From 90338e0e0f80e3b5c07d5f4f8d3736860229ed7b Mon Sep 17 00:00:00 2001 From: Mathieu4141 Date: Fri, 26 Jul 2024 06:27:01 -0700 Subject: [PATCH] [threat-actors] Add UAC-0102 --- clusters/threat-actor.json | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index cf1cfe3..6ee2d0c 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -16433,6 +16433,17 @@ }, "uuid": "a86e4a0d-95cf-4ce0-b26c-d1fbb7cc84bc", "value": "Stargazer Goblin" + }, + { + "description": "UAC-0102 is a threat actor group targeting UKR.NET users through phishing attacks. They distribute emails with HTML file attachments that redirect users to a fraudulent website to steal authentication data. Security teams can use Sigma rules to detect their phishing campaigns and leverage IOCs provided by CERT-UA to hunt for their activity in SIEM or EDR environments.", + "meta": { + "refs": [ + "https://socprime.com/blog/uac-0102-phishing-attack-detection-hackers-steal-authentication-data-impersonating-the-ukr-net-web-service/", + "https://cert.gov.ua/article/4928679" + ] + }, + "uuid": "7dd2e8ee-4232-43f5-9866-006160f19aea", + "value": "UAC-0102" } ], "version": 312