From 7b3c8a87c30d53c5c383f46326af056a0b68407e Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Thu, 29 Feb 2024 10:38:27 -0800
Subject: [PATCH] [threat-actors] Add UAC-0184

---
 clusters/threat-actor.json | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 1274e6e3..2ce319c4 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -15279,6 +15279,17 @@
       },
       "uuid": "d3cda6b1-a5da-4afc-bee4-80ea2cf05e5e",
       "value": "SPIKEDWINE"
+    },
+    {
+      "description": "UAC-0184 is a threat actor targeting Ukrainian organizations in Finland, using the Remcos Remote Access Trojan in their attacks. They have been observed utilizing steganographic image files and the IDAT Loader to deliver the malware. The group has targeted the Armed Forces of Ukraine and impersonated military recruitment processes to infect systems with the Remcos RAT.",
+      "meta": {
+        "refs": [
+          "https://blog.morphisec.com/unveiling-uac-0184-the-remcos-rat-steganography-saga",
+          "https://cert.gov.ua/article/6276988"
+        ]
+      },
+      "uuid": "0e3224a0-3544-47d7-b1ce-fb3eb21286ad",
+      "value": "UAC-0184"
     }
   ],
   "version": 302