MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

[threat-actors] Add UAC-0063

pull/1004/head
Mathieu4141 2024-07-24 03:39:38 -07:00
parent d9af67d1df
commit 49093ecf16
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
clusters/threat-actor.json
View File

@ -16412,6 +16412,17 @@
},
"uuid": "8f31b9b1-44c9-4b7f-b850-7cf02c306e25",
"value": "Threat Actor 888"
},
{
"description": "UAC-0063 is a threat actor linked to Russian APT28, known for targeting government entities in Ukraine and Central Asia for cyber espionage operations. They utilize keyloggers, backdoors, and malware like Hatvibe and Cherryspy to compromise systems and exfiltrate sensitive information. The group has been active since at least 2021 and has shown interest in targeting organizations in Mongolia, Kazakhstan, Kyrgyzstan, Israel, and India. Their TTPs include spear-phishing campaigns and exploiting vulnerabilities in software products like HFS HTTP File Server and Rejetto file-sharing servers.",
"meta": {
"refs": [
"https://socprime.com/blog/uac-0063-attack-detection-hackers-target-ukrainian-research-institutions-using-hatvibe-cherryspy-and-cve-2024-23692/",
"https://cert.gov.ua/article/4697016"
]
},
"uuid": "9565bf78-7c9c-41cd-9ed0-58031f6d8978",
"value": "UAC-0063"
}
],
"version": 312