From 47f0b31a320a041e18d709810429dc26db3a00b4 Mon Sep 17 00:00:00 2001
From: Mathieu Beligon <mathieu@feedly.com>
Date: Wed, 6 Dec 2023 17:42:33 -0800
Subject: [PATCH] [threat-actors] Add UAC-0050

---
 clusters/threat-actor.json | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 9e8a144..3d2a291 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -13744,6 +13744,19 @@
       },
       "uuid": "d869486a-ec70-4a74-897e-31aa7b3df48d",
       "value": "UAC-0118"
+    },
+    {
+      "description": "UAC-0050 is a threat actor that has been active since 2020, targeting government agencies in Ukraine. They have been distributing the Remcos RAT malware through phishing campaigns, using tactics such as impersonating the Security Service of Ukraine and sending emails with malicious attachments. The group has also been linked to other hacking collectives, such as UAC-0096, and has previously used remote administration tools like Remote Utilities. The motive behind their attacks is likely espionage.",
+      "meta": {
+        "refs": [
+          "https://cert.gov.ua/article/3931296",
+          "https://socprime.com/blog/remcos-rat-detection-uac-0050-hackers-launch-phishing-attacks-impersonating-the-security-service-of-ukraine/",
+          "https://socprime.com/blog/new-phishing-attack-detection-attributed-to-the-uac-0050-and-uac-0096-groups-spreading-remcos-spyware/",
+          "https://cert.gov.ua/article/3804703"
+        ]
+      },
+      "uuid": "e3ff56b6-2663-46bd-9e5c-017a350896d9",
+      "value": "UAC-0050"
     }
   ],
   "version": 295