UNC530
· Published 21/12/2025 05:36 · Modified 21/12/2025 05:36
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 05:36
- Modified
- 21/12/2025 05:36
- Updated at
- 21/12/2025 05:36
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 1 reports, 11 attack patterns (mitre), 1 countries, 93 indicators
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (1)
-
11 MITREs 102 Observables 1 APT
Attack patterns (MITRE) (11)
-
T1027 usesObfuscated Files or Information MITRE
-
T1036.004 usesMasquerade Task or Service MITRE
-
T1219 usesRemote Access Tools MITRE
-
BITS Jobs usesBITS Jobs MITRE
-
T1105 usesIngress Tool Transfer MITRE
-
T1059.007 usesJavaScript MITRE
-
T1059.001 usesPowerShell MITRE
-
T1204.002 usesMalicious File MITRE
-
T1071.001 usesWeb Protocols MITRE
-
T1560.001 usesArchive via Utility MITRE
-
T1036.005 usesMatch Legitimate Resource Name or Location MITRE
Countries (1)
-
Ukraine targets
Indicators (93)
-
eb0bf4fd7f6653c7083f3e691d566cecc0049e94308f54c8d64af34a54bc78a1indicates -
http://194.180.191.72/c.19.06indicates -
bd514e1622e557c80252bd000060e8221c651e485a43e795fce47ab60a1d8468indicates -
http://194.180.191.12/od/barren.7zindicates -
http://194.180.191.34/gps.19.04indicates -
f79b723fa88f39d5df67f2517b088a12b490673fa07d6a2b35275f7dc573172eindicates -
ee237449f2ad354fbe15e9505a96f6682dd66ca8277e93c7424c751d6da201ffindicates -
602b1284193f71ab87a9b8d656bfd858f113e2f1a9d85d8331740d2c852a075bindicates -
http://194.180.191.31/zaliz.23.04indicates -
4ade1dc7f4558df1ccc96433e5b26872ab283fcd39e4a3f070480ea62d3e9f30indicates -
http://94.158.247.32/sb.15.04indicates -
http://194.180.191.31/odes.24.04indicates