[threat-actors] Add UAC-0102

This commit is contained in:
Mathieu4141 2024-07-26 06:27:01 -07:00
parent 679a59e96d
commit 90338e0e0f

View file

@ -16433,6 +16433,17 @@
},
"uuid": "a86e4a0d-95cf-4ce0-b26c-d1fbb7cc84bc",
"value": "Stargazer Goblin"
},
{
"description": "UAC-0102 is a threat actor group targeting UKR.NET users through phishing attacks. They distribute emails with HTML file attachments that redirect users to a fraudulent website to steal authentication data. Security teams can use Sigma rules to detect their phishing campaigns and leverage IOCs provided by CERT-UA to hunt for their activity in SIEM or EDR environments.",
"meta": {
"refs": [
"https://socprime.com/blog/uac-0102-phishing-attack-detection-hackers-steal-authentication-data-impersonating-the-ukr-net-web-service/",
"https://cert.gov.ua/article/4928679"
]
},
"uuid": "7dd2e8ee-4232-43f5-9866-006160f19aea",
"value": "UAC-0102"
}
],
"version": 312