From 7b3c8a87c30d53c5c383f46326af056a0b68407e Mon Sep 17 00:00:00 2001 From: Mathieu4141 Date: Thu, 29 Feb 2024 10:38:27 -0800 Subject: [PATCH] [threat-actors] Add UAC-0184 --- clusters/threat-actor.json | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 1274e6e..2ce319c 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -15279,6 +15279,17 @@ }, "uuid": "d3cda6b1-a5da-4afc-bee4-80ea2cf05e5e", "value": "SPIKEDWINE" + }, + { + "description": "UAC-0184 is a threat actor targeting Ukrainian organizations in Finland, using the Remcos Remote Access Trojan in their attacks. They have been observed utilizing steganographic image files and the IDAT Loader to deliver the malware. The group has targeted the Armed Forces of Ukraine and impersonated military recruitment processes to infect systems with the Remcos RAT.", + "meta": { + "refs": [ + "https://blog.morphisec.com/unveiling-uac-0184-the-remcos-rat-steganography-saga", + "https://cert.gov.ua/article/6276988" + ] + }, + "uuid": "0e3224a0-3544-47d7-b1ce-fb3eb21286ad", + "value": "UAC-0184" } ], "version": 302