Cyberattack UAC-0125 using the “Army+” theme (CERT-UA#12559)
Tags
country: | Ukraine |
attack-pattern: | Powershell - T1059.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Ssh - T1021.004 Powershell - T1086 |
Common Information
Type | Value |
---|---|
UUID | 5ffe5a93-236e-48fb-9ee7-5fcb0cbbde4d |
Fingerprint | 24c767692436afc4 |
Analysis status | DONE |
Considered CTI value | 2 |
Text language | |
Published | Dec. 18, 2024, 4:49 p.m. |
Added to db | Dec. 18, 2024, 6:04 p.m. |
Last updated | Dec. 23, 2024, 7:16 a.m. |
Headline | Cyberattack UAC-0125 using the “Army+” theme (CERT-UA#12559) |
Title | Cyberattack UAC-0125 using the “Army+” theme (CERT-UA#12559) |
Detected Hints/Tags/Attributes | 27/2/30 |
Source URLs
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 167 | ✔ | Cybersecurity on Medium | https://medium.com/feed/tag/cybersecurity | 2024-08-30 22:08 |
Details | 171 | ✔ | Malware on Medium | https://medium.com/feed/tag/malware | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | CERT Ukraine | 9 | UAC-0125 |
|
Details | CERT Ukraine | 7 | UAC-0002 |
|
Details | Domain | 22 | workers.dev |
|
Details | Domain | 2 | desktopapluscom.workers.dev |
|
Details | Domain | 2 | desktopaplus.workers.dev |
|
Details | Domain | 2 | armyplus-desktop.workers.dev |
|
Details | Domain | 2 | aplusdesktop.workers.dev |
|
Details | Domain | 2 | armylpus.workers.dev |
|
Details | Domain | 2 | aplusmodgovua.workers.dev |
|
Details | Domain | 2 | wvtmsouaa2gt6jmcuxj5hkfrqdss5lhecoqijt5dl7gfruueu3i5mkad.onion |
|
Details | File | 6 | mil.cer |
|
Details | File | 4 | 23722.exe |
|
Details | File | 4 | armyplus.exe |
|
Details | File | 19 | init.ps1 |
|
Details | File | 1 | office16.iso |
|
Details | File | 1 | 23672.exe |
|
Details | File | 2 | guid.txt |
|
Details | md5 | 2 | 79782773ffee7b8141674c27e9bfc109 |
|
Details | md5 | 2 | 4316eb790d186ffda2999257f8ded747 |
|
Details | md5 | 1 | 0799756F104A70CB6CE0CFC422DE25DB |
|
Details | md5 | 2 | a27a90a685dad9fc7f1c5962f278f197 |
|
Details | md5 | 2 | 52853b39922251a4166a5b032e577e7a |
|
Details | md5 | 2 | ed0c7c1925ac23bd8b4d09e77aabb0ee |
|
Details | md5 | 2 | a2f355057ade20d32afc5c4192ce3986 |
|
Details | sha256 | 2 | d2049157980b7ee0a54948d4def4ab62303ca51cadaada06fb51c583ecbce1a2 |
|
Details | sha256 | 2 | 4dca04f1e16cbe88776a3187031cff64981155cb3b992031250c6fed40496318 |
|
Details | sha256 | 2 | 86039bc8b1a6bb823f5cbf27d1a4a3b319b83d242f09ffcd96f38bbdbbaaa78f |
|
Details | sha256 | 2 | 8ba4c3ede1ed05a3ad7075fee503215648ec078a13523492e2e91a59fa40c8da |
|
Details | sha256 | 2 | b663e08cc267cdb7a02d5131cb04b8b05cb6ad13ac1d571c6aafe69e06bf8f80 |
|
Details | Threat Actor Identifier - APT | 33 | APT44 |