From 273379e5fa9960ab0de111a8a187e406ec500cbd Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Mon, 8 Jan 2024 05:23:29 -0800
Subject: [PATCH] [threat-actors] Add UAC-0099

---
 clusters/threat-actor.json | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 8cd0b5a..1aa09a2 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -13963,6 +13963,17 @@
       },
       "uuid": "bfc538e1-9205-420a-8641-6292023ecd08",
       "value": "HomeLand Justice"
+    },
+    {
+      "description": "UAC-0099 is a threat actor that has been active since at least May 2023, targeting Ukrainian entities. They have been observed using a known WinRAR vulnerability to carry out attacks, indicating a level of sophistication. The actor relies on PowerShell and the creation of scheduled tasks to execute malicious VBS files for initial infection. Monitoring and limiting the functionality of these components can help mitigate the risk of UAC-0099 attacks.",
+      "meta": {
+        "refs": [
+          "https://cert.gov.ua/article/4818341",
+          "https://www.deepinstinct.com/blog/threat-actor-uac-0099-continues-to-target-ukraine"
+        ]
+      },
+      "uuid": "267488cb-159a-46d6-a6d6-fe93c90360b2",
+      "value": "UAC-0099"
     }
   ],
   "version": 296