UAC-0050 Remcos RAT: Pipe Method Used for Evasion in Ukraine Attack [Thursday, January 04, 2024]

UAC-0050 Remcos RAT: Pipe Method Used for Evasion in Ukraine Attack [Thursday, January 04, 2024]
Report

UAC-0050 Remcos RAT: Pipe Method Used for Evasion in Ukraine Attack

Description :
Known for its history of relentless cyber-attacks against Ukrainian targets, the UAC-0050 threat group is at it again. But this time, Uptycs researchers have discovered an advanced strategy that allows for a more clandestine data transfer channel, effectively circumventing detection mechanisms employed by Endpoint Detection and Response (EDR) and antivirus systems.

Published Created Modified
2024-01-04 16:08:17 2024-01-04 16:08:17 2024-01-04 16:20:24

Tags

Indicators

IPv4s :
  • 46.249.58.40
  • 194.87.31.229
URLs :
  • http://new-tech-savvy.com/5.hta
  • http://new-tech-savvy.com/word_update.exe
  • http://new-tech-savvy.com/ofer.docx
  • http://new-tech-savvy.com/zayava.docx
  • http://new-tech-savvy.com/shablon.hta
  • http://new-tech-savvy.com/6.hta
  • http://new-tech-savvy.com/algo.hta
Domains :
  • 5.htanew-tech-savvy.com
  • update.exenew-tech-savvy.com
  • algo.htanew-tech-savvy.com
  • shablon.htanew-tech-savvy.com
  • zayava.docxnew-tech-savvy.com
  • 6.htanew-tech-savvy.com
  • ovh.net194.87.31.22946.249.58.40new-tech-savvy.com
Hashes :
  • e4615b74d62f384d23e58bc467c615b17779e4f8084c8a0134db97a5e642027f
MITRE ATT&CK Techniques :

External References

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.