MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

[threat-actors] Add UAC-0102

pull/1007/head
Mathieu4141 2024-07-26 06:27:01 -07:00
parent 679a59e96d
commit 90338e0e0f
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
clusters/threat-actor.json
View File

@ -16433,6 +16433,17 @@
}, },
"uuid": "a86e4a0d-95cf-4ce0-b26c-d1fbb7cc84bc", "uuid": "a86e4a0d-95cf-4ce0-b26c-d1fbb7cc84bc",
"value": "Stargazer Goblin" "value": "Stargazer Goblin"
},
{
"description": "UAC-0102 is a threat actor group targeting UKR.NET users through phishing attacks. They distribute emails with HTML file attachments that redirect users to a fraudulent website to steal authentication data. Security teams can use Sigma rules to detect their phishing campaigns and leverage IOCs provided by CERT-UA to hunt for their activity in SIEM or EDR environments.",
"meta": {
"refs": [
"https://socprime.com/blog/uac-0102-phishing-attack-detection-hackers-steal-authentication-data-impersonating-the-ukr-net-web-service/",
"https://cert.gov.ua/article/4928679"
]
},
"uuid": "7dd2e8ee-4232-43f5-9866-006160f19aea",
"value": "UAC-0102"
} }
], ],
"version": 312 "version": 312