{ "name": "Spring Exacerbation: UAC-0006 increased cyberattacks", "slug": "spring-exacerbation-uac-0006-increased-cyberattacks", "description": "This report aims to provide insights into the ongoing cyber operations targeting Ukraine. It analyzes the tactics, techniques, and procedures employed by threat actors in their malicious campaigns. The document offers a comprehensive overview of the cybersecurity landscape in Ukraine, highlighting the challenges faced and the measures taken to counter these threats.", "published": "2024-05-22T05:56:49+00:00", "created_at": "2024-05-22T05:56:49+00:00", "modified_at": "2024-05-22T06:24:08+00:00", "created_at_opencti": "2024-05-22T05:56:49+00:00", "author": "", "confidence": null, "report_types": [], "labels": [], "tags": [ "2024-05-22", "powershell", "smokeloader", "taleshot", "uac-0006", "ukraine" ], "related_entities": { "observables": [ { "id": "", "name": "31.44.6.84" }, { "id": "", "name": "31.44.5.98" }, { "id": "", "name": "188.68.222.151" }, { "id": "", "name": "188.68.221.35" }, { "id": "", "name": "185.68.93.139" }, { "id": "", "name": "162.19.139.184" }, { "id": "", "name": "http://vivianstyler.ru/index.php" }, { "id": "", "name": "http://vikompalion.ru/index.php" }, { "id": "", "name": "http://sephoraofficetz.ru/index.php" }, { "id": "", "name": "http://rafraystore.ru/index.php" }, { "id": "", "name": "http://picwalldoor.ru/index.php" }, { "id": "", "name": "http://monopoliafromyou.ru/download/1.exe" }, { "id": "", "name": "http://ccbaminumpot.ru/index.php" }, { "id": "", "name": "http://agentsuperpupervinil.ru/index.php" }, { "id": "", "name": "vivianstyler.ru" }, { "id": "", "name": "vikompalion.ru" }, { "id": "", "name": "sephoraofficetz.ru" }, { "id": "", "name": "rafraystore.ru" }, { "id": "", "name": "picwalldoor.ru" }, { "id": "", "name": "monopoliafromyou.ru" }, { "id": "", "name": "ccbaminumpot.ru" }, { "id": "", "name": "agentsuperpupervinil.ru" }, { "id": "", "name": "a546e49506f7144ff08c824c0503f8625d17f760d8ac20074aac870b0a3941d7" }, { "id": "", "name": "9c9df8669f1b07ec66e7b82ac97e188412f82ce549fb3552cca84413005fec9f" }, { "id": "", "name": "96e1fc4906cb79eab198dc76dbed47afc5855d26be0ca37910f8359b2683aef0" }, { "id": "", "name": "84a02a761c545b0cc9753a74f9820dd39adfe54c635fc00fe21c2989d03874f7" }, { "id": "", "name": "82c78f76eabaab176b69b671865d3605d6af7e66a06bbc57d58d1494d44475b4" }, { "id": "", "name": "5713b230f0aa6e8a78c655494c40885b606a5ed2e2ba5a1c8729974158e683fd" }, { "id": "", "name": "4c9b55906b1d9774cb3a43f3ca11cde266b6ebec0afdcab2dd1bcffa1bd99ec3" }, { "id": "", "name": "49127fcef058750578d87b6a4a25c8da77185cdd8796bc589dc5cf31f884c171" }, { "id": "", "name": "41bfd96d49bf35bf4ca946b9a51fa8784baf683d634f7ce9e068f6bded979fa2" } ], "malware": [ { "id": "legacy:malware:8badc46728601250", "name": "Trojan:Win32/SmokeLoader", "slug": "trojanwin32smokeloader" }, { "id": "legacy:malware:75cb4fd310ad0c22", "name": "taleshot", "slug": "taleshot" } ], "intrusion_sets": [ { "id": "119a6a64-dcfe-4bb3-8ca4-7ce67623d316", "name": "uac-0006", "slug": "uac-0006" } ], "attack_patterns": [ { "id": "5f4773ff-58ec-4510-b93a-8c102da43d02", "name": "T1109" }, { "id": "a6b6df0a-93c1-4ddf-8403-2bc47590f9fe", "name": "T1087.001" }, { "id": "e6c0ca23-78ee-4b0e-96fa-e80efab3665d", "name": "T1003.001" }, { "id": "ecaaa4cc-d487-4002-bcb2-f769acfcc38f", "name": "T1490" }, { "id": "eaff4611-3c78-4127-8745-726f77ed68ba", "name": "T1070.004" }, { "id": "d9f271ed-7685-4362-b90d-f16a14102f39", "name": "T1489" }, { "id": "f1bb7823-4f4b-4565-b472-bf0cfca467b1", "name": "T1486" }, { "id": "747c7b95-79ff-4132-8ea5-397cb6665ebd", "name": "T1498" }, { "id": "c1e3fabe-9e8b-4e8f-a1f8-bf23e234e770", "name": "T1485" }, { "id": "09124a92-c11f-4571-b35b-ab0bce6dd081", "name": "T1112" } ] }, "external_refs": [ "https://cert.gov.ua/article/6279366", "https://otx.alienvault.com/pulse/664da54293c6536501aaaaad" ] }