UNC530
· Published 21/12/2025 05:36 · Modified 21/12/2025 05:36
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 05:36
- Modified
- 21/12/2025 05:36
- Updated at
- 21/12/2025 05:36
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 1 reports, 11 attack patterns (mitre), 1 countries, 93 indicators
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (1)
-
11 MITREs 102 Observables 1 APT
Attack patterns (MITRE) (11)
-
T1027 usesObfuscated Files or Information MITRE
-
T1036.004 usesMasquerade Task or Service MITRE
-
T1219 usesRemote Access Tools MITRE
-
BITS Jobs usesT1197 MITRE
-
T1105 usesIngress Tool Transfer MITRE
-
T1059.007 usesJavaScript MITRE
-
T1059.001 usesPowerShell MITRE
-
T1204.002 usesMalicious File MITRE
-
T1071.001 usesWeb Protocols MITRE
-
T1560.001 usesArchive via Utility MITRE
-
T1036.005 usesMatch Legitimate Resource Name or Location MITRE
Countries (1)
-
Ukraine targets
Indicators (93)
-
http://194.180.191.31/odes/relief.tmpindicates -
5cf828715c004f42eea066b4935511ecb42a4e150235faee482b06904af83cc7indicates -
00494102c3d9fd8ab40d8e7b3f8a1d4e30876257c18c45761922edf938970719indicates -
http://194.180.191.34/siz.19.04indicates -
c901f2188065c443575a84249ce012faa735657b79e6dd5dc6697358d59fb574indicates -
406a09578b07415880b035cb8afd688465ffd28a9c7c46680987295ce50d8840indicates -
55a49f62bdd66c6d6a84f476aa0f64a9b27376164ae1875e273ce9bec2eb7f43indicates -
df7e86b3a3c577285b7d00671b93c759cf973a90f2cce0cbff1ace7247015c30indicates -
4347d7b2d8d180978f4646ccc457be2de0d0c7db84896e1bcd250d2d834a37b1indicates -
eaec8cc4876f8e85f387cee5f1443ae48858f7b5b36be395ea0c139c1367d8deindicates -
http://185.225.19.69/gm/decency.zipindicates -
a2376a67640be242bec5c9ffe46822abab2361f7210a8d9ad6333df45e67117findicates