Spring Exacerbation: UAC-0006 increased cyberattacks

May 22, 2024, 8:24 a.m.

Tags
powershell
ukraine
2024-05-22
smokeloader
uac-0006
taleshot
External References
Description

This report aims to provide insights into the ongoing cyber operations targeting Ukraine. It analyzes the tactics, techniques, and procedures employed by threat actors in their malicious campaigns. The document offers a comprehensive overview of the cybersecurity landscape in Ukraine, highlighting the challenges faced and the measures taken to counter these threats.

Date

Published: May 22, 2024, 7:56 a.m.

Created: May 22, 2024, 7:56 a.m.

Modified: May 22, 2024, 8:24 a.m.

Indicators

a546e49506f7144ff08c824c0503f8625d17f760d8ac20074aac870b0a3941d7

9c9df8669f1b07ec66e7b82ac97e188412f82ce549fb3552cca84413005fec9f

96e1fc4906cb79eab198dc76dbed47afc5855d26be0ca37910f8359b2683aef0

84a02a761c545b0cc9753a74f9820dd39adfe54c635fc00fe21c2989d03874f7

82c78f76eabaab176b69b671865d3605d6af7e66a06bbc57d58d1494d44475b4

5713b230f0aa6e8a78c655494c40885b606a5ed2e2ba5a1c8729974158e683fd

4c9b55906b1d9774cb3a43f3ca11cde266b6ebec0afdcab2dd1bcffa1bd99ec3

49127fcef058750578d87b6a4a25c8da77185cdd8796bc589dc5cf31f884c171

41bfd96d49bf35bf4ca946b9a51fa8784baf683d634f7ce9e068f6bded979fa2

31.44.6.84

31.44.5.98

188.68.222.151

188.68.221.35

185.68.93.139

162.19.139.184

http://vivianstyler.ru/index.php

http://vikompalion.ru/index.php

http://sephoraofficetz.ru/index.php

http://rafraystore.ru/index.php

http://picwalldoor.ru/index.php

http://monopoliafromyou.ru/download/1.exe

http://ccbaminumpot.ru/index.php

http://agentsuperpupervinil.ru/index.php

vivianstyler.ru

vikompalion.ru

sephoraofficetz.ru

rafraystore.ru

picwalldoor.ru

monopoliafromyou.ru

ccbaminumpot.ru

agentsuperpupervinil.ru

Download all indicators here!

Attack Patterns

Trojan:Win32/SmokeLoader

taleshot

uac-0006

T1109

T1087.001

T1003.001

T1490

T1070.004

T1489

T1486

T1498

T1485

T1112