CERT-UA has associated UAC-0194's activities with social engineering tactics to convince victims to execute malicious files.",
"meta": {
"country": "RU",
"refs": [
"https://www.clearskysec.com/0d-vulnerability-exploited-in-the_wild/"
]
},
"uuid": "714f76b2-a8fd-49b0-8605-0eb1c9703140",
"value": "UAC-0194"
} }
], ],
"version": 320 "version": 320