Today > | 9 High | 16 Medium vulnerabilities   -   You can now download lists of IOCs here!

"Breach Report" from UAC-0099 (CERT-UA#12463)

Dec. 18, 2024, 8:08 p.m.

Tags
powershell
CVE-2023-38831
cloudflare
winrar
lnk files
2024-12-18
lonepage program
External References
Description

The Ukrainian CERT-UA investigated cyberattacks by UAC-0099 against government organizations during November-December 2024. The attacks involved emails with malicious attachments, including exploits for CVE-2023-38831. The LONEPAGE program, used for command execution, has evolved to use encrypted files and .NET programs for decryption and in-memory execution. The group's espionage activities continue to evolve, with changing targets and infrastructure. The attackers use Cloudflare for hiding and ensuring fault tolerance. The report emphasizes the importance of implementing proper cyber defense measures to protect state information resources.

Date

Published: Dec. 18, 2024, 7:48 p.m.

Created: Dec. 18, 2024, 7:48 p.m.

Modified: Dec. 18, 2024, 8:08 p.m.

Indicators

fa331a275d2f966f42a6168f1cb6fdb919d272b32175985c8bf383f2d800ced2

fbc4fbb3c2926300ee820ff7044f35231c2a1aeeb74d1f49a6caaec7736739c6

eb08f96acba2b316408f66ef0c4f45a42eb207e43c605476405324726e97f9e3

d4eafc11cd0e4fe417c59db804ca6e8bd8bf9c0d0886627f15165937fcb68395

8cc89a917ed89a8407aa1e5caa4af585f26946124cf1764e3b178261a27177af

88b64a3eb0dc38e3f8288b977b1cd67af7d4ba959297ac48ef5f06bec3e77560

7a0ae128961a6239a2e10059305bb83fa64251bb3f0b44162ec6efdde10fd1e8

6161be2016a1fd8096b6b43544eb5df97cd3fa73a820b5e0a44618389897d733

5441cb26f32a433b0abd80dfa98a3a30c78df00ca9d2a0cfc5b20c55f3aaadce

53f4e38d56946a385a681c66d891d3d70c2b2fee1691ff7e7af317955e0d8b88

4a42bfc95772e2f6ae58ccb37fe74b5e810f6c2973ec7a70e09884e1fe97e794

322de3a4e1d356a7db22d6447807bd7576f91ed1910a57d9e8eb6f678ceb6ab4

25e725e4be880354c42c008e0960ee67481229b299ff61c29c48a23939d9a041

16f809cd9fb1a06f07bb947ea8b6a27f66cfca0947e29666c34ae7b35b6e471b

0b16ee402ad04a673d61af43f461d475d1e3fcbdaf8714a1183ac35056bbae25

0af76e87614126042a2c3409d273d606a4562f99cb9f003a9f9ec0596213a35a

0aaee2882e4a71b25de5722d8936c67d40355e2f79caf994c8e10164468d3272

025b9bdd156b59b18ab08921572501b6386ae45e8c0c0440855a719ae4b4c24a

45.61.157.118

172.86.117.53

160.119.251.83

gosp16.spd.ics.gov.ua

webappapiservice.life

newyorktlimes.life

captcha-challenge.com

Download all indicators here!

Attack Patterns

LONEPAGE

UAC-0099

T1059.003

T1059.001

T1059.007

T1573

T1102

T1204

T1140

T1132

T1027

T1566