MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

[threat-actors] Add UAC-0185

pull/1040/head
Mathieu4141 2024-12-20 02:55:35 -08:00
parent 7756609925
commit dacab6d630
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
clusters/threat-actor.json
View File

@ -17594,6 +17594,19 @@
},
"uuid": "42d50dda-75e1-4364-8c83-37e2765bb3db",
"value": "Altoufan Team"
},
{
"description": "UAC-0185 has been active since at least 2022, primarily targeting Ukrainian defense organizations through credential theft via messaging apps like Signal, Telegram, and WhatsApp, as well as military systems such as DELTA, TENETA, and Kropyva. The group employs phishing attacks, often impersonating the Ukrainian Union of Industrialists and Entrepreneurs (UUIE), to gain unauthorized access to the PCs of defense sector employees. They utilize custom tools, including MESHAGENT and UltraVNC, to facilitate their operations. Their activities are mapped to MITRE ATT&CK, focusing on tactics related to credential theft and remote access.",
"meta": {
"refs": [
"https://socprime.com/blog/uac-0185-aka-unc4221-attack-detection/"
],
"synonyms": [
"UNC4221"
]
},
"uuid": "d44be76b-07ad-47b3-a296-3899f27f0702",
"value": "UAC-0185"
}
],
"version": 321