ioc[.]one - OSINT Cyber Threat Intelligence Database

UAC-0050 Attack Detection: russia-Backed APT Performs Cyber Espionage, Financial Crimes, and Disinformation Operations Against Ukraine - SOC Prime

Tags

cmtmf-attack-pattern:	Boot Or Logon Autostart Execution Command And Scripting Interpreter
country:	Ukraine
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Boot Or Logon Autostart Execution - T1547 Command And Scripting Interpreter - T1623 Credentials - T1589.001 Exploitation For Client Execution - T1658 Financial Theft - T1657 Hidden Window - T1564.003 Hide Artifacts - T1628 Hide Artifacts - T1564 Ingress Tool Transfer - T1544 Malicious File - T1204.002 Malicious Link - T1204.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Registry Run Keys / Startup Folder - T1547.001 Remote Access Software - T1663 Smb/Windows Admin Shares - T1021.002 Software - T1592.002 Spearphishing Attachment - T1566.001 Spearphishing Attachment - T1598.002 Windows Command Shell - T1059.003 Visual Basic - T1059.005 Command-Line Interface - T1059 Deobfuscate/Decode Files Or Information - T1140 Exploitation For Client Execution - T1203 Hidden Window - T1143 Remote File Copy - T1105 Powershell - T1086 Registry Run Keys / Start Folder - T1060 Remote Access Tools - T1219 Remote Services - T1021 Spearphishing Attachment - T1193 User Execution - T1204 Spearphishing Attachment User Execution

Show in Graph

Common Information

Type	Value
UUID	b8238488-c2f6-49c9-b377-fafbf4dca6a3
Fingerprint	e4d579b70981a3c1
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 16, 2024, 11:49 a.m.
Added to db	Oct. 16, 2024, 2:12 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	UAC-0050 Attack Detection: russia-Backed APT Performs Cyber Espionage, Financial Crimes, and Disinformation Operations Against Ukraine
Title	UAC-0050 Attack Detection: russia-Backed APT Performs Cyber Espionage, Financial Crimes, and Disinformation Operations Against Ukraine - SOC Prime
Detected Hints/Tags/Attributes	76/4/13

Source URLs

	Redirection	Url
Details	Source	https://socprime.com/blog/uac-0050-attack-detection-russia-backed-apt/

URL Provider

Details	Provider	Source level domain
Details	socprime.com	socprime.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	237	✔	SOC Prime	https://socprime.com/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	CTI	Value
Details	CERT Ukraine	40		UAC-0050
Details	CERT Ukraine	29		UAC-0006
Details	MITRE ATT&CK Techniques	245		T1203
Details	MITRE ATT&CK Techniques	106		T1204.001
Details	MITRE ATT&CK Techniques	365		T1204.002
Details	MITRE ATT&CK Techniques	460		T1059.001
Details	MITRE ATT&CK Techniques	137		T1059.005
Details	MITRE ATT&CK Techniques	380		T1547.001
Details	MITRE ATT&CK Techniques	504		T1140
Details	MITRE ATT&CK Techniques	66		T1564.003
Details	MITRE ATT&CK Techniques	139		T1021.002
Details	MITRE ATT&CK Techniques	492		T1105
Details	MITRE ATT&CK Techniques	141		T1219